def __init__(self, case, fd, inode):
File.__init__(self,case, fd, inode)
dbh = DB.DBO(self.case)
## Ensure we have an index on this column
dbh.check_index("connection","inode_id")
dbh.check_index("connection_details","inode_id")
## We use the inode column in the connection_details table to
## cache this so we only have to combine the streams once.
inode = inode.split("|")[-1]
self.inode_ids = [ int(x) for x in inode[1:].split("/")]
## Fill in some vital stats
dbh.execute("select inode.inode_id, reverse, src_ip, dest_ip, src_port, dest_port, ts_sec from `connection_details` join inode on inode.inode_id = connection_details.inode_id where inode.inode=%r limit 1", self.inode)
row=dbh.fetch()
if not row:
dbh.execute("select inode_id,reverse, src_ip, dest_ip, src_port, dest_port, ts_sec from `connection_details` where inode_id = %r", self.inode_ids[0])
row = dbh.fetch()
## This updates our properties from the db
if not row: return
self.__dict__.update(row)
## We allow the user to ask for a number of streams which will
## be combined at the same time. This allows us to create a
## VFS node for both forward and reverse streams, or even
## totally unrelated streams which happen at the same time.
self.look_for_cached()
self.read(0)
## This is a cache of packet lists that we keep so we do not
## have to hit the db all the time.
self.packet_list = None
def __init__(self, case, fd, inode):
File.__init__(self, case, fd, inode)
## Make sure our parent is cached:
self.fd.cache()
## Parse out inode - if we got the compressed length provided,
## we use that, otherwise we calculate it from the zipfile
## header
parts = inode.split('|')
ourpart = parts[-1][1:]
try:
offset, size = ourpart.split(":")
self.compressed_length = int(size)
offset = int(offset)
except:
offset = int(ourpart)
self.offset = offset
## Ensure that we can read the file header:
b = Zip.Buffer(fd=fd)[offset:]
self.header = Zip.ZipFileHeader(b)
## This is sometimes invalid and set to zero - should we query
## the db?
self.size = int(self.header['uncompr_size'])
if not self.compressed_length:
self.compressed_length = int(self.header['compr_size'])
self.type = int(self.header['compression_method'])
## Where does the data start?
self.init()
def __init__(self, case, fd, inode):
File.__init__(self, case, fd, inode)
# strategy: must determine basepath from parent, get our path
# from db and then return the file:
## Note this _must_ work because we can only ever be called on
## a mounted iosource - it is an error otherwise:
basepath = fd.io.directory
self.case = case
dbh = DB.DBO(case)
dbh.check_index("file", "inode")
dbh.execute("select path,name from file where inode=%r limit 1", (inode))
row = dbh.fetch()
path = row["path"]
mount_point = fd.io.mount_point
## Prune the path down to the mount point:
if path[: len(mount_point)] != mount_point:
raise RuntimeError(DB.expand("Something went wrong - %s should be mounted on %s", (path, mount_point)))
path = path[len(mount_point) :]
path = basepath + "/" + path + "/" + row["name"]
if not path.startswith(posixpath.normpath(config.UPLOADDIR)):
path = FlagFramework.sane_join(config.UPLOADDIR, path)
if os.path.isdir(path):
self.fd = StringIO.StringIO("")
else:
self.fd = open(path, "r")
s = os.stat(path)
self.size = s.st_size
def __init__(self, case, fd, inode):
self.urn = inode
fd = aff4.oracle.open(inode, 'r')
try:
if not fd: raise IOError("Unable to open %s" % inode)
finally:
aff4.oracle.cache_return(fd)
File.__init__(self, case, fd, inode)
def __init__(self, case, fd, inode):
File.__init__(self,case,fd,inode)
cache_key = "%s:%s" % (self.case, self.fd.inode)
try:
fs = SKCACHE.get(cache_key)
except KeyError:
fs = sk.skfs(self.fd)
SKCACHE.put(fs, key=cache_key)
inode = self.inode[self.inode.find('|K')+2:]
self.skfd = fs.open(inode=inode)
self.skfd.seek(0,2)
self.size = self.skfd.tell()
self.skfd.seek(0)
self.block_size = fs.block_size
def __init__(self, case, fd, inode):
""" This is a top level File driver for opening pcap files.
Note that pcap files are stored in their own filesystem. We expect the following initialisation:
@arg fd: is an io source for the pcap file
@arg inode: The inode of the pcap file in the pcap filesystem, currently ignored.
"""
File.__init__(self, case, fd, inode)
## Calculates the size of this file:
dbh = DB.DBO(self.case)
self.private_dbh = dbh.clone()
dbh.execute("select max(id) as max from pcap")
row=dbh.fetch()
if row['max']:
self.size = row['max']
else:
self.size = 0
self.private_dbh.execute("select id,offset,link_type,ts_sec,length from pcap where id>%r" % int(self.size))
self.iosource = fd
def __init__(self, case, fd, inode):
File.__init__(self, case, fd, inode)
## Tar file handling requires repeated access into the tar
## file. Caching our input fd really helps to speed things
## up...
fd.cache()
# strategy:
# inode is the index into the namelist of the tar file (i hope this is consistant!!)
# just read that file!
parts = inode.split('|')
try:
t = ZIPCACHE.get(self.fd.inode)
except (AttributeError, KeyError):
try:
t = tarfile.TarFile(name='/', fileobj=fd)
ZIPCACHE.put(t, key=self.fd.inode)
except tarfile.CompressionError,e:
raise IOError("Tar file: %s" % e)
def __init__(self, case, fd, inode):
File.__init__(self, case, fd, inode)
self.cache()
def __init__(self, case, fd, inode):
File.__init__(self, case, fd, inode)
self.gz = None
