Typedefs | |
typedef void(* | pcap_handler )(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) |
Prototype of the callback function that receives the packets. | |
Functions | |
pcap_t * | pcap_open_live (char *device, int snaplen, int promisc, int to_ms, char *ebuf) |
Deprecated | |
pcap_t * | pcap_open_dead (int linktype, int snaplen) |
Deprecated | |
pcap_t * | pcap_open_offline (const char *fname, char *errbuf) |
Deprecated | |
pcap_dumper_t * | pcap_dump_open (pcap_t *p, const char *fname) |
Opens a file to write the network traffic. | |
int | pcap_setnonblock (pcap_t *p, int nonblock, char *errbuf) |
Switches between blocking and nonblocking mode. | |
int | pcap_getnonblock (pcap_t *p, char *errbuf) |
Gets the "non-blocking" state of an interface. | |
int | pcap_findalldevs (pcap_if_t **alldevsp, char *errbuf) |
Deprecated | |
void | pcap_freealldevs (pcap_if_t *alldevsp) |
Frees an interface list returned by pcap_findalldevs(). | |
char * | pcap_lookupdev (char *errbuf) |
Deprecated | |
int | pcap_lookupnet (char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, char *errbuf) |
Deprecated | |
int | pcap_dispatch (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
Deprecated | |
int | pcap_loop (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
Deprecated | |
void | pcap_dump (u_char *user, const struct pcap_pkthdr *h, const u_char *sp) |
Saves a packet to disk. | |
int | pcap_compile (pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) |
Compiles a packet filter. Converts an high level filtering expression (see Filtering expression syntax ) in a program that can be interpreted by the kernel-level filtering engine. | |
int | pcap_compile_nopcap (int snaplen_arg, int linktype_arg, struct bpf_program *program, char *buf, int optimize, bpf_u_int32 mask) |
Compiles a packet filter without the need of opening an adapter. Converts an high level filtering expression (see Filtering expression syntax ) in a program that can be interpreted by the kernel-level filtering engine. | |
int | pcap_setfilter (pcap_t *p, struct bpf_program *fp) |
Associates a filter to a capture. | |
void | pcap_freecode (struct bpf_program *fp) |
Frees a filter. | |
u_char * | pcap_next (pcap_t *p, struct pcap_pkthdr *h) |
Discouraged, use pcap_next_ex() instead. Returns the next available packet. | |
int | pcap_datalink (pcap_t *p) |
Returns the link layer of an adapter. | |
int | pcap_snapshot (pcap_t *p) |
Returns the dimension of the packet portion (in bytes) that is delivered to the application. | |
int | pcap_is_swapped (pcap_t *p) |
returns true if the current savefile uses a different byte order than the current system. | |
int | pcap_major_version (pcap_t *p) |
returns the major version number of the pcap library used to write the savefile. | |
int | pcap_minor_version (pcap_t *p) |
returns the minor version number of the pcap library used to write the savefile. | |
int | pcap_stats (pcap_t *p, struct pcap_stat *ps) |
Discouraged, Use pcap_stats_ex() instead. Returns statistics on current capture. | |
FILE * | pcap_file (pcap_t *p) |
Discouraged, use pcap_dump() instead. Returns the stdio stream of an offile capture. | |
int | pcap_fileno (pcap_t *p) |
Discouraged: it returns the file descriptor of a capture device. | |
void | pcap_perror (pcap_t *p, char *prefix) |
prints the text of the last pcap library error on stderr, prefixed by prefix. | |
char * | pcap_geterr (pcap_t *p) |
returns the error text pertaining to the last pcap library error. | |
char * | pcap_strerror (int error) |
pcap_strerror() is provided in case strerror() isn't available. | |
fn void | pcap_close (pcap_t *p) |
closes the files associated with p and deallocates resources. | |
fn void | pcap_dump_close (pcap_dumper_t *p) |
pcap_dump_close() closes the "savefile". | |
fn int | pcap_setbuff (pcap_t *p, int dim) |
Win32 Specific. Sets the size of the kernel buffer associated with an adapter. | |
int | pcap_setmode (pcap_t *p, int mode) |
Win32 Specific. Sets the working mode of the interface p to mode. | |
int | pcap_sendpacket (pcap_t *p, u_char *buf, int size) |
Win32 Specific. Sends a raw packet. | |
int | pcap_setmintocopy (pcap_t *p, int size) |
Win32 Specific. Sets the minumum amount of data received by the kernel in a single call. | |
