14 releases (breaking)
|0.12.1||Apr 12, 2023|
|0.12.0||Feb 13, 2023|
|0.11.1||Jun 21, 2022|
|0.9.0||Feb 7, 2022|
|0.2.0||Feb 22, 2021|
#265 in Rust patterns
192 downloads per month
Used in 8 crates
Security Aware Wire Protocol parsing library.
This library contains parsers for various wire protocols, and is intended to be used in network security sensors.
Each parser exposes a common interface that allows the sensor engine to feed bytes into the parser and receive parsed metadata back. The bytes are expected to be at the session layer, so the engine is responsible for assembling transport layer data into a session payload, which is then fed into this library.
This library aims to be resilient and parse as many messages as possible that are seen in the wild. If a message is invalid or out-of-spec, it should not be discarded by the parser. Parsers will set flags on the message when it fails validation instead of returning an error.
The interface to each parser is uniform and simple, consisting of only a few functions to:
- test that a payload is or is not the protocol in question (eg. is this modbus?)
- provide more bytes to the parser
- set callbacks to invoke on per-protocol metadata events (todo)
- indicate that some bytes are unavailable (ie. notify of packet loss) (todo)
- indicate a session has ended (todo)
The library exposes Rust and C bindings for easy integration into existing and future network security sensor platforms. (todo)
Start using SAWP by including a parser in your project's
dependencies. The base library will also be required for using common
The minimum supported version of
[dependencies] sawp-modbus = "0.12.1" sawp = "0.12.1"
Some parsers have a foreign function interface for use in C/C++ projects.
FFI Support can be enabled by building with the
A Makefile is also provided to ease the build process. Please refer to this file for more in-depth documentation.
cargo install --force cbindgen make
This project is actively maintained and accepting open source contributions. See CONTRIBUTING for more details.