PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Upgrade to Npcap 0.08 (libpcap 1.8.0 headers for Windows)

Browse Source
This commit is contained in:
dmiller
2016-08-13 20:04:05 +00:00
parent 2e191df64d
commit af13cef717
20 changed files with 3602 additions and 2434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libdnet-stripped/libdnet-stripped.vcxproj
View File

@@ -51,7 +51,7 @@
<AdditionalOptions>/D "_CRT_SECURE_NO_DEPRECATE" %(AdditionalOptions)</AdditionalOptions>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>include;..\mswin32\pcap-include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_LIB;BPF_MAJOR_VERSION;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -68,7 +68,7 @@
<ClCompile>
<AdditionalOptions>/D "_CRT_SECURE_NO_DEPRECATE" %(AdditionalOptions)</AdditionalOptions>
<AdditionalIncludeDirectories>include;..\mswin32\pcap-include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_LIB;BPF_MAJOR_VERSION;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>

4
libnetutil/libnetutil.vcxproj
View File

@@ -48,7 +48,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>..;../mswin32;../nbase;../mswin32/pcap-include;../libdnet-stripped/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;BPF_MAJOR_VERSION;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@@ -66,7 +66,7 @@
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>..;../mswin32;../nbase;../mswin32/pcap-include;../libdnet-stripped/include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;BPF_MAJOR_VERSION;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeader>
</PrecompiledHeader>

4
mswin32/nmap.vcxproj
View File

@@ -55,7 +55,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>.;..;..\liblua;..\nbase;..\libpcre;..\nsock\include;pcap-include;..\libdnet-stripped\include;..\..\nmap-mswin32-aux\OpenSSL\include;..\liblinear;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_CONSOLE;BPF_MAJOR_VERSION;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessToFile>false</PreprocessToFile>
<PreprocessSuppressLineNumbers>false</PreprocessSuppressLineNumbers>
<PreprocessKeepComments>false</PreprocessKeepComments>
@@ -102,7 +102,7 @@
<Optimization>MaxSpeed</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<AdditionalIncludeDirectories>.;..;..\liblua;..\nbase;..\libpcre;..\nsock\include;pcap-include;..\libdnet-stripped\include;..\..\nmap-mswin32-aux\OpenSSL\include;..\liblinear;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_CONSOLE;BPF_MAJOR_VERSION;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeader>

2
mswin32/pcap-include/pcap-bpf.h
View File

@@ -34,8 +34,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.50 2007/04/01 21:43:55 guy Exp $ (LBL)
*/
/*

477
mswin32/pcap-include/pcap-int.h
View File

@@ -29,8 +29,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.85.2.9 2008-09-16 00:21:08 guy Exp $ (LBL)
*/
#ifndef pcap_int_h
@@ -42,20 +40,14 @@
extern "C" {
#endif
#ifdef HAVE_LIBDLPI
#include <libdlpi.h>
#endif
#ifdef WIN32
#if defined(_WIN32)
/*
* Make sure Packet32.h doesn't define BPF structures that we've
* probably already defined as a result of including <pcap/pcap.h>.
*/
#define BPF_MAJOR_VERSION
#include <Packet32.h>
extern CRITICAL_SECTION g_PcapCompileCriticalSection;
#endif /* WIN32 */
#ifdef HAVE_TC_API
#include "pcap-tc.h"
#endif
#ifdef MSDOS
#elif defined(MSDOS)
#include <fcntl.h>
#include <io.h>
#endif
@@ -93,154 +85,39 @@ extern CRITICAL_SECTION g_PcapCompileCriticalSection;
#endif /* _MSC_VER */
/*
* Savefile
* Maximum snapshot length.
*
* Somewhat arbitrary, but chosen to be:
*
* 1) big enough for maximum-size Linux loopback packets (65549)
* and some USB packets captured with USBPcap:
*
* http://desowin.org/usbpcap/
*
* (> 131072, < 262144)
*
* and
*
* 2) small enough not to cause attempts to allocate huge amounts of
* memory; some applications might use the snapshot length in a
* savefile header to control the size of the buffer they allocate,
* so a size of, say, 2^31-1 might not work well.
*
* We don't enforce this in pcap_set_snaplen(), but we use it internally.
*/
typedef enum {
NOT_SWAPPED,
SWAPPED,
MAYBE_SWAPPED
} swapped_type_t;
/*
* Used when reading a savefile.
*/
struct pcap_sf {
FILE *rfile;
int swapped;
size_t hdrsize;
swapped_type_t lengths_swapped;
int version_major;
int version_minor;
u_char *base;
};
/*
* Used when doing a live capture.
*/
struct pcap_md {
struct pcap_stat stat;
/*XXX*/
int use_bpf; /* using kernel filter */
u_long TotPkts; /* can't oflow for 79 hrs on ether */
u_long TotAccepted; /* count accepted by filter */
u_long TotDrops; /* count of dropped packets */
long TotMissed; /* missed by i/f during this run */
long OrigMissed; /* missed by i/f before this run */
char *device; /* device name */
int timeout; /* timeout for buffering */
int must_clear; /* stuff we must clear when we close */
struct pcap *next; /* list of open pcaps that need stuff cleared on close */
#ifdef linux
int sock_packet; /* using Linux 2.0 compatible interface */
int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */
int ifindex; /* interface index of device we're bound to */
int lo_ifindex; /* interface index of the loopback device */
u_int packets_read; /* count of packets read with recvfrom() */
bpf_u_int32 oldmode; /* mode to restore when turning monitor mode off */
u_int tp_version; /* version of tpacket_hdr for mmaped ring */
u_int tp_hdrlen; /* hdrlen of tpacket_hdr for mmaped ring */
#endif /* linux */
#ifdef HAVE_DAG_API
#ifdef HAVE_DAG_STREAMS_API
u_char *dag_mem_bottom; /* DAG card current memory bottom pointer */
u_char *dag_mem_top; /* DAG card current memory top pointer */
#else /* HAVE_DAG_STREAMS_API */
void *dag_mem_base; /* DAG card memory base address */
u_int dag_mem_bottom; /* DAG card current memory bottom offset */
u_int dag_mem_top; /* DAG card current memory top offset */
#endif /* HAVE_DAG_STREAMS_API */
int dag_fcs_bits; /* Number of checksum bits from link layer */
int dag_offset_flags; /* Flags to pass to dag_offset(). */
int dag_stream; /* DAG stream number */
int dag_timeout; /* timeout specified to pcap_open_live.
* Same as in linux above, introduce
* generally? */
#endif /* HAVE_DAG_API */
#ifdef HAVE_ZEROCOPY_BPF
/*
* Zero-copy read buffer -- for zero-copy BPF. 'buffer' above will
* alternative between these two actual mmap'd buffers as required.
* As there is a header on the front size of the mmap'd buffer, only
* some of the buffer is exposed to libpcap as a whole via bufsize;
* zbufsize is the true size. zbuffer tracks the current zbuf
* assocated with buffer so that it can be used to decide which the
* next buffer to read will be.
*/
u_char *zbuf1, *zbuf2, *zbuffer;
u_int zbufsize;
u_int zerocopy;
u_int interrupted;
struct timespec firstsel;
/*
* If there's currently a buffer being actively processed, then it is
* referenced here; 'buffer' is also pointed at it, but offset by the
* size of the header.
*/
struct bpf_zbuf_header *bzh;
#endif /* HAVE_ZEROCOPY_BPF */
#ifdef HAVE_REMOTE
/*!
There is really a mess with previous variables, and it seems to me that they are not used
(they are used in pcap_pf.c only). I think we have to start using them.
The meaning is the following:
- TotPkts: the amount of packets received by the bpf filter, *before* applying the filter
- TotAccepted: the amount of packets that satisfies the filter
- TotDrops: the amount of packet that were dropped into the kernel buffer because of lack of space
- TotMissed: the amount of packets that were dropped by the physical interface; it is basically
the value of the hardware counter into the card. This number is never put to zero, so this number
takes into account the *total* number of interface drops starting from the interface power-on.
- OrigMissed: the amount of packets that were dropped by the interface *when the capture begins*.
This value is used to detect the number of packets dropped by the interface *during the present
capture*, so that (ps_ifdrops= TotMissed - OrigMissed).
*/
unsigned int TotNetDrops; //!< keeps the number of packets that have been dropped by the network
/*!
\brief It keeps the number of packets that have been received by the application.
Packets dropped by the kernel buffer are not counted in this variable. The variable is always
equal to (TotAccepted - TotDrops), exept for the case of remote capture, in which we have also
packets in fligh, i.e. that have been transmitted by the remote host, but that have not been
received (yet) from the client. In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
wrong result, since this number does not corresponds always to the number of packet received by
the application. For this reason, in the remote capture we need another variable that takes
into account of the number of packets actually received by the application.
*/
unsigned int TotCapt;
#endif /* HAVE_REMOTE */
};
/*
* Stuff to clear when we close.
*/
#define MUST_CLEAR_PROMISC 0x00000001 /* promiscuous mode */
#define MUST_CLEAR_RFMON 0x00000002 /* rfmon (monitor) mode */
#define MAXIMUM_SNAPLEN 262144
struct pcap_opt {
int buffer_size;
char *source;
char *device;
int timeout; /* timeout for buffering */
u_int buffer_size;
int promisc;
int rfmon;
int rfmon; /* monitor mode */
int immediate; /* immediate mode - deliver packets as soon as they arrive */
int tstamp_type;
int tstamp_precision;
};
/*
* Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
* Tru64 UNIX, and some versions of NetBSD pad FDDI packets to make everything
* line up on a nice boundary.
*/
#ifdef __NetBSD__
#include <sys/param.h> /* needed to declare __NetBSD_Version__ */
#endif
#if defined(ultrix) || defined(__osf__) || (defined(__NetBSD__) && __NetBSD_Version__ > 106000000)
#define PCAP_FDDIPAD 3
#endif
typedef int (*activate_op_t)(pcap_t *);
typedef int (*can_set_rfmon_op_t)(pcap_t *);
typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *);
@@ -251,34 +128,70 @@ typedef int (*set_datalink_op_t)(pcap_t *, int);
typedef int (*getnonblock_op_t)(pcap_t *, char *);
typedef int (*setnonblock_op_t)(pcap_t *, int, char *);
typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *);
#ifdef WIN32
#ifdef _WIN32
typedef struct pcap_stat *(*stats_ex_op_t)(pcap_t *, int *);
typedef int (*setbuff_op_t)(pcap_t *, int);
typedef int (*setmode_op_t)(pcap_t *, int);
typedef int (*setmintocopy_op_t)(pcap_t *, int);
typedef HANDLE (*getevent_op_t)(pcap_t *);
typedef int (*oid_get_request_op_t)(pcap_t *, bpf_u_int32, void *, size_t *);
typedef int (*oid_set_request_op_t)(pcap_t *, bpf_u_int32, const void *, size_t *);
typedef u_int (*sendqueue_transmit_op_t)(pcap_t *, pcap_send_queue *, int);
typedef int (*setuserbuffer_op_t)(pcap_t *, int);
typedef int (*live_dump_op_t)(pcap_t *, char *, int, int);
typedef int (*live_dump_ended_op_t)(pcap_t *, int);
typedef PAirpcapHandle (*get_airpcap_handle_op_t)(pcap_t *);
#endif
typedef void (*cleanup_op_t)(pcap_t *);
/*
* We put all the stuff used in the read code path at the beginning,
* to try to keep it together in the same cache line or lines.
*/
struct pcap {
#ifdef WIN32
/*
* Method to call to read packets on a live capture.
*/
read_op_t read_op;
/*
* Method to call to read packets from a savefile.
*/
int (*next_packet_op)(pcap_t *, struct pcap_pkthdr *, u_char **);
#ifdef _WIN32
ADAPTER *adapter;
LPPACKET Packet;
int nonblock;
#else
int fd;
int selectable_fd;
int send_fd;
#endif /* WIN32 */
#endif /* _WIN32 */
#ifdef HAVE_TC_API
TC_INSTANCE TcInstance;
TC_PACKETS_BUFFER TcPacketsBuffer;
ULONG TcAcceptedCount;
PCHAR PpiPacket;
#endif
/*
* Read buffer.
*/
u_int bufsize;
void *buffer;
u_char *bp;
int cc;
int break_loop; /* flag set to force break from packet-reading loop */
void *priv; /* private data for methods */
int swapped;
FILE *rfile; /* null if live capture, non-null if savefile */
u_int fddipad;
struct pcap *next; /* list of open pcaps that need stuff cleared on close */
/*
* File version number; meaningful only for a savefile, but we
* keep it here so that apps that (mistakenly) ask for the
* version numbers will get the same zero values that they
* always did.
*/
int version_major;
int version_minor;
#ifdef HAVE_LIBDLPI
dlpi_handle_t dlpi_hd;
#endif
int snapshot;
int linktype; /* Network linktype */
int linktype_ext; /* Extended information stored in the linktype field of a file */
@@ -287,60 +200,24 @@ struct pcap {
int activated; /* true if the capture is really started */
int oldstyle; /* if we're opening with pcap_open_live() */
int break_loop; /* flag set to force break from packet-reading loop */
#ifdef PCAP_FDDIPAD
int fddipad;
#endif
#ifdef MSDOS
void (*wait_proc)(void); /* call proc while waiting */
#endif
struct pcap_sf sf;
struct pcap_md md;
struct pcap_opt opt;
/*
* Read buffer.
*/
int bufsize;
u_char *buffer;
u_char *bp;
int cc;
/*
* Place holder for pcap_next().
*/
u_char *pkt;
#ifdef _WIN32
struct pcap_stat stat; /* used for pcap_stats_ex() */
#endif
/* We're accepting only packets in this direction/these directions. */
pcap_direction_t direction;
/*
* Methods.
* Flags to affect BPF code generation.
*/
activate_op_t activate_op;
can_set_rfmon_op_t can_set_rfmon_op;
read_op_t read_op;
inject_op_t inject_op;
setfilter_op_t setfilter_op;
setdirection_op_t setdirection_op;
set_datalink_op_t set_datalink_op;
getnonblock_op_t getnonblock_op;
setnonblock_op_t setnonblock_op;
stats_op_t stats_op;
#ifdef WIN32
/*
* These are, at least currently, specific to the Win32 NPF
* driver.
*/
setbuff_op_t setbuff_op;
setmode_op_t setmode_op;
setmintocopy_op_t setmintocopy_op;
#endif
cleanup_op_t cleanup_op;
int bpf_codegen_flags;
/*
* Placeholder for filter code if bpf not in kernel.
@@ -350,23 +227,57 @@ struct pcap {
char errbuf[PCAP_ERRBUF_SIZE + 1];
int dlt_count;
u_int *dlt_list;
int tstamp_type_count;
u_int *tstamp_type_list;
int tstamp_precision_count;
u_int *tstamp_precision_list;
struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */
#ifdef HAVE_REMOTE
/*! \brief '1' if we're the network client; needed by several functions (like pcap_setfilter() ) to know if
they have to use the socket or they have to open the local adapter. */
int rmt_clientside;
/*
* More methods.
*/
activate_op_t activate_op;
can_set_rfmon_op_t can_set_rfmon_op;
inject_op_t inject_op;
setfilter_op_t setfilter_op;
setdirection_op_t setdirection_op;
set_datalink_op_t set_datalink_op;
getnonblock_op_t getnonblock_op;
setnonblock_op_t setnonblock_op;
stats_op_t stats_op;
SOCKET rmt_sockctrl; //!< socket ID of the socket used for the control connection
SOCKET rmt_sockdata; //!< socket ID of the socket used for the data connection
int rmt_flags; //!< we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture()
int rmt_capstarted; //!< 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture()
struct pcap_samp rmt_samp; //!< Keeps the parameters related to the sampling process.
char *currentfilter; //!< Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on.
#endif /* HAVE_REMOTE */
/*
* Routine to use as callback for pcap_next()/pcap_next_ex().
*/
pcap_handler oneshot_callback;
#ifdef _WIN32
/*
* These are, at least currently, specific to the Win32 NPF
* driver.
*/
stats_ex_op_t stats_ex_op;
setbuff_op_t setbuff_op;
setmode_op_t setmode_op;
setmintocopy_op_t setmintocopy_op;
getevent_op_t getevent_op;
oid_get_request_op_t oid_get_request_op;
oid_set_request_op_t oid_set_request_op;
sendqueue_transmit_op_t sendqueue_transmit_op;
setuserbuffer_op_t setuserbuffer_op;
live_dump_op_t live_dump_op;
live_dump_ended_op_t live_dump_ended_op;
get_airpcap_handle_op_t get_airpcap_handle_op;
#endif
cleanup_op_t cleanup_op;
};
/*
* BPF code generation flags.
*/
#define BPF_SPECIAL_VLAN_HANDLING 0x00000001 /* special VLAN handling for Linux */
/*
* This is a timeval as stored in a savefile.
* It has to use the same types everywhere, independent of the actual
@@ -403,12 +314,13 @@ struct pcap_timeval {
* the old record header as well as files with the new record header
* (using the magic number to determine the header format).
*
* Then supply the changes as a patch at
* Then supply the changes by forking the branch at
*
* http://sourceforge.net/projects/libpcap/
* https://github.com/the-tcpdump-group/libpcap/issues
*
* so that future versions of libpcap and programs that use it (such as
* tcpdump) will be able to read your new capture file format.
* and issuing a pull request, so that future versions of libpcap and
* programs that use it (such as tcpdump) will be able to read your new
* capture file format.
*/
struct pcap_sf_pkthdr {
@@ -436,71 +348,114 @@ struct pcap_sf_patched_pkthdr {
unsigned char pkt_type;
};
int yylex(void);
/*
* User data structure for the one-shot callback used for pcap_next()
* and pcap_next_ex().
*/
struct oneshot_userdata {
struct pcap_pkthdr *hdr;
const u_char **pkt;
pcap_t *pd;
};
#ifndef min
#define min(a, b) ((a) > (b) ? (b) : (a))
#endif
/* XXX should these be in pcap.h? */
int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *);
int pcap_read(pcap_t *, int cnt, pcap_handler, u_char *);
#ifndef HAVE_STRLCPY
#define strlcpy(x, y, z) \
(strncpy((x), (y), (z)), \
((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \
strlen((y)))
#endif
#include <stdarg.h>
#if !defined(HAVE_SNPRINTF)
#define snprintf pcap_snprintf
extern int snprintf (char *, size_t, const char *, ...);
#endif
#include "portability.h"
#if !defined(HAVE_VSNPRINTF)
#define vsnprintf pcap_vsnprintf
extern int vsnprintf (char *, size_t, const char *, va_list ap);
#endif
/*
* Does the packet count argument to a module's read routine say
* "supply packets until you run out of packets"?
*/
#define PACKET_COUNT_IS_UNLIMITED(count) ((count) <= 0)
/*
* Routines that most pcap implementations can use for non-blocking mode.
*/
#if !defined(WIN32) && !defined(MSDOS)
#if !defined(_WIN32) && !defined(MSDOS)
int pcap_getnonblock_fd(pcap_t *, char *);
int pcap_setnonblock_fd(pcap_t *p, int, char *);
#endif
pcap_t *pcap_create_common(const char *, char *);
/*
* Internal interfaces for "pcap_create()".
*
* "pcap_create_interface()" is the routine to do a pcap_create on
* a regular network interface. There are multiple implementations
* of this, one for each platform type (Linux, BPF, DLPI, etc.),
* with the one used chosen by the configure script.
*
* "pcap_create_common()" allocates and fills in a pcap_t, for use
* by pcap_create routines.
*/
pcap_t *pcap_create_interface(const char *, char *);
pcap_t *pcap_create_common(char *, size_t);
int pcap_do_addexit(pcap_t *);
void pcap_add_to_pcaps_to_close(pcap_t *);
void pcap_remove_from_pcaps_to_close(pcap_t *);
void pcap_cleanup_live_common(pcap_t *);
int pcap_not_initialized(pcap_t *);
int pcap_check_activated(pcap_t *);
/*
* Internal interfaces for "pcap_findalldevs()".
*
* "pcap_platform_finddevs()" is a platform-dependent routine to
* add devices not found by the "standard" mechanisms (SIOCGIFCONF,
* "getifaddrs()", etc..
* find local network interfaces.
*
* "pcap_add_if()" adds an interface to the list of interfaces.
* "pcap_findalldevs_interfaces()" is a helper to find those interfaces
* using the "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.).
*
* "pcap_add_if()" adds an interface to the list of interfaces, for
* use by various "find interfaces" routines.
*/
int pcap_platform_finddevs(pcap_if_t **, char *);
int add_addr_to_iflist(pcap_if_t **, const char *, u_int, struct sockaddr *,
size_t, struct sockaddr *, size_t, struct sockaddr *, size_t,
struct sockaddr *, size_t, char *);
int pcap_add_if(pcap_if_t **, const char *, u_int, const char *, char *);
struct sockaddr *dup_sockaddr(struct sockaddr *, size_t);
int add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, u_int,
#if !defined(_WIN32) && !defined(MSDOS)
int pcap_findalldevs_interfaces(pcap_if_t **, char *,
int (*)(const char *));
#endif
int add_addr_to_iflist(pcap_if_t **, const char *, bpf_u_int32,
struct sockaddr *, size_t, struct sockaddr *, size_t,
struct sockaddr *, size_t, struct sockaddr *, size_t, char *);
int add_addr_to_dev(pcap_if_t *, struct sockaddr *, size_t,
struct sockaddr *, size_t, struct sockaddr *, size_t,
struct sockaddr *dstaddr, size_t, char *errbuf);
int pcap_add_if(pcap_if_t **, const char *, bpf_u_int32, const char *,
char *);
int add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, bpf_u_int32,
const char *, char *);
#ifndef _WIN32
bpf_u_int32 if_flags_to_pcap_flags(const char *, u_int);
#endif
#ifdef WIN32
char *pcap_win32strerror(void);
/*
* Internal interfaces for "pcap_open_offline()".
*
* "pcap_open_offline_common()" allocates and fills in a pcap_t, for use
* by pcap_open_offline routines.
*
* "sf_cleanup()" closes the file handle associated with a pcap_t, if
* appropriate, and frees all data common to all modules for handling
* savefile types.
*/
pcap_t *pcap_open_offline_common(char *ebuf, size_t size);
void sf_cleanup(pcap_t *p);
/*
* Internal interfaces for both "pcap_create()" and routines that
* open savefiles.
*
* "pcap_oneshot()" is the standard one-shot callback for "pcap_next()"
* and "pcap_next_ex()".
*/
void pcap_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *);
#ifdef _WIN32
void pcap_win32_err_to_str(DWORD, char *);
#endif
int install_bpf_program(pcap_t *, struct bpf_program *);

