WinPcap  4.1.3
pcap-remote.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3  * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16  * nor the names of its contributors may be used to endorse or promote
17  * products derived from this software without specific prior written
18  * permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  */
33 
34 #ifndef __PCAP_REMOTE_H__
35 #define __PCAP_REMOTE_H__
36 
37 
38 #include "pcap.h"
39 #include "sockutils.h" // Needed for some structures (like SOCKET, sockaddr_in) which are used here
40 
41 
74 /*********************************************************
75  * *
76  * General definitions / typedefs for the RPCAP protocol *
77  * *
78  *********************************************************/
79 
80 // All the following structures and typedef belongs to the Private Documentation
85 #define RPCAP_DEFAULT_NETPORT "2002"
87 #define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
88 #define RPCAP_DEFAULT_NETADDR ""
89 #define RPCAP_VERSION 0
90 #define RPCAP_TIMEOUT_INIT 90
91 #define RPCAP_TIMEOUT_RUNTIME 180
92 #define RPCAP_ACTIVE_WAIT 30
93 #define RPCAP_SUSPEND_WRONGAUTH 1
99 #define RPCAP_NETBUF_SIZE 64000
100 
101 
109 #define RPCAP_HOSTLIST_SEP " ,;\n\r"
110 
111 
112 
113 
114 // WARNING: These could need to be changed on other platforms
115 typedef unsigned char uint8;
116 typedef unsigned short uint16;
117 typedef unsigned int uint32;
118 typedef int int32;
119 
120 
121 
122 
134 {
135  struct sockaddr_storage host;
136  SOCKET sockctrl;
137  struct activehosts *next;
138 };
139 
140 
141 /*********************************************************
142  * *
143  * Protocol messages formats *
144  * *
145  *********************************************************/
146 // WARNING Take care you compiler does not insert padding for better alignments into these structs
147 
148 
151 {
152  uint8 ver;
153  uint8 type;
154  uint16 value;
155  uint32 plen;
156 };
157 
158 
161 {
167 };
168 
169 
172 {
173  struct sockaddr_storage addr;
174  struct sockaddr_storage netmask;
175  struct sockaddr_storage broadaddr;
176  struct sockaddr_storage dstaddr;
177 };
178 
179 
180 
187 {
190 };
191 
192 
193 
196 {
201 };
202 
203 
206 {
210 };
211 
212 
220 {
226 };
227 
228 
231 {
235 };
236 
237 
240 {
245 };
246 
247 
250 {
255 };
256 
257 
260 {
265 };
266 
267 
270 {
275 };
276 
277 
278 
279 // Messages field coding
280 #define RPCAP_MSG_ERROR 1
281 #define RPCAP_MSG_FINDALLIF_REQ 2
282 #define RPCAP_MSG_OPEN_REQ 3
283 #define RPCAP_MSG_STARTCAP_REQ 4
284 #define RPCAP_MSG_UPDATEFILTER_REQ 5
285 #define RPCAP_MSG_CLOSE 6
286 #define RPCAP_MSG_PACKET 7
287 #define RPCAP_MSG_AUTH_REQ 8
288 #define RPCAP_MSG_STATS_REQ 9
289 #define RPCAP_MSG_ENDCAP_REQ 10
290 #define RPCAP_MSG_SETSAMPLING_REQ 11
292 #define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)
293 #define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)
294 #define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)
295 #define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)
296 #define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)
297 #define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)
298 #define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)
299 #define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)
301 #define RPCAP_STARTCAPREQ_FLAG_PROMISC 1
302 #define RPCAP_STARTCAPREQ_FLAG_DGRAM 2
303 #define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4
304 #define RPCAP_STARTCAPREQ_FLAG_INBOUND 8
305 #define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16
307 #define RPCAP_UPDATEFILTER_BPF 1
310 // Network error codes
311 #define PCAP_ERR_NETW 1
312 #define PCAP_ERR_INITTIMEOUT 2
313 #define PCAP_ERR_AUTH 3
314 #define PCAP_ERR_FINDALLIF 4
315 #define PCAP_ERR_NOREMOTEIF 5
316 #define PCAP_ERR_OPEN 6
317 #define PCAP_ERR_UPDATEFILTER 7
318 #define PCAP_ERR_GETSTATS 8
319 #define PCAP_ERR_READEX 9
320 #define PCAP_ERR_HOSTNOAUTH 10
321 #define PCAP_ERR_REMOTEACCEPT 11
322 #define PCAP_ERR_STARTCAPTURE 12
323 #define PCAP_ERR_ENDCAPTURE 13
324 #define PCAP_ERR_RUNTIMETIMEOUT 14
325 #define PCAP_ERR_SETSAMPLING 15
326 #define PCAP_ERR_WRONGMSG 16
327 #define PCAP_ERR_WRONGVER 17 // end of private documentation
331 
332 
333 
334 
335 
336 
337 /*********************************************************
338  * *
339  * Exported funtion prototypes *
340  * *
341  *********************************************************/
344 
345 int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data);
346 int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
347 int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
348 int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog);
349 int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps);
353 
354 void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
355 int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
356 int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
357 int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
358 int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
359 
360 int rpcap_remoteact_getsock(const char *host, char *errbuf);
361 
362 #endif
363 
rpcap_findalldevs_if::dummy
uint16 dummy
Must be zero.
Definition: pcap-remote.h:166
rpcap_filter
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions.
Definition: pcap-remote.h:231
pcap_setsampling_remote
int pcap_setsampling_remote(pcap_t *p)
activehosts::host
struct sockaddr_storage host
Definition: pcap-remote.h:135
rpcap_header::type
uint8 type
RPCAP message type (error, findalldevs, ...)
Definition: pcap-remote.h:157
pcap_read_nocb_remote
int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
rpcap_header
Common header for all the RPCAP messages.
Definition: pcap-remote.h:151
rpcap_findalldevs_if::flags
uint32 flags
Interface flags.
Definition: pcap-remote.h:164
rpcap_pkthdr::timestamp_usec
uint32 timestamp_usec
'struct timeval' compatible, it represents the 'tv_usec' field
Definition: pcap-remote.h:222
rpcap_findalldevs_ifaddr::broadaddr
struct sockaddr_storage broadaddr
Broadcast address for that address.
Definition: pcap-remote.h:175
pcap_stats_remote
int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps)
rpcap_openreply::tzoff
int32 tzoff
Timezone offset.
Definition: pcap-remote.h:189
rpcap_auth::type
uint16 type
Authentication type.
Definition: pcap-remote.h:251
activehosts::sockctrl
SOCKET sockctrl
Definition: pcap-remote.h:136
rpcap_findalldevs_if
Format of the message for the interface description (findalldevs command)
Definition: pcap-remote.h:161
rpcap_stats::ifdrop
uint32 ifdrop
Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats....
Definition: pcap-remote.h:262
rpcap_sendauth
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
rpcap_filterbpf_insn::jf
uint8 jf
relative offset to jump to in case of 'false'
Definition: pcap-remote.h:243
rpcap_filterbpf_insn::k
int32 k
instruction-dependent value
Definition: pcap-remote.h:244
rpcap_startcapreply
Format of the reply message that devoted to start a remote capture (startcap reply command)
Definition: pcap-remote.h:206
rpcap_openreply::linktype
int32 linktype
Link type.
Definition: pcap-remote.h:188
rpcap_findalldevs_if::namelen
uint16 namelen
Length of the interface name.
Definition: pcap-remote.h:162
rpcap_startcapreq
Format of the message that starts a remote capture (startcap command)
Definition: pcap-remote.h:196
rpcap_filterbpf_insn::code
uint16 code
opcode of the instuction
Definition: pcap-remote.h:241
rpcap_startcapreq::flags
uint16 flags
Flags (see RPCAP_STARTCAPREQ_FLAG_xxx)
Definition: pcap-remote.h:199
rpcap_startcapreq::snaplen
uint32 snaplen
Length of the snapshot (number of bytes to capture for each packet)
Definition: pcap-remote.h:197
rpcap_header::value
uint16 value
Message-dependent value (not always used)
Definition: pcap-remote.h:158
pcap_pkthdr
Header of a packet in the dump file.
Definition: incs/pcap.h:126
rpcap_startcapreply::portdata
uint16 portdata
Network port on which the server is waiting at (passive mode only)
Definition: pcap-remote.h:208
rpcap_stats::krnldrop
uint32 krnldrop
Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop)
Definition: pcap-remote.h:263
rpcap_pkthdr
Format of the header which encapsulates captured packets when transmitted on the network.
Definition: pcap-remote.h:220
rpcap_header::plen
uint32 plen
Length of the payload of this RPCAP message.
Definition: pcap-remote.h:159
rpcap_pkthdr::len
uint32 len
Real length this packet (off wire)
Definition: pcap-remote.h:224
pcap_t
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
Definition: incs/pcap.h:70
rpcap_pkthdr::npkt
uint32 npkt
Ordinal number of the packet (i.e. the first one captured has '1', the second one '2',...
Definition: pcap-remote.h:225
rpcap_findalldevs_if::naddr
uint16 naddr
Number of addresses.
Definition: pcap-remote.h:165
rpcap_senderror
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf)
rpcap_checkmsg
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
int32
int int32
Provides a 32-bits integer.
Definition: pcap-remote.h:118
pcap_stat
Structure that keeps statistical values on an interface.
Definition: incs/pcap.h:136
rpcap_auth
Structure that keeps the data required for the authentication on the remote host.
Definition: pcap-remote.h:250
rpcap_findalldevs_ifaddr::addr
struct sockaddr_storage addr
Network address.
Definition: pcap-remote.h:173
pcap_cleanup_remote
void pcap_cleanup_remote(pcap_t *p)
rpcap_sampling::dummy1
uint8 dummy1
Must be zero.
Definition: pcap-remote.h:272
uint16
unsigned short uint16
Provides a 16-bits unsigned integer.
Definition: pcap-remote.h:116
rpcap_filterbpf_insn
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_fi...
Definition: pcap-remote.h:240
activehosts
Keeps a list of all the opened connections in the active mode.
Definition: pcap-remote.h:134
rpcap_header::ver
uint8 ver
RPCAP version number.
Definition: pcap-remote.h:156
rpcap_findalldevs_if::desclen
uint16 desclen
Length of the interface description.
Definition: pcap-remote.h:163
rpcap_createhdr
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
rpcap_deseraddr
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
rpcap_findalldevs_ifaddr::dstaddr
struct sockaddr_storage dstaddr
P2P destination address for that address.
Definition: pcap-remote.h:176
pcap_opensource_remote
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth)
rpcap_pkthdr::timestamp_sec
uint32 timestamp_sec
'struct timeval' compatible, it represents the 'tv_sec' field
Definition: pcap-remote.h:221
rpcap_remoteact_getsock
int rpcap_remoteact_getsock(const char *host, char *errbuf)
uint8
unsigned char uint8
Provides an 8-bits unsigned integer.
Definition: pcap-remote.h:115
rpcap_findalldevs_ifaddr
Format of the message for the address listing (findalldevs command)
Definition: pcap-remote.h:172
rpcap_stats::ifrecv
uint32 ifrecv
Packets received by the kernel filter (i.e. pcap_stats.ps_recv)
Definition: pcap-remote.h:261
rpcap_findalldevs_ifaddr::netmask
struct sockaddr_storage netmask
Netmask for that address.
Definition: pcap-remote.h:174
rpcap_stats
Structure that keeps the statistics about the number of packets captured, dropped,...
Definition: pcap-remote.h:260
activehosts::next
struct activehosts * next
Definition: pcap-remote.h:137
pcap_startcapture_remote
int pcap_startcapture_remote(pcap_t *fp)
rpcap_sampling::method
uint8 method
Sampling method.
Definition: pcap-remote.h:271
rpcap_startcapreq::read_timeout
uint32 read_timeout
Read timeout in milliseconds.
Definition: pcap-remote.h:198
uint32
unsigned int uint32
Provides a 32-bits unsigned integer.
Definition: pcap-remote.h:117
rpcap_openreply
Format of the message of the connection opening reply (open command).
Definition: pcap-remote.h:187
rpcap_auth::slen1
uint16 slen1
Length of the first authentication item (e.g. username)
Definition: pcap-remote.h:253
rpcap_filter::dummy
uint16 dummy
Must be zero.
Definition: pcap-remote.h:233
rpcap_startcapreply::dummy
uint16 dummy
Must be zero.
Definition: pcap-remote.h:209
pcap_read_remote
int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
pcap_setfilter_remote
int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog)
rpcap_filter::nitems
uint32 nitems
Number of items contained into the filter (e.g. BPF instructions for BPF filters)
Definition: pcap-remote.h:234
rpcap_auth::dummy
uint16 dummy
Must be zero.
Definition: pcap-remote.h:252
rpcap_startcapreq::portdata
uint16 portdata
Network port on which the client is waiting at (if 'serveropen')
Definition: pcap-remote.h:200
rpcap_startcapreply::bufsize
int32 bufsize
Size of the user buffer allocated by WinPcap; it can be different from the one we chose.
Definition: pcap-remote.h:207
rpcap_pkthdr::caplen
uint32 caplen
Length of portion present in the capture.
Definition: pcap-remote.h:223
rpcap_sampling
Structure that is needed to set sampling parameters.
Definition: pcap-remote.h:270
rpcap_auth::slen2
uint16 slen2
Length of the second authentication item (e.g. password)
Definition: pcap-remote.h:254
pcap_handler
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
Definition: funcs/pcap.h:27
rpcap_filter::filtertype
uint16 filtertype
type of the filter transferred (BPF instructions, ...)
Definition: pcap-remote.h:232
pcap_rmtauth
This structure keeps the information needed to autheticate the user on a remote machine.
Definition: remote-ext.h:339
pcap_stats_ex_remote
struct pcap_stat * pcap_stats_ex_remote(pcap_t *p)
pcap_updatefilter_remote
int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
rpcap_filterbpf_insn::jt
uint8 jt
relative offset to jump to in case of 'true'
Definition: pcap-remote.h:242
rpcap_sampling::value
uint32 value
Parameter related to the sampling method.
Definition: pcap-remote.h:274
rpcap_stats::svrcapt
uint32 svrcapt
Packets captured by the RPCAP daemon and sent on the network.
Definition: pcap-remote.h:264
rpcap_sampling::dummy2
uint16 dummy2
Must be zero.
Definition: pcap-remote.h:273

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.