1 /* $NetBSD: pcap-int.h,v 1.1.1.4 2013/12/31 16:57:24 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1994, 1995, 1996 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the Computer Systems 18 * Engineering Group at Lawrence Berkeley Laboratory. 19 * 4. Neither the name of the University nor of the Laboratory may be used 20 * to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * @(#) Header: /tcpdump/master/libpcap/pcap-int.h,v 1.94 2008-09-16 00:20:23 guy Exp (LBL) 36 */ 37 38 #ifndef pcap_int_h 39 #define pcap_int_h 40 41 #include <pcap/pcap.h> 42 43 #ifdef __cplusplus 44 extern "C" { 45 #endif 46 47 #ifdef WIN32 48 #include <Packet32.h> 49 extern CRITICAL_SECTION g_PcapCompileCriticalSection; 50 #endif /* WIN32 */ 51 52 #ifdef MSDOS 53 #include <fcntl.h> 54 #include <io.h> 55 #endif 56 57 #if (defined(_MSC_VER) && (_MSC_VER <= 1200)) /* we are compiling with Visual Studio 6, that doesn't support the LL suffix*/ 58 59 /* 60 * Swap byte ordering of unsigned long long timestamp on a big endian 61 * machine. 62 */ 63 #define SWAPLL(ull) ((ull & 0xff00000000000000) >> 56) | \ 64 ((ull & 0x00ff000000000000) >> 40) | \ 65 ((ull & 0x0000ff0000000000) >> 24) | \ 66 ((ull & 0x000000ff00000000) >> 8) | \ 67 ((ull & 0x00000000ff000000) << 8) | \ 68 ((ull & 0x0000000000ff0000) << 24) | \ 69 ((ull & 0x000000000000ff00) << 40) | \ 70 ((ull & 0x00000000000000ff) << 56) 71 72 #else /* A recent Visual studio compiler or not VC */ 73 74 /* 75 * Swap byte ordering of unsigned long long timestamp on a big endian 76 * machine. 77 */ 78 #define SWAPLL(ull) ((ull & 0xff00000000000000LL) >> 56) | \ 79 ((ull & 0x00ff000000000000LL) >> 40) | \ 80 ((ull & 0x0000ff0000000000LL) >> 24) | \ 81 ((ull & 0x000000ff00000000LL) >> 8) | \ 82 ((ull & 0x00000000ff000000LL) << 8) | \ 83 ((ull & 0x0000000000ff0000LL) << 24) | \ 84 ((ull & 0x000000000000ff00LL) << 40) | \ 85 ((ull & 0x00000000000000ffLL) << 56) 86 87 #endif /* _MSC_VER */ 88 89 struct pcap_opt { 90 char *source; 91 int timeout; /* timeout for buffering */ 92 int buffer_size; 93 int promisc; 94 int rfmon; /* monitor mode */ 95 int immediate; /* immediate mode - deliver packets as soon as they arrive */ 96 int tstamp_type; 97 int tstamp_precision; 98 }; 99 100 typedef int (*activate_op_t)(pcap_t *); 101 typedef int (*can_set_rfmon_op_t)(pcap_t *); 102 typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *); 103 typedef int (*inject_op_t)(pcap_t *, const void *, size_t); 104 typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); 105 typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t); 106 typedef int (*set_datalink_op_t)(pcap_t *, int); 107 typedef int (*getnonblock_op_t)(pcap_t *, char *); 108 typedef int (*setnonblock_op_t)(pcap_t *, int, char *); 109 typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *); 110 #ifdef WIN32 111 typedef int (*setbuff_op_t)(pcap_t *, int); 112 typedef int (*setmode_op_t)(pcap_t *, int); 113 typedef int (*setmintocopy_op_t)(pcap_t *, int); 114 typedef Adapter *(*getadapter_op_t)(pcap_t *); 115 #endif 116 typedef void (*cleanup_op_t)(pcap_t *); 117 118 /* 119 * We put all the stuff used in the read code path at the beginning, 120 * to try to keep it together in the same cache line or lines. 121 */ 122 struct pcap { 123 /* 124 * Method to call to read packets on a live capture. 125 */ 126 read_op_t read_op; 127 128 /* 129 * Method to call to read to read packets from a savefile. 130 */ 131 int (*next_packet_op)(pcap_t *, struct pcap_pkthdr *, u_char **); 132 133 #ifdef WIN32 134 ADAPTER *adapter; 135 LPPACKET Packet; 136 int nonblock; 137 #else 138 int fd; 139 int selectable_fd; 140 #endif /* WIN32 */ 141 142 /* 143 * Read buffer. 144 */ 145 int bufsize; 146 u_char *buffer; 147 u_char *bp; 148 int cc; 149 150 int break_loop; /* flag set to force break from packet-reading loop */ 151 152 void *priv; /* private data for methods */ 153 154 int swapped; 155 FILE *rfile; /* null if live capture, non-null if savefile */ 156 int fddipad; 157 struct pcap *next; /* list of open pcaps that need stuff cleared on close */ 158 159 /* 160 * File version number; meaningful only for a savefile, but we 161 * keep it here so that apps that (mistakenly) ask for the 162 * version numbers will get the same zero values that they 163 * always did. 164 */ 165 int version_major; 166 int version_minor; 167 168 int snapshot; 169 int linktype; /* Network linktype */ 170 int linktype_ext; /* Extended information stored in the linktype field of a file */ 171 int tzoff; /* timezone offset */ 172 int offset; /* offset for proper alignment */ 173 int activated; /* true if the capture is really started */ 174 int oldstyle; /* if we're opening with pcap_open_live() */ 175 176 struct pcap_opt opt; 177 178 /* 179 * Place holder for pcap_next(). 