466 lines
21 KiB
C
466 lines
21 KiB
C
/*
|
|
* Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
|
|
* Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the Politecnico di Torino, CACE Technologies
|
|
* nor the names of its contributors may be used to endorse or promote
|
|
* products derived from this software without specific prior written
|
|
* permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
#ifndef __PCAP_RPCAP_H__
|
|
#define __PCAP_RPCAP_H__
|
|
|
|
|
|
#include "pcap.h"
|
|
#include "sockutils.h" /* Needed for some structures (like SOCKET, sockaddr_in) which are used here */
|
|
|
|
|
|
/*
|
|
* \file pcap-pcap.h
|
|
*
|
|
* This file keeps all the new definitions and typedefs that are exported to the user and
|
|
* that are needed for the RPCAP protocol.
|
|
*
|
|
* \warning All the RPCAP functions that are allowed to return a buffer containing
|
|
* the error description can return max PCAP_ERRBUF_SIZE characters.
|
|
* However there is no guarantees that the string will be zero-terminated.
|
|
* Best practice is to define the errbuf variable as a char of size 'PCAP_ERRBUF_SIZE+1'
|
|
* and to insert manually the termination char at the end of the buffer. This will
|
|
* guarantee that no buffer overflows occur even if we use the printf() to show
|
|
* the error on the screen.
|
|
*
|
|
* \warning This file declares some typedefs that MUST be of a specific size.
|
|
* These definitions (i.e. typedefs) could need to be changed on other platforms than
|
|
* Intel IA32.
|
|
*
|
|
* \warning This file defines some structures that are used to transfer data on the network.
|
|
* Be careful that you compiler MUST not insert padding into these structures
|
|
* for better alignment.
|
|
* These structures have been created in order to be correctly aligned to a 32 bits
|
|
* boundary, but be careful in any case.
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*********************************************************
|
|
* *
|
|
* General definitions / typedefs for the RPCAP protocol *
|
|
* *
|
|
*********************************************************/
|
|
|
|
/* All the following structures and typedef belongs to the Private Documentation */
|
|
/*
|
|
* \addtogroup remote_pri_struct
|
|
* \{
|
|
*/
|
|
|
|
#define RPCAP_DEFAULT_NETPORT "2002" /* Default port on which the RPCAP daemon is waiting for connections. */
|
|
/* Default port on which the client workstation is waiting for connections in case of active mode. */
|
|
#define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
|
|
#define RPCAP_DEFAULT_NETADDR "" /* Default network address on which the RPCAP daemon binds to. */
|
|
#define RPCAP_VERSION 0 /* Present version of the RPCAP protocol (0 = Experimental). */
|
|
#define RPCAP_TIMEOUT_INIT 90 /* Initial timeout for RPCAP connections (default: 90 sec) */
|
|
#define RPCAP_TIMEOUT_RUNTIME 180 /* Run-time timeout for RPCAP connections (default: 3 min) */
|
|
#define RPCAP_ACTIVE_WAIT 30 /* Waiting time between two attempts to open a connection, in active mode (default: 30 sec) */
|
|
#define RPCAP_SUSPEND_WRONGAUTH 1 /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
|
|
|
|
/*
|
|
* \brief Buffer used by socket functions to send-receive packets.
|
|
* In case you plan to have messages larger than this value, you have to increase it.
|
|
*/
|
|
#define RPCAP_NETBUF_SIZE 64000
|
|
|
|
|
|
/*
|
|
* \brief Separators used for the host list.
|
|
*
|
|
* It is used:
|
|
* - by the rpcapd daemon, when you types a list of allowed connecting hosts
|
|
* - by the rpcap in active mode, when the client waits for incoming connections from other hosts
|
|
*/
|
|
#define RPCAP_HOSTLIST_SEP " ,;\n\r"
|
|
|
|
|
|
|
|
|
|
/* WARNING: These could need to be changed on other platforms */
|
|
typedef unsigned char uint8; /* Provides an 8-bits unsigned integer */
|
|
typedef unsigned short uint16; /* Provides a 16-bits unsigned integer */
|
|
typedef unsigned int uint32; /* Provides a 32-bits unsigned integer */
|
|
typedef int int32; /* Provides a 32-bits integer */
|
|
|
|
|
|
|
|
|
|
/*
|
|
* \brief Keeps a list of all the opened connections in the active mode.
