trisulrp 3.2.43 → 4.2.54

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 80cba7114005ca50ffa03b9e8eb08243a025123cddea8e6bb8953810b3100335
-  data.tar.gz: 1bb31482b9a3959b9053cef73cd0cab05840a504c06309a1e93aba50e2af89f5
+  metadata.gz: 89c8e7d686d1d581859b36d4f0e55b87b61df14b1a8425aab15df7bb0bd3ddd0
+  data.tar.gz: 267c771796edad2ffc3ace07b044f636955be2b812dbdbf0da8f85a0d7a61cfb
 SHA512:
-  metadata.gz: b80b17dc617b2757eb46e549290ee1a495224054870bd69ddbab4d7205805443704486a46b08972c21244b37d61b3d099d3e5e8dc32694f3260973fdddf529c1
-  data.tar.gz: 0aaa32bdb2b1fc16a1c1a4a7a2b516c47914076b55b95f4a7f1fb46bb80b56e09db15a51208784b8470e01539a76c3b301b0143a75c3302ca9692f4b302f2c0a
+  metadata.gz: b94c828ed97e7e378407c61dda9425baf211af67d4070bd945c819bf19026f0a4c46cdcaeda501eba491a118eaf608096ca934b0f135772c42c82dd209770cbb
+  data.tar.gz: 6f028f639dee78260b013fd4aa6706221c61444bdd0691596060eb6a65667c3f713cc4aabb73da8b7cdb28fa2c5a992b0b3c26497618bb031dc88f9e50cd01e4

data/.gitignore

@@ -0,0 +1,54 @@
+# rcov generated
+coverage
+
+# rdoc generated
+rdoc
+
+# yard generated
+doc
+.yardoc
+
+# bundler
+.bundle
+
+# jeweler generated
+pkg
+
+# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore: 
+#
+# * Create a file at ~/.gitignore
+# * Include files you want ignored
+# * Run: git config --global core.excludesfile ~/.gitignore
+#
+# After doing this, these files will be ignored in all your git projects,
+# saving you from having to 'pollute' every project you touch with them
+#
+# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
+#
+# For MacOS:
+#
+#.DS_Store
+#
+# For TextMate
+#*.tmproj
+#tmtags
+#
+# For emacs:
+#*~
+#\#*
+#.\#*
+#
+# For vim:
+#*.swp
+
+#Gemfile lock
+Gemfile.lock
+
+#ignore gitignore
+.gitignore
+
+#ignore svn 
+.svn
+test/Demo_Client_Clear.key
+test/t.pcap
+#

data/Gemfile

@@ -1,14 +1,3 @@
-source "http://rubygems.org"
+source "https://rubygems.org"
 
-# Add dependencies required to use your gem here.
-gem "protobuf"
-
-
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
-group :development do
-  gem "shoulda" 
-  gem "bundler"
-  gem "juwelier"
-  gem "simplecov" 
-end
+gemspec

data/Rakefile

@@ -1,4 +1,4 @@
-$SAFE=0
+$SAFE=0 if defined?($SAFE)
 require 'rubygems'
 require 'bundler'
 begin
@@ -10,29 +10,27 @@ rescue Bundler::BundlerError => e
 end
 require 'rake'
 
-require 'juwelier'
-Juwelier::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "trisulrp"
-  gem.homepage = "http://github.com/vivekrajan/trisulrp"
-  gem.license = "MIT"
-  gem.summary = %Q{trisul trp}
-  gem.description = %Q{This gem deals about the trisul remote protocol}
-  gem.email = "vivek_rajagopal@yahoo.com"
-  gem.authors = ["vivek"]
-  # Include your dependencies below. Runtime dependencies are required when using your gem,
-  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
-  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
-  #  gem.add_development_dependency 'rspec', '> 1.2.3'
+begin
+  require 'bundler/gem_tasks'
+rescue LoadError
 end
-Juwelier::RubygemsDotOrgTasks.new
 
 require 'rdoc/task'
 Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  version = File.exist?('VERSION') ? File.read('VERSION').strip : ""
 
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "trisulrp #{version}"
   rdoc.rdoc_files.include('README*')
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/test_*.rb']
+  t.verbose = true
+end
+
+task :default => :test

data/VERSION

@@ -1 +1 @@
-3.2.43
+4.2.54

data/lib/trisulrp/protocol.rb

@@ -52,7 +52,7 @@ module TrisulRP::Protocol
   # * The client does not have permissions to connect with that cert 
   # * The private key password is wrong 
   #
-  def connect(server,port,client_cert_file,client_key_file)
+  def connect1(server,port,client_cert_file,client_key_file)
     tcp_sock=TCPSocket.open(server,port)
     ctx = OpenSSL::SSL::SSLContext.new(:TLSv1)
     ctx.cert = OpenSSL::X509::Certificate.new(File.read(client_cert_file))
@@ -144,7 +144,7 @@ module TrisulRP::Protocol
     outbuf=""
 
 	# out
-   outbuf=trp_request.encode
+   outbuf=TRP::Message.encode(trp_request)
 	ctx=ZMQ::Context.new
 	sock = ctx.socket(ZMQ::REQ)
 
@@ -176,9 +176,8 @@ module TrisulRP::Protocol
 		#in 
 		dataarray=""
 		rsock.recv_string(dataarray)
-		resp =TRP::Message.new
-		resp.decode dataarray
-		if resp.trp_command.to_i == TRP::Message::Command::ERROR_RESPONSE
+		resp = TRP::Message.decode(dataarray)
+		if resp.trp_command==TRP::Message::Command.lookup(5)
 			print "TRP ErrorResponse: #{resp.error_response.error_message}\n"
 			rsock.close
 			ctx.terminate 
@@ -188,7 +187,8 @@ module TrisulRP::Protocol
 		rsock.close
 		ctx.terminate 
     unwrap_resp = unwrap_response(resp)
-    unwrap_resp.instance_variable_set("@trp_resp_command_id",resp.trp_command.to_i)
+    cmd_id = resp.trp_command.is_a?(Symbol) ? TRP::Message::Command.resolve(resp.trp_command) : resp.trp_command.to_i
+    unwrap_resp.instance_variable_set("@trp_resp_command_id", cmd_id)
 		yield unwrap_resp if block_given?
 		return unwrap_resp
 
@@ -304,12 +304,11 @@ module TrisulRP::Protocol
         resp = get_response(conn,req) 
       end 
     rescue Exception=>ex
-     raise ex
+      raise ex
     end
 
     from_tm =  Time.at(resp.total_window.from.tv_sec)
     to_tm =  Time.at(resp.total_window.to.tv_sec)
-
     return [from_tm,to_tm]
 
   end
@@ -376,25 +375,36 @@ module TrisulRP::Protocol
 		params[:time_interval] = mk_time_interval(ti)
 	end
 
