Tags: simsong/tcpflow
Tags
fixed sizeof(addr1) and sizeof(addr2) error in un_pair
Implement scan_python to process flow by external python script (#164) * Implement scan_python to process flow by external python script Many authors have participed to this effort: - @jakesmo https://github.com/jakesmo - @lassimus https://github.com/lassimus - @olibre https://github.com/olibre The objective is to extend tcpflow using python language. The original work is available on @lassimus' fork: https://github.com/lassimus/tcpflow/commits/master @olibre has continued the work, and has deeply refactored the original source code from @jakesmo and @lassimus. Instead of adding a new option -P, this commit reuses option "-e python" and adds three parameters: - -S py_path=... - -S py_module=... - -S py_function=.... Autotools/Automake files have also been fixed in comparaison of original source code from @jakesmo and @lassimus. CMake files have been updated. For the Autotools/Automake side, the project builds fine with and without the package python-devel. However for CMake build, package python-devel is required This will be improved in a future pull request about CMake. The resulted tcpflow executable have been tested in many ways: - built with and without python-devel installation, - tested with and without options -a, -e python, - tested in situations where parameters were inconsistent - tested with mistakes in parameters - ... There are also some TODOs withing the source code assigned to @simsong: TODO #1 When the scanner cannot initialize it, should we use sp.info->flags = scanner_info::SCANNER_DISABLED? TODO #2 Why PHASE_THREAD_BEFORE_SCAN never called? TODO #3 Similar to TODO #1 This new feature will amplify the possibilities of tcpflow output data processing 😃 * Remplace XML tag <scan_python_result> by <tcpflow:result> For more information, see: dfxml-working-group/dfxml_schema#24 * Fix XML tag name <tcpflow:result> * Avoid symbols "<" and ">" in XML value * Rename XML attribute py_function -> function
PreviousNext