PcapPlusPlus
23.09
|
#include <Packet.h>
Public Member Functions | |
Packet (size_t maxPacketLen=1) | |
Packet (uint8_t *buffer, size_t bufferSize) | |
Packet (RawPacket *rawPacket, bool freeRawPacket=false, ProtocolType parseUntil=UnknownProtocol, OsiModelLayer parseUntilLayer=OsiModelLayerUnknown) | |
Packet (RawPacket *rawPacket, ProtocolType parseUntil) | |
Packet (RawPacket *rawPacket, OsiModelLayer parseUntilLayer) | |
virtual | ~Packet () |
Packet (const Packet &other) | |
Packet & | operator= (const Packet &other) |
RawPacket * | getRawPacket () const |
void | setRawPacket (RawPacket *rawPacket, bool freeRawPacket, ProtocolType parseUntil=UnknownProtocol, OsiModelLayer parseUntilLayer=OsiModelLayerUnknown) |
RawPacket * | getRawPacketReadOnly () const |
Layer * | getFirstLayer () const |
Layer * | getLastLayer () const |
bool | addLayer (Layer *newLayer, bool ownInPacket=false) |
bool | insertLayer (Layer *prevLayer, Layer *newLayer, bool ownInPacket=false) |
bool | removeLayer (ProtocolType layerType, int index=0) |
bool | removeFirstLayer () |
bool | removeLastLayer () |
bool | removeAllLayersAfter (Layer *layer) |
Layer * | detachLayer (ProtocolType layerType, int index=0) |
bool | detachLayer (Layer *layer) |
Layer * | getLayerOfType (ProtocolType layerType, int index=0) const |
template<class TLayer > | |
TLayer * | getLayerOfType (bool reverseOrder=false) const |
template<class TLayer > | |
TLayer * | getNextLayerOfType (Layer *startLayer) const |
template<class TLayer > | |
TLayer * | getPrevLayerOfType (Layer *startLayer) const |
bool | isPacketOfType (ProtocolType protocolType) const |
void | computeCalculateFields () |
std::string | toString (bool timeAsLocalTime=true) const |
void | toStringList (std::vector< std::string > &result, bool timeAsLocalTime=true) const |
This class represents a parsed packet. It contains the raw data (RawPacket instance), and a linked list of layers, each layer is a parsed protocol that this packet contains. The layers linked list is ordered where the first layer is the lowest in the packet (currently it's always Ethernet protocol as PcapPlusPlus supports only Ethernet packets), the next layer will be L2.5 or L3 (e.g VLAN, IPv4, IPv6, etc.), and so on. etc.), etc. The last layer in the linked list will be the highest in the packet. For example: for a standard HTTP request packet the layer will look like this: EthLayer -> IPv4Layer -> TcpLayer -> HttpRequestLayer
Packet instance isn't read only. The user can add or remove layers, update current layer, etc.
|
explicit |
A constructor for creating a new packet (with no layers). When using this constructor an empty raw buffer is allocated (with the size of maxPacketLen) and a new RawPacket is created
[in] | maxPacketLen | The expected packet length in bytes |
pcpp::Packet::Packet | ( | uint8_t * | buffer, |
size_t | bufferSize | ||
) |
A constructor for creating a new packet with a buffer that is pre-allocated by the user. The packet is created empty (with no layers), which means the constructor doesn't parse the data in the buffer. Instead, all of the raw data of this packet it written to this buffer: whenever a layer is added, it's data is written to this buffer. The buffer isn't freed and it's content isn't erased when the packet object is deleted. This constructor is useful when you already have a memory buffer and you want to create packet data in it.
