X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=resources%2Flibraries%2Fpython%2FIPFIXUtil.py;fp=resources%2Flibraries%2Fpython%2FIPFIXUtil.py;h=0000000000000000000000000000000000000000;hb=ac8b7ce3b05805a978b8186440e62dcd0d9023c3;hp=1b193f8325a750c5cd0d6fe71fdc7c83848cc953;hpb=e87a07f056891f328b22e97f03f4c3ca5231d681;p=csit.git diff --git a/resources/libraries/python/IPFIXUtil.py b/resources/libraries/python/IPFIXUtil.py deleted file mode 100644 index 1b193f8325..0000000000 --- a/resources/libraries/python/IPFIXUtil.py +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright (c) 2016 Cisco and/or its affiliates. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""IPFIX utilities library. Provides classes that allow scapy to work -with IPFIX packets. - - Note: - Template and data sets in one packet are not supported. - Option template sets (Set_ID = 3) are not supported. - """ - - -from scapy.all import Packet, bind_layers -from scapy.fields import ByteField, ShortField, IntField, LongField, IPField,\ - StrFixedLenField, FieldListField -from scapy.layers.inet import UDP -from scapy.layers.inet6 import IP6Field -from scapy.contrib.ppi_geotag import UTCTimeField - - -class IPFIXHandler(object): - """Class for handling IPFIX packets. To use, create instance of class before - dissecting IPFIX packets with scapy, then run update_template every time - an IPFIX template packet is received.""" - - template_elements = { - 4: ByteField("Protocol_ID", 0x00), - 7: ShortField("src_port", 0), - 8: IPField("IPv4_src", ""), - 11: ShortField("dst_port", 0), - 12: IPField("IPv4_dst", ""), - 27: IP6Field("IPv6_src", "::"), - 28: IP6Field("IPv6_dst", "::"), - 86: LongField("packetTotalCount", 0), - 180: ShortField("udp_src_port", 0), - 181: ShortField("udp_dst_port", 0), - 182: ShortField("tcp_src_port", 0), - 183: ShortField("tcp_dst_port", 0), - 193: ByteField("Next_header", 0x00) - } - - def __init__(self): - """Initializer, registers IPFIX header and template layers with scapy. - """ - bind_layers(UDP, IPFIXHeader, dport=4739) - bind_layers(IPFIXHeader, IPFIXTemplate, Set_ID=2) - - def update_template(self, packet): - """Updates IPFIXData class with new data template. Registers IPFIX data - layer with scapy using the new template. - - :param packet: Packet containing an IPFIX template. - :type packet: scapy.Ether - """ - template_list = packet['IPFIX template'].Template - template_id = packet['IPFIX template'].Template_ID - - IPFIXData.fields_desc = [] - for item in template_list[::2]: - try: - IPFIXData.fields_desc.append(self.template_elements[item]) - except KeyError: - raise KeyError( - "Unknown IPFIX template element with ID {0}".format(item)) - bind_layers(IPFIXHeader, IPFIXData, Set_ID=template_id) - # if the packet doesn't end here, assume it contains more data sets - bind_layers(IPFIXData, IPFIXData) - - -class IPFIXHeader(Packet): - """Class for IPFIX header.""" - name = "IPFIX header" - fields_desc = [StrFixedLenField("Version", 0x000a, length=2), - ShortField("Message Length", 0), - UTCTimeField("Timestamp(UTC)", ""), - IntField("Sequence Number", 0), - IntField("Observation Domain ID", 0), - ShortField("Set_ID", 0), - ShortField("Set_Length", 0) - ] - - -class IPFIXTemplate(Packet): - """Class for IPFIX template layer.""" - name = "IPFIX template" - fields_desc = [ShortField("Template_ID", 256), - ShortField("nFields", 2), - FieldListField("Template", [], ShortField("type_len", ""), - count_from=lambda p: p.nFields*2) - ] - - -class IPFIXData(Packet): - """Class for IPFIX data layer. Needs to be updated with - a template before use.""" - name = "IPFIX flow data" - fields_desc = []