know that..."; currently, only pcap_activate() returns them, but we
might want some more warning returns for some other calls, such as the
ones that set filters. It's a little cleaner than "clear out the error
message buffer and, if it's not empty after a successful return, it has
a warning", and a little cleaner than spewing a warning to the standard
error (as that might not be visible to the user if they're running a GUI
application).
that often means "sorry, this platform requires you to run as root or to
somehow tweak the system to give you capture privileges", and
applications might want to explain that in a way that does a better job
of letting the user know what they have to do.
Try to return or PCAP_ERROR_PERM_DENIED for open errors, rather than
just returning PCAP_ERROR, so that the application can, if it chooses,
try to explain the error better (as those two errors are the ones that
don't mean "there's probably some obscure OS or libpcap problem", but
mean, instead, "you made an error" or "you need to get permission to
capture").
Check for monitor mode *after* checking whether the device exists in the
first place; a non-existent device doesn't support monitor mode, but
that's because it doesn't, well, exist, and the latter would be a more
meaningful error.
Have pcap_open_live() supply an error message for return values other
than PCAP_ERROR, PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED -
those all supply error strings (PCAP_ERROR because it's for various OS
problems that might require debugging, and the other two because there
might be multiple causes).
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
so that it's not EBUSY if we didn't get an EBUSY in a
DL_ERROR_ACK/DL_SYSERR reply, and our checks for EBUSY only catch that
case.
If we *did* get EBUSY on all the SAPs we tried, supply an error.
Make "dl_dohpuxbind()" always return a value, so we don't fall off the
end and return an error indication by accident.
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
on HP-UX, just keep trying different SAPs until we find one that doesn't
return EBUSY, as attempting to use a SAP that some other descriptor is
already bound to returns EBUSY.
fix a comment;
fix references to the send-side file descriptor in
"pcap_open_live()";
"dlrawdatareq()"s caller reports the error - we just return what
"putmsg()" returns, so the caller knows whether there was an
error.
counts work similarly to the way they work in BPF and 2.4 and later
Linux (and so that we don't run the risk of the dropped packet count
being bigger than the received packet count, which can result in dropped
packet percentages > 100).
because neither of them exist, just report that there was no DLPI device
found for "{if}N", so people don't think that they need to fix libpcap
(or the program using it) to look somewhere else for the device - the
problem is probably that they're trying to capture on a loopback device
and the lack of any DLPI device is just a symptom of the fact that the
loopback device, at least on Solaris, appears not to support DLPI and
thus isn't supported by libpcap....
devices, offer DLT_DOCSIS as one of the choices of link-layer type, and
support setting that type as meaning just "set libpcap's notion of the
link-layer type to DLT_DOCSIS" without telling the driver to use
DLT_DOCSIS.
reading packets from a pcap_t, and make "pcap_read()" call it. That
removes the last place where we have to check for a pcap_t that refers
to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it,
rather than being a per-platform function. The per-platform functions
don't need to check for an offline capture any more, as they're not
called for an offline capture (and the ones that just call
"install_bpf_program()" don't need to exist at all).
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather
than being a per-platform function; have stats routines for non-live
pcap_t's that return an error.
the platform-dependent part of closing a pcap_t (and the
live-vs-savefile part as well, so that function must close the file
descriptor and free up any buffers allocated).
In the Digital UNIX support, add in a check for a memory allocation
failure.
probably true in all versions), "sbh_drops" is "the cumulative number of
input messages that this instance of bufmod has dropped due to flow
control or resource exhaustion."
"Cumulative" presumably means "don't add it to the count of drops, as
it's *already* a count since the capture started; just set the count of
drops to the value". Do so.
chunk we ask bufmod to send upstream.
Yes, uint_t is always 32 bits, at least as I read the Solaris 8 code.
The chunk size is 8192, not 0, by default.
Don't do the chunk size stuff if we don't have bufmod.
673958, make two changes on Solaris:
don't set SB_NO_DROPS - doing so means that bufmod doesn't drop
packets, so it can't report the number of drops, but packets
probably still get dropped *somewhere*, if for no other reason
than that the system refuses to allocate more mblks/dblks, even
if it doesn't discard messages that arrive at the stream head if
it's full;
set the chunk size to 65536, as otherwise packets are dropped
too easily.
snoop also appears not to set SB_NO_DROPS and also appears to set the
chunk size to 65536, so that's probably the right thing to do.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to support it on BPF
systems lacking BIOCGDLTLIST and other platforms lacking an equivalent
feature.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
Add APIs to map DLT names to DLT values and vice versa.
read packets is "p->bufsize" bytes long, not MAXDLBUF bytes long
("p->bufsize" is set to (MAXDLBUF * sizeof sizeof(bpf_u_int32))), so
supply that as the "maxlen" value in the "data" argument to "getmsg()".
"struct timeval" - on Solaris 7 and 8, when compiling in LP64 or I32LPx
mode, it's a "struct timeval32" (presumably so that bufmod doesn't have
to worry about whether the stream is being read by a 32-bit program or a
64-bit program). Set the "struct timeval" "pkthdr.ts" by copying the
individual members rather than by doing a structure assignment.