chore: V9/Ipfix cleanup (#97)

Co-authored-by: mikemiles-dev <michaelmileusnich@Michaels-MacBook-Air-2.local>

Author: mikemiles-dev

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "netflow_parser"
 description = "Parser for Netflow Cisco V5, V7, V9, IPFIX"
-version = "0.5.0"
+version = "0.5.1"
 edition = "2021"
 authors = ["michael.mileusnich@gmail.com"]
 license = "MIT OR Apache-2.0"

RELEASES.md

@@ -1,3 +1,6 @@
+# 0.5.1
+* V9, IPFix Code cleanup.
+
 # 0.5.0
 * Typos in documentation fixed.
 * Added cargo-fuzz for fuzzing.

SECURITY.md

@@ -4,6 +4,7 @@
 
 | Version | Supported          |
 |---------| ------------------ |
+| 0.5.1   | :white_check_mark: |
 | 0.5.0   | :white_check_mark: |
 | 0.4.9   | :white_check_mark: |
 | 0.4.8   | :white_check_mark: |

src/variable_versions/data_number.rs

@@ -117,15 +117,15 @@ fn parse_unknown_fields(
 impl DataNumber {
     /// Parse bytes into DataNumber Type
     pub fn parse(i: &[u8], field_length: u16, signed: bool) -> IResult<&[u8], DataNumber> {
-        match field_length {
-            1 if !signed => Ok(u8::parse(i)?).map(|(i, j)| (i, Self::U8(j))),
-            2 if !signed => Ok(u16::parse(i)?).map(|(i, j)| (i, Self::U16(j))),
-            3 if !signed => Ok(be_u24(i).map(|(i, j)| (i, Self::U24(j)))?),
-            3 if signed => Ok(be_i24(i).map(|(i, j)| (i, Self::I24(j)))?),
-            4 if signed => Ok(i32::parse(i)?).map(|(i, j)| (i, Self::I32(j))),
-            4 if !signed => Ok(u32::parse(i)?).map(|(i, j)| (i, Self::U32(j))),
-            8 if !signed => Ok(u64::parse(i)?).map(|(i, j)| (i, Self::U64(j))),
-            16 if !signed => Ok(u128::parse(i)?).map(|(i, j)| (i, Self::U128(j))),
+        match (field_length, signed) {
+            (1, false) => Ok(u8::parse(i)?).map(|(i, j)| (i, Self::U8(j))),
+            (2, false) => Ok(u16::parse(i)?).map(|(i, j)| (i, Self::U16(j))),
+            (3, false) => Ok(be_u24(i).map(|(i, j)| (i, Self::U24(j)))?),
+            (3, true) => Ok(be_i24(i).map(|(i, j)| (i, Self::I24(j)))?),
+            (4, true) => Ok(i32::parse(i)?).map(|(i, j)| (i, Self::I32(j))),
+            (4, false) => Ok(u32::parse(i)?).map(|(i, j)| (i, Self::U32(j))),
+            (8, false) => Ok(u64::parse(i)?).map(|(i, j)| (i, Self::U64(j))),
+            (16, false) => Ok(u128::parse(i)?).map(|(i, j)| (i, Self::U128(j))),
             _ => Err(NomErr::Error(NomError::new(i, ErrorKind::Fail))),
         }
     }

src/variable_versions/ipfix.rs

@@ -278,71 +278,66 @@ fn parse_fields<'a, T: CommonTemplate>(
     i: &'a [u8],
     template: Option<&T>,
 ) -> IResult<&'a [u8], Vec<BTreeMap<usize, IPFixFieldPair>>> {
-    fn parse_field<'a>(
-        i: &'a [u8],
-        template_field: &TemplateField,
-    ) -> IResult<&'a [u8], FieldValue> {
-        // Enterprise Number
-        if template_field.enterprise_number.is_some() {
-            let (remaining, data_number) = DataNumber::parse(i, 4, false)?;
-            Ok((remaining, FieldValue::DataNumber(data_number)))
-        // Type matching
-        } else {
-            Ok(DataNumber::from_field_type(
-                i,
-                template_field.field_type.into(),
-                template_field.field_length,
-            ))?
-        }
-    }
-
     // If no fields there are no fields to parse, return an error.
     let template_fields = template
-        .ok_or(NomErr::Error(NomError::new(i, ErrorKind::Fail)))?
+        .filter(|t| !t.get_fields().is_empty())
+        .ok_or_else(|| NomErr::Error(NomError::new(i, ErrorKind::Fail)))?
         .get_fields();
 
-    if template_fields.is_empty() {
-        // dbg!("Template without fields!");
-        return Err(NomErr::Error(NomError::new(i, ErrorKind::Fail)));
-    };
-
-    let mut fields = vec![];
-    let mut remaining = i;
-
     let total_size = template_fields
         .iter()
         .map(|m| m.field_length as usize)
         .sum::<usize>();
 
     if total_size == 0 {
-        return Ok((&[], fields));
+        return Ok((&[], vec![]));
     }
-    let count: usize = i.len() / total_size;
 
-    let mut error = false;
+    let record_count: usize = i.len() / total_size;
+    let mut fields = vec![];
+    let mut remaining = i;
 
     // Iter through template fields and push them to a vec.  If we encouter any zero length fields we return an error.
-    for _ in 0..count {
+    for _ in 0..record_count {
         let mut data_field = BTreeMap::new();
         for (c, template_field) in template_fields.iter().enumerate() {
             let (i, field_value) = parse_field(remaining, template_field)?;
             if i.len() == remaining.len() {
-                error = true;
-                break;
+                return Err(NomErr::Error(NomError::new(remaining, ErrorKind::Fail)));
             }
             remaining = i;
             data_field.insert(c, (template_field.field_type, field_value));
         }
         fields.push(data_field);
     }
 
-    if error {
-        Err(NomErr::Error(NomError::new(remaining, ErrorKind::Fail)))
+    Ok((&[], fields))
+}
+
+fn parse_field<'a>(
+    i: &'a [u8],
+    template_field: &TemplateField,
+) -> IResult<&'a [u8], FieldValue> {
+    let has_enterprise_number = template_field.enterprise_number.is_some();
+
+    if has_enterprise_number {
+        // Simplified parsing when `enterprise_number` is present
+        parse_enterprise_field(i)
     } else {
-        Ok((&[], fields))
+        // Parse field based on its type and length
+        DataNumber::from_field_type(
+            i,
+            template_field.field_type.into(),
+            template_field.field_length,
+        )
     }
 }
 
+fn parse_enterprise_field(i: &[u8]) -> IResult<&[u8], FieldValue> {
+    let (remaining, data_number) = DataNumber::parse(i, 4, false)?;
+    Ok((remaining, FieldValue::DataNumber(data_number)))
+}
+
 impl IPFix {
     /// Convert the IPFix to a `Vec<u8>` of bytes in big-endian order for exporting
     pub fn to_be_bytes(&self) -> Vec<u8> {

src/variable_versions/v9.rs

@@ -362,48 +362,53 @@ fn parse_options_template_vec(i: &[u8]) -> IResult<&[u8], Vec<OptionsTemplate>>
 }
 
 fn parse_fields<'a>(
-    i: &'a [u8],
+    input: &'a [u8],
     template: Option<&Template>,
 ) -> IResult<&'a [u8], Vec<BTreeMap<usize, V9FieldPair>>> {
-    let template = match template {
-        Some(t) => t,
-        None => {
-            // dbg!("Could not fetch any v9 templates!");
-            return Err(NomErr::Error(NomError::new(i, ErrorKind::Fail)));
-        }
-    };
+    let template = template
+        .filter(|t| !t.fields.is_empty() && t.get_total_size() > 0)
+        .ok_or_else(|| NomErr::Error(NomError::new(input, ErrorKind::Fail)))?;
 
     let mut fields = vec![];
-    // If no fields there are no fields to parse
-    if template.fields.is_empty() {
-        // dbg!("Template without fields!");
-        return Err(NomErr::Error(NomError::new(i, ErrorKind::Fail)));
-    };
-    let mut remaining = i;
-
-    if template.get_total_size() == 0 {
-        return Ok((&[], fields));
-    }
+    let mut remaining = input;
+    let record_count = input.len() as u16 / template.get_total_size();
 
-    let count = i.len() as u16 / template.get_total_size();
-
-    for _ in 0..count {
-        let mut data_field = BTreeMap::new();
-        for (c, template_field) in template.fields.iter().enumerate() {
-            let field_type: FieldDataType = template_field.field_type.into();
-            let (i, field_value) = DataNumber::from_field_type(
-                remaining,
-                field_type,
-                template_field.field_length,
-            )?;
-            remaining = i;
-            data_field.insert(c, (template_field.field_type, field_value));
-        }
+    for _ in 0..record_count {
+        // Fields
+        let (new_remaining, data_field) = parse_data_field(remaining, template)?;
+        remaining = new_remaining;
         fields.push(data_field);
     }
+
     Ok((remaining, fields))
 }
 
+fn parse_data_field<'a>(
+    mut input: &'a [u8],
+    template: &Template,
+) -> IResult<&'a [u8], BTreeMap<usize, V9FieldPair>> {
+    let mut data_field = BTreeMap::new();
+
+    for (field_index, template_field) in template.fields.iter().enumerate() {
+        let (new_input, field_value) = parse_field(input, template_field)?;
+        input = new_input;
+        data_field.insert(field_index, (template_field.field_type, field_value));
+    }
+
+    Ok((input, data_field))
+}
+
+fn parse_field<'a>(
+    input: &'a [u8],
+    template_field: &TemplateField,
+) -> IResult<&'a [u8], FieldValue> {
+    DataNumber::from_field_type(
+        input,
+        template_field.field_type.into(),
+        template_field.field_length,
+    )
+}
+
 fn parse_options_data_fields(
     i: &[u8],
     flowset_id: u16,