traffic-taffy 0.8.1__py3-none-any.whl → 0.9__py3-none-any.whl

traffic_taffy/dissector.py

@@ -4,54 +4,149 @@ from __future__ import annotations
 
 import sys
 from collections import Counter, defaultdict
-from logging import error, warning
+from logging import error, warning, debug, info
 from typing import List
 import importlib
+from typing import TYPE_CHECKING, Any
 
 from rich import print
 
 from traffic_taffy.dissection import Dissection, PCAPDissectorLevel
 from traffic_taffy.hooks import call_hooks
+from traffic_taffy.taffy_config import TaffyConfig, taffy_default
+
+if TYPE_CHECKING:
+    from argparse import Parser
+
+
+class TTD_CFG:
+    KEY_DISSECTOR: str = "dissect"
+
+    BIN_SIZE: str = "bin_size"
+    CACHE_FILE_SUFFIX: str = "cache_file_suffix"
+    CACHE_PCAP_RESULTS: str = "cache_pcap_results"
+    DISSECTION_LEVEL: str = "dissection_level"
+    FILTER: str = "filter"
+    FILTER_ARGUMENTS: str = "filter_arguments"
+    FORCE_LOAD: str = "force_load"
+    FORCE_OVERWRITE: str = "force_overwrite"
+    IGNORE_LIST: str = "ignore_list"
+    LAYERS: str = "layers"
+    MERGE: str = "merge"
+    MODULES: str = "use_modules"
+    PACKET_COUNT: str = "packet_count"
+
+
+class TTL_CFG:
+    KEY_LIMITOR: str = "limit_output"
+
+    MATCH_EXPRESSION: str = "match_expression"
+    MATCH_STRING: str = "match_string"
+    MATCH_VALUE: str = "match_value"
+    MINIMUM_COUNT: str = "minimum_count"
+
 
 POST_DISSECT_HOOK: str = "post_dissect"
 
 
+def dissector_default(name: str, value: Any) -> None:
+    taffy_default(TTD_CFG.KEY_DISSECTOR + "." + name, value)
+
+
+dissector_default("dissection_level", PCAPDissectorLevel.THROUGH_IP.value)
+dissector_default("packet_count", 0)
+dissector_default("bin_size", None)
+dissector_default("filter", None)
+dissector_default("layers", [])
+dissector_default("use_modules", None)
+dissector_default("merge", False)
+dissector_default("cache_pcap_results", False)
+dissector_default("force_overwrite", False)
+dissector_default("force_load", False)
+dissector_default("cache_file_suffix", "taffy")
+dissector_default("maximum_cores", 20)  # TODO(hardaker): fix double forking
+
+
+def limitor_default(name: str, value: Any) -> None:
+    taffy_default(TTL_CFG.KEY_LIMITOR + "." + name, value)
+
+
+limitor_default("match_string", None)
+limitor_default("match_value", None)
+limitor_default("match_expression", None)
+limitor_default("minimum_count", None)
+
+dissector_default(
+    "ignore_list",
+    [
+        "Ethernet_IP_TCP_seq",
+        "Ethernet_IP_TCP_ack",
+        "Ethernet_IPv6_TCP_seq",
+        "Ethernet_IPv6_TCP_ack",
+        "Ethernet_IPv6_TCP_Raw_load",
+        "Ethernet_IP_UDP_Raw_load",
+        "Ethernet_IP_UDP_DNS_id",
+        "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_chksum",
+        "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_Raw_load",
+        "Ethernet_IP_ICMP_IP in ICMP_chksum",
+        "Ethernet_IP_ICMP_IP in ICMP_id",
+        "Ethernet_IP_TCP_DNS_id",
+        "Ethernet_IPv6_UDP_DNS_id",
+        "Ethernet_IPv6_TCP_DNS_id",
+        "Ethernet_IP_id",
+        "Ethernet_IP_chksum",
+        "Ethernet_IP_UDP_chksum",
+        "Ethernet_IP_TCP_chksum",
+        "Ethernet_IP_TCP_window",
+        "Ethernet_IP_TCP_Raw_load",
+        "Ethernet_IP_UDP_Raw_load",
+        "Ethernet_IPv6_UDP_chksum",
+        "Ethernet_IPv6_fl",
+        "Ethernet_IP_ICMP_chksum",
+        "Ethernet_IP_ICMP_id",
+        "Ethernet_IP_ICMP_seq",
+        "Ethernet_IP_TCP_Padding_load",
+        "Ethernet_IP_TCP_window",
+        "Ethernet_IPv6_TCP_chksum",
+        "Ethernet_IPv6_plen",
+        "Ethernet_IP_TCP_Encrypted Content_load",
+        "Ethernet_IP_TCP_TLS_TLS_Raw_load",
+    ],
+)
+
+
 class PCAPDissector:
     """loads a pcap file and counts the contents in both time and depth."""
 
