region and the size of the region; use that pointer rather than the bp
or buffer member (that means we don't have to worry about
pcap_cleanup_live_common() attempting to free that buffer). Use the
saved size when unmapping the memory-mapped region.
Use that for Linux USB memory-mapped access as well - and unmap the
memory-mapped region when we close the pcap_t, because we *do* have to
unmap it.
mac80211 devices will, regardless of whether they support the Wireless
Extensions - wmaster devices will let you turn monitor mode on but don't
appear to support the Wireless Extensions.
Support turning on monitor mode with libnl even if we don't have support
for the Wireless Extensions, just in case the Wireless Extensions go
away at some point in the future if every 802.11 device has a mac80211
driver.
finishes processing the packet; in some cases, such as pcap_next() and
pcap_next_ex(), the packet data is expected to be available after the
callback returns, and only discarded when the next packet is read.
<net/if.h>, in the hope that
1) doing so won't cause some problem somewhere
and
2) it'll have multiple-include protection
(this whole "glibc is a separate project from the kernel, so we'll
duplicate header files" thing has its downsides).
kernel in general), <linux/wireless.h> includes <net/if.h> and you get
multiple-definition errors if you include <net/if.h> before it. Only
include <net/if.h> if you don't have <linux/wireless.h>.
than "the kernel doesn't support memory-mapped access to PF_PACKET
sockets", treat that as an error. If it fails for that reason, don't
leave gunk behind in the pcap_t's error buffer.
Clean up the error messages a bit (the result of strerror() suffices; we
don't need the numeric value of errno, nor do we need the file
descriptor number of the socket on which we're working).
before using that member.
Don't define variables if we aren't going to use them.
If we have an unknown tpacket version (this "can't happen"), return an
error.
pcap-linux: fix invalid rcvbuf size
Libpcap issues a SO_RCVBUF when the buffer size if unspecified (zero).
The intention is to set it when its *not* zero.
Similar to PACKET_AUXDATA for non-mmaped sockets, the VLAN TCI is
present in a new member of struct tpacket2_hdr. Use it to reconstruct
the VLAN header when necessary.
The tpacket_hdr is not clean for 64 bit kernel/32 bit userspace and
is not extendable because the struct sockaddr_ll following it is
expected at a fixed offset.
Linux 2.6.27-rc supports a new tpacket frame header that removes these
two limitations. Convert the mmap ring support to support both formats
and probe for availability of the new version.
VLAN packets sent over devices supporting VLAN tagging/stripping in
hardware don't have a VLAN header when they are received on packet
sockets. The VLAN TCI is available through the PACKET_AUXDATA cmsg,
reconstruct the entire header when necessary.
isn't up, so applications can report that differently from a generic
error (the latter could mean there's a bug somewhere in libpcap).
When capturing on a device without mmap on Linux, ignore ENETDOWN, so
that we can continue to capture traffic if the interface goes down and
comes back up again; comments in the kernel indicate that we'll just
block waiting for packets if we try to receive from a socket that
delivered ENETDOWN, and, if we're using a memory-mapped buffer, we won't
even get notified of "network down" events.
used to clean up after a failed pcap_activate() call. Convert the
existing close_op routines to cleanup_op routines, and use them to clean
up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
directly if there's no platform-dependent cleanup needed. That means we
don't have to write the same cleanup code twice (and possibly forget
stuff in the version done on a failed pcap_activate() call).
Have the cleanup routines do whatever is necessary to indicate that
cleanup has been done, and not do any particular cleaning up if it's
already been done (i.e., don't free something if the pointer to it is
null and null out the pointer once it's been freed, don't close an FD if
it's -1 and set it to -1 once it's been closed, etc.).
For device types/platforms where we don't support monitor mode, check
for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
checked whether we can open the device, so we return "no such device" or
"permission denied" rather than "that device doesn't support monitor
mode" if we can't open the device in the first place.
Fix a comment.
know that..."; currently, only pcap_activate() returns them, but we
might want some more warning returns for some other calls, such as the
ones that set filters. It's a little cleaner than "clear out the error
message buffer and, if it's not empty after a successful return, it has
a warning", and a little cleaner than spewing a warning to the standard
error (as that might not be visible to the user if they're running a GUI
application).
that often means "sorry, this platform requires you to run as root or to
somehow tweak the system to give you capture privileges", and
applications might want to explain that in a way that does a better job
of letting the user know what they have to do.
Try to return or PCAP_ERROR_PERM_DENIED for open errors, rather than
just returning PCAP_ERROR, so that the application can, if it chooses,
try to explain the error better (as those two errors are the ones that
don't mean "there's probably some obscure OS or libpcap problem", but
mean, instead, "you made an error" or "you need to get permission to
capture").
Check for monitor mode *after* checking whether the device exists in the
first place; a non-existent device doesn't support monitor mode, but
that's because it doesn't, well, exist, and the latter would be a more
meaningful error.
Have pcap_open_live() supply an error message for return values other
than PCAP_ERROR, PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED -
those all supply error strings (PCAP_ERROR because it's for various OS
problems that might require debugging, and the other two because there
might be multiple causes).
captures, set the socket buffer size to the value specified by
pcap_set_buffer_size() if a value was set.
Clean up if memory buffer allocation fails on Linux.
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
newline in them.
If we're in cooked mode, the packet pointer argument we pass to the callback
should point to the beginning of the constructed sll header, not to the
packet data itself. While we're at it, have a paranoid check to make
sure that we were given enough space to construct the sll header, so we
don't stomp on the tpacket header.
don't have PF_PACKET support; #ifdef it out.
Move the code to compute the buffer size into live_open_new() and
live_open_old(), as it's dependent on the mechanism being used; there's
little code shared between the two variants.
move it into pcap-sita.c, and make --with-sita set the pcap type to
"sita", so we build pcap-sita.c instead of, rather than in addition to,
pcap-linux.c.
Use "bpf_u_int32" rather than "ulong" in the SITA code, as it's intended
to be 32 bits long (the "l" in "htonl()" and "ntohl()" is historical -
they work on 32-bit quantities, and the "l" dates back to the days when
32-bit processors were a bit newer and 16-bit Unix was more common).
Those changes also, at least in theory, makes the SITA support work on
other Unix-compatible platforms; note that in README.sita.
Clean up pcap-sita.c, making routines no longer called outside it
static, folding trivial wrappers, and fixing various warnings.
Put the routines used by fad-sita.c and defined by pcap-sita.c into
pcap-sita.h. Remove from pcap-sita.h the files that are now static to
pcap-sita.c. Include pcap-sita.h in both fad-sita.c and pcap-sita.c, so
that we do cross-file prototype checking.