1999-10-07 23:46:40 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the Computer Systems
|
|
|
|
* Engineering Group at Lawrence Berkeley Laboratory.
|
|
|
|
* 4. Neither the name of the University nor of the Laboratory may be used
|
|
|
|
* to endorse or promote products derived from this software without
|
|
|
|
* specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef lint
|
2003-11-15 23:23:57 +00:00
|
|
|
static const char rcsid[] _U_ =
|
2008-12-23 20:13:29 +00:00
|
|
|
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)";
|
2000-07-11 00:37:04 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
1999-10-07 23:46:40 +00:00
|
|
|
#endif
|
|
|
|
|
2002-08-02 03:44:19 +00:00
|
|
|
#ifdef WIN32
|
2002-08-01 08:33:01 +00:00
|
|
|
#include <pcap-stdinc.h>
|
2002-08-02 03:44:19 +00:00
|
|
|
#else /* WIN32 */
|
|
|
|
#include <sys/types.h>
|
|
|
|
#endif /* WIN32 */
|
1999-10-07 23:46:40 +00:00
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
2004-12-18 08:52:08 +00:00
|
|
|
#if !defined(_MSC_VER) && !defined(__BORLANDC__)
|
2002-08-02 03:44:19 +00:00
|
|
|
#include <unistd.h>
|
|
|
|
#endif
|
2001-12-09 05:10:02 +00:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <errno.h>
|
1999-10-07 23:46:40 +00:00
|
|
|
|
|
|
|
#ifdef HAVE_OS_PROTO_H
|
|
|
|
#include "os-proto.h"
|
|
|
|
#endif
|
|
|
|
|
2004-12-18 08:52:08 +00:00
|
|
|
#ifdef MSDOS
|
|
|
|
#include "pcap-dos.h"
|
|
|
|
#endif
|
|
|
|
|
1999-10-07 23:46:40 +00:00
|
|
|
#include "pcap-int.h"
|
|
|
|
|
2003-11-20 01:21:25 +00:00
|
|
|
#ifdef HAVE_DAG_API
|
|
|
|
#include <dagnew.h>
|
|
|
|
#include <dagapi.h>
|
|
|
|
#endif
|
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
int
|
|
|
|
pcap_not_initialized(pcap_t *pcap)
|
|
|
|
{
|
|
|
|
/* this means 'not initialized' */
|
|
|
|
return PCAP_ERROR_NOT_ACTIVATED;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
|
|
|
|
* a PCAP_ERROR value on an error.
|
|
|
|
*/
|
1999-10-07 23:46:40 +00:00
|
|
|
int
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
pcap_can_set_rfmon(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->can_set_rfmon_op(p));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* For systems where rfmon mode is never supported.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
pcap_cant_set_rfmon(pcap_t *p _U_)
|
|
|
|
{
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
When doing Linux mmapped capture:
Allocate a buffer into which to copy a packet, and have the
callback for pcap_next() and pcap_next_ex() copy to that buffer
and return a pointer to that buffer; we can't return the packet
data pointer passed to the callback, as, once the callback
returns, that buffer can be overwritten, even before you read
the next packet.
Don't tweak filter programs passed into the kernel to return
65535 on success - we don't have to, as we're not reading
packets with recvfrom(), and we don't want to, as, if we return
the actual snapshot length, the kernel will copy less data to
the ring buffer.
Truncate the packet snapshot length to the specified length, as
we might not have a filter to do that.
2009-07-16 22:08:12 +00:00
|
|
|
/*
|
|
|
|
* Default one-shot callback; overridden for capture types where the
|
|
|
|
* packet data cannot be guaranteed to be available after the callback
|
|
|
|
* returns, so that a copy must be made.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
|
|
|
|
{
|
|
|
|
struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
|
|
|
|
|
|
|
|
*sp->hdr = *h;
|
|
|
|
*sp->pkt = pkt;
|
|
|
|
}
|
|
|
|
|
|
|
|
const u_char *
|
|
|
|
pcap_next(pcap_t *p, struct pcap_pkthdr *h)
|
|
|
|
{
|
|
|
|
struct oneshot_userdata s;
|
|
|
|
const u_char *pkt;
|
|
|
|
|
|
|
|
s.hdr = h;
|
|
|
|
s.pkt = &pkt;
|
|
|
|
s.pd = p;
|
|
|
|
if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
|
|
|
|
return (0);
|
|
|
|
return (pkt);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
|
|
|
|
const u_char **pkt_data)
|
|
|
|
{
|
|
|
|
struct oneshot_userdata s;
|
|
|
|
|
|
|
|
s.hdr = &p->pcap_header;
|
|
|
|
s.pkt = pkt_data;
|
|
|
|
s.pd = p;
|
|
|
|
|
|
|
|
/* Saves a pointer to the packet headers */
|
|
|
|
*pkt_header= &p->pcap_header;
|
|
|
|
|
|
|
|
if (p->sf.rfile != NULL) {
|
|
|
|
int status;
|
|
|
|
|
|
|
|
/* We are on an offline capture */
|
|
|
|
status = pcap_offline_read(p, 1, pcap_oneshot,
|
|
|
|
(u_char *)&s);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return codes for pcap_offline_read() are:
|
|
|
|
* - 0: EOF
|
|
|
|
* - -1: error
|
|
|
|
* - >1: OK
|
|
|
|
* The first one ('0') conflicts with the return code of
|
|
|
|
* 0 from pcap_read() meaning "no packets arrived before
|
|
|
|
* the timeout expired", so we map it to -2 so you can
|
|
|
|
* distinguish between an EOF from a savefile and a
|
|
|
|
* "no packets arrived before the timeout expired, try
|
|
|
|
* again" from a live capture.
|
|
|
|
*/
|
|
|
|
if (status == 0)
|
|
|
|
return (-2);
|
|
|
|
else
|
|
|
|
return (status);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return codes for pcap_read() are:
|
|
|
|
* - 0: timeout
|
|
|
|
* - -1: error
|
|
|
|
* - -2: loop was broken out of with pcap_breakloop()
|
|
|
|
* - >1: OK
|
|
|
|
* The first one ('0') conflicts with the return code of 0 from
|
|
|
|
* pcap_offline_read() meaning "end of file".
|
|
|
|
*/
|
|
|
|
return (p->read_op(p, 1, pcap_oneshot, (u_char *)&s));
|
|
|
|
}
|
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
pcap_t *
|
|
|
|
pcap_create_common(const char *source, char *ebuf)
|
|
|
|
{
|
|
|
|
pcap_t *p;
|
|
|
|
|
|
|
|
p = malloc(sizeof(*p));
|
|
|
|
if (p == NULL) {
|
|
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
memset(p, 0, sizeof(*p));
|
2008-04-14 20:40:58 +00:00
|
|
|
#ifndef WIN32
|
|
|
|
p->fd = -1; /* not opened yet */
|
|
|
|
#endif
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
2009-08-12 05:10:51 +00:00
|
|
|
p->opt.source = strdup(source);
|
|
|
|
if (p->opt.source == NULL) {
|
|
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
free(p);
|
|
|
|
return (NULL);
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Default to "can't set rfmon mode"; if it's supported by
|
|
|
|
* a platform, it can set the op to its routine to check
|
|
|
|
* whether a particular device supports it.
|
|
|
|
*/
|
|
|
|
p->can_set_rfmon_op = pcap_cant_set_rfmon;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Some operations can be performed only on activated pcap_t's;
|
|
|
|
* have those operations handled by a "not supported" handler
|
|
|
|
* until the pcap_t is activated.
|
|
|
|
*/
|
|
|
|
p->read_op = (read_op_t)pcap_not_initialized;
|
|
|
|
p->inject_op = (inject_op_t)pcap_not_initialized;
|
|
|
|
p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
|
|
|
|
p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
|
|
|
|
p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
|
|
|
|
p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
|
|
|
|
p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
|
|
|
|
p->stats_op = (stats_op_t)pcap_not_initialized;
|
|
|
|
#ifdef WIN32
|
|
|
|
p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
|
|
|
|
p->setmode_op = (setmode_op_t)pcap_not_initialized;
|
|
|
|
p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
|
|
|
|
#endif
|
2008-04-14 20:40:58 +00:00
|
|
|
p->cleanup_op = pcap_cleanup_live_common;
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
When doing Linux mmapped capture:
Allocate a buffer into which to copy a packet, and have the
callback for pcap_next() and pcap_next_ex() copy to that buffer
and return a pointer to that buffer; we can't return the packet
data pointer passed to the callback, as, once the callback
returns, that buffer can be overwritten, even before you read
the next packet.
