xref: /freebsd/contrib/libpcap/pcap/pcap.h (revision 370e009188ba90c3290b1479aa06ec98b66e140a)
1 /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
2 /*
3  * Copyright (c) 1993, 1994, 1995, 1996, 1997
4  *	The Regents of the University of California.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. All advertising materials mentioning features or use of this software
15  *    must display the following acknowledgement:
16  *	This product includes software developed by the Computer Systems
17  *	Engineering Group at Lawrence Berkeley Laboratory.
18  * 4. Neither the name of the University nor of the Laboratory may be used
19  *    to endorse or promote products derived from this software without
20  *    specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 /*
36  * Remote packet capture mechanisms and extensions from WinPcap:
37  *
38  * Copyright (c) 2002 - 2003
39  * NetGroup, Politecnico di Torino (Italy)
40  * All rights reserved.
41  *
42  * Redistribution and use in source and binary forms, with or without
43  * modification, are permitted provided that the following conditions
44  * are met:
45  *
46  * 1. Redistributions of source code must retain the above copyright
47  * notice, this list of conditions and the following disclaimer.
48  * 2. Redistributions in binary form must reproduce the above copyright
49  * notice, this list of conditions and the following disclaimer in the
50  * documentation and/or other materials provided with the distribution.
51  * 3. Neither the name of the Politecnico di Torino nor the names of its
52  * contributors may be used to endorse or promote products derived from
53  * this software without specific prior written permission.
54  *
55  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
56  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
57  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
58  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
59  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
60  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
61  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
62  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
63  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
64  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
65  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
66  *
67  */
68 
69 #ifndef lib_pcap_pcap_h
70 #define lib_pcap_pcap_h
71 
72 #include <pcap/funcattrs.h>
73 
74 #include <pcap/pcap-inttypes.h>
75 
76 #if defined(_WIN32)
77   #include <winsock2.h>		/* u_int, u_char etc. */
78   #include <io.h>		/* _get_osfhandle() */
79 #elif defined(MSDOS)
80   #include <sys/types.h>	/* u_int, u_char etc. */
81   #include <sys/socket.h>
82 #else /* UN*X */
83   #include <sys/types.h>	/* u_int, u_char etc. */
84   #include <sys/time.h>
85 #endif /* _WIN32/MSDOS/UN*X */
86 
87 #include <pcap/socket.h>	/* for SOCKET, as the active-mode rpcap APIs use it */
88 
89 #ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H
90 #include <pcap/bpf.h>
91 #endif
92 
93 #include <stdio.h>
94 
95 #ifdef __cplusplus
96 extern "C" {
97 #endif
98 
99 /*
100  * Version number of the current version of the pcap file format.
101  *
102  * NOTE: this is *NOT* the version number of the libpcap library.
103  * To fetch the version information for the version of libpcap
104  * you're using, use pcap_lib_version().
105  */
106 #define PCAP_VERSION_MAJOR 2
107 #define PCAP_VERSION_MINOR 4
108 
109 #define PCAP_ERRBUF_SIZE 256
110 
111 /*
112  * Compatibility for systems that have a bpf.h that
113  * predates the bpf typedefs for 64-bit support.
114  */
115 #if BPF_RELEASE - 0 < 199406
116 typedef	int bpf_int32;
117 typedef	u_int bpf_u_int32;
118 #endif
119 
120 typedef struct pcap pcap_t;
121 typedef struct pcap_dumper pcap_dumper_t;
122 typedef struct pcap_if pcap_if_t;
123 typedef struct pcap_addr pcap_addr_t;
124 
125 /*
126  * The first record in the file contains saved values for some
127  * of the flags used in the printout phases of tcpdump.
128  * Many fields here are 32 bit ints so compilers won't insert unwanted
129  * padding; these files need to be interchangeable across architectures.
130  *
131  * Do not change the layout of this structure, in any way (this includes
132  * changes that only affect the length of fields in this structure).
133  *
134  * Also, do not change the interpretation of any of the members of this
135  * structure, in any way (this includes using values other than
136  * LINKTYPE_ values, as defined in "savefile.c", in the "linktype"
137  * field).
138  *
139  * Instead:
140  *
141  *	introduce a new structure for the new format, if the layout
142  *	of the structure changed;
143  *
144  *	send mail to "tcpdump-workers@lists.tcpdump.org", requesting
145  *	a new magic number for your new capture file format, and, when
146  *	you get the new magic number, put it in "savefile.c";
147  *
148  *	use that magic number for save files with the changed file
149  *	header;
150  *
151  *	make the code in "savefile.c" capable of reading files with
152  *	the old file header as well as files with the new file header
153  *	(using the magic number to determine the header format).
154  *
155  * Then supply the changes by forking the branch at
156  *
157  *	https://github.com/the-tcpdump-group/libpcap/issues
158  *
159  * and issuing a pull request, so that future versions of libpcap and
160  * programs that use it (such as tcpdump) will be able to read your new
161  * capture file format.
