WinPcap 4.1.3
pcap-remote.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34#ifndef __PCAP_REMOTE_H__
35#define __PCAP_REMOTE_H__
36
37
38#include "pcap.h"
39#include "sockutils.h" // Needed for some structures (like SOCKET, sockaddr_in) which are used here
40
41
74/*********************************************************
75 * *
76 * General definitions / typedefs for the RPCAP protocol *
77 * *
78 *********************************************************/
79
80// All the following structures and typedef belongs to the Private Documentation
85#define RPCAP_DEFAULT_NETPORT "2002"
87#define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
88#define RPCAP_DEFAULT_NETADDR ""
89#define RPCAP_VERSION 0
90#define RPCAP_TIMEOUT_INIT 90
91#define RPCAP_TIMEOUT_RUNTIME 180
92#define RPCAP_ACTIVE_WAIT 30
93#define RPCAP_SUSPEND_WRONGAUTH 1
99#define RPCAP_NETBUF_SIZE 64000
100
101
109#define RPCAP_HOSTLIST_SEP " ,;\n\r"
110
111
112
113
114// WARNING: These could need to be changed on other platforms
115typedef unsigned char uint8;
116typedef unsigned short uint16;
117typedef unsigned int uint32;
118typedef int int32;
119
120
121
122
134{
135 struct sockaddr_storage host;
136 SOCKET sockctrl;
138};
139
140
141/*********************************************************
142 * *
143 * Protocol messages formats *
144 * *
145 *********************************************************/
146// WARNING Take care you compiler does not insert padding for better alignments into these structs
147
148
151{
156};
157
158
161{
167};
168
169
172{
173 struct sockaddr_storage addr;
174 struct sockaddr_storage netmask;
175 struct sockaddr_storage broadaddr;
176 struct sockaddr_storage dstaddr;
177};
178
179
180
187{
190};
191
192
193
196{
201};
202
203
206{
210};
211
212
220{
226};
227
228
231{
235};
236
237
240{
245};
246
247
250{
255};
256
257
260{
265};
266
267
270{
275};
276
277
278
279// Messages field coding
280#define RPCAP_MSG_ERROR 1
281#define RPCAP_MSG_FINDALLIF_REQ 2
282#define RPCAP_MSG_OPEN_REQ 3
283#define RPCAP_MSG_STARTCAP_REQ 4
284#define RPCAP_MSG_UPDATEFILTER_REQ 5
285#define RPCAP_MSG_CLOSE 6
286#define RPCAP_MSG_PACKET 7
287#define RPCAP_MSG_AUTH_REQ 8
288#define RPCAP_MSG_STATS_REQ 9
289#define RPCAP_MSG_ENDCAP_REQ 10
290#define RPCAP_MSG_SETSAMPLING_REQ 11
292#define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)
293#define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)
294#define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)
295#define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)
296#define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)
297#define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)
298#define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)
299#define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)
301#define RPCAP_STARTCAPREQ_FLAG_PROMISC 1
302#define RPCAP_STARTCAPREQ_FLAG_DGRAM 2
303#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4
304#define RPCAP_STARTCAPREQ_FLAG_INBOUND 8
305#define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16
307#define RPCAP_UPDATEFILTER_BPF 1
310// Network error codes
311#define PCAP_ERR_NETW 1
312#define PCAP_ERR_INITTIMEOUT 2
313#define PCAP_ERR_AUTH 3
314#define PCAP_ERR_FINDALLIF 4
315#define PCAP_ERR_NOREMOTEIF 5
316#define PCAP_ERR_OPEN 6
317#define PCAP_ERR_UPDATEFILTER 7
318#define PCAP_ERR_GETSTATS 8
319#define PCAP_ERR_READEX 9
320#define PCAP_ERR_HOSTNOAUTH 10
321#define PCAP_ERR_REMOTEACCEPT 11
322#define PCAP_ERR_STARTCAPTURE 12
323#define PCAP_ERR_ENDCAPTURE 13
324#define PCAP_ERR_RUNTIMETIMEOUT 14
325#define PCAP_ERR_SETSAMPLING 15
326#define PCAP_ERR_WRONGMSG 16
327#define PCAP_ERR_WRONGVER 17 // end of private documentation
331
332
333
334
335
336
337/*********************************************************
338 * *
339 * Exported funtion prototypes *
340 * *
341 *********************************************************/
344
345int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data);
346int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
347int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
348int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog);
353
354void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
355int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
356int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
357int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
358int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
359
360int rpcap_remoteact_getsock(const char *host, char *errbuf);
361
362#endif
363
unsigned short uint16
Provides a 16-bits unsigned integer.
Definition: pcap-remote.h:116
unsigned int uint32
Provides a 32-bits unsigned integer.
Definition: pcap-remote.h:117
int int32
Provides a 32-bits integer.
Definition: pcap-remote.h:118
unsigned char uint8
Provides an 8-bits unsigned integer.
Definition: pcap-remote.h:115
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
Definition: incs/pcap.h:70
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
Definition: funcs/pcap.h:27
int pcap_startcapture_remote(pcap_t *fp)
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
void pcap_cleanup_remote(pcap_t *p)
int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog)
int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps)
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf)
int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth)
struct pcap_stat * pcap_stats_ex_remote(pcap_t *p)
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
int rpcap_remoteact_getsock(const char *host, char *errbuf)
int pcap_setsampling_remote(pcap_t *p)
Keeps a list of all the opened connections in the active mode.
Definition: pcap-remote.h:134
SOCKET sockctrl
Definition: pcap-remote.h:136
struct activehosts * next
Definition: pcap-remote.h:137
struct sockaddr_storage host
Definition: pcap-remote.h:135
Header of a packet in the dump file.
