WinPcap 4.1.3
pcap-remote.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34#ifndef __PCAP_REMOTE_H__
35#define __PCAP_REMOTE_H__
36
37
38#include "pcap.h"
39#include "sockutils.h" // Needed for some structures (like SOCKET, sockaddr_in) which are used here
40
41
66
67
68
69
70
71
72
73
74/*********************************************************
75 * *
76 * General definitions / typedefs for the RPCAP protocol *
77 * *
78 *********************************************************/
79
80// All the following structures and typedef belongs to the Private Documentation
84
85#define RPCAP_DEFAULT_NETPORT "2002"
87#define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
88#define RPCAP_DEFAULT_NETADDR ""
89#define RPCAP_VERSION 0
90#define RPCAP_TIMEOUT_INIT 90
91#define RPCAP_TIMEOUT_RUNTIME 180
92#define RPCAP_ACTIVE_WAIT 30
93#define RPCAP_SUSPEND_WRONGAUTH 1
94
99#define RPCAP_NETBUF_SIZE 64000
100
101
109#define RPCAP_HOSTLIST_SEP " ,;\n\r"
110
111
112
113
114// WARNING: These could need to be changed on other platforms
115typedef unsigned char uint8;
116typedef unsigned short uint16;
117typedef unsigned int uint32;
118typedef int int32;
119
120
121
122
134{
135 struct sockaddr_storage host;
136 SOCKET sockctrl;
138};
139
140
141/*********************************************************
142 * *
143 * Protocol messages formats *
144 * *
145 *********************************************************/
146// WARNING Take care you compiler does not insert padding for better alignments into these structs
147
148
157
158
168
169
172{
173 struct sockaddr_storage addr;
174 struct sockaddr_storage netmask;
175 struct sockaddr_storage broadaddr;
176 struct sockaddr_storage dstaddr;
177};
178
179
180
191
192
193
202
203
211
212
227
228
236
237
246
247
256
257
266
267
276
277
278
279// Messages field coding
280#define RPCAP_MSG_ERROR 1
281#define RPCAP_MSG_FINDALLIF_REQ 2
282#define RPCAP_MSG_OPEN_REQ 3
283#define RPCAP_MSG_STARTCAP_REQ 4
284#define RPCAP_MSG_UPDATEFILTER_REQ 5
285#define RPCAP_MSG_CLOSE 6
286#define RPCAP_MSG_PACKET 7
287#define RPCAP_MSG_AUTH_REQ 8
288#define RPCAP_MSG_STATS_REQ 9
289#define RPCAP_MSG_ENDCAP_REQ 10
290#define RPCAP_MSG_SETSAMPLING_REQ 11
291
292#define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)
293#define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)
294#define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)
295#define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)
296#define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)
297#define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)
298#define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)
299#define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)
300
301#define RPCAP_STARTCAPREQ_FLAG_PROMISC 1
302#define RPCAP_STARTCAPREQ_FLAG_DGRAM 2
303#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4
304#define RPCAP_STARTCAPREQ_FLAG_INBOUND 8
305#define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16
306
307#define RPCAP_UPDATEFILTER_BPF 1
308
309
310// Network error codes
311#define PCAP_ERR_NETW 1
312#define PCAP_ERR_INITTIMEOUT 2
313#define PCAP_ERR_AUTH 3
314#define PCAP_ERR_FINDALLIF 4
315#define PCAP_ERR_NOREMOTEIF 5
316#define PCAP_ERR_OPEN 6
317#define PCAP_ERR_UPDATEFILTER 7
318#define PCAP_ERR_GETSTATS 8
319#define PCAP_ERR_READEX 9
320#define PCAP_ERR_HOSTNOAUTH 10
321#define PCAP_ERR_REMOTEACCEPT 11
322#define PCAP_ERR_STARTCAPTURE 12
323#define PCAP_ERR_ENDCAPTURE 13
324#define PCAP_ERR_RUNTIMETIMEOUT 14
325#define PCAP_ERR_SETSAMPLING 15
326#define PCAP_ERR_WRONGMSG 16
327#define PCAP_ERR_WRONGVER 17 // end of private documentation
331
332
333
334
335
336
337/*********************************************************
338 * *
339 * Exported funtion prototypes *
340 * *
341 *********************************************************/
344
345int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data);
346int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
347int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
348int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog);
353
354void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
355int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
356int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
357int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
358int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
359
360int rpcap_remoteact_getsock(const char *host, char *errbuf);
361
362#endif
363
unsigned short uint16
Provides a 16-bits unsigned integer.
unsigned int uint32
Provides a 32-bits unsigned integer.
int int32
Provides a 32-bits integer.
unsigned char uint8
Provides an 8-bits unsigned integer.
