Source code for pathspider.chains.mss

"""
.. module:: pathspider.chains.tcp
   :synopsis: A flow analysis chain for TCP Maximum Segment Size

This module contains the MSSChain flow analysis chain which can be used by
PATHspider's Observer for recording TCP Maximum Segment Size details.

.. codeauthor:: Iain R. Learmonth <irl@fsfe.org>

"""

from pathspider.chains.base import Chain
from pathspider.chains.tcp import tcp_options
from pathspider.chains.tcp import TO_MSS

[docs]class MSSChain(Chain): """ This flow analysis chain records details of the TCP Maximum Segment Size (MSS) option in the flow record. It will determine the length and value of the field if present in SYN packets. +------------------+--------+-----------------------------------------------------------------+ | Field Name | Type | Meaning | +==================+========+=================================================================+ | ``mss_len_fwd`` | int | Length of the MSS option field including kind and length in the | | | | forward direction. | +------------------+--------+-----------------------------------------------------------------+ | ``mss_len_rev`` | int | Length of the MSS option field including kind and length in the | | | | reverse direction. | +------------------+--------+-----------------------------------------------------------------+ | ``mss_value_fwd``| int | Value of the MSS option field in the forward direction. | +------------------+--------+-----------------------------------------------------------------+ | ``mss_value_rev``| int | Value of the MSS option field in the reverse direction. | +------------------+--------+-----------------------------------------------------------------+ """
[docs] def new_flow(self, rec, ip): """ For a new flow, all fields will be initialised to ``None``. :param rec: the flow record :type rec: dict :param ip: the IP or IPv6 packet that triggered the creation of a new flow record :type ip: plt.ip or plt.ip6 :return: Always ``True`` :rtype: bool """ rec['mss_len_fwd'] = None rec['mss_len_rev'] = None rec['mss_value_fwd'] = None rec['mss_value_rev'] = None return True
[docs] def tcp(self, rec, tcp, rev): # pylint: disable=unused-argument """ Records TCP Maximum Segment Size Details. TCP Maximum Segment Size The TCP options will be parsed for the MSS option for all SYN packets. If the option is found, the length and value for the option will be recorded in the flow. :param rec: the flow record :type rec: dict :param tcp: the TCP segment that was observed to be part of this flow :type ip: plt.tcp :param rev: True if the packet was in the reverse direction, False if in the forward direction :type rev: bool :return: Always True :rtype: bool """ # Shortcut non-SYN if not tcp.syn_flag: return True opts = tcp_options(tcp) if TO_MSS in opts: mss = bytes(opts[TO_MSS]) rec['mss_len_' + ('rev' if rev else 'fwd')] = len(mss) + 2 rec['mss_value_' + ('rev' if rev else 'fwd')] = int.from_bytes(mss, byteorder="big") # tell observer to keep going return True