added fn init_qrydata
This commit is contained in:
parent
16a2253f23
commit
8a9f819e68
|
|
@ -73,7 +73,7 @@ pub fn from_json_file() -> Option<Config> {
|
|||
File signature and encapsulation type from file
|
||||
See: https://www.tcpdump.org/linktypes.html
|
||||
*/
|
||||
// Futher:file.len() is included in metadata() but only shows up if called explicitly, so maybe this is not needed at all
|
||||
// Futher:file.len() is included in metadata() but only shows up if called explicitly. Maybe this is not needed at all in the end
|
||||
// This would be needed for comparability over time. print metadata and you will see
|
||||
fn bytes_from_file( entry: std::path::PathBuf ) -> Result<([u8;4], u16, u16), std::io::Error> {
|
||||
let mut magic_number: [u8;4] = [0;4];
|
||||
|
|
@ -97,7 +97,7 @@ pub fn map_pcap_dir ( pcap_dir: &str ) -> Option<std::collections::HashMap<std::
|
|||
let (magic_number, enc_pcap, enc_pcapng) = bytes_from_file(entry.path()).unwrap();
|
||||
match magic_number {
|
||||
PCAPNG_SIGNATURE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcapng) ),
|
||||
PCAP_SIGNATURE | PCAP_SIGNATURE_BE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcap)), // TEST: Endiannes for SIGNATURE_BE may be wrong now
|
||||
PCAP_SIGNATURE | PCAP_SIGNATURE_BE => pcap_map.insert(entry.path(), FileInfo::new(entry.path(), enc_pcap)), // TEST: Endiannes for SIGNATURE_BE may be incorrect after introducing fn bytes_from_file()
|
||||
_ => None,
|
||||
};
|
||||
// println!("{:?}", &entry.metadata().unwrap().modified());
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ fn query_string(insert_max: &usize) -> String {
|
|||
insert_template
|
||||
}
|
||||
|
||||
|
||||
#[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime.
|
||||
async fn main() -> Result<(), Error> {
|
||||
/* Init values from file */
|
||||
|
|
@ -59,7 +58,7 @@ async fn main() -> Result<(), Error> {
|
|||
match config.is_device {
|
||||
false => for _pcap_file in pcap_map.keys() {
|
||||
println!("{:?}",&_pcap_file);
|
||||
// TODO: Tuning vector capacity according to actuarial excpectation, mean average & std dev of packet size
|
||||
// TODO: Tuning vector capacity according to mean average & std dev of packet size
|
||||
let v: Vec<parser::QryData> = parser::parse(&_pcap_file, &config.filter, &config.regex_filter);
|
||||
//let mut v = Vec::<parser::QryData>::with_capacity(35536);
|
||||
//v.extend(parser::parse(&_pcap_file, &config.filter));
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"insert_max": 20000,
|
||||
"filter": " !ip6 && tcp",
|
||||
"regex_filter": "192.168.0.13",
|
||||
"filter": " !ip6 && tcp || udp",
|
||||
"regex_filter": "(?:http|https)[[::punct::]]//([[::word::]]+\\.)*",
|
||||
"from_device": false,
|
||||
"parse_device": "enp7s0",
|
||||
"pcap_file": "",
|
||||
|
|
|
|||
|
|
@ -40,6 +40,33 @@ pub struct QryData {
|
|||
pub reg_res: Option<String>,
|
||||
}
|
||||
|
||||
fn init_qrydata( ) -> Result<QryData, core::fmt::Error> {
|
||||
let ether_init = build_ether();
|
||||
Ok(QryData {
|
||||
id: 0,
|
||||
time: 0.0,
|
||||
data: None,
|
||||
ether_header: ether_init,
|
||||
ipv4_header: None::<packet_handler::IpV4Header>,
|
||||
ipv6_header: None::<packet_handler::IpV6Header>,
|
||||
tcp_header: None::<packet_handler::TcpHeader>,
|
||||
udp_header: None::<packet_handler::UdpHeader>,
|
||||
arp_header: None::<packet_handler::ArpHeader>,
|
||||
reg_res: None::<String>,
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
//fn link_layer_protocol <T> ( packet_data: &[u8] ) -> Option<T> {
|
||||
// Some(packet_handler::ethernet_handler(packet_data)) //this needs some love, obviously
