public virtual bool TryParse(CapturedPacket capturedPacket, out IList<T> packages)
{
var packetsSet = GetPacketsSet(capturedPacket);
var packets = ExtractPackets(capturedPacket, packetsSet);
packages = new List<T>();
foreach (var packet in packets)
{
var subPacket = !IsStartingPacket(packet.Bytes) ?
packetsSet.AddSubPacket(packet) :
packetsSet.AddStartingPacket(packet, ReadPacketLength(packet.Bytes));
if (subPacket == null || !subPacket.TryParse(PacketHeaderLength, out T package))
{
packetsSet.RemoveExpiredPackets();
continue;
}
packages.Add(package);
}
return packages.Count > 0;
}
/// <summary>
/// Parses captured data into the packet
/// </summary>
/// <param name="rawCapture">Captured data</param>
protected void ParsePacket(RawCapture rawCapture)
{
try
{
var packet = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
var tcpPacket = packet.Extract <TcpPacket>();
var ipPacket = packet.Extract <IPPacket>();
if (tcpPacket == null || ipPacket == null)
{
return;
}
var matchedImporter = importers.FirstOrDefault(x => x.IsRunning && !x.IsDisabled() && x.Match(tcpPacket, ipPacket));
if (matchedImporter == null)
{
return;
}
var payloadData = tcpPacket.PayloadData;
if (payloadData == null || payloadData.Length == 0)
{
return;
}
var capturedPacket = new CapturedPacket
{
Bytes = tcpPacket.PayloadData,
Source = new IPEndPoint(ipPacket.SourceAddress, tcpPacket.SourcePort),
Destination = new IPEndPoint(ipPacket.DestinationAddress, tcpPacket.DestinationPort),
CreatedTimeStamp = rawCapture.Timeval.Date,
SequenceNumber = tcpPacket.SequenceNumber
};
matchedImporter.AddPacket(capturedPacket);
}
catch (Exception e)
{
if (parsePacketLogErrorCounter < 5)
{
LogProvider.Log.Error(this, "Failed to parse captured packet.", e);
parsePacketLogErrorCounter++;
}
}
}
private SubPacket <T> AddPacket(CapturedPacket capturedPacket, int expectedLength, bool isStarting)
{
if (processedPackets.Contains(capturedPacket.SequenceNumber))
{
return(null);
}
var subPacket = new SubPacket <T>(capturedPacket.Bytes, expectedLength, capturedPacket.CreatedTimeStamp, capturedPacket.SequenceNumber, isStarting);
packets.Add(capturedPacket.SequenceNumber, subPacket);
processedPackets.Add(capturedPacket.SequenceNumber);
if (TryAssemblyPacket(out SubPacket <T> reassembliedPacket))
{
return(reassembliedPacket);
}
return(subPacket);
}
protected virtual PacketsSet<T> GetPacketsSet(CapturedPacket packet)
{
var sourceDestination = new SourceDestination
{
IPSource = packet.IPSource,
PortSource = packet.Source.Port,
IPDestination = packet.IPDestination,
PortDestination = packet.Destination.Port
};
if (packetsBytes.TryGetValue(sourceDestination, out PacketsSet<T> packetsSet))
{
return packetsSet;
}
packetsSet = new PacketsSet<T>();
packetsBytes.Add(sourceDestination, packetsSet);
return packetsSet;
}
protected virtual IList<CapturedPacket> ExtractPackets(CapturedPacket packet, PacketsSet<T> packetsSet)
{
var packets = new List<CapturedPacket>();
var packetLength = 0;
var offset = 0;
if (!IsStartingPacket(packet.Bytes))
{
var lengthToComplete = packetsSet.GetLengthToCompletePacket();
if (lengthToComplete == 0 ||
lengthToComplete >= packet.Bytes.Length)
{
packets.Add(packet);
return packets;
}
var additionalPacket = packet.Bytes.Skip(lengthToComplete).ToArray();
if (IsStartingPacket(additionalPacket))
{
packetLength = lengthToComplete;
}
}
else if ((packetLength = ReadPacketLength(packet.Bytes)) >= packet.Bytes.Length || packetLength == 0)
{
packets.Add(packet);
return packets;
}
var sequenceNumber = packet.SequenceNumber;
while (offset < packet.Bytes.Length)
{
var bytes = packet.Bytes.Skip(offset).ToArray();
if (offset != 0)
{
if (!IsStartingPacket(bytes))
{
break;
}
packetLength = ReadPacketLength(bytes);
}
var subPacket = new CapturedPacket
{
Bytes = bytes.Take(packetLength).ToArray(),
CreatedTimeStamp = packet.CreatedTimeStamp,
Destination = packet.Destination,
SequenceNumber = sequenceNumber++,
Source = packet.Source
};
packets.Add(subPacket);
offset += packetLength;
if (packetLength == 0)
{
break;
}
}
return packets;
}
public SubPacket <T> AddStartingPacket(CapturedPacket capturedPacket, int expectedLength)
{
return(AddPacket(capturedPacket, expectedLength, true));
}
public SubPacket <T> AddSubPacket(CapturedPacket capturedPacket)
{
return(AddPacket(capturedPacket, 0, false));
}
public abstract void AddPacket(CapturedPacket capturedPacket);
public Process GetProcess(CapturedPacket capturedPacket)
{
var connectionProcess = connectionProcesses.FirstOrDefault(x => x.Source.Equals(capturedPacket.Source) && x.Destination.Equals(capturedPacket.Destination));
if (connectionProcess != null && !connectionProcess.Validate())
{
connectionProcesses.Remove(connectionProcess);
connectionProcess = null;
}
if (connectionProcess == null)
{
bool filterConnection(LocalConnection connection)
{
return(connection.LocalAddress.Equals(capturedPacket.Source) && connection.Destination.Equals(capturedPacket.Destination) ||
connection.LocalAddress.Equals(capturedPacket.Destination) && connection.Destination.Equals(capturedPacket.Source));
}
var localConnection = localConnections.FirstOrDefault(x => filterConnection(x));
if (localConnection == null || localConnection.ProcessId == 0)
{
localConnections = NetworkUtils.GetAllTcpConnections().ToList();
var foundLocalConnections = localConnections.Where(x => filterConnection(x)).ToArray();
var processes = new HashSet <int>(Process.GetProcesses().Select(x => x.Id).Distinct());
localConnection = foundLocalConnections.FirstOrDefault(x => processes.Contains((int)x.ProcessId));
}
if (localConnection == null)
{
LogProvider.Log.Info(loggerName, $"Could not find associated process for packet {capturedPacket}. Probably, the emulator was closed.");
return(null);
}
if (localConnection.ProcessId == 0)
{
LogProvider.Log.Info(loggerName, $"Associated process isn't defined for packet {capturedPacket}");
return(null);
}
try
{
connectionProcess = new ConnectionProcessInfo
{
Source = capturedPacket.Source,
Destination = capturedPacket.Destination,
Process = Process.GetProcessById((int)localConnection.ProcessId),
LoggerName = loggerName
};
connectionProcesses.Add(connectionProcess);
}
catch (ArgumentException)
{
LogProvider.Log.Error(loggerName, $"Process {localConnection.ProcessId} isn't running. Probably, the emulator was closed.");
return(null);
}
catch (Exception e)
{
LogProvider.Log.Error(loggerName, "Failed to create connection process info", e);
return(null);
}
}
return(connectionProcess.Process);
}