├── Include ├── Packet32.h ├── Win32-Extensions.h ├── bittypes.h ├── ip6_misc.h ├── pcap-bpf.h ├── pcap-namedb.h ├── pcap-stdinc.h ├── pcap.h ├── pcap │ ├── bluetooth.h │ ├── bpf.h │ ├── namedb.h │ ├── pcap.h │ ├── sll.h │ ├── usb.h │ └── vlan.h └── remote-ext.h ├── Lib ├── Packet.lib ├── libpacket.a ├── libwpcap.a ├── wpcap.lib └── x64 │ ├── Packet.lib │ └── wpcap.lib ├── README.md ├── src ├── BaseTool.h ├── main.cpp ├── protocol.h ├── util.cpp └── util.h └── vsrc ├── vsrc.sln ├── vsrc.v12.suo └── vsrc ├── Debug ├── vsrc.Build.CppClean.log └── vsrc.log ├── vsrc.vcxproj ├── vsrc.vcxproj.filters └── vsrc.vcxproj.user /Include/Packet32.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 3 | * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 3. Neither the name of the Politecnico di Torino, CACE Technologies 16 | * nor the names of its contributors may be used to endorse or promote 17 | * products derived from this software without specific prior written 18 | * permission. 19 | * 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 | * 32 | */ 33 | 34 | /** @ingroup packetapi 35 | * @{ 36 | */ 37 | 38 | /** @defgroup packet32h Packet.dll definitions and data structures 39 | * Packet32.h contains the data structures and the definitions used by packet.dll. 40 | * The file is used both by the Win9x and the WinNTx versions of packet.dll, and can be included 41 | * by the applications that use the functions of this library 42 | * @{ 43 | */ 44 | 45 | #ifndef __PACKET32 46 | #define __PACKET32 47 | 48 | #include 49 | 50 | #ifdef HAVE_AIRPCAP_API 51 | #include 52 | #else 53 | #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_) 54 | #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ 55 | typedef struct _AirpcapHandle *PAirpcapHandle; 56 | #endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */ 57 | #endif /* HAVE_AIRPCAP_API */ 58 | 59 | #ifdef HAVE_DAG_API 60 | #include 61 | #endif /* HAVE_DAG_API */ 62 | 63 | // Working modes 64 | #define PACKET_MODE_CAPT 0x0 ///< Capture mode 65 | #define PACKET_MODE_STAT 0x1 ///< Statistical mode 66 | #define PACKET_MODE_MON 0x2 ///< Monitoring mode 67 | #define PACKET_MODE_DUMP 0x10 ///< Dump mode 68 | #define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT ///< Statistical dump Mode 69 | 70 | 71 | /// Alignment macro. Defines the alignment size. 72 | #define Packet_ALIGNMENT sizeof(int) 73 | /// Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. 74 | #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 75 | 76 | #define NdisMediumNull -1 ///< Custom linktype: NDIS doesn't provide an equivalent 77 | #define NdisMediumCHDLC -2 ///< Custom linktype: NDIS doesn't provide an equivalent 78 | #define NdisMediumPPPSerial -3 ///< Custom linktype: NDIS doesn't provide an equivalent 79 | #define NdisMediumBare80211 -4 ///< Custom linktype: NDIS doesn't provide an equivalent 80 | #define NdisMediumRadio80211 -5 ///< Custom linktype: NDIS doesn't provide an equivalent 81 | #define NdisMediumPpi -6 ///< Custom linktype: NDIS doesn't provide an equivalent 82 | 83 | // Loopback behaviour definitions 84 | #define NPF_DISABLE_LOOPBACK 1 ///< Drop the packets sent by the NPF driver 85 | #define NPF_ENABLE_LOOPBACK 2 ///< Capture the packets sent by the NPF driver 86 | 87 | /*! 88 | \brief Network type structure. 89 | 90 | This structure is used by the PacketGetNetType() function to return information on the current adapter's type and speed. 91 | */ 92 | typedef struct NetType 93 | { 94 | UINT LinkType; ///< The MAC of the current network adapter (see function PacketGetNetType() for more information) 95 | ULONGLONG LinkSpeed; ///< The speed of the network in bits per second 96 | }NetType; 97 | 98 | 99 | //some definitions stolen from libpcap 100 | 101 | #ifndef BPF_MAJOR_VERSION 102 | 103 | /*! 104 | \brief A BPF pseudo-assembly program. 105 | 106 | The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet. 107 | */ 108 | struct bpf_program 109 | { 110 | UINT bf_len; ///< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. 111 | struct bpf_insn *bf_insns; ///< A pointer to the first instruction of the program. 112 | }; 113 | 114 | /*! 115 | \brief A single BPF pseudo-instruction. 116 | 117 | bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver. 118 | */ 119 | struct bpf_insn 120 | { 121 | USHORT code; ///< Instruction type and addressing mode. 122 | UCHAR jt; ///< Jump if true 123 | UCHAR jf; ///< Jump if false 124 | int k; ///< Generic field used for various purposes. 125 | }; 126 | 127 | /*! 128 | \brief Structure that contains a couple of statistics values on the current capture. 129 | 130 | It is used by packet.dll to return statistics about a capture session. 131 | */ 132 | struct bpf_stat 133 | { 134 | UINT bs_recv; ///< Number of packets that the driver received from the network adapter 135 | ///< from the beginning of the current capture. This value includes the packets 136 | ///< lost by the driver. 137 | UINT bs_drop; ///< number of packets that the driver lost from the beginning of a capture. 138 | ///< Basically, a packet is lost when the the buffer of the driver is full. 139 | ///< In this situation the packet cannot be stored and the driver rejects it. 140 | UINT ps_ifdrop; ///< drops by interface. XXX not yet supported 141 | UINT bs_capt; ///< number of packets that pass the filter, find place in the kernel buffer and 142 | ///< thus reach the application. 143 | }; 144 | 145 | /*! 146 | \brief Packet header. 147 | 148 | This structure defines the header associated with every packet delivered to the application. 149 | */ 150 | struct bpf_hdr 151 | { 152 | struct timeval bh_tstamp; ///< The timestamp associated with the captured packet. 153 | ///< It is stored in a TimeVal structure. 154 | UINT bh_caplen; ///< Length of captured portion. The captured portion can be different 155 | ///< from the original packet, because it is possible (with a proper filter) 156 | ///< to instruct the driver to capture only a portion of the packets. 157 | UINT bh_datalen; ///< Original length of packet 158 | USHORT bh_hdrlen; ///< Length of bpf header (this struct plus alignment padding). In some cases, 159 | ///< a padding could be added between the end of this structure and the packet 160 | ///< data for performance reasons. This filed can be used to retrieve the actual data 161 | ///< of the packet. 162 | }; 163 | 164 | /*! 165 | \brief Dump packet header. 166 | 167 | This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets(). 168 | It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a 169 | packet in a dump file. This makes straightforward sending WinPcap dump files to the network. 170 | */ 171 | struct dump_bpf_hdr{ 172 | struct timeval ts; ///< Time stamp of the packet 173 | UINT caplen; ///< Length of captured portion. The captured portion can smaller than the 174 | ///< the original packet, because it is possible (with a proper filter) to 175 | ///< instruct the driver to capture only a portion of the packets. 176 | UINT len; ///< Length of the original packet (off wire). 177 | }; 178 | 179 | 180 | #endif 181 | 182 | struct bpf_stat; 183 | 184 | #define DOSNAMEPREFIX TEXT("Packet_") ///< Prefix added to the adapters device names to create the WinPcap devices 185 | #define MAX_LINK_NAME_LENGTH 64 //< Maximum length of the devices symbolic links 186 | #define NMAX_PACKET 65535 187 | 188 | /*! 189 | \brief Addresses of a network adapter. 190 | 191 | This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with 192 | an adapter. 193 | */ 194 | typedef struct npf_if_addr { 195 | struct sockaddr_storage IPAddress; ///< IP address. 196 | struct sockaddr_storage SubnetMask; ///< Netmask for that address. 197 | struct sockaddr_storage Broadcast; ///< Broadcast address. 198 | }npf_if_addr; 199 | 200 | 201 | #define ADAPTER_NAME_LENGTH 256 + 12 ///< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. 202 | #define ADAPTER_DESC_LENGTH 128 ///< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. 203 | #define MAX_MAC_ADDR_LENGTH 8 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. 204 | #define MAX_NETWORK_ADDRESSES 16 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. 205 | 206 | 207 | typedef struct WAN_ADAPTER_INT WAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API 208 | typedef WAN_ADAPTER *PWAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API 209 | 210 | #define INFO_FLAG_NDIS_ADAPTER 0 ///< Flag for ADAPTER_INFO: this is a traditional ndis adapter 211 | #define INFO_FLAG_NDISWAN_ADAPTER 1 ///< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET 212 | #define INFO_FLAG_DAG_CARD 2 ///< Flag for ADAPTER_INFO: this is a DAG card 213 | #define INFO_FLAG_DAG_FILE 6 ///< Flag for ADAPTER_INFO: this is a DAG file 214 | #define INFO_FLAG_DONT_EXPORT 8 ///< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. 215 | #define INFO_FLAG_AIRPCAP_CARD 16 ///< Flag for ADAPTER_INFO: this is an airpcap card 216 | #define INFO_FLAG_NPFIM_DEVICE 32 217 | 218 | /*! 219 | \brief Describes an opened network adapter. 220 | 221 | This structure is the most important for the functioning of packet.dll, but the great part of its fields 222 | should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters 223 | */ 224 | typedef struct _ADAPTER { 225 | HANDLE hFile; ///< \internal Handle to an open instance of the NPF driver. 226 | CHAR SymbolicLink[MAX_LINK_NAME_LENGTH]; ///< \internal A string containing the name of the network adapter currently opened. 227 | int NumWrites; ///< \internal Number of times a packets written on this adapter will be repeated 228 | ///< on the wire. 229 | HANDLE ReadEvent; ///< A notification event associated with the read calls on the adapter. 230 | ///< It can be passed to standard Win32 functions (like WaitForSingleObject 231 | ///< or WaitForMultipleObjects) to wait until the driver's buffer contains some 232 | ///< data. It is particularly useful in GUI applications that need to wait 233 | ///< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() 234 | ///< function can be used to define the minimum amount of data in the kernel buffer 235 | ///< that will cause the event to be signalled. 236 | 237 | UINT ReadTimeOut; ///< \internal The amount of time after which a read on the driver will be released and 238 | ///< ReadEvent will be signaled, also if no packets were captured 239 | CHAR Name[ADAPTER_NAME_LENGTH]; 240 | PWAN_ADAPTER pWanAdapter; 241 | UINT Flags; ///< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. 242 | 243 | #ifdef HAVE_AIRPCAP_API 244 | PAirpcapHandle AirpcapAd; 245 | #endif // HAVE_AIRPCAP_API 246 | 247 | #ifdef HAVE_NPFIM_API 248 | void* NpfImHandle; 249 | #endif // HAVE_NPFIM_API 250 | 251 | #ifdef HAVE_DAG_API 252 | dagc_t *pDagCard; ///< Pointer to the dagc API adapter descriptor for this adapter 253 | PCHAR DagBuffer; ///< Pointer to the buffer with the packets that is received from the DAG card 254 | struct timeval DagReadTimeout; ///< Read timeout. The dagc API requires a timeval structure 255 | unsigned DagFcsLen; ///< Length of the frame check sequence attached to any packet by the card. Obtained from the registry 256 | DWORD DagFastProcess; ///< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). 257 | #endif // HAVE_DAG_API 258 | } ADAPTER, *LPADAPTER; 259 | 260 | /*! 261 | \brief Structure that contains a group of packets coming from the driver. 262 | 263 | This structure defines the header associated with every packet delivered to the application. 264 | */ 265 | typedef struct _PACKET { 266 | HANDLE hEvent; ///< \deprecated Still present for compatibility with old applications. 267 | OVERLAPPED OverLapped; ///< \deprecated Still present for compatibility with old applications. 268 | PVOID Buffer; ///< Buffer with containing the packets. See the PacketReceivePacket() for 269 | ///< details about the organization of the data in this buffer 270 | UINT Length; ///< Length of the buffer 271 | DWORD ulBytesReceived; ///< Number of valid bytes present in the buffer, i.e. amount of data 272 | ///< received by the last call to PacketReceivePacket() 273 | BOOLEAN bIoComplete; ///< \deprecated Still present for compatibility with old applications. 274 | } PACKET, *LPPACKET; 275 | 276 | /*! 277 | \brief Structure containing an OID request. 278 | 279 | It is used by the PacketRequest() function to send an OID to the interface card driver. 280 | It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address, 281 | the list of the multicast groups defined on it, and so on. 282 | */ 283 | struct _PACKET_OID_DATA { 284 | ULONG Oid; ///< OID code. See the Microsoft DDK documentation or the file ntddndis.h 285 | ///< for a complete list of valid codes. 286 | ULONG Length; ///< Length of the data field 287 | UCHAR Data[1]; ///< variable-lenght field that contains the information passed to or received 288 | ///< from the adapter. 