PcapPlusPlus  21.05+
PcapFilter.h
Go to the documentation of this file.
1 #ifndef PCAPP_FILTER
2 #define PCAPP_FILTER
3 
4 #include <string>
5 #include <vector>
6 #include <memory>
7 #include "ProtocolType.h"
8 #include <stdint.h>
9 #include "ArpLayer.h"
10 #include "RawPacket.h"
11 
12 //Forward Declaration - used in GeneralFilter
13 struct bpf_program;
14 
35 namespace pcpp
36 {
37  //Forward Declartation - used in GeneralFilter
38  class RawPacket;
39 
43  typedef enum
44  {
46  SRC,
48  DST,
51  } Direction;
52 
53 
57  typedef enum
58  {
72 
78  {
79  private:
80  std::string m_FilterStr;
81  LinkLayerType m_LinkType;
82  bpf_program* m_Program;
83 
84  void freeProgram();
85 
86  public:
87 
92 
97 
105  bool setFilter(const std::string& filter, LinkLayerType linkType = LINKTYPE_ETHERNET);
106 
115  bool matchPacketWithFilter(const RawPacket* rawPacket);
116 
128  bool matchPacketWithFilter(const uint8_t* packetData, uint32_t packetDataLength, timespec packetTimestamp, uint16_t linkType);
129  };
130 
137  {
138  protected:
139  BpfFilterWrapper m_BpfWrapper;
140 
141  public:
147  virtual void parseToString(std::string& result) = 0;
148 
154  bool matchPacketWithFilter(RawPacket* rawPacket);
155 
156  GeneralFilter() {}
157 
161  virtual ~GeneralFilter() {}
162  };
163 
169  {
170  private:
171  const std::string m_FilterStr;
172 
173  public:
174  BPFStringFilter(const std::string& filterStr) : m_FilterStr(filterStr) {}
175 
176  virtual ~BPFStringFilter() {}
177 
184  virtual void parseToString(std::string& result);
185 
190  bool verifyFilter();
191  };
192 
193 
200  {
201  private:
202  Direction m_Dir;
203  protected:
204  void parseDirection(std::string& directionAsString);
205  Direction getDir() const { return m_Dir; }
206  IFilterWithDirection(Direction dir) { m_Dir = dir; }
207  public:
212  void setDirection(Direction dir) { m_Dir = dir; }
213  };
214 
215 
223  {
224  private:
225  FilterOperator m_Operator;
226  protected:
227  std::string parseOperator();
228  FilterOperator getOperator() const { return m_Operator; }
229  IFilterWithOperator(FilterOperator op) { m_Operator = op; }
230  public:
235  void setOperator(FilterOperator op) { m_Operator = op; }
236  };
237 
238 
239 
247  {
248  private:
249  std::string m_Address;
250  std::string m_IPv4Mask;
251  int m_Len;
252  void convertToIPAddressWithMask(std::string& ipAddrmodified, std::string& mask) const;
253  void convertToIPAddressWithLen(std::string& ipAddrmodified) const;
254  public:
261  IPFilter(const std::string& ipAddress, Direction dir) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(""), m_Len(0) {}
262 
272  IPFilter(const std::string& ipAddress, Direction dir, const std::string& ipv4Mask) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(ipv4Mask), m_Len(0) {}
273 
283  IPFilter(const std::string& ipAddress, Direction dir, int len) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(""), m_Len(len) {}
284 
285  void parseToString(std::string& result);
286 
292  void setAddr(const std::string& ipAddress) { m_Address = ipAddress; }
293 
298  void setMask(const std::string& ipv4Mask) { m_IPv4Mask = ipv4Mask; m_Len = 0; }
299 
304  void setLen(int len) { m_IPv4Mask = ""; m_Len = len; }
305  };
306 
307 
308 
316  {
317  private:
318  uint16_t m_IpID;
319  public:
325  IPv4IDFilter(uint16_t ipID, FilterOperator op) : IFilterWithOperator(op), m_IpID(ipID) {}
326 
327  void parseToString(std::string& result);
328 
333  void setIpID(uint16_t ipID) { m_IpID = ipID; }
334  };
335 
336 
337 
345  {
346  private:
347  uint16_t m_TotalLength;
348  public:
354  IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op) : IFilterWithOperator(op), m_TotalLength(totalLength) {}
355 
356  void parseToString(std::string& result);
357 
362  void setTotalLength(uint16_t totalLength) { m_TotalLength = totalLength; }
363  };
364 
365 
366 
373  {
374  private:
375  std::string m_Port;
376  void portToString(uint16_t portAsInt);
377  public:
383  PortFilter(uint16_t port, Direction dir);
384 
385  void parseToString(std::string& result);
386 
391  void setPort(uint16_t port) { portToString(port); }
392  };
393 
394 
395 
403  {
404  private:
405  uint16_t m_FromPort;
406  uint16_t m_ToPort;
407  public:
414  PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir) : IFilterWithDirection(dir), m_FromPort(fromPort), m_ToPort(toPort) {}
415 
416  void parseToString(std::string& result);
417 
422  void setFromPort(uint16_t fromPort) { m_FromPort = fromPort; }
423 
428  void setToPort(uint16_t toPort) { m_ToPort = toPort; }
429  };
430 
431 
432 
439  {
440  private:
441  MacAddress m_MacAddress;
442  public:
448  MacAddressFilter(MacAddress address, Direction dir) : IFilterWithDirection(dir), m_MacAddress(address) {}
449 
450  void parseToString(std::string& result);
451 
456  void setMacAddress(MacAddress address) { m_MacAddress = address; }
457  };
458 
459 
460 
468  {
469  private:
470  uint16_t m_EtherType;
471  public:
476  EtherTypeFilter(uint16_t etherType) : m_EtherType(etherType) {}
477 
478  void parseToString(std::string& result);
479 
484  void setEtherType(uint16_t etherType) { m_EtherType = etherType; }
485  };
486 
487 
488 
497  class AndFilter : public GeneralFilter
498  {
499  private:
500  std::vector<GeneralFilter*> m_FilterList;
501  public:
502 
507 
512  AndFilter(std::vector<GeneralFilter*>& filters);
513 
518  void addFilter(GeneralFilter* filter) { m_FilterList.push_back(filter); }
519 
524  void setFilters(std::vector<GeneralFilter*>& filters);
525 
526  void parseToString(std::string& result);
527  };
528 
529 
530 
539  class OrFilter : public GeneralFilter
540  {
541  private:
542  std::vector<GeneralFilter*> m_FilterList;
543  public:
544 
548  OrFilter() {}
549 
554  OrFilter(std::vector<GeneralFilter*>& filters);
555 
560  void addFilter(GeneralFilter* filter) { m_FilterList.push_back(filter); }
561 
562  void parseToString(std::string& result);
563  };
564 
565 
566 
572  class NotFilter : public GeneralFilter
573  {
574  private:
575  GeneralFilter* m_FilterToInverse;
576  public:
581  NotFilter(GeneralFilter* filterToInverse) { m_FilterToInverse = filterToInverse; }
582 
583  void parseToString(std::string& result);
584 
589  void setFilter(GeneralFilter* filterToInverse) { m_FilterToInverse = filterToInverse; }
590  };
591 
592 
593 
601  class ProtoFilter : public GeneralFilter
602  {
603  private:
604  ProtocolType m_Proto;
605  public:
611  ProtoFilter(ProtocolType proto) { m_Proto = proto; }
612 
613  void parseToString(std::string& result);
614 
620  void setProto(ProtocolType proto) { m_Proto = proto; }
621  };
622 
623 
624 
631  class ArpFilter : public GeneralFilter
632  {
633  private:
634  ArpOpcode m_OpCode;
635  public:
640  ArpFilter(ArpOpcode opCode) { m_OpCode = opCode; }
641 
642  void parseToString(std::string& result);
643 
648  void setOpCode(ArpOpcode opCode) { m_OpCode = opCode; }
649  };
650 
651 
652 
659  class VlanFilter : public GeneralFilter
660  {
661  private:
662  uint16_t m_VlanID;
663  public:
668  VlanFilter(uint16_t vlanId) : m_VlanID(vlanId) {}
669 
670  void parseToString(std::string& result);
671 
676  void setVlanID(uint16_t vlanId) { m_VlanID = vlanId; }
677  };
678 
679 
680 
687  {
688  public:
692  enum TcpFlags
693  {
695  tcpFin = 1,
697  tcpSyn = 2,
699  tcpRst = 4,
701  tcpPush = 8,
703  tcpAck = 16,
705  tcpUrg = 32
706  };
707 
713  {
717  MatchOneAtLeast
718  };
719  private:
720  uint8_t m_TcpFlagsBitMask;
721  MatchOptions m_MatchOption;
722  public:
730  TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption) : m_TcpFlagsBitMask(tcpFlagBitMask), m_MatchOption(matchOption) {}
731 
738  void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption) { m_TcpFlagsBitMask = tcpFlagBitMask; m_MatchOption = matchOption; }
739 
740  void parseToString(std::string& result);
741  };
742 
743 
744 
751  {
752  private:
753  uint16_t m_WindowSize;
754  public:
761  TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op) : IFilterWithOperator(op), m_WindowSize(windowSize) {}
762 
763  void parseToString(std::string& result);
764 
769  void setWindowSize(uint16_t windowSize) { m_WindowSize = windowSize; }
770  };
771 
772 
773 
780  {
781  private:
782  uint16_t m_Length;
783  public:
790  UdpLengthFilter(uint16_t legnth, FilterOperator op) : IFilterWithOperator(op), m_Length(legnth) {}
791 
792  void parseToString(std::string& result);
793 
798  void setLength(uint16_t legnth) { m_Length = legnth; }
799  };
800 
801 } // namespace pcpp
802 
803 #endif
The main namespace for the PcapPlusPlus lib.
