Add extract_metadata to main PDU classes

include/tins/arp.h

@@ -72,6 +72,14 @@ public:
         REPLY   = 0x0002
     };
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief Constructs an ARP object using the provided addresses.
      * 

include/tins/bootp.h

@@ -333,7 +333,7 @@ protected:
     vend_type& vend() { return vend_; }
 
     void write_serialization(uint8_t* buffer, uint32_t total_sz, const PDU* parent);
-private:
+    
     /**
      * Struct that represents the Bootp datagram.
      */
@@ -355,6 +355,7 @@ private:
         uint8_t file[128];
     } TINS_END_PACK;
 
+private:
     bootp_header bootp_;
     vend_type vend_;
 };

include/tins/dhcp.h

@@ -172,6 +172,14 @@ public:
      */
     typedef std::list<option> options_type;
     
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /** 
      * \brief Creates an instance of DHCP.
      * 

include/tins/dhcpv6.h

@@ -412,6 +412,14 @@ public:
      */
     typedef std::vector<uint8_t> interface_id_type;
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * Default constructor.
      */

include/tins/dns.h

@@ -589,6 +589,14 @@ public:
     typedef IPv4Address address_type;
     typedef IPv6Address address_v6_type;
     
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+    
     /**
      * \brief Default constructor.
      * 

include/tins/dot1q.h

@@ -48,6 +48,14 @@ public:
      */
     static const PDU::PDUType pdu_flag = PDU::DOT1Q;
     
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * Default constructor
      */
@@ -192,7 +200,7 @@ private:
     void write_serialization(uint8_t* buffer, uint32_t total_sz, const PDU* parent);
 
     TINS_BEGIN_PACK
-    struct dot1q_hdr {
+    struct dot1q_header {
         #if TINS_IS_BIG_ENDIAN
             uint16_t priority:3,
                     cfi:1,
@@ -207,9 +215,9 @@ private:
         #endif
     } TINS_END_PACK;
     
-    static uint16_t get_id(const dot1q_hdr* hdr);
+    static uint16_t get_id(const dot1q_header* hdr);
     
-    dot1q_hdr header_;
+    dot1q_header header_;
     bool append_padding_;
 };
 }

include/tins/dot3.h

@@ -60,6 +60,14 @@ public:
      */
     static const address_type BROADCAST;
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief Constructor for creating an Dot3 PDU
      *

include/tins/eapol.h

@@ -69,6 +69,14 @@ public:
         EAPOL_WPA = 254
     };
     
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+    
     /**
      * \brief Static method to instantiate the correct EAPOL subclass 
      * based on a raw buffer.

include/tins/ethernetII.h

@@ -60,6 +60,14 @@ public:
      */
     static const address_type BROADCAST;
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief Constructs an ethernet II PDU.
      *

include/tins/icmp.h

@@ -92,6 +92,14 @@ public:
         ADDRESS_MASK_REPLY = 18
     };
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief Creates an instance of ICMP.
      *

include/tins/internals.h

@@ -128,7 +128,9 @@ PDU* pdu_from_dlt_flag(int flag, const uint8_t* buffer,
 PDU* pdu_from_flag(PDU::PDUType type, const uint8_t* buffer, uint32_t size);
 
 Constants::Ethernet::e pdu_flag_to_ether_type(PDU::PDUType flag);
+PDU::PDUType ether_type_to_pdu_flag(Constants::Ethernet::e flag);
 Constants::IP::e pdu_flag_to_ip_type(PDU::PDUType flag);
+PDU::PDUType ip_type_to_pdu_flag(Constants::IP::e flag);
 
 uint32_t get_padded_icmp_inner_pdu_size(const PDU* inner_pdu, uint32_t pad_alignment);
 void try_parse_icmp_extensions(Memory::InputMemoryStream& stream, 

include/tins/ip.h

@@ -246,6 +246,14 @@ public:
      */
     typedef std::list<option> options_type;
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief Constructor for building the IP PDU.
      *

include/tins/ipv6.h

@@ -89,6 +89,14 @@ public:
         NO_NEXT_HEADER = 59
     };
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief Constructs an IPv6 object.
      * 

include/tins/pdu.h

@@ -179,6 +179,7 @@ public:
         IPSEC_ESP,
         PKTAP,
         MPLS,
+        UNKNOWN = 999,
         USER_DEFINED_PDU = 1000
     };
     
@@ -188,6 +189,37 @@ public:
      */
     static const endian_type endianness = BE;
 
