-
Notifications
You must be signed in to change notification settings - Fork 10
/
icmp.py
41 lines (39 loc) · 1.06 KB
/
icmp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
"""
This module mirrors Zeek's logic for mapping ICMP's message type and
codes into a port-like notion suitable for ordering request/response
into the same "flow".
"""
ECHO_REPLY = 0
ECHO = 8
RTR_ADVERT = 9
RTR_SOLICIT = 10
TSTAMP = 13
TSTAMP_REPLY = 14
INFO = 15
INFO_REPLY = 16
MASK = 17
MASK_REPLY = 18
TYPE_MAPPER = {
ECHO: ECHO_REPLY,
ECHO_REPLY: ECHO,
TSTAMP: TSTAMP_REPLY,
TSTAMP_REPLY: TSTAMP,
INFO: INFO_REPLY,
INFO_REPLY: INFO,
RTR_SOLICIT: RTR_ADVERT,
RTR_ADVERT: RTR_SOLICIT,
MASK: MASK_REPLY,
MASK_REPLY: MASK,
}
def get_port_equivalents(mtype, mcode):
"""
Given a message type and code (as host-order ints), returns the
source and destination port equivalents, and a Boolean that
indicates whether this is a one-way interaction (in which case
ordering does not apply) or not (in which case we can flip
ordering).
"""
try:
return mtype, TYPE_MAPPER[mtype], False
except KeyError:
return mtype, mcode, True