| 1 | /* $NetBSD: pcap.h,v 1.8 2018/09/03 15:26:44 christos Exp $ */ |
|---|---|
| 2 | |
| 3 | /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ |
| 4 | /* |
| 5 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 |
| 6 | * The Regents of the University of California. All rights reserved. |
| 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions |
| 10 | * are met: |
| 11 | * 1. Redistributions of source code must retain the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer. |
| 13 | * 2. Redistributions in binary form must reproduce the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer in the |
| 15 | * documentation and/or other materials provided with the distribution. |
| 16 | * 3. All advertising materials mentioning features or use of this software |
| 17 | * must display the following acknowledgement: |
| 18 | * This product includes software developed by the Computer Systems |
| 19 | * Engineering Group at Lawrence Berkeley Laboratory. |
| 20 | * 4. Neither the name of the University nor of the Laboratory may be used |
| 21 | * to endorse or promote products derived from this software without |
| 22 | * specific prior written permission. |
| 23 | * |
| 24 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 25 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 28 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 29 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 30 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 31 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 32 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 33 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 34 | * SUCH DAMAGE. |
| 35 | */ |
| 36 | |
| 37 | /* |
| 38 | * Remote packet capture mechanisms and extensions from WinPcap: |
| 39 | * |
| 40 | * Copyright (c) 2002 - 2003 |
| 41 | * NetGroup, Politecnico di Torino (Italy) |
| 42 | * All rights reserved. |
| 43 | * |
| 44 | * Redistribution and use in source and binary forms, with or without |
| 45 | * modification, are permitted provided that the following conditions |
| 46 | * are met: |
| 47 | * |
| 48 | * 1. Redistributions of source code must retain the above copyright |
| 49 | * notice, this list of conditions and the following disclaimer. |
| 50 | * 2. Redistributions in binary form must reproduce the above copyright |
| 51 | * notice, this list of conditions and the following disclaimer in the |
| 52 | * documentation and/or other materials provided with the distribution. |
| 53 | * 3. Neither the name of the Politecnico di Torino nor the names of its |
| 54 | * contributors may be used to endorse or promote products derived from |
| 55 | * this software without specific prior written permission. |
| 56 | * |
| 57 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 58 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 59 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 60 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 61 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 62 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 63 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 64 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 65 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 66 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 67 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 68 | * |
| 69 | */ |
| 70 | |
| 71 | #ifndef lib_pcap_pcap_h |
| 72 | #define lib_pcap_pcap_h |
| 73 | |
| 74 | #include <pcap/funcattrs.h> |
| 75 | |
| 76 | #include <pcap/pcap-inttypes.h> |
| 77 | |
| 78 | #if defined(_WIN32) |
| 79 | #include <winsock2.h> /* u_int, u_char etc. */ |
| 80 | #include <io.h> /* _get_osfhandle() */ |
| 81 | #elif defined(MSDOS) |
| 82 | #include <sys/types.h> /* u_int, u_char etc. */ |
| 83 | #include <sys/socket.h> |
| 84 | #else /* UN*X */ |
| 85 | #include <sys/types.h> /* u_int, u_char etc. */ |
| 86 | #include <sys/time.h> |
| 87 | #endif /* _WIN32/MSDOS/UN*X */ |
| 88 | |
| 89 | #ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H |
| 90 | #include <pcap/bpf.h> |
| 91 | #else |
| 92 | #include <net/bpf.h> |
| 93 | #endif |
| 94 | |
| 95 | #include <stdio.h> |
| 96 | |
| 97 | #ifdef __cplusplus |
| 98 | extern "C"{ |
| 99 | #endif |
| 100 | |
| 101 | /* |
| 102 | * Version number of the current version of the pcap file format. |
| 103 | * |
| 104 | * NOTE: this is *NOT* the version number of the libpcap library. |
| 105 | * To fetch the version information for the version of libpcap |
| 106 | * you're using, use pcap_lib_version(). |
| 107 | */ |
| 108 | #define PCAP_VERSION_MAJOR 2 |
| 109 | #define PCAP_VERSION_MINOR 4 |
| 110 | |
| 111 | #define PCAP_ERRBUF_SIZE 256 |
| 112 | |
| 113 | /* |
| 114 | * Compatibility for systems that have a bpf.h that |
| 115 | * predates the bpf typedefs for 64-bit support. |
| 116 | */ |
| 117 | #if BPF_RELEASE - 0 < 199406 |
| 118 | typedef int bpf_int32; |
| 119 | typedef u_int bpf_u_int32; |
| 120 | #endif |
| 121 | |
| 122 | typedef struct pcap pcap_t; |
| 123 | typedef struct pcap_dumper pcap_dumper_t; |
| 124 | typedef struct pcap_if pcap_if_t; |
| 125 | typedef struct pcap_addr pcap_addr_t; |
| 126 | |
| 127 | /* |
| 128 | * The first record in the file contains saved values for some |
| 129 | * of the flags used in the printout phases of tcpdump. |
| 130 | * Many fields here are 32 bit ints so compilers won't insert unwanted |
| 131 | * padding; these files need to be interchangeable across architectures. |
| 132 | * |
| 133 | * Do not change the layout of this structure, in any way (this includes |
| 134 | * changes that only affect the length of fields in this structure). |
| 135 | * |
| 136 | * Also, do not change the interpretation of any of the members of this |
| 137 | * structure, in any way (this includes using values other than |
| 138 | * LINKTYPE_ values, as defined in "savefile.c", in the "linktype" |
| 139 | * field). |
| 140 | * |
| 141 | * Instead: |
| 142 | * |
| 143 | * introduce a new structure for the new format, if the layout |
| 144 | * of the structure changed; |
| 145 | * |
| 146 | * send mail to "tcpdump-workers@lists.tcpdump.org", requesting |
| 147 | * a new magic number for your new capture file format, and, when |
| 148 | * you get the new magic number, put it in "savefile.c"; |
| 149 | * |
| 150 | * use that magic number for save files with the changed file |
| 151 | * header; |
| 152 | * |
| 153 | * make the code in "savefile.c" capable of reading files with |
| 154 | * the old file header as well as files with the new file header |
| 155 | * (using the magic number to determine the header format). |
| 156 | * |
| 157 | * Then supply the changes by forking the branch at |
| 158 | * |
| 159 | * https://github.com/the-tcpdump-group/libpcap/issues |
| 160 | * |
| 161 | * and issuing a pull request, so that future versions of libpcap and |
| 162 | * programs that use it (such as tcpdump) will be able to read your new |
| 163 | * capture file format. |
| 164 | */ |
| 165 | struct pcap_file_header { |
| 166 | bpf_u_int32 magic; |
| 167 | u_short version_major; |
| 168 | u_short version_minor; |
| 169 | bpf_int32 thiszone; /* gmt to local correction */ |
| 170 | bpf_u_int32 sigfigs; /* accuracy of timestamps */ |
| 171 | bpf_u_int32 snaplen; /* max length saved portion of each pkt */ |
| 172 | bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ |
| 173 | }; |
| 174 | |
| 175 | /* |
| 176 | * Macros for the value returned by pcap_datalink_ext(). |
| 177 | * |
| 178 | * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro |
| 179 | * gives the FCS length of packets in the capture. |
| 180 | */ |
| 181 | #define LT_FCS_LENGTH_PRESENT(x) ((x) & 0x04000000) |
| 182 | #define LT_FCS_LENGTH(x) (((x) & 0xF0000000) >> 28) |
| 183 | #define LT_FCS_DATALINK_EXT(x) ((((x) & 0xF) << 28) | 0x04000000) |
| 184 | |
| 185 | typedef enum { |
| 186 | PCAP_D_INOUT = 0, |
| 187 | PCAP_D_IN, |
| 188 | PCAP_D_OUT |
| 189 | } pcap_direction_t; |
| 190 | |
| 191 | /* |
| 192 | * Generic per-packet information, as supplied by libpcap. |
| 193 | * |
| 194 | * The time stamp can and should be a "struct timeval", regardless of |
| 195 | * whether your system supports 32-bit tv_sec in "struct timeval", |
| 196 | * 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit |
| 197 | * and 64-bit applications. The on-disk format of savefiles uses 32-bit |
| 198 | * tv_sec (and tv_usec); this structure is irrelevant to that. 32-bit |
| 199 | * and 64-bit versions of libpcap, even if they're on the same platform, |
| 200 | * should supply the appropriate version of "struct timeval", even if |
| 201 | * that's not what the underlying packet capture mechanism supplies. |
| 202 | */ |
| 203 | struct pcap_pkthdr { |
| 204 | struct timeval ts; /* time stamp */ |
| 205 | bpf_u_int32 caplen; /* length of portion present */ |
| 206 | bpf_u_int32 len; /* length this packet (off wire) */ |
| 207 | }; |
| 208 | |
| 209 | /* |
| 210 | * As returned by the pcap_stats() |
| 211 | */ |
| 212 | struct pcap_stat { |
| 213 | u_int ps_recv; /* number of packets received */ |
| 214 | u_int ps_drop; /* number of packets dropped */ |
| 215 | u_int ps_ifdrop; /* drops by interface -- only supported on some platforms */ |
| 216 | #ifdef _WIN32 |
| 217 | u_int ps_capt; /* number of packets that reach the application */ |
| 218 | u_int ps_sent; /* number of packets sent by the server on the network */ |
| 219 | u_int ps_netdrop; /* number of packets lost on the network */ |
| 220 | #endif /* _WIN32 */ |
| 221 | }; |
| 222 | |
| 223 | #ifdef MSDOS |
| 224 | /* |
| 225 | * As returned by the pcap_stats_ex() |
| 226 | */ |
| 227 | struct pcap_stat_ex { |
| 228 | u_long rx_packets; /* total packets received */ |
| 229 | u_long tx_packets; /* total packets transmitted */ |
| 230 | u_long rx_bytes; /* total bytes received */ |
| 231 | u_long tx_bytes; /* total bytes transmitted */ |
| 232 | u_long rx_errors; /* bad packets received */ |
| 233 | u_long tx_errors; /* packet transmit problems */ |
| 234 | u_long rx_dropped; /* no space in Rx buffers */ |
| 235 | u_long tx_dropped; /* no space available for Tx */ |
| 236 | u_long multicast; /* multicast packets received */ |
| 237 | u_long collisions; |
| 238 | |
| 239 | /* detailed rx_errors: */ |
| 240 | u_long rx_length_errors; |
| 241 | u_long rx_over_errors; /* receiver ring buff overflow */ |
| 242 | u_long rx_crc_errors; /* recv'd pkt with crc error */ |
| 243 | u_long rx_frame_errors; /* recv'd frame alignment error */ |
| 244 | u_long rx_fifo_errors; /* recv'r fifo overrun */ |
| 245 | u_long rx_missed_errors; /* recv'r missed packet */ |
| 246 | |
| 247 | /* detailed tx_errors */ |
| 248 | u_long tx_aborted_errors; |
| 249 | u_long tx_carrier_errors; |
| 250 | u_long tx_fifo_errors; |
| 251 | u_long tx_heartbeat_errors; |
| 252 | u_long tx_window_errors; |
| 253 | }; |
| 254 | #endif |
| 255 | |
| 256 | /* |
| 257 | * Item in a list of interfaces. |
| 258 | */ |
| 259 | struct pcap_if { |
| 260 | struct pcap_if *next; |
| 261 | char *name; /* name to hand to "pcap_open_live()" */ |
| 262 | char *description; /* textual description of interface, or NULL */ |
| 263 | struct pcap_addr *addresses; |
| 264 | bpf_u_int32 flags; /* PCAP_IF_ interface flags */ |
| 265 | }; |
| 266 | |
| 267 | #define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */ |
| 268 | #define PCAP_IF_UP 0x00000002 /* interface is up */ |
