dect
/
libpcap
Archived
13
0
Fork 0
Code Releases Activity

Introduce a set of PCAP_ENCAP_ codes to specify packet encapsulations. 

For those PCAP_ENCAP_ codes corresponding to DLT_ codes that are
(believed to be) the same in all BSDs, the PCAP_ENCAP_ codes have the
same values as the corresponding DLT_ codes.

For those PCAP_ENCAP_ codes corresponding to DLT_ codes that were added
in libpcap 0.5 as "non-kernel" DLT_ codes, or had their values changed
in libpcap 0.5 in order to cope with the fact that those DLT_ codes
have different values in different systems, the PCAP_ENCAP_ codes have
the same values as the corresponding DLT_ codes.

We add some additional PCAP_ENCAP_ codes to handle IEEE 802.11 (which
currently has its link-layer information turned into an Ethernet header
by at least some of the BSDs, but John Hawkinson at MIT wants to add a
DLT_ value for 802.11 and pass up the full link-layer header) and the
Classical IP encapsulation for ATM on Linux (which isn't always the same
as DLT_ATM_RFC1483, from what I can tell, alas).

"pcap-bpf.c" maps DLT_ codes to PCAP_ENCAP_ codes, so as not to supply
to libpcap's callers any DLT_ codes other than the ones that have the
same values on all platforms; it supplies PCAP_ENCAP_ codes for all
others.

In libpcap's "bpf/net/bpf.h", we define the DLT_ values that aren't the
same on all platforms with the new values starting at 100 (to keep them
out of the way of the values various BSDs might assign to them), as we
did in 0.5, but do so only if they're not already defined; platforms
with <net/bpf.h> headers that come with the kernel (e.g., the BSDs)
should define them with the values that they have always had on that
platform, *not* with the values we used in 0.5.

(Code using this version of libpcap should check for the new PCAP_ENCAP_
codes; those are given the values that the corresponding DLT_ values had
in 0.5, so code that checks for them will handle 0.5 libpcap files
correctly even if the platform defines DLT_RAW, say, as something other
than 101.  If that code also checks for DLT_RAW - which means it can't
just use a switch statement, as DLT_RAW might be defined as 101 if the
platform doesn't itself define DLT_RAW with some other value - then it
will also handle old DLT_RAW captures, as long as they were made on the
same platform or on another platform that used the same value for
DLT_RAW.  It can't handle captures from a platform that uses that value
for another DLT_ code, but that's always been the case, and isn't easily
fixable.)

The intent here is to decouple the values that are returned by
"pcap_datalink()" and put into the header of tcpdump/libpcap save files
from the DLT_ values returned by BIOCGDLT in BSD kernels, allowing the
BSDs to assign values to DLT_ codes, in their kernels, as they choose,
without creating more incompatibilities between tcpdump/libpcap save
files from different platforms.
This commit is contained in:
guy 2000-09-17 04:04:36 +00:00
parent 74ab49bec1
commit 781fae3571
13 changed files with 326 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
bpf/net/bpf.h
View File

