diff --git a/pcap.3pcap b/pcap.3pcap index 45e0f8b..f79996e 100644 --- a/pcap.3pcap +++ b/pcap.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -38,16 +38,145 @@ through this mechanism. It also supports saving captured packets to a ``savefile'', and reading packets from a ``savefile''. .PP -To open a live capture stream, call -.BR pcap_open_live() , -and to open a ``savefile'' to read the packets in that file, call +To open a handle for a live capture, call +.BR pcap_create() , +set the appropriate options on the handle, and then activate it with +.BR pcap_activate() . +To open a handle for a ``savefile'' with captured packets, call .BR pcap_open_offline() . -Both routines return a pointer to a +Both +.B pcap_create() +and +.B pcap_open_offline() +return a pointer to a .BR pcap_t , which is the handle used for reading packets from the capture stream or the ``savefile'', and for finding out information about the capture stream or ``savefile''. .PP +The options that can be set on a capture handle include +.IP "snapshot length" +If, when capturing, you capture the entire contents of the packet, that +requires more CPU time to copy the packet to your application, more disk +and possibly network bandwidth to write the packet data to a file, and +more disk space to save the packet. If you don't need the entire +contents of the packet - for example, if you are only interested in the +TCP headers of packets - you can set the "snapshot length" for the +capture to an appropriate value. If the snapshot length is set to +.IR snaplen , +and +.I snaplen +is less +than the size of a packet that is captured, only the first +.I snaplen +bytes of that packet will be captured and provided as packet data. +.IP +A snapshot length of 65535 should be sufficient, on most if not all +networks, to capture all the data available from the packet. +.IP +The snapshot length is set with +.BR pcap_set_snaplen() . +.IP "promiscuous mode" +On broadcast LANs such as Ethernet, if the network isn't switched, or if +the adapter is connected to a "mirror port" on a switch to which all +packets passing through the switch are sent, a network adapter receives +all packets on the LAN, including unicast or multicast packets not sent +to a network address that the network adapter isn't configured to +recognize. +.IP +Normally, the adapter will discard those packets; however, many network +adapters support "promiscuous mode", which is a mode in which all +packets, even if they are not sent to an address that the adapter +recognizes, are provided to the host. This is useful for passively +capturing traffic between two or more other hosts for analysis. +.IP +Note that even if an application does not set promiscuous mode, the +adapter could well be in promiscuous mode for some other reason. +.IP +For now, this doesn't work on the "any" device; if an argument of "any" +or NULL is supplied, the setting of promiscuous mode is ignored. +.IP +Promiscuous mode is set with +.BR pcap_set_promisc() . +.IP "monitor mode" +On IEEE 802.11 wireless LANs, even if an adapter is in promiscuous mode, +it will supply to the host only frames for the network with which it's +associated. It might also supply only data frames, not management or +control frames, and might not provide the 802.11 header or radio +information pseudo-header for those frames. +.IP +In "monitor mode", sometimes also called "rfmon mode" (for "Radio +Frequency MONitor"), the adapter will supply all frames that it +receives, with 802.11 headers, and might supply a pseudo-header with +radio information about the frame as well. +.IP +Note that in monitor mode the adapter might disassociate from the +network with which it's associated, so that you will not be able to use +any wireless networks with that adapter. This could prevent accessing +files on a network server, or resolving host names or network addresses, +if you are capturing in monitor mode and are not connected to another +network with another adapter. +.IP +Monitor mode is set with +.BR pcap_set_rfmon() , +and +.B pcap_can_set_rfmon() +can be used to determine whether an adapter can be put into monitor +mode. +.IP "read timeout" +If, when capturing, packets are delivered as soon as they arrive, the +application capturing the packets will be woken up for each packet as it +arrives, and might have to make one or more calls to the operating +system to fetch each packet. +.IP +If, instead, packets are not delivered as soon as they arrive, but are +delivered after a short delay (called a "read timeout"), more than one +packet can be accumulated before the packets are delivered, so that a +single wakeup would be done for multiple packets, and each set of calls +made to the operating system would supply multiple packets, rather than +a single packet. This reduces the per-packet CPU overhead if packets +are arriving at a high rate, increasing the number of packets per second +that can be captured. +.IP +The read timeout is required so that an application won't wait for the +operating system's capture buffer to fill up before packets are +delivered; if packets are arriving slowly, that wait could take an +arbitrarily long period of time. +.IP +Not all platforms support a read timeout; on platforms that +don't, the read timeout is ignored. A zero value for the timeout, +on platforms that support a read timeout, +will cause a read to wait forever to allow enough packets to +arrive, with no timeout. +.IP +.BR NOTE : +the read timeout cannot be used to cause calls that read +packets to return within a limited period of time, because, on some +platforms, the read timeout isn't supported, and, on other platforms, +the timer doesn't start until at least one packet arrives. This means +that the read timeout should +.B NOT +be used, for example, in an interactive application to allow the packet +capture loop to ``poll'' for user input periodically, as there's no +guarantee that a call reading packets will return after the timeout +expires even if no packets have arrived. +.IP +The read timeout is set with +.BR pcap_set_timeout() . +.IP "buffer size" +Packets that arrive for a capture are stored in a buffer, so that they +do not have to be read by the application as soon as they arrive. On +some platforms, the buffer's size can be set; a size that's too small +could mean that, if too many packets are being captured and the snapshot +length doesn't limit the amount of data that's buffered, packets could +be dropped if the buffer fills up before the application can read +packets from it, while a size that's too large could use more +non-pageable operating system memory than is necessary to prevent +packets from being dropped. +.IP +The buffer size is set with +.BR pcap_set_buffer_size() . +.PP To open a ``savefile`` to which to write packets, call .BR pcap_dump_open() . It returns a pointer to a @@ -69,7 +198,7 @@ The callback for and .BR pcap_loop() is supplied a pointer to a -.IR struct pcap_pkthdr , +.IR "struct pcap_pkthdr" , which includes the following members: .RS .TP @@ -120,9 +249,38 @@ performed will limit the amount of packet data available. returns that pointer; .B pcap_next_ex() supplies that pointer through a pointer argument. -.SH ROUTINES +.SH BACKWARDS COMPATIBILITY +.PP +In versions of libpcap prior to 1.0, the +.B pcap.h +header file was not in a +.B pcap +directory on most platforms; if you are writing an application that must +work on versions of libpcap prior to 1.0, include +.BR , +which will include +.B +for you, rather than including +.BR . +.PP +.B pcap_create() +and +.B pcap_activate() +were not available in versions of libpcap prior to 1.0; if you are +writing an application that must work on versions of libpcap prior to +1.0, either use +.B pcap_open_live() +to get a handle for a live capture or, if you want to be able to use the +additional capabilities offered by using +.B pcap_create() +and +.BR pcap_activate() , +use an +.BR autoconf (1) +script or some other configuration script to check whether the libpcap +1.0 APIs are available and use them only if they are. .SH SEE ALSO -tcpdump(1), tcpslice(1), pcap-filter(4) +autoconf(1), tcpdump(1), tcpslice(1), pcap-filter(4) .SH AUTHORS The original authors of libpcap are: .LP diff --git a/pcap_activate.3pcap b/pcap_activate.3pcap new file mode 100644 index 0000000..94d7330 --- /dev/null +++ b/pcap_activate.3pcap @@ -0,0 +1,62 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_activate.3pcap,v 1.1 2008-04-06 02:53:21 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_ACTIVATE 3PCAP "5 April 2008" +.SH NAME +pcap_activate \- activate a capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.ft +.LP +.ft B +int pcap_activate(pcap_t *p); +.ft +.fi +.SH DESCRIPTION +.B pcap_activate() +is used to activate a packet capture handle to look +at packets on the network, with the options that were set on the handle +being in effect. +.SH RETURN VALUE +.B pcap_activate() +returns 0 on success, +.B PCAP_ERROR_ACTIVATED +if the handle has already been activated, +.B PCAP_ERROR_NO_SUCH_DEVICE +if the capture source specified when the handle was created doesn't exist, +.B PCAP_ERROR_RFMON_NOTSUP +if monitor mode was specified but the capture source doesn't support +monitor mode, and +.B PCAP_ERROR +if an error occurred. +If +.B PCAP_ERROR +is returned, +.B pcap_geterr() +or +.B pcap_perror() +may be called with +.I p +as an argument to fetch or display the error text. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_breakloop.3pcap b/pcap_breakloop.3pcap index d344ee8..2372348 100644 --- a/pcap_breakloop.3pcap +++ b/pcap_breakloop.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_breakloop.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_breakloop.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_BREAKLOOP 3PCAP "4 April 2008" +.TH PCAP_BREAKLOOP 3PCAP "5 April 2008" .SH NAME pcap_breakloop \- force a pcap_dispatch() or pcap_loop() call to return .SH SYNOPSIS @@ -102,4 +102,4 @@ the flag is cleared, so a subsequent call will resume reading packets. If a positive number is returned, the flag is not cleared, so a subsequent call will return \-2 and clear the flag. .SH SEE ALSO -pcap_loop(3PCAP), pcap_next_ex(3PCAP) +pcap(3PCAP), pcap_loop(3PCAP), pcap_next_ex(3PCAP) diff --git a/pcap_can_set_rfmon.3pcap b/pcap_can_set_rfmon.3pcap new file mode 100644 index 0000000..4c85e23 --- /dev/null +++ b/pcap_can_set_rfmon.3pcap @@ -0,0 +1,60 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_can_set_rfmon.3pcap,v 1.1 2008-04-06 02:53:21 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_CAN_SET_RFMON 3PCAP "5 April 2008" +.SH NAME +pcap_can_set_rfmon \- check whether monitor mode can be set for a +not-yet-activated capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.LP +.ft B +int pcap_can_set_rfmon(pcap_t *p); +.ft +.fi +.SH DESCRIPTION +.B pcap_can_set_rfmon() +checks whether monitor mode could be set on a capture handle when +the handle is activated. +.SH RETURN VALUE +.B pcap_set_rfmon() +returns 0 if monitor mode could not be set, +1 if monitor mode could be set, +.B PCAP_ERROR_NO_SUCH_DEVICE +if the device specified when the handle was created doesn't exist, +.B PCAP_ERROR_ACTIVATED +if called on a capture handle that has been activated, or +.B PCAP_ERROR +if an error occurred. +If +.B PCAP_ERROR +is returned, +.B pcap_geterr() +or +.B pcap_perror() +may be called with +.I p +as an argument to fetch or display the error text. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), +pcap_set_rfmon(3PCAP) diff --git a/pcap_close.3pcap b/pcap_close.3pcap index e3feca1..810664d 100644 --- a/pcap_close.3pcap +++ b/pcap_close.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_close.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_close.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_CLOSE 3PCAP "4 April 2008" +.TH PCAP_CLOSE 3PCAP "5 April 2008" .SH NAME pcap_close \- close a capture device or savefile .SH SYNOPSIS @@ -37,3 +37,5 @@ void pcap_close(pcap_t *p); closes the files associated with .I p and deallocates resources. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_compile.3pcap b/pcap_compile.3pcap index b11daa5..1506017 100644 --- a/pcap_compile.3pcap +++ b/pcap_compile.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_compile.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_compile.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_COMPILE 3PCAP "4 April 2008" +.TH PCAP_COMPILE 3PCAP "5 April 2008" .SH NAME pcap_compile \- compile a filter expression .SH SYNOPSIS @@ -68,5 +68,5 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_setfilter(3PCAP), pcap_freecode(3PCAP), pcap_geterr(3PCAP), -pcap-filter(4) +pcap(3PCAP), pcap_setfilter(3PCAP), pcap_freecode(3PCAP), +pcap_geterr(3PCAP), pcap-filter(4) diff --git a/pcap_create.3pcap b/pcap_create.3pcap new file mode 100644 index 0000000..153f9fd --- /dev/null +++ b/pcap_create.3pcap @@ -0,0 +1,74 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_create.3pcap,v 1.1 2008-04-06 02:53:21 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_CREATE 3PCAP "5 April 2008" +.SH NAME +pcap_create \- create a live capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.ft +.LP +.nf +.ft B +char errbuf[PCAP_ERRBUF_SIZE]; +.ft +.LP +.ft B +pcap_t *pcap_create(const char *source, char *errbuf); +.ft +.fi +.SH DESCRIPTION +.B pcap_create() +is used to create a packet capture handle to look +at packets on the network. +.I source +is a string that specifies the network device to open; on Linux systems +with 2.2 or later kernels, a +.I source +argument of "any" or +.B NULL +can be used to capture packets from all interfaces. +.PP +The returned handle must be activated with +.B pcap_activate() +before packets can be captured +with it; options for the capture, such as promiscuous mode, can be set +on the handle before activating it. +.SH RETURN VALUE +.B pcap_create() +returns a +.I pcap_t * +on success and +.B NULL +on failure. +If +.B NULL +is returned, +.I errbuf +is filled in with an appropriate error message. +.I errbuf +is assumed to be able to hold at least +.B PCAP_ERRBUF_SIZE +chars. +.SH SEE ALSO +pcap(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_datalink.3pcap b/pcap_datalink.3pcap index 1bef624..46579b9 100644 --- a/pcap_datalink.3pcap +++ b/pcap_datalink.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_datalink.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_datalink.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DATALINK 3PCAP "4 April 2008" +.TH PCAP_DATALINK 3PCAP "5 April 2008" .SH NAME pcap_datalink \- get the link-layer header type .SH SYNOPSIS @@ -37,3 +37,5 @@ int pcap_datalink(pcap_t *p); returns the link layer type for the live capture or ``savefile'' specified by .IR p . +.SH SEE ALSO +pcap(3PCAP), pcap-linktype(4) diff --git a/pcap_datalink_name_to_val.3pcap b/pcap_datalink_name_to_val.3pcap index 868456e..93daafd 100644 --- a/pcap_datalink_name_to_val.3pcap +++ b/pcap_datalink_name_to_val.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_datalink_name_to_val.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_datalink_name_to_val.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DATALINK_NAME_TO_VAL 3PCAP "4 April 2008" +.TH PCAP_DATALINK_NAME_TO_VAL 3PCAP "5 April 2008" .SH NAME pcap_datalink_name_to_val \- get the link-layer header type value corresponding to a header type name @@ -44,3 +44,5 @@ is case-insensitive. .SH RETURN VALUE .B pcap_datalink_name_to_val() returns 0 on success and \-1 on failure. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_datalink_val_to_name b/pcap_datalink_val_to_name new file mode 100644 index 0000000..80614d4 --- /dev/null +++ b/pcap_datalink_val_to_name @@ -0,0 +1,63 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_datalink_val_to_name,v 1.1 2008-04-06 02:53:21 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_DATALINK_VAL_TO_NAME 3 "4 April 2008" +.SH NAME +pcap_datalink_val_to_name, pcap_datalink_val_to_description \- get a +name or description for a link-layer header type value +.SH SYNOPSIS +.nf +.ft B +#include +.ft +.LP +.ft B +const char *pcap_datalink_val_to_name(int dlt); +const char *pcap_datalink_val_to_description(int dlt); +.ft +.fi +.SH DESCRIPTION +.B pcap_datalink_val_to_name() +translates a data link type value to the corresponding data link type +name. NULL is returned on failure. +.PP +.B pcap_datalink_val_to_description() +translates a data link type value to a short description of that data +link type. NULL is returned on failure. +.SH AUTHORS +The original authors are: +.LP +Van Jacobson, +Craig Leres and +Steven McCanne, all of the +Lawrence Berkeley National Laboratory, University of California, Berkeley, CA. +.LP +The current version is available from "The Tcpdump Group"'s Web site at +.LP +.RS +.I http://www.tcpdump.org/ +.RE +.SH BUGS +Please send problems, bugs, questions, desirable enhancements, etc. to: +.LP +.RS +tcpdump-workers@tcpdump.org +.RE diff --git a/pcap_dump.3pcap b/pcap_dump.3pcap index 5451db4..1ccd82a 100644 --- a/pcap_dump.3pcap +++ b/pcap_dump.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DUMP 3PCAP "4 April 2008" +.TH PCAP_DUMP 3PCAP "5 April 2008" .SH NAME pcap_dump \- write a packet to a capture file .SH SYNOPSIS @@ -49,4 +49,5 @@ parameter is of type as returned by .BR pcap_dump_open() . .SH SEE ALSO -pcap_dump_open(3PCAP), pcap_dispatch(3PCAP), pcap_loop(3PCAP) +pcap(3PCAP), pcap_dump_open(3PCAP), pcap_dispatch(3PCAP), +pcap_loop(3PCAP) diff --git a/pcap_dump_close.3pcap b/pcap_dump_close.3pcap index d3edb9a..4ed820b 100644 --- a/pcap_dump_close.3pcap +++ b/pcap_dump_close.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_close.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_close.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DUMP_CLOSE 3PCAP "4 April 2008" +.TH PCAP_DUMP_CLOSE 3PCAP "5 April 2008" .SH NAME pcap_dump_close \- close a savefile being written to .SH SYNOPSIS @@ -36,4 +36,4 @@ void pcap_dump_close(pcap_dumper_t *p); .B pcap_dump_close() closes the ``savefile.'' .SH SEE ALSO -pcap_dump_open(3PCAP), pcap_dump(3PCAP) +pcap(3PCAP), pcap_dump_open(3PCAP), pcap_dump(3PCAP) diff --git a/pcap_dump_file.3pcap b/pcap_dump_file.3pcap index 900db12..9e51a2a 100644 --- a/pcap_dump_file.3pcap +++ b/pcap_dump_file.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_file.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_file.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DUMP_FILE 3PCAP "4 April 2008" +.TH PCAP_DUMP_FILE 3PCAP "5 April 2008" .SH NAME pcap_dump_file \- get the standard I/O stream for a savefile being written .SH SYNOPSIS @@ -36,3 +36,5 @@ FILE *pcap_dump_file(pcap_dumper_t *p); .B pcap_dump_file() returns the standard I/O stream of the ``savefile'' opened by .BR pcap_dump_open() . +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_dump_flush.3pcap b/pcap_dump_flush.3pcap index 09182e6..b553883 100644 --- a/pcap_dump_flush.3pcap +++ b/pcap_dump_flush.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_flush.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_flush.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DUMP_FLUSH 3PCAP "4 April 2008" +.TH PCAP_DUMP_FLUSH 3PCAP "5 April 2008" .SH NAME pcap_dump_flush \- flush to a savefile packets dumped .SH SYNOPSIS @@ -42,4 +42,4 @@ but not yet written to the ``savefile'' will be written. .B pcap_dump_flush() returns 0 on success and \-1 on failure. .SH SEE ALSO -pcap_dump_open(3PCAP), pcap_dump(3PCAP) +pcap(3PCAP), pcap_dump_open(3PCAP), pcap_dump(3PCAP) diff --git a/pcap_dump_ftell.3pcap b/pcap_dump_ftell.3pcap index 2d53b4d..1d0f96f 100644 --- a/pcap_dump_ftell.3pcap +++ b/pcap_dump_ftell.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_ftell.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_dump_ftell.3pcap,v 1.3 2008-04-06 02:53:21 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DUMP_FTELL 3PCAP "4 April 2008" +.TH PCAP_DUMP_FTELL 3PCAP "5 April 2008" .SH NAME pcap_dump_ftell \- get the current file offset for a savefile being written .SH SYNOPSIS @@ -41,4 +41,4 @@ and .BR pcap_dump() . \-1 is returned on error. .SH SEE ALSO -pcap_dump_open(3PCAP), pcap_dump(3PCAP) +pcap(3PCAP), pcap_dump_open(3PCAP), pcap_dump(3PCAP) diff --git a/pcap_dump_open.3pcap b/pcap_dump_open.3pcap index 58c77f0..2b68fd5 100644 --- a/pcap_dump_open.3pcap +++ b/pcap_dump_open.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_dump_open.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_dump_open.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_DUMP_OPEN 3PCAP "4 April 2008" +.TH PCAP_DUMP_OPEN 3PCAP "5 April 2008" .SH NAME pcap_dump_open, pcap_dump_fopen \- open a file to which to write packets .SH SYNOPSIS @@ -53,9 +53,11 @@ is called to write data to an existing open stream Note that on Windows, that stream should be opened in binary mode. .PP .I p -is a -.B pcap_t -struct returned by an earlier call to +is a capture or ``savefile'' handle returned by an earlier call to +.B pcap_create() +and activated by an earlier call to +.BR pcap_activate() , +or returned by an earlier call to .BR pcap_open_offline() , .BR pcap_open_live() , or @@ -79,5 +81,6 @@ is returned, .B pcap_geterr(\fIp\fB) can be used to get the error text. .SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), pcap_open_offline(3PCAP), pcap_open_live(3PCAP), pcap_open_dead(3PCAP), pcap_dump(3PCAP), pcap_dump_close(3PCAP), pcap_geterr(3PCAP) diff --git a/pcap_file.3pcap b/pcap_file.3pcap index 87fd7d5..1471ab6 100644 --- a/pcap_file.3pcap +++ b/pcap_file.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_file.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_file.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_FILE 3PCAP "4 April 2008" +.TH PCAP_FILE 3PCAP "5 April 2008" .SH NAME pcap_file \- get the standard I/O stream for a savefile being read .SH SYNOPSIS @@ -38,6 +38,10 @@ returns the standard I/O stream of the ``savefile,'' if a ``savefile'' was opened with .BR pcap_open_offline() , or NULL, if a network device was opened with +.B pcap_create() +and +.BR pcap_activate() , +or with .BR pcap_open_live() . .PP Note that the Packet Capture library is usually built with large file @@ -51,3 +55,5 @@ or the value returned by .B fileno() when passed the return value of .BR pcap_file() . +.SH SEE ALSO +pcap(3PCAP), pcap_open_offline(3PCAP) diff --git a/pcap_fileno.3pcap b/pcap_fileno.3pcap index c668030..28eac42 100644 --- a/pcap_fileno.3pcap +++ b/pcap_fileno.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_fileno.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_fileno.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_FILENO 3PCAP "4 April 2008" +.TH PCAP_FILENO 3PCAP "5 April 2008" .SH NAME pcap_fileno \- get the file descriptor for a live capture .SH SYNOPSIS @@ -36,6 +36,12 @@ int pcap_fileno(pcap_t *p); .B pcap_fileno() returns the file descriptor number from which captured packets are read, if a network device was opened with +.B pcap_create() +and +.B pcap_activate() +or with .BR pcap_open_live() , or \-1, if a ``savefile'' was opened with .BR pcap_open_offline() . +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_findalldevs.3pcap b/pcap_findalldevs.3pcap index 6d14ea4..3bf1520 100644 --- a/pcap_findalldevs.3pcap +++ b/pcap_findalldevs.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_findalldevs.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_findalldevs.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_FINDALLDEVS 3PCAP "4 April 2008" +.TH PCAP_FINDALLDEVS 3PCAP "5 April 2008" .SH NAME pcap_findalldevs \- get a list of capture devices .SH SYNOPSIS @@ -40,10 +40,12 @@ int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf); .SH DESCRIPTION .B pcap_findalldevs() constructs a list of network devices that can be opened with +.B pcap_create() +and +.B pcap_activate() +or with .BR pcap_open_live() . -(Note that there may be network devices that cannot be opened with -.BR pcap_open_live() -by the +(Note that there may be network devices that cannot be opened by the process calling .BR pcap_findalldevs() , because, for example, that process might not have sufficient privileges @@ -150,4 +152,5 @@ is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. .SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), pcap_open_live(3PCAP), pcap_freealldevs(3PCAP) diff --git a/pcap_freealldevs.3pcap b/pcap_freealldevs.3pcap index 1491e48..d3f234f 100644 --- a/pcap_freealldevs.3pcap +++ b/pcap_freealldevs.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_freealldevs.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_freealldevs.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_FREEALLDEVS 3PCAP "4 April 2008" +.TH PCAP_FREEALLDEVS 3PCAP "5 April 2008" .SH NAME pcap_freealldevs \- free a list of capture devices .SH SYNOPSIS @@ -37,4 +37,4 @@ void pcap_freealldevs(pcap_if_t *alldevs); is used to free a list allocated by .BR pcap_findalldevs() . .SH SEE ALSO -pcap_findalldevs(3PCAP) +pcap(3PCAP), pcap_findalldevs(3PCAP) diff --git a/pcap_freecode.3pcap b/pcap_freecode.3pcap index 5ac81a9..31b4f89 100644 --- a/pcap_freecode.3pcap +++ b/pcap_freecode.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_freecode.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_freecode.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_FREECODE 3PCAP "4 April 2008" +.TH PCAP_FREECODE 3PCAP "5 April 2008" .SH NAME pcap_freecode \- free a BPF program .SH SYNOPSIS @@ -42,4 +42,4 @@ when that BPF program is no longer needed, for example after it has been made the filter program for a pcap structure by a call to .BR pcap_setfilter() . .SH SEE ALSO -pcap_compile(3PCAP), pcap_setfilter(3PCAP) +pcap(3PCAP), pcap_compile(3PCAP), pcap_setfilter(3PCAP) diff --git a/pcap_get_selectable_fd.3pcap b/pcap_get_selectable_fd.3pcap index 38e841e..6cc4aa1 100644 --- a/pcap_get_selectable_fd.3pcap +++ b/pcap_get_selectable_fd.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_get_selectable_fd.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_get_selectable_fd.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_GET_SELECTABLE_FD 3PCAP "4 April 2008" +.TH PCAP_GET_SELECTABLE_FD 3PCAP "5 April 2008" .SH NAME pcap_get_selectable_fd \- get a file descriptor on which a select() can be done for a live capture @@ -44,7 +44,11 @@ or to wait for it to be possible to read packets without blocking, if such a descriptor exists, or \-1, if no such descriptor exists. Some network devices opened with -.B pcap_open_live() +.B pcap_create() +and +.BR pcap_activate() , +or with +.BR pcap_open_live() , do not support .B select() or @@ -63,9 +67,8 @@ being FreeBSD 4.3 and 4.4), a simple .B select() or .B poll() -will not return even after a timeout specified in -.B pcap_open_live() -expires. To work around this, an application that uses +will not return even after the read timeout expires. To work around +this, an application that uses .B select() or .B poll() @@ -75,8 +78,7 @@ in non-blocking mode, and must arrange that the .B select() or .B poll() -have a timeout less than or equal to the timeout specified in -.BR pcap_open_live() , +have a timeout less than or equal to the read timeout, and must try to read packets after that timeout expires, regardless of whether .B select() @@ -109,4 +111,4 @@ is not available on Windows. A selectable file descriptor is returned if one exists; otherwise, \-1 is returned. .SH SEE ALSO -select(2), poll(2) +pcap(3PCAP), select(2), poll(2) diff --git a/pcap_geterr.3pcap b/pcap_geterr.3pcap index a5c047b..1a4ea34 100644 --- a/pcap_geterr.3pcap +++ b/pcap_geterr.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_geterr.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_geterr.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_GETERR 3PCAP "4 April 2008" +.TH PCAP_GETERR 3PCAP "5 April 2008" .SH NAME pcap_geterr, pcap_perror \- get or print libpcap error message text .SH SYNOPSIS @@ -49,3 +49,5 @@ prints the text of the last pcap library error on .BR stderr , prefixed by .IR prefix . +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_inject.3pcap b/pcap_inject.3pcap index 2633a87..79a3eea 100644 --- a/pcap_inject.3pcap +++ b/pcap_inject.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_inject.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_inject.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_INJECT 3PCAP "4 April 2008" +.TH PCAP_INJECT 3PCAP "5 April 2008" .SH NAME pcap_inject, pcap_sendpacket \- transmit a packet .SH SYNOPSIS @@ -87,4 +87,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP) diff --git a/pcap_is_swapped.3pcap b/pcap_is_swapped.3pcap index b0bcfd3..4d26b3b 100644 --- a/pcap_is_swapped.3pcap +++ b/pcap_is_swapped.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_is_swapped.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_is_swapped.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_IS_SWAPPED 3PCAP "4 April 2008" +.TH PCAP_IS_SWAPPED 3PCAP "5 April 2008" .SH NAME pcap_is_swapped \- find out whether a savefile has the native byte order .SH SYNOPSIS @@ -38,3 +38,5 @@ returns true if .I p refers to a ``savefile'' that uses a different byte order than the current system. For a live capture, it always returns false. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_lib_version.3pcap b/pcap_lib_version.3pcap index 9b8d0cd..7b39be1 100644 --- a/pcap_lib_version.3pcap +++ b/pcap_lib_version.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_lib_version.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_lib_version.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_LIB_VERSION 3PCAP "4 April 2008" +.TH PCAP_LIB_VERSION 3PCAP "5 April 2008" .SH NAME pcap_lib_version \- get the version information for libpcap .SH SYNOPSIS @@ -37,3 +37,5 @@ const char *pcap_lib_version(void); returns a pointer to a string giving information about the version of the libpcap library being used; note that it contains more information than just a version number. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_list_datalinks.3pcap b/pcap_list_datalinks.3pcap index bd34999..196bc66 100644 --- a/pcap_list_datalinks.3pcap +++ b/pcap_list_datalinks.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_list_datalinks.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_list_datalinks.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_LIST_DATALINKS 3PCAP "4 April 2008" +.TH PCAP_LIST_DATALINKS 3PCAP "5 April 2008" .SH NAME pcap_list_datalinks \- get a list of link-layer header types supported by a capture device @@ -54,4 +54,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP), pcap-linktype(4) diff --git a/pcap_lookupdev.3pcap b/pcap_lookupdev.3pcap index 03e7132..8b23cb8 100644 --- a/pcap_lookupdev.3pcap +++ b/pcap_lookupdev.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_lookupdev.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_lookupdev.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_LOOKUPDEV 3PCAP "4 April 2008" +.TH PCAP_LOOKUPDEV 3PCAP "5 April 2008" .SH NAME pcap_lookupdev \- find the default device on which to capture .SH SYNOPSIS @@ -41,8 +41,12 @@ char *pcap_lookupdev(char *errbuf); .B pcap_lookupdev() returns a pointer to a string giving the name of a network device suitable for use with -.B pcap_open_live() +.B pcap_create() and +.BR pcap_activate() , +or with +.BR pcap_open_live() , +and with .BR pcap_lookupnet() . If there is an error, .B NULL @@ -54,4 +58,5 @@ is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. .SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), pcap_open_live(3PCAP), pcap_lookupnet(3PCAP) diff --git a/pcap_lookupnet.3pcap b/pcap_lookupnet.3pcap index 28e28a5..75c82cf 100644 --- a/pcap_lookupnet.3pcap +++ b/pcap_lookupnet.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_lookupnet.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_lookupnet.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_LOOKUPNET 3PCAP "4 April 2008" +.TH PCAP_LOOKUPNET 3PCAP "5 April 2008" .SH NAME pcap_lookupnet \- find the IPv4 network number and netmask for a device .SH SYNOPSIS @@ -61,3 +61,5 @@ is filled in with an appropriate error message. is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_loop.3pcap b/pcap_loop.3pcap index b352197..4dda46a 100644 --- a/pcap_loop.3pcap +++ b/pcap_loop.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_loop.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_loop.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_LOOP 3PCAP "4 April 2008" +.TH PCAP_LOOP 3PCAP "5 April 2008" .SH NAME pcap_loop, pcap_dispatch \- process packets from a live capture or savefile .SH SYNOPSIS @@ -108,20 +108,6 @@ pointer to the first .I struct pcap_pkthdr a pointer to which is passed to the callback routine) bytes of data from the packet. -.PP -.BR NOTE : -when reading a live capture, -.B pcap_dispatch() -will not necessarily return when the read times out; on some platforms, -the read timeout isn't supported, and, on other platforms, the timer -doesn't start until at least one packet arrives. This means that the -read timeout should -.B NOT -be used in, for example, an interactive application, to allow the packet -capture loop to ``poll'' for user input periodically, as there's no -guarantee that -.B pcap_dispatch() -will return after the timeout expires. .SH RETURN VALUE .B pcap_loop() returns 0 if @@ -161,4 +147,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP), pcap_breakloop(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP), pcap_breakloop(3PCAP) diff --git a/pcap_major_version.3pcap b/pcap_major_version.3pcap index f8b7bf9..6f9c8ae 100644 --- a/pcap_major_version.3pcap +++ b/pcap_major_version.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_major_version.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_major_version.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_MAJOR_VERSION 3PCAP "4 April 2008" +.TH PCAP_MAJOR_VERSION 3PCAP "5 April 2008" .SH NAME pcap_major_version, pcap_minor_version \- get the version number of a savefile .SH SYNOPSIS @@ -50,3 +50,5 @@ refers to a live capture, the values returned by and .B pcap_minor_version() are not meaningful. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_next_ex.3pcap b/pcap_next_ex.3pcap index 3d9c64f..50ad198 100644 --- a/pcap_next_ex.3pcap +++ b/pcap_next_ex.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_next_ex.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_next_ex.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_NEXT_EX 3PCAP "4 April 2008" +.TH PCAP_NEXT_EX 3PCAP "5 April 2008" .SH NAME pcap_next_ex, pcap_next \- read the next packet from a pcap_t .SH SYNOPSIS @@ -87,4 +87,4 @@ non-blocking mode and no packets were available to be read), or if no more packets are available in a ``savefile.'' Unfortunately, there is no way to determine whether an error occured or not. .SH SEE ALSO -pcap_geterr(3PCAP), pcap_dispatch(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP), pcap_dispatch(3PCAP) diff --git a/pcap_open_dead.3pcap b/pcap_open_dead.3pcap index 88f45af..5f47bba 100644 --- a/pcap_open_dead.3pcap +++ b/pcap_open_dead.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_open_dead.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_open_dead.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_OPEN_DEAD 3PCAP "4 April 2008" +.TH PCAP_OPEN_DEAD 3PCAP "5 April 2008" .SH NAME pcap_open_dead \- open a fake pcap_t for compiling filters or opening a capture for output @@ -48,3 +48,5 @@ specifies the link-layer type for the .I snaplen specifies the snapshot length for the .BR pcap_t . +.SH SEE ALSO +pcap(3PCAP), pcap-linktype(4) diff --git a/pcap_open_live.3pcap b/pcap_open_live.3pcap index a4d0b76..623f098 100644 --- a/pcap_open_live.3pcap +++ b/pcap_open_live.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_open_live.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_open_live.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_OPEN_LIVE 3PCAP "4 April 2008" +.TH PCAP_OPEN_LIVE 3PCAP "5 April 2008" .SH NAME pcap_open_live \- open a device for capturing .SH SYNOPSIS @@ -41,7 +41,7 @@ int promisc, int to_ms, char *errbuf); .fi .SH DESCRIPTION .B pcap_open_live() -is used to obtain a packet capture descriptor to look +is used to obtain a packet capture handle to look at packets on the network. .I device is a string that specifies the network device to open; on Linux systems @@ -52,33 +52,13 @@ argument of "any" or can be used to capture packets from all interfaces. .PP .I snaplen -specifies the maximum number of bytes to capture. If this value is less -than the size of a packet that is captured, only the first -.I snaplen -bytes of that packet will be captured and provided as packet data. A -value of 65535 should be sufficient, on most if not all networks, to -capture all the data available from the packet. +specifies the snapshot length to be set on the handle. .PP .I promisc specifies if the interface is to be put into promiscuous mode. -(Note that even if this parameter is false, the interface -could well be in promiscuous mode for some other reason.) For now, this -doesn't work on the "any" device; if an argument of "any" or NULL is -supplied, the -.I promisc -flag is ignored. .PP .I to_ms -specifies the read timeout in milliseconds. The read timeout is used to -arrange that the read not necessarily return immediately when a packet -is seen, but that it wait for some amount of time to allow more packets -to arrive and to read multiple packets from the OS kernel in one -operation. Not all platforms support a read timeout; on platforms that -don't, the read timeout is ignored. A zero value for -.IR to_ms , -on platforms that support a read timeout, -will cause a read to wait forever to allow enough packets to -arrive, with no timeout. +specifies the read timeout in milliseconds. .SH RETURN VALUE .B pcap_open_live() returns a @@ -105,3 +85,5 @@ is no longer a zero-length string. is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_open_offline.3pcap b/pcap_open_offline.3pcap index b608c0a..dd5d494 100644 --- a/pcap_open_offline.3pcap +++ b/pcap_open_offline.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_open_offline.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/Attic/pcap_open_offline.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_OPEN_OFFLINE 3PCAP "4 April 2008" +.TH PCAP_OPEN_OFFLINE 3PCAP "5 April 2008" .SH NAME pcap_open_offline, pcap_fopen_offline \- open a saved capture file for reading .SH SYNOPSIS @@ -74,3 +74,5 @@ is filled in with an appropriate error message. is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_set_buffer_size.3pcap b/pcap_set_buffer_size.3pcap new file mode 100644 index 0000000..060e923 --- /dev/null +++ b/pcap_set_buffer_size.3pcap @@ -0,0 +1,47 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_buffer_size.3pcap,v 1.1 2008-04-06 02:53:22 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_SET_BUFFER_SIZE 3PCAP "5 April 2008" +.SH NAME +pcap_set_buffer_size \- set the buffer size for a not-yet-activated +capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.LP +.ft B +int pcap_set_buffer_size(pcap_t *p, int buffer_size); +.ft +.fi +.SH DESCRIPTION +.B pcap_set_buffer_size() +sets the buffer size that will be used on a capture handle when +the handle is activated to +.IR buffer_size , +which is in units of bytes. +.SH RETURN VALUE +.B pcap_set_buffer_size() +returns 0 on success or +.B PCAP_ERROR_ACTIVATED +if called on a capture handle that has been activated. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_set_datalink.3pcap b/pcap_set_datalink.3pcap index ee5373c..bad39e4 100644 --- a/pcap_set_datalink.3pcap +++ b/pcap_set_datalink.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_datalink.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_datalink.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_SET_DATALINK 3PCAP "4 April 2008" +.TH PCAP_SET_DATALINK 3PCAP "5 April 2008" .SH NAME pcap_set_datalink \- set the link-layer header type to be used by a capture device @@ -49,4 +49,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP) diff --git a/pcap_set_promisc.3pcap b/pcap_set_promisc.3pcap new file mode 100644 index 0000000..382260c --- /dev/null +++ b/pcap_set_promisc.3pcap @@ -0,0 +1,48 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_promisc.3pcap,v 1.1 2008-04-06 02:53:22 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_SET_PROMISC 3PCAP "5 April 2008" +.SH NAME +pcap_set_promisc \- set promiscuous mode for a not-yet-activated +capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.LP +.ft B +int pcap_set_promisc(pcap_t *p, int promisc); +.ft +.fi +.SH DESCRIPTION +.B pcap_set_promisc() +sets whether promiscuous mode should be set on a capture handle when +the handle is activated. +If +.I promisc +is non-zero, promiscuous mode will be set, otherwise it will not be set. +.SH RETURN VALUE +.B pcap_set_promisc() +returns 0 on success or +.B PCAP_ERROR_ACTIVATED +if called on a capture handle that has been activated. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_set_rfmon.3pcap b/pcap_set_rfmon.3pcap new file mode 100644 index 0000000..ee73556 --- /dev/null +++ b/pcap_set_rfmon.3pcap @@ -0,0 +1,49 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_rfmon.3pcap,v 1.1 2008-04-06 02:53:22 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_SET_RFMON 3PCAP "5 April 2008" +.SH NAME +pcap_set_rfmon \- set monitor mode for a not-yet-activated capture +handle +.SH SYNOPSIS +.nf +.ft B +#include +.LP +.ft B +int pcap_set_rfmon(pcap_t *p, int rfmon); +.ft +.fi +.SH DESCRIPTION +.B pcap_set_rfmon() +sets whether monitor mode should be set on a capture handle when +the handle is activated. +If +.I rfmon +is non-zero, monitor mode will be set, otherwise it will not be set. +.SH RETURN VALUE +.B pcap_set_rfmon() +returns 0 on success or +.B PCAP_ERROR_ACTIVATED +if called on a capture handle that has been activated. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP), +pcap_can_set_rfmon(3PCAP) diff --git a/pcap_set_snaplen.3pcap b/pcap_set_snaplen.3pcap new file mode 100644 index 0000000..74195d9 --- /dev/null +++ b/pcap_set_snaplen.3pcap @@ -0,0 +1,46 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_snaplen.3pcap,v 1.1 2008-04-06 02:53:22 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_SET_SNAPLEN 3PCAP "5 April 2008" +.SH NAME +pcap_set_snaplen \- set the snapshot length for a not-yet-activated +capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.LP +.ft B +int pcap_set_snaplen(pcap_t *p, int snaplen); +.ft +.fi +.SH DESCRIPTION +.B pcap_set_snaplen() +sets the snapshot length to be used on a capture handle when the handle +is activated to +.IR snaplen . +.SH RETURN VALUE +.B pcap_set_snaplen() +returns 0 on success or +.B PCAP_ERROR_ACTIVATED +if called on a capture handle that has been activated. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_set_timeout.3pcap b/pcap_set_timeout.3pcap new file mode 100644 index 0000000..c361b7d --- /dev/null +++ b/pcap_set_timeout.3pcap @@ -0,0 +1,47 @@ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_set_timeout.3pcap,v 1.1 2008-04-06 02:53:22 guy Exp $ +.\" +.\" Copyright (c) 1994, 1996, 1997 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that: (1) source code distributions +.\" retain the above copyright notice and this paragraph in its entirety, (2) +.\" distributions including binary code include the above copyright notice and +.\" this paragraph in its entirety in the documentation or other materials +.\" provided with the distribution, and (3) all advertising materials mentioning +.\" features or use of this software display the following acknowledgement: +.\" ``This product includes software developed by the University of California, +.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of +.\" the University nor the names of its contributors may be used to endorse +.\" or promote products derived from this software without specific prior +.\" written permission. +.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +.\" +.TH PCAP_SET_TIMEOUT 3PCAP "5 April 2008" +.SH NAME +pcap_set_timeout \- set the read timeout for a not-yet-activated +capture handle +.SH SYNOPSIS +.nf +.ft B +#include +.LP +.ft B +int pcap_set_timeout(pcap_t *p, int to_ms); +.ft +.fi +.SH DESCRIPTION +.B pcap_set_timeout() +sets the read timeout that will be used on a capture handle when +the handle is activated to +.IR to_ms , +which is in units of milliseconds. +.SH RETURN VALUE +.B pcap_set_timeout() +returns 0 on success or +.B PCAP_ERROR_ACTIVATED +if called on a capture handle that has been activated. +.SH SEE ALSO +pcap(3PCAP), pcap_create(3PCAP), pcap_activate(3PCAP) diff --git a/pcap_setdirection.3pcap b/pcap_setdirection.3pcap index 5689bd1..bd0fb25 100644 --- a/pcap_setdirection.3pcap +++ b/pcap_setdirection.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setdirection.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setdirection.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_SETDIRECTION 3PCAP "4 April 2008" +.TH PCAP_SETDIRECTION 3PCAP "5 April 2008" .SH NAME pcap_setdirection \- set the direction for which packets will be captured .SH SYNOPSIS @@ -68,4 +68,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP) diff --git a/pcap_setfilter.3pcap b/pcap_setfilter.3pcap index 12ce6b7..26219d1 100644 --- a/pcap_setfilter.3pcap +++ b/pcap_setfilter.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setfilter.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_SETFILTER 3PCAP "4 April 2008" +.TH PCAP_SETFILTER 3PCAP "5 April 2008" .SH NAME pcap_setfilter \- set the filter .SH SYNOPSIS @@ -51,4 +51,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP) diff --git a/pcap_setnonblock.3pcap b/pcap_setnonblock.3pcap index 64e32c0..b00fce1 100644 --- a/pcap_setnonblock.3pcap +++ b/pcap_setnonblock.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setnonblock.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_setnonblock.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_SETNONBLOCK 3PCAP "4 April 2008" +.TH PCAP_SETNONBLOCK 3PCAP "5 April 2008" .SH NAME pcap_setnonblock, pcap_getnonblock \- set or get the state of non-blocking mode on a capture device @@ -41,10 +41,8 @@ int pcap_getnonblock(pcap_t *p, char *errbuf); .fi .SH DESCRIPTION .B pcap_setnonblock() -puts a capture descriptor, opened with -.BR pcap_open_live() , -into ``non-blocking'' mode, or takes it out of ``non-blocking'' mode, -depending on whether the +puts a capture handle into ``non-blocking'' mode, or takes it out +of ``non-blocking'' mode, depending on whether the .I nonblock argument is non-zero or zero. It has no effect on ``savefiles''. If there is an error, \-1 is returned and @@ -74,4 +72,4 @@ is assumed to be able to hold at least .B PCAP_ERRBUF_SIZE chars. .SH SEE ALSO -pcap_loop(3PCAP), pcap_next_ex(3PCAP), pcap_geterr(3PCAP) +pcap(3PCAP), pcap_loop(3PCAP), pcap_next_ex(3PCAP), pcap_geterr(3PCAP) diff --git a/pcap_snapshot.3pcap b/pcap_snapshot.3pcap index 452016c..3025312 100644 --- a/pcap_snapshot.3pcap +++ b/pcap_snapshot.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_snapshot.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_snapshot.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_SNAPSHOT 3PCAP "4 April 2008" +.TH PCAP_SNAPSHOT 3PCAP "5 April 2008" .SH NAME pcap_snapshot \- get the snapshot length .SH SYNOPSIS @@ -35,6 +35,10 @@ int pcap_snapshot(pcap_t *p); .SH DESCRIPTION .B pcap_snapshot() returns the snapshot length specified when +.B pcap_set_snapshot() +or .B pcap_open_live() was called, for a live capture, or the snapshot length from the capture file, for a ``savefile''. +.SH SEE ALSO +pcap(3PCAP) diff --git a/pcap_stats.3pcap b/pcap_stats.3pcap index df661cc..abc56f8 100644 --- a/pcap_stats.3pcap +++ b/pcap_stats.3pcap @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/libpcap/pcap_stats.3pcap,v 1.2 2008-04-05 20:26:56 guy Exp $ +.\" @(#) $Header: /tcpdump/master/libpcap/pcap_stats.3pcap,v 1.3 2008-04-06 02:53:22 guy Exp $ .\" .\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. @@ -19,7 +19,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH PCAP_SNAPSHOT 3PCAP "4 April 2008" +.TH PCAP_SNAPSHOT 3PCAP "5 April 2008" .SH NAME pcap_stats \- get capture statistics .SH SYNOPSIS @@ -56,4 +56,4 @@ may be called with .I p as an argument to fetch or display the error text. .SH SEE ALSO -pcap_geterr(3PCAP) +pcap(3PCAP), pcap_geterr(3PCAP)