- Ensure all 'MC' ERF types are handled correctly by DLT_ERF.
- Allow capture of ERF 'TYPE_IPV6' records as DLT_RAW.
- Add new ERF types
- Explicitly list known ERF types with no matching native DLT.
used to clean up after a failed pcap_activate() call. Convert the
existing close_op routines to cleanup_op routines, and use them to clean
up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
directly if there's no platform-dependent cleanup needed. That means we
don't have to write the same cleanup code twice (and possibly forget
stuff in the version done on a failed pcap_activate() call).
Have the cleanup routines do whatever is necessary to indicate that
cleanup has been done, and not do any particular cleaning up if it's
already been done (i.e., don't free something if the pointer to it is
null and null out the pointer once it's been freed, don't close an FD if
it's -1 and set it to -1 once it's been closed, etc.).
For device types/platforms where we don't support monitor mode, check
for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
checked whether we can open the device, so we return "no such device" or
"permission denied" rather than "that device doesn't support monitor
mode" if we can't open the device in the first place.
Fix a comment.
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
Changing the behaviour when the ERF type is unknown, and for ERF
TYPE_PAD.
Unknown ERF types can always be captured as DLT_ERF. TYPE_PAD
records are dropped silently.
field in a capture file into:
a 16-bit link-layer type field (it's 16 bits in pcap-NG, and
that'll probably be enough for the foreseeable future);
a 10-bit "class" field, indicating the group of link-layer type
values to which the link-layer type belongs - class 0 is for
regular DLT_ values, and class 0x224 grandfathers in the NetBSD
"raw address family" link-layer types;
a 6-bit "extension" field, storing information about the
capture, such an indication of whether the packets include an
FCS and, if so, how many bytes of FCS are present.
This patch introduces support for the DAG ERF type
TYPE_COLOR_MC_HDLC_POS.
The patch also allows appropriate DAG cards (DAG 3.7T, DAG 7.1S)
to optionally produce DLT_MTP2_WITH_PHDR (139) traces when
capturing from channelised HDLC links, as an alternative to
DLT_MTP2 (140). When using the new DLT, the 'DAG channel' is
recorded in the pcap record pseudo header as the 'link_number'.
Basic BPF filtering support for DLT_MTP2_WITH_PHDR is also
added.
Fix some warnings.
In addition, clean up the allocation and freeing of the temporary
pathname string buffer.
Also, there's no need to set "md.device" (it's only used on Linux, and
even then used only with the old SOCK_PACKET sockets, where you have to
turn promiscuous mode off explicitly rather than having it turn off
automatically when you close the socket) or "md.timeout".
The USB pseudo-header in DLT_USB_LINUX captures is in the host
byte order for the machine on which the capture was done. When
reading a capture file, convert the pseudo-header to the host
byte order of the host on which the file is being read.
There's a 64-bit quantity in that pseudo-header; move the 64-bit
byte-swap macro from the DAG code to pcap-int.h for use by other
code.
If the DAG API supports asking a card for the set of ERF types
it supports, use that capability, to handle cards that support
multiple ERF types. This is to support channelised/fractional
T1/E1.
Don't set the snapshot length - some DAG cards support multiple
capture streams, but the snapshot length is global, so it'd
affect other captures.
Update README.dag.
values for an HDLC link (MTP2 is what's usually run on those links, with
MTP3 atop it); remove them. Also, boost dlt_count to match the number
of DLT_ values.
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
The DAG 4.2 OC-48 cards (and revisions thereof) produce ERF
records that do not contain the trailing FCS. However,
pcap-dag.c assumed that there is an FCS and strips the final
word of the packet. This meant that packets captured with
libpcap on a DAG 4.2 are truncated by four bytes, unless a
magical environment variable (ERF_FCS_BITS) was set. This patch
autodetects when the DAG card is a 4.2, and turns off the
FCS-stripping feature so that packets are no longer truncated.
Also, include "dagnew.h" and "dagapi.h" with quotes, not angle
brackets, as they should be in the user search path, not the
system search path.
- don't auto-detect HDLC DLT on serial links, use
"pcap_set_datalink()" to choose the link-layer header
- for ATM, allow selecting SUNATM rather than the default
RFC1483 with "pcap_set_datalink()"
- reformat and otherwise clean up the code.
devices, offer DLT_DOCSIS as one of the choices of link-layer type, and
support setting that type as meaning just "set libpcap's notion of the
link-layer type to DLT_DOCSIS" without telling the driver to use
DLT_DOCSIS.
Added support for nonblocking operation.
Added support for processing more than a single packet in
pcap_dispatch().
Fixed bug in loss counter code.
Improved portability of loss counter code (e.g. use UINT_MAX
instead of 0xffff).
Removed unused local variables.
Added required headers (ctype.h, limits.h, unistd.h,
netinet/in.h).
Changed semantics to match those of standard pcap on linux.
- packets rejected by the filter are not counted.
Fix the pcap-dag atexit() handler for non-execing child
processes. Previously a fork()/exit() would stop the packet
capture (doh!).
Add a couple of optimizations.
assume Cisco HDLC, look at the first frame to see whether it has a
PPP-in-HDLC-like-frameing header, and use DLT_PPP_SERIAL for that and
DLT_CHDLC otherwise.
reading packets from a pcap_t, and make "pcap_read()" call it. That
removes the last place where we have to check for a pcap_t that refers
to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it,
rather than being a per-platform function. The per-platform functions
don't need to check for an offline capture any more, as they're not
called for an offline capture (and the ones that just call
"install_bpf_program()" don't need to exist at all).
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather
than being a per-platform function; have stats routines for non-live
pcap_t's that return an error.
the platform-dependent part of closing a pcap_t (and the
live-vs-savefile part as well, so that function must close the file
descriptor and free up any buffers allocated).
In the Digital UNIX support, add in a check for a memory allocation
failure.
Stephen Donnelly