| | 1 | /* |
| | 2 | The software in this package is distributed under the GNU General |
| | 3 | Public License version 2 (with a special exception described below). |
| | 4 | |
| | 5 | A copy of GNU General Public License (GPL) is included in this distribution, |
| | 6 | in the file COPYING.GPL. |
| | 7 | |
| | 8 | As a special exception, if other files instantiate templates or use macros |
| | 9 | or inline functions from this file, or you compile this file and link it |
| | 10 | with other works to produce a work based on this file, this file |
| | 11 | does not by itself cause the resulting work to be covered |
| | 12 | by the GNU General Public License. |
| | 13 | |
| | 14 | However the source code for this file must still be made available |
| | 15 | in accordance with section (3) of the GNU General Public License. |
| | 16 | |
| | 17 | This exception does not invalidate any other reasons why a work based |
| | 18 | on this file might be covered by the GNU General Public License. |
| | 19 | |
| | 20 | Christian Herdtweck, Intra2net AG 2015 |
| | 21 | */ |
| | 22 | |
| | 23 | #ifndef PCAP_H |
| | 24 | #define PCAP_H |
| | 25 | |
| | 26 | #include <stdint.h> |
| | 27 | #include <iostream> |
| | 28 | #include <ctime> |
| | 29 | |
| | 30 | #pragma pack(push, 1) // exact fit -- no padding of data in structs |
| | 31 | |
| | 32 | // pcap header for dumping of packet data |
| | 33 | // (http://wiki.wireshark.org/Development/LibpcapFileFormat) |
| | 34 | typedef struct pcapfile_hdr_s { |
| | 35 | uint32_t magic_number; /* magic number */ |
| | 36 | uint16_t version_major; /* major version number */ |
| | 37 | uint16_t version_minor; /* minor version number */ |
| | 38 | int32_t thiszone; /* GMT to local correction */ |
| | 39 | uint32_t sigfigs; /* accuracy of timestamps */ |
| | 40 | uint32_t snaplen; /* max length of captured packets, in octets */ |
| | 41 | uint32_t network; /* data link type */ |
| | 42 | } pcapfile_hdr_t; |
| | 43 | |
| | 44 | typedef struct pcaprec_hdr_s { |
| | 45 | uint32_t ts_sec; /* timestamp seconds */ |
| | 46 | uint32_t ts_usec; /* timestamp microseconds */ |
| | 47 | uint32_t incl_len; /* number of octets of packet saved in file */ |
| | 48 | uint32_t orig_len; /* actual length of packet */ |
| | 49 | } pcaprec_hdr_t; |
| | 50 | |
| | 51 | // not used here but in feed_packet_data and want to keep things together |
| | 52 | // this structure is contained in packet data if pcapfile_hdr_t.network is 1 |
| | 53 | // adapted from http://www.tcpdump.org/pcap.html |
| | 54 | typedef struct pcapeth_hdr_s { |
| | 55 | uint8_t source_mac_address[6]; |
| | 56 | uint8_t destination_mac_address[6]; |
| | 57 | uint16_t ether_type; |
| | 58 | } pcapeth_hdr_t; |
| | 59 | |
| | 60 | // pcap file header is 5 x uint32 + 2 x uint16 --> 24 bytes |
| | 61 | const std::streamsize pcap_file_header_size = sizeof(pcapfile_hdr_t); |
| | 62 | |
| | 63 | // pcap file header is 4 x uint32 --> 16 bytes |
| | 64 | const std::streamsize pcap_packet_header_size = sizeof(pcaprec_hdr_t); |
| | 65 | |
| | 66 | // pcap ethernet header is 2 x 6 byte + 2 byte --> 14 bytes |
| | 67 | const std::streamsize pcap_ethernet_header_size = sizeof(pcapeth_hdr_t); |
| | 68 | |
| | 69 | void write_pcap_packet_data(const std::string &data, |
| | 70 | std::ostream &os, |
| | 71 | const time_t &capture_time); |
| | 72 | |
| | 73 | bool check_for_pcap_header(std::istream &input_stream); |
| | 74 | uint32_t consume_pcap_file_header(std::istream &input_stream); |
| | 75 | void consume_pcap_packet_header(std::istream &input_stream); |
| | 76 | void consume_pcap_ethernet_header(std::istream &input_stream); |
| | 77 | //void consume_pcap_padding_zeros(std::istream &input_stream); |
| | 78 | // --> see feed_packet_data.cpp |
| | 79 | |
| | 80 | // returns true if is is pcap, false otherwise |
| | 81 | bool consume_single_packet_pcap(std::istream &input_stream); |
| | 82 | |
| | 83 | #pragma pack(pop) // restore old value |
| | 84 | |
| | 85 | #endif |
| | 86 | |
git://developer.intra2net.com / pingcheck / blame_incremental