RubyGems - pcapr-local - Versions diffs - 0.1.10 - Mend

pcapr-local 0.1.10

Files changed (203) hide show

data/.document +5 -0
data/LICENSE.txt +20 -0
data/README.md +64 -0
data/Rakefile +57 -0
data/VERSION +1 -0
data/bin/pcap2par +49 -0
data/bin/startpcapr +40 -0
data/bin/stoppcapr +33 -0
data/bin/xtractr +5 -0
data/lib/environment.rb +106 -0
data/lib/exe/xtractr +0 -0
data/lib/mu/pcap.rb +110 -0
data/lib/mu/pcap/ethernet.rb +148 -0
data/lib/mu/pcap/header.rb +75 -0
data/lib/mu/pcap/io_pair.rb +67 -0
data/lib/mu/pcap/io_wrapper.rb +76 -0
data/lib/mu/pcap/ip.rb +61 -0
data/lib/mu/pcap/ipv4.rb +257 -0
data/lib/mu/pcap/ipv6.rb +148 -0
data/lib/mu/pcap/packet.rb +104 -0
data/lib/mu/pcap/pkthdr.rb +155 -0
data/lib/mu/pcap/reader.rb +61 -0
data/lib/mu/pcap/reader/http_family.rb +170 -0
data/lib/mu/pcap/sctp.rb +367 -0
data/lib/mu/pcap/sctp/chunk.rb +123 -0
data/lib/mu/pcap/sctp/chunk/data.rb +134 -0
data/lib/mu/pcap/sctp/chunk/init.rb +100 -0
data/lib/mu/pcap/sctp/chunk/init_ack.rb +68 -0
data/lib/mu/pcap/sctp/parameter.rb +110 -0
data/lib/mu/pcap/sctp/parameter/ip_address.rb +48 -0
data/lib/mu/pcap/stream_packetizer.rb +72 -0
data/lib/mu/pcap/tcp.rb +505 -0
data/lib/mu/pcap/udp.rb +69 -0
data/lib/mu/scenario/pcap.rb +164 -0
data/lib/mu/scenario/pcap/fields.rb +50 -0
data/lib/mu/scenario/pcap/rtp.rb +71 -0
data/lib/pcapr_local.rb +159 -0
data/lib/pcapr_local/config.rb +336 -0
data/lib/pcapr_local/db.rb +197 -0
data/lib/pcapr_local/scanner.rb +250 -0
data/lib/pcapr_local/server.rb +178 -0
data/lib/pcapr_local/www/favicon.ico +0 -0
data/lib/pcapr_local/www/favicon.png +0 -0
data/lib/pcapr_local/www/home/index.html +138 -0
data/lib/pcapr_local/www/static/image/16x16/Cancel.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/Cancel.png.1 +0 -0
data/lib/pcapr_local/www/static/image/16x16/Download.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/Folder3.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/Full Size.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/Minus.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/Plus.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/Search.png +0 -0
data/lib/pcapr_local/www/static/image/16x16/User.png +0 -0
data/lib/pcapr_local/www/static/image/48x48/Phone.png +0 -0
data/lib/pcapr_local/www/static/image/48x48/Video.png +0 -0
data/lib/pcapr_local/www/static/image/bar-orange.gif +0 -0
data/lib/pcapr_local/www/static/image/beta.png +0 -0
data/lib/pcapr_local/www/static/image/bg.png +0 -0
data/lib/pcapr_local/www/static/image/blockquote.png +0 -0
data/lib/pcapr_local/www/static/image/body-bg.png +0 -0
data/lib/pcapr_local/www/static/image/body-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl1-bg.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl1-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl1-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl2-bg.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl2-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl2-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl3-bg.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl3-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl3-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl4-bg.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl4-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl4-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl5-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl6-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl7-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-hl8-h3.png +0 -0
