dect
/
libpcap
Archived
13
0
Fork 0
Code Releases Activity

Get rid of the PCAP_ENCAP_ values - if an application uses them, that 

application won't build with any other version of libpcap, which means
that a lot of applications won't use them.  In addition,
"pcap_linktype()" needs to return DLT_ values, so that platforms that
build libpcap as a shared library won't break binary compatibility if
they update to this version of libpcap.

Instead, we map from DLT_ values to LINKTYPE_ values when writing
savefiles, and map from LINKTYPE_ values to DLT_ values when reading
savefiles, so that savefiles don't have platform-dependent DLT_ values
in the header as the link type, they have platform-independent LINKTYPE_
values.

This means we don't need to make DLT_ATM_RFC1483, DLT_RAW, etc. have
platform-independent values starting at 100 - only the values in the
savefile header need to be like that.
This commit is contained in:
guy 2000-10-12 03:53:57 +00:00
parent f7179f8b0d
commit 2c961ff224
12 changed files with 353 additions and 360 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
bpf/net/bpf.h
View File

@ -37,7 +37,7 @@
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/Attic/bpf.h,v 1.39 2000-09-17 04:04:39 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/Attic/bpf.h,v 1.40 2000-10-12 03:54:02 guy Exp $ (LBL)
*/
#ifndef BPF_MAJOR_VERSION
@ -160,6 +160,9 @@ struct bpf_hdr {
/*
* Data-link level type codes.
*/
/*
* These are the types that are the same on all platforms; on other
* platforms, a <net/bpf.h> should be supplied that defines the additional
* DLT_* codes appropriately for that platform (the BSDs, for example,
@ -178,40 +181,57 @@ struct bpf_hdr {
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
/*
* These are values from the traditional libpcap "bpf.h".
* Ports of this to particular platforms should replace these definitions
* with the ones appropriate to that platform, if the values are
* different on that platform.
*/
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_RAW 12 /* raw IP */
/*
* These are values from BSD/OS's "bpf.h".
* These are not the same as the values from the traditional libpcap
* "bpf.h"; however, these values shouldn't be generated by any
* OS other than BSD/OS, so the correct values to use here are the
* BSD/OS values.
*
* Platforms that have already assigned these values to other
* DLT_ codes, however, should give these codes the values
* from that platform, so that programs that use these codes will
* continue to compile - even though they won't correctly read
* files of these types.
*/
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* These are the values that were traditionally defined in <net/bpf.h>,
* but that are not the same on all platforms; if they are not already
* defined (e.g., defined above because this is a BSD that defines them
* for use in its kernel), we define them to have the appropriate
* PCAP_ENCAP_* value from <pcap.h>, so that programs using those DLT_
* codes will continue to compile and will be able to read capture files
* from the current version of libpcap.
* This value is defined by NetBSD; other platforms should refrain from
* using it for other purposes, so that NetBSD savefiles with a link
* type of 50 can be read as this type on all platforms.
*/
#ifndef DLT_ATM_RFC1483
#define DLT_ATM_RFC1483 100 /* LLC/SNAP encapsulated atm */
#endif
#ifndef DLT_RAW
#define DLT_RAW 101 /* raw IP */
#endif
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
/*
* NOTE: these two values were defined by LBL libpcap, but with values
* that didn't seem to correspond to the values that were used in BSD/OS;
* neither of them are, as far as I know, used in any kernel, so they
* should not be defined above. We therefore don't bother checking to
* see if they're already defined.
* This value was defined by libpcap 0.5; platforms that have defined
* it with a different value should define it here with that value -
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
* whatever value that happens to be, so programs will correctly
* handle files with that link type regardless of the value of
* DLT_C_HDLC.
*
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
* compatibility with programs written for BSD/OS.
*
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
* for source compatibility with programs written for libpcap 0.5.
*/
#define DLT_SLIP_BSDOS 102 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 103 /* BSD/OS Point-to-point Protocol */
/*
* This value was defined by libpcap 0.5; we now use it as a DLT_* value
* solely for backwards compatibility - new programs should use
* PCAP_ENCAP_C_HDLC instead.
*/
#define DLT_CHDLC 104 /* Cisco HDLC */
#define DLT_C_HDLC 104 /* Cisco HDLC */
#define DLT_CHDLC DLT_C_HDLC
/*
* The instruction encondings.

