private PcapNgInterface _iface; // holds link to interface to which frame belongs
/// <summary>
/// Constructor used when indexing
/// </summary>
public PmFramePcapNg(
PmCaptureBase pmCapture,
Int64 fraIndex,
Int64 fraOffset,
PmLinkType pmLinkType,
DateTime timeStamp,
Int64 oriLength,
Int64 incLength,
FrameBLockType type,
PcapNgInterface iface) : base(pmCapture, pmLinkType, timeStamp, incLength, PmFrameType.PcapNg, fraIndex, oriLength)
{
this.FrameOffset = fraOffset;
this._blockType = type;
this._iface = iface;
UInt32 startOffset = 0;
switch (this._blockType)
{
case FrameBLockType.EnhancedPacket:
startOffset = 28;
break;
case FrameBLockType.SimplePacket:
startOffset = 12;
break;
case FrameBLockType.PacketBlock:
startOffset = 28;
break;
}
this.L2Offset = this.FrameOffset + startOffset;
}
/// <summary>
/// Constructor when adding new frame that has no L2 and above information filles
/// </summary>
protected PmFrameBase(PmCaptureBase pmCapture, PmLinkType pmLinkType, DateTime timeStamp, Int64 incLength)
{
this.PmCapture = pmCapture;
this.PmLinkType = pmLinkType;
this.TimeStamp = timeStamp;
this.IncludedLength = incLength;
this.PmCapture.Frames.Add(this);
}
/// <summary>
/// Constructor used when indexing
/// </summary>
public PmFramePcap(
PmCaptureBase pmCapture,
Int64 fraIndex,
Int64 fraOffset,
PmLinkType pmLinkType,
DateTime timeStamp,
Int64 oriLength,
Int64 incLength) : base(pmCapture, pmLinkType, timeStamp, incLength, PmFrameType.Pcap, fraIndex, oriLength)
{
this.FrameOffset = fraOffset;
this.L2Offset = this.FrameOffset + 16;
}
/// <summary>
/// Constructor when adding new frame that has no L2 and above information filles
/// </summary>
protected PmFrameBase(PmCaptureBase pmCapture, PmLinkType pmLinkType, DateTime timeStamp, Int64 incLength, PmFrameType frameType, long frameIndex, long originalLength)
{
this.PmCapture = pmCapture;
this.PmLinkType = pmLinkType;
this.TimeStamp = timeStamp;
this.IncludedLength = incLength;
this.PmFrameType = frameType;
this.FrameIndex = frameIndex;
this.OriginalLength = originalLength;
this.PmCapture.Frames.Add(this);
}
/// <summary>
/// Constructor used when indexing
/// </summary>
public PmFrameMnm(
PmCaptureBase pmCapture,
UInt32 fraIndex,
UInt32 fraOffset,
PmLinkType pmLinkType,
DateTime timeStamp,
Int32 oriLength,
Int32 incLength) : base(pmCapture, pmLinkType, timeStamp, incLength, PmFrameType.Mnm, fraIndex, oriLength)
{
this.FrameOffset = fraOffset;
this.L2Offset = this.FrameOffset + 16;
}
/// <summary> Pragma function reeturning if file type is supproted by this app.</summary>
/// <param name="pmLinkType"> CaptureProcessor file type. </param>
/// <returns> If type is supported then returns true otherwise false.</returns>
public static Boolean IsSupportedLinkType(PmLinkType pmLinkType)
{
switch (pmLinkType)
{
case PmLinkType.Ethernet:
case PmLinkType.Fddi:
case PmLinkType.Raw:
case PmLinkType.Ieee80211:
case PmLinkType.AtmRfc1483:
return(true);
default:
return(false);
}
}
public readonly ImmutableList <IFragment> Fragments; // NOTE: Current implementation uses copied data instead of offsets in capture file.
