clean up + restucturing

2020-06-14 04:14:06 +02:00 · 2020-06-14 04:14:06 +02:00 · 4e86759c68
parent 4bfd00ac05
commit 4e86759c68
4 changed files with 606 additions and 37 deletions
--- a/src/parser/mod.rs
+++ b/src/parser/mod.rs
@ -16,7 +16,15 @@ const TCP: usize = 0x06;
 const UDP: usize = 0x11;
 const ETH_P_ARP: usize = 0x0608;
 const ETH_P_RARP: usize = 0x3580;
-const ETHER_HDRLEN: usize = 14;
+
 /* Protocol header sizes */
 const ETHER_HDRLEN: usize = 0xE;
 const NO_PREDECESSOR: usize = 0x0;
 const IPV6_HDRLEN: u32 = 0xA; // I know, this will get changed. It works for now.
 /* random constants */
 const IPV4: usize = 0x4;
 const IPV6: usize = 0x6;
 /*
 QryData could be written in the sense of QryData{ ... frame: .., packet: .., segment:.. }
@ -70,24 +78,33 @@ impl QryData {
    }
    fn encap_en10mb(&mut self, packet_data: &[u8]) -> Result<(), core::fmt::Error> {
        //let mut pkg: QryData = new().unwrap();
        self.ether_header = Some(packet_handler::ethernet_handler(packet_data)).unwrap();
        match self.ether_header.unwrap().ether_type as usize {
            ETH_P_IP => {
-                self.ipv4_header = Some(packet_handler::ip_handler(packet_data, ETHER_HDRLEN)).unwrap();
+                self.ipv4_header =
-                let protocol_type = self.ipv4_header.unwrap().ip_protocol as usize;
+                    Some(packet_handler::ip_handler(packet_data, ETHER_HDRLEN)).unwrap();
-                let l3_header_length = self.ipv4_header.unwrap().ip_ihl;
+                self.transport_layer(
-                self.transport_layer(packet_data, protocol_type, l3_header_length, ETHER_HDRLEN)
+                    packet_data,
-                    .unwrap();
+                    self.ipv4_header.unwrap().ip_protocol as usize,
                    self.ipv4_header.unwrap().ip_ihl,
                    ETHER_HDRLEN,
                )
                .unwrap();
            }
            ETH_P_IPV6 => {
-                self.ipv6_header = Some(packet_handler::ipv6_handler(packet_data, ETHER_HDRLEN)).unwrap();
+                self.ipv6_header =
-                let protocol_type = self.ipv6_header.unwrap().next_header as usize;
+                    Some(packet_handler::ipv6_handler(packet_data, ETHER_HDRLEN)).unwrap();
-                self.transport_layer(packet_data, protocol_type, 10, ETHER_HDRLEN)
+                self.transport_layer(
-                    .unwrap();
+                    packet_data,
                    self.ipv6_header.unwrap().next_header as usize,
                    IPV6_HDRLEN,
                    ETHER_HDRLEN,
                )
                .unwrap();
            }
            ETH_P_ARP | ETH_P_RARP => {
-                self.arp_header = Some(packet_handler::arp_handler(packet_data, ETHER_HDRLEN)).unwrap();
+                self.arp_header =
                    Some(packet_handler::arp_handler(packet_data, ETHER_HDRLEN)).unwrap();
            }
            _ => println!("Network protocol not implemented"),
        }
@ -95,24 +112,29 @@ impl QryData {
    }
    fn encap_raw(&mut self, packet_data: &[u8]) -> Result<(), core::fmt::Error> {
        //      let mut pkg: QryData = new().unwrap();
        let ip_version: usize = ((packet_data[0] & 0xf0) >> 4).try_into().unwrap();
        //println!("{:?}", &ip_version);
        match ip_version {
-            4 => {
+            IPV4 => {
-                //println!("v4");
+                self.ipv4_header =
-                self.ipv4_header = Some(packet_handler::ip_handler(packet_data, 0)).unwrap();
+                    Some(packet_handler::ip_handler(packet_data, NO_PREDECESSOR)).unwrap();
-                let protocol_type = self.ipv4_header.unwrap().ip_protocol as usize;
+                self.transport_layer(
-                let l3_header_length = self.ipv4_header.unwrap().ip_ihl;
+                    packet_data,
-                self.transport_layer(packet_data, protocol_type, l3_header_length, 0)
+                    self.ipv4_header.unwrap().ip_protocol as usize,
-                    .unwrap();
+                    self.ipv4_header.unwrap().ip_ihl,
                    NO_PREDECESSOR,
                )
                .unwrap();
            }
-            6 => {
+            IPV6 => {
-                //println!("v6");
