forked from osmocom/wireshark
413e04d2b8
svn path=/trunk/; revision=47259
325 lines
8.8 KiB
Python
Executable file
325 lines
8.8 KiB
Python
Executable file
"""
|
|
Routines for reading PDML produced from TShark.
|
|
|
|
Copyright (c) 2003, 2013 by Gilbert Ramirez <gram@alumni.rice.edu>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public License
|
|
as published by the Free Software Foundation; either version 2
|
|
of the License, or (at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
"""
|
|
|
|
import sys
|
|
import xml.sax
|
|
from xml.sax.saxutils import quoteattr
|
|
import cStringIO as StringIO
|
|
|
|
class CaptureFile:
|
|
pass
|
|
|
|
class FoundItException(Exception):
|
|
"""Used internally for exiting a tree search"""
|
|
pass
|
|
|
|
class PacketList:
|
|
"""Holds Packet objects, and has methods for finding
|
|
items within it."""
|
|
|
|
def __init__(self, children=None):
|
|
if children == None:
|
|
self.children = []
|
|
else:
|
|
self.children = children
|
|
|
|
def __getitem__(self, index):
|
|
"""We act like a list."""
|
|
return self.children[index]
|
|
|
|
def __len__(self):
|
|
return len(self.children)
|
|
|
|
def item_exists(self, name):
|
|
"""Does an item with name 'name' exist in this
|
|
PacketList? Returns True or False."""
|
|
for child in self.children:
|
|
if child.name == name:
|
|
return True
|
|
|
|
try:
|
|
for child in self.children:
|
|
child._item_exists(name)
|
|
|
|
except FoundItException:
|
|
return True
|
|
|
|
return False
|
|
|
|
def _item_exists(self, name):
|
|
for child in self.children:
|
|
if child.name == name:
|
|
raise FoundItException
|
|
child._item_exists(name)
|
|
|
|
|
|
def get_items(self, name, items=None):
|
|
"""Return all items that match the name 'name'.
|
|
They are returned in order of a depth-first-search."""
|
|
if items == None:
|
|
top_level = 1
|
|
items = []
|
|
else:
|
|
top_level = 0
|
|
|
|
for child in self.children:
|
|
if child.name == name:
|
|
items.append(child)
|
|
child.get_items(name, items)
|
|
|
|
if top_level:
|
|
return PacketList(items)
|
|
|
|
def get_items_before(self, name, before_item, items=None):
|
|
"""Return all items that match the name 'name' that
|
|
exist before the before_item. The before_item is an object.
|
|
They results are returned in order of a depth-first-search.
|
|
This function allows you to find fields from protocols that occur
|
|
before other protocols. For example, if you have an HTTP
|
|
protocol, you can find all tcp.dstport fields *before* that HTTP
|
|
protocol. This helps analyze in the presence of tunneled protocols."""
|
|
if items == None:
|
|
top_level = 1
|
|
items = []
|
|
else:
|
|
top_level = 0
|
|
|
|
for child in self.children:
|
|
if top_level == 1 and child == before_item:
|
|
break
|
|
if child.name == name:
|
|
items.append(child)
|
|
# Call get_items because the 'before_item' applies
|
|
# only to the top level search.
|
|
child.get_items(name, items)
|
|
|
|
if top_level:
|
|
return PacketList(items)
|
|
|
|
|
|
class ProtoTreeItem(PacketList):
|
|
def __init__(self, xmlattrs):
|
|
PacketList.__init__(self)
|
|
|
|
self.name = xmlattrs.get("name", "")
|
|
self.showname = xmlattrs.get("showname", "")
|
|
self.pos = xmlattrs.get("pos", "")
|
|
self.size = xmlattrs.get("size", "")
|
|
self.value = xmlattrs.get("value", "")
|
|
self.show = xmlattrs.get("show", "")
|
|
self.hide = xmlattrs.get("hide", "")
|
|
|
|
def add_child(self, child):
|
|
self.children.append(child)
|
|
|
|
def get_name(self):
|
|
return self.name
|
|
|
|
def get_showname(self):
|
|
return self.showname
|
|
|
|
def get_pos(self):
|
|
return self.pos
|
|
|
|
def get_size(self):
|
|
return self.size
|
|
|
|
def get_value(self):
|
|
return self.value
|
|
|
|
def get_show(self):
|
|
return self.show
|
|
|
|
def get_hide(self):
|
|
return self.hide
|
|
|
|
def dump(self, fh=sys.stdout):
|
|
if self.name:
|
|
print >> fh, " name=%s" % (quoteattr(self.name),),
|
|
|
|
if self.showname:
|
|
print >> fh, "showname=%s" % (quoteattr(self.showname),),
|
|
|
|
if self.pos:
|
|
