 |
TSDuck v3.40-3963
MPEG Transport Stream Toolkit
|
|
TSDuck v3.40-3963
MPEG Transport Stream Toolkit
|
Read a pcap or pcapng file with packet filtering. More...
#include <tsPcapFilter.h>
Public Member Functions | |
| PcapFilter ()=default | |
| Default constructor. | |
| bool | addressFilterIsSet () const |
| Check if the address filter is precisely set. | |
| virtual void | clearProtocolFilter () |
| Clear the set of protocols to filter, all protocols are accepted. | |
| virtual void | close () |
| Close the file. | |
| void | defineArgs (Args &args) |
| Add command line option definitions in an Args. | |
| const IPv4SocketAddress & | destinationFilter () const |
| Get the current destination filter. | |
| bool | endOfFile () const |
| Check if the end of file (or other error) has been reached. | |
| fs::path | fileName () const |
| Get the file name. | |
| uint64_t | fileSize () const |
| Get the total file size in bytes so far. | |
| cn::microseconds | firstTimestamp () const |
| Get the capture timestamp of the first packet in the file. | |
| uint64_t | ipv4PacketCount () const |
| Get the number of valid captured IPv4 packets so far. | |
| bool | isOpen () const |
| Check if the file is open. | |
| cn::microseconds | lastTimestamp () const |
| Get the capture timestamp of the last packet which was read from the file. | |
| bool | loadArgs (DuckContext &duck, Args &args) |
| Load arguments from command line. | |
| virtual bool | open (const fs::path &filename, Report &report) override |
| Open the file for read. | |
| const IPv4SocketAddress & | otherFilter (const IPv4SocketAddress &addr) const |
| Get the "other" filter (source or destination) based on the other one. | |
| uint64_t | packetCount () const |
| Get the number of captured packets so far. | |
| virtual bool | readIPv4 (IPv4Packet &packet, VLANIdStack &vlans, cn::microseconds ×tamp, Report &report) override |
| Read the next IPv4 packet (headers included). | |
| virtual void | setBidirectionalFilter (const IPv4SocketAddress &addr1, const IPv4SocketAddress &addr2) |
| Set a bidirectional address filter. | |
| virtual void | setDestinationFilter (const IPv4SocketAddress &addr) |
| Set a destination address filter. | |
| void | setFirstPacketFilter (size_t count) |
| Filter packets starting at the specified number. | |
| void | setFirstTimeOffset (cn::microseconds time) |
| Filter packets starting at the specified time offset from the beginning of the file. | |
| void | setFirstTimestamp (cn::microseconds time) |
| Filter packets starting at the specified timestamp. | |
| void | setLastPacketFilter (size_t count) |
| Filter packets up to the specified number. | |
| void | setLastTimeOffset (cn::microseconds time) |
| Filter packets up to the specified time offset from the beginning of the file. | |
| void | setLastTimestamp (cn::microseconds time) |
| Filter packets up to the specified timestamp. | |
| virtual void | setProtocolFilter (const std::set< uint8_t > &protocols) |
| Filter packets with the specified set of protocols. | |
| virtual void | setProtocolFilterTCP () |
| Filter TCP packets only. | |
| virtual void | setProtocolFilterUDP () |
| Filter UDP packets only. | |
| void | setReportAddressesFilterSeverity (int level) |
| Specify the severity to report the filtered addresses once (in non-wildcard mode). | |
| virtual void | setSourceFilter (const IPv4SocketAddress &addr) |
| Set a source address filter. | |
| virtual void | setWildcardFilter (bool on) |
| Set the source and destination address filter in wildcard mode. | |
| const IPv4SocketAddress & | sourceFilter () const |
| Get the current source filter. | |
| cn::microseconds | timeOffset (cn::microseconds timestamp) const |
| Compute the time offset from the beginning of the file of a packet timestamp. | |
| uint64_t | totalIPv4PacketsSize () const |
| Get the total size in bytes of valid captured IPv4 packets so far. | |
| uint64_t | totalPacketsSize () const |
| Get the total size in bytes of captured packets so far. | |
Static Public Member Functions | |
| static Time | ToTime (cn::microseconds timestamp) |
| Compute the date and time from a packet timestamp. | |
Read a pcap or pcapng file with packet filtering.
This class also sets filtering options from the command line: --first-packet, --first-timestamp, --first-date, --last-packet, --last-timestamp, --last-date.
|
inline |
Filter packets starting at the specified number.
The packet numbering counts all captured packets from the beginning of the file, starting at 1. This is the same value as seen on Wireshark in the leftmost column.
| [in] | count | Number of first captured packet to read. |
|
inline |
Filter packets up to the specified number.
The packet numbering counts all captured packets from the beginning of the file, starting at 1. This is the same value as seen on Wireshark in the leftmost column.
| [in] | count | Number of last captured packet to read. |
|
inline |
Filter packets starting at the specified time offset from the beginning of the file.
This is the same value as seen on Wireshark in the "Time" column (in seconds).
| [in] | time | First time offset in microseconds from the beginning of the capture. |
|
inline |
Filter packets up to the specified time offset from the beginning of the file.
This is the same value as seen on Wireshark in the "Time" column (in seconds).
| [in] | time | Last time offset in microseconds from the beginning of the capture. |
|
inline |
Filter packets starting at the specified timestamp.
| [in] | time | First timestamp, in microseconds from the UNIX epoch. |
|
inline |
Filter packets up to the specified timestamp.
| [in] | time | Last timestamp, in microseconds from the UNIX epoch. |
|
virtual |
Filter packets with the specified set of protocols.
| [in] | protocols | A set of 8-bit protocol values (eg. IPv4_PROTO_TCP, IPv4_PROTO_ICMP, etc.) If the filter is empty, all packets are passed (same as all protocol values set). |
|
virtual |
Set a source address filter.
| [in] | addr | Source address to filter. The port is meaningful only with TCP and UDP. |
|
virtual |
Set a destination address filter.
| [in] | addr | Destination address to filter. The port is meaningful only with TCP and UDP. |
|
virtual |
Set a bidirectional address filter.
Select packets where the source and destination addresses match the pair of filtered address, in any direction.
| [in] | addr1 | First address to filter, either source or destination. The port is meaningful only with TCP and UDP. |
| [in] | addr2 | Second address to filter, either source or destination. The port is meaningful only with TCP and UDP. |
Reimplemented in ts::PcapStream.
|
inline |
Get the current source filter.
In the case of non-wildcard filtering, after returning the first packet, this is the actual socket address of the filtered stream.
In the case of bidirectional filtering (for instance a TCP session), there is no real "source" or "destination". They are the two endpoints of the stream.
|
inline |
Get the current destination filter.
In the case of non-wildcard filtering, after returning the first packet, this is the actual socket address of the filtered stream.
In the case of bidirectional filtering (for instance a TCP session), there is no real "source" or "destination". They are the two endpoints of the stream.
|
virtual |
Set the source and destination address filter in wildcard mode.
When the address filter is in wildcard mode (the default), the unspecified parts of source and destination, address or port, act as wildcard for all packets.
When the wildcard mode is set to false, the first packet which matches the unspecified parts forces the addresses of that packet. In other words, the first packet which matches the wildcard forces a specific stream and all subsequent packets are filtered for that specific stream.
| [in] | on | If true, use wildcard mode for all packets. If false, the first packet which matches the wildcard forces a specific stream. |
| bool ts::PcapFilter::addressFilterIsSet | ( | ) | const |
Check if the address filter is precisely set.
Using address filtering, some addresses or port may be unspecified, acting as a wildcard. In non-wildcard mode, the first packet matching this wildcard is selected and the corresponding stream is then exclusively filtered. At this point, the filter is precisely set.
| const IPv4SocketAddress & ts::PcapFilter::otherFilter | ( | const IPv4SocketAddress & | addr | ) | const |
Get the "other" filter (source or destination) based on the other one.
| [in] | addr | A socket address, typically matching the source or destination filter. |
|
inline |
Specify the severity to report the filtered addresses once (in non-wildcard mode).
In non-wildcard mode, when the filtered addresses contain non-specified fields, the first packet which matches the filters define the stream. At this point, the selected stream is displayed (in debug mode by default). This function redefines the severity level (info or verbose for instance).
| [in] | level | Severity level to use. |
| void ts::PcapFilter::defineArgs | ( | Args & | args | ) |
Add command line option definitions in an Args.
| [in,out] | args | Command line arguments to update. |
| bool ts::PcapFilter::loadArgs | ( | DuckContext & | duck, |
| Args & | args | ||
| ) |
Load arguments from command line.
Args error indicator is set in case of incorrect arguments.
| [in,out] | duck | TSDuck execution context. |
| [in,out] | args | Command line arguments. |
|
overridevirtual |
Open the file for read.
| [in] | filename | File name. If empty or "-", use standard input. |
| [in,out] | report | Where to report errors. |
Reimplemented from ts::PcapFile.
Reimplemented in ts::PcapStream.
|
overridevirtual |
Read the next IPv4 packet (headers included).
Skip intermediate metadata and other types of packets.
| [out] | packet | Received IPv4 packet. |
| [out] | vlans | Stack of VLAN encapsulation from which the packet is extracted. |
| [out] | timestamp | Capture timestamp in microseconds since Unix epoch or -1 if none is available. |
| [in,out] | report | Where to report error. |
Reimplemented from ts::PcapFile.
|
inlineinherited |
Check if the file is open.
|
inlineinherited |
Get the file name.
|
inlineinherited |
Get the number of captured packets so far.
This includes all packets, not only IPv4 packets. This value is the number of the last returned packet, as seen in the left-most column in Wireshark interface.
|
inlineinherited |
Check if the end of file (or other error) has been reached.
|
inlineinherited |
Get the number of valid captured IPv4 packets so far.
|
inlineinherited |
Get the total file size in bytes so far.
|
inlineinherited |
Get the total size in bytes of captured packets so far.
This includes all packets, including link-layer headers when present.
|
inlineinherited |
Get the total size in bytes of valid captured IPv4 packets so far.
This includes all IPv4 headers but not link-layer headers when present.
|
inlineinherited |
Get the capture timestamp of the first packet in the file.
|
inlineinherited |
Get the capture timestamp of the last packet which was read from the file.
|
inlineinherited |
Compute the time offset from the beginning of the file of a packet timestamp.
| [in] | timestamp | Capture timestamp of a packet in the file. |
|
inlinestaticinherited |
Compute the date and time from a packet timestamp.
| [in] | timestamp | Capture timestamp of a packet in a file. |
|
virtualinherited |
Close the file.
Do not reset counters, file names, etc. The last values before close() are still accessible.
1.9.8