Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libpcap / 83600d6a9925f6c2d345e515a372ddbda6e8d5ed / . / pcap-rpcap.h
blob: f84e8ba52577885ade0dceec4ffd58e49e09baaa [file] [log] [blame]
/*
* Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
* Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the Politecnico di Torino, CACE Technologies
* nor the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef __PCAP_RPCAP_H__
#define __PCAP_RPCAP_H__
#include "pcap.h"
#include "sockutils.h" /* Needed for some structures (like SOCKET, sockaddr_in) which are used here */
/*
* \file pcap-pcap.h
*
* This file keeps all the new definitions and typedefs that are exported to the user and
* that are needed for the RPCAP protocol.
*
* \warning All the RPCAP functions that are allowed to return a buffer containing
* the error description can return max PCAP_ERRBUF_SIZE characters.
* However there is no guarantees that the string will be zero-terminated.
* Best practice is to define the errbuf variable as a char of size 'PCAP_ERRBUF_SIZE+1'
* and to insert manually the termination char at the end of the buffer. This will
* guarantee that no buffer overflows occur even if we use the printf() to show
* the error on the screen.
*
* \warning This file declares some typedefs that MUST be of a specific size.
* These definitions (i.e. typedefs) could need to be changed on other platforms than
* Intel IA32.
*
* \warning This file defines some structures that are used to transfer data on the network.
* Be careful that you compiler MUST not insert padding into these structures
* for better alignment.
* These structures have been created in order to be correctly aligned to a 32 bits
* boundary, but be careful in any case.
*/
/*********************************************************
* *
* General definitions / typedefs for the RPCAP protocol *
* *
*********************************************************/
/* All the following structures and typedef belongs to the Private Documentation */
/*
* \addtogroup remote_pri_struct
* \{
*/
#define RPCAP_DEFAULT_NETPORT "2002" /* Default port on which the RPCAP daemon is waiting for connections. */
/* Default port on which the client workstation is waiting for connections in case of active mode. */
#define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
#define RPCAP_DEFAULT_NETADDR "" /* Default network address on which the RPCAP daemon binds to. */
#define RPCAP_VERSION 0 /* Present version of the RPCAP protocol (0 = Experimental). */
#define RPCAP_TIMEOUT_INIT 90 /* Initial timeout for RPCAP connections (default: 90 sec) */
#define RPCAP_TIMEOUT_RUNTIME 180 /* Run-time timeout for RPCAP connections (default: 3 min) */
#define RPCAP_ACTIVE_WAIT 30 /* Waiting time between two attempts to open a connection, in active mode (default: 30 sec) */
#define RPCAP_SUSPEND_WRONGAUTH 1 /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
/*
* \brief Buffer used by socket functions to send-receive packets.
* In case you plan to have messages larger than this value, you have to increase it.
*/
#define RPCAP_NETBUF_SIZE 64000
/*
* \brief Separators used for the host list.
*
* It is used:
* - by the rpcapd daemon, when you types a list of allowed connecting hosts
* - by the rpcap in active mode, when the client waits for incoming connections from other hosts
*/
#define RPCAP_HOSTLIST_SEP " ,;\n\r"
/* WARNING: These could need to be changed on other platforms */
typedef unsigned char uint8; /* Provides an 8-bits unsigned integer */
typedef unsigned short uint16; /* Provides a 16-bits unsigned integer */
typedef unsigned int uint32; /* Provides a 32-bits unsigned integer */
typedef int int32; /* Provides a 32-bits integer */
/*
* \brief Keeps a list of all the opened connections in the active mode.
*
* This structure defines a linked list of items that are needed to keep the info required to
* manage the active mode.
* In other words, when a new connection in active mode starts, this structure is updated so that
* it reflects the list of active mode connections currently opened.
* This structure is required by findalldevs() and open_remote() to see if they have to open a new
* control connection toward the host, or they already have a control connection in place.