private PmFrameEncapsulated(
PmCaptureBase pmCapture,
PmLinkType pmLinkType,
DateTime timeStamp,
long frameIndex,
long incLength,
long originalLength,
ImmutableList <IFragment> fragments) : base(pmCapture, pmLinkType, timeStamp, incLength, PmFrameType.Encapsulated, frameIndex, originalLength)
{
this.Fragments = fragments ?? throw new ArgumentNullException(nameof(fragments));
// copy data from fragments to array in memory
// NOTE: Current implementation uses copied data instead of offsets in capture file.
var data = new List <Byte>();
foreach (var fragment in fragments)
{
data.AddRange(fragment.Payload);
}
this.L2DataEncapsulated = data.ToArray();
}
private static PcapNgLinkType ConvertCommonLayer2ToPcapNgLayer2(PmLinkType pmLinkType)
{
switch (pmLinkType)
{
case PmLinkType.Ethernet:
return(PcapNgLinkType.LinktypeEthernet);
case PmLinkType.Fddi:
return(PcapNgLinkType.LinktypeFddi);
case PmLinkType.Raw:
return(PcapNgLinkType.LinktypeRaw);
case PmLinkType.Ieee80211:
return(PcapNgLinkType.LinktypeIeee80211);
case PmLinkType.AtmRfc1483:
return(PcapNgLinkType.LinktypeAtmRfc1483);
default:
return(PcapNgLinkType.LinktypeNull);
}
}
/// <summary>
/// Converts common suppored link type to appropriate LibPcap L2 type
/// </summary>
/// <param name="linkaType">Input enumartion LinkType</param>
/// <returns>Returns output enumarion LibPcap LinkType</returns>
private static TcpdLinkType ConvertCommonLayer2ToPcapLayer2(PmLinkType linkaType)
{
switch (linkaType)
{
case PmLinkType.Ethernet:
return(TcpdLinkType.Ethernet);
case PmLinkType.Fddi:
return(TcpdLinkType.Fddi);
case PmLinkType.Raw:
return(TcpdLinkType.Raw);
case PmLinkType.Ieee80211:
return(TcpdLinkType.Ieee80211);
case PmLinkType.AtmRfc1483:
return(TcpdLinkType.AtmRfc1483);
default:
return(TcpdLinkType.Null);
}
}
/// <summary>
/// Initialize FrameTables and appropriate FrameVectors from input file
/// </summary>
protected override async Task <Boolean> ParseCaptureFile()
{
try
{
this.ParseTcpdHeader();
this._pmLinkType = ConvertPcapLayer2ToCommonLayer2(this._pcapLinkType);
await this.ParseTcpdFrameTable();
}
catch (EndOfStreamException ex)
{
//todo fix
//Log.Error("Some packet was malformed and ended prematurely.", ex);
PmConsolePrinter.PrintError("Error>\n" + ex.Message);
}
catch (Exception ex) //todo to general
{
//todo fix
//Log.Error("PmCaptureProcessorPcap General error", ex);
PmConsolePrinter.PrintError("Error>\n" + ex.Message);
return(false);
}
return(true);
}
/// <summary> Convert link type to packetdot net.</summary>
/// <param name="typ"> The typ. </param>
/// <returns> The link converted type to packetdot net.</returns>
public static LinkLayers ConvertLinkTypeToPacketdotNet(PmLinkType typ)
{
switch (typ)
{
case PmLinkType.Ieee80211:
return(LinkLayers.Ieee80211);
case PmLinkType.Raw:
return(LinkLayers.Raw);
case PmLinkType.Fddi:
return(LinkLayers.Fddi);
case PmLinkType.AtmRfc1483:
return(LinkLayers.AtmRfc1483);
// ReSharper disable RedundantCaseLabel
case PmLinkType.Ethernet:
// ReSharper restore RedundantCaseLabel
default:
return(LinkLayers.Ethernet);
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="linkLayer"></param>
/// <param name="packetData"></param>
public PmPacket(PmLinkType linkLayer, Byte[] packetData)
{
this.PacketInfo = Packet.ParsePacket(PmSupportedTypes.ConvertLinkTypeToPacketdotNet(linkLayer), packetData);
this.UpdateCalculatedOffsets();
}
