1 # Original license 2 #------------------------------------------------------------------------------- 3 # Name: winpcapy.py 4 # 5 # Author: Massimo Ciani 6 # 7 # Created: 01/09/2009 8 # Copyright: (c) Massimo Ciani 2009 9 # 10 #------------------------------------------------------------------------------- 11 # Modified for scapy's usage 12 13 ## This file is part of Scapy 14 ## See http://www.secdev.org/projects/scapy for more informations 15 ## This program is published under a GPLv2 license 16 17 from ctypes import * 18 from ctypes.util import find_library 19 import sys, os 20 from scapy.consts import WINDOWS 21 22 HAVE_REMOTE=False 23 24 if WINDOWS: 25 HAVE_REMOTE=True 26 SOCKET = c_uint 27 npcap_folder = os.environ["WINDIR"] + "\\System32\\Npcap" 28 if os.path.exists(npcap_folder): 29 # Try to load npcap 30 os.environ['PATH'] = npcap_folder + ";" + os.environ['PATH'] 31 del npcap_folder 32 _lib=CDLL("wpcap.dll") 33 else: 34 SOCKET = c_int 35 _lib_name = find_library("pcap") 36 if not _lib_name: 37 raise OSError("Cannot fine libpcap.so library") 38 _lib=CDLL(_lib_name) 39 40 41 ## 42 ## misc 43 ## 44 u_short = c_ushort 45 bpf_int32 = c_int 46 u_int = c_int 47 bpf_u_int32 = u_int 48 pcap = c_void_p 49 pcap_dumper = c_void_p 50 u_char = c_ubyte 51 FILE = c_void_p 52 STRING = c_char_p 53 54 class bpf_insn(Structure): 55 _fields_=[("code",c_ushort), 56 ("jt",c_ubyte), 57 ("jf",c_ubyte), 58 ("k",bpf_u_int32)] 59 60 class bpf_program(Structure): 61 pass 62 bpf_program._fields_ = [('bf_len', u_int), 63 ('bf_insns', POINTER(bpf_insn))] 64 65 class bpf_version(Structure): 66 _fields_=[("bv_major",c_ushort), 67 ("bv_minor",c_ushort)] 68 69 70 class timeval(Structure): 71 pass 72 timeval._fields_ = [('tv_sec', c_long), 73 ('tv_usec', c_long)] 74 75 ## sockaddr is used by pcap_addr. 76 ## For example if sa_family==socket.AF_INET then we need cast 77 ## with sockaddr_in 78 if WINDOWS: 79 class sockaddr(Structure): 80 _fields_ = [("sa_family", c_ushort), 81 ("sa_data",c_ubyte * 14)] 82 83 class sockaddr_in(Structure): 84 _fields_ = [("sin_family", c_ushort), 85 ("sin_port", c_uint16), 86 ("sin_addr", 4 * c_ubyte)] 87 88 class sockaddr_in6(Structure): 89 _fields_ = [("sin6_family", c_ushort), 90 ("sin6_port", c_uint16), 91 ("sin6_flowinfo", c_uint32), 92 ("sin6_addr", 16 * c_ubyte), 93 ("sin6_scope", c_uint32)] 94 else: 95 class sockaddr(Structure): 96 _fields_ = [("sa_len", c_ubyte), 97 ("sa_family",c_ubyte), 98 ("sa_data",c_ubyte * 14)] 99 100 class sockaddr_in(Structure): 101 _fields_ = [("sin_len", c_ubyte), 102 ("sin_family", c_ubyte), 103 ("sin_port", c_uint16), 104 ("sin_addr", 4 * c_ubyte), 105 ("sin_zero", 8 * c_char)] 106 107 class sockaddr_in6(Structure): 108 _fields_ = [("sin6_len", c_ubyte), 109 ("sin6_family", c_ubyte), 110 ("sin6_port", c_uint16), 111 ("sin6_flowinfo", c_uint32), 112 ("sin6_addr", 16 * c_ubyte), 113 ("sin6_scope", c_uint32)] 114 115 class sockaddr_dl(Structure): 116 _fields_ = [("sdl_len", c_ubyte), 117 ("sdl_family", c_ubyte), 118 ("sdl_index", c_ushort), 119 ("sdl_type", c_ubyte), 120 ("sdl_nlen", c_ubyte), 121 ("sdl_alen", c_ubyte), 122 ("sdl_slen", c_ubyte), 123 ("sdl_data", 46 * c_ubyte)] 124 ## 125 ## END misc 126 ## 127 128 ## 129 ## Data Structures 130 ## 131 132 ## struct pcap_file_header 133 ## Header of a libpcap dump file. 134 class pcap_file_header(Structure): 135 _fields_ = [('magic', bpf_u_int32), 136 ('version_major', u_short), 137 ('version_minor', u_short), 138 ('thiszone', bpf_int32), 139 ('sigfigs', bpf_u_int32), 140 ('snaplen', bpf_u_int32), 141 ('linktype', bpf_u_int32)] 142 143 ## struct pcap_pkthdr 144 ## Header of a packet in the dump file. 145 class pcap_pkthdr(Structure): 146 _fields_ = [('ts', timeval), 147 ('caplen', bpf_u_int32), 148 ('len', bpf_u_int32)] 149 150 ## struct pcap_stat 151 ## Structure that keeps statistical values on an interface. 