traffic-taffy 0.6.4__tar.gz → 0.8.1__tar.gz

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: traffic-taffy
-Version: 0.6.4
+Version: 0.8.1
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>
@@ -9,7 +9,9 @@ Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Requires-Python: >=3.7
 Requires-Dist: cryptography
+Requires-Dist: dnssplitter
 Requires-Dist: dpkt
+Requires-Dist: ip2asn
 Requires-Dist: msgpack
 Requires-Dist: pandas
 Requires-Dist: pcap-parallel

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/pyproject.toml

@@ -28,6 +28,8 @@ dependencies = [
     "seaborn",
     "cryptography",
     "pyOpenSSL==22.1.0",
+    "dnssplitter",
+    "ip2asn",
 ]
 
 [project.scripts]

traffic_taffy-0.8.1/traffic_taffy/__init__.py

@@ -0,0 +1 @@
+__VERSION__ = "0.8.1"

traffic_taffy-0.8.1/traffic_taffy/algorithms/__init__.py

@@ -0,0 +1,14 @@
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    pass
+
+
+class ComparisonAlgorithm:
+    def __init__(self):
+        pass
+
+    def compare_dissections(left_side: dict, right_side: dict) -> dict:
+        raise ValueError(
+            "code failure: base class compare_dissections should never be called"
+        )

traffic_taffy-0.8.1/traffic_taffy/algorithms/statistical.py

@@ -0,0 +1,100 @@
+from traffic_taffy.algorithms import ComparisonAlgorithm
+from traffic_taffy.comparison import Comparison
+from traffic_taffy.dissection import Dissection
+from traffic_taffy.report import Report
+
+
+class ComparisonStatistical(ComparisonAlgorithm):
+    def __init__(self):
+        super().__init__()
+
+    def compare_dissections(self, left_side: dict, right_side: dict) -> Comparison:
+        """Compare two dissections."""
+        report = {}
+
+        keys = set(left_side.keys())
+        keys = keys.union(right_side.keys())
+        for key in keys:
+            report[key] = {}
+
+            if key not in left_side:
+                left_side[key] = {}
+            left_side_total = sum(left_side[key].values())
+
+            if key not in right_side:
+                right_side[key] = {}
+            right_side_total = sum(right_side[key].values())
+
+            new_left_count = 0
+            for subkey in left_side[key]:
+                delta_percentage = 0.0
+                total = 0
+                if subkey in right_side[key]:
+                    left_percentage = left_side[key][subkey] / left_side_total
+                    right_percentage = right_side[key][subkey] / right_side_total
+                    delta_percentage = right_percentage - left_percentage
+                    total = right_side[key][subkey] + left_side[key][subkey]
+                    left_count = left_side[key][subkey]
+                    right_count = right_side[key][subkey]
+                else:
+                    delta_percentage = -1.0
+                    left_percentage = left_side[key][subkey] / left_side_total
+                    right_percentage = 0.0
+                    total = -left_side[key][subkey]
+                    left_count = left_side[key][subkey]
+                    right_count = 0
+                    new_left_count += 1
+
+                delta_absolute = right_count - left_count
+                report[key][subkey] = Report(
+                    delta_percentage=delta_percentage,
+                    delta_absolute=delta_absolute,
+                    total=total,
+                    left_count=left_count,
+                    right_count=right_count,
+                    left_percentage=left_percentage,
+                    right_percentage=right_percentage,
+                )
+
+            new_right_count = 0
+            for subkey in right_side[key]:
+                if subkey not in report[key]:
+                    delta_percentage = 1.0
+                    total = right_side[key][subkey]
+                    left_count = 0
+                    right_count = right_side[key][subkey]
+                    left_percentage = 0.0
+                    right_percentage = right_side[key][subkey] / right_side_total
+                    new_right_count += 1  # this value wasn't in the left
+
+                    report[key][subkey] = Report(
+                        delta_percentage=delta_percentage,
+                        delta_absolute=right_count,
+                        total=total,
+                        left_count=left_count,
+                        right_count=right_count,
+                        left_percentage=left_percentage,
+                        right_percentage=right_percentage,
+                    )
+
+            if right_side_total == 0:
+                right_percent = 100
+            else:
+                right_percent = new_right_count / right_side_total
+
+            if left_side_total == 0:
+                left_percent = 100
+            else:
+                left_percent = new_left_count / left_side_total
+
+            report[key][Dissection.NEW_RIGHT_SUBKEY] = Report(
+                delta_absolute=new_right_count - new_left_count,
+                total=new_left_count + new_right_count,
+                left_count=new_left_count,
+                right_count=new_right_count,
+                left_percentage=left_percent,
+                right_percentage=right_percent,
+                delta_percentage=right_percent - left_percent,
+            )
+
+        return Comparison(report)

