2 * Copyright (c) 2008 CACE Technologies, Davis (California)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of CACE Technologies nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
50 typedef TC_STATUS (TC_CALLCONV *TcFcnQueryPortList) (PTC_PORT *ppPorts, PULONG pLength);
51 typedef TC_STATUS (TC_CALLCONV *TcFcnFreePortList) (TC_PORT *pPorts);
53 typedef PCHAR (TC_CALLCONV *TcFcnStatusGetString) (TC_STATUS status);
55 typedef PCHAR (TC_CALLCONV *TcFcnPortGetName) (TC_PORT port);
56 typedef PCHAR (TC_CALLCONV *TcFcnPortGetDescription) (TC_PORT port);
58 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceOpenByName) (PCHAR name, PTC_INSTANCE pInstance);
59 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceClose) (TC_INSTANCE instance);
60 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceSetFeature) (TC_INSTANCE instance, ULONG feature, ULONG value);
61 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceQueryFeature) (TC_INSTANCE instance, ULONG feature, PULONG pValue);
62 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceReceivePackets) (TC_INSTANCE instance, PTC_PACKETS_BUFFER pBuffer);
63 typedef HANDLE (TC_CALLCONV *TcFcnInstanceGetReceiveWaitHandle) (TC_INSTANCE instance);
64 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceTransmitPackets) (TC_INSTANCE instance, TC_PACKETS_BUFFER pBuffer);
65 typedef TC_STATUS (TC_CALLCONV *TcFcnInstanceQueryStatistics) (TC_INSTANCE instance, PTC_STATISTICS pStatistics);
67 typedef TC_STATUS (TC_CALLCONV *TcFcnPacketsBufferCreate) (ULONG size, PTC_PACKETS_BUFFER pBuffer);
68 typedef VOID (TC_CALLCONV *TcFcnPacketsBufferDestroy) (TC_PACKETS_BUFFER buffer);
69 typedef TC_STATUS (TC_CALLCONV *TcFcnPacketsBufferQueryNextPacket)(TC_PACKETS_BUFFER buffer, PTC_PACKET_HEADER pHeader, PVOID *ppData);
70 typedef TC_STATUS (TC_CALLCONV *TcFcnPacketsBufferCommitNextPacket)(TC_PACKETS_BUFFER buffer, PTC_PACKET_HEADER pHeader, PVOID pData);
72 typedef VOID (TC_CALLCONV *TcFcnStatisticsDestroy) (TC_STATISTICS statistics);
73 typedef TC_STATUS (TC_CALLCONV *TcFcnStatisticsUpdate) (TC_STATISTICS statistics);
74 typedef TC_STATUS (TC_CALLCONV *TcFcnStatisticsQueryValue) (TC_STATISTICS statistics, ULONG counterId, PULONGLONG pValue);
86 typedef struct _TC_FUNCTIONS
88 TC_API_LOAD_STATUS LoadStatus;
90 HMODULE hTcApiDllHandle;
92 TcFcnQueryPortList QueryPortList;
93 TcFcnFreePortList FreePortList;
94 TcFcnStatusGetString StatusGetString;
96 TcFcnPortGetName PortGetName;
97 TcFcnPortGetDescription PortGetDescription;
99 TcFcnInstanceOpenByName InstanceOpenByName;
100 TcFcnInstanceClose InstanceClose;
101 TcFcnInstanceSetFeature InstanceSetFeature;
102 TcFcnInstanceQueryFeature InstanceQueryFeature;
103 TcFcnInstanceReceivePackets InstanceReceivePackets;
105 TcFcnInstanceGetReceiveWaitHandle InstanceGetReceiveWaitHandle;
107 TcFcnInstanceTransmitPackets InstanceTransmitPackets;
108 TcFcnInstanceQueryStatistics InstanceQueryStatistics;
110 TcFcnPacketsBufferCreate PacketsBufferCreate;
111 TcFcnPacketsBufferDestroy PacketsBufferDestroy;
112 TcFcnPacketsBufferQueryNextPacket PacketsBufferQueryNextPacket;
113 TcFcnPacketsBufferCommitNextPacket PacketsBufferCommitNextPacket;
115 TcFcnStatisticsDestroy StatisticsDestroy;
116 TcFcnStatisticsUpdate StatisticsUpdate;
117 TcFcnStatisticsQueryValue StatisticsQueryValue;
121 static pcap_if_t* TcCreatePcapIfFromPort(TC_PORT port);
122 static int TcSetDatalink(pcap_t *p, int dlt);
123 static int TcGetNonBlock(pcap_t *p);
124 static int TcSetNonBlock(pcap_t *p, int nonblock);
125 static void TcCleanup(pcap_t *p);
126 static int TcInject(pcap_t *p, const void *buf, size_t size);
127 static int TcRead(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
128 static int TcStats(pcap_t *p, struct pcap_stat *ps);
129 static int TcSetFilter(pcap_t *p, struct bpf_program *fp);
131 static struct pcap_stat *TcStatsEx(pcap_t *p, int *pcap_stat_size);
132 static int TcSetBuff(pcap_t *p, int dim);
133 static int TcSetMode(pcap_t *p, int mode);
134 static int TcSetMinToCopy(pcap_t *p, int size);
135 static HANDLE TcGetReceiveWaitHandle(pcap_t *p);
136 static int TcOidGetRequest(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp);
137 static int TcOidSetRequest(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp);
138 static u_int TcSendqueueTransmit(pcap_t *p, pcap_send_queue *queue, int sync);
139 static int TcSetUserBuffer(pcap_t *p, int size);
140 static int TcLiveDump(pcap_t *p, char *filename, int maxsize, int maxpacks);
141 static int TcLiveDumpEnded(pcap_t *p, int sync);
142 static PAirpcapHandle TcGetAirPcapHandle(pcap_t *p);
146 TC_FUNCTIONS g_TcFunctions =
148 TC_API_UNLOADED, /* LoadStatus */
149 NULL, /* hTcApiDllHandle */
150 NULL, /* QueryPortList */
151 NULL, /* FreePortList */
152 NULL, /* StatusGetString */
153 NULL, /* PortGetName */
154 NULL, /* PortGetDescription */
155 NULL, /* InstanceOpenByName */
156 NULL, /* InstanceClose */
157 NULL, /* InstanceSetFeature */
158 NULL, /* InstanceQueryFeature */
159 NULL, /* InstanceReceivePackets */
160 NULL, /* InstanceGetReceiveWaitHandle */
161 NULL, /* InstanceTransmitPackets */
162 NULL, /* InstanceQueryStatistics */
163 NULL, /* PacketsBufferCreate */
164 NULL, /* PacketsBufferDestroy */
165 NULL, /* PacketsBufferQueryNextPacket */
166 NULL, /* PacketsBufferCommitNextPacket */
167 NULL, /* StatisticsDestroy */
168 NULL, /* StatisticsUpdate */
169 NULL /* StatisticsQueryValue */
172 TC_FUNCTIONS g_TcFunctions =
174 TC_API_LOADED, /* LoadStatus */
179 TcPortGetDescription,
180 TcInstanceOpenByName,
182 TcInstanceSetFeature,
183 TcInstanceQueryFeature,
184 TcInstanceReceivePackets,
186 TcInstanceGetReceiveWaitHandle,
188 TcInstanceTransmitPackets,
189 TcInstanceQueryStatistics,
190 TcPacketsBufferCreate,
191 TcPacketsBufferDestroy,
192 TcPacketsBufferQueryNextPacket,
193 TcPacketsBufferCommitNextPacket,
196 TcStatisticsQueryValue,
200 #define MAX_TC_PACKET_SIZE 9500
202 #pragma pack(push, 1)
204 #define PPH_PH_FLAG_PADDING ((UCHAR)0x01)
205 #define PPH_PH_VERSION ((UCHAR)0x00)
207 typedef struct _PPI_PACKET_HEADER
214 PPI_PACKET_HEADER, *PPPI_PACKET_HEADER;
216 typedef struct _PPI_FIELD_HEADER
221 PPI_FIELD_HEADER, *PPPI_FIELD_HEADER;
224 #define PPI_FIELD_TYPE_AGGREGATION_EXTENSION ((UCHAR)0x08)
226 typedef struct _PPI_FIELD_AGGREGATION_EXTENSION
230 PPI_FIELD_AGGREGATION_EXTENSION, *PPPI_FIELD_AGGREGATION_EXTENSION;
233 #define PPI_FIELD_TYPE_802_3_EXTENSION ((UCHAR)0x09)
235 #define PPI_FLD_802_3_EXT_FLAG_FCS_PRESENT ((ULONG)0x00000001)
237 typedef struct _PPI_FIELD_802_3_EXTENSION
242 PPI_FIELD_802_3_EXTENSION, *PPPI_FIELD_802_3_EXTENSION;
244 typedef struct _PPI_HEADER
246 PPI_PACKET_HEADER PacketHeader;
247 PPI_FIELD_HEADER AggregationFieldHeader;
248 PPI_FIELD_AGGREGATION_EXTENSION AggregationField;
249 PPI_FIELD_HEADER Dot3FieldHeader;
250 PPI_FIELD_802_3_EXTENSION Dot3Field;
252 PPI_HEADER, *PPPI_HEADER;
257 // This wrapper around loadlibrary appends the system folder (usually c:\windows\system32)
258 // to the relative path of the DLL, so that the DLL is always loaded from an absolute path
259 // (It's no longer possible to load airpcap.dll from the application folder).
