snoopheader" is a "struct irix5_timeval" rather than a "struct timeval",
by copying the "tv_sec" and "tv_usec" members of that structure to the
time stamp in a "struct pcap_hdr".
read packets is "p->bufsize" bytes long, not MAXDLBUF bytes long
("p->bufsize" is set to (MAXDLBUF * sizeof sizeof(bpf_u_int32))), so
supply that as the "maxlen" value in the "data" argument to "getmsg()".
"struct timeval" - on Solaris 7 and 8, when compiling in LP64 or I32LPx
mode, it's a "struct timeval32" (presumably so that bufmod doesn't have
to worry about whether the stream is being read by a 32-bit program or a
64-bit program). Set the "struct timeval" "pkthdr.ts" by copying the
individual members rather than by doing a structure assignment.
1. During termination processing set up by atexit() under a 2.0.x
kernel, if a socket had been previously closed and the handle freed
due to an error, pcap_close_all() and pcap_close_linux() would
nevertheless try to work with these structures and then crash.
pcap_close_linux() is now called directly when necessary during
error processing.
2. atexit() could get called more than once because the did_atexit
flag wasn't being set.
3. If iface_get_arptype() returns an error because the ioctl() call
failed (probably due to "no such device"), live_open_new() now
returns a fatal error to pcap_open_live() and the call to
live_open_old() is short-circuited.
4. Applications using libpcap would appear to listen on an interface
that was down.
a. iface_bind() and iface_bind_old() now check for pending errors
after bind(). In turn, pcap_open_live() now returns an error
status if there was a pending error after bind().
b. After draining the socket, set_kernel_filter() now checks to see
if the error was the expected EAGAIN and returns a fatal error
to pcap_setfilter() if not. In turn, pcap_setfilter() now
returns an error status if there was a network error.
5. pcap_setfilter() was putting an error message into errbuf after a
failed call to install_bpf_program(). This was unnecessary since
install_bpf_program() puts its own error message into errbuf.
return DLT_LINUX_SLL or not, and, if that flag is false, for those
interface types where we'd used DLT_LINUX_SLL, pick a DLT_ type that
works as well as possible in raw mode, or fail.
Pass 1 as that flag if we're using a PF_PACKET socket; pass 0 as that
flag if we're using a PF_INET/SOCK_PACKET socket.
For PF_INET/SOCK_PACKET sockets, try to get the link-layer type and map
it to a DLT_ value *before* turning promiscuous mode on, so that we
don't try to put the interface into promiscuous mode unless we know we
can handle its link-layer type (and thus that we can use the interface).
ARPHRD_IEEE80211_PRISM, for sniffing on Prism II-based 802.11 interfaces
and getting the special Prism header, so we should map it to
DLT_PRISM_HEADER.
the file descriptor flags; there's no guarantee that it will actually
*affect* the file descriptor flags (consider a memory-mapped capture
mechanism such as the Linux 2.4 mechanism, where all "non-blocking mode"
means is "don't do a 'select()' or 'poll()' if there aren't any new
packets in the memory-mapped buffer") or, in fact, that there are file
descriptor flags to affect (consider WinPcap).
Don't subtract "tp_drops" from "tp_packets" - "ps_recv", on BSD,
at least, includes packets dropped due to lack of buffer space,
so it should do so on Linux as well.
The "len" argument to "getsockopt()" is a value-result
parameter, initially containing the size of the buffer being
supplied; set it before the call.
Catch "getsockopt()" errors and, if it's an error other than
EOPNOTSUPP, return an error.
the current state of non-blocking mode; this allows us to implement, for
example, memory-mapped capture devices, where "pcap_read()" uses
"select()" or "poll()" to wait for packets to arrive, and hide that
implementation detail from applications using this API
("pcap_setnonblock()" would set or clear a non-blocking mode flag in the
"pcap_t", and the "select()" or "poll()" would not be done if the
"pcap_t" is in non-blocking mode).
information plus 802.11 header (as per Tim Newsham's stuff) and for some
flavor of Aironet 802.11 link-layer header (as per Doug Ambrisko's
FreeBSD patches).
that there may be compile-time or run-time problems with the
workarounds, suggest that people send in a detailed report and fall back
on DLPI if they have those problems, and suggest that if they construct
fixes for the problems they send them to patches@tcpdump.org.
Fix the white space.
field, and make a PCAP_IF_LOOPBACK flag be the first flag bit in that
field, specifying whether the interface is a loopback interface; this
allows us to add more flags without changing the layout of the
structure.
didn't handle; fix the code to do so.
Remove the word "Warning" from the warning - tcpdump will add it when it
prints the warning, as will Ethereal and Tethereal.