/* * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the Politecnico di Torino, CACE Technologies * nor the names of its contributors may be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ /** @ingroup packetapi * @{ */ /** @defgroup packet32h Packet.dll definitions and data structures * Packet32.h contains the data structures and the definitions used by packet.dll. * The file is used both by the Win9x and the WinNTx versions of packet.dll, and can be included * by the applications that use the functions of this library * @{ */ #ifndef __PACKET32 #define __PACKET32 #include #ifdef HAVE_AIRPCAP_API #include #else #if !defined( AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ ) #define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ typedef struct _AirpcapHandle * PAirpcapHandle; #endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */ #endif /* HAVE_AIRPCAP_API */ #ifdef HAVE_DAG_API #include #endif /* HAVE_DAG_API */ /* Working modes */ #define PACKET_MODE_CAPT 0x0 /*/< Capture mode */ #define PACKET_MODE_STAT 0x1 /*/< Statistical mode */ #define PACKET_MODE_MON 0x2 /*/< Monitoring mode */ #define PACKET_MODE_DUMP 0x10 /*/< Dump mode */ #define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT /*/< Statistical dump Mode */ /*/ Alignment macro. Defines the alignment size. */ #define Packet_ALIGNMENT sizeof( int ) /*/ Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. */ #define Packet_WORDALIGN( x ) ( ( ( x ) + ( Packet_ALIGNMENT - 1 ) ) & ~( Packet_ALIGNMENT - 1 ) ) #define NdisMediumNull -1 /*/< Custom linktype: NDIS doesn't provide an equivalent */ #define NdisMediumCHDLC -2 /*/< Custom linktype: NDIS doesn't provide an equivalent */ #define NdisMediumPPPSerial -3 /*/< Custom linktype: NDIS doesn't provide an equivalent */ #define NdisMediumBare80211 -4 /*/< Custom linktype: NDIS doesn't provide an equivalent */ #define NdisMediumRadio80211 -5 /*/< Custom linktype: NDIS doesn't provide an equivalent */ #define NdisMediumPpi -6 /*/< Custom linktype: NDIS doesn't provide an equivalent */ /* Loopback behaviour definitions */ #define NPF_DISABLE_LOOPBACK 1 /*/< Drop the packets sent by the NPF driver */ #define NPF_ENABLE_LOOPBACK 2 /*/< Capture the packets sent by the NPF driver */ /*! * \brief Network type structure. * * This structure is used by the PacketGetNetType() function to return information on the current adapter's type and speed. */ typedef struct NetType { UINT LinkType; /*/< The MAC of the current network adapter (see function PacketGetNetType() for more information) */ ULONGLONG LinkSpeed; /*/< The speed of the network in bits per second */ } NetType; /*some definitions stolen from libpcap */ #ifndef BPF_MAJOR_VERSION /*! * \brief A BPF pseudo-assembly program. * * The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet. */ struct bpf_program { UINT bf_len; /*/< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. */ struct bpf_insn * bf_insns; /*/< A pointer to the first instruction of the program. */ }; /*! * \brief A single BPF pseudo-instruction. * * bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver. */ struct bpf_insn { USHORT code; /*/< Instruction type and addressing mode. */ UCHAR jt; /*/< Jump if true */ UCHAR jf; /*/< Jump if false */ int k; /*/< Generic field used for various purposes. */ }; /*! * \brief Structure that contains a couple of statistics values on the current capture. * * It is used by packet.dll to return statistics about a capture session. */ struct bpf_stat { UINT bs_recv; /*/< Number of packets that the driver received from the network adapter */ /*/< from the beginning of the current capture. This value includes the packets */ /*/< lost by the driver. */ UINT bs_drop; /*/< number of packets that the driver lost from the beginning of a capture. */ /*/< Basically, a packet is lost when the the buffer of the driver is full. */ /*/< In this situation the packet cannot be stored and the driver rejects it. */ UINT ps_ifdrop; /*/< drops by interface. XXX not yet supported */ UINT bs_capt; /*/< number of packets that pass the filter, find place in the kernel buffer and */ /*/< thus reach the application. */ }; /*! * \brief Packet header. * * This structure defines the header associated with every packet delivered to the application. */ struct bpf_hdr { struct timeval bh_tstamp; /*/< The timestamp associated with the captured packet. */ /*/< It is stored in a TimeVal structure. */ UINT bh_caplen; /*/< Length of captured portion. The captured portion can be different */ /*/< from the original packet, because it is possible (with a proper filter) */ /*/< to instruct the driver to capture only a portion of the packets. */ UINT bh_datalen; /*/< Original length of packet */ USHORT bh_hdrlen; /*/< Length of bpf header (this struct plus alignment padding). In some cases, */ /*/< a padding could be added between the end of this structure and the packet */ /*/< data for performance reasons. This filed can be used to retrieve the actual data */ /*/< of the packet. */ }; /*! * \brief Dump packet header. * * This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets(). * It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a * packet in a dump file. This makes straightforward sending WinPcap dump files to the network. */ struct dump_bpf_hdr { struct timeval ts; /*/< Time stamp of the packet */ UINT caplen; /*/< Length of captured portion. The captured portion can smaller than the */ /*/< the original packet, because it is possible (with a proper filter) to */ /*/< instruct the driver to capture only a portion of the packets. */ UINT len; /*/< Length of the original packet (off wire). */ }; #endif /* ifndef BPF_MAJOR_VERSION */ struct bpf_stat; #define DOSNAMEPREFIX TEXT( "Packet_" ) /*/< Prefix added to the adapters device names to create the WinPcap devices */ #define MAX_LINK_NAME_LENGTH 64 /*< Maximum length of the devices symbolic links */ #define NMAX_PACKET 65535 /*! * \brief Addresses of a network adapter. * * This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with * an adapter. */ typedef struct npf_if_addr { struct sockaddr_storage IPAddress; /*/< IP address. */ struct sockaddr_storage SubnetMask; /*/< Netmask for that address. */ struct sockaddr_storage Broadcast; /*/< Broadcast address. */ } npf_if_addr; #define ADAPTER_NAME_LENGTH 256 + 12 /*/< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. */ #define ADAPTER_DESC_LENGTH 128 /*/< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. */ #define MAX_MAC_ADDR_LENGTH 8 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */ #define MAX_NETWORK_ADDRESSES 16 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */ typedef struct WAN_ADAPTER_INT WAN_ADAPTER; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */ typedef WAN_ADAPTER * PWAN_ADAPTER; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */ #define INFO_FLAG_NDIS_ADAPTER 0 /*/< Flag for ADAPTER_INFO: this is a traditional ndis adapter */ #define INFO_FLAG_NDISWAN_ADAPTER 1 /*/< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET */ #define INFO_FLAG_DAG_CARD 2 /*/< Flag for ADAPTER_INFO: this is a DAG card */ #define INFO_FLAG_DAG_FILE 6 /*/< Flag for ADAPTER_INFO: this is a DAG file */ #define INFO_FLAG_DONT_EXPORT 8 /*/< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. */ #define INFO_FLAG_AIRPCAP_CARD 16 /*/< Flag for ADAPTER_INFO: this is an airpcap card */ #define INFO_FLAG_NPFIM_DEVICE 32 /*! * \brief Describes an opened network adapter. * * This structure is the most important for the functioning of packet.dll, but the great part of its fields * should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters */ typedef struct _ADAPTER { HANDLE hFile; /*/< \internal Handle to an open instance of the NPF driver. */ CHAR SymbolicLink[ MAX_LINK_NAME_LENGTH ]; /*/< \internal A string containing the name of the network adapter currently opened. */ int NumWrites; /*/< \internal Number of times a packets written on this adapter will be repeated */ /*/< on the wire. */ HANDLE ReadEvent; /*/< A notification event associated with the read calls on the adapter. */ /*/< It can be passed to standard Win32 functions (like WaitForSingleObject */ /*/< or WaitForMultipleObjects) to wait until the driver's buffer contains some */ /*/< data. It is particularly useful in GUI applications that need to wait */ /*/< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() */ /*/< function can be used to define the minimum amount of data in the kernel buffer */ /*/< that will cause the event to be signalled. */ UINT ReadTimeOut; /*/< \internal The amount of time after which a read on the driver will be released and */ /*/< ReadEvent will be signaled, also if no packets were captured */ CHAR Name[ ADAPTER_NAME_LENGTH ]; PWAN_ADAPTER pWanAdapter; UINT Flags; /*/< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. */ #ifdef HAVE_AIRPCAP_API PAirpcapHandle AirpcapAd; #endif // HAVE_AIRPCAP_API #ifdef HAVE_NPFIM_API void * NpfImHandle; #endif // HAVE_NPFIM_API #ifdef HAVE_DAG_API dagc_t * pDagCard; /*/< Pointer to the dagc API adapter descriptor for this adapter */ PCHAR DagBuffer; /*/< Pointer to the buffer with the packets that is received from the DAG card */ struct timeval DagReadTimeout; /*/< Read timeout. The