You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
399 lines
20 KiB
C
399 lines
20 KiB
C
/*
|
|
* Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
|
|
* Copyright (c) 2005 - 2007 CACE Technologies, Davis (California)
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of the Politecnico di Torino, CACE Technologies
|
|
* nor the names of its contributors may be used to endorse or promote
|
|
* products derived from this software without specific prior written
|
|
* permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
*/
|
|
|
|
/** @ingroup packetapi
|
|
* @{
|
|
*/
|
|
|
|
/** @defgroup packet32h Packet.dll definitions and data structures
|
|
* Packet32.h contains the data structures and the definitions used by packet.dll.
|
|
* The file is used both by the Win9x and the WinNTx versions of packet.dll, and can be included
|
|
* by the applications that use the functions of this library
|
|
* @{
|
|
*/
|
|
|
|
#ifndef __PACKET32
|
|
#define __PACKET32
|
|
|
|
#include <winsock2.h>
|
|
|
|
#ifdef HAVE_AIRPCAP_API
|
|
#include <airpcap.h>
|
|
#else
|
|
#if !defined( AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ )
|
|
#define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_
|
|
typedef struct _AirpcapHandle * PAirpcapHandle;
|
|
#endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */
|
|
#endif /* HAVE_AIRPCAP_API */
|
|
|
|
#ifdef HAVE_DAG_API
|
|
#include <dagc.h>
|
|
#endif /* HAVE_DAG_API */
|
|
|
|
/* Working modes */
|
|
#define PACKET_MODE_CAPT 0x0 /*/< Capture mode */
|
|
#define PACKET_MODE_STAT 0x1 /*/< Statistical mode */
|
|
#define PACKET_MODE_MON 0x2 /*/< Monitoring mode */
|
|
#define PACKET_MODE_DUMP 0x10 /*/< Dump mode */
|
|
#define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT /*/< Statistical dump Mode */
|
|
|
|
|
|
/*/ Alignment macro. Defines the alignment size. */
|
|
#define Packet_ALIGNMENT sizeof( int )
|
|
/*/ Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT. */
|
|
#define Packet_WORDALIGN( x ) ( ( ( x ) + ( Packet_ALIGNMENT - 1 ) ) & ~( Packet_ALIGNMENT - 1 ) )
|
|
|
|
#define NdisMediumNull -1 /*/< Custom linktype: NDIS doesn't provide an equivalent */
|
|
#define NdisMediumCHDLC -2 /*/< Custom linktype: NDIS doesn't provide an equivalent */
|
|
#define NdisMediumPPPSerial -3 /*/< Custom linktype: NDIS doesn't provide an equivalent */
|
|
#define NdisMediumBare80211 -4 /*/< Custom linktype: NDIS doesn't provide an equivalent */
|
|
#define NdisMediumRadio80211 -5 /*/< Custom linktype: NDIS doesn't provide an equivalent */
|
|
#define NdisMediumPpi -6 /*/< Custom linktype: NDIS doesn't provide an equivalent */
|
|
|
|
/* Loopback behaviour definitions */
|
|
#define NPF_DISABLE_LOOPBACK 1 /*/< Drop the packets sent by the NPF driver */
|
|
#define NPF_ENABLE_LOOPBACK 2 /*/< Capture the packets sent by the NPF driver */
|
|
|
|
/*!
|
|
* \brief Network type structure.
|
|
*
|
|
* This structure is used by the PacketGetNetType() function to return information on the current adapter's type and speed.
|
|
*/
|
|
typedef struct NetType
|
|
{
|
|
UINT LinkType; /*/< The MAC of the current network adapter (see function PacketGetNetType() for more information) */
|
|
ULONGLONG LinkSpeed; /*/< The speed of the network in bits per second */
|
|
} NetType;
|
|
|
|
|
|
/*some definitions stolen from libpcap */
|
|
|
|
#ifndef BPF_MAJOR_VERSION
|
|
|
|
/*!
|
|
* \brief A BPF pseudo-assembly program.
|
|
*
|
|
* The program will be injected in the kernel by the PacketSetBPF() function and applied to every incoming packet.
|
|
*/
|
|
struct bpf_program
|
|
{
|
|
UINT bf_len; /*/< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow. */
|
|
struct bpf_insn * bf_insns; /*/< A pointer to the first instruction of the program. */
|
|
};
|
|
|
|
/*!
|
|
* \brief A single BPF pseudo-instruction.
|
|
*
|
|
* bpf_insn contains a single instruction for the BPF register-machine. It is used to send a filter program to the driver.
|
|
*/
|
|
struct bpf_insn
|
|
{
|
|
USHORT code; /*/< Instruction type and addressing mode. */
|
|
UCHAR jt; /*/< Jump if true */
|
|
UCHAR jf; /*/< Jump if false */
|
|
int k; /*/< Generic field used for various purposes. */
|
|
};
|
|
|
|
/*!
|
|
* \brief Structure that contains a couple of statistics values on the current capture.
|
|
*
|
|
* It is used by packet.dll to return statistics about a capture session.
|
|
*/
|
|
struct bpf_stat
|
|
{
|
|
UINT bs_recv; /*/< Number of packets that the driver received from the network adapter */
|
|
/*/< from the beginning of the current capture. This value includes the packets */
|
|
/*/< lost by the driver. */
|
|
UINT bs_drop; /*/< number of packets that the driver lost from the beginning of a capture. */
|
|
/*/< Basically, a packet is lost when the the buffer of the driver is full. */
|
|
/*/< In this situation the packet cannot be stored and the driver rejects it. */
|
|
UINT ps_ifdrop; /*/< drops by interface. XXX not yet supported */
|
|
UINT bs_capt; /*/< number of packets that pass the filter, find place in the kernel buffer and */
|
|
/*/< thus reach the application. */
|
|
};
|
|
|
|
/*!
|
|
* \brief Packet header.
|
|
*
|
|
* This structure defines the header associated with every packet delivered to the application.
|
|
*/
|
|
struct bpf_hdr
|
|
{
|
|
struct timeval bh_tstamp; /*/< The timestamp associated with the captured packet. */
|
|
/*/< It is stored in a TimeVal structure. */
|
|
UINT bh_caplen; /*/< Length of captured portion. The captured portion <b>can be different</b> */
|
|
/*/< from the original packet, because it is possible (with a proper filter) */
|
|
/*/< to instruct the driver to capture only a portion of the packets. */
|
|
UINT bh_datalen; /*/< Original length of packet */
|
|
USHORT bh_hdrlen; /*/< Length of bpf header (this struct plus alignment padding). In some cases, */
|
|
/*/< a padding could be added between the end of this structure and the packet */
|
|
/*/< data for performance reasons. This filed can be used to retrieve the actual data */
|
|
/*/< of the packet. */
|
|
};
|
|
|
|
/*!
|
|
* \brief Dump packet header.
|
|
*
|
|
* This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets().
|
|
* It is simpler than the bpf_hdr, because it corresponds to the header associated by WinPcap and libpcap to a
|
|
* packet in a dump file. This makes straightforward sending WinPcap dump files to the network.
|
|
*/
|
|
struct dump_bpf_hdr
|
|
{
|
|
struct timeval ts; /*/< Time stamp of the packet */
|
|
UINT caplen; /*/< Length of captured portion. The captured portion can smaller than the */
|
|
/*/< the original packet, because it is possible (with a proper filter) to */
|
|
/*/< instruct the driver to capture only a portion of the packets. */
|
|
UINT len; /*/< Length of the original packet (off wire). */
|
|
};
|
|
|
|
|
|
#endif /* ifndef BPF_MAJOR_VERSION */
|
|
|
|
struct bpf_stat;
|
|
|
|
#define DOSNAMEPREFIX TEXT( "Packet_" ) /*/< Prefix added to the adapters device names to create the WinPcap devices */
|
|
#define MAX_LINK_NAME_LENGTH 64 /*< Maximum length of the devices symbolic links */
|
|
#define NMAX_PACKET 65535
|
|
|
|
/*!
|
|
* \brief Addresses of a network adapter.
|
|
*
|
|
* This structure is used by the PacketGetNetInfoEx() function to return the IP addresses associated with
|
|
* an adapter.
|
|
*/
|
|
typedef struct npf_if_addr
|
|
{
|
|
struct sockaddr_storage IPAddress; /*/< IP address. */
|
|
struct sockaddr_storage SubnetMask; /*/< Netmask for that address. */
|
|
struct sockaddr_storage Broadcast; /*/< Broadcast address. */
|
|
} npf_if_addr;
|
|
|
|
|
|
#define ADAPTER_NAME_LENGTH 256 + 12 /*/< Maximum length for the name of an adapter. The value is the same used by the IP Helper API. */
|
|
#define ADAPTER_DESC_LENGTH 128 /*/< Maximum length for the description of an adapter. The value is the same used by the IP Helper API. */
|
|
#define MAX_MAC_ADDR_LENGTH 8 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */
|
|
#define MAX_NETWORK_ADDRESSES 16 /*/< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API. */
|
|
|
|
|
|
typedef struct WAN_ADAPTER_INT WAN_ADAPTER; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */
|
|
typedef WAN_ADAPTER * PWAN_ADAPTER; /*/< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API */
|
|
|
|
#define INFO_FLAG_NDIS_ADAPTER 0 /*/< Flag for ADAPTER_INFO: this is a traditional ndis adapter */
|
|
#define INFO_FLAG_NDISWAN_ADAPTER 1 /*/< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET */
|
|
#define INFO_FLAG_DAG_CARD 2 /*/< Flag for ADAPTER_INFO: this is a DAG card */
|
|
#define INFO_FLAG_DAG_FILE 6 /*/< Flag for ADAPTER_INFO: this is a DAG file */
|
|
#define INFO_FLAG_DONT_EXPORT 8 /*/< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones. */
|
|
#define INFO_FLAG_AIRPCAP_CARD 16 /*/< Flag for ADAPTER_INFO: this is an airpcap card */
|
|
#define INFO_FLAG_NPFIM_DEVICE 32
|
|
|
|
/*!
|
|
* \brief Describes an opened network adapter.
|
|
*
|
|
* This structure is the most important for the functioning of packet.dll, but the great part of its fields
|
|
* should be ignored by the user, since the library offers functions that avoid to cope with low-level parameters
|
|
*/
|
|
typedef struct _ADAPTER
|
|
{
|
|
HANDLE hFile; /*/< \internal Handle to an open instance of the NPF driver. */
|
|
CHAR SymbolicLink[ MAX_LINK_NAME_LENGTH ]; /*/< \internal A string containing the name of the network adapter currently opened. */
|
|
int NumWrites; /*/< \internal Number of times a packets written on this adapter will be repeated */
|
|
/*/< on the wire. */
|
|
HANDLE ReadEvent; /*/< A notification event associated with the read calls on the adapter. */
|
|
/*/< It can be passed to standard Win32 functions (like WaitForSingleObject */
|
|
/*/< or WaitForMultipleObjects) to wait until the driver's buffer contains some */
|
|
/*/< data. It is particularly useful in GUI applications that need to wait */
|
|
/*/< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy() */
|
|
/*/< function can be used to define the minimum amount of data in the kernel buffer */
|
|
/*/< that will cause the event to be signalled. */
|
|
|
|
UINT ReadTimeOut; /*/< \internal The amount of time after which a read on the driver will be released and */
|
|
/*/< ReadEvent will be signaled, also if no packets were captured */
|
|
CHAR Name[ ADAPTER_NAME_LENGTH ];
|
|
PWAN_ADAPTER pWanAdapter;
|
|
UINT Flags; /*/< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API. */
|
|
|
|
#ifdef HAVE_AIRPCAP_API
|
|
PAirpcapHandle AirpcapAd;
|
|
#endif // HAVE_AIRPCAP_API
|
|
|
|
#ifdef HAVE_NPFIM_API
|
|
void * NpfImHandle;
|
|
#endif // HAVE_NPFIM_API
|
|
|
|
#ifdef HAVE_DAG_API
|
|
dagc_t * pDagCard; /*/< Pointer to the dagc API adapter descriptor for this adapter */
|
|
PCHAR DagBuffer; /*/< Pointer to the buffer with the packets that is received from the DAG card */
|
|
struct timeval DagReadTimeout; /*/< Read timeout. The dagc API requires a timeval structure */
|
|
unsigned DagFcsLen; /*/< Length of the frame check sequence attached to any packet by the card. Obtained from the registry */
|
|
DWORD DagFastProcess; /*/< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps). */
|
|
#endif // HAVE_DAG_API
|
|
} ADAPTER, * LPADAPTER;
|
|
|
|
/*!
