Merge branch 'master' of git://bpf.tcpdump.org/libpcap

Conflicts: pcap/bpf.h Signed-off-by: Patrick McHardy <kaber@trash.net>
Interface IDs are 0-origin.
2011-01-10 14:44:29 +01:00 · 2010-12-28 13:15:26 -08:00 · 2010-11-30 16:42:35 -08:00 · 2010-11-30 16:37:51 -08:00 · 2010-11-30 16:06:14 -08:00 · 2010-11-30 15:52:45 -08:00
179 changed files with 41961 additions and 11712 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1,11 +1,26 @@
+*.so
+*.sl
+*.dylib
 config.log
 config.cache
 config.status
 config.h
 .devel
+pcap-config
+pcap-filter.manmisc
+pcap-linktype.manmisc
+pcap-savefile.manfile
+pcap.3pcap
+pcap_compile.3pcap
+pcap_datalink.3pcap
+pcap_dump_open.3pcap
+pcap_list_datalinks.3pcap
+pcap_open_dead.3pcap
+pcap_open_offline.3pcap
 stamp-h
 stamp-h.in
 Makefile
+scanner.h
 scanner.c
 grammar.c
 tokdefs.h
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,38 @@
+Makefile
+*~
+*.o
+bpf_filter.c
+config.h
+config.log
+config.cache
+config.status
+.devel
+filtertest
+findalldevstest
+grammar.c
+libpcap.a
+libpcap.*.dylib
+libpcap.sl
+libpcap.so.*
+libpcap-*.tar.gz
+net
+pcap-config
+pcap-filter.manmisc
+pcap-linktype.manmisc
+pcap-savefile.manfile
+pcap-tstamp.manmisc
+pcap.3pcap
+pcap_compile.3pcap
+pcap_datalink.3pcap
+pcap_dump_open.3pcap
+pcap_list_datalinks.3pcap
+pcap_list_tstamp_types.3pcap
+pcap_open_dead.3pcap
+pcap_open_offline.3pcap
+pcap_set_tstamp_type.3pcap
+scanner.c
+scanner.h
+selpolltest
+tokdefs.h
+version.c
+version.h
--- a/237
+++ b/237
@ -1,11 +1,234 @@
-@(#) $Header: /tcpdump/master/libpcap/CHANGES,v 1.59 2004-03-30 14:42:50 mcr Exp $ (LBL)
+Fri.    August 6, 2010.  guy@alum.mit.edu.
+Summary for 1.1.2 libpcap release
+	Return DLT_ values, not raw LINKTYPE_ values from
+	  pcap_datalink() when reading pcap-ng files
+	Add support for "wlan ra" and "wlan ta", to check the RA and TA
+	  of WLAN frames that have them
+	Don't crash if "wlan addr{1,2,3,4}" are used without 802.11
+	  headers
+	Do filtering on USB and Bluetooth capturing
+	On FreeBSD/SPARC64, use -fPIC - it's apparently necessary
+	Check for valid port numbers (fit in a 16-bit unsigned field) in
+	  "port" filters
+	Reject attempts to put savefiles into non-blocking mode
+	Check for "no such device" for the "get the media types" ioctl
+	  in *BSD
+	Improve error messages from bpf_open(), and let it do the error
+	  handling
+	Return more specific errors from pcap_can_set_rfmon(); fix
+	  documentation
+	Update description fetching code for FreeBSD, fix code for
+	  OpenBSD
+	Ignore /sys/net/dev files if we get ENODEV for them, not just
+	  ENXIO; fixes handling of bonding devices on Linux
+	Fix check for a constant 0 argument to BPF_DIV
+	Use the right version of ar when cross-building
+	Free any filter set on a savefile when the savefile is closed
+	Include the CFLAGS setting when configure was run in the
+	  compiler flags
+	Add support for 802.15.4 interfaces on Linux
+
+Thu.    April 1, 2010.  guy@alum.mit.edu.
+Summary for 1.1.1 libpcap release
+	Update CHANGES to reflect more of the changes in 1.1.0.
+	Fix build on RHEL5.
+	Fix shared library build on AIX.
+
+Thu.	March 11, 2010.  ken@netfunctional.ca/guy@alum.mit.edu.
+Summary for 1.1.0 libpcap release
+	Add SocketCAN capture support
+	Add Myricom SNF API support
+	Update Endace DAG and ERF support
+	Add support for shared libraries on Solaris, HP-UX, and AIX
+	Build, install, and un-install shared libraries by default;
+	  don't build/install shared libraries on platforms we don't support
+	Fix building from a directory other than the source directory
+	Fix compiler warnings and builds on some platforms
+	Update config.guess and config.sub
+	Support monitor mode on mac80211 devices on Linux
+	Fix USB memory-mapped capturing on Linux; it requires a new DLT_
+	  value
+	On Linux, scan /sys/class/net for devices if we have it; scan
+	  it, or /proc/net/dev if we don't have /sys/class/net, even if
+	  we have getifaddrs(), as it'll find interfaces with no
+	  addresses
+	Add limited support for reading pcap-ng files
+	Fix BPF driver-loading error handling on AIX
+	Support getting the full-length interface description on FreeBSD
+	In the lexical analyzer, free up any addrinfo structure we got back
+	  from getaddrinfo().
+	Add support for BPF and libdlpi in OpenSolaris (and SXCE)
+	Hyphenate "link-layer" everywhere
+	Add /sys/kernel/debug/usb/usbmon to the list of usbmon locations
+	In pcap_read_linux_mmap(), if there are no frames available, call
+	  poll() even if we're in non-blocking mode, so we pick up
+	  errors, and check for the errors in question.
+	Note that poll() works on BPF devices is Snow Leopard
+	If an ENXIO or ENETDOWN is received, it may mean the device has
+	  gone away.  Deal with it.
+	For BPF, raise the default capture buffer size to from 32k to 512k
+	Support ps_ifdrop on Linux
+	Added a bunch of #ifdef directives to make wpcap.dll (WinPcap) compile
+	 under cygwin.
+	Changes to Linux mmapped captures.
+	Fix bug where create_ring would fail for particular snaplen and
+	  buffer size combinations
+	Update pcap-config so that it handles libpcap requiring
+	  additional libraries
+	Add workaround for threadsafeness on Windows
+	Add missing mapping for DLT_ENC <-> LINKTYPE_ENC
+	DLT: Add DLT_CAN_SOCKETCAN
+	DLT: Add Solaris ipnet
+	Don't check for DLT_IPNET if it's not defined
+	Add link-layer types for Fibre Channel FC-2
+	Add link-layer types for Wireless HART
+	Add link-layer types for AOS
+	Add link-layer types for DECT
+	Autoconf fixes (AIX, HP-UX, OSF/1, Tru64 cleanups)
+	Install headers unconditionally, and include vlan.h/bluetooth.h if
+	  enabled
+	Autoconf fixes+cleanup
+	Support enabling/disabling bluetooth (--{en,dis}able-bluetooth)
+	Support disabling SITA support (--without-sita)
+	Return -1 on failure to create packet ring (if supported but
+	  creation failed)
+	Fix handling of 'any' device, so that it can be opened, and no longer
+	  attempt to open it in Monitor mode
+	Add support for snapshot length for USB Memory-Mapped Interface
+	Fix configure and build on recent Linux kernels
+	Fix memory-mapped Linux capture to support pcap_next() and
+	  pcap_next_ex()
+	Fixes for Linux USB capture
+	DLT: Add DLT_LINUX_EVDEV
+	DLT: Add DLT_GSMTAP_UM
+	DLT: Add DLT_GSMTAP_ABIS
+
+Mon.    October 27, 2008.  ken@netfunctional.ca.  Summary for 1.0.0 libpcap release
+	Compile with IPv6 support by default
+	Compile with large file support on by default
+	Add pcap-config script, which deals with -I/-L flags for compiling
+	DLT: Add IPMB
+	DLT: Add LAPD
+	DLT: Add AX25 (AX.25 w/KISS header)
+	DLT: Add JUNIPER_ST
+	802.15.4 support
+	Variable length 802.11 header support
+	X2E data type support 
+	SITA ACN Interface support - see README.sita
+	Support for memory-mapped capture on Linux
+	Support for zerocopy BPF on platforms that support it
+	Support for setting buffer size when opening devices
+	Support for setting monitor mode when opening 802.11 devices
+	Better support for dealing with VLAN tagging/stripping on Linux
+	Fix dynamic library support on OSX
+	Return PCAP_ERROR_IFACE_NOT_UP if the interface isn't 'UP', so applications
+	 can print better diagnostic information
+	Return PCAP_ERROR_PERM_DENIED if we don't have permission to open a device, so
+	 applications can tell the user they need to go play with permissions
+	On Linux, ignore ENETDOWN so we can continue to capture packets if the 
+	 interface goes down and comes back up again.
+	On Linux, support new tpacket frame headers (2.6.27+)
+	On Mac OS X, add scripts for changing permissions on /dev/bpf* and launchd plist
+	On Solaris, support 'passive mode' on systems that support it
+	Fixes to autoconf and general build environment
+	Man page reorganization + cleanup
+	Autogenerate VERSION numbers better
+
+Mon.    September 10, 2007.  ken@xelerance.com.  Summary for 0.9.8 libpcap release
+        Change build process to put public libpcap headers into pcap subir
+        DLT: Add value for IPMI IPMB packets
+        DLT: Add value for u10 Networks boards
+        Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted 
+         libpcap files on an OS other than where the file was generated
+
+Wed.	April 25, 2007.  ken@xelerance.com.  Summary for 0.9.6 libpcap release
+
+	Put the public libpcap headers into a pcap subdirectory in both the
+	 source directory and the target include directory, and have include
+	 files at the top-level directory to include those headers, for 
+	 backwards compatibility.
+	Add Bluetooth support
+	Add USB capturing support on Linux
+	Add support for the binary USB sniffing interface in Linux
+	Add support for new FreeBSD BIOCSDIRECTION ioctl
+	Add additional filter operations for 802.11 frame types
+	Add support for filtering on MTP2 frame types
+	Propagate some changes from the main branch, so the x.9 branch has 
+	 all the DLT_ and LINKTYPE_ values that the main branch does
+	Reserved a DLT_ and SAVEFILE_ value for PPI (Per Packet Info) 
+	 encapsulated packets
+	Add LINKTYPE_ for IEEE 802.15.4, with address fields padded as done 
+	 by Linux drivers
+	Add LINKTYPE_ value corresponding to DLT_IEEE802_16_MAC_CPS.
+	Add DLT for IEEE 802.16 (WiMAX) MAC Common Part Sublayer
+	Add DLT for Bluetooth HCI UART transport layer
+	When building a shared library, build with "-fPIC" on Linux to support x86_64
+	Link with "$(CC) -shared" rather than "ld -shared" when building a 
+	 ".so" shared library
+	Add support for autoconf 2.60
+	Fixes to discard unread packets when changing filters
+	Changes to handle name changes in the DAG library resulting from 
+	 switching to libtool.
+	Add support for new DAG ERF types.
+        Add an explicit "-ldag" when building the shared library, so the DAG 
+	 library dependency is explicit.
+	Mac OSX fixes for dealing with "wlt" devices
+	Fixes in add_or_find_if() & pcap_findalldevs() to optimize generating
+	 device lists
+	Fixed a bug in pcap_open_live(). The return value of PacketSetHwFilter
+	 was not checked. 
+
+Tue.	September 19, 2006. ken@xelerance.com. Summary for 0.9.5 libpcap release
+
+	Support for LAPD frames with vISDN
+	Support for ERF on channelized T1/E1 cards via DAG API
+	Fix capitalization that caused issues crossc compiling on Linux
+	Better failure detection on PacketGetAdapterNames()
+	Fixes for MPLS packet generation (link layer)
+	OP_PACKET now matches the beginning of the packet, instead of
+	 beginning+link-layer
+	Add DLT/LINKTYPE for carrying FRF.16 Multi-link Frame Relay
+	Fix allocation of buffer for list of link-layer types  
+	Added a new DLT and LINKTYPE value for ARINC 653 Interpartition Communcation Messages
+	Fixed a typo in a DLT value: it should start with DLT_ and not LINKTYPE_
+	Redefined DLT_CAN20B and LINKTYPE_CAN20B as #190 (as this is the right value for CAN).
+	Added definition for DLT_A429 and LINKTYPE_A429 as #184.
+	Added a new DLT and LINKTYPE value for CAN v2.0B frames.
+	Add support for DLT_JUNIPER_VP.
+	Don't double-count received packets on Linux systems that 
+	 support the PACKET_STATISTICS getsockopt() argument on 
+	 PF_PACKET sockets.
+	Add support for DLT_IEEE802_11 and DLT_IEEE802_11_RADIO link 
+	 layers in Windows
+	Add support to build libpcap.lib and wpcap.dll under Cygnus and 
+	 MingW32.
+
+Mon. 	September 5, 2005.  ken@xelerance.com. Summary for 0.9.4 libpcap release
+
+	Support for radiotap on Linux (Mike Kershaw)
+	Fixes for HP-UX
+	Support for additional Juniper link-layer types
+	Fixes for filters on MPLS-encapsulated packets
+	"vlan" filter fixed
+	"pppoed" and "pppoes" filters added; the latter modifies later
+	parts of the filter expression to look at the PPP headers and
+	headers in the PPP payload
+
+Tue. 	July 5, 2005.  ken@xelerance.com. Summary for 0.9.3 libpcap release
+
+	Fixes for compiling on nearly every platform,
+		including improved 64bit support
+	MSDOS Support
+	Add support for sending packets
+	OpenBSD pf format support
+	IrDA capture (Linux only)

 Tue.   March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release

 	Fixed minor problem in gencode.c that would appear on 64-bit
 	platforms.
 	Version number is now sane.
-	
+
 Mon.   March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release

 	updates for autoconf 2.5
@ -18,13 +241,13 @@ Wed.   November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 0.8 release
 	Win32 patches from NetGroup, Politecnico di Torino (Italy)
 	OpenBSD pf, DLT_PFLOG added
 	Many changes to ATM support.
-	lookup pcap_lookupnet()	
+	lookup pcap_lookupnet()
 	Added DLT_ARCNET_LINUX, DLT_ENC, DLT_IEEE802_11_RADIO, DLT_SUNATM,
 		DLT_IP_OVER_FC, DLT_FRELAY, others.
 	Sigh.  More AIX wonderfulness.
-	Document updates. 
+	Document updates.
 	Changes to API: pcap_next_ex(), pcap_breakloop(), pcap_dump_flush(),
-			pcap_list_datalinks(), pcap_set_datalink(), 
+			pcap_list_datalinks(), pcap_set_datalink(),
 			pcap_lib_version(), pcap_datalink_val_to_name(),
 			pcap_datalink_name_to_val(), new error returns.

@ -45,7 +268,7 @@ Monday October 23, 2001. mcr@sandelman.ottawa.on.ca. Summary for 0.7 release

 	Added pcap_findalldevs() call to get list of interfaces in a MI way.

-	pcap_stats() has been documented as to what its counters mean on 
+	pcap_stats() has been documented as to what its counters mean on
 	each platform.

 Tuesday January 9, 2001. guy@alum.mit.edu. Summary for 0.6 release
@ -118,7 +341,7 @@ Greg Troxel <gdt@ir.bbn.com>
 - Added a new "pcap_compile_nopcap()", which lets you compile a filter
  expression into a BPF program without having an open live capture or
  capture file.
-  
+
 v0.4 Sat Jul 25 12:40:09 PDT 1998

 - Fix endian problem with DLT_NULL devices. From FreeBSD via Bill
--- a/227
+++ b/227
@ -1,95 +1,148 @@
 This file lists people who have contributed to libpcap:

 The current maintainers:
-	Bill Fenner			<fenner@research.att.com>
-	Fulvio Risso			<risso@polito.it>
-	Guy Harris	 		<guy@alum.mit.edu>
-	Hannes Gredler			<hannes@juniper.net>
-	Jun-ichiro itojun Hagino	<itojun@iijlab.net>
-	Michael Richardson	 	<mcr@sandelman.ottawa.on.ca>
+    Bill Fenner                   <fenner at research dot att dot com>
+    Fulvio Risso                  <risso at polito dot it>
+    Guy Harris                    <guy at alum dot mit dot edu>
+    Hannes Gredler                <hannes at juniper dot net>
+    Michael Richardson            <mcr at sandelman dot ottawa dot on dot ca>

 Additional people who have contributed patches:

-	Alan Bawden			<Alan@LCS.MIT.EDU>
-	Alexey Kuznetsov		<kuznet@ms2.inr.ac.ru>
-	Albert Chin			<china@thewrittenword.com>
-	Andrew Brown			<atatat@atatdot.net>
-	Antti Kantee			<pooka@netbsd.org>
-	Arkadiusz Miskiewicz		<misiek@pld.org.pl>
-	Armando L. Caro Jr.		<acaro@mail.eecis.udel.edu>
-	Assar Westerlund	 	<assar@sics.se>
-	Brian Ginsbach			<ginsbach@cray.com>
-	Charles M. Hannum		<mycroft@netbsd.org>
-	Chris G. Demetriou		<cgd@netbsd.org>
-	Chris Lightfoot			<cwrl@users.sourceforge.net>
-	Chris Pepper			<pepper@mail.reppep.com>
-	Darren Reed			<darrenr@reed.wattle.id.au>
-	David Kaelbling			<drk@sgi.com>
-	David Young			<dyoung@ojctech.com>
-	Dean Gaudet			<dean@arctic.org>
-	Don Ebright			<Don.Ebright@compuware.com> 
-	Dug Song			<dugsong@monkey.org>
-	Eric Anderson			<anderse@hpl.hp.com>
-        Erik de Castro Lopo             <erik.de.castro.lopo@sensorynetworks.com>
-	Franz Schaefer			<schaefer@mond.at>
-	Gianluca Varenni		<varenni@netgroup-serv.polito.it>
-	Gisle Vanem			<giva@bgnett.no>
-	Graeme Hewson			<ghewson@cix.compulink.co.uk>
-	Greg Stark			<gsstark@mit.edu>
-	Greg Troxel			<gdt@ir.bbn.com>
-	Guillaume Pelat			<endymion_@users.sourceforge.net>
-	Hyung Sik Yoon			<hsyn@kr.ibm.com>
-	Igor Khristophorov		<igor@atdot.org>
-	Jan-Philip Velders		<jpv@veldersjes.net>
-	Jason R. Thorpe			<thorpej@netbsd.org>
-	Javier Achirica			<achirica@ttd.net>
-	Jean Tourrilhes			<jt@hpl.hp.com>
-	Jefferson Ogata			<jogata@nodc.noaa.gov>
-	Jesper Peterson			<jesper@endace.com>
-	John Bankier			<jbankier@rainfinity.com>
-	Jon Lindgren			<jonl@yubyub.net>
-	Juergen Schoenwaelder		<schoenw@ibr.cs.tu-bs.de>
-	Kazushi Sugyo			<sugyo@pb.jp.nec.com>
-	Klaus Klein			<kleink@netbsd.org>
-	Koryn Grant			<koryn@endace.com>
-	Krzysztof Halasa		<khc@pm.waw.pl>
-	Lorenzo Cavallaro		<sullivan@sikurezza.org>
-	Loris Degioanni			<loris@netgroup-serv.polito.it>
-	Love Hörnquist-Åstrand		<lha@stacken.kth.se>
-	Maciej W. Rozycki		<macro@ds2.pg.gda.pl>
-	Marcus Felipe Pereira		<marcus@task.com.br>
-	Mark Pizzolato			<List-tcpdump-workers@subscriptions.pizzolato.net>
-	Martin Husemann			<martin@netbsd.org>
-	Matthew Luckie			<mjl@luckie.org.nz>
-	Mike Wiacek			<mike@iroot.net>
-	Monroe Williams			<monroe@pobox.com>
-	Nicolas Dade			<ndade@nsd.dyndns.org>
-	Octavian Cerna			<tavy@ylabs.com>
-	Olaf Kirch			<okir@caldera.de>
-	Onno van der Linden		<onno@simplex.nl>
-	Paul Mundt			<lethal@linux-sh.org>
-	Pavel Kankovsky			<kan@dcit.cz>
-	Peter Fales			<peter@fales-lorenz.net>
-	Peter Jeremy			<peter.jeremy@alcatel.com.au>
-	Phil Wood			<cpw@lanl.gov>
-	Rafal Maszkowski		<rzm@icm.edu.pl>
-	Rick Jones			<raj@cup.hp.com>
-	Scott Barron			<sb125499@ohiou.edu>
-	Scott Gifford			<sgifford@tir.com>
-	Sebastian Krahmer		<krahmer@cs.uni-potsdam.de>
-	Shaun Clowes			<delius@progsoc.uts.edu.au>
-	Solomon Peachy			<pizza@shaftnet.org>
-	Stefan Hudson			<hudson@mbay.net>
-	Takashi Yamamoto		<yamt@mwd.biglobe.ne.jp>
-	Tony Li				<tli@procket.com>
-	Torsten Landschoff	 	<torsten@debian.org>
-	Uns Lider			<unslider@miranda.org>
-	Uwe Girlich			<Uwe.Girlich@philosys.de>
-	Xianjie Zhang			<xzhang@cup.hp.com>
-	Yen Yen Lim
-	Yoann Vandoorselaere		<yoann@prelude-ids.org>
+    Alan Bawden                   <Alan at LCS dot MIT dot EDU>
+    Albert Chin                   <china at thewrittenword dot com>
+    Alexander 'Leo' Bergolth      <Leo dot Bergolth at wu-wien dot ac dot at>
+    Alexey Kuznetsov              <kuznet at ms2 dot inr dot ac dot ru>
+    Alon Bar-Lev                  <alonbl at sourceforge dot net>
+    Andrew Brown                  <atatat at atatdot dot net>
+                                  <andy-1 at sourceforge dot net>
+    Antti Kantee                  <pooka at netbsd dot org>
+    Arien Vijn                    <arienvijn at sourceforge dot net>
+    Arkadiusz Miskiewicz          <misiek at pld dot org dot pl>
+    Armando L. Caro Jr.           <acaro at mail dot eecis dot udel dot edu>
+    Assar Westerlund              <assar at sics dot se>
+    Brian Ginsbach                <ginsbach at cray dot com>
+    Charles M. Hannum             <mycroft at netbsd dot org>
+    Chris G. Demetriou            <cgd at netbsd dot org>
+    Chris Lightfoot               <cwrl at users dot sourceforge dot net>
+    Chris Maynard                 <Chris dot Maynard at gtech dot com>
+    Chris Pepper                  <pepper at mail dot reppep dot com>
+    Christian Bell                <csbell at myri dot com>
+    Christian Peron               <csjp at freebsd dot org>
+    Daniele Orlandi               <daniele at orlandi dot com>
+    Darren Reed                   <darrenr at sun dot com>
+    David Kaelbling               <drk at sgi dot com>
+    David Young                   <dyoung at ojctech dot com>
+    Dean Gaudet                   <dean at arctic dot org>
+    Don Ebright                   <Don dot Ebright at compuware dot com> 
+    Dug Song                      <dugsong at monkey dot org>
+    Dustin Spicuzza               <dustin at virtualroadside dot com>
+    Eric Anderson                 <anderse at hpl dot hp dot com>
+    Erik de Castro Lopo           <erik dot de dot castro dot lopo at sensorynetworks dot com>
+    Felix Obenhuber               <felix at obenhuber dot de>
+    Florent Drouin                <Florent dot Drouin at alcatel-lucent dot fr>
+    Franz Schaefer                <schaefer at mond dot at>
+    Fulko Hew                     <fulko dot hew at gmail dot com>
+    Fumiyuki Shimizu              <fumifumi at abacustech dot jp>
+    Gianluca Varenni              <varenni at netgroup-serv dot polito dot it>
+    Gilbert Hoyek                 <gil_hoyek at hotmail dot com>
+    Gisle Vanem                   <gvanem at broadpark dot no>
+    Graeme Hewson                 <ghewson at cix dot compulink dot co dot uk>
+    Greg Stark                    <gsstark at mit dot edu>
+    Greg Troxel                   <gdt at ir dot bbn dot com>
+    Gregor Maier                  <gregor at net dot in dot tum dot de>
+    Guillaume Pelat               <endymion_ at users dot sourceforge dot net>
+    Hagen Paul Pfeifer            <hagen at jauu dot net>
+    Hyung Sik Yoon                <hsyn at kr dot ibm dot com>
+    Igor Khristophorov            <igor at atdot dot org>
+    Jan-Philip Velders            <jpv at veldersjes dot net>
+    Jason R. Thorpe               <thorpej at netbsd dot org>
+    Javier Achirica               <achirica at ttd dot net>
+    Jean Tourrilhes               <jt at hpl dot hp dot com>
+    Jean-Louis Charton            <Jean-Louis.CHARTON at oikialog dot com>
+    Jefferson Ogata               <jogata at nodc dot noaa dot gov>
+    Jesper Peterson               <jesper at endace dot com>
+    Joerg Mayer                   <jmayer at loplof dot de>
+    John Bankier                  <jbankier at rainfinity dot com>
+    Jon Lindgren                  <jonl at yubyub dot net>
+    Jon Smirl                     <jonsmirl at gmail dot com>
+    Juergen Schoenwaelder         <schoenw at ibr dot cs dot tu-bs dot de>
+    Jung-uk Kim                   <jkim at FreeBSD dot org>
+    Kazushi Sugyo                 <sugyo at pb dot jp dot nec dot com>
+    Klaus Klein                   <kleink at netbsd dot org>
+    Koryn Grant                   <koryn at endace dot com>
+    Kris Katterjohn               <katterjohn at gmail dot com>
+    Krzysztof Halasa              <khc at pm dot waw dot pl>
+    Lorenzo Cavallaro             <sullivan at sikurezza dot org>
+    Loris Degioanni               <loris at netgroup-serv dot polito dot it>
+    Love Hörnquist-Åstrand        <lha at stacken dot kth dot se>
+    Luis MartinGarcia             <luis dot mgarc at gmail dot com>
+    Maciej W. Rozycki             <macro at ds2 dot pg dot gda dot pl>
+    Marcus Felipe Pereira         <marcus at task dot com dot br>
+    Mark C. Brown                 <mbrown at hp dot com>
+    Mark Pizzolato                <List-tcpdump-workers at subscriptions dot pizzolato dot net>
+    Markus Mayer                  <markus_mayer at sourceforge dot net>
+    Martin Husemann               <martin at netbsd dot org>
+    Márton Németh                 <nm127 at freemail dot hu>
+    Matthew Luckie                <mjl at luckie dot org dot nz>
+    Max Laier                     <max at love2party dot net>
+    Mike Frysinger                <vapier at gmail dot com>
+    Mike Kershaw                  <dragorn at kismetwireless dot net>
+    Mike Wiacek                   <mike at iroot dot net>
+    Monroe Williams               <monroe at pobox dot com>
+                                  <nvercamm at sourceforge dot net>
+    N. Leiten                     <nleiten at sourceforge dot net>
+    Nicolas Dade                  <ndade at nsd dot dyndns dot org>
+    Octavian Cerna                <tavy at ylabs dot com>
+    Olaf Kirch                    <okir at caldera dot de>
+    Ollie Wild                    <aaw at users dot sourceforge dot net>
+    Onno van der Linden           <onno at simplex dot nl>
+    Paolo Abeni                   <paolo dot abeni at email dot it>
+    Patrick Marie                 <mycroft at virgaria dot org>
+    Patrick McHardy               <kaber at trash not net>
+    Paul Mundt                    <lethal at linux-sh dot org>
+    Pavel Kankovsky               <kan at dcit dot cz>
+    Pawel Pokrywka                <publicpp at gmail dot com>
+    Peter Fales                   <peter at fales-lorenz dot net>
+    Peter Jeremy                  <peter dot jeremy at alcatel dot com dot au>
+    Peter Volkov                  <pva at gentoo dot org>
+    Phil Wood                     <cpw at lanl dot gov>
+    Rafal Maszkowski              <rzm at icm dot edu dot pl>
+                                  <rcb-isis at users dot sourceforge dot net>
+    Richard Stearn                <richard at rns-stearn dot demon dot co dot uk>
+    Rick Jones                    <raj at cup dot hp dot com>
+    Robert Edmonds                <stu-42 at sourceforge dot net>
+    Roberto Mariani               <jelot-tcpdump at jelot dot it>
+    Romain Francoise              <rfrancoise at debian dot org>
+    Sagun Shakya                  <sagun dot shakya at sun dot com>
+    Scott Barron                  <sb125499 at ohiou dot edu>
+    Scott Gifford                 <sgifford at tir dot com>
+    Scott Mcmillan                <scott.a.mcmillan at intel dot com>
+    Sebastian Krahmer             <krahmer at cs dot uni-potsdam dot de>
+    Sebastien Roy                 <Sebastien dot Roy at Sun dot COM>
+    Sepherosa Ziehau              <sepherosa at gmail dot com>
+    Shaun Clowes                  <delius at progsoc dot uts dot edu dot au>
+    Solomon Peachy                <pizza at shaftnet dot org>
+    Stefan Hudson                 <hudson at mbay dot net>
+    Stephen Donnelly              <stephen at endace dot com>
+    Takashi Yamamoto              <yamt at mwd dot biglobe dot ne dot jp>
+    Tanaka Shin-ya                <zstanaka at archer dot livedoor dot com>
+    Tobias Poschwatta             <posch at sourceforge dot net>
+    Tony Li                       <tli at procket dot com>
+    Torsten Landschoff            <torsten at debian dot org>
+    Uns Lider                     <unslider at miranda dot org>
+    Uwe Girlich                   <Uwe dot Girlich at philosys dot de>
+    Wesley Shields                <wxs at FreeBSD dot org>
+    Xianjie Zhang                 <xzhang at cup dot hp dot com>
+    Xin Li                        <delphij at FreeBSD dot org>
+    Yen Yen Lim
+    Yvan Vanhullebus              <vanhu at sourceforge dot net>
+    Yoann Vandoorselaere          <yoann at prelude-ids dot org>

 The original LBL crew:
-	Steve McCanne
-	Craig Leres
-	Van Jacobson
+    Steve McCanne
+    Craig Leres
+    Van Jacobson
+
+Past maintainers:
+    Jun-ichiro itojun Hagino         <itojun at iijlab dot net>
--- a/ChmodBPF/StartupParameters.plist
+++ b/ChmodBPF/StartupParameters.plist
@ -1,4 +1,4 @@
 {
  Description     = "Change BPF permissions";
-  Provides        = ("Non-root permission to capture or send raw packets");
+  Provides        = ("ChmodBPF");
 }
--- a/123
+++ b/123
@ -1,123 +0,0 @@
-CHANGES
-ChmodBPF/ChmodBPF
-ChmodBPF/StartupParameters.plist
-CREDITS
-FILES
-INSTALL.txt
-LICENSE
-Makefile.in
-README
-README.aix
-README.dag
-README.hpux
-README.linux
-README.macosx
-README.tru64
-README.Win32
-SUNOS4/nit_if.o.sparc
-SUNOS4/nit_if.o.sun3
-SUNOS4/nit_if.o.sun4c.4.0.3c
-TODO
-VERSION
-acconfig.h
-aclocal.m4
-arcnet.h
-atmuni31.h
-bpf/net/bpf_filter.c
-bpf_dump.c
-bpf_image.c
-config.guess
-config.h.in
-config.sub
-configure
-configure.in
-etherent.c
-ethertype.h
-fad-getad.c
-fad-gifc.c
-fad-glifc.c
-fad-null.c
-fad-win32.c
-gencode.c
-gencode.h
-grammar.y
-inet.c
-install-sh
-lbl/os-aix4.h
-lbl/os-hpux11.h
-lbl/os-osf4.h
-lbl/os-osf5.h
-lbl/os-solaris2.h
-lbl/os-sunos4.h
-lbl/os-ultrix4.h
-llc.h
-missing/snprintf.c
-mkdep
-msdos/bin2c.c
-msdos/common.dj
-msdos/makefile
-msdos/makefile.dj
-msdos/makefile.wc
-msdos/ndis2.c
-msdos/ndis2.h
-msdos/ndis_0.asm
-msdos/pkt_rx0.asm
-msdos/pkt_rx1.s
-msdos/pktdrvr.c
-msdos/pktdrvr.h
-msdos/readme.dos
-nametoaddr.c
-nlpid.h
-optimize.c
-packaging/pcap.spec
-packaging/pcap.spec.in
-pcap-bpf.c
-pcap-bpf.h
-pcap-dag.c
-pcap-dag.h
-pcap-dlpi.c
-pcap-dos.c
-pcap-dos.h
-pcap-enet.c
-pcap-int.h
-pcap-linux.c
-pcap-namedb.h
-pcap-nit.c
-pcap-nit.h
-pcap-null.c
-pcap-pf.c
-pcap-pf.h
-pcap-stdinc.h
-pcap-snit.c
-pcap-snoop.c
-pcap-win32.c
-pcap.3
-pcap.c
-pcap.h
-pf.h
-ppp.h
-rawss7.h
-savefile.c
-scanner.l
-sll.h
-sunatmpos.h
-Win32/Include/Gnuc.h
-Win32/Include/addrinfo.h
-Win32/Include/bittypes.h
-Win32/Include/cdecl_ext.h
-Win32/Include/inetprivate.h
-Win32/Include/ip6_misc.h
-Win32/Include/sockstorage.h
-Win32/Include/arpa/nameser.h
-Win32/Include/net/if.h
-Win32/Include/net/netdb.h
-Win32/Include/net/paths.h
-Win32/Src/ffs.c
-Win32/Src/getaddrinfo.c
-Win32/Src/getnetbynm.c
-Win32/Src/getnetent.c
-Win32/Src/getopt.c
-Win32/Src/getservent.c
-Win32/Src/inet_aton.c
-Win32/Src/inet_net.c
-Win32/Src/inet_pton.c
--- a/INSTALL.txt
+++ b/INSTALL.txt
@ -1,4 +1,4 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.12 2004-12-18 08:52:08 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.29 2008-06-12 20:21:51 guy Exp $ (LBL)

 To build libpcap, run "./configure" (a shell script). The configure
 script will determine your system attributes and generate an
@ -211,8 +211,7 @@ Read the README.aix file for information on installing libpcap and
 configuring your system to be able to support libpcap.

 If you use NeXTSTEP, you will not be able to build libpcap from this
-release. We hope to support this operating system in some future
-release of libpcap.
+release.

 If you use SINIX, you should be able to build libpcap from this
 release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS
@ -229,22 +228,22 @@ Another workaround is to use flex and bison.

 If you use SCO, you might have trouble building libpcap from this
 release. We do not have a machine running SCO and have not had reports
-of anyone successfully building on it. Since SCO apparently supports
-DLPI, it's possible the current version works. Meanwhile, SCO provides
-a tcpdump binary as part of their "Network/Security Tools" package:
+of anyone successfully building on it; the current release of libpcap
+does not compile on SCO OpenServer 5.  Although SCO apparently supports
+DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and
+it appears that completely new code would need to be written to capture
+network traffic.  SCO do not appear to provide tcpdump binaries for
+OpenServer 5 or OpenServer 6 as part of SCO Skunkware:

-    http://www.sco.com/technology/internet/goodies/#SECURITY
+	http://www.sco.com/skunkware/

-There is also a README that explains how to enable packet capture.
-
-If you use UnixWare, you will not be able to build libpcap from this
-release. We hope to support this operating system in some future
-release of libpcap. Meanwhile, there appears to be an UnixWare port of
-libpcap 0.0 (and tcpdump 3.0) in:
-
-    ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/
-
-UnixWare appears to use a hacked version of DLPI.
+If you use UnixWare, you might be able to build libpcap from this
+release, or you might not.  We do not have a machine running UnixWare,
+so we have not tested it; however, SCO provide packages for libpcap
+0.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO
+Skunkware, and the source package for libpcap 0.6.2 is not changed from
+the libpcap 0.6.2 source release, so this release of libpcap might also
+build without changes on UnixWare 7.

 If linking tcpdump fails with "Undefined: _alloca" when using bison on
 a Sun4, your version of bison is broken. In any case version 1.16 or
@ -298,7 +297,6 @@ CHANGES		- description of differences between releases
 ChmodBPF/*	- Mac OS X startup item to set ownership and permissions
 		  on /dev/bpf*
 CREDITS		- people that have helped libpcap along
-FILES		- list of files exported as part of the distribution
 INSTALL.txt	- this file
 LICENSE		- the license under which tcpdump is distributed
 Makefile.in	- compilation rules (input to the configure script)
@ -308,6 +306,8 @@ README.dag	- notes on using libpcap to capture on Endace DAG devices
 README.hpux	- notes on using libpcap on HP-UX
 README.linux	- notes on using libpcap on Linux
 README.macosx	- notes on using libpcap on Mac OS X
+README.septel   - notes on using libpcap to capture on Intel/Septel devices
+README.sita	- notes on using libpcap to capture on SITA devices
 README.tru64	- notes on using libpcap on Digital/Tru64 UNIX
 README.Win32	- notes on using libpcap on Win32 systems (with WinPcap)
 SUNOS4		- pre-SunOS 4.1 replacement kernel nit modules
@ -325,16 +325,22 @@ config.h.in	- autoconf input
 config.sub	- autoconf support
 configure	- configure script (run this first)
 configure.in	- configure script source
+dlpisubs.c	- DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c
+dlpisubs.h	- DLPI-related function declarations
 etherent.c	- /etc/ethers support routines
 ethertype.h	- Ethernet protocol types and names definitions
 fad-getad.c	- pcap_findalldevs() for systems with getifaddrs()
 fad-gifc.c	- pcap_findalldevs() for systems with only SIOCGIFLIST
 fad-glifc.c	- pcap_findalldevs() for systems with SIOCGLIFCONF
 fad-null.c	- pcap_findalldevs() for systems without capture support
+fad-sita.c	- pcap_findalldevs() for systems with SITA support
 fad-win32.c	- pcap_findalldevs() for WinPcap
+filtertest.c	- test program for BPF compiler
+findalldevstest.c - test program for pcap_findalldevs()
 gencode.c	- BPF code generation routines
 gencode.h	- BPF code generation definitions
 grammar.y	- filter string grammar
+ieee80211.h	- 802.11 definitions
 inet.c		- network routines
 install-sh	- BSD style install script
 lbl/os-*.h	- OS-dependent defines and prototypes
@ -347,8 +353,16 @@ nlpid.h		- OSI network layer protocol identifier definitions
 net		- symlink to bpf/net
 optimize.c	- BPF optimization routines
 packaging	- packaging information for building libpcap RPMs
+pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header
+pcap/bpf.h	- BPF definitions
+pcap/namedb.h	- public libpcap name database definitions
+pcap/pcap.h	- public libpcap definitions
+pcap/sll.h	- public definition of DLT_LINUX_SLL header
+pcap/usb.h	- public definition of DLT_USB header
 pcap-bpf.c	- BSD Packet Filter support
-pcap-bpf.h	- BPF definitions
+pcap-bpf.h	- header for backwards compatibility
+pcap-bt-linux.c	- Bluetooth capture support for Linux
+pcap-bt-linux.h	- Bluetooth capture support for Linux
 pcap-dag.c	- Endace DAG device capture support
 pcap-dag.h	- Endace DAG device capture support
 pcap-dlpi.c	- Data Link Provider Interface support
@ -356,25 +370,34 @@ pcap-dos.c	- MS-DOS capture support
 pcap-dos.h	- headers for MS-DOS capture support
 pcap-enet.c	- enet support
 pcap-int.h	- internal libpcap definitions
+pcap-libdlpi.c	- Data Link Provider Interface support for systems with libdlpi
 pcap-linux.c	- Linux packet socket support
-pcap-namedb.h	- public libpcap name database definitions
+pcap-namedb.h	- header for backwards compatibility
 pcap-nit.c	- SunOS Network Interface Tap support
 pcap-nit.h	- SunOS Network Interface Tap definitions
 pcap-null.c	- dummy monitor support (allows offline use of libpcap)
 pcap-pf.c	- Ultrix and Digital/Tru64 UNIX Packet Filter support
 pcap-pf.h	- Ultrix and Digital/Tru64 UNIX Packet Filter definitions
+pcap-septel.c   - Intel/Septel device capture support
+pcap-septel.h   - Intel/Septel device capture support
+pcap-sita.c	- SITA device capture support
+pcap-sita.h	- SITA device capture support
+pcap-sita.html	- SITA device capture documentation
 pcap-stdinc.h	- includes and #defines for compiling on Win32 systems
 pcap-snit.c	- SunOS 4.x STREAMS-based Network Interface Tap support
 pcap-snoop.c	- IRIX Snoop network monitoring support
+pcap-usb-linux.c - USB capture support for Linux
+pcap-usb-linux.h - USB capture support for Linux
 pcap-win32.c	- WinPcap capture support
-pcap.3		- manual entry
+pcap.3pcap	- manual entry for the library
 pcap.c		- pcap utility routines
-pcap.h		- public libpcap definitions
-pf.h		- OpenBSD DLT_PFLOG definitions
+pcap.h		- header for backwards compatibility
+pcap_*.3pcap	- manual entries for library functions
+pcap-filter.4	- manual entry for filter syntax
+pcap-linktype.4	- manual entry for link-layer header types
 ppp.h		- Point to Point Protocol definitions
-rawss7.h	- information on DLT_ types for SS7
+runlex.sh	- wrapper for Lex/Flex
 savefile.c	- offline support
 scanner.l	- filter string scanner
-sll.h		- definitions for Linux cooked mode fake link-layer header
 sunatmpos.h	- definitions for SunATM capturing
 Win32		- headers and routines for building on Win32 systems
--- a/Makefile.in
+++ b/Makefile.in
@ -17,7 +17,7 @@
 #  WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 #  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 #
-# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.99 2003-12-15 01:35:03 guy Exp $ (LBL)
+# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.142 2008-11-22 17:30:24 guy Exp $ (LBL)

 #
 # Various configurable paths (remember to edit Makefile.in, not Makefile)
@ -26,11 +26,14 @@
 # Top level hierarchy
 prefix = @prefix@
 exec_prefix = @exec_prefix@
+datarootdir = @datarootdir@
+# Pathname of directory to install the configure program
+bindir = @bindir@
 # Pathname of directory to install the include files
 includedir = @includedir@
 # Pathname of directory to install the library
 libdir =  @libdir@
-# Pathname of directory to install the man page
+# Pathname of directory to install the man pages
 mandir = @mandir@

 # VPATH
@ -41,15 +44,23 @@ VPATH = @srcdir@
 # You shouldn't need to edit anything below.
 #

+LD = /usr/bin/ld
 CC = @CC@
+AR = @AR@
 CCOPT = @V_CCOPT@
 INCLS = -I. @V_INCLS@
 DEFS = @DEFS@ @V_DEFS@
-LIBS = @V_LIBS@
+ADDLOBJS = @ADDLOBJS@
+ADDLARCHIVEOBJS = @ADDLARCHIVEOBJS@
+LIBS = @LIBS@
+CFLAGS = @CFLAGS@
+LDFLAGS = @LDFLAGS@
 DYEXT = @DYEXT@
+V_RPATH_OPT = @V_RPATH_OPT@
+PROG=libpcap

 # Standard CFLAGS
-CFLAGS = $(CCOPT) $(INCLS) $(DEFS)
+FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)

 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@ -69,14 +80,15 @@ YACC = @V_YACC@
 # problem if you don't own the file but can write to the directory.
 .c.o:
 	@rm -f $@
-	$(CC) $(CFLAGS) -c $(srcdir)/$*.c
+	$(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c

-PSRC =	pcap-@V_PCAP@.c
+PSRC =	pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@ @CAN_SRC@ @DECT_SRC@
 FSRC =  fad-@V_FINDALLDEVS@.c
 SSRC =  @SSRC@
-CSRC =	pcap.c inet.c gencode.c optimize.c nametoaddr.c \
-	etherent.c savefile.c bpf_filter.c bpf_image.c bpf_dump.c
-GENSRC = scanner.c grammar.c version.c
+CSRC =	pcap.c inet.c gencode.c optimize.c nametoaddr.c etherent.c \
+	savefile.c sf-pcap.c sf-pcap-ng.c pcap-common.c \
+	bpf_image.c bpf_dump.c
+GENSRC = scanner.c grammar.c bpf_filter.c version.c
 LIBOBJS = @LIBOBJS@

 SRC =	$(PSRC) $(FSRC) $(CSRC) $(SSRC) $(GENSRC)
@ -84,50 +96,343 @@ SRC =	$(PSRC) $(FSRC) $(CSRC) $(SSRC) $(GENSRC)
 # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot
 # hack the extra indirection
 OBJ =	$(PSRC:.c=.o) $(FSRC:.c=.o) $(CSRC:.c=.o) $(SSRC:.c=.o) $(GENSRC:.c=.o) $(LIBOBJS)
-HDR =	pcap.h pcap-int.h pcap-namedb.h pcap-nit.h pcap-pf.h \
-	ethertype.h gencode.h gnuc.h
-GENHDR = \
-	tokdefs.h version.h
+PUBHDR = \
+	pcap.h \
+	pcap-bpf.h \
+	pcap-namedb.h \
+	pcap/bpf.h \
+	pcap/bluetooth.h \
+	pcap/ipnet.h \
+	pcap/namedb.h \
+	pcap/pcap.h \
+	pcap/sll.h \
+	pcap/vlan.h \
+	pcap/usb.h

-TAGHDR = \
-	pcap-bpf.h
+HDR = $(PUBHDR) \
+	arcnet.h \
+	atmuni31.h \
+	ethertype.h \
+	gencode.h \
+	ieee80211.h \
+	llc.h \
+	nlpid.h \
+	pcap-common.h \
+	pcap-int.h \
+	pcap-stdinc.h \
+	ppp.h \
+	sf-pcap.h \
+	sf-pcap-ng.h \
+	sunatmpos.h
+
+TESTS = \
+	filtertest \
+	findalldevstest \
+	nonblocktest \
+	opentest \
+	selpolltest
+
+TESTS_SRC = \
+	tests/filtertest.c \
+	tests/findalldevstest.c \
+	tests/nonblocktest.c \
+	tests/opentest.c \
+	tests/selpolltest.c
+
+GENHDR = \
+	scanner.h tokdefs.h version.h

 TAGFILES = \
-	$(SRC) $(HDR) $(TAGHDR)
+	$(SRC) $(HDR)

-CLEANFILES = $(OBJ) libpcap.a $(GENSRC) $(GENHDR) lex.yy.c
+CLEANFILES = $(OBJ) libpcap.* $(TESTS) \
+	$(PROG)-`cat $(srcdir)/VERSION`.tar.gz $(GENSRC) $(GENHDR) \
+	lex.yy.c pcap-config

-all: libpcap.a
+MAN1 = pcap-config.1
+
+MAN3PCAP_EXPAND = \
+	pcap.3pcap.in \
+	pcap_compile.3pcap.in \
+	pcap_datalink.3pcap.in \
+	pcap_dump_open.3pcap.in \
+	pcap_list_datalinks.3pcap.in \
+	pcap_list_tstamp_types.3pcap.in \
+	pcap_open_dead.3pcap.in \
+	pcap_open_offline.3pcap.in \
+	pcap_set_tstamp_type.3pcap.in
+
+MAN3PCAP_NOEXPAND = \
+	pcap_activate.3pcap \
+	pcap_breakloop.3pcap \
+	pcap_can_set_rfmon.3pcap \
+	pcap_close.3pcap \
+	pcap_create.3pcap \
+	pcap_datalink_name_to_val.3pcap \
+	pcap_datalink_val_to_name.3pcap \
+	pcap_dump.3pcap \
+	pcap_dump_close.3pcap \
+	pcap_dump_file.3pcap \
+	pcap_dump_flush.3pcap \
+	pcap_dump_ftell.3pcap \
+	pcap_file.3pcap \
+	pcap_fileno.3pcap \
+	pcap_findalldevs.3pcap \
+	pcap_freecode.3pcap \
+	pcap_get_selectable_fd.3pcap \
+	pcap_geterr.3pcap \
+	pcap_inject.3pcap \
+	pcap_is_swapped.3pcap \
+	pcap_lib_version.3pcap \
+	pcap_lookupdev.3pcap \
+	pcap_lookupnet.3pcap \
+	pcap_loop.3pcap \
+	pcap_major_version.3pcap \
+	pcap_next_ex.3pcap \
+	pcap_offline_filter.3pcap \
+	pcap_open_live.3pcap \
+	pcap_set_buffer_size.3pcap \
+	pcap_set_datalink.3pcap \
+	pcap_set_promisc.3pcap \
+	pcap_set_rfmon.3pcap \
+	pcap_set_snaplen.3pcap \
+	pcap_set_timeout.3pcap \
+	pcap_setdirection.3pcap \
+	pcap_setfilter.3pcap \
+	pcap_setnonblock.3pcap \
+	pcap_snapshot.3pcap \
+	pcap_stats.3pcap \
+	pcap_statustostr.3pcap \
+	pcap_strerror.3pcap \
+	pcap_tstamp_type_name_to_val.3pcap \
+	pcap_tstamp_type_val_to_name.3pcap
+
+MAN3PCAP = $(MAN3PCAP_NOEXPAND) $(MAN3PCAP_EXPAND:.in=)
+
+MANFILE = \
+	pcap-savefile.manfile.in
+
+MANMISC = \
+	pcap-filter.manmisc.in \
+	pcap-linktype.manmisc.in \
+	pcap-tstamp.manmisc.in
+
+EXTRA_DIST = \
+	$(TESTS_SRC) \
+	CHANGES \
+	ChmodBPF/ChmodBPF \
+	ChmodBPF/StartupParameters.plist \
+	CREDITS \
+	INSTALL.txt \
+	LICENSE \
+	Makefile.in \
+	README \
+	README.aix \
+	README.dag \
+	README.hpux \
+	README.linux \
+	README.macosx \
+	README.septel \
+	README.sita \
+	README.tru64 \
+	README.Win32 \
+	SUNOS4/nit_if.o.sparc \
+	SUNOS4/nit_if.o.sun3 \
+	SUNOS4/nit_if.o.sun4c.4.0.3c \
+	TODO \
+	VERSION \
+	aclocal.m4 \
+	bpf/net/bpf_filter.c \
+	chmod_bpf \
+	config.guess \
+	config.h.in \
+	config.sub \
+	configure \
+	configure.in \
+	dlpisubs.c \
+	dlpisubs.h \
+	fad-getad.c \
+	fad-gifc.c \
+	fad-glifc.c \
+	fad-null.c \
+	fad-sita.c \
+	fad-win32.c \
+	grammar.y \
+	install-sh \
+	lbl/os-aix4.h \
+	lbl/os-hpux11.h \
+	lbl/os-osf4.h \
+	lbl/os-osf5.h \
+	lbl/os-solaris2.h \
+	lbl/os-sunos4.h \
+	lbl/os-ultrix4.h \
+	missing/snprintf.c \
+	mkdep \
+	msdos/bin2c.c \
+	msdos/common.dj \
+	msdos/makefile \
+	msdos/makefile.dj \
+	msdos/makefile.wc \
+	msdos/ndis2.c \
+	msdos/ndis2.h \
+	msdos/ndis_0.asm \
+	msdos/pkt_rx0.asm \
+	msdos/pkt_rx1.s \
+	msdos/pktdrvr.c \
+	msdos/pktdrvr.h \
+	msdos/readme.dos \
+	org.tcpdump.chmod_bpf.plist \
+	packaging/pcap.spec.in \
+	pcap-bpf.c \
+	pcap-bt-linux.c \
+	pcap-bt-linux.h \
+	pcap-can-linux.c \
+	pcap-can-linux.h \
+	pcap-config.in \
+	pcap-dag.c \
+	pcap-dag.h \
+	pcap-dlpi.c \
+	pcap-dos.c \
+	pcap-dos.h \
+	pcap-enet.c \
+	pcap-int.h \
+	pcap-libdlpi.c \
+	pcap-linux.c \
+	pcap-namedb.h \
+	pcap-nit.c \
+	pcap-null.c \
+	pcap-pf.c \
+	pcap-septel.c \
+	pcap-septel.h \
+	pcap-sita.h \
+	pcap-sita.c \
+	pcap-sita.html \
+	pcap-snf.c \
+	pcap-snf.h \
+	pcap-snit.c \
+	pcap-snoop.c \
+	pcap-usb-linux.c \
+	pcap-usb-linux.h \
+	pcap-dect-linux.c \
+	pcap-dect-linux.h \
+	pcap-win32.c \
+	runlex.sh \
+	scanner.l \
+	Win32/Include/Gnuc.h \
+	Win32/Include/addrinfo.h \
+	Win32/Include/bittypes.h \
+	Win32/Include/cdecl_ext.h \
+	Win32/Include/inetprivate.h \
+	Win32/Include/ip6_misc.h \
+	Win32/Include/sockstorage.h \
+	Win32/Include/arpa/nameser.h \
+	Win32/Include/net/if.h \
+	Win32/Include/net/netdb.h \
+	Win32/Include/net/paths.h \
+	Win32/Prj/libpcap.dsp \
+	Win32/Prj/libpcap.dsw \
+	Win32/Src/ffs.c \
+	Win32/Src/gai_strerror.c \
+	Win32/Src/getaddrinfo.c \
+	Win32/Src/getnetbynm.c \
+	Win32/Src/getnetent.c \
+	Win32/Src/getopt.c \
+	Win32/Src/getservent.c \
+	Win32/Src/inet_aton.c \
+	Win32/Src/inet_net.c \
+	Win32/Src/inet_pton.c
+
+all: libpcap.a shared pcap-config

 libpcap.a: $(OBJ)
 	@rm -f $@
-	ar rc $@ $(OBJ) $(LIBS)
+	$(AR) rc $@ $(OBJ) $(ADDLARCHIVEOBJS)
 	$(RANLIB) $@

 shared: libpcap.$(DYEXT)

-#
-# XXX - this works with GNU ld, but won't necessarily work with native
-# ld on, for example, various SVR4-flavored platforms, or Digital UNIX.
-#
 libpcap.so: $(OBJ)
 	@rm -f $@
-	ld -shared -o $@.`cat VERSION` $(OBJ)
+	VER=`cat $(srcdir)/VERSION`; \
+	MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	@V_SHLIB_CMD@ @V_SHLIB_OPT@ @V_SONAME_OPT@$@.$$MAJOR_VER $(LDFLAGS) \
+	    -o $@.$$VER $(OBJ) $(ADDLOBJS) $(LIBS)

-# the following rule succeeds, but the result is untested.
+#
+# The following rule succeeds, but the result is untested.
+#
+# In Mac OS X, the libpcap dylib has the name "libpcap.A.dylib", with
+# its full path as the install_name, and with the compatibility and
+# current version both set to 1.  The compatibility version is set to
+# 1 so that programs built with a newer version of the library will run
+# against older versions; multi-platform software probably will fail if
+# it uses APIs added in the newer version, but Mac OS X-specific software
+# will use weak linking and check at run time whether those APIs are
+# available.
+#
+# We also use "A" as the major version, and 1 as the compatibility version,
+# but set the current version to the value in VERSION, with any non-numeric
+# stuff stripped off (the compatibility and current version must be of the
+# form X[.Y[.Z]], with Y and Z possibly absent, and with all components
+# numeric).
+#
 libpcap.dylib: $(OBJ)
 	rm -f libpcap*.dylib
-	$(CC) -dynamiclib -undefined error -o libpcap.`cat VERSION`.dylib $(OBJ) \
-		-install_name $(libdir)/libpcap.0.dylib -compatibility_version `cat VERSION` \
-		-current_version `cat VERSION`
+	VER=`cat $(srcdir)/VERSION`; \
+	MAJOR_VER=A; \
+	COMPAT_VER=1; \
+	CURRENT_VER=`sed 's/[^0-9.].*$$//' $(srcdir)/VERSION`; \
+	$(CC) -dynamiclib -undefined error $(LDFLAGS) \
+	    -o libpcap.$$VER.dylib $(OBJ) $(ADDLOBJS) $(LIBS) \
+	    -install_name $(libdir)/libpcap.$$MAJOR_VER.dylib \
+	    -compatibility_version $$COMPAT_VER \
+	    -current_version $$CURRENT_VER

+#
+# The HP-UX linker manual says that the convention for a versioned library
+# is libXXX.{number}, not libXXX.sl.{number}.  That appears to be the case
+# on at least one HP-UX 11.00 system; libXXX.sl is a symlink to
+# libXXX.{number}.
+#
+# The manual also says "library-level versioning" (think "sonames") was
+# added in HP-UX 10.0.
+#
+# XXX - this assumes we're using the HP linker, rather than the GNU
+# linker, even with GCC.
+#
+libpcap.sl: $(OBJ)
+	@MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	rm -f libpcap.$$MAJOR_VER
+	MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	ld -b $(LDFLAGS) -o libpcap.$$MAJOR_VER +h libpcap.$$MAJOR_VER \
+	    $(OBJ) $(ADDLOBJS) $(LIBS)
+
+#
+# AIX is different from everybody else.  A shared library is an archive
+# library with one or more shared-object components.  We still build a
+# normal static archive library on AIX, for the benefit of the traditional
+# scheme of building libpcap and tcpdump in subdirectories of the
+# same directory, with tcpdump statically linked with the libpcap
+# in question, but we also build a shared library as "libpcap.shareda"
+# and install *it*, rather than the static library, as "libpcap.a".
+#
+libpcap.shareda: $(OBJ)
+	@rm -f $@ shr.o
+	$(CC) @V_SHLIB_OPT@ -o shr.o $(OBJ) $(ADDLOBJS) $(LDFLAGS) $(LIBS)
+	$(AR) rc $@ shr.o
+
+#
+# For platforms that don't support shared libraries (or on which we
+# don't support shared libraries).
+#
+libpcap.none:

 scanner.c: $(srcdir)/scanner.l
 	@rm -f $@
-	$(LEX) -t $< > $$$$.$@; mv $$$$.$@ $@
+	$(srcdir)/runlex.sh $(LEX) -o$@ $<

 scanner.o: scanner.c tokdefs.h
-	$(CC) $(CFLAGS) -c scanner.c
+	$(CC) $(FULL_CFLAGS) -c scanner.c

 pcap.o: version.h

@ -140,17 +445,23 @@ grammar.c: $(srcdir)/grammar.y

 grammar.o: grammar.c
 	@rm -f $@
-	$(CC) $(CFLAGS) -Dyylval=pcap_lval -c grammar.c
+	$(CC) $(FULL_CFLAGS) -Dyylval=pcap_lval -c grammar.c

 version.o: version.c
-	$(CC) $(CFLAGS) -c version.c
+	$(CC) $(FULL_CFLAGS) -c version.c

 snprintf.o: $(srcdir)/missing/snprintf.c
-	$(CC) $(CFLAGS) -o $@ -c $(srcdir)/missing/snprintf.c
+	$(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/snprintf.c

 version.c: $(srcdir)/VERSION
 	@rm -f $@
-	sed -e 's/.*/char pcap_version[] = "&";/' $(srcdir)/VERSION > $@
+	if grep GIT ${srcdir}/VERSION >/dev/null; then \
+		read ver <${srcdir}/VERSION; \
+		echo $$ver | tr -d '\012'; \
+		date +_%Y_%m_%d; \
+	else \
+		cat ${srcdir}/VERSION; \
+	fi | sed -e 's/.*/char pcap_version[] = "&";/' > $@

 #
 # NOTE: this really is supposed to be static; importing a string
@ -161,52 +472,228 @@ version.c: $(srcdir)/VERSION
 #
 version.h: $(srcdir)/VERSION
 	@rm -f $@
-	sed -e 's/.*/static const char pcap_version_string[] = "libpcap version &";/' $(srcdir)/VERSION > $@
+	if grep GIT ${srcdir}/VERSION >/dev/null; then \
+		read ver <${srcdir}/VERSION; \
+		echo $$ver | tr -d '\012'; \
+		date +_%Y_%m_%d; \
+	else \
+		cat ${srcdir}/VERSION; \
+	fi | sed -e 's/.*/static const char pcap_version_string[] = "libpcap version &";/' > $@

 bpf_filter.c: $(srcdir)/bpf/net/bpf_filter.c
 	rm -f bpf_filter.c
 	ln -s $(srcdir)/bpf/net/bpf_filter.c bpf_filter.c

 bpf_filter.o: bpf_filter.c
-	$(CC) $(CFLAGS) -c bpf_filter.c
+	$(CC) $(FULL_CFLAGS) -c bpf_filter.c

