1 /* $NetBSD: pcap-int.h,v 1.9 2024/09/02 15:33:37 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1994, 1995, 1996 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the Computer Systems 18 * Engineering Group at Lawrence Berkeley Laboratory. 19 * 4. Neither the name of the University nor of the Laboratory may be used 20 * to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifndef pcap_int_h 37 #define pcap_int_h 38 39 #include <stddef.h> 40 41 #include <signal.h> 42 43 #include <pcap/pcap.h> 44 45 #ifdef MSDOS 46 #include <fcntl.h> 47 #include <io.h> 48 #endif 49 50 #include "varattrs.h" 51 #include "fmtutils.h" 52 53 #include <stdarg.h> 54 55 #include "portability.h" 56 57 #define PCAP_DEBUG {printf(" [%s:%d %s] ", __FILE__, __LINE__, __func__); fflush(stdout);} 58 59 /* 60 * If we're compiling with Visual Studio, make sure we have at least 61 * VS 2015 or later, so we have sufficient C99 support. 62 * 63 * XXX - verify that we have at least C99 support on UN*Xes? 64 * 65 * What about MinGW or various DOS toolchains? We're currently assuming 66 * sufficient C99 support there. 67 */ 68 #if defined(_MSC_VER) 69 /* 70 * Compiler is MSVC. Make sure we have VS 2015 or later. 71 */ 72 #if _MSC_VER < 1900 73 #error "Building libpcap requires VS 2015 or later" 74 #endif 75 #endif 76 77 /* 78 * Version string. 79 * Uses PACKAGE_VERSION from config.h. 80 */ 81 #define PCAP_VERSION_STRING "libpcap version " PACKAGE_VERSION 82 83 #ifdef __cplusplus 84 extern "C" { 85 #endif 86 87 /* 88 * If pcapint_new_api is set, we disable pcap_lookupdev(), because: 89 * 90 * it's not thread-safe, and is marked as deprecated, on all 91 * platforms; 92 * 93 * on Windows, it may return UTF-16LE strings, which the program 94 * might then pass to pcap_create() (or to pcap_open_live(), which 95 * then passes them to pcap_create()), requiring pcap_create() to 96 * check for UTF-16LE strings using a hack, and that hack 1) 97 * *cannot* be 100% reliable and 2) runs the risk of going past the 98 * end of the string. 99 * 100 * We keep it around in legacy mode for compatibility. 101 * 102 * We also disable the aforementioned hack in pcap_create(). 103 */ 104 extern int pcapint_new_api; 105 106 /* 107 * If pcapint_utf_8_mode is set, on Windows we treat strings as UTF-8. 108 * 109 * On UN*Xes, we assume all strings are and should be in UTF-8, regardless 110 * of the setting of this flag. 111 */ 112 extern int pcapint_utf_8_mode; 113 114 /* 115 * Swap byte ordering of unsigned long long timestamp on a big endian 116 * machine. 117 */ 118 #define SWAPLL(ull) ((ull & 0xff00000000000000ULL) >> 56) | \ 119 ((ull & 0x00ff000000000000ULL) >> 40) | \ 120 ((ull & 0x0000ff0000000000ULL) >> 24) | \ 121 ((ull & 0x000000ff00000000ULL) >> 8) | \ 122 ((ull & 0x00000000ff000000ULL) << 8) | \ 123 ((ull & 0x0000000000ff0000ULL) << 24) | \ 124 ((ull & 0x000000000000ff00ULL) << 40) | \ 125 ((ull & 0x00000000000000ffULL) << 56) 126 127 /* 128 * Maximum snapshot length. 129 * 130 * Somewhat arbitrary, but chosen to be: 131 * 132 * 1) big enough for maximum-size Linux loopback packets (65549) 133 * and some USB packets captured with USBPcap: 134 * 135 * https://desowin.org/usbpcap/ 136 * 137 * (> 131072, < 262144) 138 * 139 * and 140 * 141 * 2) small enough not to cause attempts to allocate huge amounts of 142 * memory; some applications might use the snapshot length in a 143 * savefile header to control the size of the buffer they allocate, 144 * so a size of, say, 2^31-1 might not work well. (libpcap uses it 145 * as a hint, but doesn't start out allocating a buffer bigger than 146 * 2 KiB, and grows the buffer as necessary, but not beyond the 147 * per-linktype maximum snapshot length. Other code might naively 148 * use it; we want to avoid writing a too-large snapshot length, 149 * in order not to cause that code problems.) 150 * 151 * We don't enforce this in pcap_set_snaplen(), but we use it internally. 152 */ 153 #define MAXIMUM_SNAPLEN 262144 154 155 /* 156 * Locale-independent macros for testing character types. 157 * These can be passed any integral value, without worrying about, for 158 * example, sign-extending char values, unlike the C macros. 159 */ 160 #define PCAP_ISDIGIT(c) \ 161 ((c) >= '0' && (c) <= '9') 162 #define PCAP_ISXDIGIT(c) \ 163 (((c) >= '0' && (c) <= '9') || \ 164 ((c) >= 'A' && (c) <= 'F') || \ 165 ((c) >= 'a' && (c) <= 'f')) 166 167 struct pcap_opt { 168 char *device; 169 int timeout; /* timeout for buffering */ 170 u_int buffer_size; 171 int promisc; 172 int rfmon; /* monitor mode */ 173 int immediate; /* immediate mode - deliver packets as soon as they arrive */ 174 int nonblock; /* non-blocking mode - don't wait for packets to be delivered, return "no packets available" */ 175 int tstamp_type; 176 int tstamp_precision; 177 178 /* 179 * Platform-dependent options. 180 */ 181 #ifdef __linux__ 182 int protocol; /* protocol to use when creating PF_PACKET socket */ 183 #endif 184 #ifdef _WIN32 185 int nocapture_local;/* disable NPF loopback */ 186 #endif 187 }; 188 189 typedef int (*activate_op_t)(pcap_t *); 190 typedef int (*can_set_rfmon_op_t)(pcap_t *); 191 typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *); 192 typedef int (*next_packet_op_t)(pcap_t *, struct pcap_pkthdr *, u_char **); 193 typedef int (*inject_op_t)(pcap_t *, const void *, size_t); 194 typedef void (*save_current_filter_op_t)(pcap_t *, const char *); 195 typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); 196 typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t); 197 typedef int (*set_datalink_op_t)(pcap_t *, int); 198 typedef int (*getnonblock_op_t)(pcap_t *); 199 typedef int (*setnonblock_op_t)(pcap_t *, int); 200 typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *); 201 typedef void (*breakloop_op_t)(pcap_t *); 202 #ifdef _WIN32 203 typedef struct pcap_stat *(*stats_ex_op_t)(pcap_t *, int *); 204 typedef int (*setbuff_op_t)(pcap_t *, int); 205 typedef int (*setmode_op_t)(pcap_t *, int); 206 typedef int (*setmintocopy_op_t)(pcap_t *, int); 207 typedef HANDLE (*getevent_op_t)(pcap_t *); 208 typedef int (*oid_get_request_op_t)(pcap_t *, bpf_u_int32, void *, size_t *); 209 typedef int (*oid_set_request_op_t)(pcap_t *, bpf_u_int32, const void *, size_t *); 210 typedef u_int (*sendqueue_transmit_op_t)(pcap_t *, pcap_send_queue *, int); 211 typedef int (*setuserbuffer_op_t)(pcap_t *, int); 212 typedef int (*live_dump_op_t)(pcap_t *, char *, int, int); 213 typedef int (*live_dump_ended_op_t)(pcap_t *, int); 214 typedef PAirpcapHandle (*get_airpcap_handle_op_t)(pcap_t *); 215 #endif 216 typedef void (*cleanup_op_t)(pcap_t *); 217 218 /* 219 * We put all the stuff used in the read code path at the beginning, 220 * to try to keep it together in the same cache line or lines. 221 */ 222 struct pcap { 223 /* 224 * Method to call to read packets on a live capture. 225 */ 226 read_op_t read_op; 227 228 /* 229 * Method to call to read the next packet from a savefile. 230 */ 231 next_packet_op_t next_packet_op; 232 233 #ifdef _WIN32 234 HANDLE handle; 235 #else 236 int fd; 237 #endif /* _WIN32 */ 238 239 /* 240 * Read buffer. 241 */ 242 u_int bufsize; 243 void *buffer; 244 u_char *bp; 245 int cc; 246 247 sig_atomic_t break_loop; /* flag set to force break from packet-reading loop */ 248 249 void *priv; /* private data for methods */ 250 251 // #ifdef ENABLE_REMOTE 252 struct pcap_samp rmt_samp; /* parameters related to the sampling process. */ 253 // #endif 254 255 int swapped; 256 FILE *rfile; /* null if live capture, non-null if savefile */ 257 u_int fddipad; 258 struct pcap *next; /* list of open pcaps that need stuff cleared on close */ 259 260 /* 261 * File version number; meaningful only for a savefile, but we 262 * keep it here so that apps that (mistakenly) ask for the 263 * version numbers will get the same zero values that they 264 * always did. 265 */ 266 int version_major; 267 int version_minor; 268 269 int snapshot; 270 int linktype; /* Network linktype */ 271 int linktype_ext; /* Extended information stored in the linktype field of a file */ 272 int offset; /* offset for proper alignment */ 273 int activated; /* true if the capture is really started */ 274 int oldstyle; /* if we're opening with pcap_open_live() */ 275 276 struct pcap_opt opt; 277 278 /* 279 * Place holder for pcap_next(). 