diff options
Diffstat (limited to '')
-rw-r--r-- | nsock/src/nsock_pcap.h | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/nsock/src/nsock_pcap.h b/nsock/src/nsock_pcap.h new file mode 100644 index 0000000..ca667db --- /dev/null +++ b/nsock/src/nsock_pcap.h @@ -0,0 +1,152 @@ +/*************************************************************************** + * nsock_pcap.h -- Header for pcap operations functions from * + * the nsock parallel socket event library * + * * + ***********************IMPORTANT NSOCK LICENSE TERMS*********************** + * + * The nsock parallel socket event library is (C) 1999-2023 Nmap Software LLC + * This library is free software; you may redistribute and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; Version 2. This guarantees your right to use, modify, and + * redistribute this software under certain conditions. If this license is + * unacceptable to you, Nmap Software LLC may be willing to sell alternative + * licenses (contact sales@nmap.com ). + * + * As a special exception to the GPL terms, Nmap Software LLC grants permission + * to link the code of this program with any version of the OpenSSL library + * which is distributed under a license identical to that listed in the included + * docs/licenses/OpenSSL.txt file, and distribute linked combinations including + * the two. You must obey the GNU GPL in all respects for all of the code used + * other than OpenSSL. If you modify this file, you may extend this exception to + * your version of the file, but you are not obligated to do so. + * + * If you received these files with a written license agreement stating terms + * other than the (GPL) terms above, then that alternative license agreement + * takes precedence over this comment. + * + * Source is provided to this software because we believe users have a right to + * know exactly what a program is going to do before they run it. This also + * allows you to audit the software for security holes. + * + * Source code also allows you to port Nmap to new platforms, fix bugs, and add + * new features. You are highly encouraged to send your changes to the + * dev@nmap.org mailing list for possible incorporation into the main + * distribution. By sending these changes to Fyodor or one of the Insecure.Org + * development mailing lists, or checking them into the Nmap source code + * repository, it is understood (unless you specify otherwise) that you are + * offering the Nmap Project (Nmap Software LLC) the unlimited, non-exclusive + * right to reuse, modify, and relicense the code. Nmap will always be available + * Open Source, but this is important because the inability to relicense code + * has caused devastating problems for other Free Software projects (such as KDE + * and NASM). We also occasionally relicense the code to third parties as + * discussed above. If you wish to specify special license conditions of your + * contributions, just say so when you send them. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License v2.0 for more + * details (http://www.gnu.org/licenses/gpl-2.0.html). + * + ***************************************************************************/ + +/* $Id$ */ + +#ifndef NSOCK_PCAP_H +#define NSOCK_PCAP_H + +#include "nsock_internal.h" +#ifdef HAVE_PCAP + +#include "pcap.h" + +#include <string.h> +#include <stdarg.h> + +/* + * There are three possible ways to read packets from pcap descriptor: + * - select() on descriptor: + * this one is of course the best, but there are systems that + * don't support this like WIN32. This works perfectly for Linux. + * + * - select() + some hacks: + * this one is hack for older bsd systems, + * Descriptor *must* be set in nonblocking mode. + * + * - never do select(): + * this one is for WIN32 and other systems that return descriptor -1 + * from pcap_get_selectable_fd(). + * In this case descriptor *must* be set in nonblocking mode. + * If that fails than we can't do any sniffing from that box. + * + * In any case we try to set descriptor to non-blocking mode. + */ + +/* Returns whether the system supports pcap_get_selectable_fd() properly */ +#if !defined(WIN32) && !defined(SOLARIS_BPF_PCAP_CAPTURE) +#define PCAP_CAN_DO_SELECT 1 +#endif + +/* In some systems (like Windows), the pcap descriptor is not selectable. + * Therefore, we cannot just select() on it and expect it to wake us up and + * deliver a packet, but we need to poll it continuously. This define sets the + * frequency, in milliseconds, at which the pcap handle is polled to determine + * if there are any captured packets. Note that this is only used when + * PCAP_CAN_DO_SELECT is not defined and therefore it has no effect on systems + * like Linux. + */ +#define PCAP_POLL_INTERVAL 2 + +/* Note that on most versions of most BSDs (including Mac OS X) select() and + * poll() do not work correctly on BPF devices; pcap_get_selectable_fd() will + * return a file descriptor on most of those versions (the exceptions being + * FreeBSD 4.3 and 4.4), a simple select() or poll() will not return even after + * a timeout specified in pcap_open_live() expires. To work around this, an + * application that uses select() or poll() to wait for packets to arrive must + * put the pcap_t in non-blocking mode, and must arrange that the select() or + * poll() have a timeout less than or equal to the timeout specified in + * pcap_open_live(), and must try to read packets after that timeout expires, + * regardless of whether select() or poll() indicated that the file descriptor + * for the pcap_t is ready to be read or not. (That workaround will not work in + * FreeBSD 4.3 and later; however, in FreeBSD 4.6 and later, select() and poll() + * work correctly on BPF devices, so the workaround isn't necessary, although it + * does no harm.) + */ +#if defined(MACOSX) || defined(FREEBSD) || defined(OPENBSD) +/* Well, now select() is not receiving any pcap events on MACOSX, but maybe it + * will someday :) in both cases. It never hurts to enable this feature. It just + * has performance penalty. */ +#define PCAP_BSD_SELECT_HACK 1 +#endif + +/* Returns whether the packet receive time value obtained from libpcap + * (and thus by readip_pcap()) should be considered valid. When + * invalid (Windows and Amiga), readip_pcap returns the time you called it. */ +#if !defined(WIN32) && !defined(__amigaos__) +#define PCAP_RECV_TIMEVAL_VALID 1 +#endif + + +typedef struct{ + pcap_t *pt; + int pcap_desc; + /* Like the corresponding member in iod, when this reaches 0 we stop + * watching the socket for readability. */ + int readsd_count; + int datalink; + int l3_offset; + int snaplen; + char *pcap_device; +} mspcap; + +typedef struct{ + struct timeval ts; + int caplen; + int len; + const unsigned char *packet; /* caplen bytes */ +} nsock_pcap; + +int do_actual_pcap_read(struct nevent *nse); + +#endif /* HAVE_PCAP */ +#endif /* NSOCK_PCAP_H */ + |