xref: /freebsd/contrib/libpcap/rpcap-protocol.h (revision afdbf109c6a661a729938f68211054a0a50d38ac)
1 /*
2  * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3  * Copyright (c) 2005 - 2008 CACE Technologies, Davis (California)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16  * nor the names of its contributors may be used to endorse or promote
17  * products derived from this software without specific prior written
18  * permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  *
32  */
33 
34 #ifndef __RPCAP_PROTOCOL_H__
35 #define __RPCAP_PROTOCOL_H__
36 
37 #define RPCAP_DEFAULT_NETPORT "2002" /* Default port on which the RPCAP daemon is waiting for connections. */
38 /* Default port on which the client workstation is waiting for connections in case of active mode. */
39 #define RPCAP_DEFAULT_NETPORT_ACTIVE "2003"
40 #define RPCAP_DEFAULT_NETADDR ""	/* Default network address on which the RPCAP daemon binds to. */
41 
42 /*
43  * Minimum and maximum supported versions of the protocol.
44  *
45  * If new message types are added, the protocol version MUST be changed,
46  * so that a client knows, from the negotiated protocol version, what
47  * messages can be sent to the server.
48  *
49  * If the format of an existing message type is changed, the protocol
50  * version MUST be changed, so that each side knows, from the negotiated
51  * protocol version, what format should be used.
52  *
53  * The RPCAP_MSG_ERROR format MUST not change, as it's used to, among
54  * other things, report "incorrect version number" errors, where, if
55  * the format changed, the sender of the message might not know what
56  * versions the recipient would understand, or might know a version
57  * they support (the version number they sent) but might not know
58  * the format of the message in that version.
59  *
60  * Other message versions SHOULD not change, as that would complicate
61  * the process of interpreting the message, making it version-dependent.
62  * Introducing a new message with a new format is preferable.
63  *
64  * Version negotiation is done as part of the authentication process:
65  *
66  * The client sends an authentication request, with a version number
67  * of 0.  All servers must accept authentication requests with a version
68  * number of 0, even if they don't support version 0 for any other
69  * requests.
70  *
71  * The server attempts to authenticate the client.  If that succeeds,
72  * older servers - which only support version 0 - will send an
73  * authentication reply with no payload.  Newer servers - which might
74  * support other versions - will send an authentication reply with
75  * a payload giving the minimum and maximum versions it supports.
76  *
77  * The client attempts to find the largest version number that is
78  * in both its range of supported versions and the server's supported
79  * versions.  If it fails, it gives up; otherwise, it uses that version.
80  */
81 #define RPCAP_MIN_VERSION 0
82 #define RPCAP_MAX_VERSION 0
83 
84 /*
85  * Version numbers are unsigned, so if RPCAP_MIN_VERSION is 0, they
86  * are >= the minimum version, by definition; don't check against
87  * RPCAP_MIN_VERSION, as you may get compiler warnings that the
88  * comparison will always succeed.
89  */
90 #if RPCAP_MIN_VERSION == 0
91 #define RPCAP_VERSION_IS_SUPPORTED(v)	\
92 	((v) <= RPCAP_MAX_VERSION)
93 #else
94 #define RPCAP_VERSION_IS_SUPPORTED(v)	\
95 	((v) >= RPCAP_MIN_VERSION && (v) <= RPCAP_MAX_VERSION)
96 #endif
97 
98 /*
99  * Separators used for the host list.
100  *
101  * It is used:
102  * - by the rpcapd daemon, when you types a list of allowed connecting hosts
103  * - by the rpcap client in active mode, when the client waits for incoming
104  * connections from other hosts
105  */
106 #define RPCAP_HOSTLIST_SEP " ,;\n\r"
107 
108 /*********************************************************
109  *                                                       *
110  * Protocol messages formats                             *
111  *                                                       *
112  *********************************************************/
113 /*
114  * WARNING: This file defines some structures that are used to transfer
115  * data on the network.
116  * Note that your compiler MUST not insert padding into these structures
117  * for better alignment.
118  * These structures have been created in order to be correctly aligned to
119  * a 32-bit boundary, but be careful in any case.
120  *
121  * The layout of these structures MUST not be changed.  If a packet
122  * format is different in different versions of the protocol, versions
123  * of the structure should be provided for all the different versions or
124  * version ranges (if more than one version of the protocol has the same
125  * layout) that we support.
