def _flow4_ids(ip):
# Only import this when needed
import plt as libtrace
# FIXME keep map of fragment IDs to keys
icmp_with_payload = {3, 4, 5, 11, 12}
quotation_fid = False
if ip.proto == 1 and ip.icmp.type in icmp_with_payload:
ip = libtrace.ip(ip.icmp.data[8:]) # pylint: disable=no-member
quotation_fid = True
protos_with_ports = {6, 17, 132, 136}
if ip.proto in protos_with_ports:
# key includes ports
fid = ip.src_prefix.addr + ip.dst_prefix.addr + ip.data[9:10] + ip.payload[0:4]
rid = ip.dst_prefix.addr + ip.src_prefix.addr + ip.data[9:10] + ip.payload[2:4] + ip.payload[0:2]
else:
# no ports, just 3-tuple
fid = ip.src_prefix.addr + ip.dst_prefix.addr + ip.data[9:10]
rid = ip.dst_prefix.addr + ip.src_prefix.addr + ip.data[9:10]
if quotation_fid:
# If the fid is based on an ICMP quotation, need to be reversed
return (base64.b64encode(rid), base64.b64encode(fid))
else:
return (base64.b64encode(fid), base64.b64encode(rid))
def _next_packet(self):
# Import only when needed
import plt as libtrace
# see if someone told us to stop
if self._interrupted():
return False
# see if we're done iterating
if not self._trace.read_packet(self._pkt):
return False
# count the packet
self._ct_pkt += 1
# advance the packet clock
self._tick(self._pkt.seconds)
# get a flow ID and associated flow record for the packet
(fid, rec, rev) = self._get_flow()
# don't dispatch if we don't have a record
# (this happens for non-IP packets and flows
# we know we want to ignore)
if not rec:
return True
keep_flow = True
# run IP header chains
if self._pkt.ip:
for fn in self._ip4_chain:
keep_flow = keep_flow and fn(rec, self._pkt.ip, rev=rev)
if self._pkt.icmp:
for fn in self._icmp4_chain:
q = libtrace.ip(self._pkt.ip.icmp.data[8:]) # pylint: disable=no-member
keep_flow = keep_flow and fn(rec, self._pkt.ip, q, rev=rev)
elif self._pkt.ip6:
for fn in self._ip6_chain:
keep_flow = keep_flow and fn(rec, self._pkt.ip6, rev=rev)
if self._pkt.icmp6:
for fn in self._icmp6_chain:
q = libtrace.ip(self._pkt.ip.icmp6.data[8:]) # pylint: disable=no-member
keep_flow = keep_flow and fn(rec, self._pkt.ip6, q, rev=rev)
# run transport header chains
if self._pkt.tcp:
for fn in self._tcp_chain:
keep_flow = keep_flow and fn(rec, self._pkt.tcp, rev=rev)
elif self._pkt.udp:
for fn in self._udp_chain:
keep_flow = keep_flow and fn(rec, self._pkt.udp, rev=rev)
else:
for fn in self._l4_chain:
keep_flow = keep_flow and fn(rec, self._pkt, rev=rev)
# complete the flow if any chain function asked us to
if not keep_flow:
self._flow_complete(fid)
# we processed a packet, keep going
return True
if n == 13: # 1-org
break
pip = pkt.ip
if not pip:
print "pkt %d: not IP" % n
continue
nip += 1
print "--- n=%d --- cap_len=%d" % (n, pkt.capture_len)
udp = pkt.udp
if not udp:
continue
plt.Data_dump(udp.pi, None, "udp object")
uuu = plt.ip(udp)
plt.Data_dump(uuu.pi, uuu.mom, "New IP object")
break
sa = ip.src_prefix; da = ip.dst_prefix
print "sa = %s, da= %s" % (sa, da)
# if ip.version == 4:
# nsa = ipp.from_s("1.2.3.4"); nda = ipp.from_s("5.6.7.8")
# else:
# nsa = ipp.from_s("1:2:3:4::"); nda = ipp.from_s("::5:6:7:8")
# ip.src_prefix = nsa; ip.dst_prefix = nda
# sa = ip.src_prefix; da = ip.dst_prefix
# print "sa = %s, da= %s" % (sa, da)