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/compare.py

@@ -3,8 +3,9 @@
 from __future__ import annotations
 from logging import debug, error
 from typing import List, TYPE_CHECKING
-import datetime as dt
 from datetime import datetime
+import datetime as dt
+import itertools
 
 if TYPE_CHECKING:
     from argparse import ArgumentParser, Namespace
@@ -13,19 +14,7 @@ from traffic_taffy.comparison import Comparison
 from traffic_taffy.dissectmany import PCAPDissectMany
 from traffic_taffy.dissector import PCAPDissectorLevel
 from traffic_taffy.dissection import Dissection
-
-from dataclasses import dataclass
-
-
-@dataclass
-class Report:
-    delta_percentage: float
-    delta_absolute: int
-    total: int
-    left_count: int
-    right_count: int
-    left_percentage: float
-    right_percentage: float
+from traffic_taffy.algorithms.statistical import ComparisonStatistical
 
 
 class PcapCompare:
@@ -48,6 +37,7 @@ class PcapCompare:
         layers: List[str] | None = None,
         force_load: bool = False,
         force_overwrite: bool = False,
+        merge_files: bool = False,
     ) -> None:
         """Create a compare object."""
         self.pcap_files = pcap_files
@@ -63,6 +53,9 @@ class PcapCompare:
         self.layers = layers
         self.force_overwrite = force_overwrite
         self.force_load = force_load
+        self.merge_files = merge_files
+
+        self.algorithm = ComparisonStatistical()
 
     @property
     def pcap_files(self) -> List[str]:
@@ -82,97 +75,6 @@ class PcapCompare:
     def reports(self, newvalue: List[dict]) -> None:
         self._reports = newvalue
 
-    def compare_dissections(self, left_side: dict, right_side: dict) -> dict:
-        """Compare two dissections."""
-        report = {}
-
-        keys = set(left_side.keys())
-        keys = keys.union(right_side.keys())
-        for key in keys:
-            report[key] = {}
-
-            if key not in left_side:
-                left_side[key] = {}
-            left_side_total = sum(left_side[key].values())
-
-            if key not in right_side:
-                right_side[key] = {}
-            right_side_total = sum(right_side[key].values())
-
-            new_left_count = 0
-            for subkey in left_side[key]:
-                delta_percentage = 0.0
-                total = 0
-                if subkey in right_side[key]:
-                    left_percentage = left_side[key][subkey] / left_side_total
-                    right_percentage = right_side[key][subkey] / right_side_total
-                    delta_percentage = right_percentage - left_percentage
-                    total = right_side[key][subkey] + left_side[key][subkey]
-                    left_count = left_side[key][subkey]
-                    right_count = right_side[key][subkey]
-                else:
-                    delta_percentage = -1.0
-                    left_percentage = left_side[key][subkey] / left_side_total
-                    right_percentage = 0.0
-                    total = -left_side[key][subkey]
-                    left_count = left_side[key][subkey]
-                    right_count = 0
-                    new_left_count += 1
-
-                delta_absolute = right_count - left_count
-                report[key][subkey] = Report(
-                    delta_percentage=delta_percentage,
-                    delta_absolute=delta_absolute,
-                    total=total,
-                    left_count=left_count,
-                    right_count=right_count,
-                    left_percentage=left_percentage,
-                    right_percentage=right_percentage,
-                )
-
-            new_right_count = 0
-            for subkey in right_side[key]:
-                if subkey not in report[key]:
-                    delta_percentage = 1.0
-                    total = right_side[key][subkey]
-                    left_count = 0
-                    right_count = right_side[key][subkey]
-                    left_percentage = 0.0
-                    right_percentage = right_side[key][subkey] / right_side_total
-                    new_right_count += 1  # this value wasn't in the left
-
-                    report[key][subkey] = Report(
-                        delta_percentage=delta_percentage,
-                        delta_absolute=right_count,
-                        total=total,
-                        left_count=left_count,
-                        right_count=right_count,
-                        left_percentage=left_percentage,
-                        right_percentage=right_percentage,
-                    )
-
-            if right_side_total == 0:
-                right_percent = 100
-            else:
-                right_percent = new_right_count / right_side_total
-
-            if left_side_total == 0:
-                left_percent = 100
-            else:
-                left_percent = new_left_count / left_side_total
-
-            report[key][Dissection.NEW_RIGHT_SUBKEY] = Report(
-                delta_absolute=new_right_count - new_left_count,
-                total=new_left_count + new_right_count,
-                left_count=new_left_count,
-                right_count=new_right_count,
-                left_percentage=left_percent,
-                right_percentage=right_percent,
-                delta_percentage=right_percent - left_percent,
-            )
-
-        return Comparison(report)
-
     def load_pcaps(self) -> None:
         """Load all pcaps into memory and dissect them."""
         # load the first as a reference pcap
@@ -188,6 +90,7 @@ class PcapCompare:
             layers=self.layers,
             force_load=self.force_load,
             force_overwrite=self.force_overwrite,
+            merge_files=self.merge_files,
         )
         return pdm.load_all()
 