[in] | buffer | A pointer to a pre-allocated memory buffer |
[in] | bufferSize | The size of the buffer |
|
explicit |
A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network. When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free the instance of raw packet when the Packet is free or not
[in] | rawPacket | A pointer to the raw packet |
[in] | freeRawPacket | Optional parameter. A flag indicating if the destructor should also call the raw packet destructor or not. Default value is false |
[in] | parseUntil | Optional parameter. Parse the packet until you reach a certain protocol (inclusive). Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is UnknownProtocol which means don't take this parameter into account |
[in] | parseUntilLayer | Optional parameter. Parse the packet until you reach a certain layer in the OSI model (inclusive). Can be useful for cases when you need to parse only up to a certain OSI layer (for example transport layer) and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is OsiModelLayerUnknown which means don't take this parameter into account |
pcpp::Packet::Packet | ( | RawPacket * | rawPacket, |
ProtocolType | parseUntil | ||
) |
A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network. When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free the instance of raw packet when the Packet is free or not. This constructor should be used to parse the packet up to a certain layer
[in] | rawPacket | A pointer to the raw packet |
[in] | parseUntil | Optional parameter. Parse the packet until you reach a certain protocol (inclusive). Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet |
pcpp::Packet::Packet | ( | RawPacket * | rawPacket, |
OsiModelLayer | parseUntilLayer | ||
) |
A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network. When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free the instance of raw packet when the Packet is free or not. . This constructor should be used to parse the packet up to a certain layer in the OSI model
[in] | rawPacket | A pointer to the raw packet |
[in] | parseUntilLayer | Optional parameter. Parse the packet until you reach a certain layer in the OSI model (inclusive). Can be useful for cases when you need to parse only up to a certain OSI layer (for example transport layer) and want to avoid the performance impact and memory consumption of parsing the whole packet |
|
inlinevirtual |
A destructor for this class. Frees all layers allocated by this instance (Notice: it doesn't free layers that weren't allocated by this class, for example layers that were added by addLayer() or insertLayer() ). In addition it frees the raw packet if it was allocated by this instance (meaning if it was allocated by this instance constructor)
|
inline |
A copy constructor for this class. This copy constructor copies all the raw data and re-create all layers. So when the original Packet is being freed, no data will be lost in the copied instance
[in] | other | The instance to copy from |
|
inline |
Add a new layer as the last layer in the packet. This method gets a pointer to the new layer as a parameter and attaches it to the packet. Notice after calling this method the input layer is attached to the packet so every change you make in it affect the packet; Also it cannot be attached to other packets
[in] | newLayer | A pointer to the new layer to be added to the packet |
[in] | ownInPacket | If true, Packet fully owns newLayer, including memory deletion upon destruct. Default is false. |
void pcpp::Packet::computeCalculateFields | ( | ) |
Each layer can have fields that can be calculate automatically from other fields using Layer::computeCalculateFields(). This method forces all layers to calculate these fields values
Layer* pcpp::Packet::detachLayer | ( | ProtocolType | layerType, |
int | index = 0 |
||
) |
Detach a layer from the packet. Detaching means the layer instance will not be deleted, but rather separated from the packet - e.g it will be removed from the layer chain of the packet and its data will be copied from the packet buffer into an internal layer buffer. After a layer is detached, it can be added into another packet (but it's impossible to attach a layer to multiple packets in the same time). After layer is detached, it's the user's responsibility to delete it when it's not needed anymore
[in] | layerType | The layer type (protocol) to detach from the packet |
[in] | index | If there are multiple layers of the same type, indicate which instance to detach. The default value is 0, meaning detach the first layer of this type |
|
inline |
Detach a layer from the packet. Detaching means the layer instance will not be deleted, but rather separated from the packet - e.g it will be removed from the layer chain of the packet and its data will be copied from the packet buffer into an internal layer buffer. After a layer is detached, it can be added into another packet (but it's impossible to attach a layer to multiple packets at the same time). After layer is detached, it's the user's responsibility to delete it when it's not needed anymore
[in] | layer | A pointer to the layer to detach |
|
inline |
Get a pointer to the first (lowest) layer in the packet
|
inline |
Get a pointer to the last (highest) layer in the packet
Layer* pcpp::Packet::getLayerOfType | ( | ProtocolType | layerType, |
int | index = 0 |
||
) | const |
Get a pointer to the layer of a certain type (protocol). This method goes through the layers and returns a layer that matches the give protocol type
[in] | layerType | The layer type (protocol) to fetch |
[in] | index | If there are multiple layers of the same type, indicate which instance to fetch. The default value is 0, meaning fetch the first layer of this type |
TLayer * pcpp::Packet::getLayerOfType | ( | bool | reverseOrder = false | ) | const |
A templated method to get a layer of a certain type (protocol). If no layer of such type is found, NULL is returned
[in] | reverseOrder | The optional parameter that indicates that the lookup should run in reverse order, the default value is false |
TLayer * pcpp::Packet::getNextLayerOfType | ( | Layer * | startLayer | ) | const |
A templated method to get the first layer of a certain type (protocol), start searching from a certain layer. For example: if a packet looks like: EthLayer -> VlanLayer(1) -> VlanLayer(2) -> VlanLayer(3) -> IPv4Layer and the user put VlanLayer(2) as a parameter and wishes to search for a VlanLayer, VlanLayer(3) will be returned If no layer of such type is found, NULL is returned
[in] | startLayer | A pointer to the layer to start search from |
TLayer * pcpp::Packet::getPrevLayerOfType | ( | Layer * | startLayer | ) | const |
A templated method to get the first layer of a certain type (protocol), start searching from a certain layer. For example: if a packet looks like: EthLayer -> VlanLayer(1) -> VlanLayer(2) -> VlanLayer(3) -> IPv4Layer and the user put VlanLayer(2) as a parameter and wishes to search for a VlanLayer, VlanLayer(1) will be returned If no layer of such type is found, NULL is returned
[in] | startLayer | A pointer to the layer to start search from |
|
inline |
|
inline |
Insert a new layer after an existing layer in the packet. This method gets a pointer to the new layer as a parameter and attaches it to the packet. Notice after calling this method the input layer is attached to the packet so every change you make in it affect the packet; Also it cannot be attached to other packets
[in] | prevLayer | A pointer to an existing layer in the packet which the new layer should followed by. If this layer isn't attached to a packet and error will be printed to log and false will be returned |
[in] | newLayer | A pointer to the new layer to be added to the packet |
[in] | ownInPacket | If true, Packet fully owns newLayer, including memory deletion upon destruct. Default is false. |
|
inline |
Check whether the packet contains a certain protocol
[in] | protocolType | The protocol type to search |
Assignment operator overloading. It first frees all layers allocated by this instance (Notice: it doesn't free layers that weren't allocated by this class, for example layers that were added by addLayer() or insertLayer() ). In addition it frees the raw packet if it was allocated by this instance (meaning if it was allocated by this instance constructor). Afterwards it copies the data from the other packet in the same way used in the copy constructor.
[in] | other | The instance to copy from |
bool pcpp::Packet::removeAllLayersAfter | ( | Layer * | layer | ) |
Remove all layers that come after a certain layer. All layers removed will be deleted if they were allocated during packet creation or detached if were allocated outside of the packet, please refer to removeLayer() to get more info
[in] | layer | A pointer to the layer to begin removing from. Please note this layer will not be removed, only the layers that come after it will be removed. Also, if removal of one layer failed, the method will return immediately and the following layers won't be deleted |
bool pcpp::Packet::removeFirstLayer | ( | ) |
Remove the first layer in the packet. The layer will be deleted if it was allocated during packet creation, or detached if was allocated outside of the packet. Please refer to removeLayer() to get more info
bool pcpp::Packet::removeLastLayer | ( | ) |
Remove the last layer in the packet. The layer will be deleted if it was allocated during packet creation, or detached if was allocated outside of the packet. Please refer to removeLayer() to get more info
bool pcpp::Packet::removeLayer | ( | ProtocolType | layerType, |
int | index = 0 |
||
) |
Remove an existing layer from the packet. The layer to removed is identified by its type (protocol). If the packet has multiple layers of the same type in the packet the user may specify the index of the layer to remove (the default index is 0 - remove the first layer of this type). If the layer was allocated during packet creation it will be deleted and any pointer to it will get invalid. However if the layer was allocated by the user and manually added to the packet it will simply get detached from the packet, meaning the pointer to it will stay valid and its data (that was removed from the packet) will be copied back to the layer. In that case it's the user's responsibility to delete the layer instance
[in] | layerType | The layer type (protocol) to remove |
[in] | index | If there are multiple layers of the same type, indicate which instance to remove. The default value is 0, meaning remove the first layer of this type |
void pcpp::Packet::setRawPacket | ( | RawPacket * | rawPacket, |
bool | freeRawPacket, | ||
ProtocolType | parseUntil = UnknownProtocol , |
||
OsiModelLayer | parseUntilLayer = OsiModelLayerUnknown |
||
) |
Set a RawPacket and re-construct all packet layers
[in] | rawPacket | Raw packet to set |
[in] | freeRawPacket | A flag indicating if the destructor should also call the raw packet destructor or not |
[in] | parseUntil | Parse the packet until it reaches this protocol. Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is UnknownProtocol which means don't take this parameter into account |
[in] | parseUntilLayer | Parse the packet until certain layer in OSI model. Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is OsiModelLayerUnknown which means don't take this parameter into account |
std::string pcpp::Packet::toString | ( | bool | timeAsLocalTime = true | ) | const |
Each layer can print a string representation of the layer most important data using Layer::toString(). This method aggregates this string from all layers and print it to a complete string containing all packet's relevant data
[in] | timeAsLocalTime | Print time as local time or GMT. Default (true value) is local time, for GMT set to false |
void pcpp::Packet::toStringList | ( | std::vector< std::string > & | result, |
bool | timeAsLocalTime = true |
||
) | const |
Similar to toString(), but instead of one string it outputs a list of strings, one string for every layer
[out] | result | A string vector that will contain all strings |
[in] | timeAsLocalTime | Print time as local time or GMT. Default (true value) is local time, for GMT set to false |