141
gencode.c
View File

@ -21,7 +21,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.121 2000-10-10 04:53:08 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.122 2000-10-12 03:53:57 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -539,79 +539,16 @@ static void
init_linktype(type)
int type;
{
/*
* Map DLT_ codes that don't have the same value as the
* equivalent PCAP_ENCAP_ codes to the corresponding PCAP_ENCAP_
* code.
*
* Even though "pcap_open_live()" in "pcap-bpf.c" does a
* similar mapping, we do that mapping here as well, to
* handle filters constructed for savefiles.
*
* XXX - should we do this mapping in "savefile.c"? Doing so
* might cause programs that read one or more capture files
* and write another capture file with the same type as
* the input file(s) to use PCAP_ENCAP_ values that aren't
* supported by the libpcap on the system that wrote the original
* capture file, so we might not want to do that.
*/
linktype = type;
switch (type) {
#ifdef DLT_ATM_RFC1483
case DLT_ATM_RFC1483:
linktype = PCAP_ENCAP_ATM_RFC1483;
break;
#endif
#ifdef DLT_RAW
case DLT_RAW:
linktype = PCAP_ENCAP_RAW;
break;
#endif
#ifdef DLT_SLIP_BSDOS
case DLT_SLIP_BSDOS:
linktype = PCAP_ENCAP_SLIP_BSDOS;
break;
#endif
#ifdef DLT_PPP_BSDOS
case DLT_PPP_BSDOS:
linktype = PCAP_ENCAP_PPP_BSDOS;
break;
#endif
#ifdef DLT_CIP
case DLT_CIP:
linktype = PCAP_ENCAP_ATM_CLIP;
break;
#endif
#ifdef DLT_ATM_CLIP
case DLT_ATM_CLIP:
linktype = PCAP_ENCAP_ATM_CLIP;
break;
#endif
#ifdef DLT_PPP_SERIAL
case DLT_PPP_SERIAL:
linktype = PCAP_ENCAP_PPP_HDLC;
break;
#endif
default:
linktype = type;
break;
}
switch (linktype) {
case PCAP_ENCAP_ETHERNET:
case DLT_EN10MB:
off_linktype = 12;
off_nl = 14;
return;
case PCAP_ENCAP_SLIP:
case DLT_SLIP:
/*
* SLIP doesn't have a link level type. The 16 byte
* header is hacked into our SLIP driver.
@ -620,31 +557,31 @@ init_linktype(type)
off_nl = 16;
return;
case PCAP_ENCAP_SLIP_BSDOS:
/* XXX this may be the same as the PCAP_ENCAP_PPP_BSDOS case */
case DLT_SLIP_BSDOS:
/* XXX this may be the same as the DLT_PPP_BSDOS case */
off_linktype = -1;
/* XXX end */
off_nl = 24;
return;
case PCAP_ENCAP_NULL:
case DLT_NULL:
off_linktype = 0;
off_nl = 4;
return;
case PCAP_ENCAP_PPP:
case PCAP_ENCAP_C_HDLC:
case PCAP_ENCAP_PPP_HDLC:
case DLT_PPP:
case DLT_C_HDLC:
case DLT_PPP_SERIAL:
off_linktype = 2;
off_nl = 4;
return;
case PCAP_ENCAP_PPP_BSDOS:
case DLT_PPP_BSDOS:
off_linktype = 5;
off_nl = 24;
return;
case PCAP_ENCAP_FDDI:
case DLT_FDDI:
/*
* FDDI doesn't really have a link-level type field.
* We assume that SSAP = SNAP is being used and pick
@ -662,7 +599,7 @@ init_linktype(type)
#endif
return;
case PCAP_ENCAP_TOKEN_RING:
case DLT_IEEE802:
/*
* Token Ring doesn't really have a link-level type field.
* We assume that SSAP = SNAP is being used and pick
@ -689,7 +626,7 @@ init_linktype(type)
off_nl = 22;
return;
case PCAP_ENCAP_ATM_RFC1483:
case DLT_ATM_RFC1483:
/*
* assume routed, non-ISO PDUs
* (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
@ -698,12 +635,12 @@ init_linktype(type)
off_nl = 8;
return;
case PCAP_ENCAP_RAW:
case DLT_RAW:
off_linktype = -1;
off_nl = 0;
return;
case PCAP_ENCAP_ATM_CLIP:
case DLT_ATM_CLIP: /* Linux ATM defines this */
off_linktype = 6;
off_nl = 8;
return;
@ -751,11 +688,11 @@ gen_linktype(proto)
switch (linktype) {
case PCAP_ENCAP_SLIP:
case DLT_SLIP:
return gen_false();
case PCAP_ENCAP_PPP:
case PCAP_ENCAP_PPP_HDLC:
case DLT_PPP:
case DLT_PPP_SERIAL:
if (proto == ETHERTYPE_IP)
proto = PPP_IP; /* XXX was 0x21 */
#ifdef INET6
@ -764,7 +701,7 @@ gen_linktype(proto)
#endif
break;
case PCAP_ENCAP_PPP_BSDOS:
case DLT_PPP_BSDOS:
switch (proto) {
case ETHERTYPE_IP:
@ -796,7 +733,7 @@ gen_linktype(proto)
}
break;
case PCAP_ENCAP_NULL:
case DLT_NULL:
/* XXX */
if (proto == ETHERTYPE_IP)
return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
@ -938,7 +875,7 @@ gen_ehostop(eaddr, dir)
}
/*
* Like gen_ehostop, but for PCAP_ENCAP_FDDI
* Like gen_ehostop, but for DLT_FDDI
*/
static struct block *
gen_fhostop(eaddr, dir)
@ -980,7 +917,7 @@ gen_fhostop(eaddr, dir)
}
/*
* Like gen_ehostop, but for PCAP_ENCAP_TOKEN_RING
* Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
*/
static struct block *
gen_thostop(eaddr, dir)
@ -1286,11 +1223,11 @@ gen_gateway(eaddr, alist, proto, dir)
case Q_IP:
case Q_ARP:
case Q_RARP:
if (linktype == PCAP_ENCAP_ETHERNET)
if (linktype == DLT_EN10MB)
b0 = gen_ehostop(eaddr, Q_OR);
else if (linktype == PCAP_ENCAP_FDDI)
else if (linktype == DLT_FDDI)
b0 = gen_fhostop(eaddr, Q_OR);
else if (linktype == PCAP_ENCAP_TOKEN_RING)
else if (linktype == DLT_IEEE802)
b0 = gen_thostop(eaddr, Q_OR);
else
bpf_error(
@ -2142,21 +2079,21 @@ gen_scode(name, q)
if (proto == Q_LINK) {
switch (linktype) {
case PCAP_ENCAP_ETHERNET:
case DLT_EN10MB:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
bpf_error(
"unknown ether host '%s'", name);
return gen_ehostop(eaddr, dir);
case PCAP_ENCAP_FDDI:
case DLT_FDDI:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
bpf_error(
"unknown FDDI host '%s'", name);
return gen_fhostop(eaddr, dir);
case PCAP_ENCAP_TOKEN_RING:
case DLT_IEEE802:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
bpf_error(
@ -2495,11 +2432,11 @@ gen_ecode(eaddr, q)
struct qual q;
{
if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
if (linktype == PCAP_ENCAP_ETHERNET)
if (linktype == DLT_EN10MB)
return gen_ehostop(eaddr, (int)q.dir);
if (linktype == PCAP_ENCAP_FDDI)
if (linktype == DLT_FDDI)
return gen_fhostop(eaddr, (int)q.dir);
if (linktype == PCAP_ENCAP_TOKEN_RING)
if (linktype == DLT_IEEE802)
return gen_thostop(eaddr, (int)q.dir);
}
bpf_error("ethernet address used in non-ether expression");
@ -2894,11 +2831,11 @@ gen_broadcast(proto)
case Q_DEFAULT:
case Q_LINK:
if (linktype == PCAP_ENCAP_ETHERNET)
if (linktype == DLT_EN10MB)
return gen_ehostop(ebroadcast, Q_DST);
if (linktype == PCAP_ENCAP_FDDI)
if (linktype == DLT_FDDI)
return gen_fhostop(ebroadcast, Q_DST);
if (linktype == PCAP_ENCAP_TOKEN_RING)
if (linktype == DLT_IEEE802)
return gen_thostop(ebroadcast, Q_DST);
bpf_error("not a broadcast link");
break;
@ -2927,7 +2864,7 @@ gen_multicast(proto)
case Q_DEFAULT:
case Q_LINK:
if (linktype == PCAP_ENCAP_ETHERNET) {
if (linktype == DLT_EN10MB) {
/* ether[0] & 1 != 0 */
s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
s->s.k = 0;
@ -2937,7 +2874,7 @@ gen_multicast(proto)
return b0;
}
if (linktype == PCAP_ENCAP_FDDI) {
if (linktype == DLT_FDDI) {
/* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
/* fddi[1] & 1 != 0 */
s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
@ -2949,7 +2886,7 @@ gen_multicast(proto)
}
/* TODO - check how token ring handles multicast */
/* if (linktype == PCAP_ENCAP_TOKEN_RING) ... */
/* if (linktype == DLT_IEEE802) ... */
/* Link not known to support multicasts */
break;

