1 /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ 2 3 /* 4 * Copyright (c) 1993, 1994, 1995, 1996, 1997 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the Computer Systems 18 * Engineering Group at Lawrence Berkeley Laboratory. 19 * 4. Neither the name of the University nor of the Laboratory may be used 20 * to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.4.2.11 2008-10-06 15:38:39 gianluca Exp $ (LBL) 36 */ 37 38 #ifndef lib_pcap_pcap_h 39 #define lib_pcap_pcap_h 40 41 #if defined( WIN32 ) 42 #include <pcap-stdinc.h> 43 #elif defined( MSDOS ) 44 #include <sys/types.h> 45 #include <sys/socket.h> /* u_int, u_char etc. */ 46 #else /* UN*X */ 47 #include <sys/types.h> 48 #include <sys/time.h> 49 #endif /* WIN32/MSDOS/UN*X */ 50 51 #ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H 52 #include <pcap/bpf.h> 53 #endif 54 55 #include <stdio.h> 56 57 #ifdef HAVE_REMOTE 58 /* We have to define the SOCKET here, although it has been defined in sockutils.h */ 59 /* This is to avoid the distribution of the 'sockutils.h' file around */ 60 /* (for example in the WinPcap developer's pack) */ 61 #ifndef SOCKET 62 #ifdef WIN32 63 #define SOCKET unsigned int 64 #else 65 #define SOCKET int 66 #endif 67 #endif 68 #endif /* ifdef HAVE_REMOTE */ 69 70 #ifdef __cplusplus 71 extern "C" { 72 #endif 73 74 #define PCAP_VERSION_MAJOR 2 75 #define PCAP_VERSION_MINOR 4 76 77 #define PCAP_ERRBUF_SIZE 256 78 79 /* 80 * Compatibility for systems that have a bpf.h that 81 * predates the bpf typedefs for 64-bit support. 82 */ 83 #if BPF_RELEASE - 0 < 199406 84 typedef int bpf_int32; 85 typedef u_int bpf_u_int32; 86 #endif 87 88 typedef struct pcap pcap_t; 89 typedef struct pcap_dumper pcap_dumper_t; 90 typedef struct pcap_if pcap_if_t; 91 typedef struct pcap_addr pcap_addr_t; 92 93 /* 94 * The first record in the file contains saved values for some 95 * of the flags used in the printout phases of tcpdump. 96 * Many fields here are 32 bit ints so compilers won't insert unwanted 97 * padding; these files need to be interchangeable across architectures. 98 * 99 * Do not change the layout of this structure, in any way (this includes 100 * changes that only affect the length of fields in this structure). 101 * 102 * Also, do not change the interpretation of any of the members of this 103 * structure, in any way (this includes using values other than 104 * LINKTYPE_ values, as defined in "savefile.c", in the "linktype" 105 * field). 106 * 107 * Instead: 108 * 109 * introduce a new structure for the new format, if the layout 110 * of the structure changed; 111 * 112 * send mail to "tcpdump-workers@lists.tcpdump.org", requesting 113 * a new magic number for your new capture file format, and, when 114 * you get the new magic number, put it in "savefile.c"; 115 * 116 * use that magic number for save files with the changed file 117 * header; 118 * 119 * make the code in "savefile.c" capable of reading files with 120 * the old file header as well as files with the new file header 121 * (using the magic number to determine the header format). 122 * 123 * Then supply the changes as a patch at 124 * 125 * http://sourceforge.net/projects/libpcap/ 126 * 127 * so that future versions of libpcap and programs that use it (such as 128 * tcpdump) will be able to read your new capture file format. 129 */ 130 struct pcap_file_header 131 { 132 bpf_u_int32 magic; 133 u_short version_major; 134 u_short version_minor; 135 bpf_int32 thiszone; /* gmt to local correction */ 136 bpf_u_int32 sigfigs; /* accuracy of timestamps */ 137 bpf_u_int32 snaplen; /* max length saved portion of each pkt */ 138 bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ 139 }; 140 141 /* 142 * Macros for the value returned by pcap_datalink_ext(). 143 * 144 * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro 145 * gives the FCS length of packets in the capture. 146 */ 147 #define LT_FCS_LENGTH_PRESENT( x ) ( ( x ) & 0x04000000 ) 148 #define LT_FCS_LENGTH( x ) ( ( ( x ) & 0xF0000000 ) >> 28 ) 149 #define LT_FCS_DATALINK_EXT( x ) ( ( ( ( x ) & 0xF ) << 28 ) | 0x04000000 ) 150 151 typedef enum 152 { 153 PCAP_D_INOUT = 0, 154 PCAP_D_IN, 155 PCAP_D_OUT 156 } pcap_direction_t; 157 158 /* 159 * Generic per-packet information, as supplied by libpcap. 160 * 161 * The time stamp can and should be a "struct timeval", regardless of 162 * whether your system supports 32-bit tv_sec in "struct timeval", 163 * 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit 164 * and 64-bit applications. The on-disk format of savefiles uses 32-bit 165 * tv_sec (and tv_usec); this structure is irrelevant to that. 32-bit 166 * and 64-bit versions of libpcap, even if they're on the same platform, 167 * should supply the appropriate version of "struct timeval", even if 168 * that's not what the underlying packet capture mechanism supplies. 169 */ 170 struct pcap_pkthdr 171 { 172 struct timeval ts; /* time stamp */ 173 bpf_u_int32 caplen; /* length of portion present */ 174 bpf_u_int32 len; /* length this packet (off wire) */ 175 }; 176 177 /* 178 * As returned by the pcap_stats() 179 */ 180 struct pcap_stat 181 { 182 u_int ps_recv; /* number of packets received */ 183 u_int ps_drop; /* number of packets dropped */ 184 u_int ps_ifdrop; /* drops by interface XXX not yet supported */ 185 #ifdef HAVE_REMOTE 186 u_int ps_capt; /* number of packets that are received by the application; please get rid off the Win32 ifdef */ 187 u_int ps_sent; /* number of packets sent by the server on the network */ 188 u_int ps_netdrop; /* number of packets lost on the network */ 189 #endif /* HAVE_REMOTE */ 190 }; 191 192 #ifdef MSDOS 193 194 /* 195 * As returned by the pcap_stats_ex() 196 */ 197 struct pcap_stat_ex 198 { 199 u_long rx_packets; /* total packets received */ 200 u_long tx_packets; /* total packets transmitted */ 201 u_long rx_bytes; /* total bytes received */ 202 u_long tx_bytes; /* total bytes transmitted */ 203 u_long rx_errors; /* bad packets received */ 204 u_long tx_errors; /* packet transmit problems */ 205 u_long rx_dropped; /* no space in Rx buffers */ 206 u_long tx_dropped; /* no space available for Tx */ 207 u_long multicast; /* multicast packets received */ 208 u_long collisions; 209 210 /* detailed rx_errors: */ 211 u_long rx_length_errors; 212 u_long rx_over_errors; /* receiver ring buff overflow */ 213 u_long rx_crc_errors; /* recv'd pkt with crc error */ 214 u_long rx_frame_errors; /* recv'd frame alignment error */ 215 u_long rx_fifo_errors; /* recv'r fifo overrun */ 216 u_long rx_missed_errors; /* recv'r missed packet */ 217 218 /* detailed tx_errors */ 219 u_long tx_aborted_errors; 220 u_long tx_carrier_errors; 221 u_long tx_fifo_errors; 222 u_long tx_heartbeat_errors; 223 u_long tx_window_errors; 224 }; 225 #endif /* ifdef MSDOS */ 226 227 /* 228 * Item in a list of interfaces. 229 */ 230 struct pcap_if 231 { 232 struct pcap_if * next; 233 char * name; /* name to hand to "pcap_open_live()" */ 234 char * description; /* textual description of interface, or NULL */ 235 struct pcap_addr * addresses; 236 bpf_u_int32 flags; /* PCAP_IF_ interface flags */ 237 }; 238 239 #define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */ 240 241 /* 242 * Representation of an interface address. 243 */ 244 struct pcap_addr 245 { 246 struct pcap_addr * next; 247 struct sockaddr * addr; /* address */ 248 struct sockaddr * netmask; /* netmask for that address */ 249 struct sockaddr * broadaddr; /* broadcast address for that address */ 250 struct sockaddr * dstaddr; /* P2P destination address for that address */ 251 }; 252 253 typedef void (* pcap_handler)( u_char *, 254 const struct pcap_pkthdr *, 255 const u_char * ); 256 257 /* 258 * Error codes for the pcap API. 259 * These will all be negative, so you can check for the success or 260 * failure of a call that returns these codes by checking for a 261 * negative value. 262 */ 263 #define PCAP_ERROR -1 /* generic error code */ 264 #define PCAP_ERROR_BREAK -2 /* loop terminated by pcap_breakloop */ 265 #define PCAP_ERROR_NOT_ACTIVATED -3 /* the capture needs to be activated */ 266 #define PCAP_ERROR_ACTIVATED -4 /* the operation can't be performed on already activated captures */ 267 #define PCAP_ERROR_NO_SUCH_DEVICE -5 /* no such device exists */ 268 #define PCAP_ERROR_RFMON_NOTSUP -6 /* this device doesn't support rfmon (monitor) mode */ 269 #define PCAP_ERROR_NOT_RFMON -7 /* operation supported only in monitor mode */ 270 #define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */ 271 #define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */ 272 273 /* 274 * Warning codes for the pcap API. 275 * These will all be positive and non-zero, so they won't look like 276 * errors. 277 */ 278 #define PCAP_WARNING 1 /* generic warning code */ 279 #define PCAP_WARNING_PROMISC_NOTSUP 2 /* this device doesn't support promiscuous mode */ 280 281 char * pcap_lookupdev( char * ); 282 int pcap_lookupnet( const char *, 283 bpf_u_int32 *, 284 bpf_u_int32 *, 285 char * ); 286 287 pcap_t * pcap_create( const char *, 288 char * ); 289 int pcap_set_snaplen( pcap_t *, 290 int ); 291 int pcap_set_promisc( pcap_t *, 292 int ); 293 int pcap_can_set_rfmon( pcap_t * ); 294 int pcap_set_rfmon( pcap_t *, 295 int ); 296 int pcap_set_timeout( pcap_t *, 297 int ); 298 int pcap_set_buffer_size( pcap_t *, 299 int ); 300 int pcap_activate( pcap_t * ); 301 302 pcap_t * pcap_open_live( const char *, 303 int, 304 int, 305 int, 306 char * ); 307 pcap_t * pcap_open_dead( int, 308 int ); 309 pcap_t * pcap_open_offline( const char *, 310 char * ); 311 #if defined( WIN32 ) 312 pcap_t * pcap_hopen_offline( intptr_t, 313 char * ); 314 #if !defined( LIBPCAP_EXPORTS ) 315 #define pcap_fopen_offline( f, b ) \ 316 pcap_hopen_offline( _get_osfhandle( _fileno( f ) ), b ) 317 #else /*LIBPCAP_EXPORTS*/ 318 static pcap_t * pcap_fopen_offline( FILE *, 319 char * ); 320 #endif 321 #else /*WIN32*/ 322 pcap_t * pcap_fopen_offline( FILE *, 323 char * ); 324 #endif /*WIN32*/ 325 326 void pcap_close( pcap_t * ); 327 int pcap_loop( pcap_t *, 328 int, 329 pcap_handler, 330 u_char * ); 331 int pcap_dispatch( pcap_t *, 332 int, 333 pcap_handler, 334 u_char * ); 335 const u_char * pcap_next( pcap_t *, 336 struct pcap_pkthdr * ); 337 int pcap_next_ex( pcap_t *, 338 struct pcap_pkthdr **, 339 const u_char ** ); 340 void pcap_breakloop( pcap_t * ); 341 int pcap_stats( pcap_t *, 342 struct pcap_stat * ); 343 int