00001 /***************************************************************************** 00002 * Copyright 2005 Daniel Ferullo * 00003 * * 00004 * Licensed under the Apache License, Version 2.0 (the "License"); * 00005 * you may not use this file except in compliance with the License. * 00006 * You may obtain a copy of the License at * 00007 * * 00008 * http://www.apache.org/licenses/LICENSE-2.0 * 00009 * * 00010 * Unless required by applicable law or agreed to in writing, software * 00011 * distributed under the License is distributed on an "AS IS" BASIS, * 00012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * 00013 * See the License for the specific language governing permissions and * 00014 * limitations under the License. * 00015 * * 00016 *****************************************************************************/ 00017 00018 /** 00019 * @file sniff_private.h 00020 * @author Daniel Ferullo (ferullo@cmu.edu) 00021 * 00022 * @brief prototypes for private sniffing functions 00023 */ 00024 00025 #ifndef __SNIFF_PRIVATE_H__ 00026 #define __SNIFF_PRIVATE_H__ 00027 00028 #include <pcap.h> 00029 00030 /** 00031 * @brief initializes the pcap functions 00032 * 00033 * @param pcap_desc pointer pointer to fill in with the pcap descriptor 00034 * @param device the network device to capture on 00035 * @param timeout timeout in ms to use when capturing packets, -1 = no timeout 00036 * @param errbuf the pcap error buffer to use 00037 * @param errbuf_len the length of the error buffer 00038 * 00039 * @return SUCCESS, errorcode on failure 00040 */ 00041 00042 errorcode init_packet_capture(pcap_t **pcap_desc, char *device, int timeout, 00043 char *errbuf, long errbuf_len ); 00044 00045 /** 00046 * @brief finds a tcp packet, looping over all captured packets until the 00047 * correct one is found 00048 * 00049 * If the passed in flag takes on any value other than FLAG_UNSET then this 00050 * function will return early 00051 * 00052 * @param pcap_desc the pcap descriptor 00053 * @param tcp_skeleton the tcp skeleton to look for. source and destination 00054 * ip/port pairs as well as SYN/ACK flags will be matched on, and the 00055 * skeleton will have the seq_num, ack_num fields filled in if there is 00056 * a match 00057 * @param break_flag if the flag value is ever anything except FLAG_UNSET then 00058 * the function returns early 00059 * @param payload a pointer pointer to fill in with a pointer to the payload 00060 * if NULL the the value is not set 00061 * @param payload_len a pointer to a place to put the payload length. Can be 00062 * NULL 00063 * 00064 * @return SUCCESS, errorcode on failure 00065 */ 00066 errorcode find_tcp_packet(pcap_t *pcap_desc, tcp_packet_info_t *tcp_skeleton, 00067 flag_t *break_flag, unsigned char **payload, 00068 unsigned long *payload_len); 00069 /** 00070 * 00071 * @param packet pointer the the start of the captured packet 00072 * @param tcp_skeleton pointer to a tcp_info_t will filled in source and 00073 * destination ip/port pairs, along with SYN/ACK flags set/unset. If 00074 * the s/d_ip/port fields are set the the respective unknown values then 00075 * they will be ignored when matching against a sniffed packet. The 00076 * seq_num, ack_num, and window fields will be filled in if a packet 00077 * matches the other fields 00078 * @param payload a pointer pointer to fill in with a pointer to the payload. 00079 * if NULL then the value is not set. 00080 * @param payload_len a pointer to a place to put the length the tcp header 00081 * says the payload is. THIS IS NOT NECESSARILY THE LENGTH OF THE 00082 * PAYLOAD RETURNED, SINCE PCAP MIGHT NOT RETURN THE ENTIRE PAYLOAD. 00083 * This parameter can be NULL. The pointer points into a buffer 00084 * allocated by libpcap, so the value may change in the buffer. 00085 * 00086 * @return SUCCESS, errorcode on failure 00087 */ 00088 errorcode process_packet(unsigned char*packet, 00089 tcp_packet_info_t *tcp_skeleton, unsigned char **payload, 00090 unsigned long *payload_len); 00091 00092 #endif /* __SNIFF_PRIVATE_H__ */