Don't tweak filter programs passed into the kernel to return
65535 on success - we don't have to, as we're not reading
packets with recvfrom(), and we don't want to, as, if we return
the actual snapshot length, the kernel will copy less data to
the ring buffer.
Truncate the packet snapshot length to the specified length, as
we might not have a filter to do that.
2009-07-16 22:08:12 +00:00
|
|
|
/*
|
|
|
|
* In most cases, the standard one-short callback can
|
|
|
|
* be used for pcap_next()/pcap_next_ex().
|
|
|
|
*/
|
|
|
|
p->oneshot_callback = pcap_oneshot;
|
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
/* put in some defaults*/
|
|
|
|
pcap_set_timeout(p, 0);
|
|
|
|
pcap_set_snaplen(p, 65535); /* max packet size */
|
|
|
|
p->opt.promisc = 0;
|
|
|
|
p->opt.buffer_size = 0;
|
|
|
|
return (p);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_check_activated(pcap_t *p)
|
|
|
|
{
|
|
|
|
if (p->activated) {
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
|
|
|
|
" operation on activated capture");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_set_snaplen(pcap_t *p, int snaplen)
|
|
|
|
{
|
|
|
|
if (pcap_check_activated(p))
|
|
|
|
return PCAP_ERROR_ACTIVATED;
|
|
|
|
p->snapshot = snaplen;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_set_promisc(pcap_t *p, int promisc)
|
|
|
|
{
|
|
|
|
if (pcap_check_activated(p))
|
|
|
|
return PCAP_ERROR_ACTIVATED;
|
|
|
|
p->opt.promisc = promisc;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_set_rfmon(pcap_t *p, int rfmon)
|
1999-10-07 23:46:40 +00:00
|
|
|
{
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
if (pcap_check_activated(p))
|
|
|
|
return PCAP_ERROR_ACTIVATED;
|
|
|
|
p->opt.rfmon = rfmon;
|
|
|
|
return 0;
|
|
|
|
}
|
1999-10-07 23:46:40 +00:00
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
int
|
|
|
|
pcap_set_timeout(pcap_t *p, int timeout_ms)
|
|
|
|
{
|
|
|
|
if (pcap_check_activated(p))
|
|
|
|
return PCAP_ERROR_ACTIVATED;
|
|
|
|
p->md.timeout = timeout_ms;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_set_buffer_size(pcap_t *p, int buffer_size)
|
|
|
|
{
|
|
|
|
if (pcap_check_activated(p))
|
|
|
|
return PCAP_ERROR_ACTIVATED;
|
|
|
|
p->opt.buffer_size = buffer_size;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_activate(pcap_t *p)
|
|
|
|
{
|
2008-04-09 21:26:12 +00:00
|
|
|
int status;
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
2008-04-09 21:26:12 +00:00
|
|
|
status = p->activate_op(p);
|
|
|
|
if (status >= 0)
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
p->activated = 1;
|
2009-08-12 04:31:18 +00:00
|
|
|
else if (p->errbuf[0] == '\0') {
|
|
|
|
/*
|
|
|
|
* No error message supplied by the activate routine;
|
|
|
|
* for the benefit of programs that don't specially
|
|
|
|
* handle errors other than PCAP_ERROR, return the
|
|
|
|
* error message corresponding to the status.
|
|
|
|
*/
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
|
|
|
|
pcap_statustostr(status));
|
|
|
|
}
|
2008-04-09 21:26:12 +00:00
|
|
|
return (status);
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
pcap_t *
|
|
|
|
pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
|
|
|
|
{
|
|
|
|
pcap_t *p;
|
2008-04-09 21:39:21 +00:00
|
|
|
int status;
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
p = pcap_create(source, errbuf);
|
|
|
|
if (p == NULL)
|
|
|
|
return (NULL);
|
2008-04-09 21:39:21 +00:00
|
|
|
status = pcap_set_snaplen(p, snaplen);
|
|
|
|
if (status < 0)
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
goto fail;
|
2008-04-09 21:39:21 +00:00
|
|
|
status = pcap_set_promisc(p, promisc);
|
|
|
|
if (status < 0)
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
goto fail;
|
2008-04-09 21:39:21 +00:00
|
|
|
status = pcap_set_timeout(p, to_ms);
|
|
|
|
if (status < 0)
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
goto fail;
|
|
|
|
/*
|
|
|
|
* Mark this as opened with pcap_open_live(), so that, for
|
|
|
|
* example, we show the full list of DLT_ values, rather
|
|
|
|
* than just the ones that are compatible with capturing
|
|
|
|
* when not in monitor mode. That allows existing applications
|
|
|
|
* to work the way they used to work, but allows new applications
|
|
|
|
* that know about the new open API to, for example, find out the
|
|
|
|
* DLT_ values that they can select without changing whether
|
|
|
|
* the adapter is in monitor mode or not.
|
|
|
|
*/
|
|
|
|
p->oldstyle = 1;
|
2008-04-09 21:39:21 +00:00
|
|
|
status = pcap_activate(p);
|
|
|
|
if (status < 0)
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
goto fail;
|
|
|
|
return (p);
|
|
|
|
fail:
|
2009-07-31 03:58:08 +00:00
|
|
|
if (status == PCAP_ERROR)
|
|
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
|
|
|
|
p->errbuf);
|
2009-08-12 04:31:18 +00:00
|
|
|
else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
|
2008-04-09 21:39:21 +00:00
|
|
|
status == PCAP_ERROR_PERM_DENIED)
|
2009-07-31 03:58:08 +00:00
|
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
|
|
|
|
pcap_statustostr(status), p->errbuf);
|
Add an error for "you don't have permission to open that device", as
that often means "sorry, this platform requires you to run as root or to
somehow tweak the system to give you capture privileges", and
applications might want to explain that in a way that does a better job
of letting the user know what they have to do.
Try to return or PCAP_ERROR_PERM_DENIED for open errors, rather than
just returning PCAP_ERROR, so that the application can, if it chooses,
try to explain the error better (as those two errors are the ones that
don't mean "there's probably some obscure OS or libpcap problem", but
mean, instead, "you made an error" or "you need to get permission to
capture").
Check for monitor mode *after* checking whether the device exists in the
first place; a non-existent device doesn't support monitor mode, but
that's because it doesn't, well, exist, and the latter would be a more
meaningful error.
Have pcap_open_live() supply an error message for return values other
than PCAP_ERROR, PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED -
those all supply error strings (PCAP_ERROR because it's for various OS
problems that might require debugging, and the other two because there
might be multiple causes).
