trisulrp 1.2.7 → 1.2.8

data/VERSION

@@ -1 +1 @@
-1.2.7
+1.2.8

data/lib/trisulrp.rb

@@ -14,3 +14,4 @@ require 'trisulrp/trp.pb'
 require 'trisulrp/guids.rb'
 require 'trisulrp/keys.rb'
 require 'trisulrp/protocol.rb'
+require 'trisulrp/utils.rb'

data/lib/trisulrp/keys.rb

@@ -197,72 +197,111 @@ class ASNumber
     end
 end
 
-# convert a trisul key format into a human readable key 
-# [keyform]  the key form
-#
-# ==== Typical use 
-#
-# Used to convert an IP / Port or any other trisul key into a readable form
-#
-# <code>
-#
-#   make_readable("C0.A8.0C.A0") => "192.168.12.160"
-#
-#   make_readable("p-0016") => "Port-22"
-#
-# </code>
-#
-#
-#
-# Also see TrisulRP::Protocol::get_labels_for_keys to obtain a text name for the key
-#
-# Also see the inverse of this method make_key which convert a readable string into a key 
-# suitable for use in TRP request messages. 
-#
-# If key type cannot be accurately guessed it returns the input 
-#
-def make_readable(keyform)
-	[ TrisulRP::Keys::Port,
-	  TrisulRP::Keys::Host,
-	  TrisulRP::Keys::HostInterface,
-	  TrisulRP::Keys::Subnet,
-	  TrisulRP::Keys::ASNumber
-	].each do |kls|
-		return kls.xform(keyform) if kls.is_key_form?(keyform)
+	# convert a trisul key format into a human readable key 
+	# [keyform]  the key form
+	#
+	# ==== Typical use 
+	#
+	# Used to convert an IP / Port or any other trisul key into a readable form
+	#
+	# <code>
+	#
+	#   make_readable("C0.A8.0C.A0") => "192.168.12.160"
+	#
+	#   make_readable("p-0016") => "Port-22"
+	#
+	# </code>
+	#
+	#
+	#
+	# Also see TrisulRP::Protocol::get_labels_for_keys to obtain a text name for the key
+	#
+	# Also see the inverse of this method make_key which convert a readable string into a key 
+	# suitable for use in TRP request messages. 
+	#
+	# If key type cannot be accurately guessed it returns the input 
+	#
+	def make_readable(keyform)
+		[ TrisulRP::Keys::Port,
+		  TrisulRP::Keys::Host,
+		  TrisulRP::Keys::HostInterface,
+		  TrisulRP::Keys::Subnet,
+		  TrisulRP::Keys::ASNumber
+		].each do |kls|
+			return kls.xform(keyform) if kls.is_key_form?(keyform)
+		end
+		return keyform
 	end
-	return keyform
-end
 
