 |
Myra Canyon
v0.0.1-768
network control
|
|
|
Myra Canyon
v0.0.1-768
network control
|
|
The PktInfo class is meant to be easier to use than individually calling the L2 and L3 helper functions. More...
#include "PktInfo.hpp"
Public Member Functions | |
| ~PktInfo (void) | |
| Destructor. More... | |
| PktInfo & | clear (void) |
| Reset all of the information we've analyzed, preparing this object to be re-used. More... | |
| bool | empty (void) const |
| Determine if the PktInfo object has been cleared. More... | |
| PktInfo & | initialize (const uint8_t *raw_packet_buffer, const std::size_t new_len, const L2::Ethertype start_type=L2::Ethertype::Unknown) |
| Perform the analysis on the given raw packet buffer. More... | |
| bool | is_initialized (void) const |
| Quickly determine whether the PktInfo object has been initialized. More... | |
| std::string | type (void) const |
| Generate a 1- or 2-word description for this packet. More... | |
| std::string | debug_info (void) const |
| Generate a few lines of text describing the packet. For debug purposes only. More... | |
| uint16_t | get_l4_payload_len (void) const |
| Get the L4 payload length. More... | |
| PktInfo (void) | |
| Constructor. More... | |
| PktInfo (const uint8_t *raw, const std::size_t new_len, const L2::Ethertype start_type=L2::Ethertype::Unknown) | |
| Constructor. More... | |
| bool | is_l2 (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_arp (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_ipv4 (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_ipv6 (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_ip (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_tcp (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_udp (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_icmp (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| bool | is_icmpv6 (void) const |
| Simple and quick inline method to determine the existence of packet header pointer. More... | |
| const PktInfo & | get_tuple (Myra::AddrPort &a_p_1, Myra::AddrPort &a_p_2) const |
| Extract the tuples from this packet. More... | |
| const PktInfo & | get_tuple (Myra::FlowTuple &tuple) const |
| Extract the tuples from this packet. More... | |
| Myra::FlowTuple | get_tuple (void) const |
| Extract the tuples from this packet. More... | |
| const uint8_t * | get_l4_payload (void) const |
| Get the L4 payload (could be TCP, UDP, or ICMP). More... | |
| const char * | get_l4_payload_data (void) const |
| Get the L4 payload (could be TCP, UDP, or ICMP). More... | |
Public Attributes | |
| bool | initialized |
| Whether the packet information was initialized. More... | |
| const uint8_t * | raw |
| Raw packet data. More... | |
| std::size_t | len |
| Raw packet length. More... | |
| const L2::Header * | l2 |
Pointer to L2 header. Will be nullptr if the packet was obtained through netfilter queue. More... | |
| L2::Ethertype | l2_ethertype |
| Ethertype describes the L3 header. More... | |
| const L3_ARP::Header * | l3_arp |
L3 is ARP. This pointer will be nullptr when the packet is not ARP. More... | |
| const L3_IPv4::Header * | l3_ipv4 |
L3 is IPv4. This pointer will be nullptr when the packet is not IPv4. More... | |
| const L3_IPv6::Header * | l3_ipv6 |
L3 is IPv6. This pointer will be nullptr when the packet is not IPv6. More... | |
| L3_IP::Protocol | l3_protocol |
| Protocol describes the L4 header (if any). More... | |
| const L4_TCP::Header * | l4_tcp |
L4 is TCP. This pointer will be nullptr when the packet is not TCP. More... | |
| const L4_UDP::Header * | l4_udp |
L4 is UDP. This pointer will be nullptr when the packet is not UDP. More... | |
| const L4_ICMP::Header * | l4_icmp |
L4 is ICMP. This pointer will be nullptr when the packet is not ICMP. More... | |
| const L4_ICMPv6::Header * | l4_icmpv6 |
L4 is ICMPv6. This pointer will be nullptr when the packet is not IPv6. More... | |
| std::size_t | stats_index |
| Index (incoming versus outgoing) describing how this packet needs to be recorded in the database. More... | |
The PktInfo class is meant to be easier to use than individually calling the L2 and L3 helper functions.