data/lib/pcapr_local/www/static/image/body-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/bottom-bg.png +0 -0
data/lib/pcapr_local/www/static/image/bottom-l.png +0 -0
data/lib/pcapr_local/www/static/image/bottom-r.png +0 -0
data/lib/pcapr_local/www/static/image/btn-search.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-1.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-2.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-3.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-4.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-5.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-6.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-7.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-hl1.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-hl2.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-hl3.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-hl4.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-pathway.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-section1.png +0 -0
data/lib/pcapr_local/www/static/image/bullet-section2.png +0 -0
data/lib/pcapr_local/www/static/image/collapsed.gif +0 -0
data/lib/pcapr_local/www/static/image/crosslink.png +0 -0
data/lib/pcapr_local/www/static/image/expanded.gif +0 -0
data/lib/pcapr_local/www/static/image/favicon.ico +0 -0
data/lib/pcapr_local/www/static/image/favicon.png +0 -0
data/lib/pcapr_local/www/static/image/icon-author.png +0 -0
data/lib/pcapr_local/www/static/image/icon-created.png +0 -0
data/lib/pcapr_local/www/static/image/p-expand.gif +0 -0
data/lib/pcapr_local/www/static/image/pcapr-logo.png +0 -0
data/lib/pcapr_local/www/static/image/powered-by.png +0 -0
data/lib/pcapr_local/www/static/image/section1-bg.png +0 -0
data/lib/pcapr_local/www/static/image/section1-h3.png +0 -0
data/lib/pcapr_local/www/static/image/section1-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/section2-bg.png +0 -0
data/lib/pcapr_local/www/static/image/section2-h3.png +0 -0
data/lib/pcapr_local/www/static/image/section2-readmore.png +0 -0
data/lib/pcapr_local/www/static/image/status-alert.png +0 -0
data/lib/pcapr_local/www/static/image/status-download.png +0 -0
data/lib/pcapr_local/www/static/image/status-info.png +0 -0
data/lib/pcapr_local/www/static/image/status-note.png +0 -0
data/lib/pcapr_local/www/static/image/tab-round.png +0 -0
data/lib/pcapr_local/www/static/image/throbber.gif +0 -0
data/lib/pcapr_local/www/static/image/user.jpg +0 -0
data/lib/pcapr_local/www/static/script/closet/async.js +421 -0
data/lib/pcapr_local/www/static/script/closet/closet.api.js +241 -0
data/lib/pcapr_local/www/static/script/closet/closet.folders.js +94 -0
data/lib/pcapr_local/www/static/script/closet/closet.js +187 -0
data/lib/pcapr_local/www/static/script/closet/closet.mr.js +219 -0
data/lib/pcapr_local/www/static/script/closet/closet.options.js +359 -0
data/lib/pcapr_local/www/static/script/closet/closet.quantity.js +73 -0
data/lib/pcapr_local/www/static/script/closet/closet.render.js +205 -0
data/lib/pcapr_local/www/static/script/closet/closet.report.js +86 -0
data/lib/pcapr_local/www/static/script/closet/closet.reports.http.js +135 -0
data/lib/pcapr_local/www/static/script/closet/closet.reports.overview.js +163 -0
data/lib/pcapr_local/www/static/script/closet/closet.reports.sip.js +159 -0
data/lib/pcapr_local/www/static/script/closet/closet.reports.tcp.js +72 -0
data/lib/pcapr_local/www/static/script/closet/closet.reports.visualize.js +263 -0
data/lib/pcapr_local/www/static/script/closet/closet.util.js +40 -0