|
||||
//}
|
||||
//
|
||||
//fn network_layer_protocol <T> ( packet_data: &[u8], prot_type: usize ) -> Option<T> {
|
||||
//}
|
||||
//
|
||||
//fn transport_layer_protocol <T> ( packet_data: &[u8], prot_type: usize ) -> Option<T> {
|
||||
//}
|
||||
|
||||
/* Regex parse _complete_ package */
|
||||
fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
||||
let mut flags: String = String::new();
|
||||
|
|
@ -54,19 +81,7 @@ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option<String> {
|
|||
}
|
||||
|
||||
pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec<QryData> {
|
||||
let ether_init = build_ether();
|
||||
let mut me = QryData {
|
||||
id: 0,
|
||||
time: 0.0,
|
||||
data: None,
|
||||
ether_header: ether_init,
|
||||
ipv4_header: None::<packet_handler::IpV4Header>,
|
||||
ipv6_header: None::<packet_handler::IpV6Header>,
|
||||
tcp_header: None::<packet_handler::TcpHeader>,
|
||||
udp_header: None::<packet_handler::UdpHeader>,
|
||||
arp_header: None::<packet_handler::ArpHeader>,
|
||||
reg_res: None::<String>,
|
||||
};
|
||||
let mut me: QryData = init_qrydata().unwrap();
|
||||
let mut v: Vec<QryData> = Vec::new();
|
||||
|
||||
let mut cap = Capture::from_file(parse_file).unwrap();
|
||||
|
|
@ -83,6 +98,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
|
|||
me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap();
|
||||
match me.ipv4_header.unwrap().ip_protocol as usize {
|
||||
TCP => {
|
||||
me.udp_header = None::<packet_handler::UdpHeader>;
|
||||
me.tcp_header = Some(packet_handler::tcp_handler(
|
||||
me.ipv4_header.unwrap().ip_ihl,
|
||||
packet.data,
|
||||
|
|
@ -95,6 +111,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
|
|||
)).unwrap();
|
||||
}
|
||||
UDP => {
|
||||
me.tcp_header = None::<packet_handler::TcpHeader>;
|
||||
me.udp_header = Some(packet_handler::udp_handler(
|
||||
me.ipv4_header.unwrap().ip_ihl,
|
||||
packet.data,
|
||||
|
|
@ -114,6 +131,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
|
|||
me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap();
|
||||
match me.ipv6_header.unwrap().next_header as usize {
|
||||
TCP => {
|
||||
me.udp_header = None::<packet_handler::UdpHeader>;
|
||||
me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap();
|
||||
me.data = Some(packet_handler::payload_handler(
|
||||
10,
|
||||
|
|
@ -122,6 +140,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
|
|||
)).unwrap();
|
||||
}
|
||||
UDP => {
|
||||
me.tcp_header = None::<packet_handler::TcpHeader>;
|
||||
me.udp_header = Some(packet_handler::udp_handler(10, packet.data)).unwrap();
|
||||
me.data = Some(packet_handler::payload_handler(10, 7, packet.data)).unwrap();
|
||||
}
|
||||
|
|
@ -153,20 +172,7 @@ pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str)
|
|||
|
||||
/* This could need some love */
|
||||
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec<QryData> {
|
||||
let ether_init = build_ether();
|
||||
|
||||
let mut me = QryData {
|
||||
id: 0,
|
||||
time: 0.0,
|
||||
data: None,
|
||||
ether_header: ether_init,
|
||||
ipv4_header: None::<packet_handler::IpV4Header>,
|
||||
ipv6_header: None::<packet_handler::IpV6Header>,
|
||||
tcp_header: None::<packet_handler::TcpHeader>,
|
||||
udp_header: None::<packet_handler::UdpHeader>,
|
||||
arp_header: None::<packet_handler::ArpHeader>,
|
||||
reg_res: None::<String>,
|
||||
};
|
||||
let mut me: QryData = init_qrydata ( ).unwrap();
|
||||
let mut v: Vec<QryData> = Vec::new();
|
||||
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
|
||||
Capture::filter(&mut cap, &filter_str).unwrap();
|
||||
|
|
|
|||
Loading…
Reference in New Issue