/* * This file is part of tcpflow by Jeremy Elson * Initial Release: 7 April 1999. * * This source code is under the GNU Public License (GPL). See * LICENSE for details. * * $Id: tcpflow.h,v 1.10 2001/08/08 19:39:40 jelson Exp $ * * $Log: tcpflow.h,v $ * Revision 1.10 2001/08/08 19:39:40 jelson * ARGH! These are changes that made up tcpflow 0.20, which for some reason I * did not check into the repository until now. (Which of couse means * I never tagged v0.20.... argh.) * * Changes include: * * -- portable signal handlers now used to do proper termination * * -- patch to allow tcpflow to read from tcpdump stored captures * * Revision 1.9 2000/12/08 07:32:39 jelson * Took out the (broken) support for fgetpos/fsetpos. Now we always simply * use fseek and ftell. * * Revision 1.8 1999/04/21 01:40:16 jelson * DLT_NULL fixes, u_char fixes, additions to configure.in, man page update * * Revision 1.7 1999/04/13 01:38:14 jelson * Added portability features with 'automake' and 'autoconf'. Added AUTHORS, * NEWS, README, etc files (currently empty) to conform to GNU standards. * * Various portability fixes, including the FGETPOS/FSETPOS macros; detection * of header files using autoconf; restructuring of debugging code to not * need vsnprintf. * */ #ifndef __TCPFLOW_H__ #define __TCPFLOW_H__ #ifdef HAVE_CONFIG_H #include "conf.h" #endif #include "sysdep.h" #ifndef __SYSDEP_H__ #error something is messed up #endif /**************************** Constants ***********************************/ #define DEFAULT_DEBUG_LEVEL 1 #define MAX_FD_GUESS 64 #define NUM_RESERVED_FDS 5 /* number of FDs to set aside */ #define HASH_SIZE 1009 /* prime number near 1000 */ #define SNAPLEN 65536 /* largest possible MTU we'll see */ /**************************** Structures **********************************/ typedef struct { u_int32_t src; /* Source IP address */ u_int32_t dst; /* Destination IP address */ u_int16_t sport; /* Source port number */ u_int16_t dport; /* Destination port number */ } flow_t; typedef struct flow_state_struct { struct flow_state_struct *next; /* Link to next one */ flow_t flow; /* Description of this flow */ tcp_seq isn; /* Initial sequence number we've seen */ FILE *fp; /* Pointer to file storing this flow's data */ long pos; /* Current write position in fp */ int flags; /* Don't save any more data from this flow */ int last_access; /* "Time" of last access */ } flow_state_struct; #define FLOW_FINISHED (1 << 0) #define FLOW_FILE_EXISTS (1 << 1) typedef struct flow_state_struct flow_state_t; /***************************** Macros *************************************/ #define MALLOC(type, num) (type *) check_malloc((num) * sizeof(type)) #ifndef __MAIN_C__ extern int debug_level; #endif #define DEBUG(message_level) if (debug_level >= message_level) debug_real #define HASH_FLOW(flow) ( \ ( (flow.sport & 0xff) | ((flow.dport & 0xff) << 8) | \ ((flow.src & 0xff) << 16) | ((flow.dst & 0xff) << 24) \ ) % HASH_SIZE) #define IS_SET(vector, flag) ((vector) & (flag)) #define SET_BIT(vector, flag) ((vector) |= (flag)) /************************* Function prototypes ****************************/ /* util.c */ char *copy_argv(char *argv[]); void init_debug(char *argv[]); void *check_malloc(size_t size); char *flow_filename(flow_t flow); int get_max_fds(void); RETSIGTYPE (*portable_signal(int signo, RETSIGTYPE (*func)(int)))(int); void debug_real(char *fmt, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; void die(char *fmt, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))) #endif ; /* datalink.c */ pcap_handler find_handler(int datalink_type, char *device); /* tcpip.c */ void process_ip(const u_char *data, u_int32_t length); void process_tcp(const u_char *data, u_int32_t length, u_int32_t src, u_int32_t dst); void print_packet(flow_t flow, const u_char *data, u_int32_t length); void store_packet(flow_t flow, const u_char *data, u_int32_t length, u_int32_t seq); u_char *do_strip_nonprint(const u_char *data, u_int32_t length); /* flow.c */ void init_flow_state(); flow_state_t *find_flow_state(flow_t flow); flow_state_t *create_flow_state(flow_t flow, tcp_seq isn); FILE *open_file(flow_state_t *flow_state); int close_file(flow_state_t *flow_state); void sort_fds(); void contract_fd_ring(); #endif /* __TCPFLOW_H__ */