289 | }; 290 | typedef struct _PACKET_OID_DATA PACKET_OID_DATA, *PPACKET_OID_DATA; 291 | 292 | #ifdef __cplusplus 293 | extern "C" { 294 | #endif 295 | 296 | /** 297 | * @} 298 | */ 299 | 300 | /* 301 | BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, 302 | CHAR *Value, 303 | UINT *pValueLen, 304 | CHAR *DefaultVal); 305 | 306 | BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, 307 | WCHAR *Value, 308 | UINT *pValueLen, 309 | WCHAR *DefaultVal); 310 | */ 311 | 312 | //--------------------------------------------------------------------------- 313 | // EXPORTED FUNCTIONS 314 | //--------------------------------------------------------------------------- 315 | 316 | PCHAR PacketGetVersion(); 317 | PCHAR PacketGetDriverVersion(); 318 | BOOLEAN PacketSetMinToCopy(LPADAPTER AdapterObject,int nbytes); 319 | BOOLEAN PacketSetNumWrites(LPADAPTER AdapterObject,int nwrites); 320 | BOOLEAN PacketSetMode(LPADAPTER AdapterObject,int mode); 321 | BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject,int timeout); 322 | BOOLEAN PacketSetBpf(LPADAPTER AdapterObject,struct bpf_program *fp); 323 | BOOLEAN PacketSetLoopbackBehavior(LPADAPTER AdapterObject, UINT LoopbackBehavior); 324 | INT PacketSetSnapLen(LPADAPTER AdapterObject,int snaplen); 325 | BOOLEAN PacketGetStats(LPADAPTER AdapterObject,struct bpf_stat *s); 326 | BOOLEAN PacketGetStatsEx(LPADAPTER AdapterObject,struct bpf_stat *s); 327 | BOOLEAN PacketSetBuff(LPADAPTER AdapterObject,int dim); 328 | BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type); 329 | LPADAPTER PacketOpenAdapter(PCHAR AdapterName); 330 | BOOLEAN PacketSendPacket(LPADAPTER AdapterObject,LPPACKET pPacket,BOOLEAN Sync); 331 | INT PacketSendPackets(LPADAPTER AdapterObject,PVOID PacketBuff,ULONG Size, BOOLEAN Sync); 332 | LPPACKET PacketAllocatePacket(void); 333 | VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length); 334 | VOID PacketFreePacket(LPPACKET lpPacket); 335 | BOOLEAN PacketReceivePacket(LPADAPTER AdapterObject,LPPACKET lpPacket,BOOLEAN Sync); 336 | BOOLEAN PacketSetHwFilter(LPADAPTER AdapterObject,ULONG Filter); 337 | BOOLEAN PacketGetAdapterNames(PTSTR pStr,PULONG BufferSize); 338 | BOOLEAN PacketGetNetInfoEx(PCHAR AdapterName, npf_if_addr* buffer, PLONG NEntries); 339 | BOOLEAN PacketRequest(LPADAPTER AdapterObject,BOOLEAN Set,PPACKET_OID_DATA OidData); 340 | HANDLE PacketGetReadEvent(LPADAPTER AdapterObject); 341 | BOOLEAN PacketSetDumpName(LPADAPTER AdapterObject, void *name, int len); 342 | BOOLEAN PacketSetDumpLimits(LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks); 343 | BOOLEAN PacketIsDumpEnded(LPADAPTER AdapterObject, BOOLEAN sync); 344 | BOOL PacketStopDriver(); 345 | VOID PacketCloseAdapter(LPADAPTER lpAdapter); 346 | BOOLEAN PacketStartOem(PCHAR errorString, UINT errorStringLength); 347 | BOOLEAN PacketStartOemEx(PCHAR errorString, UINT errorStringLength, ULONG flags); 348 | PAirpcapHandle PacketGetAirPcapHandle(LPADAPTER AdapterObject); 349 | 350 | // 351 | // Used by PacketStartOemEx 352 | // 353 | #define PACKET_START_OEM_NO_NETMON 0x00000001 354 | 355 | #ifdef __cplusplus 356 | } 357 | #endif 358 | 359 | #endif //__PACKET32 360 | -------------------------------------------------------------------------------- /Include/Win32-Extensions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 3 | * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 3. Neither the name of the Politecnico di Torino, CACE Technologies 16 | * nor the names of its contributors may be used to endorse or promote 17 | * products derived from this software without specific prior written 18 | * permission. 19 | * 20 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 | * 32 | */ 33 | 34 | #ifndef __WIN32_EXTENSIONS_H__ 35 | #define __WIN32_EXTENSIONS_H__ 36 | 37 | #ifdef __cplusplus 38 | extern "C" { 39 | #endif 40 | 41 | /* Definitions */ 42 | 43 | /*! 44 | \brief A queue of raw packets that will be sent to the network with pcap_sendqueue_transmit(). 45 | */ 46 | struct pcap_send_queue 47 | { 48 | u_int maxlen; ///< Maximum size of the the queue, in bytes. This variable contains the size of the buffer field. 49 | u_int len; ///< Current size of the queue, in bytes. 50 | char *buffer; ///< Buffer containing the packets to be sent. 51 | }; 52 | 53 | typedef struct pcap_send_queue pcap_send_queue; 54 | 55 | /*! 56 | \brief This typedef is a support for the pcap_get_airpcap_handle() function 57 | */ 58 | #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_) 59 | #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ 60 | typedef struct _AirpcapHandle *PAirpcapHandle; 61 | #endif 62 | 63 | #define BPF_MEM_EX_IMM 0xc0 64 | #define BPF_MEM_EX_IND 0xe0 65 | 66 | /*used for ST*/ 67 | #define BPF_MEM_EX 0xc0 68 | #define BPF_TME 0x08 69 | 70 | #define BPF_LOOKUP 0x90 71 | #define BPF_EXECUTE 0xa0 72 | #define BPF_INIT 0xb0 73 | #define BPF_VALIDATE 0xc0 74 | #define BPF_SET_ACTIVE 0xd0 75 | #define BPF_RESET 0xe0 76 | #define BPF_SET_MEMORY 0x80 77 | #define BPF_GET_REGISTER_VALUE 0x70 78 | #define BPF_SET_REGISTER_VALUE 0x60 79 | #define BPF_SET_WORKING 0x50 80 | #define BPF_SET_ACTIVE_READ 0x40 81 | #define BPF_SET_AUTODELETION 0x30 82 | #define BPF_SEPARATION 0xff 83 | 84 | /* Prototypes */ 85 | pcap_send_queue* pcap_sendqueue_alloc(u_int memsize); 86 | 87 | void pcap_sendqueue_destroy(pcap_send_queue* queue); 88 | 89 | int pcap_sendqueue_queue(pcap_send_queue* queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data); 90 | 91 | u_int pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue* queue, int sync); 92 | 93 | HANDLE pcap_getevent(pcap_t *p); 94 | 95 | struct pcap_stat *pcap_stats_ex(pcap_t *p, int *pcap_stat_size); 96 | 97 | int pcap_setuserbuffer(pcap_t *p, int size); 98 | 99 | int pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks); 100 | 101 | int pcap_live_dump_ended(pcap_t *p, int sync); 102 | 103 | int pcap_offline_filter(struct bpf_program *prog, const struct pcap_pkthdr *header, const u_char *pkt_data); 104 | 105 | int pcap_start_oem(char* err_str, int flags); 106 | 107 | PAirpcapHandle pcap_get_airpcap_handle(pcap_t *p); 108 | 109 | #ifdef __cplusplus 110 | } 111 | #endif 112 | 113 | #endif //__WIN32_EXTENSIONS_H__ 114 | -------------------------------------------------------------------------------- /Include/bittypes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 1999 WIDE Project. 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. Neither the name of the project nor the names of its contributors 14 | * may be used to endorse or promote products derived from this software 15 | * without specific prior written permission. 16 | * 17 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 | * SUCH DAMAGE. 28 | */ 29 | #ifndef _BITTYPES_H 30 | #define _BITTYPES_H 31 | 32 | #ifndef HAVE_U_INT8_T 33 | 34 | #if SIZEOF_CHAR == 1 35 | typedef unsigned char u_int8_t; 36 | typedef signed char int8_t; 37 | #elif SIZEOF_INT == 1 38 | typedef unsigned int u_int8_t; 39 | typedef signed int int8_t; 40 | #else /* XXX */ 41 | #error "there's no appropriate type for u_int8_t" 42 | #endif 43 | #define HAVE_U_INT8_T 1 44 | #define HAVE_INT8_T 1 45 | 46 | #endif /* HAVE_U_INT8_T */ 47 | 48 | #ifndef HAVE_U_INT16_T 49 | 50 | #if SIZEOF_SHORT == 2 51 | typedef unsigned short u_int16_t; 52 | typedef signed short int16_t; 53 | #elif SIZEOF_INT == 2 54 | typedef unsigned int u_int16_t; 55 | typedef signed int int16_t; 56 | #elif SIZEOF_CHAR == 2 57 | typedef unsigned char u_int16_t; 58 | typedef signed char int16_t; 59 | #else /* XXX */ 60 | #error "there's no appropriate type for u_int16_t" 61 | #endif 62 | #define HAVE_U_INT16_T 1 63 | #define HAVE_INT16_T 1 64 | 65 | #endif /* HAVE_U_INT16_T */ 66 | 67 | #ifndef HAVE_U_INT32_T 68 | 69 | #if SIZEOF_INT == 4 70 | typedef unsigned int u_int32_t; 71 | typedef signed int int32_t; 72 | #elif SIZEOF_LONG == 4 73 | typedef unsigned long u_int32_t; 74 | typedef signed long int32_t; 75 | #elif SIZEOF_SHORT == 4 76 | typedef unsigned short u_int32_t; 77 | typedef signed short int32_t; 78 | #else /* XXX */ 79 | #error "there's no appropriate type for u_int32_t" 80 | #endif 81 | #define HAVE_U_INT32_T 1 82 | #define HAVE_INT32_T 1 83 | 84 | #endif /* HAVE_U_INT32_T */ 85 | 86 | #ifndef HAVE_U_INT64_T 87 | #if SIZEOF_LONG_LONG == 8 88 | typedef unsigned long long u_int64_t; 89 | typedef long long int64_t; 90 | #elif defined(_MSC_EXTENSIONS) 91 | typedef unsigned _int64 u_int64_t; 92 | typedef _int64 int64_t; 93 | #elif SIZEOF_INT == 8 94 | typedef unsigned int u_int64_t; 95 | #elif SIZEOF_LONG == 8 96 | typedef unsigned long u_int64_t; 97 | #elif SIZEOF_SHORT == 8 98 | typedef unsigned short u_int64_t; 99 | #else /* XXX */ 100 | #error "there's no appropriate type for u_int64_t" 101 | #endif 102 | 103 | #endif /* HAVE_U_INT64_T */ 104 | 105 | #ifndef PRId64 106 | #ifdef _MSC_EXTENSIONS 107 | #define PRId64 "I64d" 108 | #else /* _MSC_EXTENSIONS */ 109 | #define PRId64 "lld" 110 | #endif /* _MSC_EXTENSIONS */ 111 | #endif /* PRId64 */ 112 | 113 | #ifndef PRIo64 114 | #ifdef _MSC_EXTENSIONS 115 | #define PRIo64 "I64o" 116 | #else /* _MSC_EXTENSIONS */ 117 | #define PRIo64 "llo" 118 | #endif /* _MSC_EXTENSIONS */ 119 | #endif /* PRIo64 */ 120 | 121 | #ifndef PRIx64 122 | #ifdef _MSC_EXTENSIONS 123 | #define PRIx64 "I64x" 124 | #else /* _MSC_EXTENSIONS */ 125 | #define PRIx64 "llx" 126 | #endif /* _MSC_EXTENSIONS */ 127 | #endif /* PRIx64 */ 128 | 129 | #ifndef PRIu64 130 | #ifdef _MSC_EXTENSIONS 131 | #define PRIu64 "I64u" 132 | #else /* _MSC_EXTENSIONS */ 133 | #define PRIu64 "llu" 134 | #endif /* _MSC_EXTENSIONS */ 135 | #endif /* PRIu64 */ 136 | 137 | #endif /* _BITTYPES_H */ 138 | -------------------------------------------------------------------------------- /Include/ip6_misc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1993, 1994, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that: (1) source code distributions 7 | * retain the above copyright notice and this paragraph in its entirety, (2) 8 | * distributions including binary code include the above copyright notice and 9 | * this paragraph in its entirety in the documentation or other materials 10 | * provided with the distribution, and (3) all advertising materials mentioning 11 | * features or use of this software display the following acknowledgement: 12 | * ``This product includes software developed by the University of California, 13 | * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 | * the University nor the names of its contributors may be used to endorse 15 | * or promote products derived from this software without specific prior 16 | * written permission. 17 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 | * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 | * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 | * 21 | * @(#) $Header: /tcpdump/master/libpcap/Win32/Include/ip6_misc.h,v 1.5 2006-01-22 18:02:18 gianluca Exp $ (LBL) 22 | */ 23 | 24 | /* 25 | * This file contains a collage of declarations for IPv6 from FreeBSD not present in Windows 26 | */ 27 | 28 | #include 29 | 30 | #include 31 | 32 | #ifndef __MINGW32__ 33 | #define IN_MULTICAST(a) IN_CLASSD(a) 34 | #endif 35 | 36 | #define IN_EXPERIMENTAL(a) ((((u_int32_t) (a)) & 0xf0000000) == 0xf0000000) 37 | 38 | #define IN_LOOPBACKNET 127 39 | 40 | #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) 41 | /* IPv6 address */ 42 | struct in6_addr 43 | { 44 | union 45 | { 46 | u_int8_t u6_addr8[16]; 47 | u_int16_t u6_addr16[8]; 48 | u_int32_t u6_addr32[4]; 49 | } in6_u; 50 | #define s6_addr in6_u.u6_addr8 51 | #define s6_addr16 in6_u.u6_addr16 52 | #define s6_addr32 in6_u.u6_addr32 53 | #define s6_addr64 in6_u.u6_addr64 54 | }; 55 | 56 | #define IN6ADDR_ANY_INIT { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } 57 | #define IN6ADDR_LOOPBACK_INIT { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 } 58 | #endif /* __MINGW32__ */ 59 | 60 | 61 | #if (defined _MSC_VER) || (defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)) 62 | typedef unsigned short sa_family_t; 63 | #endif 64 | 65 | 66 | #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) 67 | 68 | #define __SOCKADDR_COMMON(sa_prefix) \ 69 | sa_family_t sa_prefix##family 70 | 71 | /* Ditto, for IPv6. */ 72 | struct sockaddr_in6 73 | { 74 | __SOCKADDR_COMMON (sin6_); 75 | u_int16_t sin6_port; /* Transport layer port # */ 76 | u_int32_t sin6_flowinfo; /* IPv6 flow information */ 77 | struct in6_addr sin6_addr; /* IPv6 address */ 78 | }; 79 | 80 | #define IN6_IS_ADDR_V4MAPPED(a) \ 81 | ((((u_int32_t *) (a))[0] == 0) && (((u_int32_t *) (a))[1] == 0) && \ 82 | (((u_int32_t *) (a))[2] == htonl (0xffff))) 83 | 84 | #define IN6_IS_ADDR_MULTICAST(a) (((u_int8_t *) (a))[0] == 0xff) 85 | 86 | #define IN6_IS_ADDR_LINKLOCAL(a) \ 87 | ((((u_int32_t *) (a))[0] & htonl (0xffc00000)) == htonl (0xfe800000)) 88 | 89 | #define IN6_IS_ADDR_LOOPBACK(a) \ 90 | (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \ 91 | ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1)) 92 | #endif /* __MINGW32__ */ 93 | 94 | #define ip6_vfc ip6_ctlun.ip6_un2_vfc 95 | #define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow 96 | #define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen 97 | #define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt 98 | #define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim 99 | #define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim 100 | 101 | #define nd_rd_type nd_rd_hdr.icmp6_type 102 | #define nd_rd_code nd_rd_hdr.icmp6_code 103 | #define nd_rd_cksum nd_rd_hdr.icmp6_cksum 104 | #define nd_rd_reserved nd_rd_hdr.icmp6_data32[0] 105 | 106 | /* 107 | * IPV6 extension headers 108 | */ 109 | #define IPPROTO_HOPOPTS 0 /* IPv6 hop-by-hop options */ 110 | #define IPPROTO_IPV6 41 /* IPv6 header. */ 111 | #define IPPROTO_ROUTING 43 /* IPv6 routing header */ 112 | #define IPPROTO_FRAGMENT 44 /* IPv6 fragmentation header */ 113 | #define IPPROTO_ESP 50 /* encapsulating security payload */ 114 | #define IPPROTO_AH 51 /* authentication header */ 115 | #define IPPROTO_ICMPV6 58 /* ICMPv6 */ 116 | #define IPPROTO_NONE 59 /* IPv6 no next header */ 117 | #define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ 118 | #define IPPROTO_PIM 103 /* Protocol Independent Multicast. */ 119 | 120 | #define IPV6_RTHDR_TYPE_0 0 121 | 122 | /* Option types and related macros */ 123 | #define IP6OPT_PAD1 0x00 /* 00 0 00000 */ 124 | #define IP6OPT_PADN 0x01 /* 00 0 00001 */ 125 | #define IP6OPT_JUMBO 0xC2 /* 11 0 00010 = 194 */ 126 | #define IP6OPT_JUMBO_LEN 6 127 | #define IP6OPT_ROUTER_ALERT 0x05 /* 00 0 00101 */ 128 | 129 | #define IP6OPT_RTALERT_LEN 4 130 | #define IP6OPT_RTALERT_MLD 0 /* Datagram contains an MLD message */ 131 | #define IP6OPT_RTALERT_RSVP 1 /* Datagram contains an RSVP message */ 132 | #define IP6OPT_RTALERT_ACTNET 2 /* contains an Active Networks msg */ 133 | #define IP6OPT_MINLEN 2 134 | 135 | #define IP6OPT_BINDING_UPDATE 0xc6 /* 11 0 00110 */ 136 | #define IP6OPT_BINDING_ACK 0x07 /* 00 0 00111 */ 137 | #define IP6OPT_BINDING_REQ 0x08 /* 00 0 01000 */ 138 | #define IP6OPT_HOME_ADDRESS 0xc9 /* 11 0 01001 */ 139 | #define IP6OPT_EID 0x8a /* 10 0 01010 */ 140 | 141 | #define IP6OPT_TYPE(o) ((o) & 0xC0) 142 | #define IP6OPT_TYPE_SKIP 0x00 143 | #define IP6OPT_TYPE_DISCARD 0x40 144 | #define IP6OPT_TYPE_FORCEICMP 0x80 145 | #define IP6OPT_TYPE_ICMP 0xC0 146 | 147 | #define IP6OPT_MUTABLE 0x20 148 | 149 | 150 | #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) 151 | #ifndef EAI_ADDRFAMILY 152 | struct addrinfo { 153 | int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ 154 | int ai_family; /* PF_xxx */ 155 | int ai_socktype; /* SOCK_xxx */ 156 | int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ 157 | size_t ai_addrlen; /* length of ai_addr */ 158 | char *ai_canonname; /* canonical name for hostname */ 159 | struct sockaddr *ai_addr; /* binary address */ 160 | struct addrinfo *ai_next; /* next structure in linked list */ 161 | }; 162 | #endif 163 | #endif /* __MINGW32__ */ 164 | -------------------------------------------------------------------------------- /Include/pcap-bpf.