/*
* Copyright ( c ) 1999 - 2005 NetGroup , Politecnico di Torino ( Italy )
* Copyright ( c ) 2005 - 2007 CACE Technologies , Davis ( California )
* All rights reserved .
*
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions
* are met :
*
* 1. Redistributions of source code must retain the above copyright
* notice , this list of conditions and the following disclaimer .
* 2. Redistributions in binary form must reproduce the above copyright
* notice , this list of conditions and the following disclaimer in the
* documentation and / or other materials provided with the distribution .
* 3. Neither the name of the Politecnico di Torino , CACE Technologies
* nor the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission .
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* " AS IS " AND ANY EXPRESS OR IMPLIED WARRANTIES , INCLUDING , BUT NOT
* LIMITED TO , THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED . IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT , INDIRECT , INCIDENTAL ,
* SPECIAL , EXEMPLARY , OR CONSEQUENTIAL DAMAGES ( INCLUDING , BUT NOT
* LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES ; LOSS OF USE ,
* DATA , OR PROFITS ; OR BUSINESS INTERRUPTION ) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY , WHETHER IN CONTRACT , STRICT LIABILITY , OR TORT
* ( INCLUDING NEGLIGENCE OR OTHERWISE ) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE , EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE .
*
*/
/** @ingroup packetapi
* @ {
*/
/** @defgroup packet32h Packet.dll definitions and data structures
* Packet32 . h contains the data structures and the definitions used by packet . dll .
* The file is used both by the Win9x and the WinNTx versions of packet . dll , and can be included
* by the applications that use the functions of this library
* @ {
*/
# ifndef __PACKET32
# define __PACKET32
# include <winsock2.h>
# ifdef HAVE_AIRPCAP_API
# include <airpcap.h>
# else
# if !defined( AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ )
# define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_
typedef struct _AirpcapHandle * PAirpcapHandle ;
# endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */
# endif /* HAVE_AIRPCAP_API */
# ifdef HAVE_DAG_API
# include <dagc.h>
# endif /* HAVE_DAG_API */
/* Working modes */
# define PACKET_MODE_CAPT 0x0 /*/< Capture mode */
# define PACKET_MODE_STAT 0x1 /*/< Statistical mode */
# define PACKET_MODE_MON 0x2 /*/< Monitoring mode */
# define PACKET_MODE_DUMP 0x10 /*/< Dump mode */
# define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT /*/< Statistical dump Mode */
/*/ Alignment macro. Defines the alignment size. */
# define Packet_ALIGNMENT sizeof( int )
/*/ Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. */
# define Packet_WORDALIGN( x ) ( ( ( x ) + ( Packet_ALIGNMENT - 1 ) ) & ~( Packet_ALIGNMENT - 1 ) )
# define NdisMediumNull -1 /*/< Custom linktype: NDIS doesn't provide an equivalent */
# define NdisMediumCHDLC -2 /*/< Custom linktype: NDIS doesn't provide an equivalent */
# define NdisMediumPPPSerial -3 /*/< Custom linktype: NDIS doesn't provide an equivalent */
# define NdisMediumBare80211 -4 /*/< Custom linktype: NDIS doesn't provide an equivalent */
# define NdisMediumRadio80211 -5 /*/< Custom linktype: NDIS doesn't provide an equivalent */
# define NdisMediumPpi -6 /*/< Custom linktype: NDIS doesn't provide an equivalent */
/* Loopback behaviour definitions */
# define NPF_DISABLE_LOOPBACK 1 /*/< Drop the packets sent by the NPF driver */
# define NPF_ENABLE_LOOPBACK 2 /*/< Capture the packets sent by the NPF driver */
/*!
* \ brief Network type structure .
*
* This structure is used by the PacketGetNetType ( ) function to return information on the current adapter ' s type and speed .
*/
typedef struct NetType
{
UINT LinkType ; /*/< The MAC of the current network adapter (see function PacketGetNetType() for more information) */
ULONGLONG LinkSpeed ; /*/< The speed of the network in bits per second */
} NetType ;
/*some definitions stolen from libpcap */
# ifndef BPF_MAJOR_VERSION
/*!
* \ brief A BPF pseudo - assembly program .
*
* The program will be injected in the kernel by the PacketSetBPF ( ) function and applied to every incoming packet .
*/
struct bpf_program
{
UINT bf_len ; /*/< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. */
struct bpf_insn * bf_insns ; /*/< A pointer to the first instruction of the program. */
} ;
/*!
