stefan
/
tpcpr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

implemented regex parser to stdout

This commit is contained in:
gurkenhabicht 2020-05-21 00:54:56 +02:00
parent 2f3d08b21d
commit 8e553bee9e
4 changed files with 430 additions and 335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
src/main.rs
View File

@ -1,13 +1,13 @@
extern crate tokio_postgres;
extern crate serde_json; extern crate serde_json;
extern crate tokio; extern crate tokio;
extern crate tokio_postgres;
use rayon::prelude::*; use rayon::prelude::*;
use serde::ser::{Serialize, Serializer, SerializeStruct}; use serde::ser::{Serialize, SerializeStruct, Serializer};
use std::fs::File;
use serde_json::json; use serde_json::json;
use std::fs::File;
mod parser; mod parser;
use tokio_postgres::types::ToSql; use tokio_postgres::types::ToSql;
use tokio_postgres::{NoTls, Error}; use tokio_postgres::{Error, NoTls};
impl Serialize for parser::QryData { impl Serialize for parser::QryData {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
@ -16,7 +16,7 @@ impl Serialize for parser::QryData {
{ {
// 34 (42) is the number of fields in the struct. // 34 (42) is the number of fields in the struct.
let mut state = serializer.serialize_struct("parser::QryData", 34)?; let mut state = serializer.serialize_struct("parser::QryData", 34)?;
state.serialize_field("time", &self.time)?; state.serialize_field("time", &self.time)?;
state.serialize_field("ether_header.ether_dhost", &self.ether_header.ether_dhost)?; state.serialize_field("ether_header.ether_dhost", &self.ether_header.ether_dhost)?;
state.serialize_field("ether_header.ether_shost", &self.ether_header.ether_shost)?; state.serialize_field("ether_header.ether_shost", &self.ether_header.ether_shost)?;
state.serialize_field("ether_header.ether_type", &self.ether_header.ether_type)?; state.serialize_field("ether_header.ether_type", &self.ether_header.ether_type)?;
@ -28,49 +28,60 @@ impl Serialize for parser::QryData {
} }
} }
fn serialize_packets ( v: Vec<parser::QryData> ) -> Vec<serde_json::Value> { fn serialize_packets(v: Vec<parser::QryData>) -> Vec<serde_json::Value> {
// let mut packets_serialized: Vec<_> = Vec::new(); // let mut packets_serialized: Vec<_> = Vec::new();
// for packet in v.iter() {
// // packets_serialized.push(json!(&packet));
// }
// for packet in v.iter() {
// // packets_serialized.push(json!(&packet));
// }
/* rayon parallelized */ /* rayon parallelized */
let packets_serialized = v.par_iter().map( |x| json!(x) ).collect(); let packets_serialized = v.par_iter().map(|x| json!(x)).collect();
packets_serialized packets_serialized
} }
fn query_string ( insert_max: &usize ) -> String { fn query_string(insert_max: &usize) -> String {
let mut insert_template: String = "INSERT INTO json_dump (packet) Values ".to_owned(); let mut insert_template: String = "INSERT INTO json_dump (packet) Values ".to_owned();
for insert in 0..insert_max-1 { insert_template.push_str( &(format!("(${}), ", insert+1)) );} for insert in 0..insert_max - 1 {
insert_template.push_str( &(format!("(${})", insert_max)) ); insert_template.push_str(&(format!("(${}), ", insert + 1)));
}
insert_template.push_str(&(format!("(${})", insert_max)));
insert_template insert_template
} }
#[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime. #[tokio::main(core_threads = 4)] // By default, tokio_postgres uses the tokio crate as its runtime.
async fn main() -> Result<(), Error> { async fn main() -> Result<(), Error> {
/* Init values from file */ /* Init values from file */
let file = File::open("parser.json").expect("file should open read only"); let file = File::open("parser.json").expect("file should open read only");
let json: serde_json::Value = serde_json::from_reader(file).unwrap(); let json: serde_json::Value = serde_json::from_reader(file).unwrap();
let filter = json.get("filter").unwrap().as_str().unwrap(); let filter = json.get("filter").unwrap().as_str().unwrap();
let insert_max = json.get("insert_max").unwrap().as_u64().unwrap() as usize; let insert_max = json.get("insert_max").unwrap().as_u64().unwrap() as usize;
let pcap_file = json.get("pcap_file").unwrap().as_str().unwrap(); let pcap_file = json.get("pcap_file").unwrap().as_str().unwrap();
let host = ["host=", json.get("database_host").unwrap().as_str().unwrap()].join(""); let host = [
let user = ["user=", json.get("database_user").unwrap().as_str().unwrap()].join(""); "host=",
let password = ["password=", json.get("database_password").unwrap().as_str().unwrap()].join(""); json.get("database_host").unwrap().as_str().unwrap(),