103
pcap-bpf.c
View File

@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.42 2000-09-18 06:38:08 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.43 2000-10-12 03:53:58 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -235,97 +235,40 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
pcap_strerror(errno));
goto bad;
}
#ifdef __OpenBSD__
switch (v) {
case DLT_LOOP:
/*
* XXX - DLT_LOOP has a network-byte-order, rather than
* a host-byte-order, AF_ value as the link-layer
* header; will the BPF code generator handle that
* correctly on little-endian machines?
*/
v = DLT_NULL;
break;
}
#endif
#if _BSDI_VERSION - 0 >= 199510
/* The SLIP and PPP link layer header changed in BSD/OS 2.1 */
switch (v) {
case DLT_NULL:
case DLT_EN10MB:
case DLT_EN3MB:
case DLT_AX25:
case DLT_PRONET:
case DLT_CHAOS:
case DLT_IEEE802:
case DLT_ARCNET:
case DLT_FDDI:
/*
* These DLT_* types have PCAP_ENCAP_* types with values
* identical to the values of the corresponding DLT_*
* type.
*/
break;
case DLT_ATM_RFC1483:
v = PCAP_ENCAP_ATM_RFC1483;
break;
case DLT_RAW:
v = PCAP_ENCAP_RAW;
break;
case DLT_SLIP:
#if _BSDI_VERSION - 0 >= 199510
/*
* The SLIP link layer header changed in BSD/OS 2.1;
* however, BSD/OS apparently continued to use DLT_SLIP
* as the DLT_* type for it - we map it to DLT_SLIP_BSDOS,
* so that BSD/OS 2.1 and later SLIP captures can be
* distinguished from other SLIP captures.
*/
v = PCAP_ENCAP_SLIP_BSDOS;
#else
/*
* DLT_SLIP and PCAP_ENCAP_SLIP have the same value.
*/
#endif
v = DLT_SLIP_BSDOS;
break;
case DLT_PPP:
#if _BSDI_VERSION - 0 >= 199510
/*
* The PPP link layer header changed in BSD/OS 2.1;
* however, BSD/OS apparently continued to use DLT_PPP
* as the DLT_* type for it - we map it to DLT_PPP_BSDOS,
* so that BSD/OS 2.1 and later SLIP captures can be
* distinguished from other SLIP captures.
*/
v = PCAP_ENCAP_PPP_BSDOS;
#else
/*
* DLT_PPP and PCAP_ENCAP_PPP have the same value.
*/
#endif
v = DLT_PPP_BSDOS;
break;
#ifdef DLT_FR
case DLT_FR:
/* BSD/OS Frame Relay */
v = PCAP_ENCAP_RAW; /*XXX*/
case 11: /*DLT_FR*/
v = DLT_RAW; /*XXX*/
break;
#endif
#ifdef DLT_C_HDLC
case DLT_C_HDLC:
/* BSD/OS Cisco HDLC */
v = PCAP_ENCAP_C_HDLC;
case 12: /*DLT_C_HDLC*/
v = DLT_CHDLC;
break;
#endif
#ifdef DLT_PPP_SERIAL
case DLT_PPP_SERIAL:
/* NetBSD sync/async serial PPP (or Cisco HDLC) */
v = PCAP_ENCAP_PPP_HDLC;
break;
#endif
default:
/*
* We don't know what this is; we'd need to add a
* PCAP_ENCAP_* type for it, and would probably
* need to add libpcap and tcpdump support for it
* as well.
*/
snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown DLT_ type %u", v);
goto bad;
}
#endif
p->linktype = v;
/* set timeout */

6
pcap-dlpi.c
View File

@ -38,7 +38,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.60 2000-09-17 04:04:37 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.61 2000-10-12 03:53:58 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -439,12 +439,12 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
case DL_CSMACD:
case DL_ETHER:
p->linktype = PCAP_ENCAP_ETHERNET;
p->linktype = DLT_EN10MB;
p->offset = 2;
break;
case DL_FDDI:
p->linktype = PCAP_ENCAP_FDDI;
p->linktype = DLT_FDDI;
p->offset = 3;
break;

4
pcap-enet.c
View File

@ -8,7 +8,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.4 2000-09-17 04:04:37 guy Exp $";
"@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.5 2000-10-12 03:53:59 guy Exp $";
#endif
#ifdef HAVE_CONFIG_H
@ -229,7 +229,7 @@ initdevice(char *device, int pflag, int *linktype)
/*
* "enetfilter" supports only ethernets.
*/
*linktype = PCAP_ENCAP_ETHERNET;
*linktype = DLT_EN10MB;
return(if_fd);
}

47
pcap-linux.c
View File

@ -26,7 +26,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.30 2000-09-20 15:10:29 torsten Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.31 2000-10-12 03:53:59 guy Exp $ (LBL)";
#endif
/*
@ -459,11 +459,9 @@ pcap_setfilter(pcap_t *handle, struct bpf_program *filter)
/*
* Linux uses the ARP hardware type to identify the type of an
* interface. pcap uses the PCAP_ENCAP_xxx constants for this. This
* interface. pcap uses the DLT_xxx constants for this. This
* function maps the ARPHRD_xxx constant to an appropriate
* PCAP_ENCAP__xxx constant.
* FIXME: This function is inappropriately named after the namechange
* DLT -> PCAP_ENCAP.
* DLT_xxx constant.
*
* Returns -1 if unable to map the type.
*/
@ -472,42 +470,25 @@ static int map_arphrd_to_dlt(int arptype)
switch (arptype) {
case ARPHRD_ETHER:
case ARPHRD_METRICOM:
case ARPHRD_LOOPBACK:
return PCAP_ENCAP_ETHERNET;
case ARPHRD_EETHER:
return PCAP_ENCAP_EXP_ETHERNET;
case ARPHRD_AX25:
return PCAP_ENCAP_AX25;
case ARPHRD_PRONET:
return PCAP_ENCAP_PRONET;
case ARPHRD_CHAOS:
return PCAP_ENCAP_CHAOS;
case ARPHRD_IEEE802:
return PCAP_ENCAP_TOKEN_RING;
case ARPHRD_ARCNET:
return PCAP_ENCAP_ARCNET;
case ARPHRD_FDDI:
return PCAP_ENCAP_FDDI;
case ARPHRD_LOOPBACK: return DLT_EN10MB;
case ARPHRD_EETHER: return DLT_EN3MB;
case ARPHRD_AX25: return DLT_AX25;
case ARPHRD_PRONET: return DLT_PRONET;
case ARPHRD_CHAOS: return DLT_CHAOS;
case ARPHRD_IEEE802: return DLT_IEEE802;
case ARPHRD_ARCNET: return DLT_ARCNET;
case ARPHRD_FDDI: return DLT_FDDI;
#ifndef ARPHRD_ATM /* FIXME: How to #include this? */
#define ARPHRD_ATM 19
#endif
case ARPHRD_ATM:
return PCAP_ENCAP_ATM_CLIP;
case ARPHRD_ATM: return DLT_ATM_CLIP;
case ARPHRD_PPP:
case ARPHRD_CSLIP:
case ARPHRD_SLIP6:
case ARPHRD_CSLIP6:
case ARPHRD_SLIP:
return PCAP_ENCAP_RAW;
case ARPHRD_SLIP: return DLT_RAW;
}
return -1;
@ -580,7 +561,7 @@ live_open_new(pcap_t *handle, char *device, int promisc,
fprintf(stderr,
"Warning: Falling back to cooked socket\n");
handle->linktype = PCAP_ENCAP_RAW;
handle->linktype = DLT_RAW;
}

