1 /* 2 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 3 * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 16 * nor the names of its contributors may be used to endorse or promote 17 * products derived from this software without specific prior written 18 * permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 */ 33 34 /** @ingroup packetapi 35 * @{ 36 */ 37 38 /** @defgroup packet32h Packet.dll definitions and data structures 39 * Packet32.h contains the data structures and the definitions used by packet.dll. 40 * The file is used both by the Win9x and the WinNTx versions of packet.dll, and can be included 41 * by the applications that use the functions of this library 42 * @{ 43 */ 44 45 #ifndef __PACKET32 46 #define __PACKET32 47 48 #include <winsock2.h> 49 50 #ifdef HAVE_AIRPCAP_API 51 #include <airpcap.h> 52 #else 53 #if !defined( AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ ) 54 #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ 55 typedef struct _AirpcapHandle * PAirpcapHandle; 56 #endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */ 57 #endif /* HAVE_AIRPCAP_API */ 58 59 #ifdef HAVE_DAG_API 60 #include <dagc.h> 61 #endif /* HAVE_DAG_API */ 62 63 /* Working modes */ 64 #define PACKET_MODE_CAPT 0x0 /*/< Capture mode */ 65 #define PACKET_MODE_STAT 0x1 /*/< Statistical mode */ 66 #define PACKET_MODE_MON 0x2 /*/< Monitoring mode */ 67 #define PACKET_MODE_DUMP 0x10 /*/< Dump mode */ 68 #define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT /*/< Statistical dump Mode */ 69 70 71 /*/ Alignment macro. Defines the alignment size. */ 72 #define Packet_ALIGNMENT sizeof( int ) 73 /*/ Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. */ 74 #define Packet_WORDALIGN( x ) ( ( ( x ) + ( Packet_ALIGNMENT - 1 ) ) & ~( Packet_ALIGNMENT - 1 ) ) 75 76 #define NdisMediumNull -1 /*/< Custom linktype: NDIS doesn't provide an equivalent */ 77 #define NdisMediumCHDLC -2 /*/< Custom linktype: NDIS doesn't provide an equivalent */ 78 #define NdisMediumPPPSerial -3 /*/< Custom linktype: NDIS doesn't provide an equivalent */ 79 #define NdisMediumBare80211 -4 /*/< Custom linktype: NDIS doesn't provide an equivalent */ 80 #define NdisMediumRadio80211 -5 /*/< Custom linktype: NDIS doesn't provide an equivalent */ 81 #define NdisMediumPpi -6 /*/< Custom linktype: NDIS doesn't provide an equivalent */ 82 83 /* Loopback behaviour definitions */ 84 #define NPF_DISABLE_LOOPBACK 1 /*/< Drop the packets sent by the NPF driver */ 85 #define NPF_ENABLE_LOOPBACK 2 /*/< Capture the packets sent by the NPF driver */ 86 87 /*! 88 * \brief Network type structure. 89 * 90 * This structure is used by the PacketGetNetType() function to return information on the current adapter's type and speed. 91 */ 92 typedef struct NetType 93 { 94 UINT LinkType; /*/< The MAC of the current network adapter (see function PacketGetNetType() for more information) */ 95 ULONGLONG LinkSpeed; /*/< The speed of the network in bits per second */ 96 } NetType; 97 98 99 /*some definitions stolen from libpcap */ 100 101 #ifndef BPF_MAJOR_VERSION 102 103 /*! 104 * \brief A BPF pseudo-assembly program. 105 * 106 * The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet. 107 */ 108 struct bpf_program 109 { 110 UINT bf_len; /*/< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. */ 111 struct bpf_insn * bf_insns; /*/< A pointer to the first instruction of the program. */ 112 }; 113 114 /*! 115 * \brief A single BPF pseudo-instruction. 116 * 117 * bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver. 118 */ 119 struct bpf_insn 120 { 121 USHORT code; /*/< Instruction type and addressing mode. */ 122 UCHAR jt; /*/< Jump if true */ 123 UCHAR jf; /*/< Jump if false */ 124 int k; /*/< Generic field used for various purposes. */ 125 }; 126 127 /*! 128 * \brief Structure that contains a couple of statistics values on the current capture. 129 * 130 * It is used by packet.dll to return statistics about a capture session. 131 */ 132 struct bpf_stat 133 { 134 UINT bs_recv; /*/< Number of packets that the driver received from the network adapter */ 135 /*/< from the beginning of the current capture. This value includes the packets */ 136 /*/< lost by the driver. */ 137 UINT bs_drop; /*/< number of packets that the driver lost from the beginning of a capture. */ 138 /*/< Basically, a packet is lost when the the buffer of the driver is full. */ 139 /*/< In this situation the packet cannot be stored and the driver rejects it. */ 140 UINT ps_ifdrop; /*/< drops by interface. XXX not yet supported */ 141 UINT bs_capt; /*/< number of packets that pass the filter, find place in the kernel buffer and */ 142 /*/< thus reach the application. */ 143 }; 144 145 /*! 146 * \brief Packet header. 147 * 148 * This structure defines the header associated with every packet delivered to the application. 149 */ 150 struct bpf_hdr 151 { 152 struct timeval bh_tstamp; /*/< The timestamp associated with the captured packet. */ 153 /*/< It is stored in a TimeVal structure. */ 154 UINT bh_caplen; /*/< Length of captured portion. The captured portion <b>can be different</b> */ 155 /*/< from the original packet, because it is possible (with a proper filter) */ 156 /*/< to instruct the driver to capture only a portion of the packets. */ 157 UINT bh_datalen; /*/< Original length of packet */ 158 USHORT bh_hdrlen; /*/< Length of bpf header (this struct plus alignment padding). In some cases, */ 159 /*/< a padding could be added between the end of this structure and the packet */ 160 /*/< data for performance reasons. This filed can be used to retrieve the actual data */ 161 /*/< of the packet. */ 162 }; 163 164 /*! 165 * \brief Dump packet header. 166 * 167 * This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets(). 168 * It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a 169 * packet in a dump file. This makes straightforward sending WinPcap dump files to the network. 170 */ 171 struct dump_bpf_hdr 172 { 173 struct timeval ts; /*/< Time stamp of the packet */ 174 UINT caplen; /*/< Length of captured portion. The captured portion can smaller than the */ 175 /*/< the original packet, because it is possible (with a proper filter) to */ 176 /*/< instruct the driver to capture only a portion of the packets. */ 177 UINT len; /*/< Length of the original packet (off wire). */ 178 }; 179 180 181 #endif /* ifndef BPF_MAJOR_VERSION */ 182 183 struct bpf_stat; 184 185 #define DOSNAMEPREFIX TEXT( "Packet_" ) /*/< Prefix added to the adapters device names to create the WinPcap devices */ 186 #define MAX_LINK_NAME_LENGTH 64 /*< Maximum length of the devices symbolic links */ 187 #define NMAX_PACKET 65535 188 189 /*! 190 * \brief Addresses of a network adapter. 191 * 192 * This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with 193 * an adapter. 194 */ 195 typedef struct npf_if_addr 196 { 197 struct sockaddr_storage IPAddress; /*/< IP address. */ 198 struct sockaddr_storage SubnetMask; /*/< Netmask for that address. */ 199 struct sockaddr_storage Broadcast; /*/< Broadcast address. */ 200 } npf_if_addr; 201 202 203 #define ADAPTER_NAME_LENGTH 256 + 12 /*/< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. */ 204 #define ADAPTER_DESC_LENGTH 128 /*/< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. */ 205 #define MAX_MAC_ADDR_LENGTH 8 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */ 206 #define MAX_NETWORK_ADDRESSES 16 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */ 207 208 209 typedef struct WAN_ADAPTER_INT WAN_ADAPTER; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */ 210 typedef WAN_ADAPTER * PWAN_ADAPTER; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */ 211 212 #define INFO_FLAG_NDIS_ADAPTER 0 /*/< Flag for ADAPTER_INFO: this is a traditional ndis adapter */ 213 #define INFO_FLAG_NDISWAN_ADAPTER 1 /*/< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET */ 214 #define INFO_FLAG_DAG_CARD 2 /*/< Flag for ADAPTER_INFO: this is a DAG card */ 215 #define INFO_FLAG_DAG_FILE 6 /*/< Flag for ADAPTER_INFO: this is a DAG file */ 216 #define INFO_FLAG_DONT_EXPORT 8 /*/< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. */ 217 #define INFO_FLAG_AIRPCAP_CARD 16 /*/< Flag for ADAPTER_INFO: this is an airpcap card */ 218 #define INFO_FLAG_NPFIM_DEVICE 32 219 220 /*! 