 
-# convert a key in human form into trisul key format
-#
-# [humanform]  the human  form of the key 
-#
-# ==== Typical use 
-#
-# Used to convert a human form key into a Trisul Key format suitable for use with TRP requests
-#
-#
-# <code>
-#
-#   make_key("192.168.1.1") => "C0.A8.01.01"
-#
-# </code>
-#
-#
-# Also see the inverse of this method make_readable 
-#
-#
-def make_key(readable)
-    [ TrisulRP::Keys::Port,
-      TrisulRP::Keys::Host,
-	  TrisulRP::Keys::HostInterface,
-	  TrisulRP::Keys::Subnet,
-	  TrisulRP::Keys::ASNumber
-	].each do |kls|
-		return kls.invert_xform(readable) if kls.is_human_form?(readable) 
+	# convert a key in human form into trisul key format
+	#
+	# [humanform]  the human  form of the key 
+	#
+	# ==== Typical use 
+	#
+	# Used to convert a human form key into a Trisul Key format suitable for use with TRP requests
+	#
+	#
+	# <code>
+	#
+	#   make_key("192.168.1.1") => "C0.A8.01.01"
+	#
+	# </code>
+	#
+	#
+	# Also see the inverse of this method make_readable 
+	#
+	#
+	def make_key(readable)
+		[ TrisulRP::Keys::Port,
+		  TrisulRP::Keys::Host,
+		  TrisulRP::Keys::HostInterface,
+		  TrisulRP::Keys::Subnet,
+		  TrisulRP::Keys::ASNumber
+		].each do |kls|
+			return kls.invert_xform(readable) if kls.is_human_form?(readable) 
+		end
+		return readable
 	end
-	return readable
-end
+
+
+    # convert a set of keys into labels
+	#
+	# This method accepts an array of keys (which are references to counter items in Trisul) and sends
+	# a key lookup request to Trisul.  Trisul responds with labels for those keys that had labels. Finally a 
+	# ready to use map is constructed and returned to the caller.
+	#
+	# [conn]    a TRP connection opened earlier via connect(..) 
+	# [cgguid]  a counter group id. See TrisulRP::Guids for a list of common guids 
+	# [key_arr] an array of keys, possibly obtained as a result of an earlier command
+	#
+	# ==== Returns
+	# a hash of Key => Label. All keys in the incoming array will have a hash entry. If Trisul could not
+	# find a label for a key, it will store the key itself as the hash value.
+	#
+	# ==== Typical usage 
+	#
+	# You use this method as a bulk resolving mechanism. 
+	# <code>
+	#
+	#  host_keys = ["0A.0A.18.E0", "B1.01.8F.01",...]
+    #  host_names   = TrisulRP::Protocol.get_labels_for_keys(conn,
+	#                       TrisulRP::Guids::CG_HOSTS, host_keys)
+	#
+	#  host_names["0A.0A.18.E0"] = "demo.trisul.org"   # ok 
+	#  host_names["B1.01.8F.01"] = "B1.01.8F.01"       # no label for this key
+	#
+	# </code>
+	#
+	def get_labels_for_keys(conn, cgguid, key_arr)
+		req = mk_request(TRP::Message::Command::KEY_LOOKUP_REQUEST,
+		  :counter_group  => cgguid, :keys => key_arr.uniq )
+		h = key_arr.inject({}) { |m,i| m.store(i,make_readable(i)); m }
+		get_response(conn,req) do |resp|
+				resp.key_lookup_response.key_details.each { |d| h.store(d.key,d.label) }
+		end
+		return h
+	  end
 
 end

data/lib/trisulrp/protocol.rb

@@ -1,4 +1,4 @@
-# = Trisul Remote Protocol helper  functions
+# = Trisul Remote Protocol functions
 # 
 # dependency = ruby_protobuf
 #
@@ -110,45 +110,6 @@ module TrisulRP::Protocol
 		end
 		return [from_tm,to_tm]
   	end
-
-    # convert a set of keys into labels
-	#
-	# This method accepts an array of keys (which are references to counter items in Trisul) and sends
-	# a key lookup request to Trisul.  Trisul responds with labels for those keys that had labels. Finally a 
-	# ready to use map is constructed and returned to the caller.
-	#
-	# [conn]    a TRP connection opened earlier via connect(..) 
-	# [cgguid]  a counter group id. See TrisulRP::Guids for a list of common guids 
-	# [key_arr] an array of keys, possibly obtained as a result of an earlier command
-	#
-	# ==== Returns
-	# a hash of Key => Label. All keys in the incoming array will have a hash entry. If Trisul could not
-	# find a label for a key, it will store the key itself as the hash value.
-	#
-	# ==== Typical usage 
-	#
-	# You use this method as a bulk resolving mechanism. 
-	# <code>
-	#
-	#  host_keys = ["0A.0A.18.E0", "B1.01.8F.01",...]
-    #  host_names   = TrisulRP::Protocol.get_labels_for_keys(conn,
-	#                       TrisulRP::Guids::CG_HOSTS, host_keys)
-	#
-	#  host_names["0A.0A.18.E0"] = "demo.trisul.org"   # ok 
-	#  host_names["B1.01.8F.01"] = "B1.01.8F.01"       # no label for this key
-	#
-	# </code>
-	#
-	def get_labels_for_keys(conn, cgguid, key_arr)
-		req = mk_request(TRP::Message::Command::KEY_LOOKUP_REQUEST,
-		  :counter_group  => cgguid, :keys => key_arr.uniq )
-		h = key_arr.inject({}) { |m,i| m.store(i,i); m }
-		get_response(conn,req) do |resp|
-				resp.key_lookup_response.key_details.each { |d| h.store(d.key,d.label) }
-		end
-		return h
-	  end
-
      # Helper to create a TRP TimeInterval object
 	 #
 	 # [tmarr]	An array of two Time objects representing a window
@@ -198,7 +159,7 @@ module TrisulRP::Protocol
 	 # </code>
 	 #
 	 #
-     def mk_request(cmd_id,params)
+     def mk_request(cmd_id,params={})
 		req = TRP::Message.new(:trp_command => cmd_id)
 		case cmd_id
 		when TRP::Message::Command::HELLO_REQUEST
@@ -212,7 +173,7 @@ module TrisulRP::Protocol
 		when TRP::Message::Command::CONTROLLED_COUNTER_GROUP_REQUEST
 		  req.controlled_counter_group_request = TRP::ControlledCounterGroupRequest.new(params)
 		when TRP::Message::Command::FILTERED_DATAGRAMS_REQUEST
-		  req.filtered_datagrams_request = TRP::FilteredDatagramsRequest.new(params)
+		  req.filtered_datagram_request = TRP::FilteredDatagramRequest.new(params)
 		when TRP::Message::Command::CONTROLLED_CONTEXT_REQUEST
 		  req.controlled_context_request = TRP::ControlledContextRequest.new(params)
 		when TRP::Message::Command::SEARCH_KEYS_REQUEST

