Engee documentation

RITM-ETH-RAW RX

Receive raw data over Ethernet and return the data of the last received packet.

blockType: CFunction

ritm eth raw rx

Path in the library:

/RITM/RITM Raw Ethernet/RITM-ETH-RAW RX

Description

The RITM-ETH-RAW RX block is used to receive raw data over Ethernet. It returns the data of the last received packet.

Ports

Output

# Size — number of bytes received
scalar

Details

Not more than the value of the Maximum message size parameters.

Data types

UInt32
Complex numbers support

No

# Data — array of received bytes
vector

Details
Data types

Float64.
Complex numbers support

No

# Time, s — time in seconds since the beginning of the UNIX era at which the packet was received
scalar

Details
Data types

Float64.
Complex numbers support

No

# Time, µs — fractional part of time
scalar

Details

The number of microseconds elapsed since the beginning of a second.

Data types

Float64.
Complex numbers support

No

Parameters

Параметры

# Интерфейс Ethernet: — Ethernet port that will be used to receive messages
Host-target | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9

Details

The port numbers are indicated on the RITM housing.

Values

Host-target | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9
Default value

Host-target
Program usage name

m_eth_port
Tunable

No
Evaluatable

Yes

# Максимальный размер сообщения: — maximum possible length of the received message

Details
Default value

1
Program usage name

m_max_rx_dataSize
Tunable

No
Evaluatable

Yes

# Неразборчивый режим — Switching the port to promiscuous mode, in which the network card accepts all packets regardless of to whom they are addressed

Details
Default value

true (switched on)
Program usage name

m_promiscMode
Tunable

No
Evaluatable

Yes

# Использовать фильтр — flag to enable filtering of received messages

Details

For more details, see section Message filter in the RITM-ETH-RAW RX unit

Default value

true (switched on)
Program usage name

m_filterFlag
Tunable

No
Evaluatable

Yes

# Фильтр: — menu for configuring filters for received packets

Details
Default value

"ether src 00:2B:67:F9:4d:A1"
Program usage name

m_filter
Tunable

No
Evaluatable

Yes

# Шаг расчёта, с: — calculation step in seconds for receiving Ethernet packets

Details

For each calculation step, one packet is read from the operating system buffer. If there is more than one packet in the operating system buffer, one next packet will be read in the next calculation step.

Default value

-1
Program usage name

m_smplT
Tunable

No
Evaluatable

Yes

Message filter in the RITM-ETH-RAW RX unit

The PCAP library is used to receive packets. The Filter box of the RITM-ETH-RAW RX block is used to enter an expression that will be used to compile the library filters.

A PCAP filter is a string consisting of a set of primitives. The set of primitives determines which packets will be accepted. A primitive contains an identifier and one or more qualifiers.

Three types of qualifiers are defined:

  • type - the qualifier defines the type of the identifier name or number.

    Possible values are: host (host), net (network), port (port) or portrange (port range). In the absence of a qualifier, host is assumed by default.

  • dir - qualifier defines the direction of information transmission relative to the object defined by the identifier.

    Possible values: src (sender), dst (receiver), src and dst (sender and receiver), src or dst (sender or receiver). The value by default is src or dst.

  • proto - qualifier defines conformity to a certain protocol.

    Possible values: ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.

For example:

**ether src 0A:0A:0A:0A:0A:0A** — захват сообщений от отправителя с MAC: **0A:0A:0A:0A:0A:0A**.

**dst net 192.168.56.0/24** — захват сообщений предназначенных для сети **192.168.56.0/24**.

**host 192.168.56.3** — захват сообщений предназначенных либо отправленных устройством с адресом **192.168.56.3**.

**ip icmp** — захват ICMP пакетов.

In addition to object identifiers and qualifiers, filters can contain the keywords gateway, broadcast, multicast, less, greater, as well as arithmetic expressions. For example:

ip multicast — захват ip пакетов, содержащих адреса из класса D.
less 1000 — захват кадров, у которых размер менее 1000 байт.

Primitives can be composed using logical operations:

  • I - and (&);

  • NOT - not (!);

  • ILI - or (||).

host foo and not port ftp and not port ftp-data

Conditions can be combined using brackets:

not (host ip1 or ip2)

Additional example expressions:

not (host 192.168.56.3 or 192.168.56.2) - Для отбрасывания пакетов, принадлежащих устройствам с ip  адресами 192.168.56.3 или 192.168.56.2.

host 192.168.0.1 or host 192.168.0.2 and tcp port 22 – Для захвата или любого трафика, принадлежащего хосту 192.168.0.1, или трафика протокола TCP и использующего порт 22, принадлежащего хосту 192.168.0.2.

(host 192.168.0.1 or host 192.168.0.2) and tcp port 22 – Для захвата трафика протокола TCP и использующего порт 22, принадлежащего хосту 192.168.0.1 или хосту 192.168.0.2 (любому из них, или обоим сразу).

ip host 192.168.56.2 and not 192.168.56.3 - Захват всех пакетов, идущих от или к 192.168.56.2, кроме пакетов от или к 192.168.56.3

For more information on filter usage, see official PCAP documentation.