Skip to main content

stackforge_core/anonymize/
mod.rs

1//! ML-optimized network flow anonymization.
2//!
3//! This module provides an inline anonymization pipeline for the Stackforge
4//! flow extraction engine, enabling privacy-preserving machine learning on
5//! network traffic data.
6//!
7//! # Architecture
8//!
9//! Anonymization is applied **at flow output** — the flow tracking engine
10//! uses real identifiers internally for correctness, and the
11//! [`AnonymizationEngine`] transforms the exported [`ConversationState`]
12//! structs before they reach the user.
13//!
14//! # Cryptographic primitives
15//!
16//! | Field category    | Algorithm                  | ML impact                           |
17//! |-------------------|----------------------------|-------------------------------------|
18//! | IPv4/IPv6         | Crypto-PAn (AES-128)       | Subnet topology preserved           |
19//! | MAC addresses     | Salted SipHash (48-bit)    | Device tracking preserved           |
20//! | Transport ports   | Category generalization    | Service identification preserved    |
21//! | Timestamps        | Epoch shift ± bounded jitter | Ordering & durations preserved   |
22//! | TCP seq/ack       | Per-flow random offset     | Retransmission detection preserved  |
23//! | Payloads          | Truncation                 | Removes PII from reassembled data   |
24//!
25//! # Example
26//!
27//! ```rust,no_run
28//! use stackforge_core::anonymize::{AnonymizationEngine, AnonymizationPolicy};
29//! use stackforge_core::flow::{extract_flows_with_config, FlowConfig};
30//! use stackforge_core::pcap::rdpcap;
31//!
32//! let packets = rdpcap("capture.pcap").unwrap();
33//! let mut conversations = extract_flows_with_config(&packets, FlowConfig::default()).unwrap();
34//!
35//! let mut engine = AnonymizationEngine::new(AnonymizationPolicy::ml_optimized());
36//! engine.anonymize_conversations(&mut conversations);
37//!
38//! for conv in &conversations {
39//!     // IPs are now prefix-preserving pseudonyms
40//!     println!("{} -> {}", conv.key.addr_a, conv.key.addr_b);
41//! }
42//! ```
43
44pub mod crypto_pan;
45pub mod engine;
46pub mod hash;
47pub mod policy;
48pub mod port;
49pub mod timestamp;
50
51// Re-exports for convenience
52pub use engine::AnonymizationEngine;
53pub use hash::SaltedHasher;
54pub use policy::{
55    AnonymizationPolicy, IpAnonymizationMode, MacAnonymizationMode, PayloadAnonymizationMode,
56    PortAnonymizationMode, TcpSeqAnonymizationMode, TimestampAnonymizationMode,
57};
58pub use port::{PortCategory, categorize_port, generalize_port};