From 50524cb5aee1f1f4464f60467122a44befc11203 Mon Sep 17 00:00:00 2001 From: zedddie Date: Tue, 17 Mar 2026 22:27:24 +0100 Subject: use ihl to derive port bytes --- src/sniffing/headers.rs | 6 ++++-- tests/headers.rs | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/sniffing/headers.rs b/src/sniffing/headers.rs index a5b0480..2472981 100644 --- a/src/sniffing/headers.rs +++ b/src/sniffing/headers.rs @@ -52,13 +52,15 @@ pub fn sniff_raw_packets(packet: &Packet) -> SniffedPacket { let ver = packet[0] >> 4; match ver { 4 => { - let dst_port = Port::from_be_bytes([packet[22], packet[23]]); + // Internet Header Length (IHL). + let ihl = (packet[0] & 0x0F) as usize * 4; + let dst_port = Port::from_be_bytes([packet[ihl+2], packet[ihl+3]]); let dns; if dst_port == 53 { dns = true; } else { dns = false; }; // FIXME: hardcoded IPv4 port offset let v4 = PacketInfo::V4{ src_ip: ::try_from(&packet[12..16])?, - src_port: Port::from_be_bytes([packet[20], packet[21]]), + src_port: Port::from_be_bytes([packet[ihl], packet[ihl+1]]), dst_ip: ::try_from(&packet[16..20])?, dst_port, protocol: match packet[9] { diff --git a/tests/headers.rs b/tests/headers.rs index d7daef5..3c1b74a 100644 --- a/tests/headers.rs +++ b/tests/headers.rs @@ -115,7 +115,7 @@ fn generic_typeck() -> Result<(), Box> { // [0] IPv4 TCP 192.168.1.100:4832 → 93.184.216.34:443 assert_eq!( sniff_raw_packets(test_suite[0])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [192, 168, 1, 100], src_port: 4832, dst_ip: [93, 184, 216, 34], @@ -127,7 +127,7 @@ fn generic_typeck() -> Result<(), Box> { // [1] IPv4 UDP 10.0.0.9:5353 → 224.0.0.251:5353 (mDNS) assert_eq!( sniff_raw_packets(test_suite[1])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [10, 0, 0, 9], src_port: 5353, dst_ip: [224, 0, 0, 251], @@ -139,7 +139,7 @@ fn generic_typeck() -> Result<(), Box> { // [2] IPv4 UDP 10.0.0.9:1024 → 8.8.8.8:53 (DNS) assert_eq!( sniff_raw_packets(test_suite[2])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [10, 0, 0, 9], src_port: 1024, dst_ip: [8, 8, 8, 8], @@ -151,7 +151,7 @@ fn generic_typeck() -> Result<(), Box> { // [3] IPv4 TCP 10.0.0.5:54321 → 10.0.0.1:80 (HTTP) assert_eq!( sniff_raw_packets(test_suite[3])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [10, 0, 0, 5], src_port: 54321, dst_ip: [10, 0, 0, 1], @@ -163,7 +163,7 @@ fn generic_typeck() -> Result<(), Box> { // [4] IPv4 TCP 172.16.0.1:65535 → 172.16.0.2:8080 assert_eq!( sniff_raw_packets(test_suite[4])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [172, 16, 0, 1], src_port: 65535, dst_ip: [172, 16, 0, 2], @@ -175,7 +175,7 @@ fn generic_typeck() -> Result<(), Box> { // [5] IPv4 TCP IHL=6 10.0.0.1:9090 → 10.0.0.2:22 (requires IHL-based offset) assert_eq!( sniff_raw_packets(test_suite[5])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [10, 0, 0, 1], src_port: 9090, dst_ip: [10, 0, 0, 2], @@ -187,7 +187,7 @@ fn generic_typeck() -> Result<(), Box> { // [6] IPv4 ICMP (unsupported, "ports" are just ICMP body bytes) assert_eq!( sniff_raw_packets(test_suite[6])?, - PacketInfo::V4 { + PacketInfo::V6 { dns: false, src_ip: [10, 0, 0, 9], src_port: 2048, dst_ip: [10, 0, 0, 1], @@ -199,7 +199,7 @@ fn generic_typeck() -> Result<(), Box> { // [7] IPv6 TCP [::1]:4000 → [2606:4700::1]:443 assert_eq!( sniff_raw_packets(test_suite[7])?, - PacketInfo::V6 { + PacketInfo::V6 { dns: false, src_ip: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], src_port: 4000, dst_ip: [0x26, 0x06, 0x47, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], @@ -211,7 +211,7 @@ fn generic_typeck() -> Result<(), Box> { // [8] IPv6 UDP [fd00::9]:1234 → [fd00::1]:53 (requires fixing 17 => UDP) assert_eq!( sniff_raw_packets(test_suite[8])?, - PacketInfo::V6 { + PacketInfo::V6 { dns: false, src_ip: [0xFD, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9], src_port: 1234, dst_ip: [0xFD, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], @@ -223,7 +223,7 @@ fn generic_typeck() -> Result<(), Box> { // [9] IPv6 ICMPv6 (unsupported, "ports" are ICMPv6 body bytes) assert_eq!( sniff_raw_packets(test_suite[9])?, - PacketInfo::V6 { + PacketInfo::V6 { dns: false, src_ip: [0xFE, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], src_port: 32768, dst_ip: [0xFF, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], -- cgit v1.2.3 From 1a5b7da6ae20cece911c05b1384a3373239772a3 Mon Sep 17 00:00:00 2001 From: zedddie Date: Tue, 17 Mar 2026 23:15:47 +0100 Subject: really broken WIP for now xD --- src/sniffing/headers.rs | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/src/sniffing/headers.rs b/src/sniffing/headers.rs index 2472981..f5b3477 100644 --- a/src/sniffing/headers.rs +++ b/src/sniffing/headers.rs @@ -1,4 +1,5 @@ use tun::Error; +use std::fmt; // Here we will recieve bytes and try to get their destanation & apply Rules for them. use crate::config::Config; @@ -9,6 +10,13 @@ pub enum Protocol { UDP, Unsupported(u8) } +type SourceV4Ip = Ipv4; +type SourceV6Ip = Ipv6; +pub enum IpVersion { + V4, + V6 +} +// type IpVersion = String; type Ipv4 = [u8; 4]; type Ipv6 = [u8; 16]; type Port = u16; @@ -34,7 +42,51 @@ pub enum PacketInfo { } } +impl fmt::Display for PacketInfo { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + if self.version() == "Ipv4" { + let src_ip = self.src_ipv4_ip(); + let dst_ip = self.dst_ipv4_ip(); + write!(f, "{} {}.{}.{}.{}:{} -> {}.{}.{}.{}:{} PROTO {} DNS? {}", self.version(), src_ip[0], src_ip[1], src_ip[2], src_ip[3], self.src_port, dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], self.dst_port(), self.protocol(), self.dns()) + } + // write!(f, "{} {}:{} -> {}:{} PROTO {} DNS? {}", self.version(), self.) + } +} + impl PacketInfo { + pub fn dns(&self) -> &bool { + match self { + PacketInfo::V4 { dns, ..} => dns, + PacketInfo::V6 { dns, ..} => dns, + } + } + pub fn dst_ipv4_ip(&self) -> &SourceV4Ip { + match self { + PacketInfo::V4 { dst_ip, .. } => dst_ip, + _ => &[0x0, 0x0, 0x0, 0x0].try_into().expect("this never should fail or even be called in the first place.") + } + } + pub fn src_ipv6_ip(&self) -> &SourceV6Ip { + match self { + PacketInfo::V6 { src_ip, .. } => src_ip, + _ => &[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0].try_into().expect("this never should fail or even be called in the first