Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

pcap-remote.c File Reference

#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <errno.h>
#include <pcap.h>
#include <pcap-int.h>
#include <pcap-remote.h>
#include <sockutils.h>

Go to the source code of this file.

Defines

#define PCAP_STATS_STANDARD   0
#define PCAP_STATS_EX   1

Functions

void rpcap_thrdatamain_stream (void *ptr)
void rpcap_thrdatamain_dgram (void *ptr)
int rpcap_checkver (SOCKET sock, struct rpcap_header *header, char *errbuf)
 Checks if the version contained into the message is compatible with the one handled by this implementation.

pcap_statrpcap_stats_remote (pcap_t *p, struct pcap_stat *ps, int mode)
 It retrieves network statistics from the other peer.

int pcap_pack_bpffilter (pcap_t *fp, char *sendbuf, int *sendbufidx, struct bpf_program *prog)
 Takes a bpf program and sends it to the other host.

int rpcap_deseraddr (struct sockaddr_storage *sockaddrin, struct sockaddr_storage **sockaddrout, char *errbuf)
 It traslates (i.e. de-serializes) a 'sockaddr_storage' structure from the network byte order to the host byte order.

int pcap_read_nocb_remote (pcap_t *p, struct pcap_pkthdr **pkt_header, u_char **pkt_data)
 It reads a packet from the network socket. This does not make use of callback (hence the "nocb" string into its name).

int pcap_read_remote (pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 It reads a packet from the network socket.

void pcap_close_remote (pcap_t *fp)
 It sends a CLOSE command to the capture server.

int pcap_stats_remote (pcap_t *p, struct pcap_stat *ps)
 It retrieves network statistics from the other peer.

pcap_statpcap_stats_ex_remote (pcap_t *p)
 It retrieves network statistics from the other peer.

pcap_tpcap_opensource_remote (const char *source, struct pcap_rmtauth *auth, char *errbuf)
 It opens a remote adapter by opening an RPCAP connection and so on.

int pcap_startcapture_remote (pcap_t *fp)
 It starts a remote capture.

int pcap_updatefilter_remote (pcap_t *fp, struct bpf_program *prog)
 Update a filter on a remote host.

int pcap_setfilter_remote (pcap_t *fp, struct bpf_program *prog)
 Send a filter to a remote host.

int pcap_setsampling_remote (pcap_t *p)
 Set sampling parameters in the remote host.

int rpcap_senderror (SOCKET sock, char *error, unsigned short errcode, char *errbuf)
 It sends a RPCAP error to the other peer.

int rpcap_sendauth (SOCKET sock, struct pcap_rmtauth *auth, char *errbuf)
 Sends the authentication message.

void rpcap_createhdr (struct rpcap_header *header, uint8 type, uint16 value, uint32 length)
 Creates a structure of type rpcap_header.

int rpcap_checkmsg (char *errbuf, SOCKET sock, struct rpcap_header *header, uint8 first,...)
 Checks if the header of the received message is correct.

int rpcap_remoteact_getsock (const char *host, char *errbuf)
 It returns the socket currently used for this active connection (active mode only).


Variables

char fakeerrbuf [PCAP_ERRBUF_SIZE+1]
activehostsactiveHosts
 Keeps a list of all the opened connections in the active mode.


Detailed Description

This file keeps all the new funtions that are needed for the RPCAP protocol. Almost all the pcap functions need to be modified in order to become compatible with the RPCAP protocol. However, you can find here only the ones that are completely new.

This file keeps also the functions that are 'private', i.e. are needed by the RPCAP protocol but are not exported to the user.

Warning:
All the RPCAP functions that are allowed to return a buffer containing the error description can return max PCAP_ERRBUF_SIZE characters. However there is no guarantees that the string will be zero-terminated. Best practice is to define the errbuf variable as a char of size 'PCAP_ERRBUF_SIZE+1' and to insert manually a NULL character at the end of the buffer. This will guarantee that no buffer overflows occur even if we use the printf() to show the error on the screen.

Definition in file pcap-remote.c.


Define Documentation

#define PCAP_STATS_EX   1
 

Used by pcap_stats_remote to see if we want standard or extended statistics

Definition at line 66 of file pcap-remote.c.

