pcap 2.4.0

A packet capture API around pcap/wpcap
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304

//! pcap is a packet capture library available on Linux, Windows and Mac. This
//! crate supports creating and configuring capture contexts, sniffing packets,
//! sending packets to interfaces, listing devices, and recording packet captures
//! to pcap-format dump files.
//!
//! # Capturing packets
//! The easiest way to open an active capture handle and begin sniffing is to
//! use `.open()` on a `Device`. You can obtain the "default" device using
//! `Device::lookup()`, or you can obtain the device(s) you need via `Device::list()`.
//!
//! ```no_run
//! use pcap::Device;
//!
//! let mut cap = Device::lookup().unwrap().unwrap().open().unwrap();
//!
//! while let Ok(packet) = cap.next_packet() {
//!     println!("received packet! {:?}", packet);
//! }
//!
//! ```
//!
//! `Capture`'s `.next_packet()` will produce a `Packet` which can be dereferenced to access the
//! `&[u8]` packet contents.
//!
//! # Custom configuration
//!
//! You may want to configure the `timeout`, `snaplen` or other parameters for the capture
//! handle. In this case, use `Capture::from_device()` to obtain a `Capture<Inactive>`, and
//! proceed to configure the capture handle. When you're finished, run `.open()` on it to
//! turn it into a `Capture<Active>`.
//!
//! ```no_run
//! use pcap::{Device, Capture};
//!
//! let main_device = Device::lookup().unwrap().unwrap();
//! let mut cap = Capture::from_device(main_device).unwrap()
//!                   .promisc(true)
//!                   .snaplen(5000)
//!                   .open().unwrap();
//!
//! while let Ok(packet) = cap.next_packet() {
//!     println!("received packet! {:?}", packet);
//! }
//! ```
//!
//! # Abstracting over different capture types
//!
//! You can abstract over live captures (`Capture<Active>`) and file captures
//! (`Capture<Offline>`) using generics and the [`Activated`] trait, for example:
//!
//! ```
//! use pcap::{Activated, Capture};
//!
//! fn read_packets<T: Activated>(mut capture: Capture<T>) {
//!     while let Ok(packet) = capture.next_packet() {
//!         println!("received packet! {:?}", packet);
//!     }
//! }
//! ```

#![cfg_attr(docsrs, feature(doc_cfg))]

use std::ffi::{self, CStr};
use std::fmt;

use self::Error::*;

mod capture;
mod codec;
mod device;
mod linktype;
mod packet;

#[cfg(not(windows))]
pub use capture::activated::open_raw_fd;
pub use capture::{
    activated::{
        iterator::PacketIter, BpfInstruction, BpfProgram, BreakLoop, Direction, Savefile, Stat,
    },
    inactive::TimestampType,
    {Activated, Active, Capture, Dead, Inactive, Offline, Precision, State},
};
pub use codec::PacketCodec;
pub use device::{Address, ConnectionStatus, Device, DeviceFlags, IfFlags};
pub use linktype::Linktype;
pub use packet::{Packet, PacketHeader};

#[deprecated(note = "Renamed to TimestampType")]
/// An old name for `TimestampType`, kept around for backward-compatibility.
pub type TstampType = TimestampType;

mod raw;

#[cfg(windows)]
#[cfg_attr(docsrs, doc(cfg(windows)))]
pub mod sendqueue;

#[cfg(feature = "capture-stream")]
mod stream;
#[cfg(feature = "capture-stream")]
#[cfg_attr(docsrs, doc(cfg(feature = "capture-stream")))]
pub use stream::PacketStream;

/// An error received from pcap
#[derive(Debug, PartialEq, Eq)]
pub enum Error {
    /// The underlying library returned invalid UTF-8
    MalformedError(std::str::Utf8Error),
    /// The underlying library returned a null string
    InvalidString,
    /// The unerlying library returned an error
    PcapError(String),
    /// The linktype was invalid or unknown
    InvalidLinktype,
    /// The timeout expired while reading from a live capture
    TimeoutExpired,
    /// No more packets to read from the file
    NoMorePackets,
    /// Must be in non-blocking mode to function
    NonNonBlock,
    /// There is not sufficent memory to create a dead capture
    InsufficientMemory,
    /// An invalid input string (internal null)
    InvalidInputString,
    /// An IO error occurred
    IoError(std::io::ErrorKind),
    #[cfg(not(windows))]
    /// An invalid raw file descriptor was provided
    InvalidRawFd,
    /// Errno error
    ErrnoError(errno::Errno),
    /// Buffer size overflows capacity
    BufferOverflow,
}

impl Error {
    unsafe fn new(ptr: *const libc::c_char) -> Error {
        match cstr_to_string(ptr) {
            Err(e) => e as Error,
            Ok(string) => PcapError(string.unwrap_or_default()),
        }
    }

    fn with_errbuf<T, F>(func: F) -> Result<T, Error>
    where
        F: FnOnce(*mut libc::c_char) -> Result<T, Error>,
    {
        let mut errbuf = [0i8; 256];
        func(errbuf.as_mut_ptr() as _)
    }
}

unsafe fn cstr_to_string(ptr: *const libc::c_char) -> Result<Option<String>, Error> {
    let string = if ptr.is_null() {
        None
    } else {
        Some(CStr::from_ptr(ptr as _).to_str()?.to_owned())
    };
    Ok(string)
}

