Question

抽样数据:

{
    10116079620: { ip.dst : [ 10.1.1.5 ],  ip.src : [ 1.2.3.4 ],  category : [ Misc ]}, 
    10116882439: { ip.dst : [ 1.2.3.4 ],  ip.src : [ 10.1.1.5 ],  category : [ Misc ]}, 
    10116080136: { ip.dst : [ 10.10.10.99 ],  ip.src : [ 1.2.3.4 ],  category : [ Misc ]}, 
    10116884490: { ip.dst : [ 10.10.10.99 ],  ip.src : [ 2.3.4.5 ],  alias : [ www.example.com ],  category : [ Misc ]}, 
    10117039635: { ip.dst : [ 2.3.4.5 ],  ip.src : [ 10.11.11.50 ],  alias : [ google.com ],  category : [ Misc ]}, 
    10118099993: { ip.dst : [ 1.2.3.4 ],  ip.src : [ 10.11.11.49 ],  alias : [ www.google.com ],  category : [ Misc ]},
    10118083243: { ip.dst : [ 10.11.11.49 ],  ip.src : [ 4.3.2.1 ],  alias : [ www.google.com ],  category : [ Misc ]}}
}

目标:

我的目标是寻找已知存在的价值(IP地址)的样本词典,如果该词出现在ip或ip。一旦发现我想把“选择”(其他)IP地址写到新的清单中......如果在P.src I想要捕捉,反之亦然。

查询地址不止一次,因此清单不必反映重复。

If 1.2.3.4 is searched then the following would be captured:
* 10.1.1.5
* 10.10.10.99
* 10.11.11.49

Searching on 10.10.10.99 would capture:
* 1.2.3.4
* 2.3.4.5

我确信,这很简单,但我 st着新鲜的 lo,需要比我的泥土更简明的例行公事。

感谢你们的援助。

感谢。

Answer 1

Step 1. Invert the dictionary.

dst= collections.defaultdict( list )
src= collections.defaultdict( list )
for k in original:
    for addr in original[k][ ip.dst ]:
        dst[addr].append( k )
    for addr in original[k][ ip.src ]:
        src[addr].append( k )

Step 2. Don t search, just get the value.

You do two nearly instant checks into dst[addr] and src[addr] and you know all the keys in the original dictionary where it occurred.

Inverting the dictionary takes time.

Building better dictionaries in the first place (i.e., indexed by ip.dst and ip.src) saves the cost of inverting the dictionary you already have.

Answer 2

Just for fun, here s how you can do it in a one-liner comprehension!

set([v[ ip.dst ][0] for v in my_dict.values() if v[ ip.src ] == [search_ip]] + [v[ ip.src ][0] for v in my_dict.values() if v[ ip.dst ] == [search_ip]])

Output:

>>>search_ip =  1.2.3.4 
>>>my_dict = {10116079620: { ip.dst : [ 10.1.1.5 ],  ip.src : [ 1.2.3.4 ],  category : [ Misc ]}, 10116882439: { ip.dst : [ 1.2.3.4 ],  ip.src : [ 10.1.1.5 ],  category : [ Misc ]}, 10116080136: { ip.dst : [ 10.10.10.99 ],  ip.src : [ 1.2.3.4 ],  category : [ Misc ]},  10116884490: { ip.dst : [ 10.10.10.99 ],  ip.src : [ 2.3.4.5 ],  alias : [ www.example.com ],  category : [ Misc ]},  10117039635: { ip.dst : [ 2.3.4.5 ],  ip.src : [ 10.11.11.50 ],  alias : [ google.com ],  category : [ Misc ]},  10118099993: { ip.dst : [ 1.2.3.4 ],  ip.src : [ 10.11.11.49 ],  alias : [ www.google.com ],  category : [ Misc ]}, 10118083243: { ip.dst : [ 10.11.11.49 ],  ip.src : [ 4.3.2.1 ],  alias : [ www.google.com ],  category : [ Misc ]}}
>>>set([v[ ip.dst ][0] for v in my_dict.values() if v[ ip.src ] == [search_ip]] + [v[ ip.src ][0] for v in my_dict.values() if v[ ip.dst ] == [search_ip]])
set([ 10.1.1.5 ,  10.10.10.99 ,  10.11.11.49 ])

>>>search_ip =  10.10.10.99 
>>>set([v[ ip.dst ][0] for v in my_dict.values() if v[ ip.src ] == [search_ip]] + [v[ ip.src ][0] for v in my_dict.values() if v[ ip.dst ] == [search_ip]])
set([ 1.2.3.4 ,  2.3.4.5 ])

Answer 3

I built on S.Lott s answer with some differences. I used sets to remove duplicates, and I kept the search indices together to better match the answers you suggested you wanted.

import collections

# data = your example data dictionary

index = collections.defaultdict(set)
for key in data:
    datum = data[key]
    for ip in datum[ ip.dst ]:
        index[ip].update(datum[ ip.src ])
    for ip in datum[ ip.src ]:
        index[ip].update(datum[ ip.dst ])

print index[ 1.2.3.4 ]
print index[ 10.10.10.99 ]

返回:

set([ 10.10.10.99 ,  10.1.1.5 ,  10.11.11.49 ])
set([ 1.2.3.4 ,  2.3.4.5 ])

Answer 4

下面是一份清单,其中<代码>为你的词典和ip是你正在寻求的:

Answer 5

from functools import partial

def search_row(results, ip, row):
    if row[ ip.dst ][0] == ip:
        results.add(row[ ip.src ][0])
    if row[ ip.src ][0] == ip:
        results.add(row[ ip.dst ][0])

def search(ip, data):
    results = set()
    aggregator = partial(search_row, results, ip)
    map(aggregator, data.values())    
    return results

print search( 1.2.3.4 , data)

print search( 10.10.10.99 , data)

Answer 6

没有任何图书馆(But S.Lott解决方案较短,更优,我爱它):

x={
    10116079620: { ip.dst : [ 10.1.1.5 ],  ip.src : [ 1.2.3.4 ],  category : [ Misc ]}, 
    10116882439: { ip.dst : [ 1.2.3.4 ],  ip.src : [ 10.1.1.5 ],  category : [ Misc ]}, 
    10116080136: { ip.dst : [ 10.10.10.99 ],  ip.src : [ 1.2.3.4 ],  category : [ Misc ]}, 
    10116884490: { ip.dst : [ 10.10.10.99 ],  ip.src : [ 2.3.4.5 ],  alias : [ www.example.com ],  category : [ Misc ]}, 
    10117039635: { ip.dst : [ 2.3.4.5 ],  ip.src : [ 10.11.11.50 ],  alias : [ google.com ],  category : [ Misc ]}, 
    10118099993: { ip.dst : [ 1.2.3.4 ],  ip.src : [ 10.11.11.49 ],  alias : [ www.google.com ],  category : [ Misc ]},
    10118083243: { ip.dst : [ 10.11.11.49 ],  ip.src : [ 4.3.2.1 ],  alias : [ www.google.com ],  category : [ Misc ]}
}

y=[(i[ ip.dst ],i[ ip.src ]) for i in x.values()]

a,b=zip(*y)

#Looking for
lf=[ 1.2.3.4 ]
ips=[]


i=0
for ipsrc in a:
    if ipsrc == lf:
        ips.append(b[i])
    i+=1

i=0
for ipdst in b:
    if ipdst == lf:
        ips.append(a[i])
    i+=1

ips=set(ips)
print(ips)

友情链接