nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | #!/usr/bin/env python |
| 2 | """ |
||
| 3 | Converts netscreen snoop hex-dumps to a hex-dump that text2pcap can read. |
||
| 4 | |||
| 5 | Copyright (c) 2004 by Gilbert Ramirez <gram@alumni.rice.edu> |
||
| 6 | |||
| 7 | This program is free software; you can redistribute it and/or |
||
| 8 | modify it under the terms of the GNU General Public License |
||
| 9 | as published by the Free Software Foundation; either version 2 |
||
| 10 | of the License, or (at your option) any later version. |
||
| 11 | |||
| 12 | This program is distributed in the hope that it will be useful, |
||
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
| 15 | GNU General Public License for more details. |
||
| 16 | |||
| 17 | You should have received a copy of the GNU General Public License |
||
| 18 | along with this program; if not, write to the Free Software |
||
| 19 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
| 20 | """ |
||
| 21 | |||
| 22 | import sys |
||
| 23 | import re |
||
| 24 | import os |
||
| 25 | import stat |
||
| 26 | import time |
||
| 27 | |||
| 28 | class OutputFile: |
||
| 29 | TIMER_MAX = 99999.9 |
||
| 30 | |||
| 31 | def __init__(self, name, base_time): |
||
| 32 | try: |
||
| 33 | self.fh = open(name, "w") |
||
| 34 | except IOError, err: |
||
| 35 | sys.exit(err) |
||
| 36 | |||
| 37 | self.base_time = base_time |
||
| 38 | self.prev_timestamp = 0.0 |
||
| 39 | |||
| 40 | def PrintPacket(self, timestamp, datalines): |
||
| 41 | # What do to with the timestamp? I need more data about what |
||
| 42 | # the netscreen timestamp is, then I can generate one for the text file. |
||
| 43 | # print "TS:", timestamp.group("time") |
||
| 44 | try: |
||
| 45 | timestamp = float(timestamp.group("time")) |
||
| 46 | except ValueError: |
||
| 47 | sys.exit("Unable to convert '%s' to floating point." % \ |
||
| 48 | (timestamp,)) |
||
| 49 | |||
| 50 | # Did we wrap around the timeer max? |
||
| 51 | if timestamp < self.prev_timestamp: |
||
| 52 | self.base_time += self.TIMER_MAX |
||
| 53 | |||
| 54 | self.prev_timestamp = timestamp |
||
| 55 | |||
| 56 | packet_timestamp = self.base_time + timestamp |
||
| 57 | |||
| 58 | # Determine the time string to print |
||
| 59 | gmtime = time.gmtime(packet_timestamp) |
||
| 60 | subsecs = packet_timestamp - int(packet_timestamp) |
||
| 61 | assert subsecs <= 0 |
||
| 62 | subsecs = int(subsecs * 10) |
||
| 63 | |||
| 64 | print >> self.fh, "%s.%d" % (time.strftime("%Y-%m-%d %H:%M:%S", gmtime), \ |
||
| 65 | subsecs) |
||
| 66 | |||
| 67 | # Print the packet data |
||
| 68 | offset = 0 |
||
| 69 | for lineno, hexgroup in datalines: |
||
| 70 | hexline = hexgroup.group("hex") |
||
| 71 | hexpairs = hexline.split() |
||
| 72 | print >> self.fh, "%08x %s" % (offset, hexline) |
||
| 73 | offset += len(hexpairs) |
||
| 74 | |||
| 75 | # Blank line |
||
| 76 | print >> self.fh |
||
| 77 | |||
| 78 | # Find a timestamp line |
||
| 79 | re_timestamp = re.compile(r"^(?P<time>\d+\.\d): [\w/]+\((?P<io>.)\)(:| len=)") |
||
| 80 | |||
| 81 | # Find a hex dump line |
||
| 82 | re_hex_line = re.compile(r"(?P<hex>([0-9a-f]{2} ){1,16})\s+(?P<ascii>.){1,16}") |
||
| 83 | |||
| 84 | def run(input_filename, output_filename): |
||
| 85 | try: |
||
| 86 | ifh = open(input_filename, "r") |
||
| 87 | except IOError, err: |
||
| 88 | sys.exit(err) |
||
| 89 | |||
| 90 | # Get the file's creation time. |
||
| 91 | try: |
||
| 92 | ctime = os.stat(input_filename)[stat.ST_CTIME] |
||
| 93 | except OSError, err: |
||
| 94 | sys.exit(err) |
||
| 95 | |||
| 96 | output_file = OutputFile(output_filename, ctime) |
||
| 97 | |||
| 98 | timestamp = None |
||
| 99 | datalines = [] |
||
| 100 | lineno = 0 |
||
| 101 | |||
| 102 | for line in ifh.xreadlines(): |
||
| 103 | lineno += 1 |
||
| 104 | # If we have no timestamp yet, look for one |
||
| 105 | if not timestamp: |
||
| 106 | m = re_timestamp.search(line) |
||
| 107 | if m: |
||
| 108 | timestamp = m |
||
| 109 | |||
| 110 | # Otherwise, look for hex dump lines |
||
| 111 | else: |
||
| 112 | m = re_hex_line.search(line) |
||
| 113 | if m: |
||
| 114 | datalines.append((lineno, m)) |
||
| 115 | else: |
||
| 116 | # If we have been gathering hex dump lines, |
||
| 117 | # and this line is not a hex dump line, then the hex dump |
||
| 118 | # has finished, and so has the packet. So print the packet |
||
| 119 | # and reset our variables so we can look for the next packet. |
||
| 120 | if datalines: |
||
| 121 | output_file.PrintPacket(timestamp, datalines) |
||
| 122 | timestamp = None |
||
| 123 | datalines = [] |
||
| 124 | |||
| 125 | # At the end of the file we may still have hex dump data in memory. |
||
| 126 | # If so, print the packet |
||
| 127 | if datalines: |
||
| 128 | output_file.PrintPacket(timestamp, datalines) |
||
| 129 | timestamp = None |
||
| 130 | datalines = [] |
||
| 131 | |||
| 132 | |||
| 133 | def usage(): |
||
| 134 | print >> sys.stderr, "Usage: netscreen2dump.py netscreen-dump-file new-dump-file" |
||
| 135 | sys.exit(1) |
||
| 136 | |||
| 137 | def main(): |
||
| 138 | if len(sys.argv) != 3: |
||
| 139 | usage() |
||
| 140 | |||
| 141 | run(sys.argv[1], sys.argv[2]) |
||
| 142 | |||
| 143 | if __name__ == "__main__": |
||
| 144 | main() |