280 */ 281 u_char *pkt; 282 283 #ifdef _WIN32 284 struct pcap_stat stat; /* used for pcap_stats_ex() */ 285 #endif 286 287 /* We're accepting only packets in this direction/these directions. */ 288 pcap_direction_t direction; 289 290 /* 291 * Flags to affect BPF code generation. 292 */ 293 int bpf_codegen_flags; 294 295 #if !defined(_WIN32) && !defined(MSDOS) 296 int selectable_fd; /* FD on which select()/poll()/epoll_wait()/kevent()/etc. can be done */ 297 298 /* 299 * In case there either is no selectable FD, or there is but 300 * it doesn't necessarily work (e.g., if it doesn't get notified 301 * if the packet capture timeout expires before the buffer 302 * fills up), this points to a timeout that should be used 303 * in select()/poll()/epoll_wait()/kevent() call. The pcap_t should 304 * be put into non-blocking mode, and, if the timeout expires on 305 * the call, an attempt should be made to read packets from all 306 * pcap_t's with a required timeout, and the code must be 307 * prepared not to see any packets from the attempt. 308 */ 309 const struct timeval *required_select_timeout; 310 #endif 311 312 /* 313 * Placeholder for filter code if bpf not in kernel. 314 */ 315 struct bpf_program fcode; 316 317 char errbuf[PCAP_ERRBUF_SIZE + 1]; 318 #ifdef _WIN32 319 char acp_errbuf[PCAP_ERRBUF_SIZE + 1]; /* buffer for local code page error strings */ 320 #endif 321 int dlt_count; 322 u_int *dlt_list; 323 int tstamp_type_count; 324 u_int *tstamp_type_list; 325 int tstamp_precision_count; 326 u_int *tstamp_precision_list; 327 328 struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */ 329 330 /* 331 * More methods. 332 */ 333 activate_op_t activate_op; 334 can_set_rfmon_op_t can_set_rfmon_op; 335 inject_op_t inject_op; 336 save_current_filter_op_t save_current_filter_op; 337 setfilter_op_t setfilter_op; 338 setdirection_op_t setdirection_op; 339 set_datalink_op_t set_datalink_op; 340 getnonblock_op_t getnonblock_op; 341 setnonblock_op_t setnonblock_op; 342 stats_op_t stats_op; 343 breakloop_op_t breakloop_op; 344 345 /* 346 * Routine to use as callback for pcap_next()/pcap_next_ex(). 347 */ 348 pcap_handler oneshot_callback; 349 350 #ifdef _WIN32 351 /* 352 * These are, at least currently, specific to the Win32 NPF 353 * driver. 354 */ 355 stats_ex_op_t stats_ex_op; 356 setbuff_op_t setbuff_op; 357 setmode_op_t setmode_op; 358 setmintocopy_op_t setmintocopy_op; 359 getevent_op_t getevent_op; 360 oid_get_request_op_t oid_get_request_op; 361 oid_set_request_op_t oid_set_request_op; 362 sendqueue_transmit_op_t sendqueue_transmit_op; 363 setuserbuffer_op_t setuserbuffer_op; 364 live_dump_op_t live_dump_op; 365 live_dump_ended_op_t live_dump_ended_op; 366 get_airpcap_handle_op_t get_airpcap_handle_op; 367 #endif 368 cleanup_op_t cleanup_op; 369 }; 370 371 /* 372 * BPF code generation flags. 373 */ 374 #define BPF_SPECIAL_VLAN_HANDLING 0x00000001 /* special VLAN handling for Linux */ 375 376 /* 377 * User data structure for the one-shot callback used for pcap_next() 378 * and pcap_next_ex(). 379 */ 380 struct oneshot_userdata { 381 struct pcap_pkthdr *hdr; 382 const u_char **pkt; 383 pcap_t *pd; 384 }; 385 386 #ifndef min 387 #define min(a, b) ((a) > (b) ? (b) : (a)) 388 #endif 389 390 int pcapint_offline_read(pcap_t *, int, pcap_handler, u_char *); 391 392 /* 393 * Does the packet count argument to a module's read routine say 394 * "supply packets until you run out of packets"? 