Created
May 30, 2016 17:04
-
-
Save MaskRay/154035e567f163fc2e09d3d3a0077758 to your computer and use it in GitHub Desktop.
pcap2ap: exemplify inotifywait
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| set -e -u | |
| setopt nullglob | |
| program=$0 | |
| dshell_defcon=${0:a:h}/dshell-defcon | |
| pcap_suffix=.cap | |
| ap_suffix=.ap | |
| opt_recursive= | |
| usage() { | |
| cat <<e | |
| Usage: ${program##*/} dir... | |
| Transform .cap files into .ap files | |
| Options: | |
| -p max-procs Run up to max-procs dshell-decode at a time (currently by detecting python2 processes, inaccurate) | |
| e | |
| exit $1 | |
| } | |
| fatal() { | |
| echo ${@:2} | |
| exit $1 | |
| } | |
| log_generic() { | |
| fmt=$1 | |
| print -- "$(date +%T.%N) $fmt" "${@:2}" | |
| } | |
| log_error() { tput setaf 1; log_generic "$@"; tput sgr0 } | |
| log_action() { tput setaf 2; log_generic "$@"; tput sgr0 } | |
| log_status() { tput setaf 3; log_generic "$@"; tput sgr0 } | |
| log_event() { tput setaf 6; log_generic "$@"; tput sgr0 } | |
| declare -A modified | |
| add() { modified[$1]=1 } | |
| del() { unset "modified[$1]" } | |
| semaphore() { | |
| seq $parallel | |
| while read; do | |
| echo | |
| done | |
| } | |
| add_data() { | |
| local filepath=$1 | |
| log_status found $filepath | |
| ( | |
| read -p | |
| start=$(date +%s.%N) | |
| $dshell_defcon/dshell-decode -d stream2dump --stream2dump_outfiles=$filepath$ap_suffix $filepath >/dev/null | |
| stop=$(date +%s.%N) | |
| log_action created $ap_suffix for $filepath, size: $(stat -c %s $filepath), used $(bc -l<<<"scale=3;($stop-$start)/1") s | |
| print -p | |
| ) & | |
| } | |
| rm_data() { | |
| rm -fv $filepath$ap_suffix | |
| } | |
| parallel=$(nproc) | |
| while getopts hp:r opt; do | |
| case $opt; in | |
| h) usage 0;; | |
| p) parallel=$OPTARG;; | |
| r) opt_recursive=1;; | |
| \?) exit;; | |
| esac | |
| done | |
| shift $[OPTIND-1] | |
| echo +$@ | |
| if [[ -z ${1:-} ]]; then | |
| usage 1 | |
| fi | |
| for i in $@; do | |
| [[ -d $i ]] || fatal 1 is not a directory | |
| done | |
| coproc semaphore | |
| main() { | |
| log_status processing $@ | |
| for dir in $@; do | |
| for i in $dir/*$pcap_suffix; do | |
| [[ -e $i$ap_suffix && ! -z $i$ap_suffix ]] || add_data $i | |
| done | |
| done | |
| log_status start inotify | |
| inotifywait ${opt_recursive:+-r} -mqe CREATE,CLOSE_WRITE,DELETE,MODIFY,MOVE --format $'%e\t%w\t%f' $@ | while IFS=$'\t' read -r event dir filename; do | |
| local filepath=$dir/$filename | |
| if [[ $event =~ 'CREATE|MOVED_TO' ]]; then | |
| if [[ $event =~ CREATE ]]; then | |
| log_event CREATE $filepath | |
| else | |
| log_event MOVED_TO $filepath | |
| fi | |
| if [[ ! $event =~ ISDIR && $filename =~ "\\$pcap_suffix\$" ]]; then | |
| if filetype=$(stat -c %F $filepath); then | |
| if [[ $filetype =~ symbolic ]]; then | |
| add_data $filepath | |
| elif [[ $filetype =~ regular ]]; then | |
| add $filepath | |
| fi | |
| fi | |
| fi | |
| elif [[ $event =~ 'DELETE|MOVED_FROM' ]]; then | |
| if [[ $event =~ DELETE ]]; then | |
| log_event DELETE $filepath | |
| else | |
| log_event MOVED_FROM $filepath | |
| fi | |
| if [[ ! $event =~ ISDIR && $filename =~ "\\$pcap_suffix\$" ]]; then | |
| del $filepath | |
| rm_data $filepath | |
| fi | |
| elif [[ $event =~ MODIFY ]]; then | |
| log_event MODIFY $filepath | |
| if [[ $filename =~ "\\$pcap_suffix\$" ]]; then | |
| add $filepath | |
| fi | |
| elif [[ $event =~ CLOSE_WRITE ]]; then | |
| if [[ -n ${modified[$filepath]:+1} ]]; then | |
| log_event CLOSE_WRITE after MODIFY $filepath | |
| del $filepath | |
| add_data $filepath | |
| else | |
| log_event CLOSE_WRITE $filepath | |
| fi | |
| fi | |
| done | |
| } | |
| main $@ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment