update output for spykhanat

da985311 · aleajactaest · 30f648d0 · da985311 · da985311 · da985311
Commit da985311 authored Dec 01, 2020 by aleajactaest
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 203 additions and 294 deletions

spykhanat.py spykhanat.py +28 -4

tools/DecodeDatabase.py tools/DecodeDatabase.py +91 -287

tools/Impulse.py tools/Impulse.py +84 -3

No files found.
--- a/spykhanat.py
+++ b/spykhanat.py
@@ -415,6 +415,7 @@ class SpyPcap():
        return actions, impulses

    def decode_client_message(self, msgin, clientid, dst, sequenceid, name, Parent, Source):
+        importantinfo = {}
        target = "%s_%s" % (Source, Parent[7:])
        CurrentReceivedNumber = msgin.readSint32('CurrentReceivedNumber')
        SystemMode = msgin.readBool('SystemMode')
@@ -489,7 +490,7 @@ class SpyPcap():
            else:
                logging.getLogger(LOGGER).info("[Client -> Server] System Mode:%s (%d) {CurrentReceivedNumber:%d, src:%s, dst:%s}" % (typeMessage, message, CurrentReceivedNumber, clientid,  dst))
        logging.getLogger(LOGGER).debug("[Client -> Server] msg:%s" % msgin.showAllData())
-        return actions, impulses,  databases
+        return actions, impulses,  databases,  importantinfo

    def decode_khanat_message(self, msgin, src, dst, sequenceid, clientname, Parent, Source):
        target = "%s_%s" % (Source, Parent[7:])
@@ -497,6 +498,7 @@ class SpyPcap():
        properties = []
        impulses = []
        databases = []
+        importantinfo = {}
        CurrentSendNumber = msgin.readSint32('CurrentSendNumber')
        logging.getLogger(LOGGER).debug("[Server -> Client] {CurrentSendNumber:%d, src:%s, dst:%s}" % (CurrentSendNumber, src,  dst))
        SystemMode = msgin.readBool('SystemMode')
@@ -691,7 +693,7 @@ class SpyPcap():
        #cActionFactory.unpack(msgin)
        logging.getLogger(LOGGER).debug("[Server -> Client] msg:%s" % msgin.showAllData())
        #logging.getLogger(LOGGER).info("impulses:%s" % str(impulses))
-        return actions, impulses, databases, properties
+        return actions, impulses, databases, properties,  importantinfo

    def read(self):
        logging.getLogger(LOGGER).info("Conversion => Start")
@@ -765,11 +767,11 @@ class SpyPcap():
                        if (self.khanat_host_service and self.khanat_host_service.match(src)) or ( not self.khanat_host_service and khanat_host == src):
                            _provenance = 'Server -> Client'
                            logging.getLogger(LOGGER).debug("[%s] (message received) [%s] %s" % (_provenance, datetime.fromtimestamp(pkt.timestamp).strftime("%Y/%m/%d %H:%M:%S"), msgin.showAllData()))
-                            actions_servers, impulses_servers, databases_servers, properties_servers = self.decode_khanat_message(msgin, src, dst, sequenceid, list_host[dst], Reference, list_host[src])
+                            actions_servers, impulses_servers, databases_servers, properties_servers, importantinfo = self.decode_khanat_message(msgin, src, dst, sequenceid, list_host[dst], Reference, list_host[src])
                        else:
                            _provenance = 'Client -> Server'
                            logging.getLogger(LOGGER).debug("[%s] (message received) [%s] %s" % (_provenance, datetime.fromtimestamp(pkt.timestamp).strftime("%Y/%m/%d %H:%M:%S"), msgin.showAllData()))
-                            actions_clients, impulses_clients, databases_clients = self.decode_client_message(msgin, src, dst, sequenceid, list_host[dst], Reference, list_host[src])
+                            actions_clients, impulses_clients, databases_clients, importantinfo = self.decode_client_message(msgin, src, dst, sequenceid, list_host[dst], Reference, list_host[src])
                        if not msgin.checkOnlyZeroAtEnd(): # msgin.needRead() > 7:
                            moredata = "message partially decoded"
                            fullconverted = False
@@ -777,6 +779,26 @@ class SpyPcap():
                            moredata = 'message decoded'
                        if self.show_message_decoded:
                            logging.getLogger(LOGGER).debug("[%s] (%s) %s" % (_provenance, moredata, msgin.showAllData()))
+                        if importantinfo:
+                            havedata = True
+                        else:
+                            havedata = False
+                        if not havedata:
+                            for impulse_data in impulses_servers:
+                                if impulse_data.get_notice():
+                                    havedata = True
+                                    break
+                        if havedata:
+                            print(datetime.fromtimestamp(pkt.timestamp).strftime("%Y/%m/%d %H:%M:%S"),  _provenance,  "(", list_host[src], "=>", list_host[dst], ") [",  Reference,  "] ")
+                            if importantinfo:
+                                for key in importantinfo:
+                                    print(" " * 3, key, ":", importantinfo[key])
+                            if impulses_servers:
+                                for impulse_data in impulses_servers:
+                                    data = impulse_data.get_notice()
+                                    for key in data:
+                                        print(" " * 3, key, ":", data[key])
+
                        if self.outyaml:
                            self.outyaml.write("\n%s:\n    sequence: %d\n    time: %s\n    source: %s\n    destination: %s\n    function: %s\n    adress_source: %s\n    adress_destination: %s\n    state: %s\n    message:\n" % (
                                Reference,
@@ -852,9 +874,11 @@ class SpyPcap():
                                id = 0
                                #print("-"*30)
                                #print(impulses_servers)
+                                #print(impulses_servers)
                                for impulse_data in impulses_servers:
                                    #print("-"*80)
                                    #print(Impulse)
+                                    #print(impulse_data)
                                    params = impulse_data.get_parameter()
                                    self.outyaml.write("    %s:\n" % (impulse_data.get_name()))
                                    for key in params:

--- a/tools/DecodeDatabase.py
+++ b/tools/DecodeDatabase.py
--- a/tools/Impulse.py
+++ b/tools/Impulse.py