public pyDissector(string fileName)
{
engine = Python.CreateEngine();
scope = engine.CreateScope();
var runtime = engine.Runtime;
runtime.LoadAssembly(typeof(PacketDotNet.Packet).Assembly);
runtime.LoadAssembly(typeof(pyDissector).Assembly);
src = engine.CreateScriptSourceFromFile(fileName);
program = src.Compile();
var result = program.Execute(scope);
var filterString = scope.GetVariable<string>("nativeFilterString");
myFilter = filterGen.genFilter(filterString);
parseFunc = scope.GetVariable<Func<Packet, HLPacket>>("parsePacket");
}
public notFilter(packetFilter aa)
{
a = aa;
}
public orFilter(packetFilter aa, packetFilter bb)
{
a = aa; b = bb;
}
public filterViewer(packetFilter filter)
{
this.filter = filter;
}
public void applyOnlineFilter(packetFilter f)
{
var needResume = (this.status == listenerStatus.online);
onlineFilter = f;
foreach (var i in packList)
if (f == null || f.pass(ref (i.packet)))
{
var p = i;
onParseComplete(ref p);
}
}
public tcpStream(ref sPacket targetPacket)
{
//Setup filter
var tcp = targetPacket.packet.Extract(typeof(PacketDotNet.TcpPacket)) as PacketDotNet.TcpPacket;
var ip = targetPacket.packet.Extract(typeof(PacketDotNet.IpPacket)) as IpPacket;
if (tcp == null || ip == null)
throw new InvalidOperationException("Packet is not a TCP packet");
streamFilter = (new tcpPortFilter(true, tcp.SourcePort) & new tcpPortFilter(false, tcp.DestinationPort) &
new ipIpFilter(true, ip.SourceAddress) & new ipIpFilter(false, ip.DestinationAddress)) |
((new tcpPortFilter(false, tcp.SourcePort) & new tcpPortFilter(true, tcp.DestinationPort) &
new ipIpFilter(false, ip.SourceAddress) & new ipIpFilter(true, ip.DestinationAddress)));
viewer = new filterViewer(streamFilter);
//Search for target packet
int pindex = 0;
foreach (var i in packetListener.Instance.packList)
{
if (i.Equals(targetPacket))
break;
pindex++;
}
viewer.reset(pindex);
//Search for handshake
Queue<Packet> handshakeWindow = new Queue<Packet>(3);
var p = viewer.getCurrent();
for (; p != null; p = viewer.getForward())
{
handshakeWindow.Enqueue(p.packet);
if (handshakeWindow.Count > 3)
handshakeWindow.Dequeue();
if (isHandshake(ref handshakeWindow,out client,out host))
{
break;
}
}
if (p == null)
{
throw new InvalidOperationException("TCP session is not complete");
}
//Skip handshake
viewer.getNext();viewer.getNext();viewer.getNext();
}
