PcapFilter.h

Go to the documentation of this file.

#pragma once
 
#include <string>
#include <vector>
#include <memory>
#include "ProtocolType.h"
#include <stdint.h>
#include "ArpLayer.h"
#include "RawPacket.h"
 
// Forward Declaration - used in GeneralFilter
struct bpf_program;
 
namespace pcpp
{
    // Forward Declaration - used in GeneralFilter
    class RawPacket;
 
    typedef enum
    {
        SRC,
        DST,
        SRC_OR_DST
    } Direction;
 
    typedef enum
    {
        EQUALS,
        NOT_EQUALS,
        GREATER_THAN,
        GREATER_OR_EQUAL,
        LESS_THAN,
        LESS_OR_EQUAL
    } FilterOperator;
 
    namespace internal
    {
        struct BpfProgramDeleter
        {
            void operator()(bpf_program* ptr) const;
        };
    }  // namespace internal
 
    class BpfFilterWrapper
    {
    private:
        std::string m_FilterStr;
        LinkLayerType m_LinkType;
        std::unique_ptr<bpf_program, internal::BpfProgramDeleter> m_Program;
 
        void freeProgram();
 
    public:
        BpfFilterWrapper();
 
        BpfFilterWrapper(const BpfFilterWrapper& other);
 
        BpfFilterWrapper& operator=(const BpfFilterWrapper& other);
 
        bool setFilter(const std::string& filter, LinkLayerType linkType = LINKTYPE_ETHERNET);
 
        bool matchPacketWithFilter(const RawPacket* rawPacket);
 
        bool matchPacketWithFilter(const uint8_t* packetData, uint32_t packetDataLength, timespec packetTimestamp,
                                   uint16_t linkType);
    };
 
    class GeneralFilter
    {
    protected:
        BpfFilterWrapper m_BpfWrapper;
 
    public:
        virtual void parseToString(std::string& result) = 0;
 
        bool matchPacketWithFilter(RawPacket* rawPacket);
 
        GeneralFilter()
        {}
 
        virtual ~GeneralFilter()
        {}
    };
 
    class BPFStringFilter : public GeneralFilter
    {
    private:
        const std::string m_FilterStr;
 
    public:
        explicit BPFStringFilter(const std::string& filterStr) : m_FilterStr(filterStr)
        {}
 
        virtual ~BPFStringFilter()
        {}
 
        void parseToString(std::string& result) override;
 
        bool verifyFilter();
    };
 
    class IFilterWithDirection : public GeneralFilter
    {
    private:
        Direction m_Dir;
 
    protected:
        void parseDirection(std::string& directionAsString);
        Direction getDir() const
        {
            return m_Dir;
        }
        explicit IFilterWithDirection(Direction dir)
        {
            m_Dir = dir;
        }
 
    public:
        void setDirection(Direction dir)
        {
            m_Dir = dir;
        }
    };
 
    class IFilterWithOperator : public GeneralFilter
    {
    private:
        FilterOperator m_Operator;
 
    protected:
        std::string parseOperator();
        FilterOperator getOperator() const
        {
            return m_Operator;
        }
        explicit IFilterWithOperator(FilterOperator op)
        {
            m_Operator = op;
        }
 
    public:
        void setOperator(FilterOperator op)
        {
            m_Operator = op;
        }
    };
 
    class IPFilter : public IFilterWithDirection
    {
    private:
        IPAddress m_Address;
        IPNetwork m_Network;
 
    public:
        IPFilter(const std::string& ipAddress, Direction dir) : IPFilter(IPAddress(ipAddress), dir)
        {}
 
        IPFilter(const IPAddress& ipAddress, Direction dir)
            : IFilterWithDirection(dir), m_Address(ipAddress), m_Network(ipAddress)
        {}
 
        IPFilter(const std::string& ipAddress, Direction dir, const std::string& netmask)
            : IPFilter(IPv4Address(ipAddress), dir, netmask)
        {}
 
        IPFilter(const IPAddress& ipAddress, Direction dir, const std::string& netmask)
            : IFilterWithDirection(dir), m_Address(ipAddress), m_Network(ipAddress, netmask)
        {}
 
        IPFilter(const std::string& ipAddress, Direction dir, int len) : IPFilter(IPAddress(ipAddress), dir, len)
        {}
 
        IPFilter(const IPAddress& ipAddress, Direction dir, int len)
            : IFilterWithDirection(dir), m_Address(ipAddress), m_Network(ipAddress, len)
        {}
 