+    # Ignore extra parameters that are not in the message descriptor
+    params.delete_if { |k, v| !msg.descriptor.lookup(k.to_s) }
+
   	params.each do |k,v|
-      f = msg.get_field(k)
+      f = msg.descriptor.lookup(k.to_s)
+      next unless f
       if v.is_a? String 
-        if f.is_a? Protobuf::Field::MessageField and f.type_class.to_s == "TRP::KeyT"
+        if f.type == :message and f.subtype and f.subtype.name == "TRP.KeyT"
           params[k] = TRP::KeyT.new( :label => v )
-        elsif f.is_a? Protobuf::Field::Int64Field 
+        elsif f.type == :int64 or f.type == :int32 or f.type == :uint64 or f.type == :uint32 
           params[k] = v.to_i
-        elsif f.is_a? Protobuf::Field::StringField and f.rule == :repeated  
+        elsif f.type == :string and f.label == :repeated  
           params[k] = v.split(',') 
-        elsif f.is_a? Protobuf::Field::BoolField
-          params[k] = ( v == "true")
+        elsif f.type == :bool
+          params[k] = ( v == "true" || v == "1")
         end
       elsif v.is_a? BigDecimal  or v.is_a? Float 
-        if f.is_a? Protobuf::Field::Int64Field 
+        if f.type == :int64 or f.type == :int32 or f.type == :uint64 or f.type == :uint32 
             params[k] = v.to_i
         end
-      elsif v.is_a?Array and f.is_a?Protobuf::Field::MessageField and f.type_class.to_s == "TRP::KeyT"
-        v.each_with_index do |v1,idx|
-          v[idx]= TRP::KeyT.new( :label => v1 ) if v1.is_a?String
+      elsif v.is_a?Array
+        # unfreeze any strings inside the array
+        v.each_with_index do |v1, idx|
+          v[idx] = v1.dup if v1.is_a?(String) && v1.frozen?
+        end
+
+        if f.type == :message and f.subtype and f.subtype.name == "TRP.KeyT"
+          v.each_with_index do |v1,idx|
+            v[idx]= TRP::KeyT.new( :label => v1 ) if v1.is_a?String
+          end
         end
       end
 	 end
@@ -437,17 +447,24 @@ module TrisulRP::Protocol
   #
   #
   def mk_request(cmd_id,in_params={})
-   params  =in_params.dup
-   opts = {:trp_command=> cmd_id}
-   if params.has_key?(:destination_node)
-     opts[:destination_node] = params[:destination_node]
-   end
-   if params.has_key?(:probe_id)
-     opts[:probe_id] = params[:probe_id]
-   end
-   if params.has_key?(:run_async)
-     opts[:run_async] = params[:run_async]
-   end
+    
+    # Duplicate hash and unfreeze any frozen strings to prevent google-protobuf FrozenError
+    params = {}
+    in_params.each do |k, v|
+      params[k] = (v.is_a?(String) && v.frozen?) ? v.dup : v
+    end
+
+    opts = {:trp_command=> cmd_id}
+    desc = TRP::Message.descriptor
+    if params.has_key?(:destination_node) && desc.lookup("destination_node")
+      opts[:destination_node] = params.delete(:destination_node)
+    end
+    if params.has_key?(:probe_id) && desc.lookup("probe_id")
+      opts[:probe_id] = params.delete(:probe_id)
+    end
+    if params.has_key?(:run_async) && desc.lookup("run_async")
+      opts[:run_async] = params.delete(:run_async)
+    end
     req = TRP::Message.new(opts)
     case cmd_id
     when TRP::Message::Command::HELLO_REQUEST
@@ -552,6 +569,27 @@ module TrisulRP::Protocol
     when TRP::Message::Command::TOOL_INFO_REQUEST
 	  fix_TRP_Fields( TRP::ToolInfoRequest, params)
       req.tool_info_request = TRP::ToolInfoRequest.new(params)
+    when TRP::Message::Command::UPDATE_SLICE_REQUEST
+	  fix_TRP_Fields( TRP::UpdateSliceRequest, params)
+      req.update_slice_request = TRP::UpdateSliceRequest.new(params)
+    when TRP::Message::Command::COUNTER_ITEM_NG_REQUEST
+	  fix_TRP_Fields( TRP::CounterItemNGRequest, params)
+      req.counter_item_ng_request = TRP::CounterItemNGRequest.new(params)
+    when TRP::Message::Command::CONTEXT_CREATE_REQUEST
+	  fix_TRP_Fields( TRP::ContextCreateRequest, params)
+      req.context_create_request = TRP::ContextCreateRequest.new(params)
+    when TRP::Message::Command::CONTEXT_DELETE_REQUEST
+	  fix_TRP_Fields( TRP::ContextDeleteRequest, params)
+      req.context_delete_request = TRP::ContextDeleteRequest.new(params)
+    when TRP::Message::Command::AGGREGATE_RESOURCES_REQUEST
+	  fix_TRP_Fields( TRP::AggregateResourcesRequest, params)
+      req.aggregate_resources_request = TRP::AggregateResourcesRequest.new(params)
+    when TRP::Message::Command::HA_CONTROL_REQUEST
+	  fix_TRP_Fields( TRP::HAControlRequest, params)
+      req.ha_control_request = TRP::HAControlRequest.new(params)
+    when TRP::Message::Command::DDOS_REPORT_REQUEST
+	  fix_TRP_Fields( TRP::DDosReportRequest, params)
+      req.ddos_report_request = TRP::DDosReportRequest.new(params)
     else
       raise "Unknown TRP command ID"
     end
@@ -594,7 +632,8 @@ module TrisulRP::Protocol
   #
   #
   def unwrap_response(resp)
-    case resp.trp_command.to_i
+    cmd_id = resp.trp_command.is_a?(Symbol) ? TRP::Message::Command.resolve(resp.trp_command) : resp.trp_command.to_i
+    case cmd_id
     when TRP::Message::Command::HELLO_RESPONSE
       resp.hello_response
     when TRP::Message::Command::COUNTER_GROUP_TOPPER_RESPONSE
@@ -655,6 +694,14 @@ module TrisulRP::Protocol
         resp.run_tool_response
     when TRP::Message::Command::TOOL_INFO_RESPONSE
         resp.tool_info_response
+    when TRP::Message::Command::UPDATE_SLICE_RESPONSE
+        resp.update_slice_response
+    when TRP::Message::Command::AGGREGATE_RESOURCES_RESPONSE
+        resp.aggregate_resources_response
+    when TRP::Message::Command::HA_CONTROL_RESPONSE
+        resp.ha_control_response
+    when TRP::Message::Command::DDOS_REPORT_RESPONSE
+        resp.ddos_report_response
     else
       raise "#{resp.trp_command.to_i} Unknown TRP command ID"
     end

