unified2 0.5.4 → 0.6.0

metadata

@@ -1,197 +1,181 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: unified2
-version: !ruby/object:Gem::Version 
-  hash: 3
+version: !ruby/object:Gem::Version
+  version: 0.6.0
   prerelease: 
-  segments: 
-  - 0
-  - 5
-  - 4
-  version: 0.5.4
 platform: ruby
-authors: 
+authors:
 - Dustin Willis Webber
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-06-27 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  name: packetfu
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+date: 2011-11-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bindata
+  requirement: &70345281255100 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 13
-        segments: 
-        - 1
-        - 1
-        version: "1.1"
+      - !ruby/object:Gem::Version
+        version: '1.4'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: hexdump
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *70345281255100
+- !ruby/object:Gem::Dependency
+  name: packetfu
+  requirement: &70345281252460 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 15
-        segments: 
-        - 0
-        - 2
-        version: "0.2"
+      - !ruby/object:Gem::Version
+        version: '1.1'
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: bindata
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *70345281252460
+- !ruby/object:Gem::Dependency
+  name: hexdump
+  requirement: &70345281251340 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 4
-        version: "1.4"
+      - !ruby/object:Gem::Version
+        version: '0.2'
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
+  prerelease: false
+  version_requirements: *70345281251340
+- !ruby/object:Gem::Dependency
   name: ore-tasks
+  requirement: &70345281250320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :development
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *70345281250320
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70345281388740 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 1
-        segments: 
-        - 0
-        - 5
-        version: "0.5"
+      - !ruby/object:Gem::Version
+        version: '2.4'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: yard
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: *70345281388740
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: &70345281387940 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 0
-        - 6
-        - 0
-        version: 0.6.0
+      - !ruby/object:Gem::Version
+        version: '0.7'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: rspec
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: *70345281387940
+- !ruby/object:Gem::Dependency
+  name: rdiscount
+  requirement: &70345281386700 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 2
-        - 4
-        version: "2.4"
+      - !ruby/object:Gem::Version
+        version: '1.6'
   type: :development
-  version_requirements: *id006
-description: A ruby interface for unified2 output. rUnified2 allows you to manipulate unified2 output for custom storage and/or analysis.
-email: 
+  prerelease: false
+  version_requirements: *70345281386700
+description: A ruby interface for unified2 output. rUnified2 allows you to manipulate
+  unified2 output for custom storage and/or analysis.
+email:
 - dustin.webber@gmail.com
-executables: []
-
+executables:
+- ru2
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.md
+- ChangeLog.md
 - LICENSE.txt
+files:
+- .document
+- .rspec
+- .yardopts
 - ChangeLog.md
-files: 
-- spec/spec_helper.rb
-- lib/unified2/event.rb
-- lib/unified2/constructor/record_header.rb
-- lib/unified2.rb
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/ru2
+- example/example.rb
+- example/example2.rb
+- example/seeds/classification.config
+- example/seeds/gen-msg.map
+- example/seeds/sid-msg.map
+- example/seeds/unified2-current.log
+- example/seeds/unified2-legacy.log
 - gemspec.yml
-- .rspec
+- lib/unified2.rb
+- lib/unified2/classification.rb
 - lib/unified2/config_file.rb
-- example/seeds/unified2.log
-- example/seeds/sid-msg.map
-- .yardopts
-- lib/unified2/signature.rb
-- lib/unified2/sensor.rb
 - lib/unified2/constructor.rb
-- example/seeds/classification.config
-- spec/event_spec.rb
-- lib/unified2/protocol.rb
-- lib/unified2/payload.rb
-- lib/unified2/constructor/primitive/ipv4.rb
-- lib/unified2/constructor/event_ip6.rb
 - lib/unified2/constructor/construct.rb
-- example/example.rb
-- lib/unified2/version.rb
-- Rakefile
-- README.md
-- LICENSE.txt
-- spec/unified2_spec.rb
-- lib/unified2/exceptions/unknown_load_type.rb
-- lib/unified2/core_ext/string.rb
-- lib/unified2/core_ext.rb
 - lib/unified2/constructor/event_ip4.rb
-- unified2.gemspec
+- lib/unified2/constructor/event_ip6.rb
+- lib/unified2/constructor/extra_construct.rb
+- lib/unified2/constructor/extra_data.rb
+- lib/unified2/constructor/extra_data_header.rb
+- lib/unified2/constructor/legacy_event_ip4.rb
+- lib/unified2/constructor/legacy_event_ip6.rb
 - lib/unified2/constructor/packet.rb
-- lib/unified2/exceptions/file_not_readable.rb
-- lib/unified2/exceptions/file_not_found.rb
-- example/seeds/gen-msg.map
-- .document
+- lib/unified2/constructor/primitive/ipv4.rb
+- lib/unified2/constructor/record_header.rb
+- lib/unified2/core_ext.rb
+- lib/unified2/core_ext/string.rb
+- lib/unified2/event.rb
 - lib/unified2/exceptions.rb
-- lib/unified2/classification.rb
-- ChangeLog.md
+- lib/unified2/exceptions/binary_read_error.rb
+- lib/unified2/exceptions/file_not_found.rb
+- lib/unified2/exceptions/file_not_readable.rb
+- lib/unified2/exceptions/unknown_load_type.rb
+- lib/unified2/extra.rb
+- lib/unified2/packet.rb
+- lib/unified2/protocol.rb
+- lib/unified2/sensor.rb
+- lib/unified2/signature.rb
+- lib/unified2/version.rb
+- spec/event_spec.rb
+- spec/legacy_event_spec.rb
+- spec/spec_helper.rb
+- spec/unified2_spec.rb
+- unified2.gemspec
 homepage: https://github.com/mephux/unified2
-licenses: 
+licenses:
 - MIT
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: unified2
-rubygems_version: 1.8.1
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: A ruby interface for unified2 output.
-test_files: 
+test_files:
 - spec/event_spec.rb
+- spec/legacy_event_spec.rb
 - spec/unified2_spec.rb

