def _read_a_packet(file_h, hdrp, layers=0): """ Reads the next individual packet from the capture file. Expects the file handle to be somewhere after the header, on the next per-packet header. """ raw_packet_header = file_h.read(16) if not raw_packet_header or len(raw_packet_header) != 16: return None # in case the capture file is not the same endianness as ours, we have to # use the correct byte order for the packet header if hdrp[0].byteorder == 'big': packet_header = struct.unpack('>IIII', raw_packet_header) else: packet_header = struct.unpack('<IIII', raw_packet_header) (timestamp, timestamp_us, capture_len, packet_len) = packet_header raw_packet_data = file_h.read(capture_len) if not raw_packet_data or len(raw_packet_data) != capture_len: return None if layers > 0: layers -= 1 raw_packet = linklayer.clookup(hdrp[0].ll_type)(raw_packet_data, layers=layers) else: raw_packet = binascii.hexlify(raw_packet_data) packet = pcap_packet(hdrp, timestamp, timestamp_us, capture_len, packet_len, raw_packet) return packet
def _read_a_packet(file_h, hdrp, layers=0): """ Reads the next individual packet from the capture file. Expects the file handle to be somewhere after the header, on the next per-packet header. """ raw_packet_header = file_h.read(16) if raw_packet_header == '': return None assert len(raw_packet_header) == 16, 'Unexpected end of per-packet header.' packet_header = struct.unpack('=IIII', raw_packet_header) (timestamp, timestamp_ms, capture_len, packet_len) = packet_header raw_packet_data = file_h.read(capture_len) # if the capture file is not the same endianness as ours, we need to # reverse the packet data if not __endian_check__(hdrp): raw_packet_data = raw_packet_data[::-1] assert len(raw_packet_data) == capture_len, 'Unexpected end of packet.' if layers > 0: layers -= 1 raw_packet = linklayer.clookup(hdrp[0].ll_type)(raw_packet_data, layers=layers) else: raw_packet = binascii.hexlify(raw_packet_data) packet = pcap_packet(hdrp, timestamp, timestamp_ms, capture_len, packet_len, raw_packet) return packet
def _read_a_packet(file_h, hdrp, layers=0): """ Reads the next individual packet from the capture file. Expects the file handle to be somewhere after the header, on the next per-packet header. """ raw_packet_header = file_h.read(16) if raw_packet_header == '': return None assert len(raw_packet_header) == 16, 'Unexpected end of per-packet header.' # in case the capture file is not the same endianness as ours, we have to # use the correct byte order for the packet header if hdrp[0].byteorder == 'big': packet_header = struct.unpack('>IIII', raw_packet_header) else: packet_header = struct.unpack('<IIII', raw_packet_header) # typedef struct pcaprec_hdr_s { # guint32 ts_sec; /* timestamp seconds */ # guint32 ts_usec; /* timestamp microseconds */ # guint32 incl_len; /* number of octets of packet saved in file */ # guint32 orig_len; /* actual length of packet */ # } pcaprec_hdr_t; (timestamp, timestamp_ms, capture_len, packet_len) = packet_header raw_packet_data = file_h.read(capture_len) assert len(raw_packet_data) == capture_len, 'Unexpected end of packet.' if layers > 0: layers -= 1 raw_packet = linklayer.clookup(hdrp[0].ll_type)(raw_packet_data, layers=layers) else: raw_packet = binascii.hexlify(raw_packet_data) packet = pcap_packet(hdrp, timestamp, timestamp_ms, capture_len, packet_len, raw_packet) return (raw_packet_header, packet)
def test_constructor_lookup(self): """ Ensure the proper validation function is passed from the constructor lookup. """ self.assertEqual(ethernet.Ethernet, linklayer.clookup(1))