-install: libpcap.a 
+#
+# Generate the pcap-config script.
+#
+pcap-config: $(srcdir)/pcap-config.in
+	@rm -f $@ $@.tmp
+	./config.status --file=$@.tmp:$<
+	mv $@.tmp $@
+	chmod a+x $@
+
+#
+# Test programs - not built by default, and not installed.
+#
+tests: $(TESTS)
+
+filtertest: tests/filtertest.c libpcap.a
+	$(CC) $(FULL_CFLAGS) -I. -L. -o filtertest $(srcdir)/tests/filtertest.c libpcap.a $(LIBS)
+
+findalldevstest: tests/findalldevstest.c libpcap.a
+	$(CC) $(FULL_CFLAGS) -I. -L. -o findalldevstest $(srcdir)/tests/findalldevstest.c libpcap.a $(LIBS)
+
+nonblocktest: tests/nonblocktest.c libpcap.a
+	$(CC) $(FULL_CFLAGS) -I. -L. -o nonblocktest $(srcdir)/tests/nonblocktest.c libpcap.a $(LIBS)
+
+opentest: tests/opentest.c libpcap.a
+	$(CC) $(FULL_CFLAGS) -I. -L. -o opentest $(srcdir)/tests/opentest.c libpcap.a $(LIBS)
+
+selpolltest: tests/selpolltest.c libpcap.a
+	$(CC) $(FULL_CFLAGS) -I. -L. -o selpolltest $(srcdir)/tests/selpolltest.c libpcap.a $(LIBS)
+
+install: install-shared install-archive pcap-config
+	[ -d $(DESTDIR)$(libdir) ] || \
+	    (mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
+	[ -d $(DESTDIR)$(includedir) ] || \
+	    (mkdir -p $(DESTDIR)$(includedir); chmod 755 $(DESTDIR)$(includedir))
+	[ -d $(DESTDIR)$(includedir)/pcap ] || \
+	    (mkdir -p $(DESTDIR)$(includedir)/pcap; chmod 755 $(DESTDIR)$(includedir)/pcap)
+	[ -d $(DESTDIR)$(mandir)/man1 ] || \
+	    (mkdir -p $(DESTDIR)$(mandir)/man1; chmod 755 $(DESTDIR)$(mandir)/man1)
+	[ -d $(DESTDIR)$(mandir)/man3 ] || \
+	    (mkdir -p $(DESTDIR)$(mandir)/man3; chmod 755 $(DESTDIR)$(mandir)/man3)
+	[ -d $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@ ] || \
+	    (mkdir -p $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@; chmod 755 $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@)
+	[ -d $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@ ] || \
+	    (mkdir -p $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@; chmod 755 $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@)
+	for i in $(PUBHDR); do \
+		$(INSTALL_DATA) $(srcdir)/$$i \
+		    $(DESTDIR)$(includedir)/$$i; done
+	[ -d $(DESTDIR)$(bindir) ] || \
+	    (mkdir -p $(DESTDIR)$(bindir); chmod 755 $(DESTDIR)$(bindir))
+	$(INSTALL_PROGRAM) pcap-config $(DESTDIR)$(bindir)/pcap-config
+	for i in $(MAN1); do \
+		$(INSTALL_DATA) $(srcdir)/$$i \
+		    $(DESTDIR)$(mandir)/man1/$$i; done
+	for i in $(MAN3PCAP_NOEXPAND); do \
+		$(INSTALL_DATA) $(srcdir)/$$i \
+		    $(DESTDIR)$(mandir)/man3/$$i; done
+	for i in $(MAN3PCAP_EXPAND:.in=); do \
+		$(INSTALL_DATA) $$i \
+		    $(DESTDIR)$(mandir)/man3/$$i; done
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_description.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_name.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_description.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_dump_fopen.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_dump_open.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_dump_fopen.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_freealldevs.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_findalldevs.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_freealldevs.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_perror.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_geterr.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_perror.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_sendpacket.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_inject.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_sendpacket.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_free_datalinks.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_list_datalinks.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_free_datalinks.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_free_tstamp_types.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_list_tstamp_types.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_free_tstamp_types.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_dispatch.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_loop.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_dispatch.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_minor_version.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_major_version.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_minor_version.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_next.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_next_ex.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_next.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_open_offline.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap
+	ln $(DESTDIR)$(mandir)/man3/pcap_setnonblock.3pcap \
+		 $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap
+	for i in $(MANFILE); do \
+		$(INSTALL_DATA) `echo $$i | sed 's/.manfile.in/.manfile/'` \
+		    $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@/`echo $$i | sed 's/.manfile.in/.@MAN_FILE_FORMATS@/'`; done
+	for i in $(MANMISC); do \
+		$(INSTALL_DATA) `echo $$i | sed 's/.manmisc.in/.manmisc/'` \
+		    $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@/`echo $$i | sed 's/.manmisc.in/.@MAN_MISC_INFO@/'`; done
+
+install-shared: install-shared-$(DYEXT)
+install-shared-so: libpcap.so
+	[ -d $(DESTDIR)$(libdir) ] || \
+	    (mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
+	VER=`cat $(srcdir)/VERSION`; \
+	MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	$(INSTALL_PROGRAM) libpcap.so.$$VER $(DESTDIR)$(libdir)/libpcap.so.$$VER; \
+	ln -sf libpcap.so.$$VER $(DESTDIR)$(libdir)/libpcap.so.$$MAJOR_VER; \
+	ln -sf libpcap.so.$$MAJOR_VER $(DESTDIR)$(libdir)/libpcap.so
+install-shared-dylib: libpcap.dylib
+	[ -d $(DESTDIR)$(libdir) ] || \
+	    (mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
+	VER=`cat $(srcdir)/VERSION`; \
+	MAJOR_VER=A; \
+	$(INSTALL_PROGRAM) libpcap.$$VER.dylib $(DESTDIR)$(libdir)/libpcap.$$VER.dylib; \
+	ln -sf libpcap.$$VER.dylib $(DESTDIR)$(libdir)/libpcap.$$MAJOR_VER.dylib; \
+	ln -sf libpcap.$$MAJOR_VER.dylib $(DESTDIR)$(libdir)/libpcap.dylib
+install-shared-sl: libpcap.sl
+	[ -d $(DESTDIR)$(libdir) ] || \
+	    (mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
+	MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	$(INSTALL_PROGRAM) libpcap.$$MAJOR_VER $(DESTDIR)$(libdir)
+	ln -sf libpcap.$$MAJOR_VER $(DESTDIR)$(libdir)/libpcap.sl
+install-shared-shareda: libpcap.shareda
+	#
+	# AIX shared libraries are weird.  They're archive libraries
+	# with one or more shared object components.
+	#
+	[ -d $(DESTDIR)$(libdir) ] || \
+	    (mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
+	$(INSTALL_PROGRAM) libpcap.shareda $(DESTDIR)$(libdir)/libpcap.a
+install-shared-none:
+
+install-archive: install-archive-$(DYEXT)
+install-archive-so install-archive-dylib install-archive-sl install-archive-none: libpcap.a
+	#
+	# Most platforms have separate suffixes for shared and
+	# archive libraries, so we install both.
+	#
 	[ -d $(DESTDIR)$(libdir) ] || \
 	    (mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
 	$(INSTALL_DATA) libpcap.a $(DESTDIR)$(libdir)/libpcap.a
 	$(RANLIB) $(DESTDIR)$(libdir)/libpcap.a
-	[ -d $(DESTDIR)$(includedir) ] || \
-	    (mkdir -p $(DESTDIR)$(includedir); chmod 755 $(DESTDIR)$(includedir))
-	$(INSTALL_DATA) $(srcdir)/pcap.h $(DESTDIR)$(includedir)/pcap.h
-	$(INSTALL_DATA) $(srcdir)/pcap-bpf.h \
-	    $(DESTDIR)$(includedir)/pcap-bpf.h
-	$(INSTALL_DATA) $(srcdir)/pcap-namedb.h \
-	    $(DESTDIR)$(includedir)/pcap-namedb.h
-	[ -d $(DESTDIR)$(mandir)/man3 ] || \
-		(mkdir -p $(DESTDIR)$(mandir)/man3; chmod 755 $(DESTDIR)$(mandir)/man3)
-	$(INSTALL_DATA) $(srcdir)/pcap.3 \
-	    $(DESTDIR)$(mandir)/man3/pcap.3
+install-archive-shareda:
+	#
+	# AIX, however, doesn't, so we don't install the archive
+	# library on AIX.
+	#

-install-shared: install-shared-$(DYEXT)
-install-shared-so: libpcap.so
-	$(INSTALL_PROGRAM) libpcap.so.`cat VERSION` $(DESTDIR)$(libdir)/libpcap.so.`cat VERSION`
-install-shared-dylib: libpcap.dylib
-	$(INSTALL_PROGRAM) libpcap.`cat VERSION`.dylib $(DESTDIR)$(libdir)/libpcap.`cat VERSION`.dylib
-	VER=`cat VERSION`; cd $(DESTDIR)$(libdir) && ln -sf libpcap.$$VER.dylib libpcap.0.dylib;  ln -sf libpcap.0.dylib libpcap.dylib
-
-uninstall:
+uninstall: uninstall-shared
 	rm -f $(DESTDIR)$(libdir)/libpcap.a
-	rm -f $(DESTDIR)$(includedir)/pcap.h
-	rm -f $(DESTDIR)$(includedir)/pcap-bpf.h
-	rm -f $(DESTDIR)$(includedir)/pcap-namedb.h
-	rm -f $(DESTDIR)$(mandir)/man3/pcap.3
+	for i in $(PUBHDR); do \
+		rm -f $(DESTDIR)$(includedir)/$$i; done
+	-rmdir $(DESTDIR)$(includedir)/pcap
+	rm -f $(DESTDIR)/$(bindir)/pcap-config
+	for i in $(MAN1); do \
+		rm -f $(DESTDIR)$(mandir)/man1/$$i; done
+	for i in $(MAN3PCAP); do \
+		rm -f $(DESTDIR)$(mandir)/man3/$$i; done
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_description.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_dump_fopen.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_freealldevs.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_perror.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_sendpacket.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_free_datalinks.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_free_tstamp_types.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_dispatch.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_minor_version.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_next.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap
+	rm -f $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap
+	for i in $(MANFILE); do \
+		rm -f $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@/`echo $$i | sed 's/.manfile.in/.@MAN_FILE_FORMATS@/'`; done
+	for i in $(MANMISC); do \
+		rm -f $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@/`echo $$i | sed 's/.manmisc.in/.@MAN_MISC_INFO@/'`; done
+
+uninstall-shared: uninstall-shared-$(DYEXT)
+uninstall-shared-so:
+	VER=`cat $(srcdir)/VERSION`; \
+	MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.so.$$VER; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.so.$$MAJOR_VER; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.so
+uninstall-shared-dylib:
+	VER=`cat $(srcdir)/VERSION`; \
+	MAJOR_VER=A; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.$$VER.dylib; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.$$MAJOR_VER.dylib; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.dylib
+uninstall-shared-sl:
+	MAJOR_VER=`sed 's/\([0-9][0-9]*\)\..*/\1/' $(srcdir)/VERSION`; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.$$MAJOR_VER; \
+	rm -f $(DESTDIR)$(libdir)/libpcap.sl
+uninstall-shared-shareda:
+	rm -f $(DESTDIR)$(libdir)/libpcap.a
+uninstall-shared-none:

 clean:
-	rm -f $(CLEANFILES) libpcap*.dylib libpcap.so*
+	rm -f $(CLEANFILES)

 distclean: clean
 	rm -f Makefile config.cache config.log config.status \
-	    config.h gnuc.h os-proto.h bpf_filter.c stamp-h stamp-h.in
+	    config.h gnuc.h net os-proto.h bpf_filter.c pcap-config \
+	    stamp-h stamp-h.in
+	rm -f $(MAN3PCAP_EXPAND:.in=) $(MANFILE:.in=) $(MANMISC:.in=)
 	rm -rf autom4te.cache

 tags: $(TAGFILES)
@ -216,19 +703,14 @@ packaging/pcap.spec: packaging/pcap.spec.in VERSION
 	RPMVERSION=`cat VERSION | sed s/-.*//g`; \
 		sed -e s/@VERSION@/$$RPMVERSION/ -e s/@NAME@/libpcap-`cat VERSION`/ $<   > $@

-tar: Makefile packaging/pcap.spec
-	@cwd=`pwd` ; dir=`basename $$cwd` ; name=libpcap-`cat VERSION` ; \
-	    list="" ; tar="tar chf" ; \
-	    for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \
-	    echo \
-	    "rm -f ../$$name; ln -s $$dir ../$$name" ; \
-	     rm -f ../$$name; ln -s $$dir ../$$name ; \
-	    echo \
-	    "(cd .. ; $$tar - [lots of files]) | gzip -c > /tmp/$$name.tar.gz" ; \
-	     (cd .. ; $$tar - $$list) | gzip -c > /tmp/$$name.tar.gz ; \
-	    echo \
-	    "rm -f ../$$name" ; \
-	     rm -f ../$$name
+releasetar: 
+	@cwd=`pwd` ; dir=`basename $$cwd` ; name=$(PROG)-`cat VERSION` ; \
+	   mkdir $$name; \
+	   tar cf - $(CSRC) $(HDR) $(MAN1) $(MAN3PCAP_EXPAND) \
+	      $(MAN3PCAP_NOEXPAND) $(MANFILE) $(MANMISC) $(EXTRA_DIST) | \
+	      (cd $$name; tar xf -); \
+	   tar -c -z -f $$name.tar.gz $$name; \
+	   rm -rf $$name

 depend:	$(GENSRC) $(GENHDR) bpf_filter.c
 	./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC)
--- a/48
+++ b/48
@ -1,20 +1,20 @@
-@(#) $Header: /tcpdump/master/libpcap/README,v 1.30 2004-10-12 02:02:28 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/README,v 1.34 2008-12-14 19:44:14 guy Exp $ (LBL)

-LIBPCAP 0.9
-Now maintained by "The Tcpdump Group"
-See 		www.tcpdump.org
+LIBPCAP 1.x.y

-Please send inquiries/comments/reports to 	tcpdump-workers@tcpdump.org
+www.tcpdump.org

-Anonymous CVS is available via:
-	cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master login
-	(password "anoncvs")
-	cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout libpcap
+Please send inquiries/comments/reports to:
+	tcpdump-workers@lists.tcpdump.org

-Version 0.9 of LIBPCAP can be retrieved with the CVS tag "libpcap_0_9rel1":
-	cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_0_9rel1 libpcap
+Anonymous Git is available via:
+	git clone git://bpf.tcpdump.org/libpcap

-Please send patches against the master copy to patches@tcpdump.org.
+Version 1.x.y of LIBPCAP can be retrieved with the CVS tag "libpcap_1_{x}rel{y}":
+	cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_1_{x}rel{y} libpcap
+
+Please submit patches against the master copy to the libpcap project on
+sourceforge.net.

 formerly from 	Lawrence Berkeley National Laboratory
 		Network Research Group <libpcap@ee.lbl.gov>
@ -30,8 +30,6 @@ require this functionality, we've created this system-independent API
 to ease in porting and to alleviate the need for several
 system-dependent packet capture modules in each application.

-Note well: this interface is new and is likely to change.
-
 For some platforms there are README.{system} files that discuss issues
 with the OS's interface for packet capture on those platforms, such as
 how to enable support for that interface in the OS, if it's not built in
@ -77,16 +75,28 @@ Linux, in the 2.2 kernel and later kernels, has a "Socket Filter"
 mechanism that accepts BPF filters; see the README.linux file for
 information on configuring that option.

+Note to Linux distributions and *BSD systems that include libpcap:
+
+There's now a rule to make a shared library, which should work on Linux 
+and *BSD, among other platforms.
+
+It sets the soname of the library to "libpcap.so.1"; this is what it 
+should be, *NOT* libpcap.so.1.x or libpcap.so.1.x.y or something such as 
+that.
+
+We've been maintaining binary compatibility between libpcap releases for 
+quite a while; there's no reason to tie a binary linked with libpcap to 
+a particular release of libpcap.
+
 Problems, bugs, questions, desirable enhancements, etc. should be sent
-to the address "tcpdump-workers@tcpdump.org".  Bugs, support requests,
-and feature requests may also be submitted on the SourceForge site for
-libpcap at
+to the address "tcpdump-workers@lists.tcpdump.org".  Bugs, support
+requests, and feature requests may also be submitted on the SourceForge
+site for libpcap at

 	http://sourceforge.net/projects/libpcap/

 Source code contributions, etc. should be sent to the email address
-"patches@tcpdump.org", or submitted as patches on the SourceForge site
-for libpcap.
+submitted as patches on the SourceForge site for libpcap.

 Current versions can be found at www.tcpdump.org, or the SourceForge
 site for libpcap.
--- a/README.Win32
+++ b/README.Win32
@ -21,7 +21,7 @@ The WinPcap source code already contains a recent (usually the latest
 stable) version of libpcap. If you need to compile a different one, 
 simply download it from www.tcpdump.org and copy the sources in the 
 winpcap\wpcap\libpcap folder of the WinPcap distribution. If you want to
-compile a libpcap source retrieved from the tcpdump.org CVS, you will 
+compile a libpcap source retrieved from the tcpdump.org Git, you will 
 have to create the scanner and the grammar by hand (with lex and yacc) 
 or with the cygnus makefile, since The Visual Studio project is not able
 to build them.
--- a/README.aix
+++ b/README.aix
@ -13,14 +13,17 @@ Using BPF:

 (2) If libpcap doesn't compile on your machine when configured to use
    BPF, or if the workarounds fail to make it work correctly, you
-    should send to tcpdump-workers@tcpdump.org a detailed bug report (if
-    the compile fails, send us the compile error messages; if it
-    compiles but fails to work correctly, send us as detailed as
+    should send to tcpdump-workers@lists.tcpdump.org a detailed bug
+    report (if the compile fails, send us the compile error messages;
+    if it compiles but fails to work correctly, send us as detailed as
    possible a description of the symptoms, including indications of the
    network link-layer type being wrong or time stamps being wrong).

-    If you fix the problems yourself, please send to patches@tcpdump.org
-    a patch, so we can incorporate them into the next release.
+    If you fix the problems yourself, please submit a patch to
+
+	http://sourceforge.net/projects/libpcap/
+
+    so we can incorporate them into the next release.

    If you don't fix the problems yourself, you can, as a workaround,
    make libpcap use DLPI instead of BPF.
--- a/README.dag
+++ b/README.dag
@ -37,12 +37,78 @@ cards and will not capture from the native OS packet stream.

 ----------------------------------------------------------------------

+Libpcap when built for DAG cards against dag-2.5.1 or later releases:
+
+Timeouts are supported. pcap_dispatch() will return after to_ms milliseconds
+regardless of how many packets are received. If to_ms is zero pcap_dispatch()
+will block waiting for data indefinitely.
+
+pcap_dispatch() will block on and process a minimum of 64kB of data (before
+filtering) for efficiency. This can introduce high latencies on quiet
+interfaces unless a timeout value is set. The timeout expiring will override
+the 64kB minimum causing pcap_dispatch() to process any available data and
+return.
+
+pcap_setnonblock is supported. When nonblock is set, pcap_dispatch() will
+check once for available data, process any data available up to count, then
+return immediately.
+
+pcap_findalldevs() is supported, e.g. dag0, dag1...
+
+Some DAG cards can provide more than one 'stream' of received data.
+This can be data from different physical ports, or separated by filtering
+or load balancing mechanisms. Receive streams have even numbers, e.g.
+dag0:0, dag0:2 etc. Specifying transmit streams for capture is not supported.
+
+pcap_setfilter() is supported, BPF programs run in userspace.
+
+pcap_setdirection() is not supported. Only received traffic is captured.
+DAG cards normally do not have IP or link layer addresses assigned as
+they are used to passively monitor links.
+
+pcap_breakloop() is supported.
+
+pcap_datalink() and pcap_list_datalinks() are supported. The DAG card does
+not attempt to set the correct datalink type automatically where more than
+one type is possible.
+
+pcap_stats() is supported. ps_drop is the number of packets dropped due to
+RX stream buffer overflow, this count is before filters are applied (it will
+include packets that would have been dropped by the filter). The RX stream
+buffer size is user configurable outside libpcap, typically 16-512MB.
+
+pcap_get_selectable_fd() is not supported, as DAG cards do not support
+poll/select methods.
+
+pcap_inject() and pcap_sendpacket() are not supported.
+
+Some DAG cards now support capturing to multiple virtual interfaces, called
+streams. Capture streams have even numbers. These are available via libpcap
+as separate interfaces, e.g. dag0:0, dag0:2, dag0:4 etc. dag0:0 is the same
+as dag0. These are visible via pcap_findalldevs().
+
+libpcap now does NOT set the card's hardware snaplen (slen). This must now be
+set using the appropriate DAG coniguration program, e.g. dagthree, dagfour,
+dagsix, dagconfig. This is because the snaplen is currently shared between
+all of the streams. In future this may change if per-stream slen is
+implemented.
+
+DAG cards by default capture entire packets including the L2
+CRC/FCS. If the card is not configured to discard the CRC/FCS, this
+can confuse applications that use libpcap if they're not prepared for
+packets to have an FCS. Libpcap now reads the environment variable
+ERF_FCS_BITS to determine how many bits of CRC/FCS to strip from the
+end of the captured frame. This defaults to 32 for use with
+Ethernet. If the card is configured to strip the CRC/FCS, then set
+ERF_FCS_BITS=0. If used with a HDLC/PoS/PPP/Frame Relay link with 16
+bit CRC/FCS, then set ERF_FCS_BITS=16.
+
+----------------------------------------------------------------------
+
 Please submit bug reports via <support@endace.com>.

-Please also visit our Web pages at:
+Please also visit our Web site at:

        http://www.endace.com/
-        http://dag.cs.waikato.ac.nz/

 For more information about Endace DAG cards contact <sales@endace.com>.
-
--- a/README.linux
+++ b/README.linux
@ -69,6 +69,26 @@ file says:
 	  file linux/Documentation/networking/filter.txt for more information.
 	  If unsure, say N.

+Note that, by default, libpcap will, if libnl is present, build with it;
+it uses libnl to support monitor mode on mac80211 devices.  There is a
+configuration option to disable building with libnl, but, if that option
+is chosen, the monitor-mode APIs (as used by tcpdump's "-I" flag, and as
+will probably be used by other applications in the future) won't work
+properly on mac80211 devices.
+
+Linux's run-time linker allows shared libraries to be linked with other
+shared libraries, which means that if an older version of a shared
+library doesn't require routines from some other shared library, and a
+later version of the shared library does require those routines, the
+later version of the shared library can be linked with that other shared
+library and, if it's otherwise binary-compatible with the older version,
+can replace that older version without breaking applications built with
+the older version, and without breaking configure scripts or the build
+procedure for applications whose configure script doesn't use the
+pcap-config script if they build with the shared library.  (The build
+procedure for applications whose configure scripts use the pcap-config
+script if present will not break even if they build with the static
+library.)

 Statistics:
 Statistics reported by pcap are platform specific.  The statistics
--- a/README.macosx
+++ b/README.macosx
@ -17,12 +17,17 @@ devfs is based on an older (non-default) FreeBSD devfs, and that version
 of devfs cannot be configured to set the permissions and/or ownership of
 those devices.

-Therefore, we supply a "startup item" for OS X that will change the
-ownership of the BPF devices so that the "admin" group owns them, and
-will change the permission of the BPF devices to rw-rw----, so that all
-users in the "admin" group - i.e., all users with "Allow user to
-administer this computer" turned on - have both read and write access to
-them.
+Therefore, we supply:
+
+	a "startup item" for older versions of Mac OS X;
+
+	a launchd daemon for Tiger and later versions of Mac OS X;
+
+Both of them will change the ownership of the BPF devices so that the
+"admin" group owns them, and will change the permission of the BPF
+devices to rw-rw----, so that all users in the "admin" group - i.e., all
+users with "Allow user to administer this computer" turned on - have
+both read and write access to them.

 The startup item is in the ChmodBPF directory in the source tree.  A
 /Library/StartupItems directory should be created if it doesn't already
@ -30,7 +35,28 @@ exist, and the ChmodBPF directory should be copied to the
 /Library/StartupItems directory (copy the entire directory, so that
 there's a /Library/StartupItems/ChmodBPF directory, containing all the
 files in the source tree's ChmodBPF directory; don't copy the individual
-items in that directory to /Library/StartupItems).
+items in that directory to /Library/StartupItems).  The ChmodBPF
+directory, and all files under it, must be owned by root.  Installing
+the files won't immediately cause the startup item to be executed; it
+will be executed on the next reboot.  To change the permissions before
+the reboot, run
+
+	sudo SystemStarter start ChmodBPF
+
+The launchd daemon is the chmod_bpf script, plus the
+org.tcpdump.chmod_bpf.plist launchd plist file.  chmod_bpf should be
+installed in /usr/local/bin/chmod_bpf, and org.tcpdump.chmod_bpf.plist
+should be installed in /Library/LaunchDaemons.  chmod_bpf, and
+org.tcpdump.chmod_bpf.plist, must be owned by root.  Installing the
+script and plist file won't immediately cause the script to be executed;
+it will be executed on the next reboot.  To change the permissions
+before the reboot, run
+
+	sudo /usr/local/bin/chmod_bpf
+
+or
+
+	sudo launchctl load /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist

 If you want to give a particular user permission to access the BPF
 devices, rather than giving all administrative users permission to
@ -41,3 +67,8 @@ give the administrative users permission to read but not write the BPF
 devices, you can have the script change the owner to that user, the
 group to "admin", and the permissions to rw-r-----.  Other possibilities
 are left as an exercise for the reader.
+
+(NOTE: due to a bug in Snow Leopard, if you change the permissions not
+to grant write permission to everybody who should be allowed to capture
+traffic, non-root users who cannot open the BPF devices for writing will
+not be able to capture outgoing packets.)
--- a/README.septel
+++ b/README.septel
@ -0,0 +1,50 @@
+The following instructions apply if you have a Linux platform and want
+libpcap to support the Septel range of passive network monitoring cards
+from Intel (http://www.intel.com)
+
+1) Install and build the Septel software distribution by following the
+instructions supplied with that package.
+
+2) Configure libcap. To allow the 'configure' script to locate the Septel
+software distribution use the '--with-septel' option:
+
+        ./configure --with-septel=DIR
+
+where DIR is the root of the Septel software distribution, for example
+/var/src/septel.
+
+By default (if you write only ./configure --with-septel) it takes
+./../septel as argument for DIR. 
+
+If the Septel software is correctly detected 'configure' will
+report:
+
+        checking whether we have Septel API... yes
+
+If 'configure' reports that there is no Septel API, the directory may have been
+incorrectly specified or the Septel software was not built before configuring
+libpcap.
+
+See also the libpcap INSTALL.txt file for further libpcap configuration
+options.
+
+Building libpcap at this stage will include support for both the native
+packet capture stream and for capturing from Septel cards.  To build
+libpcap with only Septel support specify the capture type as 'septel'
+when configuring libpcap:
+
+        ./configure --with-septel=DIR --with-pcap=septel
+
+Applications built with libpcap configured in this way will only detect Septel
+cards and will not capture from the native OS packet stream.
+
+Note: As mentioned in pcap-septel.c we should first edit the system.txt
+file to change the user part example (UPE) module id to 0xdd instead of
+0x2d for technical reason.  So this change in system.txt is crutial and
+things will go wrong if it's not done.  System.txt along with config.txt
+are configuration files that are edited by the user before running the
+gctload program that uses these files for initialising modules and
+configuring parameters.
+
+----------------------------------------------------------------------
+for more information please contact me : gil_hoyek@hotmail.com
--- a/README.sita
+++ b/README.sita
@ -0,0 +1,64 @@
+The following instructions apply if you have a Linux platform and want
+libpcap to support the 'ACN' WAN/LAN router product from from SITA
+(http://www.sita.aero)
+
+This might also work on non-Linux Unix-compatible platforms, but that
+has not been tested.
+
+See also the libpcap INSTALL.txt file for further libpcap configuration
+options.
+
+These additions/extensions have been made to PCAP to allow it to
+capture packets from a SITA ACN device (and potentially others).
+
+To enable its support you need to ensure that the distribution has
+a correct configure.in file; that can be created if neccessay by
+using the normal autoconf procedure of:
+
+aclocal
+autoconf
+autoheader
+automake
+
+Then run configure with the 'sita' option:
+
+./configure --with-sita
+
+Applications built with libpcap configured in this way will only detect SITA
+ACN interfaces and will not capture from the native OS packet stream.
+
+The SITA extension provides a remote datascope operation for capturing
+both WAN and LAN protocols.  It effectively splits the operation of
+PCAP into two halves.  The top layer performs the majority of the
+work, but interfaces via a TCP session to remote agents that
+provide the lower layer functionality of actual sniffing and
+filtering. More detailed information regarding the functions and
+inter-device protocol and naming conventions are described in detail
+in 'pcap-sita.html'.
+
+pcap_findalldevs() reads the local system's /etc/hosts file looking
+for host names that match the format of IOP type devices.  ie.  aaa_I_x_y
+and then queries each associated IP address for a list of its WAN and
+LAN devices.  The local system the aggregates the lists obtained from
+each IOP, sorts it, and provides it (to Wireshark et.al) as the
+list of monitorable interfaces.
+
+Once a valid interface has been selected, pcap_open() is called
+which opens a TCP session (to a well known port) on the target IOP
+and tells it to start monitoring.
+
+All captured packets are then forwarded across that TCP session
+back to the local 'top layer' for forwarding to the actual
+sniffing program (wireshark...)
+
+Note that the DLT_SITA link-layer type includes a proprietary header
+that is documented as part of the SITA dissector of Wireshark and is
+also described in 'pcap-sita.html' for posterity sake.
+
+That header provides:
+- Packet direction (in/out) (1 octet)
+- Link layer hardware signal status (1 octet)
+- Transmit/Receive error status (2 octets)
+- Encapsulated WAN protocol ID (1 octet)
+
+
--- a/9
+++ b/9
@ -6,7 +6,7 @@ Important stuff (to be done before the next release)

 General

- configure should not be in the CVS. Most open source projects have an 
+- configure should not be in Git. Most open source projects have an 
  autogen.sh script to run autoconf etc. after checkout. I think we 
  should stick to the standard. 

@ -15,13 +15,6 @@ General
  style (okay, you can guess that by looking at the code) and a guide for
  what needs to be documented.

-Linux kernel interface
-
- Currently there is a race condition in that a socket is activated at the
-  same time it is opened - before applying a filter. This has to
-  be corrected so that capture starts when pcap_read is called for the 
-  first time. 
-
 Less urgent items
 -----------------

--- a/2
+++ b/2
@ -1 +1 @@
-0.9-PRE-CVS
+1.2.0-PRE-GIT
--- a/Win32/Include/addrinfo.h
+++ b/Win32/Include/addrinfo.h
@ -90,6 +90,29 @@ extern struct hostent *getipnodebyaddr (const void *, size_t, int, int *);
 extern struct hostent *getipnodebyname (const char *, int, int, int *);
 extern int inet_pton (int, const char *, void *);
 extern const char *inet_ntop (int, const void *, char *, size_t);
+#else
+
+#ifndef EAI_BADHINTS
+#define EAI_BADHINTS	12
+#endif 
+
+#ifndef EAI_PROTOCOL	
+#define EAI_PROTOCOL	13
+#endif
+
+#ifndef EAI_MAX	
+#define EAI_MAX		14
+#endif
+
+#ifndef NETDB_INTERNAL
+#define	NETDB_INTERNAL	-1	/* see errno */
+#endif
+
+#ifndef AI_MASK
+/* valid flags for addrinfo */
+#define	AI_MASK		(AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST)
+#endif
+
 #endif /* HAVE_ADDRINFO */

 /*
@ -120,3 +143,4 @@ extern const char *inet_ntop (int, const void *, char *, size_t);
 #ifndef NI_DGRAM
 #define	NI_DGRAM	0x00000010
 #endif
+
--- a/Win32/Include/bittypes.h
+++ b/Win32/Include/bittypes.h
@ -30,57 +30,60 @@
 #define _BITTYPES_H

 #ifndef HAVE_U_INT8_T
-
-#if SIZEOF_CHAR == 1
 typedef unsigned char u_int8_t;
 typedef signed char int8_t;
-#elif SIZEOF_INT == 1
-typedef unsigned int u_int8_t;
-typedef signed int int8_t;
-#else  /* XXX */
-#error "there's no appropriate type for u_int8_t"
-#endif
-#define HAVE_U_INT8_T 1
-#define HAVE_INT8_T 1
-
 #endif /* HAVE_U_INT8_T */

 #ifndef HAVE_U_INT16_T 
-
-#if SIZEOF_SHORT == 2
 typedef unsigned short u_int16_t;
 typedef signed short int16_t;
-#elif SIZEOF_INT == 2
-typedef unsigned int u_int16_t;
-typedef signed int int16_t;
-#elif SIZEOF_CHAR == 2
-typedef unsigned char u_int16_t;
-typedef signed char int16_t;
-#else  /* XXX */
-#error "there's no appropriate type for u_int16_t"
-#endif
-#define HAVE_U_INT16_T 1
-#define HAVE_INT16_T 1
-
 #endif /* HAVE_U_INT16_T */

 #ifndef HAVE_U_INT32_T
-
-#if SIZEOF_INT == 4
 typedef unsigned int u_int32_t;
 typedef signed int int32_t;
-#elif SIZEOF_LONG == 4
-typedef unsigned long u_int32_t;
-typedef signed long int32_t;
-#elif SIZEOF_SHORT == 4
-typedef unsigned short u_int32_t;
-typedef signed short int32_t;
-#else  /* XXX */
-#error "there's no appropriate type for u_int32_t"
-#endif
-#define HAVE_U_INT32_T 1
-#define HAVE_INT32_T 1
-
 #endif /* HAVE_U_INT32_T */

+#ifndef HAVE_U_INT64_T
+#ifdef _MSC_EXTENSIONS
+typedef unsigned _int64 u_int64_t;
+typedef _int64 int64_t;
+#else /* _MSC_EXTENSIONS */
+typedef unsigned long long u_int64_t;
+typedef long long int64_t;
+#endif /* _MSC_EXTENSIONS */
+#endif /* HAVE_U_INT64_T */
+
+#ifndef PRId64
+#ifdef _MSC_EXTENSIONS
+#define PRId64	"I64d"
+#else /* _MSC_EXTENSIONS */
+#define PRId64	"lld"
+#endif /* _MSC_EXTENSIONS */
+#endif /* PRId64 */
+
+#ifndef PRIo64
+#ifdef _MSC_EXTENSIONS
+#define PRIo64	"I64o"
+#else /* _MSC_EXTENSIONS */
+#define PRIo64	"llo"
+#endif /* _MSC_EXTENSIONS */
+#endif /* PRIo64 */
+
+#ifndef PRIx64
+#ifdef _MSC_EXTENSIONS
+#define PRIx64	"I64x"
+#else /* _MSC_EXTENSIONS */
+#define PRIx64	"llx"
+#endif /* _MSC_EXTENSIONS */
+#endif /* PRIx64 */
+
+#ifndef PRIu64
+#ifdef _MSC_EXTENSIONS
+#define PRIu64	"I64u"
+#else /* _MSC_EXTENSIONS */
+#define PRIu64	"llu"
+#endif /* _MSC_EXTENSIONS */
+#endif /* PRIu64 */
+
 #endif /* _BITTYPES_H */
--- a/Win32/Include/ip6_misc.h
+++ b/Win32/Include/ip6_misc.h
@ -18,7 +18,7 @@
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/Win32/Include/ip6_misc.h,v 1.4 2004-07-06 23:45:29 risso Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/Win32/Include/ip6_misc.h,v 1.5 2006-01-22 18:02:18 gianluca Exp $ (LBL)
 */

 /*
@ -27,17 +27,17 @@

 #include <winsock2.h>

-#ifndef __MINGW32__
 #include <ws2tcpip.h>
-#endif /* __MINGW32__ */

+#ifndef __MINGW32__
 #define	IN_MULTICAST(a)		IN_CLASSD(a)
+#endif

 #define	IN_EXPERIMENTAL(a)	((((u_int32_t) (a)) & 0xf0000000) == 0xf0000000)

 #define	IN_LOOPBACKNET		127

-#ifdef __MINGW32__
+#if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)
 /* IPv6 address */
 struct in6_addr
  {
@ -58,12 +58,12 @@ struct in6_addr
 #endif /* __MINGW32__ */


-#if (defined WIN32) || (defined __MINGW32__)
+#if (defined _MSC_VER) || (defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF))
 typedef unsigned short	sa_family_t;
 #endif


-#ifdef __MINGW32__
+#if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)

 #define	__SOCKADDR_COMMON(sa_prefix) \
  sa_family_t sa_prefix##family
@ -147,7 +147,7 @@ struct sockaddr_in6
 #define IP6OPT_MUTABLE		0x20


-#ifdef __MINGW32__
+#if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)
 #ifndef EAI_ADDRFAMILY
 struct addrinfo {
 	int	ai_flags;	/* AI_PASSIVE, AI_CANONNAME */
--- a/Win32/Prj/libpcap.dsp
+++ b/Win32/Prj/libpcap.dsp
@ -41,7 +41,7 @@ RSC=rc.exe
 # PROP Intermediate_Dir "Release"
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "_LIB" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "../../" /I "../../lbl/" /I "../../bpf/" /I "../include/" /I "../../../../common" /I "../../../../dag/include" /I "../../../../dag/drv/windows" /D "NDEBUG" /D "YY_NEVER_INTERACTIVE" /D yylval=pcap_lval /D "_USRDLL" /D "LIBPCAP_EXPORTS" /D "HAVE_STRERROR" /D "__STDC__" /D "INET6" /D "_WINDOWS" /D "_MBCS" /D SIZEOF_CHAR=1 /D SIZEOF_SHORT=2 /D SIZEOF_INT=4 /D "HAVE_ADDRINFO" /D "WIN32" /D _U_= /D "HAVE_SNPRINTF" /D "HAVE_VSNPRINTF" /YX /FD /c
+# ADD CPP /nologo /MT /W3 /GX /O2 /I "../../" /I "../../lbl/" /I "../../bpf/" /I "../include/" /I "../../../../common" /I "../../../../dag/include" /I "../../../../dag/drv/windows" /D "NDEBUG" /D "YY_NEVER_INTERACTIVE" /D yylval=pcap_lval /D "_USRDLL" /D "LIBPCAP_EXPORTS" /D "HAVE_STRERROR" /D "__STDC__" /D "INET6" /D "_WINDOWS" /D "_MBCS" /D "HAVE_ADDRINFO" /D "WIN32" /D _U_= /D "HAVE_SNPRINTF" /D "HAVE_VSNPRINTF" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@ -64,7 +64,7 @@ LIB32=link.exe -lib
 # PROP Intermediate_Dir "Debug"
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "../../" /I "../../lbl/" /I "../../bpf/" /I "../include/" /I "../../../../common" /I "../../../../dag/include" /I "../../../../dag/drv/windows" /D "_DEBUG" /D "YY_NEVER_INTERACTIVE" /D yylval=pcap_lval /D "_USRDLL" /D "LIBPCAP_EXPORTS" /D "HAVE_STRERROR" /D "__STDC__" /D "INET6" /D "_WINDOWS" /D "_MBCS" /D SIZEOF_CHAR=1 /D SIZEOF_SHORT=2 /D SIZEOF_INT=4 /D "HAVE_ADDRINFO" /D "WIN32" /D _U_= /D "HAVE_SNPRINTF" /D "HAVE_VSNPRINTF" /YX /FD /GZ /c
+# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "../../" /I "../../lbl/" /I "../../bpf/" /I "../include/" /I "../../../../common" /I "../../../../dag/include" /I "../../../../dag/drv/windows" /D "_DEBUG" /D "YY_NEVER_INTERACTIVE" /D yylval=pcap_lval /D "_USRDLL" /D "LIBPCAP_EXPORTS" /D "HAVE_STRERROR" /D "__STDC__" /D "INET6" /D "_WINDOWS" /D "_MBCS" /D "HAVE_ADDRINFO" /D "WIN32" /D _U_= /D "HAVE_SNPRINTF" /D "HAVE_VSNPRINTF" /YX /FD /GZ /c
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
 BSC32=bscmake.exe
--- a/Win32/Src/gai_strerror.c
+++ b/Win32/Src/gai_strerror.c
@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+#include <sys/cdefs.h>
+
+__FBSDID("$FreeBSD: /repoman/r/ncvs/src/lib/libc/net/gai_strerror.c,v 1.1 2005/04/06 12:45:51 ume Exp $");
+
+*/
+
+#ifdef WIN32
+
+#include <ws2tcpip.h>
+
+#else
+
+#include <netdb.h>
+
+#endif
+
+/* Entries EAI_ADDRFAMILY (1) and EAI_NODATA (7) are obsoleted, but left */
+/* for backward compatibility with userland code prior to 2553bis-02 */
+static char *ai_errlist[] = {
+	"Success",					/* 0 */
+	"Address family for hostname not supported",	/* 1 */
+	"Temporary failure in name resolution",		/* EAI_AGAIN */
+	"Invalid value for ai_flags",			/* EAI_BADFLAGS */
+	"Non-recoverable failure in name resolution",	/* EAI_FAIL */
+	"ai_family not supported",			/* EAI_FAMILY */
+	"Memory allocation failure", 			/* EAI_MEMORY */
+	"No address associated with hostname",		/* 7 */
+	"hostname nor servname provided, or not known",	/* EAI_NONAME */
+	"servname not supported for ai_socktype",	/* EAI_SERVICE */
+	"ai_socktype not supported", 			/* EAI_SOCKTYPE */
+	"System error returned in errno", 		/* EAI_SYSTEM */
+	"Invalid value for hints",			/* EAI_BADHINTS */
+	"Resolved protocol is unknown"			/* EAI_PROTOCOL */
+};
+
+#ifndef EAI_MAX
+#define EAI_MAX (sizeof(ai_errlist)/sizeof(ai_errlist[0]))
+#endif
+
+/* on MingW, gai_strerror is available. 
+   We need to compile gai_strerrorA only for Cygwin
+ */
+#ifndef gai_strerror
+
+char *
+WSAAPI gai_strerrorA(int ecode)
+{
+	if (ecode >= 0 && ecode < EAI_MAX)
+		return ai_errlist[ecode];
+	return "Unknown error";
+}
+
+#endif /* gai_strerror */
--- a/Win32/Src/getaddrinfo.c
+++ b/Win32/Src/getaddrinfo.c
@ -45,13 +45,19 @@
 *   in ai_flags?
 */

+/*
+ * Mingw64 has its own implementation of getaddrinfo, mingw32 no
+ */
+#ifndef __MINGW64__
+ 
+
 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif 

 #ifndef lint
 static const char rcsid[] _U_ =
-     "@(#) $Header: /tcpdump/master/libpcap/Win32/Src/getaddrinfo.c,v 1.2 2003-11-15 23:24:06 guy Exp $";
+     "@(#) $Header: /tcpdump/master/libpcap/Win32/Src/getaddrinfo.c,v 1.3 2008-09-15 23:37:51 guy Exp $";
 #endif

 #include <pcap-stdinc.h>
@ -85,7 +91,7 @@ static const char rcsid[] _U_ =
 #ifdef NEED_ADDRINFO_H
 #include "addrinfo.h"
 #ifdef WIN32
-#include "IP6_misc.h"
+#include "ip6_misc.h"
 #endif
 #endif

@ -252,6 +258,7 @@ do { \
 #define MATCH(x, y, w) \
 	((x) == (y) || ((w) && ((x) == ANY || (y) == ANY)))

+#if  defined(DEFINE_ADDITIONAL_IPV6_STUFF)
 char *
 gai_strerror(ecode)
 	int ecode;
@ -260,6 +267,7 @@ gai_strerror(ecode)
 		ecode = EAI_MAX;
 	return ai_errlist[ecode];
 }
+#endif

 void
 freeaddrinfo(ai)
@ -981,10 +989,9 @@ get_canonname(pai, ai, str)
 	const char *str;
 {
 	if ((pai->ai_flags & AI_CANONNAME) != 0) {
-		ai->ai_canonname = (char *)malloc(strlen(str) + 1);
+		ai->ai_canonname = strdup(str);
 		if (ai->ai_canonname == NULL)
 			return EAI_MEMORY;
-		strcpy(ai->ai_canonname, str);
 	}
 	return 0;
 }
@ -1117,3 +1124,6 @@ find_afd(af)
 	}
 	return NULL;
 }
+
+
+#endif /*__MING64__*/
--- a/Win32/Src/inet_pton.c
+++ b/Win32/Src/inet_pton.c
@ -36,11 +36,11 @@
 * SUCH DAMAGE.
 */

-/* $Id: inet_pton.c,v 1.2 2003-11-15 23:24:06 guy Exp $ */
+/* $Id: inet_pton.c,v 1.3 2007-09-27 18:02:20 gianluca Exp $ */

 #ifndef lint
 static const char rcsid[] _U_ =
-     "@(#) $Header: /tcpdump/master/libpcap/Win32/Src/inet_pton.c,v 1.2 2003-11-15 23:24:06 guy Exp $";
+     "@(#) $Header: /tcpdump/master/libpcap/Win32/Src/inet_pton.c,v 1.3 2007-09-27 18:02:20 gianluca Exp $";
 #endif

 #include <errno.h>
@ -58,6 +58,8 @@ int* _errno();

 #include <pcap-stdinc.h>

+int inet_aton(const char *cp, struct in_addr *addr);
+
 int
 inet_pton(int af, const char *src, void *dst)
 {
--- a/acconfig.h
+++ b/acconfig.h
@ -1,7 +0,0 @@
-/* Long story short: aclocal.m4 depends on autoconf 2.13
- * implementation details wrt "const"; newer versions
- * have different implementation details so for now we
- * put "const" here.  This may cause duplicate definitions
- * in config.h but that should be OK since they're the same.
- */
-#undef const
--- a/aclocal.m4
+++ b/aclocal.m4
@ -1,4 +1,4 @@
-dnl @(#) $Header: /tcpdump/master/libpcap/aclocal.m4,v 1.85 2005-03-27 03:27:09 guy Exp $ (LBL)
+dnl @(#) $Header: /tcpdump/master/libpcap/aclocal.m4,v 1.93 2008-11-18 07:29:48 guy Exp $ (LBL)
 dnl
 dnl Copyright (c) 1995, 1996, 1997, 1998
 dnl	The Regents of the University of California.  All rights reserved.
@ -22,6 +22,54 @@ dnl
 dnl LBL autoconf macros
 dnl

+dnl
+dnl Do whatever AC_LBL_C_INIT work is necessary before using AC_PROG_CC.
+dnl
+dnl It appears that newer versions of autoconf (2.64 and later) will,
+dnl if you use AC_TRY_COMPILE in a macro, stick AC_PROG_CC at the
+dnl beginning of the macro, even if the macro itself calls AC_PROG_CC.
+dnl See the "Prerequisite Macros" and "Expanded Before Required" sections
+dnl in the Autoconf documentation.
+dnl
+dnl This causes a steaming heap of fail in our case, as we were, in
+dnl AC_LBL_C_INIT, doing the tests we now do in AC_LBL_C_INIT_BEFORE_CC,
+dnl calling AC_PROG_CC, and then doing the tests we now do in
+dnl AC_LBL_C_INIT.  Now, we run AC_LBL_C_INIT_BEFORE_CC, AC_PROG_CC,
+dnl and AC_LBL_C_INIT at the top level.
+dnl
+AC_DEFUN(AC_LBL_C_INIT_BEFORE_CC,
+    [AC_PREREQ(2.50)
+    AC_BEFORE([$0], [AC_LBL_C_INIT])
+    AC_BEFORE([$0], [AC_PROG_CC])
+    AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
+    AC_BEFORE([$0], [AC_LBL_DEVEL])
+    AC_ARG_WITH(gcc, [  --without-gcc           don't use gcc])
+    $1="-O"
+    $2=""
+    if test "${srcdir}" != "." ; then
+	    $2="-I\$(srcdir)"
+    fi
+    if test "${CFLAGS+set}" = set; then
+	    LBL_CFLAGS="$CFLAGS"
+    fi
+    if test -z "$CC" ; then
+	    case "$host_os" in
+
+	    bsdi*)
+		    AC_CHECK_PROG(SHLICC2, shlicc2, yes, no)
+		    if test $SHLICC2 = yes ; then
+			    CC=shlicc2
+			    export CC
+		    fi
+		    ;;
+	    esac
+    fi
+    if test -z "$CC" -a "$with_gcc" = no ; then
+	    CC=cc
+	    export CC
+    fi
+])
+
 dnl
 dnl Determine which compiler we're using (cc or gcc)
 dnl If using gcc, determine the version number
@ -43,36 +91,10 @@ dnl	ac_cv_lbl_gcc_vers
 dnl	LBL_CFLAGS
 dnl
 AC_DEFUN(AC_LBL_C_INIT,
-    [AC_PREREQ(2.12)
-    AC_BEFORE([$0], [AC_PROG_CC])
+    [AC_PREREQ(2.50)
    AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
    AC_BEFORE([$0], [AC_LBL_DEVEL])
-    AC_ARG_WITH(gcc, [  --without-gcc           don't use gcc])
-    $1="-O"
-    $2=""
-    if test "${srcdir}" != "." ; then
-	    $2="-I\$(srcdir)"
-    fi
-    if test "${CFLAGS+set}" = set; then
-	    LBL_CFLAGS="$CFLAGS"
-    fi
-    if test -z "$CC" ; then
-	    case "$target_os" in
-
-	    bsdi*)
-		    AC_CHECK_PROG(SHLICC2, shlicc2, yes, no)
-		    if test $SHLICC2 = yes ; then
-			    CC=shlicc2
-			    export CC
-		    fi
-		    ;;
-	    esac
-    fi
-    if test -z "$CC" -a "$with_gcc" = no ; then
-	    CC=cc
-	    export CC
-    fi
-    AC_PROG_CC
+    AC_BEFORE([$0], [AC_LBL_SHLIBS_INIT])
    if test "$GCC" = yes ; then
 	    if test "$SHLICC2" = yes ; then
 		    ac_cv_lbl_gcc_vers=2
@ -100,7 +122,7 @@ AC_DEFUN(AC_LBL_C_INIT,
 		    ac_cv_lbl_cc_ansi_prototypes=no))
 	    AC_MSG_RESULT($ac_cv_lbl_cc_ansi_prototypes)
 	    if test $ac_cv_lbl_cc_ansi_prototypes = no ; then
-		    case "$target_os" in
+		    case "$host_os" in

 		    hpux*)
 			    AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE))
@ -117,10 +139,28 @@ AC_DEFUN(AC_LBL_C_INIT,
 				    AC_MSG_ERROR(see the INSTALL doc for more info)
 			    fi
 			    CFLAGS="$savedcflags"
-			    V_CCOPT="-Aa $V_CCOPT"
+			    $1="-Aa $$1"
 			    AC_DEFINE(_HPUX_SOURCE,1,[needed on HP-UX])
 			    ;;

+		    osf*)
+			    AC_MSG_CHECKING(for ansi mode in DEC compiler ($CC -std1))
+			    savedcflags="$CFLAGS"
+			    CFLAGS="-std1"
+			    AC_CACHE_VAL(ac_cv_lbl_cc_osf1_cc_std1,
+				AC_TRY_COMPILE(
+				    [#include <sys/types.h>],
+				    [int frob(int, char *)],
+				    ac_cv_lbl_cc_osf1_cc_std1=yes,
+				    ac_cv_lbl_cc_osf1_cc_std1=no))
+			    AC_MSG_RESULT($ac_cv_lbl_cc_osf1_cc_std1)
+			    if test $ac_cv_lbl_cc_osf1_cc_std1 = no ; then
+				    AC_MSG_ERROR(see the INSTALL doc for more info)
+			    fi
+			    CFLAGS="$savedcflags"
+			    $1="-std1 $$1"
+			    ;;
+
 		    *)
 			    AC_MSG_ERROR(see the INSTALL doc for more info)
 			    ;;
@ -129,14 +169,18 @@ AC_DEFUN(AC_LBL_C_INIT,
 	    $2="$$2 -I/usr/local/include"
 	    LDFLAGS="$LDFLAGS -L/usr/local/lib"

-	    case "$target_os" in
+	    case "$host_os" in

 	    irix*)
-		    V_CCOPT="$V_CCOPT -xansi -signed -g3"
+		    $1="$$1 -xansi -signed -g3"
 		    ;;

 	    osf*)
-		    V_CCOPT="$V_CCOPT -std1 -g3"
+	    	    #
+		    # Presumed to be DEC OSF/1, Digital UNIX, or
+		    # Tru64 UNIX.
+		    #
+		    $1="$$1 -g3"
 		    ;;

 	    ultrix*)
@ -150,13 +194,178 @@ AC_DEFUN(AC_LBL_C_INIT,
 			    ac_cv_lbl_cc_const_proto=no))
 		    AC_MSG_RESULT($ac_cv_lbl_cc_const_proto)
 		    if test $ac_cv_lbl_cc_const_proto = no ; then
-			    AC_DEFINE(const,)
+			    AC_DEFINE(const,[],
+			        [to handle Ultrix compilers that don't support const in prototypes])
 		    fi
 		    ;;
 	    esac
    fi
 ])

+dnl
+dnl Determine what options are needed to build a shared library
+dnl
+dnl usage:
+dnl
+dnl	AC_LBL_SHLIBS_INIT
+dnl
+dnl results:
+dnl
+dnl	V_CCOPT (modified to build position-independent code)
+dnl	V_SHLIB_CMD
+dnl	V_SHLIB_OPT
+dnl	V_SONAME_OPT
+dnl	V_RPATH_OPT
+dnl
+AC_DEFUN(AC_LBL_SHLIBS_INIT,
+    [AC_PREREQ(2.50)
+    if test "$GCC" = yes ; then
+	    #
+	    # On platforms where we build a shared library:
+	    #
+	    #	add options to generate position-independent code,
+	    #	if necessary (it's the default in AIX and Darwin/OS X);
+	    #
+	    #	define option to set the soname of the shared library,
+	    #	if the OS supports that;
+	    #
+	    #	add options to specify, at link time, a directory to
+	    #	add to the run-time search path, if that's necessary.
+	    #
+	    V_SHLIB_CMD="\$(CC)"
+	    V_SHLIB_OPT="-shared"
+	    case "$host_os" in
+
+	    aix*)
+		    ;;
+
+	    freebsd*|netbsd*|openbsd*|dragonfly*|linux*|osf*)
+	    	    #
+		    # Platforms where the linker is the GNU linker
+		    # or accepts command-line arguments like
+		    # those the GNU linker accepts.
+		    #
+		    # Some instruction sets require -fPIC on some
+		    # operating systems.  Check for them.  If you
+		    # have a combination that requires it, add it
+		    # here.
+		    #
+		    PIC_OPT=-fpic
+		    case "$host_cpu" in
+
+		    sparc64*)
+			case "$host_os" in
+
+			freebsd*)
+			    PIC_OPT=-fPIC
+			    ;;
+			esac
+			;;
+		    esac
+		    V_CCOPT="$V_CCOPT $PIC_OPT"
+		    V_SONAME_OPT="-Wl,-soname,"
+		    V_RPATH_OPT="-Wl,-rpath,"
+		    ;;
+
+	    hpux*)
+		    V_CCOPT="$V_CCOPT -fpic"
+	    	    #
+		    # XXX - this assumes GCC is using the HP linker,
+		    # rather than the GNU linker, and that the "+h"
+		    # option is used on all HP-UX platforms, both .sl
+		    # and .so.
+		    #
+		    V_SONAME_OPT="-Wl,+h,"
+		    #
+		    # By default, directories specifed with -L
+		    # are added to the run-time search path, so
+		    # we don't add them in pcap-config.
+		    #
+		    ;;
+
+	    solaris*)
+		    V_CCOPT="$V_CCOPT -fpic"
+		    #
+		    # XXX - this assumes GCC is using the Sun linker,
+		    # rather than the GNU linker.
+		    #
+		    V_SONAME_OPT="-Wl,-h,"
+		    V_RPATH_OPT="-Wl,-R,"
+		    ;;
+	    esac
+    else
+	    #
+	    # Set the appropriate compiler flags and, on platforms
+	    # where we build a shared library:
+	    #
+	    #	add options to generate position-independent code,
+	    #	if necessary (it's the default in Darwin/OS X);
+	    #
+	    #	if we generate ".so" shared libraries, define the
+	    #	appropriate options for building the shared library;
+	    #
+	    #	add options to specify, at link time, a directory to
+	    #	add to the run-time search path, if that's necessary.
+	    #
+	    # Note: spaces after V_SONAME_OPT are significant; on
+	    # some platforms the soname is passed with a GCC-like
+	    # "-Wl,-soname,{soname}" option, with the soname part
+	    # of the option, while on other platforms the C compiler
+	    # driver takes it as a regular option with the soname
+	    # following the option.  The same applies to V_RPATH_OPT.
+	    #
+	    case "$host_os" in
+
+	    aix*)
+		    V_SHLIB_CMD="\$(CC)"
+		    V_SHLIB_OPT="-G -bnoentry -bexpall"
+		    ;;
+
+	    freebsd*|netbsd*|openbsd*|dragonfly*|linux*)
+		    #
+		    # "cc" is GCC.
+		    #
+		    V_CCOPT="$V_CCOPT -fpic"
+		    V_SHLIB_CMD="\$(CC)"
+		    V_SHLIB_OPT="-shared"
+		    V_SONAME_OPT="-Wl,-soname,"
+		    V_RPATH_OPT="-Wl,-rpath,"
+		    ;;
+
+	    hpux*)
+		    V_CCOPT="$V_CCOPT +z"
+		    V_SHLIB_CMD="\$(LD)"
+		    V_SHLIB_OPT="-b"
+		    V_SONAME_OPT="+h "
+		    #
+		    # By default, directories specifed with -L
+		    # are added to the run-time search path, so
+		    # we don't add them in pcap-config.
+		    #
+		    ;;
+
+	    osf*)
+	    	    #
+		    # Presumed to be DEC OSF/1, Digital UNIX, or
+		    # Tru64 UNIX.
+		    #
+		    V_SHLIB_CMD="\$(CC)"
+		    V_SHLIB_OPT="-shared"
+		    V_SONAME_OPT="-soname "
+		    V_RPATH_OPT="-rpath "
+		    ;;
+
+	    solaris*)
+		    V_CCOPT="$V_CCOPT -Kpic"
+		    V_SHLIB_CMD="\$(CC)"
+		    V_SHLIB_OPT="-G"
+		    V_SONAME_OPT="-h "
+		    V_RPATH_OPT="-R"
+		    ;;
+	    esac
+    fi
+])
+
 #
 # Try compiling a sample of the type of code that appears in
 # gencode.c with "inline", "__inline__", and "__inline".
@ -208,114 +417,6 @@ AC_DEFUN(AC_LBL_C_INLINE,
    fi
    AC_DEFINE_UNQUOTED(inline, $ac_cv_lbl_inline, [Define as token for inline if inlining supported])])

-dnl
-dnl Use pfopen.c if available and pfopen() not in standard libraries
-dnl Require libpcap
-dnl Look for libpcap in ..
-dnl Use the installed libpcap if there is no local version
-dnl
-dnl usage:
-dnl
-dnl	AC_LBL_LIBPCAP(pcapdep, incls)
-dnl
-dnl results:
-dnl
-dnl	$1 (pcapdep set)
-dnl	$2 (incls appended)
-dnl	LIBS
-dnl	LBL_LIBS
-dnl
-AC_DEFUN(AC_LBL_LIBPCAP,
-    [AC_REQUIRE([AC_LBL_LIBRARY_NET])
-    dnl
-    dnl save a copy before locating libpcap.a
-    dnl
-    LBL_LIBS="$LIBS"
-    pfopen=/usr/examples/packetfilter/pfopen.c
-    if test -f $pfopen ; then
-	    AC_CHECK_FUNCS(pfopen)
-	    if test $ac_cv_func_pfopen = "no" ; then
-		    AC_MSG_RESULT(Using $pfopen)
-		    LIBS="$LIBS $pfopen"
-	    fi
-    fi
-    AC_MSG_CHECKING(for local pcap library)
-    libpcap=FAIL
-    lastdir=FAIL
-    places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
-	egrep '/libpcap-[[0-9]]*\.[[0-9]]*(\.[[0-9]]*)?([[ab]][[0-9]]*)?$'`
-    for dir in $places ../libpcap libpcap ; do
-	    basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//'`
-	    if test $lastdir = $basedir ; then
-		    dnl skip alphas when an actual release is present
-		    continue;
-	    fi
-	    lastdir=$dir
-	    if test -r $dir/pcap.c ; then
-		    libpcap=$dir/libpcap.a
-		    d=$dir
-		    dnl continue and select the last one that exists
-	    fi
-    done
-    if test $libpcap = FAIL ; then
-	    AC_MSG_RESULT(not found)
-	    AC_CHECK_LIB(pcap, main, libpcap="-lpcap")
-	    if test $libpcap = FAIL ; then
-		    AC_MSG_ERROR(see the INSTALL doc for more info)
-	    fi
-    else
-	    $1=$libpcap
-	    $2="-I$d $$2"
-	    AC_MSG_RESULT($libpcap)
-    fi
-    LIBS="$libpcap $LIBS"
-    case "$target_os" in
-
-    aix*)
-	    pseexe="/lib/pse.exp"
-	    AC_MSG_CHECKING(for $pseexe)
-	    if test -f $pseexe ; then
-		    AC_MSG_RESULT(yes)
-		    LIBS="$LIBS -I:$pseexe"
-	    fi
-	    ;;
-    esac])
-
-dnl
-dnl Define RETSIGTYPE and RETSIGVAL
-dnl
-dnl usage:
-dnl
-dnl	AC_LBL_TYPE_SIGNAL
-dnl
-dnl results:
-dnl
-dnl	RETSIGTYPE (defined)
-dnl	RETSIGVAL (defined)
-dnl
-AC_DEFUN(AC_LBL_TYPE_SIGNAL,
-    [AC_BEFORE([$0], [AC_LBL_LIBPCAP])
-    AC_TYPE_SIGNAL
-    if test "$ac_cv_type_signal" = void ; then
-	    AC_DEFINE(RETSIGVAL,[],[return value of signal handlers])
-    else
-	    AC_DEFINE(RETSIGVAL,(0),[return value of signal handlers])
-    fi
-    case "$target_os" in
-
-    irix*)
-	    AC_DEFINE(_BSD_SIGNALS,1,[get BSD semantics on Irix])
-	    ;;
-
-    *)
-	    dnl prefer sigset() to sigaction()
-	    AC_CHECK_FUNCS(sigset)
-	    if test $ac_cv_func_sigset = no ; then
-		    AC_CHECK_FUNCS(sigaction)
-	    fi
-	    ;;
-    esac])
-
 dnl
 dnl If using gcc, make sure we have ANSI ioctl definitions
 dnl
@ -452,7 +553,7 @@ dnl
 dnl	HAVE_SOCKADDR_SA_LEN (defined)
 dnl
 AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
-    [AC_MSG_CHECKING(if sockaddr struct has sa_len member)
+    [AC_MSG_CHECKING(if sockaddr struct has the sa_len member)
    AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len,
 	AC_TRY_COMPILE([
 #	include <sys/types.h>
@ -462,7 +563,7 @@ AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
 	ac_cv_lbl_sockaddr_has_sa_len=no))
    AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len)
    if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then
-	    AC_DEFINE(HAVE_SOCKADDR_SA_LEN,1,[if struct sockaddr has sa_len])
+	    AC_DEFINE(HAVE_SOCKADDR_SA_LEN,1,[if struct sockaddr has the sa_len member])
    fi])

 dnl
@ -545,40 +646,10 @@ AC_DEFUN(AC_LBL_HAVE_RUN_PATH,
 	else
 		ac_cv_lbl_have_run_path=no
 	fi
-	rm -f conftest*])
+	rm -f -r conftest*])
    AC_MSG_RESULT($ac_cv_lbl_have_run_path)
    ])

-dnl
-dnl Due to the stupid way it's implemented, AC_CHECK_TYPE is nearly useless.
-dnl
-dnl usage:
-dnl
-dnl	AC_LBL_CHECK_TYPE
-dnl
-dnl results:
-dnl
-dnl	int32_t (defined)
-dnl	u_int32_t (defined)
-dnl
-AC_DEFUN(AC_LBL_CHECK_TYPE,
-    [AC_MSG_CHECKING(for $1 using $CC)
-    AC_CACHE_VAL(ac_cv_lbl_have_$1,
-	AC_TRY_COMPILE([
-#	include "confdefs.h"
-#	include <sys/types.h>
-#	if STDC_HEADERS
-#	include <stdlib.h>
-#	include <stddef.h>
-#	endif],
-	[$1 i],
-	ac_cv_lbl_have_$1=yes,
-	ac_cv_lbl_have_$1=no))
-    AC_MSG_RESULT($ac_cv_lbl_have_$1)
-    if test $ac_cv_lbl_have_$1 = no ; then
-	    AC_DEFINE($1, $2, [if we have $1])
-    fi])
-
 dnl
 dnl Checks to see if unaligned memory accesses fail
 dnl
@ -627,7 +698,7 @@ AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
 	# know it does work, and have the script just fail on other
 	# cpu types and update it when such a failure occurs.
 	#
-	alpha*|arm*|hp*|mips*|sh*|sparc*|ia64|nv1)
+	alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
 		ac_cv_lbl_unaligned_fail=yes
 		;;

