PyPI - xbase-util - Versions diffs - 0.8.2__tar.gz → 0.8.4__tar.gz - Mend

xbase-util 0.8.2tar.gz → 0.8.4tar.gz

Files changed (37) hide show

{xbase_util-0.8.2 → xbase_util-0.8.4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase_util
-Version: 0.8.2
+Version: 0.8.4
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.8.2 → xbase_util-0.8.4}/setup.py RENAMED Viewed

@@ -3,7 +3,7 @@ from distutils.core import setup
 from setuptools import find_packages
 setup(name="xbase_util",
-      version="0.8.2",
+      version="0.8.4",
       description="网络安全基础工具",
       long_description="包含提取，预测，训练的基础工具",
       author="xyt",

xbase_util-0.8.2/xbase_util/xbase_util.py → xbase_util-0.8.4/xbase_util/common_util.py RENAMED Viewed

@@ -12,11 +12,20 @@ import numpy as np
 import tldextract
 from scapy.layers.dns import DNS
-from xbase_util.xbase_constant import dns_domain_list, parse_path
+from xbase_util.xbase_constant import parse_path, dns_domain_list
-def parse_chunked_body(data: bytes) -> bytes:
-    body = b""
+def filter_visible_chars(data):
+    """
+    过滤不可见字符，仅保留可打印的ASCII字符
+    :param data:
+    :return:
+    """
+    return ''.join(chr(b) for b in data if 32 <= b <= 126 or b in (9, 10, 13))
+def parse_chunked_body(data: bytes, need_un_gzip=False) -> bytes:
+    body = b''
     while True:
         chunk_size_end = data.find(b"\r\n")
         if chunk_size_end == -1:
@@ -29,10 +38,13 @@ def parse_chunked_body(data: bytes) -> bytes:
         chunk_end = chunk_start + chunk_size
         body += data[chunk_start:chunk_end]
         data = data[chunk_end + 2:]
-    try:
-        body = gzip.decompress(body)
-        return body
-    except gzip.BadGzipFile:
+    if need_un_gzip:
+        try:
+            return gzip.decompress(body)
+        except gzip.BadGzipFile:
+            print("解压错误")
+            return body
+    else:
         return body
@@ -79,20 +91,17 @@ def get_ua_duplicate_count(text_data):
     return sum(count)
-def get_res_status_code_list(text_data):
+def get_res_status_code_list(all_packets):
     value_res = []
-    res = []
     num_1 = 0
     num_2 = 0
     num_3 = 0
     num_4 = 0
     num_5 = 0
-    res.extend([item for item in text_data.splitlines() if item.startswith("HTTP/")])
-    for item in res:
-        m = re.search(r"\b(\d{3})\b", item)
-        if m:
-            value_res.append(int(m.group(0)))
+    for item in all_packets:
+        match = re.search(r'HTTP/\d\.\d (\d{3})', item['res_header'])
+        if match:
+            value_res.append(int(match.group(1)))
     for value in value_res:
         if 0 <= value < 200:
             num_1 = num_1 + 1
@@ -182,16 +191,6 @@ def get_uri_depth(url):
     return 0
-def firstOrZero(param):
-    if type(param).__name__ == 'list':
-        if (len(param)) != 0:
-            return param[0]
-        else:
-            return 0
-    else:
-        return 0
 def get_statistic_fields(packets):
     length_ranges = {
         "0_19": (0, 19),

{xbase_util-0.8.2 → xbase_util-0.8.4}/xbase_util/packet_util.py RENAMED Viewed

@@ -1,9 +1,8 @@
 import copy
-import re
 from xbase_util.xbase_constant import plain_content_type_columns, packetKeyname, src_dst_header, statisticHeader, \
-    features_key, plain_body_columns, http_version_pattern, http_req_method_pattern, http_req_path_pattern, res_status_code_pattern
-from xbase_util.xbase_util import firstOrZero
+    features_key, plain_body_columns, http_version_pattern, http_req_method_pattern, http_req_path_pattern, \
+    res_status_code_pattern
 def content_type_is_plain(packet):
@@ -23,15 +22,6 @@ def content_type_is_plain(packet):
     return False
-def filter_visible_chars(data):
-    """
-    过滤不可见字符，仅保留可打印的ASCII字符
-    :param data:
-    :return:
-    """
-    return ''.join(chr(b) for b in data if 32 <= b <= 126 or b in (9, 10, 13))
 def get_all_columns(
         contains_packet_column=False,
         contains_src_dst_column=False,
@@ -62,6 +52,16 @@ def get_all_columns(
 # req_body_pattern = re.compile(
 #     r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d[\s\S]*?(?=HTTP/\d\.\d)", re.DOTALL)
+def firstOrZero(param):
+    if type(param).__name__ == 'list':
+        if (len(param)) != 0:
+            return param[0]
+        else:
+            return 0
+    else:
+        return 0
 def get_header_value(header_set, value):
     result = [item for item in header_set if value in item]
     if len(result) != 0:

xbase_util-0.8.4/xbase_util/pcap_util.py ADDED Viewed

@@ -0,0 +1,463 @@
+import copy
+import gzip
+import math
+import os
+import struct
+import time
+import zlib
+from functools import cmp_to_key
+from Crypto.Cipher import AES
+from scapy.layers.inet import TCP, IP
+from scapy.packet import Raw
+from zstandard import ZstdDecompressor
+from xbase_util.common_util import parse_chunked_body, filter_visible_chars
+from xbase_util.xbase_constant import pattern_chuncked, pattern_gzip
+def fix_pos(pos, packetPosEncoding):
+    if pos is None or len(pos) == 0:
+        return
+    if packetPosEncoding == "gap0":
+        last = 0
+        lastgap = 0
+        for i, pos_item in enumerate(pos):
+            if pos[i] < 0:
+                last = 0
+            else:
+                if pos[i] == 0:
+                    pos[i] = last + lastgap
+                else:
+                    lastgap = pos[i]
+                    pos[i] += last
+                last = pos[i]
+def group_numbers(nums):
+    result = []
+    for num in nums:
+        if num < 0:
+            result.append([num])
+        elif result:
+            result[-1].append(num)
+    return result
+def decompress_streaming(compressed_data, session_id):
+    try:
+        decompressor = ZstdDecompressor()
+        with decompressor.stream_reader(compressed_data) as reader:
+            decompressed_data = reader.read()
+            return decompressed_data
+    except Exception as e:
+        print(f"解码错误：{e}  {session_id}")
+        return bytearray()
+def readUInt32BE(buffer, offset):
+    return struct.unpack('>I', buffer[offset:offset + 4])[0]
+def readUInt32LE(buffer, offset):
+    return struct.unpack('<I', buffer[offset:offset + 4])[0]
+def writeUInt32BE(buffer, pos, value):
+    struct.pack_into('>I', buffer, pos, value)
+    return buffer
+def read_header(param_map, session_id):
+    shortHeader = None
+    headBuffer = os.read(param_map['fd'], 64)
+    if param_map['encoding'] == 'aes-256-ctr':
+        if 'iv' in param_map:
+            param_map['iv'][12:16] = struct.pack('>I', 0)
+            headBuffer = bytearray(
+                AES.new(param_map['encKey'], AES.MODE_CTR, nonce=param_map['iv']).decrypt(bytes(headBuffer)))
+        else:
+            print("读取头部信息失败，iv向量为空")
+    elif param_map['encoding'] == 'xor-2048':
+        for i in range(len(headBuffer)):
+            headBuffer[i] ^= param_map['encKey'][i % 256]
+    if param_map['uncompressedBits']:
+        if param_map['compression'] == 'gzip':
+            headBuffer = zlib.decompress(bytes(headBuffer), zlib.MAX_WBITS | 16)
+        elif param_map['compression'] == 'zstd':
+            headBuffer = decompress_streaming(headBuffer, session_id)
+    headBuffer = headBuffer[:24]
+    magic = struct.unpack('<I', headBuffer[:4])[0]
+    bigEndian = (magic == 0xd4c3b2a1 or magic == 0x4d3cb2a1)
+    nanosecond = (magic == 0xa1b23c4d or magic == 0x4d3cb2a1)
+    if not bigEndian and magic not in {0xa1b2c3d4, 0xa1b23c4d, 0xa1b2c3d5}:
+        raise ValueError("Corrupt PCAP header")
+    if magic == 0xa1b2c3d5:
+        shortHeader = readUInt32LE(headBuffer, 8)
+        headBuffer[0] = 0xd4  # Reset header to normal
+    if bigEndian:
+        linkType = readUInt32BE(headBuffer, 20)
+    else:
+        linkType = readUInt32LE(headBuffer, 20)
+    return headBuffer, shortHeader, bigEndian, linkType, nanosecond
+def create_decipher(pos, param_map):
+    writeUInt32BE(param_map['iv'], pos, 12)
+    return AES.new(param_map['encKey'], AES.MODE_CTR, nonce=param_map['iv'])
+def read_packet_internal(pos_arg, hp_len_arg, param_map, session_id):
+    pos = pos_arg
+    hp_len = hp_len_arg
+    if hp_len == -1:
+        if param_map['compression'] == "zstd":
+            hp_len = param_map['uncompressedBitsSize']
+        else:
+            hp_len = 2048
+    inside_offset = 0
+    if param_map['uncompressedBits']:
+        inside_offset = pos & param_map['uncompressedBitsSize'] - 1
+        pos = math.floor(pos / param_map['uncompressedBitsSize'])
+    pos_offset = 0
+    if param_map['encoding'] == 'aes-256-ctr':
+        pos_offset = pos % 16
+        pos = pos - pos_offset
