public/libraries
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- add Pcap++ Windows build

Browse Source
This commit is contained in:
Dmytro Bogovych
2023-06-23 16:30:48 +03:00
parent 9fae569a23
commit 3c84cbb96b
115 changed files with 31597 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

392
pcappp/include/pcapplusplus/Packet.h Normal file
View File

@@ -0,0 +1,392 @@
#ifndef PACKETPP_PACKET
#define PACKETPP_PACKET
#include "RawPacket.h"
#include "Layer.h"
#include <vector>
/// @file
/**
* \namespace pcpp
* \brief The main namespace for the PcapPlusPlus lib
*/
namespace pcpp
{
/**
* @class Packet
* This class represents a parsed packet. It contains the raw data (RawPacket instance), and a linked list of layers, each layer is a parsed
* protocol that this packet contains. The layers linked list is ordered where the first layer is the lowest in the packet (currently it's always
* Ethernet protocol as PcapPlusPlus supports only Ethernet packets), the next layer will be L2.5 or L3 (e.g VLAN, IPv4, IPv6, etc.), and so on.
* etc.), etc. The last layer in the linked list will be the highest in the packet.
* For example: for a standard HTTP request packet the layer will look like this: EthLayer -> IPv4Layer -> TcpLayer -> HttpRequestLayer <BR>
* Packet instance isn't read only. The user can add or remove layers, update current layer, etc.
*/
class Packet
{
friend class Layer;
private:
RawPacket* m_RawPacket;
Layer* m_FirstLayer;
Layer* m_LastLayer;
uint64_t m_ProtocolTypes;
size_t m_MaxPacketLen;
bool m_FreeRawPacket;
bool m_CanReallocateData;
public:
/**
* A constructor for creating a new packet (with no layers).
* When using this constructor an empty raw buffer is allocated (with the size of maxPacketLen) and a new RawPacket is created
* @param[in] maxPacketLen The expected packet length in bytes
*/
Packet(size_t maxPacketLen = 1);
/**
* A constructor for creating a new packet with a buffer that is pre-allocated by the user.
* The packet is created empty (with no layers), which means the constructor doesn't parse the data in the buffer.
* Instead, all of the raw data of this packet it written to this buffer: whenever a layer is added, it's data is written to this buffer.
* The buffer isn't freed and it's content isn't erased when the packet object is deleted.
* This constructor is useful when you already have a memory buffer and you want to create packet data in it.
* @param[in] buffer A pointer to a pre-allocated memory buffer
* @param[in] bufferSize The size of the buffer
*/
Packet(uint8_t* buffer, size_t bufferSize);
/**
* A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network.
* When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers
* are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free
* the instance of raw packet when the Packet is free or not
* @param[in] rawPacket A pointer to the raw packet
* @param[in] freeRawPacket Optional parameter. A flag indicating if the destructor should also call the raw packet destructor or not. Default value is false
* @param[in] parseUntil Optional parameter. Parse the packet until you reach a certain protocol (inclusive). Can be useful for cases when you need to parse only up to a
* certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet. Default value is ::UnknownProtocol which means don't take this
* parameter into account
* @param[in] parseUntilLayer Optional parameter. Parse the packet until you reach a certain layer in the OSI model (inclusive). Can be useful for cases when you need to
* parse only up to a certain OSI layer (for example transport layer) and want to avoid the performance impact and memory consumption of parsing the whole packet.
* Default value is ::OsiModelLayerUnknown which means don't take this parameter into account
*/
Packet(RawPacket* rawPacket, bool freeRawPacket = false, ProtocolType parseUntil = UnknownProtocol, OsiModelLayer parseUntilLayer = OsiModelLayerUnknown);
/**
* A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network.
* When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers
* are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free
* the instance of raw packet when the Packet is free or not. This constructor should be used to parse the packet up to a certain layer
* @param[in] rawPacket A pointer to the raw packet
* @param[in] parseUntil Optional parameter. Parse the packet until you reach a certain protocol (inclusive). Can be useful for cases when you need to parse only up to a
* certain layer and want to avoid the performance impact and memory consumption of parsing the whole packet
*/
Packet(RawPacket* rawPacket, ProtocolType parseUntil);
/**
* A constructor for creating a packet out of already allocated RawPacket. Very useful when parsing packets that came from the network.