@@ -200,19 +103,34 @@ class PcapCompare:
     def compare_all(self, dissections: List[Dissection]) -> List[Comparison]:
         """Compare all loaded pcaps."""
         reports = []
-        if len(self.pcap_files) > 1:
+
+        # hack to figure out if there is at least two instances of a generator
+        # without actually extracting them all
+        # (since it could be memory expensive)
+        reference = next(dissections)
+        other = None
+        multiple = True
+        try:
+            other = next(dissections)
+            dissections = itertools.chain([other], dissections)
+        except Exception as e:
+            print(e)
+            multiple = False
+
+        if multiple:
             # multiple file comparison
-            reference = next(dissections)
             for other in dissections:
                 # compare the two global summaries
 
-                report = self.compare_dissections(reference.data[0], other.data[0])
+                report = self.algorithm.compare_dissections(
+                    reference.data[0], other.data[0]
+                )
                 report.title = f"{reference.pcap_file} vs {other.pcap_file}"
 
                 reports.append(report)
         else:
             # deal with timestamps within a single file
-            reference = list(dissections)[0].data
+            reference = reference.data
             timestamps = list(reference.keys())
             if len(timestamps) <= 2:  # just 0-summary plus a single stamp
                 error(
@@ -240,7 +158,7 @@ class PcapCompare:
 
                 debug(f"comparing timestamps {time_left} and {time_right}")
 
-                report = self.compare_dissections(
+                report = self.algorithm.compare_dissections(
                     reference[time_left],
                     reference[time_right],
                 )
@@ -293,7 +211,7 @@ def compare_add_parseargs(
     )
 
     compare_parser.add_argument(
-        "-x",
+        "-R",
         "--top-records",
         default=None,
         type=int,
@@ -338,4 +256,5 @@ def get_comparison_args(args: Namespace) -> dict:
         "top_records": args.top_records,
         "reverse_sort": args.reverse_sort,
         "sort_by": args.sort_by,
+        "merge_files": args.merge,
     }

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/dissection.py

@@ -416,7 +416,9 @@ class Dissection:
         try:
             if isinstance(value, bytes):
                 if value_type in Dissection.DISPLAY_TRANSFORMERS:
-                    value = str(Dissection.DISPLAY_TRANSFORMERS[value_type](value))
+                    value = str(
+                        Dissection.DISPLAY_TRANSFORMERS[value_type](value_type, value)
+                    )
                 else:
                     value = "0x" + value.hex()
             else:
@@ -432,7 +434,7 @@ class Dissection:
         return value
 
     @staticmethod
-    def print_mac_address(value: bytes) -> str:
+    def print_mac_address(value_type: str, value: bytes) -> str:
         """Convert bytes to ethernet mac style address."""
 