@ -671,7 +742,7 @@ EOF
 				ac_cv_lbl_unaligned_fail=no
 			fi
 		fi
-		rm -f conftest* core core.conftest
+		rm -f -r conftest* core core.conftest
 		;;
 	esac])
    AC_MSG_RESULT($ac_cv_lbl_unaligned_fail)
@ -682,7 +753,7 @@ EOF
 dnl
 dnl If using gcc and the file .devel exists:
 dnl	Compile with -g (if supported) and -Wall
-dnl	If using gcc 2, do extra prototype checking
+dnl	If using gcc 2 or later, do extra prototype checking
 dnl	If an os prototype include exists, symlink os-proto.h to it
 dnl
 dnl usage:
@ -712,7 +783,7 @@ AC_DEFUN(AC_LBL_DEVEL,
 			    fi
 		    fi
 	    else
-		    case "$target_os" in
+		    case "$host_os" in

 		    irix6*)
 			    V_CCOPT="$V_CCOPT -n32"
@ -722,11 +793,12 @@ AC_DEFUN(AC_LBL_DEVEL,
 			    ;;
 		    esac
 	    fi
-	    os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
+	    os=`echo $host_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
 	    name="lbl/os-$os.h"
 	    if test -f $name ; then
 		    ln -s $name os-proto.h
-		    AC_DEFINE(HAVE_OS_PROTO_H,1,[if there's an os_proto.h])
+		    AC_DEFINE(HAVE_OS_PROTO_H, 1,
+			[if there's an os_proto.h for this platform, to use additional prototypes])
 	    else
 		    AC_MSG_WARN(can't find $name)
 	    fi
@ -746,13 +818,19 @@ dnl results:
 dnl
 dnl	LIBS
 dnl
+dnl XXX - "AC_LBL_LIBRARY_NET" was redone to use "AC_SEARCH_LIBS"
+dnl rather than "AC_LBL_CHECK_LIB", so this isn't used any more.
+dnl We keep it around for reference purposes in case it's ever
+dnl useful in the future.
+dnl

 define(AC_LBL_CHECK_LIB,
 [AC_MSG_CHECKING([for $2 in -l$1])
-dnl Use a cache variable name containing both the library and function name,
-dnl because the test really is for library $1 defining function $2, not
-dnl just for library $1.  Separate tests with the same $1 and different $2's
-dnl may have different results.
+dnl Use a cache variable name containing the library, function
+dnl name, and extra libraries to link with, because the test really is
+dnl for library $1 defining function $2, when linked with potinal
+dnl library $5, not just for library $1.  Separate tests with the same
+dnl $1 and different $2's or $5's may have different results.
 ac_lib_var=`echo $1['_']$2['_']$5 | sed 'y%./+- %__p__%'`
 AC_CACHE_VAL(ac_cv_lbl_lib_$ac_lib_var,
 [ac_save_LIBS="$LIBS"
@ -851,10 +929,10 @@ dnl
 AC_DEFUN(AC_C___ATTRIBUTE__, [
 AC_MSG_CHECKING(for __attribute__)
 AC_CACHE_VAL(ac_cv___attribute__, [
-AC_TRY_COMPILE([
+AC_COMPILE_IFELSE(
+  AC_LANG_SOURCE([[
 #include <stdlib.h>
-],
-[
+
 static void foo(void) __attribute__ ((noreturn));

 static void
@ -862,7 +940,13 @@ foo(void)
 {
  exit(1);
 }
-],
+
+int
+main(int argc, char **argv)
+{
+  foo();
+}
+  ]]),
 ac_cv___attribute__=yes,
 ac_cv___attribute__=no)])
 if test "$ac_cv___attribute__" = "yes"; then
@ -892,3 +976,61 @@ AC_DEFUN(AC_LBL_TPACKET_STATS,
   if test $ac_cv_lbl_tpacket_stats = yes; then
       AC_DEFINE(HAVE_TPACKET_STATS,1,[if if_packet.h has tpacket_stats defined])
   fi])
+
+dnl
+dnl Checks to see if the tpacket_auxdata struct has a tp_vlan_tci member.
+dnl
+dnl usage:
+dnl
+dnl	AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI
+dnl
+dnl results:
+dnl
+dnl	HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI (defined)
+dnl
+dnl NOTE: any compile failure means we conclude that it doesn't have
+dnl that member, so if we don't have tpacket_auxdata, we conclude it
+dnl doesn't have that member (which is OK, as either we won't be using
+dnl code that would use that member, or we wouldn't compile in any case).
+dnl
+AC_DEFUN(AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,
+    [AC_MSG_CHECKING(if tpacket_auxdata struct has tp_vlan_tci member)
+    AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
+	AC_TRY_COMPILE([
+#	include <linux/if_packet.h>],
+	[u_int i = sizeof(((struct tpacket_auxdata *)0)->tp_vlan_tci)],
+	ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci=yes,
+	ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci=no))
+    AC_MSG_RESULT($ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci)
+    if test $ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci = yes ; then
+	    HAVE_LINUX_TPACKET_AUXDATA=tp_vlan_tci
+	    AC_SUBST(HAVE_LINUX_TPACKET_AUXDATA)
+	    AC_DEFINE(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,1,[if tp_vlan_tci exists])
+    fi])
+
+dnl
+dnl Checks to see if Solaris has the dl_passive_req_t struct defined
+dnl in <sys/dlpi.h>.
+dnl
+dnl usage:
+dnl
+dnl	AC_LBL_DL_PASSIVE_REQ_T
+dnl
+dnl results:
+dnl 
+dnl 	HAVE_DLPI_PASSIVE (defined)
+dnl
+AC_DEFUN(AC_LBL_DL_PASSIVE_REQ_T,
+        [AC_MSG_CHECKING(if dl_passive_req_t struct exists)
+       AC_CACHE_VAL(ac_cv_lbl_has_dl_passive_req_t,
+                AC_TRY_COMPILE([
+#       include <sys/types.h>
+#       include <sys/dlpi.h>],
+        [u_int i = sizeof(dl_passive_req_t)],
+        ac_cv_lbl_has_dl_passive_req_t=yes,
+        ac_cv_lbl_has_dl_passive_req_t=no))
+    AC_MSG_RESULT($ac_cv_lbl_has_dl_passive_req_t)
+    if test $ac_cv_lbl_has_dl_passive_req_t = yes ; then
+            AC_DEFINE(HAVE_DLPI_PASSIVE,1,[if passive_req_t primitive
+		exists])
+    fi])
--- a/atmuni31.h
+++ b/atmuni31.h
@ -29,18 +29,18 @@
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/atmuni31.h,v 1.1 2002-07-11 09:06:32 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/atmuni31.h,v 1.3 2007-10-22 19:28:58 guy Exp $ (LBL)
 */

 /* Based on UNI3.1 standard by ATM Forum */

 /* ATM traffic types based on VPI=0 and (the following VCI */
-#define PPC			0x05	/* Point-to-point signal msg */
-#define BCC			0x02	/* Broadcast signal msg */
-#define OAMF4SC			0x03	/* Segment OAM F4 flow cell */
-#define OAMF4EC			0x04	/* End-to-end OAM F4 flow cell */
-#define METAC			0x01	/* Meta signal msg */
-#define ILMIC			0x10	/* ILMI msg */
+#define VCI_PPC			0x05	/* Point-to-point signal msg */
+#define VCI_BCC			0x02	/* Broadcast signal msg */
+#define VCI_OAMF4SC		0x03	/* Segment OAM F4 flow cell */
+#define VCI_OAMF4EC		0x04	/* End-to-end OAM F4 flow cell */
+#define VCI_METAC		0x01	/* Meta signal msg */
+#define VCI_ILMIC		0x10	/* ILMI msg */

 /* Q.2931 signalling messages */
 #define CALL_PROCEED		0x02	/* call proceeding */
--- a/bpf/net/bpf_filter.c
+++ b/bpf/net/bpf_filter.c
@ -40,7 +40,7 @@

 #if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.44 2003-11-15 23:24:07 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.46 2008-01-02 04:16:46 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -53,6 +53,15 @@ static const char rcsid[] _U_ =

 #else /* WIN32 */

+#if HAVE_INTTYPES_H
+#include <inttypes.h>
+#elif HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/time.h>
@ -65,13 +74,13 @@ static const char rcsid[] _U_ =
 # define	m_next	b_cont
 # define	MLEN(m)	((m)->b_wptr - (m)->b_rptr)
 # define	mtod(m,t)	((t)(m)->b_rptr)
-#else
+#else /* defined(__hpux) || SOLARIS */
 # define	MLEN(m)	((m)->m_len)
-#endif
+#endif /* defined(__hpux) || SOLARIS */

 #endif /* WIN32 */

-#include <pcap-bpf.h>
+#include <pcap/bpf.h>

 #if !defined(KERNEL) && !defined(_KERNEL)
 #include <stdlib.h>
@ -200,8 +209,8 @@ m_xhalf(m, k, err)
 */
 u_int
 bpf_filter(pc, p, wirelen, buflen)
-	register struct bpf_insn *pc;
-	register u_char *p;
+	register const struct bpf_insn *pc;
+	register const u_char *p;
 	u_int wirelen;
 	register u_int buflen;
 {
@ -512,54 +521,155 @@ bpf_filter(pc, p, wirelen, buflen)
 	}
 }

-
 /*
 * Return true if the 'fcode' is a valid filter program.
 * The constraints are that each jump be forward and to a valid
- * code.  The code must terminate with either an accept or reject.
- * 'valid' is an array for use by the routine (it must be at least
- * 'len' bytes long).
+ * code, that memory accesses are within valid ranges (to the
+ * extent that this can be checked statically; loads of packet
+ * data have to be, and are, also checked at run time), and that
+ * the code terminates with either an accept or reject.
 *
 * The kernel needs to be able to verify an application's filter code.
 * Otherwise, a bogus program could easily crash the system.
 */
 int
 bpf_validate(f, len)
-	struct bpf_insn *f;
+	const struct bpf_insn *f;
 	int len;
 {
-	register int i;
-	register struct bpf_insn *p;
+	u_int i, from;
+	const struct bpf_insn *p;
+
+	if (len < 1)
+		return 0;
+	/*
+	 * There's no maximum program length in userland.
+	 */
+#if defined(KERNEL) || defined(_KERNEL)
+	if (len > BPF_MAXINSNS)
+		return 0;
+#endif

 	for (i = 0; i < len; ++i) {
-		/*
-		 * Check that that jumps are forward, and within
-		 * the code block.
-		 */
 		p = &f[i];
-		if (BPF_CLASS(p->code) == BPF_JMP) {
-			register int from = i + 1;
-
-			if (BPF_OP(p->code) == BPF_JA) {
-				if (from + p->k >= (unsigned)len)
-					return 0;
-			}
-			else if (from + p->jt >= len || from + p->jf >= len)
-				return 0;
-		}
+		switch (BPF_CLASS(p->code)) {
 		/*
 		 * Check that memory operations use valid addresses.
 		 */
-		if ((BPF_CLASS(p->code) == BPF_ST ||
-		     (BPF_CLASS(p->code) == BPF_LD &&
-		      (p->code & 0xe0) == BPF_MEM)) &&
-		    (p->k >= BPF_MEMWORDS || p->k < 0))
-			return 0;
-		/*
-		 * Check for constant division by 0.
-		 */
-		if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0)
+		case BPF_LD:
+		case BPF_LDX:
+			switch (BPF_MODE(p->code)) {
+			case BPF_IMM:
+				break;
+			case BPF_ABS:
+			case BPF_IND:
+			case BPF_MSH:
+				/*
+				 * There's no maximum packet data size
+				 * in userland.  The runtime packet length
+				 * check suffices.
+				 */
+#if defined(KERNEL) || defined(_KERNEL)
+				/*
+				 * More strict check with actual packet length
+				 * is done runtime.
+				 */
+				if (p->k >= bpf_maxbufsize)
+					return 0;
+#endif
+				break;
+			case BPF_MEM:
+				if (p->k >= BPF_MEMWORDS)
+					return 0;
+				break;
+			case BPF_LEN:
+				break;
+			default:
+				return 0;
+			}
+			break;
+		case BPF_ST:
+		case BPF_STX:
+			if (p->k >= BPF_MEMWORDS)
+				return 0;
+			break;
+		case BPF_ALU:
+			switch (BPF_OP(p->code)) {
+			case BPF_ADD:
+			case BPF_SUB:
+			case BPF_MUL:
+			case BPF_OR:
+			case BPF_AND:
+			case BPF_LSH:
+			case BPF_RSH:
+			case BPF_NEG:
+				break;
+			case BPF_DIV:
+				/*
+				 * Check for constant division by 0.
+				 */
+				if (BPF_SRC(p->code) == BPF_K && p->k == 0)
+					return 0;
+				break;
+			default:
+				return 0;
+			}
+			break;
+		case BPF_JMP:
+			/*
+			 * Check that jumps are within the code block,
+			 * and that unconditional branches don't go
+			 * backwards as a result of an overflow.
+			 * Unconditional branches have a 32-bit offset,
+			 * so they could overflow; we check to make
+			 * sure they don't.  Conditional branches have
+			 * an 8-bit offset, and the from address is <=
+			 * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
+			 * is sufficiently small that adding 255 to it
+			 * won't overflow.
+			 *
+			 * We know that len is <= BPF_MAXINSNS, and we
+			 * assume that BPF_MAXINSNS is < the maximum size
+			 * of a u_int, so that i + 1 doesn't overflow.
+			 *
+			 * For userland, we don't know that the from
+			 * or len are <= BPF_MAXINSNS, but we know that
+			 * from <= len, and, except on a 64-bit system,
+			 * it's unlikely that len, if it truly reflects
+			 * the size of the program we've been handed,
+			 * will be anywhere near the maximum size of
+			 * a u_int.  We also don't check for backward
+			 * branches, as we currently support them in
+			 * userland for the protochain operation.
+			 */
+			from = i + 1;
+			switch (BPF_OP(p->code)) {
+			case BPF_JA:
+#if defined(KERNEL) || defined(_KERNEL)
+				if (from + p->k < from || from + p->k >= len)
+#else
+				if (from + p->k >= len)
+#endif
+					return 0;
+				break;
+			case BPF_JEQ:
+			case BPF_JGT:
+			case BPF_JGE:
+			case BPF_JSET:
+				if (from + p->jt >= len || from + p->jf >= len)
+					return 0;
+				break;
+			default:
+				return 0;
+			}
+			break;
+		case BPF_RET:
+			break;
+		case BPF_MISC:
+			break;
+		default:
 			return 0;
+		}
 	}
 	return BPF_CLASS(f[len - 1].code) == BPF_RET;
 }
--- a/bpf_dump.c
+++ b/bpf_dump.c
@ -20,7 +20,7 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.14 2003-11-15 23:23:57 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.15 2008-01-02 04:16:46 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -31,9 +31,9 @@ static const char rcsid[] _U_ =
 #include <stdio.h>

 void
-bpf_dump(struct bpf_program *p, int option)
+bpf_dump(const struct bpf_program *p, int option)
 {
-	struct bpf_insn *insn;
+	const struct bpf_insn *insn;
 	int i;
 	int n = p->bf_len;

--- a/bpf_image.c
+++ b/bpf_image.c
@ -21,13 +21,27 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.26 2003-11-15 23:23:57 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.28 2008-01-02 04:16:46 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif

+#ifdef WIN32
+#include <pcap-stdinc.h>
+#else /* WIN32 */
+#if HAVE_INTTYPES_H
+#include <inttypes.h>
+#elif HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#include <sys/types.h>
+#endif /* WIN32 */
+
 #include <stdio.h>
 #include <string.h>

@ -39,11 +53,11 @@ static const char rcsid[] _U_ =

 char *
 bpf_image(p, n)
-	struct bpf_insn *p;
+	const struct bpf_insn *p;
 	int n;
 {
 	int v;
-	char *fmt, *op;
+	const char *fmt, *op;
 	static char image[256];
 	char operand[64];

--- a/19
+++ b/19
@ -0,0 +1,19 @@
+#! /bin/sh
+
+#
+# Unfortunately, Mac OS X's devfs is based on the old FreeBSD
+# one, not the current one, so there's no way to configure it
+# to create BPF devices with particular owners or groups.
+# This startup item will make it owned by the admin group,
+# with permissions rw-rw----, so that anybody in the admin
+# group can use programs that capture or send raw packets.
+#
+# Change this as appropriate for your site, e.g. to make
+# it owned by a particular user without changing the permissions,
+# so only that user and the super-user can capture or send raw
+# packets, or give it the permissions rw-r-----, so that
+# only the super-user can send raw packets but anybody in the
+# admin group can capture packets.
+#
+chgrp admin /dev/bpf*
+chmod g+rw /dev/bpf*
--- a/config.guess
+++ b/config.guess
--- a/config.h.in
+++ b/config.h.in
@ -1,18 +1,23 @@
 /* config.h.in.  Generated from configure.in by autoheader.  */
-/* Long story short: aclocal.m4 depends on autoconf 2.13
- * implementation details wrt "const"; newer versions
- * have different implementation details so for now we
- * put "const" here.  This may cause duplicate definitions
- * in config.h but that should be OK since they're the same.
- */
-#undef const

 /* Enable optimizer debugging */
 #undef BDEBUG

+/* define if you have a cloning BPF device */
+#undef HAVE_CLONING_BPF
+
 /* define if you have the DAG API */
 #undef HAVE_DAG_API

+/* define if you have dag_get_erf_types() */
+#undef HAVE_DAG_GET_ERF_TYPES
+
+/* define if you have dag_get_stream_erf_types() */
+#undef HAVE_DAG_GET_STREAM_ERF_TYPES
+
+/* define if you have streams capable DAG API */
+#undef HAVE_DAG_STREAMS_API
+
 /* Define to 1 if you have the declaration of `ether_hostton', and to 0 if you
   don't. */
 #undef HAVE_DECL_ETHER_HOSTTON
@ -20,9 +25,15 @@
 /* define if you have a /dev/dlpi */
 #undef HAVE_DEV_DLPI

+/* if passive_req_t primitive exists */
+#undef HAVE_DLPI_PASSIVE
+
 /* Define to 1 if you have the `ether_hostton' function. */
 #undef HAVE_ETHER_HOSTTON

+/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
+#undef HAVE_FSEEKO
+
 /* on HP-UX 10.20 or later */
 #undef HAVE_HPUX10_20_OR_LATER

@ -35,9 +46,33 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H

+/* if libdlpi exists */
+#undef HAVE_LIBDLPI
+
+/* if libnl exists */
+#undef HAVE_LIBNL
+
+/* if libnl exists and is version 2.x */
+#undef HAVE_LIBNL_2_x
+
 /* Define to 1 if you have the <limits.h> header file. */
 #undef HAVE_LIMITS_H

+/* Define to 1 if you have the <linux/compiler.h> header file. */
+#undef HAVE_LINUX_COMPILER_H
+
+/* Define to 1 if you have the <linux/net_tstamp.h> header file. */
+#undef HAVE_LINUX_NET_TSTAMP_H
+
+/* if tp_vlan_tci exists */
+#undef HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI
+
+/* Define to 1 if you have the <linux/usbdevice_fs.h> header file. */
+#undef HAVE_LINUX_USBDEVICE_FS_H
+
+/* Define to 1 if you have the <linux/wireless.h> header file. */
+#undef HAVE_LINUX_WIRELESS_H
+
 /* Define to 1 if you have the <memory.h> header file. */
 #undef HAVE_MEMORY_H

@ -47,21 +82,39 @@
 /* Define to 1 if you have the <netinet/if_ether.h> header file. */
 #undef HAVE_NETINET_IF_ETHER_H

-/* if there's an os_proto.h */
+/* Define to 1 if you have the <net/if_media.h> header file. */
+#undef HAVE_NET_IF_MEDIA_H
+
+/* Define to 1 if you have the <net/pfvar.h> header file. */
+#undef HAVE_NET_PFVAR_H
+
+/* if there's an os_proto.h for this platform, to use additional prototypes */
 #undef HAVE_OS_PROTO_H

-/* define if you have a /proc/net/dev */
-#undef HAVE_PROC_NET_DEV
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* define if net/pfvar.h defines PF_NAT through PF_NORDR */
+#undef HAVE_PF_NAT_THROUGH_PF_NORDR
+
+/* define if you have a Septel API */
+#undef HAVE_SEPTEL_API
+
+/* define if you have Myricom SNF API */
+#undef HAVE_SNF_API

 /* Define to 1 if you have the `snprintf' function. */
 #undef HAVE_SNPRINTF

-/* if struct sockaddr has sa_len */
+/* if struct sockaddr has the sa_len member */
 #undef HAVE_SOCKADDR_SA_LEN

 /* if struct sockaddr_storage exists */
 #undef HAVE_SOCKADDR_STORAGE

+/* define if socklen_t is defined */
+#undef HAVE_SOCKLEN_T
+
 /* On solaris */
 #undef HAVE_SOLARIS

@ -83,6 +136,15 @@
 /* Define to 1 if you have the `strlcpy' function. */
 #undef HAVE_STRLCPY

+/* Define to 1 if the system has the type `struct BPF_TIMEVAL'. */
+#undef HAVE_STRUCT_BPF_TIMEVAL
+
+/* Define to 1 if the system has the type `struct ether_addr'. */
+#undef HAVE_STRUCT_ETHER_ADDR
+
+/* Define to 1 if you have the <sys/bitypes.h> header file. */
+#undef HAVE_SYS_BITYPES_H
+
 /* Define to 1 if you have the <sys/bufmod.h> header file. */
 #undef HAVE_SYS_BUFMOD_H

@ -107,12 +169,18 @@
 /* Define to 1 if you have the <unistd.h> header file. */
 #undef HAVE_UNISTD_H

+/* if struct usbdevfs_ctrltransfer has bRequestType */
+#undef HAVE_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE
+
 /* define if version.h is generated in the build procedure */
 #undef HAVE_VERSION_H

 /* Define to 1 if you have the `vsnprintf' function. */
 #undef HAVE_VSNPRINTF

+/* define if the system supports zerocopy BPF */
+#undef HAVE_ZEROCOPY_BPF
+
 /* define if your compiler has __attribute__ */
 #undef HAVE___ATTRIBUTE__

@ -122,6 +190,9 @@
 /* if unaligned access fails */
 #undef LBL_ALIGN

+/* path for device for USB sniffing */
+#undef LINUX_USB_MON_DEV
+
 /* Define to 1 if netinet/ether.h declares `ether_hostton' */
 #undef NETINET_ETHER_H_DECLARES_ETHER_HOSTTON

@ -149,29 +220,70 @@
 /* /dev/dlpi directory */
 #undef PCAP_DEV_PREFIX

+/* target host supports Bluetooth sniffing */
+#undef PCAP_SUPPORT_BT
+
+/* target host supports CAN sniffing */
+#undef PCAP_SUPPORT_CAN
+
+/* target host supports USB sniffing */
+#undef PCAP_SUPPORT_USB
+
+#undef PCAP_SUPPORT_DECT
+
+/* include ACN support */
+#undef SITA
+
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS

 /* Enable parser debugging */
 #undef YYDEBUG

+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
 /* needed on HP-UX */
 #undef _HPUX_SOURCE

+/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
+#undef _LARGEFILE_SOURCE
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
 /* define on AIX to get certain functions */
 #undef _SUN

+/* to handle Ultrix compilers that don't support const in prototypes */
+#undef const
+
 /* Define as token for inline if inlining supported */
 #undef inline

+/* Define to `short' if int16_t not defined. */
+#undef int16_t
+
+/* Define to `int' if int32_t not defined. */
+#undef int32_t
+
+/* Define to `long long' if int64_t not defined. */
+#undef int64_t
+
+/* Define to `signed char' if int8_t not defined. */
+#undef int8_t
+
 /* on sinix */
 #undef sinix

-/* if we have u_int16_t */
+/* Define to `unsigned short' if u_int16_t not defined. */
 #undef u_int16_t

-/* if we have u_int32_t */
+/* Define to `unsigned int' if u_int32_t not defined. */
 #undef u_int32_t

-/* if we have u_int8_t */
+/* Define to `unsigned long long' if u_int64_t not defined. */
+#undef u_int64_t
+
+/* Define to `unsigned char' if u_int8_t not defined. */
 #undef u_int8_t
--- a/config.sub
+++ b/config.sub
@ -1,9 +1,10 @@
 #! /bin/sh
 # Configuration validation subroutine script.
 #   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-#   2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+#   Free Software Foundation, Inc.

-timestamp='2003-11-03'
+timestamp='2009-12-31'

 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@ -21,22 +22,26 @@ timestamp='2003-11-03'
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
 # As a special exception to the GNU General Public License, if you
 # distribute this file as part of a program that contains a
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.

+
 # Please send patches to <config-patches@gnu.org>.  Submit a context
-# diff and a properly formatted ChangeLog entry.
+# diff and a properly formatted GNU ChangeLog entry.
 #
 # Configuration subroutine to validate and canonicalize a configuration type.
 # Supply the specified configuration type as an argument.
 # If it is invalid, we print an error message on stderr and exit with code 1.
 # Otherwise, we print the canonical config type on stdout and succeed.

+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
 # This file is supposed to be the same for all GNU packages
 # and recognize all the CPU types, system types and aliases
 # that are meaningful with *any* GNU software.
@ -70,8 +75,9 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)

-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+Software Foundation, Inc.

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -83,11 +89,11 @@ Try \`$me --help' for more information."
 while test $# -gt 0 ; do
  case $1 in
    --time-stamp | --time* | -t )
-       echo "$timestamp" ; exit 0 ;;
+       echo "$timestamp" ; exit ;;
    --version | -v )
-       echo "$version" ; exit 0 ;;
+       echo "$version" ; exit ;;
    --help | --h* | -h )
-       echo "$usage"; exit 0 ;;
+       echo "$usage"; exit ;;
    -- )     # Stop option processing
       shift; break ;;
    - )	# Use stdin as input.
@ -99,7 +105,7 @@ while test $# -gt 0 ; do
    *local*)
       # First pass through any local machine types.
       echo $1
-       exit 0;;
+       exit ;;

    * )
       break ;;
@ -118,8 +124,10 @@ esac
 # Here we must recognize all the valid KERNEL-OS combinations.
 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
 case $maybe_os in
-  nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
-  kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
    os=-$maybe_os
    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
    ;;
@ -145,10 +153,13 @@ case $os in
 	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
 	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
 	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-	-apple | -axis)
+	-apple | -axis | -knuth | -cray | -microblaze)
 		os=
 		basic_machine=$1
 		;;
+        -bluegene*)
+	        os=-cnk
+		;;
 	-sim | -cisco | -oki | -wec | -winbond)
 		os=
 		basic_machine=$1
@ -170,6 +181,10 @@ case $os in
 	-hiux*)
 		os=-hiuxwe2
 		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
 	-sco5)
 		os=-sco3.2v5
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@ -186,6 +201,10 @@ case $os in
 		# Don't forget version if it is 3.2v4 or newer.
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
 	-sco*)
 		os=-sco3.2v2
 		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@ -230,22 +249,28 @@ case $basic_machine in
 	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
 	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
 	| am33_2.0 \
-	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
 	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
-	| fr30 | frv \
+	| fido | fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| i370 | i860 | i960 | ia64 \
 	| ip2k | iq2000 \
-	| m32r | m68000 | m68k | m88k | mcore \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
 	| mips64 | mips64el \
-	| mips64vr | mips64vrel \
+	| mips64octeon | mips64octeonel \
 	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
 	| mips64vr4100 | mips64vr4100el \
 	| mips64vr4300 | mips64vr4300el \
 	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
 	| mipsisa32 | mipsisa32el \
 	| mipsisa32r2 | mipsisa32r2el \
 	| mipsisa64 | mipsisa64el \
@ -254,30 +279,40 @@ case $basic_machine in
 	| mipsisa64sr71k | mipsisa64sr71kel \
 	| mipstx39 | mipstx39el \
 	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
 	| msp430 \
+	| nios | nios2 \
 	| ns16k | ns32k \
-	| openrisc | or32 \
+	| or32 \
 	| pdp10 | pdp11 | pj | pjl \
 	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
 	| pyramid \
-	| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+	| rx \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
 	| sh64 | sh64le \
-	| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
-	| strongarm \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
 	| tahoe | thumb | tic4x | tic80 | tron \
+	| ubicom32 \
 	| v850 | v850e \
 	| we32k \
-	| x86 | xscale | xstormy16 | xtensa \
-	| z8k)
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
 		basic_machine=$basic_machine-unknown
 		;;
-	m6811 | m68hc11 | m6812 | m68hc12)
+	m6811 | m68hc11 | m6812 | m68hc12 | picochip)
 		# Motorola 68HC11/12.
 		basic_machine=$basic_machine-unknown
 		os=-none
 		;;
 	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
 		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;

 	# We use `pc' rather than `unknown'
 	# because (1) that's what they normally are, and
@ -297,28 +332,32 @@ case $basic_machine in
 	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
 	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
 	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
-	| avr-* \
-	| bs2000-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
 	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
-	| clipper-* | cydra-* \
+	| clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
 	| elxsi-* \
-	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| i*86-* | i860-* | i960-* | ia64-* \
 	| ip2k-* | iq2000-* \
-	| m32r-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
 	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
-	| m88110-* | m88k-* | mcore-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
 	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
 	| mips16-* \
 	| mips64-* | mips64el-* \
-	| mips64vr-* | mips64vrel-* \
+	| mips64octeon-* | mips64octeonel-* \
 	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
 	| mips64vr4100-* | mips64vr4100el-* \
 	| mips64vr4300-* | mips64vr4300el-* \
 	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
 	| mipsisa32-* | mipsisa32el-* \
 	| mipsisa32r2-* | mipsisa32r2el-* \
 	| mipsisa64-* | mipsisa64el-* \
@ -326,26 +365,35 @@ case $basic_machine in
 	| mipsisa64sb1-* | mipsisa64sb1el-* \
 	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
 	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
 	| msp430-* \
-	| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
 	| orion-* \
 	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
 	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
 	| pyramid-* \
-	| romp-* | rs6000-* \
-	| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+	| romp-* | rs6000-* | rx-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
 	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
-	| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
-	| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
 	| tahoe-* | thumb-* \
-	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
 	| tron-* \
+	| ubicom32-* \
 	| v850-* | v850e-* | vax-* \
 	| we32k-* \
-	| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
-	| xtensa-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
 	| ymp-* \
-	| z8k-*)
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
 		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
@ -363,6 +411,9 @@ case $basic_machine in
 		basic_machine=a29k-amd
 		os=-udi
 		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
 	adobe68k)
 		basic_machine=m68010-adobe
 		os=-scout
@ -380,6 +431,9 @@ case $basic_machine in
 	amd64)
 		basic_machine=x86_64-pc
 		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
 	amdahl)
 		basic_machine=580-amdahl
 		os=-sysv
@ -403,6 +457,10 @@ case $basic_machine in
 		basic_machine=m68k-apollo
 		os=-bsd
 		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
 	aux)
 		basic_machine=m68k-apple
 		os=-aux
@ -411,10 +469,26 @@ case $basic_machine in
 		basic_machine=ns32k-sequent
 		os=-dynix
 		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
 	c90)
 		basic_machine=c90-cray
 		os=-unicos
 		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
 	convex-c1)
 		basic_machine=c1-convex
 		os=-bsd
@ -439,12 +513,27 @@ case $basic_machine in
 		basic_machine=j90-cray
 		os=-unicos
 		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
 	crds | unos)
 		basic_machine=m68k-crds
 		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
 	cris | cris-* | etrax*)
 		basic_machine=cris-axis
 		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
 	da30 | da30-*)
 		basic_machine=m68k-da30
 		;;
@ -467,6 +556,14 @@ case $basic_machine in
 		basic_machine=m88k-motorola
 		os=-sysv3
 		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
 	dpx20 | dpx20-*)
 		basic_machine=rs6000-bull
 		os=-bosx
@ -617,6 +714,14 @@ case $basic_machine in
 		basic_machine=m68k-isi
 		os=-sysv
 		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	m88k-omron*)
 		basic_machine=m88k-omron
 		;;
@ -628,10 +733,17 @@ case $basic_machine in
 		basic_machine=ns32k-utek
 		os=-sysv
 		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
 	mingw32)
 		basic_machine=i386-pc
 		os=-mingw32
 		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
 	miniframe)
 		basic_machine=m68000-convergent
 		;;
@ -645,10 +757,6 @@ case $basic_machine in
 	mips3*)
 		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
 		;;
-	mmix*)
-		basic_machine=mmix-knuth
-		os=-mmixware
-		;;
 	monitor)
 		basic_machine=m68k-rom68k
 		os=-coff
@ -661,6 +769,9 @@ case $basic_machine in
 		basic_machine=i386-pc
 		os=-msdos
 		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
 	mvs)
 		basic_machine=i370-ibm
 		os=-mvs
@ -729,10 +840,6 @@ case $basic_machine in
 	np1)
 		basic_machine=np1-gould
 		;;
-	nv1)
-		basic_machine=nv1-cray
-		os=-unicosmp
-		;;
 	nsr-tandem)
 		basic_machine=nsr-tandem
 		;;
@ -740,9 +847,8 @@ case $basic_machine in
 		basic_machine=hppa1.1-oki
 		os=-proelf
 		;;
-	or32 | or32-*)
+	openrisc | openrisc-*)
 		basic_machine=or32-unknown
-		os=-coff
 		;;
 	os400)
 		basic_machine=powerpc-ibm
@ -764,6 +870,14 @@ case $basic_machine in
 		basic_machine=i860-intel
 		os=-osf
 		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
 	pbd)
 		basic_machine=sparc-tti
 		;;
@ -773,6 +887,12 @@ case $basic_machine in
 	pc532 | pc532-*)
 		basic_machine=ns32k-pc532
 		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
 	pentium | p5 | k5 | k6 | nexgen | viac3)
 		basic_machine=i586-pc
 		;;
@ -829,6 +949,10 @@ case $basic_machine in
 		basic_machine=i586-unknown
 		os=-pw32
 		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
 	rom68k)
 		basic_machine=m68k-rom68k
 		os=-coff
@ -855,6 +979,10 @@ case $basic_machine in
 	sb1el)
 		basic_machine=mipsisa64sb1el-unknown
 		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
 	sei)
 		basic_machine=mips-sei
 		os=-seiux
@ -866,6 +994,9 @@ case $basic_machine in
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
 	sh64)
 		basic_machine=sh64-unknown
 		;;
@ -955,6 +1086,10 @@ case $basic_machine in
 		basic_machine=tic6x-unknown
 		os=-coff
 		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
 	tx39)
 		basic_machine=mipstx39-unknown
 		;;
@ -1015,6 +1150,10 @@ case $basic_machine in
 		basic_machine=hppa1.1-winbond
 		os=-proelf
 		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
 	xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
@ -1026,6 +1165,10 @@ case $basic_machine in
 		basic_machine=z8k-unknown
 		os=-sim
 		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
 	none)
 		basic_machine=none-none
 		os=-none
@ -1045,6 +1188,9 @@ case $basic_machine in
 	romp)
 		basic_machine=romp-ibm
 		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
 	rs6000)
 		basic_machine=rs6000-ibm
 		;;
@ -1061,13 +1207,10 @@ case $basic_machine in
 	we32k)
 		basic_machine=we32k-att
 		;;
-	sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
 		basic_machine=sh-unknown
 		;;
-	sh64)
-		basic_machine=sh64-unknown
-		;;
-	sparc | sparcv9 | sparcv9b)
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
 		basic_machine=sparc-sun
 		;;
 	cydra)
@ -1114,6 +1257,9 @@ case $os in
        # First match some system type aliases
        # that might get confused with valid system types.
 	# -solaris* is a basic system type, with this one exception.
+        -auroraux)
+	        os=-auroraux
+		;;
 	-solaris1 | -solaris1.*)
 		os=`echo $os | sed -e 's|solaris1|sunos4|'`
 		;;
@ -1134,25 +1280,30 @@ case $os in
 	# Each alternative MUST END IN A *, to match a version number.
 	# -sysv* is not here because it comes later, after sysvr4.
 	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
-	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+	      | -sym* | -kopensolaris* \
 	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
-	      | -aos* \
+	      | -aos* | -aros* \
 	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
 	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -knetbsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
-	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
 	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
 	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
-	      | -chorusos* | -chorusrdb* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
 	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
-	      | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
 	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
 	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
 	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
-	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly*)
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@ -1170,7 +1321,7 @@ case $os in
 		os=`echo $os | sed -e 's|nto|nto-qnx|'`
 		;;
 	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
 	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
 		;;
 	-mac*)
@ -1215,6 +1366,9 @@ case $os in
 	-atheos*)
 		os=-atheos
 		;;
+	-syllable*)
+		os=-syllable
+		;;
 	-386bsd)
 		os=-bsd
 		;;
@ -1276,6 +1430,14 @@ case $os in
 	-kaos*)
 		os=-kaos
 		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+        -nacl*)
+	        ;;
 	-none)
 		;;
 	*)
@ -1298,6 +1460,12 @@ else
 # system, and we'll never get to this point.

 case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
 	*-acorn)
 		os=-riscix1.2
 		;;
@ -1307,9 +1475,9 @@ case $basic_machine in
 	arm*-semi)
 		os=-aout
 		;;
-    c4x-* | tic4x-*)
-        os=-coff
-        ;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
 	# This must come before the *-dec entry.
 	pdp10-*)
 		os=-tops20
@ -1335,6 +1503,9 @@ case $basic_machine in
 	m68*-cisco)
 		os=-aout
 		;;
+        mep-*)
+		os=-elf
+		;;
 	mips*-cisco)
 		os=-elf
 		;;
@ -1353,9 +1524,15 @@ case $basic_machine in
 	*-be)
 		os=-beos
 		;;
+	*-haiku)
+		os=-haiku
+		;;
 	*-ibm)
 		os=-aix
 		;;
+    	*-knuth)
+		os=-mmixware
+		;;
 	*-wec)
 		os=-proelf
 		;;
@ -1458,7 +1635,7 @@ case $basic_machine in
 			-sunos*)
 				vendor=sun
 				;;
-			-aix*)
+			-cnk*|-aix*)
 				vendor=ibm
 				;;
 			-beos*)
@ -1521,7 +1698,7 @@ case $basic_machine in
 esac

 echo $basic_machine$os
-exit 0
+exit

 # Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
--- a/11236
+++ b/11236
--- a/configure.in
+++ b/configure.in
--- a/dlpisubs.c
+++ b/dlpisubs.c
@ -0,0 +1,358 @@
+/*
+ * This code is derived from code formerly in pcap-dlpi.c, originally
+ * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
+ * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
+ * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
+ * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
+ */
+
+/*
+ * This file contains dlpi/libdlpi related common functions used
+ * by pcap-[dlpi,libdlpi].c.
+ */
+#ifndef lint
+static const char rcsid[] _U_ =
+	"@(#) $Header: /tcpdump/master/libpcap/dlpisubs.c,v 1.3 2008-12-02 16:40:19 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef DL_IPATM
+#define DL_IPATM	0x12	/* ATM Classical IP interface */
+#endif
+
+#ifdef HAVE_SYS_BUFMOD_H
+	/*
+	 * Size of a bufmod chunk to pass upstream; that appears to be the
+	 * biggest value to which you can set it, and setting it to that value
+	 * (which is bigger than what appears to be the Solaris default of 8192)
+	 * reduces the number of packet drops.
+	 */
+#define	CHUNKSIZE	65536
+
+	/*
+	 * Size of the buffer to allocate for packet data we read; it must be
+	 * large enough to hold a chunk.
+	 */
+#define	PKTBUFSIZE	CHUNKSIZE
+
+#else /* HAVE_SYS_BUFMOD_H */
+
+	/*
+	 * Size of the buffer to allocate for packet data we read; this is
+	 * what the value used to be - there's no particular reason why it
+	 * should be tied to MAXDLBUF, but we'll leave it as this for now.
+	 */
+#define	MAXDLBUF	8192
+#define	PKTBUFSIZE	(MAXDLBUF * sizeof(bpf_u_int32))
+
+#endif
+
+#include <sys/types.h>
+#include <sys/time.h>
+#ifdef HAVE_SYS_BUFMOD_H
+#include <sys/bufmod.h>
+#endif
+#include <sys/dlpi.h>
+#include <sys/stream.h>
+
+#include <errno.h>
+#include <memory.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stropts.h>
+#include <unistd.h>
+
+#include "pcap-int.h"
+#include "dlpisubs.h"
+
+#ifdef HAVE_SYS_BUFMOD_H
+static void pcap_stream_err(const char *, int, char *);
+#endif
+
+/*
+ * Get the packet statistics.
+ */
+int
+pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
+{
+
+	/*
+	 * "ps_recv" counts packets handed to the filter, not packets
+	 * that passed the filter.  As filtering is done in userland,
+	 * this would not include packets dropped because we ran out
+	 * of buffer space; in order to make this more like other
+	 * platforms (Linux 2.4 and later, BSDs with BPF), where the
+	 * "packets received" count includes packets received but dropped
+	 * due to running out of buffer space, and to keep from confusing
+	 * applications that, for example, compute packet drop percentages,
+	 * we also make it count packets dropped by "bufmod" (otherwise we
+	 * might run the risk of the packet drop count being bigger than
+	 * the received-packet count).
+	 *
+	 * "ps_drop" counts packets dropped by "bufmod" because of
+	 * flow control requirements or resource exhaustion; it doesn't
+	 * count packets dropped by the interface driver, or packets
+	 * dropped upstream.  As filtering is done in userland, it counts
+	 * packets regardless of whether they would've passed the filter.
+	 *
+	 * These statistics don't include packets not yet read from
+	 * the kernel by libpcap, but they may include packets not
+	 * yet read from libpcap by the application.
+	 */
+	*ps = p->md.stat;
+
+	/*
+	 * Add in the drop count, as per the above comment.
+	 */
+	ps->ps_recv += ps->ps_drop;
+	return (0);
+}
+
+/*
+ * Loop through the packets and call the callback for each packet.
+ * Return the number of packets read.
+ */
+int
+pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
+	int count, u_char *bufp, int len)
+{
+	int n, caplen, origlen;
+	u_char *ep, *pk;
+	struct pcap_pkthdr pkthdr;
+#ifdef HAVE_SYS_BUFMOD_H
+	struct sb_hdr *sbp;
+#ifdef LBL_ALIGN
+	struct sb_hdr sbhdr;
+#endif
+#endif
+
+	/* Loop through packets */
+	ep = bufp + len;
+	n = 0;
+
+#ifdef HAVE_SYS_BUFMOD_H
+	while (bufp < ep) {
+		/*
+		 * Has "pcap_breakloop()" been called?
+		 * If so, return immediately - if we haven't read any
+		 * packets, clear the flag and return -2 to indicate
+		 * that we were told to break out of the loop, otherwise
+		 * leave the flag set, so that the *next* call will break
+		 * out of the loop without having read any packets, and
+		 * return the number of packets we've processed so far.
+		 */
+		if (p->break_loop) {
+			if (n == 0) {
+				p->break_loop = 0;
+				return (-2);
+			} else {
+				p->bp = bufp;
+				p->cc = ep - bufp;
+				return (n);
+			}
+		}
+#ifdef LBL_ALIGN
+		if ((long)bufp & 3) {
+			sbp = &sbhdr;
+			memcpy(sbp, bufp, sizeof(*sbp));
+		} else
+#endif
+			sbp = (struct sb_hdr *)bufp;
+		p->md.stat.ps_drop = sbp->sbh_drops;
+		pk = bufp + sizeof(*sbp);
+		bufp += sbp->sbh_totlen;
+		origlen = sbp->sbh_origlen;
+		caplen = sbp->sbh_msglen;
+#else
+		origlen = len;
+		caplen = min(p->snapshot, len);
+		pk = bufp;
+		bufp += caplen;
+#endif
+		++p->md.stat.ps_recv;
+		if (bpf_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
+#ifdef HAVE_SYS_BUFMOD_H
+			pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
+			pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
+#else
+			(void) gettimeofday(&pkthdr.ts, NULL);
+#endif
+			pkthdr.len = origlen;
+			pkthdr.caplen = caplen;
+			/* Insure caplen does not exceed snapshot */
+			if (pkthdr.caplen > p->snapshot)
+				pkthdr.caplen = p->snapshot;
+			(*callback)(user, &pkthdr, pk);
+			if (++n >= count && count >= 0) {
+				p->cc = ep - bufp;
+				p->bp = bufp;
+				return (n);
+			}
+		}
+#ifdef HAVE_SYS_BUFMOD_H
+	}
+#endif
+	p->cc = 0;
+	return (n);
+}
+
+/*
+ * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
+ */
+int
+pcap_process_mactype(pcap_t *p, u_int mactype)
+{
+	int retv = 0;
+
+	switch (mactype) {
+
+	case DL_CSMACD:
+	case DL_ETHER:
+		p->linktype = DLT_EN10MB;
+		p->offset = 2;
+		/*
+		 * This is (presumably) a real Ethernet capture; give it a
+		 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
+		 * that an application can let you choose it, in case you're
+		 * capturing DOCSIS traffic that a Cisco Cable Modem
+		 * Termination System is putting out onto an Ethernet (it
+		 * doesn't put an Ethernet header onto the wire, it puts raw
+		 * DOCSIS frames out on the wire inside the low-level
+		 * Ethernet framing).
+		 */
+		p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
+		/*
+		 * If that fails, just leave the list empty.
+		 */
+		if (p->dlt_list != NULL) {
+			p->dlt_list[0] = DLT_EN10MB;
+			p->dlt_list[1] = DLT_DOCSIS;
+			p->dlt_count = 2;
+		}
+		break;
+
+	case DL_FDDI:
+		p->linktype = DLT_FDDI;
+		p->offset = 3;
+		break;
+
+	case DL_TPR:
+		/* XXX - what about DL_TPB?  Is that Token Bus?  */
+		p->linktype = DLT_IEEE802;
+		p->offset = 2;
+		break;
+
+#ifdef HAVE_SOLARIS
+	case DL_IPATM:
+		p->linktype = DLT_SUNATM;
+		p->offset = 0;  /* works for LANE and LLC encapsulation */
+		break;
+#endif
+
+	default:
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype %u",
+		    mactype);
+		retv = -1;
+	}
+
+	return (retv);
+}
+
+#ifdef HAVE_SYS_BUFMOD_H
+/*
+ * Push and configure the buffer module. Returns -1 for error, otherwise 0.
+ */
+int
+pcap_conf_bufmod(pcap_t *p, int snaplen, int timeout)
+{
+	int retv = 0;
+
+	bpf_u_int32 ss, chunksize;
+
+	/* Non-standard call to get the data nicely buffered. */
+	if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
+		pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
+		retv = -1;
+	}
+
+	ss = snaplen;
+	if (ss > 0 &&
+	    strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
+		pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
+		retv = -1;
+	}
+
+	/* Set up the bufmod timeout. */
+	if (timeout != 0) {
+		struct timeval to;
+
+		to.tv_sec = timeout / 1000;
+		to.tv_usec = (timeout * 1000) % 1000000;
+		if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
+			pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
+			retv = -1;
+		}
+	}
+
+	/* Set the chunk length. */
+	chunksize = CHUNKSIZE;
+	if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
+	    != 0) {
+		pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
+		retv = -1;
+	}
+
+	return (retv);
+}
+#endif /* HAVE_SYS_BUFMOD_H */
+
+/*
+ * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
+ */
+int
+pcap_alloc_databuf(pcap_t *p)
+{
+	p->bufsize = PKTBUFSIZE;
+	p->buffer = (u_char *)malloc(p->bufsize + p->offset);
+	if (p->buffer == NULL) {
+		strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
+		return (-1);
+	}
+
+	return (0);
+}
+
+/*
+ * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
+ * length of returned data on success.
+ */
+int
+strioctl(int fd, int cmd, int len, char *dp)
+{
+	struct strioctl str;
+	int retv;
+
+	str.ic_cmd = cmd;
+	str.ic_timout = -1;
+	str.ic_len = len;
+	str.ic_dp = dp;
+	if ((retv = ioctl(fd, I_STR, &str)) < 0)
+		return (retv);
+
+	return (str.ic_len);
+}
+
+#ifdef HAVE_SYS_BUFMOD_H
+/*
+ * Write stream error message to errbuf.
+ */
+static void
+pcap_stream_err(const char *func, int err, char *errbuf)
+{
+	snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", func, pcap_strerror(err));
+}
+#endif
--- a/dlpisubs.h
+++ b/dlpisubs.h
@ -0,0 +1,28 @@
+/*
+ * @(#) $Header: /tcpdump/master/libpcap/dlpisubs.h,v 1.2 2008-04-04 19:37:45 guy Exp $
+ */
+
+#ifndef dlpisubs_h
+#define	dlpisubs_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Functions used by dlpisubs.c.
+ */
+int pcap_stats_dlpi(pcap_t *, struct pcap_stat *);
+int pcap_process_pkts(pcap_t *, pcap_handler, u_char *, int, u_char *, int);
+int pcap_process_mactype(pcap_t *, u_int);
+#ifdef HAVE_SYS_BUFMOD_H
+int pcap_conf_bufmod(pcap_t *, int, int);
+#endif
+int pcap_alloc_databuf(pcap_t *);
+int strioctl(int, int, int, char *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- a/etherent.c
+++ b/etherent.c
@ -21,14 +21,26 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.22 2003-11-15 23:23:57 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.23 2006-10-04 18:09:22 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif

+#ifdef WIN32
+#include <pcap-stdinc.h>
+#else /* WIN32 */
+#if HAVE_INTTYPES_H
+#include <inttypes.h>
+#elif HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
 #include <sys/types.h>
+#endif /* WIN32 */

 #include <ctype.h>
 #include <memory.h>
@ -37,7 +49,7 @@ static const char rcsid[] _U_ =

 #include "pcap-int.h"

-#include <pcap-namedb.h>
+#include <pcap/namedb.h>

 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
--- a/ethertype.h
+++ b/ethertype.h
@ -18,7 +18,7 @@
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/ethertype.h,v 1.13 2004-06-16 08:20:28 hannes Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/ethertype.h,v 1.14 2005-09-05 09:06:58 guy Exp $ (LBL)
 */

 /*
@ -108,6 +108,12 @@
 #ifndef ETHERTYPE_MPLS_MULTI
 #define ETHERTYPE_MPLS_MULTI    0x8848
 #endif
+#ifndef ETHERTYPE_PPPOED
+#define ETHERTYPE_PPPOED	0x8863
+#endif
+#ifndef ETHERTYPE_PPPOES
+#define ETHERTYPE_PPPOES	0x8864
+#endif
 #ifndef	ETHERTYPE_LOOPBACK
 #define	ETHERTYPE_LOOPBACK	0x9000
 #endif
--- a/fad-getad.c
+++ b/fad-getad.c
@ -34,7 +34,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/fad-getad.c,v 1.11 2005-04-08 02:01:19 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/fad-getad.c,v 1.12 2007-09-14 00:44:55 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -61,7 +61,14 @@ static const char rcsid[] _U_ =
 #endif

 #ifdef AF_PACKET
-# include <linux/if_packet.h>
+# ifdef __Lynx__
+/* LynxOS */
+#  include <netpacket/if_packet.h>
+# else
+/* Linux */
+#  include <linux/types.h>
+#  include <linux/if_packet.h>
+# endif
 #endif

 /*
--- a/fad-gifc.c
+++ b/fad-gifc.c
@ -34,7 +34,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/fad-gifc.c,v 1.10 2005-04-08 02:15:49 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/fad-gifc.c,v 1.12 2008-08-06 07:34:09 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -42,7 +42,6 @@ static const char rcsid[] _U_ =
 #endif

 #include <sys/param.h>
-#include <sys/file.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #ifdef HAVE_SYS_SOCKIO_H
@ -102,135 +101,26 @@ struct rtentry;		/* declarations in <net/if.h> */
 #endif /* HAVE_SOCKADDR_SA_LEN */
 #endif /* SA_LEN */

-#ifdef HAVE_PROC_NET_DEV
 /*
- * Get from "/proc/net/dev" all interfaces listed there; if they're
- * already in the list of interfaces we have, that won't add another
- * instance, but if they're not, that'll add them.
+ * This is also fun.
 *
- * We don't bother getting any addresses for them; it appears you can't
- * use SIOCGIFADDR on Linux to get IPv6 addresses for interfaces, and,
- * although some other types of addresses can be fetched with SIOCGIFADDR,
- * we don't bother with them for now.
+ * There is no ioctl that returns the amount of space required for all
+ * the data that SIOCGIFCONF could return, and if a buffer is supplied
+ * that's not large enough for all the data SIOCGIFCONF could return,
+ * on at least some platforms it just returns the data that'd fit with
+ * no indication that there wasn't enough room for all the data, much
+ * less an indication of how much more room is required.
 *
- * We also don't fail if we couldn't open "/proc/net/dev"; we just leave
- * the list of interfaces as is.
+ * The only way to ensure that we got all the data is to pass a buffer
+ * large enough that the amount of space in the buffer *not* filled in
+ * is greater than the largest possible entry.
+ *
+ * We assume that's "sizeof(ifreq.ifr_name)" plus 255, under the assumption
+ * that no address is more than 255 bytes (on systems where the "sa_len"
+ * field in a "struct sockaddr" is 1 byte, e.g. newer BSDs, that's the
+ * case, and addresses are unlikely to be bigger than that in any case).
 */
-static int
-scan_proc_net_dev(pcap_if_t **devlistp, int fd, char *errbuf)
-{
-	FILE *proc_net_f;
-	char linebuf[512];
-	int linenum;
-	unsigned char *p;
-	char name[512];	/* XXX - pick a size */
-	char *q, *saveq;
-	struct ifreq ifrflags;
-	int ret = 0;
-
-	proc_net_f = fopen("/proc/net/dev", "r");
-	if (proc_net_f == NULL)
-		return (0);
-
-	for (linenum = 1;
-	    fgets(linebuf, sizeof linebuf, proc_net_f) != NULL; linenum++) {
-		/*
-		 * Skip the first two lines - they're headers.
-		 */
-		if (linenum <= 2)
-			continue;
-
-		p = &linebuf[0];
-
-		/*
-		 * Skip leading white space.
-		 */
-		while (*p != '\0' && isspace(*p))
-			p++;
-		if (*p == '\0' || *p == '\n')
-			continue;	/* blank line */
-
-		/*
-		 * Get the interface name.
-		 */
-		q = &name[0];
-		while (*p != '\0' && !isspace(*p)) {
-			if (*p == ':') {
-				/*
-				 * This could be the separator between a
-				 * name and an alias number, or it could be
-				 * the separator between a name with no
-				 * alias number and the next field.
-				 *
-				 * If there's a colon after digits, it
-				 * separates the name and the alias number,
-				 * otherwise it separates the name and the
-				 * next field.
-				 */
-				saveq = q;
-				while (isdigit(*p))
-					*q++ = *p++;
-				if (*p != ':') {
-					/*
-					 * That was the next field,
-					 * not the alias number.
-					 */
-					q = saveq;
-				}
-				break;
-			} else
-				*q++ = *p++;
-		}
-		*q = '\0';
-
-		/*
-		 * Get the flags for this interface, and skip it if
-		 * it's not up.
-		 */
-		strncpy(ifrflags.ifr_name, name, sizeof(ifrflags.ifr_name));
-		if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
-			if (errno == ENXIO)
-				continue;
-			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
-			    "SIOCGIFFLAGS: %.*s: %s",
-			    (int)sizeof(ifrflags.ifr_name),
-			    ifrflags.ifr_name,
-			    pcap_strerror(errno));
-			ret = -1;
-			break;
-		}
-		if (!(ifrflags.ifr_flags & IFF_UP))
-			continue;
-
-		/*
-		 * Add an entry for this interface, with no addresses.
-		 */
-		if (pcap_add_if(devlistp, name, ifrflags.ifr_flags, NULL,
-		    errbuf) == -1) {
-			/*
-			 * Failure.
-			 */
-			ret = -1;
-			break;
-		}
-	}
-	if (ret != -1) {
-		/*
-		 * Well, we didn't fail for any other reason; did we
-		 * fail due to an error reading the file?
-		 */
-		if (ferror(proc_net_f)) {
-			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
-			    "Error reading /proc/net/dev: %s",
-			    pcap_strerror(errno));
-			ret = -1;
-		}
-	}
-
-	(void)fclose(proc_net_f);
-	return (ret);
-}
-#endif /* HAVE_PROC_NET_DEV */
+#define MAX_SA_LEN	255

 /*
 * Get a list of all interfaces that are up and that we can open.
@ -275,9 +165,10 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)

 	/*
 	 * Start with an 8K buffer, and keep growing the buffer until
-	 * we get the entire interface list or fail to get it for some
-	 * reason other than EINVAL (which is presumed here to mean
-	 * "buffer is too small").
+	 * we have more than "sizeof(ifrp->ifr_name) + MAX_SA_LEN"
+	 * bytes left over in the buffer or we fail to get the
+	 * interface list for some reason other than EINVAL (which is
+	 * presumed here to mean "buffer is too small").
 	 */
 	buf_size = 8192;
 	for (;;) {
@ -300,7 +191,8 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
 			free(buf);
 			return (-1);
 		}
-		if (ifc.ifc_len < buf_size)
+		if (ifc.ifc_len < buf_size &&
+		    (buf_size - ifc.ifc_len) > sizeof(ifrp->ifr_name) + MAX_SA_LEN)
 			break;
 		free(buf);
 		buf_size *= 2;
@ -515,20 +407,6 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
 		}
 	}
 	free(buf);
-
-#ifdef HAVE_PROC_NET_DEV
-	if (ret != -1) {
-		/*
-		 * We haven't had any errors yet; now read "/proc/net/dev",
-		 * and add to the list of interfaces all interfaces listed
-		 * there that we don't already have, because, on Linux,
-		 * SIOCGIFCONF reports only interfaces with IPv4 addresses,
-		 * so you need to read "/proc/net/dev" to get the names of
-		 * the rest of the interfaces.
-		 */
-		ret = scan_proc_net_dev(&devlist, fd, errbuf);
-	}
-#endif
 	(void)close(fd);

 	if (ret != -1) {
--- a/fad-glifc.c
+++ b/fad-glifc.c
@ -34,7 +34,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/fad-glifc.c,v 1.5 2005-01-29 10:34:04 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/fad-glifc.c,v 1.7 2008-01-30 09:35:48 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -75,9 +75,9 @@ struct rtentry;		/* declarations in <net/if.h> */
 * The list, as returned through "alldevsp", may be null if no interfaces
 * were up and could be opened.
 *
- * This is the implementation used on platforms that have SIOCLGIFCONF
+ * This is the implementation used on platforms that have SIOCGLIFCONF
 * but don't have "getifaddrs()".  (Solaris 8 and later; we use
- * SIOCLGIFCONF rather than SIOCGIFCONF in order to get IPv6 addresses.)
+ * SIOCGLIFCONF rather than SIOCGIFCONF in order to get IPv6 addresses.)
 */
 int
 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
@ -326,7 +326,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
 		 * be treated like the entry for the real interface;
 		 * we do that by stripping off the ":" and the number.
 		 */
-		p = strchr(ifrp->ifr_name, ':');
+		p = strchr(ifrp->lifr_name, ':');
 		if (p != NULL) {
 			/*
 			 * We have a ":"; is it followed by a number?
--- a/fad-sita.c
+++ b/fad-sita.c
@ -0,0 +1,61 @@
+/*
+ *  fad-sita.c: Packet capture interface additions for SITA ACN devices
+ *
+ *  Copyright (c) 2007 Fulko Hew, SITA INC Canada, Inc <fulko.hew@sita.aero>
+ *
+ *  License: BSD
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions
+ *  are met:
+ *
+ *  1. Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *  2. Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *  3. The names of the authors may not be used to endorse or promote
+ *     products derived from this software without specific prior
+ *     written permission.
+ *
+ *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ *  IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+ /* $Id: fad-sita.c */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+#include "pcap-int.h"
+
+#include "pcap-sita.h"
+
+extern pcap_if_t	*acn_if_list;								/* pcap's list of available interfaces */
+
+int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) {
+
+	//printf("pcap_findalldevs()\n");				// fulko
+
+	*alldevsp = 0;												/* initialize the returned variables before we do anything */
+	strcpy(errbuf, "");
+	if (acn_parse_hosts_file(errbuf))							/* scan the hosts file for potential IOPs */
+		{
+		//printf("pcap_findalldevs() returning BAD after parsehosts\n");				// fulko
+		return -1;
+		}
+	//printf("pcap_findalldevs() got hostlist now finding devs\n");				// fulko
+	if (acn_findalldevs(errbuf))								/* then ask the IOPs for their monitorable devices */
+		{
+		//printf("pcap_findalldevs() returning BAD after findalldevs\n");				// fulko
+		return -1;
+		}
+	*alldevsp = acn_if_list;
+	acn_if_list = 0;											/* then forget our list head, because someone will call pcap_freealldevs() to empty the malloc'ed stuff */
+	//printf("pcap_findalldevs() returning ZERO OK\n");				// fulko
+	return 0;
+}
--- a/fad-win32.c
+++ b/fad-win32.c
@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2002 - 2003
- * NetGroup, Politecnico di Torino (Italy)
+ * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
+ * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -12,9 +12,10 @@
 * 2. Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the Politecnico di Torino nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
+ * 3. Neither the name of the Politecnico di Torino, CACE Technologies 
+ * nor the names of its contributors may be used to endorse or promote 
+ * products derived from this software without specific prior written 
+ * permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@ -32,7 +33,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/fad-win32.c,v 1.11 2005-01-29 00:52:22 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/fad-win32.c,v 1.15 2007-09-25 20:34:36 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -41,7 +42,7 @@ static const char rcsid[] _U_ =

 #include <pcap.h>
 #include <pcap-int.h>
-#include <packet32.h>
+#include <Packet32.h>

 #include <errno.h>
 	
@ -224,7 +225,18 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
 	ULONG NameLength;
 	char *name;
 	
-	PacketGetAdapterNames(NULL, &NameLength);
+	if (!PacketGetAdapterNames(NULL, &NameLength))
+	{
+		DWORD last_error = GetLastError();
+
+		if (last_error != ERROR_INSUFFICIENT_BUFFER)
+		{
+			snprintf(errbuf, PCAP_ERRBUF_SIZE,
+				"PacketGetAdapterNames: %s",
+				pcap_win32strerror());
+			return (-1);
+		}
+	}

 	if (NameLength > 0)
 		AdaptersName = (char*) malloc(NameLength);
@ -289,6 +301,15 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
 		name += strlen(name) + 1;
 		desc += strlen(desc) + 1;
 	}
+
+	if (ret != -1) {
+		/*
+		 * We haven't had any errors yet; do any platform-specific
+		 * operations to add devices.
+		 */
+		if (pcap_platform_finddevs(&devlist, errbuf) < 0)
+			ret = -1;
+	}
 	
 	if (ret == -1) {
 		/*
--- a/gencode.c
+++ b/gencode.c
--- a/gencode.h
+++ b/gencode.h
@ -18,7 +18,7 @@
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.60 2004-06-16 08:20:30 hannes Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.71 2007-11-18 02:03:52 guy Exp $ (LBL)
 */

 /*
@ -55,6 +55,10 @@
 * POSSIBILITY OF SUCH DAMAGE.
 */

+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif /* HAVE___ATTRIBUTE__ */
+
 /* Address qualifiers. */

 #define Q_HOST		1
@ -63,6 +67,7 @@
 #define Q_GATEWAY	4
 #define Q_PROTO		5
 #define Q_PROTOCHAIN	6
+#define Q_PORTRANGE	7

 /* Protocol qualifiers. */

@ -119,12 +124,20 @@
 #define Q_ISIS_PSNP     38
 #define Q_ISIS_LSP      39

+#define Q_RADIO		40
+
 /* Directional qualifiers. */

 #define Q_SRC		1
 #define Q_DST		2
 #define Q_OR		3
 #define Q_AND		4
+#define Q_ADDR1		5
+#define Q_ADDR2		6
+#define Q_ADDR3		7
+#define Q_ADDR4		8
+#define Q_RA		9
+#define Q_TA		10

 #define Q_DEFAULT	0
 #define Q_UNDEF		255
@ -166,6 +179,18 @@
 				   end-to-end circuits, ILMI circuits or
 				   connection signalling circuit. */

