remote_code.patch

Windows XP下的抓包程序实现

+#ifdef HAVE_REMOTE
+#include <pcap-remote.h>
+#endif
+
 /*
  * If PF_PACKET is defined, we can use {SOCK_RAW,SOCK_DGRAM}/PF_PACKET
  * sockets rather than SOCK_PACKET sockets.
@@ -243,6 +247,37 @@
 	int		live_open_ok = 0;
 	struct utsname	utsname;
 
+#ifdef HAVE_REMOTE
+	/*
+		Retrofit; we have to make older applications compatible with the remote capture
+		So, we're calling the pcap_open_remote() from here, that is a very dirty thing.
+		Obviously, we cannot exploit all the new features; for instance, we cannot
+		send authentication, we cannot use a UDP data connection, and so on.
+	*/
+
+	char host[PCAP_BUF_SIZE + 1];
+	char port[PCAP_BUF_SIZE + 1];
+	char name[PCAP_BUF_SIZE + 1];
+	int srctype;
+
+	if (pcap_parsesrcstr(device, &srctype, host, port, name, ebuf) )
+		return NULL;
+
+	if (srctype == PCAP_SRC_IFREMOTE)
+	{
+		handle= pcap_opensource_remote(device, NULL, ebuf);
+
+		if (handle == NULL) 
+			return NULL;
+
+		handle->snapshot= snaplen;
+		handle->md.timeout= to_ms;
+		handle->rmt_flags= (promisc) ? PCAP_OPENFLAG_PROMISCUOUS : 0;
+
+		return handle;
+	}
+#endif		/* HAVE_REMOTE */
+
 #ifdef HAVE_DAG_API
 	if (strstr(device, "dag")) {
 		return dag_open_live(device, snaplen, promisc, to_ms, ebuf);
diff -urb libpcap-2006.04.17/pcap-win32.c libpcap/pcap-win32.c
--- libpcap-2006.04.17/pcap-win32.c	2006-02-22 09:08:31.000000000 -0800
+++ libpcap/pcap-win32.c	2006-04-20 20:35:58.421875000 -0700
@@ -48,6 +48,10 @@
 #define errno (*_errno())
 #endif /* __MINGW32__ */
 
+#ifdef HAVE_REMOTE
+#include <pcap-remote.h>
+#endif	/* HAVE_REMOTE */
+
 static int pcap_setfilter_win32_npf(pcap_t *, struct bpf_program *);
 static int pcap_setfilter_win32_dag(pcap_t *, struct bpf_program *);
 static int pcap_getnonblock_win32(pcap_t *, char *);
@@ -107,6 +111,11 @@
 	int n = 0;
 	register u_char *bp, *ep;
 
+#ifdef HAVE_REMOTE
+	static int samp_npkt;				// parameter needed for sampling, with '1 out of N' method has been requested
+	static struct timeval samp_time;	// parameter needed for sampling, with '1 every N ms' method has been requested
+#endif	/* HAVE_REMOTE */
+
 	cc = p->cc;
 	if (p->cc == 0) {
 		/*
@@ -168,6 +177,42 @@
 		caplen = bhp->bh_caplen;
 		hdrlen = bhp->bh_hdrlen;
 
+#ifdef HAVE_REMOTE
+		if (p->rmt_samp.method == PCAP_SAMP_1_EVERY_N)
+		{
+			samp_npkt= (samp_npkt + 1) % p->rmt_samp.value;
+
+			// Discard all packets that are not '1 out of N'
+			if (samp_npkt != 0)
+			{
+				bp += BPF_WORDALIGN(caplen + hdrlen);
+				continue;
+			}
+		}
+
+		if (p->rmt_samp.method == PCAP_SAMP_FIRST_AFTER_N_MS)
+		{
+		struct pcap_pkthdr *pkt_header= (struct pcap_pkthdr*) bp;
+
+			// Check if the timestamp of the arrived packet is smaller than our target time
+			if ( (pkt_header->ts.tv_sec < samp_time.tv_sec) ||
+					( (pkt_header->ts.tv_sec == samp_time.tv_sec) && (pkt_header->ts.tv_usec < samp_time.tv_usec) ) )
+			{
+				bp += BPF_WORDALIGN(caplen + hdrlen);
+				continue;
+			}
+
+			// The arrived packet is suitable for being sent to the remote host
+			// So, let's update the target time
+			samp_time.tv_usec= pkt_header->ts.tv_usec + p->rmt_samp.value * 1000;
+			if (samp_time.tv_usec > 1000000)
+			{
+				samp_time.tv_sec= pkt_header->ts.tv_sec + samp_time.tv_usec / 1000000;
+				samp_time.tv_usec= samp_time.tv_usec % 1000000;
+			}
+		}
+#endif	/* HAVE_REMOTE */
+
 		/*
 		 * XXX A bpf_hdr matches a pcap_pkthdr.
 		 */
@@ -396,6 +441,36 @@
 	register pcap_t *p;
 	NetType type;
 
