PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PcapDevice.h"
4 #include "RawPacket.h"
5 #include <fstream>
6 
7 // forward declaration for structs and typedefs defined in pcap.h
8 struct pcap_dumper;
9 typedef struct pcap_dumper pcap_dumper_t;
10 
12 
15 namespace pcpp
16 {
20  enum class FileTimestampPrecision : int8_t
21  {
23  Unknown = -1,
25  Microseconds = 0,
27  Nanoseconds = 1
28  };
29 
32  class IFileDevice : public IPcapDevice
33  {
34  protected:
35  std::string m_FileName;
36 
37  explicit IFileDevice(const std::string& fileName);
38  virtual ~IFileDevice();
39 
40  public:
42  std::string getFileName() const;
43 
44  // override methods
45 
47  void close() override;
48  };
49 
53  class IFileReaderDevice : public IFileDevice
54  {
55  protected:
56  uint32_t m_NumOfPacketsRead;
57  uint32_t m_NumOfPacketsNotParsed;
58 
62  IFileReaderDevice(const std::string& fileName);
63 
64  public:
66  virtual ~IFileReaderDevice() = default;
67 
69  uint64_t getFileSize() const;
70 
71  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
72 
78  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
79 
85  static IFileReaderDevice* getReader(const std::string& fileName);
86  };
87 
91  class PcapFileReaderDevice : public IFileReaderDevice
92  {
93  private:
94  FileTimestampPrecision m_Precision;
95  LinkLayerType m_PcapLinkLayerType;
96 
97  // private copy c'tor
98  PcapFileReaderDevice(const PcapFileReaderDevice& other);
99  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other);
100 
101  public:
105  PcapFileReaderDevice(const std::string& fileName)
106  : IFileReaderDevice(fileName), m_Precision(FileTimestampPrecision::Unknown),
107  m_PcapLinkLayerType(LINKTYPE_ETHERNET)
108  {}
109 
111  virtual ~PcapFileReaderDevice() = default;
112 
114  LinkLayerType getLinkLayerType() const
115  {
116  return m_PcapLinkLayerType;
117  }
118 
122  FileTimestampPrecision getTimestampPrecision() const
123  {
124  return m_Precision;
125  }
126 
129  static bool isNanoSecondPrecisionSupported();
130 
131  // overridden methods
132 
137  bool getNextPacket(RawPacket& rawPacket);
138 
142  bool open();
143 
147  void getStatistics(PcapStats& stats) const;
148  };
149 
153  class SnoopFileReaderDevice : public IFileReaderDevice
154  {
155  private:
156 #pragma pack(1)
158  typedef struct
159  {
160  uint64_t identification_pattern;
161  uint32_t version_number;
162  uint32_t datalink_type;
163  } snoop_file_header_t;
164 
166  typedef struct
167  {
168  uint32_t original_length;
169  uint32_t included_length;
170  uint32_t packet_record_length;
171  uint32_t ndrops_cumulative;
172  uint32_t time_sec;
173  uint32_t time_usec;
174  } snoop_packet_header_t;
175 #pragma pack()
176 
177  LinkLayerType m_PcapLinkLayerType;
178  std::ifstream m_snoopFile;
179 
180  // private copy c'tor
181  SnoopFileReaderDevice(const PcapFileReaderDevice& other);
182  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other);
183 
184  public:
188  SnoopFileReaderDevice(const std::string& fileName)
189  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
190  {}
191 
193  virtual ~SnoopFileReaderDevice();
194 
196  LinkLayerType getLinkLayerType() const
197  {
198  return m_PcapLinkLayerType;
199  }
200 
201  // overridden methods
202 
207  bool getNextPacket(RawPacket& rawPacket);
208 
212  bool open();
213 
217  void getStatistics(PcapStats& stats) const;
218 
220  void close();
221  };
222 
226  class PcapNgFileReaderDevice : public IFileReaderDevice
227  {
228  private:
229  void* m_LightPcapNg;
230  BpfFilterWrapper m_BpfWrapper;
231 
232  // private copy c'tor
233  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other);
234  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other);
235 
236  public:
240  PcapNgFileReaderDevice(const std::string& fileName);
241 
243  virtual ~PcapNgFileReaderDevice()
244  {
245  close();
246  }
247 
252  std::string getOS() const;
253 
258  std::string getHardware() const;
259 
264  std::string getCaptureApplication() const;
265 
270  std::string getCaptureFileComment() const;
271 
279  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
280 
281  // overridden methods
282 
287  bool getNextPacket(RawPacket& rawPacket);
288 
292  bool open();
293 
296  void getStatistics(PcapStats& stats) const;
297 
302  bool setFilter(std::string filterAsString);
303 
305  void close();
306  };
307 
311  class IFileWriterDevice : public IFileDevice
312  {
313  protected:
314  uint32_t m_NumOfPacketsWritten;
315  uint32_t m_NumOfPacketsNotWritten;
316 
317  IFileWriterDevice(const std::string& fileName);
318 
319  public:
321  virtual ~IFileWriterDevice()
322  {}
323 
324  virtual bool writePacket(RawPacket const& packet) = 0;
325 
326  virtual bool writePackets(const RawPacketVector& packets) = 0;
327 
328  using IFileDevice::open;
329  virtual bool open(bool appendMode) = 0;
330  };
331 
336  class PcapFileWriterDevice : public IFileWriterDevice
337  {
338  private:
339  pcap_dumper_t* m_PcapDumpHandler;
340  LinkLayerType m_PcapLinkLayerType;
