ngrep: ngrep.h | Fossies

"Fossies" - the Fresh Open Source Software Archive

Member "ngrep-1_47/ngrep.h" (7 Sep 2017, 4789 Bytes) of package /linux/misc/ngrep-1_47.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "ngrep.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes reports:

1_45_vs_1_47 or

1_46_1_vs_1_47.

1 /* 2 * Copyright (c) 2017 Jordan Ritter <jpr5@darkridge.com> 3 * 4 * Please refer to the LICENSE file for more information. 5 * 6 */ 7 8 #define VERSION "1.47.1-git" 9 10 /* 11 * We cache the standard frame sizes here to save us time and 12 * additional dependencies on more operating system include files. 13 */ 14 15 #define ETHHDR_SIZE 14 16 #define TOKENRING_SIZE 22 17 #define PPPHDR_SIZE 4 18 #define SLIPHDR_SIZE 16 19 #define RAWHDR_SIZE 0 20 #define LOOPHDR_SIZE 4 21 #define FDDIHDR_SIZE 21 22 #define ISDNHDR_SIZE 16 23 #define IEEE80211HDR_SIZE 32 24 #define PFLOGHDR_SIZE 48 25 #define VLANHDR_SIZE 4 26 #define IPNETHDR_SIZE 24 27 28 #ifndef ETHERTYPE_IP 29 #define ETHERTYPE_IP 0x0800 30 #endif 31 #ifndef ETHERTYPE_IPV6 32 #define ETHERTYPE_IPV6 0x86dd 33 #endif 34 35 #define EXTRACT_16BITS(p) \ 36 ((uint16_t)((uint16_t)*((const uint8_t *)(p) + 0) << 8 | \ 37 (uint16_t)*((const uint8_t *)(p) + 1))) 38 39 #define _atoui32(p) \ 40 ((uint32_t)strtoul((p), (char **)NULL, 10)) 41 42 /* 43 * Default patterns for BPF and regular expression filters. 44 * 45 * When targeting IP frames with a BPF filter, optionally-present VLAN frames 46 * will be excluded by default, thus any IP traffic on a VLAN'd network is 47 * invisible to ngrep by default. This requires the user to specify "vlan" 48 * every time they are on a VLAN'd network, which gets irritating fast. 49 * 50 * In turn, this leads to a surprising behavior when working with pcap dump 51 * files created from a "vlan" filter: reading and re-processing them requires 52 * the same "vlan" filter to be specified, otherwise the traffic will be 53 * invisible. IOW, when the dump reader is targeting IP traffic in the dump but 54 * doesn't know (or remember) the "vlan" filter was specified, they will see 55 * nothing -- and mistakenly blame ngrep. 56 * 57 * While the behavior is technically consistent, to the user it can be 58 * surprising, confusing, and therefore Dumb As Shit. For convenience' sake, we 59 * fix this for them by including VLAN (optionally) back into the stream 60 * targeting IP traffic, and compensating for the variable offset in the packet 61 * decoder. 62 */ 63 64 #if USE_IPv6 65 #define BPF_FILTER_IP_TYPE "(ip || ip6)" 66 #else 67 #define BPF_FILTER_IP_TYPE "(ip)" 68 #endif 69 70 #define BPF_TEMPLATE_IP BPF_FILTER_IP_TYPE 71 #define BPF_TEMPLATE_IP_VLAN "(" BPF_FILTER_IP_TYPE " || (vlan && " BPF_FILTER_IP_TYPE "))" 72 #define BPF_TEMPLATE_USERSPEC_IP "( %s) and " BPF_TEMPLATE_IP 73 #define BPF_TEMPLATE_USERSPEC_IP_VLAN "( %s) and " BPF_TEMPLATE_IP_VLAN 74 75 #define WORD_REGEX "((^%s\\W)|(\\W%s$)|(\\W%s\\W))" 76 77 /* 78 * For retarded operating systems like Solaris that don't have this, 79 * when everyone else does. Good job, Sun! 80 */ 81 82 #ifndef IP_OFFMASK 83 #define IP_OFFMASK 0x1fff 84 #endif 85 86 /* 87 * "Newer" flags that older operating systems don't yet recognize. 88 */ 89 90 #ifndef TH_ECE 91 #define TH_ECE 0x40 92 #endif 93 94 #ifndef TH_CWR 95 #define TH_CWR 0x80 96 #endif 97 98 99 /* 100 * Single-char packet "ident" flags. 101 */ 102 103 typedef enum { 104 TCP = 'T', UDP = 'U', ICMP = 'I', ICMPv6 = 'I', IGMP = 'G', UNKNOWN = '?' 105 } netident_t; 106 107 /* 108 * Prototypes function signatures. 109 */ 110 111 int setup_pcap_source(void); 112 int setup_bpf_filter(char **); 113 int setup_matcher(void); 114 115 void process(u_char *, struct pcap_pkthdr *, u_char *); 116 117 void version(void); 118 void usage(); 119 void update_windowsize(int32_t); 120 void clean_exit(int32_t); 121 122 void dump_packet(struct pcap_pkthdr *, u_char *, uint8_t, unsigned char *, uint32_t, 123 const char *, const char *, uint16_t, uint16_t, uint8_t, 124 uint16_t, uint8_t, uint16_t, uint32_t); 125 126 void dump_unwrapped(unsigned char *, uint32_t, uint16_t, uint16_t); 127 void dump_formatted(unsigned char *, uint32_t, uint16_t, uint16_t); 128 void dump_byline (unsigned char *, uint32_t, uint16_t, uint16_t); 129 130 void dump_delay_proc_init(struct pcap_pkthdr *); 131 void dump_delay_proc (struct pcap_pkthdr *); 132 133 int8_t re_match_func (unsigned char *, uint32_t, uint16_t *, uint16_t *); 134 int8_t bin_match_func (unsigned char *, uint32_t, uint16_t *, uint16_t *); 135 int8_t blank_match_func(unsigned char *, uint32_t, uint16_t *, uint16_t *); 136 137 void print_time_absolute(struct pcap_pkthdr *); 138 void print_time_diff (struct pcap_pkthdr *); 139 void print_time_offset (struct pcap_pkthdr *); 140 141 char *get_filter_from_string(char *); 142 char *get_filter_from_argv (char **); 143 144 uint8_t strishex(char *); 145 146 #if !defined(_WIN32) 147 void drop_privs(void); 148 #endif 149 150 #if defined(_WIN32) 151 int8_t win32_initwinsock(void); 152 void win32_listdevices(void); 153 char *win32_usedevice(const char *); 154 char *win32_choosedevice(void); 155 #endif 156 157 158 struct NGREP_rtaphdr_t { 159 uint8_t it_version; 160 uint8_t it_pad; 161 uint16_t it_len; 162 uint32_t it_present; 163 }; 164 165 166 /* 167 * ANSI color/hilite stuff. 168 */ 169 170 const char ANSI_red[] = "\33[01;31m"; 171 const char ANSI_bold[] = "\33[01m"; 172 173 const char *ANSI_hilite = ANSI_red; 174 const char ANSI_off[] = "\33[00m";