+    /**
+     * \brief Type used to store a PDU header's data.
+     */
+    struct metadata {
+        /**
+         * \brief Default constructor
+         */
+        metadata();
+        
+        /**
+         * \brief Constructs an instance of metadata using the given values
+    
+         */
+        metadata(uint32_t header_size, PDUType current_type, PDUType next_type);
+
+        /**
+         * The total header size for the current protocol
+         */
+        uint32_t header_size;
+
+        /**
+         * The current PDU type
+         */
+        PDUType current_pdu_type;
+
+        /**
+         * The next PDU type
+         */
+        PDUType next_pdu_type;
+    };
+
     /** 
      * \brief Default constructor.
      */

include/tins/tcp.h

@@ -139,6 +139,14 @@ public:
      */
     typedef std::vector<uint32_t> sack_type;
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /**
      * \brief TCP constructor.
      *

include/tins/tins.h

@@ -74,5 +74,6 @@
 #include "ipsec.h"
 #include "ip_reassembler.h"
 #include "ppi.h"
+#include "packet_view.h"
 
 #endif // TINS_TINS_H

include/tins/udp.h

@@ -67,6 +67,14 @@ public:
      */
     static const PDU::PDUType pdu_flag = PDU::UDP;
 
+    /**
+     * \brief Extracts metadata for this protocol based on the buffer provided
+     *
+     * \param buffer Pointer to a buffer
+     * \param total_sz Size of the buffer pointed by buffer
+     */
+    static metadata extract_metadata(const uint8_t *buffer, uint32_t total_sz);
+
     /** 
      * \brief UDP constructor.
      *

src/arp.cpp

@@ -43,6 +43,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata ARP::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(arp_header))) {
+        throw malformed_packet();
+    }
+    return metadata(sizeof(arp_header), pdu_flag, PDU::UNKNOWN);
+}
+
 ARP::ARP(ipaddress_type target_ip, 
          ipaddress_type sender_ip, 
          const hwaddress_type& target_hw, 

src/dhcp.cpp

@@ -47,6 +47,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata DHCP::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(bootp_header))) {
+        throw malformed_packet();
+    }
+    return metadata(total_sz, pdu_flag, PDU::UNKNOWN);
+}
+
 // Magic cookie: uint32_t. 
 DHCP::DHCP() 
 : size_(sizeof(uint32_t)) {

src/dhcpv6.cpp

@@ -45,6 +45,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata DHCPv6::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < 2)) {
+        throw malformed_packet();
+    }
+    return metadata(total_sz, pdu_flag, PDU::UNKNOWN);
+}
+
 DHCPv6::DHCPv6() 
 : header_data_(), options_size_() {
 

src/dns.cpp

@@ -51,6 +51,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata DNS::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(sizeof(dns_header))) {
+        throw malformed_packet();
+    }
+    return metadata(total_sz, pdu_flag, PDU::UNKNOWN);
+}
+
 DNS::DNS() 
 : header_(), answers_idx_(), authority_idx_(), additional_idx_() { 
 }

src/dot1q.cpp

@@ -39,6 +39,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata Dot1Q::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(dot1q_header))) {
+        throw malformed_packet();
+    }
+    return metadata(sizeof(dot1q_header), pdu_flag, PDU::UNKNOWN);
+}
+
 Dot1Q::Dot1Q(small_uint<12> tag_id, bool append_pad) 
 : header_(), append_padding_(append_pad) {
     id(tag_id);
@@ -123,11 +130,11 @@ void Dot1Q::write_serialization(uint8_t* buffer, uint32_t total_sz, const PDU *)
 }
 
 #if TINS_IS_LITTLE_ENDIAN
-    uint16_t Dot1Q::get_id(const dot1q_hdr* hdr) {
+    uint16_t Dot1Q::get_id(const dot1q_header* hdr) {
         return hdr->idL | (hdr->idH << 8);
     }
 #else
-    uint16_t Dot1Q::get_id(const dot1q_hdr* hdr) {
+    uint16_t Dot1Q::get_id(const dot1q_header* hdr) {
         return hdr->id;
     }
 #endif
@@ -140,7 +147,7 @@ bool Dot1Q::matches_response(const uint8_t* ptr, uint32_t total_sz) const {
     if (total_sz < sizeof(header_)) {
         return false;
     }
-    const dot1q_hdr* dot1q_ptr = (const dot1q_hdr*)ptr;
+    const dot1q_header* dot1q_ptr = (const dot1q_header*)ptr;
     if (get_id(dot1q_ptr) == get_id(&header_)) {
         ptr += sizeof(header_);
         total_sz -= sizeof(header_);

src/dot3.cpp

@@ -56,6 +56,13 @@ namespace Tins {
 
 const Dot3::address_type Dot3::BROADCAST("ff:ff:ff:ff:ff:ff");
 
