1*d56f51eaSDavid van Moolenbroek /* $NetBSD: pcap.h,v 1.6 2015/03/31 21:39:43 christos Exp $ */ 2*d56f51eaSDavid van Moolenbroek 3*d56f51eaSDavid van Moolenbroek /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ 4*d56f51eaSDavid van Moolenbroek /* 5*d56f51eaSDavid van Moolenbroek * Copyright (c) 1993, 1994, 1995, 1996, 1997 6*d56f51eaSDavid van Moolenbroek * The Regents of the University of California. All rights reserved. 7*d56f51eaSDavid van Moolenbroek * 8*d56f51eaSDavid van Moolenbroek * Redistribution and use in source and binary forms, with or without 9*d56f51eaSDavid van Moolenbroek * modification, are permitted provided that the following conditions 10*d56f51eaSDavid van Moolenbroek * are met: 11*d56f51eaSDavid van Moolenbroek * 1. Redistributions of source code must retain the above copyright 12*d56f51eaSDavid van Moolenbroek * notice, this list of conditions and the following disclaimer. 13*d56f51eaSDavid van Moolenbroek * 2. Redistributions in binary form must reproduce the above copyright 14*d56f51eaSDavid van Moolenbroek * notice, this list of conditions and the following disclaimer in the 15*d56f51eaSDavid van Moolenbroek * documentation and/or other materials provided with the distribution. 16*d56f51eaSDavid van Moolenbroek * 3. All advertising materials mentioning features or use of this software 17*d56f51eaSDavid van Moolenbroek * must display the following acknowledgement: 18*d56f51eaSDavid van Moolenbroek * This product includes software developed by the Computer Systems 19*d56f51eaSDavid van Moolenbroek * Engineering Group at Lawrence Berkeley Laboratory. 20*d56f51eaSDavid van Moolenbroek * 4. Neither the name of the University nor of the Laboratory may be used 21*d56f51eaSDavid van Moolenbroek * to endorse or promote products derived from this software without 22*d56f51eaSDavid van Moolenbroek * specific prior written permission. 23*d56f51eaSDavid van Moolenbroek * 24*d56f51eaSDavid van Moolenbroek * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25*d56f51eaSDavid van Moolenbroek * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26*d56f51eaSDavid van Moolenbroek * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27*d56f51eaSDavid van Moolenbroek * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28*d56f51eaSDavid van Moolenbroek * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29*d56f51eaSDavid van Moolenbroek * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30*d56f51eaSDavid van Moolenbroek * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31*d56f51eaSDavid van Moolenbroek * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32*d56f51eaSDavid van Moolenbroek * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33*d56f51eaSDavid van Moolenbroek * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34*d56f51eaSDavid van Moolenbroek * SUCH DAMAGE. 35*d56f51eaSDavid van Moolenbroek */ 36*d56f51eaSDavid van Moolenbroek 37*d56f51eaSDavid van Moolenbroek #ifndef lib_pcap_pcap_h 38*d56f51eaSDavid van Moolenbroek #define lib_pcap_pcap_h 39*d56f51eaSDavid van Moolenbroek 40*d56f51eaSDavid van Moolenbroek #if defined(WIN32) 41*d56f51eaSDavid van Moolenbroek #include <pcap-stdinc.h> 42*d56f51eaSDavid van Moolenbroek #elif defined(MSDOS) 43*d56f51eaSDavid van Moolenbroek #include <sys/types.h> 44*d56f51eaSDavid van Moolenbroek #include <sys/socket.h> /* u_int, u_char etc. */ 45*d56f51eaSDavid van Moolenbroek #else /* UN*X */ 46*d56f51eaSDavid van Moolenbroek #include <sys/types.h> 47*d56f51eaSDavid van Moolenbroek #include <sys/time.h> 48*d56f51eaSDavid van Moolenbroek #endif /* WIN32/MSDOS/UN*X */ 49*d56f51eaSDavid van Moolenbroek 50*d56f51eaSDavid van Moolenbroek #ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H 51*d56f51eaSDavid van Moolenbroek #include <pcap/bpf.h> 52*d56f51eaSDavid van Moolenbroek #else 53*d56f51eaSDavid van Moolenbroek #include <net/bpf.h> 54*d56f51eaSDavid van Moolenbroek #endif 55*d56f51eaSDavid van Moolenbroek 56*d56f51eaSDavid van Moolenbroek #include <stdio.h> 57*d56f51eaSDavid van Moolenbroek 58*d56f51eaSDavid van Moolenbroek #ifdef __cplusplus 59*d56f51eaSDavid van Moolenbroek extern "C" { 60*d56f51eaSDavid van Moolenbroek #endif 61*d56f51eaSDavid van Moolenbroek 62*d56f51eaSDavid van Moolenbroek /* 63*d56f51eaSDavid van Moolenbroek * Version number of the current version of the pcap file format. 64*d56f51eaSDavid van Moolenbroek * 65*d56f51eaSDavid van Moolenbroek * NOTE: this is *NOT* the version number of the libpcap library. 66*d56f51eaSDavid van Moolenbroek * To fetch the version information for the version of libpcap 67*d56f51eaSDavid van Moolenbroek * you're using, use pcap_lib_version(). 68*d56f51eaSDavid van Moolenbroek */ 69*d56f51eaSDavid van Moolenbroek #define PCAP_VERSION_MAJOR 2 70*d56f51eaSDavid van Moolenbroek #define PCAP_VERSION_MINOR 4 71*d56f51eaSDavid van Moolenbroek 72*d56f51eaSDavid van Moolenbroek #define PCAP_ERRBUF_SIZE 256 73*d56f51eaSDavid van Moolenbroek 74*d56f51eaSDavid van Moolenbroek /* 75*d56f51eaSDavid van Moolenbroek * Compatibility for systems that have a bpf.h that 76*d56f51eaSDavid van Moolenbroek * predates the bpf typedefs for 64-bit support. 77*d56f51eaSDavid van Moolenbroek */ 78*d56f51eaSDavid van Moolenbroek #if BPF_RELEASE - 0 < 199406 79*d56f51eaSDavid van Moolenbroek typedef int bpf_int32; 80*d56f51eaSDavid van Moolenbroek typedef u_int bpf_u_int32; 81*d56f51eaSDavid van Moolenbroek #endif 82*d56f51eaSDavid van Moolenbroek 83*d56f51eaSDavid van Moolenbroek typedef struct pcap pcap_t; 84*d56f51eaSDavid van Moolenbroek typedef struct pcap_dumper pcap_dumper_t; 85*d56f51eaSDavid van Moolenbroek typedef struct pcap_if pcap_if_t; 86*d56f51eaSDavid van Moolenbroek typedef struct pcap_addr pcap_addr_t; 87*d56f51eaSDavid van Moolenbroek 88*d56f51eaSDavid van Moolenbroek /* 89*d56f51eaSDavid van Moolenbroek * The first record in the file contains saved values for some 90*d56f51eaSDavid van Moolenbroek * of the flags used in the printout phases of tcpdump. 91*d56f51eaSDavid van Moolenbroek * Many fields here are 32 bit ints so compilers won't insert unwanted 92*d56f51eaSDavid van Moolenbroek * padding; these files need to be interchangeable across architectures. 93*d56f51eaSDavid van Moolenbroek * 94*d56f51eaSDavid van Moolenbroek * Do not change the layout of this structure, in any way (this includes 95*d56f51eaSDavid van Moolenbroek * changes that only affect the length of fields in this structure). 96*d56f51eaSDavid van Moolenbroek * 97*d56f51eaSDavid van Moolenbroek * Also, do not change the interpretation of any of the members of this 98*d56f51eaSDavid van Moolenbroek * structure, in any way (this includes using values other than 99*d56f51eaSDavid van Moolenbroek * LINKTYPE_ values, as defined in "savefile.c", in the "linktype" 100*d56f51eaSDavid van Moolenbroek * field). 101*d56f51eaSDavid van Moolenbroek * 102*d56f51eaSDavid van Moolenbroek * Instead: 103*d56f51eaSDavid van Moolenbroek * 104*d56f51eaSDavid van Moolenbroek * introduce a new structure for the new format, if the layout 105*d56f51eaSDavid van Moolenbroek * of the structure changed; 106*d56f51eaSDavid van Moolenbroek * 107*d56f51eaSDavid van Moolenbroek * send mail to "tcpdump-workers@lists.tcpdump.org", requesting 108*d56f51eaSDavid van Moolenbroek * a new magic number for your new capture file format, and, when 109*d56f51eaSDavid van Moolenbroek * you get the new magic number, put it in "savefile.c"; 110*d56f51eaSDavid van Moolenbroek * 111*d56f51eaSDavid van Moolenbroek * use that magic number for save files with the changed file 112*d56f51eaSDavid van Moolenbroek * header; 113*d56f51eaSDavid van Moolenbroek * 114*d56f51eaSDavid van Moolenbroek * make the code in "savefile.c" capable of reading files with 115*d56f51eaSDavid van Moolenbroek * the old file header as well as files with the new file header 116*d56f51eaSDavid van Moolenbroek * (using the magic number to determine the header format). 117*d56f51eaSDavid van Moolenbroek * 118*d56f51eaSDavid van Moolenbroek * Then supply the changes by forking the branch at 119*d56f51eaSDavid van Moolenbroek * 120*d56f51eaSDavid van Moolenbroek * https://github.com/the-tcpdump-group/libpcap/issues 121*d56f51eaSDavid van Moolenbroek * 122*d56f51eaSDavid van Moolenbroek * and issuing a pull request, so that future versions of libpcap and 123*d56f51eaSDavid van Moolenbroek * programs that use it (such as tcpdump) will be able to read your new 124*d56f51eaSDavid van Moolenbroek * capture file format. 