From 5ae186bc73910fc84164f61a920dab37e7972e9f Mon Sep 17 00:00:00 2001 From: oopsbagel Date: Sun, 16 Mar 2025 01:13:03 -0700 Subject: [PATCH] feat(pcap): add rayhunter name and version to metadata Add the compile-time name and version to the pcap's Section Header Block as the shb_userappl option, the canonical place for storing the name of the application used to create the pcap.[0] [0] https://ietf-opsawg-wg.github.io/draft-ietf-opsawg-pcap/draft-ietf-opsawg-pcapng.html#section-4.1-10 --- lib/src/pcap.rs | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/src/pcap.rs b/lib/src/pcap.rs index f86355b..c776650 100644 --- a/lib/src/pcap.rs +++ b/lib/src/pcap.rs @@ -9,8 +9,9 @@ use chrono::prelude::*; use deku::prelude::*; use pcap_file_tokio::pcapng::blocks::enhanced_packet::EnhancedPacketBlock; use pcap_file_tokio::pcapng::blocks::interface_description::InterfaceDescriptionBlock; +use pcap_file_tokio::pcapng::blocks::section_header::{SectionHeaderBlock, SectionHeaderOption}; use pcap_file_tokio::pcapng::PcapNgWriter; -use pcap_file_tokio::PcapError; +use pcap_file_tokio::{Endianness, PcapError}; use thiserror::Error; #[derive(Error, Debug)] @@ -60,7 +61,17 @@ struct UdpHeader { impl GsmtapPcapWriter where T: AsyncWrite + Unpin + Send { pub async fn new(writer: T) -> Result { - let writer = PcapNgWriter::new(writer).await?; + let package = concat!(env!("CARGO_PKG_NAME"), " ", env!("CARGO_PKG_VERSION")); + let application = SectionHeaderOption::UserApplication(Cow::from(package)); + let section = SectionHeaderBlock { + endianness: Endianness::Big, + major_version: 1, + minor_version: 0, + section_length: -1, + options: vec![application], + }; + let writer = PcapNgWriter::with_section_header(writer, section).await?; + Ok(GsmtapPcapWriter { writer, ip_id: 0 }) }