public static HeaderWithInterfacesDescriptions CreateEmptyHeadeWithInterfacesDescriptions(bool reverseBytesOrder)
{
SectionHeaderBlock header = SectionHeaderBlock.GetEmptyHeader(reverseBytesOrder);
InterfaceDescriptionBlock emptyInterface = InterfaceDescriptionBlock.GetEmptyInterfaceDescription(reverseBytesOrder);
return(new HeaderWithInterfacesDescriptions(header, new List <InterfaceDescriptionBlock>()
{
emptyInterface
}));
}
/// <summary>
/// Saves packets to a new temp file
/// </summary>
/// <param name="basePcapngFile">Possible back file to copy the packets from. Can be null if no such file exists</param>
/// <param name="packets">List of temporary packets to write. Might be empty ONLY IF <paramref name="basePcapngFile"/> is not NULL</param>
/// <returns>Path of the temporary PCAP that was created</returns>
public string WritePackets(PcapngWeakHandle basePcapngFile, IEnumerable <TempPacketSaveData> packets)
{
if (basePcapngFile != null)
{
return(DoExportBasedOfFile(basePcapngFile, packets));
}
if (packets == null || !packets.Any())
{
throw new ArgumentNullException(
$"WritePackets failed because both {nameof(basePcapngFile)} and {packets} where NULL/empty");
}
TimestampHelper tsh = new TimestampHelper(0, 0);
string pcapngPath = Path.ChangeExtension(Path.GetTempFileName(), "pcapng");
IEnumerable <LinkLayerType> allLinkLayers = packets.Select(packetData => packetData.LinkLayer).Distinct();
// A local "Link layer to Interface ID" dictionary
Dictionary <ushort, int> linkLayerToFakeInterfaceId = new Dictionary <ushort, int>();
int nextInterfaceId = 0;
// Collection of face interfaces we need to add
List <InterfaceDescriptionBlock> ifaceDescBlock = new List <InterfaceDescriptionBlock>();
foreach (LinkLayerType linkLayer in allLinkLayers)
{
InterfaceDescriptionBlock ifdb = new InterfaceDescriptionBlock((LinkTypes)linkLayer, ushort.MaxValue,
new InterfaceDescriptionOption(Comment: null, Name: "Fake interface " + nextInterfaceId));
ifaceDescBlock.Add(ifdb);
linkLayerToFakeInterfaceId.Add((ushort)linkLayer, nextInterfaceId);
nextInterfaceId++;
}
// Place all interfaaces in a header
HeaderWithInterfacesDescriptions hwid =
new HeaderWithInterfacesDescriptions(SectionHeaderBlock.GetEmptyHeader(false), ifaceDescBlock);
Haukcode.PcapngUtils.PcapNG.PcapNGWriter ngWriter = new PcapNGWriter(pcapngPath, new List <HeaderWithInterfacesDescriptions>()
{
hwid
});
foreach (TempPacketSaveData packet in packets)
{
int interfaceId = linkLayerToFakeInterfaceId[(ushort)packet.LinkLayer];
byte[] packetData = packet.Data;
EnhancedPacketBlock epb = new EnhancedPacketBlock(interfaceId, tsh, packetData.Length, packetData, new EnhancedPacketOption());
ngWriter.WritePacket(epb);
}
ngWriter.Dispose();
return(pcapngPath);
}
public void interface_description_block()
{
var interfaceDescriptionBlock = new InterfaceDescriptionBlock
{
Bytes = new Byte[] {
0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x14,
0x00, 0x01, 0x00, 0x00,
0x12, 0x34, 0x56, 0x78
}
};
interfaceDescriptionBlock.Should().NotBeAssignableTo <IPacket>();
interfaceDescriptionBlock.IsPacket.Should().Be(false);
interfaceDescriptionBlock.DataLinkType.Should().Be(PacketDataLinkType.Ethernet);
interfaceDescriptionBlock.MaxCapturedLength.Should().Be(0x12345678);
}
public (LinkLayerType linkLayer, byte[] data) GetPacket(int index)
{
if (_offsetsList == null || _offsetsList.Count <= index)
{
_offsetsList = _pcapngWeakHandle.GetPacketsOffsets();
}
EnhancedPacketBlock pkt = _pcapngWeakHandle.GetPacketAt(_offsetsList[index]);
var ifaces = _pcapngWeakHandle.GetInterfaces();
InterfaceDescriptionBlock iface = null;
try
{
iface = ifaces.ElementAt(pkt.AssociatedInterfaceID.Value);
}
catch (Exception ex)
{
Debug.WriteLine("Issues when " + ex);
}
return((LinkLayerType)iface.LinkType, pkt.Data);
}
private void Initialize(Stream stream, bool reverseByteOrder)
{
CustomContract.Requires <ArgumentNullException>(stream != null, "stream cannot be null");
CustomContract.Requires <Exception>(stream.CanRead == true, "cannot read stream");
