- Generated on Sat Aug 4 2018 23:35:14 for PcapPlusPlus by
1.8.14
|
PcapPlusPlus
|
#include <Packet.h>
Public Member Functions | |
| Packet (size_t maxPacketLen=1) | |
| Packet (RawPacket *rawPacket, bool freeRawPacket=false, ProtocolType parseUntil=UnknownProtocol, OsiModelLayer parseUntilLayer=OsiModelLayerUnknown) | |
| Packet (RawPacket *rawPacket, ProtocolType parseUntil) | |
| Packet (RawPacket *rawPacket, OsiModelLayer parseUntilLayer) | |
| virtual | ~Packet () |
| Packet (const Packet &other) | |
| Packet & | operator= (const Packet &other) |
| RawPacket * | getRawPacket () |
| void | setRawPacket (RawPacket *rawPacket, bool freeRawPacket, ProtocolType parseUntil=UnknownProtocol, OsiModelLayer parseUntilLayer=OsiModelLayerUnknown) |
| RawPacket * | getRawPacketReadOnly () const |
| Layer * | getFirstLayer () |
| Layer * | getLastLayer () |
| bool | addLayer (Layer *newLayer) |
| bool | insertLayer (Layer *prevLayer, Layer *newLayer) |
| bool | removeLayer (Layer *layer) |
| template<class TLayer > | |
| TLayer * | getLayerOfType () |
| template<class TLayer > | |
| TLayer * | getNextLayerOfType (Layer *after) |
| bool | isPacketOfType (ProtocolType protocolType) |
| void | computeCalculateFields () |
| std::string | toString (bool timeAsLocalTime=true) |
| void | toStringList (std::vector< std::string > &result, bool timeAsLocalTime=true) |
This class represents a parsed packet. It contains the raw data (RawPacket instance), and a linked list of layers, each layer is a parsed protocol that this packet contains. The layers linked list is ordered where the first layer is the lowest in the packet (currently it's always Ethernet protocol as PcapPlusPlus supports only Ethernet packets), the next layer will be L2.5 or L3 (e.g VLAN, IPv4, IPv6, etc.), and so on. etc.), etc. The last layer in the linked list will be the highest in the packet. For example: for a standard HTTP request packet the layer will look like this: EthLayer -> IPv4Layer -> TcpLayer -> HttpRequestLayer
Packet instance isn't read only. The user can add or remove layers, update current layer, etc.
| pcpp::Packet::Packet | ( | size_t | maxPacketLen = 1 | ) |
A constructor for creating a new packet. Very useful when creating packets. When using this constructor an empty raw buffer is allocated (with the size of maxPacketLen) and a new RawPacket is created
| [in] | maxPacketLen | The expected packet length in bytes |
| pcpp::Packet::Packet | ( | RawPacket * | rawPacket, |
| bool | freeRawPacket = false, |
||
| ProtocolType | parseUntil = UnknownProtocol, |
||
| OsiModelLayer | parseUntilLayer = OsiModelLayerUnknown |
||
| ) |
A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network. When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free the instance of raw packet when the Packet is free or not
| [in] | rawPacket | A pointer to the raw packet |
| [in] | freeRawPacket | Optional parameter. A flag indicating if the destructor should also call the raw packet destructor or not. Default value is false |
| [in] | parseUntil | Optional parameter. Parse the packet until you reach a certain protocol (inclusive). Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is UnknownProtocol which means don't take this parameter into account |
| [in] | parseUntilLayer | Optional parameter. Parse the packet until you reach a certain layer in the OSI model (inclusive). Can be useful for cases when you need to parse only up to a certain OSI layer (for example transport layer) and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is OsiModelLayerUnknown which means don't take this parameter into account |
| pcpp::Packet::Packet | ( | RawPacket * | rawPacket, |
| ProtocolType | parseUntil | ||
| ) |
A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network. When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free the instance of raw packet when the Packet is free or not. This constructor should be used to parse the packet up to a certain layer
| [in] | rawPacket | A pointer to the raw packet |
| [in] | parseUntil | Optional parameter. Parse the packet until you reach a certain protocol (inclusive). Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet |
| pcpp::Packet::Packet | ( | RawPacket * | rawPacket, |
| OsiModelLayer | parseUntilLayer | ||
| ) |
A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network. When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free the instance of raw packet when the Packet is free or not. . This constructor should be used to parse the packet up to a certain layer in the OSI model
| [in] | rawPacket | A pointer to the raw packet |
| [in] | parseUntilLayer | Optional parameter. Parse the packet until you reach a certain layer in the OSI model (inclusive). Can be useful for cases when you need to parse only up to a certain OSI layer (for example transport layer) and want to avoid the performance impact and memory consumption of parsing the whole packet |
|
virtual |