395 */ 396 #define PACKET_COUNT_IS_UNLIMITED(count) ((count) <= 0) 397 398 /* 399 * Routines that most pcap implementations can use for non-blocking mode. 400 */ 401 #if !defined(_WIN32) && !defined(MSDOS) 402 int pcapint_getnonblock_fd(pcap_t *); 403 int pcapint_setnonblock_fd(pcap_t *p, int); 404 #endif 405 406 /* 407 * Internal interfaces for "pcap_create()". 408 * 409 * "pcapint_create_interface()" is the routine to do a pcap_create on 410 * a regular network interface. There are multiple implementations 411 * of this, one for each platform type (Linux, BPF, DLPI, etc.), 412 * with the one used chosen by the configure script. 413 * 414 * "pcapint_create_common()" allocates and fills in a pcap_t, for use 415 * by pcap_create routines. 416 */ 417 pcap_t *pcapint_create_interface(const char *, char *); 418 419 /* 420 * This wrapper takes an error buffer pointer and a type to use for the 421 * private data, and calls pcapint_create_common(), passing it the error 422 * buffer pointer, the size for the private data type, in bytes, and the 423 * offset of the private data from the beginning of the structure, in 424 * bytes. 425 */ 426 #define PCAP_CREATE_COMMON(ebuf, type) \ 427 pcapint_create_common(ebuf, \ 428 sizeof (struct { pcap_t __common; type __private; }), \ 429 offsetof (struct { pcap_t __common; type __private; }, __private)) 430 pcap_t *pcapint_create_common(char *, size_t, size_t); 431 int pcapint_do_addexit(pcap_t *); 432 void pcapint_add_to_pcaps_to_close(pcap_t *); 433 void pcapint_remove_from_pcaps_to_close(pcap_t *); 434 void pcapint_cleanup_live_common(pcap_t *); 435 int pcapint_check_activated(pcap_t *); 436 void pcapint_breakloop_common(pcap_t *); 437 438 /* 439 * Internal interfaces for "pcap_findalldevs()". 440 * 441 * A pcap_if_list_t * is a reference to a list of devices. 442 * 443 * A get_if_flags_func is a platform-dependent function called to get 444 * additional interface flags. 445 * 446 * "pcapint_platform_finddevs()" is the platform-dependent routine to 447 * find local network interfaces. 448 * 449 * "pcapint_findalldevs_interfaces()" is a helper to find those interfaces 450 * using the "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.). 451 * 452 * "pcapint_add_dev()" adds an entry to a pcap_if_list_t. 453 * 454 * "pcap_add_any_dev()" adds an entry for the "any" device to a pcap_if_list_t. 455 * 456 * "pcapint_find_dev()" tries to find a device, by name, in a pcap_if_list_t. 457 * 458 * "pcapint_find_or_add_dev()" checks whether a device is already in a 459 * pcap_if_list_t and, if not, adds an entry for it. 460 */ 461 struct pcap_if_list; 462 typedef struct pcap_if_list pcap_if_list_t; 463 typedef int (*get_if_flags_func)(const char *, bpf_u_int32 *, char *); 464 int pcapint_platform_finddevs(pcap_if_list_t *, char *); 465 #if !defined(_WIN32) && !defined(MSDOS) 466 int pcapint_findalldevs_interfaces(pcap_if_list_t *, char *, 467 int (*)(const char *), get_if_flags_func); 468 #endif 469 pcap_if_t *pcapint_find_or_add_dev(pcap_if_list_t *, const char *, bpf_u_int32, 470 get_if_flags_func, const char *, char *); 471 pcap_if_t *pcapint_find_dev(pcap_if_list_t *, const char *); 472 pcap_if_t *pcapint_add_dev(pcap_if_list_t *, const char *, bpf_u_int32, 473 const char *, char *); 474 pcap_if_t *pcap_add_any_dev(pcap_if_list_t *, char *); 475 int pcapint_add_addr_to_dev(pcap_if_t *, struct sockaddr *, size_t, 476 struct sockaddr *, size_t, struct sockaddr *, size_t, 477 struct sockaddr *dstaddr, size_t, char *errbuf); 478 #ifndef _WIN32 479 pcap_if_t *pcapint_find_or_add_if(pcap_if_list_t *, const char *, uint64_t, 480 get_if_flags_func, char *); 481 int pcapint_add_addr_to_if(pcap_if_list_t *, const char *, uint64_t, 482 get_if_flags_func, 483 struct sockaddr *, size_t, struct sockaddr *, size_t, 484 struct sockaddr *, size_t, struct sockaddr *, size_t, char *); 485 #endif 486 487 /* 488 * Internal interfaces for "pcap_open_offline()" and other savefile 489 * I/O routines. 