From 8e553bee9ed7e537267fa1366808a4ceac7356f9 Mon Sep 17 00:00:00 2001 From: gurkenhabicht Date: Thu, 21 May 2020 00:54:56 +0200 Subject: [PATCH] implemented regex parser to stdout --- src/main.rs | 195 ++++++++++++--------- src/parser.rs | 226 ++++++++++++++---------- src/parser/packet_handler.rs | 322 +++++++++++++++++------------------ src/parser/reg_parser.rs | 22 +++ 4 files changed, 430 insertions(+), 335 deletions(-) create mode 100644 src/parser/reg_parser.rs diff --git a/src/main.rs b/src/main.rs index 2a98431..78fc34c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,13 +1,13 @@ -extern crate tokio_postgres; extern crate serde_json; extern crate tokio; +extern crate tokio_postgres; use rayon::prelude::*; -use serde::ser::{Serialize, Serializer, SerializeStruct}; -use std::fs::File; +use serde::ser::{Serialize, SerializeStruct, Serializer}; use serde_json::json; +use std::fs::File; mod parser; use tokio_postgres::types::ToSql; -use tokio_postgres::{NoTls, Error}; +use tokio_postgres::{Error, NoTls}; impl Serialize for parser::QryData { fn serialize(&self, serializer: S) -> Result @@ -16,7 +16,7 @@ impl Serialize for parser::QryData { { // 34 (42) is the number of fields in the struct. let mut state = serializer.serialize_struct("parser::QryData", 34)?; - state.serialize_field("time", &self.time)?; + state.serialize_field("time", &self.time)?; state.serialize_field("ether_header.ether_dhost", &self.ether_header.ether_dhost)?; state.serialize_field("ether_header.ether_shost", &self.ether_header.ether_shost)?; state.serialize_field("ether_header.ether_type", &self.ether_header.ether_type)?; @@ -28,49 +28,60 @@ impl Serialize for parser::QryData { } } -fn serialize_packets ( v: Vec ) -> Vec { - // let mut packets_serialized: Vec<_> = Vec::new(); +fn serialize_packets(v: Vec) -> Vec { + // let mut packets_serialized: Vec<_> = Vec::new(); + + // for packet in v.iter() { + // // packets_serialized.push(json!(&packet)); + // } - // for packet in v.iter() { - // // packets_serialized.push(json!(&packet)); - // } - /* rayon parallelized */ - let packets_serialized = v.par_iter().map( |x| json!(x) ).collect(); + let packets_serialized = v.par_iter().map(|x| json!(x)).collect(); packets_serialized } -fn query_string ( insert_max: &usize ) -> String { +fn query_string(insert_max: &usize) -> String { let mut insert_template: String = "INSERT INTO json_dump (packet) Values ".to_owned(); - for insert in 0..insert_max-1 { insert_template.push_str( &(format!("(${}), ", insert+1)) );} - insert_template.push_str( &(format!("(${})", insert_max)) ); + for insert in 0..insert_max - 1 { + insert_template.push_str(&(format!("(${}), ", insert + 1))); + } + insert_template.push_str(&(format!("(${})", insert_max))); insert_template } #[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime. async fn main() -> Result<(), Error> { - /* Init values from file */ let file = File::open("parser.json").expect("file should open read only"); - + let json: serde_json::Value = serde_json::from_reader(file).unwrap(); let filter = json.get("filter").unwrap().as_str().unwrap(); - let insert_max = json.get("insert_max").unwrap().as_u64().unwrap() as usize; + let insert_max = json.get("insert_max").unwrap().as_u64().unwrap() as usize; let pcap_file = json.get("pcap_file").unwrap().as_str().unwrap(); - let host = ["host=", json.get("database_host").unwrap().as_str().unwrap()].join(""); - let user = ["user=", json.get("database_user").unwrap().as_str().unwrap()].join(""); - let password = ["password=", json.get("database_password").unwrap().as_str().unwrap()].join(""); - let connection = [host, user, password].join(" "); + let host = [ + "host=", + json.get("database_host").unwrap().as_str().unwrap(), + ] + .join(""); + let user = [ + "user=", + json.get("database_user").unwrap().as_str().unwrap(), + ] + .join(""); + let password = [ + "password=", + json.get("database_password").unwrap().as_str().unwrap(), + ] + .join(""); + let connection = [host, user, password].join(" "); let device = json.get("parse_device").unwrap().as_str().unwrap(); let is_device = json.get("from_device").unwrap().as_bool().unwrap(); - /* db connection */ - let (client, connection) = - tokio_postgres::connect(&connection, NoTls).await?; + let (client, connection) = tokio_postgres::connect(&connection, NoTls).await?; tokio::spawn(async move { if let Err(e) = connection.await { @@ -78,72 +89,91 @@ async fn main() -> Result<(), Error> { } }); - client.execute("DROP TABLE IF EXISTS json_dump", &[]).await?; - client.execute("CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, packet json NOT NULL)", &[]).await?; + client + .execute("DROP TABLE IF EXISTS json_dump", &[]) + .await?; + client + .execute( + "CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, packet json NOT NULL)", + &[], + ) + .await?; /* device or file input */ - if false == is_device { - - let v: Vec = parser::parse(&pcap_file, &filter ); - let packets_serialized = serialize_packets( v ); + if false == is_device { + let v: Vec = parser::parse(&pcap_file, &filter); + let packets_serialized = serialize_packets(v); - /* Query */ - //let insert_max = 60; - let chunk_count = packets_serialized.len()/insert_max; - let remainder: usize = packets_serialized.len() % insert_max; - let chunker = &packets_serialized.len() < &insert_max; - match chunker { - true => { - let insert_str = query_string( &packets_serialized.len() ); - let statement_false = client.prepare( &insert_str ).await?; - client.query_raw(&statement_false, packets_serialized.iter().map(|p| p as &dyn ToSql)).await?; - }, + /* Query */ + //let insert_max = 60; + let chunk_count = packets_serialized.len() / insert_max; + let remainder: usize = packets_serialized.len() % insert_max; + let chunker = &packets_serialized.len() < &insert_max; + match chunker { + true => { + let insert_str = query_string(&packets_serialized.len()); + let statement_false = client.prepare(&insert_str).await?; + client + .query_raw( + &statement_false, + packets_serialized.iter().map(|p| p as &dyn ToSql), + ) + .await?; + } - false => { - - let insert_str = query_string( &insert_max ); - let statement = client.prepare( &insert_str ).await?; - - - for _i in 0..chunk_count { - let (_input, _)= packets_serialized.split_at(insert_max); - client.query_raw(&statement, _input.to_vec().iter().map(|p| p as &dyn ToSql)).await?; - } - - println!("Packets, total:{:?}",packets_serialized.len()); - println!("Chunks, total:{}", chunk_count); - println!("Chunks, remainder{}", remainder); - - if remainder > 0 { - let rem_str = query_string( &remainder ); - let statement_remainder = client.prepare(&rem_str).await?; - let (_garbage, _input) =packets_serialized.split_at(packets_serialized.len()-remainder); - client.query_raw(&statement_remainder, _input.to_vec().iter().map(|p| p as &dyn ToSql),).await?; - } + false => { + let insert_str = query_string(&insert_max); + let statement = client.prepare(&insert_str).await?; - } - } - + for _i in 0..chunk_count { + let (_input, _) = packets_serialized.split_at(insert_max); + client + .query_raw(&statement, _input.to_vec().iter().map(|p| p as &dyn ToSql)) + .await?; + } + + println!("Packets, total:{:?}", packets_serialized.len()); + println!("Chunks, total:{}", chunk_count); + println!("Chunks, remainder{}", remainder); + + if remainder > 0 { + let rem_str = query_string(&remainder); + let statement_remainder = client.prepare(&rem_str).await?; + let (_garbage, _input) = + packets_serialized.split_at(packets_serialized.len() - remainder); + client + .query_raw( + &statement_remainder, + _input.to_vec().iter().map(|p| p as &dyn ToSql), + ) + .await?; + } + } + } } else { let insert_str = query_string(&insert_max); let statement = client.prepare(&insert_str).await?; loop { - let v: Vec = parser::parse_device(&device, &filter, &insert_max); - let packets_serialized = serialize_packets( v ); - client.query_raw(&statement, packets_serialized.iter().map(|p| p as &dyn ToSql),).await?; - } + let v: Vec = parser::parse_device(&device, &filter, &insert_max); + let packets_serialized = serialize_packets(v); + client + .query_raw( + &statement, + packets_serialized.iter().map(|p| p as &dyn ToSql), + ) + .await?; + } } - - + Ok(()) - } #[test] -fn test_insert_json () { -use serde_json::json; - let mut client = Client::connect("host=localhost user=postgres password=password", NoTls).unwrap(); - let john = json!