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * This code is derived from the Stanford/CMU enet packet filter, 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 | * Berkeley Laboratory. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 2. Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in the 17 | * documentation and/or other materials provided with the distribution. 18 | * 3. All advertising materials mentioning features or use of this software 19 | * must display the following acknowledgement: 20 | * This product includes software developed by the University of 21 | * California, Berkeley and its contributors. 22 | * 4. Neither the name of the University nor the names of its contributors 23 | * may be used to endorse or promote products derived from this software 24 | * without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 | * SUCH DAMAGE. 37 | * 38 | * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.50 2007/04/01 21:43:55 guy Exp $ (LBL) 39 | */ 40 | 41 | /* 42 | * For backwards compatibility. 43 | * 44 | * Note to OS vendors: do NOT get rid of this file! Some applications 45 | * might expect to be able to include . 46 | */ 47 | #include 48 | -------------------------------------------------------------------------------- /Include/pcap-namedb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1994, 1996 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.13 2006/10/04 18:13:32 guy Exp $ (LBL) 34 | */ 35 | 36 | /* 37 | * For backwards compatibility. 38 | * 39 | * Note to OS vendors: do NOT get rid of this file! Some applications 40 | * might expect to be able to include . 41 | */ 42 | #include 43 | -------------------------------------------------------------------------------- /Include/pcap-stdinc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy) 3 | * Copyright (c) 2005 - 2009 CACE Technologies, Inc. Davis (California) 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 3. Neither the name of the Politecnico di Torino nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | * 31 | * @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.10.2.1 2008-10-06 15:38:39 gianluca Exp $ (LBL) 32 | */ 33 | 34 | #define SIZEOF_CHAR 1 35 | #define SIZEOF_SHORT 2 36 | #define SIZEOF_INT 4 37 | #ifndef _MSC_EXTENSIONS 38 | #define SIZEOF_LONG_LONG 8 39 | #endif 40 | 41 | /* 42 | * Avoids a compiler warning in case this was already defined 43 | * (someone defined _WINSOCKAPI_ when including 'windows.h', in order 44 | * to prevent it from including 'winsock.h') 45 | */ 46 | #ifdef _WINSOCKAPI_ 47 | #undef _WINSOCKAPI_ 48 | #endif 49 | #include 50 | 51 | #include 52 | 53 | #include "bittypes.h" 54 | #include 55 | #include 56 | 57 | #ifndef __MINGW32__ 58 | #include "IP6_misc.h" 59 | #endif 60 | 61 | #define caddr_t char* 62 | 63 | #if _MSC_VER < 1500 64 | #define snprintf _snprintf 65 | #define vsnprintf _vsnprintf 66 | #define strdup _strdup 67 | #endif 68 | 69 | #define inline __inline 70 | 71 | #ifdef __MINGW32__ 72 | #include 73 | #else /*__MINGW32__*/ 74 | /* MSVC compiler */ 75 | #ifndef _UINTPTR_T_DEFINED 76 | #ifdef _WIN64 77 | typedef unsigned __int64 uintptr_t; 78 | #else 79 | typedef _W64 unsigned int uintptr_t; 80 | #endif 81 | #define _UINTPTR_T_DEFINED 82 | #endif 83 | 84 | #ifndef _INTPTR_T_DEFINED 85 | #ifdef _WIN64 86 | typedef __int64 intptr_t; 87 | #else 88 | typedef _W64 int intptr_t; 89 | #endif 90 | #define _INTPTR_T_DEFINED 91 | #endif 92 | 93 | #endif /*__MINGW32__*/ 94 | -------------------------------------------------------------------------------- /Include/pcap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.59 2006/10/04 18:09:22 guy Exp $ (LBL) 34 | */ 35 | 36 | /* 37 | * For backwards compatibility. 38 | * 39 | * Note to OS vendors: do NOT get rid of this file! Many applications 40 | * expect to be able to include , and at least some of them 41 | * go through contortions in their configure scripts to try to detect 42 | * OSes that have "helpfully" moved pcap.h to without 43 | * leaving behind a file. 44 | */ 45 | #include 46 | -------------------------------------------------------------------------------- /Include/pcap/bluetooth.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Paolo Abeni (Italy) 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 3. The name of the author may not be used to endorse or promote 15 | * products derived from this software without specific prior written 16 | * permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | * bluetooth data struct 31 | * By Paolo Abeni 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/bluetooth.h,v 1.1 2007/09/22 02:10:17 guy Exp $ 34 | */ 35 | 36 | #ifndef _PCAP_BLUETOOTH_STRUCTS_H__ 37 | #define _PCAP_BLUETOOTH_STRUCTS_H__ 38 | 39 | /* 40 | * Header prepended libpcap to each bluetooth h:4 frame. 41 | * fields are in network byte order 42 | */ 43 | typedef struct _pcap_bluetooth_h4_header { 44 | u_int32_t direction; /* if first bit is set direction is incoming */ 45 | } pcap_bluetooth_h4_header; 46 | 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /Include/pcap/bpf.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * This code is derived from the Stanford/CMU enet packet filter, 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 | * Berkeley Laboratory. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 2. Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in the 17 | * documentation and/or other materials provided with the distribution. 18 | * 3. All advertising materials mentioning features or use of this software 19 | * must display the following acknowledgement: 20 | * This product includes software developed by the University of 21 | * California, Berkeley and its contributors. 22 | * 4. Neither the name of the University nor the names of its contributors 23 | * may be used to endorse or promote products derived from this software 24 | * without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 | * SUCH DAMAGE. 37 | * 38 | * @(#)bpf.h 7.1 (Berkeley) 5/7/91 39 | * 40 | * @(#) $Header: /tcpdump/master/libpcap/pcap/bpf.h,v 1.19.2.8 2008-09-22 20:16:01 guy Exp $ (LBL) 41 | */ 42 | 43 | /* 44 | * This is libpcap's cut-down version of bpf.h; it includes only 45 | * the stuff needed for the code generator and the userland BPF 46 | * interpreter, and the libpcap APIs for setting filters, etc.. 47 | * 48 | * "pcap-bpf.c" will include the native OS version, as it deals with 49 | * the OS's BPF implementation. 50 | * 51 | * XXX - should this all just be moved to "pcap.h"? 52 | */ 53 | 54 | #ifndef BPF_MAJOR_VERSION 55 | 56 | #ifdef __cplusplus 57 | extern "C" { 58 | #endif 59 | 60 | /* BSD style release date */ 61 | #define BPF_RELEASE 199606 62 | 63 | #ifdef MSDOS /* must be 32-bit */ 64 | typedef long bpf_int32; 65 | typedef unsigned long bpf_u_int32; 66 | #else 67 | typedef int bpf_int32; 68 | typedef u_int bpf_u_int32; 69 | #endif 70 | 71 | /* 72 | * Alignment macros. BPF_WORDALIGN rounds up to the next 73 | * even multiple of BPF_ALIGNMENT. 74 | */ 75 | #ifndef __NetBSD__ 76 | #define BPF_ALIGNMENT sizeof(bpf_int32) 77 | #else 78 | #define BPF_ALIGNMENT sizeof(long) 79 | #endif 80 | #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) 81 | 82 | #define BPF_MAXBUFSIZE 0x8000 83 | #define BPF_MINBUFSIZE 32 84 | 85 | /* 86 | * Structure for "pcap_compile()", "pcap_setfilter()", etc.. 87 | */ 88 | struct bpf_program { 89 | u_int bf_len; 90 | struct bpf_insn *bf_insns; 91 | }; 92 | 93 | /* 94 | * Struct return by BIOCVERSION. This represents the version number of 95 | * the filter language described by the instruction encodings below. 96 | * bpf understands a program iff kernel_major == filter_major && 97 | * kernel_minor >= filter_minor, that is, if the value returned by the 98 | * running kernel has the same major number and a minor number equal 99 | * equal to or less than the filter being downloaded. Otherwise, the 100 | * results are undefined, meaning an error may be returned or packets 101 | * may be accepted haphazardly. 102 | * It has nothing to do with the source code version. 103 | */ 104 | struct bpf_version { 105 | u_short bv_major; 106 | u_short bv_minor; 107 | }; 108 | /* Current version number of filter architecture. */ 109 | #define BPF_MAJOR_VERSION 1 110 | #define BPF_MINOR_VERSION 1 111 | 112 | /* 113 | * Data-link level type codes. 114 | * 115 | * Do *NOT* add new values to this list without asking 116 | * "tcpdump-workers@lists.tcpdump.org" for a value. Otherwise, you run 117 | * the risk of using a value that's already being used for some other 118 | * purpose, and of having tools that read libpcap-format captures not 119 | * being able to handle captures with your new DLT_ value, with no hope 120 | * that they will ever be changed to do so (as that would destroy their 121 | * ability to read captures using that value for that other purpose). 122 | */ 123 | 124 | /* 125 | * These are the types that are the same on all platforms, and that 126 | * have been defined by for ages. 127 | */ 128 | #define DLT_NULL 0 /* BSD loopback encapsulation */ 129 | #define DLT_EN10MB 1 /* Ethernet (10Mb) */ 130 | #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ 131 | #define DLT_AX25 3 /* Amateur Radio AX.25 */ 132 | #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ 133 | #define DLT_CHAOS 5 /* Chaos */ 134 | #define DLT_IEEE802 6 /* 802.5 Token Ring */ 135 | #define DLT_ARCNET 7 /* ARCNET, with BSD-style header */ 136 | #define DLT_SLIP 8 /* Serial Line IP */ 137 | #define DLT_PPP 9 /* Point-to-point Protocol */ 138 | #define DLT_FDDI 10 /* FDDI */ 139 | 140 | /* 141 | * These are types that are different on some platforms, and that 142 | * have been defined by for ages. We use #ifdefs to 143 | * detect the BSDs that define them differently from the traditional 144 | * libpcap 145 | * 146 | * XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS, 147 | * but I don't know what the right #define is for BSD/OS. 148 | */ 149 | #define DLT_ATM_RFC1483 11 /* LLC-encapsulated ATM */ 150 | 151 | #ifdef __OpenBSD__ 152 | #define DLT_RAW 14 /* raw IP */ 153 | #else 154 | #define DLT_RAW 12 /* raw IP */ 155 | #endif 156 | 157 | /* 158 | * Given that the only OS that currently generates BSD/OS SLIP or PPP 159 | * is, well, BSD/OS, arguably everybody should have chosen its values 160 | * for DLT_SLIP_BSDOS and DLT_PPP_BSDOS, which are 15 and 16, but they 161 | * didn't. So it goes. 162 | */ 163 | #if defined(__NetBSD__) || defined(__FreeBSD__) 164 | #ifndef DLT_SLIP_BSDOS 165 | #define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ 166 | #define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ 167 | #endif 168 | #else 169 | #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ 170 | #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ 171 | #endif 172 | 173 | /* 174 | * 17 is used for DLT_OLD_PFLOG in OpenBSD; 175 | * OBSOLETE: DLT_PFLOG is 117 in OpenBSD now as well. See below. 176 | * 18 is used for DLT_PFSYNC in OpenBSD; don't use it for anything else. 177 | */ 178 | 179 | #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ 180 | 181 | /* 182 | * Apparently Redback uses this for its SmartEdge 400/800. I hope 183 | * nobody else decided to use it, too. 184 | */ 185 | #define DLT_REDBACK_SMARTEDGE 32 186 | 187 | /* 188 | * These values are defined by NetBSD; other platforms should refrain from 189 | * using them for other purposes, so that NetBSD savefiles with link 190 | * types of 50 or 51 can be read as this type on all platforms. 191 | */ 192 | #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ 193 | #define DLT_PPP_ETHER 51 /* PPP over Ethernet */ 194 | 195 | /* 196 | * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses 197 | * a link-layer type of 99 for the tcpdump it supplies. The link-layer 198 | * header has 6 bytes of unknown data, something that appears to be an 199 | * Ethernet type, and 36 bytes that appear to be 0 in at least one capture 200 | * I've seen. 201 | */ 202 | #define DLT_SYMANTEC_FIREWALL 99 203 | 204 | /* 205 | * Values between 100 and 103 are used in capture file headers as 206 | * link-layer types corresponding to DLT_ types that differ 207 | * between platforms; don't use those values for new DLT_ new types. 208 | */ 209 | 210 | /* 211 | * This value was defined by libpcap 0.5; platforms that have defined 212 | * it with a different value should define it here with that value - 213 | * a link type of 104 in a save file will be mapped to DLT_C_HDLC, 214 | * whatever value that happens to be, so programs will correctly 215 | * handle files with that link type regardless of the value of 216 | * DLT_C_HDLC. 217 | * 218 | * The name DLT_C_HDLC was used by BSD/OS; we use that name for source 219 | * compatibility with programs written for BSD/OS. 220 | * 221 | * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, 222 | * for source compatibility with programs written for libpcap 0.5. 223 | */ 224 | #define DLT_C_HDLC 104 /* Cisco HDLC */ 225 | #define DLT_CHDLC DLT_C_HDLC 226 | 227 | #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ 228 | 229 | /* 230 | * 106 is reserved for Linux Classical IP over ATM; it's like DLT_RAW, 231 | * except when it isn't. (I.e., sometimes it's just raw IP, and 232 | * sometimes it isn't.) We currently handle it as DLT_LINUX_SLL, 233 | * so that we don't have to worry about the link-layer header.) 234 | */ 235 | 236 | /* 237 | * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides 238 | * with other values. 239 | * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header 240 | * (DLCI, etc.). 241 | */ 242 | #define DLT_FRELAY 107 243 | 244 | /* 245 | * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except 246 | * that the AF_ type in the link-layer header is in network byte order. 247 | * 248 | * DLT_LOOP is 12 in OpenBSD, but that's DLT_RAW in other OSes, so 249 | * we don't use 12 for it in OSes other than OpenBSD. 