Provides parsers, readers and writers for Pcap and PcapNg files.
For Pcap files see the pcap module.
For PcapNg files see the pcapng module.
This crate is on crates.io.
Add it to your Cargo.toml:
toml
[dependencies]
pcap-file = "2.0.0-rc1"
```rust,norun use std::fs::File; use pcapfile::pcap::PcapReader;
let filein = File::open("test.pcap").expect("Error opening file"); let mut pcapreader = PcapReader::new(file_in).unwrap();
// Read test.pcap while let Some(pkt) = pcapreader.nextpacket() { //Check if there is no error let pkt = pkt.unwrap();
//Do something
} ```
```rust,norun use std::fs::File; use pcapfile::pcapng::PcapNgReader;
let filein = File::open("test.pcapng").expect("Error opening file"); let mut pcapngreader = PcapNgReader::new(file_in).unwrap();
// Read test.pcapng while let Some(block) = pcapngreader.nextblock() { // Check if there is no error let block = block.unwrap();
// Do something
} ```
Currently there are 4 crude harnesses to check that the parser won't panic in any situation. To start fuzzing you must install cargo-fuzz with the command:
bash
$ cargo install cargo-fuzz
And then, in the root of the repository, you can run the harnesses as:
bash
$ cargo fuzz run pcap_reader
$ cargo fuzz run pcap_ng_reader
$ cargo fuzz run pcap_parser
$ cargo fuzz run pcap_ng_parser
Keep in mind that libfuzzer by default uses only one core, so you can either run all the harnesses in different terminals, or you can pass the -jobs and -workers attributes. More info can be found in its documentation here.
To get better crash reports add to you rust flags: -Zsanitizer=address.
E.g.
bash
RUSTFLAGS="-Zsanitizer=address" cargo fuzz run pcap_reader
Licensed under MIT.
To test the library I used the excellent PcapNg testing suite provided by hadrielk.