260 // This solves the DLL Hijacking issue discovered in August 2010
261 // http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
263 HMODULE LoadLibrarySafe(LPCTSTR lpFileName)
265 TCHAR path[MAX_PATH];
266 TCHAR fullFileName[MAX_PATH];
268 HMODULE hModule = NULL;
271 res = GetSystemDirectory(path, MAX_PATH);
276 // some bad failure occurred;
284 // the buffer was not big enough
286 SetLastError(ERROR_INSUFFICIENT_BUFFER);
290 if (res + 1 + _tcslen(lpFileName) + 1 < MAX_PATH)
292 memcpy(fullFileName, path, res * sizeof(TCHAR));
293 fullFileName[res] = _T('\\');
294 memcpy(&fullFileName[res + 1], lpFileName, (_tcslen(lpFileName) + 1) * sizeof(TCHAR));
296 hModule = LoadLibrary(fullFileName);
300 SetLastError(ERROR_INSUFFICIENT_BUFFER);
309 * NOTE: this function should be called by the pcap functions that can theoretically
310 * deal with the Tc library for the first time, namely listing the adapters and
311 * opening one. All the other ones (close, read, write, set parameters) work
312 * on an open instance of TC, so we do not care to call this function
314 TC_API_LOAD_STATUS LoadTcFunctions(void)
316 TC_API_LOAD_STATUS currentStatus;
320 currentStatus = InterlockedCompareExchange((LONG*)&g_TcFunctions.LoadStatus, TC_API_LOADING, TC_API_UNLOADED);
322 while(currentStatus == TC_API_LOADING)
324 currentStatus = InterlockedCompareExchange((LONG*)&g_TcFunctions.LoadStatus, TC_API_LOADING, TC_API_LOADING);
329 * at this point we are either in the LOADED state, unloaded state (i.e. we are the ones loading everything)
332 if(currentStatus == TC_API_LOADED)
334 return TC_API_LOADED;
337 if (currentStatus == TC_API_CANNOT_LOAD)
339 return TC_API_CANNOT_LOAD;
342 currentStatus = TC_API_CANNOT_LOAD;
344 g_TcFunctions.hTcApiDllHandle = LoadLibrarySafe("TcApi.dll");
345 if (g_TcFunctions.hTcApiDllHandle == NULL) break;
347 g_TcFunctions.QueryPortList = (TcFcnQueryPortList) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcQueryPortList");
348 g_TcFunctions.FreePortList = (TcFcnFreePortList) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcFreePortList");
350 g_TcFunctions.StatusGetString = (TcFcnStatusGetString) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatusGetString");
352 g_TcFunctions.PortGetName = (TcFcnPortGetName) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPortGetName");
353 g_TcFunctions.PortGetDescription = (TcFcnPortGetDescription) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPortGetDescription");
355 g_TcFunctions.InstanceOpenByName = (TcFcnInstanceOpenByName) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceOpenByName");
356 g_TcFunctions.InstanceClose = (TcFcnInstanceClose) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceClose");
357 g_TcFunctions.InstanceSetFeature = (TcFcnInstanceSetFeature) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceSetFeature");
358 g_TcFunctions.InstanceQueryFeature = (TcFcnInstanceQueryFeature) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceQueryFeature");
359 g_TcFunctions.InstanceReceivePackets = (TcFcnInstanceReceivePackets) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceReceivePackets");
360 g_TcFunctions.InstanceGetReceiveWaitHandle = (TcFcnInstanceGetReceiveWaitHandle)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceGetReceiveWaitHandle");
361 g_TcFunctions.InstanceTransmitPackets = (TcFcnInstanceTransmitPackets)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceTransmitPackets");
362 g_TcFunctions.InstanceQueryStatistics = (TcFcnInstanceQueryStatistics)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceQueryStatistics");
364 g_TcFunctions.PacketsBufferCreate = (TcFcnPacketsBufferCreate) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferCreate");
365 g_TcFunctions.PacketsBufferDestroy = (TcFcnPacketsBufferDestroy) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferDestroy");
366 g_TcFunctions.PacketsBufferQueryNextPacket = (TcFcnPacketsBufferQueryNextPacket)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferQueryNextPacket");
