Merge pull request #1740 from gpotter2/af-inconsistent

Fix inconsistencies between attach_filter

Author: p-l-

scapy/arch/bpf/core.py

@@ -8,7 +8,7 @@
 from scapy.config import conf
 from scapy.error import Scapy_Exception, warning
 from scapy.data import ARPHDR_LOOPBACK, ARPHDR_ETHER
-from scapy.arch.common import get_if, get_bpf_pointer
+from scapy.arch.common import get_if, compile_filter
 from scapy.consts import LOOPBACK_NAME
 
 from scapy.arch.bpf.consts import BIOCSETF, SIOCGIFFLAGS, BIOCSETIF
@@ -98,23 +98,9 @@ def get_dev_bpf():
     raise Scapy_Exception("No /dev/bpf handle is available !")
 
 
-def attach_filter(fd, iface, bpf_filter_string):
+def attach_filter(fd, bpf_filter, iface):
     """Attach a BPF filter to the BPF file descriptor"""
-
-    # Retrieve the BPF byte code in decimal
-    cmd_fmt = "%s -p -i %s -ddd -s 1600 '%s'"
-    command = cmd_fmt % (conf.prog.tcpdump, iface, bpf_filter_string)
-    try:
-        f = os.popen(command)
-    except OSError as msg:
-        raise Scapy_Exception("Failed to execute tcpdump: (%s)" % msg)
-
-    # Convert the byte code to a BPF program structure
-    lines = f.readlines()
-    if lines == []:
-        raise Scapy_Exception("Got an empty BPF filter from tcpdump !")
-
-    bp = get_bpf_pointer(lines)
+    bp = compile_filter(bpf_filter, iface)
     # Assign the BPF program to the interface
     ret = LIBC.ioctl(c_int(fd), BIOCSETF, cast(pointer(bp), c_char_p))
     if ret < 0:

scapy/arch/bpf/supersocket.py

@@ -110,7 +110,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None,
                 else:
                     filter = "not (%s)" % conf.except_filter
             if filter is not None:
-                attach_filter(self.ins, self.iface, filter)
+                attach_filter(self.ins, filter, self.iface)
 
         # Set the guessed packet class
         self.guessed_cls = self.guess_cls()

scapy/arch/common.py

@@ -10,15 +10,30 @@
 # Important Note: This file is not needed on Windows, and mustn't be loaded
 
 import socket
+import subprocess
 from fcntl import ioctl
 import os
 import struct
 import ctypes
 from ctypes import POINTER, Structure
 from ctypes import c_uint, c_uint32, c_ushort, c_ubyte
 from scapy.config import conf
+from scapy.data import MTU
+from scapy.error import Scapy_Exception
 import scapy.modules.six as six
 
+# BOOT
+
+
+def _check_tcpdump():
+    with open(os.devnull, 'wb') as devnull:
+        proc = subprocess.Popen([conf.prog.tcpdump, "--version"],
+                                stdout=devnull, stderr=subprocess.STDOUT)
+    return proc.wait() == 0
+
+
+TCPDUMP = _check_tcpdump()
+
 # UTILS
 
 
@@ -95,3 +110,32 @@ def get_bpf_pointer(tcpdump_lines):
 
     # Create the BPF program
     return bpf_program(size, bip)
+
+
+def compile_filter(bpf_filter, iface=None):
+    """Asks Tcpdump to parse the filter, then build the matching
+    BPF bytecode using get_bpf_pointer.
+    """
+    if not TCPDUMP:
+        raise Scapy_Exception("tcpdump is not available. Cannot use filter !")
+    try:
+        process = subprocess.Popen([
+            conf.prog.tcpdump,
+            "-p",
+            "-i", (conf.iface if iface is None else iface),
+            "-ddd",
+            "-s", str(MTU),
+            bpf_filter],
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE
+        )
+    except OSError as ex:
+        raise Scapy_Exception("Failed to attach filter: %s" % ex)
+    lines, err = process.communicate()
+    ret = process.returncode
+    if ret:
+        raise Scapy_Exception(
+            "Failed to attach filter: tcpdump returned: %s" % err
+        )
+    lines = lines.strip().split(b"\n")
+    return get_bpf_pointer(lines)

