huginn_net_db/
observable_signals.rs

1use crate::db::HttpIndexKey;
2use crate::db_matching_trait::ObservedFingerprint;
3use crate::http::{Header, Version};
4use crate::tcp::{IpVersion, PayloadSize, Quirk, TcpOption, Ttl, WindowSize};
5
6/// Represents observed TCP characteristics from network traffic.
7#[derive(Clone, Debug, PartialEq)]
8pub struct TcpObservation {
9    /// IP version
10    pub version: IpVersion,
11    /// initial TTL used by the OS.
12    pub ittl: Ttl,
13    /// length of IPv4 options or IPv6 extension headers.
14    pub olen: u8,
15    /// maximum segment size, if specified in TCP options.
16    pub mss: Option<u16>,
17    /// window size.
18    pub wsize: WindowSize,
19    /// window scaling factor, if specified in TCP options.
20    pub wscale: Option<u8>,
21    /// layout and ordering of TCP options, if any.
22    pub olayout: Vec<TcpOption>,
23    /// properties and quirks observed in IP or TCP headers.
24    pub quirks: Vec<Quirk>,
25    /// payload size classification
26    pub pclass: PayloadSize,
27}
28
29/// Represents observed HTTP request characteristics from network traffic.
30#[derive(Clone, Debug, PartialEq)]
31pub struct HttpRequestObservation {
32    /// HTTP version
33    pub version: Version,
34    /// ordered list of headers that should appear in matching traffic (p0f style).
35    pub horder: Vec<Header>,
36    /// list of headers that must *not* appear in matching traffic (p0f style).
37    pub habsent: Vec<Header>,
38    /// expected substring in 'User-Agent' or 'Server'.
39    pub expsw: String,
40}
41
42/// Represents observed HTTP response characteristics from network traffic.
43#[derive(Clone, Debug, PartialEq)]
44pub struct HttpResponseObservation {
45    /// HTTP version
46    pub version: Version,
47    /// ordered list of headers that should appear in matching traffic (p0f style).
48    pub horder: Vec<Header>,
49    /// list of headers that must *not* appear in matching traffic (p0f style).
50    pub habsent: Vec<Header>,
51    /// expected substring in 'User-Agent' or 'Server'.
52    pub expsw: String,
53}
54
55// ==============================
56// ObservedFingerprint - HTTP
57// ==============================
58impl ObservedFingerprint for HttpRequestObservation {
59    type Key = HttpIndexKey;
60
61    fn generate_index_key(&self) -> Self::Key {
62        HttpIndexKey {
63            http_version_key: self.version,
64        }
65    }
66}
67
68impl ObservedFingerprint for HttpResponseObservation {
69    type Key = HttpIndexKey;
70
71    fn generate_index_key(&self) -> Self::Key {
72        HttpIndexKey {
73            http_version_key: self.version,
74        }
75    }
76}