public TSharkSender(string pipeName, DataLinkType linkType) { this.m_pipeName = pipeName; this.m_linkType = linkType; m_connectionCompleted = Task.Factory.StartNew(PipeCreate); }
public PcapFileReader(string filename, int packetQueueSize, ReadCompletedCallback captureCompleteCallback) { this.filename = filename; this.fileStream = new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.Read, 262144, FileOptions.SequentialScan); this.packetQueueSize = packetQueueSize; this.readCompletedCallback = captureCompleteCallback; byte[] buffer4 = new byte[4]; //32 bits is suitable byte[] buffer2 = new byte[2]; //16 bits is sometimes needed uint wiresharkMagicNumber = 0xa1b2c3d4; //Section Header Block (mandatory) fileStream.Read(buffer4, 0, 4); if (wiresharkMagicNumber == this.ToUInt32(buffer4, false)) { this.littleEndian = false; } else if (wiresharkMagicNumber == this.ToUInt32(buffer4, true)) { this.littleEndian = true; } else { throw new System.IO.InvalidDataException("The file " + filename + " is not a PCAP file. Magic number is " + this.ToUInt32(buffer4, false).ToString("X2") + " or " + this.ToUInt32(buffer4, true).ToString("X2") + " but should be " + wiresharkMagicNumber.ToString("X2") + "."); } /* major version number */ fileStream.Read(buffer2, 0, 2); this.majorVersionNumber = ToUInt16(buffer2, this.littleEndian); /* minor version number */ fileStream.Read(buffer2, 0, 2); this.minorVersionNumber = ToUInt16(buffer2, this.littleEndian); /* GMT to local correction */ fileStream.Read(buffer4, 0, 4); this.timezoneOffsetSeconds = (int)ToUInt32(buffer4, this.littleEndian); /* accuracy of timestamps */ fileStream.Read(buffer4, 0, 4); /* max length of captured packets, in octets */ fileStream.Read(buffer4, 0, 4); this.maximumPacketSize = ToUInt32(buffer4, this.littleEndian); /* data link type */ fileStream.Read(buffer4, 0, 4); this.dataLinkType = (DataLinkType)ToUInt32(buffer4, this.littleEndian); this.pcapHeaderSize = fileStream.Position; this.backgroundFileReader = new System.ComponentModel.BackgroundWorker(); this.packetQueue = new Queue <PcapPacket>(this.packetQueueSize); this.enqueuedByteCount = 0; this.dequeuedByteCount = 0; this.StartBackgroundWorkers(); }
public PcapFileWriter(string filename, DataLinkType dataLinkType, System.IO.FileMode fileMode, int bufferSize) { this.filename = filename; this.referenceTime = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); this.fileStream = new FileStream(filename, fileMode, FileAccess.Write, FileShare.Write, bufferSize, FileOptions.SequentialScan); this.isOpen = true; fileStream.Write(ToByteArray(MAGIC_NUMBER), 0, 4); fileStream.Write(ToByteArray(MAJOR_VERSION_NUMBER), 0, 2); fileStream.Write(ToByteArray(MINOR_VERSION_NUMBER), 0, 2); fileStream.Write(ToByteArray((uint)0x00), 0, 4); //Time zone offset fileStream.Write(ToByteArray((uint)0x00), 0, 4); //accuracy of timestamps fileStream.Write(ToByteArray((uint)0xffff), 0, 4); //max length of captured packets, in octets fileStream.Write(ToByteArray((uint)dataLinkType), 0, 4); }
public TSharkBlock(TSharkProcess <TDecodedFrame> tsharkProcess, DataLinkType datalinkType = DataLinkType.Ethernet) { var m_pipename = $"ndx.tshark_{new Random().Next(Int32.MaxValue)}"; m_wsender = new TSharkSender(m_pipename, datalinkType); m_inputBlock = new ActionBlock <RawCapture>(SendFrame); m_inputBlock.Completion.ContinueWith((t) => m_wsender.Close()); m_outputBlock = new BufferBlock <TDecodedFrame>(); // create and initialize TSHARK: m_tshark = tsharkProcess; m_tshark.PipeName = m_pipename; m_tshark.PacketDecoded += PacketDecoded; m_tshark.Start(); m_tshark.Completion.ContinueWith((t) => m_outputBlock.Complete()); m_wsender.Connected.Wait(); }
// DLT_USER0 = 147 public void WriteHeader(DataLinkType network, uint snaplen) { if (_bw == null) return; try { _bw.Write((UInt32)0xa1b2c3d4); // MAGIC _bw.Write((UInt16)2); // Ver major _bw.Write((UInt16)4); // Ver minot _bw.Write((UInt32)0); // ZONE _bw.Write((UInt32)0); // significant figures _bw.Write((UInt32)snaplen); _bw.Write((UInt32)network); } catch { _bw.Dispose(); _bw = null; } }
public void WriteHeader(DataLinkType network, uint snaplen) // DLT_USER0 = 147 { if (_bw == null) { return; } try { _bw.Write((UInt32)0xa1b2c3d4); // MAGIC _bw.Write((UInt16)2); // Ver major _bw.Write((UInt16)4); // Ver minot _bw.Write((UInt32)0); // ZONE _bw.Write((UInt32)0); // significant figures _bw.Write((UInt32)snaplen); _bw.Write((UInt32)network); } catch { _bw.Dispose(); _bw = null; } }
public PcapFileWriter(string filename, DataLinkType dataLinkType) : this(filename, dataLinkType, System.IO.FileMode.Create, 262144) { //nothing more needed }
