api-docs/next/_pcap_file_device_8h_source.html

 #pragma once


 #include "Device.h"

 #include "PcapDevice.h"

 #include "RawPacket.h"

 #include <fstream>


 namespace pcpp

 {

     namespace internal

     {

         struct LightPcapNgHandle;

     }  // namespace internal


     enum class FileTimestampPrecision : int8_t

     {

         Unknown = -1,

         Microseconds = 0,

         Nanoseconds = 1

     };


     class IFileDevice : public IFilterableDevice, public IPcapStatisticsProvider

     {

     protected:

         std::string m_FileName;

         BpfFilterWrapper m_BpfWrapper;


         explicit IFileDevice(const std::string& fileName);


         bool doUpdateFilter(std::string const* filterAsString) override;


     public:

         std::string getFileName() const;


         // override methods


         void getStatistics(PcapStats& stats) const override;


     protected:

         void reportPacketProcessed(uint64_t numPackets = 1)

         {

             m_NumOfPacketsProcessed += numPackets;

         }


         void reportPacketDropped(uint64_t numPackets = 1)

         {

             m_NumOfPacketsDropped += numPackets;

         }


         void resetStatisticCounters();


     private:

         uint64_t m_NumOfPacketsProcessed = 0;

         uint64_t m_NumOfPacketsDropped = 0;

     };


     class IFileReaderDevice : public IFileDevice

     {

     protected:

         IFileReaderDevice(const std::string& fileName);


     public:

         ~IFileReaderDevice() override = default;


         uint64_t getFileSize() const;


         virtual bool getNextPacket(RawPacket& rawPacket) = 0;


         int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);


         static IFileReaderDevice* getReader(const std::string& fileName);

     };


     class IFileWriterDevice : public IFileDevice

     {

     protected:

         IFileWriterDevice(const std::string& fileName);


     public:

         ~IFileWriterDevice() override = default;


         virtual bool writePacket(RawPacket const& packet) = 0;


         virtual bool writePackets(const RawPacketVector& packets) = 0;


         using IFileDevice::open;

         virtual bool open(bool appendMode) = 0;

     };


     class PcapFileReaderDevice : public IFileReaderDevice

     {

     public:

         explicit PcapFileReaderDevice(const std::string& fileName) : IFileReaderDevice(fileName)

         {}


         ~PcapFileReaderDevice() override = default;


         PcapFileReaderDevice(const PcapFileReaderDevice& other) = delete;

         PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other) = delete;


         LinkLayerType getLinkLayerType() const

         {

             return m_PcapLinkLayerType;

         }


         FileTimestampPrecision getTimestampPrecision() const

         {

             return m_Precision;

         }


         uint32_t getSnapshotLength() const

         {

             return m_SnapshotLength;

         }


         PCPP_DEPRECATED("Nanosecond precision is now natively supported by the internal parser and always returns true")

         static bool isNanoSecondPrecisionSupported()

         {

             return true;

         }


         // overridden methods


         bool isOpened() const override

         {

             return m_PcapFile.is_open();

         }


         bool getNextPacket(RawPacket& rawPacket) override;


         bool open() override;


         void close() override;


     private:

         FileTimestampPrecision m_Precision = FileTimestampPrecision::Unknown;

         LinkLayerType m_PcapLinkLayerType = LINKTYPE_ETHERNET;

         std::ifstream m_PcapFile;

         bool m_NeedsSwap = false;

         uint32_t m_SnapshotLength = 0;


         bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,

                             uint32_t& capturedLength, uint32_t& frameLength);

     };


     class PcapFileWriterDevice : public IFileWriterDevice

     {

     public:

         PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,

                              bool nanosecondsPrecision = false);


         PcapFileWriterDevice(const PcapFileWriterDevice& other) = delete;

         PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other) = delete;


         bool writePacket(RawPacket const& packet) override;


         bool writePackets(const RawPacketVector& packets) override;


         FileTimestampPrecision getTimestampPrecision() const

         {

             return m_Precision;

         }


         PCPP_DEPRECATED("Nanosecond precision is now natively supported by the internal parser and always returns true")

         static bool isNanoSecondPrecisionSupported()

         {

             return true;

         }


         LinkLayerType getLinkLayerType() const

         {

             return m_PcapLinkLayerType;

         }


         bool open() override;


         bool open(bool appendMode) override;


         bool isOpened() const override

         {

             return m_PcapFile.is_open();

         }


         void close() override;


         void flush();


     private:

         LinkLayerType m_PcapLinkLayerType = LINKTYPE_ETHERNET;

         bool m_NeedsSwap = false;

         FileTimestampPrecision m_Precision = FileTimestampPrecision::Unknown;

         std::fstream m_PcapFile;


         struct CheckHeaderResult

         {

             enum class Result

             {

                 HeaderOk,

                 HeaderError,

                 HeaderNeeded

             };


             Result result;

             std::string error;

             bool needsSwap = false;


             static CheckHeaderResult fromOk(bool needsSwap)

             {

                 return { Result::HeaderOk, "", needsSwap };

             }


             static CheckHeaderResult fromError(const std::string& error)

             {

                 return { Result::HeaderError, error };

             }


             static CheckHeaderResult fromHeaderNeeded()

             {

                 return { Result::HeaderNeeded };

             }

         };


         static bool writeHeader(std::fstream& pcapFile, FileTimestampPrecision precision, uint32_t snaplen,

                                 LinkLayerType linkType);

         static CheckHeaderResult checkHeader(std::fstream& pcapFile, FileTimestampPrecision requestedPrecision,

                                              LinkLayerType requestedLinkType);

     };


     class PcapNgFileReaderDevice : public IFileReaderDevice

     {

     private:

         internal::LightPcapNgHandle* m_LightPcapNg;


     public:

         PcapNgFileReaderDevice(const std::string& fileName);


         ~PcapNgFileReaderDevice() override

         {

             PcapNgFileReaderDevice::close();

         }


         PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other) = delete;

         PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other) = delete;


         std::string getOS() const;


         std::string getHardware() const;


         std::string getCaptureApplication() const;


         std::string getCaptureFileComment() const;


         bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);


         // overridden methods


         bool getNextPacket(RawPacket& rawPacket) override;


         bool open() override;


         bool isOpened() const override

         {

             return m_LightPcapNg != nullptr;

         }


         void close() override;


     private:

         bool getNextPacketInternal(RawPacket& rawPacket, std::string* packetComment);

     };


     class PcapNgFileWriterDevice : public IFileWriterDevice

     {

     private:

         internal::LightPcapNgHandle* m_LightPcapNg;

         int m_CompressionLevel;


     public:

         PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);


         ~PcapNgFileWriterDevice() override

         {

             PcapNgFileWriterDevice::close();

         }


         PcapNgFileWriterDevice(const PcapFileWriterDevice& other) = delete;

         PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other) = delete;


         bool writePacket(RawPacket const& packet, const std::string& comment);


         // overridden methods


         bool writePacket(RawPacket const& packet) override;


         bool writePackets(const RawPacketVector& packets) override;


         bool open() override;


         bool open(bool appendMode) override;


         bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,

                   const std::string& fileComment);


         bool isOpened() const override

         {

             return m_LightPcapNg != nullptr;

         }


         void flush();


         void close() override;


     private:

         struct PcapNgMetadata

         {

             std::string os;

             std::string hardware;

             std::string captureApplication;

             std::string comment;

         };


         bool openWrite(PcapNgMetadata const* metadata = nullptr);

         bool openAppend();

     };


     class SnoopFileReaderDevice : public IFileReaderDevice

     {

     private:

 #pragma pack(1)

         typedef struct

         {

             uint64_t identification_pattern;

             uint32_t version_number;

             uint32_t datalink_type;

         } snoop_file_header_t;


         typedef struct

         {

             uint32_t original_length;

             uint32_t included_length;

             uint32_t packet_record_length;

             uint32_t ndrops_cumulative;

             uint32_t time_sec;

             uint32_t time_usec;

         } snoop_packet_header_t;

 #pragma pack()


         LinkLayerType m_PcapLinkLayerType;

         std::ifstream m_SnoopFile;


         bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,

                             uint32_t& capturedLength, uint32_t& frameLength);


     public:

         SnoopFileReaderDevice(const std::string& fileName)

             : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)

         {}


         ~SnoopFileReaderDevice() override;


         SnoopFileReaderDevice(const PcapFileReaderDevice& other) = delete;

         SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other) = delete;


         LinkLayerType getLinkLayerType() const

         {

             return m_PcapLinkLayerType;

         }


         // overridden methods


         bool getNextPacket(RawPacket& rawPacket) override;


         bool open() override;


         bool isOpened() const override

         {

             return m_SnoopFile.is_open();

         }


         void close() override;

     };

 }  // namespace pcpp

Device.h

PcapDevice.h

RawPacket.h

pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80

pcpp::IDevice::open
virtual bool open()=0

pcpp::IFileDevice
Definition: PcapFileDevice.h:37

pcpp::IFileDevice::doUpdateFilter
bool doUpdateFilter(std::string const *filterAsString) override
Updates the filter on the device with a BPF string.

pcpp::IFileDevice::getFileName
std::string getFileName() const

pcpp::IFileDevice::reportPacketProcessed
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:65

pcpp::IFileDevice::reportPacketDropped
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:72

pcpp::IFileDevice::getStatistics
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.

pcpp::IFileDevice::resetStatisticCounters
void resetStatisticCounters()
Reset the internal statistic counters to zero.

pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:89

pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)

pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const

pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)

pcpp::IFileReaderDevice::~IFileReaderDevice
~IFileReaderDevice() override=default
A destructor for this class.

pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)

pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:124

pcpp::IFileWriterDevice::~IFileWriterDevice
~IFileWriterDevice() override=default
A destructor for this class.

pcpp::IFilterableDevice
Definition: Device.h:44

pcpp::IPcapStatisticsProvider
An interface for providing Pcap-based device statistics.
Definition: PcapDevice.h:25

pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:144

pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:149

pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override

pcpp::PcapFileReaderDevice::close
void close() override
Close the pacp file.

pcpp::PcapFileReaderDevice::open
bool open() override

pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:180

pcpp::PcapFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:188

pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:165

pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:159

pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
~PcapFileReaderDevice() override=default
A destructor for this class.

pcpp::PcapFileReaderDevice::getSnapshotLength
uint32_t getSnapshotLength() const
Definition: PcapFileDevice.h:171

pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:224

pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override

pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.

pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.

pcpp::PcapFileWriterDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:296

pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)

pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override

pcpp::PcapFileWriterDevice::open
bool open() override

pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:269

pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:260

pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override

pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:352

pcpp::PcapNgFileReaderDevice::open
bool open() override

pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const

pcpp::PcapNgFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:418

pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const

pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)

pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override

pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
~PcapNgFileReaderDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:363

pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const

pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)

pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const

pcpp::PcapNgFileReaderDevice::close
void close() override
Close the pacp-ng file.

pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:436

pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)

pcpp::PcapNgFileWriterDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:519

pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)

pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override

pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.

pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override

pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
~PcapNgFileWriterDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:451

pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override

pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)

pcpp::PcapNgFileWriterDevice::open
bool open() override

pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.

pcpp::PointerVector
Definition: PointerVector.h:50

pcpp::RawPacket
Definition: RawPacket.h:261

pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:554

pcpp::SnoopFileReaderDevice::close
void close() override
Close the snoop file.

pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override

pcpp::SnoopFileReaderDevice::open
bool open() override

pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:587

pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:598

pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
~SnoopFileReaderDevice() override
A destructor for this class.

pcpp::SnoopFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:617

pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19

pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:25

pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.

pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.

pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.

pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:22

pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:26

LightPcapNgHandle

pcpp::PcapStats
Definition: PcapDevice.h:14