        IPFilter(const IPNetwork& network, Direction dir)
            : IFilterWithDirection(dir), m_Address(network.getNetworkPrefix()), m_Network(network)
        {}
 
        void parseToString(std::string& result) override;
 
        void setNetwork(const IPNetwork& network)
        {
            m_Network = network;
            m_Address = m_Network.getNetworkPrefix();
        }
 
        void setAddr(const std::string& ipAddress)
        {
            this->setAddr(IPAddress(ipAddress));
        }
 
        void setAddr(const IPAddress& ipAddress)
        {
            m_Address = ipAddress;
            uint8_t newPrefixLen = m_Network.getPrefixLen();
            if (m_Address.isIPv4() && newPrefixLen > 32u)
            {
                newPrefixLen = 32u;
            }
 
            m_Network = IPNetwork(m_Address, newPrefixLen);
        }
 
        void setMask(const std::string& netmask)
        {
            m_Network = IPNetwork(m_Address, netmask);
        }
 
        void clearMask()
        {
            this->clearLen();
        }
 
        void setLen(const int len)
        {
            m_Network = IPNetwork(m_Address, len);
        }
 
        void clearLen()
        {
            m_Network = IPNetwork(m_Address);
        }
    };
 
    class IPv4IDFilter : public IFilterWithOperator
    {
    private:
        uint16_t m_IpID;
 
    public:
        IPv4IDFilter(uint16_t ipID, FilterOperator op) : IFilterWithOperator(op), m_IpID(ipID)
        {}
 
        void parseToString(std::string& result) override;
 
        void setIpID(uint16_t ipID)
        {
            m_IpID = ipID;
        }
    };
 
    class IPv4TotalLengthFilter : public IFilterWithOperator
    {
    private:
        uint16_t m_TotalLength;
 
    public:
        IPv4TotalLengthFilter(uint16_t totalLength, FilterOperator op)
            : IFilterWithOperator(op), m_TotalLength(totalLength)
        {}
 
        void parseToString(std::string& result) override;
 
        void setTotalLength(uint16_t totalLength)
        {
            m_TotalLength = totalLength;
        }
    };
 
    class PortFilter : public IFilterWithDirection
    {
    private:
        std::string m_Port;
        void portToString(uint16_t portAsInt);
 
    public:
        PortFilter(uint16_t port, Direction dir);
 
        void parseToString(std::string& result) override;
 
        void setPort(uint16_t port)
        {
            portToString(port);
        }
    };
 
    class PortRangeFilter : public IFilterWithDirection
    {
    private:
        uint16_t m_FromPort;
        uint16_t m_ToPort;
 
    public:
        PortRangeFilter(uint16_t fromPort, uint16_t toPort, Direction dir)
            : IFilterWithDirection(dir), m_FromPort(fromPort), m_ToPort(toPort)
        {}
 
        void parseToString(std::string& result) override;
 
        void setFromPort(uint16_t fromPort)
        {
            m_FromPort = fromPort;
        }
 
        void setToPort(uint16_t toPort)
        {
            m_ToPort = toPort;
        }
    };
 
    class MacAddressFilter : public IFilterWithDirection
    {
    private:
        MacAddress m_MacAddress;
 
    public:
        MacAddressFilter(MacAddress address, Direction dir) : IFilterWithDirection(dir), m_MacAddress(address)
        {}
 
        void parseToString(std::string& result) override;
 
        void setMacAddress(MacAddress address)
        {
            m_MacAddress = address;
        }
    };
 
    class EtherTypeFilter : public GeneralFilter
    {
    private:
        uint16_t m_EtherType;
 
    public:
        explicit EtherTypeFilter(uint16_t etherType) : m_EtherType(etherType)
        {}
 
        void parseToString(std::string& result) override;
 
        void setEtherType(uint16_t etherType)
        {
            m_EtherType = etherType;
        }
    };
 
    class CompositeFilter : public GeneralFilter
    {
    protected:
        std::vector<GeneralFilter*> m_FilterList;
 
    public:
        CompositeFilter() = default;
 
        explicit CompositeFilter(const std::vector<GeneralFilter*>& filters);
 
        void addFilter(GeneralFilter* filter)
        {
            m_FilterList.push_back(filter);
        }
 
        void removeFilter(GeneralFilter* filter);
 
        void setFilters(const std::vector<GeneralFilter*>& filters);
 
        void clearAllFilters()
        {
            m_FilterList.clear();
        }
    };
 
    enum class CompositeLogicFilterOp
    {
        AND,
        OR,
    };
 
    namespace internal
    {
        /* Could potentially be moved into CompositeLogicFilter as a private member function, with if constexpr when
         * C++17 is the minimum supported standard.*/
        template <CompositeLogicFilterOp op> constexpr const char* getCompositeLogicOpDelimiter() = delete;
        template <> constexpr const char* getCompositeLogicOpDelimiter<CompositeLogicFilterOp::AND>()
        {
            return " and ";
        };
        template <> constexpr const char* getCompositeLogicOpDelimiter<CompositeLogicFilterOp::OR>()
        {
            return " or ";
        };
    }  // namespace internal
 
