pytstat
changeset 136:ac977bb4ca4d tip
added support for handle diffinder log in flow_label.py
| author | Alessandro Finamore <alessandro.finamore@ocracy.org> |
|---|---|
| date | Tue Oct 13 16:39:46 2009 +0200 (9 months ago) |
| parents | 5507731b5401 |
| children | |
| files | other-tools/flow_label.py |
line diff
1.1 --- a/other-tools/flow_label.py Tue Oct 13 15:52:13 2009 +0200 1.2 +++ b/other-tools/flow_label.py Tue Oct 13 16:39:46 2009 +0200 1.3 @@ -67,7 +67,7 @@ 1.4 ## check for command line arguments 1.5 if len(sys.argv) < 3 or \ 1.6 sys.argv[3].lower() != 'tab' and sys.argv[3].lower() != 'test': 1.7 - print sys.argv[0], '<tstat_log_flows> <kiss_proto_dir> tab|test' 1.8 + print sys.argv[0], '<flow_log> <kiss_proto_dir> tab|test' 1.9 sys.exit(1) 1.10 1.11 flow_log = sys.argv[1] 1.12 @@ -86,23 +86,62 @@ 1.13 fname = path.join(pred_dir, 'out', 'epnt_dst.' + ext + '.svmpredid') 1.14 out_dst = load_predid(fname, out_dst) 1.15 1.16 + # flow file is in tstat or diffinder format? 1.17 + f = open(flow_log) 1.18 + line = f.readline() 1.19 + if line.startswith('timestamp'): 1.20 + # diffinder format 1.21 + words = line.lower().split(',') 1.22 + IPA = words.index('ipa') 1.23 + IPB = words.index('ipb') 1.24 + PORTA = words.index('porta') 1.25 + PORTB = words.index('portb') 1.26 + PKTA = words.index('numpkt') 1.27 + PKTB = -1 1.28 + BYTEA = words.index('bytes') 1.29 + BYTEB = -1 1.30 + INTERNALA, INTERNALB = -1, -1 1.31 + SEPARATOR = ',' 1.32 + if IPA == -1 or IPB == -1 or \ 1.33 + PORTA == -1 or PORTB == -1 or\ 1.34 + PKTA == -1 or BYTEA == -1: 1.35 + print 'missing column in diffinder log' 1.36 + sys.exit(1) 1.37 + print IPA, IPB, PORTA, PORTB, PKTA, PKTB, BYTEA, BYTEB 1.38 + else: 1.39 + # Tstat format 1.40 + IPA, IPB = 0, 8 1.41 + PORTA, PORTB = 2, 10 1.42 + INTERNALA, INTERNALB = 6, 14 1.43 + PKTA, PKTB = 5, 13 1.44 + BYTEA, BYTEB = 4, 12 1.45 + SEPARATOR = ' ' 1.46 + 1.47 # propagate endpoint classification to flow level 1.48 - f = open(flow_log) 1.49 while True: 1.50 line = f.readline() 1.51 if line == '': 1.52 break 1.53 1.54 - words = line.split() 1.55 + words = line.split(SEPARATOR) 1.56 timestamp = words[2] 1.57 - ipA, portA = words[0:2] 1.58 - ipB, portB = words[8:10] 1.59 - internalA = bool(int(words[6])) 1.60 - internalB = bool(int(words[14])) 1.61 - pktA = int(words[5]) 1.62 - pktB = int(words[13]) 1.63 - bytesA = int(words[4]) 1.64 - bytesB = int(words[12]) 1.65 + ipA, ipB = words[IPA], words[IPB] 1.66 + portA, portB = words[PORTA], words[PORTB] 1.67 + if INTERNALA != -1: 1.68 + internalA = bool(int(words[INTERNALA])) 1.69 + internalB = bool(int(words[INTERNALB])) 1.70 + else: 1.71 + internalA, internalB = True, True 1.72 + pktA = int(words[PKTA]) 1.73 + if PKTB != -1: 1.74 + pktB = int(words[PKTB]) 1.75 + else: 1.76 + pktB = 0 1.77 + bytesA = int(words[BYTEA]) 1.78 + if BYTEB != -1: 1.79 + bytesB = int(words[BYTEB]) 1.80 + else: 1.81 + bytesB = 0 1.82 1.83 ## OUT 1.84 if internalA and not internalB: