PcapPlusPlus  20.08+
PcapFilter.h
Go to the documentation of this file.
1 #ifndef PCAPP_FILTER
2 #define PCAPP_FILTER
3 
4 #include <string>
5 #include <vector>
6 #include <memory>
7 #include "ProtocolType.h"
8 #include <stdint.h>
9 #include "ArpLayer.h"
10 #include "RawPacket.h"
11 
12 //Forward Declaration - used in GeneralFilter
13 struct bpf_program;
14 
35 namespace pcpp
36 {
37  //Forward Declartation - used in GeneralFilter
38  class RawPacket;
39 
43  typedef enum
44  {
46  SRC,
48  DST,
51  } Direction;
52 
53 
57  typedef enum
58  {
72 
78  {
79  private:
80  std::string m_FilterStr;
81  LinkLayerType m_LinkType;
82  bpf_program* m_Program;
83 
84  void freeProgram();
85 
86  public:
87 
92 
97 
105  bool setFilter(const std::string& filter, LinkLayerType linkType = LINKTYPE_ETHERNET);
106 
115  bool matchPacketWithFilter(const RawPacket* rawPacket);
116 
128  bool matchPacketWithFilter(const uint8_t* packetData, uint32_t packetDataLength, timespec packetTimestamp, uint16_t linkType);
129  };
130 
137  {
138  protected:
139  BpfFilterWrapper m_BpfWrapper;
140 
141  public:
146  virtual void parseToString(std::string& result) = 0;
147 
153  bool matchPacketWithFilter(RawPacket* rawPacket);
154 
155  GeneralFilter() {}
156 
160  virtual ~GeneralFilter() {}
161  };
162 
168  {
169  private:
170  const std::string m_FilterStr;
171 
172  public:
173  BPFStringFilter(const std::string& filterStr) : m_FilterStr(filterStr) {}
174 
175  virtual ~BPFStringFilter() {}
176 
182  virtual void parseToString(std::string& result);
183 
188  bool verifyFilter();
189  };
190 
191 
198  {
199  private:
200  Direction m_Dir;
201  protected:
202  void parseDirection(std::string& directionAsString);
203  Direction getDir() const { return m_Dir; }
204  IFilterWithDirection(Direction dir) { m_Dir = dir; }
205  public:
210  void setDirection(Direction dir) { m_Dir = dir; }
211  };
212 
213 
221  {
222  private:
223  FilterOperator m_Operator;
224  protected:
225  std::string parseOperator();
226  FilterOperator getOperator() const { return m_Operator; }
227  IFilterWithOperator(FilterOperator op) { m_Operator = op; }
228  public:
233  void setOperator(FilterOperator op) { m_Operator = op; }
234  };
235 
236 
237 
245  {
246  private:
247  std::string m_Address;
248  std::string m_IPv4Mask;
249  int m_Len;
250  void convertToIPAddressWithMask(std::string& ipAddrmodified, std::string& mask) const;
251  void convertToIPAddressWithLen(std::string& ipAddrmodified) const;
252  public:
259  IPFilter(const std::string& ipAddress, Direction dir) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(""), m_Len(0) {}
260 
270  IPFilter(const std::string& ipAddress, Direction dir, const std::string& ipv4Mask) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(ipv4Mask), m_Len(0) {}
271 
281  IPFilter(const std::string& ipAddress, Direction dir, int len) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(""), m_Len(len) {}
282 
283  void parseToString(std::string& result);
284 
290  void setAddr(const std::string& ipAddress) { m_Address = ipAddress; }
291 
296  void setMask(const std::string& ipv4Mask) { m_IPv4Mask = ipv4Mask; m_Len = 0; }
297 
302  void setLen(int len) { m_IPv4Mask = ""; m_Len = len; }
303  };
304 
305 
306 
314  {
315  private:
316  uint16_t m_IpID;
317  public:
323  IPv4IDFilter(uint16_t ipID, FilterOperator op) : IFilterWithOperator(op), m_IpID(ipID) {}
324 
325  void parseToString(std::string& result);
326 
331  void setIpID(uint16_t ipID) { m_IpID = ipID; }
332  };
333 
334 
335 
343  {
344  private:
345  uint16_t m_TotalLength;
346  public:
352  IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op) : IFilterWithOperator(op), m_TotalLength(totalLength) {}
353 
354  void parseToString(std::string& result);
355 
360  void setTotalLength(uint16_t totalLength) { m_TotalLength = totalLength; }
361  };
362 
363 
364 
371  {
372  private:
373  std::string m_Port;
374  void portToString(uint16_t portAsInt);
375  public:
381  PortFilter(uint16_t port, Direction dir);
382 
383  void parseToString(std::string& result);
384 
389  void setPort(uint16_t port) { portToString(port); }
390  };
391 
392 
393 
401  {
402  private:
403  uint16_t m_FromPort;
404  uint16_t m_ToPort;
405  public:
412  PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir) : IFilterWithDirection(dir), m_FromPort(fromPort), m_ToPort(toPort) {}
413 
414  void parseToString(std::string& result);
415 
420  void setFromPort(uint16_t fromPort) { m_FromPort = fromPort; }
421 
426  void setToPort(uint16_t toPort) { m_ToPort = toPort; }
427  };
428 
429 
430 
437  {
438  private:
439  MacAddress m_MacAddress;
440  public:
446  MacAddressFilter(MacAddress address, Direction dir) : IFilterWithDirection(dir), m_MacAddress(address) {}
447 
448  void parseToString(std::string& result);
449 
454  void setMacAddress(MacAddress address) { m_MacAddress = address; }
455  };
456 
457 
458 
466  {
467  private:
468  uint16_t m_EtherType;
469  public:
474  EtherTypeFilter(uint16_t etherType) : m_EtherType(etherType) {}
475 
476  void parseToString(std::string& result);
477 
482  void setEtherType(uint16_t etherType) { m_EtherType = etherType; }
483  };
484 
485 
486 
495  class AndFilter : public GeneralFilter
496  {
497  private:
498  std::vector<GeneralFilter*> m_FilterList;
499  public:
500 
505 
510  AndFilter(std::vector<GeneralFilter*>& filters);
511 
516  void addFilter(GeneralFilter* filter) { m_FilterList.push_back(filter); }
517 
522  void setFilters(std::vector<GeneralFilter*>& filters);
523 
524  void parseToString(std::string& result);
525  };
526 
527 
528 
537  class OrFilter : public GeneralFilter
538  {
539  private:
540  std::vector<GeneralFilter*> m_FilterList;
541  public:
542 
546  OrFilter() {}
547 
552  OrFilter(std::vector<GeneralFilter*>& filters);
553 
558  void addFilter(GeneralFilter* filter) { m_FilterList.push_back(filter); }
559 
560  void parseToString(std::string& result);
561  };
562 
563 
564 
570  class NotFilter : public GeneralFilter
571  {
572  private:
573  GeneralFilter* m_FilterToInverse;
574  public:
579  NotFilter(GeneralFilter* filterToInverse) { m_FilterToInverse = filterToInverse; }
580 
581  void parseToString(std::string& result);
582 
587  void setFilter(GeneralFilter* filterToInverse) { m_FilterToInverse = filterToInverse; }
588  };
589 
590 
591 
599  class ProtoFilter : public GeneralFilter
600  {
601  private:
602  ProtocolType m_Proto;
603  public:
609  ProtoFilter(ProtocolType proto) { m_Proto = proto; }
610 
611  void parseToString(std::string& result);
612 
618  void setProto(ProtocolType proto) { m_Proto = proto; }
619  };
620 
621 
622 
629  class ArpFilter : public GeneralFilter
630  {
631  private:
632  ArpOpcode m_OpCode;
633  public:
638  ArpFilter(ArpOpcode opCode) { m_OpCode = opCode; }
639 
640  void parseToString(std::string& result);
641 
646  void setOpCode(ArpOpcode opCode) { m_OpCode = opCode; }
647  };
648 
649 
650 
657  class VlanFilter : public GeneralFilter
658  {
659  private:
660  uint16_t m_VlanID;
661  public:
666  VlanFilter(uint16_t vlanId) : m_VlanID(vlanId) {}
667 
668  void parseToString(std::string& result);
669 
674  void setVlanID(uint16_t vlanId) { m_VlanID = vlanId; }
675  };
676 
677 
678 
685  {
686  public:
690  enum TcpFlags
691  {
693  tcpFin = 1,
695  tcpSyn = 2,
697  tcpRst = 4,
699  tcpPush = 8,
701  tcpAck = 16,
703  tcpUrg = 32
704  };
705 
711  {
715  MatchOneAtLeast
716  };
717  private:
718  uint8_t m_TcpFlagsBitMask;
719  MatchOptions m_MatchOption;
720  public:
728  TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption) : m_TcpFlagsBitMask(tcpFlagBitMask), m_MatchOption(matchOption) {}
729 
736  void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption) { m_TcpFlagsBitMask = tcpFlagBitMask; m_MatchOption = matchOption; }
737 
738  void parseToString(std::string& result);
739  };
740 
741 
742 
749  {
750  private:
751  uint16_t m_WindowSize;
752  public:
759  TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op) : IFilterWithOperator(op), m_WindowSize(windowSize) {}
760 
761  void parseToString(std::string& result);
762 
767  void setWindowSize(uint16_t windowSize) { m_WindowSize = windowSize; }
768  };
769 
770 
771 
778  {
779  private:
780  uint16_t m_Length;
781  public:
788  UdpLengthFilter(uint16_t legnth, FilterOperator op) : IFilterWithOperator(op), m_Length(legnth) {}
789 
790  void parseToString(std::string& result);
791 
796  void setLength(uint16_t legnth) { m_Length = legnth; }
797  };
798 
799 } // namespace pcpp
800 
801 #endif
The main namespace for the PcapPlusPlus lib.
