Skip to content

Probe

Probes are located in /src/probes/name{,.rs}.

An example probe could look like this:

dummy.rs
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
use async_trait::async_trait;
use pnet_base::MacAddr;
use pnet_packet::ethernet::EthernetPacket;

use super::{EventType, ProbeTrait};

pub(crate) struct DummyProbe;

#[async_trait]
impl ProbeTrait for DummyProbe {
  fn get_name(&self) -> &'static str {
    "dummy"
  }

  async fn handle_packet(
    &self,
    source_addr: &MacAddr,
    packet: &EthernetPacket,
    events: &mut Vec<EventType>,
  ) -> anyhow::Result<()> {

    // TODO: insert bussnes logic

    Ok(())
  }
}
What Description
struct DummyProbe ... represents the struct of a probe and is initationed once at runtime. It thereby can hold state (e.g. packet counters).
fn handle_packet(...) ... get called one for every packet the kernel passed to IXpect. Keep in mind only packets matching the BPF expression will be passed to IXpect.
source_addr: &MacAddr ... represents the mac addrede from which the packet was revieced.
packet: &EthernetPacket ... contains the byte representation of the ethernet packet. Source-, destination MAC-address and ethernet type are already parsed into Rust types. See upstream documentation. Based on the ethernet type upper-layer packets can be parsed. See upstream documentation for a list on pre existing structs.
events: &mut Vec<EventType> ... is used to trigger events. A new EventType should likely be created. Just push and instance of an EventType into the vector.