({ +fn test_insert_json() { + use serde_json::json; + let mut client = + Client::connect("host=localhost user=postgres password=password", NoTls).unwrap(); + let john = json!({ "name": "John Doe", "age": 43, "phones": [ @@ -153,9 +183,12 @@ use serde_json::json; "empty": [] }); - client.execute("DROP TABLE IF EXISTS json_dump", &[]).unwrap(); - client.execute("CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, data json NOT NULL)", &[]); + client + .execute("DROP TABLE IF EXISTS json_dump", &[]) + .unwrap(); + client.execute( + "CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, data json NOT NULL)", + &[], + ); client.query("INSERT INTO json_dump ( data ) VALUES ($1)", &[&john]); } - - diff --git a/src/parser.rs b/src/parser.rs index eacfbb0..c81cbe0 100644 --- a/src/parser.rs +++ b/src/parser.rs @@ -1,87 +1,51 @@ -extern crate byteorder; extern crate bitfield; +extern crate byteorder; extern crate eui48; mod packet_handler; -use pcap::Capture; use eui48::MacAddress; +use pcap::Capture; //use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; use std::str; +use regex::bytes::Regex; +use regex::bytes::Match; +/* protocol ids, LittleEndian */ +const ETH_P_IPV6: usize = 0xDD86; +const ETH_P_IP: usize = 0x08; +const TCP: usize = 0x06; -/* protocol ids, LittleEndian */ -const ETH_P_IPV6: usize = 0xDD86; -const ETH_P_IP: usize = 0x08; -const TCP: usize = 0x06; - - -fn build_ether () -> packet_handler::EtherHeader { +fn build_ether() -> packet_handler::EtherHeader { packet_handler::EtherHeader { - ether_dhost: (MacAddress::new([0;6])).to_hex_string(), - ether_shost: (MacAddress::new([0;6])).to_hex_string(), - ether_type: 0, + ether_dhost: (MacAddress::new([0; 6])).to_hex_string(), + ether_shost: (MacAddress::new([0; 6])).to_hex_string(), + ether_type: 0, } } - // TODO: wrap packet_handler types inside Option #[derive(Debug, Clone)] -pub struct QryData{ - pub id: i32, - pub time: f64, - pub data: Option>, - pub ether_header: packet_handler::EtherHeader, - pub ipv4_header: Option, - pub ipv6_header: Option, - pub tcp_header: Option, +pub struct QryData { + pub id: i32, + pub time: f64, + pub data: Option>, + pub ether_header: packet_handler::EtherHeader, + pub ipv4_header: Option, + pub ipv6_header: Option, + pub tcp_header: Option, } -pub fn parse (parse_file: &str, filter_str: &str) -> Vec { - let ether_init = build_ether(); - - let mut me = QryData { - id: 0, - time: 0.0, - data: None, - ether_header: ether_init, - ipv4_header: None::, - ipv6_header: None::, - tcp_header: None::, - - }; - let mut v: Vec = Vec::new(); - - let mut cap = Capture::from_file(parse_file).unwrap(); - Capture::filter(&mut cap, &filter_str).unwrap(); - - while let Ok(packet) = cap.next() { - me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; - me.data = Some(packet.data.to_vec()); - me.ether_header = packet_handler::ethernet_handler( packet.data ); - if ETH_P_IP == me.ether_header.ether_type as usize { - me.ipv6_header = None::; - me.ipv4_header = Some(packet_handler::ip_handler( packet.data )).unwrap(); - if TCP == me.ipv4_header.unwrap().ip_protocol as usize { - me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data )).unwrap(); - me.data= packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, me.tcp_header.unwrap().data_offset, packet.data); - } - +fn flag_carnage( re: &Regex, payload: &[u8]) -> Option { + //let _payload: [u8] = payload.copy_from_slice(&payload); + for mat in re.find_iter(payload){ + //println!("{:?}", mat.as_bytes().to_owned().as_string()); + println!("{:?