modularized linktypes, transport layer generic function call possible
This commit is contained in:
parent
faddf64307
commit
09c8a7438f
|
@ -59,7 +59,7 @@ async fn main() -> Result<(), Error> {
|
||||||
false => for (_pcap_file, _pcap_info) in pcap_map.iter() {
|
false => for (_pcap_file, _pcap_info) in pcap_map.iter() {
|
||||||
println!("{:?}",&_pcap_file);
|
println!("{:?}",&_pcap_file);
|
||||||
// TODO: Tuning vector capacity according to mean average & std dev of packet size
|
// TODO: Tuning vector capacity according to mean average & std dev of packet size
|
||||||
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter, _pcap_info.encapsulation_type);
|
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter);
|
||||||
//let mut v = Vec::<parser::QryData>::with_capacity(35536);
|
//let mut v = Vec::<parser::QryData>::with_capacity(35536);
|
||||||
//v.extend(parser::parse(&_pcap_file, &config.filter));
|
//v.extend(parser::parse(&_pcap_file, &config.filter));
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"insert_max": 20000,
|
"insert_max": 20000,
|
||||||
"filter": "ip6 && tcp ",
|
"filter": "ip6 && tcp",
|
||||||
"regex_filter": "(?:http|https)[[::punct::]]//([[::word::]]+\\.)*",
|
"regex_filter": "(?:http|https)[[::punct::]]//([[::word::]]+\\.)*",
|
||||||
"from_device": false,
|
"from_device": false,
|
||||||
"parse_device": "enp7s0",
|
"parse_device": "enp7s0",
|
||||||
|
|
|
@ -5,6 +5,7 @@ mod packet_handler;
|
||||||
use pcap::{Capture, Linktype};
|
use pcap::{Capture, Linktype};
|
||||||
use regex::bytes::Regex;
|
use regex::bytes::Regex;
|
||||||
use std::str;
|
use std::str;
|
||||||
|
use std::convert::TryInto;
|
||||||
//use std::thread::{spawn, JoinHandle};
|
//use std::thread::{spawn, JoinHandle};
|
||||||
//use std::sync::mpsc::{channel, Receiver};
|
//use std::sync::mpsc::{channel, Receiver};
|
||||||
|
|
||||||
|
@ -22,6 +23,7 @@ const ETH_P_RARP: usize = 0x3580;
|
||||||
On the one hand, only the actual type of frame/packet/segment would be contained in the resulting struct.
|
On the one hand, only the actual type of frame/packet/segment would be contained in the resulting struct.
|
||||||
So, increased benefit in serialization/cpu time, could result in less data to be serialized, depending on layout.
|
So, increased benefit in serialization/cpu time, could result in less data to be serialized, depending on layout.
|
||||||
On the other hand, each datagram::type needs to implement traits which would need to be dynamically dispatched by returning any of these types per iso level from a single function each. The result would be a performance decrease.
|
On the other hand, each datagram::type needs to implement traits which would need to be dynamically dispatched by returning any of these types per iso level from a single function each. The result would be a performance decrease.
|
||||||
|
See: https://doc.rust-lang.org/book/ch10-02-traits.html#returning-types-that-implement-traits
|
||||||
See: https://doc.rust-lang.org/book/ch17-02-trait-objects.html#trait-objects-perform-dynamic-dispatch
|
See: https://doc.rust-lang.org/book/ch17-02-trait-objects.html#trait-objects-perform-dynamic-dispatch
|
||||||
Then again, parser logic would be fewer lines + more unified using the latter method. Maybe better optimizable as well? Maybe this is a nice tradeoff?
|
Then again, parser logic would be fewer lines + more unified using the latter method. Maybe better optimizable as well? Maybe this is a nice tradeoff?
|
||||||
TODO: Implement and benchmark dynamically dispatched packet data in conjunction with restructured QryData.
|
TODO: Implement and benchmark dynamically dispatched packet data in conjunction with restructured QryData.
|
||||||
|
@ -56,6 +58,7 @@ fn init_qrydata( ) -> Result<QryData, core::fmt::Error> {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[allow(dead_code)]
|
||||||
enum EncapsulationType { // pcap::Linktype::get_name() is unsafe.
|
enum EncapsulationType { // pcap::Linktype::get_name() is unsafe.
|
||||||
EN10MB = 1, // See: https://docs.rs/pcap/0.7.0/src/pcap/lib.rs.html#247-261
|
EN10MB = 1, // See: https://docs.rs/pcap/0.7.0/src/pcap/lib.rs.html#247-261
|
||||||
RAW = 101, // Would this be an issue?