dagc API requires a timeval structure */ unsigned DagFcsLen; /*/< Length of the frame check sequence attached to any packet by the card. Obtained from the registry */ DWORD DagFastProcess; /*/< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). */ #endif // HAVE_DAG_API } ADAPTER, * LPADAPTER; /*! * \brief Structure that contains a group of packets coming from the driver. * * This structure defines the header associated with every packet delivered to the application. */ typedef struct _PACKET { HANDLE hEvent; /*/< \deprecated Still present for compatibility with old applications. */ OVERLAPPED OverLapped; /*/< \deprecated Still present for compatibility with old applications. */ PVOID Buffer; /*/< Buffer with containing the packets. See the PacketReceivePacket() for */ /*/< details about the organization of the data in this buffer */ UINT Length; /*/< Length of the buffer */ DWORD ulBytesReceived; /*/< Number of valid bytes present in the buffer, i.e. amount of data */ /*/< received by the last call to PacketReceivePacket() */ BOOLEAN bIoComplete; /*/< \deprecated Still present for compatibility with old applications. */ } PACKET, * LPPACKET; /*! * \brief Structure containing an OID request. * * It is used by the PacketRequest() function to send an OID to the interface card driver. * It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address, * the list of the multicast groups defined on it, and so on. */ struct _PACKET_OID_DATA { ULONG Oid; /*/< OID code. See the Microsoft DDK documentation or the file ntddndis.h */ /*/< for a complete list of valid codes. */ ULONG Length; /*/< Length of the data field */ UCHAR Data[ 1 ]; /*/< variable-lenght field that contains the information passed to or received */ /*/< from the adapter. */ }; typedef struct _PACKET_OID_DATA PACKET_OID_DATA, * PPACKET_OID_DATA; #ifdef __cplusplus extern "C" { #endif /** * @} */ /* * BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName, * CHAR *Value, * UINT *pValueLen, * CHAR *DefaultVal); * * BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName, * WCHAR *Value, * UINT *pValueLen, * WCHAR *DefaultVal); */ /*--------------------------------------------------------------------------- */ /* EXPORTED FUNCTIONS */ /*--------------------------------------------------------------------------- */ PCHAR PacketGetVersion(); PCHAR PacketGetDriverVersion(); BOOLEAN PacketSetMinToCopy( LPADAPTER AdapterObject, int nbytes ); BOOLEAN PacketSetNumWrites( LPADAPTER AdapterObject, int nwrites ); BOOLEAN PacketSetMode( LPADAPTER AdapterObject, int mode ); BOOLEAN PacketSetReadTimeout( LPADAPTER AdapterObject, int timeout ); BOOLEAN PacketSetBpf( LPADAPTER AdapterObject, struct bpf_program * fp ); BOOLEAN PacketSetLoopbackBehavior( LPADAPTER AdapterObject, UINT LoopbackBehavior ); INT PacketSetSnapLen( LPADAPTER AdapterObject, int snaplen ); BOOLEAN PacketGetStats( LPADAPTER AdapterObject, struct bpf_stat * s ); BOOLEAN PacketGetStatsEx( LPADAPTER AdapterObject, struct bpf_stat * s ); BOOLEAN PacketSetBuff( LPADAPTER AdapterObject, int dim ); BOOLEAN PacketGetNetType( LPADAPTER AdapterObject, NetType * type ); LPADAPTER PacketOpenAdapter( PCHAR AdapterName ); BOOLEAN PacketSendPacket( LPADAPTER AdapterObject, LPPACKET pPacket, BOOLEAN Sync ); INT PacketSendPackets( LPADAPTER AdapterObject, PVOID PacketBuff, ULONG Size, BOOLEAN Sync ); LPPACKET PacketAllocatePacket( void ); VOID PacketInitPacket( LPPACKET lpPacket, PVOID Buffer, UINT Length ); VOID PacketFreePacket( LPPACKET lpPacket ); BOOLEAN PacketReceivePacket( LPADAPTER AdapterObject, LPPACKET lpPacket, BOOLEAN Sync ); BOOLEAN PacketSetHwFilter( LPADAPTER AdapterObject, ULONG Filter ); BOOLEAN PacketGetAdapterNames( PTSTR pStr, PULONG BufferSize ); BOOLEAN PacketGetNetInfoEx( PCHAR AdapterName, npf_if_addr * buffer, PLONG NEntries ); BOOLEAN PacketRequest( LPADAPTER AdapterObject, BOOLEAN Set, PPACKET_OID_DATA OidData ); HANDLE PacketGetReadEvent( LPADAPTER AdapterObject ); BOOLEAN PacketSetDumpName( LPADAPTER AdapterObject, void * name, int len ); BOOLEAN PacketSetDumpLimits( LPADAPTER AdapterObject, UINT maxfilesize, UINT maxnpacks ); BOOLEAN PacketIsDumpEnded( LPADAPTER AdapterObject, BOOLEAN sync ); BOOL PacketStopDriver(); VOID PacketCloseAdapter( LPADAPTER lpAdapter ); BOOLEAN PacketStartOem( PCHAR errorString, UINT errorStringLength ); BOOLEAN PacketStartOemEx( PCHAR errorString, UINT errorStringLength, ULONG flags ); PAirpcapHandle PacketGetAirPcapHandle( LPADAPTER AdapterObject ); /* */ /* Used by PacketStartOemEx */ /* */ #define PACKET_START_OEM_NO_NETMON 0x00000001 #ifdef __cplusplus } #endif #endif //__PACKET32