extern crate bitfield; extern crate byteorder; extern crate eui48; mod packet_handler; use eui48::{MacAddress}; use pcap::Capture; use regex::bytes::Regex; use std::str; //use std::thread::{spawn, JoinHandle}; //use std::sync::mpsc::{channel, Receiver}; /* protocol ids, LittleEndian */ const ETH_P_IPV6: usize = 0xDD86; const ETH_P_IP: usize = 0x08; const TCP: usize = 0x06; const UDP: usize = 0x11; const ETH_P_ARP: usize = 0x0608; const ETH_P_RARP: usize = 0x3580; fn build_ether() -> packet_handler::EtherHeader { packet_handler::EtherHeader { ether_dhost: MacAddress::new([0;6]), ether_shost: MacAddress::new([0;6]), ether_type: 0, } } #[derive(Debug, Clone)] pub struct QryData { pub id: i32, pub time: f64, pub data: Option>, pub ether_header: packet_handler::EtherHeader, pub ipv4_header: Option, pub ipv6_header: Option, pub tcp_header: Option, pub udp_header: Option, pub arp_header: Option, pub reg_res: Option, } fn init_qrydata( ) -> Result { let ether_init = build_ether(); Ok(QryData { id: 0, time: 0.0, data: None, ether_header: ether_init, ipv4_header: None::, ipv6_header: None::, tcp_header: None::, udp_header: None::, arp_header: None::, reg_res: None::, }) } //fn link_layer_protocol ( packet_data: &[u8] ) -> Option { // Some(packet_handler::ethernet_handler(packet_data)) //this needs some love, obviously //} // //fn network_layer_protocol ( packet_data: &[u8], prot_type: usize ) -> Option { //} // //fn transport_layer_protocol ( packet_data: &[u8], prot_type: usize ) -> Option { //} /* Regex parse _complete_ package */ fn flag_carnage(re: &Regex, payload: &[u8]) -> Option { let mut flags: String = String::new(); for mat in re.find_iter(payload) { flags.push_str(&format!("{} ",std::str::from_utf8(mat.as_bytes()).unwrap())); //flags.push_str(" "); } match 0 < flags.len() { false => None, true => Some(flags), } } pub fn parse(parse_file: &std::path::Path, filter_str: &str, regex_filter: &str) -> Vec { let mut me: QryData = init_qrydata().unwrap(); let mut v: Vec = Vec::new(); let mut cap = Capture::from_file(parse_file).unwrap(); Capture::filter(&mut cap, &filter_str).unwrap(); let re = Regex::new(regex_filter).unwrap(); while let Ok(packet) = cap.next() { me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; me.data = Some(packet.data.to_vec()); me.reg_res = flag_carnage(&re, packet.data); me.ether_header = packet_handler::ethernet_handler(packet.data); match me.ether_header.ether_type as usize { ETH_P_IP => { me.ipv6_header = None::; me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap(); match me.ipv4_header.unwrap().ip_protocol as usize { TCP => { me.udp_header = None::; me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data, )) .unwrap(); me.data = Some(packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, me.tcp_header.unwrap().data_offset, packet.data, )).unwrap(); } UDP => { me.tcp_header = None::; me.udp_header = Some(packet_handler::udp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data, )) .unwrap(); me.data = Some(packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, 7, packet.data, )).unwrap(); } _ => println!("network protocol not implemented"), } } ETH_P_IPV6 => { me.ipv4_header = None::; me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap(); match me.ipv6_header.unwrap().next_header as usize { TCP => { me.udp_header = None::; me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler( 10, me.tcp_header.unwrap().data_offset, packet.data, )).unwrap(); } UDP => { me.tcp_header = None::; me.udp_header = Some(packet_handler::udp_handler(10, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler(10, 7, packet.data)).unwrap(); } _ => println!("network protocol not implemented"), } } ETH_P_ARP | ETH_P_RARP => { me.arp_header = Some(packet_handler::arp_handler(packet.data)).unwrap(); me.data = None; } _ => println!("network protocol not implemented"), } v.push(QryData { id: 0, time: me.time, data: me.data, ether_header: me.ether_header, ipv4_header: me.ipv4_header, ipv6_header: me.ipv6_header, tcp_header: me.tcp_header, udp_header: me.udp_header, arp_header: me.arp_header, reg_res: me.reg_res, }); } v } /* This could need some love */ pub fn parse_device(parse_device: &str, filter_str: &str, insert_max: &usize, regex_filter: &str) -> Vec { let mut me: QryData = init_qrydata ( ).unwrap(); let mut v: Vec = Vec::new(); let mut cap = Capture::from_device(parse_device).unwrap().open().unwrap(); Capture::filter(&mut cap, &filter_str).unwrap(); let re = Regex::new(regex_filter).unwrap(); 'parse: while let Ok(packet) = cap.next() { me.time = (packet.header.ts.tv_usec as f64 / 1000000.0) + packet.header.ts.tv_sec as f64; me.data = Some(packet.data.to_vec()); me.reg_res = flag_carnage(&re, packet.data); me.ether_header = packet_handler::ethernet_handler(packet.data); match me.ether_header.ether_type as usize { ETH_P_IP => { me.ipv6_header = None::; me.ipv4_header = Some(packet_handler::ip_handler(packet.data)).unwrap(); match me.ipv4_header.unwrap().ip_protocol as usize { TCP => { me.tcp_header = Some(packet_handler::tcp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data, )) .unwrap(); me.data = Some(packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, me.tcp_header.unwrap().data_offset, packet.data, )).unwrap(); } UDP => { me.udp_header = Some(packet_handler::udp_handler( me.ipv4_header.unwrap().ip_ihl, packet.data, )) .unwrap(); me.data = Some(packet_handler::payload_handler( me.ipv4_header.unwrap().ip_ihl, 7, packet.data, )).unwrap(); } _ => println!("network protocol not implemented"), } } ETH_P_IPV6 => { me.ipv4_header = None::; me.ipv6_header = Some(packet_handler::ipv6_handler(packet.data)).unwrap(); match me.ipv6_header.unwrap().next_header as usize { TCP => { me.tcp_header = Some(packet_handler::tcp_handler(10, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler( 10, me.tcp_header.unwrap().data_offset, packet.data, )).unwrap(); } UDP => { me.udp_header = Some(packet_handler::udp_handler(10, packet.data)).unwrap(); me.data = Some(packet_handler::payload_handler(10, 7, packet.data)).unwrap(); } _ => println!("network protocol not implemented"), } } ETH_P_ARP | ETH_P_RARP => { me.arp_header = Some(packet_handler::arp_handler(packet.data)).unwrap(); me.data = None; } _ => println!("network protocol not implemented"), } v.push(QryData { id: 0, time: me.time, data: me.data, ether_header: me.ether_header, ipv4_header: me.ipv4_header, ipv6_header: me.ipv6_header, tcp_header: me.tcp_header, udp_header: me.udp_header, arp_header: me.arp_header, reg_res: me.reg_res, }); if &v.len() >= insert_max { break 'parse; } } v }