PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PcapDevice.h"
4 #include "RawPacket.h"
5 #include <fstream>
6 
7 // forward declaration for structs and typedefs defined in pcap.h
8 struct pcap_dumper;
9 typedef struct pcap_dumper pcap_dumper_t;
10 
12 
15 namespace pcpp
16 {
17  namespace internal
18  {
21  struct LightPcapNgHandle;
22  } // namespace internal
23 
27  enum class FileTimestampPrecision : int8_t
28  {
30  Unknown = -1,
32  Microseconds = 0,
34  Nanoseconds = 1
35  };
36 
39  class IFileDevice : public IPcapDevice
40  {
41  protected:
42  bool m_DeviceOpened = false;
43  std::string m_FileName;
44 
45  explicit IFileDevice(const std::string& fileName);
46  virtual ~IFileDevice();
47 
48  public:
50  std::string getFileName() const;
51 
52  // override methods
53 
55  void close() override;
56 
57  bool isOpened() const override
58  {
59  return m_DeviceOpened;
60  }
61 
70  void getStatistics(PcapStats& stats) const override;
71 
72  protected:
75  void reportPacketProcessed(uint64_t numPackets = 1)
76  {
77  m_NumOfPacketsProcessed += numPackets;
78  }
79 
82  void reportPacketDropped(uint64_t numPackets = 1)
83  {
84  m_NumOfPacketsDropped += numPackets;
85  }
86 
88  void resetStatisticCounters();
89 
90  private:
91  uint64_t m_NumOfPacketsProcessed = 0;
92  uint64_t m_NumOfPacketsDropped = 0;
93  };
94 
98  class IFileReaderDevice : public IFileDevice
99  {
100  protected:
104  IFileReaderDevice(const std::string& fileName);
105 
106  public:
108  virtual ~IFileReaderDevice() = default;
109 
111  uint64_t getFileSize() const;
112 
113  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
114 
120  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
121 
127  static IFileReaderDevice* getReader(const std::string& fileName);
128  };
129 
133  class IFileWriterDevice : public IFileDevice
134  {
135  protected:
136  IFileWriterDevice(const std::string& fileName);
137 
138  public:
140  virtual ~IFileWriterDevice() = default;
141 
142  virtual bool writePacket(RawPacket const& packet) = 0;
143 
144  virtual bool writePackets(const RawPacketVector& packets) = 0;
145 
146  using IFileDevice::open;
147  virtual bool open(bool appendMode) = 0;
148  };
149 
153  class PcapFileReaderDevice : public IFileReaderDevice
154  {
155  private:
156  FileTimestampPrecision m_Precision;
157  LinkLayerType m_PcapLinkLayerType;
158 
159  // private copy c'tor
160  PcapFileReaderDevice(const PcapFileReaderDevice& other);
161  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other);
162 
163  public:
167  PcapFileReaderDevice(const std::string& fileName)
168  : IFileReaderDevice(fileName), m_Precision(FileTimestampPrecision::Unknown),
169  m_PcapLinkLayerType(LINKTYPE_ETHERNET)
170  {}
171 
173  virtual ~PcapFileReaderDevice() = default;
174 
176  LinkLayerType getLinkLayerType() const
177  {
178  return m_PcapLinkLayerType;
179  }
180 
184  FileTimestampPrecision getTimestampPrecision() const
185  {
186  return m_Precision;
187  }
188 
191  static bool isNanoSecondPrecisionSupported();
192 
193  // overridden methods
194 
199  bool getNextPacket(RawPacket& rawPacket);
200 
204  bool open();
205  };
206 
211  class PcapFileWriterDevice : public IFileWriterDevice
212  {
213  private:
214  pcap_dumper_t* m_PcapDumpHandler;
215  LinkLayerType m_PcapLinkLayerType;
216  bool m_AppendMode;
217  FileTimestampPrecision m_Precision;
218  FILE* m_File;
219 
220  // private copy c'tor
221  PcapFileWriterDevice(const PcapFileWriterDevice& other);
222  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other);
223 
224  void closeFile();
225 
226  public:
235  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
236  bool nanosecondsPrecision = false);
237 
239  ~PcapFileWriterDevice()
240  {
241  PcapFileWriterDevice::close();
242  }
243 
250  bool writePacket(RawPacket const& packet) override;
251 
259  bool writePackets(const RawPacketVector& packets) override;
260 
262  FileTimestampPrecision getTimestampPrecision() const
263  {
264  return m_Precision;
265  }
266 
269  static bool isNanoSecondPrecisionSupported();
270 
271  // override methods
272 
277  bool open() override;
278 
287  bool open(bool appendMode) override;
288 
290  void close() override;
291 
293  void flush();
294 
295  private:
296  bool openWrite();
297  bool openAppend();
298  };
299 
303  class PcapNgFileReaderDevice : public IFileReaderDevice
304  {
305  private:
306  internal::LightPcapNgHandle* m_LightPcapNg;
307  BpfFilterWrapper m_BpfWrapper;
308 
309  // private copy c'tor
310  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other);
311  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other);
312 
313  public:
317  PcapNgFileReaderDevice(const std::string& fileName);
318 
320  virtual ~PcapNgFileReaderDevice()
321  {
322  close();
323  }
324 
329  std::string getOS() const;
330 
335  std::string getHardware() const;
336 
341  std::string getCaptureApplication() const;
342 
347  std::string getCaptureFileComment() const;
348 
356  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
357 
358  // overridden methods
359 
364  bool getNextPacket(RawPacket& rawPacket);
365 
369  bool open();
370 
375  bool setFilter(std::string filterAsString);
376 
378  void close();
379  };
380 
386  class PcapNgFileWriterDevice : public IFileWriterDevice
387  {
388  private:
389  internal::LightPcapNgHandle* m_LightPcapNg;
