caplen and len fields in the pre-2.3 order).
Move the version number checking to the open-file code; store a
tri-state (definitely swapped, definitely not swapped, maybe swapped)
value in the savefile information and use that when processing packets.
reading packets from a pcap_t, and make "pcap_read()" call it. That
removes the last place where we have to check for a pcap_t that refers
to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it,
rather than being a per-platform function. The per-platform functions
don't need to check for an offline capture any more, as they're not
called for an offline capture (and the ones that just call
"install_bpf_program()" don't need to exist at all).
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather
than being a per-platform function; have stats routines for non-live
pcap_t's that return an error.
the platform-dependent part of closing a pcap_t (and the
live-vs-savefile part as well, so that function must close the file
descriptor and free up any buffers allocated).
In the Digital UNIX support, add in a check for a memory allocation
failure.
which supplies different headers from BSD ARCNET, and fixes to the
ARCNET code generator (the protocol ID field is 1 byte, so the values
for it shouldn't be byte-swapped).
Whitespace cleanups.
The "NetBSD-style" ARCNET headers are used in other BSDs as well, so
just call them "BSD-style".
supplied by Linux's ARCNET code aren't the same as the ones supplied by
NetBSD's ARCNET code.
Fix up some LINKTYPE_ values to match the corresponding DLT_ values.
(There is no released version of libpcap/tcpdump that supports their
previous values.)
unfortunately, we can't fix "pcap_dump()" and "pcap_dump_close()" to do
that, as any application that tests the return value would fail to work
correctly if linked at runtime with an older libpcap, but we should
perhaps introduce "pcap_dump_ex()" and "pcap_dump_close_ex()" routines
that do return a success-vs-vailure indication.
capture device having only an RFC 2625 Network_Header field, not a Fibre
Channel frame header; rename the constants to emphasize this and to
leave room for another "raw Fibre Channel" link-layer type, if it's ever
needed.
reserved for future use; they're being used.
Move other currently-being-used LINKTYPE_ values above the "reserved for
future use" comment, to make it clear which types are reserved and which
are already in use.
Note that 100 through 103 shouldn't be used for new DLT_ types.
live captures with a "cooked" (SOCK_DGRAM) rather than a "raw"
(SOCK_RAW) PF_PACKET socket; it includes a bunch of the fields from the
"struct sockaddr_ll" you get in a "recvfrom()", including the Ethernet
protocol field.
This requires us to rewrite the BPF program if we're stuffing it into
the kernel; as long as we're doing *ex post facto* rewriting, we might
as well also do the "ret <snaplen>" -> "ret 65535" fixup there as well,
rather than in the code generator.
guy