All sections of the file must have the same byte order, so that the
result of pcap_is_swapped() is the same throughout the file; all
interfaces in the file must have the same link-layer type and snapshot
length, so that pcap_datalink() and pcap_snapshot() can return a single
value for the entire file; and all interfaces must have the same time
resolution and offset.
From NetBSD; to quote the checkin comment:
Fix pcap_lookupnet(): reset ifr before SIOCGIFNETMASK. Without
it we get back a bogus netmask.
Presumably some stuff left over in ifr from the previous ioctl confuses
the next ioctl.
Split off the shared-library tests into a separate AC_LBL_SHLIBS_INIT
macro, so the libpcap and tcpdump versions of AC_LBL_C_INIT can be the
same. While we're at it, clean up some of the AC_PREREQ and AC_BEFORE
stuff.
Not all Linux kernels that can support SocketCAN sniffing have
<linux/can/version.h>, and we don't include it directly. We *do*
include <linux/can.h>, so check for that.
Patch changed not to bother checking for the existence of <sys/socket.h>
- we already assume it exists on all platforms that support packet
capture, including Linux. I also changed the Bluetooth "not supported
on this OS" message to look like the one for CANbus, giving the host OS.
Signed-off-by: Guy Harris <guy@alum.mit.edu>
don't know the netmask. (It also lets you test, at compile time,
whether you can rely on "ip broadcast" failing to compile when you pass
0xffffffff to pcap_compile().)
(255.255.255.255) be an indication that the netmask is unknown, and
return an error. Document that as the way to tell pcap_compile() that
the netmask is unknown. Have filtertest default to that as the netmask,
and add a -m flag to let you specify the netmask.
Don't define DLT_IPOIB with the same value as one of the DLT_USERn
definitions - it's not used, and we don't want to make anybody think
that value belongs to any particular link-layer type.
build 125 and later to use the native BPF with both IPNET and traditional
MAC (ethernet, etc) packet sniffing, the attached patches are required.
The attached patches represent what's in our internal build tree for libpcap.
pcap-linux.c memory-mapped mode.
Always doing a poll() if there are no packets available allows us to
catch disappearing interfaces in memory-mapped mode, so remove the
caveats about Linux.
even if we're in non-blocking mode, to pick up any error indications -
in that case, use a timeout of 0, so poll() doesn't block.
Don't test individual exceptional-condition bits in the poll() return
unless one of them is set, so we just do one test in the typical (no
exceptional condition) case.
went down" on at least some OSes, return a message indicating that.
When reading from a Linux PF_PACKET socket, if we get ENETDOWN, which
means "The device went down", return a message indicating that.
When doing a poll() on a PF_PACKET socket, check for various "something
happened on this, but it's not readable" conditions.
anything it's opened, etc..
In addition, the op pointers need to be restored to the un-activated
state; do that in pcap_activate() if the call to the activate op fails.
Also, in the common cleanup code, set the fd's to -1.
libpcap archive. A dependency has been introduced whereby the dagapi.o
object depends on functions in the dagutil.o as og DAG software release
3.4.1. This change is backwards compatible with older versions of the
DAG libraries.
http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/StartupItems.html
"Table 1 StartupParameters.plist key-value pairs
Key Type Value
Description String A short description of the startup item,
used by administrative tools.
Provides Array The names of the services provided by this
startup item. Although a startup item can
potentially provide multiple services, it is
recommended that you limit your startup items
to only one service each."
Fix "Provides" to be the name of the service, not a description of the
helpful operations that it provides.
Guy Harris