Python bindings ?
Harry Bock
hbock at ele.uri.edu
Tue May 18 13:34:47 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The biggest problem with parsing ra(xml) output is performance; it is
generally much slower to have ra parse the Argus binary format and then
have another process parse that output than to have the client program
be able to read the binary format directly. A proper API would be
highly beneficial to client authors.
In my experience with hacking together something on top of the Argus C
code base, would be very difficult for a tool like SWIG to generate
usable bindings that would transfer well to a language like Python.
Recently I had started on a re-implementation of the Argus client
library modeled after libpcap, with the goal of having a friendlier API
and be more suitable for shared object support, but I haven't gotten
very far due to school and work. If there is significant interest in
this, I could start hacking on it again if there is community support.
A powerful, simple Argus API would be of enormous benefit to application
developers.
If anyone is interested in the library I started, check it out here:
http://git.spanning-tree.org/index.cgi/libfcap/
It's not in any usable state at all, but the building blocks are there.
If the bindings were to mature, they would likely be a better candidate
for automatically generated FFI bindings for, say, Python or Ruby or
other languages with a C interface.
Harry
On 05/17/2010 08:44 AM, Phillip Deneault wrote:
> I've had good luck with elementtree, but the XML format Argus uses
> doesn't really require anything fancy. The built-in minidom stuff might
> work just fine for you.
>
> As to what python brings to the party... basically nothing over what any
> other library brings to the party. It simplifies custom client creation
> if there is a handy library available. I for one would welcome a direct
> python library to read in flows from radium/ra or binary files as it
> would eliminate lots of extra piping and clockwork mechanisms I use in
> my python glue programs, or converting to XML which requires a lot more
> overhead than the binary format directly.
>
> I've been playing with this idea myself, but not knowing C very well, it
> was a long uphill climb. In my research, I looked at a tool called
> SWIG, which might facilitate building these various libraries based on
> the official C code. SWIG can also handle documentation generation.
> http://www.swig.org/. Maybe that's something someone with more C
> knowledge could use.
>
> Thanks,
> Phil
>
> On 5/14/2010 12:51 PM, George Jones wrote:
>> On Fri, 2010-05-14 at 09:21 -0700, John Gerth wrote:
>>> ra can output XML and there are beaucoup python parsers for that.
>>
>> Doh. Should of thought of that.
>>
>> Suggestions for parsers ? (being new-ish to python, and XML)
>>
>> Thanks,
>> ---George Jones
>>
>>>
>>> On 5/14/2010 8:44 AM, George Jones wrote:
>>>> On Fri, 2010-05-14 at 11:36 -0400, Carter Bullard wrote:
>>>>> Hey George,
>>>>> I don't do any python, but it couldn't be hard.
>>>>> Are there guides for doing this type of thing?
>>>>
>>>> google python class
>>>>
>>>> PySiLK is the one thing I'm really missing from SiLK. I think I can
>>>> roll a parser pretty quickly for reading ra output and shoving it into
>>>> classes.
>>>>
>>>> ---George
>>>>
>>>>> Carter
>>>>>
>>>>> On May 14, 2010, at 10:32 AM, George Jones wrote:
>>>>>
>>>>>> Has anyone created python bindings for argus? e.g. something that would
>>>>>> read ra ouput (or argus binary format) and parse into python class
>>>>>> structures ?
>>>>>>
>>>>>> Thanks,
>>>>>> ---George Jones
>>>>>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvyz7cACgkQDiEcLVRsw1N2ywCeIUbB0nmc/o44+566pzIoO96g
sZYAn1pL4NLVP0x/h8I6ozqOAgHNKbHC
=SeKu
-----END PGP SIGNATURE-----
More information about the argus
mailing list