dect
/
libpcap
Archived
13
0
Fork 0
Commit Graph

1396 Commits

Author SHA1 Message Date
Guy Harris 117cb5eb2e Add a #define for 0xffffffff as PCAP_NETMASK_UNKNOWN, for use when you
don't know the netmask.  (It also lets you test, at compile time,
whether you can rely on "ip broadcast" failing to compile when you pass
0xffffffff to pcap_compile().)
2009-12-01 19:23:21 -08:00
Guy Harris 74b2de364f When generating code for "ip broadcast", treat a netmask of 0xffffffff
(255.255.255.255) be an indication that the netmask is unknown, and
return an error.  Document that as the way to tell pcap_compile() that
the netmask is unknown.  Have filtertest default to that as the netmask,
and add a -m flag to let you specify the netmask.
2009-12-01 19:07:11 -08:00
Guy Harris 8b52a90cd9 Get rid of some unused variables.
Get rid of an unnecessary #ifdef.
2009-11-25 12:03:06 -08:00
Guy Harris b8c57c9529 Don't check for DLT_IPNET if it's not defined - in pcap-bpf.c, the bpf.h
we're using is the OS's, not libpcap's, so it's not necessarily defined.

Explain why we're checking for DLT_IPNET.
2009-11-25 12:02:06 -08:00
Guy Harris 272bbe3dfe Regnerated configure. 2009-11-25 11:56:59 -08:00
Guy Harris 05b4572af9 Get rid of redundant definition of DLT_IPNET.
Don't define DLT_IPOIB with the same value as one of the DLT_USERn
definitions - it's not used, and we don't want to make anybody think
that value belongs to any particular link-layer type.
2009-11-25 11:50:11 -08:00
Darren Reed bdc25fca79 To compile libpcap on OpenSolaris (or Solaris Express Community Edition)
build 125 and later to use the native BPF with both IPNET and traditional
MAC (ethernet, etc) packet sniffing, the attached patches are required.

The attached patches represent what's in our internal build tree for libpcap.
2009-11-24 21:40:44 -05:00
Guy Harris 5aa0044891 Hyphenate "link-layer" everywhere.
Fix the description of the link-layer sender address field in the
DLT_LINUX_SLL header.
2009-11-16 12:01:24 -08:00
Guy Harris 62b9af0706 From Márton Németh:
The usbmon text interface was moved from
	/sys/kernel/debug/usbmon to /sys/kernel/debug/usb/usbmon as of
	patch

		http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f49ce96f11112a84c16ac217490ebd6f8d9a8977 .

	Please add this new directory also into the search list when
	finding USB devices.

Get rid of older address for Gisle Vanem; convert Love's address to
UTF-8 (as it is in the tcpdump CREDITS file).
2009-11-03 14:50:40 -08:00
Guy Harris 6b414c082f Describe all the cases where pcap_fileno() returns a file descriptor and
where it returns -1.  Based on a patch from Fumiyuki Shimizu.
2009-11-03 14:18:11 -08:00
Guy Harris 339d28cefc Give N. Leiten credit for the poll() exceptional condition checks in
pcap-linux.c memory-mapped mode.

Always doing a poll() if there are no packets available allows us to
catch disappearing interfaces in memory-mapped mode, so remove the
caveats about Linux.
2009-10-12 17:21:02 -07:00
Guy Harris 26384d5fc7 Fix typo^Wbraino. 2009-10-12 17:06:11 -07:00
Guy Harris bf7491046a In pcap_read_linux_mmap(), if there are no frames available, call poll()
even if we're in non-blocking mode, to pick up any error indications -
in that case, use a timeout of 0, so poll() doesn't block.

Don't test individual exceptional-condition bits in the poll() return
unless one of them is set, so we just do one test in the typical (no
exceptional condition) case.
2009-10-12 16:24:57 -07:00
Guy Harris 9dd13b012f If bpf_odmcleanup() is being called to clean up after an error, pass it
a null pointer, so that it doesn't overwrite the error string for the
error.  Make it set the error string only if passed a non-null pointer.
2009-10-12 12:58:30 -07:00
Guy Harris 0c8f81c821 Snow Leopard fixes poll() and kqueues to work on BPF devices (and ttys).
Describe what happens with select() and poll() on Linux if the device on
which you're capturing goes away.
2009-10-11 22:44:39 -07:00
Guy Harris e6b89d9420 If we get POLLERR when polling a socket in memory-mapped mode, do a
recv() on the socket to get the error code.
2009-10-11 22:15:24 -07:00
Guy Harris 86ecdb83e0 Fix typo. 2009-10-02 14:07:11 -07:00
Guy Harris e9de4b862e When reading from a BPF device, if we get ENXIO, which means "The device
went down" on at least some OSes, return a message indicating that.

When reading from a Linux PF_PACKET socket, if we get ENETDOWN, which
means "The device went down", return a message indicating that.

When doing a poll() on a PF_PACKET socket, check for various "something
happened on this, but it's not readable" conditions.
2009-10-11 20:12:34 -07:00
Guy Harris 43acbb77a8 Work around an annoying Snow Leopard BPF bug that causes sub-second
timeouts not to work in 64-bit userland code (Snow Leopard's GCC builds
64-bit by default on 64-bit machines).
2009-10-11 11:05:46 -07:00
Guy Harris 86ed15cc8b Add DLT_CAN_SOCKETCAN, for capturing on the Controller Area Network with
Linux SocketCAN.
2009-10-11 10:16:21 -07:00
Guy Harris 8c4dcba6d2 From Jean-Louis Charton: clean up in some failure cases on AIX. 2009-10-09 16:10:33 -07:00
Guy Harris e154e275c2 For BPF, raise the default capture buffer size to .5MB; 32K isn't much
for modern machines with more memory and faster networks.
2009-09-22 21:02:43 -07:00
Guy Harris 71dac45765 If an activate routine fails, it needs to clean up the pcap_t, close
anything it's opened, etc..

In addition, the op pointers need to be restored to the un-activated
state; do that in pcap_activate() if the call to the activate op fails.

Also, in the common cleanup code, set the fd's to -1.
2009-09-21 10:45:09 -07:00
Guy Harris 2fbb5a5e31 Copy the right value to the ps_ifdrop statistic. 2009-09-21 10:26:37 -07:00
Darren Lim 420e592e02 Added the dagutil.o object file from the Endace DAG libraries into the
libpcap archive. A dependency has been introduced whereby the dagapi.o
object depends on functions in the dagutil.o as og DAG software release
3.4.1. This change is backwards compatible with older versions of the
DAG libraries.
2009-09-17 15:24:28 +12:00
Guy Harris bb8cce5968 Put in a note about the Snow Leopard bug that requires that you have BPF
devices open for writing in order to capture outgoing traffic.
2009-09-09 17:36:06 -07:00
Guy Harris 2212a58381 To quote
http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/StartupItems.html

"Table 1  StartupParameters.plist key-value pairs

Key		Type	Value
Description	String	A short description of the startup item,
			used by administrative tools.

Provides	Array	The names of the services provided by this
			startup item.  Although a startup item can
			potentially provide multiple services, it is
			recommended that you limit your startup items
			to only one service each."

Fix "Provides" to be the name of the service, not a description of the
helpful operations that it provides.
2009-09-09 16:50:36 -07:00
Guy Harris d2ec25429b Note some other ways to get link statistics. 2009-09-07 17:52:55 -07:00
Guy Harris ef9aa50d23 Set ps_ifdrop after ps_drop, so we process the statistics in order. 2009-09-07 16:49:59 -07:00
Guy Harris 806f42441a Note that we might not get an interface drop count from /proc/net/dev. 2009-09-07 16:49:10 -07:00
Guy Harris 4b9a27475e handle->md.stat should be zeroed out when we initially allocated the
pcap_t, but, as long as we're initializing ps_drop and ps_recv,
initialize ps_ifdrop.
2009-09-07 16:48:26 -07:00
Guy Harris 1d47ee92c3 Return 0 for the ps_ifdrop value, rather than leaving it with whatever
random data it might have.
2009-09-07 16:45:24 -07:00
Guy Harris 2032d35228 From Dustin Spicuzza: support ps_ifdrop on Linux, using /proc/net/dev.
Fix the title of the pcap_stats man page, and give more detail - and a
lot of caveats.
2009-09-07 16:23:15 -07:00
Guy Harris 8b04d928b6 No, that's not an issue - it'll be a strdup() in any case, and safe to
free.  Revert previous change.
2009-08-11 22:10:51 -07:00
Guy Harris ddea9de623 When using pcap_create_common() in pcap_fopen_offline(), leave
p->opt.source null, so that we don't try to free a constant string when
we close the pcap_t.
2009-08-11 22:09:06 -07:00
Guy Harris b93bc35e51 From Dustin Spicuzza: use pcap_create_common() to allocate the pcap_t in
pcap_fopen_offline(), so that we initialize various function pointers
(not just the oneshot callback, but also functions such as the "can set
rfmon mode" function).
2009-08-11 22:06:38 -07:00
Guy Harris 4e4c320e9f Add opentest.c to the list of files to put into the source tarball. 2009-08-11 21:38:06 -07:00
Guy Harris d316f7ebb2 Add a program for testing both the old (pcap_open_live()) and new
(pcap_create()/.../pcap_activate()) open path, especially for reporting
errors.
2009-08-11 21:37:18 -07:00
Guy Harris 96fece483a From Dustin Spicuzza: if the activate routine doesn't supply an error
message, supply the error message corresponding to the activate
routine's return status, for the benefit of programs that don't handle
different error returns differently.
2009-08-11 21:31:18 -07:00
Guy Harris 1628ad56b0 seltest was renamed selpolltest. 2009-07-30 20:58:34 -07:00
Guy Harris efeaba4650 The pcap_activate() man page says:
If PCAP_WARNING_PROMISC_NOTSUP, PCAP_ERROR_NO_SUCH_DEVICE, or
	PCAP_ERROR_PERM_DENIED is returned, pcap_geterr() or
	pcap_perror() may be called with p as an argument to fetch or
	display an message giving additional details about the problem
	that might be useful for debugging the problem if it's
	unexpected.

but we weren't always setting the error string in question.  Do so.

In pcap_open_live(), if the open fails with PCAP_ERROR, include the
device name in the error string, and if it fails with
PCAP_ERROR_NO_SUCH_DEVICE or PCAP_ERROR_PERM_DENIED, include the device
name and both error messages in the error string.
2009-07-30 20:58:08 -07:00
Guy Harris 0101db9e7c Add the -p flag to the usage message. 2009-07-30 20:32:04 -07:00
Guy Harris e29e700736 Note that what follows the ipnet pseudo-header is an IPv4 or IPv6
datagram.
2009-07-27 12:04:39 -07:00
Guy Harris a685965f2f DLT for Solaris ipnet, requested by Darren Reed. 2009-07-27 12:02:34 -07:00
Guy Harris edf4e2c451 Don't bother printing the "."s per packet received - the summary line
giving packets seen and counted suffices.
2009-07-26 15:51:27 -07:00
Guy Harris c3c51e58e5 Clean up per-packet output a bit; don't output a blank line if no
packets were seen, but do put the "."s on a separate line - which should
all come out in a burst, so don't fflush() after each one, let the
newline at the end do that.

Report POLLNVAL for poll().

When not using select() or poll(), loop forever doing pcap_dispatch(),
rather than just using pcap_loop(), so you see what happens for each
delivered batch of packets.
2009-07-26 15:44:31 -07:00
Guy Harris 559ebc322f Add poll() support to seltest, and rename it to selpolltest.
Just print "."s for packets seen, and count the packets.  Print out the
information from the file descriptor bitsets/poll FDs on one line.
2009-07-26 13:55:35 -07:00
Guy Harris 03bee67123 Use pcap_get_selectable_fd() to get the FD on which to do a select(). 2009-07-24 12:17:10 -07:00
Guy Harris 2f9c8dd44a Check for both readability and exceptional conditions on the pcap FD,
and report on both.
2009-07-24 12:15:22 -07:00
Guy Harris 6e614204bb Get rid of unused variable. 2009-07-24 12:04:09 -07:00