Interesting - I hadn't seen libpnet before. I was recently working on an experiemental project doing deep packet inspection in Rust using libpcap, which doesn't have very mature Rust bindings yet - the basics work, but it's a bit rough around the edges. libpnet looks like it has a much nicer Rust interface, and does some more things for you as compared to libpcap, which gives and takes &[u8]s and nothing else.
However, libpnet doesn't have two very useful things, as far as I can see: Reading/writing packet capture files, and the ability to use BPF filters. The first in this case might be useful mainly for testing, but the latter seems like it might simplify a fair amount of their code.
I was just thinking about writing a minimal traffic-analyzer and libpnet looks way more suitable for this task than libpcap.
And adding the functionality for a pcap like fileformat doesn't seem that difficult.
The filters are a major pain point, I don't know how libpcap handles this, but at least it says it won't copy packets from kernel- to userspace that are not matching. Thus avoiding alot of overhead, maybe it's possible to introduce some rusty kind of filtering in libpnet, too.
Going to log into Github now and see if I can do something.
As a very recent libpnet contributor, packet filters are on my personal wishlist. That said, I don't use them in my current project that uses libpnet, so they're definitely in the backlog, although they shouldn't be too difficult to implement.
As for reading and writing pcap files, I just use the pcap crate and use a common buffer. It's a little clumsy but it does work.
However, libpnet doesn't have two very useful things, as far as I can see: Reading/writing packet capture files, and the ability to use BPF filters. The first in this case might be useful mainly for testing, but the latter seems like it might simplify a fair amount of their code.