2013-03-20 13:58:00 +00:00
/*
* Copyright ( c ) 1999 - 2005 NetGroup , Politecnico di Torino ( Italy )
* Copyright ( c ) 2005 - 2007 CACE Technologies , Davis ( California )
* All rights reserved .
*
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions
* are met :
*
* 1. Redistributions of source code must retain the above copyright
* notice , this list of conditions and the following disclaimer .
* 2. Redistributions in binary form must reproduce the above copyright
* notice , this list of conditions and the following disclaimer in the
* documentation and / or other materials provided with the distribution .
* 3. Neither the name of the Politecnico di Torino , CACE Technologies
* nor the names of its contributors may be used to endorse or promote
* products derived from this software without specific prior written
* permission .
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* " AS IS " AND ANY EXPRESS OR IMPLIED WARRANTIES , INCLUDING , BUT NOT
* LIMITED TO , THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED . IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT , INDIRECT , INCIDENTAL ,
* SPECIAL , EXEMPLARY , OR CONSEQUENTIAL DAMAGES ( INCLUDING , BUT NOT
* LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES ; LOSS OF USE ,
* DATA , OR PROFITS ; OR BUSINESS INTERRUPTION ) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY , WHETHER IN CONTRACT , STRICT LIABILITY , OR TORT
* ( INCLUDING NEGLIGENCE OR OTHERWISE ) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE , EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE .
*
*/
/** @ingroup packetapi
* @ {
*/
/** @defgroup packet32h Packet.dll definitions and data structures
* Packet32 . h contains the data structures and the definitions used by packet . dll .
* The file is used both by the Win9x and the WinNTx versions of packet . dll , and can be included
* by the applications that use the functions of this library
* @ {
*/
# ifndef __PACKET32
# define __PACKET32
# include <winsock2.h>
# ifdef HAVE_AIRPCAP_API
# include <airpcap.h>
# else
# if !defined(AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_)
# define AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_
typedef struct _AirpcapHandle * PAirpcapHandle ;
# endif /* AIRPCAP_HANDLE__EAE405F5_0171_9592_B3C2_C19EC426AD34__DEFINED_ */
# endif /* HAVE_AIRPCAP_API */
# ifdef HAVE_DAG_API
# include <dagc.h>
# endif /* HAVE_DAG_API */
// Working modes
# define PACKET_MODE_CAPT 0x0 ///< Capture mode
# define PACKET_MODE_STAT 0x1 ///< Statistical mode
# define PACKET_MODE_MON 0x2 ///< Monitoring mode
# define PACKET_MODE_DUMP 0x10 ///< Dump mode
# define PACKET_MODE_STAT_DUMP MODE_DUMP | MODE_STAT ///< Statistical dump Mode
/// Alignment macro. Defines the alignment size.
# define Packet_ALIGNMENT sizeof(int)
/// Alignment macro. Rounds up to the next even multiple of Packet_ALIGNMENT.
# define Packet_WORDALIGN(x) (((x)+(Packet_ALIGNMENT-1))&~(Packet_ALIGNMENT-1))
# define NdisMediumNull -1 ///< Custom linktype: NDIS doesn't provide an equivalent
# define NdisMediumCHDLC -2 ///< Custom linktype: NDIS doesn't provide an equivalent
# define NdisMediumPPPSerial -3 ///< Custom linktype: NDIS doesn't provide an equivalent
# define NdisMediumBare80211 -4 ///< Custom linktype: NDIS doesn't provide an equivalent
# define NdisMediumRadio80211 -5 ///< Custom linktype: NDIS doesn't provide an equivalent
# define NdisMediumPpi -6 ///< Custom linktype: NDIS doesn't provide an equivalent
// Loopback behaviour definitions
# define NPF_DISABLE_LOOPBACK 1 ///< Drop the packets sent by the NPF driver
# define NPF_ENABLE_LOOPBACK 2 ///< Capture the packets sent by the NPF driver
/*!
\ brief Network type structure .
This structure is used by the PacketGetNetType ( ) function to return information on the current adapter ' s type and speed .
*/
typedef struct NetType
{
UINT LinkType ; ///< The MAC of the current network adapter (see function PacketGetNetType() for more information)
ULONGLONG LinkSpeed ; ///< The speed of the network in bits per second
} NetType ;
//some definitions stolen from libpcap
# ifndef BPF_MAJOR_VERSION
/*!
\ brief A BPF pseudo - assembly program .
The program will be injected in the kernel by the PacketSetBPF ( ) function and applied to every incoming packet .
*/
struct bpf_program
{
UINT bf_len ; ///< Indicates the number of instructions of the program, i.e. the number of struct bpf_insn that will follow.
struct bpf_insn * bf_insns ; ///< A pointer to the first instruction of the program.
} ;
/*!
\ brief A single BPF pseudo - instruction .
bpf_insn contains a single instruction for the BPF register - machine . It is used to send a filter program to the driver .
*/
struct bpf_insn
{
USHORT code ; ///< Instruction type and addressing mode.
UCHAR jt ; ///< Jump if true
UCHAR jf ; ///< Jump if false
int k ; ///< Generic field used for various purposes.
} ;
/*!
\ brief Structure that contains a couple of statistics values on the current capture .
It is used by packet . dll to return statistics about a capture session .
*/
struct bpf_stat
{
UINT bs_recv ; ///< Number of packets that the driver received from the network adapter
///< from the beginning of the current capture. This value includes the packets
///< lost by the driver.
UINT bs_drop ; ///< number of packets that the driver lost from the beginning of a capture.
///< Basically, a packet is lost when the the buffer of the driver is full.
///< In this situation the packet cannot be stored and the driver rejects it.
UINT ps_ifdrop ; ///< drops by interface. XXX not yet supported
UINT bs_capt ; ///< number of packets that pass the filter, find place in the kernel buffer and
///< thus reach the application.
} ;
/*!
\ brief Packet header .
This structure defines the header associated with every packet delivered to the application .
*/
struct bpf_hdr
{
struct timeval bh_tstamp ; ///< The timestamp associated with the captured packet.
///< It is stored in a TimeVal structure.
UINT bh_caplen ; ///< Length of captured portion. The captured portion <b>can be different</b>
///< from the original packet, because it is possible (with a proper filter)
///< to instruct the driver to capture only a portion of the packets.
UINT bh_datalen ; ///< Original length of packet
USHORT bh_hdrlen ; ///< Length of bpf header (this struct plus alignment padding). In some cases,
///< a padding could be added between the end of this structure and the packet
///< data for performance reasons. This filed can be used to retrieve the actual data
///< of the packet.
} ;
/*!
\ brief Dump packet header .
This structure defines the header associated with the packets in a buffer to be used with PacketSendPackets ( ) .
It is simpler than the bpf_hdr , because it corresponds to the header associated by WinPcap and libpcap to a
packet in a dump file . This makes straightforward sending WinPcap dump files to the network .
*/
struct dump_bpf_hdr {
struct timeval ts ; ///< Time stamp of the packet
UINT caplen ; ///< Length of captured portion. The captured portion can smaller than the
///< the original packet, because it is possible (with a proper filter) to
///< instruct the driver to capture only a portion of the packets.
UINT len ; ///< Length of the original packet (off wire).
} ;
# endif
struct bpf_stat ;
# define DOSNAMEPREFIX TEXT("Packet_") ///< Prefix added to the adapters device names to create the WinPcap devices
# define MAX_LINK_NAME_LENGTH 64 //< Maximum length of the devices symbolic links
# define NMAX_PACKET 65535
/*!
\ brief Addresses of a network adapter .
This structure is used by the PacketGetNetInfoEx ( ) function to return the IP addresses associated with
an adapter .
*/
typedef struct npf_if_addr {
struct sockaddr_storage IPAddress ; ///< IP address.
struct sockaddr_storage SubnetMask ; ///< Netmask for that address.
struct sockaddr_storage Broadcast ; ///< Broadcast address.
} npf_if_addr ;
# define ADAPTER_NAME_LENGTH 256 + 12 ///< Maximum length for the name of an adapter. The value is the same used by the IP Helper API.
# define ADAPTER_DESC_LENGTH 128 ///< Maximum length for the description of an adapter. The value is the same used by the IP Helper API.
# define MAX_MAC_ADDR_LENGTH 8 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API.
# define MAX_NETWORK_ADDRESSES 16 ///< Maximum length for the link layer address of an adapter. The value is the same used by the IP Helper API.
typedef struct WAN_ADAPTER_INT WAN_ADAPTER ; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API
typedef WAN_ADAPTER * PWAN_ADAPTER ; ///< Describes an opened wan (dialup, VPN...) network adapter using the NetMon API
# define INFO_FLAG_NDIS_ADAPTER 0 ///< Flag for ADAPTER_INFO: this is a traditional ndis adapter
# define INFO_FLAG_NDISWAN_ADAPTER 1 ///< Flag for ADAPTER_INFO: this is a NdisWan adapter, and it's managed by WANPACKET
# define INFO_FLAG_DAG_CARD 2 ///< Flag for ADAPTER_INFO: this is a DAG card
# define INFO_FLAG_DAG_FILE 6 ///< Flag for ADAPTER_INFO: this is a DAG file
# define INFO_FLAG_DONT_EXPORT 8 ///< Flag for ADAPTER_INFO: when this flag is set, the adapter will not be listed or openend by winpcap. This allows to prevent exporting broken network adapters, like for example FireWire ones.
