added regex parser to config
This commit is contained in:
parent
cb973851d6
commit
2930cdd2ac
|
|
@ -15,6 +15,7 @@ const PCAP_SIGNATURE_BE: [u8; 4] = [0xa1, 0xb2, 0xc3, 0xa1];
|
||||||
|
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
pub filter: String,
|
pub filter: String,
|
||||||
|
pub regex_filter: String,
|
||||||
pub insert_max: usize,
|
pub insert_max: usize,
|
||||||
pub pcap_file: String,
|
pub pcap_file: String,
|
||||||
pub connection: String,
|
pub connection: String,
|
||||||
|
|
@ -28,6 +29,7 @@ pub fn from_json_file() -> Option<Config> {
|
||||||
let json: serde_json::Value = serde_json::from_reader(config_file).unwrap();
|
let json: serde_json::Value = serde_json::from_reader(config_file).unwrap();
|
||||||
Some(Config {
|
Some(Config {
|
||||||
filter: json.get("filter").unwrap().as_str().unwrap().to_owned(),
|
filter: json.get("filter").unwrap().as_str().unwrap().to_owned(),
|
||||||
|
regex_filter: json.get("regex_filter").unwrap().as_str().unwrap().to_owned(),
|
||||||
insert_max: json.get("insert_max").unwrap().as_u64().unwrap() as usize,
|
insert_max: json.get("insert_max").unwrap().as_u64().unwrap() as usize,
|
||||||
pcap_file: json.get("pcap_file").unwrap().as_str().unwrap().to_owned(),
|
pcap_file: json.get("pcap_file").unwrap().as_str().unwrap().to_owned(),
|
||||||
connection: format!(
|
connection: format!(
|
||||||
|
|
|
||||||
|
|
@ -60,7 +60,7 @@ async fn main() -> Result<(), Error> {
|
||||||
false => for _pcap_file in pcap_map.keys() {
|
false => for _pcap_file in pcap_map.keys() {
|
||||||
println!("{:?}",&_pcap_file);
|
println!("{:?}",&_pcap_file);
|
||||||
// TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size
|
// TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size
|
||||||
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter);
|
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter);
|
||||||
//let mut v = Vec::<parser::QryData>::with_capacity(35536);
|
//let mut v = Vec::<parser::QryData>::with_capacity(35536);
|
||||||
//v.extend(parser::parse(&_pcap_file, &config.filter));
|
//v.extend(parser::parse(&_pcap_file, &config.filter));
|
||||||
|
|
||||||
|
|
@ -114,7 +114,7 @@ async fn main() -> Result<(), Error> {
|
||||||
let insert_str = query_string(&config.insert_max);
|
let insert_str = query_string(&config.insert_max);
|
||||||
let statement = client.prepare(&insert_str).await?;
|
let statement = client.prepare(&insert_str).await?;
|
||||||
loop {
|
loop {
|
||||||
let v: Vec<parser::QryData> = parser::parse_device(&config.device, &config.filter, &config.insert_max);
|
let v: Vec<parser::QryData> = parser::parse_device(&config.device, &config.filter, &config.insert_max, &config.regex_filter);
|
||||||
let packets_serialized = serializer::serialize_packets(v);
|
let packets_serialized = serializer::serialize_packets(v);
|
||||||
client
|
client
|
||||||
.query_raw(
|
.query_raw(
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,10 @@
|
||||||
{
|
{
|
||||||
"insert_max": 10000,
|
"insert_max": 20000,
|
||||||
"filter": "tcp && !ip6",
|
"filter": "!vlan && !ip6 && tcp",
|
||||||
|
"regex_filter": "192.168.0.13",
|
||||||
"from_device": false,
|
"from_device": false,
|
||||||
"parse_device": "enp7s0",
|
"parse_device": "enp7s0",
|
||||||
"pcap_file": "../target/arp_test.pcapng",
|
"pcap_file": "",
|
||||||
"pcap_dir": "../target",
|
"pcap_dir": "../target",
|
||||||
"database_user": "postgres",
|
"database_user": "postgres",
|
||||||
"database_host": "localhost",
|
"database_host": "localhost",
