forked from gdbinit/tcplognke
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtcplogger.h
executable file
·121 lines (108 loc) · 5.25 KB
/
tcplogger.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
(c) Copyright 2005 Apple Computer, Inc. All rights reserved.
IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc. (ÒAppleÓ) in
consideration of your agreement to the following terms, and your use, installation,
modification or redistribution of this Apple software constitutes acceptance of these
terms. If you do not agree with these terms, please do not use, install, modify or
redistribute this Apple software.
In consideration of your agreement to abide by the following terms, and subject to
these terms, Apple grants you a personal, non-exclusive license, under AppleÕs copyrights
in this original Apple software (the ÒApple SoftwareÓ), to use, reproduce, modify and
redistribute the Apple Software, with or without modifications, in source and/or binary
forms; provided that if you redistribute the Apple Software in its entirety and without
modifications, you must retain this notice and the following text and disclaimers in all
such redistributions of the Apple Software. Neither the name, trademarks, service marks
or logos of Apple Computer, Inc. may be used to endorse or promote products derived
from the Apple Software without specific prior written permission from Apple. Except
as expressly stated in this notice, no other rights or licenses, express or implied,
are granted by Apple herein, including but not limited to any patent rights that may
be infringed by your derivative works or by other works in which the Apple Software
may be incorporated.
The Apple Software is provided by Apple on an "AS IS" basis. APPLE MAKES NO
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES
OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING
THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS.
IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ARISING
IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION OF THE
APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING
NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
/*
heade file to support the tcplognke netwrok kernel extension.
*/
#ifndef TCPLOGGER_H
#define TCPLOGGER_H
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#define TCPLOGGER_HANDLE_IP4 0xBABABABA /* Temp hack to identify this filter */
#define TCPLOGGER_HANDLE_IP6 0xABABABAB /* Temp hack to identify this filter */
/*
Used a registered creator type here - to register for one - go to the
Apple Developer Connection Datatype Registration page
<http://developer.apple.com/datatype/>
*/
#define MYBUNDLEID "com.apple.dts.kext.tcplognke"
/*
The TCPLogInfo structure is used to pass packet process info from the kext to the
user land tool - tcplog, on a per connection basis, at the end of a connection.
The kernel extension passes status information to the tool when the tool is used
with the -m (display TCP Log entries) option.
*/
struct TCPLogInfo {
size_t tli_len; /* size of structure */
uint32_t tli_state; /* connection state - TLS_CONNECT_OUT or TLS_CONNECT_IN */
long tli_genid; /* one up id for this record */
union {
struct sockaddr_in addr4; /* ipv4 local addr */
struct sockaddr_in6 addr6; /* ipv6 local addr */
} tli_local;
union {
struct sockaddr_in addr4; /* ipv4 remote addr */
struct sockaddr_in6 addr6; /* ipv6 remote addr */
} tli_remote;
uint32_t tli_bytes_in;
uint32_t tli_pkts_in;
uint32_t tli_bytes_out;
uint32_t tli_pkts_out;
struct timeval tli_create; /* socreate timestamp */
struct timeval tli_start; /* connection complete timestamp */
struct timeval tli_stop; /* connection termination timestamp */
pid_t tli_pid; /* pid that created the socket */
pid_t tli_uid; /* used id that created the socket */
int tli_protocol; /* ipv4 or ipv6 */
};
#define TLS_CONNECT_OUT 0x1
#define TLS_CONNECT_IN 0x2
#define TLS_LISTENING 0x4
#define TLS_KIND (TLS_CONNECT_OUT | TLS_CONNECT_IN | TLS_LISTENING)
struct tl_stats {
int tls_done_count;
int tls_done_max;
int tls_qmax; /* Maximum number of info structures for be logged */
int tls_overflow;
int tls_active;
int tls_active_max;
int tls_inuse; /* Currently in use (attached and not free) */
int tls_info; /* Number of currently allocated info structures */
long tls_attached; /* Number of attachment to sockets - used to set one up value of tli_genid */
long tls_freed; /* Number of calls to duplicate calls to sofree */
long tls_cannotfree; /* Number of calls to duplicate calls to sofree */
long tls_dupfree; /* Number of calls to duplicate calls to sofree */
long tls_ctl_connected; /* Number of control sockets in use */
int tls_log;
int tls_enabled;
boolean_t tls_initted;
};
#define TCPLOGGER_STATS 1 /* get tl_stats*/
#define TCPLOGGER_QMAX 2 /* get or set tls_qmax */
#define TCPLOGGER_ENABLED 3 /* get or set tls_enabled */
#define TCPLOGGER_FLUSH 4
#define TCPLOGGER_ADDUNIT 5
#define TCPLOGGER_DELUNIT 6
#define TCPLOGGER_LOG 7
#endif