125*d56f51eaSDavid van Moolenbroek */ 126*d56f51eaSDavid van Moolenbroek struct pcap_file_header { 127*d56f51eaSDavid van Moolenbroek bpf_u_int32 magic; 128*d56f51eaSDavid van Moolenbroek u_short version_major; 129*d56f51eaSDavid van Moolenbroek u_short version_minor; 130*d56f51eaSDavid van Moolenbroek bpf_int32 thiszone; /* gmt to local correction */ 131*d56f51eaSDavid van Moolenbroek bpf_u_int32 sigfigs; /* accuracy of timestamps */ 132*d56f51eaSDavid van Moolenbroek bpf_u_int32 snaplen; /* max length saved portion of each pkt */ 133*d56f51eaSDavid van Moolenbroek bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ 134*d56f51eaSDavid van Moolenbroek }; 135*d56f51eaSDavid van Moolenbroek 136*d56f51eaSDavid van Moolenbroek /* 137*d56f51eaSDavid van Moolenbroek * Macros for the value returned by pcap_datalink_ext(). 138*d56f51eaSDavid van Moolenbroek * 139*d56f51eaSDavid van Moolenbroek * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro 140*d56f51eaSDavid van Moolenbroek * gives the FCS length of packets in the capture. 141*d56f51eaSDavid van Moolenbroek */ 142*d56f51eaSDavid van Moolenbroek #define LT_FCS_LENGTH_PRESENT(x) ((x) & 0x04000000) 143*d56f51eaSDavid van Moolenbroek #define LT_FCS_LENGTH(x) (((x) & 0xF0000000) >> 28) 144*d56f51eaSDavid van Moolenbroek #define LT_FCS_DATALINK_EXT(x) ((((x) & 0xF) << 28) | 0x04000000) 145*d56f51eaSDavid van Moolenbroek 146*d56f51eaSDavid van Moolenbroek typedef enum { 147*d56f51eaSDavid van Moolenbroek PCAP_D_INOUT = 0, 148*d56f51eaSDavid van Moolenbroek PCAP_D_IN, 149*d56f51eaSDavid van Moolenbroek PCAP_D_OUT 150*d56f51eaSDavid van Moolenbroek } pcap_direction_t; 151*d56f51eaSDavid van Moolenbroek 152*d56f51eaSDavid van Moolenbroek /* 153*d56f51eaSDavid van Moolenbroek * Generic per-packet information, as supplied by libpcap. 154*d56f51eaSDavid van Moolenbroek * 155*d56f51eaSDavid van Moolenbroek * The time stamp can and should be a "struct timeval", regardless of 156*d56f51eaSDavid van Moolenbroek * whether your system supports 32-bit tv_sec in "struct timeval", 157*d56f51eaSDavid van Moolenbroek * 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit 158*d56f51eaSDavid van Moolenbroek * and 64-bit applications. The on-disk format of savefiles uses 32-bit 159*d56f51eaSDavid van Moolenbroek * tv_sec (and tv_usec); this structure is irrelevant to that. 32-bit 160*d56f51eaSDavid van Moolenbroek * and 64-bit versions of libpcap, even if they're on the same platform, 161*d56f51eaSDavid van Moolenbroek * should supply the appropriate version of "struct timeval", even if 162*d56f51eaSDavid van Moolenbroek * that's not what the underlying packet capture mechanism supplies. 163*d56f51eaSDavid van Moolenbroek */ 164*d56f51eaSDavid van Moolenbroek struct pcap_pkthdr { 165*d56f51eaSDavid van Moolenbroek struct timeval ts; /* time stamp */ 166*d56f51eaSDavid van Moolenbroek bpf_u_int32 caplen; /* length of portion present */ 167*d56f51eaSDavid van Moolenbroek bpf_u_int32 len; /* length this packet (off wire) */ 168*d56f51eaSDavid van Moolenbroek }; 169*d56f51eaSDavid van Moolenbroek 170*d56f51eaSDavid van Moolenbroek /* 171*d56f51eaSDavid van Moolenbroek * As returned by the pcap_stats() 172*d56f51eaSDavid van Moolenbroek */ 173*d56f51eaSDavid van Moolenbroek struct pcap_stat { 174*d56f51eaSDavid van Moolenbroek u_int ps_recv; /* number of packets received */ 175*d56f51eaSDavid van Moolenbroek u_int ps_drop; /* number of packets dropped */ 176*d56f51eaSDavid van Moolenbroek u_int ps_ifdrop; /* drops by interface -- only supported on some platforms */ 177*d56f51eaSDavid van Moolenbroek #ifdef WIN32 178*d56f51eaSDavid van Moolenbroek u_int bs_capt; /* number of packets that reach the application */ 179*d56f51eaSDavid van Moolenbroek #endif /* WIN32 */ 180*d56f51eaSDavid van Moolenbroek }; 181*d56f51eaSDavid van Moolenbroek 182*d56f51eaSDavid van Moolenbroek #ifdef MSDOS 183*d56f51eaSDavid van Moolenbroek /* 184*d56f51eaSDavid van Moolenbroek * As returned by the pcap_stats_ex() 185*d56f51eaSDavid van Moolenbroek */ 186*d56f51eaSDavid van Moolenbroek struct pcap_stat_ex { 187*d56f51eaSDavid van Moolenbroek u_long rx_packets; /* total packets received */ 188*d56f51eaSDavid van Moolenbroek u_long tx_packets; /* total packets transmitted */ 189*d56f51eaSDavid van Moolenbroek u_long rx_bytes; /* total bytes received */ 190*d56f51eaSDavid van Moolenbroek u_long