trunk/src/lib/winpcap/Packet32.h
| r0 | r241410 | |
|---|
| 1 | /* |
| 2 | * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) |
| 3 | * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions |
| 8 | * are met: |
| 9 | * |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. Neither the name of the Politecnico di Torino, CACE Technologies |
| 16 | * nor the names of its contributors may be used to endorse or promote |
| 17 | * products derived from this software without specific prior written |
| 18 | * permission. |
| 19 | * |
| 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 31 | * |
| 32 | */ |
| 33 | |
| 34 | /** @ingroup packetapi |
| 35 | * @{ |
| 36 | */ |
| 37 | |
| 38 | /** @defgroup packet32h Packet.dll definitions and data structures |
| 39 | * Packet32.h contains the data structures and the definitions used by packet.dll. |
| 40 | * The file is used both by the Win9x and the WinNTx versions of packet.dll, and can be included |
| 41 | * by the applications that use the functions of this library |
| 42 | * @{ |
| 43 | */ |
| 44 | |
| 45 | #ifndef __PACKET32 |
| 46 | #define __PACKET32 |
| 47 | |
| 48 | #include <winsock2.h> |
| 49 | |
| 50 | #ifdef HAVE_AIRPCAP_API |
| 51 | #include <airpcap.h> |
| 52 | #else |
| 53 | #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_) |
| 54 | #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ |
| 55 | typedef struct _AirpcapHandle *PAirpcapHandle; |
| 56 | #endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */ |
| 57 | #endif /* HAVE_AIRPCAP_API */ |
| 58 | |
| 59 | #ifdef HAVE_DAG_API |
| 60 | #include <dagc.h> |
| 61 | #endif /* HAVE_DAG_API */ |
| 62 | |
| 63 | // Working modes |
| 64 | #define PACKET_MODE_CAPT 0x0 ///< Capture mode |
| 65 | #define PACKET_MODE_STAT 0x1 ///< Statistical mode |
| 66 | #define PACKET_MODE_MON 0x2 ///< Monitoring mode |
| 67 | #define PACKET_MODE_DUMP 0x10 ///< Dump mode |
| 68 | #define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT ///< Statistical dump Mode |
| 69 | |
| 70 | |
| 71 | /// Alignment macro. Defines the alignment size. |
| 72 | #define Packet_ALIGNMENT sizeof(int) |
| 73 | /// Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. |
| 74 | #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) |
| 75 | |
| 76 | #define NdisMediumNull -1 ///< Custom linktype: NDIS doesn't provide an equivalent |
| 77 | #define NdisMediumCHDLC -2 ///< Custom linktype: NDIS doesn't provide an equivalent |
| 78 | #define NdisMediumPPPSerial -3 ///< Custom linktype: NDIS doesn't provide an equivalent |
| 79 | #define NdisMediumBare80211 -4 ///< Custom linktype: NDIS doesn't provide an equivalent |
| 80 | #define NdisMediumRadio80211 -5 ///< Custom linktype: NDIS doesn't provide an equivalent |
| 81 | #define NdisMediumPpi -6 ///< Custom linktype: NDIS doesn't provide an equivalent |
| 82 | |
| 83 | // Loopback behaviour definitions |
| 84 | #define NPF_DISABLE_LOOPBACK 1 ///< Drop the packets sent by the NPF driver |
| 85 | #define NPF_ENABLE_LOOPBACK 2 ///< Capture the packets sent by the NPF driver |
| 86 | |
| 87 | /*! |
| 88 | \brief Network type structure. |
| 89 | |
| 90 | This structure is used by the PacketGetNetType() function to return information on the current adapter's type and speed. |
| 91 | */ |
| 92 | typedef struct NetType |
| 93 | { |
| 94 | UINT LinkType; ///< The MAC of the current network adapter (see function PacketGetNetType() for more information) |
| 95 | ULONGLONG LinkSpeed; ///< The speed of the network in bits per second |
| 96 | }NetType; |
| 97 | |
| 98 | |
| 99 | //some definitions stolen from libpcap |
| 100 | |
| 101 | #ifndef BPF_MAJOR_VERSION |
| 102 | |
| 103 | /*! |
| 104 | \brief A BPF pseudo-assembly program. |
| 105 | |
| 106 | The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet. |
| 107 | */ |
| 108 | struct bpf_program |
| 109 | { |
| 110 | UINT bf_len; ///< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. |
| 111 | struct bpf_insn *bf_insns; ///< A pointer to the first instruction of the program. |
| 112 | }; |
| 113 | |
| 114 | /*! |
| 115 | \brief A single BPF pseudo-instruction. |
| 116 | |
| 117 | bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver. |
| 118 | */ |
| 119 | struct bpf_insn |
| 120 | { |
| 121 | USHORT code; ///< Instruction type and addressing mode. |
| 122 | UCHAR jt; ///< Jump if true |
| 123 | UCHAR jf; ///< Jump if false |
| 124 | int k; ///< Generic field used for various purposes. |
| 125 | }; |
| 126 | |
| 127 | /*! |
| 128 | \brief Structure that contains a couple of statistics values on the current capture. |
| 129 | |
| 130 | It is used by packet.dll to return statistics about a capture session. |
| 131 | */ |
| 132 | struct bpf_stat |
| 133 | { |
| 134 | UINT bs_recv; ///< Number of packets that the driver received from the network adapter |
| 135 | ///< from the beginning of the current capture. This value includes the packets |
| 136 | ///< lost by the driver. |
| 137 | UINT bs_drop; ///< number of packets that the driver lost from the beginning of a capture. |
| 138 | ///< Basically, a packet is lost when the the buffer of the driver is full. |
| 139 | ///< In this situation the packet cannot be stored and the driver rejects it. |
| 140 | UINT ps_ifdrop; ///< drops by interface. XXX not yet supported |
| 141 | UINT bs_capt; ///< number of packets that pass the filter, find place in the kernel buffer and |
| 142 | ///< thus reach the application. |
| 143 | }; |
| 144 | |
| 145 | /*! |
| 146 | \brief Packet header. |
| 147 | |
| 148 | This structure defines the header associated with every packet delivered to the application. |
| 149 | */ |
| 150 | struct bpf_hdr |
| 151 | { |
| 152 | struct timeval bh_tstamp; ///< The timestamp associated with the captured packet. |
| 153 | ///< It is stored in a TimeVal structure. |
| 154 | UINT bh_caplen; ///< Length of captured portion. The captured portion <b>can be different</b> |
| 155 | ///< from the original packet, because it is possible (with a proper filter) |
| 156 | ///< to instruct the driver to capture only a portion of the packets. |
| 157 | UINT bh_datalen; ///< Original length of packet |
| 158 | USHORT bh_hdrlen; ///< Length of bpf header (this struct plus alignment padding). In some cases, |
| 159 | ///< a padding could be added between the end of this structure and the packet |
| 160 | ///< data for performance reasons. This filed can be used to retrieve the actual data |
| 161 | ///< of the packet. |
| 162 | }; |
| 163 | |
| 164 | /*! |
| 165 | \brief Dump packet header. |
| 166 | |
| 167 | This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets(). |
| 168 | It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a |
| 169 | packet in a dump file. This makes straightforward sending WinPcap dump files to the network. |
| 170 | */ |
| 171 | struct dump_bpf_hdr{ |
| 172 | struct timeval ts; ///< Time stamp of the packet |
| 173 | UINT caplen; ///< Length of captured portion. The captured portion can smaller than the |
| 174 | ///< the original packet, because it is possible (with a proper filter) to |
| 175 | ///< instruct the driver to capture only a portion of the packets. |
| 176 | UINT len; ///< Length of the original packet (off wire). |
| 177 | }; |
| 178 | |
| 179 | |
| 180 | #endif |
| 181 | |
| 182 | struct bpf_stat; |
| 183 | |
| 184 | #define DOSNAMEPREFIX TEXT("Packet_") ///< Prefix added to the adapters device names to create the WinPcap devices |
| 185 | #define MAX_LINK_NAME_LENGTH 64 //< Maximum length of the devices symbolic links |
| 186 | #define NMAX_PACKET 65535 |
| 187 | |
| 188 | /*! |
| 189 | \brief Addresses of a network adapter. |
| 190 | |
| 191 | This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with |
| 192 | an adapter. |
| 193 | */ |
| 194 | typedef struct npf_if_addr { |
| 195 | struct sockaddr_storage IPAddress; ///< IP address. |
| 196 | struct sockaddr_storage SubnetMask; ///< Netmask for that address. |
| 197 | struct sockaddr_storage Broadcast; ///< Broadcast address. |
| 198 | }npf_if_addr; |
| 199 | |
| 200 | |
| 201 | #define ADAPTER_NAME_LENGTH 256 + 12 ///< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. |
| 202 | #define ADAPTER_DESC_LENGTH 128 ///< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. |
| 203 | #define MAX_MAC_ADDR_LENGTH 8 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. |
| 204 | #define MAX_NETWORK_ADDRESSES 16 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. |
| 205 | |
| 206 | |
| 207 | typedef struct WAN_ADAPTER_INT WAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API |
| 208 | typedef WAN_ADAPTER *PWAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API |
| 209 | |
| 210 | #define INFO_FLAG_NDIS_ADAPTER 0 ///< Flag for ADAPTER_INFO: this is a traditional ndis adapter |
| 211 | #define INFO_FLAG_NDISWAN_ADAPTER 1 ///< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET |
| 212 | #define INFO_FLAG_DAG_CARD 2 ///< Flag for ADAPTER_INFO: this is a DAG card |
| 213 | #define INFO_FLAG_DAG_FILE 6 ///< Flag for ADAPTER_INFO: this is a DAG file |
| 214 | #define INFO_FLAG_DONT_EXPORT 8 ///< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. |
| 215 | #define INFO_FLAG_AIRPCAP_CARD 16 ///< Flag for ADAPTER_INFO: this is an airpcap card |
| 216 | #define INFO_FLAG_NPFIM_DEVICE 32 |
| 217 | |
| 218 | /*! |
| 219 | \brief Describes an opened network adapter. |
| 220 | |
| 221 | This structure is the most important for the functioning of packet.dll, but the great part of its fields |
| 222 | should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters |
| 223 | */ |
| 224 | typedef struct _ADAPTER { |
| 225 | HANDLE hFile; ///< \internal Handle to an open instance of the NPF driver. |
| 226 | CHAR SymbolicLink[MAX_LINK_NAME_LENGTH]; ///< \internal A string containing the name of the network adapter currently opened. |
| 227 | int NumWrites; ///< \internal Number of times a packets written on this adapter will be repeated |
| 228 | ///< on the wire. |
| 229 | HANDLE ReadEvent; ///< A notification event associated with the read calls on the adapter. |
| 230 | ///< It can be passed to standard Win32 functions (like WaitForSingleObject |
| 231 | ///< or WaitForMultipleObjects) to wait until the driver's buffer contains some |
| 232 | ///< data. It is particularly useful in GUI applications that need to wait |
| 233 | ///< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() |
| 234 | ///< function can be used to define the minimum amount of data in the kernel buffer |
| 235 | ///< that will cause the event to be signalled. |
| 236 | |
| 237 | UINT ReadTimeOut; ///< \internal The amount of time after which a read on the driver will be released and |
| 238 | ///< ReadEvent will be signaled, also if no packets were captured |
| 239 | CHAR Name[ADAPTER_NAME_LENGTH]; |
| 240 | PWAN_ADAPTER pWanAdapter; |
| 241 | UINT Flags; ///< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. |
| 242 | |
| 243 | #ifdef HAVE_AIRPCAP_API |
| 244 | PAirpcapHandle AirpcapAd; |
| 245 | #endif // HAVE_AIRPCAP_API |
| 246 | |
| 247 | #ifdef HAVE_NPFIM_API |
| 248 | void* NpfImHandle; |
| 249 | #endif // HAVE_NPFIM_API |
| 250 | |
| 251 | #ifdef HAVE_DAG_API |
| 252 | dagc_t *pDagCard; ///< Pointer to the dagc API adapter descriptor for this adapter |
| 253 | PCHAR DagBuffer; ///< Pointer to the buffer with the packets that is received from the DAG card |
| 254 | struct timeval DagReadTimeout; ///< Read timeout. The dagc API requires a timeval structure |
| 255 | unsigned DagFcsLen; ///< Length of the frame check sequence attached to any packet by the card. Obtained from the registry |
| 256 | DWORD DagFastProcess; ///< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). |
| 257 | #endif // HAVE_DAG_API |
| 258 | } ADAPTER, *LPADAPTER; |
| 259 | |
| 260 | /*! |
| 261 | \brief Structure that contains a group of packets coming from the driver. |
| 262 | |
| 263 | This structure defines the header associated with every packet delivered to the application. |
| 264 | */ |
| 265 | typedef struct _PACKET { |
| 266 | HANDLE hEvent; ///< \deprecated Still present for compatibility with old applications. |
| 267 | OVERLAPPED OverLapped; ///< \deprecated Still present for compatibility with old applications. |
| 268 | PVOID Buffer; ///< Buffer with containing the packets. See the PacketReceivePacket() for |