#define PCAP_STATS_STANDARD   0
 

Used by pcap_stats_remote to see if we want standard or extended statistics

Definition at line 65 of file pcap-remote.c.

Referenced by rpcap_stats_remote().


Function Documentation

void pcap_close_remote pcap_t   fp
 

It sends a CLOSE command to the capture server.

This function is called when the user wants to close a pcap_t adapter. In case we're capturing from the network, it sends a command to the other peer that says 'ok, let's stop capturing'. This function is called automatically when the user calls the pcap_close().

Parameters and return values are exactly the same of the pcap_close().

Warning:
Since we're closing the connection, we do not check for errors.

Definition at line 403 of file pcap-remote.c.

References activeHosts, activehosts::next, rpcap_createhdr(), sock_cleanup(), sock_close(), sock_discard(), sock_recv(), sock_send(), and activehosts::sockctrl.

Referenced by pcap_close().

pcap_t* pcap_opensource_remote const char *    source,
struct pcap_rmtauth   auth,
char *    errbuf
 

It opens a remote adapter by opening an RPCAP connection and so on.

This function does basically the job of pcap_open_live() for a remote interface. In other words, we have a pcap_read for win32, which reads packets from NPF, another for LINUX, and so on. Now, we have a pcap_opensource_remote() as well. The difference, here, is the capture thread does not start until the pcap_startcapture_remote() is called.

This is because, in remote capture, we cannot start capturing data as soon ad the 'open adapter' command is sent. Suppose the remote adapter is already overloaded; if we start a capture (which, by default, has a NULL filter) the new traffic can saturate the network.

Instead, we want to "open" the adapter, then send a "start capture" command only when we're ready to start the capture. This funtion does this job: it sends a "open adapter" command (according to the RPCAP protocol), but it does not start the capture.

Since the other libpcap functions do not share this way of life, we have to make some dirty things in order to make everyting working.

Parameters:
source: see pcap_open().
auth: see pcap_open().
errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE) that will contain the error message (in case there is one). It could be either a network problem, an RPCAP problem (e.g. authentication failed), and more.
Returns:
A pointer to a 'pcap_t' which can be used as a parameter to the following calls (pcap_compile() and so on) and that specifies an opened WinPcap session. In case of problems, it returns NULL and the 'errbuf' variable keeps the error message.
Warning:
In case we call the pcap_compile() and the capture is not started, the filter will be saved into the pcap_t structure, and it will be sent to the other host later (when the pcap_startcapture_remote() is called).

Definition at line 650 of file pcap-remote.c.

References host, PCAP_BUF_SIZE, pcap_close(), pcap_parsesrcstr(), PCAP_SRC_IFREMOTE, pcap_strerror(), pcap_t, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_OPEN_REPLY, RPCAP_NETBUF_SIZE, rpcap_remoteact_getsock(), rpcap_sendauth(), snprintf, sock_bufferize(), sock_close(), sock_discard(), sock_init(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), and SOCKET.

Referenced by pcap_open(), and pcap_open_live().

int pcap_pack_bpffilter pcap_t   fp,
char *    sendbuf,
int *    sendbufidx,
struct bpf_program   prog
 

Takes a bpf program and sends it to the other host.

This function can be called in two cases:

  • the pcap_startcapture() is called (we have to send the filter along with the 'start capture' command)
  • we want to udpate the filter during a capture (i.e. the pcap_setfilter() is called when the capture is still on)

This function serializes the filter into the sending buffer ('sendbuf', passed as a parameter) and return back. It does not send anything on the network.

Parameters:
fp: the pcap_t descriptor of the device currently opened.
sendbuf: the buffer on which the serialized data has to copied.
sendbufidx: it is used to return the abounf of bytes copied into the buffer.
prog: the bpf prgoram we hve to copy.
Returns:
'0' if everything is fine, '-1' otherwise. The error message (if one) is returned into the 'errbuf' field of the pcap_t structure.

Definition at line 1237 of file pcap-remote.c.

References bpf_program::bf_insns, bpf_program::bf_len, rpcap_filterbpf_insn::code, rpcap_filter::filtertype, rpcap_filterbpf_insn::jf, rpcap_filterbpf_insn::jt, rpcap_filterbpf_insn::k, rpcap_filter::nitems, and sock_bufferize().

