public pyDissector(string fileName) { engine = Python.CreateEngine(); scope = engine.CreateScope(); var runtime = engine.Runtime; runtime.LoadAssembly(typeof(PacketDotNet.Packet).Assembly); runtime.LoadAssembly(typeof(pyDissector).Assembly); src = engine.CreateScriptSourceFromFile(fileName); program = src.Compile(); var result = program.Execute(scope); var filterString = scope.GetVariable<string>("nativeFilterString"); myFilter = filterGen.genFilter(filterString); parseFunc = scope.GetVariable<Func<Packet, HLPacket>>("parsePacket"); }
public notFilter(packetFilter aa) { a = aa; }
public orFilter(packetFilter aa, packetFilter bb) { a = aa; b = bb; }
public filterViewer(packetFilter filter) { this.filter = filter; }
public void applyOnlineFilter(packetFilter f) { var needResume = (this.status == listenerStatus.online); onlineFilter = f; foreach (var i in packList) if (f == null || f.pass(ref (i.packet))) { var p = i; onParseComplete(ref p); } }
public tcpStream(ref sPacket targetPacket) { //Setup filter var tcp = targetPacket.packet.Extract(typeof(PacketDotNet.TcpPacket)) as PacketDotNet.TcpPacket; var ip = targetPacket.packet.Extract(typeof(PacketDotNet.IpPacket)) as IpPacket; if (tcp == null || ip == null) throw new InvalidOperationException("Packet is not a TCP packet"); streamFilter = (new tcpPortFilter(true, tcp.SourcePort) & new tcpPortFilter(false, tcp.DestinationPort) & new ipIpFilter(true, ip.SourceAddress) & new ipIpFilter(false, ip.DestinationAddress)) | ((new tcpPortFilter(false, tcp.SourcePort) & new tcpPortFilter(true, tcp.DestinationPort) & new ipIpFilter(false, ip.SourceAddress) & new ipIpFilter(true, ip.DestinationAddress))); viewer = new filterViewer(streamFilter); //Search for target packet int pindex = 0; foreach (var i in packetListener.Instance.packList) { if (i.Equals(targetPacket)) break; pindex++; } viewer.reset(pindex); //Search for handshake Queue<Packet> handshakeWindow = new Queue<Packet>(3); var p = viewer.getCurrent(); for (; p != null; p = viewer.getForward()) { handshakeWindow.Enqueue(p.packet); if (handshakeWindow.Count > 3) handshakeWindow.Dequeue(); if (isHandshake(ref handshakeWindow,out client,out host)) { break; } } if (p == null) { throw new InvalidOperationException("TCP session is not complete"); } //Skip handshake viewer.getNext();viewer.getNext();viewer.getNext(); }