@ -37,7 +37,7 @@
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/Attic/bpf.h,v 1.38 2000-06-26 04:56:28 assar Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/Attic/bpf.h,v 1.39 2000-09-17 04:04:39 guy Exp $ (LBL)
*/
#ifndef BPF_MAJOR_VERSION
@ -160,6 +160,12 @@ struct bpf_hdr {
/*
* Data-link level type codes.
* These are the types that are the same on all platforms; on other
* platforms, a <net/bpf.h> should be supplied that defines the additional
* DLT_* codes appropriately for that platform (the BSDs, for example,
* should not just pick up this version of "bpf.h"; they should also define
* the additional DLT_* codes used by their kernels, as well as the values
* defined here).
*/
#define DLT_NULL 0 /* no link-layer encapsulation */
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
@ -172,20 +178,39 @@ struct bpf_hdr {
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
#ifdef __FreeBSD__
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#endif
#ifdef __OpenBSD__
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_LOOP 12 /* loopback */
#endif
/* offset to avoid collision with BSD/OS values */
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* These are the values that were traditionally defined in <net/bpf.h>,
* but that are not the same on all platforms; if they are not already
* defined (e.g., defined above because this is a BSD that defines them
* for use in its kernel), we define them to have the appropriate
* PCAP_ENCAP_* value from <pcap.h>, so that programs using those DLT_
* codes will continue to compile and will be able to read capture files
* from the current version of libpcap.
*/
#ifndef DLT_ATM_RFC1483
#define DLT_ATM_RFC1483 100 /* LLC/SNAP encapsulated atm */
#endif
#ifndef DLT_RAW
#define DLT_RAW 101 /* raw IP */
#endif
/*
* NOTE: these two values were defined by LBL libpcap, but with values
* that didn't seem to correspond to the values that were used in BSD/OS;
* neither of them are, as far as I know, used in any kernel, so they
* should not be defined above. We therefore don't bother checking to
* see if they're already defined.
*/
#define DLT_SLIP_BSDOS 102 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 103 /* BSD/OS Point-to-point Protocol */
/*
* This value was defined by libpcap 0.5; we now use it as a DLT_* value
* solely for backwards compatibility - new programs should use
* PCAP_ENCAP_C_HDLC instead.
*/
#define DLT_CHDLC 104 /* Cisco HDLC */
/*

73
gencode.c
View File

@ -21,7 +21,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.116 2000-08-06 01:22:39 torsten Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.117 2000-09-17 04:04:36 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -542,12 +542,12 @@ init_linktype(type)
switch (type) {
case DLT_EN10MB:
case PCAP_ENCAP_ETHERNET:
off_linktype = 12;
off_nl = 14;
return;
case DLT_SLIP:
case PCAP_ENCAP_SLIP:
/*
* SLIP doesn't have a link level type. The 16 byte
* header is hacked into our SLIP driver.
@ -556,30 +556,30 @@ init_linktype(type)
off_nl = 16;
return;
case DLT_SLIP_BSDOS:
/* XXX this may be the same as the DLT_PPP_BSDOS case */
case PCAP_ENCAP_SLIP_BSDOS:
/* XXX this may be the same as the PCAP_ENCAP_PPP_BSDOS case */
off_linktype = -1;
/* XXX end */
off_nl = 24;
return;
case DLT_NULL:
case PCAP_ENCAP_NULL:
off_linktype = 0;
off_nl = 4;
return;
case DLT_PPP:
case DLT_CHDLC:
case PCAP_ENCAP_PPP:
case PCAP_ENCAP_C_HDLC:
off_linktype = 2;
off_nl = 4;
return;
case DLT_PPP_BSDOS:
case PCAP_ENCAP_PPP_BSDOS:
off_linktype = 5;
off_nl = 24;
return;
case DLT_FDDI:
case PCAP_ENCAP_FDDI:
/*
* FDDI doesn't really have a link-level type field.
* We assume that SSAP = SNAP is being used and pick
@ -597,7 +597,7 @@ init_linktype(type)
#endif
return;
case DLT_IEEE802:
case PCAP_ENCAP_TOKEN_RING:
/*
* Token Ring doesn't really have a link-level type field.
* We assume that SSAP = SNAP is being used and pick
@ -624,7 +624,7 @@ init_linktype(type)
off_nl = 22;
return;
case DLT_ATM_RFC1483:
case PCAP_ENCAP_ATM_RFC1483:
/*
* assume routed, non-ISO PDUs
* (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
@ -633,10 +633,15 @@ init_linktype(type)
off_nl = 8;
return;
case DLT_RAW:
case PCAP_ENCAP_RAW:
off_linktype = -1;
off_nl = 0;
return;
case PCAP_ENCAP_ATM_CLIP:
off_linktype = 6;
off_nl = 8;
return;
}
bpf_error("unknown data link type 0x%x", linktype);
/* NOTREACHED */
@ -681,10 +686,10 @@ gen_linktype(proto)
switch (linktype) {
case DLT_SLIP:
case PCAP_ENCAP_SLIP:
return gen_false();
case DLT_PPP:
case PCAP_ENCAP_PPP:
if (proto == ETHERTYPE_IP)
proto = PPP_IP; /* XXX was 0x21 */
#ifdef INET6
@ -693,7 +698,7 @@ gen_linktype(proto)
#endif
break;
case DLT_PPP_BSDOS:
case PCAP_ENCAP_PPP_BSDOS:
switch (proto) {
case ETHERTYPE_IP:
@ -725,7 +730,7 @@ gen_linktype(proto)
}
break;
case DLT_NULL:
case PCAP_ENCAP_NULL:
/* XXX */
if (proto == ETHERTYPE_IP)
return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET)));
@ -867,7 +872,7 @@ gen_ehostop(eaddr, dir)
}
/*
* Like gen_ehostop, but for DLT_FDDI
* Like gen_ehostop, but for PCAP_ENCAP_FDDI
*/
static struct block *
gen_fhostop(eaddr, dir)
@ -909,7 +914,7 @@ gen_fhostop(eaddr, dir)
}
/*
* Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
* Like gen_ehostop, but for PCAP_ENCAP_TOKEN_RING
*/
static struct block *
gen_thostop(eaddr, dir)
@ -1215,11 +1220,11 @@ gen_gateway(eaddr, alist, proto, dir)
case Q_IP:
case Q_ARP:
case Q_RARP:
if (linktype == DLT_EN10MB)
if (linktype == PCAP_ENCAP_ETHERNET)
b0 = gen_ehostop(eaddr, Q_OR);
else if (linktype == DLT_FDDI)
else if (linktype == PCAP_ENCAP_FDDI)
b0 = gen_fhostop(eaddr, Q_OR);
else if (linktype == DLT_IEEE802)
else if (linktype == PCAP_ENCAP_TOKEN_RING)
b0 = gen_thostop(eaddr, Q_OR);
else
bpf_error(
@ -2071,21 +2076,21 @@ gen_scode(name, q)
if (proto == Q_LINK) {
switch (linktype) {
case DLT_EN10MB:
case PCAP_ENCAP_ETHERNET:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
bpf_error(
"unknown ether host '%s'", name);
return gen_ehostop(eaddr, dir);
case DLT_FDDI:
case PCAP_ENCAP_FDDI:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
bpf_error(
"unknown FDDI host '%s'", name);
return gen_fhostop(eaddr, dir);
case DLT_IEEE802:
case PCAP_ENCAP_TOKEN_RING:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
bpf_error(
@ -2424,11 +2429,11 @@ gen_ecode(eaddr, q)
struct qual q;
{
if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
if (linktype == DLT_EN10MB)
if (linktype == PCAP_ENCAP_ETHERNET)
return gen_ehostop(eaddr, (int)q.dir);
if (linktype == DLT_FDDI)
if (linktype == PCAP_ENCAP_FDDI)
return gen_fhostop(eaddr, (int)q.dir);
if (linktype == DLT_IEEE802)
if (linktype == PCAP_ENCAP_TOKEN_RING)
return gen_thostop(eaddr, (int)q.dir);
}
bpf_error("ethernet address used in non-ether expression");
@ -2823,11 +2828,11 @@ gen_broadcast(proto)
case Q_DEFAULT:
case Q_LINK:
if (linktype == DLT_EN10MB)
if (linktype == PCAP_ENCAP_ETHERNET)
return gen_ehostop(ebroadcast, Q_DST);
if (linktype == DLT_FDDI)
if (linktype == PCAP_ENCAP_FDDI)
return gen_fhostop(ebroadcast, Q_DST);
if (linktype == DLT_IEEE802)
if (linktype == PCAP_ENCAP_TOKEN_RING)
return gen_thostop(ebroadcast, Q_DST);
bpf_error("not a broadcast link");
break;
@ -2856,7 +2861,7 @@ gen_multicast(proto)
case Q_DEFAULT:
case Q_LINK:
if (linktype == DLT_EN10MB) {
if (linktype == PCAP_ENCAP_ETHERNET) {
/* ether[0] & 1 != 0 */
s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
s->s.k = 0;
@ -2866,7 +2871,7 @@ gen_multicast(proto)
return b0;
}
if (linktype == DLT_FDDI) {
if (linktype == PCAP_ENCAP_FDDI) {
/* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
/* fddi[1] & 1 != 0 */
s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
@ -2878,7 +2883,7 @@ gen_multicast(proto)
}
/* TODO - check how token ring handles multicast */
/* if (linktype == DLT_IEEE802) ... */
/* if (linktype == PCAP_ENCAP_TOKEN_RING) ... */
/* Link not known to support multicasts */
break;

104
pcap-bpf.c
View File

@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.39 2000-07-29 08:03:56 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.40 2000-09-17 04:04:36 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -235,34 +235,102 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
pcap_strerror(errno));
goto bad;
}
#ifdef __OpenBSD__
switch (v) {
case DLT_LOOP:
v = DLT_NULL;
break;
}
#endif
#if _BSDI_VERSION - 0 >= 199510
/* The SLIP and PPP link layer header changed in BSD/OS 2.1 */
switch (v) {
case DLT_NULL:
case DLT_EN10MB:
case DLT_EN3MB:
case DLT_AX25:
case DLT_PRONET:
case DLT_CHAOS:
case DLT_IEEE802:
case DLT_ARCNET:
case DLT_FDDI:
/*
* These DLT_* types have PCAP_ENCAP_* types with values
* identical to the values of the corresponding DLT_*
* type.
*/
break;
case DLT_ATM_RFC1483:
v = PCAP_ENCAP_ATM_RFC1483;
break;
case DLT_RAW:
v = PCAP_ENCAP_RAW;
break;
case DLT_SLIP:
v = DLT_SLIP_BSDOS;
#if _BSDI_VERSION - 0 >= 199510
/*
* The SLIP link layer header changed in BSD/OS 2.1;
* however, BSD/OS apparently continued to use DLT_SLIP
* as the DLT_* type for it - we map it to DLT_SLIP_BSDOS,
* so that BSD/OS 2.1 and later SLIP captures can be
* distinguished from other SLIP captures.
*/
v = PCAP_ENCAP_SLIP_BSDOS;
#else
/*
* DLT_SLIP and PCAP_ENCAP_SLIP have the same value.
*/
#endif
break;
case DLT_PPP:
v = DLT_PPP_BSDOS;
#if _BSDI_VERSION - 0 >= 199510
/*
* The PPP link layer header changed in BSD/OS 2.1;
* however, BSD/OS apparently continued to use DLT_PPP
* as the DLT_* type for it - we map it to DLT_PPP_BSDOS,
* so that BSD/OS 2.1 and later SLIP captures can be
* distinguished from other SLIP captures.
*/
v = PCAP_ENCAP_PPP_BSDOS;
#else
/*
* DLT_PPP and PCAP_ENCAP_PPP have the same value.
*/
#endif
break;
case 11: /*DLT_FR*/
v = DLT_RAW; /*XXX*/
break;
case 12: /*DLT_C_HDLC*/
v = DLT_CHDLC;
#ifdef DLT_LOOP
case DLT_LOOP:
/*
* OpenBSD DLT_LOOP, which is like DLT_NULL, but with
* the AF_ value in the header being in network byte
* order rather than host byte order.
*/
v = PCAP_ENCAP_NULL;
break;
}
#endif
#ifdef DLT_FR
case DLT_FR:
/* BSD/OS Frame Relay */
v = PCAP_ENCAP_RAW; /*XXX*/
break;
#endif
#ifdef DLT_C_HDLC
case DLT_C_HDLC:
/* BSD/OS Cisco HDLC */
v = PCAP_ENCAP_C_HDLC;
break;
#endif
default:
/*
* We don't know what this is; we'd need to add a
* PCAP_ENCAP_* type for it, and would probably
* need to add libpcap and tcpdump support for it
* as well.
*/
snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown DLT_ type %u", v);
goto bad;
}
p->linktype = v;
/* set timeout */