let connection = [host, user, password].join(" "); ]
.join("");
let user = [
"user=",
json.get("database_user").unwrap().as_str().unwrap(),
]
.join("");
let password = [
"password=",
json.get("database_password").unwrap().as_str().unwrap(),
]
.join("");
let connection = [host, user, password].join(" ");
let device = json.get("parse_device").unwrap().as_str().unwrap(); let device = json.get("parse_device").unwrap().as_str().unwrap();
let is_device = json.get("from_device").unwrap().as_bool().unwrap(); let is_device = json.get("from_device").unwrap().as_bool().unwrap();
/* db connection */ /* db connection */
let (client, connection) = let (client, connection) = tokio_postgres::connect(&connection, NoTls).await?;
tokio_postgres::connect(&connection, NoTls).await?;
tokio::spawn(async move { tokio::spawn(async move {
if let Err(e) = connection.await { if let Err(e) = connection.await {
@ -78,72 +89,91 @@ async fn main() -> Result<(), Error> {
} }
}); });
client.execute("DROP TABLE IF EXISTS json_dump", &[]).await?; client
client.execute("CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, packet json NOT NULL)", &[]).await?; .execute("DROP TABLE IF EXISTS json_dump", &[])
.await?;
client
.execute(
"CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, packet json NOT NULL)",
&[],
)
.await?;
/* device or file input */ /* device or file input */
if false == is_device { if false == is_device {
let v: Vec<parser::QryData> = parser::parse(&pcap_file, &filter);
let v: Vec<parser::QryData> = parser::parse(&pcap_file, &filter ); let packets_serialized = serialize_packets(v);
let packets_serialized = serialize_packets( v );
/* Query */ /* Query */
//let insert_max = 60; //let insert_max = 60;
let chunk_count = packets_serialized.len()/insert_max; let chunk_count = packets_serialized.len() / insert_max;
let remainder: usize = packets_serialized.len() % insert_max; let remainder: usize = packets_serialized.len() % insert_max;
let chunker = &packets_serialized.len() < &insert_max; let chunker = &packets_serialized.len() < &insert_max;
match chunker { match chunker {
true => { true => {
let insert_str = query_string( &packets_serialized.len() ); let insert_str = query_string(&packets_serialized.len());
let statement_false = client.prepare( &insert_str ).await?; let statement_false = client.prepare(&insert_str).await?;
client.query_raw(&statement_false, packets_serialized.iter().map(|p| p as &dyn ToSql)).await?; client
}, .query_raw(
&statement_false,
packets_serialized.iter().map(|p| p as &dyn ToSql),
)
.await?;
}
false => { false => {
let insert_str = query_string(&insert_max);
let insert_str = query_string( &insert_max ); let statement = client.prepare(&insert_str).await?;
let statement = client.prepare( &insert_str ).await?;
for _i in 0..chunk_count {
let (_input, _)= packets_serialized.split_at(insert_max);
client.query_raw(&statement, _input.to_vec().iter().map(|p| p as &dyn ToSql)).await?;
}
println!("Packets, total:{:?}",packets_serialized.len());
println!("Chunks, total:{}", chunk_count);
println!("Chunks, remainder{}", remainder);
if remainder > 0 {
let rem_str = query_string( &remainder );
let statement_remainder = client.prepare(&rem_str).await?;
let (_garbage, _input) =packets_serialized.split_at(packets_serialized.len()-remainder);
client.query_raw(&statement_remainder, _input.to_vec().iter().map(|p| p as &dyn ToSql),).await?;
}
} for _i in 0..chunk_count {
} let (_input, _) = packets_serialized.split_at(insert_max);
client
.query_raw(&statement, _input.to_vec().iter().map(|p| p as &dyn ToSql))
.await?;
}
println!("Packets, total:{:?}", packets_serialized.len());
println!("Chunks, total:{}", chunk_count);
println!("Chunks, remainder{}", remainder);
if remainder > 0 {
let rem_str = query_string(&remainder);
let statement_remainder = client.prepare(&rem_str).await?;
let (_garbage, _input) =
packets_serialized.split_at(packets_serialized.len() - remainder);
client
.query_raw(
&statement_remainder,
_input.to_vec().iter().map(|p| p as &dyn ToSql),
)
.await?;
}
}
}
} else { } else {
let insert_str = query_string(&insert_max); let insert_str = query_string(&insert_max);
let statement = client.prepare(&insert_str).await?; let statement = client.prepare(&insert_str).await?;
loop { loop {
let v: Vec<parser::QryData> = parser::parse_device(&device, &filter, &insert_max); let v: Vec<parser::QryData> = parser::parse_device(&device, &filter, &insert_max);
let packets_serialized = serialize_packets( v ); let packets_serialized = serialize_packets(v);
client.query_raw(&statement, packets_serialized.iter().map(|p| p as &dyn ToSql),).await?; client
} .query_raw(
&statement,
packets_serialized.iter().map(|p| p as &dyn ToSql),
)
.await?;
}
} }
Ok(()) Ok(())
} }
#[test] #[test]
fn test_insert_json () { fn test_insert_json() {
use serde_json::json; use serde_json::json;
let mut client = Client::connect("host=localhost user=postgres password=password", NoTls).unwrap(); let mut client =
let john = json!({ Client::connect("host=localhost user=postgres password=password", NoTls).unwrap();
let john = json!({
"name": "John Doe", "name": "John Doe",
"age": 43, "age": 43,
"phones": [ "phones": [
@ -153,9 +183,12 @@ use serde_json::json;
"empty": [] "empty": []
}); });
client.execute("DROP TABLE IF EXISTS json_dump", &[]).unwrap(); client
client.execute("CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, data json NOT NULL)", &[]); .execute("DROP TABLE IF EXISTS json_dump", &[])
.unwrap();
client.execute(
"CREATE TABLE json_dump ( ID serial NOT NULL PRIMARY KEY, data json NOT NULL)",
&[],
);
client.query("INSERT INTO json_dump ( data ) VALUES ($1)", &[&john]); client.query("INSERT INTO json_dump ( data ) VALUES ($1)", &[&john]);
} }

226
src/parser.rs
View File

@ -1,87 +1,51 @@
extern crate byteorder;
extern crate bitfield; extern crate bitfield;
extern crate byteorder;
extern crate eui48; extern crate eui48;
mod packet_handler; mod packet_handler;
use pcap::Capture;
use eui48::MacAddress; use eui48::MacAddress;
use pcap::Capture;
//use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; //use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use std::str; use std::str;
use regex::bytes::Regex;
use regex::bytes::Match;
/* protocol ids, LittleEndian */
const ETH_P_IPV6: usize = 0xDD86;
const ETH_P_IP: usize = 0x08;
const TCP: usize = 0x06;
/* protocol ids, LittleEndian */ fn build_ether() -> packet_handler::EtherHeader {
const ETH_P_IPV6: usize = 0xDD86;
const ETH_P_IP: usize = 0x08;
const TCP: usize = 0x06;
fn build_ether () -> packet_handler::EtherHeader {
packet_handler::EtherHeader { packet_handler::EtherHeader {
ether_dhost: (MacAddress::new([0;6])).to_hex_string(), ether_dhost: (MacAddress::new([0; 6])).to_hex_string(),
ether_shost: (MacAddress::new([0;6])).to_hex_string(), ether_shost: (MacAddress::new([0; 6])).to_hex_string(),
ether_type: 0, ether_type: 0,
} }
} }
// TODO: wrap packet_handler types inside Option<T> // TODO: wrap packet_handler types inside Option<T>
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct QryData{ pub struct QryData {
pub id: i32, pub id: i32,
pub time: f64, pub time: f64,
pub data: Option<Vec<u8>>, pub data: Option<Vec<u8>>,
pub ether_header: packet_handler::EtherHeader, pub ether_header: packet_handler::EtherHeader,
pub ipv4_header: Option<packet_handler::IpV4Header>, pub ipv4_header: Option<packet_handler::IpV4Header>,
pub ipv6_header: Option<packet_handler::IpV6Header>, pub ipv6_header: Option<packet_handler::IpV6Header>,
pub tcp_header: Option<packet_handler::TcpHeader>, pub tcp_header: Option<packet_handler::TcpHeader>,
} }
pub fn parse (parse_file: &str, filter_str: &str) -> Vec<QryData> { fn flag_carnage( re: &Regex, payload: &[u8]) -> Option<String> {
let ether_init = build_ether(); //let _payload: [u8] = payload.copy_from_slice(&payload);
for mat in re.find_iter(payload){
let mut me = QryData { //println!("{:?}", mat.as_bytes().to_owned().as_string());
id: 0, println!("{:?}", std::str::from_utf8(mat.as_bytes()));
time: 0.0,
data: None,
ether_header: ether_init,
ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>,
};
let mut v: Vec<QryData> = Vec::new();
let mut cap = Capture::from_file(parse_file).unwrap();
Capture::filter(&mut cap, &filter_str).unwrap();
while let Ok(packet) = cap.next() {
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
me.data = Some(packet.data.to_vec());
me.ether_header = packet_handler::ethernet_handler( packet.data );
if ETH_P_IP == me.ether_header.ether_type as usize {
me.ipv6_header = None::<packet_handler::IpV6Header>;
me.ipv4_header = Some(packet_handler::ip_handler( packet.data )).unwrap();
if TCP == me.ipv4_header.unwrap().ip_protocol as usize {
me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data )).unwrap();
me.data= packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, me.tcp_header.unwrap().data_offset, packet.data);
}
} }
if ETH_P_IPV6 == me.ether_header.ether_type as usize {
me.ipv4_header = None::<packet_handler::IpV4Header>;
me.ipv6_header = Some(packet_handler::ipv6_handler( packet.data )).unwrap();
if TCP == me.ipv6_header.unwrap().next_header as usize{
me.tcp_header = Some(packet_handler::tcp_handler( 10, packet.data )).unwrap();
me.data = packet_handler::payload_handler( 10, me.tcp_header.unwrap().data_offset, packet.data);
}
}
v.push(QryData{id:0, time:me.time, data: me.data, ether_header:me.ether_header, ipv4_header: me.ipv4_header, ipv6_header: me.ipv6_header, tcp_header: me.tcp_header});
}
v
}
pub fn parse_device (parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec<QryData> { Some("test".to_owned())
}
pub fn parse(parse_file: &str, filter_str: &str) -> Vec<QryData> {
let ether_init = build_ether(); let ether_init = build_ether();
let mut me = QryData { let mut me = QryData {
@ -91,36 +55,119 @@ pub fn parse_device (parse_device: &str, filter_str: &str, insert_max: &usize) -
ether_header: ether_init, ether_header: ether_init,
ipv4_header: None::<packet_handler::IpV4Header>, ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>, ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>, tcp_header: None::<packet_handler::TcpHeader>,
};
let mut v: Vec<QryData> = Vec::new();
let mut cap = Capture::from_file(parse_file).unwrap();
Capture::filter(&mut cap, &filter_str).unwrap();
let re = Regex::new(r"(?:http|https):[[::punct::]]?").unwrap();
while let Ok(packet) = cap.next() {
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
me.data = Some(packet.data.to_vec());
flag_carnage( &re, packet.data);
me.ether_header = packet_handler::ethernet_handler(packet.data);
if ETH_P_IP == me.ether_header.ether_type as usize {
me.ipv6_header = None::<packet_handler::IpV6Header>;
me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap();
if TCP == me.ipv4_header.unwrap().ip_protocol as usize {
me.tcp_header = Some(packet_handler::tcp_handler(
me.ipv4_header.unwrap().ip_ihl,
packet.data,
))
.unwrap();
me.data = packet_handler::payload_handler(
me.ipv4_header.unwrap().ip_ihl,
me.tcp_header.unwrap().data_offset,
packet.data,
);
}
}
if ETH_P_IPV6 == me.ether_header.ether_type as usize {
me.ipv4_header = None::<packet_handler::IpV4Header>;
me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap();
if TCP == me.ipv6_header.unwrap().next_header as usize {
me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap();
me.data = packet_handler::payload_handler(
10,
me.tcp_header.unwrap().data_offset,
packet.data,
);
}
}
v.push(QryData {
id: 0,
time: me.time,
data: me.data,
ether_header: me.ether_header,
ipv4_header: me.ipv4_header,
ipv6_header: me.ipv6_header,
tcp_header: me.tcp_header,
});
}
v
}
pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize) -> Vec<QryData> {
let ether_init = build_ether();
let mut me = QryData {
id: 0,
time: 0.0,
data: None,
ether_header: ether_init,
ipv4_header: None::<packet_handler::IpV4Header>,
ipv6_header: None::<packet_handler::IpV6Header>,
tcp_header: None::<packet_handler::TcpHeader>,
}; };
let mut v: Vec<QryData> = Vec::new(); let mut v: Vec<QryData> = Vec::new();
let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap();
Capture::filter(&mut cap, &filter_str).unwrap(); Capture::filter(&mut cap, &filter_str).unwrap();
'parse: while let Ok(packet) = cap.next(){
me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
me.data = Some(packet.data.to_vec());
me.ether_header = packet_handler::ethernet_handler( packet.data );
if ETH_P_IP == me.ether_header.ether_type as usize {
me.ipv6_header = None::<packet_handler::IpV6Header>;
me.ipv4_header = Some(packet_handler::ip_handler( packet.data )).unwrap();
if TCP == me.ipv4_header.unwrap().ip_protocol as usize{
me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data )).unwrap();
me.data= packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, me.tcp_header.unwrap().data_offset, packet.data);
}
} let re = Regex::new(r"(?:http|https):[[::punct::]]").unwrap();
if ETH_P_IPV6 == me.ether_header.ether_type as usize { 'parse: while let Ok(packet) = cap.next() {
me.ipv4_header = None::<packet_handler::IpV4Header>; me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64;
me.ipv6_header = Some(packet_handler::ipv6_handler( packet.data)).unwrap(); me.data = Some(packet.data.to_vec());
if TCP == me.ipv6_header.unwrap().next_header as usize { me.ether_header = packet_handler::ethernet_handler(packet.data);
me.tcp_header = Some(packet_handler::tcp_handler( 10, packet.data )).unwrap(); if ETH_P_IP == me.ether_header.ether_type as usize {
me.data = packet_handler::payload_handler( 10, me.tcp_header.unwrap().data_offset, packet.data); me.ipv6_header = None::<packet_handler::IpV6Header>;