2
mswin32/pcap-include/pcap-namedb.h
View File

@@ -29,8 +29,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.13 2006/10/04 18:13:32 guy Exp $ (LBL)
*/
/*

115
mswin32/pcap-include/pcap-stdinc.h
View File

@@ -27,16 +27,38 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.10.2.1 2008-10-06 15:38:39 gianluca Exp $ (LBL)
*/
#define SIZEOF_CHAR 1
#define SIZEOF_SHORT 2
#define SIZEOF_INT 4
#ifndef _MSC_EXTENSIONS
#define SIZEOF_LONG_LONG 8
#endif
/*
* Copyright (C) 1999 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef pcap_stdinc_h
#define pcap_stdinc_h
/*
* Avoids a compiler warning in case this was already defined
@@ -46,52 +68,59 @@
#ifdef _WINSOCKAPI_
#undef _WINSOCKAPI_
#endif
#include <winsock2.h>
#include <fcntl.h>
#include "bittypes.h"
#include <time.h>
#include <io.h>
#ifndef __MINGW32__
#include "IP6_misc.h"
#include <ws2tcpip.h>
#if defined(_MSC_VER)
/*
* MSVC.
*/
#if _MSC_VER >= 1800
/*
* VS 2013 or newer; we have <inttypes.h>.
*/
#include <inttypes.h>
#define u_int8_t uint8_t
#define u_int16_t uint16_t
#define u_int32_t uint32_t
#define u_int64_t uint64_t
#else
/*
* Earlier VS; we have to define this stuff ourselves.
*/
#ifndef HAVE_U_INT8_T
typedef unsigned char u_int8_t;
typedef signed char int8_t;
#endif
#define caddr_t char*
#if _MSC_VER < 1500
#define snprintf _snprintf
#define vsnprintf _vsnprintf
#define strdup _strdup
#ifndef HAVE_U_INT16_T
typedef unsigned short u_int16_t;
typedef signed short int16_t;
#endif
#ifndef __cplusplus
/* C++ has the inline keyword.
* Additionally, C++11 forbids redefining a keyword as a macro */
#define inline __inline
#ifndef HAVE_U_INT32_T
typedef unsigned int u_int32_t;
typedef signed int int32_t;
#endif
#ifdef __MINGW32__
#ifndef HAVE_U_INT64_T
#ifdef _MSC_EXTENSIONS
typedef unsigned _int64 u_int64_t;
typedef _int64 int64_t;
#else /* _MSC_EXTENSIONS */
typedef unsigned long long u_int64_t;
typedef long long int64_t;
#endif
#endif
#endif
#elif defined(__MINGW32__)
#include <stdint.h>
#else /*__MINGW32__*/
/* MSVC compiler */
#ifndef _UINTPTR_T_DEFINED
#ifdef _WIN64
typedef unsigned __int64 uintptr_t;
#else
typedef _W64 unsigned int uintptr_t;
#endif
#define _UINTPTR_T_DEFINED
#endif
#ifndef _INTPTR_T_DEFINED
#ifdef _WIN64
typedef __int64 intptr_t;
#else
typedef _W64 int intptr_t;
#endif
#define _INTPTR_T_DEFINED
#endif
#endif /*__MINGW32__*/
#endif /* pcap_stdinc_h */

2
mswin32/pcap-include/pcap.h
View File

@@ -29,8 +29,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.59 2006/10/04 18:09:22 guy Exp $ (LBL)
*/
/*

17
mswin32/pcap-include/pcap/bluetooth.h
View File

@@ -29,20 +29,27 @@
*
* bluetooth data struct
* By Paolo Abeni <paolo.abeni@email.it>
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/bluetooth.h,v 1.1 2007/09/22 02:10:17 guy Exp $
*/
#ifndef _PCAP_BLUETOOTH_STRUCTS_H__
#define _PCAP_BLUETOOTH_STRUCTS_H__
#ifndef lib_pcap_bluetooth_h
#define lib_pcap_bluetooth_h
/*
* Header prepended libpcap to each bluetooth h:4 frame.
* Header prepended libpcap to each bluetooth h4 frame,
* fields are in network byte order
*/
typedef struct _pcap_bluetooth_h4_header {
u_int32_t direction; /* if first bit is set direction is incoming */
} pcap_bluetooth_h4_header;
/*
* Header prepended libpcap to each bluetooth linux monitor frame,
* fields are in network byte order
*/
typedef struct _pcap_bluetooth_linux_monitor_header {
u_int16_t adapter_id;
u_int16_t opcode;
} pcap_bluetooth_linux_monitor_header;
#endif

