pcap-new.c

用来监视网络通信数据的源代码和应用程序,方便网络程序底层开发.

/*
 * Copyright (c) 2002 - 2003
 * NetGroup, Politecnico di Torino (Italy)
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions 
 * are met:
 * 
 * 1. Redistributions of source code must retain the above copyright 
 * notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright 
 * notice, this list of conditions and the following disclaimer in the 
 * documentation and/or other materials provided with the distribution. 
 * 3. Neither the name of the Politecnico di Torino nor the names of its 
 * contributors may be used to endorse or promote products derived from 
 * this software without specific prior written permission. 
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 * 
 */

#include <pcap-int.h>	// for the details of the pcap_t structure
#include <pcap-remote.h>
#include <sockutils.h>
#include <errno.h>		// for the errno variable
#include <stdlib.h>		// for malloc(), free(), ...
#include <string.h>		// for strstr, etc

#ifndef WIN32
#include <dirent.h>		// for readdir
#endif



//! Keeps a list of all the opened connections in the active mode.
extern struct activehosts *activeHosts;


/*!
	\brief Keeps the main socket identifier when we want to accept a new remote connection (active mode only).

	See the documentation of pcap_remoteact_accept() and pcap_remoteact_cleanup() for more details.
*/
SOCKET sockmain;


//! String identifier to be used in the pcap_findalldevs_ex()
#define PCAP_TEXT_SOURCE_FILE "File"
//! String identifier to be used in the pcap_findalldevs_ex()
#define PCAP_TEXT_SOURCE_ADAPTER "Network adapter"

//! String identifier to be used in the pcap_findalldevs_ex()
#define PCAP_TEXT_SOURCE_ON_LOCAL_HOST "on local host"
//! String identifier to be used in the pcap_findalldevs_ex()
#define PCAP_TEXT_SOURCE_ON_REMOTE_HOST "on remote node"



/****************************************************
 *                                                  *
 * Function bodies                                  *
 *                                                  *
 ****************************************************/


/*! \ingroup wpcapfunc
	\brief It creates a list of network devices that can be opened with pcap_open().
	
	This function is a superset of the old 'pcap_findalldevs()', which is obsolete, and which
	allows listing only the devices present on the local machine.
	Vice versa, pcap_findalldevs_ex() allows listing the devices present on a remote 
	machine as well. Additionally, it can list all the pcap files available into a given folder.
	Moreover, pcap_findalldevs_ex() is platform independent, since it
	relies on the standard pcap_findalldevs() to get addresses on the local machine.

	In case the function has to list the interfaces on a remote machine, it opens a new control
	connection toward that machine, it retrieves the interfaces, and it drops the connection.
	However, if this function detects that the remote machine is in 'active' mode,
	the connection is not dropped and the existing socket is used.

	The 'source' is a parameter that tells the function where the lookup has to be done and
	it uses the same syntax of the pcap_open().

	Differently from the pcap_findalldevs(), the interface names (pointed by the alldevs->name
	and the other ones in the linked list) are already ready to be used in the pcap_open() call.
	Vice versa, the output that comes from pcap_findalldevs() must be formatted with the new
	pcap_createsrcstr() before passing the source identifier to the pcap_open().

	\param source: a char* buffer that keeps the 'source localtion', according to the new WinPcap
	syntax. This source will be examined looking for adapters (local or remote) (e.g. source
	can be 'rpcap://' for local adapters or 'rpcap://host:port' for adapters on a remote host)
	or pcap files (e.g. source can be 'file://c:/myfolder/').<br>
	The strings that must be prepended to the 'source' in order to define if we want
	local/remote adapters or files is defined in the new \link remote_source_string Source 
	Specification Syntax \endlink.

	\param auth: a pointer to a pcap_rmtauth structure. This pointer keeps the information
	required to authenticate the RPCAP connection to the remote host.
	This parameter is not meaningful in case of a query to the local host: in that case
	it can be NULL.

	\param alldevs: a 'struct pcap_if_t' pointer, which will be properly allocated inside
	this function. When the function returns, it is set to point to the first element 
	of the interface list; each element of the list is of type 'struct pcap_if_t'.

	\param errbuf: a pointer to a user-allocated buffer (of size PCAP_ERRBUF_SIZE)
	that will contain the error message (in case there is one).

	\return '0' if everything is fine, '-1' if some errors occurred. The list of the devices 
	is returned in the 'alldevs' variable.
	When the function returns correctly, 'alldevs' cannot be NULL. In other words, this 
	function returns '-1' also in case the system does not have any interface to list.

	The error message is returned in the 'errbuf' variable. An error could be due to 
	several reasons:
	- libpcap/WinPcap was not installed on the local/remote host
	- the user does not have enough privileges to list the devices / files
	- a network problem
	- the RPCAP version negotiation failed
	- other errors (not enough memory and others).
	
	\warning There may be network devices that cannot be opened with pcap_open() by the process
	calling pcap_findalldevs(), because, for example, that process might not have
	sufficient privileges to open them for capturing; if so, those devices will not 
	appear on the list.

	\warning The interface list must be deallocated manually by using the pcap_freealldevs().
*/
int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) 
{
SOCKET sockctrl;			// socket descriptor of the control connection
unsigned int nread= 0;		// number of bytes of the payload read from the socket
struct addrinfo hints;		// temp variable needed to resove hostnames into to socket representation
struct addrinfo *addrinfo;	// temp variable needed to resove hostnames into to socket representation
struct rpcap_header header;	// structure that keeps the general header of the rpcap protocol
int i,j;		// temp variables
int naddr;		// temp var needed to avoid problems with IPv6 addresses
int retval;		// store the return value of the functions
int nif;		// Number of interfaces listed
int active= 0;	// 'true' if we the other end-party is in active mode
char host[PCAP_BUF_SIZE], port[PCAP_BUF_SIZE], name[PCAP_BUF_SIZE], path[PCAP_BUF_SIZE], filename[PCAP_BUF_SIZE];
int type;
pcap_t *fp;
char tmpstring[PCAP_BUF_SIZE + 1];		// Needed to convert names and descriptions from 'old' syntax to the 'new' one
pcap_if_t *dev;		// Previous device into the pcap_if_t chain


	if (strlen(source) > PCAP_BUF_SIZE)
	{
		snprintf(errbuf, PCAP_ERRBUF_SIZE, "The source string is too long. Cannot handle it correctly.");
		return -1;
	}

	// Determine the type of the source (file, local, remote)
	// There are some differences if pcap_findalldevs_ex() is called to list files and remote adapters.
	// In the first case, the name of the directory we have to look into must be present (therefore
	// the 'name' parameter of the pcap_parsesrcstr() is present).
	// In the second case, the name of the adapter is not required (we need just the host). So, we have 
	// to use a first time this function to get the source type, and a second time to get the appropriate
	// info, which depends on the source type.
	if (pcap_parsesrcstr(source, &type, NULL, NULL, NULL, errbuf) == -1)
		return -1;

	if (type == PCAP_SRC_IFLOCAL)
	{
		if (pcap_parsesrcstr(source, &type, host, NULL, NULL, errbuf) == -1)
			return -1;

		// Initialize temporary string
		tmpstring[PCAP_BUF_SIZE]= 0;

		// The user wants to retrieve adapters from a local host
		if (pcap_findalldevs(alldevs, errbuf) == -1)
			return -1;

		if ( (alldevs == NULL) || (*alldevs == NULL) )
		{
			snprintf(errbuf, PCAP_ERRBUF_SIZE,
				"No interfaces found! Make sure libpcap/WinPcap is properly installed"
				" on the local machine.");
			return -1;
		}

		// Scan all the interfaces and modify name and description
		// This is a trick in order to avoid the re-implementation of the pcap_findalldevs here
		dev= *alldevs;
		while (dev)
		{
			// Create the new device identifier
			if (pcap_createsrcstr(tmpstring, PCAP_SRC_IFLOCAL, NULL, NULL, dev->name, errbuf) == -1)
				return -1;

			// Delete the old pointer
			free(dev->name);

			dev->name= (char *) malloc( strlen(tmpstring) + 1);

			if (dev->name == NULL)
			{
				snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
				return -1;
			}

			// Copy the new device identifier into the correct memory location
			strncpy(dev->name, tmpstring, strlen(tmpstring) + 1);


			// Create the new device description
			if ( (dev->description == NULL) || (dev->description[0] == 0) )
				snprintf(tmpstring, sizeof(tmpstring) - 1, "%s '%s' %s", PCAP_TEXT_SOURCE_ADAPTER, 
					dev->name, PCAP_TEXT_SOURCE_ON_LOCAL_HOST);
			else
				snprintf(tmpstring, sizeof(tmpstring) - 1, "%s '%s' %s", PCAP_TEXT_SOURCE_ADAPTER, 
					dev->description, PCAP_TEXT_SOURCE_ON_LOCAL_HOST);

			// Delete the old pointer
			free(dev->description);

			dev->description= (char *) malloc( strlen(tmpstring) + 1);

			if (dev->description == NULL)
			{
				snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
				return -1;
			}

			// Copy the new device description into the correct memory location
			strncpy(dev->description, tmpstring, strlen(tmpstring) + 1);

			dev= dev->next;
		}

		return 0;
	}

	(*alldevs)= NULL;

	if (type == PCAP_SRC_FILE)
	{
	int stringlen;
#ifdef WIN32
	WIN32_FIND_DATA filedata; 
	HANDLE filehandle; 
#else
	struct dirent *filedata;
	DIR *unixdir;
#endif

		if (pcap_parsesrcstr(source, &type, host, port, name, errbuf) == -1)
			return -1;

		// Check that the filename is correct
		stringlen= strlen(name);

		// The directory must end with '\' in Win32 and '/' in UNIX
#ifdef WIN32
	#define ENDING_CHAR '\\'
#else
	#define ENDING_CHAR '/'
#endif

		if (name[stringlen - 1] != ENDING_CHAR )
		{
			name[stringlen]= ENDING_CHAR;
			name[stringlen + 1]= 0;

			stringlen++;
		}
		
		// Save the path for future reference
		snprintf(path, sizeof(path), "%s", name);

#ifdef WIN32
		// To perform directory listing, Win32 must have an 'asterisk' as ending char
		if (name[stringlen - 1] != '*' )
		{
			name[stringlen]= '*';
			name[stringlen + 1]= 0;
		}

		filehandle = FindFirstFile(name, &filedata);

		if (filehandle == INVALID_HANDLE_VALUE)
		{
			snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
			return -1;
		}

#else
		// opening the folder
		unixdir= opendir(path);

		// get the first file into it
		filedata= readdir(unixdir);

		if (filedata == NULL)
		{
			snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
			return -1;
		}
#endif

		do
		{

#ifdef WIN32
			snprintf(filename, sizeof(filename), "%s%s", path, filedata.cFileName);
#else
			snprintf(filename, sizeof(filename), "%s%s", path, filedata->d_name);
#endif

			fp= pcap_open_offline(filename, errbuf);

			if (fp)
			{
				// allocate the main structure
				if (*alldevs == NULL)	// This is in case it is the first file
				{
					(*alldevs)= (pcap_if_t *) malloc(sizeof(pcap_if_t) );
					dev= (*alldevs);
				}
				else
				{
					dev->next= (pcap_if_t *) malloc(sizeof(pcap_if_t) );
					dev= dev->next;
				}

				// check that the malloc() didn't fail
				if (dev == NULL)
				{
					snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
					return -1;
				}

				// Initialize the structure to 'zero'
				memset(dev, 0, sizeof(pcap_if_t) );

				// Create the new source identifier
				if (pcap_createsrcstr(tmpstring, PCAP_SRC_FILE, NULL, NULL, filename, errbuf) == -1)
					return -1;

				stringlen= strlen(tmpstring);

				dev->name= (char *) malloc(stringlen + 1);
				if (dev->name == NULL)
				{
					snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
					return -1;
				}

				strncpy(dev->name, tmpstring, stringlen);

				dev->name[stringlen]= 0;

				// Create the description
				snprintf(tmpstring, sizeof(tmpstring) - 1, "%s '%s' %s", PCAP_TEXT_SOURCE_FILE, 
					filename, PCAP_TEXT_SOURCE_ON_LOCAL_HOST);

				stringlen= strlen(tmpstring);

				dev->description= (char *) malloc(stringlen + 1);

				if (dev->description == NULL)
				{
					snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc() failed: %s", pcap_strerror(errno));
					return -1;
				}

				// Copy the new device description into the correct memory location
				strncpy(dev->description, tmpstring, stringlen + 1);

				pcap_close(fp);
			}
		}
#ifdef WIN32
		while (FindNextFile(filehandle, &filedata) != 0);
#else
		while ( (filedata= readdir(unixdir)) != NULL);
#endif


#ifdef WIN32
		// Close the search handle. 
		FindClose(filehandle);