impl fmt::Display for Error {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match *self {
            MalformedError(ref e) => write!(f, "libpcap returned invalid UTF-8: {e}"),
            InvalidString => write!(f, "libpcap returned a null string"),
            PcapError(ref e) => write!(f, "libpcap error: {e}"),
            InvalidLinktype => write!(f, "invalid or unknown linktype"),
            TimeoutExpired => write!(f, "timeout expired while reading from a live capture"),
            NonNonBlock => write!(f, "must be in non-blocking mode to function"),
            NoMorePackets => write!(f, "no more packets to read from the file"),
            InsufficientMemory => write!(f, "insufficient memory"),
            InvalidInputString => write!(f, "invalid input string (internal null)"),
            IoError(ref e) => write!(f, "io error occurred: {e:?}"),
            #[cfg(not(windows))]
            InvalidRawFd => write!(f, "invalid raw file descriptor provided"),
            ErrnoError(ref e) => write!(f, "libpcap os errno: {e}"),
            BufferOverflow => write!(f, "buffer size too large"),
        }
    }
}

// Using description is deprecated. Remove in next version.
impl std::error::Error for Error {
    fn description(&self) -> &str {
        match *self {
            MalformedError(..) => "libpcap returned invalid UTF-8",
            PcapError(..) => "libpcap FFI error",
            InvalidString => "libpcap returned a null string",
            InvalidLinktype => "invalid or unknown linktype",
            TimeoutExpired => "timeout expired while reading from a live capture",
            NonNonBlock => "must be in non-blocking mode to function",
            NoMorePackets => "no more packets to read from the file",
            InsufficientMemory => "insufficient memory",
            InvalidInputString => "invalid input string (internal null)",
            IoError(..) => "io error occurred",
            #[cfg(not(windows))]
            InvalidRawFd => "invalid raw file descriptor provided",
            ErrnoError(..) => "internal error, providing errno",
            BufferOverflow => "buffer size too large",
        }
    }

    fn cause(&self) -> Option<&dyn std::error::Error> {
        match *self {
            MalformedError(ref e) => Some(e),
            _ => None,
        }
    }
}

impl From<ffi::NulError> for Error {
    fn from(_: ffi::NulError) -> Error {
        InvalidInputString
    }
}

impl From<std::str::Utf8Error> for Error {
    fn from(obj: std::str::Utf8Error) -> Error {
        MalformedError(obj)
    }
}

impl From<std::io::Error> for Error {
    fn from(obj: std::io::Error) -> Error {
        obj.kind().into()
    }
}

impl From<std::io::ErrorKind> for Error {
    fn from(obj: std::io::ErrorKind) -> Error {
        IoError(obj)
    }
}

/// Return size of a commonly used packet header.
///
/// On Windows this packet header is implicitly added to send queues, so this size must be known
/// if an application needs to precalculate the exact send queue buffer size.
pub const fn packet_header_size() -> usize {
    std::mem::size_of::<raw::pcap_pkthdr>()
}

#[cfg(test)]
mod tests {
    use std::error::Error as StdError;
    use std::{ffi::CString, io};

    use super::*;

    #[test]
    fn test_error_invalid_utf8() {
        let bytes: [u8; 8] = [0x78, 0xfe, 0xe9, 0x89, 0x00, 0x00, 0xed, 0x4f];
        let error = unsafe { Error::new(&bytes as *const _ as _) };
        assert!(matches!(error, Error::MalformedError(_)));
    }

    #[test]
    fn test_error_null() {
        let error = unsafe { Error::new(std::ptr::null()) };
        assert_eq!(error, Error::PcapError("".to_string()));
    }

    #[test]
    #[allow(deprecated)]
    fn test_errors() {
        let mut errors: Vec<Error> = vec![];

        let bytes: [u8; 8] = [0x78, 0xfe, 0xe9, 0x89, 0x00, 0x00, 0xed, 0x4f];
        let cstr = unsafe { CStr::from_ptr(&bytes as *const _ as _) };

        errors.push(cstr.to_str().unwrap_err().into());
        errors.push(Error::InvalidString);
        errors.push(Error::PcapError("git rekt".to_string()));
        errors.push(Error::InvalidLinktype);
        errors.push(Error::TimeoutExpired);
        errors.push(Error::NoMorePackets);
        errors.push(Error::NonNonBlock);
        errors.push(Error::InsufficientMemory);
        errors.push(CString::new(b"f\0oo".to_vec()).unwrap_err().into());
        errors.push(io::Error::new(io::ErrorKind::Interrupted, "error").into());
        #[cfg(not(windows))]
        errors.push(Error::InvalidRawFd);
        errors.push(Error::ErrnoError(errno::Errno(125)));
        errors.push(Error::BufferOverflow);

        for error in errors.iter() {
            assert!(!error.to_string().is_empty());
            assert!(!error.description().is_empty());
            match error {
                Error::MalformedError(_) => assert!(error.cause().is_some()),
                _ => assert!(error.cause().is_none()),
            }
        }
    }

    #[test]
    fn test_packet_size() {
        assert_eq!(
            packet_header_size(),
            std::mem::size_of::<raw::pcap_pkthdr>()
        );
    }
}