126  */
127 
128 /*
129  * WARNING: These typedefs MUST be of a specific size.
130  * You might have to change them on your platform.
131  *
132  * XXX - use the C99 types?  Microsoft's newer versions of Visual Studio
133  * support them.
134  */
135 #ifndef __HAIKU__
136 typedef unsigned char uint8;	/* 8-bit unsigned integer */
137 typedef unsigned short uint16;	/* 16-bit unsigned integer */
138 typedef unsigned int uint32;	/* 32-bit unsigned integer */
139 typedef int int32;		/* 32-bit signed integer */
140 #else
141 #include <os/support/SupportDefs.h>
142 #endif
143 
144 /* Common header for all the RPCAP messages */
145 struct rpcap_header
146 {
147 	uint8 ver;	/* RPCAP version number */
148 	uint8 type;	/* RPCAP message type (error, findalldevs, ...) */
149 	uint16 value;	/* Message-dependent value (not always used) */
150 	uint32 plen;	/* Length of the payload of this RPCAP message */
151 };
152 
153 /*
154  * Format of data that may appear at the end of an authentication reply,
155  * giving the minimum and maximum versions of the protocol that the
156  * server supports.
157  *
158  * Older servers don't provide this; they support only version 0.
159  */
160 struct rpcap_authreply
161 {
162 	uint8 minvers;			/* Minimum version supported */
163 	uint8 maxvers;			/* Maximum version supported */
164 	uint8 pad[2];			/* Pad to 4-byte boundary **/
165 	uint32 byte_order_magic;	/* RPCAP_BYTE_ORDER_MAGIC, in server byte order */
166 };
167 
168 /*
169  * Any resemblance between this and the pcap file magic number
170  * is purely coincidental, trust me.
171  */
172 #define RPCAP_BYTE_ORDER_MAGIC		0xa1b2c3d4U
173 #define RPCAP_BYTE_ORDER_MAGIC_SWAPPED	0xd4c3b2a1U
174 
175 /*
176  * Older version of authentication reply, without byte order indication
177  * and padding.
178  */
179 struct rpcap_authreply_old
180 {
181 	uint8 minvers;	/* Minimum version supported */
182 	uint8 maxvers;	/* Maximum version supported */
183 };
184 
185 /* Format of the message for the interface description (findalldevs command) */
186 struct rpcap_findalldevs_if
187 {
188 	uint16 namelen;	/* Length of the interface name */
189 	uint16 desclen;	/* Length of the interface description */
190 	uint32 flags;	/* Interface flags */
191 	uint16 naddr;	/* Number of addresses */
192 	uint16 dummy;	/* Must be zero */
193 };
194 
195 /*
196  * Format of an address as sent over the wire.
197  *
198  * Do *NOT* use struct sockaddr_storage, as the layout for that is
199  * machine-dependent.
200  *
201  * RFC 2553 gives two sample layouts, both of which are 128 bytes long,
202  * both of which are aligned on an 8-byte boundary, and both of which
203  * have 2 bytes before the address data.
204  *
205  * However, one has a 2-byte address family value at the beginning
206  * and the other has a 1-byte address length value and a 1-byte
207  * address family value; this reflects the fact that the original
208  * BSD sockaddr structure had a 2-byte address family value, which
209  * was later changed to a 1-byte address length value and a 1-byte
210  * address family value, when support for variable-length OSI
211  * network-layer addresses was added.
212  *
213  * Furthermore, Solaris's struct sockaddr_storage is 256 bytes
214  * long.
215  *
216  * This structure is supposed to be aligned on an 8-byte boundary;
217  * the message header is 8 bytes long, so we don't have to do
218  * anything to ensure it's aligned on that boundary within a packet,
219  * so we just define it as 128 bytes long, with a 2-byte address
220  * family.  (We only support IPv4 and IPv6 addresses, which are fixed-
221  * length.)  That way, it's the same size as sockaddr_storage on
222  * Windows, and it'll look like what an older Windows client will
223  * expect.
224  *
225  * In addition, do *NOT* use the host's AF_ value for an address,
226  * as the value for AF_INET6 is machine-dependent.  We use the
227  * Windows value, so it'll look like what an older Windows client
228  * will expect.
229  *
230  * (The Windows client is the only one that has been distributed
231  * as a standard part of *pcap; UN*X clients are probably built
232  * from source by the user or administrator, so they're in a
233  * better position to upgrade an old client.  Therefore, we
234  * try to make what goes over the wire look like what comes
235  * from a Windows server.)
