pcap-linux.c memory-mapped mode.
Always doing a poll() if there are no packets available allows us to
catch disappearing interfaces in memory-mapped mode, so remove the
caveats about Linux.
even if we're in non-blocking mode, to pick up any error indications -
in that case, use a timeout of 0, so poll() doesn't block.
Don't test individual exceptional-condition bits in the poll() return
unless one of them is set, so we just do one test in the typical (no
exceptional condition) case.
went down" on at least some OSes, return a message indicating that.
When reading from a Linux PF_PACKET socket, if we get ENETDOWN, which
means "The device went down", return a message indicating that.
When doing a poll() on a PF_PACKET socket, check for various "something
happened on this, but it's not readable" conditions.
anything it's opened, etc..
In addition, the op pointers need to be restored to the un-activated
state; do that in pcap_activate() if the call to the activate op fails.
Also, in the common cleanup code, set the fd's to -1.
libpcap archive. A dependency has been introduced whereby the dagapi.o
object depends on functions in the dagutil.o as og DAG software release
3.4.1. This change is backwards compatible with older versions of the
DAG libraries.
http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/StartupItems.html
"Table 1 StartupParameters.plist key-value pairs
Key Type Value
Description String A short description of the startup item,
used by administrative tools.
Provides Array The names of the services provided by this
startup item. Although a startup item can
potentially provide multiple services, it is
recommended that you limit your startup items
to only one service each."
Fix "Provides" to be the name of the service, not a description of the
helpful operations that it provides.
pcap_fopen_offline(), so that we initialize various function pointers
(not just the oneshot callback, but also functions such as the "can set
rfmon mode" function).
message, supply the error message corresponding to the activate
routine's return status, for the benefit of programs that don't handle
different error returns differently.
If PCAP_WARNING_PROMISC_NOTSUP, PCAP_ERROR_NO_SUCH_DEVICE, or
PCAP_ERROR_PERM_DENIED is returned, pcap_geterr() or
pcap_perror() may be called with p as an argument to fetch or
display an message giving additional details about the problem
that might be useful for debugging the problem if it's
unexpected.
but we weren't always setting the error string in question. Do so.
In pcap_open_live(), if the open fails with PCAP_ERROR, include the
device name in the error string, and if it fails with
PCAP_ERROR_NO_SUCH_DEVICE or PCAP_ERROR_PERM_DENIED, include the device
name and both error messages in the error string.
packets were seen, but do put the "."s on a separate line - which should
all come out in a burst, so don't fflush() after each one, let the
newline at the end do that.
Report POLLNVAL for poll().
When not using select() or poll(), loop forever doing pcap_dispatch(),
rather than just using pcap_loop(), so you see what happens for each
delivered batch of packets.
Allocate a buffer into which to copy a packet, and have the
callback for pcap_next() and pcap_next_ex() copy to that buffer
and return a pointer to that buffer; we can't return the packet
data pointer passed to the callback, as, once the callback
returns, that buffer can be overwritten, even before you read
the next packet.
Don't tweak filter programs passed into the kernel to return
65535 on success - we don't have to, as we're not reading
packets with recvfrom(), and we don't want to, as, if we return
the actual snapshot length, the kernel will copy less data to
the ring buffer.
Truncate the packet snapshot length to the specified length, as
we might not have a filter to do that.
- Fixed bug where create_ring would fail for particular snaplen and
buffer size combinations
- Changed ring allocation to retry with 5% less buffer size instead of
50%
Guy Harris