HuginnNet

huginn_net

Struct HuginnNet 

Source 
pub struct HuginnNet<'a> {
    pub tcp_matcher: Option<SignatureMatcher<'a>>,
    pub http_matcher: Option<SignatureMatcher<'a>>,
    /* private fields */
}
Expand description

A multi-protocol passive fingerprinting library inspired by p0f with JA4 TLS client fingerprinting.

The HuginnNet struct acts as the core component of the library, handling TCP, HTTP, and TLS packet analysis and matching signatures using a database of known fingerprints, plus JA4 TLS client analysis following the official FoxIO specification.

Fields§

§tcp_matcher: Option<SignatureMatcher<'a>>§http_matcher: Option<SignatureMatcher<'a>>

Implementations§

Source§

impl<'a> HuginnNet<'a>

Source

pub fn new( database: Option<&'a Database>, max_connections: usize, config: Option<AnalysisConfig>, ) -> Result<Self, HuginnNetError>

Creates a new instance of HuginnNet.

§Parameters
  • database: Optional reference to the database containing known TCP/Http signatures from p0f. Only loaded if matcher_enabled is true and HTTP or TCP analysis is enabled. Not needed for TLS-only analysis or when fingerprint matching is disabled.
  • max_connections: The maximum number of connections to maintain in the connection tracker and HTTP flows.
  • config: Optional configuration specifying which protocols to analyze. If None, uses default (all enabled). When matcher_enabled is false, the database won’t be loaded and no signature matching will be performed.
§Returns

A new HuginnNet instance initialized with the given database, max connections, and configuration.

§Errors

Returns HuginnNetError::MissConfiguration if matcher_enabled is true but no database is provided.

Source

pub fn analyze_network( &mut self, interface_name: &str, sender: Sender<FingerprintResult>, cancel_signal: Option<Arc<AtomicBool>>, ) -> Result<(), Box<dyn Error>>

Captures and analyzes packets on the specified network interface.

Sends FingerprintResult through the provided channel.

§Parameters
  • interface_name: The name of the network interface to analyze.
  • sender: A Sender to send FingerprintResult objects back to the caller.
  • cancel_signal: Optional Arc<AtomicBool> to signal graceful shutdown.
§Errors
  • If the network interface cannot be found or a channel cannot be created.
Source

pub fn analyze_pcap( &mut self, pcap_path: &str, sender: Sender<FingerprintResult>, cancel_signal: Option<Arc<AtomicBool>>, ) -> Result<(), Box<dyn Error>>

Analyzes packets from a PCAP file.

§Parameters
  • pcap_path: The path to the PCAP file to analyze.
  • sender: A Sender to send FingerprintResult objects back to the caller.
  • cancel_signal: Optional Arc<AtomicBool> to signal graceful shutdown.
§Errors
  • If the PCAP file cannot be opened or read.
Source

pub fn analyze_tcp(&mut self, packet: &[u8]) -> FingerprintResult

Analyzes a TCP packet and returns a FingerprintResult object.

§Parameters
  • packet: A reference to the TCP packet to analyze.
§Returns

A FingerprintResult object containing the analysis results.

Auto Trait Implementations§

§

impl<'a> Freeze for HuginnNet<'a>

§

impl<'a> !RefUnwindSafe for HuginnNet<'a>

§

impl<'a> !Send for HuginnNet<'a>

§

impl<'a> !Sync for HuginnNet<'a>

§

impl<'a> Unpin for HuginnNet<'a>

§

impl<'a> !UnwindSafe for HuginnNet<'a>

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more