data/lib/trisulrp/trp.pb.rb

@@ -370,11 +370,48 @@ module TRP
   end
 
   class FilteredDatagramRequest < ::ProtocolBuffers::Message
+    # forward declarations
+    class ByFilterExpr < ::ProtocolBuffers::Message; end
+    class BySession < ::ProtocolBuffers::Message; end
+    class ByAlert < ::ProtocolBuffers::Message; end
+    class ByResource < ::ProtocolBuffers::Message; end
+
+    # nested messages
+    class ByFilterExpr < ::ProtocolBuffers::Message
+      required ::TRP::TimeInterval, :time_interval, 1
+      required :string, :filter_expression, 2
+
+      gen_methods! # new fields ignored after this point
+    end
+
+    class BySession < ::ProtocolBuffers::Message
+      optional :string, :session_group, 1, :default => "{99A78737-4B41-4387-8F31-8077DB917336}"
+      required ::TRP::SessionID, :session_id, 2
+
+      gen_methods! # new fields ignored after this point
+    end
+
+    class ByAlert < ::ProtocolBuffers::Message
+      optional :string, :alert_group, 1, :default => "{9AFD8C08-07EB-47E0-BF05-28B4A7AE8DC9}"
+      required ::TRP::AlertID, :alert_id, 2
+
+      gen_methods! # new fields ignored after this point
+    end
+
+    class ByResource < ::ProtocolBuffers::Message
+      required :string, :resource_group, 1
+      required ::TRP::ResourceID, :resource_id, 2
+
+      gen_methods! # new fields ignored after this point
+    end
+
     optional :int64, :max_packets, 1, :default => 0
     optional :int64, :max_bytes, 2, :default => 0
     optional ::TRP::CompressionType, :compress_type, 3, :default => ::TRP::CompressionType::UNCOMPRESSED
-    required ::TRP::TimeInterval, :time_interval, 4
-    required :string, :filter_expression, 5
+    optional ::TRP::FilteredDatagramRequest::ByFilterExpr, :filter_expression, 4
+    optional ::TRP::FilteredDatagramRequest::BySession, :session, 5
+    optional ::TRP::FilteredDatagramRequest::ByAlert, :alert, 6
+    optional ::TRP::FilteredDatagramRequest::ByResource, :resource, 7
 
     gen_methods! # new fields ignored after this point
   end
@@ -741,7 +778,7 @@ module TRP
     optional :int64, :context, 1, :default => 0
     optional :string, :session_group, 2, :default => "{99A78737-4B41-4387-8F31-8077DB917336}"
     required ::TRP::TimeInterval, :time_interval, 3
-    optional :int64, :maxitems, 4, :default => 500
+    optional :int64, :maxitems, 4, :default => 50
     required :string, :pattern, 5
 
     gen_methods! # new fields ignored after this point

data/lib/trisulrp/trp.proto

@@ -1,7 +1,7 @@
 // Trisul Remote Protocol (TRP) definition
 // Based on Google Protocol Buffers
-// (c) 2010-11, Unleash Networks
-// $Rev: 3442 $
+// (c) 2010-11, Unleash Networks (http://www.unleashnetworks.com)
+// $Rev: 3535 $
 package TRP;
 
 message Timestamp  {
@@ -274,8 +274,35 @@ message FilteredDatagramRequest{
     optional int64          max_packets=1[default=0];                
     optional int64          max_bytes=2[default=0];                   
     optional CompressionType compress_type=3[default=UNCOMPRESSED];              
-    required TimeInterval   time_interval=4;                   
-    required string         filter_expression=5;
+
+	// by trisul filter format expr
+	message ByFilterExpr {
+		required TimeInterval   time_interval=1;                   
+		required string         filter_expression=2;
+	}
+	optional ByFilterExpr 	filter_expression=4;
+
+	// by session
+	message BySession   {
+    	optional string         session_group=1[default="{99A78737-4B41-4387-8F31-8077DB917336}"];
+		required SessionID		session_id=2;
+	}
+	optional BySession			session=5;
+
+
+	// by alert
+	message ByAlert     {
+		optional string			alert_group=1[default="{9AFD8C08-07EB-47E0-BF05-28B4A7AE8DC9}"];
+		required AlertID		alert_id=2;
+	}
+	optional ByAlert			alert=6;
+
+	// by resource
+	message ByResource  {
+		required string			resource_group=1;
+		required ResourceID		resource_id=2;
+	}
+	optional ByResource			resource=7;
 }
 
 /////////////////////////////////////
@@ -627,7 +654,7 @@ message GrepRequest {
     optional int64          context=1[default=0];            
     optional string         session_group=2[default="{99A78737-4B41-4387-8F31-8077DB917336}"];
     required TimeInterval   time_interval=3;
-    optional int64          maxitems=4 [default=500];
+    optional int64          maxitems=4 [default=50];
     required string         pattern=5;
 }
 

data/lib/trisulrp/utils.rb

@@ -0,0 +1,129 @@
+# = TrisulRP utility  methods 
+# 
+# == Contains utility to print objects like flows, alerts
+#    and to resolve keys etc
+#
+
+# ==== TrisulRP::Utils
+#
+# Utility methods to help with 
+# * retrieving and printing objects
+# * prints sessions / alerts if given an array of IDs
+# * helper to resolve a key 
+# 
+# 
+module TrisulRP::Utils
+
+	# Print session (flow) details 
+	#
+	# [conn]               active TRP connection opened earlier 
+	# [sessions]           an array of SessionIDs
+	#
+	# ==== Returns
+	# ==== Yields
+	# Nothing 
+	#
+	# Prints details about the list of sessions (flows) passed 
+	#
+	# ==== On error
+	def print_session_details(conn,sessions)
+        all_sids = sessions.collect{ |ai| TRP::SessionID.new(
+                     :slice_id => ai.slice_id,
+                     :session_id => ai.session_id ) }
+
+        follow_up = TrisulRP::Protocol.mk_request(TRP::Message::Command::SESSION_ITEM_REQUEST,
+												  :session_ids => all_sids)
+
+        TrisulRP::Protocol.get_response(conn,follow_up) do |resp|
+          resp.session_item_response.items.each do |item|
+            print "#{item.session_id.slice_id},#{item.session_id.session_id} "
+            print "#{Time.at(item.time_interval.from.tv_sec)} "
+            print "#{item.time_interval.to.tv_sec-item.time_interval.from.tv_sec} ".rjust(8)
+            print "#{item.key1A.label}".ljust(28)
+            print "#{item.key2A.label}".ljust(11)
+            print "#{item.key1Z.label}".ljust(28)
+            print "#{item.key2Z.label}".ljust(11)
+            print "#{item.az_bytes}".rjust(10)
+            print "#{item.za_bytes}".rjust(10)
+            print "\n"
+          end
+        end
+  end
+
+	# Make key
+	#
+	# [conn]           active TRP connection opened earlier 
+	# [guid]           counter group id (eg hosts, apps, countries)
+	# [str]			   eg a resolved name (eg a host like www.blue.net)
+	#
+	# ==== Returns
+	# A string containing the key in Trisul format corresponding to the
+	# label passed in via ''str'' 
+	#
+	# ==== Yields
+	# Nothing 
+	#
+	# ==== On error
+	def mk_trisul_key(conn,guid,str)
+    	req = TrisulRP::Protocol.mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
+        								  :pattern => str,
+										  :counter_group => guid,
+										  :maxitems => 1)
+
+    	resp = TrisulRP::Protocol.get_response(conn,req)
+
+		if resp.search_keys_response.found_keys.size > 0 
+			resp.search_keys_response.found_keys[0].key
+		else
+			str
+		end
+  end
+
+	# Print alert details 
+	#
+	# [conn]               active TRP connection opened earlier 
+	# [alerts]             an array of AlertIDs
+	#
+	# ==== Returns
+	# ==== Yields
+	# Nothing 
+	#
+	# Prints details about the list of alerts passed 
+	#
+	# ==== On error
+   def print_alert_details(conn, alerts)
+
+    p "No alerts found " and return if alerts.empty?
+
+	# retrieve details of alerts from server 
+       follow_up = TrisulRP::Protocol.mk_request(TRP::Message::Command::ALERT_ITEM_REQUEST,
+					:alert_group  => TrisulRP::Guids::AG_IDS,
+	    			:alert_ids    => alerts.collect do |al| 
+										TRP::AlertID.new(:slice_id => al.slice_id, 
+										:alert_id => al.alert_id)
+									 end
+				)
+
+
+
+	TrisulRP::Protocol.get_response(conn,follow_up) do | resp2 |
+         resp=resp2.alert_item_response
+         resolv_candidates = resp.items.collect { |item| [item.source_ip, item.source_port, item.destination_ip, item.destination_port,item.sigid]  }
+         resolv_arr = resolv_candidates.transpose
+         sip_names   = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_HOST, resolv_arr[0])
+         sport_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_APP,  resolv_arr[1])
+         dip_names   = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_HOST, resolv_arr[2])
+         dport_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_APP,  resolv_arr[3])
+         sigid_names = TrisulRP::Keys.get_labels_for_keys(conn,TrisulRP::Guids::CG_ALERT_SIGNATURES, resolv_arr[4])
+         resp.items.each do |item|
+           print "#{Time.at(item.time.tv_sec)} "
+           print "#{sip_names[item.source_ip]}".ljust(28)
+           print "#{sport_names[item.source_port]}".ljust(11)
+           print "#{dip_names[item.destination_ip]}".ljust(28)
+           print "#{dport_names[item.destination_port]}".ljust(11)
+           print "#{sigid_names[item.sigid]}".rjust(10)
+           print "\n"
+         end
+   end
+ end
+end

data/test/helper.rb

@@ -12,49 +12,11 @@ require 'shoulda'
 
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
+
 require 'trisulrp'
 
 class Test::Unit::TestCase
 
-  # helper function to get session info and print in a table 
-  def print_session_details(conn,sessions)
-        all_sids = sessions.collect{ |ai| TRP::SessionID.new(
-                     :slice_id => ai.slice_id,
-                     :session_id => ai.session_id ) }
-
-        follow_up = TrisulRP::Protocol.mk_request(TRP::Message::Command::SESSION_ITEM_REQUEST,
-												  :session_ids => all_sids)
-
-        TrisulRP::Protocol.get_response(conn,follow_up) do |resp|
-          resp.session_item_response.items.each do |item|
-            print "#{item.session_id.slice_id},#{item.session_id.session_id} "
-            print "#{Time.at(item.time_interval.from.tv_sec)} "
-            print "#{item.time_interval.to.tv_sec-item.time_interval.from.tv_sec} ".rjust(8)
-            print "#{item.key1A.label}".ljust(28)
-            print "#{item.key2A.label}".ljust(11)
-            print "#{item.key1Z.label}".ljust(28)
-            print "#{item.key2Z.label}".ljust(11)
-            print "#{item.az_bytes}".rjust(10)
-            print "#{item.za_bytes}".rjust(10)
-            print "\n"
-          end
-        end
-  end
-
-  # convert a string to a key
-  def mk_trisul_key(guid,str)
-    req = TrisulRP::Protocol.mk_request(TRP::Message::Command::SEARCH_KEYS_REQUEST,
-        								  :pattern => str,
-										  :counter_group => guid,
-										  :maxitems => 1)
-
-    resp = TrisulRP::Protocol.get_response(@conn,req)
-
-	if resp.search_keys_response.found_keys.size > 0 
-		resp.search_keys_response.found_keys[0].key
-	else
-		str
-	end
-  end
+	include TrisulRP::Utils
 
