stefan
/
tpcpr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added fn init_qrydata

This commit is contained in:
gurkenhabicht 2020-06-07 23:56:53 +02:00
parent 16a2253f23
commit 8a9f819e68
4 changed files with 38 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/configure/mod.rs
View File

@ -73,7 +73,7 @@ pub fn from_json_file() -> Option<Config> {
File signature and encapsulation type from file File signature and encapsulation type from file
See: https://www.tcpdump.org/linktypes.html See: https://www.tcpdump.org/linktypes.html
*/ */
// Futher:file.len() is included in metadata() but only shows up if called explicitly, so maybe this is not needed at all // Futher:file.len() is included in metadata() but only shows up if called explicitly. Maybe this is not needed at all in the end
// This would be needed for comparability over time. print metadata and you will see // This would be needed for comparability over time. print metadata and you will see
fn bytes_from_file( entry: std::path::PathBuf ) -> Result<([u8;4], u16, u16), std::io::Error> { fn bytes_from_file( entry: std::path::PathBuf ) -> Result<([u8;4], u16, u16), std::io::Error> {
let mut magic_number: [u8;4] = [0;4]; let mut magic_number: [u8;4] = [0;4];
@ -97,7 +97,7 @@ pub fn map_pcap_dir ( pcap_dir: &str ) -> Option<std::collections::HashMap<std::
let (magic_number, enc_pcap, enc_pcapng) = bytes_from_file(entry.path()).unwrap(); let (magic_number, enc_pcap, enc_pcapng) = bytes_from_file(entry.path()).unwrap();
match magic_number { match magic_number {
PCAPNG_SIGNATURE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcapng) ), PCAPNG_SIGNATURE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcapng) ),
PCAP_SIGNATURE | PCAP_SIGNATURE_BE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcap)), // TEST: Endiannes for SIGNATURE_BE may be wrong now PCAP_SIGNATURE | PCAP_SIGNATURE_BE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcap)), // TEST: Endiannes for SIGNATURE_BE may be incorrect after introducing fn bytes_from_file()
_ => None, _ => None,
}; };
// println!("{:?}", &entry.metadata().unwrap().modified()); // println!("{:?}", &entry.metadata().unwrap().modified());

3
src/main.rs
View File

@ -22,7 +22,6 @@ fn query_string(insert_max: &usize) -> String {
insert_template insert_template
} }
#[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime. #[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime.
async fn main() -> Result<(), Error> { async fn main() -> Result<(), Error> {
/* Init values from file */ /* Init values from file */
@ -59,7 +58,7 @@ async fn main() -> Result<(), Error> {
match config.is_device { match config.is_device {
false => for _pcap_file in pcap_map.keys() { false => for _pcap_file in pcap_map.keys() {
println!("{:?}",&_pcap_file); println!("{:?}",&_pcap_file);
// TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size // TODO: Tuning vector capacity according to mean average & std dev of packet size
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter); let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter);
//let mut v = Vec::<parser::QryData>::with_capacity(35536); //let mut v = Vec::<parser::QryData>::with_capacity(35536);
//v.extend(parser::parse(&_pcap_file, &config.filter)); //v.extend(parser::parse(&_pcap_file, &config.filter));

4
src/parser.json
View File

@ -1,7 +1,7 @@
{ {
"insert_max": 20000, "insert_max": 20000,
"filter": " !ip6 && tcp", "filter": " !ip6 && tcp || udp",
"regex_filter": "192.168.0.13", "regex_filter": "(?:http|https)[[::punct::]]//([[::word::]]+\\.)*",
"from_device": false, "from_device": false,
"parse_device": "enp7s0", "parse_device": "enp7s0",
"pcap_file": "", "pcap_file": "",