236  */
237 struct rpcap_sockaddr
238 {
239 	uint16	family;			/* Address family */
240 	char	data[128-2];		/* Data */
241 };
242 
243 /*
244  * Format of an IPv4 address as sent over the wire.
245  */
246 #define RPCAP_AF_INET	2		/* Value on all OSes except for Haiku */
247 struct rpcap_sockaddr_in
248 {
249 	uint16	family;			/* Address family */
250 	uint16	port;			/* Port number */
251 	uint32	addr;			/* IPv4 address */
252 	uint8	zero[8];		/* Padding */
253 };
254 
255 /*
256  * Format of an IPv6 address as sent over the wire.
257  */
258 #define RPCAP_AF_INET6	23		/* Value on Windows */
259 struct rpcap_sockaddr_in6
260 {
261 	uint16	family;			/* Address family */
262 	uint16	port;			/* Port number */
263 	uint32	flowinfo;		/* IPv6 flow information */
264 	uint8	addr[16];		/* IPv6 address */
265 	uint32	scope_id;		/* Scope zone index */
266 };
267 
268 /* Format of the message for the address listing (findalldevs command) */
269 struct rpcap_findalldevs_ifaddr
270 {
271 	struct rpcap_sockaddr addr;		/* Network address */
272 	struct rpcap_sockaddr netmask;		/* Netmask for that address */
273 	struct rpcap_sockaddr broadaddr;	/* Broadcast address for that address */
274 	struct rpcap_sockaddr dstaddr;		/* P2P destination address for that address */
275 };
276 
277 /*
278  * \brief Format of the message of the connection opening reply (open command).
279  *
280  * This structure transfers over the network some of the values useful on the client side.
281  */
282 struct rpcap_openreply
283 {
284 	int32 linktype;	/* Link type */
285 	int32 tzoff;	/* Timezone offset - not used by newer clients */
286 };
287 
288 /* Format of the message that starts a remote capture (startcap command) */
289 struct rpcap_startcapreq
290 {
291 	uint32 snaplen;		/* Length of the snapshot (number of bytes to capture for each packet) */
292 	uint32 read_timeout;	/* Read timeout in milliseconds */
293 	uint16 flags;		/* Flags (see RPCAP_STARTCAPREQ_FLAG_xxx) */
294 	uint16 portdata;	/* Network port on which the client is waiting at (if 'serveropen') */
295 };
296 
297 /* Format of the reply message that devoted to start a remote capture (startcap reply command) */
298 struct rpcap_startcapreply
299 {
300 	int32 bufsize;		/* Size of the user buffer allocated by WinPcap; it can be different from the one we chose */
301 	uint16 portdata;	/* Network port on which the server is waiting at (passive mode only) */
302 	uint16 dummy;		/* Must be zero */
303 };
304 
305 /*
306  * \brief Format of the header which encapsulates captured packets when transmitted on the network.
307  *
308  * This message requires the general header as well, since we want to be able to exchange
309  * more information across the network in the future (for example statistics, and kind like that).
310  */
311 struct rpcap_pkthdr
312 {
313 	/*
314 	 * This protocol needs to be updated with a new version before
315 	 * 2038-01-19 03:14:07 UTC.