162  */
163 struct pcap_file_header {
164 	bpf_u_int32 magic;
165 	u_short version_major;
166 	u_short version_minor;
167 	bpf_int32 thiszone;	/* gmt to local correction */
168 	bpf_u_int32 sigfigs;	/* accuracy of timestamps */
169 	bpf_u_int32 snaplen;	/* max length saved portion of each pkt */
170 	bpf_u_int32 linktype;	/* data link type (LINKTYPE_*) */
171 };
172 
173 /*
174  * Macros for the value returned by pcap_datalink_ext().
175  *
176  * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro
177  * gives the FCS length of packets in the capture.
178  */
179 #define LT_FCS_LENGTH_PRESENT(x)	((x) & 0x04000000)
180 #define LT_FCS_LENGTH(x)		(((x) & 0xF0000000) >> 28)
181 #define LT_FCS_DATALINK_EXT(x)		((((x) & 0xF) << 28) | 0x04000000)
182 
183 typedef enum {
184        PCAP_D_INOUT = 0,
185        PCAP_D_IN,
186        PCAP_D_OUT
187 } pcap_direction_t;
188 
189 /*
190  * Generic per-packet information, as supplied by libpcap.
191  *
192  * The time stamp can and should be a "struct timeval", regardless of
193  * whether your system supports 32-bit tv_sec in "struct timeval",
194  * 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit
195  * and 64-bit applications.  The on-disk format of savefiles uses 32-bit
196  * tv_sec (and tv_usec); this structure is irrelevant to that.  32-bit
197  * and 64-bit versions of libpcap, even if they're on the same platform,
198  * should supply the appropriate version of "struct timeval", even if
199  * that's not what the underlying packet capture mechanism supplies.
200  */
201 struct pcap_pkthdr {
202 	struct timeval ts;	/* time stamp */
203 	bpf_u_int32 caplen;	/* length of portion present */
204 	bpf_u_int32 len;	/* length this packet (off wire) */
205 };
206 
207 /*
208  * As returned by the pcap_stats()
209  */
210 struct pcap_stat {
211 	u_int ps_recv;		/* number of packets received */
212 	u_int ps_drop;		/* number of packets dropped */
213 	u_int ps_ifdrop;	/* drops by interface -- only supported on some platforms */
214 #ifdef _WIN32
215 	u_int ps_capt;		/* number of packets that reach the application */
216 	u_int ps_sent;		/* number of packets sent by the server on the network */
217 	u_int ps_netdrop;	/* number of packets lost on the network */
218 #endif /* _WIN32 */
219 };
220 
221 #ifdef MSDOS
222 /*
223  * As returned by the pcap_stats_ex()
224  */
225 struct pcap_stat_ex {
226        u_long  rx_packets;        /* total packets received       */
227        u_long  tx_packets;        /* total packets transmitted    */
228        u_long  rx_bytes;          /* total bytes received         */
229        u_long  tx_bytes;          /* total bytes transmitted      */
230        u_long  rx_errors;         /* bad packets received         */
231        u_long  tx_errors;         /* packet transmit problems     */
232        u_long  rx_dropped;        /* no space in Rx buffers       */
233        u_long  tx_dropped;        /* no space available for Tx    */
234        u_long  multicast;         /* multicast packets received   */
235        u_long  collisions;
236 
237        /* detailed rx_errors: */
238        u_long  rx_length_errors;
239        u_long  rx_over_errors;    /* receiver ring buff overflow  */
240        u_long  rx_crc_errors;     /* recv'd pkt with crc error    */
241        u_long  rx_frame_errors;   /* recv'd frame alignment error */
242        u_long  rx_fifo_errors;    /* recv'r fifo overrun          */
243        u_long  rx_missed_errors;  /* recv'r missed packet         */
244 
245        /* detailed tx_errors */
246        u_long  tx_aborted_errors;
247        u_long  tx_carrier_errors;
248        u_long  tx_fifo_errors;
249        u_long  tx_heartbeat_errors;
250        u_long  tx_window_errors;
251      };
252 #endif
253 
254 /*
255  * Item in a list of interfaces.
256  */
257 struct pcap_if {
258 	struct pcap_if *next;
259 	char *name;		/* name to hand to "pcap_open_live()" */
260 	char *description;	/* textual description of interface, or NULL */
261 	struct pcap_addr *addresses;
262 	bpf_u_int32 flags;	/* PCAP_IF_ interface flags */
263 };
264 
265 #define PCAP_IF_LOOPBACK				0x00000001	/* interface is loopback */
266 #define PCAP_IF_UP					0x00000002	/* interface is up */
267 #define PCAP_IF_RUNNING					0x00000004	/* interface is running */
268 #define PCAP_IF_WIRELESS				0x00000008	/* interface is wireless (*NOT* necessarily Wi-Fi!) */
269 #define PCAP_IF_CONNECTION_STATUS			0x00000030	/* connection status: */
270 #define PCAP_IF_CONNECTION_STATUS_UNKNOWN		0x00000000	/* unknown */
271 #define PCAP_IF_CONNECTION_STATUS_CONNECTED		0x00000010	/* connected */
272 #define PCAP_IF_CONNECTION_STATUS_DISCONNECTED		0x00000020	/* disconnected */
273 #define PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE	0x00000030	/* not applicable */
274 
275 /*
276  * Representation of an interface address.
