This article needs additional citations for verification. (August 2023) |
Construct is a Python library for the construction and deconstruction of data structures in a declarative fashion. In this context, construction, or building, refers to the process of converting (serializing) a programmatic object into a binary representation. Deconstruction, or parsing, refers to the opposite process of converting (deserializing) binary data into a programmatic object. Being declarative means that user code defines the data structure, instead of the convention of writing procedural code to accomplish the goal. Construct can work seamlessly with bit- and byte-level data granularity and various byte-ordering.
Benefits
editUsing declarative code has many benefits. For example, the same code that can parse can also build (symmetrical), debugging and testing are much simpler (provable to some extent), creating new constructs is easy (wrapping components), and many more. If one is familiar with the C (programming language), one can think of constructs as casting from char *
to struct foo *
and vice versa, rather than writing code that unpacks the data.
Example
editThe following example show how a TCP/IP protocol stack might be defined using Construct. Some code is omitted for brevity and simplicity. Also note that the following code is just Python code that creates objects.
First, the Ethernet header (layer 2):
ethernet = Struct(
"destination" / Bytes(6),
"source" / Bytes(6),
"type" / Enum(Int16ub,
IPv4=0x0800,
ARP=0x0806,
RARP=0x8035,
X25=0x0805,
IPX=0x8137,
IPv6=0x86DD,
),
)
Next, the IP header (layer 3):
ip = Struct(
"header" / BitStruct(
"version" / Const(Nibble, 4),
"header_length" / Nibble,
),
"tos" / BitStruct(
"precedence" / Bytes(3),
"minimize_delay" / Flag,
"high_throuput" / Flag,
"high_reliability" / Flag,
"minimize_cost" / Flag,
Padding(1),
),
"total_length" / Int16ub,
# ...
)
And finally, the TCP header (layer 4):
tcp = Struct(
"source" / Int16ub,
"destination" / Int16ub,
"seq" / Int32ub,
"ack" / Int32ub,
# ...
)
Now define the hierarchy of the protocol stack. The following code "binds" each pair of adjacent protocols into a separate unit. Each such unit will "select" the proper next layer based on its contained protocol.
layer4tcp = Struct(
tcp,
# ... payload
)
layer3ip = Struct(
ip,
"next" / Switch(this.protocol,
{
"TCP" : layer4tcp,
}
),
)
layer2ethernet = Struct(
ethernet,
"next" / Switch(this.type,
{
"IP" : layer3ip,
}
),
)
At this point, the code can parse captured TCP/IP frames into "packet" objects and build these packet objects back into binary representation.
tcpip_stack = layer2ethernet
packet = tcpip_stack.parse(b"...raw captured packet...")
raw_data = tcpip_stack.build(packet)
Ports and spin-offs
editPerl
editData::ParseBinary[1] is a CPAN module that originated as a port of Construct to the Perl programming language. (see its main POD document for its inspiration). Since the initial version, some parts of the original API have been deprecated.
Java
editA port to Java is available on GitHub.[2] Examples in Java, the Ethernet header (layer 2):
Construct ethernet_header = Struct("ethernet_header",
MacAddress("destination"),
MacAddress("source"),
Enum(UBInt16("type"),
"IPv4", 0x0800,
"ARP", 0x0806,
"RARP", 0x8035,
"X25", 0x0805,
"IPX", 0x8137,
"IPv6", 0x86DD,
"_default_", Pass
));
References
edit- ^ "Data::ParseBinary - Yet Another parser for binary structures - metacpan.org". metacpan.org. Retrieved 2023-08-29.
- ^ Ziglioli, Emanuele (2022-12-29), ZiglioUK/construct, retrieved 2023-08-29