packet32.pas

Magenta Systems Internet Packet Monitoring Components are a set of Delphi components designed to cap

Libpcap calls this functions and sets the buffer size to 1MB. Therefore programs
written using libpcap usually do not need to cope with this problem.
}


//------------------------------------------------------------------------------
// BOOLEAN PacketSetBpf(LPADAPTER AdapterObject, struct bpf_program *fp)
//------------------------------------------------------------------------------
PacketSetBpf: Function ( AdapterObject:Padapter;fp:Pbpf_program):Longbool; cdecl;

{This function associates a new BPF filter with the adapter AdapterObject.
The filter, pointed by fp, is a set of instructions that the BPF
register-machine of the driver will execute on each packet. Details can be
found into the chapter on the driver, or in [McCanne and Jacobson 1993].
This function returns TRUE if the driver is set successfully, FALSE if an
error occurs or if the filter program is not accepted. The driver performs a
check on every new filter in order to avoid system crashes due to bogus or
buggy programs, and it rejects the invalid filters.

If you need to create a filter, use the pcap_compile function of libpcap.
It converts a text filter with the syntax of WinDump (see the manual of
WinDump for more details) into a BPF program. If you don't want to use libpcap,
but you need to know the code of a filter, launch WinDump with the -d or -dd
or -ddd parameters.
}

//------------------------------------------------------------------------------
//  BOOLEAN PacketGetStats(LPADAPTER AdapterObject, struct bpf_stat *s)
//------------------------------------------------------------------------------
PacketGetStats: Function ( AdapterObject:Padapter;s: Pbpf_stat):Longbool; cdecl;

{With this function, the programmer can know the value of two internal variables
of the driver:

* the number of packets that have been received by the adapter AdapterObject,
  starting at the time in which it was opened.
* the number of packets received by the adapter but that have been dropped by
  the kernel. A packet is dropped when the application is not ready to get it
  and the buffer associated with the adapter is full.

The two values are copied by the driver in a bpf_stat structure (see section 3
of this manual) provided by the application. These values are very useful to
know the situation of the network and the behavior of the capture application.
They are also very useful to tune the capture stack and to choose the
dimension of the buffers. In fact:

a high value of the bs_recv variable means that there is a lot of traffic on the
network. If the application doesn抰 need all the packets (for example a monitor
application may want to capture only the traffic generated by a particular
protocol, or by a single host), it is better to set a selective BPF filter,
to minimize the number of packets that the application has to process. Since
the filter works at kernel level, an appropriate filter increases the
performances of the application and decreases the load on the system. In
this way a non interesting packet does not need to be transferred from kernel
to user space, avoiding the memory copy and the context switch between kernel
and user mode.
If bs_drop is greater than zero, the application is too slow and is loosing
packets. The programmer can try, as a first solution, to set a greater buffer
in the driver with the PacketSetBuff function. A proper dimension of the buffer
often decreases dramatically the packet loss. Another solution is to speed up
the capture process associating a bigger buffer with the PACKET structure used
in the PacketReceivePacket call (see the PacketInitPacket function). This
decreases the number of system calls, improving the speed.
If the application keeps on loosing packets, probably it should be rewritten or
optimized. The driver is already very fast, and probably it is better to modify
the application than the driver, where the main optimization that can be done
is the implementation of the word-alignment.
}

//------------------------------------------------------------------------------
// BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type)
//------------------------------------------------------------------------------
PacketGetNetType: Function (AdapterObject:Padapter; nettype:Pnet_Type):LongBool; cdecl;
{Returns the type of the adapter pointed by AdapterObject in a NetType structure.
The LinkType of the type paramter can be set to one of the following values:

NdisMedium802_3: Ethernet (802.3)
NdisMedium802_5: Token Ring (802.5)
NdisMediumFddi: FDDI
NdisMediumWan: WAN
NdisMediumLocalTalk: LocalTalk
NdisMediumDix: DIX
NdisMediumArcnetRaw: ARCNET (raw)
NdisMediumArcnet878_2: ARCNET (878.2)
NdisMediumWirelessWan: Various types of NdisWirelessXxx media.
The LinkSpeed field indicates the speed of the network in Bits per second.

The return value is TRUE if the operation is performed successfully.
}

//------------------------------------------------------------------------------
// BOOLEAN PacketGetNetType (LPADAPTER AdapterObject,NetType *type)
//------------------------------------------------------------------------------
PacketSetReadTimeout: Function (AdapterObject:Padapter;timeout:integer):boolean; cdecl;
{Sets the timeout value for the given adapter. }

//------------------------------------------------------------------------------
// PCHAR PacketGetDriverVersion  (    )   3.1 and later
//------------------------------------------------------------------------------
PacketGetDriverVersion: function: PChar ; cdecl;

{   Return a string with the version of the NPF.sys device driver.
Returns:
A char pointer to the version of the driver. }

//------------------------------------------------------------------------------
// PCHAR PacketGetVersion  (    )
//------------------------------------------------------------------------------
PacketGetVersion: function: PChar ; cdecl;

{   Return a string with the dll version.
Returns:
A char pointer to the version of the library. }

//------------------------------------------------------------------------------
// BOOLEAN PacketGetNetInfoEx  (  PCHAR  AdapterName,  npf_if_addr *  buffer,  PLONG  NEntries )
//------------------------------------------------------------------------------
PacketGetNetInfoEx: function (AdapterName: PChar; Buffer: Pnpf_if_addr;
                                             NEntries: PInteger): boolean ; cdecl ;
//PacketGetNetInfoEx: function (AdapterName: PChar; Buffer: PChar; NEntries: integer): boolean ; cdecl ;

{  Returns comprehensive information the addresses of an adapter.
Parameters:
 AdapterName  String that contains the name of the adapter.
 buffer  A user allocated array of npf_if_addr that will be filled by the function.
 NEntries  Size of the array (in npf_if_addr).

