feat(pcap): add rayhunter name and version to metadata

Add the compile-time name and version to the pcap's Section Header Block as the shb_userappl option, the canonical place for storing the name of the application used to create the pcap.[0] [0] https://ietf-opsawg-wg.github.io/draft-ietf-opsawg-pcap/draft-ietf-opsawg-pcapng.html#section-4.1-10
2026-04-26 15:39:59 -07:00 · 2025-03-16 01:13:03 -07:00
parent c765a40426
commit 5ae186bc73
1 changed files with 13 additions and 2 deletions
--- a/lib/src/pcap.rs
+++ b/lib/src/pcap.rs
@@ -9,8 +9,9 @@ use chrono::prelude::*;
 use deku::prelude::*;
 use pcap_file_tokio::pcapng::blocks::enhanced_packet::EnhancedPacketBlock;
 use pcap_file_tokio::pcapng::blocks::interface_description::InterfaceDescriptionBlock;
+use pcap_file_tokio::pcapng::blocks::section_header::{SectionHeaderBlock, SectionHeaderOption};
 use pcap_file_tokio::pcapng::PcapNgWriter;
-use pcap_file_tokio::PcapError;
+use pcap_file_tokio::{Endianness, PcapError};
 use thiserror::Error;

 #[derive(Error, Debug)]
@@ -60,7 +61,17 @@ struct UdpHeader {

 impl<T> GsmtapPcapWriter<T> where T: AsyncWrite + Unpin + Send {
    pub async fn new(writer: T) -> Result<Self, GsmtapPcapError> {
-        let writer = PcapNgWriter::new(writer).await?;
+        let package = concat!(env!("CARGO_PKG_NAME"), " ", env!("CARGO_PKG_VERSION"));
+        let application = SectionHeaderOption::UserApplication(Cow::from(package));
+        let section = SectionHeaderBlock {
+            endianness: Endianness::Big,
+            major_version: 1,
+            minor_version: 0,
+            section_length: -1,
+            options: vec![application],
+        };
+        let writer = PcapNgWriter::with_section_header(writer, section).await?;
+
        Ok(GsmtapPcapWriter { writer, ip_id: 0 })
    }