+    elif param_map['encoding'] == 'xor-2048':
+        pos_offset = pos % 256
+        pos = pos - pos_offset
+    hp_len = 256 * math.ceil((hp_len + inside_offset + pos_offset) / 256)
+    buffer = bytearray(hp_len)
+    os.lseek(param_map['fd'], pos, os.SEEK_SET)
+    read_buffer = os.read(param_map['fd'], len(buffer))
+    if len(read_buffer) - pos_offset < 16:
+        return None
+    if param_map['encoding'] == 'aes-256-ctr':
+        decipher = create_decipher(pos // 16, param_map)
+        read_buffer = bytearray(decipher.decrypt(read_buffer))[pos_offset:]
+    elif param_map['encoding'] == 'xor-2048':
+        read_buffer = bytearray(b ^ param_map['encKey'][i % 256] for i, b in enumerate(read_buffer))[pos_offset:]
+    if param_map['uncompressedBits']:
+        try:
+            if param_map['compression'] == 'gzip':
+                read_buffer = zlib.decompress(read_buffer, zlib.MAX_WBITS | 16)
+            elif param_map['compression'] == 'zstd':
+                read_buffer = decompress_streaming(read_buffer, session_id)
+        except Exception as e:
+            print(f"PCAP uncompress issue:  {pos} {len(buffer)} {read_buffer} {e}")
+            return None
+    if inside_offset:
+        read_buffer = read_buffer[inside_offset:]
+    header_len = 16 if param_map['shortHeader'] is None else 6
+    if len(read_buffer) < header_len:
+        if hp_len_arg == -1 and param_map['compression'] == 'zstd':
+            return read_packet_internal(pos_arg, param_map['uncompressedBitsSize'] * 2, param_map, session_id)
+        print(f"Not enough data {len(read_buffer)} for header {header_len}")
+        return None
+    packet_len = struct.unpack('>I' if param_map['bigEndian'] else '<I', read_buffer[8:12])[
+        0] if param_map['shortHeader'] is None else \
+        struct.unpack('>H' if param_map['bigEndian'] else '<H', read_buffer[:2])[0]
+    if packet_len < 0 or packet_len > 0xffff:
+        return None
+    if header_len + packet_len <= len(read_buffer):
+        if param_map['shortHeader'] is not None:
+            t = struct.unpack('<I', read_buffer[2:6])[0]
+            sec = (t >> 20) + param_map['shortHeader']
+            usec = t & 0xfffff
+            new_buffer = bytearray(16 + packet_len)
+            struct.pack_into('<I', new_buffer, 0, sec)
+            struct.pack_into('<I', new_buffer, 4, usec)
+            struct.pack_into('<I', new_buffer, 8, packet_len)
+            struct.pack_into('<I', new_buffer, 12, packet_len)
+            new_buffer[16:] = read_buffer[6:packet_len + 6]
+            return new_buffer
+        return read_buffer[:header_len + packet_len]
+    if hp_len_arg != -1:
+        return None
+    return read_packet_internal(pos_arg, 16 + packet_len, param_map, session_id)
+def read_packet(pos, param_map, session_id):
+    if 'fd' not in param_map or not param_map['fd']:
+        time.sleep(0.01)
+        return read_packet(pos, param_map['fd'], session_id)
+    return read_packet_internal(pos, -1, param_map, session_id)
+def get_file_and_read_pos(session_id, file, pos_list):
+    filename = file['name']
+    if not os.path.isfile(filename):
+        print(f"文件不存在:{filename}")
+        return None
+    encoding = file.get('encoding', 'normal')
+    encKey = None
+    iv = None
+    compression = None
+    if 'dek' in file:
+        dek = bytes.fromhex(file['dek'])
+        encKey = AES.new(file['kek'].encode(), AES.MODE_CBC).decrypt(dek)
+    if 'uncompressedBits' in file:
+        uncompressedBits = file['uncompressedBits']
+        uncompressedBitsSize = 2 ** uncompressedBits
+        compression = 'gzip'
+    else:
+        uncompressedBits = None
+        uncompressedBitsSize = 0
+    if 'compression' in file:
+        compression = file['compression']
+    if 'iv' in file:
+        iv_ = bytes.fromhex(file['iv'])
+        iv = bytearray(16)
+        iv[:len(iv_)] = iv_
+    fd = os.open(filename, os.O_RDONLY)
+    param_map = {
+        "fd": fd,
+        "encoding": encoding,
+        "iv": iv,
+        "encKey": encKey,
+        "uncompressedBits": uncompressedBits,
+        "compression": compression,
+        "uncompressedBitsSize": uncompressedBitsSize
