PcapPlusPlus  22.11
Public Member Functions | List of all members
pcpp::BpfFilterWrapper Class Reference

#include <PcapFilter.h>

Public Member Functions

 BpfFilterWrapper ()
 
 ~BpfFilterWrapper ()
 
bool setFilter (const std::string &filter, LinkLayerType linkType=LINKTYPE_ETHERNET)
 
bool matchPacketWithFilter (const RawPacket *rawPacket)
 
bool matchPacketWithFilter (const uint8_t *packetData, uint32_t packetDataLength, timespec packetTimestamp, uint16_t linkType)
 

Detailed Description

A wrapper class for BPF filtering. Enables setting a BPF filter and matching it against a packet

Constructor & Destructor Documentation

◆ BpfFilterWrapper()

pcpp::BpfFilterWrapper::BpfFilterWrapper ( )

A c'tor for this class

◆ ~BpfFilterWrapper()

pcpp::BpfFilterWrapper::~BpfFilterWrapper ( )

A d'tor for this class. Makes sure to clear the bpf_program object if was previously set.

Member Function Documentation

◆ matchPacketWithFilter() [1/2]

bool pcpp::BpfFilterWrapper::matchPacketWithFilter ( const RawPacket rawPacket)

Match a packet with the filter stored in this object. If the filter is empty the method returns "true". If the link type of the raw packet is different than the one set in setFilter(), the filter will be re-compiled and stored in the object.

Parameters
[in]rawPacketA pointer to a raw packet which the filter will be matched against
Returns
True if the filter matches (or if it's empty). False if the packet doesn't match or if the filter could not be compiled

◆ matchPacketWithFilter() [2/2]

bool pcpp::BpfFilterWrapper::matchPacketWithFilter ( const uint8_t *  packetData,
uint32_t  packetDataLength,
timespec  packetTimestamp,
uint16_t  linkType 
)

Match a packet data with the filter stored in this object. If the filter is empty the method returns "true". If the link type provided is different than the one set in setFilter(), the filter will be re-compiled and stored in the object.

Parameters
[in]packetDataA byte stream containing the packet data
[in]packetDataLengthThe length in [bytes] of the byte stream
[in]packetTimestampThe packet timestamp
[in]linkTypeThe packet link type
Returns
True if the filter matches (or if it's empty). False if the packet doesn't match or if the filter could not be compiled

◆ setFilter()

bool pcpp::BpfFilterWrapper::setFilter ( const std::string &  filter,
LinkLayerType  linkType = LINKTYPE_ETHERNET 
)

Set a filter. This method receives a filter in BPF syntax (https://biot.com/capstats/bpf.html) and an optional link type, compiles them, and if compilation is successful it stores the filter.

Parameters
[in]filterA filter in BPF syntax
[in]linkTypeAn optional parameter to set the filter's link type. The default is LINKTYPE_ETHERNET
Returns
True if compilation is successful and filter is stored in side this object, false otherwise