u_libpcapsniffer.pas

linux program to read packet data

(*
 * One Way Network Sniffer (OWNS)
 * Copyright (C) 2001-2002 OWNS
 *
 * http://owns.sourceforge.net/
 * http://www.owns.st
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *)

(* $Id: u_LibpCapSniffer.pas,v 1.6 2002/11/23 21:49:50 owns Exp $ *)

unit u_LibpCapSniffer;

interface
uses sysutils,classes,
     u_LibpCap,
     u_Sniffer,u_Debug;

type
  TSnifferThread = class;

  TLibpCapSniffer = class(TSniffer)
  private
    FAdapter      : pcap_t;
    FThread       : TSnifferThread;
    FAdaptersDesc : TStrings;
    FBpfFilter    : String;
    procedure threadTerminated(Sender: TObject);
  public
    constructor create; override;
    destructor Destroy; override;
    class function isAvailable : boolean; override;
    function getAdapters(var ErrStr : String) : boolean; override;
    function Activate(var ErrStr: string) : Boolean; override;
    function Deactivate(var ErrStr: string): boolean; override;
    property AdaptersDesc : TStrings read FadaptersDesc;
    property bpfFilter : String read FBpfFilter write FBpfFilter;
  end;

  TSnifferThread = class(TThread)
  private
    FParent: TLibpCapSniffer;
    FAdapter: Pointer;
  protected
  public
    constructor Create(p_Parent : TLibpCapSniffer; p_Adapter : Pointer);
    destructor Destroy; override;
    procedure Execute; override;
    procedure PacketReceived(const pkt_data : PChar; const header : Ppcap_pkthdr);
  end;

procedure dispatcher_handler(parameter : pointer; const header : Ppcap_pkthdr; const pkt_data : Pchar);cdecl

implementation

constructor TLibpCapSniffer.create;
begin
  inherited Create;
  FAdaptersDesc := nil;
  FBpfFilter := ''; //'dst host 192.168.1.1';
  FMode := live;
  FAdaptersDesc := TStringList.create;
end;


destructor TLibpCapSniffer.Destroy;
begin
  FAdaptersDesc.Free;
  FAdaptersDesc := nil;
  inherited Destroy;
end;

// get the names of the adapters and descriptions (more human readable)
function TLibpCapSniffer.getAdapters(var ErrStr : String) : boolean;
var
  l_adapters  : PChar;
  alldevs     : Ppcap_if;
  currentDev  : Ppcap_if;
begin
  result := false;
  // if description is not available, description is the same as the name
  if (@pcap_findalldevs = nil) then
  begin
    // pcap_findalldevs was not available in previous versions of winpcap (2.3)
    l_adapters := pcap_lookupdev(@errbuf);
    FAdapters := getAdaptersNames(l_Adapters);

    FAdaptersDesc.Assign(FAdapters);
  end
  else
  begin
    // pcap_findalldevs is deprecated with new versions of winpcap (3.0 alpha)
    if (pcap_findalldevs(@alldevs,@errbuf) <> 0) then
    begin
      // cannot get device names
      errStr := getLibpcapLastError();
      exit;
    end;

    currentDev := alldevs;
    while (currentDev <> nil) do
    begin
      // there are some trailing spaces in both name and description (not the case when we use pcap_lookupdev)
      FAdapters.Add(trim(currentDev.name));

      if (currentDev.description <> nil) then
        FAdaptersDesc.Add(trim(currentDev.description))
      else
        FAdaptersDesc.Add(trim(currentDev.name));
      currentDev := currentDev.next;
    end;
    pcap_freealldevs(alldevs);
  end;
  result := true;
end;


// commence