1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101

//! # PCAP and PCAPNG parsers
//!
//! This crate contains several parsers for PCAP and PCAPNG files.
//!
//! The code is available on [Github](https://github.com/rusticata/pcap-parser)
//! and is part of the [Rusticata](https://github.com/rusticata) project.
//!
//! # Example: generic parsing
//!
//! The following code shows how to parse a file either in PCAP or PCAPNG format.
//!
//! ```rust,no_run
//! # extern crate nom;
//! # extern crate pcap_parser;
//! use pcap_parser::*;
//! use nom::IResult;
//! use std::fs::File;
//! use std::io::Read;
//!
//! # fn main() {
//! # let path = "/tmp/file.pcap";
//! let mut file = File::open(path).unwrap();
//! let mut buffer = Vec::new();
//! file.read_to_end(&mut buffer).unwrap();
//! let mut num_packets = 0;
//! // try pcap first
//! match PcapCapture::from_file(&buffer) {
//!     Ok(capture) => {
//!         println!("Format: PCAP");
//!         for _packet in capture.iter_packets() {
//!             num_packets += 1;
//!         }
//!         return;
//!     },
//!     _ => ()
//! }
//! // otherwise try pcapng
//! match PcapNGCapture::from_file(&buffer) {
//!     Ok(capture) => {
//!         println!("Format: PCAPNG");
//!         // most pcaps have one section, with one interface
//!         //
//!         // global iterator - provides a unified iterator over all
//!         // sections and interfaces. It will usually work only if there
//!         // is one section with one interface
//!         // otherwise, the next iteration code is better
//!         for _packet in capture.iter_packets() {
//!             // num_packets += 1;
//!         }
//!         // The following code iterates all sections, for each section
//!         // all interfaces, and for each interface all packets.
//!         // Note that the link type can be different for each interface!
//!         println!("Num sections: {}", capture.sections.len());
//!         for (snum,section) in capture.sections.iter().enumerate() {
//!             println!("Section {}:", snum);
//!             for (inum,interface) in section.interfaces.iter().enumerate() {
//!                 println!("    Interface {}:", inum);
//!                 println!("        Linktype: {:?}", interface.header.linktype);
//!                 // ...
//!                 for _packet in section.iter_packets() {
//!                     num_packets += 1;
//!                 }
//!             }
//!         }
//!     },
//!     _ => ()
//! }
//! # }
//! ```
//!
//! The above code requires the file to be entirely loaded into memory. Other functions
//! in this crate allows for writing streaming parsers.
//! See [pcap-tools](https://github.com/rusticata/pcap-tools) for examples.

extern crate byteorder;

#[macro_use]
extern crate nom;

#[macro_use]
extern crate cookie_factory;

#[macro_use]
extern crate rusticata_macros;

mod packet;
pub use packet::*;

pub mod pcap;
pub use pcap::*;
pub mod pcapng;
pub use pcapng::*;

mod capture;
pub use capture::*;

#[cfg(feature = "data")]
pub mod data;

#[cfg(feature = "data")]
mod pcap_nflog;