 end

data/test/test_alerts.rb

@@ -5,43 +5,26 @@ require 'rubygems'
 
 require './helper'
 include TrisulRP::Protocol
-require guidmap
+include TrisulRP::Keys
+
 class TestTrisulrp < Test::Unit::TestCase
 
 	def test_query_alerts
 
-    target_ip = "0A.02.C7.EB"  # 10.2.199.235"
+    target_ip = "10.1.10.10"  # 10.2.199.235"
+
     TrisulRP::Protocol.connect("127.0.0.1",12001,"Demo_Client.crt","Demo_Client.key") do |conn|
+	
       tm_arr = TrisulRP::Protocol.get_available_time(conn)
-      req =TrisulRP::Protocol.mk_request(:context => 0,:alert_group  =>TrisulRP::Guids::AG_IDS,												       :source_ip => target_ip,
-        :maxitems  => 1000,
-        :time_interval => TRPLib.mk_time_interval(tm_arr))
+
+      req =TrisulRP::Protocol.mk_request(TRP::Message::Command::ALERT_GROUP_REQUEST,
+	  									:alert_group  =>TrisulRP::Guids::AG_IDS,
+										:source_ip => TrisulRP::Keys.make_key(target_ip),
+										:maxitems  => 1000,
+										:time_interval => mk_time_interval(tm_arr))
 
       TrisulRP::Protocol.get_response(conn,req) do |resp|
-        follow_up = TrisulRP::Protocol.mk_request(:alert_group  => TrisulRP::Guids::AG_IDS)
-		    resp.alert_group_response.alerts.each do |al|
-          follow_up.alert_item_request.alert_ids << TRP::AlertID.new(:slice_id => al.slice_id, :alert_id => al.alert_id)
-		    end
-
-		    TrisulRP::Protocol.getresponse(conn,follow_up) do | resp2 |
-          resp=resp2.alert_item_response
-          resolv_candidates = resp.items.collect { |item| [item.source_ip, item.source_port, item.destination_ip, item.destination_port,item.sigid]  }
-          resolv_arr = resolv_candidates.transpose
-          sip_names   = TrisulRP::Protocol.get_labels_for_keys(conn,TrisulRP::Guids::CG_HOSTS, resolv_arr[0])
-          sport_names = TrisulRP::Protocol.get_labels_for_keys(conn,TrisulRP::Guids::CG_APPS,  resolv_arr[1])
-          dip_names   = TrisulRP::Protocol.get_labels_for_keys(conn,TrisulRP::Guids::CG_HOSTS, resolv_arr[2])
-          dport_names = TrisulRP::Protocol.get_labels_for_keys(conn,TrisulRP::Guids::CG_APPS,  resolv_arr[3])
-          sigid_names = TrisulRP::Protocol.get_labels_for_keys(conn,TrisulRP::Guids::CG_SIGDS, resolv_arr[4])
-          resp.items.each do |item|
-		    	  print "#{Time.at(item.time.tv_sec)} "
-            print "#{sip_names[item.source_ip]}".ljust(28)
-            print "#{sport_names[item.source_port]}".ljust(11)
-            print "#{dip_names[item.destination_ip]}".ljust(28)
-            print "#{dport_names[item.destination_port]}".ljust(11)
-            print "#{sigid_names[item.sigid]}".rjust(10)
-            print "\n"
-          end
-		    end
+	  	print_alert_details(conn,resp.alert_group_response.alerts)
       end
     end
   end

data/test/test_cap.rb

@@ -3,21 +3,82 @@
 # Testing change 
 require 'rubygems'
 require './helper'
-include TrisulRP::Protocol
-require 'guidmap'
 
+include TrisulRP::Protocol
 
 class TestCap < Test::Unit::TestCase
-  def test_dpi
-    target_sess = TRP::SessionID.new(:slice_id => 2, :session_id => 207)
-    TrisulRP::Protocol.connect("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key") do |conn|
-      req = TrisulRP::Protocol.mk_request(TRP::Message::Command::SESSION_ITEM_REQUEST,
-        :session_ids => [target_sess])
-      TrisulRP::Protocol.get_response(conn,req) do |resp|
-        si = resp.session_item_response.items[0]
-        follow_up = TrisulRP::Protocol.mk_request(:filter_expression  => "#{GUIDMap::SG_TCP}=#{si.session_key}",
-                                                  :time_interval => si.time_interval )
-        TrisulRP::Protocol.get_response(conn,follow_up) do |resp|
+
+
+  # get all DNS & SMTP packets in last 1 hour 
+  #   	test setup is xff-test.pcap 
+  def test_filter_expr
+
+    conn = TrisulRP::Protocol.connect("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key")
+
+	expr = "#{TrisulRP::Guids::CG_APP}=p-0019,p-0035"
+	
+    tm_arr  = get_available_time(conn)
+	tm_arr[0] = tm_arr[1] - 900 
+
+    req = TrisulRP::Protocol.mk_request(TRP::Message::Command::FILTERED_DATAGRAMS_REQUEST,
+							:filter_expression => TRP::FilteredDatagramRequest::ByFilterExpr.new(
+									:time_interval  => mk_time_interval(tm_arr), 
+									:filter_expression  => expr)
+					)
+
+    TrisulRP::Protocol.get_response(conn,req) do |resp|
+          fdr=resp.filtered_datagram_response
+          p "Number of bytes = #{fdr.num_bytes}\n"
+          p "Number of pkts  = #{fdr.num_datagrams}\n"
+          p "Hash            = #{fdr.sha1}\n"
+
+          File.open("t.pcap","wb") do |f|
+            f.write(fdr.contents)
+          end
+    end
+
+
+  end
+
+  def wtest_sess
+
+    target_sess = TRP::SessionID.new(:slice_id => 1, :session_id => 45542)
+
+    conn = TrisulRP::Protocol.connect("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key")
+
+
+    req = TrisulRP::Protocol.mk_request(TRP::Message::Command::FILTERED_DATAGRAMS_REQUEST,
+							:session  => TRP::FilteredDatagramRequest::BySession.new(
+									:session_id  => target_sess)
+					)
+
+    TrisulRP::Protocol.get_response(conn,req) do |resp|
+          fdr=resp.filtered_datagram_response
+          p "Number of bytes = #{fdr.num_bytes}\n"
+          p "Number of pkts  = #{fdr.num_datagrams}\n"
+          p "Hash            = #{fdr.sha1}\n"
+
+          File.open("t.pcap","wb") do |f|
+            f.write(fdr.contents)
+          end
+    end
+
+  end
+
+  # alert test 
+  def test_alert
+
+    target_alert = TRP::AlertID.new(:slice_id => 2, :alert_id => 10133)
+
+    conn = TrisulRP::Protocol.connect("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key")
+
+
+    req = TrisulRP::Protocol.mk_request(TRP::Message::Command::FILTERED_DATAGRAMS_REQUEST,
+							:alert  => TRP::FilteredDatagramRequest::ByAlert.new(
+									:alert_id  => target_alert)
+					)
+
+    TrisulRP::Protocol.get_response(conn,req) do |resp|
           fdr=resp.filtered_datagram_response
           p "Number of bytes = #{fdr.num_bytes}\n"
           p "Number of pkts  = #{fdr.num_datagrams}\n"
@@ -26,10 +87,38 @@ class TestCap < Test::Unit::TestCase
           File.open("t.pcap","wb") do |f|
             f.write(fdr.contents)
           end
-        end
-      end
     end
+
+  end
+  #
+  # resource test 
+  def test_resource
+
+    target = TRP::ResourceID.new(:slice_id => 2, :resource_id => 308)
+
+    conn = TrisulRP::Protocol.connect("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key")
+
+
+    req = TrisulRP::Protocol.mk_request(TRP::Message::Command::FILTERED_DATAGRAMS_REQUEST,
+							:resource  => TRP::FilteredDatagramRequest::ByResource.new(
+									:resource_group => TrisulRP::Guids::RG_DNS,
+									:resource_id  => target)
+					)
+
+    TrisulRP::Protocol.get_response(conn,req) do |resp|
+          fdr=resp.filtered_datagram_response
+          p "Number of bytes = #{fdr.num_bytes}\n"
+          p "Number of pkts  = #{fdr.num_datagrams}\n"
+          p "Hash            = #{fdr.sha1}\n"
+
+          File.open("t.pcap","wb") do |f|
+            f.write(fdr.contents)
+          end
+    end
+
   end
 end
 
 
+
+

data/test/test_key_flows.rb

@@ -15,7 +15,7 @@ class TestTrisulrp < Test::Unit::TestCase
   def teardown
   end
 
-  def atest_flows_for_host
+  def test_flows_for_host
 
     target_key =  "0A.01.3C.BB"
 	
@@ -36,7 +36,7 @@ class TestTrisulrp < Test::Unit::TestCase
   def test_flows_for_appname
 
     target  =  "ssh"
-	target_key =  mk_trisul_key(CG_APP,target)
+	target_key =  mk_trisul_key(@conn,CG_APP,target)
 	
     tmarr  = TrisulRP::Protocol.get_available_time(@conn)
 

data/test/test_resources.rb

@@ -4,23 +4,23 @@
 require 'rubygems'
 require './helper'
 include TrisulRP::Protocol
-require guidmap
 
 class TestTrisulrp < Test::Unit::TestCase
 
 
-	# demonstrates getting all HTTP requests getting a *DLL 
+	# demonstrates getting all DNS resources for smtp (string contains smtp)
 	def test_query_resources
 
     target_ip = "0A.02.C7.EB"  # 10.2.199.235"
 
-    TrisulRP::Protocol.connect_trp("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key") do |conn|
+    TrisulRP::Protocol.connect("127.0.0.1", 12001,"Demo_Client.crt","Demo_Client.key") do |conn|
   
       tm_arr = TrisulRP::Protocol. get_available_time(conn)
+
       req = TrisulRP::Protocol.mk_request(TRP::Message::Command::RESOURCE_GROUP_REQUEST,
         :context => 0,
-        :resource_group => TrisulRP::Guids::RG_URL,
-        :uri_pattern => "dll",:maxitems  => 1000,                                                                                                                   :time_interval => mk_time_interval(tm_arr))
+        :resource_group => TrisulRP::Guids::RG_DNS,
+        :uri_pattern => "smtp",:maxitems  => 1000,                                                                                                                   :time_interval => mk_time_interval(tm_arr))
 
       TrisulRP::Protocol.get_response(conn,req) do |resp|
 
@@ -30,7 +30,7 @@ class TestTrisulrp < Test::Unit::TestCase
         end
 
         follow_up = TrisulRP::Protocol.mk_request( TRP::Message::Command::RESOURCE_ITEM_REQUEST,
-          :context => 0, :resource_group => TrisulRP::Guids::RG_URL,
+          :context => 0, :resource_group => TrisulRP::Guids::RG_DNS,
           :resource_ids => resource_ids)
 
         TrisulRP::Protocol.get_response(conn,follow_up) do | resp2 |
@@ -50,4 +50,4 @@ class TestTrisulrp < Test::Unit::TestCase
 
   end
  
-end
+end

data/trisulrp.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{trisulrp}
-  s.version = "1.2.7"
+  s.version = "1.2.8"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["vivek"]
-  s.date = %q{2011-02-17}
+  s.date = %q{2011-02-22}
   s.description = %q{This gem deals about the trisul remote protocol}
   s.email = %q{vivek_rajagopal@yahoo.com}
   s.extra_rdoc_files = [
@@ -30,6 +30,7 @@ Gem::Specification.new do |s|
     "lib/trisulrp/protocol.rb",
     "lib/trisulrp/trp.pb.rb",
     "lib/trisulrp/trp.proto",
+    "lib/trisulrp/utils.rb",
     "test/Demo_Client.crt",
     "test/Demo_Client.key",
     "test/helper.rb",

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 1
   - 2
-  - 7
-  version: 1.2.7
+  - 8
+  version: 1.2.8
 platform: ruby
 authors: 
 - vivek
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-17 00:00:00 +05:30
+date: 2011-02-22 00:00:00 +05:30
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -126,6 +126,7 @@ files:
 - lib/trisulrp/protocol.rb
 - lib/trisulrp/trp.pb.rb
 - lib/trisulrp/trp.proto
+- lib/trisulrp/utils.rb
 - test/Demo_Client.crt
 - test/Demo_Client.key
 - test/helper.rb
@@ -151,7 +152,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: -1049257823
+      hash: -371857393
       segments: 
       - 0
       version: "0"