PcapPlusPlus
21.05
|
#include <PcapFileDevice.h>
Public Member Functions | |
PcapNgFileWriterDevice (const std::string &fileName, int compressionLevel=0) | |
virtual | ~PcapNgFileWriterDevice () |
bool | open (const std::string &os, const std::string &hardware, const std::string &captureApp, const std::string &fileComment) |
bool | writePacket (RawPacket const &packet, const std::string &comment) |
bool | writePacket (RawPacket const &packet) |
bool | writePackets (const RawPacketVector &packets) |
bool | open () |
bool | open (bool appendMode) |
void | flush () |
void | close () |
void | getStatistics (PcapStats &stats) const |
bool | setFilter (std::string filterAsString) |
Public Member Functions inherited from pcpp::IFileWriterDevice | |
virtual | ~IFileWriterDevice () |
Public Member Functions inherited from pcpp::IFileDevice | |
std::string | getFileName () const |
Public Member Functions inherited from pcpp::IPcapDevice | |
bool | clearFilter () |
Public Member Functions inherited from pcpp::IDevice | |
bool | isOpened () |
Public Member Functions inherited from pcpp::IFilterableDevice | |
virtual bool | setFilter (GeneralFilter &filter) |
Additional Inherited Members | |
Static Public Member Functions inherited from pcpp::IPcapDevice | |
static std::string | getPcapLibVersionInfo () |
static bool | verifyFilter (std::string filterAsString) |
static bool | matchPacketWithFilter (std::string filterAsString, RawPacket *rawPacket) |
static bool | matchPacketWithFilter (GeneralFilter &filter, RawPacket *rawPacket) |
A class for opening a pcap-ng file for writing or creating a new pcap-ng file and write packets to it. This class adds unique capabilities such as writing metadata attributes into the file header, adding comments per packet and opening the file in append mode where packets are added to a file instead of overriding it. This capabilities are part of the pcap-ng standard but aren't supported in most tools and libraries
pcpp::PcapNgFileWriterDevice::PcapNgFileWriterDevice | ( | const std::string & | fileName, |
int | compressionLevel = 0 |
||
) |
A constructor for this class that gets the pcap-ng full path file name to open for writing or create. Notice that after calling this constructor the file isn't opened yet, so writing packets will fail. For opening the file call open()
[in] | fileName | The full path of the file |
[in] | compressionLevel | The compression level to use when writing the file, use 0 to disable compression or 10 for max compression. Default is 0 |
|
inlinevirtual |
A destructor for this class
|
virtual |
Flush and close the pcap-ng file
Reimplemented from pcpp::IFileDevice.
void pcpp::PcapNgFileWriterDevice::flush | ( | ) |
Flush packets to the pcap-ng file
|
virtual |
Get statistics of packets written so far.
[out] | stats | The stats struct where stats are returned |
Implements pcpp::IPcapDevice.
bool pcpp::PcapNgFileWriterDevice::open | ( | const std::string & | os, |
const std::string & | hardware, | ||
const std::string & | captureApp, | ||
const std::string & | fileComment | ||
) |
Open the file in a write mode. If file doesn't exist, it will be created. If it does exist it will be overwritten, meaning all its current content will be deleted. As opposed to open(), this method also allows writing several metadata attributes that will be stored in the header of the file
[in] | os | A string describing the operating system that was used to capture the packets. If this string is empty or null it will be ignored |
[in] | hardware | A string describing the hardware that was used to capture the packets. If this string is empty or null it will be ignored |
[in] | captureApp | A string describing the application that was used to capture the packets. If this string is empty or null it will be ignored |
[in] | fileComment | A string containing a user-defined comment that will be part of the metadata of the file. If this string is empty or null it will be ignored |
|
virtual |
Open the file in a write mode. If file doesn't exist, it will be created. If it does exist it will be overwritten, meaning all its current content will be deleted
Implements pcpp::IDevice.
|
virtual |
Same as open(), but enables to open the file in append mode in which packets will be appended to the file instead of overwrite its current content. In append mode file must exist, otherwise opening will fail
[in] | appendMode | A boolean indicating whether to open the file in append mode or not. If set to false this method will act exactly like open(). If set to true, file will be opened in append mode |
Implements pcpp::IFileWriterDevice.
|
virtual |
Set a filter for PcapNG writer device. Only packets that match the filter will be persisted
[in] | filterAsString | The filter to be set in Berkeley Packet Filter (BPF) syntax (http://biot.com/capstats/bpf.html) |
Reimplemented from pcpp::IPcapDevice.
bool pcpp::PcapNgFileWriterDevice::writePacket | ( | RawPacket const & | packet, |
const std::string & | comment | ||
) |
The pcap-ng format allows adding a user-defined comment for each stored packet. This method writes a RawPacket to the file and adds a comment to it. Before using this method please verify the file is opened using open(). This method won't change the written packet or the input comment
[in] | packet | A reference for an existing RawPcket to write to the file |
[in] | comment | The comment to be written for the packet. If this string is empty or null it will be ignored |
|
virtual |
Write a RawPacket to the file. Before using this method please verify the file is opened using open(). This method won't change the written packet
[in] | packet | A reference for an existing RawPcket to write to the file |
Implements pcpp::IFileWriterDevice.
|
virtual |
Write multiple RawPacket to the file. Before using this method please verify the file is opened using open(). This method won't change the written packets or the RawPacketVector instance
[in] | packets | A reference for an existing RawPcketVector, all of its packets will be written to the file |
Implements pcpp::IFileWriterDevice.