traffic-taffy 0.9.5__py3-none-any.whl → 0.9.7__py3-none-any.whl

traffic_taffy/__init__.py

@@ -1 +1 @@
-__VERSION__ = "0.9.5"
+__VERSION__ = "0.9.7"

traffic_taffy/dissection.py

@@ -134,8 +134,6 @@ class Dissection:
         # note: there should be no recorded tcpdump files from 1970 Jan 01 :-)
         self.data[0][key][value] += count
         if self.timestamp:
-            if self.timestamp not in self.data:
-                self.data[self.timestamp] = defaultdict(Counter)
             self.data[self.timestamp][key][value] += count
 
     def calculate_metadata(self: Dissection) -> None:
@@ -159,16 +157,6 @@ class Dissection:
         for timestamp in other_dissection.data:
             for key in other_dissection.data[timestamp]:
                 for subkey in other_dissection.data[timestamp][key]:
-                    # TODO(hardaker): this is horribly inefficient
-                    if timestamp not in self.data:
-                        self.data[timestamp] = defaultdict(Counter)
-                    elif key not in self.data[timestamp]:
-                        self.data[timestamp][key] = Counter()
-                    elif (
-                        isinstance(self.data[timestamp][key], dict)
-                        and subkey not in self.data[timestamp][key]
-                    ):
-                        self.data[timestamp][key][subkey] = 0
                     self.data[timestamp][key][subkey] += other_dissection.data[
                         timestamp
                     ][key][subkey]

traffic_taffy/dissector.py

@@ -259,16 +259,14 @@ class PCAPDissector:
         match_expression: str | None = None,
     ) -> None:
         """Output the results in an FSDB file."""
-        if timestamps is None:
-            timestamps = [0]
         import pyfsdb
 
         fh = pyfsdb.Fsdb(
             out_file_handle=sys.stdout,
-            out_column_names=["key", "subkey", "value"],
+            out_column_names=["timestamp", "key", "subkey", "value"],
             converters={"value": int},
         )
-        for _, key, subkey, value in self.dissection.find_data(
+        for timestamp, key, subkey, value in self.dissection.find_data(
             timestamps=timestamps,
             match_string=match_string,
             match_value=match_value,
@@ -276,7 +274,7 @@ class PCAPDissector:
             make_printable=True,
             match_expression=match_expression,
         ):
-            fh.append([key, subkey, value])
+            fh.append([timestamp, key, subkey, value])
         fh.close()
 
 

traffic_taffy/dissector_engine/scapy.py

@@ -113,6 +113,8 @@ class DissectionEngineScapy(DissectionEngine):
 
             try:
                 field_value = getattr(layer, field_name)
+                if not field_value:  ## can return empty field values like []
+                    continue
                 if hasattr(field_value, "fields"):
                     self.add_layer(field_value, new_prefix + "_")
                 else:

traffic_taffy/hooks/blag.py

@@ -0,0 +1,51 @@
+"""Traffic-Taffy plugin to look up addresses in the BLAG blocklist."""
+from blagbl import BlagBL
+import ipaddress
+
+from traffic_taffy.hooks import register_hook
+from traffic_taffy.dissector import POST_DISSECT_HOOK, INIT_HOOK
+from traffic_taffy.dissection import Dissection
+
+blag = None
+blag_ips = None
+
+
+@register_hook(INIT_HOOK)
+def init_blag(**kwargs):
+    """Initialize the BLAG block list table."""
+    global blag
+    global blag_ips
+
+    if blag is None:
+        blag = BlagBL()
+        blag.parse_blag_contents()
+        blag_ips = blag.ips
+
+
+@register_hook(POST_DISSECT_HOOK)
+def ip_blagbl_lookup(dissection: Dissection, **kwargs):
+    """Perform IP address lookups within the BLAG block list."""
+    timestamps = dissection.data.keys()
+
+    for timestamp in timestamps:
+        keys = list(dissection.data[timestamp].keys())
+
+        for key in keys:
+            key = str(key)
+            if (
+                key.endswith("IP_src") or key.endswith("IP_dst")
+                # or key.endswith("IPv6_src")
+                # or key.endswith("IPv6_dst")
+            ):
+                for value in dissection.data[timestamp][key]:
+                    try:
+                        value = str(ipaddress.IPv4Address(value))
+                    except Exception:
+                        continue
+                    count = dissection.data[timestamp][key][value]
+
+                    if value in blag_ips:
+                        for blocklist in blag_ips[value]:
+                            dissection.data[timestamp][key + "_blocklist"][
+                                blocklist
+                            ] += count

traffic_taffy/hooks/ip2asn.py

@@ -9,7 +9,7 @@ from traffic_taffy.taffy_config import taffy_default, TaffyConfig
 
 i2a = None
 
-taffy_default("modules.ip2asn.database", "ip2asn-combined.tsv")
+taffy_default("modules.ip2asn.database", ip2asn.DEFAULT_IP2ASN_FILE)
 