     def __init__(
         self,
         pcap_file: str,
-        bin_size: int = 0,
-        maximum_count: int = 0,
-        dissector_level: PCAPDissectorLevel = PCAPDissectorLevel.DETAILED,
-        pcap_filter: str | None = None,
-        cache_results: bool = False,
-        cache_file_suffix: str = "taffy",
-        ignore_list: list | None = None,
-        layers: List[str] | None = None,
-        force_overwrite: bool = False,
-        force_load: bool = False,
-        merge_files: bool = False,  # Note: unused for a single load
+        config: TaffyConfig | None = None,
     ) -> None:
         """Create a dissector object."""
-        if ignore_list is None:
-            ignore_list = []
         self.pcap_file = pcap_file
-        self.dissector_level = dissector_level
-        self.pcap_filter = pcap_filter
-        self.maximum_count = maximum_count
-        self.cache_results = cache_results
-        self.bin_size = bin_size
-        if cache_file_suffix[0] != ".":
-            cache_file_suffix = "." + cache_file_suffix
-        self.cache_file_suffix = cache_file_suffix
-        self.ignore_list = ignore_list
-        self.layers = layers
-        self.force_overwrite = force_overwrite
-        self.force_load = force_load
-
-        if dissector_level == PCAPDissectorLevel.COUNT_ONLY and bin_size == 0:
+        self.config = config
+        if not self.config:
+            config = TaffyConfig()
+
+        dissection_config = config[TTD_CFG.KEY_DISSECTOR]
+
+        self.dissector_level = dissection_config[TTD_CFG.DISSECTION_LEVEL]
+        self.pcap_filter = dissection_config[TTD_CFG.FILTER]
+        self.maximum_count = dissection_config[TTD_CFG.PACKET_COUNT]
+        self.cache_results = dissection_config[TTD_CFG.CACHE_PCAP_RESULTS]
+        self.bin_size = dissection_config[TTD_CFG.BIN_SIZE]
+        self.cache_file_suffix = dissection_config[TTD_CFG.CACHE_FILE_SUFFIX]
+        if self.cache_file_suffix[0] != ".":
+            self.cache_file_suffix = "." + self.cache_file_suffix
+        self.ignore_list = dissection_config[TTD_CFG.IGNORE_LIST]
+        if self.ignore_list is None:
+            self.ignore_list = []
+        self.layers = dissection_config[TTD_CFG.LAYERS]
+        self.force_overwrite = dissection_config[TTD_CFG.FORCE_OVERWRITE]
+        self.force_load = dissection_config[TTD_CFG.FORCE_LOAD]
+
+        if self.dissector_level == PCAPDissectorLevel.COUNT_ONLY and self.bin_size == 0:
             warning("counting packets only with no binning is unlikely to be helpful")
 
