High-performance network packet manipulation with Rust and Python

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for nise_roj from gravatar.com nise_roj

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0-only)
  • Tags networking , packets , scapy , security , rust
  • Requires: Python >=3.13
Classifiers
Report project as malware

Project description

Stackforge

CI PyPI Crates.io License: GPL-3.0

Stackforge is a high-performance networking stack written in Rust with Python bindings. It provides Scapy-like packet manipulation with native Rust performance — build, parse, and inspect network packets using a familiar / stacking syntax.

Features

  • Scapy-style API — Stack layers with Ether() / IP() / TCP(), set fields with keyword arguments
  • High Performance — Core logic in Rust, zero-copy parsing, copy-on-write mutation
  • Protocol Support — Ethernet, ARP, IPv4, TCP, UDP, ICMP, Raw payloads
  • PCAP I/O — Read and write pcap files with rdpcap() / wrpcap()
  • Python Bindings — Seamless integration via PyO3/maturin

Installation

pip install stackforge

Or with uv:

uv add stackforge

Quick Start

Build and send packets

from stackforge import Ether, IP, TCP, UDP, ICMP, Raw

# TCP SYN packet
pkt = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(dst="192.168.1.1") / TCP(dport=80, flags="S")
print(pkt.show())

# UDP DNS query
pkt = Ether() / IP(dst="8.8.8.8") / UDP(dport=53)

# ICMP echo request
pkt = Ether() / IP(dst="10.0.0.1") / ICMP.echo_request(id=0x1234, seq=1)

# Packet with raw payload
pkt = Ether() / IP(dst="10.0.0.1") / TCP(dport=80) / Raw(load=b"GET / HTTP/1.1\r\n")

Build to bytes

stack = Ether() / IP(dst="10.0.0.1") / TCP(dport=443, flags="S")

# Build into a Packet object
pkt = stack.build()

# Or get raw bytes directly
raw = stack.bytes()

Parse packets from bytes

from stackforge import Packet, LayerKind

raw_bytes = b"\xff\xff..."  # raw packet bytes
pkt = Packet(raw_bytes)
pkt.parse()

print(pkt.layer_count)                  # 3
print(pkt.has_layer(LayerKind.Tcp))     # True
print(pkt.summary())                    # "Ethernet / IPv4 / TCP"
print(pkt.show())                       # detailed layer view

Read and write PCAP files

from stackforge import rdpcap, wrpcap, PcapReader, Ether, IP, TCP

# Write packets to a pcap file
packets = [
    Ether() / IP(dst="192.168.1.1") / TCP(dport=80, flags="S"),
    Ether() / IP(dst="10.0.0.1") / TCP(dport=443, flags="SA"),
]
wrpcap("capture.pcap", packets)

# Read all packets at once
packets = rdpcap("capture.pcap")
for pkt in packets:
    print(pkt.summary())

# Stream large pcap files
for pkt in PcapReader("large_capture.pcap"):
    print(pkt.summary())

Layer builders

from stackforge import Ether, IP, TCP, UDP, ARP, ICMP, Raw

# Ethernet
Ether(dst="aa:bb:cc:dd:ee:ff", src="11:22:33:44:55:66")

# IPv4
IP(src="10.0.0.1", dst="192.168.1.100", ttl=128)

# TCP with flags and ports
TCP(sport=12345, dport=443, flags="SA", seq=1000, ack=2000)

# UDP
UDP(sport=5000, dport=53)

# ARP
ARP(op="who-has", pdst="192.168.1.100")
ARP(op="is-at", pdst="192.168.1.100")

# ICMP
ICMP(type=8, code=0)                                  # generic
ICMP.echo_request(id=0x1234, seq=1)                    # echo request
ICMP.echo_reply(id=0xABCD, seq=42)                     # echo reply
ICMP.dest_unreach(code=3)                              # destination unreachable
ICMP.redirect(code=1, gateway="10.0.0.1")              # redirect
ICMP.time_exceeded(code=0)                             # TTL exceeded

# Raw payload
Raw(load=b"Hello")
Raw.from_hex("deadbeef")
Raw.zeros(10)
Raw.repeat(0x41, 5)                                    # b"AAAAA"
Raw.pattern(b"AB", 7)                                  # b"ABABABA"

Rust Crate

The core library is available as a standalone Rust crate:

[dependencies]
stackforge-core = "0.2"

Development

# Set up environment
uv sync

# Build Rust extension (required after Rust changes)
uv run maturin develop

# Run tests
uv run cargo test    # Rust tests (needs venv for scapy compat tests)
uv run pytest tests/python

# Lint and format
cargo fmt
cargo clippy
uv run ruff check .

Citing Stackforge

If you use Stackforge in academic research or published work, please cite it:

@software{stackforge,
  title = {Stackforge: High-Performance Packet Manipulation in Rust with Python Bindings},
  url = {https://github.com/LaBackDoor/stackforge},
  license = {GPL-3.0}
}

Or in plain text:

Stackforge: High-Performance Packet Manipulation in Rust with Python Bindings. https://github.com/LaBackDoor/stackforge

License

This project is licensed under the GNU General Public License v3.0 — see the LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for nise_roj from gravatar.com nise_roj

Unverified details

These details have not been verified by PyPI
Meta
  • License: GNU General Public License v3 (GPLv3) (GPL-3.0-only)
  • Tags networking , packets , scapy , security , rust
  • Requires: Python >=3.13
Classifiers

Release history Release notifications | RSS feed

0.7.3

0.7.2

0.7.1

0.6.7

0.6.6

0.6.5

0.6.3

0.6.2

0.6.1

0.6.0

0.5.0

0.4.0

This version

0.3.0

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stackforge-0.3.0.tar.gz (6.8 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

stackforge-0.3.0-cp313-cp313-manylinux_2_34_x86_64.whl (704.5 kB view details)

Uploaded CPython 3.13manylinux: glibc 2.34+ x86-64

File details

Details for the file stackforge-0.3.0.tar.gz.

File metadata

  • Download URL: stackforge-0.3.0.tar.gz
  • Upload date:
  • Size: 6.8 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for stackforge-0.3.0.tar.gz
Algorithm Hash digest
SHA256 2de48e9e8895c794eb31baa5f6082b80db7e717ab6a402fd747e22f92f1310a7
MD5 7cdee43ce13f07aed0b6e292076865d6
BLAKE2b-256 a528da2dc7f1d15818509ed1ae5a1a65a91dc5878b0b0d5c2923458b622b6f2c

See more details on using hashes here.

Provenance

The following attestation bundles were made for stackforge-0.3.0.tar.gz:

Publisher: release.yml on LaBackDoor/stackforge

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file stackforge-0.3.0-cp313-cp313-manylinux_2_34_x86_64.whl.

File metadata

File hashes

Hashes for stackforge-0.3.0-cp313-cp313-manylinux_2_34_x86_64.whl
Algorithm Hash digest
SHA256 cc8800258542084e290fabfe977a82393f6acf1c3442c332e2c5bbe348d2a98b
MD5 407c8de5a7c96a167864744db2ce3568
BLAKE2b-256 090e97673d9cc6505ed1037ee9c5d947591c2b61ad8c181ad77adcaafd6ce86a

See more details on using hashes here.

Provenance

The following attestation bundles were made for stackforge-0.3.0-cp313-cp313-manylinux_2_34_x86_64.whl:

Publisher: release.yml on LaBackDoor/stackforge

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page