+/* MTP2 types */
+#define M_FISU		22	/* FISU */
+#define M_LSSU		23	/* LSSU */
+#define M_MSU		24	/* MSU */
+
+/* MTP3 field types */
+#define M_SIO		1
+#define M_OPC		2
+#define M_DPC		3
+#define M_SLS		4
+
+
 struct slist;

 struct stmt {
@ -275,10 +300,16 @@ struct block *gen_inbound(int);
 struct block *gen_vlan(int);
 struct block *gen_mpls(int);

-struct block *gen_atmfield_code(int atmfield, bpf_u_int32 jvalue, bpf_u_int32 jtype, int reverse);
+struct block *gen_pppoed(void);
+struct block *gen_pppoes(void);
+
+struct block *gen_atmfield_code(int atmfield, bpf_int32 jvalue, bpf_u_int32 jtype, int reverse);
 struct block *gen_atmtype_abbrev(int type);
 struct block *gen_atmmulti_abbrev(int type);

+struct block *gen_mtp2type_abbrev(int type);
+struct block *gen_mtp3field_code(int mtp3field, bpf_u_int32 jvalue, bpf_u_int32 jtype, int reverse);
+
 struct block *gen_pf_ifname(const char *);
 struct block *gen_pf_rnr(int);
 struct block *gen_pf_srnr(int);
@ -287,19 +318,19 @@ struct block *gen_pf_reason(int);
 struct block *gen_pf_action(int);
 struct block *gen_pf_dir(int);

+struct block *gen_p80211_type(int, int);
+struct block *gen_p80211_fcdir(int);
+
 void bpf_optimize(struct block **);
 void bpf_error(const char *, ...)
-#if HAVE___ATTRIBUTE__
-    __attribute__((noreturn, format (printf, 1, 2)))
-#endif
-;
+    __attribute__((noreturn, format (printf, 1, 2)));

 void finish_parse(struct block *);
 char *sdup(const char *);

 struct bpf_insn *icode_to_fcode(struct block *, int *);
 int pcap_parse(void);
-void lex_init(char *);
+void lex_init(const char *);
 void lex_cleanup(void);
 void sappend(struct slist *, struct slist *);

--- a/grammar.y
+++ b/grammar.y
@ -22,7 +22,7 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.86 2004-12-18 08:49:23 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.101 2007-11-18 02:03:52 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -45,6 +45,7 @@ struct rtentry;
 #endif

 #include <netinet/in.h>
+#include <arpa/inet.h>
 #endif /* WIN32 */

 #include <stdio.h>
@ -52,8 +53,13 @@ struct rtentry;
 #include "pcap-int.h"

 #include "gencode.h"
-#include "pf.h"
-#include <pcap-namedb.h>
+#ifdef HAVE_NET_PFVAR_H
+#include <net/if.h>
+#include <net/pfvar.h>
+#include <net/if_pflog.h>
+#endif
+#include "ieee80211.h"
+#include <pcap/namedb.h>

 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
@ -63,12 +69,98 @@ struct rtentry;
 			 (q).dir = (d),\
 			 (q).addr = (a)

+struct tok {
+	int v;			/* value */
+	const char *s;		/* string */
+};
+
+static const struct tok ieee80211_types[] = {
+	{ IEEE80211_FC0_TYPE_DATA, "data" },
+	{ IEEE80211_FC0_TYPE_MGT, "mgt" },
+	{ IEEE80211_FC0_TYPE_MGT, "management" },
+	{ IEEE80211_FC0_TYPE_CTL, "ctl" },
+	{ IEEE80211_FC0_TYPE_CTL, "control" },
+	{ 0, NULL }
+};
+static const struct tok ieee80211_mgt_subtypes[] = {
+	{ IEEE80211_FC0_SUBTYPE_ASSOC_REQ, "assocreq" },
+	{ IEEE80211_FC0_SUBTYPE_ASSOC_REQ, "assoc-req" },
+	{ IEEE80211_FC0_SUBTYPE_ASSOC_RESP, "assocresp" },
+	{ IEEE80211_FC0_SUBTYPE_ASSOC_RESP, "assoc-resp" },
+	{ IEEE80211_FC0_SUBTYPE_REASSOC_REQ, "reassocreq" },
+	{ IEEE80211_FC0_SUBTYPE_REASSOC_REQ, "reassoc-req" },
+	{ IEEE80211_FC0_SUBTYPE_REASSOC_RESP, "reassocresp" },
+	{ IEEE80211_FC0_SUBTYPE_REASSOC_RESP, "reassoc-resp" },
+	{ IEEE80211_FC0_SUBTYPE_PROBE_REQ, "probereq" },
+	{ IEEE80211_FC0_SUBTYPE_PROBE_REQ, "probe-req" },
+	{ IEEE80211_FC0_SUBTYPE_PROBE_RESP, "proberesp" },
+	{ IEEE80211_FC0_SUBTYPE_PROBE_RESP, "probe-resp" },
+	{ IEEE80211_FC0_SUBTYPE_BEACON, "beacon" },
+	{ IEEE80211_FC0_SUBTYPE_ATIM, "atim" },
+	{ IEEE80211_FC0_SUBTYPE_DISASSOC, "disassoc" },
+	{ IEEE80211_FC0_SUBTYPE_DISASSOC, "disassociation" },
+	{ IEEE80211_FC0_SUBTYPE_AUTH, "auth" },
+	{ IEEE80211_FC0_SUBTYPE_AUTH, "authentication" },
+	{ IEEE80211_FC0_SUBTYPE_DEAUTH, "deauth" },
+	{ IEEE80211_FC0_SUBTYPE_DEAUTH, "deauthentication" },
+	{ 0, NULL }
+};
+static const struct tok ieee80211_ctl_subtypes[] = {
+	{ IEEE80211_FC0_SUBTYPE_PS_POLL, "ps-poll" },
+	{ IEEE80211_FC0_SUBTYPE_RTS, "rts" },
+	{ IEEE80211_FC0_SUBTYPE_CTS, "cts" },
+	{ IEEE80211_FC0_SUBTYPE_ACK, "ack" },
+	{ IEEE80211_FC0_SUBTYPE_CF_END, "cf-end" },
+	{ IEEE80211_FC0_SUBTYPE_CF_END_ACK, "cf-end-ack" },
+	{ 0, NULL }
+};
+static const struct tok ieee80211_data_subtypes[] = {
+	{ IEEE80211_FC0_SUBTYPE_DATA, "data" },
+	{ IEEE80211_FC0_SUBTYPE_CF_ACK, "data-cf-ack" },
+	{ IEEE80211_FC0_SUBTYPE_CF_POLL, "data-cf-poll" },
+	{ IEEE80211_FC0_SUBTYPE_CF_ACPL, "data-cf-ack-poll" },
+	{ IEEE80211_FC0_SUBTYPE_NODATA, "null" },
+	{ IEEE80211_FC0_SUBTYPE_NODATA_CF_ACK, "cf-ack" },
+	{ IEEE80211_FC0_SUBTYPE_NODATA_CF_POLL, "cf-poll"  },
+	{ IEEE80211_FC0_SUBTYPE_NODATA_CF_ACPL, "cf-ack-poll" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_DATA, "qos-data" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_CF_ACK, "qos-data-cf-ack" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_CF_POLL, "qos-data-cf-poll" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_CF_ACPL, "qos-data-cf-ack-poll" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_NODATA, "qos" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_NODATA_CF_POLL, "qos-cf-poll" },
+	{ IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_NODATA_CF_ACPL, "qos-cf-ack-poll" },
+	{ 0, NULL }
+};
+struct type2tok {
+	int type;
+	const struct tok *tok;
+};
+static const struct type2tok ieee80211_type_subtypes[] = {
+	{ IEEE80211_FC0_TYPE_MGT, ieee80211_mgt_subtypes },
+	{ IEEE80211_FC0_TYPE_CTL, ieee80211_ctl_subtypes },
+	{ IEEE80211_FC0_TYPE_DATA, ieee80211_data_subtypes },
+	{ 0, NULL }
+};
+
+static int
+str2tok(const char *str, const struct tok *toks)
+{
+	int i;
+
+	for (i = 0; toks[i].s != NULL; i++) {
+		if (pcap_strcasecmp(toks[i].s, str) == 0)
+			return (toks[i].v);
+	}
+	return (-1);
+}
+
 int n_errors = 0;

 static struct qual qerr = { Q_UNDEF, Q_UNDEF, Q_UNDEF, Q_UNDEF };

 static void
-yyerror(char *msg)
+yyerror(const char *msg)
 {
 	++n_errors;
 	bpf_error("%s", msg);
@ -85,6 +177,66 @@ pcap_parse()
 }
 #endif

+#ifdef HAVE_NET_PFVAR_H
+static int
+pfreason_to_num(const char *reason)
+{
+	const char *reasons[] = PFRES_NAMES;
+	int i;
+
+	for (i = 0; reasons[i]; i++) {
+		if (pcap_strcasecmp(reason, reasons[i]) == 0)
+			return (i);
+	}
+	bpf_error("unknown PF reason");
+	/*NOTREACHED*/
+}
+
+static int
+pfaction_to_num(const char *action)
+{
+	if (pcap_strcasecmp(action, "pass") == 0 ||
+	    pcap_strcasecmp(action, "accept") == 0)
+		return (PF_PASS);
+	else if (pcap_strcasecmp(action, "drop") == 0 ||
+		pcap_strcasecmp(action, "block") == 0)
+		return (PF_DROP);
+#if HAVE_PF_NAT_THROUGH_PF_NORDR
+	else if (pcap_strcasecmp(action, "rdr") == 0)
+		return (PF_RDR);
+	else if (pcap_strcasecmp(action, "nat") == 0)
+		return (PF_NAT);
+	else if (pcap_strcasecmp(action, "binat") == 0)
+		return (PF_BINAT);
+	else if (pcap_strcasecmp(action, "nordr") == 0)
+		return (PF_NORDR);
+#endif
+	else {
+		bpf_error("unknown PF action");
+		/*NOTREACHED*/
+	}
+}
+#else /* !HAVE_NET_PFVAR_H */
+static int
+pfreason_to_num(const char *reason)
+{
+	bpf_error("libpcap was compiled on a machine without pf support");
+	/*NOTREACHED*/
+
+	/* this is to make the VC compiler happy */
+	return -1;
+}
+
+static int
+pfaction_to_num(const char *action)
+{
+	bpf_error("libpcap was compiled on a machine without pf support");
+	/*NOTREACHED*/
+
+	/* this is to make the VC compiler happy */
+	return -1;
+}
+#endif /* HAVE_NET_PFVAR_H */
 %}

 %union {
@ -97,6 +249,7 @@ pcap_parse()
 	struct {
 		struct qual q;
 		int atmfieldtype;
+		int mtp3fieldtype;
 		struct block *b;
 	} blk;
 	struct block *rblk;
@ -108,18 +261,23 @@ pcap_parse()
 %type	<a>	arth narth
 %type	<i>	byteop pname pnum relop irelop
 %type	<blk>	and or paren not null prog
-%type	<rblk>	other pfvar
+%type	<rblk>	other pfvar p80211
 %type	<i>	atmtype atmmultitype
 %type	<blk>	atmfield
 %type	<blk>	atmfieldvalue atmvalue atmlistvalue
+%type	<i>	mtp2type
+%type	<blk>	mtp3field
+%type	<blk>	mtp3fieldvalue mtp3value mtp3listvalue
+

 %token  DST SRC HOST GATEWAY
-%token  NET NETMASK PORT LESS GREATER PROTO PROTOCHAIN CBYTE
+%token  NET NETMASK PORT PORTRANGE LESS GREATER PROTO PROTOCHAIN CBYTE
 %token  ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP
 %token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
 %token  PF_IFNAME PF_RSET PF_RNR PF_SRNR PF_REASON PF_ACTION
+%token	TYPE SUBTYPE DIR ADDR1 ADDR2 ADDR3 ADDR4 RA TA
 %token  LINK
 %token	GEQ LEQ NEQ
 %token	ID EID HID HID6 AID
@ -127,6 +285,7 @@ pcap_parse()
 %token  LEN
 %token  IPV6 ICMPV6 AH ESP
 %token	VLAN MPLS
+%token	PPPOED PPPOES
 %token  ISO ESIS CLNP ISIS L1 L2 IIH LSP SNP CSNP PSNP 
 %token  STP
 %token  IPX
@ -134,12 +293,15 @@ pcap_parse()
 %token	LANE LLC METAC BCC SC ILMIC OAMF4EC OAMF4SC
 %token	OAM OAMF4 CONNECTMSG METACONNECT
 %token	VPI VCI
+%token	RADIO
+%token	FISU LSSU MSU
+%token	SIO OPC DPC SLS

 %type	<s> ID
 %type	<e> EID
 %type	<e> AID
 %type	<s> HID HID6
-%type	<i> NUM action reason
+%type	<i> NUM action reason type subtype type_subtype dir

 %left OR AND
 %nonassoc  '!'
@ -181,6 +343,14 @@ nid:	  ID			{ $$.b = gen_scode($1, $$.q = $<blk>0.q); }
 	| HID			{
 				  /* Decide how to parse HID based on proto */
 				  $$.q = $<blk>0.q;
+				  if ($$.q.addr == Q_PORT)
+				  	bpf_error("'port' modifier applied to ip host");
+				  else if ($$.q.addr == Q_PORTRANGE)
+				  	bpf_error("'portrange' modifier applied to ip host");
+				  else if ($$.q.addr == Q_PROTO)
+				  	bpf_error("'proto' modifier applied to ip host");
+				  else if ($$.q.addr == Q_PROTOCHAIN)
+				  	bpf_error("'protochain' modifier applied to ip host");
 				  $$.b = gen_ncode($1, 0, $$.q);
 				}
 	| HID6 '/' NUM		{
@ -254,6 +424,8 @@ rterm:	  head id		{ $$ = $2; }
 	| atmtype		{ $$.b = gen_atmtype_abbrev($1); $$.q = qerr; }
 	| atmmultitype		{ $$.b = gen_atmmulti_abbrev($1); $$.q = qerr; }
 	| atmfield atmvalue	{ $$.b = $2.b; $$.q = qerr; }
+	| mtp2type		{ $$.b = gen_mtp2type_abbrev($1); $$.q = qerr; }
+	| mtp3field mtp3value	{ $$.b = $2.b; $$.q = qerr; }
 	;
 /* protocol level qualifiers */
 pqual:	  pname
@ -266,11 +438,18 @@ dqual:	  SRC			{ $$ = Q_SRC; }
 	| DST OR SRC		{ $$ = Q_OR; }
 	| SRC AND DST		{ $$ = Q_AND; }
 	| DST AND SRC		{ $$ = Q_AND; }
+	| ADDR1			{ $$ = Q_ADDR1; }
+	| ADDR2			{ $$ = Q_ADDR2; }
+	| ADDR3			{ $$ = Q_ADDR3; }
+	| ADDR4			{ $$ = Q_ADDR4; }
+	| RA			{ $$ = Q_RA; }
+	| TA			{ $$ = Q_TA; }
 	;
 /* address type qualifiers */
 aqual:	  HOST			{ $$ = Q_HOST; }
 	| NET			{ $$ = Q_NET; }
 	| PORT			{ $$ = Q_PORT; }
+	| PORTRANGE		{ $$ = Q_PORTRANGE; }
 	;
 /* non-directional address type qualifiers */
 ndaqual:  GATEWAY		{ $$ = Q_GATEWAY; }
@ -312,6 +491,7 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| STP			{ $$ = Q_STP; }
 	| IPX			{ $$ = Q_IPX; }
 	| NETBEUI		{ $$ = Q_NETBEUI; }
+	| RADIO			{ $$ = Q_RADIO; }
 	;
 other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| pqual TK_MULTICAST	{ $$ = gen_multicast($1); }
@ -324,7 +504,10 @@ other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| VLAN			{ $$ = gen_vlan(-1); }
 	| MPLS pnum		{ $$ = gen_mpls($2); }
 	| MPLS			{ $$ = gen_mpls(-1); }
+	| PPPOED		{ $$ = gen_pppoed(); }
+	| PPPOES		{ $$ = gen_pppoes(); }
 	| pfvar			{ $$ = $1; }
+	| pqual p80211		{ $$ = $2; }
 	;

 pfvar:	  PF_IFNAME ID		{ $$ = gen_pf_ifname($2); }
@ -335,31 +518,86 @@ pfvar:	  PF_IFNAME ID		{ $$ = gen_pf_ifname($2); }
 	| PF_ACTION action	{ $$ = gen_pf_action($2); }
 	;

-reason:	  NUM			{ $$ = $1; }
-	| ID			{ const char *reasons[] = PFRES_NAMES;
-				  int i;
-				  for (i = 0; reasons[i]; i++) {
-					  if (pcap_strcasecmp($1, reasons[i]) == 0) {
-						  $$ = i;
-						  break;
-					  }
-				  }
-				  if (reasons[i] == NULL)
-					  bpf_error("unknown PF reason");
+p80211:   TYPE type SUBTYPE subtype
+				{ $$ = gen_p80211_type($2 | $4,
+					IEEE80211_FC0_TYPE_MASK |
+					IEEE80211_FC0_SUBTYPE_MASK);
+				}
+	| TYPE type		{ $$ = gen_p80211_type($2,
+					IEEE80211_FC0_TYPE_MASK);
+				}
+	| SUBTYPE type_subtype	{ $$ = gen_p80211_type($2,
+					IEEE80211_FC0_TYPE_MASK |
+					IEEE80211_FC0_SUBTYPE_MASK);
+				}
+	| DIR dir		{ $$ = gen_p80211_fcdir($2); }
+	;
+
+type:	  NUM
+	| ID			{ $$ = str2tok($1, ieee80211_types);
+				  if ($$ == -1)
+				  	bpf_error("unknown 802.11 type name");
 				}
 	;

-action:	  ID			{ if (pcap_strcasecmp($1, "pass") == 0 ||
-				      pcap_strcasecmp($1, "accept") == 0)
-					$$ = PF_PASS;
-				  else if (pcap_strcasecmp($1, "drop") == 0 ||
-				      pcap_strcasecmp($1, "block") == 0)
-					$$ = PF_DROP;
-				  else
-					  bpf_error("unknown PF action");
+subtype:  NUM
+	| ID			{ const struct tok *types = NULL;
+				  int i;
+				  for (i = 0;; i++) {
+				  	if (ieee80211_type_subtypes[i].tok == NULL) {
+				  		/* Ran out of types */
+						bpf_error("unknown 802.11 type");
+						break;
+					}
+					if ($<i>-1 == ieee80211_type_subtypes[i].type) {
+						types = ieee80211_type_subtypes[i].tok;
+						break;
+					}
+				  }
+
+				  $$ = str2tok($1, types);
+				  if ($$ == -1)
+					bpf_error("unknown 802.11 subtype name");
 				}
 	;

+type_subtype:	ID		{ int i;
+				  for (i = 0;; i++) {
+				  	if (ieee80211_type_subtypes[i].tok == NULL) {
+				  		/* Ran out of types */
+						bpf_error("unknown 802.11 type name");
+						break;
+					}
+					$$ = str2tok($1, ieee80211_type_subtypes[i].tok);
+					if ($$ != -1) {
+						$$ |= ieee80211_type_subtypes[i].type;
+						break;
+					}
+				  }
+				}
+		;
+
+dir:	  NUM
+	| ID			{ if (pcap_strcasecmp($1, "nods") == 0)
+					$$ = IEEE80211_FC1_DIR_NODS;
+				  else if (pcap_strcasecmp($1, "tods") == 0)
+					$$ = IEEE80211_FC1_DIR_TODS;
+				  else if (pcap_strcasecmp($1, "fromds") == 0)
+					$$ = IEEE80211_FC1_DIR_FROMDS;
+				  else if (pcap_strcasecmp($1, "dstods") == 0)
+					$$ = IEEE80211_FC1_DIR_DSTODS;
+				  else
+					bpf_error("unknown 802.11 direction");
+				}
+	;
+
+reason:	  NUM			{ $$ = $1; }
+	| ID			{ $$ = pfreason_to_num($1); }
+	;
+
+action:	  ID			{ $$ = pfaction_to_num($1); }
+	;
+
 relop:	  '>'			{ $$ = BPF_JGT; }
 	| GEQ			{ $$ = BPF_JGE; }
 	| '='			{ $$ = BPF_JEQ; }
@ -413,18 +651,46 @@ atmfield: VPI			{ $$.atmfieldtype = A_VPI; }
 	| VCI			{ $$.atmfieldtype = A_VCI; }
 	;
 atmvalue: atmfieldvalue
-	| relop NUM		{ $$.b = gen_atmfield_code($<blk>0.atmfieldtype, (u_int)$2, (u_int)$1, 0); }
-	| irelop NUM		{ $$.b = gen_atmfield_code($<blk>0.atmfieldtype, (u_int)$2, (u_int)$1, 1); }
+	| relop NUM		{ $$.b = gen_atmfield_code($<blk>0.atmfieldtype, (bpf_int32)$2, (bpf_u_int32)$1, 0); }
+	| irelop NUM		{ $$.b = gen_atmfield_code($<blk>0.atmfieldtype, (bpf_int32)$2, (bpf_u_int32)$1, 1); }
 	| paren atmlistvalue ')' { $$.b = $2.b; $$.q = qerr; }
 	;
 atmfieldvalue: NUM {
 	$$.atmfieldtype = $<blk>0.atmfieldtype;
 	if ($$.atmfieldtype == A_VPI ||
 	    $$.atmfieldtype == A_VCI)
-		$$.b = gen_atmfield_code($$.atmfieldtype, (u_int) $1, BPF_JEQ, 0);
+		$$.b = gen_atmfield_code($$.atmfieldtype, (bpf_int32) $1, BPF_JEQ, 0);
 	}
 	;
 atmlistvalue: atmfieldvalue
 	| atmlistvalue or atmfieldvalue { gen_or($1.b, $3.b); $$ = $3; }
 	;
+	/* MTP2 types quantifier */
+mtp2type: FISU			{ $$ = M_FISU; }
+	| LSSU			{ $$ = M_LSSU; }
+	| MSU			{ $$ = M_MSU; }
+	;
+	/* MTP3 field types quantifier */
+mtp3field: SIO			{ $$.mtp3fieldtype = M_SIO; }
+	| OPC			{ $$.mtp3fieldtype = M_OPC; }
+	| DPC			{ $$.mtp3fieldtype = M_DPC; }
+	| SLS                   { $$.mtp3fieldtype = M_SLS; }
+	;
+mtp3value: mtp3fieldvalue
+	| relop NUM		{ $$.b = gen_mtp3field_code($<blk>0.mtp3fieldtype, (u_int)$2, (u_int)$1, 0); }
+	| irelop NUM		{ $$.b = gen_mtp3field_code($<blk>0.mtp3fieldtype, (u_int)$2, (u_int)$1, 1); }
+	| paren mtp3listvalue ')' { $$.b = $2.b; $$.q = qerr; }
+	;
+mtp3fieldvalue: NUM {
+	$$.mtp3fieldtype = $<blk>0.mtp3fieldtype;
+	if ($$.mtp3fieldtype == M_SIO ||
+	    $$.mtp3fieldtype == M_OPC ||
+	    $$.mtp3fieldtype == M_DPC ||
+	    $$.mtp3fieldtype == M_SLS )
+		$$.b = gen_mtp3field_code($$.mtp3fieldtype, (u_int) $1, BPF_JEQ, 0);
+	}
+	;
+mtp3listvalue: mtp3fieldvalue
+	| mtp3listvalue or mtp3fieldvalue { gen_or($1.b, $3.b); $$ = $3; }
+	;
 %%
--- a/ieee80211.h
+++ b/ieee80211.h
@ -0,0 +1,146 @@
+/*-
+ * Copyright (c) 2001 Atsushi Onoe
+ * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * Alternatively, this software may be distributed under the terms of the
+ * GNU General Public License ("GPL") version 2 as published by the Free
+ * Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD: src/sys/net80211/ieee80211.h,v 1.10 2005/07/22 16:55:27 sam Exp $
+ */
+#ifndef _NET80211_IEEE80211_H_
+#define _NET80211_IEEE80211_H_
+
+/*
+ * 802.11 protocol definitions.
+ */
+
+#define	IEEE80211_FC0_VERSION_MASK		0x03
+#define	IEEE80211_FC0_VERSION_SHIFT		0
+#define	IEEE80211_FC0_VERSION_0			0x00
+#define	IEEE80211_FC0_TYPE_MASK			0x0c
+#define	IEEE80211_FC0_TYPE_SHIFT		2
+#define	IEEE80211_FC0_TYPE_MGT			0x00
+#define	IEEE80211_FC0_TYPE_CTL			0x04
+#define	IEEE80211_FC0_TYPE_DATA			0x08
+
+#define	IEEE80211_FC0_SUBTYPE_MASK		0xf0
+#define	IEEE80211_FC0_SUBTYPE_SHIFT		4
+/* for TYPE_MGT */
+#define	IEEE80211_FC0_SUBTYPE_ASSOC_REQ		0x00
+#define	IEEE80211_FC0_SUBTYPE_ASSOC_RESP	0x10
+#define	IEEE80211_FC0_SUBTYPE_REASSOC_REQ	0x20
+#define	IEEE80211_FC0_SUBTYPE_REASSOC_RESP	0x30
+#define	IEEE80211_FC0_SUBTYPE_PROBE_REQ		0x40
+#define	IEEE80211_FC0_SUBTYPE_PROBE_RESP	0x50
+#define	IEEE80211_FC0_SUBTYPE_BEACON		0x80
+#define	IEEE80211_FC0_SUBTYPE_ATIM		0x90
+#define	IEEE80211_FC0_SUBTYPE_DISASSOC		0xa0
+#define	IEEE80211_FC0_SUBTYPE_AUTH		0xb0
+#define	IEEE80211_FC0_SUBTYPE_DEAUTH		0xc0
+/* for TYPE_CTL */
+#define	IEEE80211_FC0_SUBTYPE_PS_POLL		0xa0
+#define	IEEE80211_FC0_SUBTYPE_RTS		0xb0
+#define	IEEE80211_FC0_SUBTYPE_CTS		0xc0
+#define	IEEE80211_FC0_SUBTYPE_ACK		0xd0
+#define	IEEE80211_FC0_SUBTYPE_CF_END		0xe0
+#define	IEEE80211_FC0_SUBTYPE_CF_END_ACK	0xf0
+/* for TYPE_DATA (bit combination) */
+#define	IEEE80211_FC0_SUBTYPE_DATA		0x00
+#define	IEEE80211_FC0_SUBTYPE_CF_ACK		0x10
+#define	IEEE80211_FC0_SUBTYPE_CF_POLL		0x20
+#define	IEEE80211_FC0_SUBTYPE_CF_ACPL		0x30
+#define	IEEE80211_FC0_SUBTYPE_NODATA		0x40
+#define	IEEE80211_FC0_SUBTYPE_NODATA_CF_ACK	0x50
+#define	IEEE80211_FC0_SUBTYPE_NODATA_CF_POLL	0x60
+#define	IEEE80211_FC0_SUBTYPE_NODATA_CF_ACPL	0x70
+#define	IEEE80211_FC0_SUBTYPE_QOS		0x80
+#define	IEEE80211_FC0_SUBTYPE_QOS_NULL		0xc0
+
+#define	IEEE80211_FC1_DIR_MASK			0x03
+#define	IEEE80211_FC1_DIR_NODS			0x00	/* STA->STA */
+#define	IEEE80211_FC1_DIR_TODS			0x01	/* STA->AP  */
+#define	IEEE80211_FC1_DIR_FROMDS		0x02	/* AP ->STA */
+#define	IEEE80211_FC1_DIR_DSTODS		0x03	/* AP ->AP  */
+
+#define	IEEE80211_FC1_MORE_FRAG			0x04
+#define	IEEE80211_FC1_RETRY			0x08
+#define	IEEE80211_FC1_PWR_MGT			0x10
+#define	IEEE80211_FC1_MORE_DATA			0x20
+#define	IEEE80211_FC1_WEP			0x40
+#define	IEEE80211_FC1_ORDER			0x80
+
+#define	IEEE80211_SEQ_FRAG_MASK			0x000f
+#define	IEEE80211_SEQ_FRAG_SHIFT		0
+#define	IEEE80211_SEQ_SEQ_MASK			0xfff0
+#define	IEEE80211_SEQ_SEQ_SHIFT			4
+
+#define	IEEE80211_NWID_LEN			32
+
+#define	IEEE80211_QOS_TXOP			0x00ff
+/* bit 8 is reserved */
+#define	IEEE80211_QOS_ACKPOLICY			0x60
+#define	IEEE80211_QOS_ACKPOLICY_S		5
+#define	IEEE80211_QOS_ESOP			0x10
+#define	IEEE80211_QOS_ESOP_S			4
+#define	IEEE80211_QOS_TID			0x0f
+
+#define IEEE80211_MGT_SUBTYPE_NAMES {			\
+	"assoc-req",		"assoc-resp",		\
+	"reassoc-req",		"reassoc-resp",		\
+	"probe-req",		"probe-resp",		\
+	"reserved#6",		"reserved#7",		\
+	"beacon",		"atim",			\
+	"disassoc",		"auth",			\
+	"deauth",		"reserved#13",		\
+	"reserved#14",		"reserved#15"		\
+}
+
+#define IEEE80211_CTL_SUBTYPE_NAMES {			\
+	"reserved#0",		"reserved#1",		\
+	"reserved#2",		"reserved#3",		\
+	"reserved#3",		"reserved#5",		\
+	"reserved#6",		"reserved#7",		\
+	"reserved#8",		"reserved#9",		\
+	"ps-poll",		"rts",			\
+	"cts",			"ack",			\
+	"cf-end",		"cf-end-ack"		\
+}
+
+#define IEEE80211_DATA_SUBTYPE_NAMES {			\
+	"data",			"data-cf-ack",		\
+	"data-cf-poll",		"data-cf-ack-poll",	\
+	"null",			"cf-ack",		\
+	"cf-poll",		"cf-ack-poll",		\
+	"qos-data",		"qos-data-cf-ack",	\
+	"qos-data-cf-poll",	"qos-data-cf-ack-poll",	\
+	"qos",			"reserved#13",		\
+	"qos-cf-poll",		"qos-cf-ack-poll"	\
+}
+
+#define IEEE80211_TYPE_NAMES	{ "mgt", "ctl", "data", "reserved#4" }
+
+#endif /* _NET80211_IEEE80211_H_ */
--- a/inet.c
+++ b/inet.c
@ -34,7 +34,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.66 2005-02-10 19:38:06 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.79 2008-04-20 18:19:02 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -134,28 +134,6 @@ add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
 	pcap_if_t *curdev, *prevdev, *nextdev;
 	int this_instance;

-	/*
-	 * Can we open this interface for live capture?
-	 *
-	 * We do this check so that interfaces that ae supplied
-	 * by the interface enumeration mechanism we're using
-	 * but that don't support packet capture aren't included
-	 * in the list.  An example of this is loopback interfaces
-	 * on Solaris; we don't just omit loopback interfaces
-	 * becaue you *can* capture on loopback interfaces on some
-	 * OSes.
-	 */
-	p = pcap_open_live(name, 68, 0, 0, errbuf);
-	if (p == NULL) {
-		/*
-		 * No.  Don't bother including it.
-		 * Don't treat this as an error, though.
-		 */
-		*curdev_ret = NULL;
-		return (0);
-	}
-	pcap_close(p);
-
 	/*
 	 * Is there already an entry in the list for this interface?
 	 */
@ -163,9 +141,74 @@ add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
 		if (strcmp(name, curdev->name) == 0)
 			break;	/* yes, we found it */
 	}
+
 	if (curdev == NULL) {
 		/*
 		 * No, we didn't find it.
+		 *
+		 * Can we open this interface for live capture?
+		 *
+		 * We do this check so that interfaces that are
+		 * supplied by the interface enumeration mechanism
+		 * we're using but that don't support packet capture
+		 * aren't included in the list.  Loopback interfaces
+		 * on Solaris are an example of this; we don't just
+		 * omit loopback interfaces on all platforms because
+		 * you *can* capture on loopback interfaces on some
+		 * OSes.
+		 *
+		 * On OS X, we don't do this check if the device
+		 * name begins with "wlt"; at least some versions
+		 * of OS X offer monitor mode capturing by having
+		 * a separate "monitor mode" device for each wireless
+		 * adapter, rather than by implementing the ioctls
+		 * that {Free,Net,Open,DragonFly}BSD provide.
+		 * Opening that device puts the adapter into monitor
+		 * mode, which, at least for some adapters, causes
+		 * them to deassociate from the network with which
+		 * they're associated.
+		 *
+		 * Instead, we try to open the corresponding "en"
+		 * device (so that we don't end up with, for users
+		 * without sufficient privilege to open capture
+		 * devices, a list of adapters that only includes
+		 * the wlt devices).
+		 */
+#ifdef __APPLE__
+		if (strncmp(name, "wlt", 3) == 0) {
+			char *en_name;
+			size_t en_name_len;
+
+			/*
+			 * Try to allocate a buffer for the "en"
+			 * device's name.
+			 */
+			en_name_len = strlen(name) - 1;
+			en_name = malloc(en_name_len + 1);
+			if (en_name == NULL) {
+				(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
+				    "malloc: %s", pcap_strerror(errno));
+				return (-1);
+			}
+			strcpy(en_name, "en");
+			strcat(en_name, name + 3);
+			p = pcap_open_live(en_name, 68, 0, 0, errbuf);
+			free(en_name);
+		} else
+#endif /* __APPLE */
+		p = pcap_open_live(name, 68, 0, 0, errbuf);
+		if (p == NULL) {
+			/*
+			 * No.  Don't bother including it.
+			 * Don't treat this as an error, though.
+			 */
+			*curdev_ret = NULL;
+			return (0);
+		}
+		pcap_close(p);
+
+		/*
+		 * Yes, we can open it.
 		 * Allocate a new entry.
 		 */
 		curdev = malloc(sizeof(pcap_if_t));
@ -179,14 +222,25 @@ add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
 		 * Fill in the entry.
 		 */
 		curdev->next = NULL;
-		curdev->name = malloc(strlen(name) + 1);
-		strcpy(curdev->name, name);
+		curdev->name = strdup(name);
+		if (curdev->name == NULL) {
+			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
+			    "malloc: %s", pcap_strerror(errno));
+			free(curdev);
+			return (-1);
+		}
 		if (description != NULL) {
 			/*
 			 * We have a description for this interface.
 			 */
-			curdev->description = malloc(strlen(description) + 1);
-			strcpy(curdev->description, description);
+			curdev->description = strdup(description);
+			if (curdev->description == NULL) {
+				(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
+				    "malloc: %s", pcap_strerror(errno));
+				free(curdev->name);
+				free(curdev);
+				return (-1);
+			}
 		} else {
 			/*
 			 * We don't.
@ -302,6 +356,52 @@ add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
 	return (0);
 }

+/*
+ * XXX - on FreeBSDs that support it, should it get the sysctl named
+ * "dev.{adapter family name}.{adapter unit}.%desc" to get a description
+ * of the adapter?  Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800"
+ * with my Cisco 350 card, so the name isn't entirely descriptive.  The
+ * "dev.an.0.%pnpinfo" has a better description, although one might argue
+ * that the problem is really a driver bug - if it can find out that it's
+ * a Cisco 340 or 350, rather than an old Aironet card, it should use
+ * that in the description.
+ *
+ * Do NetBSD, DragonflyBSD, or OpenBSD support this as well?  FreeBSD
+ * and OpenBSD let you get a description, but it's not generated by the OS,
+ * it's set with another ioctl that ifconfig supports; we use that to get
+ * a description in FreeBSD and OpenBSD, but if there is no such
+ * description available, it still might be nice to get some description
+ * string based on the device type or something such as that.
+ *
+ * In OS X, the System Configuration framework can apparently return
+ * names in 10.4 and later.
+ *
+ * It also appears that freedesktop.org's HAL offers an "info.product"
+ * string, but the HAL specification says it "should not be used in any
+ * UI" and "subsystem/capability specific properties" should be used
+ * instead and, in any case, I think HAL is being deprecated in
+ * favor of other stuff such as DeviceKit.  DeviceKit doesn't appear
+ * to have any obvious product information for devices, but maybe
+ * I haven't looked hard enough.
+ *
+ * Using the System Configuration framework, or HAL, or DeviceKit, or
+ * whatever, would require that libpcap applications be linked with
+ * the frameworks/libraries in question.  That shouldn't be a problem
+ * for programs linking with the shared version of libpcap (unless
+ * you're running on AIX - which I think is the only UN*X that doesn't
+ * support linking a shared library with other libraries on which it
+ * depends, and having an executable linked only with the first shared
+ * library automatically pick up the other libraries when started -
+ * and using HAL or whatever).  Programs linked with the static
+ * version of libpcap would have to use pcap-config with the --static
+ * flag in order to get the right linker flags in order to pick up
+ * the additional libraries/frameworks; those programs need that anyway
+ * for libpcap 1.1 and beyond on Linux, as, by default, it requires
+ * -lnl.
+ *
+ * Do any other UN*Xes, or desktop environments support getting a
+ * description?
+ */
 int
 add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
    struct sockaddr *addr, size_t addr_size,
@ -311,14 +411,91 @@ add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
    char *errbuf)
 {
 	pcap_if_t *curdev;
+	char *description = NULL;
 	pcap_addr_t *curaddr, *prevaddr, *nextaddr;
+#ifdef SIOCGIFDESCR
+	int s;
+	struct ifreq ifrdesc;
+#ifndef IFDESCRSIZE
+	size_t descrlen = 64;
+#else
+	size_t descrlen = IFDESCRSIZE;
+#endif /* IFDESCRSIZE */
+#endif /* SIOCGIFDESCR */

-	if (add_or_find_if(&curdev, alldevs, name, flags, NULL, errbuf) == -1) {
+#ifdef SIOCGIFDESCR
+	/*
+	 * Get the description for the interface.
+	 */
+	memset(&ifrdesc, 0, sizeof ifrdesc);
+	strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
+	s = socket(AF_INET, SOCK_DGRAM, 0);
+	if (s >= 0) {
+#ifdef __FreeBSD__
+		/*
+		 * On FreeBSD, if the buffer isn't big enough for the
+		 * description, the ioctl succeeds, but the description
+		 * isn't copied, ifr_buffer.length is set to the description
+		 * length, and ifr_buffer.buffer is set to NULL.
+		 */
+		for (;;) {
+			free(description);
+			if ((description = malloc(descrlen)) != NULL) {
+				ifrdesc.ifr_buffer.buffer = description;
+				ifrdesc.ifr_buffer.length = descrlen;
+				if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
+					if (ifrdesc.ifr_buffer.buffer ==
+					    description)
+						break;
+					else
+						descrlen = ifrdesc.ifr_buffer.length;
+				} else {
+					/*
+					 * Failed to get interface description.
+					 */
+					free(description);
+					description = NULL;
+					break;
+				}
+			} else
+				break;
+		}
+#else /* __FreeBSD__ */
+		/*
+		 * The only other OS that currently supports
+		 * SIOCGIFDESCR is OpenBSD, and it has no way
+		 * to get the description length - it's clamped
+		 * to a maximum of IFDESCRSIZE.
+		 */
+		if ((description = malloc(descrlen)) != NULL) {
+			ifrdesc.ifr_data = (caddr_t)description;
+			if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
+				/*
+				 * Failed to get interface description.
+				 */
+				free(description);
+				description = NULL;
+			}
+		} else
+			break;
+#endif /* __FreeBSD__ */
+		close(s);
+		if (description != NULL && strlen(description) == 0) {
+			free(description);
+			description = NULL;
+		}
+	}
+#endif /* SIOCGIFDESCR */
+
+	if (add_or_find_if(&curdev, alldevs, name, flags, description,
+	    errbuf) == -1) {
+		free(description);
 		/*
 		 * Error - give up.
 		 */
 		return (-1);
 	}
+	free(description);
 	if (curdev == NULL) {
 		/*
 		 * Device wasn't added because it can't be opened.
@ -357,6 +534,8 @@ add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
 		if (curaddr->netmask == NULL) {
 			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
 			    "malloc: %s", pcap_strerror(errno));
+			if (curaddr->addr != NULL)
+				free(curaddr->addr);
 			free(curaddr);
 			return (-1);
 		}
@ -368,6 +547,10 @@ add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
 		if (curaddr->broadaddr == NULL) {
 			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
 			    "malloc: %s", pcap_strerror(errno));
+			if (curaddr->netmask != NULL)
+				free(curaddr->netmask);
+			if (curaddr->addr != NULL)
+				free(curaddr->addr);
 			free(curaddr);
 			return (-1);
 		}
@ -379,6 +562,12 @@ add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
 		if (curaddr->dstaddr == NULL) {
 			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
 			    "malloc: %s", pcap_strerror(errno));
+			if (curaddr->broadaddr != NULL)
+				free(curaddr->broadaddr);
+			if (curaddr->netmask != NULL)
+				free(curaddr->netmask);
+			if (curaddr->addr != NULL)
+				free(curaddr->addr);
 			free(curaddr);
 			return (-1);
 		}
@ -527,7 +716,7 @@ pcap_lookupnet(device, netp, maskp, errbuf)
 	register char *errbuf;
 {
 	register int fd;
-	register struct sockaddr_in *sin;
+	register struct sockaddr_in *sin4;
 	struct ifreq ifr;

 	/*
@ -538,6 +727,21 @@ pcap_lookupnet(device, netp, maskp, errbuf)
 	if (!device || strcmp(device, "any") == 0
 #ifdef HAVE_DAG_API
 	    || strstr(device, "dag") != NULL
+#endif
+#ifdef HAVE_SEPTEL_API
+	    || strstr(device, "septel") != NULL
+#endif
+#ifdef PCAP_SUPPORT_BT
+	    || strstr(device, "bluetooth") != NULL
+#endif
+#ifdef PCAP_SUPPORT_USB
+	    || strstr(device, "usbmon") != NULL
+#endif
+#ifdef HAVE_SNF_API
+	    || strstr(device, "snf") != NULL
+#endif
+#ifdef PCAP_SUPPORT_DECT
+	    || strstr(device, "dect") != NULL
 #endif
 	    ) {
 		*netp = *maskp = 0;
@ -568,8 +772,14 @@ pcap_lookupnet(device, netp, maskp, errbuf)
 		(void)close(fd);
 		return (-1);
 	}
-	sin = (struct sockaddr_in *)&ifr.ifr_addr;
-	*netp = sin->sin_addr.s_addr;
+	sin4 = (struct sockaddr_in *)&ifr.ifr_addr;
+	*netp = sin4->sin_addr.s_addr;
+	memset(&ifr, 0, sizeof(ifr));
+#ifdef linux
+	/* XXX Work around Linux kernel bug */
+	ifr.ifr_addr.sa_family = AF_INET;
+#endif
+	(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
 	if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) {
 		(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
 		    "SIOCGIFNETMASK: %s: %s", device, pcap_strerror(errno));
@ -577,7 +787,7 @@ pcap_lookupnet(device, netp, maskp, errbuf)
 		return (-1);
 	}
 	(void)close(fd);
-	*maskp = sin->sin_addr.s_addr;
+	*maskp = sin4->sin_addr.s_addr;
 	if (*maskp == 0) {
 		if (IN_CLASSA(*netp))
 			*maskp = IN_CLASSA_NET;
@ -671,8 +881,10 @@ pcap_lookupdev(errbuf)
 		 */
 		while(NAdapts--)
 		{
-			strcpy((char*)tUstr, tAstr);
-			(char*)tUstr += strlen(tAstr) + 1;;
+			char* tmp = (char*)tUstr;
+			strcpy(tmp, tAstr);
+			tmp += strlen(tAstr) + 1;
+			tUstr = (WCHAR*)tmp;
 			tAstr += strlen(tAstr) + 1;
 		}

--- a/2
+++ b/2
@ -13,7 +13,7 @@
 #	@(#)mkdep.sh	5.11 (Berkeley) 5/5/88
 #

-PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin
+PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin:/usr/sfw/bin
 export PATH

 MAKE=Makefile			# default makefile name is "Makefile"
--- a/msdos/pktdrvr.c
+++ b/msdos/pktdrvr.c
@ -21,7 +21,6 @@
 #include <string.h>
 #include <dos.h>

-#include "gnuc.h"
 #include "pcap-dos.h"
 #include "pcap-int.h"
 #include "msdos/pktdrvr.h"
@ -61,7 +60,7 @@


 #if (DOSX & (DJGPP|DOS4GW))
-  #include <sys/packon.h>
+  #include <sys/pack_on.h>

  struct DPMI_regs {
         DWORD  r_di;
@ -91,7 +90,7 @@
          WORD       _fanIndex;
          BYTE       _PktReceiver[15]; /* starts on a paragraph (16byte) */
        } PktRealStub;
-  #include <sys/packoff.h>
+  #include <sys/pack_off.h>

  static BYTE real_stub_array [] = {
         #include "pkt_stub.inc"       /* generated opcode array */
--- a/nametoaddr.c
+++ b/nametoaddr.c
@ -24,13 +24,18 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.77 2005-03-27 22:26:25 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.83 2008-02-06 10:21:30 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif

+#ifdef DECNETLIB
+#include <sys/types.h>
+#include <netdnet/dnetdb.h>
+#endif
+
 #ifdef WIN32
 #include <pcap-stdinc.h>

@ -44,13 +49,6 @@ static const char rcsid[] _U_ =
 #include <netinet/in.h>
 #endif /* WIN32 */

-/*
- * XXX - why was this included even on UNIX?
- */
-#ifdef __MINGW32__
-#include "IP6_misc.h"
-#endif
-
 #ifndef WIN32
 #ifdef HAVE_ETHER_HOSTTON
 /*
@ -74,13 +72,13 @@ struct rtentry;		/* declarations in <net/if.h> */
 #include <ctype.h>
 #include <errno.h>
 #include <stdlib.h>
-#include <memory.h>
+#include <string.h>
 #include <stdio.h>

 #include "pcap-int.h"

 #include "gencode.h"
-#include <pcap-namedb.h>
+#include <pcap/namedb.h>

 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
@ -216,6 +214,51 @@ pcap_nametoport(const char *name, int *port, int *proto)
 	return 0;
 }

+/*
+ * Convert a string in the form PPP-PPP, where correspond to ports, to
+ * a starting and ending port in a port range.
+ * Return 0 on failure.
+ */
+int
+pcap_nametoportrange(const char *name, int *port1, int *port2, int *proto)
+{
+	u_int p1, p2;
+	char *off, *cpy;
+	int save_proto;
+
+	if (sscanf(name, "%d-%d", &p1, &p2) != 2) {
+		if ((cpy = strdup(name)) == NULL)
+			return 0;
+
+		if ((off = strchr(cpy, '-')) == NULL) {
+			free(cpy);
+			return 0;
+		}
+
+		*off = '\0';
+
+		if (pcap_nametoport(cpy, port1, proto) == 0) {
+			free(cpy);
+			return 0;
+		}
+		save_proto = *proto;
+
+		if (pcap_nametoport(off + 1, port2, proto) == 0) {
+			free(cpy);
+			return 0;
+		}
+
+		if (*proto != save_proto)
+			*proto = PROTO_UNDEF;
+	} else {
+		*port1 = p1;
+		*port2 = p2;
+		*proto = PROTO_UNDEF;
+	}
+
+	return 1;
+}
+
 int
 pcap_nametoproto(const char *str)
 {
@ -231,7 +274,7 @@ pcap_nametoproto(const char *str)
 #include "ethertype.h"

 struct eproto {
-	char *s;
+	const char *s;
 	u_short p;
 };

@ -343,7 +386,7 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)

 	u_int node, area;

-	if (sscanf((char *)s, "%d.%d", &area, &node) != 2)
+	if (sscanf(s, "%d.%d", &area, &node) != 2)
 		bpf_error("malformed decnet address '%s'", s);

 	*addr = (area << AREASHIFT) & AREAMASK;
@ -353,7 +396,15 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
 }

 /*
- * Convert 's' which has the form "xx:xx:xx:xx:xx:xx" into a new
+ * Convert 's', which can have the one of the forms:
+ *
+ *	"xx:xx:xx:xx:xx:xx"
+ *	"xx.xx.xx.xx.xx.xx"
+ *	"xx-xx-xx-xx-xx-xx"
+ *	"xxxx.xxxx.xxxx"
+ *	"xxxxxxxxxxxx"
+ *
+ * (or various mixes of ':', '.', and '-') into a new
 * ethernet address.  Assumes 's' is well formed.
 */
 u_char *
@ -365,7 +416,7 @@ pcap_ether_aton(const char *s)
 	e = ep = (u_char *)malloc(6);

 	while (*s) {
-		if (*s == ':')
+		if (*s == ':' || *s == '.' || *s == '-')
 			s += 1;
 		d = xdtoi(*s++);
 		if (isxdigit((unsigned char)*s)) {
@ -413,6 +464,11 @@ pcap_ether_hostton(const char *name)
 #else

 #if !defined(HAVE_DECL_ETHER_HOSTTON) || !HAVE_DECL_ETHER_HOSTTON
+#ifndef HAVE_STRUCT_ETHER_ADDR
+struct ether_addr {
+	unsigned char ether_addr_octet[6];
+};
+#endif
 extern int ether_hostton(const char *, struct ether_addr *);
 #endif

@ -424,7 +480,7 @@ pcap_ether_hostton(const char *name)
 	u_char a[6];

 	ap = NULL;
-	if (ether_hostton((char *)name, (struct ether_addr *)a) == 0) {
+	if (ether_hostton(name, (struct ether_addr *)a) == 0) {
 		ap = (u_char *)malloc(6);
 		if (ap != NULL)
 			memcpy((char *)ap, (char *)a, 6);
--- a/optimize.c
+++ b/optimize.c
@ -22,13 +22,27 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.85 2005-04-04 08:42:18 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.91 2008-01-02 04:16:46 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif

+#ifdef WIN32
+#include <pcap-stdinc.h>
+#else /* WIN32 */
+#if HAVE_INTTYPES_H
+#include <inttypes.h>
+#elif HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#include <sys/types.h>
+#endif /* WIN32 */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <memory.h>
@ -53,6 +67,10 @@ extern int _w32_ffs (int mask);
 #define ffs _w32_ffs
 #endif

+#if defined(WIN32) && defined (_MSC_VER)
+int ffs(int mask);
+#endif
+
 /*
 * Represents a deleted instruction.
 */
@ -624,7 +642,7 @@ fold_op(s, v0, v1)
 	struct stmt *s;
 	int v0, v1;
 {
-	bpf_int32 a, b;
+	bpf_u_int32 a, b;

 	a = vmap[v0].const_val;
 	b = vmap[v1].const_val;
@ -905,6 +923,17 @@ opt_peep(b)
 		if (b->s.k == 0xffffffff)
 			JF(b) = JT(b);
 	}
+	/*
+	 * If we're comparing against the index register, and the index
+	 * register is a known constant, we can just compare against that
+	 * constant.
+	 */
+	val = b->val[X_ATOM];
+	if (vmap[val].is_const && BPF_SRC(b->s.code) == BPF_X) {
+		bpf_int32 v = vmap[val].const_val;
+		b->s.code &= ~BPF_X;
+		b->s.k = v;
+	}
 	/*
 	 * If the accumulator is a known constant, we can compute the
 	 * comparison result.
@ -1823,9 +1852,9 @@ intern_blocks(root)
 {
 	struct block *p;
 	int i, j;
-	int done;
+	int done1; /* don't shadow global */
 top:
-	done = 1;
+	done1 = 1;
 	for (i = 0; i < n_blocks; ++i)
 		blocks[i]->link = 0;

@ -1849,15 +1878,15 @@ intern_blocks(root)
 		if (JT(p) == 0)
 			continue;
 		if (JT(p)->link) {
-			done = 0;
+			done1 = 0;
 			JT(p) = JT(p)->link;
 		}
 		if (JF(p)->link) {
-			done = 0;
+			done1 = 0;
 			JF(p) = JF(p)->link;
 		}
 	}
-	if (!done)
+	if (!done1)
 		goto top;
 }

@ -1972,7 +2001,7 @@ opt_init(root)
 	 */
 	unMarkAll();
 	n = count_blocks(root);
-	blocks = (struct block **)malloc(n * sizeof(*blocks));
+	blocks = (struct block **)calloc(n, sizeof(*blocks));
 	if (blocks == NULL)
 		bpf_error("malloc");
 	unMarkAll();
@ -1980,14 +2009,14 @@ opt_init(root)
 	number_blks_r(root);

 	n_edges = 2 * n_blocks;
-	edges = (struct edge **)malloc(n_edges * sizeof(*edges));
+	edges = (struct edge **)calloc(n_edges, sizeof(*edges));
 	if (edges == NULL)
 		bpf_error("malloc");

 	/*
 	 * The number of levels is bounded by the number of nodes.
 	 */
-	levels = (struct block **)malloc(n_blocks * sizeof(*levels));
+	levels = (struct block **)calloc(n_blocks, sizeof(*levels));
 	if (levels == NULL)
 		bpf_error("malloc");

@ -2034,8 +2063,8 @@ opt_init(root)
 	 * we'll need.
 	 */
 	maxval = 3 * max_stmts;
-	vmap = (struct vmapinfo *)malloc(maxval * sizeof(*vmap));
-	vnode_base = (struct valnode *)malloc(maxval * sizeof(*vnode_base));
+	vmap = (struct vmapinfo *)calloc(maxval, sizeof(*vmap));
+	vnode_base = (struct valnode *)calloc(maxval, sizeof(*vnode_base));
 	if (vmap == NULL || vnode_base == NULL)
 		bpf_error("malloc");
 }
@ -2124,7 +2153,7 @@ convert_code_r(p)
 	    {
 		int i;
 		int jt, jf;
-		char *ljerr = "%s for block-local relative jump: off=%d";
+		const char *ljerr = "%s for block-local relative jump: off=%d";

 #if 0
 		printf("code=%x off=%d %x %x\n", src->s.code,
@ -2216,6 +2245,20 @@ filled:
 /*
 * Convert flowgraph intermediate representation to the
 * BPF array representation.  Set *lenp to the number of instructions.
+ *
+ * This routine does *NOT* leak the memory pointed to by fp.  It *must
+ * not* do free(fp) before returning fp; doing so would make no sense,
+ * as the BPF array pointed to by the return value of icode_to_fcode()
+ * must be valid - it's being returned for use in a bpf_program structure.
+ *
+ * If it appears that icode_to_fcode() is leaking, the problem is that
+ * the program using pcap_compile() is failing to free the memory in
+ * the BPF program when it's done - the leak is in the program, not in
+ * the routine that happens to be allocating the memory.  (By analogy, if
+ * a program calls fopen() without ever calling fclose() on the FILE *,
+ * it will leak the FILE structure; the leak is not in fopen(), it's in
+ * the program.)  Change the program to use pcap_freecode() when it's
+ * done with the filter program.  See the pcap man page.
 */
 struct bpf_insn *
 icode_to_fcode(root, lenp)
@ -2262,6 +2305,15 @@ install_bpf_program(pcap_t *p, struct bpf_program *fp)
 {
 	size_t prog_size;

+	/*
+	 * Validate the program.
+	 */
+	if (!bpf_validate(fp->bf_insns, fp->bf_len)) {
+		snprintf(p->errbuf, sizeof(p->errbuf),
+			"BPF program is not valid");
+		return (-1);
+	}
+
 	/*
 	 * Free up any already installed program.
 	 */
--- a/org.tcpdump.chmod_bpf.plist
+++ b/org.tcpdump.chmod_bpf.plist
@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.tcpdump.chmod_bpf</string>
+	<key>RunAtLoad</key>
+	<true/>
+	<key>Program</key>
+	<string>/usr/local/bin/chmod_bpf</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/usr/local/bin/chmod_bpf</string>
+	</array>
+</dict>
+</plist>
--- a/packaging/pcap.spec
+++ b/packaging/pcap.spec
@ -1,65 +0,0 @@
-%define prefix   /usr
-%define version 0.9
-
-Summary: packet capture library
-Name: libpcap
-Version: %version
-Release: 1
-Group: Development/Libraries
-Copyright: BSD
-Source: libpcap-0.9-PRE-CVS.tar.gz
-BuildRoot: /tmp/%{name}-buildroot
-URL: http://www.tcpdump.org
-
-%description
-Packet-capture library LIBPCAP 0.9
-Now maintained by "The Tcpdump Group"
-See http://www.tcpdump.org
-Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
-
-%prep
-%setup
-
-%post
-ldconfig
-
-%build
-CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix
-make
-
-%install
-rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/{lib,include}
-mkdir -p $RPM_BUILD_ROOT/usr/share/man
-mkdir -p $RPM_BUILD_ROOT/usr/include/net
-mkdir -p $RPM_BUILD_ROOT/usr/man/man3
-make install DESTDIR=$RPM_BUILD_ROOT mandir=/usr/share/man
-cd $RPM_BUILD_ROOT/usr/lib
-V1=`echo 0.9 | sed 's/\\.[^\.]*$//g'`
-V2=`echo 0.9 | sed 's/\\.[^\.]*\.[^\.]*$//g'`
-ln -sf libpcap.so.0.9 libpcap.so.$V1
-if test "$V2" -ne "$V1"; then
-    ln -sf libpcap.so.$V1 libpcap.so.$V2
-    ln -sf libpcap.so.$V2 libpcap.so
-else
-    ln -sf libpcap.so.$V1 libpcap.so
-fi
-
-#install -m 755 -o root libpcap.a $RPM_BUILD_ROOT/usr/lib
-#install -m 644 -o root pcap.3 $RPM_BUILD_ROOT/usr/man/man3
-#install -m 644 -o root pcap.h $RPM_BUILD_ROOT/usr/include
-#install -m 644 -o root pcap-bpf.h $RPM_BUILD_ROOT/usr/include/net
-#install -m 644 -o root pcap-namedb.h $RPM_BUILD_ROOT/usr/include
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root)
-%doc LICENSE CHANGES INSTALL.txt README.linux TODO VERSION CREDITS packaging/pcap.spec
-/usr/lib/libpcap.a
-/usr/share/man/man3/*
-/usr/include/pcap.h
-/usr/include/pcap-bpf.h
-/usr/include/pcap-namedb.h
-/usr/lib/libpcap.so*
--- a/packaging/pcap.spec.in
+++ b/packaging/pcap.spec.in
@ -15,7 +15,7 @@ URL: http://www.tcpdump.org
 Packet-capture library LIBPCAP @VERSION@
 Now maintained by "The Tcpdump Group"
 See http://www.tcpdump.org
-Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
+Please send inquiries/comments/reports to tcpdump-workers@lists.tcpdump.org

 %prep
 %setup
@ -29,10 +29,6 @@ make

 %install
 rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/{lib,include}
-mkdir -p $RPM_BUILD_ROOT/usr/share/man
-mkdir -p $RPM_BUILD_ROOT/usr/include/net
-mkdir -p $RPM_BUILD_ROOT/usr/man/man3
 make install DESTDIR=$RPM_BUILD_ROOT mandir=/usr/share/man
 cd $RPM_BUILD_ROOT/usr/lib
 V1=`echo @VERSION@ | sed 's/\\.[^\.]*$//g'`
@ -45,12 +41,6 @@ else
    ln -sf libpcap.so.$V1 libpcap.so
 fi

-#install -m 755 -o root libpcap.a $RPM_BUILD_ROOT/usr/lib
-#install -m 644 -o root pcap.3 $RPM_BUILD_ROOT/usr/man/man3
-#install -m 644 -o root pcap.h $RPM_BUILD_ROOT/usr/include
-#install -m 644 -o root pcap-bpf.h $RPM_BUILD_ROOT/usr/include/net
-#install -m 644 -o root pcap-namedb.h $RPM_BUILD_ROOT/usr/include
-
 %clean
 rm -rf $RPM_BUILD_ROOT

