PcapPlusPlus  Next
PcapFileDevice.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PcapDevice.h"
4 #include "RawPacket.h"
5 #include <fstream>
6 
7 // forward declaration for structs and typedefs defined in pcap.h
8 struct pcap_dumper;
9 typedef struct pcap_dumper pcap_dumper_t;
10 
12 
15 namespace pcpp
16 {
17  namespace internal
18  {
21  struct LightPcapNgHandle;
22  } // namespace internal
23 
27  enum class FileTimestampPrecision : int8_t
28  {
30  Unknown = -1,
32  Microseconds = 0,
34  Nanoseconds = 1
35  };
36 
39  class IFileDevice : public IPcapDevice
40  {
41  protected:
42  bool m_DeviceOpened = false;
43  std::string m_FileName;
44 
45  explicit IFileDevice(const std::string& fileName);
46  virtual ~IFileDevice();
47 
48  public:
50  std::string getFileName() const;
51 
52  // override methods
53 
55  void close() override;
56 
57  bool isOpened() const override
58  {
59  return m_DeviceOpened;
60  }
61 
70  void getStatistics(PcapStats& stats) const override;
71 
72  protected:
75  void reportPacketProcessed(uint64_t numPackets = 1)
76  {
77  m_NumOfPacketsProcessed += numPackets;
78  }
79 
82  void reportPacketDropped(uint64_t numPackets = 1)
83  {
84  m_NumOfPacketsDropped += numPackets;
85  }
86 
88  void resetStatisticCounters();
89 
90  private:
91  uint64_t m_NumOfPacketsProcessed = 0;
92  uint64_t m_NumOfPacketsDropped = 0;
93  };
94 
98  class IFileReaderDevice : public IFileDevice
99  {
100  protected:
104  IFileReaderDevice(const std::string& fileName);
105 
106  public:
108  virtual ~IFileReaderDevice() = default;
109 
111  uint64_t getFileSize() const;
112 
113  virtual bool getNextPacket(RawPacket& rawPacket) = 0;
114 
120  int getNextPackets(RawPacketVector& packetVec, int numOfPacketsToRead = -1);
121 
127  static IFileReaderDevice* getReader(const std::string& fileName);
128  };
129 
133  class IFileWriterDevice : public IFileDevice
134  {
135  protected:
136  IFileWriterDevice(const std::string& fileName);
137 
138  public:
140  virtual ~IFileWriterDevice() = default;
141 
142  virtual bool writePacket(RawPacket const& packet) = 0;
143 
144  virtual bool writePackets(const RawPacketVector& packets) = 0;
145 
146  using IFileDevice::open;
147  virtual bool open(bool appendMode) = 0;
148  };
149 
153  class PcapFileReaderDevice : public IFileReaderDevice
154  {
155  private:
156  FileTimestampPrecision m_Precision;
157  LinkLayerType m_PcapLinkLayerType;
158 
159  // private copy c'tor
160  PcapFileReaderDevice(const PcapFileReaderDevice& other);
161  PcapFileReaderDevice& operator=(const PcapFileReaderDevice& other);
162 
163  public:
167  PcapFileReaderDevice(const std::string& fileName)
168  : IFileReaderDevice(fileName), m_Precision(FileTimestampPrecision::Unknown),
169  m_PcapLinkLayerType(LINKTYPE_ETHERNET)
170  {}
171 
173  virtual ~PcapFileReaderDevice() = default;
174 
176  LinkLayerType getLinkLayerType() const
177  {
178  return m_PcapLinkLayerType;
179  }
180 
184  FileTimestampPrecision getTimestampPrecision() const
185  {
186  return m_Precision;
187  }
188 
191  static bool isNanoSecondPrecisionSupported();
192 
193  // overridden methods
194 
199  bool getNextPacket(RawPacket& rawPacket);
200 
204  bool open();
205  };
206 
211  class PcapFileWriterDevice : public IFileWriterDevice
212  {
213  private:
214  pcap_dumper_t* m_PcapDumpHandler;
215  LinkLayerType m_PcapLinkLayerType;
216  bool m_AppendMode;
217  FileTimestampPrecision m_Precision;
218  FILE* m_File;
219 
220  // private copy c'tor
221  PcapFileWriterDevice(const PcapFileWriterDevice& other);
222  PcapFileWriterDevice& operator=(const PcapFileWriterDevice& other);
223 
224  void closeFile();
225 
226  public:
237  PcapFileWriterDevice(const std::string& fileName, LinkLayerType linkLayerType = LINKTYPE_ETHERNET,
238  bool nanosecondsPrecision = false);
239 
241  ~PcapFileWriterDevice()
242  {
