2 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #ifndef __PCAP_RPCAP_H__
35 #define __PCAP_RPCAP_H__
39 #include "sockutils.h" /* Needed for some structures (like SOCKET, sockaddr_in) which are used here */
45 * This file keeps all the new definitions and typedefs that are exported to the user and
46 * that are needed for the RPCAP protocol.
48 * \warning All the RPCAP functions that are allowed to return a buffer containing
49 * the error description can return max PCAP_ERRBUF_SIZE characters.
50 * However there is no guarantees that the string will be zero-terminated.
51 * Best practice is to define the errbuf variable as a char of size 'PCAP_ERRBUF_SIZE+1'
52 * and to insert manually the termination char at the end of the buffer. This will
53 * guarantee that no buffer overflows occur even if we use the printf() to show
54 * the error on the screen.
56 * \warning This file declares some typedefs that MUST be of a specific size.
57 * These definitions (i.e. typedefs) could need to be changed on other platforms than
60 * \warning This file defines some structures that are used to transfer data on the network.
61 * Be careful that you compiler MUST not insert padding into these structures
62 * for better alignment.
63 * These structures have been created in order to be correctly aligned to a 32 bits
64 * boundary, but be careful in any case.
74 /*********************************************************
76 * General definitions / typedefs for the RPCAP protocol *
78 *********************************************************/
80 /* All the following structures and typedef belongs to the Private Documentation */
82 * \addtogroup remote_pri_struct
86 #define RPCAP_DEFAULT_NETPORT "2002" /* Default port on which the RPCAP daemon is waiting for connections. */
87 /* Default port on which the client workstation is waiting for connections in case of active mode. */
88 #define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
89 #define RPCAP_DEFAULT_NETADDR "" /* Default network address on which the RPCAP daemon binds to. */
90 #define RPCAP_VERSION 0 /* Present version of the RPCAP protocol (0 = Experimental). */
91 #define RPCAP_TIMEOUT_INIT 90 /* Initial timeout for RPCAP connections (default: 90 sec) */
92 #define RPCAP_TIMEOUT_RUNTIME 180 /* Run-time timeout for RPCAP connections (default: 3 min) */
93 #define RPCAP_ACTIVE_WAIT 30 /* Waiting time between two attempts to open a connection, in active mode (default: 30 sec) */
94 #define RPCAP_SUSPEND_WRONGAUTH 1 /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
97 * \brief Buffer used by socket functions to send-receive packets.
98 * In case you plan to have messages larger than this value, you have to increase it.
100 #define RPCAP_NETBUF_SIZE 64000
104 * \brief Separators used for the host list.
107 * - by the rpcapd daemon, when you types a list of allowed connecting hosts
108 * - by the rpcap in active mode, when the client waits for incoming connections from other hosts
110 #define RPCAP_HOSTLIST_SEP " ,;\n\r"
115 /* WARNING: These could need to be changed on other platforms */
116 typedef unsigned char uint8; /* Provides an 8-bits unsigned integer */
117 typedef unsigned short uint16; /* Provides a 16-bits unsigned integer */
118 typedef unsigned int uint32; /* Provides a 32-bits unsigned integer */
119 typedef int int32; /* Provides a 32-bits integer */
125 * \brief Keeps a list of all the opened connections in the active mode.
127 * This structure defines a linked list of items that are needed to keep the info required to
128 * manage the active mode.
129 * In other words, when a new connection in active mode starts, this structure is updated so that
130 * it reflects the list of active mode connections currently opened.
131 * This structure is required by findalldevs() and open_remote() to see if they have to open a new
132 * control connection toward the host, or they already have a control connection in place.
136 struct sockaddr_storage host;
138 struct activehosts *next;
142 /*********************************************************
144 * Protocol messages formats *
146 *********************************************************/
147 /* WARNING Take care you compiler does not insert padding for better alignments into these structs */
150 /* Common header for all the RPCAP messages */
153 uint8 ver; /* RPCAP version number */
154 uint8 type; /* RPCAP message type (error, findalldevs, ...) */
155 uint16 value; /* Message-dependent value (not always used) */
156 uint32 plen; /* Length of the payload of this RPCAP message */
160 /* Format of the message for the interface description (findalldevs command) */
161 struct rpcap_findalldevs_if
163 uint16 namelen; /* Length of the interface name */
164 uint16 desclen; /* Length of the interface description */
165 uint32 flags; /* Interface flags */
166 uint16 naddr; /* Number of addresses */
167 uint16 dummy; /* Must be zero */
171 /* Format of the message for the address listing (findalldevs command) */
172 struct rpcap_findalldevs_ifaddr
174 struct sockaddr_storage addr; /* Network address */
175 struct sockaddr_storage netmask; /* Netmask for that address */
176 struct sockaddr_storage broadaddr; /* Broadcast address for that address */
177 struct sockaddr_storage dstaddr; /* P2P destination address for that address */
183 * \brief Format of the message of the connection opening reply (open command).