8
pcap-dlpi.c
View File

@ -38,7 +38,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.59 2000-08-13 06:56:05 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.60 2000-09-17 04:04:37 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -439,17 +439,17 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
case DL_CSMACD:
case DL_ETHER:
p->linktype = DLT_EN10MB;
p->linktype = PCAP_ENCAP_ETHERNET;
p->offset = 2;
break;
case DL_FDDI:
p->linktype = DLT_FDDI;
p->linktype = PCAP_ENCAP_FDDI;
p->offset = 3;
break;
default:
snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown mac type 0x%lu",
snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown mac type %lu",
infop->dl_mac_type);
goto bad;
}

4
pcap-enet.c
View File

@ -8,7 +8,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.3 2000-07-11 00:37:06 assar Exp $";
"@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.4 2000-09-17 04:04:37 guy Exp $";
#endif
#ifdef HAVE_CONFIG_H
@ -229,7 +229,7 @@ initdevice(char *device, int pflag, int *linktype)
/*
* "enetfilter" supports only ethernets.
*/
*linktype = DLT_EN10MB;
*linktype = PCAP_ENCAP_ETHERNET;
return(if_fd);
}

46
pcap-linux.c
View File

@ -438,9 +438,9 @@ pcap_setfilter(pcap_t *handle, struct bpf_program *filter)
/*
* Linux uses the ARP hardware type to identify the type of an
* interface. pcap uses the DLT_xxx constants for this. This
* interface. pcap uses the PCAP_ENCAP_xxx constants for this. This
* function maps the ARPHRD_xxx constant to an appropriate
* DLT_xxx constant.
* PCAP_ENCAP__xxx constant.
*
* Returns -1 if unable to map the type.
*/
@ -449,20 +449,42 @@ static int map_arphrd_to_dlt(int arptype)
switch (arptype) {
case ARPHRD_ETHER:
case ARPHRD_METRICOM:
case ARPHRD_LOOPBACK: return DLT_EN10MB;
case ARPHRD_EETHER: return DLT_EN3MB;
case ARPHRD_AX25: return DLT_AX25;
case ARPHRD_PRONET: return DLT_PRONET;
case ARPHRD_CHAOS: return DLT_CHAOS;
case ARPHRD_IEEE802: return DLT_IEEE802;
case ARPHRD_ARCNET: return DLT_ARCNET;
case ARPHRD_FDDI: return DLT_FDDI;
case ARPHRD_LOOPBACK:
return PCAP_ENCAP_ETHERNET;
case ARPHRD_EETHER:
return PCAP_ENCAP_EXP_ETHERNET;
case ARPHRD_AX25:
return PCAP_ENCAP_AX25;
case ARPHRD_PRONET:
return PCAP_ENCAP_PRONET;
case ARPHRD_CHAOS:
return PCAP_ENCAP_CHAOS;
case ARPHRD_IEEE802:
return PCAP_ENCAP_TOKEN_RING;
case ARPHRD_ARCNET:
return PCAP_ENCAP_ARCNET;
case ARPHRD_FDDI:
return PCAP_ENCAP_FDDI;
#ifndef ARPHRD_ATM /* FIXME: How to #include this? */
#define ARPHRD_ATM 19
#endif
case ARPHRD_ATM:
return PCAP_ENCAP_ATM_CLIP;
case ARPHRD_PPP:
case ARPHRD_CSLIP:
case ARPHRD_SLIP6:
case ARPHRD_CSLIP6:
case ARPHRD_SLIP: return DLT_RAW;
case ARPHRD_SLIP:
return PCAP_ENCAP_RAW;
}
return -1;
@ -536,7 +558,7 @@ live_open_new(pcap_t *handle, char *device, int promisc,
fprintf(stderr,
"Warning: Falling back to cooked socket\n");
handle->linktype = DLT_RAW;
handle->linktype = PCAP_ENCAP_RAW;
}

4
pcap-nit.c
View File

@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.36 2000-07-29 08:03:56 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.37 2000-09-17 04:04:37 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -225,7 +225,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
/*
* NIT supports only ethernets.
*/
p->linktype = DLT_EN10MB;
p->linktype = PCAP_ENCAP_ETHERNET;
p->bufsize = BUFSPACE;
p->buffer = (u_char *)malloc(p->bufsize);

12
pcap-pf.c
View File

@ -24,7 +24,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.59 2000-07-29 08:03:57 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.60 2000-09-17 04:04:38 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -120,7 +120,7 @@ pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
*/
n = 0;
#ifdef PCAP_FDDIPAD
if (pc->linktype == DLT_FDDI)
if (pc->linktype == PCAP_ENCAP_FDDI)
pad = pcap_fddipad;
else
pad = 0;
@ -257,12 +257,12 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
switch (devparams.end_dev_type) {
case ENDT_10MB:
p->linktype = DLT_EN10MB;
p->linktype = PCAP_ENCAP_ETHERNET;
p->offset = 2;
break;
case ENDT_FDDI:
p->linktype = DLT_FDDI;
p->linktype = PCAP_ENCAP_FDDI;
break;
default:
@ -277,13 +277,13 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
"Packet filter data-link type %d unknown, assuming Ethernet",
devparams.end_dev_type);
#endif
p->linktype = DLT_EN10MB;
p->linktype = PCAP_ENCAP_ETHERNET;
p->offset = 2;
break;
}
/* set truncation */
#ifdef PCAP_FDDIPAD
if (p->linktype == DLT_FDDI)
if (p->linktype == PCAP_ENCAP_FDDI)
/* packetfilter includes the padding in the snapshot */
snaplen += pcap_fddipad;
#endif

4
pcap-snit.c
View File

@ -25,7 +25,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.51 2000-07-29 08:03:57 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.52 2000-09-17 04:04:38 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -282,7 +282,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
/*
* NIT supports only ethernets.
*/
p->linktype = DLT_EN10MB;
p->linktype = PCAP_ENCAP_ETHERNET;
p->bufsize = BUFSPACE;
p->buffer = (u_char *)malloc(p->bufsize);

12
pcap-snoop.c
View File

@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.27 2000-07-29 08:03:57 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.28 2000-09-17 04:04:38 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -180,20 +180,20 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
strncmp("fa", device, 2) == 0 ||
strncmp("qaa", device, 3) == 0 ||
strncmp("el", device, 2) == 0) {
p->linktype = DLT_EN10MB;
p->linktype = PCAP_ENCAP_ETHERNET;
p->offset = RAW_HDRPAD(sizeof(struct ether_header));
ll_hdrlen = sizeof(struct ether_header);
} else if (strncmp("ipg", device, 3) == 0 ||
strncmp("rns", device, 3) == 0 || /* O2/200/2000 FDDI */
strncmp("xpi", device, 3) == 0) {
p->linktype = DLT_FDDI;
p->linktype = PCAP_ENCAP_FDDI;
p->offset = 3; /* XXX yeah? */
ll_hdrlen = 13;
} else if (strncmp("ppp", device, 3) == 0) {
p->linktype = DLT_RAW;
ll_hdrlen = 0; /* DLT_RAW meaning "no PPP header, just the IP packet"? */
p->linktype = PCAP_ENCAP_RAW;
ll_hdrlen = 0; /* PCAP_ENCAP_RAW meaning "no PPP header, just the IP packet"? */
} else if (strncmp("lo", device, 2) == 0) {
p->linktype = DLT_NULL;
p->linktype = PCAP_ENCAP_NULL;
ll_hdrlen = 4; /* is this just like BSD's loopback device? */
} else {
snprintf(ebuf, PCAP_ERRBUF_SIZE,

32
pcap.3
View File

@ -1,4 +1,4 @@
.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap.3,v 1.9 2000-07-25 06:20:37 guy Exp $
.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap.3,v 1.10 2000-09-17 04:04:39 guy Exp $
.\"
.\" Copyright (c) 1994, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
@ -294,8 +294,34 @@ returns a
pointer to the next packet.
.PP
.B pcap_datalink()
returns the link layer type, e.g.
.BR DLT_EN10MB .
returns the link layer type; this will be one of
.BR PCAP_ENCAP_NULL ,
.BR PCAP_ENCAP_ETHERNET ,
.BR PCAP_ENCAP_EXP_ETHERNET ,
.BR PCAP_ENCAP_AX25 ,
.BR PCAP_ENCAP_PRONET ,
.BR PCAP_ENCAP_CHAOS ,
.BR PCAP_ENCAP_TOKEN_RING ,
.BR PCAP_ENCAP_ARCNET ,
.BR PCAP_ENCAP_SLIP ,
.BR PCAP_ENCAP_PPP ,
.BR PCAP_ENCAP_FDDI ,
.BR PCAP_ENCAP_ATM_RFC1483 ,
.BR PCAP_ENCAP_RAW ,
.BR PCAP_ENCAP_SLIP_BSDOS ,
.BR PCAP_ENCAP_PPP_BSDOS ,
.BR PCAP_ENCAP_C_HDLC ,
.BR PCAP_ENCAP_IEEE802_11 ,
.BR PCAP_ENCAP_ATM_CLIP .
Those PCAP_ENCAP_* codes corresponding to DLT_* codes with the same
value on all platforms have the same value as the corresponding DLT_*
code, so code can check for those DLT_* values rather than the
PCAP_ENCAP_* values, so that the code will compile with older versions
of libpcap. Other PCAP_ENCAP_* codes should be checked for directly;
#ifdefs can be used to ensure that the code compile with older versions
of libpcap. Other DLT_* codes can also be checked for, again with
#ifdefs, so that capture files with one of those codes can, at least, be
read on platforms that assign the same value to those codes.
.PP
.B pcap_snapshot()
returns the snapshot length specified when

80
pcap.h
View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.25 2000-09-14 09:49:29 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.26 2000-09-17 04:04:39 guy Exp $ (LBL)
*/
#ifndef lib_pcap_h
@ -98,9 +98,85 @@ struct pcap_file_header {
bpf_int32 thiszone; /* gmt to local correction */
bpf_u_int32 sigfigs; /* accuracy of timestamps */
bpf_u_int32 snaplen; /* max length saved portion of each pkt */
bpf_u_int32 linktype; /* data link type (DLT_*) */
bpf_u_int32 linktype; /* data link type (PCAP_ENCAP_*) */
};
/*
* Values for "linktype" in the file header.
*
* In the past, these have been DLT_ codes defined by <net/bpf.h>.
* Those codes were used in two places:
*
* inside BSD kernels, as the value returned by the BIOCGDLT ioctl
* for "/dev/bpfN" devices;
*
* inside libpcap capture file headers.
*
* Unfortunately, the various flavors of BSD have not always used the same
* numerical values for the same data types, and various patches to
* libpcap for non-BSD OSes have added their own DLT_ codes for link
* layer encapsulation types seen on those OSes, and those codes have had,
* in some cases, values that were also used, on other platforms, for other
* link layer encapsulation types.
*
* This means that capture files of a type whose numerical DLT_ code
* means different things on different BSDs, or with different versions
* of libpcap, can't always be read on systems other than those like
* the one running on the machine on which the capture was made.
*
* We therefore now, in an attempt to decouple the values supplied by
* BIOCGDLT from the values used in the libpcap file header, define
* a set of PCAP_ENCAP_* codes to be used in the header; "pcap_open_live()"
* in the various "pcap-bpf.c" files should set the "linktype" field of
* the "pcap_t" it returns to a PCAP_ENCAP_* code, not to a DLT_* code.
*
* For those DLT_* codes that have, as far as we know, the same values on
* all platforms (DLT_NULL through DLT_FDDI), we define PCAP_ENCAP_xxx as
* DLT_xxx; this means that captures of those types will continue to use
* the same "linktype" value, and thus will continue to be readable by
* older versions of libpcap.
*
* The other PCAP_ENCAP_* codes are given values starting at 100, in the
* hopes that no DLT_* code will be given one of those values.
*
* In order to ensure that a given PCAP_ENCAP_* code's value will refer to
* the same encapsulation type on all platforms, you should not allocate
* a new PCAP_ENCAP_* value without consulting "tcpdump-workers@tcpdump.org".
* The tcpdump developers will allocate a value for you, and will not
* subsequently allocate it to anybody else; that value will be added to
* the "pcap.h" in the tcpdump.org CVS repository, so that a future
* libpcap release will include it.
*
* You should, if possible, also contribute patches to libpcap and tcpdump
* to handle the new encapsulation type, so that they can also be checked
* into the tcpdump.org CVS repository and so that they will appear in
* future libpcap and tcpdump releases.
*
* PCAP_ENCAP_* codes should not be used inside kernels; DLT_* codes
* should be used inside kernels that support BSD's BPF mechanism (other
* kernels may use other codes, e.g. ARPHRD_* codes in Linux kernels
* and DL_* codes in kernels using DLPI).
*/
#define PCAP_ENCAP_NULL DLT_NULL
#define PCAP_ENCAP_ETHERNET DLT_EN10MB /* also for 100Mb and up */
#define PCAP_ENCAP_EXP_ETHERNET DLT_EN3MB /* 3Mb experimental Ethernet */
#define PCAP_ENCAP_AX25 DLT_AX25
#define PCAP_ENCAP_PRONET DLT_PRONET
#define PCAP_ENCAP_CHAOS DLT_CHAOS
#define PCAP_ENCAP_TOKEN_RING DLT_IEEE802 /* DLT_IEEE802 is used for Token Ring */
#define PCAP_ENCAP_ARCNET DLT_ARCNET
#define PCAP_ENCAP_SLIP DLT_SLIP
#define PCAP_ENCAP_PPP DLT_PPP
#define PCAP_ENCAP_FDDI DLT_FDDI
#define PCAP_ENCAP_ATM_RFC1483 100 /* LLC/SNAP-encapsulated ATM */
#define PCAP_ENCAP_RAW 101 /* raw IP */
#define PCAP_ENCAP_SLIP_BSDOS 102 /* BSD/OS SLIP BPF header */
#define PCAP_ENCAP_PPP_BSDOS 103 /* BSD/OS PPP BPF header */
#define PCAP_ENCAP_C_HDLC 104 /* Cisco HDLC */
#define PCAP_ENCAP_IEEE802_11 105 /* IEEE 802.11 (wireless) */
#define PCAP_ENCAP_ATM_CLIP 106 /* Linux Classical IP over ATM */
/*
* Each packet in the dump file is prepended with this generic header.
* This gets around the problem of different headers for different

8
savefile.c
View File

@ -30,7 +30,7 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.41 2000-07-18 03:43:47 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.42 2000-09-17 04:04:39 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -177,15 +177,15 @@ pcap_open_offline(const char *fname, char *errbuf)
/* XXX should handle all types */
switch (p->linktype) {
case DLT_EN10MB:
case PCAP_ENCAP_ETHERNET:
linklen = 14;
break;
case DLT_FDDI:
case PCAP_ENCAP_FDDI:
linklen = 13 + 8; /* fddi_header + llc */
break;
case DLT_NULL:
case PCAP_ENCAP_NULL:
default:
linklen = 0;
break;