PyPI - traffic-taffy - Versions diffs - 0.9.5__tar.gz → 0.9.7__tar.gz - Mend

traffic-taffy 0.9.5tar.gz → 0.9.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/LICENSE.txt RENAMED Viewed

@@ -1,4 +1,4 @@
-Copyright 2023-2024 USC/ISI
+Copyright 2023-2025 USC/ISI
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/PKG-INFO RENAMED Viewed

@@ -1,10 +1,11 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: traffic-taffy
-Version: 0.9.5
+Version: 0.9.7
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>
 License-File: LICENSE.txt
+Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Requires-Python: >=3.7
@@ -13,7 +14,7 @@ Requires-Dist: cryptography
 Requires-Dist: dnssplitter
 Requires-Dist: dotnest>=1.0
 Requires-Dist: dpkt
-Requires-Dist: ip2asn
+Requires-Dist: ip2asn>=1.6.6
 Requires-Dist: msgpack
 Requires-Dist: pandas
 Requires-Dist: pcap-parallel

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/pyproject.toml RENAMED Viewed

@@ -1,5 +1,5 @@
 [build-system]
-requires = ["hatchling"]
+requires = ["hatchling>=1.26.1"]
 build-backend = "hatchling.build"
 [project]
@@ -7,7 +7,10 @@ name = "traffic-taffy"
 dynamic = ["version"]
 description = "A tool for doing differential analysis of pcap files"
 readme = "README.md"
-license = ""
+# license = "Apache License, Version 2.0"
+# license = { file = "LICENSE.txt" }
+# license-expression = "Apache 2.0"
+# license-file = "LICENSE.txt"
 requires-python = ">=3.7"
 authors = [
     { name = "Wes Hardaker", email = "opensource@hardakers.net" },
@@ -15,6 +18,7 @@ authors = [
 classifiers = [
     "Operating System :: OS Independent",
     "Programming Language :: Python :: 3",
+    "License :: OSI Approved :: Apache Software License",
 ]
 dependencies = [
     "dpkt",
@@ -30,7 +34,7 @@ dependencies = [
     "cryptography",
     "pyOpenSSL==22.1.0",
     "dnssplitter",
-    "ip2asn",
+    "ip2asn>=1.6.6",
     "dotnest>=1.0",
     "argparse-with-config>=0.1.4",
 ]

traffic_taffy-0.9.7/traffic_taffy/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __VERSION__ = "0.9.7"

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/traffic_taffy/dissection.py RENAMED Viewed

@@ -134,8 +134,6 @@ class Dissection:
         # note: there should be no recorded tcpdump files from 1970 Jan 01 :-)
         self.data[0][key][value] += count
         if self.timestamp:
-            if self.timestamp not in self.data:
-                self.data[self.timestamp] = defaultdict(Counter)
             self.data[self.timestamp][key][value] += count
     def calculate_metadata(self: Dissection) -> None:
@@ -159,16 +157,6 @@ class Dissection:
         for timestamp in other_dissection.data:
             for key in other_dissection.data[timestamp]:
                 for subkey in other_dissection.data[timestamp][key]:
-                    # TODO(hardaker): this is horribly inefficient
-                    if timestamp not in self.data:
-                        self.data[timestamp] = defaultdict(Counter)
-                    elif key not in self.data[timestamp]:
-                        self.data[timestamp][key] = Counter()
-                    elif (
-                        isinstance(self.data[timestamp][key], dict)
-                        and subkey not in self.data[timestamp][key]
-                    ):
-                        self.data[timestamp][key][subkey] = 0
                     self.data[timestamp][key][subkey] += other_dissection.data[
                         timestamp
                     ][key][subkey]

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/traffic_taffy/dissector.py RENAMED Viewed

@@ -259,16 +259,14 @@ class PCAPDissector:
         match_expression: str | None = None,
     ) -> None:
         """Output the results in an FSDB file."""
-        if timestamps is None:
-            timestamps = [0]
         import pyfsdb
         fh = pyfsdb.Fsdb(
             out_file_handle=sys.stdout,
-            out_column_names=["key", "subkey", "value"],
+            out_column_names=["timestamp", "key", "subkey", "value"],
             converters={"value": int},
         )
-        for _, key, subkey, value in self.dissection.find_data(
+        for timestamp, key, subkey, value in self.dissection.find_data(
             timestamps=timestamps,
             match_string=match_string,
             match_value=match_value,
@@ -276,7 +274,7 @@ class PCAPDissector:
             make_printable=True,
             match_expression=match_expression,
         ):
-            fh.append([key, subkey, value])
+            fh.append([timestamp, key, subkey, value])
         fh.close()

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/traffic_taffy/dissector_engine/scapy.py RENAMED Viewed

@@ -113,6 +113,8 @@ class DissectionEngineScapy(DissectionEngine):
             try:
                 field_value = getattr(layer, field_name)
+                if not field_value:  ## can return empty field values like []
+                    continue
                 if hasattr(field_value, "fields"):
                     self.add_layer(field_value, new_prefix + "_")
                 else:

traffic_taffy-0.9.7/traffic_taffy/hooks/blag.py ADDED Viewed

@@ -0,0 +1,51 @@
+"""Traffic-Taffy plugin to look up addresses in the BLAG blocklist."""
+from blagbl import BlagBL
+import ipaddress
+from traffic_taffy.hooks import register_hook
+from traffic_taffy.dissector import POST_DISSECT_HOOK, INIT_HOOK
+from traffic_taffy.dissection import Dissection
+blag = None
+blag_ips = None
+@register_hook(INIT_HOOK)
+def init_blag(**kwargs):
+    """Initialize the BLAG block list table."""
+    global blag
+    global blag_ips
+    if blag is None:
+        blag = BlagBL()
+        blag.parse_blag_contents()
+        blag_ips = blag.ips
+@register_hook(POST_DISSECT_HOOK)
+def ip_blagbl_lookup(dissection: Dissection, **kwargs):
+    """Perform IP address lookups within the BLAG block list."""
+    timestamps = dissection.data.keys()
+    for timestamp in timestamps:
+        keys = list(dissection.data[timestamp].keys())
+        for key in keys:
+            key = str(key)
+            if (
+                key.endswith("IP_src") or key.endswith("IP_dst")
+                # or key.endswith("IPv6_src")
+                # or key.endswith("IPv6_dst")
+            ):
+                for value in dissection.data[timestamp][key]:
+                    try:
+                        value = str(ipaddress.IPv4Address(value))
+                    except Exception:
+                        continue
+                    count = dissection.data[timestamp][key][value]
+                    if value in blag_ips:
+                        for blocklist in blag_ips[value]:
+                            dissection.data[timestamp][key + "_blocklist"][
+                                blocklist
+                            ] += count

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/traffic_taffy/hooks/ip2asn.py RENAMED Viewed

@@ -9,7 +9,7 @@ from traffic_taffy.taffy_config import taffy_default, TaffyConfig
 i2a = None
-taffy_default("modules.ip2asn.database", "ip2asn-combined.tsv")
+taffy_default("modules.ip2asn.database", ip2asn.DEFAULT_IP2ASN_FILE)
 @register_hook(INIT_HOOK)
@@ -20,7 +20,7 @@ def init_ip2asn(**kwargs):
         config = TaffyConfig()
         db_path = config.get_dotnest("modules.ip2asn.database")
-        if not Path(db_path).exists():
+        if db_path and not Path(db_path).exists():
             error("The ip2asn plugin requires a ip2asn-combined.tsv in this directory")
             error("Please download it from https://iptoasn.com/")

{traffic_taffy-0.9.5 → traffic_taffy-0.9.7}/traffic_taffy/tools/dissect.py RENAMED Viewed

@@ -43,6 +43,12 @@ def dissect_parse_args() -> Namespace:
         help="Print results in an FSDB formatted output",
     )
+    parser.add_argument(
+        "-t", "--fsdb-all-timestamps",
+        action="store_true",
+        help="Print FSDB that includes all timestamps",
+    )
     parser.add_argument(
         "--dont-fork",
         action="store_true",
@@ -89,9 +95,12 @@ def main() -> None:
     pd.dissection = dissection
     # output as requested
-    if args.fsdb:
+    if args.fsdb or args.fsdb_all_timestamps:
+        timestamps = [0]
+        if args.fsdb_all_timestamps:
+            timestamps = None
         pd.print_to_fsdb(
-            timestamps=[0],
+            timestamps,
             match_string=args.match_string,
             match_value=args.match_value,
             minimum_count=args.minimum_count,