fluent-plugin-pcapng 0.0.1 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 110864a2d98c115bfb5812c962d8ab0a16714f02
4
+ data.tar.gz: fed160b8c87ca9384afd1ae040f2ebb46e218032
5
+ SHA512:
6
+ metadata.gz: eadfc181296531df19333c4bd85cd991528aadbacbd929a5000439cc40df9bfb77ce0c91814b5812126eb70f05f696feb3a1c91cef4ee7aed7c35458424c466c
7
+ data.tar.gz: b054b651fba5dc43e4cfcda0beeaaec8835663e9c0f319c491687e7cb1b9bded8de2f9c02d40d6619422c6d1af2925592966514cee5777d884add310cc5e0a24
data/.gitignore CHANGED
@@ -15,3 +15,4 @@ spec/reports
15
15
  test/tmp
16
16
  test/version_tmp
17
17
  tmp
18
+ /vendor/
@@ -0,0 +1,7 @@
1
+ language: ruby
2
+ sudo: false
3
+
4
+ rvm:
5
+ - 2.3.0
6
+
7
+ script: bundle exec rake test
data/README.md CHANGED
@@ -54,4 +54,4 @@ advanced case:
54
54
  | fields | array | required | none | list of field to extract (-e on tshark) |
55
55
  | types | array | optional | "string" for all | list of type for each field ("long", "double", "string", "time") |
56
56
  | convertdot | string | optional | none | convert "." in field name (for outputing int DB who doesn't accept "dot" in schema) |
57
-
57
+ | extra_flags | array of strings | optional | none | extra flags passed to `tshark(1)`, such as `extra_flags [ "-Y dns.flags.response == 0", "-f port 53" ]`. Each element is expected to be in the form of "--option value" or a single flag, such as `-I`. Note that value of each flag will be safely quoted. |
data/Rakefile CHANGED
@@ -1 +1,10 @@
1
1
  require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |test|
5
+ test.libs << "test"
6
+ test.test_files = FileList['test/**/test_*.rb']
7
+ test.verbose = true
8
+ end
9
+
10
+ task :default => [:build]
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "fluent-plugin-pcapng"
7
- spec.version = "0.0.1"
7
+ spec.version = "0.1.1"
8
8
  spec.authors = ["enukane"]
9
9
  spec.email = ["enukane@glenda9.org"]
10
10
  spec.description = %q{Fluentd plugin for tshark (pcapng) monitoring from specified interface}
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
17
17
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
18
  spec.require_paths = ["lib"]
19
19
 
20
+ spec.add_dependency "fluentd", [">= 0.12.14", "< 2"]
20
21
  spec.add_development_dependency "bundler", "~> 1.3"
21
- spec.add_development_dependency "rake"
22
+ spec.add_development_dependency "rake", ">= 0"
23
+ spec.add_development_dependency "test-unit", "~> 3.0"
22
24
  end
@@ -14,6 +14,8 @@
14
14
  # limitations under the License.
15
15
  #
16
16
 
17
+ require 'fluent/input'
18
+
17
19
  module Fluent
18
20
  class PcapngInput < Input
19
21
  Plugin.register_input('pcapng', self)
@@ -21,6 +23,7 @@ module Fluent
21
23
  require 'open3'
22
24
  require 'csv'
23
25
  require 'time'
26
+ require 'shellwords'
24
27
 
25
28
  LONG="long"
26
29
  DOUBLE="double"
@@ -40,6 +43,7 @@ module Fluent
40
43
  config_param :types, :default => [] do |val|
41
44
  val.split(',')
42
45
  end
46
+ config_param :extra_flags, :array, :default => []
43
47
 
44
48
  def configure(conf)
45
49
  super
@@ -72,13 +76,18 @@ module Fluent
72
76
 
73
77
  def run
74
78
  options = build_options(@fields)
75
- cmdline = "tshark -i #{@interface} -T fields -E separator=\",\" -E quote=d #{options}"
76
- print cmdline + "\n"
77
- stdin, stdout, stderr, @th_tshark = *Open3.popen3(cmdline)
79
+ options += build_extra_flags(@extra_flags)
80
+ cmdline = "tshark -i #{Shellwords(@interface)} -T fields -E separator=\",\" -E quote=d #{options}"
81
+ log.debug format("pcapng: %s", cmdline)
82
+ _stdin, stdout, stderr, @th_tshark = *Open3.popen3(cmdline)
78
83
 