         # TODO(hardaker): certainly inefficient
@@ -441,12 +443,17 @@ class Dissection:
 
         return ":".join(map(two_hex, value))
 
+    @staticmethod
+    def print_ip_address(value_type: str, value: bytes) -> str:
+        """Convert binary bytes to IP addresses (v4 and v6)."""
+        return ipaddress.ip_address(value)
+
     # has to go at the end to pick up the above function names
     DISPLAY_TRANSFORMERS: ClassVar[Dict[str, callable]] = {
-        "Ethernet_IP_src": ipaddress.ip_address,
-        "Ethernet_IP_dst": ipaddress.ip_address,
-        "Ethernet_IP6_src": ipaddress.ip_address,
-        "Ethernet_IP6_dst": ipaddress.ip_address,
+        "Ethernet_IP_src": print_ip_address,
+        "Ethernet_IP_dst": print_ip_address,
+        "Ethernet_IP6_src": print_ip_address,
+        "Ethernet_IP6_dst": print_ip_address,
         "Ethernet_src": print_mac_address,
         "Ethernet_dst": print_mac_address,
     }

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/dissectmany.py

@@ -120,6 +120,16 @@ class PCAPDissectMany:
         # use all available resources
         with ProcessPoolExecutor() as executor:
             dissections = executor.map(self.load_pcap, self.pcap_files)
-            if return_as_list:  # convert from generator
+
+            # all loaded files should be merged as if they are one
+            if self.kwargs["merge_files"]:
+                dissection = next(dissections)
+                for to_be_merged in dissections:
+                    dissection.merge(to_be_merged)
+
+                dissections = [dissection]
+
+            elif return_as_list:  # convert from generator
                 dissections = list(dissections)
+
             return dissections

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/dissector.py

@@ -6,10 +6,14 @@ import sys
 from collections import Counter, defaultdict
 from logging import error, warning
 from typing import List
+import importlib
 
 from rich import print
 
 from traffic_taffy.dissection import Dissection, PCAPDissectorLevel
+from traffic_taffy.hooks import call_hooks
+
+POST_DISSECT_HOOK: str = "post_dissect"
 
 
 class PCAPDissector:
@@ -28,6 +32,7 @@ class PCAPDissector:
         layers: List[str] | None = None,
         force_overwrite: bool = False,
         force_load: bool = False,
+        merge_files: bool = False,  # Note: unused for a single load
     ) -> None:
         """Create a dissector object."""
         if ignore_list is None:
@@ -119,6 +124,8 @@ class PCAPDissector:
             engine = DissectionEngineDpkt(*args)
 
         self.dissection = engine.load()
+        call_hooks(POST_DISSECT_HOOK, dissection=self.dissection)
+
         if self.cache_results:
             self.dissection.save_to_cache()
         return self.dissection
@@ -256,6 +263,22 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
         help="List of extra layers to load (eg: tls, http, etc)",
     )
 
+    parser.add_argument(
+        "-x",
+        "--modules",
+        default=None,
+        type=str,
+        nargs="*",
+        help="Extra processing modules to load (currently: psl) ",
+    )
+
+    parser.add_argument(
+        "--merge",
+        "--merge-files",
+        action="store_true",
+        help="Dissect multiple files as one.  (compare by time)",
+    )
+
     parser.add_argument(
         "-C",
         "--cache-pcap-results",
@@ -318,6 +341,22 @@ def limitor_add_parseargs(parser, add_subgroup: bool = True):
     return parser
 
 
+def dissector_handle_arguments(args) -> None:
+    check_dissector_level(args.dissection_level)
+    dissector_load_extra_modules(args.modules)
+
+
+def dissector_load_extra_modules(modules: List[str]) -> None:
+    """Loads extra modules"""
+    if not modules:
+        return
+    for module in modules:
+        try:
+            importlib.import_module(f"traffic_taffy.hooks.{module}")
+        except Exception as exp:
+            error(f"failed to load module {module}: {exp}")
+
+
 def check_dissector_level(level: int):
     """Check that the dissector level is legal."""
     current_dissection_levels = [

