added regex parser to config
This commit is contained in:
parent
cb973851d6
commit
2930cdd2ac
|
|
@ -15,6 +15,7 @@ const PCAP_SIGNATURE_BE: [u8; 4] = [0xa1, 0xb2, 0xc3, 0xa1];
|
|||
|
||||
pub struct Config {
|
||||
pub filter: String,
|
||||
pub regex_filter: String,
|
||||
pub insert_max: usize,
|
||||
pub pcap_file: String,
|
||||
pub connection: String,
|
||||
|
|
@ -28,6 +29,7 @@ pub fn from_json_file() -> Option<Config> {
|
|||
let json: serde_json::Value = serde_json::from_reader(config_file).unwrap();
|
||||
Some(Config {
|
||||
filter: json.get("filter").unwrap().as_str().unwrap().to_owned(),
|
||||
regex_filter: json.get("regex_filter").unwrap().as_str().unwrap().to_owned(),
|
||||
insert_max: json.get("insert_max").unwrap().as_u64().unwrap() as usize,
|
||||
pcap_file: json.get("pcap_file").unwrap().as_str().unwrap().to_owned(),
|
||||
connection: format!(
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ async fn main() -> Result<(), Error> {
|
|||
false => for _pcap_file in pcap_map.keys() {
|
||||
println!("{:?}",&_pcap_file);
|
||||
// TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size
|
||||
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter);
|
||||
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter);
|
||||
//let mut v = Vec::<parser::QryData>::with_capacity(35536);
|
||||
//v.extend(parser::parse(&_pcap_file, &config.filter));
|
||||
|
||||
|
|
@ -114,7 +114,7 @@ async fn main() -> Result<(), Error> {
|
|||
let insert_str = query_string(&config.insert_max);
|
||||
let statement = client.prepare(&insert_str).await?;
|
||||
loop {
|
||||
let v: Vec<parser::QryData> = parser::parse_device(&config.device, &config.filter, &config.insert_max);
|
||||
let v: Vec<parser::QryData> = parser::parse_device(&config.device, &config.filter, &config.insert_max, &config.regex_filter);
|
||||
let packets_serialized = serializer::serialize_packets(v);
|
||||
client
|
||||
.query_raw(
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
{
|
||||
"insert_max": 10000,
|
||||
"filter": "tcp && !ip6",
|
||||
"insert_max": 20000,
|
||||
"filter": "!vlan && !ip6 && tcp",
|
||||
"regex_filter": "192.168.0.13",
|
||||
"from_device": false,
|
||||
"parse_device": "enp7s0",
|
||||
"pcap_file": "../target/arp_test.pcapng",
|
||||
"pcap_file": "",
|
||||
"pcap_dir": "../target",
|
||||
"database_user": "postgres",
|
||||
"database_host": "localhost",
|
||||
|
|
|
|||
|
|
@ -44,7 +44,8 @@ pub struct QryData {
|
|||
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
||||
let mut flags: String = String::new();
|
||||
for mat in re.find_iter(payload) {
|
||||
flags.push_str(std::str::from_utf8(mat.as_bytes()).unwrap());
|
||||
flags.push_str(&format!("{} ",std::str::from_utf8(mat.as_bytes()).unwrap()));
|
||||
//flags.push_str(" ");
|
||||
}
|
||||
match 0 < flags.len() {
|
||||
false => None,
|
||||
|
|
@ -52,9 +53,8 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
|||
}
|
||||
}
|
||||
|
||||
pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec<QryData> {
|
||||
pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
|
||||
let ether_init = build_ether();
|
||||
|
||||
let mut me = QryData {
|
||||
id: 0,
|
||||
time: 0.0,
|
||||
|
|
@ -71,7 +71,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec<QryData> {
|
|||
|
||||
let mut cap = Capture::from_file(parse_file).unwrap();
|
||||
Capture::filter(&mut cap, &filter_str).unwrap();
|
||||
let re = Regex::new(r"(?:http|https):[[::punct::]]?").unwrap();
|
||||
let re = Regex::new(regex_filter).unwrap();
|
||||
while let Ok(packet) = cap.next() {
|
||||
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
|
||||
me.data = Some(packet.data.to_vec());
|
||||
|
|
@ -152,7 +152,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec<QryData> {
|
|||
|
||||
|
||||
/* This could need some love */
|
||||
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec<QryData> {
|
||||
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec<QryData> {
|
||||
let ether_init = build_ether();
|
||||
|
||||
let mut me = QryData {
|
||||
|
|
@ -171,7 +171,7 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) ->
|
|||
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
|
||||
Capture::filter(&mut cap, &filter_str).unwrap();
|
||||
|
||||
let re = Regex::new(r"(?:http|https):[[::punct::]]").unwrap();
|
||||
let re = Regex::new(regex_filter).unwrap();
|
||||
'parse: while let Ok(packet) = cap.next() {
|
||||
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
|
||||
me.data = Some(packet.data.to_vec());
|
||||
|
|
|
|||
|
|
@ -36,9 +36,6 @@ pub fn ethernet_handler(packet_data: &[u8]) -> EtherHeader {
|
|||
EtherHeader {
|
||||
ether_dhost: (MacAddress::new(_ether_dhost as Eui48)),
|
||||
ether_shost: (MacAddress::new(_ether_shost as Eui48)),
|
||||
|
||||
// ether_dhost: _ether_dhost as Eui48,
|
||||
// ether_shost: _ether_shost as Eui48,
|
||||
ether_type: _ether_type as i32,
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue