00001 /* 00002 * Copyright (c) 2002 - 2003 00003 * NetGroup, Politecnico di Torino (Italy) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino nor the names of its 00016 * contributors may be used to endorse or promote products derived from 00017 * this software without specific prior written permission. 00018 * 00019 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00020 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00021 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00022 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00023 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00024 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00025 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00026 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00027 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00028 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00029 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00030 * 00031 */ 00032 00033 00034 #ifndef __REMOTE_EXT_H__ 00035 #define __REMOTE_EXT_H__ 00036 00037 00038 00039 // Definition for Microsoft Visual Studio 00040 #if _MSC_VER > 1000 00041 #pragma once 00042 #endif 00043 00044 #ifdef __cplusplus 00045 extern "C" { 00046 #endif 00047 00048 /*! 00049 \file remote-ext.h 00050 00051 The goal of this file it to include most of the new definitions that should be 00052 placed into the pcap.h file. 00053 00054 It includes all new definitions (structures and functions like pcap_open(). 00055 Some of the functions are not really a remote feature, but, right now, 00056 they are placed here. 00057 */ 00058 00059 00060 00061 // All this stuff is public 00062 /*! \addtogroup remote_struct 00063 \{ 00064 */ 00065 00066 00067 00068 00069 /*! 00070 \brief Defines the maximum buffer size in which address, port, interface names are kept. 00071 00072 In case the adapter name or such is larger than this value, it is truncated. 00073 This is not used by the user; however it must be aware that an hostname / interface 00074 name longer than this value will be truncated. 00075 */ 00076 #define PCAP_BUF_SIZE 1024 00077 00078 00079 /*! \addtogroup remote_source_ID 00080 \{ 00081 */ 00082 00083 00084 /*! 00085 \brief Internal representation of the type of source in use (file, 00086 remote/local interface). 00087 00088 This indicates a file, i.e. the user want to open a capture from a local file. 00089 */ 00090 #define PCAP_SRC_FILE 2 00091 /*! 00092 \brief Internal representation of the type of source in use (file, 00093 remote/local interface). 00094 00095 This indicates a local interface, i.e. the user want to open a capture from 00096 a local interface. This does not involve the RPCAP protocol. 00097 */ 00098 #define PCAP_SRC_IFLOCAL 3 00099 /*! 00100 \brief Internal representation of the type of source in use (file, 00101 remote/local interface). 00102 00103 This indicates a remote interface, i.e. the user want to open a capture from 00104 an interface on a remote host. This does involve the RPCAP protocol. 00105 */ 00106 #define PCAP_SRC_IFREMOTE 4 00107 00108 /*! 00109 \} 00110 */ 00111 00112 00113 00114 /*! \addtogroup remote_source_string 00115 00116 The formats allowed by the pcap_open() are the following: 00117 - file://path_and_filename [opens a local file] 00118 - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol] 00119 - rpcap://host/devicename [opens the selected device available on a remote host] 00120 - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP] 00121 - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged] 00122 - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged] 00123 00124 The formats allowed by the pcap_findalldevs_ex() are the following: 00125 - file://folder/ [lists all the files in the given folder] 00126 - rpcap:// [lists all local adapters] 00127 - rpcap://host:port/ [lists the devices available on a remote host] 00128 00129 Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since 00130 IPv6 is fully supported, these are the allowed formats: 00131 00132 - host (literal): e.g. host.foo.bar 00133 - host (numeric IPv4): e.g. 10.11.12.13 00134 - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13] 00135 - host (numeric IPv6): e.g. [1:2:3::4] 00136 - port: can be either numeric (e.g. '80') or literal (e.g. 'http') 00137 00138 Here you find some allowed examples: 00139 - rpcap://host.foo.bar/devicename [everything literal, no port number] 00140 - rpcap://host.foo.bar:1234/devicename [everything literal, with port number] 00141 - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number] 00142 - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number] 00143 - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number] 00144 - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number] 00145 - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number] 00146 - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] 00147 00148 \{ 00149 */ 00150 00151 00152 /*! 