diff options
| author | Kelvin Zhang <zhangxp1998@gmail.com> | 2020-01-12 20:04:23 -0500 |
|---|---|---|
| committer | Kelvin Zhang <zhangxp1998@gmail.com> | 2020-01-13 15:36:26 -0500 |
| commit | 93783eed03c05e92028d953dd4caf078b1d593d7 (patch) | |
| tree | ccca9ac4e0c76a686565a56c3ebd4cf009726914 | |
| parent | 88e4f413ffa62b1d588f63281400511924bdcc94 (diff) | |
Fix regex for parsing ipv6 listening sockets
| -rw-r--r-- | src/network/sniffer.rs | 15 | ||||
| -rw-r--r-- | src/os/lsof_utils.rs | 2 |
2 files changed, 14 insertions, 3 deletions
diff --git a/src/network/sniffer.rs b/src/network/sniffer.rs index ab23906..b7dcd54 100644 --- a/src/network/sniffer.rs +++ b/src/network/sniffer.rs @@ -14,6 +14,7 @@ use ::std::net::{IpAddr, SocketAddr}; use crate::network::{Connection, Protocol}; +#[derive(Debug)] pub struct Segment { pub interface_name: String, pub connection: Connection, @@ -93,12 +94,22 @@ impl Sniffer { } pub fn next(&mut self) -> Option<Segment> { let bytes = self.network_frames.next().ok()?; - let ip_packet = Ipv4Packet::new(&bytes)?; + // See https://github.com/libpnet/libpnet/blob/master/examples/packetdump.rs + let payload_offset = if self.network_interface.is_loopback() { + // The pnet code for BPF loopback adds a zero'd out Ethernet header + 14 + } else { + 0 + }; + let ip_packet = Ipv4Packet::new(&bytes[payload_offset..])?; let version = ip_packet.get_version(); match version { 4 => Self::handle_v4(ip_packet, &self.network_interface), - 6 => Self::handle_v6(Ipv6Packet::new(&bytes)?, &self.network_interface), + 6 => Self::handle_v6( + Ipv6Packet::new(&bytes[payload_offset..])?, + &self.network_interface, + ), _ => { let pkg = EthernetPacket::new(bytes)?; match pkg.get_ethertype() { diff --git a/src/os/lsof_utils.rs b/src/os/lsof_utils.rs index 72cc009..fa51fa1 100644 --- a/src/os/lsof_utils.rs +++ b/src/os/lsof_utils.rs @@ -18,7 +18,7 @@ pub struct RawConnection { lazy_static! { static ref CONNECTION_REGEX: Regex = Regex::new(r"\[?([^\s\]]*)\]?:(\d+)->\[?([^\s\]]*)\]?:(\d+)").unwrap(); - static ref LISTEN_REGEX: Regex = Regex::new(r"(.*):(.*)").unwrap(); + static ref LISTEN_REGEX: Regex = Regex::new(r"\[?([^\s\[\]]*)\]?:(.*)").unwrap(); } fn get_null_addr(ip_type: &str) -> &str { |