[tor-commits] [ooni-probe/master] Add a pcap parsing function.

[art at torproject.org]

commit b9b80c43e84bd37c95037a7a73dad0c29d74c3fe
Author: George Kadianakis <desnacked at riseup.net>
Date:   Thu Jul 12 18:26:27 2012 +0200

    Add a pcap parsing function.
---
 ooni/protocols/b0wser.py |   61 ++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 61 insertions(+), 0 deletions(-)

diff --git a/ooni/protocols/b0wser.py b/ooni/protocols/b0wser.py
index ae6b002..ed82781 100644
--- a/ooni/protocols/b0wser.py
+++ b/ooni/protocols/b0wser.py
@@ -1,5 +1,66 @@
 from ooni.utils import log
 
+import sys
+from scapy.all import * # XXX recommended way of importing scapy?
+import yaml
+
+def get_b0wser_dictionary_from_pcap(filename):
+    """
+    @param filename: Filesystem path to the pcap.
+
+    Returns:
+      [{"sender": "client", "data": "\x17\x52\x15"}, {"sender": "server", "data": "\x17\x15\x13"}]
+    """
+    packets = rdpcap(filename)
+
+    checking_first_packet = True
+    client_ip_addr = None
+    server_ip_addr = None
+
+    ssl_packets = []
+    messages = []
+
+    """
+    pcap assumptions:
+
+    pcap only contains packets exchanged between a Tor client and a Tor
+    server. (This assumption makes sure that there are only two IP
+    addresses in the pcap file)
+
+    The first packet of the pcap is sent from the client to the server.
+    (This assumption is used to get the IP address of the client.)
+
+    All captured packets are TLS packets: that is TCP session
+    establishment/teardown packets should be filtered out (no SYN/SYN+ACK)
+    """
+
+    """Minimally validate the pcap and also find out what's the client
+    and server IP addresses."""
+    for packet in packets:
+        if checking_first_packet:
+            client_ip_addr = packet[IP].src
+            checking_first_packet = False
+        else:
+            if packet[IP].src != client_ip_addr:
+                server_ip_addr = packet[IP].src
+
+        try:
+            if (packet[Raw]):
+                ssl_packets.append(packet)
+        except IndexError:
+            pass
+
+    """Form our list."""
+    for packet in ssl_packets:
+        if packet[IP].src == client_ip_addr:
+            messages.append({"sender": "client", "data": str(packet[Raw])})
+        elif packet[IP].src == server_ip_addr:
+            messages.append({"sender": "server", "data": str(packet[Raw])})
+        else:
+            raise("Detected third IP address! pcap is corrupted.")
+
+    return yaml.dump(messages)
+
 class Mutator:
     idx = 0
     step = 0