* \ brief A single BPF pseudo - instruction .
*
* bpf_insn contains a single instruction for the BPF register - machine . It is used to send a filter program to the driver .
*/
struct bpf_insn
{
USHORT code ; /*/< Instruction type and addressing mode. */
UCHAR jt ; /*/< Jump if true */
UCHAR jf ; /*/< Jump if false */
int k ; /*/< Generic field used for various purposes. */
} ;
/*!
* \ brief Structure that contains a couple of statistics values on the current capture .
*
* It is used by packet . dll to return statistics about a capture session .
*/
struct bpf_stat
{
UINT bs_recv ; /*/< Number of packets that the driver received from the network adapter */
/*/< from the beginning of the current capture. This value includes the packets */
/*/< lost by the driver. */
UINT bs_drop ; /*/< number of packets that the driver lost from the beginning of a capture. */
/*/< Basically, a packet is lost when the the buffer of the driver is full. */
/*/< In this situation the packet cannot be stored and the driver rejects it. */
UINT ps_ifdrop ; /*/< drops by interface. XXX not yet supported */
UINT bs_capt ; /*/< number of packets that pass the filter, find place in the kernel buffer and */
/*/< thus reach the application. */
} ;
/*!
* \ brief Packet header .
*
* This structure defines the header associated with every packet delivered to the application .
*/
struct bpf_hdr
{
struct timeval bh_tstamp ; /*/< The timestamp associated with the captured packet. */
/*/< It is stored in a TimeVal structure. */
UINT bh_caplen ; /*/< Length of captured portion. The captured portion <b>can be different</b> */
/*/< from the original packet, because it is possible (with a proper filter) */
/*/< to instruct the driver to capture only a portion of the packets. */
UINT bh_datalen ; /*/< Original length of packet */
USHORT bh_hdrlen ; /*/< Length of bpf header (this struct plus alignment padding). In some cases, */
/*/< a padding could be added between the end of this structure and the packet */
/*/< data for performance reasons. This filed can be used to retrieve the actual data */
/*/< of the packet. */
} ;
/*!
* \ brief Dump packet header .
*
* This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets ( ) .
* It is simpler than the bpf_hdr , because it corresponds to the header associated by WinPcap and libpcap to a
* packet in a dump file . This makes straightforward sending WinPcap dump files to the network .
*/
struct dump_bpf_hdr
{
struct timeval ts ; /*/< Time stamp of the packet */
UINT caplen ; /*/< Length of captured portion. The captured portion can smaller than the */
/*/< the original packet, because it is possible (with a proper filter) to */
/*/< instruct the driver to capture only a portion of the packets. */
UINT len ; /*/< Length of the original packet (off wire). */
} ;
# endif /* ifndef BPF_MAJOR_VERSION */
struct bpf_stat ;
# define DOSNAMEPREFIX TEXT( "Packet_" ) /*/< Prefix added to the adapters device names to create the WinPcap devices */
# define MAX_LINK_NAME_LENGTH 64 /*< Maximum length of the devices symbolic links */
# define NMAX_PACKET 65535
/*!
* \ brief Addresses of a network adapter .
*
* This structure is used by the PacketGetNetInfoEx ( ) function to return the IP addresses associated with
* an adapter .
*/
typedef struct npf_if_addr
{
struct sockaddr_storage IPAddress ; /*/< IP address. */
struct sockaddr_storage SubnetMask ; /*/< Netmask for that address. */
struct sockaddr_storage Broadcast ; /*/< Broadcast address. */
} npf_if_addr ;
# define ADAPTER_NAME_LENGTH 256 + 12 /*/< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. */
# define ADAPTER_DESC_LENGTH 128 /*/< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. */
# define MAX_MAC_ADDR_LENGTH 8 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */
# define MAX_NETWORK_ADDRESSES 16 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */
typedef struct WAN_ADAPTER_INT WAN_ADAPTER ; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */
typedef WAN_ADAPTER * PWAN_ADAPTER ; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */
# define INFO_FLAG_NDIS_ADAPTER 0 /*/< Flag for ADAPTER_INFO: this is a traditional ndis adapter */
# define INFO_FLAG_NDISWAN_ADAPTER 1 /*/< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET */
# define INFO_FLAG_DAG_CARD 2 /*/< Flag for ADAPTER_INFO: this is a DAG card */
# define INFO_FLAG_DAG_FILE 6 /*/< Flag for ADAPTER_INFO: this is a DAG file */
# define INFO_FLAG_DONT_EXPORT 8 /*/< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. */
# define INFO_FLAG_AIRPCAP_CARD 16 /*/< Flag for ADAPTER_INFO: this is an airpcap card */
# define INFO_FLAG_NPFIM_DEVICE 32
/*!
* \ brief Describes an opened network adapter .
*
* This structure is the most important for the functioning of packet . dll , but the great part of its fields
* should be ignored by the user , since the library offers functions that avoid to cope with low - level parameters
*/
typedef struct _ADAPTER
{
HANDLE hFile ; /*/< \internal Handle to an open instance of the NPF driver. */
CHAR SymbolicLink [ MAX_LINK_NAME_LENGTH ] ; /*/< \internal A string containing the name of the network adapter currently opened. */
int NumWrites ; /*/< \internal Number of times a packets written on this adapter will be repeated */
/*/< on the wire. */
HANDLE ReadEvent ; /*/< A notification event associated with the read calls on the adapter. */
/*/< It can be passed to standard Win32 functions (like WaitForSingleObject */
/*/< or WaitForMultipleObjects) to wait until the driver's buffer contains some */
/*/< data. It is particularly useful in GUI applications that need to wait */
/*/< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() */
/*/< function can be used to define the minimum amount of data in the kernel buffer */
/*/< that will cause the event to be signalled. */
UINT ReadTimeOut ; /*/< \internal The amount of time after which a read on the driver will be released and */
/*/< ReadEvent will be signaled, also if no packets were captured */
CHAR Name [ ADAPTER_NAME_LENGTH ] ;
PWAN_ADAPTER pWanAdapter ;
UINT Flags ; /*/< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. */
# ifdef HAVE_AIRPCAP_API
PAirpcapHandle AirpcapAd ;
# endif // HAVE_AIRPCAP_API
# ifdef HAVE_NPFIM_API
void * NpfImHandle ;
# endif // HAVE_NPFIM_API
# ifdef HAVE_DAG_API
dagc_t * pDagCard ; /*/< Pointer to the dagc API adapter descriptor for this adapter */
PCHAR DagBuffer ; /*/< Pointer to the buffer with the packets that is received from the DAG card */
struct timeval DagReadTimeout ; /*/< Read timeout. The dagc API requires a timeval structure */
unsigned DagFcsLen ; /*/< Length of the frame check sequence attached to any packet by the card. Obtained from the registry */
DWORD DagFastProcess ; /*/< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). */
# endif // HAVE_DAG_API
} ADAPTER , * LPADAPTER ;
/*!
* \ brief Structure that contains a group of packets coming from the driver .
*
* This structure defines the header associated with every packet delivered to the application .
*/
typedef struct _PACKET
{
HANDLE hEvent ; /*/< \deprecated Still present for compatibility with old applications. */
OVERLAPPED OverLapped ; /*/< \deprecated Still present for compatibility with old applications. */
PVOID Buffer ; /*/< Buffer with containing the packets. See the PacketReceivePacket() for */
/*/< details about the organization of the data in this buffer */
UINT Length ; /*/< Length of the buffer */
DWORD ulBytesReceived ; /*/< Number of valid bytes present in the buffer, i.e. amount of data */
/*/< received by the last call to PacketReceivePacket() */
BOOLEAN bIoComplete ; /*/< \deprecated Still present for compatibility with old applications. */
} PACKET , * LPPACKET ;
/*!
* \ brief Structure containing an OID request .
*
* It is used by the PacketRequest ( ) function to send an OID to the interface card driver .
* It can be used , for example , to retrieve the status of the error counters on the adapter , its MAC address ,
* the list of the multicast groups defined on it , and so on .