|
|
*
|
|
* This structure defines a linked list of items that are needed to keep the info required to
|
|
* manage the active mode.
|
|
* In other words, when a new connection in active mode starts, this structure is updated so that
|
|
* it reflects the list of active mode connections currently opened.
|
|
* This structure is required by findalldevs() and open_remote() to see if they have to open a new
|
|
* control connection toward the host, or they already have a control connection in place.
|
|
*/
|
|
struct activehosts
|
|
{
|
|
struct sockaddr_storage host;
|
|
SOCKET sockctrl;
|
|
struct activehosts *next;
|
|
};
|
|
|
|
|
|
/*********************************************************
|
|
* *
|
|
* Protocol messages formats *
|
|
* *
|
|
*********************************************************/
|
|
/* WARNING Take care you compiler does not insert padding for better alignments into these structs */
|
|
|
|
|
|
/* Common header for all the RPCAP messages */
|
|
struct rpcap_header
|
|
{
|
|
uint8 ver; /* RPCAP version number */
|
|
uint8 type; /* RPCAP message type (error, findalldevs, ...) */
|
|
uint16 value; /* Message-dependent value (not always used) */
|
|
uint32 plen; /* Length of the payload of this RPCAP message */
|
|
};
|
|
|
|
|
|
/* Format of the message for the interface description (findalldevs command) */
|
|
struct rpcap_findalldevs_if
|
|
{
|
|
uint16 namelen; /* Length of the interface name */
|
|
uint16 desclen; /* Length of the interface description */
|
|
uint32 flags; /* Interface flags */
|
|
uint16 naddr; /* Number of addresses */
|
|
uint16 dummy; /* Must be zero */
|
|
};
|
|
|
|
|
|
/* Format of the message for the address listing (findalldevs command) */
|
|
struct rpcap_findalldevs_ifaddr
|
|
{
|
|
struct sockaddr_storage addr; /* Network address */
|
|
struct sockaddr_storage netmask; /* Netmask for that address */
|
|
struct sockaddr_storage broadaddr; /* Broadcast address for that address */
|
|
struct sockaddr_storage dstaddr; /* P2P destination address for that address */
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
* \brief Format of the message of the connection opening reply (open command).
|
|
*
|
|
* This structure transfers over the network some of the values useful on the client side.
|
|
*/
|
|
struct rpcap_openreply
|
|
{
|
|
int32 linktype; /* Link type */
|
|
int32 tzoff; /* Timezone offset */
|
|
};
|
|
|
|
|
|
|
|
/* Format of the message that starts a remote capture (startcap command) */
|
|
struct rpcap_startcapreq
|
|
{
|
|
uint32 snaplen; /* Length of the snapshot (number of bytes to capture for each packet) */
|
|
uint32 read_timeout; /* Read timeout in milliseconds */
|
|
uint16 flags; /* Flags (see RPCAP_STARTCAPREQ_FLAG_xxx) */
|
|
uint16 portdata; /* Network port on which the client is waiting at (if 'serveropen') */
|
|
};
|
|
|
|
|
|
/* Format of the reply message that devoted to start a remote capture (startcap reply command) */
|
|
struct rpcap_startcapreply
|
|
{
|
|
int32 bufsize; /* Size of the user buffer allocated by WinPcap; it can be different from the one we chose */
|
|
uint16 portdata; /* Network port on which the server is waiting at (passive mode only) */
|
|
uint16 dummy; /* Must be zero */
|
|
};
|
|
|
|
|
|
/*
|
|
* \brief Format of the header which encapsulates captured packets when transmitted on the network.
