traffic-taffy 0.9.7__tar.gz → 0.9.9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/PKG-INFO +1 -1
- traffic_taffy-0.9.9/traffic_taffy/__init__.py +1 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/hooks/blag.py +14 -1
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/hooks/ip2asn.py +3 -3
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/output/console.py +6 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/reports/compareslicesreport.py +2 -2
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/reports/correlationchangereport.py +2 -2
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/reports/correlationreport.py +2 -2
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/config.py +5 -0
- traffic_taffy-0.9.7/traffic_taffy/__init__.py +0 -1
- traffic_taffy-0.9.7/traffic_taffy/report.py +0 -12
- traffic_taffy-0.9.7/traffic_taffy/tests/test_dpkt_engine.py +0 -15
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/.gitignore +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/LICENSE.txt +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/README.md +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/pyproject.toml +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/__init__.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/comparecorrelation.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/comparecorrelationchanges.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/compareseries.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/compareslices.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/statistical.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/compare.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/comparison.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/config.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissection.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissectmany.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissector.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissector_engine/__init__.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissector_engine/dnstap.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissector_engine/dpkt.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/dissector_engine/scapy.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/graph.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/graphdata.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/hooks/__init__.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/hooks/labels.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/hooks/psl.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/iana/tables.msgpak +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/output/__init__.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/output/fsdb.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/output/memory.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/reports/__init__.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/taffy_config.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_compare_results.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_config.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_dict_merge.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_global_config.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_hooks.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_normalize.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_pcap_dissector.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_pcap_splitter.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_splitter.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tests/test_value_printing.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/__init__.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/cache_info.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/compare.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/dissect.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/explore.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/export.py +0 -0
- {traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/tools/graph.py +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
__VERSION__ = "0.9.9"
|
|
@@ -1,14 +1,20 @@
|
|
|
1
1
|
"""Traffic-Taffy plugin to look up addresses in the BLAG blocklist."""
|
|
2
|
+
from pathlib import Path
|
|
2
3
|
from blagbl import BlagBL
|
|
4
|
+
import blagbl
|
|
3
5
|
import ipaddress
|
|
6
|
+
