Expand description
Stateful conversation extraction and flow tracking.
This module provides Wireshark-inspired bidirectional conversation tracking with TCP state machine analysis, stream reassembly, and UDP timeout-based pseudo-conversation tracking.
§Architecture
- Canonical Key: Bidirectional 5-tuple with deterministic IP/port ordering
- Conversation Table: DashMap-backed concurrent hash table
- TCP State Machine: RFC 793 connection states with per-endpoint sequence tracking
- TCP Reassembly: BTreeMap-based out-of-order segment management
- UDP Tracking: Timeout-based pseudo-conversations
§Usage
use stackforge_core::flow::{extract_flows, FlowConfig};
use stackforge_core::pcap::rdpcap;
let packets = rdpcap("capture.pcap").unwrap();
let conversations = extract_flows(&packets).unwrap();
for conv in &conversations {
println!("{}: {} packets", conv.key, conv.total_packets());
}Re-exports§
pub use config::FlowConfig;pub use error::FlowError;pub use icmp_state::IcmpFlowState;pub use key::CanonicalKey;pub use key::FlowDirection;pub use key::TransportProtocol;pub use key::ZWaveKey;pub use key::extract_key;pub use key::extract_zwave_key;pub use state::ConversationState;pub use state::ConversationStatus;pub use state::DirectionStats;pub use state::ProtocolState;pub use state::ZWaveFlowState;pub use table::ConversationTable;pub use tcp_reassembly::ReassemblyAction;pub use tcp_reassembly::TcpReassembler;pub use tcp_state::TcpConnectionState;pub use tcp_state::TcpConversationState;pub use tcp_state::TcpEndpointState;pub use udp_state::UdpFlowState;
Modules§
Functions§
- extract_
flows - Extract bidirectional conversations from a list of captured packets.
- extract_
flows_ with_ config - Extract flows with custom configuration.
- extract_
zwave_ flows - Extract Z-Wave conversations from a list of captured packets.