243  PcapFileWriterDevice::close();
244  }
245 
252  bool writePacket(RawPacket const& packet) override;
253 
261  bool writePackets(const RawPacketVector& packets) override;
262 
264  FileTimestampPrecision getTimestampPrecision() const
265  {
266  return m_Precision;
267  }
268 
271  static bool isNanoSecondPrecisionSupported();
272 
273  // override methods
274 
279  bool open() override;
280 
289  bool open(bool appendMode) override;
290 
292  void close() override;
293 
295  void flush();
296 
297  private:
298  bool openWrite();
299  bool openAppend();
300  };
301 
305  class PcapNgFileReaderDevice : public IFileReaderDevice
306  {
307  private:
308  internal::LightPcapNgHandle* m_LightPcapNg;
309  BpfFilterWrapper m_BpfWrapper;
310 
311  // private copy c'tor
312  PcapNgFileReaderDevice(const PcapNgFileReaderDevice& other);
313  PcapNgFileReaderDevice& operator=(const PcapNgFileReaderDevice& other);
314 
315  public:
319  PcapNgFileReaderDevice(const std::string& fileName);
320 
322  virtual ~PcapNgFileReaderDevice()
323  {
324  close();
325  }
326 
331  std::string getOS() const;
332 
337  std::string getHardware() const;
338 
343  std::string getCaptureApplication() const;
344 
349  std::string getCaptureFileComment() const;
350 
358  bool getNextPacket(RawPacket& rawPacket, std::string& packetComment);
359 
360  // overridden methods
361 
366  bool getNextPacket(RawPacket& rawPacket) override;
367 
371  bool open() override;
372 
374  void close() override;
375 
376  protected:
377  bool doUpdateFilter(std::string const* filter) override;
378  };
379 
385  class PcapNgFileWriterDevice : public IFileWriterDevice
386  {
387  private:
388  internal::LightPcapNgHandle* m_LightPcapNg;
389  int m_CompressionLevel;
390  BpfFilterWrapper m_BpfWrapper;
391 
392  // private copy c'tor
393  PcapNgFileWriterDevice(const PcapFileWriterDevice& other);
394  PcapNgFileWriterDevice& operator=(const PcapNgFileWriterDevice& other);
395 
396  public:
403  PcapNgFileWriterDevice(const std::string& fileName, int compressionLevel = 0);
404 
406  virtual ~PcapNgFileWriterDevice()
407  {
408  PcapNgFileWriterDevice::close();
409  }
410 
419  bool writePacket(RawPacket const& packet, const std::string& comment);
420 
421  // overridden methods
422 
428  bool writePacket(RawPacket const& packet) override;
429 
437  bool writePackets(const RawPacketVector& packets) override;
438 
443  bool open() override;
444 
452  bool open(bool appendMode) override;
453 
467  bool open(const std::string& os, const std::string& hardware, const std::string& captureApp,
468  const std::string& fileComment);
469 
471  void flush();
472 
474  void close() override;
475 
476  protected:
477  bool doUpdateFilter(std::string const* filterAsString) override;
478 
479  private:
483  struct PcapNgMetadata
484  {
486  std::string os;
488  std::string hardware;
490  std::string captureApplication;
492  std::string comment;
493  };
494 
495  bool openWrite(PcapNgMetadata const* metadata = nullptr);
496  bool openAppend();
497  };
498 
502  class SnoopFileReaderDevice : public IFileReaderDevice
503  {
504  private:
505 #pragma pack(1)
507  typedef struct
508  {
509  uint64_t identification_pattern;
510  uint32_t version_number;
511  uint32_t datalink_type;
512  } snoop_file_header_t;
513 
515  typedef struct
516  {
517  uint32_t original_length;
518  uint32_t included_length;
519  uint32_t packet_record_length;
520  uint32_t ndrops_cumulative;
521  uint32_t time_sec;
522  uint32_t time_usec;
523  } snoop_packet_header_t;
524 #pragma pack()
525 
526  LinkLayerType m_PcapLinkLayerType;
527  std::ifstream m_snoopFile;
528 
529  // private copy c'tor
530  SnoopFileReaderDevice(const PcapFileReaderDevice& other);
531  SnoopFileReaderDevice& operator=(const PcapFileReaderDevice& other);
532 
533  public:
537  SnoopFileReaderDevice(const std::string& fileName)
