sl@0: /* sl@0: * Copyright (c) 2002 - 2003 sl@0: * NetGroup, Politecnico di Torino (Italy) sl@0: * All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. Neither the name of the Politecnico di Torino nor the names of its sl@0: * contributors may be used to endorse or promote products derived from sl@0: * this software without specific prior written permission. sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS sl@0: * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT sl@0: * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR sl@0: * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT sl@0: * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT sl@0: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, sl@0: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY sl@0: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT sl@0: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE sl@0: * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * sl@0: */ sl@0: sl@0: sl@0: #ifndef __REMOTE_EXT_H__ sl@0: #define __REMOTE_EXT_H__ sl@0: sl@0: sl@0: sl@0: // Definition for Microsoft Visual Studio sl@0: #if _MSC_VER > 1000 sl@0: #pragma once sl@0: #endif sl@0: sl@0: #ifdef __cplusplus sl@0: extern "C" { sl@0: #endif sl@0: sl@0: /*! sl@0: \file remote-ext.h sl@0: sl@0: The goal of this file it to include most of the new definitions that should be sl@0: placed into the pcap.h file. sl@0: sl@0: It includes all new definitions (structures and functions like pcap_open(). sl@0: Some of the functions are not really a remote feature, but, right now, sl@0: they are placed here. sl@0: */ sl@0: sl@0: sl@0: sl@0: // All this stuff is public sl@0: /*! \addtogroup remote_struct sl@0: \{ sl@0: */ sl@0: sl@0: sl@0: sl@0: sl@0: /*! sl@0: \brief Defines the maximum buffer size in which address, port, interface names are kept. sl@0: sl@0: In case the adapter name or such is larger than this value, it is truncated. sl@0: This is not used by the user; however it must be aware that an hostname / interface sl@0: name longer than this value will be truncated. sl@0: */ sl@0: #define PCAP_BUF_SIZE 1024 sl@0: sl@0: sl@0: /*! \addtogroup remote_source_ID sl@0: \{ sl@0: */ sl@0: sl@0: sl@0: /*! sl@0: \brief Internal representation of the type of source in use (file, sl@0: remote/local interface). sl@0: sl@0: This indicates a file, i.e. the user want to open a capture from a local file. sl@0: */ sl@0: #define PCAP_SRC_FILE 2 sl@0: /*! sl@0: \brief Internal representation of the type of source in use (file, sl@0: remote/local interface). sl@0: sl@0: This indicates a local interface, i.e. the user want to open a capture from sl@0: a local interface. This does not involve the RPCAP protocol. sl@0: */ sl@0: #define PCAP_SRC_IFLOCAL 3 sl@0: /*! sl@0: \brief Internal representation of the type of source in use (file, sl@0: remote/local interface). sl@0: sl@0: This indicates a remote interface, i.e. the user want to open a capture from sl@0: an interface on a remote host. This does involve the RPCAP protocol. sl@0: */ sl@0: #define PCAP_SRC_IFREMOTE 4 sl@0: sl@0: /*! sl@0: \} sl@0: */ sl@0: sl@0: sl@0: sl@0: /*! \addtogroup remote_source_string sl@0: sl@0: The formats allowed by the pcap_open() are the following: sl@0: - file://path_and_filename [opens a local file] sl@0: - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol] sl@0: - rpcap://host/devicename [opens the selected device available on a remote host] sl@0: - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP] sl@0: - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged] sl@0: - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged] sl@0: sl@0: The formats allowed by the pcap_findalldevs_ex() are the following: sl@0: - file://folder/ [lists all the files in the given folder] sl@0: - rpcap:// [lists all local adapters] sl@0: - rpcap://host:port/ [lists the devices available on a remote host] sl@0: sl@0: Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since sl@0: IPv6 is fully supported, these are the allowed formats: sl@0: sl@0: - host (literal): e.g. host.foo.bar sl@0: - host (numeric IPv4): e.g. 10.11.12.13 sl@0: - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13] sl@0: - host (numeric IPv6): e.g. [1:2:3::4] sl@0: - port: can be either numeric (e.g. '80') or literal (e.g. 