PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PcapDevice.h"
4 #include "RawPacket.h"
5 #include <fstream>
6 
7 // forward declaration for structs and typedefs defined in pcap.h
8 struct pcap_dumper;
9 typedef struct pcap_dumper pcap_dumper_t;
10 
12 
15 namespace pcpp
16 {
17  namespace internal
18  {
21  struct LightPcapNgHandle;
22  } // namespace internal
23 
27  enum class FileTimestampPrecision : int8_t
28  {
30  Unknown = -1,
32  Microseconds = 0,
34  Nanoseconds = 1
35  };
36 
39  class IFileDevice : public IPcapDevice
40  {
41  protected:
42  std::string m_FileName;
43 
44  explicit IFileDevice(const std::string& fileName);
45  virtual ~IFileDevice();
46 
47  public:
49  std::string getFileName() const;
50 
51  // override methods
52 
54  void close() override;
55  };
56 
60  class IFileReaderDevice : public IFileDevice
61  {
62  protected:
63  uint32_t m_NumOfPacketsRead;
64  uint32_t m_NumOfPacketsNotParsed;
65 
69  IFileReaderDevice(const std::string& fileName);
70 
71  public:
73  virtual ~IFileReaderDevice() = default;
74 
76  uint64_t getFileSize() const;
77 
78  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
79 
85  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
86 
92  static IFileReaderDevice* getReader(const std::string& fileName);
93  };
94 
98  class PcapFileReaderDevice : public IFileReaderDevice
99  {
100  private:
101  FileTimestampPrecision m_Precision;
102  LinkLayerType m_PcapLinkLayerType;
103 
104  // private copy c'tor
105  PcapFileReaderDevice(const PcapFileReaderDevice& other);
106  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other);
107 
108  public:
112  PcapFileReaderDevice(const std::string& fileName)
113  : IFileReaderDevice(fileName), m_Precision(FileTimestampPrecision::Unknown),
114  m_PcapLinkLayerType(LINKTYPE_ETHERNET)
115  {}
116 
118  virtual ~PcapFileReaderDevice() = default;
119 
121  LinkLayerType getLinkLayerType() const
122  {
123  return m_PcapLinkLayerType;
124  }
125 
129  FileTimestampPrecision getTimestampPrecision() const
130  {
131  return m_Precision;
132  }
133 
136  static bool isNanoSecondPrecisionSupported();
137 
138  // overridden methods
139 
144  bool getNextPacket(RawPacket& rawPacket);
145 
149  bool open();
150 
154  void getStatistics(PcapStats& stats) const;
155  };
156 
160  class SnoopFileReaderDevice : public IFileReaderDevice
161  {
162  private:
163 #pragma pack(1)
165  typedef struct
166  {
167  uint64_t identification_pattern;
168  uint32_t version_number;
169  uint32_t datalink_type;
170  } snoop_file_header_t;
171 
173  typedef struct
174  {
175  uint32_t original_length;
176  uint32_t included_length;
177  uint32_t packet_record_length;
178  uint32_t ndrops_cumulative;
179  uint32_t time_sec;
180  uint32_t time_usec;
181  } snoop_packet_header_t;
182 #pragma pack()
183 
184  LinkLayerType m_PcapLinkLayerType;
185  std::ifstream m_snoopFile;
186 
187  // private copy c'tor
188  SnoopFileReaderDevice(const PcapFileReaderDevice& other);
189  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other);
190 
191  public:
195  SnoopFileReaderDevice(const std::string& fileName)
196  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
197  {}
198 
200  virtual ~SnoopFileReaderDevice();
201 
203  LinkLayerType getLinkLayerType() const
204  {
205  return m_PcapLinkLayerType;
206  }
207 
208  // overridden methods
209 
214  bool getNextPacket(RawPacket& rawPacket);
215 
219  bool open();
220 
224  void getStatistics(PcapStats& stats) const;
225 
227  void close();
228  };
229 
233  class PcapNgFileReaderDevice : public IFileReaderDevice
234  {
235  private:
236  internal::LightPcapNgHandle* m_LightPcapNg;
237  BpfFilterWrapper m_BpfWrapper;
238 
239  // private copy c'tor
240  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other);
241  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other);
242 
243  public:
247  PcapNgFileReaderDevice(const std::string& fileName);
248 
250  virtual ~PcapNgFileReaderDevice()
251  {
252  close();
253  }
254 
259  std::string getOS() const;
260 
265  std::string getHardware() const;
266 
271  std::string getCaptureApplication() const;
272 
277  std::string getCaptureFileComment() const;
278 
286  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
287 
288  // overridden methods
289 
294  bool getNextPacket(RawPacket& rawPacket);
295 
299  bool open();
300 
303  void getStatistics(PcapStats& stats) const;
304 
309  bool setFilter(std::string filterAsString);
310 
312  void close();
313  };
314 
318  class IFileWriterDevice : public IFileDevice
319  {
320  protected:
321  uint32_t m_NumOfPacketsWritten;
322  uint32_t m_NumOfPacketsNotWritten;
323 
324  IFileWriterDevice(const std::string& fileName);
325 
326  public:
328  virtual ~IFileWriterDevice()
329  {}
330 
331  virtual bool writePacket(RawPacket const& packet) = 0;
332 
333  virtual bool writePackets(const RawPacketVector& packets) = 0;
334 
335  using IFileDevice::open;
336  virtual bool open(bool appendMode) = 0;
337  };
338 
343  class PcapFileWriterDevice : public IFileWriterDevice
344  {
345  private:
346  pcap_dumper_t* m_PcapDumpHandler;
347  LinkLayerType m_PcapLinkLayerType;
348  bool m_AppendMode;
349  FileTimestampPrecision m_Precision;
350  FILE* m_File;
351 
352  // private copy c'tor
353  PcapFileWriterDevice(const PcapFileWriterDevice& other);
354  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other);
355 
356  void closeFile();
357 
358  public:
367  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
368  bool nanosecondsPrecision = false);
369 
371  ~PcapFileWriterDevice()
372  {
373  PcapFileWriterDevice::close();
374  }
375 
382  bool writePacket(RawPacket const& packet) override;
383 
391  bool writePackets(const RawPacketVector& packets) override;
392 
394  FileTimestampPrecision getTimestampPrecision() const
395  {
396  return m_Precision;
397  }
398 
401  static bool isNanoSecondPrecisionSupported();
402 
403  // override methods
404 
409  bool open() override;
410 
419  bool open(bool appendMode) override;
420 
422  void close() override;
423 
425  void flush();
426 
429  void getStatistics(PcapStats& stats) const override;
430 
431  private:
432  bool openWrite();
433  bool openAppend();
434  };
435 
441  class PcapNgFileWriterDevice : public IFileWriterDevice
442  {
443  private:
444  internal::LightPcapNgHandle* m_LightPcapNg;
445  int m_CompressionLevel;
446  BpfFilterWrapper m_BpfWrapper;
447 
448  // private copy c'tor
449  PcapNgFileWriterDevice(const PcapFileWriterDevice& other);
450  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other);
451 
452  public:
459  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
460 
462  virtual ~PcapNgFileWriterDevice()
463  {
464  PcapNgFileWriterDevice::close();
465  }
466 
475  bool writePacket(RawPacket const& packet, const std::string& comment);
476 
477  // overridden methods
478 
484  bool writePacket(RawPacket const& packet) override;
485 
493  bool writePackets(const RawPacketVector& packets) override;
494 
499  bool open() override;
500 
508  bool open(bool appendMode) override;
509 
523  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
524  const std::string& fileComment);
525 
527  void flush();
528 
530  void close() override;
531 
534  void getStatistics(PcapStats& stats) const override;
535 
540  bool setFilter(std::string filterAsString) override;
541 
542  private:
546  struct PcapNgMetadata
547  {
549  std::string os;
551  std::string hardware;
553  std::string captureApplication;
555  std::string comment;
556  };
557 
558  bool openWrite(PcapNgMetadata const* metadata = nullptr);
559  bool openAppend();
560  };
561 
562 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:40
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::close
void close() override
Close the file.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:61
pcpp::IFileReaderDevice::~IFileReaderDevice
virtual ~IFileReaderDevice()=default
A destructor for this class.
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:319
pcpp::IFileWriterDevice::~IFileWriterDevice
virtual ~IFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:328
pcpp::IPcapDevice
Definition: PcapDevice.h:141
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:99
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:112
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:129
pcpp::PcapFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
virtual ~PcapFileReaderDevice()=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:121
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:344
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::getStatistics
void getStatistics(PcapStats &stats) const override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::~PcapFileWriterDevice
~PcapFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:371
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:394
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:234
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
virtual ~PcapNgFileReaderDevice()
A destructor for this class.
Definition: PcapFileDevice.h:250
pcpp::PcapNgFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::close
void close()
Close the pacp-ng file.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::setFilter
bool setFilter(std::string filterAsString)
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:442
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::getStatistics
void getStatistics(PcapStats &stats) const override
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
virtual ~PcapNgFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:462
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::setFilter
bool setFilter(std::string filterAsString) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:259
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:161
pcpp::SnoopFileReaderDevice::close
void close()
Close the snoop file.
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:195
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:203
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
virtual ~SnoopFileReaderDevice()
A destructor for this class.
pcpp::SnoopFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:28
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:20
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:24
pcpp::ArpMessageType::Unknown
@ Unknown
Unknown ARP message type.
pcpp::internal::PcapStats
Definition: PcapDevice.h:24