embulk-parser-pcapng 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 26c42e5ecca711a75978d4769cb38af825e261b4
+  data.tar.gz: ee755ea6067360ccd6aa6cf8b3223782a229cace
+SHA512:
+  metadata.gz: 3d4004302b91128d40fa212c7907e34149eaf875618335a324cc1cb788b07318fbffdbcafc580c02a8d6bbf62417b307e04bede67367968b8ed063e868e27860
+  data.tar.gz: 7d0a56109fb766ab8eb8efcc5fcd6fba6e156f86645fb2fd40e8d070ecf991ec94a0b98ffe923d38283e6c9d68e44ab610e9a7e96419a82f00316dd385da210a

data/.gitignore

@@ -0,0 +1,5 @@
+*~
+/pkg/
+/tmp/
+/.bundle/
+/Gemfile.lock

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org/'
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# Pcapng parser plugin for Embulk
+
+TODO: Write short description here
+
+## Overview
+
+* **Plugin type**: parser
+* **Load all or nothing**: yes
+* **Resume supported**: no
+
+## Configuration
+
+- **property1**: description (string, required)
+- **property2**: description (integer, default: default-value)
+
+## Example
+
+```yaml
+in:
+  type: any file input plugin type
+  parser:
+    type: pcapng
+    property1: example1
+    property2: example2
+```
+
+## Build
+
+```
+$ rake
+```

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/gem_tasks"
+Bundler::GemHelper.install_tasks
+task :default => [:build]

data/embulk-parser-pcapng.gemspec

@@ -0,0 +1,19 @@
+
+Gem::Specification.new do |spec|
+  spec.name          = "embulk-parser-pcapng"
+  spec.version       = "0.1.0"
+  spec.authors       = ["enukane"]
+  spec.summary       = "Pcapng parser plugin for Embulk"
+  spec.description   = "Pcapng parser plugin is an Embulk plugin that parses Pcapng file format read by any file input plugins. Search the file input plugins by 'embulk-input file' keywords."
+  spec.email         = ["enukane@glenda9.org"]
+  spec.licenses      = ["MIT"]
+  spec.homepage      = "https://github.com/enukane/embulk-parser-pcapng"
+
+  spec.files         = `git ls-files`.split("\n") + Dir["classpath/*.jar"]
+  spec.test_files    = spec.files.grep(%r{^(test|spec)/})
+  spec.require_paths = ["lib"]
+
+  #spec.add_dependency 'YOUR_GEM_DEPENDENCY', ['~> YOUR_GEM_DEPENDENCY_VERSION']
+  spec.add_development_dependency 'bundler', ['~> 1.0']
+  spec.add_development_dependency 'rake', ['>= 10.0']
+end

data/lib/embulk/parser/pcapng.rb

@@ -0,0 +1,83 @@
+require "tempfile"
+require "csv"
+
+module Embulk
+  module Parser
+    class PcapngParserPlugin < ParserPlugin
+      Plugin.register_parser("pcapng", self)
+
+      def self.transaction(config, &control)
+        schema = config.param("schema", :array, default: [])
+        task = {
+          "schema" => schema
+        }
+
+        idx = -1
+        columns = schema.map{|s|
+          idx += 1
+          elm = Column.new(idx, "#{s['name']}", s['type'].to_sym)
+        }
+
+        yield(task, columns)
+      end
+
+      def init
+        @schema = @task["schema"]
+      end
+
+      def run(file_input)
+        while file = file_input.next_file
+          tmpf, tmppath = tmppcapng(file.read)
+          each_packet(tmppath, @schema.map{|elm| elm["name"]}) do |hash|
+            entry = @schema.map{|s| convert(hash[s["name"]], s["type"])}
+            page_builder.add(entry)
+          end
+          tmpf.close
+        end
+        page_builder.finish
+      end
+
+      private
+      def convert val, type
+        v = val
+        v = "" if val == nil
+        v = v.to_i if type == "long"
+        v = v.to_f if type == "float"
+        return v
+      end
+
+      def build_options(fields)
+        options = ""
+        fields.each do |field|
+          options += "-e '#{field}' "
+        end
+        return options
+      end
+
+      def tmppcapng(data)
+        tmpf = Tempfile.open("pcapng")
+        tmpf.write(data)
+        tmpf.flush()
+        return tmpf, tmpf.path
+      end
+
+      def each_packet(path, fields, &block)
+        options = build_options(fields)
+        io = IO.popen("tshark -E separator=, #{options} -T fields -r #{path}")
+        while line = io.gets
+          array = [fields, CSV.parse(line).flatten].transpose
+          yield(Hash[*array.flatten])
+        end
+        io.close
+      end
+
+      def fetch_from_pcap(path, fields)
+        options = build_options(fields)
+        io = IO.popen("tshark -E separator=, #{options} -T fields -r #{path}")
+        data = io.read
+        io.close
+        return data
+      end
+    end
+  end
+end

data/sample_config.yml

@@ -0,0 +1,12 @@
+exec: {}
+in:
+  type: file
+  path_prefix: "/where/ever/you/like/"
+  parser:
+    type: pcapng
+    schema:
+      - { name: frame.number,                 type: long }
+      - { name: frame.time_epoch,             type: long }
+      - { name: frame.len,                    type: long }
+out:
+  type: stdout

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: embulk-parser-pcapng
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- enukane
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Pcapng parser plugin is an Embulk plugin that parses Pcapng file format
+  read by any file input plugins. Search the file input plugins by 'embulk-input file'
+  keywords.
+email:
+- enukane@glenda9.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- embulk-parser-pcapng.gemspec
+- lib/embulk/parser/pcapng.rb
+- sample_config.yml
+homepage: https://github.com/enukane/embulk-parser-pcapng
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Pcapng parser plugin for Embulk
+test_files: []