| 269 | ///< details about the organization of the data in this buffer |
| 270 | UINT Length; ///< Length of the buffer |
| 271 | DWORD ulBytesReceived; ///< Number of valid bytes present in the buffer, i.e. amount of data |
| 272 | ///< received by the last call to PacketReceivePacket() |
| 273 | BOOLEAN bIoComplete; ///< \deprecated Still present for compatibility with old applications. |
| 274 | } PACKET, *LPPACKET; |
| 275 | |
| 276 | /*! |
| 277 | \brief Structure containing an OID request. |
| 278 | |
| 279 | It is used by the PacketRequest() function to send an OID to the interface card driver. |
| 280 | It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address, |
| 281 | the list of the multicast groups defined on it, and so on. |
| 282 | */ |
| 283 | struct _PACKET_OID_DATA { |
| 284 | ULONG Oid; ///< OID code. See the Microsoft DDK documentation or the file ntddndis.h |
| 285 | ///< for a complete list of valid codes. |
| 286 | ULONG Length; ///< Length of the data field |
| 287 | UCHAR Data[1]; ///< variable-lenght field that contains the information passed to or received |
| 288 | ///< from the adapter. |
| 289 | }; |
| 290 | typedef struct _PACKET_OID_DATA PACKET_OID_DATA, *PPACKET_OID_DATA; |
| 291 | |
| 292 | #ifdef __cplusplus |
| 293 | extern "C" { |
| 294 | #endif |
| 295 | |
| 296 | /** |
| 297 | * @} |
| 298 | */ |
| 299 | |
| 300 | /* |
| 301 | BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, |
| 302 | CHAR *Value, |
| 303 | UINT *pValueLen, |
| 304 | CHAR *DefaultVal); |
| 305 | |
| 306 | BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, |
| 307 | WCHAR *Value, |
| 308 | UINT *pValueLen, |
| 309 | WCHAR *DefaultVal); |
| 310 | */ |
| 311 | |
| 312 | //--------------------------------------------------------------------------- |
| 313 | // EXPORTED FUNCTIONS |
| 314 | //--------------------------------------------------------------------------- |
| 315 | |
| 316 | PCHAR PacketGetVersion(); |
| 317 | PCHAR PacketGetDriverVersion(); |
| 318 | BOOLEAN PacketSetMinToCopy(LPADAPTER AdapterObject,int nbytes); |
| 319 | BOOLEAN PacketSetNumWrites(LPADAPTER AdapterObject,int nwrites); |
| 320 | BOOLEAN PacketSetMode(LPADAPTER AdapterObject,int mode); |
| 321 | BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject,int timeout); |
| 322 | BOOLEAN PacketSetBpf(LPADAPTER AdapterObject,struct bpf_program *fp); |
| 323 | BOOLEAN PacketSetLoopbackBehavior(LPADAPTER AdapterObject, UINT LoopbackBehavior); |
| 324 | INT PacketSetSnapLen(LPADAPTER AdapterObject,int snaplen); |
| 325 | BOOLEAN PacketGetStats(LPADAPTER AdapterObject,struct bpf_stat *s); |
| 326 | BOOLEAN PacketGetStatsEx(LPADAPTER AdapterObject,struct bpf_stat *s); |
| 327 | BOOLEAN PacketSetBuff(LPADAPTER AdapterObject,int dim); |
| 328 | BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type); |
| 329 | LPADAPTER PacketOpenAdapter(PCHAR AdapterName); |
| 330 | BOOLEAN PacketSendPacket(LPADAPTER AdapterObject,LPPACKET pPacket,BOOLEAN Sync); |
| 331 | INT PacketSendPackets(LPADAPTER AdapterObject,PVOID PacketBuff,ULONG Size, BOOLEAN Sync); |
| 332 | LPPACKET PacketAllocatePacket(void); |
| 333 | VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length); |
| 334 | VOID PacketFreePacket(LPPACKET lpPacket); |
| 335 | BOOLEAN PacketReceivePacket(LPADAPTER AdapterObject,LPPACKET lpPacket,BOOLEAN Sync); |
| 336 | BOOLEAN PacketSetHwFilter(LPADAPTER AdapterObject,ULONG Filter); |
| 337 | BOOLEAN PacketGetAdapterNames(PTSTR pStr,PULONG BufferSize); |
| 338 | BOOLEAN PacketGetNetInfoEx(PCHAR AdapterName, npf_if_addr* buffer, PLONG NEntries); |
| 339 | BOOLEAN PacketRequest(LPADAPTER AdapterObject,BOOLEAN Set,PPACKET_OID_DATA OidData); |
| 340 | HANDLE PacketGetReadEvent(LPADAPTER AdapterObject); |
| 341 | BOOLEAN PacketSetDumpName(LPADAPTER AdapterObject, void *name, int len); |
| 342 | BOOLEAN PacketSetDumpLimits(LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks); |
| 343 | BOOLEAN PacketIsDumpEnded(LPADAPTER AdapterObject, BOOLEAN sync); |
| 344 | BOOL PacketStopDriver(); |
| 345 | VOID PacketCloseAdapter(LPADAPTER lpAdapter); |
| 346 | BOOLEAN PacketStartOem(PCHAR errorString, UINT errorStringLength); |
| 347 | BOOLEAN PacketStartOemEx(PCHAR errorString, UINT errorStringLength, ULONG flags); |
| 348 | PAirpcapHandle PacketGetAirPcapHandle(LPADAPTER AdapterObject); |
| 349 | |
| 350 | // |
| 351 | // Used by PacketStartOemEx |
| 352 | // |
| 353 | #define PACKET_START_OEM_NO_NETMON 0x00000001 |
| 354 | |
| 355 | #ifdef __cplusplus |
| 356 | } |
| 357 | #endif |
| 358 | |
| 359 | #endif //__PACKET32 |
trunk/src/lib/winpcap/ip6_misc.h
| r0 | r241410 | |
|---|
| 1 | /* |
| 2 | * Copyright (c) 1993, 1994, 1997 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * Redistribution and use in source and binary forms, with or without |
| 6 | * modification, are permitted provided that: (1) source code distributions |
| 7 | * retain the above copyright notice and this paragraph in its entirety, (2) |
| 8 | * distributions including binary code include the above copyright notice and |
| 9 | * this paragraph in its entirety in the documentation or other materials |
| 10 | * provided with the distribution, and (3) all advertising materials mentioning |
| 11 | * features or use of this software display the following acknowledgement: |
| 12 | * ``This product includes software developed by the University of California, |
| 13 | * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of |
| 14 | * the University nor the names of its contributors may be used to endorse |
| 15 | * or promote products derived from this software without specific prior |
| 16 | * written permission. |
| 17 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED |
| 18 | * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF |
| 19 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| 20 | * |
| 21 | * @(#) $Header: /tcpdump/master/libpcap/Win32/Include/ip6_misc.h,v 1.5 2006-01-22 18:02:18 gianluca Exp $ (LBL) |
| 22 | */ |
| 23 | |
| 24 | /* |
| 25 | * This file contains a collage of declarations for IPv6 from FreeBSD not present in Windows |
| 26 | */ |
| 27 | |
| 28 | #include <winsock2.h> |
| 29 | |
| 30 | #include <ws2tcpip.h> |
| 31 | |
| 32 | #ifndef __MINGW32__ |
| 33 | #define IN_MULTICAST(a) IN_CLASSD(a) |
| 34 | #endif |
| 35 | |
| 36 | #define IN_EXPERIMENTAL(a) ((((u_int32_t) (a)) & 0xf0000000) == 0xf0000000) |
| 37 | |
| 38 | #define IN_LOOPBACKNET 127 |
| 39 | |
| 40 | #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) |
| 41 | /* IPv6 address */ |
| 42 | struct in6_addr |
| 43 | { |
| 44 | union |
| 45 | { |
| 46 | u_int8_t u6_addr8[16]; |
| 47 | u_int16_t u6_addr16[8]; |
| 48 | u_int32_t u6_addr32[4]; |
| 49 | } in6_u; |
| 50 | #define s6_addr in6_u.u6_addr8 |
| 51 | #define s6_addr16 in6_u.u6_addr16 |
| 52 | #define s6_addr32 in6_u.u6_addr32 |
| 53 | #define s6_addr64 in6_u.u6_addr64 |
| 54 | }; |
| 55 | |
| 56 | #define IN6ADDR_ANY_INIT { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } |
| 57 | #define IN6ADDR_LOOPBACK_INIT { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } |
| 58 | #endif /* __MINGW32__ */ |
| 59 | |
| 60 | |
| 61 | #if (defined _MSC_VER) || (defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)) |
| 62 | typedef unsigned short sa_family_t; |
| 63 | #endif |
| 64 | |
| 65 | |
| 66 | #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) |
| 67 | |
| 68 | #define __SOCKADDR_COMMON(sa_prefix) \ |
| 69 | sa_family_t sa_prefix##family |
| 70 | |
| 71 | /* Ditto, for IPv6. */ |
| 72 | struct sockaddr_in6 |
| 73 | { |
| 74 | __SOCKADDR_COMMON (sin6_); |
| 75 | u_int16_t sin6_port; /* Transport layer port # */ |
| 76 | u_int32_t sin6_flowinfo; /* IPv6 flow information */ |
| 77 | struct in6_addr sin6_addr; /* IPv6 address */ |
| 78 | }; |
| 79 | |
| 80 | #define IN6_IS_ADDR_V4MAPPED(a) \ |
| 81 | ((((u_int32_t *) (a))[0] == 0) && (((u_int32_t *) (a))[1] == 0) && \ |
| 82 | (((u_int32_t *) (a))[2] == htonl (0xffff))) |
| 83 | |
| 84 | #define IN6_IS_ADDR_MULTICAST(a) (((u_int8_t *) (a))[0] == 0xff) |
| 85 | |
| 86 | #define IN6_IS_ADDR_LINKLOCAL(a) \ |
| 87 | ((((u_int32_t *) (a))[0] & htonl (0xffc00000)) == htonl (0xfe800000)) |
| 88 | |
| 89 | #define IN6_IS_ADDR_LOOPBACK(a) \ |
| 90 | (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \ |
| 91 | ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1)) |
| 92 | #endif /* __MINGW32__ */ |
| 93 | |
| 94 | #define ip6_vfc ip6_ctlun.ip6_un2_vfc |
| 95 | #define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow |
| 96 | #define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen |
| 97 | #define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt |
| 98 | #define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim |
| 99 | #define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim |
| 100 | |
| 101 | #define nd_rd_type nd_rd_hdr.icmp6_type |
| 102 | #define nd_rd_code nd_rd_hdr.icmp6_code |
| 103 | #define nd_rd_cksum nd_rd_hdr.icmp6_cksum |
| 104 | #define nd_rd_reserved nd_rd_hdr.icmp6_data32[0] |
| 105 | |
| 106 | /* |
| 107 | * IPV6 extension headers |
| 108 | */ |
| 109 | #define IPPROTO_HOPOPTS 0 /* IPv6 hop-by-hop options */ |
| 110 | #define IPPROTO_IPV6 41 /* IPv6 header. */ |
| 111 | #define IPPROTO_ROUTING 43 /* IPv6 routing header */ |
| 112 | #define IPPROTO_FRAGMENT 44 /* IPv6 fragmentation header */ |
| 113 | #define IPPROTO_ESP 50 /* encapsulating security payload */ |
| 114 | #define IPPROTO_AH 51 /* authentication header */ |
| 115 | #define IPPROTO_ICMPV6 58 /* ICMPv6 */ |
| 116 | #define IPPROTO_NONE 59 /* IPv6 no next header */ |
| 117 | #define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ |
| 118 | #define IPPROTO_PIM 103 /* Protocol Independent Multicast. */ |
| 119 | |
| 120 | #define IPV6_RTHDR_TYPE_0 0 |
| 121 | |
| 122 | /* Option types and related macros */ |
| 123 | #define IP6OPT_PAD1 0x00 /* 00 0 00000 */ |
| 124 | #define IP6OPT_PADN 0x01 /* 00 0 00001 */ |
| 125 | #define IP6OPT_JUMBO 0xC2 /* 11 0 00010 = 194 */ |
| 126 | #define IP6OPT_JUMBO_LEN 6 |
| 127 | #define IP6OPT_ROUTER_ALERT 0x05 /* 00 0 00101 */ |
| 128 | |
| 129 | #define IP6OPT_RTALERT_LEN 4 |
| 130 | #define IP6OPT_RTALERT_MLD 0 /* Datagram contains an MLD message */ |
| 131 | #define IP6OPT_RTALERT_RSVP 1 /* Datagram contains an RSVP message */ |
| 132 | #define IP6OPT_RTALERT_ACTNET 2 /* contains an Active Networks msg */ |
| 133 | #define IP6OPT_MINLEN 2 |
| 134 | |
| 135 | #define IP6OPT_BINDING_UPDATE 0xc6 /* 11 0 00110 */ |
| 136 | #define IP6OPT_BINDING_ACK 0x07 /* 00 0 00111 */ |
| 137 | #define IP6OPT_BINDING_REQ 0x08 /* 00 0 01000 */ |
| 138 | #define IP6OPT_HOME_ADDRESS 0xc9 /* 11 0 01001 */ |
| 139 | #define IP6OPT_EID 0x8a /* 10 0 01010 */ |
| 140 | |
| 141 | #define IP6OPT_TYPE(o) ((o) & 0xC0) |
| 142 | #define IP6OPT_TYPE_SKIP 0x00 |
| 143 | #define IP6OPT_TYPE_DISCARD 0x40 |
| 144 | #define IP6OPT_TYPE_FORCEICMP 0x80 |
| 145 | #define IP6OPT_TYPE_ICMP 0xC0 |
| 146 | |
| 147 | #define IP6OPT_MUTABLE 0x20 |
| 148 | |
| 149 | |
| 150 | #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) |
| 151 | #ifndef EAI_ADDRFAMILY |
| 152 | struct addrinfo { |
| 153 | int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ |
| 154 | int ai_family; /* PF_xxx */ |
| 155 | int ai_socktype; /* SOCK_xxx */ |
| 156 | int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ |
| 157 | size_t ai_addrlen; /* length of ai_addr */ |
| 158 | char *ai_canonname; /* canonical name for hostname */ |
| 159 | struct sockaddr *ai_addr; /* binary address */ |
| 160 | struct addrinfo *ai_next; /* next structure in linked list */ |
| 161 | }; |
| 162 | #endif |
| 163 | #endif /* __MINGW32__ */ |
trunk/src/lib/winpcap/pcap/bpf.h
| r0 | r241410 | |
|---|
| 1 | /*- |
| 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * This code is derived from the Stanford/CMU enet packet filter, |
| 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed |
| 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence |
| 8 | * Berkeley Laboratory. |
| 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: |
| 13 | * 1. Redistributions of source code must retain the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer. |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in the |
| 17 | * documentation and/or other materials provided with the distribution. |
| 18 | * 3. All advertising materials mentioning features or use of this software |
| 19 | * must display the following acknowledgement: |
| 20 | * This product includes software developed by the University of |
| 21 | * California, Berkeley and its contributors. |
| 22 | * 4. Neither the name of the University nor the names of its contributors |
| 23 | * may be used to endorse or promote products derived from this software |
| 24 | * without specific prior written permission. |
| 25 | * |
| 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 36 | * SUCH DAMAGE. |
| 37 | * |
| 38 | * @(#)bpf.h 7.1 (Berkeley) 5/7/91 |
| 39 | * |
| 40 | * @(#) $Header: /tcpdump/master/libpcap/pcap/bpf.h,v 1.19.2.8 2008-09-22 20:16:01 guy Exp $ (LBL) |
| 41 | */ |
| 42 | |
| 43 | /* |
| 44 | * This is libpcap's cut-down version of bpf.h; it includes only |
| 45 | * the stuff needed for the code generator and the userland BPF |
| 46 | * interpreter, and the libpcap APIs for setting filters, etc.. |
| 47 | * |
| 48 | * "pcap-bpf.c" will include the native OS version, as it deals with |
| 49 | * the OS's BPF implementation. |
| 50 | * |
| 51 | * XXX - should this all just be moved to "pcap.h"? |
| 52 | */ |
| 53 | |
| 54 | #ifndef BPF_MAJOR_VERSION |
| 55 | |
| 56 | #ifdef __cplusplus |
| 57 | extern "C" { |
| 58 | #endif |
| 59 | |
| 60 | /* BSD style release date */ |
| 61 | #define BPF_RELEASE 199606 |
| 62 | |
| 63 | #ifdef MSDOS /* must be 32-bit */ |
| 64 | typedef long bpf_int32; |
| 65 | typedef unsigned long bpf_u_int32; |
| 66 | #else |
| 67 | typedef int bpf_int32; |
| 68 | typedef u_int bpf_u_int32; |
| 69 | #endif |
| 70 | |
| 71 | /* |
| 72 | * Alignment macros. BPF_WORDALIGN rounds up to the next |
| 73 | * even multiple of BPF_ALIGNMENT. |
| 74 | */ |
| 75 | #ifndef __NetBSD__ |
| 76 | #define BPF_ALIGNMENT sizeof(bpf_int32) |
| 77 | #else |
| 78 | #define BPF_ALIGNMENT sizeof(long) |
| 79 | #endif |
| 80 | #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) |
| 81 | |
| 82 | #define BPF_MAXBUFSIZE 0x8000 |
| 83 | #define BPF_MINBUFSIZE 32 |
| 84 | |
| 85 | /* |
| 86 | * Structure for "pcap_compile()", "pcap_setfilter()", etc.. |
| 87 | */ |
| 88 | struct bpf_program { |
| 89 | u_int bf_len; |
| 90 | struct bpf_insn *bf_insns; |
| 91 | }; |
| 92 | |
| 93 | /* |
| 94 | * Struct return by BIOCVERSION. This represents the version number of |
| 95 | * the filter language described by the instruction encodings below. |
| 96 | * bpf understands a program iff kernel_major == filter_major && |
| 97 | * kernel_minor >= filter_minor, that is, if the value returned by the |
| 98 | * running kernel has the same major number and a minor number equal |
| 99 | * equal to or less than the filter being downloaded. Otherwise, the |
| 100 | * results are undefined, meaning an error may be returned or packets |
| 101 | * may be accepted haphazardly. |
| 102 | * It has nothing to do with the source code version. |
| 103 | */ |
| 104 | struct bpf_version { |
| 105 | u_short bv_major; |
| 106 | u_short bv_minor; |
| 107 | }; |
| 108 | /* Current version number of filter architecture. */ |
| 109 | #define BPF_MAJOR_VERSION 1 |
| 110 | #define BPF_MINOR_VERSION 1 |
| 111 | |
| 112 | /* |
| 113 | * Data-link level type codes. |
| 114 | * |
| 115 | * Do *NOT* add new values to this list without asking |
| 116 | * "tcpdump-workers@lists.tcpdump.org" for a value. Otherwise, you run |
| 117 | * the risk of using a value that's already being used for some other |
| 118 | * purpose, and of having tools that read libpcap-format captures not |
| 119 | * being able to handle captures with your new DLT_ value, with no hope |
| 120 | * that they will ever be changed to do so (as that would destroy their |
| 121 | * ability to read captures using that value for that other purpose). |
| 122 | */ |
| 123 | |
| 124 | /* |
| 125 | * These are the types that are the same on all platforms, and that |
| 126 | * have been defined by <net/bpf.h> for ages. |
| 127 | */ |
| 128 | #define DLT_NULL 0 /* BSD loopback encapsulation */ |
| 129 | #define DLT_EN10MB 1 /* Ethernet (10Mb) */ |
| 130 | #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ |
| 131 | #define DLT_AX25 3 /* Amateur Radio AX.25 */ |
| 132 | #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ |
| 133 | #define DLT_CHAOS 5 /* Chaos */ |
| 134 | #define DLT_IEEE802 6 /* 802.5 Token Ring */ |
| 135 | #define DLT_ARCNET 7 /* ARCNET, with BSD-style header */ |
| 136 | #define DLT_SLIP 8 /* Serial Line IP */ |
| 137 | #define DLT_PPP 9 /* Point-to-point Protocol */ |
| 138 | #define DLT_FDDI 10 /* FDDI */ |
| 139 | |
| 140 | /* |
| 141 | * These are types that are different on some platforms, and that |
| 142 | * have been defined by <net/bpf.h> for ages. We use #ifdefs to |
| 143 | * detect the BSDs that define them differently from the traditional |
| 144 | * libpcap <net/bpf.h> |
| 145 | * |
| 146 | * XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS, |
| 147 | * but I don't know what the right #define is for BSD/OS. |
| 148 | */ |
| 149 | #define DLT_ATM_RFC1483 11 /* LLC-encapsulated ATM */ |
| 150 | |
| 151 | #ifdef __OpenBSD__ |
| 152 | #define DLT_RAW 14 /* raw IP */ |
| 153 | #else |
| 154 | #define DLT_RAW 12 /* raw IP */ |
| 155 | #endif |
| 156 | |
| 157 | /* |
| 158 | * Given that the only OS that currently generates BSD/OS SLIP or PPP |
| 159 | * is, well, BSD/OS, arguably everybody should have chosen its values |
| 160 | * for DLT_SLIP_BSDOS and DLT_PPP_BSDOS, which are 15 and 16, but they |
| 161 | * didn't. So it goes. |
| 162 | */ |
| 163 | #if defined(__NetBSD__) || defined(__FreeBSD__) |
| 164 | #ifndef DLT_SLIP_BSDOS |
| 165 | #define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ |
| 166 | #define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ |
| 167 | #endif |
| 168 | #else |
| 169 | #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ |
| 170 | #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ |
| 171 | #endif |
| 172 | |
| 173 | /* |
| 174 | * 17 is used for DLT_OLD_PFLOG in OpenBSD; |
| 175 | * OBSOLETE: DLT_PFLOG is 117 in OpenBSD now as well. See below. |
| 176 | * 18 is used for DLT_PFSYNC in OpenBSD; don't use it for anything else. |
| 177 | */ |
| 178 | |
| 179 | #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ |
| 180 | |
| 181 | /* |
| 182 | * Apparently Redback uses this for its SmartEdge 400/800. I hope |
| 183 | * nobody else decided to use it, too. |
| 184 | */ |
| 185 | #define DLT_REDBACK_SMARTEDGE 32 |
| 186 | |
| 187 | /* |
| 188 | * These values are defined by NetBSD; other platforms should refrain from |
| 189 | * using them for other purposes, so that NetBSD savefiles with link |
| 190 | * types of 50 or 51 can be read as this type on all platforms. |
| 191 | */ |
| 192 | #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ |
| 193 | #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ |
| 194 | |
| 195 | /* |
| 196 | * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses |
| 197 | * a link-layer type of 99 for the tcpdump it supplies. The link-layer |
| 198 | * header has 6 bytes of unknown data, something that appears to be an |
| 199 | * Ethernet type, and 36 bytes that appear to be 0 in at least one capture |
| 200 | * I've seen. |
| 201 | */ |
| 202 | #define DLT_SYMANTEC_FIREWALL 99 |
| 203 | |
| 204 | /* |
| 205 | * Values between 100 and 103 are used in capture file headers as |
| 206 | * link-layer types corresponding to DLT_ types that differ |
| 207 | * between platforms; don't use those values for new DLT_ new types. |
| 208 | */ |
| 209 | |
| 210 | /* |
| 211 | * This value was defined by libpcap 0.5; platforms that have defined |
| 212 | * it with a different value should define it here with that value - |
| 213 | * a link type of 104 in a save file will be mapped to DLT_C_HDLC, |
| 214 | * whatever value that happens to be, so programs will correctly |
| 215 | * handle files with that link type regardless of the value of |
| 216 | * DLT_C_HDLC. |
| 217 | * |
| 218 | * The name DLT_C_HDLC was used by BSD/OS; we use that name for source |
| 219 | * compatibility with programs written for BSD/OS. |
| 220 | * |
| 221 | * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, |
| 222 | * for source compatibility with programs written for libpcap 0.5. |
| 223 | */ |
| 224 | #define DLT_C_HDLC 104 /* Cisco HDLC */ |
| 225 | #define DLT_CHDLC DLT_C_HDLC |
| 226 | |
| 227 | #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ |
| 228 | |
| 229 | /* |
| 230 | * 106 is reserved for Linux Classical IP over ATM; it's like DLT_RAW, |
| 231 | * except when it isn't. (I.e., sometimes it's just raw IP, and |
| 232 | * sometimes it isn't.) We currently handle it as DLT_LINUX_SLL, |
| 233 | * so that we don't have to worry about the link-layer header.) |
| 234 | */ |
| 235 | |
| 236 | /* |
| 237 | * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides |
| 238 | * with other values. |
| 239 | * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header |
| 240 | * (DLCI, etc.). |
| 241 | */ |
| 242 | #define DLT_FRELAY 107 |
| 243 | |
| 244 | /* |
| 245 | * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except |
| 246 | * that the AF_ type in the link-layer header is in network byte order. |
| 247 | * |
| 248 | * DLT_LOOP is 12 in OpenBSD, but that's DLT_RAW in other OSes, so |
| 249 | * we don't use 12 for it in OSes other than OpenBSD. |
| 250 | */ |
| 251 | #ifdef __OpenBSD__ |
| 252 | #define DLT_LOOP 12 |
| 253 | #else |
| 254 | #define DLT_LOOP 108 |
| 255 | #endif |
| 256 | |
| 257 | /* |
| 258 | * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's |
| 259 | * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other |
| 260 | * than OpenBSD. |
| 261 | */ |
| 262 | #ifdef __OpenBSD__ |
| 263 | #define DLT_ENC 13 |
| 264 | #else |
| 265 | #define DLT_ENC 109 |
| 266 | #endif |
| 267 | |
| 268 | /* |
| 269 | * Values between 110 and 112 are reserved for use in capture file headers |
| 270 | * as link-layer types corresponding to DLT_ types that might differ |
| 271 | * between platforms; don't use those values for new DLT_ types |
| 272 | * other than the corresponding DLT_ types. |
| 273 | */ |
| 274 | |
| 275 | /* |
| 276 | * This is for Linux cooked sockets. |
| 277 | */ |
| 278 | #define DLT_LINUX_SLL 113 |
| 279 | |
| 280 | /* |
| 281 | * Apple LocalTalk hardware. |
| 282 | */ |
| 283 | #define DLT_LTALK 114 |
| 284 | |
| 285 | /* |
| 286 | * Acorn Econet. |
| 287 | */ |
| 288 | #define DLT_ECONET 115 |
| 289 | |
| 290 | /* |
| 291 | * Reserved for use with OpenBSD ipfilter. |
| 292 | */ |
| 293 | #define DLT_IPFILTER 116 |
| 294 | |
| 295 | /* |
| 296 | * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023 |
| 297 | * in SuSE 6.3, so we can't use 17 for it in capture-file headers. |
| 298 | * |
| 299 | * XXX: is there a conflict with DLT_PFSYNC 18 as well? |
| 300 | */ |
| 301 | #ifdef __OpenBSD__ |
| 302 | #define DLT_OLD_PFLOG 17 |
| 303 | #define DLT_PFSYNC 18 |
| 304 | #endif |
| 305 | #define DLT_PFLOG 117 |
| 306 | |
| 307 | /* |
| 308 | * Registered for Cisco-internal use. |
| 309 | */ |
| 310 | #define DLT_CISCO_IOS 118 |
| 311 | |
| 312 | /* |
| 313 | * For 802.11 cards using the Prism II chips, with a link-layer |
| 314 | * header including Prism monitor mode information plus an 802.11 |
| 315 | * header. |
| 316 | */ |
| 317 | #define DLT_PRISM_HEADER 119 |
| 318 | |
| 319 | /* |
| 320 | * Reserved for Aironet 802.11 cards, with an Aironet link-layer header |
| 321 | * (see Doug Ambrisko's FreeBSD patches). |
| 322 | */ |
| 323 | #define DLT_AIRONET_HEADER 120 |
| 324 | |
| 325 | /* |
| 326 | * Reserved for Siemens HiPath HDLC. |
| 327 | */ |
| 328 | #define DLT_HHDLC 121 |
| 329 | |
| 330 | /* |
| 331 | * This is for RFC 2625 IP-over-Fibre Channel. |
| 332 | * |
| 333 | * This is not for use with raw Fibre Channel, where the link-layer |
| 334 | * header starts with a Fibre Channel frame header; it's for IP-over-FC, |
| 335 | * where the link-layer header starts with an RFC 2625 Network_Header |
| 336 | * field. |
| 337 | */ |
| 338 | #define DLT_IP_OVER_FC 122 |
| 339 | |
| 340 | /* |
| 341 | * This is for Full Frontal ATM on Solaris with SunATM, with a |
| 342 | * pseudo-header followed by an AALn PDU. |
| 343 | * |
| 344 | * There may be other forms of Full Frontal ATM on other OSes, |
| 345 | * with different pseudo-headers. |
| 346 | * |
| 347 | * If ATM software returns a pseudo-header with VPI/VCI information |
