Functions | |
int | rpcap_deseraddr (struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf) |
It traslates (i.e. de-serializes) a 'sockaddr_storage' structure from the network byte order to the host byte order. | |
int | pcap_read_nocb_remote (pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data) |
It reads a packet from the network socket. This does not make use of callback (hence the "nocb" string into its name). | |
int | pcap_read_remote (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
It reads a packet from the network socket. | |
void | pcap_close_remote (pcap_t *p) |
It sends a CLOSE command to the capture server. | |
int | pcap_stats_remote (pcap_t *p, struct pcap_stat *ps) |
It retrieves network statistics from the other peer. | |
pcap_stat * | pcap_stats_ex_remote (pcap_t *p) |
It retrieves network statistics from the other peer. | |
pcap_stat * | rpcap_stats_remote (pcap_t *p, struct pcap_stat *ps, int mode) |
It retrieves network statistics from the other peer. | |
pcap_t * | pcap_opensource_remote (const char *source, struct pcap_rmtauth *auth, char *errbuf) |
It opens a remote adapter by opening an RPCAP connection and so on. | |
int | pcap_startcapture_remote (pcap_t *fp) |
It starts a remote capture. | |
int | pcap_updatefilter_remote (pcap_t *fp, struct bpf_program *prog) |
Update a filter on a remote host. | |
int | pcap_setfilter_remote (pcap_t *fp, struct bpf_program *prog) |
Send a filter to a remote host. | |
int | pcap_setsampling_remote (pcap_t *p) |
Set sampling parameters in the remote host. | |
int | rpcap_senderror (SOCKET sock, char *error, unsigned short errcode, char *errbuf) |
It sends a RPCAP error to the other peer. | |
int | rpcap_sendauth (SOCKET sock, struct pcap_rmtauth *auth, char *errbuf) |
Sends the authentication message. | |
void | rpcap_createhdr (struct rpcap_header *header, uint8 type, uint16 value, uint32 length) |
Creates a structure of type rpcap_header. | |
int | rpcap_checkmsg (char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...) |
Checks if the header of the received message is correct. | |
int | rpcap_checkver (SOCKET sock, struct rpcap_header *header, char *errbuf) |
Checks if the version contained into the message is compatible with the one handled by this implementation. | |
int | rpcap_remoteact_getsock (const char *host, char *errbuf) |
It returns the socket currently used for this active connection (active mode only). |
|
It sends a CLOSE command to the capture server. This function is called when the user wants to close a pcap_t adapter. In case we're capturing from the network, it sends a command to the other peer that says 'ok, let's stop capturing'. This function is called automatically when the user calls the pcap_close(). Parameters and return values are exactly the same of the pcap_close().
Definition at line 403 of file pcap-remote.c. References activeHosts, activehosts::next, rpcap_createhdr(), sock_cleanup(), sock_close(), sock_discard(), sock_recv(), sock_send(), and activehosts::sockctrl. Referenced by pcap_close(). |
|
It opens a remote adapter by opening an RPCAP connection and so on. This function does basically the job of pcap_open_live() for a remote interface. In other words, we have a pcap_read for win32, which reads packets from NPF, another for LINUX, and so on. Now, we have a pcap_opensource_remote() as well. The difference, here, is the capture thread does not start until the pcap_startcapture_remote() is called. This is because, in remote capture, we cannot start capturing data as soon ad the 'open adapter' command is sent. Suppose the remote adapter is already overloaded; if we start a capture (which, by default, has a NULL filter) the new traffic can saturate the network. Instead, we want to "open" the adapter, then send a "start capture" command only when we're ready to start the capture. This funtion does this job: it sends a "open adapter" command (according to the RPCAP protocol), but it does not start the capture. Since the other libpcap functions do not share this way of life, we have to make some dirty things in order to make everyting working.
Definition at line 650 of file pcap-remote.c. References host, PCAP_BUF_SIZE, pcap_close(), pcap_parsesrcstr(), PCAP_SRC_IFREMOTE, pcap_strerror(), pcap_t, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_OPEN_REPLY, RPCAP_NETBUF_SIZE, rpcap_remoteact_getsock(), rpcap_sendauth(), snprintf, sock_bufferize(), sock_close(), sock_discard(), sock_init(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), and SOCKET. Referenced by pcap_open(), and pcap_open_live(). |
|
It reads a packet from the network socket. This does not make use of callback (hence the "nocb" string into its name). This function is called by the several pcap_next_ex() when they detect that we have a remote capture and they are the client side. In that case, they need to read packets from the socket. Parameters and return values are exactly the same of the pcap_next_ex().
