pcap_dumper_t. (Just doing an "ftell()" on the result of
"pcap_dump_file()" won't necessarily work on Windows, as Microsoft, in
their infinite wisdom, have multiple different versions of the C library
runtime, and if a DLL is built using one version, and another DLL or an
executable is built with another version, file descriptors and FILE *'s
opened in one of them cannot be used in the other.)
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
revision 1.65
date: 2005/04/13 18:59:41; author: mcr; state: Exp; lines: +5 -1
include typedef for pcap_handler in documentation.
from the main branch.
"pcap_dump_fopen()" to open a pcap_t given a FILE *, and add
"pcap_dump_fopen()" to open a pcap_dumper_t given a FILE *.
On Windows, if we're opening the standard input, put it in binary mode.
Check for errors from "sf_write_header()" and return an error if we get
an error.
libpcap; it generates the string at run time on the first call, so that
it's not a constant string - in at least some UNIXes, constant data in a
shared library is kept separate from the library code, and is bound into
applications linked with that library at link time, not at run time, so
a constant string (such as "pcap_version[]") can reflect the version of
the library with which the application was built, not the version with
which it's running.
Document it, in the hopes that vendors will be less likely to omit it
from their libpcaps (unlike "pcap_version[]", which is absent from some
vendors' libpcaps).
unfortunately, we can't fix "pcap_dump()" and "pcap_dump_close()" to do
that, as any application that tests the return value would fail to work
correctly if linked at runtime with an older libpcap, but we should
perhaps introduce "pcap_dump_ex()" and "pcap_dump_close_ex()" routines
that do return a success-vs-vailure indication.
argument to "pcap_open_live()" a "const" pointer.
Constify some additional device name arguments, and update the man page
to reflect some arguments that were already consts.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to support it on BPF
systems lacking BIOCGDLTLIST and other platforms lacking an equivalent
feature.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
Add APIs to map DLT names to DLT values and vice versa.
if, as I suspect is the case, that causes no timeout to be set, and if
that's the same as explicitly clearing the timeout with SBIOCCTIME, that
would appear to mean that it'd wait forever for a full chunk's worth of
packets to arrive.
can have one of two different behaviors, depending on the OS (it means
"don't return from a read until enough data has arrived" on BSD and
Digital/Tru64 UNIX, and means "return immediately" on Solaris, for
example, at least according to the man pages on Digital/Tru64 UNIX and
Solaris and the code in BSD).
"pcap_dispatch()" and "pcap_loop()", give more details on the effect of
the "snaplen" argument to "pcap_open_live()", and suggest 65535 as a
value if you want to capture the entire packet.
particular, point out that it's only used when checking for IPv4
broadcast addresses, and that if you don't care whether those checks are
done correctly, you can supply 0 if the netmask isn't known or isn't
available.
"pcap_dispatch()", giving the members of a "struct pcap_pkthdr", and
specifying which of those arguments are "const" pointers.
Describe the return value of "pcap_loop()".
the current state of non-blocking mode; this allows us to implement, for
example, memory-mapped capture devices, where "pcap_read()" uses
"select()" or "poll()" to wait for packets to arrive, and hide that
implementation detail from applications using this API
("pcap_setnonblock()" would set or clear a non-blocking mode flag in the
"pcap_t", and the "select()" or "poll()" would not be done if the
"pcap_t" is in non-blocking mode).
field, and make a PCAP_IF_LOOPBACK flag be the first flag bit in that
field, specifying whether the interface is a loopback interface; this
allows us to add more flags without changing the layout of the
structure.
Add a new "pcap_findalldevs()" routine to get a list of all
interfaces that can be opened with "pcap_open_live()", and a
"pcap_freealldevs()" routine to free the list.
Make "pcap_lookupdev()" use it, which also arranges that it will
not return a device that cannot be opened by "pcap_open_live()".
Allow the "any" device to be opened, on Linux, with "promisc"
non-zero; ignore the request for promiscuity, and return a
warning message indicating that promiscuous mode isn't supported
on the "any" device.
Document "pcap_findalldevs()" and "pcap_lookupdev()", and clean up some
items in the libpcap man page.
guy