538  : IFileReaderDevice(fileName), m_PcapLinkLayerType(LINKTYPE_ETHERNET)
539  {}
540 
542  virtual ~SnoopFileReaderDevice();
543 
545  LinkLayerType getLinkLayerType() const
546  {
547  return m_PcapLinkLayerType;
548  }
549 
550  // overridden methods
551 
556  bool getNextPacket(RawPacket& rawPacket);
557 
561  bool open();
562 
564  void close();
565  };
566 } // namespace pcpp
pcpp::BpfFilterWrapper
Definition: PcapFilter.h:80
pcpp::IDevice::open
virtual bool open()=0
pcpp::IFileDevice
Definition: PcapFileDevice.h:40
pcpp::IFileDevice::getFileName
std::string getFileName() const
pcpp::IFileDevice::isOpened
bool isOpened() const override
Definition: PcapFileDevice.h:57
pcpp::IFileDevice::close
void close() override
Close the file.
pcpp::IFileDevice::reportPacketProcessed
void reportPacketProcessed(uint64_t numPackets=1)
Report that packets were processed (read or written, depending on the device type).
Definition: PcapFileDevice.h:75
pcpp::IFileDevice::reportPacketDropped
void reportPacketDropped(uint64_t numPackets=1)
Report that packets were dropped (not read or not written, depending on the device type).
Definition: PcapFileDevice.h:82
pcpp::IFileDevice::getStatistics
void getStatistics(PcapStats &stats) const override
Get the statistics for this device.
pcpp::IFileDevice::resetStatisticCounters
void resetStatisticCounters()
Reset the internal statistic counters to zero.
pcpp::IFileReaderDevice
Definition: PcapFileDevice.h:99
pcpp::IFileReaderDevice::~IFileReaderDevice
virtual ~IFileReaderDevice()=default
A destructor for this class.
pcpp::IFileReaderDevice::getNextPackets
int getNextPackets(RawPacketVector &packetVec, int numOfPacketsToRead=-1)
pcpp::IFileReaderDevice::getFileSize
uint64_t getFileSize() const
pcpp::IFileReaderDevice::getReader
static IFileReaderDevice * getReader(const std::string &fileName)
pcpp::IFileReaderDevice::IFileReaderDevice
IFileReaderDevice(const std::string &fileName)
pcpp::IFileWriterDevice
Definition: PcapFileDevice.h:134
pcpp::IFileWriterDevice::~IFileWriterDevice
virtual ~IFileWriterDevice()=default
A destructor for this class.
pcpp::IPcapDevice
Definition: PcapDevice.h:142
pcpp::PcapFileReaderDevice
Definition: PcapFileDevice.h:154
pcpp::PcapFileReaderDevice::PcapFileReaderDevice
PcapFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:167
pcpp::PcapFileReaderDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileReaderDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:184
pcpp::PcapFileReaderDevice::~PcapFileReaderDevice
virtual ~PcapFileReaderDevice()=default
A destructor for this class.
pcpp::PcapFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:176
pcpp::PcapFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp::PcapFileWriterDevice
Definition: PcapFileDevice.h:212
pcpp::PcapFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapFileWriterDevice::flush
void flush()
Flush packets to disk.
pcpp::PcapFileWriterDevice::close
void close() override
Flush and close the pacp file.
pcpp::PcapFileWriterDevice::PcapFileWriterDevice
PcapFileWriterDevice(const std::string &fileName, LinkLayerType linkLayerType=LINKTYPE_ETHERNET, bool nanosecondsPrecision=false)
pcpp::PcapFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapFileWriterDevice::~PcapFileWriterDevice
~PcapFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:241
pcpp::PcapFileWriterDevice::isNanoSecondPrecisionSupported
static bool isNanoSecondPrecisionSupported()
pcpp::PcapFileWriterDevice::getTimestampPrecision
FileTimestampPrecision getTimestampPrecision() const
Definition: PcapFileDevice.h:264
pcpp::PcapFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileReaderDevice
Definition: PcapFileDevice.h:306
pcpp::PcapNgFileReaderDevice::getOS
std::string getOS() const
pcpp::PcapNgFileReaderDevice::~PcapNgFileReaderDevice
virtual ~PcapNgFileReaderDevice()
A destructor for this class.