| 348 | * (and, ideally, packet type information, e.g. signalling, ILMI, |
| 349 | * LANE, LLC-multiplexed traffic, etc.), it should not use |
| 350 | * DLT_ATM_RFC1483, but should get a new DLT_ value, so tcpdump |
| 351 | * and the like don't have to infer the presence or absence of a |
| 352 | * pseudo-header and the form of the pseudo-header. |
| 353 | */ |
| 354 | #define DLT_SUNATM 123 /* Solaris+SunATM */ |
| 355 | |
| 356 | /* |
| 357 | * Reserved as per request from Kent Dahlgren <kent@praesum.com> |
| 358 | * for private use. |
| 359 | */ |
| 360 | #define DLT_RIO 124 /* RapidIO */ |
| 361 | #define DLT_PCI_EXP 125 /* PCI Express */ |
| 362 | #define DLT_AURORA 126 /* Xilinx Aurora link layer */ |
| 363 | |
| 364 | /* |
| 365 | * Header for 802.11 plus a number of bits of link-layer information |
| 366 | * including radio information, used by some recent BSD drivers as |
| 367 | * well as the madwifi Atheros driver for Linux. |
| 368 | */ |
| 369 | #define DLT_IEEE802_11_RADIO 127 /* 802.11 plus radiotap radio header */ |
| 370 | |
| 371 | /* |
| 372 | * Reserved for the TZSP encapsulation, as per request from |
| 373 | * Chris Waters <chris.waters@networkchemistry.com> |
| 374 | * TZSP is a generic encapsulation for any other link type, |
| 375 | * which includes a means to include meta-information |
| 376 | * with the packet, e.g. signal strength and channel |
| 377 | * for 802.11 packets. |
| 378 | */ |
| 379 | #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */ |
| 380 | |
| 381 | /* |
| 382 | * BSD's ARCNET headers have the source host, destination host, |
| 383 | * and type at the beginning of the packet; that's what's handed |
| 384 | * up to userland via BPF. |
| 385 | * |
| 386 | * Linux's ARCNET headers, however, have a 2-byte offset field |
| 387 | * between the host IDs and the type; that's what's handed up |
| 388 | * to userland via PF_PACKET sockets. |
| 389 | * |
| 390 | * We therefore have to have separate DLT_ values for them. |
| 391 | */ |
| 392 | #define DLT_ARCNET_LINUX 129 /* ARCNET */ |
| 393 | |
| 394 | /* |
| 395 | * Juniper-private data link types, as per request from |
| 396 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
| 397 | * for passing on chassis-internal metainformation such as |
| 398 | * QOS profiles, etc.. |
| 399 | */ |
| 400 | #define DLT_JUNIPER_MLPPP 130 |
| 401 | #define DLT_JUNIPER_MLFR 131 |
| 402 | #define DLT_JUNIPER_ES 132 |
| 403 | #define DLT_JUNIPER_GGSN 133 |
| 404 | #define DLT_JUNIPER_MFR 134 |
| 405 | #define DLT_JUNIPER_ATM2 135 |
| 406 | #define DLT_JUNIPER_SERVICES 136 |
| 407 | #define DLT_JUNIPER_ATM1 137 |
| 408 | |
| 409 | /* |
| 410 | * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund |
| 411 | * <dieter@apple.com>. The header that's presented is an Ethernet-like |
| 412 | * header: |
| 413 | * |
| 414 | * #define FIREWIRE_EUI64_LEN 8 |
| 415 | * struct firewire_header { |
| 416 | * u_char firewire_dhost[FIREWIRE_EUI64_LEN]; |
| 417 | * u_char firewire_shost[FIREWIRE_EUI64_LEN]; |
| 418 | * u_short firewire_type; |
| 419 | * }; |
| 420 | * |
| 421 | * with "firewire_type" being an Ethernet type value, rather than, |
| 422 | * for example, raw GASP frames being handed up. |
| 423 | */ |
| 424 | #define DLT_APPLE_IP_OVER_IEEE1394 138 |
| 425 | |
| 426 | /* |
| 427 | * Various SS7 encapsulations, as per a request from Jeff Morriss |
| 428 | * <jeff.morriss[AT]ulticom.com> and subsequent discussions. |
| 429 | */ |
| 430 | #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ |
| 431 | #define DLT_MTP2 140 /* MTP2, without pseudo-header */ |
| 432 | #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ |
| 433 | #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ |
| 434 | |
| 435 | /* |
| 436 | * DOCSIS MAC frames. |
| 437 | */ |
| 438 | #define DLT_DOCSIS 143 |
| 439 | |
| 440 | /* |
| 441 | * Linux-IrDA packets. Protocol defined at http://www.irda.org. |
| 442 | * Those packets include IrLAP headers and above (IrLMP...), but |
| 443 | * don't include Phy framing (SOF/EOF/CRC & byte stuffing), because Phy |
| 444 | * framing can be handled by the hardware and depend on the bitrate. |
| 445 | * This is exactly the format you would get capturing on a Linux-IrDA |
| 446 | * interface (irdaX), but not on a raw serial port. |
| 447 | * Note the capture is done in "Linux-cooked" mode, so each packet include |
| 448 | * a fake packet header (struct sll_header). This is because IrDA packet |
| 449 | * decoding is dependant on the direction of the packet (incomming or |
| 450 | * outgoing). |
| 451 | * When/if other platform implement IrDA capture, we may revisit the |
| 452 | * issue and define a real DLT_IRDA... |
| 453 | * Jean II |
| 454 | */ |
| 455 | #define DLT_LINUX_IRDA 144 |
| 456 | |
| 457 | /* |
| 458 | * Reserved for IBM SP switch and IBM Next Federation switch. |
| 459 | */ |
| 460 | #define DLT_IBM_SP 145 |
| 461 | #define DLT_IBM_SN 146 |
| 462 | |
| 463 | /* |
| 464 | * Reserved for private use. If you have some link-layer header type |
| 465 | * that you want to use within your organization, with the capture files |
| 466 | * using that link-layer header type not ever be sent outside your |
| 467 | * organization, you can use these values. |
| 468 | * |
| 469 | * No libpcap release will use these for any purpose, nor will any |
| 470 | * tcpdump release use them, either. |
| 471 | * |
| 472 | * Do *NOT* use these in capture files that you expect anybody not using |
| 473 | * your private versions of capture-file-reading tools to read; in |
| 474 | * particular, do *NOT* use them in products, otherwise you may find that |
| 475 | * people won't be able to use tcpdump, or snort, or Ethereal, or... to |
| 476 | * read capture files from your firewall/intrusion detection/traffic |
| 477 | * monitoring/etc. appliance, or whatever product uses that DLT_ value, |
| 478 | * and you may also find that the developers of those applications will |
| 479 | * not accept patches to let them read those files. |
| 480 | * |
| 481 | * Also, do not use them if somebody might send you a capture using them |
| 482 | * for *their* private type and tools using them for *your* private type |
| 483 | * would have to read them. |
| 484 | * |
| 485 | * Instead, ask "tcpdump-workers@lists.tcpdump.org" for a new DLT_ value, |
| 486 | * as per the comment above, and use the type you're given. |
| 487 | */ |
| 488 | #define DLT_USER0 147 |
| 489 | #define DLT_USER1 148 |
| 490 | #define DLT_USER2 149 |
| 491 | #define DLT_USER3 150 |
| 492 | #define DLT_USER4 151 |
| 493 | #define DLT_USER5 152 |
| 494 | #define DLT_USER6 153 |
| 495 | #define DLT_USER7 154 |
| 496 | #define DLT_USER8 155 |
| 497 | #define DLT_USER9 156 |
| 498 | #define DLT_USER10 157 |
| 499 | #define DLT_USER11 158 |
| 500 | #define DLT_USER12 159 |
| 501 | #define DLT_USER13 160 |
| 502 | #define DLT_USER14 161 |
| 503 | #define DLT_USER15 162 |
| 504 | |
| 505 | /* |
| 506 | * For future use with 802.11 captures - defined by AbsoluteValue |
| 507 | * Systems to store a number of bits of link-layer information |
| 508 | * including radio information: |
| 509 | * |
| 510 | * http://www.shaftnet.org/~pizza/software/capturefrm.txt |
| 511 | * |
| 512 | * but it might be used by some non-AVS drivers now or in the |
| 513 | * future. |
| 514 | */ |
| 515 | #define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */ |
| 516 | |
| 517 | /* |
| 518 | * Juniper-private data link type, as per request from |
| 519 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
| 520 | * for passing on chassis-internal metainformation such as |
| 521 | * QOS profiles, etc.. |
| 522 | */ |
| 523 | #define DLT_JUNIPER_MONITOR 164 |
| 524 | |
| 525 | /* |
| 526 | * Reserved for BACnet MS/TP. |
| 527 | */ |
| 528 | #define DLT_BACNET_MS_TP 165 |
| 529 | |
| 530 | /* |
| 531 | * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>. |
| 532 | * |
| 533 | * This is used in some OSes to allow a kernel socket filter to distinguish |
| 534 | * between incoming and outgoing packets, on a socket intended to |
| 535 | * supply pppd with outgoing packets so it can do dial-on-demand and |
| 536 | * hangup-on-lack-of-demand; incoming packets are filtered out so they |
| 537 | * don't cause pppd to hold the connection up (you don't want random |
| 538 | * input packets such as port scans, packets from old lost connections, |
| 539 | * etc. to force the connection to stay up). |
| 540 | * |
| 541 | * The first byte of the PPP header (0xff03) is modified to accomodate |
| 542 | * the direction - 0x00 = IN, 0x01 = OUT. |
| 543 | */ |
| 544 | #define DLT_PPP_PPPD 166 |
| 545 | |
| 546 | /* |
| 547 | * Names for backwards compatibility with older versions of some PPP |
| 548 | * software; new software should use DLT_PPP_PPPD. |
| 549 | */ |
| 550 | #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD |
| 551 | #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD |
| 552 | |
| 553 | /* |
| 554 | * Juniper-private data link type, as per request from |
| 555 | * Hannes Gredler <hannes@juniper.net>. The DLT_s are used |
| 556 | * for passing on chassis-internal metainformation such as |
| 557 | * QOS profiles, cookies, etc.. |
| 558 | */ |
| 559 | #define DLT_JUNIPER_PPPOE 167 |
| 560 | #define DLT_JUNIPER_PPPOE_ATM 168 |
| 561 | |
| 562 | #define DLT_GPRS_LLC 169 /* GPRS LLC */ |
| 563 | #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */ |
| 564 | #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */ |
| 565 | |
| 566 | /* |
| 567 | * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line |
| 568 | * monitoring equipment. |
| 569 | */ |
| 570 | #define DLT_GCOM_T1E1 172 |
| 571 | #define DLT_GCOM_SERIAL 173 |
| 572 | |
| 573 | /* |
| 574 | * Juniper-private data link type, as per request from |
| 575 | * Hannes Gredler <hannes@juniper.net>. The DLT_ is used |
| 576 | * for internal communication to Physical Interface Cards (PIC) |
| 577 | */ |
| 578 | #define DLT_JUNIPER_PIC_PEER 174 |
| 579 | |
| 580 | /* |
| 581 | * Link types requested by Gregor Maier <gregor@endace.com> of Endace |
| 582 | * Measurement Systems. They add an ERF header (see |
| 583 | * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of |
| 584 | * the link-layer header. |
| 585 | */ |
| 586 | #define DLT_ERF_ETH 175 /* Ethernet */ |
| 587 | #define DLT_ERF_POS 176 /* Packet-over-SONET */ |
| 588 | |
| 589 | /* |
| 590 | * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD |
| 591 | * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header |
| 592 | * includes additional information before the LAPD header, so it's |
| 593 | * not necessarily a generic LAPD header. |
| 594 | */ |
| 595 | #define DLT_LINUX_LAPD 177 |
| 596 | |
| 597 | /* |
| 598 | * Juniper-private data link type, as per request from |
| 599 | * Hannes Gredler <hannes@juniper.net>. |
| 600 | * The DLT_ are used for prepending meta-information |
| 601 | * like interface index, interface name |
| 602 | * before standard Ethernet, PPP, Frelay & C-HDLC Frames |
| 603 | */ |
| 604 | #define DLT_JUNIPER_ETHER 178 |
| 605 | #define DLT_JUNIPER_PPP 179 |
| 606 | #define DLT_JUNIPER_FRELAY 180 |
| 607 | #define DLT_JUNIPER_CHDLC 181 |
| 608 | |
| 609 | /* |
| 610 | * Multi Link Frame Relay (FRF.16) |
| 611 | */ |
| 612 | #define DLT_MFR 182 |
| 613 | |
| 614 | /* |
| 615 | * Juniper-private data link type, as per request from |
| 616 | * Hannes Gredler <hannes@juniper.net>. |
| 617 | * The DLT_ is used for internal communication with a |
| 618 | * voice Adapter Card (PIC) |
| 619 | */ |
| 620 | #define DLT_JUNIPER_VP 183 |
| 621 | |
| 622 | /* |
| 623 | * Arinc 429 frames. |
| 624 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| 625 | * Every frame contains a 32bit A429 label. |
| 626 | * More documentation on Arinc 429 can be found at |
| 627 | * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf |
| 628 | */ |
| 629 | #define DLT_A429 184 |
| 630 | |
| 631 | /* |
| 632 | * Arinc 653 Interpartition Communication messages. |
| 633 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| 634 | * Please refer to the A653-1 standard for more information. |
| 635 | */ |
| 636 | #define DLT_A653_ICM 185 |
| 637 | |
| 638 | /* |
| 639 | * USB packets, beginning with a USB setup header; requested by |
| 640 | * Paolo Abeni <paolo.abeni@email.it>. |
| 641 | */ |
| 642 | #define DLT_USB 186 |
