#pcap #read-write #pcap-parser #pcapng #read #write #parse

pcap-file-tokio

A crate to parse, read and write Pcap and PcapNg asynchronously with Tokio

1 unstable release

0.1.0 Jun 16, 2023

#2622 in Parser implementations

Download history 1465/week @ 2024-08-25 1690/week @ 2024-09-01 1634/week @ 2024-09-08 1232/week @ 2024-09-15 1525/week @ 2024-09-22 1102/week @ 2024-09-29 1617/week @ 2024-10-06 1690/week @ 2024-10-13 2173/week @ 2024-10-20 1706/week @ 2024-10-27 1647/week @ 2024-11-03 1738/week @ 2024-11-10 1720/week @ 2024-11-17 1661/week @ 2024-11-24 1595/week @ 2024-12-01 1839/week @ 2024-12-08

6,874 downloads per month

MIT license

130KB
2K SLoC

pcap-file-tokio

Fork of the awesome pcap-file crate, modified to support tokio.

Provides parsers, readers and writers for Pcap and PcapNg files.

For Pcap files see the pcap module.

For PcapNg files see the pcapng module.

Crates.io rustdoc Crates.io

Documentation

https://docs.rs/pcap-file-tokio

Installation

This crate is on crates.io. Add it to your Cargo.toml:

[dependencies]
pcap-file-tokio = "2.0.0-rc1"

Examples

PcapReader

use tokio::fs::File;
use pcap_file_tokio::pcap::PcapReader;

#[tokio::main]
async fn main() {
    let file_in = File::open("test.pcap").await.expect("Error opening file");
    let mut pcap_reader = PcapReader::new(file_in).await.unwrap();

    // Read test.pcap
    while let Some(pkt) = pcap_reader.next_packet().await {
        //Check if there is no error
        let pkt = pkt.unwrap();

        //Do something
    }
}

PcapNgReader

use tokio::fs::File;
use pcap_file_tokio::pcapng::PcapNgReader;

#[tokio::main]
async fn main() {
    let file_in = File::open("test.pcapng").await.expect("Error opening file");
    let mut pcapng_reader = PcapNgReader::new(file_in).await.unwrap();

    // Read test.pcapng
    while let Some(block) = pcapng_reader.next_block().await {
        // Check if there is no error
        let block = block.unwrap();

        //  Do something
    }
}

Fuzzing

Currently there are 4 crude harnesses to check that the parser won't panic in any situation. To start fuzzing you must install cargo-fuzz with the command:

$ cargo install cargo-fuzz

And then, in the root of the repository, you can run the harnesses as:

$ cargo fuzz run pcap_reader
$ cargo fuzz run pcap_ng_reader
$ cargo fuzz run pcap_parser
$ cargo fuzz run pcap_ng_parser

Keep in mind that libfuzzer by default uses only one core, so you can either run all the harnesses in different terminals, or you can pass the -jobs and -workers attributes. More info can be found in its documentation here. To get better crash reports add to you rust flags: -Zsanitizer=address. E.g.

RUSTFLAGS="-Zsanitizer=address" cargo fuzz run pcap_reader

License

Licensed under MIT.

Disclaimer

To test the library I used the excellent PcapNg testing suite provided by hadrielk.

Dependencies

~2.7–8.5MB
~72K SLoC