#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <errno.h>
#include <pcap.h>
#include <pcap-int.h>
#include <pcap-remote.h>
#include <sockutils.h>
Go to the source code of this file.
Defines | |
#define | PCAP_STATS_STANDARD 0 |
#define | PCAP_STATS_EX 1 |
Functions | |
void | rpcap_thrdatamain_stream (void *ptr) |
void | rpcap_thrdatamain_dgram (void *ptr) |
int | rpcap_checkver (SOCKET sock, struct rpcap_header *header, char *errbuf) |
Checks if the version contained into the message is compatible with the one handled by this implementation. | |
pcap_stat * | rpcap_stats_remote (pcap_t *p, struct pcap_stat *ps, int mode) |
It retrieves network statistics from the other peer. | |
int | pcap_pack_bpffilter (pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog) |
Takes a bpf program and sends it to the other host. | |
int | rpcap_deseraddr (struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf) |
It traslates (i.e. de-serializes) a 'sockaddr_storage' structure from the network byte order to the host byte order. | |
int | pcap_read_nocb_remote (pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data) |
It reads a packet from the network socket. This does not make use of callback (hence the "nocb" string into its name). | |
int | pcap_read_remote (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
It reads a packet from the network socket. | |
void | pcap_close_remote (pcap_t *fp) |
It sends a CLOSE command to the capture server. | |
int | pcap_stats_remote (pcap_t *p, struct pcap_stat *ps) |
It retrieves network statistics from the other peer. | |
pcap_stat * | pcap_stats_ex_remote (pcap_t *p) |
It retrieves network statistics from the other peer. | |
pcap_t * | pcap_opensource_remote (const char *source, struct pcap_rmtauth *auth, char *errbuf) |
It opens a remote adapter by opening an RPCAP connection and so on. | |
int | pcap_startcapture_remote (pcap_t *fp) |
It starts a remote capture. | |
int | pcap_updatefilter_remote (pcap_t *fp, struct bpf_program *prog) |
Update a filter on a remote host. | |
int | pcap_setfilter_remote (pcap_t *fp, struct bpf_program *prog) |
Send a filter to a remote host. | |
int | pcap_setsampling_remote (pcap_t *p) |
Set sampling parameters in the remote host. | |
int | rpcap_senderror (SOCKET sock, char *error, unsigned short errcode, char *errbuf) |
It sends a RPCAP error to the other peer. | |
int | rpcap_sendauth (SOCKET sock, struct pcap_rmtauth *auth, char *errbuf) |
Sends the authentication message. | |
void | rpcap_createhdr (struct rpcap_header *header, uint8 type, uint16 value, uint32 length) |
Creates a structure of type rpcap_header. | |
int | rpcap_checkmsg (char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...) |
Checks if the header of the received message is correct. | |
int | rpcap_remoteact_getsock (const char *host, char *errbuf) |
It returns the socket currently used for this active connection (active mode only). | |
Variables | |
char | fakeerrbuf [PCAP_ERRBUF_SIZE+1] |
activehosts * | activeHosts |
Keeps a list of all the opened connections in the active mode. |
This file keeps also the functions that are 'private', i.e. are needed by the RPCAP protocol but are not exported to the user.
Definition in file pcap-remote.c.
|
Used by pcap_stats_remote to see if we want standard or extended statistics Definition at line 66 of file pcap-remote.c. |
|
Used by pcap_stats_remote to see if we want standard or extended statistics Definition at line 65 of file pcap-remote.c. Referenced by rpcap_stats_remote(). |
|
It sends a CLOSE command to the capture server. This function is called when the user wants to close a pcap_t adapter. In case we're capturing from the network, it sends a command to the other peer that says 'ok, let's stop capturing'. This function is called automatically when the user calls the pcap_close(). Parameters and return values are exactly the same of the pcap_close().