# define INFO_FLAG_AIRPCAP_CARD 16 ///< Flag for ADAPTER_INFO: this is an airpcap card
# define INFO_FLAG_NPFIM_DEVICE 32
/*!
\ brief Describes an opened network adapter .
This structure is the most important for the functioning of packet . dll , but the great part of its fields
should be ignored by the user , since the library offers functions that avoid to cope with low - level parameters
*/
typedef struct _ADAPTER {
HANDLE hFile ; ///< \internal Handle to an open instance of the NPF driver.
CHAR SymbolicLink [ MAX_LINK_NAME_LENGTH ] ; ///< \internal A string containing the name of the network adapter currently opened.
int NumWrites ; ///< \internal Number of times a packets written on this adapter will be repeated
///< on the wire.
HANDLE ReadEvent ; ///< A notification event associated with the read calls on the adapter.
///< It can be passed to standard Win32 functions (like WaitForSingleObject
///< or WaitForMultipleObjects) to wait until the driver's buffer contains some
///< data. It is particularly useful in GUI applications that need to wait
///< concurrently on several events. In Windows NT/2000 the PacketSetMinToCopy()
///< function can be used to define the minimum amount of data in the kernel buffer
///< that will cause the event to be signalled.
UINT ReadTimeOut ; ///< \internal The amount of time after which a read on the driver will be released and
///< ReadEvent will be signaled, also if no packets were captured
CHAR Name [ ADAPTER_NAME_LENGTH ] ;
PWAN_ADAPTER pWanAdapter ;
UINT Flags ; ///< Adapter's flags. Tell if this adapter must be treated in a different way, using the Netmon API or the dagc API.
# ifdef HAVE_AIRPCAP_API
PAirpcapHandle AirpcapAd ;
# endif // HAVE_AIRPCAP_API
# ifdef HAVE_NPFIM_API
void * NpfImHandle ;
# endif // HAVE_NPFIM_API
# ifdef HAVE_DAG_API
dagc_t * pDagCard ; ///< Pointer to the dagc API adapter descriptor for this adapter
PCHAR DagBuffer ; ///< Pointer to the buffer with the packets that is received from the DAG card
struct timeval DagReadTimeout ; ///< Read timeout. The dagc API requires a timeval structure
unsigned DagFcsLen ; ///< Length of the frame check sequence attached to any packet by the card. Obtained from the registry
DWORD DagFastProcess ; ///< True if the user requests fast capture processing on this card. Higher level applications can use this value to provide a faster but possibly unprecise capture (for example, libpcap doesn't convert the timestamps).
# endif // HAVE_DAG_API
} ADAPTER , * LPADAPTER ;
/*!
\ brief Structure that contains a group of packets coming from the driver .
This structure defines the header associated with every packet delivered to the application .
*/
typedef struct _PACKET {
HANDLE hEvent ; ///< \deprecated Still present for compatibility with old applications.
OVERLAPPED OverLapped ; ///< \deprecated Still present for compatibility with old applications.
PVOID Buffer ; ///< Buffer with containing the packets. See the PacketReceivePacket() for
///< details about the organization of the data in this buffer
UINT Length ; ///< Length of the buffer
DWORD ulBytesReceived ; ///< Number of valid bytes present in the buffer, i.e. amount of data
///< received by the last call to PacketReceivePacket()
BOOLEAN bIoComplete ; ///< \deprecated Still present for compatibility with old applications.
} PACKET , * LPPACKET ;
/*!
\ brief Structure containing an OID request .
It is used by the PacketRequest ( ) function to send an OID to the interface card driver .
It can be used , for example , to retrieve the status of the error counters on the adapter , its MAC address ,
the list of the multicast groups defined on it , and so on .
*/
struct _PACKET_OID_DATA {
ULONG Oid ; ///< OID code. See the Microsoft DDK documentation or the file ntddndis.h
///< for a complete list of valid codes.
ULONG Length ; ///< Length of the data field
UCHAR Data [ 1 ] ; ///< variable-lenght field that contains the information passed to or received
///< from the adapter.
} ;
typedef struct _PACKET_OID_DATA PACKET_OID_DATA , * PPACKET_OID_DATA ;
# ifdef __cplusplus
extern " C " {
# endif
/**
* @ }
*/
/*
BOOLEAN QueryWinPcapRegistryStringA ( CHAR * SubKeyName ,
CHAR * Value ,
UINT * pValueLen ,
CHAR * DefaultVal ) ;
BOOLEAN QueryWinPcapRegistryStringW ( WCHAR * SubKeyName ,
WCHAR * Value ,
UINT * pValueLen ,
WCHAR * DefaultVal ) ;
*/
//---------------------------------------------------------------------------
// EXPORTED FUNCTIONS
//---------------------------------------------------------------------------
PCHAR PacketGetVersion ( ) ;
PCHAR PacketGetDriverVersion ( ) ;
BOOLEAN PacketSetMinToCopy ( LPADAPTER AdapterObject , int nbytes ) ;
BOOLEAN PacketSetNumWrites ( LPADAPTER AdapterObject , int nwrites ) ;
BOOLEAN PacketSetMode ( LPADAPTER AdapterObject , int mode ) ;
BOOLEAN PacketSetReadTimeout ( LPADAPTER AdapterObject , int timeout ) ;
BOOLEAN PacketSetBpf ( LPADAPTER AdapterObject , struct bpf_program * fp ) ;
BOOLEAN PacketSetLoopbackBehavior ( LPADAPTER AdapterObject , UINT LoopbackBehavior ) ;
INT PacketSetSnapLen ( LPADAPTER AdapterObject , int snaplen ) ;
BOOLEAN PacketGetStats ( LPADAPTER AdapterObject , struct bpf_stat * s ) ;
BOOLEAN PacketGetStatsEx ( LPADAPTER AdapterObject , struct bpf_stat * s ) ;
BOOLEAN PacketSetBuff ( LPADAPTER AdapterObject , int dim ) ;
BOOLEAN PacketGetNetType ( LPADAPTER AdapterObject , NetType * type ) ;
LPADAPTER PacketOpenAdapter ( PCHAR AdapterName ) ;
BOOLEAN PacketSendPacket ( LPADAPTER AdapterObject , LPPACKET pPacket , BOOLEAN Sync ) ;
INT PacketSendPackets ( LPADAPTER AdapterObject , PVOID PacketBuff , ULONG Size , BOOLEAN Sync ) ;
LPPACKET PacketAllocatePacket ( void ) ;
VOID PacketInitPacket ( LPPACKET lpPacket , PVOID Buffer , UINT Length ) ;
VOID PacketFreePacket ( LPPACKET lpPacket ) ;
BOOLEAN PacketReceivePacket ( LPADAPTER AdapterObject , LPPACKET lpPacket , BOOLEAN Sync ) ;
BOOLEAN PacketSetHwFilter ( LPADAPTER AdapterObject , ULONG Filter ) ;
BOOLEAN PacketGetAdapterNames ( PTSTR pStr , PULONG BufferSize ) ;
BOOLEAN PacketGetNetInfoEx ( PCHAR AdapterName , npf_if_addr * buffer , PLONG NEntries ) ;
BOOLEAN PacketRequest ( LPADAPTER AdapterObject , BOOLEAN Set , PPACKET_OID_DATA OidData ) ;
HANDLE PacketGetReadEvent ( LPADAPTER AdapterObject ) ;
BOOLEAN PacketSetDumpName ( LPADAPTER AdapterObject , void * name , int len ) ;
BOOLEAN PacketSetDumpLimits ( LPADAPTER AdapterObject , UINT maxfilesize , UINT maxnpacks ) ;
BOOLEAN PacketIsDumpEnded ( LPADAPTER AdapterObject , BOOLEAN sync ) ;
BOOL PacketStopDriver ( ) ;
VOID PacketCloseAdapter ( LPADAPTER lpAdapter ) ;
BOOLEAN PacketStartOem ( PCHAR errorString , UINT errorStringLength ) ;
BOOLEAN PacketStartOemEx ( PCHAR errorString , UINT errorStringLength , ULONG flags ) ;
PAirpcapHandle PacketGetAirPcapHandle ( LPADAPTER AdapterObject ) ;
//
// Used by PacketStartOemEx
//
# define PACKET_START_OEM_NO_NETMON 0x00000001
# ifdef __cplusplus
}
# endif
# endif //__PACKET32