HANDLE | pcap_getevent (pcap_t *p) |
Win32 Specific. Returns the handle of the event associated with the interface p. | |
pcap_send_queue * | pcap_sendqueue_alloc (u_int memsize) |
Win32 Specific. Allocate a send queue. | |
void | pcap_sendqueue_destroy (pcap_send_queue *queue) |
Win32 Specific. Destroy a send queue. | |
int | pcap_sendqueue_queue (pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) |
Win32 Specific. Add a packet to a send queue. | |
u_int | pcap_sendqueue_transmit (pcap_t *p, pcap_send_queue *queue, int sync) |
Win32 Specific. Sends a queue of raw packets to the network. | |
int | pcap_next_ex (pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data) |
Read a packet from an interface or from an offline capture. | |
int | pcap_live_dump (pcap_t *p, char *filename, int maxsize, int maxpacks) |
Win32 Specific. Saves a capture to file. | |
int | pcap_live_dump_ended (pcap_t *p, int sync) |
Win32 Specific. Returns the status of the kernel dump process, i.e. tells if one of the limits defined with pcap_live_dump() has been reached. | |
pcap_stat * | pcap_stats_ex (pcap_t *p, int *pcap_stat_size) |
Win32 Specific. Returns statistics on current capture. | |
bool | pcap_offline_filter (struct bpf_program *prog, const struct pcap_pkthdr *header, const u_char *pkt_data) |
Win32 Specific. It returns if a given filter applies to an offline packet. | |
int | pcap_findalldevs_ex (char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) |
It creates a list of network devices that can be opened with pcap_open(). | |
int | pcap_createsrcstr (char *source, int type, const char *host, const char *port, const char *name, char *errbuf) |
Accepts a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). | |
int | pcap_parsesrcstr (const char *source, int *type, char *host, char *port, char *name, char *errbuf) |
Parses the source string and returns the pieces in which the source can be split. | |
pcap_t * | pcap_open (const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf) |
It opens a generic source in order to capture / send (WinPcap only) traffic. | |
pcap_samp * | pcap_setsampling (pcap_t *p) |
It defines a sampling method for packet capture. | |
SOCKET | pcap_remoteact_accept (const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf) |
It blocks until a network connection is accepted (active mode only). | |
int | pcap_remoteact_close (const char *host, char *errbuf) |
It drops an active connection (active mode only). | |
void | pcap_remoteact_cleanup () |
Cleans the socket that is currently used in waiting active connections. | |
int | pcap_remoteact_list (char *hostlist, char sep, int size, char *errbuf) |
Returns the hostname of the host that have an active connection with us (active mode only). |
|
Prototype of the callback function that receives the packets. When pcap_dispatch() or pcap_loop() are called by the user, the packets are passed to the application by means of this callback. user is a user-defined parameter that contains the state of the capture session, it corresponds to the user parameter of pcap_dispatch() and pcap_loop(). pkt_header is the header associated by the capture driver to the packet. It is NOT a protocol header. pkt_data points to the data of the packet, including the protocol headers. Definition at line 792 of file funcs/pcap.h. |
|
closes the files associated with p and deallocates resources.
Definition at line 657 of file pcap.c. References PacketCloseAdapter(), pcap_close_remote(), and pcap_freecode(). Referenced by add_or_find_if(), daemon_endcapture(), daemon_opensource(), daemon_serviceloop(), daemon_startcapture(), pcap_compile_nopcap(), pcap_findalldevs_ex(), pcap_opensource_remote(), and pcap_startcapture_remote(). |
|
Compiles a packet filter. Converts an high level filtering expression (see Filtering expression syntax ) in a program that can be interpreted by the kernel-level filtering engine. pcap_compile() is used to compile the string str into a filter program. program is a pointer to a bpf_program struct and is filled in by pcap_compile(). optimize controls whether optimization on the resulting code is performed. netmask specifies the netmask of the local net. A return of -1 indicates an error in which case pcap_geterr() may be used to display the error text.