     @property
@@ -79,6 +174,7 @@ class PCAPDissector:
     def load_from_cache(
         self: PCAPDissector, force_overwrite: bool = False, force_load: bool = False
     ) -> Dissection:
+        """Load dissector contents from a cached file."""
         if self.cache_results:
             args = self.dissection_args()
             self.dissection = Dissection(*args)
@@ -123,7 +219,9 @@ class PCAPDissector:
 
             engine = DissectionEngineDpkt(*args)
 
+        debug(f"dissecting using {engine}")
         self.dissection = engine.load()
+        debug("done dissecting")
         call_hooks(POST_DISSECT_HOOK, dissection=self.dissection)
 
         if self.cache_results:
@@ -136,6 +234,7 @@ class PCAPDissector:
         match_string: str | None = None,
         match_value: str | None = None,
         minimum_count: int | None = None,
+        match_expression: str | None = None,
     ) -> None:
         """Print the results to the console."""
         if timestamps is None:
@@ -146,6 +245,7 @@ class PCAPDissector:
             match_value=match_value,
             minimum_count=minimum_count,
             make_printable=True,
+            match_expression=match_expression,
         ):
             print(f"{key:<30} {subkey:<30} {value}")
 
@@ -155,6 +255,7 @@ class PCAPDissector:
         match_string: str | None = None,
         match_value: str | None = None,
         minimum_count: int | None = None,
+        match_expression: str | None = None,
     ) -> None:
         """Output the results in an FSDB file."""
         if timestamps is None:
@@ -172,19 +273,28 @@ class PCAPDissector:
             match_value=match_value,
             minimum_count=minimum_count,
             make_printable=True,
+            match_expression=match_expression,
         ):
             fh.append([key, subkey, value])
         fh.close()
 
 
-def dissector_add_parseargs(parser, add_subgroup: bool = True):
+def dissector_add_parseargs(
+    parser: Parser, config: TaffyConfig | None = None, add_subgroup: bool = True
+) -> None:
+    """Add arguments related to disection."""
     if add_subgroup:
-        parser = parser.add_argument_group("Parsing Options")
+        parser = parser.add_argument_group("Dissection Options", config_path="dissect")
+
+    if not config:
+        config = TaffyConfig()
 
