};
/*
- * Macros for the value returned by pcap_datalink_ext().
- *
- * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro
- * gives the FCS length of packets in the capture.
+ * Subfields of the field containing the link-layer header type.
+ *
+ * Link-layer header types are assigned for both pcap and
+ * pcapng, and the same value must work with both. In pcapng,
+ * the link-layer header type field in an Interface Description
+ * Block is 16 bits, so only the bottommost 16 bits of the
+ * link-layer header type in a pcap file can be used for the
+ * header type value.
+ *
+ * In libpcap, the upper 16 bits, from the top down, are divided into:
+ *
+ * A 4-bit "FCS length" field, to allow the FCS length to
+ * be specified, just as it can be specified in the if_fcslen
+ * field of the pcapng IDB. The field is in units of 16 bits,
+ * i.e. 1 means 16 bits of FCS, 2 means 32 bits of FCS, etc..
+ *
+ * A reserved bit, which must be zero.
+ *
+ * An "FCS length present" flag; if 0, the "FCS length" field
+ * should be ignored, and if 1, the "FCS length" field should
+ * be used.
+ *
+ * 10 reserved bits, which must be zero. They were originally
+ * intended to be used as a "class" field, allowing additional
+ * classes of link-layer types to be defined, with a class value
+ * of 0 indicating that the link-layer type is a LINKTYPE_ value.
+ * A value of 0x224 was, at one point, used by NetBSD to define
+ * "raw" packet types, with the lower 16 bits containing a
+ * NetBSD AF_ value; see
+ *
+ * https://marc.info/?l=tcpdump-workers&m=98296750229149&w=2
+ *
+ * It's unknown whether those were ever used in capture files,
+ * or if the intent was just to use it as a link-layer type
+ * for BPF programs; NetBSD's libpcap used to support them in
+ * the BPF code generator, but it no longer does so. If it
+ * was ever used in capture files, or if classes other than
+ * "LINKTYPE_ value" are ever useful in capture files, we could
+ * re-enable this, and use the reserved 16 bits following the
+ * link-layer type in pcapng files to hold the class information
+ * there. (Note, BTW, that LINKTYPE_RAW/DLT_RAW is now being
+ * interpreted by libpcap, tcpdump, and Wireshark as "raw IP",
+ * including both IPv4 and IPv6, with the version number in the
+ * header being checked to see which it is, not just "raw IPv4";
+ * there are LINKTYPE_IPV4/DLT_IPV4 and LINKTYPE_IPV6/DLT_IPV6
+ * values if "these are IPv{4,6} and only IPv{4,6} packets"
+ * types are needed.)
+ *
+ * Or we might be able to use it for other purposes.
*/
+#define LT_LINKTYPE(x) ((x) & 0x0000FFFF)
+#define LT_LINKTYPE_EXT(x) ((x) & 0xFFFF0000)
+#define LT_RESERVED1(x) ((x) & 0x03FF0000)
#define LT_FCS_LENGTH_PRESENT(x) ((x) & 0x04000000)
#define LT_FCS_LENGTH(x) (((x) & 0xF0000000) >> 28)
#define LT_FCS_DATALINK_EXT(x) ((((x) & 0xF) << 28) | 0x04000000)
#define PCAP_CHAR_ENC_LOCAL 0x00000000U /* strings are in the local character encoding */
#define PCAP_CHAR_ENC_UTF_8 0x00000001U /* strings are in UTF-8 */
+PCAP_AVAILABLE_1_10
PCAP_API int pcap_init(unsigned int, char *);
/*
* thread-safe, can behave weirdly with WinPcap). Callers
* should use pcap_findalldevs() and use the first device.
