1 /* 2 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 3 * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 16 * nor the names of its contributors may be used to endorse or promote 17 * products derived from this software without specific prior written 18 * permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 */ 33 34 /** @ingroup packetapi 35 * @{ 36 */ 37 38 /** @defgroup packet32h Packet.dll definitions and data structures 39 * Packet32.h contains the data structures and the definitions used by packet.dll. 40 * The file is used both by the Win9x and the WinNTx versions of packet.dll, and can be included 41 * by the applications that use the functions of this library 42 * @{ 43 */ 44 45 #ifndef __PACKET32 46 #define __PACKET32 47 48 #include <winsock2.h> 49 50 #ifdef HAVE_AIRPCAP_API 51 #include <airpcap.h> 52 #else 53 #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_) 54 #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ 55 typedef struct _AirpcapHandle *PAirpcapHandle; 56 #endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */ 57 #endif /* HAVE_AIRPCAP_API */ 58 59 #ifdef HAVE_DAG_API 60 #include <dagc.h> 61 #endif /* HAVE_DAG_API */ 62 63 // Working modes 64 #define PACKET_MODE_CAPT 0x0 ///< Capture mode 65 #define PACKET_MODE_STAT 0x1 ///< Statistical mode 66 #define PACKET_MODE_MON 0x2 ///< Monitoring mode 67 #define PACKET_MODE_DUMP 0x10 ///< Dump mode 68 #define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT ///< Statistical dump Mode 69 70 71 /// Alignment macro. Defines the alignment size. 72 #define Packet_ALIGNMENT sizeof(int) 73 /// Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. 74 #define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1)) 75 76 #define NdisMediumNull -1 ///< Custom linktype: NDIS doesn't provide an equivalent 77 #define NdisMediumCHDLC -2 ///< Custom linktype: NDIS doesn't provide an equivalent 78 #define NdisMediumPPPSerial -3 ///< Custom linktype: NDIS doesn't provide an equivalent 79 #define NdisMediumBare80211 -4 ///< Custom linktype: NDIS doesn't provide an equivalent 80 #define NdisMediumRadio80211 -5 ///< Custom linktype: NDIS doesn't provide an equivalent 81 #define NdisMediumPpi -6 ///< Custom linktype: NDIS doesn't provide an equivalent 82 83 // Loopback behaviour definitions 84 #define NPF_DISABLE_LOOPBACK 1 ///< Drop the packets sent by the NPF driver 85 #define NPF_ENABLE_LOOPBACK 2 ///< Capture the packets sent by the NPF driver 86 87 /*! 88 \brief Network type structure. 89 90 This structure is used by the PacketGetNetType() function to return information on the current adapter's type and speed. 91 */ 92 typedef struct NetType 93 { 94 UINT LinkType; ///< The MAC of the current network adapter (see function PacketGetNetType() for more information) 95 ULONGLONG LinkSpeed; ///< The speed of the network in bits per second 96 }NetType; 97 98 99 //some definitions stolen from libpcap 100 101 #ifndef BPF_MAJOR_VERSION 102 103 /*! 104 \brief A BPF pseudo-assembly program. 105 106 The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet. 107 */ 108 struct bpf_program 109 { 110 UINT bf_len; ///< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. 111 struct bpf_insn *bf_insns; ///< A pointer to the first instruction of the program. 112 }; 113 114 /*! 115 \brief A single BPF pseudo-instruction. 116 117 bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver. 118 */ 119 struct bpf_insn 120 { 121 USHORT code; ///< Instruction type and addressing mode. 122 UCHAR jt; ///< Jump if true 123 UCHAR jf; ///< Jump if false 124 int k; ///< Generic field used for various purposes. 125 }; 126 127 /*! 