+    dissection_config = config[TTD_CFG.KEY_DISSECTOR]
     parser.add_argument(
         "-d",
         "--dissection-level",
-        default=PCAPDissectorLevel.THROUGH_IP.value,
+        config_path=TTD_CFG.DISSECTION_LEVEL,
+        default=dissection_config[TTD_CFG.DISSECTION_LEVEL],
         type=int,
         help="Dump to various levels of detail (1-10, with 10 is the most detailed and slowest)",
     )
@@ -192,40 +302,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-I",
         "--ignore-list",
-        default=[
-            "Ethernet_IP_TCP_seq",
-            "Ethernet_IP_TCP_ack",
-            "Ethernet_IPv6_TCP_seq",
-            "Ethernet_IPv6_TCP_ack",
-            "Ethernet_IPv6_TCP_Raw_load",
-            "Ethernet_IP_UDP_Raw_load",
-            "Ethernet_IP_UDP_DNS_id",
-            "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_chksum",
-            "Ethernet_IP_ICMP_IP in ICMP_UDP in ICMP_Raw_load",
-            "Ethernet_IP_ICMP_IP in ICMP_chksum",
-            "Ethernet_IP_ICMP_IP in ICMP_id",
-            "Ethernet_IP_TCP_DNS_id",
-            "Ethernet_IPv6_UDP_DNS_id",
-            "Ethernet_IPv6_TCP_DNS_id",
-            "Ethernet_IP_id",
-            "Ethernet_IP_chksum",
-            "Ethernet_IP_UDP_chksum",
-            "Ethernet_IP_TCP_chksum",
-            "Ethernet_IP_TCP_window",
-            "Ethernet_IP_TCP_Raw_load",
-            "Ethernet_IP_UDP_Raw_load",
-            "Ethernet_IPv6_UDP_chksum",
-            "Ethernet_IPv6_fl",
-            "Ethernet_IP_ICMP_chksum",
-            "Ethernet_IP_ICMP_id",
-            "Ethernet_IP_ICMP_seq",
-            "Ethernet_IP_TCP_Padding_load",
-            "Ethernet_IP_TCP_window",
-            "Ethernet_IPv6_TCP_chksum",
-            "Ethernet_IPv6_plen",
-            "Ethernet_IP_TCP_Encrypted Content_load",
-            "Ethernet_IP_TCP_TLS_TLS_Raw_load",
-        ],
+        config_path=TTD_CFG.IGNORE_LIST,
+        default=dissection_config[TTD_CFG.IGNORE_LIST],
         nargs="*",
         type=str,
         help="A list of (unlikely to be useful) packet fields to ignore",
@@ -234,7 +312,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-n",
         "--packet-count",
-        default=0,
+        config_path=TTD_CFG.PACKET_COUNT,
+        default=dissection_config[TTD_CFG.PACKET_COUNT],
         type=int,
         help="Maximum number of packets to analyze",
     )
@@ -242,6 +321,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-b",
         "--bin-size",
+        config_path=TTD_CFG.BIN_SIZE,
+        default=dissection_config[TTD_CFG.BIN_SIZE],
         type=int,
         help="Bin results into this many seconds",
     )
@@ -249,7 +330,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-F",
         "--filter",
-        default=None,
+        config_path=TTD_CFG.FILTER,
+        default=dissection_config[TTD_CFG.FILTER],
         type=str,
         help="filter to apply to the pcap file when processing",
     )
@@ -257,7 +339,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-L",
         "--layers",
-        default=[],
+        config_path=TTD_CFG.LAYERS,
+        default=dissection_config[TTD_CFG.LAYERS],
         type=str,
         nargs="*",
         help="List of extra layers to load (eg: tls, http, etc)",
@@ -266,7 +349,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-x",
         "--modules",
-        default=None,
+        config_path=TTD_CFG.MODULES,
+        default=dissection_config[TTD_CFG.MODULES],
         type=str,
         nargs="*",
         help="Extra processing modules to load (currently: psl) ",
@@ -275,6 +359,8 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "--merge",
         "--merge-files",
+        config_path=TTD_CFG.MERGE,
+        default=dissection_config[TTD_CFG.MERGE],
         action="store_true",
         help="Dissect multiple files as one.  (compare by time)",
     )
@@ -282,6 +368,7 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-C",
         "--cache-pcap-results",
+        config_path=TTD_CFG.CACHE_PCAP_RESULTS,
         action="store_true",
         help="Cache and use PCAP results into/from a cache file file",
     )
@@ -290,33 +377,45 @@ def dissector_add_parseargs(parser, add_subgroup: bool = True):
         "--cache-file-suffix",
         "--cs",
         type=str,
-        default="taffy",
+        config_path=TTD_CFG.CACHE_FILE_SUFFIX,
+        default=dissection_config[TTD_CFG.CACHE_FILE_SUFFIX],
         help="The suffix file to use when creating cache files",
     )
 
     parser.add_argument(
         "--force-overwrite",
         action="store_true",
+        config_path="force_overwrite",
         help="Force continuing with an incompatible cache (and rewriting it)",
     )
 
     parser.add_argument(
         "--force-load",
         action="store_true",
+        config_path="force_load",
         help="Force continuing with an incompatible cache (trying to load it anyway)",
     )
 
     return parser
 
 
-def limitor_add_parseargs(parser, add_subgroup: bool = True):
+def limitor_add_parseargs(
+    parser, config: TaffyConfig = None, add_subgroup: bool = True
+):
     if add_subgroup:
-        parser = parser.add_argument_group("Limiting options")
+        parser = parser.add_argument_group(
+            "Limiting options", config_path=TTL_CFG.KEY_LIMITOR
+        )
+
+    if not config:
+        config = TaffyConfig()
 