| 269 | #define PCAP_IF_RUNNING 0x00000004 /* interface is running */ |
| 270 | #define PCAP_IF_WIRELESS 0x00000008 /* interface is wireless (*NOT* necessarily Wi-Fi!) */ |
| 271 | #define PCAP_IF_CONNECTION_STATUS 0x00000030 /* connection status: */ |
| 272 | #define PCAP_IF_CONNECTION_STATUS_UNKNOWN 0x00000000 /* unknown */ |
| 273 | #define PCAP_IF_CONNECTION_STATUS_CONNECTED 0x00000010 /* connected */ |
| 274 | #define PCAP_IF_CONNECTION_STATUS_DISCONNECTED 0x00000020 /* disconnected */ |
| 275 | #define PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE 0x00000030 /* not applicable */ |
| 276 | |
| 277 | /* |
| 278 | * Representation of an interface address. |
| 279 | */ |
| 280 | struct pcap_addr { |
| 281 | struct pcap_addr *next; |
| 282 | struct sockaddr *addr; /* address */ |
| 283 | struct sockaddr *netmask; /* netmask for that address */ |
| 284 | struct sockaddr *broadaddr; /* broadcast address for that address */ |
| 285 | struct sockaddr *dstaddr; /* P2P destination address for that address */ |
| 286 | }; |
| 287 | |
| 288 | typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, |
| 289 | const u_char *); |
| 290 | |
| 291 | /* |
| 292 | * Error codes for the pcap API. |
| 293 | * These will all be negative, so you can check for the success or |
| 294 | * failure of a call that returns these codes by checking for a |
| 295 | * negative value. |
| 296 | */ |
| 297 | #define PCAP_ERROR -1 /* generic error code */ |
| 298 | #define PCAP_ERROR_BREAK -2 /* loop terminated by pcap_breakloop */ |
| 299 | #define PCAP_ERROR_NOT_ACTIVATED -3 /* the capture needs to be activated */ |
| 300 | #define PCAP_ERROR_ACTIVATED -4 /* the operation can't be performed on already activated captures */ |
| 301 | #define PCAP_ERROR_NO_SUCH_DEVICE -5 /* no such device exists */ |
| 302 | #define PCAP_ERROR_RFMON_NOTSUP -6 /* this device doesn't support rfmon (monitor) mode */ |
| 303 | #define PCAP_ERROR_NOT_RFMON -7 /* operation supported only in monitor mode */ |
| 304 | #define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */ |
| 305 | #define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */ |
| 306 | #define PCAP_ERROR_CANTSET_TSTAMP_TYPE -10 /* this device doesn't support setting the time stamp type */ |
| 307 | #define PCAP_ERROR_PROMISC_PERM_DENIED -11 /* you don't have permission to capture in promiscuous mode */ |
| 308 | #define PCAP_ERROR_TSTAMP_PRECISION_NOTSUP -12 /* the requested time stamp precision is not supported */ |
| 309 | |
| 310 | /* |
| 311 | * Warning codes for the pcap API. |
| 312 | * These will all be positive and non-zero, so they won't look like |
| 313 | * errors. |
| 314 | */ |
| 315 | #define PCAP_WARNING 1 /* generic warning code */ |
| 316 | #define PCAP_WARNING_PROMISC_NOTSUP 2 /* this device doesn't support promiscuous mode */ |
| 317 | #define PCAP_WARNING_TSTAMP_TYPE_NOTSUP 3 /* the requested time stamp type is not supported */ |
| 318 | |
| 319 | /* |
| 320 | * Value to pass to pcap_compile() as the netmask if you don't know what |
| 321 | * the netmask is. |
| 322 | */ |
| 323 | #define PCAP_NETMASK_UNKNOWN 0xffffffff |
| 324 | |
| 325 | /* |
| 326 | * We're deprecating pcap_lookupdev() for various reasons (not |
| 327 | * thread-safe, can behave weirdly with WinPcap). Callers |
| 328 | * should use pcap_findalldevs() and use the first device. |
| 329 | */ |
| 330 | PCAP_API char *pcap_lookupdev(char *) |
| 331 | PCAP_DEPRECATED(pcap_lookupdev, "use 'pcap_findalldevs' and use the first device"); |
| 332 | |
| 333 | PCAP_API int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *); |
| 334 | |
| 335 | PCAP_API pcap_t *pcap_create(const char *, char *); |
| 336 | PCAP_API int pcap_set_snaplen(pcap_t *, int); |
| 337 | PCAP_API int pcap_set_promisc(pcap_t *, int); |
| 338 | PCAP_API int pcap_can_set_rfmon(pcap_t *); |
| 339 | PCAP_API int pcap_set_rfmon(pcap_t *, int); |
| 340 | PCAP_API int pcap_set_timeout(pcap_t *, int); |
| 341 | PCAP_API int pcap_set_tstamp_type(pcap_t *, int); |
| 342 | PCAP_API int pcap_set_immediate_mode(pcap_t *, int); |
| 343 | PCAP_API int pcap_set_buffer_size(pcap_t *, int); |
| 344 | PCAP_API int pcap_set_tstamp_precision(pcap_t *, int); |
| 345 | PCAP_API int pcap_get_tstamp_precision(pcap_t *); |
| 346 | PCAP_API int pcap_activate(pcap_t *); |
| 347 | |
| 348 | PCAP_API int pcap_list_tstamp_types(pcap_t *, int **); |
| 349 | PCAP_API void pcap_free_tstamp_types(int *); |
| 350 | PCAP_API int pcap_tstamp_type_name_to_val(const char *); |
| 351 | PCAP_API const char *pcap_tstamp_type_val_to_name(int); |
| 352 | PCAP_API const char *pcap_tstamp_type_val_to_description(int); |
| 353 | |
| 354 | #ifdef __linux__ |
| 355 | PCAP_API int pcap_set_protocol_linux(pcap_t *, int); |
| 356 | #endif |
| 357 | |
| 358 | /* |
| 359 | * Time stamp types. |
| 360 | * Not all systems and interfaces will necessarily support all of these. |
| 361 | * |
| 362 | * A system that supports PCAP_TSTAMP_HOST is offering time stamps |
| 363 | * provided by the host machine, rather than by the capture device, |
| 364 | * but not committing to any characteristics of the time stamp; |
| 365 | * it will not offer any of the PCAP_TSTAMP_HOST_ subtypes. |
| 366 | * |
| 367 | * PCAP_TSTAMP_HOST_LOWPREC is a time stamp, provided by the host machine, |
| 368 | * that's low-precision but relatively cheap to fetch; it's normally done |
| 369 | * using the system clock, so it's normally synchronized with times you'd |
| 370 | * fetch from system calls. |
| 371 | * |
| 372 | * PCAP_TSTAMP_HOST_HIPREC is a time stamp, provided by the host machine, |
| 373 | * that's high-precision; it might be more expensive to fetch. It might |