+                self.ipv6_header =
-                self.ipv6_header = Some(packet_handler::ipv6_handler(packet_data, 0)).unwrap();
+                    Some(packet_handler::ipv6_handler(packet_data, NO_PREDECESSOR)).unwrap();
-                let protocol_type = self.ipv6_header.unwrap().next_header as usize;
+                self.transport_layer(
-                self.transport_layer(packet_data, protocol_type, 10, 0)
+                    packet_data,
-                    .unwrap();
+                    self.ipv6_header.unwrap().next_header as usize,
                    IPV6_HDRLEN,
                    NO_PREDECESSOR,
                )
                .unwrap();
            }
            _ => println!("Network Protocol not implemented"),
        }
@ -129,24 +151,32 @@ impl QryData {
    ) -> Result<(), core::fmt::Error> {
        match protocol_type {
            TCP => {
-                self.tcp_header =
+                self.tcp_header = Some(packet_handler::tcp_handler(
-                    Some(packet_handler::tcp_handler(l3_header_length, packet_data, ether_hdrlen)).unwrap();
+                    l3_header_length,
                    packet_data,
                    ether_hdrlen,
                ))
                .unwrap();
                self.data = Some(packet_handler::payload_handler(
                    l3_header_length,
                    self.tcp_header.unwrap().data_offset,
                    packet_data,
-                    ether_hdrlen
+                    ether_hdrlen,
                ))
                .unwrap();
            }
            UDP => {
-                self.udp_header =
+                self.udp_header = Some(packet_handler::udp_handler(
-                    Some(packet_handler::udp_handler(l3_header_length, packet_data, ether_hdrlen)).unwrap();
+                    l3_header_length,
                    packet_data,
                    ether_hdrlen,
                ))
                .unwrap();
                self.data = Some(packet_handler::payload_handler(
                    l3_header_length,
                    7,
                    packet_data,
-                    ether_hdrlen
+                    ether_hdrlen,
                ))
                .unwrap();
            }
@ -173,9 +203,7 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
 }
 pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
    //let mut me: QryData = QryData::new();
    let mut v: Vec<QryData> = Vec::new();
    let mut cap = Capture::from_file(parse_file).unwrap();
    Capture::filter(&mut cap, &filter_str).unwrap();
    let linktype = cap.get_datalink();
--- a/src/parser/mod.rs_bkp
+++ b/src/parser/mod.rs_bkp
@ -0,0 +1,268 @@
 extern crate bitfield;
 extern crate byteorder;
 extern crate eui48;
 mod packet_handler;
 use pcap::{Capture, Linktype};
 use regex::bytes::Regex;
 use std::convert::TryInto;
 use std::str;
 //use std::thread::{spawn, JoinHandle};
 //use std::sync::mpsc::{channel, Receiver};
 /* protocol ids, LittleEndian */
 const ETH_P_IPV6: usize = 0xDD86;
 const ETH_P_IP: usize = 0x08;
 const TCP: usize = 0x06;
 const UDP: usize = 0x11;
 const ETH_P_ARP: usize = 0x0608;
 const ETH_P_RARP: usize = 0x3580;
 /* Protocol header sizes */
 const ETHER_HDRLEN: usize = 14;
 const NO_PREDECESSOR: usize = 0;
 const IPV6_HDRLEN: u32 = 10; // I know, this will get changed. It works for now.
 /*
 QryData could be written in the sense of QryData{ ... frame: .., packet: .., segment:.. }
 On the one hand, only the actual type of frame/packet/segment would be contained in the resulting struct.
 So, increased benefit in serialization/cpu time, could result in less data to be serialized, depending on layout.
 On the other hand, each datagram::type needs to implement traits which would need to be dynamically dispatched by returning any of these types per iso level from a single function each. The result would be a performance decrease.
 See: https://doc.rust-lang.org/book/ch10-02-traits.html#returning-types-that-implement-traits
 See: https://doc.rust-lang.org/book/ch17-02-trait-objects.html#trait-objects-perform-dynamic-dispatch
 Then again, parser logic would be fewer lines + more unified using the latter method. Maybe better optimizable as well? Maybe this is a nice tradeoff?