152 class pcap_stat(Structure): 153 pass 154 ### _fields_ list in Structure is final. 155 ### We need a temp list 156 _tmpList = [("ps_recv", c_uint), ("ps_drop", c_uint), ("ps_ifdrop", c_uint)] 157 if HAVE_REMOTE: 158 _tmpList.append(("ps_capt",c_uint)) 159 _tmpList.append(("ps_sent",c_uint)) 160 _tmpList.append(("ps_netdrop",c_uint)) 161 pcap_stat._fields_=_tmpList 162 163 ## struct pcap_addr 164 ## Representation of an interface address, used by pcap_findalldevs(). 165 class pcap_addr(Structure): 166 pass 167 pcap_addr._fields_ = [('next', POINTER(pcap_addr)), 168 ('addr', POINTER(sockaddr)), 169 ('netmask', POINTER(sockaddr)), 170 ('broadaddr', POINTER(sockaddr)), 171 ('dstaddr', POINTER(sockaddr))] 172 173 ## struct pcap_if 174 ## Item in a list of interfaces, used by pcap_findalldevs(). 175 class pcap_if(Structure): 176 pass 177 pcap_if._fields_ = [('next', POINTER(pcap_if)), 178 ('name', STRING), 179 ('description', STRING), 180 ('addresses', POINTER(pcap_addr)), 181 ('flags', bpf_u_int32)] 182 183 ## 184 ## END Data Structures 185 ## 186 187 ## 188 ## Defines 189 ## 190 191 ##define PCAP_VERSION_MAJOR 2 192 # Major libpcap dump file version. 193 PCAP_VERSION_MAJOR = 2 194 ##define PCAP_VERSION_MINOR 4 195 # Minor libpcap dump file version. 196 PCAP_VERSION_MINOR = 4 197 ##define PCAP_ERRBUF_SIZE 256 198 # Size to use when allocating the buffer that contains the libpcap errors. 199 PCAP_ERRBUF_SIZE = 256 200 ##define PCAP_IF_LOOPBACK 0x00000001 201 # interface is loopback 202 PCAP_IF_LOOPBACK = 1 203 ##define MODE_CAPT 0 204 # Capture mode, to be used when calling pcap_setmode(). 205 MODE_CAPT = 0 206 ##define MODE_STAT 1 207 # Statistical mode, to be used when calling pcap_setmode(). 208 MODE_STAT = 1 209 210 ## 211 ## END Defines 212 ## 213 214 ## 215 ## Typedefs 216 ## 217 218 #typedef int bpf_int32 (already defined) 219 # 32-bit integer 220 #typedef u_int bpf_u_int32 (already defined) 221 # 32-bit unsigned integer 222 #typedef struct pcap pcap_t 223 # Descriptor of an open capture instance. This structure is opaque to the user, that handles its content through the functions provided by wpcap.dll. 224 pcap_t = pcap 225 #typedef struct pcap_dumper pcap_dumper_t 226 # libpcap savefile descriptor. 227 pcap_dumper_t = pcap_dumper 228 #typedef struct pcap_if pcap_if_t 229 # Item in a list of interfaces, see pcap_if. 230 pcap_if_t = pcap_if 231 #typedef struct pcap_addr pcap_addr_t 232 # Representation of an interface address, see pcap_addr. 233 pcap_addr_t = pcap_addr 234 235 ## 236 ## END Typedefs 237 ## 238 239 240 241 242 243 # values for enumeration 'pcap_direction_t' 244 #pcap_direction_t = c_int # enum 245 246 ## 247 ## Unix-compatible Functions 248 ## These functions are part of the libpcap library, and therefore work both on Windows and on Linux. 249 ## 250 251 #typedef void(* pcap_handler )(u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 252 # Prototype of the callback function that receives the packets. 253 ## This one is defined from programmer 254 pcap_handler=CFUNCTYPE(None,POINTER(c_ubyte),POINTER(pcap_pkthdr),POINTER(c_ubyte)) 255 256 #pcap_t * pcap_open_live (const char *device, int snaplen, int promisc, int to_ms, char *ebuf) 257 # Open a live capture from the network. 258 pcap_open_live = _lib.pcap_open_live 259 pcap_open_live.restype = POINTER(pcap_t) 260 pcap_open_live.argtypes = [STRING, c_int, c_int, c_int, STRING] 261 262 #pcap_t * pcap_open_dead (int linktype, int snaplen) 263 # Create a pcap_t structure without starting a capture. 