from logging import error
|
|
4
7
|
|
|
5
8
|
from traffic_taffy.hooks import register_hook
|
|
6
9
|
from traffic_taffy.dissector import POST_DISSECT_HOOK, INIT_HOOK
|
|
7
10
|
from traffic_taffy.dissection import Dissection
|
|
11
|
+
from traffic_taffy.taffy_config import taffy_default, TaffyConfig
|
|
8
12
|
|
|
9
13
|
blag = None
|
|
10
14
|
blag_ips = None
|
|
11
15
|
|
|
16
|
+
taffy_default("modules.blag.database", str(blagbl.DEFAULT_STORE.joinpath("blag.zip")))
|
|
17
|
+
|
|
12
18
|
|
|
13
19
|
@register_hook(INIT_HOOK)
|
|
14
20
|
def init_blag(**kwargs):
|
|
@@ -17,7 +23,14 @@ def init_blag(**kwargs):
|
|
|
17
23
|
global blag_ips
|
|
18
24
|
|
|
19
25
|
if blag is None:
|
|
20
|
-
|
|
26
|
+
config = TaffyConfig()
|
|
27
|
+
blag_db_path = config.get_dotnest("modules.blag.database")
|
|
28
|
+
|
|
29
|
+
if blag_db_path and not Path(blag_db_path).exists():
|
|
30
|
+
error(f"The ip2asn plugin requires a blag.zip file in {blag_db_path}")
|
|
31
|
+
error("Please run blagbl --fetch to download it")
|
|
32
|
+
|
|
33
|
+
blag = BlagBL(database=blag_db_path)
|
|
21
34
|
blag.parse_blag_contents()
|
|
22
35
|
blag_ips = blag.ips
|
|
23
36
|
|
|
@@ -9,7 +9,7 @@ from traffic_taffy.taffy_config import taffy_default, TaffyConfig
|
|
|
9
9
|
|
|
10
10
|
i2a = None
|
|
11
11
|
|
|
12
|
-
taffy_default("modules.ip2asn.database", ip2asn.DEFAULT_IP2ASN_FILE)
|
|
12
|
+
taffy_default("modules.ip2asn.database", str(ip2asn.DEFAULT_IP2ASN_FILE))
|
|
13
13
|
|
|
14
14
|
|
|
15
15
|
@register_hook(INIT_HOOK)
|
|
@@ -21,8 +21,8 @@ def init_ip2asn(**kwargs):
|
|
|
21
21
|
db_path = config.get_dotnest("modules.ip2asn.database")
|
|
22
22
|
|
|
23
23
|
if db_path and not Path(db_path).exists():
|
|
24
|
-
error("The ip2asn plugin requires a ip2asn-combined.tsv in
|
|
25
|
-
error("Please download it
|
|
24
|
+
error(f"The ip2asn plugin requires a ip2asn-combined.tsv file in {db_path}")
|
|
25
|
+
error("Please run ip2asn --fetch to download it")
|
|
26
26
|
|
|
27
27
|
info(f"loading {db_path}")
|
|
28
28
|
i2a = ip2asn.IP2ASN(db_path)
|
|
@@ -65,6 +65,7 @@ class Console(Output):
|
|
|
65
65
|
def output_record(self, key: str, subkey: Any, data: Dict[str, Any]) -> None:
|
|
66
66
|
"""Print a report to the console."""
|
|
67
67
|
|
|
68
|
+
marker = " "
|
|
68
69
|
style = ""
|
|
69
70
|
endstyle = ""
|
|
70
71
|
if getattr(data, "delta_percentage", None):
|
|
@@ -73,12 +74,16 @@ class Console(Output):
|
|
|
73
74
|
# apply some styling depending on range
|
|
74
75
|
if delta_percentage < -Console.BOLD_LIMIT:
|
|
75
76
|
style = "[bold red]"
|
|
77
|
+
marker = "v"
|
|
76
78
|
elif delta_percentage < Console.POSITIVE:
|
|
77
79
|
style = "[red]"
|
|
80
|
+
marker = "v"
|
|
78
81
|
elif delta_percentage > Console.BOLD_LIMIT:
|
|
79
82
|
style = "[bold green]"
|
|
83
|
+
marker = "^"
|
|
80
84
|
elif delta_percentage > Console.POSITIVE:
|
|
81
85
|
style = "[green]"
|
|
86
|
+
marker = "^"
|
|
82
87
|
endstyle = style.replace("[", "[/")
|
|
83
88
|
|
|
84
89
|
# construct the output line with styling
|
|
@@ -92,6 +97,7 @@ class Console(Output):
|
|
|
92
97
|
style=style,
|
|
93
98
|
endstyle=endstyle,
|
|
94
99
|
subkey=subkey,
|
|
100
|
+
marker=marker,
|
|
95
101
|
**field_values,
|
|
96
102
|
)
|
|
97
103
|
|
|
@@ -34,7 +34,7 @@ class CompareSlicesReport(Report):
|
|
|
34
34
|
@property
|
|
35
35
|
def header_string(self) -> str:
|
|
36
36
|
"""Header string."""
|
|
37
|
-
line = " {style}{subkey:<50}{endstyle}"
|
|
37
|
+
line = " {style} {subkey:<50}{endstyle}"
|
|
38
38
|
line += " {left_count:>8} {right_count:>8} {delta_absolute:>8}"
|
|
39
39
|
line += " {left_percentage:>7} {right_percentage:>7} {delta_percentage:>7}"
|
|
40
40
|
|
|
@@ -43,7 +43,7 @@ class CompareSlicesReport(Report):
|
|
|
43
43
|
@property
|
|
44
44
|
def format_string(self) -> str:
|
|
45
45
|
"""Formatting string for each printed line."""
|
|
46
|
-
line = " {style}{subkey:<50}{endstyle}"
|
|
46
|
+
line = " {style}{marker} {subkey:<50}{endstyle}"
|
|
47
47
|
line += " {left_count:>8} {right_count:>8} {delta_absolute:>8}"
|
|
48
48
|
line += " {left_percentage:>7.2f} {right_percentage:>7.2f} {delta_percentage:>7.2f}"
|
|
49
49
|
|
{traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/reports/correlationchangereport.py
RENAMED
|
@@ -28,7 +28,7 @@ class CorrelationChangeReport(Report):
|
|
|
28
28
|
@property
|
|
29
29
|
def header_string(self) -> str:
|
|
30
30
|
"""Formatting string for each printed line."""