2008-04-09 19:58:02 +00:00
|
|
|
else
|
|
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
|
2008-04-09 21:39:21 +00:00
|
|
|
pcap_statustostr(status));
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
pcap_close(p);
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|
|
|
{
|
2003-07-25 05:32:02 +00:00
|
|
|
return p->read_op(p, cnt, callback, user);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - is this necessary?
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|
|
|
{
|
|
|
|
|
|
|
|
return p->read_op(p, cnt, callback, user);
|
1999-10-07 23:46:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|
|
|
{
|
|
|
|
register int n;
|
|
|
|
|
|
|
|
for (;;) {
|
2003-07-25 05:32:02 +00:00
|
|
|
if (p->sf.rfile != NULL) {
|
|
|
|
/*
|
|
|
|
* 0 means EOF, so don't loop if we get 0.
|
|
|
|
*/
|
1999-10-07 23:46:40 +00:00
|
|
|
n = pcap_offline_read(p, cnt, callback, user);
|
2003-07-25 05:32:02 +00:00
|
|
|
} else {
|
1999-10-07 23:46:40 +00:00
|
|
|
/*
|
|
|
|
* XXX keep reading until we get something
|
|
|
|
* (or an error occurs)
|
|
|
|
*/
|
|
|
|
do {
|
2003-07-25 05:32:02 +00:00
|
|
|
n = p->read_op(p, cnt, callback, user);
|
1999-10-07 23:46:40 +00:00
|
|
|
} while (n == 0);
|
|
|
|
}
|
|
|
|
if (n <= 0)
|
|
|
|
return (n);
|
|
|
|
if (cnt > 0) {
|
|
|
|
cnt -= n;
|
|
|
|
if (cnt <= 0)
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-11-04 07:05:32 +00:00
|
|
|
/*
|
|
|
|
* Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
pcap_breakloop(pcap_t *p)
|
|
|
|
{
|
|
|
|
p->break_loop = 1;
|
|
|
|
}
|
|
|
|
|
1999-10-07 23:46:40 +00:00
|
|
|
int
|
|
|
|
pcap_datalink(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->linktype);
|
|
|
|
}
|
|
|
|
|
2007-09-29 19:33:29 +00:00
|
|
|
int
|
|
|
|
pcap_datalink_ext(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->linktype_ext);
|
|
|
|
}
|
|
|
|
|
2002-12-19 09:05:45 +00:00
|
|
|
int
|
|
|
|
pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
|
|
|
|
{
|
|
|
|
if (p->dlt_count == 0) {
|
|
|
|
/*
|
|
|
|
* We couldn't fetch the list of DLTs, which means
|
|
|
|
* this platform doesn't support changing the
|
|
|
|
* DLT for an interface. Return a list of DLTs
|
|
|
|
* containing only the DLT this device supports.
|
|
|
|
*/
|
|
|
|
*dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
|
|
|
|
if (*dlt_buffer == NULL) {
|
|
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf),
|
|
|
|
"malloc: %s", pcap_strerror(errno));
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
**dlt_buffer = p->linktype;
|
|
|
|
return (1);
|
|
|
|
} else {
|
2007-09-12 21:29:13 +00:00
|
|
|
*dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
|
2002-12-19 09:05:45 +00:00
|
|
|
if (*dlt_buffer == NULL) {
|
|
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf),
|
|
|
|
"malloc: %s", pcap_strerror(errno));
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
(void)memcpy(*dlt_buffer, p->dlt_list,
|
|
|
|
sizeof(**dlt_buffer) * p->dlt_count);
|
|
|
|
return (p->dlt_count);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-05-26 19:58:06 +00:00
|
|
|
/*
|
|
|
|
* In Windows, you might have a library built with one version of the
|
|
|
|
* C runtime library and an application built with another version of
|
|
|
|
* the C runtime library, which means that the library might use one
|
|
|
|
* version of malloc() and free() and the application might use another
|
|
|
|
* version of malloc() and free(). If so, that means something
|
|
|
|
* allocated by the library cannot be freed by the application, so we
|
|
|
|
* need to have a pcap_free_datalinks() routine to free up the list
|
|
|
|
* allocated by pcap_list_datalinks(), even though it's just a wrapper
|
|
|
|
* around free().
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
pcap_free_datalinks(int *dlt_list)
|
|
|
|
{
|
|
|
|
free(dlt_list);
|
|
|
|
}
|
|
|
|
|
2002-12-19 09:05:45 +00:00
|
|
|
int
|
|
|
|
pcap_set_datalink(pcap_t *p, int dlt)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
const char *dlt_name;
|
|
|
|
|
2003-07-25 05:07:01 +00:00
|
|
|
if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
|
2002-12-19 09:05:45 +00:00
|
|
|
/*
|
2003-07-25 05:07:01 +00:00
|
|
|
* We couldn't fetch the list of DLTs, or we don't
|
|
|
|
* have a "set datalink" operation, which means
|
2002-12-19 09:05:45 +00:00
|
|
|
* this platform doesn't support changing the
|
|
|
|
* DLT for an interface. Check whether the new
|
|
|
|
* DLT is the one this interface supports.
|
|
|
|
*/
|
|
|
|
if (p->linktype != dlt)
|
|
|
|
goto unsupported;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* It is, so there's nothing we need to do here.
|
|
|
|
*/
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
for (i = 0; i < p->dlt_count; i++)
|
|
|
|
if (p->dlt_list[i] == dlt)
|
|
|
|
break;
|
|
|
|
if (i >= p->dlt_count)
|
|
|
|
goto unsupported;
|
2003-12-18 23:32:31 +00:00
|
|
|
if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
|
|
|
|
dlt == DLT_DOCSIS) {
|
|
|
|
/*
|
|
|
|
* This is presumably an Ethernet device, as the first
|
|
|
|
* link-layer type it offers is DLT_EN10MB, and the only
|
|
|
|
* other type it offers is DLT_DOCSIS. That means that
|
|
|
|
* we can't tell the driver to supply DOCSIS link-layer
|
|
|
|
* headers - we're just pretending that's what we're
|
|
|
|
* getting, as, presumably, we're capturing on a dedicated
|
|
|
|
* link to a Cisco Cable Modem Termination System, and
|
|
|
|
* it's putting raw DOCSIS frames on the wire inside low-level
|
|
|
|
* Ethernet framing.