| 643 | |
| 644 | /* |
| 645 | * Bluetooth HCI UART transport layer (part H:4); requested by |
| 646 | * Paolo Abeni. |
| 647 | */ |
| 648 | #define DLT_BLUETOOTH_HCI_H4 187 |
| 649 | |
| 650 | /* |
| 651 | * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz |
| 652 | * <cruz_petagay@bah.com>. |
| 653 | */ |
| 654 | #define DLT_IEEE802_16_MAC_CPS 188 |
| 655 | |
| 656 | /* |
| 657 | * USB packets, beginning with a Linux USB header; requested by |
| 658 | * Paolo Abeni <paolo.abeni@email.it>. |
| 659 | */ |
| 660 | #define DLT_USB_LINUX 189 |
| 661 | |
| 662 | /* |
| 663 | * Controller Area Network (CAN) v. 2.0B packets. |
| 664 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| 665 | * Used to dump CAN packets coming from a CAN Vector board. |
| 666 | * More documentation on the CAN v2.0B frames can be found at |
| 667 | * http://www.can-cia.org/downloads/?269 |
| 668 | */ |
| 669 | #define DLT_CAN20B 190 |
| 670 | |
| 671 | /* |
| 672 | * IEEE 802.15.4, with address fields padded, as is done by Linux |
| 673 | * drivers; requested by Juergen Schimmer. |
| 674 | */ |
| 675 | #define DLT_IEEE802_15_4_LINUX 191 |
| 676 | |
| 677 | /* |
| 678 | * Per Packet Information encapsulated packets. |
| 679 | * DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>. |
| 680 | */ |
| 681 | #define DLT_PPI 192 |
| 682 | |
| 683 | /* |
| 684 | * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header; |
| 685 | * requested by Charles Clancy. |
| 686 | */ |
| 687 | #define DLT_IEEE802_16_MAC_CPS_RADIO 193 |
| 688 | |
| 689 | /* |
| 690 | * Juniper-private data link type, as per request from |
| 691 | * Hannes Gredler <hannes@juniper.net>. |
| 692 | * The DLT_ is used for internal communication with a |
| 693 | * integrated service module (ISM). |
| 694 | */ |
| 695 | #define DLT_JUNIPER_ISM 194 |
| 696 | |
| 697 | /* |
| 698 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no |
| 699 | * nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>. |
| 700 | */ |
| 701 | #define DLT_IEEE802_15_4 195 |
| 702 | |
| 703 | /* |
| 704 | * Various link-layer types, with a pseudo-header, for SITA |
| 705 | * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com). |
| 706 | */ |
| 707 | #define DLT_SITA 196 |
| 708 | |
| 709 | /* |
| 710 | * Various link-layer types, with a pseudo-header, for Endace DAG cards; |
| 711 | * encapsulates Endace ERF records. Requested by Stephen Donnelly |
| 712 | * <stephen@endace.com>. |
| 713 | */ |
| 714 | #define DLT_ERF 197 |
| 715 | |
| 716 | /* |
| 717 | * Special header prepended to Ethernet packets when capturing from a |
| 718 | * u10 Networks board. Requested by Phil Mulholland |
| 719 | * <phil@u10networks.com>. |
| 720 | */ |
| 721 | #define DLT_RAIF1 198 |
| 722 | |
| 723 | /* |
| 724 | * IPMB packet for IPMI, beginning with the I2C slave address, followed |
| 725 | * by the netFn and LUN, etc.. Requested by Chanthy Toeung |
| 726 | * <chanthy.toeung@ca.kontron.com>. |
| 727 | */ |
| 728 | #define DLT_IPMB 199 |
| 729 | |
| 730 | /* |
| 731 | * Juniper-private data link type, as per request from |
| 732 | * Hannes Gredler <hannes@juniper.net>. |
| 733 | * The DLT_ is used for capturing data on a secure tunnel interface. |
| 734 | */ |
| 735 | #define DLT_JUNIPER_ST 200 |
| 736 | |
| 737 | /* |
| 738 | * Bluetooth HCI UART transport layer (part H:4), with pseudo-header |
| 739 | * that includes direction information; requested by Paolo Abeni. |
| 740 | */ |
| 741 | #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 |
| 742 | |
| 743 | /* |
| 744 | * AX.25 packet with a 1-byte KISS header; see |
| 745 | * |
| 746 | * http://www.ax25.net/kiss.htm |
| 747 | * |
| 748 | * as per Richard Stearn <richard@rns-stearn.demon.co.uk>. |
| 749 | */ |
| 750 | #define DLT_AX25_KISS 202 |
| 751 | |
| 752 | /* |
| 753 | * LAPD packets from an ISDN channel, starting with the address field, |
| 754 | * with no pseudo-header. |
| 755 | * Requested by Varuna De Silva <varunax@gmail.com>. |
| 756 | */ |
| 757 | #define DLT_LAPD 203 |
| 758 | |
| 759 | /* |
| 760 | * Variants of various link-layer headers, with a one-byte direction |
| 761 | * pseudo-header prepended - zero means "received by this host", |
| 762 | * non-zero (any non-zero value) means "sent by this host" - as per |
| 763 | * Will Barker <w.barker@zen.co.uk>. |
| 764 | */ |
| 765 | #define DLT_PPP_WITH_DIR 204 /* PPP - don't confuse with DLT_PPP_WITH_DIRECTION */ |
| 766 | #define DLT_C_HDLC_WITH_DIR 205 /* Cisco HDLC */ |
| 767 | #define DLT_FRELAY_WITH_DIR 206 /* Frame Relay */ |
| 768 | #define DLT_LAPB_WITH_DIR 207 /* LAPB */ |
| 769 | |
| 770 | /* |
| 771 | * 208 is reserved for an as-yet-unspecified proprietary link-layer |
| 772 | * type, as requested by Will Barker. |
| 773 | */ |
| 774 | |
| 775 | /* |
| 776 | * IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman |
| 777 | * <avn@pigeonpoint.com>. |
| 778 | */ |
| 779 | #define DLT_IPMB_LINUX 209 |
| 780 | |
| 781 | /* |
| 782 | * FlexRay automotive bus - http://www.flexray.com/ - as requested |
| 783 | * by Hannes Kaelber <hannes.kaelber@x2e.de>. |
| 784 | */ |
| 785 | #define DLT_FLEXRAY 210 |
| 786 | |
| 787 | /* |
| 788 | * Media Oriented Systems Transport (MOST) bus for multimedia |
| 789 | * transport - http://www.mostcooperation.com/ - as requested |
| 790 | * by Hannes Kaelber <hannes.kaelber@x2e.de>. |
| 791 | */ |
| 792 | #define DLT_MOST 211 |
| 793 | |
| 794 | /* |
| 795 | * Local Interconnect Network (LIN) bus for vehicle networks - |
| 796 | * http://www.lin-subbus.org/ - as requested by Hannes Kaelber |
| 797 | * <hannes.kaelber@x2e.de>. |
| 798 | */ |
| 799 | #define DLT_LIN 212 |
| 800 | |
| 801 | /* |
| 802 | * X2E-private data link type used for serial line capture, |
| 803 | * as requested by Hannes Kaelber <hannes.kaelber@x2e.de>. |
| 804 | */ |
| 805 | #define DLT_X2E_SERIAL 213 |
| 806 | |
| 807 | /* |
| 808 | * X2E-private data link type used for the Xoraya data logger |
| 809 | * family, as requested by Hannes Kaelber <hannes.kaelber@x2e.de>. |
| 810 | */ |
| 811 | #define DLT_X2E_XORAYA 214 |
| 812 | |
| 813 | /* |
| 814 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no |
| 815 | * nothing), but with the PHY-level data for non-ASK PHYs (4 octets |
| 816 | * of 0 as preamble, one octet of SFD, one octet of frame length+ |
| 817 | * reserved bit, and then the MAC-layer data, starting with the |
| 818 | * frame control field). |
| 819 | * |
| 820 | * Requested by Max Filippov <jcmvbkbc@gmail.com>. |
| 821 | */ |
| 822 | #define DLT_IEEE802_15_4_NONASK_PHY 215 |
| 823 | |
| 824 | |
| 825 | /* |
| 826 | * DLT and savefile link type values are split into a class and |
| 827 | * a member of that class. A class value of 0 indicates a regular |
| 828 | * DLT_/LINKTYPE_ value. |
| 829 | */ |
| 830 | #define DLT_CLASS(x) ((x) & 0x03ff0000) |
| 831 | |
| 832 | /* |
| 833 | * NetBSD-specific generic "raw" link type. The class value indicates |
| 834 | * that this is the generic raw type, and the lower 16 bits are the |
| 835 | * address family we're dealing with. Those values are NetBSD-specific; |
| 836 | * do not assume that they correspond to AF_ values for your operating |
| 837 | * system. |
| 838 | */ |
| 839 | #define DLT_CLASS_NETBSD_RAWAF 0x02240000 |
| 840 | #define DLT_NETBSD_RAWAF(af) (DLT_CLASS_NETBSD_RAWAF | (af)) |
| 841 | #define DLT_NETBSD_RAWAF_AF(x) ((x) & 0x0000ffff) |
| 842 | #define DLT_IS_NETBSD_RAWAF(x) (DLT_CLASS(x) == DLT_CLASS_NETBSD_RAWAF) |
| 843 | |
| 844 | |
| 845 | /* |
| 846 | * The instruction encodings. |
| 847 | */ |
| 848 | /* instruction classes */ |
| 849 | #define BPF_CLASS(code) ((code) & 0x07) |
| 850 | #define BPF_LD 0x00 |
| 851 | #define BPF_LDX 0x01 |
| 852 | #define BPF_ST 0x02 |
| 853 | #define BPF_STX 0x03 |
| 854 | #define BPF_ALU 0x04 |
| 855 | #define BPF_JMP 0x05 |
| 856 | #define BPF_RET 0x06 |
| 857 | #define BPF_MISC 0x07 |
| 858 | |
| 859 | /* ld/ldx fields */ |
| 860 | #define BPF_SIZE(code) ((code) & 0x18) |
| 861 | #define BPF_W 0x00 |
| 862 | #define BPF_H 0x08 |
| 863 | #define BPF_B 0x10 |
| 864 | #define BPF_MODE(code) ((code) & 0xe0) |
| 865 | #define BPF_IMM 0x00 |
| 866 | #define BPF_ABS 0x20 |
| 867 | #define BPF_IND 0x40 |
| 868 | #define BPF_MEM 0x60 |
| 869 | #define BPF_LEN 0x80 |
| 870 | #define BPF_MSH 0xa0 |
| 871 | |
| 872 | /* alu/jmp fields */ |
| 873 | #define BPF_OP(code) ((code) & 0xf0) |
| 874 | #define BPF_ADD 0x00 |
| 875 | #define BPF_SUB 0x10 |
| 876 | #define BPF_MUL 0x20 |
| 877 | #define BPF_DIV 0x30 |
| 878 | #define BPF_OR 0x40 |
| 879 | #define BPF_AND 0x50 |
| 880 | #define BPF_LSH 0x60 |
| 881 | #define BPF_RSH 0x70 |
| 882 | #define BPF_NEG 0x80 |
| 883 | #define BPF_JA 0x00 |
| 884 | #define BPF_JEQ 0x10 |
| 885 | #define BPF_JGT 0x20 |
| 886 | #define BPF_JGE 0x30 |
| 887 | #define BPF_JSET 0x40 |
| 888 | #define BPF_SRC(code) ((code) & 0x08) |
| 889 | #define BPF_K 0x00 |
| 890 | #define BPF_X 0x08 |
| 891 | |
| 892 | /* ret - BPF_K and BPF_X also apply */ |
| 893 | #define BPF_RVAL(code) ((code) & 0x18) |
| 894 | #define BPF_A 0x10 |
| 895 | |
| 896 | /* misc */ |
| 897 | #define BPF_MISCOP(code) ((code) & 0xf8) |
| 898 | #define BPF_TAX 0x00 |
| 899 | #define BPF_TXA 0x80 |
| 900 | |
| 901 | /* |
| 902 | * The instruction data structure. |
| 903 | */ |
| 904 | struct bpf_insn { |
| 905 | u_short code; |
| 906 | u_char jt; |
| 907 | u_char jf; |
| 908 | bpf_u_int32 k; |
| 909 | }; |
| 910 | |
| 911 | /* |
| 912 | * Macros for insn array initializers. |
| 913 | */ |
| 914 | #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } |
| 915 | #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } |
| 916 | |
| 917 | #if __STDC__ || defined(__cplusplus) |
| 918 | extern int bpf_validate(const struct bpf_insn *, int); |
| 919 | extern u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); |
| 920 | #else |
| 921 | extern int bpf_validate(); |
| 922 | extern u_int bpf_filter(); |
| 923 | #endif |
| 924 | |
| 925 | /* |
| 926 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). |
| 927 | */ |
| 928 | #define BPF_MEMWORDS 16 |
| 929 | |
| 930 | #ifdef __cplusplus |
| 931 | } |
| 932 | #endif |
| 933 | |
| 934 | #endif |
trunk/src/lib/winpcap/pcap/pcap.h
| r0 | r241410 | |
|---|
| 1 | /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ |
| 2 | /* |
| 3 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 |
| 4 | * The Regents of the University of California. All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions |
| 8 | * are met: |
| 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * 2. Redistributions in binary form must reproduce the above copyright |
| 12 | * notice, this list of conditions and the following disclaimer in the |
| 13 | * documentation and/or other materials provided with the distribution. |
| 14 | * 3. All advertising materials mentioning features or use of this software |
| 15 | * must display the following acknowledgement: |
| 16 | * This product includes software developed by the Computer Systems |
| 17 | * Engineering Group at Lawrence Berkeley Laboratory. |
| 18 | * 4. Neither the name of the University nor of the Laboratory may be used |
| 19 | * to endorse or promote products derived from this software without |
| 20 | * specific prior written permission. |
| 21 | * |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 23 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 24 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 25 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 26 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 27 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 28 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 29 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 30 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 31 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 32 | * SUCH DAMAGE. |
| 33 | * |
| 34 | * @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.4.2.11 2008-10-06 15:38:39 gianluca Exp $ (LBL) |
| 35 | */ |
| 36 | |
| 37 | #ifndef lib_pcap_pcap_h |
| 38 | #define lib_pcap_pcap_h |
| 39 | |
| 40 | #if defined(WIN32) |
| 41 | #include <pcap-stdinc.h> |
| 42 | #elif defined(MSDOS) |
| 43 | #include <sys/types.h> |
| 44 | #include <sys/socket.h> /* u_int, u_char etc. */ |
| 45 | #else /* UN*X */ |
| 46 | #include <sys/types.h> |
| 47 | #include <sys/time.h> |
| 48 | #endif /* WIN32/MSDOS/UN*X */ |