print >> fh, "pos=%s" % (quoteattr(self.pos),),
|
|
|
|
if self.size:
|
|
print >> fh, "size=%s" % (quoteattr(self.size),),
|
|
|
|
if self.value:
|
|
print >> fh, "value=%s" % (quoteattr(self.value),),
|
|
|
|
if self.show:
|
|
print >> fh, "show=%s" % (quoteattr(self.show),),
|
|
|
|
if self.hide:
|
|
print >> fh, "hide=%s" % (quoteattr(self.hide),),
|
|
|
|
class Packet(ProtoTreeItem, PacketList):
|
|
def dump(self, fh=sys.stdout, indent=0):
|
|
print >> fh, " " * indent, "<packet>"
|
|
indent += 1
|
|
for child in self.children:
|
|
child.dump(fh, indent)
|
|
print >> fh, " " * indent, "</packet>"
|
|
|
|
|
|
class Protocol(ProtoTreeItem):
|
|
|
|
def dump(self, fh=sys.stdout, indent=0):
|
|
print >> fh, "%s<proto " % (" " * indent,),
|
|
|
|
ProtoTreeItem.dump(self, fh)
|
|
|
|
print >> fh, '>'
|
|
|
|
indent += 1
|
|
for child in self.children:
|
|
child.dump(fh, indent)
|
|
print >> fh, " " * indent, "</proto>"
|
|
|
|
|
|
class Field(ProtoTreeItem):
|
|
|
|
def dump(self, fh=sys.stdout, indent=0):
|
|
print >> fh, "%s<field " % (" " * indent,),
|
|
|
|
ProtoTreeItem.dump(self, fh)
|
|
|
|
if self.children:
|
|
print >> fh, ">"
|
|
indent += 1
|
|
for child in self.children:
|
|
child.dump(fh, indent)
|
|
print >> fh, " " * indent, "</field>"
|
|
|
|
else:
|
|
print >> fh, "/>"
|
|
|
|
|
|
class ParseXML(xml.sax.handler.ContentHandler):
|
|
|
|
ELEMENT_FILE = "pdml"
|
|
ELEMENT_FRAME = "packet"
|
|
ELEMENT_PROTOCOL = "proto"
|
|
ELEMENT_FIELD = "field"
|
|
|
|
def __init__(self, cb):
|
|
self.cb = cb
|
|
self.chars = ""
|
|
self.element_stack = []
|
|
|
|
def startElement(self, name, xmlattrs):
|
|
self.chars = ""
|
|
|
|
if name == self.ELEMENT_FILE:
|
|
# Eventually, we should check version number of pdml here
|
|
elem = CaptureFile()
|
|
|
|
elif name == self.ELEMENT_FRAME:
|
|
elem = Packet(xmlattrs)
|
|
|
|
elif name == self.ELEMENT_PROTOCOL:
|
|
elem = Protocol(xmlattrs)
|
|
|
|
elif name == self.ELEMENT_FIELD:
|
|
elem = Field(xmlattrs)
|
|
|
|
else:
|
|
sys.exit("Unknown element: %s" % (name,))
|
|
|
|
self.element_stack.append(elem)
|
|
|
|
|
|
def endElement(self, name):
|
|
elem = self.element_stack.pop()
|
|
|
|
# if isinstance(elem, Field):
|
|
# if elem.get_name() == "frame.number":
|
|
# print >> sys.stderr, "Packet:", elem.get_show()
|
|
|
|
# Add element as child to previous element as long
|
|
# as there is more than 1 element in the stack. Only
|
|
# one element in the stack means that the the element in
|
|
# the stack is the single CaptureFile element, and we don't
|
|
# want to add this element to that, as we only want one
|
|
# Packet element in memory at a time.
|
|
if len(self.element_stack) > 1:
|
|
parent_elem = self.element_stack[-1]
|
|
parent_elem.add_child(elem)
|
|
|
|
self.chars = ""
|
|
|
|
# If we just finished a Packet element, hand it to the
|
|
# user's callback.
|
|
if isinstance(elem, Packet):
|
|
self.cb(elem)
|
|
|
|
def characters(self, chars):
|
|
self.chars = self.chars + chars
|
|
|
|
|
|
def _create_parser(cb):
|
|
"""Internal function for setting up the SAX parser."""
|
|
|
|
# Create a parser
|
|
parser = xml.sax.make_parser()
|
|
|
|
# Create the handler
|
|
handler = ParseXML(cb)
|
|
|
|
# Tell the parser to use our handler
|
|
parser.setContentHandler(handler)
|
|
|
|
# Don't fetch the DTD, in case it is listed
|
|
parser.setFeature(xml.sax.handler.feature_external_ges, False)
|
|
|
|
return parser
|
|
|
|
def parse_fh(fh, cb):
|
|
"""Parse a PDML file, given filehandle, and call the callback function (cb),
|
|
once for each Packet object."""
|
|
|
|
parser = _create_parser(cb)
|
|
|
|
# Parse the file
|
|
parser.parse(fh)
|
|
|
|
# Close the parser ; this is erroring out, but I'm not sure why.
|
|
#parser.close()
|
|
|
|
def parse_string(text, cb):
|
|
"""Parse the PDML contained in a string."""
|
|
stream = StringIO.StringIO(text)
|
|
parse_fh(stream, cb)
|
|
|
|
def _test():
|
|
import sys
|
|
|
|
def test_cb(obj):
|
|
pass
|
|
|
|
filename = sys.argv[1]
|
|
fh = open(filename, "r")
|
|
parse_fh(fh, test_cb)
|
|
|
|
if __name__ == '__main__':
|
|
_test()
|