*/
struct activehosts
{
struct sockaddr_storage host;
SOCKET sockctrl;
struct activehosts *next;
};
/*********************************************************
* *
* Protocol messages formats *
* *
*********************************************************/
/* WARNING Take care you compiler does not insert padding for better alignments into these structs */
/* Common header for all the RPCAP messages */
struct rpcap_header
{
uint8 ver; /* RPCAP version number */
uint8 type; /* RPCAP message type (error, findalldevs, ...) */
uint16 value; /* Message-dependent value (not always used) */
uint32 plen; /* Length of the payload of this RPCAP message */
};
/* Format of the message for the interface description (findalldevs command) */
struct rpcap_findalldevs_if
{
uint16 namelen; /* Length of the interface name */
uint16 desclen; /* Length of the interface description */
uint32 flags; /* Interface flags */
uint16 naddr; /* Number of addresses */
uint16 dummy; /* Must be zero */
};
/* Format of the message for the address listing (findalldevs command) */
struct rpcap_findalldevs_ifaddr
{
struct sockaddr_storage addr; /* Network address */
struct sockaddr_storage netmask; /* Netmask for that address */
struct sockaddr_storage broadaddr; /* Broadcast address for that address */
struct sockaddr_storage dstaddr; /* P2P destination address for that address */
};
/*
* \brief Format of the message of the connection opening reply (open command).
*
* This structure transfers over the network some of the values useful on the client side.
*/
struct rpcap_openreply
{
int32 linktype; /* Link type */
int32 tzoff; /* Timezone offset */
};
/* Format of the message that starts a remote capture (startcap command) */
struct rpcap_startcapreq
{
uint32 snaplen; /* Length of the snapshot (number of bytes to capture for each packet) */
uint32 read_timeout; /* Read timeout in milliseconds */
uint16 flags; /* Flags (see RPCAP_STARTCAPREQ_FLAG_xxx) */
uint16 portdata; /* Network port on which the client is waiting at (if 'serveropen') */
};
/* Format of the reply message that devoted to start a remote capture (startcap reply command) */
struct rpcap_startcapreply
{
int32 bufsize; /* Size of the user buffer allocated by WinPcap; it can be different from the one we chose */
uint16 portdata; /* Network port on which the server is waiting at (passive mode only) */
uint16 dummy; /* Must be zero */
};
/*
* \brief Format of the header which encapsulates captured packets when transmitted on the network.
*
* This message requires the general header as well, since we want to be able to exchange
* more information across the network in the future (for example statistics, and kind like that).
*/
struct rpcap_pkthdr
{
uint32 timestamp_sec; /* 'struct timeval' compatible, it represents the 'tv_sec' field */
uint32 timestamp_usec; /* 'struct timeval' compatible, it represents the 'tv_usec' field */
uint32 caplen; /* Length of portion present in the capture */
uint32 len; /* Real length this packet (off wire) */
uint32 npkt; /* Ordinal number of the packet (i.e. the first one captured has '1', the second one '2', etc) */
};
/* General header used for the pcap_setfilter() command; keeps just the number of BPF instructions */
struct rpcap_filter
{
uint16 filtertype; /* type of the filter transferred (BPF instructions, ...) */
uint16 dummy; /* Must be zero */
uint32 nitems; /* Number of items contained into the filter (e.g. BPF instructions for BPF filters) */
};
/* Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_filterbpf' header */
struct rpcap_filterbpf_insn
{
uint16 code; /* opcode of the instruction */
uint8 jt; /* relative offset to jump to in case of 'true' */
uint8 jf; /* relative offset to jump to in case of 'false' */
int32 k; /* instruction-dependent value */
};
/* Structure that keeps the data required for the authentication on the remote host */
struct rpcap_auth
{
uint16 type; /* Authentication type */
uint16 dummy; /* Must be zero */
uint16 slen1; /* Length of the first authentication item (e.g. username) */
uint16 slen2; /* Length of the second authentication item (e.g. password) */
};
/* Structure that keeps the statistics about the number of packets captured, dropped, etc. */
struct rpcap_stats
{
uint32 ifrecv; /* Packets received by the kernel filter (i.e. pcap_stats.ps_recv) */
uint32 ifdrop; /* Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats.ps_ifdrop) */
uint32 krnldrop; /* Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop) */
uint32 svrcapt; /* Packets captured by the RPCAP daemon and sent on the network */
};
/* Structure that is needed to set sampling parameters */
struct rpcap_sampling
{
uint8 method; /* Sampling method */
uint8 dummy1; /* Must be zero */
uint16 dummy2; /* Must be zero */
uint32 value; /* Parameter related to the sampling method */
};
/*
* Private data for doing a live capture.
*/
struct pcap_md {
struct pcap_stat stat;
/* XXX */
int use_bpf; /* using kernel filter */
u_long TotPkts; /* can't overflow for 79 hrs on ether */
u_long TotAccepted; /* count accepted by filter */
u_long TotDrops; /* count of dropped packets */
long TotMissed; /* missed by i/f during this run */
long OrigMissed; /* missed by i/f before this run */
char *device; /* device name */
int timeout; /* timeout for buffering */
int must_clear; /* stuff we must clear when we close */
struct pcap *next; /* list of open pcaps that need stuff cleared on close */
#ifdef linux
int sock_packet; /* using Linux 2.0 compatible interface */
int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */
int ifindex; /* interface index of device we're bound to */
int lo_ifindex; /* interface index of the loopback device */
u_int packets_read; /* count of packets read with recvfrom() */
bpf_u_int32 oldmode; /* mode to restore when turning monitor mode off */
u_int tp_version; /* version of tpacket_hdr for mmaped ring */
u_int tp_hdrlen; /* hdrlen of tpacket_hdr for mmaped ring */
#endif /* linux */
#ifdef HAVE_DAG_API
#ifdef HAVE_DAG_STREAMS_API
u_char *dag_mem_bottom;/* DAG card current memory bottom pointer */
u_char *dag_mem_top; /* DAG card current memory top pointer */
#else /* HAVE_DAG_STREAMS_API */
void *dag_mem_base; /* DAG card memory base address */
u_int dag_mem_bottom; /* DAG card current memory bottom offset */
u_int dag_mem_top; /* DAG card current memory top offset */
#endif /* HAVE_DAG_STREAMS_API */
int dag_fcs_bits; /* Number of checksum bits from link layer */
int dag_offset_flags; /* Flags to pass to dag_offset(). */
int dag_stream; /* DAG stream number */
int dag_timeout; /* timeout specified to pcap_open_live.
* Same as in linux above, introduce
* generally?
*/
#endif /* HAVE_DAG_API */
#ifdef HAVE_ZEROCOPY_BPF
/*
* Zero-copy read buffer -- for zero-copy BPF. 'buffer' above will
* alternative between these two actual mmap'd buffers as required.
* As there is a header on the front size of the mmap'd buffer, only
* some of the buffer is exposed to libpcap as a whole via bufsize;
* zbufsize is the true size. zbuffer tracks the current zbuf
* associated with buffer so that it can be used to decide which the
* next buffer to read will be.
*/
u_char *zbuf1, *zbuf2, *zbuffer;
u_int zbufsize;
u_int zerocopy;
u_int interrupted;
struct timespec firstsel;
/*
* If there's currently a buffer being actively processed, then it is
* referenced here; 'buffer' is also pointed at it, but offset by the
* size of the header.
*/
struct bpf_zbuf_header *bzh;
#endif /* HAVE_ZEROCOPY_BPF */
#ifdef HAVE_REMOTE
/*
* There is really a mess with previous variables, and it seems to me that they are not used
* (they are used in pcap_pf.c only). I think we have to start using them.
* The meaning is the following:
*
* - TotPkts: the amount of packets received by the bpf filter, *before* applying the filter
* - TotAccepted: the amount of packets that satisfies the filter
* - TotDrops: the amount of packet that were dropped into the kernel buffer because of lack of space
* - TotMissed: the amount of packets that were dropped by the physical interface; it is basically
* the value of the hardware counter into the card. This number is never put to zero, so this number
* takes into account the *total* number of interface drops starting from the interface power-on.
* - OrigMissed: the amount of packets that were dropped by the interface *when the capture begins*.
* This value is used to detect the number of packets dropped by the interface *during the present
* capture*, so that (ps_ifdrops= TotMissed - OrigMissed).
*/
unsigned int TotNetDrops; /* keeps the number of packets that have been dropped by the network */
/*
* \brief It keeps the number of packets that have been received by the application.
*
* Packets dropped by the kernel buffer are not counted in this variable. The variable is always
* equal to (TotAccepted - TotDrops), except for the case of remote capture, in which we have also
* packets in flight, i.e. that have been transmitted by the remote host, but that have not been
* received (yet) from the client. In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
* wrong result, since this number does not corresponds always to the number of packet received by
* the application. For this reason, in the remote capture we need another variable that takes
* into account of the number of packets actually received by the application.
*/
unsigned int TotCapt;
/*! \brief '1' if we're the network client; needed by several functions (like pcap_setfilter() ) to know if
they have to use the socket or they have to open the local adapter. */
int rmt_clientside;
SOCKET rmt_sockctrl; //!< socket ID of the socket used for the control connection
SOCKET rmt_sockdata; //!< socket ID of the socket used for the data connection
int rmt_flags; //!< we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture()
int rmt_capstarted; //!< 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture()
struct pcap_samp rmt_samp; //!< Keeps the parameters related to the sampling process.
char *currentfilter; //!< Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on.
#endif /* HAVE_REMOTE */
};
/* Messages field coding */
#define RPCAP_MSG_ERROR 1 /* Message that keeps an error notification */
#define RPCAP_MSG_FINDALLIF_REQ 2 /* Request to list all the remote interfaces */
#define RPCAP_MSG_OPEN_REQ 3 /* Request to open a remote device */
#define RPCAP_MSG_STARTCAP_REQ 4 /* Request to start a capture on a remote device */
#define RPCAP_MSG_UPDATEFILTER_REQ 5 /* Send a compiled filter into the remote device */
#define RPCAP_MSG_CLOSE 6 /* Close the connection with the remote peer */
#define RPCAP_MSG_PACKET 7 /* This is a 'data' message, which carries a network packet */
#define RPCAP_MSG_AUTH_REQ 8 /* Message that keeps the authentication parameters */
#define RPCAP_MSG_STATS_REQ 9 /* It requires to have network statistics */
#define RPCAP_MSG_ENDCAP_REQ 10 /* Stops the current capture, keeping the device open */
#define RPCAP_MSG_SETSAMPLING_REQ 11 /* Set sampling parameters */
#define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ) /* Keeps the list of all the remote interfaces */
#define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ) /* The remote device has been opened correctly */
#define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ) /* The capture is starting correctly */
#define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ) /* The filter has been applied correctly on the remote device */
#define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ) /* Sends a message that says 'ok, authorization successful' */
#define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ) /* Message that keeps the network statistics */
#define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ) /* Confirms that the capture stopped successfully */
#define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ) /* Confirms that the capture stopped successfully */
#define RPCAP_STARTCAPREQ_FLAG_PROMISC 1 /* Enables promiscuous mode (default: disabled) */
#define RPCAP_STARTCAPREQ_FLAG_DGRAM 2 /* Use a datagram (i.e. UDP) connection for the data stream (default: use TCP)*/
#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4 /* The server has to open the data connection toward the client */
#define RPCAP_STARTCAPREQ_FLAG_INBOUND 8 /* Capture only inbound packets (take care: the flag has no effects with promiscuous enabled) */
#define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16 /* Capture only outbound packets (take care: the flag has no effects with promiscuous enabled) */
#define RPCAP_UPDATEFILTER_BPF 1 /* This code tells us that the filter is encoded with the BPF/NPF syntax */
/* Network error codes */
#define PCAP_ERR_NETW 1 /* Network error */
#define PCAP_ERR_INITTIMEOUT 2 /* The RPCAP initial timeout has expired */
#define PCAP_ERR_AUTH 3 /* Generic authentication error */
#define PCAP_ERR_FINDALLIF 4 /* Generic findalldevs error */
#define PCAP_ERR_NOREMOTEIF 5 /* The findalldevs was ok, but the remote end had no interfaces to list */
#define PCAP_ERR_OPEN 6 /* Generic pcap_open error */
#define PCAP_ERR_UPDATEFILTER 7 /* Generic updatefilter error */
#define PCAP_ERR_GETSTATS 8 /* Generic pcap_stats error */
#define PCAP_ERR_READEX 9 /* Generic pcap_next_ex error */
#define PCAP_ERR_HOSTNOAUTH 10 /* The host is not authorized to connect to this server */
#define PCAP_ERR_REMOTEACCEPT 11 /* Generic pcap_remoteaccept error */
#define PCAP_ERR_STARTCAPTURE 12 /* Generic pcap_startcapture error */
#define PCAP_ERR_ENDCAPTURE 13 /* Generic pcap_endcapture error */
#define PCAP_ERR_RUNTIMETIMEOUT 14 /* The RPCAP run-time timeout has expired */
#define PCAP_ERR_SETSAMPLING 15 /* Error during the settings of sampling parameters */
#define PCAP_ERR_WRONGMSG 16 /* The other end endpoint sent a message which has not been recognized */
#define PCAP_ERR_WRONGVER 17 /* The other end endpoint has a version number that is not compatible with our */
/*
* \}
* // end of private documentation
*/
/*********************************************************
* *
* Exported function prototypes *
* *
*********************************************************/
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth);
int pcap_startcapture_remote(pcap_t *fp);
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
SOCKET rpcap_remoteact_getsock(const char *host, int *isactive, char *errbuf);
#endif