367 g_TcFunctions.PacketsBufferCommitNextPacket = (TcFcnPacketsBufferCommitNextPacket)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferCommitNextPacket");
369 g_TcFunctions.StatisticsDestroy = (TcFcnStatisticsDestroy) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatisticsDestroy");
370 g_TcFunctions.StatisticsUpdate = (TcFcnStatisticsUpdate) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatisticsUpdate");
371 g_TcFunctions.StatisticsQueryValue = (TcFcnStatisticsQueryValue) GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatisticsQueryValue");
373 if ( g_TcFunctions.QueryPortList == NULL
374 || g_TcFunctions.FreePortList == NULL
375 || g_TcFunctions.StatusGetString == NULL
376 || g_TcFunctions.PortGetName == NULL
377 || g_TcFunctions.PortGetDescription == NULL
378 || g_TcFunctions.InstanceOpenByName == NULL
379 || g_TcFunctions.InstanceClose == NULL
380 || g_TcFunctions.InstanceSetFeature == NULL
381 || g_TcFunctions.InstanceQueryFeature == NULL
382 || g_TcFunctions.InstanceReceivePackets == NULL
383 || g_TcFunctions.InstanceGetReceiveWaitHandle == NULL
384 || g_TcFunctions.InstanceTransmitPackets == NULL
385 || g_TcFunctions.InstanceQueryStatistics == NULL
386 || g_TcFunctions.PacketsBufferCreate == NULL
387 || g_TcFunctions.PacketsBufferDestroy == NULL
388 || g_TcFunctions.PacketsBufferQueryNextPacket == NULL
389 || g_TcFunctions.PacketsBufferCommitNextPacket == NULL
390 || g_TcFunctions.StatisticsDestroy == NULL
391 || g_TcFunctions.StatisticsUpdate == NULL
392 || g_TcFunctions.StatisticsQueryValue == NULL
399 * everything got loaded, yay!!
401 currentStatus = TC_API_LOADED;
404 if (currentStatus != TC_API_LOADED)
406 if (g_TcFunctions.hTcApiDllHandle != NULL)
408 FreeLibrary(g_TcFunctions.hTcApiDllHandle);
409 g_TcFunctions.hTcApiDllHandle = NULL;
413 InterlockedExchange((LONG*)&g_TcFunctions.LoadStatus, currentStatus);
415 return currentStatus;
419 TC_API_LOAD_STATUS LoadTcFunctions(void)
421 return TC_API_LOADED;
426 * Private data for capturing on TurboCap devices.
429 TC_INSTANCE TcInstance;
430 TC_PACKETS_BUFFER TcPacketsBuffer;
431 ULONG TcAcceptedCount;
436 TcFindAllDevs(pcap_if_list_t *devlist, char *errbuf)
438 TC_API_LOAD_STATUS loadStatus;
440 PTC_PORT pPorts = NULL;
443 pcap_if_t *dev, *cursor;
448 loadStatus = LoadTcFunctions();
450 if (loadStatus != TC_API_LOADED)
457 * enumerate the ports, and add them to the list
459 status = g_TcFunctions.QueryPortList(&pPorts, &numPorts);
461 if (status != TC_SUCCESS)
467 for (i = 0; i < numPorts; i++)
470 * transform the port into an entry in the list
472 dev = TcCreatePcapIfFromPort(pPorts[i]);
477 * append it at the end
479 if (devlistp->beginning == NULL)
481 devlistp->beginning = dev;
485 for (cursor = devlistp->beginning;
486 cursor->next != NULL;
487 cursor = cursor->next);
496 * ignore the result here
498 status = g_TcFunctions.FreePortList(pPorts);
506 static pcap_if_t* TcCreatePcapIfFromPort(TC_PORT port)
510 pcap_if_t *newIf = NULL;
512 newIf = (pcap_if_t*)malloc(sizeof(*newIf));
518 memset(newIf, 0, sizeof(*newIf));
520 name = g_TcFunctions.PortGetName(port);
521 description = g_TcFunctions.PortGetDescription(port);
523 newIf->name = (char*)malloc(strlen(name) + 1);
524 if (newIf->name == NULL)
530 newIf->description = (char*)malloc(strlen(description) + 1);
531 if (newIf->description == NULL)
538 strcpy(newIf->name, name);
539 strcpy(newIf->description, description);
541 newIf->addresses = NULL;
550 TcActivate(pcap_t *p)
552 struct pcap_tc *pt = p->priv;
555 PPPI_HEADER pPpiHeader;
560 * No monitor mode on Tc cards; they're Ethernet
563 return PCAP_ERROR_RFMON_NOTSUP;
566 pt->PpiPacket = malloc(sizeof(PPI_HEADER) + MAX_TC_PACKET_SIZE);
568 if (pt->PpiPacket == NULL)
570 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Error allocating memory");
575 * Turn a negative snapshot value (invalid), a snapshot value of
576 * 0 (unspecified), or a value bigger than the normal maximum
577 * value, into the maximum allowed value.