data/lib/pcapr_local/www/static/script/jquery/jquery-1.4.2.min.js +154 -0
data/lib/pcapr_local/www/static/script/jquery/jquery-ui.js +10921 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.flot.js +2123 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.flot.selection.js +184 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.flot.stack.js +184 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.form.js +643 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.jsonp.min.js +3 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.menu.js +142 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.suggest.js +308 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.ui.core.js +203 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.ui.slider.js +629 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.ui.sortable.js +1055 -0
data/lib/pcapr_local/www/static/script/jquery/jquery.ui.widget.js +236 -0
data/lib/pcapr_local/www/static/script/json2.js +481 -0
data/lib/pcapr_local/www/static/script/sammy/plugins/sammy.cache.js +115 -0
data/lib/pcapr_local/www/static/script/sammy/plugins/sammy.template.js +117 -0
data/lib/pcapr_local/www/static/script/sammy/sammy.js +1696 -0
data/lib/pcapr_local/www/static/script/tipsy/jquery.tipsy.js +104 -0
data/lib/pcapr_local/www/static/style/c3p0.css +116 -0
data/lib/pcapr_local/www/static/style/jquery.suggest.css +27 -0
data/lib/pcapr_local/www/static/style/page.css +1113 -0
data/lib/pcapr_local/www/static/style/tipsy.css +7 -0
data/lib/pcapr_local/www/templates/browse.services.template +10 -0
data/lib/pcapr_local/www/templates/browse.template +77 -0
data/lib/pcapr_local/www/templates/flows.template +38 -0
data/lib/pcapr_local/www/templates/pcap.template +63 -0
data/lib/pcapr_local/www/templates/sip.calls.template +35 -0
data/lib/pcapr_local/www/templates/statistics.template +6 -0
data/lib/pcapr_local/xtractr.rb +179 -0
data/lib/pcapr_local/xtractr/instance.rb +172 -0
data/pcapr-local.gemspec +297 -0
data/test/mu/pcap/reader/tc_http_family.rb +251 -0
data/test/mu/pcap/tc_ethernet.rb +71 -0
data/test/mu/pcap/tc_header.rb +56 -0
data/test/mu/pcap/tc_ipv4.rb +103 -0
data/test/mu/pcap/tc_ipv6.rb +83 -0
data/test/mu/pcap/tc_packet.rb +44 -0
data/test/mu/pcap/tc_pair.rb +58 -0
data/test/mu/pcap/tc_pkthdr.rb +33 -0
data/test/mu/pcap/tc_reader.rb +76 -0
data/test/mu/pcap/tc_tcp.rb +426 -0
data/test/mu/pcap/tc_udp.rb +33 -0
data/test/mu/pcap/tc_wrapper.rb +80 -0
data/test/mu/scenario/pcap/tc_fields.rb +67 -0
data/test/mu/scenario/pcap/tc_rtp.rb +135 -0
data/test/mu/scenario/sip_signalled_call_1.pcap +0 -0
data/test/mu/scenario/tc_pcap.rb +190 -0
data/test/mu/scenario/test_data/arp.pcap +0 -0
data/test/mu/scenario/test_data/dns.pcap +0 -0
data/test/mu/scenario/test_data/http-v6.pcap +0 -0
data/test/mu/scenario/test_data/http.pcap +0 -0
data/test/mu/scenario/test_data/http_chunked.pcap +0 -0
data/test/mu/scenario/test_data/http_deflate.pcap +0 -0
data/test/mu/scenario/test_data/httpauth3.pcap +0 -0
data/test/mu/scenario/test_data/icmp.pcap +0 -0
data/test/mu/scenario/test_data/sip_signalled_call_1.pcap +0 -0
data/test/mu/tc_pcap.rb +39 -0
data/test/mu/testcase.rb +86 -0
data/test/pcapr_local/arp.pcap +0 -0
data/test/pcapr_local/data.js +3 -0
data/test/pcapr_local/http_chunked.pcap +0 -0
data/test/pcapr_local/tc_api.rb +181 -0
data/test/pcapr_local/test.tgz +0 -0
data/test/pcapr_local/test_scanner.rb +241 -0
data/test/pcapr_local/test_xtractr.rb +219 -0
data/test/pcapr_local/testcase.rb +107 -0
data/test/test_export_to_scenario.sh +25 -0
data/test/test_pcapr_local.rb +29 -0
metadata +450 -0

