Module protocol

pcapsql_core

Module protocol 

Source
Expand description

Protocol parsing framework.

This module provides:

  • Protocol trait for implementing parsers
  • ProtocolRegistry for managing registered parsers
  • Built-in parsers for common protocols

§Supported Protocols

LayerProtocols
LinkEthernet, VLAN (802.1Q)
NetworkIPv4, IPv6, ARP, ICMP, ICMPv6
TransportTCP, UDP
ApplicationDNS, DHCP, NTP, TLS, SSH, QUIC

Note: HTTP is parsed via TCP stream reassembly (see stream::parsers::http).

§Example

use pcapsql_core::protocol::{default_registry, parse_packet};

let registry = default_registry();
// Ethernet frame with IP/TCP
let packet_data: &[u8] = &[
    // Ethernet header (14 bytes)
    0xff, 0xff, 0xff, 0xff, 0xff, 0xff,  // dst mac
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  // src mac
    0x08, 0x00,                          // ethertype (IPv4)
    // Minimal IPv4 header would follow...
];

let results = parse_packet(&registry, 1, packet_data); // 1 = Ethernet
for (name, result) in results {
    let field_names: Vec<_> = result.fields.iter().map(|(k, _)| *k).collect();
    println!("Parsed {}: {:?}", name, field_names);
}

Modules§

ethertype
Well-known EtherType values (IEEE 802).
netlink_family
Netlink protocol families.
next_header
IPv6 Next Header values for extension headers and encapsulation.
rcode
DNS response codes (RFC 1035, RFC 2136, RFC 2845, RFC 6895).
record_type
DNS record types.

Structs§

ArpProtocol
ARP protocol parser.
BgpProtocol
BGP protocol parser.
DhcpProtocol
DHCP protocol parser.
DnsProtocol
DNS protocol parser.
EthernetProtocol
Ethernet II protocol parser.
GreProtocol
GRE protocol parser.
GtpProtocol
GTP protocol parser.
IcmpProtocol
ICMP protocol parser.
Icmpv6Protocol
ICMPv6 protocol parser.
IpsecProtocol
IPsec protocol parser (handles both ESP and AH).
Ipv4Protocol
IPv4 protocol parser.
Ipv6Protocol
IPv6 protocol parser.
LinuxSllProtocol
Linux SLL protocol parser.
MplsProtocol
MPLS protocol parser.
NetlinkProtocol
Netlink protocol parser.
NtpProtocol
NTP protocol parser.
OspfProtocol
OSPF protocol parser.
ParseContext
Context passed through the parsing chain.
ParseResult
Result of parsing a protocol layer.
ProjectionConfig
Configuration for field projection during parsing.
ProtocolRegistry
Registry for protocol parsers with priority-based selection.
QuicProtocol
QUIC protocol parser.
RtnetlinkProtocol
RTNetlink protocol parser.
SshProtocol
SSH protocol parser.
TcpProtocol
TCP protocol parser.
TlsProtocol
TLS protocol parser using tls-parser crate.
TunnelLayer
Information about a single tunnel encapsulation layer.
UdpProtocol
UDP protocol parser.
VlanProtocol
802.1Q VLAN tag parser.
VxlanProtocol
VXLAN protocol parser.

Enums§

BuiltinProtocol
Enum of all built-in protocol parsers.
FieldValue
Possible field value types (maps to Arrow types).
PayloadMode
How a protocol’s remaining bytes should be handled.
TunnelType
Type of encapsulating tunnel protocol.

Traits§

Protocol
Core trait all protocol parsers must implement.

Functions§

chain_fields_for_protocol
Fields required for protocol chaining.
compute_required_protocols
Compute the set of protocols required to satisfy a query.
default_registry
Create a registry with all built-in protocol parsers.
merge_with_chain_fields
Merge projection with chain fields if needed.
parse_packet
Parse a packet through all protocol layers.
parse_packet_projected
Parse a packet with field projection.
parse_packet_pruned
Parse a packet with protocol pruning.
parse_packet_pruned_projected
Parse a packet with both protocol pruning and field projection.
should_continue_parsing
Check if parsing should continue given the current parse results and required set.
should_run_parser
Check if a specific parser should be run.

Type Aliases§

FieldEntry
Field entry for parse results: (field_name, value). Field names are always static strings (protocol-defined). The lifetime parameter ties the value to the packet/buffer data.
HintEntry
Hint entry for child protocol detection: (hint_name, value).
OwnedFieldValue
Type alias for FieldValue that owns all its data. Useful for caching where lifetime of packet data is not available.