File: Sniffer.h

package info (click to toggle)
tcptrack 1.4.2-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, stretch
  • size: 736 kB
  • ctags: 600
  • sloc: cpp: 2,521; sh: 717; makefile: 26
file content (83 lines) | stat: -rw-r--r-- 2,559 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
/* 
 *  Ths code in this file is part of tcptrack. For more information see
 *    http://www.rhythm.cx/~steve/devel/tcptrack
 *
 *     Copyright (C) Steve Benson - 2003
 *
 *  tcptrack is free software; you can redistribute it and/or modify it
 *  under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2, or (at your
 *  option) any later version.
 *   
 *  tcptrack is distributed in the hope that it will be useful, but
 *  WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  General Public License for more details.
 *   
 *  You should have received a copy of the GNU General Public License
 *  along with GNU Make; see the file COPYING.  If not, write to
 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. 
 *  
 */
#ifndef SNIFFER_H
#define SNIFFER_H 1

#define _BSD_SOURCE 1
#define _DEFAULT_SOURCE 1
#define _REENTRANT

#ifdef HAVE_PCAP_PCAP_H
#include <pcap/pcap.h>
#endif
#ifdef HAVE_PCAP_H
#include <pcap.h>
#endif
#include <pthread.h>
#include "PacketBuffer.h"

class Sniffer
{
public:
	Sniffer();
	~Sniffer();

	// init performs some constructor-like activity. It is separate
	// so that exceptions don't have to be thrown in the constructor.
	void init(char *iface, char *fexp, char *test_file);

	// set the place where sniffed packets are sent for further 
	// processing. If NULL, packets are just dropped.
	void dest( PacketBuffer *pb=NULL );

	
	// do not call. called only from the pcap_loop loopback function. 
	void processPacket(const pcap_pkthdr *header, const u_char *packet);

	// do not call. called only from sniffer_thread_func
	void run(); 
	
private:
	pthread_t sniffer_tid; // thread id of sniffer thread
	pcap_t *handle;        // device handle, for net dev we're sniffing
	PacketBuffer *pb;      // send packets here. may be NULL.
	pthread_mutex_t pb_mutex;

	// these are true if these parts were successfully initialzised, 
	// and thus would need to be cleaned up in the constructor.
	// also used to make sure init() isn't called more than once.
	bool pcap_initted;
	bool pthread_initted;

	// the data link type. set to one of the DLT_* values in 
	// net/bpf.h. Specifies what type of link layer this is 
	// (ethernet, ppp, raw IP...)
	int dlt;
};

// pcap_loop calls this function
void handle_packet(u_char *other, const struct pcap_pkthdr *header, const u_char *packet);

// main function for sniffer thread
void *sniffer_thread_func(void *);

#endif