/*
* Copyright (c) 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Computer Systems
* Engineering Group at Lawrence Berkeley Laboratory.
* 4. Neither the name of the University nor of the Laboratory may be used
* to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /home/cvs/plc-utils/VisualStudioNET/include/pcap-int.h,v 1.1.1.1 2011-08-27 15:30:16 cmaier Exp $ (LBL)
*/
#ifndef pcap_int_h
#define pcap_int_h
#ifdef __cplusplus
extern "C"
{
#endif
#include <pcap.h>
#ifdef WIN32
#include <Packet32.h>
#endif /* WIN32 */
#ifdef MSDOS
#include <fcntl.h>
#include <io.h>
#endif
/*
* Savefile
*/
typedef enum
{
NOT_SWAPPED,
SWAPPED,
MAYBE_SWAPPED
}
swapped_type_t;
struct pcap_sf
{
FILE *rfile;
int swapped;
int hdrsize;
swapped_type_t lengths_swapped;
int version_major;
int version_minor;
u_char *base;
};
struct pcap_md
{
struct pcap_stat stat;
/*XXX*/
int use_bpf;
/* using kernel filter */
u_long TotPkts;
/* can't oflow for 79 hrs on ether */
u_long TotAccepted;
/* count accepted by filter */
u_long TotDrops;
/* count of dropped packets */
long TotMissed;
/* missed by i/f during this run */
long OrigMissed;
/* missed by i/f before this run */
char *device;
/* device name */
#ifdef linux
int sock_packet;
/* using Linux 2.0 compatible interface */
int timeout;
/* timeout specified to pcap_open_live */
int clear_promisc;
/* must clear promiscuous mode when we close */
int cooked;
/* using SOCK_DGRAM rather than SOCK_RAW */
int ifindex;
/* interface index of device we're bound to */
int lo_ifindex;
/* interface index of the loopback device */
struct pcap *next;
/* list of open promiscuous sock_packet pcaps */
u_int packets_read;
/* count of packets read with recvfrom() */
#endif
#ifdef HAVE_DAG_API
#ifdef HAVE_DAG_STREAMS_API
u_char *dag_mem_bottom;
/* DAG card current memory bottom pointer */
u_char *dag_mem_top;
/* DAG card current memory top pointer */
#else
void *dag_mem_base;
/* DAG card memory base address */
u_int dag_mem_bottom;
/* DAG card current memory bottom offset */
u_int dag_mem_top;
/* DAG card current memory top offset */
#endif /* HAVE_DAG_STREAMS_API */
int dag_fcs_bits;
/* Number of checksum bits from link layer */
int dag_offset_flags;
/* Flags to pass to dag_offset(). */
int dag_stream;
/* DAG stream number */
int dag_timeout;
/* timeout specified to pcap_open_live.
* Same as in linux above, introduce
* generally? */
#endif /* HAVE_DAG_API */
#ifdef HAVE_REMOTE
/*!
* There is really a mess with previous variables, and it seems to me that they are not used
* (they are used in pcap_pf.c only). I think we have to start using them.
* The meaning is the following:
*
* - TotPkts: the amount of packets received by the bpf filter, *before* applying the filter
* - TotAccepted: the amount of packets that satisfies the filter
* - TotDrops: the amount of packet that were dropped into the kernel buffer because of lack of space
* - TotMissed: the amount of packets that were dropped by the physical interface; it is basically
* the value of the hardware counter into the card. This number is never put to zero, so this number
* takes into account the *total* number of interface drops starting from the interface power-on.
* - OrigMissed: the amount of packets that were dropped by the interface *when the capture begins*.
* This value is used to detect the number of packets dropped by the interface *during the present
* capture*, so that (ps_ifdrops= TotMissed - OrigMissed).
*/
unsigned int TotNetDrops;
//!< keeps the number of packets that have been dropped by the network
/*!
* \brief It keeps the number of packets that have been received by the application.
*
* Packets dropped by the kernel buffer are not counted in this variable. The variable is always
* equal to (TotAccepted - TotDrops), exept for the case of remote capture, in which we have also
* packets in fligh, i.e. that have been transmitted by the remote host, but that have not been
* received (yet) from the client. In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
* wrong result, since this number does not corresponds always to the number of packet received by
* the application. For this reason, in the remote capture we need another variable that takes
* into account of the number of packets actually received by the application.
*/
unsigned int TotCapt;
#endif /* HAVE_REMOTE */
};
/*
* Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
* Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
*/
#if defined(ultrix) || defined(__osf__) || (defined(__NetBSD__) && __NetBSD_Version__ > 106000000)
#define PCAP_FDDIPAD 3
#endif
struct pcap
{
#ifdef WIN32
ADAPTER *adapter;
LPPACKET Packet;
int timeout;
int nonblock;
#else
int fd;
int selectable_fd;
int send_fd;
#endif /* WIN32 */
int snapshot;
int linktype;
int tzoff;
/* timezone offset */
int offset;
/* offset for proper alignment */
int break_loop;
/* flag set to force break from packet-reading loop */
#ifdef PCAP_FDDIPAD
int fddipad;
#endif
#ifdef MSDOS
int inter_packet_wait;
/* offline: wait between packets */
void (*wait_proc)(void);
/* call proc while waiting */
#endif
struct pcap_sf sf;
struct pcap_md md;
/*
* Read buffer.
*/
int bufsize;
u_char *buffer;
u_char *bp;
int cc;
/*
* Place holder for pcap_next().
*/
u_char *pkt;
/* We're accepting only packets in this direction/these directions. */
pcap_direction_t direction;
/*
* Methods.
*/
int (*read_op)(pcap_t *, int cnt, pcap_handler, u_char *);
int (*inject_op)(pcap_t *, const void *, size_t);
int (*setfilter_op)(pcap_t *, struct bpf_program *);
int (*setdirection_op)(pcap_t *, pcap_direction_t);
int (*set_datalink_op)(pcap_t *, int);
int (*getnonblock_op)(pcap_t *, char *);
int (*setnonblock_op)(pcap_t *, int, char *);
int (*stats_op)(pcap_t *, struct pcap_stat *);
void (*close_op)(pcap_t *);
/*
* Placeholder for filter code if bpf not in kernel.
*/
struct bpf_program fcode;
char errbuf [PCAP_ERRBUF_SIZE + 1];
int dlt_count;
u_int *dlt_list;
struct pcap_pkthdr pcap_header;
/* This is needed for the pcap_next_ex() to work */
#ifdef HAVE_REMOTE
#ifndef WIN32 // Win32 already defines 'timeout'
int timeout;
//!< timeout to be used in the pcap_open()
#endif
/*! \brief '1' if we're the network client; needed by several functions (like pcap_setfilter() ) to know if
* they have to use the socket or they have to open the local adapter. */
int rmt_clientside;
SOCKET rmt_sockctrl;
//!< socket ID of the socket used for the control connection
SOCKET rmt_sockdata;
//!< socket ID of the socket used for the data connection
int rmt_flags;
//!< we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture()
int rmt_capstarted;
//!< 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture()
struct pcap_samp rmt_samp;
//!< Keeps the parameters related to the sampling process.
char *currentfilter;
//!< Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on.
#endif /* HAVE_REMOTE */
};
/*
* This is a timeval as stored in a savefile.
* It has to use the same types everywhere, independent of the actual
* `struct timeval'; `struct timeval' has 32-bit tv_sec values on some
* platforms and 64-bit tv_sec values on other platforms, and writing
* out native `struct timeval' values would mean files could only be
* read on systems with the same tv_sec size as the system on which
* the file was written.
*/
struct pcap_timeval
{
bpf_int32 tv_sec;
/* seconds */
bpf_int32 tv_usec;
/* microseconds */
};
/*
* This is a `pcap_pkthdr' as actually stored in a savefile.
*
* Do not change the format of this structure, in any way (this includes
* changes that only affect the length of fields in this structure),
* and do not make the time stamp anything other than seconds and
* microseconds (e.g., seconds and nanoseconds). Instead:
*
* introduce a new structure for the new format;
*
* send mail to "tcpdump-workers@tcpdump.org", requesting a new
* magic number for your new capture file format, and, when
* you get the new magic number, put it in "savefile.c";
*
* use that magic number for save files with the changed record
* header;
*
* make the code in "savefile.c" capable of reading files with
* the old record header as well as files with the new record header
* (using the magic number to determine the header format).
*
* Then supply the changes to "patches@tcpdump.org", so that future
* versions of libpcap and programs that use it (such as tcpdump) will
* be able to read your new capture file format.
*/
struct pcap_sf_pkthdr
{
struct pcap_timeval ts;
/* time stamp */
bpf_u_int32 caplen;
/* length of portion present */
bpf_u_int32 len;
/* length this packet (off wire) */
};
/*
* How a `pcap_pkthdr' is actually stored in savefiles written
* by some patched versions of libpcap (e.g. the ones in Red
* Hat Linux 6.1 and 6.2).
*
* Do not change the format of this structure, in any way (this includes
* changes that only affect the length of fields in this structure).
* Instead, introduce a new structure, as per the above.
*/
struct pcap_sf_patched_pkthdr
{
struct pcap_timeval ts;
/* time stamp */
bpf_u_int32 caplen;
/* length of portion present */
bpf_u_int32 len;
/* length this packet (off wire) */
int index;
unsigned short protocol;
unsigned char pkt_type;
};
int yylex (void);
#ifndef min
#define min(a, b) ((a) > (b) ? (b) : (a))
#endif
/* XXX should these be in pcap.h? */
int pcap_offline_read (pcap_t *, int, pcap_handler, u_char *);
int pcap_read (pcap_t *, int cnt, pcap_handler, u_char *);
#ifndef HAVE_STRLCPY
#define strlcpy(x, y, z) \
(strncpy ((x), (y), (z)), \ ((z) <= 0? 0: ((x)[(z) - 1] = '\0')), \ strlen ((y)))
#endif
#include <stdarg.h>
#if !defined(HAVE_SNPRINTF)
#define snprintf pcap_snprintf
extern int snprintf (char *, size_t, const char *, ...);
#endif
#if !defined(HAVE_VSNPRINTF)
#define vsnprintf pcap_vsnprintf
extern int vsnprintf (char *, size_t, const char *, va_list ap);
#endif
/*
* Routines that most pcap implementations can use for non-blocking mode.
*/
#if !defined(WIN32) && !defined(MSDOS)
int pcap_getnonblock_fd (pcap_t *, char *);
int pcap_setnonblock_fd (pcap_t *p, int, char *);
#endif
void pcap_close_common (pcap_t *);
/*
* Internal interfaces for "pcap_findalldevs()".
*
* "pcap_platform_finddevs()" is a platform-dependent routine to
* add devices not found by the "standard" mechanisms (SIOCGIFCONF,
* "getifaddrs()", etc..
*
* "pcap_add_if()" adds an interface to the list of interfaces.
*/
int pcap_platform_finddevs (pcap_if_t **, char *);
int add_addr_to_iflist (pcap_if_t **, const char *, u_int, struct sockaddr *, size_t, struct sockaddr *, size_t, struct sockaddr *, size_t, struct sockaddr *, size_t, char *);
int pcap_add_if (pcap_if_t **, const char *, u_int, const char *, char *);
struct sockaddr *dup_sockaddr (struct sockaddr *, size_t);
int add_or_find_if (pcap_if_t **, pcap_if_t **, const char *, u_int, const char *, char *);
#ifdef WIN32
char *pcap_win32strerror (void);
#endif
int install_bpf_program (pcap_t *, struct bpf_program *);
int pcap_strcasecmp (const char *, const char *);
#ifdef __cplusplus
}
#endif
#endif