872
mswin32/pcap-include/pcap/bpf.h
View File

@@ -36,8 +36,6 @@
* SUCH DAMAGE.
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/bpf.h,v 1.19.2.8 2008-09-22 20:16:01 guy Exp $ (LBL)
*/
/*
@@ -48,10 +46,33 @@
* "pcap-bpf.c" will include the native OS version, as it deals with
* the OS's BPF implementation.
*
* XXX - should this all just be moved to "pcap.h"?
* At least two programs found by Google Code Search explicitly includes
* <pcap/bpf.h> (even though <pcap.h>/<pcap/pcap.h> includes it for you),
* so moving that stuff to <pcap/pcap.h> would break the build for some
* programs.
*/
#ifndef BPF_MAJOR_VERSION
/*
* If we've already included <net/bpf.h>, don't re-define this stuff.
* We assume BSD-style multiple-include protection in <net/bpf.h>,
* which is true of all but the oldest versions of FreeBSD and NetBSD,
* or Tru64 UNIX-style multiple-include protection (or, at least,
* Tru64 UNIX 5.x-style; I don't have earlier versions available to check),
* or AIX-style multiple-include protection (or, at least, AIX 5.x-style;
* I don't have earlier versions available to check), or QNX-style
* multiple-include protection (as per GitHub pull request #394).
*
* We do not check for BPF_MAJOR_VERSION, as that's defined by
* <linux/filter.h>, which is directly or indirectly included in some
* programs that also include pcap.h, and <linux/filter.h> doesn't
* define stuff we need.
*
* This also provides our own multiple-include protection.
*/
#if !defined(_NET_BPF_H_) && !defined(_NET_BPF_H_INCLUDED) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h)
#define lib_pcap_bpf_h
#include <pcap/export-defs.h>
#ifdef __cplusplus
extern "C" {
@@ -71,6 +92,8 @@ typedef u_int bpf_u_int32;
/*
* Alignment macros. BPF_WORDALIGN rounds up to the next
* even multiple of BPF_ALIGNMENT.
*
* Tcpdump's print-pflog.c uses this, so we define it here.
*/
#ifndef __NetBSD__
#define BPF_ALIGNMENT sizeof(bpf_int32)
@@ -79,9 +102,6 @@ typedef u_int bpf_u_int32;
#endif
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
#define BPF_MAXBUFSIZE 0x8000
#define BPF_MINBUFSIZE 32
/*
* Structure for "pcap_compile()", "pcap_setfilter()", etc..
*/
@@ -90,761 +110,21 @@ struct bpf_program {
struct bpf_insn *bf_insns;
};
/*
* Struct return by BIOCVERSION. This represents the version number of
* the filter language described by the instruction encodings below.
* bpf understands a program iff kernel_major == filter_major &&
* kernel_minor >= filter_minor, that is, if the value returned by the
* running kernel has the same major number and a minor number equal
* equal to or less than the filter being downloaded. Otherwise, the
* results are undefined, meaning an error may be returned or packets
* may be accepted haphazardly.
* It has nothing to do with the source code version.
*/
struct bpf_version {
u_short bv_major;
u_short bv_minor;
};
/* Current version number of filter architecture. */
#define BPF_MAJOR_VERSION 1
#define BPF_MINOR_VERSION 1
/*
* Data-link level type codes.
*
* Do *NOT* add new values to this list without asking
* "tcpdump-workers@lists.tcpdump.org" for a value. Otherwise, you run
* the risk of using a value that's already being used for some other
* purpose, and of having tools that read libpcap-format captures not
* being able to handle captures with your new DLT_ value, with no hope
* that they will ever be changed to do so (as that would destroy their
* ability to read captures using that value for that other purpose).
*/
/*
* These are the types that are the same on all platforms, and that
* have been defined by <net/bpf.h> for ages.
*/
#define DLT_NULL 0 /* BSD loopback encapsulation */
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
#define DLT_AX25 3 /* Amateur Radio AX.25 */
#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
#define DLT_CHAOS 5 /* Chaos */
#define DLT_IEEE802 6 /* 802.5 Token Ring */
#define DLT_ARCNET 7 /* ARCNET, with BSD-style header */
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
/*
* These are types that are different on some platforms, and that
* have been defined by <net/bpf.h> for ages. We use #ifdefs to
* detect the BSDs that define them differently from the traditional
* libpcap <net/bpf.h>
*
* XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS,
* but I don't know what the right #define is for BSD/OS.
*/
#define DLT_ATM_RFC1483 11 /* LLC-encapsulated ATM */
#ifdef __OpenBSD__
#define DLT_RAW 14 /* raw IP */
#else
#define DLT_RAW 12 /* raw IP */
#endif
/*
* Given that the only OS that currently generates BSD/OS SLIP or PPP
* is, well, BSD/OS, arguably everybody should have chosen its values
* for DLT_SLIP_BSDOS and DLT_PPP_BSDOS, which are 15 and 16, but they
* didn't. So it goes.
*/
#if defined(__NetBSD__) || defined(__FreeBSD__)
#ifndef DLT_SLIP_BSDOS
#define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */
#endif
#else
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#endif
/*
* 17 is used for DLT_OLD_PFLOG in OpenBSD;
* OBSOLETE: DLT_PFLOG is 117 in OpenBSD now as well. See below.
* 18 is used for DLT_PFSYNC in OpenBSD; don't use it for anything else.
*/
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* Apparently Redback uses this for its SmartEdge 400/800. I hope
* nobody else decided to use it, too.
*/
#define DLT_REDBACK_SMARTEDGE 32
/*
* These values are defined by NetBSD; other platforms should refrain from
* using them for other purposes, so that NetBSD savefiles with link
* types of 50 or 51 can be read as this type on all platforms.
*/
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
/*
* The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses
* a link-layer type of 99 for the tcpdump it supplies. The link-layer
* header has 6 bytes of unknown data, something that appears to be an
* Ethernet type, and 36 bytes that appear to be 0 in at least one capture
* I've seen.
*/
#define DLT_SYMANTEC_FIREWALL 99
/*
* Values between 100 and 103 are used in capture file headers as
* link-layer types corresponding to DLT_ types that differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* This value was defined by libpcap 0.5; platforms that have defined
* it with a different value should define it here with that value -
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
* whatever value that happens to be, so programs will correctly
* handle files with that link type regardless of the value of
* DLT_C_HDLC.
*
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
* compatibility with programs written for BSD/OS.
*
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
* for source compatibility with programs written for libpcap 0.5.
*/
#define DLT_C_HDLC 104 /* Cisco HDLC */
#define DLT_CHDLC DLT_C_HDLC
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
/*
* 106 is reserved for Linux Classical IP over ATM; it's like DLT_RAW,
* except when it isn't. (I.e., sometimes it's just raw IP, and
* sometimes it isn't.) We currently handle it as DLT_LINUX_SLL,
* so that we don't have to worry about the link-layer header.)
*/
/*
* Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides
* with other values.
* DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header
* (DLCI, etc.).
*/
#define DLT_FRELAY 107
/*
* OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
* that the AF_ type in the link-layer header is in network byte order.
*
* DLT_LOOP is 12 in OpenBSD, but that's DLT_RAW in other OSes, so
* we don't use 12 for it in OSes other than OpenBSD.
*/
#ifdef __OpenBSD__
#define DLT_LOOP 12
#else
#define DLT_LOOP 108
#endif
/*
* Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's
* DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other
* than OpenBSD.
*/
#ifdef __OpenBSD__
#define DLT_ENC 13
#else
#define DLT_ENC 109
#endif
/*
* Values between 110 and 112 are reserved for use in capture file headers
* as link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ types
* other than the corresponding DLT_ types.
*/
/*
* This is for Linux cooked sockets.
*/
#define DLT_LINUX_SLL 113
/*
* Apple LocalTalk hardware.
*/
#define DLT_LTALK 114
/*
* Acorn Econet.
*/
#define DLT_ECONET 115
/*
* Reserved for use with OpenBSD ipfilter.
*/
#define DLT_IPFILTER 116
/*
* OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023
* in SuSE 6.3, so we can't use 17 for it in capture-file headers.
*
* XXX: is there a conflict with DLT_PFSYNC 18 as well?
*/
#ifdef __OpenBSD__
#define DLT_OLD_PFLOG 17
#define DLT_PFSYNC 18
#endif
#define DLT_PFLOG 117
/*
* Registered for Cisco-internal use.
*/
#define DLT_CISCO_IOS 118
/*
* For 802.11 cards using the Prism II chips, with a link-layer
* header including Prism monitor mode information plus an 802.11
* header.
*/
#define DLT_PRISM_HEADER 119
/*
* Reserved for Aironet 802.11 cards, with an Aironet link-layer header
* (see Doug Ambrisko's FreeBSD patches).
*/
#define DLT_AIRONET_HEADER 120
/*
* Reserved for Siemens HiPath HDLC.
*/
#define DLT_HHDLC 121
/*
* This is for RFC 2625 IP-over-Fibre Channel.
*
* This is not for use with raw Fibre Channel, where the link-layer
* header starts with a Fibre Channel frame header; it's for IP-over-FC,
* where the link-layer header starts with an RFC 2625 Network_Header
* field.
*/
#define DLT_IP_OVER_FC 122
/*
* This is for Full Frontal ATM on Solaris with SunATM, with a
* pseudo-header followed by an AALn PDU.
*
* There may be other forms of Full Frontal ATM on other OSes,
* with different pseudo-headers.
*
* If ATM software returns a pseudo-header with VPI/VCI information
* (and, ideally, packet type information, e.g. signalling, ILMI,
* LANE, LLC-multiplexed traffic, etc.), it should not use
* DLT_ATM_RFC1483, but should get a new DLT_ value, so tcpdump
* and the like don't have to infer the presence or absence of a
* pseudo-header and the form of the pseudo-header.
*/
#define DLT_SUNATM 123 /* Solaris+SunATM */
/*
* Reserved as per request from Kent Dahlgren <kent@praesum.com>
* for private use.
*/
#define DLT_RIO 124 /* RapidIO */
#define DLT_PCI_EXP 125 /* PCI Express */
#define DLT_AURORA 126 /* Xilinx Aurora link layer */
/*
* Header for 802.11 plus a number of bits of link-layer information
* including radio information, used by some recent BSD drivers as
* well as the madwifi Atheros driver for Linux.
*/
#define DLT_IEEE802_11_RADIO 127 /* 802.11 plus radiotap radio header */
/*
* Reserved for the TZSP encapsulation, as per request from
* Chris Waters <chris.waters@networkchemistry.com>
* TZSP is a generic encapsulation for any other link type,
* which includes a means to include meta-information
* with the packet, e.g. signal strength and channel
* for 802.11 packets.
*/
#define DLT_TZSP 128 /* Tazmen Sniffer Protocol */
/*
* BSD's ARCNET headers have the source host, destination host,
* and type at the beginning of the packet; that's what's handed
* up to userland via BPF.
*
* Linux's ARCNET headers, however, have a 2-byte offset field
* between the host IDs and the type; that's what's handed up
* to userland via PF_PACKET sockets.
*
* We therefore have to have separate DLT_ values for them.
*/
#define DLT_ARCNET_LINUX 129 /* ARCNET */
/*
* Juniper-private data link types, as per request from
* Hannes Gredler <hannes@juniper.net>. The DLT_s are used
* for passing on chassis-internal metainformation such as
* QOS profiles, etc..
*/
#define DLT_JUNIPER_MLPPP 130
#define DLT_JUNIPER_MLFR 131
#define DLT_JUNIPER_ES 132
#define DLT_JUNIPER_GGSN 133
#define DLT_JUNIPER_MFR 134
#define DLT_JUNIPER_ATM2 135
#define DLT_JUNIPER_SERVICES 136
#define DLT_JUNIPER_ATM1 137
/*
* Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund
* <dieter@apple.com>. The header that's presented is an Ethernet-like
* header:
*
* #define FIREWIRE_EUI64_LEN 8
* struct firewire_header {
* u_char firewire_dhost[FIREWIRE_EUI64_LEN];
* u_char firewire_shost[FIREWIRE_EUI64_LEN];
* u_short firewire_type;
* };
*
* with "firewire_type" being an Ethernet type value, rather than,
* for example, raw GASP frames being handed up.
*/
#define DLT_APPLE_IP_OVER_IEEE1394 138
/*
* Various SS7 encapsulations, as per a request from Jeff Morriss
* <jeff.morriss[AT]ulticom.com> and subsequent discussions.
*/
#define DLT_MTP2_WITH_PHDR 139 /* pseudo-header with various info, followed by MTP2 */
#define DLT_MTP2 140 /* MTP2, without pseudo-header */
#define DLT_MTP3 141 /* MTP3, without pseudo-header or MTP2 */
#define DLT_SCCP 142 /* SCCP, without pseudo-header or MTP2 or MTP3 */
/*
* DOCSIS MAC frames.
*/
#define DLT_DOCSIS 143
/*
* Linux-IrDA packets. Protocol defined at http://www.irda.org.
* Those packets include IrLAP headers and above (IrLMP...), but
* don't include Phy framing (SOF/EOF/CRC & byte stuffing), because Phy
* framing can be handled by the hardware and depend on the bitrate.
* This is exactly the format you would get capturing on a Linux-IrDA
* interface (irdaX), but not on a raw serial port.
* Note the capture is done in "Linux-cooked" mode, so each packet include
* a fake packet header (struct sll_header). This is because IrDA packet
* decoding is dependent on the direction of the packet (incoming or
* outgoing).
* When/if other platform implement IrDA capture, we may revisit the
* issue and define a real DLT_IRDA...
* Jean II
*/
#define DLT_LINUX_IRDA 144
/*
* Reserved for IBM SP switch and IBM Next Federation switch.
*/
#define DLT_IBM_SP 145
#define DLT_IBM_SN 146
/*
* Reserved for private use. If you have some link-layer header type
* that you want to use within your organization, with the capture files
* using that link-layer header type not ever be sent outside your
* organization, you can use these values.
*
* No libpcap release will use these for any purpose, nor will any
* tcpdump release use them, either.
*
* Do *NOT* use these in capture files that you expect anybody not using
* your private versions of capture-file-reading tools to read; in
* particular, do *NOT* use them in products, otherwise you may find that
* people won't be able to use tcpdump, or snort, or Ethereal, or... to
* read capture files from your firewall/intrusion detection/traffic
* monitoring/etc. appliance, or whatever product uses that DLT_ value,
* and you may also find that the developers of those applications will
* not accept patches to let them read those files.
*
* Also, do not use them if somebody might send you a capture using them
* for *their* private type and tools using them for *your* private type
* would have to read them.
*
* Instead, ask "tcpdump-workers@lists.tcpdump.org" for a new DLT_ value,
* as per the comment above, and use the type you're given.
*/
#define DLT_USER0 147
#define DLT_USER1 148
#define DLT_USER2 149
#define DLT_USER3 150
#define DLT_USER4 151
#define DLT_USER5 152
#define DLT_USER6 153
#define DLT_USER7 154
#define DLT_USER8 155
#define DLT_USER9 156
#define DLT_USER10 157
#define DLT_USER11 158
#define DLT_USER12 159
#define DLT_USER13 160
#define DLT_USER14 161
#define DLT_USER15 162
/*
* For future use with 802.11 captures - defined by AbsoluteValue
* Systems to store a number of bits of link-layer information
* including radio information:
*
* http://www.shaftnet.org/~pizza/software/capturefrm.txt
*
* but it might be used by some non-AVS drivers now or in the
* future.
*/
#define DLT_IEEE802_11_RADIO_AVS 163 /* 802.11 plus AVS radio header */
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>. The DLT_s are used
* for passing on chassis-internal metainformation such as
* QOS profiles, etc..
*/
#define DLT_JUNIPER_MONITOR 164
/*
* Reserved for BACnet MS/TP.
*/
#define DLT_BACNET_MS_TP 165
/*
* Another PPP variant as per request from Karsten Keil <kkeil@suse.de>.
*
* This is used in some OSes to allow a kernel socket filter to distinguish
* between incoming and outgoing packets, on a socket intended to
* supply pppd with outgoing packets so it can do dial-on-demand and
* hangup-on-lack-of-demand; incoming packets are filtered out so they
* don't cause pppd to hold the connection up (you don't want random
* input packets such as port scans, packets from old lost connections,
* etc. to force the connection to stay up).
*
* The first byte of the PPP header (0xff03) is modified to accomodate
* the direction - 0x00 = IN, 0x01 = OUT.
*/
#define DLT_PPP_PPPD 166
/*
* Names for backwards compatibility with older versions of some PPP
* software; new software should use DLT_PPP_PPPD.
*/
#define DLT_PPP_WITH_DIRECTION DLT_PPP_PPPD
#define DLT_LINUX_PPP_WITHDIRECTION DLT_PPP_PPPD
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>. The DLT_s are used
* for passing on chassis-internal metainformation such as
* QOS profiles, cookies, etc..
*/
#define DLT_JUNIPER_PPPOE 167
#define DLT_JUNIPER_PPPOE_ATM 168
#define DLT_GPRS_LLC 169 /* GPRS LLC */
#define DLT_GPF_T 170 /* GPF-T (ITU-T G.7041/Y.1303) */
#define DLT_GPF_F 171 /* GPF-F (ITU-T G.7041/Y.1303) */
/*
* Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line
* monitoring equipment.
*/
#define DLT_GCOM_T1E1 172
#define DLT_GCOM_SERIAL 173
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>. The DLT_ is used
* for internal communication to Physical Interface Cards (PIC)
*/
#define DLT_JUNIPER_PIC_PEER 174
/*
* Link types requested by Gregor Maier <gregor@endace.com> of Endace
* Measurement Systems. They add an ERF header (see
* http://www.endace.com/support/EndaceRecordFormat.pdf) in front of
* the link-layer header.
*/
#define DLT_ERF_ETH 175 /* Ethernet */
#define DLT_ERF_POS 176 /* Packet-over-SONET */
/*
* Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD
* for vISDN (http://www.orlandi.com/visdn/). Its link-layer header
* includes additional information before the LAPD header, so it's
* not necessarily a generic LAPD header.
*/
#define DLT_LINUX_LAPD 177
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>.
* The DLT_ are used for prepending meta-information
* like interface index, interface name
* before standard Ethernet, PPP, Frelay & C-HDLC Frames
*/
#define DLT_JUNIPER_ETHER 178
#define DLT_JUNIPER_PPP 179
#define DLT_JUNIPER_FRELAY 180
#define DLT_JUNIPER_CHDLC 181
/*
* Multi Link Frame Relay (FRF.16)
*/
#define DLT_MFR 182
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>.
* The DLT_ is used for internal communication with a
* voice Adapter Card (PIC)
*/
#define DLT_JUNIPER_VP 183
/*
* Arinc 429 frames.
* DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
* Every frame contains a 32bit A429 label.
* More documentation on Arinc 429 can be found at
* http://www.condoreng.com/support/downloads/tutorials/ARINCTutorial.pdf
*/
#define DLT_A429 184
/*
* Arinc 653 Interpartition Communication messages.
* DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
* Please refer to the A653-1 standard for more information.
*/
#define DLT_A653_ICM 185
/*
* USB packets, beginning with a USB setup header; requested by
* Paolo Abeni <paolo.abeni@email.it>.
*/
#define DLT_USB 186
/*
* Bluetooth HCI UART transport layer (part H:4); requested by
* Paolo Abeni.
*/
#define DLT_BLUETOOTH_HCI_H4 187
/*
* IEEE 802.16 MAC Common Part Sublayer; requested by Maria Cruz
* <cruz_petagay@bah.com>.
*/
#define DLT_IEEE802_16_MAC_CPS 188
/*
* USB packets, beginning with a Linux USB header; requested by
* Paolo Abeni <paolo.abeni@email.it>.
*/
#define DLT_USB_LINUX 189
/*
* Controller Area Network (CAN) v. 2.0B packets.
* DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
* Used to dump CAN packets coming from a CAN Vector board.
* More documentation on the CAN v2.0B frames can be found at
* http://www.can-cia.org/downloads/?269
*/
#define DLT_CAN20B 190
/*
* IEEE 802.15.4, with address fields padded, as is done by Linux
* drivers; requested by Juergen Schimmer.
*/
#define DLT_IEEE802_15_4_LINUX 191
/*
* Per Packet Information encapsulated packets.
* DLT_ requested by Gianluca Varenni <gianluca.varenni@cacetech.com>.
*/
#define DLT_PPI 192
/*
* Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header;
* requested by Charles Clancy.
*/
#define DLT_IEEE802_16_MAC_CPS_RADIO 193
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>.
* The DLT_ is used for internal communication with a
* integrated service module (ISM).
*/
#define DLT_JUNIPER_ISM 194
/*
* IEEE 802.15.4, exactly as it appears in the spec (no padding, no
* nothing); requested by Mikko Saarnivala <mikko.saarnivala@sensinode.com>.
*/
#define DLT_IEEE802_15_4 195
/*
* Various link-layer types, with a pseudo-header, for SITA
* (http://www.sita.aero/); requested by Fulko Hew (fulko.hew@gmail.com).
*/
#define DLT_SITA 196
/*
* Various link-layer types, with a pseudo-header, for Endace DAG cards;
* encapsulates Endace ERF records. Requested by Stephen Donnelly
* <stephen@endace.com>.
*/
#define DLT_ERF 197
/*
* Special header prepended to Ethernet packets when capturing from a
* u10 Networks board. Requested by Phil Mulholland
* <phil@u10networks.com>.
*/
#define DLT_RAIF1 198
/*
* IPMB packet for IPMI, beginning with the I2C slave address, followed
* by the netFn and LUN, etc.. Requested by Chanthy Toeung
* <chanthy.toeung@ca.kontron.com>.
*/
#define DLT_IPMB 199
/*
* Juniper-private data link type, as per request from
* Hannes Gredler <hannes@juniper.net>.
* The DLT_ is used for capturing data on a secure tunnel interface.
*/
#define DLT_JUNIPER_ST 200
/*
* Bluetooth HCI UART transport layer (part H:4), with pseudo-header
* that includes direction information; requested by Paolo Abeni.
*/
#define DLT_BLUETOOTH_HCI_H4_WITH_PHDR 201
/*
* AX.25 packet with a 1-byte KISS header; see
*
* http://www.ax25.net/kiss.htm
*
* as per Richard Stearn <richard@rns-stearn.demon.co.uk>.
*/
#define DLT_AX25_KISS 202
/*
* LAPD packets from an ISDN channel, starting with the address field,
* with no pseudo-header.
* Requested by Varuna De Silva <varunax@gmail.com>.
*/
#define DLT_LAPD 203
/*
* Variants of various link-layer headers, with a one-byte direction
* pseudo-header prepended - zero means "received by this host",
* non-zero (any non-zero value) means "sent by this host" - as per
* Will Barker <w.barker@zen.co.uk>.
*/
#define DLT_PPP_WITH_DIR 204 /* PPP - don't confuse with DLT_PPP_WITH_DIRECTION */
#define DLT_C_HDLC_WITH_DIR 205 /* Cisco HDLC */
#define DLT_FRELAY_WITH_DIR 206 /* Frame Relay */
#define DLT_LAPB_WITH_DIR 207 /* LAPB */
/*
* 208 is reserved for an as-yet-unspecified proprietary link-layer
* type, as requested by Will Barker.
*/
/*
* IPMB with a Linux-specific pseudo-header; as requested by Alexey Neyman
* <avn@pigeonpoint.com>.
*/
#define DLT_IPMB_LINUX 209
/*
* FlexRay automotive bus - http://www.flexray.com/ - as requested
* by Hannes Kaelber <hannes.kaelber@x2e.de>.
*/
#define DLT_FLEXRAY 210
/*
* Media Oriented Systems Transport (MOST) bus for multimedia
* transport - http://www.mostcooperation.com/ - as requested
* by Hannes Kaelber <hannes.kaelber@x2e.de>.
*/
#define DLT_MOST 211
/*
* Local Interconnect Network (LIN) bus for vehicle networks -
* http://www.lin-subbus.org/ - as requested by Hannes Kaelber
* <hannes.kaelber@x2e.de>.
*/
#define DLT_LIN 212
/*
* X2E-private data link type used for serial line capture,
* as requested by Hannes Kaelber <hannes.kaelber@x2e.de>.
*/
#define DLT_X2E_SERIAL 213
/*
* X2E-private data link type used for the Xoraya data logger
* family, as requested by Hannes Kaelber <hannes.kaelber@x2e.de>.
*/
#define DLT_X2E_XORAYA 214
/*
* IEEE 802.15.4, exactly as it appears in the spec (no padding, no
* nothing), but with the PHY-level data for non-ASK PHYs (4 octets
* of 0 as preamble, one octet of SFD, one octet of frame length+
* reserved bit, and then the MAC-layer data, starting with the
* frame control field).
*
* Requested by Max Filippov <jcmvbkbc@gmail.com>.
*/
#define DLT_IEEE802_15_4_NONASK_PHY 215
/*
* DLT and savefile link type values are split into a class and
* a member of that class. A class value of 0 indicates a regular
* DLT_/LINKTYPE_ value.
*/
#define DLT_CLASS(x) ((x) & 0x03ff0000)
/*
* NetBSD-specific generic "raw" link type. The class value indicates
* that this is the generic raw type, and the lower 16 bits are the
* address family we're dealing with. Those values are NetBSD-specific;
* do not assume that they correspond to AF_ values for your operating
* system.
*/
#define DLT_CLASS_NETBSD_RAWAF 0x02240000
#define DLT_NETBSD_RAWAF(af) (DLT_CLASS_NETBSD_RAWAF | (af))
#define DLT_NETBSD_RAWAF_AF(x) ((x) & 0x0000ffff)
#define DLT_IS_NETBSD_RAWAF(x) (DLT_CLASS(x) == DLT_CLASS_NETBSD_RAWAF)
#include <pcap/dlt.h>
/*
* The instruction encodings.
*
* Please inform tcpdump-workers@lists.tcpdump.org if you use any
* of the reserved values, so that we can note that they're used
* (and perhaps implement it in the reference BPF implementation
* and encourage its implementation elsewhere).
*/
/*
* The upper 8 bits of the opcode aren't used. BSD/OS used 0x8000.
*/
/* instruction classes */
#define BPF_CLASS(code) ((code) & 0x07)
#define BPF_LD 0x00
@@ -861,6 +141,7 @@ struct bpf_version {
#define BPF_W 0x00
#define BPF_H 0x08
#define BPF_B 0x10
/* 0x18 reserved; used by BSD/OS */
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
@@ -868,6 +149,8 @@ struct bpf_version {
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0
/* 0xc0 reserved; used by BSD/OS */
/* 0xe0 reserved; used by BSD/OS */
/* alu/jmp fields */
#define BPF_OP(code) ((code) & 0xf0)
@@ -880,11 +163,30 @@ struct bpf_version {
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_MOD 0x90
#define BPF_XOR 0xa0
/* 0xb0 reserved */
/* 0xc0 reserved */
/* 0xd0 reserved */
/* 0xe0 reserved */
/* 0xf0 reserved */
#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
/* 0x50 reserved; used on BSD/OS */
/* 0x60 reserved */
/* 0x70 reserved */
/* 0x80 reserved */
/* 0x90 reserved */
/* 0xa0 reserved */
/* 0xb0 reserved */
/* 0xc0 reserved */
/* 0xd0 reserved */
/* 0xe0 reserved */
/* 0xf0 reserved */
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08
@@ -892,11 +194,43 @@ struct bpf_version {
/* ret - BPF_K and BPF_X also apply */
#define BPF_RVAL(code) ((code) & 0x18)
#define BPF_A 0x10
/* 0x18 reserved */
/* misc */
#define BPF_MISCOP(code) ((code) & 0xf8)
#define BPF_TAX 0x00
/* 0x08 reserved */
/* 0x10 reserved */
/* 0x18 reserved */
/* #define BPF_COP 0x20 NetBSD "coprocessor" extensions */
/* 0x28 reserved */
/* 0x30 reserved */
/* 0x38 reserved */
/* #define BPF_COPX 0x40 NetBSD "coprocessor" extensions */
/* also used on BSD/OS */
/* 0x48 reserved */
/* 0x50 reserved */
/* 0x58 reserved */
/* 0x60 reserved */
/* 0x68 reserved */
/* 0x70 reserved */
/* 0x78 reserved */
#define BPF_TXA 0x80
/* 0x88 reserved */
/* 0x90 reserved */
/* 0x98 reserved */
/* 0xa0 reserved */
/* 0xa8 reserved */
/* 0xb0 reserved */
/* 0xb8 reserved */
/* 0xc0 reserved; used on BSD/OS */
/* 0xc8 reserved */
/* 0xd0 reserved */
/* 0xd8 reserved */
/* 0xe0 reserved */
/* 0xe8 reserved */
/* 0xf0 reserved */
/* 0xf8 reserved */
/*
* The instruction data structure.
@@ -908,6 +242,16 @@ struct bpf_insn {
bpf_u_int32 k;
};
/*
* Auxiliary data, for use when interpreting a filter intended for the
* Linux kernel when the kernel rejects the filter (requiring us to
* run it in userland). It contains VLAN tag information.
*/
struct bpf_aux_data {
u_short vlan_tag_present;
u_short vlan_tag;
};
/*
* Macros for insn array initializers.
*/
@@ -915,11 +259,13 @@ struct bpf_insn {
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
#if __STDC__ || defined(__cplusplus)
extern int bpf_validate(const struct bpf_insn *, int);
extern u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
PCAP_API int bpf_validate(const struct bpf_insn *, int);
PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
extern u_int bpf_filter_with_aux_data(const struct bpf_insn *, const u_char *, u_int, u_int, const struct bpf_aux_data *);
#else
extern int bpf_validate();
extern u_int bpf_filter();
PCAP_API int bpf_validate();
PCAP_API u_int bpf_filter();
extern u_int bpf_filter_with_aux_data();
#endif
/*
@@ -931,4 +277,4 @@ extern u_int bpf_filter();
}
#endif
#endif
#endif /* !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(_H_BPF) && !defined(lib_pcap_bpf_h) */

