WinPcap  4.1.3
pcap-remote.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3  * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16  * nor the names of its contributors may be used to endorse or promote
17  * products derived from this software without specific prior written
18  * permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  */
33 
34 #ifndef __PCAP_REMOTE_H__
35 #define __PCAP_REMOTE_H__
36 
37 
38 #include "pcap.h"
39 #include "sockutils.h" // Needed for some structures (like SOCKET, sockaddr_in) which are used here
40 
41 
74 /*********************************************************
75  * *
76  * General definitions / typedefs for the RPCAP protocol *
77  * *
78  *********************************************************/
79 
80 // All the following structures and typedef belongs to the Private Documentation
85 #define RPCAP_DEFAULT_NETPORT "2002"
87 #define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
88 #define RPCAP_DEFAULT_NETADDR ""
89 #define RPCAP_VERSION 0
90 #define RPCAP_TIMEOUT_INIT 90
91 #define RPCAP_TIMEOUT_RUNTIME 180
92 #define RPCAP_ACTIVE_WAIT 30
93 #define RPCAP_SUSPEND_WRONGAUTH 1
99 #define RPCAP_NETBUF_SIZE 64000
100 
101 
109 #define RPCAP_HOSTLIST_SEP " ,;\n\r"
110 
111 
112 
113 
114 // WARNING: These could need to be changed on other platforms
115 typedef unsigned char uint8;
116 typedef unsigned short uint16;
117 typedef unsigned int uint32;
118 typedef int int32;
119 
120 
121 
122 
134 {
135  struct sockaddr_storage host;
136  SOCKET sockctrl;
137  struct activehosts *next;
138 };
139 
140 
141 /*********************************************************
142  * *
143  * Protocol messages formats *
144  * *
145  *********************************************************/
146 // WARNING Take care you compiler does not insert padding for better alignments into these structs
147 
148 
151 {
156 };
157 
158 
161 {
167 };
168 
169 
172 {
173  struct sockaddr_storage addr;
174  struct sockaddr_storage netmask;
175  struct sockaddr_storage broadaddr;
176  struct sockaddr_storage dstaddr;
177 };
178 
179 
180 
187 {
190 };
191 
192 
193 
196 {
201 };
202 
203 
206 {
210 };
211 
212 
220 {
226 };
227 
228 
231 {
235 };
236 
237 
240 {
245 };
246 
247 
250 {
255 };
256 
257 
260 {
265 };
266 
267 
270 {
275 };
276 
277 
278 
279 // Messages field coding
280 #define RPCAP_MSG_ERROR 1
281 #define RPCAP_MSG_FINDALLIF_REQ 2
282 #define RPCAP_MSG_OPEN_REQ 3
283 #define RPCAP_MSG_STARTCAP_REQ 4
284 #define RPCAP_MSG_UPDATEFILTER_REQ 5
285 #define RPCAP_MSG_CLOSE 6
286 #define RPCAP_MSG_PACKET 7
287 #define RPCAP_MSG_AUTH_REQ 8
288 #define RPCAP_MSG_STATS_REQ 9
289 #define RPCAP_MSG_ENDCAP_REQ 10
290 #define RPCAP_MSG_SETSAMPLING_REQ 11
292 #define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)
293 #define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)
294 #define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)
295 #define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)
296 #define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)
297 #define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)
298 #define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)
299 #define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)
301 #define RPCAP_STARTCAPREQ_FLAG_PROMISC 1
302 #define RPCAP_STARTCAPREQ_FLAG_DGRAM 2
303 #define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4
304 #define RPCAP_STARTCAPREQ_FLAG_INBOUND 8
305 #define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16
307 #define RPCAP_UPDATEFILTER_BPF 1
310 // Network error codes
311 #define PCAP_ERR_NETW 1
312 #define PCAP_ERR_INITTIMEOUT 2
313 #define PCAP_ERR_AUTH 3
314 #define PCAP_ERR_FINDALLIF 4
315 #define PCAP_ERR_NOREMOTEIF 5
316 #define PCAP_ERR_OPEN 6
317 #define PCAP_ERR_UPDATEFILTER 7
318 #define PCAP_ERR_GETSTATS 8
319 #define PCAP_ERR_READEX 9
320 #define PCAP_ERR_HOSTNOAUTH 10
321 #define PCAP_ERR_REMOTEACCEPT 11
322 #define PCAP_ERR_STARTCAPTURE 12
323 #define PCAP_ERR_ENDCAPTURE 13