me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap();
if TCP == me.ipv4_header.unwrap().ip_protocol as usize {
me.tcp_header = Some(packet_handler::tcp_handler(
me.ipv4_header.unwrap().ip_ihl,
packet.data,
))
.unwrap();
me.data = packet_handler::payload_handler(
me.ipv4_header.unwrap().ip_ihl,
me.tcp_header.unwrap().data_offset,
packet.data,
);
} }
} }
if ETH_P_IPV6 == me.ether_header.ether_type as usize {
v.push(QryData{id:0, time:me.time, data: me.data, ether_header:me.ether_header, ipv4_header: me.ipv4_header, ipv6_header: me.ipv6_header, tcp_header: me.tcp_header}); me.ipv4_header = None::<packet_handler::IpV4Header>;
me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap();
if TCP == me.ipv6_header.unwrap().next_header as usize {
me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap();
me.data = packet_handler::payload_handler(
10,
me.tcp_header.unwrap().data_offset,
packet.data,
);
}
}
v.push(QryData {
id: 0,
time: me.time,
data: me.data,
ether_header: me.ether_header,
ipv4_header: me.ipv4_header,
ipv6_header: me.ipv6_header,
tcp_header: me.tcp_header,
});
if &v.len() >= insert_max { if &v.len() >= insert_max {
break 'parse; break 'parse;
@ -128,4 +175,3 @@ pub fn parse_device (parse_device: &str, filter_str: &str, insert_max: &usize) -
} }
v v
} }

322
src/parser/packet_handler.rs
View File

@ -1,64 +1,62 @@
extern crate eui48;
extern crate byteorder;
extern crate bitfield; extern crate bitfield;
extern crate byteorder;
extern crate eui48;
extern crate serde; extern crate serde;
use byteorder::{ByteOrder, BigEndian, LittleEndian}; use bitfield::bitfield;
use eui48::{MacAddress, Eui48}; use byteorder::{BigEndian, ByteOrder, LittleEndian};
use eui48::{Eui48, MacAddress};
use serde::{Deserialize, Serialize};
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr}; use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use bitfield::{bitfield};
use serde::{Serialize, Deserialize};
/* ethernet */ /* ethernet */
const ETH_ALEN: usize = 6; const ETH_ALEN: usize = 6;
const ETH_TLEN: usize = 2; const ETH_TLEN: usize = 2;
const ETHER_HDRLEN: usize = 14; const ETHER_HDRLEN: usize = 14;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct EtherHeader { pub struct EtherHeader {
// pub ether_dhost: MacAddress, // pub ether_dhost: MacAddress,
// pub ether_shost: MacAddress, // pub ether_shost: MacAddress,
pub ether_dhost: String, pub ether_dhost: String,
pub ether_shost: String, pub ether_shost: String,
pub ether_type: i32, pub ether_type: i32,
} }
pub fn ethernet_handler ( packet_data: &[u8] ) -> EtherHeader { pub fn ethernet_handler(packet_data: &[u8]) -> EtherHeader {
let mut _ether_dhost: [u8; ETH_ALEN] = [0; ETH_ALEN]; let mut _ether_dhost: [u8; ETH_ALEN] = [0; ETH_ALEN];
let mut _ether_shost: [u8; ETH_ALEN] = [0; ETH_ALEN]; let mut _ether_shost: [u8; ETH_ALEN] = [0; ETH_ALEN];
let mut _ether_type: u16 = 0; let mut _ether_type: u16 = 0;
_ether_dhost.clone_from_slice(&packet_data[0..ETH_ALEN]); _ether_dhost.clone_from_slice(&packet_data[0..ETH_ALEN]);
//println!("{:?}", (&(_ether_dhost).to_owned())); //println!("{:?}", (&(_ether_dhost).to_owned()));
_ether_shost.clone_from_slice(&packet_data[ETH_ALEN..ETH_ALEN*2]); _ether_shost.clone_from_slice(&packet_data[ETH_ALEN..ETH_ALEN * 2]);
_ether_type = LittleEndian::read_u16(&packet_data[ETH_ALEN*2..(ETH_ALEN*2)+ETH_TLEN]); _ether_type = LittleEndian::read_u16(&packet_data[ETH_ALEN * 2..(ETH_ALEN * 2) + ETH_TLEN]);
EtherHeader { EtherHeader {
ether_dhost: (MacAddress::new(_ether_dhost as Eui48).to_hex_string()), ether_dhost: (MacAddress::new(_ether_dhost as Eui48).to_hex_string()),
ether_shost: (MacAddress::new(_ether_shost as Eui48).to_hex_string()), ether_shost: (MacAddress::new(_ether_shost as Eui48).to_hex_string()),
ether_type: _ether_type as i32, ether_type: _ether_type as i32,
} }
} }
/* ip */ /* ip */
#[derive(Debug,Copy, Clone, Serialize, Deserialize)] #[derive(Debug, Copy, Clone, Serialize, Deserialize)]
pub struct IpV4Header { pub struct IpV4Header {
pub ip_version: u32, pub ip_version: u32,
pub ip_ihl: u32, pub ip_ihl: u32,
pub ip_dscp: u32, pub ip_dscp: u32,
pub ip_ecn: u32, pub ip_ecn: u32,
pub ip_total_length: u32, pub ip_total_length: u32,
pub ip_identification: u32, pub ip_identification: u32,
pub ip_df: u32, pub ip_df: u32,
pub ip_mf: u32, pub ip_mf: u32,
pub ip_fragment_offset: u32, pub ip_fragment_offset: u32,
pub ip_time_to_live: u32, pub ip_time_to_live: u32,
pub ip_protocol: u32, pub ip_protocol: u32,