Action <Exception> ReThrowException = (exc) =>
{
ExceptionDispatchInfo.Capture(exc).Throw();
};
this.ReverseByteOrder = reverseByteOrder;
this.stream = stream;
this.binaryReader = new BinaryReader(stream);
var preHeadersWithInterface = new List <KeyValuePair <SectionHeaderBlock, List <InterfaceDescriptionBlock> > >();
while (this.binaryReader.BaseStream.Position < this.binaryReader.BaseStream.Length && this.basePosition == 0)
{
AbstractBlock block = AbstractBlockFactory.ReadNextBlock(binaryReader, this.ReverseByteOrder, ReThrowException);
if (block == null)
{
break;
}
switch (block.BlockType)
{
case BaseBlock.Types.SectionHeader:
if (block is SectionHeaderBlock)
{
SectionHeaderBlock headerBlock = block as SectionHeaderBlock;
preHeadersWithInterface.Add(new KeyValuePair <SectionHeaderBlock, List <InterfaceDescriptionBlock> >(headerBlock, new List <InterfaceDescriptionBlock>()));
}
break;
case BaseBlock.Types.InterfaceDescription:
if (block is InterfaceDescriptionBlock)
{
InterfaceDescriptionBlock interfaceBlock = block as InterfaceDescriptionBlock;
if (preHeadersWithInterface.Any())
{
preHeadersWithInterface.Last().Value.Add(interfaceBlock);
}
else
{
throw new Exception(string.Format("[PcapNgReader.Initialize] stream must contains SectionHeaderBlock before any InterfaceDescriptionBlock"));
}
}
break;
default:
this.basePosition = block.PositionInStream;
break;
}
}
if (this.basePosition <= 0)
{
this.basePosition = this.binaryReader.BaseStream.Position;
}
if (!preHeadersWithInterface.Any())
{
throw new ArgumentException(string.Format("[PcapNgReader.Initialize] Stream don't contains any SectionHeaderBlock"));
}
if (!(from item in preHeadersWithInterface where (item.Value.Any()) select item).Any())
{
throw new ArgumentException(string.Format("[PcapNgReader.Initialize] Stream don't contains any InterfaceDescriptionBlock"));
}
this.headersWithInterface = (from item in preHeadersWithInterface
where (item.Value.Any())
select item)
.Select(x => new HeaderWithInterfacesDescriptions(x.Key, x.Value))
.ToList();
Rewind();
}
private string DoExportBasedOfFile(PcapngWeakHandle basePcapngFile, IEnumerable <TempPacketSaveData> packets)
{
if (!packets.Any())
{
// No packets, just return the pack of the pcapng file
return(basePcapngFile.Path);
}
// Some packets defined, need to create modified version of the file
string tempFile = Path.ChangeExtension(Path.GetTempFileName(), "pcapng");
File.Copy(basePcapngFile.Path, tempFile);
PcapngWeakHandle tempHandle = new PcapngWeakHandle(tempFile);
var offsets = tempHandle.GetPacketsOffsets();
var ifaces = tempHandle.GetInterfaces();
foreach (TempPacketSaveData packet in packets)
{
long packetOffset = offsets[packet.PacketNumber];
EnhancedPacketBlock replacedEpb = tempHandle.GetPacketAt(packetOffset);
InterfaceDescriptionBlock interfaceOfReplacedPacket = ifaces[replacedEpb.InterfaceID];
// TODO: Sooooo I'm having some issues here because I didn't carry the interface ID into the 'TempPacketSaveData' object
// nor did I allow the user to set which interface he wants to associate the packet to.
// I'm resorting to 2 heuristics:
// 1. If the Link Layer of the exported packet looks like the one of the replaced packet, use the replaced packet's iface ID
// 2. Otherwise, look for the first interface with the new link layer
// 3. Otheriwse - NOT IMPLEMENTED, will crash. (TODO: That's where we need to inject new interfaces descirption blocks...)
int ifacedId = -1;
if (interfaceOfReplacedPacket.LinkType == (LinkTypes)packet.LinkLayer)
{
ifacedId = replacedEpb.InterfaceID;
}
else
{
for (int i = 0; i < ifaces.Count; i++)
{
if (ifaces[i].LinkType == (LinkTypes)packet.LinkLayer)
{
ifacedId = i;
}
}
if (ifacedId == -1)
{
throw new ArgumentException(
$"Couldn't find an interface in the PCAPNG for the requested link layer of the exported packet. Link Layer: {packet.LinkLayer}");
}
}
EnhancedPacketBlock epb = new EnhancedPacketBlock(ifacedId,
replacedEpb.Timestamp,
packet.Data.Length,
packet.Data,
new EnhancedPacketOption()
);
tempHandle.ReplacePacket(packetOffset, epb);
}
return(tempFile);
}