+    }
+    res = bytearray()
+    headBuffer, shortHeader, bigEndian, linkType, nanosecond = read_header(param_map, session_id)
+    res.extend(headBuffer)
+    param_map['shortHeader'] = shortHeader
+    param_map['bigEndian'] = bigEndian
+    # _________________________________
+    byte_array = bytearray(0xfffe)
+    next_packet = 0
+    b_offset = 0
+    packets = {}
+    # packet_objs = []
+    i = 0
+    for pos in pos_list:
+        packet_bytes = read_packet(pos, param_map, session_id)
+        # if reture_obj:
+        #     obj = decode_obj(packet_bytes, bigEndian, linkType, nanosecond, )
+        #     packet_objs.append(copy.deepcopy(obj))
+        if not packet_bytes:
+            continue
+        packets[i] = packet_bytes
+        while next_packet in packets:
+            buffer = packets[next_packet]
+            next_packet += 1
+            # del packets[next_packet]
+            next_packet = next_packet + 1
+            if b_offset + len(buffer) > len(byte_array):
+                res.extend(byte_array[:b_offset])
+                b_offset = 0
+                byte_array = bytearray(0xfffe)
+            byte_array[b_offset:b_offset + len(buffer)] = buffer
+            b_offset += len(buffer)
+        i = i + 1
+    os.close(fd)
+    res.extend(byte_array[:b_offset])
+    return res
+def process_session_id_disk_simple(id, node, packet_pos, esdb, pcap_path_prefix):
+    packetPos = packet_pos
+    file = esdb.get_file_by_file_id(node=node, num=abs(packetPos[0]),
+                                    prefix=None if pcap_path_prefix == "origin" else pcap_path_prefix)
+    if file is None:
+        return None, None
+    fix_pos(packetPos, file['packetPosEncoding'])
+    pos_list = group_numbers(packetPos)[0]
+    pos_list.pop(0)
+    return get_file_and_read_pos(id, file, pos_list)
+def parse_body(data):
+    if data.find(b"\r\n\r\n") != -1:
+        res = data.split(b"\r\n\r\n", 1)
+        header = res[0]
+        body = res[1]
+    else:
+        header = data
+        body = b''
+    chunked_pattern = pattern_chuncked.search(header)
+    gzip_pattern = pattern_gzip.search(header)
+    need_gzip = gzip_pattern and b'gzip' in gzip_pattern.group()
+    if chunked_pattern and b'chunked' in chunked_pattern.group():
+        body = parse_chunked_body(body, need_un_gzip=need_gzip)
+    elif need_gzip:
+        try:
+            body = gzip.decompress(body)
+        except:
+            print("解压失败")
+            pass
+    result_body_str = filter_visible_chars(body)
+    return filter_visible_chars(header), result_body_str
+def reassemble_session_pcap(reassemble_tcp_res, skey):
+    my_map = {
+        'key': '',
+        'req_header': '',
+        'req_body': '',
+        'req_time': 0,
+        'req_size': 0,
+        'res_header': '',
+        'res_body': '',
+        'res_time': 0,
+        'res_size': 0,
+    }
+    packet_list = []
+    for index, packet in enumerate(reassemble_tcp_res):
+        header, body = parse_body(packet['data'])
+        if index == len(reassemble_tcp_res) - 1:
+            packet_list.append(copy.deepcopy(my_map))
+        if packet['key'] == skey:
+            if index != 0:
+                packet_list.append(copy.deepcopy(my_map))
+                my_map = {
+                    'key': packet['key'],
+                    'req_header': '',
+                    'req_body': b'',
+                    'req_time': 0,
+                    'req_size': 0,
+                    'res_header': '',
+                    'res_body': b'',
+                    'res_time': 0,
+                    'res_size': 0,
+                }
+            my_map["req_header"] = header
+            my_map["req_body"] = body
+            my_map["req_time"] = packet['ts']
+            my_map["req_size"] = len(packet['data'])
+        else:
+            my_map["res_header"] = header
+            my_map["res_body"] = body
+            my_map["res_time"] = packet['ts']
+            my_map["res_size"] = len(packet['data'])
+    return packet_list
+def reassemble_tcp_pcap(p):
+    packets = [{'pkt': item} for item in p if TCP in item and Raw in item]
+    packets2 = []
+    info = {}
+    keys = []