264 pcap_open_dead = _lib.pcap_open_dead 265 pcap_open_dead.restype = POINTER(pcap_t) 266 pcap_open_dead.argtypes = [c_int, c_int] 267 268 #pcap_t * pcap_open_offline (const char *fname, char *errbuf) 269 # Open a savefile in the tcpdump/libpcap format to read packets. 270 pcap_open_offline = _lib.pcap_open_offline 271 pcap_open_offline.restype = POINTER(pcap_t) 272 pcap_open_offline.argtypes = [STRING, STRING] 273 274 #pcap_dumper_t * pcap_dump_open (pcap_t *p, const char *fname) 275 # Open a file to write packets. 276 pcap_dump_open = _lib.pcap_dump_open 277 pcap_dump_open.restype = POINTER(pcap_dumper_t) 278 pcap_dump_open.argtypes = [POINTER(pcap_t), STRING] 279 280 #int pcap_setnonblock (pcap_t *p, int nonblock, char *errbuf) 281 # Switch between blocking and nonblocking mode. 282 pcap_setnonblock = _lib.pcap_setnonblock 283 pcap_setnonblock.restype = c_int 284 pcap_setnonblock.argtypes = [POINTER(pcap_t), c_int, STRING] 285 286 #int pcap_getnonblock (pcap_t *p, char *errbuf) 287 # Get the "non-blocking" state of an interface. 288 pcap_getnonblock = _lib.pcap_getnonblock 289 pcap_getnonblock.restype = c_int 290 pcap_getnonblock.argtypes = [POINTER(pcap_t), STRING] 291 292 #int pcap_findalldevs (pcap_if_t **alldevsp, char *errbuf) 293 # Construct a list of network devices that can be opened with pcap_open_live(). 294 pcap_findalldevs = _lib.pcap_findalldevs 295 pcap_findalldevs.restype = c_int 296 pcap_findalldevs.argtypes = [POINTER(POINTER(pcap_if_t)), STRING] 297 298 #void pcap_freealldevs (pcap_if_t *alldevsp) 299 # Free an interface list returned by pcap_findalldevs(). 300 pcap_freealldevs = _lib.pcap_freealldevs 301 pcap_freealldevs.restype = None 302 pcap_freealldevs.argtypes = [POINTER(pcap_if_t)] 303 304 #char * pcap_lookupdev (char *errbuf) 305 # Return the first valid device in the system. 306 pcap_lookupdev = _lib.pcap_lookupdev 307 pcap_lookupdev.restype = STRING 308 pcap_lookupdev.argtypes = [STRING] 309 310 #int pcap_lookupnet (const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, char *errbuf) 311 # Return the subnet and netmask of an interface. 312 pcap_lookupnet = _lib.pcap_lookupnet 313 pcap_lookupnet.restype = c_int 314 pcap_lookupnet.argtypes = [STRING, POINTER(bpf_u_int32), POINTER(bpf_u_int32), STRING] 315 316 #int pcap_dispatch (pcap_t *p, int cnt, pcap_handler callback, u_char *user) 317 # Collect a group of packets. 318 pcap_dispatch = _lib.pcap_dispatch 319 pcap_dispatch.restype = c_int 320 pcap_dispatch.argtypes = [POINTER(pcap_t), c_int, pcap_handler, POINTER(u_char)] 321 322 #int pcap_loop (pcap_t *p, int cnt, pcap_handler callback, u_char *user) 323 # Collect a group of packets. 324 pcap_loop = _lib.pcap_loop 325 pcap_loop.restype = c_int 326 pcap_loop.argtypes = [POINTER(pcap_t), c_int, pcap_handler, POINTER(u_char)] 327 328 #u_char * pcap_next (pcap_t *p, struct pcap_pkthdr *h) 329 # Return the next available packet. 330 pcap_next = _lib.pcap_next 331 pcap_next.restype = POINTER(u_char) 332 pcap_next.argtypes = [POINTER(pcap_t), POINTER(pcap_pkthdr)] 333 334 #int pcap_next_ex (pcap_t *p, struct pcap_pkthdr **pkt_header, const u_char **pkt_data) 335 # Read a packet from an interface or from an offline capture. 336 pcap_next_ex = _lib.pcap_next_ex 337 pcap_next_ex.restype = c_int 338 pcap_next_ex.argtypes = [POINTER(pcap_t), POINTER(POINTER(pcap_pkthdr)), POINTER(POINTER(u_char))] 339 340 #void pcap_breakloop (pcap_t *) 341 # set a flag that will force pcap_dispatch() or pcap_loop() to return rather than looping. 