185 * This structure transfers over the network some of the values useful on the client side.
187 struct rpcap_openreply
189 int32 linktype; /* Link type */
190 int32 tzoff; /* Timezone offset */
195 /* Format of the message that starts a remote capture (startcap command) */
196 struct rpcap_startcapreq
198 uint32 snaplen; /* Length of the snapshot (number of bytes to capture for each packet) */
199 uint32 read_timeout; /* Read timeout in milliseconds */
200 uint16 flags; /* Flags (see RPCAP_STARTCAPREQ_FLAG_xxx) */
201 uint16 portdata; /* Network port on which the client is waiting at (if 'serveropen') */
205 /* Format of the reply message that devoted to start a remote capture (startcap reply command) */
206 struct rpcap_startcapreply
208 int32 bufsize; /* Size of the user buffer allocated by WinPcap; it can be different from the one we chose */
209 uint16 portdata; /* Network port on which the server is waiting at (passive mode only) */
210 uint16 dummy; /* Must be zero */
215 * \brief Format of the header which encapsulates captured packets when transmitted on the network.
217 * This message requires the general header as well, since we want to be able to exchange
218 * more information across the network in the future (for example statistics, and kind like that).
222 uint32 timestamp_sec; /* 'struct timeval' compatible, it represents the 'tv_sec' field */
223 uint32 timestamp_usec; /* 'struct timeval' compatible, it represents the 'tv_usec' field */
224 uint32 caplen; /* Length of portion present in the capture */
225 uint32 len; /* Real length this packet (off wire) */
226 uint32 npkt; /* Ordinal number of the packet (i.e. the first one captured has '1', the second one '2', etc) */
230 /* General header used for the pcap_setfilter() command; keeps just the number of BPF instructions */
233 uint16 filtertype; /* type of the filter transferred (BPF instructions, ...) */
234 uint16 dummy; /* Must be zero */
235 uint32 nitems; /* Number of items contained into the filter (e.g. BPF instructions for BPF filters) */
239 /* Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_filterbpf' header */
240 struct rpcap_filterbpf_insn
242 uint16 code; /* opcode of the instruction */
243 uint8 jt; /* relative offset to jump to in case of 'true' */
244 uint8 jf; /* relative offset to jump to in case of 'false' */
245 int32 k; /* instruction-dependent value */
249 /* Structure that keeps the data required for the authentication on the remote host */
252 uint16 type; /* Authentication type */
253 uint16 dummy; /* Must be zero */
254 uint16 slen1; /* Length of the first authentication item (e.g. username) */
255 uint16 slen2; /* Length of the second authentication item (e.g. password) */
259 /* Structure that keeps the statistics about the number of packets captured, dropped, etc. */
262 uint32 ifrecv; /* Packets received by the kernel filter (i.e. pcap_stats.ps_recv) */
263 uint32 ifdrop; /* Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats.ps_ifdrop) */
264 uint32 krnldrop; /* Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop) */
265 uint32 svrcapt; /* Packets captured by the RPCAP daemon and sent on the network */
269 /* Structure that is needed to set sampling parameters */
270 struct rpcap_sampling
272 uint8 method; /* Sampling method */
273 uint8 dummy1; /* Must be zero */
274 uint16 dummy2; /* Must be zero */
275 uint32 value; /* Parameter related to the sampling method */
280 * Private data for doing a live capture.