277  */
278 struct pcap_addr {
279 	struct pcap_addr *next;
280 	struct sockaddr *addr;		/* address */
281 	struct sockaddr *netmask;	/* netmask for that address */
282 	struct sockaddr *broadaddr;	/* broadcast address for that address */
283 	struct sockaddr *dstaddr;	/* P2P destination address for that address */
284 };
285 
286 typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
287 			     const u_char *);
288 
289 /*
290  * Error codes for the pcap API.
291  * These will all be negative, so you can check for the success or
292  * failure of a call that returns these codes by checking for a
293  * negative value.
294  */
295 #define PCAP_ERROR			-1	/* generic error code */
296 #define PCAP_ERROR_BREAK		-2	/* loop terminated by pcap_breakloop */
297 #define PCAP_ERROR_NOT_ACTIVATED	-3	/* the capture needs to be activated */
298 #define PCAP_ERROR_ACTIVATED		-4	/* the operation can't be performed on already activated captures */
299 #define PCAP_ERROR_NO_SUCH_DEVICE	-5	/* no such device exists */
300 #define PCAP_ERROR_RFMON_NOTSUP		-6	/* this device doesn't support rfmon (monitor) mode */
301 #define PCAP_ERROR_NOT_RFMON		-7	/* operation supported only in monitor mode */
302 #define PCAP_ERROR_PERM_DENIED		-8	/* no permission to open the device */
303 #define PCAP_ERROR_IFACE_NOT_UP		-9	/* interface isn't up */
304 #define PCAP_ERROR_CANTSET_TSTAMP_TYPE	-10	/* this device doesn't support setting the time stamp type */
305 #define PCAP_ERROR_PROMISC_PERM_DENIED	-11	/* you don't have permission to capture in promiscuous mode */
306 #define PCAP_ERROR_TSTAMP_PRECISION_NOTSUP -12  /* the requested time stamp precision is not supported */
307 
308 /*
309  * Warning codes for the pcap API.
310  * These will all be positive and non-zero, so they won't look like
311  * errors.
312  */
313 #define PCAP_WARNING			1	/* generic warning code */
314 #define PCAP_WARNING_PROMISC_NOTSUP	2	/* this device doesn't support promiscuous mode */
315 #define PCAP_WARNING_TSTAMP_TYPE_NOTSUP	3	/* the requested time stamp type is not supported */
316 
317 /*
318  * Value to pass to pcap_compile() as the netmask if you don't know what
319  * the netmask is.
320  */
321 #define PCAP_NETMASK_UNKNOWN	0xffffffff
322 
323 /*
324  * We're deprecating pcap_lookupdev() for various reasons (not
325  * thread-safe, can behave weirdly with WinPcap).  Callers
326  * should use pcap_findalldevs() and use the first device.
327  */
328 PCAP_API char	*pcap_lookupdev(char *)
329 PCAP_DEPRECATED(pcap_lookupdev, "use 'pcap_findalldevs' and use the first device");
330 
331 PCAP_API int	pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
332 
333 PCAP_API pcap_t	*pcap_create(const char *, char *);
334 PCAP_API int	pcap_set_snaplen(pcap_t *, int);
335 PCAP_API int	pcap_set_promisc(pcap_t *, int);
336 PCAP_API int	pcap_can_set_rfmon(pcap_t *);
337 PCAP_API int	pcap_set_rfmon(pcap_t *, int);
338 PCAP_API int	pcap_set_timeout(pcap_t *, int);
339 PCAP_API int	pcap_set_tstamp_type(pcap_t *, int);
340 PCAP_API int	pcap_set_immediate_mode(pcap_t *, int);
341 PCAP_API int	pcap_set_buffer_size(pcap_t *, int);
342 PCAP_API int	pcap_set_tstamp_precision(pcap_t *, int);
343 PCAP_API int	pcap_get_tstamp_precision(pcap_t *);
344 PCAP_API int	pcap_activate(pcap_t *);
345 
346 PCAP_API int	pcap_list_tstamp_types(pcap_t *, int **);
347 PCAP_API void	pcap_free_tstamp_types(int *);
348 PCAP_API int	pcap_tstamp_type_name_to_val(const char *);
349 PCAP_API const char *pcap_tstamp_type_val_to_name(int);
350 PCAP_API const char *pcap_tstamp_type_val_to_description(int);
351 
352 #ifdef __linux__
353 PCAP_API int	pcap_set_protocol_linux(pcap_t *, int);
354 #endif
355 
356 /*
357  * Time stamp types.
358  * Not all systems and interfaces will necessarily support all of these.
359  *
360  * A system that supports PCAP_TSTAMP_HOST is offering time stamps
361  * provided by the host machine, rather than by the capture device,
362  * but not committing to any characteristics of the time stamp;
363  * it will not offer any of the PCAP_TSTAMP_HOST_ subtypes.
364  *
365  * PCAP_TSTAMP_HOST_LOWPREC is a time stamp, provided by the host machine,
366  * that's low-precision but relatively cheap to fetch; it's normally done
367  * using the system clock, so it's normally synchronized with times you'd
368  * fetch from system calls.
369  *
370  * PCAP_TSTAMP_HOST_HIPREC is a time stamp, provided by the host machine,
371  * that's high-precision; it might be more expensive to fetch.  It might
372  * or might not be synchronized with the system clock, and might have
373  * problems with time stamps for packets received on different CPUs,
374  * depending on the platform.
375  *
376  * PCAP_TSTAMP_ADAPTER is a high-precision time stamp supplied by the
377  * capture device; it's synchronized with the system clock.
378  *
379  * PCAP_TSTAMP_ADAPTER_UNSYNCED is a high-precision time stamp supplied by
380  * the capture device; it's not synchronized with the system clock.
381  *
382  * Note that time stamps synchronized with the system clock can go
383  * backwards, as the system clock can go backwards.  If a clock is
384  * not in sync with the system clock, that could be because the
385  * system clock isn't keeping accurate time, because the other
386  * clock isn't keeping accurate time, or both.
387  *
388  * Note that host-provided time stamps generally correspond to the
389  * time when the time-stamping code sees the packet; this could
390  * be some unknown amount of time after the first or last bit of
391  * the packet is received by the network adapter, due to batching
392  * of interrupts for packet arrival, queueing delays, etc..
393  */
394 #define PCAP_TSTAMP_HOST		0	/* host-provided, unknown characteristics */
395 #define PCAP_TSTAMP_HOST_LOWPREC	1	/* host-provided, low precision */
396 #define PCAP_TSTAMP_HOST_HIPREC		2	/* host-provided, high precision */
397 #define PCAP_TSTAMP_ADAPTER		3	/* device-provided, synced with the system clock */
398 #define PCAP_TSTAMP_ADAPTER_UNSYNCED	4	/* device-provided, not synced with the system clock */
399 
400 /*
401  * Time stamp resolution types.
402  * Not all systems and interfaces will necessarily support all of these
403  * resolutions when doing live captures; all of them can be requested
404  * when reading a savefile.
405  */
406 #define PCAP_TSTAMP_PRECISION_MICRO	0	/* use timestamps with microsecond precision, default */
407 #define PCAP_TSTAMP_PRECISION_NANO	1	/* use timestamps with nanosecond precision */
408 
409 PCAP_API pcap_t	*pcap_open_live(const char *, int, int, int, char *);
410 PCAP_API pcap_t	*pcap_open_dead(int, int);
411 PCAP_API pcap_t	*pcap_open_dead_with_tstamp_precision(int, int, u_int);
412 PCAP_API pcap_t	*pcap_open_offline_with_tstamp_precision(const char *, u_int, char *);
413 PCAP_API pcap_t	*pcap_open_offline(const char *, char *);
414 #ifdef _WIN32
415   PCAP_API pcap_t  *pcap_hopen_offline_with_tstamp_precision(intptr_t, u_int, char *);
416   PCAP_API pcap_t  *pcap_hopen_offline(intptr_t, char *);
417   /*
418    * If we're building libpcap, these are internal routines in savefile.c,
419    * so we must not define them as macros.
420    *
421    * If we're not building libpcap, given that the version of the C runtime
422    * with which libpcap was built might be different from the version
423    * of the C runtime with which an application using libpcap was built,
424    * and that a FILE structure may differ between the two versions of the
425    * C runtime, calls to _fileno() must use the version of _fileno() in
426    * the C runtime used to open the FILE *, not the version in the C
427    * runtime with which libpcap was built.  (Maybe once the Universal CRT
428    * rules the world, this will cease to be a problem.)
429    */
430   #ifndef BUILDING_PCAP
431     #define pcap_fopen_offline_with_tstamp_precision(f,p,b) \
432 	pcap_hopen_offline_with_tstamp_precision(_get_osfhandle(_fileno(f)), p, b)
433     #define pcap_fopen_offline(f,b) \
434 	pcap_hopen_offline(_get_osfhandle(_fileno(f)), b)
435   #endif
436 #else /*_WIN32*/
437   PCAP_API pcap_t	*pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *);
438   PCAP_API pcap_t	*pcap_fopen_offline(FILE *, char *);
439 #endif /*_WIN32*/
440 
441 PCAP_API void	pcap_close(pcap_t *);
442 PCAP_API int	pcap_loop(pcap_t *, int, pcap_handler, u_char *);
443 PCAP_API int	pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
444 PCAP_API const u_char *pcap_next(pcap_t *, struct pcap_pkthdr *);
445 PCAP_API int 	pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
446 PCAP_API void	pcap_breakloop(pcap_t *);
447 PCAP_API int	pcap_stats(pcap_t *, struct pcap_stat *);
448 PCAP_API int	pcap_setfilter(pcap_t *, struct bpf_program *);
449 PCAP_API int 	pcap_setdirection(pcap_t *, pcap_direction_t);
450 PCAP_API int	pcap_getnonblock(pcap_t *, char *);
451 PCAP_API int	pcap_setnonblock(pcap_t *, int, char *);
452 PCAP_API int	pcap_inject(pcap_t *, const void *, size_t);
453 PCAP_API int	pcap_sendpacket(pcap_t *, const u_char *, int);
454 PCAP_API const char *pcap_statustostr(int);
455 PCAP_API const char *pcap_strerror(int);
456 PCAP_API char	*pcap_geterr(pcap_t *);
457 PCAP_API void	pcap_perror(pcap_t *, const char *);
458 PCAP_API int	pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
459 	    bpf_u_int32);
460 PCAP_API int	pcap_compile_nopcap(int, int, struct bpf_program *,
461 	    const char *, int, bpf_u_int32);
462 PCAP_API void	pcap_freecode(struct bpf_program *);
463 PCAP_API int	pcap_offline_filter(const struct bpf_program *,
464 	    const struct pcap_pkthdr *, const u_char *);
465 PCAP_API int	pcap_datalink(pcap_t *);
466 PCAP_API int	pcap_datalink_ext(pcap_t *);
467 PCAP_API int	pcap_list_datalinks(pcap_t *, int **);
468 PCAP_API int	pcap_set_datalink(pcap_t *, int);
469 PCAP_API void	pcap_free_datalinks(int *);
470 PCAP_API int	pcap_datalink_name_to_val(const char *);
471 PCAP_API const char *pcap_datalink_val_to_name(int);
472 PCAP_API const char *pcap_datalink_val_to_description(int);
473 PCAP_API const char *pcap_datalink_val_to_description_or_dlt(int);
474 PCAP_API int	pcap_snapshot(pcap_t *);
475 PCAP_API int	pcap_is_swapped(pcap_t *);
476 PCAP_API int	pcap_major_version(pcap_t *);
477 PCAP_API int	pcap_minor_version(pcap_t *);
478 PCAP_API int	pcap_bufsize(pcap_t *);
479 
480 /* XXX */
481 PCAP_API FILE	*pcap_file(pcap_t *);
482 PCAP_API int	pcap_fileno(pcap_t *);
483 
484 #ifdef _WIN32
485   PCAP_API int	pcap_wsockinit(void);
486 #endif
487 
488 PCAP_API pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
489 #ifdef _WIN32
490   PCAP_API pcap_dumper_t *pcap_dump_hopen(pcap_t *, intptr_t);
491   /*
492    * If we're building libpcap, this is an internal routine in sf-pcap.c, so
493    * we must not define it as a macro.
494    *
495    * If we're not building libpcap, given that the version of the C runtime
496    * with which libpcap was built might be different from the version
497    * of the C runtime with which an application using libpcap was built,
498    * and that a FILE structure may differ between the two versions of the
499    * C runtime, calls to _fileno() must use the version of _fileno() in
500    * the C runtime used to open the FILE *, not the version in the C
501    * runtime with which libpcap was built.  (Maybe once the Universal CRT
502    * rules the world, this will cease to be a problem.)
503    */
504   #ifndef BUILDING_PCAP
505     #define pcap_dump_fopen(p,f) \
506 	pcap_dump_hopen(p, _get_osfhandle(_fileno(f)))
507   #endif
508 #else /*_WIN32*/
509   PCAP_API pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp);
510 #endif /*_WIN32*/
511 PCAP_API pcap_dumper_t *pcap_dump_open_append(pcap_t *, const char *);
512 PCAP_API FILE	*pcap_dump_file(pcap_dumper_t *);
513 PCAP_API long	pcap_dump_ftell(pcap_dumper_t *);
514 PCAP_API int64_t	pcap_dump_ftell64(pcap_dumper_t *);
515 PCAP_API int	pcap_dump_flush(pcap_dumper_t *);
516 PCAP_API void	pcap_dump_close(pcap_dumper_t *);
517 PCAP_API void	pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
518 
519 PCAP_API int	pcap_findalldevs(pcap_if_t **, char *);
520 PCAP_API void	pcap_freealldevs(pcap_if_t *);
521 
522 /*
523  * We return a pointer to the version string, rather than exporting the
524  * version string directly.
525  *
526  * On at least some UNIXes, if you import data from a shared library into
527  * an program, the data is bound into the program binary, so if the string
528  * in the version of the library with which the program was linked isn't
529  * the same as the string in the version of the library with which the
530  * program is being run, various undesirable things may happen (warnings,
531  * the string being the one from the version of the library with which the
532  * program was linked, or even weirder things, such as the string being the
533  * one from the library but being truncated).
534  *
535  * On Windows, the string is constructed at run time.
536  */
537 PCAP_API const char *pcap_lib_version(void);
538 
539 /*
540  * On at least some versions of NetBSD and QNX, we don't want to declare
541  * bpf_filter() here, as it's also be declared in <net/bpf.h>, with a
542  * different signature, but, on other BSD-flavored UN*Xes, it's not
543  * declared in <net/bpf.h>, so we *do* want to declare it here, so it's
544  * declared when we build pcap-bpf.c.
545  */
546 #if !defined(__NetBSD__) && !defined(__QNX__)
547   PCAP_API u_int	bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
548 #endif
549 PCAP_API int	bpf_validate(const struct bpf_insn *f, int len);
550 PCAP_API char	*bpf_image(const struct bpf_insn *, int);
551 PCAP_API void	bpf_dump(const struct bpf_program *, int);
552 
553 #if defined(_WIN32)
554 
555   /*
556    * Win32 definitions
557    */
558 
559   /*!
560     \brief A queue of raw packets that will be sent to the network with pcap_sendqueue_transmit().