*/
+PCAP_AVAILABLE_0_4
PCAP_API char *pcap_lookupdev(char *)
PCAP_DEPRECATED(pcap_lookupdev, "use 'pcap_findalldevs' and use the first device");
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
+PCAP_AVAILABLE_1_0
PCAP_API pcap_t *pcap_create(const char *, char *);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_set_snaplen(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_set_promisc(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_can_set_rfmon(pcap_t *);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_set_rfmon(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_set_timeout(pcap_t *, int);
+
+PCAP_AVAILABLE_1_2
PCAP_API int pcap_set_tstamp_type(pcap_t *, int);
+
+PCAP_AVAILABLE_1_5
PCAP_API int pcap_set_immediate_mode(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_set_buffer_size(pcap_t *, int);
+
+PCAP_AVAILABLE_1_5
PCAP_API int pcap_set_tstamp_precision(pcap_t *, int);
+
+PCAP_AVAILABLE_1_5
PCAP_API int pcap_get_tstamp_precision(pcap_t *);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_activate(pcap_t *);
+PCAP_AVAILABLE_1_2
PCAP_API int pcap_list_tstamp_types(pcap_t *, int **);
+
+PCAP_AVAILABLE_1_2
PCAP_API void pcap_free_tstamp_types(int *);
+
+PCAP_AVAILABLE_1_2
PCAP_API int pcap_tstamp_type_name_to_val(const char *);
+
+PCAP_AVAILABLE_1_2
PCAP_API const char *pcap_tstamp_type_val_to_name(int);
+
+PCAP_AVAILABLE_1_2
PCAP_API const char *pcap_tstamp_type_val_to_description(int);
#ifdef __linux__
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_set_protocol_linux(pcap_t *, int);
#endif
#define PCAP_TSTAMP_PRECISION_MICRO 0 /* use timestamps with microsecond precision, default */
#define PCAP_TSTAMP_PRECISION_NANO 1 /* use timestamps with nanosecond precision */
+PCAP_AVAILABLE_0_4
PCAP_API pcap_t *pcap_open_live(const char *, int, int, int, char *);
+
+PCAP_AVAILABLE_0_6
PCAP_API pcap_t *pcap_open_dead(int, int);
+
+PCAP_AVAILABLE_1_5
PCAP_API pcap_t *pcap_open_dead_with_tstamp_precision(int, int, u_int);
+
+PCAP_AVAILABLE_1_5
PCAP_API pcap_t *pcap_open_offline_with_tstamp_precision(const char *, u_int, char *);
+
+PCAP_AVAILABLE_0_4
PCAP_API pcap_t *pcap_open_offline(const char *, char *);
+
#ifdef _WIN32
+ PCAP_AVAILABLE_1_5
PCAP_API pcap_t *pcap_hopen_offline_with_tstamp_precision(intptr_t, u_int, char *);
+
PCAP_API pcap_t *pcap_hopen_offline(intptr_t, char *);
/*
* If we're building libpcap, these are internal routines in savefile.c,
pcap_hopen_offline(_get_osfhandle(_fileno(f)), b)
#endif
#else /*_WIN32*/
+ PCAP_AVAILABLE_1_5
PCAP_API pcap_t *pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *);
+
+ PCAP_AVAILABLE_0_9
PCAP_API pcap_t *pcap_fopen_offline(FILE *, char *);
#endif /*_WIN32*/
+PCAP_AVAILABLE_0_4
PCAP_API void pcap_close(pcap_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
+
+PCAP_AVAILABLE_0_4
PCAP_API const u_char *pcap_next(pcap_t *, struct pcap_pkthdr *);
+
+PCAP_AVAILABLE_0_8
PCAP_API int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
+
+PCAP_AVAILABLE_0_8
PCAP_API void pcap_breakloop(pcap_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_stats(pcap_t *, struct pcap_stat *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_setfilter(pcap_t *, struct bpf_program *);
+
+PCAP_AVAILABLE_0_9
PCAP_API int pcap_setdirection(pcap_t *, pcap_direction_t);
+
+PCAP_AVAILABLE_0_7
PCAP_API int pcap_getnonblock(pcap_t *, char *);
+
+PCAP_AVAILABLE_0_7
PCAP_API int pcap_setnonblock(pcap_t *, int, char *);
+
+PCAP_AVAILABLE_0_9
PCAP_API int pcap_inject(pcap_t *, const void *, size_t);
+
+PCAP_AVAILABLE_0_8
PCAP_API int pcap_sendpacket(pcap_t *, const u_char *, int);
+
+PCAP_AVAILABLE_1_0