Definition at line 205 of file pcap-remote.c. References pcap_pkthdr::caplen, PCAP_OPENFLAG_UDP_DP, rpcap_header::plen, rpcap_checkmsg(), RPCAP_MSG_PACKET, RPCAP_NETBUF_SIZE, snprintf, SOCK_ASSERT, sock_discard(), sock_geterror(), and sock_recv(). Referenced by pcap_next_ex(), and pcap_read_remote(). |
|
It reads a packet from the network socket. This function is called by the several pcap_read() when they detect that we have a remote capture and they are the client side. In that case, they need to read packets from the socket. This function relies on the pcap_read_nocb_remote to deliver packets. The difference, here, is that as soon as a packet is read, it is delivered to the application by means of a callback function. Parameters and return values are exactly the same of the pcap_read(). Definition at line 373 of file pcap-remote.c. References n, and pcap_read_nocb_remote(). Referenced by pcap_read(). |
|
Send a filter to a remote host. This function is called when the user wants to set a filter. In case we're capturing from the network, it sends the filter to the other peer. This function is called automatically when the user calls the pcap_setfilter(). Parameters and return values are exactly the same of the pcap_setfilter(). Definition at line 1365 of file pcap-remote.c. References pcap_updatefilter_remote(). Referenced by pcap_setfilter(). |
|
Set sampling parameters in the remote host. This function is called when the user wants to set activate sampling on the remote host. Sampling parameters are defined into the 'pcap_t' structure.
Definition at line 1398 of file pcap-remote.c. References rpcap_sampling::method, PCAP_SAMP_NOSAMP, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_SETSAMPLING_REPLY, RPCAP_NETBUF_SIZE, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), sock_send(), and rpcap_sampling::value. Referenced by pcap_startcapture_remote(). |
|
It starts a remote capture. This function is requires since the RPCAP protocol decouples the 'open' from the 'start capture' functions. This function takes all the parameters needed (which have been stored into the pcap_t structure) and sends them to the server. If everything is fine, it creates a new child thread that reads data from the network and puts data it into the user buffer. The pcap_read() will read data from the user buffer, as usual. The remote capture acts like a new "kernel", which puts packets directly into the buffer pointed by pcap_t. In fact, this function does not rely on a kernel that reads packets and put them into the user buffer; it has to do that on its own.
Definition at line 858 of file pcap-remote.c. References activeHosts, rpcap_startcapreq::flags, host, activehosts::next, PCAP_BUF_SIZE, pcap_close(), PCAP_OPENFLAG_PROMISCUOUS, PCAP_OPENFLAG_UDP_DP, pcap_pack_bpffilter(), pcap_setsampling_remote(), pcap_strerror(), rpcap_startcapreq::portdata, rpcap_startcapreq::read_timeout, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_STARTCAP_REPLY, RPCAP_NETBUF_SIZE, RPCAP_STARTCAPREQ_FLAG_DGRAM, RPCAP_STARTCAPREQ_FLAG_PROMISC, RPCAP_STARTCAPREQ_FLAG_SERVEROPEN, rpcap_startcapreq::snaplen, snprintf, SOCK_ASSERT, sock_bufferize(), sock_close(), sock_discard(), sock_geterror(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), activehosts::sockctrl, and SOCKET. Referenced by pcap_next_ex(), and pcap_read(). |
|
It retrieves network statistics from the other peer. This function is just a void cointainer, since the work is done by the rpcap_stats_remote(). See that funcion for more details. Parameters and return values are exactly the same of the pcap_stats_ex(). Definition at line 492 of file pcap-remote.c. References pcap_stats_ex_remote(), pcap_t, and rpcap_stats_remote(). Referenced by pcap_stats_ex(), and pcap_stats_ex_remote(). |
|
It retrieves network statistics from the other peer. This function is just a void cointainer, since the work is done by the rpcap_stats_remote(). See that funcion for more details. Parameters and return values are exactly the same of the pcap_stats(). Definition at line 469 of file pcap-remote.c. References rpcap_stats_remote(). Referenced by pcap_stats(). |
|
Update a filter on a remote host. This function is called when the user wants to update a filter. In case we're capturing from the network, it sends the filter to the other peer. This function is *not* called automatically when the user calls the pcap_setfilter(). There will be two cases:
Parameters and return values are exactly the same of the pcap_setfilter().
Definition at line 1296 of file pcap-remote.c. References bpf_program::bf_len, pcap_pack_bpffilter(), rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_UPDATEFILTER_REPLY, RPCAP_NETBUF_SIZE, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), and sock_send(). Referenced by pcap_setfilter_remote(). |
|
Checks if the header of the received message is correct. This function is a way to easily check if the message received, in a certain state of the RPCAP protocol Finite State Machine, is valid. This function accepts, as a parameter, the list of message types that are allowed in a certain situation, and it returns the one which occurs.
Definition at line 1746 of file pcap-remote.c. References errbuf, int32, PCAP_ERRBUF_SIZE, rpcap_header::plen, rpcap_checkver(), RPCAP_MSG_ERROR, snprintf, SOCK_ASSERT, sock_discard(), sock_recv(), rpcap_header::type, and uint8. Referenced by daemon_checkauth(), daemon_serviceloop(), pcap_findalldevs_ex(), pcap_opensource_remote(), pcap_read_nocb_remote(), pcap_setsampling_remote(), pcap_startcapture_remote(), pcap_updatefilter_remote(), rpcap_sendauth(), and rpcap_stats_remote(). |
|
Checks if the version contained into the message is compatible with the one handled by this implementation. Right now, this function does not have any sophisticated task: if the versions are different, it returns -1 and it discards the message. It is expected that in the future this message will become more complex.