A destructor for this class. Frees all layers allocated by this instance (Notice: it doesn't free layers that weren't allocated by this class, for example layers that were added by addLayer() or insertLayer() ). In addition it frees the raw packet if it was allocated by this instance (meaning if it was allocated by this instance constructor)
| pcpp::Packet::Packet | ( | const Packet & | other | ) |
A copy constructor for this class. This copy constructor copies all the raw data and re-create all layers. So when the original Packet is being freed, no data will be lost in the copied instance
| [in] | other | The instance to copy from |
| bool pcpp::Packet::addLayer | ( | Layer * | newLayer | ) |
Add a new layer as the last layer in the packet. This method gets a pointer to the new layer as a parameter and attaches it to the packet. Notice after calling this method the input layer is attached to the packet so every change you make in it affect the packet; Also it cannot be attached to other packets
| [in] | newLayer | A pointer to the new layer to be added to the packet |
| void pcpp::Packet::computeCalculateFields | ( | ) |
Each layer can have fields that can be calculate automatically from other fields using Layer::computeCalculateFields(). This method forces all layers to calculate these fields values
|
inline |
Get a pointer to the first (lowest) layer in the packet
|
inline |
Get a pointer to the last (highest) layer in the packet
| TLayer * pcpp::Packet::getLayerOfType | ( | ) |
A templated method to get a layer of a certain type (protocol). If no layer of such type is found, NULL is returned
| TLayer * pcpp::Packet::getNextLayerOfType | ( | Layer * | after | ) |
A templated method to get the first layer of a certain type (protocol), start searching from a certain layer. For example: if a packet looks like: EthLayer -> VlanLayer(1) -> VlanLayer(2) -> VlanLayer(3) -> IPv4Layer and the user put VlanLayer(2) as a parameter and wishes to search for a VlanLayer, VlanLayer(3) will be returned If no layer of such type is found, NULL is returned
| [in] | after | A pointer to the layer to start search from |
|
inline |
|
inline |
Insert a new layer after an existing layer in the packet. This method gets a pointer to the new layer as a parameter and attaches it to the packet. Notice after calling this method the input layer is attached to the packet so every change you make in it affect the packet; Also it cannot be attached to other packets
| [in] | prevLayer | A pointer to an existing layer in the packet which the new layer should followed by. If this layer isn't attached to a packet and error will be printed to log and false will be returned |
| [in] | newLayer | A pointer to the new layer to be added to the packet |
|
inline |
Check whether the packet contains a certain protocol
| [in] | protocolType | The protocol type to search |
Assignment operator overloading. It first frees all layers allocated by this instance (Notice: it doesn't free layers that weren't allocated by this class, for example layers that were added by addLayer() or insertLayer() ). In addition it frees the raw packet if it was allocated by this instance (meaning if it was allocated by this instance constructor). Afterwards it copies the data from the other packet in the same way used in the copy constructor.
| [in] | other | The instance to copy from |
| bool pcpp::Packet::removeLayer | ( | Layer * | layer | ) |
Remove an existing layer from the packet
| [in] | layer | The layer to remove |
| void pcpp::Packet::setRawPacket | ( | RawPacket * | rawPacket, |
| bool | freeRawPacket, | ||
| ProtocolType | parseUntil = UnknownProtocol, |
||
| OsiModelLayer | parseUntilLayer = OsiModelLayerUnknown |
||
| ) |
Set a RawPacket and re-construct all packet layers
| [in] | rawPacket | Raw packet to set |
| [in] | freeRawPacket | A flag indicating if the destructor should also call the raw packet destructor or not |
| [in] | parseUntil | Parse the packet until it reaches this protocol. Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is UnknownProtocol which means don't take this parameter into account |
| [in] | parseUntilLayer | Parse the packet until certain layer in OSI model. Can be useful for cases when you need to parse only up to a certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is OsiModelLayerUnknown which means don't take this parameter into account |
| std::string pcpp::Packet::toString | ( | bool | timeAsLocalTime = true | ) |
Each layer can print a string representation of the layer most important data using Layer::toString(). This method aggregates this string from all layers and print it to a complete string containing all packet's relevant data
| [in] | timeAsLocalTime | Print time as local time or GMT. Default (true value) is local time, for GMT set to false |
| void pcpp::Packet::toStringList | ( | std::vector< std::string > & | result, |
| bool | timeAsLocalTime = true |
||
| ) |
Similar to toString(), but instead of one string it outputs a list of strings, one string for every layer
| [out] | result | A string vector that will contain all strings |
| [in] | timeAsLocalTime | Print time as local time or GMT. Default (true value) is local time, for GMT set to false |
1.8.14