+#ifdef HAVE_REMOTE
+	char host[PCAP_BUF_SIZE + 1];
+	char port[PCAP_BUF_SIZE + 1];
+	char name[PCAP_BUF_SIZE + 1];
+	int srctype;
+
+	/*
+		Retrofit; we have to make older applications compatible with the remote capture
+		So, we're calling the pcap_open_remote() from here, that is a very dirty thing.
+		Obviously, we cannot exploit all the new features; for instance, we cannot
+		send authentication, we cannot use a UDP data connection, and so on.
+	*/
+	if (pcap_parsesrcstr(device, &srctype, host, port, name, ebuf) )
+		return NULL;
+
+	if (srctype == PCAP_SRC_IFREMOTE)
+	{
+		p= pcap_opensource_remote(device, NULL, ebuf);
+
+		if (p == NULL) 
+			return NULL;
+
+		p->snapshot= snaplen;
+		p->timeout= to_ms;
+		p->rmt_flags= (promisc) ? PCAP_OPENFLAG_PROMISCUOUS : 0;
+
+		return p;
+	}
+#endif	/* HAVE_REMOTE */
+
 	/* Init WinSock */
 	wsockinit();
 
@@ -743,6 +818,14 @@
 int 
 pcap_setbuff(pcap_t *p, int dim)
 {
+#ifdef HAVE_REMOTE
+	if (p->rmt_clientside)
+	{
+		/* Currently, this is a bug: the capture buffer cannot be set with remote capture */
+		return 0;
+	}
+#endif	/* HAVE_REMOTE */
+
 	if (p->adapter==NULL)
 	{
 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "The kernel buffer size cannot be set while reading from a file");
diff -urb libpcap-2006.04.17/pcap.c libpcap/pcap.c
--- libpcap-2006.04.17/pcap.c	2006-01-22 12:11:26.000000000 -0800
+++ libpcap/pcap.c	2006-04-20 20:37:59.187500000 -0700
@@ -70,10 +70,28 @@
 #include <dagapi.h>
 #endif
 
+#ifdef HAVE_REMOTE
+#include <pcap-remote.h>
+#endif
+
 int
 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 {
 
+#ifdef HAVE_REMOTE
+	/* Checks the capture type */
+	if (p->rmt_clientside)
+	{
+		/* We are on an remote capture */
+		if (!p->rmt_capstarted)
+		{
+			// if the capture has not started yet, please start it
+			if (pcap_startcapture_remote(p) )
+				return -1;
+		}
+	}
+#endif /* HAVE_REMOTE */
+
 	return p->read_op(p, cnt, callback, user);
 }
 
@@ -92,6 +110,20 @@
 {
 	register int n;
 
+#ifdef HAVE_REMOTE
+	/* Checks the capture type */
+	if (p->rmt_clientside)
+	{
+		/* We are on an remote capture */
+		if (!p->rmt_capstarted)
+		{
+			// if the capture has not started yet, please start it
+			if (pcap_startcapture_remote(p) )
+				return -1;
+		}
+	}
+#endif /* HAVE_REMOTE */
+
 	for (;;) {
 		if (p->sf.rfile != NULL) {
 			/*
@@ -169,6 +201,22 @@
 	/* Saves a pointer to the packet headers */
 	*pkt_header= &p->pcap_header;
 
+#ifdef HAVE_REMOTE
+	/* Checks the capture type */
+	if (p->rmt_clientside)
+	{
+		/* We are on an remote capture */
+		if (!p->rmt_capstarted)
+		{
+			// if the capture has not started yet, please start it
+			if (pcap_startcapture_remote(p) )
+				return -1;
+		}
+
+		return pcap_read_nocb_remote(p, pkt_header, (u_char **) pkt_data);
+	}
+#endif /* HAVE_REMOTE */
+
 	if (p->sf.rfile != NULL) {
 		int status;
 
