|
PcapPlusPlus
Next
|
|
PcapPlusPlus
Next
|
#include <PcapFilter.h>
Public Member Functions | |
| BpfFilterWrapper ()=default | |
| Creates a new instance with no filter. | |
| bool | setFilter (const std::string &filter, LinkLayerType linkType=LINKTYPE_ETHERNET) |
| bool | matchPacketWithFilter (const RawPacket *rawPacket) const |
| bool | matchPacketWithFilter (const uint8_t *packetData, uint32_t packetDataLength, timespec packetTimestamp, uint16_t linkType) const |
| bool | matches (const RawPacket &rawPacket) const |
| Match a packet with the filter stored in this object. More... | |
| bool | matches (const uint8_t *packetData, uint32_t packetDataLength, timespec timestamp, uint16_t linkType) const |
| Match a raw buffer of packet data against the filter stored in this object. More... | |
A wrapper class for BPF filtering. Enables setting a BPF filter and matching it against a packet
| bool pcpp::BpfFilterWrapper::matches | ( | const RawPacket & | rawPacket | ) | const |
Match a packet with the filter stored in this object.
If the filter is empty the method returns "true". If the link type of the raw packet is different than the one set in setFilter() the filter will be recompiled.
| [in] | rawPacket | The raw packet to match the filter against |
| bool pcpp::BpfFilterWrapper::matches | ( | const uint8_t * | packetData, |
| uint32_t | packetDataLength, | ||
| timespec | timestamp, | ||
| uint16_t | linkType | ||
| ) | const |
Match a raw buffer of packet data against the filter stored in this object.
If the filter is empty the method returns "true". If the link type provided is different than the one set in setFilter() the filter will be recompiled.
| [in] | packetData | A pointer to the raw packet data |
| [in] | packetDataLength | The length of the raw packet data in bytes |
| [in] | timestamp | Timestamp to be associated with the packet |
| [in] | linkType | The link type of the packet |
| bool pcpp::BpfFilterWrapper::matchPacketWithFilter | ( | const RawPacket * | rawPacket | ) | const |
Match a packet with the filter stored in this object. If the filter is empty the method returns "true". If the link type of the raw packet is different than the one set in setFilter(), the filter will be re-compiled and stored in the object.
| [in] | rawPacket | A pointer to a raw packet which the filter will be matched against |
| bool pcpp::BpfFilterWrapper::matchPacketWithFilter | ( | const uint8_t * | packetData, |
| uint32_t | packetDataLength, | ||
| timespec | packetTimestamp, | ||
| uint16_t | linkType | ||
| ) | const |
Match a packet data with the filter stored in this object. If the filter is empty the method returns "true". If the link type provided is different than the one set in setFilter(), the filter will be re-compiled and stored in the object.
| [in] | packetData | A byte stream containing the packet data |
| [in] | packetDataLength | The length in [bytes] of the byte stream |
| [in] | packetTimestamp | The packet timestamp |
| [in] | linkType | The packet link type |
| bool pcpp::BpfFilterWrapper::setFilter | ( | const std::string & | filter, |
| LinkLayerType | linkType = LINKTYPE_ETHERNET |
||
| ) |
Set a filter. This method receives a filter in BPF syntax (https://biot.com/capstats/bpf.html) and an optional link type, compiles them, and if compilation is successful it stores the filter.
| [in] | filter | A filter in BPF syntax |
| [in] | linkType | An optional parameter to set the filter's link type. The default is LINKTYPE_ETHERNET |
1.9.1