public SnooperExportCollection Run(IL7Conversation conversation)
{
if (!conversation.Pdus.Any())
{
return(SnooperEmptyExportCollection.Instance);
}
var protocolTag = this._portBasedClassifier.Classify(conversation);
if (protocolTag == null)
{
// No known protocol match
return(SnooperEmptyExportCollection.Instance);
}
var snooper = this.CreateSnooperForApplicationProtocolTag(protocolTag);
if (snooper == null)
{
return(SnooperEmptyExportCollection.Instance);
}
var snooperExportCollection = snooper.ProcessConversation(conversation);
return(snooperExportCollection);
}
public PduDataStream(IL7Conversation l7Conversation, PduDataProviderType type)
{
this.CurrentConversation = l7Conversation;
this._trackedL7Pdus = l7Conversation.Pdus.Select(pdu => new TrackedL7Pdu(pdu)).ToList();
switch (type)
{
case PduDataProviderType.Mixed:
this._pduMoveNextImpl = this.MoveNextMixed;
this._pduMovePreviousImpl = this.MovePreviousMixed;
break;
case PduDataProviderType.SingleMessage:
this._pduMoveNextImpl = this.MoveNextSingleMessage;
this._pduMovePreviousImpl = this.MovePreviousSingleMessage;
break;
case PduDataProviderType.ContinueInterlay:
this._pduMoveNextImpl = this.MoveNextContinueInterlay;
this._pduMovePreviousImpl = this.MovePreviousContinueInterlay;
break;
case PduDataProviderType.Breaked:
this._pduMoveNextImpl = this.MoveNextBreaked;
this._pduMovePreviousImpl = this.MovePreviousBreaked;
break;
default:
throw new ArgumentOutOfRangeException($"Invalid PduDataProviderType ${type.ToString()}");
}
this.Reset();
}
public SnooperExportCollection ProcessConversation(IL7Conversation conversation, Boolean stopProcessingAfterError = true)
{
this.CurrentL7Conversation = conversation;
this.PduReader = this.CreatePduReader();
var snooperExports = new List <SnooperExportBase>();
using (var snooperExportsEnumerator = this.ProcessConversation().GetEnumerator())
{
try
{
while (snooperExportsEnumerator.MoveNext())
{
var snooperExport = snooperExportsEnumerator.Current;
snooperExports.Add(snooperExport);
if (stopProcessingAfterError && snooperExport.ParsingFailed)
{
break;
}
}
}
catch (Exception e)
{
var unhandledExceptionExport = new SnooperUnhandledExceptionExport(this.PduReader, e);
snooperExports.Add(unhandledExceptionExport);
}
}
var snooperExportCollection = new SnooperExportCollection(this, snooperExports);
return(snooperExportCollection);
}
public String Classify(IL7Conversation l7Conversation)
{
var port = (UInt16)Math.Min(l7Conversation.DestinationEndPoint.Port, l7Conversation.SourceEndPoint.Port);
var protocol = l7Conversation.ProtocolType;
return(this._serviceLookupTable.TryLookupByPortAndProtocol(port, protocol, out var serviceRecord) ? serviceRecord.Name : null);
}
protected SnooperExportBase(IPduReader reader)
{
this.ConversationId = reader.CurrentConversation.Id;
this.Timestamp = reader.CurrentPdu.FirstSeen;
this.Direction = reader.CurrentPdu.Direction;
#if DEBUG
this.Conversation = reader.CurrentConversation;
this.Pdu = reader.CurrentPdu;
#else
this.Conversation = reader.CurrentConversation.ToString();
this.Pdu = reader.CurrentPdu.ToString();
#endif
}