|
RAW = 101, // Would this be an issue?
|
||||||
|
@ -64,57 +67,21 @@ enum EncapsulationType { // pcap::Linktype::get_name() is unsafe.
|
||||||
impl QryData {
|
impl QryData {
|
||||||
// This is not cool!
|
// This is not cool!
|
||||||
// This will get modularized into subfunctions
|
// This will get modularized into subfunctions
|
||||||
fn encap_ether( packet_data: &[u8] ) -> Option<QryData> {
|
fn encap_en10mb( packet_data: &[u8] ) -> Option<QryData> {
|
||||||
let mut pkg: QryData = init_qrydata().unwrap();
|
let mut pkg: QryData = init_qrydata().unwrap();
|
||||||
pkg.ether_header = Some(packet_handler::ethernet_handler(packet_data)).unwrap();
|
pkg.ether_header = Some(packet_handler::ethernet_handler(packet_data)).unwrap();
|
||||||
match pkg.ether_header.unwrap().ether_type as usize {
|
match pkg.ether_header.unwrap().ether_type as usize {
|
||||||
ETH_P_IP => {
|
ETH_P_IP => {
|
||||||
pkg.ipv4_header = Some(packet_handler::ip_handler(packet_data)).unwrap();
|
pkg.ipv4_header = Some(packet_handler::ip_handler(packet_data)).unwrap();
|
||||||
match pkg.ipv4_header.unwrap().ip_protocol as usize {
|
let protocol_type = pkg.ipv4_header.unwrap().ip_protocol.clone() as usize;
|
||||||
TCP => {
|
let l3_header_length = pkg.ipv4_header.unwrap().ip_ihl;
|
||||||
pkg.tcp_header = Some(packet_handler::tcp_handler(
|
pkg.transport_layer(packet_data, protocol_type, l3_header_length).unwrap();
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
|
||||||
packet_data,
|
|
||||||
))
|
|
||||||
.unwrap();
|
|
||||||
pkg.data = Some(packet_handler::payload_handler(
|
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
|
||||||
pkg.tcp_header.unwrap().data_offset,
|
|
||||||
packet_data,
|
|
||||||
)).unwrap();
|
|
||||||
}
|
|
||||||
UDP => {
|
|
||||||
pkg.udp_header = Some(packet_handler::udp_handler(
|
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
|
||||||
packet_data,
|
|
||||||
))
|
|
||||||
.unwrap();
|
|
||||||
pkg.data = Some(packet_handler::payload_handler(
|
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
|
||||||
7,
|
|
||||||
packet_data,
|
|
||||||
)).unwrap();
|
|
||||||
}
|
|
||||||
_ => println!("Transport layer protocol not implemented"),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
ETH_P_IPV6 => {
|
ETH_P_IPV6 => {
|
||||||
pkg.ipv6_header = Some(packet_handler::ipv6_handler(packet_data)).unwrap();
|
pkg.ipv6_header = Some(packet_handler::ipv6_handler(packet_data)).unwrap();
|
||||||
match pkg.ipv6_header.unwrap().next_header as usize {
|
let protocol_type = pkg.ipv6_header.unwrap().next_header.clone() as usize;
|
||||||
TCP => {
|
pkg.transport_layer(packet_data, protocol_type, 10).unwrap();
|
||||||
pkg.tcp_header = Some(packet_handler::tcp_handler(10, packet_data)).unwrap();
|
|
||||||
pkg.data = Some(packet_handler::payload_handler(
|
|
||||||
10,
|
|
||||||
pkg.tcp_header.unwrap().data_offset,
|
|
||||||
packet_data,
|
|
||||||
)).unwrap();
|
|
||||||
}
|
|
||||||
UDP => {
|
|
||||||
pkg.udp_header = Some(packet_handler::udp_handler(10, packet_data)).unwrap();
|
|
||||||
pkg.data = Some(packet_handler::payload_handler(10, 7, packet_data)).unwrap();
|
|
||||||
}
|
|
||||||
_ => println!("Transport layer protocol not implemented"),
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
ETH_P_ARP | ETH_P_RARP => {
|
ETH_P_ARP | ETH_P_RARP => {
|
||||||
pkg.arp_header = Some(packet_handler::arp_handler(packet_data)).unwrap();
|
pkg.arp_header = Some(packet_handler::arp_handler(packet_data)).unwrap();
|
||||||
|
@ -124,41 +91,66 @@ impl QryData {
|
||||||
Some(pkg)
|
Some(pkg)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn encap_rawip ( packet_data: &[u8] ) -> Option<QryData> {
|
fn encap_raw ( packet_data: &[u8] ) -> Option<QryData> {
|
||||||
let mut pkg: QryData = init_qrydata().unwrap();
|
let mut pkg: QryData = init_qrydata().unwrap();
|
||||||
pkg.ipv4_header = Some(packet_handler::ip_handler(packet_data)).unwrap();