221 * \brief Describes an opened network adapter. 222 * 223 * This structure is the most important for the functioning of packet.dll, but the great part of its fields 224 * should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters 225 */ 226 typedef struct _ADAPTER 227 { 228 HANDLE hFile; /*/< \internal Handle to an open instance of the NPF driver. */ 229 CHAR SymbolicLink[ MAX_LINK_NAME_LENGTH ]; /*/< \internal A string containing the name of the network adapter currently opened. */ 230 int NumWrites; /*/< \internal Number of times a packets written on this adapter will be repeated */ 231 /*/< on the wire. */ 232 HANDLE ReadEvent; /*/< A notification event associated with the read calls on the adapter. */ 233 /*/< It can be passed to standard Win32 functions (like WaitForSingleObject */ 234 /*/< or WaitForMultipleObjects) to wait until the driver's buffer contains some */ 235 /*/< data. It is particularly useful in GUI applications that need to wait */ 236 /*/< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() */ 237 /*/< function can be used to define the minimum amount of data in the kernel buffer */ 238 /*/< that will cause the event to be signalled. */ 239 240 UINT ReadTimeOut; /*/< \internal The amount of time after which a read on the driver will be released and */ 241 /*/< ReadEvent will be signaled, also if no packets were captured */ 242 CHAR Name[ ADAPTER_NAME_LENGTH ]; 243 PWAN_ADAPTER pWanAdapter; 244 UINT Flags; /*/< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. */ 245 246 #ifdef HAVE_AIRPCAP_API 247 PAirpcapHandle AirpcapAd; 248 #endif // HAVE_AIRPCAP_API 249 250 #ifdef HAVE_NPFIM_API 251 void * NpfImHandle; 252 #endif // HAVE_NPFIM_API 253 254 #ifdef HAVE_DAG_API 255 dagc_t * pDagCard; /*/< Pointer to the dagc API adapter descriptor for this adapter */ 256 PCHAR DagBuffer; /*/< Pointer to the buffer with the packets that is received from the DAG card */ 257 struct timeval DagReadTimeout; /*/< Read timeout. The dagc API requires a timeval structure */ 258 unsigned DagFcsLen; /*/< Length of the frame check sequence attached to any packet by the card. Obtained from the registry */ 259 DWORD DagFastProcess; /*/< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). */ 260 #endif // HAVE_DAG_API 261 } ADAPTER, * LPADAPTER; 262 263 /*! 264 * \brief Structure that contains a group of packets coming from the driver. 265 * 266 * This structure defines the header associated with every packet delivered to the application. 267 */ 268 typedef struct _PACKET 269 { 270 HANDLE hEvent; /*/< \deprecated Still present for compatibility with old applications. */ 271 OVERLAPPED OverLapped; /*/< \deprecated Still present for compatibility with old applications. */ 272 PVOID Buffer; /*/< Buffer with containing the packets. See the PacketReceivePacket() for */ 273 /*/< details about the organization of the data in this buffer */ 274 UINT Length; /*/< Length of the buffer */ 275 DWORD ulBytesReceived; /*/< Number of valid bytes present in the buffer, i.e. amount of data */ 276 /*/< received by the last call to PacketReceivePacket() */ 277 BOOLEAN bIoComplete; /*/< \deprecated Still present for compatibility with old applications. */ 278 } PACKET, * LPPACKET; 279 280 /*! 281 * \brief Structure containing an OID request. 282 * 283 * It is used by the PacketRequest() function to send an OID to the interface card driver. 284 * It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address, 285 * the list of the multicast groups defined on it, and so on. 286 */ 287 struct _PACKET_OID_DATA 288 { 289 ULONG Oid; /*/< OID code. See the Microsoft DDK documentation or the file ntddndis.h */ 290 /*/< for a complete list of valid codes. */ 291 ULONG Length; /*/< Length of the data field */ 292 UCHAR Data[ 1 ]; /*/< variable-length field that contains the information passed to or received */ 293 /*/< from the adapter. */ 294 }; 295 typedef struct _PACKET_OID_DATA PACKET_OID_DATA, * PPACKET_OID_DATA; 296 297 #ifdef __cplusplus 298 extern "C" { 299 #endif 300 301 /** 302 * @} 303 */ 304 305 /* 306 * BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, 307 * CHAR *Value, 308 * UINT *pValueLen, 309 * CHAR *DefaultVal); 310 * 311 * BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, 312 * WCHAR *Value, 313 * UINT *pValueLen, 314 * WCHAR *DefaultVal); 315 */ 316 317 /*--------------------------------------------------------------------------- */ 318 /* EXPORTED FUNCTIONS */ 319 /*--------------------------------------------------------------------------- */ 320 321 PCHAR PacketGetVersion(); 322 PCHAR PacketGetDriverVersion(); 323 BOOLEAN PacketSetMinToCopy( LPADAPTER AdapterObject, 324 int nbytes ); 325 BOOLEAN PacketSetNumWrites( LPADAPTER AdapterObject, 326 int nwrites ); 327 BOOLEAN PacketSetMode( LPADAPTER AdapterObject, 328 int mode ); 329 BOOLEAN PacketSetReadTimeout( LPADAPTER AdapterObject, 330 int timeout ); 331 BOOLEAN PacketSetBpf( LPADAPTER AdapterObject, 332 struct bpf_program * fp ); 333 BOOLEAN PacketSetLoopbackBehavior( LPADAPTER AdapterObject, 334 UINT LoopbackBehavior ); 335 INT PacketSetSnapLen( LPADAPTER AdapterObject, 336 int snaplen ); 337 BOOLEAN PacketGetStats( LPADAPTER AdapterObject, 338 struct bpf_stat * s ); 339 BOOLEAN PacketGetStatsEx( LPADAPTER AdapterObject, 340 struct bpf_stat * s ); 341 BOOLEAN PacketSetBuff( LPADAPTER AdapterObject, 342 int dim ); 343 BOOLEAN PacketGetNetType( LPADAPTER AdapterObject, 344 NetType * type ); 345 LPADAPTER PacketOpenAdapter( PCHAR AdapterName ); 346 BOOLEAN PacketSendPacket( LPADAPTER AdapterObject, 347 LPPACKET pPacket, 348 BOOLEAN Sync ); 349 INT PacketSendPackets( LPADAPTER AdapterObject, 350 PVOID PacketBuff, 351 ULONG Size, 352 BOOLEAN Sync ); 353 LPPACKET PacketAllocatePacket( void ); 354 VOID PacketInitPacket( LPPACKET lpPacket, 355 PVOID Buffer, 356 UINT Length ); 357 VOID PacketFreePacket( LPPACKET lpPacket ); 358 BOOLEAN PacketReceivePacket( LPADAPTER AdapterObject, 359 LPPACKET lpPacket, 360 BOOLEAN Sync ); 361 BOOLEAN PacketSetHwFilter( LPADAPTER AdapterObject, 362 ULONG Filter ); 363 BOOLEAN PacketGetAdapterNames( PTSTR pStr, 364 PULONG BufferSize ); 365 BOOLEAN PacketGetNetInfoEx( PCHAR AdapterName, 366 npf_if_addr * buffer, 367 PLONG NEntries ); 368 BOOLEAN PacketRequest( LPADAPTER AdapterObject, 369 BOOLEAN Set, 370 PPACKET_OID_DATA OidData ); 371 HANDLE PacketGetReadEvent( LPADAPTER AdapterObject ); 372 BOOLEAN PacketSetDumpName( LPADAPTER AdapterObject, 373 void * name, 374 int len ); 375 BOOLEAN PacketSetDumpLimits( LPADAPTER AdapterObject, 376 UINT maxfilesize, 377 UINT maxnpacks ); 378 BOOLEAN PacketIsDumpEnded( LPADAPTER AdapterObject, 379 BOOLEAN sync ); 380 BOOL PacketStopDriver(); 381 VOID PacketCloseAdapter( LPADAPTER lpAdapter ); 382 BOOLEAN PacketStartOem( PCHAR errorString, 383 UINT errorStringLength ); 384 BOOLEAN PacketStartOemEx( PCHAR errorString, 385 UINT errorStringLength, 386 ULONG flags ); 387 PAirpcapHandle PacketGetAirPcapHandle( LPADAPTER AdapterObject ); 388 389 /* */ 390 /* Used by PacketStartOemEx */ 391 /* */ 392 #define PACKET_START_OEM_NO_NETMON 0x00000001 393 394 #ifdef __cplusplus 395 } 396 #endif 397 398 #endif //__PACKET32 399