1332
mswin32/pcap-include/pcap/dlt.h Normal file
View File

File diff suppressed because it is too large Load Diff

108
mswin32/pcap-include/pcap/export-defs.h Normal file
View File

@@ -0,0 +1,108 @@
/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
/*
* Copyright (c) 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Computer Systems
* Engineering Group at Lawrence Berkeley Laboratory.
* 4. Neither the name of the University nor of the Laboratory may be used
* to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lib_pcap_export_defs_h
#define lib_pcap_export_defs_h
/*
* PCAP_API_DEF must be used when defining *data* exported from
* libpcap. It can be used when defining *functions* exported
* from libpcap, but it doesn't have to be used there. It
* should not be used in declarations in headers.
*
* PCAP_API must be used when *declaring* data or functions
* exported from libpcap; PCAP_API_DEF won't work on all platforms.
*/
/*
* Check whether this is GCC major.minor or a later release, or some
* compiler that claims to be "just like GCC" of that version or a
* later release.
*/
#define IS_AT_LEAST_GNUC_VERSION(major, minor) \
(defined(__GNUC__) && \
(__GNUC__ > (major) || \
(__GNUC__ == (major) && __GNUC_MINOR__ >= (minor))))
#if defined(_WIN32)
#ifdef BUILDING_PCAP
/*
* We're compiling libpcap, so we should export functions in our
* API.
*/
#define PCAP_API_DEF __declspec(dllexport)
#else
#define PCAP_API_DEF __declspec(dllimport)
#endif
#elif defined(MSDOS)
/* XXX - does this need special treatment? */
#define PCAP_API_DEF
#else /* UN*X */
#ifdef BUILDING_PCAP
/*
* We're compiling libpcap, so we should export functions in our API.
* The compiler might be configured not to export functions from a
* shared library by default, so we might have to explicitly mark
* functions as exported.
*/
#if IS_AT_LEAST_GNUC_VERSION(3, 4)
/*
* GCC 3.4 or later, or some compiler asserting compatibility with
* GCC 3.4 or later, so we have __attribute__((visibility()).
*/
#define PCAP_API_DEF __attribute__((visibility("default")))
#elif defined(__SUNPRO_C) && (__SUNPRO_C >= 0x550)
/*
* Sun C 5.5 or later, so we have __global.
* (Sun C 5.9 and later also have __attribute__((visibility()),
* but there's no reason to prefer it with Sun C.)
*/
#define PCAP_API_DEF __global
#else
/*
* We don't have anything to say.
*/
#define PCAP_API_DEF
#endif
#else
/*
* We're not building libpcap.
*/
#define PCAP_API_DEF
#endif
#endif /* _WIN32/MSDOS/UN*X */
#define PCAP_API PCAP_API_DEF extern
#endif /* lib_pcap_export_defs_h */

34
mswin32/pcap-include/pcap/namedb.h
View File

@@ -29,8 +29,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/namedb.h,v 1.1 2006/10/04 18:09:22 guy Exp $ (LBL)
*/
#ifndef lib_pcap_namedb_h
@@ -45,7 +43,10 @@ extern "C" {
* XXX this stuff doesn't belong in this interface, but this
* library already must do name to address translation, so
* on systems that don't have support for /etc/ethers, we
* export these hooks since they'll
* export these hooks since they're already being used by
* some applications (such as tcpdump) and already being
* marked as exported in some OSes offering libpcap (such
* as Debian).
*/
struct pcap_etherent {
u_char addr[6];
@@ -54,21 +55,21 @@ struct pcap_etherent {
#ifndef PCAP_ETHERS_FILE
#define PCAP_ETHERS_FILE "/etc/ethers"
#endif
struct pcap_etherent *pcap_next_etherent(FILE *);
u_char *pcap_ether_hostton(const char*);
u_char *pcap_ether_aton(const char *);
PCAP_API struct pcap_etherent *pcap_next_etherent(FILE *);
PCAP_API u_char *pcap_ether_hostton(const char*);
PCAP_API u_char *pcap_ether_aton(const char *);
bpf_u_int32 **pcap_nametoaddr(const char *);
PCAP_API bpf_u_int32 **pcap_nametoaddr(const char *);
#ifdef INET6
struct addrinfo *pcap_nametoaddrinfo(const char *);
PCAP_API struct addrinfo *pcap_nametoaddrinfo(const char *);
#endif
bpf_u_int32 pcap_nametonetaddr(const char *);
PCAP_API bpf_u_int32 pcap_nametonetaddr(const char *);
int pcap_nametoport(const char *, int *, int *);
int pcap_nametoportrange(const char *, int *, int *, int *);
int pcap_nametoproto(const char *);
int pcap_nametoeproto(const char *);
int pcap_nametollc(const char *);
PCAP_API int pcap_nametoport(const char *, int *, int *);
PCAP_API int pcap_nametoportrange(const char *, int *, int *, int *);
PCAP_API int pcap_nametoproto(const char *);
PCAP_API int pcap_nametoeproto(const char *);
PCAP_API int pcap_nametollc(const char *);
/*
* If a protocol is unknown, PROTO_UNDEF is returned.
* Also, pcap_nametoport() returns the protocol along with the port number.
@@ -77,11 +78,6 @@ int pcap_nametollc(const char *);
*/
#define PROTO_UNDEF -1
/* XXX move these to pcap-int.h? */
int __pcap_atodn(const char *, bpf_u_int32 *);
int __pcap_atoin(const char *, bpf_u_int32 *);
u_short __pcap_nametodnaddr(const char *);
#ifdef __cplusplus
}
#endif