|
|
|
|
*/
|
|
|
|
p->linktype = dlt;
|
|
|
|
return (0);
|
|
|
|
}
|
2003-07-25 05:07:01 +00:00
|
|
|
if (p->set_datalink_op(p, dlt) == -1)
|
2002-12-19 09:05:45 +00:00
|
|
|
return (-1);
|
|
|
|
p->linktype = dlt;
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
unsupported:
|
|
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
|
|
|
if (dlt_name != NULL) {
|
|
|
|
(void) snprintf(p->errbuf, sizeof(p->errbuf),
|
|
|
|
"%s is not one of the DLTs supported by this device",
|
|
|
|
dlt_name);
|
|
|
|
} else {
|
|
|
|
(void) snprintf(p->errbuf, sizeof(p->errbuf),
|
|
|
|
"DLT %d is not one of the DLTs supported by this device",
|
|
|
|
dlt);
|
|
|
|
}
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct dlt_choice {
|
|
|
|
const char *name;
|
2003-11-18 22:14:24 +00:00
|
|
|
const char *description;
|
2002-12-19 09:05:45 +00:00
|
|
|
int dlt;
|
|
|
|
};
|
|
|
|
|
2003-11-18 22:14:24 +00:00
|
|
|
#define DLT_CHOICE(code, description) { #code, description, code }
|
|
|
|
#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
|
2002-12-19 09:05:45 +00:00
|
|
|
|
|
|
|
static struct dlt_choice dlt_choices[] = {
|
2003-11-18 22:14:24 +00:00
|
|
|
DLT_CHOICE(DLT_NULL, "BSD loopback"),
|
|
|
|
DLT_CHOICE(DLT_EN10MB, "Ethernet"),
|
|
|
|
DLT_CHOICE(DLT_IEEE802, "Token ring"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
|
2003-11-18 22:14:24 +00:00
|
|
|
DLT_CHOICE(DLT_SLIP, "SLIP"),
|
|
|
|
DLT_CHOICE(DLT_PPP, "PPP"),
|
|
|
|
DLT_CHOICE(DLT_FDDI, "FDDI"),
|
2005-05-27 23:32:20 +00:00
|
|
|
DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
|
2003-11-18 22:14:24 +00:00
|
|
|
DLT_CHOICE(DLT_RAW, "Raw IP"),
|
|
|
|
DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
|
|
|
|
DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
|
|
|
|
DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
|
|
|
|
DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
|
|
|
|
DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
|
2003-11-18 22:14:24 +00:00
|
|
|
DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
|
|
|
|
DLT_CHOICE(DLT_IEEE802_11, "802.11"),
|
|
|
|
DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
|
|
|
|
DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
|
|
|
|
DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
|
|
|
|
DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
|
|
|
|
DLT_CHOICE(DLT_LTALK, "Localtalk"),
|
|
|
|
DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
|
|
|
|
DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
|
|
|
|
DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
|
|
|
|
DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
|
2003-11-18 22:14:24 +00:00
|
|
|
DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
|
|
|
|
DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
|
|
|
|
DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
|
|
|
|
DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
|
|
|
|
DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
|
|
|
|
DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
|
2003-12-18 23:32:31 +00:00
|
|
|
DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
|
2003-11-18 22:14:24 +00:00
|
|
|
DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
|
2004-01-29 10:36:43 +00:00
|
|
|
DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
|
2006-09-25 18:16:55 +00:00
|
|
|
DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
|
|
|
|
DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
|
|
|
|
DLT_CHOICE(DLT_GPF_T, "GPF-T"),
|
|
|
|
DLT_CHOICE(DLT_GPF_F, "GPF-F"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
|
2005-02-08 20:03:15 +00:00
|
|
|
DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"),
|
|
|
|
DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
|
2006-09-25 18:16:55 +00:00
|
|
|
DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
|
2005-12-13 13:41:39 +00:00
|
|
|
DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
|
2006-09-25 18:16:55 +00:00
|
|
|
DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
|
|
|
|
DLT_CHOICE(DLT_A429, "Arinc 429"),
|
|
|
|
DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
|
2006-10-13 08:46:23 +00:00
|
|
|
DLT_CHOICE(DLT_USB, "USB"),
|
|
|
|
DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
|
2006-12-20 03:30:32 +00:00
|
|
|
DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
|
2006-10-13 08:46:23 +00:00
|
|
|
DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
|
|
|
|
DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
|
|
|
|
DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
|
|
|
|
DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
|
|
|
|
DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4"),
|
|
|
|
DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
|
|
|
|
DLT_CHOICE(DLT_ERF, "Endace ERF header"),
|
|
|
|
DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
|
|
|
|
DLT_CHOICE(DLT_IPMB, "IPMB"),
|
2007-09-10 20:17:18 +00:00
|
|
|
DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
|
2007-09-19 02:40:34 +00:00
|
|
|
DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
|
2007-10-05 01:40:14 +00:00
|
|
|
DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
|
2008-09-22 20:14:19 +00:00
|
|
|
DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
|
2008-12-21 19:28:56 +00:00
|
|
|
DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
|
2008-12-23 20:13:29 +00:00
|
|
|
DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
|
2002-12-19 09:05:45 +00:00
|
|
|
DLT_CHOICE_SENTINEL
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This array is designed for mapping upper and lower case letter
|
|
|
|
* together for a case independent comparison. The mappings are
|
|
|
|
* based upon ascii character sequences.
|
|
|
|
*/
|
|
|
|
static const u_char charmap[] = {
|
2003-01-03 08:34:46 +00:00
|
|
|
(u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
|
|
|
|
(u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
|
|
|
|
(u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
|
|
|
|
(u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
|
|
|
|
(u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
|
|
|
|
(u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
|
|
|
|
(u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
|
|
|
|
(u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
|
|
|
|
(u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
|
|
|
|
(u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
|
|
|
|
(u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
|
|
|
|
(u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
|
|
|
|
(u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
|
|
|
|
(u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
|
|
|
|
(u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
|
|
|
|
(u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
|
|
|
|
(u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
|
|
|
|
(u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
|
|
|
|
(u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
|
|
|
|
(u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
|
|
|
|
(u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
|
|
|
|
(u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
|
|
|
|
(u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
|
|
|
|
(u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
|
|
|
|
(u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
|
|
|
|
(u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
|
|
|
|
(u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
|
|
|
|
(u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
|
|
|
|
(u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
|
|
|
|
(u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
|
|
|
|
(u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
|
|
|
|
(u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
|
|
|
|
(u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
|
|
|
|
(u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
|
|
|
|
(u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
|
|
|
|
(u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
|
|
|
|
(u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
|
|
|
|
(u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
|
|
|
|
(u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
|
|
|
|
(u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
|
|
|
|
(u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
|
|
|
|
(u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
|
|
|
|
(u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
|
|
|
|
(u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
|
|
|
|
(u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
|
|
|
|
(u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
|
|
|
|
(u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
|
|
|
|
(u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
|
|
|
|
(u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
|
|
|
|
(u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
|
|
|
|
(u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
|
|
|
|
(u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
|
|
|
|
(u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
|
|
|
|
