PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Device.h"
4 #include "PcapDevice.h"
5 #include "RawPacket.h"
6 #include <fstream>
7 
9 
12 namespace pcpp
13 {
14  namespace internal
15  {
18  struct LightPcapNgHandle;
19  } // namespace internal
20 
24  enum class FileTimestampPrecision : int8_t
25  {
27  Unknown = -1,
29  Microseconds = 0,
31  Nanoseconds = 1
32  };
33 
36  class IFileDevice : public IFilterableDevice, public IPcapStatisticsProvider
37  {
38  protected:
39  std::string m_FileName;
40  BpfFilterWrapper m_BpfWrapper;
41 
42  explicit IFileDevice(const std::string& fileName);
43 
44  bool doUpdateFilter(std::string const* filterAsString) override;
45 
46  public:
48  std::string getFileName() const;
49 
50  // override methods
51 
60  void getStatistics(PcapStats& stats) const override;
61 
62  protected:
65  void reportPacketProcessed(uint64_t numPackets = 1)
66  {
67  m_NumOfPacketsProcessed += numPackets;
68  }
69 
72  void reportPacketDropped(uint64_t numPackets = 1)
73  {
74  m_NumOfPacketsDropped += numPackets;
75  }
76 
78  void resetStatisticCounters();
79 
80  private:
81  uint64_t m_NumOfPacketsProcessed = 0;
82  uint64_t m_NumOfPacketsDropped = 0;
83  };
84 
88  class IFileReaderDevice : public IFileDevice
89  {
90  protected:
94  IFileReaderDevice(const std::string& fileName);
95 
96  public:
98  ~IFileReaderDevice() override = default;
99 
101  uint64_t getFileSize() const;
102 
103  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
104 
110  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
111 
117  static IFileReaderDevice* getReader(const std::string& fileName);
118  };
119 
123  class IFileWriterDevice : public IFileDevice
124  {
125  protected:
126  IFileWriterDevice(const std::string& fileName);
127 
128  public:
130  ~IFileWriterDevice() override = default;
131 
132  virtual bool writePacket(RawPacket const& packet) = 0;
133 
134  virtual bool writePackets(const RawPacketVector& packets) = 0;
135 
136  using IFileDevice::open;
137  virtual bool open(bool appendMode) = 0;
138  };
139 
143  class PcapFileReaderDevice : public IFileReaderDevice
144  {
145  public:
149  explicit PcapFileReaderDevice(const std::string& fileName) : IFileReaderDevice(fileName)
150  {}
151 
153  ~PcapFileReaderDevice() override = default;
154 
155  PcapFileReaderDevice(const PcapFileReaderDevice& other) = delete;
156  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other) = delete;
157 
159  LinkLayerType getLinkLayerType() const
160  {
161  return m_PcapLinkLayerType;
162  }
163 
165  FileTimestampPrecision getTimestampPrecision() const
166  {
167  return m_Precision;
168  }
169 
171  uint32_t getSnapshotLength() const
172  {
173  return m_SnapshotLength;
174  }
175 
179  PCPP_DEPRECATED("Nanosecond precision is now natively supported by the internal parser and always returns true")
180  static bool isNanoSecondPrecisionSupported()
181  {
182  return true;
183  }
184 
185  // overridden methods
186 
188  bool isOpened() const override
189  {
190  return m_PcapFile.is_open();
191  }
192 
197  bool getNextPacket(RawPacket& rawPacket) override;
198 
202  bool open() override;
203 
205  void close() override;
206 
207  private:
208  FileTimestampPrecision m_Precision = FileTimestampPrecision::Unknown;
209  LinkLayerType m_PcapLinkLayerType = LINKTYPE_ETHERNET;
210  std::ifstream m_PcapFile;
211  bool m_NeedsSwap = false;
212  uint32_t m_SnapshotLength = 0;
213  std::vector<uint8_t> m_ReadBuffer;
214 
215  bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,
216  uint32_t& capturedLength, uint32_t& frameLength);
217  };
218 
224  class PcapFileWriterDevice : public IFileWriterDevice
225  {
226  public:
237  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
238  bool nanosecondsPrecision = false);
239 
240  PcapFileWriterDevice(const PcapFileWriterDevice& other) = delete;
241  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other) = delete;
242 
249  bool writePacket(RawPacket const& packet) override;
250 
258  bool writePackets(const RawPacketVector& packets) override;
259 
261  FileTimestampPrecision getTimestampPrecision() const
262  {
263  return m_Precision;
264  }
265 
269  PCPP_DEPRECATED("Nanosecond precision is now natively supported by the internal parser and always returns true")
270  static bool isNanoSecondPrecisionSupported()
271  {
272  return true;
273  }
274 
275  LinkLayerType getLinkLayerType() const
276  {
277  return m_PcapLinkLayerType;
278  }
279 
284  bool open() override;
285 
294  bool open(bool appendMode) override;
295 
297  bool isOpened() const override
298  {
299  return m_PcapFile.is_open();
300  }
301 
303  void close() override;
304 
306  void flush();
307 
308  private:
309  static bool writeHeader(std::ostream& outStream, FileTimestampPrecision precision, uint32_t snaplen,
310  LinkLayerType linkType);
311 
312  LinkLayerType m_PcapLinkLayerType = LINKTYPE_ETHERNET;
313  bool m_NeedsSwap = false;
314  FileTimestampPrecision m_Precision = FileTimestampPrecision::Unknown;
315  std::fstream m_PcapFile;
316  };
317 
321  class PcapNgFileReaderDevice : public IFileReaderDevice
322  {
323  private:
324  internal::LightPcapNgHandle* m_LightPcapNg;
325 
326  public:
329  static bool isZstdSupported();
330 
334  PcapNgFileReaderDevice(const std::string& fileName);
335 
337  ~PcapNgFileReaderDevice() override
338  {
339  PcapNgFileReaderDevice::close();
340  }
341 
342  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other) = delete;
343  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other) = delete;
344 
349  std::string getOS() const;
350 
355  std::string getHardware() const;
356 
361  std::string getCaptureApplication() const;
362 
367  std::string getCaptureFileComment() const;
368 
376  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
377 
378  // overridden methods
379 
384  bool getNextPacket(RawPacket& rawPacket) override;
385 
389  bool open() override;
390 
392  bool isOpened() const override
393  {
394  return m_LightPcapNg != nullptr;
395  }
396 
398  void close() override;
399 
400  private:
401  bool getNextPacketInternal(RawPacket& rawPacket, std::string* packetComment);
402  };
403 
409  class PcapNgFileWriterDevice : public IFileWriterDevice
410  {
411  private:
412  internal::LightPcapNgHandle* m_LightPcapNg;
413  int m_CompressionLevel;
414 
415  public:
418  static bool isZstdSupported();
419 
426  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
427 
429  ~PcapNgFileWriterDevice() override
430  {
431  PcapNgFileWriterDevice::close();
432  }
433 
434  PcapNgFileWriterDevice(const PcapFileWriterDevice& other) = delete;
435  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other) = delete;
436 
445  bool writePacket(RawPacket const& packet, const std::string& comment);
446 
447  // overridden methods
448 
454  bool writePacket(RawPacket const& packet) override;
455 
463  bool writePackets(const RawPacketVector& packets) override;
464 
469  bool open() override;
470 
478  bool open(bool appendMode) override;
479 
493  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
494  const std::string& fileComment);
495 
497  bool isOpened() const override
498  {
499  return m_LightPcapNg != nullptr;
500  }
501 
503  void flush();
504 
506  void close() override;
507 
508  private:
512  struct PcapNgMetadata
513  {
515  std::string os;
517  std::string hardware;
519  std::string captureApplication;
521  std::string comment;
522  };
523 
524  bool openWrite(PcapNgMetadata const* metadata = nullptr);
525  bool openAppend();
526  };
527 
531  class SnoopFileReaderDevice : public IFileReaderDevice
532  {
533  private:
534 #pragma pack(1)
536  typedef struct
537  {
538  uint64_t identification_pattern;
539  uint32_t version_number;
540  uint32_t datalink_type;
541  } snoop_file_header_t;
542 
544  typedef struct
545  {
546  uint32_t original_length;
547  uint32_t included_length;
548  uint32_t packet_record_length;
549  uint32_t ndrops_cumulative;
550  uint32_t time_sec;
551  uint32_t time_usec;
552  } snoop_packet_header_t;
553 #pragma pack()
554 
555  LinkLayerType m_PcapLinkLayerType;
556  std::ifstream m_SnoopFile;
557  std::vector<uint8_t> m_ReadBuffer;
558 
559  bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,
560  uint32_t& capturedLength, uint32_t& frameLength);
561 
562  public:
566  SnoopFileReaderDevice(const std::string& fileName)
567  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
568  {}
569 
571  ~SnoopFileReaderDevice() override;
572 
573  SnoopFileReaderDevice(const PcapFileReaderDevice& other) = delete;
574  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other) = delete;
575 
577  LinkLayerType getLinkLayerType() const
578  {
579  return m_PcapLinkLayerType;
580  }
581 
582  // overridden methods
583 
588  bool getNextPacket(RawPacket& rawPacket) override;
589 
593  bool open() override;
594 
596  bool isOpened() const override
597  {
598  return m_SnoopFile.is_open();
599  }
600 
602  void close() override;
603  };
604 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:37
pcpp::IFileDevice::doUpdateFilter
bool doUpdateFilter(std::string const *filterAsString) override
Updates the filter on the device with a BPF string.
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::reportPacketProcessed
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:65
pcpp::IFileDevice::reportPacketDropped
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:72
pcpp::IFileDevice::getStatistics
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.
pcpp::IFileDevice::resetStatisticCounters
void resetStatisticCounters()
Reset the internal statistic counters to zero.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:89
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::~IFileReaderDevice
~IFileReaderDevice() override=default
A destructor for this class.
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:124
pcpp::IFileWriterDevice::~IFileWriterDevice
~IFileWriterDevice() override=default
A destructor for this class.
pcpp::IFilterableDevice
Definition: Device.h:44
pcpp::IPcapStatisticsProvider
An interface for providing Pcap-based device statistics.
Definition: PcapDevice.h:25
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:144
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:149
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::PcapFileReaderDevice::close
void close() override
Close the pacp file.
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:180
pcpp::PcapFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:188
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:165
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:159
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
~PcapFileReaderDevice() override=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getSnapshotLength
uint32_t getSnapshotLength() const
Definition: PcapFileDevice.h:171
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:225
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:297
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:270
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:261
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:322
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:392
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::isZstdSupported
static bool isZstdSupported()
A static method that checks if the device was built with zstd compression support.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
~PcapNgFileReaderDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:337
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::close
void close() override
Close the pacp-ng file.
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:410
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:497
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::isZstdSupported
static bool isZstdSupported()
A static method that checks if the device was built with zstd compression support.
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
~PcapNgFileWriterDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:429
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:290
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:532
pcpp::SnoopFileReaderDevice::close
void close() override
Close the snoop file.
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:566
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:577
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
~SnoopFileReaderDevice() override
A destructor for this class.
pcpp::SnoopFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:596
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:25
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:22
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:26
pcpp::PcapStats
Definition: PcapDevice.h:14