[langsec-discuss] [nom] dynamic length take!

Richo Healey richo at psych0tik.net
Sun Jun 14 20:53:58 UTC 2015


(posting here because I couldn't find a nom specific list or IRC channel,
feel free to punt me in some other direction)

I'm working on a rust implementation of a generic parser for the pcapng
format[0], which has a fairly straightforward block format:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                          Block Type                           |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                      Block Total Length                       |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 /                          Block Body                           /
 /          /* variable length, aligned to 32 bits */            /
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                      Block Total Length                       |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Naively, I tried to do something like:

named!(block<&[u8],Block>,
       chain!(
           ty: le_u32 ~
           block_length: le_u32 ~
           block_body: take!(block_length - 12) ~
           check_length: le_u32 ,

           ||{ Block {
               ty: ty,
               block_length: block_length,
               block_body: block_body // FIXME(richo) this needs to trim padding
               check_length: check_length
           } }
           )
      );

However, this barfs for a few reasons, the big one being that evidently the
argument to take! is passed through to a few contexts, and if the expr is a
literal it can elide two different types, whereas my expression isn't it
barfs.

I've started porting the block parser to actually implement a Consumer, but
as I get closer I realise this doesn't actually solve my problem. Is there a
primitive in nom itself that will let me painlessly pull out a dynamically
sized chunk of memory?

Cheers, and thanks for nom.

richo

[0]: http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 868 bytes
Desc: not available
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20150614/1ff2880b/attachment.sig>


More information about the langsec-discuss mailing list