PCAP_API const char *pcap_statustostr(int);
+
+PCAP_AVAILABLE_0_4
PCAP_API const char *pcap_strerror(int);
+
+PCAP_AVAILABLE_0_4
PCAP_API char *pcap_geterr(pcap_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API void pcap_perror(pcap_t *, const char *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
bpf_u_int32);
+
+PCAP_AVAILABLE_0_5
PCAP_API int pcap_compile_nopcap(int, int, struct bpf_program *,
const char *, int, bpf_u_int32);
+
+/* XXX - this took two arguments in 0.4 and 0.5 */
+PCAP_AVAILABLE_0_6
PCAP_API void pcap_freecode(struct bpf_program *);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_offline_filter(const struct bpf_program *,
const struct pcap_pkthdr *, const u_char *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_datalink(pcap_t *);
+
+PCAP_AVAILABLE_1_0
PCAP_API int pcap_datalink_ext(pcap_t *);
+
+PCAP_AVAILABLE_0_8
PCAP_API int pcap_list_datalinks(pcap_t *, int **);
+
+PCAP_AVAILABLE_0_8
PCAP_API int pcap_set_datalink(pcap_t *, int);
+
+PCAP_AVAILABLE_0_8
PCAP_API void pcap_free_datalinks(int *);
+
+PCAP_AVAILABLE_0_8
PCAP_API int pcap_datalink_name_to_val(const char *);
+
+PCAP_AVAILABLE_0_8
PCAP_API const char *pcap_datalink_val_to_name(int);
+
+PCAP_AVAILABLE_0_8
PCAP_API const char *pcap_datalink_val_to_description(int);
+
+PCAP_AVAILABLE_1_10
PCAP_API const char *pcap_datalink_val_to_description_or_dlt(int);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_snapshot(pcap_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_is_swapped(pcap_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_major_version(pcap_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_minor_version(pcap_t *);
+
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_bufsize(pcap_t *);
/* XXX */
+PCAP_AVAILABLE_0_4
PCAP_API FILE *pcap_file(pcap_t *);
+
#ifdef _WIN32
/*
* This probably shouldn't have been kept in WinPcap; most if not all
* with a pcap_t (there's no guarantee that there is one), we can add
* a Windows-only pcap_handle() API that returns the HANDLE.
*/
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_fileno(pcap_t *)
-PCAP_DEPRECATED(pcap_fileno, "use 'pcap_handle'");
+PCAP_DEPRECATED(pcap_fileno, "request a 'pcap_handle' that returns a HANDLE if you need it");
#else /* _WIN32 */
+PCAP_AVAILABLE_0_4
PCAP_API int pcap_fileno(pcap_t *);
#endif /* _WIN32 */
PCAP_API int pcap_wsockinit(void);
#endif
+PCAP_AVAILABLE_0_4
PCAP_API pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
+
#ifdef _WIN32
+ PCAP_AVAILABLE_0_9
PCAP_API pcap_dumper_t *pcap_dump_hopen(pcap_t *, intptr_t);
+
/*
* If we're building libpcap, this is an internal routine in sf-pcap.c, so
* we must not define it as a macro.
pcap_dump_hopen(p, _get_osfhandle(_fileno(f)))
#endif
#else /*_WIN32*/
+ PCAP_AVAILABLE_0_9
PCAP_API pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp);
#endif /*_WIN32*/
+
+PCAP_AVAILABLE_1_7
PCAP_API pcap_dumper_t *pcap_dump_open_append(pcap_t *, const char *);
+
+PCAP_AVAILABLE_0_8
PCAP_API FILE *pcap_dump_file(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_9
PCAP_API long pcap_dump_ftell(pcap_dumper_t *);
+
+PCAP_AVAILABLE_1_9
PCAP_API int64_t pcap_dump_ftell64(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_8
PCAP_API int pcap_dump_flush(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API void pcap_dump_close(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_4
PCAP_API void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
+PCAP_AVAILABLE_0_7
PCAP_API int pcap_findalldevs(pcap_if_t **, char *);
+
+PCAP_AVAILABLE_0_7
PCAP_API void pcap_freealldevs(pcap_if_t *);
/*
*
* On Windows, the string is constructed at run time.
