“Hi Jean-Michel, I am also working one a tcp stream reassembly utility and I see that you have done some work in defining the C wrapper for the libnids reassembly patch for Python. I was wondering if you have actually used the resume function in Python ? I have tried but are not getting a usable structure from the callback in Python. Do you perhaps have a sample Python function call or some tips maybe in order to use this function in Python? Regards, ChrisA”
Hi Chris,
I cannot share code samples around that but I am indeed using it. The callback takes 2 arguments:
- The IP header
- The TCP header (including the payload)
Those are just raw bytes (Python string object) that you have to parse yourself.
In a standard TCP session establishment, the server/client role is determined according to the handshake (the client is the one sending the first SYN packet). The resume callback returns a value to tell libnids who sent this packet (NIDS_TCP_RESUME_CLIENT or NIDS_TCP_RESUME_SERVER) to allow it the create HalfStream structures accordingly. Any other return value is assumed to be NIDS_TCP_RESUME_NONE and HalfStreams are not created.
I hope this is clear enough.
By the way, do not take into account the compilation warning telling to move to Python3. I haven’t tested that enough to be considered as stable :)