 TODO: Implement and benchmark dynamically dispatched packet data in conjunction with restructured QryData.
 */
 #[derive(Debug, Clone)]
 pub struct QryData {
    pub id: i32,
    pub time: f64,
    pub data: Option<Vec<u8>>,
    pub ether_header: Option<packet_handler::EtherHeader>,
    pub ipv4_header: Option<packet_handler::IpV4Header>,
    pub ipv6_header: Option<packet_handler::IpV6Header>,
    pub tcp_header: Option<packet_handler::TcpHeader>,
    pub udp_header: Option<packet_handler::UdpHeader>,
    pub arp_header: Option<packet_handler::ArpHeader>,
    pub reg_res: Option<String>,
 }
 #[allow(dead_code)]
 enum EncapsulationType {
    // pcap::Linktype::get_name() is unsafe.
    EN10MB = 1, // See: https://docs.rs/pcap/0.7.0/src/pcap/lib.rs.html#247-261
    RAW = 101,  // Would this be an issue?
 }
 impl QryData {
    // This is not cool!
    // Implementing objectoriented is slower by 3-10%. Variance is all over the place. It's awful but modular!
    // Guess I'll do a roolback and do a different approach
    fn new() -> QryData {
        QryData {
            id: 0,
            time: 0.0,
            data: None,
            ether_header: None::<packet_handler::EtherHeader>,
            ipv4_header: None::<packet_handler::IpV4Header>,
            ipv6_header: None::<packet_handler::IpV6Header>,
            tcp_header: None::<packet_handler::TcpHeader>,
            udp_header: None::<packet_handler::UdpHeader>,
            arp_header: None::<packet_handler::ArpHeader>,
            reg_res: None::<String>,
        }
    }
    fn encap_en10mb(mut self, packet_data: &[u8]) ->  Self {
        //let mut pkg: QryData = new().unwrap();
        self.ether_header = Some(packet_handler::ethernet_handler(packet_data)).unwrap();
        match self.ether_header.unwrap().ether_type as usize {
            ETH_P_IP => { 
                self.ipv4_header = Some(packet_handler::ip_handler(packet_data, ETHER_HDRLEN)).unwrap();
                self.transport_layer(packet_data, self.ipv4_header.unwrap().ip_protocol as usize, self.ipv4_header.unwrap().ip_ihl, ETHER_HDRLEN)
                    .unwrap();
                self
            }
            ETH_P_IPV6 => {
                self.ipv6_header = Some(packet_handler::ipv6_handler(packet_data, ETHER_HDRLEN)).unwrap();
                self.transport_layer(packet_data, self.ipv6_header.unwrap().next_header as usize, IPV6_HDRLEN, ETHER_HDRLEN)
                    .unwrap();
                self
            }
            ETH_P_ARP | ETH_P_RARP => {
                self.arp_header = Some(packet_handler::arp_handler(packet_data, ETHER_HDRLEN)).unwrap();
                self
            }
            _ => self
        }
    }
    fn encap_raw(mut self, packet_data: &[u8]) -> Self {
        let ip_version: usize = ((packet_data[0] & 0xf0) >> 4).try_into().unwrap();
        match ip_version {
            4 => { 
                self.ipv4_header = Some(packet_handler::ip_handler(packet_data, NO_PREDECESSOR)).unwrap();
                self.transport_layer(packet_data, self.ipv4_header.unwrap().ip_protocol as usize, self.ipv4_header.unwrap().ip_ihl, NO_PREDECESSOR)
                    .unwrap();
                self
            }
            6 => {
                self.ipv6_header = Some(packet_handler::ipv6_handler(packet_data, NO_PREDECESSOR)).unwrap();
                self.transport_layer(packet_data, self.ipv6_header.unwrap().next_header as usize, IPV6_HDRLEN, NO_PREDECESSOR)
                    .unwrap();
                self
            }
            _ => self           
        }
    }
    // TODO: impl correct Err type and use in Result
    fn transport_layer(
        &mut self,
        packet_data: &[u8],
        protocol_type: usize,
        l3_header_length: u32,
        ether_hdrlen: usize,
    ) -> Result<(), core::fmt::Error> {
        match protocol_type {
            TCP => {
                self.tcp_header =
                    Some(packet_handler::tcp_handler(l3_header_length, packet_data, ether_hdrlen)).unwrap();
                self.data = Some(packet_handler::payload_handler(
                    l3_header_length,
                    self.tcp_header.unwrap().data_offset,
                    packet_data,
                    ether_hdrlen
                ))
                .unwrap();
            }
            UDP => {
                self.udp_header =
                    Some(packet_handler::udp_handler(l3_header_length, packet_data, ether_hdrlen)).unwrap();
                self.data = Some(packet_handler::payload_handler(
                    l3_header_length,
                    7,
                    packet_data,
                    ether_hdrlen
                ))
                .unwrap();
            }
            _ => println!("Transport layer protocol not implemented"),
        }
        Ok(())
    }
 fn regex_parse(&mut self, re: &Regex, packet_data: &[u8]) -> Result<(), regex::Error> {
    self.reg_res = flag_carnage(&re, packet_data);
    Ok(())
 }
  fn time(mut self, tv_usec: f64, tv_sec: f64) -> Self {
    self.time  = (tv_usec as f64 / 1000000.0) + tv_sec as f64;
    self
  }
 }
 /* Regex parse _complete_ package */
 fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
    let mut flags: String = String::new();
    for mat in re.find_iter(payload) {
        // TODO:  Test benchmark format! vs. push_str()
        // flags.push_str(&format!("{} ",std::str::from_utf8(mat.as_bytes()).unwrap()));
        // See: https://github.com/hoodie/concatenation_benchmarks-rs
        flags.push_str(std::str::from_utf8(mat.as_bytes()).unwrap());
        flags.push_str(";");
    }
    match 0 < flags.len() {
        false => None,
        true => Some(flags),
    }
 }
 pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
    let mut v: Vec<QryData> = Vec::new();
    let mut cap = Capture::from_file(parse_file).unwrap();
    Capture::filter(&mut cap, &filter_str).unwrap();
    let linktype = cap.get_datalink();
    println!("{:?}", &linktype);
    let re = Regex::new(regex_filter).unwrap();
    while let Ok(packet) = cap.next() {
        let mut me = QryData::new();
        match linktype {
            Linktype(1) => me.encap_en10mb(packet.data), //me = QryData::encap_en10mb(packet.data).unwrap(),        // EN10MB
            Linktype(12) => me.encap_raw(packet.data), //me = QryData::encap_raw(packet.data).unwrap(),     // RAW
            _ => QryData::new(),
        };
        //me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
        //me.reg_res = flag_carnage(&re, packet.data).unwrap(); // Regex overhead is between 4-9% --single threaded-- on complete packet [u8] data
        me.time(packet.header.ts.tv_usec as f64, packet.header.ts.tv_sec as f64);
         me.regex_parse(&re, packet.data).unwrap();
         v.push(me.clone());
 //        v.push(QryData {
 //            id: 0,
 //            time: me.time,
 //            data: me.data,
 //            ether_header: me.ether_header,
 //            ipv4_header: me.ipv4_header,
 //            ipv6_header: me.ipv6_header,
 //            tcp_header: me.tcp_header,
 //            udp_header: me.udp_header,
 //            arp_header: me.arp_header,
 //            reg_res: me.reg_res,
 //        });
    }
    v
 }
 /* This could need some love */
 pub fn parse_device(
    parse_device: &str,
    filter_str: &str,
    insert_max: &usize,
    regex_filter: &str,
 ) -> Vec<QryData> {
    //let mut me:  QryData = QryData::new ( );
    let mut v: Vec<QryData> = Vec::new();
    let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
    Capture::filter(&mut cap, &filter_str).unwrap();
    let linktype = cap.get_datalink();
    let re = Regex::new(regex_filter).unwrap();
    'parse: while let Ok(packet) = cap.next() {
        let mut me = QryData::new();
