sl@0: /*
sl@0:  * Copyright (c) 1994, 1995, 1996
sl@0:  *	The Regents of the University of California.  All rights reserved.
sl@0:  *
sl@0:  * Redistribution and use in source and binary forms, with or without
sl@0:  * modification, are permitted provided that the following conditions
sl@0:  * are met:
sl@0:  * 1. Redistributions of source code must retain the above copyright
sl@0:  *    notice, this list of conditions and the following disclaimer.
sl@0:  * 2. Redistributions in binary form must reproduce the above copyright
sl@0:  *    notice, this list of conditions and the following disclaimer in the
sl@0:  *    documentation and/or other materials provided with the distribution.
sl@0:  * 3. All advertising materials mentioning features or use of this software
sl@0:  *    must display the following acknowledgement:
sl@0:  *	This product includes software developed by the Computer Systems
sl@0:  *	Engineering Group at Lawrence Berkeley Laboratory.
sl@0:  * 4. Neither the name of the University nor of the Laboratory may be used
sl@0:  *    to endorse or promote products derived from this software without
sl@0:  *    specific prior written permission.
sl@0:  *
sl@0:  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
sl@0:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
sl@0:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0:  * SUCH DAMAGE.
sl@0:  *
sl@0:  * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.68.2.9 2006/02/22 17:09:54 gianluca Exp $ (LBL)
sl@0:  */
sl@0: 
sl@0: #ifndef pcap_int_h
sl@0: #define pcap_int_h
sl@0: 
sl@0: #ifdef __cplusplus
sl@0: extern "C" {
sl@0: #endif
sl@0: 
sl@0: #include <pcap.h>
sl@0: 
sl@0: #ifdef WIN32
sl@0: #include <Packet32.h>
sl@0: #endif /* WIN32 */
sl@0: 
sl@0: #ifdef MSDOS
sl@0: #include <fcntl.h>
sl@0: #include <io.h>
sl@0: #endif
sl@0: 
sl@0: /*
sl@0:  * Savefile
sl@0:  */
sl@0: typedef enum {
sl@0: 	NOT_SWAPPED,
sl@0: 	SWAPPED,
sl@0: 	MAYBE_SWAPPED
sl@0: } swapped_type_t;
sl@0: 
sl@0: struct pcap_sf {
sl@0: 	FILE *rfile;
sl@0: 	int swapped;
sl@0: 	int hdrsize;
sl@0: 	swapped_type_t lengths_swapped;
sl@0: 	int version_major;
sl@0: 	int version_minor;
sl@0: 	u_char *base;
sl@0: };
sl@0: 
sl@0: struct pcap_md {
sl@0: 	struct pcap_stat stat;
sl@0: 	/*XXX*/
sl@0: 	int use_bpf;		/* using kernel filter */
sl@0: 	u_long	TotPkts;	/* can't oflow for 79 hrs on ether */
sl@0: 	u_long	TotAccepted;	/* count accepted by filter */
sl@0: 	u_long	TotDrops;	/* count of dropped packets */
sl@0: 	long	TotMissed;	/* missed by i/f during this run */
sl@0: 	long	OrigMissed;	/* missed by i/f before this run */
sl@0: 	char	*device;	/* device name */
sl@0: #ifdef linux
sl@0: 	int	sock_packet;	/* using Linux 2.0 compatible interface */
sl@0: 	int	timeout;	/* timeout specified to pcap_open_live */
sl@0: 	int	clear_promisc;	/* must clear promiscuous mode when we close */
sl@0: 	int	cooked;		/* using SOCK_DGRAM rather than SOCK_RAW */
sl@0: 	int	ifindex;	/* interface index of device we're bound to */
sl@0: 	int	lo_ifindex;	/* interface index of the loopback device */
sl@0: 	struct pcap *next;	/* list of open promiscuous sock_packet pcaps */
sl@0: 	u_int	packets_read;	/* count of packets read with recvfrom() */
sl@0: #endif
sl@0: 
sl@0: #ifdef HAVE_DAG_API
sl@0: #ifdef HAVE_DAG_STREAMS_API
sl@0: 	u_char	*dag_mem_bottom;	/* DAG card current memory bottom pointer */
sl@0: 	u_char	*dag_mem_top;	/* DAG card current memory top pointer */
sl@0: #else
sl@0: 	void	*dag_mem_base;	/* DAG card memory base address */
sl@0: 	u_int	dag_mem_bottom;	/* DAG card current memory bottom offset */
sl@0: 	u_int	dag_mem_top;	/* DAG card current memory top offset */
sl@0: #endif /* HAVE_DAG_STREAMS_API */
sl@0: 	int	dag_fcs_bits;	/* Number of checksum bits from link layer */
sl@0: 	int	dag_offset_flags; /* Flags to pass to dag_offset(). */
sl@0: 	int	dag_stream;	/* DAG stream number */
sl@0: 	int	dag_timeout;	/* timeout specified to pcap_open_live.