342 pcap_breakloop = _lib.pcap_breakloop 343 pcap_breakloop.restype = None 344 pcap_breakloop.argtypes = [POINTER(pcap_t)] 345 346 #int pcap_sendpacket (pcap_t *p, u_char *buf, int size) 347 # Send a raw packet. 348 pcap_sendpacket = _lib.pcap_sendpacket 349 pcap_sendpacket.restype = c_int 350 #pcap_sendpacket.argtypes = [POINTER(pcap_t), POINTER(u_char), c_int] 351 pcap_sendpacket.argtypes = [POINTER(pcap_t), c_void_p, c_int] 352 353 #void pcap_dump (u_char *user, const struct pcap_pkthdr *h, const u_char *sp) 354 # Save a packet to disk. 355 pcap_dump = _lib.pcap_dump 356 pcap_dump.restype = None 357 pcap_dump.argtypes = [POINTER(pcap_dumper_t), POINTER(pcap_pkthdr), POINTER(u_char)] 358 359 #long pcap_dump_ftell (pcap_dumper_t *) 360 # Return the file position for a "savefile". 361 pcap_dump_ftell = _lib.pcap_dump_ftell 362 pcap_dump_ftell.restype = c_long 363 pcap_dump_ftell.argtypes = [POINTER(pcap_dumper_t)] 364 365 #int pcap_compile (pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) 366 # Compile a packet filter, converting an high level filtering expression (see Filtering expression syntax) in a program that can be interpreted by the kernel-level filtering engine. 367 pcap_compile = _lib.pcap_compile 368 pcap_compile.restype = c_int 369 pcap_compile.argtypes = [POINTER(pcap_t), POINTER(bpf_program), STRING, c_int, bpf_u_int32] 370 371 #int pcap_compile_nopcap (int snaplen_arg, int linktype_arg, struct bpf_program *program, char *buf, int optimize, bpf_u_int32 mask) 372 # Compile a packet filter without the need of opening an adapter. This function converts an high level filtering expression (see Filtering expression syntax) in a program that can be interpreted by the kernel-level filtering engine. 373 pcap_compile_nopcap = _lib.pcap_compile_nopcap 374 pcap_compile_nopcap.restype = c_int 375 pcap_compile_nopcap.argtypes = [c_int, c_int, POINTER(bpf_program), STRING, c_int, bpf_u_int32] 376 377 #int pcap_setfilter (pcap_t *p, struct bpf_program *fp) 378 # Associate a filter to a capture. 379 pcap_setfilter = _lib.pcap_setfilter 380 pcap_setfilter.restype = c_int 381 pcap_setfilter.argtypes = [POINTER(pcap_t), POINTER(bpf_program)] 382 383 #void pcap_freecode (struct bpf_program *fp) 384 # Free a filter. 385 pcap_freecode = _lib.pcap_freecode 386 pcap_freecode.restype = None 387 pcap_freecode.argtypes = [POINTER(bpf_program)] 388 389 #int pcap_datalink (pcap_t *p) 390 # Return the link layer of an adapter. 391 pcap_datalink = _lib.pcap_datalink 392 pcap_datalink.restype = c_int 393 pcap_datalink.argtypes = [POINTER(pcap_t)] 394 395 #int pcap_list_datalinks (pcap_t *p, int **dlt_buf) 396 # list datalinks 397 pcap_list_datalinks = _lib.pcap_list_datalinks 398 pcap_list_datalinks.restype = c_int 399 #pcap_list_datalinks.argtypes = [POINTER(pcap_t), POINTER(POINTER(c_int))] 400 401 #int pcap_set_datalink (pcap_t *p, int dlt) 402 # Set the current data link type of the pcap descriptor to the type specified by dlt. -1 is returned on failure. 403 pcap_set_datalink = _lib.pcap_set_datalink 404 pcap_set_datalink.restype = c_int 405 pcap_set_datalink.argtypes = [POINTER(pcap_t), c_int] 406 407 #int pcap_datalink_name_to_val (const char *name) 408 # Translates a data link type name, which is a DLT_ name with the DLT_ removed, to the corresponding data link type value. The translation is case-insensitive. -1 is returned on failure. 409 pcap_datalink_name_to_val = _lib.pcap_datalink_name_to_val 410 pcap_datalink_name_to_val.restype = c_int 411 pcap_datalink_name_to_val.argtypes = [STRING] 412 413 #const char * pcap_datalink_val_to_name (int dlt) 414 # Translates a data link type value to the corresponding data link type name. NULL is returned on failure. 