+    limitor_config = config[TTL_CFG.KEY_LIMITOR]
     parser.add_argument(
         "-m",
         "--match-string",
-        default=None,
+        config_path=TTL_CFG.MATCH_STRING,
+        default=limitor_config[TTL_CFG.MATCH_STRING],
         type=str,
         help="Only report on data with this substring in the header",
     )
@@ -324,16 +423,27 @@ def limitor_add_parseargs(parser, add_subgroup: bool = True):
     parser.add_argument(
         "-M",
         "--match-value",
-        default=None,
+        config_path=TTL_CFG.MATCH_VALUE,
+        default=limitor_config[TTL_CFG.MATCH_VALUE],
         type=str,
         nargs="*",
         help="Only report on data with this substring in the packet value field",
     )
 
+    parser.add_argument(
+        "-E",
+        "--match-expression",
+        config_path=TTL_CFG.MATCH_EXPRESSION,
+        default=limitor_config[TTL_CFG.MATCH_EXPRESSION],
+        type=str,
+        help="Match expression to be evaluated at runtime for returning data",
+    )
+
     parser.add_argument(
         "-c",
         "--minimum-count",
-        default=None,
+        config_path=TTL_CFG.MINIMUM_COUNT,
+        default=limitor_config[TTL_CFG.MINIMUM_COUNT],
         type=float,
         help="Don't include results without this high of a record count",
     )
@@ -342,22 +452,24 @@ def limitor_add_parseargs(parser, add_subgroup: bool = True):
 
 
 def dissector_handle_arguments(args) -> None:
+    """Handle checking and loading arguments."""
     check_dissector_level(args.dissection_level)
     dissector_load_extra_modules(args.modules)
 
 
 def dissector_load_extra_modules(modules: List[str]) -> None:
-    """Loads extra modules"""
+    """Load extra modules."""
     if not modules:
         return
     for module in modules:
         try:
             importlib.import_module(f"traffic_taffy.hooks.{module}")
+            info(f"loaded module: {module}")
         except Exception as exp:
             error(f"failed to load module {module}: {exp}")
 
 
-def check_dissector_level(level: int):
+def check_dissector_level(level: int) -> bool:
     """Check that the dissector level is legal."""
     current_dissection_levels = [
         PCAPDissectorLevel.COUNT_ONLY.value,

traffic_taffy/dissector_engine/scapy.py

@@ -6,6 +6,12 @@ from pcap_parallel import PCAPParallel
 from logging import warning
 
 from scapy.all import sniff, load_layer
+from tempfile import NamedTemporaryFile
+from traffic_taffy.taffy_config import TaffyConfig, taffy_default
+
+
+taffy_default("dissect.engines.scapy.use_temp_files", False)
+taffy_default("dissect.engines.scapy.temp_file_directory", None)
 
 
 class DissectionEngineScapy(DissectionEngine):
@@ -15,6 +21,8 @@ class DissectionEngineScapy(DissectionEngine):
         """Create a scapy engine class."""
         super().__init__(*args, **kwargs)
 
+        self.taffy_config = TaffyConfig()
+
     def load_data(self) -> None:
         """Load a pcap file into a nested dictionary of statistical counts."""
         if isinstance(self.pcap_file, str):
@@ -22,18 +30,43 @@ class DissectionEngineScapy(DissectionEngine):
         else:
             load_this = self.pcap_file
 
+        use_temp_files: bool = self.taffy_config.get_dotnest(
+            "dissect.engines.scapy.use_temp_files"
+        )
+        if self.pcap_filter is not None and self.pcap_filter != "":
+            # somehow scapy hangs when a filter is applied to a memory object
+            use_temp_files = True
+
         if self.layers:
             for layer in self.layers:
                 load_layer(layer)
 