| 374 | * or might not be synchronized with the system clock, and might have |
| 375 | * problems with time stamps for packets received on different CPUs, |
| 376 | * depending on the platform. |
| 377 | * |
| 378 | * PCAP_TSTAMP_ADAPTER is a high-precision time stamp supplied by the |
| 379 | * capture device; it's synchronized with the system clock. |
| 380 | * |
| 381 | * PCAP_TSTAMP_ADAPTER_UNSYNCED is a high-precision time stamp supplied by |
| 382 | * the capture device; it's not synchronized with the system clock. |
| 383 | * |
| 384 | * Note that time stamps synchronized with the system clock can go |
| 385 | * backwards, as the system clock can go backwards. If a clock is |
| 386 | * not in sync with the system clock, that could be because the |
| 387 | * system clock isn't keeping accurate time, because the other |
| 388 | * clock isn't keeping accurate time, or both. |
| 389 | * |
| 390 | * Note that host-provided time stamps generally correspond to the |
| 391 | * time when the time-stamping code sees the packet; this could |
| 392 | * be some unknown amount of time after the first or last bit of |
| 393 | * the packet is received by the network adapter, due to batching |
| 394 | * of interrupts for packet arrival, queueing delays, etc.. |
| 395 | */ |
| 396 | #define PCAP_TSTAMP_HOST 0 /* host-provided, unknown characteristics */ |
| 397 | #define PCAP_TSTAMP_HOST_LOWPREC 1 /* host-provided, low precision */ |
| 398 | #define PCAP_TSTAMP_HOST_HIPREC 2 /* host-provided, high precision */ |
| 399 | #define PCAP_TSTAMP_ADAPTER 3 /* device-provided, synced with the system clock */ |
| 400 | #define PCAP_TSTAMP_ADAPTER_UNSYNCED 4 /* device-provided, not synced with the system clock */ |
| 401 | |
| 402 | /* |
| 403 | * Time stamp resolution types. |
| 404 | * Not all systems and interfaces will necessarily support all of these |
| 405 | * resolutions when doing live captures; all of them can be requested |
| 406 | * when reading a savefile. |
| 407 | */ |
| 408 | #define PCAP_TSTAMP_PRECISION_MICRO 0 /* use timestamps with microsecond precision, default */ |
| 409 | #define PCAP_TSTAMP_PRECISION_NANO 1 /* use timestamps with nanosecond precision */ |
| 410 | |
| 411 | PCAP_API pcap_t *pcap_open_live(const char *, int, int, int, char *); |
| 412 | PCAP_API pcap_t *pcap_open_dead(int, int); |
| 413 | PCAP_API pcap_t *pcap_open_dead_with_tstamp_precision(int, int, u_int); |
| 414 | PCAP_API pcap_t *pcap_open_offline_with_tstamp_precision(const char *, u_int, char *); |
| 415 | PCAP_API pcap_t *pcap_open_offline(const char *, char *); |
| 416 | #ifdef _WIN32 |
| 417 | PCAP_API pcap_t *pcap_hopen_offline_with_tstamp_precision(intptr_t, u_int, char *); |
| 418 | PCAP_API pcap_t *pcap_hopen_offline(intptr_t, char *); |
| 419 | /* |
| 420 | * If we're building libpcap, these are internal routines in savefile.c, |
| 421 | * so we must not define them as macros. |
| 422 | * |
| 423 | * If we're not building libpcap, given that the version of the C runtime |
| 424 | * with which libpcap was built might be different from the version |
| 425 | * of the C runtime with which an application using libpcap was built, |
| 426 | * and that a FILE structure may differ between the two versions of the |
| 427 | * C runtime, calls to _fileno() must use the version of _fileno() in |
| 428 | * the C runtime used to open the FILE *, not the version in the C |
| 429 | * runtime with which libpcap was built. (Maybe once the Universal CRT |
| 430 | * rules the world, this will cease to be a problem.) |
| 431 | */ |
| 432 | #ifndef BUILDING_PCAP |
| 433 | #define pcap_fopen_offline_with_tstamp_precision(f,p,b) \ |
| 434 | pcap_hopen_offline_with_tstamp_precision(_get_osfhandle(_fileno(f)), p, b) |
| 435 | #define pcap_fopen_offline(f,b) \ |
| 436 | pcap_hopen_offline(_get_osfhandle(_fileno(f)), b) |
| 437 | #endif |
| 438 | #else /*_WIN32*/ |
| 439 | PCAP_API pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *); |
| 440 | PCAP_API pcap_t *pcap_fopen_offline(FILE *, char *); |
| 441 | #endif /*_WIN32*/ |
| 442 | |
| 443 | PCAP_API void pcap_close(pcap_t *); |
| 444 | PCAP_API int pcap_loop(pcap_t *, int, pcap_handler, u_char *); |
| 445 | PCAP_API int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *); |
| 446 | PCAP_API const u_char *pcap_next(pcap_t *, struct pcap_pkthdr *); |
| 447 | PCAP_API int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **); |
| 448 | PCAP_API void pcap_breakloop(pcap_t *); |
| 449 | PCAP_API int pcap_stats(pcap_t *, struct pcap_stat *); |
| 450 | PCAP_API int pcap_setfilter(pcap_t *, struct bpf_program *); |
| 451 | PCAP_API int pcap_setdirection(pcap_t *, pcap_direction_t); |
| 452 | PCAP_API int pcap_getnonblock(pcap_t *, char *); |
| 453 | PCAP_API int pcap_setnonblock(pcap_t *, int, char *); |
| 454 | PCAP_API int pcap_inject(pcap_t *, const void *, size_t); |
| 455 | PCAP_API int pcap_sendpacket(pcap_t *, const u_char *, int); |
| 456 | PCAP_API const char *pcap_statustostr(int); |
| 457 | PCAP_API const char *pcap_strerror(int); |
| 458 | PCAP_API char *pcap_geterr(pcap_t *); |
| 459 | PCAP_API void pcap_perror(pcap_t *, const char *); |
| 460 | PCAP_API int pcap_compile(pcap_t *, struct bpf_program *, const char *, int, |
| 461 | bpf_u_int32); |
| 462 | PCAP_API int pcap_compile_nopcap(int, int, struct bpf_program *, |
| 463 | const char *, int, bpf_u_int32); |
| 464 | PCAP_API void pcap_freecode(struct bpf_program *); |
| 465 | PCAP_API int pcap_offline_filter(const struct bpf_program *, |
| 466 | const struct pcap_pkthdr *, const u_char *); |
| 467 | PCAP_API int pcap_datalink(pcap_t *); |
| 468 | PCAP_API int pcap_datalink_ext(pcap_t *); |
| 469 | PCAP_API int pcap_list_datalinks(pcap_t *, int **); |
| 470 | PCAP_API int pcap_set_datalink(pcap_t *, int); |
| 471 | PCAP_API void pcap_free_datalinks(int *); |
| 472 | PCAP_API int pcap_datalink_name_to_val(const char *); |
| 473 | PCAP_API const char *pcap_datalink_val_to_name(int); |
| 474 | PCAP_API const char *pcap_datalink_val_to_description(int); |
| 475 | PCAP_API int pcap_snapshot(pcap_t *); |
| 476 | PCAP_API int pcap_is_swapped(pcap_t *); |
| 477 | PCAP_API int pcap_major_version(pcap_t *); |
| 478 | PCAP_API int pcap_minor_version(pcap_t *); |
| 479 | PCAP_API int pcap_bufsize(pcap_t *); |
| 480 | |
| 481 | /* XXX */ |
| 482 | PCAP_API FILE *pcap_file(pcap_t *); |
| 483 | PCAP_API int pcap_fileno(pcap_t *); |
| 484 | |
| 485 | #ifdef _WIN32 |
| 486 | PCAP_API int pcap_wsockinit(void); |
| 487 | #endif |
| 488 | |
| 489 | PCAP_API pcap_dumper_t *pcap_dump_open(pcap_t *, const char *); |
| 490 | PCAP_API pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp); |
| 491 | PCAP_API pcap_dumper_t *pcap_dump_open_append(pcap_t *, const char *); |
| 492 | PCAP_API FILE *pcap_dump_file(pcap_dumper_t *); |
| 493 | PCAP_API long pcap_dump_ftell(pcap_dumper_t *); |
| 494 | PCAP_API int64_t pcap_dump_ftell64(pcap_dumper_t *); |
| 495 | PCAP_API int pcap_dump_flush(pcap_dumper_t *); |
| 496 | PCAP_API void pcap_dump_close(pcap_dumper_t *); |
| 497 | PCAP_API void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *); |
| 498 | |
| 499 | PCAP_API int pcap_findalldevs(pcap_if_t **, char *); |
| 500 | PCAP_API void pcap_freealldevs(pcap_if_t *); |
| 501 | |
| 502 | /* |
| 503 | * We return a pointer to the version string, rather than exporting the |
| 504 | * version string directly. |
| 505 | * |
| 506 | * On at least some UNIXes, if you import data from a shared library into |
| 507 | * an program, the data is bound into the program binary, so if the string |
| 508 | * in the version of the library with which the program was linked isn't |
| 509 | * the same as the string in the version of the library with which the |
| 510 | * program is being run, various undesirable things may happen (warnings, |
| 511 | * the string being the one from the version of the library with which the |
| 512 | * program was linked, or even weirder things, such as the string being the |
| 513 | * one from the library but being truncated). |
| 514 | * |
| 515 | * On Windows, the string is constructed at run time. |
| 516 | */ |
| 517 | PCAP_API const char *pcap_lib_version(void); |
| 518 | |
| 519 | /* |
| 520 | * On at least some versions of NetBSD and QNX, we don't want to declare |
| 521 | * bpf_filter() here, as it's also be declared in <net/bpf.h>, with a |
| 522 | * different signature, but, on other BSD-flavored UN*Xes, it's not |
| 523 | * declared in <net/bpf.h>, so we *do* want to declare it here, so it's |
| 524 | * declared when we build pcap-bpf.c. |
| 525 | */ |
| 526 | #if !defined(__NetBSD__) && !defined(__QNX__) |
| 527 | PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); |
| 528 | #endif |
| 529 | PCAP_API int bpf_validate(const struct bpf_insn *f, int len); |
| 530 | PCAP_API char *bpf_image(const struct bpf_insn *, int); |
| 531 | PCAP_API void bpf_dump(const struct bpf_program *, int); |
| 532 | |
| 533 | #if defined(_WIN32) |
| 534 | |
| 535 | /* |
| 536 | * Win32 definitions |
| 537 | */ |
| 538 | |
| 539 | /*! |
| 540 | \brief A queue of raw packets that will be sent to the network with pcap_sendqueue_transmit(). |
| 541 | */ |
| 542 | struct pcap_send_queue |
| 543 | { |
| 544 | u_int maxlen; /* Maximum size of the queue, in bytes. This |
| 545 | variable contains the size of the buffer field. */ |
| 546 | u_int len; /* Current size of the queue, in bytes. */ |
| 547 | char *buffer; /* Buffer containing the packets to be sent. */ |
| 548 | }; |
| 549 | |
| 550 | typedef struct pcap_send_queue pcap_send_queue; |
| 551 | |
| 552 | /*! |
| 553 | \brief This typedef is a support for the pcap_get_airpcap_handle() function |
| 554 | */ |
| 555 | #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_) |
| 556 | #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ |
| 557 | typedef struct _AirpcapHandle *PAirpcapHandle; |
| 558 | #endif |
| 559 | |
| 560 | PCAP_API int pcap_setbuff(pcap_t *p, int dim); |
| 561 | PCAP_API int pcap_setmode(pcap_t *p, int mode); |
| 562 | PCAP_API int pcap_setmintocopy(pcap_t *p, int size); |
| 563 | |
| 564 | PCAP_API HANDLE pcap_getevent(pcap_t *p); |
| 565 | |
| 566 | PCAP_API int pcap_oid_get_request(pcap_t *, bpf_u_int32, void *, size_t *); |
| 567 | PCAP_API int pcap_oid_set_request(pcap_t *, bpf_u_int32, const void *, size_t *); |
| 568 | |
| 569 | PCAP_API pcap_send_queue* pcap_sendqueue_alloc(u_int memsize); |
| 570 | |
| 571 | PCAP_API void pcap_sendqueue_destroy(pcap_send_queue* queue); |
| 572 | |
| 573 | PCAP_API int pcap_sendqueue_queue(pcap_send_queue* queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data); |
| 574 | |
| 575 | PCAP_API u_int pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue* queue, int sync); |
| 576 | |
| 577 | PCAP_API struct pcap_stat *pcap_stats_ex(pcap_t *p, int *pcap_stat_size); |
| 578 | |
| 579 | PCAP_API int pcap_setuserbuffer(pcap_t *p, int size); |
| 580 | |
| 581 | PCAP_API int pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks); |
| 582 | |
| 583 | PCAP_API int pcap_live_dump_ended(pcap_t *p, int sync); |
| 584 | |
| 585 | PCAP_API int pcap_start_oem(char* err_str, int flags); |
| 586 | |
| 587 | PCAP_API PAirpcapHandle pcap_get_airpcap_handle(pcap_t *p); |
| 588 | |
| 589 | #define MODE_CAPT 0 |
| 590 | #define MODE_STAT 1 |
| 591 | #define MODE_MON 2 |
| 592 | |
| 593 | #elif defined(MSDOS) |
| 594 | |
| 595 | /* |