sl@0: 				 * Same as in linux above, introduce
sl@0: 				 * generally? */
sl@0: #endif /* HAVE_DAG_API */
sl@0: 
sl@0: #ifdef HAVE_REMOTE
sl@0: /*!
sl@0: 	There is really a mess with previous variables, and it seems to me that they are not used
sl@0: 	(they are used in pcap_pf.c only). I think we have to start using them.
sl@0: 	The meaning is the following:
sl@0: 
sl@0: 	- TotPkts: the amount of packets received by the bpf filter, *before* applying the filter
sl@0: 	- TotAccepted: the amount of packets that satisfies the filter
sl@0: 	- TotDrops: the amount of packet that were dropped into the kernel buffer because of lack of space
sl@0: 	- TotMissed: the amount of packets that were dropped by the physical interface; it is basically 
sl@0: 	the value of the hardware counter into the card. This number is never put to zero, so this number
sl@0: 	takes into account the *total* number of interface drops starting from the interface power-on.
sl@0: 	- OrigMissed: the amount of packets that were dropped by the interface *when the capture begins*.
sl@0: 	This value is used to detect the number of packets dropped by the interface *during the present
sl@0: 	capture*, so that (ps_ifdrops= TotMissed - OrigMissed).
sl@0: */
sl@0: 	unsigned int TotNetDrops;	//!< keeps the number of packets that have been dropped by the network
sl@0: /*!
sl@0: 	\brief It keeps the number of packets that have been received by the application.
sl@0: 	
sl@0: 	Packets dropped by the kernel buffer are not counted in this variable. The variable is always 
sl@0: 	equal to (TotAccepted - TotDrops), exept for the case of remote capture, in which we have also
sl@0: 	packets in fligh, i.e. that have been transmitted by the remote host, but that have not been 
sl@0: 	received (yet) from the client. In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
sl@0: 	wrong result, since this number does not corresponds always to the number of packet received by 
sl@0: 	the application. For this reason, in the remote capture we need another variable that takes
sl@0: 	into account of the number of packets actually received by the application.
sl@0: */
sl@0: 	unsigned int TotCapt;
sl@0: #endif /* HAVE_REMOTE */
sl@0: };
sl@0: 
sl@0: /*
sl@0:  * Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
sl@0:  * Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
sl@0:  */
sl@0: #if defined(ultrix) || defined(__osf__) || (defined(__NetBSD__) && __NetBSD_Version__ > 106000000)
sl@0: #define       PCAP_FDDIPAD 3
sl@0: #endif
sl@0: 
sl@0: struct pcap {
sl@0: #ifdef WIN32
sl@0: 	ADAPTER *adapter;
sl@0: 	LPPACKET Packet;
sl@0: 	int timeout;
sl@0: 	int nonblock;
sl@0: #else
sl@0: 	int fd;
sl@0: 	int selectable_fd;
sl@0: 	int send_fd;
sl@0: #endif /* WIN32 */
sl@0: 	int snapshot;
sl@0: 	int linktype;
sl@0: 	int tzoff;		/* timezone offset */
sl@0: 	int offset;		/* offset for proper alignment */
sl@0: 
sl@0: 	int break_loop;		/* flag set to force break from packet-reading loop */
sl@0: 
sl@0: #ifdef PCAP_FDDIPAD
sl@0: 	int fddipad;
sl@0: #endif
sl@0: 
sl@0: #ifdef MSDOS
sl@0:         int inter_packet_wait;   /* offline: wait between packets */
sl@0:         void (*wait_proc)(void); /*          call proc while waiting */
sl@0: #endif
sl@0: 
sl@0: 	struct pcap_sf sf;
sl@0: 	struct pcap_md md;
sl@0: 
sl@0: 	/*
sl@0: 	 * Read buffer.
sl@0: 	 */
sl@0: 	int bufsize;
sl@0: 	u_char *buffer;
sl@0: 	u_char *bp;
sl@0: 	int cc;
sl@0: 
sl@0: 	/*
sl@0: 	 * Place holder for pcap_next().
sl@0: 	 */
sl@0: 	u_char *pkt;
sl@0: 
sl@0: 	/* We're accepting only packets in this direction/these directions. */
sl@0: 	pcap_direction_t direction;
sl@0: 
sl@0: 	/*
sl@0: 	 * Methods.
sl@0: 	 */
sl@0: 	int	(*read_op)(pcap_t *, int cnt, pcap_handler, u_char *);
sl@0: 	int	(*inject_op)(pcap_t *, const void *, size_t);
sl@0: 	int	(*setfilter_op)(pcap_t *, struct bpf_program *);
sl@0: 	int	(*setdirection_op)(pcap_t *, pcap_direction_t);
sl@0: 	int	(*set_datalink_op)(pcap_t *, int);
sl@0: 	int	(*getnonblock_op)(pcap_t *, char *);
sl@0: 	int	(*setnonblock_op)(pcap_t *, int, char *);
sl@0: 	int	(*stats_op)(pcap_t *, struct pcap_stat *);
sl@0: 	void	(*close_op)(pcap_t *);
sl@0: 
sl@0: 	/*
sl@0: 	 * Placeholder for filter code if bpf not in kernel.
sl@0: 	 */
sl@0: 	struct bpf_program fcode;
sl@0: 
sl@0: 	char errbuf[PCAP_ERRBUF_SIZE + 1];
sl@0: 	int dlt_count;
sl@0: 	u_int *dlt_list;
sl@0: 
sl@0: 	struct pcap_pkthdr pcap_header;	/* This is needed for the pcap_next_ex() to work */
sl@0: 
sl@0: #ifdef HAVE_REMOTE
sl@0: #ifndef WIN32	// Win32 already defines 'timeout'
sl@0: 	int timeout;				//!< timeout to be used in the pcap_open()
sl@0: #endif
sl@0: 	/*! \brief '1' if we're the network client; needed by several functions (like pcap_setfilter() ) to know if 
sl@0: 		they have to use the socket or they have to open the local adapter. */
sl@0: 	int rmt_clientside;
sl@0: 
sl@0: 	SOCKET rmt_sockctrl;		//!< socket ID of the socket used for the control connection
sl@0: 	SOCKET rmt_sockdata;		//!< socket ID of the socket used for the data connection
sl@0: 	int rmt_flags;				//!< we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture()
sl@0: 	int rmt_capstarted;			//!< 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture()
sl@0: 	struct pcap_samp rmt_samp;	//!< Keeps the parameters related to the sampling process.
sl@0: 	char *currentfilter;		//!< Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on.
sl@0: #endif /* HAVE_REMOTE */
sl@0: };
sl@0: 
sl@0: /*
sl@0:  * This is a timeval as stored in a savefile.
sl@0:  * It has to use the same types everywhere, independent of the actual
sl@0:  * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some
sl@0:  * platforms and 64-bit tv_sec values on other platforms, and writing
sl@0:  * out native `struct timeval' values would mean files could only be
sl@0:  * read on systems with the same tv_sec size as the system on which
sl@0:  * the file was written.
sl@0:  */
sl@0: 
sl@0: struct pcap_timeval {
sl@0:     bpf_int32 tv_sec;		/* seconds */
sl@0:     bpf_int32 tv_usec;		/* microseconds */
sl@0: };
sl@0: 
sl@0: /*
sl@0:  * This is a `pcap_pkthdr' as actually stored in a savefile.
sl@0:  *
sl@0:  * Do not change the format of this structure, in any way (this includes
sl@0:  * changes that only affect the length of fields in this structure),
sl@0:  * and do not make the time stamp anything other than seconds and
sl@0:  * microseconds (e.g., seconds and nanoseconds).  Instead:
sl@0:  *
sl@0:  *	introduce a new structure for the new format;
sl@0:  *
sl@0:  *	send mail to "tcpdump-workers@tcpdump.org", requesting a new
sl@0:  *	magic number for your new capture file format, and, when
sl@0:  *	you get the new magic number, put it in "savefile.c";
sl@0:  *
sl@0:  *	use that magic number for save files with the changed record
sl@0:  *	header;
sl@0:  *
sl@0:  *	make the code in "savefile.c" capable of reading files with
sl@0:  *	the old record header as well as files with the new record header
sl@0:  *	(using the magic number to determine the header format).
sl@0:  *
sl@0:  * Then supply the changes to "patches@tcpdump.org", so that future
sl@0:  * versions of libpcap and programs that use it (such as tcpdump) will
sl@0:  * be able to read your new capture file format.
sl@0:  */
sl@0: 
sl@0: struct pcap_sf_pkthdr {
sl@0:     struct pcap_timeval ts;	/* time stamp */
sl@0:     bpf_u_int32 caplen;		/* length of portion present */
sl@0:     bpf_u_int32 len;		/* length this packet (off wire) */
sl@0: };
sl@0: 
sl@0: /*
sl@0:  * How a `pcap_pkthdr' is actually stored in savefiles written
sl@0:  * by some patched versions of libpcap (e.g. the ones in Red
sl@0:  * Hat Linux 6.1 and 6.2).
sl@0:  *
sl@0:  * Do not change the format of this structure, in any way (this includes
sl@0:  * changes that only affect the length of fields in this structure).
sl@0:  * Instead, introduce a new structure, as per the above.
sl@0:  */
sl@0: 
sl@0: struct pcap_sf_patched_pkthdr {
sl@0:     struct pcap_timeval ts;	/* time stamp */
sl@0:     bpf_u_int32 caplen;		/* length of portion present */
sl@0:     bpf_u_int32 len;		/* length this packet (off wire) */
sl@0:     int		index;
sl@0:     unsigned short protocol;
sl@0:     unsigned char pkt_type;
sl@0: };
sl@0: 
sl@0: int	yylex(void);
sl@0: 
sl@0: #ifndef min
sl@0: #define min(a, b) ((a) > (b) ? (b) : (a))
sl@0: #endif
sl@0: 
sl@0: /* XXX should these be in pcap.h? */
sl@0: int	pcap_offline_read(pcap_t *, int, pcap_handler, u_char *);
sl@0: int	pcap_read(pcap_t *, int cnt, pcap_handler, u_char *);
sl@0: 
sl@0: #ifndef HAVE_STRLCPY
sl@0: #define strlcpy(x, y, z) \
sl@0: 	(strncpy((x), (y), (z)), \
sl@0: 	 ((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \
sl@0: 	 strlen((y)))
sl@0: #endif
sl@0: 
sl@0: #include <stdarg.h>
sl@0: 
sl@0: #if !defined(HAVE_SNPRINTF)
sl@0: #define snprintf pcap_snprintf
sl@0: extern int snprintf (char *, size_t, const char *, ...);
sl@0: #endif
sl@0: 
sl@0: #if !defined(HAVE_VSNPRINTF)
sl@0: #define vsnprintf pcap_vsnprintf
sl@0: extern int vsnprintf (char *, size_t, const char *, va_list ap);
sl@0: #endif
sl@0: 
sl@0: /*
sl@0:  * Routines that most pcap implementations can use for non-blocking mode.
sl@0:  */
sl@0: #if !defined(WIN32) && !defined(MSDOS)
sl@0: int	pcap_getnonblock_fd(pcap_t *, char *);
sl@0: int	pcap_setnonblock_fd(pcap_t *p, int, char *);
sl@0: #endif
sl@0: 
sl@0: void	pcap_close_common(pcap_t *);
sl@0: 
sl@0: /*
sl@0:  * Internal interfaces for "pcap_findalldevs()".
sl@0:  *
sl@0:  * "pcap_platform_finddevs()" is a platform-dependent routine to
sl@0:  * add devices not found by the "standard" mechanisms (SIOCGIFCONF,
sl@0:  * "getifaddrs()", etc..
sl@0:  *
sl@0:  * "pcap_add_if()" adds an interface to the list of interfaces.
sl@0:  */
sl@0: int	pcap_platform_finddevs(pcap_if_t **, char *);
sl@0: int	add_addr_to_iflist(pcap_if_t **, const char *, u_int, struct sockaddr *,
sl@0: 	    size_t, struct sockaddr *, size_t, struct sockaddr *, size_t,
sl@0: 	    struct sockaddr *, size_t, char *);
sl@0: int	pcap_add_if(pcap_if_t **, const char *, u_int, const char *, char *);
sl@0: struct sockaddr *dup_sockaddr(struct sockaddr *, size_t);
sl@0: int	add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, u_int,
sl@0: 	    const char *, char *);
sl@0: 
sl@0: #ifdef WIN32
sl@0: char	*pcap_win32strerror(void);
sl@0: #endif
sl@0: 
sl@0: int	install_bpf_program(pcap_t *, struct bpf_program *);
sl@0: 
sl@0: int	pcap_strcasecmp(const char *, const char *);
sl@0: 
sl@0: #ifdef __cplusplus
sl@0: }
sl@0: #endif
sl@0: 
sl@0: #endif