SOL_PACKET/PACKET_STATISTICS "getsockopt()" call, on Linux kernels that
support it, to get packet statistics, so that we can report the number
of dropped packets, and always use <linux/if_packet.h> to get
definitions for PF_PACKET sockets, so that we don't depend on glibc's
header files having been updated to support all the latest shiniest
kernel features (many systems with 2.4[.x] kernels don't have a
<netpacket/packet.h> that defines "struct tpacket_stats", for example,
so we wouldn't have been able to support that kernel feature on those
systems).
devices appear to reject attempts to bind to 1537, perhaps because Token
Ring devices use SAPs rather than Ethertypes and 1537 isn't a valid SAP
value.
Try to supply a string rather than a numerical value for various DLPI
errors, and to supply a string rather than a numerical value for
unexpected DLPI primitives.
Cast the argument to <ctype.h> macros to "unsigned char", to eliminate
GCC warnings and to keep the macros from referring outside an array when
handed bytes with the 8th bit set.
statement checking the link-layer type.
Give an error if we see a link-layer type we don't handle, rather than
assuming Ethernet - there's no guarantee that the framing is Ethernet
framing.
If we succeeded in opening the packetfilter device, but had an error
later, close the device before returning from "pcap_open_live()".
<Miklos.Szeredi@eth.ericsson.se> - "pcap_ether_aton()" allocates memory
for the MAC address, but we don't free it when we're done with it.
Code inspection revealed that there's a similar problem with
"pcap_ether_hostton()"; fix that as well.
"dl_hp_ppa_info_t" are arrays of "u_char" (or "u_int8_t"), presumably to
get around the problems of signed characters; this causes complaints
from HP's C compiler if we pass them as an argument to "strcmp()", so
cast them to "const char *".
Update the note on libpcap being "not very well suited for interactive
programs" to note that at least some of what it says is necessary is
already supported.
routine, and use it both on HP-UX and other DLPI systems; this means
that, in case there is ever a network device on HP-UX with a number in
the device type name, we'll properly extract the unit number (i.e.,
we'll extract the last number from the name, not the first number) - I
don't think that'll ever happen, but putting it into a common routine is
cleaner in any case.
to DLT_C_HDLC.
Arrange that if "map_arphrd_to_dlt()" supplies DLT_LINUX_SLL as the
link-layer DLT_ value, we capture in cooked mode.
Return DLT_LINUX_SLL for ARPHRD_PPP, as some PPP code in the kernel
supplies no link-layer header whatsoever to PF_PACKET sockets, other PPP
code supplies PPP link-layer headers ("syncppp.c"), and PPP-over-ISDN
appears to supply random link-layer headers (there's code in Ethereal,
for example, to cope with PPP-over-ISDN captures with which the Ethereal
developers have had to cope, heuristically trying to determine which of
the oddball link-layer headers particular packets have).
support PF_PACKET sockets, and, in particular, don't define in
<linux/if_packet.h> any of the stuff needed by the code to handle
PF_PACKET sockets. Define HAVE_PF_PACKET_SOCKETS if either
1) we have <netpacket/packet.h>
or
2) PF_PACKET is defined *and* PACKET_HOST is defined by
<linux/if_packet.h>
and use HAVE_PF_PACKET_SOCKETS, not PF_PACKET, be what we use in #ifdefs
to conditionally compile in support for PF_PACKET sockets.
Not all platforms define ARPHRD_SIT, either; #define it if it's not
already defined.
<net/if_arp.h>, and the stuff we want is in <net/if_arp.h>, so include
that rather than <netinet/if_ether.h>.
At least some libc5 systems don't have <netpacket/packet.h>, but have a
<sys/socket.h> that includes <linux/socket.h>, and the latter defines
SO_ATTACH_FILTER if the kernel is a 2.2 or later kernel, so there exist
systems that have SO_ATTACH_FILTER defined but don't have
<netpacket/packet.h>. Work around that by:
checking whether we have PF_PACKET sockets by checking whether
PF_PACKET is defined, not whether we have <netpacket/packet.h>
(but we still check whether we have <netpacket/packet.h> before
including it);
if PF_PACKET is defined but we don't have <netpacket/packet.h>,
include <linux/if_packet.h> to get the relevant definitions.
Ethernet, so, at least on Ethernet, when checking for IPX frames, check
for all of them, including Ethernet_II and Ethernet_SNAP.
Add an "llc.h" file with LLC SAP values, taken from tcpdump's "llc.h"
file, and use those, rather than defining them ourselves in "gencode.c".
for "Novell 802.3" frames, which are 802.3 frames (i.e., the type/length
field is a length field, i.e. it's <= ETHERMTU) with 0xFFFF as the first
2 bytes. We don't yet check for ETHERTYPE_IPX as well.
When checking for OSI packets on Linux cooked captures, check for 802.2
frames by testing the packet type for LINUX_SLL_P_802_2 rather than by
checking whether the type field is <= ETHERMTU (it's always a type field
in DLT_LINUX_SLL captures).
guy