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,8 @@ pub struct QryData {
|
||||||
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
||||||
let mut flags: String = String::new();
|
let mut flags: String = String::new();
|
||||||
for mat in re.find_iter(payload) {
|
for mat in re.find_iter(payload) {
|
||||||
flags.push_str(std::str::from_utf8(mat.as_bytes()).unwrap());
|
flags.push_str(&format!("{} ",std::str::from_utf8(mat.as_bytes()).unwrap()));
|
||||||
|
//flags.push_str(" ");
|
||||||
}
|
}
|
||||||
match 0 < flags.len() {
|
match 0 < flags.len() {
|
||||||
false => None,
|
false => None,
|
||||||
|
|
@ -52,9 +53,8 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec<QryData> {
|
pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
|
||||||
let ether_init = build_ether();
|
let ether_init = build_ether();
|
||||||
|
|
||||||
let mut me = QryData {
|
let mut me = QryData {
|
||||||
id: 0,
|
id: 0,
|
||||||
time: 0.0,
|
time: 0.0,
|
||||||
|
|
@ -71,7 +71,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec<QryData> {
|
||||||
|
|
||||||
let mut cap = Capture::from_file(parse_file).unwrap();
|
let mut cap = Capture::from_file(parse_file).unwrap();
|
||||||
Capture::filter(&mut cap, &filter_str).unwrap();
|
Capture::filter(&mut cap, &filter_str).unwrap();
|
||||||
let re = Regex::new(r"(?:http|https):[[::punct::]]?").unwrap();
|
let re = Regex::new(regex_filter).unwrap();
|
||||||
while let Ok(packet) = cap.next() {
|
while let Ok(packet) = cap.next() {
|
||||||
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
|
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
|
||||||
me.data = Some(packet.data.to_vec());
|
me.data = Some(packet.data.to_vec());
|
||||||
|
|
@ -152,7 +152,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str) -> Vec<QryData> {
|
||||||
|
|
||||||
|
|
||||||
/* This could need some love */
|
/* This could need some love */
|
||||||
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec<QryData> {
|
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec<QryData> {
|
||||||
let ether_init = build_ether();
|
let ether_init = build_ether();
|
||||||
|
|
||||||
let mut me = QryData {
|
let mut me = QryData {
|
||||||
|
|
@ -171,7 +171,7 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) ->
|
||||||
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
|
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
|
||||||
Capture::filter(&mut cap, &filter_str).unwrap();
|
Capture::filter(&mut cap, &filter_str).unwrap();
|
||||||
|
|
||||||
let re = Regex::new(r"(?:http|https):[[::punct::]]").unwrap();
|
let re = Regex::new(regex_filter).unwrap();
|
||||||
'parse: while let Ok(packet) = cap.next() {
|
'parse: while let Ok(packet) = cap.next() {
|
||||||
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
|
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
|
||||||
me.data = Some(packet.data.to_vec());
|
me.data = Some(packet.data.to_vec());
|
||||||
|
|
|
||||||
|
|
@ -36,9 +36,6 @@ pub fn ethernet_handler(packet_data: &[u8]) -> EtherHeader {
|
||||||
EtherHeader {
|
EtherHeader {
|
||||||
ether_dhost: (MacAddress::new(_ether_dhost as Eui48)),
|
ether_dhost: (MacAddress::new(_ether_dhost as Eui48)),
|
||||||
ether_shost: (MacAddress::new(_ether_shost as Eui48)),
|
ether_shost: (MacAddress::new(_ether_shost as Eui48)),
|
||||||
|
|
||||||
// ether_dhost: _ether_dhost as Eui48,
|
|
||||||
// ether_shost: _ether_shost as Eui48,
|
|
||||||
ether_type: _ether_type as i32,
|
ether_type: _ether_type as i32,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue