summaryrefslogtreecommitdiff
path: root/libopie2/opienet/opcap.h
Side-by-side diff
Diffstat (limited to 'libopie2/opienet/opcap.h') (more/less context) (ignore whitespace changes)
-rw-r--r--libopie2/opienet/opcap.h21
1 files changed, 17 insertions, 4 deletions
diff --git a/libopie2/opienet/opcap.h b/libopie2/opienet/opcap.h
index ad5b07c..9119972 100644
--- a/libopie2/opienet/opcap.h
+++ b/libopie2/opienet/opcap.h
@@ -70,96 +70,98 @@ class QSocketNotifier;
*======================================================================================*/
/** @brief A class representing a data frame on the wire.
*
* The whole family of the packet classes are used when capturing frames from a network.
* Most standard network protocols in use share a common architecture, which mostly is
* a packet header and then the packet payload. In layered architectures, each lower layer
* encapsulates data from its upper layer - that is it
* treats the data from its upper layer as payload and prepends an own header to the packet,
* which - again - is treated as the payload for the layer below. The figure below is an
* example for how such a data frame is composed out of packets, e.g. when sending a mail.
*
* <pre>
* | User Data | == Mail Data
* | SMTP Header | User Data | == SMTP
* | TCP Header | SMTP Header | User Data | == TCP
* | IP Header | TCP Header | SMTP Header | User Data | == IP
* | MAC Header | IP Header | TCP Header | SMTP Header | User Data | == MAC
*
* </pre>
*
* The example is trimmed for simplicity, because the MAC (Medium Access Control) layer
* also contains a few more levels of encapsulation.
* Since the type of the payload is more or less independent from the encapsulating protocol,
* the header must be inspected before attempting to decode the payload. Hence, the
* encapsulation level varies and can't be deduced without actually looking into the packets.
*
* For actually working with captured frames, it's useful to identify the packets via names and
* insert them into a parent/child - relationship based on the encapsulation. This is why
* all packet classes derive from QObject. The amount of overhead caused by the QObject is
* not a problem in this case, because we're talking about a theoratical maximum of about
* 10 packets per captured frame. We need to stuff them into a searchable list anyway and the
* QObject also cares about destroying the sub-, (child-) packets.
*
* This enables us to perform a simple look for packets of a certain type:
* @code
* OPacketCapturer* pcap = new OPacketCapturer();
* pcap->open( "eth0" );
* OPacket* p = pcap->next();
* OIPPacket* ip = (OIPPacket*) p->child( "IP" ); // returns 0, if no such child exists
* odebug << "got ip packet from " << ip->fromIPAddress().toString() << " to " << ip->toIPAddress().toString() << oendl;
*
*/
class OPacket : public QObject
{
Q_OBJECT
+ friend class OPacketCapturer;
+
public:
OPacket( int datalink, packetheaderstruct, const unsigned char*, QObject* parent );
virtual ~OPacket();
timevalstruct timeval() const;
int caplen() const;
int len() const;
QString dump( int = 32 ) const;
void updateStats( QMap<QString,int>&, QObjectList* );
private:
const packetheaderstruct _hdr; // pcap packet header
const unsigned char* _data; // pcap packet data
const unsigned char* _end; // end of pcap packet data
};
/*======================================================================================
* OEthernetPacket - DLT_EN10MB frame
*======================================================================================*/
class OEthernetPacket : public QObject
{
Q_OBJECT
public:
OEthernetPacket( const unsigned char*, const struct ether_header*, QObject* parent = 0 );
virtual ~OEthernetPacket();
OMacAddress sourceAddress() const;
OMacAddress destinationAddress() const;
int type() const;
private:
const struct ether_header* _ether;
};
/*======================================================================================
* OPrismHeaderPacket - DLT_PRISM_HEADER frame
*======================================================================================*/
class OPrismHeaderPacket : public QObject
{
Q_OBJECT
public:
OPrismHeaderPacket( const unsigned char*, const struct prism_hdr*, QObject* parent = 0 );
@@ -479,128 +481,139 @@ class OUDPPacket : public QObject
private:
const struct udphdr* _udphdr;
};
/*======================================================================================
* OTCPPacket
*======================================================================================*/
class OTCPPacket : public QObject
{
Q_OBJECT
public:
OTCPPacket( const unsigned char*, const struct tcphdr*, QObject* parent = 0 );
virtual ~OTCPPacket();
int fromPort() const;
int toPort() const;
private:
const struct tcphdr* _tcphdr;
};
/*======================================================================================
* OPacketCapturer
*======================================================================================*/
/**
* @brief A class based wrapper for network packet capturing.
*
* This class is the base of a high-level interface to the well known packet capturing
* library libpcap. ...
*/
class OPacketCapturer : public QObject
{
Q_OBJECT
public:
/**
* Constructor.
*/
OPacketCapturer( QObject* parent = 0, const char* name = 0 );
/**
* Destructor.
*/
~OPacketCapturer();
/**
- * Setting the packet capturer to use blocking IO calls can be useful when
+ * Set the packet capturer to use blocking or non-blocking IO. This can be useful when
* not using the socket notifier, e.g. without an application object.
*/
void setBlocking( bool );
/**
* @returns true if the packet capturer uses blocking IO calls.
*/
bool blocking() const;
/**
- * Closes the packet capturer. This is automatically done in the destructor.
+ * Close the packet capturer. This is automatically done in the destructor.
*/
void close();
/**
+ * Close the output capture file.
+ */
+ void closeDumpFile();
+ /**
* @returns the data link type.
* @see <pcap.h> for possible values.
*/
int dataLink() const;
/**
+ * Dump a packet to the output capture file.
+ */
+ void dump( OPacket* );
+ /**
* @returns the file descriptor of the packet capturer. This is only useful, if
* not using the socket notifier, e.g. without an application object.
*/
int fileno() const;
/**
* @returns the next @ref OPacket from the packet capturer.
* @note If blocking mode is true then this call might block.
*/
OPacket* next();
/**
* Open the packet capturer to capture packets in live-mode from @a interface.
- * If a @a filename is given, all captured packets are output to a tcpdump-compatible capture file.
*/
- bool open( const QString& interface, const QString& filename = QString::null );
+ bool open( const QString& interface );
/**
* Open the packet capturer to capture packets in offline-mode from @a file.
*/
bool open( const QFile& file );
/**
+ * Open a prerecorded tcpdump compatible capture file for use with @ref dump()
+ */
+ bool openDumpFile( const QString& filename );
+ /**
* @returns true if the packet capturer is open
*/
bool isOpen() const;
/**
* @returns the snapshot length of this packet capturer
*/
int snapShot() const;
/**
* @returns true if the input capture file has a different byte-order
* than the byte-order of the running system.
*/
bool swapped() const;
/**
* @returns the libpcap version string used to write the input capture file.
*/
QString version() const;
/**
* @returns the packet statistic database.
* @see QMap
*/
const QMap<QString,int>& statistics() const;
signals:
/**
* This signal is emitted, when a packet has been received.
*/
void receivedPacket( OPacket* );
protected slots:
void readyToReceive();
protected:
QString _name; // devicename
bool _open; // check this before doing pcap calls
pcap_t* _pch; // pcap library handle
pcap_dumper_t* _pcd; // pcap dumper handle
QSocketNotifier* _sn; // socket notifier for main loop
mutable char _errbuf[PCAP_ERRBUF_SIZE]; // holds error strings from libpcap
QMap<QString, int> _stats; // statistics;
};
#endif // OPCAP_H