|
let ip_version: usize = ((packet_data[0] & 0xf0) >> 4).try_into().unwrap();
|
||||||
match pkg.ipv4_header.unwrap().ip_protocol as usize {
|
match ip_version {
|
||||||
|
4 => {
|
||||||
|
pkg.ipv4_header = Some(packet_handler::ip_handler(packet_data)).unwrap();
|
||||||
|
let protocol_type = pkg.ipv4_header.unwrap().ip_protocol.clone() as usize;
|
||||||
|
let l3_header_length = pkg.ipv4_header.unwrap().ip_ihl;
|
||||||
|
pkg.transport_layer(packet_data, protocol_type, l3_header_length).unwrap();
|
||||||
|
}
|
||||||
|
6 => {
|
||||||
|
pkg.ipv6_header = Some(packet_handler::ipv6_handler(packet_data)).unwrap();
|
||||||
|
let protocol_type = pkg.ipv6_header.unwrap().next_header.clone() as usize;
|
||||||
|
pkg.transport_layer(packet_data, protocol_type, 10).unwrap();
|
||||||
|
}
|
||||||
|
_ => println!("Network Protocol not implemented")
|
||||||
|
}
|
||||||
|
Some(pkg)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: impl correct Err type and use in Result
|
||||||
|
fn transport_layer (&mut self, packet_data: &[u8], protocol_type: usize, l3_header_length: u32) -> Result<(), core::fmt::Error> {
|
||||||
|
match protocol_type {
|
||||||
TCP => {
|
TCP => {
|
||||||
pkg.tcp_header = Some(packet_handler::tcp_handler(
|
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
self.tcp_header = Some(packet_handler::tcp_handler(
|
||||||
|
l3_header_length,
|
||||||
packet_data,
|
packet_data,
|
||||||
|
|
||||||
))
|
))
|
||||||
.unwrap();
|
.unwrap();
|
||||||
pkg.data = Some(packet_handler::payload_handler(
|
self.data = Some(packet_handler::payload_handler(
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
l3_header_length,
|
||||||
pkg.tcp_header.unwrap().data_offset,
|
self.tcp_header.unwrap().data_offset,
|
||||||
packet_data,
|
packet_data,
|
||||||
)).unwrap();
|
)).unwrap();
|
||||||
}
|
}
|
||||||
UDP => {
|
UDP => {
|
||||||
pkg.udp_header = Some(packet_handler::udp_handler(
|
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
self.udp_header = Some(packet_handler::udp_handler(
|
||||||
|
l3_header_length,
|
||||||
packet_data,
|
packet_data,
|
||||||
))
|
))
|
||||||
.unwrap();
|
.unwrap();
|
||||||
pkg.data = Some(packet_handler::payload_handler(
|
self.data = Some(packet_handler::payload_handler(
|
||||||
pkg.ipv4_header.unwrap().ip_ihl,
|
l3_header_length,
|
||||||
7,
|
7,
|
||||||
packet_data,
|
packet_data,
|
||||||
)).unwrap();
|
)).unwrap();
|
||||||
}
|
}
|
||||||
_ => println!("Transport layer protocol not implemented"),
|
_ => println!("Transport layer protocol not implemented"),
|
||||||
|
}
|
||||||
}
|
Ok(())
|
||||||
Some(pkg)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Regex parse _complete_ package */
|
/* Regex parse _complete_ package */
|
||||||
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
||||||
let mut flags: String = String::new();
|
let mut flags: String = String::new();
|
||||||
|
@ -175,19 +167,21 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str, encap: u16) -> Vec<QryData> {
|
pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
|
||||||
let mut me: QryData = init_qrydata().unwrap();
|
let mut me: QryData = init_qrydata().unwrap();
|
||||||
let mut v: Vec<QryData> = Vec::new();
|
let mut v: Vec<QryData> = Vec::new();
|
||||||
|
|
||||||
let mut cap = Capture::from_file(parse_file).unwrap();
|
let mut cap = Capture::from_file(parse_file).unwrap();
|
||||||
Capture::filter(&mut cap, &filter_str).unwrap();
|
Capture::filter(&mut cap, &filter_str).unwrap();
|
||||||
|
let linktype = cap.get_datalink();
|
||||||
|
println!("{:?}", &linktype);
|
||||||
let re = Regex::new(regex_filter).unwrap();
|
let re = Regex::new(regex_filter).unwrap();
|
||||||
while let Ok(packet) = cap.next() {
|
while let Ok(packet) = cap.next() {
|
||||||
|
|
||||||
match encap {
|
match linktype {
|
||||||
// Syntax is clunky, but no num_derive + num_traits dependencies.
|
// Syntax is clunky, but no num_derive + num_traits dependencies.
|
||||||
encap if encap == EncapsulationType::EN10MB as u16 => me = QryData::encap_ether(packet.data).unwrap(),
|
Linktype(1) => me = QryData::encap_en10mb(packet.data).unwrap(), // EN10MB
|
||||||
encap if encap == EncapsulationType::RAW as u16 => me = QryData::encap_rawip(packet.data).unwrap(),
|
Linktype(101) => me = QryData::encap_raw(packet.data).unwrap(), // RAW
|
||||||
_ => (),
|
_ => (),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -210,8 +204,8 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, re
|
||||||
let re = Regex::new(regex_filter).unwrap();
|
let re = Regex::new(regex_filter).unwrap();
|
||||||
'parse: while let Ok(packet) = cap.next() {
|
'parse: while let Ok(packet) = cap.next() {
|
||||||
match linktype {
|
match linktype {
|
||||||
Linktype(1) => me = QryData::encap_ether(packet.data).unwrap(),
|
Linktype(1) => me = QryData::encap_en10mb(packet.data).unwrap(),
|
||||||
Linktype(101) => me = QryData::encap_rawip(packet.data).unwrap(),
|
Linktype(101) => me = QryData::encap_raw(packet.data).unwrap(),
|
||||||
_ => (),
|
_ => (),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,8 +29,8 @@ pub fn ethernet_handler(packet_data: &[u8]) -> Option<EtherHeader> {
|
||||||
let mut _ether_shost: [u8; ETH_ALEN] = [0; ETH_ALEN];
|
let mut _ether_shost: [u8; ETH_ALEN] = [0; ETH_ALEN];
|
||||||
let mut _ether_type: u16 = 0;
|
let mut _ether_type: u16 = 0;
|
||||||
|
|
||||||
_ether_dhost.clone_from_slice(&packet_data[0..ETH_ALEN]);
|
_ether_dhost.copy_from_slice(&packet_data[0..ETH_ALEN]);
|
||||||
_ether_shost.clone_from_slice(&packet_data[ETH_ALEN..ETH_ALEN * 2]);
|
_ether_shost.copy_from_slice(&packet_data[ETH_ALEN..ETH_ALEN * 2]);
|
||||||
_ether_type = LittleEndian::read_u16(&packet_data[ETH_ALEN * 2..(ETH_ALEN * 2) + ETH_TLEN]);
|
_ether_type = LittleEndian::read_u16(&packet_data[ETH_ALEN * 2..(ETH_ALEN * 2) + ETH_TLEN]);
|
||||||
|
|
||||||
Some(EtherHeader {
|
Some(EtherHeader {
|
||||||
|
@ -239,8 +239,8 @@ pub fn arp_handler(packet_data: &[u8]) -> Option<ArpHeader> {
|
||||||
let mut _sha: [u8; 6] = [0; 6];
|
let mut _sha: [u8; 6] = [0; 6];
|
||||||
let mut _tha: [u8; 6] = [0; 6];
|
let mut _tha: [u8; 6] = [0; 6];
|
||||||
|
|
||||||
_sha.clone_from_slice(&raw_hdr[8..14]);
|
_sha.copy_from_slice(&raw_hdr[8..14]);
|
||||||
_tha.clone_from_slice(&raw_hdr[18..24]);
|
_tha.copy_from_slice(&raw_hdr[18..24]);
|
||||||
|
|
||||||
Some(ArpHeader{
|
Some(ArpHeader{
|
||||||
htype: BigEndian::read_u16(&raw_hdr[0..2]),
|
htype: BigEndian::read_u16(&raw_hdr[0..2]),
|
||||||
|
|
Loading…
Reference in New Issue