| 596 | * MS-DOS definitions |
| 597 | */ |
| 598 | |
| 599 | PCAP_API int pcap_stats_ex (pcap_t *, struct pcap_stat_ex *); |
| 600 | PCAP_API void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait); |
| 601 | PCAP_API u_long pcap_mac_packets (void); |
| 602 | |
| 603 | #else /* UN*X */ |
| 604 | |
| 605 | /* |
| 606 | * UN*X definitions |
| 607 | */ |
| 608 | |
| 609 | PCAP_API int pcap_get_selectable_fd(pcap_t *); |
| 610 | PCAP_API struct timeval *pcap_get_required_select_timeout(pcap_t *); |
| 611 | |
| 612 | #endif /* _WIN32/MSDOS/UN*X */ |
| 613 | |
| 614 | /* |
| 615 | * Remote capture definitions. |
| 616 | * |
| 617 | * These routines are only present if libpcap has been configured to |
| 618 | * include remote capture support. |
| 619 | */ |
| 620 | |
| 621 | /* |
| 622 | * The maximum buffer size in which address, port, interface names are kept. |
| 623 | * |
| 624 | * In case the adapter name or such is larger than this value, it is truncated. |
| 625 | * This is not used by the user; however it must be aware that an hostname / interface |
| 626 | * name longer than this value will be truncated. |
| 627 | */ |
| 628 | #define PCAP_BUF_SIZE 1024 |
| 629 | |
| 630 | /* |
| 631 | * The type of input source, passed to pcap_open(). |
| 632 | */ |
| 633 | #define PCAP_SRC_FILE 2 /* local savefile */ |
| 634 | #define PCAP_SRC_IFLOCAL 3 /* local network interface */ |
| 635 | #define PCAP_SRC_IFREMOTE 4 /* interface on a remote host, using RPCAP */ |
| 636 | |
| 637 | /* |
| 638 | * The formats allowed by pcap_open() are the following: |
| 639 | * - file://path_and_filename [opens a local file] |
| 640 | * - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol] |
| 641 | * - rpcap://host/devicename [opens the selected device available on a remote host] |
| 642 | * - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP] |
| 643 | * - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged] |
| 644 | * - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged] |
| 645 | * |
| 646 | * The formats allowed by the pcap_findalldevs_ex() are the following: |
| 647 | * - file://folder/ [lists all the files in the given folder] |
| 648 | * - rpcap:// [lists all local adapters] |
| 649 | * - rpcap://host:port/ [lists the devices available on a remote host] |
| 650 | * |
| 651 | * Referring to the 'host' and 'port' parameters, they can be either numeric or literal. Since |
| 652 | * IPv6 is fully supported, these are the allowed formats: |
| 653 | * |
| 654 | * - host (literal): e.g. host.foo.bar |
| 655 | * - host (numeric IPv4): e.g. 10.11.12.13 |
| 656 | * - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13] |
| 657 | * - host (numeric IPv6): e.g. [1:2:3::4] |
| 658 | * - port: can be either numeric (e.g. '80') or literal (e.g. 'http') |
| 659 | * |
| 660 | * Here you find some allowed examples: |
| 661 | * - rpcap://host.foo.bar/devicename [everything literal, no port number] |
| 662 | * - rpcap://host.foo.bar:1234/devicename [everything literal, with port number] |
| 663 | * - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number] |
| 664 | * - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number] |
| 665 | * - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number] |
| 666 | * - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number] |
| 667 | * - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number] |
| 668 | * - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] |
| 669 | */ |
| 670 | |
| 671 | /* |
| 672 | * URL schemes for capture source. |
| 673 | */ |
| 674 | /* |
| 675 | * This string indicates that the user wants to open a capture from a |
| 676 | * local file. |
| 677 | */ |
| 678 | #define PCAP_SRC_FILE_STRING "file://" |
| 679 | /* |
| 680 | * This string indicates that the user wants to open a capture from a |
| 681 | * network interface. This string does not necessarily involve the use |
| 682 | * of the RPCAP protocol. If the interface required resides on the local |
| 683 | * host, the RPCAP protocol is not involved and the local functions are used. |
| 684 | */ |
| 685 | #define PCAP_SRC_IF_STRING "rpcap://" |
| 686 | |
| 687 | /* |
| 688 | * Flags to pass to pcap_open(). |
| 689 | */ |
| 690 | |
| 691 | /* |
| 692 | * Specifies whether promiscuous mode is to be used. |
| 693 | */ |
| 694 | #define PCAP_OPENFLAG_PROMISCUOUS 0x00000001 |
| 695 | |
| 696 | /* |
| 697 | * Specifies, for an RPCAP capture, whether the data transfer (in |
| 698 | * case of a remote capture) has to be done with UDP protocol. |
| 699 | * |
| 700 | * If it is '1' if you want a UDP data connection, '0' if you want |
| 701 | * a TCP data connection; control connection is always TCP-based. |
| 702 | * A UDP connection is much lighter, but it does not guarantee that all |
| 703 | * the captured packets arrive to the client workstation. Moreover, |
| 704 | * it could be harmful in case of network congestion. |
| 705 | * This flag is meaningless if the source is not a remote interface. |
| 706 | * In that case, it is simply ignored. |
| 707 | */ |
| 708 | #define PCAP_OPENFLAG_DATATX_UDP 0x00000002 |
| 709 | |
| 710 | /* |
| 711 | * Specifies wheether the remote probe will capture its own generated |
| 712 | * traffic. |
| 713 | * |
| 714 | * In case the remote probe uses the same interface to capture traffic |
| 715 | * and to send data back to the caller, the captured traffic includes |
| 716 | * the RPCAP traffic as well. If this flag is turned on, the RPCAP |
| 717 | * traffic is excluded from the capture, so that the trace returned |
| 718 | * back to the collector is does not include this traffic. |
| 719 | * |
| 720 | * Has no effect on local interfaces or savefiles. |