324 #define PCAP_ERR_RUNTIMETIMEOUT 14
325 #define PCAP_ERR_SETSAMPLING 15
326 #define PCAP_ERR_WRONGMSG 16
327 #define PCAP_ERR_WRONGVER 17 // end of private documentation
331 
332 
333 
334 
335 
336 
337 /*********************************************************
338  * *
339  * Exported funtion prototypes *
340  * *
341  *********************************************************/
342 int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth);
344 
345 int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data);
346 int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
347 int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog);
348 int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog);
349 int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps);
352 void pcap_cleanup_remote(pcap_t *p);
353 
354 void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
355 int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
356 int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
357 int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
358 int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
359 
360 int rpcap_remoteact_getsock(const char *host, char *errbuf);
361 
362 #endif
363 
Structure that is needed to set sampling parameters.
Definition: pcap-remote.h:269
uint32 ifrecv
Packets received by the kernel filter (i.e. pcap_stats.ps_recv)
Definition: pcap-remote.h:261
uint32 plen
Length of the payload of this RPCAP message.
Definition: pcap-remote.h:155
int pcap_setsampling_remote(pcap_t *p)
struct sockaddr_storage broadaddr
Broadcast address for that address.
Definition: pcap-remote.h:175
Header of a packet in the dump file.
Definition: incs/pcap.h:126
uint16 value
Message-dependent value (not always used)
Definition: pcap-remote.h:154
Format of the reply message that devoted to start a remote capture (startcap reply command) ...
Definition: pcap-remote.h:205
struct sockaddr_storage netmask
Netmask for that address.
Definition: pcap-remote.h:174
int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
uint16 dummy
Must be zero.
Definition: pcap-remote.h:209
uint16 slen1
Length of the first authentication item (e.g. username)
Definition: pcap-remote.h:253
uint32 krnldrop
Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop)
Definition: pcap-remote.h:263
uint16 dummy
Must be zero.
Definition: pcap-remote.h:252
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
Definition: incs/pcap.h:70
uint8 ver
RPCAP version number.
Definition: pcap-remote.h:152
uint16 filtertype
type of the filter transferred (BPF instructions, ...)
Definition: pcap-remote.h:232
Format of the message for the interface description (findalldevs command)
Definition: pcap-remote.h:160
uint8 method
Sampling method.
Definition: pcap-remote.h:271
uint32 svrcapt
Packets captured by the RPCAP daemon and sent on the network.
Definition: pcap-remote.h:264
Keeps a list of all the opened connections in the active mode.
Definition: pcap-remote.h:133
Structure that keeps statistical values on an interface.
Definition: incs/pcap.h:136
uint16 dummy
Must be zero.
Definition: pcap-remote.h:166
SOCKET sockctrl
Definition: pcap-remote.h:136
Structure that keeps the data required for the authentication on the remote host. ...
Definition: pcap-remote.h:249
uint32 read_timeout
Read timeout in milliseconds.
Definition: pcap-remote.h:198
unsigned short uint16
Provides a 16-bits unsigned integer.
Definition: pcap-remote.h:116
int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps)
uint16 slen2
Length of the second authentication item (e.g. password)
Definition: pcap-remote.h:254
uint32 nitems
Number of items contained into the filter (e.g. BPF instructions for BPF filters) ...
Definition: pcap-remote.h:234
uint32 value
Parameter related to the sampling method.
Definition: pcap-remote.h:274
int32 k
instruction-dependent value
Definition: pcap-remote.h:244
int32 linktype
Link type.
Definition: pcap-remote.h:188
uint16 dummy2
Must be zero.