00153 \brief String that will be used to determine the type of source in use (file, 00154 remote/local interface). 00155 00156 This string will be prepended to the interface name in order to create a string 00157 that contains all the information required to open the source. 00158 00159 This string indicates that the user wants to open a capture from a local file. 00160 */ 00161 #define PCAP_SRC_FILE_STRING "file://" 00162 /*! 00163 \brief String that will be used to determine the type of source in use (file, 00164 remote/local interface). 00165 00166 This string will be prepended to the interface name in order to create a string 00167 that contains all the information required to open the source. 00168 00169 This string indicates that the user wants to open a capture from a network interface. 00170 This string does not necessarily involve the use of the RPCAP protocol. If the 00171 interface required resides on the local host, the RPCAP protocol is not involved 00172 and the local functions are used. 00173 */ 00174 #define PCAP_SRC_IF_STRING "rpcap://" 00175 00176 /*! 00177 \} 00178 */ 00179 00180 00181 00182 00183 00184 /*! 00185 \addtogroup remote_open_flags 00186 \{ 00187 */ 00188 00189 /*! 00190 \brief It defines if the adapter has to go in promiscuous mode. 00191 00192 It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise. 00193 Note that even if this parameter is false, the interface could well be in promiscuous 00194 mode for some other reason (for example because another capture process with 00195 promiscuous mode enabled is currently using that interface). 00196 On on Linux systems with 2.2 or later kernels (that have the "any" device), this 00197 flag does not work on the "any" device; if an argument of "any" is supplied, 00198 the 'promisc' flag is ignored. 00199 */ 00200 #define PCAP_OPENFLAG_PROMISCUOUS 1 00201 00202 /*! 00203 \brief It defines if the data trasfer (in case of a remote 00204 capture) has to be done with UDP protocol. 00205 00206 If it is '1' if you want a UDP data connection, '0' if you want 00207 a TCP data connection; control connection is always TCP-based. 00208 A UDP connection is much lighter, but it does not guarantee that all 00209 the captured packets arrive to the client workstation. Moreover, 00210 it could be harmful in case of network congestion. 00211 This flag is meaningless if the source is not a remote interface. 00212 In that case, it is simply ignored. 00213 */ 00214 #define PCAP_OPENFLAG_DATATX_UDP 2 00215 00216 00217 /*! 00218 \brief It defines if the remote probe has to capture its own generated traffic. 00219 00220 In case the remote probe uses the same interface to capture traffic and to send 00221 data back to the caller, the captured traffic includes the RPCAP traffic as well. 00222 If this flag is turned on, the RPCAP traffic is excluded from the capture, so that 00223 the trace returned back to the collector is does not include this traffic. 00224 */ 00225 #define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 00226 /*! 00227 \} 00228 */ 00229 00230 00231 /*! 00232 \addtogroup remote_samp_methods 00233 \{ 00234 */ 00235 00236 /*! 00237 \brief No sampling has to be done on the current capture. 00238 00239 In this case, no sampling algorithms are applied to the current capture. 00240 */ 00241 #define PCAP_SAMP_NOSAMP 0 00242 00243 /*! 00244 \brief It defines that only 1 out of N packets must be returned to the user. 00245 00246 In this case, the 'value' field of the 'pcap_samp' structure indicates the 00247 number of packets (minus 1) that must be discarded before one packet got accepted. 00248 In other words, if 'value = 10', the first packet is returned to the caller, while 00249 the following 9 are discarded. 00250 */ 00251 #define PCAP_SAMP_1_EVERY_N 1 00252 00253 /*! 00254 \brief It defines that we have to return 1 packet every N milliseconds. 00255 00256 In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting 00257 time' in milliseconds before one packet got accepted. 00258 In other words, if 'value = 10', the first packet is returned to the caller; the next 00259 returned one will be the first packet that arrives when 10ms have elapsed. 00260 */ 00261 #define PCAP_SAMP_FIRST_AFTER_N_MS 2 00262 00263 /*! 00264 \} 00265 */ 00266 00267 00268 /*! 00269 \addtogroup remote_auth_methods 00270 \{ 00271 */ 00272 00273 /*! 00274 \brief It defines the NULL authentication. 