355
mswin32/pcap-include/pcap/pcap.h
View File

@@ -30,14 +30,14 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.4.2.11 2008-10-06 15:38:39 gianluca Exp $ (LBL)
*/
#ifndef lib_pcap_pcap_h
#define lib_pcap_pcap_h
#if defined(WIN32)
#include <pcap/export-defs.h>
#if defined(_WIN32)
#include <pcap-stdinc.h>
#elif defined(MSDOS)
#include <sys/types.h>
@@ -45,7 +45,7 @@
#else /* UN*X */
#include <sys/types.h>
#include <sys/time.h>
#endif /* WIN32/MSDOS/UN*X */
#endif /* _WIN32/MSDOS/UN*X */
#ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H
#include <pcap/bpf.h>
@@ -53,23 +53,17 @@
#include <stdio.h>
#ifdef HAVE_REMOTE
// We have to define the SOCKET here, although it has been defined in sockutils.h
// This is to avoid the distribution of the 'sockutils.h' file around
// (for example in the WinPcap developer's pack)
#ifndef SOCKET
#ifdef WIN32
#define SOCKET unsigned int
#else
#define SOCKET int
#endif
#endif
#endif
#ifdef __cplusplus
extern "C" {
#endif
/*
* Version number of the current version of the pcap file format.
*
* NOTE: this is *NOT* the version number of the libpcap library.
* To fetch the version information for the version of libpcap
* you're using, use pcap_lib_version().
*/
#define PCAP_VERSION_MAJOR 2
#define PCAP_VERSION_MINOR 4
@@ -119,12 +113,13 @@ typedef struct pcap_addr pcap_addr_t;
* the old file header as well as files with the new file header
* (using the magic number to determine the header format).
*
* Then supply the changes as a patch at
* Then supply the changes by forking the branch at
*
* http://sourceforge.net/projects/libpcap/
* https://github.com/the-tcpdump-group/libpcap/issues
*
* so that future versions of libpcap and programs that use it (such as
* tcpdump) will be able to read your new capture file format.
* and issuing a pull request, so that future versions of libpcap and
* programs that use it (such as tcpdump) will be able to read your new
* capture file format.
*/
struct pcap_file_header {
bpf_u_int32 magic;
@@ -176,12 +171,12 @@ struct pcap_pkthdr {
struct pcap_stat {
u_int ps_recv; /* number of packets received */
u_int ps_drop; /* number of packets dropped */
u_int ps_ifdrop; /* drops by interface XXX not yet supported */
#ifdef HAVE_REMOTE
u_int ps_capt; /* number of packets that are received by the application; please get rid off the Win32 ifdef */
u_int ps_ifdrop; /* drops by interface -- only supported on some platforms */
#if defined(_WIN32) && defined(HAVE_REMOTE)
u_int ps_capt; /* number of packets that reach the application */
u_int ps_sent; /* number of packets sent by the server on the network */
u_int ps_netdrop; /* number of packets lost on the network */
#endif /* HAVE_REMOTE */
#endif /* _WIN32 && HAVE_REMOTE */
};
#ifdef MSDOS
@@ -229,6 +224,8 @@ struct pcap_if {
};
#define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */
#define PCAP_IF_UP 0x00000002 /* interface is up */
#define PCAP_IF_RUNNING 0x00000004 /* interface is running */
/*
* Representation of an interface address.
@@ -259,6 +256,9 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
#define PCAP_ERROR_NOT_RFMON -7 /* operation supported only in monitor mode */
#define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */
#define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */
#define PCAP_ERROR_CANTSET_TSTAMP_TYPE -10 /* this device doesn't support setting the time stamp type */
#define PCAP_ERROR_PROMISC_PERM_DENIED -11 /* you don't have permission to capture in promiscuous mode */
#define PCAP_ERROR_TSTAMP_PRECISION_NOTSUP -12 /* the requested time stamp precision is not supported */
/*
* Warning codes for the pcap API.
@@ -267,109 +267,240 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
*/
#define PCAP_WARNING 1 /* generic warning code */
#define PCAP_WARNING_PROMISC_NOTSUP 2 /* this device doesn't support promiscuous mode */
#define PCAP_WARNING_TSTAMP_TYPE_NOTSUP 3 /* the requested time stamp type is not supported */
char *pcap_lookupdev(char *);
int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
/*
* Value to pass to pcap_compile() as the netmask if you don't know what
* the netmask is.
*/
#define PCAP_NETMASK_UNKNOWN 0xffffffff
pcap_t *pcap_create(const char *, char *);
int pcap_set_snaplen(pcap_t *, int);
int pcap_set_promisc(pcap_t *, int);
int pcap_can_set_rfmon(pcap_t *);
int pcap_set_rfmon(pcap_t *, int);
int pcap_set_timeout(pcap_t *, int);
int pcap_set_buffer_size(pcap_t *, int);
int pcap_activate(pcap_t *);
PCAP_API char *pcap_lookupdev(char *);
PCAP_API int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
pcap_t *pcap_open_live(const char *, int, int, int, char *);
pcap_t *pcap_open_dead(int, int);
pcap_t *pcap_open_offline(const char *, char *);
#if defined(WIN32)
pcap_t *pcap_hopen_offline(intptr_t, char *);
#if !defined(LIBPCAP_EXPORTS)
PCAP_API pcap_t *pcap_create(const char *, char *);
PCAP_API int pcap_set_snaplen(pcap_t *, int);
PCAP_API int pcap_set_promisc(pcap_t *, int);
PCAP_API int pcap_can_set_rfmon(pcap_t *);
PCAP_API int pcap_set_rfmon(pcap_t *, int);
PCAP_API int pcap_set_timeout(pcap_t *, int);
PCAP_API int pcap_set_tstamp_type(pcap_t *, int);
PCAP_API int pcap_set_immediate_mode(pcap_t *, int);
PCAP_API int pcap_set_buffer_size(pcap_t *, int);
PCAP_API int pcap_set_tstamp_precision(pcap_t *, int);
PCAP_API int pcap_get_tstamp_precision(pcap_t *);
PCAP_API int pcap_activate(pcap_t *);
PCAP_API int pcap_list_tstamp_types(pcap_t *, int **);
PCAP_API void pcap_free_tstamp_types(int *);
PCAP_API int pcap_tstamp_type_name_to_val(const char *);
PCAP_API const char *pcap_tstamp_type_val_to_name(int);
PCAP_API const char *pcap_tstamp_type_val_to_description(int);
/*
* Time stamp types.
* Not all systems and interfaces will necessarily support all of these.
*
* A system that supports PCAP_TSTAMP_HOST is offering time stamps
* provided by the host machine, rather than by the capture device,
* but not committing to any characteristics of the time stamp;
* it will not offer any of the PCAP_TSTAMP_HOST_ subtypes.
*
* PCAP_TSTAMP_HOST_LOWPREC is a time stamp, provided by the host machine,
* that's low-precision but relatively cheap to fetch; it's normally done
* using the system clock, so it's normally synchronized with times you'd
* fetch from system calls.
*
* PCAP_TSTAMP_HOST_HIPREC is a time stamp, provided by the host machine,
* that's high-precision; it might be more expensive to fetch. It might
* or might not be synchronized with the system clock, and might have
* problems with time stamps for packets received on different CPUs,
* depending on the platform.
*
* PCAP_TSTAMP_ADAPTER is a high-precision time stamp supplied by the
* capture device; it's synchronized with the system clock.
*
* PCAP_TSTAMP_ADAPTER_UNSYNCED is a high-precision time stamp supplied by
* the capture device; it's not synchronized with the system clock.
*
* Note that time stamps synchronized with the system clock can go
* backwards, as the system clock can go backwards. If a clock is
* not in sync with the system clock, that could be because the
* system clock isn't keeping accurate time, because the other
* clock isn't keeping accurate time, or both.
*
* Note that host-provided time stamps generally correspond to the
* time when the time-stamping code sees the packet; this could
* be some unknown amount of time after the first or last bit of
* the packet is received by the network adapter, due to batching
* of interrupts for packet arrival, queueing delays, etc..
*/
#define PCAP_TSTAMP_HOST 0 /* host-provided, unknown characteristics */
#define PCAP_TSTAMP_HOST_LOWPREC 1 /* host-provided, low precision */
#define PCAP_TSTAMP_HOST_HIPREC 2 /* host-provided, high precision */
#define PCAP_TSTAMP_ADAPTER 3 /* device-provided, synced with the system clock */
#define PCAP_TSTAMP_ADAPTER_UNSYNCED 4 /* device-provided, not synced with the system clock */
/*
* Time stamp resolution types.
* Not all systems and interfaces will necessarily support all of these
* resolutions when doing live captures; all of them can be requested
* when reading a savefile.
*/
#define PCAP_TSTAMP_PRECISION_MICRO 0 /* use timestamps with microsecond precision, default */
#define PCAP_TSTAMP_PRECISION_NANO 1 /* use timestamps with nanosecond precision */
PCAP_API pcap_t *pcap_open_live(const char *, int, int, int, char *);
PCAP_API pcap_t *pcap_open_dead(int, int);
PCAP_API pcap_t *pcap_open_dead_with_tstamp_precision(int, int, u_int);
PCAP_API pcap_t *pcap_open_offline_with_tstamp_precision(const char *, u_int, char *);
PCAP_API pcap_t *pcap_open_offline(const char *, char *);
#ifdef _WIN32
PCAP_API pcap_t *pcap_hopen_offline_with_tstamp_precision(intptr_t, u_int, char *);
PCAP_API pcap_t *pcap_hopen_offline(intptr_t, char *);
/*
* If we're building libpcap, these are internal routines in savefile.c,
* so we mustn't define them as macros.
*/
#ifndef BUILDING_PCAP
#define pcap_fopen_offline_with_tstamp_precision(f,p,b) \
pcap_hopen_offline_with_tstamp_precision(_get_osfhandle(_fileno(f)), p, b)
#define pcap_fopen_offline(f,b) \
pcap_hopen_offline(_get_osfhandle(_fileno(f)), b)
#else /*LIBPCAP_EXPORTS*/
static pcap_t *pcap_fopen_offline(FILE *, char *);
#endif
#else /*WIN32*/
pcap_t *pcap_fopen_offline(FILE *, char *);
#endif /*WIN32*/
#else /*_WIN32*/
PCAP_API pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *);
PCAP_API pcap_t *pcap_fopen_offline(FILE *, char *);
#endif /*_WIN32*/
void pcap_close(pcap_t *);
int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
const u_char*
pcap_next(pcap_t *, struct pcap_pkthdr *);
int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
void pcap_breakloop(pcap_t *);
int pcap_stats(pcap_t *, struct pcap_stat *);
int pcap_setfilter(pcap_t *, struct bpf_program *);
int pcap_setdirection(pcap_t *, pcap_direction_t);
int pcap_getnonblock(pcap_t *, char *);
int pcap_setnonblock(pcap_t *, int, char *);
int pcap_inject(pcap_t *, const void *, size_t);
int pcap_sendpacket(pcap_t *, const u_char *, int);
const char *pcap_statustostr(int);
const char *pcap_strerror(int);
char *pcap_geterr(pcap_t *);
void pcap_perror(pcap_t *, char *);
int pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
PCAP_API void pcap_close(pcap_t *);
PCAP_API int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
PCAP_API int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
PCAP_API const u_char *pcap_next(pcap_t *, struct pcap_pkthdr *);
PCAP_API int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
PCAP_API void pcap_breakloop(pcap_t *);
PCAP_API int pcap_stats(pcap_t *, struct pcap_stat *);
PCAP_API int pcap_setfilter(pcap_t *, struct bpf_program *);
PCAP_API int pcap_setdirection(pcap_t *, pcap_direction_t);
PCAP_API int pcap_getnonblock(pcap_t *, char *);
PCAP_API int pcap_setnonblock(pcap_t *, int, char *);
PCAP_API int pcap_inject(pcap_t *, const void *, size_t);
PCAP_API int pcap_sendpacket(pcap_t *, const u_char *, int);
PCAP_API const char *pcap_statustostr(int);
PCAP_API const char *pcap_strerror(int);
PCAP_API char *pcap_geterr(pcap_t *);
PCAP_API void pcap_perror(pcap_t *, const char *);
PCAP_API int pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
bpf_u_int32);
int pcap_compile_nopcap(int, int, struct bpf_program *,
PCAP_API int pcap_compile_nopcap(int, int, struct bpf_program *,
const char *, int, bpf_u_int32);
void pcap_freecode(struct bpf_program *);
int pcap_offline_filter(struct bpf_program *, const struct pcap_pkthdr *,
const u_char *);
int pcap_datalink(pcap_t *);
int pcap_datalink_ext(pcap_t *);
int pcap_list_datalinks(pcap_t *, int **);
int pcap_set_datalink(pcap_t *, int);
void pcap_free_datalinks(int *);
int pcap_datalink_name_to_val(const char *);
const char *pcap_datalink_val_to_name(int);
const char *pcap_datalink_val_to_description(int);
int pcap_snapshot(pcap_t *);
int pcap_is_swapped(pcap_t *);
int pcap_major_version(pcap_t *);
int pcap_minor_version(pcap_t *);
PCAP_API void pcap_freecode(struct bpf_program *);
PCAP_API int pcap_offline_filter(const struct bpf_program *,
const struct pcap_pkthdr *, const u_char *);
PCAP_API int pcap_datalink(pcap_t *);
PCAP_API int pcap_datalink_ext(pcap_t *);
PCAP_API int pcap_list_datalinks(pcap_t *, int **);
PCAP_API int pcap_set_datalink(pcap_t *, int);
PCAP_API void pcap_free_datalinks(int *);
PCAP_API int pcap_datalink_name_to_val(const char *);
PCAP_API const char *pcap_datalink_val_to_name(int);
PCAP_API const char *pcap_datalink_val_to_description(int);
PCAP_API int pcap_snapshot(pcap_t *);
PCAP_API int pcap_is_swapped(pcap_t *);
PCAP_API int pcap_major_version(pcap_t *);
PCAP_API int pcap_minor_version(pcap_t *);
/* XXX */
FILE *pcap_file(pcap_t *);
int pcap_fileno(pcap_t *);
PCAP_API FILE *pcap_file(pcap_t *);
PCAP_API int pcap_fileno(pcap_t *);
pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp);
FILE *pcap_dump_file(pcap_dumper_t *);
long pcap_dump_ftell(pcap_dumper_t *);
int pcap_dump_flush(pcap_dumper_t *);
void pcap_dump_close(pcap_dumper_t *);
void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
#ifdef _WIN32
PCAP_API int pcap_wsockinit(void);
#endif
int pcap_findalldevs(pcap_if_t **, char *);
void pcap_freealldevs(pcap_if_t *);
PCAP_API pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
PCAP_API pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp);
PCAP_API pcap_dumper_t *pcap_dump_open_append(pcap_t *, const char *);
PCAP_API FILE *pcap_dump_file(pcap_dumper_t *);
PCAP_API long pcap_dump_ftell(pcap_dumper_t *);
PCAP_API int pcap_dump_flush(pcap_dumper_t *);
PCAP_API void pcap_dump_close(pcap_dumper_t *);
PCAP_API void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
const char *pcap_lib_version(void);
PCAP_API int pcap_findalldevs(pcap_if_t **, char *);
PCAP_API void pcap_freealldevs(pcap_if_t *);
/* XXX this guy lives in the bpf tree */
u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
int bpf_validate(const struct bpf_insn *f, int len);
char *bpf_image(const struct bpf_insn *, int);
void bpf_dump(const struct bpf_program *, int);
PCAP_API const char *pcap_lib_version(void);
#if defined(WIN32)
/*
* On at least some versions of NetBSD and QNX, we don't want to declare
* bpf_filter() here, as it's also be declared in <net/bpf.h>, with a
* different signature, but, on other BSD-flavored UN*Xes, it's not
* declared in <net/bpf.h>, so we *do* want to declare it here, so it's
* declared when we build pcap-bpf.c.
*/
#if !defined(__NetBSD__) && !defined(__QNX__)
PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
#endif
PCAP_API int bpf_validate(const struct bpf_insn *f, int len);
PCAP_API char *bpf_image(const struct bpf_insn *, int);
PCAP_API void bpf_dump(const struct bpf_program *, int);
#if defined(_WIN32)
/*
* Win32 definitions
*/
int pcap_setbuff(pcap_t *p, int dim);
int pcap_setmode(pcap_t *p, int mode);
int pcap_setmintocopy(pcap_t *p, int size);
/*!
\brief A queue of raw packets that will be sent to the network with pcap_sendqueue_transmit().
*/
struct pcap_send_queue
{
u_int maxlen; /* Maximum size of the the queue, in bytes. This
variable contains the size of the buffer field. */
u_int len; /* Current size of the queue, in bytes. */
char *buffer; /* Buffer containing the packets to be sent. */
};
#ifdef WPCAP
/* Include file with the wpcap-specific extensions */
#include <Win32-Extensions.h>
#endif /* WPCAP */
typedef struct pcap_send_queue pcap_send_queue;
/*!
\brief This typedef is a support for the pcap_get_airpcap_handle() function
*/
#if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_)
#define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_
typedef struct _AirpcapHandle *PAirpcapHandle;
#endif
PCAP_API int pcap_setbuff(pcap_t *p, int dim);
PCAP_API int pcap_setmode(pcap_t *p, int mode);
PCAP_API int pcap_setmintocopy(pcap_t *p, int size);
PCAP_API HANDLE pcap_getevent(pcap_t *p);
PCAP_API int pcap_oid_get_request(pcap_t *, bpf_u_int32, void *, size_t *);
PCAP_API int pcap_oid_set_request(pcap_t *, bpf_u_int32, const void *, size_t *);
PCAP_API pcap_send_queue* pcap_sendqueue_alloc(u_int memsize);
PCAP_API void pcap_sendqueue_destroy(pcap_send_queue* queue);
PCAP_API int pcap_sendqueue_queue(pcap_send_queue* queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data);
PCAP_API u_int pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue* queue, int sync);
PCAP_API struct pcap_stat *pcap_stats_ex(pcap_t *p, int *pcap_stat_size);
PCAP_API int pcap_setuserbuffer(pcap_t *p, int size);
PCAP_API int pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks);
PCAP_API int pcap_live_dump_ended(pcap_t *p, int sync);
PCAP_API int pcap_start_oem(char* err_str, int flags);
PCAP_API PAirpcapHandle pcap_get_airpcap_handle(pcap_t *p);
#define MODE_CAPT 0
#define MODE_STAT 1
@@ -381,9 +512,9 @@ int pcap_setmintocopy(pcap_t *p, int size);
* MS-DOS definitions
*/
int pcap_stats_ex (pcap_t *, struct pcap_stat_ex *);
void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait);
u_long pcap_mac_packets (void);
PCAP_API int pcap_stats_ex (pcap_t *, struct pcap_stat_ex *);
PCAP_API void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait);
PCAP_API u_long pcap_mac_packets (void);
#else /* UN*X */
@@ -391,9 +522,9 @@ u_long pcap_mac_packets (void);
* UN*X definitions
*/
int pcap_get_selectable_fd(pcap_t *);
PCAP_API int pcap_get_selectable_fd(pcap_t *);
#endif /* WIN32/MSDOS/UN*X */
#endif /* _WIN32/MSDOS/UN*X */
#ifdef HAVE_REMOTE
/* Includes most of the public stuff that is needed for the remote capture */
@@ -404,4 +535,4 @@ int pcap_get_selectable_fd(pcap_t *);
}
#endif
#endif
#endif /* lib_pcap_pcap_h */

2
mswin32/pcap-include/pcap/sll.h
View File

@@ -34,8 +34,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/sll.h,v 1.2.2.1 2008-05-30 01:36:06 guy Exp $ (LBL)
*/
/*

61
mswin32/pcap-include/pcap/usb.h
View File

@@ -29,12 +29,10 @@
*
* Basic USB data struct
* By Paolo Abeni <paolo.abeni@email.it>
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/usb.h,v 1.6 2007/09/22 02:06:08 guy Exp $
*/
#ifndef _PCAP_USB_STRUCTS_H__
#define _PCAP_USB_STRUCTS_H__
#ifndef lib_pcap_usb_h
#define lib_pcap_usb_h
/*
* possible transfer mode
@@ -54,7 +52,7 @@
/*
* USB setup header as defined in USB specification.
* Appears at the front of each packet in DLT_USB captures.
* Appears at the front of each Control S-type packet in DLT_USB captures.
*/
typedef struct _usb_setup {
u_int8_t bmRequestType;
@@ -64,6 +62,13 @@ typedef struct _usb_setup {
u_int16_t wLength;
} pcap_usb_setup;
/*
* Information from the URB for Isochronous transfers.
*/
typedef struct _iso_rec {
int32_t error_count;
int32_t numdesc;
} iso_rec;
/*
* Header prepended by linux kernel to each event.
@@ -86,5 +91,51 @@ typedef struct _usb_header {
pcap_usb_setup setup;
} pcap_usb_header;
/*
* Header prepended by linux kernel to each event for the 2.6.31
* and later kernels; for the 2.6.21 through 2.6.30 kernels, the
* "iso_rec" information, and the fields starting with "interval"
* are zeroed-out padding fields.
*
* Appears at the front of each packet in DLT_USB_LINUX_MMAPPED captures.
*/
typedef struct _usb_header_mmapped {
u_int64_t id;
u_int8_t event_type;
u_int8_t transfer_type;
u_int8_t endpoint_number;
u_int8_t device_address;
u_int16_t bus_id;
char setup_flag;/*if !=0 the urb setup header is not present*/
char data_flag; /*if !=0 no urb data is present*/
int64_t ts_sec;
int32_t ts_usec;
int32_t status;
u_int32_t urb_len;
u_int32_t data_len; /* amount of urb data really present in this event*/
union {
pcap_usb_setup setup;
iso_rec iso;
} s;
int32_t interval; /* for Interrupt and Isochronous events */
int32_t start_frame; /* for Isochronous events */
u_int32_t xfer_flags; /* copy of URB's transfer flags */
u_int32_t ndesc; /* number of isochronous descriptors */
} pcap_usb_header_mmapped;
/*
* Isochronous descriptors; for isochronous transfers there might be
* one or more of these at the beginning of the packet data. The
* number of descriptors is given by the "ndesc" field in the header;
* as indicated, in older kernels that don't put the descriptors at
* the beginning of the packet, that field is zeroed out, so that field
* can be trusted even in captures from older kernels.
*/
typedef struct _usb_isodesc {
int32_t status;
u_int32_t offset;
u_int32_t len;
u_int8_t pad[4];
} usb_isodesc;
#endif

2
mswin32/pcap-include/pcap/vlan.h
View File

@@ -29,8 +29,6 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap/vlan.h,v 1.1.2.2 2008-08-06 07:45:59 guy Exp $
*/
#ifndef lib_pcap_vlan_h

200
mswin32/pcap-include/portability.h Normal file
View File

@@ -0,0 +1,200 @@
/*
* Copyright (c) 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Computer Systems
* Engineering Group at Lawrence Berkeley Laboratory.
* 4. Neither the name of the University nor of the Laboratory may be used
* to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef portability_h
#define portability_h
/*
* Helpers for portability between Windows and UN*X and between different
* flavors of UN*X.
*/
#ifdef __cplusplus
extern "C" {
#endif
#ifndef HAVE_STRLCPY
/*
* Macro that does the same thing as strlcpy().
*/
#ifdef _WIN32
/*
* strncpy_s() is supported at least back to Visual
* Studio 2005.
*/
#define strlcpy(x, y, z) \
strncpy_s((x), (z), (y), _TRUNCATE)
#else
#define strlcpy(x, y, z) \
(strncpy((x), (y), (z)), \
((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \
(void) strlen((y)))
#endif
#endif
/*
* For flagging arguments as format strings in MSVC.
*/
#if _MSC_VER >= 1400
#include <sal.h>
#if _MSC_VER > 1400
#define FORMAT_STRING(p) _Printf_format_string_ p
#else
#define FORMAT_STRING(p) __format_string p
#endif
#else
#define FORMAT_STRING(p) p
#endif
#ifdef _MSC_VER
#define strdup _strdup
#define sscanf sscanf_s
#define strltok(x, y) \
strtok((x), (y))
#define strlcat(x, y, z) \
strncat_s((x), (z), (y), _TRUNCATE)
#define setbuf(x, y) \
setvbuf((x), (y), _IONBF, 0)
#define fopen(x, y) \
fopen_safe((x), (y))
FILE *fopen_safe(const char *filename, const char* mode);
#else
#define strltok strtok
#endif
#ifdef _MSC_VER
/*
* MSVC.
*/
#if _MSC_VER >= 1900
/*
* VS 2015 or newer; we have snprintf() function.
*/
#define HAVE_SNPRINTF
#endif
#endif
/*
* On Windows, snprintf(), with that name and with C99 behavior - i.e.,
* guaranteeing that the formatted string is null-terminated - didn't
* appear until Visual Studio 2015. Prior to that, the C runtime had
* only _snprintf(), which *doesn't* guarantee that the string is
* null-terminated if it is truncated due to the buffer being too
* small. We therefore can't just define snprintf to be _snprintf
* and define vsnprintf to be _vsnprintf, as we're relying on null-
* termination of strings in all cases.
*
* We also want to allow this to be built with versions of Visual Studio
* prior to VS 2015, so we can't rely on snprintf() being present.
*
* And we want to make sure that, if we support plugins in the future,
* a routine with C99 snprintf() behavior will be available to them.
* We also don't want it to collide with the C library snprintf() if
* there is one.
*
* So we make pcap_snprintf() and pcap_vsnprintf() available, either by
* #defining them to be snprintf or vsnprintf, respectively, or by
* defining our own versions and exporting them.
*/
#ifdef HAVE_SNPRINTF
#define pcap_snprintf snprintf
#else
extern int pcap_snprintf(char *, size_t, FORMAT_STRING(const char *), ...)
#ifdef __ATTRIBUTE___FORMAT_OK
__attribute__((format (printf, 3, 4)))
#endif /* __ATTRIBUTE___FORMAT_OK */
;
#endif
#ifdef HAVE_VSNPRINTF
#define pcap_vsnprintf vsnprintf
#else
extern int pcap_vsnprintf(char *, size_t, const char *, va_list ap);
#endif
#ifdef _WIN32
/*
* These may be defined by <inttypes.h>.
*
* XXX - for MSVC, we always want the _MSC_EXTENSIONS versions.
* What about other compilers? If, as the MinGW Web site says MinGW
* does, the other compilers just use Microsoft's run-time library,
* then they should probably use the _MSC_EXTENSIONS even if the
* compiler doesn't define _MSC_EXTENSIONS.
*
* XXX - we currently aren't using any of these, but this allows
* their use in the future.
*/
#ifndef PRId64
#ifdef _MSC_EXTENSIONS
#define PRId64 "I64d"
#else
#define PRId64 "lld"
#endif
#endif /* PRId64 */
#ifndef PRIo64
#ifdef _MSC_EXTENSIONS
#define PRIo64 "I64o"
#else
#define PRIo64 "llo"
#endif
#endif /* PRIo64 */
#ifndef PRIx64
#ifdef _MSC_EXTENSIONS
#define PRIx64 "I64x"
#else
#define PRIx64 "llx"
#endif
#endif
#ifndef PRIu64
#ifdef _MSC_EXTENSIONS
#define PRIu64 "I64u"
#else
#define PRIu64 "llu"
#endif
#endif
#if !defined(__cplusplus)
#define inline __inline
#endif
#endif /* _WIN32 */
#ifdef __cplusplus
}
#endif
#endif

