The USB pseudo-header in DLT_USB_LINUX captures is in the host
byte order for the machine on which the capture was done. When
reading a capture file, convert the pseudo-header to the host
byte order of the host on which the file is being read.
There's a 64-bit quantity in that pseudo-header; move the 64-bit
byte-swap macro from the DAG code to pcap-int.h for use by other
code.
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
that require it, and make pcap_fddipad private to the code generator, as
that's the only place that needs it (ideally, all *its* state should be
local as well). This makes opening an FDDI device, on platforms where
the padding is supplied as part of the packet, and opening other types
of devices or opening savefiles in the same program work better, as you
don't have to be sure you compile the filter for a given pcap_t before
opening the next pcap_t.
"snprintf()", include one in libpcap with the name "pcap_snprintf()", so
applications don't have to supply their own "snprintf()" on those
platforms in order to use libpcap.
Added support for nonblocking operation.
Added support for processing more than a single packet in
pcap_dispatch().
Fixed bug in loss counter code.
Improved portability of loss counter code (e.g. use UINT_MAX
instead of 0xffff).
Removed unused local variables.
Added required headers (ctype.h, limits.h, unistd.h,
netinet/in.h).
Changed semantics to match those of standard pcap on linux.
- packets rejected by the filter are not counted.
caplen and len fields in the pre-2.3 order).
Move the version number checking to the open-file code; store a
tri-state (definitely swapped, definitely not swapped, maybe swapped)
value in the savefile information and use that when processing packets.
reading packets from a pcap_t, and make "pcap_read()" call it. That
removes the last place where we have to check for a pcap_t that refers
to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it,
rather than being a per-platform function. The per-platform functions
don't need to check for an offline capture any more, as they're not
called for an offline capture (and the ones that just call
"install_bpf_program()" don't need to exist at all).
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather
than being a per-platform function; have stats routines for non-live
pcap_t's that return an error.
the platform-dependent part of closing a pcap_t (and the
live-vs-savefile part as well, so that function must close the file
descriptor and free up any buffers allocated).
In the Digital UNIX support, add in a check for a memory allocation
failure.
argument to "pcap_open_live()" a "const" pointer.
Constify some additional device name arguments, and update the man page
to reflect some arguments that were already consts.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to support it on BPF
systems lacking BIOCGDLTLIST and other platforms lacking an equivalent
feature.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
Add APIs to map DLT names to DLT values and vice versa.
source files, rather than having a pile of #ifdefs in "inet.c". Add
code to the configure script to determine which implementation to use on
the platform for which libpcap is being built.
Add a "pcap_findalldevs()" implementation for Solaris 8 and later that
handles IPv6 addresses.
compiled on a system that doesn't have it, it'll use it on systems that
do have it.
On systems with MSG_TRUNC support (i.e., 2.2 and later kernels), there's
no need to read in the entire packet in order to find out how large it
is, so just allocate a buffer big enough for a snapshot length's worth
of data, and just read that much data.
There's no need for a "readlen" member of the "pcap_md" structure, as
the byte count to "recvfrom()" is just the "bufsize" member of the
"pcap_t" structure.
live captures with a "cooked" (SOCK_DGRAM) rather than a "raw"
(SOCK_RAW) PF_PACKET socket; it includes a bunch of the fields from the
"struct sockaddr_ll" you get in a "recvfrom()", including the Ethernet
protocol field.
This requires us to rewrite the BPF program if we're stuffing it into
the kernel; as long as we're doing *ex post facto* rewriting, we might
as well also do the "ret <snaplen>" -> "ret 65535" fixup there as well,
rather than in the code generator.
remember which pcap_t's were opened (with SOCK_PACKET) in promiscuous
mode on interfaces not already in promiscuous mode, turn promiscuous
mode off when closing such a pcap_t, and arrange that, when the program
exits, all pcap_t's of that sort not already closed have their
interfaces taken out of promiscuous mode. (It's not sufficient to do
this on exit - applications may close a pcap_t without exiting, e.g.
Ethereal.)
This won't always work right (if somebody else requests promiscuous mode
after it's opened by libpcap, we'll turn promiscuous mode off when we
close the pcap_t, and if the program doesn't exit cleanly, it won't
clean up the interfaces), but neither of those problems are fixable -
the only way to get things to work correctly is to use PF_PACKET
sockets, which requires a 2.2 or later kernel.
On a 2.0[.x] kernel, when doing a "recvfrom()" on a SOCK_PACKET socket
to read a captured packet, don't pass a byte count value based on the
snapshot length - "recvfrom()" won't return the actual packet length if
you do that. (2.2 and later kernels will return the actual packet
length if MSG_TRUNC is passed in.)
guy