415 pcap_datalink_val_to_name = _lib.pcap_datalink_val_to_name 416 pcap_datalink_val_to_name.restype = STRING 417 pcap_datalink_val_to_name.argtypes = [c_int] 418 419 #const char * pcap_datalink_val_to_description (int dlt) 420 # Translates a data link type value to a short description of that data link type. NULL is returned on failure. 421 pcap_datalink_val_to_description = _lib.pcap_datalink_val_to_description 422 pcap_datalink_val_to_description.restype = STRING 423 pcap_datalink_val_to_description.argtypes = [c_int] 424 425 #int pcap_snapshot (pcap_t *p) 426 # Return the dimension of the packet portion (in bytes) that is delivered to the application. 427 pcap_snapshot = _lib.pcap_snapshot 428 pcap_snapshot.restype = c_int 429 pcap_snapshot.argtypes = [POINTER(pcap_t)] 430 431 #int pcap_is_swapped (pcap_t *p) 432 # returns true if the current savefile uses a different byte order than the current system. 433 pcap_is_swapped = _lib.pcap_is_swapped 434 pcap_is_swapped.restype = c_int 435 pcap_is_swapped.argtypes = [POINTER(pcap_t)] 436 437 #int pcap_major_version (pcap_t *p) 438 # return the major version number of the pcap library used to write the savefile. 439 pcap_major_version = _lib.pcap_major_version 440 pcap_major_version.restype = c_int 441 pcap_major_version.argtypes = [POINTER(pcap_t)] 442 443 #int pcap_minor_version (pcap_t *p) 444 # return the minor version number of the pcap library used to write the savefile. 445 pcap_minor_version = _lib.pcap_minor_version 446 pcap_minor_version.restype = c_int 447 pcap_minor_version.argtypes = [POINTER(pcap_t)] 448 449 #FILE * pcap_file (pcap_t *p) 450 # Return the standard stream of an offline capture. 451 pcap_file=_lib.pcap_file 452 pcap_file.restype = FILE 453 pcap_file.argtypes = [POINTER(pcap_t)] 454 455 #int pcap_stats (pcap_t *p, struct pcap_stat *ps) 456 # Return statistics on current capture. 457 pcap_stats = _lib.pcap_stats 458 pcap_stats.restype = c_int 459 pcap_stats.argtypes = [POINTER(pcap_t), POINTER(pcap_stat)] 460 461 #void pcap_perror (pcap_t *p, char *prefix) 462 # print the text of the last pcap library error on stderr, prefixed by prefix. 463 pcap_perror = _lib.pcap_perror 464 pcap_perror.restype = None 465 pcap_perror.argtypes = [POINTER(pcap_t), STRING] 466 467 #char * pcap_geterr (pcap_t *p) 468 # return the error text pertaining to the last pcap library error. 469 pcap_geterr = _lib.pcap_geterr 470 pcap_geterr.restype = STRING 471 pcap_geterr.argtypes = [POINTER(pcap_t)] 472 473 #char * pcap_strerror (int error) 474 # Provided in case strerror() isn't available. 475 pcap_strerror = _lib.pcap_strerror 476 pcap_strerror.restype = STRING 477 pcap_strerror.argtypes = [c_int] 478 479 #const char * pcap_lib_version (void) 480 # Returns a pointer to a string giving information about the version of the libpcap library being used; note that it contains more information than just a version number. 481 pcap_lib_version = _lib.pcap_lib_version 482 pcap_lib_version.restype = STRING 483 pcap_lib_version.argtypes = [] 484 485 #void pcap_close (pcap_t *p) 486 # close the files associated with p and deallocates resources. 487 pcap_close = _lib.pcap_close 488 pcap_close.restype = None 489 pcap_close.argtypes = [POINTER(pcap_t)] 490 491 #FILE * pcap_dump_file (pcap_dumper_t *p) 492 # return the standard I/O stream of the 'savefile' opened by pcap_dump_open(). 493 pcap_dump_file=_lib.pcap_dump_file 494 pcap_dump_file.restype=FILE 495 pcap_dump_file.argtypes= [POINTER(pcap_dumper_t)] 496 497 #int pcap_dump_flush (pcap_dumper_t *p) 498 # Flushes the output buffer to the ``savefile,'' so that any packets written with pcap_dump() but not yet written to the ``savefile'' will be written. -1 is returned on error, 0 on success. 