        match linktype {
            Linktype(1) => me.encap_en10mb(packet.data), //me = QryData::encap_en10mb(packet.data).unwrap(),
            Linktype(12) => me.encap_raw(packet.data), //me = QryData::encap_raw(packet.data).unwrap(),
            _ => QryData::new(),
        };
        me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
 //        &mut me.reg_res = flag_carnage(&re, packet.data).unwrap();
       me.time(packet.header.ts.tv_usec as f64, packet.header.ts.tv_sec as f64);
        me.regex_parse(&re, packet.data).unwrap();
        v.push(me.clone());
 //        v.push(QryData {
 //            id: 0,
 //            time: me.time,
 //            data: me.data,
 //            ether_header: me.ether_header,
 //            ipv4_header: me.ipv4_header,
 //            ipv6_header: me.ipv6_header,
 //            tcp_header: me.tcp_header,
 //            udp_header: me.udp_header,
 //            arp_header: me.arp_header,
 //            reg_res: me.reg_res,
 //        });
        if &v.len() >= insert_max {
            break 'parse;
        }
    }
    v
 }
--- a/src/parser/packet_handler.rs
+++ b/src/parser/packet_handler.rs
@ -189,7 +189,7 @@ bitfield! {
 pub fn tcp_handler(ip_hlen: u32, packet_data: &[u8], ether_hdrlen: usize) -> Option<TcpHeader> {
    let mut raw_hdr: [u8; 20] = [0; 20];
    raw_hdr.copy_from_slice(
-        &packet_data[ether_hdrlen + ip_hlen as usize * 4..ether_hdrlen+ ip_hlen as usize * 4 + 20],
+        &packet_data[ether_hdrlen + ip_hlen as usize * 4..ether_hdrlen + ip_hlen as usize * 4 + 20],
    );
    let tcp_header = BitfieldTcpHeader(raw_hdr);
@ -276,7 +276,12 @@ pub fn udp_handler(ip_hlen: u32, packet_data: &[u8], ether_hdrlen: usize) -> Opt
 }
 /* payload */
-pub fn payload_handler(ip_hlen: u32, data_offset: u32, packet_data: &[u8], ether_hdrlen: usize) -> Option<Vec<u8>> {
+pub fn payload_handler(
    ip_hlen: u32,
    data_offset: u32,
    packet_data: &[u8],
    ether_hdrlen: usize,
 ) -> Option<Vec<u8>> {
    let (_head, tail) =
        packet_data.split_at(ether_hdrlen + ip_hlen as usize * 4 + data_offset as usize * 4);
    Some(tail.to_vec())
--- a/src/parser_selfed
+++ b/src/parser_selfed
@ -0,0 +1,268 @@
 extern crate bitfield;
 extern crate byteorder;
 extern crate eui48;
 mod packet_handler;
 use pcap::{Capture, Linktype};
 use regex::bytes::Regex;
 use std::convert::TryInto;
 use std::str;
 //use std::thread::{spawn, JoinHandle};
 //use std::sync::mpsc::{channel, Receiver};
 /* protocol ids, LittleEndian */
 const ETH_P_IPV6: usize = 0xDD86;
 const ETH_P_IP: usize = 0x08;
 const TCP: usize = 0x06;
 const UDP: usize = 0x11;
 const ETH_P_ARP: usize = 0x0608;
 const ETH_P_RARP: usize = 0x3580;
 /* Protocol header sizes */
 const ETHER_HDRLEN: usize = 14;
 const NO_PREDECESSOR: usize = 0;
 const IPV6_HDRLEN: u32 = 10; // I know, this will get changed. It works for now.
 /*
 QryData could be written in the sense of QryData{ ... frame: .., packet: .., segment:.. }
 On the one hand, only the actual type of frame/packet/segment would be contained in the resulting struct.
 So, increased benefit in serialization/cpu time, could result in less data to be serialized, depending on layout.
 On the other hand, each datagram::type needs to implement traits which would need to be dynamically dispatched by returning any of these types per iso level from a single function each. The result would be a performance decrease.
 See: https://doc.rust-lang.org/book/ch10-02-traits.html#returning-types-that-implement-traits
 See: https://doc.rust-lang.org/book/ch17-02-trait-objects.html#trait-objects-perform-dynamic-dispatch
 Then again, parser logic would be fewer lines + more unified using the latter method. Maybe better optimizable as well? Maybe this is a nice tradeoff?
 TODO: Implement and benchmark dynamically dispatched packet data in conjunction with restructured QryData.
