Class: Suricata::Connection

Inherits:
Object
  • Object
show all
Defined in:
lib/suricata/connection.rb

Overview

This class splits a connection string into it's parts

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(string = nil) ⇒ Connection

This constructor calls parse(string) if string is not nil

Parameters:

  • string (String) (defaults to: nil)

    string to parse


40
41
42
43
44
# File 'lib/suricata/connection.rb', line 40

def initialize(string=nil)
	if not string.nil?
		parse(string)
	end
end

Instance Attribute Details

#dportObject

destination port


35
# File 'lib/suricata/connection.rb', line 35

attr_accessor :proto, :src, :dst, :sport, :dport

#dstObject

destination-ip


35
# File 'lib/suricata/connection.rb', line 35

attr_accessor :proto, :src, :dst, :sport, :dport

#protoObject

protocol


35
36
37
# File 'lib/suricata/connection.rb', line 35

def proto
  @proto
end

#sportObject

source port


35
# File 'lib/suricata/connection.rb', line 35

attr_accessor :proto, :src, :dst, :sport, :dport

#srcObject

source-ip


35
# File 'lib/suricata/connection.rb', line 35

attr_accessor :proto, :src, :dst, :sport, :dport

Instance Method Details

#parse(string) ⇒ Object

This function parses a connection-string into it's parts

Parameters:

  • string (String)

    string to parse

Raises:

  • (Exception)

    Parsing error


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/suricata/connection.rb', line 50

def parse(string)
	if string.nil?
		raise "Invalid argument"
	end

	string = string.chomp

	if string =~ /^\{(.+)\}\s+(.+)\:(\d{1,5})\s+\-\>\s+(.+)\:(\d{1,5})$/
		@proto = $1
		@src = $2
		@sport = $3.to_i
		@dst = $4
		@dport = $5.to_i
	else
		raise "Parsing error: >>#{string}<<"
	end
end

#to_sString

converts parsed values back to string

Returns:

  • (String)

    connection-string


70
71
72
# File 'lib/suricata/connection.rb', line 70

def to_s
	"{#{proto}} #{src}:#{sport} -> #{dst}:#{dport}"
end