4
pcap-nit.c
View File

@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.37 2000-09-17 04:04:37 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.38 2000-10-12 03:54:00 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -225,7 +225,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
/*
* NIT supports only ethernets.
*/
p->linktype = PCAP_ENCAP_ETHERNET;
p->linktype = DLT_EN10MB;
p->bufsize = BUFSPACE;
p->buffer = (u_char *)malloc(p->bufsize);

12
pcap-pf.c
View File

@ -24,7 +24,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.60 2000-09-17 04:04:38 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.61 2000-10-12 03:54:00 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -120,7 +120,7 @@ pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
*/
n = 0;
#ifdef PCAP_FDDIPAD
if (pc->linktype == PCAP_ENCAP_FDDI)
if (pc->linktype == DLT_FDDI)
pad = pcap_fddipad;
else
pad = 0;
@ -257,12 +257,12 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
switch (devparams.end_dev_type) {
case ENDT_10MB:
p->linktype = PCAP_ENCAP_ETHERNET;
p->linktype = DLT_EN10MB;
p->offset = 2;
break;
case ENDT_FDDI:
p->linktype = PCAP_ENCAP_FDDI;
p->linktype = DLT_FDDI;
break;
default:
@ -277,13 +277,13 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
"Packet filter data-link type %d unknown, assuming Ethernet",
devparams.end_dev_type);
#endif
p->linktype = PCAP_ENCAP_ETHERNET;
p->linktype = DLT_EN10MB;
p->offset = 2;
break;
}
/* set truncation */
#ifdef PCAP_FDDIPAD
if (p->linktype == PCAP_ENCAP_FDDI)
if (p->linktype == DLT_FDDI)
/* packetfilter includes the padding in the snapshot */
snaplen += pcap_fddipad;
#endif

4
pcap-snit.c
View File

@ -25,7 +25,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.52 2000-09-17 04:04:38 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.53 2000-10-12 03:54:00 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -282,7 +282,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
/*
* NIT supports only ethernets.
*/
p->linktype = PCAP_ENCAP_ETHERNET;
p->linktype = DLT_EN10MB;
p->bufsize = BUFSPACE;
p->buffer = (u_char *)malloc(p->bufsize);

12
pcap-snoop.c
View File

@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.28 2000-09-17 04:04:38 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.29 2000-10-12 03:54:01 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -180,20 +180,20 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
strncmp("fa", device, 2) == 0 ||
strncmp("qaa", device, 3) == 0 ||
strncmp("el", device, 2) == 0) {
p->linktype = PCAP_ENCAP_ETHERNET;
p->linktype = DLT_EN10MB;
p->offset = RAW_HDRPAD(sizeof(struct ether_header));
ll_hdrlen = sizeof(struct ether_header);
} else if (strncmp("ipg", device, 3) == 0 ||
strncmp("rns", device, 3) == 0 || /* O2/200/2000 FDDI */
strncmp("xpi", device, 3) == 0) {
p->linktype = PCAP_ENCAP_FDDI;
p->linktype = DLT_FDDI;
p->offset = 3; /* XXX yeah? */
ll_hdrlen = 13;
} else if (strncmp("ppp", device, 3) == 0) {
p->linktype = PCAP_ENCAP_RAW;
ll_hdrlen = 0; /* PCAP_ENCAP_RAW meaning "no PPP header, just the IP packet"? */
p->linktype = DLT_RAW;
ll_hdrlen = 0; /* DLT_RAW meaning "no PPP header, just the IP packet"? */
} else if (strncmp("lo", device, 2) == 0) {
p->linktype = PCAP_ENCAP_NULL;
p->linktype = DLT_NULL;
ll_hdrlen = 4; /* is this just like BSD's loopback device? */
} else {
snprintf(ebuf, PCAP_ERRBUF_SIZE,

