Tags: corelight/pycommunityid
Tags
Support for IP-only flow tuples This adds support for additional, port-less IP protocols. These are based on flow triplets, consisting merely of src/dst IP address plus protocol number. (These are not supported by all Community ID implementations.) - communityid.PORT_PROTOS is an explicit list of the PROTO_* constants for which this implementation expects port numbers or equivalents (such as TCP or UDP). - The module now includes exceptions, defined in communityid.error and imported into the communityid namespace. - The communityid.FlowTuple initializer's sport and dport arguments now default to None to signify absence. When creating a tuple in this way, the protocol number must not be one of the ones in PORT_PROTOS, since the algorithm expects port numbers. A communityid.FlowTupleError exception alerts you when that is the case. - The new utility function communityid.FlowTuple.make_ip() is the short-tuple equivalent to make_tcp() etc that require full 5-tuples. - The communityid.FlowTuple initializer now checks the input much more broadly to capture inconsistent or unparseable input. - The communityid.FlowTuple class now comes with several static utility functions for testing properties of addresses and ports. - The testsuite is expanded to cover the above, and now also features test cases for the included utility scripts. The community-id command now outputs error messages to stderr, and supports --verbose. This bumps the module version to 1.2.