499 pcap_dump_flush = _lib.pcap_dump_flush 500 pcap_dump_flush.restype = c_int 501 pcap_dump_flush.argtypes = [POINTER(pcap_dumper_t)] 502 503 #void pcap_dump_close (pcap_dumper_t *p) 504 # Closes a savefile. 505 pcap_dump_close = _lib.pcap_dump_close 506 pcap_dump_close.restype = None 507 pcap_dump_close.argtypes = [POINTER(pcap_dumper_t)] 508 509 if not WINDOWS: 510 #int pcap_get_selectable_fd(pcap_t, *p) 511 # Returns, on UNIX, a file descriptor number for a file descriptor on which one can do a select(), poll(). -1 is returned if no such descriptor exists. 512 pcap_get_selectable_fd = _lib.pcap_get_selectable_fd 513 pcap_get_selectable_fd.restype = c_int 514 pcap_get_selectable_fd.argtypes = [POINTER(pcap_t)] 515 516 ########################################### 517 ## Windows-specific Extensions 518 ## The functions in this section extend libpcap to offer advanced functionalities 519 ## (like remote packet capture, packet buffer size variation or high-precision packet injection). 520 ## Howerver, at the moment they can be used only in Windows. 521 ########################################### 522 if WINDOWS: 523 HANDLE = c_void_p 524 525 ############## 526 ## Identifiers related to the new source syntax 527 ############## 528 #define PCAP_SRC_FILE 2 529 #define PCAP_SRC_IFLOCAL 3 530 #define PCAP_SRC_IFREMOTE 4 531 #Internal representation of the type of source in use (file, remote/local interface). 532 PCAP_SRC_FILE = 2 533 PCAP_SRC_IFLOCAL = 3 534 PCAP_SRC_IFREMOTE = 4 535 536 ############## 537 ## Strings related to the new source syntax 538 ############## 539 #define PCAP_SRC_FILE_STRING "file://" 540 #define PCAP_SRC_IF_STRING "rpcap://" 541 #String that will be used to determine the type of source in use (file, remote/local interface). 542 PCAP_SRC_FILE_STRING="file://" 543 PCAP_SRC_IF_STRING="rpcap://" 544 545 ############## 546 ## Flags defined in the pcap_open() function 547 ############## 548 # define PCAP_OPENFLAG_PROMISCUOUS 1 549 # Defines if the adapter has to go in promiscuous mode. 550 PCAP_OPENFLAG_PROMISCUOUS=1 551 # define PCAP_OPENFLAG_DATATX_UDP 2 552 # Defines if the data transfer (in case of a remote capture) has to be done with UDP protocol. 553 PCAP_OPENFLAG_DATATX_UDP=2 554 # define PCAP_OPENFLAG_NOCAPTURE_RPCAP 4 555 PCAP_OPENFLAG_NOCAPTURE_RPCAP=4 556 # Defines if the remote probe will capture its own generated traffic. 557 # define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 558 PCAP_OPENFLAG_NOCAPTURE_LOCAL = 8 559 # define PCAP_OPENFLAG_MAX_RESPONSIVENESS 16 560 # This flag configures the adapter for maximum responsiveness. 561 PCAP_OPENFLAG_MAX_RESPONSIVENESS=16 562 563 ############## 564 ## Sampling methods defined in the pcap_setsampling() function 565 ############## 566 # define PCAP_SAMP_NOSAMP 0 567 # No sampling has to be done on the current capture. 568 PCAP_SAMP_NOSAMP=0 569 # define PCAP_SAMP_1_EVERY_N 1 570 # It defines that only 1 out of N packets must be returned to the user. 571 PCAP_SAMP_1_EVERY_N=1 572 #define PCAP_SAMP_FIRST_AFTER_N_MS 2 573 # It defines that we have to return 1 packet every N milliseconds. 574 PCAP_SAMP_FIRST_AFTER_N_MS=2 575 576 ############## 577 ## Authentication methods supported by the RPCAP protocol 578 ############## 579 # define RPCAP_RMTAUTH_NULL 0 580 # It defines the NULL authentication. 581 RPCAP_RMTAUTH_NULL=0 582 # define RPCAP_RMTAUTH_PWD 1 583 # It defines the username/password authentication. 