60
src/parser/mod.rs
View File

@ -40,6 +40,33 @@ pub struct QryData {
pub reg_res: Option<String>, pub reg_res: Option<String>,
} }
fn init_qrydata( ) -> Result<QryData, core::fmt::Error> {
let ether_init = build_ether();
Ok(QryData {
id: 0,
time: 0.0,
data: None,
ether_header: ether_init,
ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>,
udp_header: None::<packet_handler::UdpHeader>,
arp_header: None::<packet_handler::ArpHeader>,
reg_res: None::<String>,
})
}
//fn link_layer_protocol <T> ( packet_data: &[u8] ) -> Option<T> {
// Some(packet_handler::ethernet_handler(packet_data)) //this needs some love, obviously
//}
//
//fn network_layer_protocol <T> ( packet_data: &[u8], prot_type: usize ) -> Option<T> {
//}
//
//fn transport_layer_protocol <T> ( packet_data: &[u8], prot_type: usize ) -> Option<T> {
//}
/* Regex parse _complete_ package */ /* Regex parse _complete_ package */
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> { fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
let mut flags: String = String::new(); let mut flags: String = String::new();
@ -54,19 +81,7 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
} }
pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> { pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
let ether_init = build_ether(); let mut me: QryData = init_qrydata().unwrap();
let mut me = QryData {
id: 0,
time: 0.0,
data: None,
ether_header: ether_init,
ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>,
udp_header: None::<packet_handler::UdpHeader>,
arp_header: None::<packet_handler::ArpHeader>,
reg_res: None::<String>,
};
let mut v: Vec<QryData> = Vec::new(); let mut v: Vec<QryData> = Vec::new();
let mut cap = Capture::from_file(parse_file).unwrap(); let mut cap = Capture::from_file(parse_file).unwrap();
@ -83,6 +98,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap(); me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap();
match me.ipv4_header.unwrap().ip_protocol as usize { match me.ipv4_header.unwrap().ip_protocol as usize {
TCP => { TCP => {
me.udp_header = None::<packet_handler::UdpHeader>;
me.tcp_header = Some(packet_handler::tcp_handler( me.tcp_header = Some(packet_handler::tcp_handler(
me.ipv4_header.unwrap().ip_ihl, me.ipv4_header.unwrap().ip_ihl,
packet.data, packet.data,
@ -95,6 +111,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
)).unwrap(); )).unwrap();
} }
UDP => { UDP => {
me.tcp_header = None::<packet_handler::TcpHeader>;
me.udp_header = Some(packet_handler::udp_handler( me.udp_header = Some(packet_handler::udp_handler(
me.ipv4_header.unwrap().ip_ihl, me.ipv4_header.unwrap().ip_ihl,
packet.data, packet.data,
@ -114,6 +131,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap(); me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap();
match me.ipv6_header.unwrap().next_header as usize { match me.ipv6_header.unwrap().next_header as usize {
TCP => { TCP => {
me.udp_header = None::<packet_handler::UdpHeader>;
me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap(); me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap();
me.data = Some(packet_handler::payload_handler( me.data = Some(packet_handler::payload_handler(
10, 10,
@ -122,6 +140,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
)).unwrap(); )).unwrap();
} }
UDP => { UDP => {
me.tcp_header = None::<packet_handler::TcpHeader>;
me.udp_header = Some(packet_handler::udp_handler(10, packet.data)).unwrap(); me.udp_header = Some(packet_handler::udp_handler(10, packet.data)).unwrap();
me.data = Some(packet_handler::payload_handler(10, 7, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler(10, 7, packet.data)).unwrap();
} }
@ -153,20 +172,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
/* This could need some love */ /* This could need some love */
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec<QryData> { pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec<QryData> {
let ether_init = build_ether(); let mut me: QryData = init_qrydata ( ).unwrap();
let mut me = QryData {
id: 0,
time: 0.0,
data: None,
ether_header: ether_init,
ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>,
udp_header: None::<packet_handler::UdpHeader>,
arp_header: None::<packet_handler::ArpHeader>,
reg_res: None::<String>,
};
let mut v: Vec<QryData> = Vec::new(); let mut v: Vec<QryData> = Vec::new();
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
Capture::filter(&mut cap, &filter_str).unwrap(); Capture::filter(&mut cap, &filter_str).unwrap();