rscap 0.1.2

Rust packet capture and manipulation utilities
Documentation

Rscap

Latest Version Documentation rscap: rustc 1.65+

rscap - Rust packet capture and manipulation utilities

rscap is a multi-purpose library for network packet capture/transmission and packet building. Its aims are twofold:

  1. To provide Rust-native platform tools for packet capture and transmission (comparable to libpcap, but written from the ground up in Rust)
  2. To expose a robust and ergonomic API for building packets and accessing/modifying packet data fields in various network protocols (like scapy, but with strong typing and significantly improved performance)

The rscap submodule focuses specifically on (1)--it provides safe, Rust-native APIs for capturing packets over network interfaces. Linux is currently the only supported operating system, though multi-platform API support for MacOS, BSD and Windows is in the pipeline.

Features

  • Platform-independent interface for packet capture/transmission: rscap aims to provide a single unified interface for capturing and transmitting packets across any supported platform. Additionally, the library exposes safe abstractions of platform-specific packet capture tools (such as AF_PACKET/PACKET_MMAP sockets in Linux) to support cases where fine-grained control or platform-specific features are desired.
  • Robust APIs for building/modifying packets: the pkts submodule provides simple operations to combine various layers into a single packet, and to index into a different layers of a packet to retrieve or modify fields. Users of scapy may find the API surprisingly familiar, especially for layer composition and indexing operations:
use layers::{ip::Ipv4, tcp::Tcp};

let pkt = Ip::new() / Tcp::new();
pkt[Tcp].set_sport(80);
pkt[Tcp].set_dport(12345);
  • Packet defragmentation/reordering: In some protocols, packets may be fragmented (such as IPv4) or arrive out-of-order (TCP, SCTP, etc.). rscap overcomes both of these issues through Sequence types that transparently handle defragmentation and reordering. Sequence types can even be stacked so that application-layer data can easily be reassembled from captured packets. They even work in no-std environments with or without alloc.
  • Stateful packet support: Many network protocols are stateful, and interpreting packets from such protocols can be difficult (if not impossible) to accomplish unless information about the protocol session is stored. rscap provides Session types that handle these kinds of packets--Sessions ensure that packets are validated based on the current expected state of the protocol. Just like Sequence, Session types are compatible with no-std environments and do not require alloc.

License

The source code of this project is licensed under either the MIT License or the Apache 2.0 License, at your option.