data/lib/mu/pcap/udp.rb ADDED Viewed

@@ -0,0 +1,69 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+module Mu
+class Pcap
+class UDP < Packet
+    attr_accessor :src_port, :dst_port
+    def initialize src_port=0, dst_port=0
+        super()
+        @src_port = src_port
+        @dst_port = dst_port
+    end
+    def flow_id
+        return [:udp, @src_port, @dst_port]
+    end
+    FMT_nnnn = 'nnnn'
+    def self.from_bytes bytes
+        bytes_length = bytes.length
+        bytes_length >= 8 or
+            raise ParseError, "Truncated UDP header: expected 8 bytes, got #{bytes_length} bytes"
+        sport, dport, length, checksum = bytes.unpack(FMT_nnnn)
+        bytes_length >= length or
+            raise ParseError, "Truncated UDP packet: expected #{length} bytes, got #{bytes_length} bytes"
+        udp = UDP.new sport, dport
+        udp.payload_raw = bytes[8..-1]
+        udp.payload = bytes[8..length]
+        return udp
+    end
+    def write io, ip
+        length = @payload.length
+        length_8 = length + 8
+        if length_8 > 65535
+            Pcap.warning "UDP payload is too large"
+        end
+        pseudo_header = ip.pseudo_header length_8
+        header = [@src_port, @dst_port, length_8, 0] \
+            .pack FMT_nnnn
+        checksum = IP.checksum(pseudo_header + header + @payload)
+        header = [@src_port, @dst_port, length_8, checksum] \
+            .pack FMT_nnnn
+        io.write header
+        io.write @payload
+    end
+    def self.udp? packet
+        return packet.is_a?(Ethernet) &&
+            packet.payload.is_a?(IP) &&
+            packet.payload.payload.is_a?(UDP)
+    end
+    def to_s
+        return "udp(%d, %d, %s)" % [@src_port, @dst_port, @payload.inspect]
+    end
+    def == other
+        return super &&
+            self.src_port == other.src_port &&
+            self.dst_port == other.dst_port
+    end
+end
+end
+end