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
Definition incs/pcap.h:70
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
Definition funcs/pcap.h:27
int pcap_startcapture_remote(pcap_t *fp)
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
void pcap_cleanup_remote(pcap_t *p)
int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog)
int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps)
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf)
int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth)
struct pcap_stat * pcap_stats_ex_remote(pcap_t *p)
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
int rpcap_remoteact_getsock(const char *host, char *errbuf)
int pcap_setsampling_remote(pcap_t *p)
Keeps a list of all the opened connections in the active mode.
SOCKET sockctrl
struct activehosts * next
struct sockaddr_storage host
Header of a packet in the dump file.
Definition incs/pcap.h:126
This structure keeps the information needed to autheticate the user on a remote machine.
Definition remote-ext.h:339
Structure that keeps statistical values on an interface.
Definition incs/pcap.h:136
Structure that keeps the data required for the authentication on the remote host.
uint16 dummy
Must be zero.
uint16 slen1
Length of the first authentication item (e.g. username)
uint16 slen2
Length of the second authentication item (e.g. password)
uint16 type
Authentication type.
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions.
uint16 filtertype
type of the filter transferred (BPF instructions, ...)
uint16 dummy
Must be zero.
uint32 nitems
Number of items contained into the filter (e.g. BPF instructions for BPF filters)
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_fi...
uint16 code
opcode of the instuction
uint8 jf
relative offset to jump to in case of 'false'
uint8 jt
relative offset to jump to in case of 'true'
int32 k
instruction-dependent value
Format of the message for the interface description (findalldevs command)
uint16 dummy
Must be zero.
uint32 flags
Interface flags.
uint16 desclen
Length of the interface description.
uint16 namelen
Length of the interface name.
uint16 naddr
Number of addresses.
Format of the message for the address listing (findalldevs command)
struct sockaddr_storage broadaddr
Broadcast address for that address.
struct sockaddr_storage addr
Network address.
struct sockaddr_storage dstaddr
P2P destination address for that address.
struct sockaddr_storage netmask
Netmask for that address.
Common header for all the RPCAP messages.
uint8 type
RPCAP message type (error, findalldevs, ...)
uint16 value
Message-dependent value (not always used)
uint32 plen
Length of the payload of this RPCAP message.
uint8 ver
RPCAP version number.
Format of the message of the connection opening reply (open command).
int32 linktype
Link type.
int32 tzoff
Timezone offset.
Format of the header which encapsulates captured packets when transmitted on the network.
uint32 timestamp_sec
'struct timeval' compatible, it represents the 'tv_sec' field
uint32 npkt
Ordinal number of the packet (i.e. the first one captured has '1', the second one '2',...
uint32 timestamp_usec
'struct timeval' compatible, it represents the 'tv_usec' field
uint32 len
Real length this packet (off wire)
uint32 caplen
Length of portion present in the capture.
Structure that is needed to set sampling parameters.
uint16 dummy2
Must be zero.
uint32 value
Parameter related to the sampling method.
uint8 method
Sampling method.
uint8 dummy1
Must be zero.
Format of the reply message that devoted to start a remote capture (startcap reply command)
int32 bufsize
Size of the user buffer allocated by WinPcap; it can be different from the one we chose.
uint16 dummy
Must be zero.
uint16 portdata
Network port on which the server is waiting at (passive mode only)
Format of the message that starts a remote capture (startcap command)
uint32 read_timeout
Read timeout in milliseconds.
uint16 portdata
Network port on which the client is waiting at (if 'serveropen')
uint16 flags
Flags (see RPCAP_STARTCAPREQ_FLAG_xxx)
uint32 snaplen
Length of the snapshot (number of bytes to capture for each packet)
Structure that keeps the statistics about the number of packets captured, dropped,...
uint32 ifdrop
Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats....
uint32 ifrecv
Packets received by the kernel filter (i.e. pcap_stats.ps_recv)
uint32 svrcapt
Packets captured by the RPCAP daemon and sent on the network.
uint32 krnldrop
Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop)

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.