xbase-util 0.9.2__tar.gz → 0.9.4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {xbase_util-0.9.2 → xbase_util-0.9.4}/PKG-INFO +1 -1
- {xbase_util-0.9.2 → xbase_util-0.9.4}/setup.py +1 -1
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/pcap_util.py +8 -5
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util.egg-info/SOURCES.txt +0 -1
- xbase_util-0.9.2/xbase_util/test.py +0 -9
- {xbase_util-0.9.2 → xbase_util-0.9.4}/README.md +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/setup.cfg +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/__init__.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/common_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/esreq.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/packet_util.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util/xbase_constant.py +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.9.2 → xbase_util-0.9.4}/xbase_util_assets/arkimeparse.js +0 -0
|
@@ -2,6 +2,7 @@ import copy
|
|
|
2
2
|
import gzip
|
|
3
3
|
import math
|
|
4
4
|
import os
|
|
5
|
+
import re
|
|
5
6
|
import struct
|
|
6
7
|
import time
|
|
7
8
|
import traceback
|
|
@@ -247,9 +248,7 @@ def get_file_and_read_pos(session_id, file, pos_list):
|
|
|
247
248
|
packets[i] = packet_bytes
|
|
248
249
|
while next_packet in packets:
|
|
249
250
|
buffer = packets[next_packet]
|
|
250
|
-
|
|
251
|
-
next_packet += 1
|
|
252
|
-
# del packets[next_packet]
|
|
251
|
+
del packets[next_packet]
|
|
253
252
|
next_packet = next_packet + 1
|
|
254
253
|
if b_offset + len(buffer) > len(byte_array):
|
|
255
254
|
res.extend(byte_array[:b_offset])
|
|
@@ -274,7 +273,11 @@ def process_session_id_disk_simple(id, node, packet_pos, esdb, pcap_path_prefix)
|
|
|
274
273
|
pos_list.pop(0)
|
|
275
274
|
return get_file_and_read_pos(id, file, pos_list)
|
|
276
275
|
|
|
277
|
-
|
|
276
|
+
def normalize_spaces_and_newlines(text):
|
|
277
|
+
text = re.sub(r' +', ' ', text)
|
|
278
|
+
# 将连续多个 \n 替换为一个 \n
|
|
279
|
+
text = re.sub(r'\n{2,}', '\n', text)
|
|
280
|
+
return text
|
|
278
281
|
def parse_body(data, skey='', session_id='none'):
|
|
279
282
|
if data.find(b"\r\n\r\n") != -1:
|
|
280
283
|
res = data.split(b"\r\n\r\n", 1)
|
|
@@ -295,7 +298,7 @@ def parse_body(data, skey='', session_id='none'):
|
|
|
295
298
|
traceback.print_exc()
|
|
296
299
|
print(f"解压失败:{skey} {session_id}")
|
|
297
300
|
body = b''
|
|
298
|
-
return filter_visible_chars(header), filter_visible_chars(body)
|
|
301
|
+
return filter_visible_chars(header), normalize_spaces_and_newlines(filter_visible_chars(body))
|
|
299
302
|
|
|
300
303
|
|
|
301
304
|
def reassemble_session_pcap(reassemble_tcp_res, skey, session_id='none'):
|
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
from scapy.utils import rdpcap
|
|
2
|
-
|
|
3
|
-
from xbase_util.pcap_util import reassemble_tcp_pcap, reassemble_session_pcap
|
|
4
|
-
|
|
5
|
-
if __name__ == '__main__':
|
|
6
|
-
packets_scapy = reassemble_tcp_pcap(rdpcap("test.pcap"))
|
|
7
|
-
skey = '10.28.7.6:53867'
|
|
8
|
-
all_packets = reassemble_session_pcap(packets_scapy, skey=skey,session_id='emmmmm')
|
|
9
|
-
print(all_packets)
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|