From 8a9f819e68de8fb8bbd5963074208c350fb0308f Mon Sep 17 00:00:00 2001 From: gurkenhabicht Date: Sun, 7 Jun 2020 23:56:53 +0200 Subject: [PATCH] added fn init_qrydata --- src/configure/mod.rs | 4 +-- src/main.rs | 3 +-- src/parser.json | 4 +-- src/parser/mod.rs | 60 ++++++++++++++++++++++++-------------------- 4 files changed, 38 insertions(+), 33 deletions(-) diff --git a/src/configure/mod.rs b/src/configure/mod.rs index 0b8c909..9b6206d 100644 --- a/src/configure/mod.rs +++ b/src/configure/mod.rs @@ -73,7 +73,7 @@ pub fn from_json_file() -> Option { File signature and encapsulation type from file See: https://www.tcpdump.org/linktypes.html */ -// Futher:file.len() is included in metadata() but only shows up if called explicitly, so maybe this is not needed at all +// Futher:file.len() is included in metadata() but only shows up if called explicitly. Maybe this is not needed at all in the end // This would be needed for comparability over time. print metadata and you will see fn bytes_from_file( entry: std::path::PathBuf ) -> Result<([u8;4], u16, u16), std::io::Error> { let mut magic_number: [u8;4] = [0;4]; @@ -97,7 +97,7 @@ pub fn map_pcap_dir ( pcap_dir: &str ) -> Option pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcapng) ), - PCAP_SIGNATURE | PCAP_SIGNATURE_BE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcap)), // TEST: Endiannes for SIGNATURE_BE may be wrong now + PCAP_SIGNATURE | PCAP_SIGNATURE_BE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcap)), // TEST: Endiannes for SIGNATURE_BE may be incorrect after introducing fn bytes_from_file() _ => None, }; // println!("{:?}", &entry.metadata().unwrap().modified()); diff --git a/src/main.rs b/src/main.rs index 1c55fcf..09c440d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -22,7 +22,6 @@ fn query_string(insert_max: &usize) -> String { insert_template } - #[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime. async fn main() -> Result<(), Error> { /* Init values from file */ @@ -59,7 +58,7 @@ async fn main() -> Result<(), Error> { match config.is_device { false => for _pcap_file in pcap_map.keys() { println!("{:?}",&_pcap_file); - // TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size + // TODO: Tuning vector capacity according to mean average & std dev of packet size let v: Vec = parser::parse(&_pcap_file, &config.filter, &config.regex_filter); //let mut v = Vec::::with_capacity(35536); //v.extend(parser::parse(&_pcap_file, &config.filter)); diff --git a/src/parser.json b/src/parser.json index eb28c9c..16ef13b 100644 --- a/src/parser.json +++ b/src/parser.json @@ -1,7 +1,7 @@ { "insert_max": 20000, - "filter": " !ip6 && tcp", - "regex_filter": "192.168.0.13", + "filter": " !ip6 && tcp || udp", + "regex_filter": "(?:http|https)[[::punct::]]//([[::word::]]+\\.)*", "from_device": false, "parse_device": "enp7s0", "pcap_file": "", diff --git a/src/parser/mod.rs b/src/parser/mod.rs index 6301b61..9020c89 100644 --- a/src/parser/mod.rs +++ b/src/parser/mod.rs @@ -40,6 +40,33 @@ pub struct QryData { pub reg_res: Option, } +fn init_qrydata( ) -> Result { + let ether_init = build_ether(); + Ok(QryData { + id: 0, + time: 0.0, + data: None, + ether_header: ether_init, + ipv4_header: None::, + ipv6_header: None::, + tcp_header: None::, + udp_header: None::, + arp_header: None::, + reg_res: None::, + }) + +} + +//fn link_layer_protocol ( packet_data: &[u8] ) -> Option { +// Some(packet_handler::ethernet_handler(packet_data)) //this needs some love, obviously +//} +// +//fn network_layer_protocol ( packet_data: &[u8], prot_type: usize ) -> Option { +//} +// +//fn transport_layer_protocol ( packet_data: &[u8], prot_type: usize ) -> Option { +//} + /* Regex parse _complete_ package */ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option { let mut flags: String = String::new(); @@ -54,19 +81,7 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option { } pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec { - let ether_init = build_ether(); - let mut me = QryData { - id: 0, - time: 0.0, - data: None, - ether_header: ether_init, - ipv4_header: None::, - ipv6_header: None::, - tcp_header: None::, - udp_header: None::, - arp_header: None::, - reg_res: None::, - }; + let mut me: QryData = init_qrydata().unwrap(); let mut v: Vec = Vec::new(); let mut cap = Capture::from_file(parse_file).unwrap(); @@ -83,6 +98,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap(); match me.ipv4_header.unwrap().ip_protocol as usize { TCP => { + me.udp_header = None::; me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data, @@ -95,6 +111,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) )).unwrap(); } UDP => { + me.tcp_header = None::; me.udp_header = Some(packet_handler::udp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data, @@ -114,6 +131,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap(); match me.ipv6_header.unwrap().next_header as usize { TCP => { + me.udp_header = None::; me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler( 10, @@ -122,6 +140,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) )).unwrap(); } UDP => { + me.tcp_header = None::; me.udp_header = Some(packet_handler::udp_handler(10, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler(10, 7, packet.data)).unwrap(); } @@ -153,20 +172,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) /* This could need some love */ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec { - let ether_init = build_ether(); - - let mut me = QryData { - id: 0, - time: 0.0, - data: None, - ether_header: ether_init, - ipv4_header: None::, - ipv6_header: None::, - tcp_header: None::, - udp_header: None::, - arp_header: None::, - reg_res: None::, - }; + let mut me: QryData = init_qrydata ( ).unwrap(); let mut v: Vec = Vec::new(); let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); Capture::filter(&mut cap, &filter_str).unwrap();