Referenced by pcap_startcapture_remote(), and pcap_updatefilter_remote().

int pcap_read_nocb_remote pcap_t   p,
struct pcap_pkthdr **    pkt_header,
u_char **    pkt_data
 

It reads a packet from the network socket. This does not make use of callback (hence the "nocb" string into its name).

This function is called by the several pcap_next_ex() when they detect that we have a remote capture and they are the client side. In that case, they need to read packets from the socket.

Parameters and return values are exactly the same of the pcap_next_ex().

Warning:
By choice, this function does not make use of semaphores. A smarter implementation should put a semaphore into the data thread, and a signal will be raised as soon as there is data into the socket buffer. However this is complicated and it does not bring any advantages when reading from the network, in which network delays can be much more important than these optimizations. Therefore, we chose the following approach:
  • the 'timeout' chosen by the user is split in two (half on the server side, with the usual meaning, and half on the client side)
  • this function checks for packets; if there are no packets, it waits for timeout/2 and then it checks again. If packets are still missing, it returns, otherwise it reads packets.

Definition at line 205 of file pcap-remote.c.

References pcap_pkthdr::caplen, PCAP_OPENFLAG_UDP_DP, rpcap_header::plen, rpcap_checkmsg(), RPCAP_MSG_PACKET, RPCAP_NETBUF_SIZE, snprintf, SOCK_ASSERT, sock_discard(), sock_geterror(), and sock_recv().

Referenced by pcap_next_ex(), and pcap_read_remote().

int pcap_read_remote pcap_t   p,
int    cnt,
pcap_handler    callback,
u_char *    user
 

It reads a packet from the network socket.

This function is called by the several pcap_read() when they detect that we have a remote capture and they are the client side. In that case, they need to read packets from the socket.

This function relies on the pcap_read_nocb_remote to deliver packets. The difference, here, is that as soon as a packet is read, it is delivered to the application by means of a callback function.

Parameters and return values are exactly the same of the pcap_read().

Definition at line 373 of file pcap-remote.c.

References n, and pcap_read_nocb_remote().

Referenced by pcap_read().

int pcap_setfilter_remote pcap_t   fp,
struct bpf_program   prog
 

Send a filter to a remote host.

This function is called when the user wants to set a filter. In case we're capturing from the network, it sends the filter to the other peer. This function is called automatically when the user calls the pcap_setfilter().

Parameters and return values are exactly the same of the pcap_setfilter().

Definition at line 1365 of file pcap-remote.c.

References pcap_updatefilter_remote().

Referenced by pcap_setfilter().

int pcap_setsampling_remote pcap_t   p
 

Set sampling parameters in the remote host.

This function is called when the user wants to set activate sampling on the remote host.

Sampling parameters are defined into the 'pcap_t' structure.

Parameters:
fp: the pcap_t descriptor of the device currently opened.
Returns:
'0' if everything is OK, '-1' is something goes wrong. The error message is returned in the 'errbuf' member of the pcap_t structure.

Definition at line 1398 of file pcap-remote.c.

References rpcap_sampling::method, PCAP_SAMP_NOSAMP, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_SETSAMPLING_REPLY, RPCAP_NETBUF_SIZE, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), sock_send(), and rpcap_sampling::value.

Referenced by pcap_startcapture_remote().

int pcap_startcapture_remote pcap_t   fp
 

It starts a remote capture.

This function is requires since the RPCAP protocol decouples the 'open' from the 'start capture' functions. This function takes all the parameters needed (which have been stored into the pcap_t structure) and sends them to the server. If everything is fine, it creates a new child thread that reads data from the network and puts data it into the user buffer. The pcap_read() will read data from the user buffer, as usual.

The remote capture acts like a new "kernel", which puts packets directly into the buffer pointed by pcap_t. In fact, this function does not rely on a kernel that reads packets and put them into the user buffer; it has to do that on its own.

Parameters:
fp: the pcap_t descriptor of the device currently open.
Returns:
'0' if everything is fine, '-1' otherwise. The error message (if one) is returned into the 'errbuf' field of the pcap_t structure.

Definition at line 858 of file pcap-remote.c.

