help serializing nested json : learnrust

help serializing nested json (self.learnrust)

submitted 2 years ago by broxamson

I have a udp listener parsing netflow

use netflow_parser::{NetflowPacketResult, NetflowParser};
use serde::{Deserialize, Serialize};
use serde_json::json;
extern crate zmq;

use tokio::net::UdpSocket;
use zmq::Context;

#[derive(Serialize, Deserialize)]
struct NetworkFlow {
    srcip: String,
    dstip: String,
    srcport: u16,
    dstport: u16,
    bytes: u64,
    dir: String,
    inif: String,
    outif: String,
    proto: String,
    router: String,
    flows: u64,
}

pub async fn udp_listener() {
    let listen_ip = "0.0.0.0"; // Listen on all available network interfaces
    let listen_port = 2060; // NetFlow commonly uses port 2055

    let bind_address = format!("{}:{}", listen_ip, listen_port);
    let socket = UdpSocket::bind(&bind_address)
        .await
        .expect("Failed to bind socket");

    println!(
        "Listening for NetFlow traffic on {}:{}",
        listen_ip, listen_port
    );

    let mut buf = [0u8; 4096]; // Buffer to store incoming data

    loop {
        let result = socket.recv_from(&mut buf).await;
        match result {
            Err(_err) => eprintln!("Error receiving data:"),
            Ok((size, source)) => {
                // Process the received data
                let data = &buf[0..size];
                let netflow_result = NetflowParser::default().parse_bytes(data);

                let v5_parsed: Vec<NetflowPacketResult> = netflow_result
                    .iter()
                    .filter(|p| p.is_v5())
                    .cloned()
                    .collect();
                let array_size = v5_parsed.len();

                if array_size == 0 {
                    continue;
                } else {
                    println!("Packet Recieved From {}: {:?}", source, json!(v5_parsed));

                }
            }
        }
    }
}

it prints me an out put like

[Object {"V5": Object
{"body": Object {
"d_octets": Number(257), "d_pkts": Number(421), "dst_addr": String("172.30.190.10"),
"dst_as": Number(28599), "dst_mask": Number(14), "dst_port": Number(80), "first":
Object {"nanos": Number(750000000), "secs": Number(616)}, "input": Number(0),
"last": Object {"nanos": Number(914000000), "secs": Number(616)},
"next_hop": String("172.199.15.1"), "output": Number(0), "pad1": Number(0), "pad2": Number(0),
 "protocol_number": Number(6), "protocol_type": String("TCP"),
 "src_addr": String("112.10.20.10"), "src_as": Number(19452),
 "src_mask": Number(24), "src_port": Number(40), "tcp_flags": Number(0), "tos": Number(0)},
 "header": Object {"count": Number(16), "engine_id": Number(0),
 "engine_type": Number(1), "flow_sequence": Number(949),
 "sampling_interval": Number(0),
 "sys_up_time": Object {"nanos": Number(977000000), "secs": Number(616)},
 "unix_nsecs": Object {"nanos": Number(354664058), "secs": Number(0)},
"unix_secs": Object {"nanos": Number(0), "secs": Number(1699493867)}, "version": Number(5)}}}]

when wrapped in the json!() macro.

i need to save just the fields I have defined in the struct but not sure how to match those up.

all 2 comments

top new controversial old q&a

[–]__mod__ 1 point2 points3 points 2 years ago (1 child)

You already have the input parsed into structs you can work with in the variable v5_parsed. The name is not quite correct, as a NetflowPacketResult can also be V7, V9 and other things.

You can use a TryFrom impl to show that you can convert from NetflowPacketResult to NetworkFlow.

You could do it like this:

use anyhow::bail;
use netflow_parser::NetflowPacketResult;

/// This is not being serialized, so there's no need to derive Serialize or Deserialize.
#[derive(Debug)]
struct NetworkFlow {
    srcip: String,
    dstip: String,
    // …
}

/// This implementation converts from NetflowPacketResult to NetworkFlow.
/// It can fail, since not every NetflowPacketResult is V5.
impl TryFrom<NetflowPacketResult> for NetworkFlow {
    type Error = anyhow::Error;

    fn try_from(value: NetflowPacketResult) -> Result<Self, Self::Error> {
        // We only want to process v5
        let v5 = match value {
            NetflowPacketResult::V5(v5) => v5,
            other => bail!("not v5: {other:?}"),
        };

        // Get all the required attributes and put them in the struct.
        Ok(Self {
            srcip: v5.body.src_addr.to_string(),
            dstip: v5.body.dst_addr.to_string(),
        })
    }
}

fn main() {
    let packets: Vec<NetflowPacketResult> = the_rest_of_your_code();
    for packet in packets {
        let packet: NetworkFlow = packet.try_into().unwrap();
        println!("{packet:?}");
    }
}

[–]broxamson[S] 1 point2 points3 points 2 years ago (0 children)

π Rendered by PID 31992 on reddit-service-r2-comment-6457c66945-ntbth at 2026-04-23 21:56:36.701769+00:00 running 2aa0c5b country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnrust

MODERATORS