|
|
*
|
|
* This message requires the general header as well, since we want to be able to exchange
|
|
* more information across the network in the future (for example statistics, and kind like that).
|
|
*/
|
|
struct rpcap_pkthdr
|
|
{
|
|
uint32 timestamp_sec; /* 'struct timeval' compatible, it represents the 'tv_sec' field */
|
|
uint32 timestamp_usec; /* 'struct timeval' compatible, it represents the 'tv_usec' field */
|
|
uint32 caplen; /* Length of portion present in the capture */
|
|
uint32 len; /* Real length this packet (off wire) */
|
|
uint32 npkt; /* Ordinal number of the packet (i.e. the first one captured has '1', the second one '2', etc) */
|
|
};
|
|
|
|
|
|
/* General header used for the pcap_setfilter() command; keeps just the number of BPF instructions */
|
|
struct rpcap_filter
|
|
{
|
|
uint16 filtertype; /* type of the filter transferred (BPF instructions, ...) */
|
|
uint16 dummy; /* Must be zero */
|
|
uint32 nitems; /* Number of items contained into the filter (e.g. BPF instructions for BPF filters) */
|
|
};
|
|
|
|
|
|
/* Structure that keeps a single BPF instuction; it is repeated 'ninsn' times according to the 'rpcap_filterbpf' header */
|
|
struct rpcap_filterbpf_insn
|
|
{
|
|
uint16 code; /* opcode of the instruction */
|
|
uint8 jt; /* relative offset to jump to in case of 'true' */
|
|
uint8 jf; /* relative offset to jump to in case of 'false' */
|
|
int32 k; /* instruction-dependent value */
|
|
};
|
|
|
|
|
|
/* Structure that keeps the data required for the authentication on the remote host */
|
|
struct rpcap_auth
|
|
{
|
|
uint16 type; /* Authentication type */
|
|
uint16 dummy; /* Must be zero */
|
|
uint16 slen1; /* Length of the first authentication item (e.g. username) */
|
|
uint16 slen2; /* Length of the second authentication item (e.g. password) */
|
|
};
|
|
|
|
|
|
/* Structure that keeps the statistics about the number of packets captured, dropped, etc. */
|
|
struct rpcap_stats
|
|
{
|
|
uint32 ifrecv; /* Packets received by the kernel filter (i.e. pcap_stats.ps_recv) */
|
|
uint32 ifdrop; /* Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats.ps_ifdrop) */
|
|
uint32 krnldrop; /* Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop) */
|
|
uint32 svrcapt; /* Packets captured by the RPCAP daemon and sent on the network */
|
|
};
|
|
|
|
|
|
/* Structure that is needed to set sampling parameters */
|
|
struct rpcap_sampling
|
|
{
|
|
uint8 method; /* Sampling method */
|
|
uint8 dummy1; /* Must be zero */
|
|
uint16 dummy2; /* Must be zero */
|
|
uint32 value; /* Parameter related to the sampling method */
|
|
};
|
|
|
|
|
|
/*
|
|
* Private data for doing a live capture.
|
|
*/
|
|
struct pcap_md {
|
|
struct pcap_stat stat;
|
|
/* XXX */
|
|
int use_bpf; /* using kernel filter */
|
|
u_long TotPkts; /* can't overflow for 79 hrs on ether */
|
|
u_long TotAccepted; /* count accepted by filter */
|
|
u_long TotDrops; /* count of dropped packets */
|
|
long TotMissed; /* missed by i/f during this run */
|
|
long OrigMissed; /* missed by i/f before this run */
|
|
char *device; /* device name */
|
|
int timeout; /* timeout for buffering */
|
|
int must_clear; /* stuff we must clear when we close */
|
|
struct pcap *next; /* list of open pcaps that need stuff cleared on close */
|
|
#ifdef linux
|
|
int sock_packet; /* using Linux 2.0 compatible interface */
|
|
int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */
|
|
int ifindex; /* interface index of device we're bound to */
|
|
int lo_ifindex; /* interface index of the loopback device */
|
|
u_int packets_read; /* count of packets read with recvfrom() */
|
|
bpf_u_int32 oldmode; /* mode to restore when turning monitor mode off */
|
|
u_int tp_version; /* version of tpacket_hdr for mmaped ring */
|
|
u_int tp_hdrlen; /* hdrlen of tpacket_hdr for mmaped ring */
|
|
#endif /* linux */
|
|
|
|
#ifdef HAVE_DAG_API
|
|
#ifdef HAVE_DAG_STREAMS_API
|
|
u_char *dag_mem_bottom;/* DAG card current memory bottom pointer */
|
|
u_char *dag_mem_top; /* DAG card current memory top pointer */
|
|
#else /* HAVE_DAG_STREAMS_API */
|
|
void *dag_mem_base; /* DAG card memory base address */
|
|
u_int dag_mem_bottom; /* DAG card current memory bottom offset */
|
|
u_int dag_mem_top; /* DAG card current memory top offset */
|
|
#endif /* HAVE_DAG_STREAMS_API */
|
|
int dag_fcs_bits; /* Number of checksum bits from link layer */
|
|
int dag_offset_flags; /* Flags to pass to dag_offset(). */
|
|
int dag_stream; /* DAG stream number */
|
|
int dag_timeout; /* timeout specified to pcap_open_live.
|
|
* Same as in linux above, introduce
|
|
* generally?
|
|
*/
|
|
#endif /* HAVE_DAG_API */
|
|
#ifdef HAVE_ZEROCOPY_BPF
|
|
/*
|
|
* Zero-copy read buffer -- for zero-copy BPF. 'buffer' above will
|
|
* alternative between these two actual mmap'd buffers as required.
|
|
* As there is a header on the front size of the mmap'd buffer, only
|
|
* some of the buffer is exposed to libpcap as a whole via bufsize;
|
|
* zbufsize is the true size. zbuffer tracks the current zbuf
|
|
* associated with buffer so that it can be used to decide which the
|
|
* next buffer to read will be.
|
|
*/
|
|
u_char *zbuf1, *zbuf2, *zbuffer;
|
|
u_int zbufsize;
|
|
u_int zerocopy;
|
|
u_int interrupted;
|
|
struct timespec firstsel;
|
|
/*
|
|
* If there's currently a buffer being actively processed, then it is
|
|
* referenced here; 'buffer' is also pointed at it, but offset by the
|
|
* size of the header.
|
|
*/
|
|
struct bpf_zbuf_header *bzh;
|
|
#endif /* HAVE_ZEROCOPY_BPF */
|
|
|
|
|
|
|
|
#ifdef HAVE_REMOTE
|
|
/*
|
|
* There is really a mess with previous variables, and it seems to me that they are not used
|
|
* (they are used in pcap_pf.c only). I think we have to start using them.
|
|
* The meaning is the following:
|
|
*
|
|
* - TotPkts: the amount of packets received by the bpf filter, *before* applying the filter
|
|
* - TotAccepted: the amount of packets that satisfies the filter
|
|
* - TotDrops: the amount of packet that were dropped into the kernel buffer because of lack of space
|
|
* - TotMissed: the amount of packets that were dropped by the physical interface; it is basically
|
|
* the value of the hardware counter into the card. This number is never put to zero, so this number
|
|
* takes into account the *total* number of interface drops starting from the interface power-on.
|
|
* - OrigMissed: the amount of packets that were dropped by the interface *when the capture begins*.
|
|
* This value is used to detect the number of packets dropped by the interface *during the present
|
|
* capture*, so that (ps_ifdrops= TotMissed - OrigMissed).
|
|
*/
|
|
unsigned int TotNetDrops; /* keeps the number of packets that have been dropped by the network */
|
|
/*
|
|
* \brief It keeps the number of packets that have been received by the application.
