Crate etherparse

source ·
Expand description

A zero allocation library for parsing & writing a bunch of packet based protocols (EthernetII, IPv4, IPv6, UDP, TCP …).

Currently supported are:

  • Ethernet II
  • IEEE 802.1Q VLAN Tagging Header
  • IPv4
  • IPv6 (supporting the most common extension headers, but not all)
  • UDP
  • TCP
  • ICMP & ICMPv6 (not all message types are supported)

§Usage

Add the following to your Cargo.toml:

[dependencies]
etherparse = "0.14"

§What is etherparse?

Etherparse is intended to provide the basic network parsing functions that allow for easy analysis, transformation or generation of recorded network data.

Some key points are:

  • It is completely written in Rust and thoroughly tested.
  • Special attention has been paid to not use allocations or syscalls.
  • The package is still in development and can & will still change.
  • The current focus of development is on the most popular protocols in the internet & transport layer.

§How to parse network packages?

Etherparse gives you two options for parsing network packages automatically:

§Slicing the packet

Here the different components in a packet are separated without parsing all their fields. For each header a slice is generated that allows access to the fields of a header.

match SlicedPacket::from_ethernet(&packet) {
    Err(value) => println!("Err {:?}", value),
    Ok(value) => {
        println!("link: {:?}", value.link);
        println!("vlan: {:?}", value.vlan);
        println!("net: {:?}", value.net); // contains ip
        println!("transport: {:?}", value.transport);
    }
}

This is the faster option if your code is not interested in all fields of all the headers. It is a good choice if you just want filter or find packages based on a subset of the headers and/or their fields.

Depending from which point downward you want to slice a package check out the functions:

In case you want to parse cut off packets (e.g. packets returned in in ICMP message) you can use the “lax” parsing methods:

§Deserializing all headers into structs

This option deserializes all known headers and transfers their contents to header structs.

match PacketHeaders::from_ethernet_slice(&packet) {
    Err(value) => println!("Err {:?}", value),
    Ok(value) => {
        println!("link: {:?}", value.link);
        println!("vlan: {:?}", value.vlan);
        println!("net: {:?}", value.net); // contains ip
        println!("transport: {:?}", value.transport);
    }
}

This option is slower then slicing when only few fields are accessed. But it can be the faster option or useful if you are interested in most fields anyways or if you want to re-serialize the headers with modified values.

Depending from which point downward you want to unpack a package check out the functions

In case you want to parse cut off packets (e.g. packets returned in in ICMP message) you can use the “lax” parsing methods:

§Manually slicing only one packet layer

It is also possible to only slice one packet layer:

The resulting data types allow access to both the header(s) and the payload of the layer and will automatically limit the length of payload if the layer has a length field limiting the payload (e.g. the payload of IPv6 packets will be limited by the “payload length” field in an IPv6 header).

§Manually slicing & parsing only headers

It is also possible just to parse headers. Have a look at the documentation for the following [NAME]HeaderSlice.from_slice methods, if you want to just slice the header:

And for deserialization into the corresponding header structs have a look at:

§How to generate fake packet data?

§Packet Builder

The PacketBuilder struct provides a high level interface for quickly creating network packets. The PacketBuilder will automatically set fields which can be deduced from the content and compositions of the packet itself (e.g. checksums, lengths, ethertype, ip protocol number).

Example:

use etherparse::PacketBuilder;

let builder = PacketBuilder::
    ethernet2([1,2,3,4,5,6],     //source mac
               [7,8,9,10,11,12]) //destination mac
    .ipv4([192,168,1,1], //source ip
          [192,168,1,2], //destination ip
          20)            //time to life
    .udp(21,    //source port
         1234); //destination port

//payload of the udp packet
let payload = [1,2,3,4,5,6,7,8];

//get some memory to store the result
let mut result = Vec::<u8>::with_capacity(builder.size(payload.len()));

//serialize
//this will automatically set all length fields, checksums and identifiers (ethertype & protocol)
//before writing the packet out to "result"
builder.write(&mut result, &payload).unwrap();

There is also an example for TCP packets available.

Check out the PacketBuilder documentation for more information.

§Manually serializing each header

Alternatively it is possible to manually build a packet (example). Generally each struct representing a header has a “write” method that allows it to be serialized. These write methods sometimes automatically calculate checksums and fill them in. In case this is unwanted behavior (e.g. if you want to generate a packet with an invalid checksum), it is also possible to call a “write_raw” method that will simply serialize the data without doing checksum calculations.

Read the documentations of the different methods for a more details:

§References

Modules§

  • checksum
    Helpers for calculating checksums.
  • err
    Module containing error types that can be triggered.
  • ether_type
    Constants for the ethertype values for easy importing (e.g. use ether_type::*;).
  • icmpv4
    Module containing ICMPv4 related types and constants.
  • icmpv6
    Module containing ICMPv6 related types and constants
  • iostd
  • ip_number
    Constants for the ip protocol numbers for easy importing (e.g. use ip_number::*;).
  • tcp_option
    Module containing the constants for tcp options (id number & sizes).

Structs§

Enums§

  • Icmpv4Type
    Starting contents of an ICMPv4 packet without the checksum.
  • Icmpv6Type
    Different kinds of ICMPv6 messages.
  • InternetSlice
    Deprecated use crate::NetSlice or crate::IpSlice instead. Slice containing the network headers & payloads (e.g. IPv4, IPv6, ARP).
  • IpHeaders
    Internet protocol headers version 4 & 6.
  • IpSlice
    Slice containing the IP header (v4 or v6), extension headers & payload.
  • Ipv6ExtensionSlice
    Enum containing a slice of a supported ipv6 extension header.
  • LaxIpSlice
    Slice containing laxly separated IPv4 or IPv6 headers & payload.
  • LaxNetSlice
    Slice containing laxly parsed the network headers & payloads (e.g. IPv4, IPv6, ARP).
  • LaxPayloadSlice
    Laxly parsed payload together with an identifier the type of content & the information if the payload is incomplete.
  • LenSource
    Sources of length limiting values (e.g. “ipv6 payload length field”).
  • LinkSlice
    A slice containing the link layer header (currently only Ethernet II is supported).
  • NetHeaders
    Headers on the network layer (e.g. IP, ARP, …).
  • NetSlice
    Slice containing the network headers & payloads (e.g. IPv4, IPv6, ARP).
  • PayloadSlice
    Payload together with an identifier the type of content.
  • TcpOptionElement
    Different kinds of options that can be present in the options part of a tcp header.
  • TcpOptionReadError
    Errors that can occour while reading the options of a TCP header.
  • TcpOptionWriteError
    Errors that can occour when setting the options of a tcp header.
  • TransportHeader
    The possible headers on the transport layer
  • TransportSlice
  • VlanHeader
    IEEE 802.1Q VLAN Tagging Header (can be single or double tagged).
  • VlanSlice
    A slice containing a single or double vlan header.

Constants§

Type Aliases§