Engee documentation

RITM-ETH-RAW RX

Receiving raw data over Ethernet and returning the data of the last received packet.

blockType: CFunction

ritm eth raw rx

Path in the library:

/RITM/RITM Raw Ethernet/RITM-ETH-RAW RX

Description

To work with the block, install/update the support package RITM blocks.

Block RITM-ETH-RAW RX used to receive raw data over Ethernet. Returns the data of the last received packet.

Ports

Output

# Size — number of bytes received
scalar

Details

Not more than the value of the Maximum message size parameters.

Data types

UInt32
Complex numbers support

No

# Data — array of received bytes
vector

Details
Data types

Float64.
Complex numbers support

No

# Time, s — time in seconds since the beginning of the UNIX era at which the packet was received
scalar

Details
Data types

Float64.
Complex numbers support

No

# Time, µs — fractional part of time
scalar

Details

The number of microseconds elapsed since the beginning of a second.

Data types

Float64.
Complex numbers support

No

Parameters

Main group

# Интерфейс Ethernet: — the Ethernet port that will be used to receive messages
Host-target | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9

Details

The port numbers are indicated on the case of the KPM "RITM".

Values

Host-target | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9
Default value

Host-target
Program usage name

m_eth_port
Tunable

No
Evaluatable

Yes

# Максимальный размер сообщения: — the maximum possible length of the received message

Details
Default value

1
Program usage name

m_max_rx_dataSize
Tunable

No
Evaluatable

Yes

# Неразборчивый режим — switching the port to promiscuous mode, in which the network card accepts all packets regardless of who they are addressed to.

Details
Default value

true (switched on)
Program usage name

m_promiscMode
Tunable

No
Evaluatable

Yes

# Использовать фильтр — flag that allows you to enable the received message filter

Details

For more information, see Message filter in the RITM-ETH-RAW RX block

Default value

true (switched on)
Program usage name

m_filterFlag
Tunable

No
Evaluatable

Yes

# Фильтр: — menu for setting filters for received packets

Details
Default value

"""ether src 00:2B:67:F9:4d:A1"""
Program usage name

m_filter
Tunable

No
Evaluatable

Yes

# Шаг расчёта, с: — calculation step for receiving Ethernet packets

Details

For each calculation step (in seconds), one packet is read from the operating system buffer. If there is more than one packet in the operating system buffer, then one next packet will be read at the next calculation step.

Default value

-1
Program usage name

m_smplT
Tunable

No
Evaluatable

Yes

Message filter in the RITM-ETH-RAW RX block

The PCAP library is used to receive packets. The Filter window of the RITM-ETH-RAW RX block is used to enter an expression that will be used to compile library filters.

A PCAP filter is a string consisting of a set of primitives. A set of primitives determines which packets will be received. The primitive contains an identifier and one or more qualifiers.

Three types of qualifiers are defined:

  • type — The qualifier defines the type of the name or ID number.

    Possible values: host (host), net (network), port (port) or portrange (range of ports). If there is no qualifier, the value is taken by default host.

  • dir — the qualifier determines the direction of information transfer relative to the object defined by the identifier.

    Possible values: src (sender), dst (recipient), src and dst (sender and receiver), src or dst (sender or recipient). By default — src or dst.

  • proto — qualifier determines compliance with a specific protocol.

    Possible values: ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.

For example:

**ether src 0A:0A:0A:0A:0A:0A** — захват сообщений от отправителя с MAC: **0A:0A:0A:0A:0A:0A**.

**dst net 192.168.56.0/24** — захват сообщений предназначенных для сети **192.168.56.0/24**.

**host 192.168.56.3** — захват сообщений предназначенных либо отправленных устройством с адресом **192.168.56.3**.

**ip icmp** — захват ICMP пакетов.

In addition to object identifiers and classifiers, filters can contain the keywords gateway, broadcast, multicast, less, greater, as well as arithmetic expressions. For example:

ip multicast — захват ip пакетов, содержащих адреса из класса D.
less 1000 — захват кадров, у которых размер менее 1000 байт.

Primitives can be composed using logical operations:

  • And — and (&);

  • NOT — not (!);

  • OR — or (||).

host foo and not port ftp and not port ftp-data

Conditions can be combined using brackets:

not (host ip1 or ip2)

Additional examples of expressions:

not (host 192.168.56.3 or 192.168.56.2) - Для отбрасывания пакетов, принадлежащих устройствам с ip  адресами 192.168.56.3 или 192.168.56.2.

host 192.168.0.1 or host 192.168.0.2 and tcp port 22 – Для захвата или любого трафика, принадлежащего хосту 192.168.0.1, или трафика протокола TCP и использующего порт 22, принадлежащего хосту 192.168.0.2.

(host 192.168.0.1 or host 192.168.0.2) and tcp port 22 – Для захвата трафика протокола TCP и использующего порт 22, принадлежащего хосту 192.168.0.1 или хосту 192.168.0.2 (любому из них, или обоим сразу).

ip host 192.168.56.2 and not 192.168.56.3 - Захват всех пакетов, идущих от или к 192.168.56.2, кроме пакетов от или к 192.168.56.3

More information about using filters can be obtained from official PCAP documentation.