data/lib/mu/scenario/pcap.rb ADDED Viewed

@@ -0,0 +1,164 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+require 'tempfile'
+require 'fileutils'
+require 'mu/scenario/pcap/fields'
+require 'mu/pcap'
+require 'json'
+module Mu
+class Scenario
+module Pcap
+    TSHARK_READ_TIMEOUT     = 10.0 # seconds
+    TSHARK_LINES_PER_PACKET = 16384
+    TSHARK_OPTS = "-n -o tcp.desegment_tcp_streams:false"
+    TSHARK_SIZE_OPTS = "-n -o 'column.format: cum_size, \"%B\"'"
+    TSHARK_PSML_OPTS = %Q{#{TSHARK_OPTS} -o 'column.format: "Protocol", "%p", "Info", "%i"'}
+    MAX_PCAP_SIZE = 102400 # 100KB
+    MAX_RAW_PCAP_SIZE_MB = 25
+    MAX_RAW_PCAP_SIZE = MAX_RAW_PCAP_SIZE_MB * 1024 * 1000
+    EXCLUDE_FROM_SIZE_CHECK = ['rtp'].freeze
+    class PcapTooLarge < StandardError; end
+    def self.validate_pcap_size(path)
+        tshark_filter = EXCLUDE_FROM_SIZE_CHECK.map{ |proto| "not #{proto}" }.join " and "
+        io = ::IO.popen "tshark #{TSHARK_SIZE_OPTS} -r #{path} -R '#{tshark_filter}' | tail -1"
+        if ::IO.select [ io ], nil, nil, TSHARK_READ_TIMEOUT
+            if io.eof?
+                size = 0
+            else
+                last_line = io.readline
+                size = last_line.to_i
+            end
+        end
+        if size.nil? or size == 0
+            size = File.size(path)
+        end
+        if size > MAX_PCAP_SIZE
+            raise PcapTooLarge, "Selected packets have a size of #{size} bytes which " +
+                "exceeds the #{MAX_PCAP_SIZE} byte maximum."
+        end
+        if size > MAX_RAW_PCAP_SIZE
+            raise PcapTooLarge, "Selected packets have a raw size of #{size} bytes which " +
+                "exceeds the #{MAX_RAW_PCAP_SIZE_MB}MB maximum."
+        end
+        return size
+    end
+    PAR_VERSION = 1
+    def self.export_to_par pcap_path, opts=nil
+        opts ||= {}
+        # Open pcap file
+        File.exist?(pcap_path) or raise "Cannot open file '#{pcap_path}'."
+        validate_pcap_size pcap_path
+        pcap = open pcap_path, 'rb'
+        # Get Mu::Pcap::Packets
+        packets = to_pcap_packets pcap, opts[:isolate_l7]
+        # Write normalized packets to tempfile
+        tmpdir = Dir.mktmpdir
+        norm_pcap = File.open "#{tmpdir}/normalized.pcap", 'wb'
+        pcap = Mu::Pcap.from_packets packets
+        pcap.write norm_pcap
+        norm_pcap.close
+        # Get wireshark dissected field values for all packets.
+        `tshark -T fields #{TSHARK_OPTS} #{Fields::TSHARK_OPTS} -Eseparator='\xff' -r #{norm_pcap.path} > #{tmpdir}/fields`
+        fields = open "#{tmpdir}/fields", 'rb'
+        # Get wireshark dissected field values for all packets.
+        fields_array = []
+        if fields
+            packets.each do |packet|
+                fields_array <<  Fields.next_from_io(fields)
+            end
+        end
+        # Protocol specific preprocessing, packets may be deleted.
+        Rtp.preprocess packets, fields_array
+        File.open "#{tmpdir}/packets.dump", 'wb' do |f|
+            Marshal.dump packets, f
+        end
+        # Create a second pcap with packets removed.
+        norm_pcap = File.open "#{tmpdir}/normalized.pcap", 'wb'
+        pcap = Mu::Pcap.from_packets packets
+        pcap.write norm_pcap
+        norm_pcap.close
+        # Dump PSML to file.
+        # (The no-op filter sometimes produces slighty more verbose descriptions.)
+        `tshark -T psml #{TSHARK_PSML_OPTS} -r #{norm_pcap.path} -R 'rtp or not rtp' > #{tmpdir}/psml`
+        # Dump PDML io file.
+        `tshark -T pdml #{TSHARK_OPTS} -r #{norm_pcap.path} > #{tmpdir}/pdml`
+        pdml = open "#{tmpdir}/pdml", 'rb'
+        # Create about
+        open "#{tmpdir}/about", 'w' do |about|
+            about.puts({:par_version => PAR_VERSION}.to_json)
+        end
+        # Create zip
+        Dir.chdir tmpdir do
+            system "zip -q dissected.zip about pdml psml fields packets.dump normalized.pcap"
+            return open("dissected.zip")
+        end
+    ensure
+        if tmpdir
+            FileUtils.rm_rf tmpdir
+        end
+    end
+    def self.to_pcap_packets io, isolate_l7=true
+        packets = []
+        # Read Pcap packets from Pcap
+        Mu::Pcap.each_pkthdr io do |pkthdr|
+            if pkthdr.len != pkthdr.caplen
+                raise Mu::Pcap::ParseError, "Error: Capture contains truncated packets. " +
+                    "Try recapturing with an increased snapshot length."
+            end
+            if not pkthdr.pkt.is_a? Mu::Pcap::Ethernet
+                warning 'Unable to parse packet, skipping.'
+            end
+            packets << pkthdr.pkt
+        end
+        if (packets.length == 0)
+            raise Mu::Pcap::ParseError, "No valid packets found!"
+        end
+        packets = Mu::Pcap::IPv4.reassemble packets
+        if isolate_l7
+            packets = Mu::Pcap::Packet.isolate_l7 packets
+        end
+        packets = Mu::Pcap::Packet.normalize packets
+        packets = Mu::Pcap::TCP.split packets
+        packets
+    end
+    def self.warning msg
+        $stderr.puts "WARNING: #{msg}"#, caller, $!
+    end
+end
+end
+end
+require 'mu/scenario/pcap/rtp'

data/lib/mu/scenario/pcap/fields.rb ADDED Viewed

@@ -0,0 +1,50 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+require 'mu/scenario/pcap'
+module Mu
+class Scenario
+module Pcap
+class Fields
+    FIELDS = [
+        :rtp,
+        :"rtp.setup-frame"
+    ].freeze
+    FIELD_COUNT = FIELDS.length
+    SEPARATOR   = "\xff".freeze
+    TSHARK_OPTS = "-Eseparator='#{SEPARATOR}'"
+    FIELDS.each do |field|
+        TSHARK_OPTS << " -e #{field}"
+    end
+    TSHARK_OPTS.freeze
+    def self.readline io
+        if ::IO.select [ io ], nil, nil, Pcap::TSHARK_READ_TIMEOUT
+            return io.readline.chomp
+        end
+        raise Errno::ETIMEDOUT, "read timed out"
+    end
+    def self.next_from_io io
+        if line = readline(io)
+            fields = line.split SEPARATOR, FIELD_COUNT
+            hash = {}
+            FIELDS.each do |key|
+                val = fields.shift
+                hash[key] = val.empty? ? nil : val
+            end
+            return hash
+        end
+    rescue Exception => e
+        Pcap.warning e.message
+        return nil
+    end
+end
+end
+end
+end

data/lib/mu/scenario/pcap/rtp.rb ADDED Viewed

@@ -0,0 +1,71 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+module Mu
+class Scenario
+module Pcap
+module Rtp
+    TRUNC_COUNT = 5
+    def self.preprocess packets, fields_per_packet
+        signaled_by = []
+        prev_signal_frame = {}
+        packets.each_with_index do |packet, idx|
+            fields = fields_per_packet[idx]
+            if fields and fields[:rtp]
+                flow_id = packet.flow_id
+                if frame = fields[:"rtp.setup-frame"]
+                    prev_signal_frame[flow_id] = frame
+                else
+                    if frame = prev_signal_frame[flow_id]
+                        fields[:"rtp.setup-frame"] = frame
+                    else
+                        packets[idx] = nil
+                        fields_per_packet[idx] = nil
+                        next
+                   end
+                end
+                sig_idx = frame.to_i
+                signaled_by[idx] = sig_idx
+            end
+        end
+        flow_to_count = Hash.new 0
+        prev_setup_frame = {}
+        keep_frames = []
+        packets.each_with_index do |packet, idx|
+            if setup_frame = signaled_by[idx]
+                flow = packet.flow_id
+                count = flow_to_count[flow]
+                if setup_frame != prev_setup_frame[flow]
+                    prev_setup_frame[flow] = setup_frame
+                    count = 1
+                else
+                    count += 1
+                end
+                if count <= TRUNC_COUNT
+                    keep_frames << idx + 1
+                else
+                    packets[idx] = nil
+                    fields_per_packet[idx] = nil
+                end
+                flow_to_count[flow] = count
+            end
+        end
+        packets.reject! {|p| not p }
+        fields_per_packet.reject! {|p| not p }
+        filter = "not rtp"
+        keep_frames.each do |frame|
+            filter << " or frame.number == #{frame}"
+        end
+        return filter
+    end
+end
+end
+end
+end

data/lib/pcapr_local.rb ADDED Viewed

@@ -0,0 +1,159 @@
+# http://www.mudynamics.com
+# http://labs.mudynamics.com
+# http://www.pcapr.net
+require 'rubygems'
+require 'environment'
+require 'pcapr_local/config'
+require 'pcapr_local/scanner'
+require 'pcapr_local/server'
+require 'pcapr_local/xtractr'
+require 'logger'
+module PcaprLocal
+    START_SCRIPT = File.join(ROOT, 'bin/pcapr_start.rb')
+    # We share a single Logger across all of pcapr.Local.
+    Logger = Logger.new(STDOUT)
+    # Recreate logger using configured log location.
+    LOGFILE = "server.log"
+    def self.start_logging log_dir
+        if log_dir and not log_dir.empty?
+            if const_defined? :Logger
+                remove_const :Logger
+            end
+            logfile = File.join(log_dir, LOGFILE)
+            FileUtils.mkdir_p log_dir
+            const_set :Logger, Logger.new(logfile, 5)
+        end
+    end
+    # Start xtractr instance manager.
+    def self.start_xtractr config
+        xtractr_config = config['xtractr'].merge(
+            "index_dir" => config.fetch("index_dir"),
+            "pcap_dir"  => config.fetch("pcap_dir")
+        )
+        Xtractr.new xtractr_config
+    end
+    # Start file system scanner.
+    def self.start_scanner config, db, xtractr
+        scanner_config = config.fetch('scanner').merge(
+            "index_dir" => config.fetch("index_dir"),
+            "pcap_dir" => config.fetch("pcap_dir"),
+            "db" => db,
+            "xtractr" => xtractr
+        )
+        PcaprLocal::Scanner.start scanner_config
+    end
+    # Start webserver UI/API
+    def self.start_app config, db, scanner, xtractr
+        app_config = config.fetch "app"
+        root = File.expand_path(File.dirname(__FILE__))
+        app_file = File.join(root, "pcapr_local/server.rb")
+        PcaprLocal::Server.run! \
+            :app_file => app_file,
+            :dump_errors => true,
+            :logging => true,
+            :port    => app_config.fetch("port"),
+            :bind    => app_config.fetch("host"),
+            :db      => db,
+            :scanner => scanner,
+            :xtractr => xtractr
+    end
+    def self.get_db config
+        PcaprLocal::DB.get_db config.fetch("couch")
+    end
+    def self.start config=nil
+        config ||= PcaprLocal::Config.config
+        # Check that server is not already running.
+        check_pid_file config['pidfile']
+        # Start logging.
+        if config["log_dir"]
+            start_logging config['log_dir']
+        end
+        start_msg = "Starting server at #{config['app']['host']}:#{config['app']['port']}"
+        Logger.info start_msg
+        puts start_msg
+        puts "Log is at #{config['log_dir']}/#{LOGFILE}"
+        # Deamonize
+        unless config['debug_mode']
+            puts "Moving server process to the background. Run 'stoppcapr' to stop the server."
+            Process.daemon
+        end
+        # Create pid file that will be deleted when we shutdown.
+        create_pid_file config['pidfile']
+        # Get database instance
+        db = get_db config
+        # Xtractr manager
+        xtractr = start_xtractr config
+        # Start scanner thread
+        scanner = start_scanner config, db, xtractr
+        # Start application server
+        start_app config, db, scanner, xtractr
+    end
+    def self.check_pid_file file
+        if File.exist? file
+            # If we get Errno::ESRCH then process does not exist and
+            # we can safely cleanup the pid file.
+            pid = File.read(file).to_i
+            begin
+                Process.kill(0, pid)
+            rescue Errno::ESRCH
+                stale_pid = true
+            rescue
+            end
+            unless stale_pid
+                puts "Server is already running (pid=#{pid})"
+                exit
+            end
+        end
+    end
+    def self.create_pid_file file
+        File.open(file, "w") { |f| f.puts Process.pid }
+        # Remove pid file during shutdown
+        at_exit do
+            Logger.info "Shutting down." rescue nil
+            if File.exist? file
+                File.unlink file
+            end
+        end
+    end
+    # Sends SIGTERM to process in pidfile. Server should trap this
+    # and shutdown cleanly.
+    def self.stop config=nil
+        user_config = Config.user_config_path
+        if File.exist?(user_config)
+            config = PcaprLocal::Config.config user_config
+            pid_file = config["pidfile"]
+            if pid_file and File.exist? pid_file
+                pid = Integer(File.read(pid_file))
+                Process.kill -15, -pid
+            end
+        end
+    end
+end
+if __FILE__ == $0
+    PcaprLocal.start
+end