| 721 | */ |
| 722 | #define PCAP_OPENFLAG_NOCAPTURE_RPCAP 0x00000004 |
| 723 | |
| 724 | /* |
| 725 | * Specifies whether the local adapter will capture its own generated traffic. |
| 726 | * |
| 727 | * This flag tells the underlying capture driver to drop the packets |
| 728 | * that were sent by itself. This is useful when building applications |
| 729 | * such as bridges that should ignore the traffic they just sent. |
| 730 | * |
| 731 | * Supported only on Windows. |
| 732 | */ |
| 733 | #define PCAP_OPENFLAG_NOCAPTURE_LOCAL 0x00000008 |
| 734 | |
| 735 | /* |
| 736 | * This flag configures the adapter for maximum responsiveness. |
| 737 | * |
| 738 | * In presence of a large value for nbytes, WinPcap waits for the arrival |
| 739 | * of several packets before copying the data to the user. This guarantees |
| 740 | * a low number of system calls, i.e. lower processor usage, i.e. better |
| 741 | * performance, which is good for applications like sniffers. If the user |
| 742 | * sets the PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will |
| 743 | * copy the packets as soon as the application is ready to receive them. |
| 744 | * This is suggested for real time applications (such as, for example, |
| 745 | * a bridge) that need the best responsiveness. |
| 746 | * |
| 747 | * The equivalent with pcap_create()/pcap_activate() is "immediate mode". |
| 748 | */ |
| 749 | #define PCAP_OPENFLAG_MAX_RESPONSIVENESS 0x00000010 |
| 750 | |
| 751 | /* |
| 752 | * Remote authentication methods. |
| 753 | * These are used in the 'type' member of the pcap_rmtauth structure. |
| 754 | */ |
| 755 | |
| 756 | /* |
| 757 | * NULL authentication. |
| 758 | * |
| 759 | * The 'NULL' authentication has to be equal to 'zero', so that old |
| 760 | * applications can just put every field of struct pcap_rmtauth to zero, |
| 761 | * and it does work. |
| 762 | */ |
| 763 | #define RPCAP_RMTAUTH_NULL 0 |
| 764 | /* |
| 765 | * Username/password authentication. |
| 766 | * |
| 767 | * With this type of authentication, the RPCAP protocol will use the username/ |
| 768 | * password provided to authenticate the user on the remote machine. If the |
| 769 | * authentication is successful (and the user has the right to open network |
| 770 | * devices) the RPCAP connection will continue; otherwise it will be dropped. |
| 771 | * |
| 772 | * *******NOTE********: the username and password are sent over the network |
| 773 | * to the capture server *IN CLEAR TEXT*. Don't use this on a network |
| 774 | * that you don't completely control! (And be *really* careful in your |
| 775 | * definition of "completely"!) |
| 776 | */ |
| 777 | #define RPCAP_RMTAUTH_PWD 1 |
| 778 | |
| 779 | /* |
| 780 | * This structure keeps the information needed to autheticate the user |
| 781 | * on a remote machine. |
| 782 | * |
| 783 | * The remote machine can either grant or refuse the access according |
| 784 | * to the information provided. |
| 785 | * In case the NULL authentication is required, both 'username' and |
| 786 | * 'password' can be NULL pointers. |
| 787 | * |
| 788 | * This structure is meaningless if the source is not a remote interface; |
| 789 | * in that case, the functions which requires such a structure can accept |
| 790 | * a NULL pointer as well. |
| 791 | */ |
| 792 | struct pcap_rmtauth |
| 793 | { |
| 794 | /* |
| 795 | * \brief Type of the authentication required. |
| 796 | * |
| 797 | * In order to provide maximum flexibility, we can support different types |
| 798 | * of authentication based on the value of this 'type' variable. The currently |
| 799 | * supported authentication methods are defined into the |
| 800 | * \link remote_auth_methods Remote Authentication Methods Section\endlink. |
| 801 | */ |
| 802 | int type; |
| 803 | /* |
| 804 | * \brief Zero-terminated string containing the username that has to be |
| 805 | * used on the remote machine for authentication. |
| 806 | * |
| 807 | * This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication |
| 808 | * and it can be NULL. |
| 809 | */ |
| 810 | char *username; |
| 811 | /* |
| 812 | * \brief Zero-terminated string containing the password that has to be |
| 813 | * used on the remote machine for authentication. |
| 814 | * |
| 815 | * This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication |
| 816 | * and it can be NULL. |
| 817 | */ |
| 818 | char *password; |
| 819 | }; |
| 820 | |
| 821 | /* |
| 822 | * This routine can open a savefile, a local device, or a device on |
| 823 | * a remote machine running an RPCAP server. |
| 824 | * |
| 825 | * For opening a savefile, the pcap_open_offline routines can be used, |
| 826 | * and will work just as well; code using them will work on more |
| 827 | * platforms than code using pcap_open() to open savefiles. |
| 828 | * |
| 829 | * For opening a local device, pcap_open_live() can be used; it supports |
| 830 | * most of the capabilities that pcap_open() supports, and code using it |
| 831 | * will work on more platforms than code using pcap_open(). pcap_create() |
| 832 | * and pcap_activate() can also be used; they support all capabilities |
| 833 | * that pcap_open() supports, except for the Windows-only |
| 834 | * PCAP_OPENFLAG_NOCAPTURE_LOCAL, and support additional capabilities. |
| 835 | * |
| 836 | * For opening a remote capture, pcap_open() is currently the only |
| 837 | * API available. |
| 838 | */ |
| 839 | PCAP_API pcap_t *pcap_open(const char *source, int snaplen, int flags, |
| 840 | int read_timeout, struct pcap_rmtauth *auth, char *errbuf); |
| 841 | PCAP_API int pcap_createsrcstr(char *source, int type, const char *host, |
| 842 | const char *port, const char *name, char *errbuf); |
| 843 | PCAP_API int pcap_parsesrcstr(const char *source, int *type, char *host, |
| 844 | char *port, char *name, char *errbuf); |
| 845 | |
| 846 | /* |
| 847 | * This routine can scan a directory for savefiles, list local capture |
| 848 | * devices, or list capture devices on a remote machine running an RPCAP |
| 849 | * server. |
| 850 | * |
| 851 | * For scanning for savefiles, it can be used on both UN*X systems and |
| 852 | * Windows systems; for each directory entry it sees, it tries to open |
| 853 | * the file as a savefile using pcap_open_offline(), and only includes |
| 854 | * it in the list of files if the open succeeds, so it filters out |
| 855 | * files for which the user doesn't have read permission, as well as |
| 856 | * files that aren't valid savefiles readable by libpcap. |
| 857 | * |
| 858 | * For listing local capture devices, it's just a wrapper around |
| 859 | * pcap_findalldevs(); code using pcap_findalldevs() will work on more |
| 860 | * platforms than code using pcap_findalldevs_ex(). |
| 861 | * |
| 862 | * For listing remote capture devices, pcap_findalldevs_ex() is currently |
| 863 | * the only API available. |
| 864 | */ |
| 865 | PCAP_API int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, |
| 866 | pcap_if_t **alldevs, char *errbuf); |
| 867 | |
| 868 | /* |
| 869 | * Sampling methods. |
| 870 | * |
| 871 | * These allow pcap_loop(), pcap_dispatch(), pcap_next(), and pcap_next_ex() |
| 872 | * to see only a sample of packets, rather than all packets. |
| 873 | * |
| 874 | * Currently, they work only on Windows local captures. |
| 875 | */ |
| 876 | |
| 877 | /* |
| 878 | * Specifies that no sampling is to be done on the current capture. |
| 879 | * |
| 880 | * In this case, no sampling algorithms are applied to the current capture. |
| 881 | */ |
| 882 | #define PCAP_SAMP_NOSAMP 0 |
| 883 | |
| 884 | /* |
| 885 | * Specifies that only 1 out of N packets must be returned to the user. |
| 886 | * |
| 887 | * In this case, the 'value' field of the 'pcap_samp' structure indicates the |
| 888 | * number of packets (minus 1) that must be discarded before one packet got |
| 889 | * accepted. |
| 890 | * In other words, if 'value = 10', the first packet is returned to the |
| 891 | * caller, while the following 9 are discarded. |
| 892 | */ |
| 893 | #define PCAP_SAMP_1_EVERY_N 1 |
| 894 | |
| 895 | /* |
| 896 | * Specifies that we have to return 1 packet every N milliseconds. |
| 897 | * |
| 898 | * In this case, the 'value' field of the 'pcap_samp' structure indicates |
| 899 | * the 'waiting time' in milliseconds before one packet got accepted. |
| 900 | * In other words, if 'value = 10', the first packet is returned to the |
| 901 | * caller; the next returned one will be the first packet that arrives |
| 902 | * when 10ms have elapsed. |
| 903 | */ |
| 904 | #define PCAP_SAMP_FIRST_AFTER_N_MS 2 |
| 905 | |
| 906 | /* |
| 907 | * This structure defines the information related to sampling. |
| 908 | * |
| 909 | * In case the sampling is requested, the capturing device should read |
| 910 | * only a subset of the packets coming from the source. The returned packets |
| 911 | * depend on the sampling parameters. |
| 912 | * |
| 913 | * WARNING: The sampling process is applied *after* the filtering process. |
| 914 | * In other words, packets are filtered first, then the sampling process |
| 915 | * selects a subset of the 'filtered' packets and it returns them to the |
| 916 | * caller. |
| 917 | */ |
| 918 | struct pcap_samp |
| 919 | { |
| 920 | /* |
| 921 | * Method used for sampling; see above. |
| 922 | */ |
| 923 | int method; |
| 924 | |
| 925 | /* |
| 926 | * This value depends on the sampling method defined. |
| 927 | * For its meaning, see above. |
| 928 | */ |
| 929 | int value; |
| 930 | }; |
| 931 | |
| 932 | /* |
| 933 | * New functions. |
| 934 | */ |
| 935 | PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p); |
| 936 | |
| 937 | /* |
| 938 | * RPCAP active mode. |
| 939 | */ |
| 940 | |
| 941 | /* Maximum length of an host name (needed for the RPCAP active mode) */ |
| 942 | #define RPCAP_HOSTLIST_SIZE 1024 |
| 943 | |
| 944 | /* |
| 945 | * Some minor differences between UN*X sockets and and Winsock sockets. |
| 946 | */ |
| 947 | #ifndef _WIN32 |
| 948 | /*! |
| 949 | * \brief In Winsock, a socket handle is of type SOCKET; in UN*X, it's |
| 950 | * a file descriptor, and therefore a signed integer. |
| 951 | * We define SOCKET to be a signed integer on UN*X, so that it can |
| 952 | * be used on both platforms. |
| 953 | */ |
| 954 | #define SOCKET int |
| 955 | |
| 956 | /*! |
| 957 | * \brief In Winsock, the error return if socket() fails is INVALID_SOCKET; |
| 958 | * in UN*X, it's -1. |
| 959 | * We define INVALID_SOCKET to be -1 on UN*X, so that it can be used on |
| 960 | * both platforms. |
| 961 | */ |
| 962 | #define INVALID_SOCKET -1 |
| 963 | #endif |
| 964 | |
| 965 | PCAP_API SOCKET pcap_remoteact_accept(const char *address, const char *port, |
| 966 | const char *hostlist, char *connectinghost, |
| 967 | struct pcap_rmtauth *auth, char *errbuf); |
| 968 | PCAP_API int pcap_remoteact_list(char *hostlist, char sep, int size, |
| 969 | char *errbuf); |
| 970 | PCAP_API int pcap_remoteact_close(const char *host, char *errbuf); |
| 971 | PCAP_API void pcap_remoteact_cleanup(void); |
| 972 | |
| 973 | #ifdef __cplusplus |
| 974 | } |
| 975 | #endif |
| 976 | |
| 977 | #endif /* lib_pcap_pcap_h */ |
| 978 |
Generated while processing netbsd/external/bsd/libpcap/dist/bpf_dump.c
Generated on 2019-Jul-19 from project netbsd revision f9da89e0d
Powered by 
Code Browser 2.1
Generator usage only permitted with license.