* When using this constructor a pointer to the RawPacket is saved (data isn't copied) and the RawPacket is parsed, meaning all layers
* are created and linked to each other in the right order. In this overload of the constructor the user can specify whether to free
* the instance of raw packet when the Packet is free or not. . This constructor should be used to parse the packet up to a certain layer in the OSI model
* @param[in] rawPacket A pointer to the raw packet
* @param[in] parseUntilLayer Optional parameter. Parse the packet until you reach a certain layer in the OSI model (inclusive). Can be useful for cases when you need to
* parse only up to a certain OSI layer (for example transport layer) and want to avoid the performance impact and memory consumption of parsing the whole packet
*/
Packet(RawPacket* rawPacket, OsiModelLayer parseUntilLayer);
/**
* A destructor for this class. Frees all layers allocated by this instance (Notice: it doesn't free layers that weren't allocated by this
* class, for example layers that were added by addLayer() or insertLayer() ). In addition it frees the raw packet if it was allocated by
* this instance (meaning if it was allocated by this instance constructor)
*/
virtual ~Packet() { destructPacketData(); }
/**
* A copy constructor for this class. This copy constructor copies all the raw data and re-create all layers. So when the original Packet
* is being freed, no data will be lost in the copied instance
* @param[in] other The instance to copy from
*/
Packet(const Packet& other) { copyDataFrom(other); }
/**
* Assignment operator overloading. It first frees all layers allocated by this instance (Notice: it doesn't free layers that weren't allocated by this
* class, for example layers that were added by addLayer() or insertLayer() ). In addition it frees the raw packet if it was allocated by
* this instance (meaning if it was allocated by this instance constructor).
* Afterwards it copies the data from the other packet in the same way used in the copy constructor.
* @param[in] other The instance to copy from
*/
Packet& operator=(const Packet& other);
/**
* Get a pointer to the Packet's RawPacket
* @return A pointer to the Packet's RawPacket
*/
RawPacket* getRawPacket() const { return m_RawPacket; }
/**
* Set a RawPacket and re-construct all packet layers
* @param[in] rawPacket Raw packet to set
* @param[in] freeRawPacket A flag indicating if the destructor should also call the raw packet destructor or not
* @param[in] parseUntil Parse the packet until it reaches this protocol. Can be useful for cases when you need to parse only up to a certain layer and want to avoid the
* performance impact and memory consumption of parsing the whole packet. Default value is ::UnknownProtocol which means don't take this parameter into account
* @param[in] parseUntilLayer Parse the packet until certain layer in OSI model. Can be useful for cases when you need to parse only up to a certain layer and want to avoid the
* performance impact and memory consumption of parsing the whole packet. Default value is ::OsiModelLayerUnknown which means don't take this parameter into account
*/
void setRawPacket(RawPacket* rawPacket, bool freeRawPacket, ProtocolType parseUntil = UnknownProtocol, OsiModelLayer parseUntilLayer = OsiModelLayerUnknown);
/**
* Get a pointer to the Packet's RawPacket in a read-only manner
* @return A pointer to the Packet's RawPacket
*/
RawPacket* getRawPacketReadOnly() const { return m_RawPacket; }
/**
* Get a pointer to the first (lowest) layer in the packet
* @return A pointer to the first (lowest) layer in the packet
*/
Layer* getFirstLayer() const { return m_FirstLayer; }
/**
* Get a pointer to the last (highest) layer in the packet
* @return A pointer to the last (highest) layer in the packet
*/
Layer* getLastLayer() const { return m_LastLayer; }
/**
* Add a new layer as the last layer in the packet. This method gets a pointer to the new layer as a parameter
* and attaches it to the packet. Notice after calling this method the input layer is attached to the packet so
* every change you make in it affect the packet; Also it cannot be attached to other packets
* @param[in] newLayer A pointer to the new layer to be added to the packet
* @param[in] ownInPacket If true, Packet fully owns newLayer, including memory deletion upon destruct. Default is false.
* @return True if everything went well or false otherwise (an appropriate error log message will be printed in
* such cases)
*/
bool addLayer(Layer* newLayer, bool ownInPacket = false) { return insertLayer(m_LastLayer, newLayer, ownInPacket); }
/**
* Insert a new layer after an existing layer in the packet. This method gets a pointer to the new layer as a
* parameter and attaches it to the packet. Notice after calling this method the input layer is attached to the
* packet so every change you make in it affect the packet; Also it cannot be attached to other packets
* @param[in] prevLayer A pointer to an existing layer in the packet which the new layer should followed by. If
* this layer isn't attached to a packet and error will be printed to log and false will be returned
* @param[in] newLayer A pointer to the new layer to be added to the packet
* @param[in] ownInPacket If true, Packet fully owns newLayer, including memory deletion upon destruct. Default is false.