}", std::str::from_utf8(mat.as_bytes())); } - if ETH_P_IPV6 == me.ether_header.ether_type as usize { - me.ipv4_header = None::; - me.ipv6_header = Some(packet_handler::ipv6_handler( packet.data )).unwrap(); - if TCP == me.ipv6_header.unwrap().next_header as usize{ - me.tcp_header = Some(packet_handler::tcp_handler( 10, packet.data )).unwrap(); - me.data = packet_handler::payload_handler( 10, me.tcp_header.unwrap().data_offset, packet.data); - } - } - - v.push(QryData{id:0, time:me.time, data: me.data, ether_header:me.ether_header, ipv4_header: me.ipv4_header, ipv6_header: me.ipv6_header, tcp_header: me.tcp_header}); - - } - v -} -pub fn parse_device (parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec { + Some("test".to_owned()) +} + + +pub fn parse(parse_file: &str, filter_str: &str) -> Vec { let ether_init = build_ether(); let mut me = QryData { @@ -91,36 +55,119 @@ pub fn parse_device (parse_device: &str, filter_str: &str, insert_max: &usize) - ether_header: ether_init, ipv4_header: None::, ipv6_header: None::, - tcp_header: None::, + tcp_header: None::, + }; + let mut v: Vec = Vec::new(); + + let mut cap = Capture::from_file(parse_file).unwrap(); + Capture::filter(&mut cap, &filter_str).unwrap(); + let re = Regex::new(r"(?:http|https):[[::punct::]]?").unwrap(); + while let Ok(packet) = cap.next() { + me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; + me.data = Some(packet.data.to_vec()); + flag_carnage( &re, packet.data); + me.ether_header = packet_handler::ethernet_handler(packet.data); + if ETH_P_IP == me.ether_header.ether_type as usize { + me.ipv6_header = None::; + me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap(); + if TCP == me.ipv4_header.unwrap().ip_protocol as usize { + me.tcp_header = Some(packet_handler::tcp_handler( + me.ipv4_header.unwrap().ip_ihl, + packet.data, + )) + .unwrap(); + me.data = packet_handler::payload_handler( + me.ipv4_header.unwrap().ip_ihl, + me.tcp_header.unwrap().data_offset, + packet.data, + ); + } + } + if ETH_P_IPV6 == me.ether_header.ether_type as usize { + me.ipv4_header = None::; + me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap(); + if TCP == me.ipv6_header.unwrap().next_header as usize { + me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap(); + me.data = packet_handler::payload_handler( + 10, + me.tcp_header.unwrap().data_offset, + packet.data, + ); + } + } + + v.push(QryData { + id: 0, + time: me.time, + data: me.data, + ether_header: me.ether_header, + ipv4_header: me.ipv4_header, + ipv6_header: me.ipv6_header, + tcp_header: me.tcp_header, + }); + } + v +} + +pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec { + let ether_init = build_ether(); + + let mut me = QryData { + id: 0, + time: 0.0, + data: None, + ether_header: ether_init, + ipv4_header: None::, + ipv6_header: None::, + tcp_header: None::, }; let mut v: Vec = Vec::new(); let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); Capture::filter(&mut cap, &filter_str).unwrap(); - - 'parse: while let Ok(packet) = cap.next(){ - me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; - me.data = Some(packet.data.to_vec()); - me.ether_header = packet_handler::ethernet_handler( packet.data ); - if ETH_P_IP == me.ether_header.ether_type as usize { - me.ipv6_header = None::; - me.ipv4_header = Some(packet_handler::ip_handler( packet.data )).unwrap(); - if TCP == me.ipv4_header.unwrap().ip_protocol as usize{ - me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data )).unwrap(); - me.data= packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, me.tcp_header.unwrap().data_offset, packet.data); - } - } - if ETH_P_IPV6 == me.ether_header.ether_type as usize { - me.ipv4_header = None::; - me.ipv6_header = Some(packet_handler::ipv6_handler( packet.data)).unwrap(); - if TCP == me.ipv6_header.unwrap().next_header as usize { - me.tcp_header = Some(packet_handler::tcp_handler( 10, packet.data )).unwrap(); - me.data = packet_handler::payload_handler( 10, me.tcp_header.unwrap().data_offset, packet.data); + let re = Regex::new(r"(?:http|https):[[::punct::]]").unwrap(); + 'parse: while let Ok(packet) = cap.next() { + me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; + me.data = Some(packet.data.to_vec()); + me.ether_header = packet_handler::ethernet_handler(packet.data); + if ETH_P_IP == me.ether_header.ether_type as usize { + me.ipv6_header = None::; + me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap(); + if TCP == me.ipv4_header.unwrap().ip_protocol as usize { + me.tcp_header = Some(packet_handler::tcp_handler( + me.ipv4_header.unwrap().ip_ihl, + packet.data, + )) + .unwrap(); + me.data = packet_handler::payload_handler( + me.ipv4_header.unwrap().ip_ihl, + me.tcp_header.unwrap().data_offset, + packet.data, + ); } } - - v.push(QryData{id:0, time:me.time, data: me.data, ether_header:me.ether_header, ipv4_header: me.ipv4_header, ipv6_header: me.ipv6_header, tcp_header: me.tcp_header}); - + if ETH_P_IPV6 == me.ether_header.ether_type as usize { + me.ipv4_header = None::; + me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap(); + if TCP == me.ipv6_header.unwrap().next_header as usize { + me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap(); + me.data = packet_handler::payload_handler( + 10, + me.tcp_header.unwrap().data_offset, + packet.data, + ); + } + } + + v.push(QryData { + id: 0, + time: me.time, + data: me.data, + ether_header: me.ether_header, + ipv4_header: me.ipv4_header, + ipv6_header: me.ipv6_header, + tcp_header: me.tcp_header, + }); if &v.len() >= insert_max { break 'parse; @@ -128,4 +175,3 @@ pub fn parse_device (parse_device: &str, filter_str: &str, insert_max: &usize) - } v } - diff --git a/src/parser/packet_handler.rs b/src/parser/packet_handler.rs index d1d886f..54d55e4 100644 --- a/src/parser/packet_handler.rs +++ b/src/parser/packet_handler.rs @@ -1,64 +1,62 @@ -extern crate eui48; -extern crate byteorder; extern crate bitfield; +extern crate byteorder; +extern crate eui48; extern crate serde; -use byteorder::{ByteOrder, BigEndian, LittleEndian}; -use eui48::{MacAddress, Eui48}; +use bitfield::bitfield; +use byteorder::{BigEndian, ByteOrder, LittleEndian}; +use eui48::{Eui48, MacAddress}; +use serde::{Deserialize, Serialize}; use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; -use bitfield::{bitfield}; -use serde::{Serialize, Deserialize}; /* ethernet */ const ETH_ALEN: usize = 6; const ETH_TLEN: usize = 2; const ETHER_HDRLEN: usize = 14; - #[derive(Debug, Clone)] pub struct EtherHeader { -// pub ether_dhost: MacAddress, -// pub ether_shost: MacAddress, - pub ether_dhost: String, - pub ether_shost: String, - pub ether_type: i32, + // pub ether_dhost: MacAddress, + // pub ether_shost: MacAddress, + pub ether_dhost: String, + pub ether_shost: String, + pub ether_type: i32, } -pub fn ethernet_handler ( packet_data: &[u8] ) -> EtherHeader { +pub fn ethernet_handler(packet_data: &[u8]) -> EtherHeader { let mut _ether_dhost: [u8; ETH_ALEN] = [0; ETH_ALEN]; let mut _ether_shost: [u8; ETH_ALEN] = [0; ETH_ALEN]; - let mut _ether_type: u16 = 0; + let mut _ether_type: u16 = 0; _ether_dhost.clone_from_slice(&packet_data[0..ETH_ALEN]); - + //println!("{:?}", (&(_ether_dhost).to_owned())); - _ether_shost.clone_from_slice(&packet_data[ETH_ALEN..ETH_ALEN*2]); - _ether_type = LittleEndian::read_u16(&packet_data[ETH_ALEN*2..(ETH_ALEN*2)+ETH_TLEN]); - + _ether_shost.clone_from_slice(&packet_data[ETH_ALEN..ETH_ALEN * 2]); + _ether_type = LittleEndian::read_u16(&packet_data[ETH_ALEN * 2..(ETH_ALEN * 2) + ETH_TLEN]); + EtherHeader { ether_dhost: (MacAddress::new(_ether_dhost as Eui48).to_hex_string()), ether_shost: (MacAddress::new(_ether_shost as Eui48).to_hex_string()), - ether_type: _ether_type as i32, + ether_type: _ether_type as i32, } } /* ip */ -#[derive(Debug,Copy, Clone, Serialize, Deserialize)] +#[derive(Debug, Copy, Clone, Serialize, Deserialize)] pub struct IpV4Header { - pub ip_version: u32, - pub ip_ihl: u32, - pub ip_dscp: u32, - pub ip_ecn: u32, - pub ip_total_length: u32, - pub ip_identification: u32, - pub ip_df: u32, - pub ip_mf: u32, - pub ip_fragment_offset: u32, - pub ip_time_to_live: u32, - pub ip_protocol: u32, - pub ip_header_checksum: u32, - pub ip_source_address: IpAddr, - pub ip_destination_address: IpAddr, - + pub ip_version: u32, + pub ip_ihl: u32, + pub ip_dscp: u32, + pub ip_ecn: u32, + pub ip_total_length: u32, + pub ip_identification: u32, + pub ip_df: u32, + pub ip_mf: u32, + pub ip_fragment_offset: u32, + pub ip_time_to_live: u32, + pub ip_protocol: u32, + pub ip_header_checksum: u32, + pub ip_source_address: IpAddr, + pub ip_destination_address: IpAddr, } bitfield! { @@ -91,63 +89,61 @@ impl + AsMut<[u8]>> BitfieldIpV4Header { } } -pub fn ip_handler ( packet_data: &[u8] ) -> Option { +pub fn ip_handler(packet_data: &[u8]) -> Option { let (_head, tail) = packet_data.split_at(ETHER_HDRLEN); let (raw_hdr, _) = tail.split_at(20); let mut _tail: [u8; 20] = [0; 20]; _tail.copy_from_slice(raw_hdr); - + let ip_header = BitfieldIpV4Header(_tail); - + Some(IpV4Header { - ip_version: ip_header.get_version(), - ip_ihl: ip_header.get_ihl(), - ip_dscp: ip_header.get_dscp(), - ip_ecn: ip_header.get_ecn(), - ip_total_length: ip_header.get_total_length(), - ip_identification: ip_header.get_identification(), - ip_df: ip_header.get_df().into(), - ip_mf: ip_header.get_mf().into(), - ip_fragment_offset: ip_header.get_fragment_offset(), - ip_time_to_live: ip_header.get_time_to_live(), - ip_protocol: ip_header.get_protocol(), - ip_header_checksum: ip_header.get_header_checksum(), - ip_source_address: IpAddr::V4(ip_header.get_source_as_ip_addr()), - ip_destination_address: IpAddr::V4(ip_header.get_destination_address()), + ip_version: ip_header.get_version(), + ip_ihl: ip_header.get_ihl(), + ip_dscp: ip_header.get_dscp(), + ip_ecn: ip_header.get_ecn(), + ip_total_length: ip_header.get_total_length(), + ip_identification: ip_header.get_identification(), + ip_df: ip_header.get_df().into(), + ip_mf: ip_header.get_mf().into(), + ip_fragment_offset: ip_header.get_fragment_offset(), + ip_time_to_live: ip_header.get_time_to_live(), + ip_protocol: ip_header.get_protocol(), + ip_header_checksum: ip_header.get_header_checksum(), + ip_source_address: IpAddr::V4(ip_header.get_source_as_ip_addr()), + ip_destination_address: IpAddr::V4(ip_header.get_destination_address()), }) } /* ipv6 */ #[derive(Debug, Copy, Clone, Serialize, Deserialize)] pub struct IpV6Header { - pub version: u8, - pub traffic_class: u8, - pub flow_label: u32, - pub payload_length: u16, - pub next_header: u8, - pub hop_limit: u8, - pub source_address: IpAddr, - pub destination_address: IpAddr, + pub version: u8, + pub traffic_class: u8, + pub flow_label: u32, + pub payload_length: u16, + pub next_header: u8, + pub hop_limit: u8, + pub source_address: IpAddr, + pub destination_address: IpAddr, } -pub fn ipv6_handler ( packet_data: &[u8] ) -> Option { +pub fn ipv6_handler(packet_data: &[u8]) -> Option { let (_head, tail) = packet_data.split_at(ETHER_HDRLEN); let (raw_hdr, _) = tail.split_at(40); let mut _tail: [u8; 40] = [0; 40]; _tail.copy_from_slice(raw_hdr); //let mut rdr = Cursor::new(_tail); - - Some(IpV6Header { - version: (&raw_hdr[0] & 0xf0) >> 4, - traffic_class: ((&raw_hdr[0] & 0x0f) >> 4)| ((&raw_hdr[1] & 0xf0 <<4)) , - flow_label: BigEndian::read_u32( &[0x00 ,(&_tail[1] &0x0f) , _tail[2] , _tail[3]]), + version: (&raw_hdr[0] & 0xf0) >> 4, + traffic_class: ((&raw_hdr[0] & 0x0f) >> 4) | (&raw_hdr[1] & 0xf0 << 4), + flow_label: BigEndian::read_u32(&[0x00, (&_tail[1] & 0x0f), _tail[2], _tail[3]]), payload_length: BigEndian::read_u16(&[_tail[4], _tail[5]]), - next_header: _tail[6], - hop_limit: _tail[7], - source_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[8..24]))), // Results in correct addresses, but interval range is not default [incl..excl]. Watch out! - destination_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[24..40]))), // Must be byteorder crate !? + next_header: _tail[6], + hop_limit: _tail[7], + source_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[8..24]))), // Results in correct addresses, but interval range is not default [incl..excl]. Watch out! + destination_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[24..40]))), // Must be byteorder crate !? }) } @@ -183,7 +179,7 @@ pub fn ipv6_handler( packet_data: &[u8] ) -> IpV6Header { let mut _tail: [u8; 40] = [0; 40]; _tail.copy_from_slice(&raw_hdr); - let v6_header = BitfieldIpV6Header(_tail); + let v6_header = BitfieldIpV6Header(_tail); IpV6Header { version: v6_header.get_version(), @@ -195,32 +191,31 @@ pub fn ipv6_handler( packet_data: &[u8] ) -> IpV6Header { source_address: IpAddr::V6( v6_header.get_source_as_ip_addr() ), destination_address: IpAddr::V6( v6_header.get_destination_address() ), } -} -*/ - -/* tcp */ -#[derive(Debug,Copy,Clone, Serialize, Deserialize)] -pub struct TcpHeader { - pub source_port: u32, - pub destination_port: u32, - pub seq_num: u32, - pub ack_num: u32, - pub data_offset: u32, - pub reserved: u32, - pub ns: u32, - pub cwr: u32, - pub ece: u32, - pub urg: u32, - pub ack: u32, - pub psh: u32, - pub rst: u32, - pub syn: u32, - pub fin: u32, - pub window_size: u32, - pub checksum: u32, - pub urgent_pointer: u32, } +*/ +/* tcp */ +#[derive(Debug, Copy, Clone, Serialize, Deserialize)] +pub struct TcpHeader { + pub source_port: u32, + pub destination_port: u32, + pub seq_num: u32, + pub ack_num: u32, + pub data_offset: u32, + pub reserved: u32, + pub ns: u32, + pub cwr: u32, + pub ece: u32, + pub urg: u32, + pub ack: u32, + pub psh: u32, + pub rst: u32, + pub syn: u32, + pub fin: u32, + pub window_size: u32, + pub checksum: u32, + pub urgent_pointer: u32, +} bitfield! { struct BitfieldTcpHeader ( MSB0 [u8] ); @@ -245,54 +240,52 @@ bitfield! { get_urgent_pointer, _: 159,144; } -pub fn tcp_handler ( ip_hlen: u32, packet_data: &[u8] ) -> Option { - let (_head, tail) = packet_data.split_at(ETHER_HDRLEN+ip_hlen as usize * 4); +pub fn tcp_handler(ip_hlen: u32, packet_data: &[u8]) -> Option { + let (_head, tail) = packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4); let (raw_hdr, _) = tail.split_at(20); let mut _tail: [u8; 20] = [0; 20]; _tail.copy_from_slice(raw_hdr); let tcp_header = BitfieldTcpHeader(_tail); - + Some(TcpHeader { - source_port: tcp_header.get_source_port(), - destination_port: tcp_header.get_destination_port(), - seq_num: tcp_header.get_seq_num(), - ack_num: tcp_header.get_ack_num(), - data_offset: tcp_header.get_data_offset(), - reserved: tcp_header.get_reserved(), - ns: tcp_header.get_ns().into(), - cwr: tcp_header.get_cwr().into(), - ece: tcp_header.get_ece().into(), - urg: tcp_header.get_urg().into(), - ack: tcp_header.get_ack().into(), - psh: tcp_header.get_psh().into(), - rst: tcp_header.get_rst().into(), - syn: tcp_header.get_syn().into(), - fin: tcp_header.get_fin().into(), - window_size: tcp_header.get_window_size(), - checksum: tcp_header.get_checksum(), - urgent_pointer: tcp_header.get_urgent_pointer(), + source_port: tcp_header.get_source_port(), + destination_port: tcp_header.get_destination_port(), + seq_num: tcp_header.get_seq_num(), + ack_num: tcp_header.get_ack_num(), + data_offset: tcp_header.get_data_offset(), + reserved: tcp_header.get_reserved(), + ns: tcp_header.get_ns().into(), + cwr: tcp_header.get_cwr().into(), + ece: tcp_header.get_ece().into(), + urg: tcp_header.get_urg().into(), + ack: tcp_header.get_ack().into(), + psh: tcp_header.get_psh().into(), + rst: tcp_header.get_rst().into(), + syn: tcp_header.get_syn().into(), + fin: tcp_header.get_fin().into(), + window_size: tcp_header.get_window_size(), + checksum: tcp_header.get_checksum(), + urgent_pointer: tcp_header.get_urgent_pointer(), }) - - } /* arp */ #[derive(Debug, Clone, Serialize, Deserialize)] pub struct ArpHeader { - pub htype: u32, - pub ptype: u32, - pub hlen: u32, - pub plen: u32, - pub oper: u32, - pub sha: String, - pub spa: IpAddr, - pub tha: String, - pub tpa: IpAddr, + pub htype: u32, + pub ptype: u32, + pub hlen: u32, + pub plen: u32, + pub oper: u32, + pub sha: String, + pub spa: IpAddr, + pub tha: String, + pub tpa: IpAddr, } - // u8, get_source_address, _: 103, 96, 4; - // u32, into Ipv4Addr, get_destination_address, _: 159, 128; +// u8, get_source_address, _: 103, 96, 4; +// u32, into Ipv4Addr, get_destination_address, _: 159, 128; -bitfield!{ +bitfield! { struct BitfieldArpHeader ( MSB0 [u8] ); impl Debug; u32; @@ -302,13 +295,13 @@ bitfield!