180 */ 181 u_char *pkt; 182 183 /* We're accepting only packets in this direction/these directions. */ 184 pcap_direction_t direction; 185 186 /* 187 * Placeholder for filter code if bpf not in kernel. 188 */ 189 struct bpf_program fcode; 190 191 char errbuf[PCAP_ERRBUF_SIZE + 1]; 192 int dlt_count; 193 u_int *dlt_list; 194 int tstamp_type_count; 195 u_int *tstamp_type_list; 196 int tstamp_precision_count; 197 u_int *tstamp_precision_list; 198 199 struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */ 200 201 /* 202 * More methods. 203 */ 204 activate_op_t activate_op; 205 can_set_rfmon_op_t can_set_rfmon_op; 206 inject_op_t inject_op; 207 setfilter_op_t setfilter_op; 208 setdirection_op_t setdirection_op; 209 set_datalink_op_t set_datalink_op; 210 getnonblock_op_t getnonblock_op; 211 setnonblock_op_t setnonblock_op; 212 stats_op_t stats_op; 213 214 /* 215 * Routine to use as callback for pcap_next()/pcap_next_ex(). 216 */ 217 pcap_handler oneshot_callback; 218 219 #ifdef WIN32 220 /* 221 * These are, at least currently, specific to the Win32 NPF 222 * driver. 223 */ 224 setbuff_op_t setbuff_op; 225 setmode_op_t setmode_op; 226 setmintocopy_op_t setmintocopy_op; 227 getadapter_op_t getadapter_op; 228 #endif 229 cleanup_op_t cleanup_op; 230 }; 231 232 /* 233 * This is a timeval as stored in a savefile. 234 * It has to use the same types everywhere, independent of the actual 235 * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some 236 * platforms and 64-bit tv_sec values on other platforms, and writing 237 * out native `struct timeval' values would mean files could only be 238 * read on systems with the same tv_sec size as the system on which 239 * the file was written. 240 */ 241 242 struct pcap_timeval { 243 bpf_int32 tv_sec; /* seconds */ 244 bpf_int32 tv_usec; /* microseconds */ 245 }; 246 247 /* 248 * This is a `pcap_pkthdr' as actually stored in a savefile. 249 * 250 * Do not change the format of this structure, in any way (this includes 251 * changes that only affect the length of fields in this structure), 252 * and do not make the time stamp anything other than seconds and 253 * microseconds (e.g., seconds and nanoseconds). Instead: 254 * 255 * introduce a new structure for the new format; 256 * 257 * send mail to "tcpdump-workers@lists.tcpdump.org", requesting 258 * a new magic number for your new capture file format, and, when 259 * you get the new magic number, put it in "savefile.c"; 260 * 261 * use that magic number for save files with the changed record 262 * header; 263 * 264 * make the code in "savefile.c" capable of reading files with 265 * the old record header as well as files with the new record header 266 * (using the magic number to determine the header format). 267 * 268 * Then supply the changes by forking the branch at 269 * 270 * https://github.com/the-tcpdump-group/libpcap/issues 271 * 272 * and issuing a pull request, so that future versions of libpcap and 273 * programs that use it (such as tcpdump) will be able to read your new 274 * capture file format. 275 */ 276 277 struct pcap_sf_pkthdr { 278 struct pcap_timeval ts; /* time stamp */ 279 bpf_u_int32 caplen; /* length of portion present */ 280 bpf_u_int32 len; /* length this packet (off wire) */ 281 }; 282 283 /* 284 * How a `pcap_pkthdr' is actually stored in savefiles written 285 * by some patched versions of libpcap (e.g. the ones in Red 286 * Hat Linux 6.1 and 6.2). 287 * 288 * Do not change the format of this structure, in any way (this includes 289 * changes that only affect the length of fields in this structure). 290 * Instead, introduce a new structure, as per the above. 