Redo some if statements to make it clearer which branch handles the
zerocopy case and which branch handles the non-zerocopy case.
Support setting the buffer size for zerocopy BPF.
equivalent to strdup(str); use that, so people don't freak out upon
seeing a strcpy() call that, out of context, looks as if it's not
buffer-overflow-safe.
before using that member.
Don't define variables if we aren't going to use them.
If we have an unknown tpacket version (this "can't happen"), return an
error.
pcap-linux: fix invalid rcvbuf size
Libpcap issues a SO_RCVBUF when the buffer size if unspecified (zero).
The intention is to set it when its *not* zero.
Similar to PACKET_AUXDATA for non-mmaped sockets, the VLAN TCI is
present in a new member of struct tpacket2_hdr. Use it to reconstruct
the VLAN header when necessary.
The tpacket_hdr is not clean for 64 bit kernel/32 bit userspace and
is not extendable because the struct sockaddr_ll following it is
expected at a fixed offset.
Linux 2.6.27-rc supports a new tpacket frame header that removes these
two limitations. Convert the mmap ring support to support both formats
and probe for availability of the new version.
VLAN packets sent over devices supporting VLAN tagging/stripping in
hardware don't have a VLAN header when they are received on packet
sockets. The VLAN TCI is available through the PACKET_AUXDATA cmsg,
reconstruct the entire header when necessary.
isn't up, so applications can report that differently from a generic
error (the latter could mean there's a bug somewhere in libpcap).
When capturing on a device without mmap on Linux, ignore ENETDOWN, so
that we can continue to capture traffic if the interface goes down and
comes back up again; comments in the kernel indicate that we'll just
block waiting for packets if we try to receive from a socket that
delivered ENETDOWN, and, if we're using a memory-mapped buffer, we won't
even get notified of "network down" events.
check in the generated version, and don't put it into the distribution.
Fix a bunch of references to tcpdump-workers@tcpdump.org to refer to the
new address, tcpdump-workers@lists.tcpdump.org.
Fix a reference to the pcap man page from the pcap-filter(4) man page.
Note that patches should be submitted on the SourceForge site, not sent
to the spam-trap patches@tcpdump.org list.
for it, for Mac OS X 10.4 and later. (The script could be useful for
BPF-based systems that don't use devfs as well.) We're not installing it
at this point; that might happen later.
Update HDR in Makefile.in to include all headers.
Add pcap_activate.3pcap to the list of man pages in the 3PCAP section.
Add an EXTRA_DIST variable to include all the files that should go into
the tarball and that aren't in CSRC, HDR, MAN3PCAP, or MAN4.
Use CSRC, HDR, MAN3PCAP, MAN4, and EXTRA_DIST to determine what goes
into the tarball, rather than doing a "make distclean" and putting
everything into the tarball; that way, you can do "make releasetar"
without cleaning out the current directory.
Given that we're not just tarring up the entire source directory, we can
make the tarball directory as a subdirectory of the current directory and
put the tarball into the current directory, rather than putting it into
a (not-entirely-obvious) ../n directory. Clean out the tarball
directory when we're done.
library has to be freed by the library, as an application or other
library using that library might have been built with a different
version of the C runtime library.
the new pcap_create/pcap_activate model, use pcap->opt.source rather
than pcap->md.device in the activate routine (pcap->md.device isn't
set), don't free the pcap_t if the activate routine fails, fix the
error return code paths not to set handle_to_device, fix references to
pcap_close_dos() to refer to pcap_cleanup_dos() as we renamed the
routine.
used to clean up after a failed pcap_activate() call. Convert the
existing close_op routines to cleanup_op routines, and use them to clean
up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
directly if there's no platform-dependent cleanup needed. That means we
don't have to write the same cleanup code twice (and possibly forget
stuff in the version done on a failed pcap_activate() call).
Have the cleanup routines do whatever is necessary to indicate that
cleanup has been done, and not do any particular cleaning up if it's
already been done (i.e., don't free something if the pointer to it is
null and null out the pointer once it's been freed, don't close an FD if
it's -1 and set it to -1 once it's been closed, etc.).
For device types/platforms where we don't support monitor mode, check
for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
checked whether we can open the device, so we return "no such device" or
"permission denied" rather than "that device doesn't support monitor
mode" if we can't open the device in the first place.
Fix a comment.
guy