[−][src]Crate pcap_parser
PCAP and PCAPNG parsers
This crate contains several parsers for PCAP and PCAPNG files.
Compared to other similar projects, it is designed to offer a complete support of the many possible formats (legacy pcap, pcapng, little or big-endian, etc.) and features (pcanpng files with multiple sections, interfaces, and endianness) while using only safe code and without copying data (zero-copy).
The code is available on Github and is part of the Rusticata project.
Example: streaming parsers
The following code shows how to parse a file in the pcap-ng format, using a PcapNGReader streaming parser.
use pcap_parser::*; use pcap_parser::traits::PcapReaderIterator; use std::fs::File; use std::io::Read; let mut file = File::open(path).unwrap(); let mut num_blocks = 0; let mut reader = PcapNGReader::new(65536, file).expect("PcapNGReader"); loop { match reader.next() { Ok((offset, _block)) => { println!("got new block"); num_blocks += 1; reader.consume(offset); }, Err(PcapError::Eof) => break, Err(PcapError::Incomplete) => { reader.refill().unwrap(); }, Err(e) => panic!("error while reading: {:?}", e), } } println!("num_blocks: {}", num_blocks);
See PcapNGReader for a complete example, including handling of linktype and accessing packet data.
For legacy pcap files, use similar code with the LegacyPcapReader streaming parser.
See pcap-tools and pcap-parse for more examples.
Example: generic streaming parsing
To create a pcap reader for input in either PCAP or PCAPNG format, use the create_reader function.
Re-exports
pub use pcap::*; |
pub use pcapng::*; |
Modules
| data | Helper functions to access block contents (depending in linktype) |
| pcap | PCAP file format |
| pcapng | PCAPNG file format |
| traits |
Structs
| CurrentSectionInfo | |
| LegacyPcapIterator | Iterator over |
| LegacyPcapReader | Parsing iterator over legacy pcap data (streaming version) |
| LegacyPcapSlice | Parsing iterator over legacy pcap data (requires data to be loaded into memory) |
| Linktype | Data link type |
| PcapCapture | Generic interface for PCAP file access |
| PcapNGCapture | Generic interface for PCAPNG file access |
| PcapNGCaptureIterator | Iterator over |
| PcapNGReader | Parsing iterator over pcap-ng data (streaming version) |
| PcapNGSlice | Parsing iterator over pcap-ng data (requires data to be loaded into memory) |
Enums
| Data | A container for owned or borrowed data |
| MutableData | A container for owned or borrowed mutable data |
| PcapBlock | A block from a Pcap or PcapNG file |
| PcapBlockOwned | A block from a Pcap or PcapNG file |
| PcapError |
Traits
| Capture | Generic interface for PCAP or PCAPNG file access |
| ToVec | Common trait for all serialization functions |
Functions
| create_reader | Get a generic |
| parse_pcap | Parse the entire file |
| parse_pcapng | Parse the entire file |