@ -59,7 +49,10 @@ rm -rf $RPM_BUILD_ROOT
 %doc LICENSE CHANGES INSTALL.txt README.linux TODO VERSION CREDITS packaging/pcap.spec
 /usr/lib/libpcap.a
 /usr/share/man/man3/*
+/usr/share/man/man5/*
+/usr/share/man/man7/*
 /usr/include/pcap.h
+/usr/include/pcap/*.h
 /usr/include/pcap-bpf.h
 /usr/include/pcap-namedb.h
 /usr/lib/libpcap.so*
--- a/pcap-bpf.c
+++ b/pcap-bpf.c
--- a/pcap-bpf.h
+++ b/pcap-bpf.h
@ -35,644 +35,13 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.50 2007-04-01 21:43:55 guy Exp $ (LBL)
+ */
+
+/*
+ * For backwards compatibility.
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-bpf.h,v 1.35 2005-04-07 20:42:45 guy Exp $ (LBL)
+ * Note to OS vendors: do NOT get rid of this file!  Some applications
+ * might expect to be able to include <pcap-bpf.h>.
 */
-
-/*
- * This is libpcap's cut-down version of bpf.h; it includes only
- * the stuff needed for the code generator and the userland BPF
- * interpreter, and the libpcap APIs for setting filters, etc..
- *
- * "pcap-bpf.c" will include the native OS version, as it deals with
- * the OS's BPF implementation.
- *
- * XXX - should this all just be moved to "pcap.h"?
- */
-
-#ifndef BPF_MAJOR_VERSION
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BSD style release date */
-#define BPF_RELEASE 199606
-
-#ifdef MSDOS /* must be 32-bit */
-typedef long          bpf_int32;
-typedef unsigned long bpf_u_int32;
-#else
-typedef	int bpf_int32;
-typedef	u_int bpf_u_int32;
-#endif
-
-/*
- * Alignment macros.  BPF_WORDALIGN rounds up to the next 
- * even multiple of BPF_ALIGNMENT. 
- */
-#ifndef __NetBSD__
-#define BPF_ALIGNMENT sizeof(bpf_int32)
-#else
-#define BPF_ALIGNMENT sizeof(long)
-#endif
-#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
-
-#define BPF_MAXINSNS 512
-#define BPF_MAXBUFSIZE 0x8000
-#define BPF_MINBUFSIZE 32
-
-/*
- * Structure for "pcap_compile()", "pcap_setfilter()", etc..
- */
-struct bpf_program {
-	u_int bf_len;
-	struct bpf_insn *bf_insns;
-};
- 
-/*
- * Struct return by BIOCVERSION.  This represents the version number of 
- * the filter language described by the instruction encodings below.
- * bpf understands a program iff kernel_major == filter_major &&
- * kernel_minor >= filter_minor, that is, if the value returned by the
- * running kernel has the same major number and a minor number equal
- * equal to or less than the filter being downloaded.  Otherwise, the
- * results are undefined, meaning an error may be returned or packets
- * may be accepted haphazardly.
- * It has nothing to do with the source code version.
- */
-struct bpf_version {
-	u_short bv_major;
-	u_short bv_minor;
-};
-/* Current version number of filter architecture. */
-#define BPF_MAJOR_VERSION 1
-#define BPF_MINOR_VERSION 1
-
-/*
- * Data-link level type codes.
- *
- * Do *NOT* add new values to this list without asking
- * "tcpdump-workers@tcpdump.org" for a value.  Otherwise, you run the
- * risk of using a value that's already being used for some other purpose,
- * and of having tools that read libpcap-format captures not being able
- * to handle captures with your new DLT_ value, with no hope that they
- * will ever be changed to do so (as that would destroy their ability
- * to read captures using that value for that other purpose).
- */
-
-/*
- * These are the types that are the same on all platforms, and that
- * have been defined by <net/bpf.h> for ages.
- */
-#define DLT_NULL	0	/* BSD loopback encapsulation */
-#define DLT_EN10MB	1	/* Ethernet (10Mb) */
-#define DLT_EN3MB	2	/* Experimental Ethernet (3Mb) */
-#define DLT_AX25	3	/* Amateur Radio AX.25 */
-#define DLT_PRONET	4	/* Proteon ProNET Token Ring */
-#define DLT_CHAOS	5	/* Chaos */
-#define DLT_IEEE802	6	/* IEEE 802 Networks */
-#define DLT_ARCNET	7	/* ARCNET, with BSD-style header */
-#define DLT_SLIP	8	/* Serial Line IP */
-#define DLT_PPP		9	/* Point-to-point Protocol */
-#define DLT_FDDI	10	/* FDDI */
-
-/*
- * These are types that are different on some platforms, and that
- * have been defined by <net/bpf.h> for ages.  We use #ifdefs to
- * detect the BSDs that define them differently from the traditional
- * libpcap <net/bpf.h>
- *
- * XXX - DLT_ATM_RFC1483 is 13 in BSD/OS, and DLT_RAW is 14 in BSD/OS,
- * but I don't know what the right #define is for BSD/OS.
- */
-#define DLT_ATM_RFC1483	11	/* LLC/SNAP encapsulated atm */
-
-#ifdef __OpenBSD__
-#define DLT_RAW		14	/* raw IP */
-#else
-#define DLT_RAW		12	/* raw IP */
-#endif
-
-/*
- * Given that the only OS that currently generates BSD/OS SLIP or PPP
- * is, well, BSD/OS, arguably everybody should have chosen its values
- * for DLT_SLIP_BSDOS and DLT_PPP_BSDOS, which are 15 and 16, but they
- * didn't.  So it goes.
- */
-#if defined(__NetBSD__) || defined(__FreeBSD__)
-#ifndef DLT_SLIP_BSDOS
-#define DLT_SLIP_BSDOS	13	/* BSD/OS Serial Line IP */
-#define DLT_PPP_BSDOS	14	/* BSD/OS Point-to-point Protocol */
-#endif
-#else
-#define DLT_SLIP_BSDOS	15	/* BSD/OS Serial Line IP */
-#define DLT_PPP_BSDOS	16	/* BSD/OS Point-to-point Protocol */
-#endif
-
-/*
- * 17 is used for DLT_OLD_PFLOG in OpenBSD;
- *     OBSOLETE: DLT_PFLOG is 117 in OpenBSD now as well. See below.
- * 18 is used for DLT_PFSYNC in OpenBSD; don't use it for anything else.
- */
-
-#define DLT_ATM_CLIP	19	/* Linux Classical-IP over ATM */
-
-/*
- * Apparently Redback uses this for its SmartEdge 400/800.  I hope
- * nobody else decided to use it, too.
- */
-#define DLT_REDBACK_SMARTEDGE	32
-
-/*
- * These values are defined by NetBSD; other platforms should refrain from
- * using them for other purposes, so that NetBSD savefiles with link
- * types of 50 or 51 can be read as this type on all platforms.
- */
-#define DLT_PPP_SERIAL	50	/* PPP over serial with HDLC encapsulation */
-#define DLT_PPP_ETHER	51	/* PPP over Ethernet */
-
-/*
- * The Axent Raptor firewall - now the Symantec Enterprise Firewall - uses
- * a link-layer type of 99 for the tcpdump it supplies.  The link-layer
- * header has 6 bytes of unknown data, something that appears to be an
- * Ethernet type, and 36 bytes that appear to be 0 in at least one capture
- * I've seen.
- */
-#define DLT_SYMANTEC_FIREWALL	99
-
-/*
- * Values between 100 and 103 are used in capture file headers as
- * link-layer types corresponding to DLT_ types that differ
- * between platforms; don't use those values for new DLT_ new types.
- */
-
-/*
- * This value was defined by libpcap 0.5; platforms that have defined
- * it with a different value should define it here with that value -
- * a link type of 104 in a save file will be mapped to DLT_C_HDLC,
- * whatever value that happens to be, so programs will correctly
- * handle files with that link type regardless of the value of
- * DLT_C_HDLC.
- *
- * The name DLT_C_HDLC was used by BSD/OS; we use that name for source
- * compatibility with programs written for BSD/OS.
- *
- * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
- * for source compatibility with programs written for libpcap 0.5.
- */
-#define DLT_C_HDLC	104	/* Cisco HDLC */
-#define DLT_CHDLC	DLT_C_HDLC
-
-#define DLT_IEEE802_11	105	/* IEEE 802.11 wireless */
-
-/*
- * 106 is reserved for Linux Classical IP over ATM; it's like DLT_RAW,
- * except when it isn't.  (I.e., sometimes it's just raw IP, and
- * sometimes it isn't.)  We currently handle it as DLT_LINUX_SLL,
- * so that we don't have to worry about the link-layer header.)
- */
-
-/*
- * Frame Relay; BSD/OS has a DLT_FR with a value of 11, but that collides
- * with other values.
- * DLT_FR and DLT_FRELAY packets start with the Q.922 Frame Relay header
- * (DLCI, etc.).
- */
-#define DLT_FRELAY	107
-
-/*
- * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
- * that the AF_ type in the link-layer header is in network byte order.
- *
- * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
- * define it as 108 here.  If OpenBSD picks up this file, it should
- * define DLT_LOOP as 12 in its version, as per the comment above -
- * and should not use 108 as a DLT_ value.
- */
-#define DLT_LOOP	108
-
-/*
- * Encapsulated packets for IPsec; DLT_ENC is 13 in OpenBSD, but that's
- * DLT_SLIP_BSDOS in NetBSD, so we don't use 13 for it in OSes other
- * than OpenBSD.
- */
-#ifdef __OpenBSD__
-#define DLT_ENC		13
-#else
-#define DLT_ENC		109
-#endif
-
-/*
- * Values between 110 and 112 are reserved for use in capture file headers
- * as link-layer types corresponding to DLT_ types that might differ
- * between platforms; don't use those values for new DLT_ types
- * other than the corresponding DLT_ types.
- */
-
-/*
- * This is for Linux cooked sockets.
- */
-#define DLT_LINUX_SLL	113
-
-/*
- * Apple LocalTalk hardware.
- */
-#define DLT_LTALK	114
-
-/*
- * Acorn Econet.
- */
-#define DLT_ECONET	115
-
-/*
- * Reserved for use with OpenBSD ipfilter.
- */
-#define DLT_IPFILTER	116
-
-/*
- * OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD, but that's DLT_LANE8023
- * in SuSE 6.3, so we can't use 17 for it in capture-file headers.
- *
- * XXX: is there a conflict with DLT_PFSYNC 18 as well?
- */
-#ifdef __OpenBSD__
-#define DLT_OLD_PFLOG	17
-#define DLT_PFSYNC	18
-#endif
-#define DLT_PFLOG	117
-
-/*
- * Registered for Cisco-internal use.
- */
-#define DLT_CISCO_IOS	118
-
-/*
- * For 802.11 cards using the Prism II chips, with a link-layer
- * header including Prism monitor mode information plus an 802.11
- * header.
- */
-#define DLT_PRISM_HEADER	119
-
-/*
- * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
- * (see Doug Ambrisko's FreeBSD patches).
- */
-#define DLT_AIRONET_HEADER	120
-
-/*
- * Reserved for Siemens HiPath HDLC.
- */
-#define DLT_HHDLC		121
-
-/*
- * This is for RFC 2625 IP-over-Fibre Channel.
- *
- * This is not for use with raw Fibre Channel, where the link-layer
- * header starts with a Fibre Channel frame header; it's for IP-over-FC,
- * where the link-layer header starts with an RFC 2625 Network_Header
- * field.
- */
-#define DLT_IP_OVER_FC		122
-
-/*
- * This is for Full Frontal ATM on Solaris with SunATM, with a
- * pseudo-header followed by an AALn PDU.
- *
- * There may be other forms of Full Frontal ATM on other OSes,
- * with different pseudo-headers.
- *
- * If ATM software returns a pseudo-header with VPI/VCI information
- * (and, ideally, packet type information, e.g. signalling, ILMI,
- * LANE, LLC-multiplexed traffic, etc.), it should not use
- * DLT_ATM_RFC1483, but should get a new DLT_ value, so tcpdump
- * and the like don't have to infer the presence or absence of a
- * pseudo-header and the form of the pseudo-header.
- */
-#define DLT_SUNATM		123	/* Solaris+SunATM */
-
-/* 
- * Reserved as per request from Kent Dahlgren <kent@praesum.com>
- * for private use.
- */
-#define DLT_RIO                 124     /* RapidIO */
-#define DLT_PCI_EXP             125     /* PCI Express */
-#define DLT_AURORA              126     /* Xilinx Aurora link layer */
-
-/*
- * Header for 802.11 plus a number of bits of link-layer information
- * including radio information, used by some recent BSD drivers as
- * well as the madwifi Atheros driver for Linux.
- */
-#define DLT_IEEE802_11_RADIO	127	/* 802.11 plus radiotap radio header */
-
-/*
- * Reserved for the TZSP encapsulation, as per request from
- * Chris Waters <chris.waters@networkchemistry.com>
- * TZSP is a generic encapsulation for any other link type,
- * which includes a means to include meta-information
- * with the packet, e.g. signal strength and channel
- * for 802.11 packets.
- */
-#define DLT_TZSP                128     /* Tazmen Sniffer Protocol */
-
-/*
- * BSD's ARCNET headers have the source host, destination host,
- * and type at the beginning of the packet; that's what's handed
- * up to userland via BPF.
- *
- * Linux's ARCNET headers, however, have a 2-byte offset field
- * between the host IDs and the type; that's what's handed up
- * to userland via PF_PACKET sockets.
- *
- * We therefore have to have separate DLT_ values for them.
- */
-#define DLT_ARCNET_LINUX	129	/* ARCNET */
-
-/*
- * Juniper-private data link types, as per request from
- * Hannes Gredler <hannes@juniper.net>.  The DLT_s are used
- * for passing on chassis-internal metainformation such as
- * QOS profiles, etc..
- */
-#define DLT_JUNIPER_MLPPP       130
-#define DLT_JUNIPER_MLFR        131
-#define DLT_JUNIPER_ES          132
-#define DLT_JUNIPER_GGSN        133
-#define DLT_JUNIPER_MFR         134
-#define DLT_JUNIPER_ATM2        135
-#define DLT_JUNIPER_SERVICES    136
-#define DLT_JUNIPER_ATM1        137
-
-/*
- * Apple IP-over-IEEE 1394, as per a request from Dieter Siegmund
- * <dieter@apple.com>.  The header that's presented is an Ethernet-like
- * header:
- *
- *	#define FIREWIRE_EUI64_LEN	8
- *	struct firewire_header {
- *		u_char  firewire_dhost[FIREWIRE_EUI64_LEN];
- *		u_char  firewire_shost[FIREWIRE_EUI64_LEN];
- *		u_short firewire_type;
- *	};
- *
- * with "firewire_type" being an Ethernet type value, rather than,
- * for example, raw GASP frames being handed up.
- */
-#define DLT_APPLE_IP_OVER_IEEE1394	138
-
-/*
- * 139 through 142 are reserved for SS7.
- */
-
-/*
- * DOCSIS MAC frames.
- */
-#define DLT_DOCSIS		143
-
-/*
- * Linux-IrDA packets. Protocol defined at http://www.irda.org.
- * Those packets include IrLAP headers and above (IrLMP...), but
- * don't include Phy framing (SOF/EOF/CRC & byte stuffing), because Phy
- * framing can be handled by the hardware and depend on the bitrate.
- * This is exactly the format you would get capturing on a Linux-IrDA
- * interface (irdaX), but not on a raw serial port.
- * Note the capture is done in "Linux-cooked" mode, so each packet include
- * a fake packet header (struct sll_header). This is because IrDA packet
- * decoding is dependant on the direction of the packet (incomming or
- * outgoing).
- * When/if other platform implement IrDA capture, we may revisit the
- * issue and define a real DLT_IRDA...
- * Jean II
- */
-#define DLT_LINUX_IRDA		144
-
-/*
- * Reserved for IBM SP switch and IBM Next Federation switch.
- */
-#define DLT_IBM_SP		145
-#define DLT_IBM_SN		146
-
-/*
- * Reserved for private use.  If you have some link-layer header type
- * that you want to use within your organization, with the capture files
- * using that link-layer header type not ever be sent outside your
- * organization, you can use these values.
- *
- * No libpcap release will use these for any purpose, nor will any
- * tcpdump release use them, either.
- *
- * Do *NOT* use these in capture files that you expect anybody not using
- * your private versions of capture-file-reading tools to read; in
- * particular, do *NOT* use them in products, otherwise you may find that
- * people won't be able to use tcpdump, or snort, or Ethereal, or... to
- * read capture files from your firewall/intrusion detection/traffic
- * monitoring/etc. appliance, or whatever product uses that DLT_ value,
- * and you may also find that the developers of those applications will
- * not accept patches to let them read those files.
- *
- * Also, do not use them if somebody might send you a capture using them
- * for *their* private type and tools using them for *your* private type
- * would have to read them.
- *
- * Instead, ask "tcpdump-workers@tcpdump.org" for a new DLT_ value,
- * as per the comment above, and use the type you're given.
- */
-#define DLT_USER0		147
-#define DLT_USER1		148
-#define DLT_USER2		149
-#define DLT_USER3		150
-#define DLT_USER4		151
-#define DLT_USER5		152
-#define DLT_USER6		153
-#define DLT_USER7		154
-#define DLT_USER8		155
-#define DLT_USER9		156
-#define DLT_USER10		157
-#define DLT_USER11		158
-#define DLT_USER12		159
-#define DLT_USER13		160
-#define DLT_USER14		161
-#define DLT_USER15		162
-
-/*
- * For future use with 802.11 captures - defined by AbsoluteValue
- * Systems to store a number of bits of link-layer information
- * including radio information:
- *
- *	http://www.shaftnet.org/~pizza/software/capturefrm.txt
- *
- * but it might be used by some non-AVS drivers now or in the
- * future.
- */
-#define DLT_IEEE802_11_RADIO_AVS 163	/* 802.11 plus AVS radio header */
-
-/*
- * Juniper-private data link type, as per request from
- * Hannes Gredler <hannes@juniper.net>.  The DLT_s are used
- * for passing on chassis-internal metainformation such as
- * QOS profiles, etc..
- */
-#define DLT_JUNIPER_MONITOR     164
-
-/*
- * Reserved for BACnet MS/TP.
- */
-#define DLT_BACNET_MS_TP	165
-
-/*
- * Another PPP variant as per request from Karsten Keil <kkeil@suse.de>.
- *
- * This is used in some OSes to allow a kernel socket filter to distinguish
- * between incoming and outgoing packets, on a socket intended to
- * supply pppd with outgoing packets so it can do dial-on-demand and
- * hangup-on-lack-of-demand; incoming packets are filtered out so they
- * don't cause pppd to hold the connection up (you don't want random
- * input packets such as port scans, packets from old lost connections,
- * etc. to force the connection to stay up).
- *
- * The first byte of the PPP header (0xff03) is modified to accomodate
- * the direction - 0x00 = IN, 0x01 = OUT.
- */
-#define DLT_PPP_PPPD		166
-
-/*
- * Names for backwards compatibility with older versions of some PPP
- * software; new software should use DLT_PPP_PPPD.
- */
-#define DLT_PPP_WITH_DIRECTION	DLT_PPP_PPPD
-#define DLT_LINUX_PPP_WITHDIRECTION	DLT_PPP_PPPD
-
-/*
- * Juniper-private data link type, as per request from
- * Hannes Gredler <hannes@juniper.net>.  The DLT_s are used
- * for passing on chassis-internal metainformation such as
- * QOS profiles, cookies, etc..
- */
-#define DLT_JUNIPER_PPPOE       167
-#define DLT_JUNIPER_PPPOE_ATM   168
-
-#define DLT_GPRS_LLC		169	/* GPRS LLC */
-#define DLT_GPF_T		170	/* GPF-T (ITU-T G.7041/Y.1303) */
-#define DLT_GPF_F		171	/* GPF-F (ITU-T G.7041/Y.1303) */
-
-/*
- * Requested by Oolan Zimmer <oz@gcom.com> for use in Gcom's T1/E1 line
- * monitoring equipment.
- */
-#define DLT_GCOM_T1E1		172
-#define DLT_GCOM_SERIAL		173
-
-/*
- * Juniper-private data link type, as per request from
- * Hannes Gredler <hannes@juniper.net>.  The DLT_ is used
- * for internal communication to Physical Interface Cards (PIC)
- */
-#define DLT_JUNIPER_PIC_PEER    174
-
-/*
- * Link types requested by Gregor Maier <gregor@endace.com> of Endace
- * Measurement Systems.  They add an ERF header (see
- * http://www.endace.com/support/EndaceRecordFormat.pdf) in front of
- * the link-layer header.
- */
-#define DLT_ERF_ETH		175	/* Ethernet */
-#define DLT_ERF_POS		176	/* Packet-over-SONET */
-
-/*
- * Requested by Daniele Orlandi <daniele@orlandi.com> for raw LAPD
- * for vISDN (http://www.orlandi.com/visdn/).
- */
-#define DLT_LAPD		177
-
-/*
- * The instruction encodings.
- */
-/* instruction classes */
-#define BPF_CLASS(code) ((code) & 0x07)
-#define		BPF_LD		0x00
-#define		BPF_LDX		0x01
-#define		BPF_ST		0x02
-#define		BPF_STX		0x03
-#define		BPF_ALU		0x04
-#define		BPF_JMP		0x05
-#define		BPF_RET		0x06
-#define		BPF_MISC	0x07
-
-/* ld/ldx fields */
-#define BPF_SIZE(code)	((code) & 0x18)
-#define		BPF_W		0x00
-#define		BPF_H		0x08
-#define		BPF_B		0x10
-#define BPF_MODE(code)	((code) & 0xe0)
-#define		BPF_IMM 	0x00
-#define		BPF_ABS		0x20
-#define		BPF_IND		0x40
-#define		BPF_MEM		0x60
-#define		BPF_LEN		0x80
-#define		BPF_MSH		0xa0
-
-/* alu/jmp fields */
-#define BPF_OP(code)	((code) & 0xf0)
-#define		BPF_ADD		0x00
-#define		BPF_SUB		0x10
-#define		BPF_MUL		0x20
-#define		BPF_DIV		0x30
-#define		BPF_OR		0x40
-#define		BPF_AND		0x50
-#define		BPF_LSH		0x60
-#define		BPF_RSH		0x70
-#define		BPF_NEG		0x80
-#define		BPF_JA		0x00
-#define		BPF_JEQ		0x10
-#define		BPF_JGT		0x20
-#define		BPF_JGE		0x30
-#define		BPF_JSET	0x40
-#define BPF_SRC(code)	((code) & 0x08)
-#define		BPF_K		0x00
-#define		BPF_X		0x08
-
-/* ret - BPF_K and BPF_X also apply */
-#define BPF_RVAL(code)	((code) & 0x18)
-#define		BPF_A		0x10
-
-/* misc */
-#define BPF_MISCOP(code) ((code) & 0xf8)
-#define		BPF_TAX		0x00
-#define		BPF_TXA		0x80
-
-/*
- * The instruction data structure.
- */
-struct bpf_insn {
-	u_short	code;
-	u_char 	jt;
-	u_char 	jf;
-	bpf_int32 k;
-};
-
-/*
- * Macros for insn array initializers.
- */
-#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
-#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
-
-#if __STDC__ || defined(__cplusplus)
-extern int bpf_validate(struct bpf_insn *, int);
-extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
-#else
-extern int bpf_validate();
-extern u_int bpf_filter();
-#endif
-
-/*
- * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
- */
-#define BPF_MEMWORDS 16
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#include <pcap/bpf.h>
--- a/pcap-bt-linux.c
+++ b/pcap-bt-linux.c
@ -0,0 +1,370 @@
+/*
+ * Copyright (c) 2006 Paolo Abeni (Italy)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote 
+ * products derived from this software without specific prior written 
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Bluetooth sniffing API implementation for Linux platform
+ * By Paolo Abeni <paolo.abeni@email.it>
+ *
+ */
+#ifndef lint
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-bt-linux.c,v 1.15 2008-07-01 07:05:54 guy Exp $ (LBL)";
+#endif
+ 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "pcap-int.h"
+#include "pcap-bt-linux.h"
+#include "pcap/bluetooth.h"
+
+#ifdef NEED_STRERROR_H
+#include "strerror.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+
+#include <bluetooth/bluetooth.h>
+#include <bluetooth/hci.h>
+
+#define BT_IFACE "bluetooth"
+#define BT_CTRL_SIZE 128
+
+/* forward declaration */
+static int bt_activate(pcap_t *);
+static int bt_read_linux(pcap_t *, int , pcap_handler , u_char *);
+static int bt_inject_linux(pcap_t *, const void *, size_t);
+static int bt_setdirection_linux(pcap_t *, pcap_direction_t);
+static int bt_stats_linux(pcap_t *, struct pcap_stat *);
+
+int 
+bt_platform_finddevs(pcap_if_t **alldevsp, char *err_str)
+{
+	pcap_if_t *found_dev = *alldevsp;
+	struct hci_dev_list_req *dev_list;
+	struct hci_dev_req *dev_req;
+	int i, sock;
+	int ret = 0;
+	
+	sock  = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);
+	if (sock < 0)
+	{
+		/* if bluetooth is not supported this this is not fatal*/ 
+		if (errno == EAFNOSUPPORT)
+			return 0;
+		snprintf(err_str, PCAP_ERRBUF_SIZE, "Can't open raw Bluetooth socket %d:%s",
+			errno, strerror(errno));
+		return -1;
+	}
+
+	dev_list = malloc(HCI_MAX_DEV * sizeof(*dev_req) + sizeof(*dev_list));
+	if (!dev_list) 
+	{
+		snprintf(err_str, PCAP_ERRBUF_SIZE, "Can't allocate %zu bytes for Bluetooth device list",
+			HCI_MAX_DEV * sizeof(*dev_req) + sizeof(*dev_list));
+		ret = -1;
+		goto done;
+	}
+
+	dev_list->dev_num = HCI_MAX_DEV;
+
+	if (ioctl(sock, HCIGETDEVLIST, (void *) dev_list) < 0) 
+	{
+		snprintf(err_str, PCAP_ERRBUF_SIZE, "Can't get Bluetooth device list via ioctl %d:%s",
+			errno, strerror(errno));
+		ret = -1;
+		goto free;
+	}
+
+	dev_req = dev_list->dev_req;
+	for (i = 0; i < dev_list->dev_num; i++, dev_req++) {
+		char dev_name[20], dev_descr[30];
+		
+		snprintf(dev_name, 20, BT_IFACE"%d", dev_req->dev_id);
+		snprintf(dev_descr, 30, "Bluetooth adapter number %d", i);
+			
+		if (pcap_add_if(&found_dev, dev_name, 0, 
+		       dev_descr, err_str) < 0)
+		{
+			ret = -1;
+			break;
+		}
+
+	}
+
+free:
+	free(dev_list);
+
+done:
+	close(sock);
+	return ret;
+}
+
+pcap_t *
+bt_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = bt_activate;
+	return (p);
+}
+
+static int
+bt_activate(pcap_t* handle)
+{
+	struct sockaddr_hci addr;
+	int opt;
+	int		dev_id;
+	struct hci_filter	flt;
+	int err = PCAP_ERROR;
+
+	/* get bt interface id */
+	if (sscanf(handle->opt.source, BT_IFACE"%d", &dev_id) != 1)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			"Can't get Bluetooth device index from %s", 
+			 handle->opt.source);
+		return PCAP_ERROR;
+	}
+
+	/* Initialize some components of the pcap structure. */
+	handle->bufsize = handle->snapshot+BT_CTRL_SIZE+sizeof(pcap_bluetooth_h4_header);
+	handle->offset = BT_CTRL_SIZE;
+	handle->linktype = DLT_BLUETOOTH_HCI_H4_WITH_PHDR;
+
+	handle->read_op = bt_read_linux;
+	handle->inject_op = bt_inject_linux;
+	handle->setfilter_op = install_bpf_program; /* no kernel filtering */
+	handle->setdirection_op = bt_setdirection_linux;
+	handle->set_datalink_op = NULL;	/* can't change data link type */
+	handle->getnonblock_op = pcap_getnonblock_fd;
+	handle->setnonblock_op = pcap_setnonblock_fd;
+	handle->stats_op = bt_stats_linux;
+	handle->md.ifindex = dev_id;
+	
+	/* Create HCI socket */
+	handle->fd = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);
+	if (handle->fd < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket %d:%s",
+			errno, strerror(errno));
+		return PCAP_ERROR;
+	}
+
+	handle->buffer = malloc(handle->bufsize);
+	if (!handle->buffer) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't allocate dump buffer: %s",
+			pcap_strerror(errno));
+		goto close_fail;
+	}
+
+	opt = 1;
+	if (setsockopt(handle->fd, SOL_HCI, HCI_DATA_DIR, &opt, sizeof(opt)) < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't enable data direction info %d:%s",
+			errno, strerror(errno));
+		goto close_fail;
+	}
+
+	opt = 1;
+	if (setsockopt(handle->fd, SOL_HCI, HCI_TIME_STAMP, &opt, sizeof(opt)) < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't enable time stamp %d:%s",
+			errno, strerror(errno));
+		goto close_fail;
+	}
+
+	/* Setup filter, do not call hci function to avoid dependence on 
+	 * external libs	*/
+	memset(&flt, 0, sizeof(flt));
+	memset((void *) &flt.type_mask, 0xff, sizeof(flt.type_mask));	
+	memset((void *) &flt.event_mask, 0xff, sizeof(flt.event_mask));
+	if (setsockopt(handle->fd, SOL_HCI, HCI_FILTER, &flt, sizeof(flt)) < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't set filter %d:%s",
+			errno, strerror(errno));
+		goto close_fail;
+	}
+
+
+	/* Bind socket to the HCI device */
+	addr.hci_family = AF_BLUETOOTH;
+	addr.hci_dev = handle->md.ifindex;
+	if (bind(handle->fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't attach to device %d %d:%s",
+			handle->md.ifindex, errno, strerror(errno));
+		goto close_fail;
+	}
+
+	if (handle->opt.rfmon) {
+		/*
+		 * Monitor mode doesn't apply to Bluetooth devices.
+		 */
+		err = PCAP_ERROR_RFMON_NOTSUP;
+		goto close_fail;
+	}
+
+	if (handle->opt.buffer_size == 0) {
+		/*
+		 * Set the socket buffer size to the specified value.
+		 */
+		if (setsockopt(handle->fd, SOL_SOCKET, SO_RCVBUF,
+		    &handle->opt.buffer_size,
+		    sizeof(handle->opt.buffer_size)) == -1) {
+			snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+				 "SO_RCVBUF: %s", pcap_strerror(errno));
+			goto close_fail;
+		}
+	}
+
+	handle->selectable_fd = handle->fd;
+	return 0;
+
+close_fail:
+	pcap_cleanup_live_common(handle);
+	return err;
+}
+
+static int
+bt_read_linux(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
+{
+	struct cmsghdr *cmsg;
+	struct msghdr msg;
+	struct iovec  iv;
+	struct pcap_pkthdr pkth;
+	pcap_bluetooth_h4_header* bthdr;
+
+	bthdr = (pcap_bluetooth_h4_header*) &handle->buffer[handle->offset];
+	iv.iov_base = &handle->buffer[handle->offset+sizeof(pcap_bluetooth_h4_header)];
+	iv.iov_len  = handle->snapshot;
+	
+	memset(&msg, 0, sizeof(msg));
+	msg.msg_iov = &iv;
+	msg.msg_iovlen = 1;
+	msg.msg_control = handle->buffer;
+	msg.msg_controllen = handle->offset;
+
+	/* ignore interrupt system call error */
+	do {
+		pkth.caplen = recvmsg(handle->fd, &msg, 0);
+		if (handle->break_loop)
+		{
+			handle->break_loop = 0;
+			return -2;
+		}
+	} while ((pkth.caplen == -1) && (errno == EINTR));
+
+		
+	if (pkth.caplen < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't receive packet %d:%s",
+			errno, strerror(errno));
+		return -1;
+	}
+
+	/* get direction and timestamp*/ 
+	cmsg = CMSG_FIRSTHDR(&msg);
+	int in=0;
+	while (cmsg) {
+		switch (cmsg->cmsg_type) {
+			case HCI_CMSG_DIR:
+				memcpy(&in, CMSG_DATA(cmsg), sizeof in);
+				break;
+                      	case HCI_CMSG_TSTAMP:
+                      		memcpy(&pkth.ts, CMSG_DATA(cmsg),
+                      		    sizeof pkth.ts);
+				break;
+		}
+		cmsg = CMSG_NXTHDR(&msg, cmsg);
+	}
+	if ((in && (handle->direction == PCAP_D_OUT)) || 
+				((!in) && (handle->direction == PCAP_D_IN)))
+		return 0;
+
+	bthdr->direction = htonl(in != 0);
+	pkth.caplen+=sizeof(pcap_bluetooth_h4_header);
+	pkth.len = pkth.caplen;
+	if (handle->fcode.bf_insns == NULL ||
+	    bpf_filter(handle->fcode.bf_insns, &handle->buffer[handle->offset],
+	      pkth.len, pkth.caplen)) {
+		callback(user, &pkth, &handle->buffer[handle->offset]);
+		return 1;
+	}
+	return 0;	/* didn't pass filter */
+}
+
+static int
+bt_inject_linux(pcap_t *handle, const void *buf, size_t size)
+{
+	snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "inject not supported on "
+    		"bluetooth devices");
+	return (-1);
+}                           
+
+
+static int 
+bt_stats_linux(pcap_t *handle, struct pcap_stat *stats)
+{
+	int ret;
+	struct hci_dev_info dev_info;
+	struct hci_dev_stats * s = &dev_info.stat;
+	dev_info.dev_id = handle->md.ifindex;
+	
+	/* ingnore eintr */
+	do {
+		ret = ioctl(handle->fd, HCIGETDEVINFO, (void *)&dev_info);
+	} while ((ret == -1) && (errno == EINTR));
+	    
+	if (ret < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "can get stats"
+			" via ioctl %d:%s", errno, strerror(errno));
+		return (-1);
+		
+	}
+
+	/* we receive both rx and tx frames, so comulate all stats */	
+	stats->ps_recv = s->evt_rx + s->acl_rx + s->sco_rx + s->cmd_tx + 
+		s->acl_tx +s->sco_tx;
+	stats->ps_drop = s->err_rx + s->err_tx;
+	stats->ps_ifdrop = 0;
+	return 0;
+}
+
+static int 
+bt_setdirection_linux(pcap_t *p, pcap_direction_t d)
+{
+	p->direction = d;
+	return 0;
+}
--- a/pcap-bt-linux.h
+++ b/pcap-bt-linux.h
@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2006 Paolo Abeni (Italy)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote 
+ * products derived from this software without specific prior written 
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Bluetooth sniffing API implementation for Linux platform
+ * By Paolo Abeni <paolo.abeni@email.it>
+ *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-bt-linux.h,v 1.5 2008-04-04 19:37:45 guy Exp $ (LBL)
+ */
+
+/*
+ * Prototypes for Bluetooth-related functions
+ */
+int bt_platform_finddevs(pcap_if_t **alldevsp, char *err_str);
+pcap_t *bt_create(const char *device, char *ebuf);
--- a/pcap-can-linux.c
+++ b/pcap-can-linux.c
@ -0,0 +1,264 @@
+/*
+ * Copyright (c) 2009 Felix Obenhuber
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * SocketCan sniffing API implementation for Linux platform
+ * By Felix Obenhuber <felix@obenhuber.de>
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "pcap-int.h"
+#include "pcap-can-linux.h"
+
+#ifdef NEED_STRERROR_H
+#include "strerror.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <net/if.h>
+#include <arpa/inet.h>
+
+#include <linux/can.h>
+#include <linux/can/raw.h>
+
+/* not yet defined anywhere */
+#ifndef PF_CAN
+#define PF_CAN 29
+#endif
+#ifndef AF_CAN
+#define AF_CAN PF_CAN
+#endif
+
+/* forward declaration */
+static int can_activate(pcap_t *);
+static int can_read_linux(pcap_t *, int , pcap_handler , u_char *);
+static int can_inject_linux(pcap_t *, const void *, size_t);
+static int can_setfilter_linux(pcap_t *, struct bpf_program *);
+static int can_setdirection_linux(pcap_t *, pcap_direction_t);
+static int can_stats_linux(pcap_t *, struct pcap_stat *);
+
+pcap_t *
+can_create(const char *device, char *ebuf)
+{
+	pcap_t* p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = can_activate;
+	return (p);
+}
+
+
+static int
+can_activate(pcap_t* handle)
+{
+	struct sockaddr_can addr;
+	struct ifreq ifr;
+
+	/* Initialize some components of the pcap structure. */
+	handle->bufsize = 24;
+	handle->offset = 8;
+	handle->linktype = DLT_CAN_SOCKETCAN;
+	handle->read_op = can_read_linux;
+	handle->inject_op = can_inject_linux;
+	handle->setfilter_op = can_setfilter_linux;
+	handle->setdirection_op = can_setdirection_linux;
+	handle->set_datalink_op = NULL;
+	handle->getnonblock_op = pcap_getnonblock_fd;
+	handle->setnonblock_op = pcap_setnonblock_fd;
+	handle->stats_op = can_stats_linux;
+
+	/* Create socket */
+	handle->fd = socket(PF_CAN, SOCK_RAW, CAN_RAW);
+	if (handle->fd < 0)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket %d:%s",
+			errno, strerror(errno));
+		return PCAP_ERROR;
+	}
+
+	/* get interface index */
+	memset(&ifr, 0, sizeof(ifr));
+	strncpy(ifr.ifr_name, handle->opt.source, sizeof(ifr.ifr_name));
+	if (ioctl(handle->fd, SIOCGIFINDEX, &ifr) < 0)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+				"Unable to get interface index: %s",
+			pcap_strerror(errno));
+		pcap_cleanup_live_common(handle);
+		return PCAP_ERROR;
+	}
+	handle->md.ifindex = ifr.ifr_ifindex;
+
+	/* allocate butter */
+	handle->buffer = malloc(handle->bufsize);
+	if (!handle->buffer)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't allocate dump buffer: %s",
+			pcap_strerror(errno));
+		pcap_cleanup_live_common(handle);
+		return PCAP_ERROR;
+	}
+
+	/* Bind to the socket */
+	addr.can_family = AF_CAN;
+	addr.can_ifindex = handle->md.ifindex;
+	if( bind( handle->fd, (struct sockaddr*)&addr, sizeof(addr) ) < 0  )
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't attach to device %d %d:%s",
+			handle->md.ifindex, errno, strerror(errno));
+		pcap_cleanup_live_common(handle);
+		return PCAP_ERROR;
+	}
+
+	if (handle->opt.rfmon)
+	{
+		/* Monitor mode doesn't apply to CAN devices. */
+		pcap_cleanup_live_common(handle);
+		return PCAP_ERROR;
+	}
+
+	handle->selectable_fd = handle->fd;
+	return 0;
+
+}
+
+
+static int
+can_read_linux(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
+{
+	struct msghdr msg;
+	struct pcap_pkthdr pkth;
+	struct iovec iv;
+	struct can_frame* cf;
+
+	iv.iov_base = &handle->buffer[handle->offset];
+	iv.iov_len = handle->snapshot;
+
+	memset(&msg, 0, sizeof(msg));
+	msg.msg_iov = &iv;
+	msg.msg_iovlen = 1;
+	msg.msg_control = handle->buffer;
+	msg.msg_controllen = handle->offset;
+
+	do
+	{
+		pkth.caplen = recvmsg(handle->fd, &msg, 0);
+		if (handle->break_loop)
+		{
+			handle->break_loop = 0;
+			return -2;
+		}
+	} while ((pkth.caplen == -1) && (errno == EINTR));
+
+	if (pkth.caplen < 0)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't receive packet %d:%s",
+			errno, strerror(errno));
+		return -1;
+	}
+
+	/* adjust capture len according to frame len */
+	cf = (struct can_frame*)&handle->buffer[8];
+	pkth.caplen -= 8 - cf->can_dlc;
+	pkth.len = pkth.caplen;
+
+	cf->can_id = htonl( cf->can_id );
+
+	if( -1 == gettimeofday(&pkth.ts, NULL) )
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't get time of day %d:%s",
+			errno, strerror(errno));
+		return -1;
+	}
+
+	callback(user, &pkth, &handle->buffer[8]);
+
+	return 1;
+}
+
+
+static int
+can_inject_linux(pcap_t *handle, const void *buf, size_t size)
+{
+	/* not yet implemented */
+	snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "inject not supported on "
+		"can devices");
+	return (-1);
+}
+
+
+static int
+can_stats_linux(pcap_t *handle, struct pcap_stat *stats)
+{
+	/* not yet implemented */
+	stats->ps_recv = 0;			 /* number of packets received */
+	stats->ps_drop = 0;			 /* number of packets dropped */
+	stats->ps_ifdrop = 0;		 /* drops by interface -- only supported on some platforms */
+	return 0;
+}
+
+
+static int
+can_setfilter_linux(pcap_t *p, struct bpf_program *fp)
+{
+	/* not yet implemented */
+	return 0;
+}
+
+
+static int
+can_setdirection_linux(pcap_t *p, pcap_direction_t d)
+{
+	/* no support for PCAP_D_OUT */
+	if (d == PCAP_D_OUT)
+	{
+		snprintf(p->errbuf, sizeof(p->errbuf),
+			"Setting direction to PCAP_D_OUT is not supported on can");
+		return -1;
+	}
+
+	p->direction = d;
+
+	return 0;
+}
+
+
+/* eof */
--- a/pcap-can-linux.h
+++ b/pcap-can-linux.h
@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2009 Felix Obenhuber
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * Prototypes for SocketCAN related functions
+ */
+pcap_t* can_create(const char *device, char *ebuf);
--- a/pcap-common.c
+++ b/pcap-common.c
--- a/pcap-common.h
+++ b/pcap-common.h
@ -0,0 +1,25 @@
+
+/*
+ * We use the "receiver-makes-right" approach to byte order,
+ * because time is at a premium when we are writing the file.
+ * In other words, the pcap_file_header and pcap_pkthdr,
+ * records are written in host byte order.
+ * Note that the bytes of packet data are written out in the order in
+ * which they were received, so multi-byte fields in packets are not
+ * written in host byte order, they're written in whatever order the
+ * sending machine put them in.
+ *
+ * ntoh[ls] aren't sufficient because we might need to swap on a big-endian
+ * machine (if the file was written in little-end order).
+ */
+#define	SWAPLONG(y) \
+((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
+#define	SWAPSHORT(y) \
+	( (((y)&0xff)<<8) | ((u_short)((y)&0xff00)>>8) )
+
+extern int dlt_to_linktype(int dlt);
+
+extern int linktype_to_dlt(int linktype);
+
+extern void swap_linux_usb_header(const struct pcap_pkthdr *hdr, u_char *buf,
+    int header_len_64_bytes);
--- a/pcap-config.1
+++ b/pcap-config.1
@ -0,0 +1,74 @@
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap-config.1,v 1.1 2008-09-23 18:04:01 guy Exp $ (LBL)
+.\"
+.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
+.\"	The Regents of the University of California.  All rights reserved.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that: (1) source code distributions
+.\" retain the above copyright notice and this paragraph in its entirety, (2)
+.\" distributions including binary code include the above copyright notice and
+.\" this paragraph in its entirety in the documentation or other materials
+.\" provided with the distribution, and (3) all advertising materials mentioning
+.\" features or use of this software display the following acknowledgement:
+.\" ``This product includes software developed by the University of California,
+.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+.\" the University nor the names of its contributors may be used to endorse
+.\" or promote products derived from this software without specific prior
+.\" written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.TH PCAP-CONFIG 1 "26 March 2009"
+.SH NAME
+pcap-config \- write libpcap compiler and linker flags to standard output
+.SH SYNOPSIS
+.na
+.B pcap-config
+[
+.B \-\-static
+]
+[
+.B \-\-cflags | \-\-libs | \-\-additional-libs
+]
+.ad
+.SH DESCRIPTION
+.LP
+When run with the
+.B \-\-cflags
+option,
+.I pcap-config
+writes to the standard output the
+.B \-I
+compiler flags required to include libpcap's header files.
+When run with the
+.B \-\-libs
+option,
+.I pcap-config
+writes to the standard output the
+.B \-L
+and
+.B \-l
+linker flags required to link with libpcap, including
+.B \-l
+flags for libraries required by libpcap.
+When run with the
+.B \-\-additional-libs
+option,
+.I pcap-config
+writes to the standard output the
+.B \-L
+and
+.B \-l
+flags for libraries required by libpcap, but not the
+.B \-lpcap
+flag to link with libpcap itself.
+.LP
+By default, it writes flags appropriate for compiling with a
+dynamically-linked version of libpcap; the
+.B \-\-static
+flag causes it to write flags appropriate for compiling with a
+statically-linked version of libpcap.
+.SH "SEE ALSO"
+pcap(3PCAP)
--- a/pcap-config.in
+++ b/pcap-config.in
@ -0,0 +1,89 @@
+#! /bin/sh
+
+#
+# Script to give the appropriate compiler flags and linker flags
+# to use when building code that uses libpcap.
+#
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+includedir="@includedir@"
+libdir="@libdir@"
+V_RPATH_OPT="@V_RPATH_OPT@"
+LIBS="@LIBS@"
+
+static=0
+show_cflags=0
+show_libs=0
+while [ "$#" != 0 ]
+do
+	case "$1" in
+
+	--static)
+		static=1
+		;;
+
+	--cflags)
+		show_cflags=1
+		;;
+
+	--libs)
+		show_libs=1
+		;;
+
+	--additional-libs)
+		show_additional_libs=1
+		;;
+	esac
+	shift
+done
+if [ "$V_RPATH_OPT" != "" ]
+then
+	#
+	# If libdir isn't /usr/lib, add it to the run-time linker path.
+	#
+	if [ "$libdir" != "/usr/lib" ]
+	then
+		RPATH=$V_RPATH_OPT$libdir
+	fi
+fi
+if [ "$static" = 1 ]
+then
+	#
+	# Include LIBS so that the flags include libraries containing
+	# routines that libpcap uses.
+	#
+	if [ "$show_cflags" = 1 -a "$show_libs" = 1 ]
+	then
+		echo "-I$includedir -L$libdir -lpcap $LIBS"
+	elif [ "$show_cflags" = 1 -a "$show_additional_libs" = 1 ]
+	then
+		echo "-I$includedir -L$libdir $LIBS"
+	elif [ "$show_cflags" = 1 ]
+	then
+		echo "-I$includedir"
+	elif [ "$show_libs" = 1 ]
+	then
+		echo "-L$libdir -lpcap $LIBS"
+	elif [ "$show_additional_libs" = 1 ]
+	then
+		echo "$LIBS"
+	fi
+else
+	#
+	# Omit LIBS - libpcap is assumed to be linked with those
+	# libraries, so there's no need to do so explicitly.
+	#
+	if [ "$show_cflags" = 1 -a "$show_libs" = 1 ]
+	then
+		echo "-I$includedir -L$libdir $RPATH -lpcap"
+	elif [ "$show_cflags" = 1 -a "$show_additional_libs" = 1 ]
+	then
+		echo "-I$includedir"
+	elif [ "$show_cflags" = 1 ]
+	then
+		echo "-I$includedir"
+	elif [ "$show_libs" = 1 ]
+	then
+		echo "-L$libdir $RPATH -lpcap"
+	fi
+fi
--- a/pcap-dag.c
+++ b/pcap-dag.c
--- a/pcap-dag.h
+++ b/pcap-dag.h
@ -7,8 +7,102 @@
 *
 * Author: Richard Littin, Sean Irvine ({richard,sean}@reeltwo.com)
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-dag.h,v 1.3 2003-07-25 05:32:03 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-dag.h,v 1.7 2008-04-04 19:37:45 guy Exp $ (LBL)
 */

-pcap_t *dag_open_live(const char *device, int snaplen, int promisc, int to_ms, char *ebuf);
+pcap_t *dag_create(const char *, char *);
+int dag_platform_finddevs(pcap_if_t **devlistp, char *errbuf);

+#ifndef TYPE_AAL5
+#define TYPE_AAL5               4
+#endif
+
+#ifndef TYPE_MC_HDLC
+#define TYPE_MC_HDLC            5
+#endif
+
+#ifndef TYPE_MC_RAW
+#define TYPE_MC_RAW             6
+#endif
+
+#ifndef TYPE_MC_ATM
+#define TYPE_MC_ATM             7
+#endif
+
+#ifndef TYPE_MC_RAW_CHANNEL
+#define TYPE_MC_RAW_CHANNEL     8
+#endif
+
+#ifndef TYPE_MC_AAL5
+#define TYPE_MC_AAL5            9
+#endif
+
+#ifndef TYPE_COLOR_HDLC_POS
+#define TYPE_COLOR_HDLC_POS     10
+#endif
+
+#ifndef TYPE_COLOR_ETH
+#define TYPE_COLOR_ETH          11
+#endif
+
+#ifndef TYPE_MC_AAL2
+#define TYPE_MC_AAL2            12
+#endif
+
+#ifndef TYPE_IP_COUNTER
+#define TYPE_IP_COUNTER         13
+#endif
+
+#ifndef TYPE_TCP_FLOW_COUNTER
+#define TYPE_TCP_FLOW_COUNTER   14
+#endif
+
+#ifndef TYPE_DSM_COLOR_HDLC_POS
+#define TYPE_DSM_COLOR_HDLC_POS 15
+#endif
+
+#ifndef TYPE_DSM_COLOR_ETH
+#define TYPE_DSM_COLOR_ETH      16
+#endif
+
+#ifndef TYPE_COLOR_MC_HDLC_POS
+#define TYPE_COLOR_MC_HDLC_POS  17
+#endif
+
+#ifndef TYPE_AAL2
+#define TYPE_AAL2               18
+#endif
+
+#ifndef TYPE_COLOR_HASH_POS
+#define TYPE_COLOR_HASH_POS     19
+#endif
+
+#ifndef TYPE_COLOR_HASH_ETH
+#define TYPE_COLOR_HASH_ETH     20
+#endif
+
+#ifndef TYPE_INFINIBAND
+#define TYPE_INFINIBAND         21
+#endif
+
+#ifndef TYPE_IPV4
+#define TYPE_IPV4               22
+#endif
+
+#ifndef TYPE_IPV6
+#define TYPE_IPV6               23
+#endif
+
+#ifndef TYPE_RAW_LINK
+#define TYPE_RAW_LINK           24
+#endif
+
+#ifndef TYPE_INFINIBAND_LINK
+#define TYPE_INFINIBAND_LINK    25
+#endif
+
+
+
+#ifndef TYPE_PAD
+#define TYPE_PAD                48
+#endif
--- a/pcap-dect-linux.c
+++ b/pcap-dect-linux.c
@ -0,0 +1,256 @@
+/*
+ * Copyright (C) 2009 Patrick McHardy <kaber@trash.net>
+ *
+ * Licensed under the same license as libpcap itself.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "pcap-int.h"
+#include "pcap-dect-linux.h"
+
+#ifdef NEED_STRERROR_H
+#include "strerror.h"
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <linux/types.h>
+#include <linux/dect.h>
+#include <linux/netlink.h>
+#include <netlink/cache.h>
+#include <netlink/dect/cell.h>
+
+#define PF_DECT		38
+#define AF_DECT		PF_DECT
+#define SOL_DECT	279
+
+struct cb_args {
+	pcap_if_t	**alldevsp;
+	char		*err_str;
+	bool		err;
+};
+
+static void add_cell_cb(struct nl_object *obj, void *arg)
+{
+	struct cb_args *args = arg;
+	char dev_name[32];
+
+	if (args->err)
+		return;
+
+	snprintf(dev_name, sizeof(dev_name), "dect-%s",
+		 nl_dect_cell_get_name((struct nl_dect_cell *)obj));
+
+	if (pcap_add_if(args->alldevsp, dev_name, 0, NULL, args->err_str) < 0)
+		args->err = true;
+}
+
+int dect_platform_finddevs(pcap_if_t **alldevsp, char *err_str)
+{
+	struct nl_sock *sock;
+	struct nl_cache *cell_cache;
+	struct cb_args args = {
+		.alldevsp	= alldevsp,
+		.err_str	= err_str,
+	};
+
+	sock = nl_socket_alloc();
+	if (sock == NULL) {
+		snprintf(err_str, PCAP_ERRBUF_SIZE, "socket: %s",
+			 pcap_strerror(errno));
+		return -1;
+	}
+	if (nl_connect(sock, NETLINK_DECT) < 0) {
+		snprintf(err_str, PCAP_ERRBUF_SIZE, "connect: %s",
+			 pcap_strerror(errno));
+		return -1;
+	}
+	if (nl_dect_cell_alloc_cache(sock, &cell_cache) < 0) {
+		snprintf(err_str, PCAP_ERRBUF_SIZE, "cache: %s",
+			 pcap_strerror(errno));
+		return -1;
+	}
+
+	nl_cache_foreach(cell_cache, add_cell_cb, &args);
+	nl_socket_free(sock);
+
+	return args.err ? -1 : 0;
+}
+
+/*
+ * compatible header to what wireshark is expecting from the CoA
+ * character device for now.
+ */
+struct dect_dummy_hdr {
+	uint8_t		etheraddrs[2 * 6];
+	uint16_t	ethertype;
+
+	uint8_t		trxmode;
+	uint8_t		channel;
+	uint16_t	slot;
+	uint8_t		frame;
+	uint8_t		rssi;
+	uint8_t		preamble[3];
+	uint16_t	packettype;
+} __attribute__((packed));
+
+static int dect_read_linux(pcap_t *handle, int max_packets,
+			   pcap_handler callback, u_char *user)
+{
+	struct pcap_pkthdr hdr;
+	struct dect_dummy_hdr *dhdr;
+	struct iovec iov;
+	struct msghdr msg;
+	struct dect_raw_auxdata *aux;
+	struct cmsghdr *cmsg;
+	union {
+		struct cmsghdr		cmsg;
+		char			buf[CMSG_SPACE(sizeof(*aux))];
+	} cmsg_buf;
+	ssize_t len;
+
+	/* refuse anything below dummy header size for simplicity */
+	if (handle->bufsize < sizeof(*dhdr))
+		return -1;
+
+	dhdr = (struct dect_dummy_hdr *)handle->buffer;
+	memset(dhdr, 0, sizeof(*dhdr));
+	dhdr->ethertype = 0x2323;
+	dhdr->trxmode	= 0;
+	dhdr->channel	= 0;
+
+	msg.msg_name		= NULL;
+	msg.msg_namelen		= 0;
+	msg.msg_iov		= &iov;
+	msg.msg_iovlen		= 1;
+	msg.msg_control		= &cmsg_buf;
+	msg.msg_controllen	= sizeof(cmsg_buf);
+	msg.msg_flags		= 0;
+
+	iov.iov_len		= handle->bufsize - sizeof(*dhdr);
+	iov.iov_base		= handle->buffer + sizeof(*dhdr);
+
+	do {
+		if (handle->break_loop) {
+			handle->break_loop = 0;
+			return -2;
+		}
+
+		len = recvmsg(handle->fd, &msg, 0);
+	} while (len == -1 && (errno == EINTR || errno == ENETDOWN));
+
+	if (len == -1) {
+		if (errno == EAGAIN)
+			return 0;
+		else {
+			snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+				 "recvfrom: %s", pcap_strerror(errno));
+			return -1;
+		}
+	}
+
+	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
+	     cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+		if (cmsg->cmsg_level != SOL_DECT ||
+		    cmsg->cmsg_type != DECT_RAW_AUXDATA ||
+		    cmsg->cmsg_len < CMSG_LEN(sizeof(*aux)))
+			continue;
+
+		aux = (struct dect_raw_auxdata *)CMSG_DATA(cmsg);
+		dhdr->slot = htons(aux->slot);
+		dhdr->rssi = aux->rssi;
+		dhdr->frame = aux->frame;
+		if (aux->slot < 12)
+			dhdr->packettype = htons(0xe98a);
+		else
+			dhdr->packettype = htons(0x1675);
+	}
+
+	gettimeofday(&hdr.ts, NULL);
+	hdr.caplen = len + sizeof(*dhdr);
+	hdr.len    = len + sizeof(*dhdr);
+	callback(user, &hdr, handle->buffer);
+	return 1;
+}
+
+static int dect_setfilter_linux(pcap_t *handle, struct bpf_program *fp)
+{
+	return 0;
+}
+
+static int dect_setdirection_linux(pcap_t *handle, pcap_direction_t d)
+{
+	handle->direction = d;
+	return 0;
+}
+
+static int dect_activate(pcap_t *handle)
+{
+	struct sockaddr_dect da;
+
+	handle->bufsize		= handle->snapshot;
+	handle->offset		= 0;
+#if 0
+	handle->linktype	= DLT_DECT_LINUX;
+#else
+	handle->linktype	= DLT_EN10MB;
+#endif
+
+	handle->inject_op	= NULL;
+	handle->setfilter_op	= dect_setfilter_linux;
+	handle->setdirection_op = dect_setdirection_linux;
+	handle->set_datalink_op	= NULL;
+	handle->getnonblock_op	= pcap_getnonblock_fd;
+	handle->setnonblock_op	= pcap_setnonblock_fd;
+	handle->read_op		= dect_read_linux;
+
+	handle->fd = socket(PF_DECT, SOCK_RAW, 0);
+	if (handle->fd < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			 "Can't open PF_DECT socket: %s",
+			 pcap_strerror(errno));
+		return PCAP_ERROR;
+	}
+
+	memset(&da, 0, sizeof(da));
+	da.dect_family = AF_DECT;
+	if (bind(handle->fd, (struct sockaddr *)&da, sizeof(da)) < 0) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			 "Can't bind PF_DECT socket: %s",
+			 pcap_strerror(errno));
+		return PCAP_ERROR;
+	}
+
+	handle->selectable_fd = handle->fd;
+	handle->buffer = malloc(handle->bufsize);
+	if (!handle->buffer) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			 "Can't allocate packet buffer: %s",
+			 pcap_strerror(errno));
+		return PCAP_ERROR;
+	}
+	return 0;
+}
+
+pcap_t *dect_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return NULL;
+
+	p->activate_op = dect_activate;
+	return p;
+}
--- a/pcap-dect-linux.h
+++ b/pcap-dect-linux.h
@ -0,0 +1,2 @@
+int dect_platform_finddevs(pcap_if_t **alldevsp, char *err_str);
+pcap_t *dect_create(const char *device, char *ebuf);
--- a/pcap-dlpi.c
+++ b/pcap-dlpi.c
--- a/pcap-dos.c
+++ b/pcap-dos.c
@ -1,11 +1,11 @@
 /*
 *  This file is part of DOS-libpcap
- *  Ported to DOS/DOSX by G. Vanem <giva@bgnett.no>
+ *  Ported to DOS/DOSX by G. Vanem <gvanem@broadpark.no>
 *
 *  pcap-dos.c: Interface to PKTDRVR, NDIS2 and 32-bit pmode
 *              network drivers.
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.1 2004-12-18 08:52:10 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-dos.c,v 1.7 2008-04-22 17:16:30 guy Exp $ (LBL)
 */

 #include <stdio.h>
@ -97,9 +97,10 @@ static volatile BOOL exc_occured = 0;

 static struct device *handle_to_device [20];

+static int  pcap_activate_dos (pcap_t *p);
 static int  pcap_read_dos (pcap_t *p, int cnt, pcap_handler callback,
                           u_char *data);
-static void pcap_close_dos (pcap_t *p);
+static void pcap_cleanup_dos (pcap_t *p);
 static int  pcap_stats_dos (pcap_t *p, struct pcap_stat *ps);
 static int  pcap_sendpacket_dos (pcap_t *p, const void *buf, size_t len);
 static int  pcap_setfilter_dos (pcap_t *p, struct bpf_program *fp);
@ -142,58 +143,64 @@ static struct device *get_device (int fd)
  return handle_to_device [fd-1];
 }

+pcap_t *pcap_create (const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_dos;
+	return (p);
+}
+
 /*
 * Open MAC-driver with name 'device_name' for live capture of
 * network packets.
 */
-pcap_t *pcap_open_live (const char *device_name, int snaplen, int promisc,
-                        int timeout_ms, char *errbuf)
+static int pcap_activate_dos (pcap_t *pcap)
 { 
-  struct pcap *pcap;
-
-  if (snaplen < ETH_MIN)
-      snaplen = ETH_MIN;
-
-  if (snaplen > ETH_MAX)   /* silently accept and truncate large MTUs */
-      snaplen = ETH_MAX;
-
-  pcap = calloc (sizeof(*pcap), 1);
-  if (!pcap)
-  {
-    strcpy (errbuf, "Not enough memory (pcap)");
-    return (NULL);
+  if (pcap->opt.rfmon) {
+    /*
+     * No monitor mode on DOS.
+     */
+    return (PCAP_ERROR_RFMON_NOTSUP);
  }

-  pcap->snapshot          = max (ETH_MIN+8, snaplen);
+  if (pcap->snapshot < ETH_MIN+8)
+      pcap->snapshot = ETH_MIN+8;
+
+  if (pcap->snapshot > ETH_MAX)   /* silently accept and truncate large MTUs */
+      pcap->snapshot = ETH_MAX;
+
  pcap->linktype          = DLT_EN10MB;  /* !! */
-  pcap->inter_packet_wait = timeout_ms;
-  pcap->close_op          = pcap_close_dos;
+  pcap->cleanup_op        = pcap_cleanup_dos;
  pcap->read_op           = pcap_read_dos;
  pcap->stats_op          = pcap_stats_dos;
  pcap->inject_op         = pcap_sendpacket_dos;
  pcap->setfilter_op      = pcap_setfilter_dos;
+  pcap->setdirection_op   = NULL; /* Not implemented.*/
  pcap->fd                = ++ref_count;

  if (pcap->fd == 1)  /* first time we're called */
  {
-    if (!init_watt32(pcap, device_name, errbuf) ||
-        !first_init(device_name, errbuf, promisc))
+    if (!init_watt32(pcap, pcap->opt.source, pcap->errbuf) ||
+        !first_init(pcap->opt.source, pcap->errbuf, pcap->opt.promisc))
    {
-      free (pcap);
-      return (NULL);
+      return (PCAP_ERROR);
    } 
    atexit (close_driver);
  }
-  else if (stricmp(active_dev->name,device_name))
+  else if (stricmp(active_dev->name,pcap->opt.source))
  {
-    snprintf (errbuf, PCAP_ERRBUF_SIZE,
+    snprintf (pcap->errbuf, PCAP_ERRBUF_SIZE,
              "Cannot use different devices simultaneously "
-              "(`%s' vs. `%s')", active_dev->name, device_name);
-    free (pcap);
-    pcap = NULL;
+              "(`%s' vs. `%s')", active_dev->name, pcap->opt.source);
+    return (PCAP_ERROR);
  }
  handle_to_device [pcap->fd-1] = active_dev;
-  return (pcap);
+  return (0);
 }

 /*
@ -204,15 +211,14 @@ static int
 pcap_read_one (pcap_t *p, pcap_handler callback, u_char *data)
 {
  struct pcap_pkthdr pcap;
-  struct bpf_insn   *fcode = p->fcode.bf_insns;
  struct timeval     now, expiry;
  BYTE  *rx_buf;
  int    rx_len = 0;

-  if (p->inter_packet_wait > 0)
+  if (p->md.timeout > 0)
  {
    gettimeofday2 (&now, NULL);
-    expiry.tv_usec = now.tv_usec + 1000UL * p->inter_packet_wait;
+    expiry.tv_usec = now.tv_usec + 1000UL * p->md.timeout;
    expiry.tv_sec  = now.tv_sec;
    while (expiry.tv_usec >= 1000000L)
    {
@ -257,7 +263,7 @@ pcap_read_one (pcap_t *p, pcap_handler callback, u_char *data)
      pcap.len    = rx_len;

      if (callback &&
-          (!fcode || bpf_filter(fcode, rx_buf, pcap.len, pcap.caplen)))
+          (!p->fcode.bf_insns || bpf_filter(p->fcode.bf_insns, rx_buf, pcap.len, pcap.caplen)))
      {
        filter_count++;

@ -284,7 +290,7 @@ pcap_read_one (pcap_t *p, pcap_handler callback, u_char *data)
    /* If not to wait for a packet or pcap_close() called from
     * e.g. SIGINT handler, exit loop now.
     */
-    if (p->inter_packet_wait <= 0 || (volatile int)p->fd <= 0)
+    if (p->md.timeout <= 0 || (volatile int)p->fd <= 0)
       break;

    gettimeofday2 (&now, NULL);
@ -420,7 +426,7 @@ u_long pcap_filter_packets (void)
 /*
 * Close pcap device. Not called for offline captures.
 */
-static void pcap_close_dos (pcap_t *p)
+static void pcap_cleanup_dos (pcap_t *p)
 {
  if (p && !exc_occured)
  {
@ -476,7 +482,7 @@ int pcap_lookupnet (const char *device, bpf_u_int32 *localnet,
 {
  if (!_watt_is_init)
  {
-    strcpy (errbuf, "pcap_open_offline() or pcap_open_live() must be "
+    strcpy (errbuf, "pcap_open_offline() or pcap_activate() must be "
                    "called first");
    return (-1);
  }
@ -587,7 +593,7 @@ void pcap_set_wait (pcap_t *p, void (*yield)(void), int wait)
  if (p)
  {
    p->wait_proc         = yield;
-    p->inter_packet_wait = wait;
+    p->md.timeout        = wait;
  }
 }

@ -733,13 +739,13 @@ static void exc_handler (int sig)
         fprintf (stderr, "Catching signal %d.\n", sig);
  }
  exc_occured = 1;
-  pcap_close_dos (NULL);
+  pcap_cleanup_dos (NULL);
 }
 #endif  /* __DJGPP__ */


 /*
- * Open the pcap device for the first client calling pcap_open_live()
+ * Open the pcap device for the first client calling pcap_activate()
 */
 static int first_init (const char *name, char *ebuf, int promisc)
 {
@ -990,7 +996,7 @@ int EISA_bus = 0;  /* Where is natural place for this? */
 * Application config hooks to set various driver parameters.
 */

-static struct config_table debug_tab[] = {
+static const struct config_table debug_tab[] = {
            { "PKT.DEBUG",       ARG_ATOI,   &pcap_pkt_debug    },
            { "PKT.VECTOR",      ARG_ATOX_W, NULL               },
            { "NDIS.DEBUG",      ARG_ATOI,   NULL               },
--- a/pcap-enet.c
+++ b/pcap-enet.c
@ -8,7 +8,7 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.8 2003-11-15 23:24:02 guy Exp $";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.9 2006-10-04 18:09:22 guy Exp $";
 #endif

 #ifdef HAVE_CONFIG_H
@ -22,7 +22,7 @@ static const char rcsid[] _U_ =
 #include <sys/socket.h>

 #include <net/if.h>
-#include <pcap-bpf.h>
+#include <pcap/bpf.h>
 #include <net/enet.h>