79
84
  while @th_tshark.alive?
80
85
  collect_tshark_output(stdout)
81
86
  end
87
+ stderr.each do |l|
88
+ log.error(l.chomp)
89
+ end
90
+ raise RuntimeError, "tshark is not running"
82
91
  rescue => e
83
92
  log.error "unexpected error", :error => e.to_s
84
93
  log.error_backtrace e.backtrace
@@ -87,7 +96,24 @@ module Fluent
87
96
  def build_options(fields)
88
97
  options = ""
89
98
  fields.each do |field|
90
- options += "-e \"#{field}\" "
99
+ options += "-e #{Shellwords.escape(field)}"
100
+ end
101
+ return options
102
+ end
103
+
104
+ def build_extra_flags(extra_flags)
105
+ options = ""
106
+ valid_flag_re = /(?:-[a-zA-Z]|--[a-z\-]+)/
107
+ extra_flags.each do |i|
108
+ if !i.match(/^#{valid_flag_re}/)
109
+ raise ArgumentError, format("Invalid flags in extra_flags %s", i)
110
+ end
111
+
112
+ # escape given flags here because it is easier to understand, or write,
113
+ # extra_flags in fluentd config.
114
+ (k, v) = i.split(/\s+/, 2)
115
+ options += "#{Shellwords.escape(k)} "
116
+ options += "#{Shellwords.escape(v)} " if v
91
117
  end
92
118
  return options
93
119
  end
@@ -0,0 +1,17 @@
1
+ require "rubygems"
2
+ require "bundler"
3
+ begin
4
+ Bundler.setup(:default, :development)
5
+ rescue Bundler::BundlerError => e
6
+ $stderr.puts e.message
7
+ $stderr.puts "Run `bundle install` to install missing gems"
8
+ exit e.status_code
9
+ end
10
+
11
+ require "test/unit"
12
+
13
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
14
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
15
+
16
+ require "fluent/test"
17
+ require "fluent/plugin/in_pcapng"
@@ -0,0 +1,75 @@
1
+ require "helper"
2
+ require "fluent/test/driver/input"
3
+
4
+ class PcapngInputTest < Test::Unit::TestCase
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[
10
+ id pcap_input
11
+ tag pcap.dns.query
12
+ interface em0
13
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
14
+ extra_flags [ "-Y dns.flags.response == 0", "-f port 53" ]
15
+ types double,string,long,long,long,string,string
16
+ convertdot :
17
+ ]
18
+ def create_driver(config = CONFIG)
19
+ Fluent::Test::Driver::Input.new(Fluent::PcapngInput).configure(config)
20
+ end
21
+
22
+ def test_configure
23
+ instance = create_driver.instance
24
+ assert_equal "em0", instance.interface
25
+ assert_equal ["frame.time_epoch", "dns.qry.name", "dns.qry.type",
26
+ "dns.qry.class", "dns.id", "ip.src", "ip.dst"],
27
+ instance.fields
28
+ assert_equal ["-Y dns.flags.response == 0", "-f port 53"], instance.extra_flags
29
+ end
30
+
31
+ def test_build_extra_flags
32
+ instance = create_driver.instance
33
+ assert_equal "-Y dns.flags.response\\ \\=\\=\\ 0 -f port\\ 53 ", instance.build_extra_flags(instance.extra_flags)
34
+ end
35
+
36
+ def test_build_extra_flags_with_long_flag_no_value
37
+ config = %[
38
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
39
+ extra_flags [ "--long-flag" ]
40
+ types double,string,long,long,long,string,string
41
+ ]
42
+ instance = create_driver(config).instance
43
+ assert_equal "--long-flag ", instance.build_extra_flags(instance.extra_flags)
44
+ end
45
+
46
+ def test_build_extra_flags_with_long_flag_value
47
+ config = %[
48
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
49
+ extra_flags [ "--long-flag value" ]
50
+ types double,string,long,long,long,string,string
51
+ ]
52
+ instance = create_driver(config).instance
53
+ assert_equal "--long-flag value ", instance.build_extra_flags(instance.extra_flags)
54
+ end
55
+
56
+ def test_build_extra_flags_with_invalid_flag
57
+ config = %[
58
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
59
+ extra_flags [ "not-valid" ]
60
+ types double,string,long,long,long,string,string
61
+ ]
62
+ instance = create_driver(config).instance
63
+ assert_raise ArgumentError do instance.build_extra_flags(instance.extra_flags) end
64
+ end
65
+
66
+ def test_build_extra_flags_with_invalid_flag_and_value
67
+ config = %[
68
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
69
+ extra_flags [ "not-valid value" ]
70
+ types double,string,long,long,long,string,string
71
+ ]
72
+ instance = create_driver(config).instance
73
+ assert_raise ArgumentError do instance.build_extra_flags(instance.extra_flags) end
74
+ end
75
+ end
metadata CHANGED
@@ -1,48 +1,77 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-pcapng
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
5
- prerelease:
4
+ version: 0.1.1
6
5
  platform: ruby
7
6
  authors:
8
7
  - enukane
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2015-10-08 00:00:00.000000000 Z
11
+ date: 2017-05-30 00:00:00.000000000 Z
13
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 0.12.14
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '2'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: 0.12.14
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '2'
14
33
  - !ruby/object:Gem::Dependency
15
34
  name: bundler
16
35
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
36
  requirements:
19
- - - ~>
37
+ - - "~>"
20
38
  - !ruby/object:Gem::Version
21
39
  version: '1.3'
22
40
  type: :development
23
41
  prerelease: false
24
42
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
43
  requirements:
27
- - - ~>
44
+ - - "~>"
28
45
  - !ruby/object:Gem::Version
29
46
  version: '1.3'
30
47
  - !ruby/object:Gem::Dependency
31
48
  name: rake
32
49
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
50
  requirements:
35
- - - ! '>='
51
+ - - ">="
36
52
  - !ruby/object:Gem::Version
37
53
  version: '0'
38
54
  type: :development
39
55
  prerelease: false
40
56
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
57
  requirements:
43
- - - ! '>='
58
+ - - ">="
44
59
  - !ruby/object:Gem::Version
45
60
  version: '0'
61
+ - !ruby/object:Gem::Dependency
62
+ name: test-unit
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '3.0'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: '3.0'
46
75
  description: Fluentd plugin for tshark (pcapng) monitoring from specified interface
47
76
  email:
48
77
  - enukane@glenda9.org
@@ -50,7 +79,8 @@ executables: []
50
79
  extensions: []
51
80
  extra_rdoc_files: []
52
81
  files:
53
- - .gitignore
82
+ - ".gitignore"
83
+ - ".travis.yml"
54
84
  - Gemfile
55
85
  - LICENSE.txt
56
86
  - README.md
@@ -58,35 +88,32 @@ files:
58
88
  - fluent-plugin-pcapng.gemspec
59
89
  - lib/fluent/plugin/in_pcapng.rb
60
90
  - sample/pcapng.conf.sample
91
+ - test/helper.rb
92
+ - test/test_in_ngpcap.rb
61
93
  homepage: https://github.com/enukane/fluent-plugin-pcapng
62
94
  licenses:
63
95
  - MIT
96
+ metadata: {}
64
97
  post_install_message:
65
98
  rdoc_options: []
66
99
  require_paths:
67
100
  - lib
68
101
  required_ruby_version: !ruby/object:Gem::Requirement
69
- none: false
70
102
  requirements:
71
- - - ! '>='
103
+ - - ">="
72
104
  - !ruby/object:Gem::Version
73
105
  version: '0'
74
- segments:
75
- - 0
76
- hash: 573394323
77
106
  required_rubygems_version: !ruby/object:Gem::Requirement
78
- none: false
79
107
  requirements:
80
- - - ! '>='
108
+ - - ">="
81
109
  - !ruby/object:Gem::Version
82
110
  version: '0'
83
- segments:
84
- - 0
85
- hash: 573394323
86
111
  requirements: []
87
112
  rubyforge_project:
88
- rubygems_version: 1.8.23
113
+ rubygems_version: 2.6.11
89
114
  signing_key:
90
- specification_version: 3
115
+ specification_version: 4
91
116
  summary: Fluentd input plugin for monitoring packets received in specified interface
92
- test_files: []
117
+ test_files:
118
+ - test/helper.rb
119
+ - test/test_in_ngpcap.rb