Definition: PcapFileDevice.h:322
pcpp::PcapNgFileReaderDevice::getCaptureApplication
std::string getCaptureApplication() const
pcpp::PcapNgFileReaderDevice::doUpdateFilter
bool doUpdateFilter(std::string const *filter) override
Updates the filter on the device with a BPF string.
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket, std::string &packetComment)
pcpp::PcapNgFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket) override
pcpp::PcapNgFileReaderDevice::getCaptureFileComment
std::string getCaptureFileComment() const
pcpp::PcapNgFileReaderDevice::PcapNgFileReaderDevice
PcapNgFileReaderDevice(const std::string &fileName)
pcpp::PcapNgFileReaderDevice::getHardware
std::string getHardware() const
pcpp::PcapNgFileReaderDevice::close
void close() override
Close the pacp-ng file.
pcpp::PcapNgFileWriterDevice
Definition: PcapFileDevice.h:386
pcpp::PcapNgFileWriterDevice::open
bool open(const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment)
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice
PcapNgFileWriterDevice(const std::string &fileName, int compressionLevel=0)
pcpp::PcapNgFileWriterDevice::doUpdateFilter
bool doUpdateFilter(std::string const *filterAsString) override
Updates the filter on the device with a BPF string.
pcpp::PcapNgFileWriterDevice::~PcapNgFileWriterDevice
virtual ~PcapNgFileWriterDevice()
A destructor for this class.
Definition: PcapFileDevice.h:406
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet) override
pcpp::PcapNgFileWriterDevice::close
void close() override
Flush and close the pcap-ng file.
pcpp::PcapNgFileWriterDevice::writePackets
bool writePackets(const RawPacketVector &packets) override
pcpp::PcapNgFileWriterDevice::open
bool open(bool appendMode) override
pcpp::PcapNgFileWriterDevice::writePacket
bool writePacket(RawPacket const &packet, const std::string &comment)
pcpp::PcapNgFileWriterDevice::flush
void flush()
Flush packets to the pcap-ng file.
pcpp::PointerVector
Definition: PointerVector.h:50
pcpp::RawPacket
Definition: RawPacket.h:259
pcpp::SnoopFileReaderDevice
Definition: PcapFileDevice.h:503
pcpp::SnoopFileReaderDevice::close
void close()
Close the snoop file.
pcpp::SnoopFileReaderDevice::SnoopFileReaderDevice
SnoopFileReaderDevice(const std::string &fileName)
Definition: PcapFileDevice.h:537
pcpp::SnoopFileReaderDevice::getLinkLayerType
LinkLayerType getLinkLayerType() const
Definition: PcapFileDevice.h:545
pcpp::SnoopFileReaderDevice::~SnoopFileReaderDevice
virtual ~SnoopFileReaderDevice()
A destructor for this class.
pcpp::SnoopFileReaderDevice::getNextPacket
bool getNextPacket(RawPacket &rawPacket)
pcpp
The main namespace for the PcapPlusPlus lib.
Definition: AssertionUtils.h:19
pcpp::FileTimestampPrecision
FileTimestampPrecision
Definition: PcapFileDevice.h:28
pcpp::FileTimestampPrecision::Microseconds
@ Microseconds
Precision is in microseconds.
pcpp::FileTimestampPrecision::Unknown
@ Unknown
Precision is unknown or not set/determined.
pcpp::FileTimestampPrecision::Nanoseconds
@ Nanoseconds
Precision is in nanoseconds.
pcpp::LinkLayerType
LinkLayerType
An enum describing all known link layer type. Taken from: http://www.tcpdump.org/linktypes....
Definition: RawPacket.h:20
pcpp::LINKTYPE_ETHERNET
@ LINKTYPE_ETHERNET
IEEE 802.3 Ethernet.
Definition: RawPacket.h:24
pcpp::ArpMessageType::Unknown
@ Unknown
Unknown ARP message type.
pcpp::internal::PcapStats
Definition: PcapDevice.h:25