1 /* 2 * Copyright (c) 2003 Can Erkin Acar 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #ifndef _PRIVSEP_H_ 18 #define _PRIVSEP_H_ 19 20 #include <pcap-int.h> 21 22 #define TCPDUMP_MAGIC 0xa1b2c3d4 23 24 /* file ids used by priv_getlines */ 25 #define FTAB_APPLETALK 0 26 #define FTAB_PFOSFP 1 27 28 enum cmd_types { 29 PRIV_OPEN_BPF, /* open a bpf descriptor */ 30 PRIV_OPEN_DUMP, /* open dump file for reading */ 31 PRIV_OPEN_OUTPUT, /* open output file */ 32 PRIV_SETFILTER, /* set a bpf read filter */ 33 PRIV_GETHOSTBYADDR, /* resolve numeric address into hostname */ 34 PRIV_ETHER_NTOHOST, /* translate ethernet address into host name */ 35 PRIV_GETRPCBYNUMBER, /* translate rpc number into name */ 36 PRIV_GETSERVENTRIES, /* get the service entries table */ 37 PRIV_GETPROTOENTRIES, /* get the ip protocol entries table */ 38 PRIV_LOCALTIME, /* return localtime */ 39 PRIV_GETLINES, /* get lines from a file */ 40 PRIV_INIT_DONE, /* signal that the initialization is done */ 41 PRIV_PCAP_STATS /* get pcap_stats() results */ 42 }; 43 44 struct ether_addr; 45 46 /* Privilege separation */ 47 int priv_init(int, char **); 48 void priv_init_done(void); 49 50 int setfilter(int, int, char *); 51 int pcap_live(const char *, int, int, u_int, u_int); 52 53 struct bpf_program *priv_pcap_setfilter(pcap_t *, int, u_int32_t); 54 pcap_t *priv_pcap_live(const char *, int, int, int, char *, u_int, 55 u_int); 56 pcap_t *priv_pcap_offline(const char *, char *); 57 58 size_t priv_gethostbyaddr(char *, size_t, int, char *, size_t); 59 size_t priv_ether_ntohost(char *, size_t, struct ether_addr *); 60 size_t priv_getrpcbynumber(int, char *, size_t); 61 62 struct tm *priv_localtime(const time_t *); 63 64 /* Start getting service entries */ 65 void priv_getserventries(void); 66 67 /* Retrieve a single service entry, should be called repeatedly after 68 calling priv_getserventries() until it returns zero */ 69 size_t priv_getserventry(char *, size_t, int *, char *, size_t); 70 71 /* Start getting ip protocol entries */ 72 void priv_getprotoentries(void); 73 74 /* Retrieve a single protocol entry, should be called repeatedly after 75 calling priv_getprotoentries() until it returns zero */ 76 size_t priv_getprotoentry(char *, size_t, int *); 77 78 /* Start getting lines from a file */ 79 void priv_getlines(size_t); 80 81 /* Retrieve a single line from a file, should be called repeatedly after 82 calling priv_getlines() until it returns zero */ 83 size_t priv_getline(char *, size_t); 84 85 /* Return the pcap statistics upon completion */ 86 int priv_pcap_stats(struct pcap_stat *); 87 88 pcap_dumper_t *priv_pcap_dump_open(pcap_t *, char *); 89 90 /* File descriptor send/recv */ 91 void send_fd(int, int); 92 int receive_fd(int); 93 94 /* communications over the channel */ 95 int may_read(int, void *, size_t); 96 void must_read(int, void *, size_t); 97 void must_write(int, const void *, size_t); 98 size_t read_block(int, char *, size_t, const char *); 99 size_t read_string(int, char *, size_t, const char *); 100 void write_block(int, size_t, const char *); 101 void write_command(int, int); 102 void write_string(int, const char *); 103 void write_zero(int); 104 105 extern int priv_fd; 106 107 #endif 108