dect
/
libpcap
Archived
13
0
Fork 0
Commit Graph

1031 Commits

Author SHA1 Message Date
guy fde2e99495 Move the description of "pcap_[sg]etnonblock()" immediately after the
description of the routines to open captures, so that non-blocking mode
is described before "pcap_dispatch()" is described.
2001-12-09 08:58:28 +00:00
guy a82f1618b8 Add APIs to put a "pcap_t" into or out of non-blocking mode, and to get
the current state of non-blocking mode; this allows us to implement, for
example, memory-mapped capture devices, where "pcap_read()" uses
"select()" or "poll()" to wait for packets to arrive, and hide that
implementation detail from applications using this API
("pcap_setnonblock()" would set or clear a non-blocking mode flag in the
"pcap_t", and the "select()" or "poll()" would not be done if the
"pcap_t" is in non-blocking mode).
2001-12-09 05:10:02 +00:00
guy b0ea1152b6 Add support for DLT_PRISM_HEADER. 2001-11-30 07:25:48 +00:00
guy cabc9945d9 Add in items for the new savefile types. 2001-11-28 07:16:53 +00:00
guy 87c019c9e2 Reserve link-layer types for Prism II 802.11 chip monitor mode
information plus 802.11 header (as per Tim Newsham's stuff) and for some
flavor of Aironet 802.11 link-layer header (as per Doug Ambrisko's
FreeBSD patches).
2001-11-28 05:50:05 +00:00
guy 4e83ece64c From Maciej W. Rozycki <macro@ds2.pg.gda.pl>: treat all MIPS and SPARC
platforms as always requiring strict alignment, rather than doing
configure-time testing with a sample program.
2001-11-25 02:22:06 +00:00
guy 28e545e149 Note that we now attempt to work around AIX BPF's weirdness, indicate
that there may be compile-time or run-time problems with the
workarounds, suggest that people send in a detailed report and fall back
on DLPI if they have those problems, and suggest that if they construct
fixes for the problems they send them to patches@tcpdump.org.

Fix the white space.
2001-11-17 21:29:58 +00:00
guy 035321a1ac Attempt to work around the ways in which AIX's BPF is unlike BSD's BPF.
Get rid of the mapping of OpenBSD's DLT_LOOP to DLT_NULL; we now handle
DLT_LOOP.
2001-11-17 21:24:09 +00:00
guy ee923fedbb AIX's DLPI devices are, at least in AIX 4.3 and later, in the
"/dev/dlpi" directory, not the "/dev" directory.
2001-11-17 21:07:59 +00:00
fenner e935ae5425 Regenerate. 2001-11-12 22:19:15 +00:00
fenner 93abe845e9 Add comments to BDEBUG and YYDEBUG for autoheader 2001-11-12 22:18:57 +00:00
fenner d1a8dfbe03 Add "const" for autoconf 2.52 compatability. Longer term solution:
go through aclocal.m4 and modernize it.
2001-11-12 22:18:01 +00:00
fenner 4da5bb94e1 Make it easy to turn on optimizer and parser debugging with
--enable-optimizer-dbg and --enable-yydebug
2001-11-12 22:08:46 +00:00
fenner 5795b0ba56 Eliminate duplicate prototypes. 2001-11-12 22:04:23 +00:00
fenner cae054001c Optimize out "jset #0" (always false) and "jset #ffffffff" (always true). 2001-11-12 22:02:50 +00:00
fenner 1c20fa1fee Zero out IPv6 mask before using it. This fixes expressions like
'net 2002::/16', which were previously non-deterministic based on
the previous contents of memory.

Reported by:	Pekka Savola <pekkas@netcore.fi>
2001-11-12 21:59:44 +00:00
fenner 98181e94fc Don't optimize away "sub #0" as it may be required to recognize
the code that is generated for e.g. 'icmp[0] > 0'.
2001-11-12 21:57:06 +00:00
guy 366751fb69 Close a file descriptor leak, as per a patch that comes with Nessus and
Pavel Kankovsky's suggested fix to that patch.
2001-11-11 22:32:28 +00:00
guy 88d9e6cb24 Reserve DLT_ type 118 for Cisco internal use, as per a request from
Gilbert Ramirez of Cisco.

More explicitly reserve 116 and 117 as well.
2001-11-02 08:03:39 +00:00
guy c781d3d992 Fix a call to "pcap_add_if()" that wasn't give a null-pointer
description argument.
2001-10-28 20:40:43 +00:00
guy dfc0d14d3b Add a description to the entry for the "any" device. 2001-10-28 20:31:05 +00:00
guy d71c1c4045 In the description of "pcap_datalink()", enumerate the link-layer types,
and give a description of the link-layer header if it's not directly
implied by the link-layer type.
2001-10-28 03:54:57 +00:00
guy db79c69108 Make the "is_loopback" field of a "pcap_if" structure a general "flags"
field, and make a PCAP_IF_LOOPBACK flag be the first flag bit in that
field, specifying whether the interface is a loopback interface; this
allows us to add more flags without changing the layout of the
structure.
2001-10-28 02:31:49 +00:00
guy c3736d4ff8 When using SOCK_PACKET sockets, which don't support cooked mode, reject
any link-layer types that would get mapped to cooked mode.
2001-10-25 18:09:59 +00:00
guy bc61a9fd37 We weren't returning a warning if the interface had an ARPHRD_ type we
didn't handle; fix the code to do so.

Remove the word "Warning" from the warning - tcpdump will add it when it
prints the warning, as will Ethereal and Tethereal.
2001-10-25 08:27:18 +00:00
guy 03c414f542 Don't print the warning for an ARP type not supported by libpcap, return
it in the error message buffer, as is done for warnings in other
implementations of "pcap_open_live()".
2001-10-25 06:46:14 +00:00
mcr 8ccdbcd8e5 started 0.7 CHANGES. 2001-10-23 04:37:31 +00:00
guy 6e796fb8ba Fix a typo and a formatting nit. 2001-10-13 06:28:53 +00:00
guy daa93e7a2d Add "stamp-h" and "stamp-h.in" to ".cvsignore"; they're already in
tcpdump's ".cvsignore".
2001-10-13 05:29:27 +00:00
fenner 26f0ba1e04 Add some optimizer debugging (not compiled by default) 2001-10-13 04:23:28 +00:00
mcr f3d3a0b363 clarified use of pcap_dump(3) parameters. 2001-10-12 21:43:29 +00:00
guy 5ad8d9d9e2 As suggested by Hyung Sik Yoon <hsyn@kr.ibm.com>, use 2 rather than 0 as
the SAP on AIX if a SAP of 1537 doesn't work; he says that 2 works on
Token Ring but 0 doesn't.
2001-10-12 06:43:42 +00:00
guy d5735e2448 Split off the code to scan "/proc/net/dev" into a separate routine, and
don't call it if we've already had an error.
2001-10-10 06:46:50 +00:00
guy 519b0b5a59 If we have "/proc/net/dev", and don't have <ifaddrs.h> (i.e., don't have
"getifaddrs()"), after processing the list returned by SIOCGIFCONF, scan
"/proc/net/dev" for interface names, and add to the list of interfaces
entries for those interfaces, with no associated addresses (if the
interfaces were already added, with addresses, from the list returned by
SIOCGIFCONF, they won't get added again).

Clean up the error handling a bit.
2001-10-09 05:43:19 +00:00
guy 5a85948f80 We don't actually use HAVE_FREEIFADDRS, so there's no point in checking
whether we have "freeifaddrs()" (we don't check whether we have
"getifaddrs()", and if we have "getifaddrs()" but not "freeifaddrs()",
we're stuck with leaking memory).

Give the "any" device an instance number of INT_MAX, so it shows up
after all other non-loopback devices.

"getifaddrs()" sometimes appears to supply a destination address even
for non-point-to-point interfaces (it did so on a FreeBSD 4.1 system);
don't use the broadcast address it supplies if an interface isn't a
broadcast interface, and don't use the destination address it supplies
if an interface isn't a point-to-point interface.

If we had an error constructing the list of interfaces, don't attempt to
add the "any" device to the list.
2001-10-09 03:53:38 +00:00
guy 79aeeee5ae Check in the updated configure script, from the following change to
aclocal.m4:

	revision 1.73
	date: 2001/09/14 08:08:15;  author: torsten;  state: Exp;  lines: +2 -2
	The Itanium does not like unaligned memory accesses (the Linux kernel
	warns about them and probably performance suffers). Therefore I added
	the cpu to the list of systems where unaligned access should be avoided.
	See also http://bugs.debian.org/112152
2001-10-08 10:19:55 +00:00
guy 2ae227c882 Bump the version to 0.7. 2001-10-08 08:17:03 +00:00
guy 9c0a593a2e From Scott Gifford:
Add a new "pcap_findalldevs()" routine to get a list of all
	interfaces that can be opened with "pcap_open_live()", and a
	"pcap_freealldevs()" routine to free the list.

	Make "pcap_lookupdev()" use it, which also arranges that it will
	not return a device that cannot be opened by "pcap_open_live()".

	Allow the "any" device to be opened, on Linux, with "promisc"
	non-zero; ignore the request for promiscuity, and return a
	warning message indicating that promiscuous mode isn't supported
	on the "any" device.

Document "pcap_findalldevs()" and "pcap_lookupdev()", and clean up some
items in the libpcap man page.
2001-10-08 01:06:20 +00:00
guy 2de302a362 ARPHRD_ARP doesn't uniquely specify the header that will appear on
packets before the network-layer header; we already deal with that in
tcpdump, and we could probably try to deal with that in the code
generator, but it's less of a pain to just punt to DLT_LINUX_SLL.
2001-09-23 22:43:57 +00:00
fenner ecead9709d Reset the VLAN flags when compiling a new expression.
This allows correct compilation of multiple expressions
 containing the "vlan" keyword in the same program.

Reported by:	Jon Dugan <jdugan@ncsa.uiuc.edu>, on the bro@lbl.gov list
2001-09-20 00:24:24 +00:00
torsten 6aa0217fdb The Itanium does not like unaligned memory accesses (the Linux kernel
warns about them and probably performance suffers). Therefore I added
the cpu to the list of systems where unaligned access should be avoided.
See also http://bugs.debian.org/112152
2001-09-14 08:08:15 +00:00
fenner 9156c4fbfd Revert to catching only bogus ethernet addresses that end in a colon,
since the updated expression caught the "4:2" in "ip[4:2]".
2001-09-14 01:40:57 +00:00
guy c8c9f4c3aa Reflect the renaming of "INSTALL" to "INSTALL.txt". 2001-09-09 19:36:25 +00:00
guy 7acd15ba8d Reserve 116 for IP Filter capture files and 117 for OpenBSD DLT_PFLOG. 2001-09-09 05:02:28 +00:00
guy b57608cf35 LINKTYPE_IEEE802_11 and LINKTYPE_LOOP, and DLT_IEEE802_11, are no longer
reserved for future use; they're being used.

Move other currently-being-used LINKTYPE_ values above the "reserved for
future use" comment, to make it clear which types are reserved and which
are already in use.

Note that 100 through 103 shouldn't be used for new DLT_ types.
2001-09-09 04:27:18 +00:00
guy ba047e2bd0 Add a DLT_ value and a link-layer type value for savefiles for Acorn
Econet.
2001-09-05 04:27:23 +00:00
guy 545afab583 Changes from Pavel Kankovsky to reset the kernel filter in
"pcap_setfilter()" if we're not using a kernel filter, in case a
previous call to "pcap_setfilter()" had succeeded in adding a kernel
filter, as if we're doing userland filtering we need to get rid of all
kernel filters that might discard packets that'd pass the userland
filter.
2001-08-30 03:08:43 +00:00
guy cec0453730 Patch, based on a patch from Pavel Kankovsky <kan@dcit.cz>, to flush all
packets queued up on the socket when we set a kernel filter on the
socket, so that if there are any queue-up packets that wouldn't have
passed the new filter, we don't see them.  (Some other packet capture
mechanisms do this automatically; this prevents tcpdump, for example,
from showing or saving, when run with a filter, some packets that
wouldn't have passed the filter.)

XXX - do we have to do this on any other platforms?

Choose whether to compile in the code to modify filter programs for use
in the kernel, and to flush queued-up packet and set a kernel filter, on
whether SO_ATTACH_FILTER is defined (i.e., on whether we have kernel
filter support in our build environment), rather than on whether
HAVE_PF_PACKET_SOCKETS is defined (i.e., on whether we have PF_PACKET
support in our build environment), as we choose whether to *use* that
code based on whether SO_ATTACH_FILTER is defined.
2001-08-25 05:08:26 +00:00
guy 96943e6868 In "pcap_read_packet()", always use "handle->buffer + handle->offset" as
the pointer to the beginning of the link-layer header; never use just
"handle->buffer", as, if "handle->offset" is non-zero (as is the case
with many link-layer types, including Ethernet), "handle->buffer"
doesn't point to the beginning of the link-layer header.
2001-08-24 09:27:14 +00:00
guy 8d039ab3b6 Define MSG_TRUNC as 0x20 if it's not defined, so that if this is
compiled on a system that doesn't have it, it'll use it on systems that
do have it.

On systems with MSG_TRUNC support (i.e., 2.2 and later kernels), there's
no need to read in the entire packet in order to find out how large it
is, so just allocate a buffer big enough for a snapshot length's worth
of data, and just read that much data.

There's no need for a "readlen" member of the "pcap_md" structure, as
the byte count to "recvfrom()" is just the "bufsize" member of the
"pcap_t" structure.
2001-08-24 07:46:52 +00:00