if it does, use that for the pf definitions;
if it doesn't, don't compile in pf support;
as both OpenBSD and FreeBSD have changed the pf definitions and header
format without changing the DLT value, so you can't reliably read
pflog-format libpcap files on a machine running an OS version other than
the one on which the file was generated.
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
types. Modified to add ieee80211.h from FreeBSD, rather than depending
on the OS supplying the header, and to support all 802.11 radio header
types.
Clean up some link-layer type checks and the messages for failing those
checks.
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for backwards
compatibility.
Update the FILES and INSTALL.txt files to reflect current reality.
packets (based on the Ethernet type). "pppoes" has the side-effect that
subsequent filter expressions will test the PPP header and headers
in the PPP payload, not the link-layer header and headers in the
link-layer payload.
including those with fixed-length radio headers (it already refers to
the 802.11 header for radiotap).
Add a new "radio" keyword, to allow access to the radio header. In
theory, something to allow testing for specific signal strengths, etc.
might be useful, but radiotap makes that difficult as the code can't
loop through the header looking for the signal strength field, the loop
has to be unrolled, and some of the other headers might not have
standardized the meaning of some of the fields, so we require the user
to construct such a filter themselves, for now.
value arguments are to other routines. Do the same with the value
argument to "gen_atmfield_code()".
"gen_load_a()" can return more than one statement; append to the list of
statements it returns with "sappend()", rather than manually appending
to the first statement.
Fix the argument list to one "gen_ncmp()" call, and get rid of the casts
in the other calls, as the arguments already have the right types.
Fix the casts in calls to "gen_atmfield_code()".
file that defines MASK, so when compiling the lexical analyzer, if INET6
is defined you get a redefinition warning. Use NETMASK rather than MASK
for the token "mask".
of packet headers so that, in all expressions after it, the tests assume
LANE encapsulation of packets. (We also assume the emulated LAN is an
Ethernet LAN, rather than a Token Ring LAN.)
Allow ATM tests to be combined with non-ATM tests in expressions, so
that you can do, for example, "lane and icmp".
each source file, only the headers that file needs, and all the headers
it needs in order to compile on various platforms and not to get any
avoidable compiler warnings on those platforms (as well as any
incomplete structure definitions needed to avoid those warnings).
That also means that <pcap.h> doesn't include <pcap-stdinc.h> on UNIX;
we don't want it to include <pcap-stdinc.h>, at least on UNIX, as doing
so
1) would mean we'd have to install that, so that programs can
build with libpcap
and
2) would mean that programs including <pcap.h> would drag in a
bunch of header files that they don't need.
Put a newline at the end of "inet.c" - the Sun C compiler doesn't like
it if the last line doesn't end with a newline.
<Miklos.Szeredi@eth.ericsson.se> - "pcap_ether_aton()" allocates memory
for the MAC address, but we don't free it when we're done with it.
Code inspection revealed that there's a similar problem with
"pcap_ether_hostton()"; fix that as well.
for "Novell 802.3" frames, which are 802.3 frames (i.e., the type/length
field is a length field, i.e. it's <= ETHERMTU) with 0xFFFF as the first
2 bytes. We don't yet check for ETHERTYPE_IPX as well.
When checking for OSI packets on Linux cooked captures, check for 802.2
frames by testing the packet type for LINUX_SLL_P_802_2 rather than by
checking whether the type field is <= ETHERMTU (it's always a type field
in DLT_LINUX_SLL captures).
Ring, and RFC 1483-style ATM, as well as on Ethernet.
Support checking for LLC SAP protocols other than OSI protocols on
Ethernet - for now, we check only the DSAP on those, rather than
checking both the DSAP and SSAP as we do for OSI, as I think, in some
cases, the SSAP isn't the same as the DSAP.
When generating protocol type checks on link-layer types with no type
field, where packets are always IP (SLIP, BSD/OS SLIP, raw IP), generate
a "test" that always succeeds if the protocol being checked for is IP or
IPv6 and a "test" that always fails otherwise. (We originally did
"gen_true()" if the protocol is IP, and bogusly generated code to check
the field at an offset of -1 otherwise; a subsequent change caused us
always to do "gen_true()", but that doesn't properly handle attempts to
check for other protocols - those attempts should generate code that
always fails, meaning that if you try to look for ARP packets in such a
capture the BPF compiler will return "expression rejects all packets" as
an error - and still generated extra code not all of which was removed
by the optimizer. The current code generates no *more* BPF code.)
Add "stp", which checks for the LLC SAP for the Spanning Tree Protocol.
#5228, to correctly check for Appletalk for EtherTalk phase II - they
use 802.3 with LLC SNAP packets, rather than D/I/X Ethernet packets.
His patch made "atalk" check for Appletalk ARP as well as other
Appletalk packets; I've instead added a separate "aarp" packet type,
leaving "atalk" checking only for ETHERTYPE_ATALK, so you can check for
ETHERTYPE_ATALK, ETHERTYPE_AARP, or both.
letting you filter based on the VLAN to which a packet belongs, and an
improvement to the printing of VLAN packets (adding an extra space to
separate the VLAN priority and flags from the next stuff printed).
"linux-includes/netinet/if_ether.h" to "ethertype.h", and remove
includes of <netinet/if_ether.h> from files that only include it to get
ETHERTYPE_ values defined.
./configure --enable-ipv6 (requires getaddrinfo(3) and getnameinfo(3)).
TODO: make it work even without getaddrinfo(3) or getnameinfo(3)
(or, tcpdump/configure.in should provide alternative version by
AC_REPLACE_FUNCS)
TODO: make IPv6 filtering code work by default
TODO: make "protochain" friendly with optimization