584 RPCAP_RMTAUTH_PWD=1 585 586 587 ############## 588 ## Remote struct and defines 589 ############## 590 # define PCAP_BUF_SIZE 1024 591 # Defines the maximum buffer size in which address, port, interface names are kept. 592 PCAP_BUF_SIZE = 1024 593 # define RPCAP_HOSTLIST_SIZE 1024 594 # Maximum length of an host name (needed for the RPCAP active mode). 595 RPCAP_HOSTLIST_SIZE = 1024 596 597 class pcap_send_queue(Structure): 598 _fields_=[("maxlen",c_uint), 599 ("len",c_uint), 600 ("buffer",c_char_p)] 601 602 ## struct pcap_rmtauth 603 ## This structure keeps the information needed to autheticate the user on a remote machine 604 class pcap_rmtauth(Structure): 605 _fields_=[("type",c_int), 606 ("username",c_char_p), 607 ("password",c_char_p)] 608 609 ## struct pcap_samp 610 ## This structure defines the information related to sampling 611 class pcap_samp(Structure): 612 _fields_=[("method",c_int), 613 ("value",c_int)] 614 615 #PAirpcapHandle pcap_get_airpcap_handle (pcap_t *p) 616 # Returns the AirPcap handler associated with an adapter. This handler can be used to change the wireless-related settings of the CACE Technologies AirPcap wireless capture adapters. 617 618 #bool pcap_offline_filter (struct bpf_program *prog, const struct pcap_pkthdr *header, const u_char *pkt_data) 619 # Returns if a given filter applies to an offline packet. 620 pcap_offline_filter = _lib.pcap_offline_filter 621 pcap_offline_filter.restype = c_bool 622 pcap_offline_filter.argtypes = [POINTER(bpf_program),POINTER(pcap_pkthdr),POINTER(u_char)] 623 624 #int pcap_live_dump (pcap_t *p, char *filename, int maxsize, int maxpacks) 625 # Save a capture to file. 626 pcap_live_dump = _lib.pcap_live_dump 627 pcap_live_dump.restype = c_int 628 pcap_live_dump.argtypes = [POINTER(pcap_t), POINTER(c_char), c_int,c_int] 629 630 #int pcap_live_dump_ended (pcap_t *p, int sync) 631 # Return the status of the kernel dump process, i.e. tells if one of the limits defined with pcap_live_dump() has been reached. 632 pcap_live_dump_ended = _lib.pcap_live_dump_ended 633 pcap_live_dump_ended.restype = c_int 634 pcap_live_dump_ended.argtypes = [POINTER(pcap_t), c_int] 635 636 #struct pcap_stat * pcap_stats_ex (pcap_t *p, int *pcap_stat_size) 637 # Return statistics on current capture. 638 pcap_stats_ex = _lib.pcap_stats_ex 639 pcap_stats_ex.restype = POINTER(pcap_stat) 640 pcap_stats_ex.argtypes = [POINTER(pcap_t), POINTER(c_int)] 641 642 #int pcap_setbuff (pcap_t *p, int dim) 643 # Set the size of the kernel buffer associated with an adapter. 644 pcap_setbuff = _lib.pcap_setbuff 645 pcap_setbuff.restype = c_int 646 pcap_setbuff.argtypes = [POINTER(pcap_t), c_int] 647 648 #int pcap_setmode (pcap_t *p, int mode) 649 # Set the working mode of the interface p to mode. 650 pcap_setmode = _lib.pcap_setmode 651 pcap_setmode.restype = c_int 652 pcap_setmode.argtypes = [POINTER(pcap_t), c_int] 653 654 #int pcap_setmintocopy (pcap_t *p, int size) 655 # Set the minumum amount of data received by the kernel in a single call. 656 pcap_setmintocopy = _lib.pcap_setmintocopy 657 pcap_setmintocopy.restype = c_int 658 pcap_setmintocopy.argtype = [POINTER(pcap_t), c_int] 659 660 #HANDLE pcap_getevent (pcap_t *p) 661 # Return the handle of the event associated with the interface p. 662 pcap_getevent = _lib.pcap_getevent 663 pcap_getevent.restype = HANDLE 664 pcap_getevent.argtypes = [POINTER(pcap_t)] 665 666 #pcap_send_queue * pcap_sendqueue_alloc (u_int memsize) 667 # Allocate a send queue. 668 pcap_sendqueue_alloc = _lib.pcap_sendqueue_alloc 669 pcap_sendqueue_alloc.restype = POINTER(pcap_send_queue) 670 pcap_sendqueue_alloc.argtypes = [c_uint] 671 672 #void pcap_sendqueue_destroy (pcap_send_queue *queue) 673 # Destroy a send queue. 674 pcap_sendqueue_destroy = _lib.pcap_sendqueue_destroy 675 pcap_sendqueue_destroy.restype = None 676 pcap_sendqueue_destroy.argtypes = [POINTER(pcap_send_queue)] 677 678 #int pcap_sendqueue_queue (pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 679 # Add a packet to a send queue. 680 pcap_sendqueue_queue = _lib.pcap_sendqueue_queue 681 pcap_sendqueue_queue.restype = c_int 682 pcap_sendqueue_queue.argtypes = [POINTER(pcap_send_queue), POINTER(pcap_pkthdr), POINTER(u_char)] 683 684 #u_int pcap_sendqueue_transmit (pcap_t *p, pcap_send_queue *queue, int sync) 685 # Send a queue of raw packets to the network. 686 pcap_sendqueue_transmit = _lib.pcap_sendqueue_transmit 687 pcap_sendqueue_transmit.retype = u_int 688 pcap_sendqueue_transmit.argtypes = [POINTER(pcap_t), POINTER(pcap_send_queue), c_int] 689 690 #int pcap_findalldevs_ex (char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) 691 # Create a list of network devices that can be opened with pcap_open(). 692 pcap_findalldevs_ex = _lib.pcap_findalldevs_ex 693 pcap_findalldevs_ex.retype = c_int 694 pcap_findalldevs_ex.argtypes = [STRING, POINTER(pcap_rmtauth), POINTER(POINTER(pcap_if_t)), STRING] 695 696 #int pcap_createsrcstr (char *source, int type, const char *host, const char *port, const char *name, char *errbuf) 697 # Accept a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). 698 pcap_createsrcstr = _lib.pcap_createsrcstr 699 pcap_createsrcstr.restype = c_int 700 pcap_createsrcstr.argtypes = [STRING, c_int, STRING, STRING, STRING, STRING] 701 702 #int pcap_parsesrcstr (const char *source, int *type, char *host, char *port, char *name, char *errbuf) 703 # Parse the source string and returns the pieces in which the source can be split. 704 pcap_parsesrcstr = _lib.pcap_parsesrcstr 705 pcap_parsesrcstr.retype = c_int 706 pcap_parsesrcstr.argtypes = [STRING, POINTER(c_int), STRING, STRING, STRING, STRING] 707 708 #pcap_t * pcap_open (const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf) 709 # Open a generic source in order to capture / send (WinPcap only) traffic. 710 pcap_open = _lib.pcap_open 711 pcap_open.restype = POINTER(pcap_t) 712 pcap_open.argtypes = [STRING, c_int, c_int, c_int, POINTER(pcap_rmtauth), STRING] 713 714 #struct pcap_samp * pcap_setsampling (pcap_t *p) 715 # Define a sampling method for packet capture. 716 pcap_setsampling = _lib.pcap_setsampling 717 pcap_setsampling.restype = POINTER(pcap_samp) 718 pcap_setsampling.argtypes = [POINTER(pcap_t)] 719 720 #SOCKET pcap_remoteact_accept (const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf) 721 # Block until a network connection is accepted (active mode only). 722 pcap_remoteact_accept = _lib.pcap_remoteact_accept 723 pcap_remoteact_accept.restype = SOCKET 724 pcap_remoteact_accept.argtypes = [STRING, STRING, STRING, STRING, POINTER(pcap_rmtauth), STRING] 725 726 #int pcap_remoteact_close (const char *host, char *errbuf) 727 # Drop an active connection (active mode only). 728 pcap_remoteact_close = _lib.pcap_remoteact_close 729 pcap_remoteact_close.restypes = c_int 730 pcap_remoteact_close.argtypes = [STRING, STRING] 731 732 #void pcap_remoteact_cleanup () 733 # Clean the socket that is currently used in waiting active connections. 734 pcap_remoteact_cleanup = _lib.pcap_remoteact_cleanup 735 pcap_remoteact_cleanup.restypes = None 736 pcap_remoteact_cleanup.argtypes = [] 737 738 #int pcap_remoteact_list (char *hostlist, char sep, int size, char *errbuf) 739 # Return the hostname of the host that have an active connection with us (active mode only). 740 pcap_remoteact_list = _lib.pcap_remoteact_list 741 pcap_remoteact_list.restype = c_int 742 pcap_remoteact_list.argtypes = [STRING, c_char, c_int, STRING] 743