283 struct pcap_stat stat;
285 int use_bpf; /* using kernel filter */
286 u_long TotPkts; /* can't overflow for 79 hrs on ether */
287 u_long TotAccepted; /* count accepted by filter */
288 u_long TotDrops; /* count of dropped packets */
289 long TotMissed; /* missed by i/f during this run */
290 long OrigMissed; /* missed by i/f before this run */
291 char *device; /* device name */
292 int timeout; /* timeout for buffering */
293 int must_clear; /* stuff we must clear when we close */
294 struct pcap *next; /* list of open pcaps that need stuff cleared on close */
296 int sock_packet; /* using Linux 2.0 compatible interface */
297 int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */
298 int ifindex; /* interface index of device we're bound to */
299 int lo_ifindex; /* interface index of the loopback device */
300 u_int packets_read; /* count of packets read with recvfrom() */
301 bpf_u_int32 oldmode; /* mode to restore when turning monitor mode off */
302 u_int tp_version; /* version of tpacket_hdr for mmaped ring */
303 u_int tp_hdrlen; /* hdrlen of tpacket_hdr for mmaped ring */
307 #ifdef HAVE_DAG_STREAMS_API
308 u_char *dag_mem_bottom;/* DAG card current memory bottom pointer */
309 u_char *dag_mem_top; /* DAG card current memory top pointer */
310 #else /* HAVE_DAG_STREAMS_API */
311 void *dag_mem_base; /* DAG card memory base address */
312 u_int dag_mem_bottom; /* DAG card current memory bottom offset */
313 u_int dag_mem_top; /* DAG card current memory top offset */
314 #endif /* HAVE_DAG_STREAMS_API */
315 int dag_fcs_bits; /* Number of checksum bits from link layer */
316 int dag_offset_flags; /* Flags to pass to dag_offset(). */
317 int dag_stream; /* DAG stream number */
318 int dag_timeout; /* timeout specified to pcap_open_live.
319 * Same as in linux above, introduce
322 #endif /* HAVE_DAG_API */
323 #ifdef HAVE_ZEROCOPY_BPF
325 * Zero-copy read buffer -- for zero-copy BPF. 'buffer' above will
326 * alternative between these two actual mmap'd buffers as required.
327 * As there is a header on the front size of the mmap'd buffer, only
328 * some of the buffer is exposed to libpcap as a whole via bufsize;
329 * zbufsize is the true size. zbuffer tracks the current zbuf
330 * associated with buffer so that it can be used to decide which the
331 * next buffer to read will be.
333 u_char *zbuf1, *zbuf2, *zbuffer;
337 struct timespec firstsel;
339 * If there's currently a buffer being actively processed, then it is
340 * referenced here; 'buffer' is also pointed at it, but offset by the
341 * size of the header.
343 struct bpf_zbuf_header *bzh;
344 #endif /* HAVE_ZEROCOPY_BPF */
350 * There is really a mess with previous variables, and it seems to me that they are not used
351 * (they are used in pcap_pf.c only). I think we have to start using them.
352 * The meaning is the following:
354 * - TotPkts: the amount of packets received by the bpf filter, *before* applying the filter
355 * - TotAccepted: the amount of packets that satisfies the filter
356 * - TotDrops: the amount of packet that were dropped into the kernel buffer because of lack of space
357 * - TotMissed: the amount of packets that were dropped by the physical interface; it is basically
358 * the value of the hardware counter into the card. This number is never put to zero, so this number
359 * takes into account the *total* number of interface drops starting from the interface power-on.
360 * - OrigMissed: the amount of packets that were dropped by the interface *when the capture begins*.
361 * This value is used to detect the number of packets dropped by the interface *during the present
362 * capture*, so that (ps_ifdrops= TotMissed - OrigMissed).
364 unsigned int TotNetDrops; /* keeps the number of packets that have been dropped by the network */
366 * \brief It keeps the number of packets that have been received by the application.
368 * Packets dropped by the kernel buffer are not counted in this variable. The variable is always
369 * equal to (TotAccepted - TotDrops), except for the case of remote capture, in which we have also
370 * packets in flight, i.e. that have been transmitted by the remote host, but that have not been
371 * received (yet) from the client. In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
372 * wrong result, since this number does not corresponds always to the number of packet received by
373 * the application. For this reason, in the remote capture we need another variable that takes
374 * into account of the number of packets actually received by the application.
376 unsigned int TotCapt;
378 /*! \brief '1' if we're the network client; needed by several functions (like pcap_setfilter() ) to know if
379 they have to use the socket or they have to open the local adapter. */
382 SOCKET rmt_sockctrl; //!< socket ID of the socket used for the control connection
383 SOCKET rmt_sockdata; //!< socket ID of the socket used for the data connection
384 int rmt_flags; //!< we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture()
385 int rmt_capstarted; //!< 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture()
386 struct pcap_samp rmt_samp; //!< Keeps the parameters related to the sampling process.
387 char *currentfilter; //!< Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on.
