WinPcap: pcap.h File Reference
优质
小牛编辑
124浏览
2023-12-01
Go to the source code of this file.
Unix-compatible Functions | |
These functions are part of the libpcap library, and therefore work both on Windows and on Linux.
| |
| typedef void(*) | pcap_handler (u_char *user, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) |
| Prototype of the callback function that receives the packets. | |
| pcap_t * | pcap_open_live (const char *device, int snaplen, int promisc, int to_ms, char *ebuf) |
| Open a live capture from the network. | |
| pcap_t * | pcap_open_dead (int linktype, int snaplen) |
| Create a pcap_t structure without starting a capture. | |
| pcap_t * | pcap_open_offline (const char *fname, char *errbuf) |
| Open a savefile in the tcpdump/libpcap format to read packets. | |
| pcap_dumper_t * | pcap_dump_open (pcap_t *p, const char *fname) |
| Open a file to write packets. | |
| int | pcap_setnonblock (pcap_t *p, int nonblock, char *errbuf) |
| Switch between blocking and nonblocking mode. | |
| int | pcap_getnonblock (pcap_t *p, char *errbuf) |
| Get the "non-blocking" state of an interface. | |
| int | pcap_findalldevs (pcap_if_t **alldevsp, char *errbuf) |
| Construct a list of network devices that can be opened with pcap_open_live(). | |
| void | pcap_freealldevs (pcap_if_t *alldevsp) |
| Free an interface list returned by pcap_findalldevs(). | |
| char * | pcap_lookupdev (char *errbuf) |
| Return the first valid device in the system. | |
| int | pcap_lookupnet (const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, char *errbuf) |
| Return the subnet and netmask of an interface. | |
| int | pcap_dispatch (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
| Collect a group of packets. | |
| int | pcap_loop (pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
| Collect a group of packets. | |
| u_char * | pcap_next (pcap_t *p, struct pcap_pkthdr *h) |
| Return the next available packet. | |
| int | pcap_next_ex (pcap_t *p, struct pcap_pkthdr **pkt_header, const u_char **pkt_data) |
| Read a packet from an interface or from an offline capture. | |
| void | pcap_breakloop (pcap_t *) |
| set a flag that will force pcap_dispatch() or pcap_loop() to return rather than looping. | |
| int | pcap_sendpacket (pcap_t *p, u_char *buf, int size) |
| Send a raw packet. | |
| void | pcap_dump (u_char *user, const struct pcap_pkthdr *h, const u_char *sp) |
| Save a packet to disk. | |
| long | pcap_dump_ftell (pcap_dumper_t *) |
| Return the file position for a "savefile". | |
| int | pcap_compile (pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) |
| Compile a packet filter, converting an high level filtering expression (see Filtering expression syntax) in a program that can be interpreted by the kernel-level filtering engine. | |
| int | pcap_compile_nopcap (int snaplen_arg, int linktype_arg, struct bpf_program *program, char *buf, int optimize, bpf_u_int32 mask) |
| Compile a packet filter without the need of opening an adapter. This function converts an high level filtering expression (see Filtering expression syntax) in a program that can be interpreted by the kernel-level filtering engine. | |
| int | pcap_setfilter (pcap_t *p, struct bpf_program *fp) |
| Associate a filter to a capture. | |
| void | pcap_freecode (struct bpf_program *fp) |
| Free a filter. | |
| int | pcap_datalink (pcap_t *p) |
| Return the link layer of an adapter. | |
| int | pcap_list_datalinks (pcap_t *p, int **dlt_buf) |
| list datalinks | |
| int | pcap_set_datalink (pcap_t *p, int dlt) |
| Set the current data link type of the pcap descriptor to the type specified by dlt. -1 is returned on failure. | |
| int | pcap_datalink_name_to_val (const char *name) |
| Translates a data link type name, which is a DLT_ name with the DLT_ removed, to the corresponding data link type value. The translation is case-insensitive. -1 is returned on failure. | |
| const char * | pcap_datalink_val_to_name (int dlt) |
| Translates a data link type value to the corresponding data link type name. NULL is returned on failure. | |
| const char * | pcap_datalink_val_to_description (int dlt) |
| Translates a data link type value to a short description of that data link type. NULL is returned on failure. | |
| int | pcap_snapshot (pcap_t *p) |
| Return the dimension of the packet portion (in bytes) that is delivered to the application. | |
| int | pcap_is_swapped (pcap_t *p) |
| returns true if the current savefile uses a different byte order than the current system. | |
| int | pcap_major_version (pcap_t *p) |
| return the major version number of the pcap library used to write the savefile. | |
| int | pcap_minor_version (pcap_t *p) |
| return the minor version number of the pcap library used to write the savefile. | |
| FILE * | pcap_file (pcap_t *p) |