References activeHosts, rpcap_startcapreq::flags, host, activehosts::next, PCAP_BUF_SIZE, pcap_close(), PCAP_OPENFLAG_PROMISCUOUS, PCAP_OPENFLAG_UDP_DP, pcap_pack_bpffilter(), pcap_setsampling_remote(), pcap_strerror(), rpcap_startcapreq::portdata, rpcap_startcapreq::read_timeout, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_ERROR, RPCAP_MSG_STARTCAP_REPLY, RPCAP_NETBUF_SIZE, RPCAP_STARTCAPREQ_FLAG_DGRAM, RPCAP_STARTCAPREQ_FLAG_PROMISC, RPCAP_STARTCAPREQ_FLAG_SERVEROPEN, rpcap_startcapreq::snaplen, snprintf, SOCK_ASSERT, sock_bufferize(), sock_close(), sock_discard(), sock_geterror(), sock_initaddress(), sock_open(), sock_recv(), sock_send(), activehosts::sockctrl, and SOCKET.

Referenced by pcap_next_ex(), and pcap_read().

struct pcap_stat* pcap_stats_ex_remote pcap_t   p
 

It retrieves network statistics from the other peer.

This function is just a void cointainer, since the work is done by the rpcap_stats_remote(). See that funcion for more details.

Parameters and return values are exactly the same of the pcap_stats_ex().

Definition at line 492 of file pcap-remote.c.

References pcap_stats_ex_remote(), pcap_t, and rpcap_stats_remote().

Referenced by pcap_stats_ex(), and pcap_stats_ex_remote().

int pcap_stats_remote pcap_t   p,
struct pcap_stat   ps
 

It retrieves network statistics from the other peer.

This function is just a void cointainer, since the work is done by the rpcap_stats_remote(). See that funcion for more details.

Parameters and return values are exactly the same of the pcap_stats().

Definition at line 469 of file pcap-remote.c.

References rpcap_stats_remote().

Referenced by pcap_stats().

int pcap_updatefilter_remote pcap_t   fp,
struct bpf_program   prog
 

Update a filter on a remote host.

This function is called when the user wants to update a filter. In case we're capturing from the network, it sends the filter to the other peer. This function is *not* called automatically when the user calls the pcap_setfilter(). There will be two cases:

Parameters and return values are exactly the same of the pcap_setfilter().

Warning:
This function *does not* clear the packet currently into the buffers. Therefore, the user has to expect to receive some packets that are related to the previous filter. If you want to discard all the packets before applying a new filter, you have to close the current capture session and start a new one.

Definition at line 1296 of file pcap-remote.c.

References bpf_program::bf_len, pcap_pack_bpffilter(), rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_UPDATEFILTER_REPLY, RPCAP_NETBUF_SIZE, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), and sock_send().

Referenced by pcap_setfilter_remote().

int rpcap_checkmsg char *    errbuf,
SOCKET    sock,
struct rpcap_header   header,
uint8    first,
...   
 

Checks if the header of the received message is correct.

This function is a way to easily check if the message received, in a certain state of the RPCAP protocol Finite State Machine, is valid. This function accepts, as a parameter, the list of message types that are allowed in a certain situation, and it returns the one which occurs.

Parameters:
errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE) that will contain the error message (in case there is one). It could be either problem occurred inside this function (e.g. a network problem in case it tries to send an error on the other peer and the send() call fails), an error message which has been sent to us from the other party, or a version error (the message receive has a version number that is incompabile with our).
sock: the socket that has to be used to receive data. This function can read data from socket in case the version contained into the message is not compatible with our. In that case, all the message is purged from the socket, so that the following recv() calls will return a new message.
header: a pointer to and 'rpcap_header' structure that keeps the data received from the network (still in network byte order) and that has to be checked.
first: this function has a variable number of parameters. From this point on, all the messages that are valid in this context must be passed as parameters. The message type list must be terminated with a '0' value, the null message type, which means 'no more types to check'. The RPCAP protocol does not define anything with message type equal to zero, so there is no ambiguity in using this value as a list terminator.
Returns:
The message type of the message that has been detected. In case of errors (e.g. the header contains a type that is not listed among the allowed types), this function will return the following codes:
  • (-1) if the version is incompatible.
  • (-2) if the code is not among the one listed into the parameters list
  • (-3) if a network error (connection reset, ...)
  • RPCAP_MSG_ERROR if the message is an error message (it follow that the RPCAP_MSG_ERROR could not be present in the allowed message-types list, becuase this function checks for errors anyway)
In case either the version is incompatible or nothing matches (i.e. it returns '-1' or '-2'), it discards the message body (i.e. it reads the remaining part of the message from the network and it discards it) so that the application is ready to receive a new message.

