[output] unify label (#26)

* unify label * clean output * fixing MTU * lint fixed * mtu ipv6 fixed
biandratti · Dec 1, 2024 · 8458b48 · 8458b48
1 parent 480f95c
commit 8458b48
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 26 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -31,6 +31,7 @@ impl<'a> P0f<'a> {
     pub fn analyze_tcp(&mut self, packet: &[u8]) -> P0fOutput {
         if let Ok(observable_signature) = ObservableSignature::extract(packet, &mut self.cache) {
             if observable_signature.from_client {
+                //println!("MTU {:?}", observable_signature.mtu);
                 let mtu: Option<MTUOutput> = if let Some(mtu) = observable_signature.mtu {
                     if let Some((link, _matched_mtu)) = self.matcher.matching_by_mtu(&mtu) {
                         Some(MTUOutput {
@@ -57,7 +58,12 @@ impl<'a> P0f<'a> {
                         sig: observable_signature.signature,
                     })
                 } else {
-                    None
+                    Some(SynTCPOutput {
+                        source: observable_signature.source.clone(),
+                        destination: observable_signature.destination.clone(),
+                        label: None,
+                        sig: observable_signature.signature,
+                    })
                 };
 
                 P0fOutput {
@@ -78,7 +84,12 @@ impl<'a> P0f<'a> {
                         sig: observable_signature.signature,
                     })
                 } else {
-                    None
+                    Some(SynAckTCPOutput {
+                        source: observable_signature.source.clone(),
+                        destination: observable_signature.destination.clone(),
+                        label: None,
+                        sig: observable_signature.signature,
+                    })
                 };
 
                 P0fOutput {

diff --git a/src/mtu.rs b/src/mtu.rs
@@ -9,28 +9,36 @@ fn from_client(tcp: &TcpPacket) -> bool {
 pub fn extract_from_ipv4(tcp: &TcpPacket, ipv4_header_len: u8, mss: u16) -> Option<u16> {
     if from_client(tcp) {
         let ip_header_len = (ipv4_header_len as u16) * 4; // convert to bytes
-        let tcp_header_len = (tcp.get_data_offset() as u16) * 4; // convert to bytes
-        let result = mss + ip_header_len + tcp_header_len;
+        let mut tcp_header_len = (tcp.get_data_offset() as u16) * 4; // convert to bytes
+        if tcp_header_len > 20 {
+            // If TCP header contains options
+            tcp_header_len -= 20;
+        }
+        let mtu = mss + ip_header_len + tcp_header_len;
         debug!(
             "MTU ipv4 {} - mss: {} - ip_header_len: {} - tcp_header_len: {}",
-            result, mss, ip_header_len, tcp_header_len
+            mtu, mss, ip_header_len, tcp_header_len
         );
-        Some(result)
+        Some(mtu)
     } else {
         None
     }
 }
 
 pub fn extract_from_ipv6(tcp: &TcpPacket, ipv6_header_len: u8, mss: u16) -> Option<u16> {
     if from_client(tcp) {
-        let ip_header_len = (ipv6_header_len as u16) * 4; // convert to bytes
-        let tcp_header_len = (tcp.get_data_offset() as u16) * 4; // convert to bytes
-        let result = mss + ip_header_len + tcp_header_len;
+        let ip_header_len = ipv6_header_len as u16; // ipv6_header_len is in bytes already
+        let mut tcp_header_len = (tcp.get_data_offset() as u16) * 4; // convert to bytes
+        if tcp_header_len > 20 {
+            // If TCP header contains options
+            tcp_header_len -= 20;
+        }
+        let mtu = mss + ip_header_len + tcp_header_len;
         debug!(
             "MTU ipv6 {} - mss: {} - ip_header_len: {} - tcp_header_len: {}",
-            result, mss, ip_header_len, tcp_header_len
+            mtu, mss, ip_header_len, tcp_header_len
         );
-        Some(result)
+        Some(mtu)
     } else {
         None
     }

diff --git a/src/p0f_output.rs b/src/p0f_output.rs
@@ -31,7 +31,7 @@ impl fmt::Display for SynTCPOutput {
             ".-[ {}/{} -> {}/{} (syn) ]-\n\
             |\n\
             | client   = {}/{}\n\
-            | os       = {}/{}\n\
+            | os       = {}\n\
             | dist     = {}\n\
             | params   = {}\n\
             | raw_sig  = {}\n\
@@ -42,17 +42,16 @@ impl fmt::Display for SynTCPOutput {
             self.destination.port,
             self.source.ip,
             self.source.port,
-            self.label.as_ref().map_or("Unknown", |l| &l.name),
-            self.label
-                .as_ref()
-                .map_or("Unknown", |l| l.flavor.as_deref().unwrap_or("Unknown")),
+            self.label.as_ref().map_or("???".to_string(), |l| {
+                format!("{}/{}", l.name, l.flavor.as_deref().unwrap_or("???"))
+            }),
             match self.sig.ittl {
                 Ttl::Distance(_, distance) => distance,
                 _ => "Unknown".parse().unwrap(),
             },
             self.label
                 .as_ref()
-                .map_or("Unknown".to_string(), |l| l.ty.to_string()),
+                .map_or("none".to_string(), |l| l.ty.to_string()),
             self.sig,
         )
     }
@@ -65,7 +64,7 @@ impl fmt::Display for SynAckTCPOutput {
             ".-[ {}/{} -> {}/{} (syn+ack) ]-\n\
             |\n\
             | server   = {}/{}\n\
-            | os       = {}/{}\n\
+            | os       = {}\n\
             | dist     = {}\n\
             | params   = {}\n\
             | raw_sig  = {}\n\
@@ -76,17 +75,16 @@ impl fmt::Display for SynAckTCPOutput {
             self.source.port,
             self.source.ip,
             self.source.port,
-            self.label.as_ref().map_or("Unknown", |l| &l.name),
-            self.label
-                .as_ref()
-                .map_or("Unknown", |l| l.flavor.as_deref().unwrap_or("Unknown")),
+            self.label.as_ref().map_or("???".to_string(), |l| {
+                format!("{}/{}", l.name, l.flavor.as_deref().unwrap_or("???"))
+            }),
             match self.sig.ittl {
                 Ttl::Distance(_, distance) => distance,
                 _ => "Unknown".parse().unwrap(),
             },
             self.label
                 .as_ref()
-                .map_or("Unknown".to_string(), |l| l.ty.to_string()),
+                .map_or("none".to_string(), |l| l.ty.to_string()),
             self.sig,
         )
     }

diff --git a/src/packet.rs b/src/packet.rs
@@ -263,8 +263,6 @@ fn visit_tcp(
     while let Some(opt) = TcpOptionPacket::new(buf) {
         buf = &buf[opt.packet_size().min(buf.len())..];
 
-        //println!("Buffer before parsing MSS: {:?}", buf);
-
         let data: &[u8] = opt.payload();
 
         match opt.get_number() {
@@ -281,7 +279,7 @@ fn visit_tcp(
             MSS => {
                 olayout.push(TcpOption::Mss);
                 if data.len() >= 2 {
-                    let mss_value: u16 = ((data[0] as u16) << 8) | (data[1] as u16);
+                    let mss_value: u16 = u16::from_be_bytes([data[0], data[1]]);
                     //quirks.push(Quirk::mss);
                     mss = Some(mss_value);
                 }