316 	 */
317 	uint32 timestamp_sec;	/* 'struct timeval' compatible, it represents the 'tv_sec' field */
318 	uint32 timestamp_usec;	/* 'struct timeval' compatible, it represents the 'tv_usec' field */
319 	uint32 caplen;		/* Length of portion present in the capture */
320 	uint32 len;		/* Real length of this packet (off wire) */
321 	uint32 npkt;		/* Ordinal number of the packet (i.e. the first one captured has '1', the second one '2', etc) */
322 };
323 
324 /* General header used for the pcap_setfilter() command; keeps just the number of BPF instructions */
325 struct rpcap_filter
326 {
327 	uint16 filtertype;	/* type of the filter transferred (BPF instructions, ...) */
328 	uint16 dummy;		/* Must be zero */
329 	uint32 nitems;		/* Number of items contained into the filter (e.g. BPF instructions for BPF filters) */
330 };
331 
332 /* Structure that keeps a single BPF instruction; it is repeated 'ninsn' times according to the 'rpcap_filterbpf' header */
333 struct rpcap_filterbpf_insn
334 {
335 	uint16 code;	/* opcode of the instruction */
336 	uint8 jt;	/* relative offset to jump to in case of 'true' */
337 	uint8 jf;	/* relative offset to jump to in case of 'false' */
338 	int32 k;	/* instruction-dependent value */
339 };
340 
341 /* Structure that keeps the data required for the authentication on the remote host */
342 struct rpcap_auth
343 {
344 	uint16 type;	/* Authentication type */
345 	uint16 dummy;	/* Must be zero */
346 	uint16 slen1;	/* Length of the first authentication item (e.g. username) */
347 	uint16 slen2;	/* Length of the second authentication item (e.g. password) */
348 };
349 
350 /* Structure that keeps the statistics about the number of packets captured, dropped, etc. */
351 struct rpcap_stats
352 {
353 	uint32 ifrecv;		/* Packets received by the kernel filter (i.e. pcap_stats.ps_recv) */
354 	uint32 ifdrop;		/* Packets dropped by the network interface (e.g. not enough buffers) (i.e. pcap_stats.ps_ifdrop) */
355 	uint32 krnldrop;	/* Packets dropped by the kernel filter (i.e. pcap_stats.ps_drop) */
356 	uint32 svrcapt;		/* Packets captured by the RPCAP daemon and sent on the network */
357 };
358 
359 /* Structure that is needed to set sampling parameters */
360 struct rpcap_sampling
361 {
362 	uint8 method;	/* Sampling method */
363 	uint8 dummy1;	/* Must be zero */
364 	uint16 dummy2;	/* Must be zero */
365 	uint32 value;	/* Parameter related to the sampling method */
366 };
367 
368 /*
369  * Messages field coding.
370  *
371  * These values are used in messages sent over the network, and MUST
372  * not be changed.
373  */
374 #define RPCAP_MSG_IS_REPLY		0x080	/* Flag indicating a reply */
375 
376 #define RPCAP_MSG_ERROR			0x01	/* Message that keeps an error notification */
377 #define RPCAP_MSG_FINDALLIF_REQ		0x02	/* Request to list all the remote interfaces */
378 #define RPCAP_MSG_OPEN_REQ		0x03	/* Request to open a remote device */
379 #define RPCAP_MSG_STARTCAP_REQ		0x04	/* Request to start a capture on a remote device */
380 #define RPCAP_MSG_UPDATEFILTER_REQ	0x05	/* Send a compiled filter into the remote device */
381 #define RPCAP_MSG_CLOSE			0x06	/* Close the connection with the remote peer */
382 #define RPCAP_MSG_PACKET		0x07	/* This is a 'data' message, which carries a network packet */
383 #define RPCAP_MSG_AUTH_REQ		0x08	/* Message that keeps the authentication parameters */
384 #define RPCAP_MSG_STATS_REQ		0x09	/* It requires to have network statistics */
385 #define RPCAP_MSG_ENDCAP_REQ		0x0A	/* Stops the current capture, keeping the device open */
386 #define RPCAP_MSG_SETSAMPLING_REQ	0x0B	/* Set sampling parameters */
387 
388 #define RPCAP_MSG_FINDALLIF_REPLY	(RPCAP_MSG_FINDALLIF_REQ | RPCAP_MSG_IS_REPLY)		/* Keeps the list of all the remote interfaces */
389 #define RPCAP_MSG_OPEN_REPLY		(RPCAP_MSG_OPEN_REQ | RPCAP_MSG_IS_REPLY)		/* The remote device has been opened correctly */
390 #define RPCAP_MSG_STARTCAP_REPLY	(RPCAP_MSG_STARTCAP_REQ | RPCAP_MSG_IS_REPLY)		/* The capture is starting correctly */