Definition at line 310 of file gencode.c. References bpf_program::bf_insns, bpf_program::bf_len, bpf_error(), bpf_pcap, freechunks(), gen_retblk(), init_linktype(), mask, no_optimize, pcap_datalink(), pcap_snapshot(), root, snaplen, snprintf, and syntax(). Referenced by daemon_unpackapplyfilter(), main(), and pcap_compile_nopcap(). |
|
Compiles a packet filter without the need of opening an adapter. Converts an high level filtering expression (see Filtering expression syntax ) in a program that can be interpreted by the kernel-level filtering engine. pcap_compile_nopcap() is similar to pcap_compile() except that instead of passing a pcap structure, one passes the snaplen and linktype explicitly. It is intended to be used for compiling filters for direct BPF usage, without necessarily having called pcap_open(). A return of -1 indicates an error; the error text is unavailable. (pcap_compile_nopcap() is a wrapper around pcap_open_dead(), pcap_compile(), and pcap_close(); the latter three routines can be used directly in order to get the error text for a compilation error.) Look at the Filtering expression syntax section for details on the str parameter.
Definition at line 364 of file gencode.c. References pcap_close(), pcap_compile(), pcap_open_dead(), and pcap_t. |
|
Accepts a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). This function is provided in order to help the user creating the source string according to the new format. An unique source string is used in order to make easy for old applications to use the remote facilities. Think about tcpdump, for example, which has only one way to specify the interface on which the capture has to be started. However, GUI-based programs can find more useful to specify hostname, port and interface name separately. In that case, they can use this function to create the source string before passing it to the pcap_open() function.
Definition at line 753 of file pcap-new.c. References PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, PCAP_SRC_IFREMOTE, and snprintf. Referenced by pcap_findalldevs_ex(). |
|
Returns the link layer of an adapter. pcap_datalink() returns the link layer type; link layer types it can return include:
Definition at line 209 of file pcap.c. Referenced by pcap_compile(). |
|
Deprecated
pcap_dispatch() is used to collect and process packets. cnt specifies the maximum number of packets to process before returning. This is not a minimum number; when reading a live capture, only one bufferful of packets is read at a time, so fewer than cnt packets may be processed. A cnt of -1 processes all the packets received in one buffer when reading a live capture, or all the packets in the file when reading a "savefile". callback specifies a routine to be called with three arguments: a u_char pointer which is passed in from pcap_dispatch(), a pointer packet data. The number of packets read is returned. 0 is returned if no packets were read from a live capture (if, for example, they were discarded because they didn't pass the packet filter, or if, on platforms that support a read timeout that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode and no packets were available to be read) or if no more packets are available in a "savefile." A return of -1 indicates an error in which case pcap_perror() or pcap_geterr() may be used to display the error text.
Definition at line 69 of file pcap.c. References pcap_offline_read(), and pcap_read(). Referenced by pcap_next(). |
|
Saves a packet to disk. pcap_dump() outputs a packet to the "savefile" opened with pcap_dump_open(). Note that its calling arguments are suitable for use with pcap_dispatch() or pcap_loop(). If called directly, the user parameter is of type pcap_dumper_t as returned by pcap_dump_open().
Definition at line 650 of file savefile.c. References pcap_pkthdr::caplen, pcap_pkthdr::len, and pcap_pkthdr::ts. Referenced by main(). |
|
pcap_dump_close() closes the "savefile".
Definition at line 715 of file savefile.c. |
|
Opens a file to write the network traffic. pcap_dump_open() is called to open a "savefile" for writing. fname is the name of the file to open. The name "-" in a synonym for stdout. If NULL is returned, pcap_geterr() can be used to get the error text.