place.") + } + } + pub fn src_ipv4_ip(&self) -> &SourceV4Ip { + match self { + PacketInfo::V4 { src_ip, .. } => src_ip, + _ => &[0x0, 0x0, 0x0, 0x0].try_into().expect("this never should fail or even be called in the first place.") + } + } + pub fn src_ipv6_ip(&self) -> &SourceV6Ip { + PacketInfo::V6.src_ip + } + pub fn version(&self) -> &IpVersion { + match self { + PacketInfo::V4 { .. }=> &IpVersion::V4, + PacketInfo::V6 { .. }=> &IpVersion::V6 + } + } pub fn protocol(&self) -> &Protocol { match self { PacketInfo::V4 { protocol, .. } => protocol, -- cgit v1.2.3 From d0513bec6a51ee5d27cc90003945185438eca4a6 Mon Sep 17 00:00:00 2001 From: zedddie Date: Mon, 23 Mar 2026 19:11:40 +0100 Subject: impl Display trait for PacketInfo --- src/sniffing/headers.rs | 57 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/src/sniffing/headers.rs b/src/sniffing/headers.rs index f5b3477..4514e3b 100644 --- a/src/sniffing/headers.rs +++ b/src/sniffing/headers.rs @@ -12,11 +12,11 @@ pub enum Protocol { } type SourceV4Ip = Ipv4; type SourceV6Ip = Ipv6; +#[derive(PartialEq, Debug)] pub enum IpVersion { V4, V6 } -// type IpVersion = String; type Ipv4 = [u8; 4]; type Ipv6 = [u8; 16]; type Port = u16; @@ -44,12 +44,16 @@ pub enum PacketInfo { impl fmt::Display for PacketInfo { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - if self.version() == "Ipv4" { - let src_ip = self.src_ipv4_ip(); - let dst_ip = self.dst_ipv4_ip(); - write!(f, "{} {}.{}.{}.{}:{} -> {}.{}.{}.{}:{} PROTO {} DNS? {}", self.version(), src_ip[0], src_ip[1], src_ip[2], src_ip[3], self.src_port, dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], self.dst_port(), self.protocol(), self.dns()) + if self.version() == &IpVersion::V4 { + let src_ip = self.src_ipv4_ip().unwrap(); + let dst_ip = self.dst_ipv4_ip().unwrap(); + write!(f, "{:?} {}.{}.{}.{}:{} -> {}.{}.{}.{}:{} {:?} is dns? {:?}", self.version(), src_ip[0], src_ip[1], src_ip[2], src_ip[3], self.src_port(), dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], self.dst_port(), self.protocol(), self.dns()) + } else { + let src_ip = self.src_ipv6_ip().unwrap(); + let dst_ip = self.dst_ipv6_ip().unwrap(); + // y:y:y:y:y:y:y:y = 8 hexademical + write!(f, "{:?} {}:{}:{}:{}:{}:{}:{}:{} port:{} -> {}:{}:{}:{}:{}:{}:{}:{} port:{} {:?} is dns? {:?}", self.version(), src_ip[0], src_ip[1], src_ip[2], src_ip[3], src_ip[4], src_ip[5], src_ip[6], src_ip[7], self.src_port(), dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], dst_ip[4], dst_ip[5], dst_ip[6], dst_ip[7], self.dst_port(), self.protocol(), self.dns()) } - // write!(f, "{} {}:{} -> {}:{} PROTO {} DNS? {}", self.version(), self.) } } @@ -60,26 +64,41 @@ impl PacketInfo { PacketInfo::V6 { dns, ..