resynth 0.1.4

A packet synthesis language
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

# resynth: A Network Packet Synthesis Language

[![Latest Version](https://img.shields.io/crates/v/resynth)](https://crates.io/crates/resynth/)
[![Documentation](https://img.shields.io/docsrs/resynth)](https://docs.rs/resynth/latest/resynth/)

## About
Resynth is a packet synthesis language. It produces network traffic (in the
form of pcap files) from textual descriptions of traffic. It enables
version-controlled packets-as-code workflows which can be useful for various
packet processing, or security research applications such as DPI engines, or
network intrusion detection systems.


## Examples
Here is how you might represent an HTTP request and response in resynth:

```
import ipv4;
import dns;
import text;

dns::host(192.168.0.1, "www.scaramanga.co.uk", ns: 8.8.8.8, 109.107.38.8);

let http = ipv4::tcp::flow(
  192.168.0.1:32768,
  109.107.38.8:80,
);

http.open();

http.client_message(
  text::crlflines(
    "GET / HTTP/1.1",
    "Host: www.scaramanga.co.uk",
    text::CRLF,
  )
);

http.server_message(
  text::crlflines(
    "HTTP/1.1 301 Moved Permanently",
    "Date: Sat, 17 Jul 2021 02:55:05 GMT",
    "Server: Apache/2.4.29 (Ubuntu)",
    "Location: https://www.scaramanga.co.uk/",
    "Content-Type: text/html; charset=iso-8859-1",
    text::CRLF,
  ),
);

http.server_close();
```

You can compile this to a pcap file with the command `resynth http.rsyn` - a
file called `http.pcap` will be created.


## Why not use $OTHER\_TOOL?
- Scapy and python-based packet generation frameworks: they are incredibly slow
  for my intended use-cases (fuzz-testing, live high-speed packet-generation),
  even by the standards of what is possible in a pure python program. For very
  high-rate applications, I don't think it would be possible to automatically
  and transparently optimize scapy programs without adding some other layer
  designed specifically to speed things up.
- flowsynth: Flowsynth is really nice, and a big source of inspiration for
  this. But it lacks support for higher-level protocols and that little bit of
  extensibility which I really need.


## Future Directions
I plan to combine this with a DPDK-based packet generator in order to build a
network performance-testing suite (think T-Rex). The idea would be to add a
multi-instancing feature to the language to scale up the number of flows. The
resynth programs would be compiled in to a set of pre-canned packet templates
which could just be copied in to the tx ring-buffer with fields (eg. IP
addresses and port numbers) modulated. This would move all of the expensive
work out of the packet transmit mainloop and allow us to generate traffic at
upwards of 20Gbps per CPU.

The language is pretty bare-bones right now. But I plan to add:
- More builtin types: eg. signed integers, booleans, integers of various widths
- An operator to concatenate ip/port into a sockaddr
- An operator for concatenating buffers

I plan to add support for the following protocols to the standard library:
- TLS
- HTTP
- ARP
- SMB2
- DCE-RPC
- More exotic TCP/IP interactions
- Decent support for generating IP fragments