| 49 | |
| 50 | #ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H |
| 51 | #include <pcap/bpf.h> |
| 52 | #endif |
| 53 | |
| 54 | #include <stdio.h> |
| 55 | |
| 56 | #ifdef HAVE_REMOTE |
| 57 | // We have to define the SOCKET here, although it has been defined in sockutils.h |
| 58 | // This is to avoid the distribution of the 'sockutils.h' file around |
| 59 | // (for example in the WinPcap developer's pack) |
| 60 | #ifndef SOCKET |
| 61 | #ifdef WIN32 |
| 62 | #define SOCKET unsigned int |
| 63 | #else |
| 64 | #define SOCKET int |
| 65 | #endif |
| 66 | #endif |
| 67 | #endif |
| 68 | |
| 69 | #ifdef __cplusplus |
| 70 | extern "C" { |
| 71 | #endif |
| 72 | |
| 73 | #define PCAP_VERSION_MAJOR 2 |
| 74 | #define PCAP_VERSION_MINOR 4 |
| 75 | |
| 76 | #define PCAP_ERRBUF_SIZE 256 |
| 77 | |
| 78 | /* |
| 79 | * Compatibility for systems that have a bpf.h that |
| 80 | * predates the bpf typedefs for 64-bit support. |
| 81 | */ |
| 82 | #if BPF_RELEASE - 0 < 199406 |
| 83 | typedef int bpf_int32; |
| 84 | typedef u_int bpf_u_int32; |
| 85 | #endif |
| 86 | |
| 87 | typedef struct pcap pcap_t; |
| 88 | typedef struct pcap_dumper pcap_dumper_t; |
| 89 | typedef struct pcap_if pcap_if_t; |
| 90 | typedef struct pcap_addr pcap_addr_t; |
| 91 | |
| 92 | /* |
| 93 | * The first record in the file contains saved values for some |
| 94 | * of the flags used in the printout phases of tcpdump. |
| 95 | * Many fields here are 32 bit ints so compilers won't insert unwanted |
| 96 | * padding; these files need to be interchangeable across architectures. |
| 97 | * |
| 98 | * Do not change the layout of this structure, in any way (this includes |
| 99 | * changes that only affect the length of fields in this structure). |
| 100 | * |
| 101 | * Also, do not change the interpretation of any of the members of this |
| 102 | * structure, in any way (this includes using values other than |
| 103 | * LINKTYPE_ values, as defined in "savefile.c", in the "linktype" |
| 104 | * field). |
| 105 | * |
| 106 | * Instead: |
| 107 | * |
| 108 | * introduce a new structure for the new format, if the layout |
| 109 | * of the structure changed; |
| 110 | * |
| 111 | * send mail to "tcpdump-workers@lists.tcpdump.org", requesting |
| 112 | * a new magic number for your new capture file format, and, when |
| 113 | * you get the new magic number, put it in "savefile.c"; |
| 114 | * |
| 115 | * use that magic number for save files with the changed file |
| 116 | * header; |
| 117 | * |
| 118 | * make the code in "savefile.c" capable of reading files with |
| 119 | * the old file header as well as files with the new file header |
| 120 | * (using the magic number to determine the header format). |
| 121 | * |
| 122 | * Then supply the changes as a patch at |
| 123 | * |
| 124 | * http://sourceforge.net/projects/libpcap/ |
| 125 | * |
| 126 | * so that future versions of libpcap and programs that use it (such as |
| 127 | * tcpdump) will be able to read your new capture file format. |
| 128 | */ |
| 129 | struct pcap_file_header { |
| 130 | bpf_u_int32 magic; |
| 131 | u_short version_major; |
| 132 | u_short version_minor; |
| 133 | bpf_int32 thiszone; /* gmt to local correction */ |
| 134 | bpf_u_int32 sigfigs; /* accuracy of timestamps */ |
| 135 | bpf_u_int32 snaplen; /* max length saved portion of each pkt */ |
| 136 | bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ |
| 137 | }; |
| 138 | |
| 139 | /* |
| 140 | * Macros for the value returned by pcap_datalink_ext(). |
| 141 | * |
| 142 | * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro |
| 143 | * gives the FCS length of packets in the capture. |
| 144 | */ |
| 145 | #define LT_FCS_LENGTH_PRESENT(x) ((x) & 0x04000000) |
| 146 | #define LT_FCS_LENGTH(x) (((x) & 0xF0000000) >> 28) |
| 147 | #define LT_FCS_DATALINK_EXT(x) ((((x) & 0xF) << 28) | 0x04000000) |
| 148 | |
| 149 | typedef enum { |
| 150 | PCAP_D_INOUT = 0, |
| 151 | PCAP_D_IN, |
| 152 | PCAP_D_OUT |
| 153 | } pcap_direction_t; |
| 154 | |
| 155 | /* |
| 156 | * Generic per-packet information, as supplied by libpcap. |
| 157 | * |
| 158 | * The time stamp can and should be a "struct timeval", regardless of |
| 159 | * whether your system supports 32-bit tv_sec in "struct timeval", |
| 160 | * 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit |
| 161 | * and 64-bit applications. The on-disk format of savefiles uses 32-bit |
| 162 | * tv_sec (and tv_usec); this structure is irrelevant to that. 32-bit |
| 163 | * and 64-bit versions of libpcap, even if they're on the same platform, |
| 164 | * should supply the appropriate version of "struct timeval", even if |
| 165 | * that's not what the underlying packet capture mechanism supplies. |
| 166 | */ |
| 167 | struct pcap_pkthdr { |
| 168 | struct timeval ts; /* time stamp */ |
| 169 | bpf_u_int32 caplen; /* length of portion present */ |
| 170 | bpf_u_int32 len; /* length this packet (off wire) */ |
| 171 | }; |
| 172 | |
| 173 | /* |
| 174 | * As returned by the pcap_stats() |
| 175 | */ |
| 176 | struct pcap_stat { |
| 177 | u_int ps_recv; /* number of packets received */ |
| 178 | u_int ps_drop; /* number of packets dropped */ |
| 179 | u_int ps_ifdrop; /* drops by interface XXX not yet supported */ |
| 180 | #ifdef HAVE_REMOTE |
| 181 | u_int ps_capt; /* number of packets that are received by the application; please get rid off the Win32 ifdef */ |
| 182 | u_int ps_sent; /* number of packets sent by the server on the network */ |
| 183 | u_int ps_netdrop; /* number of packets lost on the network */ |
| 184 | #endif /* HAVE_REMOTE */ |
| 185 | }; |
| 186 | |
| 187 | #ifdef MSDOS |
| 188 | /* |
| 189 | * As returned by the pcap_stats_ex() |
| 190 | */ |
| 191 | struct pcap_stat_ex { |
| 192 | u_long rx_packets; /* total packets received */ |
| 193 | u_long tx_packets; /* total packets transmitted */ |
| 194 | u_long rx_bytes; /* total bytes received */ |
| 195 | u_long tx_bytes; /* total bytes transmitted */ |
| 196 | u_long rx_errors; /* bad packets received */ |
| 197 | u_long tx_errors; /* packet transmit problems */ |
| 198 | u_long rx_dropped; /* no space in Rx buffers */ |
| 199 | u_long tx_dropped; /* no space available for Tx */ |
| 200 | u_long multicast; /* multicast packets received */ |
| 201 | u_long collisions; |
| 202 | |
| 203 | /* detailed rx_errors: */ |
| 204 | u_long rx_length_errors; |
| 205 | u_long rx_over_errors; /* receiver ring buff overflow */ |
| 206 | u_long rx_crc_errors; /* recv'd pkt with crc error */ |
| 207 | u_long rx_frame_errors; /* recv'd frame alignment error */ |
| 208 | u_long rx_fifo_errors; /* recv'r fifo overrun */ |
| 209 | u_long rx_missed_errors; /* recv'r missed packet */ |
| 210 | |
| 211 | /* detailed tx_errors */ |
| 212 | u_long tx_aborted_errors; |
| 213 | u_long tx_carrier_errors; |
| 214 | u_long tx_fifo_errors; |
| 215 | u_long tx_heartbeat_errors; |
| 216 | u_long tx_window_errors; |
| 217 | }; |
| 218 | #endif |
| 219 | |
| 220 | /* |
| 221 | * Item in a list of interfaces. |
| 222 | */ |
| 223 | struct pcap_if { |
| 224 | struct pcap_if *next; |
| 225 | char *name; /* name to hand to "pcap_open_live()" */ |
| 226 | char *description; /* textual description of interface, or NULL */ |
| 227 | struct pcap_addr *addresses; |
| 228 | bpf_u_int32 flags; /* PCAP_IF_ interface flags */ |
| 229 | }; |
| 230 | |
| 231 | #define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */ |
| 232 | |
| 233 | /* |
| 234 | * Representation of an interface address. |
| 235 | */ |
| 236 | struct pcap_addr { |
| 237 | struct pcap_addr *next; |
| 238 | struct sockaddr *addr; /* address */ |
| 239 | struct sockaddr *netmask; /* netmask for that address */ |
| 240 | struct sockaddr *broadaddr; /* broadcast address for that address */ |
| 241 | struct sockaddr *dstaddr; /* P2P destination address for that address */ |
| 242 | }; |
| 243 | |
| 244 | typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, |
| 245 | const u_char *); |
| 246 | |
| 247 | /* |
| 248 | * Error codes for the pcap API. |
| 249 | * These will all be negative, so you can check for the success or |
| 250 | * failure of a call that returns these codes by checking for a |
| 251 | * negative value. |
| 252 | */ |
| 253 | #define PCAP_ERROR -1 /* generic error code */ |
| 254 | #define PCAP_ERROR_BREAK -2 /* loop terminated by pcap_breakloop */ |
| 255 | #define PCAP_ERROR_NOT_ACTIVATED -3 /* the capture needs to be activated */ |
| 256 | #define PCAP_ERROR_ACTIVATED -4 /* the operation can't be performed on already activated captures */ |
| 257 | #define PCAP_ERROR_NO_SUCH_DEVICE -5 /* no such device exists */ |
| 258 | #define PCAP_ERROR_RFMON_NOTSUP -6 /* this device doesn't support rfmon (monitor) mode */ |
| 259 | #define PCAP_ERROR_NOT_RFMON -7 /* operation supported only in monitor mode */ |
| 260 | #define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */ |
| 261 | #define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */ |
| 262 | |
| 263 | /* |
| 264 | * Warning codes for the pcap API. |
| 265 | * These will all be positive and non-zero, so they won't look like |
| 266 | * errors. |
| 267 | */ |
| 268 | #define PCAP_WARNING 1 /* generic warning code */ |
| 269 | #define PCAP_WARNING_PROMISC_NOTSUP 2 /* this device doesn't support promiscuous mode */ |
| 270 | |
| 271 | char *pcap_lookupdev(char *); |
| 272 | int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *); |
| 273 | |
| 274 | pcap_t *pcap_create(const char *, char *); |
| 275 | int pcap_set_snaplen(pcap_t *, int); |
| 276 | int pcap_set_promisc(pcap_t *, int); |
| 277 | int pcap_can_set_rfmon(pcap_t *); |
| 278 | int pcap_set_rfmon(pcap_t *, int); |
| 279 | int pcap_set_timeout(pcap_t *, int); |
| 280 | int pcap_set_buffer_size(pcap_t *, int); |
| 281 | int pcap_activate(pcap_t *); |
| 282 | |
| 283 | pcap_t *pcap_open_live(const char *, int, int, int, char *); |
| 284 | pcap_t *pcap_open_dead(int, int); |
| 285 | pcap_t *pcap_open_offline(const char *, char *); |
| 286 | #if defined(WIN32) |
| 287 | pcap_t *pcap_hopen_offline(intptr_t, char *); |
| 288 | #if !defined(LIBPCAP_EXPORTS) |
| 289 | #define pcap_fopen_offline(f,b) \ |
| 290 | pcap_hopen_offline(_get_osfhandle(_fileno(f)), b) |
| 291 | #else /*LIBPCAP_EXPORTS*/ |
| 292 | static pcap_t *pcap_fopen_offline(FILE *, char *); |
| 293 | #endif |
| 294 | #else /*WIN32*/ |
| 295 | pcap_t *pcap_fopen_offline(FILE *, char *); |
| 296 | #endif /*WIN32*/ |
| 297 | |
| 298 | void pcap_close(pcap_t *); |
| 299 | int pcap_loop(pcap_t *, int, pcap_handler, u_char *); |
| 300 | int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *); |
| 301 | const u_char* |
| 302 | pcap_next(pcap_t *, struct pcap_pkthdr *); |
| 303 | int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **); |
| 304 | void pcap_breakloop(pcap_t *); |
| 305 | int pcap_stats(pcap_t *, struct pcap_stat *); |
| 306 | int pcap_setfilter(pcap_t *, struct bpf_program *); |
| 307 | int pcap_setdirection(pcap_t *, pcap_direction_t); |
| 308 | int pcap_getnonblock(pcap_t *, char *); |
| 309 | int pcap_setnonblock(pcap_t *, int, char *); |
| 310 | int pcap_inject(pcap_t *, const void *, size_t); |
| 311 | int pcap_sendpacket(pcap_t *, const u_char *, int); |
| 312 | const char *pcap_statustostr(int); |
| 313 | const char *pcap_strerror(int); |
| 314 | char *pcap_geterr(pcap_t *); |
| 315 | void pcap_perror(pcap_t *, char *); |
| 316 | int pcap_compile(pcap_t *, struct bpf_program *, const char *, int, |
| 317 | bpf_u_int32); |
| 318 | int pcap_compile_nopcap(int, int, struct bpf_program *, |
| 319 | const char *, int, bpf_u_int32); |
| 320 | void pcap_freecode(struct bpf_program *); |
| 321 | int pcap_offline_filter(struct bpf_program *, const struct pcap_pkthdr *, |
| 322 | const u_char *); |
| 323 | int pcap_datalink(pcap_t *); |
| 324 | int pcap_datalink_ext(pcap_t *); |
| 325 | int pcap_list_datalinks(pcap_t *, int **); |
| 326 | int pcap_set_datalink(pcap_t *, int); |
| 327 | void pcap_free_datalinks(int *); |
| 328 | int pcap_datalink_name_to_val(const char *); |
| 329 | const char *pcap_datalink_val_to_name(int); |
| 330 | const char *pcap_datalink_val_to_description(int); |
| 331 | int pcap_snapshot(pcap_t *); |
| 332 | int pcap_is_swapped(pcap_t *); |
| 333 | int pcap_major_version(pcap_t *); |
| 334 | int pcap_minor_version(pcap_t *); |
| 335 | |
| 336 | /* XXX */ |
| 337 | FILE *pcap_file(pcap_t *); |
