Source code for pathspider.chains.udp

"""
.. module:: pathspider.chains.dscp
   :synopsis: A flow analysis chain for UDP

This module contains the UDPChain flow analysis chain which can be used by
PATHspider's Observer for recording UDP details.

.. codeauthor:: Iain R. Learmonth <irl@fsfe.org>

"""

from pathspider.chains.base import Chain

[docs]class UDPChain(Chain): """ +---------------------------+------+---------------------------------------+ | Field Name | Type | Meaning | +===========================+======+=======================================+ | ``udp_zero_checksum_fwd`` | bool | True if the last packet in the flow | | | | in the forward direction had the UDP | | | | checksum disabled (set to zero). | +---------------------------+------+---------------------------------------+ | ``udp_zero_checksum_rev`` | bool | True if the last packet in the flow | | | | in the reverse direction had the UDP | | | | checksum disabled (set to zero). | +---------------------------+------+---------------------------------------+ """
[docs] def new_flow(self, rec, ip): """ For a new flow, all fields will be initialised to ``None``. :param rec: the flow record :type rec: dict :param ip: the IP or IPv6 packet that triggered the creation of a new flow record :type ip: plt.ip or plt.ip6 :return: Always ``True`` :rtype: bool """ rec['udp_zero_checksum_fwd'] = None rec['udp_zero_checksum_rev'] = None return True
[docs] def udp(self, rec, udp, rev): """ Records details from UDP datagram about the UDP header. :param rec: the flow record :type rec: dict :param tcp: the UDP packet that was observed to be part of this flow :type ip: plt.udp :param rev: ``True`` if the packet was in the reverse direction, ``False`` if in the forward direction :type rev: bool :return: Always ``True`` :rtype: bool """ rec['udp_zero_checksum_rev' if rev else 'udp_zero_checksum_fwd'] = udp.checksum == 0 return True