preliminary DNS support, more architecture changes

dns.py

@@ -0,0 +1,10 @@
+class Processor:
+    '''
+    Processes and interprets DNS packets.
+
+    Call its `add` method with each dpkt.dns.DNS from the pcap.
+    '''
+    def __init__(self):
+        self.packets = []
+    def add(self, ts, pkt):
+        self.packets.append((ts, pkt))

main.py

@@ -32,20 +32,16 @@
 
 logging.info("Processing %s", inputfile)
 
-# set up packet dispatcher
-flowbuilder = tcp.FlowBuilder()
-dispatcher = PacketDispatcher(flowbuilder)
-
 # parse pcap file
+dispatcher = PacketDispatcher()
 pcap.ParsePcap(dispatcher, filename=inputfile)
-flowbuilder.finish()
-
-# flowbuilder.flowdict now contains tcp.Flow's
+dispatcher.finish()
+# dispatcher.tcp.flowdict now contains tcp.Flow's
 
 # generate HTTP Flows
 httpflows = []
 flow_count = 0
-for f in flowbuilder.flowdict.itervalues():
+for f in dispatcher.tcp.flowdict.itervalues():
     try:
         httpflows.append(http.Flow(f))
         flow_count += 1

packetdispatcher.py

@@ -1,22 +1,22 @@
-'''
-
-'''
-
 import dpkt
-import tcp as tcpmodule
+import tcp
+import udp
 
 class PacketDispatcher:
     '''
     takes a series of dpkt.Packet's and calls callbacks based on their type
 
     For each packet added, picks it apart into its transport-layer packet type
-    and --calls a registered callback, which usually just adds it to a handler
-    for that type--.
+    and adds it to an appropriate handler object. Automatically creates handler
+    objects for now.
 
-    Actually, for now it's just going to add it to a tcp.FlowBuilder
+    Members:
+    flowbuilder = tcp.FlowBuilder
+    udp = udp.Processor
     '''
-    def __init__(self, flowbuilder):
-        self.tcpflowbuilder= flowbuilder
+    def __init__(self):
+        self.tcp = tcp.FlowBuilder()
+        self.udp = udp.Processor()
     def add(self, ts, buf, eth):
         '''
         ts = dpkt timestamp
@@ -29,11 +29,11 @@ def add(self, ts, buf, eth):
             ip = eth.data
             # if it's TCP
             if isinstance(ip.data, dpkt.tcp.TCP):
-                tcp = ip.data
-                tcppkt = tcpmodule.Packet(ts, buf, eth, ip, tcp)
-                self.tcpflowbuilder.add(tcppkt)
-        # if it's UDP...
-        elif isinstance(eth.data, dpkt.udp.UDP):
-            #TODO: handle UDP packets
-            pass
-
+                tcppkt = tcp.Packet(ts, buf, eth, ip, ip.data)
+                self.tcp.add(tcppkt)
+            # if it's UDP...
+            elif isinstance(ip.data, dpkt.udp.UDP):
+                self.udp.add(ts, ip.data)
+    def finish(self):
+        #This is a hack, until tcp.Flow no longer has to be `finish()`ed
+        self.tcp.finish()

pcap2har.psproj

@@ -69,50 +69,58 @@ FileName=$[Project-Path]BeautifulSoup.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node3]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]dpkt_http_replacement.py
+FileName=$[Project-Path]dns.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node4]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]har.py
+FileName=$[Project-Path]dpkt_http_replacement.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node5]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]httpsession.py
+FileName=$[Project-Path]har.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node6]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]main.py
+FileName=$[Project-Path]httpsession.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node7]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]mediatype.py
+FileName=$[Project-Path]main.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node8]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]orderedset.py
+FileName=$[Project-Path]mediatype.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node9]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]pcap.py
+FileName=$[Project-Path]orderedset.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node10]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]pcaputil.py
+FileName=$[Project-Path]packetdispatcher.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node11]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]sortedcollection.py
+FileName=$[Project-Path]pcap.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node12]
 ClassName=TProjectFileNode
-FileName=$[Project-Path]tcpseq.py
+FileName=$[Project-Path]pcaputil.py
 
 [Project\ChildNodes\Node0\ChildNodes\Node13]
 ClassName=TProjectFileNode
+FileName=$[Project-Path]sortedcollection.py
+
+[Project\ChildNodes\Node0\ChildNodes\Node14]
+ClassName=TProjectFileNode
+FileName=$[Project-Path]tcpseq.py
+
+[Project\ChildNodes\Node0\ChildNodes\Node15]
+ClassName=TProjectFileNode
 FileName=$[Project-Path]test.py
 
 [Project\ChildNodes\Node0\ChildNodes]
-Count=14
+Count=16
 
 [Project\ChildNodes\Node1]
 ClassName=TProjectRunConfiguationsNode
@@ -126,7 +134,7 @@ ScriptName=main.py
 Description=Current main test program
 EngineType=peRemote
 ReinitializeBeforeRun=TRUE
-Parameters=fhs_ncomp.pcap output.har
+Parameters=../pcap2har/dns_requests.pcap output.har
 WorkingDir=$[ActiveScript-Dir]
 WriteOutputToFile=FALSE
 OutputFileName=$[ActiveScript-NoExt].log

udp.py

@@ -0,0 +1,29 @@
+import dns
+import dpkt
+import logging as log
+
+class Processor:
+    '''
+    Processes and interprets UDP packets.
+
+    Call its add(pkt) method with each dpkt.udp.UDP packet from the pcap or
+    whatever. It will expose information from the packets, at this point mostly
+    DNS information. It will automatically create a dns processor and expose it
+    as its `dns` member variable.
+
+    This class is basically a nonce, if I may borrow the term, for the sake of
+    architectural elegance. But I think it's begging for trouble to combine it
+    with DNS handling.
+    '''
+    def __init__(self):
+        self.dns = dns.Processor()
+    def add(self, ts, pkt):
+        '''
+        pkt = dpkt.udp.UDP
+        '''
+        #check for DNS
+        if pkt.sport == 53 or pkt.dport == 53:
+            dnspkt = dpkt.dns.DNS()
+            self.dns.add(ts, dnspkt)
+        else:
+            log.warning('unkown UDP ports: %d->%d' % (pkt.sport, pkt.dport))