 */
 #[derive(Debug, Clone)]
 pub struct QryData {
    pub id: i32,
    pub time: f64,
    pub data: Option<Vec<u8>>,
    pub ether_header: Option<packet_handler::EtherHeader>,
    pub ipv4_header: Option<packet_handler::IpV4Header>,
    pub ipv6_header: Option<packet_handler::IpV6Header>,
    pub tcp_header: Option<packet_handler::TcpHeader>,
    pub udp_header: Option<packet_handler::UdpHeader>,
    pub arp_header: Option<packet_handler::ArpHeader>,
    pub reg_res: Option<String>,
 }
 #[allow(dead_code)]
 enum EncapsulationType {
    // pcap::Linktype::get_name() is unsafe.
    EN10MB = 1, // See: https://docs.rs/pcap/0.7.0/src/pcap/lib.rs.html#247-261
    RAW = 101,  // Would this be an issue?
 }
 impl QryData {
    // This is not cool!
    // Implementing objectoriented is slower by 3-10%. Variance is all over the place. It's awful but modular!
    // Guess I'll do a roolback and do a different approach
    fn new() -> QryData {
        QryData {
            id: 0,
            time: 0.0,
            data: None,
            ether_header: None::<packet_handler::EtherHeader>,
            ipv4_header: None::<packet_handler::IpV4Header>,
            ipv6_header: None::<packet_handler::IpV6Header>,
            tcp_header: None::<packet_handler::TcpHeader>,
            udp_header: None::<packet_handler::UdpHeader>,
            arp_header: None::<packet_handler::ArpHeader>,
            reg_res: None::<String>,
        }
    }
    fn encap_en10mb(mut self, packet_data: &[u8]) ->  Self {
        //let mut pkg: QryData = new().unwrap();
        self.ether_header = Some(packet_handler::ethernet_handler(packet_data)).unwrap();
        match self.ether_header.unwrap().ether_type as usize {
            ETH_P_IP => { 
                self.ipv4_header = Some(packet_handler::ip_handler(packet_data, ETHER_HDRLEN)).unwrap();
                self.transport_layer(packet_data, self.ipv4_header.unwrap().ip_protocol as usize, self.ipv4_header.unwrap().ip_ihl, ETHER_HDRLEN)
                    .unwrap();
                self
            }
            ETH_P_IPV6 => {
                self.ipv6_header = Some(packet_handler::ipv6_handler(packet_data, ETHER_HDRLEN)).unwrap();
                self.transport_layer(packet_data, self.ipv6_header.unwrap().next_header as usize, IPV6_HDRLEN, ETHER_HDRLEN)
                    .unwrap();
                self
            }
            ETH_P_ARP | ETH_P_RARP => {
                self.arp_header = Some(packet_handler::arp_handler(packet_data, ETHER_HDRLEN)).unwrap();
                self
            }
            _ => self
        }
    }
    fn encap_raw(mut self, packet_data: &[u8]) -> Self {
        let ip_version: usize = ((packet_data[0] & 0xf0) >> 4).try_into().unwrap();
        match ip_version {
            4 => { 
                self.ipv4_header = Some(packet_handler::ip_handler(packet_data, NO_PREDECESSOR)).unwrap();
                self.transport_layer(packet_data, self.ipv4_header.unwrap().ip_protocol as usize, self.ipv4_header.unwrap().ip_ihl, NO_PREDECESSOR)
                    .unwrap();
                self
            }
            6 => {
                self.ipv6_header = Some(packet_handler::ipv6_handler(packet_data, NO_PREDECESSOR)).unwrap();
                self.transport_layer(packet_data, self.ipv6_header.unwrap().next_header as usize, IPV6_HDRLEN, NO_PREDECESSOR)
                    .unwrap();
                self
            }
            _ => self           
        }
    }
    // TODO: impl correct Err type and use in Result
    fn transport_layer(
        &mut self,
        packet_data: &[u8],
        protocol_type: usize,
        l3_header_length: u32,
        ether_hdrlen: usize,
    ) -> Result<(), core::fmt::Error> {
        match protocol_type {
            TCP => {
                self.tcp_header =
                    Some(packet_handler::tcp_handler(l3_header_length, packet_data, ether_hdrlen)).unwrap();
                self.data = Some(packet_handler::payload_handler(
                    l3_header_length,
                    self.tcp_header.unwrap().data_offset,
                    packet_data,
                    ether_hdrlen
                ))
                .unwrap();
            }
            UDP => {
                self.udp_header =
                    Some(packet_handler::udp_handler(l3_header_length, packet_data, ether_hdrlen)).unwrap();
