PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PcapDevice.h"
4 #include "RawPacket.h"
5 #include <fstream>
6 
7 // forward declaration for structs and typedefs defined in pcap.h
8 struct pcap_dumper;
9 typedef struct pcap_dumper pcap_dumper_t;
10 
12 
15 namespace pcpp
16 {
17  namespace internal
18  {
21  struct LightPcapNgHandle;
22  } // namespace internal
23 
27  enum class FileTimestampPrecision : int8_t
28  {
30  Unknown = -1,
32  Microseconds = 0,
34  Nanoseconds = 1
35  };
36 
39  class IFileDevice : public IPcapDevice
40  {
41  protected:
42  bool m_DeviceOpened = false;
43  std::string m_FileName;
44 
45  explicit IFileDevice(const std::string& fileName);
46  virtual ~IFileDevice();
47 
48  public:
50  std::string getFileName() const;
51 
52  // override methods
53 
55  void close() override;
56 
57  bool isOpened() const override
58  {
59  return m_DeviceOpened;
60  }
61 
70  void getStatistics(PcapStats& stats) const override;
71 
72  protected:
75  void reportPacketProcessed(uint64_t numPackets = 1)
76  {
77  m_NumOfPacketsProcessed += numPackets;
78  }
79 
82  void reportPacketDropped(uint64_t numPackets = 1)
83  {
84  m_NumOfPacketsDropped += numPackets;
85  }
86 
88  void resetStatisticCounters();
89 
90  private:
91  uint64_t m_NumOfPacketsProcessed = 0;
92  uint64_t m_NumOfPacketsDropped = 0;
93  };
94 
98  class IFileReaderDevice : public IFileDevice
99  {
100  protected:
104  IFileReaderDevice(const std::string& fileName);
105 
106  public:
108  virtual ~IFileReaderDevice() = default;
109 
111  uint64_t getFileSize() const;
112 
113  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
114 
120  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
121 
127  static IFileReaderDevice* getReader(const std::string& fileName);
128  };
129 
133  class IFileWriterDevice : public IFileDevice
134  {
135  protected:
136  IFileWriterDevice(const std::string& fileName);
137 
138  public:
140  virtual ~IFileWriterDevice() = default;
141 
142  virtual bool writePacket(RawPacket const& packet) = 0;
143 
144  virtual bool writePackets(const RawPacketVector& packets) = 0;
145 
146  using IFileDevice::open;
147  virtual bool open(bool appendMode) = 0;
148  };
149 
153  class PcapFileReaderDevice : public IFileReaderDevice
154  {
155  private:
156  FileTimestampPrecision m_Precision;
157  LinkLayerType m_PcapLinkLayerType;
158 
159  // private copy c'tor
160  PcapFileReaderDevice(const PcapFileReaderDevice& other);
161  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other);
162 
163  public:
167  PcapFileReaderDevice(const std::string& fileName)
168  : IFileReaderDevice(fileName), m_Precision(FileTimestampPrecision::Unknown),
169  m_PcapLinkLayerType(LINKTYPE_ETHERNET)
170  {}
171 
173  virtual ~PcapFileReaderDevice() = default;
174 
176  LinkLayerType getLinkLayerType() const
177  {
178  return m_PcapLinkLayerType;
179  }
180 
184  FileTimestampPrecision getTimestampPrecision() const
185  {
186  return m_Precision;
187  }
188 
191  static bool isNanoSecondPrecisionSupported();
192 
193  // overridden methods
194 
199  bool getNextPacket(RawPacket& rawPacket);
200 
204  bool open();
205  };
206 
211  class PcapFileWriterDevice : public IFileWriterDevice
212  {
213  private:
214  pcap_dumper_t* m_PcapDumpHandler;
215  LinkLayerType m_PcapLinkLayerType;
216  bool m_AppendMode;
217  FileTimestampPrecision m_Precision;
218  FILE* m_File;
219 
220  // private copy c'tor
221  PcapFileWriterDevice(const PcapFileWriterDevice& other);
222  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other);
223 
224  void closeFile();
225 
226  public:
237  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
238  bool nanosecondsPrecision = false);
239 
241  ~PcapFileWriterDevice()
242  {
243  PcapFileWriterDevice::close();
244  }
245 
252  bool writePacket(RawPacket const& packet) override;
253 
261  bool writePackets(const RawPacketVector& packets) override;
262 
264  FileTimestampPrecision getTimestampPrecision() const
265  {
266  return m_Precision;
267  }
268 
271  static bool isNanoSecondPrecisionSupported();
272 
273  // override methods
274 
279  bool open() override;
280 
289  bool open(bool appendMode) override;
290 
292  void close() override;
293 
295  void flush();
296 
297  private:
298  bool openWrite();
299  bool openAppend();
300  };
301 
305  class PcapNgFileReaderDevice : public IFileReaderDevice
306  {
307  private:
308  internal::LightPcapNgHandle* m_LightPcapNg;
309  BpfFilterWrapper m_BpfWrapper;
310 
311  // private copy c'tor
312  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other);
313  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other);
314 
315  public:
319  PcapNgFileReaderDevice(const std::string& fileName);
320 
322  virtual ~PcapNgFileReaderDevice()
323  {
324  close();
325  }
326 
331  std::string getOS() const;
332 
337  std::string getHardware() const;
338 
343  std::string getCaptureApplication() const;
344 
349  std::string getCaptureFileComment() const;
350 
358  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
359 
360  // overridden methods
361 
366  bool getNextPacket(RawPacket& rawPacket);
367 
371  bool open();
372 
377  bool setFilter(std::string filterAsString);
378 
380  void close();
381  };
382 
388  class PcapNgFileWriterDevice : public IFileWriterDevice
389  {
390  private:
391  internal::LightPcapNgHandle* m_LightPcapNg;
392  int m_CompressionLevel;
393  BpfFilterWrapper m_BpfWrapper;
394 
395  // private copy c'tor
396  PcapNgFileWriterDevice(const PcapFileWriterDevice& other);
397  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other);
398 
399  public:
406  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
407 
409  virtual ~PcapNgFileWriterDevice()
410  {
411  PcapNgFileWriterDevice::close();
412  }
413 
422  bool writePacket(RawPacket const& packet, const std::string& comment);
423 
424  // overridden methods
425 
431  bool writePacket(RawPacket const& packet) override;
432 
440  bool writePackets(const RawPacketVector& packets) override;
441 
446  bool open() override;
447 
455  bool open(bool appendMode) override;
456 
470  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
471  const std::string& fileComment);
472 
474  void flush();
475 
477  void close() override;
478 
483  bool setFilter(std::string filterAsString) override;
484 
485  private:
489  struct PcapNgMetadata
490  {
492  std::string os;
494  std::string hardware;
496  std::string captureApplication;
498  std::string comment;
499  };
500 
501  bool openWrite(PcapNgMetadata const* metadata = nullptr);
502  bool openAppend();
503  };
504 
508  class SnoopFileReaderDevice : public IFileReaderDevice
509  {
510  private:
511 #pragma pack(1)
513  typedef struct
514  {
515  uint64_t identification_pattern;
516  uint32_t version_number;
517  uint32_t datalink_type;
518  } snoop_file_header_t;
519 
521  typedef struct
522  {
523  uint32_t original_length;
524  uint32_t included_length;
525  uint32_t packet_record_length;
526  uint32_t ndrops_cumulative;
527  uint32_t time_sec;
528  uint32_t time_usec;
529  } snoop_packet_header_t;
530 #pragma pack()
531 
532  LinkLayerType m_PcapLinkLayerType;
533  std::ifstream m_snoopFile;
534 
535  // private copy c'tor
536  SnoopFileReaderDevice(const PcapFileReaderDevice& other);
537  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other);
538 
539  public:
543  SnoopFileReaderDevice(const std::string& fileName)
544  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
545  {}
546 
548  virtual ~SnoopFileReaderDevice();
549 
551  LinkLayerType getLinkLayerType() const
552  {
553  return m_PcapLinkLayerType;
554  }
555 
556  // overridden methods
557 
562  bool getNextPacket(RawPacket& rawPacket);
563 
567  bool open();
568 
570  void close();
571  };
572 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:40
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:57
pcpp::IFileDevice::close
void close() override
Close the file.
pcpp::IFileDevice::reportPacketProcessed
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:75
pcpp::IFileDevice::reportPacketDropped
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:82
pcpp::IFileDevice::getStatistics
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.
pcpp::IFileDevice::resetStatisticCounters
void resetStatisticCounters()
Reset the internal statistic counters to zero.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:99
pcpp::IFileReaderDevice::~IFileReaderDevice
virtual ~IFileReaderDevice()=default
A destructor for this class.
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:134
pcpp::IFileWriterDevice::~IFileWriterDevice
virtual ~IFileWriterDevice()=default
A destructor for this class.
pcpp::IPcapDevice
Definition: PcapDevice.h:142
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:154
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:167
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:184
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
virtual ~PcapFileReaderDevice()=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:176
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:212
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::~PcapFileWriterDevice
~PcapFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:241
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:264
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:306
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
virtual ~PcapNgFileReaderDevice()
A destructor for this class.
Definition: PcapFileDevice.h:322
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::close
void close()
Close the pacp-ng file.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::setFilter
bool setFilter(std::string filterAsString)
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:389
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
virtual ~PcapNgFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:409
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::setFilter
bool setFilter(std::string filterAsString) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:259
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:509
pcpp::SnoopFileReaderDevice::close
void close()
Close the snoop file.
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:543
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:551
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
virtual ~SnoopFileReaderDevice()
A destructor for this class.
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:28
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:20
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:24
pcpp::ArpMessageType::Unknown
@ Unknown
Unknown ARP message type.
pcpp::internal::PcapStats
Definition: PcapDevice.h:25