|
|
* \brief Structure that contains a group of packets coming from the driver.
|
|
*
|
|
* This structure defines the header associated with every packet delivered to the application.
|
|
*/
|
|
typedef struct _PACKET
|
|
{
|
|
HANDLE hEvent; /*/< \deprecated Still present for compatibility with old applications. */
|
|
OVERLAPPED OverLapped; /*/< \deprecated Still present for compatibility with old applications. */
|
|
PVOID Buffer; /*/< Buffer with containing the packets. See the PacketReceivePacket() for */
|
|
/*/< details about the organization of the data in this buffer */
|
|
UINT Length; /*/< Length of the buffer */
|
|
DWORD ulBytesReceived; /*/< Number of valid bytes present in the buffer, i.e. amount of data */
|
|
/*/< received by the last call to PacketReceivePacket() */
|
|
BOOLEAN bIoComplete; /*/< \deprecated Still present for compatibility with old applications. */
|
|
} PACKET, * LPPACKET;
|
|
|
|
/*!
|
|
* \brief Structure containing an OID request.
|
|
*
|
|
* It is used by the PacketRequest() function to send an OID to the interface card driver.
|
|
* It can be used, for example, to retrieve the status of the error counters on the adapter, its MAC address,
|
|
* the list of the multicast groups defined on it, and so on.
|
|
*/
|
|
struct _PACKET_OID_DATA
|
|
{
|
|
ULONG Oid; /*/< OID code. See the Microsoft DDK documentation or the file ntddndis.h */
|
|
/*/< for a complete list of valid codes. */
|
|
ULONG Length; /*/< Length of the data field */
|
|
UCHAR Data[ 1 ]; /*/< variable-lenght field that contains the information passed to or received */
|
|
/*/< from the adapter. */
|
|
};
|
|
typedef struct _PACKET_OID_DATA PACKET_OID_DATA, * PPACKET_OID_DATA;
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/**
|
|
* @}
|
|
*/
|
|
|
|
/*
|
|
* BOOLEAN QueryWinPcapRegistryStringA(CHAR *SubKeyName,
|
|
* CHAR *Value,
|
|
* UINT *pValueLen,
|
|
* CHAR *DefaultVal);
|
|
*
|
|
* BOOLEAN QueryWinPcapRegistryStringW(WCHAR *SubKeyName,
|
|
* WCHAR *Value,
|
|
* UINT *pValueLen,
|
|
* WCHAR *DefaultVal);
|
|
*/
|
|
|
|
/*--------------------------------------------------------------------------- */
|
|
/* EXPORTED FUNCTIONS */
|
|
/*--------------------------------------------------------------------------- */
|
|
|
|
PCHAR PacketGetVersion();
|
|
PCHAR PacketGetDriverVersion();
|
|
BOOLEAN PacketSetMinToCopy( LPADAPTER AdapterObject,
|
|
int nbytes );
|
|
BOOLEAN PacketSetNumWrites( LPADAPTER AdapterObject,
