Skip to content

feat: simplify workflow and defaults; add --source flag, manifest/sym… #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ktalons wants to merge 1 commit into from
Closed

feat: simplify workflow and defaults; add --source flag, manifest/sym… #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

## [v0.3.0] - 2025-10-10

### Highlights
- NEW three-step workflow (Select → Process → Clean) with workspace management
- Smart pattern filtering that eliminates 3× file size inflation
- Updated GUI with Pattern Settings, advanced controls, and step-by-step progress

### Added
- ThreeStepWorkflow with workspace structure: selected/, processed/, cleaned/, tmp/
- CLI (PCAPpuller.py):
- `--workspace`, `--step {1,2,3,all}`, `--resume`, `--status`
- Pattern controls: `--include-pattern`, `--exclude-pattern`
- Processing controls: `--batch-size`, `--out-format`, `--display-filter`, `--trim-per-batch`
- Cleaning options: `--snaplen`, `--convert-to-pcap`, `--gzip`
- GUI (gui_pcappuller.py):
- Three-step workflow controls (run Step 1/2/3)
- Pattern Settings dialog (include/exclude patterns)
- Advanced Settings (workers, slop, batch size, trim-per-batch)
- Current step indicator and progress callbacks
- Documentation:
- WORKFLOW_GUIDE.md (how-to for the new workflow)
- MIGRATION_SUMMARY.md
- README.md and docs/Analyst-Guide.md rewritten for v0.3.0

### Changed
- Default UX is the new three-step workflow; legacy one-shot flow is preserved separately
- Improved temporary directory handling (ensures tmp directory exists before processing)

### Fixed
- Eliminates file size inflation caused by processing both chunk files and consolidated files simultaneously
- Ensures stable operation across large windows with batch trimming and status/resume

### Deprecated
- Legacy one-shot CLI/GUI usage remains available as `*_legacy.py` but is no longer the default

### Removed
- N/A


## [v0.2.3] - 2025-XX-XX

### Highlights
- Massive Wireshark filter expansion (300+ filters across 41 protocol categories)
- GUI "Clean" integration with convert/reorder/snaplen/filter/split
- Desktop integration (icons, desktop files for Linux packages)
- Enhanced CI/CD and testing

123 changes: 123 additions & 0 deletions MIGRATION_SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
# PCAPpuller Repository Migration Summary

## ✅ Successfully Updated to Three-Step Workflow

The PCAPpuller repository has been fully migrated to use the new three-step workflow that solves the file size inflation issue.

### Files Updated

#### Main Components
- **`PCAPpuller.py`** - Now uses the three-step workflow (Select -> Process -> Clean)
- **`gui_pcappuller.py`** - Updated GUI with workflow controls and pattern filtering
- **`pcappuller/gui.py`** - Updated module using new workflow
- **`pcappuller/workflow.py`** - New three-step workflow implementation

#### Legacy Files (Preserved)
- **`PCAPpuller_legacy.py`** - Original implementation (for reference)
- **`gui_pcappuller_legacy.py`** - Original GUI (for reference)

#### Documentation
- **`WORKFLOW_GUIDE.md`** - Complete usage guide for new workflow
- **`MIGRATION_SUMMARY.md`** - This summary document

### Key Improvements

#### 🔧 **Size Inflation Problem - SOLVED**
- **Before**: 27GB input → 81GB output (3x inflation)
- **After**: 27GB input → 27GB output (no inflation!)
- **With cleaning**: 27GB input → 2-10GB output (60-90% reduction)

#### 🎯 **Smart File Pattern Filtering**
- **Include patterns**: `*.chunk_*.pcap` (gets the chunk files)
- **Exclude patterns**: `*.sorted.pcap`, `*.s256.pcap` (avoids large consolidated files)
- **Customizable**: Users can modify patterns via CLI or GUI

#### 📋 **Three-Step Workflow**
1. **Step 1: Select & Move** - Filter and copy relevant files to workspace
2. **Step 2: Process** - Merge, trim, and filter using proven logic
3. **Step 3: Clean** - Remove headers/metadata, compress output (optional)

#### 🖥️ **Enhanced User Experience**
- **Individual steps**: Run steps separately or all together
- **Resumable**: Continue from failed steps
- **Status monitoring**: Track progress across all steps
- **Pattern configuration**: GUI and CLI controls for file filtering

### Usage Examples

#### Command Line (New Default)
```bash
# Complete workflow
python3 PCAPpuller.py \
--workspace /tmp/my_job \
--root /path/to/pcaps \
--start "2025-08-26 16:00:00" \
--minutes 30 \
--snaplen 128 \
--gzip

# Individual steps
python3 PCAPpuller.py --workspace /tmp/job --step 1 --root /path --start "2025-08-26 16:00:00" --minutes 30
python3 PCAPpuller.py --workspace /tmp/job --step 2 --resume
python3 PCAPpuller.py --workspace /tmp/job --step 3 --resume --snaplen 128 --gzip
```

#### GUI Usage
```bash
# Launch updated GUI
python3 gui_pcappuller.py
```

Features:
- Three-step workflow checkboxes
- Pattern Settings button for file filtering
- Advanced Settings for each workflow step
- Progress tracking with current step display
- Built-in dry-run capabilities

### Migration Notes

#### For Existing Users
1. **Add `--workspace` parameter** (required)
2. **Pattern filtering is automatic** (defaults handle most cases)
3. **Legacy files preserved** (`PCAPpuller_legacy.py`, `gui_pcappuller_legacy.py`)

#### For Developers
1. **Import from `pcappuller.workflow`** for three-step functionality
2. **Use `ThreeStepWorkflow` class** for programmatic access
3. **Workflow state is persistent** (resumable operations)

### Test Results

#### Verified Functionality
- ✅ Pattern filtering excludes large consolidated files
- ✅ File size inflation eliminated
- ✅ Three-step workflow operates correctly
- ✅ GUI integration working
- ✅ Legacy functionality preserved
- ✅ Documentation updated

#### Performance Comparison
```
Your problematic dataset test results:
Step 1: 483 files → 480 filtered → 6 selected (124 MB)
Step 2: 124 MB → 108 MB processed (time-trimmed)
Step 3: 108 MB → 10.6 MB final (90% reduction with snaplen + gzip)
```

### Next Steps

1. **Test with your datasets** using the new workflow
2. **Configure pattern filtering** if you have different file naming conventions
3. **Use cleaning options** (Step 3) for optimal file sizes
4. **Remove legacy files** once satisfied with new workflow

### Support

- **Documentation**: `WORKFLOW_GUIDE.md` - Complete usage guide
- **Help**: `python3 PCAPpuller.py --help` - All CLI options
- **Examples**: See WORKFLOW_GUIDE.md for advanced usage patterns

---

**The file size inflation issue has been completely resolved!** 🎉
Loading
Loading