Definition at line 1746 of file pcap-remote.c.

References errbuf, int32, PCAP_ERRBUF_SIZE, rpcap_header::plen, rpcap_checkver(), RPCAP_MSG_ERROR, snprintf, SOCK_ASSERT, sock_discard(), sock_recv(), rpcap_header::type, and uint8.

Referenced by daemon_checkauth(), daemon_serviceloop(), pcap_findalldevs_ex(), pcap_opensource_remote(), pcap_read_nocb_remote(), pcap_setsampling_remote(), pcap_startcapture_remote(), pcap_updatefilter_remote(), rpcap_sendauth(), and rpcap_stats_remote().

void rpcap_createhdr struct rpcap_header   header,
uint8    type,
uint16    value,
uint32    length
 

Creates a structure of type rpcap_header.

This function is provided just because the creation of an rpcap header is quite a common task. It accepts all the values that appears into an rpcap_header, and it puts them in place using the proper hton() calls.

Parameters:
header: a pointer to a user-allocated buffer which will contain the serialized header, ready to be sent on the network.
type: a value (in the host by order) which will be placed into the header.type field and that represents the type of the current message.
value: a value (in the host by order) which will be placed into the header.value field and that has a message-dependent meaning.
length: a value (in the host by order) which will be placed into the header.length field and that represents the payload length of the message.
Returns:
Nothing. The serialized header is returned into the 'header' variable.

Definition at line 1691 of file pcap-remote.c.

References rpcap_header::plen, RPCAP_VERSION, rpcap_header::type, rpcap_header::value, and rpcap_header::ver.

Referenced by daemon_checkauth(), daemon_endcapture(), daemon_findalldevs(), daemon_getstats(), daemon_getstatsnopcap(), daemon_opensource(), daemon_setsampling(), daemon_startcapture(), daemon_thrdatamain(), daemon_updatefilter(), pcap_close_remote(), pcap_findalldevs_ex(), pcap_opensource_remote(), pcap_remoteact_close(), pcap_setsampling_remote(), pcap_startcapture_remote(), pcap_updatefilter_remote(), rpcap_sendauth(), rpcap_senderror(), and rpcap_stats_remote().

int rpcap_deseraddr struct sockaddr_storage *    sockaddrin,
struct sockaddr_storage **    sockaddrout,
char *    errbuf
 

It traslates (i.e. de-serializes) a 'sockaddr_storage' structure from the network byte order to the host byte order.

It accepts a 'sockaddr_storage' structure as it is received from the network and it converts it into the host byte order (by means of a set of ntoh() ). The function will allocate the 'sockaddrout' variable according to the address family in use. In case the address does not belong to the AF_INET nor AF_INET6 families, 'sockaddrout' is not allocated and a NULL pointer is returned. This usually happens because that address does not exist on the other host, so the RPCAP daemon sent a 'sockaddr_storage' structure containing all 'zero' values.

Parameters:
sockaddrin: a 'sockaddr_storage' pointer to the variable that has to be de-serialized.
sockaddrout: a 'sockaddr_storage' pointer to the variable that will contain the de-serialized data. The structure returned can be either a 'sockaddr_in' or 'sockaddr_in6'. This variable will be allocated automatically inside this function.
errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE) that will contain the error message (in case there is one).
Returns:
'0' if everything is fine, '-1' if some errors occurred. Basically, the error can be only the fact that the malloc() failed to allocate memory. The error message is returned in the 'errbuf' variable, while the deserialized address is returned into the 'sockaddrout' variable.
Warning:
This function supports only AF_INET and AF_INET6 address families.

The sockaddrout (if not NULL) must be deallocated by the user.

Definition at line 135 of file pcap-remote.c.

References pcap_strerror(), and snprintf.

Referenced by pcap_findalldevs_ex().

int rpcap_remoteact_getsock const char *    host,
char *    errbuf
 

It returns the socket currently used for this active connection (active mode only).

This function is just for internal use; it returns the socket ID of the active connection currently opened.

Parameters:
host: a string that keeps the host name of the host for which we want to get the socket ID for that active connection.
errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE) that will contain the error message (in case there is one).
Returns:
the socket identifier if everything is fine, '0' if this host is not in the active host list. It returns '-1' in case of error. The error message is returned into the errbuf variable.
Warning:
Win32: be carefully not to assign the returning value of this call to a SOCKET directly. It should lead to wrong results, since Win32 sockets are unsigned int; therefore a negative value could not be handled correctly.

Definition at line 1888 of file pcap-remote.c.

References activeHosts, activehosts::host, activehosts::next, snprintf, sock_cmpaddr(), and activehosts::sockctrl.

Referenced by pcap_findalldevs_ex(), and pcap_opensource_remote().

int rpcap_sendauth SOCKET    sock,
struct pcap_rmtauth   auth,
char *    errbuf
 

Sends the authentication message.

It sends the authentication parameters on the control socket. Ths function is required in order to open the connection with the other end party.

Parameters:
sock: the socket we are currently using.
auth: authentication parameters that have to be sent.
errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE) that will contain the error message (in case there is one). It could be network problem ot the fact that the authorization failed.
Returns:
'0' if everything is fine, '-1' if some errors occurred. The error message is returned in the 'errbuf' variable. The error message could be also 'the authentication failed'.

Definition at line 1549 of file pcap-remote.c.

References pcap_rmtauth::password, rpcap_checkmsg(), rpcap_createhdr(), RPCAP_MSG_AUTH_REPLY, RPCAP_MSG_ERROR, RPCAP_NETBUF_SIZE, RPCAP_RMTAUTH_NULL, RPCAP_RMTAUTH_PWD, rpcap_auth::slen1, rpcap_auth::slen2, snprintf, SOCK_ASSERT, sock_bufferize(), sock_discard(), sock_recv(), sock_send(), rpcap_auth::type, pcap_rmtauth::type, uint16, and pcap_rmtauth::username.

Referenced by pcap_findalldevs_ex(), pcap_opensource_remote(), and pcap_remoteact_accept().

int rpcap_senderror SOCKET    sock,
char *    error,
unsigned short    errcode,
char *    errbuf
 

It sends a RPCAP error to the other peer.

This function has to be called when the main program detects an error. This funcion will send on the other peer the 'buffer' specified by the user. This function *does not* request a RPCAP CLOSE connection. A CLOSE command must be sent explicitely by the program, since we do not know it the error can be recovered in some way or it is a non-recoverable one.

Parameters:
sock: the socket we are currently using.
error: an user-allocated (and '0' termined) buffer that contains the error description thas has to be transmitted on the other peer. The error message cannot be longer than PCAP_ERRBUF_SIZE.
errcode: a integer which tells the other party the type of error we had; currently is is not too much used.
errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE) that will contain the error message (in case there is one). It could be network problem.
Returns:
'0' if everything is fine, '-1' if some errors occurred. The error message is returned in the 'errbuf' variable.

Definition at line 1502 of file pcap-remote.c.

References PCAP_ERRBUF_SIZE, rpcap_createhdr(), RPCAP_NETBUF_SIZE, sock_bufferize(), sock_send(), and uint16.

Referenced by daemon_findalldevs(), daemon_getstats(), daemon_getstatsnopcap(), daemon_opensource(), daemon_serviceloop(), daemon_setsampling(), daemon_startcapture(), daemon_thrdatamain(), daemon_updatefilter(), main_passive(), and pcap_remoteact_accept().

void rpcap_thrdatamain_dgram void *    ptr
 

void rpcap_thrdatamain_stream void *    ptr
 


Variable Documentation

struct activehosts* activeHosts
 

Keeps a list of all the opened connections in the active mode.

Definition at line 79 of file pcap-remote.c.

Referenced by pcap_close_remote(), pcap_remoteact_accept(), pcap_remoteact_close(), pcap_remoteact_list(), pcap_startcapture_remote(), and rpcap_remoteact_getsock().

char fakeerrbuf[PCAP_ERRBUF_SIZE + 1]
 

Definition at line 75 of file pcap-remote.c.

Referenced by main_passive().


documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.