*/
+PCAP_AVAILABLE_0_8
PCAP_API const char *pcap_lib_version(void);
#if defined(_WIN32)
PCAP_API HANDLE pcap_getevent(pcap_t *p);
+ PCAP_AVAILABLE_1_8
PCAP_API int pcap_oid_get_request(pcap_t *, bpf_u_int32, void *, size_t *);
+
+ PCAP_AVAILABLE_1_8
PCAP_API int pcap_oid_set_request(pcap_t *, bpf_u_int32, const void *, size_t *);
PCAP_API pcap_send_queue* pcap_sendqueue_alloc(u_int memsize);
* UN*X definitions
*/
+ PCAP_AVAILABLE_0_8
PCAP_API int pcap_get_selectable_fd(pcap_t *);
+
+ PCAP_AVAILABLE_1_9
PCAP_API const struct timeval *pcap_get_required_select_timeout(pcap_t *);
#endif /* _WIN32/MSDOS/UN*X */
#define PCAP_SRC_IFREMOTE 4 /* interface on a remote host, using RPCAP */
/*
- * The formats allowed by pcap_open() are the following:
+ * The formats allowed by pcap_open() are the following (optional parts in []):
* - file://path_and_filename [opens a local file]
- * - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
- * - rpcap://host/devicename [opens the selected device available on a remote host]
- * - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
+ * - rpcap://devicename [opens the selected device available on the local host, without using the RPCAP protocol]
+ * - rpcap://[username:password@]host[:port]/devicename [opens the selected device available on a remote host]
+ * - username and password, if present, will be used to authenticate to the remote host
+ * - port, if present, will specify a port for RPCAP rather than using the default
* - adaptername [to open a local adapter; kept for compatibility, but it is strongly discouraged]
* - (NULL) [to open the first local adapter; kept for compatibility, but it is strongly discouraged]
*
- * The formats allowed by the pcap_findalldevs_ex() are the following:
+ * The formats allowed by the pcap_findalldevs_ex() are the following (optional parts in []):
* - file://folder/ [lists all the files in the given folder]
* - rpcap:// [lists all local adapters]
- * - rpcap://host:port/ [lists the devices available on a remote host]
+ * - rpcap://[username:password@]host[:port]/ [lists the devices available on a remote host]
+ * - username and password, if present, will be used to authenticate to the remote host
+ * - port, if present, will specify a port for RPCAP rather than using the default
*
* In all the above, "rpcaps://" can be substituted for "rpcap://" to enable
* SSL (if it has been compiled in).
* Here you find some allowed examples:
* - rpcap://host.foo.bar/devicename [everything literal, no port number]
* - rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
+ * - rpcap://root:
[email protected]/devicename [everything literal, with username/password]
* - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
* - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
* - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
* authentication is successful (and the user has the right to open network
* devices) the RPCAP connection will continue; otherwise it will be dropped.
*
- * *******NOTE********: the username and password are sent over the network
- * to the capture server *IN CLEAR TEXT*. Don't use this on a network
- * that you don't completely control! (And be *really* careful in your
- * definition of "completely"!)
+ * *******NOTE********: unless TLS is being used, the username and password
+ * are sent over the network to the capture server *IN CLEAR TEXT*. Don't
+ * use this, without TLS (i.e., with rpcap:// rather than rpcaps://) on
+ * a network that you don't completely control! (And be *really* careful
+ * in your definition of "completely"!)
*/
#define RPCAP_RMTAUTH_PWD 1
* For opening a remote capture, pcap_open() is currently the only
* API available.
*/
+PCAP_AVAILABLE_1_9
PCAP_API pcap_t *pcap_open(const char *source, int snaplen, int flags,
int read_timeout, struct pcap_rmtauth *auth, char *errbuf);
+
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_createsrcstr(char *source, int type, const char *host,
const char *port, const char *name, char *errbuf);
+
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_parsesrcstr(const char *source, int *type, char *host,
char *port, char *name, char *errbuf);
* For listing remote capture devices, pcap_findalldevs_ex() is currently
* the only API available.
*/
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_findalldevs_ex(const char *source,
struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf);
/*
* New functions.
*/
+PCAP_AVAILABLE_1_9
PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p);
/*
/* Maximum length of an host name (needed for the RPCAP active mode) */
#define RPCAP_HOSTLIST_SIZE 1024
+PCAP_AVAILABLE_1_9
PCAP_API SOCKET pcap_remoteact_accept(const char *address, const char *port,
const char *hostlist, char *connectinghost,
struct pcap_rmtauth *auth, char *errbuf);
+
+PCAP_AVAILABLE_1_10
PCAP_API SOCKET pcap_remoteact_accept_ex(const char *address, const char *port,
const char *hostlist, char *connectinghost,
struct pcap_rmtauth *auth, int uses_ssl, char *errbuf);
+
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_remoteact_list(char *hostlist, char sep, int size,
char *errbuf);
+
+PCAP_AVAILABLE_1_9
PCAP_API int pcap_remoteact_close(const char *host, char *errbuf);
+
+PCAP_AVAILABLE_1_9
PCAP_API void pcap_remoteact_cleanup(void);
enum pcap_option_name { /* never renumber this */
projects / libpcap / blobdiff