fluent-plugin-pcapng 0.0.1 → 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 110864a2d98c115bfb5812c962d8ab0a16714f02
+  data.tar.gz: fed160b8c87ca9384afd1ae040f2ebb46e218032
+SHA512:
+  metadata.gz: eadfc181296531df19333c4bd85cd991528aadbacbd929a5000439cc40df9bfb77ce0c91814b5812126eb70f05f696feb3a1c91cef4ee7aed7c35458424c466c
+  data.tar.gz: b054b651fba5dc43e4cfcda0beeaaec8835663e9c0f319c491687e7cb1b9bded8de2f9c02d40d6619422c6d1af2925592966514cee5777d884add310cc5e0a24

data/.gitignore

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+/vendor/

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+sudo: false
+
+rvm:
+  - 2.3.0
+
+script: bundle exec rake test

data/README.md

@@ -54,4 +54,4 @@ advanced case:
 | fields | array | required | none | list of field to extract (-e on tshark) |
 | types | array | optional | "string" for all | list of type for each field ("long", "double", "string", "time") |
 | convertdot | string | optional | none | convert "." in field name (for outputing int DB who doesn't accept "dot" in schema) |
-
+| extra_flags | array of strings | optional | none | extra flags passed to `tshark(1)`, such as `extra_flags [ "-Y dns.flags.response == 0", "-f port 53" ]`. Each element is expected to be in the form of "--option value" or a single flag, such as `-I`. Note that value of each flag will be safely quoted. |

data/Rakefile

@@ -1 +1,10 @@
 require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << "test"
+  test.test_files = FileList['test/**/test_*.rb']
+  test.verbose = true
+end
+
+task :default => [:build]

data/fluent-plugin-pcapng.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-pcapng"
-  spec.version       = "0.0.1"
+  spec.version       = "0.1.1"
   spec.authors       = ["enukane"]
   spec.email         = ["enukane@glenda9.org"]
   spec.description   = %q{Fluentd plugin for tshark (pcapng) monitoring from specified interface}
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "fluentd", [">= 0.12.14", "< 2"]
   spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rake", ">= 0"
+  spec.add_development_dependency "test-unit", "~> 3.0"
 end

data/lib/fluent/plugin/in_pcapng.rb

@@ -14,6 +14,8 @@
 #    limitations under the License.
 #
 
+require 'fluent/input'
+
 module Fluent
   class PcapngInput < Input
     Plugin.register_input('pcapng', self)
@@ -21,6 +23,7 @@ module Fluent
     require 'open3'
     require 'csv'
     require 'time'
+    require 'shellwords'
 
     LONG="long"
     DOUBLE="double"
@@ -40,6 +43,7 @@ module Fluent
     config_param :types, :default => [] do |val|
       val.split(',')
     end
+    config_param :extra_flags, :array, :default => []
 
     def configure(conf)
       super
@@ -72,13 +76,18 @@ module Fluent
 
     def run
       options = build_options(@fields)
-      cmdline = "tshark -i #{@interface} -T fields -E separator=\",\" -E quote=d #{options}"
-      print cmdline + "\n"
-      stdin, stdout, stderr, @th_tshark = *Open3.popen3(cmdline)
+      options += build_extra_flags(@extra_flags)
+      cmdline = "tshark -i #{Shellwords(@interface)} -T fields -E separator=\",\" -E quote=d #{options}"
+      log.debug format("pcapng: %s", cmdline)
+      _stdin, stdout, stderr, @th_tshark = *Open3.popen3(cmdline)
 
       while @th_tshark.alive?
         collect_tshark_output(stdout)
       end
+      stderr.each do |l|
+        log.error(l.chomp)
+      end
+      raise RuntimeError, "tshark is not running"
     rescue => e
       log.error "unexpected error", :error => e.to_s
       log.error_backtrace e.backtrace
@@ -87,7 +96,24 @@ module Fluent
     def build_options(fields)
       options = ""
       fields.each do |field|
-        options += "-e \"#{field}\" "
+        options += "-e #{Shellwords.escape(field)}"
+      end
+      return options
+    end
+
+    def build_extra_flags(extra_flags)
+      options = ""
+      valid_flag_re = /(?:-[a-zA-Z]|--[a-z\-]+)/
+      extra_flags.each do |i|
+        if !i.match(/^#{valid_flag_re}/)
+          raise ArgumentError, format("Invalid flags in extra_flags %s", i)
+        end
+
+        # escape given flags here because it is easier to understand, or write,
+        # extra_flags in fluentd config.
+        (k, v) = i.split(/\s+/, 2)
+        options += "#{Shellwords.escape(k)} "
+        options += "#{Shellwords.escape(v)} " if v
       end
       return options
     end

data/test/helper.rb

@@ -0,0 +1,17 @@
+require "rubygems"
+require "bundler"
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+
+require "test/unit"
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require "fluent/test"
+require "fluent/plugin/in_pcapng"

data/test/test_in_ngpcap.rb

@@ -0,0 +1,75 @@
+require "helper"
+require "fluent/test/driver/input"
+
+class PcapngInputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    id pcap_input
+    tag pcap.dns.query
+    interface em0
+    fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
+    extra_flags [ "-Y dns.flags.response == 0", "-f port 53" ]
+    types double,string,long,long,long,string,string
+    convertdot :
+  ]
+  def create_driver(config = CONFIG)
+    Fluent::Test::Driver::Input.new(Fluent::PcapngInput).configure(config)
+  end
+
+  def test_configure
+    instance = create_driver.instance
+    assert_equal "em0", instance.interface
+    assert_equal ["frame.time_epoch", "dns.qry.name", "dns.qry.type",
+                  "dns.qry.class", "dns.id", "ip.src", "ip.dst"],
+                  instance.fields
+    assert_equal ["-Y dns.flags.response == 0", "-f port 53"], instance.extra_flags
+  end
+
+  def test_build_extra_flags
+    instance = create_driver.instance
+    assert_equal "-Y dns.flags.response\\ \\=\\=\\ 0 -f port\\ 53 ", instance.build_extra_flags(instance.extra_flags)
+  end
+
+  def test_build_extra_flags_with_long_flag_no_value
+    config = %[
+      fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
+      extra_flags [ "--long-flag" ]
+      types double,string,long,long,long,string,string
+    ]
+    instance = create_driver(config).instance
+    assert_equal "--long-flag ", instance.build_extra_flags(instance.extra_flags)
+  end
+
+  def test_build_extra_flags_with_long_flag_value
+    config = %[
+      fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
+      extra_flags [ "--long-flag     value" ]
+      types double,string,long,long,long,string,string
+    ]
+    instance = create_driver(config).instance
+    assert_equal "--long-flag value ", instance.build_extra_flags(instance.extra_flags)
+  end
+
+  def test_build_extra_flags_with_invalid_flag
+    config = %[
+      fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
+      extra_flags [ "not-valid" ]
+      types double,string,long,long,long,string,string
+    ]
+    instance = create_driver(config).instance
+    assert_raise ArgumentError do instance.build_extra_flags(instance.extra_flags) end
+  end
+
+  def test_build_extra_flags_with_invalid_flag_and_value
+    config = %[
+      fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
+      extra_flags [ "not-valid value" ]
+      types double,string,long,long,long,string,string
+    ]
+    instance = create_driver(config).instance
+    assert_raise ArgumentError do instance.build_extra_flags(instance.extra_flags) end
+  end
+end

metadata

@@ -1,48 +1,77 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-pcapng
 version: !ruby/object:Gem::Version
-  version: 0.0.1
-  prerelease: 
+  version: 0.1.1
 platform: ruby
 authors:
 - enukane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-08 00:00:00.000000000 Z
+date: 2017-05-30 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.14
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.12.14
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description: Fluentd plugin for tshark (pcapng) monitoring from specified interface
 email:
 - enukane@glenda9.org
@@ -50,7 +79,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -58,35 +88,32 @@ files:
 - fluent-plugin-pcapng.gemspec
 - lib/fluent/plugin/in_pcapng.rb
 - sample/pcapng.conf.sample
+- test/helper.rb
+- test/test_in_ngpcap.rb
 homepage: https://github.com/enukane/fluent-plugin-pcapng
 licenses:
 - MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 573394323
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 573394323
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.6.11
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Fluentd input plugin for monitoring packets received in specified interface
-test_files: []
+test_files:
+- test/helper.rb
+- test/test_in_ngpcap.rb