nmap/nsock/src/nsock_pcap.h

/***************************************************************************
 * nsock_pcap.h -- Header for pcap operations functions from               *
 * the nsock parallel socket event library                                 *
 *                                                                         *
 ***********************IMPORTANT NSOCK LICENSE TERMS***********************
 *                                                                         *
 * The nsock parallel socket event library is (C) 1999-2012 Insecure.Com   *
 * LLC This library is free software; you may redistribute and/or          *
 * modify it under the terms of the GNU General Public License as          *
 * published by the Free Software Foundation; Version 2.  This guarantees  *
 * your right to use, modify, and redistribute this software under certain *
 * conditions.  If this license is unacceptable to you, Insecure.Com LLC   *
 * may be willing to sell alternative licenses (contact                    *
 * sales@insecure.com ).                                                   *
 *                                                                         *
 * As a special exception to the GPL terms, Insecure.Com LLC grants        *
 * permission to link the code of this program with any version of the     *
 * OpenSSL library which is distributed under a license identical to that  *
 * listed in the included docs/licenses/OpenSSL.txt file, and distribute   *
 * linked combinations including the two. You must obey the GNU GPL in all *
 * respects for all of the code used other than OpenSSL.  If you modify    *
 * this file, you may extend this exception to your version of the file,   *
 * but you are not obligated to do so.                                     *
 *                                                                         *
 * If you received these files with a written license agreement stating    *
 * terms other than the (GPL) terms above, then that alternative license   *
 * agreement takes precedence over this comment.                           *
 *                                                                         *
 * Source is provided to this software because we believe users have a     *
 * right to know exactly what a program is going to do before they run it. *
 * This also allows you to audit the software for security holes (none     *
 * have been found so far).                                                *
 *                                                                         *
 * Source code also allows you to port Nmap to new platforms, fix bugs,    *
 * and add new features.  You are highly encouraged to send your changes   *
 * to nmap-dev@insecure.org for possible incorporation into the main       *
 * distribution.  By sending these changes to Fyodor or one of the         *
 * Insecure.Org development mailing lists, it is assumed that you are      *
 * offering the Nmap Project (Insecure.Com LLC) the unlimited,             *
 * non-exclusive right to reuse, modify, and relicense the code.  Nmap     *
 * will always be available Open Source, but this is important because the *
 * inability to relicense code has caused devastating problems for other   *
 * Free Software projects (such as KDE and NASM).  We also occasionally    *
 * relicense the code to third parties as discussed above.  If you wish to *
 * specify special license conditions of your contributions, just say so   *
 * when you send them.                                                     *
 *                                                                         *
 * This program is distributed in the hope that it will be useful, but     *
 * WITHOUT ANY WARRANTY; without even the implied warranty of              *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU       *
 * General Public License v2.0 for more details                            *
 * (http://www.gnu.org/licenses/gpl-2.0.html).                             *
 *                                                                         *
 ***************************************************************************/

/* $Id$ */

#ifndef NSOCK_PCAP_H 
#define NSOCK_PCAP_H

#include "nsock_internal.h"
#ifdef HAVE_PCAP

#include "pcap.h"

#include <string.h>
#include <stdarg.h>


/*
 * There are three possible ways of reading packets from pcap descriptor:
 *  do select() on descriptor -> this one is of course the best, but 
 *              there are systems that don't support this like WIN32
 *     This works perfectly for Linux.
 *  do select() but with some hacks -> this one is hack for older bsd
 *     systems, Descriptor *must* be set in nonblocking mode.
 *  never do select() -> this one is for WIN32 and other systems that
 *     return descriptor -1 from pcap_get_selectable_fd()
 *     In this case descriptor *must* be set in nonblocking mode.
 *     If that fails than we can't do any sniffing from that box.
 * 
 * In all cases we try to set descriptor to non-blocking mode.
 */

/* Returns whether the system supports pcap_get_selectable_fd() properly */
#if !defined(WIN32) && !defined(SOLARIS_BPF_PCAP_CAPTURE)
#define PCAP_CAN_DO_SELECT 1
#endif

/*
 * In some systems (like Windows), the pcap descriptor is not selectable. Therefore,
 * we cannot just select() on it and expect it to wake us up and deliver a packet,
 * but we need to poll it continuously. This define sets the frequency, in milliseconds,
 * at which the pcap handle is polled to determine if there are any captured packets.
 * Note that this is only used when PCAP_CAN_DO_SELECT is not defined and therefore it
 * has no effect on systems like Linux.
 */
#define PCAP_POLL_INTERVAL 2

/*
 * Note that on most versions of most BSDs (including Mac OS X) select() and poll() do not work 
 * correctly on BPF devices; pcap_get_selectable_fd() will return a file descriptor on most of those 
 * versions (the exceptions being FreeBSD 4.3 and 4.4), a simple select() or poll() will 
 * not return even after a timeout specified in pcap_open_live() expires. To work around 
 * this, an application that uses select() or poll() to wait for packets to arrive must put 
 * the pcap_t in non-blocking mode, and must arrange that the select() or poll() have a timeout 
 * less than or equal to the timeout specified in pcap_open_live(), and must try to read packets 
 * after that timeout expires, regardless of whether select() or poll() indicated that the file 
 * descriptor for the pcap_t is ready to be read or not. (That workaround will not work in 
 * FreeBSD 4.3 and later; however, in FreeBSD 4.6 and later, select() and poll() work correctly 
 * on BPF devices, so the workaround isn't necessary, although it does no harm.)
 */
#if defined(MACOSX) || defined(FREEBSD) || defined(OPENBSD)
/* Well, now select() is not receiving any pcap events on MACOSX, but maybe it will someday :)
 * in both cases. It never hurts to enable this feature. It just has performance penalty. */
#define PCAP_BSD_SELECT_HACK 1
#endif

/* Returns whether the packet receive time value obtained from libpcap
 * (and thus by readip_pcap()) should be considered valid.  When
 * invalid (Windows and Amiga), readip_pcap returns the time you called it. */
#if !defined(WIN32) && !defined(__amigaos__)
#define PCAP_RECV_TIMEVAL_VALID 1 
#endif


typedef struct{
  pcap_t *pt;
  int pcap_desc;
  /* Like the corresponding member in msiod, when this reaches 0 we stop
   * watching the socket for readability. */
  int readsd_count;
  int datalink;
  int l3_offset;
  int snaplen;
  char *pcap_device;
} mspcap;

typedef struct{
  struct timeval ts;
  int caplen;
  int len;
  const unsigned char *packet;  /* caplen bytes */
} nsock_pcap;

int do_actual_pcap_read(msevent *nse);

#endif /* HAVE_PCAP */
#endif /* NSOCK_PCAP_H */