def __init__(self, datalink=IL_TYPE_ETH, context=None): """ Create an audit manager to use in conjunction with a PacketProducer that feeds the instance with feed() method @see AuditManager.feed. @param datalink the datalink to be used. As default we use IL_TYPE_ETH. For more information on that @see pcap_datalink manpage @param context an AuditContext or None """ self._datalink = datalink self._context = context self._conn_manager = ConnectionManager() self._main_decoder = AuditManager().get_decoder( LINK_LAYER, self._datalink)
def __init__(self, datalink=IL_TYPE_ETH, context=None): """ Create an audit manager to use in conjunction with a PacketProducer that feeds the instance with feed() method @see AuditManager.feed. @param datalink the datalink to be used. As default we use IL_TYPE_ETH. For more information on that @see pcap_datalink manpage @param context an AuditContext or None """ self._datalink = datalink self._context = context self._conn_manager = ConnectionManager() self._main_decoder = AuditManager().get_decoder(LINK_LAYER, self._datalink)
class AuditDispatcher(object): def __init__(self, datalink=IL_TYPE_ETH, context=None): """ Create an audit manager to use in conjunction with a PacketProducer that feeds the instance with feed() method @see AuditManager.feed. @param datalink the datalink to be used. As default we use IL_TYPE_ETH. For more information on that @see pcap_datalink manpage @param context an AuditContext or None """ self._datalink = datalink self._context = context self._conn_manager = ConnectionManager() self._main_decoder = AuditManager().get_decoder(LINK_LAYER, self._datalink) def feed(self, mpkt, *args): """ General purpose procedure. Will be used the main_decoder created in the constructor. So if you need to have another main_dissector you could change it with the correct property. @param metapkt a MetaPacket object or None """ if not mpkt:# or not self._main_decoder: return manager = AuditManager() manager.run_hook_point('pm::received', mpkt) if not self._context: manager.run_decoder(LINK_LAYER, self.datalink, mpkt) return # Same code of run_decoder. # Only executed when there's a context so we can have more granularity # over various callbacks level = LINK_LAYER type = self.datalink mpkt.context = self._context while level is not None and type is not None: decoder, pre, post = manager.get_decoder(level, type) if not decoder and not pre and not post: break #log.debug("Running decoder %s" % decoder) for pre_hook in pre: pre_hook(mpkt) if decoder: ret = decoder(mpkt) for post_hook in post: post_hook(mpkt) if decoder and isinstance(ret, tuple): # Infinite loop over there :) level, type = ret else: break if not mpkt.flags & MPKT_FORWARDED: self._conn_manager.parse(mpkt) if mpkt.flags & MPKT_FORWARDABLE: manager.run_hook_point('pm::pre-forward', mpkt) self._context.forward(mpkt) mpkt.context = None mpkt.data = '' def get_main_decoder(self): return self._main_decoder def set_main_decoder(self, dec): self._main_decoder = dec def get_datalink(self): return self._datalink def get_connection_manager(self): return self._conn_manager main_decoder = property(get_main_decoder, set_main_decoder) datalink = property(get_datalink)
class AuditDispatcher(object): def __init__(self, datalink=IL_TYPE_ETH, context=None): """ Create an audit manager to use in conjunction with a PacketProducer that feeds the instance with feed() method @see AuditManager.feed. @param datalink the datalink to be used. As default we use IL_TYPE_ETH. For more information on that @see pcap_datalink manpage @param context an AuditContext or None """ self._datalink = datalink self._context = context self._conn_manager = ConnectionManager() self._main_decoder = AuditManager().get_decoder( LINK_LAYER, self._datalink) def feed(self, mpkt, *args): """ General purpose procedure. Will be used the main_decoder created in the constructor. So if you need to have another main_dissector you could change it with the correct property. @param metapkt a MetaPacket object or None """ if not mpkt: # or not self._main_decoder: return manager = AuditManager() manager.run_hook_point('pm::received', mpkt) if not self._context: manager.run_decoder(LINK_LAYER, self.datalink, mpkt) return # Same code of run_decoder. # Only executed when there's a context so we can have more granularity # over various callbacks level = LINK_LAYER type = self.datalink mpkt.context = self._context while level is not None and type is not None: decoder, pre, post = manager.get_decoder(level, type) if not decoder and not pre and not post: break #log.debug("Running decoder %s" % decoder) for pre_hook in pre: pre_hook(mpkt) if decoder: ret = decoder(mpkt) for post_hook in post: post_hook(mpkt) if decoder and isinstance(ret, tuple): # Infinite loop over there :) level, type = ret else: break if not mpkt.flags & MPKT_FORWARDED: self._conn_manager.parse(mpkt) if mpkt.flags & MPKT_FORWARDABLE: manager.run_hook_point('pm::pre-forward', mpkt) self._context.forward(mpkt) mpkt.context = None mpkt.data = '' def get_main_decoder(self): return self._main_decoder def set_main_decoder(self, dec): self._main_decoder = dec def get_datalink(self): return self._datalink def get_connection_manager(self): return self._conn_manager main_decoder = property(get_main_decoder, set_main_decoder) datalink = property(get_datalink)