def _verify_working_pcap(cap_filter): """Verify we can create a packet filter. If we cannot create a filter we will be listening for all traffic which is too intensive. """ compile_filter(cap_filter)
def _verify_working_pcap(cap_filter): """Verify we can create a packet filter. If we cannot create a filter we will be listening for all traffic which is too intensive. """ # Local import because importing from scapy has side effects such as opening # sockets from scapy.arch.common import ( # pylint: disable=import-outside-toplevel compile_filter, ) compile_filter(cap_filter)
def attach_filter(fd, bpf_filter, iface): """Attach a BPF filter to the BPF file descriptor""" bp = compile_filter(bpf_filter, iface) # Assign the BPF program to the interface ret = LIBC.ioctl(c_int(fd), BIOCSETF, cast(pointer(bp), c_char_p)) if ret < 0: raise Scapy_Exception("Can't attach the BPF filter !")
def attach_filter(sock, bpf_filter, iface): # XXX We generate the filter on the interface conf.iface # because tcpdump open the "any" interface and ppp interfaces # in cooked mode. As we use them in raw mode, the filter will not # work... one solution could be to use "any" interface and translate # the filter from cooked mode to raw mode # mode bp = compile_filter(bpf_filter, iface) sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)
def attach_filter(sock, bpf_filter, iface): """ Compile bpf filter and attach it to a socket :param sock: the python socket :param bpf_filter: the bpf string filter to compile :param iface: the interface used to compile """ bp = compile_filter(bpf_filter, iface) sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)
def attach_filter(sock, bpf_filter, iface): # type: (socket.socket, str, Union[NetworkInterface, str]) -> None """ Compile bpf filter and attach it to a socket :param sock: the python socket :param bpf_filter: the bpf string filter to compile :param iface: the interface used to compile """ bp = compile_filter(bpf_filter, iface) if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): # type: ignore # PyPy < 7.3.2 has a broken behavior # https://foss.heptapod.net/pypy/pypy/-/issues/3298 bp = struct.pack('HL', bp.bf_len, ctypes.addressof(bp.bf_insns.contents)) else: bp = sock_fprog(bp.bf_len, bp.bf_insns) sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)