src/main.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134

use std::cell::RefCell;
use std::rc::Rc;
use stellar_rs::event::event::BuiltInEvent;
use stellar_rs::event::manager::EventHandle;
use stellar_rs::event::manager::EventManager;
use stellar_rs::packet::capture::PacketCapture;
use stellar_rs::packet::packet::Packet;
use stellar_rs::packet::packet::PacketEvent;
use stellar_rs::plugin::example::ExamplePulgin;
use stellar_rs::session::session::Session;
use stellar_rs::session::session::SessionProto;
use stellar_rs::session::session::SessionState;
use stellar_rs::thread::thread::ThreadContex;

fn trigger_packet_event(
    packet: &Packet,
    session: Option<Rc<RefCell<Session>>>,
    event_mgr: Rc<RefCell<EventManager>>,
) {
    for packet_event in &packet.event {
        match packet_event {
            PacketEvent::L2_EVENT => {
                BuiltInEvent::trigger_l2_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::L2_VLAN => {
                // TODO
            }
            PacketEvent::L3_EVENT => {
                BuiltInEvent::trigger_l3_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::IPV4_EVENT => {
                BuiltInEvent::trigger_ip4_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::IPV6_EVENT => {
                BuiltInEvent::trigger_ip6_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::L4_EVENT => {
                BuiltInEvent::trigger_l4_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::TCP_EVENT => {
                BuiltInEvent::trigger_tcp_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::UDP_EVENT => {
                BuiltInEvent::trigger_udp_event(event_mgr.clone(), session.clone());
            }
            PacketEvent::ICMP_EVENT => {
                // TODO
            }
        }
    }
}

fn trigger_session_event(
    session: Option<Rc<RefCell<Session>>>,
    event_mgr: Rc<RefCell<EventManager>>,
) {
    if session.is_none() {
        return;
    }

    let session_state = session.clone().unwrap().borrow_mut().get_session_state();
    let session_proto = session.clone().unwrap().borrow_mut().get_session_proto();

    match session_state {
        SessionState::New => match session_proto {
            SessionProto::TCP => BuiltInEvent::trigger_tcp_opening_event(event_mgr, session),
            SessionProto::UDP => BuiltInEvent::trigger_udp_opening_event(event_mgr, session),
        },
        SessionState::Active => match session_proto {
            SessionProto::TCP => BuiltInEvent::trigger_tcp_active_event(event_mgr, session),
            SessionProto::UDP => BuiltInEvent::trigger_udp_active_event(event_mgr, session),
        },
        SessionState::Inactive => match session_proto {
            SessionProto::TCP => BuiltInEvent::trigger_tcp_closed_event(event_mgr, session),
            SessionProto::UDP => BuiltInEvent::trigger_udp_expire_event(event_mgr, session),
        },
        SessionState::Expired => match session_proto {
            SessionProto::TCP => BuiltInEvent::trigger_tcp_expire_event(event_mgr, session),
            SessionProto::UDP => BuiltInEvent::trigger_udp_expire_event(event_mgr, session),
        },
    }
}

fn capture_callback(data: &[u8], len: u32, ctx: Rc<RefCell<ThreadContex>>) {
    let event_mgr = ctx.borrow_mut().get_event_mgr();
    let session_mgr = ctx.borrow_mut().get_session_mgr();

    let mut packet = Packet::new(data, len);

    // Handle Packet
    let result = packet.handle();
    match result {
        Ok(_left) => {
            // println!("SUCCESS: {:?}, {:?}", packet, left);
            // println!("SUCCESS: {:#?}, {:?}", packet, left);
            // dbg!(packet);
        }
        Err(e) => {
            // println!("ERROR Data: {:?}", packet);
            // println!("ERROR Code: {:?}", e);
            println!("ERROR Desc: {}", e);
            return;
        }
    }

    // Packets have sessions, triggering both packet events and session events
    if packet.get_inner_tuple().is_some() {
        let flow_id = packet.get_flow_id().unwrap();
        let session = session_mgr.borrow_mut().update(flow_id);
        trigger_packet_event(&packet, Some(session.clone()), event_mgr.clone());
        trigger_session_event(Some(session.clone()), event_mgr.clone());
    // Packets have no sessions, only packet events are triggered
    } else {
        trigger_packet_event(&packet, None, event_mgr.clone());
    }

    // Handle packet events and session events on the current package
    event_mgr.borrow_mut().dispatch(Some(&packet));

    // Handle expire events without packets
    let session = session_mgr.borrow_mut().expire_oldest_session();
    trigger_session_event(session, event_mgr.clone());
    event_mgr.borrow_mut().dispatch(None);
}

fn main() {
    let thread_ctx = Rc::new(RefCell::new(ThreadContex::new()));
    let mut plugin = ExamplePulgin::new("Example Plugin", thread_ctx.clone());
    plugin.init();

    PacketCapture::show_devices();
    let mut cap = PacketCapture::new("en0");
    cap.poll_packet(capture_callback, thread_ctx);
}