PyPI - traffic-taffy - Versions diffs - 0.9.6__tar.gz → 0.9.7__tar.gz - Mend

traffic-taffy 0.9.6tar.gz → 0.9.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

{traffic_taffy-0.9.6 → traffic_taffy-0.9.7}/LICENSE.txt RENAMED Viewed

@@ -1,4 +1,4 @@
-Copyright 2023-2024 USC/ISI
+Copyright 2023-2025 USC/ISI
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

{traffic_taffy-0.9.6 → traffic_taffy-0.9.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: traffic-taffy
-Version: 0.9.6
+Version: 0.9.7
 Summary: A tool for doing differential analysis of pcap files
 Project-URL: Homepage, https://traffic-taffy.github.io/
 Author-email: Wes Hardaker <opensource@hardakers.net>
@@ -14,7 +14,7 @@ Requires-Dist: cryptography
 Requires-Dist: dnssplitter
 Requires-Dist: dotnest>=1.0
 Requires-Dist: dpkt
-Requires-Dist: ip2asn
+Requires-Dist: ip2asn>=1.6.6
 Requires-Dist: msgpack
 Requires-Dist: pandas
 Requires-Dist: pcap-parallel

{traffic_taffy-0.9.6 → traffic_taffy-0.9.7}/pyproject.toml RENAMED Viewed

@@ -34,15 +34,11 @@ dependencies = [
     "cryptography",
     "pyOpenSSL==22.1.0",
     "dnssplitter",
-    "ip2asn",
+    "ip2asn>=1.6.6",
     "dotnest>=1.0",
     "argparse-with-config>=0.1.4",
 ]
-# [project.metadata]
-# license-expression = "Apache 2.0"
-# license-file = "LICENSE.txt"
 [project.package_data]
 "traffic_taffy.iana" = ['tables.msgpak']

traffic_taffy-0.9.7/traffic_taffy/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __VERSION__ = "0.9.7"

{traffic_taffy-0.9.6 → traffic_taffy-0.9.7}/traffic_taffy/dissector.py RENAMED Viewed

@@ -259,16 +259,14 @@ class PCAPDissector:
         match_expression: str | None = None,
     ) -> None:
         """Output the results in an FSDB file."""
-        if timestamps is None:
-            timestamps = [0]
         import pyfsdb
         fh = pyfsdb.Fsdb(
             out_file_handle=sys.stdout,
-            out_column_names=["key", "subkey", "value"],
+            out_column_names=["timestamp", "key", "subkey", "value"],
             converters={"value": int},
         )
-        for _, key, subkey, value in self.dissection.find_data(
+        for timestamp, key, subkey, value in self.dissection.find_data(
             timestamps=timestamps,
             match_string=match_string,
             match_value=match_value,
@@ -276,7 +274,7 @@ class PCAPDissector:
             make_printable=True,
             match_expression=match_expression,
         ):
-            fh.append([key, subkey, value])
+            fh.append([timestamp, key, subkey, value])
         fh.close()

traffic_taffy-0.9.7/traffic_taffy/hooks/blag.py ADDED Viewed

@@ -0,0 +1,51 @@
+"""Traffic-Taffy plugin to look up addresses in the BLAG blocklist."""
+from blagbl import BlagBL
+import ipaddress
+from traffic_taffy.hooks import register_hook
+from traffic_taffy.dissector import POST_DISSECT_HOOK, INIT_HOOK
+from traffic_taffy.dissection import Dissection
+blag = None
+blag_ips = None
+@register_hook(INIT_HOOK)
+def init_blag(**kwargs):
+    """Initialize the BLAG block list table."""
+    global blag
+    global blag_ips
+    if blag is None:
+        blag = BlagBL()
+        blag.parse_blag_contents()
+        blag_ips = blag.ips
+@register_hook(POST_DISSECT_HOOK)
+def ip_blagbl_lookup(dissection: Dissection, **kwargs):
+    """Perform IP address lookups within the BLAG block list."""
+    timestamps = dissection.data.keys()
+    for timestamp in timestamps:
+        keys = list(dissection.data[timestamp].keys())
+        for key in keys:
+            key = str(key)
+            if (
+                key.endswith("IP_src") or key.endswith("IP_dst")
+                # or key.endswith("IPv6_src")
+                # or key.endswith("IPv6_dst")
+            ):
+                for value in dissection.data[timestamp][key]:
+                    try:
+                        value = str(ipaddress.IPv4Address(value))
+                    except Exception:
+                        continue
+                    count = dissection.data[timestamp][key][value]
+                    if value in blag_ips:
+                        for blocklist in blag_ips[value]:
+                            dissection.data[timestamp][key + "_blocklist"][
+                                blocklist
+                            ] += count

{traffic_taffy-0.9.6 → traffic_taffy-0.9.7}/traffic_taffy/hooks/ip2asn.py RENAMED Viewed

@@ -9,7 +9,7 @@ from traffic_taffy.taffy_config import taffy_default, TaffyConfig
 i2a = None
-taffy_default("modules.ip2asn.database", "ip2asn-combined.tsv")
+taffy_default("modules.ip2asn.database", ip2asn.DEFAULT_IP2ASN_FILE)
 @register_hook(INIT_HOOK)
@@ -20,7 +20,7 @@ def init_ip2asn(**kwargs):
         config = TaffyConfig()
         db_path = config.get_dotnest("modules.ip2asn.database")
-        if not Path(db_path).exists():
+        if db_path and not Path(db_path).exists():
             error("The ip2asn plugin requires a ip2asn-combined.tsv in this directory")
             error("Please download it from https://iptoasn.com/")

traffic_taffy-0.9.7/traffic_taffy/report.py ADDED Viewed

@@ -0,0 +1,12 @@
+from dataclasses import dataclass
+@dataclass
+class Report:
+    delta_percentage: float
+    delta_absolute: int
+    total: int
+    left_count: int
+    right_count: int
+    left_percentage: float
+    right_percentage: float

traffic_taffy-0.9.7/traffic_taffy/tests/test_dpkt_engine.py ADDED Viewed

@@ -0,0 +1,15 @@
+import os
+from traffic_taffy.dissection import PCAPDissectorLevel
+from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
+def test_dpkt_engine():
+    test_pcap = "dns.pcap"
+    test_pcap = "port53-2023-30-31_20.pcap"
+    test_pcap = "airplane-wireless.pcap"
+    if not os.path.exists(test_pcap):
+        return
+    engine = DissectionEngineDpkt(test_pcap,
+                                  dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
+    dissection = engine.load()

{traffic_taffy-0.9.6 → traffic_taffy-0.9.7}/traffic_taffy/tools/dissect.py RENAMED Viewed

@@ -43,6 +43,12 @@ def dissect_parse_args() -> Namespace:
         help="Print results in an FSDB formatted output",
     )
+    parser.add_argument(
+        "-t", "--fsdb-all-timestamps",
+        action="store_true",
+        help="Print FSDB that includes all timestamps",
+    )
     parser.add_argument(
         "--dont-fork",
         action="store_true",
@@ -89,9 +95,12 @@ def main() -> None:
     pd.dissection = dissection
     # output as requested
-    if args.fsdb:
+    if args.fsdb or args.fsdb_all_timestamps:
+        timestamps = [0]
+        if args.fsdb_all_timestamps:
+            timestamps = None
         pd.print_to_fsdb(
-            timestamps=[0],
+            timestamps,
             match_string=args.match_string,
             match_value=args.match_value,
             minimum_count=args.minimum_count,