1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
#![allow(clippy::needless_doctest_main)]
// #![warn(missing_docs)]
//! An ergonomic framework for high speed network traffic analysis on commodity hardware.
//!
//! Retina provides a simple filter and callback interface that lets users subscribe to network
//! traffic in real-time and run user-defined analysis code in a standard software environment. It
//! is a passive analysis framework that supports access to network traffic at one of three
//! abstraction levels:
//!
//! - Individual packets
//! - Reassembled connections
//! - Parsed application-layer sessions
//!
//! Retina is designed with a focus on performance in real-world, high-volume network environments
//! (e.g., full-network or full-uplink analysis). It employs an efficient filtering mechanism to
//! discard out-of-scope traffic, and is not specifically geared towards deep inspection of all
//! packets (although it can be customized to do so). See [retina_filtergen](../retina_filtergen)
//! for filter syntax and usage.
//!
//! The framework currently comes with built-in support for several [subscribable
//! types](crate::subscription). Additional modules are welcome and encouraged.
//!
//! The following example shows a simple Retina application that prints parsed TLS handshakes to
//! stdout:
//!
//! ```rust
//! use retina_core::config::default_config;
//! use retina_core::subscription::TlsHandshake;
//! use retina_core::Runtime;
//! use retina_filtergen::filter;
//!
//! #[filter("tls.sni ~ '^.*\\.com$'")]
//! fn main() {
//! let cfg = default_config();
//! let callback = |tls: TlsHandshake| {
//! println!("{:?}", tls);
//! };
//! let mut runtime = Runtime::new(cfg, filter, callback).unwrap();
//! runtime.run();
//! }
//! ```
//!
#[macro_use]
mod timing;
pub mod config;
mod conntrack;
#[doc(hidden)]
#[allow(clippy::all)]
mod dpdk;
// The filter module must be public to be accessible by the filter_gen procedural macro crate.
// However, module functions should be opaque to users, so documentation is hidden by default.
#[doc(hidden)]
pub mod filter;
mod lcore;
mod memory;
mod port;
pub mod protocols;
mod runtime;
pub mod subscription;
pub mod utils;
pub use self::conntrack::conn_id::{ConnId, FiveTuple};
pub use self::memory::mbuf::Mbuf;
pub use self::runtime::Runtime;
pub use dpdk::rte_lcore_id;
pub use dpdk::rte_rdtsc;
#[macro_use]
extern crate pest_derive;
#[macro_use]
extern crate lazy_static;
#[macro_use]
extern crate maplit;