pcap_setfilter( pcap_t *, 344 struct bpf_program * ); 345 int pcap_setdirection( pcap_t *, 346 pcap_direction_t ); 347 int pcap_getnonblock( pcap_t *, 348 char * ); 349 int pcap_setnonblock( pcap_t *, 350 int, 351 char * ); 352 int pcap_inject( pcap_t *, 353 const void *, 354 size_t ); 355 int pcap_sendpacket( pcap_t *, 356 const u_char *, 357 int ); 358 const char * pcap_statustostr( int ); 359 const char * pcap_strerror( int ); 360 char * pcap_geterr( pcap_t * ); 361 void pcap_perror( pcap_t *, 362 char * ); 363 int pcap_compile( pcap_t *, 364 struct bpf_program *, 365 const char *, 366 int, 367 bpf_u_int32 ); 368 int pcap_compile_nopcap( int, 369 int, 370 struct bpf_program *, 371 const char *, 372 int, 373 bpf_u_int32 ); 374 void pcap_freecode( struct bpf_program * ); 375 int pcap_offline_filter( struct bpf_program *, 376 const struct pcap_pkthdr *, 377 const u_char * ); 378 int pcap_datalink( pcap_t * ); 379 int pcap_datalink_ext( pcap_t * ); 380 int pcap_list_datalinks( pcap_t *, 381 int ** ); 382 int pcap_set_datalink( pcap_t *, 383 int ); 384 void pcap_free_datalinks( int * ); 385 int pcap_datalink_name_to_val( const char * ); 386 const char * pcap_datalink_val_to_name( int ); 387 const char * pcap_datalink_val_to_description( int ); 388 int pcap_snapshot( pcap_t * ); 389 int pcap_is_swapped( pcap_t * ); 390 int pcap_major_version( pcap_t * ); 391 int pcap_minor_version( pcap_t * ); 392 393 /* XXX */ 394 FILE * pcap_file( pcap_t * ); 395 int pcap_fileno( pcap_t * ); 396 397 pcap_dumper_t * pcap_dump_open( pcap_t *, 398 const char * ); 399 pcap_dumper_t * pcap_dump_fopen( pcap_t *, 400 FILE * fp ); 401 FILE * pcap_dump_file( pcap_dumper_t * ); 402 long pcap_dump_ftell( pcap_dumper_t * ); 403 int pcap_dump_flush( pcap_dumper_t * ); 404 void pcap_dump_close( pcap_dumper_t * ); 405 void pcap_dump( u_char *, 406 const struct pcap_pkthdr *, 407 const u_char * ); 408 409 int pcap_findalldevs( pcap_if_t **, 410 char * ); 411 void pcap_freealldevs( pcap_if_t * ); 412 413 const char * pcap_lib_version( void ); 414 415 /* XXX this guy lives in the bpf tree */ 416 u_int bpf_filter( const struct bpf_insn *, 417 const u_char *, 418 u_int, 419 u_int ); 420 int bpf_validate( const struct bpf_insn * f, 421 int len ); 422 char * bpf_image( const struct bpf_insn *, 423 int ); 424 void bpf_dump( const struct bpf_program *, 425 int ); 426 427 #if defined( WIN32 ) 428 429 /* 430 * Win32 definitions 431 */ 432 433 int pcap_setbuff( pcap_t * p, 434 int dim ); 435 int pcap_setmode( pcap_t * p, 436 int mode ); 437 int pcap_setmintocopy( pcap_t * p, 438 int size ); 439 440 #ifdef WPCAP 441 /* Include file with the wpcap-specific extensions */ 442 #include <Win32-Extensions.h> 443 #endif /* WPCAP */ 444 445 #define MODE_CAPT 0 446 #define MODE_STAT 1 447 #define MODE_MON 2 448 449 #elif defined( MSDOS ) 450 451 /* 452 * MS-DOS definitions 453 */ 454 455 int pcap_stats_ex( pcap_t *, 456 struct pcap_stat_ex * ); 457 void pcap_set_wait( pcap_t * p, 458 void ( * yield )( void ), 459 int wait ); 460 u_long pcap_mac_packets( void ); 461 462 #else /* UN*X */ 463 464 /* 465 * UN*X definitions 466 */ 467 468 int pcap_get_selectable_fd( pcap_t * ); 469 470 #endif /* WIN32/MSDOS/UN*X */ 471 472 #ifdef HAVE_REMOTE 473 /* Includes most of the public stuff that is needed for the remote capture */ 474 #include <remote-ext.h> 475 #endif /* HAVE_REMOTE */ 476 477 #ifdef __cplusplus 478 } 479 #endif 480 481 #endif /* ifndef lib_pcap_pcap_h */ 482