535
mswin32/pcap-include/remote-ext.h
View File

@@ -39,7 +39,7 @@
#error Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h
#endif
// Definition for Microsoft Visual Studio
/*// Definition for Microsoft Visual Studio */
#if _MSC_VER > 1000
#pragma once
#endif
@@ -48,346 +48,347 @@
extern "C" {
#endif
/*!
\file remote-ext.h
The goal of this file it to include most of the new definitions that should be
placed into the pcap.h file.
It includes all new definitions (structures and functions like pcap_open().
Some of the functions are not really a remote feature, but, right now,
they are placed here.
/*
* \file remote-ext.h
*
* The goal of this file it to include most of the new definitions that should be
* placed into the pcap.h file.
*
* It includes all new definitions (structures and functions like pcap_open().
* Some of the functions are not really a remote feature, but, right now,
* they are placed here.
*/
// All this stuff is public
/*! \addtogroup remote_struct
\{
/*// All this stuff is public */
/*
* \addtogroup remote_struct
* \{
*/
/*!
\brief Defines the maximum buffer size in which address, port, interface names are kept.
In case the adapter name or such is larger than this value, it is truncated.
This is not used by the user; however it must be aware that an hostname / interface
name longer than this value will be truncated.
/*
* \brief Defines the maximum buffer size in which address, port, interface names are kept.
*
* In case the adapter name or such is larger than this value, it is truncated.
* This is not used by the user; however it must be aware that an hostname / interface
* name longer than this value will be truncated.
*/
#define PCAP_BUF_SIZE 1024
/*! \addtogroup remote_source_ID
\{
/*
* \addtogroup remote_source_ID
* \{
*/
/*!
\brief Internal representation of the type of source in use (file,
remote/local interface).
This indicates a file, i.e. the user want to open a capture from a local file.
/*
* \brief Internal representation of the type of source in use (file,
* remote/local interface).
*
* This indicates a file, i.e. the user want to open a capture from a local file.
*/
#define PCAP_SRC_FILE 2
/*!
\brief Internal representation of the type of source in use (file,
remote/local interface).
This indicates a local interface, i.e. the user want to open a capture from
a local interface. This does not involve the RPCAP protocol.
/*
* \brief Internal representation of the type of source in use (file,
* remote/local interface).
*
* This indicates a local interface, i.e. the user want to open a capture from
* a local interface. This does not involve the RPCAP protocol.
*/
#define PCAP_SRC_IFLOCAL 3
/*!
\brief Internal representation of the type of source in use (file,
remote/local interface).
This indicates a remote interface, i.e. the user want to open a capture from
an interface on a remote host. This does involve the RPCAP protocol.
/*
* \brief Internal representation of the type of source in use (file,
* remote/local interface).
*
* This indicates a remote interface, i.e. the user want to open a capture from
* an interface on a remote host. This does involve the RPCAP protocol.
*/
#define PCAP_SRC_IFREMOTE 4
/*!
\}
/*
* \}
*/
/*! \addtogroup remote_source_string
The formats allowed by the pcap_open() are the following:
- file://path_and_filename [opens a local file]
- rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
- rpcap://host/devicename [opens the selected device available on a remote host]
- rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
- adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]
- (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]
The formats allowed by the pcap_findalldevs_ex() are the following:
- file://folder/ [lists all the files in the given folder]
- rpcap:// [lists all local adapters]
- rpcap://host:port/ [lists the devices available on a remote host]
Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since
IPv6 is fully supported, these are the allowed formats:
- host (literal): e.g. host.foo.bar
- host (numeric IPv4): e.g. 10.11.12.13
- host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]
- host (numeric IPv6): e.g. [1:2:3::4]
- port: can be either numeric (e.g. '80') or literal (e.g. 'http')
Here you find some allowed examples:
- rpcap://host.foo.bar/devicename [everything literal, no port number]
- rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
- rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
- rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
- rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
- rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
- rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]
- rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]
\{
/* \addtogroup remote_source_string
*
* The formats allowed by the pcap_open() are the following:
* - file://path_and_filename [opens a local file]
* - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
* - rpcap://host/devicename [opens the selected device available on a remote host]
* - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
* - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]
* - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]
*
* The formats allowed by the pcap_findalldevs_ex() are the following:
* - file://folder/ [lists all the files in the given folder]
* - rpcap:// [lists all local adapters]
* - rpcap://host:port/ [lists the devices available on a remote host]
*
* Referring to the 'host' and 'port' parameters, they can be either numeric or literal. Since
* IPv6 is fully supported, these are the allowed formats:
*
* - host (literal): e.g. host.foo.bar
* - host (numeric IPv4): e.g. 10.11.12.13
* - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]
* - host (numeric IPv6): e.g. [1:2:3::4]
* - port: can be either numeric (e.g. '80') or literal (e.g. 'http')
*
* Here you find some allowed examples:
* - rpcap://host.foo.bar/devicename [everything literal, no port number]
* - rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
* - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
* - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
* - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
* - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
* - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]
* - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]
*
* \{
*/
/*!
\brief String that will be used to determine the type of source in use (file,
remote/local interface).
This string will be prepended to the interface name in order to create a string
that contains all the information required to open the source.
This string indicates that the user wants to open a capture from a local file.
/*
* \brief String that will be used to determine the type of source in use (file,
* remote/local interface).
*
* This string will be prepended to the interface name in order to create a string
* that contains all the information required to open the source.
*
* This string indicates that the user wants to open a capture from a local file.
*/
#define PCAP_SRC_FILE_STRING "file://"
/*!
\brief String that will be used to determine the type of source in use (file,
remote/local interface).
This string will be prepended to the interface name in order to create a string
that contains all the information required to open the source.
This string indicates that the user wants to open a capture from a network interface.
This string does not necessarily involve the use of the RPCAP protocol. If the
interface required resides on the local host, the RPCAP protocol is not involved
and the local functions are used.
/*
* \brief String that will be used to determine the type of source in use (file,
* remote/local interface).
*
* This string will be prepended to the interface name in order to create a string
* that contains all the information required to open the source.
*
* This string indicates that the user wants to open a capture from a network interface.
* This string does not necessarily involve the use of the RPCAP protocol. If the
* interface required resides on the local host, the RPCAP protocol is not involved
* and the local functions are used.
*/
#define PCAP_SRC_IF_STRING "rpcap://"
/*!
\}
/*
* \}
*/
/*!
\addtogroup remote_open_flags
\{
/*
* \addtogroup remote_open_flags
* \{
*/
/*!
\brief Defines if the adapter has to go in promiscuous mode.
It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise.
Note that even if this parameter is false, the interface could well be in promiscuous
mode for some other reason (for example because another capture process with
promiscuous mode enabled is currently using that interface).
On on Linux systems with 2.2 or later kernels (that have the "any" device), this
flag does not work on the "any" device; if an argument of "any" is supplied,
the 'promisc' flag is ignored.
/*
* \brief Defines if the adapter has to go in promiscuous mode.
*
* It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise.
* Note that even if this parameter is false, the interface could well be in promiscuous
* mode for some other reason (for example because another capture process with
* promiscuous mode enabled is currently using that interface).
* On on Linux systems with 2.2 or later kernels (that have the "any" device), this
* flag does not work on the "any" device; if an argument of "any" is supplied,
* the 'promisc' flag is ignored.
*/
#define PCAP_OPENFLAG_PROMISCUOUS 1
/*!
\brief Defines if the data trasfer (in case of a remote
capture) has to be done with UDP protocol.
If it is '1' if you want a UDP data connection, '0' if you want
a TCP data connection; control connection is always TCP-based.
A UDP connection is much lighter, but it does not guarantee that all
the captured packets arrive to the client workstation. Moreover,
it could be harmful in case of network congestion.
This flag is meaningless if the source is not a remote interface.
In that case, it is simply ignored.
/*
* \brief Defines if the data transfer (in case of a remote
* capture) has to be done with UDP protocol.
*
* If it is '1' if you want a UDP data connection, '0' if you want
* a TCP data connection; control connection is always TCP-based.
* A UDP connection is much lighter, but it does not guarantee that all
* the captured packets arrive to the client workstation. Moreover,
* it could be harmful in case of network congestion.
* This flag is meaningless if the source is not a remote interface.
* In that case, it is simply ignored.
*/
#define PCAP_OPENFLAG_DATATX_UDP 2
/*!
\brief Defines if the remote probe will capture its own generated traffic.
In case the remote probe uses the same interface to capture traffic and to send
data back to the caller, the captured traffic includes the RPCAP traffic as well.
If this flag is turned on, the RPCAP traffic is excluded from the capture, so that
the trace returned back to the collector is does not include this traffic.
/*
* \brief Defines if the remote probe will capture its own generated traffic.
*
* In case the remote probe uses the same interface to capture traffic and to send
* data back to the caller, the captured traffic includes the RPCAP traffic as well.
* If this flag is turned on, the RPCAP traffic is excluded from the capture, so that
* the trace returned back to the collector is does not include this traffic.
*/
#define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4
/*!
\brief Defines if the local adapter will capture its own generated traffic.
This flag tells the underlying capture driver to drop the packets that were sent by itself.
This is usefult when building applications like bridges, that should ignore the traffic
they just sent.
/*
* \brief Defines if the local adapter will capture its own generated traffic.
*
* This flag tells the underlying capture driver to drop the packets that were sent by itself.
* This is useful when building applications like bridges, that should ignore the traffic
* they just sent.
*/
#define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8
/*!
\brief This flag configures the adapter for maximum responsiveness.
In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before
copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage,
i.e. better performance, which is good for applications like sniffers. If the user sets the
PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application
is ready to receive them. This is suggested for real time applications (like, for example, a bridge)
that need the best responsiveness.*/
/*
* \brief This flag configures the adapter for maximum responsiveness.
*
* In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before
* copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage,
* i.e. better performance, which is good for applications like sniffers. If the user sets the
* PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application
* is ready to receive them. This is suggested for real time applications (like, for example, a bridge)
* that need the best responsiveness.
*/
#define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16
/*!
\}
/*
* \}
*/
/*!
\addtogroup remote_samp_methods
\{
/*
* \addtogroup remote_samp_methods
* \{
*/
/*!
\brief No sampling has to be done on the current capture.
In this case, no sampling algorithms are applied to the current capture.
/*
*\brief No sampling has to be done on the current capture.
*
* In this case, no sampling algorithms are applied to the current capture.
*/
#define PCAP_SAMP_NOSAMP 0
/*!
\brief It defines that only 1 out of N packets must be returned to the user.
In this case, the 'value' field of the 'pcap_samp' structure indicates the
number of packets (minus 1) that must be discarded before one packet got accepted.
In other words, if 'value = 10', the first packet is returned to the caller, while
the following 9 are discarded.
/*
* \brief It defines that only 1 out of N packets must be returned to the user.
*
* In this case, the 'value' field of the 'pcap_samp' structure indicates the
* number of packets (minus 1) that must be discarded before one packet got accepted.
* In other words, if 'value = 10', the first packet is returned to the caller, while
* the following 9 are discarded.
*/
#define PCAP_SAMP_1_EVERY_N 1
/*!
\brief It defines that we have to return 1 packet every N milliseconds.
In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting
time' in milliseconds before one packet got accepted.
In other words, if 'value = 10', the first packet is returned to the caller; the next
returned one will be the first packet that arrives when 10ms have elapsed.
/*
* \brief It defines that we have to return 1 packet every N milliseconds.
*
* In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting
* time' in milliseconds before one packet got accepted.
* In other words, if 'value = 10', the first packet is returned to the caller; the next
* returned one will be the first packet that arrives when 10ms have elapsed.
*/
#define PCAP_SAMP_FIRST_AFTER_N_MS 2
/*!
\}
/*
* \}
*/
/*!
\addtogroup remote_auth_methods
\{
/*
* \addtogroup remote_auth_methods
* \{
*/
/*!
\brief It defines the NULL authentication.
This value has to be used within the 'type' member of the pcap_rmtauth structure.
The 'NULL' authentication has to be equal to 'zero', so that old applications
can just put every field of struct pcap_rmtauth to zero, and it does work.
/*
* \brief It defines the NULL authentication.
*
* This value has to be used within the 'type' member of the pcap_rmtauth structure.
* The 'NULL' authentication has to be equal to 'zero', so that old applications
* can just put every field of struct pcap_rmtauth to zero, and it does work.
*/
#define RPCAP_RMTAUTH_NULL 0
/*!
\brief It defines the username/password authentication.
With this type of authentication, the RPCAP protocol will use the username/
password provided to authenticate the user on the remote machine. If the
authentication is successful (and the user has the right to open network devices)
the RPCAP connection will continue; otherwise it will be dropped.
This value has to be used within the 'type' member of the pcap_rmtauth structure.
/*
* \brief It defines the username/password authentication.
*
* With this type of authentication, the RPCAP protocol will use the username/
* password provided to authenticate the user on the remote machine. If the
* authentication is successful (and the user has the right to open network devices)
* the RPCAP connection will continue; otherwise it will be dropped.
*
* This value has to be used within the 'type' member of the pcap_rmtauth structure.
*/
#define RPCAP_RMTAUTH_PWD 1
/*!
\}
/*
* \}
*/
/*!
\brief This structure keeps the information needed to autheticate
the user on a remote machine.
The remote machine can either grant or refuse the access according
to the information provided.
In case the NULL authentication is required, both 'username' and
'password' can be NULL pointers.
This structure is meaningless if the source is not a remote interface;
in that case, the functions which requires such a structure can accept
a NULL pointer as well.
/*
* \brief This structure keeps the information needed to autheticate
* the user on a remote machine.
*
* The remote machine can either grant or refuse the access according
* to the information provided.
* In case the NULL authentication is required, both 'username' and
* 'password' can be NULL pointers.
*
* This structure is meaningless if the source is not a remote interface;
* in that case, the functions which requires such a structure can accept
* a NULL pointer as well.
*/
struct pcap_rmtauth
{
/*!
\brief Type of the authentication required.
In order to provide maximum flexibility, we can support different types
of authentication based on the value of this 'type' variable. The currently
supported authentication methods are defined into the
\link remote_auth_methods Remote Authentication Methods Section\endlink.
/*
* \brief Type of the authentication required.
*
* In order to provide maximum flexibility, we can support different types
* of authentication based on the value of this 'type' variable. The currently
* supported authentication methods are defined into the
* \link remote_auth_methods Remote Authentication Methods Section\endlink.
*/
int type;
/*!
\brief Zero-terminated string containing the username that has to be
used on the remote machine for authentication.
This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication
and it can be NULL.
/*
* \brief Zero-terminated string containing the username that has to be
* used on the remote machine for authentication.
*
* This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication
* and it can be NULL.
*/
char *username;
/*!
\brief Zero-terminated string containing the password that has to be
used on the remote machine for authentication.
This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication
and it can be NULL.
/*
* \brief Zero-terminated string containing the password that has to be
* used on the remote machine for authentication.
*
* This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication
* and it can be NULL.
*/
char *password;
};
/*!
\brief This structure defines the information related to sampling.
In case the sampling is requested, the capturing device should read
only a subset of the packets coming from the source. The returned packets depend
on the sampling parameters.
\warning The sampling process is applied <strong>after</strong> the filtering process.
In other words, packets are filtered first, then the sampling process selects a
subset of the 'filtered' packets and it returns them to the caller.
/*
* \brief This structure defines the information related to sampling.
*
* In case the sampling is requested, the capturing device should read
* only a subset of the packets coming from the source. The returned packets depend
* on the sampling parameters.
*
* \warning The sampling process is applied <strong>after</strong> the filtering process.
* In other words, packets are filtered first, then the sampling process selects a
* subset of the 'filtered' packets and it returns them to the caller.
*/
struct pcap_samp
{
/*!
Method used for sampling. Currently, the supported methods are listed in the
\link remote_samp_methods Sampling Methods Section\endlink.
/*
* Method used for sampling. Currently, the supported methods are listed in the
* \link remote_samp_methods Sampling Methods Section\endlink.
*/
int method;
/*!
This value depends on the sampling method defined. For its meaning, please check
at the \link remote_samp_methods Sampling Methods Section\endlink.
/*
* This value depends on the sampling method defined. For its meaning, please check
* at the \link remote_samp_methods Sampling Methods Section\endlink.
*/
int value;
};
@@ -395,12 +396,12 @@ struct pcap_samp
//! Maximum length of an host name (needed for the RPCAP active mode)
// Maximum length of an host name (needed for the RPCAP active mode)
#define RPCAP_HOSTLIST_SIZE 1024
/*!
\}
/*
* \}
*/ // end of public documentation
@@ -408,30 +409,52 @@ struct pcap_samp
/** \name New WinPcap functions
This section lists the new functions that are able to help considerably in writing
WinPcap programs because of their easiness of use.
/*
* \name New WinPcap functions
*
* This section lists the new functions that are able to help considerably in writing
* WinPcap programs because of their easiness of use.
*/
// \{
pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf);
int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf);
int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf);
int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf);
struct pcap_samp *pcap_setsampling(pcap_t *p);
PCAP_API pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf);
PCAP_API int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf);
PCAP_API int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf);
PCAP_API int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf);
PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p);
// \}
// End of new winpcap functions
// End of new WinPcap functions
/** \name Remote Capture functions
/*
* \name Remote Capture functions
*/
/*
* Some minor differences between UN*X sockets and and Winsock sockets.
*/
#ifndef _WIN32
/*!
* \brief In Winsock, a socket handle is of type SOCKET; in UN*X, it's
* a file descriptor, and therefore a signed integer.
* We define SOCKET to be a signed integer on UN*X, so that it can
* be used on both platforms.
*/
#define SOCKET int
/*!
* \brief In Winsock, the error return if socket() fails is INVALID_SOCKET;
* in UN*X, it's -1.
* We define INVALID_SOCKET to be -1 on UN*X, so that it can be used on
* both platforms.
*/
#define INVALID_SOCKET -1
#endif
// \{
SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf);
int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf);
int pcap_remoteact_close(const char *host, char *errbuf);
void pcap_remoteact_cleanup();
PCAP_API SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf);
PCAP_API int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf);
PCAP_API int pcap_remoteact_close(const char *host, char *errbuf);
PCAP_API void pcap_remoteact_cleanup();
// \}
// End of remote capture functions

4
nping/nping.vcxproj
View File

@@ -57,7 +57,7 @@
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>.;..;..\mswin32;../nbase;..\nsock\include;..\mswin32\pcap-include;..\libdnet-stripped\include;..\..\nmap-mswin32-aux\OpenSSL\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_CONSOLE;BPF_MAJOR_VERSION;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessToFile>false</PreprocessToFile>
<PreprocessSuppressLineNumbers>false</PreprocessSuppressLineNumbers>
<PreprocessKeepComments>false</PreprocessKeepComments>
@@ -103,7 +103,7 @@
<Optimization>MaxSpeed</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<AdditionalIncludeDirectories>.;..;..\mswin32;../nbase;..\nsock\include;..\mswin32\pcap-include;..\libdnet-stripped\include;..\..\nmap-mswin32-aux\OpenSSL\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_CONSOLE;BPF_MAJOR_VERSION;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeader>