Crate t2plugin

This crate allows to easily develop Rust plugins for Tranalyzer2, a network traffic analysis tool.

An example Rust plugin for Tranalyzer2 using this crate can be found here: https://github.com/Tranalyzer/rustExample

Create a new plugin

1. Download and install Tranalyzer2.

2. Clone the Tranalyzer2 Rust plugin template and rename it.

   cd $T2HOME/plugins
   git clone https://github.com/Tranalyzer/rustTemplate.git myPluginName
   cd myPluginName
   ./autogen.sh --rename
   

3. Optional: change the PLUGINORDER at the top of autogen.sh.

4. Fill the different methods of the T2Plugin trait implementation in src/lib.rs.

Modules

flow	Contains the definition of a Flow.
nethdr	Contains the definition of the different protocol headers (IP, TCP, UDP, ...).
packet	Contains the definition of a Packet.
slread	Contains the SliceReader which allows to easily read integers and strings from a byte slice.

Macros

t2plugin

This macro transforms a struct implementing the T2Plugin trait into a plugin which can be loaded by Tranalyzer2.

Structs

Header

This structure represents the output header of this plugin.

Enums

BinaryType	Types of values which can be outputted in Tranalyzer2 flow files.
BinaryValue	Rust opaque representation of binary_value_t struct from Tranalyzer2
OutputBuffer	Rust opaque representation of outputBuffer_t struct from Tranalyzer2

Constants

DUPIPID
FDLSIDX
FLWTMOUT
FL_ALARM
FS_IPV4_PKT
FS_IPV6_PKT
FS_VLAN0
HASHTABLE_ENTRY_NOT_FOUND	flow_index value representing a non-existing Flow.
HDOVRN
IPV4_FRAG
IPV4_FRAG_ERR
IPV4_FRAG_HDSEQ_ERR
IPV4_FRAG_PENDING
L2SNAPLENGTH
L2_ARP
L2_ERSPAN
L2_FLOW
L2_GRE
L2_IPV4
L2_IPV6
L2_L2TP
L2_LLDP
L2_MPLS
L2_MPLS_MCAST
L2_MPLS_UCAST
L2_NO_ETH
L2_PPP
L2_PPPOE_D
L2_PPPOE_S
L2_RARP
L2_VLAN
L2_WCCP
L3FLOWINVERT
L3HDRSHRTLEN
L3SNAPLENGTH
L3_AYIYA
L3_CAPWAP
L3_ETHIPF
L3_GENEVE
L3_GTP
L3_IPIP
L3_IPSEC_AH
L3_IPSEC_ESP
L3_IPVX
L3_TRDO
L3_VXLAN
L4HDRSHRTLEN
L4_SCTP
L4_UPNP
L7_SIPRTP
LANDATTACK
PCAPSNPD
PPP_NRHD
RMFLOW
RMFLOW_HFULL
SNAPLENGTH
STPDSCT
SUBN_FLW_TST
TIMEJUMP
TORADD
__RESERVED__

Traits

T2Plugin

Trait to tranform a per flow struct into a Tranalyzer2 plugin.

Functions

getflow	Returns the Flow structure of the flow with flow_index=index.
hashchaintable_size	Returns the number of flows that Tranalyzer2 can store in its internal hashtable.
output_bytes	Appends bytes to Tranalyzer2 output buffer.
output_ip	Appends an IP address to Tranalyzer2 output buffer.
output_num	Appends a number (integer or float) to Tranalyzer2 output buffer.
output_nums	Appends a list of numbers (integers or floats) to Tranalyzer2 output buffer.
output_string	Appends a string to Tranalyzer2 output buffer.
output_strings	Appends a list of strings to Tranalyzer2 output buffer.

Type Definitions

c_ulong

unsigned long in C: u32 on 32-bit systems and u64 on 64-bit systems.