} => dns, } } - pub fn dst_ipv4_ip(&self) -> &SourceV4Ip { + pub fn src_ipv6_ip(&self) -> Option<&SourceV6Ip> { match self { - PacketInfo::V4 { dst_ip, .. } => dst_ip, - _ => &[0x0, 0x0, 0x0, 0x0].try_into().expect("this never should fail or even be called in the first place.") + PacketInfo::V6 { src_ip, .. } => Some(src_ip), + _ => None } } - pub fn src_ipv6_ip(&self) -> &SourceV6Ip { + pub fn dst_ipv6_ip(&self) -> Option<&SourceV6Ip> { match self { - PacketInfo::V6 { src_ip, .. } => src_ip, - _ => &[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0].try_into().expect("this never should fail or even be called in the first place.") + PacketInfo::V6 { dst_ip, .. } => Some(dst_ip), + _ => None } } - pub fn src_ipv4_ip(&self) -> &SourceV4Ip { + pub fn src_ipv4_ip(&self) -> Option<&SourceV4Ip> { match self { - PacketInfo::V4 { src_ip, .. } => src_ip, - _ => &[0x0, 0x0, 0x0, 0x0].try_into().expect("this never should fail or even be called in the first place.") + PacketInfo::V4 { src_ip, .. } => Some(src_ip), + _ => None, } } - pub fn src_ipv6_ip(&self) -> &SourceV6Ip { - PacketInfo::V6.src_ip + pub fn dst_ipv4_ip(&self) -> Option<&SourceV4Ip> { + match self { + PacketInfo::V4 { dst_ip, .. } => Some(dst_ip), + _ => None + } + } + pub fn src_port(&self) -> &Port { + match self { + PacketInfo::V4 { src_port, .. } => src_port, + PacketInfo::V6 { src_port, .. } => src_port + } + } + pub fn dst_port(&self) -> &Port { + match self { + PacketInfo::V4 { dst_port, .. } => dst_port, + PacketInfo::V6 { dst_port, .. } => dst_port + } } pub fn version(&self) -> &IpVersion { match self { @@ -123,7 +142,7 @@ pub fn sniff_raw_packets(packet: &Packet) -> SniffedPacket { dns }; if !matches!(v4.protocol(), Protocol::Unsupported(_)) { - println!("{v4:?}"); + println!("{v4}"); } else { // TODO: make --debug option which will include this diagnostic, for general use this // should be off @@ -148,7 +167,7 @@ pub fn sniff_raw_packets(packet: &Packet) -> SniffedPacket { dns }; if !matches!(v6.protocol(), Protocol::Unsupported(_)) { - println!("{v6:?}"); + println!("{v6}"); } else { // TODO: make --debug option which will include this diagnostic, for general use this // should be off -- cgit v1.2.3 From eedb2c5d02fa5b124c9d859c973939880a84cb76 Mon Sep 17 00:00:00 2001 From: zedddie Date: Mon, 23 Mar 2026 20:23:41 +0100 Subject: wip&fixme --- src/sniffing/headers.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/sniffing/headers.rs b/src/sniffing/headers.rs index 4514e3b..d49d402 100644 --- a/src/sniffing/headers.rs +++ b/src/sniffing/headers.rs @@ -18,7 +18,7 @@ pub enum IpVersion { V6 } type Ipv4 = [u8; 4]; -type Ipv6 = [u8; 16]; +type Ipv6 = [u16; 8]; type Port = u16; #[derive(Debug, PartialEq)] pub enum PacketInfo { @@ -128,7 +128,6 @@ pub fn sniff_raw_packets(packet: &Packet) -> SniffedPacket { let dst_port = Port::from_be_bytes([packet[ihl+2], packet[ihl+3]]); let dns; if dst_port == 53 { dns = true; } else { dns = false; }; - // FIXME: hardcoded IPv4 port offset let v4 = PacketInfo::V4{ src_ip: ::try_from(&packet[12..16])?, src_port: Port::from_be_bytes([packet[ihl], packet[ihl+1]]), @@ -151,11 +150,14 @@ pub fn sniff_raw_packets(packet: &Packet) -> SniffedPacket { Ok(v4) }, 6 => { - let dst_port = Port::from_be_bytes([packet[22], packet[23]]); + // FIXME: fix ipv6 type representation to u16 paired u8 + let src_ip_bytes = &packet[8..24]; + let src_ip = src_ip_bytes.chunks(2).map(|b| u16::from_be_bytes(b[0], b[1])); + let dst_port = Port::from_be_bytes([packet[42], packet[43]]); let dns; if dst_port == 53 { dns = true; } else { dns = false; }; let v6 = PacketInfo::V6{ - src_ip: ::try_from(&packet[8..24])?, + src_ip, src_port: Port::from_be_bytes([packet[40], packet[41]]), dst_ip: ::try_from(&packet[24..40])?, dst_port, -- cgit v1.2.3 From f74089a3651b8f26e7bda24afe9fd92794eea33c Mon Sep 17 00:00:00 2001 From: zedddie Date: Mon, 23 Mar 2026 20:58:56 +0100 Subject: fix ipv6 src&dst ip representation in PacketInfo --- src/sniffing/headers.rs | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/sniffing/headers.rs b/src/sniffing/headers.rs index d49d402..40a311c 100644 --- a/src/sniffing/headers.rs +++ b/src/sniffing/headers.rs @@ -47,12 +47,12 @@ impl fmt::Display for PacketInfo { if self.version() == &IpVersion::V4 { let src_ip = self.src_ipv4_ip().unwrap(); let dst_ip = self.dst_ipv4_ip().unwrap(); - write!(f, "{:?} {}.{}.{}.{}:{} -> {}.{}.{}.{}:{} {:?} is dns? {:?}", self.version(), src_ip[0], src_ip[1], src_ip[2], src_ip[3], self.src_port(), dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], self.dst_port(), self.protocol(), self.dns()) + write!(f, "{}.{}.{}.{}:{} -> {}.{}.{}.{}:{} {:?} is dns? {:?}", src_ip[0], src_ip[1], src_ip[2], src_ip[3], self.src_port(), dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], self.dst_port(), self.protocol(), self.dns()) } else { let src_ip = self.src_ipv6_ip().unwrap(); let dst_ip = self.dst_ipv6_ip().unwrap(); - // y:y:y:y:y:y:y:y = 8 hexademical - write!(f, "{:?} {}:{}:{}:{}:{}:{}:{}:{} port:{} -> {}:{}:{}:{}:{}:{}:{}:{} port:{} {:?} is dns? {:?}", self.version(), src_ip[0], src_ip[1], src_ip[2], src_ip[3], src_ip[4], src_ip[5], src_ip[6], src_ip[7], self.src_port(), dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], dst_ip[4], dst_ip[5], dst_ip[6], dst_ip[7], self.dst_port(), self.protocol(), self.dns()) + // y:y:y:y:y:y:y:y = 8 hexademical; y = segment, pair of 2 u8 big endian + write!(f, "{:x}:{:x}:{:x}:{:x}:{:x}:{:x}:{:x}:{:x} port:{} -> {:x}:{:x}:{:x}:{:x}:{:x}:{:x}:{:x}:{:x} port:{} {:?} is dns? {:?}", src_ip[0], src_ip[1], src_ip[2], src_ip[3], src_ip[4], src_ip[5], src_ip[6], src_ip[7], self.src_port(), dst_ip[0], dst_ip[1], dst_ip[2], dst_ip[3], dst_ip[4], dst_ip[5], dst_ip[6], dst_ip[7], self.dst_port(), self.protocol(), self.dns()) } } } @@ -150,16 +150,17 @@ pub fn sniff_raw_packets(packet: &Packet) -> SniffedPacket { Ok(v4) }, 6 => { - // FIXME: fix ipv6 type representation to u16 paired u8 - let src_ip_bytes = &packet[8..24]; - let src_ip = src_ip_bytes.chunks(2).map(|b| u16::from_be_bytes(b[0], b[1])); + // y:y:y:y:y:y:y:y hexademical; y = segment, pair of 2 u8 in big endian + let src_ip = std::array::from_fn(|i| u16::from_be_bytes([packet[8 + i*2], packet[8 + i*2 + 1]])); + let dst_ip = std::array::from_fn(|i| u16::from_be_bytes([packet[24 + i*2], packet[24 + i*2 + 1]])); + let dst_port = Port::from_be_bytes([packet[42], packet[43]]); let dns; if dst_port == 53 { dns = true; } else { dns = false; }; let v6 = PacketInfo::V6{ src_ip, src_port: Port::from_be_bytes([packet[40], packet[41]]), - dst_ip: ::try_from(&packet[24..40])?, + dst_ip, dst_port, protocol: match packet[6] { 6 => Protocol::TCP, -- cgit v1.2.3