data/lib/unified2/payload.rb

@@ -1,114 +0,0 @@
-require 'hexdump'
-
-module Unified2
-  #
-  # Payload
-  #
-  class Payload
-
-    attr_accessor :linktype, :length, :packet
-
-    #
-    # Initialize payload object
-    #
-    # @param [String] raw Raw binary payload
-    # @param [Hash] packet Packet attributes
-    #
-    # @option packet [String] :packet Packet
-    # @option packet [Integer] :packet_length Packet length
-    # @option packet [Integer] :linktype Packet linktype
-    #
-    def initialize(raw, packet={})
-      @packet = raw
-      @length = packet[:packet_length].to_i
-      @linktype = packet[:linktype]
-    end
-
-    #
-    # Blank?
-    #
-    # @return [true, false] Check is payload is blank
-    #
-    def blank?
-      return true unless @packet
-      false
-    end
-
-    #
-    # Raw
-    #
-    # @return [String] Raw binary payload
-    #
-    def raw
-      @packet
-    end
-
-    #
-    # Hex
-    #
-    # @return [String] Convert payload to hex
-    #
-    def hex
-      @hex = @packet.to_s.unpack('H*')
-      return @hex.first if @hex
-      nil
-    end
-
-    #
-    # Dump
-    #
-    # @param [options] options Hash of options for Hexdump#dump
-    #
-    # @option options [Integer] :width (16)
-    #   The number of bytes to dump for each line.
-    #
-    # @option options [Symbol, Integer] :base (:hexadecimal)
-    #   The base to print bytes in. Supported bases include, `:hexadecimal`,
-    #   `:hex`, `16, `:decimal`, `:dec`, `10, `:octal`, `:oct`, `8`,
-    #   `:binary`, `:bin` and `2`.
-    #
-    # @option options [Boolean] :ascii (false)
-    #   Print ascii characters when possible.
-    #
-    # @option options [#<<] :output (STDOUT)
-    #   The output to print the hexdump to.
-    #
-    # @yield [index,hex_segment,print_segment]
-    #   The given block will be passed the hexdump break-down of each segment.
-    #
-    # @yieldparam [Integer] index
-    #   The index of the hexdumped segment.
-    #
-    # @yieldparam [Array<String>] hex_segment
-    #   The hexadecimal-byte representation of the segment.
-    #
-    # @yieldparam [Array<String>] print_segment
-    #   The print-character representation of the segment.
-    #
-    # @return [nil]
-    #
-    # @raise [ArgumentError]
-    #   The given data does not define the `#each_byte` method, or
-    #
-    # @note
-    #   Please view the hexdump documentation for more
-    #   information. Hexdump is a great lib by @postmodern. 
-    #   (http://github.com/postmodern/hexdump)
-    # 
-    def dump(options={})
-      Hexdump.dump(@packet, options)
-    end
-    
-    #
-    # Checksum
-    #
-    # Create a unique payload checksum
-    #
-    # @return [String] Payload checksum
-    #
-    def checksum
-      Digest::MD5.hexdigest(@packet)
-    end
-
-  end
-end