 #include <netinet/in.h>
--- a/pcap-filter.manmisc.in
+++ b/pcap-filter.manmisc.in
@ -0,0 +1,962 @@
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap-filter.manmisc.in,v 1.1 2008-10-21 07:33:01 guy Exp $ (LBL)
+.\"
+.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
+.\"	The Regents of the University of California.  All rights reserved.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that: (1) source code distributions
+.\" retain the above copyright notice and this paragraph in its entirety, (2)
+.\" distributions including binary code include the above copyright notice and
+.\" this paragraph in its entirety in the documentation or other materials
+.\" provided with the distribution, and (3) all advertising materials mentioning
+.\" features or use of this software display the following acknowledgement:
+.\" ``This product includes software developed by the University of California,
+.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+.\" the University nor the names of its contributors may be used to endorse
+.\" or promote products derived from this software without specific prior
+.\" written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.TH PCAP-FILTER @MAN_MISC_INFO@ "6 January 2008"
+.SH NAME
+pcap-filter \- packet filter syntax
+.br
+.ad
+.SH DESCRIPTION
+.LP
+.B pcap_compile()
+is used to compile a string into a filter program.
+The resulting filter program can then be applied to
+some stream of packets to determine which packets will be supplied to
+.BR pcap_loop() ,
+.BR pcap_dispatch() ,
+.BR pcap_next() ,
+or
+.BR pcap_next_ex() .
+.LP
+The \fIfilter expression\fP consists of one or more
+.IR primitives .
+Primitives usually consist of an
+.I id
+(name or number) preceded by one or more qualifiers.
+There are three
+different kinds of qualifier:
+.IP \fItype\fP
+qualifiers say what kind of thing the id name or number refers to.
+Possible types are
+.BR host ,
+.B net ,
+.B port
+and
+.BR portrange .
+E.g., `host foo', `net 128.3', `port 20', `portrange 6000-6008'.
+If there is no type
+qualifier,
+.B host
+is assumed.
+.IP \fIdir\fP
+qualifiers specify a particular transfer direction to and/or from
+.IR id .
+Possible directions are
+.BR src ,
+.BR dst ,
+.BR "src or dst" ,
+.BR "src and dst" ,
+.BR ra ,
+.BR ta ,
+.BR addr1 ,
+.BR addr2 ,
+.BR addr3 ,
+and
+.BR addr4 .
+E.g., `src foo', `dst net 128.3', `src or dst port ftp-data'.
+If
+there is no dir qualifier,
+.B "src or dst"
+is assumed.
+The
+.BR ra ,
+.BR ta ,
+.BR addr1 ,
+.BR addr2 ,
+.BR addr3 ,
+and
+.B addr4
+qualifiers are only valid for IEEE 802.11 Wireless LAN link layers.
+For some link layers, such as SLIP and the ``cooked'' Linux capture mode
+used for the ``any'' device and for some other device types, the
+.B inbound
+and
+.B outbound
+qualifiers can be used to specify a desired direction.
+.IP \fIproto\fP
+qualifiers restrict the match to a particular protocol.
+Possible
+protos are:
+.BR ether ,
+.BR fddi ,
+.BR tr ,
+.BR wlan ,
+.BR ip ,
+.BR ip6 ,
+.BR arp ,
+.BR rarp ,
+.BR decnet ,
+.B tcp
+and
+.BR udp .
+E.g., `ether src foo', `arp net 128.3', `tcp port 21', `udp portrange
+7000-7009', `wlan addr2 0:2:3:4:5:6'.
+If there is
+no proto qualifier, all protocols consistent with the type are
+assumed.
+E.g., `src foo' means `(ip or arp or rarp) src foo'
+(except the latter is not legal syntax), `net bar' means `(ip or
+arp or rarp) net bar' and `port 53' means `(tcp or udp) port 53'.
+.LP
+[`fddi' is actually an alias for `ether'; the parser treats them
+identically as meaning ``the data link level used on the specified
+network interface.''  FDDI headers contain Ethernet-like source
+and destination addresses, and often contain Ethernet-like packet
+types, so you can filter on these FDDI fields just as with the
+analogous Ethernet fields.
+FDDI headers also contain other fields,
+but you cannot name them explicitly in a filter expression.
+.LP
+Similarly, `tr' and `wlan' are aliases for `ether'; the previous
+paragraph's statements about FDDI headers also apply to Token Ring
+and 802.11 wireless LAN headers.  For 802.11 headers, the destination
+address is the DA field and the source address is the SA field; the
+BSSID, RA, and TA fields aren't tested.]
+.LP
+In addition to the above, there are some special `primitive' keywords
+that don't follow the pattern:
+.BR gateway ,
+.BR broadcast ,
+.BR less ,
+.B greater
+and arithmetic expressions.
+All of these are described below.
+.LP
+More complex filter expressions are built up by using the words
+.BR and ,
+.B or
+and
+.B not
+to combine primitives.
+E.g., `host foo and not port ftp and not port ftp-data'.
+To save typing, identical qualifier lists can be omitted.
+E.g.,
+`tcp dst port ftp or ftp-data or domain' is exactly the same as
+`tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'.
+.LP
+Allowable primitives are:
+.IP "\fBdst host \fIhost\fR"
+True if the IPv4/v6 destination field of the packet is \fIhost\fP,
+which may be either an address or a name.
+.IP "\fBsrc host \fIhost\fR"
+True if the IPv4/v6 source field of the packet is \fIhost\fP.
+.IP "\fBhost \fIhost\fP
+True if either the IPv4/v6 source or destination of the packet is \fIhost\fP.
+.IP
+Any of the above host expressions can be prepended with the keywords,
+\fBip\fP, \fBarp\fP, \fBrarp\fP, or \fBip6\fP as in:
+.in +.5i
+.nf
+\fBip host \fIhost\fR
+.fi
+.in -.5i
+which is equivalent to:
+.in +.5i
+.nf
+\fBether proto \fI\\ip\fB and host \fIhost\fR
+.fi
+.in -.5i
+If \fIhost\fR is a name with multiple IP addresses, each address will
+be checked for a match.
+.IP "\fBether dst \fIehost\fP
+True if the Ethernet destination address is \fIehost\fP.
+\fIEhost\fP
+may be either a name from /etc/ethers or a number (see
+.IR ethers (3N)
+for numeric format).
+.IP "\fBether src \fIehost\fP
+True if the Ethernet source address is \fIehost\fP.
+.IP "\fBether host \fIehost\fP
+True if either the Ethernet source or destination address is \fIehost\fP.
+.IP "\fBgateway\fP \fIhost\fP
+True if the packet used \fIhost\fP as a gateway.
+I.e., the Ethernet
+source or destination address was \fIhost\fP but neither the IP source
+nor the IP destination was \fIhost\fP.
+\fIHost\fP must be a name and
+must be found both by the machine's host-name-to-IP-address resolution
+mechanisms (host name file, DNS, NIS, etc.) and by the machine's
+host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.).
+(An equivalent expression is
+.in +.5i
+.nf
+\fBether host \fIehost \fBand not host \fIhost\fR
+.fi
+.in -.5i
+which can be used with either names or numbers for \fIhost / ehost\fP.)
+This syntax does not work in IPv6-enabled configuration at this moment.
+.IP "\fBdst net \fInet\fR"
+True if the IPv4/v6 destination address of the packet has a network
+number of \fInet\fP.
+\fINet\fP may be either a name from the networks database
+(/etc/networks, etc.) or a network number.
+An IPv4 network number can be written as a dotted quad (e.g., 192.168.1.0),
+dotted triple (e.g., 192.168.1), dotted pair (e.g, 172.16), or single
+number (e.g., 10); the netmask is 255.255.255.255 for a dotted quad
+(which means that it's really a host match), 255.255.255.0 for a dotted
+triple, 255.255.0.0 for a dotted pair, or 255.0.0.0 for a single number.
+An IPv6 network number must be written out fully; the netmask is
+ff:ff:ff:ff:ff:ff:ff:ff, so IPv6 "network" matches are really always
+host matches, and a network match requires a netmask length.
+.IP "\fBsrc net \fInet\fR"
+True if the IPv4/v6 source address of the packet has a network
+number of \fInet\fP.
+.IP "\fBnet \fInet\fR"
+True if either the IPv4/v6 source or destination address of the packet has a network
+number of \fInet\fP.
+.IP "\fBnet \fInet\fR \fBmask \fInetmask\fR"
+True if the IPv4 address matches \fInet\fR with the specific \fInetmask\fR.
+May be qualified with \fBsrc\fR or \fBdst\fR.
+Note that this syntax is not valid for IPv6 \fInet\fR.
+.IP "\fBnet \fInet\fR/\fIlen\fR"
+True if the IPv4/v6 address matches \fInet\fR with a netmask \fIlen\fR
+bits wide.
+May be qualified with \fBsrc\fR or \fBdst\fR.
+.IP "\fBdst port \fIport\fR"
+True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
+destination port value of \fIport\fP.
+The \fIport\fP can be a number or a name used in /etc/services (see
+.IR tcp (4P)
+and
+.IR udp (4P)).
+If a name is used, both the port
+number and protocol are checked.
+If a number or ambiguous name is used,
+only the port number is checked (e.g., \fBdst port 513\fR will print both
+tcp/login traffic and udp/who traffic, and \fBport domain\fR will print
+both tcp/domain and udp/domain traffic).
+.IP "\fBsrc port \fIport\fR"
+True if the packet has a source port value of \fIport\fP.
+.IP "\fBport \fIport\fR"
+True if either the source or destination port of the packet is \fIport\fP.
+.IP "\fBdst portrange \fIport1\fB-\fIport2\fR"
+True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
+destination port value between \fIport1\fP and \fIport2\fP.
+.I port1
+and
+.I port2
+are interpreted in the same fashion as the
+.I port
+parameter for
+.BR port .
+.IP "\fBsrc portrange \fIport1\fB-\fIport2\fR"
+True if the packet has a source port value between \fIport1\fP and
+\fIport2\fP.
+.IP "\fBportrange \fIport1\fB-\fIport2\fR"
+True if either the source or destination port of the packet is between
+\fIport1\fP and \fIport2\fP.
+.IP
+Any of the above port or port range expressions can be prepended with
+the keywords, \fBtcp\fP or \fBudp\fP, as in:
+.in +.5i
+.nf
+\fBtcp src port \fIport\fR
+.fi
+.in -.5i
+which matches only tcp packets whose source port is \fIport\fP.
+.IP "\fBless \fIlength\fR"
+True if the packet has a length less than or equal to \fIlength\fP.
+This is equivalent to:
+.in +.5i
+.nf
+\fBlen <= \fIlength\fP.
+.fi
+.in -.5i
+.IP "\fBgreater \fIlength\fR"
+True if the packet has a length greater than or equal to \fIlength\fP.
+This is equivalent to:
+.in +.5i
+.nf
+\fBlen >= \fIlength\fP.
+.fi
+.in -.5i
+.IP "\fBip proto \fIprotocol\fR"
+True if the packet is an IPv4 packet (see
+.IR ip (4P))
+of protocol type \fIprotocol\fP.
+\fIProtocol\fP can be a number or one of the names
+\fBicmp\fP, \fBicmp6\fP, \fBigmp\fP, \fBigrp\fP, \fBpim\fP, \fBah\fP,
+\fBesp\fP, \fBvrrp\fP, \fBudp\fP, or \fBtcp\fP.
+Note that the identifiers \fBtcp\fP, \fBudp\fP, and \fBicmp\fP are also
+keywords and must be escaped via backslash (\\), which is \\\\ in the C-shell.
+Note that this primitive does not chase the protocol header chain.
+.IP "\fBip6 proto \fIprotocol\fR"
+True if the packet is an IPv6 packet of protocol type \fIprotocol\fP.
+Note that this primitive does not chase the protocol header chain.
+.IP "\fBip6 protochain \fIprotocol\fR"
+True if the packet is IPv6 packet,
+and contains protocol header with type \fIprotocol\fR
+in its protocol header chain.
+For example,
+.in +.5i
+.nf
+\fBip6 protochain 6\fR
+.fi
+.in -.5i
+matches any IPv6 packet with TCP protocol header in the protocol header chain.
+The packet may contain, for example,
+authentication header, routing header, or hop-by-hop option header,
+between IPv6 header and TCP header.
+The BPF code emitted by this primitive is complex and
+cannot be optimized by the BPF optimizer code, so this can be somewhat
+slow.
+.IP "\fBip protochain \fIprotocol\fR"
+Equivalent to \fBip6 protochain \fIprotocol\fR, but this is for IPv4.
+.IP "\fBether broadcast\fR"
+True if the packet is an Ethernet broadcast packet.
+The \fIether\fP
+keyword is optional.
+.IP "\fBip broadcast\fR"
+True if the packet is an IPv4 broadcast packet.
+It checks for both the all-zeroes and all-ones broadcast conventions,
+and looks up the subnet mask on the interface on which the capture is
+being done.
+.IP
+If the subnet mask of the interface on which the capture is being done
+is not available, either because the interface on which capture is being
+done has no netmask or because the capture is being done on the Linux
+"any" interface, which can capture on more than one interface, this
+check will not work correctly.
+.IP "\fBether multicast\fR"
+True if the packet is an Ethernet multicast packet.
+The \fBether\fP
+keyword is optional.
+This is shorthand for `\fBether[0] & 1 != 0\fP'.
+.IP "\fBip multicast\fR"
+True if the packet is an IPv4 multicast packet.
+.IP "\fBip6 multicast\fR"
+True if the packet is an IPv6 multicast packet.
+.IP  "\fBether proto \fIprotocol\fR"
+True if the packet is of ether type \fIprotocol\fR.
+\fIProtocol\fP can be a number or one of the names
+\fBip\fP, \fBip6\fP, \fBarp\fP, \fBrarp\fP, \fBatalk\fP, \fBaarp\fP,
+\fBdecnet\fP, \fBsca\fP, \fBlat\fP, \fBmopdl\fP, \fBmoprc\fP,
+\fBiso\fP, \fBstp\fP, \fBipx\fP, or \fBnetbeui\fP.
+Note these identifiers are also keywords
+and must be escaped via backslash (\\).
+.IP
+[In the case of FDDI (e.g., `\fBfddi protocol arp\fR'), Token Ring
+(e.g., `\fBtr protocol arp\fR'), and IEEE 802.11 wireless LANS (e.g.,
+`\fBwlan protocol arp\fR'), for most of those protocols, the
+protocol identification comes from the 802.2 Logical Link Control (LLC)
+header, which is usually layered on top of the FDDI, Token Ring, or
+802.11 header.
+.IP
+When filtering for most protocol identifiers on FDDI, Token Ring, or
+802.11, the filter checks only the protocol ID field of an LLC header
+in so-called SNAP format with an Organizational Unit Identifier (OUI) of
+0x000000, for encapsulated Ethernet; it doesn't check whether the packet
+is in SNAP format with an OUI of 0x000000.
+The exceptions are:
+.RS
+.TP
+\fBiso\fP
+the filter checks the DSAP (Destination Service Access Point) and
+SSAP (Source Service Access Point) fields of the LLC header;
+.TP
+\fBstp\fP and \fBnetbeui\fP
+the filter checks the DSAP of the LLC header;
+.TP
+\fBatalk\fP
+the filter checks for a SNAP-format packet with an OUI of 0x080007
+and the AppleTalk etype.
+.RE
+.IP
+In the case of Ethernet, the filter checks the Ethernet type field
+for most of those protocols.  The exceptions are:
+.RS
+.TP
+\fBiso\fP, \fBstp\fP, and \fBnetbeui\fP
+the filter checks for an 802.3 frame and then checks the LLC header as
+it does for FDDI, Token Ring, and 802.11;
+.TP
+\fBatalk\fP
+the filter checks both for the AppleTalk etype in an Ethernet frame and
+for a SNAP-format packet as it does for FDDI, Token Ring, and 802.11;
+.TP
+\fBaarp\fP
+the filter checks for the AppleTalk ARP etype in either an Ethernet
+frame or an 802.2 SNAP frame with an OUI of 0x000000;
+.TP
+\fBipx\fP
+the filter checks for the IPX etype in an Ethernet frame, the IPX
+DSAP in the LLC header, the 802.3-with-no-LLC-header encapsulation of
+IPX, and the IPX etype in a SNAP frame.
+.RE
+.IP "\fBdecnet src \fIhost\fR"
+True if the DECNET source address is
+.IR host ,
+which may be an address of the form ``10.123'', or a DECNET host
+name.
+[DECNET host name support is only available on ULTRIX systems
+that are configured to run DECNET.]
+.IP "\fBdecnet dst \fIhost\fR"
+True if the DECNET destination address is
+.IR host .
+.IP "\fBdecnet host \fIhost\fR"
+True if either the DECNET source or destination address is
+.IR host .
+.IP "\fBifname \fIinterface\fR"
+True if the packet was logged as coming from the specified interface (applies
+only to packets logged by OpenBSD's or FreeBSD's
+.BR pf (4)).
+.IP "\fBon \fIinterface\fR"
+Synonymous with the
+.B ifname
+modifier.
+.IP "\fBrnr \fInum\fR"
+True if the packet was logged as matching the specified PF rule number
+(applies only to packets logged by OpenBSD's or FreeBSD's
+.BR pf (4)).
+.IP "\fBrulenum \fInum\fR"
+Synonymous with the
+.B rnr
+modifier.
+.IP "\fBreason \fIcode\fR"
+True if the packet was logged with the specified PF reason code.  The known
+codes are:
+.BR match ,
+.BR bad-offset ,
+.BR fragment ,
+.BR short ,
+.BR normalize ,
+and
+.B memory
+(applies only to packets logged by OpenBSD's or FreeBSD's
+.BR pf (4)).
+.IP "\fBrset \fIname\fR"
+True if the packet was logged as matching the specified PF ruleset
+name of an anchored ruleset (applies only to packets logged by OpenBSD's
+or FreeBSD's
+.BR pf (4)).
+.IP "\fBruleset \fIname\fR"
+Synonomous with the
+.B rset
+modifier.
+.IP "\fBsrnr \fInum\fR"
+True if the packet was logged as matching the specified PF rule number
+of an anchored ruleset (applies only to packets logged by OpenBSD's or
+FreeBSD's
+.BR pf (4)).
+.IP "\fBsubrulenum \fInum\fR"
+Synonomous with the
+.B srnr
+modifier.
+.IP "\fBaction \fIact\fR"
+True if PF took the specified action when the packet was logged.  Known actions
+are:
+.B pass
+and
+.B block
+and, with later versions of
+.BR pf (4)),
+.BR nat ,
+.BR rdr ,
+.B binat
+and
+.B scrub
+(applies only to packets logged by OpenBSD's or FreeBSD's
+.BR pf (4)).
+.IP "\fBwlan ra \fIehost\fR"
+True if the IEEE 802.11 RA is
+.IR ehost .
+The RA field is used in all frames except for management frames.
+.IP "\fBwlan ta \fIehost\fR"
+True if the IEEE 802.11 TA is
+.IR ehost .
+The TA field is used in all frames except for management frames and
+CTS (Clear To Send) and ACK (Acknowledgment) control frames.
+.IP "\fBwlan addr1 \fIehost\fR"
+True if the first IEEE 802.11 address is
+.IR ehost .
+.IP "\fBwlan addr2 \fIehost\fR"
+True if the second IEEE 802.11 address, if present, is
+.IR ehost .
+The second address field is used in all frames except for CTS (Clear To
+Send) and ACK (Acknowledgment) control frames.
+.IP "\fBwlan addr3 \fIehost\fR"
+True if the third IEEE 802.11 address, if present, is
+.IR ehost .
+The third address field is used in management and data frames, but not
+in control frames.
+.IP "\fBwlan addr4 \fIehost\fR"
+True if the fourth IEEE 802.11 address, if present, is
+.IR ehost .
+The fourth address field is only used for
+WDS (Wireless Distribution System) frames.
+.IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR, \fBstp\fR, \fBipx\fR, \fBnetbeui\fP"
+Abbreviations for:
+.in +.5i
+.nf
+\fBether proto \fIp\fR
+.fi
+.in -.5i
+where \fIp\fR is one of the above protocols.
+.IP "\fBlat\fR, \fBmoprc\fR, \fBmopdl\fR"
+Abbreviations for:
+.in +.5i
+.nf
+\fBether proto \fIp\fR
+.fi
+.in -.5i
+where \fIp\fR is one of the above protocols.
+Note that not all applications using
+.BR pcap (3)
+currently know how to parse these protocols.
+.IP "\fBtype \fIwlan_type\fR"
+True if the IEEE 802.11 frame type matches the specified \fIwlan_type\fR.
+Valid \fIwlan_type\fRs are:
+\fBmgt\fP,
+\fBctl\fP
+and \fBdata\fP.
+.IP "\fBtype \fIwlan_type \fBsubtype \fIwlan_subtype\fR"
+True if the IEEE 802.11 frame type matches the specified \fIwlan_type\fR
+and frame subtype matches the specified \fIwlan_subtype\fR.
+.IP
+If the specified \fIwlan_type\fR is \fBmgt\fP,
+then valid \fIwlan_subtype\fRs are:
+\fBassoc-req\fP,
+\fBassoc-resp\fP,
+\fBreassoc-req\fP,
+\fBreassoc-resp\fP,
+\fBprobe-req\fP,
+\fBprobe-resp\fP,
+\fBbeacon\fP,
+\fBatim\fP,
+\fBdisassoc\fP,
+\fBauth\fP and
+\fBdeauth\fP.
+.IP
+If the specified \fIwlan_type\fR is \fBctl\fP,
+then valid \fIwlan_subtype\fRs are:
+\fBps-poll\fP,
+\fBrts\fP,
+\fBcts\fP,
+\fBack\fP,
+\fBcf-end\fP and
+\fBcf-end-ack\fP.
+.IP
+If the specified \fIwlan_type\fR is \fBdata\fP,
+then valid \fIwlan_subtype\fRs are:
+\fBdata\fP,
+\fBdata-cf-ack\fP,
+\fBdata-cf-poll\fP,
+\fBdata-cf-ack-poll\fP,
+\fBnull\fP,
+\fBcf-ack\fP,
+\fBcf-poll\fP,
+\fBcf-ack-poll\fP,
+\fBqos-data\fP,
+\fBqos-data-cf-ack\fP,
+\fBqos-data-cf-poll\fP,
+\fBqos-data-cf-ack-poll\fP,
+\fBqos\fP,
+\fBqos-cf-poll\fP and
+\fBqos-cf-ack-poll\fP.
+.IP "\fBsubtype \fIwlan_subtype\fR"
+True if the IEEE 802.11 frame subtype matches the specified \fIwlan_subtype\fR
+and frame has the type to which the specified \fIwlan_subtype\fR belongs.
+.IP "\fBdir \fIdir\fR"
+True if the IEEE 802.11 frame direction matches the specified
+.IR dir .
+Valid directions are:
+.BR nods ,
+.BR tods ,
+.BR fromds ,
+.BR dstods ,
+or a numeric value.
+.IP "\fBvlan \fI[vlan_id]\fR"
+True if the packet is an IEEE 802.1Q VLAN packet.
+If \fI[vlan_id]\fR is specified, only true if the packet has the specified
+\fIvlan_id\fR.
+Note that the first \fBvlan\fR keyword encountered in \fIexpression\fR
+changes the decoding offsets for the remainder of \fIexpression\fR on
+the assumption that the packet is a VLAN packet.  The \fBvlan
+\fI[vlan_id]\fR expression may be used more than once, to filter on VLAN
+hierarchies.  Each use of that expression increments the filter offsets
+by 4.
+.IP
+For example:
+.in +.5i
+.nf
+\fBvlan 100 && vlan 200\fR
+.fi
+.in -.5i
+filters on VLAN 200 encapsulated within VLAN 100, and
+.in +.5i
+.nf
+\fBvlan && vlan 300 && ip\fR
+.fi
+.in -.5i
+filters IPv4 protocols encapsulated in VLAN 300 encapsulated within any
+higher order VLAN.
+.IP "\fBmpls \fI[label_num]\fR"
+True if the packet is an MPLS packet.
+If \fI[label_num]\fR is specified, only true is the packet has the specified
+\fIlabel_num\fR.
+Note that the first \fBmpls\fR keyword encountered in \fIexpression\fR
+changes the decoding offsets for the remainder of \fIexpression\fR on
+the assumption that the packet is a MPLS-encapsulated IP packet.  The
+\fBmpls \fI[label_num]\fR expression may be used more than once, to
+filter on MPLS hierarchies.  Each use of that expression increments the
+filter offsets by 4. 
+.IP
+For example:
+.in +.5i
+.nf
+\fBmpls 100000 && mpls 1024\fR
+.fi
+.in -.5i
+filters packets with an outer label of 100000 and an inner label of
+1024, and
+.in +.5i
+.nf
+\fBmpls && mpls 1024 && host 192.9.200.1\fR
+.fi
+.in -.5i
+filters packets to or from 192.9.200.1 with an inner label of 1024 and
+any outer label.
+.IP \fBpppoed\fP
+True if the packet is a PPP-over-Ethernet Discovery packet (Ethernet
+type 0x8863).
+.IP \fBpppoes\fP
+True if the packet is a PPP-over-Ethernet Session packet (Ethernet
+type 0x8864).
+Note that the first \fBpppoes\fR keyword encountered in \fIexpression\fR
+changes the decoding offsets for the remainder of \fIexpression\fR on
+the assumption that the packet is a PPPoE session packet.
+.IP
+For example:
+.in +.5i
+.nf
+\fBpppoes && ip\fR
+.fi
+.in -.5i
+filters IPv4 protocols encapsulated in PPPoE.
+.IP  "\fBtcp\fR, \fBudp\fR, \fBicmp\fR"
+Abbreviations for:
+.in +.5i
+.nf
+\fBip proto \fIp\fR\fB or ip6 proto \fIp\fR
+.fi
+.in -.5i
+where \fIp\fR is one of the above protocols.
+.IP "\fBiso proto \fIprotocol\fR"
+True if the packet is an OSI packet of protocol type \fIprotocol\fP.
+\fIProtocol\fP can be a number or one of the names
+\fBclnp\fP, \fBesis\fP, or \fBisis\fP.
+.IP "\fBclnp\fR, \fBesis\fR, \fBisis\fR"
+Abbreviations for:
+.in +.5i
+.nf
+\fBiso proto \fIp\fR
+.fi
+.in -.5i
+where \fIp\fR is one of the above protocols.
+.IP "\fBl1\fR, \fBl2\fR, \fBiih\fR, \fBlsp\fR, \fBsnp\fR, \fBcsnp\fR, \fBpsnp\fR"
+Abbreviations for IS-IS PDU types.
+.IP "\fBvpi\fP \fIn\fR
+True if the packet is an ATM packet, for SunATM on Solaris, with a
+virtual path identifier of
+.IR n .
+.IP "\fBvci\fP \fIn\fR
+True if the packet is an ATM packet, for SunATM on Solaris, with a
+virtual channel identifier of
+.IR n .
+.IP \fBlane\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+an ATM LANE packet.
+Note that the first \fBlane\fR keyword encountered in \fIexpression\fR
+changes the tests done in the remainder of \fIexpression\fR
+on the assumption that the packet is either a LANE emulated Ethernet
+packet or a LANE LE Control packet.  If \fBlane\fR isn't specified, the
+tests are done under the assumption that the packet is an
+LLC-encapsulated packet.
+.IP \fBllc\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+an LLC-encapsulated packet.
+.IP \fBoamf4s\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+a segment OAM F4 flow cell (VPI=0 & VCI=3).
+.IP \fBoamf4e\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+an end-to-end OAM F4 flow cell (VPI=0 & VCI=4).
+.IP \fBoamf4\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)).
+.IP \fBoam\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)).
+.IP \fBmetac\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+on a meta signaling circuit (VPI=0 & VCI=1).
+.IP \fBbcc\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+on a broadcast signaling circuit (VPI=0 & VCI=2).
+.IP \fBsc\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+on a signaling circuit (VPI=0 & VCI=5).
+.IP \fBilmic\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+on an ILMI circuit (VPI=0 & VCI=16).
+.IP \fBconnectmsg\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+on a signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect,
+Connect Ack, Release, or Release Done message.
+.IP \fBmetaconnect\fP
+True if the packet is an ATM packet, for SunATM on Solaris, and is
+on a meta signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect,
+Release, or Release Done message.
+.IP  "\fIexpr relop expr\fR"
+True if the relation holds, where \fIrelop\fR is one of >, <, >=, <=, =,
+!=, and \fIexpr\fR is an arithmetic expression composed of integer
+constants (expressed in standard C syntax), the normal binary operators
+[+, -, *, /, &, |, <<, >>], a length operator, and special packet data
+accessors.  Note that all comparisons are unsigned, so that, for example,
+0x80000000 and 0xffffffff are > 0.
+To access
+data inside the packet, use the following syntax:
+.in +.5i
+.nf
+\fIproto\fB [ \fIexpr\fB : \fIsize\fB ]\fR
+.fi
+.in -.5i
+\fIProto\fR is one of \fBether, fddi, tr, wlan, ppp, slip, link,
+ip, arp, rarp, tcp, udp, icmp, ip6\fR or \fBradio\fR, and
+indicates the protocol layer for the index operation.
+(\fBether, fddi, wlan, tr, ppp, slip\fR and \fBlink\fR all refer to the
+link layer. \fBradio\fR refers to the "radio header" added to some
+802.11 captures.)
+Note that \fItcp, udp\fR and other upper-layer protocol types only
+apply to IPv4, not IPv6 (this will be fixed in the future).
+The byte offset, relative to the indicated protocol layer, is
+given by \fIexpr\fR.
+\fISize\fR is optional and indicates the number of bytes in the
+field of interest; it can be either one, two, or four, and defaults to one.
+The length operator, indicated by the keyword \fBlen\fP, gives the
+length of the packet.
+
+For example, `\fBether[0] & 1 != 0\fP' catches all multicast traffic.
+The expression `\fBip[0] & 0xf != 5\fP'
+catches all IPv4 packets with options.
+The expression
+`\fBip[6:2] & 0x1fff = 0\fP'
+catches only unfragmented IPv4 datagrams and frag zero of fragmented
+IPv4 datagrams.
+This check is implicitly applied to the \fBtcp\fP and \fBudp\fP
+index operations.
+For instance, \fBtcp[0]\fP always means the first
+byte of the TCP \fIheader\fP, and never means the first byte of an
+intervening fragment.
+
+Some offsets and field values may be expressed as names rather than
+as numeric values.
+The following protocol header field offsets are
+available: \fBicmptype\fP (ICMP type field), \fBicmpcode\fP (ICMP
+code field), and \fBtcpflags\fP (TCP flags field).
+
+The following ICMP type field values are available: \fBicmp-echoreply\fP,
+\fBicmp-unreach\fP, \fBicmp-sourcequench\fP, \fBicmp-redirect\fP,
+\fBicmp-echo\fP, \fBicmp-routeradvert\fP, \fBicmp-routersolicit\fP,
+\fBicmp-timxceed\fP, \fBicmp-paramprob\fP, \fBicmp-tstamp\fP,
+\fBicmp-tstampreply\fP, \fBicmp-ireq\fP, \fBicmp-ireqreply\fP,
+\fBicmp-maskreq\fP, \fBicmp-maskreply\fP.
+
+The following TCP flags field values are available: \fBtcp-fin\fP,
+\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP,
+\fBtcp-ack\fP, \fBtcp-urg\fP.
+.LP
+Primitives may be combined using:
+.IP
+A parenthesized group of primitives and operators
+(parentheses are special to the Shell and must be escaped).
+.IP
+Negation (`\fB!\fP' or `\fBnot\fP').
+.IP
+Concatenation (`\fB&&\fP' or `\fBand\fP').
+.IP
+Alternation (`\fB||\fP' or `\fBor\fP').
+.LP
+Negation has highest precedence.
+Alternation and concatenation have equal precedence and associate
+left to right.
+Note that explicit \fBand\fR tokens, not juxtaposition,
+are now required for concatenation.
+.LP
+If an identifier is given without a keyword, the most recent keyword
+is assumed.
+For example,
+.in +.5i
+.nf
+\fBnot host vs and ace\fR
+.fi
+.in -.5i
+is short for
+.in +.5i
+.nf
+\fBnot host vs and host ace\fR
+.fi
+.in -.5i
+which should not be confused with
+.in +.5i
+.nf
+\fBnot ( host vs or ace )\fR
+.fi
+.in -.5i
+.SH EXAMPLES
+.LP
+To select all packets arriving at or departing from \fIsundown\fP:
+.RS
+.nf
+\fBhost sundown\fP
+.fi
+.RE
+.LP
+To select traffic between \fIhelios\fR and either \fIhot\fR or \fIace\fR:
+.RS
+.nf
+\fBhost helios and \\( hot or ace \\)\fP
+.fi
+.RE
+.LP
+To select all IP packets between \fIace\fR and any host except \fIhelios\fR:
+.RS
+.nf
+\fBip host ace and not helios\fP
+.fi
+.RE
+.LP
+To select all traffic between local hosts and hosts at Berkeley:
+.RS
+.nf
+.B
+net ucb-ether
+.fi
+.RE
+.LP
+To select all ftp traffic through internet gateway \fIsnup\fP:
+.RS
+.nf
+.B
+gateway snup and (port ftp or ftp-data)
+.fi
+.RE
+.LP
+To select traffic neither sourced from nor destined for local hosts
+(if you gateway to one other net, this stuff should never make it
+onto your local net).
+.RS
+.nf
+.B
+ip and not net \fIlocalnet\fP
+.fi
+.RE
+.LP
+To select the start and end packets (the SYN and FIN packets) of each
+TCP conversation that involves a non-local host.
+.RS
+.nf
+.B
+tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net \fIlocalnet\fP
+.fi
+.RE
+.LP
+To select all IPv4 HTTP packets to and from port 80, i.e. print only
+packets that contain data, not, for example, SYN and FIN packets and
+ACK-only packets.  (IPv6 is left as an exercise for the reader.)
+.RS
+.nf
+.B
+tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)
+.fi
+.RE
+.LP
+To select IP packets longer than 576 bytes sent through gateway \fIsnup\fP:
+.RS
+.nf
+.B
+gateway snup and ip[2:2] > 576
+.fi
+.RE
+.LP
+To select IP broadcast or multicast packets that were
+.I not
+sent via Ethernet broadcast or multicast:
+.RS
+.nf
+.B
+ether[0] & 1 = 0 and ip[16] >= 224
+.fi
+.RE
+.LP
+To select all ICMP packets that are not echo requests/replies (i.e., not
+ping packets):
+.RS
+.nf
+.B
+icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply
+.fi
+.RE
+.SH "SEE ALSO"
+pcap(3PCAP)
+.SH AUTHORS
+The original authors are:
+.LP
+Van Jacobson,
+Craig Leres and
+Steven McCanne, all of the
+Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.
+.LP
+It is currently being maintained by tcpdump.org.
+.LP
+The current version of libpcap is available via http:
+.LP
+.RS
+.I http://www.tcpdump.org/
+.RE
+.LP
+The original distribution is available via anonymous ftp:
+.LP
+.RS
+.I ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
+.RE
+.SH BUGS
+Please send problems, bugs, questions, desirable enhancements, etc. to:
+.LP
+.RS
+tcpdump-workers@lists.tcpdump.org
+.RE
+.LP
+Filter expressions on fields other than those in Token Ring headers will
+not correctly handle source-routed Token Ring packets.
+.LP
+Filter expressions on fields other than those in 802.11 headers will not
+correctly handle 802.11 data packets with both To DS and From DS set.
+.LP
+.BR "ip6 proto"
+should chase header chain, but at this moment it does not.
+.BR "ip6 protochain"
+is supplied for this behavior.
+.LP
+Arithmetic expression against transport layer headers, like \fBtcp[0]\fP,
+does not work against IPv6 packets.
+It only looks at IPv4 packets.
--- a/pcap-int.h
+++ b/pcap-int.h
@ -30,20 +30,25 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.70 2005-04-07 02:47:34 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.94 2008-09-16 00:20:23 guy Exp $ (LBL)
 */

 #ifndef pcap_int_h
-#define pcap_int_h
+#define	pcap_int_h
+
+#include <pcap/pcap.h>

 #ifdef __cplusplus
 extern "C" {
 #endif

-#include <pcap.h>
+#ifdef HAVE_LIBDLPI
+#include <libdlpi.h>
+#endif

 #ifdef WIN32
-#include <packet32.h>
+#include <Packet32.h>
+extern CRITICAL_SECTION g_PcapCompileCriticalSection;
 #endif /* WIN32 */

 #ifdef MSDOS
@ -51,6 +56,42 @@ extern "C" {
 #include <io.h>
 #endif

+#ifdef HAVE_SNF_API
+#include <snf.h>
+#endif
+
+#if (defined(_MSC_VER) && (_MSC_VER <= 1200)) /* we are compiling with Visual Studio 6, that doesn't support the LL suffix*/
+
+/*
+ * Swap byte ordering of unsigned long long timestamp on a big endian
+ * machine.
+ */
+#define SWAPLL(ull)  ((ull & 0xff00000000000000) >> 56) | \
+                      ((ull & 0x00ff000000000000) >> 40) | \
+                      ((ull & 0x0000ff0000000000) >> 24) | \
+                      ((ull & 0x000000ff00000000) >> 8)  | \
+                      ((ull & 0x00000000ff000000) << 8)  | \
+                      ((ull & 0x0000000000ff0000) << 24) | \
+                      ((ull & 0x000000000000ff00) << 40) | \
+                      ((ull & 0x00000000000000ff) << 56)
+
+#else /* A recent Visual studio compiler or not VC */
+
+/*
+ * Swap byte ordering of unsigned long long timestamp on a big endian
+ * machine.
+ */
+#define SWAPLL(ull)  ((ull & 0xff00000000000000LL) >> 56) | \
+                      ((ull & 0x00ff000000000000LL) >> 40) | \
+                      ((ull & 0x0000ff0000000000LL) >> 24) | \
+                      ((ull & 0x000000ff00000000LL) >> 8)  | \
+                      ((ull & 0x00000000ff000000LL) << 8)  | \
+                      ((ull & 0x0000000000ff0000LL) << 24) | \
+                      ((ull & 0x000000000000ff00LL) << 40) | \
+                      ((ull & 0x00000000000000ffLL) << 56)
+
+#endif /* _MSC_VER */
+
 /*
 * Savefile
 */
@ -60,16 +101,26 @@ typedef enum {
 	MAYBE_SWAPPED
 } swapped_type_t;

+/*
+ * Used when reading a savefile.
+ */
 struct pcap_sf {
 	FILE *rfile;
+	int (*next_packet_op)(pcap_t *, struct pcap_pkthdr *, u_char **);
 	int swapped;
-	int hdrsize;
+	size_t hdrsize;
 	swapped_type_t lengths_swapped;
 	int version_major;
 	int version_minor;
-	u_char *base;
+	bpf_u_int32 ifcount;	/* number of interfaces seen in this capture */
+	u_int tsresol;		/* time stamp resolution */
+	u_int tsscale;		/* scaling factor for resolution -> microseconds */
+	u_int64_t tsoffset;	/* time stamp offset */
 };

+/*
+ * Used when doing a live capture.
+ */
 struct pcap_md {
 	struct pcap_stat stat;
 	/*XXX*/
@ -80,48 +131,138 @@ struct pcap_md {
 	long	TotMissed;	/* missed by i/f during this run */
 	long	OrigMissed;	/* missed by i/f before this run */
 	char	*device;	/* device name */
+	int	timeout;	/* timeout for buffering */
+	int	must_do_on_close; /* stuff we must do when we close */
+	struct pcap *next;	/* list of open pcaps that need stuff cleared on close */
 #ifdef linux
 	int	sock_packet;	/* using Linux 2.0 compatible interface */
-	int	timeout;	/* timeout specified to pcap_open_live */
-	int	clear_promisc;	/* must clear promiscuous mode when we close */
 	int	cooked;		/* using SOCK_DGRAM rather than SOCK_RAW */
 	int	ifindex;	/* interface index of device we're bound to */
 	int	lo_ifindex;	/* interface index of the loopback device */
-	struct pcap *next;	/* list of open promiscuous sock_packet pcaps */
-#endif
+	u_int	packets_read;	/* count of packets read with recvfrom() */
+	bpf_u_int32 oldmode;	/* mode to restore when turning monitor mode off */
+	char	*mondevice;	/* mac80211 monitor device we created */
+	u_char	*mmapbuf;	/* memory-mapped region pointer */
+	size_t	mmapbuflen;	/* size of region */
+	u_int	tp_version;	/* version of tpacket_hdr for mmaped ring */
+	u_int	tp_hdrlen;	/* hdrlen of tpacket_hdr for mmaped ring */
+	u_char	*oneshot_buffer; /* buffer for copy of packet */
+	long	proc_dropped; /* packets reported dropped by /proc/net/dev */
+#endif /* linux */

 #ifdef HAVE_DAG_API
+#ifdef HAVE_DAG_STREAMS_API
+	u_char	*dag_mem_bottom;	/* DAG card current memory bottom pointer */
+	u_char	*dag_mem_top;	/* DAG card current memory top pointer */
+#else /* HAVE_DAG_STREAMS_API */
 	void	*dag_mem_base;	/* DAG card memory base address */
-	u_int	dag_mem_bottom;	/* DAG card current memory bottom pointer */
-	u_int	dag_mem_top;	/* DAG card current memory top pointer */
+	u_int	dag_mem_bottom;	/* DAG card current memory bottom offset */
+	u_int	dag_mem_top;	/* DAG card current memory top offset */
+#endif /* HAVE_DAG_STREAMS_API */
 	int	dag_fcs_bits;	/* Number of checksum bits from link layer */
 	int	dag_offset_flags; /* Flags to pass to dag_offset(). */
-#endif
+	int	dag_stream;	/* DAG stream number */
+	int	dag_timeout;	/* timeout specified to pcap_open_live.
+				 * Same as in linux above, introduce
+				 * generally? */
+#endif /* HAVE_DAG_API */
+#ifdef HAVE_SNF_API
+	snf_handle_t snf_handle; /* opaque device handle */
+	snf_ring_t   snf_ring;   /* opaque device ring handle */
+        int          snf_timeout;
+        int          snf_boardnum;
+#endif /*HAVE_SNF_API*/
+
+#ifdef HAVE_ZEROCOPY_BPF
+       /*
+        * Zero-copy read buffer -- for zero-copy BPF.  'buffer' above will
+        * alternative between these two actual mmap'd buffers as required.
+        * As there is a header on the front size of the mmap'd buffer, only
+        * some of the buffer is exposed to libpcap as a whole via bufsize;
+        * zbufsize is the true size.  zbuffer tracks the current zbuf
+        * assocated with buffer so that it can be used to decide which the
+        * next buffer to read will be.
+        */
+       u_char *zbuf1, *zbuf2, *zbuffer;
+       u_int zbufsize;
+       u_int zerocopy;
+       u_int interrupted;
+       struct timespec firstsel;
+       /*
+        * If there's currently a buffer being actively processed, then it is
+        * referenced here; 'buffer' is also pointed at it, but offset by the
+        * size of the header.
+        */
+       struct bpf_zbuf_header *bzh;
+#endif /* HAVE_ZEROCOPY_BPF */
+};
+
+/*
+ * Stuff to do when we close.
+ */
+#define MUST_CLEAR_PROMISC	0x00000001	/* clear promiscuous mode */
+#define MUST_CLEAR_RFMON	0x00000002	/* clear rfmon (monitor) mode */
+#define MUST_DELETE_MONIF	0x00000004	/* delete monitor-mode interface */
+
+struct pcap_opt {
+	int	buffer_size;
+	char	*source;
+	int	promisc;
+	int	rfmon;
+	int	tstamp_type;
 };

 /*
 * Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
- * Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
+ * Tru64 UNIX, and some versions of NetBSD pad FDDI packets to make everything
+ * line up on a nice boundary.
 */
+#ifdef __NetBSD__
+#include <sys/param.h>	/* needed to declare __NetBSD_Version__ */
+#endif
+
 #if defined(ultrix) || defined(__osf__) || (defined(__NetBSD__) && __NetBSD_Version__ > 106000000)
 #define       PCAP_FDDIPAD 3
 #endif

+typedef int	(*activate_op_t)(pcap_t *);
+typedef int	(*can_set_rfmon_op_t)(pcap_t *);
+typedef int	(*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *);
+typedef int	(*inject_op_t)(pcap_t *, const void *, size_t);
+typedef int	(*setfilter_op_t)(pcap_t *, struct bpf_program *);
+typedef int	(*setdirection_op_t)(pcap_t *, pcap_direction_t);
+typedef int	(*set_datalink_op_t)(pcap_t *, int);
+typedef int	(*getnonblock_op_t)(pcap_t *, char *);
+typedef int	(*setnonblock_op_t)(pcap_t *, int, char *);
+typedef int	(*stats_op_t)(pcap_t *, struct pcap_stat *);
+#ifdef WIN32
+typedef int	(*setbuff_op_t)(pcap_t *, int);
+typedef int	(*setmode_op_t)(pcap_t *, int);
+typedef int	(*setmintocopy_op_t)(pcap_t *, int);
+#endif
+typedef void	(*cleanup_op_t)(pcap_t *);
+
 struct pcap {
 #ifdef WIN32
 	ADAPTER *adapter;
 	LPPACKET Packet;
-	int timeout;
 	int nonblock;
 #else
 	int fd;
 	int selectable_fd;
 	int send_fd;
 #endif /* WIN32 */
+
+#ifdef HAVE_LIBDLPI
+	dlpi_handle_t dlpi_hd;
+#endif
 	int snapshot;
-	int linktype;
+	int linktype;		/* Network linktype */
+	int linktype_ext;       /* Extended information stored in the linktype field of a file */
 	int tzoff;		/* timezone offset */
 	int offset;		/* offset for proper alignment */
+	int activated;		/* true if the capture is really started */
+	int oldstyle;		/* if we're opening with pcap_open_live() */

 	int break_loop;		/* flag set to force break from packet-reading loop */

@ -130,12 +271,12 @@ struct pcap {
 #endif

 #ifdef MSDOS
-        int inter_packet_wait;   /* offline: wait between packets */
        void (*wait_proc)(void); /*          call proc while waiting */
 #endif

 	struct pcap_sf sf;
 	struct pcap_md md;
+	struct pcap_opt opt;

 	/*
 	 * Read buffer.
@ -150,17 +291,38 @@ struct pcap {
 	 */
 	u_char *pkt;

+	/* We're accepting only packets in this direction/these directions. */
+	pcap_direction_t direction;
+
 	/*
 	 * Methods.
 	 */
-	int	(*read_op)(pcap_t *, int cnt, pcap_handler, u_char *);
-	int	(*inject_op)(pcap_t *, const void *, size_t);
-	int	(*setfilter_op)(pcap_t *, struct bpf_program *);
-	int	(*set_datalink_op)(pcap_t *, int);
-	int	(*getnonblock_op)(pcap_t *, char *);
-	int	(*setnonblock_op)(pcap_t *, int, char *);
-	int	(*stats_op)(pcap_t *, struct pcap_stat *);
-	void	(*close_op)(pcap_t *);
+	activate_op_t activate_op;
+	can_set_rfmon_op_t can_set_rfmon_op;
+	read_op_t read_op;
+	inject_op_t inject_op;
+	setfilter_op_t setfilter_op;
+	setdirection_op_t setdirection_op;
+	set_datalink_op_t set_datalink_op;
+	getnonblock_op_t getnonblock_op;
+	setnonblock_op_t setnonblock_op;
+	stats_op_t stats_op;
+
+	/*
+	 * Routine to use as callback for pcap_next()/pcap_next_ex().
+	 */
+	pcap_handler oneshot_callback;
+
+#ifdef WIN32
+	/*
+	 * These are, at least currently, specific to the Win32 NPF
+	 * driver.
+	 */
+	setbuff_op_t setbuff_op;
+	setmode_op_t setmode_op;
+	setmintocopy_op_t setmintocopy_op;
+#endif
+	cleanup_op_t cleanup_op;

 	/*
 	 * Placeholder for filter code if bpf not in kernel.
@ -170,14 +332,20 @@ struct pcap {
 	char errbuf[PCAP_ERRBUF_SIZE + 1];
 	int dlt_count;
 	u_int *dlt_list;
+	int tstamp_type_count;
+	u_int *tstamp_type_list;

 	struct pcap_pkthdr pcap_header;	/* This is needed for the pcap_next_ex() to work */
 };

 /*
- * This is a timeval as stored in disk in a dumpfile.
+ * This is a timeval as stored in a savefile.
 * It has to use the same types everywhere, independent of the actual
- * `struct timeval'
+ * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some
+ * platforms and 64-bit tv_sec values on other platforms, and writing
+ * out native `struct timeval' values would mean files could only be
+ * read on systems with the same tv_sec size as the system on which
+ * the file was written.
 */

 struct pcap_timeval {
@ -186,7 +354,7 @@ struct pcap_timeval {
 };

 /*
- * How a `pcap_pkthdr' is actually stored in the dumpfile.
+ * This is a `pcap_pkthdr' as actually stored in a savefile.
 *
 * Do not change the format of this structure, in any way (this includes
 * changes that only affect the length of fields in this structure),
@ -195,8 +363,8 @@ struct pcap_timeval {
 *
 *	introduce a new structure for the new format;
 *
- *	send mail to "tcpdump-workers@tcpdump.org", requesting a new
- *	magic number for your new capture file format, and, when
+ *	send mail to "tcpdump-workers@lists.tcpdump.org", requesting
+ *	a new magic number for your new capture file format, and, when
 *	you get the new magic number, put it in "savefile.c";
 *
 *	use that magic number for save files with the changed record
@ -206,9 +374,12 @@ struct pcap_timeval {
 *	the old record header as well as files with the new record header
 *	(using the magic number to determine the header format).
 *
- * Then supply the changes to "patches@tcpdump.org", so that future
- * versions of libpcap and programs that use it (such as tcpdump) will
- * be able to read your new capture file format.
+ * Then supply the changes as a patch at
+ *
+ *	http://sourceforge.net/projects/libpcap/
+ *
+ * so that future versions of libpcap and programs that use it (such as
+ * tcpdump) will be able to read your new capture file format.
 */

 struct pcap_sf_pkthdr {
@ -218,7 +389,7 @@ struct pcap_sf_pkthdr {
 };

 /*
- * How a `pcap_pkthdr' is actually stored in dumpfiles written
+ * How a `pcap_pkthdr' is actually stored in savefiles written
 * by some patched versions of libpcap (e.g. the ones in Red
 * Hat Linux 6.1 and 6.2).
 *
@ -236,6 +407,16 @@ struct pcap_sf_patched_pkthdr {
    unsigned char pkt_type;
 };

+/*
+ * User data structure for the one-shot callback used for pcap_next()
+ * and pcap_next_ex().
+ */
+struct oneshot_userdata {
+	struct pcap_pkthdr *hdr;
+	const u_char **pkt;
+	pcap_t *pd;
+};
+
 int	yylex(void);

 #ifndef min
@ -273,7 +454,13 @@ int	pcap_getnonblock_fd(pcap_t *, char *);
 int	pcap_setnonblock_fd(pcap_t *p, int, char *);
 #endif

-void	pcap_close_common(pcap_t *);
+pcap_t	*pcap_create_common(const char *, char *);
+int	pcap_do_addexit(pcap_t *);
+void	pcap_add_to_pcaps_to_close(pcap_t *);
+void	pcap_remove_from_pcaps_to_close(pcap_t *);
+void	pcap_cleanup_live_common(pcap_t *);
+int	pcap_not_initialized(pcap_t *);
+int	pcap_check_activated(pcap_t *);

 /*
 * Internal interfaces for "pcap_findalldevs()".
--- a/pcap-libdlpi.c
+++ b/pcap-libdlpi.c
@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 1993, 1994, 1995, 1996, 1997
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code distributions
+ * retain the above copyright notice and this paragraph in its entirety, (2)
+ * distributions including binary code include the above copyright notice and
+ * this paragraph in its entirety in the documentation or other materials
+ * provided with the distribution, and (3) all advertising materials mentioning
+ * features or use of this software display the following acknowledgement:
+ * ``This product includes software developed by the University of California,
+ * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+ * the University nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * This code contributed by Sagun Shakya (sagun.shakya@sun.com)
+ */
+/*
+ * Packet capture routines for DLPI using libdlpi under SunOS 5.11.
+ */
+
+#ifndef lint
+static const char rcsid[] _U_ =
+	"@(#) $Header: /tcpdump/master/libpcap/pcap-libdlpi.c,v 1.6 2008-04-14 20:40:58 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/bufmod.h>
+#include <sys/stream.h>
+#include <libdlpi.h>
+#include <errno.h>
+#include <memory.h>
+#include <stropts.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pcap-int.h"
+#include "dlpisubs.h"
+
+/* Forwards. */
+static int dlpromiscon(pcap_t *, bpf_u_int32);
+static int pcap_read_libdlpi(pcap_t *, int, pcap_handler, u_char *);
+static int pcap_inject_libdlpi(pcap_t *, const void *, size_t);
+static void pcap_close_libdlpi(pcap_t *);
+static void pcap_libdlpi_err(const char *, const char *, int, char *);
+static void pcap_cleanup_libdlpi(pcap_t *);
+
+/*
+ * list_interfaces() will list all the network links that are
+ * available on a system.
+ */
+static boolean_t list_interfaces(const char *, void *);
+
+typedef struct linknamelist {
+	char	linkname[DLPI_LINKNAME_MAX];
+	struct linknamelist *lnl_next;
+} linknamelist_t;
+
+typedef struct linkwalk {
+	linknamelist_t	*lw_list;
+	int		lw_err;
+} linkwalk_t;
+
+/*
+ * The caller of this function should free the memory allocated
+ * for each linknamelist_t "entry" allocated.
+ */
+static boolean_t
+list_interfaces(const char *linkname, void *arg)
+{
+	linkwalk_t	*lwp = arg;
+	linknamelist_t	*entry;
+
+	if ((entry = calloc(1, sizeof(linknamelist_t))) == NULL) {
+		lwp->lw_err = ENOMEM;
+		return (B_TRUE);
+	}
+	(void) strlcpy(entry->linkname, linkname, DLPI_LINKNAME_MAX);
+
+	if (lwp->lw_list == NULL) {
+		lwp->lw_list = entry;
+	} else {
+		entry->lnl_next = lwp->lw_list;
+		lwp->lw_list = entry;
+	}
+
+	return (B_FALSE);
+}
+
+static int
+pcap_activate_libdlpi(pcap_t *p)
+{
+	int retv;
+	dlpi_handle_t dh;
+	dlpi_info_t dlinfo;
+	int err = PCAP_ERROR;
+
+	/*
+	 * Enable Solaris raw and passive DLPI extensions;
+	 * dlpi_open() will not fail if the underlying link does not support
+	 * passive mode. See dlpi(7P) for details.
+	 */
+	retv = dlpi_open(p->opt.source, &dh, DLPI_RAW|DLPI_PASSIVE);
+	if (retv != DLPI_SUCCESS) {
+		if (retv == DLPI_ELINKNAMEINVAL || retv == DLPI_ENOLINK)
+			err = PCAP_ERROR_NO_SUCH_DEVICE;
+		else if (retv == DL_SYSERR &&
+		    (errno == EPERM || errno == EACCES))
+			err = PCAP_ERROR_PERM_DENIED;
+		pcap_libdlpi_err(p->opt.source, "dlpi_open", retv,
+		    p->errbuf);
+		return (err);
+	}
+	p->dlpi_hd = dh;
+
+	if (p->opt.rfmon) {
+		/*
+		 * This device exists, but we don't support monitor mode
+		 * any platforms that support DLPI.
+		 */
+		err = PCAP_ERROR_RFMON_NOTSUP;
+		goto bad;
+	}
+
+	/* Bind with DLPI_ANY_SAP. */
+	if ((retv = dlpi_bind(p->dlpi_hd, DLPI_ANY_SAP, 0)) != DLPI_SUCCESS) {
+		pcap_libdlpi_err(p->opt.source, "dlpi_bind", retv, p->errbuf);
+		goto bad;
+	}
+
+	/* Enable promiscuous mode. */
+	if (p->opt.promisc) {
+		err = dlpromiscon(p, DL_PROMISC_PHYS);
+		if (err < 0) {
+			/*
+			 * "You don't have permission to capture on
+			 * this device" and "you don't have permission
+			 * to capture in promiscuous mode on this
+			 * device" are different; let the user know,
+			 * so if they can't get permission to
+			 * capture in promiscuous mode, they can at
+			 * least try to capture in non-promiscuous
+			 * mode.
+			 *
+			 * XXX - you might have to capture in
+			 * promiscuous mode to see outgoing packets.
+			 */
+			if (err == PCAP_ERROR_PERM_DENIED)
+				err = PCAP_ERROR_PROMISC_PERM_DENIED;
+			goto bad;
+		}
+	} else {
+		/* Try to enable multicast. */
+		err = dlpromiscon(p, DL_PROMISC_MULTI);
+		if (err < 0)
+			goto bad;
+	}
+
+	/* Try to enable SAP promiscuity. */
+	err = dlpromiscon(p, DL_PROMISC_SAP);
+	if (err < 0) {
+		/*
+		 * Not fatal, since the DL_PROMISC_PHYS mode worked.
+		 * Report it as a warning, however.
+		 */
+		if (p->opt.promisc)
+			err = PCAP_WARNING;
+		else
+			goto bad;
+	}
+
+	/* Determine link type.  */
+	if ((retv = dlpi_info(p->dlpi_hd, &dlinfo, 0)) != DLPI_SUCCESS) {
+		pcap_libdlpi_err(p->opt.source, "dlpi_info", retv, p->errbuf);
+		goto bad;
+	}
+
+	if (pcap_process_mactype(p, dlinfo.di_mactype) != 0)
+		goto bad;
+
+	p->fd = dlpi_fd(p->dlpi_hd);
+
+	/* Push and configure bufmod. */
+	if (pcap_conf_bufmod(p, p->snapshot, p->md.timeout) != 0)
+		goto bad;
+
+	/*
+	 * Flush the read side.
+	 */
+	if (ioctl(p->fd, I_FLUSH, FLUSHR) != 0) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "FLUSHR: %s",
+		    pcap_strerror(errno));
+		goto bad;
+	}
+
+	/* Allocate data buffer. */
+	if (pcap_alloc_databuf(p) != 0)
+		goto bad;
+
+	/*
+	 * "p->fd" is a FD for a STREAMS device, so "select()" and
+	 * "poll()" should work on it.
+	 */
+	p->selectable_fd = p->fd;
+
+	p->read_op = pcap_read_libdlpi;
+	p->inject_op = pcap_inject_libdlpi;
+	p->setfilter_op = install_bpf_program;	/* No kernel filtering */
+	p->setdirection_op = NULL;	/* Not implemented */
+	p->set_datalink_op = NULL;	/* Can't change data link type */
+	p->getnonblock_op = pcap_getnonblock_fd;
+	p->setnonblock_op = pcap_setnonblock_fd;
+	p->stats_op = pcap_stats_dlpi;
+	p->cleanup_op = pcap_cleanup_libdlpi;
+
+	return (0);
+bad:
+	pcap_cleanup_libdlpi(p);
+	return (err);
+}
+
+#define STRINGIFY(n)	#n
+
+static int
+dlpromiscon(pcap_t *p, bpf_u_int32 level)
+{
+	int err;
+
+	retv = dlpi_promiscon(p->hd, level);
+	if (retv != DLPI_SUCCESS) {
+		if (retv == DL_SYSERR &&
+		    (errno == EPERM || errno == EACCES))
+			err = PCAP_ERROR_PERM_DENIED;
+		else
+			err = PCAP_ERROR;
+		pcap_libdlpi_err(p->opt.source, "dlpi_promiscon" STRINGIFY(level),
+		    retv, p->errbuf);
+		return (err);
+	}
+	return (0);
+}
+
+/*
+ * In Solaris, the "standard" mechanism" i.e SIOCGLIFCONF will only find
+ * network links that are plumbed and are up. dlpi_walk(3DLPI) will find
+ * additional network links present in the system.
+ */
+int
+pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
+{
+	int retv = 0;
+
+	linknamelist_t	*entry, *next;
+	linkwalk_t	lw = {NULL, 0};
+	int 		save_errno;
+
+	/* dlpi_walk() for loopback will be added here. */
+
+	dlpi_walk(list_interfaces, &lw, 0);
+
+	if (lw.lw_err != 0) {
+		snprintf(errbuf, PCAP_ERRBUF_SIZE,
+		    "dlpi_walk: %s", pcap_strerror(lw.lw_err));
+		retv = -1;
+		goto done;
+	}
+
+	/* Add linkname if it does not exist on the list. */
+	for (entry = lw.lw_list; entry != NULL; entry = entry->lnl_next) {
+		if (pcap_add_if(alldevsp, entry->linkname, 0, NULL, errbuf) < 0)
+			retv = -1;
+	}
+done:
+	save_errno = errno;
+	for (entry = lw.lw_list; entry != NULL; entry = next) {
+		next = entry->lnl_next;
+		free(entry);
+	}
+	errno = save_errno;
+
+	return (retv);
+}
+
+/*
+ * Read data received on DLPI handle. Returns -2 if told to terminate, else
+ * returns the number of packets read.
+ */
+static int
+pcap_read_libdlpi(pcap_t *p, int count, pcap_handler callback, u_char *user)
+{
+	int len;
+	u_char *bufp;
+	size_t msglen;
+	int retv;
+
+	len = p->cc;
+	if (len != 0) {
+		bufp = p->bp;
+		goto process_pkts;
+	}
+	do {
+		/* Has "pcap_breakloop()" been called? */
+		if (p->break_loop) {
+			/*
+			 * Yes - clear the flag that indicates that it has,
+			 * and return -2 to indicate that we were told to
+			 * break out of the loop.
+			 */
+			p->break_loop = 0;
+			return (-2);
+		}
+
+		msglen = p->bufsize;
+		bufp = p->buffer + p->offset;
+
+		retv = dlpi_recv(p->dlpi_hd, NULL, NULL, bufp,
+		    &msglen, -1, NULL);
+		if (retv != DLPI_SUCCESS) {
+			/*
+			 * This is most likely a call to terminate out of the
+			 * loop. So, do not return an error message, instead
+			 * check if "pcap_breakloop()" has been called above.
+			 */
+			if (retv == DL_SYSERR && errno == EINTR) {
+				len = 0;
+				continue;
+			}
+			pcap_libdlpi_err(dlpi_linkname(p->dlpi_hd),
+			    "dlpi_recv", retv, p->errbuf);
+			return (-1);
+		}
+		len = msglen;
+	} while (len == 0);
+
+process_pkts:
+	return (pcap_process_pkts(p, callback, user, count, bufp, len));
+}
+
+static int
+pcap_inject_libdlpi(pcap_t *p, const void *buf, size_t size)
+{
+	int retv;
+
+	retv = dlpi_send(p->dlpi_hd, NULL, 0, buf, size, NULL);
+	if (retv != DLPI_SUCCESS) {
+		pcap_libdlpi_err(dlpi_linkname(p->dlpi_hd), "dlpi_send", retv,
+		    p->errbuf);
+		return (-1);
+	}
+	/*
+	 * dlpi_send(3DLPI) does not provide a way to return the number of
+	 * bytes sent on the wire. Based on the fact that DLPI_SUCCESS was
+	 * returned we are assuming 'size' bytes were sent.
+	 */
+	return (size);
+}
+
+/*
+ * Close dlpi handle.
+ */
+static void
+pcap_cleanup_libdlpi(pcap_t *p)
+{
+	if (p->dlpi_hd != NULL) {
+		dlpi_close(p->dlpi_hd);
+		p->dlpi_hd = NULL;
+		p->fd = -1;
+	}
+	pcap_cleanup_live_common(p);
+}
+
+/*
+ * Write error message to buffer.
+ */
+static void
+pcap_libdlpi_err(const char *linkname, const char *func, int err, char *errbuf)
+{
+	snprintf(errbuf, PCAP_ERRBUF_SIZE, "libpcap: %s failed on %s: %s",
+	    func, linkname, dlpi_strerror(err));
+}
+
+pcap_t *
+pcap_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_libdlpi;
+	return (p);
+}
--- a/pcap-linktype.manmisc.in
+++ b/pcap-linktype.manmisc.in
@ -0,0 +1,284 @@
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap-linktype.manmisc.in,v 1.3 2008-10-27 22:52:30 guy Exp $
+.\"
+.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
+.\"	The Regents of the University of California.  All rights reserved.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that: (1) source code distributions
+.\" retain the above copyright notice and this paragraph in its entirety, (2)
+.\" distributions including binary code include the above copyright notice and
+.\" this paragraph in its entirety in the documentation or other materials
+.\" provided with the distribution, and (3) all advertising materials mentioning
+.\" features or use of this software display the following acknowledgement:
+.\" ``This product includes software developed by the University of California,
+.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+.\" the University nor the names of its contributors may be used to endorse
+.\" or promote products derived from this software without specific prior
+.\" written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.TH PCAP-LINKTYPE @MAN_MISC_INFO@ "23 October 2008"
+.SH NAME
+pcap-linktype \- link-layer header types supported by libpcap
+.SH DESCRIPTION
+For a live capture or ``savefile'', libpcap supplies, as the return
+value of the
+.BR pcap_datalink (3PCAP)
+routine, a value that indicates the type of link-layer header at the
+beginning of the packets it provides.  This is not necessarily the type
+of link-layer header that the packets being captured have on the network
+from which they're being captured; for example, packets from an IEEE
+802.11 network might be provided by libpcap with Ethernet headers that
+the network adapter or the network adapter driver generates from the
+802.11 headers.  The names for those values begin with
+.BR DLT_ ,
+so they are sometimes called "DLT_ values".
+.PP
+The values stored in the link-layer header type field in the savefile
+header are, in most but not all cases, the same as the values returned
+by
+.BR pcap_datalink() .
+The names for those values begin with
+.BR LINKTYPE_ .
+.PP
+The link-layer header types supported by libpcap are listed here.  The
+value corresponding to
+.B LINKTYPE_
+names are given; the value corresponding to
+.B DLT_
+values are, in some cases, platform dependent, and are not given;
+applications should check for particular
+.B DLT_
+values by name.
+.RS 5
+.TP 5
+.BR DLT_NULL "; " LINKTYPE_NULL = 0
+BSD loopback encapsulation; the link-layer header is a 4-byte field, in
+.I host
+byte order, containing a PF_ value from
+.B socket.h
+for the network-layer protocol of the packet.
+.IP
+Note that ``host byte order'' is the byte order of the machine on which
+the packets are captured, and the PF_ values are for the OS of the
+machine on which the packets are captured; if a live capture is being
+done, ``host byte order'' is the byte order of the machine capturing the
+packets, and the PF_ values are those of the OS of the machine capturing
+the packets, but if a ``savefile'' is being read, the byte order and PF_
+values are
+.I not
+necessarily those of the machine reading the capture file.
+.TP 5
+.BR DLT_EN10MB "; " LINKTYPE_ETHERNET = 1
+Ethernet (10Mb, 100Mb, 1000Mb, and up); the
+.B 10MB
+in the
+.B DLT_
+name is historical.
+.TP 5
+.BR DLT_IEEE802 "; " LINKTYPE_TOKEN_RING = 6
+IEEE 802.5 Token Ring; the
+.B IEEE802
+in the
+.B DLT_
+name is historical.
+.TP 5
+.BR DLT_ARCNET "; " LINKTYPE_ARCNET = 7
+ARCNET
+.TP 5
+.BR DLT_SLIP "; " LINKTYPE_SLIP = 8
+SLIP; the link-layer header contains, in order:
+.RS 10
+.LP
+a 1-byte flag, which is 0 for packets received by the machine and 1 for
+packets sent by the machine;
+.LP
+a 1-byte field, the upper 4 bits of which indicate the type of packet,
+as per RFC 1144:
+.RS 5
+.TP 5
+0x40
+an unmodified IP datagram (TYPE_IP);
+.TP 5
+0x70
+an uncompressed-TCP IP datagram (UNCOMPRESSED_TCP), with that byte being
+the first byte of the raw IP header on the wire, containing the
+connection number in the protocol field;
+.TP 5
+0x80
+a compressed-TCP IP datagram (COMPRESSED_TCP), with that byte being the
+first byte of the compressed TCP/IP datagram header;
+.RE
+.LP
+for UNCOMPRESSED_TCP, the rest of the modified IP header, and for
+COMPRESSED_TCP, the compressed TCP/IP datagram header;
+.RE
+.RS 5
+.LP
+for a total of 16 bytes; the uncompressed IP datagram follows the header.
+.RE
+.TP 5
+.BR DLT_PPP "; " LINKTYPE_PPP = 9
+PPP; if the first 2 bytes are 0xff and 0x03, it's PPP in HDLC-like
+framing, with the PPP header following those two bytes, otherwise it's
+PPP without framing, and the packet begins with the PPP header.
+.TP 5
+.BR DLT_FDDI "; " LINKTYPE_FDDI = 10
+FDDI
+.TP 5
+.BR DLT_ATM_RFC1483 "; " LINKTYPE_ATM_RFC1483 = 100
+RFC 1483 LLC/SNAP-encapsulated ATM; the packet begins with an IEEE 802.2
+LLC header.
+.TP 5
+.BR DLT_RAW "; " LINKTYPE_RAW = 101
+raw IP; the packet begins with an IP header.
+.TP 5
+.BR DLT_PPP_SERIAL "; " LINKTYPE_PPP_HDLC = 50
+PPP in HDLC-like framing, as per RFC 1662, or Cisco PPP with HDLC
+framing, as per section 4.3.1 of RFC 1547; the first byte will be 0xFF
+for PPP in HDLC-like framing, and will be 0x0F or 0x8F for Cisco PPP
+with HDLC framing.
+.TP 5
+.BR DLT_PPP_ETHER "; " LINKTYPE_PPP_ETHER = 51
+PPPoE; the packet begins with a PPPoE header, as per RFC 2516.
+.TP 5
+.BR DLT_C_HDLC "; " LINKTYPE_C_HDLC = 104
+Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547.
+.TP 5
+.BR DLT_IEEE802_11 "; " LINKTYPE_IEEE802_11 = 105
+IEEE 802.11 wireless LAN
+.TP 5
+.BR DLT_FRELAY "; " LINKTYPE_FRELAY = 107
+Frame Relay
+.TP 5
+.BR DLT_LOOP "; " LINKTYPE_LOOP = 108
+OpenBSD loopback encapsulation; the link-layer header is a 4-byte field, in
+.I network
+byte order, containing a PF_ value from OpenBSD's
+.B socket.h
+for the network-layer protocol of the packet.
+.IP
+Note that, if a ``savefile'' is being read, those PF_ values are
+.I not
+necessarily those of the machine reading the capture file.
+.TP 5
+.BR DLT_LINUX_SLL "; " LINKTYPE_LINUX_SLL = 113
+Linux "cooked" capture encapsulation; the link-layer header contains, in
+order:
+.RS 10
+.LP
+a 2-byte "packet type", in network byte order, which is one of:
+.RS 5
+.TP 5
+0
+packet was sent to us by somebody else
+.TP 5
+1
+packet was broadcast by somebody else
+.TP 5
+2
+packet was multicast, but not broadcast, by somebody else
+.TP 5
+3
+packet was sent by somebody else to somebody else
+.TP 5
+4
+packet was sent by us
+.RE
+.LP
+a 2-byte field, in network byte order, containing a Linux ARPHRD_ value
+for the link-layer device type;
+.LP
+a 2-byte field, in network byte order, containing the length of the
+link-layer address of the sender of the packet (which could be 0);
+.LP
+an 8-byte field containing that number of bytes of the link-layer
+address of the sender (if there are more than 8 bytes, only the first
+8 are present, and if there are fewer than 8 bytes, there are padding
+bytes after the address to pad the field to 8 bytes);
+.LP
+a 2-byte field containing an Ethernet protocol type, in network byte
+order, or containing 1 for Novell 802.3 frames without an 802.2 LLC
+header or 4 for frames beginning with an 802.2 LLC header.
+.RE
+.TP 5
+.BR DLT_LTALK "; " LINKTYPE_LTALK = 104
+Apple LocalTalk; the packet begins with an AppleTalk LLAP header.
+.TP 5
+.BR DLT_PFLOG "; " LINKTYPE_PFLOG = 117
+OpenBSD pflog; the link-layer header contains a
+.B "struct pfloghdr"
+structure, as defined by the host on which the file was saved.  (This
+differs from operating system to operating system and release to
+release; there is nothing in the file to indicate what the layout of
+that structure is.)
+.TP 5
+.BR DLT_PRISM_HEADER "; " LINKTYPE_PRISM_HEADER = 119
+Prism monitor mode information followed by an 802.11 header.
+.TP 5
+.BR DLT_IP_OVER_FC "; " LINKTYPE_IP_OVER_FC = 122
+RFC 2625 IP-over-Fibre Channel, with the link-layer header being the
+Network_Header as described in that RFC.
+.TP 5
+.BR DLT_SUNATM "; " LINKTYPE_SUNATM = 123
+SunATM devices; the link-layer header contains, in order:
+.RS 10
+.LP
+a 1-byte flag field, containing a direction flag in the uppermost bit,
+which is set for packets transmitted by the machine and clear for
+packets received by the machine, and a 4-byte traffic type in the
+low-order 4 bits, which is one of:
+.RS 5
+.TP 5
+0
+raw traffic
+.TP 5
+1
+LANE traffic
+.TP 5
+2
+LLC-encapsulated traffic
+.TP 5
+3
+MARS traffic
+.TP 5
+4
+IFMP traffic
+.TP 5
+5
+ILMI traffic
+.TP 5
+6
+Q.2931 traffic
+.RE
+.LP
+a 1-byte VPI value;
+.LP
+a 2-byte VCI field, in network byte order.
+.RE
+.TP 5
+.BR DLT_IEEE802_11_RADIO "; " LINKTYPE_IEEE802_11_RADIO = 127
+link-layer information followed by an 802.11 header - see
+http://www.shaftnet.org/~pizza/software/capturefrm.txt for a description
+of the link-layer information.
+.TP 5
+.BR DLT_ARCNET_LINUX "; " LINKTYPE_ARCNET_LINUX = 129
+ARCNET, with no exception frames, reassembled packets rather than raw
+frames, and an extra 16-bit offset field between the destination host
+and type bytes.
+.TP 5
+.BR DLT_LINUX_IRDA "; " LINKTYPE_LINUX_IRDA = 144
+Linux-IrDA packets, with a
+.B DLT_LINUX_SLL
+header followed by the IrLAP header.
+.TP 5
+.BR DLT_LINUX_LAPD "; " LINKTYPE_LINUX_LAPD = 177
+LAPD (Q.921) frames, with a
+.B DLT_LINUX_SLL
+header captured via vISDN.
+.RE
+.SH SEE ALSO
+pcap_datalink(3PCAP)
--- a/pcap-linux.c
+++ b/pcap-linux.c
--- a/pcap-namedb.h
+++ b/pcap-namedb.h
@ -30,59 +30,13 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.10 2005-03-17 07:02:32 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.13 2006-10-04 18:13:32 guy Exp $ (LBL)
 */