tx_bytes; /* total bytes transmitted */ 191*d56f51eaSDavid van Moolenbroek u_long rx_errors; /* bad packets received */ 192*d56f51eaSDavid van Moolenbroek u_long tx_errors; /* packet transmit problems */ 193*d56f51eaSDavid van Moolenbroek u_long rx_dropped; /* no space in Rx buffers */ 194*d56f51eaSDavid van Moolenbroek u_long tx_dropped; /* no space available for Tx */ 195*d56f51eaSDavid van Moolenbroek u_long multicast; /* multicast packets received */ 196*d56f51eaSDavid van Moolenbroek u_long collisions; 197*d56f51eaSDavid van Moolenbroek 198*d56f51eaSDavid van Moolenbroek /* detailed rx_errors: */ 199*d56f51eaSDavid van Moolenbroek u_long rx_length_errors; 200*d56f51eaSDavid van Moolenbroek u_long rx_over_errors; /* receiver ring buff overflow */ 201*d56f51eaSDavid van Moolenbroek u_long rx_crc_errors; /* recv'd pkt with crc error */ 202*d56f51eaSDavid van Moolenbroek u_long rx_frame_errors; /* recv'd frame alignment error */ 203*d56f51eaSDavid van Moolenbroek u_long rx_fifo_errors; /* recv'r fifo overrun */ 204*d56f51eaSDavid van Moolenbroek u_long rx_missed_errors; /* recv'r missed packet */ 205*d56f51eaSDavid van Moolenbroek 206*d56f51eaSDavid van Moolenbroek /* detailed tx_errors */ 207*d56f51eaSDavid van Moolenbroek u_long tx_aborted_errors; 208*d56f51eaSDavid van Moolenbroek u_long tx_carrier_errors; 209*d56f51eaSDavid van Moolenbroek u_long tx_fifo_errors; 210*d56f51eaSDavid van Moolenbroek u_long tx_heartbeat_errors; 211*d56f51eaSDavid van Moolenbroek u_long tx_window_errors; 212*d56f51eaSDavid van Moolenbroek }; 213*d56f51eaSDavid van Moolenbroek #endif 214*d56f51eaSDavid van Moolenbroek 215*d56f51eaSDavid van Moolenbroek /* 216*d56f51eaSDavid van Moolenbroek * Item in a list of interfaces. 217*d56f51eaSDavid van Moolenbroek */ 218*d56f51eaSDavid van Moolenbroek struct pcap_if { 219*d56f51eaSDavid van Moolenbroek struct pcap_if *next; 220*d56f51eaSDavid van Moolenbroek char *name; /* name to hand to "pcap_open_live()" */ 221*d56f51eaSDavid van Moolenbroek char *description; /* textual description of interface, or NULL */ 222*d56f51eaSDavid van Moolenbroek struct pcap_addr *addresses; 223*d56f51eaSDavid van Moolenbroek bpf_u_int32 flags; /* PCAP_IF_ interface flags */ 224*d56f51eaSDavid van Moolenbroek }; 225*d56f51eaSDavid van Moolenbroek 226*d56f51eaSDavid van Moolenbroek #define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */ 227*d56f51eaSDavid van Moolenbroek #define PCAP_IF_UP 0x00000002 /* interface is up */ 228*d56f51eaSDavid van Moolenbroek #define PCAP_IF_RUNNING 0x00000004 /* interface is running */ 229*d56f51eaSDavid van Moolenbroek 230*d56f51eaSDavid van Moolenbroek /* 231*d56f51eaSDavid van Moolenbroek * Representation of an interface address. 232*d56f51eaSDavid van Moolenbroek */ 233*d56f51eaSDavid van Moolenbroek struct pcap_addr { 234*d56f51eaSDavid van Moolenbroek struct pcap_addr *next; 235*d56f51eaSDavid van Moolenbroek struct sockaddr *addr; /* address */ 236*d56f51eaSDavid van Moolenbroek struct sockaddr *netmask; /* netmask for that address */ 237*d56f51eaSDavid van Moolenbroek struct sockaddr *broadaddr; /* broadcast address for that address */ 238*d56f51eaSDavid van Moolenbroek struct sockaddr *dstaddr; /* P2P destination address for that address */ 239*d56f51eaSDavid van Moolenbroek }; 240*d56f51eaSDavid van Moolenbroek 241*d56f51eaSDavid van Moolenbroek typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, 242*d56f51eaSDavid van Moolenbroek const u_char *); 243*d56f51eaSDavid van Moolenbroek 244*d56f51eaSDavid van Moolenbroek /* 245*d56f51eaSDavid van Moolenbroek * Error codes for the pcap API. 246*d56f51eaSDavid van Moolenbroek * These will all be negative, so you can check for the success or 247*d56f51eaSDavid van Moolenbroek * failure of a call that returns these codes by checking for a 248*d56f51eaSDavid van Moolenbroek * negative value. 