1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

use crate::{Error, GlobalHeader, PcapRecords};
use log::*;

#[derive(Clone, Debug)]
pub struct CaptureFile<'a> {
    pub global_header: GlobalHeader,
    pub records: PcapRecords<'a>,
}

impl<'a> CaptureFile<'a> {
    ///
    /// Parse a slice of bytes that start with libpcap file format header (https://wiki.wireshark.org/Development/LibpcapFileFormat)
    ///
    pub fn parse<'b>(
        input: &'b [u8],
    ) -> Result<(&'b [u8], CaptureFile<'b>), Error>
    {
        let (rem, header) = GlobalHeader::parse(input)?;

        debug!(
            "Global header version {}.{}, with endianness {:?}",
            header.version_major,
            header.version_minor,
            header.endianness
        );

        let (records_rem, records) = PcapRecords::parse(rem, header.endianness)?;

        trace!("{} bytes left for record parsing", records_rem.len());

        Ok( (records_rem, CaptureFile {
            global_header: header,
            records: records,
        }) )
    }
}