Merge pull request #7 from CAIDA/rsdos-multiversion

Update rsdos parser to handle both the original schema and the new version just added to corsaro3
CAIDA · May 16, 2021 · c99534c · c99534c
2 parents 941f800 + 4ab4ee2
commit c99534c
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 3 deletions.
diff --git a/src/pyavro_stardust/rsdos.pxd b/src/pyavro_stardust/rsdos.pxd
@@ -55,6 +55,11 @@ cpdef enum RsdosAttribute:
     ATTR_RSDOS_FIRST_TARGET_PORT = 16
     ATTR_RSDOS_LAST_ATTRIBUTE = 17
 
+cpdef enum RsdosAttributeStirng:
+    ATTR_RSDOS_MAXMIND_CONTINENT = 0
+    ATTR_RSDOS_MAXMIND_COUNTRY = 1
+    ATTR_RSDOS_LAST_STRING_ATTRIBUTE = 2
+
 cdef class AvroRsdos(AvroRecord):
 
     cdef unsigned char *packetcontent

diff --git a/src/pyavro_stardust/rsdos.pyx b/src/pyavro_stardust/rsdos.pyx
@@ -42,13 +42,32 @@ from pyavro_stardust.baseavro cimport AvroRecord, read_long, read_string, \
 @cython.final
 cdef class AvroRsdos(AvroRecord):
     def __init__(self):
-        super().__init__(ATTR_RSDOS_LAST_ATTRIBUTE, 0, 0)
+        super().__init__(ATTR_RSDOS_LAST_ATTRIBUTE,
+                ATTR_RSDOS_LAST_STRING_ATTRIBUTE, 0)
         self.pktcontentlen = 0
         self.packetcontent = NULL
         self.schemaversion = 1
 
     def __str__(self):
-        return "%u %u.%06u %u.%06u %08x %u %u %u %u %u %u %u %u %u" % \
+        if self.schemaversion == 1:
+            return "%u v1 %u.%06u %u.%06u %08x %u %u %u %u %u %u %u %u %u ?? ??" % \
+                    (self.attributes_l[<int>ATTR_RSDOS_TIMESTAMP], \
+                     self.attributes_l[<int>ATTR_RSDOS_START_TIME_SEC],
+                     self.attributes_l[<int>ATTR_RSDOS_START_TIME_USEC],
+                     self.attributes_l[<int>ATTR_RSDOS_LATEST_TIME_SEC],
+                     self.attributes_l[<int>ATTR_RSDOS_LATEST_TIME_USEC],
+                     self.attributes_l[<int>ATTR_RSDOS_TARGET_IP],
+                     self.attributes_l[<int>ATTR_RSDOS_TARGET_PROTOCOL],
+                     self.attributes_l[<int>ATTR_RSDOS_PACKET_LEN],
+                     self.attributes_l[<int>ATTR_RSDOS_ATTACKER_IP_CNT],
+                     self.attributes_l[<int>ATTR_RSDOS_ATTACK_PORT_CNT],
+                     self.attributes_l[<int>ATTR_RSDOS_TARGET_PORT_CNT],
+                     self.attributes_l[<int>ATTR_RSDOS_PACKET_CNT],
+                     self.attributes_l[<int>ATTR_RSDOS_BYTE_CNT],
+                     self.attributes_l[<int>ATTR_RSDOS_MAX_PPM_INTERVAL],
+                     self.getRsdosPacketSize())
+
+        return "%u v2 %u.%06u %u.%06u %08x %u %u %u %u %u %u %u %u %u %s %s" % \
                 (self.attributes_l[<int>ATTR_RSDOS_TIMESTAMP], \
                  self.attributes_l[<int>ATTR_RSDOS_START_TIME_SEC],
                  self.attributes_l[<int>ATTR_RSDOS_START_TIME_USEC],
@@ -63,7 +82,9 @@ cdef class AvroRsdos(AvroRecord):
                  self.attributes_l[<int>ATTR_RSDOS_PACKET_CNT],
                  self.attributes_l[<int>ATTR_RSDOS_BYTE_CNT],
                  self.attributes_l[<int>ATTR_RSDOS_MAX_PPM_INTERVAL],
-                 self.getRsdosPacketSize())
+                 self.getRsdosPacketSize(),
+                 self.attributes_s[<int>ATTR_RSDOS_MAXMIND_CONTINENT].decode('utf-8'),
+                 self.attributes_s[<int>ATTR_RSDOS_MAXMIND_COUNTRY].decode('utf-8'))
 
     cpdef dict asDict(self):
         cdef dict result
@@ -93,8 +114,12 @@ cdef class AvroRsdos(AvroRecord):
         }
 
         if self.schemaversion == 2:
+            del(result["attacker_count"])
+            result["attacker_slash16_count"] = self.attributes_l[<int>ATTR_RSDOS_ATTACKER_IP_CNT]
             result['first_attack_port'] = self.attributes_l[<int>ATTR_RSDOS_FIRST_ATTACK_PORT]
             result['first_target_port'] = self.attributes_l[<int>ATTR_RSDOS_FIRST_TARGET_PORT]
+            result['maxmind_continent'] = self.attributes_s[<int>ATTR_RSDOS_MAXMIND_CONTINENT]
+            result['maxmind_country'] = self.attributes_s[<int>ATTR_RSDOS_MAXMIND_COUNTRY]
 
         return result
 
@@ -195,6 +220,14 @@ cdef class AvroRsdosReader(AvroReader):
                 return 0
             offset += offinc
 
+        if self.schemaversion == 2:
+            for i in range(0, ATTR_RSDOS_LAST_STRING_ATTRIBUTE):
+                offinc = self.currentrec.parseString(buf[offset:],
+                        maxlen - offset, i)
+                if offinc <= 0:
+                    return 0
+                offset += offinc
+
         return self.currentrec.setRsdosPacketString(buf[offset:],
                 maxlen - offset);