(u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
|
|
|
|
(u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
|
|
|
|
(u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
|
|
|
|
(u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
|
|
|
|
(u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
|
|
|
|
(u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
|
|
|
|
(u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
|
|
|
|
(u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
|
|
|
|
(u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
|
|
|
|
(u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
|
|
|
|
(u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
|
2002-12-19 09:05:45 +00:00
|
|
|
};
|
|
|
|
|
2003-03-11 06:23:52 +00:00
|
|
|
int
|
2002-12-19 09:05:45 +00:00
|
|
|
pcap_strcasecmp(const char *s1, const char *s2)
|
|
|
|
{
|
|
|
|
register const u_char *cm = charmap,
|
2007-06-11 10:04:24 +00:00
|
|
|
*us1 = (const u_char *)s1,
|
|
|
|
*us2 = (const u_char *)s2;
|
2002-12-19 09:05:45 +00:00
|
|
|
|
|
|
|
while (cm[*us1] == cm[*us2++])
|
|
|
|
if (*us1++ == '\0')
|
|
|
|
return(0);
|
|
|
|
return (cm[*us1] - cm[*--us2]);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_datalink_name_to_val(const char *name)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; dlt_choices[i].name != NULL; i++) {
|
|
|
|
if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
|
|
|
|
name) == 0)
|
|
|
|
return (dlt_choices[i].dlt);
|
|
|
|
}
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
const char *
|
|
|
|
pcap_datalink_val_to_name(int dlt)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; dlt_choices[i].name != NULL; i++) {
|
|
|
|
if (dlt_choices[i].dlt == dlt)
|
|
|
|
return (dlt_choices[i].name + sizeof("DLT_") - 1);
|
|
|
|
}
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
2003-11-18 22:14:24 +00:00
|
|
|
const char *
|
|
|
|
pcap_datalink_val_to_description(int dlt)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; dlt_choices[i].name != NULL; i++) {
|
|
|
|
if (dlt_choices[i].dlt == dlt)
|
|
|
|
return (dlt_choices[i].description);
|
|
|
|
}
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
1999-10-07 23:46:40 +00:00
|
|
|
int
|
|
|
|
pcap_snapshot(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->snapshot);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_is_swapped(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->sf.swapped);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_major_version(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->sf.version_major);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_minor_version(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->sf.version_minor);
|
|
|
|
}
|
|
|
|
|
|
|
|
FILE *
|
|
|
|
pcap_file(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->sf.rfile);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_fileno(pcap_t *p)
|
|
|
|
{
|
2002-08-01 08:33:01 +00:00
|
|
|
#ifndef WIN32
|
1999-10-07 23:46:40 +00:00
|
|
|
return (p->fd);
|
2002-08-01 08:33:01 +00:00
|
|
|
#else
|
|
|
|
if (p->adapter != NULL)
|
|
|
|
return ((int)(DWORD)p->adapter->hFile);
|
|
|
|
else
|
|
|
|
return (-1);
|
|
|
|
#endif
|
1999-10-07 23:46:40 +00:00
|
|
|
}
|
|
|
|
|
2004-12-18 08:52:08 +00:00
|
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
2003-11-21 10:19:33 +00:00
|
|
|
int
|
|
|
|
pcap_get_selectable_fd(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->selectable_fd);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
1999-10-07 23:46:40 +00:00
|
|
|
void
|
|
|
|
pcap_perror(pcap_t *p, char *prefix)
|
|
|
|
{
|
|
|
|
fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
|
|
|
pcap_geterr(pcap_t *p)
|
|
|
|
{
|
|
|
|
return (p->errbuf);
|
|
|
|
}
|
|
|
|
|
2001-12-09 05:10:02 +00:00
|
|
|
int
|
|
|
|
pcap_getnonblock(pcap_t *p, char *errbuf)
|
|
|
|
{
|
2003-11-20 02:02:38 +00:00
|
|
|
return p->getnonblock_op(p, errbuf);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the current non-blocking mode setting, under the assumption that
|
|
|
|
* it's just the standard POSIX non-blocking flag.
|
|
|
|
*
|
|
|
|
* We don't look at "p->nonblock", in case somebody tweaked the FD
|
|
|
|
* directly.
|
|
|
|
*/
|
2004-12-18 08:52:08 +00:00
|
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
2003-11-20 02:02:38 +00:00
|
|
|
int
|
|
|
|
pcap_getnonblock_fd(pcap_t *p, char *errbuf)
|
|
|
|
{
|
2001-12-09 05:10:02 +00:00
|
|
|
int fdflags;
|
|
|
|
|
|
|
|
fdflags = fcntl(p->fd, F_GETFL, 0);
|
|
|
|
if (fdflags == -1) {
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
if (fdflags & O_NONBLOCK)
|
|
|
|
return (1);
|
|
|
|
else
|
|
|
|
return (0);
|
|
|
|
}
|
2003-11-20 02:02:38 +00:00
|
|
|
#endif
|
2001-12-09 05:10:02 +00:00
|
|
|
|
|
|
|
int
|
|
|
|
pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
|
|
|
|
{
|
2003-11-20 02:02:38 +00:00
|
|
|
return p->setnonblock_op(p, nonblock, errbuf);
|
|
|
|
}
|
|
|
|
|
2004-12-18 08:52:08 +00:00
|
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
2003-11-20 02:02:38 +00:00
|
|
|
/*
|
|
|
|
* Set non-blocking mode, under the assumption that it's just the
|
|
|
|
* standard POSIX non-blocking flag. (This can be called by the
|
|
|
|
* per-platform non-blocking-mode routine if that routine also
|
|
|
|
* needs to do some additional work.)
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
|
|
|
|
{
|
2001-12-09 05:10:02 +00:00
|
|
|
int fdflags;
|
2003-11-20 01:21:25 +00:00
|
|
|
|
2001-12-09 05:10:02 +00:00
|
|
|
fdflags = fcntl(p->fd, F_GETFL, 0);
|
|
|
|
if (fdflags == -1) {
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
if (nonblock)
|
|
|
|
fdflags |= O_NONBLOCK;
|
|
|
|
else
|
|
|
|
fdflags &= ~O_NONBLOCK;
|
|
|
|
if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
|
|
|
|
pcap_strerror(errno));
|
|
|
|
return (-1);
|
|
|
|
}
|
2001-12-29 21:55:32 +00:00
|
|
|
return (0);
|
2001-12-09 05:10:02 +00:00
|
|
|
}
|
2003-11-20 02:02:38 +00:00
|
|
|
#endif
|
2001-12-09 05:10:02 +00:00
|
|
|
|
2002-08-01 08:33:01 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
/*
|
|
|
|
* Generate a string for the last Win32-specific error (i.e. an error generated when
|
|
|
|
* calling a Win32 API).
|
|
|
|
* For errors occurred during standard C calls, we still use pcap_strerror()
|
|
|
|
*/
|
|
|
|
char *
|
|
|
|
pcap_win32strerror(void)
|
|
|
|
{
|
|
|
|
DWORD error;
|
|
|
|
static char errbuf[PCAP_ERRBUF_SIZE+1];
|
|
|
|
int errlen;
|
2004-12-18 08:52:08 +00:00
|
|
|
char *p;
|
2002-08-01 08:33:01 +00:00
|
|
|
|
|
|
|
error = GetLastError();
|
|
|
|
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
|
|
|
|
PCAP_ERRBUF_SIZE, NULL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* "FormatMessage()" "helpfully" sticks CR/LF at the end of the
|
|
|
|
* message. Get rid of it.
|
|
|
|
*/
|
|
|
|
errlen = strlen(errbuf);
|
|
|
|
if (errlen >= 2) {
|
|
|
|
errbuf[errlen - 1] = '\0';
|
|
|
|
errbuf[errlen - 2] = '\0';
|
|
|
|
}
|
2004-12-18 08:52:08 +00:00
|
|
|
p = strchr(errbuf, '\0');
|
|
|
|
snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
|
2002-08-01 08:33:01 +00:00
|
|
|
return (errbuf);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
1999-10-07 23:46:40 +00:00
|
|
|
/*
|
2008-04-09 21:39:21 +00:00
|
|
|
* Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
|
1999-10-07 23:46:40 +00:00
|
|
|
*/
|
2007-06-11 10:04:24 +00:00
|
|
|
const char *
|
2008-04-09 21:39:21 +00:00
|
|
|
pcap_statustostr(int errnum)
|
1999-10-07 23:46:40 +00:00
|
|
|
{
|
2008-04-06 19:55:32 +00:00
|
|
|
static char ebuf[15+10+1];
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
switch (errnum) {
|
|
|
|
|
2008-04-09 21:39:21 +00:00
|
|
|
case PCAP_WARNING:
|
|
|
|
return("Generic warning");
|
|
|
|
|
|
|
|
case PCAP_WARNING_PROMISC_NOTSUP:
|
|
|
|
return ("That device doesn't support promiscuous mode");
|
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
case PCAP_ERROR:
|
2008-04-06 19:55:32 +00:00
|
|
|
return("Generic error");
|
1999-10-07 23:46:40 +00:00
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
case PCAP_ERROR_BREAK:
|
2008-04-06 19:55:32 +00:00
|
|
|
return("Loop terminated by pcap_breakloop");
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_NOT_ACTIVATED:
|
2008-04-06 19:55:32 +00:00
|
|
|
return("The pcap_t has not been activated");
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_ACTIVATED:
|
2008-04-06 19:55:32 +00:00
|
|
|
return ("The setting can't be changed after the pcap_t is activated");
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_NO_SUCH_DEVICE:
|
2008-04-06 19:55:32 +00:00
|
|
|
return ("No such device exists");
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_RFMON_NOTSUP:
|
2008-04-06 19:55:32 +00:00
|
|
|
return ("That device doesn't support monitor mode");
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_NOT_RFMON:
|
2008-04-06 19:55:32 +00:00
|
|
|
return ("That operation is supported only in monitor mode");
|
Add an error for "you don't have permission to open that device", as
that often means "sorry, this platform requires you to run as root or to
somehow tweak the system to give you capture privileges", and
applications might want to explain that in a way that does a better job
of letting the user know what they have to do.