Definition at line 669 of file savefile.c. References dlt_to_linktype(), pcap_dumper_t, pcap_strerror(), sf_write_header(), and snprintf. Referenced by main(). |
|
Discouraged, use pcap_dump() instead. pcap_file() returns the standard I/O stream of the "savefile", if a "savefile" was opened with pcap_open_offline(), or NULL, if a network device was opened with pcap_open_live().
|
|
Discouraged: it returns the file descriptor of a capture device. pcap_fileno() returns the file descriptor number from which captured packets are read, if a network device was opened with pcap_open_live(), or -1, if a "savefile" was opened with pcap_open_offline().
|
|
Deprecated
pcap_findalldevs() constructs a list of network devices that can be opened with pcap_open_live(). (Note that there may be network devices that cannot be opened with pcap_open_live() by the process calling pcap_findalldevs(), because, for example, that process might not have sufficient privileges to open them for capturing; if so, those devices will not appear on the list.) alldevsp is set to point to the first element of the list; each element of the list is of type pcap_if_t.
Referenced by daemon_findalldevs(), main(), and pcap_findalldevs_ex(). |
|
It creates a list of network devices that can be opened with pcap_open(). This function is a superset of the old 'pcap_findalldevs()', which is obsolete, and which allows listing only the devices present on the local machine. Vice versa, pcap_findalldevs_ex() allows listing the devices present on a remote machine as well. Additionally, it can list all the pcap files available into a given folder. Moreover, pcap_findalldevs_ex() is platform independent, since it relies on the standard pcap_findalldevs() to get addresses on the local machine. In case the function has to list the interfaces on a remote machine, it opens a new control connection toward that machine, it retrieves the interfaces, and it drops the connection. However, if this function detects that the remote machine is in 'active' mode, the connection is not dropped and the existing socket is used. The 'source' is a parameter that tells the function where the lookup has to be done and it uses the same syntax of the pcap_open(). Differently from the pcap_findalldevs(), the interface names (pointed by the alldevs->name and the other ones in the linked list) are already ready to be used in the pcap_open() call. Vice versa, the output that comes from pcap_findalldevs() must be formatted with the new pcap_createsrcstr() before passing the source identifier to the pcap_open().
Definition at line 147 of file pcap-new.c. References pcap_addr::addr, pcap_addr::broadaddr, pcap_if::description, pcap_addr::dstaddr, host, pcap_if::name, pcap_addr::netmask, pcap_if::next, pcap_addr::next, PCAP_BUF_SIZE, pcap_close(), pcap_createsrcstr(), pcap_findalldevs(), pcap_open_offline(), pcap_parsesrcstr(), PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, pcap_strerror(), pcap_t, port, rpcap_checkmsg(), rpcap_createhdr(), rpcap_deseraddr(), RPCAP_MSG_ERROR, RPCAP_MSG_FINDALLIF_REPLY, rpcap_remoteact_getsock(), rpcap_sendauth(), snprintf, sock_cleanup(), sock_close(), sock_discard(), sock_init(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), and SOCKET. |
|
Frees an interface list returned by pcap_findalldevs(). pcap_freealldevs() is used to free a list allocated by pcap_findalldevs().
Definition at line 426 of file inet.c. References pcap_addr::addr, pcap_if::addresses, pcap_addr::broadaddr, pcap_if::description, pcap_addr::dstaddr, pcap_if::name, pcap_addr::netmask, pcap_if::next, and pcap_addr::next. Referenced by daemon_findalldevs(), and main(). |
|
Frees a filter. pcap_freecode() is used to free up allocated memory pointed to by a bpf_program struct generated by pcap_compile() when that BPF program is no longer needed, for example after it has been made the filter program for a pcap structure by a call to pcap_setfilter().
Definition at line 384 of file gencode.c. References bpf_program::bf_insns, and bpf_program::bf_len. Referenced by pcap_close(). |
|
returns the error text pertaining to the last pcap library error.
Definition at line 491 of file pcap.c. Referenced by bpf_error(), and daemon_thrdatamain(). |
|
Win32 Specific. Returns the handle of the event associated with the interface p. This event can be passed to functions like WaitForSingleObject() or WaitForMultipleObjects() to wait until the driver's buffer contains some data without performing a read.
Definition at line 42 of file Win32-Extensions.c. |
|
Gets the "non-blocking" state of an interface. pcap_getnonblock() returns the current "non-blocking" state of the capture descriptor; it always returns 0 on "savefiles". If there is an error, -1 is returned and errbuf is filled in with an appropriate error message.
