PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Device.h"
4 #include "PcapDevice.h"
5 #include "RawPacket.h"
6 #include <fstream>
7 
9 
12 namespace pcpp
13 {
14  namespace internal
15  {
18  struct LightPcapNgHandle;
19  } // namespace internal
20 
24  enum class FileTimestampPrecision : int8_t
25  {
27  Unknown = -1,
29  Microseconds = 0,
31  Nanoseconds = 1
32  };
33 
36  class IFileDevice : public IFilterableDevice, public IPcapStatisticsProvider
37  {
38  protected:
39  std::string m_FileName;
40  BpfFilterWrapper m_BpfWrapper;
41 
42  explicit IFileDevice(const std::string& fileName);
43 
44  bool doUpdateFilter(std::string const* filterAsString) override;
45 
46  public:
48  std::string getFileName() const;
49 
50  // override methods
51 
60  void getStatistics(PcapStats& stats) const override;
61 
62  protected:
65  void reportPacketProcessed(uint64_t numPackets = 1)
66  {
67  m_NumOfPacketsProcessed += numPackets;
68  }
69 
72  void reportPacketDropped(uint64_t numPackets = 1)
73  {
74  m_NumOfPacketsDropped += numPackets;
75  }
76 
78  void resetStatisticCounters();
79 
80  private:
81  uint64_t m_NumOfPacketsProcessed = 0;
82  uint64_t m_NumOfPacketsDropped = 0;
83  };
84 
88  class IFileReaderDevice : public IFileDevice
89  {
90  protected:
94  IFileReaderDevice(const std::string& fileName);
95 
96  public:
98  ~IFileReaderDevice() override = default;
99 
101  uint64_t getFileSize() const;
102 
103  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
104 
110  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
111 
117  static IFileReaderDevice* getReader(const std::string& fileName);
118  };
119 
123  class IFileWriterDevice : public IFileDevice
124  {
125  protected:
126  IFileWriterDevice(const std::string& fileName);
127 
128  public:
130  ~IFileWriterDevice() override = default;
131 
132  virtual bool writePacket(RawPacket const& packet) = 0;
133 
134  virtual bool writePackets(const RawPacketVector& packets) = 0;
135 
136  using IFileDevice::open;
137  virtual bool open(bool appendMode) = 0;
138  };
139 
143  class PcapFileReaderDevice : public IFileReaderDevice
144  {
145  public:
149  explicit PcapFileReaderDevice(const std::string& fileName) : IFileReaderDevice(fileName)
150  {}
151 
153  ~PcapFileReaderDevice() override = default;
154 
155  PcapFileReaderDevice(const PcapFileReaderDevice& other) = delete;
156  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other) = delete;
157 
159  LinkLayerType getLinkLayerType() const
160  {
161  return m_PcapLinkLayerType;
162  }
163 
165  FileTimestampPrecision getTimestampPrecision() const
166  {
167  return m_Precision;
168  }
169 
171  uint32_t getSnapshotLength() const
172  {
173  return m_SnapshotLength;
174  }
175 
179  PCPP_DEPRECATED("Nanosecond precision is now natively supported by the internal parser and always returns true")
180  static bool isNanoSecondPrecisionSupported()
181  {
182  return true;
183  }
184 
185  // overridden methods
186 
188  bool isOpened() const override
189  {
190  return m_PcapFile.is_open();
191  }
192 
197  bool getNextPacket(RawPacket& rawPacket) override;
198 
202  bool open() override;
203 
205  void close() override;
206 
207  private:
208  FileTimestampPrecision m_Precision = FileTimestampPrecision::Unknown;
209  LinkLayerType m_PcapLinkLayerType = LINKTYPE_ETHERNET;
210  std::ifstream m_PcapFile;
211  bool m_NeedsSwap = false;
212  uint32_t m_SnapshotLength = 0;
213  std::vector<uint8_t> m_ReadBuffer;
214 
215  bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,
216  uint32_t& capturedLength, uint32_t& frameLength);
217  };
218 
224  class PcapFileWriterDevice : public IFileWriterDevice
225  {
226  public:
237  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
238  bool nanosecondsPrecision = false);
239 
240  PcapFileWriterDevice(const PcapFileWriterDevice& other) = delete;
241  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other) = delete;
242 
249  bool writePacket(RawPacket const& packet) override;
250 
258  bool writePackets(const RawPacketVector& packets) override;
259 
261  FileTimestampPrecision getTimestampPrecision() const
262  {
263  return m_Precision;
264  }
265 
269  PCPP_DEPRECATED("Nanosecond precision is now natively supported by the internal parser and always returns true")
270  static bool isNanoSecondPrecisionSupported()
271  {
272  return true;
273  }
274 
275  LinkLayerType getLinkLayerType() const
276  {
277  return m_PcapLinkLayerType;
278  }
279 
284  bool open() override;
285 
294  bool open(bool appendMode) override;
295 
297  bool isOpened() const override
298  {
299  return m_PcapFile.is_open();
300  }
301 
303  void close() override;
304 
306  void flush();
307 
308  private:
309  static bool writeHeader(std::ostream& outStream, FileTimestampPrecision precision, uint32_t snaplen,
310  LinkLayerType linkType);
311 
312  LinkLayerType m_PcapLinkLayerType = LINKTYPE_ETHERNET;
313  bool m_NeedsSwap = false;
314  FileTimestampPrecision m_Precision = FileTimestampPrecision::Unknown;
315  std::fstream m_PcapFile;
316  };
317 
321  class PcapNgFileReaderDevice : public IFileReaderDevice
322  {
323  private:
324  internal::LightPcapNgHandle* m_LightPcapNg;
325 
326  public:
330  PcapNgFileReaderDevice(const std::string& fileName);
331 
333  ~PcapNgFileReaderDevice() override
334  {
335  PcapNgFileReaderDevice::close();
336  }
337 
338  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other) = delete;
339  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other) = delete;
340 
345  std::string getOS() const;
346 
351  std::string getHardware() const;
352 
357  std::string getCaptureApplication() const;
358 
363  std::string getCaptureFileComment() const;
364 
372  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
373 
374  // overridden methods
375 
380  bool getNextPacket(RawPacket& rawPacket) override;
381 
385  bool open() override;
386 
388  bool isOpened() const override
389  {
390  return m_LightPcapNg != nullptr;
391  }
392 
394  void close() override;
395 
396  private:
397  bool getNextPacketInternal(RawPacket& rawPacket, std::string* packetComment);
398  };
399 
405  class PcapNgFileWriterDevice : public IFileWriterDevice
406  {
407  private:
408  internal::LightPcapNgHandle* m_LightPcapNg;
409  int m_CompressionLevel;
410 
411  public:
418  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
419 
421  ~PcapNgFileWriterDevice() override
422  {
423  PcapNgFileWriterDevice::close();
424  }
425 
426  PcapNgFileWriterDevice(const PcapFileWriterDevice& other) = delete;
427  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other) = delete;
428 
437  bool writePacket(RawPacket const& packet, const std::string& comment);
438 
439  // overridden methods
440 
446  bool writePacket(RawPacket const& packet) override;
447 
455  bool writePackets(const RawPacketVector& packets) override;
456 
461  bool open() override;
462 
470  bool open(bool appendMode) override;
471 
485  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
486  const std::string& fileComment);
487 
489  bool isOpened() const override
490  {
491  return m_LightPcapNg != nullptr;
492  }
493 
495  void flush();
496 
498  void close() override;
499 
500  private:
504  struct PcapNgMetadata
505  {
507  std::string os;
509  std::string hardware;
511  std::string captureApplication;
513  std::string comment;
514  };
515 
516  bool openWrite(PcapNgMetadata const* metadata = nullptr);
517  bool openAppend();
518  };
519 
523  class SnoopFileReaderDevice : public IFileReaderDevice
524  {
525  private:
526 #pragma pack(1)
528  typedef struct
529  {
530  uint64_t identification_pattern;
531  uint32_t version_number;
532  uint32_t datalink_type;
533  } snoop_file_header_t;
534 
536  typedef struct
537  {
538  uint32_t original_length;
539  uint32_t included_length;
540  uint32_t packet_record_length;
541  uint32_t ndrops_cumulative;
542  uint32_t time_sec;
543  uint32_t time_usec;
544  } snoop_packet_header_t;
545 #pragma pack()
546 
547  LinkLayerType m_PcapLinkLayerType;
548  std::ifstream m_SnoopFile;
549  std::vector<uint8_t> m_ReadBuffer;
550 
551  bool readNextPacket(timespec& packetTimestamp, uint8_t* packetData, uint32_t packetDataLen,
552  uint32_t& capturedLength, uint32_t& frameLength);
553 
554  public:
558  SnoopFileReaderDevice(const std::string& fileName)
559  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
560  {}
561 
563  ~SnoopFileReaderDevice() override;
564 
565  SnoopFileReaderDevice(const PcapFileReaderDevice& other) = delete;
566  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other) = delete;
567 
569  LinkLayerType getLinkLayerType() const
570  {
571  return m_PcapLinkLayerType;
572  }
573 
574  // overridden methods
575 
580  bool getNextPacket(RawPacket& rawPacket) override;
581 
585  bool open() override;
586 
588  bool isOpened() const override
589  {
590  return m_SnoopFile.is_open();
591  }
592 
594  void close() override;
595  };
596 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:37
pcpp::IFileDevice::doUpdateFilter
bool doUpdateFilter(std::string const *filterAsString) override
Updates the filter on the device with a BPF string.
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::reportPacketProcessed
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:65
pcpp::IFileDevice::reportPacketDropped
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:72
pcpp::IFileDevice::getStatistics
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.
pcpp::IFileDevice::resetStatisticCounters
void resetStatisticCounters()
Reset the internal statistic counters to zero.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:89
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::~IFileReaderDevice
~IFileReaderDevice() override=default
A destructor for this class.
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:124
pcpp::IFileWriterDevice::~IFileWriterDevice
~IFileWriterDevice() override=default
A destructor for this class.
pcpp::IFilterableDevice
Definition: Device.h:44
pcpp::IPcapStatisticsProvider
An interface for providing Pcap-based device statistics.
Definition: PcapDevice.h:25
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:144
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:149
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::PcapFileReaderDevice::close
void close() override
Close the pacp file.
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:180
pcpp::PcapFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:188
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:165
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:159
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
~PcapFileReaderDevice() override=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getSnapshotLength
uint32_t getSnapshotLength() const
Definition: PcapFileDevice.h:171
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:225
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:297
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
Definition: PcapFileDevice.h:270
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:261
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:322
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:388
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
~PcapNgFileReaderDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:333
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::close
void close() override
Close the pacp-ng file.
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:406
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:489
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
~PcapNgFileWriterDevice() override
A destructor for this class.
Definition: PcapFileDevice.h:421
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:290
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:524
pcpp::SnoopFileReaderDevice::close
void close() override
Close the snoop file.
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:558
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:569
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
~SnoopFileReaderDevice() override
A destructor for this class.
pcpp::SnoopFileReaderDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:588
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:25
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:22
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:26
pcpp::PcapStats
Definition: PcapDevice.h:14