PcapPlusPlus  Next
NflogLayer.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Layer.h"
4 #include "TLVData.h"
5 #include "GeneralUtils.h"
6 
8 
11 namespace pcpp
12 {
15 #pragma pack(push, 1)
16  struct nflog_header
17  {
19  uint8_t addressFamily;
21  uint8_t version;
23  uint16_t resourceId;
24  };
25 #pragma pack(pop)
26  static_assert(sizeof(nflog_header) == 4, "nflog_header size is not 4 bytes");
27 
30  enum class NflogTlvType
31  {
33  NFULA_PACKET_HDR = 1,
35  NFULA_MARK = 2,
37  NFULA_TIMESTAMP = 3,
39  NFULA_IFINDEX_INDEV = 4,
41  NFULA_IFINDEX_OUTDEV = 5,
43  NFULA_IFINDEX_PHYSINDEV = 6,
45  NFULA_IFINDEX_PHYSOUTDEV = 7,
47  NFULA_HWADDR = 8,
49  NFULA_PAYLOAD = 9,
51  NFULA_PREFIX = 10,
53  NFULA_UID = 11,
55  NFULA_SEQ = 12,
57  NFULA_SEQ_GLOBAL = 13,
59  NFULA_GID = 14,
61  NFULA_HWTYPE = 15,
63  NFULA_HWHEADER = 16,
65  NFULA_HWLEN = 17,
66  };
67 
71  class NflogTlv
72  {
73  private:
74  struct NflogTLVRawData
75  {
77  uint16_t recordLen;
79  uint16_t recordType;
81  uint8_t recordValue[];
82  };
83  NflogTLVRawData* m_Data;
84 
85  public:
88  explicit NflogTlv(uint8_t* recordRawData)
89  {
90  assign(recordRawData);
91  }
92 
94  size_t getTotalSize() const
95  {
96  // as in
97  // https://github.com/the-tcpdump-group/libpcap/blob/766b607d60d8038087b49fc4cf433dac3dcdb49c/pcap-util.c#L371-L374
98  return align<4>(m_Data->recordLen);
99  }
100 
103  void assign(uint8_t* recordRawData)
104  {
105  m_Data = reinterpret_cast<NflogTLVRawData*>(recordRawData);
106  }
107 
112  static bool canAssign(const uint8_t* recordRawData, size_t tlvDataLen)
113  {
114  return recordRawData != nullptr && tlvDataLen >= sizeof(NflogTLVRawData::recordLen);
115  }
116 
118  bool isNull() const
119  {
120  return (m_Data == nullptr);
121  }
122 
124  uint16_t getType() const
125  {
126  return m_Data->recordType;
127  }
128 
130  uint8_t* getRecordBasePtr() const
131  {
132  return reinterpret_cast<uint8_t*>(m_Data);
133  }
134 
136  uint8_t* getValue() const
137  {
138  return m_Data->recordValue;
139  }
140  };
141 
144  class NflogLayer : public Layer
145  {
146  public:
151  NflogLayer(uint8_t* data, size_t dataLen, Packet* packet) : Layer(data, dataLen, nullptr, packet, NFLOG)
152  {}
153 
154  ~NflogLayer() override = default;
155 
158  nflog_header* getNflogHeader() const
159  {
160  return reinterpret_cast<nflog_header*>(m_Data);
161  }
162 
165  uint8_t getFamily();
166 
170  uint8_t getVersion();
171 
175  uint16_t getResourceId();
176 
181  NflogTlv getTlvByType(NflogTlvType type) const;
182 
183  // implement abstract methods
184 
187  void parseNextLayer() override;
188 
190  size_t getHeaderLen() const override;
191 
193  void computeCalculateFields() override {};
194 
195  std::string toString() const override;
196 
197  OsiModelLayer getOsiModelLayer() const override
198  {
199  return OsiModelDataLinkLayer;
200  }
201 
206  static bool isDataValid(const uint8_t* data, size_t dataLen);
207 
208  private:
209  uint8_t* getTlvsBasePtr() const
210  {
211  return m_Data + sizeof(nflog_header);
212  }
213 
214  TLVRecordReader<NflogTlv> m_TlvReader;
215  };
216 
217 } // namespace pcpp
pcpp::Layer
Definition: Layer.h:62
pcpp::NflogLayer
Definition: NflogLayer.h:145
pcpp::NflogLayer::parseNextLayer
void parseNextLayer() override
pcpp::NflogLayer::NflogLayer
NflogLayer(uint8_t *data, size_t dataLen, Packet *packet)
Definition: NflogLayer.h:151
pcpp::NflogLayer::computeCalculateFields
void computeCalculateFields() override
Does nothing for this layer.
Definition: NflogLayer.h:193
pcpp::NflogLayer::getHeaderLen
size_t getHeaderLen() const override
pcpp::NflogLayer::getNflogHeader
nflog_header * getNflogHeader() const
Definition: NflogLayer.h:158
pcpp::NflogLayer::getResourceId
uint16_t getResourceId()
pcpp::NflogLayer::isDataValid
static bool isDataValid(const uint8_t *data, size_t dataLen)
pcpp::NflogLayer::toString
std::string toString() const override
pcpp::NflogLayer::getTlvByType
NflogTlv getTlvByType(NflogTlvType type) const
pcpp::NflogLayer::getOsiModelLayer
OsiModelLayer getOsiModelLayer() const override
Definition: NflogLayer.h:197
pcpp::NflogLayer::getFamily
uint8_t getFamily()
pcpp::NflogLayer::getVersion
uint8_t getVersion()
pcpp::NflogTlv
Definition: NflogLayer.h:72
pcpp::NflogTlv::getType
uint16_t getType() const
Definition: NflogLayer.h:124
pcpp::NflogTlv::isNull
bool isNull() const
Definition: NflogLayer.h:118
pcpp::NflogTlv::getRecordBasePtr
uint8_t * getRecordBasePtr() const
Definition: NflogLayer.h:130
pcpp::NflogTlv::getTotalSize
size_t getTotalSize() const
Definition: NflogLayer.h:94
pcpp::NflogTlv::NflogTlv
NflogTlv(uint8_t *recordRawData)
Definition: NflogLayer.h:88
pcpp::NflogTlv::canAssign
static bool canAssign(const uint8_t *recordRawData, size_t tlvDataLen)
Definition: NflogLayer.h:112
pcpp::NflogTlv::assign
void assign(uint8_t *recordRawData)
Definition: NflogLayer.h:103
pcpp::NflogTlv::getValue
uint8_t * getValue() const
Definition: NflogLayer.h:136
pcpp::Packet
Definition: Packet.h:22
pcpp::TLVRecordReader
Definition: TLVData.h:204
pcpp
The main namespace for the PcapPlusPlus lib.
pcpp::OsiModelLayer
OsiModelLayer
An enum representing OSI model layers.
Definition: ProtocolType.h:225
pcpp::OsiModelDataLinkLayer
@ OsiModelDataLinkLayer
Data link layer (layer 2)
Definition: ProtocolType.h:229
pcpp::NFLOG
const ProtocolType NFLOG
NFLOG (Linux Netfilter NFLOG) Protocol.
Definition: ProtocolType.h:185
pcpp::NflogTlvType
NflogTlvType
Definition: NflogLayer.h:31
pcpp::NflogTlvType::NFULA_HWHEADER
@ NFULA_HWHEADER
skbuff's MAC-layer header
pcpp::NflogTlvType::NFULA_PAYLOAD
@ NFULA_PAYLOAD
packet payload
pcpp::NflogTlvType::NFULA_HWADDR
@ NFULA_HWADDR
nflog_hwaddr_t for hardware address
pcpp::NflogTlvType::NFULA_TIMESTAMP
@ NFULA_TIMESTAMP
nflog_timestamp_t for skbuff's time stamp
pcpp::NflogTlvType::NFULA_SEQ
@ NFULA_SEQ
sequence number of packets on this NFLOG socket
pcpp::NflogTlvType::NFULA_UID
@ NFULA_UID
UID owning socket on which packet was sent/received.
pcpp::NflogTlvType::NFULA_IFINDEX_PHYSINDEV
@ NFULA_IFINDEX_PHYSINDEV
ifindex of physical device on which packet received (not bridge group)
pcpp::NflogTlvType::NFULA_IFINDEX_INDEV
@ NFULA_IFINDEX_INDEV
ifindex of device on which packet received (possibly bridge group)
pcpp::NflogTlvType::NFULA_PREFIX
@ NFULA_PREFIX
text string - null-terminated, count includes NUL
pcpp::NflogTlvType::NFULA_GID
@ NFULA_GID
GID owning socket on which packet was sent/received.
pcpp::NflogTlvType::NFULA_HWLEN
@ NFULA_HWLEN
length of skbuff's MAC-layer header
pcpp::NflogTlvType::NFULA_SEQ_GLOBAL
@ NFULA_SEQ_GLOBAL
sequence number of packets on all NFLOG sockets
pcpp::NflogTlvType::NFULA_MARK
@ NFULA_MARK
packet mark from skbuff
pcpp::NflogTlvType::NFULA_IFINDEX_OUTDEV
@ NFULA_IFINDEX_OUTDEV
ifindex of device on which packet transmitted (possibly bridge group)
pcpp::NflogTlvType::NFULA_PACKET_HDR
@ NFULA_PACKET_HDR
the packet header structure
pcpp::NflogTlvType::NFULA_IFINDEX_PHYSOUTDEV
@ NFULA_IFINDEX_PHYSOUTDEV
ifindex of physical device on which packet transmitted (not bridge group)
pcpp::NflogTlvType::NFULA_HWTYPE
@ NFULA_HWTYPE
ARPHRD_ type of skbuff's device.
pcpp::nflog_header
Definition: NflogLayer.h:17
pcpp::nflog_header::resourceId
uint16_t resourceId
The network byte order (big-endian)
Definition: NflogLayer.h:23
pcpp::nflog_header::version
uint8_t version
The version field is 0 for the current version of the pseudo-header.
Definition: NflogLayer.h:21
pcpp::nflog_header::addressFamily
uint8_t addressFamily
A Linux AF_ value, so it's 2 for IPv4 and 10 for IPv6.
Definition: NflogLayer.h:19