250 | */ 251 | #ifdef __OpenBSD__ 252 | #define DLT_LOOP 12 253 | #else 254 | #define DLT_LOOP 108 255 | #endif 256 | 257 | /* 258 | * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's 259 | * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other 260 | * than OpenBSD. 261 | */ 262 | #ifdef __OpenBSD__ 263 | #define DLT_ENC 13 264 | #else 265 | #define DLT_ENC 109 266 | #endif 267 | 268 | /* 269 | * Values between 110 and 112 are reserved for use in capture file headers 270 | * as link-layer types corresponding to DLT_ types that might differ 271 | * between platforms; don't use those values for new DLT_ types 272 | * other than the corresponding DLT_ types. 273 | */ 274 | 275 | /* 276 | * This is for Linux cooked sockets. 277 | */ 278 | #define DLT_LINUX_SLL 113 279 | 280 | /* 281 | * Apple LocalTalk hardware. 282 | */ 283 | #define DLT_LTALK 114 284 | 285 | /* 286 | * Acorn Econet. 287 | */ 288 | #define DLT_ECONET 115 289 | 290 | /* 291 | * Reserved for use with OpenBSD ipfilter. 292 | */ 293 | #define DLT_IPFILTER 116 294 | 295 | /* 296 | * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023 297 | * in SuSE 6.3, so we can't use 17 for it in capture-file headers. 298 | * 299 | * XXX: is there a conflict with DLT_PFSYNC 18 as well? 300 | */ 301 | #ifdef __OpenBSD__ 302 | #define DLT_OLD_PFLOG 17 303 | #define DLT_PFSYNC 18 304 | #endif 305 | #define DLT_PFLOG 117 306 | 307 | /* 308 | * Registered for Cisco-internal use. 309 | */ 310 | #define DLT_CISCO_IOS 118 311 | 312 | /* 313 | * For 802.11 cards using the Prism II chips, with a link-layer 314 | * header including Prism monitor mode information plus an 802.11 315 | * header. 316 | */ 317 | #define DLT_PRISM_HEADER 119 318 | 319 | /* 320 | * Reserved for Aironet 802.11 cards, with an Aironet link-layer header 321 | * (see Doug Ambrisko's FreeBSD patches). 322 | */ 323 | #define DLT_AIRONET_HEADER 120 324 | 325 | /* 326 | * Reserved for Siemens HiPath HDLC. 327 | */ 328 | #define DLT_HHDLC 121 329 | 330 | /* 331 | * This is for RFC 2625 IP-over-Fibre Channel. 332 | * 333 | * This is not for use with raw Fibre Channel, where the link-layer 334 | * header starts with a Fibre Channel frame header; it's for IP-over-FC, 335 | * where the link-layer header starts with an RFC 2625 Network_Header 336 | * field. 337 | */ 338 | #define DLT_IP_OVER_FC 122 339 | 340 | /* 341 | * This is for Full Frontal ATM on Solaris with SunATM, with a 342 | * pseudo-header followed by an AALn PDU. 343 | * 344 | * There may be other forms of Full Frontal ATM on other OSes, 345 | * with different pseudo-headers. 346 | * 347 | * If ATM software returns a pseudo-header with VPI/VCI information 348 | * (and, ideally, packet type information, e.g. signalling, ILMI, 349 | * LANE, LLC-multiplexed traffic, etc.), it should not use 350 | * DLT_ATM_RFC1483, but should get a new DLT_ value, so tcpdump 351 | * and the like don't have to infer the presence or absence of a 352 | * pseudo-header and the form of the pseudo-header. 353 | */ 354 | #define DLT_SUNATM 123 /* Solaris+SunATM */ 355 | 356 | /* 357 | * Reserved as per request from Kent Dahlgren 358 | * for private use. 359 | */ 360 | #define DLT_RIO 124 /* RapidIO */ 361 | #define DLT_PCI_EXP 125 /* PCI Express */ 362 | #define DLT_AURORA 126 /* Xilinx Aurora link layer */ 363 | 364 | /* 365 | * Header for 802.11 plus a number of bits of link-layer information 366 | * including radio information, used by some recent BSD drivers as 367 | * well as the madwifi Atheros driver for Linux. 368 | */ 369 | #define DLT_IEEE802_11_RADIO 127 /* 802.11 plus radiotap radio header */ 370 | 371 | /* 372 | * Reserved for the TZSP encapsulation, as per request from 373 | * Chris Waters 374 | * TZSP is a generic encapsulation for any other link type, 375 | * which includes a means to include meta-information 376 | * with the packet, e.g. signal strength and channel 377 | * for 802.11 packets. 378 | */ 379 | #define DLT_TZSP 128 /* Tazmen Sniffer Protocol */ 380 | 381 | /* 382 | * BSD's ARCNET headers have the source host, destination host, 383 | * and type at the beginning of the packet; that's what's handed 384 | * up to userland via BPF. 385 | * 386 | * Linux's ARCNET headers, however, have a 2-byte offset field 387 | * between the host IDs and the type; that's what's handed up 388 | * to userland via PF_PACKET sockets. 389 | * 390 | * We therefore have to have separate DLT_ values for them. 391 | */ 392 | #define DLT_ARCNET_LINUX 129 /* ARCNET */ 393 | 394 | /* 395 | * Juniper-private data link types, as per request from 396 | * Hannes Gredler . The DLT_s are used 397 | * for passing on chassis-internal metainformation such as 398 | * QOS profiles, etc.. 399 | */ 400 | #define DLT_JUNIPER_MLPPP 130 401 | #define DLT_JUNIPER_MLFR 131 402 | #define DLT_JUNIPER_ES 132 403 | #define DLT_JUNIPER_GGSN 133 404 | #define DLT_JUNIPER_MFR 134 405 | #define DLT_JUNIPER_ATM2 135 406 | #define DLT_JUNIPER_SERVICES 136 407 | #define DLT_JUNIPER_ATM1 137 408 | 409 | /* 410 | * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund 411 | * . The header that's presented is an Ethernet-like 412 | * header: 413 | * 414 | * #define FIREWIRE_EUI64_LEN 8 415 | * struct firewire_header { 416 | * u_char firewire_dhost[FIREWIRE_EUI64_LEN]; 417 | * u_char firewire_shost[FIREWIRE_EUI64_LEN]; 418 | * u_short firewire_type; 419 | * }; 420 | * 421 | * with "firewire_type" being an Ethernet type value, rather than, 422 | * for example, raw GASP frames being handed up. 423 | */ 424 | #define DLT_APPLE_IP_OVER_IEEE1394 138 425 | 426 | /* 427 | * Various SS7 encapsulations, as per a request from Jeff Morriss 428 | * and subsequent discussions. 429 | */ 430 | #define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */ 431 | #define DLT_MTP2 140 /* MTP2, without pseudo-header */ 432 | #define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */ 433 | #define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */ 434 | 435 | /* 436 | * DOCSIS MAC frames. 437 | */ 438 | #define DLT_DOCSIS 143 439 | 440 | /* 441 | * Linux-IrDA packets. Protocol defined at http://www.irda.org. 442 | * Those packets include IrLAP headers and above (IrLMP...), but 443 | * don't include Phy framing (SOF/EOF/CRC & byte stuffing), because Phy 444 | * framing can be handled by the hardware and depend on the bitrate. 445 | * This is exactly the format you would get capturing on a Linux-IrDA 446 | * interface (irdaX), but not on a raw serial port. 447 | * Note the capture is done in "Linux-cooked" mode, so each packet include 448 | * a fake packet header (struct sll_header). This is because IrDA packet 449 | * decoding is dependant on the direction of the packet (incomming or 450 | * outgoing). 451 | * When/if other platform implement IrDA capture, we may revisit the 452 | * issue and define a real DLT_IRDA... 453 | * Jean II 454 | */ 455 | #define DLT_LINUX_IRDA 144 456 | 457 | /* 458 | * Reserved for IBM SP switch and IBM Next Federation switch. 459 | */ 460 | #define DLT_IBM_SP 145 461 | #define DLT_IBM_SN 146 462 | 463 | /* 464 | * Reserved for private use. If you have some link-layer header type 465 | * that you want to use within your organization, with the capture files 466 | * using that link-layer header type not ever be sent outside your 467 | * organization, you can use these values. 468 | * 469 | * No libpcap release will use these for any purpose, nor will any 470 | * tcpdump release use them, either. 471 | * 472 | * Do *NOT* use these in capture files that you expect anybody not using 473 | * your private versions of capture-file-reading tools to read; in 474 | * particular, do *NOT* use them in products, otherwise you may find that 475 | * people won't be able to use tcpdump, or snort, or Ethereal, or... to 476 | * read capture files from your firewall/intrusion detection/traffic 477 | * monitoring/etc. appliance, or whatever product uses that DLT_ value, 478 | * and you may also find that the developers of those applications will 479 | * not accept patches to let them read those files. 480 | * 481 | * Also, do not use them if somebody might send you a capture using them 482 | * for *their* private type and tools using them for *your* private type 483 | * would have to read them. 484 | * 485 | * Instead, ask "tcpdump-workers@lists.tcpdump.org" for a new DLT_ value, 486 | * as per the comment above, and use the type you're given. 487 | */ 488 | #define DLT_USER0 147 489 | #define DLT_USER1 148 490 | #define DLT_USER2 149 491 | #define DLT_USER3 150 492 | #define DLT_USER4 151 493 | #define DLT_USER5 152 494 | #define DLT_USER6 153 495 | #define DLT_USER7 154 496 | #define DLT_USER8 155 497 | #define DLT_USER9 156 498 | #define DLT_USER10 157 499 | #define DLT_USER11 158 500 | #define DLT_USER12 159 501 | #define DLT_USER13 160 502 | #define DLT_USER14 161 503 | #define DLT_USER15 162 504 | 505 | /* 506 | * For future use with 802.11 captures - defined by AbsoluteValue 507 | * Systems to store a number of bits of link-layer information 508 | * including radio information: 509 | * 510 | * http://www.shaftnet.org/~pizza/software/capturefrm.txt 511 | * 512 | * but it might be used by some non-AVS drivers now or in the 513 | * future. 514 | */ 515 | #define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */ 516 | 517 | /* 518 | * Juniper-private data link type, as per request from 519 | * Hannes Gredler . The DLT_s are used 520 | * for passing on chassis-internal metainformation such as 521 | * QOS profiles, etc.. 522 | */ 523 | #define DLT_JUNIPER_MONITOR 164 524 | 525 | /* 526 | * Reserved for BACnet MS/TP. 527 | */ 528 | #define DLT_BACNET_MS_TP 165 529 | 530 | /* 531 | * Another PPP variant as per request from Karsten Keil . 532 | * 533 | * This is used in some OSes to allow a kernel socket filter to distinguish 534 | * between incoming and outgoing packets, on a socket intended to 535 | * supply pppd with outgoing packets so it can do dial-on-demand and 536 | * hangup-on-lack-of-demand; incoming packets are filtered out so they 537 | * don't cause pppd to hold the connection up (you don't want random 538 | * input packets such as port scans, packets from old lost connections, 539 | * etc. to force the connection to stay up). 540 | * 541 | * The first byte of the PPP header (0xff03) is modified to accomodate 542 | * the direction - 0x00 = IN, 0x01 = OUT. 543 | */ 544 | #define DLT_PPP_PPPD 166 545 | 546 | /* 547 | * Names for backwards compatibility with older versions of some PPP 548 | * software; new software should use DLT_PPP_PPPD. 549 | */ 550 | #define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD 551 | #define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD 552 | 553 | /* 554 | * Juniper-private data link type, as per request from 555 | * Hannes Gredler . The DLT_s are used 556 | * for passing on chassis-internal metainformation such as 557 | * QOS profiles, cookies, etc.. 558 | */ 559 | #define DLT_JUNIPER_PPPOE 167 560 | #define DLT_JUNIPER_PPPOE_ATM 168 561 | 562 | #define DLT_GPRS_LLC 169 /* GPRS LLC */ 563 | #define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */ 564 | #define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */ 565 | 566 | /* 567 | * Requested by Oolan Zimmer for use in Gcom's T1/E1 line 568 | * monitoring equipment. 569 | */ 570 | #define DLT_GCOM_T1E1 172 571 | #define DLT_GCOM_SERIAL 173 572 | 573 | /* 574 | * Juniper-private data link type, as per request from 575 | * Hannes Gredler . The DLT_ is used 576 | * for internal communication to Physical Interface Cards (PIC) 577 | */ 578 | #define DLT_JUNIPER_PIC_PEER 174 579 | 580 | /* 581 | * Link types requested by Gregor Maier of Endace 582 | * Measurement Systems. They add an ERF header (see 583 | * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of 584 | * the link-layer header. 585 | */ 586 | #define DLT_ERF_ETH 175 /* Ethernet */ 587 | #define DLT_ERF_POS 176 /* Packet-over-SONET */ 588 | 589 | /* 590 | * Requested by Daniele Orlandi for raw LAPD 591 | * for vISDN (http://www.orlandi.com/visdn/). Its link-layer header 592 | * includes additional information before the LAPD header, so it's 593 | * not necessarily a generic LAPD header. 594 | */ 595 | #define DLT_LINUX_LAPD 177 596 | 597 | /* 598 | * Juniper-private data link type, as per request from 599 | * Hannes Gredler . 600 | * The DLT_ are used for prepending meta-information 601 | * like interface index, interface name 602 | * before standard Ethernet, PPP, Frelay & C-HDLC Frames 603 | */ 604 | #define DLT_JUNIPER_ETHER 178 605 | #define DLT_JUNIPER_PPP 179 606 | #define DLT_JUNIPER_FRELAY 180 607 | #define DLT_JUNIPER_CHDLC 181 608 | 609 | /* 610 | * Multi Link Frame Relay (FRF.16) 611 | */ 612 | #define DLT_MFR 182 613 | 614 | /* 615 | * Juniper-private data link type, as per request from 616 | * Hannes Gredler . 617 | * The DLT_ is used for internal communication with a 618 | * voice Adapter Card (PIC) 619 | */ 620 | #define DLT_JUNIPER_VP 183 621 | 622 | /* 623 | * Arinc 429 frames. 624 | * DLT_ requested by Gianluca Varenni . 625 | * Every frame contains a 32bit A429 label. 626 | * More documentation on Arinc 429 can be found at 627 | * http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf 628 | */ 629 | #define DLT_A429 184 630 | 631 | /* 632 | * Arinc 653 Interpartition Communication messages. 633 | * DLT_ requested by Gianluca Varenni . 634 | * Please refer to the A653-1 standard for more information. 635 | */ 636 | #define DLT_A653_ICM 185 637 | 638 | /* 639 | * USB packets, beginning with a USB setup header; requested by 640 | * Paolo Abeni . 641 | */ 642 | #define DLT_USB 186 643 | 644 | /* 645 | * Bluetooth HCI UART transport layer (part H:4); requested by 646 | * Paolo Abeni. 647 | */ 648 | #define DLT_BLUETOOTH_HCI_H4 187 649 | 650 | /* 651 | * IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz 652 | * . 653 | */ 654 | #define DLT_IEEE802_16_MAC_CPS 188 655 | 656 | /* 657 | * USB packets, beginning with a Linux USB header; requested by 658 | * Paolo Abeni . 659 | */ 660 | #define DLT_USB_LINUX 189 661 | 662 | /* 663 | * Controller Area Network (CAN) v. 2.0B packets. 664 | * DLT_ requested by Gianluca Varenni . 665 | * Used to dump CAN packets coming from a CAN Vector board. 