pub ip_header_checksum: u32, pub ip_header_checksum: u32,
pub ip_source_address: IpAddr, pub ip_source_address: IpAddr,
pub ip_destination_address: IpAddr, pub ip_destination_address: IpAddr,
} }
bitfield! { bitfield! {
@ -91,63 +89,61 @@ impl<T: AsRef<[u8]> + AsMut<[u8]>> BitfieldIpV4Header<T> {
} }
} }
pub fn ip_handler ( packet_data: &[u8] ) -> Option<IpV4Header> { pub fn ip_handler(packet_data: &[u8]) -> Option<IpV4Header> {
let (_head, tail) = packet_data.split_at(ETHER_HDRLEN); let (_head, tail) = packet_data.split_at(ETHER_HDRLEN);
let (raw_hdr, _) = tail.split_at(20); let (raw_hdr, _) = tail.split_at(20);
let mut _tail: [u8; 20] = [0; 20]; let mut _tail: [u8; 20] = [0; 20];
_tail.copy_from_slice(raw_hdr); _tail.copy_from_slice(raw_hdr);
let ip_header = BitfieldIpV4Header(_tail); let ip_header = BitfieldIpV4Header(_tail);
Some(IpV4Header { Some(IpV4Header {
ip_version: ip_header.get_version(), ip_version: ip_header.get_version(),
ip_ihl: ip_header.get_ihl(), ip_ihl: ip_header.get_ihl(),
ip_dscp: ip_header.get_dscp(), ip_dscp: ip_header.get_dscp(),
ip_ecn: ip_header.get_ecn(), ip_ecn: ip_header.get_ecn(),
ip_total_length: ip_header.get_total_length(), ip_total_length: ip_header.get_total_length(),
ip_identification: ip_header.get_identification(), ip_identification: ip_header.get_identification(),
ip_df: ip_header.get_df().into(), ip_df: ip_header.get_df().into(),
ip_mf: ip_header.get_mf().into(), ip_mf: ip_header.get_mf().into(),
ip_fragment_offset: ip_header.get_fragment_offset(), ip_fragment_offset: ip_header.get_fragment_offset(),
ip_time_to_live: ip_header.get_time_to_live(), ip_time_to_live: ip_header.get_time_to_live(),
ip_protocol: ip_header.get_protocol(), ip_protocol: ip_header.get_protocol(),
ip_header_checksum: ip_header.get_header_checksum(), ip_header_checksum: ip_header.get_header_checksum(),
ip_source_address: IpAddr::V4(ip_header.get_source_as_ip_addr()), ip_source_address: IpAddr::V4(ip_header.get_source_as_ip_addr()),
ip_destination_address: IpAddr::V4(ip_header.get_destination_address()), ip_destination_address: IpAddr::V4(ip_header.get_destination_address()),
}) })
} }
/* ipv6 */ /* ipv6 */
#[derive(Debug, Copy, Clone, Serialize, Deserialize)] #[derive(Debug, Copy, Clone, Serialize, Deserialize)]
pub struct IpV6Header { pub struct IpV6Header {
pub version: u8, pub version: u8,
pub traffic_class: u8, pub traffic_class: u8,
pub flow_label: u32, pub flow_label: u32,
pub payload_length: u16, pub payload_length: u16,
pub next_header: u8, pub next_header: u8,
pub hop_limit: u8, pub hop_limit: u8,
pub source_address: IpAddr, pub source_address: IpAddr,
pub destination_address: IpAddr, pub destination_address: IpAddr,
} }
pub fn ipv6_handler ( packet_data: &[u8] ) -> Option<IpV6Header> { pub fn ipv6_handler(packet_data: &[u8]) -> Option<IpV6Header> {
let (_head, tail) = packet_data.split_at(ETHER_HDRLEN); let (_head, tail) = packet_data.split_at(ETHER_HDRLEN);
let (raw_hdr, _) = tail.split_at(40); let (raw_hdr, _) = tail.split_at(40);
let mut _tail: [u8; 40] = [0; 40]; let mut _tail: [u8; 40] = [0; 40];
_tail.copy_from_slice(raw_hdr); _tail.copy_from_slice(raw_hdr);
//let mut rdr = Cursor::new(_tail); //let mut rdr = Cursor::new(_tail);
Some(IpV6Header { Some(IpV6Header {
version: (&raw_hdr[0] & 0xf0) >> 4, version: (&raw_hdr[0] & 0xf0) >> 4,
traffic_class: ((&raw_hdr[0] & 0x0f) >> 4)| ((&raw_hdr[1] & 0xf0 <<4)) , traffic_class: ((&raw_hdr[0] & 0x0f) >> 4) | (&raw_hdr[1] & 0xf0 << 4),
flow_label: BigEndian::read_u32( &[0x00 ,(&_tail[1] &0x0f) , _tail[2] , _tail[3]]), flow_label: BigEndian::read_u32(&[0x00, (&_tail[1] & 0x0f), _tail[2], _tail[3]]),
payload_length: BigEndian::read_u16(&[_tail[4], _tail[5]]), payload_length: BigEndian::read_u16(&[_tail[4], _tail[5]]),
next_header: _tail[6], next_header: _tail[6],
hop_limit: _tail[7], hop_limit: _tail[7],
source_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[8..24]))), // Results in correct addresses, but interval range is not default [incl..excl]. Watch out! source_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[8..24]))), // Results in correct addresses, but interval range is not default [incl..excl]. Watch out!
destination_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[24..40]))), // Must be byteorder crate !? destination_address: IpAddr::V6(Ipv6Addr::from(BigEndian::read_u128(&_tail[24..40]))), // Must be byteorder crate !?
}) })
} }
@ -183,7 +179,7 @@ pub fn ipv6_handler( packet_data: &[u8] ) -> IpV6Header {
let mut _tail: [u8; 40] = [0; 40]; let mut _tail: [u8; 40] = [0; 40];
