Module: PcapTools::Loader

Defined in:
lib/pcap_tools/loader.rb

Defined Under Namespace

Classes: MyParser

Class Method Summary collapse

Class Method Details

.load_file(f, options = {}, &block) ⇒ Object 



103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'lib/pcap_tools/loader.rb', line 103

def self.load_file f, options = {}, &block
  if options[:pdml]
    f = File.open(f, 'rb')
    Ox.sax_parse(MyParser.new(options, block), f)
    f.close
  else
    tshark_executable = options[:tshark] || "tshark"
    accepted_protocols = ["geninfo", "tcp", "ip", "eth", "sll", "frame", "null", "ethertype"]
    accepted_protocols += options[:accepted_protocols] if options[:accepted_protocols]
    profile_name = "pcap_tools"
    profile_dir = "#{ENV['HOME']}/.wireshark/profiles/#{profile_name}"
    status = POpen4::popen4("#{tshark_executable} -v") do |stdout, stderr, stdin, pid|
    end
    raise "#{tshark_executable} not found" unless status
    unless File.exist? "#{profile_dir}/disabled_protos"
      status = POpen4::popen4("#{tshark_executable} -G protocols") do |stdout, stderr, stdin, pid|
        list = stdout.read.split("\n").map { |x| x.split(" ").last }.reject { |x| accepted_protocols.include? x }
        FileUtils.mkdir_p profile_dir
        File.open("#{profile_dir}/disabled_protos", "w") { |io| io.write(list.join("\n") + "\n") }
      end
      raise "#{tshark_executable} execution error when listing protocols" unless status.exitstatus == 0
    end
    status = POpen4::popen4("#{tshark_executable} -n -C #{profile_name} -T pdml -r #{f}") do |stdout, stderr, stdin, pid|
      Ox.sax_parse(MyParser.new(options, block), stdout)
      $stderr.puts stderr.read
    end
    raise "#{tshark_executable} execution error with file #{f}" unless status.exitstatus == 0
  end
end