diff --git a/mswin32/lib/Packet.lib b/mswin32/lib/Packet.lib index c2b2a399b..02ba9e27f 100644 Binary files a/mswin32/lib/Packet.lib and b/mswin32/lib/Packet.lib differ diff --git a/mswin32/lib/Wpcap.lib b/mswin32/lib/Wpcap.lib index 2605753e0..5e31f785d 100644 Binary files a/mswin32/lib/Wpcap.lib and b/mswin32/lib/Wpcap.lib differ diff --git a/mswin32/libpcap-note.txt b/mswin32/libpcap-note.txt deleted file mode 100644 index 7e8fed1e3..000000000 --- a/mswin32/libpcap-note.txt +++ /dev/null @@ -1,12 +0,0 @@ -The libpcap in this folder is _not_ the binary from -netgroup-serv.polito.it/winpcap. - -It has been recompiled w/ /Zl to allow correct linkage. -I have submitted a bug report to the winpcap folks, -who say they'll fix this in the next version. - -(source is available at the above-mentioned website) - -[ Note -- this was written by Andy Lutomirski when the latest libpcap - was 2.02 ( http://netgroup-serv.polito.it/winpcap/ ) -- Fyodor ] - diff --git a/mswin32/pcap-include/Packet32.h b/mswin32/pcap-include/Packet32.h index c821d2951..5c3c3a904 100644 --- a/mswin32/pcap-include/Packet32.h +++ b/mswin32/pcap-include/Packet32.h @@ -52,7 +52,7 @@ #else #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_) #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ -typedef struct _AirpcapHandle *PAirpcapHandle; +typedef struct _AirpcapHandle* PAirpcapHandle; #endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */ #endif /* HAVE_AIRPCAP_API */ @@ -105,10 +105,10 @@ typedef struct NetType The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet. */ -struct bpf_program +struct bpf_program { UINT bf_len; ///< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. - struct bpf_insn *bf_insns; ///< A pointer to the first instruction of the program. + struct bpf_insn* bf_insns; ///< A pointer to the first instruction of the program. }; /*! @@ -116,11 +116,11 @@ struct bpf_program bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver. */ -struct bpf_insn +struct bpf_insn { - USHORT code; ///< Instruction type and addressing mode. - UCHAR jt; ///< Jump if true - UCHAR jf; ///< Jump if false + USHORT code; ///< Instruction type and addressing mode. + UCHAR jt; ///< Jump if true + UCHAR jf; ///< Jump if false int k; ///< Generic field used for various purposes. }; @@ -129,17 +129,17 @@ struct bpf_insn It is used by packet.dll to return statistics about a capture session. */ -struct bpf_stat +struct bpf_stat { UINT bs_recv; ///< Number of packets that the driver received from the network adapter - ///< from the beginning of the current capture. This value includes the packets - ///< lost by the driver. + ///< from the beginning of the current capture. This value includes the packets + ///< lost by the driver. UINT bs_drop; ///< number of packets that the driver lost from the beginning of a capture. - ///< Basically, a packet is lost when the the buffer of the driver is full. - ///< In this situation the packet cannot be stored and the driver rejects it. + ///< Basically, a packet is lost when the the buffer of the driver is full. + ///< In this situation the packet cannot be stored and the driver rejects it. UINT ps_ifdrop; ///< drops by interface. XXX not yet supported UINT bs_capt; ///< number of packets that pass the filter, find place in the kernel buffer and - ///< thus reach the application. + ///< thus reach the application. }; /*! @@ -147,18 +147,18 @@ struct bpf_stat This structure defines the header associated with every packet delivered to the application. */ -struct bpf_hdr +struct bpf_hdr { - struct timeval bh_tstamp; ///< The timestamp associated with the captured packet. - ///< It is stored in a TimeVal structure. - UINT bh_caplen; ///< Length of captured portion. The captured portion can be different - ///< from the original packet, because it is possible (with a proper filter) - ///< to instruct the driver to capture only a portion of the packets. - UINT bh_datalen; ///< Original length of packet - USHORT bh_hdrlen; ///< Length of bpf header (this struct plus alignment padding). In some cases, - ///< a padding could be added between the end of this structure and the packet - ///< data for performance reasons. This filed can be used to retrieve the actual data - ///< of the packet. + struct timeval bh_tstamp; ///< The timestamp associated with the captured packet. + ///< It is stored in a TimeVal structure. + UINT bh_caplen; ///< Length of captured portion. The captured portion can be different + ///< from the original packet, because it is possible (with a proper filter) + ///< to instruct the driver to capture only a portion of the packets. + UINT bh_datalen; ///< Original length of packet + USHORT bh_hdrlen; ///< Length of bpf header (this struct plus alignment padding). In some cases, + ///< a padding could be added between the end of this structure and the packet + ///< data for performance reasons. This filed can be used to retrieve the actual data + ///< of the packet. }; /*! @@ -168,12 +168,13 @@ struct bpf_hdr It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a packet in a dump file. This makes straightforward sending WinPcap dump files to the network. */ -struct dump_bpf_hdr{ - struct timeval ts; ///< Time stamp of the packet - UINT caplen; ///< Length of captured portion. The captured portion can smaller than the - ///< the original packet, because it is possible (with a proper filter) to - ///< instruct the driver to capture only a portion of the packets. - UINT len; ///< Length of the original packet (off wire). +struct dump_bpf_hdr +{ + struct timeval ts; ///< Time stamp of the packet + UINT caplen; ///< Length of captured portion. The captured portion can smaller than the + ///< the original packet, because it is possible (with a proper filter) to + ///< instruct the driver to capture only a portion of the packets. + UINT len; ///< Length of the original packet (off wire). }; @@ -181,9 +182,9 @@ struct dump_bpf_hdr{ struct bpf_stat; -#define DOSNAMEPREFIX TEXT("Packet_") ///< Prefix added to the adapters device names to create the WinPcap devices -#define MAX_LINK_NAME_LENGTH 64 //< Maximum length of the devices symbolic links -#define NMAX_PACKET 65535 +#define DOSNAMEPREFIX TEXT("Packet_") ///< Prefix added to the adapters device names to create the WinPcap devices +#define MAX_LINK_NAME_LENGTH 64 //< Maximum length of the devices symbolic links +#define NMAX_PACKET 65535 /*! \brief Addresses of a network adapter. @@ -191,7 +192,8 @@ struct bpf_stat; This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with an adapter. */ -typedef struct npf_if_addr { +typedef struct npf_if_addr +{ struct sockaddr_storage IPAddress; ///< IP address. struct sockaddr_storage SubnetMask; ///< Netmask for that address. struct sockaddr_storage Broadcast; ///< Broadcast address. @@ -205,7 +207,7 @@ typedef struct npf_if_addr { typedef struct WAN_ADAPTER_INT WAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API -typedef WAN_ADAPTER *PWAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API +typedef WAN_ADAPTER* PWAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API #define INFO_FLAG_NDIS_ADAPTER 0 ///< Flag for ADAPTER_INFO: this is a traditional ndis adapter #define INFO_FLAG_NDISWAN_ADAPTER 1 ///< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET @@ -221,27 +223,28 @@ typedef WAN_ADAPTER *PWAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) This structure is the most important for the functioning of packet.dll, but the great part of its fields should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters */ -typedef struct _ADAPTER { +typedef struct _ADAPTER +{ HANDLE hFile; ///< \internal Handle to an open instance of the NPF driver. - CHAR SymbolicLink[MAX_LINK_NAME_LENGTH]; ///< \internal A string containing the name of the network adapter currently opened. + CHAR SymbolicLink[MAX_LINK_NAME_LENGTH]; ///< \internal A string containing the name of the network adapter currently opened. int NumWrites; ///< \internal Number of times a packets written on this adapter will be repeated - ///< on the wire. + ///< on the wire. HANDLE ReadEvent; ///< A notification event associated with the read calls on the adapter. - ///< It can be passed to standard Win32 functions (like WaitForSingleObject - ///< or WaitForMultipleObjects) to wait until the driver's buffer contains some - ///< data. It is particularly useful in GUI applications that need to wait - ///< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() - ///< function can be used to define the minimum amount of data in the kernel buffer - ///< that will cause the event to be signalled. - + ///< It can be passed to standard Win32 functions (like WaitForSingleObject + ///< or WaitForMultipleObjects) to wait until the driver's buffer contains some + ///< data. It is particularly useful in GUI applications that need to wait + ///< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() + ///< function can be used to define the minimum amount of data in the kernel buffer + ///< that will cause the event to be signalled. + UINT ReadTimeOut; ///< \internal The amount of time after which a read on the driver will be released and - ///< ReadEvent will be signaled, also if no packets were captured + ///< ReadEvent will be signaled, also if no packets were captured CHAR Name[ADAPTER_NAME_LENGTH]; PWAN_ADAPTER pWanAdapter; UINT Flags; ///< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. #ifdef HAVE_AIRPCAP_API - PAirpcapHandle AirpcapAd; + PAirpcapHandle AirpcapAd; #endif // HAVE_AIRPCAP_API #ifdef HAVE_NPFIM_API @@ -249,29 +252,30 @@ typedef struct _ADAPTER { #endif // HAVE_NPFIM_API #ifdef HAVE_DAG_API - dagc_t *pDagCard; ///< Pointer to the dagc API adapter descriptor for this adapter + dagc_t* pDagCard; ///< Pointer to the dagc API adapter descriptor for this adapter PCHAR DagBuffer; ///< Pointer to the buffer with the packets that is received from the DAG card struct timeval DagReadTimeout; ///< Read timeout. The dagc API requires a timeval structure unsigned DagFcsLen; ///< Length of the frame check sequence attached to any packet by the card. Obtained from the registry DWORD DagFastProcess; ///< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). #endif // HAVE_DAG_API -} ADAPTER, *LPADAPTER; +} ADAPTER, * LPADAPTER; /*! \brief Structure that contains a group of packets coming from the driver. This structure defines the header associated with every packet delivered to the application. */ -typedef struct _PACKET { - HANDLE hEvent; ///< \deprecated Still present for compatibility with old applications. - OVERLAPPED OverLapped; ///< \deprecated Still present for compatibility with old applications. - PVOID Buffer; ///< Buffer with containing the packets. See the PacketReceivePacket() for - ///< details about the organization of the data in this buffer - UINT Length; ///< Length of the buffer - DWORD ulBytesReceived; ///< Number of valid bytes present in the buffer, i.e. amount of data - ///< received by the last call to PacketReceivePacket() - BOOLEAN bIoComplete; ///< \deprecated Still present for compatibility with old applications. -} PACKET, *LPPACKET; +typedef struct _PACKET +{ + HANDLE hEvent; ///< \deprecated Still present for compatibility with old applications. + OVERLAPPED OverLapped; ///< \deprecated Still present for compatibility with old applications. + PVOID Buffer; ///< Buffer with containing the packets. See the PacketReceivePacket() for + ///< details about the organization of the data in this buffer + UINT Length; ///< Length of the buffer + DWORD ulBytesReceived; ///< Number of valid bytes present in the buffer, i.e. amount of data + ///< received by the last call to PacketReceivePacket() + BOOLEAN bIoComplete; ///< \deprecated Still present for compatibility with old applications. +} PACKET, * LPPACKET; /*! \brief Structure containing an OID request. @@ -280,76 +284,84 @@ typedef struct _PACKET { It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address, the list of the multicast groups defined on it, and so on. */ -struct _PACKET_OID_DATA { - ULONG Oid; ///< OID code. See the Microsoft DDK documentation or the file ntddndis.h - ///< for a complete list of valid codes. - ULONG Length; ///< Length of the data field - UCHAR Data[1]; ///< variable-length field that contains the information passed to or received - ///< from the adapter. +struct _PACKET_OID_DATA +{ + ULONG Oid; ///< OID code. See the Microsoft DDK documentation or the file ntddndis.h + ///< for a complete list of valid codes. + ULONG Length; ///< Length of the data field + UCHAR Data[1]; ///< variable-lenght field that contains the information passed to or received + ///< from the adapter. }; -typedef struct _PACKET_OID_DATA PACKET_OID_DATA, *PPACKET_OID_DATA; +typedef struct _PACKET_OID_DATA PACKET_OID_DATA, * PPACKET_OID_DATA; #ifdef __cplusplus -extern "C" { +extern "C" +{ #endif -/** - * @} - */ + /** + * @} + */ -/* -BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, - CHAR *Value, - UINT *pValueLen, - CHAR *DefaultVal); + /* + BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, + CHAR *Value, + UINT *pValueLen, + CHAR *DefaultVal); + BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, + WCHAR *Value, + UINT *pValueLen, + WCHAR *DefaultVal); + */ -BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, - WCHAR *Value, - UINT *pValueLen, - WCHAR *DefaultVal); -*/ - -//--------------------------------------------------------------------------- -// EXPORTED FUNCTIONS -//--------------------------------------------------------------------------- + //--------------------------------------------------------------------------- + // EXPORTED FUNCTIONS + //--------------------------------------------------------------------------- -PCHAR PacketGetVersion(); -PCHAR PacketGetDriverVersion(); -BOOLEAN PacketSetMinToCopy(LPADAPTER AdapterObject,int nbytes); -BOOLEAN PacketSetNumWrites(LPADAPTER AdapterObject,int nwrites); -BOOLEAN PacketSetMode(LPADAPTER AdapterObject,int mode); -BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject,int timeout); -BOOLEAN PacketSetBpf(LPADAPTER AdapterObject,struct bpf_program *fp); -BOOLEAN PacketSetLoopbackBehavior(LPADAPTER AdapterObject, UINT LoopbackBehavior); -INT PacketSetSnapLen(LPADAPTER AdapterObject,int snaplen); -BOOLEAN PacketGetStats(LPADAPTER AdapterObject,struct bpf_stat *s); -BOOLEAN PacketGetStatsEx(LPADAPTER AdapterObject,struct bpf_stat *s); -BOOLEAN PacketSetBuff(LPADAPTER AdapterObject,int dim); -BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type); -LPADAPTER PacketOpenAdapter(PCHAR AdapterName); -BOOLEAN PacketSendPacket(LPADAPTER AdapterObject,LPPACKET pPacket,BOOLEAN Sync); -INT PacketSendPackets(LPADAPTER AdapterObject,PVOID PacketBuff,ULONG Size, BOOLEAN Sync); -LPPACKET PacketAllocatePacket(void); -VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length); -VOID PacketFreePacket(LPPACKET lpPacket); -BOOLEAN PacketReceivePacket(LPADAPTER AdapterObject,LPPACKET lpPacket,BOOLEAN Sync); -BOOLEAN PacketSetHwFilter(LPADAPTER AdapterObject,ULONG Filter); -BOOLEAN PacketGetAdapterNames(PTSTR pStr,PULONG BufferSize); -BOOLEAN PacketGetNetInfoEx(PCHAR AdapterName, npf_if_addr* buffer, PLONG NEntries); -BOOLEAN PacketRequest(LPADAPTER AdapterObject,BOOLEAN Set,PPACKET_OID_DATA OidData); -HANDLE PacketGetReadEvent(LPADAPTER AdapterObject); -BOOLEAN PacketSetDumpName(LPADAPTER AdapterObject, void *name, int len); -BOOLEAN PacketSetDumpLimits(LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks); -BOOLEAN PacketIsDumpEnded(LPADAPTER AdapterObject, BOOLEAN sync); -BOOL PacketStopDriver(); -VOID PacketCloseAdapter(LPADAPTER lpAdapter); -BOOLEAN PacketStartOem(PCHAR errorString, UINT errorStringLength); -BOOLEAN PacketStartOemEx(PCHAR errorString, UINT errorStringLength, ULONG flags); -PAirpcapHandle PacketGetAirPcapHandle(LPADAPTER AdapterObject); + PCHAR PacketGetVersion(); + PCHAR PacketGetDriverVersion(); + PCHAR PacketGetDriverName(); + BOOLEAN PacketSetMinToCopy(LPADAPTER AdapterObject, int nbytes); + BOOLEAN PacketSetNumWrites(LPADAPTER AdapterObject, int nwrites); + BOOLEAN PacketSetMode(LPADAPTER AdapterObject, int mode); + BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject, int timeout); + BOOLEAN PacketSetBpf(LPADAPTER AdapterObject, struct bpf_program* fp); + BOOLEAN PacketSetLoopbackBehavior(LPADAPTER AdapterObject, UINT LoopbackBehavior); + INT PacketSetSnapLen(LPADAPTER AdapterObject, int snaplen); + BOOLEAN PacketGetStats(LPADAPTER AdapterObject, struct bpf_stat* s); + BOOLEAN PacketGetStatsEx(LPADAPTER AdapterObject, struct bpf_stat* s); + BOOLEAN PacketSetBuff(LPADAPTER AdapterObject, int dim); + BOOLEAN PacketGetNetType(LPADAPTER AdapterObject, NetType* type); + BOOLEAN PacketGetNetType2(PCHAR AdapterName, NetType *type); + BOOLEAN PacketIsLoopbackAdapter(LPADAPTER AdapterObject); + int PacketIsMonitorModeSupported(PCHAR AdapterName); + int PacketSetMonitorMode(PCHAR AdapterName, int mode); + int PacketGetMonitorMode(PCHAR AdapterName); + LPADAPTER PacketOpenAdapter(PCHAR AdapterName); + BOOLEAN PacketSendPacket(LPADAPTER AdapterObject, LPPACKET pPacket, BOOLEAN Sync); + INT PacketSendPackets(LPADAPTER AdapterObject, PVOID PacketBuff, ULONG Size, BOOLEAN Sync); + LPPACKET PacketAllocatePacket(void); + VOID PacketInitPacket(LPPACKET lpPacket, PVOID Buffer, UINT Length); + VOID PacketFreePacket(LPPACKET lpPacket); + BOOLEAN PacketReceivePacket(LPADAPTER AdapterObject, LPPACKET lpPacket, BOOLEAN Sync); + BOOLEAN PacketSetHwFilter(LPADAPTER AdapterObject, ULONG Filter); + BOOLEAN PacketGetAdapterNames(PCHAR pStr, PULONG BufferSize); + BOOLEAN PacketGetNetInfoEx(PCHAR AdapterName, npf_if_addr* buffer, PLONG NEntries); + BOOLEAN PacketRequest(LPADAPTER AdapterObject, BOOLEAN Set, PPACKET_OID_DATA OidData); + HANDLE PacketGetReadEvent(LPADAPTER AdapterObject); + BOOLEAN PacketSetDumpName(LPADAPTER AdapterObject, void* name, int len); + BOOLEAN PacketSetDumpLimits(LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks); + BOOLEAN PacketIsDumpEnded(LPADAPTER AdapterObject, BOOLEAN sync); + BOOL PacketStopDriver(); + BOOL PacketStopDriver60(); + VOID PacketCloseAdapter(LPADAPTER lpAdapter); + BOOLEAN PacketStartOem(PCHAR errorString, UINT errorStringLength); + BOOLEAN PacketStartOemEx(PCHAR errorString, UINT errorStringLength, ULONG flags); + PAirpcapHandle PacketGetAirPcapHandle(LPADAPTER AdapterObject); -// -// Used by PacketStartOemEx -// + // + // Used by PacketStartOemEx + // #define PACKET_START_OEM_NO_NETMON 0x00000001 #ifdef __cplusplus diff --git a/mswin32/pcap-include/pcap-int.h b/mswin32/pcap-include/pcap-int.h index 7db7ff5e6..90326acf2 100644 --- a/mswin32/pcap-include/pcap-int.h +++ b/mswin32/pcap-include/pcap-int.h @@ -1,469 +1,469 @@ -/* - * Copyright (c) 1994, 1995, 1996 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Computer Systems - * Engineering Group at Lawrence Berkeley Laboratory. - * 4. Neither the name of the University nor of the Laboratory may be used - * to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef pcap_int_h -#define pcap_int_h - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(_WIN32) - /* - * Make sure Packet32.h doesn't define BPF structures that we've - * probably already defined as a result of including . - */ - #define BPF_MAJOR_VERSION - #include -#elif defined(MSDOS) - #include - #include -#endif - -#if (defined(_MSC_VER) && (_MSC_VER <= 1200)) /* we are compiling with Visual Studio 6, that doesn't support the LL suffix*/ - -/* - * Swap byte ordering of unsigned long long timestamp on a big endian - * machine. - */ -#define SWAPLL(ull) ((ull & 0xff00000000000000) >> 56) | \ - ((ull & 0x00ff000000000000) >> 40) | \ - ((ull & 0x0000ff0000000000) >> 24) | \ - ((ull & 0x000000ff00000000) >> 8) | \ - ((ull & 0x00000000ff000000) << 8) | \ - ((ull & 0x0000000000ff0000) << 24) | \ - ((ull & 0x000000000000ff00) << 40) | \ - ((ull & 0x00000000000000ff) << 56) - -#else /* A recent Visual studio compiler or not VC */ - -/* - * Swap byte ordering of unsigned long long timestamp on a big endian - * machine. - */ -#define SWAPLL(ull) ((ull & 0xff00000000000000LL) >> 56) | \ - ((ull & 0x00ff000000000000LL) >> 40) | \ - ((ull & 0x0000ff0000000000LL) >> 24) | \ - ((ull & 0x000000ff00000000LL) >> 8) | \ - ((ull & 0x00000000ff000000LL) << 8) | \ - ((ull & 0x0000000000ff0000LL) << 24) | \ - ((ull & 0x000000000000ff00LL) << 40) | \ - ((ull & 0x00000000000000ffLL) << 56) - -#endif /* _MSC_VER */ - -/* - * Maximum snapshot length. - * - * Somewhat arbitrary, but chosen to be: - * - * 1) big enough for maximum-size Linux loopback packets (65549) - * and some USB packets captured with USBPcap: - * - * http://desowin.org/usbpcap/ - * - * (> 131072, < 262144) - * - * and - * - * 2) small enough not to cause attempts to allocate huge amounts of - * memory; some applications might use the snapshot length in a - * savefile header to control the size of the buffer they allocate, - * so a size of, say, 2^31-1 might not work well. - * - * We don't enforce this in pcap_set_snaplen(), but we use it internally. - */ -#define MAXIMUM_SNAPLEN 262144 - -struct pcap_opt { - char *device; - int timeout; /* timeout for buffering */ - u_int buffer_size; - int promisc; - int rfmon; /* monitor mode */ - int immediate; /* immediate mode - deliver packets as soon as they arrive */ - int tstamp_type; - int tstamp_precision; -}; - -typedef int (*activate_op_t)(pcap_t *); -typedef int (*can_set_rfmon_op_t)(pcap_t *); -typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *); -typedef int (*inject_op_t)(pcap_t *, const void *, size_t); -typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); -typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t); -typedef int (*set_datalink_op_t)(pcap_t *, int); -typedef int (*getnonblock_op_t)(pcap_t *, char *); -typedef int (*setnonblock_op_t)(pcap_t *, int, char *); -typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *); -#ifdef _WIN32 -typedef struct pcap_stat *(*stats_ex_op_t)(pcap_t *, int *); -typedef int (*setbuff_op_t)(pcap_t *, int); -typedef int (*setmode_op_t)(pcap_t *, int); -typedef int (*setmintocopy_op_t)(pcap_t *, int); -typedef HANDLE (*getevent_op_t)(pcap_t *); -typedef int (*oid_get_request_op_t)(pcap_t *, bpf_u_int32, void *, size_t *); -typedef int (*oid_set_request_op_t)(pcap_t *, bpf_u_int32, const void *, size_t *); -typedef u_int (*sendqueue_transmit_op_t)(pcap_t *, pcap_send_queue *, int); -typedef int (*setuserbuffer_op_t)(pcap_t *, int); -typedef int (*live_dump_op_t)(pcap_t *, char *, int, int); -typedef int (*live_dump_ended_op_t)(pcap_t *, int); -typedef PAirpcapHandle (*get_airpcap_handle_op_t)(pcap_t *); -#endif -typedef void (*cleanup_op_t)(pcap_t *); - -/* - * We put all the stuff used in the read code path at the beginning, - * to try to keep it together in the same cache line or lines. - */ -struct pcap { - /* - * Method to call to read packets on a live capture. - */ - read_op_t read_op; - - /* - * Method to call to read packets from a savefile. - */ - int (*next_packet_op)(pcap_t *, struct pcap_pkthdr *, u_char **); - -#ifdef _WIN32 - ADAPTER *adapter; -#else - int fd; - int selectable_fd; -#endif /* _WIN32 */ - - /* - * Read buffer. - */ - u_int bufsize; - void *buffer; - u_char *bp; - int cc; - - int break_loop; /* flag set to force break from packet-reading loop */ - - void *priv; /* private data for methods */ - - int swapped; - FILE *rfile; /* null if live capture, non-null if savefile */ - u_int fddipad; - struct pcap *next; /* list of open pcaps that need stuff cleared on close */ - - /* - * File version number; meaningful only for a savefile, but we - * keep it here so that apps that (mistakenly) ask for the - * version numbers will get the same zero values that they - * always did. - */ - int version_major; - int version_minor; - - int snapshot; - int linktype; /* Network linktype */ - int linktype_ext; /* Extended information stored in the linktype field of a file */ - int tzoff; /* timezone offset */ - int offset; /* offset for proper alignment */ - int activated; /* true if the capture is really started */ - int oldstyle; /* if we're opening with pcap_open_live() */ - - struct pcap_opt opt; - - /* - * Place holder for pcap_next(). - */ - u_char *pkt; - -#ifdef _WIN32 - struct pcap_stat stat; /* used for pcap_stats_ex() */ -#endif - - /* We're accepting only packets in this direction/these directions. */ - pcap_direction_t direction; - - /* - * Flags to affect BPF code generation. - */ - int bpf_codegen_flags; - - /* - * Placeholder for filter code if bpf not in kernel. - */ - struct bpf_program fcode; - - char errbuf[PCAP_ERRBUF_SIZE + 1]; - int dlt_count; - u_int *dlt_list; - int tstamp_type_count; - u_int *tstamp_type_list; - int tstamp_precision_count; - u_int *tstamp_precision_list; - - struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */ - - /* - * More methods. - */ - activate_op_t activate_op; - can_set_rfmon_op_t can_set_rfmon_op; - inject_op_t inject_op; - setfilter_op_t setfilter_op; - setdirection_op_t setdirection_op; - set_datalink_op_t set_datalink_op; - getnonblock_op_t getnonblock_op; - setnonblock_op_t setnonblock_op; - stats_op_t stats_op; - - /* - * Routine to use as callback for pcap_next()/pcap_next_ex(). - */ - pcap_handler oneshot_callback; - -#ifdef _WIN32 - /* - * These are, at least currently, specific to the Win32 NPF - * driver. - */ - stats_ex_op_t stats_ex_op; - setbuff_op_t setbuff_op; - setmode_op_t setmode_op; - setmintocopy_op_t setmintocopy_op; - getevent_op_t getevent_op; - oid_get_request_op_t oid_get_request_op; - oid_set_request_op_t oid_set_request_op; - sendqueue_transmit_op_t sendqueue_transmit_op; - setuserbuffer_op_t setuserbuffer_op; - live_dump_op_t live_dump_op; - live_dump_ended_op_t live_dump_ended_op; - get_airpcap_handle_op_t get_airpcap_handle_op; -#endif - cleanup_op_t cleanup_op; -}; - -/* - * BPF code generation flags. - */ -#define BPF_SPECIAL_VLAN_HANDLING 0x00000001 /* special VLAN handling for Linux */ - -/* - * This is a timeval as stored in a savefile. - * It has to use the same types everywhere, independent of the actual - * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some - * platforms and 64-bit tv_sec values on other platforms, and writing - * out native `struct timeval' values would mean files could only be - * read on systems with the same tv_sec size as the system on which - * the file was written. - */ - -struct pcap_timeval { - bpf_int32 tv_sec; /* seconds */ - bpf_int32 tv_usec; /* microseconds */ -}; - -/* - * This is a `pcap_pkthdr' as actually stored in a savefile. - * - * Do not change the format of this structure, in any way (this includes - * changes that only affect the length of fields in this structure), - * and do not make the time stamp anything other than seconds and - * microseconds (e.g., seconds and nanoseconds). Instead: - * - * introduce a new structure for the new format; - * - * send mail to "tcpdump-workers@lists.tcpdump.org", requesting - * a new magic number for your new capture file format, and, when - * you get the new magic number, put it in "savefile.c"; - * - * use that magic number for save files with the changed record - * header; - * - * make the code in "savefile.c" capable of reading files with - * the old record header as well as files with the new record header - * (using the magic number to determine the header format). - * - * Then supply the changes by forking the branch at - * - * https://github.com/the-tcpdump-group/libpcap/issues - * - * and issuing a pull request, so that future versions of libpcap and - * programs that use it (such as tcpdump) will be able to read your new - * capture file format. - */ - -struct pcap_sf_pkthdr { - struct pcap_timeval ts; /* time stamp */ - bpf_u_int32 caplen; /* length of portion present */ - bpf_u_int32 len; /* length this packet (off wire) */ -}; - -/* - * How a `pcap_pkthdr' is actually stored in savefiles written - * by some patched versions of libpcap (e.g. the ones in Red - * Hat Linux 6.1 and 6.2). - * - * Do not change the format of this structure, in any way (this includes - * changes that only affect the length of fields in this structure). - * Instead, introduce a new structure, as per the above. - */ - -struct pcap_sf_patched_pkthdr { - struct pcap_timeval ts; /* time stamp */ - bpf_u_int32 caplen; /* length of portion present */ - bpf_u_int32 len; /* length this packet (off wire) */ - int index; - unsigned short protocol; - unsigned char pkt_type; -}; - -/* - * User data structure for the one-shot callback used for pcap_next() - * and pcap_next_ex(). - */ -struct oneshot_userdata { - struct pcap_pkthdr *hdr; - const u_char **pkt; - pcap_t *pd; -}; - -#ifndef min -#define min(a, b) ((a) > (b) ? (b) : (a)) -#endif - -int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); - -#include - -#include "portability.h" - -/* - * Does the packet count argument to a module's read routine say - * "supply packets until you run out of packets"? - */ -#define PACKET_COUNT_IS_UNLIMITED(count) ((count) <= 0) - -/* - * Routines that most pcap implementations can use for non-blocking mode. - */ -#if !defined(_WIN32) && !defined(MSDOS) -int pcap_getnonblock_fd(pcap_t *, char *); -int pcap_setnonblock_fd(pcap_t *p, int, char *); -#endif - -/* - * Internal interfaces for "pcap_create()". - * - * "pcap_create_interface()" is the routine to do a pcap_create on - * a regular network interface. There are multiple implementations - * of this, one for each platform type (Linux, BPF, DLPI, etc.), - * with the one used chosen by the configure script. - * - * "pcap_create_common()" allocates and fills in a pcap_t, for use - * by pcap_create routines. - */ -pcap_t *pcap_create_interface(const char *, char *); -pcap_t *pcap_create_common(char *, size_t); -int pcap_do_addexit(pcap_t *); -void pcap_add_to_pcaps_to_close(pcap_t *); -void pcap_remove_from_pcaps_to_close(pcap_t *); -void pcap_cleanup_live_common(pcap_t *); -int pcap_check_activated(pcap_t *); - -/* - * Internal interfaces for "pcap_findalldevs()". - * - * "pcap_platform_finddevs()" is a platform-dependent routine to - * find local network interfaces. - * - * "pcap_findalldevs_interfaces()" is a helper to find those interfaces - * using the "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.). - * - * "pcap_add_if()" adds an interface to the list of interfaces, for - * use by various "find interfaces" routines. - */ -int pcap_platform_finddevs(pcap_if_t **, char *); -#if !defined(_WIN32) && !defined(MSDOS) -int pcap_findalldevs_interfaces(pcap_if_t **, char *, - int (*)(const char *)); -#endif -int add_addr_to_iflist(pcap_if_t **, const char *, bpf_u_int32, - struct sockaddr *, size_t, struct sockaddr *, size_t, - struct sockaddr *, size_t, struct sockaddr *, size_t, char *); -int add_addr_to_dev(pcap_if_t *, struct sockaddr *, size_t, - struct sockaddr *, size_t, struct sockaddr *, size_t, - struct sockaddr *dstaddr, size_t, char *errbuf); -int pcap_add_if(pcap_if_t **, const char *, bpf_u_int32, const char *, - char *); -int add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, bpf_u_int32, - const char *, char *); -#ifndef _WIN32 -bpf_u_int32 if_flags_to_pcap_flags(const char *, u_int); -#endif - -/* - * Internal interfaces for "pcap_open_offline()". - * - * "pcap_open_offline_common()" allocates and fills in a pcap_t, for use - * by pcap_open_offline routines. - * - * "sf_cleanup()" closes the file handle associated with a pcap_t, if - * appropriate, and frees all data common to all modules for handling - * savefile types. - */ -pcap_t *pcap_open_offline_common(char *ebuf, size_t size); -void sf_cleanup(pcap_t *p); - -/* - * Internal interfaces for both "pcap_create()" and routines that - * open savefiles. - * - * "pcap_oneshot()" is the standard one-shot callback for "pcap_next()" - * and "pcap_next_ex()". - */ -void pcap_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *); - -#ifdef _WIN32 -void pcap_win32_err_to_str(DWORD, char *); -#endif - -int install_bpf_program(pcap_t *, struct bpf_program *); - -int pcap_strcasecmp(const char *, const char *); - -#ifdef __cplusplus -} -#endif - -#endif +/* + * Copyright (c) 1994, 1995, 1996 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Computer Systems + * Engineering Group at Lawrence Berkeley Laboratory. + * 4. Neither the name of the University nor of the Laboratory may be used + * to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef pcap_int_h +#define pcap_int_h + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(_WIN32) + /* + * Make sure Packet32.h doesn't define BPF structures that we've + * probably already defined as a result of including . + */ + #define BPF_MAJOR_VERSION + #include +#elif defined(MSDOS) + #include + #include +#endif + +#if (defined(_MSC_VER) && (_MSC_VER <= 1200)) /* we are compiling with Visual Studio 6, that doesn't support the LL suffix*/ + +/* + * Swap byte ordering of unsigned long long timestamp on a big endian + * machine. + */ +#define SWAPLL(ull) ((ull & 0xff00000000000000) >> 56) | \ + ((ull & 0x00ff000000000000) >> 40) | \ + ((ull & 0x0000ff0000000000) >> 24) | \ + ((ull & 0x000000ff00000000) >> 8) | \ + ((ull & 0x00000000ff000000) << 8) | \ + ((ull & 0x0000000000ff0000) << 24) | \ + ((ull & 0x000000000000ff00) << 40) | \ + ((ull & 0x00000000000000ff) << 56) + +#else /* A recent Visual studio compiler or not VC */ + +/* + * Swap byte ordering of unsigned long long timestamp on a big endian + * machine. + */ +#define SWAPLL(ull) ((ull & 0xff00000000000000LL) >> 56) | \ + ((ull & 0x00ff000000000000LL) >> 40) | \ + ((ull & 0x0000ff0000000000LL) >> 24) | \ + ((ull & 0x000000ff00000000LL) >> 8) | \ + ((ull & 0x00000000ff000000LL) << 8) | \ + ((ull & 0x0000000000ff0000LL) << 24) | \ + ((ull & 0x000000000000ff00LL) << 40) | \ + ((ull & 0x00000000000000ffLL) << 56) + +#endif /* _MSC_VER */ + +/* + * Maximum snapshot length. + * + * Somewhat arbitrary, but chosen to be: + * + * 1) big enough for maximum-size Linux loopback packets (65549) + * and some USB packets captured with USBPcap: + * + * http://desowin.org/usbpcap/ + * + * (> 131072, < 262144) + * + * and + * + * 2) small enough not to cause attempts to allocate huge amounts of + * memory; some applications might use the snapshot length in a + * savefile header to control the size of the buffer they allocate, + * so a size of, say, 2^31-1 might not work well. + * + * We don't enforce this in pcap_set_snaplen(), but we use it internally. + */ +#define MAXIMUM_SNAPLEN 262144 + +struct pcap_opt { + char *device; + int timeout; /* timeout for buffering */ + u_int buffer_size; + int promisc; + int rfmon; /* monitor mode */ + int immediate; /* immediate mode - deliver packets as soon as they arrive */ + int tstamp_type; + int tstamp_precision; +}; + +typedef int (*activate_op_t)(pcap_t *); +typedef int (*can_set_rfmon_op_t)(pcap_t *); +typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *); +typedef int (*inject_op_t)(pcap_t *, const void *, size_t); +typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); +typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t); +typedef int (*set_datalink_op_t)(pcap_t *, int); +typedef int (*getnonblock_op_t)(pcap_t *, char *); +typedef int (*setnonblock_op_t)(pcap_t *, int, char *); +typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *); +#ifdef _WIN32 +typedef struct pcap_stat *(*stats_ex_op_t)(pcap_t *, int *); +typedef int (*setbuff_op_t)(pcap_t *, int); +typedef int (*setmode_op_t)(pcap_t *, int); +typedef int (*setmintocopy_op_t)(pcap_t *, int); +typedef HANDLE (*getevent_op_t)(pcap_t *); +typedef int (*oid_get_request_op_t)(pcap_t *, bpf_u_int32, void *, size_t *); +typedef int (*oid_set_request_op_t)(pcap_t *, bpf_u_int32, const void *, size_t *); +typedef u_int (*sendqueue_transmit_op_t)(pcap_t *, pcap_send_queue *, int); +typedef int (*setuserbuffer_op_t)(pcap_t *, int); +typedef int (*live_dump_op_t)(pcap_t *, char *, int, int); +typedef int (*live_dump_ended_op_t)(pcap_t *, int); +typedef PAirpcapHandle (*get_airpcap_handle_op_t)(pcap_t *); +#endif +typedef void (*cleanup_op_t)(pcap_t *); + +/* + * We put all the stuff used in the read code path at the beginning, + * to try to keep it together in the same cache line or lines. + */ +struct pcap { + /* + * Method to call to read packets on a live capture. + */ + read_op_t read_op; + + /* + * Method to call to read packets from a savefile. + */ + int (*next_packet_op)(pcap_t *, struct pcap_pkthdr *, u_char **); + +#ifdef _WIN32 + ADAPTER *adapter; +#else + int fd; + int selectable_fd; +#endif /* _WIN32 */ + + /* + * Read buffer. + */ + u_int bufsize; + void *buffer; + u_char *bp; + int cc; + + int break_loop; /* flag set to force break from packet-reading loop */ + + void *priv; /* private data for methods */ + + int swapped; + FILE *rfile; /* null if live capture, non-null if savefile */ + u_int fddipad; + struct pcap *next; /* list of open pcaps that need stuff cleared on close */ + + /* + * File version number; meaningful only for a savefile, but we + * keep it here so that apps that (mistakenly) ask for the + * version numbers will get the same zero values that they + * always did. + */ + int version_major; + int version_minor; + + int snapshot; + int linktype; /* Network linktype */ + int linktype_ext; /* Extended information stored in the linktype field of a file */ + int tzoff; /* timezone offset */ + int offset; /* offset for proper alignment */ + int activated; /* true if the capture is really started */ + int oldstyle; /* if we're opening with pcap_open_live() */ + + struct pcap_opt opt; + + /* + * Place holder for pcap_next(). + */ + u_char *pkt; + +#ifdef _WIN32 + struct pcap_stat stat; /* used for pcap_stats_ex() */ +#endif + + /* We're accepting only packets in this direction/these directions. */ + pcap_direction_t direction; + + /* + * Flags to affect BPF code generation. + */ + int bpf_codegen_flags; + + /* + * Placeholder for filter code if bpf not in kernel. + */ + struct bpf_program fcode; + + char errbuf[PCAP_ERRBUF_SIZE + 1]; + int dlt_count; + u_int *dlt_list; + int tstamp_type_count; + u_int *tstamp_type_list; + int tstamp_precision_count; + u_int *tstamp_precision_list; + + struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */ + + /* + * More methods. + */ + activate_op_t activate_op; + can_set_rfmon_op_t can_set_rfmon_op; + inject_op_t inject_op; + setfilter_op_t setfilter_op; + setdirection_op_t setdirection_op; + set_datalink_op_t set_datalink_op; + getnonblock_op_t getnonblock_op; + setnonblock_op_t setnonblock_op; + stats_op_t stats_op; + + /* + * Routine to use as callback for pcap_next()/pcap_next_ex(). + */ + pcap_handler oneshot_callback; + +#ifdef _WIN32 + /* + * These are, at least currently, specific to the Win32 NPF + * driver. + */ + stats_ex_op_t stats_ex_op; + setbuff_op_t setbuff_op; + setmode_op_t setmode_op; + setmintocopy_op_t setmintocopy_op; + getevent_op_t getevent_op; + oid_get_request_op_t oid_get_request_op; + oid_set_request_op_t oid_set_request_op; + sendqueue_transmit_op_t sendqueue_transmit_op; + setuserbuffer_op_t setuserbuffer_op; + live_dump_op_t live_dump_op; + live_dump_ended_op_t live_dump_ended_op; + get_airpcap_handle_op_t get_airpcap_handle_op; +#endif + cleanup_op_t cleanup_op; +}; + +/* + * BPF code generation flags. + */ +#define BPF_SPECIAL_VLAN_HANDLING 0x00000001 /* special VLAN handling for Linux */ + +/* + * This is a timeval as stored in a savefile. + * It has to use the same types everywhere, independent of the actual + * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some + * platforms and 64-bit tv_sec values on other platforms, and writing + * out native `struct timeval' values would mean files could only be + * read on systems with the same tv_sec size as the system on which + * the file was written. + */ + +struct pcap_timeval { + bpf_int32 tv_sec; /* seconds */ + bpf_int32 tv_usec; /* microseconds */ +}; + +/* + * This is a `pcap_pkthdr' as actually stored in a savefile. + * + * Do not change the format of this structure, in any way (this includes + * changes that only affect the length of fields in this structure), + * and do not make the time stamp anything other than seconds and + * microseconds (e.g., seconds and nanoseconds). Instead: + * + * introduce a new structure for the new format; + * + * send mail to "tcpdump-workers@lists.tcpdump.org", requesting + * a new magic number for your new capture file format, and, when + * you get the new magic number, put it in "savefile.c"; + * + * use that magic number for save files with the changed record + * header; + * + * make the code in "savefile.c" capable of reading files with + * the old record header as well as files with the new record header + * (using the magic number to determine the header format). + * + * Then supply the changes by forking the branch at + * + * https://github.com/the-tcpdump-group/libpcap/issues + * + * and issuing a pull request, so that future versions of libpcap and + * programs that use it (such as tcpdump) will be able to read your new + * capture file format. + */ + +struct pcap_sf_pkthdr { + struct pcap_timeval ts; /* time stamp */ + bpf_u_int32 caplen; /* length of portion present */ + bpf_u_int32 len; /* length this packet (off wire) */ +}; + +/* + * How a `pcap_pkthdr' is actually stored in savefiles written + * by some patched versions of libpcap (e.g. the ones in Red + * Hat Linux 6.1 and 6.2). + * + * Do not change the format of this structure, in any way (this includes + * changes that only affect the length of fields in this structure). + * Instead, introduce a new structure, as per the above. + */ + +struct pcap_sf_patched_pkthdr { + struct pcap_timeval ts; /* time stamp */ + bpf_u_int32 caplen; /* length of portion present */ + bpf_u_int32 len; /* length this packet (off wire) */ + int index; + unsigned short protocol; + unsigned char pkt_type; +}; + +/* + * User data structure for the one-shot callback used for pcap_next() + * and pcap_next_ex(). + */ +struct oneshot_userdata { + struct pcap_pkthdr *hdr; + const u_char **pkt; + pcap_t *pd; +}; + +#ifndef min +#define min(a, b) ((a) > (b) ? (b) : (a)) +#endif + +int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); + +#include + +#include "portability.h" + +/* + * Does the packet count argument to a module's read routine say + * "supply packets until you run out of packets"? + */ +#define PACKET_COUNT_IS_UNLIMITED(count) ((count) <= 0) + +/* + * Routines that most pcap implementations can use for non-blocking mode. + */ +#if !defined(_WIN32) && !defined(MSDOS) +int pcap_getnonblock_fd(pcap_t *, char *); +int pcap_setnonblock_fd(pcap_t *p, int, char *); +#endif + +/* + * Internal interfaces for "pcap_create()". + * + * "pcap_create_interface()" is the routine to do a pcap_create on + * a regular network interface. There are multiple implementations + * of this, one for each platform type (Linux, BPF, DLPI, etc.), + * with the one used chosen by the configure script. + * + * "pcap_create_common()" allocates and fills in a pcap_t, for use + * by pcap_create routines. + */ +pcap_t *pcap_create_interface(const char *, char *); +pcap_t *pcap_create_common(char *, size_t); +int pcap_do_addexit(pcap_t *); +void pcap_add_to_pcaps_to_close(pcap_t *); +void pcap_remove_from_pcaps_to_close(pcap_t *); +void pcap_cleanup_live_common(pcap_t *); +int pcap_check_activated(pcap_t *); + +/* + * Internal interfaces for "pcap_findalldevs()". + * + * "pcap_platform_finddevs()" is a platform-dependent routine to + * find local network interfaces. + * + * "pcap_findalldevs_interfaces()" is a helper to find those interfaces + * using the "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.). + * + * "pcap_add_if()" adds an interface to the list of interfaces, for + * use by various "find interfaces" routines. + */ +int pcap_platform_finddevs(pcap_if_t **, char *); +#if !defined(_WIN32) && !defined(MSDOS) +int pcap_findalldevs_interfaces(pcap_if_t **, char *, + int (*)(const char *)); +#endif +int add_addr_to_iflist(pcap_if_t **, const char *, bpf_u_int32, + struct sockaddr *, size_t, struct sockaddr *, size_t, + struct sockaddr *, size_t, struct sockaddr *, size_t, char *); +int add_addr_to_dev(pcap_if_t *, struct sockaddr *, size_t, + struct sockaddr *, size_t, struct sockaddr *, size_t, + struct sockaddr *dstaddr, size_t, char *errbuf); +int pcap_add_if(pcap_if_t **, const char *, bpf_u_int32, const char *, + char *); +int add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, bpf_u_int32, + const char *, char *); +#ifndef _WIN32 +bpf_u_int32 if_flags_to_pcap_flags(const char *, u_int); +#endif + +/* + * Internal interfaces for "pcap_open_offline()". + * + * "pcap_open_offline_common()" allocates and fills in a pcap_t, for use + * by pcap_open_offline routines. + * + * "sf_cleanup()" closes the file handle associated with a pcap_t, if + * appropriate, and frees all data common to all modules for handling + * savefile types. + */ +pcap_t *pcap_open_offline_common(char *ebuf, size_t size); +void sf_cleanup(pcap_t *p); + +/* + * Internal interfaces for both "pcap_create()" and routines that + * open savefiles. + * + * "pcap_oneshot()" is the standard one-shot callback for "pcap_next()" + * and "pcap_next_ex()". + */ +void pcap_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *); + +#ifdef _WIN32 +void pcap_win32_err_to_str(DWORD, char *); +#endif + +int install_bpf_program(pcap_t *, struct bpf_program *); + +int pcap_strcasecmp(const char *, const char *); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/mswin32/winpcap/LICENSE b/mswin32/winpcap/LICENSE deleted file mode 100644 index 157d49a50..000000000 --- a/mswin32/winpcap/LICENSE +++ /dev/null @@ -1,78 +0,0 @@ -Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy). -Copyright (c) 2005 - 2010 CACE Technologies, Davis (California). -Copyright (c) 2010 - 2013 Riverbed Technology, San Francisco (California). -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. Neither the name of the Politecnico di Torino, CACE Technologies, Riverbed Technology nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -This product includes software developed by the University of California, Lawrence Berkeley Laboratory and its contributors. -This product includes software developed by the Kungliga Tekniska Högskolan and its contributors. -This product includes software developed by Yen Yen Lim and North Dakota State University. - ------------------------------------------- -Portions Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 The Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes software developed by the University of California, Berkeley and its contributors." -4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------- -Portions Copyright (c) 1983 Regents of the University of California. All rights reserved. - -Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. ------------------------------------------- -Portions Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes software developed by the Kungliga Tekniska Högskolan and its contributors." -4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------- -Portions Copyright (c) 1997 Yen Yen Lim and North Dakota State University. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes software developed by Yen Yen Lim and North Dakota State University" -4. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------- -Portions Copyright (c) 1993 by Digital Equipment Corporation. - -Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies, and that the name of Digital Equipment Corporation not be used in advertising or publicity pertaining to distribution of the document or software without specific, written prior permission. -THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ------------------------------------------- -Portions Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -3. Neither the name of the project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------- -Portions Copyright (c) 1996 Juniper Networks, Inc. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution. The name of Juniper Networks may not be used to endorse or promote products derived from this software without specific prior written permission. -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ------------------------------------------- -Portions Copyright (c) 2001 Daniel Hartmeier All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTOR "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------- -Portions Copyright 1989 by Carnegie Mellon. - -Permission to use, copy, modify, and distribute this program for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of Carnegie Mellon not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of Carnegie Mellon and Stanford University. Carnegie Mellon makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. diff --git a/mswin32/winpcap/Upgrading-Instructions.txt b/mswin32/winpcap/Upgrading-Instructions.txt deleted file mode 100644 index 49ea5082d..000000000 --- a/mswin32/winpcap/Upgrading-Instructions.txt +++ /dev/null @@ -1,111 +0,0 @@ -How to upgrade Nmap to a new WinPcap release (2010) ---------------------------------------------------- - -1) Download the latest version of WinPcap from www.winpcap.org and make - a note of the version (for example 4.1). - -2) Update the LICENSE file, if necessary. I couldn't find a plain - WinPcap license file anywhere. There's an HTML version at - http://www.winpcap.org/misc/copyright.htm. You can copy and paste - the license text from the installer into the LICENSE file which should - be saved as PC file format (not UNIX) and ANSI encoding (not UTF-8). - -3) Extract the required files from the setup file using 7-Zip - (http://www.7-zip.org/). The installed files at time of writing are: - - x86: - C:\Program Files\WinPcap\rpcapd.exe - C:\Windows\system32\Packet.dll - C:\Windows\system32\pthreadVC.dll - C:\Windows\system32\wpcap.dll - C:\Windows\system32\drivers\npf.sys - - x64: - C:\Program Files\WinPcap\rpcapd.exe - C:\Windows\SysWOW64\Packet.dll - C:\Windows\system32\Packet.dll - C:\Windows\SysWOW64\pthreadVC.dll - C:\Windows\SysWOW64\wpcap.dll - C:\Windows\system32\wpcap.dll - C:\Windows\system32\drivers\npf.sys - - Check the Details tab to identify the NT5/NT6/AMD64 files. You will need to - extract the files (you can auto rename them to ensure all the files are there) - in order to view the descriptions. - - We do not support NT4, so those files are not required. - - The smaller NT5 version of Packet.dll needs to be extracted into the - mswin32/winpcap/nt5/x86 subdirectory. The larger NT5 version of - Packet.dll needs to be extracted into the mswin32/winpcap/nt5/x64 - subdirectory. - - The smaller Vista version of Packet.dll needs to be extracted into the - mswin32/winpcap/vista/x86 subdirectory. The larger Vista version of - Packet.dll needs to be extracted into the mswin32/winpcap/vista/x64 - subdirectory. - - The smaller version of wpcap.dll needs to be extracted into the - mswin32/winpcap subdirectory. The larger version of wpcap.dll - needs to be extracted into the mswin32/winpcap/x64 subdirectory. - - The x86 version of npf.sys needs to be extracted into the - mswin32/winpcap subdirectory. Right click on each npf.sys, - click "Properties", then select the "Version" tab. The - "Description:" field will have a string containing "x86". - - The AMD64 version of npf.sys needs to be extracted into the - mswin32/winpcap/x64 subdirectory. Right click on each npf.sys, - click "Properties", then select the "Version" tab. The - "Description:" field will have a string containing "AMD64". - -4) Open winpcap-nmap.nsi. Change the version for the following lines: - - Name "WinPcap (Nmap) X.X.X" - OutFile "winpcap-nmap-X.XX.exe - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\winpcap-nmap" "DisplayName" "winpcap-nmap X.XX" - -5) Get the internal 'FileVersion' from wpcap.dll. Right-click on - wpcap.dll and select "Properties", then select the "Version" tab. - Copy the number there into this part of winpcap-nmap.nsi: - - var /GLOBAL my_ver - StrCpy $my_ver "X.X.X.X" <-- file version goes here - -6) Generate the installer by compiling winpcap-nmap.nsi using the - running the command - makensis winpcap-nmap.nsi - Alternately, you can right click the script and select "Compile NSIS Script". - makensis is part of the "Nullsoft Scriptable Install System" at - http://nsis.sourceforge.net/. - -7) Give the installer a test, make sure the correct version appears in - the installer's name and in Add/Remove Programs. You may also want to - try installing it when it is already installed or an older version is - installed. Ideally this should be tested on as many platforms as possible. - The following should be a sufficient minimum, as Windows XP x64 is based - on 2003 x64, 2008 is based on Vista and 2008R2 is the same codebase as 7: - Windows XP - Windows 2003 x64 - Windows Vista - Windows 7 x64 - -8) Open mswin32/nsis/Nmap.nsi and update the references to the winpcap - installer's name. You should only have to change the version number. - The section you need to look at starts like this: - Section "WinPcap X.X" SecWinPcap - -9) Download the WinPcap developer package - (http://www.winpcap.org/devel.htm) and replace all the files in - mswin32/lib/ with the new versions inside the package. - -10) Build the Nmap installer. The best way to do this is to run "make" in - the mswin32 directory. This will build Nmap and run makensis for you. - Test the installer. You may want to try it with Nmap already - installed and with different versions installed. Also check that - everything appears in Add/Remove Programs correctly. - -11) Test Nmap functionallity that uses WinPcap (raw packet scans, raw - packet pings, traceroute). - -12) Sit back and have a cup of coffee, you deserve it :) diff --git a/mswin32/winpcap/final.ini b/mswin32/winpcap/final.ini deleted file mode 100644 index 5e67df2aa..000000000 --- a/mswin32/winpcap/final.ini +++ /dev/null @@ -1,23 +0,0 @@ -[Settings] -NumFields=2 -BackEnabled=0 -NextButtonText=Finish - -[Field 1] -Type=Label -Left=10 -Right=-1 -Top=10 -Bottom=18 -Text=WinPcap has been installed on your computer. -State=0 - -[Field 2] -Type=Label -Left=10 -Right=-1 -Top=30 -Bottom=38 -Text=Click Finish to close this wizard. -State=0 - diff --git a/mswin32/winpcap/npf.sys b/mswin32/winpcap/npf.sys deleted file mode 100644 index 5c8e66c34..000000000 Binary files a/mswin32/winpcap/npf.sys and /dev/null differ diff --git a/mswin32/winpcap/nt5/x64/Packet.dll b/mswin32/winpcap/nt5/x64/Packet.dll deleted file mode 100755 index 4c7ffd67e..000000000 Binary files a/mswin32/winpcap/nt5/x64/Packet.dll and /dev/null differ diff --git a/mswin32/winpcap/nt5/x86/Packet.dll b/mswin32/winpcap/nt5/x86/Packet.dll deleted file mode 100755 index 295cea264..000000000 Binary files a/mswin32/winpcap/nt5/x86/Packet.dll and /dev/null differ diff --git a/mswin32/winpcap/options.ini b/mswin32/winpcap/options.ini deleted file mode 100644 index 0ea5dc525..000000000 --- a/mswin32/winpcap/options.ini +++ /dev/null @@ -1,20 +0,0 @@ -[Settings] -NumFields=2 - -[Field 1] -Type=CheckBox -Left=10 -Right=-1 -Top=20 -Bottom=28 -Text=Start the WinPcap service 'NPF' at startup (recommended on Windows 7, 8 and Vista) -State=1 - -[Field 2] -Type=CheckBox -Left=10 -Right=-1 -Top=10 -Bottom=18 -Text=Start the WinPcap service 'NPF' now -State=1 diff --git a/mswin32/winpcap/pthreadVC.dll b/mswin32/winpcap/pthreadVC.dll deleted file mode 100644 index 2953ab11d..000000000 Binary files a/mswin32/winpcap/pthreadVC.dll and /dev/null differ diff --git a/mswin32/winpcap/rpcapd.exe b/mswin32/winpcap/rpcapd.exe deleted file mode 100755 index 5d34e4409..000000000 Binary files a/mswin32/winpcap/rpcapd.exe and /dev/null differ diff --git a/mswin32/winpcap/vista/x64/Packet.dll b/mswin32/winpcap/vista/x64/Packet.dll deleted file mode 100755 index a8bbfa4e4..000000000 Binary files a/mswin32/winpcap/vista/x64/Packet.dll and /dev/null differ diff --git a/mswin32/winpcap/vista/x86/Packet.dll b/mswin32/winpcap/vista/x86/Packet.dll deleted file mode 100755 index 8bec676a7..000000000 Binary files a/mswin32/winpcap/vista/x86/Packet.dll and /dev/null differ diff --git a/mswin32/winpcap/winpcap-nmap.nsi b/mswin32/winpcap/winpcap-nmap.nsi deleted file mode 100644 index 6c309ec07..000000000 --- a/mswin32/winpcap/winpcap-nmap.nsi +++ /dev/null @@ -1,524 +0,0 @@ -;; Custom winpcap for nmap -;; Recognizes the options (case sensitive): -;; /S silent install -;; /NPFSTARTUP=NO start NPF now and at startup (only has effect with /S) - -;; Started by Doug Hoyte, April 2006 - -;; Eddie Bell -;; Updated to 4.0, June 2007 -;; Updated to 4.01, July 2007 -;; Updated to 4.02, November 2007 - -;; Rob Nicholls -;; Updated to 4.1.1, October 2009 -;; Updated to 4.1.2, July 2010 -;; Updated to 4.1.3, January 2014 - -SetCompressor /SOLID /FINAL lzma - -;-------------------------------- -;Include Modern UI - - !include "MUI.nsh" - !include "FileFunc.nsh" - -;-------------------------------- -;General - -; The name of the installer -Name "WinPcap (Nmap) 4.1.3" - -; The file to write -OutFile "winpcap-nmap-4.13.exe" - -RequestExecutionLevel admin - -; These leave either "1" or "0" in $0. -Function is64bit - System::Call "kernel32::GetCurrentProcess() i .s" - System::Call "kernel32::IsWow64Process(i s, *i .r0)" -FunctionEnd -Function un.is64bit - System::Call "kernel32::GetCurrentProcess() i .s" - System::Call "kernel32::IsWow64Process(i s, *i .r0)" -FunctionEnd - -VIProductVersion "4.1.0.2980" -VIAddVersionKey /LANG=1033 "FileVersion" "4.1.0.2980" -VIAddVersionKey /LANG=1033 "ProductName" "WinPcap" -VIAddVersionKey /LANG=1033 "FileDescription" "WinPcap 4.1.3 installer" -VIAddVersionKey /LANG=1033 "LegalCopyright" "" - -;-------------------------------- -; Windows API Definitions - -!define SC_MANAGER_ALL_ACCESS 0x3F -!define SERVICE_ALL_ACCESS 0xF01FF - -; Service Types -!define SERVICE_FILE_SYSTEM_DRIVER 0x00000002 -!define SERVICE_KERNEL_DRIVER 0x00000001 -!define SERVICE_WIN32_OWN_PROCESS 0x00000010 -!define SERVICE_WIN32_SHARE_PROCESS 0x00000020 -!define SERVICE_INTERACTIVE_PROCESS 0x00000100 - -; Service start options -!define SERVICE_AUTO_START 0x00000002 -!define SERVICE_BOOT_START 0x00000000 -!define SERVICE_DEMAND_START 0x00000003 -!define SERVICE_DISABLED 0x00000004 -!define SERVICE_SYSTEM_START 0x00000001 - -; Service Error control -!define SERVICE_ERROR_CRITICAL 0x00000003 -!define SERVICE_ERROR_IGNORE 0x00000000 -!define SERVICE_ERROR_NORMAL 0x00000001 -!define SERVICE_ERROR_SEVERE 0x00000002 - -; Service Control Options -!define SERVICE_CONTROL_STOP 0x00000001 -!define SERVICE_CONTROL_PAUSE 0x00000002 - - - -;-------------------------------- -;Interface Settings - - !define MUI_ABORTWARNING - -;-------------------------------- -;Pages - -!insertmacro MUI_PAGE_LICENSE "LICENSE" -; Don't let user choose where to install the files. WinPcap doesn't let people, and it's one less thing for us to worry about. -!insertmacro MUI_PAGE_INSTFILES -!insertmacro MUI_UNPAGE_CONFIRM -!insertmacro MUI_UNPAGE_INSTFILES -Page custom optionsPage doOptions -Page custom finalPage doFinal - -;-------------------------------- -;Languages - - !insertmacro MUI_LANGUAGE "English" - -;-------------------------------- -;Reserves - -ReserveFile "options.ini" -ReserveFile "final.ini" -!insertmacro MUI_RESERVEFILE_INSTALLOPTIONS - -;-------------------------------- - -!insertmacro GetParameters -!insertmacro GetOptions - -; This function is called on startup. IfSilent checks -; if the flag /S was specified. If so, it sets the installer -; to run in "silent mode" which displays no windows and accepts -; all defaults. - -; We also check if there is a previously installed winpcap -; on this system. If it's the same as the version we're installing, -; abort the install. If not, prompt the user about whether to -; replace it or not. - -Function .onInit - !insertmacro MUI_INSTALLOPTIONS_EXTRACT "options.ini" - !insertmacro MUI_INSTALLOPTIONS_EXTRACT "final.ini" - - var /GLOBAL inst_ver - var /GLOBAL my_ver - var /GLOBAL npf_startup - StrCpy $my_ver "4.1.0.2980" - StrCpy $npf_startup "YES" - - ; Always use the requested /D= $INSTDIR if given. - StrCmp $INSTDIR "" "" instdir_nochange - ; On 64-bit Windows, $PROGRAMFILES is "C:\Program Files (x86)" and - ; $PROGRAMFILES64 is "C:\Program Files". We want "C:\Program Files" - ; on 32-bit or 64-bit. - StrCpy $INSTDIR "$PROGRAMFILES\WinPcap" - Call is64bit - StrCmp $0 "0" instdir_nochange - StrCpy $INSTDIR "$PROGRAMFILES64\WinPcap" - instdir_nochange: - - ${GetParameters} $R0 - ClearErrors - ${GetOptions} $R0 "/NPFSTARTUP=" $npf_startup - - IfSilent do_silent no_silent - - do_silent: - SetSilent silent - IfFileExists "$SYSDIR\wpcap.dll" silent_checks - return - silent_checks: - ; check for the presence of Nmap's custom WinPcapInst registry key: - ReadRegStr $0 "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "InstalledBy" - StrCmp $0 "Nmap" silent_uninstall winpcap_installedby_keys_not_present - - winpcap_installedby_keys_not_present: - ; check for the presence of WinPcapInst's UninstallString - ; and manually cleanup registry entries to avoid running - ; the GUI uninstaller and assume our installer will overwrite - ; the files. Needs to be checked in case someone (force) - ; installs WinPcap over the top of our installation - ReadRegStr $0 "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "UninstallString" - StrCmp $0 "" winpcap_keys_not_present - - DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" - - ReadRegStr $0 "HKLM" "Software\WinPcap" "" - StrCmp $0 "" winpcap_keys_not_present - - Delete $0\rpcapd.exe - Delete $0\LICENSE - Delete $0\uninstall.exe - ; Official 4.1 installer creates an install.log - Delete $0\install.log - RMDir "$0" - DeleteRegKey HKLM "Software\WinPcap" - - ; because we've deleted their uninstaller, skip the next - ; registry key check (we'll still need to overwrite stuff) - Goto winpcap-nmap_keys_not_present - - winpcap_keys_not_present: - - ; if our old registry key is present then assume all is well - ; (we got this far so the official WinPcap wasn't installed) - ; and use our uninstaller to (magically) silently uninstall - ; everything cleanly and avoid having to overwrite files - ReadRegStr $0 "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winpcap-nmap" "UninstallString" - StrCmp $0 "" winpcap-nmap_keys_not_present silent_uninstall - - winpcap-nmap_keys_not_present: - - ; setoverwrite on to try and avoid any problems when trying to install the files - ; wpcap.dll is still present at this point, but unclear where it came from - SetOverwrite on - - ; try to ensure that npf has been stopped before we install/overwrite files - ExecWait '"net stop npf"' - - return - - silent_uninstall: - ; Our InstalledBy string is present, UninstallString should have quotes and uninstall.exe location - ; and this file should support a silent uninstall by passing /S to it. - ; we could read QuietUninstallString, but this should be exactly the same as UninstallString with /S on the end. - ReadRegStr $0 "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "UninstallString" - ExecWait '$0 /S _?=$INSTDIR' - return - - no_silent: - IfFileExists "$SYSDIR\wpcap.dll" do_version_check - return - - do_version_check: - - GetDllVersion "$SYSDIR\wpcap.dll" $R0 $R1 - IntOp $R2 $R0 / 0x00010000 - IntOp $R3 $R0 & 0x0000FFFF - IntOp $R4 $R1 / 0x00010000 - IntOp $R5 $R1 & 0x0000FFFF - StrCpy $inst_ver "$R2.$R3.$R4.$R5" - - StrCmp $inst_ver $my_ver same_ver - - MessageBox MB_YESNO|MB_ICONQUESTION "WinPcap version $inst_ver exists on this system. Replace with version $my_ver?" IDYES try_uninstallers - quit - - same_ver: - MessageBox MB_OK "Skipping WinPcap installation since version $inst_ver already exists on this system. Uninstall that version first if you wish to force install." - quit - - try_uninstallers: - - ; check for UninstallString and use that in preference (should already have double quotes and uninstall.exe) - ReadRegStr $0 "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "UninstallString" - StrCmp $0 "" no_uninstallstring - IfFileExists "$0" uninstaller_exists no_uninstallstring - uninstaller_exists: - ExecWait '$0 _?=$INSTDIR' - return - - no_uninstallstring: - ; didn't find an UninstallString, check for our old UninstallString and if uninstall.exe exists: - ReadRegStr $0 "HKLM" "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winpcap-nmap" "UninstallString" - StrCmp $0 "" still_no_uninstallstring - IfFileExists "$0" old_uninstaller_exists still_no_uninstallstring - old_uninstaller_exists: - MessageBox MB_OK "Using our old UninstallString, file exists" - ExecWait '$0 _?=$INSTDIR' - return - - still_no_uninstallstring: - ; still didn't find anything, try looking for an uninstall.exe file at: - ReadRegStr $0 "HKLM" "Software\WinPcap" "" - ; Strip any surrounding double quotes from around the install string, - ; as WinPcap hasn't used quotes in the past, but our old installers did. - ; Check the first and last character for safety! - StrCpy $1 $0 1 - StrCmp $1 "$\"" maybestripquotes nostrip - maybestripquotes: - StrLen $1 $0 - IntOp $1 $1 - 1 - StrCpy $1 $0 1 $1 - StrCmp $1 "$\"" stripquotes nostrip - stripquotes: - StrCpy $0 $0 -1 1 - nostrip: - IfFileExists "$0\uninstall.exe" run_last_uninstaller no_uninstall_exe - run_last_uninstaller: - ExecWait '"$0\Uninstall.exe" _?=$INSTDIR' - no_uninstall_exe: - ; give up now, we've tried our hardest to determine a valid uninstaller! - return - -FunctionEnd - -Function optionsPage - !insertmacro MUI_HEADER_TEXT "WinPcap Options" "" - !insertmacro MUI_INSTALLOPTIONS_DISPLAY "options.ini" -FunctionEnd - -Function doOptions - ReadINIStr $0 "$PLUGINSDIR\options.ini" "Field 1" "State" - StrCmp $0 "0" do_options_next - WriteRegDWORD HKLM "SYSTEM\CurrentControlSet\Services\NPF" "Start" 2 - do_options_next: - ReadINIStr $0 "$PLUGINSDIR\options.ini" "Field 2" "State" - StrCmp $0 "0" do_options_end - nsExec::Exec "net start npf" - do_options_end: -FunctionEnd - -Function finalPage - ; diplay a page saying everything's finished - !insertmacro MUI_HEADER_TEXT "Finished" "Thank you for installing WinPcap" - !insertmacro MUI_INSTALLOPTIONS_DISPLAY "final.ini" -FunctionEnd - -Function doFinal - ; don't need to do anything -FunctionEnd - -Function registerServiceAPI - ; delete the npf service to avoid an error message later if it already exists - System::Call 'advapi32::OpenSCManagerA(,,i ${SC_MANAGER_ALL_ACCESS})i.r0' - System::Call 'advapi32::OpenServiceA(i r0,t "npf", i ${SERVICE_ALL_ACCESS}) i.r1' - System::Call 'advapi32::DeleteService(i r1) i.r6' - System::Call 'advapi32::CloseServiceHandle(i r1) n' - System::Call 'advapi32::CloseServiceHandle(i r0) n' - ; create the new npf service - System::Call 'advapi32::OpenSCManagerA(,,i ${SC_MANAGER_ALL_ACCESS})i.R0' - System::Call 'advapi32::CreateServiceA(i R0,t "npf",t "NetGroup Packet Filter Driver",i ${SERVICE_ALL_ACCESS},i ${SERVICE_KERNEL_DRIVER}, i ${SERVICE_DEMAND_START},i ${SERVICE_ERROR_NORMAL}, t "system32\drivers\npf.sys",,,,,) i.r1' - StrCmp $1 "0" register_fail register_success - register_fail: - DetailPrint "Failed to create the npf service" - IfSilent close_register_handle register_fail_messagebox - register_fail_messagebox: - MessageBox MB_OK "Failed to create the npf service. Please try installing WinPcap again, or use the official WinPcap installer from www.winpcap.org" - Goto close_register_handle - register_success: - DetailPrint "The npf service was successfully created" - close_register_handle: - System::Call 'advapi32::CloseServiceHandle(i R0) n' -FunctionEnd - -Function un.registerServiceAPI - System::Call 'advapi32::OpenSCManagerA(,,i ${SC_MANAGER_ALL_ACCESS})i.r0' - System::Call 'advapi32::OpenServiceA(i r0,t "npf", i ${SERVICE_ALL_ACCESS}) i.r1' - System::Call 'advapi32::DeleteService(i r1) i.r6' - StrCmp $6 "0" unregister_fail unregister_success - unregister_fail: - DetailPrint "Failed to delete the npf service" - Goto close_unregister_handle - unregister_success: - DetailPrint "The npf service was successfully deleted" - close_unregister_handle: - System::Call 'advapi32::CloseServiceHandle(i r1) n' - System::Call 'advapi32::CloseServiceHandle(i r0) n' -FunctionEnd - -Function autoStartWinPcap - WriteRegDWORD HKLM "SYSTEM\CurrentControlSet\Services\NPF" "Start" 2 - nsExec::Exec "net start npf" -FunctionEnd - - -;-------------------------------- -; The stuff to install -Section "WinPcap" SecWinPcap - - ; stop the service, in case it's still registered, so files can be - ; safely overwritten and the service can be deleted. - nsExec::Exec "net stop npf" - - ; NB: We may need to introduce a check here to ensure that NPF - ; has been stopped before we continue, otherwise we Sleep for a - ; while and try the check again. This might help prevent any race - ; conditions during a silent install (and potentially during the - ; slower GUI installation. - - ; These x86 files are automatically redirected to the right place on x64 - SetOutPath $SYSDIR - File pthreadVC.dll - File wpcap.dll - - ; Check windows version - ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" CurrentVersion - DetailPrint "Windows CurrentVersion: $R0" - StrCpy $R0 $R0 2 - StrCmp $R0 '6.' vista_files - - File nt5\x86\Packet.dll - Goto install - - vista_files: - File vista\x86\Packet.dll - - install: - Call is64bit - StrCmp $0 "0" install_32bit install_64bit - - ; Note, NSIS states: "You should always quote the path to make sure spaces - ; in the path will not disrupt Windows to find the uninstaller." - ; See: http://nsis.sourceforge.net/Add_uninstall_information_to_Add/Remove_Programs - ; This matches (most) Windows installations. Rather inconsistently, - ; DisplayIcon doesn't usually have quotes (even on Microsoft installations) and - ; HKLM Software\PackageName doesn't usually have quotes either. - - install_32bit: - SetOutPath $INSTDIR - File rpcapd.exe - File LICENSE - WriteUninstaller "$INSTDIR\uninstall.exe" - DetailPrint "Installing x86 driver" - SetOutPath $SYSDIR\drivers - File npf.sys ; x86 NT5/NT6 version - WriteRegStr HKLM "Software\WinPcap" "" "$INSTDIR" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "UninstallString" "$\"$INSTDIR\uninstall.exe$\"" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "QuietUninstallString" "$\"$INSTDIR\uninstall.exe$\" /S" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayIcon" "$INSTDIR\uninstall.exe" - Goto npfdone - - install_64bit: - SetOutPath $INSTDIR - File rpcapd.exe - File LICENSE - WriteUninstaller "$INSTDIR\uninstall.exe" - DetailPrint "Installing x64 driver" - SetOutPath $SYSDIR\drivers - ; disable Wow64FsRedirection - System::Call kernel32::Wow64EnableWow64FsRedirection(i0) - File x64\npf.sys ; x64 NT5/NT6 version - ; The x86 versions of wpcap.dll and packet.dll are - ; installed into the right place further above. - ; install the 64-bit version of wpcap.dll into System32 - SetOutPath $SYSDIR - File x64\wpcap.dll ; x64 NT5/NT6 version - ; install the 64-bit version of packet.dll into System32 - ; check for vista, otherwise install the NT5 version (for XP and 2003) - StrCpy $R0 $R0 2 - StrCmp $R0 '6.' vista_x64_packet - File nt5\x64\Packet.dll ; x64 XP/2003 version - Goto nt5_x64_packet_done - vista_x64_packet: - File vista\x64\Packet.dll ; x64 Vista version - nt5_x64_packet_done: - WriteRegStr HKLM "Software\WinPcap" "" "$INSTDIR" - ; re-enable Wow64FsRedirection - System::Call kernel32::Wow64EnableWow64FsRedirection(i1) - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "UninstallString" "$\"$INSTDIR\uninstall.exe$\"" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "QuietUninstallString" "$\"$INSTDIR\uninstall.exe$\" /S" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayIcon" "$INSTDIR\uninstall.exe" - - npfdone: - - ; register the driver as a system service using Windows API calls - ; this will work on Windows 2000 (that lacks sc.exe) and higher - Call registerServiceAPI - - ; Create the default NPF startup setting of 3 (SERVICE_DEMAND_START) - WriteRegDWORD HKLM "SYSTEM\CurrentControlSet\Services\NPF" "Start" 3 - - ; automatically start the service if performing a silent install, unless - ; /NPFSTARTUP=NO was given. - IfSilent 0 skip_auto_start - StrCmp $npf_startup "NO" skip_auto_start - Call autoStartWinPcap - skip_auto_start: - - ; Write the rest of the uninstall keys for Windows - - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayName" "WinPcap 4.1.3" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "DisplayVersion" "4.1.0.2980" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "Publisher" "CACE Technologies" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "URLInfoAbout" "http://www.cacetech.com" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "URLUpdateInfo" "http://www.winpcap.org" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "VersionMajor" "4" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "VersionMinor" "1" - WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "InstalledBy" "Nmap" - WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "NoModify" 1 - WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" "NoRepair" 1 - - ; delete our legacy winpcap-nmap keys if they still exist (e.g. official 4.0.2 force installed over our 4.0.2): - DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\winpcap-nmap" - -SectionEnd ; end the section - - -;-------------------------------- -;Uninstaller Section - -Section "Uninstall" - - ; stop npf before we delete the service from the registry - nsExec::Exec "net stop npf" - ; unregister the driver as a system service using Windows API calls, so it works on Windows 2000 - Call un.registerServiceAPI - - ; delete our winpcap-nmap and any WinPcapInst registry keys - DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\winpcap-nmap" - DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst" - DeleteRegKey HKLM "Software\WinPcap" - - Delete $INSTDIR\rpcapd.exe - Delete $INSTDIR\LICENSE - Delete $INSTDIR\uninstall.exe - - ; This deletes the x86 files from SysWOW64 if we're on x64. - Delete $SYSDIR\Packet.dll - Delete $SYSDIR\pthreadVC.dll - Delete $SYSDIR\wpcap.dll - - ; check for x64, delete npf.sys file from system32\drivers - Call un.is64bit - StrCmp $0 "0" del32bitnpf del64bitnpf - del64bitnpf: - ; disable Wow64FsRedirection - System::Call kernel32::Wow64EnableWow64FsRedirection(i0) - - Delete $SYSDIR\drivers\npf.sys - ; Also delete the x64 files in System32 - Delete $SYSDIR\wpcap.dll - Delete $SYSDIR\Packet.dll - - ; re-enable Wow64FsRedirection - System::Call kernel32::Wow64EnableWow64FsRedirection(i1) - Goto npfdeleted - del32bitnpf: - - Delete $SYSDIR\drivers\npf.sys - - npfdeleted: - - RMDir "$INSTDIR" - -SectionEnd diff --git a/mswin32/winpcap/wpcap.dll b/mswin32/winpcap/wpcap.dll deleted file mode 100644 index 0d432e964..000000000 Binary files a/mswin32/winpcap/wpcap.dll and /dev/null differ diff --git a/mswin32/winpcap/x64/npf.sys b/mswin32/winpcap/x64/npf.sys deleted file mode 100644 index 761c90c93..000000000 Binary files a/mswin32/winpcap/x64/npf.sys and /dev/null differ diff --git a/mswin32/winpcap/x64/wpcap.dll b/mswin32/winpcap/x64/wpcap.dll deleted file mode 100755 index eabb73ddd..000000000 Binary files a/mswin32/winpcap/x64/wpcap.dll and /dev/null differ