92
pcap.h
View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.27 2000-09-18 05:08:02 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.28 2000-10-12 03:54:01 guy Exp $ (LBL)
*/
#ifndef lib_pcap_h
@ -98,97 +98,9 @@ struct pcap_file_header {
bpf_int32 thiszone; /* gmt to local correction */
bpf_u_int32 sigfigs; /* accuracy of timestamps */
bpf_u_int32 snaplen; /* max length saved portion of each pkt */
bpf_u_int32 linktype; /* data link type (PCAP_ENCAP_*) */
bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */
};
/*
* Values for "linktype" in the file header.
*
* In the past, these have been DLT_ codes defined by <net/bpf.h>.
* Those codes were used in two places:
*
* inside BSD kernels, as the value returned by the BIOCGDLT ioctl
* for "/dev/bpfN" devices;
*
* inside libpcap capture file headers.
*
* Unfortunately, the various flavors of BSD have not always used the same
* numerical values for the same data types, and various patches to
* libpcap for non-BSD OSes have added their own DLT_ codes for link
* layer encapsulation types seen on those OSes, and those codes have had,
* in some cases, values that were also used, on other platforms, for other
* link layer encapsulation types.
*
* This means that capture files of a type whose numerical DLT_ code
* means different things on different BSDs, or with different versions
* of libpcap, can't always be read on systems other than those like
* the one running on the machine on which the capture was made.
*
* We therefore now, in an attempt to decouple the values supplied by
* BIOCGDLT from the values used in the libpcap file header, define
* a set of PCAP_ENCAP_* codes to be used in the header; "pcap_open_live()"
* in the various "pcap-bpf.c" files should set the "linktype" field of
* the "pcap_t" it returns to a PCAP_ENCAP_* code, not to a DLT_* code.
*
* For those DLT_* codes that have, as far as we know, the same values on
* all platforms (DLT_NULL through DLT_FDDI), we define PCAP_ENCAP_xxx as
* DLT_xxx; this means that captures of those types will continue to use
* the same "linktype" value, and thus will continue to be readable by
* older versions of libpcap.
*
* The other PCAP_ENCAP_* codes are given values starting at 100, in the
* hopes that no DLT_* code will be given one of those values.
*
* In order to ensure that a given PCAP_ENCAP_* code's value will refer to
* the same encapsulation type on all platforms, you should not allocate
* a new PCAP_ENCAP_* value without consulting "tcpdump-workers@tcpdump.org".
* The tcpdump developers will allocate a value for you, and will not
* subsequently allocate it to anybody else; that value will be added to
* the "pcap.h" in the tcpdump.org CVS repository, so that a future
* libpcap release will include it.
*
* You should, if possible, also contribute patches to libpcap and tcpdump
* to handle the new encapsulation type, so that they can also be checked
* into the tcpdump.org CVS repository and so that they will appear in
* future libpcap and tcpdump releases.
*
* PCAP_ENCAP_* codes should not be used inside kernels; DLT_* codes
* should be used inside kernels that support BSD's BPF mechanism (other
* kernels may use other codes, e.g. ARPHRD_* codes in Linux kernels
* and DL_* codes in kernels using DLPI).
*/
#define PCAP_ENCAP_NULL DLT_NULL
#define PCAP_ENCAP_ETHERNET DLT_EN10MB /* also for 100Mb and up */
#define PCAP_ENCAP_EXP_ETHERNET DLT_EN3MB /* 3Mb experimental Ethernet */
#define PCAP_ENCAP_AX25 DLT_AX25
#define PCAP_ENCAP_PRONET DLT_PRONET
#define PCAP_ENCAP_CHAOS DLT_CHAOS
#define PCAP_ENCAP_TOKEN_RING DLT_IEEE802 /* DLT_IEEE802 is used for Token Ring */
#define PCAP_ENCAP_ARCNET DLT_ARCNET
#define PCAP_ENCAP_SLIP DLT_SLIP
#define PCAP_ENCAP_PPP DLT_PPP
#define PCAP_ENCAP_FDDI DLT_FDDI
#define PCAP_ENCAP_ATM_RFC1483 100 /* LLC/SNAP-encapsulated ATM */
#define PCAP_ENCAP_RAW 101 /* raw IP */
#define PCAP_ENCAP_SLIP_BSDOS 102 /* BSD/OS SLIP BPF header */
#define PCAP_ENCAP_PPP_BSDOS 103 /* BSD/OS PPP BPF header */
#define PCAP_ENCAP_C_HDLC 104 /* Cisco HDLC */
#define PCAP_ENCAP_IEEE802_11 105 /* IEEE 802.11 (wireless) */
#define PCAP_ENCAP_ATM_CLIP 106 /* Linux Classical IP over ATM */
/*
* PCAP_ENCAP_PPP is for use when there might, or might not, be an RFC 1662
* PPP in HDLC-like framing header (with 0xff 0x03 before the PPP protocol
* field) at the beginning of the packet.
*
* This is for use when there is always such a header; the address field
* might be 0xff, for regular PPP, or it might be an address field for Cisco
* point-to-point with HDLC framing as per section 4.3.1 of RFC 1547 ("Cisco
* HDLC"). This is, for example, what you get with NetBSD's DLT_PPP_SERIAL.
*/
#define PCAP_ENCAP_PPP_HDLC 107 /* PPP in HDLC-like framing */
/*
* Each packet in the dump file is prepended with this generic header.
* This gets around the problem of different headers for different

