capture flows do individual files

[mikewalshchicago]

This is a very nice, readable project. I'm just looking at rust for the first time, and this has been very helpful in understanding how a project should be structured.

I am trying to figure out how I could write packet data to a file based on attribute values in the header of the packets, e.g. dst_addr. I imagine this could be achived by passing the values from get_packet_meta function to a write function, although I can't figure out how to open/close a savefile. I have been able to create a file with the name of the first dst_addr received by imitating your save_to_file function, but it's a while loop so the file name is never re-evaluated. Is it possible to write to many savefiles with a single capture object?

If not, perhaps another possibility would be to start another capture object using the get_packet_meta as a filter, although with ignorance about how rust manages threads and memory I think this method could result in i/o or resource issues.

Interested in your thoughts

[kanishkarj]

Hi @mikewalshchicago, I am really sorry for the delayed response. I was caught up on some other stuff.

How I understand your query is that you would want to write packets to different files based on the fields of the packet?

One approach would be that in save_to_file, you could create files and store the file handles in a Map<IP_addr, fileHandle>. So if you receive a new destination IP addr, add a new entry to the map. If an entry for an IP already exists then use the existing file handle. This can be done inside the while loop as far as I know.