-        sniff(
-            offline=load_this,
-            prn=self.callback,
-            store=0,
-            count=self.maximum_count,
-            filter=self.pcap_filter,
-        )
-        # TODO(hardaker): for some reason this fails on xz compressed files when processing in parallel
+        if use_temp_files:
+            tmp_directory = self.taffy_config.get_dotnest(
+                "dissect.engines.scapy.temp_file_directory"
+            )
+            with NamedTemporaryFile(dir=tmp_directory) as tmpf:
+                tmpf.write(load_this.read())
+                tmpf.flush()
+
+                sniff(
+                    offline=tmpf.name,
+                    prn=self.callback,
+                    store=0,
+                    count=self.maximum_count,
+                    filter=self.pcap_filter,
+                )
+
+        else:
+            sniff(
+                offline=load_this,
+                prn=self.callback,
+                store=0,
+                count=self.maximum_count,
+                filter=self.pcap_filter,
+            )
+
+            # TODO(hardaker): for some reason this fails on xz compressed files when processing in parallel
 
     def add_item(self, field_value: str | int, prefix: str) -> None:
         """Add an item to the self.dissection regardless of it's various types"""

traffic_taffy/graph.py

@@ -5,11 +5,23 @@ from __future__ import annotations
 import seaborn as sns
 import matplotlib.pyplot as plt
 from logging import debug, info
-from typing import List
 
-from traffic_taffy.dissector import PCAPDissectorLevel
 from traffic_taffy.dissectmany import PCAPDissectMany
 from traffic_taffy.graphdata import PcapGraphData
+from traffic_taffy.taffy_config import TaffyConfig, taffy_default
+from traffic_taffy.dissector import TTD_CFG, TTL_CFG
+
+
+class TTG_CFG:
+    KEY_GRAPH: str = "graph"
+    OUTPUT_FILE: str = "output_file"
+    BY_PERCENTAGE: str = "by_percentage"
+    INTERACTIVE: str = "interactive"
+
+
+taffy_default("graph.output_file", None)
+taffy_default("graph.by_percentage", False)
+taffy_default("graph.interactive", False)
 
 
 class PcapGraph(PcapGraphData):
@@ -19,46 +31,37 @@ class PcapGraph(PcapGraphData):
         self,
         pcap_files: str,
         output_file: str,
-        maximum_count: int | None = None,
-        minimum_count: int | None = None,
-        bin_size: int | None = None,
-        match_string: str | None = None,
-        match_value: str | None = None,
-        cache_pcap_results: bool = False,
-        dissector_level: PCAPDissectorLevel = PCAPDissectorLevel.COUNT_ONLY,
-        interactive: bool = False,
-        ignore_list: List[str] | None = None,
-        by_percentage: bool = False,
-        pcap_filter: str | None = None,
-        cache_file_suffix: str = "taffy",
-        layers: List[str] | None = None,
-        force_overwrite: bool = False,
-        force_load: bool = False,
-        merge_files: bool = False,  # unused
+        config: TaffyConfig(),
     ):
         """Create an instance of a graphing object."""
+        self.config = config
+
+        dissector_config = config[TTD_CFG.KEY_DISSECTOR]
+        limitor_config = config[TTL_CFG.KEY_LIMITOR]
+        graph_config = config[TTG_CFG.KEY_GRAPH]
+        super().__init__(
+            match_string=limitor_config[TTL_CFG.MATCH_STRING],
+            match_value=limitor_config[TTL_CFG.MATCH_VALUE],
+            minimum_count=limitor_config[TTL_CFG.MINIMUM_COUNT],
+            match_expression=limitor_config[TTL_CFG.MATCH_EXPRESSION],
+        )
+
         self.pcap_files = pcap_files
         self.output_file = output_file
-        self.maximum_count = maximum_count
-        self.minimum_count = minimum_count
-        self.bin_size = bin_size
-        self.subsections = None
-        self.pcap_filter = None
-        self.match_string = match_string
-        self.match_value = match_value
-        self.cache_pcap_results = cache_pcap_results
-        self.dissector_level = dissector_level
-        self.interactive = interactive
-        self.ignore_list = ignore_list or []
-        self.by_percentage = by_percentage
-        self.pcap_filter = pcap_filter
-        self.cache_file_suffix = cache_file_suffix
-        self.layers = layers
-        self.force_overwrite = force_overwrite
-        self.force_load = force_load
-        self.merge_files = merge_files
-
-        super().__init__()
+        self.maximum_count = dissector_config[TTD_CFG.PACKET_COUNT]
+        self.bin_size = dissector_config[TTD_CFG.BIN_SIZE]
+        self.pcap_filter = dissector_config[TTD_CFG.FILTER]
+        self.cache_pcap_results = dissector_config[TTD_CFG.CACHE_PCAP_RESULTS]
+        self.dissector_level = dissector_config[TTD_CFG.DISSECTION_LEVEL]
+        self.ignore_list = dissector_config[TTD_CFG.IGNORE_LIST]
+        self.cache_file_suffix = dissector_config[TTD_CFG.CACHE_FILE_SUFFIX]
+        self.layers = dissector_config[TTD_CFG.LAYERS]
+        self.force_overwrite = dissector_config[TTD_CFG.FORCE_OVERWRITE]
+        self.force_load = dissector_config[TTD_CFG.FORCE_LOAD]
+        self.merge_files = dissector_config[TTD_CFG.MERGE]
+
+        self.interactive = graph_config[TTG_CFG.INTERACTIVE]
+        self.by_percentage = graph_config[TTG_CFG.BY_PERCENTAGE]
 
