39 std::string m_FileName;
67 m_NumOfPacketsProcessed += numPackets;
74 m_NumOfPacketsDropped += numPackets;
81 uint64_t m_NumOfPacketsProcessed = 0;
82 uint64_t m_NumOfPacketsDropped = 0;
103 virtual bool getNextPacket(
RawPacket& rawPacket) = 0;
132 virtual bool writePacket(
RawPacket const& packet) = 0;
137 virtual bool open(
bool appendMode) = 0;
161 return m_PcapLinkLayerType;
173 return m_SnapshotLength;
179 PCPP_DEPRECATED(
"Nanosecond precision is now natively supported by the internal parser and always returns true")
190 return m_PcapFile.is_open();
210 std::ifstream m_PcapFile;
211 bool m_NeedsSwap =
false;
212 uint32_t m_SnapshotLength = 0;
213 std::vector<uint8_t> m_ReadBuffer;
215 bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,
216 uint32_t& capturedLength, uint32_t& frameLength);
238 bool nanosecondsPrecision =
false);
269 PCPP_DEPRECATED(
"Nanosecond precision is now natively supported by the internal parser and always returns true")
277 return m_PcapLinkLayerType;
294 bool open(
bool appendMode)
override;
299 return m_PcapFile.is_open();
310 bool m_NeedsSwap =
false;
312 std::fstream m_PcapFile;
314 struct CheckHeaderResult
325 bool needsSwap =
false;
327 static CheckHeaderResult fromOk(
bool needsSwap)
329 return { Result::HeaderOk,
"", needsSwap };
332 static CheckHeaderResult fromError(
const std::string& error)
334 return { Result::HeaderError, error };
337 static CheckHeaderResult fromHeaderNeeded()
339 return { Result::HeaderNeeded };
355 internal::LightPcapNgHandle* m_LightPcapNg;
421 return m_LightPcapNg !=
nullptr;
428 bool getNextPacketInternal(
RawPacket& rawPacket, std::string* packetComment);
439 internal::LightPcapNgHandle* m_LightPcapNg;
440 int m_CompressionLevel;
501 bool open(
bool appendMode)
override;
516 bool open(
const std::string& os,
const std::string& hardware,
const std::string& captureApp,
517 const std::string& fileComment);
522 return m_LightPcapNg !=
nullptr;
535 struct PcapNgMetadata
540 std::string hardware;
542 std::string captureApplication;
547 bool openWrite(PcapNgMetadata
const* metadata =
nullptr);
561 uint64_t identification_pattern;
562 uint32_t version_number;
563 uint32_t datalink_type;
564 } snoop_file_header_t;
569 uint32_t original_length;
570 uint32_t included_length;
571 uint32_t packet_record_length;
572 uint32_t ndrops_cumulative;
575 } snoop_packet_header_t;
579 std::ifstream m_SnoopFile;
581 bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,
582 uint32_t& capturedLength, uint32_t& frameLength);
601 return m_PcapLinkLayerType;
620 return m_SnoopFile.is_open();
Definition: PcapFilter.h:80
Definition: PcapFileDevice.h:37
bool doUpdateFilter(std::string const *filterAsString) override
Updates the filter on the device with a BPF string.
std::string getFileName() const
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:65
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:72
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.
void resetStatisticCounters()
Reset the internal statistic counters to zero.
Definition: PcapFileDevice.h:89
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
uint64_t getFileSize() const
static IFileReaderDevice * getReader(const std::string &fileName)
~IFileReaderDevice() override=default
A destructor for this class.
IFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:124
~IFileWriterDevice() override=default
A destructor for this class.
An interface for providing Pcap-based device statistics.
Definition: PcapDevice.h:25
Definition: PcapFileDevice.h:144
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:149
bool getNextPacket(RawPacket &rawPacket) override
void close() override
Close the pacp file.
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:180
bool isOpened() const override
Definition: PcapFileDevice.h:188
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:165
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:159
~PcapFileReaderDevice() override=default
A destructor for this class.
uint32_t getSnapshotLength() const
Definition: PcapFileDevice.h:171
Definition: PcapFileDevice.h:225
bool open(bool appendMode) override
void flush()
Flush packets to disk.
void close() override
Flush and close the pacp file.
bool isOpened() const override
Definition: PcapFileDevice.h:297
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
bool writePacket(RawPacket const &packet) override
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:270
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:261
bool writePackets(const RawPacketVector &packets) override
Definition: PcapFileDevice.h:353
std::string getOS() const
bool isOpened() const override
Definition: PcapFileDevice.h:419
std::string getCaptureApplication() const
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
bool getNextPacket(RawPacket &rawPacket) override
~PcapNgFileReaderDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:364
std::string getCaptureFileComment() const
PcapNgFileReaderDevice(const std::string &fileName)
std::string getHardware() const
void close() override
Close the pacp-ng file.
Definition: PcapFileDevice.h:437
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
bool isOpened() const override
Definition: PcapFileDevice.h:520
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
bool writePacket(RawPacket const &packet) override
void close() override
Flush and close the pcap-ng file.
bool writePackets(const RawPacketVector &packets) override
~PcapNgFileWriterDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:452
bool open(bool appendMode) override
bool writePacket(RawPacket const &packet, const std::string &comment)
void flush()
Flush packets to the pcap-ng file.
Definition: PointerVector.h:50
Definition: RawPacket.h:290
Definition: PcapFileDevice.h:555
void close() override
Close the snoop file.
bool getNextPacket(RawPacket &rawPacket) override
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:588
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:599
~SnoopFileReaderDevice() override
A destructor for this class.
bool isOpened() const override
Definition: PcapFileDevice.h:618
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
FileTimestampPrecision
Definition: PcapFileDevice.h:25
@ Microseconds
Precision is in microseconds.
@ Unknown
Precision is unknown or not set/determined.
@ Nanoseconds
Precision is in nanoseconds.
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:22
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:26
Definition: PcapDevice.h:14
1.9.1