Definition: pcap-remote.h:273
uint32 flags
Interface flags.
Definition: pcap-remote.h:164
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
Common header for all the RPCAP messages.
Definition: pcap-remote.h:150
int int32
Provides a 32-bits integer.
Definition: pcap-remote.h:118
struct activehosts * next
Definition: pcap-remote.h:137
uint16 dummy
Must be zero.
Definition: pcap-remote.h:233
unsigned char uint8
Provides an 8-bits unsigned integer.
Definition: pcap-remote.h:115
uint32 timestamp_usec
'struct timeval' compatible, it represents the 'tv_usec' field
Definition: pcap-remote.h:222
int pcap_startcapture_remote(pcap_t *fp)
Format of the message that starts a remote capture (startcap command)
Definition: pcap-remote.h:195
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf)
uint32 npkt
Ordinal number of the packet (i.e. the first one captured has '1', the second one '2'...
Definition: pcap-remote.h:225
uint16 code
opcode of the instuction
Definition: pcap-remote.h:241
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_fi...
Definition: pcap-remote.h:239
uint16 type
Authentication type.
Definition: pcap-remote.h:251
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
Definition: funcs/pcap.h:27
uint32 len
Real length this packet (off wire)
Definition: pcap-remote.h:224
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions...
Definition: pcap-remote.h:230
uint16 portdata
Network port on which the server is waiting at (passive mode only)
Definition: pcap-remote.h:208
struct sockaddr_storage addr
Network address.
Definition: pcap-remote.h:173
uint8 type
RPCAP message type (error, findalldevs, ...)
Definition: pcap-remote.h:153
uint16 namelen
Length of the interface name.
Definition: pcap-remote.h:162
This structure keeps the information needed to autheticate the user on a remote machine.
Definition: remote-ext.h:338
Format of the message for the address listing (findalldevs command)
Definition: pcap-remote.h:171
uint16 flags
Flags (see RPCAP_STARTCAPREQ_FLAG_xxx)
Definition: pcap-remote.h:199
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
uint32 caplen
Length of portion present in the capture.
Definition: pcap-remote.h:223
int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog)
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
Format of the message of the connection opening reply (open command).
Definition: pcap-remote.h:186
void pcap_cleanup_remote(pcap_t *p)
struct sockaddr_storage dstaddr
P2P destination address for that address.
Definition: pcap-remote.h:176
uint32 timestamp_sec
'struct timeval' compatible, it represents the 'tv_sec' field
Definition: pcap-remote.h:221
int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
struct sockaddr_storage host
Definition: pcap-remote.h:135
struct pcap_stat * pcap_stats_ex_remote(pcap_t *p)
Format of the header which encapsulates captured packets when transmitted on the network.
Definition: pcap-remote.h:219
unsigned int uint32
Provides a 32-bits unsigned integer.
Definition: pcap-remote.h:117
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth)
uint8 jf
relative offset to jump to in case of 'false'
Definition: pcap-remote.h:243
uint16 portdata
Network port on which the client is waiting at (if 'serveropen')
Definition: pcap-remote.h:200
int rpcap_remoteact_getsock(const char *host, char *errbuf)
uint32 snaplen
Length of the snapshot (number of bytes to capture for each packet)
Definition: pcap-remote.h:197
Structure that keeps the statistics about the number of packets captured, dropped, etc.
Definition: pcap-remote.h:259
int32 tzoff
Timezone offset.
Definition: pcap-remote.h:189
int32 bufsize
Size of the user buffer allocated by WinPcap; it can be different from the one we chose...
Definition: pcap-remote.h:207
uint16 naddr
Number of addresses.
Definition: pcap-remote.h:165
uint8 dummy1
Must be zero.
Definition: pcap-remote.h:272
uint16 desclen
Length of the interface description.
Definition: pcap-remote.h:163
uint8 jt
relative offset to jump to in case of 'true'
Definition: pcap-remote.h:242
uint32 ifdrop
Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats.ps_ifdrop)
Definition: pcap-remote.h:262

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.