PcapFileEx.Packet (pcap_file_ex v0.5.5)
View SourceRepresents a captured network packet.
Summary
Functions
Attaches the decoded payload (when available) to the packet's decoded map.
Decodes the HTTP payload into a structured representation.
Same as decode_http/1 but raises on error.
Attempts to decode the payload using the registered application decoders.
Convenience variant of decode_registered/1 that returns the decoded value or nil.
Raises on decoder errors.
Formats an endpoint as "ip:port" (or just ip when the port is absent).
Creates a Packet struct from a map returned by the NIF.
Extracts the HTTP payload (if any) from the packet.
Returns the list of protocols that may appear in packet.protocols.
Convenience wrapper around :pkt.decode/2 that uses the packet's link type.
Same as pkt_decode/1 but returns the decoded value directly or raises on error.
Returns the suggested :pkt protocol atom for the packet's link type.
Converts a Packet struct to a map for passing to NIFs.
Extracts the UDP payload from the packet.
Types
@type t() :: %PcapFileEx.Packet{ data: binary(), datalink: String.t() | nil, decoded: %{optional(atom()) => term()}, dst: PcapFileEx.Endpoint.t() | nil, interface: PcapFileEx.Interface.t() | nil, interface_id: non_neg_integer() | nil, layers: [layer()] | nil, orig_len: non_neg_integer(), payload: binary() | nil, protocol: atom() | nil, protocols: [atom()], src: PcapFileEx.Endpoint.t() | nil, timestamp: DateTime.t(), timestamp_precise: PcapFileEx.Timestamp.t(), timestamp_resolution: PcapFileEx.Interface.timestamp_resolution() | nil }
Functions
Attaches the decoded payload (when available) to the packet's decoded map.
Supports both bare packets and tagged tuples from safe streams.
@spec decode_http(t()) :: {:ok, PcapFileEx.HTTP.t()} | {:error, atom() | tuple()}
Decodes the HTTP payload into a structured representation.
@spec decode_http!(t()) :: PcapFileEx.HTTP.t()
Same as decode_http/1 but raises on error.
Attempts to decode the payload using the registered application decoders.
Returns {:ok, {protocol, decoded}} when a decoder matches, :no_match when
none do, or {:error, reason} if the decoder raises or returns an error tuple.
Convenience variant of decode_registered/1 that returns the decoded value or nil.
Raises on decoder errors.
@spec endpoint_to_string(PcapFileEx.Endpoint.t() | nil) :: String.t() | nil
Formats an endpoint as "ip:port" (or just ip when the port is absent).
Creates a Packet struct from a map returned by the NIF.
Options
:hosts_map- A map of IP addresses to hostnames for resolving endpoint hosts. SeePcapFileEx.Endpoint.hosts_map/0for details.
Examples
# Without hosts mapping
packet = Packet.from_map(nif_map)
# With hosts mapping
hosts = %{"192.168.1.1" => "server", "10.0.0.1" => "client"}
packet = Packet.from_map(nif_map, hosts_map: hosts)
# packet.src.host and packet.dst.host will be resolved if IPs matchExtracts the HTTP payload (if any) from the packet.
@spec known_protocols() :: [atom()]
Returns the list of protocols that may appear in packet.protocols.
Convenience wrapper around :pkt.decode/2 that uses the packet's link type.
Same as pkt_decode/1 but returns the decoded value directly or raises on error.
Returns the suggested :pkt protocol atom for the packet's link type.
Converts a Packet struct to a map for passing to NIFs.
Note: Only includes the core fields needed for writing packets. Protocol decoding fields (protocols, src, dst, layers, etc.) are not included as they are derived during reading.
Extracts the UDP payload from the packet.