PcapLiveDevice.h

Go to the documentation of this file.

#pragma once
 
#include <atomic>
#include <vector>
#include <thread>
#include <functional>
 
#include "IpAddress.h"
#include "PcapDevice.h"
 
// forward declarations for structs and typedefs that are defined in pcap.h
struct pcap_if;
typedef pcap_if pcap_if_t;
struct pcap_addr;
typedef struct pcap_addr pcap_addr_t;
 
 
namespace pcpp
{
    class PcapLiveDevice;
 
    using OnPacketArrivesCallback = std::function<void(RawPacket*, PcapLiveDevice*, void*)>;
 
    using OnPacketArrivesStopBlocking = std::function<bool(RawPacket*, PcapLiveDevice*, void*)>;
 
    using OnStatsUpdateCallback = std::function<void(IPcapDevice::PcapStats&, void*)>;
 
    class PcapLiveDevice : public IPcapDevice
    {
        friend class PcapLiveDeviceList;
 
    protected:
        struct DeviceInterfaceDetails
        {
            explicit DeviceInterfaceDetails(pcap_if_t* pInterface);
            std::string name;
            std::string description;
            std::vector<IPAddress> addresses;
            bool isLoopback;
        };
 
        class StatisticsUpdateWorker
        {
        public:
            StatisticsUpdateWorker(PcapLiveDevice const& pcapDevice, OnStatsUpdateCallback onStatsUpdateCallback,
                                   void* onStatsUpdateUserCookie = nullptr, unsigned int updateIntervalMs = 1000);
 
            void stopWorker();
 
        private:
            struct ThreadData
            {
                PcapLiveDevice const* pcapDevice = nullptr;
                OnStatsUpdateCallback cbOnStatsUpdate;
                void* cbOnStatsUpdateUserCookie = nullptr;
                unsigned int updateIntervalMs = 1000;  // Default update interval is 1 second
            };
 
            struct SharedThreadData
            {
                std::atomic_bool stopRequested{ false };
            };
 
            static void workerMain(std::shared_ptr<SharedThreadData> sharedThreadData, ThreadData threadData);
 
            std::shared_ptr<SharedThreadData> m_SharedThreadData;
            std::thread m_WorkerThread;
        };
 
        // This is a second descriptor for the same device. It is needed because of a bug
        // that occurs in libpcap on Linux (on Windows using WinPcap/Npcap it works well):
        // It's impossible to capture packets sent by the same descriptor
        pcap_t* m_PcapSendDescriptor;
        int m_PcapSelectableFd;
        DeviceInterfaceDetails m_InterfaceDetails;
        // NOTE@Dimi: Possibly pull mtu, mac address and default gateway in the interface details.
        // They only appear to be set in the constructor and not modified afterwards.
        uint32_t m_DeviceMtu;
        MacAddress m_MacAddress;
        IPv4Address m_DefaultGateway;
        std::thread m_CaptureThread;
 
        // TODO: Cpp17 Using std::optional might be better here
        std::unique_ptr<StatisticsUpdateWorker> m_StatisticsUpdateWorker;
 
        // Should be set to true by the Caller for the Callee
        std::atomic<bool> m_StopThread;
        // Should be set to true by the Callee for the Caller
        std::atomic<bool> m_CaptureThreadStarted;
 
        OnPacketArrivesCallback m_cbOnPacketArrives;
        void* m_cbOnPacketArrivesUserCookie;
        OnPacketArrivesStopBlocking m_cbOnPacketArrivesBlockingMode;
        void* m_cbOnPacketArrivesBlockingModeUserCookie;
        RawPacketVector* m_CapturedPackets;
        bool m_CaptureCallbackMode;
        LinkLayerType m_LinkType;
        bool m_UsePoll;
 
        // c'tor is not public, there should be only one for every interface (created by PcapLiveDeviceList)
        PcapLiveDevice(pcap_if_t* pInterface, bool calculateMTU, bool calculateMacAddress, bool calculateDefaultGateway)
            : PcapLiveDevice(DeviceInterfaceDetails(pInterface), calculateMTU, calculateMacAddress,
                             calculateDefaultGateway)
        {}
        PcapLiveDevice(DeviceInterfaceDetails interfaceDetails, bool calculateMTU, bool calculateMacAddress,
                       bool calculateDefaultGateway);
 
        void setDeviceMtu();
        void setDeviceMacAddress();
        void setDefaultGateway();
 
        // threads
        void captureThreadMain();
 
        static void onPacketArrives(uint8_t* user, const struct pcap_pkthdr* pkthdr, const uint8_t* packet);
        static void onPacketArrivesNoCallback(uint8_t* user, const struct pcap_pkthdr* pkthdr, const uint8_t* packet);
        static void onPacketArrivesBlockingMode(uint8_t* user, const struct pcap_pkthdr* pkthdr, const uint8_t* packet);
 
    public:
        enum LiveDeviceType
        {
            LibPcapDevice,
            WinPcapDevice,
            RemoteDevice
        };
 
        enum DeviceMode
        {
            Normal = 0,
            Promiscuous = 1
        };
 
        enum PcapDirection
        {
            PCPP_INOUT = 0,
            PCPP_IN,
            PCPP_OUT
        };
 
        enum class TimestampProvider
        {
            Host = 0,
            HostLowPrecision,
            HostHighPrecision,
            Adapter,
            AdapterUnsynced,
            HostHighPrecisionUnsynced
        };
 
        enum class TimestampPrecision
        {
            Microseconds = 0,
            Nanoseconds,
        };
 
        struct DeviceConfiguration
        {
            DeviceMode mode;
 
            int packetBufferTimeoutMs;
 
            int packetBufferSize;
 
            PcapDirection direction;
 
            int snapshotLength;
 
            unsigned int nflogGroup;
 
            bool usePoll;
 
            TimestampProvider timestampProvider;
 
            TimestampPrecision timestampPrecision;
 
            explicit DeviceConfiguration(DeviceMode mode = Promiscuous, int packetBufferTimeoutMs = 0,
                                         int packetBufferSize = 0, PcapDirection direction = PCPP_INOUT,
                                         int snapshotLength = 0, unsigned int nflogGroup = 0, bool usePoll = false,
                                         TimestampProvider timestampProvider = TimestampProvider::Host,
                                         TimestampPrecision timestampPrecision = TimestampPrecision::Microseconds)
            {
                this->mode = mode;
                this->packetBufferTimeoutMs = packetBufferTimeoutMs;
                this->packetBufferSize = packetBufferSize;
                this->direction = direction;
                this->snapshotLength = snapshotLength;
                this->nflogGroup = nflogGroup;
                this->usePoll = usePoll;
                this->timestampProvider = timestampProvider;
                this->timestampPrecision = timestampPrecision;
            }
        };
 
        PcapLiveDevice(const PcapLiveDevice& other) = delete;
        PcapLiveDevice& operator=(const PcapLiveDevice& other) = delete;
        ~PcapLiveDevice() override;
 
        virtual LiveDeviceType getDeviceType() const
        {
            return LibPcapDevice;
        }
 
        std::string getName() const
        {
            return m_InterfaceDetails.name;
        }
 
        std::string getDesc() const
        {
            return m_InterfaceDetails.description;
        }
 
        bool getLoopback() const
        {
            return m_InterfaceDetails.isLoopback;
        }
 
        virtual uint32_t getMtu() const
        {
            return m_DeviceMtu;
        }
 
        virtual LinkLayerType getLinkType() const
        {
            return m_LinkType;
        }
 
        std::vector<IPAddress> getIPAddresses() const
        {
            return m_InterfaceDetails.addresses;
        }
 
        virtual MacAddress getMacAddress() const
        {
            return m_MacAddress;
        }
 
        IPv4Address getIPv4Address() const;
 
        IPv6Address getIPv6Address() const;
 
        IPv4Address getDefaultGateway() const;
 
        const std::vector<IPv4Address>& getDnsServers() const;
 
        virtual bool startCapture(OnPacketArrivesCallback onPacketArrives, void* onPacketArrivesUserCookie);
 
        virtual bool startCapture(OnPacketArrivesCallback onPacketArrives, void* onPacketArrivesUserCookie,
                                  int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate,
                                  void* onStatsUpdateUserCookie);
 
        virtual bool startCapture(int intervalInSecondsToUpdateStats, OnStatsUpdateCallback onStatsUpdate,
                                  void* onStatsUpdateUserCookie);
 
        virtual bool startCapture(RawPacketVector& capturedPacketsVector);
 
        virtual int startCaptureBlockingMode(OnPacketArrivesStopBlocking onPacketArrives, void* userCookie,
                                             const double timeout);
 
        void stopCapture();
 
        bool captureActive();
 
        bool doMtuCheck(int packetPayloadLength) const;
 
        PCPP_DEPRECATED("This method is deprecated. Use sendPacket(Packet const& packet, bool checkMtu) instead")
        bool sendPacket(Packet* packet, bool checkMtu = true)
        {
            return sendPacket(*packet, checkMtu);
        }
 
        bool sendPacket(Packet const& packet, bool checkMtu = true);
 
        bool sendPacket(RawPacket const& rawPacket, bool checkMtu = false);
 
        bool sendPacket(const uint8_t* packetData, int packetDataLength, int packetPayloadLength);
 
        bool sendPacket(const uint8_t* packetData, int packetDataLength, bool checkMtu = false,
                        pcpp::LinkLayerType linkType = pcpp::LINKTYPE_ETHERNET);
 
        virtual int sendPackets(RawPacket* rawPacketsArr, int arrLength, bool checkMtu = false);
 
        virtual int sendPackets(Packet** packetsArr, int arrLength, bool checkMtu = true);
 
        virtual int sendPackets(const RawPacketVector& rawPackets, bool checkMtu = false);
 
        // implement abstract methods
 
        bool open() override;
 
        bool open(const DeviceConfiguration& config);
 
        void close() override;
 
        virtual PcapLiveDevice* clone() const;
 
        void getStatistics(IPcapDevice::PcapStats& stats) const override;
 
    protected:
        virtual void prepareCapture(bool asyncCapture, bool captureStats)
        {}
 
        internal::PcapHandle doOpen(const DeviceConfiguration& config);
 
        bool isPayloadWithinMtu(size_t payloadLength) const;
 
        bool isPayloadWithinMtu(Packet const& packet, bool allowUnknownLength = false,
                                size_t* outPayloadLength = nullptr) const;
 
        bool isPayloadWithinMtu(RawPacket const& rawPacket, bool allowUnknownLength = false,
                                size_t* outPayloadLength = nullptr) const;
 
        bool isPayloadWithinMtu(uint8_t const* packetData, size_t packetLen,
                                LinkLayerType linkType = pcpp::LINKTYPE_ETHERNET, bool allowUnknownLength = false,
                                size_t* outPayloadLength = nullptr) const;
 
        // Sends a packet directly to the network.
        bool sendPacketUnchecked(uint8_t const* packetData, int packetDataLength);
        bool sendPacketUnchecked(RawPacket const& rawPacket)
        {
            return sendPacketUnchecked(rawPacket.getRawData(), rawPacket.getRawDataLen());
        }
 
    private:
        bool isNflogDevice() const;
    };
}  // namespace pcpp