 
 @register_hook(INIT_HOOK)
@@ -20,7 +20,7 @@ def init_ip2asn(**kwargs):
         config = TaffyConfig()
         db_path = config.get_dotnest("modules.ip2asn.database")
 
-        if not Path(db_path).exists():
+        if db_path and not Path(db_path).exists():
             error("The ip2asn plugin requires a ip2asn-combined.tsv in this directory")
             error("Please download it from https://iptoasn.com/")
 

traffic_taffy/tools/dissect.py

@@ -43,6 +43,12 @@ def dissect_parse_args() -> Namespace:
         help="Print results in an FSDB formatted output",
     )
 
+    parser.add_argument(
+        "-t", "--fsdb-all-timestamps", 
+        action="store_true",
+        help="Print FSDB that includes all timestamps",
+    )
+
     parser.add_argument(
         "--dont-fork",
         action="store_true",
@@ -89,9 +95,12 @@ def main() -> None:
     pd.dissection = dissection
 
     # output as requested
-    if args.fsdb:
+    if args.fsdb or args.fsdb_all_timestamps:
+        timestamps = [0]
+        if args.fsdb_all_timestamps:
+            timestamps = None
         pd.print_to_fsdb(
-            timestamps=[0],
+            timestamps,
             match_string=args.match_string,
             match_value=args.match_value,
             minimum_count=args.minimum_count,

{traffic_taffy-0.9.5.dist-info → traffic_taffy-0.9.7.dist-info}/METADATA

@@ -1,10 +1,11 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: traffic-taffy
-Version: 0.9.5
+Version: 0.9.7
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>
 License-File: LICENSE.txt
+Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Requires-Python: >=3.7
@@ -13,7 +14,7 @@ Requires-Dist: cryptography
 Requires-Dist: dnssplitter
 Requires-Dist: dotnest>=1.0
 Requires-Dist: dpkt
-Requires-Dist: ip2asn
+Requires-Dist: ip2asn>=1.6.6
 Requires-Dist: msgpack
 Requires-Dist: pandas
 Requires-Dist: pcap-parallel

{traffic_taffy-0.9.5.dist-info → traffic_taffy-0.9.7.dist-info}/RECORD

@@ -1,10 +1,10 @@
-traffic_taffy/__init__.py,sha256=xEWNhlRR6R-6owCOTbPr3aDZBNjhXPEL8bZfHLBc-RI,22
+traffic_taffy/__init__.py,sha256=KrTiNpk5yqhV4Br8BI-UzCx2ZR98WVKivhHFc_1856k,22
 traffic_taffy/compare.py,sha256=g9rU6oa_2Wy0nUJ7K6TI8JTctyGCRvYEUakDBf7blOY,8644
 traffic_taffy/comparison.py,sha256=KJxOp4UqhfRkF4LI1PMDRIefeyTm2w5sbdr7VUTS4KM,1451
 traffic_taffy/config.py,sha256=DgTu2kA1Ec4Hbwl_44kTsdyJYvxAabgJk9a7aOH2XXU,4444
-traffic_taffy/dissection.py,sha256=dW6UxJ_RY5oMipyh3J2CvsjP-E9Llly7IgjbPFSSTzU,24571
+traffic_taffy/dissection.py,sha256=DNxcXoNyk2lpJiaSzvAq1YHwHhYPY6xtlVkHTs-eb9Q,23904
 traffic_taffy/dissectmany.py,sha256=SWFXFyERNCi0j7hiMDEeJJdPYDpa0SOlSj1V8AqpXUA,5189
-traffic_taffy/dissector.py,sha256=M5MHVPwfeMHa6s4TG8ZiiNjk7qaht65wdqm0nmRHdQ8,15682
+traffic_taffy/dissector.py,sha256=9QwGMGugHzVE8GWRpsfPXfSj02Sm2i_ZNU0Ah9AZ7BI,15654
 traffic_taffy/graph.py,sha256=EfkxH5D9PNlDpvftkh9GyUusV05EV537QGB7JOMeW4w,4730
 traffic_taffy/graphdata.py,sha256=r_QNXO3FzC7Vx4123SdCliAh7j2NCQ4Lb5uoOJnlt2M,3376
 traffic_taffy/report.py,sha256=Yzb27hUWcWL-RxWpSQmRyM8NyWxQGT0l0jUCGHoYDSY,224
@@ -18,9 +18,10 @@ traffic_taffy/algorithms/statistical.py,sha256=0Hr62ZUZlFCNPUh6yVBRFjNho42cTGeX_
 traffic_taffy/dissector_engine/__init__.py,sha256=Hu-UQtz7yhivmQLUP5b8tFQLEhy2bfvrRV3Q4aZp6vg,2202
 traffic_taffy/dissector_engine/dnstap.py,sha256=rBzVlB0D3YVhHOsr17cbnCIZU13g20srgR4sE7ZfNUE,4810
 traffic_taffy/dissector_engine/dpkt.py,sha256=q7cJz6WWpe9xUcEbAY_yn_cma_4loXuS3QKIVln6FHQ,12788
-traffic_taffy/dissector_engine/scapy.py,sha256=WrZUfV_viR2Tro0kM3QKUkufIcM3RyYaZ3ncA1yZsaU,4897
+traffic_taffy/dissector_engine/scapy.py,sha256=S3yrUmSeDjt3oE1I07L3iLFLF8Df8XAZg535FY_eu90,5004
 traffic_taffy/hooks/__init__.py,sha256=Bvhl6RnyBqQkWuCU6TS0O_ZHe4qCQsC4HE8FELigWPw,661
-traffic_taffy/hooks/ip2asn.py,sha256=7UA52L6jej0RYBptzP9izO0yXMcqH7wcp2ocDRUN5dg,2216
+traffic_taffy/hooks/blag.py,sha256=KWFhDYbH8sRcUsujCSdlycE0pYkX5ymyRRbHxi20z3U,1626
+traffic_taffy/hooks/ip2asn.py,sha256=G7zo2lFRLK-fbbzGMMcsaxIIh9ME6BoM0E6cJDaeE18,2233
 traffic_taffy/hooks/labels.py,sha256=5jHXq3-kxDQj9PRYgak-gDzE8dvSUiCEq9mBs9nE014,1933
 traffic_taffy/hooks/psl.py,sha256=A3maHS9FOholOEv1LuX0xSO3u34GyqeYl9_EtJG1pMY,2119
 traffic_taffy/iana/tables.msgpak,sha256=d-R5Xw9yG9t4RqGJRrpE6cjH4YfaxQBwQiBhNjKZbwI,172825
@@ -47,12 +48,12 @@ traffic_taffy/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSu
 traffic_taffy/tools/cache_info.py,sha256=ZanO6jDlTdfJ7w0N_7BkLyJj4NyZGShaH7SrUulbIoE,2085
 traffic_taffy/tools/compare.py,sha256=oT5fIqfPeY6nGI9vSVAoKDsAVzzqfXJDzyOw2BhPfSI,3509
 traffic_taffy/tools/config.py,sha256=RwJYyfI1yiAKbMzU5mcPTguBiH-hGRy5vk_YvAAjPuM,2343
-traffic_taffy/tools/dissect.py,sha256=B-7e7aqEOWtJ-0P2Y-mzmrzoDqVrDCJ2JzGR45QtuuQ,3073
+traffic_taffy/tools/dissect.py,sha256=kGG0K2d9-OwrAhEU97id2m29PvhYaXZYIw1nLi1aVsE,3346
 traffic_taffy/tools/explore.py,sha256=gUcOfAgangJJI1si1gLPUoWRUKmWUAXSP0oTD2JJygw,24149
 traffic_taffy/tools/export.py,sha256=9zBBGhZK95b4ZiLJ8XK30GPsaBjgR84Sk1HoPIxRpTI,2844
 traffic_taffy/tools/graph.py,sha256=KiKDY9R8JLT5-JouANoi_1WGcdFMhXsLnYlhPsFRWpM,2316
-traffic_taffy-0.9.5.dist-info/METADATA,sha256=OqsDUw_g2NHB5jXHmcrq5dCSjPrQAXujOnVi5GZhb7U,2241
-traffic_taffy-0.9.5.dist-info/WHEEL,sha256=TJPnKdtrSue7xZ_AVGkp9YXcvDrobsjBds1du3Nx6dc,87
-traffic_taffy-0.9.5.dist-info/entry_points.txt,sha256=F0lqjvw94nQ3hY4eerN7faT9aKhhGUHbqBhuEr9q1r8,361
-traffic_taffy-0.9.5.dist-info/licenses/LICENSE.txt,sha256=hiV1DJgDQeSM1r7P-ez5oxily11S5nsCedU0jKzKKzo,11338
-traffic_taffy-0.9.5.dist-info/RECORD,,
+traffic_taffy-0.9.7.dist-info/METADATA,sha256=JBugfulFVW9XOxNcx9vjDPyVIkWN4F8AAvT5qTewBBk,2311
+traffic_taffy-0.9.7.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+traffic_taffy-0.9.7.dist-info/entry_points.txt,sha256=F0lqjvw94nQ3hY4eerN7faT9aKhhGUHbqBhuEr9q1r8,361
+traffic_taffy-0.9.7.dist-info/licenses/LICENSE.txt,sha256=eFp2vwcZFJW55SUQRoEfXio3K9XdwvsaI_WHntR7I2M,11338
+traffic_taffy-0.9.7.dist-info/RECORD,,

{traffic_taffy-0.9.5.dist-info → traffic_taffy-0.9.7.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: hatchling 1.21.1
+Generator: hatchling 1.27.0
 Root-Is-Purelib: true
 Tag: py3-none-any

{traffic_taffy-0.9.5.dist-info → traffic_taffy-0.9.7.dist-info}/licenses/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright 2023-2024 USC/ISI
+Copyright 2023-2025 USC/ISI
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.