666 | * More documentation on the CAN v2.0B frames can be found at 667 | * http://www.can-cia.org/downloads/?269 668 | */ 669 | #define DLT_CAN20B 190 670 | 671 | /* 672 | * IEEE 802.15.4, with address fields padded, as is done by Linux 673 | * drivers; requested by Juergen Schimmer. 674 | */ 675 | #define DLT_IEEE802_15_4_LINUX 191 676 | 677 | /* 678 | * Per Packet Information encapsulated packets. 679 | * DLT_ requested by Gianluca Varenni . 680 | */ 681 | #define DLT_PPI 192 682 | 683 | /* 684 | * Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header; 685 | * requested by Charles Clancy. 686 | */ 687 | #define DLT_IEEE802_16_MAC_CPS_RADIO 193 688 | 689 | /* 690 | * Juniper-private data link type, as per request from 691 | * Hannes Gredler . 692 | * The DLT_ is used for internal communication with a 693 | * integrated service module (ISM). 694 | */ 695 | #define DLT_JUNIPER_ISM 194 696 | 697 | /* 698 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no 699 | * nothing); requested by Mikko Saarnivala . 700 | */ 701 | #define DLT_IEEE802_15_4 195 702 | 703 | /* 704 | * Various link-layer types, with a pseudo-header, for SITA 705 | * (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com). 706 | */ 707 | #define DLT_SITA 196 708 | 709 | /* 710 | * Various link-layer types, with a pseudo-header, for Endace DAG cards; 711 | * encapsulates Endace ERF records. Requested by Stephen Donnelly 712 | * . 713 | */ 714 | #define DLT_ERF 197 715 | 716 | /* 717 | * Special header prepended to Ethernet packets when capturing from a 718 | * u10 Networks board. Requested by Phil Mulholland 719 | * . 720 | */ 721 | #define DLT_RAIF1 198 722 | 723 | /* 724 | * IPMB packet for IPMI, beginning with the I2C slave address, followed 725 | * by the netFn and LUN, etc.. Requested by Chanthy Toeung 726 | * . 727 | */ 728 | #define DLT_IPMB 199 729 | 730 | /* 731 | * Juniper-private data link type, as per request from 732 | * Hannes Gredler . 733 | * The DLT_ is used for capturing data on a secure tunnel interface. 734 | */ 735 | #define DLT_JUNIPER_ST 200 736 | 737 | /* 738 | * Bluetooth HCI UART transport layer (part H:4), with pseudo-header 739 | * that includes direction information; requested by Paolo Abeni. 740 | */ 741 | #define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201 742 | 743 | /* 744 | * AX.25 packet with a 1-byte KISS header; see 745 | * 746 | * http://www.ax25.net/kiss.htm 747 | * 748 | * as per Richard Stearn . 749 | */ 750 | #define DLT_AX25_KISS 202 751 | 752 | /* 753 | * LAPD packets from an ISDN channel, starting with the address field, 754 | * with no pseudo-header. 755 | * Requested by Varuna De Silva . 756 | */ 757 | #define DLT_LAPD 203 758 | 759 | /* 760 | * Variants of various link-layer headers, with a one-byte direction 761 | * pseudo-header prepended - zero means "received by this host", 762 | * non-zero (any non-zero value) means "sent by this host" - as per 763 | * Will Barker . 764 | */ 765 | #define DLT_PPP_WITH_DIR 204 /* PPP - don't confuse with DLT_PPP_WITH_DIRECTION */ 766 | #define DLT_C_HDLC_WITH_DIR 205 /* Cisco HDLC */ 767 | #define DLT_FRELAY_WITH_DIR 206 /* Frame Relay */ 768 | #define DLT_LAPB_WITH_DIR 207 /* LAPB */ 769 | 770 | /* 771 | * 208 is reserved for an as-yet-unspecified proprietary link-layer 772 | * type, as requested by Will Barker. 773 | */ 774 | 775 | /* 776 | * IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman 777 | * . 778 | */ 779 | #define DLT_IPMB_LINUX 209 780 | 781 | /* 782 | * FlexRay automotive bus - http://www.flexray.com/ - as requested 783 | * by Hannes Kaelber . 784 | */ 785 | #define DLT_FLEXRAY 210 786 | 787 | /* 788 | * Media Oriented Systems Transport (MOST) bus for multimedia 789 | * transport - http://www.mostcooperation.com/ - as requested 790 | * by Hannes Kaelber . 791 | */ 792 | #define DLT_MOST 211 793 | 794 | /* 795 | * Local Interconnect Network (LIN) bus for vehicle networks - 796 | * http://www.lin-subbus.org/ - as requested by Hannes Kaelber 797 | * . 798 | */ 799 | #define DLT_LIN 212 800 | 801 | /* 802 | * X2E-private data link type used for serial line capture, 803 | * as requested by Hannes Kaelber . 804 | */ 805 | #define DLT_X2E_SERIAL 213 806 | 807 | /* 808 | * X2E-private data link type used for the Xoraya data logger 809 | * family, as requested by Hannes Kaelber . 810 | */ 811 | #define DLT_X2E_XORAYA 214 812 | 813 | /* 814 | * IEEE 802.15.4, exactly as it appears in the spec (no padding, no 815 | * nothing), but with the PHY-level data for non-ASK PHYs (4 octets 816 | * of 0 as preamble, one octet of SFD, one octet of frame length+ 817 | * reserved bit, and then the MAC-layer data, starting with the 818 | * frame control field). 819 | * 820 | * Requested by Max Filippov . 821 | */ 822 | #define DLT_IEEE802_15_4_NONASK_PHY 215 823 | 824 | 825 | /* 826 | * DLT and savefile link type values are split into a class and 827 | * a member of that class. A class value of 0 indicates a regular 828 | * DLT_/LINKTYPE_ value. 829 | */ 830 | #define DLT_CLASS(x) ((x) & 0x03ff0000) 831 | 832 | /* 833 | * NetBSD-specific generic "raw" link type. The class value indicates 834 | * that this is the generic raw type, and the lower 16 bits are the 835 | * address family we're dealing with. Those values are NetBSD-specific; 836 | * do not assume that they correspond to AF_ values for your operating 837 | * system. 838 | */ 839 | #define DLT_CLASS_NETBSD_RAWAF 0x02240000 840 | #define DLT_NETBSD_RAWAF(af) (DLT_CLASS_NETBSD_RAWAF | (af)) 841 | #define DLT_NETBSD_RAWAF_AF(x) ((x) & 0x0000ffff) 842 | #define DLT_IS_NETBSD_RAWAF(x) (DLT_CLASS(x) == DLT_CLASS_NETBSD_RAWAF) 843 | 844 | 845 | /* 846 | * The instruction encodings. 847 | */ 848 | /* instruction classes */ 849 | #define BPF_CLASS(code) ((code) & 0x07) 850 | #define BPF_LD 0x00 851 | #define BPF_LDX 0x01 852 | #define BPF_ST 0x02 853 | #define BPF_STX 0x03 854 | #define BPF_ALU 0x04 855 | #define BPF_JMP 0x05 856 | #define BPF_RET 0x06 857 | #define BPF_MISC 0x07 858 | 859 | /* ld/ldx fields */ 860 | #define BPF_SIZE(code) ((code) & 0x18) 861 | #define BPF_W 0x00 862 | #define BPF_H 0x08 863 | #define BPF_B 0x10 864 | #define BPF_MODE(code) ((code) & 0xe0) 865 | #define BPF_IMM 0x00 866 | #define BPF_ABS 0x20 867 | #define BPF_IND 0x40 868 | #define BPF_MEM 0x60 869 | #define BPF_LEN 0x80 870 | #define BPF_MSH 0xa0 871 | 872 | /* alu/jmp fields */ 873 | #define BPF_OP(code) ((code) & 0xf0) 874 | #define BPF_ADD 0x00 875 | #define BPF_SUB 0x10 876 | #define BPF_MUL 0x20 877 | #define BPF_DIV 0x30 878 | #define BPF_OR 0x40 879 | #define BPF_AND 0x50 880 | #define BPF_LSH 0x60 881 | #define BPF_RSH 0x70 882 | #define BPF_NEG 0x80 883 | #define BPF_JA 0x00 884 | #define BPF_JEQ 0x10 885 | #define BPF_JGT 0x20 886 | #define BPF_JGE 0x30 887 | #define BPF_JSET 0x40 888 | #define BPF_SRC(code) ((code) & 0x08) 889 | #define BPF_K 0x00 890 | #define BPF_X 0x08 891 | 892 | /* ret - BPF_K and BPF_X also apply */ 893 | #define BPF_RVAL(code) ((code) & 0x18) 894 | #define BPF_A 0x10 895 | 896 | /* misc */ 897 | #define BPF_MISCOP(code) ((code) & 0xf8) 898 | #define BPF_TAX 0x00 899 | #define BPF_TXA 0x80 900 | 901 | /* 902 | * The instruction data structure. 903 | */ 904 | struct bpf_insn { 905 | u_short code; 906 | u_char jt; 907 | u_char jf; 908 | bpf_u_int32 k; 909 | }; 910 | 911 | /* 912 | * Macros for insn array initializers. 913 | */ 914 | #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } 915 | #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } 916 | 917 | #if __STDC__ || defined(__cplusplus) 918 | extern int bpf_validate(const struct bpf_insn *, int); 919 | extern u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 920 | #else 921 | extern int bpf_validate(); 922 | extern u_int bpf_filter(); 923 | #endif 924 | 925 | /* 926 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). 927 | */ 928 | #define BPF_MEMWORDS 16 929 | 930 | #ifdef __cplusplus 931 | } 932 | #endif 933 | 934 | #endif 935 | -------------------------------------------------------------------------------- /Include/pcap/namedb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1994, 1996 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the Computer Systems 16 | * Engineering Group at Lawrence Berkeley Laboratory. 17 | * 4. Neither the name of the University nor of the Laboratory may be used 18 | * to endorse or promote products derived from this software without 19 | * specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/namedb.h,v 1.1 2006/10/04 18:09:22 guy Exp $ (LBL) 34 | */ 35 | 36 | #ifndef lib_pcap_namedb_h 37 | #define lib_pcap_namedb_h 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /* 44 | * As returned by the pcap_next_etherent() 45 | * XXX this stuff doesn't belong in this interface, but this 46 | * library already must do name to address translation, so 47 | * on systems that don't have support for /etc/ethers, we 48 | * export these hooks since they'll 49 | */ 50 | struct pcap_etherent { 51 | u_char addr[6]; 52 | char name[122]; 53 | }; 54 | #ifndef PCAP_ETHERS_FILE 55 | #define PCAP_ETHERS_FILE "/etc/ethers" 56 | #endif 57 | struct pcap_etherent *pcap_next_etherent(FILE *); 58 | u_char *pcap_ether_hostton(const char*); 59 | u_char *pcap_ether_aton(const char *); 60 | 61 | bpf_u_int32 **pcap_nametoaddr(const char *); 62 | #ifdef INET6 63 | struct addrinfo *pcap_nametoaddrinfo(const char *); 64 | #endif 65 | bpf_u_int32 pcap_nametonetaddr(const char *); 66 | 67 | int pcap_nametoport(const char *, int *, int *); 68 | int pcap_nametoportrange(const char *, int *, int *, int *); 69 | int pcap_nametoproto(const char *); 70 | int pcap_nametoeproto(const char *); 71 | int pcap_nametollc(const char *); 72 | /* 73 | * If a protocol is unknown, PROTO_UNDEF is returned. 74 | * Also, pcap_nametoport() returns the protocol along with the port number. 75 | * If there are ambiguous entried in /etc/services (i.e. domain 76 | * can be either tcp or udp) PROTO_UNDEF is returned. 77 | */ 78 | #define PROTO_UNDEF -1 79 | 80 | /* XXX move these to pcap-int.h? */ 81 | int __pcap_atodn(const char *, bpf_u_int32 *); 82 | int __pcap_atoin(const char *, bpf_u_int32 *); 83 | u_short __pcap_nametodnaddr(const char *); 84 | 85 | #ifdef __cplusplus 86 | } 87 | #endif 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /Include/pcap/pcap.h: -------------------------------------------------------------------------------- 1 | /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ 2 | /* 3 | * Copyright (c) 1993, 1994, 1995, 1996, 1997 4 | * The Regents of the University of California. All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 3. All advertising materials mentioning features or use of this software 15 | * must display the following acknowledgement: 16 | * This product includes software developed by the Computer Systems 17 | * Engineering Group at Lawrence Berkeley Laboratory. 18 | * 4. Neither the name of the University nor of the Laboratory may be used 19 | * to endorse or promote products derived from this software without 20 | * specific prior written permission. 21 | * 22 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 | * SUCH DAMAGE. 33 | * 34 | * @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.4.2.11 2008-10-06 15:38:39 gianluca Exp $ (LBL) 35 | */ 36 | 37 | #ifndef lib_pcap_pcap_h 38 | #define lib_pcap_pcap_h 39 | 40 | #if defined(WIN32) 41 | #include 42 | #elif defined(MSDOS) 43 | #include 44 | #include /* u_int, u_char etc. */ 45 | #else /* UN*X */ 46 | #include 47 | #include 48 | #endif /* WIN32/MSDOS/UN*X */ 49 | 50 | #ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H 51 | #include 52 | #endif 53 | 54 | #include 55 | 56 | #ifdef HAVE_REMOTE 57 | // We have to define the SOCKET here, although it has been defined in sockutils.h 58 | // This is to avoid the distribution of the 'sockutils.h' file around 59 | // (for example in the WinPcap developer's pack) 60 | #ifndef SOCKET 61 | #ifdef WIN32 62 | #define SOCKET unsigned int 63 | #else 64 | #define SOCKET int 65 | #endif 66 | #endif 67 | #endif 68 | 69 | #ifdef __cplusplus 70 | extern "C" { 71 | #endif 72 | 73 | #define PCAP_VERSION_MAJOR 2 74 | #define PCAP_VERSION_MINOR 4 75 | 76 | #define PCAP_ERRBUF_SIZE 256 77 | 78 | /* 79 | * Compatibility for systems that have a bpf.h that 80 | * predates the bpf typedefs for 64-bit support. 81 | */ 82 | #if BPF_RELEASE - 0 < 199406 83 | typedef int bpf_int32; 84 | typedef u_int bpf_u_int32; 85 | #endif 86 | 87 | typedef struct pcap pcap_t; 88 | typedef struct pcap_dumper pcap_dumper_t; 89 | typedef struct pcap_if pcap_if_t; 90 | typedef struct pcap_addr pcap_addr_t; 91 | 92 | /* 93 | * The first record in the file contains saved values for some 94 | * of the flags used in the printout phases of tcpdump. 95 | * Many fields here are 32 bit ints so compilers won't insert unwanted 96 | * padding; these files need to be interchangeable across architectures. 97 | * 98 | * Do not change the layout of this structure, in any way (this includes 99 | * changes that only affect the length of fields in this structure). 100 | * 101 | * Also, do not change the interpretation of any of the members of this 102 | * structure, in any way (this includes using values other than 103 | * LINKTYPE_ values, as defined in "savefile.c", in the "linktype" 104 | * field). 105 | * 106 | * Instead: 107 | * 108 | * introduce a new structure for the new format, if the layout 109 | * of the structure changed; 110 | * 111 | * send mail to "tcpdump-workers@lists.tcpdump.org", requesting 112 | * a new magic number for your new capture file format, and, when 113 | * you get the new magic number, put it in "savefile.c"; 114 | * 115 | * use that magic number for save files with the changed file 116 | * header; 117 | * 118 | * make the code in "savefile.c" capable of reading files with 119 | * the old file header as well as files with the new file header 120 | * (using the magic number to determine the header format). 121 | * 122 | * Then supply the changes as a patch at 123 | * 124 | * http://sourceforge.net/projects/libpcap/ 125 | * 126 | * so that future versions of libpcap and programs that use it (such as 127 | * tcpdump) will be able to read your new capture file format. 