+    for index, packet in enumerate(packets):
+        data = packet['pkt'][Raw].load
+        flags = packet['pkt'][TCP].flags
+        seq = packet['pkt'][TCP].seq
+        if len(data) == 0 or 'R' in flags or 'S' in flags:
+            continue
+        key = f"{packet['pkt'][IP].src}:{packet['pkt'][IP].sport}"
+        if key not in info.keys():
+            info[key] = {
+                "min": seq,
+                "max": seq,
+                "wrapseq": False,
+                "wrapack": False,
+            }
+            keys.append(key)
+        elif info[key]["min"] > seq:
+            info[key]['min'] = seq
+        elif info[key]["max"] < seq:
+            info[key]['max'] = seq
+        packets2.append(packet)
+    if len(keys) == 1:
+        key = f"{packets['pkt'][IP].dst}:{packets['pkt'][IP].dport}"
+        ack = packets['pkt'][TCP].ack
+        info[key] = {
+            "min": ack,
+            "max": ack,
+            "wrapseq": False,
+            "wrapack": False,
+        }
+        keys.append(key)
+    packets = packets2
+    if len(packets) == 0:
+        return []
+    needwrap = False
+    if info[keys[0]] and info[keys[0]]['max'] - info[keys[0]]['min'] > 0x7fffffff:
+        info[keys[0]]['wrapseq'] = True
+        info[keys[0]]['wrapack'] = True
+        needwrap = True
+    if info[keys[1]] and info[keys[1]]['max'] - info[keys[1]]['min'] > 0x7fffffff:
+        info[keys[1]]['wrapseq'] = True
+        info[keys[0]]['wrapack'] = True
+        needwrap = True
+    if needwrap:
+        for packet in packets:
+            key = f"{packet['ip']['addr1']}:{packet['tcp']['sport']}"
+            if info[key]['wrapseq'] and packet['tcp']['seq'] < 0x7fffffff:
+                packet['tcp']['seq'] += 0xffffffff
+            if info[key]['wrapack'] and packet['tcp']['ack'] < 0x7fffffff:
+                packet['tcp']['ack'] += 0xffffffff
+    clientKey = f"{packets[0]['pkt'][IP].src}:{packets[0]['pkt'][IP].sport}"
+    def compare_packets(a, b):
+        a_seq = a['pkt'][TCP].seq
+        b_seq = b['pkt'][TCP].seq
+        a_ack = a['pkt'][TCP].ack
+        b_ack = b['pkt'][TCP].ack
+        a_data = a['pkt'][Raw].load
+        b_data = b['pkt'][Raw].load
+        a_ip = a['pkt'][IP].src
+        a_port = a['pkt'][TCP].sport
+        b_port = b['pkt'][TCP].sport
+        b_ip = b['pkt'][IP].src
+        if a_ip == b_ip and a_port == b_port:
+            return a_seq - b_seq
+        if clientKey == f"{a_ip}:{a_port}":
+            return (a_seq + len(a_data) - 1) - b_ack
+        return a_ack - (b_seq + len(b_data) - 1)
+    packets.sort(key=cmp_to_key(compare_packets))
+    # del packets[num_packets:]
+    # Now divide up conversation
+    clientSeq = 0
+    hostSeq = 0
+    previous = 0
+    results = []
+    for i, item in enumerate(packets):
+        sip = item['pkt'][IP].src
+        sport = item['pkt'][IP].sport
+        seq = item['pkt'][TCP].seq
+        data = item['pkt'][Raw].load
+        pkey = f"{sip}:{sport}"
+        seq_datalen = seq + len(data)
+        if pkey == clientKey:
+            if clientSeq >= seq_datalen:
+                continue
+            clientSeq = seq_datalen
+        else:
+            if hostSeq >= seq_datalen:
+                continue
+            hostSeq = seq_datalen
+        if len(results) == 0 or pkey != results[len(results) - 1]['key']:
+            previous = seq
+            results.append({
+                'key': pkey,
+                'data': copy.deepcopy(data),
+                'ts': float(item['pkt'].time),
+                'pkt': item['pkt'],
+            })
+        elif seq - previous > 0xffff:
+            results.append(
+                {'key': '',
+                 'data': b'',
+                 'ts': float(item['pkt'].time),
+                 'pkt': item['pkt'],
+                 })
+            previous = seq
+            results.append({
+                'key': pkey,
+                'data': copy.deepcopy(data),
+                'ts': float(item['pkt'].time),
+                'pkt': item['pkt'],
+            })
+        else:
+            previous = seq
+            results[-1]['data'] += data
+    return results