391 #define RPCAP_MSG_UPDATEFILTER_REPLY	(RPCAP_MSG_UPDATEFILTER_REQ | RPCAP_MSG_IS_REPLY)	/* The filter has been applied correctly on the remote device */
392 #define RPCAP_MSG_AUTH_REPLY		(RPCAP_MSG_AUTH_REQ | RPCAP_MSG_IS_REPLY)		/* Sends a message that says 'ok, authorization successful' */
393 #define RPCAP_MSG_STATS_REPLY		(RPCAP_MSG_STATS_REQ | RPCAP_MSG_IS_REPLY)		/* Message that keeps the network statistics */
394 #define RPCAP_MSG_ENDCAP_REPLY		(RPCAP_MSG_ENDCAP_REQ | RPCAP_MSG_IS_REPLY)		/* Confirms that the capture stopped successfully */
395 #define RPCAP_MSG_SETSAMPLING_REPLY	(RPCAP_MSG_SETSAMPLING_REQ | RPCAP_MSG_IS_REPLY)		/* Confirms that the capture stopped successfully */
396 
397 #define RPCAP_STARTCAPREQ_FLAG_PROMISC		0x00000001	/* Enables promiscuous mode (default: disabled) */
398 #define RPCAP_STARTCAPREQ_FLAG_DGRAM		0x00000002	/* Use a datagram (i.e. UDP) connection for the data stream (default: use TCP)*/
399 #define RPCAP_STARTCAPREQ_FLAG_SERVEROPEN	0x00000004	/* The server has to open the data connection toward the client */
400 #define RPCAP_STARTCAPREQ_FLAG_INBOUND		0x00000008	/* Capture only inbound packets (take care: the flag has no effect with promiscuous enabled) */
401 #define RPCAP_STARTCAPREQ_FLAG_OUTBOUND		0x00000010	/* Capture only outbound packets (take care: the flag has no effect with promiscuous enabled) */
402 
403 #define RPCAP_UPDATEFILTER_BPF 1			/* This code tells us that the filter is encoded with the BPF/NPF syntax */
404 
405 /*
406  * Network error codes.
407  *
408  * These values are used in messages sent over the network, and MUST
409  * not be changed.
410  */
411 #define PCAP_ERR_NETW			1	/* Network error */
412 #define PCAP_ERR_INITTIMEOUT		2	/* The RPCAP initial timeout has expired */
413 #define PCAP_ERR_AUTH			3	/* Generic authentication error */
414 #define PCAP_ERR_FINDALLIF		4	/* Generic findalldevs error */
415 #define PCAP_ERR_NOREMOTEIF		5	/* The findalldevs was ok, but the remote end had no interfaces to list */
416 #define PCAP_ERR_OPEN			6	/* Generic pcap_open error */
417 #define PCAP_ERR_UPDATEFILTER		7	/* Generic updatefilter error */
418 #define PCAP_ERR_GETSTATS		8	/* Generic pcap_stats error */
419 #define PCAP_ERR_READEX			9	/* Generic pcap_next_ex error */
420 #define PCAP_ERR_HOSTNOAUTH		10	/* The host is not authorized to connect to this server */
421 #define PCAP_ERR_REMOTEACCEPT		11	/* Generic pcap_remoteaccept error */
422 #define PCAP_ERR_STARTCAPTURE		12	/* Generic pcap_startcapture error */
423 #define PCAP_ERR_ENDCAPTURE		13	/* Generic pcap_endcapture error */
424 #define PCAP_ERR_RUNTIMETIMEOUT		14	/* The RPCAP run-time timeout has expired */
425 #define PCAP_ERR_SETSAMPLING		15	/* Error during the settings of sampling parameters */
426 #define PCAP_ERR_WRONGMSG		16	/* The other end endpoint sent a message which has not been recognized */
427 #define PCAP_ERR_WRONGVER		17	/* The other end endpoint has a version number that is not compatible with our */
428 #define PCAP_ERR_AUTH_FAILED		18	/* The user couldn't be authenticated */
429 #define PCAP_ERR_TLS_REQUIRED		19	/* The server requires TLS to connect */
430 #define PCAP_ERR_AUTH_TYPE_NOTSUP	20	/* The authentication type isn't supported */
431 
432 /*
433  * \brief Buffer used by socket functions to send-receive packets.
434  * In case you plan to have messages larger than this value, you have to increase it.
435  */
436 #define RPCAP_NETBUF_SIZE 64000
437 
438 /*********************************************************
439  *                                                       *
440  * Routines used by the rpcap client and rpcap daemon    *
441  *                                                       *
442  *********************************************************/
443 
444 #include "sockutils.h"
445 #include "sslutils.h"
446 
447 extern void rpcap_createhdr(struct rpcap_header *header, uint8 ver, uint8 type, uint16 value, uint32 length);
448 extern const char *rpcap_msg_type_string(uint8 type);
449 extern int rpcap_senderror(PCAP_SOCKET sock, SSL *ssl, uint8 ver, uint16 errcode, const char *error, char *errbuf);
450 
451 #endif
452