MacAddressFilter(MacAddress address, Direction dir)
Definition: PcapFilter.h:446
Definition: PcapFilter.h:48
TcpFlags
Definition: PcapFilter.h:690
Definition: PcapFilter.h:629
Definition: PcapFilter.h:599
void setMask(const std::string &ipv4Mask)
Definition: PcapFilter.h:296
void setToPort(uint16_t toPort)
Definition: PcapFilter.h:426
void setMacAddress(MacAddress address)
Definition: PcapFilter.h:454
void setVlanID(uint16_t vlanId)
Definition: PcapFilter.h:674
Definition: PcapFilter.h:400
Definition: RawPacket.h:30
Definition: PcapFilter.h:342
AndFilter()
Definition: PcapFilter.h:504
void setAddr(const std::string &ipAddress)
Definition: PcapFilter.h:290
void setEtherType(uint16_t etherType)
Definition: PcapFilter.h:482
MatchOptions
Definition: PcapFilter.h:710
Definition: PcapFilter.h:136
void setFromPort(uint16_t fromPort)
Definition: PcapFilter.h:420
Definition: RawPacket.h:252
IPFilter(const std::string &ipAddress, Direction dir, int len)
Definition: PcapFilter.h:281
Definition: PcapFilter.h:50
TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption)
Definition: PcapFilter.h:728
void setOperator(FilterOperator op)
Definition: PcapFilter.h:233
virtual ~GeneralFilter()
Definition: PcapFilter.h:160
ArpOpcode
Definition: ArpLayer.h:47
void setProto(ProtocolType proto)
Definition: PcapFilter.h:618
ProtoFilter(ProtocolType proto)
Definition: PcapFilter.h:609
Definition: PcapFilter.h:465
Definition: PcapFilter.h:64
void setIpID(uint16_t ipID)
Definition: PcapFilter.h:331
Definition: PcapFilter.h:197
FilterOperator
Definition: PcapFilter.h:57
void setLength(uint16_t legnth)
Definition: PcapFilter.h:796
Definition: PcapFilter.h:436
uint64_t ProtocolType
Definition: ProtocolType.h:18
void setFilter(GeneralFilter *filterToInverse)
Definition: PcapFilter.h:587
Definition: PcapFilter.h:684
VlanFilter(uint16_t vlanId)
Definition: PcapFilter.h:666
NotFilter(GeneralFilter *filterToInverse)
Definition: PcapFilter.h:579
bool matchPacketWithFilter(const RawPacket *rawPacket)
Direction
Definition: PcapFilter.h:43
Definition: PcapFilter.h:77
Definition: PcapFilter.h:570
IPv4IDFilter(uint16_t ipID, FilterOperator op)
Definition: PcapFilter.h:323
Definition: PcapFilter.h:748
IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op)
Definition: PcapFilter.h:352
void setDirection(Direction dir)
Definition: PcapFilter.h:210
LinkLayerType
Definition: RawPacket.h:25
Definition: PcapFilter.h:220
void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption)
Definition: PcapFilter.h:736
TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op)
Definition: PcapFilter.h:759
void setTotalLength(uint16_t totalLength)
Definition: PcapFilter.h:360
Definition: PcapFilter.h:68
OrFilter()
Definition: PcapFilter.h:546
Definition: PcapFilter.h:370
ArpFilter(ArpOpcode opCode)
Definition: PcapFilter.h:638
void setWindowSize(uint16_t windowSize)
Definition: PcapFilter.h:767
Definition: PcapFilter.h:46
void setOpCode(ArpOpcode opCode)
Definition: PcapFilter.h:646
EtherTypeFilter(uint16_t etherType)
Definition: PcapFilter.h:474
void addFilter(GeneralFilter *filter)
Definition: PcapFilter.h:558
IPFilter(const std::string &ipAddress, Direction dir, const std::string &ipv4Mask)
Definition: PcapFilter.h:270
void addFilter(GeneralFilter *filter)
Definition: PcapFilter.h:516
Definition: PcapFilter.h:657
Definition: PcapFilter.h:60
PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir)
Definition: PcapFilter.h:412
Definition: PcapFilter.h:167
void setLen(int len)
Definition: PcapFilter.h:302
Definition: PcapFilter.h:713
Definition: PcapFilter.h:313
Definition: PcapFilter.h:62
IPFilter(const std::string &ipAddress, Direction dir)
Definition: PcapFilter.h:259
Definition: PcapFilter.h:244
Definition: PcapFilter.h:537
Definition: PcapFilter.h:66
Definition: PcapFilter.h:777
void setPort(uint16_t port)
Definition: PcapFilter.h:389
Definition: PcapFilter.h:495
Definition: MacAddress.h:27
Definition: PcapFilter.h:70
UdpLengthFilter(uint16_t legnth, FilterOperator op)
Definition: PcapFilter.h:788
bool setFilter(const std::string &filter, LinkLayerType linkType=LINKTYPE_ETHERNET)