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/graph.py

@@ -34,6 +34,7 @@ class PcapGraph(PcapGraphData):
         layers: List[str] | None = None,
         force_overwrite: bool = False,
         force_load: bool = False,
+        merge_files: bool = False,  # unused
     ):
         """Create an instance of a graphing object."""
         self.pcap_files = pcap_files
@@ -55,6 +56,7 @@ class PcapGraph(PcapGraphData):
         self.layers = layers
         self.force_overwrite = force_overwrite
         self.force_load = force_load
+        self.merge_files = merge_files
 
         super().__init__()
 
@@ -75,6 +77,7 @@ class PcapGraph(PcapGraphData):
             layers=self.layers,
             force_overwrite=self.force_overwrite,
             force_load=self.force_load,
+            merge_files=self.merge_files,
         )
         self.dissections = pdm.load_all()
         info("done reading pcap files")

traffic_taffy-0.8.1/traffic_taffy/hooks/__init__.py

@@ -0,0 +1,38 @@
+from collections import defaultdict
+
+# __path__ = extend_path(__path__, __name__)
+
+from functools import wraps
+
+hooks = defaultdict(list)
+
+
+def register_hook(hook):
+    def decorator(function):
+        hooks[hook].append(function)
+
+        @wraps(function)
+        def _wrap(*args, **kwargs):
+            return function(*args, **kwargs)
+
+        return _wrap
+
+    return decorator
+
+
+def call_hooks(spot, *args, **kwargs):
+    for hook in hooks[spot]:
+        hook(*args, **kwargs)
+
+
+def main():
+    @register_hook("hookspot")
+    def test_hook():
+        print("world!!!")
+
+    print("hello")
+    call_hooks("hookspot")
+
+
+if __name__ == "__main__":
+    main()

traffic_taffy-0.8.1/traffic_taffy/hooks/ip2asn.py

@@ -0,0 +1,49 @@
+from pathlib import Path
+from logging import error, info, debug
+import ip2asn
+
+from traffic_taffy.hooks import register_hook
+from traffic_taffy.dissector import POST_DISSECT_HOOK
+from traffic_taffy.dissection import Dissection
+
+if not Path("ip2asn-combined.tsv").exists():
+    error("The ip2asn plugin requires a ip2asn-combined.tsv in this directory")
+    error("Please download it from https://iptoasn.com/")
+
+info("loading ip2asn-combined.tsv")
+i2a = ip2asn.IP2ASN("ip2asn-combined.tsv")
+info("  ... loaded")
+
+
+@register_hook(POST_DISSECT_HOOK)
+def ip_to_asn(dissection: Dissection, **kwargs):
+    timestamps = dissection.data.keys()
+
+    for timestamp in timestamps:
+        keys = list(dissection.data[timestamp].keys())
+
+        for key in keys:
+            key = str(key)
+            if (
+                key.endswith("IP_src")
+                or key.endswith("IP_dst")
+                or key.endswith("IPv6_src")
+                or key.endswith("IPv6_dst")
+            ):
+                for value in dissection.data[timestamp][key]:
+                    count = dissection.data[timestamp][key][value]
+                    details = None
+                    try:
+                        details = i2a.lookup_address(value)
+                    except Exception:
+                        debug("failed to parse address: {value}")
+                    if not details:
+                        continue
+
+                    dissection.data[timestamp][key + "_ASN"][details["ASN"]] += count
+                    dissection.data[timestamp][key + "_country"][
+                        details["country"]
+                    ] += count
+                    dissection.data[timestamp][key + "_owner"][
+                        details["owner"]
+                    ] += count