private DataCfg(string suffix) { string linkType = WRSetting.Set().getSettings(Const.LinkType + suffix); if ("1".Equals(linkType)) { dlt = DataLinkType.dltODBC; } else if ("2".Equals(linkType)) { dlt = DataLinkType.dltSocket; } else if ("3".Equals(linkType)) { dlt = DataLinkType.dltWeb; } else { dlt = DataLinkType.dltNone; } switch (dlt) { case DataLinkType.dltODBC: string dbtype = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBType).ToLower(); string ip = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBIP); string port = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBPort); string dbase = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBase); string user = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBUserName); string password = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBUserPass); string ver = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBVer); string dbfile = WRSetting.Set().getSettings(Const.ODBC + suffix + "/" + Const.DBFile).ToLower(); password = CryptUtil.DecryptDES(password); //密码采用DES加密算法存储在配置文件中,所以此处应该解密 if (Const.oracle.Equals(dbtype)) { dbt = DataBaseType.dbtOracle; } else if (Const.mssql.Equals(dbtype)) { dbt = DataBaseType.dbtMSSQL; } else if (Const.mysql.Equals(dbtype)) { dbt = DataBaseType.dbtMySQL; } else if (Const.access.Equals(dbtype)) { dbt = DataBaseType.dbtAccess; } else if (Const.sqlite.Equals(dbtype)) { dbt = DataBaseType.dbtSQLite; } else if (Const.dbase.Equals(dbtype)) { dbt = DataBaseType.dbtDBase; } else { dbt = DataBaseType.dbtNone; } dbService = new DataODBCService(); switch (dbt) { case DataBaseType.dbtOracle: (dbService as DataODBCService).db = new Oracle(ip, port, dbase, user, password, ver); break; case DataBaseType.dbtMSSQL: (dbService as DataODBCService).db = new SqlServer(ip, port, dbase, user, password, ver); break; case DataBaseType.dbtMySQL: (dbService as DataODBCService).db = new MySql(ip, port, dbase, user, password, ver); break; case DataBaseType.dbtAccess: (dbService as DataODBCService).db = new Access(dbfile, password); break; case DataBaseType.dbtSQLite: (dbService as DataODBCService).db = new SQLite(dbfile, password); break; case DataBaseType.dbtDBase: (dbService as DataODBCService).db = new DBase(dbfile, password); break; default: throw new Exception("没有设置数据库类型!"); } break; case DataLinkType.dltSocket: string socketIP = WRSetting.Set().getSettings(Const.Socket + suffix + "/" + Const.SocketIP).ToLower(); string socketPort = WRSetting.Set().getSettings(Const.Socket + suffix + "/" + Const.SocketPort).ToLower(); string socketServer = WRSetting.Set().getSettings(Const.Socket + suffix + "/" + Const.SocketServer).ToLower(); break; case DataLinkType.dltWeb: string url = WRSetting.Set().getSettings(Const.WebService + suffix + "/" + Const.WSURL).ToLower(); break; default: throw new Exception("没有设置连接数据库方式!"); } }
/// <summary> /// Decodes each <see cref="RawCapture"/> of a sequence into a <typeparamref name="TRecord"/> object. /// </summary> /// <typeparam name="TRecord"></typeparam> /// <param name="frames">A sequence of values to invoke a transform function on.</param> /// <param name="tsharkProcess">A decoder process to apply to each element.</param> /// <param name="datalinkType">The link layer type used in decoding operation. Default is <see cref="DataLinkType.Ethernet"/>.</param> /// <returns> /// An IEnumerable<PacketFields> whose elements are the result of invoking the decode function on each element of source. /// </returns> /// <remarks> /// This method is implemented by using deferred execution. The immediate return value is an object that stores all the information /// that is required to perform the action. The query represented by this method is not executed until the object is enumerated /// either by calling its GetEnumerator method directly or by using foreach. /// </remarks> public static IEnumerable <TRecord> Decode <TRecord>(this IEnumerable <RawCapture> frames, TSharkProcess <TRecord> tsharkProcess, DataLinkType datalinkType = DataLinkType.Ethernet) { var pipename = $"ndx.tshark_{new Random().Next(Int32.MaxValue)}"; var wsender = new TSharkSender(pipename, datalinkType); tsharkProcess.PipeName = pipename; var decodedPackets = new BlockingCollection <TRecord>(); void PacketDecoded(object sender, TRecord packet) { decodedPackets.Add(packet); } tsharkProcess.PacketDecoded += PacketDecoded; tsharkProcess.Start(); if (!wsender.Connected.Wait(5000)) { throw new InvalidOperationException("Cannot connect to TShark process."); } var pumpTask = Task.Run(async() => { foreach (var frame in frames) { await wsender.SendAsync(frame); } wsender.Close(); }); while (tsharkProcess.IsRunning || decodedPackets.Count > 0) { yield return(decodedPackets.Take()); } }