    template <CompositeLogicFilterOp op> class CompositeLogicFilter : public CompositeFilter
    {
    public:
        using CompositeFilter::CompositeFilter;
 
        void parseToString(std::string& result) override
        {
            result.clear();
            for (auto it = m_FilterList.cbegin(); it != m_FilterList.cend(); ++it)
            {
                std::string innerFilter;
                (*it)->parseToString(innerFilter);
                result += '(' + innerFilter + ')';
                if (m_FilterList.cend() - 1 != it)
                {
                    result += internal::getCompositeLogicOpDelimiter<op>();
                }
            }
        }
    };
 
    using AndFilter = CompositeLogicFilter<CompositeLogicFilterOp::AND>;
 
    using OrFilter = CompositeLogicFilter<CompositeLogicFilterOp::OR>;
 
    class NotFilter : public GeneralFilter
    {
    private:
        GeneralFilter* m_FilterToInverse;
 
    public:
        explicit NotFilter(GeneralFilter* filterToInverse)
        {
            m_FilterToInverse = filterToInverse;
        }
 
        void parseToString(std::string& result) override;
 
        void setFilter(GeneralFilter* filterToInverse)
        {
            m_FilterToInverse = filterToInverse;
        }
    };
 
    class ProtoFilter : public GeneralFilter
    {
    private:
        ProtocolTypeFamily m_ProtoFamily;
 
    public:
        explicit ProtoFilter(ProtocolType proto) : m_ProtoFamily(proto)
        {}
 
        explicit ProtoFilter(ProtocolTypeFamily protoFamily) : m_ProtoFamily(protoFamily)
        {}
 
        void parseToString(std::string& result) override;
 
        void setProto(ProtocolType proto)
        {
            m_ProtoFamily = proto;
        }
 
        void setProto(ProtocolTypeFamily protoFamily)
        {
            m_ProtoFamily = protoFamily;
        }
    };
 
    class ArpFilter : public GeneralFilter
    {
    private:
        ArpOpcode m_OpCode;
 
    public:
        explicit ArpFilter(ArpOpcode opCode) : m_OpCode(opCode)
        {}
 
        void parseToString(std::string& result) override;
 
        void setOpCode(ArpOpcode opCode)
        {
            m_OpCode = opCode;
        }
    };
 
    class VlanFilter : public GeneralFilter
    {
    private:
        uint16_t m_VlanID;
 
    public:
        explicit VlanFilter(uint16_t vlanId) : m_VlanID(vlanId)
        {}
 
        void parseToString(std::string& result) override;
 
        void setVlanID(uint16_t vlanId)
        {
            m_VlanID = vlanId;
        }
    };
 
    class TcpFlagsFilter : public GeneralFilter
    {
    public:
        enum TcpFlags
        {
            tcpFin = 1,
            tcpSyn = 2,
            tcpRst = 4,
            tcpPush = 8,
            tcpAck = 16,
            tcpUrg = 32
        };
 
        enum MatchOptions
        {
            MatchAll,
            MatchOneAtLeast
        };
 
    private:
        uint8_t m_TcpFlagsBitMask;
        MatchOptions m_MatchOption;
 
    public:
        TcpFlagsFilter(uint8_t tcpFlagBitMask, MatchOptions matchOption)
            : m_TcpFlagsBitMask(tcpFlagBitMask), m_MatchOption(matchOption)
        {}
 
        void setTcpFlagsBitMask(uint8_t tcpFlagBitMask, MatchOptions matchOption)
        {
            m_TcpFlagsBitMask = tcpFlagBitMask;
            m_MatchOption = matchOption;
        }
 
        void parseToString(std::string& result) override;
    };
 
    class TcpWindowSizeFilter : public IFilterWithOperator
    {
    private:
        uint16_t m_WindowSize;
 
    public:
        TcpWindowSizeFilter(uint16_t windowSize, FilterOperator op) : IFilterWithOperator(op), m_WindowSize(windowSize)
        {}
 
        void parseToString(std::string& result) override;
 
        void setWindowSize(uint16_t windowSize)
        {
            m_WindowSize = windowSize;
        }
    };
 
    class UdpLengthFilter : public IFilterWithOperator
    {
    private:
        uint16_t m_Length;
 
    public:
        UdpLengthFilter(uint16_t length, FilterOperator op) : IFilterWithOperator(op), m_Length(length)
        {}
 
        void parseToString(std::string& result) override;
 
        void setLength(uint16_t length)
        {
            m_Length = length;
        }
    };
 
}  // namespace pcpp