1 # Copyright (C) 2013 Nippon Telegraph and Telephone Corporation.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
17 from struct import calcsize
20 class SfTimeval32(object):
24 def __init__(self, tv_sec, tv_usec):
26 self.tv_usec = tv_usec
29 def parser(cls, buf, offset):
30 (tv_sec, tv_usec) = struct.unpack_from(
31 cls._PACK_STR, buf, offset)
33 msg = cls(tv_sec, tv_usec)
39 _PACK_STR = '!IIIIIII'
42 def __init__(self, sig_generator, sig_id, sig_rev, classification,
43 priority, event_id, event_reference, ref_time):
44 self.sig_generator = sig_generator
46 self.sig_rev = sig_rev
47 self.classification = classification
48 self.priority = priority
49 self.event_id = event_id
50 self.event_reference = event_reference
51 self.ref_time = ref_time
54 def parser(cls, buf, offset):
55 (sig_generator, sig_id, sig_rev, classification, priority,
56 event_id, event_reference) = struct.unpack_from(
57 cls._PACK_STR, buf, offset)
58 offset += calcsize(cls._PACK_STR)
60 ref_time = SfTimeval32.parser(buf, offset)
62 msg = cls(sig_generator, sig_id, sig_rev, classification,
63 priority, event_id, event_reference, ref_time)
68 class PcapPktHdr32(object):
72 def __init__(self, ts, caplen, len_):
78 def parser(cls, buf, offset):
79 ts = SfTimeval32.parser(buf, offset)
80 offset += SfTimeval32._SIZE
82 (caplen, len_) = struct.unpack_from(
83 cls._PACK_STR, buf, offset)
85 msg = cls(ts, caplen, len_)
90 class AlertPkt(object):
91 _ALERTMSG_PACK_STR = '!256s'
92 _ALERTPKT_PART_PACK_STR = '!IIIII65535s'
93 _ALERTPKT_SIZE = 65863
95 def __init__(self, alertmsg, pkth, dlthdr, nethdr, transhdr, data,
97 self.alertmsg = alertmsg
101 self.transhdr = transhdr
108 def parser(cls, buf):
109 alertmsg = struct.unpack_from(cls._ALERTMSG_PACK_STR, buf)
110 offset = calcsize(cls._ALERTMSG_PACK_STR)
112 pkth = PcapPktHdr32.parser(buf, offset)
113 offset += PcapPktHdr32._SIZE
115 (dlthdr, nethdr, transhdr, data, val, pkt) = \
116 struct.unpack_from(cls._ALERTPKT_PART_PACK_STR, buf,
118 offset += calcsize(cls._ALERTPKT_PART_PACK_STR)
120 event = Event.parser(buf, offset)
122 msg = cls(alertmsg, pkth, dlthdr, nethdr, transhdr, data, val,