From 33e60649e0482256cf97361eb34680885c2d5b83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B1=AA=E5=89=8D?= <1104239712@qq.com> Date: Sun, 9 Feb 2025 15:52:02 +0800 Subject: [PATCH] reatimemonitor --- caputre/ADFA-LD+Syscall+List.txt | 886 ++++++++++++++++++ .../__pycache__/capturetask.cpython-311.pyc | Bin 0 -> 20079 bytes .../__pycache__/demoscapture.cpython-311.pyc | Bin 0 -> 8305 bytes .../__pycache__/messagejobs.cpython-311.pyc | Bin 0 -> 5219 bytes caputre/__pycache__/safemap.cpython-311.pyc | Bin 0 -> 7835 bytes caputre/capturetask.py | 375 ++++++++ caputre/demoscapture.py | 162 ++++ caputre/ebpfdemos.py | 224 +++++ caputre/jobentrance.py | 4 + caputre/messagejobs.py | 92 ++ caputre/safemap.py | 201 ++++ 11 files changed, 1944 insertions(+) create mode 100644 caputre/ADFA-LD+Syscall+List.txt create mode 100644 caputre/__pycache__/capturetask.cpython-311.pyc create mode 100644 caputre/__pycache__/demoscapture.cpython-311.pyc create mode 100644 caputre/__pycache__/messagejobs.cpython-311.pyc create mode 100644 caputre/__pycache__/safemap.cpython-311.pyc create mode 100644 caputre/capturetask.py create mode 100644 caputre/demoscapture.py create mode 100644 caputre/ebpfdemos.py create mode 100644 caputre/jobentrance.py create mode 100644 caputre/messagejobs.py create mode 100644 caputre/safemap.py diff --git a/caputre/ADFA-LD+Syscall+List.txt b/caputre/ADFA-LD+Syscall+List.txt new file mode 100644 index 0000000..b969770 --- /dev/null +++ b/caputre/ADFA-LD+Syscall+List.txt @@ -0,0 +1,886 @@ +#if !defined(_ASM_GENERIC_UNISTD_H) || defined(__SYSCALL) +#define _ASM_GENERIC_UNISTD_H + +#include <asm/bitsperlong.h> + +/* + * This file contains the system call numbers, based on the + * layout of the x86-64 architecture, which embeds the + * pointer to the syscall in the table. + * + * As a basic principle, no duplication of functionality + * should be added, e.g. we don't use lseek when llseek + * is present. New architectures should use this file + * and implement the less feature-full calls in user space. + */ + +#ifndef __SYSCALL +#define __SYSCALL(x, y) +#endif + +#if __BITS_PER_LONG == 32 || defined(__SYSCALL_COMPAT) +#define __SC_3264(_nr, _32, _64) __SYSCALL(_nr, _32) +#else +#define __SC_3264(_nr, _32, _64) __SYSCALL(_nr, _64) +#endif + +#define __NR_io_setup 0 +__SYSCALL(__NR_io_setup, sys_io_setup) +#define __NR_io_destroy 1 +__SYSCALL(__NR_io_destroy, sys_io_destroy) +#define __NR_io_submit 2 +__SYSCALL(__NR_io_submit, sys_io_submit) +#define __NR_io_cancel 3 +__SYSCALL(__NR_io_cancel, sys_io_cancel) +#define __NR_io_getevents 4 +__SYSCALL(__NR_io_getevents, sys_io_getevents) + +/* fs/xattr.c */ +#define __NR_setxattr 5 +__SYSCALL(__NR_setxattr, sys_setxattr) +#define __NR_lsetxattr 6 +__SYSCALL(__NR_lsetxattr, sys_lsetxattr) +#define __NR_fsetxattr 7 +__SYSCALL(__NR_fsetxattr, sys_fsetxattr) +#define __NR_getxattr 8 +__SYSCALL(__NR_getxattr, sys_getxattr) +#define __NR_lgetxattr 9 +__SYSCALL(__NR_lgetxattr, sys_lgetxattr) +#define __NR_fgetxattr 10 +__SYSCALL(__NR_fgetxattr, sys_fgetxattr) +#define __NR_listxattr 11 +__SYSCALL(__NR_listxattr, sys_listxattr) +#define __NR_llistxattr 12 +__SYSCALL(__NR_llistxattr, sys_llistxattr) +#define __NR_flistxattr 13 +__SYSCALL(__NR_flistxattr, sys_flistxattr) +#define __NR_removexattr 14 +__SYSCALL(__NR_removexattr, sys_removexattr) +#define __NR_lremovexattr 15 +__SYSCALL(__NR_lremovexattr, sys_lremovexattr) +#define __NR_fremovexattr 16 +__SYSCALL(__NR_fremovexattr, sys_fremovexattr) + +/* fs/dcache.c */ +#define __NR_getcwd 17 +__SYSCALL(__NR_getcwd, sys_getcwd) + +/* fs/cookies.c */ +#define __NR_lookup_dcookie 18 +__SYSCALL(__NR_lookup_dcookie, sys_lookup_dcookie) + +/* fs/eventfd.c */ +#define __NR_eventfd2 19 +__SYSCALL(__NR_eventfd2, sys_eventfd2) + +/* fs/eventpoll.c */ +#define __NR_epoll_create1 20 +__SYSCALL(__NR_epoll_create1, sys_epoll_create1) +#define __NR_epoll_ctl 21 +__SYSCALL(__NR_epoll_ctl, sys_epoll_ctl) +#define __NR_epoll_pwait 22 +__SYSCALL(__NR_epoll_pwait, sys_epoll_pwait) + +/* fs/fcntl.c */ +#define __NR_dup 23 +__SYSCALL(__NR_dup, sys_dup) +#define __NR_dup3 24 +__SYSCALL(__NR_dup3, sys_dup3) +#define __NR3264_fcntl 25 +__SC_3264(__NR3264_fcntl, sys_fcntl64, sys_fcntl) + +/* fs/inotify_user.c */ +#define __NR_inotify_init1 26 +__SYSCALL(__NR_inotify_init1, sys_inotify_init1) +#define __NR_inotify_add_watch 27 +__SYSCALL(__NR_inotify_add_watch, sys_inotify_add_watch) +#define __NR_inotify_rm_watch 28 +__SYSCALL(__NR_inotify_rm_watch, sys_inotify_rm_watch) + +/* fs/ioctl.c */ +#define __NR_ioctl 29 +__SYSCALL(__NR_ioctl, sys_ioctl) + +/* fs/ioprio.c */ +#define __NR_ioprio_set 30 +__SYSCALL(__NR_ioprio_set, sys_ioprio_set) +#define __NR_ioprio_get 31 +__SYSCALL(__NR_ioprio_get, sys_ioprio_get) + +/* fs/locks.c */ +#define __NR_flock 32 +__SYSCALL(__NR_flock, sys_flock) + +/* fs/namei.c */ +#define __NR_mknodat 33 +__SYSCALL(__NR_mknodat, sys_mknodat) +#define __NR_mkdirat 34 +__SYSCALL(__NR_mkdirat, sys_mkdirat) +#define __NR_unlinkat 35 +__SYSCALL(__NR_unlinkat, sys_unlinkat) +#define __NR_symlinkat 36 +__SYSCALL(__NR_symlinkat, sys_symlinkat) +#define __NR_linkat 37 +__SYSCALL(__NR_linkat, sys_linkat) +#define __NR_renameat 38 +__SYSCALL(__NR_renameat, sys_renameat) + +/* fs/namespace.c */ +#define __NR_umount2 39 +__SYSCALL(__NR_umount2, sys_umount) +#define __NR_mount 40 +__SYSCALL(__NR_mount, sys_mount) +#define __NR_pivot_root 41 +__SYSCALL(__NR_pivot_root, sys_pivot_root) + +/* fs/nfsctl.c */ +#define __NR_nfsservctl 42 +__SYSCALL(__NR_nfsservctl, sys_nfsservctl) + +/* fs/open.c */ +#define __NR3264_statfs 43 +__SC_3264(__NR3264_statfs, sys_statfs64, sys_statfs) +#define __NR3264_fstatfs 44 +__SC_3264(__NR3264_fstatfs, sys_fstatfs64, sys_fstatfs) +#define __NR3264_truncate 45 +__SC_3264(__NR3264_truncate, sys_truncate64, sys_truncate) +#define __NR3264_ftruncate 46 +__SC_3264(__NR3264_ftruncate, sys_ftruncate64, sys_ftruncate) + +#define __NR_fallocate 47 +__SYSCALL(__NR_fallocate, sys_fallocate) +#define __NR_faccessat 48 +__SYSCALL(__NR_faccessat, sys_faccessat) +#define __NR_chdir 49 +__SYSCALL(__NR_chdir, sys_chdir) +#define __NR_fchdir 50 +__SYSCALL(__NR_fchdir, sys_fchdir) +#define __NR_chroot 51 +__SYSCALL(__NR_chroot, sys_chroot) +#define __NR_fchmod 52 +__SYSCALL(__NR_fchmod, sys_fchmod) +#define __NR_fchmodat 53 +__SYSCALL(__NR_fchmodat, sys_fchmodat) +#define __NR_fchownat 54 +__SYSCALL(__NR_fchownat, sys_fchownat) +#define __NR_fchown 55 +__SYSCALL(__NR_fchown, sys_fchown) +#define __NR_openat 56 +__SYSCALL(__NR_openat, sys_openat) +#define __NR_close 57 +__SYSCALL(__NR_close, sys_close) +#define __NR_vhangup 58 +__SYSCALL(__NR_vhangup, sys_vhangup) + +/* fs/pipe.c */ +#define __NR_pipe2 59 +__SYSCALL(__NR_pipe2, sys_pipe2) + +/* fs/quota.c */ +#define __NR_quotactl 60 +__SYSCALL(__NR_quotactl, sys_quotactl) + +/* fs/readdir.c */ +#define __NR_getdents64 61 +__SYSCALL(__NR_getdents64, sys_getdents64) + +/* fs/read_write.c */ +#define __NR3264_lseek 62 +__SC_3264(__NR3264_lseek, sys_llseek, sys_lseek) +#define __NR_read 63 +__SYSCALL(__NR_read, sys_read) +#define __NR_write 64 +__SYSCALL(__NR_write, sys_write) +#define __NR_readv 65 +__SYSCALL(__NR_readv, sys_readv) +#define __NR_writev 66 +__SYSCALL(__NR_writev, sys_writev) +#define __NR_pread64 67 +__SYSCALL(__NR_pread64, sys_pread64) +#define __NR_pwrite64 68 +__SYSCALL(__NR_pwrite64, sys_pwrite64) +#define __NR_preadv 69 +__SYSCALL(__NR_preadv, sys_preadv) +#define __NR_pwritev 70 +__SYSCALL(__NR_pwritev, sys_pwritev) + +/* fs/sendfile.c */ +#define __NR3264_sendfile 71 +__SC_3264(__NR3264_sendfile, sys_sendfile64, sys_sendfile) + +/* fs/select.c */ +#define __NR_pselect6 72 +__SYSCALL(__NR_pselect6, sys_pselect6) +#define __NR_ppoll 73 +__SYSCALL(__NR_ppoll, sys_ppoll) + +/* fs/signalfd.c */ +#define __NR_signalfd4 74 +__SYSCALL(__NR_signalfd4, sys_signalfd4) + +/* fs/splice.c */ +#define __NR_vmsplice 75 +__SYSCALL(__NR_vmsplice, sys_vmsplice) +#define __NR_splice 76 +__SYSCALL(__NR_splice, sys_splice) +#define __NR_tee 77 +__SYSCALL(__NR_tee, sys_tee) + +/* fs/stat.c */ +#define __NR_readlinkat 78 +__SYSCALL(__NR_readlinkat, sys_readlinkat) +#define __NR3264_fstatat 79 +__SC_3264(__NR3264_fstatat, sys_fstatat64, sys_newfstatat) +#define __NR3264_fstat 80 +__SC_3264(__NR3264_fstat, sys_fstat64, sys_newfstat) + +/* fs/sync.c */ +#define __NR_sync 81 +__SYSCALL(__NR_sync, sys_sync) +#define __NR_fsync 82 +__SYSCALL(__NR_fsync, sys_fsync) +#define __NR_fdatasync 83 +__SYSCALL(__NR_fdatasync, sys_fdatasync) +#ifdef __ARCH_WANT_SYNC_FILE_RANGE2 +#define __NR_sync_file_range2 84 +__SYSCALL(__NR_sync_file_range2, sys_sync_file_range2) +#else +#define __NR_sync_file_range 84 +__SYSCALL(__NR_sync_file_range, sys_sync_file_range) +#endif + +/* fs/timerfd.c */ +#define __NR_timerfd_create 85 +__SYSCALL(__NR_timerfd_create, sys_timerfd_create) +#define __NR_timerfd_settime 86 +__SYSCALL(__NR_timerfd_settime, sys_timerfd_settime) +#define __NR_timerfd_gettime 87 +__SYSCALL(__NR_timerfd_gettime, sys_timerfd_gettime) + +/* fs/utimes.c */ +#define __NR_utimensat 88 +__SYSCALL(__NR_utimensat, sys_utimensat) + +/* kernel/acct.c */ +#define __NR_acct 89 +__SYSCALL(__NR_acct, sys_acct) + +/* kernel/capability.c */ +#define __NR_capget 90 +__SYSCALL(__NR_capget, sys_capget) +#define __NR_capset 91 +__SYSCALL(__NR_capset, sys_capset) + +/* kernel/exec_domain.c */ +#define __NR_personality 92 +__SYSCALL(__NR_personality, sys_personality) + +/* kernel/exit.c */ +#define __NR_exit 93 +__SYSCALL(__NR_exit, sys_exit) +#define __NR_exit_group 94 +__SYSCALL(__NR_exit_group, sys_exit_group) +#define __NR_waitid 95 +__SYSCALL(__NR_waitid, sys_waitid) + +/* kernel/fork.c */ +#define __NR_set_tid_address 96 +__SYSCALL(__NR_set_tid_address, sys_set_tid_address) +#define __NR_unshare 97 +__SYSCALL(__NR_unshare, sys_unshare) + +/* kernel/futex.c */ +#define __NR_futex 98 +__SYSCALL(__NR_futex, sys_futex) +#define __NR_set_robust_list 99 +__SYSCALL(__NR_set_robust_list, sys_set_robust_list) +#define __NR_get_robust_list 100 +__SYSCALL(__NR_get_robust_list, sys_get_robust_list) + +/* kernel/hrtimer.c */ +#define __NR_nanosleep 101 +__SYSCALL(__NR_nanosleep, sys_nanosleep) + +/* kernel/itimer.c */ +#define __NR_getitimer 102 +__SYSCALL(__NR_getitimer, sys_getitimer) +#define __NR_setitimer 103 +__SYSCALL(__NR_setitimer, sys_setitimer) + +/* kernel/kexec.c */ +#define __NR_kexec_load 104 +__SYSCALL(__NR_kexec_load, sys_kexec_load) + +/* kernel/module.c */ +#define __NR_init_module 105 +__SYSCALL(__NR_init_module, sys_init_module) +#define __NR_delete_module 106 +__SYSCALL(__NR_delete_module, sys_delete_module) + +/* kernel/posix-timers.c */ +#define __NR_timer_create 107 +__SYSCALL(__NR_timer_create, sys_timer_create) +#define __NR_timer_gettime 108 +__SYSCALL(__NR_timer_gettime, sys_timer_gettime) +#define __NR_timer_getoverrun 109 +__SYSCALL(__NR_timer_getoverrun, sys_timer_getoverrun) +#define __NR_timer_settime 110 +__SYSCALL(__NR_timer_settime, sys_timer_settime) +#define __NR_timer_delete 111 +__SYSCALL(__NR_timer_delete, sys_timer_delete) +#define __NR_clock_settime 112 +__SYSCALL(__NR_clock_settime, sys_clock_settime) +#define __NR_clock_gettime 113 +__SYSCALL(__NR_clock_gettime, sys_clock_gettime) +#define __NR_clock_getres 114 +__SYSCALL(__NR_clock_getres, sys_clock_getres) +#define __NR_clock_nanosleep 115 +__SYSCALL(__NR_clock_nanosleep, sys_clock_nanosleep) + +/* kernel/printk.c */ +#define __NR_syslog 116 +__SYSCALL(__NR_syslog, sys_syslog) + +/* kernel/ptrace.c */ +#define __NR_ptrace 117 +__SYSCALL(__NR_ptrace, sys_ptrace) + +/* kernel/sched.c */ +#define __NR_sched_setparam 118 +__SYSCALL(__NR_sched_setparam, sys_sched_setparam) +#define __NR_sched_setscheduler 119 +__SYSCALL(__NR_sched_setscheduler, sys_sched_setscheduler) +#define __NR_sched_getscheduler 120 +__SYSCALL(__NR_sched_getscheduler, sys_sched_getscheduler) +#define __NR_sched_getparam 121 +__SYSCALL(__NR_sched_getparam, sys_sched_getparam) +#define __NR_sched_setaffinity 122 +__SYSCALL(__NR_sched_setaffinity, sys_sched_setaffinity) +#define __NR_sched_getaffinity 123 +__SYSCALL(__NR_sched_getaffinity, sys_sched_getaffinity) +#define __NR_sched_yield 124 +__SYSCALL(__NR_sched_yield, sys_sched_yield) +#define __NR_sched_get_priority_max 125 +__SYSCALL(__NR_sched_get_priority_max, sys_sched_get_priority_max) +#define __NR_sched_get_priority_min 126 +__SYSCALL(__NR_sched_get_priority_min, sys_sched_get_priority_min) +#define __NR_sched_rr_get_interval 127 +__SYSCALL(__NR_sched_rr_get_interval, sys_sched_rr_get_interval) + +/* kernel/signal.c */ +#define __NR_restart_syscall 128 +__SYSCALL(__NR_restart_syscall, sys_restart_syscall) +#define __NR_kill 129 +__SYSCALL(__NR_kill, sys_kill) +#define __NR_tkill 130 +__SYSCALL(__NR_tkill, sys_tkill) +#define __NR_tgkill 131 +__SYSCALL(__NR_tgkill, sys_tgkill) +#define __NR_sigaltstack 132 +__SYSCALL(__NR_sigaltstack, sys_sigaltstack) +#define __NR_rt_sigsuspend 133 +__SYSCALL(__NR_rt_sigsuspend, sys_rt_sigsuspend) /* __ARCH_WANT_SYS_RT_SIGSUSPEND */ +#define __NR_rt_sigaction 134 +__SYSCALL(__NR_rt_sigaction, sys_rt_sigaction) /* __ARCH_WANT_SYS_RT_SIGACTION */ +#define __NR_rt_sigprocmask 135 +__SYSCALL(__NR_rt_sigprocmask, sys_rt_sigprocmask) +#define __NR_rt_sigpending 136 +__SYSCALL(__NR_rt_sigpending, sys_rt_sigpending) +#define __NR_rt_sigtimedwait 137 +__SYSCALL(__NR_rt_sigtimedwait, sys_rt_sigtimedwait) +#define __NR_rt_sigqueueinfo 138 +__SYSCALL(__NR_rt_sigqueueinfo, sys_rt_sigqueueinfo) +#define __NR_rt_sigreturn 139 +__SYSCALL(__NR_rt_sigreturn, sys_rt_sigreturn) /* sys_rt_sigreturn_wrapper, */ + +/* kernel/sys.c */ +#define __NR_setpriority 140 +__SYSCALL(__NR_setpriority, sys_setpriority) +#define __NR_getpriority 141 +__SYSCALL(__NR_getpriority, sys_getpriority) +#define __NR_reboot 142 +__SYSCALL(__NR_reboot, sys_reboot) +#define __NR_setregid 143 +__SYSCALL(__NR_setregid, sys_setregid) +#define __NR_setgid 144 +__SYSCALL(__NR_setgid, sys_setgid) +#define __NR_setreuid 145 +__SYSCALL(__NR_setreuid, sys_setreuid) +#define __NR_setuid 146 +__SYSCALL(__NR_setuid, sys_setuid) +#define __NR_setresuid 147 +__SYSCALL(__NR_setresuid, sys_setresuid) +#define __NR_getresuid 148 +__SYSCALL(__NR_getresuid, sys_getresuid) +#define __NR_setresgid 149 +__SYSCALL(__NR_setresgid, sys_setresgid) +#define __NR_getresgid 150 +__SYSCALL(__NR_getresgid, sys_getresgid) +#define __NR_setfsuid 151 +__SYSCALL(__NR_setfsuid, sys_setfsuid) +#define __NR_setfsgid 152 +__SYSCALL(__NR_setfsgid, sys_setfsgid) +#define __NR_times 153 +__SYSCALL(__NR_times, sys_times) +#define __NR_setpgid 154 +__SYSCALL(__NR_setpgid, sys_setpgid) +#define __NR_getpgid 155 +__SYSCALL(__NR_getpgid, sys_getpgid) +#define __NR_getsid 156 +__SYSCALL(__NR_getsid, sys_getsid) +#define __NR_setsid 157 +__SYSCALL(__NR_setsid, sys_setsid) +#define __NR_getgroups 158 +__SYSCALL(__NR_getgroups, sys_getgroups) +#define __NR_setgroups 159 +__SYSCALL(__NR_setgroups, sys_setgroups) +#define __NR_uname 160 +__SYSCALL(__NR_uname, sys_newuname) +#define __NR_sethostname 161 +__SYSCALL(__NR_sethostname, sys_sethostname) +#define __NR_setdomainname 162 +__SYSCALL(__NR_setdomainname, sys_setdomainname) +#define __NR_getrlimit 163 +__SYSCALL(__NR_getrlimit, sys_getrlimit) +#define __NR_setrlimit 164 +__SYSCALL(__NR_setrlimit, sys_setrlimit) +#define __NR_getrusage 165 +__SYSCALL(__NR_getrusage, sys_getrusage) +#define __NR_umask 166 +__SYSCALL(__NR_umask, sys_umask) +#define __NR_prctl 167 +__SYSCALL(__NR_prctl, sys_prctl) +#define __NR_getcpu 168 +__SYSCALL(__NR_getcpu, sys_getcpu) + +/* kernel/time.c */ +#define __NR_gettimeofday 169 +__SYSCALL(__NR_gettimeofday, sys_gettimeofday) +#define __NR_settimeofday 170 +__SYSCALL(__NR_settimeofday, sys_settimeofday) +#define __NR_adjtimex 171 +__SYSCALL(__NR_adjtimex, sys_adjtimex) + +/* kernel/timer.c */ +#define __NR_getpid 172 +__SYSCALL(__NR_getpid, sys_getpid) +#define __NR_getppid 173 +__SYSCALL(__NR_getppid, sys_getppid) +#define __NR_getuid 174 +__SYSCALL(__NR_getuid, sys_getuid) +#define __NR_geteuid 175 +__SYSCALL(__NR_geteuid, sys_geteuid) +#define __NR_getgid 176 +__SYSCALL(__NR_getgid, sys_getgid) +#define __NR_getegid 177 +__SYSCALL(__NR_getegid, sys_getegid) +#define __NR_gettid 178 +__SYSCALL(__NR_gettid, sys_gettid) +#define __NR_sysinfo 179 +__SYSCALL(__NR_sysinfo, sys_sysinfo) + +/* ipc/mqueue.c */ +#define __NR_mq_open 180 +__SYSCALL(__NR_mq_open, sys_mq_open) +#define __NR_mq_unlink 181 +__SYSCALL(__NR_mq_unlink, sys_mq_unlink) +#define __NR_mq_timedsend 182 +__SYSCALL(__NR_mq_timedsend, sys_mq_timedsend) +#define __NR_mq_timedreceive 183 +__SYSCALL(__NR_mq_timedreceive, sys_mq_timedreceive) +#define __NR_mq_notify 184 +__SYSCALL(__NR_mq_notify, sys_mq_notify) +#define __NR_mq_getsetattr 185 +__SYSCALL(__NR_mq_getsetattr, sys_mq_getsetattr) + +/* ipc/msg.c */ +#define __NR_msgget 186 +__SYSCALL(__NR_msgget, sys_msgget) +#define __NR_msgctl 187 +__SYSCALL(__NR_msgctl, sys_msgctl) +#define __NR_msgrcv 188 +__SYSCALL(__NR_msgrcv, sys_msgrcv) +#define __NR_msgsnd 189 +__SYSCALL(__NR_msgsnd, sys_msgsnd) + +/* ipc/sem.c */ +#define __NR_semget 190 +__SYSCALL(__NR_semget, sys_semget) +#define __NR_semctl 191 +__SYSCALL(__NR_semctl, sys_semctl) +#define __NR_semtimedop 192 +__SYSCALL(__NR_semtimedop, sys_semtimedop) +#define __NR_semop 193 +__SYSCALL(__NR_semop, sys_semop) + +/* ipc/shm.c */ +#define __NR_shmget 194 +__SYSCALL(__NR_shmget, sys_shmget) +#define __NR_shmctl 195 +__SYSCALL(__NR_shmctl, sys_shmctl) +#define __NR_shmat 196 +__SYSCALL(__NR_shmat, sys_shmat) +#define __NR_shmdt 197 +__SYSCALL(__NR_shmdt, sys_shmdt) + +/* net/socket.c */ +#define __NR_socket 198 +__SYSCALL(__NR_socket, sys_socket) +#define __NR_socketpair 199 +__SYSCALL(__NR_socketpair, sys_socketpair) +#define __NR_bind 200 +__SYSCALL(__NR_bind, sys_bind) +#define __NR_listen 201 +__SYSCALL(__NR_listen, sys_listen) +#define __NR_accept 202 +__SYSCALL(__NR_accept, sys_accept) +#define __NR_connect 203 +__SYSCALL(__NR_connect, sys_connect) +#define __NR_getsockname 204 +__SYSCALL(__NR_getsockname, sys_getsockname) +#define __NR_getpeername 205 +__SYSCALL(__NR_getpeername, sys_getpeername) +#define __NR_sendto 206 +__SYSCALL(__NR_sendto, sys_sendto) +#define __NR_recvfrom 207 +__SYSCALL(__NR_recvfrom, sys_recvfrom) +#define __NR_setsockopt 208 +__SYSCALL(__NR_setsockopt, sys_setsockopt) +#define __NR_getsockopt 209 +__SYSCALL(__NR_getsockopt, sys_getsockopt) +#define __NR_shutdown 210 +__SYSCALL(__NR_shutdown, sys_shutdown) +#define __NR_sendmsg 211 +__SYSCALL(__NR_sendmsg, sys_sendmsg) +#define __NR_recvmsg 212 +__SYSCALL(__NR_recvmsg, sys_recvmsg) + +/* mm/filemap.c */ +#define __NR_readahead 213 +__SYSCALL(__NR_readahead, sys_readahead) + +/* mm/nommu.c, also with MMU */ +#define __NR_brk 214 +__SYSCALL(__NR_brk, sys_brk) +#define __NR_munmap 215 +__SYSCALL(__NR_munmap, sys_munmap) +#define __NR_mremap 216 +__SYSCALL(__NR_mremap, sys_mremap) + +/* security/keys/keyctl.c */ +#define __NR_add_key 217 +__SYSCALL(__NR_add_key, sys_add_key) +#define __NR_request_key 218 +__SYSCALL(__NR_request_key, sys_request_key) +#define __NR_keyctl 219 +__SYSCALL(__NR_keyctl, sys_keyctl) + +/* arch/example/kernel/sys_example.c */ +#define __NR_clone 220 +__SYSCALL(__NR_clone, sys_clone) /* .long sys_clone_wrapper */ +#define __NR_execve 221 +__SYSCALL(__NR_execve, sys_execve) /* .long sys_execve_wrapper */ + +#define __NR3264_mmap 222 +__SC_3264(__NR3264_mmap, sys_mmap2, sys_mmap) +/* mm/fadvise.c */ +#define __NR3264_fadvise64 223 +__SYSCALL(__NR3264_fadvise64, sys_fadvise64_64) + +/* mm/, CONFIG_MMU only */ +#ifndef __ARCH_NOMMU +#define __NR_swapon 224 +__SYSCALL(__NR_swapon, sys_swapon) +#define __NR_swapoff 225 +__SYSCALL(__NR_swapoff, sys_swapoff) +#define __NR_mprotect 226 +__SYSCALL(__NR_mprotect, sys_mprotect) +#define __NR_msync 227 +__SYSCALL(__NR_msync, sys_msync) +#define __NR_mlock 228 +__SYSCALL(__NR_mlock, sys_mlock) +#define __NR_munlock 229 +__SYSCALL(__NR_munlock, sys_munlock) +#define __NR_mlockall 230 +__SYSCALL(__NR_mlockall, sys_mlockall) +#define __NR_munlockall 231 +__SYSCALL(__NR_munlockall, sys_munlockall) +#define __NR_mincore 232 +__SYSCALL(__NR_mincore, sys_mincore) +#define __NR_madvise 233 +__SYSCALL(__NR_madvise, sys_madvise) +#define __NR_remap_file_pages 234 +__SYSCALL(__NR_remap_file_pages, sys_remap_file_pages) +#define __NR_mbind 235 +__SYSCALL(__NR_mbind, sys_mbind) +#define __NR_get_mempolicy 236 +__SYSCALL(__NR_get_mempolicy, sys_get_mempolicy) +#define __NR_set_mempolicy 237 +__SYSCALL(__NR_set_mempolicy, sys_set_mempolicy) +#define __NR_migrate_pages 238 +__SYSCALL(__NR_migrate_pages, sys_migrate_pages) +#define __NR_move_pages 239 +__SYSCALL(__NR_move_pages, sys_move_pages) +#endif + +#define __NR_rt_tgsigqueueinfo 240 +__SYSCALL(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo) +#define __NR_perf_event_open 241 +__SYSCALL(__NR_perf_event_open, sys_perf_event_open) +#define __NR_accept4 242 +__SYSCALL(__NR_accept4, sys_accept4) +#define __NR_recvmmsg 243 +__SYSCALL(__NR_recvmmsg, sys_recvmmsg) + +/* + * Architectures may provide up to 16 syscalls of their own + * starting with this value. + */ +#define __NR_arch_specific_syscall 244 + +#define __NR_wait4 260 +__SYSCALL(__NR_wait4, sys_wait4) +#define __NR_prlimit64 261 +__SYSCALL(__NR_prlimit64, sys_prlimit64) +#define __NR_fanotify_init 262 +__SYSCALL(__NR_fanotify_init, sys_fanotify_init) +#define __NR_fanotify_mark 263 +__SYSCALL(__NR_fanotify_mark, sys_fanotify_mark) + +#undef __NR_syscalls +#define __NR_syscalls 264 + +/* + * All syscalls below here should go away really, + * these are provided for both review and as a porting + * help for the C library version. +* + * Last chance: are any of these important enough to + * enable by default? + */ +#ifdef __ARCH_WANT_SYSCALL_NO_AT +#define __NR_open 1024 +__SYSCALL(__NR_open, sys_open) +#define __NR_link 1025 +__SYSCALL(__NR_link, sys_link) +#define __NR_unlink 1026 +__SYSCALL(__NR_unlink, sys_unlink) +#define __NR_mknod 1027 +__SYSCALL(__NR_mknod, sys_mknod) +#define __NR_chmod 1028 +__SYSCALL(__NR_chmod, sys_chmod) +#define __NR_chown 1029 +__SYSCALL(__NR_chown, sys_chown) +#define __NR_mkdir 1030 +__SYSCALL(__NR_mkdir, sys_mkdir) +#define __NR_rmdir 1031 +__SYSCALL(__NR_rmdir, sys_rmdir) +#define __NR_lchown 1032 +__SYSCALL(__NR_lchown, sys_lchown) +#define __NR_access 1033 +__SYSCALL(__NR_access, sys_access) +#define __NR_rename 1034 +__SYSCALL(__NR_rename, sys_rename) +#define __NR_readlink 1035 +__SYSCALL(__NR_readlink, sys_readlink) +#define __NR_symlink 1036 +__SYSCALL(__NR_symlink, sys_symlink) +#define __NR_utimes 1037 +__SYSCALL(__NR_utimes, sys_utimes) +#define __NR3264_stat 1038 +__SC_3264(__NR3264_stat, sys_stat64, sys_newstat) +#define __NR3264_lstat 1039 +__SC_3264(__NR3264_lstat, sys_lstat64, sys_newlstat) + +#undef __NR_syscalls +#define __NR_syscalls (__NR3264_lstat+1) +#endif /* __ARCH_WANT_SYSCALL_NO_AT */ + +#ifdef __ARCH_WANT_SYSCALL_NO_FLAGS +#define __NR_pipe 1040 +__SYSCALL(__NR_pipe, sys_pipe) +#define __NR_dup2 1041 +__SYSCALL(__NR_dup2, sys_dup2) +#define __NR_epoll_create 1042 +__SYSCALL(__NR_epoll_create, sys_epoll_create) +#define __NR_inotify_init 1043 +__SYSCALL(__NR_inotify_init, sys_inotify_init) +#define __NR_eventfd 1044 +__SYSCALL(__NR_eventfd, sys_eventfd) +#define __NR_signalfd 1045 +__SYSCALL(__NR_signalfd, sys_signalfd) + +#undef __NR_syscalls +#define __NR_syscalls (__NR_signalfd+1) +#endif /* __ARCH_WANT_SYSCALL_NO_FLAGS */ + +#if (__BITS_PER_LONG == 32 || defined(__SYSCALL_COMPAT)) && \ + defined(__ARCH_WANT_SYSCALL_OFF_T) +#define __NR_sendfile 1046 +__SYSCALL(__NR_sendfile, sys_sendfile) +#define __NR_ftruncate 1047 +__SYSCALL(__NR_ftruncate, sys_ftruncate) +#define __NR_truncate 1048 +__SYSCALL(__NR_truncate, sys_truncate) +#define __NR_stat 1049 +__SYSCALL(__NR_stat, sys_newstat) +#define __NR_lstat 1050 +__SYSCALL(__NR_lstat, sys_newlstat) +#define __NR_fstat 1051 +__SYSCALL(__NR_fstat, sys_newfstat) +#define __NR_fcntl 1052 +__SYSCALL(__NR_fcntl, sys_fcntl) +#define __NR_fadvise64 1053 +#define __ARCH_WANT_SYS_FADVISE64 +__SYSCALL(__NR_fadvise64, sys_fadvise64) +#define __NR_newfstatat 1054 +#define __ARCH_WANT_SYS_NEWFSTATAT +__SYSCALL(__NR_newfstatat, sys_newfstatat) +#define __NR_fstatfs 1055 +__SYSCALL(__NR_fstatfs, sys_fstatfs) +#define __NR_statfs 1056 +__SYSCALL(__NR_statfs, sys_statfs) +#define __NR_lseek 1057 +__SYSCALL(__NR_lseek, sys_lseek) +#define __NR_mmap 1058 +__SYSCALL(__NR_mmap, sys_mmap) + +#undef __NR_syscalls +#define __NR_syscalls (__NR_mmap+1) +#endif /* 32 bit off_t syscalls */ + +#ifdef __ARCH_WANT_SYSCALL_DEPRECATED +#define __NR_alarm 1059 +#define __ARCH_WANT_SYS_ALARM +__SYSCALL(__NR_alarm, sys_alarm) +#define __NR_getpgrp 1060 +#define __ARCH_WANT_SYS_GETPGRP +__SYSCALL(__NR_getpgrp, sys_getpgrp) +#define __NR_pause 1061 +#define __ARCH_WANT_SYS_PAUSE +__SYSCALL(__NR_pause, sys_pause) +#define __NR_time 1062 +#define __ARCH_WANT_SYS_TIME +#define __ARCH_WANT_COMPAT_SYS_TIME +__SYSCALL(__NR_time, sys_time) +#define __NR_utime 1063 +#define __ARCH_WANT_SYS_UTIME +__SYSCALL(__NR_utime, sys_utime) + +#define __NR_creat 1064 +__SYSCALL(__NR_creat, sys_creat) +#define __NR_getdents 1065 +#define __ARCH_WANT_SYS_GETDENTS +__SYSCALL(__NR_getdents, sys_getdents) +#define __NR_futimesat 1066 +__SYSCALL(__NR_futimesat, sys_futimesat) +#define __NR_select 1067 +#define __ARCH_WANT_SYS_SELECT +__SYSCALL(__NR_select, sys_select) +#define __NR_poll 1068 +__SYSCALL(__NR_poll, sys_poll) +#define __NR_epoll_wait 1069 +__SYSCALL(__NR_epoll_wait, sys_epoll_wait) +#define __NR_ustat 1070 +__SYSCALL(__NR_ustat, sys_ustat) +#define __NR_vfork 1071 +__SYSCALL(__NR_vfork, sys_vfork) +#define __NR_oldwait4 1072 +__SYSCALL(__NR_oldwait4, sys_wait4) +#define __NR_recv 1073 +__SYSCALL(__NR_recv, sys_recv) +#define __NR_send 1074 +__SYSCALL(__NR_send, sys_send) +#define __NR_bdflush 1075 +__SYSCALL(__NR_bdflush, sys_bdflush) +#define __NR_umount 1076 +__SYSCALL(__NR_umount, sys_oldumount) +#define __ARCH_WANT_SYS_OLDUMOUNT +#define __NR_uselib 1077 +__SYSCALL(__NR_uselib, sys_uselib) +#define __NR__sysctl 1078 +__SYSCALL(__NR__sysctl, sys_sysctl) + +#define __NR_fork 1079 +#ifdef CONFIG_MMU +__SYSCALL(__NR_fork, sys_fork) +#else +__SYSCALL(__NR_fork, sys_ni_syscall) +#endif /* CONFIG_MMU */ + +#undef __NR_syscalls +#define __NR_syscalls (__NR_fork+1) + +#endif /* __ARCH_WANT_SYSCALL_DEPRECATED */ + +/* + * 32 bit systems traditionally used different + * syscalls for off_t and loff_t arguments, while + * 64 bit systems only need the off_t version. + * For new 32 bit platforms, there is no need to + * implement the old 32 bit off_t syscalls, so + * they take different names. + * Here we map the numbers so that both versions + * use the same syscall table layout. + */ +#if __BITS_PER_LONG == 64 && !defined(__SYSCALL_COMPAT) +#define __NR_fcntl __NR3264_fcntl +#define __NR_statfs __NR3264_statfs +#define __NR_fstatfs __NR3264_fstatfs +#define __NR_truncate __NR3264_truncate +#define __NR_ftruncate __NR3264_ftruncate +#define __NR_lseek __NR3264_lseek +#define __NR_sendfile __NR3264_sendfile +#define __NR_newfstatat __NR3264_fstatat +#define __NR_fstat __NR3264_fstat +#define __NR_mmap __NR3264_mmap +#define __NR_fadvise64 __NR3264_fadvise64 +#ifdef __NR3264_stat +#define __NR_stat __NR3264_stat +#define __NR_lstat __NR3264_lstat +#endif +#else +#define __NR_fcntl64 __NR3264_fcntl +#define __NR_statfs64 __NR3264_statfs +#define __NR_fstatfs64 __NR3264_fstatfs +#define __NR_truncate64 __NR3264_truncate +#define __NR_ftruncate64 __NR3264_ftruncate +#define __NR_llseek __NR3264_lseek +#define __NR_sendfile64 __NR3264_sendfile +#define __NR_fstatat64 __NR3264_fstatat +#define __NR_fstat64 __NR3264_fstat +#define __NR_mmap2 __NR3264_mmap +#define __NR_fadvise64_64 __NR3264_fadvise64 +#ifdef __NR3264_stat +#define __NR_stat64 __NR3264_stat +#define __NR_lstat64 __NR3264_lstat +#endif +#endif + +#ifdef __KERNEL__ + +/* + * These are required system calls, we should + * invert the logic eventually and let them + * be selected by default. + */ +#if __BITS_PER_LONG == 32 +#define __ARCH_WANT_STAT64 +#define __ARCH_WANT_SYS_LLSEEK +#endif +#define __ARCH_WANT_SYS_RT_SIGACTION +#define __ARCH_WANT_SYS_RT_SIGSUSPEND +#define __ARCH_WANT_COMPAT_SYS_RT_SIGSUSPEND + +/* + * "Conditional" syscalls + * + * What we want is __attribute__((weak,alias("sys_ni_syscall"))), + * but it doesn't work on all toolchains, so we just do it by hand + */ +#ifndef cond_syscall +#define cond_syscall(x) asm(".weak\t" #x "\n\t.set\t" #x ",sys_ni_syscall") +#endif + +#endif /* __KERNEL__ */ +#endif /* _ASM_GENERIC_UNISTD_H */ diff --git a/caputre/__pycache__/capturetask.cpython-311.pyc b/caputre/__pycache__/capturetask.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..798deef3751d9768ee40140dbc6315739e931acb GIT binary patch literal 20079 zcmZ3^%ge>Uz`*c#S62ENO9qC=APx+(KpCGc7#SF*Go&!2Fy=5sF@kBPDCQJ~6s8=O zT-GR7MvxqH4qFI_X3SxaVh5|?h~fa#oKc)$nk$Mcg&~DGha0SpIfo~Nfr%lNBa0Vm z4}`}D<1J%gU|0>~Ff3zaU|7uv<3{l_F{CnP3BdTN%vpjkb_z=s0|UBxp%m6c;S|P1 zk#vScQ6`2|F;vr|#8cQ>7@{On*jpH)BvUwA7^0+7I9nK^q*J(B7@}lSxLX*aWK(!r z7^37-cv~2v<Wu-s7@`zX_*)pF6jKCR7^0L?1X~!Qlv9LS7@|~Cgj*P*R8ts(88k&+ zf*j_j$#_dBB%>%bF(n{BKgYEqHMz7Tzetnu7NgcnkhemTLCRp5m4ShQnSp`f^8s+s zGclBa)Iepk;Or7u6frO`WP#L!RiFkHsz+-XN<e0V)iE$+!S$n<4_8rx7K|l4P>rAf zW@2Di%>?78FlK|<MS3OtFfj&(6eeUHSsXB#1)MMzGL7oeWhmw|GNdyEGo&-rGS)EE zGSx5@+1D^G04H5!6F}@5rYvp{4Z>M)_Y!3zN)lsaKrsoPNI|x5uty0+c#=gAFGhwM zP!eGFd-?zW|Nm9uu0=)pMG9$|c`2EB=?W>SWtqvT#a0TM{I{5rOK!0T_<Q<=xCY%~ zDM(H%xWx$~<1^FZOKx$4v?S)_q@<P=-(pRwEJ{tg#g<xBlvJ8_i?yIAGq2<pYguAW zY3ePul+@(>l+;^ni3J6zc`3IzlJoOQQu9iRZ?WVh=BD0a$xE#OnOBsW3N=rY`4&5r zd5azDq+84&n?MOlK|$e{fs0j4N>*ZCdVWArepYI7NlZy%PIgIVS!zsjVnJz15tuG1 zElMp(EY8*|sJz9KlUZC64>hbvnt_2ql!1Yv_z(jFLj%JNK8@a_o~*edbL1}aX<Xsc zxX7n<g-@%&{VqHA6?XBtOmjFEh+mY@ydt5w*6bp?(G_;14M~^SEiSNI+~wfCz^A@e zY>muyO`A)aHWxMRu4vj_<gmZOVSj<c{szBb2j>Gmfd=;*T!IbGH@J8|Ffg$y+~DBv z=j-B|P&}pPinzvgas5l;`WM9wuZSC7<S@FzVRV7R=mwu)PtFxS`3~j}tPI?IU~OMH z7+5*4u!u|uzsMqcg+=xPi|h?<p$5Otpp=yi&w~sM450i13arl$7(fLjCqoUx0+1pM zTmsG`5Mk6@TBK3KfGjHsQ3T4@a6Jn^cEH79j1<N-OsHnnGJ;ZFo~ANG2|UL!FsLvT z$<#8H!1D$JLke>Z(`<&hXu260A{kN`YMJVo@;D%LIb%6P1#=`rIb#Y-FoPzm-z~Px z^t}9{)Rm0jRG42>TqOZX+TgSZO4|jAl{xu|DOL)%*z)pI5=#;_*=})UBo^l+R;Cu+ zVh&0yzr_MlP$bB}z;KJxwIVsSpd>RtuLx9nXfoeoD@aVvPA$2`4mIc&V`?$T`w9vQ zMN%LwykM*1q0&W~3=9mapfuJ8PGcXKSXuRMa0~X^ciGQ1zQ`?qg<Jju0~4q84KbOy z!BeuYh^bu{)4e37yCLF&nC?X}yDMUL9qu=Tr8@jRurhH<|M<$rz$5yBfss`YL4Z@A z&I-W`d^#8SbS`q}Ug6NafPsGe`0?WdGb5|sj~_oCa0_=>6iYBLFf=(bI<hhxWaV<y zW<JO-<fz7cP>t15n>iUCy9^8rpfm;Y<YzW;I!a*(W?0GSw~|4V=@x5oQL<+ND0>%| zcor0cbiqPGC^<j3ptK}4zPKc@B(u0AGr71(pMilv4-_2i;NZBy!qMPTB*VbKfRb)O zr9ardCt&+H$w{}))J?YwKyHF1Z8)96jGDrWSyEVP7|R%nSW;MP7}J=78S(^_8A_1q z0~LlMW>8AbV}Yk#wqOQLcE2Jy1_p*Ac?JdsP4-*N?ye!XSOWZmLvFEnxH`JrVh#um zxy9z<>f;*XdW+pZAjH$(FZdQ~fMbZWM-{6_NJxNw$Vw(Rzm;r7N+5HTL4*p35CkPk zuHur!qLSkB%#w^EP-<MsRHO!yR0l-`a-8vH7RP6lloZ56l6jF00|SF0NKrR9zCJLq zvGQUhUuI5K{K=PJ>^i^VC4R*VN^uwY<FD|?e_&wbRlSg$bs?|xLNW;55SN}2KB4x4 zfXa^_cezDCX`2^8+~DBpU;(9FUU1qK>#!~s0;gRWM+Jt13S5r5%m;NC9d((pr=mOL zry~1-NJT~9R77OzVGU-`WJ69pY`0iKgF%&bfMam*EtVkHkf2*E!6E)Zw^)2UK?y1_ z)H5Wc$O07qmLS3!6u-!cfH$)^J`IruTo@P_z-sELlLmq=@&{kx4+f_JGUHvsQHJ55 z440!O^Fa+pM@<~@o&j#7a*|Ve=n;;0Sj)0l45wO983ryZU}}q)Qka5qy9cROL@if} zY->>JOr%;ERL6tuSO6-V!7OAVg?SANs#%~~cmb&RMOFr8r?8@`gt!)5g26j9;QAVS z3HDNqfq@|eQI1uy1P6QQx@mHPi=<o3A<hA}Sc?nti%M>>rhup-)KaR*3X~c_#ZwVD zxuGY?;^GWgvE;?Tz~Bl>wp*b|k_&6GB=dk@bZT->^%Z`F1x}av)h_U>tx(%4yhi(q zmi3OJOInT>v>b1UOHU}lQl!ZcSEMaayU4G3g<lhtnq|Od5mA5%beI-{qOi%4%}I&j zAeW=4lM=%rB`zm@=0kdnPWm{~^DgqsF`A}la0)?6yIATt=3oX*7QdI`pcLY!$qG&p zMed;Z_5cx{AOaNgD;dERQ!%K;0c}tTWERJlq~_$MmcU})kAZ<97!>=N(AdXbDG?p} zM8+7T%3*WlW;n>r<tV{?P@K_G0!LIOksnn|px!w+NRgTxSb~%(m_d`-FT_og8629o zm>q)xz?FNEFDPt~LJ(A*Cl<l$^gsp%hFFjiP%dg<_`t-1CG#+HO56|@pJ4KVnUPcC z$5TR8GAKoZ`m{|_@(lC2beLB&>Y#=UsBi)mho57ZL0u8#ZasSEG=_<Rp_Z|hsfMwL zErl_KsfH;N+>|N-=?5273=CNHFxRrwFc-0<FsHE8ut4>|i$_d7phj9I1E`uUK`IW> zO)g?dVS}iuVZh!9L~h=p6`-Ce>@_IOKTxiRcp(cEB48#?6>wMKQ~}R)I90$0G*UR` zuz>uE(-$IO$AAemU#O>W)-aSH$s_p!-fhFF0+cMkrlxSsVZ!SIQ2z<65`C1cD71#5 z1W6Xje)teak#h<+VO3e6ZXDQ-1xQsISO83*4)qXWo*-Bo0|P?}4*}nSTH{c~XyMC} z!b>29fg0<$^zuRUrtm{(O@UHStM1w2hG$#5pLH#LHm&{n#@$cnb-&-!^K|F77yG9? zojvc#j@>VoHA2LnPU?Bu+y7$Sx)<x0J!@{g#RBS0+~R@u0>HiHTg+}D0k^mzZ9=F> zaInWMwh(Z+Tok~-z_60#7F$Mnd~s1Sm`*7!xy4!l=CT&VgLo{S&b|RFnQn1rCg&E! zmsA#{LYd%kA!Zl9;FV0bxC%>Ciz?&6LqbqCNF}(cxWydm5^#$>G%q_ZzdTP<1l&0( z0<}(yKqXlbs9FFQg<$vGV$CQAIfgZ(9Bg|5h{IBlQe09L2kH{BfXuzc0<ydaR9fF+ zDonY>S_rZk()VXA1gQYqT$Bdtma&4Xrd#aLE>ckl$QU+ATe&C<RG@+i8wC)63<U@# zXQU=)Lu)OtkBf>K7#Ki?6<=fo4LN;fW02KeVRli*=!%TdMHa~h_l}qw?0le}kJ$}= z(HVRzcrJ*WUf?&qz+w88jX_#t1=~d_{VP)X7g@v`+&a8(u!DO^#y9vyCe$v-z943F zfgdz%^p%Z)Lv%veMRu7h>@pzJBta^YIw~)4NPy%dX0Tmkm%qX;50aC)!7n~TsH5fr zhx7+F1`fXV`lkA+#TVJ7udqvhU|?hAy1_33Zw#p;u|%ckI!}qdBC2`=&icT~D$ezR z0YV6XSe#rR1Ym}iz#PN^GF0@2r2JBrIWkuywGgZitjrQz9~dA6$N*+et`9sg1K_S= zW#zlUEjU%V$GXSv0|N^u-wk1j8*(a3gXd(=$-5$FbY0H!lAPs5IqNHO*2v-?Sed2y zJ}^KC5fF=)4~y}PtVjWdB~Vc0A8?CINb0b?z#@S;k^vf>1yx(0S-3&f9w$QyG#i7c z6!5e}3R4P0CPNBy3UdtuVgwyjiOt~#jVdnywSz&*QE&;o`oJhGwQ3lUWswR?c!Q#b zF@+V>wa2Lvl#;>r)i9>8K~&;!2fTR4a7RT7dktd>2ShjWcsr7d5LFyw3MXEbh^me; zg$t?@DGZRzL{xd)Rjdr4QF#U&w!_C|QXndsYnW=7L6bB!j43=&JCOW`WCx<!V@%-% zshq%=x1ojsM;L(y+Q6ZS5k>(id`Mx0qz=h0Y+;05B?V!W!e7f$!&C#FqJsH;0%M*V zPCp@4$7t1AK#Bm8pODlc`3YWa<E&!g6*W#3@CqEK3Pj~BIEST%F+~UzQ+aoA`U!Ux z?VBQu<R>I`NPZHAMlnMTLkV^j@FrA>$Q&k^dvNAKjC7pBU&~s<RKtp#Li0*-`bG=p z9*k5Mog#|l8zgl|z7d1zE^?`1C?TLG3)Ha#YgmAkGQk310;5?)$UL}1Qp6A;RbmP@ z3{0Rm)4`nvwp#WYHn`6iQ-t8gFf0H~_JDOF6E*CpX_t|q1k`wfDnYlShA~APl!8h? z!xK2v)N<5tq)23g%6x_*$rQ;2pkZC8S_D<Yfog9JV~P~W<UH0CX&AePaRF#F7@-Nu zLLa3;u2G=&N|iW36*Dj}EKo$S5v&?UR2P6|1XDN=;g!M;oi`0D0S&Z3HKxdbY7T^| z*$gSNINiyKYQt=X6gg0BLZogk4Bhg`KAp{wqA-^mRSkw8_^|pxaY*?=80rTzlz31A zl^%$YOi@O#XEUUzpvkJD$YO>gMlJy5A%vb3QLJuIL$gI4p<^~fiUyjjCW<WSZV<rg z1}!vOv{7u)L6g-*ktNOztOz|t9H{BHm<co!RstHvg5?iA9QmCw1<4#@a}4TAgB09m zvmxAw(`>Z-glcvT<1%IjhSlIw3*;5h!kJ(OWrh;a=p0CZ0X*(2Tg!=(3iWF^an93n z)^UPDCxxMwvyKxnQ>$s<cZ&-&?-~G}M=eTcU|^_X_S1LN<i5q8kzZUApILB=Efdmn z1ks?*8(VTlW`1&NQ4VOB5Hx3XOQ4`Aza&37KPNsVwIne!r}&njTX{;nM`~h9YEisT zYF>It#w}im9q~C3E@w$*ZfbE!Vs61L?()pMl>GAe;>@blqH>U_6(9l>lVD43aTFIN z$AiYGZ*im)mw;I>L9OSaYLL1*5CQ7Oy#%$mz}?NFNRSw)W(IdJi{e3CP`|PWw0@?j z2E+vw#8phywMAerFjPqfrKXqWBo--zI0q;|+-jxZR+OKs@Qcx^ibWwLU!jUaLBk`z zxWr1~7o#RZL#PXyhAJUY?;37MNM%8)ZBYUP149*?f^&XKs%=psh{NsT7pxEn>S9|d z6s3Sf*c2dYQ$ZXN#~_5c;Tib~8HvRTMWC_5Dt3E?kkp(Ug`yacLe}b9tLoY+G3exa zVo`BsUb+Hg&d^FhQ}q@{PJVJ?4k#{JK%oxqmfvFX47kM%>V`9edg0)}2Bohe(CF_i z=FE(oTkN2ek)Kw4iwzP%;Ep#Wd^12H2paG$$^x;nK?JBH500;*To4x=+<72YK8OId z{)!4fEKsle7F%gSN@7XsE#{omJn*#qEw;4$qTIxiTg>UHCAWAWu8%J)O)X8m#SB_L z0&0TZ;wmUD0mn^p33zl>lM6BozztOoa`7#J%!2p~NZNxYHo=l)4588#bRi+|SO}_4 zn8D!D2T+2##R{^jxJUyu!~p8DfJPV~7&6Yl2a-=MiO)#POUX$sDw@N<z%U!6n429m z$nb$Bo{?4OD;tA^!VNJg5E50qAtHN2T>6HB(hWtm8#0PFB<1Hw-;k33AkG8ozVnE4 zb#Q->Vc-!0uTwC($Srq;TMo2N!T5%X)>@+_UQ7Hsyk~G+<WWTDe_(^@g0F7S;uN}} zq~75@gY6=Z{0%jowZTiWuc(=Kc+cRv$fJxYAg{VKX-?Igx($pM<qa?J$lOp+TUxw? z`-+0`hQx~s<`;NmZ|K`!a0<StAKc-6K|=c?kIoHE{jJPvq_1dNcX-d>y~v|>kw@(T zuW)~SSNz=Ii@b_gcojb|C{pYWMQnCo<k7*fN)p+s2T}@4h39Brk<z|_U`fg^Wu7B_ zMN$(q^Z{Xg;AGY3`@q1e&j<3B)<que3q0B%_!#&^!2Sri$g6aPSLp+T0LX9+Xm~!5 zRbJ{cC+3Q*-VHeG11mGgAZCO?A2=8k)X+jzQRxDY95^IHF6xJXtOSMR1uVW{16c@< zK**F@Pu&Lw7G9wTN*Zg0muN51yP{-vUCH*6lI=w$`zuQJH;}|XureD9ePCcV7Mj3) zK}PSQfc{r522HCSY8N#euV^@4<WTM4z96c4Lr$}UdxG0V4(S^l!WTr;u5hSd=g_;v zp?5*w{vwCN6%L0B91eHYwN{udtX@*x!9BtMB8SRdewi6z7x`7L@T+vN-ryFPpwVUD zVgEo?b9wZl=nbM5Rn4!cf>IjiMINOKJW3CgRXe<AfH)7h#XxC$hQ&p0l`GsTOEWHU z>s{d1yUQ(pom=`6xAY9}i`*JlxHT?tYdqi<n^1OzTW$gCC2rLV+^TnZ1V1n^2p2G| z$ljrGMb8<+fshBXkLMrCzYvyi(Jk?cTOvddLS9HOx=>twCA|j1g_90U-b~*a7#x`V znLa_N4-5<eOi@f9LA+?DFAxf@UbukiD+5C+Q!W#-5QP1afq}OWq=UB*B+FaKbYoaJ zUhNV%CZHi7%e0{Sg0brrb+-f6SJZ<+UXKNNS2&jGLUh`N^vWyIRUa4_Y8c%?K@r2~ z0hNR({K~)(#1w@h1d#v*UK~gVZyZRLHx3bas+YLcFL0|v?T=tuz<oi-?uvr_0iG)g zz98KZARWRHOcz2EE+iIT2`%}+z);5M1Trm*(HSZUQTUaC!Ivo%MF=7RvOf}}gEtZ+ z%NvQ?{uR;}Ox>?&dYllyq8SL$4IwW?rCvy@xDr+Qfq|hKVt+IR_VY{4u(-mn0vch> zU|iw7gX4;hBZPB<N1(&yDUaBM^67Px>K0^g(72*zy~BII|1SR%UKee`uh@iN6py$f z9&tll4y>YjgT)nfn;p^n<9EfMh`MMSam6;`qIl#L@yH9&X&;#xc{3QlFn~zVOnL?* zG6|c0)B%lFLkRGaH?0MQ7x=U;@M&G-(7wW<eE}PSt$Ne>@#9A^s6X8ltR5=Ca9P_? zJ5++<ssvZ4J@Zv1p-?O4t5&R`_NbGVppiFFoA~n{@N_Qnq-6?Y4Z~~(%r%Of3@J>B zjL55SQO9>c<GL*jYgm`DFfgnJwJ5=@Yj}Gb)Sd*3fZN*&wTvisvVrUbjjGOOn2WZm z1GJ_rg`t+QjuG1GW~^gGYISq?Rmlf~)_{T9X~~HNphd9?`FRSNc_pbuX^F|HRth0* zD66MH^T(hOt<Ruo@98Mx);tWs3`N?YDG|n7>_w${d6{|XpatU<NYnPeIBaqfbCXgM z?Wz=^_CY5?iuG*3jl*I)J(v<^Mh1prP|K!);c8Ukg|Ng12Jle2Cd)0>OpxntF&7l& z-C`{+$uCO1#a&#IUl5;`nNyNlR3!~*f<mkSd9DE5uP6q2?iZ7lf+j0?<z~@*&}0p3 zab9Lx8n}G~Y0EL);)I6)q<sY%Y=<pi<cFA=3UheTN(Kgof1rld6b4Yk>M0B71upXy zo)@^xFL0S(WU;uyVsU}R0yLp+cSA_5gZ(ZC?*z}Kb~{8b_#}c5N76-(q$?ar7hnjs z*3Ax-vLOUGW!tRqyufF3fzM`#AcVfiVS9zc_5wBpOW}5)6b>3;oFZ+=u#wAAnt8XV zqZso+F;+)u)MO1BSOh0)H4ez6L<(aqBPY&fN$86lYnf`8ikT)b=N+kGS^!EW&;*O1 zQqU47_F-|<LBU!^lv#L;;i(dktD#n8Ax}@Ru3<y%%+@m3FymMZ#l8$>DSZkDbWmYk z34B1BfnfnsCWKlD+E#$F>!UanMF-ME1TG!5EHw<+7yG0543rDNM%18(A$-aKEDa^l zLmJh8j0_W)^4^nXZwhA$R|<Cu&m6R+tqaJte?8H$!3&LzP~?=5!iVms6xKu@68*%F zym}x-U=G^Sa<cvAOtjwwp?>ow(d9xZ!pLqf0j-sW#l6TJ>ZB3Iyt_pE12z;GTmq_0 zp)Nto$*d&$Q4HCKHLNM(R7!h{d4)v#O9B!<6Bvu6aO#mnO^LN^HEg&;p^TwuJ4!m1 zs$s*{U;w4&641yHG%OMO#ZW_a0jM5^szFdG(x`4?WT;_F<V#^n<UuhLRFQ)<m4F5j zz$^v^<g}E=n8LJ126Yf{0cdXwR4sx+brmD1*5E|QB3Rf<wG`PDIh5FDOQBLK&Z{Od z)ybzQq$pCSB*?QR*={9j**$@|=Pr0ljSeF0!CPwBQBt3B4Li2f2i{V{UdImJQo~-y zj%YH1nvu#3uuTe@Dt<-Hpv9Y+3<3-cRjj2YX}T6}nvA#Dic5+zlS^)~B_@Nm$=u>f zOD##xh|dG<=Hdg5je*C`O8oNkQg5-Q<`$GxR*CrKLx&2B6%xx5GjkG?a#A&!iz-1) zG&ay?k<#K@?76AM#fj;uw^%@}y(+2TlKg@KMEgzw+BDPC(*rjP3yL+FAO<jH78Gp& znZyg)VOEr%12GWX0Mujws{zXwZ2>7_gX{$ZZw0#r(*Y5Kx(KYU2sEpCix;$kA~^%P zf2?R5Xe3lLxID8YIRoUfl6>gSIV*)CPy=Np^DVZL#3In(B1>XXdhso`l*H8B{5-fl z5aVufK<LzzTRc!Fr-HWQRq=V|l_ln6ra(=Fd5{$%%MV=#rI4JTo12)I0^7s~9s~qA zCpjlGHLt`<K~ww|OHpca8FW<>D8357ZQ@%jS;hHzw^%{jor;Slf(A+_fr#~>fMG9A z%}Ytl$+^XvQkq*(e2XnL54=<g)Q&D{1F7IIPR&V8E=f&+g$HPc^%iGI252v7W?uR& zR@buBypmfi<%yXkx7Z+iOu<cPP>dxOL5EX0Zt+4~8eg2B4BA=6mQ<RSmRfX+1(bSj zu|vIgiyM@rpe=Doba3URmc#4@6>G(yb{k||6xM?01&2mzJj8~gD+~+_9H732KMSb+ z{(;4UmG_3Aa0lB5CPU5)#v8&4*M(It39BwhxhSlCMOeGT<%Y00s3$6RQ$X~FsO0qM zNzn_$FN$hj5!Jjds((pT|Dvej6;Z<ux4S%o6Vy6=dwe^5?}|xH$yy+`f%Srz*+nt4 zD`I9H?hp9I`m4LDXIMans#fq^;y1a#Z}L=J`MS8~C2`G*;@VflwLdVh3Pv*BRnohz zWOPZ%=%SLz6(y4i-Zw-PuZw72646|%vPNq|^hGVlD_V}%wLC6qd7Kcxs1<lcEAXO7 z&=rxO3nD=mMS?!CF^DQ5G+b~9xDb>4fq|ib(G4`LVCD`bKQb_Adw_-;v^_xMPuk$& zCvAU_YyeX@X!J=t0xTT?VvB-DCPcv_6QYq&ksE>%)1@a#&xp7vsCGqAZH3w;L4yl| z26qKSFNhgk6fnLbV0=Nq_=c4H1oj&OveyMvFA1nFO<9t)!~Lwq1;daFh9MW#La(TW zURR5`q!x1_HszvP>J_!rivnp^1kx@Dq=7;m%?gc6f<_kvjZlocA+NVX^Q^^PdA$$J zjG_h~7#KwjJ~A_@8-8J6Qa5~VXue5o2m40(E%F~(nFO5}zc7Hv4`A{mnEb%TAS8+6 z6TM4<78e99o=U0B)SIJ+<ovrL5>vcZ=pU815EgquKJJ2i+(nW2D<bjNMba*bq+LkQ zyC{->MI`?tGoxT3Xh1`-5Hyq_SjhO10VMJO%{%&+1T8NLT0W3fnIAnXdWFPAS)(hm zMiaPh2+J;&Stz$e?t-xX1!4WWB9a%R>^5j!kg~fVWp`1;{)&kG1rhrja>^6j?~2Gy z@xLgddPPL_x`@^#5v>)57e#chi0EDr(Y>K&Fv0(ZoDx{o6%m!S{zvUEIE7q@O}rqI zbWtSfib&FRk&H_s85c#eu83q^5XriMoY-zC8|}!t8W3?qS@#1oqon=^21ZH!kIYQk z245JMv<;pcm~CR)P`;6W3;#z}CQ(OF$cj2LeqaExp(F=9G2WGsnZvar?}B^y1?7kf z$`KbOBCkk9UYAI?B$03-G2@~{<`s#|kIams*`RO}%?5=Vg5+Qjl!GK7NDSy*a1Oa3 zA9_JP^rA@E6_K#(BC(f5VlTv{UKB~YA_5vv5(Ez@34(``1Tz>vCNhHZ_>Ui7(-@&! zD0M--ZU_PHb!)F+yuhb@flvD)ht3raoeLNU*45SpZKY&m;N<OK`O(1wfyD-(9clgw z{>lvJl^6r~7|ttm1#mK-*A)t2VLorq8o<YJfrT}IllcNCGl<Q{6d=G1nj3^y+n_oF z+%2C4-nW#(n8J|5P|Lu?P{RP4@`9*CUL#n;kOdm9085~Cff;KUaqP-P>-vD!OkiKu zj^6EOWI)-Yi`MmEWZ-0|VZ`3;Mr|^JSL!g;GNYKrR>O>~c~U~KTV8|VpAvXumw_RR z3miBM3=Adk^-K&5HB4!YDXeSQ(VDwREB#=)7#L99&dAVHtjXb51PXRdrYd#=JuuAV zS7%^&35vfe70_I6acWUnYLNnHvw13La11mU1)5A&u(Y(a)YH=osgiU|25l@(O;JeB z&&x{%x1AKyKvTa(J3#|$ytmk()gim1TfC>AYsf9`V1H-t_~4KrS4ZDlEJ>MpDYw`l zHb81~wnVUzx7Z<-U2zep!%%b*RHL5(5unPi=q$)^mZIyR3Y-n%%%XE34ohN6N>MRr zKoV4gLgp2@Ky#Q-MW7wzuAr*(D0t}W28&>WF9<&1mFfuViJf6K$8Lq$6>Zy#ymnW3 z?Hb%}uyD0|H+f$WP`t>ZbcIFf0*ewz$hXONg5pIMkt-}B7g$8@f(FnGF0vS2VKKbG zVh9>Ii)Oqbr!qfxR_@IFIr$ekq&s*glz=m*!3vcNd<GZz3@&mQUg0pjz+re7x_!R( zB8Tb~4%G`Bs&_dAuW(2#<=qf_!Nlc6$OVp|iyT2$ID)QoL|o#CxX2N8g(K<$N7M&S z7S?D+@CYMH1_X`bfHPnd#vT>K!d&E|Ex=pcQI3Pap6SpN5pv%MRj!tyhM`yxC2OFK z!$5|LQB+`L#S+l6V`v&iU&Q9Z5Gx7Jf{dt}?rRulGo-MBH{N5|*dxWsPy(6_hniU; z2xWlwJ+PtnKv8+1vA7g=&}2OWL$PoTGjirccUd+l12Gh#`W|he9K`o|3d$(^QB)X; zgwcv8w8dwT;qhR2f2M|^h8eMFCXpK@Jh_ky3#`Qw(x@j=$^dl|paFwyLK<TV;~H+X z!UmMiplT5mYFc1qKpy-@vPTM`gF5zbGH{~W1uu3{U9<ox4Itc*!h;&;j0`>M$_yn6 z2o)*}MWSf&!;7vbg)dPsk^$7~g!ei5{X#UEia@&_i$D`FRf2x79#*kJT7GF>ie8nF zBdh}n?Ijgk6@lDbB^3<rohT$i#TAk&6*BWuQY)+!z@>K;Kdg6^oROcIoT`WDZe`{b zl$PjK2|`Rrh4sIz6u?C@xNBF%!v*V*>gnmZX$m2gv!Id^T+V_!m5{QTGc~U?H?;`7 z`~-X`3fPXKeo)EF6$UyW1w4&WbOKaRgJv0SvFGOJWtQX@6`cYJodzis^iHiz%1<mx z@dQoU6qOc~z&f>{gm;TEvj~);Z?Qo<gjSZb<R)h36}@6$U<d@2;*Vk5Pgwb`u!zj{ zT2XR=#pEK3$rTop>nv86SgbCx*j!<;xxixcm5qU4x-+jQufhEWw-D$65`J)btay<_ z=?aI^1rDVf9DE&Y;JFaFi!Ab2SmZCT$ln!`p5cB`Nac!<3aF7K3nn_*Iv6{Q?{e@? z5bVh9$eoZ3A}?~tT;Y(p07f6!*jf4S3W`h(y&!FVQPkp!sKrG=%PWGG9c(wa1t&Om zS#?;=5L;@zpnRdt5}Qks`WGbi@A3#<5K_L#qjH5u<pPh&4IZHmw-2lgQU*UjM`ehC z9gHBrPM5pLA%BHK{sM<Q*y$Z?A6S`K`9W<u4hC_#8EI4U8~njllm6WN3tajaxb!cw z7+hg7xWHoYm5l)sV*Xq0FBpO97?z-mEJ0UTg08bfTw;m1$P#shCF%l8)Lj-{P{6vc zwZEWcb0Fjbi`PXKuPZEG*I5ECu>?T0Twn<Tod+WEfr*h*?JkdKkN-s;*(*G<*LjpK z@hB}YyvU<^g-7)Qk1A*rrrM9E+%h1KNFa#29K0R*7dhmvaL8TYkh>uy-oXxmAP-4^ z=7T_cY7cQZvN-cI9OjpF)?q%Z&FHMdeAHaSO`hSHytJDg^D$dSH#=rcwOee-pe0Ae zMWAl<E%uzuq=Mwcf+A20>XuM)eqM5EQBi7MiC$VMX!5YQ2vmaI;w(;1EU45=%*lb| z08qoC=rAa?vga13gXZFHu@@(%rRF9U+~P?|&CLg?2kF1Xo1R(%TJM)s3EFaXiyO)X zaUkOhBFROmiQv;iiZb)k<DsJh0s+pB0r9RuK~AA=@xh)^u0^1-3Y-xjx#up(a@Ii5 zDy|~%a0X~t0=(V}eE0~~O=F-PvEZ#)kf}jX1_X~46oK<HDAN>yM%TbCh9Xeu`-{US zH$SB`C)KX#JM?^%;?0Z<3?G;o85tii2w#Aq8w_F>VCV*e;RRH5gF*ZP4BcQ5xBx>p z7<e1N@CE~S0~p?5;A;TG8w{csVCV*e)CCy2!7blmc7<F1f`ZWkwkrxo7ZpsdD41O2 zHod}a+Q9LFje$$CL+A>p!UB;iie@_mFDhDH<g~uRY2CnfgNv_${f3ZO1OE*!o(A?C z{30Eto#j2{4Ll!Mco~I1Fu(}~c1Dp83~)k-k&*KQ1Ds&vU=;tr04GG?EU=ge52N4* z1~?(Z0ph|55jGGPP6(MWN`7E~6IqOjjEp)T7?4OeW_Ct9kXxXHh!rF62L?D%#mLPV U&G>-<iIh-bl=#4aNq{3207-*r9{>OV literal 0 HcmV?d00001 diff --git a/caputre/__pycache__/demoscapture.cpython-311.pyc b/caputre/__pycache__/demoscapture.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..32c4b1491070317d35957b9f7930721e12b43cd9 GIT binary patch literal 8305 zcmZ3^%ge>Uz`&rKG%fvx5(C3y5C?{tpp4H33=9m@8B!Qh7;_kM8KW2(L2RZRrVxe{ z<|yVAmKKI6mK4?&hA7q)wibpcwiNbY22GBaAnlrrx48V=f=h~06LV9GG#PI(YTaT< zEy*xQW&}w?F~|+f3=9mPg*ZVraWd2}WI?4E7-|`77_#81Ynf^ovS2P_sAaBU$O7pE ztFC3KVXR@QVqjpXWvyYZVF9z)YM4_Pvspk2iiAoyK{N!{u+%VDaWgP1V`N}h4L3iJ zF@>>~y@nO8hqZ>Sh83g^EW=U5h$O>Y!w8q*tYJcuVX0w)%W$Fih8xBGJScwSMez+^ z2{**0AhL!bg(-!388ZXJYJ`9J(NwTts1V3xNMWsE$YKMT0m73RQ`l-4ve-dv5T4AK z!d}CW#Q|c2@MOjm4rKREW=!EkcH?Bm6p(-5F)*1i1>_^Rn<g`+@SwSh7u{8p8B@^x z#*amf0Gc_1SkwrisS(DaMg&cbC>AwhXllf<sF6TZBZ)<g6q*`oENWzs!yBGvglZVF z;HeW?1t=Y*$X2m3Fo06vWX2RZWLXsbpnL?1L{R>L$0)k~OokMBG*>EMait=f8YL`h zl+o0vU{RxrrbZ2m8g(=^8d%h5qN&lsqDC7{jSdzyx@c<ju&B{TQ)7TdjUk#EBP?o+ z(bSk=QDcgx#te%Zb2K#;Skzdesj<SM#u`nH4Hh-FXlm@RsIkYH0>P;dM4+gU1*Jg{ zhNR%7jF}864k#+%B{XtbgQ5b>j1<Qj_Q{MXPBk2p8B?5VI43ivxYTe>W=wHKbH5uF z_q(I1@xY?S6HSd57B${zYJ9M$@kLYPheeG)nwkJCY68*J1YuDVjHV_8i<(e0HDOrP zgrlj6z@jFyhI=w&N>mNcWX7e8HM})^H4Its`l^N@iwBenK)8k>ix)(La1BEiABYCw z8ip)>5DmgL3|Rso8iZ4#=Wr}#tQ9O#2Js-cMldC2fe?g^N}`zpuh*6_F)*x#*HU<N z!|g?`B~f*w*#XzFjFo|5H7m?Lj0`n`!3@d_C2BAc1_l*|BH3D@5>13iN^FhLY=*f^ zsI3l0hDe5#xLTn)p_I5_D65>YoS}j_lA)YYGrrV|fq{WbK|w*`$?iS{KewFxa)qbs zcfQ!T@LB(ar~T8OckX=Fu>9%HZ7=puc{+REvjuye?&*KpGwu1TmS<BpJnLQebnWz~ ztven!G=U8%0tL)1iQ=MUqm<&3_{_Y_lKAq>yp;U%_~Oi})GB5_eaBl8Da9p5#YM@O z(gH52#U+_}i6xo&c?tpfMI}|-!TF^{$*B;I5ZHMxr9}`08o9-qRe~Y;C5br-ZsjQo z0g1`ksU^i#Vh|yx#N_Pq#3F>aG(_AdH7~s+Lm@v6MH7ak6OxId2;&u?+I<r%Zt=nV znVVP<Ur=0yO<86hlCsP^kTNkWrllt4-QtHEmzoGxD1oUkxFjVdwd|H4OldKg4>DC0 z;b0Uu!U7xSMl8xeZiFj?x)F;qup8m(U~a@z2y-J$DZ-6B;0Sc8EJ-caFV1|y%)n5^ z2Nr@xoqll@B#u2DLlk^d6Y~^6aePZEDKjOrC^Z?BEE03#bHP?;CYHqK7FUUY^@G$y ztcB>1LDd0s0aTA5T#s*J1w?}+ss?aiVXDrAItX1gD9qrh%Tp9U&Ota|1QuB+4i^SR zE=VD=yTxEi(OfJ5Qw(>oFia(~QxVEwE=4Fqb|WaxKvpBU5f)jfZiFdBaU)DAx*K7N z5pIO3L~$cr8QhI<Wk_!11^GB2*h9fBCo#SF7Tg~N#ToGh(2ULtG73oz%p4RoAag>4 z+|kV`ElNi<2T2Xg927Mma}dcCVl~7a`o*_+Q}WC6;!6wS!9~+8;l#4kqQvx6s14w< z@0LhnS$ce0c}je7YI<&JUI~(D5}Ih05X2^UMh0a)QM4oq&IQF)f~ZP^OHyu$qpF0( zQ*jlao2MT*AQYVQOY=%@p{3(AQ20aqRK*t@iBD;9WggUX#Z`Pk!6A4|Eh;WSD22rq zb_XCw9G|1JHy%?Hld}<~!r~6QsmRgD=N#^e$JFHVB7~`~&iIt3Cc~n)xJo#<G${>K zbs{B_DnVpHaG9scflvufy3nwOs{{#xRaOZ&78K-UCPOMZzr@_sDiLH6=fslK^!%dA zTO0vJ`6c<u`8icwo&gGBsYS(^`FT~G&|1?opo$N<O7#q=Vy&*Vs;;dPcP%Q)FH$Hd z%1=%$F3!wLR{*)+O2JQ46j2XB^VuzaScZTJ@WKk8Bv4U)ix(yj;j$Lxm*%D1Voy&k zNh~QTy2Sx%3KZlQmE7V0)%su-TFOg-*6H!N#kYh}Q!m6!w8Rf{h(IDDnBwyib5n0g zB8wzLg9#$VQ2-6ATU?n1@nw*(y2S=^Q)a;}Hjpbb3vLM%l$JoUlw)3EWlnMBEw;4$ zqTIxiTYQcsB}JJ@r6sB0z`Mm-P?VWhqA7ff1r&C-1WQ0I5pWKNIS(oX%HA*`euOHB z&!7SzH4p(_hzghnZU`4FSER_mz)++FB0z1}A{7P(hFikLki>^-GqNC9FG3y2Dwyel zFm)h7h&nM?t1TYPk59`l0yU#<iKB@pLEBfi_#oj^lA02ql30>>i!rrWn1O)-)Tl(m zzYJZhVp6ga^V0JJit@8klS^Vs5_7UkGRsn9k`oI`ONvrsQc`pCi<1)zN=l1T^$IF) z@jy(E&jST=Q78iggA4-$L$M4y149GD2aY60R*@Sr3Rh$dE^tU97*cXqq;xv?Z@_2? z%?moV7bR>vcyEZQuHe5YX5PX5fsetJF@*6#SokHE@Cz>Cb6IEPZ{WWuXMa(`;fjRA z1qp`>v2h)|H|%{*6kf6qxL_YJqk2W`MR}_W@>UnZ!Y^=0-|&dM5EFaJBldzv>;nD^ zM$Q)%oG&OiUr0{5z#)TI@`0Sv6*(i25g@ngf!vNE@|BH2NppqB1%1yGrWX|huP6py z;E=nkq`5-nf`Qiw*NaL)SCoP-aL9jPv6tey!6UbTWeM*GW_u~F2RxE9ROaY@V6~Ux z`oPA(tGGbriju<zb`Y0?fmdOH$Q4D?51b$_7Xz>Af|M(2Rv)-QTpk8qtraF$v~54| zg1CHeE<cDXz`(1rG<-$K1!Ly}p%+!Xuc&%|5ClmGVUZ99Nr*7;sxD1mk#fPr^+4%G zHQy_0z8^$E5@HOz>TB6Iuv{<$c}^qnibmiEagc-r7NaCV5>i+sq(KrgSnQAmNyuTb zLmnidz`!egAtB{TLfr=j1}7$GrcVqEiHy!nA0X5Wmn$+R8%nO2hhCHky$}&|Q6}bs zOw0!c22Un0rVolB6O<TuWiO;;d|_Znh3Io*atE1`%IFR<1w_qAxguw=!{mx}<VCs2 z3o!{7<q|H)C469D@MZF2`k)Llg#kpUFz_laRR_hX&xzEFN+DO2LO!U1B-9vqm6y7& zaJgU<a3LuCqDsUSm52}OAQ=q?UWKLNpp*eh28uyf6oWo!f+V!CNN9s3bQt)cmbjf@ zy{P1OMal1jE=WR;fmdm%`3jQ@hM;&*4!oiq_(2~eVZgvEzm$Ci%LP49Tq}5AQSkm? z2$C?uB4G@YFo9bRifcvRD~i4!OhFQ6SnMzdNmwxOLH*%!AoZf6&lN?V50)SaD=c<c zgCuMicxC2>F9^Ay?QlT#qO8XiS&t94APGAx680bo2SzM1j*K8FCu~yAU@13{)D0)M zD^3X)l2a}@rCe}I`M}H|r*uWu@P>rU6$!H)A{QlWKQc4Q*?(YQl(WB)mHojJtQ8!o zV8V+WLwv!8_<^*}@crNq<^?b^@G4zUGW`$;<_0k`@G4(WHvbR|=7zwyp<r$pBRoO5 zpAfyM<bOrU|3f%fDuNLnMII+qFDeFHQ4IJH36_dtWZ;#Zo4z3Bf(}TRoc|R${}0h% zsTgchv0$k<Y*O)HsRV3NiD0QDY*NW!sT6EdsbHxzY*Oi9sSIpVnP90baL_56eaHrL zb3h?*LDA?#E|?3BraVRl74sX4MmH2xt|*w^P|>)e;&ekoW)ANSDY-fNHzZ}}NZ*iC znv?yZ7NG~Ev4iic0}}(M<P5nL?Cbef@ogyCQhmVWi0wsiX?8<WVZPifIk5HxAxmOE zGBZk<d|_aeGPz-5vBmoU%MtF6tW2D~j9(Z)<Oc}J!5|=afkXDkU2e$_3{0#d2;wdW z?*%^X6^s}7v@h^!U*yoa!l844L+1v+a7PIY{`m3Z#|Ks>R*@e+eiTbEFfcR)$^^<Y zT$JYuVq?CjDHO!We2I}Yh>aO#jtn$|1Da*|ybL@WR|220VqmC2o5QMQtYIv&uVGw( zqy{kp1=7D7&UImkm5gCxV5nuPWiEk_Wic?+FwJI2VXR@E%`lf4eXOcS3Rz_e##mMg zb1(x4YqFH;z{ahfbxwZTy8(G%3ObAh8J~iUOjR*iDO8zo*^&&n{4|-t&5m2FnI);Y z#YHX*3=EnqMXsP$SP-ZI#+;p6d5g6yF{d=O7&ILSYV;I^fMmGAEktP3C5nN8p&8V4 zDPsUNUA}TKh$$^lxhSfBMO3}P?*_Z*2L@(VwHs0z*QN9>N$FjbGPojT@PUDmQx!~f zdUZHY5WUMII3f6gkn#l~<r%IJ`XZ0Y6&{rfU<6JjDi=9auW+bdfT0iU%&cl)!#{&! z2PN`385kJAkza=q`6-Mw4A=$~OF-&D1~GsVND32Z`Y?qhg*Am~4cjty28Pw}p;AzC zabbuRtYt!u)*6gx?GZ|02xib^_p34tE=epZ0d+@;QWJA@OEPm)!5tHY-2A-ElKdi& zOn#n1W?o5ZQCebhs+B@W=Kuc;3@<?wR4?T~F~fd~tr$FJc#AJ3H90>eHNK=YFE2Hx z_?AFHQGRY_adK&XX>ojReoE>s{^GpEg5r$)lK33(px`Z@%#@tec#yUEr6src5|cqq zQ#fCwxFoS8v$!NPIWZ?bF)uNvvN*F?lNp>Mia?=K1d3x#=3AU_2j1c+hE7p~6HGBk zm4bo-BzdqyeN~jfz`)Q4N*a0Kq;Z#p^8%OWj?4>Oo)@@0FS2-DVez`a;&qo_@&>=e z4RPrklCn1>WN(Oy-w>C)A*=X-pF@D{BLjy3+ZPbg;PF9-K~VAo10$;xnCM`+%OO0$ z<sygV6%NS@VDy0*CRr5Cz`)?A$$pC?FAd^UuupEW7bm8r<|Y>0;`H<jaSd{Fban;j z0<ags4qnLs)(iH^FAkgB{FKt1RJ)>F1_lOD@lc$~z`*c<nURt4g8>7h!UYC-WORc; q^a2b$;1O=%{J@mP$SCrG0g3cu=3rF&zyK%2co?NVFklj3X8-^;P#Z!3 literal 0 HcmV?d00001 diff --git a/caputre/__pycache__/messagejobs.cpython-311.pyc b/caputre/__pycache__/messagejobs.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..f28f5d769c83b2ccfd186e19fda63282f809793c GIT binary patch literal 5219 zcmZ3^%ge>Uz`)S6aeDeoZU%<OAPx+(KpCI+FfcGoXGmd4Va#EO0?|x4jJZrvOpG8l za}IMZOB4&3&6vX)#R^u(7R3gp*`wG~7*berIC43oI2jpISfjX7*jgB(xS1GIxtB38 zFsz1J!oU#4lfvG@5XH;H;Lec3(ZZ0zxr~W{VKoy>K@?vKR|`WFe+qXCLzDm$Ln<$t zenBRNR6aB@p%lho22GxqAVd5#8E^4=C#Gd51{CF|lqRPZX)@jt3dtx+O-u>M&(CqK zNKGy+$p?wD29~ClrdA0V8X4-D80#4tnCMxWT3H%c8YP2Ff?+lW1_ovZ28PczjGz$W zWGG>TNii^F!I>p+76U^TTm_0K+?S|+Hf5+~s9{(DvIEHs2s4Fo86yM3YPflfAeFE< zgD8QLs9}=ABncH~V5ntGVFp1|TNxShxRn_U8H!oTnJSng8Oj+M86p`N85kLA7=sy< z8A`xu24aW`Ly>GPQwcAG2O?8gYM5p-%w<A%T_i&ab1hRHQwnP^lvU1H&HyoAldV*r zfq{WbK|w*`Mf<9!T`OMnZGYN7?djghPdj^`?AZNm&aUUPS`<736rRr6@N{kiSfwUY z6}yEV7`_Z(U|=W$g`!`TqH9r6evv|2YDscNW?s5NPJVJ?4oGWaN=i{`aj})cE%wm7 z?7aN)JWcjnY{mJ>*{LPB*d5*CJ^frmZgB<sJA22wxCc4<-eOPA&&x|qF1f{>o>~G@ zn3tHFdW+MwB0067Br`wn7HdIKW?qRV^DV~WTO44E;xh|wF{T!SqD(<S;g^AnRZL1& zVqSWFKv8~HYH~?TNn%cRNoHAUOmbpDX-QFPOm1p%abkLER(?{kUP0w8p7hj`c$iT| zA`A=+JPZsB#rGH(7#bKpaB#3nKIIkeiJfaU$8N3J6>Xb~ytY?(Z9gzDacUh9yuriU z@7d)!A^#$e+7%wP3p{E!#3iQJPO6<)Kc#*_;T3Vs4v!D4Oq^O^^<d&7Naq(20p{W) ze*E}>RgR58K%#^H$6aob4-8DKk_h512k!+w(+!Fj_)IVGnO@{DyTW01fy3+uzeGnR z4E_L_%F4tl`QyirVk-s)h9*r%6Nc3Wj_S+@rFk4p7!InlIBK&W)Mf^;^%y~HeHIYg zgv&{q`JkPUlNj?MF;*vOW|W-C3d@-d;Ia!fXO@7{2`H&DFfgPrwlJ(=LQVgmJO@ta zNV!Rcp-7^Zv4kC}4WyH~h7nsjZ(>Mcsb#EVL`vPPr3$dr{j#<9`QCL3;9^MO`IPxj zb}fI=&<ak@$?&WUb-XaBXaObc>8J$@TwM(VY9?EN<S`_Nq7@Xu44O=SRjj2YX}T7g z%(qywia`lEr8Kvo_!e7gUUGg)swU$t#<F6NJqkr2SN!6z$w|yjN=dY<Qc2FwOUq0z zElQ0qfEJ^AHsIu1Y^MiPr3y;1GT;=uv}8%u2E~Q7OKPvHTVGPQ-r;^x-Q|k9O9R7a zkP|hTZV4vk=a&?h6eSkK7pE4Lr4|+65-3Z|DNO}&GZS+%t5S=qlpvWJW;rNdL&6Z| z2rC6YO_m~1w!0<h<nJF691`Rh5FhLs6y_QfT*L<|9{3p;7&Mt~alo_`34xpm3Nr<W zH*X2S%tv^xNRfeoK@Oxa1?(SC4&=KltZ-LO|Awr~1zDF5tjr=@9~qcMxW0gh4vr5T zC^>=;lp`PnI7gUmFucHLc7f0AB8T}E4)Y5f<~KNaVfla$ln(?z`9MONVK$d7^HO08 z<{hlIsHq#|WKiIJwgIQ^RE8+V6ox3K6vim#6s9N^CWchjEKuD9Qp12+`bV*+u%@uI zFh+5tFa<McvfUC!RDi*mdFeT+CHZ-!^04Ikv~|VPjSbIt?SH<a``N|?PkX06+1CwD zt$r^-c`O;`6p&RQD?t(Pc?#HBHAq!pv2_hn)n^K-N|0qmOF)K!%wS+(s9{`#mSSrd z;-PX3pe6@H3Il3}#ZzG+*#b`YnvA!&a}z7#%kzt}Q;Ui<nQw8%XXX``B<3Zj-eLun zyV*scY_G|5i#a)`xJV5Y^B_;ck_dZzd|qmKe0-HOmVncPN}7UnEdr;P8~j2&wI3Lm zIRhAP2#QPrm5;muj2{@7cmo)3h)YeW{lLH|7{GW}#q5Cf1r`5`D*jhg{3ke1@%_LG zQUXy3AwPmOeF2jY5&R^mY{jLRjX^-Tr}hGeOfjf->6f)&-oawSzMs*CU6Zj$1(Z=Z zZ*j!OgX+8Z_*-1@@wxdar8%kb@wa&5;|og@bD%Qp@$o77$?@?;>I@7Fw>V3{t*Oks z^jj=G`N`Qu8lZfq#lXO@lA#Dx9)L@eB4v;$h|mLtlLt7Q8W<q(0}~S~2Pn&Md|+b` z6m9Ul!6Vh-+2ePSN9GETOoQtO7FJf-4-7a6h$SGSlR+sFmTEx7Hi-ZE69WT7JL7Z) zPEcbBCW}IMGS)DyVMI+|wahil3qYkIib@ctgE5UUg{g%DwH#(-sA0xl7K7C@W2#SK z16Mep90W3!fq_AVp-7>YrGyj81ywjKos6>?QdnzPW;4uXLANoIA%(4$rH%z;5`=|R z0kM~YN@Q@peY&UV+1jN~`zO9^XnZzx!?WIXPdhe1>LakcCgUwuaOsOu9dR%)Fn}t8 z&!EVf%7|Jar7(gW#)O>3XEUTQ*Dz#(at_!Bvl-^Hp*lI3L6gO=ia$6tuSB6FAL0T9 zjVb|61zkIZfW)GbOi&BUN}-BNN5MZWtvI#BN<ovk2vmsQ;w*s4-(t%L%Yn-E+|-i9 zl*E$6TdXDd1)0gkAj=gRAW2S|fq|h)zBn~6CB7s-J{!~vz^t}hK*<r5cYic6tPQ=v zlQJXq0#C{Xo|Fv{S4`a@%nQNMSAvru?2pWhdTESb7(iqLB!Q!Z8Ynu!p$1ClxI+yy zI)fQBnf<CH-4Zi%Qd2;o19CWshSYf)Rm_@J3Yv`Iz|ds6#hMCg@fKNtoKLc+-9WlP zIUeL`(HlILD_Ae^SYF_<+@K1fKQc3FS$|<*)Ut;9u}U1xVW2<<x$YMes1|0u#R78f zEuO@bl=$StoSdY@<m_AAAYN)w5r~6S9kUjJnnqx!-(mrobBislw4}5s6;e5ass)7v z1z6$B3o;lUfkloC3=DQ4=U-!BVE6%Q9ka8V-4K+VE;~tfM(GNd39=Uj4X+3qcCg*x z;JeNteThT*0|TRM8Y3q8k%5sj9Tb(E=^$CobjAlDEmD^_q&_e(%2=ZjAmuh+7#KNi zKA;jmo`TxJjI3rK7+?gr);C$fdV$a60-wnSK?r@3!}JP==>=>E+!$bHWHkdd1|%35 z7@8f~9eEfI@^CqtF&`8Ybu?r?Xvpel#+(eQsleHbfq?;(*uZ7nIdJWZ+!ZYWi9^*P zI-sZxgA~RpRtB{8WGzb#OAS*B6R4R{f@D_>QwlR!3{<W{%}rqeHHTAJ!JR*h(y4}d z0g`^G76t~Cu4D~E4Py<{G8P7g)o`_p450E%lfCpQyhXC1?P>4SXLA=Scm@0WDL{&_ zXFZ+Irf+*Weap**yPodqf7U<Y$*v`+<(gGNVo_qQ0<7(41ubv_plw)%r|agynl@0S z;6lVo;rZ-!&la>pl|R|B`{kk;;DQpW3e<Xz2PIr9g%`^jA>}HltBT}0WaW?wGQJ=` zKgUV|t#t)fm-&JjT#;txrWThZ<`&#yPtM6NP01{%5`wrD)bs_}2g-0o)(i{`ewu8z zm^1TAZn2bP=BD1_@bPzc^ojQj0GAH8*osS&ax+W7c|{XBw{gN<ev2E)RYlIA3<b`2 zpx!vR^t>ej4Yqh_U$r<szbGZOC^e<Xn}LDB2c#n(T#J7dVh|LW>N3T1qW2W<1u7Rs z)Gi9BUlCAm@Vp_b*5KKZeUU}#uB2jvXGi8m7KytooENx^XOv#xGQPlNyaL3zz-4@q z#pDW$$psdZ2Q2*8S;Q`}h)u0skg<VvL*+#l$15z37hnin*=q_Hf$GRxtl%;o(g6T9 z<C9B^ic<4R^dO~4F}P7zBo1nLfC{`K&~U>o)<V!QPZ7woMe-miP;a})9mE2)`XTKU zP$2{MCZweD0?8VJ2zYzu7l#d`b!1oM&%nR{YA6(g$PdhnjEpxJcpJd*0fYPnRCI&E z@B%8j!NA=BhDZ#73k*<ngF*ZPD*C|2AgXzRLGS|;52NG<1~?(dz$4LN(`naZ*TC_C zjfasBBnKrFco=0tTy)|i0}rF@7Z3rFRp4ec`@jGvWcV1J7(Xx|k#Y<?au>K|FLKLY a;g)aUxWT7*flu)wpYjzxWr!!h@dE&Dtph^< literal 0 HcmV?d00001 diff --git a/caputre/__pycache__/safemap.cpython-311.pyc b/caputre/__pycache__/safemap.cpython-311.pyc new file mode 100644 index 0000000000000000000000000000000000000000..308a8241445f9b4d6a69bff86fc059d08149d139 GIT binary patch literal 7835 zcmZ3^%ge>Uz`*dRVtV==2?mD8APx+(KpCG47#J9)Go&!2Fy=5sfoP^2#t;T326u)O z<`#w&mSs!~46B)-su`k~m>5!-mN76etcD3OBr;<YOJQwch+;`$Yhj3DO<`|gh+<3O z0F#Wt44RxTLAw1k8E-LaC4-nS%m`(CRs%aLl_82Tg&~S5g|USpiaCV|Y$P+-NEWbR zticSLY`1trGKx|YQ-TxIQhgH(l3|8`%mTTbnSp`fvkTb3OokeUc#t?4mw;rzECz-w zkV-Hc)ps=v@o-fs48aU58T~X_ZZYR37Tn@20b84ymwt=ICqFs+7E4Zka<(SpEtcZc zoU~$)GZcR5xLC!cWF_XM=LZz!XQd{W#FQlFWS3-?rN$&D7L=A0rN$H|rlsa47U&gJ z-r|Ul&&<m#iI1-mL-CUyOdJ$%#WD;G3=Ir7ghe}8dN}Ti$WHOQD57#jM5TkJhqHsT zgYz@UAIWfMGcYi)F)%QI_@AS|!BE4H1yTaWrVNY>HB2=OSs?d<MQRvr7#KiFfgyzf zHToGDKtZ6)V8~F+QqEMt9LZ45$jA`Mz{miRDPm_}U|7ji#Ld9KP{hH&z@W)o#KXYA zaEm!Rwel8gSz=CUYB9(i3JMBEykLof(vm7cRKFIKmVopYS3<nWE7%kHfq{`z2~6CO zQS5N(@t6?Y>HC2hCJ2`K2vYL}M1Z;Yi61|H;8#!#a(4%}0`meE753$fD(uPd1cDr% zRoKH5DKr-#>jQ@`h^S#qM+@6zrWA0Pqlb7f1A*|?WJZMdE#~ypl9f#0Kra$vU|=W) z*$xftA~6OA2K2yAPb~rYw73y9ur)xTqj5u6e2T?%n@Khcm=`!*6jr|?tPTovh$L7A zm;i;m1}NmwCBU)>0vhPJRY3w>+JJcjiwXO7MiU%?9!4<GYZz_8fk{>ZE)oPKUvae1 zyTw+NnwwviS|x&-S|OqWAl2olVJHXkx!er_ktrNAgeUNVLJlGX76%2I94OF`#K02R z2x!RRRtgC@PC4dzEK2N48I{=mG}%F=NnT=ZYJB`HuK4)e{FKrh5Su4HzOXbg2O?9% z2lA^3hybOIB1upNW+>tZ34k(a5i5uVB0$-;H~{R!1_lWHz{JF=`hfvXa4@kdfw)kD zgNaoG#Dx+ZOssMsE;<3R3}gjLkp(JBKz4qXU;@`rj0-^d1_ReH)G(rEnOf!)TxuC> z&@x>uO9?20KuyJwRhgGDGBB)$7mu~9HLS%_MCfC|qE8P+AIN`DyAf0ka}85EV+~UZ z6DTqu;;6h7<~hu$eufmkHLNKt2tBoIHEat&^##NTB(jDH)n%Xx0NJ)$_7YGD4%Jb^ zn!<`OwT2zlW{@nXx+npq7K9EqygJxGI%?QJ?gg=k3KLdTdm%p7WcT~UT3xGCU3-f+ zATc>RwIn_#H7~s+LzDRydjVLW_!d`gW*$`d7FTX!1(aQ+2uj*YAVL{bRk7b<OUp0H zO)R;^nUYwNSe%<!Pz)|Ii$K}q7F%LLL26#gE#}<JJW%~#p~-QJwYVtRv)~q6N@{Tl zh=$k*E_iQo7p0b^78R$)gQ`BZqSWHjoRVAI5Ebz`nZ+fy_>xPDic<4nPA&#jdJ0eg zsU5irN=v}rN-ilfU|?X70F^TGjG)^80heIEUYFhs(FJT5xzw+4sW&*^5R#m(H%V`S z*b32$Li$&P^c%dtvN7<9_s4d{&M>~nD}RMozQOGVx8Mf`Mpm7>f>P6EC&|vJz9^`D zMNqqg?E@PFkI)AOepcnD9D@D4UAz;LZ%D{ZsJJ1eut5Hblp&1%z|JDW^?`v!hU+5( z3n%v%5b*(x;A0S%oe_COOud8q28Zx<4yj8VQZvjhawuKlP`bdObVE{p0sj?AgATsC z@=6QLR_I(&Hs2w4QQqT<yhjIHN6keJ8JrR~q*OcDIw~)6NZy4x6UpQYVDrI6N;0TO zfu=|XcxiHknSr5Qa5@8?GJ**;rPZ?HRLg`>_OPL(Wu&qN<`4#k8dlWYSIb_*UMxq1 zJ~k}+m_QA(6sB5^6sB6v8uk=sM82!#s$oYd54b^X@*4IOHiQ}%2GrJWEl&w3q@a$i z;X$>rgcB;kz`%emSH;c1&?ShhyF)OIF@?Q_qlO3F7Sc?u<wbXMtZOY_4POce!XLH# zHGC<Y2!0K7HaP5yglhOwxRAtIpyF&b95wt^ybKJr96cIndSPk=(e%R1WUb+Z>gDWl ztKq0&NZ|&RVl|vK3@JQd7FP{J3NM(&UBi&V2V!*!)-a^-gIG1ZH4G^NAQo~d3vPu$ zgEvL6hM@#hF+=&wSQr>q!%K2T28{5~0*8kX!k;O^P=Ctcv_qtZ51$=9+MEn1X%bXA zLEVF((9<#_F?!I_F{C6{W+(x*SD{9$Fcfju3PdubFw_dv34qf$m{rbL&H(9lXo~t3 z$%D#nP&^mGOL3IWA1KI#L7hK2aDy?Op@t!rtCq2bF@*sUR1=wcxPuuq8H*G^rpbb8 z0;XF`dIm+>pu!epI<)!xi^~R7Y$xaE7T8s(z)I#4$GpVKoZ?D7o1FaQ#GGO~J%lPR zkO?3Y8yGH#`a#eJwFzl6;;)G5Lbw-1{lJA4xH3X<Jg9A8405~%0|UcUMsEg2hUp*= z@PItf$yCJ!>Y`O~FffEMOlM?d=;2KP^{km*f?VuZ1hQ3=xd>#yEjCD%cuOcZH8C$9 zRs(^nNoZ%R0bJeu;<QOm%}cE)D6*?k#^XPjA|H_V>=_sse!O6K!O+0)fq_Yp4NTn7 zH|-F+Af$4UQ)PwVMGmbG%rF_SG#UX8fLnrY<tgzVsfj76Me#mh$K7JfEQl{IN(R#@ z#U)iBB?=HF3J@h#f==Zr=t91kc?#fKvjncnH?aauNXR!e5nY)WiY|q)#G=f^yyVnd zJjEqNsfoGqCHV!J$+uWaDhpC?v3P`p1l;1vC@Cp`h--2csen?DDu@8JrEf78m*(DL z&PmO?B~eh6pHiBf8lRh5T%4GmS{$EWl#*JMnsSQ+DpPce8#0;@Uyz@l18#=j;_yzb zbS)~%FVYmc#g?B08ayb{1evY{?m2@(h6U8}0Jk@abU-q?AQ{25@|5@tNJv7XUN8w$ z2-GS<Nes6HL5(9+AwCpt@h!13XrQ2`BXDN9C0vqUl9+>LHDhX#1t_6_ayPVbgP<J1 z3GbEwdTJ{QVqjn}1!>D?Vqo~uz(84ZhnZCvqq%c~Uli2S628GB)ZzAljX_fC0*mMk z3CRmAq9C69jG8MFI$$9=81n-ggP1?#1yR2pZU-!{*!W%$^}8tQcSY2%!SAl5%#65; zk~&u;b=DSdu)C=5bVc9kqNLLW7O}gs3TO!)%)Mdh4$c-ILAmA&i1^6BB**pzL_Fo- z?(n<FA$^5I`XeiooXiClsSjKX!jdy2uLvoBU|?f41rr@?H{?_<s9Ic+v%J6|{eW9= zg2okY=^4eBxRow&D=jEnk#R-ce22*;b^8nI_BVKBFDRN^<T1IxBYS~I_6D!;1dl7c zvI|5m@v2_nRb8RBLE?&*)sEy#T8<aA9FbN3xS?R!;C6vq?jnmkVWy%nNUi)u7KIzC z)*z<xMHZE(EHZN=7UXRR+v|Oi#p4Q##|0LT8$uFL|1h!oGlF`C{)`=LH+Y05nDzM0 zaJ$5#bb&|dE|1F6h!r_I%#Lbb<ng=0<9C6_@5cuw7FOQ79D>(5Brb7C%n-iFA$x^G z_5z12LQMK1hw2p$)eA86<1V)_sM*VlAZ~E*bg;nS4^R)AnUR(E$B!Syprm?C#KfJ8 z;W!tUyFBx8DOPuRW|a0MsA>U~(4XZ<?VaLoO=9*=2c$Jw!;ZZloWg`YWL3*i!%+-w zf!1)Kv^+Uem}|LGm}|LfIB}ST);CUJg|=5>YdDeHr|@>1at&t+JEGFAfwj@ZaoWI< zg4Rc_<;v4TGaY7%5}N6-mYx_1rgPVD)i9-Sg4%U8+%-%oTp$*x<+73++EM}cH$l~N zksYX*W)5)<D6$5X+8~v;xXUy1Qu52=i!-ZIZ;5&4WtPN;XXeExRhFa{$EW2Nl_wUZ z+!99<PfASA21%@BMyq^Q^4wx8E=rEiEV#uEsw2P*NF7pK<N>nO6GVVgI-=$%(gV4R zCoQw6xCC0h-x2_iN0(>j!QCJT7lGLh9(+O+>d^MmE$P&XlA^@q67Z0AW@1h}k`Id# z85kHcKn1)LN_SRlf%ru(%`04*i0-WT3bl(uhF63Pad&5lDc^-9r)y2pni08z>7tPK z6(Q{g?;G4=pwfW<1_vLw_bVblqi~8{gU<&x22eF10<R1>M6R=oUt$-Z!FG{d{tCPN z0@F+E8W-3#Zg7jw;JCuAxFGlvx5fo-jTJFFG_L46A1Jw`>wQ7j`+>anb$R_u^7<Qi zcNAWfcf2C+c!5Xe0*}lMUdb66S9p~dlw9J~zQC)!foDg=6$7^u%9jj$FBtefP|&%q zU~oynV1w)d#)}G0R}`Es@W_5(W6-p0aKFH#a*;*#hNcyWsd|w`?E)Bq+fbt=)MyC> z?LaZ4V3vP4OQ@m{P+1TOB0%#)*t0V@$AXDIP_{KAA=^IX73;?wgCdw|9|%d{&9V=K z<scdMfw;s47HD>Tz%D!pGV22k3sC;VomDm2i#S1rEjP4Bkd>cQ3>j+&_a8umec(1Q zIKaWZIdBdKH<y2L*gyvJ?TS(u7#KhU)5S{}7#Kb<Gcq#XU=X+fLpK;CFTl_TCVob_ z4-A;ZN08VT5CM@@VBnVM(CyUk(Qn{<z$4k=+v(rq-@y5SO^Q+Z0|T6}GGgTYzyK%G V7?l~VKQO=vA4XXaACmxk0|3w^jcNb@ literal 0 HcmV?d00001 diff --git a/caputre/capturetask.py b/caputre/capturetask.py new file mode 100644 index 0000000..e12bdfb --- /dev/null +++ b/caputre/capturetask.py @@ -0,0 +1,375 @@ +# -*- coding: utf-8 -*- +import ctypes as ct +import libpcap as pcap +from concurrent.futures import ThreadPoolExecutor +from scapy.all import * +import threading +import socket +import json +import msgpack # 使用 msgpack 替代 JSON +from safemap import * +from demoscapture import * +local_ip = socket.gethostbyname(socket.gethostname()) + +# 初始化错误缓冲区 +errbuf = ct.create_string_buffer(pcap.PCAP_ERRBUF_SIZE + 1) +running = True +selected_device = None +clients = [] +packet_queue = Queue() # 全局队列,用于存储捕获的数据包 +# 获取所有网络设备 +def list_devices(): + alldevs = ct.POINTER(pcap.pcap_if_t)() + if pcap.findalldevs(ct.byref(alldevs), errbuf) == -1: + print("Error finding devices: ", errbuf.value.decode()) + return [] + + devices = [] + dev = alldevs + while dev: + devices.append(dev.contents.name.decode()) + dev = dev.contents.next + + pcap.freealldevs(alldevs) + return devices + +# 打印并返回 Payload +def print_payload(packet): + try: + if packet.haslayer(Raw): + payload = packet[Raw].load.decode(errors='ignore') + return payload + except Exception as e: + print(f"Error printing payload: {e}") + return "nodata" + +def compute_statistics(srcIp,destIp): + pass +# 判断是否为 HTTP 报文 +def is_http_packet(packet): + try: + if packet.haslayer(Raw): + payload = packet[Raw].load.decode(errors='ignore') + if payload.startswith(('GET', 'POST', 'HEAD', 'PUT', 'DELETE', 'OPTIONS', 'PATCH')) or 'HTTP/' in payload: + return True, payload + except Exception: + pass + return False, None +# 判断是否为 FTP 报文 +def is_ftp_packet(packet): + try: + if packet.haslayer(Raw): + payload = packet[Raw].load.decode(errors='ignore') + if payload.startswith(('USER', 'PASS', 'RETR', 'STOR', 'LIST', 'QUIT')): + return True, payload + except Exception: + pass + return False, None +# 判断是否为 SSH 报文 +def is_ssh_packet(packet): + try: + if packet.haslayer(TCP): + # SSH 默认端口为 22 + if packet[TCP].sport == 22 or packet[TCP].dport == 22: + return True + if packet.haslayer(Raw): + payload = packet[Raw].load.decode(errors='ignore') + if payload.startswith('SSH-'): + return True + except Exception: + pass + return False +# 判断是否为 Telnet 报文 +def is_telnet_packet(packet): + try: + if packet.haslayer(TCP): + # Telnet 默认端口为 23 + if packet[TCP].sport == 23 or packet[TCP].dport == 23: + return True + except Exception: + pass + return False +# 判断是否为 ARP 报文 +def is_arp_packet(packet): + try: + if packet.haslayer(ARP): + return True + except Exception: + pass + return False + +# 检查报文类型 +def check_packet_type(packet): + """检测报文类型,并返回主要类型和协议详情""" + # HTTP 检测 + is_http, http_payload = is_http_packet(packet) + if is_http: + return "HTTP", {"http_payload": http_payload} + + # FTP 检测 + is_ftp, ftp_payload = is_ftp_packet(packet) + if is_ftp: + return "FTP", {"ftp_payload": ftp_payload} + + # SSH 检测 + if is_ssh_packet(packet): + return "SSH", {} + + # Telnet 检测 + if is_telnet_packet(packet): + return "Telnet", {} + + # ARP 检测 + if packet.haslayer(ARP): + return "ARP", { + "hw_src": packet[ARP].hwsrc, + "hw_dst": packet[ARP].hwdst, + "p_src": packet[ARP].psrc, + "p_dst": packet[ARP].pdst, + } + + # ICMP 检测 + if packet.haslayer(ICMP): + return "ICMP", { + "icmp_type": packet[ICMP].type, + "icmp_code": packet[ICMP].code, + } + + # DNS 检测 + if packet.haslayer(DNS): + if packet[DNS].qd: + return "DNS", { + "query_name": packet[DNS].qd.qname.decode(), + "query_type": packet[DNS].qd.qtype, + } + + # 普通 TCP 检测 + if packet.haslayer(TCP): + return "TCP", {} + + # 普通 UDP 检测 + if packet.haslayer(UDP): + return "UDP", {} + + return "Unknown", {} +def packet_handler(packet): + global clients + try: + # 获取当前主机的 IP 地址 + packet_data = { + "host_ip": local_ip, # 添加主机 IP 地址 + "ip_src": None, + "ip_dst": None, + "chioce":"dataPacket", + "type": "Unknown", + "payload": None, + "protocol_details": {}, + "Fwd_Header_Length": "N/A", + "Packet_length":"N/A", + "timestamp": packet.time, + "window_size":"N/A" + } + # 获取 IP 层信息 + if packet.haslayer(IP): + packet_data["ip_src"] = packet[IP].src + packet_data["ip_dst"] = packet[IP].dst + + # 获取 TCP 信息 + if packet.haslayer(TCP): + packet_data["type"] = "TCP" + packet_data["src_port"] = packet[TCP].sport + packet_data["dst_port"] = packet[TCP].dport + ip_header_length = packet[IP].ihl * 4 # IP 头部长度(字节) + tcp_header_length = packet[TCP].dataofs * 4 # TCP 头部长度(字节) + packet_data["Fwd_Header_Length"] = ip_header_length + tcp_header_length + packet_data["window_size"] = packet[TCP].window # 提取 TCP 窗口大小字段 + # 获取 UDP 信息 + elif packet.haslayer(UDP): + packet_data["type"] = "UDP" + packet_data["src_port"] = packet[UDP].sport + packet_data["dst_port"] = packet[UDP].dport + ip_header_length = packet[IP].ihl * 4 # IP 头部长度(字节) + udp_header_length = 8 # UDP 头部长度固定为 8 字节 + packet_data["Fwd_Header_Length"] = ip_header_length + udp_header_length + # 获取 ARP 信息 + elif packet.haslayer(ARP): + packet_data["type"] = "ARP" + packet_data["protocol_details"] = { + "hw_src": packet[ARP].hwsrc, + "hw_dst": packet[ARP].hwdst, + "p_src": packet[ARP].psrc, + "p_dst": packet[ARP].pdst, + } + # 获取 ICMP 信息 + elif packet.haslayer(ICMP): + packet_data["type"] = "ICMP" + packet_data["protocol_details"] = { + "icmp_type": packet[ICMP].type, + "icmp_code": packet[ICMP].code + } + ip_header_length = packet[IP].ihl * 4 # IP 头部长度(字节) + icmp_header_length = 8 # ICMP 通常固定为 8 字节(视 ICMP 类型而定) + packet_data["Fwd_Header_Length"] = ip_header_length + icmp_header_length + # 获取 DNS 信息 + elif packet.haslayer(DNS): + packet_data["type"] = "DNS" + if packet[DNS].qd: + packet_data["protocol_details"] = { + "query_name": packet[DNS].qd.qname.decode(), + "query_type": packet[DNS].qd.qtype + } + # 检查其他协议类型 + packet_type, protocol_details = check_packet_type(packet) + packet_data["type"] = packet_type + packet_data["protocol_details"].update(protocol_details) + packet_data["Packet_length"] = len(packet) + packs= print_payload(packet) + if packs!="nodata": + # 获取 Raw Payload + packet_data["payload"] = '{}'.format(packs) + else: + packet_data["payload"]="" + # 将数据发送给所有连接的客户端 + if packet_data.get("ip_src")!=local_ip: + packet_queue.put(packet_data) + # 在控制台打印信息 + if packet_data["type"]=="TCP": + print(f"Regular TCP Packet: From {packet_data['ip_src']}:{packet_data.get('src_port')} To {packet_data['ip_dst']}:{packet_data.get('dst_port')} (Host: {local_ip})") + if packet_data["type"]=="UDP": + print(f"Regular UDP Packet: From {packet_data['ip_src']}:{packet_data.get('src_port')} To {packet_data['ip_dst']}:{packet_data.get('dst_port')} (Host: {local_ip})") + if packet_data["type"] == "ICMP": + print(f"ICMP Packet: Type={packet_data['protocol_details']['icmp_type']} Code={packet_data['protocol_details']['icmp_code']} (Host: {local_ip})") + if packet_data["type"] == "DNS": + print(f"DNS Query: {packet_data['protocol_details']['query_name']} Type={packet_data['protocol_details']['query_type']} (Host: {local_ip})") + if packet_data["type"] == "ARP": + print(f"ARP Packet: Who has {packet_data['protocol_details']['p_dst']}? Tell {packet_data['protocol_details']['p_src']} (Host: {local_ip})") + if not packet_data["ip_src"] or not packet_data["ip_dst"]: + pass + else: + putPackect('{}:{}'.format(packet_data["ip_src"],packet_data.get('src_port')), + '{}:{}'.format( packet_data["ip_dst"],packet_data.get('dst_port')), packet_data) + except Exception as e: + print(f"Error parsing packet: {e}") +# 捕获网络流量 +def capture_packets(interface): + global running + print(f"Starting capture on interface: {interface}") + try: + running = True # 启动捕获 + sniff(iface=interface, prn=packet_handler, store=False, stop_filter=lambda x: not running) + except Exception as e: + print(f"Error capturing packets on {interface}: {e}") +# 切换设备时停止捕获 +# 处理客户端连接 +def handle_client(client_socket): + global running, selected_device + try: + buffer = "" # 初始化一个空字符串缓冲区 + while True: + data = client_socket.recv(4096) # 接收数据 + if not data: + break # 如果数据为空,退出 + buffer = data.decode("utf-8").strip() # 解码并去掉多余的空白字符 + print(buffer) + command = json.loads(buffer, strict=False) + # 处理客户端的命令 + if command.get("action") == "fetch_next": + # 从队列中取出一条数据并发送 + if not packet_queue.empty(): + next_packet = packet_queue.get() # 从队列中获取数据包 + client_socket.sendall(json.dumps(next_packet).encode("utf-8")) # 发送数据包 + else: + # 队列为空时通知客户端 + client_socket.sendall(json.dumps({"chioce": "dataPacketNone", "status": "empty","message": "No packets available"}).encode("utf-8")) + elif command.get("action") == "stop": + print("Stopping packet capture...") + running = False + client_socket.sendall(json.dumps({"chioce": "stops", "ip": local_ip}).encode("utf-8")) + break + elif command.get("action") == "status": + client_socket.sendall(json.dumps( + {"chioce": "controlstatus", "status": "running", "ip": local_ip, + "device": selected_device}).encode("utf-8")) + elif command.get("action") == "list_devices": + # 返回可用设备列表 + devices = list_devices() + client_socket.sendall( + json.dumps({"chioce": "controldevice", "ip": local_ip, "devices": devices}).encode("utf-8")) + elif command.get("action") == "switch_device": + # 切换捕获设备 + new_device = command.get("device") + if new_device in list_devices(): + print(f"Switching to device: {new_device}") + running = False + threading.Event().wait(1) # 简单延迟,确保当前线程完全停止 + selected_device = new_device + running = True + threading.Thread(target=capture_packets, args=(selected_device,), daemon=True).start() + client_socket.sendall(json.dumps( + {"chioce": "controlswitch", "status": "switched", "ip": local_ip, + "device": new_device}).encode("utf-8")) + else: + client_socket.sendall( + json.dumps({"chioce": "controlerror", "error": "Invalid device"}).encode("utf-8")) + else: + # 如果命令未知,则返回错误信息 + client_socket.sendall( + json.dumps({"chioce": "controlerror", "error": "Unknown command"}).encode("utf-8")) + + except Exception as e: + print(f"Error handling client: {e}") + finally: + pass + + +def tcp_server(): + import socket + global clients + server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + server.bind(("0.0.0.0", 9999)) + server.listen(5) + print("TCP server listening on port 9999...") + while True: + client_socket, addr = server.accept() + print(f"Accepted connection from {addr}") + clients.append(client_socket) + threading.Thread(target=handle_client, args=(client_socket,), daemon=True).start() +def main(): + global running, selected_device + # 启动 TCP 服务器线程 + threading.Thread(target=tcp_server, daemon=True).start() + + # 列出所有网络设备 + devices = list_devices() + if not devices: + print("No devices found.") + return + + print("Available devices:") + for i, dev in enumerate(devices): + print(f"{i}: {dev}") + + # 选择初始设备 + try: + choice = int(input("Select a device by index: ")) + if choice < 0 or choice >= len(devices): + print("Invalid choice.") + return + except ValueError: + print("Invalid input.") + return + + selected_device = devices[choice] + print(f"Selected device: {selected_device}") + + # 开始捕获流量 + threading.Thread(target=capture_packets, args=(selected_device,), daemon=True).start() + threading.Thread(target=monitor, args=(selected_device,), daemon=True).start() + try: + while True: + threading.Event().wait(1) # 每秒钟等待,避免高 CPU 占用 + except KeyboardInterrupt: + print("\nStopping...") + running = False +# if __name__ == "__main__": +# main() diff --git a/caputre/demoscapture.py b/caputre/demoscapture.py new file mode 100644 index 0000000..73d1ab3 --- /dev/null +++ b/caputre/demoscapture.py @@ -0,0 +1,162 @@ +# -*- coding: utf-8 -*- + + +# 配置网络接口 + # 请根据您的系统更换网卡接口 +# Destination Port Flow Duration Total Fwd Packets +# Total Backward Packets Total Length of Fwd Packets Total Length of Bwd Packets +# Fwd Packet Length Max Fwd Packet Length Min Fwd Packet Length Mean Fwd Packet Length Std +# Bwd Packet Length Max Bwd Packet Length Min Bwd Packet Length Mean Bwd Packet Length Std +# Flow Bytes/s Flow Packets/s Flow IAT Mean Flow IAT Std Flow IAT Max Flow IAT Min Fwd IAT Total +# Fwd IAT Mean Fwd IAT Std Fwd IAT Max Fwd IAT Min Bwd IAT Total Bwd IAT Mean Bwd IAT Std +# Bwd IAT Max Bwd IAT Min Fwd PSH Flags Bwd PSH Flags Fwd URG Flags Bwd URG Flags Fwd Header Length +# Bwd Header Length Fwd Packets/s Bwd Packets/s Min Packet Length Max Packet Length +# Packet Length Mean Packet Length Std Packet Length Variance FIN Flag Count SYN Flag Count +# RST Flag Count PSH Flag Count ACK Flag Count URG Flag Count CWE Flag Count ECE Flag Count +# Down/Up Ratio Average Packet Size Avg Fwd Segment Size Avg Bwd Segment Size +# Fwd Header Length Fwd Avg Bytes/Bulk Fwd Avg Packets/Bulk Fwd Avg Bulk Rate +# Bwd Avg Bytes/Bulk Bwd Avg Packets/Bulk Bwd Avg Bulk Rate Subflow Fwd Packets +# Subflow Fwd Bytes Subflow Bwd Packets Subflow Bwd Bytes Init_Win_bytes_forward +# Init_Win_bytes_backward act_data_pkt_fwd min_seg_size_forward +# Active Mean Active Std Active Max Active Min Idle Mean Idle Std Idle Max Idle Min + + +from nfstream import NFStreamer +from safemap import * +# 配置网络接口 +INTERFACE = r"eth0" # 请根据您的系统更换网卡接口 +def format_nflow(flow): + """ + 从 NFlow 对象提取特性并返回格式化的数据字典。 + """ + try: + total_fwd_packets = flow.src2dst_packets + total_bwd_packets = flow.dst2src_packets + total_fwd_bytes = flow.src2dst_bytes + total_bwd_bytes = flow.dst2src_bytes + total_packets = total_fwd_packets + total_bwd_packets + total_bytes = total_fwd_bytes + total_bwd_bytes + + # 假设有计算 forward bulk 的辅助属性 + # num_forward_bulks = flow.src2dst_bulk_count # 前向块数量 + # total_bulk_duration = flow.src2dst_bulk_duration_ms / 1000.0 + + # 计算字段 + down_up_ratio = round(total_bwd_bytes / total_fwd_bytes) if total_fwd_bytes > 0 else 0 + average_packet_size = (total_bytes / total_packets) if total_packets > 0 else 0 + avg_fwd_segment_size = (total_fwd_bytes / total_fwd_packets) if total_fwd_packets > 0 else 0 + avg_bwd_segment_size = (total_bwd_bytes / total_bwd_packets) if total_bwd_packets > 0 else 0 + + subflow_fwd_packets = flow.src2dst_packets + subflow_fwd_bytes = flow.src2dst_bytes + subflow_bwd_packets = flow.dst2src_packets + subflow_bwd_bytes = flow.dst2src_bytes + + # TCP 初始化窗口大小 + init_win_bytes_forward = getattr(flow, "src2dst_init_window_size", "N/A") + init_win_bytes_backward = getattr(flow, "dst2src_init_window_size", "N/A") + + formatted_data = { + "Destination Port": flow.dst_port, + "Source Port":flow.src_port, + "Flow Duration (ms)": flow.bidirectional_duration_ms, + "Total Fwd Packets": flow.src2dst_packets, + "Total Backward Packets": flow.dst2src_packets, + "Total Length of Fwd Packets": flow.src2dst_bytes, + "Total Length of Bwd Packets": flow.dst2src_bytes, + "Fwd Packet Length Max": getattr(flow, "src2dst_max_ps", "N/A"), + "Fwd Packet Length Min": getattr(flow, "src2dst_min_ps", "N/A"), + "Fwd Packet Length Mean": getattr(flow, "src2dst_mean_ps", "N/A"), + "Fwd Packet Length Stddev": getattr(flow, "src2dst_stddev_ps", "N/A"), + "Bwd Packet Length Max": getattr(flow, "dst2src_max_ps", "N/A"), + "Bwd Packet Length Min": getattr(flow, "dst2src_min_ps", "N/A"), + "Bwd Packet Length Mean": getattr(flow, "dst2src_mean_ps", "N/A"), + "Bwd Packet Length Stddev": getattr(flow, "dst2src_stddev_ps", "N/A"), + "Flow Bytes/s": flow.bidirectional_bytes / flow.bidirectional_duration_ms * 1000 if flow.bidirectional_duration_ms > 0 else 0, + "Flow Packets/s": flow.bidirectional_packets / flow.bidirectional_duration_ms * 1000 if flow.bidirectional_duration_ms > 0 else 0, + "Flow IAT Mean (ms)": getattr(flow, "bidirectional_mean_piat_ms", "N/A"), + "Flow IAT Stddev (ms)": getattr(flow, "bidirectional_stddev_piat_ms", "N/A"), + "Flow IAT Max (ms)": getattr(flow, "bidirectional_max_piat_ms", "N/A"), + "Flow IAT Min (ms)": getattr(flow, "bidirectional_min_piat_ms", "N/A"), + "Fwd IAT Mean (ms)": getattr(flow, "src2dst_mean_piat_ms", "N/A"), + "Fwd IAT Stddev (ms)": getattr(flow, "src2dst_stddev_piat_ms", "N/A"), + "Fwd IAT Max (ms)": getattr(flow, "src2dst_max_piat_ms", "N/A"), + "Fwd IAT Min (ms)": getattr(flow, "src2dst_min_piat_ms", "N/A"), + "Bwd IAT Mean (ms)": getattr(flow, "dst2src_mean_piat_ms", "N/A"), + "Bwd IAT Stddev (ms)": getattr(flow, "dst2src_stddev_piat_ms", "N/A"), + "Bwd IAT Max (ms)": getattr(flow, "dst2src_max_piat_ms", "N/A"), + "Bwd IAT Min (ms)": getattr(flow, "dst2src_min_piat_ms", "N/A"), + "Fwd PSH Flags": getattr(flow, "src2dst_psh_packets", "N/A"), + "Bwd PSH Flags": getattr(flow, "dst2src_psh_packets", "N/A"), + "Fwd URG Flags": getattr(flow, "src2dst_urg_packets", "N/A"), + "Bwd URG Flags": getattr(flow, "dst2src_urg_packets", "N/A"), + + "Fwd Packets/s": flow.src2dst_packets / ( + flow.bidirectional_duration_ms / 1000) if flow.bidirectional_duration_ms > 0 else 0, + "Bwd Packets/s": flow.dst2src_packets / ( + flow.bidirectional_duration_ms / 1000) if flow.bidirectional_duration_ms > 0 else 0, + 'down_up_ratio':down_up_ratio, + 'average_packet_size':average_packet_size, + 'avg_fwd_segment_size':avg_fwd_segment_size, + 'avg_bwd_segment_size':avg_bwd_segment_size, + "Packet Length Mean": getattr(flow, "bidirectional_mean_ps", "N/A"), + "Packet Length Std": getattr(flow, "bidirectional_stddev_ps", "N/A"), + "FIN Flag Count": getattr(flow, "bidirectional_fin_packets", "N/A"), + "SYN Flag Count": getattr(flow, "bidirectional_syn_packets", "N/A"), + "RST Flag Count": getattr(flow, "bidirectional_rst_packets", "N/A"), + "PSH Flag Count": getattr(flow, "bidirectional_psh_packets", "N/A"), + "ACK Flag Count": getattr(flow, "bidirectional_ack_packets", "N/A"), + "URG Flag Count": getattr(flow, "bidirectional_urg_packets", "N/A"), + "CWE Flag Count": getattr(flow, "bidirectional_cwr_packets", "N/A"), + "ECE Flag Count": getattr(flow, "bidirectional_ece_packets", "N/A"), + "Subflow Fwd Packets": subflow_fwd_packets, + "Subflow Fwd Bytes": subflow_fwd_bytes, + "Subflow Bwd Packets": subflow_bwd_packets, + "Subflow Bwd Bytes": subflow_bwd_bytes, + "Application Name": flow.application_name, + "Application Category": flow.application_category_name, + "Protocol": flow.protocol, + "IP Version": flow.ip_version, + "Source IP": flow.src_ip, + "Destination IP": flow.dst_ip, + } + putPacketAnaylsy(formatted_data,"{}:{}".format(flow.src_ip,flow.src_port), + "{}:{}".format( + flow.dst_ip,flow.dst_port),flow.src_ip,flow.dst_ip) + + return formatted_data + except AttributeError as e: + print(f"Error processing flow: {e}") + return None +def print_nflow(flow): + """ + 打印格式化的 NFlow 数据。 + """ + formatted_data = format_nflow(flow) + if formatted_data: + for key, value in formatted_data.items(): + print(f"{key}: {value}") + print("\n" + "=" * 50 + "\n") + +# 使用 NFStreamer 实时监控 +def monitor(interface): + print(f"Starting real-time flow monitoring on interface: {interface}") + streamer = NFStreamer( + source=interface, + decode_tunnels=True, + promiscuous_mode=True, + snapshot_length=65535, + idle_timeout=10, # 等待 10 秒无新数据时输出流 + active_timeout=30, # 最长 30 秒就强制输出流 + statistical_analysis=True # 启用统计分析以生成额外字段 + ) + for flow in streamer: + print_nflow(flow) + +# +# if __name__ == "__main__": +# monitor(interface=INTERFACE) # 替换为您的网卡接口 + + + + diff --git a/caputre/ebpfdemos.py b/caputre/ebpfdemos.py new file mode 100644 index 0000000..847c3ec --- /dev/null +++ b/caputre/ebpfdemos.py @@ -0,0 +1,224 @@ +import re +import subprocess +import time +from collections import defaultdict +from concurrent.futures import ThreadPoolExecutor +from messagejobs import * +def parse_adfa_ld_file(file_path): + """ + 解析 ADFA-LD 的 syscall 列表文件,并提取 syscall 定义。 + :param file_path: 包含 ADFA-LD syscall 定义的文件路径 + :return: 一个字典,key 是 syscall 名称,value 是对应的序号 + """ + syscall_mapping = {} + + # 打开并读取文件内容 + with open(file_path, "r") as file: + lines = file.readlines() + + # 匹配 `#define __NR_` 和 `__SYSCALL` 的正则表达式 + define_pattern = re.compile(r"#define\s+(__NR_\w+)\s+(\d+)") + syscall_pattern = re.compile(r"__SYSCALL\s*\(\s*(\S+)\s*,\s*(\w+)\s*\)") + + # 遍历文件行,查找匹配 + for line in lines: + define_match = define_pattern.match(line) + syscall_match = syscall_pattern.match(line) + + # 如果匹配到 `#define` 定义 + if define_match: + syscall_name = define_match.group(1) # `__NR_xxx` + syscall_num = int(define_match.group(2)) # syscall 序号 + syscall_mapping[syscall_name] = syscall_num + + # 如果匹配到 `__SYSCALL` 定义 + elif syscall_match: + syscall_nr = syscall_match.group(1) # `__NR_xxx` + syscall_func = syscall_match.group(2) # `sys_xxx` + # 创建 syscall -> label 映射 + if syscall_nr in syscall_mapping: + syscall_mapping[syscall_func] = syscall_mapping[syscall_nr] + + return syscall_mapping + + +def map_bpftrace_syscalls_to_adfa(bpf_syscalls, adfa_mapping): + """ + 将 bpftrace 抓取到的 syscall 名称映射到 ADFA-LD 的 syscall 序号,基于后缀匹配。 + :param bpf_syscalls: 从 bpftrace 抓取到的 syscall 名称列表 + :param adfa_mapping: ADFA-LD 中的 syscall -> 序号映射表 + :return: 一个列表,包含 bpftrace 的 syscall 对应的序号(未匹配的不添加到结果中) + """ + syscall_to_sequence = [] + + for syscall in bpf_syscalls: + # 提取 syscall 名称中的后缀部分 + # 例如 'sys_enter_epoll_wait' -> 'epoll_wait' + match = re.search(r"sys_enter_(\w+)$", syscall) + if match: + syscall_suffix = match.group(1) + else: + syscall_suffix = syscall # 如果提取失败,使用原始名称 + + # Debug: 检查提取后的后缀 + # print(f"Original: {syscall}, Suffix: {syscall_suffix}") + + # 直接匹配 adfa_mapping 中的 key 的后缀部分 + matched = False + for key in adfa_mapping.keys(): + if key.endswith(syscall_suffix): # 如果 key 的后缀匹配 + syscall_to_sequence.append(adfa_mapping[key]) + matched = True + break + + # 如果匹配到了编号大于 1000 的 syscall,进行拆分匹配 + if matched and syscall_to_sequence and syscall_to_sequence[-1] > 1000: + # 弹出之前错误的匹配 + syscall_to_sequence.pop() + # 将后缀拆分为多个部分,例如 'epoll_wait' -> ['epoll', 'wait'] + syscall_parts = syscall_suffix.split("_") + + # 遍历 adfa_mapping 的所有 key,尝试匹配所有部分 + for key in adfa_mapping.keys(): + # 如果所有拆分的部分都在 key 中,认为匹配成功 + if all(part in key for part in syscall_parts): + if adfa_mapping[key]<1000: + syscall_to_sequence.append(adfa_mapping[key]) + matched = True + break + # 如果没有匹配,则跳过这个 syscall,不添加到结果中 + if not matched: + continue + + return syscall_to_sequence + + +def process_syscall_sequences(syscall_data, adfa_mapping): + """ + 处理抓取到的所有进程的 syscall 数据,将 syscall 名称映射为 ADFA-LD 的 label。 + :param syscall_data: 包含每个进程 syscall 数据的字典 + :param adfa_mapping: ADFA-LD 中的 syscall -> 序号映射表 + :return: 映射后的进程 syscall 序列 + """ + labeled_sequences = {} + + for pid, data in syscall_data.items(): + comm = data["comm"] + syscalls = data["syscalls"] + + # 将 syscalls 映射为 label + labeled_syscalls = map_bpftrace_syscalls_to_adfa(syscalls, adfa_mapping) + + labeled_sequences[pid] = { + "comm": comm, + "labeled_syscalls": labeled_syscalls + } + + return labeled_sequences + +# bpftrace 命令 +BPFTRACE_CMD = [ + "sudo", "bpftrace", "-e", + 'tracepoint:syscalls:sys_enter_* /comm != "bpftrace" && comm != "sudo"/ { printf("Syscall: %s PID: %d COMM: %s\\n", probe, pid, comm); }' +] + +# 滑动窗口参数 +WINDOW_SIZE = 10 # 窗口大小(秒) +STEP_SIZE = 5 # 滑动步长(秒) + + +def monitor_syscalls(adfa_mapping): + # 启动 bpftrace 进程 + with subprocess.Popen(BPFTRACE_CMD, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) as proc: + syscall_data = defaultdict( + lambda: {"comm": "", "syscalls": []}) # 数据结构: {pid: {"comm": process_name, "syscalls": [syscall1, ...]}} + window_start_time = time.time() # 当前窗口的起始时间 + + # 使用线程池进行非阻塞解析 + with ThreadPoolExecutor(max_workers=4) as executor: + try: + while True: + # 读取 bpftrace 输出 + line = proc.stdout.readline() + if not line: + break + + # 示例输出: Syscall: tracepoint:syscalls:sys_enter_write PID: 1234 COMM: bash + if line.startswith("Syscall:"): + parts = line.split() + if len(parts) >= 6: + syscall_name = parts[1].replace("tracepoint:syscalls:", "") # 提取系统调用名称 + pid = int(parts[3]) # 提取进程号 + comm = parts[5] # 提取进程名 + + # 更新对应进程的调用序列和名称 + syscall_data[pid]["comm"] = comm + syscall_data[pid]["syscalls"].append(syscall_name) + + # 判断是否需要滑动窗口 + current_time = time.time() + if current_time - window_start_time >= STEP_SIZE: + print(f"\n--- Syscall Sequences ({time.strftime('%Y-%m-%d %H:%M:%S')}) ---") + # 深拷贝当前 syscall 数据 + syscall_data_snapshot = syscall_data.copy() + + # 提交解析任务到线程池 + future = executor.submit(process_syscall_sequences, syscall_data_snapshot, adfa_mapping) + + # 打印原始 syscall 数据 + for pid, data in syscall_data.items(): + comm = data["comm"] + syscalls = data["syscalls"] + print(f"PID: {pid}, COMM: {comm}") + + # 处理解析结果 + labeled_sequences = future.result() + for pid, data in labeled_sequences.items(): + message = { + "pid": int(pid), + "comm": data["comm"], + "syscall": data["labeled_syscalls"] + } + try: + produce_messages_ordered(producer, "syscall_topic", message, thread_pool) + print(f"✅ [Kafka Sent] {message}") # 发送成功日志 + except Exception as e: + print(f"❌ [Kafka Error] 发送失败: {e}, 消息: {message}") + # 滑动窗口 + syscall_data.clear() # 清空当前窗口数据 + window_start_time = current_time # 更新窗口起始时间 + + except KeyboardInterrupt: + print("\nMonitoring stopped by user.") + finally: + # 终止 bpftrace 进程 + proc.terminate() + + +if __name__ == "__main__": + + adfa_ld_file_path = "ADFA-LD+Syscall+List.txt" + + # 解析 ADFA-LD 文件,生成 syscall -> label 映射 + adfa_mapping = parse_adfa_ld_file(adfa_ld_file_path) + # print("ADFA-LD Syscall Mapping:", adfa_mapping) + # + # # 示例 bpftrace 抓取的 syscall 数据 + # syscall_data = { + # 1234: {"comm": "python3", "syscalls": [ + # 'sys_enter_epoll_wait', 'sys_enter_clock_nanosleep', 'sys_enter_clock_nanosleep', + # 'sys_enter_epoll_wait', 'sys_enter_close' + # ]}, + # 5678: {"comm": "bash", "syscalls": [ + # 'sys_enter_read', 'sys_enter_futex', 'sys_enter_futex', 'sys_enter_read' + # ]} + # } + # # 映射 bpftrace 的 syscall 到 ADFA-LD 的 label + # labeled_sequences = process_syscall_sequences(syscall_data, adfa_mapping) + # # 打印映射结果 + # for pid, data in labeled_sequences.items(): + # comm = data["comm"] + # labeled_syscalls = data["labeled_syscalls"] + # print(f"PID: {pid}, COMM: {comm}, Labeled Syscalls: {labeled_syscalls}") + + monitor_syscalls(adfa_mapping) diff --git a/caputre/jobentrance.py b/caputre/jobentrance.py new file mode 100644 index 0000000..fadbab1 --- /dev/null +++ b/caputre/jobentrance.py @@ -0,0 +1,4 @@ +from capturetask import * + +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/caputre/messagejobs.py b/caputre/messagejobs.py new file mode 100644 index 0000000..1ef9d2a --- /dev/null +++ b/caputre/messagejobs.py @@ -0,0 +1,92 @@ +import socket + +from kafka import KafkaProducer +from concurrent.futures import ThreadPoolExecutor +import json +import time +import threading +from queue import Queue + +# 配置 Kafka 参数 +BOOTSTRAP_SERVERS = "121.43.104.95:9092" # 替换为你的 Kafka Broker 地址 +def get_local_ip(): + """ + 自动获取当前主机的 IP 地址 + """ + try: + # 创建一个 UDP socket 并连接到公共地址,获取主机的本地 IP + with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s: + s.connect(("8.8.8.8", 80)) # 使用 Google 公共 DNS 地址 + local_ip = s.getsockname()[0] + return local_ip + except Exception as e: + print(f"Error fetching local IP address: {e}") + return "Unknown" + +# 当前主机 IP +LOCAL_IP = get_local_ip() + +# 配置 Kafka Producer +def configure_producer(): + """ + 配置 Kafka 生产者 + """ + try: + producer = KafkaProducer( + bootstrap_servers=BOOTSTRAP_SERVERS, + value_serializer=lambda v: json.dumps(v).encode('utf-8'), # 将数据序列化为 JSON 格式 + ) + return producer + except Exception as e: + print(f"Error configuring Kafka producer: {e}") + raise + + +# 线程池单例 +class ThreadPoolSingleton: + """ + 全局线程池单例 + """ + _instance = None + _lock = threading.Lock() + + def __new__(cls, max_workers=5): + if not cls._instance: + with cls._lock: + if not cls._instance: + cls._instance = ThreadPoolExecutor(max_workers=max_workers) + return cls._instance + + +# 异步发送数据到 Kafka +def send_to_kafka(producer, topic, data): + """ + 异步发送数据到 Kafka + """ + try: + future = producer.send(topic, value=data) + future.add_callback(lambda metadata: print( + f"Sent to Kafka ({topic}) -> Partition: {metadata.partition}, Offset: {metadata.offset}")) + future.add_errback(lambda error: print( + f"Failed to send to Kafka ({topic}): {error}")) + except Exception as e: + print(f"Failed to send data to {topic}: {e}") + +# 顺序发送器:将消息加入线程池并按时间顺序发送 +def produce_messages_ordered(producer, topic, json_data, thread_pool): + """ + 将单条 JSON 数据按时间顺序提交到 Kafka + :param producer: Kafka Producer 实例 + :param topic: 目标 Kafka 主题 + :param json_data: 要发送的 JSON 数据 + :param thread_pool: 全局线程池 + """ + # 动态生成一个时间戳作为排序的 key + timestamp = int(time.time() * 1000) + json_data["timestamp"] = timestamp # 添加时间戳到消息中 + json_data["cloudip"]=LOCAL_IP + # print(f"Producing data to {topic}: {json_data}") + # 将发送任务提交到线程池 + thread_pool.submit(send_to_kafka, producer, topic, json_data) +producer = configure_producer() +thread_pool = ThreadPoolSingleton() # 创建线程池单例 \ No newline at end of file diff --git a/caputre/safemap.py b/caputre/safemap.py new file mode 100644 index 0000000..fac841e --- /dev/null +++ b/caputre/safemap.py @@ -0,0 +1,201 @@ +import re +import threading +from messagejobs import * + +def string_words_spliting(str_input): + """ + 将字符串中的特殊字符替换为空格,并去除多余空格 + """ + str_cleaned = re.sub(r'[?&=(){}<>/\\."\'@;~,:*]', ' ', str_input) + return ' '.join(str_cleaned.split()) # 去除多余空格 + + +def parse_http_packet(packet): + """ + 解析 HTTP 数据,并转换成格式化字符串 + """ + http_data = [] + # 提取 `protocol_details["http_payload"]` + if "protocol_details" in packet and "http_payload" in packet["protocol_details"]: + http_data.extend(packet["protocol_details"]["http_payload"].split("\r\n")) # 按 HTTP 换行符拆分 + + # 移除空行,并对每一行进行字符串清理 + http_data = [string_words_spliting(line) for line in http_data if line.strip()] + + + + return http_data +class ThreadSafeMap: + def __init__(self): + self.map = {} + self.lock = threading.Lock() + + def put(self, key, value): + with self.lock: + self.map[key] = value + + def get(self, key): + with self.lock: + return self.map.get(key,[]) + + def remove(self, key): + with self.lock: + del self.map[key] +datasmaps = ThreadSafeMap() + + + + +def putPackect(srcIp, destIp, packet): + global datasmaps + key = "{},{}".format(srcIp, destIp) + reverse_key = "{},{}".format(destIp, srcIp) + + # 尝试获取正向或反向的 key 对应的列表 + result = datasmaps.get(key) + if not result: + result = datasmaps.get(reverse_key) + + # 如果列表为空,初始化新的 key 和列表,并保存 Min 和 Max Packet Length + if not result: + # 初始化 Min 和 Max Packet Length + datasmaps.put(key, { + "packets": [packet], + "min_length": packet["Packet_length"], # 当前数据包长度作为初始最小长度 + "max_length": packet["Packet_length"] # 当前数据包长度作为初始最大长度 + }) + else: + # 更新 Min 和 Max Packet Length + packet_list = result["packets"] + packet_list.append(packet) + current_length = packet["Packet_length"] + result["min_length"] = min(result["min_length"], current_length) + result["max_length"] = max(result["max_length"], current_length) + result["packets"]=packet_list + datasmaps.put(key, result) # 更新数据 + + +def putPacketAnaylsy(object,srcIp, destIp,src,dest): + global datasmaps + key = "{},{}".format(srcIp, destIp) + reverse_key = "{},{}".format(destIp, srcIp) + + # 尝试获取正向或反向的 key 对应的数据 + result = datasmaps.get(key) + if not result: + result = datasmaps.get(reverse_key) + if not result: + return # 没有找到对应的流 + + # 初始化前向和后向头部长度 + fwd_header_length = 0 + bwd_header_length = 0 + + # 获取 Min 和 Max Packet Length + min_packet_length = result["min_length"] + max_packet_length = result["max_length"] + + # 计算所有数据包长度的均值和方差 + packet_lengths = [packet["Packet_length"] for packet in result["packets"]] + mean_packet_length = sum(packet_lengths) / len(packet_lengths) + variance_packet_length = sum( + (length - mean_packet_length) ** 2 for length in packet_lengths + ) / len(packet_lengths) + + # 遍历所有数据包,计算头部长度 + for packet in result["packets"]: + total_header_length = packet["Fwd_Header_Length"] + # 判断方向 + if packet["ip_src"] == src and packet["ip_dst"] == dest: + fwd_header_length += total_header_length + elif packet["ip_src"] == dest and packet["ip_dst"] == src: + bwd_header_length += total_header_length + object["Fwd Header Length"]=fwd_header_length + object["Bwd Header Length"]=bwd_header_length + object["Min Packet Length"]=min_packet_length + object["Max Packet Length"]=max_packet_length + object["Mean Packet Length"]=mean_packet_length + object["Packet Length Variance"]=variance_packet_length + # 从 map 中移除对应的键 + produce_messages_ordered(producer,"stream_topic",object,thread_pool) + for packet in result["packets"]: + if packet["type"]=="HTTP": + print(f"enter this the http packet {packet}") + newpacket=parse_http_packet(packet) + print(f"after clean {newpacket}") + packet["payload"]=newpacket + packet["protocol_details"]["http_payload"]=newpacket + produce_messages_ordered(producer,"http_topic",packet,thread_pool) + try: + datasmaps.remove(key) + datasmaps.remove(reverse_key) + except KeyError as e: + pass +def extract_initial_window_size(src_ip, dest_ip, objects, src, dest): + global datasmaps + key = "{},{}".format(src_ip, dest_ip) + reverse_key = "{},{}".format(dest_ip, src_ip) + + # 尝试获取正向或反向的 key 对应的数据 + result = datasmaps.get(key) + if not result: + result = datasmaps.get(reverse_key) + if not result: + return # 没有找到对应的流 + + # 确保 result["packets"] 有数据 + packet_list = result.get("packets", []) + if not packet_list: + return # 没有数据包 + + # 提取第一个数据包 + first_packet = packet_list[0] + + # 初始化窗口大小 + init_win_forward = 0 + init_win_backward = 0 + + # 确保第一个包包含 TCP 信息 + if first_packet.get("type") == "TCP": + if first_packet["ip_src"] == src and first_packet["ip_dst"] == dest: + # 前向窗口大小 + init_win_forward = first_packet.get("window_size", 0) + elif first_packet["ip_src"] == dest and first_packet["ip_dst"] == src: + # 后向窗口大小 + init_win_backward = first_packet.get("window_size", 0) + + # 更新对象 + objects["Init_Win_bytes_forward"] = init_win_forward + objects["Init_Win_bytes_backward"] = init_win_backward + + +def extract_initial_window_size(src_ip, dest_ip, objects, src, dest): + global datasmaps + key = "{},{}".format(src_ip, dest_ip) + reverse_key = "{},{}".format(dest_ip, src_ip) + # 尝试获取正向或反向的 key 对应的数据 + result = datasmaps.get(key) + if not result: + result = datasmaps.get(reverse_key) + if not result: + return # 没有找到对应的流 + # 确保 result["packets"] 有数据 + packet_list = result.get("packets", []) + if not packet_list: + return # 没有数据包 + # 提取第一个数据包 + first_packet = packet_list[0] + # 初始化窗口大小 + init_win_forward = 0 + init_win_backward = 0 + # 确保第一个包包含 TCP 信息 + if first_packet.get("type") == "TCP": + if first_packet["ip_src"] == src and first_packet["ip_dst"] == dest: + # 前向窗口大小 + init_win_forward = first_packet.get("window_size", 0) + elif first_packet["ip_src"] == dest and first_packet["ip_dst"] == src: + # 后向窗口大小 + init_win_backward = first_packet.get("window_size", 0) + # 更新对象 + objects["Init_Win_bytes_forward"] = init_win_forward + objects["Init_Win_bytes_backward"] = init_win_backward -- GitLab