Rust equivalent of dpkt or gopacket?


#1

I am looking for a rust library that is similar to python’s dpkt or Go’s gopacket for fast parsing of network protocols. I gave a quick look at serde but it seems more appropriate for de/serializing rust structs rather then parsing the arbitrariness (sp?) of random network protocols.

The reason I would like to use rust for this is that I need to parse packets from multiple SPAN ports where performance is important, and a zero cost library sound very appealing. Additionally, there are a few protocols I need to parse that I have only found parsers written for Wireshark and it would probably be easier for me to integrate with/slowly convert/copy paste from.


#3

There are some abstractions in pnet which might get you part of what you’re looking for.


#4

There are some abstractions in pnet6 which might get you part of what you’re looking for.

That pretty close to what I was looking for, thanks!
After playing with it, it still seems a bit immature. There are some basic things that feel missing, and from what I understand it isn’t really 0-copy, which can mean a big hit in performance.


#5

How would you prefer to deserialize the data, if not into a struct?

I don’t want to parse my data but arbitrary network packets, such as DHCP/DNS/GRE with transport headers as well (IP, TCP/UDP). That’s what the library examples I gave provide, with relative ease I can add network protocols, and use existing ones to parse packets from packet captures.

The libraries you linked to don’t seem related to serialization/deserialization though… they look like mostly PCAP-wrappers, for which this might be more useful.

This only provides a wrapper for getting the packet buffer, not for doing anything with it. If you look at dpkt you would see the ease of parsing a raw packet with it from the different layer to the underlying application protocol.


#6

I believe you’re looking for nom. It is a parser that fit very well for binary formats as network packets.


#7

Cool, I will definitely look into that, there is even a TCP/IP parser written in it already. Doesn’t look like it’s zero copy, but looks pretty useful (maybe I can use it to return references? I’ll play around with it).