+PDU::metadata Dot3::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(dot3_header))) {
+        throw malformed_packet();
+    }
+    return metadata(sizeof(dot3_header), pdu_flag, PDU::UNKNOWN);
+}
+
 Dot3::Dot3(const address_type& dst_hw_addr, const address_type& src_hw_addr)
 : header_() {
     this->dst_addr(dst_hw_addr);

src/eapol.cpp

@@ -46,6 +46,15 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata EAPOL::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(eapol_header))) {
+        throw malformed_packet();
+    }
+    const eapol_header* header = (const eapol_header*)buffer;
+    uint32_t advertised_size = Endian::be_to_host<uint16_t>(header->length) + 4;
+    return metadata(min(total_sz, advertised_size), pdu_flag, PDU::UNKNOWN);
+}
+
 EAPOL::EAPOL(uint8_t packet_type, EAPOLTYPE type) 
 : header_() {
     header_.version = 1;
@@ -59,7 +68,7 @@ EAPOL::EAPOL(const uint8_t* buffer, uint32_t total_sz) {
 }
 
 EAPOL* EAPOL::from_bytes(const uint8_t* buffer, uint32_t total_sz) {
-    if (total_sz < sizeof(eapol_header)) {
+    if (TINS_UNLIKELY(total_sz < sizeof(eapol_header))) {
         throw malformed_packet();
     }
     const eapol_header* ptr = (const eapol_header*)buffer;

src/ethernetII.cpp

@@ -61,6 +61,16 @@ namespace Tins {
 
 const EthernetII::address_type EthernetII::BROADCAST("ff:ff:ff:ff:ff:ff");
 
+PDU::metadata EthernetII::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(ethernet_header))) {
+        throw malformed_packet();
+    }
+    const ethernet_header* header = (const ethernet_header*)buffer;
+    PDUType next_type = Internals::ether_type_to_pdu_flag(
+        static_cast<Constants::Ethernet::e>(Endian::be_to_host(header->payload_type)));
+    return metadata(sizeof(ethernet_header), pdu_flag, next_type); 
+}
+
 EthernetII::EthernetII(const address_type& dst_hw_addr, 
                        const address_type& src_hw_addr) 
 : header_() {

src/icmp.cpp

@@ -46,6 +46,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata ICMP::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(icmp_header))) {
+        throw malformed_packet();
+    }
+    return metadata(sizeof(icmp_header), pdu_flag, PDU::UNKNOWN);
+}
+
 ICMP::ICMP(Flags flag) 
 : orig_timestamp_or_address_mask_(), recv_timestamp_(), trans_timestamp_() {
     memset(&header_, 0, sizeof(icmp_header));

src/internals.cpp

@@ -259,6 +259,26 @@ Constants::Ethernet::e pdu_flag_to_ether_type(PDU::PDUType flag) {
     }
 }
 
+PDU::PDUType ether_type_to_pdu_flag(Constants::Ethernet::e flag) {
+    switch (flag) {
+        case Constants::Ethernet::IP:
+            return PDU::IP;
+        case Constants::Ethernet::IPV6:
+            return PDU::IPv6;
+        case Constants::Ethernet::ARP:
+            return PDU::ARP;
+        case Constants::Ethernet::VLAN:
+            return PDU::DOT1Q;
+        case Constants::Ethernet::PPPOED:
+            return PDU::PPPOE;
+        //case PDU::RSNEAPOL
+        //case PDU::RC4EAPOL:
+        //    return Constants::Ethernet::EAPOL;
+        default:
+            return PDU::UNKNOWN;
+    }
+}
+
 Constants::IP::e pdu_flag_to_ip_type(PDU::PDUType flag) {
     switch(flag) {
         case PDU::IP:
@@ -327,6 +347,29 @@ void try_parse_icmp_extensions(InputMemoryStream& stream,
     }
 }
 