128 | */ 129 | struct pcap_file_header { 130 | bpf_u_int32 magic; 131 | u_short version_major; 132 | u_short version_minor; 133 | bpf_int32 thiszone; /* gmt to local correction */ 134 | bpf_u_int32 sigfigs; /* accuracy of timestamps */ 135 | bpf_u_int32 snaplen; /* max length saved portion of each pkt */ 136 | bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ 137 | }; 138 | 139 | /* 140 | * Macros for the value returned by pcap_datalink_ext(). 141 | * 142 | * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro 143 | * gives the FCS length of packets in the capture. 144 | */ 145 | #define LT_FCS_LENGTH_PRESENT(x) ((x) & 0x04000000) 146 | #define LT_FCS_LENGTH(x) (((x) & 0xF0000000) >> 28) 147 | #define LT_FCS_DATALINK_EXT(x) ((((x) & 0xF) << 28) | 0x04000000) 148 | 149 | typedef enum { 150 | PCAP_D_INOUT = 0, 151 | PCAP_D_IN, 152 | PCAP_D_OUT 153 | } pcap_direction_t; 154 | 155 | /* 156 | * Generic per-packet information, as supplied by libpcap. 157 | * 158 | * The time stamp can and should be a "struct timeval", regardless of 159 | * whether your system supports 32-bit tv_sec in "struct timeval", 160 | * 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit 161 | * and 64-bit applications. The on-disk format of savefiles uses 32-bit 162 | * tv_sec (and tv_usec); this structure is irrelevant to that. 32-bit 163 | * and 64-bit versions of libpcap, even if they're on the same platform, 164 | * should supply the appropriate version of "struct timeval", even if 165 | * that's not what the underlying packet capture mechanism supplies. 166 | */ 167 | struct pcap_pkthdr { 168 | struct timeval ts; /* time stamp */ 169 | bpf_u_int32 caplen; /* length of portion present */ 170 | bpf_u_int32 len; /* length this packet (off wire) */ 171 | }; 172 | 173 | /* 174 | * As returned by the pcap_stats() 175 | */ 176 | struct pcap_stat { 177 | u_int ps_recv; /* number of packets received */ 178 | u_int ps_drop; /* number of packets dropped */ 179 | u_int ps_ifdrop; /* drops by interface XXX not yet supported */ 180 | #ifdef HAVE_REMOTE 181 | u_int ps_capt; /* number of packets that are received by the application; please get rid off the Win32 ifdef */ 182 | u_int ps_sent; /* number of packets sent by the server on the network */ 183 | u_int ps_netdrop; /* number of packets lost on the network */ 184 | #endif /* HAVE_REMOTE */ 185 | }; 186 | 187 | #ifdef MSDOS 188 | /* 189 | * As returned by the pcap_stats_ex() 190 | */ 191 | struct pcap_stat_ex { 192 | u_long rx_packets; /* total packets received */ 193 | u_long tx_packets; /* total packets transmitted */ 194 | u_long rx_bytes; /* total bytes received */ 195 | u_long tx_bytes; /* total bytes transmitted */ 196 | u_long rx_errors; /* bad packets received */ 197 | u_long tx_errors; /* packet transmit problems */ 198 | u_long rx_dropped; /* no space in Rx buffers */ 199 | u_long tx_dropped; /* no space available for Tx */ 200 | u_long multicast; /* multicast packets received */ 201 | u_long collisions; 202 | 203 | /* detailed rx_errors: */ 204 | u_long rx_length_errors; 205 | u_long rx_over_errors; /* receiver ring buff overflow */ 206 | u_long rx_crc_errors; /* recv'd pkt with crc error */ 207 | u_long rx_frame_errors; /* recv'd frame alignment error */ 208 | u_long rx_fifo_errors; /* recv'r fifo overrun */ 209 | u_long rx_missed_errors; /* recv'r missed packet */ 210 | 211 | /* detailed tx_errors */ 212 | u_long tx_aborted_errors; 213 | u_long tx_carrier_errors; 214 | u_long tx_fifo_errors; 215 | u_long tx_heartbeat_errors; 216 | u_long tx_window_errors; 217 | }; 218 | #endif 219 | 220 | /* 221 | * Item in a list of interfaces. 222 | */ 223 | struct pcap_if { 224 | struct pcap_if *next; 225 | char *name; /* name to hand to "pcap_open_live()" */ 226 | char *description; /* textual description of interface, or NULL */ 227 | struct pcap_addr *addresses; 228 | bpf_u_int32 flags; /* PCAP_IF_ interface flags */ 229 | }; 230 | 231 | #define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */ 232 | 233 | /* 234 | * Representation of an interface address. 235 | */ 236 | struct pcap_addr { 237 | struct pcap_addr *next; 238 | struct sockaddr *addr; /* address */ 239 | struct sockaddr *netmask; /* netmask for that address */ 240 | struct sockaddr *broadaddr; /* broadcast address for that address */ 241 | struct sockaddr *dstaddr; /* P2P destination address for that address */ 242 | }; 243 | 244 | typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, 245 | const u_char *); 246 | 247 | /* 248 | * Error codes for the pcap API. 249 | * These will all be negative, so you can check for the success or 250 | * failure of a call that returns these codes by checking for a 251 | * negative value. 252 | */ 253 | #define PCAP_ERROR -1 /* generic error code */ 254 | #define PCAP_ERROR_BREAK -2 /* loop terminated by pcap_breakloop */ 255 | #define PCAP_ERROR_NOT_ACTIVATED -3 /* the capture needs to be activated */ 256 | #define PCAP_ERROR_ACTIVATED -4 /* the operation can't be performed on already activated captures */ 257 | #define PCAP_ERROR_NO_SUCH_DEVICE -5 /* no such device exists */ 258 | #define PCAP_ERROR_RFMON_NOTSUP -6 /* this device doesn't support rfmon (monitor) mode */ 259 | #define PCAP_ERROR_NOT_RFMON -7 /* operation supported only in monitor mode */ 260 | #define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */ 261 | #define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */ 262 | 263 | /* 264 | * Warning codes for the pcap API. 265 | * These will all be positive and non-zero, so they won't look like 266 | * errors. 267 | */ 268 | #define PCAP_WARNING 1 /* generic warning code */ 269 | #define PCAP_WARNING_PROMISC_NOTSUP 2 /* this device doesn't support promiscuous mode */ 270 | 271 | char *pcap_lookupdev(char *); 272 | int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *); 273 | 274 | pcap_t *pcap_create(const char *, char *); 275 | int pcap_set_snaplen(pcap_t *, int); 276 | int pcap_set_promisc(pcap_t *, int); 277 | int pcap_can_set_rfmon(pcap_t *); 278 | int pcap_set_rfmon(pcap_t *, int); 279 | int pcap_set_timeout(pcap_t *, int); 280 | int pcap_set_buffer_size(pcap_t *, int); 281 | int pcap_activate(pcap_t *); 282 | 283 | pcap_t *pcap_open_live(const char *, int, int, int, char *); 284 | pcap_t *pcap_open_dead(int, int); 285 | pcap_t *pcap_open_offline(const char *, char *); 286 | #if defined(WIN32) 287 | pcap_t *pcap_hopen_offline(intptr_t, char *); 288 | #if !defined(LIBPCAP_EXPORTS) 289 | #define pcap_fopen_offline(f,b) \ 290 | pcap_hopen_offline(_get_osfhandle(_fileno(f)), b) 291 | #else /*LIBPCAP_EXPORTS*/ 292 | static pcap_t *pcap_fopen_offline(FILE *, char *); 293 | #endif 294 | #else /*WIN32*/ 295 | pcap_t *pcap_fopen_offline(FILE *, char *); 296 | #endif /*WIN32*/ 297 | 298 | void pcap_close(pcap_t *); 299 | int pcap_loop(pcap_t *, int, pcap_handler, u_char *); 300 | int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *); 301 | const u_char* 302 | pcap_next(pcap_t *, struct pcap_pkthdr *); 303 | int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **); 304 | void pcap_breakloop(pcap_t *); 305 | int pcap_stats(pcap_t *, struct pcap_stat *); 306 | int pcap_setfilter(pcap_t *, struct bpf_program *); 307 | int pcap_setdirection(pcap_t *, pcap_direction_t); 308 | int pcap_getnonblock(pcap_t *, char *); 309 | int pcap_setnonblock(pcap_t *, int, char *); 310 | int pcap_inject(pcap_t *, const void *, size_t); 311 | int pcap_sendpacket(pcap_t *, const u_char *, int); 312 | const char *pcap_statustostr(int); 313 | const char *pcap_strerror(int); 314 | char *pcap_geterr(pcap_t *); 315 | void pcap_perror(pcap_t *, char *); 316 | int pcap_compile(pcap_t *, struct bpf_program *, const char *, int, 317 | bpf_u_int32); 318 | int pcap_compile_nopcap(int, int, struct bpf_program *, 319 | const char *, int, bpf_u_int32); 320 | void pcap_freecode(struct bpf_program *); 321 | int pcap_offline_filter(struct bpf_program *, const struct pcap_pkthdr *, 322 | const u_char *); 323 | int pcap_datalink(pcap_t *); 324 | int pcap_datalink_ext(pcap_t *); 325 | int pcap_list_datalinks(pcap_t *, int **); 326 | int pcap_set_datalink(pcap_t *, int); 327 | void pcap_free_datalinks(int *); 328 | int pcap_datalink_name_to_val(const char *); 329 | const char *pcap_datalink_val_to_name(int); 330 | const char *pcap_datalink_val_to_description(int); 331 | int pcap_snapshot(pcap_t *); 332 | int pcap_is_swapped(pcap_t *); 333 | int pcap_major_version(pcap_t *); 334 | int pcap_minor_version(pcap_t *); 335 | 336 | /* XXX */ 337 | FILE *pcap_file(pcap_t *); 338 | int pcap_fileno(pcap_t *); 339 | 340 | pcap_dumper_t *pcap_dump_open(pcap_t *, const char *); 341 | pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp); 342 | FILE *pcap_dump_file(pcap_dumper_t *); 343 | long pcap_dump_ftell(pcap_dumper_t *); 344 | int pcap_dump_flush(pcap_dumper_t *); 345 | void pcap_dump_close(pcap_dumper_t *); 346 | void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *); 347 | 348 | int pcap_findalldevs(pcap_if_t **, char *); 349 | void pcap_freealldevs(pcap_if_t *); 350 | 351 | const char *pcap_lib_version(void); 352 | 353 | /* XXX this guy lives in the bpf tree */ 354 | u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 355 | int bpf_validate(const struct bpf_insn *f, int len); 356 | char *bpf_image(const struct bpf_insn *, int); 357 | void bpf_dump(const struct bpf_program *, int); 358 | 359 | #if defined(WIN32) 360 | 361 | /* 362 | * Win32 definitions 363 | */ 364 | 365 | int pcap_setbuff(pcap_t *p, int dim); 366 | int pcap_setmode(pcap_t *p, int mode); 367 | int pcap_setmintocopy(pcap_t *p, int size); 368 | 369 | #ifdef WPCAP 370 | /* Include file with the wpcap-specific extensions */ 371 | #include 372 | #endif /* WPCAP */ 373 | 374 | #define MODE_CAPT 0 375 | #define MODE_STAT 1 376 | #define MODE_MON 2 377 | 378 | #elif defined(MSDOS) 379 | 380 | /* 381 | * MS-DOS definitions 382 | */ 383 | 384 | int pcap_stats_ex (pcap_t *, struct pcap_stat_ex *); 385 | void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait); 386 | u_long pcap_mac_packets (void); 387 | 388 | #else /* UN*X */ 389 | 390 | /* 391 | * UN*X definitions 392 | */ 393 | 394 | int pcap_get_selectable_fd(pcap_t *); 395 | 396 | #endif /* WIN32/MSDOS/UN*X */ 397 | 398 | #ifdef HAVE_REMOTE 399 | /* Includes most of the public stuff that is needed for the remote capture */ 400 | #include 401 | #endif /* HAVE_REMOTE */ 402 | 403 | #ifdef __cplusplus 404 | } 405 | #endif 406 | 407 | #endif 408 | -------------------------------------------------------------------------------- /Include/pcap/sll.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * This code is derived from the Stanford/CMU enet packet filter, 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 8 | * Berkeley Laboratory. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 1. Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * 2. Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in the 17 | * documentation and/or other materials provided with the distribution. 18 | * 3. All advertising materials mentioning features or use of this software 19 | * must display the following acknowledgement: 20 | * This product includes software developed by the University of 21 | * California, Berkeley and its contributors. 22 | * 4. Neither the name of the University nor the names of its contributors 23 | * may be used to endorse or promote products derived from this software 24 | * without specific prior written permission. 25 | * 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 | * SUCH DAMAGE. 37 | * 38 | * @(#) $Header: /tcpdump/master/libpcap/pcap/sll.h,v 1.2.2.1 2008-05-30 01:36:06 guy Exp $ (LBL) 39 | */ 40 | 41 | /* 42 | * For captures on Linux cooked sockets, we construct a fake header 43 | * that includes: 44 | * 45 | * a 2-byte "packet type" which is one of: 46 | * 47 | * LINUX_SLL_HOST packet was sent to us 48 | * LINUX_SLL_BROADCAST packet was broadcast 49 | * LINUX_SLL_MULTICAST packet was multicast 50 | * LINUX_SLL_OTHERHOST packet was sent to somebody else 51 | * LINUX_SLL_OUTGOING packet was sent *by* us; 52 | * 53 | * a 2-byte Ethernet protocol field; 54 | * 55 | * a 2-byte link-layer type; 56 | * 57 | * a 2-byte link-layer address length; 58 | * 59 | * an 8-byte source link-layer address, whose actual length is 60 | * specified by the previous value. 61 | * 62 | * All fields except for the link-layer address are in network byte order. 63 | * 64 | * DO NOT change the layout of this structure, or change any of the 65 | * LINUX_SLL_ values below. If you must change the link-layer header 66 | * for a "cooked" Linux capture, introduce a new DLT_ type (ask 67 | * "tcpdump-workers@lists.tcpdump.org" for one, so that you don't give it 68 | * a value that collides with a value already being used), and use the 69 | * new header in captures of that type, so that programs that can 70 | * handle DLT_LINUX_SLL captures will continue to handle them correctly 71 | * without any change, and so that capture files with different headers 72 | * can be told apart and programs that read them can dissect the 73 | * packets in them. 74 | */ 75 | 76 | #ifndef lib_pcap_sll_h 77 | #define lib_pcap_sll_h 78 | 79 | /* 80 | * A DLT_LINUX_SLL fake link-layer header. 81 | */ 82 | #define SLL_HDR_LEN 16 /* total header length */ 83 | #define SLL_ADDRLEN 8 /* length of address field */ 84 | 85 | struct sll_header { 86 | u_int16_t sll_pkttype; /* packet type */ 87 | u_int16_t sll_hatype; /* link-layer address type */ 88 | u_int16_t sll_halen; /* link-layer address length */ 89 | u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */ 90 | u_int16_t sll_protocol; /* protocol */ 91 | }; 92 | 93 | /* 94 | * The LINUX_SLL_ values for "sll_pkttype"; these correspond to the 95 | * PACKET_ values on Linux, but are defined here so that they're 96 | * available even on systems other than Linux, and so that they 97 | * don't change even if the PACKET_ values change. 