390  int m_CompressionLevel;
391  BpfFilterWrapper m_BpfWrapper;
392 
393  // private copy c'tor
394  PcapNgFileWriterDevice(const PcapFileWriterDevice& other);
395  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other);
396 
397  public:
404  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
405 
407  virtual ~PcapNgFileWriterDevice()
408  {
409  PcapNgFileWriterDevice::close();
410  }
411 
420  bool writePacket(RawPacket const& packet, const std::string& comment);
421 
422  // overridden methods
423 
429  bool writePacket(RawPacket const& packet) override;
430 
438  bool writePackets(const RawPacketVector& packets) override;
439 
444  bool open() override;
445 
453  bool open(bool appendMode) override;
454 
468  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
469  const std::string& fileComment);
470 
472  void flush();
473 
475  void close() override;
476 
481  bool setFilter(std::string filterAsString) override;
482 
483  private:
487  struct PcapNgMetadata
488  {
490  std::string os;
492  std::string hardware;
494  std::string captureApplication;
496  std::string comment;
497  };
498 
499  bool openWrite(PcapNgMetadata const* metadata = nullptr);
500  bool openAppend();
501  };
502 
506  class SnoopFileReaderDevice : public IFileReaderDevice
507  {
508  private:
509 #pragma pack(1)
511  typedef struct
512  {
513  uint64_t identification_pattern;
514  uint32_t version_number;
515  uint32_t datalink_type;
516  } snoop_file_header_t;
517 
519  typedef struct
520  {
521  uint32_t original_length;
522  uint32_t included_length;
523  uint32_t packet_record_length;
524  uint32_t ndrops_cumulative;
525  uint32_t time_sec;
526  uint32_t time_usec;
527  } snoop_packet_header_t;
528 #pragma pack()
529 
530  LinkLayerType m_PcapLinkLayerType;
531  std::ifstream m_snoopFile;
532 
533  // private copy c'tor
534  SnoopFileReaderDevice(const PcapFileReaderDevice& other);
535  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other);
536 
537  public:
541  SnoopFileReaderDevice(const std::string& fileName)
542  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
543  {}
544 
546  virtual ~SnoopFileReaderDevice();
547 
549  LinkLayerType getLinkLayerType() const
550  {
551  return m_PcapLinkLayerType;
552  }
553 
554  // overridden methods
555 
560  bool getNextPacket(RawPacket& rawPacket);
561 
565  bool open();
566 
568  void close();
569  };
570 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:40
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:57
pcpp::IFileDevice::close
void close() override
Close the file.
pcpp::IFileDevice::reportPacketProcessed
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:75
pcpp::IFileDevice::reportPacketDropped
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:82
pcpp::IFileDevice::getStatistics
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.
pcpp::IFileDevice::resetStatisticCounters
void resetStatisticCounters()
Reset the internal statistic counters to zero.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:99
pcpp::IFileReaderDevice::~IFileReaderDevice
virtual ~IFileReaderDevice()=default
A destructor for this class.
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:134
pcpp::IFileWriterDevice::~IFileWriterDevice
virtual ~IFileWriterDevice()=default
A destructor for this class.
pcpp::IPcapDevice
Definition: PcapDevice.h:141
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:154
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:167
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:184
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
virtual ~PcapFileReaderDevice()=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:176
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:212
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::~PcapFileWriterDevice
~PcapFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:239
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:262
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:304
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
virtual ~PcapNgFileReaderDevice()
A destructor for this class.
Definition: PcapFileDevice.h:320
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::close
void close()
Close the pacp-ng file.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::setFilter
bool setFilter(std::string filterAsString)
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:387
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
virtual ~PcapNgFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:407
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::setFilter
bool setFilter(std::string filterAsString) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:259
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:507
pcpp::SnoopFileReaderDevice::close
void close()
Close the snoop file.
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:541
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:549
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
virtual ~SnoopFileReaderDevice()
A destructor for this class.
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:28
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:20
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:24
pcpp::ArpMessageType::Unknown
@ Unknown
Unknown ARP message type.
pcpp::internal::PcapStats
Definition: PcapDevice.h:24