to 1.0, might as well go with the place where Red Hat stuck the header
at one point and where the header "officially" resides.
(We should put a "backwards compatibility" note into pcap.3pcap.)
functions plus an overall man page for libpcap, and put them all into
section 3PCAP. That means you can actually do "man pcap_open_live" and
get something meaningful, rather than having to do "man pcap" and then
scroll through all the other stuff in the man page.
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5.
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
newline in them.
If we're in cooked mode, the packet pointer argument we pass to the callback
should point to the beginning of the constructed sll header, not to the
packet data itself. While we're at it, have a paranoid check to make
sure that we were given enough space to construct the sll header, so we
don't stomp on the tpacket header.
Note that a value of 0 for the "cnt" argument to pcap_dispatch() or
pcap_loop() is now the same as a value of -1 - and that it used to be
undefined what it meant, and that it behaved differently on different
platforms, so any application that needs to work on older versions of
libpcap should use -1, not 0. (We also explicitly say that -1 should be
used, rather than saying that a negative value should be used, as some
platforms checked explicitly for -1.)
no_optimize - we check, instead, whether the kernel rejected the
program).
Move the initialization of the bpf_dltlist structure right before its
first use.
don't have PF_PACKET support; #ifdef it out.
Move the code to compute the buffer size into live_open_new() and
live_open_old(), as it's dependent on the mechanism being used; there's
little code shared between the two variants.
the tcpdump manual page, so that documentation for other applications
using libpcap can refer to it.
Update pcap(3) to refer to it - and not to suggest sending patches to
patches@tcpdump.org, which is a spam magnet that's no longer read by
anybody.
move it into pcap-sita.c, and make --with-sita set the pcap type to
"sita", so we build pcap-sita.c instead of, rather than in addition to,
pcap-linux.c.
Use "bpf_u_int32" rather than "ulong" in the SITA code, as it's intended
to be 32 bits long (the "l" in "htonl()" and "ntohl()" is historical -
they work on 32-bit quantities, and the "l" dates back to the days when
32-bit processors were a bit newer and 16-bit Unix was more common).
Those changes also, at least in theory, makes the SITA support work on
other Unix-compatible platforms; note that in README.sita.
Clean up pcap-sita.c, making routines no longer called outside it
static, folding trivial wrappers, and fixing various warnings.
Put the routines used by fad-sita.c and defined by pcap-sita.c into
pcap-sita.h. Remove from pcap-sita.h the files that are now static to
pcap-sita.c. Include pcap-sita.h in both fad-sita.c and pcap-sita.c, so
that we do cross-file prototype checking.
Add some additional checks to bpf_validate(), from OpenBSD.
Use bpf_validate() in install_bpf_program(), so we validate programs
even when they're being processed by userland filters; we make
bpf_validate() not reject backward branches, as we use them for the
protochain operator.
For BPF, don't assume that, just because no_optimize was set, we have a
program that we can't hand to the kernel; the user of the application
might have specified no optimization (e.g., tcpdump with -O), or we
might have generated code to handle 802.11 headers (the optimizer can't
handle that code). Instead, try handing the filter to the kernel and,
if that fails, try it in userland.
Get rid of BPF_MAXINSNS - we don't have a limit on program size in
libpcap.
to users of pcap_file() that the resulting FILE * might refer to a file
> 2GB and a suggestion that they use large-file-capable calls on it or
on the result of passing it to fileno() if at all possible.
some versions that support those options don't support disabling yyunput
by defining YY_NO_UNPUT.
If it doesn't support those options, don't check if it supports
generating reentrant scanners, as we can't add any --noFUNCTION options
to suppress generation of functions.
guy