This patch adds support for our NICs when run in a specialized capture mode.
It is diffed against the current master.
The Myricom Sniffer10G software uses Myri-10G programmable Network Interface
Cards (NICs), a firmware extension, a specialized driver and a user-level
library (libsnf) to enable sustained capture of 10-Gigabit Ethernet traffic.
Small-packet coalescing and an efficient zero-copy path to host memory allow
Sniffer10G to capture streams at line rate for all Ethernet packet sizes.
Optionally, libpcap can be used concurrently by multiple processes on a single
NIC port to partition the incoming traffic across processes. While the Linux
kernel enables this through multiple receive queues, the difference is that the
myri_snf driver cooperates with libsnf to set up multiple queues that are each
independently accessible through user-space.
More information here: http://www.myri.com/scs/SNF/doc
Signed-off-by: Guy Harris <guy@alum.mit.edu>
All sections of the file must have the same byte order, so that the
result of pcap_is_swapped() is the same throughout the file; all
interfaces in the file must have the same link-layer type and snapshot
length, so that pcap_datalink() and pcap_snapshot() can return a single
value for the entire file; and all interfaces must have the same time
resolution and offset.
Allocate a buffer into which to copy a packet, and have the
callback for pcap_next() and pcap_next_ex() copy to that buffer
and return a pointer to that buffer; we can't return the packet
data pointer passed to the callback, as, once the callback
returns, that buffer can be overwritten, even before you read
the next packet.
Don't tweak filter programs passed into the kernel to return
65535 on success - we don't have to, as we're not reading
packets with recvfrom(), and we don't want to, as, if we return
the actual snapshot length, the kernel will copy less data to
the ring buffer.
Truncate the packet snapshot length to the specified length, as
we might not have a filter to do that.
region and the size of the region; use that pointer rather than the bp
or buffer member (that means we don't have to worry about
pcap_cleanup_live_common() attempting to free that buffer). Use the
saved size when unmapping the memory-mapped region.
Use that for Linux USB memory-mapped access as well - and unmap the
memory-mapped region when we close the pcap_t, because we *do* have to
unmap it.
finishes processing the packet; in some cases, such as pcap_next() and
pcap_next_ex(), the packet data is expected to be available after the
callback returns, and only discarded when the next packet is read.
The tpacket_hdr is not clean for 64 bit kernel/32 bit userspace and
is not extendable because the struct sockaddr_ll following it is
expected at a fixed offset.
Linux 2.6.27-rc supports a new tpacket frame header that removes these
two limitations. Convert the mmap ring support to support both formats
and probe for availability of the new version.
check in the generated version, and don't put it into the distribution.
Fix a bunch of references to tcpdump-workers@tcpdump.org to refer to the
new address, tcpdump-workers@lists.tcpdump.org.
Fix a reference to the pcap man page from the pcap-filter(4) man page.
Note that patches should be submitted on the SourceForge site, not sent
to the spam-trap patches@tcpdump.org list.
used to clean up after a failed pcap_activate() call. Convert the
existing close_op routines to cleanup_op routines, and use them to clean
up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
directly if there's no platform-dependent cleanup needed. That means we
don't have to write the same cleanup code twice (and possibly forget
stuff in the version done on a failed pcap_activate() call).
Have the cleanup routines do whatever is necessary to indicate that
cleanup has been done, and not do any particular cleaning up if it's
already been done (i.e., don't free something if the pointer to it is
null and null out the pointer once it's been freed, don't close an FD if
it's -1 and set it to -1 once it's been closed, etc.).
For device types/platforms where we don't support monitor mode, check
for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
checked whether we can open the device, so we return "no such device" or
"permission denied" rather than "that device doesn't support monitor
mode" if we can't open the device in the first place.
Fix a comment.
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
move it into pcap-sita.c, and make --with-sita set the pcap type to
"sita", so we build pcap-sita.c instead of, rather than in addition to,
pcap-linux.c.
Use "bpf_u_int32" rather than "ulong" in the SITA code, as it's intended
to be 32 bits long (the "l" in "htonl()" and "ntohl()" is historical -
they work on 32-bit quantities, and the "l" dates back to the days when
32-bit processors were a bit newer and 16-bit Unix was more common).
Those changes also, at least in theory, makes the SITA support work on
other Unix-compatible platforms; note that in README.sita.
Clean up pcap-sita.c, making routines no longer called outside it
static, folding trivial wrappers, and fixing various warnings.
Put the routines used by fad-sita.c and defined by pcap-sita.c into
pcap-sita.h. Remove from pcap-sita.h the files that are now static to
pcap-sita.c. Include pcap-sita.h in both fad-sita.c and pcap-sita.c, so
that we do cross-file prototype checking.
field in a capture file into:
a 16-bit link-layer type field (it's 16 bits in pcap-NG, and
that'll probably be enough for the foreseeable future);
a 10-bit "class" field, indicating the group of link-layer type
values to which the link-layer type belongs - class 0 is for
regular DLT_ values, and class 0x224 grandfathers in the NetBSD
"raw address family" link-layer types;
a 6-bit "extension" field, storing information about the
capture, such an indication of whether the packets include an
FCS and, if so, how many bytes of FCS are present.
The USB pseudo-header in DLT_USB_LINUX captures is in the host
byte order for the machine on which the capture was done. When
reading a capture file, convert the pseudo-header to the host
byte order of the host on which the file is being read.
There's a 64-bit quantity in that pseudo-header; move the 64-bit
byte-swap macro from the DAG code to pcap-int.h for use by other
code.
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
that require it, and make pcap_fddipad private to the code generator, as
that's the only place that needs it (ideally, all *its* state should be
local as well). This makes opening an FDDI device, on platforms where
the padding is supplied as part of the packet, and opening other types
of devices or opening savefiles in the same program work better, as you
don't have to be sure you compile the filter for a given pcap_t before
opening the next pcap_t.
"snprintf()", include one in libpcap with the name "pcap_snprintf()", so
applications don't have to supply their own "snprintf()" on those
platforms in order to use libpcap.
Added support for nonblocking operation.
Added support for processing more than a single packet in
pcap_dispatch().
Fixed bug in loss counter code.
Improved portability of loss counter code (e.g. use UINT_MAX
instead of 0xffff).
Removed unused local variables.
Added required headers (ctype.h, limits.h, unistd.h,
netinet/in.h).
Changed semantics to match those of standard pcap on linux.
- packets rejected by the filter are not counted.