@@ -538,6 +586,11 @@
 int
 pcap_fileno(pcap_t *p)
 {
+#ifdef HAVE_REMOTE
+	if (p->rmt_clientside)
+		return(p->rmt_sockdata);
+#endif /* HAVE_REMOTE */
+
 #ifndef WIN32
 	return (p->fd);
 #else
diff -urb libpcap-2006.04.17/pcap.h libpcap/pcap.h
--- libpcap-2006.04.17/pcap.h	2006-02-09 14:26:12.000000000 -0800
+++ libpcap/pcap.h	2006-04-20 20:35:58.453125000 -0700
@@ -53,6 +53,19 @@
 
 #include <stdio.h>
 
+#ifdef HAVE_REMOTE
+	// We have to define the SOCKET here, although it has been defined in sockutils.h
+	// This is to avoid the distribution of the 'sockutils.h' file around
+	// (for example in the WinPcap developer's pack)
+	#ifndef SOCKET
+		#ifdef WIN32
+			#define SOCKET unsigned int
+		#else
+			#define SOCKET int
+		#endif
+	#endif
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -151,9 +164,11 @@
 	u_int ps_recv;		/* number of packets received */
 	u_int ps_drop;		/* number of packets dropped */
 	u_int ps_ifdrop;	/* drops by interface XXX not yet supported */
-#ifdef WIN32
-	u_int bs_capt;		/* number of packets that reach the application */
-#endif /* WIN32 */
+#ifdef HAVE_REMOTE
+	u_int ps_capt;		/* number of packets that are received by the application; please get rid off the Win32 ifdef */
+	u_int ps_sent;		/* number of packets sent by the server on the network */
+	u_int ps_netdrop;	/* number of packets lost on the network */
+#endif /* HAVE_REMOTE */
 };
 
 #ifdef MSDOS
@@ -317,6 +332,11 @@
 
 #endif /* WIN32/MSDOS/UN*X */
 
+#ifdef HAVE_REMOTE
+/* Includes most of the public stuff that is needed for the remote capture */
+#include "remote-ext.h"
+#endif	 /* HAVE_REMOTE */
+
 #ifdef __cplusplus
 }
 #endif
diff -urb libpcap-2006.04.17/savefile.c libpcap/savefile.c
--- libpcap-2006.04.17/savefile.c	2005-12-13 05:41:39.000000000 -0800
+++ libpcap/savefile.c	2006-04-20 20:35:58.468750000 -0700
@@ -1130,6 +1130,11 @@
 	int status = 0;
 	int n = 0;
 
+#ifdef HAVE_REMOTE
+	static int samp_npkt;				// parameter needed for sampling, whtn '1 out of N' method has been requested
+	static struct timeval samp_time;	// parameter needed for sampling, whtn '1 every N ms' method has been requested
+#endif /* HAVE_REMOTE */
+
 	while (status == 0) {
 		struct pcap_pkthdr h;
 
@@ -1159,6 +1164,36 @@
 
 		if ((fcode = p->fcode.bf_insns) == NULL ||
 		    bpf_filter(fcode, p->buffer, h.len, h.caplen)) {
+
+#ifdef HAVE_REMOTE
+			if (p->rmt_samp.method == PCAP_SAMP_1_EVERY_N)
+			{
+				samp_npkt= (samp_npkt + 1) % p->rmt_samp.value;
+
+				// Discard all packets that are not '1 out of N'
+				if (samp_npkt != 0)
+					continue;
+			}
+
+			if (p->rmt_samp.method == PCAP_SAMP_FIRST_AFTER_N_MS)
+			{
+				// Check if the timestamp of the arrived packet is smaller than our target time
+				if ( (h.ts.tv_sec < samp_time.tv_sec) ||
+						( (h.ts.tv_sec == samp_time.tv_sec) && (h.ts.tv_usec < samp_time.tv_usec) ) )
+					continue;
+
+				// The arrived packet is suitable for being sent to the remote host
+				// So, let's update the target time
+				samp_time.tv_usec= h.ts.tv_usec + p->rmt_samp.value * 1000;
+				if (samp_time.tv_usec > 1000000)
+				{
+					samp_time.tv_sec= h.ts.tv_sec + samp_time.tv_usec / 1000000;
+					samp_time.tv_usec= samp_time.tv_usec % 1000000;
+				}
+
+			}
+#endif /* HAVE_REMOTE */
+
 			(*callback)(user, &h, p->buffer);
 			if (++n >= cnt && cnt > 0)
 				break;