     def load_pcaps(self) -> None:
         """Load the pcap and counts things into bins."""
@@ -67,35 +70,33 @@ class PcapGraph(PcapGraphData):
         info("reading pcap files")
         pdm = PCAPDissectMany(
             self.pcap_files,
-            bin_size=self.bin_size,
-            maximum_count=self.maximum_count,
-            dissector_level=self.dissector_level,
-            pcap_filter=self.pcap_filter,
-            cache_results=self.cache_pcap_results,
-            ignore_list=self.ignore_list,
-            cache_file_suffix=self.cache_file_suffix,
-            layers=self.layers,
-            force_overwrite=self.force_overwrite,
-            force_load=self.force_load,
-            merge_files=self.merge_files,
+            self.config,
         )
         self.dissections = pdm.load_all()
         info("done reading pcap files")
 
-    def create_graph(self) -> None:
+    def create_graph(self, options: dict | None = None) -> None:
         """Create the graph itself and save it."""
-        df = self.get_dataframe(merge=True, calculate_load_fraction=self.by_percentage)
+        if not options:
+            options = {}
 
+        df = self.get_dataframe(merge=True, calculate_load_fraction=self.by_percentage)
         hue_variable = "index"
         if df[hue_variable].nunique() == 1:
             hue_variable = None
 
         if self.by_percentage:
-            df["load_fraction"]
             y_column = "load_fraction"
         else:
             y_column = "count"
 
+        # TODO(hardaker): support re-indexing and hole filling (this doesn't work)
+        # str(self.bin_size or 1) + "s"
+        # df = df.set_index("time")
+        # df.index = df.index.to_period(freq=freq)
+        # timeindex = pd.period_range(min(df.index), max(df.index), freq=freq)
+        # df = df.reindex(timeindex)  # , fill_value=0
+
         ax = sns.relplot(
             data=df,
             kind="line",
@@ -104,7 +105,7 @@ class PcapGraph(PcapGraphData):
             hue=hue_variable,
             aspect=1.77,
         )
-        ax.set(xlabel="time", ylabel=y_column)
+        ax.set(xlabel="time", ylabel=options.get("ylabel", y_column))
         plt.xticks(rotation=45)
 
         info(f"saving graph to {self.output_file}")