1 #ifndef ETTERCAP_PACKET_H 2 #define ETTERCAP_PACKET_H 3 4 #include <ec_proto.h> 5 #include <ec_profiles.h> 6 #include <ec_fingerprint.h> 7 #include <ec_inet.h> 8 #include <ec_session.h> 9 #include <sys/time.h> 10 11 struct packet_object { 12 13 /* timestamp of the packet */ 14 struct timeval ts; 15 16 struct L2 { 17 u_int8 proto; 18 u_char * header; 19 u_int len; 20 u_int8 src[MEDIA_ADDR_LEN]; 21 u_int8 dst[MEDIA_ADDR_LEN]; 22 u_int8 flags; 23 #define PO_L2_FCS 0x01 24 } L2; 25 26 struct L3 { 27 u_int16 proto; 28 u_char * header; 29 u_char * options; 30 u_int len; 31 size_t payload_len; 32 size_t optlen; 33 struct ip_addr src; 34 struct ip_addr dst; 35 u_int8 ttl; 36 } L3; 37 38 struct L4 { 39 u_int8 proto; 40 u_int8 flags; 41 u_char * header; 42 u_char * options; 43 u_int len; 44 size_t optlen; 45 u_int16 src; 46 u_int16 dst; 47 u_int32 seq; 48 u_int32 ack; 49 } L4; 50 51 struct data { 52 u_char * data; 53 u_int len; 54 /* 55 * buffer containing the data to be displayed. 56 * some dissector decripts the traffic, but the packet must be forwarded as 57 * is, so the decripted data must be placed in a different buffer. 58 * this is that buffer and it is malloced by tcp or udp dissector. 59 */ 60 size_t disp_len; 61 u_char * disp_data; 62 /* for modified packet this is the delta for the length */ 63 int delta; 64 size_t inject_len; /* len of the injection */ 65 u_char *inject; /* the buffer used for injection */ 66 67 } DATA; 68 69 u_int fwd_len; /* length of the packet to be forwarded */ 70 u_char * fwd_packet; /* the pointer to the buffer to be forwarded */ 71 72 u_int len; /* total length of the packet */ 73 u_char * packet; /* the buffer containing the real packet */ 74 75 /* Trace current session for injector chain */ 76 struct ec_session *session; 77 78 79 u_int16 flags; /* flags relative to the packet */ 80 #define PO_IGNORE ((u_int16)(1)) /* this packet should not be processed (e.g. sniffing TARGETS didn't match it) */ 81 #define PO_DONT_DISSECT ((u_int16)(1<<1)) /* this packet should not be processed by dissector (used during the arp scan) */ 82 #define PO_FORWARDABLE ((u_int16)(1<<2)) /* the packet has our MAC address, by the IP is not ours */ 83 #define PO_FORWARDED ((u_int16)(1<<3)) /* the packet was forwarded by us */ 84 85 #define PO_FROMIFACE ((u_int16)(1<<4)) /* this packet comes from the primary interface */ 86 #define PO_FROMBRIDGE ((u_int16)(1<<5)) /* this packet comes form the bridged interface */ 87 88 #define PO_MODIFIED ((u_int16)(1<<6)) /* it needs checksum recalculation before forwarding */ 89 #define PO_DROPPED ((u_int16)(1<<7)) /* the packet has to be dropped */ 90 91 #define PO_DUP ((u_int16)(1<<8)) /* the packet is a duplicate we have to free the buffer on destroy */ 92 #define PO_FORGED ((u_int16)(1<<9)) /* the packet is created by ourselves */ 93 94 #define PO_EOF ((u_int16)(1<<10)) /* we are reading from a file and this is the last packet */ 95 96 #define PO_FROMSSL ((u_int16)(1<<11)) /* the packet is coming from a ssl wrapper */ 97 98 #define PO_SSLSTART ((u_int16)(1<<12)) /* ssl wrapper has to enter SSL state */ 99 100 /* 101 * here are stored the user and pass collected by dissectors 102 * the "char *" are malloc(ed) by dissectors 103 */ 104 struct dissector_info DISSECTOR; 105 106 /* the struct for passive identification */ 107 struct passive_info PASSIVE; 108 109 }; 110 111 EC_API_EXTERN struct packet_object* packet_allocate_object(u_char *data, u_int len); 112 EC_API_EXTERN int packet_create_object(struct packet_object *po, u_char * buf, u_int len); 113 EC_API_EXTERN int packet_destroy_object(struct packet_object *po); 114 EC_API_EXTERN int packet_disp_data(struct packet_object *po, u_char *buf, u_int len); 115 EC_API_EXTERN struct packet_object * packet_dup(struct packet_object *po, u_char flag); 116 117 /* Do we want to duplicate data? */ 118 #define PO_DUP_NONE 0 119 #define PO_DUP_PACKET 1 120 121 #endif 122 123 /* EOF */ 124 125 // vim:ts=3:expandtab 126 127