-#ifndef lib_pcap_namedb_h
-#define lib_pcap_namedb_h
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 /*
- * As returned by the pcap_next_etherent()
- * XXX this stuff doesn't belong in this interface, but this
- * library already must do name to address translation, so
- * on systems that don't have support for /etc/ethers, we
- * export these hooks since they'll
+ * For backwards compatibility.
+ *
+ * Note to OS vendors: do NOT get rid of this file!  Some applications
+ * might expect to be able to include <pcap-namedb.h>.
 */
-struct pcap_etherent {
-	u_char addr[6];
-	char name[122];
-};
-#ifndef PCAP_ETHERS_FILE
-#define PCAP_ETHERS_FILE "/etc/ethers"
-#endif
-struct	pcap_etherent *pcap_next_etherent(FILE *);
-u_char *pcap_ether_hostton(const char*);
-u_char *pcap_ether_aton(const char *);
-
-bpf_u_int32 **pcap_nametoaddr(const char *);
-#ifdef INET6
-struct addrinfo *pcap_nametoaddrinfo(const char *);
-#endif
-bpf_u_int32 pcap_nametonetaddr(const char *);
-
-int	pcap_nametoport(const char *, int *, int *);
-int	pcap_nametoproto(const char *);
-int	pcap_nametoeproto(const char *);
-int	pcap_nametollc(const char *);
-/*
- * If a protocol is unknown, PROTO_UNDEF is returned.
- * Also, pcap_nametoport() returns the protocol along with the port number.
- * If there are ambiguous entried in /etc/services (i.e. domain
- * can be either tcp or udp) PROTO_UNDEF is returned.
- */
-#define PROTO_UNDEF		-1
-
-/* XXX move these to pcap-int.h? */
-int __pcap_atodn(const char *, bpf_u_int32 *);
-int __pcap_atoin(const char *, bpf_u_int32 *);
-u_short	__pcap_nametodnaddr(const char *);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+#include <pcap/namedb.h>
--- a/pcap-nit.c
+++ b/pcap-nit.c
@ -20,7 +20,7 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.57 2004-10-19 07:06:13 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.62 2008-04-14 20:40:58 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -99,7 +99,6 @@ static int
 pcap_read_nit(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 {
 	register int cc, n;
-	register struct bpf_insn *fcode = p->fcode.bf_insns;
 	register u_char *bp, *cp, *ep;
 	register struct nit_hdr *nh;
 	register int caplen;
@ -175,13 +174,13 @@ pcap_read_nit(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 		caplen = nh->nh_wirelen;
 		if (caplen > p->snapshot)
 			caplen = p->snapshot;
-		if (bpf_filter(fcode, cp, nh->nh_wirelen, caplen)) {
+		if (bpf_filter(p->fcode.bf_insns, cp, nh->nh_wirelen, caplen)) {
 			struct pcap_pkthdr h;
 			h.ts = nh->nh_timestamp;
 			h.len = nh->nh_wirelen;
 			h.caplen = caplen;
 			(*callback)(user, &h, cp);
-			if (++n >= cnt && cnt >= 0) {
+			if (++n >= cnt && cnt > 0) {
 				p->cc = ep - bp;
 				p->bp = bp;
 				return (n);
@ -238,51 +237,43 @@ nit_setflags(int fd, int promisc, int to_ms, char *ebuf)
 	return (0);
 }

-static void
-pcap_close_nit(pcap_t *p)
-{
-	pcap_close_common(p);
-	if (p->device != NULL)
-		free(p->device);
-}
-
-pcap_t *
-pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
-    char *ebuf)
+static int
+pcap_activate_nit(pcap_t *p)
 {
 	int fd;
 	struct sockaddr_nit snit;
-	register pcap_t *p;

-	p = (pcap_t *)malloc(sizeof(*p));
-	if (p == NULL) {
-		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
-		return (NULL);
+	if (p->opt.rfmon) {
+		/*
+		 * No monitor mode on SunOS 3.x or earlier (no
+		 * Wi-Fi *devices* for the hardware that supported
+		 * them!).
+		 */
+		return (PCAP_ERROR_RFMON_NOTSUP);
 	}

-	if (snaplen < 96)
+	if (p->snapshot < 96)
 		/*
 		 * NIT requires a snapshot length of at least 96.
 		 */
-		snaplen = 96;
+		p->snapshot = 96;

 	memset(p, 0, sizeof(*p));
 	p->fd = fd = socket(AF_NIT, SOCK_RAW, NITPROTO_RAW);
 	if (fd < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE,
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
 		    "socket: %s", pcap_strerror(errno));
 		goto bad;
 	}
 	snit.snit_family = AF_NIT;
-	(void)strncpy(snit.snit_ifname, device, NITIFSIZ);
+	(void)strncpy(snit.snit_ifname, p->opt.source, NITIFSIZ);

 	if (bind(fd, (struct sockaddr *)&snit, sizeof(snit))) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE,
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
 		    "bind: %s: %s", snit.snit_ifname, pcap_strerror(errno));
 		goto bad;
 	}
-	p->snapshot = snaplen;
-	nit_setflags(p->fd, promisc, to_ms, ebuf);
+	nit_setflags(p->fd, p->opt.promisc, p->md.timeout, p->errbuf);

 	/*
 	 * NIT supports only ethernets.
@ -292,17 +283,7 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	p->bufsize = BUFSPACE;
 	p->buffer = (u_char *)malloc(p->bufsize);
 	if (p->buffer == NULL) {
-		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
-		goto bad;
-	}
-
-	/*
-	 * We need the device name in order to send packets.
-	 */
-	p->device = strdup(device);
-	if (p->device == NULL) {
-		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
-		free(p->buffer);
+		strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
 		goto bad;
 	}

@ -334,18 +315,29 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	p->read_op = pcap_read_nit;
 	p->inject_op = pcap_inject_nit;
 	p->setfilter_op = install_bpf_program;	/* no kernel filtering */
+	p->setdirection_op = NULL;	/* Not implemented. */
 	p->set_datalink_op = NULL;	/* can't change data link type */
 	p->getnonblock_op = pcap_getnonblock_fd;
 	p->setnonblock_op = pcap_setnonblock_fd;
 	p->stats_op = pcap_stats_nit;
-	p->close_op = pcap_close_nit;

-	return (p);
+	return (0);
 bad:
-	if (fd >= 0)
-		close(fd);
-	free(p);
-	return (NULL);
+	pcap_cleanup_live_common(p);
+	return (PCAP_ERROR);
+}
+
+pcap_t *
+pcap_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_nit;
+	return (p);
 }

 int
--- a/pcap-nit.h
+++ b/pcap-nit.h
@ -1,19 +0,0 @@
-/*
- * Copyright (c) 1990, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Lawrence Berkeley Laboratory,
- * Berkeley, CA.  The name of the University may not be used to
- * endorse or promote products derived from this software without
- * specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * @(#) $Header: /tcpdump/master/libpcap/Attic/pcap-nit.h,v 1.2 1999-10-07 23:46:40 mcr Exp $ (LBL)
- */
--- a/pcap-null.c
+++ b/pcap-null.c
@ -20,7 +20,7 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-null.c,v 1.21 2003-11-15 23:24:03 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-null.c,v 1.22 2008-04-04 19:37:45 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -40,8 +40,7 @@ static const char rcsid[] _U_ =
 static char nosup[] = "live packet capture not supported on this system";

 pcap_t *
-pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
-    char *ebuf)
+pcap_create(const char *device, char *ebuf)
 {
 	(void)strlcpy(ebuf, nosup, PCAP_ERRBUF_SIZE);
 	return (NULL);
--- a/pcap-pf.c
+++ b/pcap-pf.c
@ -24,7 +24,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.91 2005-02-26 21:58:06 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.97 2008-04-14 20:40:58 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -62,7 +62,7 @@ struct rtentry;
 #include <unistd.h>

 /*
- * Make "pcap.h" not include "pcap-bpf.h"; we are going to include the
+ * Make "pcap.h" not include "pcap/bpf.h"; we are going to include the
 * native OS version, as we need various BPF ioctls from it.
 */
 #define PCAP_DONT_INCLUDE_PCAP_BPF_H
@ -88,7 +88,6 @@ static int
 pcap_read_pf(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
 {
 	register u_char *p, *bp;
-	struct bpf_insn *fcode;
 	register int cc, n, buflen, inc;
 	register struct enstamp *sp;
 #ifdef LBL_ALIGN
@ -98,7 +97,6 @@ pcap_read_pf(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
 	register int pad;
 #endif

-	fcode = pc->md.use_bpf ? NULL : pc->fcode.bf_insns;
 again:
 	cc = pc->cc;
 	if (cc == 0) {
@ -129,7 +127,7 @@ pcap_read_pf(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
 	 */
 	n = 0;
 #ifdef PCAP_FDDIPAD
-	pad = p->fddipad;
+	pad = pc->fddipad;
 #endif
 	while (cc > 0) {
 		/*
@ -187,18 +185,19 @@ pcap_read_pf(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)

 		/*
 		 * Short-circuit evaluation: if using BPF filter
-		 * in kernel, no need to do it now.
+		 * in kernel, no need to do it now - we already know
+		 * the packet passed the filter.
 		 *
 #ifdef PCAP_FDDIPAD
 		 * Note: the filter code was generated assuming
-		 * that p->fddipad was the amount of padding
+		 * that pc->fddipad was the amount of padding
 		 * before the header, as that's what's required
 		 * in the kernel, so we run the filter before
 		 * skipping that padding.
 #endif
 		 */
-		if (fcode == NULL ||
-		    bpf_filter(fcode, p, sp->ens_count, buflen)) {
+		if (pc->md.use_bpf ||
+		    bpf_filter(pc->fcode.bf_insns, p, sp->ens_count, buflen)) {
 			struct pcap_pkthdr h;
 			pc->md.TotAccepted++;
 			h.ts = sp->ens_tstamp;
@ -285,30 +284,21 @@ pcap_stats_pf(pcap_t *p, struct pcap_stat *ps)
 }

 /*
- * We include the OS's <net/bpf.h>, not our "pcap-bpf.h", so we probably
+ * We include the OS's <net/bpf.h>, not our "pcap/bpf.h", so we probably
 * don't get DLT_DOCSIS defined.
 */
 #ifndef DLT_DOCSIS
 #define DLT_DOCSIS	143
 #endif

-pcap_t *
-pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
-    char *ebuf)
+static int
+pcap_activate_pf(pcap_t *p)
 {
-	pcap_t *p;
 	short enmode;
 	int backlog = -1;	/* request the most */
 	struct enfilter Filter;
 	struct endevp devparams;

-	p = (pcap_t *)malloc(sizeof(*p));
-	if (p == NULL) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE,
-		    "pcap_open_live: %s", pcap_strerror(errno));
-		return (0);
-	}
-	memset(p, 0, sizeof(*p));
 	/*
 	 * Initially try a read/write open (to allow the inject
 	 * method to work).  If that fails due to permission
@ -328,21 +318,21 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	 * "const char *" as its first argument.  That appears to be
 	 * the case, at least on Digital UNIX 4.0.
 	 */
-	p->fd = pfopen(device, O_RDWR);
+	p->fd = pfopen(p->opt.source, O_RDWR);
 	if (p->fd == -1 && errno == EACCES)
-		p->fd = pfopen(device, O_RDONLY);
+		p->fd = pfopen(p->opt.source, O_RDONLY);
 	if (p->fd < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "pf open: %s: %s\n\
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "pf open: %s: %s\n\
 your system may not be properly configured; see the packetfilter(4) man page\n",
-			device, pcap_strerror(errno));
+			p->opt.source, pcap_strerror(errno));
 		goto bad;
 	}
 	p->md.OrigMissed = -1;
 	enmode = ENTSTAMP|ENBATCH|ENNONEXCL;
-	if (promisc)
+	if (p->opt.promisc)
 		enmode |= ENPROMISC;
 	if (ioctl(p->fd, EIOCMBIS, (caddr_t)&enmode) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCMBIS: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "EIOCMBIS: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
@ -353,13 +343,13 @@ your system may not be properly configured; see the packetfilter(4) man page\n",
 #endif
 	/* set the backlog */
 	if (ioctl(p->fd, EIOCSETW, (caddr_t)&backlog) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCSETW: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "EIOCSETW: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
 	/* discover interface type */
 	if (ioctl(p->fd, EIOCDEVP, (caddr_t)&devparams) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCDEVP: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "EIOCDEVP: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
@ -441,42 +431,41 @@ your system may not be properly configured; see the packetfilter(4) man page\n",
 		 * framing", there's not much we can do, as that
 		 * doesn't specify a particular type of header.
 		 */
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown data-link type %u",
-		    devparams.end_dev_type);
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+		    "unknown data-link type %u", devparams.end_dev_type);
 		goto bad;
 	}
 	/* set truncation */
 #ifdef PCAP_FDDIPAD
 	if (p->linktype == DLT_FDDI) {
-		p->fddipad = PCAP_FDDIPAD:
+		p->fddipad = PCAP_FDDIPAD;

 		/* packetfilter includes the padding in the snapshot */
-		snaplen += PCAP_FDDIPAD;
+		p->snapshot += PCAP_FDDIPAD;
 	} else
 		p->fddipad = 0;
 #endif
-	if (ioctl(p->fd, EIOCTRUNCATE, (caddr_t)&snaplen) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCTRUNCATE: %s",
+	if (ioctl(p->fd, EIOCTRUNCATE, (caddr_t)&p->snapshot) < 0) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "EIOCTRUNCATE: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
-	p->snapshot = snaplen;
 	/* accept all packets */
 	memset(&Filter, 0, sizeof(Filter));
 	Filter.enf_Priority = 37;	/* anything > 2 */
 	Filter.enf_FilterLen = 0;	/* means "always true" */
 	if (ioctl(p->fd, EIOCSETF, (caddr_t)&Filter) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCSETF: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "EIOCSETF: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}

-	if (to_ms != 0) {
+	if (p->md.timeout != 0) {
 		struct timeval timeout;
-		timeout.tv_sec = to_ms / 1000;
-		timeout.tv_usec = (to_ms * 1000) % 1000000;
+		timeout.tv_sec = p->md.timeout / 1000;
+		timeout.tv_usec = (p->md.timeout * 1000) % 1000000;
 		if (ioctl(p->fd, EIOCSRTIMEOUT, (caddr_t)&timeout) < 0) {
-			snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCSRTIMEOUT: %s",
+			snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "EIOCSRTIMEOUT: %s",
 				pcap_strerror(errno));
 			goto bad;
 		}
@ -485,7 +474,7 @@ your system may not be properly configured; see the packetfilter(4) man page\n",
 	p->bufsize = BUFSPACE;
 	p->buffer = (u_char*)malloc(p->bufsize + p->offset);
 	if (p->buffer == NULL) {
-		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
+		strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
 		goto bad;
 	}

@ -497,23 +486,29 @@ your system may not be properly configured; see the packetfilter(4) man page\n",
 	p->read_op = pcap_read_pf;
 	p->inject_op = pcap_inject_pf;
 	p->setfilter_op = pcap_setfilter_pf;
+	p->setdirection_op = NULL;	/* Not implemented. */
 	p->set_datalink_op = NULL;	/* can't change data link type */
 	p->getnonblock_op = pcap_getnonblock_fd;
 	p->setnonblock_op = pcap_setnonblock_fd;
 	p->stats_op = pcap_stats_pf;
-	p->close_op = pcap_close_common;

-	return (p);
+	return (0);
 bad:
-	if (p->fd >= 0)
-		close(p->fd);
-	/*
-	 * Get rid of any link-layer type list we allocated.
-	 */
-	if (p->dlt_list != NULL)
-		free(p->dlt_list);
-	free(p);
-	return (NULL);
+	pcap_cleanup_live_common(p);
+	return (PCAP_ERROR);
+}
+
+pcap_t *
+pcap_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_pf;
+	return (p);
 }