                self.data = Some(packet_handler::payload_handler(
                    l3_header_length,
                    7,
                    packet_data,
                    ether_hdrlen
                ))
                .unwrap();
            }
            _ => println!("Transport layer protocol not implemented"),
        }
        Ok(())
    }
 fn regex_parse(&mut self, re: &Regex, packet_data: &[u8]) -> Result<(), regex::Error> {
    self.reg_res = flag_carnage(&re, packet_data);
    Ok(())
 }
  fn time(mut self, tv_usec: f64, tv_sec: f64) -> Self {
    self.time  = (tv_usec as f64 / 1000000.0) + tv_sec as f64;
    self
  }
 }
 /* Regex parse _complete_ package */
 fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
    let mut flags: String = String::new();
    for mat in re.find_iter(payload) {
        // TODO:  Test benchmark format! vs. push_str()
        // flags.push_str(&format!("{} ",std::str::from_utf8(mat.as_bytes()).unwrap()));
        // See: https://github.com/hoodie/concatenation_benchmarks-rs
        flags.push_str(std::str::from_utf8(mat.as_bytes()).unwrap());
        flags.push_str(";");
    }
    match 0 < flags.len() {
        false => None,
        true => Some(flags),
    }
 }
 pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
    let mut v: Vec<QryData> = Vec::new();
    let mut cap = Capture::from_file(parse_file).unwrap();
    Capture::filter(&mut cap, &filter_str).unwrap();
    let linktype = cap.get_datalink();
    println!("{:?}", &linktype);
    let re = Regex::new(regex_filter).unwrap();
    while let Ok(packet) = cap.next() {
        let mut me = QryData::new();
        match linktype {
            Linktype(1) => me.encap_en10mb(packet.data), //me = QryData::encap_en10mb(packet.data).unwrap(),        // EN10MB
            Linktype(12) => me.encap_raw(packet.data), //me = QryData::encap_raw(packet.data).unwrap(),     // RAW
            _ => QryData::new(),
        };
        //me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
        //me.reg_res = flag_carnage(&re, packet.data).unwrap(); // Regex overhead is between 4-9% --single threaded-- on complete packet [u8] data
        me.time(packet.header.ts.tv_usec as f64, packet.header.ts.tv_sec as f64);
         me.regex_parse(&re, packet.data).unwrap();
         v.push(me.clone());
 //        v.push(QryData {
 //            id: 0,
 //            time: me.time,
 //            data: me.data,
 //            ether_header: me.ether_header,
 //            ipv4_header: me.ipv4_header,
 //            ipv6_header: me.ipv6_header,
 //            tcp_header: me.tcp_header,
 //            udp_header: me.udp_header,
 //            arp_header: me.arp_header,
 //            reg_res: me.reg_res,
 //        });
    }
    v
 }
 /* This could need some love */
 pub fn parse_device(
    parse_device: &str,
    filter_str: &str,
    insert_max: &usize,
    regex_filter: &str,
 ) -> Vec<QryData> {
    //let mut me:  QryData = QryData::new ( );
    let mut v: Vec<QryData> = Vec::new();
    let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
    Capture::filter(&mut cap, &filter_str).unwrap();
    let linktype = cap.get_datalink();
    let re = Regex::new(regex_filter).unwrap();
    'parse: while let Ok(packet) = cap.next() {
        let mut me = QryData::new();
        match linktype {
            Linktype(1) => me.encap_en10mb(packet.data), //me = QryData::encap_en10mb(packet.data).unwrap(),
            Linktype(12) => me.encap_raw(packet.data), //me = QryData::encap_raw(packet.data).unwrap(),
            _ => QryData::new(),
        };
        me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
 //        &mut me.reg_res = flag_carnage(&re, packet.data).unwrap();
       me.time(packet.header.ts.tv_usec as f64, packet.header.ts.tv_sec as f64);
        me.regex_parse(&re, packet.data).unwrap();
        v.push(me.clone());
 //        v.push(QryData {
 //            id: 0,
 //            time: me.time,
 //            data: me.data,
 //            ether_header: me.ether_header,
 //            ipv4_header: me.ipv4_header,
 //            ipv6_header: me.ipv6_header,
 //            tcp_header: me.tcp_header,
 //            udp_header: me.udp_header,
 //            arp_header: me.arp_header,
 //            reg_res: me.reg_res,
 //        });
        if &v.len() >= insert_max {
            break 'parse;
        }
    }
    v
 }