Implement recv_raw in Pcap readers

- Allow the recv() function to accept an argument from a previously received recv_raw()
- Remove duplicated code from pcapdnet.py

Author: gpotter2

scapy/arch/linux.py

@@ -467,8 +467,8 @@ def recv_raw(self, x=MTU):
         ts = get_last_packet_timestamp(self.ins)
         return cls, pkt, ts
 
-    def recv(self, x=MTU):
-        pkt = SuperSocket.recv(self, x)
+    def recv(self, **kwargs):
+        pkt = SuperSocket.recv(self, **kwargs)
         if pkt and self.lvl == 2:
             pkt = pkt.payload
         return pkt
@@ -613,14 +613,18 @@ def recv_raw(self, x=MTU):
                     cls.name)
 
         ts = get_last_packet_timestamp(self.ins)
-        # direction = sa_ll[2]
-        return cls, pkt, ts  # , direction
-
-    def recv(self, x=MTU):
-        # cls, pkt, ts, direction = self.recv_raw()
-        # [Dissection stuff]
-        pkt = SuperSocket.recv(self, x)
-        # pkt.direction = direction
+        direction = sa_ll[2]
+        return cls, pkt, ts, direction
+
+    def recv(self, x=MTU, raw_data=None):
+        if raw_data is None:
+            raw_data = self.recv_raw(x)
+            if raw_data is None:
+                return None
+        cls, pkt, ts, direction = raw_data
+        pkt = SuperSocket.recv(self, x=x, raw_data=(cls, pkt, ts))
+        if pkt is not None:
+            pkt.direction = direction
         return pkt
 
     def send(self, x):

scapy/arch/pcapdnet.py

@@ -42,19 +42,57 @@ class PcapTimeoutElapsed(Scapy_Exception):
 
 
 class _L2pcapdnetSocket(SuperSocket, SelectableObject):
-    def check_recv(self):
-        return True
-
-    def recv_raw(self, x=MTU):
-        """Receives a packet, then returns a tuple containing (cls, pkt_data, time)"""  # noqa: E501
+    def __init__(self, promisc=None, iface=None):
+        self.type = type
+        self.outs = None
+        if iface is None:
+            iface = conf.iface
+        self.iface = iface
+        if promisc is None:
+            promisc = conf.sniff_promisc
+        self.promisc = promisc
+
+    def _process_loaded_streams(self, type, filter, nofilter):
+        """This is an internal function, used while initializing pcap
+        sockets"""
+        # Guess cls
         ll = self.ins.datalink()
         if ll in conf.l2types:
-            cls = conf.l2types[ll]
+            self.cls = conf.l2types[ll]
         else:
-            cls = conf.default_l2
+            self.cls = conf.default_l2
             warning("Unable to guess datalink type (interface=%s linktype=%i). Using %s",  # noqa: E501
                     self.iface, ll, cls.name)
+        # Enable immediate mode: reads return immediately upon packet reception
+        try:
+            ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1))
+        except:
+            pass
+        # Apply init filter & rules
+        if nofilter:
+            if type != ETH_P_ALL:  # PF_PACKET stuff. Need to emulate this for pcap  # noqa: E501
+                filter = "ether proto %i" % type
+            else:
+                filter = None
+        else:
+            if conf.except_filter:
+                if filter:
+                    filter = "(%s) and not (%s)" % (filter, conf.except_filter)  # noqa: E501
+                else:
+                    filter = "not (%s)" % conf.except_filter
+            if type != ETH_P_ALL:  # PF_PACKET stuff. Need to emulate this for pcap  # noqa: E501
+                if filter:
+                    filter = "(ether proto %i) and (%s)" % (type, filter)
+                else:
+                    filter = "ether proto %i" % type
+        if filter:
+            self.ins.setfilter(filter)
+
+    def check_recv(self):
+        return True
 
