def process(self):
if not self.pcap:
return
for ts, packet in self.pcap:
if isinstance(packet, str):
if self.pcap.datalink() == dpkt.pcap.DLT_EN10MB:
packet = self._parse_ethernet(packet)
elif self.pcap.datalink() == 101:
packet = dpkt.ip.IP(packet)
else:
raise UnknownDatalink(packet)
if isinstance(packet, dpkt.ethernet.Ethernet):
if isinstance(packet.data, dpkt.ip.IP):
packet = packet.data
elif isinstance(packet.data, dpkt.ip6.IP6):
packet = packet.data
elif isinstance(packet.data, dpkt.arp.ARP):
packet = packet.data
else:
raise UnknownEthernetProtocol(packet)
if isinstance(packet, dpkt.ip.IP):
ip = packet
if packet.p == dpkt.ip.IP_PROTO_ICMP:
packet = packet.data
elif packet.p == dpkt.ip.IP_PROTO_TCP:
packet = packet.data
elif packet.p == dpkt.ip.IP_PROTO_UDP:
packet = packet.data
elif packet.p == dpkt.ip.IP_PROTO_IGMP:
continue
else:
raise UnknownIpProtocol(packet)
else:
ip = None
if isinstance(packet, dpkt.tcp.TCP):
self.tcp and self.tcp.process(ts, ip, packet)
if isinstance(packet, dpkt.udp.UDP):
self.udp and self.udp.process(ts, ip, packet)
while self.values:
yield self.values.pop(0)
self.tcp and self.tcp.finish()
while self.values:
yield self.values.pop(0)
self.udp and self.udp.finish()
while self.values:
yield self.values.pop(0)
def process(self):
if not self.pcap:
return
for ts, packet in self.pcap:
if isinstance(packet, bytes):
if self.pcap.datalink() == dpkt.pcap.DLT_EN10MB:
packet = self._parse_ethernet(packet)
elif self.pcap.datalink() == 101:
packet = dpkt.ip.IP(packet)
elif self.raise_exceptions:
raise UnknownDatalink(packet)
else:
self.exceptions[ts] = {
"exception": UnknownDatalink,
"data": packet,
"trace": traceback.extract_stack()
}
continue
if isinstance(packet, dpkt.ethernet.Ethernet):
if isinstance(packet.data, dpkt.ip.IP):
packet = packet.data
elif isinstance(packet.data, dpkt.ip6.IP6):
packet = packet.data
elif isinstance(packet.data, dpkt.arp.ARP):
packet = packet.data
elif self.raise_exceptions:
raise UnknownEthernetProtocol(packet)
else:
self.exceptions[ts] = {
"exception": UnknownEthernetProtocol,
"data": packet,
"trace": traceback.extract_stack()
}
continue
if isinstance(packet, dpkt.ip.IP):
ip = packet
if packet.p == dpkt.ip.IP_PROTO_ICMP:
packet = packet.data
elif packet.p == dpkt.ip.IP_PROTO_TCP:
packet = packet.data
elif packet.p == dpkt.ip.IP_PROTO_UDP:
packet = packet.data
elif packet.p == dpkt.ip.IP_PROTO_IGMP:
continue
elif self.raise_exceptions:
raise UnknownIpProtocol(packet)
else:
self.exceptions[ts] = {
"exception": UnknownIpProtocol,
"data": packet,
"trace": traceback.extract_stack()
}
continue
else:
ip = None
if isinstance(packet, dpkt.tcp.TCP):
try:
self.tcp and self.tcp.process(ts, ip, packet)
except InvalidTcpPacketOrder as e:
log.error(
"Invalid TCP packet order. Ts: %s (%s -> %s). %s", ts,
inet_to_str(ip.src), inet_to_str(ip.dst), e
)
except UnknownTcpSequenceNumber as e:
log.error(
"Unknown TCP sequence number. Ts: %s (%s -> %s). %s",
ts, inet_to_str(ip.src), inet_to_str(ip.dst), e
)
except UnexpectedTcpData as e:
log.error(
"Unexpected TCP data. Ts: %s (%s -> %s). %s", ts,
inet_to_str(ip.src), inet_to_str(ip.dst), e
)
if isinstance(packet, dpkt.udp.UDP):
self.udp and self.udp.process(ts, ip, packet)
while self.values:
yield self.values.pop(0)
self.tcp and self.tcp.finish()
while self.values:
yield self.values.pop(0)
self.udp and self.udp.finish()
while self.values:
yield self.values.pop(0)