Engee documentation

RITM-ETH-RAW RX

Receiving raw data over Ethernet and returning the data of the last received packet.

blockType: CFunction

ritm eth raw rx

Path in the library:

/RITM/RITM Raw Ethernet/RITM-ETH-RAW RX

Description

To work with the block, install/update the support package RITM blocks.

Block RITM-ETH-RAW RX used to receive raw data over Ethernet. Returns the data of the last received packet.

Ports

Output

# Size — number of bytes received
scalar

Details

Not more than the value of the Maximum message size parameters.

Data types

UInt32
Complex numbers support

No

# Data — array of received bytes
vector

Details
Data types

Float64.
Complex numbers support

No

# Time, s — time in seconds since the beginning of the UNIX era at which the packet was received
scalar

Details
Data types

Float64.
Complex numbers support

No

# Time, µs — fractional part of time
scalar

Details

The number of microseconds elapsed since the beginning of a second.

Data types

Float64.
Complex numbers support

No

Parameters

Параметры

# Интерфейс Ethernet: — Ethernet port that will be used to receive messages
Host-target | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9

Details

The port numbers are indicated on the RITM housing.

Values

Host-target | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9
Default value

Host-target
Program usage name

m_eth_port
Tunable

No
Evaluatable

Yes

# Максимальный размер сообщения: — maximum possible length of the received message

Details
Default value

1
Program usage name

m_max_rx_dataSize
Tunable

No
Evaluatable

Yes

# Неразборчивый режим — Switching the port to promiscuous mode, in which the network card accepts all packets regardless of to whom they are addressed

Details
Default value

true (switched on)
Program usage name

m_promiscMode
Tunable

No
Evaluatable

Yes

# Использовать фильтр — flag to enable filtering of received messages

Details

For more details, see section Message filter in the RITM-ETH-RAW RX block

Default value

true (switched on)
Program usage name

m_filterFlag
Tunable

No
Evaluatable

Yes

# Фильтр: — menu for configuring filters for received packets

Details
Default value

"ether src 00:2B:67:F9:4d:A1"
Program usage name

m_filter
Tunable

No
Evaluatable

Yes

# Шаг расчёта, с: — calculation step in seconds for receiving Ethernet packets

Details

For each calculation step, one packet is read from the operating system buffer. If there is more than one packet in the operating system buffer, one next packet will be read in the next calculation step.

Default value

-1
Program usage name

m_smplT
Tunable

No
Evaluatable

Yes

Message filter in the RITM-ETH-RAW RX block

The PCAP library is used to receive packets. The Filter window of the RITM-ETH-RAW RX block is used to enter an expression that will be used to compile library filters.

A PCAP filter is a string consisting of a set of primitives. A set of primitives determines which packets will be received. The primitive contains an identifier and one or more qualifiers.

Three types of qualifiers are defined:

  • type — The qualifier defines the type of the name or ID number.

    Possible values are 'host', `net', `port', or `portrange'. If there is no qualifier, the value `host' is accepted by default.

  • dir — the qualifier determines the direction of information transfer relative to the object defined by the identifier.

    Possible values: src (sender), dst' (recipient), `src and dst (sender and recipient), src or dst (sender or recipient). The by default value is `src or dst'.

  • proto — the qualifier determines compliance with a specific protocol.

    Possible values are 'ether', fddi', `ip', `arp', `rarp', `decnet, lat', `sca, moprc', `mopdl', `tcp and `udp'.

For example:

**ether src 0A:0A:0A:0A:0A:0A** — capture messages from sender from MAC: **0A:0A:0A:0A:0A:0A**.

**dst net 192.168.56.0/24** — capturing messages intended for the network **192.168.56.0/24** .

**host 192.168.56.3** — capture messages intended or sent by a device with the address **192.168.56.3** .

**ip icmp** — capture ICMP packets.

In addition to object identifiers and classifiers, filters can contain the keywords gateway, broadcast, multicast, less, greater, as well as arithmetic expressions. For example:

ip multicast — captures ip packets containing addresses from Class D.
less than 1000 — captures frames that are less than 1000 bytes in size.

Primitives can be composed using logical operations:

  • And — and (&);

  • NOT — not (!);

  • OR — or (||).

host foo and not port ftp and not port ftp-data

Conditions can be combined using brackets:

not (host ip1 or ip2)

Additional examples of expressions:

not (host 192.168.56.3 or 192.168.56.2) - To discard packets belonging to devices with ip addresses 192.168.56.3 or 192.168.56.2.

host 192.168.0.1 or host 192.168.0.2 and tcp port 22 – To capture either any traffic belonging to host 192.168.0.1 or TCP protocol traffic using port 22 belonging to host 192.168.0.2.

(host 192.168.0.1 or host 192.168.0.2) and tcp port 22 – For capturing TCP protocol traffic and using port 22 belonging to host 192.168.0.1 or host 192.168.0.2 (either of them, or both at once).

ip host 192.168.56.2 and not 192.168.56.3 - Capture of all packets going from or to 192.168.56.2, except packets from or to 192.168.56.3

More information about using filters can be obtained from official PCAP documentation.