212
savefile.c
View File

@ -30,7 +30,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.43 2000-10-10 04:53:09 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.44 2000-10-12 03:54:01 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -76,6 +76,196 @@ static const char rcsid[] =
#define SFERR_BADF 3
#define SFERR_EOF 4 /* not really an error, just a status */
/*
* We don't write DLT_* values to the capture file header, because
* they're not the same on all platforms.
*
* Unfortunately, the various flavors of BSD have not always used the same
* numerical values for the same data types, and various patches to
* libpcap for non-BSD OSes have added their own DLT_* codes for link
* layer encapsulation types seen on those OSes, and those codes have had,
* in some cases, values that were also used, on other platforms, for other
* link layer encapsulation types.
*
* This means that capture files of a type whose numerical DLT_* code
* means different things on different BSDs, or with different versions
* of libpcap, can't always be read on systems other than those like
* the one running on the machine on which the capture was made.
*
* Instead, we define here a set of LINKTYPE_* codes, and map DLT_* codes
* to LINKTYPE_* codes when writing a savefile header, and map LINKTYPE_*
* codes to DLT_* codes when reading a savefile header.
*
* For those DLT_* codes that have, as far as we know, the same values on
* all platforms (DLT_NULL through DLT_FDDI), we define LINKTYPE_xxx as
* DLT_xxx; that way, captures of those types can still be read by
* versions of libpcap that map LINKTYPE_* values to DLT_* values, and
* captures of those types written by versions of libpcap that map DLT_
* values to LINKTYPE_ values can still be read by older versions
* of libpcap.
*
* The other LINKTYPE_* codes are given values starting at 100, in the
* hopes that no DLT_* code will be given one of those values.
*
* In order to ensure that a given LINKTYPE_* code's value will refer to
* the same encapsulation type on all platforms, you should not allocate
* a new LINKTYPE_* value without consulting "tcpdump-workers@tcpdump.org".
* The tcpdump developers will allocate a value for you, and will not
* subsequently allocate it to anybody else; that value will be added to
* the "pcap.h" in the tcpdump.org CVS repository, so that a future
* libpcap release will include it.
*
* You should, if possible, also contribute patches to libpcap and tcpdump
* to handle the new encapsulation type, so that they can also be checked
* into the tcpdump.org CVS repository and so that they will appear in
* future libpcap and tcpdump releases.
*/
#define LINKTYPE_NULL DLT_NULL
#define LINKTYPE_ETHERNET DLT_EN10MB /* also for 100Mb and up */
#define LINKTYPE_EXP_ETHERNET DLT_EN3MB /* 3Mb experimental Ethernet */
#define LINKTYPE_AX25 DLT_AX25
#define LINKTYPE_PRONET DLT_PRONET
#define LINKTYPE_CHAOS DLT_CHAOS
#define LINKTYPE_TOKEN_RING DLT_IEEE802 /* DLT_IEEE802 is used for Token Ring */
#define LINKTYPE_ARCNET DLT_ARCNET
#define LINKTYPE_SLIP DLT_SLIP
#define LINKTYPE_PPP DLT_PPP
#define LINKTYPE_FDDI DLT_FDDI
#define LINKTYPE_ATM_RFC1483 100 /* LLC/SNAP-encapsulated ATM */
#define LINKTYPE_RAW 101 /* raw IP */
#define LINKTYPE_SLIP_BSDOS 102 /* BSD/OS SLIP BPF header */
#define LINKTYPE_PPP_BSDOS 103 /* BSD/OS PPP BPF header */
#define LINKTYPE_C_HDLC 104 /* Cisco HDLC */
#define LINKTYPE_ATM_CLIP 106 /* Linux Classical IP over ATM */
/*
* Reserved for future use.
*/
#define LINKTYPE_IEEE802_11 105 /* IEEE 802.11 (wireless) */
#define LINKTYPE_FR 107 /* BSD/OS Frame Relay */
#define LINKTYPE_LOOP 108 /* OpenBSD loopback */
#define LINKTYPE_ENC 109 /* OpenBSD IPSEC enc */
#define LINKTYPE_LANE8023 110 /* ATM LANE + 802.3 */
#define LINKTYPE_HIPPI 111 /* NetBSD HIPPI */
#define LINKTYPE_HDLC 112 /* NetBSD HDLC framing */
/*
* LINKTYPE_PPP is for use when there might, or might not, be an RFC 1662
* PPP in HDLC-like framing header (with 0xff 0x03 before the PPP protocol
* field) at the beginning of the packet.
*
* This is for use when there is always such a header; the address field
