isn't up, so applications can report that differently from a generic
error (the latter could mean there's a bug somewhere in libpcap).
When capturing on a device without mmap on Linux, ignore ENETDOWN, so
that we can continue to capture traffic if the interface goes down and
comes back up again; comments in the kernel indicate that we'll just
block waiting for packets if we try to receive from a socket that
delivered ENETDOWN, and, if we're using a memory-mapped buffer, we won't
even get notified of "network down" events.
check in the generated version, and don't put it into the distribution.
Fix a bunch of references to tcpdump-workers@tcpdump.org to refer to the
new address, tcpdump-workers@lists.tcpdump.org.
Fix a reference to the pcap man page from the pcap-filter(4) man page.
Note that patches should be submitted on the SourceForge site, not sent
to the spam-trap patches@tcpdump.org list.
library has to be freed by the library, as an application or other
library using that library might have been built with a different
version of the C runtime library.
know that..."; currently, only pcap_activate() returns them, but we
might want some more warning returns for some other calls, such as the
ones that set filters. It's a little cleaner than "clear out the error
message buffer and, if it's not empty after a successful return, it has
a warning", and a little cleaner than spewing a warning to the standard
error (as that might not be visible to the user if they're running a GUI
application).
that often means "sorry, this platform requires you to run as root or to
somehow tweak the system to give you capture privileges", and
applications might want to explain that in a way that does a better job
of letting the user know what they have to do.
Try to return or PCAP_ERROR_PERM_DENIED for open errors, rather than
just returning PCAP_ERROR, so that the application can, if it chooses,
try to explain the error better (as those two errors are the ones that
don't mean "there's probably some obscure OS or libpcap problem", but
mean, instead, "you made an error" or "you need to get permission to
capture").
Check for monitor mode *after* checking whether the device exists in the
first place; a non-existent device doesn't support monitor mode, but
that's because it doesn't, well, exist, and the latter would be a more
meaningful error.
Have pcap_open_live() supply an error message for return values other
than PCAP_ERROR, PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED -
those all supply error strings (PCAP_ERROR because it's for various OS
problems that might require debugging, and the other two because there
might be multiple causes).
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
Add some additional checks to bpf_validate(), from OpenBSD.
Use bpf_validate() in install_bpf_program(), so we validate programs
even when they're being processed by userland filters; we make
bpf_validate() not reject backward branches, as we use them for the
protochain operator.
For BPF, don't assume that, just because no_optimize was set, we have a
program that we can't hand to the kernel; the user of the application
might have specified no optimization (e.g., tcpdump with -O), or we
might have generated code to handle 802.11 headers (the optimizer can't
handle that code). Instead, try handing the filter to the kernel and,
if that fails, try it in userland.
Get rid of BPF_MAXINSNS - we don't have a limit on program size in
libpcap.
field in a capture file into:
a 16-bit link-layer type field (it's 16 bits in pcap-NG, and
that'll probably be enough for the foreseeable future);
a 10-bit "class" field, indicating the group of link-layer type
values to which the link-layer type belongs - class 0 is for
regular DLT_ values, and class 0x224 grandfathers in the NetBSD
"raw address family" link-layer types;
a 6-bit "extension" field, storing information about the
capture, such an indication of whether the packets include an
FCS and, if so, how many bytes of FCS are present.
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
source directory and the target include directory, and have include
files at the top-level directory to include those headers, for backwards
compatibility.
Update the FILES and INSTALL.txt files to reflect current reality.