| 338 | int pcap_fileno(pcap_t *); |
| 339 | |
| 340 | pcap_dumper_t *pcap_dump_open(pcap_t *, const char *); |
| 341 | pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp); |
| 342 | FILE *pcap_dump_file(pcap_dumper_t *); |
| 343 | long pcap_dump_ftell(pcap_dumper_t *); |
| 344 | int pcap_dump_flush(pcap_dumper_t *); |
| 345 | void pcap_dump_close(pcap_dumper_t *); |
| 346 | void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *); |
| 347 | |
| 348 | int pcap_findalldevs(pcap_if_t **, char *); |
| 349 | void pcap_freealldevs(pcap_if_t *); |
| 350 | |
| 351 | const char *pcap_lib_version(void); |
| 352 | |
| 353 | /* XXX this guy lives in the bpf tree */ |
| 354 | u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); |
| 355 | int bpf_validate(const struct bpf_insn *f, int len); |
| 356 | char *bpf_image(const struct bpf_insn *, int); |
| 357 | void bpf_dump(const struct bpf_program *, int); |
| 358 | |
| 359 | #if defined(WIN32) |
| 360 | |
| 361 | /* |
| 362 | * Win32 definitions |
| 363 | */ |
| 364 | |
| 365 | int pcap_setbuff(pcap_t *p, int dim); |
| 366 | int pcap_setmode(pcap_t *p, int mode); |
| 367 | int pcap_setmintocopy(pcap_t *p, int size); |
| 368 | |
| 369 | #ifdef WPCAP |
| 370 | /* Include file with the wpcap-specific extensions */ |
| 371 | #include <Win32-Extensions.h> |
| 372 | #endif /* WPCAP */ |
| 373 | |
| 374 | #define MODE_CAPT 0 |
| 375 | #define MODE_STAT 1 |
| 376 | #define MODE_MON 2 |
| 377 | |
| 378 | #elif defined(MSDOS) |
| 379 | |
| 380 | /* |
| 381 | * MS-DOS definitions |
| 382 | */ |
| 383 | |
| 384 | int pcap_stats_ex (pcap_t *, struct pcap_stat_ex *); |
| 385 | void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait); |
| 386 | u_long pcap_mac_packets (void); |
| 387 | |
| 388 | #else /* UN*X */ |
| 389 | |
| 390 | /* |
| 391 | * UN*X definitions |
| 392 | */ |
| 393 | |
| 394 | int pcap_get_selectable_fd(pcap_t *); |
| 395 | |
| 396 | #endif /* WIN32/MSDOS/UN*X */ |
| 397 | |
| 398 | #ifdef HAVE_REMOTE |
| 399 | /* Includes most of the public stuff that is needed for the remote capture */ |
| 400 | #include <remote-ext.h> |
| 401 | #endif /* HAVE_REMOTE */ |
| 402 | |
| 403 | #ifdef __cplusplus |
| 404 | } |
| 405 | #endif |
| 406 | |
| 407 | #endif |
trunk/src/lib/winpcap/pcap/sll.h
| r0 | r241410 | |
|---|
| 1 | /*- |
| 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 |
| 3 | * The Regents of the University of California. All rights reserved. |
| 4 | * |
| 5 | * This code is derived from the Stanford/CMU enet packet filter, |
| 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed |
| 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence |
| 8 | * Berkeley Laboratory. |
| 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: |
| 13 | * 1. Redistributions of source code must retain the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer. |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in the |
| 17 | * documentation and/or other materials provided with the distribution. |
| 18 | * 3. All advertising materials mentioning features or use of this software |
| 19 | * must display the following acknowledgement: |
| 20 | * This product includes software developed by the University of |
| 21 | * California, Berkeley and its contributors. |
| 22 | * 4. Neither the name of the University nor the names of its contributors |
| 23 | * may be used to endorse or promote products derived from this software |
| 24 | * without specific prior written permission. |
| 25 | * |
| 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 36 | * SUCH DAMAGE. |
| 37 | * |
| 38 | * @(#) $Header: /tcpdump/master/libpcap/pcap/sll.h,v 1.2.2.1 2008-05-30 01:36:06 guy Exp $ (LBL) |
| 39 | */ |
| 40 | |
| 41 | /* |
| 42 | * For captures on Linux cooked sockets, we construct a fake header |
| 43 | * that includes: |
| 44 | * |
| 45 | * a 2-byte "packet type" which is one of: |
| 46 | * |
| 47 | * LINUX_SLL_HOST packet was sent to us |
| 48 | * LINUX_SLL_BROADCAST packet was broadcast |
| 49 | * LINUX_SLL_MULTICAST packet was multicast |
| 50 | * LINUX_SLL_OTHERHOST packet was sent to somebody else |
| 51 | * LINUX_SLL_OUTGOING packet was sent *by* us; |
| 52 | * |
| 53 | * a 2-byte Ethernet protocol field; |
| 54 | * |
| 55 | * a 2-byte link-layer type; |
| 56 | * |
| 57 | * a 2-byte link-layer address length; |
| 58 | * |
| 59 | * an 8-byte source link-layer address, whose actual length is |
| 60 | * specified by the previous value. |
| 61 | * |
| 62 | * All fields except for the link-layer address are in network byte order. |
| 63 | * |
| 64 | * DO NOT change the layout of this structure, or change any of the |
| 65 | * LINUX_SLL_ values below. If you must change the link-layer header |
| 66 | * for a "cooked" Linux capture, introduce a new DLT_ type (ask |
| 67 | * "tcpdump-workers@lists.tcpdump.org" for one, so that you don't give it |
| 68 | * a value that collides with a value already being used), and use the |
| 69 | * new header in captures of that type, so that programs that can |
| 70 | * handle DLT_LINUX_SLL captures will continue to handle them correctly |
| 71 | * without any change, and so that capture files with different headers |
| 72 | * can be told apart and programs that read them can dissect the |
| 73 | * packets in them. |
| 74 | */ |
| 75 | |
| 76 | #ifndef lib_pcap_sll_h |
| 77 | #define lib_pcap_sll_h |
| 78 | |
| 79 | /* |
| 80 | * A DLT_LINUX_SLL fake link-layer header. |
| 81 | */ |
| 82 | #define SLL_HDR_LEN 16 /* total header length */ |
| 83 | #define SLL_ADDRLEN 8 /* length of address field */ |
| 84 | |
| 85 | struct sll_header { |
| 86 | u_int16_t sll_pkttype; /* packet type */ |
| 87 | u_int16_t sll_hatype; /* link-layer address type */ |
| 88 | u_int16_t sll_halen; /* link-layer address length */ |
| 89 | u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */ |
| 90 | u_int16_t sll_protocol; /* protocol */ |
| 91 | }; |
| 92 | |
| 93 | /* |
| 94 | * The LINUX_SLL_ values for "sll_pkttype"; these correspond to the |
| 95 | * PACKET_ values on Linux, but are defined here so that they're |
| 96 | * available even on systems other than Linux, and so that they |
| 97 | * don't change even if the PACKET_ values change. |
| 98 | */ |
| 99 | #define LINUX_SLL_HOST 0 |
| 100 | #define LINUX_SLL_BROADCAST 1 |
| 101 | #define LINUX_SLL_MULTICAST 2 |
| 102 | #define LINUX_SLL_OTHERHOST 3 |
| 103 | #define LINUX_SLL_OUTGOING 4 |
| 104 | |
| 105 | /* |
| 106 | * The LINUX_SLL_ values for "sll_protocol"; these correspond to the |
| 107 | * ETH_P_ values on Linux, but are defined here so that they're |
| 108 | * available even on systems other than Linux. We assume, for now, |
| 109 | * that the ETH_P_ values won't change in Linux; if they do, then: |
| 110 | * |
| 111 | * if we don't translate them in "pcap-linux.c", capture files |
| 112 | * won't necessarily be readable if captured on a system that |
| 113 | * defines ETH_P_ values that don't match these values; |
| 114 | * |
| 115 | * if we do translate them in "pcap-linux.c", that makes life |
| 116 | * unpleasant for the BPF code generator, as the values you test |
| 117 | * for in the kernel aren't the values that you test for when |
| 118 | * reading a capture file, so the fixup code run on BPF programs |
| 119 | * handed to the kernel ends up having to do more work. |
| 120 | * |
| 121 | * Add other values here as necessary, for handling packet types that |
| 122 | * might show up on non-Ethernet, non-802.x networks. (Not all the ones |
| 123 | * in the Linux "if_ether.h" will, I suspect, actually show up in |
| 124 | * captures.) |
| 125 | */ |
| 126 | #define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */ |
| 127 | #define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */ |
| 128 | |
| 129 | #endif |
trunk/src/lib/winpcap/remote-ext.h
| r0 | r241410 | |
|---|
| 1 | /* |
| 2 | * Copyright (c) 2002 - 2003 |
| 3 | * NetGroup, Politecnico di Torino (Italy) |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | * modification, are permitted provided that the following conditions |
| 8 | * are met: |
| 9 | * |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. Neither the name of the Politecnico di Torino nor the names of its |
| 16 | * contributors may be used to endorse or promote products derived from |
| 17 | * this software without specific prior written permission. |
| 18 | * |
| 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 21 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
| 22 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 23 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 24 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 25 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 26 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 27 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 28 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 29 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 30 | * |
| 31 | */ |
| 32 | |
| 33 | |
| 34 | #ifndef __REMOTE_EXT_H__ |
| 35 | #define __REMOTE_EXT_H__ |
| 36 | |
| 37 | |
| 38 | #ifndef HAVE_REMOTE |
| 39 | #error Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h |
| 40 | #endif |
| 41 | |
| 42 | // Definition for Microsoft Visual Studio |
| 43 | #if _MSC_VER > 1000 |
| 44 | #pragma once |
| 45 | #endif |
| 46 | |
| 47 | #ifdef __cplusplus |
| 48 | extern "C" { |
| 49 | #endif |
| 50 | |
| 51 | /*! |
| 52 | \file remote-ext.h |
| 53 | |
| 54 | The goal of this file it to include most of the new definitions that should be |
| 55 | placed into the pcap.h file. |
| 56 | |
| 57 | It includes all new definitions (structures and functions like pcap_open(). |
| 58 | Some of the functions are not really a remote feature, but, right now, |
| 59 | they are placed here. |
| 60 | */ |
| 61 | |
| 62 | |
| 63 | |
| 64 | // All this stuff is public |
| 65 | /*! \addtogroup remote_struct |
| 66 | \{ |
| 67 | */ |
| 68 | |
| 69 | |
| 70 | |
| 71 | |
| 72 | /*! |
| 73 | \brief Defines the maximum buffer size in which address, port, interface names are kept. |
| 74 | |
| 75 | In case the adapter name or such is larger than this value, it is truncated. |
| 76 | This is not used by the user; however it must be aware that an hostname / interface |
| 77 | name longer than this value will be truncated. |
| 78 | */ |
| 79 | #define PCAP_BUF_SIZE 1024 |
| 80 | |
| 81 | |
| 82 | /*! \addtogroup remote_source_ID |
| 83 | \{ |
| 84 | */ |
| 85 | |
| 86 | |
| 87 | /*! |
| 88 | \brief Internal representation of the type of source in use (file, |
| 89 | remote/local interface). |
| 90 | |
| 91 | This indicates a file, i.e. the user want to open a capture from a local file. |
| 92 | */ |
| 93 | #define PCAP_SRC_FILE 2 |
| 94 | /*! |
| 95 | \brief Internal representation of the type of source in use (file, |
| 96 | remote/local interface). |
| 97 | |
| 98 | This indicates a local interface, i.e. the user want to open a capture from |
| 99 | a local interface. This does not involve the RPCAP protocol. |
| 100 | */ |
| 101 | #define PCAP_SRC_IFLOCAL 3 |
| 102 | /*! |
| 103 | \brief Internal representation of the type of source in use (file, |
| 104 | remote/local interface). |
| 105 | |
| 106 | This indicates a remote interface, i.e. the user want to open a capture from |
| 107 | an interface on a remote host. This does involve the RPCAP protocol. |
| 108 | */ |
| 109 | #define PCAP_SRC_IFREMOTE 4 |
| 110 | |
| 111 | /*! |
| 112 | \} |
| 113 | */ |
| 114 | |
| 115 | |
| 116 | |
| 117 | /*! \addtogroup remote_source_string |
| 118 | |
| 119 | The formats allowed by the pcap_open() are the following: |
| 120 | - file://path_and_filename [opens a local file] |
| 121 | - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol] |
| 122 | - rpcap://host/devicename [opens the selected device available on a remote host] |
| 123 | - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP] |
| 124 | - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged] |
| 125 | - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged] |
| 126 | |
| 127 | The formats allowed by the pcap_findalldevs_ex() are the following: |
| 128 | - file://folder/ [lists all the files in the given folder] |
| 129 | - rpcap:// [lists all local adapters] |
| 130 | - rpcap://host:port/ [lists the devices available on a remote host] |
| 131 | |
| 132 | Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since |
