new 2.2-or-later kernel, with PF_PACKET sockets including SOL_PACKET,
but with an older version of the C library whose headers don't define
SOL_PACKET.
On those systems, define SOL_PACKET to have the value it has in the
2.2.0 kernel; this means we can get rid of the "#ifdef
SOL_PACKET"/#endif stuff wrapped around the code to turn promiscuous
mode on or off (we don't want that #ifdeffed out, as if it's absent we
won't pay attention to the "promiscuous mode" flag argument to
"pcap_open_live()").
section - the other section gets stuck in the middle of "main()", and,
although GCC lets you define functions inside functions, other C
compilers don't.
Pick a name more likely to be unique to use as the iterator variable in
AC_LBL_C_INLINE.
Make AC_LBL_C_INLINE print "no" rather than "not supported" if inline
isn't supported, to match what AC_C_INLINE does.
return a structure pointer. Check whether the C compiler can handle
inline functions that return a structure pointer, not whether they can
handle inline functions that return an int, as at least some versions of
autoconf's AC_C_INLINE do.
Mention the "README.{system}" files.
Supply all the URLs for the 1993 Winter USENIX paper, including those on
tcpdump.org.
Give all the names DEC OSF/1 has gone through in its life.
Mention that Linux, in 2.2 and later kernels, has a filter mechanism
that supports BPF.
Mention the SourceForge site.
"pcap_dispatch()", giving the members of a "struct pcap_pkthdr", and
specifying which of those arguments are "const" pointers.
Describe the return value of "pcap_loop()".
capture device having only an RFC 2625 Network_Header field, not a Fibre
Channel frame header; rename the constants to emphasize this and to
leave room for another "raw Fibre Channel" link-layer type, if it's ever
needed.
#ifdef __cplusplus
extern "C" {
#endif
and change
#if __STDC__
to
#if __STDC__ || defined(__cplusplus)
around the non-kernel function prototypes, so they work right when
compiling with C++.
those that always use 802.2;
those that never use 802.2;
Ethernet (where 802.2 is used for 802.3 and is not used for
Ethernet II);
correctly. This requires having two variables for the offset of the
network layer header, one for use with protocols that would not run atop
802.2 on Ethernet and would run atop 802.2+SNAP on link layers that
always use 802.2, and one for use with protosol that would run atop
raw 802.2 (no SNAP) on Ethernet and on link layers that always use
802.2.
Fix the network layer offset for 802.11, and the link-layer offset for
RFC 1483 ATM (there's no link layer, there's just 802.2 LLC).
"struct rtentry" (in <net/if.h> on some systems, e.g. Digital UNIX 4.0,
there are prototypes for kernel functions that include "struct mbuf *"
and "struct rtentry *" arguments, and they are included even if you're
just user-mode code).
We don't need to include <netinet/if_ether.h> unless we have
"ether_hostton()", and we don't need to include <net/if.h> unless we're
including <netinet/if_ether.h>, and we don't need to define "struct
mbuf" or "struct rtentry" unless we're including <net/if.h>.
"struct rtentry" (in <net/if.h> on some systems, e.g. Digital UNIX 4.0,
there are prototypes for kernel functions that include "struct mbuf *"
and "struct rtentry *" arguments, and they are included even if you're
just user-mode code).
define a structure used by <pcap-namedb.h>, and include <sys/socket.h>
before <netdb.h>, as <sys/socket.h> is included to define a structure
used by <netdb.h> (only a pointer to the first structure is used in
<pcap-namedb.h>, and only a pointer to the second structure is used by
<netdb.h>, so code will compile no matter which order you include them
in, but it's a bit cleaner to include <sys/socket.h> before <netdb.h>
and to include <netdb.h> before <pcap-namedb.h>). Indicate why we're
including <netdb.h> and <sys/socket.h>.
define a structure used by <pcap-namedb.h> (only a pointer to the
structure is used in <pcap-namedb.h>, so code will compile no matter
which order you include them in, but it's a bit cleaner to include
<netdb.h> first). Indicate why we're including <netdb.h>.
snoopheader" is a "struct irix5_timeval" rather than a "struct timeval",
by copying the "tv_sec" and "tv_usec" members of that structure to the
time stamp in a "struct pcap_hdr".
read packets is "p->bufsize" bytes long, not MAXDLBUF bytes long
("p->bufsize" is set to (MAXDLBUF * sizeof sizeof(bpf_u_int32))), so
supply that as the "maxlen" value in the "data" argument to "getmsg()".
"struct timeval" - on Solaris 7 and 8, when compiling in LP64 or I32LPx
mode, it's a "struct timeval32" (presumably so that bufmod doesn't have
to worry about whether the stream is being read by a 32-bit program or a
64-bit program). Set the "struct timeval" "pkthdr.ts" by copying the
individual members rather than by doing a structure assignment.
1. During termination processing set up by atexit() under a 2.0.x
kernel, if a socket had been previously closed and the handle freed
due to an error, pcap_close_all() and pcap_close_linux() would
nevertheless try to work with these structures and then crash.
pcap_close_linux() is now called directly when necessary during
error processing.
2. atexit() could get called more than once because the did_atexit
flag wasn't being set.
3. If iface_get_arptype() returns an error because the ioctl() call
failed (probably due to "no such device"), live_open_new() now
returns a fatal error to pcap_open_live() and the call to
live_open_old() is short-circuited.
4. Applications using libpcap would appear to listen on an interface
that was down.
a. iface_bind() and iface_bind_old() now check for pending errors
after bind(). In turn, pcap_open_live() now returns an error
status if there was a pending error after bind().
b. After draining the socket, set_kernel_filter() now checks to see
if the error was the expected EAGAIN and returns a fatal error
to pcap_setfilter() if not. In turn, pcap_setfilter() now
returns an error status if there was a network error.
5. pcap_setfilter() was putting an error message into errbuf after a
failed call to install_bpf_program(). This was unnecessary since
install_bpf_program() puts its own error message into errbuf.
return DLT_LINUX_SLL or not, and, if that flag is false, for those
interface types where we'd used DLT_LINUX_SLL, pick a DLT_ type that
works as well as possible in raw mode, or fail.
Pass 1 as that flag if we're using a PF_PACKET socket; pass 0 as that
flag if we're using a PF_INET/SOCK_PACKET socket.
For PF_INET/SOCK_PACKET sockets, try to get the link-layer type and map
it to a DLT_ value *before* turning promiscuous mode on, so that we
don't try to put the interface into promiscuous mode unless we know we
can handle its link-layer type (and thus that we can use the interface).
ARPHRD_IEEE80211_PRISM, for sniffing on Prism II-based 802.11 interfaces
and getting the special Prism header, so we should map it to
DLT_PRISM_HEADER.
guy