From 2930cdd2ac6f2ab96be15a4ec3db9edc0273dd49 Mon Sep 17 00:00:00 2001 From: gurkenhabicht Date: Sat, 6 Jun 2020 03:29:38 +0200 Subject: [PATCH] added regex parser to config --- src/configure/mod.rs | 2 ++ src/main.rs | 4 ++-- src/parser.json | 7 ++++--- src/parser/mod.rs | 12 ++++++------ src/parser/packet_handler.rs | 3 --- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/configure/mod.rs b/src/configure/mod.rs index aaf4ee1..bad5a2f 100644 --- a/src/configure/mod.rs +++ b/src/configure/mod.rs @@ -15,6 +15,7 @@ const PCAP_SIGNATURE_BE: [u8; 4] = [0xa1, 0xb2, 0xc3, 0xa1]; pub struct Config { pub filter: String, + pub regex_filter: String, pub insert_max: usize, pub pcap_file: String, pub connection: String, @@ -28,6 +29,7 @@ pub fn from_json_file() -> Option { let json: serde_json::Value = serde_json::from_reader(config_file).unwrap(); Some(Config { filter: json.get("filter").unwrap().as_str().unwrap().to_owned(), + regex_filter: json.get("regex_filter").unwrap().as_str().unwrap().to_owned(), insert_max: json.get("insert_max").unwrap().as_u64().unwrap() as usize, pcap_file: json.get("pcap_file").unwrap().as_str().unwrap().to_owned(), connection: format!( diff --git a/src/main.rs b/src/main.rs index 95b5239..717c680 100644 --- a/src/main.rs +++ b/src/main.rs @@ -60,7 +60,7 @@ async fn main() -> Result<(), Error> { false => for _pcap_file in pcap_map.keys() { println!("{:?}",&_pcap_file); // TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size - let v: Vec = parser::parse(&_pcap_file, &config.filter); + let v: Vec = parser::parse(&_pcap_file, &config.filter, &config.regex_filter); //let mut v = Vec::::with_capacity(35536); //v.extend(parser::parse(&_pcap_file, &config.filter)); @@ -114,7 +114,7 @@ async fn main() -> Result<(), Error> { let insert_str = query_string(&config.insert_max); let statement = client.prepare(&insert_str).await?; loop { - let v: Vec = parser::parse_device(&config.device, &config.filter, &config.insert_max); + let v: Vec = parser::parse_device(&config.device, &config.filter, &config.insert_max, &config.regex_filter); let packets_serialized = serializer::serialize_packets(v); client .query_raw( diff --git a/src/parser.json b/src/parser.json index 8c8ac7c..13f0b44 100644 --- a/src/parser.json +++ b/src/parser.json @@ -1,9 +1,10 @@ { - "insert_max": 10000, - "filter": "tcp && !ip6", + "insert_max": 20000, + "filter": "!vlan && !ip6 && tcp", + "regex_filter": "192.168.0.13", "from_device": false, "parse_device": "enp7s0", - "pcap_file": "../target/arp_test.pcapng", + "pcap_file": "", "pcap_dir": "../target", "database_user": "postgres", "database_host": "localhost", diff --git a/src/parser/mod.rs b/src/parser/mod.rs index 8a9c479..6301b61 100644 --- a/src/parser/mod.rs +++ b/src/parser/mod.rs @@ -44,7 +44,8 @@ pub struct QryData { fn flag_carnage(re: &Regex, payload: &[u8]) -> Option { let mut flags: String = String::new(); for mat in re.find_iter(payload) { - flags.push_str(std::str::from_utf8(mat.as_bytes()).unwrap()); + flags.push_str(&format!("{} ",std::str::from_utf8(mat.as_bytes()).unwrap())); + //flags.push_str(" "); } match 0 < flags.len() { false => None, @@ -52,9 +53,8 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option { } } -pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec { +pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec { let ether_init = build_ether(); - let mut me = QryData { id: 0, time: 0.0, @@ -71,7 +71,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec { let mut cap = Capture::from_file(parse_file).unwrap(); Capture::filter(&mut cap, &filter_str).unwrap(); - let re = Regex::new(r"(?:http|https):[[::punct::]]?").unwrap(); + let re = Regex::new(regex_filter).unwrap(); while let Ok(packet) = cap.next() { me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; me.data = Some(packet.data.to_vec()); @@ -152,7 +152,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec { /* This could need some love */ -pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec { +pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec { let ether_init = build_ether(); let mut me = QryData { @@ -171,7 +171,7 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) -> let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); Capture::filter(&mut cap, &filter_str).unwrap(); - let re = Regex::new(r"(?:http|https):[[::punct::]]").unwrap(); + let re = Regex::new(regex_filter).unwrap(); 'parse: while let Ok(packet) = cap.next() { me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; me.data = Some(packet.data.to_vec()); diff --git a/src/parser/packet_handler.rs b/src/parser/packet_handler.rs index bdb15b8..542cb3e 100644 --- a/src/parser/packet_handler.rs +++ b/src/parser/packet_handler.rs @@ -36,9 +36,6 @@ pub fn ethernet_handler(packet_data: &[u8]) -> EtherHeader { EtherHeader { ether_dhost: (MacAddress::new(_ether_dhost as Eui48)), ether_shost: (MacAddress::new(_ether_shost as Eui48)), - - // ether_dhost: _ether_dhost as Eui48, - // ether_shost: _ether_shost as Eui48, ether_type: _ether_type as i32, } }