int pcap_wsockinit() { return wsockinit(); }
int main(int argc, char **argv) { char *cp; int op; int dflag; char *infile; int Oflag; long snaplen; int dlt; bpf_u_int32 netmask = PCAP_NETMASK_UNKNOWN; char *cmdbuf; pcap_t *pd; struct bpf_program fcode; #ifdef WIN32 if(wsockinit() != 0) return 1; #endif /* WIN32 */ dflag = 1; infile = NULL; Oflag = 1; snaplen = 68; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; else program_name = argv[0]; opterr = 0; while ((op = getopt(argc, argv, "dF:m:Os:")) != -1) { switch (op) { case 'd': ++dflag; break; case 'F': infile = optarg; break; case 'O': Oflag = 0; break; case 'm': { in_addr_t addr; addr = inet_addr(optarg); if (addr == INADDR_NONE) error("invalid netmask %s", optarg); netmask = addr; break; } case 's': { char *end; snaplen = strtol(optarg, &end, 0); if (optarg == end || *end != '\0' || snaplen < 0 || snaplen > 65535) error("invalid snaplen %s", optarg); else if (snaplen == 0) snaplen = 65535; break; } default: usage(); /* NOTREACHED */ } } if (optind >= argc) { usage(); /* NOTREACHED */ } dlt = pcap_datalink_name_to_val(argv[optind]); if (dlt < 0) error("invalid data link type %s", argv[optind]); if (infile) cmdbuf = read_infile(infile); else cmdbuf = copy_argv(&argv[optind+1]); pd = pcap_open_dead(dlt, snaplen); if (pd == NULL) error("Can't open fake pcap_t"); if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) error("%s", pcap_geterr(pd)); if (!bpf_validate(fcode.bf_insns, fcode.bf_len)) warn("Filter doesn't pass validation"); bpf_dump(&fcode, dflag); pcap_close(pd); exit(0); }
pcap_t * pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *ebuf) { register pcap_t *p; NetType type; #ifdef REMOTE /* Retrofit; we have to make older applications compatible with the remote capture So, we're calling the pcap_open_remote() from here, that is a very dirty thing. Obviously, we cannot exploit all the new features; for instance, we cannot send authentication, we cannot use a UDP data connection, and so on. */ char host[PCAP_BUF_SIZE + 1]; char port[PCAP_BUF_SIZE + 1]; char name[PCAP_BUF_SIZE + 1]; int srctype; if (pcap_parsesrcstr(device, &srctype, host, port, name, ebuf) ) return NULL; if (srctype == PCAP_SRC_IFREMOTE) { p= pcap_opensource_remote(device, NULL, ebuf); if (p == NULL) return NULL; p->snapshot= snaplen; p->timeout= to_ms; p->rmt_flags= (promisc) ? PCAP_OPENFLAG_PROMISCUOUS : 0; return p; } #endif /* Init WinSock */ wsockinit(); p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); return (NULL); } memset(p, 0, sizeof(*p)); p->adapter=NULL; p->adapter=PacketOpenAdapter(device); if (p->adapter==NULL) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "Error opening adapter: %s", pcap_win32strerror()); return NULL; } /*get network type*/ if(PacketGetNetType (p->adapter,&type)==FALSE) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "Cannot determine the network type: %s", pcap_win32strerror()); goto bad; } /*Set the linktype*/ switch (type.LinkType) { case NdisMediumWan: p->linktype = DLT_EN10MB; break; case NdisMedium802_3: p->linktype = DLT_EN10MB; break; case NdisMediumFddi: p->linktype = DLT_FDDI; break; case NdisMedium802_5: p->linktype = DLT_IEEE802; break; case NdisMediumArcnetRaw: p->linktype = DLT_ARCNET; break; case NdisMediumArcnet878_2: p->linktype = DLT_ARCNET; break; case NdisMediumAtm: p->linktype = DLT_ATM_RFC1483; break; default: p->linktype = DLT_EN10MB; /*an unknown adapter is assumed to be ethernet*/ break; } /* Set promisquous mode */ if (promisc) PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_PROMISCUOUS); else PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_ALL_LOCAL); /* Set the buffer size */ p->bufsize = PcapBufSize; p->buffer = (u_char *)malloc(PcapBufSize); if (p->buffer == NULL) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); goto bad; } p->snapshot = snaplen; /* allocate Packet structure used during the capture */ if((p->Packet = PacketAllocatePacket())==NULL){ snprintf(ebuf, PCAP_ERRBUF_SIZE, "failed to allocate the PACKET structure"); goto bad; } PacketInitPacket(p->Packet,(BYTE*)p->buffer,p->bufsize); /* allocate the standard buffer in the driver */ if(PacketSetBuff( p->adapter, SIZE_BUF)==FALSE) { snprintf(ebuf, PCAP_ERRBUF_SIZE,"driver error: not enough memory to allocate the kernel buffer\n"); goto bad; } /* tell the driver to copy the buffer only if it contains at least 16K */ if(PacketSetMinToCopy(p->adapter,16000)==FALSE) { snprintf(ebuf, PCAP_ERRBUF_SIZE,"Error calling PacketSetMinToCopy: %s\n", pcap_win32strerror()); goto bad; } PacketSetReadTimeout(p->adapter, to_ms); return (p); bad: if (p->adapter) PacketCloseAdapter(p->adapter); if (p->buffer != NULL) free(p->buffer); free(p); return (NULL); }