* @return True if everything went well or false otherwise (an appropriate error log message will be printed in
* such cases)
*/
bool insertLayer(Layer* prevLayer, Layer* newLayer, bool ownInPacket = false);
/**
* Remove an existing layer from the packet. The layer to removed is identified by its type (protocol). If the
* packet has multiple layers of the same type in the packet the user may specify the index of the layer to remove
* (the default index is 0 - remove the first layer of this type). If the layer was allocated during packet creation
* it will be deleted and any pointer to it will get invalid. However if the layer was allocated by the user and
* manually added to the packet it will simply get detached from the packet, meaning the pointer to it will stay
* valid and its data (that was removed from the packet) will be copied back to the layer. In that case it's
* the user's responsibility to delete the layer instance
* @param[in] layerType The layer type (protocol) to remove
* @param[in] index If there are multiple layers of the same type, indicate which instance to remove. The default
* value is 0, meaning remove the first layer of this type
* @return True if everything went well or false otherwise (an appropriate error log message will be printed in
* such cases)
*/
bool removeLayer(ProtocolType layerType, int index = 0);
/**
* Remove the first layer in the packet. The layer will be deleted if it was allocated during packet creation, or detached
* if was allocated outside of the packet. Please refer to removeLayer() to get more info
* @return True if layer removed successfully, or false if removing the layer failed or if there are no layers in the
* packet. In any case of failure an appropriate error log message will be printed
*/
bool removeFirstLayer();
/**
* Remove the last layer in the packet. The layer will be deleted if it was allocated during packet creation, or detached
* if was allocated outside of the packet. Please refer to removeLayer() to get more info
* @return True if layer removed successfully, or false if removing the layer failed or if there are no layers in the
* packet. In any case of failure an appropriate error log message will be printed
*/
bool removeLastLayer();
/**
* Remove all layers that come after a certain layer. All layers removed will be deleted if they were allocated during
* packet creation or detached if were allocated outside of the packet, please refer to removeLayer() to get more info
* @param[in] layer A pointer to the layer to begin removing from. Please note this layer will not be removed, only the
* layers that come after it will be removed. Also, if removal of one layer failed, the method will return immediately and
* the following layers won't be deleted
* @return True if all layers were removed successfully, or false if failed to remove at least one layer. In any case of
* failure an appropriate error log message will be printed
*/
bool removeAllLayersAfter(Layer* layer);
/**
* Detach a layer from the packet. Detaching means the layer instance will not be deleted, but rather separated from the
* packet - e.g it will be removed from the layer chain of the packet and its data will be copied from the packet buffer
* into an internal layer buffer. After a layer is detached, it can be added into another packet (but it's impossible to
* attach a layer to multiple packets in the same time). After layer is detached, it's the user's responsibility to
* delete it when it's not needed anymore
* @param[in] layerType The layer type (protocol) to detach from the packet
* @param[in] index If there are multiple layers of the same type, indicate which instance to detach. The default
* value is 0, meaning detach the first layer of this type
* @return A pointer to the detached layer or NULL if detaching process failed. In any case of failure an
* appropriate error log message will be printed
*/
Layer* detachLayer(ProtocolType layerType, int index = 0);
/**
* Detach a layer from the packet. Detaching means the layer instance will not be deleted, but rather separated from the
* packet - e.g it will be removed from the layer chain of the packet and its data will be copied from the packet buffer
* into an internal layer buffer. After a layer is detached, it can be added into another packet (but it's impossible to
* attach a layer to multiple packets at the same time). After layer is detached, it's the user's responsibility to
* delete it when it's not needed anymore
* @param[in] layer A pointer to the layer to detach
* @return True if the layer was detached successfully, or false if something went wrong. In any case of failure an
* appropriate error log message will be printed
*/
bool detachLayer(Layer* layer) { return removeLayer(layer, false); }
/**
* Get a pointer to the layer of a certain type (protocol). This method goes through the layers and returns a layer
* that matches the give protocol type
* @param[in] layerType The layer type (protocol) to fetch
* @param[in] index If there are multiple layers of the same type, indicate which instance to fetch. The default
* value is 0, meaning fetch the first layer of this type
* @return A pointer to the layer or NULL if no such layer was found
*/
Layer* getLayerOfType(ProtocolType layerType, int index = 0) const;
/**
* A templated method to get a layer of a certain type (protocol). If no layer of such type is found, NULL is returned
* @param[in] reverseOrder The optional parameter that indicates that the lookup should run in reverse order, the default value is false
* @return A pointer to the layer of the requested type, NULL if not found
*/
template<class TLayer>
TLayer* getLayerOfType(bool reverseOrder = false) const;
/**
* A templated method to get the first layer of a certain type (protocol), start searching from a certain layer.
* For example: if a packet looks like: EthLayer -> VlanLayer(1) -> VlanLayer(2) -> VlanLayer(3) -> IPv4Layer
* and the user put VlanLayer(2) as a parameter and wishes to search for a VlanLayer, VlanLayer(3) will be returned
* If no layer of such type is found, NULL is returned
* @param[in] startLayer A pointer to the layer to start search from
* @return A pointer to the layer of the requested type, NULL if not found
*/
template<class TLayer>
TLayer* getNextLayerOfType(Layer* startLayer) const;
/**
* A templated method to get the first layer of a certain type (protocol), start searching from a certain layer.
* For example: if a packet looks like: EthLayer -> VlanLayer(1) -> VlanLayer(2) -> VlanLayer(3) -> IPv4Layer
* and the user put VlanLayer(2) as a parameter and wishes to search for a VlanLayer, VlanLayer(1) will be returned
* If no layer of such type is found, NULL is returned
* @param[in] startLayer A pointer to the layer to start search from
* @return A pointer to the layer of the requested type, NULL if not found
*/
template<class TLayer>
TLayer* getPrevLayerOfType(Layer* startLayer) const;
/**
* Check whether the packet contains a certain protocol
* @param[in] protocolType The protocol type to search
* @return True if the packet contains the protocol, false otherwise
*/
bool isPacketOfType(ProtocolType protocolType) const { return m_ProtocolTypes & protocolType; }
/**
* Each layer can have fields that can be calculate automatically from other fields using Layer#computeCalculateFields(). This method forces all layers to calculate these
* fields values
*/
void computeCalculateFields();
/**
* Each layer can print a string representation of the layer most important data using Layer#toString(). This method aggregates this string from all layers and
* print it to a complete string containing all packet's relevant data
* @param[in] timeAsLocalTime Print time as local time or GMT. Default (true value) is local time, for GMT set to false
* @return A string containing most relevant data from all layers (looks like the packet description in Wireshark)
*/
std::string toString(bool timeAsLocalTime = true) const;
/**
* Similar to toString(), but instead of one string it outputs a list of strings, one string for every layer
* @param[out] result A string vector that will contain all strings
* @param[in] timeAsLocalTime Print time as local time or GMT. Default (true value) is local time, for GMT set to false
*/
void toStringList(std::vector<std::string>& result, bool timeAsLocalTime = true) const;
private:
void copyDataFrom(const Packet& other);
void destructPacketData();
bool extendLayer(Layer* layer, int offsetInLayer, size_t numOfBytesToExtend);
bool shortenLayer(Layer* layer, int offsetInLayer, size_t numOfBytesToShorten);
void reallocateRawData(size_t newSize);
bool removeLayer(Layer* layer, bool tryToDelete);
std::string printPacketInfo(bool timeAsLocalTime) const;
Layer* createFirstLayer(LinkLayerType linkType);
}; // class Packet
// implementation of inline methods
template<class TLayer>
TLayer* Packet::getLayerOfType(bool reverse) const
{
if (!reverse)
{
if (dynamic_cast<TLayer*>(getFirstLayer()) != NULL)
return dynamic_cast<TLayer*>(getFirstLayer());
return getNextLayerOfType<TLayer>(getFirstLayer());
}
// lookup in reverse order
if (dynamic_cast<TLayer*>(getLastLayer()) != NULL)
return dynamic_cast<TLayer*>(getLastLayer());
return getPrevLayerOfType<TLayer>(getLastLayer());
}
template<class TLayer>
TLayer* Packet::getNextLayerOfType(Layer* curLayer) const
{
if (curLayer == NULL)
return NULL;
curLayer = curLayer->getNextLayer();
while ((curLayer != NULL) && (dynamic_cast<TLayer*>(curLayer) == NULL))
{
curLayer = curLayer->getNextLayer();
}
return dynamic_cast<TLayer*>(curLayer);
}
template<class TLayer>
TLayer* Packet::getPrevLayerOfType(Layer* curLayer) const
{
if (curLayer == NULL)
return NULL;
curLayer = curLayer->getPrevLayer();
while (curLayer != NULL && dynamic_cast<TLayer*>(curLayer) == NULL)
{
curLayer = curLayer->getPrevLayer();
}
return dynamic_cast<TLayer*>(curLayer);
}
} // namespace pcpp
inline std::ostream& operator<<(std::ostream& os, const pcpp::Packet& packet)
{
os << packet.toString();
return os;
}
#endif /* PACKETPP_PACKET */