Definition at line 502 of file pcap.c. References pcap_strerror(), and snprintf. |
|
returns true if the current savefile uses a different byte order than the current system.
|
|
Win32 Specific. Saves a capture to file. pcap_live_dump() dumps the network traffic from an interface to a file. Using this function the dump is performed at kernel level, therefore it is more efficient than using pcap_dump(). The parameters of this function are an interface descriptor (obtained with pcap_open_live()), a string with the name of the dump file, the maximum size of the file (in bytes) and the maximum number of packets that the file will contain. Setting maxsize or maxpacks to 0 means no limit. When maxsize or maxpacks are reached, the dump ends. pcap_live_dump() is non-blocking, threfore it returns immediately. pcap_live_dump_ended() can be used to check the status of the dump process or to wait until it is finished. pcap_close() can instead be used to end the dump process. Note that when one of the two limits is reached, the dump is stopped, but the file remains opened. In order to correctly flush the data and put the file in a consistent state, the adapter must be closed with pcap_close().
Definition at line 311 of file Win32-Extensions.c. |
|
Win32 Specific. Returns the status of the kernel dump process, i.e. tells if one of the limits defined with pcap_live_dump() has been reached. pcap_live_dump_ended() informs the user about the limits that were set with a previous call to pcap_live_dump() on the interface pointed by p: if the return value is nonzero, one of the limits has been reched and the dump process is currently stopped. If sync is nonzero, the function blocks until the dump is finished, otherwise it returns immediately.
Definition at line 342 of file Win32-Extensions.c. |
|
Deprecated
pcap_lookupdev() returns a pointer to a network device suitable for use with pcap_open_live() and pcap_lookupnet(). If there is an error, NULL is returned and errbuf is filled in with an appropriate error message.
|
|
Deprecated
pcap_lookupnet() is used to determine the network number and mask associated with the network device device. Both netp and maskp are bpf_u_int32 pointers. A return of -1 indicates an error in which case errbuf is filled in with an appropriate error message.
|
|
Deprecated
pcap_loop() is similar to pcap_dispatch() except it keeps reading packets until cnt packets are processed or an error occurs. It does not return when live read timeouts occur. Rather, specifying a non-zero read timeout to pcap_open_live() and then calling pcap_dispatch() allows the reception and processing of any packets that arrive when the timeout occurs. A negative cnt causes pcap_loop() to loop forever (or at least until an error occur s).
Definition at line 78 of file pcap.c. References n, pcap_offline_read(), and pcap_read(). Referenced by main(). |
|
returns the major version number of the pcap library used to write the savefile.
|
|
returns the minor version number of the pcap library used to write the savefile.
|
|
Discouraged, use pcap_next_ex() instead. pcap_next() reads the next packet (by calling pcap_dispatch() with a cnt of 1) and returns a u_char pointer to the data in that packet. (The pcap_pkthdr struct for that packet is not supplied.)
Definition at line 119 of file pcap.c. References singleton::hdr, pcap_dispatch(), and singleton::pkt. |
|
Read a packet from an interface or from an offline capture. This function is used to retrieve the next available packet, bypassing the callback method traditionally provided by libpcap. pcap_next_ex fills the pkt_header and pkt_data parameters (see pcap_handler()) with the pointers to the header and to the data of the next captured packet. The return value can be:
Definition at line 148 of file pcap.c. References pkt_for_fakecallback::hdr, pcap_offline_read(), pcap_read(), pcap_read_nocb_remote(), pcap_startcapture_remote(), and pkt_for_fakecallback::pkt. Referenced by daemon_thrdatamain(), and main(). |
|
Win32 Specific. It returns if a given filter applies to an offline packet. This function is used to apply a filter to a packet that is currently in memory. This process does not need to open an adapter; we need just to create the proper filter (by settings parameters like the snapshot length, or the link-layer type) by means of the pcap_compile_nopcap(). The current API of libpcap does not allow to receive a packet and to filter the packet after it has been received. However, this can be useful in case you want to filter packets in the application, instead of into the receiving process. This function allows you to do the job.
Definition at line 355 of file Win32-Extensions.c. |
|
It opens a generic source in order to capture / send (WinPcap only) traffic. The pcap_open() replaces all the pcap_open_xxx() functions with a single call. This function hides the differences between the different pcap_open_xxx() functions so that the programmer does not have to manage different opening function. In this way, the 'true' open function is decided according to the source type, which is included into the source string (in the form of source prefix). This function can rely on the pcap_createsrcstr() to create the string that keeps the capture device according to the new syntax, and the pcap_parsesrcstr() for the other way round.
Definition at line 1102 of file pcap-new.c. References host, PCAP_BUF_SIZE, pcap_open_live(), pcap_open_offline(), pcap_opensource_remote(), pcap_parsesrcstr(), PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, PCAP_SRC_IFREMOTE, pcap_t, port, and snprintf. Referenced by daemon_opensource(), daemon_startcapture(), and main(). |
|
Deprecated
pcap_open_dead() is used for creating a pcap_t structure to use when calling the other functions in libpcap. It is typically used when just using libpcap for compiling BPF code.
Definition at line 638 of file pcap.c. References pcap_t. Referenced by pcap_compile_nopcap(). |
|
Deprecated
|
|
Deprecated
pcap_open_offline() is called to open a "savefile" for reading. fname specifies the name of the file to open. The file has the same format as those used by tcpdump(1) and tcpslice(1). The name "-" in a synonym for stdin. errbuf is used to return error text and is only set when pcap_open_offline() fails and returns NULL.
Definition at line 387 of file savefile.c. References bpf_u_int32, linktype_to_dlt(), PATCHED_TCPDUMP_MAGIC, pcap_fddipad, pcap_strerror(), pcap_t, PCAP_VERSION_MAJOR, snprintf, swap_hdr(), and TCPDUMP_MAGIC. Referenced by pcap_findalldevs_ex(), and pcap_open(). |
|
Parses the source string and returns the pieces in which the source can be split. This call is the other way round of pcap_createsrcstr(). It accepts a null-terminated string and it returns the parameters related to the source. This includes:
The user can omit some parameters in case it is not interested in them.
Definition at line 885 of file pcap-new.c. References host, PCAP_BUF_SIZE, PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, PCAP_SRC_IFREMOTE, port, and snprintf. Referenced by pcap_findalldevs_ex(), pcap_open(), pcap_open_live(), and pcap_opensource_remote(). |
|
prints the text of the last pcap library error on stderr, prefixed by prefix.
|
|
It blocks until a network connection is accepted (active mode only). This function has been defined to allow the client dealing with the 'active mode'. In other words, in the 'active mode' the server opens the connection toward the client, so that the client has to open a socket in order to wait for connections. When a new connection is accepted, the RPCAP protocol starts as usual; the only difference is that the connection is initiated by the server. This function accepts only ONE connection, then it closes the waiting socket. This means that if some error occurs, the application has to call it again in order to accept another connection. This function returns when a new connection (coming from a valid host 'connectinghost') is accepted; it returns error otherwise.
Definition at line 1237 of file pcap-new.c. References activeHosts, activehosts::host, activehosts::next, pcap_strerror(), port, rpcap_sendauth(), rpcap_senderror(), snprintf, SOCK_ASSERT, sock_check_hostlist(), sock_close(), sock_cmpaddr(), sock_geterror(), sock_init(), sock_initaddress(), sock_open(), activehosts::sockctrl, SOCKET, and sockmain. |
|
Cleans the socket that is currently used in waiting active connections. This function does a very dirty job. The fact is that is the waiting socket is not freed if the pcap_remoteaccept() is killed inside a new thread. This function is able to clean the socket in order to allow the next calls to pcap_remoteact_accept() to work. This function is useful *only* if you launch pcap_remoteact_accept() inside a new thread, and you stops (not very gracefully) the thread (for example because the user changed idea, and it does no longer want to wait for an active connection). So, basically, the flow should be the following:
This function has no effects in other cases.
Definition at line 1489 of file pcap-new.c. References sock_cleanup(). |
|
It drops an active connection (active mode only). This function has been defined to allow the client dealing with the 'active mode'. This function closes an active connection that is still in place and it purges the host name from the 'activeHost' list. From this point on, the client will not have any connection with that host in place.
