The RA field is absent from management frames (addr1 is DA there), and
addr1 in other frames.
The TA field is absent from management frames (addr2 is SA there), and
addr2, if present, in other frames.
While we're at it, fix a font glitch in the pcap-filter man page.
structure we got back from getaddrinfo().
Plug some other getaddrinfo() leaks while we're at it.
Fail if you try to use "gateway" on ATM if we're not checking for ATM
LANE.
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
types. Modified to add ieee80211.h from FreeBSD, rather than depending
on the OS supplying the header, and to support all 802.11 radio header
types.
Clean up some link-layer type checks and the messages for failing those
checks.
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for backwards
compatibility.
Update the FILES and INSTALL.txt files to reflect current reality.
packets (based on the Ethernet type). "pppoes" has the side-effect that
subsequent filter expressions will test the PPP header and headers
in the PPP payload, not the link-layer header and headers in the
link-layer payload.
including those with fixed-length radio headers (it already refers to
the 802.11 header for radiotap).
Add a new "radio" keyword, to allow access to the radio header. In
theory, something to allow testing for specific signal strengths, etc.
might be useful, but radiotap makes that difficult as the code can't
loop through the header looking for the signal strength field, the loop
has to be unrolled, and some of the other headers might not have
standardized the meaning of some of the fields, so we require the user
to construct such a filter themselves, for now.
file that defines MASK, so when compiling the lexical analyzer, if INET6
is defined you get a redefinition warning. Use NETMASK rather than MASK
for the token "mask".
each source file, only the headers that file needs, and all the headers
it needs in order to compile on various platforms and not to get any
avoidable compiler warnings on those platforms (as well as any
incomplete structure definitions needed to avoid those warnings).
That also means that <pcap.h> doesn't include <pcap-stdinc.h> on UNIX;
we don't want it to include <pcap-stdinc.h>, at least on UNIX, as doing
so
1) would mean we'd have to install that, so that programs can
build with libpcap
and
2) would mean that programs including <pcap.h> would drag in a
bunch of header files that they don't need.
Put a newline at the end of "inet.c" - the Sun C compiler doesn't like
it if the last line doesn't end with a newline.
as a string, rather than as a binary address. This removes a warning
from the Sun C compiler, although it probably doesn't change the
generated code (the "e" and "s" members of the union probably have the
same data representation and reside in the same part of the union; if
they didn't, the old code wouldn't have worked).
define a structure used by <pcap-namedb.h>, and include <sys/socket.h>
before <netdb.h>, as <sys/socket.h> is included to define a structure
used by <netdb.h> (only a pointer to the first structure is used in
<pcap-namedb.h>, and only a pointer to the second structure is used by
<netdb.h>, so code will compile no matter which order you include them
in, but it's a bit cleaner to include <sys/socket.h> before <netdb.h>
and to include <netdb.h> before <pcap-namedb.h>). Indicate why we're
including <netdb.h> and <sys/socket.h>.
- Bad ethernet addresses no longer have to end with a colon
- Host names no longer have to be at least two characters long
- Bad tokens no longer have to end with an "i"
for "Novell 802.3" frames, which are 802.3 frames (i.e., the type/length
field is a length field, i.e. it's <= ETHERMTU) with 0xFFFF as the first
2 bytes. We don't yet check for ETHERTYPE_IPX as well.
When checking for OSI packets on Linux cooked captures, check for 802.2
frames by testing the packet type for LINUX_SLL_P_802_2 rather than by
checking whether the type field is <= ETHERMTU (it's always a type field
in DLT_LINUX_SLL captures).
Ring, and RFC 1483-style ATM, as well as on Ethernet.
Support checking for LLC SAP protocols other than OSI protocols on
Ethernet - for now, we check only the DSAP on those, rather than
checking both the DSAP and SSAP as we do for OSI, as I think, in some
cases, the SSAP isn't the same as the DSAP.
When generating protocol type checks on link-layer types with no type
field, where packets are always IP (SLIP, BSD/OS SLIP, raw IP), generate
a "test" that always succeeds if the protocol being checked for is IP or
IPv6 and a "test" that always fails otherwise. (We originally did
"gen_true()" if the protocol is IP, and bogusly generated code to check
the field at an offset of -1 otherwise; a subsequent change caused us
always to do "gen_true()", but that doesn't properly handle attempts to
check for other protocols - those attempts should generate code that
always fails, meaning that if you try to look for ARP packets in such a
capture the BPF compiler will return "expression rejects all packets" as
an error - and still generated extra code not all of which was removed
by the optimizer. The current code generates no *more* BPF code.)
Add "stp", which checks for the LLC SAP for the Spanning Tree Protocol.
#5228, to correctly check for Appletalk for EtherTalk phase II - they
use 802.3 with LLC SNAP packets, rather than D/I/X Ethernet packets.
His patch made "atalk" check for Appletalk ARP as well as other
Appletalk packets; I've instead added a separate "aarp" packet type,
leaving "atalk" checking only for ETHERTYPE_ATALK, so you can check for
ETHERTYPE_ATALK, ETHERTYPE_AARP, or both.
Gianluca Varenni