Try to return or PCAP_ERROR_PERM_DENIED for open errors, rather than
just returning PCAP_ERROR, so that the application can, if it chooses,
try to explain the error better (as those two errors are the ones that
don't mean "there's probably some obscure OS or libpcap problem", but
mean, instead, "you made an error" or "you need to get permission to
capture").
Check for monitor mode *after* checking whether the device exists in the
first place; a non-existent device doesn't support monitor mode, but
that's because it doesn't, well, exist, and the latter would be a more
meaningful error.
Have pcap_open_live() supply an error message for return values other
than PCAP_ERROR, PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED -
those all supply error strings (PCAP_ERROR because it's for various OS
problems that might require debugging, and the other two because there
might be multiple causes).
2008-04-09 19:58:02 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_PERM_DENIED:
|
|
|
|
return ("You don't have permission to capture on that device");
|
2008-07-01 08:02:33 +00:00
|
|
|
|
|
|
|
case PCAP_ERROR_IFACE_NOT_UP:
|
|
|
|
return ("That device is not up");
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
}
|
2008-04-06 19:55:32 +00:00
|
|
|
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
|
|
|
|
return(ebuf);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Not all systems have strerror().
|
|
|
|
*/
|
|
|
|
const char *
|
|
|
|
pcap_strerror(int errnum)
|
|
|
|
{
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
#ifdef HAVE_STRERROR
|
2008-04-06 19:55:32 +00:00
|
|
|
return (strerror(errnum));
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
#else
|
2008-04-06 19:55:32 +00:00
|
|
|
extern int sys_nerr;
|
|
|
|
extern const char *const sys_errlist[];
|
|
|
|
static char ebuf[15+10+1];
|
|
|
|
|
|
|
|
if ((unsigned int)errnum < sys_nerr)
|
|
|
|
return ((char *)sys_errlist[errnum]);
|
2000-04-27 09:11:11 +00:00
|
|
|
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
|
1999-10-07 23:46:40 +00:00
|
|
|
return(ebuf);
|
2008-04-06 19:55:32 +00:00
|
|
|
#endif
|
1999-10-07 23:46:40 +00:00
|
|
|
}
|
|
|
|
|
2003-07-25 04:42:02 +00:00
|
|
|
int
|
|
|
|
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
|
|
|
|
{
|
|
|
|
return p->setfilter_op(p, fp);
|
|
|
|
}
|
|
|
|
|
2005-05-03 18:53:58 +00:00
|
|
|
/*
|
|
|
|
* Set direction flag, which controls whether we accept only incoming
|
|
|
|
* packets, only outgoing packets, or both.
|
|
|
|
* Note that, depending on the platform, some or all direction arguments
|
|
|
|
* might not be supported.
|
|
|
|
*/
|
|
|
|
int
|
2005-07-07 01:57:00 +00:00
|
|
|
pcap_setdirection(pcap_t *p, pcap_direction_t d)
|
2005-05-03 18:53:58 +00:00
|
|
|
{
|
|
|
|
if (p->setdirection_op == NULL) {
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
|
|
"Setting direction is not implemented on this platform");
|
|
|
|
return -1;
|
|
|
|
} else
|
|
|
|
return p->setdirection_op(p, d);
|
|
|
|
}
|
|
|
|
|
2003-07-25 04:04:56 +00:00
|
|
|
int
|
|
|
|
pcap_stats(pcap_t *p, struct pcap_stat *ps)
|
|
|
|
{
|
|
|
|
return p->stats_op(p, ps);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2004-12-19 20:02:45 +00:00
|
|
|
pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
|
2003-07-25 04:04:56 +00:00
|
|
|
{
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
|
|
"Statistics aren't available from a pcap_open_dead pcap_t");
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
2007-10-17 18:52:41 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
int
|
|
|
|
pcap_setbuff(pcap_t *p, int dim)
|
|
|
|
{
|
|
|
|
return p->setbuff_op(p, dim);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
pcap_setbuff_dead(pcap_t *p, int dim)
|
|
|
|
{
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
|
|
"The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_setmode(pcap_t *p, int mode)
|
|
|
|
{
|
|
|
|
return p->setmode_op(p, mode);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
pcap_setmode_dead(pcap_t *p, int mode)
|
|
|
|
{
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
|
|
"impossible to set mode on a pcap_open_dead pcap_t");
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_setmintocopy(pcap_t *p, int size)
|
|
|
|
{
|
2007-11-06 16:20:53 +00:00
|
|
|
return p->setmintocopy_op(p, size);
|
2007-10-17 18:52:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
pcap_setmintocopy_dead(pcap_t *p, int size)
|
|
|
|
{
|
|
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
|
|
"The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
/*
|
|
|
|
* On some platforms, we need to clean up promiscuous or monitor mode
|
|
|
|
* when we close a device - and we want that to happen even if the
|
|
|
|
* application just exits without explicitl closing devices.
|
|
|
|
* On those platforms, we need to register a "close all the pcaps"
|
|
|
|
* routine to be called when we exit, and need to maintain a list of
|
|
|
|
* pcaps that need to be closed to clean up modes.
|
|
|
|
*
|
|
|
|
* XXX - not thread-safe.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* List of pcaps on which we've done something that needs to be
|
|
|
|
* cleaned up.
|
|
|
|
* If there are any such pcaps, we arrange to call "pcap_close_all()"
|
|
|
|
* when we exit, and have it close all of them.
|
|
|
|
*/
|
|
|
|
static struct pcap *pcaps_to_close;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
|
|
|
|
* be called on exit.
|
|
|
|
*/
|
|
|
|
static int did_atexit;
|
|
|
|
|
|
|
|
static void
|
|
|
|
pcap_close_all(void)
|
|
|
|
{
|
|
|
|
struct pcap *handle;
|
|
|
|
|
|
|
|
while ((handle = pcaps_to_close) != NULL)
|
|
|
|
pcap_close(handle);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
pcap_do_addexit(pcap_t *p)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* If we haven't already done so, arrange to have
|
|
|
|
* "pcap_close_all()" called when we exit.
|
|
|
|
*/
|
|
|
|
if (!did_atexit) {
|
|
|
|
if (atexit(pcap_close_all) == -1) {
|
|
|
|
/*
|
|
|
|
* "atexit()" failed; let our caller know.
|
|
|
|
*/
|
|
|
|
strncpy(p->errbuf, "atexit failed",
|
|
|
|
PCAP_ERRBUF_SIZE);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
did_atexit = 1;
|
|
|
|
}
|
|
|
|
return (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
pcap_add_to_pcaps_to_close(pcap_t *p)
|
|
|
|
{
|
|
|
|
p->md.next = pcaps_to_close;
|
|
|
|
pcaps_to_close = p;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
pcap_remove_from_pcaps_to_close(pcap_t *p)
|
|
|
|
{
|
|
|
|
pcap_t *pc, *prevpc;
|
|
|
|
|
|
|
|
for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
|
|
|
|
prevpc = pc, pc = pc->md.next) {
|
|
|
|
if (pc == p) {
|
|
|
|
/*
|
|
|
|
* Found it. Remove it from the list.
|
|
|
|
*/
|
|
|
|
if (prevpc == NULL) {
|
|
|
|
/*
|
|
|
|
* It was at the head of the list.
|
|
|
|
*/
|
|
|
|
pcaps_to_close = pc->md.next;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* It was in the middle of the list.
|
|
|
|
*/
|
|
|
|
prevpc->md.next = pc->md.next;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-10-19 07:06:11 +00:00
|
|
|
void
|
2008-04-14 20:40:58 +00:00
|
|
|
pcap_cleanup_live_common(pcap_t *p)
|
2004-10-19 07:06:11 +00:00
|
|
|
{
|
2008-04-14 20:40:58 +00:00
|
|
|
if (p->buffer != NULL) {
|
2004-10-19 07:06:11 +00:00
|
|
|
free(p->buffer);
|
2008-04-14 20:40:58 +00:00
|
|
|
p->buffer = NULL;
|
|
|
|
}
|
|
|
|
if (p->dlt_list != NULL) {
|
|
|
|
free(p->dlt_list);
|
|
|
|
p->dlt_list = NULL;
|
|
|
|
p->dlt_count = 0;
|
|
|
|
}
|
|
|
|
pcap_freecode(&p->fcode);
|
2004-12-18 08:52:08 +00:00
|
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
2008-04-14 20:40:58 +00:00
|
|
|
if (p->fd >= 0) {
|
2004-10-19 07:06:11 +00:00
|
|
|
close(p->fd);
|
2008-04-14 20:40:58 +00:00
|
|
|
p->fd = -1;
|
|
|
|
}
|
2004-12-17 20:41:59 +00:00
|
|
|
#endif
|
2004-10-19 07:06:11 +00:00
|
|
|
}
|
|
|
|
|
2003-07-25 03:25:45 +00:00
|
|
|
static void
|
2008-04-14 20:40:58 +00:00
|
|
|
pcap_cleanup_dead(pcap_t *p _U_)
|
2003-07-25 03:25:45 +00:00
|
|
|
{
|
|
|
|
/* Nothing to do. */
|
|
|
|
}
|
|
|
|
|
2000-06-26 04:58:04 +00:00
|
|
|
pcap_t *
|
|
|
|
pcap_open_dead(int linktype, int snaplen)
|
|
|
|
{
|
|
|
|
pcap_t *p;
|
|
|
|
|
|
|
|
p = malloc(sizeof(*p));
|
|
|
|
if (p == NULL)
|
|
|
|
return NULL;
|
|
|
|
memset (p, 0, sizeof(*p));
|
|
|
|
p->snapshot = snaplen;
|
|
|
|
p->linktype = linktype;
|
2003-07-25 04:04:56 +00:00
|
|
|
p->stats_op = pcap_stats_dead;
|
2007-10-17 18:52:41 +00:00
|
|
|
#ifdef WIN32
|
|
|
|
p->setbuff_op = pcap_setbuff_dead;
|
|
|
|
p->setmode_op = pcap_setmode_dead;
|
|
|
|
p->setmintocopy_op = pcap_setmintocopy_dead;
|
|
|
|
#endif
|
2008-04-14 20:40:58 +00:00
|
|
|
p->cleanup_op = pcap_cleanup_dead;
|
From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
2008-04-04 19:37:44 +00:00
|
|
|
p->activated = 1;
|
2000-06-26 04:58:04 +00:00
|
|
|
return p;
|
|
|
|
}
|
|
|
|
|
2004-03-23 19:18:04 +00:00
|
|
|
/*
|
|
|
|
* API compatible with WinPcap's "send a packet" routine - returns -1
|
|
|
|
* on error, 0 otherwise.
|
|
|
|
*
|
|
|
|
* XXX - what if we get a short write?
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
|
|
|
|
{
|
|
|
|
if (p->inject_op(p, buf, size) == -1)
|
|
|
|
return (-1);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* API compatible with OpenBSD's "send a packet" routine - returns -1 on
|
|
|
|
* error, number of bytes written otherwise.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
pcap_inject(pcap_t *p, const void *buf, size_t size)
|
|
|
|
{
|
|
|
|
return (p->inject_op(p, buf, size));
|
|
|
|
}
|
|
|
|
|
1999-10-07 23:46:40 +00:00
|
|
|
void
|
|
|
|
pcap_close(pcap_t *p)
|
|
|
|
{
|
2008-04-14 20:40:58 +00:00
|
|
|
if (p->opt.source != NULL)
|
|
|
|
free(p->opt.source);
|
|
|
|
p->cleanup_op(p);
|
1999-10-07 23:46:40 +00:00
|
|
|
free(p);
|
|
|
|
}
|
2003-02-11 07:40:09 +00:00
|
|
|
|
2008-05-13 15:19:56 +00:00
|
|
|
/*
|
|
|
|
* Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
|
|
|
|
* data for the packet, check whether the packet passes the filter.
|
|
|
|
* Returns the return value of the filter program, which will be zero if
|
|
|
|
* the packet doesn't pass and non-zero if the packet does pass.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
pcap_offline_filter(struct bpf_program *fp, const struct pcap_pkthdr *h,
|
|
|
|
const u_char *pkt)
|
|
|
|
{
|
|
|
|
struct bpf_insn *fcode = fp->bf_insns;
|
|
|
|
|
|
|
|
if (fcode != NULL)
|
|
|
|
return (bpf_filter(fcode, pkt, h->len, h->caplen));
|
|
|
|
else
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2003-02-11 07:40:09 +00:00
|
|
|
/*
|
At least on SunOS 5.x, Digital UNIX 4.0, AIX 4.3, FreeBSD 3.4, some
version of Red Hat Linux, HP-UX 11.00, and MacOS X 10.1, if a string in
a shared library is static, and returned by a function in that library,
the return value of that function, when called from a program, will
reflect the contents of the string in the version of the shared library
with which the program is running, not the version with which it's
linked.
Therefore we can just generate a definition of the version string and
put it into "version.h", which means that VERSION can contain any string
(as long as " and \ are escaped with \) rather than having to be N.M or
N.M.MM.
2003-02-13 07:54:59 +00:00
|
|
|
* We make the version string static, and return a pointer to it, rather
|
|
|
|
* than exporting the version string directly. On at least some UNIXes,
|
|
|
|
* if you import data from a shared library into an program, the data is
|
|
|
|
* bound into the program binary, so if the string in the version of the
|
|
|
|
* library with which the program was linked isn't the same as the
|
|
|
|
* string in the version of the library with which the program is being
|
|
|
|
* run, various undesirable things may happen (warnings, the string
|
|
|
|
* being the one from the version of the library with which the program
|
|
|
|
* was linked, or even weirder things, such as the string being the one
|
|
|
|
* from the library but being truncated).
|
2003-02-11 07:40:09 +00:00
|
|
|
*/
|
2004-12-17 23:25:36 +00:00
|
|
|
#ifdef HAVE_VERSION_H
|
|
|
|
#include "version.h"
|
|
|
|
#else
|
2008-12-14 19:36:02 +00:00
|
|
|
static const char pcap_version_string[] = "libpcap version 1.x.y";
|
2004-12-17 23:25:36 +00:00
|
|
|
#endif
|
|
|
|
|
2003-02-11 07:50:03 +00:00
|
|
|
#ifdef WIN32
|
At least on SunOS 5.x, Digital UNIX 4.0, AIX 4.3, FreeBSD 3.4, some
version of Red Hat Linux, HP-UX 11.00, and MacOS X 10.1, if a string in
a shared library is static, and returned by a function in that library,
the return value of that function, when called from a program, will
reflect the contents of the string in the version of the shared library
with which the program is running, not the version with which it's
linked.