490 * 491 * "pcapint_open_offline_common()" allocates and fills in a pcap_t, for use 492 * by pcap_open_offline routines. 493 * 494 * "pcapint_adjust_snapshot()" adjusts the snapshot to be non-zero and 495 * fit within an int. 496 * 497 * "pcapint_sf_cleanup()" closes the file handle associated with a pcap_t, if 498 * appropriate, and frees all data common to all modules for handling 499 * savefile types. 500 * 501 * "pcapint_charset_fopen()", in UTF-8 mode on Windows, does an fopen() that 502 * treats the pathname as being in UTF-8, rather than the local 503 * code page, on Windows. 504 */ 505 506 /* 507 * This wrapper takes an error buffer pointer and a type to use for the 508 * private data, and calls pcapint_create_common(), passing it the error 509 * buffer pointer, the size for the private data type, in bytes, and the 510 * offset of the private data from the beginning of the structure, in 511 * bytes. 512 */ 513 #define PCAP_OPEN_OFFLINE_COMMON(ebuf, type) \ 514 pcapint_open_offline_common(ebuf, \ 515 sizeof (struct { pcap_t __common; type __private; }), \ 516 offsetof (struct { pcap_t __common; type __private; }, __private)) 517 pcap_t *pcapint_open_offline_common(char *ebuf, size_t total_size, 518 size_t private_data); 519 bpf_u_int32 pcapint_adjust_snapshot(bpf_u_int32 linktype, bpf_u_int32 snaplen); 520 void pcapint_sf_cleanup(pcap_t *p); 521 #ifdef _WIN32 522 FILE *pcapint_charset_fopen(const char *path, const char *mode); 523 #else 524 /* 525 * On other OSes, just use Boring Old fopen(). 526 */ 527 #define pcapint_charset_fopen(path, mode) fopen((path), (mode)) 528 #endif 529 530 /* 531 * Internal interfaces for loading code at run time. 532 */ 533 #ifdef _WIN32 534 #define pcap_code_handle_t HMODULE 535 #define pcap_funcptr_t FARPROC 536 537 pcap_code_handle_t pcapint_load_code(const char *); 538 pcap_funcptr_t pcapint_find_function(pcap_code_handle_t, const char *); 539 #endif 540 541 /* 542 * Internal interfaces for doing user-mode filtering of packets and 543 * validating filter programs. 544 */ 545 #ifndef __NetBSD__ 546 /* 547 * Auxiliary data, for use when interpreting a filter intended for the 548 * Linux kernel when the kernel rejects the filter (requiring us to 549 * run it in userland). It contains VLAN tag information. 550 */ 551 struct pcap_bpf_aux_data { 552 u_short vlan_tag_present; 553 u_short vlan_tag; 554 }; 555 #else 556 #define pcap_bpf_aux_data bpf_aux_data 557 #endif 558 559 /* 560 * Filtering routine that takes the auxiliary data as an additional 561 * argument. 562 */ 563 u_int pcapint_filter_with_aux_data(const struct bpf_insn *, 564 const u_char *, u_int, u_int, const struct pcap_bpf_aux_data *); 565 566 /* 567 * Filtering routine that doesn't. 568 */ 569 u_int pcapint_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 570 571 /* 572 * Routine to validate a BPF program. 573 */ 574 int pcapint_validate_filter(const struct bpf_insn *, int); 575 576 /* 577 * Internal interfaces for both "pcap_create()" and routines that 578 * open savefiles. 579 * 580 * "pcapint_oneshot()" is the standard one-shot callback for "pcap_next()" 581 * and "pcap_next_ex()". 582 */ 583 void pcapint_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *); 584 585 int pcapint_install_bpf_program(pcap_t *, struct bpf_program *); 586 587 int pcapint_strcasecmp(const char *, const char *); 588 589 /* 590 * Internal interfaces for pcap_createsrcstr and pcap_parsesrcstr with 591 * the additional bit of information regarding SSL support (rpcap:// vs. 592 * rpcaps://). 593 */ 594 int pcapint_createsrcstr_ex(char *, int, const char *, const char *, 595 const char *, unsigned char, char *); 596 int pcapint_parsesrcstr_ex(const char *, int *, char *, char *, 597 char *, unsigned char *, char *); 598 599 #ifdef YYDEBUG 600 extern int pcap_debug; 601 #endif 602 603 #ifdef __cplusplus 604 } 605 #endif 606 607 #endif 608