xbase_util-0.8.4/xbase_util/test.py ADDED Viewed

@@ -0,0 +1,40 @@
+import re
+import numpy as np
+from scapy.packet import Raw
+from scapy.utils import rdpcap
+from xbase_util.common_util import get_res_status_code_list
+from xbase_util.pcap_util import reassemble_tcp_pcap, reassemble_session_pcap
+from xbase_util.xbase_constant import res_status_code_pattern
+if __name__ == '__main__':
+    packets_scapy = reassemble_tcp_pcap(rdpcap("gzip2.pcap"))
+    skey = '10.28.7.16:54398'
+    streams = b""
+    for pkt in packets_scapy:
+        if Raw in pkt:
+            streams += pkt[Raw].load
+    text_data = streams.decode('ascii', errors='ignore')
+    all_packets = reassemble_session_pcap(packets_scapy, skey=skey)
+    if len(all_packets) != 0:
+        all_req_size = [item['req_size'] for item in all_packets if item['key'] == skey]
+        all_res_size = [item['res_size'] for item in all_packets if item['key'] != skey]
+        num_1, num_2, num_3, num_4, num_5 = get_res_status_code_list(all_packets)
+        # 获取请求头参数数量
+        req_header_count_list = [req['req_header'].count(":") for req in all_packets]
+        # 请求的时间间隔
+        request_flattened_time = [item['req_time'] for item in all_packets]
+        request_time_diffs = [request_flattened_time[i + 1] - request_flattened_time[i] for i in
+                              range(len(request_flattened_time) - 1)]
+        request_mean_diff = round(np.nanmean(request_time_diffs), 5) or 0
+        request_variance_diff = round(np.nanvar(request_time_diffs), 5) or 0
+        # 响应的时间间隔
+        response_flattened_time = [item['res_time'] for item in all_packets]
+        response_time_diffs = [response_flattened_time[i + 1] - response_flattened_time[i] for i in
+                               range(len(response_flattened_time) - 1)]
+        response_mean_diff = round(np.nanmean(response_time_diffs), 5) or 0
+        response_variance_diff = round(np.nanvar(response_time_diffs), 5) or 0
+        time_period = [(abs(item['res_time'] - item['req_time'])) for item in
+                       all_packets if item['res_time'] != 0 and item['req_time'] != 0]

{xbase_util-0.8.2 → xbase_util-0.8.4}/xbase_util.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase-util
-Version: 0.8.2
+Version: 0.8.4
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.8.2 → xbase_util-0.8.4}/xbase_util.egg-info/SOURCES.txt RENAMED Viewed

@@ -2,6 +2,7 @@ README.md
 setup.py
 xbase_util/__init__.py
 xbase_util/add_column_util.py
+xbase_util/common_util.py
 xbase_util/dangerous_util.py
 xbase_util/es_db_util.py
 xbase_util/esreq.py
@@ -9,9 +10,8 @@ xbase_util/geo_util.py
 xbase_util/handle_features_util.py
 xbase_util/packet_util.py
 xbase_util/pcap_util.py
-xbase_util/segment.py
+xbase_util/test.py
 xbase_util/xbase_constant.py
-xbase_util/xbase_util.py
 xbase_util.egg-info/PKG-INFO
 xbase_util.egg-info/SOURCES.txt
 xbase_util.egg-info/dependency_links.txt

xbase-util 0.8.2__tar.gz → 0.8.4__tar.gz

xbase-util 0.8.2tar.gz → 0.8.4tar.gz