128 \brief Structure that contains a couple of statistics values on the current capture. 129 130 It is used by packet.dll to return statistics about a capture session. 131 */ 132 struct bpf_stat 133 { 134 UINT bs_recv; ///< Number of packets that the driver received from the network adapter 135 ///< from the beginning of the current capture. This value includes the packets 136 ///< lost by the driver. 137 UINT bs_drop; ///< number of packets that the driver lost from the beginning of a capture. 138 ///< Basically, a packet is lost when the the buffer of the driver is full. 139 ///< In this situation the packet cannot be stored and the driver rejects it. 140 UINT ps_ifdrop; ///< drops by interface. XXX not yet supported 141 UINT bs_capt; ///< number of packets that pass the filter, find place in the kernel buffer and 142 ///< thus reach the application. 143 }; 144 145 /*! 146 \brief Packet header. 147 148 This structure defines the header associated with every packet delivered to the application. 149 */ 150 struct bpf_hdr 151 { 152 struct timeval bh_tstamp; ///< The timestamp associated with the captured packet. 153 ///< It is stored in a TimeVal structure. 154 UINT bh_caplen; ///< Length of captured portion. The captured portion <b>can be different</b> 155 ///< from the original packet, because it is possible (with a proper filter) 156 ///< to instruct the driver to capture only a portion of the packets. 157 UINT bh_datalen; ///< Original length of packet 158 USHORT bh_hdrlen; ///< Length of bpf header (this struct plus alignment padding). In some cases, 159 ///< a padding could be added between the end of this structure and the packet 160 ///< data for performance reasons. This filed can be used to retrieve the actual data 161 ///< of the packet. 162 }; 163 164 /*! 165 \brief Dump packet header. 166 167 This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets(). 168 It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a 169 packet in a dump file. This makes straightforward sending WinPcap dump files to the network. 170 */ 171 struct dump_bpf_hdr{ 172 struct timeval ts; ///< Time stamp of the packet 173 UINT caplen; ///< Length of captured portion. The captured portion can smaller than the 174 ///< the original packet, because it is possible (with a proper filter) to 175 ///< instruct the driver to capture only a portion of the packets. 176 UINT len; ///< Length of the original packet (off wire). 177 }; 178 179 180 #endif 181 182 struct bpf_stat; 183 184 #define DOSNAMEPREFIX TEXT("Packet_") ///< Prefix added to the adapters device names to create the WinPcap devices 185 #define MAX_LINK_NAME_LENGTH 64 //< Maximum length of the devices symbolic links 186 #define NMAX_PACKET 65535 187 188 /*! 189 \brief Addresses of a network adapter. 190 191 This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with 192 an adapter. 193 */ 194 typedef struct npf_if_addr { 195 struct sockaddr_storage IPAddress; ///< IP address. 196 struct sockaddr_storage SubnetMask; ///< Netmask for that address. 197 struct sockaddr_storage Broadcast; ///< Broadcast address. 198 }npf_if_addr; 199 200 201 #define ADAPTER_NAME_LENGTH 256 + 12 ///< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. 202 #define ADAPTER_DESC_LENGTH 128 ///< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. 203 #define MAX_MAC_ADDR_LENGTH 8 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. 204 #define MAX_NETWORK_ADDRESSES 16 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. 205 206 207 typedef struct WAN_ADAPTER_INT WAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API 208 typedef WAN_ADAPTER *PWAN_ADAPTER; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API 209 210 #define INFO_FLAG_NDIS_ADAPTER 0 ///< Flag for ADAPTER_INFO: this is a traditional ndis adapter 211 #define INFO_FLAG_NDISWAN_ADAPTER 1 ///< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET 212 #define INFO_FLAG_DAG_CARD 2 ///< Flag for ADAPTER_INFO: this is a DAG card 213 #define INFO_FLAG_DAG_FILE 6 ///< Flag for ADAPTER_INFO: this is a DAG file 214 #define INFO_FLAG_DONT_EXPORT 8 ///< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. 215 #define INFO_FLAG_AIRPCAP_CARD 16 ///< Flag for ADAPTER_INFO: this is an airpcap card 216 #define INFO_FLAG_NPFIM_DEVICE 32 217 218 /*! 219 \brief Describes an opened network adapter. 220 221 This structure is the most important for the functioning of packet.dll, but the great part of its fields 222 should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters 223 */ 224 typedef struct _ADAPTER { 225 HANDLE hFile; ///< \internal Handle to an open instance of the NPF driver. 226 CHAR SymbolicLink[MAX_LINK_NAME_LENGTH]; ///< \internal A string containing the name of the network adapter currently opened. 227 int NumWrites; ///< \internal Number of times a packets written on this adapter will be repeated 228 ///< on the wire. 229 HANDLE ReadEvent; ///< A notification event associated with the read calls on the adapter. 230 ///< It can be passed to standard Win32 functions (like WaitForSingleObject 231 ///< or WaitForMultipleObjects) to wait until the driver's buffer contains some 232 ///< data. It is particularly useful in GUI applications that need to wait 233 ///< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() 234 ///< function can be used to define the minimum amount of data in the kernel buffer 235 ///< that will cause the event to be signalled. 236 237 UINT ReadTimeOut; ///< \internal The amount of time after which a read on the driver will be released and 238 ///< ReadEvent will be signaled, also if no packets were captured 239 CHAR Name[ADAPTER_NAME_LENGTH]; 240 PWAN_ADAPTER pWanAdapter; 241 UINT Flags; ///< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. 242 243 #ifdef HAVE_AIRPCAP_API 244 PAirpcapHandle AirpcapAd; 245 #endif // HAVE_AIRPCAP_API 246 247 #ifdef HAVE_NPFIM_API 248 void* NpfImHandle; 249 #endif // HAVE_NPFIM_API 250 251 #ifdef HAVE_DAG_API 252 dagc_t *pDagCard; ///< Pointer to the dagc API adapter descriptor for this adapter 253 PCHAR DagBuffer; ///< Pointer to the buffer with the packets that is received from the DAG card 254 struct timeval DagReadTimeout; ///< Read timeout. The dagc API requires a timeval structure 255 unsigned DagFcsLen; ///< Length of the frame check sequence attached to any packet by the card. Obtained from the registry 256 DWORD DagFastProcess; ///< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). 257 #endif // HAVE_DAG_API 258 } ADAPTER, *LPADAPTER; 259 260 /*! 261 \brief Structure that contains a group of packets coming from the driver. 262 263 This structure defines the header associated with every packet delivered to the application. 264 */ 265 typedef struct _PACKET { 266 HANDLE hEvent; ///< \deprecated Still present for compatibility with old applications. 267 OVERLAPPED OverLapped; ///< \deprecated Still present for compatibility with old applications. 268 PVOID Buffer; ///< Buffer with containing the packets. See the PacketReceivePacket() for 269 ///< details about the organization of the data in this buffer 270 UINT Length; ///< Length of the buffer 271 DWORD ulBytesReceived; ///< Number of valid bytes present in the buffer, i.e. amount of data 272 ///< received by the last call to PacketReceivePacket() 273 BOOLEAN bIoComplete; ///< \deprecated Still present for compatibility with old applications. 