scapy/arch/linux.py

@@ -29,9 +29,9 @@
 from scapy.config import conf
 from scapy.data import MTU, ETH_P_ALL
 from scapy.supersocket import SuperSocket
-from scapy.error import warning, Scapy_Exception, log_interactive, \
-    log_loading, ScapyInvalidPlatformException
-from scapy.arch.common import get_if, get_bpf_pointer
+from scapy.error import warning, Scapy_Exception, \
+    ScapyInvalidPlatformException
+from scapy.arch.common import get_if, compile_filter
 import scapy.modules.six as six
 from scapy.modules.six.moves import range
 
@@ -92,15 +92,6 @@
 # Unused, PACKET_FASTROUTE and PACKET_LOOPBACK are invisible to user space
 
 
-with os.popen("%s -V 2> /dev/null" % conf.prog.tcpdump) as _f:
-    if _f.close() >> 8 == 0x7f:
-        log_loading.warning("Failed to execute tcpdump. Check it is installed and in the PATH")  # noqa: E501
-        TCPDUMP = 0
-    else:
-        TCPDUMP = 1
-del(_f)
-
-
 def get_if_raw_hwaddr(iff):
     return struct.unpack("16xh6s8x", get_if(iff, SIOCGIFHWADDR))
 
@@ -139,36 +130,15 @@ def get_working_if():
     return LOOPBACK_NAME
 
 
-def attach_filter(s, bpf_filter, iface):
+def attach_filter(sock, bpf_filter, iface):
     # XXX We generate the filter on the interface conf.iface
     # because tcpdump open the "any" interface and ppp interfaces
     # in cooked mode. As we use them in raw mode, the filter will not
     # work... one solution could be to use "any" interface and translate
     # the filter from cooked mode to raw mode
     # mode
-    if not TCPDUMP:
-        return
-    try:
-        f = os.popen("%s -p -i %s -ddd -s %d '%s'" % (
-            conf.prog.tcpdump,
-            conf.iface if iface is None else iface,
-            MTU,
-            bpf_filter,
-        ))
-    except OSError:
-        log_interactive.warning("Failed to attach filter.",
-                                exc_info=True)
-        return
-    lines = f.readlines()
-    ret = f.close()
-    if ret:
-        log_interactive.warning(
-            "Failed to attach filter: tcpdump returned %d", ret
-        )
-        return
-
-    bp = get_bpf_pointer(lines)
-    s.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)
+    bp = compile_filter(bpf_filter, iface)
+    sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp)
 
 
 def set_promisc(s, iff, val=1):
@@ -468,6 +438,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None,
                  nofilter=0, monitor=None):
         self.iface = conf.iface if iface is None else iface
         self.type = type
+        self.promisc = conf.sniff_promisc if promisc is None else promisc
         if monitor is not None:
             if not set_iface_monitor(iface, monitor):
                 warning("Could not change interface mode !")
@@ -481,7 +452,6 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None,
                     filter = "not (%s)" % conf.except_filter
             if filter is not None:
                 attach_filter(self.ins, filter, iface)
-        self.promisc = conf.sniff_promisc if promisc is None else promisc
         if self.promisc:
             set_promisc(self.ins, self.iface)
         self.ins.bind((self.iface, type))

scapy/extlib.py

@@ -41,8 +41,9 @@ def _test_pyx():
     """Returns if PyX is correctly installed or not"""
     try:
         with open(os.devnull, 'wb') as devnull:
-            r = subprocess.check_call(["pdflatex", "--version"], stdout=devnull, stderr=subprocess.STDOUT)  # noqa: E501
-    except Exception:
+            r = subprocess.check_call(["pdflatex", "--version"],
+                                      stdout=devnull, stderr=subprocess.STDOUT)
+    except subprocess.CalledProcessError:
         return False
     else:
         return r == 0

test/bpf.uts

@@ -35,7 +35,7 @@ fd, _ = get_dev_bpf()
 ~ needs_root
 
 from scapy.arch.bpf.supersocket import attach_filter
-attach_filter(fd, conf.iface, "arp or icmp")
+attach_filter(fd, "arp or icmp", conf.iface)
 
 
 = Get network interfaces list