* might be 0xff, for regular PPP, or it might be an address field for Cisco
* point-to-point with HDLC framing as per section 4.3.1 of RFC 1547 ("Cisco
* HDLC"). This is, for example, what you get with NetBSD's DLT_PPP_SERIAL.
*/
#define LINKTYPE_PPP_HDLC 107 /* PPP in HDLC-like framing */
static struct linktype_map {
int dlt;
int linktype;
} map[] = {
/*
* These DLT_* codes have LINKTYPE_* codes with values identical
* to the values of the corresponding DLT_* code.
*/
{ DLT_NULL, LINKTYPE_NULL },
{ DLT_EN10MB, LINKTYPE_ETHERNET },
{ DLT_EN3MB, LINKTYPE_EXP_ETHERNET },
{ DLT_AX25, LINKTYPE_AX25 },
{ DLT_PRONET, LINKTYPE_PRONET },
{ DLT_CHAOS, LINKTYPE_CHAOS },
{ DLT_IEEE802, LINKTYPE_TOKEN_RING },
{ DLT_ARCNET, LINKTYPE_ARCNET },
{ DLT_SLIP, LINKTYPE_SLIP },
{ DLT_PPP, LINKTYPE_PPP },
{ DLT_FDDI, LINKTYPE_FDDI },
/*
* These DLT_* codes have different values on different
* platforms; we map them to LINKTYPE_* codes that
* have values that should never be equal to any DLT_*
* code.
*/
{ DLT_ATM_RFC1483, LINKTYPE_ATM_RFC1483 },
{ DLT_RAW, LINKTYPE_RAW },
{ DLT_SLIP_BSDOS, LINKTYPE_SLIP_BSDOS },
{ DLT_PPP_BSDOS, LINKTYPE_PPP_BSDOS },
/* BSD/OS Cisco HDLC */
{ DLT_C_HDLC, LINKTYPE_C_HDLC },
/*
* These DLT_* codes are not on all platforms, but, so far,
* there don't appear to be any platforms that define
* other codes with those values; we map them to
* different LINKTYPE_* values anyway, just in case.
*/
/* Linux ATM Classical IP */
{ DLT_ATM_CLIP, LINKTYPE_ATM_CLIP },
/* NetBSD sync/async serial PPP (or Cisco HDLC) */
{ DLT_PPP_SERIAL, LINKTYPE_PPP_HDLC },
/*
* Any platform that defines additional DLT_* codes should:
*
* request a LINKTYPE_* code and value from tcpdump.org,
* as per the above;
*
* add, in their version of libpcap, an entry to map
* those DLT_* codes to the corresponding LINKTYPE_*
* code;
*
* redefine, in their "net/bpf.h", any DLT_* values
* that collide with the values used by their additional
* DLT_* codes, to remove those collisions (but without
* making them collide with any of the LINKTYPE_*
* values equal to 50 or above; they should also avoid
* defining DLT_* values that collide with those
* LINKTYPE_* values, either).
*/
{ -1, -1 }
};
static int
dlt_to_linktype(int dlt)
{
int i;
for (i = 0; map[i].dlt != -1; i++) {
if (map[i].dlt == dlt)
return (map[i].linktype);
}
/*
* If we don't have a mapping for this DLT_ code, return an
* error; that means that the table above needs to have an
* entry added.
*/
return (-1);
}
static int
linktype_to_dlt(int linktype)
{
int i;
for (i = 0; map[i].linktype != -1; i++) {
if (map[i].linktype == linktype)
return (map[i].dlt);
}
/*
* If we don't have an entry for this link type, return
* the link type value; it may be a DLT_ value from an
* older version of libpcap.
*/
return linktype;
}
static int
sf_write_header(FILE *fp, int linktype, int thiszone, int snaplen)
{
@ -170,7 +360,7 @@ pcap_open_offline(const char *fname, char *errbuf)
}
p->tzoff = hdr.thiszone;
p->snapshot = hdr.snaplen;
p->linktype = hdr.linktype;
p->linktype = linktype_to_dlt(hdr.linktype);
p->sf.rfile = fp;
p->bufsize = hdr.snaplen;
@ -178,15 +368,15 @@ pcap_open_offline(const char *fname, char *errbuf)
/* XXX should handle all types */
switch (p->linktype) {
case PCAP_ENCAP_ETHERNET:
case DLT_EN10MB:
linklen = 14;
break;
case PCAP_ENCAP_FDDI:
case DLT_FDDI:
linklen = 13 + 8; /* fddi_header + llc */
break;
case PCAP_ENCAP_NULL:
case DLT_NULL:
default:
linklen = 0;
break;
@ -374,6 +564,16 @@ pcap_dumper_t *
pcap_dump_open(pcap_t *p, const char *fname)
{
FILE *f;
int linktype;
linktype = dlt_to_linktype(p->linktype);
if (linktype == -1) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"%s: link-layer type %d isn't supported in savefiles",
fname, linktype);
return (NULL);
}
if (fname[0] == '-' && fname[1] == '\0')
f = stdout;
else {
@ -384,7 +584,7 @@ pcap_dump_open(pcap_t *p, const char *fname)
return (NULL);
}
}
(void)sf_write_header(f, p->linktype, p->tzoff, p->snapshot);
(void)sf_write_header(f, linktype, p->tzoff, p->snapshot);
return ((pcap_dumper_t *)f);
}