GithubHelp home page GithubHelp logo

pcapng-rs's Introduction

pcapng-rs

pcapng offers you a a pcapng parser in native rust code. A couple of variations on how to read pcapng files in from a file are in examples/.

Under the hood, it usees nom to implement it's parsing, which lets this library stay small and compact. It's currently in a very unstable state, and I'll probably shuffle a lot of interfaces around (Especially surrounding where the actual Block classes live), but if you build something atop it, please let me know and I'll attempt to accomodate.

At the highest level, the easiest way to get packets is to read the whole pcapng file into memory, and then run the parser over it:

let mut fh = fs::File::open("filename.pcapng").unwrap();
let mut buf: Vec<u8> = Vec::new();
let read = fh.read_to_end(&mut buf);

match pcapng::block::parse_blocks(&buf[..]) {
    IResult::Done(_, blocks) => {
        for i in blocks {
            println!("{:?}", i.parse());
        }
    }
    IResult::Error(e)      => panic!("Error: {:?}", e),
    IResult::Incomplete(i) => panic!("Incomplete: {:?}", i),

}

Other approaches using the actual Consumer infra are preferable if you want to stream, but involve writing much more code.

Contact

If you're using this, I would love to know. I'm reachable as richo on freenode or mozilla's irc.

License

Released under the terms of the MIT license.

pcapng-rs's People

Contributors

archaelus avatar ekse avatar geal avatar leavengood avatar richo avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

aleksander geal leavengood therustmonk archaelus maoe jkc-sw ujang360

pcapng-rs's Issues

Panic on overflow in subtraction

Found using cargo-fuzz.

extern crate pcapng;

fn main() {
    let data = b"h;\x00\x00\x00\x00\x00\x00\x00\x00\x07/\x8a";
    let _ = pcapng::block::parse_block(data);
}
thread '<unnamed>' panicked at 'attempt to subtract with overflow', /home/neo/dev/work/pcapng-rs/src/block.rs:84
stack backtrace:
   0:     0x55d7f7df9a83 - std::sys::imp::backtrace::tracing::imp::unwind_backtrace::hf9ed9ccfd9f14c2b
                               at /checkout/src/libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
   1:     0x55d7f7df63d4 - std::sys_common::backtrace::_print::hd8a1b72dcf3955ef
                               at /checkout/src/libstd/sys_common/backtrace.rs:71
   2:     0x55d7f7dfaa57 - std::panicking::default_hook::{{closure}}::h5ff605bba7612658
                               at /checkout/src/libstd/sys_common/backtrace.rs:60
                               at /checkout/src/libstd/panicking.rs:355
   3:     0x55d7f7dfa5db - std::panicking::default_hook::h9bc4f6dfee57d6bd
                               at /checkout/src/libstd/panicking.rs:371
   4:     0x55d7f7dfaebb - std::panicking::rust_panic_with_hook::hdc01585dc2bf7122
                               at /checkout/src/libstd/panicking.rs:549
   5:     0x55d7f7dfad94 - std::panicking::begin_panic::hf84f4975d9f9b642
                               at /checkout/src/libstd/panicking.rs:511
   6:     0x55d7f7dfacc9 - std::panicking::begin_panic_fmt::hcc3f360b2ba80419
                               at /checkout/src/libstd/panicking.rs:495
   7:     0x55d7f7dfac57 - rust_begin_unwind
                               at /checkout/src/libstd/panicking.rs:471
   8:     0x55d7f7e0225d - core::panicking::panic_fmt::h795d9a9608ddc2bb
                               at /checkout/src/libcore/panicking.rs:69
   9:     0x55d7f7e02194 - core::panicking::panic::hcab3e0dfa81beee9
                               at /checkout/src/libcore/panicking.rs:49
  10:     0x55d7f7def551 - pcapng::block::parse_block::h6f65166e5b2cf30e
                               at /home/neo/dev/work/pcapng-rs/src/block.rs:81
  11:     0x55d7f7cb3f87 - rust_fuzzer_test_input
                               at /home/neo/dev/work/pcapng-rs/fuzz/fuzzers/fuzzer_script_1.rs:7
  12:     0x55d7f7cb7b8a - libfuzzer_sys::test_input_wrap::{{closure}}::h01afe675cf6a0c88
                               at /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/src/lib.rs:13
  13:     0x55d7f7cb5c4f - std::panicking::try::do_call::hfeac5113da58e53b
                               at /checkout/src/libstd/panicking.rs:454
  14:     0x55d7f7e01e0b - <unknown>
                               at /checkout/src/libpanic_abort/lib.rs:40
==7858== ERROR: libFuzzer: deadly signal
    #0 0x55d7f7dbc839 in __sanitizer_print_stack_trace /checkout/src/compiler-rt/lib/asan/asan_stack.cc:38
    #1 0x55d7f7cc8f81 in fuzzer::Fuzzer::CrashCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:280
    #2 0x55d7f7cc8ecb in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerLoop.cpp:264
    #3 0x55d7f7ce66bd in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/neo/.cargo/git/checkouts/libfuzzer-sys-e07fde05820d7bc6/36a3928/llvm/lib/Fuzzer/FuzzerUtilPosix.cpp:37
    #4 0x7f816b834fdf  (/usr/lib/libpthread.so.0+0x11fdf)
    #5 0x7f816b296a0f in __GI_raise (/usr/lib/libc.so.6+0x33a0f)
    #6 0x7f816b298139 in __GI_abort (/usr/lib/libc.so.6+0x35139)
    #7 0x55d7f7e01e18 in panic_abort::__rust_start_panic::abort /checkout/src/libpanic_abort/lib.rs:61
    #8 0x55d7f7e01e18 in __rust_start_panic /checkout/src/libpanic_abort/lib.rs:56

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 3 InsertByte-ChangeBit-CMP- DE: "\x00\x00\x00\x00\x00\x00\x00\x00"-; base unit: 500f737e56acb1c967cda18d890bfbe4bab028f6
0x68,0x3b,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x7,0x2f,0x8a,
h;\x00\x00\x00\x00\x00\x00\x00\x00\x07/\x8a
artifact_prefix='artifacts/'; Test unit written to artifacts/crash-45c6cb72b7631115738b6c781135bc930bf3a623
Base64: aDsAAAAAAAAAAAcvig==

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.