561   */
562   struct pcap_send_queue
563   {
564 	u_int maxlen;	/* Maximum size of the queue, in bytes. This
565 			   variable contains the size of the buffer field. */
566 	u_int len;	/* Current size of the queue, in bytes. */
567 	char *buffer;	/* Buffer containing the packets to be sent. */
568   };
569 
570   typedef struct pcap_send_queue pcap_send_queue;
571 
572   /*!
573     \brief This typedef is a support for the pcap_get_airpcap_handle() function
574   */
575   #if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_)
576     #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_
577     typedef struct _AirpcapHandle *PAirpcapHandle;
578   #endif
579 
580   PCAP_API int pcap_setbuff(pcap_t *p, int dim);
581   PCAP_API int pcap_setmode(pcap_t *p, int mode);
582   PCAP_API int pcap_setmintocopy(pcap_t *p, int size);
583 
584   PCAP_API HANDLE pcap_getevent(pcap_t *p);
585 
586   PCAP_API int pcap_oid_get_request(pcap_t *, bpf_u_int32, void *, size_t *);
587   PCAP_API int pcap_oid_set_request(pcap_t *, bpf_u_int32, const void *, size_t *);
588 
589   PCAP_API pcap_send_queue* pcap_sendqueue_alloc(u_int memsize);
590 
591   PCAP_API void pcap_sendqueue_destroy(pcap_send_queue* queue);
592 
593   PCAP_API int pcap_sendqueue_queue(pcap_send_queue* queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data);
594 
595   PCAP_API u_int pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue* queue, int sync);
596 
597   PCAP_API struct pcap_stat *pcap_stats_ex(pcap_t *p, int *pcap_stat_size);
598 
599   PCAP_API int pcap_setuserbuffer(pcap_t *p, int size);
600 
601   PCAP_API int pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks);
602 
603   PCAP_API int pcap_live_dump_ended(pcap_t *p, int sync);
604 
605   PCAP_API int pcap_start_oem(char* err_str, int flags);
606 
607   PCAP_API PAirpcapHandle pcap_get_airpcap_handle(pcap_t *p);
608 
609   #define MODE_CAPT 0
610   #define MODE_STAT 1
611   #define MODE_MON 2
612 
613 #elif defined(MSDOS)
614 
615   /*
616    * MS-DOS definitions
617    */
618 
619   PCAP_API int  pcap_stats_ex (pcap_t *, struct pcap_stat_ex *);
620   PCAP_API void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait);
621   PCAP_API u_long pcap_mac_packets (void);
622 
623 #else /* UN*X */
624 
625   /*
626    * UN*X definitions
627    */
628 
629   PCAP_API int	pcap_get_selectable_fd(pcap_t *);
630   PCAP_API struct timeval *pcap_get_required_select_timeout(pcap_t *);
631 
632 #endif /* _WIN32/MSDOS/UN*X */
633 
634 #if 0	/* Remote capture is disabled on FreeBSD */
635 /*
636  * Remote capture definitions.
637  *
638  * These routines are only present if libpcap has been configured to
639  * include remote capture support.
640  */
641 
642 /*
643  * The maximum buffer size in which address, port, interface names are kept.
644  *
645  * In case the adapter name or such is larger than this value, it is truncated.
646  * This is not used by the user; however it must be aware that an hostname / interface
647  * name longer than this value will be truncated.
648  */
649 #define PCAP_BUF_SIZE 1024
650 
651 /*
652  * The type of input source, passed to pcap_open().
653  */
654 #define PCAP_SRC_FILE		2	/* local savefile */
655 #define PCAP_SRC_IFLOCAL	3	/* local network interface */
656 #define PCAP_SRC_IFREMOTE	4	/* interface on a remote host, using RPCAP */
657 
658 /*
659  * The formats allowed by pcap_open() are the following:
660  * - file://path_and_filename [opens a local file]
661  * - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
662  * - rpcap://host/devicename [opens the selected device available on a remote host]
663  * - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
664  * - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]
665  * - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]
666  *
667  * The formats allowed by the pcap_findalldevs_ex() are the following:
668  * - file://folder/ [lists all the files in the given folder]
669  * - rpcap:// [lists all local adapters]
670  * - rpcap://host:port/ [lists the devices available on a remote host]
671  *
672  * Referring to the 'host' and 'port' parameters, they can be either numeric or literal. Since
673  * IPv6 is fully supported, these are the allowed formats:
674  *
675  * - host (literal): e.g. host.foo.bar
676  * - host (numeric IPv4): e.g. 10.11.12.13
677  * - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]
678  * - host (numeric IPv6): e.g. [1:2:3::4]
679  * - port: can be either numeric (e.g. '80') or literal (e.g. 'http')
680  *
681  * Here you find some allowed examples:
682  * - rpcap://host.foo.bar/devicename [everything literal, no port number]
683  * - rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
684  * - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
685  * - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
686  * - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
687  * - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]
688  * - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]
689  * - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]
690  */
691 
692 /*
693  * URL schemes for capture source.
694  */
695 /*
696  * This string indicates that the user wants to open a capture from a
697  * local file.
698  */
699 #define PCAP_SRC_FILE_STRING "file://"
700 /*
701  * This string indicates that the user wants to open a capture from a
702  * network interface.  This string does not necessarily involve the use
703  * of the RPCAP protocol. If the interface required resides on the local
704  * host, the RPCAP protocol is not involved and the local functions are used.