|
|
int nwrites );
|
|
BOOLEAN PacketSetMode( LPADAPTER AdapterObject,
|
|
int mode );
|
|
BOOLEAN PacketSetReadTimeout( LPADAPTER AdapterObject,
|
|
int timeout );
|
|
BOOLEAN PacketSetBpf( LPADAPTER AdapterObject,
|
|
struct bpf_program * fp );
|
|
BOOLEAN PacketSetLoopbackBehavior( LPADAPTER AdapterObject,
|
|
UINT LoopbackBehavior );
|
|
INT PacketSetSnapLen( LPADAPTER AdapterObject,
|
|
int snaplen );
|
|
BOOLEAN PacketGetStats( LPADAPTER AdapterObject,
|
|
struct bpf_stat * s );
|
|
BOOLEAN PacketGetStatsEx( LPADAPTER AdapterObject,
|
|
struct bpf_stat * s );
|
|
BOOLEAN PacketSetBuff( LPADAPTER AdapterObject,
|
|
int dim );
|
|
BOOLEAN PacketGetNetType( LPADAPTER AdapterObject,
|
|
NetType * type );
|
|
LPADAPTER PacketOpenAdapter( PCHAR AdapterName );
|
|
BOOLEAN PacketSendPacket( LPADAPTER AdapterObject,
|
|
LPPACKET pPacket,
|
|
BOOLEAN Sync );
|
|
INT PacketSendPackets( LPADAPTER AdapterObject,
|
|
PVOID PacketBuff,
|
|
ULONG Size,
|
|
BOOLEAN Sync );
|
|
LPPACKET PacketAllocatePacket( void );
|
|
VOID PacketInitPacket( LPPACKET lpPacket,
|
|
PVOID Buffer,
|
|
UINT Length );
|
|
VOID PacketFreePacket( LPPACKET lpPacket );
|
|
BOOLEAN PacketReceivePacket( LPADAPTER AdapterObject,
|
|
LPPACKET lpPacket,
|
|
BOOLEAN Sync );
|
|
BOOLEAN PacketSetHwFilter( LPADAPTER AdapterObject,
|
|
ULONG Filter );
|
|
BOOLEAN PacketGetAdapterNames( PTSTR pStr,
|
|
PULONG BufferSize );
|
|
BOOLEAN PacketGetNetInfoEx( PCHAR AdapterName,
|
|
npf_if_addr * buffer,
|
|
PLONG NEntries );
|
|
BOOLEAN PacketRequest( LPADAPTER AdapterObject,
|
|
BOOLEAN Set,
|
|
PPACKET_OID_DATA OidData );
|
|
HANDLE PacketGetReadEvent( LPADAPTER AdapterObject );
|
|
BOOLEAN PacketSetDumpName( LPADAPTER AdapterObject,
|
|
void * name,
|
|
int len );
|
|
BOOLEAN PacketSetDumpLimits( LPADAPTER AdapterObject,
|
|
UINT maxfilesize,
|
|
UINT maxnpacks );
|
|
BOOLEAN PacketIsDumpEnded( LPADAPTER AdapterObject,
|
|
BOOLEAN sync );
|
|
BOOL PacketStopDriver();
|
|
VOID PacketCloseAdapter( LPADAPTER lpAdapter );
|
|
BOOLEAN PacketStartOem( PCHAR errorString,
|
|
UINT errorStringLength );
|
|
BOOLEAN PacketStartOemEx( PCHAR errorString,
|
|
UINT errorStringLength,
|
|
ULONG flags );
|
|
PAirpcapHandle PacketGetAirPcapHandle( LPADAPTER AdapterObject );
|
|
|
|
/* */
|
|
/* Used by PacketStartOemEx */
|
|
/* */
|
|
#define PACKET_START_OEM_NO_NETMON 0x00000001
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif //__PACKET32
|