*/
struct _PACKET_OID_DATA
{
ULONG Oid ; /*/< OID code. See the Microsoft DDK documentation or the file ntddndis.h */
/*/< for a complete list of valid codes. */
ULONG Length ; /*/< Length of the data field */
UCHAR Data [ 1 ] ; /*/< variable-length field that contains the information passed to or received */
/*/< from the adapter. */
} ;
typedef struct _PACKET_OID_DATA PACKET_OID_DATA , * PPACKET_OID_DATA ;
# ifdef __cplusplus
extern " C " {
# endif
/**
* @ }
*/
/*
* BOOLEAN QueryWinPcapRegistryStringA ( CHAR * SubKeyName ,
* CHAR * Value ,
* UINT * pValueLen ,
* CHAR * DefaultVal ) ;
*
* BOOLEAN QueryWinPcapRegistryStringW ( WCHAR * SubKeyName ,
* WCHAR * Value ,
* UINT * pValueLen ,
* WCHAR * DefaultVal ) ;
*/
/*--------------------------------------------------------------------------- */
/* EXPORTED FUNCTIONS */
/*--------------------------------------------------------------------------- */
PCHAR PacketGetVersion ( ) ;
PCHAR PacketGetDriverVersion ( ) ;
BOOLEAN PacketSetMinToCopy ( LPADAPTER AdapterObject ,
int nbytes ) ;
BOOLEAN PacketSetNumWrites ( LPADAPTER AdapterObject ,
int nwrites ) ;
BOOLEAN PacketSetMode ( LPADAPTER AdapterObject ,
int mode ) ;
BOOLEAN PacketSetReadTimeout ( LPADAPTER AdapterObject ,
int timeout ) ;
BOOLEAN PacketSetBpf ( LPADAPTER AdapterObject ,
struct bpf_program * fp ) ;
BOOLEAN PacketSetLoopbackBehavior ( LPADAPTER AdapterObject ,
UINT LoopbackBehavior ) ;
INT PacketSetSnapLen ( LPADAPTER AdapterObject ,
int snaplen ) ;
BOOLEAN PacketGetStats ( LPADAPTER AdapterObject ,
struct bpf_stat * s ) ;
BOOLEAN PacketGetStatsEx ( LPADAPTER AdapterObject ,
struct bpf_stat * s ) ;
BOOLEAN PacketSetBuff ( LPADAPTER AdapterObject ,
int dim ) ;
BOOLEAN PacketGetNetType ( LPADAPTER AdapterObject ,
NetType * type ) ;
LPADAPTER PacketOpenAdapter ( PCHAR AdapterName ) ;
BOOLEAN PacketSendPacket ( LPADAPTER AdapterObject ,
LPPACKET pPacket ,
BOOLEAN Sync ) ;
INT PacketSendPackets ( LPADAPTER AdapterObject ,
PVOID PacketBuff ,
ULONG Size ,
BOOLEAN Sync ) ;
LPPACKET PacketAllocatePacket ( void ) ;
VOID PacketInitPacket ( LPPACKET lpPacket ,
PVOID Buffer ,
UINT Length ) ;
VOID PacketFreePacket ( LPPACKET lpPacket ) ;
BOOLEAN PacketReceivePacket ( LPADAPTER AdapterObject ,
LPPACKET lpPacket ,
BOOLEAN Sync ) ;
BOOLEAN PacketSetHwFilter ( LPADAPTER AdapterObject ,
ULONG Filter ) ;
BOOLEAN PacketGetAdapterNames ( PTSTR pStr ,
PULONG BufferSize ) ;
BOOLEAN PacketGetNetInfoEx ( PCHAR AdapterName ,
npf_if_addr * buffer ,
PLONG NEntries ) ;
BOOLEAN PacketRequest ( LPADAPTER AdapterObject ,
BOOLEAN Set ,
PPACKET_OID_DATA OidData ) ;
HANDLE PacketGetReadEvent ( LPADAPTER AdapterObject ) ;
BOOLEAN PacketSetDumpName ( LPADAPTER AdapterObject ,
void * name ,
int len ) ;
BOOLEAN PacketSetDumpLimits ( LPADAPTER AdapterObject ,
UINT maxfilesize ,
UINT maxnpacks ) ;
BOOLEAN PacketIsDumpEnded ( LPADAPTER AdapterObject ,
BOOLEAN sync ) ;
BOOL PacketStopDriver ( ) ;
VOID PacketCloseAdapter ( LPADAPTER lpAdapter ) ;
BOOLEAN PacketStartOem ( PCHAR errorString ,
UINT errorStringLength ) ;
BOOLEAN PacketStartOemEx ( PCHAR errorString ,
UINT errorStringLength ,
ULONG flags ) ;
PAirpcapHandle PacketGetAirPcapHandle ( LPADAPTER AdapterObject ) ;
/* */
/* Used by PacketStartOemEx */
/* */
# define PACKET_START_OEM_NO_NETMON 0x00000001
# ifdef __cplusplus
}
# endif
# endif //__PACKET32