|
|
*
|
|
* Packets dropped by the kernel buffer are not counted in this variable. The variable is always
|
|
* equal to (TotAccepted - TotDrops), except for the case of remote capture, in which we have also
|
|
* packets in flight, i.e. that have been transmitted by the remote host, but that have not been
|
|
* received (yet) from the client. In this case, (TotAccepted - TotDrops - TotNetDrops) gives a
|
|
* wrong result, since this number does not corresponds always to the number of packet received by
|
|
* the application. For this reason, in the remote capture we need another variable that takes
|
|
* into account of the number of packets actually received by the application.
|
|
*/
|
|
unsigned int TotCapt;
|
|
|
|
/*! \brief '1' if we're the network client; needed by several functions (like pcap_setfilter() ) to know if
|
|
they have to use the socket or they have to open the local adapter. */
|
|
int rmt_clientside;
|
|
|
|
SOCKET rmt_sockctrl; //!< socket ID of the socket used for the control connection
|
|
SOCKET rmt_sockdata; //!< socket ID of the socket used for the data connection
|
|
int rmt_flags; //!< we have to save flags, since they are passed by the pcap_open_live(), but they are used by the pcap_startcapture()
|
|
int rmt_capstarted; //!< 'true' if the capture is already started (needed to knoe if we have to call the pcap_startcapture()
|
|
struct pcap_samp rmt_samp; //!< Keeps the parameters related to the sampling process.
|
|
char *currentfilter; //!< Pointer to a buffer (allocated at run-time) that stores the current filter. Needed when flag PCAP_OPENFLAG_NOCAPTURE_RPCAP is turned on.
|
|
#endif /* HAVE_REMOTE */
|
|
|
|
};
|
|
|
|
|
|
/* Messages field coding */
|
|
#define RPCAP_MSG_ERROR 1 /* Message that keeps an error notification */
|
|
#define RPCAP_MSG_FINDALLIF_REQ 2 /* Request to list all the remote interfaces */
|
|
#define RPCAP_MSG_OPEN_REQ 3 /* Request to open a remote device */
|
|
#define RPCAP_MSG_STARTCAP_REQ 4 /* Request to start a capture on a remote device */
|
|
#define RPCAP_MSG_UPDATEFILTER_REQ 5 /* Send a compiled filter into the remote device */
|
|
#define RPCAP_MSG_CLOSE 6 /* Close the connection with the remote peer */
|
|
#define RPCAP_MSG_PACKET 7 /* This is a 'data' message, which carries a network packet */
|
|
#define RPCAP_MSG_AUTH_REQ 8 /* Message that keeps the authentication parameters */
|
|
#define RPCAP_MSG_STATS_REQ 9 /* It requires to have network statistics */
|
|
#define RPCAP_MSG_ENDCAP_REQ 10 /* Stops the current capture, keeping the device open */
|
|
#define RPCAP_MSG_SETSAMPLING_REQ 11 /* Set sampling parameters */
|
|
|
|
#define RPCAP_MSG_FINDALLIF_REPLY (128+RPCAP_MSG_FINDALLIF_REQ) /* Keeps the list of all the remote interfaces */
|
|
#define RPCAP_MSG_OPEN_REPLY (128+RPCAP_MSG_OPEN_REQ) /* The remote device has been opened correctly */
|
|
#define RPCAP_MSG_STARTCAP_REPLY (128+RPCAP_MSG_STARTCAP_REQ) /* The capture is starting correctly */
|
|
#define RPCAP_MSG_UPDATEFILTER_REPLY (128+RPCAP_MSG_UPDATEFILTER_REQ) /* The filter has been applied correctly on the remote device */
|
|
#define RPCAP_MSG_AUTH_REPLY (128+RPCAP_MSG_AUTH_REQ) /* Sends a message that says 'ok, authorization successful' */
|
|
#define RPCAP_MSG_STATS_REPLY (128+RPCAP_MSG_STATS_REQ) /* Message that keeps the network statistics */
|
|
#define RPCAP_MSG_ENDCAP_REPLY (128+RPCAP_MSG_ENDCAP_REQ) /* Confirms that the capture stopped successfully */
|
|
#define RPCAP_MSG_SETSAMPLING_REPLY (128+RPCAP_MSG_SETSAMPLING_REQ) /* Confirms that the capture stopped successfully */
|
|
|
|
#define RPCAP_STARTCAPREQ_FLAG_PROMISC 1 /* Enables promiscuous mode (default: disabled) */
|
|
#define RPCAP_STARTCAPREQ_FLAG_DGRAM 2 /* Use a datagram (i.e. UDP) connection for the data stream (default: use TCP)*/
|
|
#define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN 4 /* The server has to open the data connection toward the client */
|
|
#define RPCAP_STARTCAPREQ_FLAG_INBOUND 8 /* Capture only inbound packets (take care: the flag has no effects with promiscuous enabled) */
|
|
#define RPCAP_STARTCAPREQ_FLAG_OUTBOUND 16 /* Capture only outbound packets (take care: the flag has no effects with promiscuous enabled) */
|
|
|
|
#define RPCAP_UPDATEFILTER_BPF 1 /* This code tells us that the filter is encoded with the BPF/NPF syntax */
|
|
|
|
|
|
/* Network error codes */
|
|
#define PCAP_ERR_NETW 1 /* Network error */
|
|
#define PCAP_ERR_INITTIMEOUT 2 /* The RPCAP initial timeout has expired */
|
|
#define PCAP_ERR_AUTH 3 /* Generic authentication error */
|
|
#define PCAP_ERR_FINDALLIF 4 /* Generic findalldevs error */
|
|
#define PCAP_ERR_NOREMOTEIF 5 /* The findalldevs was ok, but the remote end had no interfaces to list */
|
|
#define PCAP_ERR_OPEN 6 /* Generic pcap_open error */
|
|
#define PCAP_ERR_UPDATEFILTER 7 /* Generic updatefilter error */
|
|
#define PCAP_ERR_GETSTATS 8 /* Generic pcap_stats error */
|
|
#define PCAP_ERR_READEX 9 /* Generic pcap_next_ex error */
|
|
#define PCAP_ERR_HOSTNOAUTH 10 /* The host is not authorized to connect to this server */
|
|
#define PCAP_ERR_REMOTEACCEPT 11 /* Generic pcap_remoteaccept error */
|
|
#define PCAP_ERR_STARTCAPTURE 12 /* Generic pcap_startcapture error */
|
|
#define PCAP_ERR_ENDCAPTURE 13 /* Generic pcap_endcapture error */
|
|
#define PCAP_ERR_RUNTIMETIMEOUT 14 /* The RPCAP run-time timeout has expired */
|
|
#define PCAP_ERR_SETSAMPLING 15 /* Error during the settings of sampling parameters */
|
|
#define PCAP_ERR_WRONGMSG 16 /* The other end endpoint sent a message which has not been recognized */
|
|
#define PCAP_ERR_WRONGVER 17 /* The other end endpoint has a version number that is not compatible with our */
|
|
/*
|
|
* \}
|
|
* // end of private documentation
|
|
*/
|
|
|
|
|
|
/*********************************************************
|
|
* *
|
|
* Exported function prototypes *
|
|
* *
|
|
*********************************************************/
|
|
int pcap_opensource_remote(pcap_t *p, struct pcap_rmtauth *auth);
|
|
int pcap_startcapture_remote(pcap_t *fp);
|
|
|
|
void rpcap_createhdr(struct rpcap_header *header, uint8 type, uint16 value, uint32 length);
|
|
int rpcap_deseraddr(struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf);
|
|
int rpcap_checkmsg(char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first, ...);
|
|
int rpcap_senderror(SOCKET sock, char *error, unsigned short errcode, char *errbuf);
|
|
int rpcap_sendauth(SOCKET sock, struct pcap_rmtauth *auth, char *errbuf);
|
|
|
|
SOCKET rpcap_remoteact_getsock(const char *host, int *isactive, char *errbuf);
|
|
|
|
#endif
|
|
|