add support for syslog packets
padding = (4 - (len(opt) % 4)) % 4
return opt + b'\x00'*padding
- def write_option(self, tag, text):
- self.pcapfile.write(self.option(tag, text))
-
def insert_length(self, data, offset, length):
return data[0:offset] + struct.pack("=I", length) + data[offset+4:]
+ def syslog_pdu(self, text):
+ pdu_name = "syslog".encode("utf-8")
+ # this is inexplicably the only packet that has to be big-endian
+ hdr = struct.pack(">H", len(pdu_name)) + pdu_name
+ hdr += self.option(0x00, "")
+ hdr = struct.pack(">H", len(hdr)) + hdr
+ hdr += text.encode("utf-8")
+ return hdr
+
+ def write_syslog(self, timestamp, text):
+ pdu = self.syslog_pdu(text)
+ length = len(pdu)
+ pkt = struct.pack("=IIIIIII", 6, 0, 1, timestamp >> 32, timestamp & 0xffffffff, length, length)
+ pkt += pdu
+ padding = (4 - (len(pkt) % 4)) % 4
+ pkt += b'\x00'*padding
+
+ length = len(pkt) + 4
+ pkt = self.insert_length(pkt, 4, length)
+ pkt += struct.pack("=I", length)
+ self.pcapfile.write(pkt)
+
def write_file_header(self):
hdr = struct.pack("=IIIHHII", 0x0a0d0d0a, 0, 0x1a2b3c4d, 1, 0, 0xffffffff, 0xffffffff)
hdr += self.option(0x02, "saleae CSV 2 PCAP converter")