MacAddressFilter(MacAddress address, Direction dir)
Definition: PcapFilter.h:448
Definition: PcapFilter.h:48
TcpFlags
Definition: PcapFilter.h:692
Definition: PcapFilter.h:631
Definition: PcapFilter.h:601
void setMask(const std::string &ipv4Mask)
Definition: PcapFilter.h:298
void setToPort(uint16_t toPort)
Definition: PcapFilter.h:428
void setMacAddress(MacAddress address)
Definition: PcapFilter.h:456
void setVlanID(uint16_t vlanId)
Definition: PcapFilter.h:676
Definition: PcapFilter.h:402
Definition: RawPacket.h:30
Definition: PcapFilter.h:344
AndFilter()
Definition: PcapFilter.h:506
void setAddr(const std::string &ipAddress)
Definition: PcapFilter.h:292
void setEtherType(uint16_t etherType)
Definition: PcapFilter.h:484
MatchOptions
Definition: PcapFilter.h:712
Definition: PcapFilter.h:136
void setFromPort(uint16_t fromPort)
Definition: PcapFilter.h:422
Definition: RawPacket.h:252
IPFilter(const std::string &ipAddress, Direction dir, int len)
Definition: PcapFilter.h:283
Definition: PcapFilter.h:50
TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption)
Definition: PcapFilter.h:730
void setOperator(FilterOperator op)
Definition: PcapFilter.h:235
virtual ~GeneralFilter()
Definition: PcapFilter.h:161
ArpOpcode
Definition: ArpLayer.h:48
void setProto(ProtocolType proto)
Definition: PcapFilter.h:620
ProtoFilter(ProtocolType proto)
Definition: PcapFilter.h:611
Definition: PcapFilter.h:467
Definition: PcapFilter.h:64
void setIpID(uint16_t ipID)
Definition: PcapFilter.h:333
Definition: PcapFilter.h:199
FilterOperator
Definition: PcapFilter.h:57
void setLength(uint16_t legnth)
Definition: PcapFilter.h:798
Definition: PcapFilter.h:438
uint64_t ProtocolType
Definition: ProtocolType.h:18
void setFilter(GeneralFilter *filterToInverse)
Definition: PcapFilter.h:589
Definition: PcapFilter.h:686
VlanFilter(uint16_t vlanId)
Definition: PcapFilter.h:668
NotFilter(GeneralFilter *filterToInverse)
Definition: PcapFilter.h:581
bool matchPacketWithFilter(const RawPacket *rawPacket)
Direction
Definition: PcapFilter.h:43
Definition: PcapFilter.h:77
Definition: PcapFilter.h:572
IPv4IDFilter(uint16_t ipID, FilterOperator op)
Definition: PcapFilter.h:325
Definition: PcapFilter.h:750
IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op)
Definition: PcapFilter.h:354
void setDirection(Direction dir)
Definition: PcapFilter.h:212
LinkLayerType
Definition: RawPacket.h:25
Definition: PcapFilter.h:222
void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption)
Definition: PcapFilter.h:738
TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op)
Definition: PcapFilter.h:761
void setTotalLength(uint16_t totalLength)
Definition: PcapFilter.h:362
Definition: PcapFilter.h:68
OrFilter()
Definition: PcapFilter.h:548
Definition: PcapFilter.h:372
ArpFilter(ArpOpcode opCode)
Definition: PcapFilter.h:640
void setWindowSize(uint16_t windowSize)
Definition: PcapFilter.h:769
Definition: PcapFilter.h:46
void setOpCode(ArpOpcode opCode)
Definition: PcapFilter.h:648
EtherTypeFilter(uint16_t etherType)
Definition: PcapFilter.h:476
void addFilter(GeneralFilter *filter)
Definition: PcapFilter.h:560
IPFilter(const std::string &ipAddress, Direction dir, const std::string &ipv4Mask)
Definition: PcapFilter.h:272
void addFilter(GeneralFilter *filter)
Definition: PcapFilter.h:518
Definition: PcapFilter.h:659
Definition: PcapFilter.h:60
PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir)
Definition: PcapFilter.h:414
Definition: PcapFilter.h:168
void setLen(int len)
Definition: PcapFilter.h:304
Definition: PcapFilter.h:715
Definition: PcapFilter.h:315
Definition: PcapFilter.h:62
IPFilter(const std::string &ipAddress, Direction dir)
Definition: PcapFilter.h:261
Definition: PcapFilter.h:246
Definition: PcapFilter.h:539
Definition: PcapFilter.h:66
Definition: PcapFilter.h:779
void setPort(uint16_t port)
Definition: PcapFilter.h:391
Definition: PcapFilter.h:497
Definition: MacAddress.h:28
Definition: PcapFilter.h:70
UdpLengthFilter(uint16_t legnth, FilterOperator op)
Definition: PcapFilter.h:790
bool setFilter(const std::string &filter, LinkLayerType linkType=LINKTYPE_ETHERNET)