388 #endif /* HAVE_REMOTE */
393 /* Messages field coding */
394 #define RPCAP_MSG_ERROR 1 /* Message that keeps an error notification */
395 #define RPCAP_MSG_FINDALLIF_REQ 2 /* Request to list all the remote interfaces */
396 #define RPCAP_MSG_OPEN_REQ 3 /* Request to open a remote device */
397 #define RPCAP_MSG_STARTCAP_REQ 4 /* Request to start a capture on a remote device */
398 #define RPCAP_MSG_UPDATEFILTER_REQ 5 /* Send a compiled filter into the remote device */
399 #define RPCAP_MSG_CLOSE 6 /* Close the connection with the remote peer */
400 #define RPCAP_MSG_PACKET 7 /* This is a 'data' message, which carries a network packet */
401 #define RPCAP_MSG_AUTH_REQ 8 /* Message that keeps the authentication parameters */
402 #define RPCAP_MSG_STATS_REQ 9 /* It requires to have network statistics */
403 #define RPCAP_MSG_ENDCAP_REQ 10 /* Stops the current capture, keeping the device open */
404 #define RPCAP_MSG_SETSAMPLING_REQ 11 /* Set sampling parameters */
406 #define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ) /* Keeps the list of all the remote interfaces */
407 #define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ) /* The remote device has been opened correctly */
408 #define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ) /* The capture is starting correctly */
409 #define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ) /* The filter has been applied correctly on the remote device */
410 #define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ) /* Sends a message that says 'ok, authorization successful' */
411 #define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ) /* Message that keeps the network statistics */
412 #define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ) /* Confirms that the capture stopped successfully */
413 #define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ) /* Confirms that the capture stopped successfully */
415 #define RPCAP_STARTCAPREQ_FLAG_PROMISC 1 /* Enables promiscuous mode (default: disabled) */
416 #define RPCAP_STARTCAPREQ_FLAG_DGRAM 2 /* Use a datagram (i.e. UDP) connection for the data stream (default: use TCP)*/
417 #define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4 /* The server has to open the data connection toward the client */
418 #define RPCAP_STARTCAPREQ_FLAG_INBOUND 8 /* Capture only inbound packets (take care: the flag has no effects with promiscuous enabled) */
419 #define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16 /* Capture only outbound packets (take care: the flag has no effects with promiscuous enabled) */
421 #define RPCAP_UPDATEFILTER_BPF 1 /* This code tells us that the filter is encoded with the BPF/NPF syntax */
424 /* Network error codes */
425 #define PCAP_ERR_NETW 1 /* Network error */
426 #define PCAP_ERR_INITTIMEOUT 2 /* The RPCAP initial timeout has expired */
427 #define PCAP_ERR_AUTH 3 /* Generic authentication error */
428 #define PCAP_ERR_FINDALLIF 4 /* Generic findalldevs error */
429 #define PCAP_ERR_NOREMOTEIF 5 /* The findalldevs was ok, but the remote end had no interfaces to list */
430 #define PCAP_ERR_OPEN 6 /* Generic pcap_open error */
431 #define PCAP_ERR_UPDATEFILTER 7 /* Generic updatefilter error */
432 #define PCAP_ERR_GETSTATS 8 /* Generic pcap_stats error */
433 #define PCAP_ERR_READEX 9 /* Generic pcap_next_ex error */
434 #define PCAP_ERR_HOSTNOAUTH 10 /* The host is not authorized to connect to this server */
435 #define PCAP_ERR_REMOTEACCEPT 11 /* Generic pcap_remoteaccept error */
436 #define PCAP_ERR_STARTCAPTURE 12 /* Generic pcap_startcapture error */
437 #define PCAP_ERR_ENDCAPTURE 13 /* Generic pcap_endcapture error */
438 #define PCAP_ERR_RUNTIMETIMEOUT 14 /* The RPCAP run-time timeout has expired */
439 #define PCAP_ERR_SETSAMPLING 15 /* Error during the settings of sampling parameters */
440 #define PCAP_ERR_WRONGMSG 16 /* The other end endpoint sent a message which has not been recognized */
441 #define PCAP_ERR_WRONGVER 17 /* The other end endpoint has a version number that is not compatible with our */
444 * // end of private documentation
448 /*********************************************************
450 * Exported function prototypes *
452 *********************************************************/
453 int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth);
454 int pcap_startcapture_remote(pcap_t *fp);
456 void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
457 int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
458 int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
459 int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
460 int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
462 SOCKET rpcap_remoteact_getsock(const char *host, int *isactive, char *errbuf);
projects / FreeBSD / FreeBSD.git / blob