#include <pcap-int.h>
#include <pcap-remote.h>
#include <sockutils.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
Go to the source code of this file.
Defines | |
#define | PCAP_TEXT_SOURCE_FILE "File" |
String identifier to be used in the pcap_findalldevs_ex(). | |
#define | PCAP_TEXT_SOURCE_ADAPTER "Network adapter" |
String identifier to be used in the pcap_findalldevs_ex(). | |
#define | PCAP_TEXT_SOURCE_ON_LOCAL_HOST "on local host" |
String identifier to be used in the pcap_findalldevs_ex(). | |
#define | PCAP_TEXT_SOURCE_ON_REMOTE_HOST "on remote node" |
String identifier to be used in the pcap_findalldevs_ex(). | |
#define | ENDING_CHAR '\\' |
Functions | |
int | pcap_findalldevs_ex (char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) |
It creates a list of network devices that can be opened with pcap_open(). | |
int | pcap_createsrcstr (char *source, int type, const char *host, const char *port, const char *name, char *errbuf) |
Accepts a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). | |
int | pcap_parsesrcstr (const char *source, int *type, char *host, char *port, char *name, char *errbuf) |
Parses the source string and returns the pieces in which the source can be split. | |
pcap_t * | pcap_open (const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf) |
It opens a generic source in order to capture / send (WinPcap only) traffic. | |
pcap_samp * | pcap_setsampling (pcap_t *p) |
It defines a sampling method for packet capture. | |
SOCKET | pcap_remoteact_accept (const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf) |
It blocks until a network connection is accepted (active mode only). | |
int | pcap_remoteact_close (const char *host, char *errbuf) |
It drops an active connection (active mode only). | |
void | pcap_remoteact_cleanup () |
Cleans the socket that is currently used in waiting active connections. | |
int | pcap_remoteact_list (char *hostlist, char sep, int size, char *errbuf) |
Returns the hostname of the host that have an active connection with us (active mode only). | |
Variables | |
char | fakeerrbuf [PCAP_ERRBUF_SIZE+1] |
activehosts * | activeHosts |
Keeps a list of all the opened connections in the active mode. | |
SOCKET | sockmain |
Keeps the main socket identifier when we want to accept a new remote connection (active mode only). |
|
|
|
String identifier to be used in the pcap_findalldevs_ex().
Definition at line 69 of file pcap-new.c. |
|
String identifier to be used in the pcap_findalldevs_ex().
Definition at line 67 of file pcap-new.c. |
|
String identifier to be used in the pcap_findalldevs_ex().
Definition at line 72 of file pcap-new.c. |
|
String identifier to be used in the pcap_findalldevs_ex().
Definition at line 74 of file pcap-new.c. |
|
Accepts a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). This function is provided in order to help the user creating the source string according to the new format. An unique source string is used in order to make easy for old applications to use the remote facilities. Think about tcpdump, for example, which has only one way to specify the interface on which the capture has to be started. However, GUI-based programs can find more useful to specify hostname, port and interface name separately. In that case, they can use this function to create the source string before passing it to the pcap_open() function.
Definition at line 753 of file pcap-new.c. References PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, PCAP_SRC_IFREMOTE, and snprintf. Referenced by pcap_findalldevs_ex(). |
|
It creates a list of network devices that can be opened with pcap_open(). This function is a superset of the old 'pcap_findalldevs()', which is obsolete, and which allows listing only the devices present on the local machine. Vice versa, pcap_findalldevs_ex() allows listing the devices present on a remote machine as well. Additionally, it can list all the pcap files available into a given folder. Moreover, pcap_findalldevs_ex() is platform independent, since it relies on the standard pcap_findalldevs() to get addresses on the local machine. In case the function has to list the interfaces on a remote machine, it opens a new control connection toward that machine, it retrieves the interfaces, and it drops the connection. However, if this function detects that the remote machine is in 'active' mode, the connection is not dropped and the existing socket is used. The 'source' is a parameter that tells the function where the lookup has to be done and it uses the same syntax of the pcap_open(). Differently from the pcap_findalldevs(), the interface names (pointed by the alldevs->name and the other ones in the linked list) are already ready to be used in the pcap_open() call. Vice versa, the output that comes from pcap_findalldevs() must be formatted with the new pcap_createsrcstr() before passing the source identifier to the pcap_open().
Definition at line 147 of file pcap-new.c. References pcap_addr::addr, pcap_addr::broadaddr, pcap_if::description, pcap_addr::dstaddr, host, pcap_if::name, pcap_addr::netmask, pcap_addr::next, pcap_if::next, PCAP_BUF_SIZE, pcap_close(), pcap_createsrcstr(), pcap_findalldevs(), pcap_open_offline(), pcap_parsesrcstr(), PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, pcap_strerror(), pcap_t, port, rpcap_checkmsg(), rpcap_createhdr(), rpcap_deseraddr(), RPCAP_MSG_ERROR, RPCAP_MSG_FINDALLIF_REPLY, rpcap_remoteact_getsock(), rpcap_sendauth(), snprintf, sock_cleanup(), sock_close(), sock_discard(), sock_init(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), and SOCKET. |
|
It opens a generic source in order to capture / send (WinPcap only) traffic. The pcap_open() replaces all the pcap_open_xxx() functions with a single call. This function hides the differences between the different pcap_open_xxx() functions so that the programmer does not have to manage different opening function. In this way, the 'true' open function is decided according to the source type, which is included into the source string (in the form of source prefix). This function can rely on the pcap_createsrcstr() to create the string that keeps the capture device according to the new syntax, and the pcap_parsesrcstr() for the other way round.
Definition at line 1102 of file pcap-new.c. References host, PCAP_BUF_SIZE, pcap_open_live(), pcap_open_offline(), pcap_opensource_remote(), pcap_parsesrcstr(), PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, PCAP_SRC_IFREMOTE, pcap_t, port, and snprintf. Referenced by daemon_opensource(), daemon_startcapture(), and main(). |
|
Parses the source string and returns the pieces in which the source can be split. This call is the other way round of pcap_createsrcstr(). It accepts a null-terminated string and it returns the parameters related to the source. This includes:
The user can omit some parameters in case it is not interested in them.
Definition at line 885 of file pcap-new.c. References host, PCAP_BUF_SIZE, PCAP_SRC_FILE, PCAP_SRC_IFLOCAL, PCAP_SRC_IFREMOTE, port, and snprintf. Referenced by pcap_findalldevs_ex(), pcap_open(), pcap_open_live(), and pcap_opensource_remote(). |
|
It blocks until a network connection is accepted (active mode only). This function has been defined to allow the client dealing with the 'active mode'. In other words, in the 'active mode' the server opens the connection toward the client, so that the client has to open a socket in order to wait for connections. When a new connection is accepted, the RPCAP protocol starts as usual; the only difference is that the connection is initiated by the server. This function accepts only ONE connection, then it closes the waiting socket. This means that if some error occurs, the application has to call it again in order to accept another connection. This function returns when a new connection (coming from a valid host 'connectinghost') is accepted; it returns error otherwise.
Definition at line 1237 of file pcap-new.c. References activeHosts, activehosts::host, activehosts::next, pcap_strerror(), port, rpcap_sendauth(), rpcap_senderror(), snprintf, SOCK_ASSERT, sock_check_hostlist(), sock_close(), sock_cmpaddr(), sock_geterror(), sock_init(), sock_initaddress(), sock_open(), activehosts::sockctrl, SOCKET, and sockmain. |
|
Cleans the socket that is currently used in waiting active connections. This function does a very dirty job. The fact is that is the waiting socket is not freed if the pcap_remoteaccept() is killed inside a new thread. This function is able to clean the socket in order to allow the next calls to pcap_remoteact_accept() to work. This function is useful *only* if you launch pcap_remoteact_accept() inside a new thread, and you stops (not very gracefully) the thread (for example because the user changed idea, and it does no longer want to wait for an active connection). So, basically, the flow should be the following:
This function has no effects in other cases.
Definition at line 1489 of file pcap-new.c. References sock_cleanup(). |
|
It drops an active connection (active mode only). This function has been defined to allow the client dealing with the 'active mode'. This function closes an active connection that is still in place and it purges the host name from the 'activeHost' list. From this point on, the client will not have any connection with that host in place.
Definition at line 1391 of file pcap-new.c. References activeHosts, activehosts::host, activehosts::next, rpcap_createhdr(), snprintf, sock_cleanup(), sock_close(), sock_cmpaddr(), sock_send(), and activehosts::sockctrl. |
|
Returns the hostname of the host that have an active connection with us (active mode only). This function has been defined to allow the client dealing with the 'active mode'. This function returns the list of hosts that are currently having an active connection with us. This function is useful in order to delete an active connection that is still in place.
Definition at line 1526 of file pcap-new.c. References activeHosts, activehosts::host, hostlist, activehosts::next, RPCAP_HOSTLIST_SIZE, size, snprintf, and sock_getascii_addrport(). |
|
It defines a sampling method for packet capture. This function allows applying a sampling method to the packet capture process. The currently sampling methods (and the way to set them) are described into the struct pcap_samp. In other words, the user must set the appropriate parameters into it; these will be applied as soon as the capture starts.
Definition at line 1169 of file pcap-new.c. References pcap_setsampling(), and pcap_t. Referenced by pcap_setsampling(). |
|
Keeps a list of all the opened connections in the active mode.
Definition at line 55 of file pcap-new.c. Referenced by pcap_close_remote(), pcap_remoteact_accept(), pcap_remoteact_close(), pcap_remoteact_list(), pcap_startcapture_remote(), and rpcap_remoteact_getsock(). |
|
Definition at line 51 of file pcap-new.c. |
|
Keeps the main socket identifier when we want to accept a new remote connection (active mode only). See the documentation of pcap_remoteact_accept() and pcap_remoteact_cleanup() for more details. Definition at line 63 of file pcap-new.c. Referenced by main_passive(), main_startup(), and pcap_remoteact_accept(). |
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.