[−][src]Struct pcap_parser::PcapNGReader
Parsing iterator over pcap-ng data (streaming version)
This iterator a streaming parser based on a circular buffer, so any input providing the Read
trait can be used.
The first call to next
should return the a Section Header Block (SHB), marking the start of a
new section.
For each section, calls to next
will return blocks, some of them containing data (SPB, EPB),
and others containing information (IDB, NRB, etc.).
Some information must be stored (for ex. the data link type from the IDB) to be able to parse following block contents. Usually, a list of interfaces must be stored, with the data link type and capture length, for each section. These values are used when parsing Enhanced Packet Blocks (which gives an interface ID - the index, starting from 0) and Simple Packet Blocks (which assume an interface index of 0).
The size of the circular buffer has to be big enough for at least one complete block. Using a larger value (at least 65k) is advised to avoid frequent reads and buffer shifts.
use pcap_parser::*; use pcap_parser::traits::PcapReaderIterator; use nom::{ErrorKind, IResult}; use std::fs::File; use std::io::{BufReader, Read}; let mut file = File::open(path).unwrap(); let mut num_blocks = 0; let mut reader = PcapNGReader::new(65536, file).expect("PcapNGReader"); let mut if_linktypes = Vec::new(); loop { match reader.next() { Ok((offset, block)) => { println!("got new block"); num_blocks += 1; match block { PcapBlockOwned::NG(Block::SectionHeader(ref _shb)) => { // starting a new section, clear known interfaces if_linktypes = Vec::new(); }, PcapBlockOwned::NG(Block::InterfaceDescription(ref idb)) => { if_linktypes.push(idb.linktype); }, PcapBlockOwned::NG(Block::EnhancedPacket(ref epb)) => { assert!((epb.if_id as usize) < if_linktypes.len()); let linktype = if_linktypes[epb.if_id as usize]; #[cfg(feature="data")] let res = pcap_parser::data::get_packetdata(epb.data, linktype, epb.caplen as usize); }, PcapBlockOwned::NG(Block::SimplePacket(ref spb)) => { assert!(if_linktypes.len() > 0); let linktype = if_linktypes[0]; let blen = (spb.block_len1 - 16) as usize; #[cfg(feature="data")] let res = pcap_parser::data::get_packetdata(spb.data, linktype, blen); }, PcapBlockOwned::NG(_) => { // can be statistics (ISB), name resolution (NRB), etc. eprintln!("unsupported block"); }, PcapBlockOwned::Legacy(_) | PcapBlockOwned::LegacyHeader(_) => unreachable!(), } reader.consume(offset); }, Err(ErrorKind::Eof) => break, Err(ErrorKind::Complete) => { eprintln!("Could not read complete data block."); eprintln!("Hint: the reader buffer size may be too small, or the input file nay be truncated."); break; }, Err(e) => panic!("error while reading: {:?}", e), } } println!("num_blocks: {}", num_blocks);
Methods
impl<R> PcapNGReader<R> where
R: Read,
[src]
R: Read,
pub fn new(
capacity: usize,
reader: R
) -> Result<PcapNGReader<R>, ErrorKind<u32>>
[src]
capacity: usize,
reader: R
) -> Result<PcapNGReader<R>, ErrorKind<u32>>
pub fn from_buffer(
buffer: Buffer,
reader: R
) -> Result<PcapNGReader<R>, ErrorKind<u32>>
[src]
buffer: Buffer,
reader: R
) -> Result<PcapNGReader<R>, ErrorKind<u32>>
Trait Implementations
impl<R> PcapReaderIterator<R> for PcapNGReader<R> where
R: Read,
[src]
R: Read,
Auto Trait Implementations
impl<R> Sync for PcapNGReader<R> where
R: Sync,
R: Sync,
impl<R> Unpin for PcapNGReader<R> where
R: Unpin,
R: Unpin,
impl<R> Send for PcapNGReader<R> where
R: Send,
R: Send,
impl<R> UnwindSafe for PcapNGReader<R> where
R: UnwindSafe,
R: UnwindSafe,
impl<R> RefUnwindSafe for PcapNGReader<R> where
R: RefUnwindSafe,
R: RefUnwindSafe,
Blanket Implementations
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From<T> for T
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,