98 | */ 99 | #define LINUX_SLL_HOST 0 100 | #define LINUX_SLL_BROADCAST 1 101 | #define LINUX_SLL_MULTICAST 2 102 | #define LINUX_SLL_OTHERHOST 3 103 | #define LINUX_SLL_OUTGOING 4 104 | 105 | /* 106 | * The LINUX_SLL_ values for "sll_protocol"; these correspond to the 107 | * ETH_P_ values on Linux, but are defined here so that they're 108 | * available even on systems other than Linux. We assume, for now, 109 | * that the ETH_P_ values won't change in Linux; if they do, then: 110 | * 111 | * if we don't translate them in "pcap-linux.c", capture files 112 | * won't necessarily be readable if captured on a system that 113 | * defines ETH_P_ values that don't match these values; 114 | * 115 | * if we do translate them in "pcap-linux.c", that makes life 116 | * unpleasant for the BPF code generator, as the values you test 117 | * for in the kernel aren't the values that you test for when 118 | * reading a capture file, so the fixup code run on BPF programs 119 | * handed to the kernel ends up having to do more work. 120 | * 121 | * Add other values here as necessary, for handling packet types that 122 | * might show up on non-Ethernet, non-802.x networks. (Not all the ones 123 | * in the Linux "if_ether.h" will, I suspect, actually show up in 124 | * captures.) 125 | */ 126 | #define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */ 127 | #define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */ 128 | 129 | #endif 130 | -------------------------------------------------------------------------------- /Include/pcap/usb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2006 Paolo Abeni (Italy) 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright 10 | * notice, this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 3. The name of the author may not be used to endorse or promote 15 | * products derived from this software without specific prior written 16 | * permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | * Basic USB data struct 31 | * By Paolo Abeni 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/usb.h,v 1.6 2007/09/22 02:06:08 guy Exp $ 34 | */ 35 | 36 | #ifndef _PCAP_USB_STRUCTS_H__ 37 | #define _PCAP_USB_STRUCTS_H__ 38 | 39 | /* 40 | * possible transfer mode 41 | */ 42 | #define URB_TRANSFER_IN 0x80 43 | #define URB_ISOCHRONOUS 0x0 44 | #define URB_INTERRUPT 0x1 45 | #define URB_CONTROL 0x2 46 | #define URB_BULK 0x3 47 | 48 | /* 49 | * possible event type 50 | */ 51 | #define URB_SUBMIT 'S' 52 | #define URB_COMPLETE 'C' 53 | #define URB_ERROR 'E' 54 | 55 | /* 56 | * USB setup header as defined in USB specification. 57 | * Appears at the front of each packet in DLT_USB captures. 58 | */ 59 | typedef struct _usb_setup { 60 | u_int8_t bmRequestType; 61 | u_int8_t bRequest; 62 | u_int16_t wValue; 63 | u_int16_t wIndex; 64 | u_int16_t wLength; 65 | } pcap_usb_setup; 66 | 67 | 68 | /* 69 | * Header prepended by linux kernel to each event. 70 | * Appears at the front of each packet in DLT_USB_LINUX captures. 71 | */ 72 | typedef struct _usb_header { 73 | u_int64_t id; 74 | u_int8_t event_type; 75 | u_int8_t transfer_type; 76 | u_int8_t endpoint_number; 77 | u_int8_t device_address; 78 | u_int16_t bus_id; 79 | char setup_flag;/*if !=0 the urb setup header is not present*/ 80 | char data_flag; /*if !=0 no urb data is present*/ 81 | int64_t ts_sec; 82 | int32_t ts_usec; 83 | int32_t status; 84 | u_int32_t urb_len; 85 | u_int32_t data_len; /* amount of urb data really present in this event*/ 86 | pcap_usb_setup setup; 87 | } pcap_usb_header; 88 | 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /Include/pcap/vlan.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 | * The Regents of the University of California. All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 3. All advertising materials mentioning features or use of this software 14 | * must display the following acknowledgement: 15 | * This product includes software developed by the University of 16 | * California, Berkeley and its contributors. 17 | * 4. Neither the name of the University nor the names of its contributors 18 | * may be used to endorse or promote products derived from this software 19 | * without specific prior written permission. 20 | * 21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 | * SUCH DAMAGE. 32 | * 33 | * @(#) $Header: /tcpdump/master/libpcap/pcap/vlan.h,v 1.1.2.2 2008-08-06 07:45:59 guy Exp $ 34 | */ 35 | 36 | #ifndef lib_pcap_vlan_h 37 | #define lib_pcap_vlan_h 38 | 39 | struct vlan_tag { 40 | u_int16_t vlan_tpid; /* ETH_P_8021Q */ 41 | u_int16_t vlan_tci; /* VLAN TCI */ 42 | }; 43 | 44 | #define VLAN_TAG_LEN 4 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /Include/remote-ext.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2002 - 2003 3 | * NetGroup, Politecnico di Torino (Italy) 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 3. Neither the name of the Politecnico di Torino nor the names of its 16 | * contributors may be used to endorse or promote products derived from 17 | * this software without specific prior written permission. 18 | * 19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | * 31 | */ 32 | 33 | 34 | #ifndef __REMOTE_EXT_H__ 35 | #define __REMOTE_EXT_H__ 36 | 37 | 38 | #ifndef HAVE_REMOTE 39 | #error Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h 40 | #endif 41 | 42 | // Definition for Microsoft Visual Studio 43 | #if _MSC_VER > 1000 44 | #pragma once 45 | #endif 46 | 47 | #ifdef __cplusplus 48 | extern "C" { 49 | #endif 50 | 51 | /*! 52 | \file remote-ext.h 53 | 54 | The goal of this file it to include most of the new definitions that should be 55 | placed into the pcap.h file. 56 | 57 | It includes all new definitions (structures and functions like pcap_open(). 58 | Some of the functions are not really a remote feature, but, right now, 59 | they are placed here. 60 | */ 61 | 62 | 63 | 64 | // All this stuff is public 65 | /*! \addtogroup remote_struct 66 | \{ 67 | */ 68 | 69 | 70 | 71 | 72 | /*! 73 | \brief Defines the maximum buffer size in which address, port, interface names are kept. 74 | 75 | In case the adapter name or such is larger than this value, it is truncated. 76 | This is not used by the user; however it must be aware that an hostname / interface 77 | name longer than this value will be truncated. 78 | */ 79 | #define PCAP_BUF_SIZE 1024 80 | 81 | 82 | /*! \addtogroup remote_source_ID 83 | \{ 84 | */ 85 | 86 | 87 | /*! 88 | \brief Internal representation of the type of source in use (file, 89 | remote/local interface). 90 | 91 | This indicates a file, i.e. the user want to open a capture from a local file. 92 | */ 93 | #define PCAP_SRC_FILE 2 94 | /*! 95 | \brief Internal representation of the type of source in use (file, 96 | remote/local interface). 97 | 98 | This indicates a local interface, i.e. the user want to open a capture from 99 | a local interface. This does not involve the RPCAP protocol. 100 | */ 101 | #define PCAP_SRC_IFLOCAL 3 102 | /*! 103 | \brief Internal representation of the type of source in use (file, 104 | remote/local interface). 105 | 106 | This indicates a remote interface, i.e. the user want to open a capture from 107 | an interface on a remote host. This does involve the RPCAP protocol. 108 | */ 109 | #define PCAP_SRC_IFREMOTE 4 110 | 111 | /*! 112 | \} 113 | */ 114 | 115 | 116 | 117 | /*! \addtogroup remote_source_string 118 | 119 | The formats allowed by the pcap_open() are the following: 120 | - file://path_and_filename [opens a local file] 121 | - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol] 122 | - rpcap://host/devicename [opens the selected device available on a remote host] 123 | - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP] 124 | - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged] 125 | - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged] 126 | 127 | The formats allowed by the pcap_findalldevs_ex() are the following: 128 | - file://folder/ [lists all the files in the given folder] 129 | - rpcap:// [lists all local adapters] 130 | - rpcap://host:port/ [lists the devices available on a remote host] 131 | 132 | Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since 133 | IPv6 is fully supported, these are the allowed formats: 134 | 135 | - host (literal): e.g. host.foo.bar 136 | - host (numeric IPv4): e.g. 10.11.12.13 137 | - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13] 138 | - host (numeric IPv6): e.g. [1:2:3::4] 139 | - port: can be either numeric (e.g. '80') or literal (e.g. 'http') 140 | 141 | Here you find some allowed examples: 142 | - rpcap://host.foo.bar/devicename [everything literal, no port number] 143 | - rpcap://host.foo.bar:1234/devicename [everything literal, with port number] 144 | - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number] 145 | - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number] 146 | - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number] 147 | - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number] 148 | - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number] 149 | - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] 150 | 151 | \{ 152 | */ 153 | 154 | 155 | /*! 156 | \brief String that will be used to determine the type of source in use (file, 157 | remote/local interface). 158 | 159 | This string will be prepended to the interface name in order to create a string 160 | that contains all the information required to open the source. 161 | 162 | This string indicates that the user wants to open a capture from a local file. 163 | */ 164 | #define PCAP_SRC_FILE_STRING "file://" 165 | /*! 166 | \brief String that will be used to determine the type of source in use (file, 167 | remote/local interface). 168 | 169 | This string will be prepended to the interface name in order to create a string 170 | that contains all the information required to open the source. 171 | 172 | This string indicates that the user wants to open a capture from a network interface. 173 | This string does not necessarily involve the use of the RPCAP protocol. If the 174 | interface required resides on the local host, the RPCAP protocol is not involved 175 | and the local functions are used. 176 | */ 177 | #define PCAP_SRC_IF_STRING "rpcap://" 178 | 179 | /*! 180 | \} 181 | */ 182 | 183 | 184 | 185 | 186 | 187 | /*! 188 | \addtogroup remote_open_flags 189 | \{ 190 | */ 191 | 192 | /*! 193 | \brief Defines if the adapter has to go in promiscuous mode. 194 | 195 | It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise. 196 | Note that even if this parameter is false, the interface could well be in promiscuous 197 | mode for some other reason (for example because another capture process with 198 | promiscuous mode enabled is currently using that interface). 199 | On on Linux systems with 2.2 or later kernels (that have the "any" device), this 200 | flag does not work on the "any" device; if an argument of "any" is supplied, 201 | the 'promisc' flag is ignored. 202 | */ 203 | #define PCAP_OPENFLAG_PROMISCUOUS 1 204 | 205 | /*! 206 | \brief Defines if the data trasfer (in case of a remote 207 | capture) has to be done with UDP protocol. 208 | 209 | If it is '1' if you want a UDP data connection, '0' if you want 210 | a TCP data connection; control connection is always TCP-based. 211 | A UDP connection is much lighter, but it does not guarantee that all 212 | the captured packets arrive to the client workstation. Moreover, 213 | it could be harmful in case of network congestion. 214 | This flag is meaningless if the source is not a remote interface. 215 | In that case, it is simply ignored. 216 | */ 217 | #define PCAP_OPENFLAG_DATATX_UDP 2 218 | 219 | 220 | /*! 221 | \brief Defines if the remote probe will capture its own generated traffic. 222 | 223 | In case the remote probe uses the same interface to capture traffic and to send 224 | data back to the caller, the captured traffic includes the RPCAP traffic as well. 225 | If this flag is turned on, the RPCAP traffic is excluded from the capture, so that 226 | the trace returned back to the collector is does not include this traffic. 227 | */ 228 | #define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 229 | 230 | /*! 231 | \brief Defines if the local adapter will capture its own generated traffic. 232 | 233 | This flag tells the underlying capture driver to drop the packets that were sent by itself. 234 | This is usefult when building applications like bridges, that should ignore the traffic 235 | they just sent. 236 | */ 237 | #define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 238 | 239 | /*! 240 | \brief This flag configures the adapter for maximum responsiveness. 241 | 242 | In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before 243 | copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage, 244 | i.e. better performance, which is good for applications like sniffers. If the user sets the 245 | PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application 246 | is ready to receive them. This is suggested for real time applications (like, for example, a bridge) 247 | that need the best responsiveness.*/ 248 | #define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16 249 | 250 | /*! 251 | \} 252 | */ 253 | 254 | 255 | /*! 256 | \addtogroup remote_samp_methods 257 | \{ 258 | */ 259 | 260 | /*! 261 | \brief No sampling has to be done on the current capture. 262 | 263 | In this case, no sampling algorithms are applied to the current capture. 264 | */ 265 | #define PCAP_SAMP_NOSAMP 0 266 | 267 | /*! 268 | \brief It defines that only 1 out of N packets must be returned to the user. 269 | 270 | In this case, the 'value' field of the 'pcap_samp' structure indicates the 271 | number of packets (minus 1) that must be discarded before one packet got accepted. 272 | In other words, if 'value = 10', the first packet is returned to the caller, while 273 | the following 9 are discarded. 274 | */ 275 | #define PCAP_SAMP_1_EVERY_N 1 276 | 277 | /*! 278 | \brief It defines that we have to return 1 packet every N milliseconds. 279 | 280 | In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting 281 | time' in milliseconds before one packet got accepted. 282 | In other words, if 'value = 10', the first packet is returned to the caller; the next 283 | returned one will be the first packet that arrives when 10ms have elapsed. 284 | */ 285 | #define PCAP_SAMP_FIRST_AFTER_N_MS 2 286 | 287 | /*! 288 | \} 289 | */ 290 | 291 | 292 | /*! 293 | \addtogroup remote_auth_methods 294 | \{ 295 | */ 296 | 297 | /*! 298 | \brief It defines the NULL authentication. 299 | 300 | This value has to be used within the 'type' member of the pcap_rmtauth structure. 