274 } PACKET, *LPPACKET; 275 276 /*! 277 \brief Structure containing an OID request. 278 279 It is used by the PacketRequest() function to send an OID to the interface card driver. 280 It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address, 281 the list of the multicast groups defined on it, and so on. 282 */ 283 struct _PACKET_OID_DATA { 284 ULONG Oid; ///< OID code. See the Microsoft DDK documentation or the file ntddndis.h 285 ///< for a complete list of valid codes. 286 ULONG Length; ///< Length of the data field 287 UCHAR Data[1]; ///< variable-lenght field that contains the information passed to or received 288 ///< from the adapter. 289 }; 290 typedef struct _PACKET_OID_DATA PACKET_OID_DATA, *PPACKET_OID_DATA; 291 292 #ifdef __cplusplus 293 extern "C" { 294 #endif 295 296 /** 297 * @} 298 */ 299 300 /* 301 BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, 302 CHAR *Value, 303 UINT *pValueLen, 304 CHAR *DefaultVal); 305 306 BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, 307 WCHAR *Value, 308 UINT *pValueLen, 309 WCHAR *DefaultVal); 310 */ 311 312 //--------------------------------------------------------------------------- 313 // EXPORTED FUNCTIONS 314 //--------------------------------------------------------------------------- 315 316 PCHAR PacketGetVersion(); 317 PCHAR PacketGetDriverVersion(); 318 BOOLEAN PacketSetMinToCopy(LPADAPTER AdapterObject,int nbytes); 319 BOOLEAN PacketSetNumWrites(LPADAPTER AdapterObject,int nwrites); 320 BOOLEAN PacketSetMode(LPADAPTER AdapterObject,int mode); 321 BOOLEAN PacketSetReadTimeout(LPADAPTER AdapterObject,int timeout); 322 BOOLEAN PacketSetBpf(LPADAPTER AdapterObject,struct bpf_program *fp); 323 BOOLEAN PacketSetLoopbackBehavior(LPADAPTER AdapterObject, UINT LoopbackBehavior); 324 INT PacketSetSnapLen(LPADAPTER AdapterObject,int snaplen); 325 BOOLEAN PacketGetStats(LPADAPTER AdapterObject,struct bpf_stat *s); 326 BOOLEAN PacketGetStatsEx(LPADAPTER AdapterObject,struct bpf_stat *s); 327 BOOLEAN PacketSetBuff(LPADAPTER AdapterObject,int dim); 328 BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type); 329 LPADAPTER PacketOpenAdapter(PCHAR AdapterName); 330 BOOLEAN PacketSendPacket(LPADAPTER AdapterObject,LPPACKET pPacket,BOOLEAN Sync); 331 INT PacketSendPackets(LPADAPTER AdapterObject,PVOID PacketBuff,ULONG Size, BOOLEAN Sync); 332 LPPACKET PacketAllocatePacket(void); 333 VOID PacketInitPacket(LPPACKET lpPacket,PVOID Buffer,UINT Length); 334 VOID PacketFreePacket(LPPACKET lpPacket); 335 BOOLEAN PacketReceivePacket(LPADAPTER AdapterObject,LPPACKET lpPacket,BOOLEAN Sync); 336 BOOLEAN PacketSetHwFilter(LPADAPTER AdapterObject,ULONG Filter); 337 BOOLEAN PacketGetAdapterNames(PTSTR pStr,PULONG BufferSize); 338 BOOLEAN PacketGetNetInfoEx(PCHAR AdapterName, npf_if_addr* buffer, PLONG NEntries); 339 BOOLEAN PacketRequest(LPADAPTER AdapterObject,BOOLEAN Set,PPACKET_OID_DATA OidData); 340 HANDLE PacketGetReadEvent(LPADAPTER AdapterObject); 341 BOOLEAN PacketSetDumpName(LPADAPTER AdapterObject, void *name, int len); 342 BOOLEAN PacketSetDumpLimits(LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks); 343 BOOLEAN PacketIsDumpEnded(LPADAPTER AdapterObject, BOOLEAN sync); 344 BOOL PacketStopDriver(); 345 VOID PacketCloseAdapter(LPADAPTER lpAdapter); 346 BOOLEAN PacketStartOem(PCHAR errorString, UINT errorStringLength); 347 BOOLEAN PacketStartOemEx(PCHAR errorString, UINT errorStringLength, ULONG flags); 348 PAirpcapHandle PacketGetAirPcapHandle(LPADAPTER AdapterObject); 349 350 // 351 // Used by PacketStartOemEx 352 // 353 #define PACKET_START_OEM_NO_NETMON 0x00000001 354 355 #ifdef __cplusplus 356 } 357 #endif 358 359 #endif //__PACKET32 360