_tail.copy_from_slice(&raw_hdr); _tail.copy_from_slice(&raw_hdr);
let v6_header = BitfieldIpV6Header(_tail); let v6_header = BitfieldIpV6Header(_tail);
IpV6Header { IpV6Header {
version: v6_header.get_version(), version: v6_header.get_version(),
@ -195,32 +191,31 @@ pub fn ipv6_handler( packet_data: &[u8] ) -> IpV6Header {
source_address: IpAddr::V6( v6_header.get_source_as_ip_addr() ), source_address: IpAddr::V6( v6_header.get_source_as_ip_addr() ),
destination_address: IpAddr::V6( v6_header.get_destination_address() ), destination_address: IpAddr::V6( v6_header.get_destination_address() ),
} }
}
*/
/* tcp */
#[derive(Debug,Copy,Clone, Serialize, Deserialize)]
pub struct TcpHeader {
pub source_port: u32,
pub destination_port: u32,
pub seq_num: u32,
pub ack_num: u32,
pub data_offset: u32,
pub reserved: u32,
pub ns: u32,
pub cwr: u32,
pub ece: u32,
pub urg: u32,
pub ack: u32,
pub psh: u32,
pub rst: u32,
pub syn: u32,
pub fin: u32,
pub window_size: u32,
pub checksum: u32,
pub urgent_pointer: u32,
} }
*/
/* tcp */
#[derive(Debug, Copy, Clone, Serialize, Deserialize)]
pub struct TcpHeader {
pub source_port: u32,
pub destination_port: u32,
pub seq_num: u32,
pub ack_num: u32,
pub data_offset: u32,
pub reserved: u32,
pub ns: u32,
pub cwr: u32,
pub ece: u32,
pub urg: u32,
pub ack: u32,
pub psh: u32,
pub rst: u32,
pub syn: u32,
pub fin: u32,
pub window_size: u32,
pub checksum: u32,
pub urgent_pointer: u32,
}
bitfield! { bitfield! {
struct BitfieldTcpHeader ( MSB0 [u8] ); struct BitfieldTcpHeader ( MSB0 [u8] );
@ -245,54 +240,52 @@ bitfield! {
get_urgent_pointer, _: 159,144; get_urgent_pointer, _: 159,144;
} }
pub fn tcp_handler ( ip_hlen: u32, packet_data: &[u8] ) -> Option<TcpHeader> { pub fn tcp_handler(ip_hlen: u32, packet_data: &[u8]) -> Option<TcpHeader> {
let (_head, tail) = packet_data.split_at(ETHER_HDRLEN+ip_hlen as usize * 4); let (_head, tail) = packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4);
let (raw_hdr, _) = tail.split_at(20); let (raw_hdr, _) = tail.split_at(20);
let mut _tail: [u8; 20] = [0; 20]; let mut _tail: [u8; 20] = [0; 20];
_tail.copy_from_slice(raw_hdr); _tail.copy_from_slice(raw_hdr);
let tcp_header = BitfieldTcpHeader(_tail); let tcp_header = BitfieldTcpHeader(_tail);
Some(TcpHeader { Some(TcpHeader {
source_port: tcp_header.get_source_port(), source_port: tcp_header.get_source_port(),
destination_port: tcp_header.get_destination_port(), destination_port: tcp_header.get_destination_port(),
seq_num: tcp_header.get_seq_num(), seq_num: tcp_header.get_seq_num(),
ack_num: tcp_header.get_ack_num(), ack_num: tcp_header.get_ack_num(),
data_offset: tcp_header.get_data_offset(), data_offset: tcp_header.get_data_offset(),
reserved: tcp_header.get_reserved(), reserved: tcp_header.get_reserved(),
ns: tcp_header.get_ns().into(), ns: tcp_header.get_ns().into(),
cwr: tcp_header.get_cwr().into(), cwr: tcp_header.get_cwr().into(),
ece: tcp_header.get_ece().into(), ece: tcp_header.get_ece().into(),
urg: tcp_header.get_urg().into(), urg: tcp_header.get_urg().into(),
ack: tcp_header.get_ack().into(), ack: tcp_header.get_ack().into(),
psh: tcp_header.get_psh().into(), psh: tcp_header.get_psh().into(),
rst: tcp_header.get_rst().into(), rst: tcp_header.get_rst().into(),
syn: tcp_header.get_syn().into(), syn: tcp_header.get_syn().into(),
fin: tcp_header.get_fin().into(), fin: tcp_header.get_fin().into(),
window_size: tcp_header.get_window_size(), window_size: tcp_header.get_window_size(),
checksum: tcp_header.get_checksum(), checksum: tcp_header.get_checksum(),
urgent_pointer: tcp_header.get_urgent_pointer(), urgent_pointer: tcp_header.get_urgent_pointer(),
}) })
} }
/* arp */ /* arp */
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ArpHeader { pub struct ArpHeader {
pub htype: u32, pub htype: u32,
pub ptype: u32, pub ptype: u32,
pub hlen: u32, pub hlen: u32,
pub plen: u32, pub plen: u32,
pub oper: u32, pub oper: u32,
pub sha: String, pub sha: String,
pub spa: IpAddr, pub spa: IpAddr,
pub tha: String, pub tha: String,
pub tpa: IpAddr, pub tpa: IpAddr,
} }
// u8, get_source_address, _: 103, 96, 4; // u8, get_source_address, _: 103, 96, 4;
// u32, into Ipv4Addr, get_destination_address, _: 159, 128; // u32, into Ipv4Addr, get_destination_address, _: 159, 128;
bitfield!{ bitfield! {
struct BitfieldArpHeader ( MSB0 [u8] ); struct BitfieldArpHeader ( MSB0 [u8] );
impl Debug; impl Debug;
u32; u32;
@ -302,13 +295,13 @@ bitfield!{
get_plen, _: 5; get_plen, _: 5;
get_oper, _: 6, 7; get_oper, _: 6, 7;
get_sha, _: 8,13; get_sha, _: 8,13;
get_tha, _: 18, 23; get_tha, _: 18, 23;
u8, get_spa, _: 17, 14, 4; u8, get_spa, _: 17, 14, 4;
u32, into Ipv4Addr, get_tpa, _: 28, 24; u32, into Ipv4Addr, get_tpa, _: 28, 24;
} }
impl<T: AsRef<[u8]> + AsMut<[u8]>> BitfieldArpHeader<T> { impl<T: AsRef<[u8]> + AsMut<[u8]>> BitfieldArpHeader<T> {
fn get_spa_as_ip_addr(&self) -> Ipv4Addr{ fn get_spa_as_ip_addr(&self) -> Ipv4Addr {
let mut src = [0; 4]; let mut src = [0; 4];
for (i, src) in src.iter_mut().enumerate() { for (i, src) in src.iter_mut().enumerate() {
*src = self.get_spa(i); *src = self.get_spa(i);
@ -317,57 +310,58 @@ impl<T: AsRef<[u8]> + AsMut<[u8]>> BitfieldArpHeader<T> {
} }
} }
pub fn arp_handler ( packet_data: &[u8] ) -> Option<ArpHeader> { pub fn arp_handler(packet_data: &[u8]) -> Option<ArpHeader> {
let (_head, tail) = packet_data.split_at(ETHER_HDRLEN); let (_head, tail) = packet_data.split_at(ETHER_HDRLEN);
let (raw_hdr, _) = tail.split_at(28); let (raw_hdr, _) = tail.split_at(28);
let mut _tail: [u8; 28] = [0; 28]; let mut _tail: [u8; 28] = [0; 28];
_tail.copy_from_slice(raw_hdr); _tail.copy_from_slice(raw_hdr);
let arp_header = BitfieldArpHeader(_tail); let arp_header = BitfieldArpHeader(_tail);
let _sha: [u8;6] = [0;6]; let _tha: [u8;6] = [0;6]; let _sha: [u8; 6] = [0; 6];
let _tha: [u8; 6] = [0; 6];
_tail[8..13].copy_from_slice(&_sha); _tail[8..13].copy_from_slice(&_sha);
_tail[18..23].copy_from_slice(&_tha); _tail[18..23].copy_from_slice(&_tha);
Some(ArpHeader {
Some(ArpHeader{ htype: arp_header.get_htype(),
htype: arp_header.get_htype(), ptype: arp_header.get_ptype(),
ptype: arp_header.get_ptype(), hlen: arp_header.get_hlen().into(),
hlen: arp_header.get_hlen().into(), plen: arp_header.get_plen().into(),
plen: arp_header.get_plen().into(), oper: arp_header.get_oper(),
oper: arp_header.get_oper(), sha: MacAddress::new(_sha as Eui48).to_hex_string(),
sha: MacAddress::new(_sha as Eui48).to_hex_string(),
//MacAddress::new(arp_header.get_sha() as Eui48).to_hex_string(), //MacAddress::new(arp_header.get_sha() as Eui48).to_hex_string(),
spa: IpAddr::V4(arp_header.get_spa_as_ip_addr()), spa: IpAddr::V4(arp_header.get_spa_as_ip_addr()),
tha: MacAddress::new(_tha as Eui48).to_hex_string(), tha: MacAddress::new(_tha as Eui48).to_hex_string(),
tpa: IpAddr::V4(arp_header.get_tpa()), tpa: IpAddr::V4(arp_header.get_tpa()),
}) })
} }
/* udp */ /* udp */
#[derive(Debug, Copy, Clone, Serialize, Deserialize)] #[derive(Debug, Copy, Clone, Serialize, Deserialize)]
pub struct UdpHeader { pub struct UdpHeader {
pub source_port: u16, pub source_port: u16,
pub destination_port: u16, pub destination_port: u16,
pub length: u16, pub length: u16,
pub checksum: u16, pub checksum: u16,
} }
pub fn udp_handler ( ip_hlen: u32, packet_data: &[u8] ) -> Option<UdpHeader> { pub fn udp_handler(ip_hlen: u32, packet_data: &[u8]) -> Option<UdpHeader> {
let (_head, tail) = packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4 ); let (_head, tail) = packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4);
let (raw_hdr, _) = tail.split_at(8); let (raw_hdr, _) = tail.split_at(8);
let mut _tail: [u8; 8] = [0;8]; let mut _tail: [u8; 8] = [0; 8];
_tail.copy_from_slice(raw_hdr); _tail.copy_from_slice(raw_hdr);
Some(UdpHeader{ Some(UdpHeader {
source_port: BigEndian::read_u16(&_tail[0..2]), source_port: BigEndian::read_u16(&_tail[0..2]),
destination_port: BigEndian::read_u16(&_tail[2..4]), destination_port: BigEndian::read_u16(&_tail[2..4]),
length: BigEndian::read_u16(&_tail[4..6]), length: BigEndian::read_u16(&_tail[4..6]),
checksum: BigEndian::read_u16(&_tail[6..8]), checksum: BigEndian::read_u16(&_tail[6..8]),
}) })
} }
/* payload */ /* payload */
pub fn payload_handler ( ip_hlen: u32, data_offset: u32, packet_data : &[u8] ) -> Option<Vec<u8>> { pub fn payload_handler(ip_hlen: u32, data_offset: u32, packet_data: &[u8]) -> Option<Vec<u8>> {
let (_head, tail)= packet_data.split_at(ETHER_HDRLEN+ip_hlen as usize * 4+data_offset as usize * 4); let (_head, tail) =
Some(tail.to_vec()) packet_data.split_at(ETHER_HDRLEN + ip_hlen as usize * 4 + data_offset as usize * 4);
Some(tail.to_vec())
} }

22
src/parser/reg_parser.rs Normal file
View File

@ -0,0 +1,22 @@
//extern crate rayon;
//extern crate regex;
//use regex::Regex;
//
//struct Regex {
// string: &'static str,
// regex: ::regex::bytes::Regex,
//}
//
//impl Regex {
// fn new (string: &'static str) ->Regex {
// Regex{
// string: string,
// regex: ::regex::bytes::Regex::new(string).unwrap(),
// }
// }
//
//}
//
//
//
//pub fn parse_regex ( reg_str: &str,