| 133 | IPv6 is fully supported, these are the allowed formats: |
| 134 | |
| 135 | - host (literal): e.g. host.foo.bar |
| 136 | - host (numeric IPv4): e.g. 10.11.12.13 |
| 137 | - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13] |
| 138 | - host (numeric IPv6): e.g. [1:2:3::4] |
| 139 | - port: can be either numeric (e.g. '80') or literal (e.g. 'http') |
| 140 | |
| 141 | Here you find some allowed examples: |
| 142 | - rpcap://host.foo.bar/devicename [everything literal, no port number] |
| 143 | - rpcap://host.foo.bar:1234/devicename [everything literal, with port number] |
| 144 | - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number] |
| 145 | - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number] |
| 146 | - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number] |
| 147 | - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number] |
| 148 | - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number] |
| 149 | - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] |
| 150 | |
| 151 | \{ |
| 152 | */ |
| 153 | |
| 154 | |
| 155 | /*! |
| 156 | \brief String that will be used to determine the type of source in use (file, |
| 157 | remote/local interface). |
| 158 | |
| 159 | This string will be prepended to the interface name in order to create a string |
| 160 | that contains all the information required to open the source. |
| 161 | |
| 162 | This string indicates that the user wants to open a capture from a local file. |
| 163 | */ |
| 164 | #define PCAP_SRC_FILE_STRING "file://" |
| 165 | /*! |
| 166 | \brief String that will be used to determine the type of source in use (file, |
| 167 | remote/local interface). |
| 168 | |
| 169 | This string will be prepended to the interface name in order to create a string |
| 170 | that contains all the information required to open the source. |
| 171 | |
| 172 | This string indicates that the user wants to open a capture from a network interface. |
| 173 | This string does not necessarily involve the use of the RPCAP protocol. If the |
| 174 | interface required resides on the local host, the RPCAP protocol is not involved |
| 175 | and the local functions are used. |
| 176 | */ |
| 177 | #define PCAP_SRC_IF_STRING "rpcap://" |
| 178 | |
| 179 | /*! |
| 180 | \} |
| 181 | */ |
| 182 | |
| 183 | |
| 184 | |
| 185 | |
| 186 | |
| 187 | /*! |
| 188 | \addtogroup remote_open_flags |
| 189 | \{ |
| 190 | */ |
| 191 | |
| 192 | /*! |
| 193 | \brief Defines if the adapter has to go in promiscuous mode. |
| 194 | |
| 195 | It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise. |
| 196 | Note that even if this parameter is false, the interface could well be in promiscuous |
| 197 | mode for some other reason (for example because another capture process with |
| 198 | promiscuous mode enabled is currently using that interface). |
| 199 | On on Linux systems with 2.2 or later kernels (that have the "any" device), this |
| 200 | flag does not work on the "any" device; if an argument of "any" is supplied, |
| 201 | the 'promisc' flag is ignored. |
| 202 | */ |
| 203 | #define PCAP_OPENFLAG_PROMISCUOUS 1 |
| 204 | |
| 205 | /*! |
| 206 | \brief Defines if the data trasfer (in case of a remote |
| 207 | capture) has to be done with UDP protocol. |
| 208 | |
| 209 | If it is '1' if you want a UDP data connection, '0' if you want |
| 210 | a TCP data connection; control connection is always TCP-based. |
| 211 | A UDP connection is much lighter, but it does not guarantee that all |
| 212 | the captured packets arrive to the client workstation. Moreover, |
| 213 | it could be harmful in case of network congestion. |
| 214 | This flag is meaningless if the source is not a remote interface. |
| 215 | In that case, it is simply ignored. |
| 216 | */ |
| 217 | #define PCAP_OPENFLAG_DATATX_UDP 2 |
| 218 | |
| 219 | |
| 220 | /*! |
| 221 | \brief Defines if the remote probe will capture its own generated traffic. |
| 222 | |
| 223 | In case the remote probe uses the same interface to capture traffic and to send |
| 224 | data back to the caller, the captured traffic includes the RPCAP traffic as well. |
| 225 | If this flag is turned on, the RPCAP traffic is excluded from the capture, so that |
| 226 | the trace returned back to the collector is does not include this traffic. |
| 227 | */ |
| 228 | #define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 |
| 229 | |
| 230 | /*! |
| 231 | \brief Defines if the local adapter will capture its own generated traffic. |
| 232 | |
| 233 | This flag tells the underlying capture driver to drop the packets that were sent by itself. |
| 234 | This is usefult when building applications like bridges, that should ignore the traffic |
| 235 | they just sent. |
| 236 | */ |
| 237 | #define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 |
| 238 | |
| 239 | /*! |
| 240 | \brief This flag configures the adapter for maximum responsiveness. |
| 241 | |
| 242 | In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before |
| 243 | copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage, |
| 244 | i.e. better performance, which is good for applications like sniffers. If the user sets the |
| 245 | PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application |
| 246 | is ready to receive them. This is suggested for real time applications (like, for example, a bridge) |
| 247 | that need the best responsiveness.*/ |
| 248 | #define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16 |
| 249 | |
| 250 | /*! |
| 251 | \} |
| 252 | */ |
| 253 | |
| 254 | |
| 255 | /*! |
| 256 | \addtogroup remote_samp_methods |
| 257 | \{ |
| 258 | */ |
| 259 | |
| 260 | /*! |
| 261 | \brief No sampling has to be done on the current capture. |
| 262 | |
| 263 | In this case, no sampling algorithms are applied to the current capture. |
| 264 | */ |
| 265 | #define PCAP_SAMP_NOSAMP 0 |
| 266 | |
| 267 | /*! |
| 268 | \brief It defines that only 1 out of N packets must be returned to the user. |
| 269 | |
| 270 | In this case, the 'value' field of the 'pcap_samp' structure indicates the |
| 271 | number of packets (minus 1) that must be discarded before one packet got accepted. |
| 272 | In other words, if 'value = 10', the first packet is returned to the caller, while |
| 273 | the following 9 are discarded. |
| 274 | */ |
| 275 | #define PCAP_SAMP_1_EVERY_N 1 |
| 276 | |
| 277 | /*! |
| 278 | \brief It defines that we have to return 1 packet every N milliseconds. |
| 279 | |
| 280 | In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting |
| 281 | time' in milliseconds before one packet got accepted. |
| 282 | In other words, if 'value = 10', the first packet is returned to the caller; the next |
| 283 | returned one will be the first packet that arrives when 10ms have elapsed. |
| 284 | */ |
| 285 | #define PCAP_SAMP_FIRST_AFTER_N_MS 2 |
| 286 | |
| 287 | /*! |
| 288 | \} |
| 289 | */ |
| 290 | |
| 291 | |
| 292 | /*! |
| 293 | \addtogroup remote_auth_methods |
| 294 | \{ |
| 295 | */ |
| 296 | |
| 297 | /*! |
| 298 | \brief It defines the NULL authentication. |
| 299 | |
| 300 | This value has to be used within the 'type' member of the pcap_rmtauth structure. |
| 301 | The 'NULL' authentication has to be equal to 'zero', so that old applications |
| 302 | can just put every field of struct pcap_rmtauth to zero, and it does work. |
| 303 | */ |
| 304 | #define RPCAP_RMTAUTH_NULL 0 |
| 305 | /*! |
| 306 | \brief It defines the username/password authentication. |
| 307 | |
| 308 | With this type of authentication, the RPCAP protocol will use the username/ |
| 309 | password provided to authenticate the user on the remote machine. If the |
| 310 | authentication is successful (and the user has the right to open network devices) |
| 311 | the RPCAP connection will continue; otherwise it will be dropped. |
| 312 | |
| 313 | This value has to be used within the 'type' member of the pcap_rmtauth structure. |
| 314 | */ |
| 315 | #define RPCAP_RMTAUTH_PWD 1 |
| 316 | |
| 317 | /*! |
| 318 | \} |
| 319 | */ |
| 320 | |
| 321 | |
| 322 | |
| 323 | |
| 324 | /*! |
| 325 | |
| 326 | \brief This structure keeps the information needed to autheticate |
| 327 | the user on a remote machine. |
| 328 | |
| 329 | The remote machine can either grant or refuse the access according |
| 330 | to the information provided. |
| 331 | In case the NULL authentication is required, both 'username' and |
| 332 | 'password' can be NULL pointers. |
| 333 | |
| 334 | This structure is meaningless if the source is not a remote interface; |
| 335 | in that case, the functions which requires such a structure can accept |
| 336 | a NULL pointer as well. |
| 337 | */ |
| 338 | struct pcap_rmtauth |
| 339 | { |
| 340 | /*! |
| 341 | \brief Type of the authentication required. |
| 342 | |
| 343 | In order to provide maximum flexibility, we can support different types |
| 344 | of authentication based on the value of this 'type' variable. The currently |
| 345 | supported authentication methods are defined into the |
| 346 | \link remote_auth_methods Remote Authentication Methods Section\endlink. |
| 347 | |
| 348 | */ |
| 349 | int type; |
| 350 | /*! |
| 351 | \brief Zero-terminated string containing the username that has to be |
| 352 | used on the remote machine for authentication. |
| 353 | |
| 354 | This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication |
| 355 | and it can be NULL. |
| 356 | */ |
| 357 | char *username; |
| 358 | /*! |
| 359 | \brief Zero-terminated string containing the password that has to be |
| 360 | used on the remote machine for authentication. |
| 361 | |
| 362 | This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication |
| 363 | and it can be NULL. |
| 364 | */ |
| 365 | char *password; |
| 366 | }; |
| 367 | |
| 368 | |
| 369 | /*! |
| 370 | \brief This structure defines the information related to sampling. |
| 371 | |
| 372 | In case the sampling is requested, the capturing device should read |
| 373 | only a subset of the packets coming from the source. The returned packets depend |
| 374 | on the sampling parameters. |
| 375 | |
| 376 | \warning The sampling process is applied <strong>after</strong> the filtering process. |
| 377 | In other words, packets are filtered first, then the sampling process selects a |
| 378 | subset of the 'filtered' packets and it returns them to the caller. |
| 379 | */ |
| 380 | struct pcap_samp |
| 381 | { |
| 382 | /*! |
| 383 | Method used for sampling. Currently, the supported methods are listed in the |
| 384 | \link remote_samp_methods Sampling Methods Section\endlink. |
| 385 | */ |
| 386 | int method; |
| 387 | |
| 388 | /*! |
| 389 | This value depends on the sampling method defined. For its meaning, please check |
| 390 | at the \link remote_samp_methods Sampling Methods Section\endlink. |
| 391 | */ |
| 392 | int value; |
| 393 | }; |
| 394 | |
| 395 | |
| 396 | |
| 397 | |
| 398 | //! Maximum lenght of an host name (needed for the RPCAP active mode) |
| 399 | #define RPCAP_HOSTLIST_SIZE 1024 |
| 400 | |
| 401 | |
| 402 | /*! |
| 403 | \} |
| 404 | */ // end of public documentation |
| 405 | |
| 406 | |
| 407 | // Exported functions |
| 408 | |
| 409 | |
| 410 | |
| 411 | /** \name New WinPcap functions |
| 412 | |
| 413 | This section lists the new functions that are able to help considerably in writing |
| 414 | WinPcap programs because of their easiness of use. |
| 415 | */ |
| 416 | //\{ |
| 417 | pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf); |
| 418 | int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf); |
| 419 | int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf); |
| 420 | int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf); |
| 421 | struct pcap_samp *pcap_setsampling(pcap_t *p); |
| 422 | |
| 423 | //\} |
| 424 | // End of new winpcap functions |
| 425 | |
| 426 | |
| 427 | |
| 428 | /** \name Remote Capture functions |
| 429 | */ |
| 430 | //\{ |
| 431 | SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf); |
| 432 | int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf); |
| 433 | int pcap_remoteact_close(const char *host, char *errbuf); |
| 434 | void pcap_remoteact_cleanup(); |
| 435 | //\} |
| 436 | // End of remote capture functions |
| 437 | |
| 438 | #ifdef __cplusplus |
| 439 | } |
| 440 | #endif |
| 441 | |
| 442 | |
| 443 | #endif |
| 444 | |