beginning of the packet if the packet has an 802.2+SNAP header (3 bytes
802.2, 5 bytes SNAP), and 3 bytes from the beginning of the packet if it
has only an 802.2 header, just as is the case for DLT_ATM_CLIP, so go
back to handling them both with the same case.
Restore some comments asking whether we need to check the SSAP when
testing the 802.2 header for protocol types.
Clean up white space.
RFC 1188, RFC 1042, and RFCs 1483 and 2225 specify that SNAP
encapsulation is used for IP, not LLC encapsulation with LLCSAP_IP and,
in fact, that's what most if not all IP traffic over FDDI, 802 networks,
and LLC-encapsulated ATM use; go back to treating those link-layer types
the same way other link-layer types are handled.
chunk we ask bufmod to send upstream.
Yes, uint_t is always 32 bits, at least as I read the Solaris 8 code.
The chunk size is 8192, not 0, by default.
Don't do the chunk size stuff if we don't have bufmod.
673958, make two changes on Solaris:
don't set SB_NO_DROPS - doing so means that bufmod doesn't drop
packets, so it can't report the number of drops, but packets
probably still get dropped *somewhere*, if for no other reason
than that the system refuses to allocate more mblks/dblks, even
if it doesn't discard messages that arrive at the stream head if
it's full;
set the chunk size to 65536, as otherwise packets are dropped
too easily.
snoop also appears not to set SB_NO_DROPS and also appears to set the
chunk size to 65536, so that's probably the right thing to do.
which supplies different headers from BSD ARCNET, and fixes to the
ARCNET code generator (the protocol ID field is 1 byte, so the values
for it shouldn't be byte-swapped).
Whitespace cleanups.
The "NetBSD-style" ARCNET headers are used in other BSDs as well, so
just call them "BSD-style".
supplied by Linux's ARCNET code aren't the same as the ones supplied by
NetBSD's ARCNET code.
Fix up some LINKTYPE_ values to match the corresponding DLT_ values.
(There is no released version of libpcap/tcpdump that supports their
previous values.)
defined - Debian bug 171210 says that "sparc" isn't defined by GCC,
which presumably means "with the compiler we're using on Debian" as
there are versions of GCC that *do* define "sparc" on SPARC.
unfortunately, we can't fix "pcap_dump()" and "pcap_dump_close()" to do
that, as any application that tests the return value would fail to work
correctly if linked at runtime with an older libpcap, but we should
perhaps introduce "pcap_dump_ex()" and "pcap_dump_close_ex()" routines
that do return a success-vs-vailure indication.
argument to "pcap_open_live()" a "const" pointer.
Constify some additional device name arguments, and update the man page
to reflect some arguments that were already consts.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to support it on BPF
systems lacking BIOCGDLTLIST and other platforms lacking an equivalent
feature.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
Add APIs to map DLT names to DLT values and vice versa.
can use BPF, you don't need to have the latest DLPI driver or make sure
it's loaded (and maybe we're finally at the point where you can use
BPF).
Reformat a bit.
Note that the DLPI support has problems with DL_PROMISC_MULTI failing.
if, as I suspect is the case, that causes no timeout to be set, and if
that's the same as explicitly clearing the timeout with SBIOCCTIME, that
would appear to mean that it'd wait forever for a full chunk's worth of
packets to arrive.
can have one of two different behaviors, depending on the OS (it means
"don't return from a read until enough data has arrived" on BSD and
Digital/Tru64 UNIX, and means "return immediately" on Solaris, for
example, at least according to the man pages on Digital/Tru64 UNIX and
Solaris and the code in BSD).
"pcap_dispatch()" and "pcap_loop()", give more details on the effect of
the "snaplen" argument to "pcap_open_live()", and suggest 65535 as a
value if you want to capture the entire packet.
particular, point out that it's only used when checking for IPv4
broadcast addresses, and that if you don't care whether those checks are
done correctly, you can supply 0 if the netmask isn't known or isn't
available.
configure script to think it's IRIX, so test for
"/usr/include/linux/socket.h" before testing for
"/usr/include/net/raw.h" (which is done before testing for
"/usr/include/sys/dlpi.h"; hopefully no future IRIX release, or future
release of Solaris/HP-UX/AIX/other OS that supports DLPI, will add
"/usr/include/linux/socket.h" as a "helpful" header file for Linux
compatibility).
of packet headers so that, in all expressions after it, the tests assume
LANE encapsulation of packets. (We also assume the emulated LAN is an
Ethernet LAN, rather than a Token Ring LAN.)
Allow ATM tests to be combined with non-ATM tests in expressions, so
that you can do, for example, "lane and icmp".