## FIXME - this needs to be done out of process using
## the distributed architecture!!!
## Open read only versions of these streams for
## scanning
dbfs = FileSystem.DBFS(case)
map_stream = dbfs.open(inode_id=map_stream.inode_id)
r_map_stream = dbfs.open(inode_id=r_map_stream.inode_id)
Scanner.scan_inode_distributed(case, map_stream.inode_id,
scanners, cookie)
Scanner.scan_inode_distributed(case, r_map_stream.inode_id,
scanners, cookie)
## Create a tcp reassembler if we need it
processor = reassembler.Reassembler(packet_callback=Callback)
return processor
class PCAPScanner(GenScanFactory):
""" A scanner for PCAP files. We reasemble streams and load them
automatically. Note that this code creates map streams for
forward, reverse and combined streams.
"""
def scan(self, fd, scanners, type, mime, cookie, **args):
if "PCAP" not in type: return
urn_dispatcher = {1: fd.urn}
processor = make_processor(fd.case, scanners, urn_dispatcher, cookie)
## Now process the file
socket.inet_ntoa(struct.pack(
">L", connection['src_ip'])), connection['src_port'],
socket.inet_ntoa(struct.pack(">L", connection['dest_ip'])),
connection['dest_port'], connection['l'])
if options.stats:
stats_fd = open(options.stats, 'ab')
stats_fd.write(stat)
stats_fd.close()
#for i in range(len(connection['packets'])):
# tmp.append("%s" % ((connection['packets'][i], connection['offset'][i],
# connection['length'][i]),))
#stats_fd.write("%s\n" % ','.join(tmp))
processor = reassembler.Reassembler(
packet_callback=FlagFramework.Curry(Callback, options=options))
for f in args:
try:
pcap_file = pypcap.PyPCAP(open(f, "rb"))
except IOError:
continue
while 1:
try:
packet = pcap_file.dissect()
processor.process(packet)
except StopIteration:
break