--- /dev/null
+/*\r
+ * Copyright (c) 2002 - 2003\r
+ * NetGroup, Politecnico di Torino (Italy)\r
+ * All rights reserved.\r
+ * \r
+ * Redistribution and use in source and binary forms, with or without \r
+ * modification, are permitted provided that the following conditions \r
+ * are met:\r
+ * \r
+ * 1. Redistributions of source code must retain the above copyright \r
+ * notice, this list of conditions and the following disclaimer.\r
+ * 2. Redistributions in binary form must reproduce the above copyright \r
+ * notice, this list of conditions and the following disclaimer in the \r
+ * documentation and/or other materials provided with the distribution. \r
+ * 3. Neither the name of the Politecnico di Torino nor the names of its \r
+ * contributors may be used to endorse or promote products derived from \r
+ * this software without specific prior written permission. \r
+ * \r
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \r
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT \r
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR \r
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT \r
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, \r
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT \r
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, \r
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY \r
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT \r
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE \r
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r
+ * \r
+ */\r
+\r
+\r
+#ifndef __REMOTE_EXT_H__\r
+#define __REMOTE_EXT_H__\r
+\r
+\r
+#ifndef HAVE_REMOTE\r
+#error Please do not include this file directly. Just define HAVE_REMOTE and then include pcap.h\r
+#endif\r
+\r
+// Definition for Microsoft Visual Studio\r
+#if _MSC_VER > 1000\r
+#pragma once\r
+#endif\r
+\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
+/*!\r
+ \file remote-ext.h\r
+\r
+ The goal of this file it to include most of the new definitions that should be\r
+ placed into the pcap.h file.\r
+\r
+ It includes all new definitions (structures and functions like pcap_open().\r
+ Some of the functions are not really a remote feature, but, right now, \r
+ they are placed here.\r
+*/\r
+\r
+\r
+\r
+// All this stuff is public\r
+/*! \addtogroup remote_struct\r
+ \{\r
+*/\r
+\r
+\r
+\r
+\r
+/*!\r
+ \brief Defines the maximum buffer size in which address, port, interface names are kept.\r
+\r
+ In case the adapter name or such is larger than this value, it is truncated.\r
+ This is not used by the user; however it must be aware that an hostname / interface\r
+ name longer than this value will be truncated.\r
+*/\r
+#define PCAP_BUF_SIZE 1024\r
+\r
+\r
+/*! \addtogroup remote_source_ID\r
+ \{\r
+*/\r
+\r
+\r
+/*!\r
+ \brief Internal representation of the type of source in use (file, \r
+ remote/local interface).\r
+\r
+ This indicates a file, i.e. the user want to open a capture from a local file.\r
+*/\r
+#define PCAP_SRC_FILE 2\r
+/*!\r
+ \brief Internal representation of the type of source in use (file, \r
+ remote/local interface).\r
+\r
+ This indicates a local interface, i.e. the user want to open a capture from \r
+ a local interface. This does not involve the RPCAP protocol.\r
+*/\r
+#define PCAP_SRC_IFLOCAL 3\r
+/*!\r
+ \brief Internal representation of the type of source in use (file, \r
+ remote/local interface).\r
+\r
+ This indicates a remote interface, i.e. the user want to open a capture from \r
+ an interface on a remote host. This does involve the RPCAP protocol.\r
+*/\r
+#define PCAP_SRC_IFREMOTE 4\r
+\r
+/*!\r
+ \}\r
+*/\r
+\r
+\r
+\r
+/*! \addtogroup remote_source_string\r
+\r
+ The formats allowed by the pcap_open() are the following:\r
+ - file://path_and_filename [opens a local file]\r
+ - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]\r
+ - rpcap://host/devicename [opens the selected device available on a remote host]\r
+ - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]\r
+ - adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]\r
+ - (NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]\r
+\r
+ The formats allowed by the pcap_findalldevs_ex() are the following:\r
+ - file://folder/ [lists all the files in the given folder]\r
+ - rpcap:// [lists all local adapters]\r
+ - rpcap://host:port/ [lists the devices available on a remote host]\r
+\r
+ Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since\r
+ IPv6 is fully supported, these are the allowed formats:\r
+\r
+ - host (literal): e.g. host.foo.bar\r
+ - host (numeric IPv4): e.g. 10.11.12.13\r
+ - host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]\r
+ - host (numeric IPv6): e.g. [1:2:3::4]\r
+ - port: can be either numeric (e.g. '80') or literal (e.g. 'http')\r
+\r
+ Here you find some allowed examples:\r
+ - rpcap://host.foo.bar/devicename [everything literal, no port number]\r
+ - rpcap://host.foo.bar:1234/devicename [everything literal, with port number]\r
+ - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]\r
+ - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]\r
+ - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]\r
+ - rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]\r
+ - rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]\r
+ - rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number]\r
+ \r
+ \{\r
+*/\r
+\r
+\r
+/*!\r
+ \brief String that will be used to determine the type of source in use (file,\r
+ remote/local interface).\r
+\r
+ This string will be prepended to the interface name in order to create a string\r
+ that contains all the information required to open the source.\r
+\r
+ This string indicates that the user wants to open a capture from a local file.\r
+*/\r
+#define PCAP_SRC_FILE_STRING "file://"\r
+/*!\r
+ \brief String that will be used to determine the type of source in use (file,\r
+ remote/local interface).\r
+\r
+ This string will be prepended to the interface name in order to create a string\r
+ that contains all the information required to open the source.\r
+\r
+ This string indicates that the user wants to open a capture from a network interface.\r
+ This string does not necessarily involve the use of the RPCAP protocol. If the\r
+ interface required resides on the local host, the RPCAP protocol is not involved\r
+ and the local functions are used.\r
+*/\r
+#define PCAP_SRC_IF_STRING "rpcap://"\r
+\r
+/*!\r
+ \}\r
+*/\r
+\r
+\r
+\r
+\r
+\r
+/*!\r
+ \addtogroup remote_open_flags\r
+ \{\r
+*/\r
+\r
+/*!\r
+ \brief Defines if the adapter has to go in promiscuous mode.\r
+\r
+ It is '1' if you have to open the adapter in promiscuous mode, '0' otherwise.\r
+ Note that even if this parameter is false, the interface could well be in promiscuous\r
+ mode for some other reason (for example because another capture process with \r
+ promiscuous mode enabled is currently using that interface).\r
+ On on Linux systems with 2.2 or later kernels (that have the "any" device), this\r
+ flag does not work on the "any" device; if an argument of "any" is supplied,\r
+ the 'promisc' flag is ignored.\r
+*/\r
+#define PCAP_OPENFLAG_PROMISCUOUS 1\r
+\r
+/*!\r
+ \brief Defines if the data trasfer (in case of a remote\r
+ capture) has to be done with UDP protocol.\r
+\r
+ If it is '1' if you want a UDP data connection, '0' if you want\r
+ a TCP data connection; control connection is always TCP-based.\r
+ A UDP connection is much lighter, but it does not guarantee that all\r
+ the captured packets arrive to the client workstation. Moreover, \r
+ it could be harmful in case of network congestion.\r
+ This flag is meaningless if the source is not a remote interface.\r
+ In that case, it is simply ignored.\r
+*/\r
+#define PCAP_OPENFLAG_DATATX_UDP 2\r
+\r
+\r
+/*!\r
+ \brief Defines if the remote probe will capture its own generated traffic.\r
+\r
+ In case the remote probe uses the same interface to capture traffic and to send\r
+ data back to the caller, the captured traffic includes the RPCAP traffic as well.\r
+ If this flag is turned on, the RPCAP traffic is excluded from the capture, so that\r
+ the trace returned back to the collector is does not include this traffic.\r
+*/\r
+#define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4\r
+\r
+/*!\r
+ \brief Defines if the local adapter will capture its own generated traffic.\r
+\r
+ This flag tells the underlying capture driver to drop the packets that were sent by itself. \r
+ This is usefult when building applications like bridges, that should ignore the traffic\r
+ they just sent.\r
+*/\r
+#define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8\r
+\r
+/*!\r
+ \brief This flag configures the adapter for maximum responsiveness.\r
+\r
+ In presence of a large value for nbytes, WinPcap waits for the arrival of several packets before \r
+ copying the data to the user. This guarantees a low number of system calls, i.e. lower processor usage, \r
+ i.e. better performance, which is good for applications like sniffers. If the user sets the \r
+ PCAP_OPENFLAG_MAX_RESPONSIVENESS flag, the capture driver will copy the packets as soon as the application \r
+ is ready to receive them. This is suggested for real time applications (like, for example, a bridge) \r
+ that need the best responsiveness.*/\r
+#define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16\r
+\r
+/*!\r
+ \}\r
+*/\r
+\r
+\r
+/*!\r
+ \addtogroup remote_samp_methods\r
+ \{\r
+*/\r
+\r
+/*!\r
+ \brief No sampling has to be done on the current capture.\r
+\r
+ In this case, no sampling algorithms are applied to the current capture.\r
+*/\r
+#define PCAP_SAMP_NOSAMP 0\r
+\r
+/*!\r
+ \brief It defines that only 1 out of N packets must be returned to the user.\r
+\r
+ In this case, the 'value' field of the 'pcap_samp' structure indicates the\r
+ number of packets (minus 1) that must be discarded before one packet got accepted.\r
+ In other words, if 'value = 10', the first packet is returned to the caller, while\r
+ the following 9 are discarded.\r
+*/\r
+#define PCAP_SAMP_1_EVERY_N 1\r
+\r
+/*!\r
+ \brief It defines that we have to return 1 packet every N milliseconds.\r
+\r