+    def recv_raw(self, x=MTU):
+        """Receives a packet, then returns a tuple containing (cls, pkt_data, time)"""  # noqa: E501
         pkt = None
         while pkt is None:
             pkt = self.ins.next()
@@ -64,7 +102,7 @@ def recv_raw(self, x=MTU):
                 raise PcapTimeoutElapsed  # To understand this behavior, have a look at L2pcapListenSocket's note  # noqa: E501
             if pkt is None:
                 return None, None, None
-        return cls, pkt, ts
+        return self.cls, pkt, ts
 
     def nonblock_recv(self):
         """Receives and dissect a packet in non-blocking mode.
@@ -397,37 +435,22 @@ def __del__(self):
     class L2pcapListenSocket(_L2pcapdnetSocket):
         desc = "read packets at layer 2 using libpcap"
 
-        def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monitor=None):  # noqa: E501
-            self.type = type
-            self.outs = None
-            self.iface = iface
-            if iface is None:
-                iface = conf.iface
-            if promisc is None:
-                promisc = conf.sniff_promisc
-            self.promisc = promisc
+        def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0,  # noqa: E501
+                     monitor=None):  # noqa: E501
+            _L2pcapdnetSocket.__init__(self, promisc=promisc, iface=iface)
             # Note: Timeout with Winpcap/Npcap
             #   The 4th argument of open_pcap corresponds to timeout. In an ideal world, we would  # noqa: E501
             # set it to 0 ==> blocking pcap_next_ex.
             #   However, the way it is handled is very poor, and result in a jerky packet stream.  # noqa: E501
             # To fix this, we set 100 and the implementation under windows is slightly different, as  # noqa: E501
             # everything is always received as non-blocking
-            self.ins = open_pcap(iface, MTU, self.promisc, 100, monitor=monitor)  # noqa: E501
-            try:
-                ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1))
-            except:
-                pass
-            if type == ETH_P_ALL:  # Do not apply any filter if Ethernet type is given  # noqa: E501
-                if conf.except_filter:
-                    if filter:
-                        filter = "(%s) and not (%s)" % (filter, conf.except_filter)  # noqa: E501
-                    else:
-                        filter = "not (%s)" % conf.except_filter
-                if filter:
-                    self.ins.setfilter(filter)
+            self.ins = open_pcap(self.iface, MTU, self.promisc, 100, monitor=monitor)  # noqa: E501
+            # Post init routine
+            self._process_loaded_streams(type, filter, nofilter)
 
         def close(self):
             self.ins.close()
+            self.closed = True
 
         def send(self, x):
             raise Scapy_Exception("Can't send anything with L2pcapListenSocket")  # noqa: E501
@@ -439,40 +462,16 @@ class L2pcapSocket(_L2pcapdnetSocket):
 
         def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0,  # noqa: E501
                      monitor=None):
-            if iface is None:
-                iface = conf.iface
-            self.iface = iface
-            if promisc is None:
-                promisc = 0
-            self.promisc = promisc
+            _L2pcapdnetSocket.__init__(self, promisc=promisc, iface=iface)
             # See L2pcapListenSocket for infos about this line
-            self.ins = open_pcap(iface, MTU, self.promisc, 100, monitor=monitor)  # noqa: E501
+            self.ins = open_pcap(self.iface, MTU, self.promisc, 100, monitor=monitor)  # noqa: E501
             # We need to have a different interface open because of an
             # access violation in Npcap that occurs in multi-threading
             # (see https://github.com/nmap/nmap/issues/982)
-            self.outs = open_pcap(iface, MTU, self.promisc, 100)
-            try:
-                ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1))
-            except:
-                pass
-            if nofilter:
-                if type != ETH_P_ALL:  # PF_PACKET stuff. Need to emulate this for pcap  # noqa: E501
-                    filter = "ether proto %i" % type
-                else:
-                    filter = None
-            else:
-                if conf.except_filter:
-                    if filter:
-                        filter = "(%s) and not (%s)" % (filter, conf.except_filter)  # noqa: E501
-                    else:
-                        filter = "not (%s)" % conf.except_filter
-                if type != ETH_P_ALL:  # PF_PACKET stuff. Need to emulate this for pcap  # noqa: E501
-                    if filter:
-                        filter = "(ether proto %i) and (%s)" % (type, filter)
-                    else:
-                        filter = "ether proto %i" % type
-            if filter:
-                self.ins.setfilter(filter)
+            self.outs = open_pcap(self.iface, MTU, self.promisc, 100, monitor=monitor)
+            # Post init routine
+            self._process_loaded_streams(type, filter, nofilter)
+
 
         def send(self, x):
             sx = raw(x)
@@ -493,8 +492,8 @@ class L3pcapSocket(L2pcapSocket):
         # def __init__(self, iface = None, type = ETH_P_ALL, filter=None, nofilter=0):  # noqa: E501
         #    L2pcapSocket.__init__(self, iface, type, filter, nofilter)
 
-        def recv(self, x=MTU):
-            r = L2pcapSocket.recv(self, x)
+        def recv(self, **kwargs):
+            r = L2pcapSocket.recv(self, **kwargs)
             if r:
                 return r.payload
             else:

scapy/sendrecv.py

@@ -103,7 +103,7 @@ def _sndrcv_rcv(pks, hsent, stopevent, nbrecv, notans, verbose, chainCC,
         def _get_pkt():
             from scapy.arch.pcapdnet import PcapTimeoutElapsed
             try:
-                return pks.recv(MTU)
+                return pks.recv(x=MTU)
             except PcapTimeoutElapsed:
                 return None
     elif conf.use_bpf:
@@ -927,7 +927,7 @@ class _InteruptSniff(Scapy_Exception):
         """Used to interupt sniffing in multi-threading mode"""
         pass
 
-    def _process_pkt(p, sniff_sockets, c):
+    def _process_pkt(p, sniff_sockets, c, dissector=None):
         """Function to process a recieved packet"""
         if p is None:
             try:
@@ -961,19 +961,14 @@ def _async_process(q, stopevent):
         try:
             while not stopevent.is_set():
                 try:
-                    pkt_a, sniff_sockets = q.get_nowait()
+                    pkt_a, dissector, sniff_sockets = q.get_nowait()
                 except queue.Empty:
                     continue
-                cls, val, ts = pkt_a
                 try:
-                    pkt = cls(val)
+                    pkt = dissector(raw_data=pkt_a)
                 except Exception:
-                    if conf.debug_dissector:
-                        log_runtime.error(exc_info=True)
-                        stopevent.set()
-                        break
-                    pkt = conf.raw_layer(val)
-                pkt.time = ts
+                    log_runtime.error(exc_info=True)
+                    stopevent.set()
                 try:
                     c = _process_pkt(pkt, sniff_sockets, c)
                 except _InteruptSniff:
@@ -989,8 +984,8 @@ def _async_process(q, stopevent):
         q = queue.Queue()
         se = threading.Event()
 
-        def _append_pkt(p, sniff_sockets, c=None, q=q):
-            q.put((p, sniff_sockets))
+        def _append_pkt(p, sniff_sockets, c=None, q=q, dissector=None):
+            q.put((p, dissector, sniff_sockets))
             if se.is_set():
                 raise _InteruptSniff
         _action_pkt = _append_pkt
@@ -1017,7 +1012,7 @@ def _append_pkt(p, sniff_sockets, c=None, q=q):
                     p = _read_next(s)
                 except read_allowed_exceptions:
                     continue
-                c = _action_pkt(p, sniff_sockets, c)
+                c = _action_pkt(p, sniff_sockets, c, dissector=s.recv)
     except KeyboardInterrupt:
         pass
     except _InteruptSniff:

scapy/supersocket.py

@@ -47,8 +47,15 @@ def send(self, x):
             x.sent_time = time.time()
         return self.outs.send(sx)
 
-    def recv(self, x=MTU):
-        cls, val, ts = self.recv_raw(x)
+    def recv(self, x=MTU, raw_data=None):
+        """Receive a packet, and process it.
+
+        params:
+         - x: maximum packet size (default: MTU)
+         - raw_data: data received from .recv_raw() (default: None)
+                     if None, will be automatically fetched.
+        """
+        cls, val, ts = raw_data if raw_data is not None else self.recv_raw(x)
         if not val or not cls:
             return
         try: