class TestHexDumpAdapter(unittest.TestCase):
def setUp(self):
self.hda = HexDumpAdapter(Field("hexdumpadapter", 6))
def test_trivial(self):
pass
def test_parse(self):
self.assertEqual(self.hda.parse("abcdef"), "abcdef")
def test_build(self):
self.assertEqual(self.hda.build("abcdef"), "abcdef")
def test_str(self):
pretty = str(self.hda.parse("abcdef")).strip()
offset, digits, ascii = [i.strip() for i in pretty.split(" ") if i]
self.assertEqual(offset, "0000")
self.assertEqual(digits, "61 62 63 64 65 66")
self.assertEqual(ascii, "abcdef")
class TestHexDumpAdapter(unittest.TestCase):
def setUp(self):
self.hda = HexDumpAdapter(Field("hexdumpadapter", 6))
def test_trivial(self):
pass
def test_parse(self):
self.assertEqual(self.hda.parse("abcdef"), "abcdef")
def test_build(self):
self.assertEqual(self.hda.build("abcdef"), "abcdef")
def test_pretty_str(self):
pretty = self.hda.parse("abcdef").__pretty_str__().strip()
offset, digits, ascii = [i.strip() for i in pretty.split(" ") if i]
self.assertEqual(offset, "0000")
self.assertEqual(digits, "61 62 63 64 65 66")
self.assertEqual(ascii, "abcdef")
def build_id():
return Struct("build_id",
Anchor("start"),
UNInt32("type"),
UNInt16("misc"),
UNInt16("size"),
SNInt32("pid"),
HexDumpAdapter(String("build_id", 24)),
CString("filename"),
Anchor("offset"),
pad("size"))
def setUp(self):
self.hda = HexDumpAdapter(Field("hexdumpadapter", 6))
def setUp(self):
self.hda = HexDumpAdapter(Field("hexdumpadapter", 6))
def _decode(self, obj, context):
return time.ctime(obj)
def _encode(self, obj, context):
return int(time.mktime(time.strptime(obj)))
packet_record = Struct(
"packet_record",
UBInt32("original_length"),
UBInt32("included_length"),
UBInt32("record_length"),
UBInt32("cumulative_drops"),
EpochTimeStampAdapter(UBInt32("timestamp_seconds")),
UBInt32("timestamp_microseconds"),
HexDumpAdapter(Field("data", lambda ctx: ctx.included_length)),
# 24 being the static length of the packet_record header
Padding(lambda ctx: ctx.record_length - ctx.included_length - 24),
)
datalink_type = Enum(
UBInt32("datalink"),
IEEE802dot3=0,
IEEE802dot4=1,
IEEE802dot5=2,
IEEE802dot6=3,
ETHERNET=4,
HDLC=5,
CHARSYNC=6,
IBMCHANNEL=7,
FDDI=8,
Note: before parsing the application layer over a TCP stream, you must
first combine all the TCP frames into a stream. See utils.tcpip for
some solutions
"""
from construct import Struct, Rename, HexDumpAdapter, Field, Switch, Pass
from construct.protocols.layer2.ethernet import ethernet_header
from construct.protocols.layer3.ipv4 import ipv4_header
from construct.protocols.layer3.ipv6 import ipv6_header
from construct.protocols.layer4.tcp import tcp_header
from construct.protocols.layer4.udp import udp_header
layer4_tcp = Struct(
"layer4_tcp",
Rename("header", tcp_header),
HexDumpAdapter(
Field(
"next", lambda ctx: ctx["_"]["header"].payload_length - ctx[
"header"].header_length)),
)
layer4_udp = Struct(
"layer4_udp",
Rename("header", udp_header),
HexDumpAdapter(Field("next", lambda ctx: ctx["header"].payload_length)),
)
layer3_payload = Switch("next",
lambda ctx: ctx["header"].protocol, {
"TCP": layer4_tcp,
"UDP": layer4_udp,
},
default=Pass)