#ffi

sawp-ffi

FFI helper macros and traits

10 breaking releases

Uses old Rust 2015

0.11.1 Jun 21, 2022
0.10.0 May 20, 2022
0.9.0 Feb 7, 2022
0.8.0 Nov 18, 2021
0.2.0 Feb 22, 2021

#351 in Rust patterns

Download history 39/week @ 2022-08-05 23/week @ 2022-08-12 29/week @ 2022-08-19 25/week @ 2022-08-26 21/week @ 2022-09-02 35/week @ 2022-09-09 16/week @ 2022-09-16 13/week @ 2022-09-23 33/week @ 2022-09-30 24/week @ 2022-10-07 6/week @ 2022-10-14 14/week @ 2022-10-21 35/week @ 2022-10-28 39/week @ 2022-11-04 26/week @ 2022-11-11 28/week @ 2022-11-18

128 downloads per month
Used in fewer than 6 crates

Custom license

30KB
704 lines

Français

Security Aware Wire Protocol parsing library.

This library contains parsers for various wire protocols, and is intended to be used in network security sensors.

Each parser exposes a common interface that allows the sensor engine to feed bytes into the parser and receive parsed metadata back. The bytes are expected to be at the session layer, so the engine is responsible for assembling transport layer data into a session payload, which is then fed into this library.

This library aims to be resilient and parse as many messages as possible that are seen in the wild. If a message is invalid or out-of-spec, it should not be discarded by the parser. Parsers will set flags on the message when it fails validation instead of returning an error.

The interface to each parser is uniform and simple, consisting of only a few functions to:

  • test that a payload is or is not the protocol in question (eg. is this modbus?)
  • provide more bytes to the parser
  • set callbacks to invoke on per-protocol metadata events (todo)
  • indicate that some bytes are unavailable (ie. notify of packet loss) (todo)
  • indicate a session has ended (todo)

The library exposes Rust and C bindings for easy integration into existing and future network security sensor platforms. (todo)

Usage

Start using SAWP by including a parser in your project's Cargo.toml dependencies. The base library will also be required for using common types.

The minimum supported version of rustc is 1.41.1.

Example

[dependencies]
sawp-modbus = "0.11.1"
sawp = "0.11.1"

FFI Support

Some parsers have a foreign function interface for use in C/C++ projects. FFI Support can be enabled by building with the ffi feature.

A Makefile is also provided to ease the build process. Please refer to this file for more in-depth documentation.

# Install cbindgen which is required to generate headers
cargo install --force cbindgen

# Build headers and shared objects
make

Contributing

This project is actively maintained and accepting open source contributions. See CONTRIBUTING for more details.

Dependencies

~1–1.6MB
~35K SLoC