{ get_plen, _: 5; get_oper, _: 6, 7; get_sha, _: 8,13; - get_tha, _: 18, 23; + get_tha, _: 18, 23; u8, get_spa, _: 17, 14, 4; u32, into Ipv4Addr, get_tpa, _: 28, 24; -} +} impl + AsMut<[u8]>> BitfieldArpHeader { - fn get_spa_as_ip_addr(&self) -> Ipv4Addr{ + fn get_spa_as_ip_addr(&self) -> Ipv4Addr { let mut src = [0; 4]; for (i, src) in src.iter_mut().enumerate() { *src = self.get_spa(i); @@ -317,57 +310,58 @@ impl + AsMut<[u8]>> BitfieldArpHeader { } } -pub fn arp_handler ( packet_data: &[u8] ) -> Option { +pub fn arp_handler(packet_data: &[u8]) -> Option { let (_head, tail) = packet_data.split_at(ETHER_HDRLEN); let (raw_hdr, _) = tail.split_at(28); let mut _tail: [u8; 28] = [0; 28]; _tail.copy_from_slice(raw_hdr); - let arp_header = BitfieldArpHeader(_tail); - let _sha: [u8;6] = [0;6]; let _tha: [u8;6] = [0;6]; + let arp_header = BitfieldArpHeader(_tail); + let _sha: [u8; 6] = [0; 6]; + let _tha: [u8; 6] = [0; 6]; _tail[8..13].copy_from_slice(&_sha); _tail[18..23].copy_from_slice(&_tha); - - Some(ArpHeader{ - htype: arp_header.get_htype(), - ptype: arp_header.get_ptype(), - hlen: arp_header.get_hlen().into(), - plen: arp_header.get_plen().into(), - oper: arp_header.get_oper(), - sha: MacAddress::new(_sha as Eui48).to_hex_string(), + Some(ArpHeader { + htype: arp_header.get_htype(), + ptype: arp_header.get_ptype(), + hlen: arp_header.get_hlen().into(), + plen: arp_header.get_plen().into(), + oper: arp_header.get_oper(), + sha: MacAddress::new(_sha as Eui48).to_hex_string(), //MacAddress::new(arp_header.get_sha() as Eui48).to_hex_string(), - spa: IpAddr::V4(arp_header.get_spa_as_ip_addr()), - tha: MacAddress::new(_tha as Eui48).to_hex_string(), - tpa: IpAddr::V4(arp_header.get_tpa()), + spa: IpAddr::V4(arp_header.get_spa_as_ip_addr()), + tha: MacAddress::new(_tha as Eui48).to_hex_string(), + tpa: IpAddr::V4(arp_header.get_tpa()), }) } - + /* udp */ #[derive(Debug, Copy, Clone, Serialize, Deserialize)] pub struct UdpHeader { - pub source_port: u16, - pub destination_port: u16, - pub length: u16, - pub checksum: u16, + pub source_port: u16, + pub destination_port: u16, + pub length: u16, + pub checksum: u16, } -pub fn udp_handler ( ip_hlen: u32, packet_data: &[u8] ) -> Option { - let (_head, tail) = packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4 ); +pub fn udp_handler(ip_hlen: u32, packet_data: &[u8]) -> Option { + let (_head, tail) = packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4); let (raw_hdr, _) = tail.split_at(8); - let mut _tail: [u8; 8] = [0;8]; + let mut _tail: [u8; 8] = [0; 8]; _tail.copy_from_slice(raw_hdr); - Some(UdpHeader{ - source_port: BigEndian::read_u16(&_tail[0..2]), - destination_port: BigEndian::read_u16(&_tail[2..4]), - length: BigEndian::read_u16(&_tail[4..6]), - checksum: BigEndian::read_u16(&_tail[6..8]), + Some(UdpHeader { + source_port: BigEndian::read_u16(&_tail[0..2]), + destination_port: BigEndian::read_u16(&_tail[2..4]), + length: BigEndian::read_u16(&_tail[4..6]), + checksum: BigEndian::read_u16(&_tail[6..8]), }) } - + /* payload */ -pub fn payload_handler ( ip_hlen: u32, data_offset: u32, packet_data : &[u8] ) -> Option> { - let (_head, tail)= packet_data.split_at(ETHER_HDRLEN+ip_hlen as usize * 4+data_offset as usize * 4); - Some(tail.to_vec()) +pub fn payload_handler(ip_hlen: u32, data_offset: u32, packet_data: &[u8]) -> Option> { + let (_head, tail) = + packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4 + data_offset as usize * 4); + Some(tail.to_vec()) } diff --git a/src/parser/reg_parser.rs b/src/parser/reg_parser.rs new file mode 100644 index 0000000..62b5632 --- /dev/null +++ b/src/parser/reg_parser.rs @@ -0,0 +1,22 @@ +//extern crate rayon; +//extern crate regex; +//use regex::Regex; +// +//struct Regex { +// string: &'static str, +// regex: ::regex::bytes::Regex, +//} +// +//impl Regex { +// fn new (string: &'static str) ->Regex { +// Regex{ +// string: string, +// regex: ::regex::bytes::Regex::new(string).unwrap(), +// } +// } +// +//} +// +// +// +//pub fn parse_regex ( reg_str: &str,