Rusticata is a proof-of-concept implementation of using Rust parsers in Suricata.
This project is based on:
- nom a Rust parser combinator framework
- TLS parser
- IPsec parser
- NTP parser
This is proof-of-concept code to show to feasibility of the implementation of safe and efficient parsers
in suricata. The real parsing code is now part of suricata (starting from
version 4.0), and must be configured using the --enable-rust flag.
This project is now a playground for testing parsers, features and code.
Run cargo build for a build in debug mode, cargo build --release for release mode.
Use cargo install to install the library, or set the LD_LIBRARY_PATH environment variable.
You need the pcap-parse tool.
git clone https://github.com/rusticata/pcap-parse.git
cd pcap-parse
Use cargo build to build the tool.
pcap-parse uses the RUST_LOG environment variable to configure its output verbosity.
RUST_LOG=rusticata=Debug cargo run -- -p tls -f file.pcapng
This library is licensed under the GNU Lesser General Public License version 2.1, or (at your option) any later version.