PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PcapDevice.h"
4 #include "RawPacket.h"
5 #include <fstream>
6 
7 // forward declaration for structs and typedefs defined in pcap.h
8 struct pcap_dumper;
9 typedef struct pcap_dumper pcap_dumper_t;
10 
12 
15 namespace pcpp
16 {
17  namespace internal
18  {
21  struct LightPcapNgHandle;
22  } // namespace internal
23 
27  enum class FileTimestampPrecision : int8_t
28  {
30  Unknown = -1,
32  Microseconds = 0,
34  Nanoseconds = 1
35  };
36 
39  class IFileDevice : public IPcapDevice
40  {
41  protected:
42  std::string m_FileName;
43 
44  explicit IFileDevice(const std::string& fileName);
45  virtual ~IFileDevice();
46 
47  public:
49  std::string getFileName() const;
50 
51  // override methods
52 
54  void close() override;
55  };
56 
60  class IFileReaderDevice : public IFileDevice
61  {
62  protected:
63  uint32_t m_NumOfPacketsRead;
64  uint32_t m_NumOfPacketsNotParsed;
65 
69  IFileReaderDevice(const std::string& fileName);
70 
71  public:
73  virtual ~IFileReaderDevice() = default;
74 
76  uint64_t getFileSize() const;
77 
78  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
79 
85  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
86 
92  static IFileReaderDevice* getReader(const std::string& fileName);
93  };
94 
98  class IFileWriterDevice : public IFileDevice
99  {
100  protected:
101  uint32_t m_NumOfPacketsWritten;
102  uint32_t m_NumOfPacketsNotWritten;
103 
104  IFileWriterDevice(const std::string& fileName);
105 
106  public:
108  virtual ~IFileWriterDevice()
109  {}
110 
111  virtual bool writePacket(RawPacket const& packet) = 0;
112 
113  virtual bool writePackets(const RawPacketVector& packets) = 0;
114 
115  using IFileDevice::open;
116  virtual bool open(bool appendMode) = 0;
117  };
118 
122  class PcapFileReaderDevice : public IFileReaderDevice
123  {
124  private:
125  FileTimestampPrecision m_Precision;
126  LinkLayerType m_PcapLinkLayerType;
127 
128  // private copy c'tor
129  PcapFileReaderDevice(const PcapFileReaderDevice& other);
130  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other);
131 
132  public:
136  PcapFileReaderDevice(const std::string& fileName)
137  : IFileReaderDevice(fileName), m_Precision(FileTimestampPrecision::Unknown),
138  m_PcapLinkLayerType(LINKTYPE_ETHERNET)
139  {}
140 
142  virtual ~PcapFileReaderDevice() = default;
143 
145  LinkLayerType getLinkLayerType() const
146  {
147  return m_PcapLinkLayerType;
148  }
149 
153  FileTimestampPrecision getTimestampPrecision() const
154  {
155  return m_Precision;
156  }
157 
160  static bool isNanoSecondPrecisionSupported();
161 
162  // overridden methods
163 
168  bool getNextPacket(RawPacket& rawPacket);
169 
173  bool open();
174 
178  void getStatistics(PcapStats& stats) const;
179  };
180 
185  class PcapFileWriterDevice : public IFileWriterDevice
186  {
187  private:
188  pcap_dumper_t* m_PcapDumpHandler;
189  LinkLayerType m_PcapLinkLayerType;
190  bool m_AppendMode;
191  FileTimestampPrecision m_Precision;
192  FILE* m_File;
193 
194  // private copy c'tor
195  PcapFileWriterDevice(const PcapFileWriterDevice& other);
196  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other);
197 
198  void closeFile();
199 
200  public:
209  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
210  bool nanosecondsPrecision = false);
211 
213  ~PcapFileWriterDevice()
214  {
215  PcapFileWriterDevice::close();
216  }
217 
224  bool writePacket(RawPacket const& packet) override;
225 
233  bool writePackets(const RawPacketVector& packets) override;
234 
236  FileTimestampPrecision getTimestampPrecision() const
237  {
238  return m_Precision;
239  }
240 
243  static bool isNanoSecondPrecisionSupported();
244 
245  // override methods
246 
251  bool open() override;
252 
261  bool open(bool appendMode) override;
262 
264  void close() override;
265 
267  void flush();
268 
271  void getStatistics(PcapStats& stats) const override;
272 
273  private:
274  bool openWrite();
275  bool openAppend();
276  };
277 
281  class SnoopFileReaderDevice : public IFileReaderDevice
282  {
283  private:
284 #pragma pack(1)
286  typedef struct
287  {
288  uint64_t identification_pattern;
289  uint32_t version_number;
290  uint32_t datalink_type;
291  } snoop_file_header_t;
292 
294  typedef struct
295  {
296  uint32_t original_length;
297  uint32_t included_length;
298  uint32_t packet_record_length;
299  uint32_t ndrops_cumulative;
300  uint32_t time_sec;
301  uint32_t time_usec;
302  } snoop_packet_header_t;
303 #pragma pack()
304 
305  LinkLayerType m_PcapLinkLayerType;
306  std::ifstream m_snoopFile;
307 
308  // private copy c'tor
309  SnoopFileReaderDevice(const PcapFileReaderDevice& other);
310  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other);
311 
312  public:
316  SnoopFileReaderDevice(const std::string& fileName)
317  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
318  {}
319 
321  virtual ~SnoopFileReaderDevice();
322 
324  LinkLayerType getLinkLayerType() const
325  {
326  return m_PcapLinkLayerType;
327  }
328 
329  // overridden methods
330 
335  bool getNextPacket(RawPacket& rawPacket);
336 
340  bool open();
341 
345  void getStatistics(PcapStats& stats) const;
346 
348  void close();
349  };
350 