00275 00276 This value has to be used within the 'type' member of the pcap_rmtauth structure. 00277 The 'NULL' authentication has to be equal to 'zero', so that old applications 00278 can just put every field of struct pcap_rmtauth to zero, and it does work. 00279 */ 00280 #define RPCAP_RMTAUTH_NULL 0 00281 /*! 00282 \brief It defines the username/password authentication. 00283 00284 With this type of authentication, the RPCAP protocol will use the username/ 00285 password provided to authenticate the user on the remote machine. If the 00286 authentication is successful (and the user has the right to open network devices) 00287 the RPCAP connection will continue; otherwise it will be dropped. 00288 00289 This value has to be used within the 'type' member of the pcap_rmtauth structure. 00290 */ 00291 #define RPCAP_RMTAUTH_PWD 1 00292 00293 /*! 00294 \} 00295 */ 00296 00297 00298 00299 00300 /*! 00301 00302 \brief This structure keeps the information needed to autheticate 00303 the user on a remote machine. 00304 00305 The remote machine can either grant or refuse the access according 00306 to the information provided. 00307 In case the NULL authentication is required, both 'username' and 00308 'password' can be NULL pointers. 00309 00310 This structure is meaningless if the source is not a remote interface; 00311 in that case, the functions which requires such a structure can accept 00312 a NULL pointer as well. 00313 */ 00314 struct pcap_rmtauth 00315 { 00316 /*! 00317 \brief Type of the authentication required. 00318 00319 In order to provide maximum flexibility, we can support different types 00320 of authentication based on the value of this 'type' variable. The currently 00321 supported authentication methods are defined into the 00322 \link remote_auth_methods Remote Authentication Methods Section\endlink. 00323 00324 */ 00325 int type; 00326 /*! 00327 \brief Zero-terminated string containing the username that has to be 00328 used on the remote machine for authentication. 00329 00330 This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication 00331 and it can be NULL. 00332 */ 00333 char *username; 00334 /*! 00335 \brief Zero-terminated string containing the password that has to be 00336 used on the remote machine for authentication. 00337 00338 This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication 00339 and it can be NULL. 00340 */ 00341 char *password; 00342 }; 00343 00344 00345 /*! 00346 \brief This structure defines the information related to sampling. 00347 00348 In case the sampling is requested, the capturing device should read 00349 only a subset of the packets coming from the source. The returned packets depend 00350 on the sampling parameters. 00351 00352 \warning The sampling process is applied <strong>after</strong> the filtering process. 00353 In other words, packets are filtered first, then the sampling process selects a 00354 subset of the 'filtered' packets and it returns them to the caller. 00355 */ 00356 struct pcap_samp 00357 { 00358 /*! 00359 Method used for sampling. Currently, the supported methods are listed in the 00360 \link remote_samp_methods Sampling Methods Section\endlink. 00361 */ 00362 int method; 00363 00364 /*! 00365 This value depends on the sampling method defined. For its meaning, please check 00366 at the \link remote_samp_methods Sampling Methods Section\endlink. 00367 */ 00368 int value; 00369 }; 00370 00371 00372 00373 00374 //! Maximum lenght of an host name (needed for the RPCAP active mode) 00375 #define RPCAP_HOSTLIST_SIZE 1024 00376 00377 00378 /*! 00379 \} 00380 */ // end of public documentation 00381 00382 00383 // Exported functions 00384 00385 00386 00387 /** \name New WinPcap functions 00388 00389 This section lists the new functions that are able to help considerably in writing 00390 WinPcap programs because of their easiness of use. 00391 */ 00392 //\{ 00393 pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf); 00394 int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf); 00395 int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf); 00396 int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf); 00397 struct pcap_samp *pcap_setsampling(pcap_t *p); 00398 00399 //\} 00400 // End of new winpcap functions 00401 00402 00403 00404 /** \name Remote Capture functions 00405 */ 00406 //\{ 00407 SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf); 00408 int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf); 00409 int pcap_remoteact_close(const char *host, char *errbuf); 00410 void pcap_remoteact_cleanup(); 00411 //\} 00412 // End of remote capture functions 00413 00414 #ifdef __cplusplus 00415 } 00416 #endif 00417 00418 00419 #endif 00420
1.4.2