traffic_taffy-0.8.1/traffic_taffy/hooks/psl.py

@@ -0,0 +1,42 @@
+from traffic_taffy.hooks import register_hook
+from traffic_taffy.dissector import POST_DISSECT_HOOK
+from traffic_taffy.dissection import Dissection
+
+import dnssplitter
+
+splitter = dnssplitter.DNSSplitter()
+splitter.init_tree()
+
+
+@register_hook(POST_DISSECT_HOOK)
+def split_dns_names(dissection: Dissection, **kwargs):
+    timestamps = dissection.data.keys()
+
+    for timestamp in timestamps:
+        keys = list(dissection.data[timestamp].keys())
+
+        for key in keys:
+            key = str(key)
+            if (
+                key.endswith("_qname")
+                or key.endswith("_mname")
+                or key.endswith("_rrname")
+            ):
+                for value in dissection.data[timestamp][key]:
+                    count = dissection.data[timestamp][key][value]
+                    results = splitter.search_tree(value)
+                    if not results or not results[2]:
+                        continue
+                    (
+                        prefix,
+                        registered_domain,
+                        registration_point,
+                    ) = results
+                    if registration_point:
+                        dissection.data[timestamp][key + "_prefix"][prefix] += count
+                        dissection.data[timestamp][key + "_domain"][
+                            registered_domain
+                        ] += count
+                        dissection.data[timestamp][key + "_psl"][
+                            registration_point
+                        ] += count

traffic_taffy-0.8.1/traffic_taffy/report.py

@@ -0,0 +1,12 @@
+from dataclasses import dataclass
+
+
+@dataclass
+class Report:
+    delta_percentage: float
+    delta_absolute: int
+    total: int
+    left_count: int
+    right_count: int
+    left_percentage: float
+    right_percentage: float

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tests/test_compare_results.py

@@ -1,8 +1,9 @@
 from collections import Counter
-from traffic_taffy.compare import PcapCompare, Report
+from traffic_taffy.report import Report
+from traffic_taffy.algorithms.statistical import ComparisonStatistical
 
 
-def test_compare_results():
+def test_compare_statistical_algorithm():
     left_data = {0: {"src": Counter({"a": 5, "b": 10})}}  # total = 15
     right_data = {0: {"src": Counter({"a": 15, "c": 15})}}  # total = 30
 
@@ -48,7 +49,7 @@ def test_compare_results():
         }
     }
 
-    pc = PcapCompare([1, 2])  # bogus file names
-    report = pc.compare_dissections(left_data[0], right_data[0])
+    algorithm = ComparisonStatistical()  # bogus file names
+    report = algorithm.compare_dissections(left_data[0], right_data[0])
 
     assert report.contents == expected

traffic_taffy-0.8.1/traffic_taffy/tests/test_dpkt_engine.py

@@ -0,0 +1,15 @@
+import os
+from traffic_taffy.dissection import PCAPDissectorLevel
+from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
+
+def test_dpkt_engine():
+    test_pcap = "dns.pcap"
+    test_pcap = "port53-2023-30-31_20.pcap"
+    test_pcap = "airplane-wireless.pcap"
+    if not os.path.exists(test_pcap):
+        return
+
+    engine = DissectionEngineDpkt(test_pcap,
+                                  dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
+    dissection = engine.load()
+

traffic_taffy-0.8.1/traffic_taffy/tests/test_hooks.py

@@ -0,0 +1,46 @@
+from traffic_taffy.hooks import register_hook, call_hooks
+
+into_hook = 1
+
+
+def test_register_and_call_hook():
+    @register_hook("testhook")
+    def hook_callback():
+        global into_hook
+        into_hook += 1
+
+    call_hooks("testhookDNE")
+    assert into_hook == 1
+
+    call_hooks("testhook")
+    assert into_hook == 2
+
+
+def test_register_and_call_hook_with_args():
+    @register_hook("testhook_storage")
+    def hook_callback(storage, key, value):
+        storage[key] = value
+
+    the_storage = {}
+
+    call_hooks("testhook_storage", the_storage, "testkey", "testvalue")
+    assert the_storage == {"testkey": "testvalue"}
+
+    call_hooks("testhook_storage", the_storage, "otherkey", 4)
+    assert the_storage == {"testkey": "testvalue", "otherkey": 4}
+
+
+def test_register_and_call_hook_with_kwargs():
+    @register_hook("testhook_storage")
+    def hook_callback(storage={}, key=None, value=None):
+        storage[key] = value
+
+    the_storage = {}
+
+    call_hooks(
+        "testhook_storage", storage=the_storage, key="testkey", value="testvalue"
+    )
+    assert the_storage == {"testkey": "testvalue"}
+
+    call_hooks("testhook_storage", key="otherkey", value=4, storage=the_storage)
+    assert the_storage == {"testkey": "testvalue", "otherkey": 4}

traffic_taffy-0.8.1/traffic_taffy/tests/test_splitter.py

@@ -0,0 +1,45 @@
+from traffic_taffy.dissection import Dissection
+from traffic_taffy.dissector import POST_DISSECT_HOOK
+from traffic_taffy.hooks import call_hooks
+import traffic_taffy.hooks.psl
+
+
+def test_splitter_module():
+    dissection = Dissection("bogus")
+    dissection.incr("foo", "bar")
+    dissection.incr("foo_qname", "www.example.com")
+    dissection.incr("foo_qname", "www.example.net")
+    dissection.incr("foo_mname", "www.example.co.uk")
+    dissection.incr("foo_qname", "bogus.__doesntexist")
+
+    # bogus to avoid ruff removing the import
+    traffic_taffy.hooks.psl.splitter = traffic_taffy.hooks.psl.splitter
+
+    assert dissection.data[0] == {
+        "foo": {"bar": 1},
+        "foo_qname": {
+            "www.example.com": 1,
+            "www.example.net": 1,
+            "bogus.__doesntexist": 1,
+        },
+        "foo_mname": {"www.example.co.uk": 1},
+    }
+
+    call_hooks(POST_DISSECT_HOOK, dissection)
+
+    test_result = {
+        "foo": {"bar": 1},
+        "foo_mname": {"www.example.co.uk": 1},
+        "foo_mname_prefix": {"www": 1},
+        "foo_mname_domain": {"example.co.uk": 1},
+        "foo_mname_psl": {"co.uk": 1},
+        "foo_qname": {
+            "www.example.com": 1,
+            "www.example.net": 1,
+            "bogus.__doesntexist": 1,
+        },
+        "foo_qname_prefix": {"www": 2},
+        "foo_qname_domain": {"example.com": 1, "example.net": 1},
+        "foo_qname_psl": {"com": 1, "net": 1},
+    }
+    assert dissection.data[0] == test_result

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tests/test_value_printing.py

@@ -3,7 +3,7 @@ from traffic_taffy.dissection import Dissection
 
 def test_printable():
     assert (
-        Dissection.make_printable("Ethernet.IP.dst", b"\x7f\x00\x00\x01") == "127.0.0.1"
+        Dissection.make_printable("Ethernet_IP_dst", b"\x7f\x00\x00\x01") == "127.0.0.1"
     )
 
     assert Dissection.make_printable("badtype", b"\x7f\x00\x00\x01") == "0x7f000001"

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tools/compare.py

@@ -3,6 +3,7 @@
 import sys
 from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter, Namespace
 import logging
+from logging import error
 from traffic_taffy.output.console import Console
 from traffic_taffy.output.fsdb import Fsdb
 
@@ -10,7 +11,7 @@ from traffic_taffy.compare import compare_add_parseargs, get_comparison_args
 from traffic_taffy.dissector import (
     dissector_add_parseargs,
     limitor_add_parseargs,
-    check_dissector_level,
+    dissector_handle_arguments,
 )
 from traffic_taffy.compare import PcapCompare
 
@@ -50,7 +51,7 @@ def parse_args() -> Namespace:
     log_level = args.log_level.upper()
     logging.basicConfig(level=log_level, format="%(levelname)-10s:\t%(message)s")
 
-    check_dissector_level(args.dissection_level)
+    dissector_handle_arguments(args)
 
     return args
 
@@ -89,12 +90,14 @@ def main() -> None:
             layers=args.layers,
             force_load=args.force_load,
             force_overwrite=args.force_overwrite,
+            merge_files=args.merge,
         )
 
         # compare the pcaps
         try:
             reports = pc.compare()
-        except ValueError:
+        except ValueError as e:
+            error(e)
             sys.exit()
 
         if args.fsdb:

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tools/dissect.py

@@ -1,9 +1,11 @@
 """Performs generic dissection of a PCAP file."""
+import sys
 import logging
+from logging import error
 from traffic_taffy.dissector import (
     dissector_add_parseargs,
     limitor_add_parseargs,
-    check_dissector_level,
+    dissector_handle_arguments,
     PCAPDissector,
 )
 from traffic_taffy.dissectmany import PCAPDissectMany
@@ -53,7 +55,7 @@ def main() -> None:
 
     args = parse_args()
 
-    check_dissector_level(args.dissection_level)
+    dissector_handle_arguments(args)
 
     # load all the files
     pdm = PCAPDissectMany(
@@ -68,8 +70,13 @@ def main() -> None:
         layers=args.layers,
         force_overwrite=args.force_overwrite,
         force_load=args.force_load,
+        merge_files=args.merge,
     )
-    dissections = pdm.load_all(return_as_list=True, dont_fork=args.dont_fork)
+    try:
+        dissections = pdm.load_all(return_as_list=True, dont_fork=args.dont_fork)
+    except ValueError as e:
+        error(e)
+        sys.exit()
 
     # merge them into a single dissection
     dissection = dissections.pop(0)

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tools/explore.py

@@ -10,7 +10,7 @@ from argparse import ArgumentParser, ArgumentDefaultsHelpFormatter, Namespace
 from traffic_taffy.dissector import (
     dissector_add_parseargs,
     limitor_add_parseargs,
-    check_dissector_level,
+    dissector_handle_arguments,
 )
 from traffic_taffy.dissection import Dissection
 from traffic_taffy.graphdata import PcapGraphData
@@ -180,6 +180,7 @@ class TaffyExplorer(QDialog, PcapGraphData):
             layers=self.args.layers,
             force_load=self.args.force_load,
             force_overwrite=self.args.force_overwrite,
+            merge_files=self.args.merge,
         )
 
         # create the graph data storage
@@ -638,7 +639,7 @@ def parse_args() -> Namespace:
     log_level = args.log_level.upper()
     logging.basicConfig(level=log_level, format="%(levelname)-10s:\t%(message)s")
 
-    check_dissector_level(args.dissection_level)
+    dissector_handle_arguments(args)
 
     return args
 

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tools/export.py

@@ -8,9 +8,9 @@ import pyfsdb
 
 from traffic_taffy.dissectmany import PCAPDissectMany
 from traffic_taffy.dissector import (
-    check_dissector_level,
     dissector_add_parseargs,
     limitor_add_parseargs,
+    dissector_handle_arguments,
 )
 
 
@@ -52,7 +52,7 @@ def main() -> None:
     """Export traffic-taffy data into an FSDB file."""
     args = parse_args()
 
-    check_dissector_level(args.dissection_level)
+    dissector_handle_arguments(args)
 
     pdm = PCAPDissectMany(
         args.input_pcaps,
@@ -66,6 +66,7 @@ def main() -> None:
         layers=args.layers,
         force_load=args.force_load,
         force_overwrite=args.force_overwrite,
+        merge_files=args.merge,
     )
 
     dissections = pdm.load_all(return_as_list=True)

{traffic_taffy-0.6.4 → traffic_taffy-0.8.1}/traffic_taffy/tools/graph.py

@@ -5,7 +5,7 @@ from traffic_taffy.graph import PcapGraph
 from traffic_taffy.dissector import (
     dissector_add_parseargs,
     limitor_add_parseargs,
-    check_dissector_level,
+    dissector_handle_arguments,
 )
 import logging
 
@@ -63,7 +63,7 @@ def main() -> None:
     """Run taffy-graph."""
     args = parse_args()
 
-    check_dissector_level(args.dissection_level)
+    dissector_handle_arguments(args)
 
     pc = PcapGraph(
         args.input_pcaps,
@@ -83,6 +83,7 @@ def main() -> None:
         layers=args.layers,
         force_overwrite=args.force_overwrite,
         force_load=args.force_load,
+        merge_files=args.merge,
     )
     pc.graph_it()
 

traffic_taffy-0.6.4/traffic_taffy/__init__.py

@@ -1 +0,0 @@
-__VERSION__ = "0.6.4"