Definition at line 1391 of file pcap-new.c. References activeHosts, activehosts::host, activehosts::next, rpcap_createhdr(), snprintf, sock_cleanup(), sock_close(), sock_cmpaddr(), sock_send(), and activehosts::sockctrl. |
|
Returns the hostname of the host that have an active connection with us (active mode only). This function has been defined to allow the client dealing with the 'active mode'. This function returns the list of hosts that are currently having an active connection with us. This function is useful in order to delete an active connection that is still in place.
Definition at line 1526 of file pcap-new.c. References activeHosts, activehosts::host, hostlist, activehosts::next, RPCAP_HOSTLIST_SIZE, size, snprintf, and sock_getascii_addrport(). |
|
Win32 Specific. Sends a raw packet. This function allows to send a raw packet to the network. p is the interface that will be used to send the packet, buf contains the data of the packet to send (including the various protocol headers), size is the dimension of the buffer pointed by buf, i.e. the size of the packet to send. The MAC CRC doesn't need to be included, because it is transparently calculated and added by the network interface driver. The return value is 0 if the packet is succesfully sent, -1 otherwise.
Definition at line 337 of file Pcap-win32.c. References PacketAllocatePacket(), PacketFreePacket(), PacketInitPacket(), PacketSendPacket(), and snprintf. |
|
Win32 Specific. Allocate a send queue. This function allocates a send queue, i.e. a buffer containing a set of raw packets that will be transimtted on the network with pcap_sendqueue_transmit(). memsize is the size, in bytes, of the queue, therefore it determines the maximum amount of data that the queue will contain. Use pcap_sendqueue_queue() to insert packets in the queue.
Definition at line 82 of file Win32-Extensions.c. |
|
Win32 Specific. Destroy a send queue. Deletes a send queue and frees all the memory associated with it.
Definition at line 107 of file Win32-Extensions.c. |
|
Win32 Specific. Add a packet to a send queue. pcap_sendqueue_queue() adds a packet at the end of the send queue pointed by the queue parameter. pkt_header points to a pcap_pkthdr structure with the timestamp and the length of the packet, pkt_data points to a buffer with the data of the packet. The pcap_pkthdr structure is the same used by WinPcap and libpcap to store the packets in a file, therefore sending a capture file is straightforward. 'Raw packet' means that the sending application will have to include the protocol headers, since every packet is sent to the network 'as is'. The CRC of the packets needs not to be calculated, because it will be transparently added by the network interface.
Definition at line 114 of file Win32-Extensions.c. |
|
Win32 Specific. Sends a queue of raw packets to the network. This function transmits the content of a queue to the wire. p is a pointer to the adapter on which the packets will be sent, queue points to a pcap_send_queue structure containing the packets to send (see pcap_sendqueue_alloc() and pcap_sendqueue_queue()), sync determines if the send operation must be synchronized: if it is non-zero, the packets are sent respecting the timestamps, otherwise they are sent as fast as possible. The return value is the amount of bytes actually sent. If it is smaller than the size parameter, an error occurred during the send. The error can be caused by a driver/adapter problem or by an inconsistent/bogus send queue.
Definition at line 133 of file Win32-Extensions.c. |
|
Win32 Specific. Sets the size of the kernel buffer associated with an adapter. dim specifies the size of the buffer in bytes. The return value is 0 when the call succeeds, -1 otherwise. If an old buffer was already created with a previous call to pcap_setbuff(), it is deleted and its content is discarded. pcap_open_live() creates a 1 MByte buffer by default.
Definition at line 359 of file Pcap-win32.c. References PacketSetBuff(), and snprintf. |
|
Associates a filter to a capture. pcap_setfilter() is used to specify a filter program. fp is a pointer to a bpf_program struct, usually the result of a call to pcap_compile(). -1 is returned on failure, in which case pcap_geterr() may be used to display the error text; 0 is returned on success.
Definition at line 292 of file Pcap-win32.c. References PacketSetBpf(), pcap_setfilter_remote(), pcap_win32strerror(), and snprintf. Referenced by daemon_unpackapplyfilter(), and main(). |
|
Win32 Specific. Sets the minumum amount of data received by the kernel in a single call. pcap_setmintocopy() changes the minimum amount of data in the kernel buffer that causes a read from the application to return (unless the timeout expires). If the value of size is large, the kernel is forced to wait the arrival of several packets before copying the data to the user. This guarantees a low number of system calls, i.e. low processor usage, and is a good setting for applications like packet-sniffers and protocol analyzers. Vice versa, in presence of a small value for this variable, the kernel will copy the packets as soon as the application is ready to receive them. This is useful for real time applications that need the best responsiveness from the kernel.
Definition at line 385 of file Pcap-win32.c. References PacketSetMinToCopy(), and snprintf. |
|
Win32 Specific. Sets the working mode of the interface p to mode. Valid values for mode are MODE_CAPT (default capture mode) and MODE_STAT (statistical mode). See the tutorial "Gathering Statistics on the network traffic " for details about statistical mode. Definition at line 318 of file Pcap-win32.c. References PacketSetMode(), and snprintf. |
|
Switches between blocking and nonblocking mode. pcap_setnonblock() puts a capture descriptor, opened with pcap_open_live(), into "non-blocking" mode, or takes it out of "non-blocking" mode, depending on whether the nonblock argument is non-zero or zero. It has no effect on "savefiles". If there is an error, -1 is returned and errbuf is filled in with an appropriate error message; otherwise, 0 is returned. In "non-blocking" mode, an attempt to read from the capture descriptor with pcap_dispatch() will, if no packets are currently available to be read, return 0 immediately rather than blocking waiting for packets to arrive. pcap_loop() and pcap_next() will not work in "non-blocking" mode.
Definition at line 532 of file pcap.c. References PacketSetReadTimeout(), pcap_strerror(), pcap_win32strerror(), and snprintf. |
|
It defines a sampling method for packet capture. This function allows applying a sampling method to the packet capture process. The currently sampling methods (and the way to set them) are described into the struct pcap_samp. In other words, the user must set the appropriate parameters into it; these will be applied as soon as the capture starts.
Definition at line 1169 of file pcap-new.c. References pcap_setsampling(), and pcap_t. Referenced by pcap_setsampling(). |
|
Returns the dimension of the packet portion (in bytes) that is delivered to the application. pcap_snapshot() returns the snapshot length specified when pcap_open_live was called.
Definition at line 438 of file pcap.c. Referenced by pcap_compile(). |
|
Discouraged, Use pcap_stats_ex() instead. pcap_stats() returns 0 and fills in a pcap_stat struct. The values represent packet statistics from the start of the run to the time of the call. If there is an error or the underlying packet capture doesn't support packet statistics, -1 is returned and the error text can be obtained with pcap_perror() or pcap_geterr(). pcap_stats() is supported only on live captures, not on "savefiles"; no statistics are stored in "savefiles", so no statistics are available when reading from a "savefile".
Definition at line 60 of file Pcap-win32.c. References PacketGetStats(), pcap_stats_remote(), pcap_win32strerror(), and snprintf. Referenced by daemon_getstats(), and daemon_serviceloop(). |
|
Win32 Specific. Returns statistics on current capture. pcap_stats_ex() extends the pcap_stats() allowing to return more statistical parameters than the old call. One of the advantages of this new call is that the pcap_stat structure is not allocated by the user; instead, it is returned back by the system. This allow to extend the pcap_stat structure without affecting backward compatibility on older applications. These will simply check at the values of the members at the beginning of the structure, while only newest applications are able to read new statistical values, which are appended in tail. To be sure not to read a piece of mamory which has not been allocated by the system, the variable pcap_stat_size will return back the size of the structure pcap_stat allocated by the system.
Definition at line 62 of file Win32-Extensions.c. Referenced by pcap_stats_ex(). |
|
pcap_strerror() is provided in case strerror() isn't available.
Definition at line 621 of file pcap.c. References snprintf. Referenced by add_addr_to_iflist(), add_or_find_if(), daemon_AuthUserPwd(), daemon_checkauth(), daemon_unpackapplyfilter(), main_active(), main_passive(), pcap_dump_open(), pcap_findalldevs_ex(), pcap_getnonblock(), pcap_list_datalinks(), pcap_open_live(), pcap_open_offline(), pcap_opensource_remote(), pcap_remoteact_accept(), pcap_setnonblock(), pcap_startcapture_remote(), and rpcap_deseraddr(). |
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.