Definition at line 403 of file pcap-remote.c. References activeHosts, activehosts::next, rpcap_createhdr(), sock_cleanup(), sock_close(), sock_discard(), sock_recv(), sock_send(), and activehosts::sockctrl. Referenced by pcap_close(). |
|
It opens a remote adapter by opening an RPCAP connection and so on. This function does basically the job of pcap_open_live() for a remote interface. In other words, we have a pcap_read for win32, which reads packets from NPF, another for LINUX, and so on. Now, we have a pcap_opensource_remote() as well. The difference, here, is the capture thread does not start until the pcap_startcapture_remote() is called. This is because, in remote capture, we cannot start capturing data as soon ad the 'open adapter' command is sent. Suppose the remote adapter is already overloaded; if we start a capture (which, by default, has a NULL filter) the new traffic can saturate the network. Instead, we want to "open" the adapter, then send a "start capture" command only when we're ready to start the capture. This funtion does this job: it sends a "open adapter" command (according to the RPCAP protocol), but it does not start the capture. Since the other libpcap functions do not share this way of life, we have to make some dirty things in order to make everyting working.
Definition at line 650 of file pcap-remote.c. References host, PCAP_BUF_SIZE, pcap_close(), pcap_parsesrcstr(), PCAP_SRC_IFREMOTE, pcap_strerror(), pcap_t, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_OPEN_REPLY, RPCAP_NETBUF_SIZE, rpcap_remoteact_getsock(), rpcap_sendauth(), snprintf, sock_bufferize(), sock_close(), sock_discard(), sock_init(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), and SOCKET. Referenced by pcap_open(), and pcap_open_live(). |
|
Takes a bpf program and sends it to the other host. This function can be called in two cases:
This function serializes the filter into the sending buffer ('sendbuf', passed as a parameter) and return back. It does not send anything on the network.
Definition at line 1237 of file pcap-remote.c. References bpf_program::bf_insns, bpf_program::bf_len, rpcap_filterbpf_insn::code, rpcap_filter::filtertype, rpcap_filterbpf_insn::jf, rpcap_filterbpf_insn::jt, rpcap_filterbpf_insn::k, rpcap_filter::nitems, and sock_bufferize(). Referenced by pcap_startcapture_remote(), and pcap_updatefilter_remote(). |
|
It reads a packet from the network socket. This does not make use of callback (hence the "nocb" string into its name). This function is called by the several pcap_next_ex() when they detect that we have a remote capture and they are the client side. In that case, they need to read packets from the socket. Parameters and return values are exactly the same of the pcap_next_ex().
Definition at line 205 of file pcap-remote.c. References pcap_pkthdr::caplen, PCAP_OPENFLAG_UDP_DP, rpcap_header::plen, rpcap_checkmsg(), RPCAP_MSG_PACKET, RPCAP_NETBUF_SIZE, snprintf, SOCK_ASSERT, sock_discard(), sock_geterror(), and sock_recv(). Referenced by pcap_next_ex(), and pcap_read_remote(). |
|
It reads a packet from the network socket. This function is called by the several pcap_read() when they detect that we have a remote capture and they are the client side. In that case, they need to read packets from the socket. This function relies on the pcap_read_nocb_remote to deliver packets. The difference, here, is that as soon as a packet is read, it is delivered to the application by means of a callback function. Parameters and return values are exactly the same of the pcap_read(). Definition at line 373 of file pcap-remote.c. References n, and pcap_read_nocb_remote(). Referenced by pcap_read(). |
|
Send a filter to a remote host. This function is called when the user wants to set a filter. In case we're capturing from the network, it sends the filter to the other peer. This function is called automatically when the user calls the pcap_setfilter(). Parameters and return values are exactly the same of the pcap_setfilter(). Definition at line 1365 of file pcap-remote.c. References pcap_updatefilter_remote(). Referenced by pcap_setfilter(). |
|
Set sampling parameters in the remote host. This function is called when the user wants to set activate sampling on the remote host. Sampling parameters are defined into the 'pcap_t' structure.
Definition at line 1398 of file pcap-remote.c. References rpcap_sampling::method, PCAP_SAMP_NOSAMP, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_SETSAMPLING_REPLY, RPCAP_NETBUF_SIZE, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), sock_send(), and rpcap_sampling::value. Referenced by pcap_startcapture_remote(). |
|
It starts a remote capture. This function is requires since the RPCAP protocol decouples the 'open' from the 'start capture' functions. This function takes all the parameters needed (which have been stored into the pcap_t structure) and sends them to the server. If everything is fine, it creates a new child thread that reads data from the network and puts data it into the user buffer. The pcap_read() will read data from the user buffer, as usual. The remote capture acts like a new "kernel", which puts packets directly into the buffer pointed by pcap_t. In fact, this function does not rely on a kernel that reads packets and put them into the user buffer; it has to do that on its own.
Definition at line 858 of file pcap-remote.c. References activeHosts, rpcap_startcapreq::flags, host, activehosts::next, PCAP_BUF_SIZE, pcap_close(), PCAP_OPENFLAG_PROMISCUOUS, PCAP_OPENFLAG_UDP_DP, pcap_pack_bpffilter(), pcap_setsampling_remote(), pcap_strerror(), rpcap_startcapreq::portdata, rpcap_startcapreq::read_timeout, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_STARTCAP_REPLY, RPCAP_NETBUF_SIZE, RPCAP_STARTCAPREQ_FLAG_DGRAM, RPCAP_STARTCAPREQ_FLAG_PROMISC, RPCAP_STARTCAPREQ_FLAG_SERVEROPEN, rpcap_startcapreq::snaplen, snprintf, SOCK_ASSERT, sock_bufferize(), sock_close(), sock_discard(), sock_geterror(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), activehosts::sockctrl, and SOCKET. Referenced by pcap_next_ex(), and pcap_read(). |
|
It retrieves network statistics from the other peer. This function is just a void cointainer, since the work is done by the rpcap_stats_remote(). See that funcion for more details. Parameters and return values are exactly the same of the pcap_stats_ex(). Definition at line 492 of file pcap-remote.c. References pcap_stats_ex_remote(), pcap_t, and rpcap_stats_remote(). Referenced by pcap_stats_ex(), and pcap_stats_ex_remote(). |
|
It retrieves network statistics from the other peer. This function is just a void cointainer, since the work is done by the rpcap_stats_remote(). See that funcion for more details. Parameters and return values are exactly the same of the pcap_stats(). Definition at line 469 of file pcap-remote.c. References rpcap_stats_remote(). Referenced by pcap_stats(). |
|
Update a filter on a remote host. This function is called when the user wants to update a filter. In case we're capturing from the network, it sends the filter to the other peer. This function is *not* called automatically when the user calls the pcap_setfilter(). There will be two cases:
Parameters and return values are exactly the same of the pcap_setfilter().
Definition at line 1296 of file pcap-remote.c. References bpf_program::bf_len, pcap_pack_bpffilter(), rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_UPDATEFILTER_REPLY, RPCAP_NETBUF_SIZE, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), and sock_send(). Referenced by pcap_setfilter_remote(). |
|
Checks if the header of the received message is correct. This function is a way to easily check if the message received, in a certain state of the RPCAP protocol Finite State Machine, is valid. This function accepts, as a parameter, the list of message types that are allowed in a certain situation, and it returns the one which occurs.
Definition at line 1746 of file pcap-remote.c. References errbuf, int32, PCAP_ERRBUF_SIZE, rpcap_header::plen, rpcap_checkver(), RPCAP_MSG_ERROR, snprintf, SOCK_ASSERT, sock_discard(), sock_recv(), rpcap_header::type, and uint8. Referenced by daemon_checkauth(), daemon_serviceloop(), pcap_findalldevs_ex(), pcap_opensource_remote(), pcap_read_nocb_remote(), pcap_setsampling_remote(), pcap_startcapture_remote(), pcap_updatefilter_remote(), rpcap_sendauth(), and rpcap_stats_remote(). |
|
Creates a structure of type rpcap_header. This function is provided just because the creation of an rpcap header is quite a common task. It accepts all the values that appears into an rpcap_header, and it puts them in place using the proper hton() calls.
Definition at line 1691 of file pcap-remote.c. References rpcap_header::plen, RPCAP_VERSION, rpcap_header::type, rpcap_header::value, and rpcap_header::ver. Referenced by daemon_checkauth(), daemon_endcapture(), daemon_findalldevs(), daemon_getstats(), daemon_getstatsnopcap(), daemon_opensource(), daemon_setsampling(), daemon_startcapture(), daemon_thrdatamain(), daemon_updatefilter(), pcap_close_remote(), pcap_findalldevs_ex(), pcap_opensource_remote(), pcap_remoteact_close(), pcap_setsampling_remote(), pcap_startcapture_remote(), pcap_updatefilter_remote(), rpcap_sendauth(), rpcap_senderror(), and rpcap_stats_remote(). |
|
It traslates (i.e. de-serializes) a 'sockaddr_storage' structure from the network byte order to the host byte order. It accepts a 'sockaddr_storage' structure as it is received from the network and it converts it into the host byte order (by means of a set of ntoh() ). The function will allocate the 'sockaddrout' variable according to the address family in use. In case the address does not belong to the AF_INET nor AF_INET6 families, 'sockaddrout' is not allocated and a NULL pointer is returned. This usually happens because that address does not exist on the other host, so the RPCAP daemon sent a 'sockaddr_storage' structure containing all 'zero' values.
Definition at line 135 of file pcap-remote.c. References pcap_strerror(), and snprintf. Referenced by pcap_findalldevs_ex(). |
|
It returns the socket currently used for this active connection (active mode only). This function is just for internal use; it returns the socket ID of the active connection currently opened.
Definition at line 1888 of file pcap-remote.c. References activeHosts, activehosts::host, activehosts::next, snprintf, sock_cmpaddr(), and activehosts::sockctrl. Referenced by pcap_findalldevs_ex(), and pcap_opensource_remote(). |
|
Sends the authentication message. It sends the authentication parameters on the control socket. Ths function is required in order to open the connection with the other end party.
Definition at line 1549 of file pcap-remote.c. References pcap_rmtauth::password, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_AUTH_REPLY, RPCAP_MSG_ERROR, RPCAP_NETBUF_SIZE, RPCAP_RMTAUTH_NULL, RPCAP_RMTAUTH_PWD, rpcap_auth::slen1, rpcap_auth::slen2, snprintf, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), sock_send(), rpcap_auth::type, pcap_rmtauth::type, uint16, and pcap_rmtauth::username. Referenced by pcap_findalldevs_ex(), pcap_opensource_remote(), and pcap_remoteact_accept(). |
|
It sends a RPCAP error to the other peer. This function has to be called when the main program detects an error. This funcion will send on the other peer the 'buffer' specified by the user. This function *does not* request a RPCAP CLOSE connection. A CLOSE command must be sent explicitely by the program, since we do not know it the error can be recovered in some way or it is a non-recoverable one.
Definition at line 1502 of file pcap-remote.c. References PCAP_ERRBUF_SIZE, rpcap_createhdr(), RPCAP_NETBUF_SIZE, sock_bufferize(), sock_send(), and uint16. Referenced by daemon_findalldevs(), daemon_getstats(), daemon_getstatsnopcap(), daemon_opensource(), daemon_serviceloop(), daemon_setsampling(), daemon_startcapture(), daemon_thrdatamain(), daemon_updatefilter(), main_passive(), and pcap_remoteact_accept(). |
|
|
|
|
|
Keeps a list of all the opened connections in the active mode.
Definition at line 79 of file pcap-remote.c. Referenced by pcap_close_remote(), pcap_remoteact_accept(), pcap_remoteact_close(), pcap_remoteact_list(), pcap_startcapture_remote(), and rpcap_remoteact_getsock(). |
|
Definition at line 75 of file pcap-remote.c. Referenced by main_passive(). |
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.