rename ICMP_Resequence > Dumb_Resequence; bugfixes/tolerances

This commit is contained in:
pi-rho 2013-02-17 09:32:56 -06:00
parent 8073bceeb8
commit 0e5c4d81c9
1 changed files with 36 additions and 18 deletions

View File

@ -142,17 +142,27 @@ class Frame(object):
# This hash is the same for both sides of the transaction # This hash is the same for both sides of the transaction
self.iphash = self.saddr ^ self.daddr self.iphash = self.saddr ^ self.daddr
self.hash = (self.saddr ^ (self.sport or 0)
^ self.daddr ^ (self.dport or 0)) self.hash = (self.saddr ^ (self.sport or 0) ^
self.daddr ^ (self.dport or 0))
else: else:
self.name = 'Ethernet type %d' % self.eth_type self.name = 'Ethernet type %d' % self.eth_type
self.protocol = None self.protocol = None
self.saddr = self.eth_shost
self.daddr = self.eth_dhost
self.sport = self.dport = None
self.hash = self.eth_type
self.payload = p
@property @property
def src_addr(self): def src_addr(self):
saddr = struct.pack('!i', self.saddr) try:
self._src_addr = socket.inet_ntoa(saddr) saddr = struct.pack('!I', self.saddr)
return self._src_addr self._src_addr = socket.inet_ntoa(saddr)
return self._src_addr
except struct.error:
self._src_addr = str_of_eth(self.saddr)
return self._src_addr
@src_addr.deleter @src_addr.deleter
def src_addr(self): def src_addr(self):
@ -160,9 +170,13 @@ class Frame(object):
@property @property
def dst_addr(self): def dst_addr(self):
daddr = struct.pack('!i', self.daddr) try:
self._dst_addr = socket.inet_ntoa(daddr) daddr = struct.pack('!I', self.daddr)
return self._dst_addr self._dst_addr = socket.inet_ntoa(daddr)
return self._dst_addr
except struct.error:
self._dst_addr = str_of_eth(self.daddr)
return self._dst_addr
@dst_addr.deleter @dst_addr.deleter
def dst_addr(self): def dst_addr(self):
@ -277,7 +291,7 @@ class TCP_Recreate(object):
def handshake(self, timestamp): def handshake(self, timestamp):
self.write_pkt(timestamp, True, '', SYN) self.write_pkt(timestamp, True, '', SYN)
self.write_pkt(timestamp, False, '', SYN | ACK) self.write_pkt(timestamp, False, '', SYN | ACK)
#self.write_pkt(timestamp, True, '', ACK) self.write_pkt(timestamp, True, '', ACK)
def close(self): def close(self):
self.write_pkt(self.lastts, True, '', FIN | ACK) self.write_pkt(self.lastts, True, '', FIN | ACK)
@ -457,7 +471,7 @@ class TCP_Resequence(object):
hexdump(pkt.payload) hexdump(pkt.payload)
class ICMP_Resequence(object): class Dumb_Resequence(object):
"""ICMP session resequencer""" """ICMP session resequencer"""
def __init__(self): def __init__(self):
@ -486,14 +500,14 @@ class Dispatch(object):
if not literal: if not literal:
parts = filename.split(':::') parts = filename.split(':::')
fn = parts[0] fn = parts[0]
fd = file(fn) fd = open(fn, 'rb')
pc = pcap.open(fd) pc = pcap.open(fd)
if len(parts) > 1: if len(parts) > 1:
pos = int(parts[1]) pos = int(parts[1])
fd.seek(pos) fd.seek(pos)
self._read(pc, fn, fd) self._read(pc, fn, fd)
else: else:
fd = file(filename) fd = open(filename, 'rb')
pc = pcap.open(fd) pc = pcap.open(fd)
self._read(pc, filename, fd) self._read(pc, filename, fd)
@ -504,10 +518,12 @@ class Dispatch(object):
heapq.heappush(self.tops, (f, pc, filename, fd, pos)) heapq.heappush(self.tops, (f, pc, filename, fd, pos))
def _get_sequencer(self, proto): def _get_sequencer(self, proto):
if proto == TCP: if not proto:
return Dumb_Resequence()
elif proto == TCP:
return TCP_Resequence() return TCP_Resequence()
elif proto == ICMP: elif proto == ICMP:
return ICMP_Resequence() return Dumb_Resequence()
else: else:
raise NotImplementedError() raise NotImplementedError()
@ -799,7 +815,8 @@ class Session(object):
os.unlink(fullfn2) os.unlink(fullfn2)
except OSError: except OSError:
pass pass
os.link(fullfn, fullfn2) if fullfn != fullfn2:
os.link(fullfn, fullfn2)
return fd return fd
def handle_packets(self, collection): def handle_packets(self, collection):
@ -830,7 +847,7 @@ class HtmlSession(Session):
self.startlog() self.startlog()
def startlog(self, client="#a8a8a8", server="white"): def startlog(self, client="#a8a8a8", server="white"):
if self.sessfd is not None: if self.sessfd:
self.sessfd.close() self.sessfd.close()
self.sessfd = self.open_out('session.html') self.sessfd = self.open_out('session.html')
@ -853,8 +870,9 @@ class HtmlSession(Session):
self.sessfd.write('<pre>') self.sessfd.write('<pre>')
def __del__(self): def __del__(self):
self.sessfd.write('</pre></body></html>') if self.sessfd:
self.sessfd.close() self.sessfd.write('</pre></body></html>')
self.sessfd.close()
def log(self, frame, payload, escape=True): def log(self, frame, payload, escape=True):
if escape: if escape: