Add some additional checks to bpf_validate(), from OpenBSD.
Use bpf_validate() in install_bpf_program(), so we validate programs
even when they're being processed by userland filters; we make
bpf_validate() not reject backward branches, as we use them for the
protochain operator.
For BPF, don't assume that, just because no_optimize was set, we have a
program that we can't hand to the kernel; the user of the application
might have specified no optimization (e.g., tcpdump with -O), or we
might have generated code to handle 802.11 headers (the optimizer can't
handle that code). Instead, try handing the filter to the kernel and,
if that fails, try it in userland.
Get rid of BPF_MAXINSNS - we don't have a limit on program size in
libpcap.
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for backwards
compatibility.
Update the FILES and INSTALL.txt files to reflect current reality.
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
one packet from the kernel at a time, when the filter is changed, clear
the libpcap buffer to discard packets read from the kernel before the
filter was changed.
that require it, and make pcap_fddipad private to the code generator, as
that's the only place that needs it (ideally, all *its* state should be
local as well). This makes opening an FDDI device, on platforms where
the padding is supplied as part of the packet, and opening other types
of devices or opening savefiles in the same program work better, as you
don't have to be sure you compile the filter for a given pcap_t before
opening the next pcap_t.
catch the error you get from unpatched OS X when you turn that flag on,
and, if we get that error, turn the flag off and try again. This adapts
to systems that have been patched to make that flag work, and would also
adapt to Apple fixing that bug.
"uname()" end with "-RELEASE" (or "-CURRENT" or "-STABLE" or...), so
check the first 4 characters of the release number string for the
version number followed by "-".
devices, offer DLT_DOCSIS as one of the choices of link-layer type, and
support setting that type as meaning just "set libpcap's notion of the
link-layer type to DLT_DOCSIS" without telling the driver to use
DLT_DOCSIS.
reading packets from a pcap_t, and make "pcap_read()" call it. That
removes the last place where we have to check for a pcap_t that refers
to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it,
rather than being a per-platform function. The per-platform functions
don't need to check for an offline capture any more, as they're not
called for an offline capture (and the ones that just call
"install_bpf_program()" don't need to exist at all).
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather
than being a per-platform function; have stats routines for non-live
pcap_t's that return an error.
the platform-dependent part of closing a pcap_t (and the
live-vs-savefile part as well, so that function must close the file
descriptor and free up any buffers allocated).
In the Digital UNIX support, add in a check for a memory allocation
failure.
It appears that the reason why a read from a BPF device
sometimes gets EFAULT on AIX might be that the pages into which
you're reading haven't been ZFODded into existence the first
time a read is done; "memset()"ting the buffer to all zeroes
appears to mostly mitigate the problem, so we do that on AIX.
Fix an error in a "sysconfig()" call.
create the BPF device nodes if necessary, and rename our "bpf.h" to
"pcap-bpf.h" and install it in "/usr/include", so that "pcap-bpf.c" gets
the system's bpf.h file if it includes <net/bpf.h> - on AIX, it needs to
get an AIX-specific structure from that header in order to support
loading the driver and creating the nodes.
Update "packaging/pcap.spec".
argument to "pcap_open_live()" a "const" pointer.
Constify some additional device name arguments, and update the man page
to reflect some arguments that were already consts.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to support it on BPF
systems lacking BIOCGDLTLIST and other platforms lacking an equivalent
feature.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
Add APIs to map DLT names to DLT values and vice versa.
thing to do on AIX to get the IFT_ values, at least on the AIX 4.3.3 or
so that I tried it on), and add some new comments about IBM's tcpdump
forcibly enabling BPF and asking whether AIX uses seconds/nanoseconds or
seconds/microseconds for timeouts.
guy