Definition: incs/pcap.h:126
This structure keeps the information needed to autheticate the user on a remote machine.
Definition: remote-ext.h:339
Structure that keeps statistical values on an interface.
Definition: incs/pcap.h:136
Structure that keeps the data required for the authentication on the remote host.
Definition: pcap-remote.h:250
uint16 dummy
Must be zero.
Definition: pcap-remote.h:252
uint16 slen1
Length of the first authentication item (e.g. username)
Definition: pcap-remote.h:253
uint16 slen2
Length of the second authentication item (e.g. password)
Definition: pcap-remote.h:254
uint16 type
Authentication type.
Definition: pcap-remote.h:251
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions.
Definition: pcap-remote.h:231
uint16 filtertype
type of the filter transferred (BPF instructions, ...)
Definition: pcap-remote.h:232
uint16 dummy
Must be zero.
Definition: pcap-remote.h:233
uint32 nitems
Number of items contained into the filter (e.g. BPF instructions for BPF filters)
Definition: pcap-remote.h:234
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_fi...
Definition: pcap-remote.h:240
uint16 code
opcode of the instuction
Definition: pcap-remote.h:241
uint8 jf
relative offset to jump to in case of 'false'
Definition: pcap-remote.h:243
uint8 jt
relative offset to jump to in case of 'true'
Definition: pcap-remote.h:242
int32 k
instruction-dependent value
Definition: pcap-remote.h:244
Format of the message for the interface description (findalldevs command)
Definition: pcap-remote.h:161
uint16 dummy
Must be zero.
Definition: pcap-remote.h:166
uint32 flags
Interface flags.
Definition: pcap-remote.h:164
uint16 desclen
Length of the interface description.
Definition: pcap-remote.h:163
uint16 namelen
Length of the interface name.
Definition: pcap-remote.h:162
uint16 naddr
Number of addresses.
Definition: pcap-remote.h:165
Format of the message for the address listing (findalldevs command)
Definition: pcap-remote.h:172
struct sockaddr_storage broadaddr
Broadcast address for that address.
Definition: pcap-remote.h:175
struct sockaddr_storage addr
Network address.
Definition: pcap-remote.h:173
struct sockaddr_storage dstaddr
P2P destination address for that address.
Definition: pcap-remote.h:176
struct sockaddr_storage netmask
Netmask for that address.
Definition: pcap-remote.h:174
Common header for all the RPCAP messages.
Definition: pcap-remote.h:151
uint8 type
RPCAP message type (error, findalldevs, ...)
Definition: pcap-remote.h:153
uint16 value
Message-dependent value (not always used)
Definition: pcap-remote.h:154
uint32 plen
Length of the payload of this RPCAP message.
Definition: pcap-remote.h:155
uint8 ver
RPCAP version number.
Definition: pcap-remote.h:152
Format of the message of the connection opening reply (open command).
Definition: pcap-remote.h:187
int32 linktype
Link type.
Definition: pcap-remote.h:188
int32 tzoff
Timezone offset.
Definition: pcap-remote.h:189
Format of the header which encapsulates captured packets when transmitted on the network.
Definition: pcap-remote.h:220
uint32 timestamp_sec
'struct timeval' compatible, it represents the 'tv_sec' field
Definition: pcap-remote.h:221
uint32 npkt
Ordinal number of the packet (i.e. the first one captured has '1', the second one '2',...
Definition: pcap-remote.h:225
uint32 timestamp_usec
'struct timeval' compatible, it represents the 'tv_usec' field
Definition: pcap-remote.h:222
uint32 len
Real length this packet (off wire)
Definition: pcap-remote.h:224
uint32 caplen
Length of portion present in the capture.
Definition: pcap-remote.h:223
Structure that is needed to set sampling parameters.
Definition: pcap-remote.h:270
uint16 dummy2
Must be zero.
Definition: pcap-remote.h:273
uint32 value
Parameter related to the sampling method.
Definition: pcap-remote.h:274
uint8 method
Sampling method.
Definition: pcap-remote.h:271
uint8 dummy1
Must be zero.
Definition: pcap-remote.h:272
Format of the reply message that devoted to start a remote capture (startcap reply command)
Definition: pcap-remote.h:206
int32 bufsize
Size of the user buffer allocated by WinPcap; it can be different from the one we chose.
Definition: pcap-remote.h:207
uint16 dummy
Must be zero.
Definition: pcap-remote.h:209
uint16 portdata
Network port on which the server is waiting at (passive mode only)
Definition: pcap-remote.h:208
Format of the message that starts a remote capture (startcap command)
Definition: pcap-remote.h:196
uint32 read_timeout
Read timeout in milliseconds.
Definition: pcap-remote.h:198
uint16 portdata
Network port on which the client is waiting at (if 'serveropen')
Definition: pcap-remote.h:200
uint16 flags
Flags (see RPCAP_STARTCAPREQ_FLAG_xxx)
Definition: pcap-remote.h:199
uint32 snaplen
Length of the snapshot (number of bytes to capture for each packet)
Definition: pcap-remote.h:197
Structure that keeps the statistics about the number of packets captured, dropped,...
Definition: pcap-remote.h:260
uint32 ifdrop
Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats....
Definition: pcap-remote.h:262
uint32 ifrecv
Packets received by the kernel filter (i.e. pcap_stats.ps_recv)
Definition: pcap-remote.h:261
uint32 svrcapt
Packets captured by the RPCAP daemon and sent on the network.
Definition: pcap-remote.h:264
uint32 krnldrop
Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop)
Definition: pcap-remote.h:263

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.