249*d56f51eaSDavid van Moolenbroek */ 250*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR -1 /* generic error code */ 251*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_BREAK -2 /* loop terminated by pcap_breakloop */ 252*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_NOT_ACTIVATED -3 /* the capture needs to be activated */ 253*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_ACTIVATED -4 /* the operation can't be performed on already activated captures */ 254*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_NO_SUCH_DEVICE -5 /* no such device exists */ 255*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_RFMON_NOTSUP -6 /* this device doesn't support rfmon (monitor) mode */ 256*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_NOT_RFMON -7 /* operation supported only in monitor mode */ 257*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */ 258*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */ 259*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_CANTSET_TSTAMP_TYPE -10 /* this device doesn't support setting the time stamp type */ 260*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_PROMISC_PERM_DENIED -11 /* you don't have permission to capture in promiscuous mode */ 261*d56f51eaSDavid van Moolenbroek #define PCAP_ERROR_TSTAMP_PRECISION_NOTSUP -12 /* the requested time stamp precision is not supported */ 262*d56f51eaSDavid van Moolenbroek 263*d56f51eaSDavid van Moolenbroek /* 264*d56f51eaSDavid van Moolenbroek * Warning codes for the pcap API. 265*d56f51eaSDavid van Moolenbroek * These will all be positive and non-zero, so they won't look like 266*d56f51eaSDavid van Moolenbroek * errors. 267*d56f51eaSDavid van Moolenbroek */ 268*d56f51eaSDavid van Moolenbroek #define PCAP_WARNING 1 /* generic warning code */ 269*d56f51eaSDavid van Moolenbroek #define PCAP_WARNING_PROMISC_NOTSUP 2 /* this device doesn't support promiscuous mode */ 270*d56f51eaSDavid van Moolenbroek #define PCAP_WARNING_TSTAMP_TYPE_NOTSUP 3 /* the requested time stamp type is not supported */ 271*d56f51eaSDavid van Moolenbroek 272*d56f51eaSDavid van Moolenbroek /* 273*d56f51eaSDavid van Moolenbroek * Value to pass to pcap_compile() as the netmask if you don't know what 274*d56f51eaSDavid van Moolenbroek * the netmask is. 275*d56f51eaSDavid van Moolenbroek */ 276*d56f51eaSDavid van Moolenbroek #define PCAP_NETMASK_UNKNOWN 0xffffffff 277*d56f51eaSDavid van Moolenbroek 278*d56f51eaSDavid van Moolenbroek char *pcap_lookupdev(char *); 279*d56f51eaSDavid van Moolenbroek int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *); 280*d56f51eaSDavid van Moolenbroek 281*d56f51eaSDavid van Moolenbroek pcap_t *pcap_create(const char *, char *); 282*d56f51eaSDavid van Moolenbroek int pcap_set_snaplen(pcap_t *, int); 283*d56f51eaSDavid van Moolenbroek int pcap_set_promisc(pcap_t *, int); 284*d56f51eaSDavid van Moolenbroek int pcap_can_set_rfmon(pcap_t *); 285*d56f51eaSDavid van Moolenbroek int pcap_set_rfmon(pcap_t *, int); 286*d56f51eaSDavid van Moolenbroek int pcap_set_timeout(pcap_t *, int); 287*d56f51eaSDavid van Moolenbroek int pcap_set_tstamp_type(pcap_t *, int); 288*d56f51eaSDavid van Moolenbroek int pcap_set_immediate_mode(pcap_t *, int); 289*d56f51eaSDavid van Moolenbroek int pcap_set_buffer_size(pcap_t *, int); 290*d56f51eaSDavid van Moolenbroek int pcap_set_tstamp_precision(pcap_t *, int); 291*d56f51eaSDavid van Moolenbroek int pcap_get_tstamp_precision(pcap_t *); 292*d56f51eaSDavid van Moolenbroek int pcap_activate(pcap_t *); 293*d56f51eaSDavid van Moolenbroek 294*d56f51eaSDavid van Moolenbroek int pcap_list_tstamp_types(pcap_t *, int **); 295*d56f51eaSDavid van Moolenbroek void pcap_free_tstamp_types(int *); 296*d56f51eaSDavid van Moolenbroek int pcap_tstamp_type_name_to_val(const char *); 297*d56f51eaSDavid van Moolenbroek const char *pcap_tstamp_type_val_to_name(int); 298*d56f51eaSDavid van Moolenbroek const char *pcap_tstamp_type_val_to_description(int); 299*d56f51eaSDavid van Moolenbroek 300*d56f51eaSDavid van Moolenbroek /* 301*d56f51eaSDavid van Moolenbroek * Time stamp types. 302*d56f51eaSDavid van Moolenbroek * Not all systems and interfaces will necessarily support all of these. 303*d56f51eaSDavid van Moolenbroek * 304*d56f51eaSDavid van Moolenbroek * A system that supports PCAP_TSTAMP_HOST is offering time stamps 305*d56f51eaSDavid van Moolenbroek * provided by the host machine, rather than by the capture device, 306*d56f51eaSDavid van Moolenbroek * but not committing to any characteristics of the time stamp; 307*d56f51eaSDavid van Moolenbroek * it will not offer any of the PCAP_TSTAMP_HOST_ subtypes. 308*d56f51eaSDavid van Moolenbroek * 309*d56f51eaSDavid van Moolenbroek * PCAP_TSTAMP_HOST_LOWPREC is a time stamp, provided by the host machine, 310*d56f51eaSDavid van Moolenbroek * that's low-precision but relatively cheap to fetch; it's normally done 311*d56f51eaSDavid van Moolenbroek * using the system clock, so it's normally synchronized with times you'd 312*d56f51eaSDavid van Moolenbroek * fetch from system calls. 313*d56f51eaSDavid van Moolenbroek * 314*d56f51eaSDavid van Moolenbroek * PCAP_TSTAMP_HOST_HIPREC is a time stamp, provided by the host machine, 315*d56f51eaSDavid van Moolenbroek * that's high-precision; it might be more expensive to fetch. It might 316*d56f51eaSDavid van Moolenbroek * or might not be synchronized with the system clock, and might have 317*d56f51eaSDavid van Moolenbroek * problems with time stamps for packets received on different CPUs, 318*d56f51eaSDavid van Moolenbroek * depending on the platform. 319*d56f51eaSDavid van Moolenbroek * 320*d56f51eaSDavid van Moolenbroek * PCAP_TSTAMP_ADAPTER is a high-precision time stamp supplied by the 321*d56f51eaSDavid van Moolenbroek * capture device; it's synchronized with the system clock. 322*d56f51eaSDavid van Moolenbroek * 323*d56f51eaSDavid van Moolenbroek * PCAP_TSTAMP_ADAPTER_UNSYNCED is a high-precision time stamp supplied by 324*d56f51eaSDavid van Moolenbroek * the capture device; it's not synchronized with the system clock. 325*d56f51eaSDavid van Moolenbroek * 326*d56f51eaSDavid van Moolenbroek * Note that time stamps synchronized with the system clock can go 327*d56f51eaSDavid van Moolenbroek * backwards, as the system clock can go backwards. If a clock is 328*d56f51eaSDavid van Moolenbroek * not in sync with the system clock, that could be because the 329*d56f51eaSDavid van Moolenbroek * system clock isn't keeping accurate time, because the other 330*d56f51eaSDavid van Moolenbroek * clock isn't keeping accurate time, or both. 331*d56f51eaSDavid van Moolenbroek * 332*d56f51eaSDavid van Moolenbroek * Note that host-provided time stamps generally correspond to the 333*d56f51eaSDavid van Moolenbroek * time when the time-stamping code sees the packet; this could 334*d56f51eaSDavid van Moolenbroek * be some unknown amount of time after the first or last bit of 335*d56f51eaSDavid van Moolenbroek * the packet is received by the network adapter, due to batching 336*d56f51eaSDavid van Moolenbroek * of interrupts for packet arrival, queueing delays, etc.. 337*d56f51eaSDavid van Moolenbroek */ 338*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_HOST 0 /* host-provided, unknown characteristics */ 339*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_HOST_LOWPREC 1 /* host-provided, low precision */ 340*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_HOST_HIPREC 2 /* host-provided, high precision */ 341*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_ADAPTER 3 /* device-provided, synced with the system clock */ 342*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_ADAPTER_UNSYNCED 4 /* device-provided, not synced with the system clock */ 343*d56f51eaSDavid van Moolenbroek 344*d56f51eaSDavid van Moolenbroek /* 345*d56f51eaSDavid van Moolenbroek * Time stamp resolution types. 346*d56f51eaSDavid van Moolenbroek * Not all systems and interfaces will necessarily support all of these 347*d56f51eaSDavid van Moolenbroek * resolutions when doing live captures; all of them can be requested 348*d56f51eaSDavid van Moolenbroek * when reading a savefile. 349*d56f51eaSDavid van Moolenbroek */ 350*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_PRECISION_MICRO 0 /* use timestamps with microsecond precision, default */ 351*d56f51eaSDavid van Moolenbroek #define PCAP_TSTAMP_PRECISION_NANO 1 /* use timestamps with nanosecond precision */ 352*d56f51eaSDavid van Moolenbroek 353*d56f51eaSDavid van Moolenbroek pcap_t *pcap_open_live(const char *, int, int, int, char *); 354*d56f51eaSDavid van Moolenbroek pcap_t *pcap_open_dead(int, int); 355*d56f51eaSDavid van Moolenbroek pcap_t *pcap_open_dead_with_tstamp_precision(int, int, u_int); 356*d56f51eaSDavid van Moolenbroek pcap_t *pcap_open_offline_with_tstamp_precision(const char *, u_int, char *); 357*d56f51eaSDavid van Moolenbroek pcap_t *pcap_open_offline(const char *, char *); 358*d56f51eaSDavid van Moolenbroek #if defined(WIN32) 359*d56f51eaSDavid van Moolenbroek pcap_t *pcap_hopen_offline_with_tstamp_precision(intptr_t, u_int, char *); 360*d56f51eaSDavid van Moolenbroek pcap_t *pcap_hopen_offline(intptr_t, char *); 361*d56f51eaSDavid van Moolenbroek #if !defined(LIBPCAP_EXPORTS) 362*d56f51eaSDavid van Moolenbroek #define pcap_fopen_offline_with_tstamp_precision(f,p,b) \ 363*d56f51eaSDavid van Moolenbroek pcap_hopen_offline_with_tstamp_precision(_get_osfhandle(_fileno(f)), p, b) 364*d56f51eaSDavid van Moolenbroek #define pcap_fopen_offline(f,b) \ 365*d56f51eaSDavid van Moolenbroek pcap_hopen_offline(_get_osfhandle(_fileno(f)), b) 366*d56f51eaSDavid van Moolenbroek #else /*LIBPCAP_EXPORTS*/ 367*d56f51eaSDavid van Moolenbroek static pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *); 368*d56f51eaSDavid van Moolenbroek static pcap_t *pcap_fopen_offline(FILE *, char *); 369*d56f51eaSDavid van Moolenbroek #endif 370*d56f51eaSDavid van Moolenbroek #else /*WIN32*/ 371*d56f51eaSDavid van Moolenbroek pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *); 372*d56f51eaSDavid van Moolenbroek pcap_t *pcap_fopen_offline(FILE *, char *); 373*d56f51eaSDavid van Moolenbroek #endif /*WIN32*/ 374*d56f51eaSDavid van Moolenbroek 375*d56f51eaSDavid van Moolenbroek void pcap_close(pcap_t *); 376*d56f51eaSDavid van Moolenbroek int pcap_loop(pcap_t *, int, pcap_handler, u_char *); 377*d56f51eaSDavid van Moolenbroek int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *); 378*d56f51eaSDavid van Moolenbroek const u_char* 379*d56f51eaSDavid van Moolenbroek pcap_next(pcap_t *, struct pcap_pkthdr *); 380*d56f51eaSDavid van Moolenbroek int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **); 381*d56f51eaSDavid van Moolenbroek void pcap_breakloop(pcap_t *); 382*d56f51eaSDavid van Moolenbroek int pcap_stats(pcap_t *, struct pcap_stat *); 383*d56f51eaSDavid van Moolenbroek int pcap_setfilter(pcap_t *, struct bpf_program *); 384*d56f51eaSDavid van Moolenbroek int pcap_setdirection(pcap_t *, pcap_direction_t); 385*d56f51eaSDavid van Moolenbroek int pcap_getnonblock(pcap_t *, char *); 386*d56f51eaSDavid van Moolenbroek int pcap_setnonblock(pcap_t *, int, char *); 387*d56f51eaSDavid van Moolenbroek int pcap_inject(pcap_t *, const void *, size_t); 388*d56f51eaSDavid van Moolenbroek int pcap_sendpacket(pcap_t *, const u_char *, int); 389*d56f51eaSDavid van Moolenbroek const char *pcap_statustostr(int); 390*d56f51eaSDavid van Moolenbroek const char *pcap_strerror(int); 391*d56f51eaSDavid van Moolenbroek char *pcap_geterr(pcap_t *); 392*d56f51eaSDavid van Moolenbroek void pcap_perror(pcap_t *, char *); 393*d56f51eaSDavid van Moolenbroek int pcap_compile(pcap_t *, struct bpf_program *, const char *, int, 394*d56f51eaSDavid van Moolenbroek bpf_u_int32); 395*d56f51eaSDavid van Moolenbroek int pcap_compile_nopcap(int, int, struct bpf_program *, 396*d56f51eaSDavid van Moolenbroek const char *, int, bpf_u_int32); 397*d56f51eaSDavid van Moolenbroek void pcap_freecode(struct bpf_program *); 398*d56f51eaSDavid van Moolenbroek int pcap_offline_filter(const struct bpf_program *, 399*d56f51eaSDavid van Moolenbroek const struct pcap_pkthdr *, const u_char *); 400*d56f51eaSDavid van Moolenbroek int pcap_datalink(pcap_t *); 401*d56f51eaSDavid van Moolenbroek int pcap_datalink_ext(pcap_t *); 402*d56f51eaSDavid van Moolenbroek int pcap_list_datalinks(pcap_t *, int **); 403*d56f51eaSDavid van Moolenbroek int pcap_set_datalink(pcap_t *, int); 404*d56f51eaSDavid van Moolenbroek void pcap_free_datalinks(int *); 405*d56f51eaSDavid van Moolenbroek int pcap_datalink_name_to_val(const char *); 406*d56f51eaSDavid van Moolenbroek const char *pcap_datalink_val_to_name(int); 407*d56f51eaSDavid van Moolenbroek const char *pcap_datalink_val_to_description(int); 408*d56f51eaSDavid van Moolenbroek int pcap_snapshot(pcap_t *); 409*d56f51eaSDavid van Moolenbroek int pcap_is_swapped(pcap_t *); 410*d56f51eaSDavid van Moolenbroek int pcap_major_version(pcap_t *); 411*d56f51eaSDavid van Moolenbroek int pcap_minor_version(pcap_t *); 412*d56f51eaSDavid van Moolenbroek 413*d56f51eaSDavid van Moolenbroek /* XXX */ 414*d56f51eaSDavid van Moolenbroek FILE *pcap_file(pcap_t *); 415*d56f51eaSDavid van Moolenbroek int pcap_fileno(pcap_t *); 416*d56f51eaSDavid van Moolenbroek 417*d56f51eaSDavid van Moolenbroek pcap_dumper_t *pcap_dump_open(pcap_t *, const char *); 