data/lib/trisulrp/trp.proto

@@ -6,7 +6,7 @@
 // Based on Google Protocol Buffers
 // (c) 2012-16, Unleash Networks (http://www.unleashnetworks.com)
 // $Rev: 6946 $
-
+syntax = "proto2";
 option optimize_for = LITE_RUNTIME; 
 
 
@@ -96,7 +96,7 @@ message KeyStats {
 /// Top level objects are named ObjT 
 ///   eg KeyT - Key Type, SessionT - Session Type etc.
 message KeyT {
-    optional string         key=1;                  /// key in trisul key format eg, C0.A8.01.02 for 192.168.1.2
+    optional string         key=1;                  /// key in trisul key format eg, C0.A8.01.02 
     optional string         readable=2;             /// human friendly name
     optional string         label=3;                /// a user label eg, a hostname or manually assigned name 
     optional string         description=4;          /// description 
@@ -190,6 +190,9 @@ message AlertT{
     optional string         probe_id=16;            /// probe generating this alert 
     optional string         alert_status=17;        /// FIRE,CLEAR,BLOCK etc 
     optional int64          acknowledge_flag=18;    /// ACK or NOT 
+    optional string         tactic_id=19;           /// from MITRE
+    optional string         technique_id=20;
+    optional string         subtechnique_id=21;
 }
 
 
@@ -374,7 +377,8 @@ message Message {
 					TOOL_INFO_RESPONSE=144;
 					DDOS_REPORT_REQUEST=153;
 					DDOS_REPORT_RESPONSE=154;
-
+                    UPDATE_SLICE_REQUEST=155;                            
+                    COUNTER_ITEM_NG_REQUEST=156;
     }
 
     required Command    trp_command=1;
@@ -450,6 +454,8 @@ message Message {
     optional ToolInfoResponse  tool_info_response=153;
 	optional DDosReportRequest  ddos_report_request=154;
 	optional DDosReportResponse  ddos_report_response=155;
+    optional UpdateSliceRequest  update_slice_request=156;
+    optional CounterItemNGRequest counter_item_ng_request=157;
     optional string     destination_node=200;   // todo move 2nd
     optional string     probe_id=201;           // todo move 3rd 
     optional bool       run_async=202;          /// if run_async = true, then you will immediately get a AsynResponse with a token you can poll 
@@ -519,8 +525,20 @@ message CounterItemResponse{
     optional StatsArray     samples=8;                 		/// if volumes_only = 1  this contains SAMPLES(..) 
     optional StatsArray     percentiles=9;                  /// if get_percentile > 0   this contains PERCENTILE(..) stream approx 
     optional StatsArray     latests=10;                     /// if volumes_only = 1  this contains LATEST(..)
+    optional StatsArray     rate_volumes=11;                /// if volumes_only = 1  this contains BUCKETSIZE*TOTALS(..) for Bps units to Volumes MB,GB
 }
 