705  */
706 #define PCAP_SRC_IF_STRING "rpcap://"
707 
708 /*
709  * Flags to pass to pcap_open().
710  */
711 
712 /*
713  * Specifies whether promiscuous mode is to be used.
714  */
715 #define PCAP_OPENFLAG_PROMISCUOUS		0x00000001
716 
717 /*
718  * Specifies, for an RPCAP capture, whether the data transfer (in
719  * case of a remote capture) has to be done with UDP protocol.
720  *
721  * If it is '1' if you want a UDP data connection, '0' if you want
722  * a TCP data connection; control connection is always TCP-based.
723  * A UDP connection is much lighter, but it does not guarantee that all
724  * the captured packets arrive to the client workstation. Moreover,
725  * it could be harmful in case of network congestion.
726  * This flag is meaningless if the source is not a remote interface.
727  * In that case, it is simply ignored.
728  */
729 #define PCAP_OPENFLAG_DATATX_UDP		0x00000002
730 
731 /*
732  * Specifies wheether the remote probe will capture its own generated
733  * traffic.
734  *
735  * In case the remote probe uses the same interface to capture traffic
736  * and to send data back to the caller, the captured traffic includes
737  * the RPCAP traffic as well.  If this flag is turned on, the RPCAP
738  * traffic is excluded from the capture, so that the trace returned
739  * back to the collector is does not include this traffic.
740  *
741  * Has no effect on local interfaces or savefiles.
742  */
743 #define PCAP_OPENFLAG_NOCAPTURE_RPCAP		0x00000004
744 
745 /*
746  * Specifies whether the local adapter will capture its own generated traffic.
747  *
748  * This flag tells the underlying capture driver to drop the packets
749  * that were sent by itself.  This is useful when building applications
750  * such as bridges that should ignore the traffic they just sent.
751  *
752  * Supported only on Windows.
753  */
754 #define PCAP_OPENFLAG_NOCAPTURE_LOCAL		0x00000008
755 
756 /*
757  * This flag configures the adapter for maximum responsiveness.
758  *
759  * In presence of a large value for nbytes, WinPcap waits for the arrival
760  * of several packets before copying the data to the user. This guarantees
761  * a low number of system calls, i.e. lower processor usage, i.e. better
762  * performance, which is good for applications like sniffers. If the user
763  * sets the PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will
764  * copy the packets as soon as the application is ready to receive them.
765  * This is suggested for real time applications (such as, for example,
766  * a bridge) that need the best responsiveness.
767  *
768  * The equivalent with pcap_create()/pcap_activate() is "immediate mode".
769  */
770 #define PCAP_OPENFLAG_MAX_RESPONSIVENESS	0x00000010
771 
772 /*
773  * Remote authentication methods.
774  * These are used in the 'type' member of the pcap_rmtauth structure.
775  */
776 
777 /*
778  * NULL authentication.
779  *
780  * The 'NULL' authentication has to be equal to 'zero', so that old
781  * applications can just put every field of struct pcap_rmtauth to zero,
782  * and it does work.
783  */
784 #define RPCAP_RMTAUTH_NULL 0
785 /*
786  * Username/password authentication.
787  *
788  * With this type of authentication, the RPCAP protocol will use the username/
789  * password provided to authenticate the user on the remote machine. If the
790  * authentication is successful (and the user has the right to open network
791  * devices) the RPCAP connection will continue; otherwise it will be dropped.
792  *
793  * *******NOTE********: the username and password are sent over the network
794  * to the capture server *IN CLEAR TEXT*.  Don't use this on a network
795  * that you don't completely control!  (And be *really* careful in your
796  * definition of "completely"!)
797  */
798 #define RPCAP_RMTAUTH_PWD 1
799 
800 /*
801  * This structure keeps the information needed to autheticate the user
802  * on a remote machine.
803  *
804  * The remote machine can either grant or refuse the access according
805  * to the information provided.
806  * In case the NULL authentication is required, both 'username' and
807  * 'password' can be NULL pointers.
808  *
809  * This structure is meaningless if the source is not a remote interface;
810  * in that case, the functions which requires such a structure can accept
811  * a NULL pointer as well.
812  */
813 struct pcap_rmtauth
814 {
815 	/*
816 	 * \brief Type of the authentication required.
817 	 *
818 	 * In order to provide maximum flexibility, we can support different types
819 	 * of authentication based on the value of this 'type' variable. The currently
820 	 * supported authentication methods are defined into the
821 	 * \link remote_auth_methods Remote Authentication Methods Section\endlink.
822 	 */
823 	int type;
824 	/*
825 	 * \brief Zero-terminated string containing the username that has to be
826 	 * used on the remote machine for authentication.
827 	 *
828 	 * This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication
829 	 * and it can be NULL.
830 	 */
831 	char *username;
832 	/*
833 	 * \brief Zero-terminated string containing the password that has to be
834 	 * used on the remote machine for authentication.
835 	 *
836 	 * This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication
837 	 * and it can be NULL.
838 	 */
839 	char *password;
840 };
841 
842 /*
843  * This routine can open a savefile, a local device, or a device on
844  * a remote machine running an RPCAP server.
