fluent-plugin-pcapng 0.0.1 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 110864a2d98c115bfb5812c962d8ab0a16714f02
4
+ data.tar.gz: fed160b8c87ca9384afd1ae040f2ebb46e218032
5
+ SHA512:
6
+ metadata.gz: eadfc181296531df19333c4bd85cd991528aadbacbd929a5000439cc40df9bfb77ce0c91814b5812126eb70f05f696feb3a1c91cef4ee7aed7c35458424c466c
7
+ data.tar.gz: b054b651fba5dc43e4cfcda0beeaaec8835663e9c0f319c491687e7cb1b9bded8de2f9c02d40d6619422c6d1af2925592966514cee5777d884add310cc5e0a24
data/.gitignore CHANGED
@@ -15,3 +15,4 @@ spec/reports
15
15
  test/tmp
16
16
  test/version_tmp
17
17
  tmp
18
+ /vendor/
@@ -0,0 +1,7 @@
1
+ language: ruby
2
+ sudo: false
3
+
4
+ rvm:
5
+ - 2.3.0
6
+
7
+ script: bundle exec rake test
data/README.md CHANGED
@@ -54,4 +54,4 @@ advanced case:
54
54
  | fields | array | required | none | list of field to extract (-e on tshark) |
55
55
  | types | array | optional | "string" for all | list of type for each field ("long", "double", "string", "time") |
56
56
  | convertdot | string | optional | none | convert "." in field name (for outputing int DB who doesn't accept "dot" in schema) |
57
-
57
+ | extra_flags | array of strings | optional | none | extra flags passed to `tshark(1)`, such as `extra_flags [ "-Y dns.flags.response == 0", "-f port 53" ]`. Each element is expected to be in the form of "--option value" or a single flag, such as `-I`. Note that value of each flag will be safely quoted. |
data/Rakefile CHANGED
@@ -1 +1,10 @@
1
1
  require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |test|
5
+ test.libs << "test"
6
+ test.test_files = FileList['test/**/test_*.rb']
7
+ test.verbose = true
8
+ end
9
+
10
+ task :default => [:build]
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "fluent-plugin-pcapng"
7
- spec.version = "0.0.1"
7
+ spec.version = "0.1.1"
8
8
  spec.authors = ["enukane"]
9
9
  spec.email = ["enukane@glenda9.org"]
10
10
  spec.description = %q{Fluentd plugin for tshark (pcapng) monitoring from specified interface}
@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
17
17
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
18
18
  spec.require_paths = ["lib"]
19
19
 
20
+ spec.add_dependency "fluentd", [">= 0.12.14", "< 2"]
20
21
  spec.add_development_dependency "bundler", "~> 1.3"
21
- spec.add_development_dependency "rake"
22
+ spec.add_development_dependency "rake", ">= 0"
23
+ spec.add_development_dependency "test-unit", "~> 3.0"
22
24
  end
@@ -14,6 +14,8 @@
14
14
  # limitations under the License.
15
15
  #
16
16
 
17
+ require 'fluent/input'
18
+
17
19
  module Fluent
18
20
  class PcapngInput < Input
19
21
  Plugin.register_input('pcapng', self)
@@ -21,6 +23,7 @@ module Fluent
21
23
  require 'open3'
22
24
  require 'csv'
23
25
  require 'time'
26
+ require 'shellwords'
24
27
 
25
28
  LONG="long"
26
29
  DOUBLE="double"
@@ -40,6 +43,7 @@ module Fluent
40
43
  config_param :types, :default => [] do |val|
41
44
  val.split(',')
42
45
  end
46
+ config_param :extra_flags, :array, :default => []
43
47
 
44
48
  def configure(conf)
45
49
  super
@@ -72,13 +76,18 @@ module Fluent
72
76
 
73
77
  def run
74
78
  options = build_options(@fields)
75
- cmdline = "tshark -i #{@interface} -T fields -E separator=\",\" -E quote=d #{options}"
76
- print cmdline + "\n"
77
- stdin, stdout, stderr, @th_tshark = *Open3.popen3(cmdline)
79
+ options += build_extra_flags(@extra_flags)
80
+ cmdline = "tshark -i #{Shellwords(@interface)} -T fields -E separator=\",\" -E quote=d #{options}"
81
+ log.debug format("pcapng: %s", cmdline)
82
+ _stdin, stdout, stderr, @th_tshark = *Open3.popen3(cmdline)
78
83
 