579 * If some application really *needs* a bigger snapshot
580 * length, we should just increase MAXIMUM_SNAPLEN.
582 if (p->snapshot <= 0 || p->snapshot > MAXIMUM_SNAPLEN)
583 p->snapshot = MAXIMUM_SNAPLEN;
586 * Initialize the PPI fixed fields
588 pPpiHeader = (PPPI_HEADER)pt->PpiPacket;
589 pPpiHeader->PacketHeader.PphDlt = DLT_EN10MB;
590 pPpiHeader->PacketHeader.PphLength = sizeof(PPI_HEADER);
591 pPpiHeader->PacketHeader.PphFlags = 0;
592 pPpiHeader->PacketHeader.PphVersion = 0;
594 pPpiHeader->AggregationFieldHeader.PfhLength = sizeof(PPI_FIELD_AGGREGATION_EXTENSION);
595 pPpiHeader->AggregationFieldHeader.PfhType = PPI_FIELD_TYPE_AGGREGATION_EXTENSION;
597 pPpiHeader->Dot3FieldHeader.PfhLength = sizeof(PPI_FIELD_802_3_EXTENSION);
598 pPpiHeader->Dot3FieldHeader.PfhType = PPI_FIELD_TYPE_802_3_EXTENSION;
600 status = g_TcFunctions.InstanceOpenByName(p->opt.device, &pt->TcInstance);
602 if (status != TC_SUCCESS)
604 /* Adapter detected but we are not able to open it. Return failure. */
605 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Error opening TurboCap adapter: %s", g_TcFunctions.StatusGetString(status));
609 p->linktype = DLT_EN10MB;
610 p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
612 * If that fails, just leave the list empty.
614 if (p->dlt_list != NULL) {
615 p->dlt_list[0] = DLT_EN10MB;
616 p->dlt_list[1] = DLT_PPI;
621 * ignore promiscuous mode
627 * ignore all the buffer sizes
633 status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_RX_STATUS, 1);
635 if (status != TC_SUCCESS)
637 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,"Error enabling reception on a TurboCap instance: %s", g_TcFunctions.StatusGetString(status));
642 * enable transmission
644 status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_TX_STATUS, 1);
646 * Ignore the error here.
649 p->inject_op = TcInject;
651 * if the timeout is -1, it means immediate return, no timeout
652 * if the timeout is 0, it means INFINITE
655 if (p->opt.timeout == 0)
657 timeout = 0xFFFFFFFF;
660 if (p->opt.timeout < 0)
663 * we insert a minimal timeout here
669 timeout = p->opt.timeout;
672 status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_READ_TIMEOUT, timeout);
674 if (status != TC_SUCCESS)
676 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,"Error setting the read timeout a TurboCap instance: %s", g_TcFunctions.StatusGetString(status));
681 p->setfilter_op = TcSetFilter;
682 p->setdirection_op = NULL; /* Not implemented. */
683 p->set_datalink_op = TcSetDatalink;
684 p->getnonblock_op = TcGetNonBlock;
685 p->setnonblock_op = TcSetNonBlock;
686 p->stats_op = TcStats;
688 p->stats_ex_op = TcStatsEx;
689 p->setbuff_op = TcSetBuff;
690 p->setmode_op = TcSetMode;
691 p->setmintocopy_op = TcSetMinToCopy;
692 p->getevent_op = TcGetReceiveWaitHandle;
693 p->oid_get_request_op = TcOidGetRequest;
694 p->oid_set_request_op = TcOidSetRequest;
695 p->sendqueue_transmit_op = TcSendqueueTransmit;
696 p->setuserbuffer_op = TcSetUserBuffer;
697 p->live_dump_op = TcLiveDump;
698 p->live_dump_ended_op = TcLiveDumpEnded;
699 p->get_airpcap_handle_op = TcGetAirPcapHandle;
701 p->selectable_fd = -1;
704 p->cleanup_op = TcCleanup;
713 TcCreate(const char *device, char *ebuf, int *is_ours)
716 PTC_PORT pPorts = NULL;
722 if (LoadTcFunctions() != TC_API_LOADED)
725 * XXX - report this as an error rather than as
726 * "not a TurboCap device"?
733 * enumerate the ports, and add them to the list
735 status = g_TcFunctions.QueryPortList(&pPorts, &numPorts);
737 if (status != TC_SUCCESS)
740 * XXX - report this as an error rather than as
741 * "not a TurboCap device"?
748 for (i = 0; i < numPorts; i++)
750 if (strcmp(g_TcFunctions.PortGetName(pPorts[i]), device) == 0)
760 * ignore the result here
762 (void)g_TcFunctions.FreePortList(pPorts);
771 /* OK, it's probably ours. */
774 p = pcap_create_common(ebuf, sizeof (struct pcap_tc));
778 p->activate_op = TcActivate;
780 * Set these up front, so that, even if our client tries
781 * to set non-blocking mode before we're activated, or
782 * query the state of non-blocking mode, they get an error,
783 * rather than having the non-blocking mode option set
786 p->getnonblock_op = TcGetNonBlock;
787 p->setnonblock_op = TcSetNonBlock;
791 static int TcSetDatalink(pcap_t *p, int dlt)
794 * We don't have to do any work here; pcap_set_datalink() checks
795 * whether the value is in the list of DLT_ values we
796 * supplied, so we don't have to, and, if it is valid, sets
797 * p->linktype to the new value; we don't have to do anything
798 * in hardware, we just use what's in p->linktype.
800 * We do have to have a routine, however, so that pcap_set_datalink()
801 * doesn't think we don't support setting the link-layer header
807 static int TcGetNonBlock(pcap_t *p)
809 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
810 "Non-blocking mode isn't supported for TurboCap ports");
814 static int TcSetNonBlock(pcap_t *p, int nonblock)
816 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
817 "Non-blocking mode isn't supported for TurboCap ports");
821 static void TcCleanup(pcap_t *p)
823 struct pcap_tc *pt = p->priv;
825 if (pt->TcPacketsBuffer != NULL)
827 g_TcFunctions.PacketsBufferDestroy(pt->TcPacketsBuffer);
828 pt->TcPacketsBuffer = NULL;
830 if (pt->TcInstance != NULL)
833 * here we do not check for the error values
835 g_TcFunctions.InstanceClose(pt->TcInstance);
836 pt->TcInstance = NULL;
839 if (pt->PpiPacket != NULL)
842 pt->PpiPacket = NULL;
845 pcap_cleanup_live_common(p);
848 /* Send a packet to the network */
849 static int TcInject(pcap_t *p, const void *buf, size_t size)
851 struct pcap_tc *pt = p->priv;
853 TC_PACKETS_BUFFER buffer;
854 TC_PACKET_HEADER header;
858 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: the TurboCap API does not support packets larger than 64k");
862 status = g_TcFunctions.PacketsBufferCreate(sizeof(TC_PACKET_HEADER) + TC_ALIGN_USHORT_TO_64BIT((USHORT)size), &buffer);
864 if (status != TC_SUCCESS)
866 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: TcPacketsBufferCreate failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
871 * we assume that the packet is without the checksum, as common with WinPcap
873 memset(&header, 0, sizeof(header));
875 header.Length = (USHORT)size;
876 header.CapturedLength = header.Length;
878 status = g_TcFunctions.PacketsBufferCommitNextPacket(buffer, &header, (PVOID)buf);
880 if (status == TC_SUCCESS)
882 status = g_TcFunctions.InstanceTransmitPackets(pt->TcInstance, buffer);
884 if (status != TC_SUCCESS)
886 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: TcInstanceTransmitPackets failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
891 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: TcPacketsBufferCommitNextPacket failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
894 g_TcFunctions.PacketsBufferDestroy(buffer);
896 if (status != TC_SUCCESS)
906 static int TcRead(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
908 struct pcap_tc *pt = p->priv;
913 * Has "pcap_breakloop()" been called?
918 * Yes - clear the flag that indicates that it
919 * has, and return -2 to indicate that we were
920 * told to break out of the loop.
926 if (pt->TcPacketsBuffer == NULL)
928 status = g_TcFunctions.InstanceReceivePackets(pt->TcInstance, &pt->TcPacketsBuffer);
929 if (status != TC_SUCCESS)
931 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error, TcInstanceReceivePackets failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
938 struct pcap_pkthdr hdr;
939 TC_PACKET_HEADER tcHeader;
944 * Has "pcap_breakloop()" been called?
945 * If so, return immediately - if we haven't read any
946 * packets, clear the flag and return -2 to indicate
947 * that we were told to break out of the loop, otherwise
948 * leave the flag set, so that the *next* call will break
949 * out of the loop without having read any packets, and
950 * return the number of packets we've processed so far.
965 if (pt->TcPacketsBuffer == NULL)
970 status = g_TcFunctions.PacketsBufferQueryNextPacket(pt->TcPacketsBuffer, &tcHeader, &data);
972 if (status == TC_ERROR_END_OF_BUFFER)
974 g_TcFunctions.PacketsBufferDestroy(pt->TcPacketsBuffer);
975 pt->TcPacketsBuffer = NULL;
979 if (status != TC_SUCCESS)
981 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error, TcPacketsBufferQueryNextPacket failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
985 /* No underlaying filtering system. We need to filter on our own */
986 if (p->fcode.bf_insns)
988 filterResult = bpf_filter(p->fcode.bf_insns, data, tcHeader.Length, tcHeader.CapturedLength);
990 if (filterResult == 0)
995 if (filterResult > tcHeader.CapturedLength)
997 filterResult = tcHeader.CapturedLength;
1002 filterResult = tcHeader.CapturedLength;
1005 pt->TcAcceptedCount ++;
1007 hdr.ts.tv_sec = (bpf_u_int32)(tcHeader.Timestamp / (ULONGLONG)(1000 * 1000 * 1000));
1008 hdr.ts.tv_usec = (bpf_u_int32)((tcHeader.Timestamp % (ULONGLONG)(1000 * 1000 * 1000)) / 1000);
1010 if (p->linktype == DLT_EN10MB)
1012 hdr.caplen = filterResult;
1013 hdr.len = tcHeader.Length;
1014 (*callback)(user, &hdr, data);
1018 PPPI_HEADER pPpiHeader = (PPPI_HEADER)pt->PpiPacket;
1019 PVOID data2 = pPpiHeader + 1;
1021 pPpiHeader->AggregationField.InterfaceId = TC_PH_FLAGS_RX_PORT_ID(tcHeader.Flags);
1022 pPpiHeader->Dot3Field.Errors = tcHeader.Errors;
1023 if (tcHeader.Flags & TC_PH_FLAGS_CHECKSUM)
1025 pPpiHeader->Dot3Field.Flags = PPI_FLD_802_3_EXT_FLAG_FCS_PRESENT;
1029 pPpiHeader->Dot3Field.Flags = 0;
1032 if (filterResult <= MAX_TC_PACKET_SIZE)
1034 memcpy(data2, data, filterResult);
1035 hdr.caplen = sizeof(PPI_HEADER) + filterResult;
1036 hdr.len = sizeof(PPI_HEADER) + tcHeader.Length;
1040 memcpy(data2, data, MAX_TC_PACKET_SIZE);
1041 hdr.caplen = sizeof(PPI_HEADER) + MAX_TC_PACKET_SIZE;
1042 hdr.len = sizeof(PPI_HEADER) + tcHeader.Length;
1045 (*callback)(user, &hdr, pt->PpiPacket);
1049 if (++n >= cnt && cnt > 0)
1059 TcStats(pcap_t *p, struct pcap_stat *ps)
1061 struct pcap_tc *pt = p->priv;
1062 TC_STATISTICS statistics;
1067 status = g_TcFunctions.InstanceQueryStatistics(pt->TcInstance, &statistics);
1069 if (status != TC_SUCCESS)
1071 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcInstanceQueryStatistics: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1075 memset(&s, 0, sizeof(s));
1077 status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_TOTAL_RX_PACKETS, &counter);
1078 if (status != TC_SUCCESS)
1080 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1083 if (counter <= (ULONGLONG)0xFFFFFFFF)
1085 s.ps_recv = (ULONG)counter;
1089 s.ps_recv = 0xFFFFFFFF;
1092 status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_RX_DROPPED_PACKETS, &counter);
1093 if (status != TC_SUCCESS)
1095 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1098 if (counter <= (ULONGLONG)0xFFFFFFFF)
1100 s.ps_ifdrop = (ULONG)counter;
1101 s.ps_drop = (ULONG)counter;
1105 s.ps_ifdrop = 0xFFFFFFFF;
1106 s.ps_drop = 0xFFFFFFFF;
1109 #if defined(_WIN32) && defined(ENABLE_REMOTE)
1110 s.ps_capt = pt->TcAcceptedCount;
1119 * We filter at user level, since the kernel driver does't process the packets
1122 TcSetFilter(pcap_t *p, struct bpf_program *fp)
1126 strncpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf));
1130 /* Install a user level filter */
1131 if (install_bpf_program(p, fp) < 0)
1140 static struct pcap_stat *
1141 TcStatsEx(pcap_t *p, int *pcap_stat_size)
1143 struct pcap_tc *pt = p->priv;
1144 TC_STATISTICS statistics;
1148 *pcap_stat_size = sizeof (p->stat);
1150 status = g_TcFunctions.InstanceQueryStatistics(pt->TcInstance, &statistics);
1152 if (status != TC_SUCCESS)
1154 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcInstanceQueryStatistics: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1158 memset(&p->stat, 0, sizeof(p->stat));
1160 status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_TOTAL_RX_PACKETS, &counter);
1161 if (status != TC_SUCCESS)
1163 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1166 if (counter <= (ULONGLONG)0xFFFFFFFF)
1168 p->stat.ps_recv = (ULONG)counter;
1172 p->stat.ps_recv = 0xFFFFFFFF;
1175 status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_RX_DROPPED_PACKETS, &counter);
1176 if (status != TC_SUCCESS)
1178 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1181 if (counter <= (ULONGLONG)0xFFFFFFFF)
1183 p->stat.ps_ifdrop = (ULONG)counter;
1184 p->stat.ps_drop = (ULONG)counter;
1188 p->stat.ps_ifdrop = 0xFFFFFFFF;
1189 p->stat.ps_drop = 0xFFFFFFFF;
1192 #if defined(_WIN32) && defined(ENABLE_REMOTE)
1193 p->stat.ps_capt = pt->TcAcceptedCount;
1199 /* Set the dimension of the kernel-level capture buffer */
1201 TcSetBuff(pcap_t *p, int dim)
1204 * XXX turbocap has an internal way of managing buffers.
1205 * And at the moment it's not configurable, so we just
1206 * silently ignore the request to set the buffer.
1212 TcSetMode(pcap_t *p, int mode)
1214 if (mode != MODE_CAPT)
1216 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Mode %u not supported by TurboCap devices. TurboCap only supports capture.", mode);
1224 TcSetMinToCopy(pcap_t *p, int size)
1226 struct pcap_tc *pt = p->priv;
1231 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Mintocopy cannot be less than 0.");
1235 status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_MINTOCOPY, (ULONG)size);
1237 if (status != TC_SUCCESS)
1239 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error setting the mintocopy: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1246 TcGetReceiveWaitHandle(pcap_t *p)
1248 struct pcap_tc *pt = p->priv;
1250 return g_TcFunctions.InstanceGetReceiveWaitHandle(pt->TcInstance);
1254 TcOidGetRequest(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, size_t *lenp _U_)
1256 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1257 "An OID get request cannot be performed on a TurboCap device");
1262 TcOidSetRequest(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
1265 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1266 "An OID set request cannot be performed on a TurboCap device");
1271 TcSendqueueTransmit(pcap_t *p, pcap_send_queue *queue _U_, int sync _U_)
1273 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1274 "Packets cannot be bulk transmitted on a TurboCap device");
1279 TcSetUserBuffer(pcap_t *p, int size _U_)
1281 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1282 "The user buffer cannot be set on a TurboCap device");
1287 TcLiveDump(pcap_t *p, char *filename _U_, int maxsize _U_, int maxpacks _U_)
1289 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1290 "Live packet dumping cannot be performed on a TurboCap device");
1295 TcLiveDumpEnded(pcap_t *p, int sync _U_)
1297 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1298 "Live packet dumping cannot be performed on a TurboCap device");
1302 static PAirpcapHandle
1303 TcGetAirPcapHandle(pcap_t *p _U_)