diff --git a/lib/src/analysis/analyzer.rs b/lib/src/analysis/analyzer.rs index dce4d04..f362cac 100644 --- a/lib/src/analysis/analyzer.rs +++ b/lib/src/analysis/analyzer.rs @@ -353,6 +353,8 @@ impl Harness { } pub fn analyze_pcap_packet(&mut self, packet: EnhancedPacketBlock) -> AnalysisRow { + self.packet_num += 1; + let epoch = DateTime::parse_from_rfc3339("1980-01-06T00:00:00-00:00").unwrap(); let mut row = AnalysisRow { packet_timestamp: Some(epoch + packet.timestamp), @@ -389,6 +391,8 @@ impl Harness { pub fn analyze_qmdl_messages(&mut self, container: MessagesContainer) -> Vec { let mut rows = Vec::new(); for maybe_qmdl_message in container.into_messages() { + self.packet_num += 1; + rows.push(AnalysisRow { packet_timestamp: None, skipped_message_reason: None, @@ -431,11 +435,16 @@ impl Harness { } pub fn analyze_information_element(&mut self, ie: &InformationElement) -> Vec> { - self.packet_num += 1; - + let packet_str = format!(" (packet {})", self.packet_num); self.analyzers .iter_mut() - .map(|analyzer| analyzer.analyze_information_element(ie, self.packet_num)) + .map(|analyzer| { + let mut maybe_event = analyzer.analyze_information_element(ie, self.packet_num); + if let Some(ref mut event) = maybe_event { + event.message.push_str(&packet_str); + } + maybe_event + }) .collect() } diff --git a/lib/src/analysis/connection_redirect_downgrade.rs b/lib/src/analysis/connection_redirect_downgrade.rs index 256495d..773171c 100644 --- a/lib/src/analysis/connection_redirect_downgrade.rs +++ b/lib/src/analysis/connection_redirect_downgrade.rs @@ -28,7 +28,7 @@ impl Analyzer for ConnectionRedirect2GDowngradeAnalyzer { fn analyze_information_element( &mut self, ie: &InformationElement, - packet_num: usize, + _packet_num: usize, ) -> Option { if let InformationElement::LTE(lte_ie) = ie && let LteInformationElement::DlDcch(msg_cont) = &**lte_ie @@ -41,7 +41,7 @@ impl Analyzer for ConnectionRedirect2GDowngradeAnalyzer { match carrier_info { RedirectedCarrierInfo::Geran(_carrier_freqs_geran) => Some(Event { event_type: EventType::High, - message: format!("Detected 2G downgrade (packet {})", packet_num), + message: "Detected 2G downgrade".to_owned(), }), _ => Some(Event { event_type: EventType::Informational, diff --git a/lib/src/analysis/imsi_requested.rs b/lib/src/analysis/imsi_requested.rs index 58f9c44..0b98841 100644 --- a/lib/src/analysis/imsi_requested.rs +++ b/lib/src/analysis/imsi_requested.rs @@ -58,10 +58,7 @@ impl ImsiRequestedAnalyzer { (State::AuthAccept, State::IdentityRequest) => { self.flag = Some(Event { event_type: EventType::High, - message: format!( - "Identity requested after auth request (frame {})", - packet_num - ), + message: "Identity requested after auth request".to_string(), }); } @@ -69,10 +66,7 @@ impl ImsiRequestedAnalyzer { (State::Disconnect, State::IdentityRequest) => { self.flag = Some(Event { event_type: EventType::High, - message: format!( - "Identity requested without Attach Request (frame {})", - packet_num - ), + message: "Identity requested without Attach Request".to_string(), }); } @@ -80,10 +74,7 @@ impl ImsiRequestedAnalyzer { (State::IdentityRequest, State::Disconnect) => { self.flag = Some(Event { event_type: EventType::High, - message: format!( - "Disconnected after Identity Request without Auth Accept (frame {})", - packet_num - ), + message: "Disconnected after Identity Request without Auth Accept".to_string(), }); } @@ -91,11 +82,7 @@ impl ImsiRequestedAnalyzer { (_, State::IdentityRequest) => { self.flag = Some(Event { event_type: EventType::Informational, - message: format!( - "Identity Request happened but its not suspicious yet. (frame {})", - packet_num - ) - .to_string(), + message: "Identity Request happened but its not suspicious yet.".to_string(), }); self.timeout_counter = 0; } @@ -187,11 +174,7 @@ impl Analyzer for ImsiRequestedAnalyzer { if self.timeout_counter >= TIMEOUT_THRESHHOLD { self.flag = Some(Event { event_type: EventType::Informational {}, - message: format!