845  *
846  * For opening a savefile, the pcap_open_offline routines can be used,
847  * and will work just as well; code using them will work on more
848  * platforms than code using pcap_open() to open savefiles.
849  *
850  * For opening a local device, pcap_open_live() can be used; it supports
851  * most of the capabilities that pcap_open() supports, and code using it
852  * will work on more platforms than code using pcap_open().  pcap_create()
853  * and pcap_activate() can also be used; they support all capabilities
854  * that pcap_open() supports, except for the Windows-only
855  * PCAP_OPENFLAG_NOCAPTURE_LOCAL, and support additional capabilities.
856  *
857  * For opening a remote capture, pcap_open() is currently the only
858  * API available.
859  */
860 PCAP_API pcap_t	*pcap_open(const char *source, int snaplen, int flags,
861 	    int read_timeout, struct pcap_rmtauth *auth, char *errbuf);
862 PCAP_API int	pcap_createsrcstr(char *source, int type, const char *host,
863 	    const char *port, const char *name, char *errbuf);
864 PCAP_API int	pcap_parsesrcstr(const char *source, int *type, char *host,
865 	    char *port, char *name, char *errbuf);
866 
867 /*
868  * This routine can scan a directory for savefiles, list local capture
869  * devices, or list capture devices on a remote machine running an RPCAP
870  * server.
871  *
872  * For scanning for savefiles, it can be used on both UN*X systems and
873  * Windows systems; for each directory entry it sees, it tries to open
874  * the file as a savefile using pcap_open_offline(), and only includes
875  * it in the list of files if the open succeeds, so it filters out
876  * files for which the user doesn't have read permission, as well as
877  * files that aren't valid savefiles readable by libpcap.
878  *
879  * For listing local capture devices, it's just a wrapper around
880  * pcap_findalldevs(); code using pcap_findalldevs() will work on more
881  * platforms than code using pcap_findalldevs_ex().
882  *
883  * For listing remote capture devices, pcap_findalldevs_ex() is currently
884  * the only API available.
885  */
886 PCAP_API int	pcap_findalldevs_ex(const char *source,
887 	    struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf);
888 
889 /*
890  * Sampling methods.
891  *
892  * These allow pcap_loop(), pcap_dispatch(), pcap_next(), and pcap_next_ex()
893  * to see only a sample of packets, rather than all packets.
894  *
895  * Currently, they work only on Windows local captures.
896  */
897 
898 /*
899  * Specifies that no sampling is to be done on the current capture.
900  *
901  * In this case, no sampling algorithms are applied to the current capture.
902  */
903 #define PCAP_SAMP_NOSAMP	0
904 
905 /*
906  * Specifies that only 1 out of N packets must be returned to the user.
907  *
908  * In this case, the 'value' field of the 'pcap_samp' structure indicates the
909  * number of packets (minus 1) that must be discarded before one packet got
910  * accepted.
911  * In other words, if 'value = 10', the first packet is returned to the
912  * caller, while the following 9 are discarded.
913  */
914 #define PCAP_SAMP_1_EVERY_N	1
915 
916 /*
917  * Specifies that we have to return 1 packet every N milliseconds.
918  *
919  * In this case, the 'value' field of the 'pcap_samp' structure indicates
920  * the 'waiting time' in milliseconds before one packet got accepted.
921  * In other words, if 'value = 10', the first packet is returned to the
922  * caller; the next returned one will be the first packet that arrives
923  * when 10ms have elapsed.
924  */
925 #define PCAP_SAMP_FIRST_AFTER_N_MS 2
926 
927 /*
928  * This structure defines the information related to sampling.
929  *
930  * In case the sampling is requested, the capturing device should read
931  * only a subset of the packets coming from the source. The returned packets
932  * depend on the sampling parameters.
933  *
934  * WARNING: The sampling process is applied *after* the filtering process.
935  * In other words, packets are filtered first, then the sampling process
936  * selects a subset of the 'filtered' packets and it returns them to the
937  * caller.
938  */
939 struct pcap_samp
940 {
941 	/*
942 	 * Method used for sampling; see above.
943 	 */
944 	int method;
945 
946 	/*
947 	 * This value depends on the sampling method defined.
948 	 * For its meaning, see above.
949 	 */
950 	int value;
951 };
952 
953 /*
954  * New functions.
955  */
956 PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p);
957 
958 /*
959  * RPCAP active mode.
960  */
961 
962 /* Maximum length of an host name (needed for the RPCAP active mode) */
963 #define RPCAP_HOSTLIST_SIZE 1024
964 
965 PCAP_API SOCKET	pcap_remoteact_accept(const char *address, const char *port,
966 	    const char *hostlist, char *connectinghost,
967 	    struct pcap_rmtauth *auth, char *errbuf);
968 PCAP_API int	pcap_remoteact_list(char *hostlist, char sep, int size,
969 	    char *errbuf);
970 PCAP_API int	pcap_remoteact_close(const char *host, char *errbuf);
971 PCAP_API void	pcap_remoteact_cleanup(void);
972 #endif	/* Remote capture is disabled on FreeBSD */
973 
974 #ifdef __cplusplus
975 }
976 #endif
977 
978 #endif /* lib_pcap_pcap_h */
979