+PDU::PDUType ip_type_to_pdu_flag(Constants::IP::e flag) {
+    switch(flag) {
+        case Constants::IP::PROTO_IPIP:
+            return PDU::IP;
+        case Constants::IP::PROTO_IPV6:
+            return PDU::IPv6;
+        case Constants::IP::PROTO_TCP:
+            return PDU::TCP;
+        case Constants::IP::PROTO_UDP:
+            return PDU::UDP;
+        case Constants::IP::PROTO_ICMP:
+            return PDU::ICMP;
+        case Constants::IP::PROTO_ICMPV6:
+            return PDU::ICMPv6;
+        case Constants::IP::PROTO_AH:
+            return PDU::IPSEC_AH;
+        case Constants::IP::PROTO_ESP:
+            return PDU::IPSEC_ESP;
+        default:
+            return PDU::UNKNOWN;
+    };
+}
+
 bool increment(IPv4Address &addr) {
     uint32_t addr_int = Endian::be_to_host<uint32_t>(addr);
     bool reached_end = ++addr_int == 0xffffffff;

src/ip.cpp

@@ -59,6 +59,16 @@ namespace Tins {
 
 const uint8_t IP::DEFAULT_TTL = 128;
 
+PDU::metadata IP::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(ip_header))) {
+        throw malformed_packet();
+    }
+    const ip_header* header = (const ip_header*)buffer;
+    PDUType next_type = Internals::ip_type_to_pdu_flag(
+        static_cast<Constants::IP::e>(header->protocol));
+    return metadata(header->ihl * 4, pdu_flag, next_type);
+}
+
 IP::IP(address_type ip_dst, address_type ip_src) {
     init_ip_fields();
     this->dst_addr(ip_dst);

src/ipv6.cpp

@@ -51,6 +51,25 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata IPv6::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(ipv6_header))) {
+        throw malformed_packet();
+    }
+    InputMemoryStream stream(buffer, total_sz);
+    const ipv6_header* header = (const ipv6_header*)buffer;
+    uint32_t header_size = sizeof(ipv6_header);
+    uint8_t current_header = header->next_header;
+    stream.skip(sizeof(ipv6_header));
+    while (is_extension_header(current_header)) {
+        current_header = stream.read<uint8_t>();
+        const uint32_t ext_size = (static_cast<uint32_t>(stream.read<uint8_t>()) + 1) * 8;
+        const uint32_t payload_size = ext_size - sizeof(uint8_t) * 2;
+        header_size += ext_size;
+        stream.skip(payload_size);
+    }
+    return metadata(header_size, pdu_flag, PDU::UNKNOWN);
+}
+
 IPv6::IPv6(address_type ip_dst, address_type ip_src, PDU* child) 
 : header_(), headers_size_(0) {
     version(6);
@@ -70,7 +89,6 @@ IPv6::IPv6(const uint8_t* buffer, uint32_t total_sz)
             // minus one, from the next_header field.
             const uint32_t ext_size = (static_cast<uint32_t>(stream.read<uint8_t>()) + 1) * 8;
             const uint32_t payload_size = ext_size - sizeof(uint8_t) * 2;
-            // -1 -> next header identifier
             if (!stream.can_read(ext_size)) { 
                 throw malformed_packet();
             }

src/pdu.cpp

@@ -36,6 +36,18 @@ using std::vector;
 
 namespace Tins {
 
+PDU::metadata::metadata() 
+: header_size(0), current_pdu_type(PDU::UNKNOWN), next_pdu_type(PDU::UNKNOWN) {
+
+}
+        
+PDU::metadata::metadata(uint32_t header_size, PDUType current_type, PDUType next_type) 
+: header_size(header_size), current_pdu_type(current_type), next_pdu_type(next_type) {
+
+}
+
+// PDU
+
 PDU::PDU()
 : inner_pdu_() {
 

src/tcp.cpp

@@ -51,6 +51,14 @@ namespace Tins {
 
 const uint16_t TCP::DEFAULT_WINDOW = 32678;
 
+PDU::metadata TCP::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(tcp_header))) {
+        throw malformed_packet();
+    }
+    const tcp_header* header = (const tcp_header*)buffer;
+    return metadata(header->doff * 4, pdu_flag, PDU::UNKNOWN);
+}
+
 TCP::TCP(uint16_t dport, uint16_t sport) 
 : header_(), options_size_(0), total_options_size_(0) {
     this->dport(dport);

src/udp.cpp

@@ -43,6 +43,13 @@ using Tins::Memory::OutputMemoryStream;
 
 namespace Tins {
 
+PDU::metadata UDP::extract_metadata(const uint8_t *buffer, uint32_t total_sz) {
+    if (TINS_UNLIKELY(total_sz < sizeof(udp_header))) {
+        throw malformed_packet();
+    }
+    return metadata(sizeof(udp_header), pdu_flag, PDU::UNKNOWN);
+}
+
 UDP::UDP(uint16_t dport, uint16_t sport)
 : header_() {
     this->dport(dport);