Ask me a question

Hi Jean-Michel, I am also working one a tcp stream reassembly utility and I see that you have done some work in defining the C wrapper for the libnids reassembly patch for Python. I was wondering if you have actually used the resume function in Python ? I have tried but are not getting a usable structure from the callback in Python. Do you perhaps have a sample Python function call or some tips maybe in order to use this function in Python? Regards, ChrisA

Hi Chris,

I cannot share code samples around that but I am indeed using it. The callback takes 2 arguments:

  • The IP header
  • The TCP header (including the payload)

Those are just raw bytes (Python string object) that you have to parse yourself.

In a standard TCP session establishment, the server/client role is determined according to the handshake (the client is the one sending the first SYN packet). The resume callback returns a value to tell libnids who sent this packet (NIDS_TCP_RESUME_CLIENT or NIDS_TCP_RESUME_SERVER) to allow it the create HalfStream structures accordingly. Any other return value is assumed to be NIDS_TCP_RESUME_NONE and HalfStreams are not created.

I hope this is clear enough.

By the way, do not take into account the compilation warning telling to move to Python3. I haven’t tested that enough to be considered as stable :)