diff options
author | Andreas Fankhauser hiddenalpha.ch | 2024-09-09 19:23:18 +0200 |
---|---|---|
committer | Andreas Fankhauser hiddenalpha.ch | 2024-09-09 19:23:18 +0200 |
commit | 57789b5738fbee37f0f5088053abb8c37e13e6ab (patch) | |
tree | 7cd288383aad28fbb8bb449f310757857867544a | |
parent | 94e7dab8195de64925c0bfc9a7a9127ccad94171 (diff) | |
download | UnspecifiedGarbage-57789b5738fbee37f0f5088053abb8c37e13e6ab.zip UnspecifiedGarbage-57789b5738fbee37f0f5088053abb8c37e13e6ab.tar.gz |
Tinker with pcap scanner.
-rw-r--r-- | src/main/lua/pcap/PrefluxListenerQueues.lua | 66 |
1 files changed, 48 insertions, 18 deletions
diff --git a/src/main/lua/pcap/PrefluxListenerQueues.lua b/src/main/lua/pcap/PrefluxListenerQueues.lua index f1f9658..9e41d83 100644 --- a/src/main/lua/pcap/PrefluxListenerQueues.lua +++ b/src/main/lua/pcap/PrefluxListenerQueues.lua @@ -1,9 +1,9 @@ -- Related: SDCISA-17355. -local objectSeal = require("scriptlee").objectSeal local newPcapDumper = require("pcapit").newPcapDumper local newPcapParser = require("pcapit").newPcapParser +local log, dst = io.stderr, io.stdout function onFrame( app, frame ) @@ -26,29 +26,59 @@ function onFrame( app, frame ) -- tcpAckNr -- trspPayload - print("", trspProtoStr, frame.trspProtoStr, "") - print("", frameCaplen, frame.frameCaplen(), "") - print("", frameLen, frame.frameLen(), "") - print("", trspSrcPort, frame.trspSrcPort(), "") - print("", netProtoStr, frame.netProtoStr(), "") - print("", netSrcIpStr, frame.netSrcIpStr(), "") - print("", trspDstPort, frame.trspDstPort(), "") - print("", tcpFlags, frame.tcpFlags(), "") - print("", frameArrivalTime, frame.frameArrivalTime(), "") - print("", rawFrame, frame.rawFrame(), "") - print("", tcpSeqNr, frame.tcpSeqNr(), "") - print("", netDstIpStr, frame.netDstIpStr(), "") - print("", tcpAckNr, frame.tcpAckNr(), "") - print("", trspPayload, frame.trspPayload(), "") - - error("whopsii") + local trspPayload = frame:trspPayload() + local a, b, c = trspPayload:match("^([^ ]+) ([^ ]+) ([^\r\n]+)\r?\n") + local isHttpRsp = (a and a:sub(1, 6) == "HTTP/1.") + local isHttpReq = (a and not isHttpRsp) + local httpProto, httpStatus, httpPhrase, httpMethod, httpUri + if isHttpRsp then httpProto, httpStatus, httpPhrase = a, b, c end + if isHttpReq then httpMethod, httpUri, httpProto = a, b, c end + -- + if trspPayload + and trspPayload:find("HTTP") + and not trspPayload:find("^GET ") + and not trspPayload:find("^PUT ") + and not trspPayload:find("^POST ") + and not trspPayload:find("^DELETE ") + then + log:write("SUB: '".. trspPayload:sub(1, 6) .."'\n") + end + -- + local tcpStreamKey = getTcpStreamKey(frame) + if isHttpReq then + if not httpUri:find("/preflux/from/vehicles/[^/]+/system/status/v1/system/info") then return end + log:write(os.date("%H:%M:%S", frame:frameArrivalTime()) .." " + .. httpMethod .." ".. httpUri.." ".. httpProto .."\n") + local tcpStreamFoo = app.tcpStreamFooById[tcpStreamKey] + if not tcpStreamFoo then + tcpStreamFoo = 42 + app.tcpStreamFooById[tcpStreamKey] = tcpStreamFoo + end + end + if isHttpRsp then + log:write(os.date("%H:%M:%S", frame:frameArrivalTime()) .." " + .. httpProto .." ".. httpStatus .." ".. httpPhrase .."\n") + end + app.tcpStreamFooById[tcpStreamKey] = false + + --if not isHttpReq and not isHttpRsp then return end + --if not foo then foo = 1 else foo = foo + 1 end + --if foo > 99 then error("TUDUDELI_vjUAADBKAABXTQAA") end +end + + +function getTcpStreamKey( frame ) + local f = frame + return f:netDstIpStr() .."\0".. f:netSrcIpStr() .."\0".. f:trspDstPort() .."\0".. f:trspSrcPort() end function main() - local app = objectSeal{ + log:write("[WARN ] This script is NOT ready for usage.\n") + local app = { srcPath = "houston-prod-tcp-20240906-143144Z.pcap", parser = false, + tcpStreamFooById = {}, } app.parser = newPcapParser{ dumpFilePath = app.srcPath, |