| Return the standard stream of an offline capture. | |
| int | pcap_stats (pcap_t *p, struct pcap_stat *ps) |
| Return statistics on current capture. | |
| void | pcap_perror (pcap_t *p, char *prefix) |
| print the text of the last pcap library error on stderr, prefixed by prefix. | |
| char * | pcap_geterr (pcap_t *p) |
| return the error text pertaining to the last pcap library error. | |
| char * | pcap_strerror (int error) |
| Provided in case strerror() isn't available. | |
| const char * | pcap_lib_version (void) |
| Returns a pointer to a string giving information about the version of the libpcap library being used; note that it contains more information than just a version number. | |
| void | pcap_close (pcap_t *p) |
| close the files associated with p and deallocates resources. | |
| FILE * | pcap_dump_file (pcap_dumper_t *p) |
| return the standard I/O stream of the 'savefile' opened by pcap_dump_open(). | |
| int | pcap_dump_flush (pcap_dumper_t *p) |
| Flushes the output buffer to the ``savefile,'' so that any packets written with pcap_dump() but not yet written to the ``savefile'' will be written. -1 is returned on error, 0 on success. | |
| void | pcap_dump_close (pcap_dumper_t *p) |
| Closes a savefile. | |
Functions | |
| Windows-specific Extensions | |
| The functions in this section extend libpcap to offer advanced functionalities (like remote packet capture, packet buffer size variation or high-precision packet injection). Howerver, at the moment they can be used only in Windows. | |
| PAirpcapHandle | pcap_get_airpcap_handle (pcap_t *p) |
| Returns the AirPcap handler associated with an adapter. This handler can be used to change the wireless-related settings of the CACE Technologies AirPcap wireless capture adapters. | |
| bool | pcap_offline_filter (struct bpf_program *prog, const struct pcap_pkthdr *header, const u_char *pkt_data) |
| Returns if a given filter applies to an offline packet. | |
| int | pcap_live_dump (pcap_t *p, char *filename, int maxsize, int maxpacks) |
| Save a capture to file. | |
| int | pcap_live_dump_ended (pcap_t *p, int sync) |
| Return the status of the kernel dump process, i.e. tells if one of the limits defined with pcap_live_dump() has been reached. | |
| pcap_stat * | pcap_stats_ex (pcap_t *p, int *pcap_stat_size) |
| Return statistics on current capture. | |
| int | pcap_setbuff (pcap_t *p, int dim) |
| Set the size of the kernel buffer associated with an adapter. | |
| int | pcap_setmode (pcap_t *p, int mode) |
| Set the working mode of the interface p to mode. | |
| int | pcap_setmintocopy (pcap_t *p, int size) |
| Set the minumum amount of data received by the kernel in a single call. | |
| HANDLE | pcap_getevent (pcap_t *p) |
| Return the handle of the event associated with the interface p. | |
| pcap_send_queue * | pcap_sendqueue_alloc (u_int memsize) |
| Allocate a send queue. | |
| void | pcap_sendqueue_destroy (pcap_send_queue *queue) |
| Destroy a send queue. | |
| int | pcap_sendqueue_queue (pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) |
| Add a packet to a send queue. | |
| u_int | pcap_sendqueue_transmit (pcap_t *p, pcap_send_queue *queue, int sync) |
| Send a queue of raw packets to the network. | |
| int | pcap_findalldevs_ex (char *source, struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf) |
| Create a list of network devices that can be opened with pcap_open(). | |
| int | pcap_createsrcstr (char *source, int type, const char *host, const char *port, const char *name, char *errbuf) |
| Accept a set of strings (host name, port, ...), and it returns the complete source string according to the new format (e.g. 'rpcap://1.2.3.4/eth0'). | |
| int | pcap_parsesrcstr (const char *source, int *type, char *host, char *port, char *name, char *errbuf) |
| Parse the source string and returns the pieces in which the source can be split. | |
| pcap_t * | pcap_open (const char *source, int snaplen, int flags, int read_timeout, struct pcap_rmtauth *auth, char *errbuf) |
| Open a generic source in order to capture / send (WinPcap only) traffic. | |
| pcap_samp * | pcap_setsampling (pcap_t *p) |
| Define a sampling method for packet capture. | |
| SOCKET | pcap_remoteact_accept (const char *address, const char *port, const char *hostlist, char *connectinghost, struct pcap_rmtauth *auth, char *errbuf) |
| Block until a network connection is accepted (active mode only). | |
| int | pcap_remoteact_close (const char *host, char *errbuf) |
| Drop an active connection (active mode only). | |
| void | pcap_remoteact_cleanup () |
| Clean the socket that is currently used in waiting active connections. | |
| int | pcap_remoteact_list (char *hostlist, char sep, int size, char *errbuf) |
| Return the hostname of the host that have an active connection with us (active mode only). | |