我有代码可以接收 pcap 包作为
bytes
。
我解码 IP 和 UDP 层,然后解码(“UMS”)内的专有应用程序层。
我想在继续之前检查 IP 标头校验和和 UDP 校验和。 如何做到这一点?
这是我当前的代码:
import io
import socket
from typing import Iterator
from dpkt import pcap, ip, udp
class DecodePcap:
"""
Receives a pcap file as bytes to decode it with dpkt.
"""
def __init__(self, pcap_bytes: bytes) -> None:
self.pcap = pcap.Reader(io.BytesIO(pcap_bytes))
"""
the reader is a iterator of tuples (timestamp, buf) where timestamp is a float and buf is a bytes object.
"""
def get_ums_packet_iterator(self) -> Iterator['UmsPacket']:
"""
Returns a iterator of UmsPacket.
"""
return map(UmsPacket, self.pcap)
class UmsPacket:
"""
Data class to hold the fields of a packet from pcap.
"""
def __init__(self, ums_tuple: tuple) -> None:
self.timestamp: float = ums_tuple[0]
ip_packet: ip.IP = ip.IP(ums_tuple[1])
udp_packet: udp.UDP = ip_packet.data
self.src_ip: str = socket.inet_ntoa(ip_packet.src)
self.dst_ip: str = socket.inet_ntoa(ip_packet.dst)
self.src_port: int = udp_packet.sport
self.dst_port: int = udp_packet.dport
self.data: bytes = udp_packet.data
# check ip header checksum
#?? assert ip_packet.sum
# check udp checksum
#?? assert udp_packet.sum
# 6th byte is the ICD version
self.icd: int = self.data[6]
我不想做的事:手动计算校验和。我想要一个 pcap 特定的解决方案。
您可以使用
dpkt
检查 IP 校验和:
ip_for_sum = copy.copy(ip_packet)
ip_for_sum.sum = 0
recomputed_checksum = dpkt.in_cksum(ip_for_sum.pack_hdr() + bytes(ip_for_sum.opts)
assert(ip_packet.sum == recom)
scapy
库检查UDP校验和:
from scapy.layers.inet import in4_chksum, IP
udp_for_sum = copy(udp_packet)
udp_for_sum.sum = 0
recomputed_checksum = in4_chksum(socket.IPPROTO_UDP, scapy.layers.inet.IP(bytes(ip_packet)), bytes(udp_packet))
assert(udp_packet.sum == recomputed_checksum)