profi_dcp.l2socket package

Submodules

profi_dcp.l2socket.l2socket module

Copyright (c) 2024 Elias Rosch, Esslingen. Copyright (c) 2021 Codewerk GmbH, Karlsruhe. All Rights Reserved.

class profi_dcp.l2socket.l2socket.L2PcapSocket(ip, bpf_filter=None, **kwargs)

Bases: object

An L2 socket based on a wrapper around the Pcap (WinPcap/Npcap) DLL.

Open a socket on the network interface with the given IP and using the given BPF filter. :param ip: The IP address to open the socket on. :type ip: string :param bpf_filter: The BPF filter used to filter incoming packets directly within pcap (offers better performance than receiving all packets and only filtering in python). :type bpf_filter: string

recv()

Receive the next packet from pcap. :return: The next raw packet (or None if no packet has been received e.g. due to a timeout). :rtype: Optional(bytes)

send(data)

Send the given data as raw packet via pcap. :param data: The data to send. :type data: Any, will be converted to bytes

close()

Close the connection.

class profi_dcp.l2socket.l2socket.L2LinuxSocket(interface, recv_timeout=1, protocol=None, **kwargs)

Bases: object

An L2 socket using a raw socket from python’s socket module.

Open a socket on the given network interface. :param interface: The network interface to open the socket on. :type interface: string :param recv_timeout: The timeout in seconds for blocking operations (most notably recv), passed to socket.settimeout(). Default is 1. :type recv_timeout: Optional[float] :param protocol: The ethernet protocol number, only packets of that protocol will be received. If not specified ETH_P_ALL is used, receiving all ethernet packets. :type protocol: int

MTU = 65535

ETH_P_ALL = 3

recv()

Receive the next packet from the socket. :return: The next raw packet (or None if no packet has been received e.g. due to a timeout). :rtype: Optional(bytes)

send(data)

Send the given data as raw packet via pcap. :param data: The data to send. :type data: Any, will be converted to bytes

close()

Close the connection.

profi_dcp.l2socket.pcap_wrapper module

Copyright (c) 2024 Elias Rosch, Esslingen. Copyright (c) 2021 Codewerk GmbH, Karlsruhe. All Rights Reserved.

class profi_dcp.l2socket.pcap_wrapper.IPv4Address(port, ip_address)

Bases: tuple

Create new instance of IPv4Address(port, ip_address)

ip_address

Alias for field number 1

port

Alias for field number 0

class profi_dcp.l2socket.pcap_wrapper.IPv6Address(port, flow_info, ip_address, scope_id)

Bases: tuple

Create new instance of IPv6Address(port, flow_info, ip_address, scope_id)

flow_info

Alias for field number 1

ip_address

Alias for field number 2

port

Alias for field number 0

scope_id

Alias for field number 3

class profi_dcp.l2socket.pcap_wrapper.SocketAddress(socket_address_p)

Bases: object

A python class corresponding to the sockaddr objects used by pcap. Describes the address of a socket, which consists of an address family (AF_INET for IPv4 or AF_INET6 für IPv6) and an address (either IPv4Address or IPv6Address depending on the family).

Create new SocketAddress by parsing a given sockaddr object. :param socket_address_p: Pointer to the sockaddr to parse. :type socket_address_p: Pointer(sockaddr)

class profi_dcp.l2socket.pcap_wrapper.PcapAddress(pcap_addr)

Bases: object

A python class corresponding to the pcap_addr objects used by pcap. Consists of a (mandatory) address and optionally, a netmask, broadcast address and destination address. All addresses are represented as SocketAddress.

Create new PcapAddress by parsing a given pcap_addr object. :param pcap_addr: Pointer to the pcap_addr to parse. :type pcap_addr: POINTER(pcap_addr)

class profi_dcp.l2socket.pcap_wrapper.PcapDevice(pcap_if_p)

Bases: object

A python class corresponding to the pcap_if objects used by pcap to describe network devices. A device consists of a name, an optional description, a list of addresses (of type PcapAddress), and some flags.

Create new PcapDevice by parsing a given pcap_if object. :param pcap_if_p: Pointer to the pcap_if object to parse. :type pcap_if_p: POINTER(pcap_if)

class profi_dcp.l2socket.pcap_wrapper.PcapWrapper

Bases: object

A wrapper to WinPcap/Npcap with all necessary functions to simulate an L2-Socket on Windows.

Create a new pcap wrapper object and load the underlying DLL

open(device_name, timeout_ms=100)

Open a pcap capture for the given network device. :param device_name: The name of the network device, use e.g. get_device_name_from_ip or get_all_devices to find the correct name. :type device_name: string :param timeout_ms: The read timeout in milliseconds (use 0 for no timeout). Default is 100ms. :type timeout_ms: Optional(int)

get_device_name_from_ip(ip)

Determine the device name expected by pcap for the device with the given ip. :param ip: The ip to search for (both IPv4 and IPv6 are possible) :type ip: string :return: The device name or None if no such devices was found. :rtype: Optional(string)

get_all_devices()

Get a list of all network devices that can be opened by pcap_open_live (e.g. with the PcapWrapper constructor). :return: The list of all network devices found by pcap (might be empty). In case of an error, None is returned. :rtype: Optional(List(PcapDevice))

get_next_packet()

Receive the next packet with Pcap. :return: The received packet, None in cases of an error or timeout. :rtype: Optional(bytes)

set_bpf_filter(bpf_filter)

Set a BPF filter to filter the packets received by pcap. :param bpf_filter: A BPF filter expression. :type bpf_filter: string :return: Whether the filter was set successfully. :rtype: boolean

send(packet)

Send a given packet with Pcap. :param packet: The raw packet. :type packet: bytes :return: Whether the packet was send successfully. :rtype: boolean

close()

Close this pcap capture.

profi_dcp.l2socket.winpcap module

Copyright (c) 2024 Elias Rosch, Esslingen. Copyright (c) 2021 Codewerk GmbH, Karlsruhe. All Rights Reserved.

class profi_dcp.l2socket.winpcap.bpf_insn

Bases: Structure

code

Structure/Union member

jf

Structure/Union member

jt

Structure/Union member

k

Structure/Union member

class profi_dcp.l2socket.winpcap.bpf_program

Bases: Structure

bf_insns

Structure/Union member

bf_len

Structure/Union member

class profi_dcp.l2socket.winpcap.timeval

Bases: Structure

tv_sec

Structure/Union member

tv_usec

Structure/Union member

class profi_dcp.l2socket.winpcap.pcap_pkthdr

Bases: Structure

caplen

Structure/Union member

len

Structure/Union member

ts

Structure/Union member

class profi_dcp.l2socket.winpcap.sockaddr

Bases: Structure

sa_data

Structure/Union member

sa_family

Structure/Union member

class profi_dcp.l2socket.winpcap.sockaddr_in

Bases: Structure

sin_addr

Structure/Union member

sin_family

Structure/Union member

sin_port

Structure/Union member

class profi_dcp.l2socket.winpcap.sockaddr_in6

Bases: Structure

sin6_addr

Structure/Union member

sin6_family

Structure/Union member

sin6_flowinfo

Structure/Union member

sin6_port

Structure/Union member

sin6_scope_id

Structure/Union member

class profi_dcp.l2socket.winpcap.pcap_addr

Bases: Structure

addr

Structure/Union member

broadaddr

Structure/Union member

dstaddr

Structure/Union member

netmask

Structure/Union member

next

Structure/Union member

class profi_dcp.l2socket.winpcap.pcap_if

Bases: Structure

addresses

Structure/Union member

description

Structure/Union member

flags

Structure/Union member

name

Structure/Union member

next

Structure/Union member

profi_dcp.l2socket.winpcap.load_dll(library_name)

class profi_dcp.l2socket.winpcap.WinPcap

Bases: object

Wrapper class for (a subset of) pcap. See e.g. https://www.winpcap.org/docs/docs_412/html/main.html for a more detailed documentation of the underlying functionality.

Create a new WinPcap object, load the WinPcap or Npcap DLL and export the necessary functions

pcap_open_live(device, to_ms, snaplen=65535, promisc=0)

Create a pcap object and start capturing. :param device: The network device to open. :type device: string :param to_ms: The read timeout in milliseconds (not supported by all platforms). A timeout of 0 corresponds (on supporting platforms) to no timeout, i.e. a read waits until enough packets have arrived. :type to_ms: int :param snaplen: The maximum number of bytes to capture. If a packet is longer than the snaplen, all bytes beyond the snaplen are discarded. :type snaplen: int :param promisc: Whether the interface should be put into promiscuous mode. Note: the interface may already be in promiscuous mode independent of this flag. :type promisc: int :return: To opened pcap object. :rtype: POINTER(pcap_t)

pcap_close(p)

Closes a given pcap object, closing all associated files and deallocating resources. :param p: The pcap object to close. :type p: POINTER(pcap_t)

pcap_setmintocopy(p, size)

Set minimum amount of data received in a single system call (unless the timeout expires). :param p: The pcap object. :type p: POINTER(pcap_t) :param size: The minimum amount of data. :type size: int :return: 0 on success, -1 on failure. :rtype: int

pcap_next_ex(p, pkt_header, pkt_data)

Read the next available packet from a given interface. :param p: The pcap object to read from. :type p: POINTER(pcap_t) :param pkt_header: The header of the captured packet. Filled by pcap_next_ex, only value if return value is 0. :type pkt_header: POINTER(pcap_pkthdr) :param pkt_data: The data of the captured packet. Filled by pcap_next_ex, only value if return value is 0. :type pkt_data: POINTER(ctypes.c_ubyte) :return: 1 on success, 0 on timeout, -1 on error, -2 on EOF (offline capture only) :rtype: int

pcap_sendpacket(p, buf, size=None)

Send a raw packet to the network. :param p: The pcap object used to send the packet. :type p: POINTER(pcap_t) :param buf: The data of the packet to send. :type buf: c_void_p :param size: The size of the packet to send (i.e. the size of buf). :type size: int :return: -1 on failure, 0 on success. :rtype: int

pcap_compile(p, fp, filter_string, optimize=0, netmask=-1)

Compile he given packet filter into a bpf filter program. :param p: The pcap object. :type p: POINTER(pcap_t) :param fp: A reference to the bpf filter program, filled in by pcap_compile() :type fp: bpf_program :param filter_string: The filter expression to compile. :type filter_string: string :param optimize: Whether the resulting filter program should be optimized. :type optimize: int :param netmask: Only used to check for IPv4 broadcast addresses in the filter program. See official Pcap documentation for more information. :type netmask: uint32 :return: -1 on error (0 on success?) :rtype: int

pcap_setfilter(p, fp)

Apply a bpf filter to the given capture. :param p: The pcap object to apply the filter to. :type p: POINTER(pcap_t) :param fp: The bpf filter program to apply. :type fp: bpf_program :return: -1 on failure, 0 on success. :rtype: int

pcap_findalldevs(alldevsp)

Finds all network devices that can be opened with pcap_open_live and returns them as list of pcap_if objects. :param alldevsp: Use to return a pointer to the first device found. :type alldevsp: POINTER(POINTER(pcap_if)) :return: Return value of findalldevs (0 on success, -1 on failure) and the error message in case of an error. :rtype: Tuple(int, Optional(string))

Module contents

Copyright (c) 2024 Elias Rosch, Esslingen. Copyright (c) 2021 Codewerk GmbH, Karlsruhe. All Rights Reserved.