418*d56f51eaSDavid van Moolenbroek pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp); 419*d56f51eaSDavid van Moolenbroek pcap_dumper_t *pcap_dump_open_append(pcap_t *, const char *); 420*d56f51eaSDavid van Moolenbroek FILE *pcap_dump_file(pcap_dumper_t *); 421*d56f51eaSDavid van Moolenbroek long pcap_dump_ftell(pcap_dumper_t *); 422*d56f51eaSDavid van Moolenbroek int pcap_dump_flush(pcap_dumper_t *); 423*d56f51eaSDavid van Moolenbroek void pcap_dump_close(pcap_dumper_t *); 424*d56f51eaSDavid van Moolenbroek void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *); 425*d56f51eaSDavid van Moolenbroek 426*d56f51eaSDavid van Moolenbroek int pcap_findalldevs(pcap_if_t **, char *); 427*d56f51eaSDavid van Moolenbroek void pcap_freealldevs(pcap_if_t *); 428*d56f51eaSDavid van Moolenbroek 429*d56f51eaSDavid van Moolenbroek const char *pcap_lib_version(void); 430*d56f51eaSDavid van Moolenbroek 431*d56f51eaSDavid van Moolenbroek /* 432*d56f51eaSDavid van Moolenbroek * On at least some versions of NetBSD and QNX, we don't want to declare 433*d56f51eaSDavid van Moolenbroek * bpf_filter() here, as it's also be declared in <net/bpf.h>, with a 434*d56f51eaSDavid van Moolenbroek * different signature, but, on other BSD-flavored UN*Xes, it's not 435*d56f51eaSDavid van Moolenbroek * declared in <net/bpf.h>, so we *do* want to declare it here, so it's 436*d56f51eaSDavid van Moolenbroek * declared when we build pcap-bpf.c. 437*d56f51eaSDavid van Moolenbroek */ 438*d56f51eaSDavid van Moolenbroek #if !defined(__NetBSD__) && !defined(__QNX__) 439*d56f51eaSDavid van Moolenbroek u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 440*d56f51eaSDavid van Moolenbroek #endif 441*d56f51eaSDavid van Moolenbroek int bpf_validate(const struct bpf_insn *f, int len); 442*d56f51eaSDavid van Moolenbroek char *bpf_image(const struct bpf_insn *, int); 443*d56f51eaSDavid van Moolenbroek void bpf_dump(const struct bpf_program *, int); 444*d56f51eaSDavid van Moolenbroek 445*d56f51eaSDavid van Moolenbroek #if defined(WIN32) 446*d56f51eaSDavid van Moolenbroek 447*d56f51eaSDavid van Moolenbroek /* 448*d56f51eaSDavid van Moolenbroek * Win32 definitions 449*d56f51eaSDavid van Moolenbroek */ 450*d56f51eaSDavid van Moolenbroek 451*d56f51eaSDavid van Moolenbroek int pcap_setbuff(pcap_t *p, int dim); 452*d56f51eaSDavid van Moolenbroek int pcap_setmode(pcap_t *p, int mode); 453*d56f51eaSDavid van Moolenbroek int pcap_setmintocopy(pcap_t *p, int size); 454*d56f51eaSDavid van Moolenbroek Adapter *pcap_get_adapter(pcap_t *p); 455*d56f51eaSDavid van Moolenbroek 456*d56f51eaSDavid van Moolenbroek #ifdef WPCAP 457*d56f51eaSDavid van Moolenbroek /* Include file with the wpcap-specific extensions */ 458*d56f51eaSDavid van Moolenbroek #include <Win32-Extensions.h> 459*d56f51eaSDavid van Moolenbroek #endif /* WPCAP */ 460*d56f51eaSDavid van Moolenbroek 461*d56f51eaSDavid van Moolenbroek #define MODE_CAPT 0 462*d56f51eaSDavid van Moolenbroek #define MODE_STAT 1 463*d56f51eaSDavid van Moolenbroek #define MODE_MON 2 464*d56f51eaSDavid van Moolenbroek 465*d56f51eaSDavid van Moolenbroek #elif defined(MSDOS) 466*d56f51eaSDavid van Moolenbroek 467*d56f51eaSDavid van Moolenbroek /* 468*d56f51eaSDavid van Moolenbroek * MS-DOS definitions 469*d56f51eaSDavid van Moolenbroek */ 470*d56f51eaSDavid van Moolenbroek 471*d56f51eaSDavid van Moolenbroek int pcap_stats_ex (pcap_t *, struct pcap_stat_ex *); 472*d56f51eaSDavid van Moolenbroek void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait); 473*d56f51eaSDavid van Moolenbroek u_long pcap_mac_packets (void); 474*d56f51eaSDavid van Moolenbroek 475*d56f51eaSDavid van Moolenbroek #else /* UN*X */ 476*d56f51eaSDavid van Moolenbroek 477*d56f51eaSDavid van Moolenbroek /* 478*d56f51eaSDavid van Moolenbroek * UN*X definitions 479*d56f51eaSDavid van Moolenbroek */ 480*d56f51eaSDavid van Moolenbroek 481*d56f51eaSDavid van Moolenbroek int pcap_get_selectable_fd(pcap_t *); 482*d56f51eaSDavid van Moolenbroek 483*d56f51eaSDavid van Moolenbroek #endif /* WIN32/MSDOS/UN*X */ 484*d56f51eaSDavid van Moolenbroek 485*d56f51eaSDavid van Moolenbroek #ifdef __cplusplus 486*d56f51eaSDavid van Moolenbroek } 487*d56f51eaSDavid van Moolenbroek #endif 488*d56f51eaSDavid van Moolenbroek 489*d56f51eaSDavid van Moolenbroek #endif /* lib_pcap_pcap_h */ 490