Go to the documentation of this file.
34 #ifndef __PCAP_REMOTE_H__
35 #define __PCAP_REMOTE_H__
39 #include "sockutils.h"
85 #define RPCAP_DEFAULT_NETPORT "2002"
87 #define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
88 #define RPCAP_DEFAULT_NETADDR ""
89 #define RPCAP_VERSION 0
90 #define RPCAP_TIMEOUT_INIT 90
91 #define RPCAP_TIMEOUT_RUNTIME 180
92 #define RPCAP_ACTIVE_WAIT 30
93 #define RPCAP_SUSPEND_WRONGAUTH 1
99 #define RPCAP_NETBUF_SIZE 64000
109 #define RPCAP_HOSTLIST_SEP " ,;\n\r"
280 #define RPCAP_MSG_ERROR 1
281 #define RPCAP_MSG_FINDALLIF_REQ 2
282 #define RPCAP_MSG_OPEN_REQ 3
283 #define RPCAP_MSG_STARTCAP_REQ 4
284 #define RPCAP_MSG_UPDATEFILTER_REQ 5
285 #define RPCAP_MSG_CLOSE 6
286 #define RPCAP_MSG_PACKET 7
287 #define RPCAP_MSG_AUTH_REQ 8
288 #define RPCAP_MSG_STATS_REQ 9
289 #define RPCAP_MSG_ENDCAP_REQ 10
290 #define RPCAP_MSG_SETSAMPLING_REQ 11
292 #define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ)
293 #define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ)
294 #define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ)
295 #define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ)
296 #define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ)
297 #define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ)
298 #define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ)
299 #define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ)
301 #define RPCAP_STARTCAPREQ_FLAG_PROMISC 1
302 #define RPCAP_STARTCAPREQ_FLAG_DGRAM 2
303 #define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4
304 #define RPCAP_STARTCAPREQ_FLAG_INBOUND 8
305 #define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16
307 #define RPCAP_UPDATEFILTER_BPF 1
310 // Network error codes
311 #define PCAP_ERR_NETW 1
312 #define PCAP_ERR_INITTIMEOUT 2
313 #define PCAP_ERR_AUTH 3
314 #define PCAP_ERR_FINDALLIF 4
315 #define PCAP_ERR_NOREMOTEIF 5
316 #define PCAP_ERR_OPEN 6
317 #define PCAP_ERR_UPDATEFILTER 7
318 #define PCAP_ERR_GETSTATS 8
319 #define PCAP_ERR_READEX 9
320 #define PCAP_ERR_HOSTNOAUTH 10
321 #define PCAP_ERR_REMOTEACCEPT 11
322 #define PCAP_ERR_STARTCAPTURE 12
323 #define PCAP_ERR_ENDCAPTURE 13
324 #define PCAP_ERR_RUNTIMETIMEOUT 14
325 #define PCAP_ERR_SETSAMPLING 15
326 #define PCAP_ERR_WRONGMSG 16
327 #define PCAP_ERR_WRONGVER 17 // end of private documentation
355 int rpcap_deseraddr(
struct sockaddr_storage *sockaddrin,
struct sockaddr_storage **sockaddrout,
char *errbuf);
357 int rpcap_senderror(SOCKET sock,
char *error,
unsigned short errcode,
char *errbuf);
uint16 dummy
Must be zero.
General header used for the pcap_setfilter() command; keeps just the number of BPF instructions.
int pcap_setsampling_remote(pcap_t *p)
struct sockaddr_storage host
int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
uint32 flags
Interface flags.
uint32 timestamp_usec
'struct timeval' compatible, it represents the 'tv_usec' field
struct sockaddr_storage broadaddr
Broadcast address for that address.
int pcap_stats_remote(pcap_t *p, struct pcap_stat *ps)
int32 tzoff
Timezone offset.
uint16 type
Authentication type.
Format of the message for the interface description (findalldevs command)
uint32 ifdrop
Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats....
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
uint8 jf
relative offset to jump to in case of 'false'
int32 k
instruction-dependent value
Format of the reply message that devoted to start a remote capture (startcap reply command)
uint16 namelen
Length of the interface name.
Format of the message that starts a remote capture (startcap command)
uint16 code
opcode of the instuction
uint16 flags
Flags (see RPCAP_STARTCAPREQ_FLAG_xxx)
uint32 snaplen
Length of the snapshot (number of bytes to capture for each packet)
Header of a packet in the dump file.
uint16 portdata
Network port on which the server is waiting at (passive mode only)
uint32 krnldrop
Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop)
Format of the header which encapsulates captured packets when transmitted on the network.
uint32 len
Real length this packet (off wire)
struct pcap pcap_t
Descriptor of an open capture instance. This structure is opaque to the user, that handles its conten...
uint32 npkt
Ordinal number of the packet (i.e. the first one captured has '1', the second one '2',...
uint16 naddr
Number of addresses.
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf)
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
int int32
Provides a 32-bits integer.
Structure that keeps statistical values on an interface.
Structure that keeps the data required for the authentication on the remote host.
struct sockaddr_storage addr
Network address.
void pcap_cleanup_remote(pcap_t *p)
uint8 dummy1
Must be zero.
unsigned short uint16
Provides a 16-bits unsigned integer.
Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_fi...
Keeps a list of all the opened connections in the active mode.
uint16 desclen
Length of the interface description.
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
struct sockaddr_storage dstaddr
P2P destination address for that address.
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth)
uint32 timestamp_sec
'struct timeval' compatible, it represents the 'tv_sec' field
int rpcap_remoteact_getsock(const char *host, char *errbuf)
unsigned char uint8
Provides an 8-bits unsigned integer.
Format of the message for the address listing (findalldevs command)
uint32 ifrecv
Packets received by the kernel filter (i.e. pcap_stats.ps_recv)
struct sockaddr_storage netmask
Netmask for that address.
Structure that keeps the statistics about the number of packets captured, dropped,...
struct activehosts * next
int pcap_startcapture_remote(pcap_t *fp)
uint8 method
Sampling method.
uint32 read_timeout
Read timeout in milliseconds.
unsigned int uint32
Provides a 32-bits unsigned integer.
Format of the message of the connection opening reply (open command).
uint16 slen1
Length of the first authentication item (e.g. username)
uint16 dummy
Must be zero.
uint16 dummy
Must be zero.
int pcap_read_remote(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
int pcap_setfilter_remote(pcap_t *fp, struct bpf_program *prog)
uint32 nitems
Number of items contained into the filter (e.g. BPF instructions for BPF filters)
uint16 dummy
Must be zero.
uint16 portdata
Network port on which the client is waiting at (if 'serveropen')
int32 bufsize
Size of the user buffer allocated by WinPcap; it can be different from the one we chose.
uint32 caplen
Length of portion present in the capture.
Structure that is needed to set sampling parameters.
uint16 slen2
Length of the second authentication item (e.g. password)
void(* pcap_handler)(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
Prototype of the callback function that receives the packets.
uint16 filtertype
type of the filter transferred (BPF instructions, ...)
This structure keeps the information needed to autheticate the user on a remote machine.
struct pcap_stat * pcap_stats_ex_remote(pcap_t *p)
int pcap_updatefilter_remote(pcap_t *fp, struct bpf_program *prog)
uint8 jt
relative offset to jump to in case of 'true'
uint32 value
Parameter related to the sampling method.
uint32 svrcapt
Packets captured by the RPCAP daemon and sent on the network.
uint16 dummy2
Must be zero.
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010
CACE Technologies. Copyright (c) 2010-2013
Riverbed Technology. All rights reserved.