|
|
31
|
-
line = " {style}{subkey:<50}{endstyle}"
|
|
31
|
+
line = " {style} {subkey:<50}{endstyle}"
|
|
32
32
|
line += " {timestamp:>10}"
|
|
33
33
|
line += " {left_correlation:>17}"
|
|
34
34
|
line += " {right_correlation:>17}"
|
|
@@ -39,7 +39,7 @@ class CorrelationChangeReport(Report):
|
|
|
39
39
|
@property
|
|
40
40
|
def format_string(self) -> str:
|
|
41
41
|
"""Formatting string for each printed line."""
|
|
42
|
-
line = " {style}{subkey:<50}{endstyle}"
|
|
42
|
+
line = " {style}{marker} {subkey:<50}{endstyle}"
|
|
43
43
|
line += " {timestamp:>10}"
|
|
44
44
|
line += " {left_correlation:>17.2f}"
|
|
45
45
|
line += " {right_correlation:>17.2f}"
|
|
@@ -22,7 +22,7 @@ class CorrelationReport(Report):
|
|
|
22
22
|
@property
|
|
23
23
|
def header_string(self) -> str:
|
|
24
24
|
"""Formatting string for each printed line."""
|
|
25
|
-
line = " {style}{subkey:<50}{endstyle}"
|
|
25
|
+
line = " {style} {subkey:<50}{endstyle}"
|
|
26
26
|
line += " {correlation:>11}"
|
|
27
27
|
|
|
28
28
|
return line
|
|
@@ -30,7 +30,7 @@ class CorrelationReport(Report):
|
|
|
30
30
|
@property
|
|
31
31
|
def format_string(self) -> str:
|
|
32
32
|
"""Formatting string for each printed line."""
|
|
33
|
-
line = " {style}{subkey:<50}{endstyle}"
|
|
33
|
+
line = " {style}{marker} {subkey:<50}{endstyle}"
|
|
34
34
|
line += " {correlation:>11.2f}"
|
|
35
35
|
|
|
36
36
|
return line
|
|
@@ -32,6 +32,11 @@ try:
|
|
|
32
32
|
except ModuleNotFoundError:
|
|
33
33
|
logging.debug("psl module not loadable")
|
|
34
34
|
|
|
35
|
+
try:
|
|
36
|
+
from traffic_taffy.hooks.blag import ip_blagbl_lookup as ip_blagbl_lookup
|
|
37
|
+
except ModuleNotFoundError:
|
|
38
|
+
logging.debug("blag module not loadable")
|
|
39
|
+
|
|
35
40
|
|
|
36
41
|
def taffy_config_parse_args() -> Namespace:
|
|
37
42
|
"""Parse the command line arguments."""
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
__VERSION__ = "0.9.7"
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
import os
|
|
2
|
-
from traffic_taffy.dissection import PCAPDissectorLevel
|
|
3
|
-
from traffic_taffy.dissector_engine.dpkt import DissectionEngineDpkt
|
|
4
|
-
|
|
5
|
-
def test_dpkt_engine():
|
|
6
|
-
test_pcap = "dns.pcap"
|
|
7
|
-
test_pcap = "port53-2023-30-31_20.pcap"
|
|
8
|
-
test_pcap = "airplane-wireless.pcap"
|
|
9
|
-
if not os.path.exists(test_pcap):
|
|
10
|
-
return
|
|
11
|
-
|
|
12
|
-
engine = DissectionEngineDpkt(test_pcap,
|
|
13
|
-
dissector_level = PCAPDissectorLevel.COMMON_LAYERS)
|
|
14
|
-
dissection = engine.load()
|
|
15
|
-
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{traffic_taffy-0.9.7 → traffic_taffy-0.9.9}/traffic_taffy/algorithms/comparecorrelationchanges.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|