79
84
  while @th_tshark.alive?
80
85
  collect_tshark_output(stdout)
81
86
  end
87
+ stderr.each do |l|
88
+ log.error(l.chomp)
89
+ end
90
+ raise RuntimeError, "tshark is not running"
82
91
  rescue => e
83
92
  log.error "unexpected error", :error => e.to_s
84
93
  log.error_backtrace e.backtrace
@@ -87,7 +96,24 @@ module Fluent
87
96
  def build_options(fields)
88
97
  options = ""
89
98
  fields.each do |field|
90
- options += "-e \"#{field}\" "
99
+ options += "-e #{Shellwords.escape(field)}"
100
+ end
101
+ return options
102
+ end
103
+
104
+ def build_extra_flags(extra_flags)
105
+ options = ""
106
+ valid_flag_re = /(?:-[a-zA-Z]|--[a-z\-]+)/
107
+ extra_flags.each do |i|
108
+ if !i.match(/^#{valid_flag_re}/)
109
+ raise ArgumentError, format("Invalid flags in extra_flags %s", i)
110
+ end
111
+
112
+ # escape given flags here because it is easier to understand, or write,
113
+ # extra_flags in fluentd config.
114
+ (k, v) = i.split(/\s+/, 2)
115
+ options += "#{Shellwords.escape(k)} "
116
+ options += "#{Shellwords.escape(v)} " if v
91
117
  end
92
118
  return options
93
119
  end
@@ -0,0 +1,17 @@
1
+ require "rubygems"
2
+ require "bundler"
3
+ begin
4
+ Bundler.setup(:default, :development)
5
+ rescue Bundler::BundlerError => e
6
+ $stderr.puts e.message
7
+ $stderr.puts "Run `bundle install` to install missing gems"
8
+ exit e.status_code
9
+ end
10
+
11
+ require "test/unit"
12
+
13
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
14
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
15
+
16
+ require "fluent/test"
17
+ require "fluent/plugin/in_pcapng"
@@ -0,0 +1,75 @@
1
+ require "helper"
2
+ require "fluent/test/driver/input"
3
+
4
+ class PcapngInputTest < Test::Unit::TestCase
5
+ def setup
6
+ Fluent::Test.setup
7
+ end
8
+
9
+ CONFIG = %[
10
+ id pcap_input
11
+ tag pcap.dns.query
12
+ interface em0
13
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
14
+ extra_flags [ "-Y dns.flags.response == 0", "-f port 53" ]
15
+ types double,string,long,long,long,string,string
16
+ convertdot :
17
+ ]
18
+ def create_driver(config = CONFIG)
19
+ Fluent::Test::Driver::Input.new(Fluent::PcapngInput).configure(config)
20
+ end
21
+
22
+ def test_configure
23
+ instance = create_driver.instance
24
+ assert_equal "em0", instance.interface
25
+ assert_equal ["frame.time_epoch", "dns.qry.name", "dns.qry.type",
26
+ "dns.qry.class", "dns.id", "ip.src", "ip.dst"],
27
+ instance.fields
28
+ assert_equal ["-Y dns.flags.response == 0", "-f port 53"], instance.extra_flags
29
+ end
30
+
31
+ def test_build_extra_flags
32
+ instance = create_driver.instance
33
+ assert_equal "-Y dns.flags.response\\ \\=\\=\\ 0 -f port\\ 53 ", instance.build_extra_flags(instance.extra_flags)
34
+ end
35
+
36
+ def test_build_extra_flags_with_long_flag_no_value
37
+ config = %[
38
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
39
+ extra_flags [ "--long-flag" ]
40
+ types double,string,long,long,long,string,string
41
+ ]
42
+ instance = create_driver(config).instance
43
+ assert_equal "--long-flag ", instance.build_extra_flags(instance.extra_flags)
44
+ end
45
+
46
+ def test_build_extra_flags_with_long_flag_value
47
+ config = %[
48
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
49
+ extra_flags [ "--long-flag value" ]
50
+ types double,string,long,long,long,string,string
51
+ ]
52
+ instance = create_driver(config).instance
53
+ assert_equal "--long-flag value ", instance.build_extra_flags(instance.extra_flags)
54
+ end
55
+
56
+ def test_build_extra_flags_with_invalid_flag
57
+ config = %[
58
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
59
+ extra_flags [ "not-valid" ]
60
+ types double,string,long,long,long,string,string
61
+ ]
62
+ instance = create_driver(config).instance
63
