packaging/pcap.spec is generated from packaging/pcap.spec.in; don't
check in the generated version, and don't put it into the distribution. Fix a bunch of references to tcpdump-workers@tcpdump.org to refer to the new address, tcpdump-workers@lists.tcpdump.org. Fix a reference to the pcap man page from the pcap-filter(4) man page. Note that patches should be submitted on the SourceForge site, not sent to the spam-trap patches@tcpdump.org list.
This commit is contained in:
parent
2b31a188b5
commit
839343cdce
|
@ -17,7 +17,7 @@
|
|||
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
||||
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
#
|
||||
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.108.2.16 2008-05-28 02:15:05 guy Exp $ (LBL)
|
||||
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.108.2.17 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
|
||||
#
|
||||
# Various configurable paths (remember to edit Makefile.in, not Makefile)
|
||||
|
@ -241,7 +241,6 @@ EXTRA_DIST = \
|
|||
msdos/readme.dos \
|
||||
net/bpf_filter.c \
|
||||
org.tcpdump.chmod_bpf.plist \
|
||||
packaging/pcap.spec \
|
||||
packaging/pcap.spec.in \
|
||||
pcap-bpf.c \
|
||||
pcap-bpf.h \
|
||||
|
|
82
README
82
README
|
@ -1,10 +1,25 @@
|
|||
@(#) $Header: /tcpdump/master/libpcap/README,v 1.18.1.1 1999-10-07 23:46:40 mcr Exp $ (LBL)
|
||||
@(#) $Header: /tcpdump/master/libpcap/README,v 1.30.4.1 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
|
||||
LIBPCAP 0.4
|
||||
Lawrence Berkeley National Laboratory
|
||||
Network Research Group
|
||||
libpcap@ee.lbl.gov
|
||||
ftp://ftp.ee.lbl.gov/libpcap.tar.Z
|
||||
LIBPCAP 0.9
|
||||
Now maintained by "The Tcpdump Group"
|
||||
See www.tcpdump.org
|
||||
|
||||
Please send inquiries/comments/reports to:
|
||||
tcpdump-workers@lists.tcpdump.org
|
||||
|
||||
Anonymous CVS is available via:
|
||||
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master login
|
||||
(password "anoncvs")
|
||||
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout libpcap
|
||||
|
||||
Version 0.9 of LIBPCAP can be retrieved with the CVS tag "libpcap_0_9rel1":
|
||||
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_0_9rel1 libpcap
|
||||
|
||||
Please send patches against the master copy to patches@tcpdump.org.
|
||||
|
||||
formerly from Lawrence Berkeley National Laboratory
|
||||
Network Research Group <libpcap@ee.lbl.gov>
|
||||
ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4)
|
||||
|
||||
This directory contains source code for libpcap, a system-independent
|
||||
interface for user-level packet capture. libpcap provides a portable
|
||||
|
@ -18,12 +33,30 @@ system-dependent packet capture modules in each application.
|
|||
|
||||
Note well: this interface is new and is likely to change.
|
||||
|
||||
For some platforms there are README.{system} files that discuss issues
|
||||
with the OS's interface for packet capture on those platforms, such as
|
||||
how to enable support for that interface in the OS, if it's not built in
|
||||
by default.
|
||||
|
||||
The libpcap interface supports a filtering mechanism based on the
|
||||
architecture in the BSD packet filter. BPF is described in the 1993
|
||||
Winter Usenix paper ``The BSD Packet Filter: A New Architecture for
|
||||
User-level Packet Capture''. A compressed postscript version is in:
|
||||
User-level Packet Capture''. A compressed PostScript version can be
|
||||
found at
|
||||
|
||||
ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z.
|
||||
ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z
|
||||
|
||||
or
|
||||
|
||||
http://www.tcpdump.org/papers/bpf-usenix93.ps.Z
|
||||
|
||||
and a gzipped version can be found at
|
||||
|
||||
http://www.tcpdump.org/papers/bpf-usenix93.ps.gz
|
||||
|
||||
A PDF version can be found at
|
||||
|
||||
http://www.tcpdump.org/papers/bpf-usenix93.pdf
|
||||
|
||||
Although most packet capture interfaces support in-kernel filtering,
|
||||
libpcap utilizes in-kernel filtering only for the BPF interface.
|
||||
|
@ -33,17 +66,30 @@ added overhead (especially, for selective filters). Ideally, libpcap
|
|||
would translate BPF filters into a filter program that is compatible
|
||||
with the underlying kernel subsystem, but this is not yet implemented.
|
||||
|
||||
BPF is standard in 4.4BSD, BSD/386, NetBSD, and FreeBSD. DEC OSF/1
|
||||
uses the packetfilter interface but has been extended to accept BPF
|
||||
filters (which libpcap utilizes). Also, you can add BPF filter support
|
||||
to Ultrix using the kernel source and/or object patches available in:
|
||||
BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, and OpenBSD. DEC
|
||||
OSF/1/Digital UNIX/Tru64 UNIX uses the packetfilter interface but has
|
||||
been extended to accept BPF filters (which libpcap utilizes). Also, you
|
||||
can add BPF filter support to Ultrix using the kernel source and/or
|
||||
object patches available in:
|
||||
|
||||
ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z.
|
||||
|
||||
Problems, bugs, questions, desirable enhancements, source code
|
||||
contributions, etc., should be sent to the email address
|
||||
"libpcap@ee.lbl.gov".
|
||||
Linux, in the 2.2 kernel and later kernels, has a "Socket Filter"
|
||||
mechanism that accepts BPF filters; see the README.linux file for
|
||||
information on configuring that option.
|
||||
|
||||
- Steve McCanne
|
||||
Craig Leres
|
||||
Van Jacobson
|
||||
Problems, bugs, questions, desirable enhancements, etc. should be sent
|
||||
to the address "tcpdump-workers@lists.tcpdump.org". Bugs, support
|
||||
requests, and feature requests may also be submitted on the SourceForge
|
||||
site for libpcap at
|
||||
|
||||
http://sourceforge.net/projects/libpcap/
|
||||
|
||||
Source code contributions, etc. should be sent to the email address
|
||||
"patches@tcpdump.org", or submitted as patches on the SourceForge site
|
||||
for libpcap.
|
||||
|
||||
Current versions can be found at www.tcpdump.org, or the SourceForge
|
||||
site for libpcap.
|
||||
|
||||
- The TCPdump team
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
Using BPF:
|
||||
|
||||
(1) AIX 4.x's version of BPF is undocumented and somewhat unstandard; the
|
||||
current BPF support code includes changes that should work around
|
||||
that; it appears to compile and work on at least one AIX 4.3.3
|
||||
machine.
|
||||
|
||||
Note that the BPF driver and the "/dev/bpf" devices might not exist
|
||||
on your machine; AIX's tcpdump loads the driver and creates the
|
||||
devices if they don't already exist. Our libpcap should do the
|
||||
same, and the configure script should detect that it's on an AIX
|
||||
system and choose BPF even if the devices aren't there.
|
||||
|
||||
(2) If libpcap doesn't compile on your machine when configured to use
|
||||
BPF, or if the workarounds fail to make it work correctly, you
|
||||
should send to tcpdump-workers@lists.tcpdump.org a detailed bug
|
||||
report (if the compile fails, send us the compile error messages;
|
||||
if it compiles but fails to work correctly, send us as detailed as
|
||||
possible a description of the symptoms, including indications of the
|
||||
network link-layer type being wrong or time stamps being wrong).
|
||||
|
||||
If you fix the problems yourself, please send to patches@tcpdump.org
|
||||
a patch, so we can incorporate them into the next release.
|
||||
|
||||
If you don't fix the problems yourself, you can, as a workaround,
|
||||
make libpcap use DLPI instead of BPF.
|
||||
|
||||
This can be done by specifying the flag:
|
||||
|
||||
--with-pcap=dlpi
|
||||
|
||||
to the "configure" script for libpcap.
|
||||
|
||||
If you use DLPI:
|
||||
|
||||
(1) It is a good idea to have the latest version of the DLPI driver on
|
||||
your system, since certain versions may be buggy and cause your AIX
|
||||
system to crash. DLPI is included in the fileset bos.rte.tty. I
|
||||
found that the DLPI driver that came with AIX 4.3.2 was buggy, and
|
||||
had to upgrade to bos.rte.tty 4.3.2.4:
|
||||
|
||||
lslpp -l bos.rte.tty
|
||||
|
||||
bos.rte.tty 4.3.2.4 COMMITTED Base TTY Support and Commands
|
||||
|
||||
Updates for AIX filesets can be obtained from:
|
||||
ftp://service.software.ibm.com/aix/fixes/
|
||||
|
||||
These updates can be installed with the smit program.
|
||||
|
||||
(2) After compiling libpcap, you need to make sure that the DLPI driver
|
||||
is loaded. Type:
|
||||
|
||||
strload -q -d dlpi
|
||||
|
||||
If the result is:
|
||||
|
||||
dlpi: yes
|
||||
|
||||
then the DLPI driver is loaded correctly.
|
||||
|
||||
If it is:
|
||||
|
||||
dlpi: no
|
||||
|
||||
Then you need to type:
|
||||
|
||||
strload -f /etc/dlpi.conf
|
||||
|
||||
Check again with strload -q -d dlpi that the dlpi driver is loaded.
|
||||
|
||||
Alternatively, you can uncomment the lines for DLPI in
|
||||
/etc/pse.conf and reboot the machine; this way DLPI will always
|
||||
be loaded when you boot your system.
|
||||
|
||||
(3) There appears to be a problem in the DLPI code in some versions of
|
||||
AIX, causing a warning about DL_PROMISC_MULTI failing; this might
|
||||
be responsible for DLPI not being able to capture outgoing packets.
|
|
@ -15,7 +15,7 @@ URL: http://www.tcpdump.org
|
|||
Packet-capture library LIBPCAP @VERSION@
|
||||
Now maintained by "The Tcpdump Group"
|
||||
See http://www.tcpdump.org
|
||||
Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
|
||||
Please send inquiries/comments/reports to tcpdump-workers@lists.tcpdump.org
|
||||
|
||||
%prep
|
||||
%setup
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap-filter.4,v 1.1.2.1 2008-01-06 21:14:56 guy Exp $ (LBL)
|
||||
.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap-filter.4,v 1.1.2.2 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
.\"
|
||||
.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
|
@ -904,7 +904,7 @@ icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply
|
|||
.fi
|
||||
.RE
|
||||
.SH "SEE ALSO"
|
||||
pcap(3)
|
||||
pcap(3PCAP)
|
||||
.SH AUTHORS
|
||||
The original authors are:
|
||||
.LP
|
||||
|
@ -930,7 +930,7 @@ The original distribution is available via anonymous ftp:
|
|||
Please send problems, bugs, questions, desirable enhancements, etc. to:
|
||||
.LP
|
||||
.RS
|
||||
tcpdump-workers@tcpdump.org
|
||||
tcpdump-workers@lists.tcpdump.org
|
||||
.RE
|
||||
.LP
|
||||
Filter expressions on fields other than those in Token Ring headers will
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.85.2.5 2008-04-14 20:41:52 guy Exp $ (LBL)
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.85.2.6 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef pcap_int_h
|
||||
|
@ -309,8 +309,8 @@ struct pcap_timeval {
|
|||
*
|
||||
* introduce a new structure for the new format;
|
||||
*
|
||||
* send mail to "tcpdump-workers@tcpdump.org", requesting a new
|
||||
* magic number for your new capture file format, and, when
|
||||
* send mail to "tcpdump-workers@lists.tcpdump.org", requesting
|
||||
* a new magic number for your new capture file format, and, when
|
||||
* you get the new magic number, put it in "savefile.c";
|
||||
*
|
||||
* use that magic number for save files with the changed record
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap.3pcap,v 1.1.2.5 2008-04-10 01:56:38 guy Exp $
|
||||
.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap.3pcap,v 1.1.2.6 2008-05-30 01:36:06 guy Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1994, 1996, 1997
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
|
@ -382,5 +382,5 @@ The current version is available from "The Tcpdump Group"'s Web site at
|
|||
Please send problems, bugs, questions, desirable enhancements, etc. to:
|
||||
.LP
|
||||
.RS
|
||||
tcpdump-workers@tcpdump.org
|
||||
tcpdump-workers@lists.tcpdump.org
|
||||
.RE
|
||||
|
|
16
pcap/bpf.h
16
pcap/bpf.h
|
@ -37,7 +37,7 @@
|
|||
*
|
||||
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/bpf.h,v 1.19.2.6 2008-04-06 18:10:08 guy Exp $ (LBL)
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/bpf.h,v 1.19.2.7 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -113,12 +113,12 @@ struct bpf_version {
|
|||
* Data-link level type codes.
|
||||
*
|
||||
* Do *NOT* add new values to this list without asking
|
||||
* "tcpdump-workers@tcpdump.org" for a value. Otherwise, you run the
|
||||
* risk of using a value that's already being used for some other purpose,
|
||||
* and of having tools that read libpcap-format captures not being able
|
||||
* to handle captures with your new DLT_ value, with no hope that they
|
||||
* will ever be changed to do so (as that would destroy their ability
|
||||
* to read captures using that value for that other purpose).
|
||||
* "tcpdump-workers@lists.tcpdump.org" for a value. Otherwise, you run
|
||||
* the risk of using a value that's already being used for some other
|
||||
* purpose, and of having tools that read libpcap-format captures not
|
||||
* being able to handle captures with your new DLT_ value, with no hope
|
||||
* that they will ever be changed to do so (as that would destroy their
|
||||
* ability to read captures using that value for that other purpose).
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -482,7 +482,7 @@ struct bpf_version {
|
|||
* for *their* private type and tools using them for *your* private type
|
||||
* would have to read them.
|
||||
*
|
||||
* Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value,
|
||||
* Instead, ask "tcpdump-workers@lists.tcpdump.org" for a new DLT_ value,
|
||||
* as per the comment above, and use the type you're given.
|
||||
*/
|
||||
#define DLT_USER0 147
|
||||
|
|
15
pcap/pcap.h
15
pcap/pcap.h
|
@ -31,7 +31,7 @@
|
|||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.4.2.8 2008-05-26 19:58:59 guy Exp $ (LBL)
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/pcap.h,v 1.4.2.9 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef lib_pcap_pcap_h
|
||||
|
@ -95,8 +95,8 @@ typedef struct pcap_addr pcap_addr_t;
|
|||
* introduce a new structure for the new format, if the layout
|
||||
* of the structure changed;
|
||||
*
|
||||
* send mail to "tcpdump-workers@tcpdump.org", requesting a new
|
||||
* magic number for your new capture file format, and, when
|
||||
* send mail to "tcpdump-workers@lists.tcpdump.org", requesting
|
||||
* a new magic number for your new capture file format, and, when
|
||||
* you get the new magic number, put it in "savefile.c";
|
||||
*
|
||||
* use that magic number for save files with the changed file
|
||||
|
@ -106,9 +106,12 @@ typedef struct pcap_addr pcap_addr_t;
|
|||
* the old file header as well as files with the new file header
|
||||
* (using the magic number to determine the header format).
|
||||
*
|
||||
* Then supply the changes to "patches@tcpdump.org", so that future
|
||||
* versions of libpcap and programs that use it (such as tcpdump) will
|
||||
* be able to read your new capture file format.
|
||||
* Then supply the changes as a patch at
|
||||
*
|
||||
* http://sourceforge.net/projects/libpcap/
|
||||
*
|
||||
* so that future versions of libpcap and programs that use it (such as
|
||||
* tcpdump) will be able to read your new capture file format.
|
||||
*/
|
||||
struct pcap_file_header {
|
||||
bpf_u_int32 magic;
|
||||
|
|
|
@ -0,0 +1,129 @@
|
|||
/*-
|
||||
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* This code is derived from the Stanford/CMU enet packet filter,
|
||||
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
|
||||
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
|
||||
* Berkeley Laboratory.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap/sll.h,v 1.2.2.1 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
/*
|
||||
* For captures on Linux cooked sockets, we construct a fake header
|
||||
* that includes:
|
||||
*
|
||||
* a 2-byte "packet type" which is one of:
|
||||
*
|
||||
* LINUX_SLL_HOST packet was sent to us
|
||||
* LINUX_SLL_BROADCAST packet was broadcast
|
||||
* LINUX_SLL_MULTICAST packet was multicast
|
||||
* LINUX_SLL_OTHERHOST packet was sent to somebody else
|
||||
* LINUX_SLL_OUTGOING packet was sent *by* us;
|
||||
*
|
||||
* a 2-byte Ethernet protocol field;
|
||||
*
|
||||
* a 2-byte link-layer type;
|
||||
*
|
||||
* a 2-byte link-layer address length;
|
||||
*
|
||||
* an 8-byte source link-layer address, whose actual length is
|
||||
* specified by the previous value.
|
||||
*
|
||||
* All fields except for the link-layer address are in network byte order.
|
||||
*
|
||||
* DO NOT change the layout of this structure, or change any of the
|
||||
* LINUX_SLL_ values below. If you must change the link-layer header
|
||||
* for a "cooked" Linux capture, introduce a new DLT_ type (ask
|
||||
* "tcpdump-workers@lists.tcpdump.org" for one, so that you don't give it
|
||||
* a value that collides with a value already being used), and use the
|
||||
* new header in captures of that type, so that programs that can
|
||||
* handle DLT_LINUX_SLL captures will continue to handle them correctly
|
||||
* without any change, and so that capture files with different headers
|
||||
* can be told apart and programs that read them can dissect the
|
||||
* packets in them.
|
||||
*/
|
||||
|
||||
#ifndef lib_pcap_sll_h
|
||||
#define lib_pcap_sll_h
|
||||
|
||||
/*
|
||||
* A DLT_LINUX_SLL fake link-layer header.
|
||||
*/
|
||||
#define SLL_HDR_LEN 16 /* total header length */
|
||||
#define SLL_ADDRLEN 8 /* length of address field */
|
||||
|
||||
struct sll_header {
|
||||
u_int16_t sll_pkttype; /* packet type */
|
||||
u_int16_t sll_hatype; /* link-layer address type */
|
||||
u_int16_t sll_halen; /* link-layer address length */
|
||||
u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */
|
||||
u_int16_t sll_protocol; /* protocol */
|
||||
};
|
||||
|
||||
/*
|
||||
* The LINUX_SLL_ values for "sll_pkttype"; these correspond to the
|
||||
* PACKET_ values on Linux, but are defined here so that they're
|
||||
* available even on systems other than Linux, and so that they
|
||||
* don't change even if the PACKET_ values change.
|
||||
*/
|
||||
#define LINUX_SLL_HOST 0
|
||||
#define LINUX_SLL_BROADCAST 1
|
||||
#define LINUX_SLL_MULTICAST 2
|
||||
#define LINUX_SLL_OTHERHOST 3
|
||||
#define LINUX_SLL_OUTGOING 4
|
||||
|
||||
/*
|
||||
* The LINUX_SLL_ values for "sll_protocol"; these correspond to the
|
||||
* ETH_P_ values on Linux, but are defined here so that they're
|
||||
* available even on systems other than Linux. We assume, for now,
|
||||
* that the ETH_P_ values won't change in Linux; if they do, then:
|
||||
*
|
||||
* if we don't translate them in "pcap-linux.c", capture files
|
||||
* won't necessarily be readable if captured on a system that
|
||||
* defines ETH_P_ values that don't match these values;
|
||||
*
|
||||
* if we do translate them in "pcap-linux.c", that makes life
|
||||
* unpleasant for the BPF code generator, as the values you test
|
||||
* for in the kernel aren't the values that you test for when
|
||||
* reading a capture file, so the fixup code run on BPF programs
|
||||
* handed to the kernel ends up having to do more work.
|
||||
*
|
||||
* Add other values here as necessary, for handling packet types that
|
||||
* might show up on non-Ethernet, non-802.x networks. (Not all the ones
|
||||
* in the Linux "if_ether.h" will, I suspect, actually show up in
|
||||
* captures.)
|
||||
*/
|
||||
#define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */
|
||||
#define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */
|
||||
|
||||
#endif
|
|
@ -0,0 +1,302 @@
|
|||
/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
|
||||
/*
|
||||
* Copyright (c) 1993, 1994, 1995, 1996, 1997
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the Computer Systems
|
||||
* Engineering Group at Lawrence Berkeley Laboratory.
|
||||
* 4. Neither the name of the University nor of the Laboratory may be used
|
||||
* to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap1.h,v 1.3.2.1 2008-05-30 01:36:06 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef lib_pcap_h
|
||||
#define lib_pcap_h
|
||||
|
||||
#ifdef WIN32
|
||||
#include <pcap-stdinc.h>
|
||||
#else /* WIN32 */
|
||||
#include <sys/types.h>
|
||||
#include <sys/time.h>
|
||||
#endif /* WIN32 */
|
||||
|
||||
#ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H
|
||||
#include <pcap/bpf.h>
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define PCAP_VERSION_MAJOR 3
|
||||
#define PCAP_VERSION_MINOR 0
|
||||
|
||||
#define PCAP_ERRBUF_SIZE 256
|
||||
|
||||
/*
|
||||
* Compatibility for systems that have a bpf.h that
|
||||
* predates the bpf typedefs for 64-bit support.
|
||||
*/
|
||||
#if BPF_RELEASE - 0 < 199406
|
||||
typedef int bpf_int32;
|
||||
typedef u_int bpf_u_int32;
|
||||
#endif
|
||||
|
||||
typedef struct pcap pcap_t;
|
||||
typedef struct pcap_dumper pcap_dumper_t;
|
||||
typedef struct pcap_if pcap_if_t;
|
||||
typedef struct pcap_addr pcap_addr_t;
|
||||
|
||||
/*
|
||||
* The first record in the file contains saved values for some
|
||||
* of the flags used in the printout phases of tcpdump.
|
||||
* Many fields here are 32 bit ints so compilers won't insert unwanted
|
||||
* padding; these files need to be interchangeable across architectures.
|
||||
*
|
||||
* Do not change the layout of this structure, in any way (this includes
|
||||
* changes that only affect the length of fields in this structure).
|
||||
*
|
||||
* Also, do not change the interpretation of any of the members of this
|
||||
* structure, in any way (this includes using values other than
|
||||
* LINKTYPE_ values, as defined in "savefile.c", in the "linktype"
|
||||
* field).
|
||||
*
|
||||
* Instead:
|
||||
*
|
||||
* introduce a new structure for the new format, if the layout
|
||||
* of the structure changed;
|
||||
*
|
||||
* send mail to "tcpdump-workers@lists.tcpdump.org", requesting
|
||||
* a new magic number for your new capture file format, and, when
|
||||
* you get the new magic number, put it in "savefile.c";
|
||||
*
|
||||
* use that magic number for save files with the changed file
|
||||
* header;
|
||||
*
|
||||
* make the code in "savefile.c" capable of reading files with
|
||||
* the old file header as well as files with the new file header
|
||||
* (using the magic number to determine the header format).
|
||||
*
|
||||
* Then supply the changes to "patches@tcpdump.org", so that future
|
||||
* versions of libpcap and programs that use it (such as tcpdump) will
|
||||
* be able to read your new capture file format.
|
||||
*/
|
||||
|
||||
enum pcap1_info_types {
|
||||
PCAP_DATACAPTURE,
|
||||
PCAP_TIMESTAMP,
|
||||
PCAP_WALLTIME,
|
||||
PCAP_TIMESKEW,
|
||||
PCAP_PROBEPLACE, /* aka direction */
|
||||
PCAP_COMMENT, /* comment */
|
||||
};
|
||||
|
||||
struct pcap1_info_container {
|
||||
bpf_u_int32 info_len; /* in bytes */
|
||||
bpf_u_int32 info_type; /* enum pcap1_info_types */
|
||||
unsigned char info_data[0];
|
||||
};
|
||||
|
||||
struct pcap1_info_timestamp {
|
||||
struct pcap1_info_container pic;
|
||||
bpf_u_int32 nanoseconds; /* 10^-9 of seconds */
|
||||
bpf_u_int32 seconds; /* seconds since Unix epoch - GMT */
|
||||
bpf_u_int16 macroseconds; /* 16 bits more of MSB of time */
|
||||
bpf_u_int16 sigfigs; /* accuracy of timestamps - LSB bits */
|
||||
};
|
||||
|
||||
struct pcap1_info_packet {
|
||||
struct pcap1_info_container pic;
|
||||
bpf_u_int32 caplen; /* length of portion present */
|
||||
bpf_u_int32 len; /* length this packet (off wire) */
|
||||
bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */
|
||||
bpf_u_int32 ifIndex; /* abstracted interface index */
|
||||
unsigned char packet_data[0];
|
||||
};
|
||||
|
||||
enum pcap1_probe {
|
||||
INBOUND =1,
|
||||
OUTBOUND =2,
|
||||
FORWARD =3,
|
||||
PREENCAP =4,
|
||||
POSTDECAP=5,
|
||||
};
|
||||
|
||||
struct pcap1_info_probe {
|
||||
struct pcap1_info_container pic;
|
||||
bpf_u_int32 probeloc; /* enum pcap1_probe */
|
||||
unsigned char probe_desc[0];
|
||||
};
|
||||
|
||||
struct pcap1_info_comment {
|
||||
struct pcap1_info_container pic;
|
||||
unsigned char comment[0];
|
||||
};
|
||||
|
||||
struct pcap1_packet_header {
|
||||
bpf_u_int32 magic;
|
||||
u_short version_major;
|
||||
u_short version_minor;
|
||||
bpf_u_int32 block_len;
|
||||
struct pcap1_info_container pics[0];
|
||||
};
|
||||
|
||||
/*
|
||||
* Each packet in the dump file is prepended with this generic header.
|
||||
* This gets around the problem of different headers for different
|
||||
* packet interfaces.
|
||||
*/
|
||||
|
||||
/*
|
||||
* As returned by the pcap_stats()
|
||||
*/
|
||||
struct pcap_stat {
|
||||
u_int ps_recv; /* number of packets received */
|
||||
u_int ps_drop; /* number of packets dropped */
|
||||
u_int ps_ifdrop; /* drops by interface XXX not yet supported */
|
||||
#ifdef WIN32
|
||||
u_int bs_capt; /* number of packets that reach the application */
|
||||
#endif /* WIN32 */
|
||||
};
|
||||
|
||||
/*
|
||||
* Item in a list of interfaces.
|
||||
*/
|
||||
struct pcap_if {
|
||||
struct pcap_if *next;
|
||||
char *name; /* name to hand to "pcap_open_live()" */
|
||||
char *description; /* textual description of interface, or NULL */
|
||||
struct pcap_addr *addresses;
|
||||
bpf_u_int32 flags; /* PCAP_IF_ interface flags */
|
||||
};
|
||||
|
||||
#define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */
|
||||
|
||||
/*
|
||||
* Representation of an interface address.
|
||||
*/
|
||||
struct pcap_addr {
|
||||
struct pcap_addr *next;
|
||||
struct sockaddr *addr; /* address */
|
||||
struct sockaddr *netmask; /* netmask for that address */
|
||||
struct sockaddr *broadaddr; /* broadcast address for that address */
|
||||
struct sockaddr *dstaddr; /* P2P destination address for that address */
|
||||
};
|
||||
|
||||
typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
|
||||
const u_char *);
|
||||
|
||||
char *pcap_lookupdev(char *);
|
||||
int pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
|
||||
pcap_t *pcap_open_live(const char *, int, int, int, char *);
|
||||
pcap_t *pcap_open_dead(int, int);
|
||||
pcap_t *pcap_open_offline(const char *, char *);
|
||||
void pcap_close(pcap_t *);
|
||||
int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
|
||||
int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
|
||||
const u_char*
|
||||
pcap_next(pcap_t *, struct pcap_pkthdr *);
|
||||
int pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
|
||||
void pcap_breakloop(pcap_t *);
|
||||
int pcap_stats(pcap_t *, struct pcap_stat *);
|
||||
int pcap_setfilter(pcap_t *, struct bpf_program *);
|
||||
int pcap_getnonblock(pcap_t *, char *);
|
||||
int pcap_setnonblock(pcap_t *, int, char *);
|
||||
void pcap_perror(pcap_t *, char *);
|
||||
char *pcap_strerror(int);
|
||||
char *pcap_geterr(pcap_t *);
|
||||
int pcap_compile(pcap_t *, struct bpf_program *, char *, int,
|
||||
bpf_u_int32);
|
||||
int pcap_compile_nopcap(int, int, struct bpf_program *,
|
||||
char *, int, bpf_u_int32);
|
||||
void pcap_freecode(struct bpf_program *);
|
||||
int pcap_datalink(pcap_t *);
|
||||
int pcap_list_datalinks(pcap_t *, int **);
|
||||
int pcap_set_datalink(pcap_t *, int);
|
||||
int pcap_datalink_name_to_val(const char *);
|
||||
const char *pcap_datalink_val_to_name(int);
|
||||
const char *pcap_datalink_val_to_description(int);
|
||||
int pcap_snapshot(pcap_t *);
|
||||
int pcap_is_swapped(pcap_t *);
|
||||
int pcap_major_version(pcap_t *);
|
||||
int pcap_minor_version(pcap_t *);
|
||||
|
||||
/* XXX */
|
||||
FILE *pcap_file(pcap_t *);
|
||||
int pcap_fileno(pcap_t *);
|
||||
|
||||
pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
|
||||
int pcap_dump_flush(pcap_dumper_t *);
|
||||
void pcap_dump_close(pcap_dumper_t *);
|
||||
void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
|
||||
FILE *pcap_dump_file(pcap_dumper_t *);
|
||||
|
||||
int pcap_findalldevs(pcap_if_t **, char *);
|
||||
void pcap_freealldevs(pcap_if_t *);
|
||||
|
||||
const char *pcap_lib_version(void);
|
||||
|
||||
/* XXX this guy lives in the bpf tree */
|
||||
u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
|
||||
int bpf_validate(struct bpf_insn *f, int len);
|
||||
char *bpf_image(struct bpf_insn *, int);
|
||||
void bpf_dump(struct bpf_program *, int);
|
||||
|
||||
#ifdef WIN32
|
||||
/*
|
||||
* Win32 definitions
|
||||
*/
|
||||
|
||||
int pcap_setbuff(pcap_t *p, int dim);
|
||||
int pcap_setmode(pcap_t *p, int mode);
|
||||
int pcap_sendpacket(pcap_t *p, u_char *buf, int size);
|
||||
int pcap_setmintocopy(pcap_t *p, int size);
|
||||
|
||||
#ifdef WPCAP
|
||||
/* Include file with the wpcap-specific extensions */
|
||||
#include <Win32-Extensions.h>
|
||||
#endif
|
||||
|
||||
#define MODE_CAPT 0
|
||||
#define MODE_STAT 1
|
||||
|
||||
#else
|
||||
/*
|
||||
* UN*X definitions
|
||||
*/
|
||||
|
||||
int pcap_get_selectable_fd(pcap_t *);
|
||||
|
||||
#endif /* WIN32 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
19
savefile.c
19
savefile.c
|
@ -30,7 +30,7 @@
|
|||
|
||||
#ifndef lint
|
||||
static const char rcsid[] _U_ =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.168.2.7 2008-04-14 20:41:52 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.168.2.8 2008-05-30 01:36:06 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
|
@ -147,11 +147,12 @@ static const char rcsid[] _U_ =
|
|||
*
|
||||
* In order to ensure that a given LINKTYPE_* code's value will refer to
|
||||
* the same encapsulation type on all platforms, you should not allocate
|
||||
* a new LINKTYPE_* value without consulting "tcpdump-workers@tcpdump.org".
|
||||
* The tcpdump developers will allocate a value for you, and will not
|
||||
* subsequently allocate it to anybody else; that value will be added to
|
||||
* the "pcap.h" in the tcpdump.org CVS repository, so that a future
|
||||
* libpcap release will include it.
|
||||
* a new LINKTYPE_* value without consulting
|
||||
* "tcpdump-workers@lists.tcpdump.org". The tcpdump developers will
|
||||
* allocate a value for you, and will not subsequently allocate it to
|
||||
* anybody else; that value will be added to the "pcap.h" in the
|
||||
* tcpdump.org CVS repository, so that a future libpcap release will
|
||||
* include it.
|
||||
*
|
||||
* You should, if possible, also contribute patches to libpcap and tcpdump
|
||||
* to handle the new encapsulation type, so that they can also be checked
|
||||
|
@ -313,9 +314,9 @@ static const char rcsid[] _U_ =
|
|||
* for *their* private type and tools using them for *your* private type
|
||||
* would have to read them.
|
||||
*
|
||||
* Instead, in those cases, ask "tcpdump-workers@tcpdump.org" for a new DLT_
|
||||
* and LINKTYPE_ value, as per the comment in pcap/bpf.h, and use the type
|
||||
* you're given.
|
||||
* Instead, in those cases, ask "tcpdump-workers@lists.tcpdump.org" for a
|
||||
* new DLT_ and LINKTYPE_ value, as per the comment in pcap/bpf.h, and use
|
||||
* the type you're given.
|
||||
*/
|
||||
#define LINKTYPE_USER0 147
|
||||
#define LINKTYPE_USER1 148
|
||||
|
|
Reference in New Issue