Definition at line 1845 of file pcap-remote.c. References rpcap_header::plen, RPCAP_VERSION, snprintf, sock_discard(), and rpcap_header::ver. Referenced by rpcap_checkmsg(). |
|
Creates a structure of type rpcap_header. This function is provided just because the creation of an rpcap header is quite a common task. It accepts all the values that appears into an rpcap_header, and it puts them in place using the proper hton() calls.
Definition at line 1691 of file pcap-remote.c. References rpcap_header::plen, RPCAP_VERSION, rpcap_header::type, rpcap_header::value, and rpcap_header::ver. Referenced by daemon_checkauth(), daemon_endcapture(), daemon_findalldevs(), daemon_getstats(), daemon_getstatsnopcap(), daemon_opensource(), daemon_setsampling(), daemon_startcapture(), daemon_thrdatamain(), daemon_updatefilter(), pcap_close_remote(), pcap_findalldevs_ex(), pcap_opensource_remote(), pcap_remoteact_close(), pcap_setsampling_remote(), pcap_startcapture_remote(), pcap_updatefilter_remote(), rpcap_sendauth(), rpcap_senderror(), and rpcap_stats_remote(). |
|
It traslates (i.e. de-serializes) a 'sockaddr_storage' structure from the network byte order to the host byte order. It accepts a 'sockaddr_storage' structure as it is received from the network and it converts it into the host byte order (by means of a set of ntoh() ). The function will allocate the 'sockaddrout' variable according to the address family in use. In case the address does not belong to the AF_INET nor AF_INET6 families, 'sockaddrout' is not allocated and a NULL pointer is returned. This usually happens because that address does not exist on the other host, so the RPCAP daemon sent a 'sockaddr_storage' structure containing all 'zero' values.
Definition at line 135 of file pcap-remote.c. References pcap_strerror(), and snprintf. Referenced by pcap_findalldevs_ex(). |
|
It returns the socket currently used for this active connection (active mode only). This function is just for internal use; it returns the socket ID of the active connection currently opened.
Definition at line 1888 of file pcap-remote.c. References activeHosts, activehosts::host, activehosts::next, snprintf, sock_cmpaddr(), and activehosts::sockctrl. Referenced by pcap_findalldevs_ex(), and pcap_opensource_remote(). |
|
Sends the authentication message. It sends the authentication parameters on the control socket. Ths function is required in order to open the connection with the other end party.
Definition at line 1549 of file pcap-remote.c. References pcap_rmtauth::password, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_AUTH_REPLY, RPCAP_MSG_ERROR, RPCAP_NETBUF_SIZE, RPCAP_RMTAUTH_NULL, RPCAP_RMTAUTH_PWD, rpcap_auth::slen1, rpcap_auth::slen2, snprintf, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), sock_send(), pcap_rmtauth::type, rpcap_auth::type, uint16, and pcap_rmtauth::username. Referenced by pcap_findalldevs_ex(), pcap_opensource_remote(), and pcap_remoteact_accept(). |
|
It sends a RPCAP error to the other peer. This function has to be called when the main program detects an error. This funcion will send on the other peer the 'buffer' specified by the user. This function *does not* request a RPCAP CLOSE connection. A CLOSE command must be sent explicitely by the program, since we do not know it the error can be recovered in some way or it is a non-recoverable one.
Definition at line 1502 of file pcap-remote.c. References PCAP_ERRBUF_SIZE, rpcap_createhdr(), RPCAP_NETBUF_SIZE, sock_bufferize(), sock_send(), and uint16. Referenced by daemon_findalldevs(), daemon_getstats(), daemon_getstatsnopcap(), daemon_opensource(), daemon_serviceloop(), daemon_setsampling(), daemon_startcapture(), daemon_thrdatamain(), daemon_updatefilter(), main_passive(), and pcap_remoteact_accept(). |
|
It retrieves network statistics from the other peer. This function can be called in two modes:
This 'mode' parameter is needed because in the standard pcap_stats() the variable that keeps the statistics is allocated by the user. Unfortunately, this structure has been extended in order to keep new stats. However, if the user has a smaller structure and it passes it to the pcap_stats, thid function will try to fill in more data than the size of the structure, so that the application goes in memory overflow. So, we need to know it we have to copy just the standard fields, or the extended fields as well. In case we want to copy the extended fields as well, the problem of memory overflow does no longer exist because the structure pcap_stat is no longer allocated by the program; it is allocated by the library instead.
Definition at line 530 of file pcap-remote.c. References PCAP_STATS_STANDARD, pcap_t, pcap_stat::ps_drop, pcap_stat::ps_ifdrop, pcap_stat::ps_recv, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_STATS_REPLY, rpcap_stats_remote(), snprintf, sock_discard(), sock_recv(), and sock_send(). Referenced by pcap_stats_ex_remote(), pcap_stats_remote(), and rpcap_stats_remote(). |
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.