+/// CounterItemNGRequest : NG version works with multiple resolutions
+/// Time series history statistics for an item 
+message CounterItemNGRequest{
+    required string         counter_group=2;                /// guid of counter group 
+    optional int64          meter=3;                        /// optional meter, default will retrieve all (same cost)
+    required KeyT           key=4;                          /// key (can specify key.key, key.label, etc too 
+    required TimeInterval   time_interval=5;                /// Time interval for query
+    optional int64          volumes_only=6 [default=0];     /// if '1' ; then only retrieves totals for each meter 
+	optional bool			get_key_attributes=7 [default=false]; /// if true, response keys get key_attributes as well 
+    optional int64          get_percentile=8[default=0];    /// enter 95 here if you want 95th percentile (using streaming) 
+}
 
 /// CounterGroupTopperRequest  - retrieve toppers for a counter group (top-K)
 message CounterGroupTopperRequest{
@@ -641,6 +659,8 @@ message AggregateSessionsRequest {
     optional int64          aggregate_topcount=19[default=100];   	/// number of count-star per field 
 	repeated string         group_by_fields=20; /// list of field names 
     optional KeyT           any_nf_ifindex=21;  /// matches either gen2 or gen3 
+    repeated string         custom_conversation_fields=22; /// string field names and taggroups to string
+                                                           /// source_ip dest_ip dest_port NBAR ASN USERID    
 }
 
 /// AggregateSessionsResponse 
@@ -678,6 +698,7 @@ message AggregateSessionsResponse {
     repeated KeyTCount      external_ip=20;     /// external IPs
 	repeated TagGroup		tag_group=21;		/// tag groups 
     repeated KeyTCount      conversation=22;    /// conversation 
+    repeated KeyTCount      custom_conversation=23; /// custom conversation fields
 }
 
 
@@ -690,6 +711,14 @@ message UpdateKeyRequest{
 	repeated string         remove_attributes=6;     /// remove these attributes only from keys 
 }
 
+/// UpdateSliceRequerst 
+/// Response = OKResponse or ErrorResponse
+message UpdateSliceRequest {
+    required int64          id=1;			   /// the number slice_id  
+	repeated string         add_tags=2;        /// tags to be added to slice
+	repeated string         remove_tags=3;     /// tags to be removed from slice 
+}
+
 /// SessionTrackerRequest  - query session trackers 
 ///     session trackers are top-k streaming algorithm for network flows 
 ///     They are Top Sessions fulfilling a particular preset criterion 
@@ -736,6 +765,9 @@ message QueryAlertsRequest  {
     repeated KeyT           ip_pair=20;             /// array of 2 ips 
     optional string         message_regex=21;       /// searech via regex of the dispatch message 
 	optional bool			approx_count_only=22[default=false];	/// approx count per alert group 
+    optional string         tactic_id=23;
+    optional string         technique_id=24;        /// MITRE fields 
+    optional string         subtechnique_id=25;
 }
 
 /// QueryAlertsResponse - response 
@@ -936,11 +968,27 @@ message TimeSlicesResponse  {
         optional int64          disk_size=4;
         optional string         path=5;
         optional bool           available=6;
+		repeated string         tags=7; 
+		optional int64			id=8;
     };
 
+	message PoolT
+	{
+		required string			status=1;
+		optional int64  	    total_size=2;
+		optional int64          avail_size=3;
+		optional string 		file_system=4; 
+		optional string 		mounted=5; 
+		optional bool 	        offline_archive=6 [default=false];
+		optional bool 	        offline_archive_mounted=7 [default=false];
+		optional string 	    additional_info=8;
+	}
+
     repeated SliceT         slices=1;
     optional TimeInterval   total_window=2;
     optional string         context_name=3;
+	repeated PoolT			pools=4; 
+	optional bool 		    ha_slave_mode=5;
 }