'http') sl@0: sl@0: Here you find some allowed examples: sl@0: - rpcap://host.foo.bar/devicename [everything literal, no port number] sl@0: - rpcap://host.foo.bar:1234/devicename [everything literal, with port number] sl@0: - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number] sl@0: - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number] sl@0: - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number] sl@0: - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number] sl@0: - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number] sl@0: - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] sl@0: sl@0: \{ sl@0: */ sl@0: sl@0: sl@0: /*! sl@0: \brief String that will be used to determine the type of source in use (file, sl@0: remote/local interface). sl@0: sl@0: This string will be prepended to the interface name in order to create a string sl@0: that contains all the information required to open the source. sl@0: sl@0: This string indicates that the user wants to open a capture from a local file. sl@0: */ sl@0: #define PCAP_SRC_FILE_STRING "file://" sl@0: /*! sl@0: \brief String that will be used to determine the type of source in use (file, sl@0: remote/local interface). sl@0: sl@0: This string will be prepended to the interface name in order to create a string sl@0: that contains all the information required to open the source. sl@0: sl@0: This string indicates that the user wants to open a capture from a network interface. sl@0: This string does not necessarily involve the use of the RPCAP protocol. If the sl@0: interface required resides on the local host, the RPCAP protocol is not involved sl@0: and the local functions are used. sl@0: */ sl@0: #define PCAP_SRC_IF_STRING "rpcap://" sl@0: sl@0: /*! sl@0: \} sl@0: */ sl@0: sl@0: sl@0: sl@0: sl@0: sl@0: /*! sl@0: \addtogroup remote_open_flags sl@0: \{ sl@0: */ sl@0: sl@0: /*! sl@0: \brief Defines if the adapter has to go in promiscuous mode. sl@0: sl@0: It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise. sl@0: Note that even if this parameter is false, the interface could well be in promiscuous sl@0: mode for some other reason (for example because another capture process with sl@0: promiscuous mode enabled is currently using that interface). sl@0: On on Linux systems with 2.2 or later kernels (that have the "any" device), this sl@0: flag does not work on the "any" device; if an argument of "any" is supplied, sl@0: the 'promisc' flag is ignored. sl@0: */ sl@0: #define PCAP_OPENFLAG_PROMISCUOUS 1 sl@0: sl@0: /*! sl@0: \brief Defines if the data trasfer (in case of a remote sl@0: capture) has to be done with UDP protocol. sl@0: sl@0: If it is '1' if you want a UDP data connection, '0' if you want sl@0: a TCP data connection; control connection is always TCP-based. sl@0: A UDP connection is much lighter, but it does not guarantee that all sl@0: the captured packets arrive to the client workstation. Moreover, sl@0: it could be harmful in case of network congestion. sl@0: This flag is meaningless if the source is not a remote interface. sl@0: In that case, it is simply ignored. sl@0: */ sl@0: #define PCAP_OPENFLAG_DATATX_UDP 2 sl@0: sl@0: sl@0: /*! sl@0: \brief Defines if the remote probe will capture its own generated traffic. sl@0: sl@0: In case the remote probe uses the same interface to capture traffic and to send sl@0: data back to the caller, the captured traffic includes the RPCAP traffic as well. sl@0: If this flag is turned on, the RPCAP traffic is excluded from the capture, so that sl@0: the trace returned back to the collector is does not include this traffic. sl@0: */ sl@0: #define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 sl@0: sl@0: /*! sl@0: \brief Defines if the local adapter will capture its own generated traffic. sl@0: sl@0: This flag tells the underlying capture driver to drop the packets that were sent by itself. sl@0: This is usefult when building applications like bridges, that should ignore the traffic sl@0: they just sent. sl@0: */ sl@0: #define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 sl@0: sl@0: /*! sl@0: \brief This flag configures the adapter for maximum responsiveness. sl@0: sl@0: In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before sl@0: copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage, sl@0: i.e. better performance, which is good for applications like sniffers. If the user sets the sl@0: PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application sl@0: is ready to receive them. This is suggested for real time applications (like, for example, a bridge) sl@0: that need the best responsiveness.*/ sl@0: #define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16 sl@0: sl@0: /*! sl@0: \} sl@0: */ sl@0: sl@0: sl@0: /*! sl@0: \addtogroup remote_samp_methods sl@0: \{ sl@0: */ sl@0: sl@0: /*! sl@0: \brief No sampling has to be done on the current capture. sl@0: sl@0: In this case, no sampling algorithms are applied to the current capture. sl@0: */ sl@0: #define PCAP_SAMP_NOSAMP 0 sl@0: sl@0: /*! sl@0: \brief It defines that only 1 out of N packets must be returned to the user. sl@0: sl@0: In this case, the 'value' field of the 'pcap_samp' structure indicates the sl@0: number of packets (minus 1) that must be discarded before one packet got accepted. sl@0: In other words, if 'value = 10', the first packet is returned to the caller, while sl@0: the following 9 are discarded. sl@0: */ sl@0: #define PCAP_SAMP_1_EVERY_N 1 sl@0: sl@0: /*! sl@0: \brief It defines that we have to return 1 packet every N milliseconds. sl@0: sl@0: In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting sl@0: time' in milliseconds before one packet got accepted. sl@0: In other words, if 'value = 10', the first packet is returned to the caller; the next sl@0: returned one will be the first packet that arrives when 10ms have elapsed. sl@0: */ sl@0: #define PCAP_SAMP_FIRST_AFTER_N_MS 2 sl@0: sl@0: /*! sl@0: \} sl@0: */ sl@0: sl@0: sl@0: /*! sl@0: \addtogroup remote_auth_methods sl@0: \{ sl@0: */ sl@0: sl@0: /*! sl@0: \brief It defines the NULL authentication. sl@0: sl@0: This value has to be used within the 'type' member of the pcap_rmtauth structure. sl@0: The 'NULL' authentication has to be equal to 'zero', so that old applications sl@0: can just put every field of struct pcap_rmtauth to zero, and it does work. sl@0: */ sl@0: #define RPCAP_RMTAUTH_NULL 0 sl@0: /*! sl@0: \brief It defines the username/password authentication. sl@0: sl@0: With this type of authentication, the RPCAP protocol will use the username/ sl@0: password provided to authenticate the user on the remote machine. If the sl@0: authentication is successful (and the user has the right to open network devices) sl@0: the RPCAP connection will continue; otherwise it will be dropped. sl@0: sl@0: This value has to be used within the 'type' member of the pcap_rmtauth structure. sl@0: */ sl@0: #define RPCAP_RMTAUTH_PWD 1 sl@0: sl@0: /*! sl@0: \} sl@0: */ sl@0: sl@0: sl@0: sl@0: sl@0: /*! sl@0: sl@0: \brief This structure keeps the information needed to autheticate sl@0: the user on a remote machine. sl@0: sl@0: The remote machine can either grant or refuse the access according sl@0: to the information provided. sl@0: In case the NULL authentication is required, both 'username' and sl@0: 'password' can be NULL pointers. sl@0: sl@0: This structure is meaningless if the source is not a remote interface; sl@0: in that case, the functions which requires such a structure can accept sl@0: a NULL pointer as well. sl@0: */ sl@0: struct pcap_rmtauth sl@0: { sl@0: /*! sl@0: \brief Type of the authentication required. sl@0: sl@0: In order to provide maximum flexibility, we can support different types sl@0: of authentication based on the value of this 'type' variable. The currently sl@0: supported authentication methods are defined into the sl@0: \link remote_auth_methods Remote Authentication Methods Section\endlink. sl@0: sl@0: */ sl@0: int type; sl@0: /*! sl@0: \brief Zero-terminated string containing the username that has to be sl@0: used on the remote machine for authentication. sl@0: sl@0: This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication sl@0: and it can be NULL. sl@0: */ sl@0: char *username; sl@0: /*! sl@0: \brief Zero-terminated string containing the password that has to be sl@0: used on the remote machine for authentication. sl@0: sl@0: This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication sl@0: and it can be NULL. sl@0: */ sl@0: char *password; sl@0: }; sl@0: sl@0: sl@0: /*! sl@0: \brief This structure defines the information related to sampling. sl@0: sl@0: In case the sampling is requested, the capturing device should read sl@0: only a subset of the packets coming from the source. The returned packets depend sl@0: on the sampling parameters. sl@0: sl@0: \warning The sampling process is applied after the filtering process. sl@0: In other words, packets are filtered first, then the sampling process selects a sl@0: subset of the 'filtered' packets and it returns them to the caller. sl@0: */ sl@0: struct pcap_samp sl@0: { sl@0: /*! sl@0: Method used for sampling. Currently, the supported methods are listed in the sl@0: \link remote_samp_methods Sampling Methods Section\endlink. sl@0: */ sl@0: int method; sl@0: sl@0: /*! sl@0: This value depends on the sampling method defined. For its meaning, please check sl@0: at the \link remote_samp_methods Sampling Methods Section\endlink. sl@0: */ sl@0: int value; sl@0: }; sl@0: sl@0: sl@0: sl@0: sl@0: //! Maximum lenght of an host name (needed for the RPCAP active mode) sl@0: #define RPCAP_HOSTLIST_SIZE 1024 sl@0: sl@0: sl@0: /*! sl@0: \} sl@0: */ // end of public documentation sl@0: sl@0: sl@0: // Exported functions sl@0: sl@0: sl@0: sl@0: /** \name New WinPcap functions sl@0: sl@0: This section lists the new functions that are able to help considerably in writing sl@0: WinPcap programs because of their easiness of use. sl@0: */ sl@0: //\{ sl@0: pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf); sl@0: int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf); sl@0: int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf); sl@0: int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf); sl@0: struct pcap_samp *pcap_setsampling(pcap_t *p); sl@0: sl@0: //\} sl@0: // End of new winpcap functions sl@0: sl@0: sl@0: sl@0: /** \name Remote Capture functions sl@0: */ sl@0: //\{ sl@0: SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf); sl@0: int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf); sl@0: int pcap_remoteact_close(const char *host, char *errbuf); sl@0: void pcap_remoteact_cleanup(); sl@0: //\} sl@0: // End of remote capture functions sl@0: sl@0: #ifdef __cplusplus sl@0: } sl@0: #endif sl@0: sl@0: sl@0: #endif sl@0: