fix a comment;
fix references to the send-side file descriptor in
"pcap_open_live()";
"dlrawdatareq()"s caller reports the error - we just return what
"putmsg()" returns, so the caller knows whether there was an
error.
counts work similarly to the way they work in BPF and 2.4 and later
Linux (and so that we don't run the risk of the dropped packet count
being bigger than the received packet count, which can result in dropped
packet percentages > 100).
because neither of them exist, just report that there was no DLPI device
found for "{if}N", so people don't think that they need to fix libpcap
(or the program using it) to look somewhere else for the device - the
problem is probably that they're trying to capture on a loopback device
and the lack of any DLPI device is just a symptom of the fact that the
loopback device, at least on Solaris, appears not to support DLPI and
thus isn't supported by libpcap....
devices, offer DLT_DOCSIS as one of the choices of link-layer type, and
support setting that type as meaning just "set libpcap's notion of the
link-layer type to DLT_DOCSIS" without telling the driver to use
DLT_DOCSIS.
reading packets from a pcap_t, and make "pcap_read()" call it. That
removes the last place where we have to check for a pcap_t that refers
to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it,
rather than being a per-platform function. The per-platform functions
don't need to check for an offline capture any more, as they're not
called for an offline capture (and the ones that just call
"install_bpf_program()" don't need to exist at all).
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather
than being a per-platform function; have stats routines for non-live
pcap_t's that return an error.
the platform-dependent part of closing a pcap_t (and the
live-vs-savefile part as well, so that function must close the file
descriptor and free up any buffers allocated).
In the Digital UNIX support, add in a check for a memory allocation
failure.
probably true in all versions), "sbh_drops" is "the cumulative number of
input messages that this instance of bufmod has dropped due to flow
control or resource exhaustion."
"Cumulative" presumably means "don't add it to the count of drops, as
it's *already* a count since the capture started; just set the count of
drops to the value". Do so.
chunk we ask bufmod to send upstream.
Yes, uint_t is always 32 bits, at least as I read the Solaris 8 code.
The chunk size is 8192, not 0, by default.
Don't do the chunk size stuff if we don't have bufmod.
673958, make two changes on Solaris:
don't set SB_NO_DROPS - doing so means that bufmod doesn't drop
packets, so it can't report the number of drops, but packets
probably still get dropped *somewhere*, if for no other reason
than that the system refuses to allocate more mblks/dblks, even
if it doesn't discard messages that arrive at the stream head if
it's full;
set the chunk size to 65536, as otherwise packets are dropped
too easily.
snoop also appears not to set SB_NO_DROPS and also appears to set the
chunk size to 65536, so that's probably the right thing to do.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to support it on BPF
systems lacking BIOCGDLTLIST and other platforms lacking an equivalent
feature.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
Add APIs to map DLT names to DLT values and vice versa.
read packets is "p->bufsize" bytes long, not MAXDLBUF bytes long
("p->bufsize" is set to (MAXDLBUF * sizeof sizeof(bpf_u_int32))), so
supply that as the "maxlen" value in the "data" argument to "getmsg()".
"struct timeval" - on Solaris 7 and 8, when compiling in LP64 or I32LPx
mode, it's a "struct timeval32" (presumably so that bufmod doesn't have
to worry about whether the stream is being read by a 32-bit program or a
64-bit program). Set the "struct timeval" "pkthdr.ts" by copying the
individual members rather than by doing a structure assignment.
devices appear to reject attempts to bind to 1537, perhaps because Token
Ring devices use SAPs rather than Ethertypes and 1537 isn't a valid SAP
value.
Try to supply a string rather than a numerical value for various DLPI
errors, and to supply a string rather than a numerical value for
unexpected DLPI primitives.
Cast the argument to <ctype.h> macros to "unsigned char", to eliminate
GCC warnings and to keep the macros from referring outside an array when
handed bytes with the 8th bit set.
"dl_hp_ppa_info_t" are arrays of "u_char" (or "u_int8_t"), presumably to
get around the problems of signed characters; this causes complaints
from HP's C compiler if we pass them as an argument to "strcmp()", so
cast them to "const char *".
routine, and use it both on HP-UX and other DLPI systems; this means
that, in case there is ever a network device on HP-UX with a number in
the device type name, we'll properly extract the unit number (i.e.,
we'll extract the last number from the name, not the first number) - I
don't think that'll ever happen, but putting it into a common routine is
cleaner in any case.
filter, always attach a copy, as "pcap-linux.c" does; that way, after a
program uses "pcap_setfilter()", it can safely use "pcap_freecode()" to
free up the BPF instructions allocated by "pcap_compile()". Also,
always free it up when the "pcap_t" is closed.
Get rid of the "pcap_t *" argument to "pcap_freecode()", as it's not
necessary.
Document "pcap_freecode()", for the benefit of programs that might
repeatedly compile filter programs and attach them, so that they can
free them up after attaching them and avoid leaking memory for them.
application won't build with any other version of libpcap, which means
that a lot of applications won't use them. In addition,
"pcap_linktype()" needs to return DLT_ values, so that platforms that
build libpcap as a shared library won't break binary compatibility if
they update to this version of libpcap.
Instead, we map from DLT_ values to LINKTYPE_ values when writing
savefiles, and map from LINKTYPE_ values to DLT_ values when reading
savefiles, so that savefiles don't have platform-dependent DLT_ values
in the header as the link type, they have platform-independent LINKTYPE_
values.
This means we don't need to make DLT_ATM_RFC1483, DLT_RAW, etc. have
platform-independent values starting at 100 - only the values in the
savefile header need to be like that.
For those PCAP_ENCAP_ codes corresponding to DLT_ codes that are
(believed to be) the same in all BSDs, the PCAP_ENCAP_ codes have the
same values as the corresponding DLT_ codes.
For those PCAP_ENCAP_ codes corresponding to DLT_ codes that were added
in libpcap 0.5 as "non-kernel" DLT_ codes, or had their values changed
in libpcap 0.5 in order to cope with the fact that those DLT_ codes
have different values in different systems, the PCAP_ENCAP_ codes have
the same values as the corresponding DLT_ codes.
We add some additional PCAP_ENCAP_ codes to handle IEEE 802.11 (which
currently has its link-layer information turned into an Ethernet header
by at least some of the BSDs, but John Hawkinson at MIT wants to add a
DLT_ value for 802.11 and pass up the full link-layer header) and the
Classical IP encapsulation for ATM on Linux (which isn't always the same
as DLT_ATM_RFC1483, from what I can tell, alas).
"pcap-bpf.c" maps DLT_ codes to PCAP_ENCAP_ codes, so as not to supply
to libpcap's callers any DLT_ codes other than the ones that have the
same values on all platforms; it supplies PCAP_ENCAP_ codes for all
others.
In libpcap's "bpf/net/bpf.h", we define the DLT_ values that aren't the
same on all platforms with the new values starting at 100 (to keep them
out of the way of the values various BSDs might assign to them), as we
did in 0.5, but do so only if they're not already defined; platforms
with <net/bpf.h> headers that come with the kernel (e.g., the BSDs)
should define them with the values that they have always had on that
platform, *not* with the values we used in 0.5.
(Code using this version of libpcap should check for the new PCAP_ENCAP_
codes; those are given the values that the corresponding DLT_ values had
in 0.5, so code that checks for them will handle 0.5 libpcap files
correctly even if the platform defines DLT_RAW, say, as something other
than 101. If that code also checks for DLT_RAW - which means it can't
just use a switch statement, as DLT_RAW might be defined as 101 if the
platform doesn't itself define DLT_RAW with some other value - then it
will also handle old DLT_RAW captures, as long as they were made on the
same platform or on another platform that used the same value for
DLT_RAW. It can't handle captures from a platform that uses that value
for another DLT_ code, but that's always been the case, and isn't easily
fixable.)
The intent here is to decouple the values that are returned by
"pcap_datalink()" and put into the header of tcpdump/libpcap save files
from the DLT_ values returned by BIOCGDLT in BSD kernels, allowing the
BSDs to assign values to DLT_ codes, in their kernels, as they choose,
without creating more incompatibilities between tcpdump/libpcap save
files from different platforms.
network device, so that
1) you can infer from the message whether the program is using
the old version of the code to get the PPA (which didn't work
all that well) or the newer version, without having to prod a
user complaining about tcpdump/Ethereal/whatever not working
to tell you which version of libpcap they're using;
2) programs can perhaps check the error message returned by
libpcap and, if it's the old error message, tell the user
that the problem may be that they're using an old libpcap.
guy