It is also meant to be a very quick peek into L2, L3, and L4 of a single packet. It does not perform the functionality of the traffic and flow analysis! Identification of a flow from an individual packet (meaning generating the flow hash using Myra::hash()) requires at a bare minimum some of the L2-L4 fields from this quick look into the packet internals.
| Myra::PktInfo::~PktInfo | ( | void | ) |
Destructor.
| Myra::PktInfo::PktInfo | ( | void | ) |
Constructor.
| Myra::PktInfo::PktInfo | ( | const uint8_t * | raw, |
| const std::size_t | new_len, | ||
| const L2::Ethertype | start_type = L2::Ethertype::Unknown |
||
| ) |
Constructor.
| Myra::PktInfo & Myra::PktInfo::clear | ( | void | ) |
Reset all of the information we've analyzed, preparing this object to be re-used.
Calling this method will set the initialized field to false.
| std::string Myra::PktInfo::debug_info | ( | void | ) | const |
Generate a few lines of text describing the packet. For debug purposes only.
|
inline |
Determine if the PktInfo object has been cleared.
| const uint8_t * Myra::PktInfo::get_l4_payload | ( | void | ) | const |
Get the L4 payload (could be TCP, UDP, or ICMP).
|
inline |
Get the L4 payload (could be TCP, UDP, or ICMP).
| uint16_t Myra::PktInfo::get_l4_payload_len | ( | void | ) | const |
Get the L4 payload length.
| const Myra::PktInfo & Myra::PktInfo::get_tuple | ( | Myra::AddrPort & | a_p_1, |
| Myra::AddrPort & | a_p_2 | ||
| ) | const |
Extract the tuples from this packet.
| const Myra::PktInfo & Myra::PktInfo::get_tuple | ( | Myra::FlowTuple & | tuple | ) | const |
Extract the tuples from this packet.
| Myra::FlowTuple Myra::PktInfo::get_tuple | ( | void | ) | const |
Extract the tuples from this packet.
| Myra::PktInfo & Myra::PktInfo::initialize | ( | const uint8_t * | raw_packet_buffer, |
| const std::size_t | new_len, | ||
| const L2::Ethertype | start_type = L2::Ethertype::Unknown |
||
| ) |
Perform the analysis on the given raw packet buffer.
Calling this method with either nullptr or a length of zero is the equivalent of calling clear().
| std::invalid_argument | if the size is too small to at least represent a L2 header. |
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Quickly determine whether the PktInfo object has been initialized.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
|
inline |
Simple and quick inline method to determine the existence of packet header pointer.
| std::string Myra::PktInfo::type | ( | void | ) | const |
Generate a 1- or 2-word description for this packet.
Uses l2_ethertype and l3_protocol to generate the name. For example, may return IPv4+TCP or IPv6+ICMPv6.
Examples of packet types returned by this method:
"IPv6+UDP" "IPv4+TCP" "ARP" "unknown
| bool Myra::PktInfo::initialized |
Whether the packet information was initialized.
| const L2::Header* Myra::PktInfo::l2 |
Pointer to L2 header. Will be nullptr if the packet was obtained through netfilter queue.
| L2::Ethertype Myra::PktInfo::l2_ethertype |
Ethertype describes the L3 header.
| const L3_ARP::Header* Myra::PktInfo::l3_arp |
L3 is ARP. This pointer will be nullptr when the packet is not ARP.
| const L3_IPv4::Header* Myra::PktInfo::l3_ipv4 |
L3 is IPv4. This pointer will be nullptr when the packet is not IPv4.
| const L3_IPv6::Header* Myra::PktInfo::l3_ipv6 |
L3 is IPv6. This pointer will be nullptr when the packet is not IPv6.
| L3_IP::Protocol Myra::PktInfo::l3_protocol |
Protocol describes the L4 header (if any).
| const L4_ICMP::Header* Myra::PktInfo::l4_icmp |
L4 is ICMP. This pointer will be nullptr when the packet is not ICMP.
| const L4_ICMPv6::Header* Myra::PktInfo::l4_icmpv6 |
L4 is ICMPv6. This pointer will be nullptr when the packet is not IPv6.
| const L4_TCP::Header* Myra::PktInfo::l4_tcp |
L4 is TCP. This pointer will be nullptr when the packet is not TCP.
| const L4_UDP::Header* Myra::PktInfo::l4_udp |
L4 is UDP. This pointer will be nullptr when the packet is not UDP.
| std::size_t Myra::PktInfo::len |
Raw packet length.
| const uint8_t* Myra::PktInfo::raw |
Raw packet data.
| std::size_t Myra::PktInfo::stats_index |
Index (incoming versus outgoing) describing how this packet needs to be recorded in the database.
0 for outgoing packets. 1 for incoming packets. 
1.8.8