tcpdump.h 2.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2024 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #pragma once
  20. /* line buffer stdout, read from stdin */
  21. #define TCPDUMP_ARGS " -n -l -r -"
  22. /* max number of tcpdump options; must be a multiple of 4 */
  23. #define OPTIONS_VEC_SIZE 32
  24. /* how long to wait (in ms) to write to tcpdump */
  25. #define TCPDUMP_POLL_TIMEOUT 500
  26. /* delim to be used for strtok() to process tcpdump args */
  27. #define OPT_DELIM " -"
  28. /* output file of data passed to tcpdump when debug level 5 is enabled */
  29. #define TCPDUMP_DEBUG "tcpdump.debug"
  30. /* taken from libpcap's savefile.c */
  31. #define TCPDUMP_MAGIC 0xa1b2c3d4
  32. #define PATCHED_TCPDUMP_MAGIC 0xa1b2cd34
  33. #define TCPDUMP_DECODE_LEN 65535
  34. /*
  35. * fork a copy of tcpdump so we can parse packets and print to the screen. We
  36. * don't allow tcpdump to write directly to the screen, otherwise there
  37. * will be a garbled up mess. Instead we pipe it back to this program and
  38. * print when we are ready to do so.
  39. *
  40. * parent: this program
  41. * child: tcpdump
  42. *
  43. * pipes are unidirectional, so we need to set up 2 pipes:
  44. *
  45. * 1. data from parent to child's STDIN
  46. * 2. child's STDOUT to this program
  47. */
  48. #define NUM_PIPES 2
  49. /* unidirectional rule for pipes: pipe[0] for read, pipe[1] for writes */
  50. enum {
  51. READ_FD,
  52. WRITE_FD,
  53. };
  54. enum {
  55. PARENT_READ_PIPE,
  56. PARENT_WRITE_PIPE,
  57. };
  58. #define PARENT_READ_FD (tcpdump->pipes[PARENT_READ_PIPE][READ_FD])
  59. #define PARENT_WRITE_FD (tcpdump->pipes[PARENT_WRITE_PIPE][WRITE_FD])
  60. #define CHILD_READ_FD (tcpdump->pipes[PARENT_WRITE_PIPE][READ_FD])
  61. #define CHILD_WRITE_FD (tcpdump->pipes[PARENT_READ_PIPE][WRITE_FD])
  62. typedef struct tcpdump_s {
  63. char *filename;
  64. char *args;
  65. struct pcap_file_header pfh;
  66. int pid;
  67. int pipes[NUM_PIPES][2];
  68. /* following vars are for figuring out exactly what we send to
  69. * tcpdump. See TCPDUMP_DEBUG
  70. */
  71. #ifdef DEBUG
  72. int debugfd;
  73. char debugfile[255];
  74. #endif
  75. } tcpdump_t;
  76. // int tcpdump_init(tcpdump_t *tcpdump);
  77. int tcpdump_open(tcpdump_t *tcpdump, pcap_t *pcap);
  78. // int tcpdump_open_live(tcpdump_t *tcpdump, pcap_t *pcap);
  79. int tcpdump_print(tcpdump_t *tcpdump, struct pcap_pkthdr *pkthdr, const u_char *data);
  80. void tcpdump_close(tcpdump_t *tcpdump);