Therefore we can just generate a definition of the version string and
put it into "version.h", which means that VERSION can contain any string
(as long as " and \ are escaped with \) rather than having to be N.M or
N.M.MM.
2003-02-13 07:54:59 +00:00
|
|
|
/*
|
2003-06-07 10:26:04 +00:00
|
|
|
* XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
|
|
|
|
* version numbers when building WinPcap. (It'd be nice to do so for
|
|
|
|
* the packet.dll version number as well.)
|
At least on SunOS 5.x, Digital UNIX 4.0, AIX 4.3, FreeBSD 3.4, some
version of Red Hat Linux, HP-UX 11.00, and MacOS X 10.1, if a string in
a shared library is static, and returned by a function in that library,
the return value of that function, when called from a program, will
reflect the contents of the string in the version of the shared library
with which the program is running, not the version with which it's
linked.
Therefore we can just generate a definition of the version string and
put it into "version.h", which means that VERSION can contain any string
(as long as " and \ are escaped with \) rather than having to be N.M or
N.M.MM.
2003-02-13 07:54:59 +00:00
|
|
|
*/
|
2007-06-22 06:45:54 +00:00
|
|
|
static const char wpcap_version_string[] = "4.0";
|
2003-06-07 10:26:04 +00:00
|
|
|
static const char pcap_version_string_fmt[] =
|
2004-12-17 23:25:36 +00:00
|
|
|
"WinPcap version %s, based on %s";
|
2003-06-07 10:26:04 +00:00
|
|
|
static const char pcap_version_string_packet_dll_fmt[] =
|
2004-12-17 23:25:36 +00:00
|
|
|
"WinPcap version %s (packet.dll version %s), based on %s";
|
|
|
|
static char *full_pcap_version_string;
|
2003-06-07 10:26:04 +00:00
|
|
|
|
|
|
|
const char *
|
|
|
|
pcap_lib_version(void)
|
|
|
|
{
|
|
|
|
char *packet_version_string;
|
2004-12-17 23:25:36 +00:00
|
|
|
size_t full_pcap_version_string_len;
|
2003-06-07 10:26:04 +00:00
|
|
|
|
2004-12-17 23:25:36 +00:00
|
|
|
if (full_pcap_version_string == NULL) {
|
2003-06-07 10:26:04 +00:00
|
|
|
/*
|
|
|
|
* Generate the version string.
|
|
|
|
*/
|
|
|
|
packet_version_string = PacketGetVersion();
|
|
|
|
if (strcmp(wpcap_version_string, packet_version_string) == 0) {
|
|
|
|
/*
|
|
|
|
* WinPcap version string and packet.dll version
|
|
|
|
* string are the same; just report the WinPcap
|
|
|
|
* version.
|
|
|
|
*/
|
2004-12-17 23:25:36 +00:00
|
|
|
full_pcap_version_string_len =
|
|
|
|
(sizeof pcap_version_string_fmt - 4) +
|
|
|
|
strlen(wpcap_version_string) +
|
|
|
|
strlen(pcap_version_string);
|
|
|
|
full_pcap_version_string =
|
|
|
|
malloc(full_pcap_version_string_len);
|
|
|
|
sprintf(full_pcap_version_string,
|
|
|
|
pcap_version_string_fmt, wpcap_version_string,
|
|
|
|
pcap_version_string);
|
2003-06-07 10:26:04 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* WinPcap version string and packet.dll version
|
|
|
|
* string are different; that shouldn't be the
|
|
|
|
* case (the two libraries should come from the
|
|
|
|
* same version of WinPcap), so we report both
|
|
|
|
* versions.
|
|
|
|
*/
|
2004-12-19 20:02:45 +00:00
|
|
|
full_pcap_version_string_len =
|
2004-12-17 23:25:36 +00:00
|
|
|
(sizeof pcap_version_string_packet_dll_fmt - 6) +
|
2003-06-07 10:26:04 +00:00
|
|
|
strlen(wpcap_version_string) +
|
2004-12-17 23:25:36 +00:00
|
|
|
strlen(packet_version_string) +
|
|
|
|
strlen(pcap_version_string);
|
2004-12-19 20:02:45 +00:00
|
|
|
full_pcap_version_string = malloc(full_pcap_version_string_len);
|
|
|
|
|
2004-12-17 23:25:36 +00:00
|
|
|
sprintf(full_pcap_version_string,
|
2003-06-07 10:26:04 +00:00
|
|
|
pcap_version_string_packet_dll_fmt,
|
2004-12-17 23:25:36 +00:00
|
|
|
wpcap_version_string, packet_version_string,
|
|
|
|
pcap_version_string);
|
2003-06-07 10:26:04 +00:00
|
|
|
}
|
|
|
|
}
|
2004-12-17 23:25:36 +00:00
|
|
|
return (full_pcap_version_string);
|
2003-06-07 10:26:04 +00:00
|
|
|
}
|
2004-12-18 08:52:08 +00:00
|
|
|
|
|
|
|
#elif defined(MSDOS)
|
|
|
|
|
|
|
|
static char *full_pcap_version_string;
|
|
|
|
|
|
|
|
const char *
|
|
|
|
pcap_lib_version (void)
|
|
|
|
{
|
|
|
|
char *packet_version_string;
|
|
|
|
size_t full_pcap_version_string_len;
|
|
|
|
static char dospfx[] = "DOS-";
|
|
|
|
|
|
|
|
if (full_pcap_version_string == NULL) {
|
|
|
|
/*
|
|
|
|
* Generate the version string.
|
|
|
|
*/
|
|
|
|
full_pcap_version_string_len =
|
|
|
|
sizeof dospfx + strlen(pcap_version_string);
|
|
|
|
full_pcap_version_string =
|
|
|
|
malloc(full_pcap_version_string_len);
|
|
|
|
strcpy(full_pcap_version_string, dospfx);
|
|
|
|
strcat(full_pcap_version_string, pcap_version_string);
|
|
|
|
}
|
|
|
|
return (full_pcap_version_string);
|
|
|
|
}
|
|
|
|
|
|
|
|
#else /* UN*X */
|
|
|
|
|
At least on SunOS 5.x, Digital UNIX 4.0, AIX 4.3, FreeBSD 3.4, some
version of Red Hat Linux, HP-UX 11.00, and MacOS X 10.1, if a string in
a shared library is static, and returned by a function in that library,
the return value of that function, when called from a program, will
reflect the contents of the string in the version of the shared library
with which the program is running, not the version with which it's
linked.
Therefore we can just generate a definition of the version string and
put it into "version.h", which means that VERSION can contain any string
(as long as " and \ are escaped with \) rather than having to be N.M or
N.M.MM.
2003-02-13 07:54:59 +00:00
|
|
|
const char *
|
|
|
|
pcap_lib_version(void)
|
|
|
|
{
|
|
|
|
return (pcap_version_string);
|
2003-02-11 07:40:09 +00:00
|
|
|
}
|
2003-06-07 10:26:04 +00:00
|
|
|
#endif
|