291 */ 292 293 struct pcap_sf_patched_pkthdr { 294 struct pcap_timeval ts; /* time stamp */ 295 bpf_u_int32 caplen; /* length of portion present */ 296 bpf_u_int32 len; /* length this packet (off wire) */ 297 int index; 298 unsigned short protocol; 299 unsigned char pkt_type; 300 }; 301 302 /* 303 * User data structure for the one-shot callback used for pcap_next() 304 * and pcap_next_ex(). 305 */ 306 struct oneshot_userdata { 307 struct pcap_pkthdr *hdr; 308 const u_char **pkt; 309 pcap_t *pd; 310 }; 311 312 int yylex(void); 313 314 #ifndef min 315 #define min(a, b) ((a) > (b) ? (b) : (a)) 316 #endif 317 318 /* XXX should these be in pcap.h? */ 319 int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); 320 int pcap_read(pcap_t *, int cnt, pcap_handler, u_char *); 321 322 #ifndef HAVE_STRLCPY 323 #define strlcpy(x, y, z) \ 324 (strncpy((x), (y), (z)), \ 325 ((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \ 326 strlen((y))) 327 #endif 328 329 #include <stdarg.h> 330 331 #if !defined(HAVE_SNPRINTF) 332 #define snprintf pcap_snprintf 333 extern int snprintf (char *, size_t, const char *, ...); 334 #endif 335 336 #if !defined(HAVE_VSNPRINTF) 337 #define vsnprintf pcap_vsnprintf 338 extern int vsnprintf (char *, size_t, const char *, va_list ap); 339 #endif 340 341 /* 342 * Routines that most pcap implementations can use for non-blocking mode. 343 */ 344 #if !defined(WIN32) && !defined(MSDOS) 345 int pcap_getnonblock_fd(pcap_t *, char *); 346 int pcap_setnonblock_fd(pcap_t *p, int, char *); 347 #endif 348 349 /* 350 * Internal interfaces for "pcap_create()". 351 * 352 * "pcap_create_interface()" is the routine to do a pcap_create on 353 * a regular network interface. There are multiple implementations 354 * of this, one for each platform type (Linux, BPF, DLPI, etc.), 355 * with the one used chosen by the configure script. 356 * 357 * "pcap_create_common()" allocates and fills in a pcap_t, for use 358 * by pcap_create routines. 359 */ 360 pcap_t *pcap_create_interface(const char *, char *); 361 pcap_t *pcap_create_common(const char *, char *, size_t); 362 int pcap_do_addexit(pcap_t *); 363 void pcap_add_to_pcaps_to_close(pcap_t *); 364 void pcap_remove_from_pcaps_to_close(pcap_t *); 365 void pcap_cleanup_live_common(pcap_t *); 366 int pcap_not_initialized(pcap_t *); 367 int pcap_check_activated(pcap_t *); 368 369 /* 370 * Internal interfaces for "pcap_findalldevs()". 371 * 372 * "pcap_findalldevs_interfaces()" finds interfaces using the 373 * "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.). 374 * 375 * "pcap_platform_finddevs()" is a platform-dependent routine to 376 * add devices not found by the "standard" mechanisms. 377 * 378 * "pcap_add_if()" adds an interface to the list of interfaces, for 379 * use by various "find interfaces" routines. 380 */ 381 int pcap_findalldevs_interfaces(pcap_if_t **, char *); 382 int pcap_platform_finddevs(pcap_if_t **, char *); 383 int add_addr_to_iflist(pcap_if_t **, const char *, u_int, struct sockaddr *, 384 size_t, struct sockaddr *, size_t, struct sockaddr *, size_t, 385 struct sockaddr *, size_t, char *); 386 int pcap_add_if(pcap_if_t **, const char *, u_int, const char *, char *); 387 struct sockaddr *dup_sockaddr(struct sockaddr *, size_t); 388 int add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, u_int, 389 const char *, char *); 390 391 /* 392 * Internal interfaces for "pcap_open_offline()". 393 * 394 * "pcap_open_offline_common()" allocates and fills in a pcap_t, for use 395 * by pcap_open_offline routines. 396 * 397 * "sf_cleanup()" closes the file handle associated with a pcap_t, if 398 * appropriate, and frees all data common to all modules for handling 399 * savefile types. 400 */ 401 pcap_t *pcap_open_offline_common(char *ebuf, size_t size); 402 void sf_cleanup(pcap_t *p); 403 404 /* 405 * Internal interfaces for both "pcap_create()" and routines that 406 * open savefiles. 407 * 408 * "pcap_oneshot()" is the standard one-shot callback for "pcap_next()" 409 * and "pcap_next_ex()". 410 */ 411 void pcap_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *); 412 413 #ifdef WIN32 414 char *pcap_win32strerror(void); 415 #endif 416 417 int install_bpf_program(pcap_t *, struct bpf_program *); 418 419 int pcap_strcasecmp(const char *, const char *); 420 421 #ifdef __cplusplus 422 } 423 #endif 424 425 #endif 426