diff options
Diffstat (limited to 'remote-ext.h')
| -rw-r--r-- | remote-ext.h | 467 |
1 files changed, 467 insertions, 0 deletions
diff --git a/remote-ext.h b/remote-ext.h new file mode 100644 index 000000000000..ed2f9bb2be84 --- /dev/null +++ b/remote-ext.h @@ -0,0 +1,467 @@ +/* + * Copyright (c) 2002 - 2003 + * NetGroup, Politecnico di Torino (Italy) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Politecnico di Torino nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef __REMOTE_EXT_H__ +#define __REMOTE_EXT_H__ + + +#ifndef HAVE_REMOTE +#error Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h +#endif + +/*// Definition for Microsoft Visual Studio */ +#if _MSC_VER > 1000 +#pragma once +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * \file remote-ext.h + * + * The goal of this file it to include most of the new definitions that should be + * placed into the pcap.h file. + * + * It includes all new definitions (structures and functions like pcap_open(). + * Some of the functions are not really a remote feature, but, right now, + * they are placed here. + */ + + + +/*// All this stuff is public */ +/* + * \addtogroup remote_struct + * \{ + */ + + + + +/* + * \brief Defines the maximum buffer size in which address, port, interface names are kept. + * + * In case the adapter name or such is larger than this value, it is truncated. + * This is not used by the user; however it must be aware that an hostname / interface + * name longer than this value will be truncated. + */ +#define PCAP_BUF_SIZE 1024 + + +/* + * \addtogroup remote_source_ID + * \{ + */ + + +/* + * \brief Internal representation of the type of source in use (file, + * remote/local interface). + * + * This indicates a file, i.e. the user want to open a capture from a local file. + */ +#define PCAP_SRC_FILE 2 +/* + * \brief Internal representation of the type of source in use (file, + * remote/local interface). + * + * This indicates a local interface, i.e. the user want to open a capture from + * a local interface. This does not involve the RPCAP protocol. + */ +#define PCAP_SRC_IFLOCAL 3 +/* + * \brief Internal representation of the type of source in use (file, + * remote/local interface). + * + * This indicates a remote interface, i.e. the user want to open a capture from + * an interface on a remote host. This does involve the RPCAP protocol. + */ +#define PCAP_SRC_IFREMOTE 4 + +/* + * \} + */ + + + +/* \addtogroup remote_source_string + * + * The formats allowed by the pcap_open() are the following: + * - file://path_and_filename [opens a local file] + * - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol] + * - rpcap://host/devicename [opens the selected device available on a remote host] + * - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP] + * - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged] + * - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged] + * + * The formats allowed by the pcap_findalldevs_ex() are the following: + * - file://folder/ [lists all the files in the given folder] + * - rpcap:// [lists all local adapters] + * - rpcap://host:port/ [lists the devices available on a remote host] + * + * Referring to the 'host' and 'port' parameters, they can be either numeric or literal. Since + * IPv6 is fully supported, these are the allowed formats: + * + * - host (literal): e.g. host.foo.bar + * - host (numeric IPv4): e.g. 10.11.12.13 + * - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13] + * - host (numeric IPv6): e.g. [1:2:3::4] + * - port: can be either numeric (e.g. '80') or literal (e.g. 'http') + * + * Here you find some allowed examples: + * - rpcap://host.foo.bar/devicename [everything literal, no port number] + * - rpcap://host.foo.bar:1234/devicename [everything literal, with port number] + * - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number] + * - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number] + * - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number] + * - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number] + * - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number] + * - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] + * + * \{ + */ + + +/* + * \brief String that will be used to determine the type of source in use (file, + * remote/local interface). + * + * This string will be prepended to the interface name in order to create a string + * that contains all the information required to open the source. + * + * This string indicates that the user wants to open a capture from a local file. + */ +#define PCAP_SRC_FILE_STRING "file://" +/* + * \brief String that will be used to determine the type of source in use (file, + * remote/local interface). + * + * This string will be prepended to the interface name in order to create a string + * that contains all the information required to open the source. + * + * This string indicates that the user wants to open a capture from a network interface. + * This string does not necessarily involve the use of the RPCAP protocol. If the + * interface required resides on the local host, the RPCAP protocol is not involved + * and the local functions are used. + */ +#define PCAP_SRC_IF_STRING "rpcap://" + +/* + * \} + */ + + + + + +/* + * \addtogroup remote_open_flags + * \{ + */ + +/* + * \brief Defines if the adapter has to go in promiscuous mode. + * + * It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise. + * Note that even if this parameter is false, the interface could well be in promiscuous + * mode for some other reason (for example because another capture process with + * promiscuous mode enabled is currently using that interface). + * On on Linux systems with 2.2 or later kernels (that have the "any" device), this + * flag does not work on the "any" device; if an argument of "any" is supplied, + * the 'promisc' flag is ignored. + */ +#define PCAP_OPENFLAG_PROMISCUOUS 1 + +/* + * \brief Defines if the data transfer (in case of a remote + * capture) has to be done with UDP protocol. + * + * If it is '1' if you want a UDP data connection, '0' if you want + * a TCP data connection; control connection is always TCP-based. + * A UDP connection is much lighter, but it does not guarantee that all + * the captured packets arrive to the client workstation. Moreover, + * it could be harmful in case of network congestion. + * This flag is meaningless if the source is not a remote interface. + * In that case, it is simply ignored. + */ +#define PCAP_OPENFLAG_DATATX_UDP 2 + + +/* + * \brief Defines if the remote probe will capture its own generated traffic. + * + * In case the remote probe uses the same interface to capture traffic and to send + * data back to the caller, the captured traffic includes the RPCAP traffic as well. + * If this flag is turned on, the RPCAP traffic is excluded from the capture, so that + * the trace returned back to the collector is does not include this traffic. + */ +#define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 + +/* + * \brief Defines if the local adapter will capture its own generated traffic. + * + * This flag tells the underlying capture driver to drop the packets that were sent by itself. + * This is useful when building applications like bridges, that should ignore the traffic + * they just sent. + */ +#define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 + +/* + * \brief This flag configures the adapter for maximum responsiveness. + * + * In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before + * copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage, + * i.e. better performance, which is good for applications like sniffers. If the user sets the + * PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application + * is ready to receive them. This is suggested for real time applications (like, for example, a bridge) + * that need the best responsiveness. + */ +#define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16 + +/* + * \} + */ + + +/* + * \addtogroup remote_samp_methods + * \{ + */ + +/* + *\brief No sampling has to be done on the current capture. + * + * In this case, no sampling algorithms are applied to the current capture. + */ +#define PCAP_SAMP_NOSAMP 0 + +/* + * \brief It defines that only 1 out of N packets must be returned to the user. + * + * In this case, the 'value' field of the 'pcap_samp' structure indicates the + * number of packets (minus 1) that must be discarded before one packet got accepted. + * In other words, if 'value = 10', the first packet is returned to the caller, while + * the following 9 are discarded. + */ +#define PCAP_SAMP_1_EVERY_N 1 + +/* + * \brief It defines that we have to return 1 packet every N milliseconds. + * + * In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting + * time' in milliseconds before one packet got accepted. + * In other words, if 'value = 10', the first packet is returned to the caller; the next + * returned one will be the first packet that arrives when 10ms have elapsed. + */ +#define PCAP_SAMP_FIRST_AFTER_N_MS 2 + +/* + * \} + */ + + +/* + * \addtogroup remote_auth_methods + * \{ + */ + +/* + * \brief It defines the NULL authentication. + * + * This value has to be used within the 'type' member of the pcap_rmtauth structure. + * The 'NULL' authentication has to be equal to 'zero', so that old applications + * can just put every field of struct pcap_rmtauth to zero, and it does work. + */ +#define RPCAP_RMTAUTH_NULL 0 +/* + * \brief It defines the username/password authentication. + * + * With this type of authentication, the RPCAP protocol will use the username/ + * password provided to authenticate the user on the remote machine. If the + * authentication is successful (and the user has the right to open network devices) + * the RPCAP connection will continue; otherwise it will be dropped. + * + * This value has to be used within the 'type' member of the pcap_rmtauth structure. + */ +#define RPCAP_RMTAUTH_PWD 1 + +/* + * \} + */ + + + + +/* + * \brief This structure keeps the information needed to autheticate + * the user on a remote machine. + * + * The remote machine can either grant or refuse the access according + * to the information provided. + * In case the NULL authentication is required, both 'username' and + * 'password' can be NULL pointers. + * + * This structure is meaningless if the source is not a remote interface; + * in that case, the functions which requires such a structure can accept + * a NULL pointer as well. + */ +struct pcap_rmtauth +{ + /* + * \brief Type of the authentication required. + * + * In order to provide maximum flexibility, we can support different types + * of authentication based on the value of this 'type' variable. The currently + * supported authentication methods are defined into the + * \link remote_auth_methods Remote Authentication Methods Section\endlink. + */ + int type; + /* + * \brief Zero-terminated string containing the username that has to be + * used on the remote machine for authentication. + * + * This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication + * and it can be NULL. + */ + char *username; + /* + * \brief Zero-terminated string containing the password that has to be + * used on the remote machine for authentication. + * + * This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication + * and it can be NULL. + */ + char *password; +}; + + +/* + * \brief This structure defines the information related to sampling. + * + * In case the sampling is requested, the capturing device should read + * only a subset of the packets coming from the source. The returned packets depend + * on the sampling parameters. + * + * \warning The sampling process is applied <strong>after</strong> the filtering process. + * In other words, packets are filtered first, then the sampling process selects a + * subset of the 'filtered' packets and it returns them to the caller. + */ +struct pcap_samp +{ + /* + * Method used for sampling. Currently, the supported methods are listed in the + * \link remote_samp_methods Sampling Methods Section\endlink. + */ + int method; + + /* + * This value depends on the sampling method defined. For its meaning, please check + * at the \link remote_samp_methods Sampling Methods Section\endlink. + */ + int value; +}; + + + + +// Maximum length of an host name (needed for the RPCAP active mode) +#define RPCAP_HOSTLIST_SIZE 1024 + + +/* + * \} + */ // end of public documentation + + +// Exported functions + + + +/* + * \name New WinPcap functions + * + * This section lists the new functions that are able to help considerably in writing + * WinPcap programs because of their easiness of use. + */ +// \{ +PCAP_API pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf); +PCAP_API int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf); +PCAP_API int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf); +PCAP_API int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf); +PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p); + +// \} +// End of new WinPcap functions + +/* + * \name Remote Capture functions + */ + +/* + * Some minor differences between UN*X sockets and and Winsock sockets. + */ +#ifndef _WIN32 + /*! + * \brief In Winsock, a socket handle is of type SOCKET; in UN*X, it's + * a file descriptor, and therefore a signed integer. + * We define SOCKET to be a signed integer on UN*X, so that it can + * be used on both platforms. + */ + #define SOCKET int + + /*! + * \brief In Winsock, the error return if socket() fails is INVALID_SOCKET; + * in UN*X, it's -1. + * We define INVALID_SOCKET to be -1 on UN*X, so that it can be used on + * both platforms. + */ + #define INVALID_SOCKET -1 +#endif + +// \{ +PCAP_API SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf); +PCAP_API int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf); +PCAP_API int pcap_remoteact_close(const char *host, char *errbuf); +PCAP_API void pcap_remoteact_cleanup(); +// \} +// End of remote capture functions + +#ifdef __cplusplus +} +#endif + + +#endif + |