341  bool m_AppendMode;
342  FileTimestampPrecision m_Precision;
343  FILE* m_File;
344 
345  // private copy c'tor
346  PcapFileWriterDevice(const PcapFileWriterDevice& other);
347  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other);
348 
349  void closeFile();
350 
351  public:
360  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
361  bool nanosecondsPrecision = false);
362 
364  ~PcapFileWriterDevice()
365  {
366  PcapFileWriterDevice::close();
367  }
368 
375  bool writePacket(RawPacket const& packet) override;
376 
384  bool writePackets(const RawPacketVector& packets) override;
385 
387  FileTimestampPrecision getTimestampPrecision() const
388  {
389  return m_Precision;
390  }
391 
394  static bool isNanoSecondPrecisionSupported();
395 
396  // override methods
397 
402  bool open() override;
403 
412  bool open(bool appendMode) override;
413 
415  void close() override;
416 
418  void flush();
419 
422  void getStatistics(PcapStats& stats) const override;
423  };
424 
430  class PcapNgFileWriterDevice : public IFileWriterDevice
431  {
432  private:
433  void* m_LightPcapNg;
434  int m_CompressionLevel;
435  BpfFilterWrapper m_BpfWrapper;
436 
437  // private copy c'tor
438  PcapNgFileWriterDevice(const PcapFileWriterDevice& other);
439  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other);
440 
441  public:
448  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
449 
451  virtual ~PcapNgFileWriterDevice()
452  {
453  close();
454  }
455 
469  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
470  const std::string& fileComment);
471 
480  bool writePacket(RawPacket const& packet, const std::string& comment);
481 
482  // overridden methods
483 
489  bool writePacket(RawPacket const& packet);
490 
498  bool writePackets(const RawPacketVector& packets);
499 
504  bool open();
505 
513  bool open(bool appendMode);
514 
516  void flush();
517 
519  void close();
520 
523  void getStatistics(PcapStats& stats) const;
524 
529  bool setFilter(std::string filterAsString);
530  };
531 
532 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:33
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::close
void close() override
Close the file.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:54
pcpp::IFileReaderDevice::~IFileReaderDevice
virtual ~IFileReaderDevice()=default
A destructor for this class.
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:312
pcpp::IFileWriterDevice::~IFileWriterDevice
virtual ~IFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:321
pcpp::IPcapDevice
Definition: PcapDevice.h:92
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:92
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:105
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:122
pcpp::PcapFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
virtual ~PcapFileReaderDevice()=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:114
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:337
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::getStatistics
void getStatistics(PcapStats &stats) const override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::~PcapFileWriterDevice
~PcapFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:364
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:387
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:227
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
virtual ~PcapNgFileReaderDevice()
A destructor for this class.
Definition: PcapFileDevice.h:243
pcpp::PcapNgFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::close
void close()
Close the pacp-ng file.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::setFilter
bool setFilter(std::string filterAsString)
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:431
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets)
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet)
pcpp::PcapNgFileWriterDevice::setFilter
bool setFilter(std::string filterAsString)
pcpp::PcapNgFileWriterDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode)
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::close
void close()
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
virtual ~PcapNgFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:451
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:269
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:154
pcpp::SnoopFileReaderDevice::close
void close()
Close the snoop file.
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:188
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:196
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
virtual ~SnoopFileReaderDevice()
A destructor for this class.
pcpp::SnoopFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp
The main namespace for the PcapPlusPlus lib.
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:21
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
Definition: RawPacket.h:25
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
Definition: RawPacket.h:29
pcpp::IPcapDevice::PcapStats
Definition: PcapDevice.h:104