( - "Identity request happened without auth request followup (frame {})", - packet_num - ) - .to_string(), + message: "Identity request happened without auth request followup".to_string(), }); self.timeout_counter = 0; } diff --git a/lib/src/analysis/incomplete_sib.rs b/lib/src/analysis/incomplete_sib.rs index 5e2aace..e924bdf 100644 --- a/lib/src/analysis/incomplete_sib.rs +++ b/lib/src/analysis/incomplete_sib.rs @@ -23,7 +23,7 @@ impl Analyzer for IncompleteSibAnalyzer { fn analyze_information_element( &mut self, ie: &InformationElement, - packet_num: usize, + _packet_num: usize, ) -> Option { if let InformationElement::LTE(lte_ie) = ie && let LteInformationElement::BcchDlSch(sch_msg) = &**lte_ie @@ -33,10 +33,7 @@ impl Analyzer for IncompleteSibAnalyzer { { return Some(Event { event_type: EventType::Medium, - message: format!( - "SIB1 scheduling info list was malformed (packet {})", - packet_num - ), + message: "SIB1 scheduling info list was malformed".to_string(), }); } None diff --git a/lib/src/analysis/nas_null_cipher.rs b/lib/src/analysis/nas_null_cipher.rs index af67cdd..bfdd5e1 100644 --- a/lib/src/analysis/nas_null_cipher.rs +++ b/lib/src/analysis/nas_null_cipher.rs @@ -27,7 +27,7 @@ impl Analyzer for NasNullCipherAnalyzer { fn analyze_information_element( &mut self, ie: &InformationElement, - packet_num: usize, + _packet_num: usize, ) -> Option { let payload = match ie { InformationElement::LTE(inner) => match &**inner { @@ -42,10 +42,7 @@ impl Analyzer for NasNullCipherAnalyzer { { return Some(Event { event_type: EventType::High, - message: format!( - "NAS Security mode command requested null cipher(packet {})", - packet_num - ), + message: "NAS Security mode command requested null cipher".to_string(), }); } None diff --git a/lib/src/analysis/null_cipher.rs b/lib/src/analysis/null_cipher.rs index 49e8bfd..5ca0b0c 100644 --- a/lib/src/analysis/null_cipher.rs +++ b/lib/src/analysis/null_cipher.rs @@ -134,7 +134,7 @@ impl Analyzer for NullCipherAnalyzer { fn analyze_information_element( &mut self, ie: &InformationElement, - packet_num: usize, + _packet_num: usize, ) -> Option { let dcch_msg = match ie { InformationElement::LTE(lte_ie) => match &**lte_ie { @@ -158,7 +158,7 @@ impl Analyzer for NullCipherAnalyzer { if null_cipher_detected { return Some(Event { event_type: EventType::High, - message: format!("Cell suggested use of null cipher (packet {})", packet_num), + message: "Cell suggested use of null cipher".to_string(), }); } None diff --git a/lib/src/analysis/priority_2g_downgrade.rs b/lib/src/analysis/priority_2g_downgrade.rs index fbad9f8..e5585ff 100644 --- a/lib/src/analysis/priority_2g_downgrade.rs +++ b/lib/src/analysis/priority_2g_downgrade.rs @@ -49,7 +49,7 @@ impl Analyzer for LteSib6And7DowngradeAnalyzer { fn analyze_information_element( &mut self, ie: &InformationElement, - packet_num: usize, + _packet_num: usize, ) -> Option { let sibs = &self.unpack_system_information(ie)?.0; for sib in sibs { @@ -63,10 +63,9 @@ impl Analyzer for LteSib6And7DowngradeAnalyzer { { return Some(Event { event_type: EventType::High, - message: format!( - "LTE cell advertised a 3G cell for priority 0 reselection (packet {})", - packet_num - ), + message: + "LTE cell advertised a 3G cell for priority 0 reselection" + .to_string(), }); } } @@ -79,10 +78,9 @@ impl Analyzer for LteSib6And7DowngradeAnalyzer { { return Some(Event { event_type: EventType::High, - message: format!( - "LTE cell advertised a 3G cell for priority 0 reselection (packet {})", - packet_num - ), + message: + "LTE cell advertised a 3G cell for priority 0 reselection" + .to_string(), }); } } diff --git a/lib/src/analysis/test_analyzer.rs b/lib/src/analysis/test_analyzer.rs index 1531be7..e2efd98 100644 --- a/lib/src/analysis/test_analyzer.rs +++ b/lib/src/analysis/test_analyzer.rs @@ -26,7 +26,7 @@ impl Analyzer for TestAnalyzer { fn analyze_information_element( &mut self, ie: &InformationElement, - packet_num: usize, + _packet_num: usize, ) -> Option { if let InformationElement::LTE(lte_ie) = ie && let LteInformationElement::BcchDlSch(sch_msg) = &**lte_ie @@ -53,8 +53,8 @@ impl Analyzer for TestAnalyzer { return Some(Event { event_type: EventType::Low, message: format!( - "SIB1 received (packet {}) CID: {}, PLMN: {}-{}", - packet_num, cid, mcc_string, mnc_string + "SIB1 received CID: {}, PLMN: {}-{}", + cid, mcc_string, mnc_string ), }); }