Merge pull request #2 from dbcfd/bpf-support

dbcfd · web-flow · commit 4444d6d11fb4 · 2019-06-19T13:14:00.000-06:00
Improve support for compiling bpf's via pcap_open_dead
diff --git a/src/bpf.rs b/src/bpf.rs
@@ -0,0 +1,24 @@
+/// Wrapper for bpf_program to ensure correct drops
+#[derive(Debug)]
+pub struct Bpf {
+    inner: pcap_sys::bpf_program,
+}
+
+impl Bpf {
+    pub fn new(inner: pcap_sys::bpf_program) -> Bpf {
+        Bpf {
+            inner
+        }
+    }
+    pub fn inner_mut(&mut self) -> &mut pcap_sys::bpf_program {
+        &mut self.inner
+    }
+}
+
+impl Drop for Bpf {
+    fn drop(&mut self) {
+        unsafe {
+            pcap_sys::pcap_freecode(&mut self.inner);
+        }
+    }
+}
diff --git a/src/errors.rs b/src/errors.rs
@@ -30,6 +30,8 @@ pub enum Error {
         #[fail(cause)]
         error: failure::Error,
     },
+    #[fail(display = "{}", msg)]
+    Custom { msg: String },
 }
 
 unsafe impl Sync for Error {}
diff --git a/src/handle.rs b/src/handle.rs
@@ -1,7 +1,11 @@
 use crate::{errors::Error, pcap_util, stats::Stats};
+use crate::bpf::Bpf;
 use log::*;
-use std;
+use std::path::Path;
+use std::os::raw::c_int;
 
+/// Wrapper around a pcap_t handle to indicate live or offline capture, and allow the handle to
+/// be interrupted to stop capture.
 #[derive(Clone)]
 pub struct Handle {
     handle: *mut pcap_sys::pcap_t,
@@ -17,6 +21,7 @@ impl Handle {
         self.live_capture
     }
 
+    /// Create a live capture from a string representing an interface
     pub fn live_capture(iface: &str) -> Result<std::sync::Arc<Handle>, Error> {
         let device_str = std::ffi::CString::new(iface).map_err(Error::Ffi)?;
 
@@ -43,7 +48,13 @@ impl Handle {
         r
     }
 
-    pub fn file_capture(path: &str) -> Result<std::sync::Arc<Handle>, Error> {
+    /// Create an offline capture from a path to a file
+    pub fn file_capture<P: AsRef<Path>>(path: P) -> Result<std::sync::Arc<Handle>, Error> {
+        let path = if let Some(s) = path.as_ref().to_str() {
+            s
+        } else {
+            return Err(Error::Custom { msg: format!("Invalid path: {:?}", path.as_ref()) })
+        };
         let device_str = std::ffi::CString::new(path).map_err(Error::Ffi)?;
 
         let errbuf = ([0i8; 256]).as_mut_ptr();
@@ -69,6 +80,23 @@ impl Handle {
         r
     }
 
+    /// Create a dead handle, typically used for compiling bpf's
+    pub fn dead(linktype: i32, snaplen: i32) -> Result<std::sync::Arc<Handle>, Error> {
+        let h = unsafe { pcap_sys::pcap_open_dead(linktype as c_int, snaplen as c_int) };
+        if h.is_null() {
+            error!("Failed to create dead handle");
+            Err(Error::Custom { msg: "Could not create dead handle".to_owned() })
+        } else {
+            info!("Dead handle created");
+            let handle = std::sync::Arc::new(Handle {
+                handle: h,
+                live_capture: false,
+                interrupted: std::sync::Arc::new(std::sync::Mutex::new(false))
+            });
+            Ok(handle)
+        }
+    }
+
     pub fn lookup() -> Result<std::sync::Arc<Handle>, Error> {
         let errbuf = ([0i8; 256]).as_mut_ptr();
         let dev = unsafe { pcap_sys::pcap_lookupdev(errbuf) };
@@ -138,10 +166,10 @@ impl Handle {
         }
     }
 
-    pub fn set_bpf(
+    pub fn compile_bpf(
         &self,
-        bpf: &String,
-    ) -> Result<&Self, Error> {
+        bpf: &str,
+    ) -> Result<Bpf, Error> {
         let mut bpf_program = pcap_sys::bpf_program {
             bf_len: 0,
             bf_insns: std::ptr::null_mut(),
@@ -161,10 +189,16 @@ impl Handle {
             return Err(pcap_util::convert_libpcap_error(self.handle));
         }
 
-        let ret_code = unsafe { pcap_sys::pcap_setfilter(self.handle, &mut bpf_program) };
-        unsafe {
-            pcap_sys::pcap_freecode(&mut bpf_program);
-        }
+        Ok(Bpf::new(bpf_program))
+    }
+
+    pub fn set_bpf(
+        &self,
+        bpf: Bpf,
+    ) -> Result<&Self, Error> {
+        let mut bpf = bpf;
+
+        let ret_code = unsafe { pcap_sys::pcap_setfilter(self.handle, bpf.inner_mut()) };
         if ret_code != 0 {
             return Err(pcap_util::convert_libpcap_error(self.handle));
         }
@@ -259,4 +293,22 @@ mod tests {
 
         assert!(handle.is_ok());
     }
+    #[test]
+    fn open_dead() {
+        let _ = env_logger::try_init();
+
+        let handle = Handle::dead(0, 0);
+
+        assert!(handle.is_ok());
+    }
+    #[test]
+    fn bpf_compile() {
+        let _ = env_logger::try_init();
+
+        let handle = Handle::dead(0, 1555).expect("Could not create dead handle");
+
+        let bpf = handle.compile_bpf("(not (net 192.168.0.0/16 and port 443)) and (not (host 192.1.2.3 and port 443))");
+
+        assert!(bpf.is_ok(), "{:?}", bpf);
+    }
 }
diff --git a/src/lib.rs b/src/lib.rs
@@ -1,6 +1,6 @@
 #![allow(dead_code, unused_imports)]
-#![feature(ptr_internals, test, async_await, await_macro)]
-
+#![feature(ptr_internals, test, async_await)]
+pub mod bpf;
 pub mod config;
 pub mod errors;
 pub mod handle;
@@ -71,7 +71,7 @@ async fn next_packets(
                     debug!("No packets read, delaying to retry");
 
                     let f = tokio_timer::sleep(delay).compat();
-                    if let Err(e) = await!(f) {
+                    if let Err(e) = f.await {
                         error!("Failed to delay: {:?}", e);
                     }
                 } else {
diff --git a/src/provider.rs b/src/provider.rs
@@ -37,6 +37,7 @@ impl PacketProvider {
                 .activate()?;
 
             if let Some(bpf) = config.bpf() {
+                let bpf = handle.compile_bpf(bpf)?;
                 handle.set_bpf(bpf)?;
             }
         }
@@ -64,7 +65,7 @@ mod tests {
         let mut provider = provider;
         let mut agg = 0;
         loop {
-            if let Some(p) = await!(provider.next_packets()) {
+            if let Some(p) = provider.next_packets().await {
                 agg += p.len();
             } else {
                 break;
@@ -88,7 +89,7 @@ mod tests {
 
         let packet_provider =
             PacketProvider::new(Config::default(), std::sync::Arc::clone(&handle)).expect("Failed to build");
-        let fut_packets: std::pin::Pin<Box<std::future::Future<Output = usize> + Send>> =
+        let fut_packets: std::pin::Pin<Box<dyn std::future::Future<Output = usize> + Send>> =
             get_packets(packet_provider).boxed();
         let packets = futures::executor::block_on(fut_packets);
 
diff --git a/src/stream.rs b/src/stream.rs
@@ -29,6 +29,7 @@ impl PacketStream {
                 .activate()?;
 
             if let Some(bpf) = config.bpf() {
+                let bpf = handle.compile_bpf(bpf)?;
                 handle.set_bpf(bpf)?;
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,8 @@ pub enum Error {`
`30`	`30`	`#[fail(cause)]`
`31`	`31`	`error: failure::Error,`
`32`	`32`	`},`
	`33`	`+ #[fail(display = "{}", msg)]`
	`34`	`+ Custom { msg: String },`
`33`	`35`	`}`
`34`	`36`
`35`	`37`	`unsafe impl Sync for Error {}`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ impl PacketStream {`
`29`	`29`	`.activate()?;`
`30`	`30`
`31`	`31`	`if let Some(bpf) = config.bpf() {`
	`32`	`+ let bpf = handle.compile_bpf(bpf)?;`
`32`	`33`	`handle.set_bpf(bpf)?;`
`33`	`34`	`}`
`34`	`35`	`}`