Returns:
If the function succeeds, the return value is nonzero.
This function grabs from the registry information like the IP addresses,
the netmasks and the broadcast addresses of an interface. The buffer passed
by the user is filled with npf_if_addr structures, each of which contains the
data for a single address. If the buffer is full, the reaming addresses are dropped,
therefore set its dimension to sizeof(npf_if_addr) if you want only the first address. }

//------------------------------------------------------------------------------
// BOOLEAN PacketSetMinToCopy  (  LPADAPTER  AdapterObject,  int  nbytes )
//------------------------------------------------------------------------------
PacketSetMinToCopy: function (AdapterObject: Padapter ; nbytes: integer): boolean ; cdecl ;

{   Defines the minimum amount of data that will be received in a read.

Parameters:
 AdapterObject  Pointer to an _ADAPTER structure
 nbytes  the minimum amount of data in the kernel buffer that will cause the driver
  to release a read on this adapter.

Returns:
If the function succeeds, the return value is nonzero.
In presence of a large value for nbytes, the kernel waits for the arrival of several
packets before copying the data to the user. This guarantees a low number of system
calls, i.e. lower processor usage, i.e. better performance, which is a good setting
for applications like sniffers. Vice versa, a small value means that the kernel will
copy the packets as soon as the application is ready to receive them. This is suggested
for real time applications (like, for example, a bridge) that need the better
responsiveness from the kernel.
note: this function has effect only in Windows NTx. The driver for Windows 9x doesn't
offer this possibility, therefore PacketSetMinToCopy is implemented under these systems
only for compatibility. }


//------------------------------------------------------------------------------
// INT PacketSetSnapLen  (  LPADAPTER  AdapterObject,  int  snaplen ) 3.1 and later
//------------------------------------------------------------------------------
PacketSetSnapLen: function (AdapterObject: Padapter ; snaplen: integer): integer ; cdecl ;

{  Sets the snap len on the adapters that allow it.
 Parameters:
 AdapterObject  Pointer to an _ADAPTER structure.
 snaplen  Desired snap len for this capture.

Returns:
If the function succeeds, the return value is nonzero and specifies the actual snaplen
that the card is using. If the function fails or if the card does't allow to set snap
length, the return value is 0.
The snap len is the amount of packet that is actually captured by the interface and
received by the application. Some interfaces allow to capture only a portion of any
packet for performance reasons.

Note:
: the return value can be different from the snaplen parameter, for example some
boards round the snaplen to 4 bytes. }

//------------------------------------------------------------------------------

var
    PacketDllModule: THandle;
    function LoadPacketDll: Boolean;

implementation

function LoadPacketDll: Boolean;
begin
    Result := True;
    if PacketDllModule <> 0 then Exit;

// open DLL
    PacketDllModule := LoadLibrary (DLL);
    if PacketDllModule = 0 then
    begin
        Result := false;
        exit ;
    end ;
    PacketGetAdapterNames := GetProcAddress (PacketDllModule, 'PacketGetAdapterNames') ;
    PacketOpenAdapter := GetProcAddress (PacketDllModule, 'PacketOpenAdapter') ;
    PacketCloseAdapter := GetProcAddress (PacketDllModule, 'PacketCloseAdapter') ;
    PacketAllocatePacket := GetProcAddress (PacketDllModule, 'PacketAllocatePacket') ;
    PacketInitPacket := GetProcAddress (PacketDllModule, 'PacketInitPacket') ;
    PacketFreePacket := GetProcAddress (PacketDllModule, 'PacketFreePacket') ;
    PacketReceivePacket := GetProcAddress (PacketDllModule, 'PacketReceivePacket') ;
    PacketWaitPacket := GetProcAddress (PacketDllModule, 'PacketWaitPacket') ;
    PacketSendPacket := GetProcAddress (PacketDllModule, 'PacketSendPacket') ;
    PacketResetAdapter := GetProcAddress (PacketDllModule, 'PacketResetAdapter') ;
    PacketSetHwFilter := GetProcAddress (PacketDllModule, 'PacketSetHwFilter') ;
    PacketRequest := GetProcAddress (PacketDllModule, 'PacketRequest') ;
    PacketSetBuff := GetProcAddress (PacketDllModule, 'PacketSetBuff') ;
    PacketSetBpf := GetProcAddress (PacketDllModule, 'PacketSetBpf') ;
    PacketGetStats := GetProcAddress (PacketDllModule, 'PacketGetStats') ;
    PacketGetNetType := GetProcAddress (PacketDllModule, 'PacketGetNetType') ;
    PacketSetReadTimeout := GetProcAddress (PacketDllModule, 'PacketSetReadTimeout') ;
    PacketGetVersion := GetProcAddress (PacketDllModule, 'PacketGetVersion') ;
    PacketGetNetInfoEx := GetProcAddress (PacketDllModule, 'PacketGetNetInfoEx') ;
    PacketSetMinToCopy := GetProcAddress (PacketDllModule, 'PacketSetMinToCopy') ;
    PacketGetDriverVersion := GetProcAddress (PacketDllModule, 'PacketGetDriverVersion') ;  // 3.1 and later
    PacketSetSnapLen := GetProcAddress (PacketDllModule, 'PacketSetSnapLen') ;              // 3.1 and later
end;

initialization
    PacketDllModule := 0 ;
finalization
    if PacketDllModule <> 0 then
    begin
        FreeLibrary (PacketDllModule) ;
        PacketDllModule := 0 ;
    end ;
end.