301 | The 'NULL' authentication has to be equal to 'zero', so that old applications 302 | can just put every field of struct pcap_rmtauth to zero, and it does work. 303 | */ 304 | #define RPCAP_RMTAUTH_NULL 0 305 | /*! 306 | \brief It defines the username/password authentication. 307 | 308 | With this type of authentication, the RPCAP protocol will use the username/ 309 | password provided to authenticate the user on the remote machine. If the 310 | authentication is successful (and the user has the right to open network devices) 311 | the RPCAP connection will continue; otherwise it will be dropped. 312 | 313 | This value has to be used within the 'type' member of the pcap_rmtauth structure. 314 | */ 315 | #define RPCAP_RMTAUTH_PWD 1 316 | 317 | /*! 318 | \} 319 | */ 320 | 321 | 322 | 323 | 324 | /*! 325 | 326 | \brief This structure keeps the information needed to autheticate 327 | the user on a remote machine. 328 | 329 | The remote machine can either grant or refuse the access according 330 | to the information provided. 331 | In case the NULL authentication is required, both 'username' and 332 | 'password' can be NULL pointers. 333 | 334 | This structure is meaningless if the source is not a remote interface; 335 | in that case, the functions which requires such a structure can accept 336 | a NULL pointer as well. 337 | */ 338 | struct pcap_rmtauth 339 | { 340 | /*! 341 | \brief Type of the authentication required. 342 | 343 | In order to provide maximum flexibility, we can support different types 344 | of authentication based on the value of this 'type' variable. The currently 345 | supported authentication methods are defined into the 346 | \link remote_auth_methods Remote Authentication Methods Section\endlink. 347 | 348 | */ 349 | int type; 350 | /*! 351 | \brief Zero-terminated string containing the username that has to be 352 | used on the remote machine for authentication. 353 | 354 | This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication 355 | and it can be NULL. 356 | */ 357 | char *username; 358 | /*! 359 | \brief Zero-terminated string containing the password that has to be 360 | used on the remote machine for authentication. 361 | 362 | This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication 363 | and it can be NULL. 364 | */ 365 | char *password; 366 | }; 367 | 368 | 369 | /*! 370 | \brief This structure defines the information related to sampling. 371 | 372 | In case the sampling is requested, the capturing device should read 373 | only a subset of the packets coming from the source. The returned packets depend 374 | on the sampling parameters. 375 | 376 | \warning The sampling process is applied after the filtering process. 377 | In other words, packets are filtered first, then the sampling process selects a 378 | subset of the 'filtered' packets and it returns them to the caller. 379 | */ 380 | struct pcap_samp 381 | { 382 | /*! 383 | Method used for sampling. Currently, the supported methods are listed in the 384 | \link remote_samp_methods Sampling Methods Section\endlink. 385 | */ 386 | int method; 387 | 388 | /*! 389 | This value depends on the sampling method defined. For its meaning, please check 390 | at the \link remote_samp_methods Sampling Methods Section\endlink. 391 | */ 392 | int value; 393 | }; 394 | 395 | 396 | 397 | 398 | //! Maximum lenght of an host name (needed for the RPCAP active mode) 399 | #define RPCAP_HOSTLIST_SIZE 1024 400 | 401 | 402 | /*! 403 | \} 404 | */ // end of public documentation 405 | 406 | 407 | // Exported functions 408 | 409 | 410 | 411 | /** \name New WinPcap functions 412 | 413 | This section lists the new functions that are able to help considerably in writing 414 | WinPcap programs because of their easiness of use. 415 | */ 416 | //\{ 417 | pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf); 418 | int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf); 419 | int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf); 420 | int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf); 421 | struct pcap_samp *pcap_setsampling(pcap_t *p); 422 | 423 | //\} 424 | // End of new winpcap functions 425 | 426 | 427 | 428 | /** \name Remote Capture functions 429 | */ 430 | //\{ 431 | SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf); 432 | int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf); 433 | int pcap_remoteact_close(const char *host, char *errbuf); 434 | void pcap_remoteact_cleanup(); 435 | //\} 436 | // End of remote capture functions 437 | 438 | #ifdef __cplusplus 439 | } 440 | #endif 441 | 442 | 443 | #endif 444 | 445 | -------------------------------------------------------------------------------- /Lib/Packet.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/Lib/Packet.lib -------------------------------------------------------------------------------- /Lib/libpacket.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/Lib/libpacket.a -------------------------------------------------------------------------------- /Lib/libwpcap.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/Lib/libwpcap.a -------------------------------------------------------------------------------- /Lib/wpcap.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/Lib/wpcap.lib -------------------------------------------------------------------------------- /Lib/x64/Packet.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/Lib/x64/Packet.lib -------------------------------------------------------------------------------- /Lib/x64/wpcap.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/Lib/x64/wpcap.lib -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 项目介绍 2 | 做流量分类,需要提取网络流量的原始特征。这里的原始特征包括:包长、包到达时间间隔、特殊头部字段、载荷。。。等等。 3 | pyshark,scapy等python包解析库太特么难用了。难用主要体现在,对于标注的传输层协议UDP/TCP,它的属性字段是变化的。举个例子UDP上面的NetBIOS,pyshark和scapy就不能通过访问udp.payload得到,真是自作聪明。所以,还是自己写代码提取所需要的特征吧。 4 | 再多吐槽几句:**pyshark,scapy就是垃圾!!!!** 5 | # 项目地址: 6 | https://github.com/jmhIcoding/Traffic_parse 7 | 8 | # 项目代码: 9 | 项目代码在:https://github.com/jmhIcoding/Traffic_parse/tree/master/src 10 | VS工程目录在:https://github.com/jmhIcoding/Traffic_parse/tree/master/vsrc,可以直接用vs2013导入、然后重新构建。 11 | 12 | 需要提取啥特征在 https://github.com/jmhIcoding/Traffic_parse/blob/master/src/util.cpp里面, 13 | 里面有个DbgPrint函数: 14 | 15 | ```cpp 16 | void DbgPrint(int level, void *header) 17 | { 18 | ethII_header* eth_headerp = (ethII_header*)header; 19 | ip_header* ip_headerp = (ip_header*)header; 20 | udp_header* udp_headerp = (udp_header*)header; 21 | tcp_header* tcp_headerp = (tcp_header*)header; 22 | in_addr srcip, dstip; 23 | char srcip_dot[32] = { 0 }, dstip_dot[32] = { 0 }; 24 | if(!(level & DEBUG_INFO)) 25 | { 26 | return; 27 | } 28 | switch (level & DEBUG_INFO) 29 | { 30 | case eth_info: 31 | 32 | printf("EthII"); 33 | for (int i = 0; i < sizeof(eth_headerp->destination); i++) 34 | { 35 | if (i == 0) printf("\tdst:"); 36 | printf("%0.2X", eth_headerp->destination[i]); 37 | if (i < (sizeof(eth_headerp->destination) - 1)) printf(":"); 38 | } 39 | for (int i = 0; i < sizeof(eth_headerp->source); i++) 40 | { 41 | if (i == 0) printf("\tsrc:"); 42 | printf("%0.2X", eth_headerp->source[i]); 43 | if (i < (sizeof(eth_headerp->source) - 1)) printf(":"); 44 | } 45 | printf("\ttype:%0.4X\n", eth_headerp->type); 46 | break; 47 | case tcp_info: 48 | printf("%d,%d,tcp,", tcp_headerp->sport, tcp_headerp->dport); 49 | break; 50 | case udp_info: 51 | printf("%d,%d,udp,", udp_headerp->sport, udp_headerp->dport); 52 | break; 53 | case ip_info: 54 | //printf("IP"); 55 | srcip.S_un.S_addr = ip_headerp->saddr; 56 | dstip.S_un.S_addr = ip_headerp->daddr; 57 | //sprintf(srcip_dot, "%s", inet_ntoa(srcip)); 58 | //sprintf(dstip_dot, "%s", inet_ntoa(dstip)); 59 | //dont parse ip addr to xx.yy.zz.aa 60 | printf("%x,%x,", srcip.S_un.S_addr, dstip.S_un.S_addr); 61 | break; 62 | default: 63 | break; 64 | } 65 | } 66 | ``` 67 | 直接在这里修改,需要再各自的层输出什么样的信息。 68 | 需要解析哪一层是通过控制util.h文件的`DEBUG_INFO`这个宏来做到。 69 | 70 | ```cpp 71 | #define eth_info 0x01 72 | #define ip_info 0x02 73 | #define tcp_info 0x04 74 | #define udp_info 0x08 75 | #define dns_info 0x10 76 | #define http_info 0x20 77 | #define https_info 0x40 78 | #define raw_packet_info 0x80 79 | //#define DEBUG_INFO (eth_info | ip_info | tcp_info | udp_info | dns_info | http_info | https_info) 80 | 81 | #define DEBUG_INFO (ip_info|tcp_info|udp_info) 82 | ``` 83 | 需要什么功能自己扩展吧。 84 | -------------------------------------------------------------------------------- /src/BaseTool.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #include 9 | 10 | using namespace std; 11 | 12 | vector get_files_from_dir(char * dir,char *filter=NULL) 13 | { 14 | vector rst; 15 | _finddata_t file; 16 | long lf = _findfirst(dir, &file); 17 | if (lf == -1) 18 | { 19 | printf("error (%s,%d):canot read directory:%s\n", __FUNCTION__, __LINE__, dir); 20 | } 21 | else 22 | { 23 | while (_findnext(lf, &file) == 0) 24 | { 25 | if (strcmp(file.name, ".") == 0 || strcmp(file.name, "..") == 0) 26 | // filter .. and . directory. 27 | { 28 | continue; 29 | } 30 | if (filter == NULL || strstr(file.name, filter) != NULL) 31 | { 32 | rst.push_back(file.name); 33 | } 34 | } 35 | } 36 | return rst; 37 | } -------------------------------------------------------------------------------- /src/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/src/main.cpp -------------------------------------------------------------------------------- /src/protocol.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/src/protocol.h -------------------------------------------------------------------------------- /src/util.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/src/util.cpp -------------------------------------------------------------------------------- /src/util.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/src/util.h -------------------------------------------------------------------------------- /vsrc/vsrc.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.21005.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vsrc", "vsrc\vsrc.vcxproj", "{47716E90-DD28-444D-B6EE-77DD79E8AFFD}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Debug|Win32.Build.0 = Debug|Win32 18 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Debug|x64.ActiveCfg = Debug|x64 19 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Debug|x64.Build.0 = Debug|x64 20 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Release|Win32.ActiveCfg = Release|Win32 21 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Release|Win32.Build.0 = Release|Win32 22 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Release|x64.ActiveCfg = Release|x64 23 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /vsrc/vsrc.v12.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jmhIcoding/Traffic_parse/9f1212ae97cff291a990c031bfaaa7b8ee060fd8/vsrc/vsrc.v12.suo -------------------------------------------------------------------------------- /vsrc/vsrc/Debug/vsrc.Build.CppClean.log: -------------------------------------------------------------------------------- 1 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vc120.pdb 2 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vc120.idb 3 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\main.obj 4 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\util.obj 5 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\debug\vsrc.ilk 6 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\debug\vsrc.exe 7 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\debug\vsrc.pdb 8 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vsrc.tlog\cl.command.1.tlog 9 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vsrc.tlog\cl.read.1.tlog 10 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vsrc.tlog\cl.write.1.tlog 11 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vsrc.tlog\link.command.1.tlog 12 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vsrc.tlog\link.read.1.tlog 13 | e:\graph_neural_network_over_smartphone_application\traffic_parser\vsrc\vsrc\debug\vsrc.tlog\link.write.1.tlog 14 | -------------------------------------------------------------------------------- /vsrc/vsrc/Debug/vsrc.log: -------------------------------------------------------------------------------- 1 | 生成启动时间为 2020/6/25 11:00:16。 2 | 3 | 生成成功。 4 | 5 | 已用时间 00:00:00.02 6 | -------------------------------------------------------------------------------- /vsrc/vsrc/vsrc.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {47716E90-DD28-444D-B6EE-77DD79E8AFFD} 23 | vsrc 24 | 25 | 26 | 27 | Application 28 | true 29 | v120_xp 30 | MultiByte 31 | 32 | 33 | Application 34 | true 35 | v120 36 | MultiByte 37 | 38 | 39 | Application 40 | false 41 | v120 42 | true 43 | MultiByte 44 | 45 | 46 | Application 47 | false 48 | v120 49 | true 50 | MultiByte 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | $(MSBuildProjectDirectory)\..\..\src;$(MSBuildProjectDirectory)\..\..\Include;$(IncludePath) 70 | $(MSBuildProjectDirectory)\..\..\Lib\;$(LibraryPath) 71 | 72 | 73 | C:\Program Files\OpenSSL-Win64\include;$(USERPROFILE)\Documents\apcap\Include;$(USERPROFILE)\Documents\apcap\src;$(IncludePath) 74 | C:\Program Files\OpenSSL-Win64\lib;$(USERPROFILE)\Documents\apcap\Lib\x64;$(LibraryPath) 75 | 76 | 77 | 78 | TurnOffAllWarnings 79 | Disabled 80 | false 81 | _XKEYCHECK_H;_MBCS;%(PreprocessorDefinitions) 82 | 83 | 84 | true 85 | wpcap.lib;ws2_32.lib;%(AdditionalDependencies) 86 | 87 | 88 | 89 | 90 | TurnOffAllWarnings 91 | Disabled 92 | false 93 | _XKEYCHECK_H;_MBCS;%(PreprocessorDefinitions) 94 | 95 | 96 | true 97 | wpcap.lib;ws2_32.lib;Packet.lib;libcrypto.lib;%(AdditionalDependencies) 98 | 99 | 100 | 101 | 102 | Level3 103 | MaxSpeed 104 | true 105 | true 106 | true 107 | 108 | 109 | true 110 | true 111 | true 112 | 113 | 114 | 115 | 116 | Level3 117 | MaxSpeed 118 | true 119 | true 120 | true 121 | 122 | 123 | true 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | -------------------------------------------------------------------------------- /vsrc/vsrc/vsrc.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 头文件 20 | 21 | 22 | 头文件 23 | 24 | 25 | 头文件 26 | 27 | 28 | 29 | 30 | 源文件 31 | 32 | 33 | 源文件 34 | 35 | 36 | -------------------------------------------------------------------------------- /vsrc/vsrc/vsrc.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | true 5 | 6 | --------------------------------------------------------------------------------