PcapPlusPlus  20.08
PcapFilter.h
Go to the documentation of this file.
1 #ifndef PCAPP_FILTER
2 #define PCAPP_FILTER
3 
4 #include <string>
5 #include <vector>
6 #include <memory>
7 #include "ProtocolType.h"
8 #include <stdint.h>
9 #include "ArpLayer.h"
10 #include "RawPacket.h"
11 
12 //Forward Declaration - used in GeneralFilter
13 struct bpf_program;
14 
35 namespace pcpp
36 {
37  //Forward Declartation - used in GeneralFilter
38  class RawPacket;
39 
43  typedef enum
44  {
46  SRC,
48  DST,
51  } Direction;
52 
53 
57  typedef enum
58  {
72 
78  {
79  private:
80  const int SNAPLEN = 9000;
81  std::string m_FilterStr;
82  LinkLayerType m_LinkType;
83  bpf_program* m_Program;
84 
85  void freeProgram();
86 
87  public:
88 
93 
98 
106  bool setFilter(const std::string& filter, LinkLayerType linkType = LINKTYPE_ETHERNET);
107 
116  bool matchPacketWithFilter(const RawPacket* rawPacket);
117 
129  bool matchPacketWithFilter(const uint8_t* packetData, uint32_t packetDataLength, timespec packetTimestamp, uint16_t linkType);
130  };
131 
138  {
139  protected:
140  BpfFilterWrapper m_BpfWrapper;
141 
142  public:
147  virtual void parseToString(std::string& result) = 0;
148 
154  bool matchPacketWithFilter(RawPacket* rawPacket);
155 
156  GeneralFilter() {}
157 
161  virtual ~GeneralFilter() {}
162  };
163 
169  {
170  private:
171  const std::string m_FilterStr;
172 
173  public:
174  BPFStringFilter(const std::string& filterStr) : m_FilterStr(filterStr) {}
175 
176  virtual ~BPFStringFilter() {}
177 
183  virtual void parseToString(std::string& result);
184 
189  bool verifyFilter();
190  };
191 
192 
199  {
200  private:
201  Direction m_Dir;
202  protected:
203  void parseDirection(std::string& directionAsString);
204  Direction getDir() const { return m_Dir; }
205  IFilterWithDirection(Direction dir) { m_Dir = dir; }
206  public:
211  void setDirection(Direction dir) { m_Dir = dir; }
212  };
213 
214 
222  {
223  private:
224  FilterOperator m_Operator;
225  protected:
226  std::string parseOperator();
227  FilterOperator getOperator() const { return m_Operator; }
228  IFilterWithOperator(FilterOperator op) { m_Operator = op; }
229  public:
234  void setOperator(FilterOperator op) { m_Operator = op; }
235  };
236 
237 
238 
246  {
247  private:
248  std::string m_Address;
249  std::string m_IPv4Mask;
250  int m_Len;
251  void convertToIPAddressWithMask(std::string& ipAddrmodified, std::string& mask) const;
252  void convertToIPAddressWithLen(std::string& ipAddrmodified) const;
253  public:
260  IPFilter(const std::string& ipAddress, Direction dir) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(""), m_Len(0) {}
261 
271  IPFilter(const std::string& ipAddress, Direction dir, const std::string& ipv4Mask) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(ipv4Mask), m_Len(0) {}
272 
282  IPFilter(const std::string& ipAddress, Direction dir, int len) : IFilterWithDirection(dir), m_Address(ipAddress), m_IPv4Mask(""), m_Len(len) {}
283 
284  void parseToString(std::string& result);
285 
291  void setAddr(const std::string& ipAddress) { m_Address = ipAddress; }
292 
297  void setMask(const std::string& ipv4Mask) { m_IPv4Mask = ipv4Mask; m_Len = 0; }
298 
303  void setLen(int len) { m_IPv4Mask = ""; m_Len = len; }
304  };
305 
306 
307 
315  {
316  private:
317  uint16_t m_IpID;
318  public:
324  IPv4IDFilter(uint16_t ipID, FilterOperator op) : IFilterWithOperator(op), m_IpID(ipID) {}
325 
326  void parseToString(std::string& result);
327 
332  void setIpID(uint16_t ipID) { m_IpID = ipID; }
333  };
334 
335 
336 
344  {
345  private:
346  uint16_t m_TotalLength;
347  public:
353  IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op) : IFilterWithOperator(op), m_TotalLength(totalLength) {}
354 
355  void parseToString(std::string& result);
356 
361  void setTotalLength(uint16_t totalLength) { m_TotalLength = totalLength; }
362  };
363 
364 
365 
372  {
373  private:
374  std::string m_Port;
375  void portToString(uint16_t portAsInt);
376  public:
382  PortFilter(uint16_t port, Direction dir);
383 
384  void parseToString(std::string& result);
385 
390  void setPort(uint16_t port) { portToString(port); }
391  };
392 
393 
394 
402  {
403  private:
404  uint16_t m_FromPort;
405  uint16_t m_ToPort;
406  public:
413  PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir) : IFilterWithDirection(dir), m_FromPort(fromPort), m_ToPort(toPort) {}
414 
415  void parseToString(std::string& result);
416 
421  void setFromPort(uint16_t fromPort) { m_FromPort = fromPort; }
422 
427  void setToPort(uint16_t toPort) { m_ToPort = toPort; }
428  };
429 
430 
431 
438  {
439  private:
440  MacAddress m_MacAddress;
441  public:
447  MacAddressFilter(MacAddress address, Direction dir) : IFilterWithDirection(dir), m_MacAddress(address) {}
448 
449  void parseToString(std::string& result);
450 
455  void setMacAddress(MacAddress address) { m_MacAddress = address; }
456  };
457 
458 
459 
467  {
468  private:
469  uint16_t m_EtherType;
470  public:
475  EtherTypeFilter(uint16_t etherType) : m_EtherType(etherType) {}
476 
477  void parseToString(std::string& result);
478 
483  void setEtherType(uint16_t etherType) { m_EtherType = etherType; }
484  };
485 
486 
487 
496  class AndFilter : public GeneralFilter
497  {
498  private:
499  std::vector<GeneralFilter*> m_FilterList;
500  public:
501 
506 
511  AndFilter(std::vector<GeneralFilter*>& filters);
512 
517  void addFilter(GeneralFilter* filter) { m_FilterList.push_back(filter); }
518 
523  void setFilters(std::vector<GeneralFilter*>& filters);
524 
525  void parseToString(std::string& result);
526  };
527 
528 
529 
538  class OrFilter : public GeneralFilter
539  {
540  private:
541  std::vector<GeneralFilter*> m_FilterList;
542  public:
543 
547  OrFilter() {}
548 
553  OrFilter(std::vector<GeneralFilter*>& filters);
554 
559  void addFilter(GeneralFilter* filter) { m_FilterList.push_back(filter); }
560 
561  void parseToString(std::string& result);
562  };
563 
564 
565 
571  class NotFilter : public GeneralFilter
572  {
573  private:
574  GeneralFilter* m_FilterToInverse;
575  public:
580  NotFilter(GeneralFilter* filterToInverse) { m_FilterToInverse = filterToInverse; }
581 
582  void parseToString(std::string& result);
583 
588  void setFilter(GeneralFilter* filterToInverse) { m_FilterToInverse = filterToInverse; }
589  };
590 
591 
592 
600  class ProtoFilter : public GeneralFilter
601  {
602  private:
603  ProtocolType m_Proto;
604  public:
610  ProtoFilter(ProtocolType proto) { m_Proto = proto; }
611 
612  void parseToString(std::string& result);
613 
619  void setProto(ProtocolType proto) { m_Proto = proto; }
620  };
621 
622 
623 
630  class ArpFilter : public GeneralFilter
631  {
632  private:
633  ArpOpcode m_OpCode;
634  public:
639  ArpFilter(ArpOpcode opCode) { m_OpCode = opCode; }
640 
641  void parseToString(std::string& result);
642 
647  void setOpCode(ArpOpcode opCode) { m_OpCode = opCode; }
648  };
649 
650 
651 
658  class VlanFilter : public GeneralFilter
659  {
660  private:
661  uint16_t m_VlanID;
662  public:
667  VlanFilter(uint16_t vlanId) : m_VlanID(vlanId) {}
668 
669  void parseToString(std::string& result);
670 
675  void setVlanID(uint16_t vlanId) { m_VlanID = vlanId; }
676  };
677 
678 
679 
686  {
687  public:
691  enum TcpFlags
692  {
694  tcpFin = 1,
696  tcpSyn = 2,
698  tcpRst = 4,
700  tcpPush = 8,
702  tcpAck = 16,
704  tcpUrg = 32
705  };
706 
712  {
716  MatchOneAtLeast
717  };
718  private:
719  uint8_t m_TcpFlagsBitMask;
720  MatchOptions m_MatchOption;
721  public:
729  TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption) : m_TcpFlagsBitMask(tcpFlagBitMask), m_MatchOption(matchOption) {}
730 
737  void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption) { m_TcpFlagsBitMask = tcpFlagBitMask; m_MatchOption = matchOption; }
738 
739  void parseToString(std::string& result);
740  };
741 
742 
743 
750  {
751  private:
752  uint16_t m_WindowSize;
753  public:
760  TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op) : IFilterWithOperator(op), m_WindowSize(windowSize) {}
761 
762  void parseToString(std::string& result);
763 
768  void setWindowSize(uint16_t windowSize) { m_WindowSize = windowSize; }
769  };
770 
771 
772 
779  {
780  private:
781  uint16_t m_Length;
782  public:
789  UdpLengthFilter(uint16_t legnth, FilterOperator op) : IFilterWithOperator(op), m_Length(legnth) {}
790 
791  void parseToString(std::string& result);
792 
797  void setLength(uint16_t legnth) { m_Length = legnth; }
798  };
799 
800 } // namespace pcpp
801 
802 #endif
The main namespace for the PcapPlusPlus lib.
MacAddressFilter(MacAddress address, Direction dir)
Definition: PcapFilter.h:447
Definition: PcapFilter.h:48
TcpFlags
Definition: PcapFilter.h:691
Definition: PcapFilter.h:630
Definition: PcapFilter.h:600
void setMask(const std::string &ipv4Mask)
Definition: PcapFilter.h:297
void setToPort(uint16_t toPort)
Definition: PcapFilter.h:427
void setMacAddress(MacAddress address)
Definition: PcapFilter.h:455
void setVlanID(uint16_t vlanId)
Definition: PcapFilter.h:675
Definition: PcapFilter.h:401
Definition: RawPacket.h:30
Definition: PcapFilter.h:343
AndFilter()
Definition: PcapFilter.h:505
void setAddr(const std::string &ipAddress)
Definition: PcapFilter.h:291
void setEtherType(uint16_t etherType)
Definition: PcapFilter.h:483
MatchOptions
Definition: PcapFilter.h:711
Definition: PcapFilter.h:137
void setFromPort(uint16_t fromPort)
Definition: PcapFilter.h:421
Definition: RawPacket.h:252
IPFilter(const std::string &ipAddress, Direction dir, int len)
Definition: PcapFilter.h:282
Definition: PcapFilter.h:50
TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption)
Definition: PcapFilter.h:729
void setOperator(FilterOperator op)
Definition: PcapFilter.h:234
virtual ~GeneralFilter()
Definition: PcapFilter.h:161
ArpOpcode
Definition: ArpLayer.h:47
void setProto(ProtocolType proto)
Definition: PcapFilter.h:619
ProtoFilter(ProtocolType proto)
Definition: PcapFilter.h:610
Definition: PcapFilter.h:466
Definition: PcapFilter.h:64
void setIpID(uint16_t ipID)
Definition: PcapFilter.h:332
Definition: PcapFilter.h:198
FilterOperator
Definition: PcapFilter.h:57
void setLength(uint16_t legnth)
Definition: PcapFilter.h:797
Definition: PcapFilter.h:437
uint64_t ProtocolType
Definition: ProtocolType.h:18
void setFilter(GeneralFilter *filterToInverse)
Definition: PcapFilter.h:588
Definition: PcapFilter.h:685
VlanFilter(uint16_t vlanId)
Definition: PcapFilter.h:667
NotFilter(GeneralFilter *filterToInverse)
Definition: PcapFilter.h:580
bool matchPacketWithFilter(const RawPacket *rawPacket)
Direction
Definition: PcapFilter.h:43
Definition: PcapFilter.h:77
Definition: PcapFilter.h:571
IPv4IDFilter(uint16_t ipID, FilterOperator op)
Definition: PcapFilter.h:324
Definition: PcapFilter.h:749
IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op)
Definition: PcapFilter.h:353
void setDirection(Direction dir)
Definition: PcapFilter.h:211
LinkLayerType
Definition: RawPacket.h:25
Definition: PcapFilter.h:221
void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption)
Definition: PcapFilter.h:737
TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op)
Definition: PcapFilter.h:760
void setTotalLength(uint16_t totalLength)
Definition: PcapFilter.h:361
Definition: PcapFilter.h:68
OrFilter()
Definition: PcapFilter.h:547
Definition: PcapFilter.h:371
ArpFilter(ArpOpcode opCode)
Definition: PcapFilter.h:639
void setWindowSize(uint16_t windowSize)
Definition: PcapFilter.h:768
Definition: PcapFilter.h:46
void setOpCode(ArpOpcode opCode)
Definition: PcapFilter.h:647
EtherTypeFilter(uint16_t etherType)
Definition: PcapFilter.h:475
void addFilter(GeneralFilter *filter)
Definition: PcapFilter.h:559
IPFilter(const std::string &ipAddress, Direction dir, const std::string &ipv4Mask)
Definition: PcapFilter.h:271
void addFilter(GeneralFilter *filter)
Definition: PcapFilter.h:517
Definition: PcapFilter.h:658
Definition: PcapFilter.h:60
PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir)
Definition: PcapFilter.h:413
Definition: PcapFilter.h:168
void setLen(int len)
Definition: PcapFilter.h:303
Definition: PcapFilter.h:714
Definition: PcapFilter.h:314
Definition: PcapFilter.h:62
IPFilter(const std::string &ipAddress, Direction dir)
Definition: PcapFilter.h:260
Definition: PcapFilter.h:245
Definition: PcapFilter.h:538
Definition: PcapFilter.h:66
Definition: PcapFilter.h:778
void setPort(uint16_t port)
Definition: PcapFilter.h:390
Definition: PcapFilter.h:496
Definition: MacAddress.h:27
Definition: PcapFilter.h:70
UdpLengthFilter(uint16_t legnth, FilterOperator op)
Definition: PcapFilter.h:789
bool setFilter(const std::string &filter, LinkLayerType linkType=LINKTYPE_ETHERNET)