stefan
/
tpcpr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

regex parser result is now a field in QryData, and stored in the db as a result

This commit is contained in:
gurkenhabicht 2020-05-21 17:27:30 +02:00
parent 45d69dd97f
commit 4d3d1c98d6
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/main.rs
View File

@ -24,6 +24,7 @@ impl Serialize for parser::QryData {
state.serialize_field("ipv6_header", &self.ipv6_header)?; state.serialize_field("ipv6_header", &self.ipv6_header)?;
state.serialize_field("tcp_header", &self.tcp_header)?; state.serialize_field("tcp_header", &self.tcp_header)?;
state.serialize_field("data", &self.data)?; state.serialize_field("data", &self.data)?;
state.serialize_field("reg_res", &self.reg_res)?;
state.end() state.end()
} }
} }

23
src/parser.rs
View File

@ -4,7 +4,6 @@ extern crate eui48;
mod packet_handler; mod packet_handler;
use eui48::MacAddress; use eui48::MacAddress;
use pcap::Capture; use pcap::Capture;
//use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use regex::bytes::Match; use regex::bytes::Match;
use regex::bytes::Regex; use regex::bytes::Regex;
use std::str; use std::str;
@ -22,7 +21,6 @@ fn build_ether() -> packet_handler::EtherHeader {
} }
} }
// TODO: wrap packet_handler types inside Option<T>
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct QryData { pub struct QryData {
pub id: i32, pub id: i32,
@ -32,14 +30,19 @@ pub struct QryData {
pub ipv4_header: Option<packet_handler::IpV4Header>, pub ipv4_header: Option<packet_handler::IpV4Header>,
pub ipv6_header: Option<packet_handler::IpV6Header>, pub ipv6_header: Option<packet_handler::IpV6Header>,
pub tcp_header: Option<packet_handler::TcpHeader>, pub tcp_header: Option<packet_handler::TcpHeader>,
pub reg_res: Option<String>,
} }
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> { fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
for mat in re.find_iter(payload) { let mut flags: String = String::new() ;
println!("{:?}", std::str::from_utf8(mat.as_bytes())); for mat in re.find_iter(payload) {
// println!("{:?}", std::str::from_utf8(mat.as_bytes()).unwrap());
flags.push_str( std::str::from_utf8(mat.as_bytes()).unwrap() );
}
match 0 < flags.len() {
false => None,
true => Some(flags)
} }
Some("test".to_owned())
} }
pub fn parse(parse_file: &str, filter_str: &str) -> Vec<QryData> { pub fn parse(parse_file: &str, filter_str: &str) -> Vec<QryData> {
@ -53,6 +56,7 @@ pub fn parse(parse_file: &str, filter_str: &str) -> Vec<QryData> {
ipv4_header: None::<packet_handler::IpV4Header>, ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>, ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>, tcp_header: None::<packet_handler::TcpHeader>,
reg_res: None::<String>,
}; };
let mut v: Vec<QryData> = Vec::new(); let mut v: Vec<QryData> = Vec::new();
@ -62,7 +66,7 @@ pub fn parse(parse_file: &str, filter_str: &str) -> Vec<QryData> {
while let Ok(packet) = cap.next() { while let Ok(packet) = cap.next() {
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
me.data = Some(packet.data.to_vec()); me.data = Some(packet.data.to_vec());
flag_carnage(&re, packet.data); me.reg_res = flag_carnage(&re, packet.data);
me.ether_header = packet_handler::ethernet_handler(packet.data); me.ether_header = packet_handler::ethernet_handler(packet.data);
match me.ether_header.ether_type as usize { match me.ether_header.ether_type as usize {
ETH_P_IP => { ETH_P_IP => {
@ -104,6 +108,7 @@ pub fn parse(parse_file: &str, filter_str: &str) -> Vec<QryData> {
ipv4_header: me.ipv4_header, ipv4_header: me.ipv4_header,
ipv6_header: me.ipv6_header, ipv6_header: me.ipv6_header,
tcp_header: me.tcp_header, tcp_header: me.tcp_header,
reg_res: me.reg_res,
}); });
} }
v v
@ -120,6 +125,7 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) ->
ipv4_header: None::<packet_handler::IpV4Header>, ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>, ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>, tcp_header: None::<packet_handler::TcpHeader>,
reg_res: None::<String>,
}; };
let mut v: Vec<QryData> = Vec::new(); let mut v: Vec<QryData> = Vec::new();
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
@ -129,7 +135,7 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) ->
'parse: while let Ok(packet) = cap.next() { 'parse: while let Ok(packet) = cap.next() {
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
me.data = Some(packet.data.to_vec()); me.data = Some(packet.data.to_vec());
flag_carnage(&re, packet.data); me.reg_res = flag_carnage(&re, packet.data);
me.ether_header = packet_handler::ethernet_handler(packet.data); me.ether_header = packet_handler::ethernet_handler(packet.data);
match me.ether_header.ether_type as usize { match me.ether_header.ether_type as usize {
ETH_P_IP => { ETH_P_IP => {
@ -171,6 +177,7 @@ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) ->
ipv4_header: me.ipv4_header, ipv4_header: me.ipv4_header,
ipv6_header: me.ipv6_header, ipv6_header: me.ipv6_header,
tcp_header: me.tcp_header, tcp_header: me.tcp_header,
reg_res: me.reg_res,
}); });
if &v.len() >= insert_max { if &v.len() >= insert_max {