354  class PcapNgFileReaderDevice : public IFileReaderDevice
355  {
356  private:
357  internal::LightPcapNgHandle* m_LightPcapNg;
358  BpfFilterWrapper m_BpfWrapper;
359 
360  // private copy c'tor
361  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other);
362  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other);
363 
364  public:
368  PcapNgFileReaderDevice(const std::string& fileName);
369 
371  virtual ~PcapNgFileReaderDevice()
372  {
373  close();
374  }
375 
380  std::string getOS() const;
381 
386  std::string getHardware() const;
387 
392  std::string getCaptureApplication() const;
393 
398  std::string getCaptureFileComment() const;
399 
407  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
408 
409  // overridden methods
410 
415  bool getNextPacket(RawPacket& rawPacket);
416 
420  bool open();
421 
424  void getStatistics(PcapStats& stats) const;
425 
430  bool setFilter(std::string filterAsString);
431 
433  void close();
434  };
435 
441  class PcapNgFileWriterDevice : public IFileWriterDevice
442  {
443  private:
444  internal::LightPcapNgHandle* m_LightPcapNg;
445  int m_CompressionLevel;
446  BpfFilterWrapper m_BpfWrapper;
447 
448  // private copy c'tor
449  PcapNgFileWriterDevice(const PcapFileWriterDevice& other);
450  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other);
451 
452  public:
459  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
460 
462  virtual ~PcapNgFileWriterDevice()
463  {
464  PcapNgFileWriterDevice::close();
465  }
466 
475  bool writePacket(RawPacket const& packet, const std::string& comment);
476 
477  // overridden methods
478 
484  bool writePacket(RawPacket const& packet) override;
485 
493  bool writePackets(const RawPacketVector& packets) override;
494 
499  bool open() override;
500 
508  bool open(bool appendMode) override;
509 
523  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
524  const std::string& fileComment);
525 
527  void flush();
528 
530  void close() override;
531 
534  void getStatistics(PcapStats& stats) const override;
535 
540  bool setFilter(std::string filterAsString) override;
541 
542  private:
546  struct PcapNgMetadata
547  {
549  std::string os;
551  std::string hardware;
553  std::string captureApplication;
555  std::string comment;
556  };
557 
558  bool openWrite(PcapNgMetadata const* metadata = nullptr);
559  bool openAppend();
560  };
561 
562 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:40
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::close
void close() override
Close the file.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:61
pcpp::IFileReaderDevice::~IFileReaderDevice
virtual ~IFileReaderDevice()=default
A destructor for this class.
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:99
pcpp::IFileWriterDevice::~IFileWriterDevice
virtual ~IFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:108
pcpp::IPcapDevice
Definition: PcapDevice.h:141
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:123
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:136
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:153
pcpp::PcapFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
virtual ~PcapFileReaderDevice()=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:145
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:186
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::getStatistics
void getStatistics(PcapStats &stats) const override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::~PcapFileWriterDevice
~PcapFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:213
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:236
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:355
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
virtual ~PcapNgFileReaderDevice()
A destructor for this class.
Definition: PcapFileDevice.h:371
pcpp::PcapNgFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::close
void close()
Close the pacp-ng file.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::setFilter
bool setFilter(std::string filterAsString)
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:442
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::getStatistics
void getStatistics(PcapStats &stats) const override
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
virtual ~PcapNgFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:462
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::setFilter
bool setFilter(std::string filterAsString) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:259
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:282
pcpp::SnoopFileReaderDevice::close
void close()
Close the snoop file.
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:316
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:324
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
virtual ~SnoopFileReaderDevice()
A destructor for this class.
pcpp::SnoopFileReaderDevice::getStatistics
void getStatistics(PcapStats &stats) const
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:28
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:20
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:24
pcpp::ArpMessageType::Unknown
@ Unknown
Unknown ARP message type.
pcpp::internal::PcapStats
Definition: PcapDevice.h:24