build 125 and later to use the native BPF with both IPNET and traditional
MAC (ethernet, etc) packet sniffing, the attached patches are required.
The attached patches represent what's in our internal build tree for libpcap.
went down" on at least some OSes, return a message indicating that.
When reading from a Linux PF_PACKET socket, if we get ENETDOWN, which
means "The device went down", return a message indicating that.
When doing a poll() on a PF_PACKET socket, check for various "something
happened on this, but it's not readable" conditions.
If PCAP_WARNING_PROMISC_NOTSUP, PCAP_ERROR_NO_SUCH_DEVICE, or
PCAP_ERROR_PERM_DENIED is returned, pcap_geterr() or
pcap_perror() may be called with p as an argument to fetch or
display an message giving additional details about the problem
that might be useful for debugging the problem if it's
unexpected.
but we weren't always setting the error string in question. Do so.
In pcap_open_live(), if the open fails with PCAP_ERROR, include the
device name in the error string, and if it fails with
PCAP_ERROR_NO_SUCH_DEVICE or PCAP_ERROR_PERM_DENIED, include the device
name and both error messages in the error string.
build "traditional" AIX shared libraries, which are archive libraries
containing shared objects, so, on AIX, we build the archive library, for
the benefit of "build libpcap and tcpdump in subdirectories of the same
directory, with tcpdump linked statically with that libpcap", but don't
install it. Newer versions of AIX, at least, also support "standard"
.so-style UN*X shared libraries, but we stick with
<Tevye>Tradition!</Tevye>.)
Fix an AIX build problem that shows up when building with GCC.
Clean up HP-UX stuff.
e-mail address while we're at it.
Use <fcntl.h> rather than <sys/file.h> in pcap-bpf.c - that's the right
header for open().
Don't include <sys/timeb.h> - it doesn't define anything that pcap-bpf.c
should need.
Redo some if statements to make it clearer which branch handles the
zerocopy case and which branch handles the non-zerocopy case.
Support setting the buffer size for zerocopy BPF.
isn't up, so applications can report that differently from a generic
error (the latter could mean there's a bug somewhere in libpcap).
When capturing on a device without mmap on Linux, ignore ENETDOWN, so
that we can continue to capture traffic if the interface goes down and
comes back up again; comments in the kernel indicate that we'll just
block waiting for packets if we try to receive from a socket that
delivered ENETDOWN, and, if we're using a memory-mapped buffer, we won't
even get notified of "network down" events.
used to clean up after a failed pcap_activate() call. Convert the
existing close_op routines to cleanup_op routines, and use them to clean
up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
directly if there's no platform-dependent cleanup needed. That means we
don't have to write the same cleanup code twice (and possibly forget
stuff in the version done on a failed pcap_activate() call).
Have the cleanup routines do whatever is necessary to indicate that
cleanup has been done, and not do any particular cleaning up if it's
already been done (i.e., don't free something if the pointer to it is
null and null out the pointer once it's been freed, don't close an FD if
it's -1 and set it to -1 once it's been closed, etc.).
For device types/platforms where we don't support monitor mode, check
for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
checked whether we can open the device, so we return "no such device" or
"permission denied" rather than "that device doesn't support monitor
mode" if we can't open the device in the first place.
Fix a comment.
know that..."; currently, only pcap_activate() returns them, but we
might want some more warning returns for some other calls, such as the
ones that set filters. It's a little cleaner than "clear out the error
message buffer and, if it's not empty after a successful return, it has
a warning", and a little cleaner than spewing a warning to the standard
error (as that might not be visible to the user if they're running a GUI
application).
that often means "sorry, this platform requires you to run as root or to
somehow tweak the system to give you capture privileges", and
applications might want to explain that in a way that does a better job
of letting the user know what they have to do.
Try to return or PCAP_ERROR_PERM_DENIED for open errors, rather than
just returning PCAP_ERROR, so that the application can, if it chooses,
try to explain the error better (as those two errors are the ones that
don't mean "there's probably some obscure OS or libpcap problem", but
mean, instead, "you made an error" or "you need to get permission to
capture").
Check for monitor mode *after* checking whether the device exists in the
first place; a non-existent device doesn't support monitor mode, but
that's because it doesn't, well, exist, and the latter would be a more
meaningful error.
Have pcap_open_live() supply an error message for return values other
than PCAP_ERROR, PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED -
those all supply error strings (PCAP_ERROR because it's for various OS
problems that might require debugging, and the other two because there
might be multiple causes).
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
no_optimize - we check, instead, whether the kernel rejected the
program).
Move the initialization of the bpf_dltlist structure right before its
first use.
Add some additional checks to bpf_validate(), from OpenBSD.
Use bpf_validate() in install_bpf_program(), so we validate programs
even when they're being processed by userland filters; we make
bpf_validate() not reject backward branches, as we use them for the
protochain operator.
For BPF, don't assume that, just because no_optimize was set, we have a
program that we can't hand to the kernel; the user of the application
might have specified no optimization (e.g., tcpdump with -O), or we
might have generated code to handle 802.11 headers (the optimizer can't
handle that code). Instead, try handing the filter to the kernel and,
if that fails, try it in userland.
Get rid of BPF_MAXINSNS - we don't have a limit on program size in
libpcap.
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for backwards
compatibility.
Update the FILES and INSTALL.txt files to reflect current reality.
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
one packet from the kernel at a time, when the filter is changed, clear
the libpcap buffer to discard packets read from the kernel before the
filter was changed.
that require it, and make pcap_fddipad private to the code generator, as
that's the only place that needs it (ideally, all *its* state should be
local as well). This makes opening an FDDI device, on platforms where
the padding is supplied as part of the packet, and opening other types
of devices or opening savefiles in the same program work better, as you
don't have to be sure you compile the filter for a given pcap_t before
opening the next pcap_t.