+ In this case, the 'value' field of the 'pcap_samp' structure indicates the 'waiting\r
+ time' in milliseconds before one packet got accepted.\r
+ In other words, if 'value = 10', the first packet is returned to the caller; the next \r
+ returned one will be the first packet that arrives when 10ms have elapsed. \r
+*/\r
+#define PCAP_SAMP_FIRST_AFTER_N_MS 2\r
+\r
+/*!\r
+ \}\r
+*/\r
+\r
+\r
+/*!\r
+ \addtogroup remote_auth_methods\r
+ \{\r
+*/\r
+\r
+/*!\r
+ \brief It defines the NULL authentication.\r
+\r
+ This value has to be used within the 'type' member of the pcap_rmtauth structure.\r
+ The 'NULL' authentication has to be equal to 'zero', so that old applications\r
+ can just put every field of struct pcap_rmtauth to zero, and it does work.\r
+*/\r
+#define RPCAP_RMTAUTH_NULL 0\r
+/*!\r
+ \brief It defines the username/password authentication.\r
+\r
+ With this type of authentication, the RPCAP protocol will use the username/\r
+ password provided to authenticate the user on the remote machine. If the\r
+ authentication is successful (and the user has the right to open network devices)\r
+ the RPCAP connection will continue; otherwise it will be dropped.\r
+\r
+ This value has to be used within the 'type' member of the pcap_rmtauth structure.\r
+*/\r
+#define RPCAP_RMTAUTH_PWD 1\r
+\r
+/*!\r
+ \}\r
+*/\r
+\r
+\r
+\r
+\r
+/*!\r
+\r
+ \brief This structure keeps the information needed to autheticate\r
+ the user on a remote machine.\r
+ \r
+ The remote machine can either grant or refuse the access according \r
+ to the information provided.\r
+ In case the NULL authentication is required, both 'username' and\r
+ 'password' can be NULL pointers.\r
+ \r
+ This structure is meaningless if the source is not a remote interface;\r
+ in that case, the functions which requires such a structure can accept\r
+ a NULL pointer as well.\r
+*/\r
+struct pcap_rmtauth\r
+{\r
+ /*!\r
+ \brief Type of the authentication required.\r
+\r
+ In order to provide maximum flexibility, we can support different types\r
+ of authentication based on the value of this 'type' variable. The currently \r
+ supported authentication methods are defined into the\r
+ \link remote_auth_methods Remote Authentication Methods Section\endlink.\r
+\r
+ */\r
+ int type;\r
+ /*!\r
+ \brief Zero-terminated string containing the username that has to be \r
+ used on the remote machine for authentication.\r
+ \r
+ This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication\r
+ and it can be NULL.\r
+ */\r
+ char *username;\r
+ /*!\r
+ \brief Zero-terminated string containing the password that has to be \r
+ used on the remote machine for authentication.\r
+ \r
+ This field is meaningless in case of the RPCAP_RMTAUTH_NULL authentication\r
+ and it can be NULL.\r
+ */\r
+ char *password;\r
+};\r
+\r
+\r
+/*!\r
+ \brief This structure defines the information related to sampling.\r
+\r
+ In case the sampling is requested, the capturing device should read\r
+ only a subset of the packets coming from the source. The returned packets depend\r
+ on the sampling parameters.\r
+\r
+ \warning The sampling process is applied <strong>after</strong> the filtering process.\r
+ In other words, packets are filtered first, then the sampling process selects a\r
+ subset of the 'filtered' packets and it returns them to the caller.\r
+*/\r
+struct pcap_samp\r
+{\r
+ /*!\r
+ Method used for sampling. Currently, the supported methods are listed in the\r
+ \link remote_samp_methods Sampling Methods Section\endlink.\r
+ */\r
+ int method;\r
+\r
+ /*!\r
+ This value depends on the sampling method defined. For its meaning, please check\r
+ at the \link remote_samp_methods Sampling Methods Section\endlink.\r
+ */\r
+ int value;\r
+};\r
+\r
+\r
+\r
+\r
+//! Maximum lenght of an host name (needed for the RPCAP active mode)\r
+#define RPCAP_HOSTLIST_SIZE 1024\r
+\r
+\r
+/*!\r
+ \}\r
+*/ // end of public documentation\r
+\r
+\r
+// Exported functions\r
+\r
+\r
+\r
+/** \name New WinPcap functions\r
+\r
+ This section lists the new functions that are able to help considerably in writing\r
+ WinPcap programs because of their easiness of use.\r
+ */\r
+//\{\r
+pcap_t *pcap_open(const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf);\r
+int pcap_createsrcstr(char *source, int type, const char *host, const char *port, const char *name, char *errbuf);\r
+int pcap_parsesrcstr(const char *source, int *type, char *host, char *port, char *name, char *errbuf);\r
+int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf);\r
+struct pcap_samp *pcap_setsampling(pcap_t *p);\r
+\r
+//\}\r
+// End of new winpcap functions\r
+\r
+\r
+\r
+/** \name Remote Capture functions\r
+ */\r
+//\{ \r
+SOCKET pcap_remoteact_accept(const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf);\r
+int pcap_remoteact_list(char *hostlist, char sep, int size, char *errbuf);\r
+int pcap_remoteact_close(const char *host, char *errbuf);\r
+void pcap_remoteact_cleanup();\r
+//\}\r
+// End of remote capture functions\r
+\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
+\r
+\r
+#endif\r
+\r