+ assert_raise ArgumentError do instance.build_extra_flags(instance.extra_flags) end
64
+ end
65
+
66
+ def test_build_extra_flags_with_invalid_flag_and_value
67
+ config = %[
68
+ fields frame.time_epoch,dns.qry.name,dns.qry.type,dns.qry.class,dns.id,ip.src,ip.dst
69
+ extra_flags [ "not-valid value" ]
70
+ types double,string,long,long,long,string,string
71
+ ]
72
+ instance = create_driver(config).instance
73
+ assert_raise ArgumentError do instance.build_extra_flags(instance.extra_flags) end
74
+ end
75
+ end
metadata CHANGED
@@ -1,48 +1,77 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-pcapng
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
5
- prerelease:
4
+ version: 0.1.1
6
5
  platform: ruby
7
6
  authors:
8
7
  - enukane
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2015-10-08 00:00:00.000000000 Z
11
+ date: 2017-05-30 00:00:00.000000000 Z
13
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 0.12.14
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '2'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: 0.12.14
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '2'
14
33
  - !ruby/object:Gem::Dependency
15
34
  name: bundler
16
35
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
36
  requirements:
19
- - - ~>
37
+ - - "~>"
20
38
  - !ruby/object:Gem::Version
21
39
  version: '1.3'
22
40
  type: :development
23
41
  prerelease: false
24
42
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
43
  requirements:
27
- - - ~>
44
+ - - "~>"
28
45
  - !ruby/object:Gem::Version
29
46
  version: '1.3'
30
47
  - !ruby/object:Gem::Dependency
31
48
  name: rake
32
49
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
50
  requirements:
35
- - - ! '>='
51
+ - - ">="
36
52
  - !ruby/object:Gem::Version
37
53
  version: '0'
38
54
  type: :development
39
55
  prerelease: false
40
56
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
57
  requirements:
43
- - - ! '>='
58
+ - - ">="
44
59
  - !ruby/object:Gem::Version
45
60
  version: '0'
61
+ - !ruby/object:Gem::Dependency
62
+ name: test-unit
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '3.0'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: '3.0'
46
75
  description: Fluentd plugin for tshark (pcapng) monitoring from specified interface
47
76
  email:
48
77
  - enukane@glenda9.org
@@ -50,7 +79,8 @@ executables: []
50
79
  extensions: []
51
80
  extra_rdoc_files: []
52
81
  files:
53
- - .gitignore
82
+ - ".gitignore"
83
+ - ".travis.yml"
54
84
  - Gemfile
55
85
  - LICENSE.txt
56
86
  - README.md
@@ -58,35 +88,32 @@ files:
58
88
  - fluent-plugin-pcapng.gemspec
59
89
  - lib/fluent/plugin/in_pcapng.rb
60
90
  - sample/pcapng.conf.sample
91
+ - test/helper.rb
92
+ - test/test_in_ngpcap.rb
61
93
  homepage: https://github.com/enukane/fluent-plugin-pcapng
62
94
  licenses:
63
95
  - MIT
96
+ metadata: {}
64
97
  post_install_message:
65
98
  rdoc_options: []
66
99
  require_paths:
67
100
  - lib
68
101
  required_ruby_version: !ruby/object:Gem::Requirement
69
- none: false
70
102
  requirements:
71
- - - ! '>='
103
+ - - ">="
72
104
  - !ruby/object:Gem::Version
73
105
  version: '0'
74
- segments:
75
- - 0
76
- hash: 573394323
77
106
  required_rubygems_version: !ruby/object:Gem::Requirement
78
- none: false
79
107
  requirements:
80
- - - ! '>='
108
+ - - ">="
81
109
  - !ruby/object:Gem::Version
82
110
  version: '0'
83
- segments:
84
- - 0
85
- hash: 573394323
86
111
  requirements: []
87
112
  rubyforge_project:
88
- rubygems_version: 1.8.23
113
+ rubygems_version: 2.6.11
89
114
  signing_key:
90
- specification_version: 3
115
+ specification_version: 4
91
116
  summary: Fluentd input plugin for monitoring packets received in specified interface
92
- test_files: []
117
+ test_files:
118
+ - test/helper.rb
119
+ - test/test_in_ngpcap.rb