 int
--- a/pcap-pf.h
+++ b/pcap-pf.h
@ -1,19 +0,0 @@
-/*
- * Copyright (c) 1990, 1994
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Lawrence Berkeley Laboratory,
- * Berkeley, CA.  The name of the University may not be used to
- * endorse or promote products derived from this software without
- * specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * @(#) $Header: /tcpdump/master/libpcap/Attic/pcap-pf.h,v 1.2 1999-10-07 23:46:40 mcr Exp $ (LBL)
- */
--- a/pcap-savefile.manfile.in
+++ b/pcap-savefile.manfile.in
@ -0,0 +1,127 @@
+'\" t
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap-savefile.manfile.in,v 1.2 2008-10-24 07:33:50 guy Exp $
+.\"
+.\" Copyright (c) 1994, 1996, 1997
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that: (1) source code distributions
+.\" retain the above copyright notice and this paragraph in its entirety, (2)
+.\" distributions including binary code include the above copyright notice and
+.\" this paragraph in its entirety in the documentation or other materials
+.\" provided with the distribution, and (3) all advertising materials mentioning
+.\" features or use of this software display the following acknowledgement:
+.\" ``This product includes software developed by the University of California,
+.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+.\" the University nor the names of its contributors may be used to endorse
+.\" or promote products derived from this software without specific prior
+.\" written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.TH PCAP-SAVEFILE @MAN_FILE_FORMATS@ "21 October 2008"
+.SH NAME
+pcap-savefile \- libpcap savefile format
+.SH DESCRIPTION
+NOTE: applications and libraries should, if possible, use libpcap to
+read savefiles, rather than having their own code to read savefiles. 
+If, in the future, a new file format is supported by libpcap,
+applications and libraries using libpcap to read savefiles will be able
+to read the new format of savefiles, but applications and libraries
+using their own code to read savefiles will have to be changed to
+support the new file format.
+.PP
+``Savefiles'' read and written by libpcap and applications using libpcap
+start with a per-file header.  The format of the per-file header is:
+.RS
+.TS
+box;
+c s
+c | c
+c s.
+Magic number
+_
+Major version	Minor version
+_
+Time zone offset
+_
+Time stamp accuracy
+_
+Snapshot length
+_
+Link-layer header type
+.TE
+.RE
+.PP
+All fields in the per-file header are in the byte order of the host
+writing the file.  The first field in the per-file header is a 4-byte
+magic number, with the value 0xa1b2c3d4.  The magic number, when read by
+a host with the same byte order as the host that wrote the file, will
+have the value 0xa1b2c3d4, and, when read by a host with the opposite
+byte order as the host that wrote the file, will have the value
+0xd4c3b2a1.  That allows software reading the file to determine whether
+the byte order of the host that wrote the file is the same as the byte
+order of the host on which the file is being read, and thus whether the
+values in the per-file and per-packet headers need to be byte-swapped.
+.PP
+Following this are:
+.IP
+A 2-byte file format major version number; the current version number is
+2.
+.IP
+A 2-byte file format minor version number; the current version number is
+4.
+.IP
+A 4-byte time zone offset; this is always 0.
+.IP
+A 4-byte number giving the accuracy of time stamps in the file; this is
+always 0.
+.IP
+A 4-byte number giving the "snapshot length" of the capture; packets
+longer than the snapshot length are truncated to the snapshot length, so
+that, if the snapshot length is
+.IR N ,
+only the first
+.I N
+bytes of a packet longer than
+.I N
+bytes will be saved in the capture.
+.IP
+a 4-byte number giving the link-layer header type for packets in the
+capture; see
+.BR pcap-linktype (@MAN_MISC_INFO@)
+for the
+.B LINKTYPE_
+values that can appear in this field.
+.PP
+Following the per-file header are zero or more packets; each packet
+begins with a per-packet header, which is immediately followed by the
+raw packet data.  The format of the per-packet header is:
+.RS
+.TS
+box;
+c.
+Time stamp, seconds value
+_
+Time stamp, microseconds value
+_
+Length of captured packet data
+_
+Un-truncated length of the packet data
+.TE
+.RE
+.PP
+All fields in the per-packet header are in the byte order of the host
+writing the file.  The per-packet header begins with a time stamp giving
+the approximate time the packet was captured; the time stamp consists of
+a 4-byte value, giving the time in seconds since January 1, 1970,
+00:00:00 UTC, followed by a 4-byte value, giving the time in
+microseconds since that second.  Following that are a 4-byte value
+giving the number of bytes of captured data that follow the per-packet
+header and a 4-byte value giving the number of bytes that would have
+been present had the packet not been truncated by the snapshot length. 
+The two lengths will be equal if the number of bytes of packet data are
+less than or equal to the snapshot length.
+.SH SEE ALSO
+pcap(3PCAP), pcap-linktype(@MAN_MISC_INFO@)
--- a/pcap-septel.c
+++ b/pcap-septel.c
@ -0,0 +1,290 @@
+/*
+ * pcap-septel.c: Packet capture interface for Intel/Septel card.
+ *
+ * The functionality of this code attempts to mimic that of pcap-linux as much
+ * as possible.  This code is compiled in several different ways depending on
+ * whether SEPTEL_ONLY and HAVE_SEPTEL_API are defined.  If HAVE_SEPTEL_API is
+ * not defined it should not get compiled in, otherwise if SEPTEL_ONLY is
+ * defined then the 'septel_' function calls are renamed to 'pcap_'
+ * equivalents.  If SEPTEL_ONLY is not defined then nothing is altered - the
+ * septel_ functions will be called as required from their
+ * pcap-linux/equivalents.
+ *
+ * Authors: Gilbert HOYEK (gil_hoyek@hotmail.com), Elias M. KHOURY
+ * (+961 3 485243)
+ */
+
+#ifndef lint
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-septel.c,v 1.4 2008-04-14 20:40:58 guy Exp $";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/param.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "pcap-int.h"
+
+#include <ctype.h>
+#include <netinet/in.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifdef HAVE_SEPTEL_API
+#include <msg.h>
+#include <ss7_inc.h>
+#include <sysgct.h>
+#include <pack.h>
+#include <system.h>
+#endif /* HAVE_SEPTEL_API */
+
+#ifdef SEPTEL_ONLY
+/* This code is required when compiling for a Septel device only. */
+#include "pcap-septel.h"
+
+/* Replace septel function names with pcap equivalent. */
+#define septel_create pcap_create
+#define septel_platform_finddevs pcap_platform_finddevs
+#endif /* SEPTEL_ONLY */
+
+static int septel_setfilter(pcap_t *p, struct bpf_program *fp);
+static int septel_stats(pcap_t *p, struct pcap_stat *ps);
+static int septel_setnonblock(pcap_t *p, int nonblock, char *errbuf);
+
+/*
+ *  Read at most max_packets from the capture queue and call the callback
+ *  for each of them. Returns the number of packets handled, -1 if an
+ *  error occured, or -2 if we were told to break out of the loop.
+ */
+static int septel_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) {
+
+  HDR *h;
+  MSG *m;
+  int processed = 0 ;
+  int t = 0 ;
+
+  /* identifier for the message queue of the module(upe) from which we are capturing
+   * packets.These IDs are defined in system.txt . By default it is set to 0x2d
+   * so change it to 0xdd for technical reason and therefore the module id for upe becomes:
+   * LOCAL        0xdd           * upe - Example user part task */
+  unsigned int id = 0xdd;
+
+  /* process the packets */
+  do  {
+
+    unsigned short packet_len = 0;
+    int caplen = 0;
+    int counter = 0;
+    struct pcap_pkthdr   pcap_header;
+    u_char *dp ;
+
+    /*
+     * Has "pcap_breakloop()" been called?
+     */
+loop:
+    if (p->break_loop) {
+      /*
+       * Yes - clear the flag that indicates that
+       * it has, and return -2 to indicate that
+       * we were told to break out of the loop.
+       */
+      p->break_loop = 0;
+      return -2;
+    }
+
+    /*repeat until a packet is read
+     *a NULL message means :
+     * when no packet is in queue or all packets in queue already read */
+    do  {
+      /* receive packet in non-blocking mode
+       * GCT_grab is defined in the septel library software */
+      h = GCT_grab(id);
+
+      m = (MSG*)h;
+      /* a couter is added here to avoid an infinite loop
+       * that will cause our capture program GUI to freeze while waiting
+       * for a packet*/
+      counter++ ;
+
+    }
+    while  ((m == NULL)&& (counter< 100)) ;
+
+    if (m != NULL) {
+
+      t = h->type ;
+
+      /* catch only messages with type = 0xcf00 or 0x8f01 corrsponding to ss7 messages*/
+      /* XXX = why not use API_MSG_TX_REQ for 0xcf00 and API_MSG_RX_IND
+       * for 0x8f01? */
+      if ((t != 0xcf00) && (t != 0x8f01)) {
+        relm(h);
+        goto loop ;
+      }
+
+      /* XXX - is API_MSG_RX_IND for an MTP2 or MTP3 message? */
+      dp = get_param(m);/* get pointer to MSG parameter area (m->param) */
+      packet_len = m->len;
+      caplen =  p->snapshot ;
+
+
+      if (caplen > packet_len) {
+
+        caplen = packet_len;
+      }
+      /* Run the packet filter if there is one. */
+      if ((p->fcode.bf_insns == NULL) || bpf_filter(p->fcode.bf_insns, dp, packet_len, caplen)) {
+
+
+        /*  get a time stamp , consisting of :
+         *
+         *  pcap_header.ts.tv_sec:
+         *  ----------------------
+         *   a UNIX format time-in-seconds when he packet was captured,
+         *   i.e. the number of seconds since Epoch time (January 1,1970, 00:00:00 GMT)
+         *
+         *  pcap_header.ts.tv_usec :
+         *  ------------------------
+         *   the number of microseconds since that second
+         *   when the packet was captured
+         */
+
+        (void)gettimeofday(&pcap_header.ts, NULL);
+
+        /* Fill in our own header data */
+        pcap_header.caplen = caplen;
+        pcap_header.len = packet_len;
+
+        /* Count the packet. */
+        p->md.stat.ps_recv++;
+
+        /* Call the user supplied callback function */
+        callback(user, &pcap_header, dp);
+
+        processed++ ;
+
+      }
+      /* after being processed the packet must be
+       *released in order to receive another one */
+      relm(h);
+    }else
+      processed++;
+
+  }
+  while (processed < cnt) ;
+
+  return processed ;
+}
+
+
+static int
+septel_inject(pcap_t *handle, const void *buf _U_, size_t size _U_)
+{
+  strlcpy(handle->errbuf, "Sending packets isn't supported on Septel cards",
+          PCAP_ERRBUF_SIZE);
+  return (-1);
+}
+
+/*
+ *  Activate a handle for a live capture from the given Septel device.  Always pass a NULL device
+ *  The promisc flag is ignored because Septel cards have built-in tracing.
+ *  The timeout is also ignored as it is not supported in hardware.
+ *
+ *  See also pcap(3).
+ */
+static pcap_t *septel_activate(pcap_t* handle) {
+  /* Initialize some components of the pcap structure. */  
+  handle->linktype = DLT_MTP2;
+  
+  handle->bufsize = 0;
+
+  /*
+   * "select()" and "poll()" don't work on Septel queues
+   */
+  handle->selectable_fd = -1;
+
+  handle->read_op = septel_read;
+  handle->inject_op = septel_inject;
+  handle->setfilter_op = septel_setfilter;
+  handle->set_datalink_op = NULL; /* can't change data link type */
+  handle->getnonblock_op = pcap_getnonblock_fd;
+  handle->setnonblock_op = septel_setnonblock;
+  handle->stats_op = septel_stats;
+
+  return 0;
+}
+
+pcap_t *septel_create(const char *device, char *ebuf) {
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return NULL;
+
+	p->activate_op = septel_activate;
+	return p;
+}
+
+static int septel_stats(pcap_t *p, struct pcap_stat *ps) {
+  /*p->md.stat.ps_recv = 0;*/
+  /*p->md.stat.ps_drop = 0;*/
+  
+  *ps = p->md.stat;
+ 
+  return 0;
+}
+
+
+int
+septel_platform_finddevs(pcap_if_t **devlistp, char *errbuf)
+{
+unsigned char *p;
+  const char description[512]= "Intel/Septel device";
+  char name[512]="septel" ;
+  int ret = 0;
+  pcap_add_if(devlistp,name,0,description,errbuf);
+
+  return (ret); 
+}
+
+
+/*
+ * Installs the given bpf filter program in the given pcap structure.  There is
+ * no attempt to store the filter in kernel memory as that is not supported
+ * with Septel cards.
+ */
+static int septel_setfilter(pcap_t *p, struct bpf_program *fp) {
+  if (!p)
+    return -1;
+  if (!fp) {
+    strncpy(p->errbuf, "setfilter: No filter specified",
+	    sizeof(p->errbuf));
+    return -1;
+  }
+
+  /* Make our private copy of the filter */
+
+  if (install_bpf_program(p, fp) < 0) {
+    snprintf(p->errbuf, sizeof(p->errbuf),
+	     "malloc: %s", pcap_strerror(errno));
+    return -1;
+  }
+
+  p->md.use_bpf = 0;
+
+  return (0);
+}
+
+
+static int
+septel_setnonblock(pcap_t *p, int nonblock, char *errbuf)
+{
+  return (0);
+}
--- a/pcap-septel.h
+++ b/pcap-septel.h
@ -0,0 +1,15 @@
+/*
+ * pcap-septel.c: Packet capture interface for Intel Septel card
+ *
+ * The functionality of this code attempts to mimic that of pcap-linux as much
+ * as possible.  This code is only needed when compiling in the Intel/Septel
+ * card code at the same time as another type of device.
+ *
+ * Authors: Gilbert HOYEK (gil_hoyek@hotmail.com), Elias M. KHOURY
+ * (+961 3 485343);
+ *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-septel.h,v 1.2 2008-04-04 19:37:45 guy Exp $
+ */
+
+pcap_t *septel_create(const char *device, char *ebuf);
+
--- a/pcap-sita.c
+++ b/pcap-sita.c
@ -0,0 +1,980 @@
+/*
+ *  pcap-sita.c: Packet capture interface additions for SITA ACN devices
+ *
+ *  Copyright (c) 2007 Fulko Hew, SITA INC Canada, Inc <fulko.hew@sita.aero>
+ *
+ *  License: BSD
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions
+ *  are met:
+ *
+ *  1. Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *  2. Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *  3. The names of the authors may not be used to endorse or promote
+ *     products derived from this software without specific prior
+ *     written permission.
+ *
+ *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ *  IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+ /* $Id: pcap-sita.c */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include "pcap-int.h"
+
+#include "pcap-sita.h"
+
+	/* non-configureable manifests follow */
+
+#define IOP_SNIFFER_PORT	49152			/* TCP port on the IOP used for 'distributed pcap' usage */
+#define MAX_LINE_SIZE		255				/* max size of a buffer/line in /etc/hosts we allow */
+#define MAX_CHASSIS			8				/* number of chassis in an ACN site */
+#define MAX_GEOSLOT			8				/* max number of access units in an ACN site */
+
+#define FIND			0
+#define LIVE			1
+
+typedef struct iface {
+	struct iface	*next;					/* a pointer to the next interface */
+	char			*name;					/* this interface's name on Wireshark */
+	char			*IOPname;				/* this interface's name on an IOP */
+	uint32_t		iftype;					/* the type of interface (DLT values) */
+} iface_t;
+
+typedef struct unit {
+	char				*ip;				/* this unit's IP address (as extracted from /etc/hosts) */
+	int					fd;					/* the connection to this unit (if it exists) */
+	int					find_fd;			/* a big kludge to avoid my programming limitations since I could have this unit open for findalldevs purposes */
+	int					first_time;			/* 0 = just opened via acn_open_live(),  ie. the first time, NZ = nth time */
+	struct sockaddr_in	*serv_addr;			/* the address control block for comms to this unit */
+	int					chassis;
+	int					geoslot;
+	iface_t				*iface;				/* a pointer to a linked list of interface structures */
+	char				*imsg;				/* a pointer to an inbound message */
+	int					len;				/* the current size of the inbound message */
+} unit_t;
+
+static char			*errorString;
+static unit_t		units[MAX_CHASSIS+1][MAX_GEOSLOT+1];	/* we use indexes of 1 through 8, but we reserve/waste index 0 */
+static fd_set		readfds;								/* a place to store the file descriptors for the connections to the IOPs */
+static fd_set		working_set;
+static int			max_fs;
+static char			static_buf[32];
+
+pcap_if_t			*acn_if_list;							/* pcap's list of available interfaces */
+
+static void dump_interface_list(void) {
+	pcap_if_t		*iff;
+	pcap_addr_t		*addr;
+	int				longest_name_len = 0;
+	char			*n, *d, *f;
+	int				if_number = 0;
+
+	iff = acn_if_list;
+	while (iff) {
+		if (iff->name && (strlen(iff->name) > longest_name_len)) longest_name_len = strlen(iff->name);
+		iff = iff->next;
+	}
+	iff = acn_if_list;
+	printf("Interface List:\n");
+	while (iff) {
+		n = (iff->name)							? iff->name			: "";
+		d = (iff->description)					? iff->description	: "";
+		f = (iff->flags == PCAP_IF_LOOPBACK)	? "L"				: "";
+		printf("%3d: %*s %s '%s'\n", if_number++, longest_name_len, n, f, d);
+		addr = iff->addresses;
+		while (addr) {
+			printf("%*s ", (5 + longest_name_len), "");		/* add some indentation */
+			printf("%15s  ", (addr->addr)		? inet_ntoa(((struct sockaddr_in *)addr->addr)->sin_addr)		: "");
+			printf("%15s  ", (addr->netmask)	? inet_ntoa(((struct sockaddr_in *)addr->netmask)->sin_addr)	: "");
+			printf("%15s  ", (addr->broadaddr)	? inet_ntoa(((struct sockaddr_in *)addr->broadaddr)->sin_addr)	: "");
+			printf("%15s  ", (addr->dstaddr)	? inet_ntoa(((struct sockaddr_in *)addr->dstaddr)->sin_addr)	: "");
+			printf("\n");
+			addr = addr->next;
+		}
+		iff = iff->next;
+	}
+}
+
+static void dump(unsigned char *ptr, int i, int indent) {
+	fprintf(stderr, "%*s", indent, " ");
+	for (; i > 0; i--) {
+		fprintf(stderr, "%2.2x ", *ptr++);
+	}
+	fprintf(stderr, "\n");
+}
+
+static void dump_interface_list_p(void) {
+	pcap_if_t		*iff;
+	pcap_addr_t		*addr;
+	int				if_number = 0;
+
+	iff = acn_if_list;
+	printf("Interface Pointer @ %p is %p:\n", &acn_if_list, iff);
+	while (iff) {
+		printf("%3d: %p %p next: %p\n", if_number++, iff->name, iff->description, iff->next);
+		dump((unsigned char *)iff, sizeof(pcap_if_t), 5);
+		addr = iff->addresses;
+		while (addr) {
+			printf("          %p %p %p %p, next: %p\n", addr->addr, addr->netmask, addr->broadaddr, addr->dstaddr, addr->next);
+			dump((unsigned char *)addr, sizeof(pcap_addr_t), 10);
+			addr = addr->next;
+		}
+		iff = iff->next;
+	}
+}
+
+static void dump_unit_table(void) {
+	int		chassis, geoslot;
+	iface_t	*p;
+
+	printf("%c:%c %s %s\n", 'C', 'S', "fd", "IP Address");
+	for (chassis = 0; chassis <= MAX_CHASSIS; chassis++) {
+		for (geoslot = 0; geoslot <= MAX_GEOSLOT; geoslot++) {
+			if (units[chassis][geoslot].ip != NULL)
+				printf("%d:%d %2d %s\n", chassis, geoslot, units[chassis][geoslot].fd, units[chassis][geoslot].ip);
+			p = units[chassis][geoslot].iface;
+			while (p) {
+				char *n = (p->name)			? p->name			: "";
+				char *i = (p->IOPname)		? p->IOPname		: "";
+				p = p->next;
+				printf("   %12s    -> %12s\n", i, n);
+			}
+		}
+	}
+}
+
+static int find_unit_by_fd(int fd, int *chassis, int *geoslot, unit_t **unit_ptr) {
+	int		c, s;
+
+	for (c = 0; c <= MAX_CHASSIS; c++) {
+		for (s = 0; s <= MAX_GEOSLOT; s++) {
+			if (units[c][s].fd == fd || units[c][s].find_fd == fd) {
+				if (chassis)	*chassis = c;
+				if (geoslot)	*geoslot = s;
+				if (unit_ptr)	*unit_ptr = &units[c][s];
+				return 1;
+			}
+		}
+	}
+	return 0;
+}
+
+static int read_client_nbytes(int fd, int count, unsigned char *buf) {
+	unit_t			*u;
+	int				chassis, geoslot;
+	int				len;
+
+	find_unit_by_fd(fd, &chassis, &geoslot, &u);
+	while (count) {
+		if ((len = recv(fd, buf, count, 0)) <= 0)	return -1;	/* read in whatever data was sent to us */
+		count -= len;	
+		buf += len;
+	}															/* till we have everything we are looking for */
+	return 0;
+}
+
+static void empty_unit_iface(unit_t *u) {
+	iface_t	*p, *cur;
+
+	cur = u->iface;
+	while (cur) {											/* loop over all the interface entries */
+		if (cur->name)			free(cur->name);			/* throwing away the contents if they exist */
+		if (cur->IOPname)		free(cur->IOPname);
+		p = cur->next;
+		free(cur);											/* then throw away the structure itself */
+		cur = p;
+	}
+	u->iface = 0;											/* and finally remember that there are no remaining structure */
+}
+
+static void empty_unit(int chassis, int geoslot) {
+	unit_t	*u = &units[chassis][geoslot];
+
+	empty_unit_iface(u);
+	if (u->imsg) {											/* then if an inbound message buffer exists */
+		u->imsg = (char *)realloc(u->imsg, 1);				/* and re-allocate the old large buffer into a new small one */
+	}
+}
+
+static void empty_unit_table(void) {
+	int		chassis, geoslot;
+
+	for (chassis = 0; chassis <= MAX_CHASSIS; chassis++) {
+		for (geoslot = 0; geoslot <= MAX_GEOSLOT; geoslot++) {
+			if (units[chassis][geoslot].ip != NULL) {
+				free(units[chassis][geoslot].ip);			/* get rid of the malloc'ed space that holds the IP address */
+				units[chassis][geoslot].ip = 0;				/* then set the pointer to NULL */
+			}
+			empty_unit(chassis, geoslot);
+		}
+	}
+}
+
+static char *find_nth_interface_name(int n) {
+	int		chassis, geoslot;
+	iface_t	*p;
+	char	*last_name = 0;
+
+	if (n < 0) n = 0;												/* ensure we are working with a valid number */
+	for (chassis = 0; chassis <= MAX_CHASSIS; chassis++) {			/* scan the table... */
+		for (geoslot = 0; geoslot <= MAX_GEOSLOT; geoslot++) {
+			if (units[chassis][geoslot].ip != NULL) {
+				p = units[chassis][geoslot].iface;
+				while (p) {											/* and all interfaces... */
+					if (p->IOPname) last_name = p->name;			/* remembering the last name found */
+					if (n-- == 0) return last_name;					/* and if we hit the instance requested */
+					p = p->next;
+				}
+			}
+		}
+	}
+											/* if we couldn't fine the selected entry */
+	if (last_name)	return last_name;		/* ... but we did have at least one entry... return the last entry found */
+	return "";								/* ... but if there wasn't any entry... return an empty string instead */
+}
+
+int acn_parse_hosts_file(char *errbuf) {				/* returns: -1 = error, 0 = OK */
+	FILE	*fp;
+	char	buf[MAX_LINE_SIZE];
+	char	*ptr, *ptr2;
+	int		pos;
+	int		chassis, geoslot;
+	unit_t	*u;
+
+	empty_unit_table();
+	if ((fp = fopen("/etc/hosts", "r")) == NULL) {										/* try to open the hosts file and if it fails */
+		snprintf(errbuf, PCAP_ERRBUF_SIZE, "Cannot open '/etc/hosts' for reading.");	/* return the nohostsfile error response */
+		return -1;
+	}
+	while (fgets(buf, MAX_LINE_SIZE-1, fp)) {			/* while looping over the file */
+
+		pos = strcspn(buf, "#\n\r");					/* find the first comment character or EOL */
+		*(buf + pos) = '\0';							/* and clobber it and anything that follows it */
+
+		pos = strspn(buf, " \t");						/* then find the first non-white space */
+		if (pos == strlen(buf))							/* if there is nothing but white space on the line */
+			continue;									/* ignore that empty line */
+		ptr = buf + pos;								/* and skip over any of that leading whitespace */
+
+		if ((ptr2 = strstr(ptr, "_I_")) == NULL)		/* skip any lines that don't have names that look like they belong to IOPs */
+			continue;
+		if (*(ptr2 + 4) != '_')							/* and skip other lines that have names that don't look like ACN components */
+			continue;
+		*(ptr + strcspn(ptr, " \t")) = '\0';			/* null terminate the IP address so its a standalone string */
+
+		chassis = *(ptr2 + 3) - '0';					/* extract the chassis number */
+		geoslot = *(ptr2 + 5) - '0';					/* and geo-slot number */
+		if (chassis < 1 || chassis > MAX_CHASSIS ||
+			geoslot < 1 || geoslot > MAX_GEOSLOT) {		/* if the chassis and/or slot numbers appear to be bad... */
+			snprintf(errbuf, PCAP_ERRBUF_SIZE, "Invalid ACN name in '/etc/hosts'.");	/* warn the user */
+			continue;																	/* and ignore the entry */
+		}
+		if ((ptr2 = (char *)malloc(strlen(ptr) + 1)) == NULL) {
+			snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+			continue;
+		}
+		strcpy(ptr2, ptr);								/* copy the IP address into our malloc'ed memory */
+		u = &units[chassis][geoslot];
+		u->ip = ptr2;									/* and remember the whole shebang */
+		u->chassis = chassis;
+		u->geoslot = geoslot;
+	}
+	fclose(fp);
+	if (*errbuf)	return -1;
+	else			return 0;
+}
+
+static int open_with_IOP(unit_t  *u, int flag) {
+	int					sockfd;
+	char				*ip;
+
+	if (u->serv_addr == NULL) {
+		u->serv_addr = malloc(sizeof(struct sockaddr_in));
+	}
+	ip = u->ip;
+	bzero((char *)u->serv_addr, sizeof(struct sockaddr_in));
+	u->serv_addr->sin_family		= AF_INET;
+	u->serv_addr->sin_addr.s_addr	= inet_addr(ip);
+	u->serv_addr->sin_port			= htons(IOP_SNIFFER_PORT);
+
+	if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+		fprintf(stderr, "pcap can't open a socket for connecting to IOP at %s\n", ip);
+		return 0;
+	}
+	if (connect(sockfd, (struct sockaddr *)u->serv_addr, sizeof(struct sockaddr_in)) < 0) {
+		fprintf(stderr, "pcap can't connect to IOP at %s\n", ip);
+		return 0;
+	}
+	if (flag == LIVE)	u->fd = sockfd;
+	else				u->find_fd = sockfd;
+	u->first_time = 0;
+	return sockfd;			/* return the non-zero file descriptor as a 'success' indicator */
+}
+
+static void close_with_IOP(int chassis, int geoslot, int flag) {
+	int		*id;
+
+	if (flag == LIVE)	id = &units[chassis][geoslot].fd;
+	else				id = &units[chassis][geoslot].find_fd;
+
+	if (*id) {										/* this was the last time, so... if we are connected... */
+		close(*id);									/* disconnect us */
+		*id = 0;									/* and forget that the descriptor exists because we are not open */
+	}
+}
+
+static void pcap_cleanup_acn(pcap_t *handle) {
+	int		chassis, geoslot;
+	unit_t	*u;
+
+	if (find_unit_by_fd(handle->fd, &chassis, &geoslot, &u) == 0)
+		return;
+	close_with_IOP(chassis, geoslot, LIVE);
+	if (u)
+		u->first_time = 0;
+	pcap_cleanup_live_common(handle);
+}
+
+static void send_to_fd(int fd, int len, unsigned char *str) {
+	int		nwritten;
+	int		chassis, geoslot;
+
+	while (len > 0) {
+		if ((nwritten = write(fd, str, len)) <= 0) {
+			find_unit_by_fd(fd, &chassis, &geoslot, NULL);
+			if (units[chassis][geoslot].fd == fd)			close_with_IOP(chassis, geoslot, LIVE);
+			else if (units[chassis][geoslot].find_fd == fd)	close_with_IOP(chassis, geoslot, FIND);
+			empty_unit(chassis, geoslot);
+			return;
+		}
+		len -= nwritten;
+		str += nwritten;
+	}
+}
+
+static void acn_freealldevs(void) {
+
+	pcap_if_t	*iff, *next_iff;
+	pcap_addr_t	*addr, *next_addr;
+
+	for (iff = acn_if_list; iff != NULL; iff = next_iff) {
+		next_iff = iff->next;
+		for (addr = iff->addresses; addr != NULL; addr = next_addr) {
+			next_addr = addr->next;
+			if (addr->addr)			free(addr->addr);
+			if (addr->netmask)		free(addr->netmask);
+			if (addr->broadaddr)	free(addr->broadaddr);
+			if (addr->dstaddr)		free(addr->dstaddr);
+			free(addr);
+		}
+		if (iff->name)			free(iff->name);
+		if (iff->description)	free(iff->description);
+		free(iff);
+	}
+}
+
+static char *nonUnified_port_num(unit_t *u, int IOPportnum) {
+
+	sprintf(static_buf, "%d_%d", u->chassis, u->geoslot);
+	return static_buf;
+}
+
+static char *unified_port_num(unit_t *u, int IOPportnum) {
+	int			portnum;
+
+	portnum = ((u->chassis - 1) * 64) + ((u->geoslot - 1) * 8) + IOPportnum + 1;
+	sprintf(static_buf, "%d", portnum);
+	return static_buf;
+}
+
+static char *translate_IOP_to_pcap_name(unit_t *u, char *IOPname, bpf_u_int32 iftype) {
+	iface_t		*iface_ptr, *iface;
+	char		*name;
+	char		buf[32];
+	char		*proto;
+	char		*port;
+	int			IOPportnum = 0;
+
+	iface = malloc(sizeof(iface_t));		/* get memory for a structure */
+	bzero((char *)iface, sizeof(iface_t));
+
+	iface->iftype = iftype;					/* remember the interface type of this interface */
+
+	name = malloc(strlen(IOPname) + 1);		/* get memory for the IOP's name */
+	strcpy(name, IOPname);					/* and copy it in */
+	iface->IOPname = name;					/* and stick it into the structure */
+
+	if (strncmp(IOPname, "lo", 2) == 0) {
+		IOPportnum = atoi(&IOPname[2]);
+		switch (iftype) {
+			case DLT_EN10MB:	proto = "lo";		port = nonUnified_port_num(u, IOPportnum);	break;
+			default:			proto = "???";		port = unified_port_num(u, IOPportnum);		break;
+		}
+	} else if (strncmp(IOPname, "eth", 3) == 0) {
+		IOPportnum = atoi(&IOPname[3]);
+		switch (iftype) {
+			case DLT_EN10MB:	proto = "eth";		port = nonUnified_port_num(u, IOPportnum);	break;
+			default:			proto = "???";		port = unified_port_num(u, IOPportnum);		break;
+		}
+	} else if (strncmp(IOPname, "wan", 3) == 0) {
+		IOPportnum = atoi(&IOPname[3]);
+		switch (iftype) {
+			case DLT_SITA:		proto = "wan";		port = unified_port_num(u, IOPportnum);		break;
+			default:			proto = "???";		port = unified_port_num(u, IOPportnum);		break;
+		}
+	}
+
+	sprintf(buf, "%s_%s", proto, port);		/* compose the user's name for that IOP port name */
+	name = malloc(strlen(buf) + 1);			/* get memory for that name */
+	strcpy(name, buf);						/* and copy it in */
+	iface->name = name;						/* and stick it into the structure */
+
+	if (u->iface == 0) {					/* if this is the first name */
+		u->iface = iface;					/* stick this entry at the head of the list */
+	} else {
+		iface_ptr = u->iface;
+		while (iface_ptr->next) {			/* othewise scan the list */
+			iface_ptr = iface_ptr->next;	/* till we're at the last entry */
+		}
+		iface_ptr->next = iface;			/* then tack this entry on the end of the list */
+	}
+	return iface->name;
+}
+
+static int if_sort(char *s1, char *s2) {
+	char	*s1_p2, *s2_p2;
+	char	str1[MAX_LINE_SIZE], str2[MAX_LINE_SIZE];
+	int		s1_p1_len, s2_p1_len;
+	int		retval;
+
+	if ((s1_p2 = strchr(s1, '_'))) {	/* if an underscore is found... */
+		s1_p1_len = s1_p2 - s1;			/* the prefix length is the difference in pointers */
+		s1_p2++;						/* the suffix actually starts _after_ the underscore */
+	} else {							/* otherwise... */
+		s1_p1_len = strlen(s1);			/* the prefix length is the length of the string itself */
+		s1_p2 = 0;						/* and there is no suffix */
+	}
+	if ((s2_p2 = strchr(s2, '_'))) {	/* now do the same for the second string */
+		s2_p1_len = s2_p2 - s2;
+		s2_p2++;
+	} else {
+		s2_p1_len = strlen(s2);
+		s2_p2 = 0;
+	}
+	strncpy(str1, s1, (s1_p1_len > sizeof(str1)) ? s1_p1_len : sizeof(str1));   *(str1 + s1_p1_len) = 0;
+	strncpy(str2, s2, (s2_p1_len > sizeof(str2)) ? s2_p1_len : sizeof(str2));   *(str2 + s2_p1_len) = 0;
+	retval = strcmp(str1, str2);
+	if (retval != 0) return retval;		/* if they are not identical, then we can quit now and return the indication */
+	return strcmp(s1_p2, s2_p2);		/* otherwise we return the result of comparing the 2nd half of the string */
+}
+
+static void sort_if_table(void) {
+	pcap_if_t	*p1, *p2, *prev, *temp;
+	int			has_swapped;
+
+	if (!acn_if_list) return;				/* nothing to do if the list is empty */
+
+	while (1) {
+		p1 = acn_if_list;					/* start at the head of the list */
+		prev = 0;
+		has_swapped = 0;
+		while ((p2 = p1->next)) {
+			if (if_sort(p1->name, p2->name) > 0) {
+				if (prev) {					/* we are swapping things that are _not_ at the head of the list */
+					temp = p2->next;
+					prev->next = p2;
+					p2->next = p1;
+					p1->next = temp;
+				} else {					/* special treatment if we are swapping with the head of the list */
+					temp = p2->next;
+					acn_if_list= p2;
+					p2->next = p1;
+					p1->next = temp;
+				}
+				p1 = p2;
+				prev = p1;
+				has_swapped = 1;
+			}
+			prev = p1;
+			p1 = p1->next;
+		}
+		if (has_swapped == 0)
+			return;
+	}	
+	return;
+}
+	
+static int process_client_data (char *errbuf) {								/* returns: -1 = error, 0 = OK */
+	int					chassis, geoslot;
+	unit_t				*u;
+	pcap_if_t			*iff, *prev_iff;
+	pcap_addr_t			*addr, *prev_addr;
+	char				*ptr;
+	int					address_count;
+	struct sockaddr_in	*s;
+	char				*newname;
+	bpf_u_int32				interfaceType;
+	unsigned char		flags;
+
+	prev_iff = 0;
+	for (chassis = 0; chassis <= MAX_CHASSIS; chassis++) {
+		for (geoslot = 0; geoslot <= MAX_GEOSLOT; geoslot++) {				/* now loop over all the devices */
+			u = &units[chassis][geoslot];
+			empty_unit_iface(u);
+			ptr = u->imsg;													/* point to the start of the msg for this IOP */
+			while (ptr < (u->imsg + u->len)) {
+				if ((iff = malloc(sizeof(pcap_if_t))) == NULL) {
+					snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+					return -1;
+				}
+				bzero((char *)iff, sizeof(pcap_if_t));
+				if (acn_if_list == 0)	acn_if_list = iff;					/* remember the head of the list */
+				if (prev_iff)			prev_iff->next = iff;				/* insert a forward link */
+
+				if (*ptr) {													/* if there is a count for the name */
+					if ((iff->name = malloc(*ptr + 1)) == NULL) {			/* get that amount of space */
+						snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+						return -1;
+					}
+					memcpy(iff->name, (ptr + 1), *ptr);						/* copy the name into the malloc'ed space */
+					*(iff->name + *ptr) = 0;								/* and null terminate the string */
+					ptr += *ptr;											/* now move the pointer forwards by the length of the count plus the length of the string */
+				}
+				ptr++;
+
+				if (*ptr) {													/* if there is a count for the description */
+					if ((iff->description = malloc(*ptr + 1)) == NULL) {	/* get that amount of space */
+						snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+						return -1;
+					}
+					memcpy(iff->description, (ptr + 1), *ptr);				/* copy the name into the malloc'ed space */
+					*(iff->description + *ptr) = 0;							/* and null terminate the string */
+					ptr += *ptr;											/* now move the pointer forwards by the length of the count plus the length of the string */
+				}
+				ptr++;
+
+				interfaceType = ntohl(*(bpf_u_int32 *)ptr);
+				ptr += 4;													/* skip over the interface type */
+
+				flags = *ptr++;
+				if (flags) iff->flags = PCAP_IF_LOOPBACK;					/* if this is a loopback style interface, lets mark it as such */
+
+				address_count = *ptr++;
+
+				prev_addr = 0;
+				while (address_count--) {
+					if ((addr = malloc(sizeof(pcap_addr_t))) == NULL) {
+						snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+						return -1;
+					}
+					bzero((char *)addr, sizeof(pcap_addr_t));
+					if (iff->addresses == 0) iff->addresses = addr;
+					if (prev_addr) prev_addr->next = addr;							/* insert a forward link */
+					if (*ptr) {														/* if there is a count for the address */
+						if ((s = malloc(sizeof(struct sockaddr_in))) == NULL) {		/* get that amount of space */
+							snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+							return -1;
+						}
+						bzero((char *)s, sizeof(struct sockaddr_in));
+						addr->addr = (struct sockaddr *)s;
+						s->sin_family		= AF_INET;
+						s->sin_addr.s_addr	= *(bpf_u_int32 *)(ptr + 1);			/* copy the address in */
+						ptr += *ptr;										/* now move the pointer forwards according to the specified length of the address */
+					}
+					ptr++;													/* then forwards one more for the 'length of the address' field */
+					if (*ptr) {												/* process any netmask */
+						if ((s = malloc(sizeof(struct sockaddr_in))) == NULL) {
+							snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+							return -1;
+						}
+						bzero((char *)s, sizeof(struct sockaddr_in));
+						addr->netmask = (struct sockaddr *)s;
+						s->sin_family		= AF_INET;
+						s->sin_addr.s_addr	= *(bpf_u_int32*)(ptr + 1);
+						ptr += *ptr;
+					}
+					ptr++;
+					if (*ptr) {												/* process any broadcast address */
+						if ((s = malloc(sizeof(struct sockaddr_in))) == NULL) {
+							snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+							return -1;
+						}
+						bzero((char *)s, sizeof(struct sockaddr_in));
+						addr->broadaddr = (struct sockaddr *)s;
+						s->sin_family		= AF_INET;
+						s->sin_addr.s_addr	= *(bpf_u_int32*)(ptr + 1);
+						ptr += *ptr;
+					}
+					ptr++;
+					if (*ptr) {												/* process any destination address */
+						if ((s = malloc(sizeof(struct sockaddr_in))) == NULL) {
+							snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno));
+							return -1;
+						}
+						bzero((char *)s, sizeof(struct sockaddr_in));
+						addr->dstaddr = (struct sockaddr *)s;
+						s->sin_family		= AF_INET;
+						s->sin_addr.s_addr	= *(bpf_u_int32*)(ptr + 1);
+						ptr += *ptr;
+					}
+					ptr++;
+					prev_addr = addr;
+				}
+				prev_iff = iff;
+
+				newname = translate_IOP_to_pcap_name(u, iff->name, interfaceType);		/* add a translation entry and get a point to the mangled name */
+				if ((iff->name = realloc(iff->name, strlen(newname) + 1)) == NULL) {	/* we now re-write the name stored in the interface list */
+					snprintf(errbuf, PCAP_ERRBUF_SIZE, "realloc: %s", pcap_strerror(errno));
+					return -1;
+				}
+				strcpy(iff->name, newname);												/* to this new name */
+			}
+		}
+	}
+	return 0;
+}
+
+static int read_client_data (int fd) {
+	unsigned char	buf[256];
+	int				chassis, geoslot;
+	unit_t			*u;
+	int				len;
+
+	find_unit_by_fd(fd, &chassis, &geoslot, &u);
+
+	if ((len = recv(fd, buf, sizeof(buf), 0)) <= 0)	return 0;	/* read in whatever data was sent to us */
+
+	if ((u->imsg = realloc(u->imsg, (u->len + len))) == NULL)	/* extend the buffer for the new data */
+		return 0;
+	memcpy((u->imsg + u->len), buf, len);						/* append the new data */
+	u->len += len;
+	return 1;
+}
+
+static void wait_for_all_answers(void) {
+	int		retval;
+	struct	timeval tv;
+	int		fd;
+	int		chassis, geoslot;
+
+	tv.tv_sec = 2;
+	tv.tv_usec = 0;
+
+	while (1) {
+		int flag = 0;
+		for (fd = 0; fd <= max_fs; fd++) {								/* scan the list of descriptors we may be listening to */
+			if (FD_ISSET(fd, &readfds)) flag = 1;						/* and see if there are any still set */
+		}
+		if (flag == 0) return;											/* we are done, when they are all gone */
+
+		memcpy(&working_set, &readfds, sizeof(readfds));				/* otherwise, we still have to listen for more stuff, till we timeout */
+		retval = select(max_fs + 1, &working_set, NULL, NULL, &tv);
+		if (retval == -1) {												/* an error occured !!!!! */
+			return;
+		} else if (retval == 0) {										/* timeout occured, so process what we've got sofar and return */
+			printf("timeout\n");
+			return;
+		} else {
+			for (fd = 0; fd <= max_fs; fd++) {							/* scan the list of things to do, and do them */
+				if (FD_ISSET(fd, &working_set)) {
+					if (read_client_data(fd) == 0) {					/* if the socket has closed */
+						FD_CLR(fd, &readfds);							/* and descriptors we listen to for errors */
+						find_unit_by_fd(fd, &chassis, &geoslot, NULL);
+						close_with_IOP(chassis, geoslot, FIND);			/* and close out connection to him */
+					}
+				}
+			}
+		}
+	}
+}
+
+static char *get_error_response(int fd, char *errbuf) {		/* return a pointer on error, NULL on no error */
+	char	byte;
+	int		len = 0;
+
+	while (1) {
+		recv(fd, &byte, 1, 0);							/* read another byte in */
+		if (errbuf && (len++ < PCAP_ERRBUF_SIZE)) {		/* and if there is still room in the buffer */
+			*errbuf++ = byte;							/* stick it in */
+			*errbuf = '\0';								/* ensure the string is null terminated just in case we might exceed the buffer's size */
+		}
+		if (byte == '\0') {
+			if (len > 1)	{ return errbuf;	}
+			else			{ return NULL;		}
+		}
+	}
+}
+
+int acn_findalldevs(char *errbuf) {								/* returns: -1 = error, 0 = OK */
+	int		chassis, geoslot;
+	unit_t	*u;
+
+	FD_ZERO(&readfds);
+	max_fs = 0;
+	for (chassis = 0; chassis <= MAX_CHASSIS; chassis++) {
+		for (geoslot = 0; geoslot <= MAX_GEOSLOT; geoslot++) {
+			u = &units[chassis][geoslot];
+			if (u->ip && (open_with_IOP(u, FIND))) {			/* connect to the remote IOP */
+				send_to_fd(u->find_fd, 1, (unsigned char *)"\0");
+				if (get_error_response(u->find_fd, errbuf))
+					close_with_IOP(chassis, geoslot, FIND);
+				else {
+					if (u->find_fd > max_fs)
+						max_fs = u->find_fd;								/* remember the highest number currently in use */
+					FD_SET(u->find_fd, &readfds);						/* we are going to want to read this guy's response to */
+					u->len = 0;
+					send_to_fd(u->find_fd, 1, (unsigned char *)"Q");		/* this interface query request */
+				}
+			}
+		}
+	}
+	wait_for_all_answers();
+	if (process_client_data(errbuf))
+		return -1;
+	sort_if_table();
+	return 0;
+}
+
+static int pcap_stats_acn(pcap_t *handle, struct pcap_stat *ps) {
+	unsigned char	buf[12];
+
+	send_to_fd(handle->fd, 1, (unsigned char *)"S");						/* send the get_stats command to the IOP */
+
+	if (read_client_nbytes(handle->fd, sizeof(buf), buf) == -1) return -1;	/* try reading the required bytes */
+
+	ps->ps_recv		= ntohl(*(uint32_t *)&buf[0]);							/* break the buffer into its three 32 bit components */
+	ps->ps_drop		= ntohl(*(uint32_t *)&buf[4]);
+	ps->ps_ifdrop	= ntohl(*(uint32_t *)&buf[8]);
+
+	return 0;
+}
+
+static int acn_open_live(const char *name, char *errbuf, int *linktype) {		/* returns 0 on error, else returns the file descriptor */
+	int			chassis, geoslot;
+	unit_t		*u;
+	iface_t		*p;
+	pcap_if_t	*alldevsp;
+
+	pcap_findalldevs(&alldevsp, errbuf);
+	for (chassis = 0; chassis <= MAX_CHASSIS; chassis++) {										/* scan the table... */
+		for (geoslot = 0; geoslot <= MAX_GEOSLOT; geoslot++) {
+			u = &units[chassis][geoslot];
+			if (u->ip != NULL) {
+				p = u->iface;
+				while (p) {																		/* and all interfaces... */
+					if (p->IOPname && p->name && (strcmp(p->name, name) == 0)) {				/* and if we found the interface we want... */
+						*linktype = p->iftype;
+						open_with_IOP(u, LIVE);													/* start a connection with that IOP */
+						send_to_fd(u->fd, strlen(p->IOPname)+1, (unsigned char *)p->IOPname);	/* send the IOP's interface name, and a terminating null */
+						if (get_error_response(u->fd, errbuf)) {
+							return -1;
+						}
+						return u->fd;															/* and return that open descriptor */
+					}
+					p = p->next;
+				}
+			}
+		}
+	}
+	return -1;																				/* if the interface wasn't found, return an error */
+}
+
+static void acn_start_monitor(int fd, int snaplen, int timeout, int promiscuous, int direction) {
+	unsigned char	buf[8];
+	unit_t			*u;
+
+	//printf("acn_start_monitor()\n");				// fulko
+	find_unit_by_fd(fd, NULL, NULL, &u);
+	if (u->first_time == 0) {
+		buf[0]					= 'M';
+		*(uint32_t *)&buf[1]	= htonl(snaplen);
+		buf[5]					= timeout;
+		buf[6]					= promiscuous;
+		buf[7]					= direction;
+	//printf("acn_start_monitor() first time\n");				// fulko
+		send_to_fd(fd, 8, buf);								/* send the start monitor command with its parameters to the IOP */
+		u->first_time = 1;
+	}
+	//printf("acn_start_monitor() complete\n");				// fulko
+}
+
+static int pcap_inject_acn(pcap_t *p, const void *buf _U_, size_t size _U_) {
+	strlcpy(p->errbuf, "Sending packets isn't supported on ACN adapters",
+	    PCAP_ERRBUF_SIZE);
+	return (-1);
+}
+
+static int pcap_setfilter_acn(pcap_t *handle, struct bpf_program *bpf) {
+	int				fd = handle->fd;
+	int				count;
+	struct bpf_insn	*p;
+	uint16_t		shortInt;
+	uint32_t		longInt;
+
+	send_to_fd(fd, 1, (unsigned char *)"F");			/* BPF filter follows command */
+	count = bpf->bf_len;
+	longInt = htonl(count);
+	send_to_fd(fd, 4, (unsigned char *)&longInt);		/* send the instruction sequence count */
+	p = bpf->bf_insns;
+	while (count--) {									/* followed by the list of instructions */
+		shortInt = htons(p->code);
+		longInt = htonl(p->k);
+		send_to_fd(fd, 2, (unsigned char *)&shortInt);
+		send_to_fd(fd, 1, (unsigned char *)&p->jt);
+		send_to_fd(fd, 1, (unsigned char *)&p->jf);
+		send_to_fd(fd, 4, (unsigned char *)&longInt);
+		p++;
+	}
+	if (get_error_response(fd, NULL))
+		return -1;
+	return 0;
+}
+
+static int pcap_setdirection_acn(pcap_t *handle, pcap_direction_t d) {
+	snprintf(handle->errbuf, sizeof(handle->errbuf),
+	    "Setting direction is not supported on ACN adapters");
+	return -1;
+}
+
+static int acn_read_n_bytes_with_timeout(pcap_t *handle, int count) {
+	struct		timeval tv;
+	int			retval, fd;
+	fd_set		r_fds;
+	fd_set		w_fds;
+	u_char		*bp;
+	int			len = 0;
+	int			offset = 0;
+
+	tv.tv_sec = 5;
+	tv.tv_usec = 0;
+
+	fd = handle->fd;
+	FD_ZERO(&r_fds);
+	FD_SET(fd, &r_fds);
+	memcpy(&w_fds, &r_fds, sizeof(r_fds));
+	bp = handle->bp;
+	while (count) {
+		retval = select(fd + 1, &w_fds, NULL, NULL, &tv);
+		if (retval == -1) {											/* an error occured !!!!! */
+//			fprintf(stderr, "error during packet data read\n");
+			return -1;												/* but we need to return a good indication to prevent unneccessary popups */
+		} else if (retval == 0) {									/* timeout occured, so process what we've got sofar and return */
+//			fprintf(stderr, "timeout during packet data read\n");
+			return -1;
+		} else {
+			if ((len = recv(fd, (bp + offset), count, 0)) <= 0) {
+//				fprintf(stderr, "premature exit during packet data rx\n");
+				return -1;
+			}
+			count -= len;
+			offset += len;
+		}
+	}
+	return 0;
+}
+
+static int pcap_read_acn(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user) {
+	#define HEADER_SIZE (4 * 4)
+	unsigned char		packet_header[HEADER_SIZE];
+	struct pcap_pkthdr	pcap_header;
+
+	//printf("pcap_read_acn()\n");			// fulko
+	acn_start_monitor(handle->fd, handle->snapshot, handle->md.timeout, handle->md.clear_promisc, handle->direction);	/* maybe tell him to start monitoring */
+	//printf("pcap_read_acn() after start monitor\n");			// fulko
+
+	handle->bp = packet_header;
+	if (acn_read_n_bytes_with_timeout(handle, HEADER_SIZE) == -1) return 0;			/* try to read a packet header in so we can get the sizeof the packet data */
+
+	pcap_header.ts.tv_sec	= ntohl(*(uint32_t *)&packet_header[0]);				/* tv_sec */
+	pcap_header.ts.tv_usec	= ntohl(*(uint32_t *)&packet_header[4]);				/* tv_usec */
+	pcap_header.caplen		= ntohl(*(uint32_t *)&packet_header[8]);				/* caplen */
+	pcap_header.len			= ntohl(*(uint32_t *)&packet_header[12]);				/* len */
+
+	handle->bp = handle->buffer + handle->offset;									/* start off the receive pointer at the right spot */
+	if (acn_read_n_bytes_with_timeout(handle, pcap_header.caplen) == -1) return 0;	/* then try to read in the rest of the data */
+
+	callback(user, &pcap_header, handle->bp);										/* call the user supplied callback function */
+	return 1;
+}
+
+static int pcap_activate_sita(pcap_t *handle) {
+	int		fd;
+
+	if (handle->opt.rfmon) {
+		/*
+		 * No monitor mode on SITA devices (they're not Wi-Fi
+		 * devices).
+		 */
+		return PCAP_ERROR_RFMON_NOTSUP;
+	}
+
+	/* Initialize some components of the pcap structure. */
+
+	handle->inject_op = pcap_inject_acn;
+	handle->setfilter_op = pcap_setfilter_acn;
+	handle->setdirection_op = pcap_setdirection_acn;
+	handle->set_datalink_op = NULL;	/* can't change data link type */
+	handle->getnonblock_op = pcap_getnonblock_fd;
+	handle->setnonblock_op = pcap_setnonblock_fd;
+	handle->cleanup_op = pcap_cleanup_acn;
+	handle->read_op = pcap_read_acn;
+	handle->stats_op = pcap_stats_acn;
+
+	fd = acn_open_live(handle->opt.source, handle->errbuf,
+	    &handle->linktype);
+	if (fd == -1)
+		return PCAP_ERROR;
+	handle->md.clear_promisc = handle->md.promisc;
+	handle->fd = fd;
+	handle->bufsize = handle->snapshot;
+
+	/* Allocate the buffer */
+
+	handle->buffer	 = malloc(handle->bufsize + handle->offset);
+	if (!handle->buffer) {
+	        snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			 "malloc: %s", pcap_strerror(errno));
+		pcap_cleanup_acn(handle);
+		return PCAP_ERROR;
+	}
+
+	/*
+	 * "handle->fd" is a socket, so "select()" and "poll()"
+	 * should work on it.
+	 */
+	handle->selectable_fd = handle->fd;
+
+	return 0;
+}
+
+pcap_t *pcap_create(const char *device, char *ebuf) {
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_sita;
+	return (p);
+}
--- a/pcap-sita.h
+++ b/pcap-sita.h
@ -0,0 +1,10 @@
+/*
+ * pcap-sita.h: Packet capture interface for SITA WAN devices
+ *
+ * Authors: Fulko Hew (fulko.hew@sita.aero) (+1 905 6815570);
+ *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-sita.h
+ */
+
+extern int acn_parse_hosts_file(char *errbuf);
+extern int acn_findalldevs(char *errbuf);
--- a/pcap-sita.html
+++ b/pcap-sita.html
@ -0,0 +1,943 @@
+<HTML><HEAD>
+<STYLE type="text/css">
+<!--
+A { text-decoration:none }
+-->
+</STYLE>
+</HEAD>
+<BODY>
+
+<TABLE WIDTH=100%><TR>
+	<TD ALIGN=LEFT VALIGN=TOP>
+		<FONT SIZE=+0 FACE="COURIER"><B>A "Distributed Pcap" for<BR>Remote Monitoring LANs & WANs</B><BR>
+										(Design Notes for the SITA ACN device)</FONT>
+	</TD>
+	<TD ALIGN=RIGHT VALIGN=TOP>
+		Fulko Hew<BR>SITA INC Canada, Inc.<BR>Revised: October 2, 2007
+	</TD>
+</TR></TABLE>
+
+
+<H3>SUMMARY</H3>
+<UL>
+	<STRONG>Note:</STRONG> This document is part of the libpcap Git and was derived from 'pcap.3' (circa Aug/07).
+	<P>
+	The ACN provides a customized/distributed version of this library that alows SMPs to
+	interact with the various IOPs within the site providing a standard mechanism
+	to capture LAN and WAN message traffic.
+	<P>
+	<CENTER>
+		<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3 WIDTH=75%>
+			<TR>
+				<TH VALIGN=TOP>SMP</TH>
+				<TD VALIGN=TOP>The Supervisory Management Processor where Wireshark (or equivalent)
+								runs in conjuction with a libpcap front-end.</TD>
+			</TR>
+			<TR>
+				<TH VALIGN=TOP>IOP</TH>
+				<TD VALIGN=TOP>I/O Processors where the monitored ports exist in conjunction
+								with a custom device driver/libpcap back-end.</TD>
+			</TR>
+		</TABLE>
+	</CENTER>
+	<P>
+	Each IOP will be capable of supporting multiple connections from an SMP
+	enabling monitoring of more than one interface at a time, each through
+	its own seperate connection.  The IOP is responsible to ensure and report
+	an error if any attempt is made to monitor the same interface more than once.
+	<P>
+	There are three applications that will be supported by the ACN version of libpcap.
+	They each use a slightly different mode for looping/capturing and termination
+	as summarized in the following table:
+	<P>
+	<CENTER>
+	<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+    	<TR><TH>Application</TH>	<TH>Capture</TH>	<TH>Termination</TH></TR>
+    	<TR><TH VALIGN=TOP NOWRAP>wireshark</TH>
+			<TD VALIGN=TOP>pcap_dispatch(all packets in one buffer of capture only)</TD>
+			<TD VALIGN=TOP>pcap_breakloop()</TD>
+		</TR>
+    	<TR><TH VALIGN=TOP NOWRAP>tshark</TH>
+			<TD VALIGN=TOP>pcap_dispatch(one buffer of capture only)</TD>
+			<TD VALIGN=TOP>Since a CTRL-C was used to terminate the application, pcap_breakloop() is never called.</TD>
+		</TR>
+    	<TR><TH VALIGN=TOP NOWRAP>tcpdump</TH>
+			<TD VALIGN=TOP>pcap_loop(all packets in the next buffer, and loop forever)</TD>
+			<TD VALIGN=TOP>pcap_breakloop()</TD>
+		</TR>
+	</TABLE>
+	</CENTER>
+	<P>
+	<B>Note: </B>In all cases, the termination of capturing is always (apparently) followed by
+	pcap_close().  Pcap_breakloop() is only used to stop/suspend looping/processing,
+	and upon close interpretation of the function definitions, it is possible to resume
+	capturing following a pcap_breakloop() without any re-initialization.
+	<P>
+	<H4>ACN Limitations</H4>
+	<OL>
+		<LI>Monitoring of backup IOPs is not currently supported.
+		<LI>Ethernet interfaces cannot be monitored in promiscuous mode.
+	</OL>
+
+</UL>
+
+<H3>ROUTINES</H3>
+<UL>
+		The following list of functions is the sub-set of Pcap functions that have been
+		altered/enhanced to support the ACN remote monitoring facility.  The remainder of the Pcap
+		functions continue to perform their duties un-altered.  Libpcap only supports this
+		mode of operation if it has been configured/compiled for SITA/ACN support.
+		<P>
+		<UL><FONT FACE=COURIER>
+			pcap_findalldevs<BR>
+			pcap_freealldevs<BR>
+			pcap_open_live<BR>
+			pcap_close<BR>
+			pcap_setfilter<BR>
+			pcap_dispatch<BR>
+			pcap_loop<BR>
+			pcap_next<BR>
+			pcap_next_ex<BR>
+			pcap_stats<BR>
+		</FONT></UL>
+
+	These subroutines have been modified for the ACN specific distributed and remote monitoring
+	ability perform the following basic functions.  More detail is provided in the
+	"SMP/IOP Inter-Process Communication Protocol" section.
+	<P>
+<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_open_live()</B></TD>
+		<TD VALIGN=TOP>Used to obtain a packet capture descriptor to look at packets on the network.</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			The SMP will open a connection to the selected IOP on its 'sniffer' port
+			to ensure it is available.  It sends a null terminated string identifying
+			the interface to be monitored.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			After any required processing is complete, the IOP will return a
+			null terminated string containing an error message if one occured.
+			If no error occured, a empty string is still returned.
+			Errors are:
+			<UL>
+			<LI>"Interface (xxx) does not exist."
+			<LI>"Interface (xxx) not configured."
+			<LI>"Interface (xxx) already being monitored."
+			</UL>
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_findalldevs()</B></TD>
+		<TD VALIGN=TOP>It constructs a list of network devices that can be opened with pcap_open_live().</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			It obtains a list of IOPs currently available (via /etc/hosts).
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			The SMP will sequentially open a connection to each IOP on its 'sniffer' port to ensure
+			the IOP is available.
+			It sends a null terminated empty interface ID followed by the query request command.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>The IOP returns an error response and its list of devices.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			The SMP closes the TCP connection with each IOP.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP adds the received information to its internal structure.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_freealldevs()</B></TD>
+		<TD VALIGN=TOP>Used to free a list allocated by pcap_findalldevs().</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP frees the structure it built as a result of the previous
+			invocation of pcap_findalldevs().
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_dispatch()</B></TD>
+		<TD VALIGN=TOP>Used to collect and process packets.</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
+			the SMP will pass down the monitor start command and various parameters the IOP should use.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			The IOP now sends a stream of captured data.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP will read the reverse channel of the connection between the SMP and the
+			IOP that provides the captured data (via 'p->read_op' which is 'pcap_read_linux()'
+			until the select() call returns a 'no more data' indication.
+			It will the process (at most) the next 'cnt' packets and invoke the specified
+			callback function for each packet processed.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP</TH>
+			<TD>
+			The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_loop()</B></TD>
+		<TD VALIGN=TOP>
+				Is similar to pcap_dispatch() except it keeps reading packets until
+				the requested number of packets are processed or an error occurs.
+		</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
+			the SMP will pass down the monitor start command and various parameters the IOP should use.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			The IOP now sends a stream of captured data.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP continuously reads the next packet from the reverse channel of the connection
+			between the SMP and the IOP that provides the captured data (via 'p->read_op'
+			which is 'pcap_read_linux()' until 'cnt' packets have been received.
+			The specified callback function will be invoked for each packet received.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP</TH>
+			<TD>
+			The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_next()</B></TD>
+		<TD VALIGN=TOP>
+			It reads the next packet (by calling pcap_dispatch() with a count of 1)
+			and returns a pointer to the data in that packet.
+		</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
+			the SMP will pass down the monitor start command and various parameters the IOP should use.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			The IOP now sends a stream of captured data.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP reads only the next packet from the reverse channel of the connection
+			between the SMP and the IOP that provides the captured data (via calling pcap_dispatch()
+			with a count of 1) and returns a pointer to that data by invoking an internal callback.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP</TH>
+			<TD>
+			The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_next_ex()</B></TD>
+		<TD VALIGN=TOP>Reads the next packet and returns a success/failure indication.</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(),
+			the SMP will pass down the monitor start command and various parameters the IOP should use.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			The IOP now sends a stream of captured data.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP reads only the next packet from the reverse channel of the connection
+			between the SMP and the IOP that provides the captured data (via calling pcap_dispatch()
+			with a count of 1) and returns seperate pointers to both the
+			packet header and packet data by invoking an internal callback.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP</TH>
+			<TD>
+			The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_setfilter()</B></TD>
+        <TD VALIGN=TOP>Used to specify a filter program.</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			The SMP sends a 'set filter' command followed by the BPF commands.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			The IOP returns a null terminated error string if it failed to accept the filter.
+			If no error occured, then a NULL terminated empty string is returned instead.
+			Errors are:
+			<UL>
+			<LI>"Invalid BPF."
+			<LI>"Insufficient resources for BPF."
+			</UL>
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_stats()</B></TD>
+        <TD VALIGN=TOP>Fills in a pcap_stat struct with packet statistics.</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			The SMP sends a message to the IOP requesting its statistics.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH>
+			<TD>
+			The IOP returns the statistics.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>SMP</TH>
+			<TD>
+			The SMP fills in the structure provided with the information retrieved from the IOP.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+
+	<TR>
+		<TD VALIGN=TOP ROWSPAN=2><B>pcap_close()</B></TD>
+        <TD VALIGN=TOP>Closes the file and deallocates resources.</TD>
+	</TR>
+	<TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%>
+		<TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH>
+			<TD>
+			The SMP closes the file descriptor, and if the descriptor is that of
+			the comminucation session with an IOP, it too is terminated.
+			</TD>
+		</TR>
+		<TR><TH VALIGN=TOP NOWRAP>IOP</TH>
+			<TD>
+			If the IOP detects that its communication session with an SMP
+			has closed, it will terminate any monitoring in progress,
+			release any resources and close its end of the session.
+			It will not maintain persistance of any information or prior mode of operation.
+			</TD>
+		</TR>
+	</TABLE></TD></TR>
+</TABLE>
+</UL>
+
+<P>
+<H3>SMP/IOP Inter-Process Communication Protocol</H3>
+
+<UL>
+	<LI><P>Communications between an SMP and an IOP consists of a TCP session
+			between an ephemeral port on the SMP and the well known port of 49152
+			(which is the first available port in the 'dynamic and/or private port'
+			range) on an IOP.
+	<LI><P>Following a TCP open operation the IOP receives a null terminated
+			'interface ID' string to determine the type of operation that follows:
+	<LI><P>Every command received by an IOP implies a 'stop trace/stop forwarding' operation must
+			occur before executing the received command.
+	<LI><P>A session is closed when the SMP closes the TCP session with the IOP.
+			Obviously monitoring and forwarding is also stopped at that time.
+
+	<B>Note: </B>All multi-octet entities are sent in network neutral order.
+	<P>
+
+	<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+		<TR>
+			<TD VALIGN=TOP ROWSPAN=6>pcap_findalldevs()</TD>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>Open socket (to each IOP), and sends:
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>Interface ID</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>A NULL to indicate an an empty 'interface ID'.</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>Send its (possibly empty) NULL terminated error response string.</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>Sends the 'interface query request':
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>Interface ID</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>A 'Q' (indicating 'interface query request').</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>The IOP returns a list of sequences of information as
+				defined by the return parameter of this function call (as shown in the following table).
+				Elements are specified by providing an unsigned byte preceeding the actual data that contains length information.
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+				<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Notes:</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+				</TR>
+				<TR>
+					<TD ROWSPAN=7>&nbsp;</TD>
+					<TD VALIGN=TOP ALIGN=RIGHT>length</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>The number of octets in the name field that follows.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Name</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1-255</TD>
+					<TD VALIGN=TOP>The name of the interface. The format of the name is an alphabetic string (indicating
+									the type of interface) followed by an optional numeric string (indicating the interface's
+									sequence number).
+									Sequence numbers (if needed) will begin at zero and progress monotonically upwards.
+									(i.e. 'eth0', 'lo', 'wan0', etc.)
+									<P>
+									For an IOP, the alphabetic string will be one of: 'eth', 'wan', and 'lo'
+									for Ethernet, WAN ports and the IP loopback device respectively.
+									An IOP currently supports: 'eth0', 'eth1', 'lo', 'wan0' ... 'wan7'.
+									<P>
+						<B>Note:</B> IOPs and ACNs will not currently support the concept of 'any' interface.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>The number of octets in the interface description field that follows.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Interface Description</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>0-255</TD>
+					<TD VALIGN=TOP>A description of the interface or it may be an empty string. (i.e. 'ALC')</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Interface Type</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+					<TD VALIGN=TOP>The type of interface as defined in the description for pcap_datalink() (in network neutral order).</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Loopback Flag</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>1 = if the interface is a loopback interface, zero = otherwise.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=RIGHT>count</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP># of address entries that follow.
+						Each entry is a series of bytes in network neutral order.
+						See the parameter definition above for more details.</TD>
+				</TR>
+				<TR>
+					<TD ALIGN=CENTER ROWSPAN=8 WIDTH=1%>Repeated 'count' number of times.</TD>
+					<TD VALIGN=TOP ALIGN=RIGHT>length</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>The number of octets in the address field that follows.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Address</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1-255</TD>
+					<TD VALIGN=TOP>The address of this interface (in network neutral order).</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>The number of octets in the netmask field that follows.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Network Mask</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>0-255</TD>
+					<TD VALIGN=TOP>The network mask used on this interface (if applicable) (in network neutral order).</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>The number of octets in the broadcast address field that follows.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Broadcast Address</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>0-255</TD>
+					<TD VALIGN=TOP>The broadcast address of this interface (if applicable) (in network neutral order).</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+					<TD VALIGN=TOP>The number of octets in the destination address field that follows.</TD>
+				</TR>
+				<TR><TD VALIGN=TOP ALIGN=LEFT>Destination Address</TD>
+					<TD VALIGN=TOP ALIGN=CENTER>0-255</TD>
+					<TD VALIGN=TOP>The destination address of this interface (if applicable) (in network neutral order).</TD>
+				</TR>
+				</TABLE>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>Close the socket.</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>Close the socket.</TD>
+		</TR>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+		<TR>
+			<TD VALIGN=TOP ROWSPAN=2>pcap_open_live()</TD>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>Open socket, and sends:
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>Interface ID</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>'n'</TD>
+						<TD VALIGN=TOP>'n' octets containing a NULL terminated interface name string.</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>Send its NULL terminated error response string.</TD>
+		</TR>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+		<TR>
+			<TD VALIGN=TOP NOWRAP ROWSPAN=2>pcap_dispatch()<BR>pcap_loop()<BR>pcap_next()<BR>pcap_next_ex()</TD>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>On the first invocation following a pcap_open_live() or pcap_breakloop() additional information is sent:
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>command</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>'M' (indicating 'monitor start')</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>snaplen</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+						<TD VALIGN=TOP>snaplen</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>timeout</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>timeout value (in milliseconds)</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>promiscuous</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>A flag indicating that the interface being monitored show operate
+							in promiscuous mode. [off(0) / on(NZ)]</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>direction</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>A flag indicating the direction of traffic that should be captuted [both(0) / in(1) / out(2)]</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>Sends captured packets.</TD>
+		</TR>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+		<TR>
+			<TD VALIGN=TOP ROWSPAN=2>pcap_setfilter()</TD>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>At any time, the SMP can issue a set filter command which contains
+							an indicator, a count of the number of statements in the filter,
+							followed by the sequence of filter commands represented as a sequence
+							of C-style structures.
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>command</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>'F' (indicating 'filter')</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>count</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+						<TD VALIGN=TOP>The number of command in the Berkeley Packet Filter that follow.</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>BPF program</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>'n'</TD>
+						<TD VALIGN=TOP>8 bytes of each command (repeated 'n' times).<BR>
+								 	Each command consists of that C-style structure which contains:
+							<P>
+							<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+								<TR>
+								<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+								<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+								<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+								</TR>
+								<TR>
+									<TD VALIGN=TOP>opcode</TD>
+									<TD VALIGN=TOP ALIGN=CENTER>2</TD>
+									<TD VALIGN=TOP>The command's opcode.</TD>
+								</TR>
+								<TR>
+									<TD VALIGN=TOP>'jt'</TD>
+									<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+									<TD VALIGN=TOP>The 'jump if true' program counter offset.</TD>
+								</TR>
+								<TR>
+									<TD VALIGN=TOP>'jf'</TD>
+									<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+									<TD VALIGN=TOP>The 'jump if false' program counter offset.</TD>
+								</TR>
+								<TR>
+									<TD VALIGN=TOP>'k'</TD>
+									<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+									<TD VALIGN=TOP>The 'other' data field.</TD>
+								</TR>
+							</TABLE>
+							<P>
+							Refer to the bpf(4) man page for more details.
+						</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>In return the IOP will send its (possibly empty) NULL terminated error response string.</TD>
+		</TR>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+		<TR>
+			<TD VALIGN=TOP ROWSPAN=2>pcap_stats()</TD>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>At any time, the SMP can issue a 'retrieve statistics' command which contains:<BR>
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>command</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>1</TD>
+						<TD VALIGN=TOP>'S' (indicating 'request statistics')</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD>
+			<TD VALIGN=TOP>In return the IOP will send:
+				<P>
+				<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+					<TR>
+					<TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH>
+					<TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH>
+					<TH VALIGN=TOP ALIGN=CENTER>Description</TH>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>ps_recv</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+						<TD VALIGN=TOP>The number of packets that passed the filter.</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>ps_drop</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+						<TD VALIGN=TOP>The number of packets that were dropped because the input queue was full,
+							regardless of whether they passed the filter.</TD>
+					</TR>
+					<TR>
+						<TD VALIGN=TOP>ps_ifdrop</TD>
+						<TD VALIGN=TOP ALIGN=CENTER>4</TD>
+						<TD VALIGN=TOP>The number of packets dropped by the network inteface
+							(regardless of whether they would have passed the input filter).</TD>
+					</TR>
+				</TABLE>
+			</TD>
+		</TR>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+		<TR>
+			<TD VALIGN=TOP ROWSPAN=1>pcap_close()</TD>
+			<TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD>
+			<TD VALIGN=TOP>At any time, the SMP can close the TCP session with the IOP.</TD>
+		</TR>
+		<TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR>
+	</TABLE>
+</UL>
+
+<H3>Interface ID Naming Convention</H3>
+<UL>
+	Each interface within an IOP will be referred to uniquely.  Since an currently contains
+	8 monitorable WAN ports and a monitorable Ethernet port, the naming convention is:
+	<P>
+	<CENTER>
+	<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+		<TR><TH>Interface #</TH>		<TH>Type</TH>					<TH>Name</TH></TR>
+		<TR><TD ALIGN=CENTER>1</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan0</TD></TR>
+		<TR><TD ALIGN=CENTER>2</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan1</TD></TR>
+		<TR><TD ALIGN=CENTER>3</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan2</TD></TR>
+		<TR><TD ALIGN=CENTER>4</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan3</TD></TR>
+		<TR><TD ALIGN=CENTER>5</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan4</TD></TR>
+		<TR><TD ALIGN=CENTER>6</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan5</TD></TR>
+		<TR><TD ALIGN=CENTER>7</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan6</TD></TR>
+		<TR><TD ALIGN=CENTER>8</TD>		<TD ALIGN=CENTER>WAN</TD>		<TD ALIGN=CENTER>wan7</TD></TR>
+		<TR><TD ALIGN=CENTER>9</TD>		<TD ALIGN=CENTER>Ethernet</TD>	<TD ALIGN=CENTER>eth0</TD></TR>
+		<TR><TD ALIGN=CENTER>10</TD>	<TD ALIGN=CENTER>Ethernet</TD>	<TD ALIGN=CENTER>eth1</TD></TR>
+	</TABLE>
+	</CENTER>
+</UL>
+
+<H3>Packet Trace Data Format</H3>
+<UL>
+	The format of the trace data that is sent to the SMP follows a portion of the libpcap file format
+	and is summarized here.  This format specifies the generic requirements needed to
+	be able to decode packets, but does not cover ACN specifics such as custom MAC addressing
+	and WAN protocol support.
+	<P>
+
+	Although a libpcap file begins with a global header followed by zero or
+	more records for each captured packet, trace data sent to the SMP does NOT begin with a global header.
+	A trace sequence looks like this:
+	<P>
+	<TABLE>
+		<TR>
+  			<TD STYLE="background-color: #c0FFc0">&nbsp;[Packet Header]&nbsp;</TD>
+  			<TD STYLE="background-color: #c0FFc0">&nbsp;[Packet Data]&nbsp;</TD>
+  			<TD STYLE="background-color: #c0c0FF">&nbsp;[Packet Header]&nbsp;</TD>
+  			<TD STYLE="background-color: #c0c0FF">&nbsp;[Packet Data]&nbsp;</TD>
+  			<TD STYLE="background-color: #e0c0c0">&nbsp;[Packet Header]&nbsp;</TD>
+  			<TD STYLE="background-color: #e0c0c0">&nbsp;[Packet Data]&nbsp;</TD>
+  			<TD>...</TD>
+		</TR>
+	</TABLE>
+
+<H4>Packet Header</H4>
+	<UL>
+		Each captured packet starts with a header that contains the following values
+		(in network neutral order):
+
+		<FONT SIZE=-1>
+		<PRE>
+ uint32 tv_sec;  /* timestamp seconds */
+ uint32 tv_usec; /* timestamp microseconds */
+ uint32 caplen;  /* number of octets in the following packet */
+ uint32 len;     /* original length of packet on the wire */
+		</PRE>
+		</FONT>
+
+		<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+			<TR>
+				<TD VALIGN=TOP>tv_sec</TD>
+				<TD>The date and time when this packet was captured.
+					This value is in seconds since January 1, 1970 00:00:00 GMT;
+					this is also known as a UN*X time_t. You can use the ANSI C
+					<em>time()</em> function from <em>time.h</em> to get this value,
+					but you might use a more optimized way to get this timestamp value.
+					If this timestamp isn't based on GMT (UTC), use <em>thiszone</em>
+					from the global header for adjustments.</TD>
+			</TR>
+			<TR>
+				<TD VALIGN=TOP>tv_usec</TD>
+				<TD>The microseconds when this packet was captured, as an offset to <em>ts_sec</em>.
+					<B>Beware: </B>this value must never reach 1 second (1,000,000),
+					in this case <em>ts_sec</em> must be increased instead!</TD>
+			</TR>
+			<TR>
+				<TD VALIGN=TOP>caplen</TD>
+				<TD>The number of bytes actually provided in the capture record.
+					This value should never become larger than <em>len</em> or the
+					<em>snaplen</em> value specified during the capture.</TD>
+			</TR>
+			<TR>
+				<TD VALIGN=TOP>len</TD>
+				<TD>The length of the packet "on the wire" when it was captured.
+					If <em>caplen</em> and <em>len</em> differ, the actually
+					saved packet size was limited by the value of <em>snaplen</em> specified
+					during one of the capture directives such as pcap_dispatch().</TD>
+			</TR>
+		</TABLE>
+	</UL>
+
+<H4>Packet Data</H4>
+	<UL>
+	The actual packet data will immediately follow the packet header as a sequence of <em>caplen</em> octets.
+	Depending on the DLT encoding number assigned to the interface, the packet data will contain an additional
+	custom header used to convey WAN port related information.
+	</UL>
+
+<H4>ACN Custom Packet Header</H4>
+	<UL>
+	PCAP, Wireshark and Tcpdump enhancements have been added to the ACN to support
+	monitoring of its ports, however each of these facilities were focused on capturing
+	and displaying traffic from LAN interfaces.  The SITA extentions to these facilities
+	are used to also provide the ability to capture, filter, and display information from
+	an ACN's WAN ports.
+	<P>
+	Although each packet follows the standard libpcap format, since there are
+	two types of interfaces that can be monitored, the format of the data
+	packet varies slightly.
+	<P>
+	<UL TYPE=DISC>
+		<LI>For Ethernet (like) devices, the packet format is unchanged from the standard Pcap format.
+		<LI>For WAN devices, the packet contains a 5 byte header that preceeds the actual captured data
+			described by the following table:
+	</UL>
+	<P>
+	<CENTER>
+	<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3>
+	<TR>	<TH>Octet</TH>
+			<TH>Name</TH>
+			<TH>Mask/Value</TH>
+			<TH COLSPAN=2>Definition</TH>		</TR>
+
+	<TR>	<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=3>0</TH>
+			<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=3>Control / Status</TH>
+
+			<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx0</FONT></TD>
+			<TD>Transmitted by capture device</TD>
+			<TD ROWSPAN=2 ALIGN=CENTER>(see 'Errors' octets)</TD>							</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD>
+			<TD>Received by capture device</TD>												</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD>
+			<TD COLSPAN=2>No buffer was available during capture of previous packet.</TD>	</TR>
+
+	<TR>	<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=8>1</TH>
+			<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=8>Signals</TH>
+
+			<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD>	<TD COLSPAN=2>DSR asserted</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxx1x</FONT></TD>	<TD COLSPAN=2>DTR asserted</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxx1xx</FONT></TD>	<TD COLSPAN=2>CTS asserted</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxx1xxx</FONT></TD>	<TD COLSPAN=2>RTS asserted</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxx1xxxx</FONT></TD>	<TD COLSPAN=2>DCD asserted</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xx1xxxxx</FONT></TD>	<TD COLSPAN=2>Undefined</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">x1xxxxxx</FONT></TD>	<TD COLSPAN=2>Undefined</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD>	<TD COLSPAN=2>Undefined</TD>		</TR>
+
+	<TR>	<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>2</TH>
+			<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>Errors<BR>(octet 1)</TH>
+
+			<TH>&nbsp;</TH>															<TH>Tx</TH>						<TH>Rx</TH>				</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD>	<TD>Underrun</TD>				<TD>Framing</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxx1x</FONT></TD>	<TD>CTS Lost</TD>				<TD>Parity</TD>			</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxx1xx</FONT></TD>	<TD>UART Error</TD>				<TD>Collision</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxx1xxx</FONT></TD>	<TD>Re-Tx Limit Reached</TD>	<TD>Long Frame</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxx1xxxx</FONT></TD>	<TD>Undefined</TD>				<TD>Short Frame</TD>	</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xx1xxxxx</FONT></TD>	<TD>Undefined</TD>				<TD>Undefined</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">x1xxxxxx</FONT></TD>	<TD>Undefined</TD>				<TD>Undefined</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD>	<TD>Undefined</TD>				<TD>Undefined</TD>		</TR>
+
+	<TR>	<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>3</TH>
+			<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>Errors<BR>(octet 2)</TH>
+
+			<TH>&nbsp;</TH>															<TH>Tx</TH>			<TH>Rx</TH>						</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD>	<TD>Undefined</TD>	<TD>Non-Octet Aligned</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxx1x</FONT></TD>	<TD>Undefined</TD>	<TD>Abort Received</TD>			</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxx1xx</FONT></TD>	<TD>Undefined</TD>	<TD>CD Lost</TD>				</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxx1xxx</FONT></TD>	<TD>Undefined</TD>	<TD>Digital PLL Error</TD>		</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxx1xxxx</FONT></TD>	<TD>Undefined</TD>	<TD>Overrun</TD>				</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xx1xxxxx</FONT></TD>	<TD>Undefined</TD>	<TD>Frame Length Violation</TD>	</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">x1xxxxxx</FONT></TD>	<TD>Undefined</TD>	<TD>CRC Error</TD>				</TR>
+	<TR>	<TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD>	<TD>Undefined</TD>	<TD>Break Received</TD>			</TR>
+
+	<TR>	<TH VALIGN=TOP ALIGN=CENTER ROWSPAN=12>4</TH>
+			<TH VALIGN=TOP ALIGN=CENTER>Protocol</TH>
+
+			<TD COLSPAN=3>
+				<CENTER>
+				<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x01</TD>	<TD>-</TD>	<TD>LAPB (BOP)				<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x02</TD>	<TD>-</TD>	<TD>Ethernet				<SUP>1</SUP>		</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x03</TD>	<TD>-</TD>	<TD>Async (Interrupt IO)	<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x04</TD>	<TD>-</TD>	<TD>Async (Block IO)		<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x05</TD>	<TD>-</TD>	<TD>IPARS					<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x06</TD>	<TD>-</TD>	<TD>UTS						<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x07</TD>	<TD>-</TD>	<TD>PPP (HDLC)				<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x08</TD>	<TD>-</TD>	<TD>SDLC					<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x09</TD>	<TD>-</TD>	<TD>Token Ring				<SUP>1</SUP>		</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x10</TD>	<TD>-</TD>	<TD>I2C						<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x11</TD>	<TD>-</TD>	<TD>DPM Link				<SUP>&nbsp;</SUP>	</TD>	</TR>
+					<TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x12</TD>	<TD>-</TD>	<TD>Frame Relay (BOP)		<SUP>&nbsp;</SUP>	</TD>	</TR>
+				</TABLE>
+				</CENTER>
+				<P>
+				<STRONG>Note 1:</STRONG>
+				Ethernet and Token Ring frames will never be sent as DLT_SITA (with the 5 octet header),
+				but will be sent as their corresponding DLT types instead.
+			</TD>
+	</TR>
+	</TABLE>
+	</CENTER>
+</UL>
+<P>
+</UL>
+</UL>
--- a/pcap-snf.c
+++ b/pcap-snf.c
@ -0,0 +1,306 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <sys/param.h>
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <ctype.h>
+#include <netinet/in.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "snf.h"
+#include "pcap-int.h"
+
+#ifdef SNF_ONLY
+#define snf_create pcap_create
+#define snf_platform_finddevs pcap_platform_finddevs
+#endif
+
+static int
+snf_set_datalink(pcap_t *p, int dlt)
+{
+	p->linktype = dlt;
+	return (0);
+}
+
+static int
+snf_pcap_stats(pcap_t *p, struct pcap_stat *ps)
+{
+	struct snf_ring_stats stats;
+	int rc;
+
+	if ((rc = snf_ring_getstats(p->md.snf_ring, &stats))) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_get_stats: %s",
+			 pcap_strerror(rc));
+		return -1;
+	}
+	ps->ps_recv = stats.ring_pkt_recv + stats.ring_pkt_overflow;
+	ps->ps_drop = stats.ring_pkt_overflow;
+	ps->ps_ifdrop = stats.nic_pkt_overflow + stats.nic_pkt_bad;
+	return 0;
+}
+
+static void
+snf_platform_cleanup(pcap_t *p)
+{
+	if (p == NULL)
+		return;
+
+	snf_ring_close(p->md.snf_ring);
+	snf_close(p->md.snf_handle);
+	pcap_cleanup_live_common(p);
+}
+
+static int
+snf_getnonblock(pcap_t *p, char *errbuf)
+{
+	return (p->md.snf_timeout == 0);
+}
+
+static int
+snf_setnonblock(pcap_t *p, int nonblock, char *errbuf)
+{
+	if (nonblock)
+		p->md.snf_timeout = 0;
+	else {
+		if (p->md.timeout <= 0)
+			p->md.snf_timeout = -1; /* forever */
+		else
+			p->md.snf_timeout = p->md.timeout;
+	}
+	return (0);
+}
+
+#define _NSEC_PER_SEC 1000000000
+
+static inline
+struct timeval
+snf_timestamp_to_timeval(const int64_t ts_nanosec)
+{
+	struct timeval tv;
+	int32_t rem;
+	if (ts_nanosec == 0)
+		return (struct timeval) { 0, 0 };
+	tv.tv_sec = ts_nanosec / _NSEC_PER_SEC;
+	tv.tv_usec = (ts_nanosec % _NSEC_PER_SEC) / 1000;
+	return tv;
+}
+
+static int
+snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
+{
+	struct pcap_pkthdr hdr;
+	int i, flags, err, caplen, n;
+	struct snf_recv_req req;
+
+	if (!p || cnt == 0)
+		return -1;
+
+	n = 0;
+	while (n < cnt || cnt < 0) {
+		/*
+		 * Has "pcap_breakloop()" been called?
+		 */
+		if (p->break_loop) {
+			if (n == 0) {
+				p->break_loop = 0;
+				return (-2);
+			} else {
+				return (n);
+			}
+		}
+
+		err = snf_ring_recv(p->md.snf_ring, p->md.snf_timeout, &req);
+
+		if (err) {
+			if (err == EBUSY || err == EAGAIN)
+				return (0);
+			if (err == EINTR)
+				continue;
+			if (err != 0) {
+				snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snf_read: %s",
+				 	 pcap_strerror(err));
+				return -1;
+			}
+		}
+
+		caplen = req.length;
+		if (caplen > p->snapshot)
+			caplen = p->snapshot;
+
+		if ((p->fcode.bf_insns == NULL) ||
+		     bpf_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
+			hdr.ts = snf_timestamp_to_timeval(req.timestamp);
+			hdr.caplen = caplen;
+			hdr.len = req.length;
+			callback(user, &hdr, req.pkt_addr);
+		}
+		n++;
+	}
+	return (n);
+}
+
+static int
+snf_setfilter(pcap_t *p, struct bpf_program *fp)
+{
+	if (!p)
+		return -1;
+	if (!fp) {
+		strncpy(p->errbuf, "setfilter: No filter specified",
+			sizeof(p->errbuf));
+		return -1;
+	}
+
+	/* Make our private copy of the filter */
+
+	if (install_bpf_program(p, fp) < 0)
+		return -1;
+
+	p->md.use_bpf = 0;
+
+	return (0);
+}
+
+static int
+snf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
+{
+	strlcpy(p->errbuf, "Sending packets isn't supported with snf",
+	    PCAP_ERRBUF_SIZE);
+	return (-1);
+}
+
+static int
+snf_activate(pcap_t* p)
+{
+	char *device = p->opt.source;
+	const char *nr = NULL;
+	int err;
+	int flags = 0;
+
+	if (device == NULL) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+			 "device is NULL: %s", pcap_strerror(errno));
+		return -1;
+	}
+
+	/* In Libpcap, we set pshared by default if NUM_RINGS is set to > 1.
+	 * Since libpcap isn't thread-safe */
+	if ((nr = getenv("SNF_NUM_RINGS")) && *nr && atoi(nr) > 1)
+		flags |= SNF_F_PSHARED;
+	else
+		nr = NULL;
+
+	err = snf_open(p->md.snf_boardnum,
+			0, /* let SNF API parse SNF_NUM_RINGS, if set */
+			NULL, /* default RSS, or use SNF_RSS_FLAGS env */
+			0, /* default to SNF_DATARING_SIZE from env */
+			flags, /* may want pshared */
+			&p->md.snf_handle);
+	if (err != 0) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+			 "snf_open failed: %s", pcap_strerror(err));
+		return -1;
+	}
+
+	err = snf_ring_open(p->md.snf_handle, &p->md.snf_ring);
+	if (err != 0) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+			 "snf_ring_open failed: %s", pcap_strerror(err));
+		return -1;
+	}
+
+	if (p->md.timeout <= 0)
+		p->md.snf_timeout = -1;
+	else
+		p->md.snf_timeout = p->md.timeout;
+
+	err = snf_start(p->md.snf_handle);
+	if (err != 0) {
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+			 "snf_start failed: %s", pcap_strerror(err));
+		return -1;
+	}
+
+	/*
+	 * "select()" and "poll()" don't work on snf descriptors.
+	 */
+	p->selectable_fd = -1;
+	p->linktype = DLT_EN10MB;
+	p->read_op = snf_read;
+	p->inject_op = snf_inject;
+	p->setfilter_op = snf_setfilter;
+	p->setdirection_op = NULL; /* Not implemented.*/
+	p->set_datalink_op = snf_set_datalink;
+	p->getnonblock_op = snf_getnonblock;
+	p->setnonblock_op = snf_setnonblock;
+	p->stats_op = snf_pcap_stats;
+	p->cleanup_op = snf_platform_cleanup;
+	p->md.stat.ps_recv = 0;
+	p->md.stat.ps_drop = 0;
+	p->md.stat.ps_ifdrop = 0;
+	return 0;
+}
+
+int
+snf_platform_finddevs(pcap_if_t **devlistp, char *errbuf)
+{
+	/*
+	 * There are no platform-specific devices since each device
+	 * exists as a regular Ethernet device.
+	 */
+	return 0;
+}
+
+pcap_t *
+snf_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+	int boardnum = -1;
+	struct snf_ifaddrs *ifaddrs, *ifa;
+	size_t devlen;
+
+	if (snf_init(SNF_VERSION_API))
+		return NULL;
+
+	/*
+	 * Match a given interface name to our list of interface names, from
+	 * which we can obtain the intended board number
+	 */
+	if (snf_getifaddrs(&ifaddrs) || ifaddrs == NULL)
+		return NULL;
+	devlen = strlen(device) + 1;
+	ifa = ifaddrs;
+	while (ifa) {
+		if (!strncmp(device, ifa->snf_ifa_name, devlen)) {
+			boardnum = ifa->snf_ifa_boardnum;
+			break;
+		}
+		ifa = ifa->snf_ifa_next;
+	}
+	snf_freeifaddrs(ifaddrs);
+
+	if (ifa == NULL) {
+		/*
+		 * If we can't find the device by name, support the name "snfX"
+		 * and "snf10gX" where X is the board number.
+		 */
+		if (sscanf(device, "snf10g%d", &boardnum) != 1 &&
+		    sscanf(device, "snf%d", &boardnum) != 1)
+			return NULL;
+	}
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return NULL;
+
+	p->activate_op = snf_activate;
+	p->md.snf_boardnum = boardnum;
+	return p;
+}
--- a/pcap-snf.h
+++ b/pcap-snf.h
@ -0,0 +1,2 @@
+pcap_t *snf_create(const char *, char *);
+int snf_platform_finddevs(pcap_if_t **devlistp, char *errbuf);
--- a/pcap-snit.c
+++ b/pcap-snit.c
@ -25,7 +25,7 @@

 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.72 2004-10-19 07:06:13 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.77 2008-04-14 20:40:58 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -113,7 +113,6 @@ static int
 pcap_read_snit(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 {
 	register int cc, n;
-	register struct bpf_insn *fcode = p->fcode.bf_insns;
 	register u_char *bp, *cp, *ep;
 	register struct nit_bufhdr *hdrp;
 	register struct nit_iftime *ntp;
@ -187,13 +186,13 @@ pcap_read_snit(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 		if (caplen > p->snapshot)
 			caplen = p->snapshot;

-		if (bpf_filter(fcode, cp, nlp->nh_pktlen, caplen)) {
+		if (bpf_filter(p->fcode.bf_insns, cp, nlp->nh_pktlen, caplen)) {
 			struct pcap_pkthdr h;
 			h.ts = ntp->nh_timestamp;
 			h.len = nlp->nh_pktlen;
 			h.caplen = caplen;
 			(*callback)(user, &h, cp);
-			if (++n >= cnt && cnt >= 0) {
+			if (++n >= cnt && cnt > 0) {
 				p->cc = ep - bp;
 				p->bp = bp;
 				return (n);
@ -261,30 +260,29 @@ nit_setflags(int fd, int promisc, int to_ms, char *ebuf)
 	return (0);
 }

-pcap_t *
-pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
-    char *ebuf)
+static int
+pcap_activate_snit(pcap_t *p)
 {
 	struct strioctl si;		/* struct for ioctl() */
 	struct ifreq ifr;		/* interface request struct */
 	int chunksize = CHUNKSIZE;
 	int fd;
 	static char dev[] = "/dev/nit";
-	register pcap_t *p;

-	p = (pcap_t *)malloc(sizeof(*p));
-	if (p == NULL) {
-		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
-		return (NULL);
+	if (p->opt.rfmon) {
+		/*
+		 * No monitor mode on SunOS 4.x (no Wi-Fi devices on
+		 * hardware supported by SunOS 4.x).
+		 */
+		return (PCAP_ERROR_RFMON_NOTSUP);
 	}

-	if (snaplen < 96)
+	if (p->snapshot < 96)
 		/*
 		 * NIT requires a snapshot length of at least 96.
 		 */
-		snaplen = 96;
+		p->snapshot = 96;

-	memset(p, 0, sizeof(*p));
 	/*
 	 * Initially try a read/write open (to allow the inject
 	 * method to work).  If that fails due to permission
@ -303,19 +301,19 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	if (fd < 0 && errno == EACCES)
 		p->fd = fd = open(dev, O_RDONLY);
 	if (fd < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dev,
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", dev,
 		    pcap_strerror(errno));
 		goto bad;
 	}

 	/* arrange to get discrete messages from the STREAM and use NIT_BUF */
 	if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
 	if (ioctl(fd, I_PUSH, "nbuf") < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "push nbuf: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "push nbuf: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
@ -325,34 +323,33 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	si.ic_len = sizeof(chunksize);
 	si.ic_dp = (char *)&chunksize;
 	if (ioctl(fd, I_STR, (char *)&si) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}

 	/* request the interface */
-	strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+	strncpy(ifr.ifr_name, p->opt.source, sizeof(ifr.ifr_name));
 	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';
 	si.ic_cmd = NIOCBIND;
 	si.ic_len = sizeof(ifr);
 	si.ic_dp = (char *)&ifr;
 	if (ioctl(fd, I_STR, (char *)&si) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s",
 			ifr.ifr_name, pcap_strerror(errno));
 		goto bad;
 	}

 	/* set the snapshot length */
 	si.ic_cmd = NIOCSSNAP;
-	si.ic_len = sizeof(snaplen);
-	si.ic_dp = (char *)&snaplen;
+	si.ic_len = sizeof(p->snapshot);
+	si.ic_dp = (char *)&p->snapshot;
 	if (ioctl(fd, I_STR, (char *)&si) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
-	p->snapshot = snaplen;
-	if (nit_setflags(p->fd, promisc, to_ms, ebuf) < 0)
+	if (nit_setflags(p->fd, p->opt.promisc, p->md.timeout, p->errbuf) < 0)
 		goto bad;

 	(void)ioctl(fd, I_FLUSH, (char *)FLUSHR);
@ -364,7 +361,7 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	p->bufsize = BUFSPACE;
 	p->buffer = (u_char *)malloc(p->bufsize);
 	if (p->buffer == NULL) {
-		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
+		strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
 		goto bad;
 	}

@ -397,18 +394,29 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	p->read_op = pcap_read_snit;
 	p->inject_op = pcap_inject_snit;
 	p->setfilter_op = install_bpf_program;	/* no kernel filtering */
+	p->setdirection_op = NULL;	/* Not implemented. */
 	p->set_datalink_op = NULL;	/* can't change data link type */
 	p->getnonblock_op = pcap_getnonblock_fd;
 	p->setnonblock_op = pcap_setnonblock_fd;
 	p->stats_op = pcap_stats_snit;
-	p->close_op = pcap_close_common;

-	return (p);
+	return (0);
 bad:
-	if (fd >= 0)
-		close(fd);
-	free(p);
-	return (NULL);
+	pcap_cleanup_live_common(p);
+	return (PCAP_ERROR);
+}
+
+pcap_t *
+pcap_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_snit;
+	return (p);
 }

 int
--- a/pcap-snoop.c
+++ b/pcap-snoop.c
@ -20,7 +20,7 @@
 */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.54 2004-10-19 07:06:14 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.59 2008-12-02 16:25:14 guy Exp $ (LBL)";
 #endif

 #ifdef HAVE_CONFIG_H
@ -194,9 +194,8 @@ pcap_stats_snoop(pcap_t *p, struct pcap_stat *ps)
 }

 /* XXX can't disable promiscuous */
-pcap_t *
-pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
-    char *ebuf)
+static int
+pcap_activate_snoop(pcap_t *p)
 {
 	int fd;
 	struct sockaddr_raw sr;
@ -204,55 +203,50 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	u_int v;
 	int ll_hdrlen;
 	int snooplen;
-	pcap_t *p;
 	struct ifreq ifr;

-	p = (pcap_t *)malloc(sizeof(*p));
-	if (p == NULL) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
-		    pcap_strerror(errno));
-		return (NULL);
-	}
-	memset(p, 0, sizeof(*p));
 	fd = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP);
 	if (fd < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "snoop socket: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snoop socket: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
 	p->fd = fd;
 	memset(&sr, 0, sizeof(sr));
 	sr.sr_family = AF_RAW;
-	(void)strncpy(sr.sr_ifname, device, sizeof(sr.sr_ifname));
+	(void)strncpy(sr.sr_ifname, p->opt.source, sizeof(sr.sr_ifname));
 	if (bind(fd, (struct sockaddr *)&sr, sizeof(sr))) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "snoop bind: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snoop bind: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
 	memset(&sf, 0, sizeof(sf));
 	if (ioctl(fd, SIOCADDSNOOP, &sf) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCADDSNOOP: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCADDSNOOP: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
-	v = 64 * 1024;
+	if (p->opt.buffer_size != 0)
+		v = p->opt.buffer_size;
+	else
+		v = 64 * 1024;	/* default to 64K buffer size */
 	(void)setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char *)&v, sizeof(v));
 	/*
 	 * XXX hack - map device name to link layer type
 	 */
-	if (strncmp("et", device, 2) == 0 ||	/* Challenge 10 Mbit */
-	    strncmp("ec", device, 2) == 0 ||	/* Indigo/Indy 10 Mbit,
-						   O2 10/100 */
-	    strncmp("ef", device, 2) == 0 ||	/* O200/2000 10/100 Mbit */
-	    strncmp("eg", device, 2) == 0 ||	/* Octane/O2xxx/O3xxx Gigabit */
-	    strncmp("gfe", device, 3) == 0 ||	/* GIO 100 Mbit */
-	    strncmp("fxp", device, 3) == 0 ||	/* Challenge VME Enet */
-	    strncmp("ep", device, 2) == 0 ||	/* Challenge 8x10 Mbit EPLEX */
-	    strncmp("vfe", device, 3) == 0 ||	/* Challenge VME 100Mbit */
-	    strncmp("fa", device, 2) == 0 ||
-	    strncmp("qaa", device, 3) == 0 ||
-	    strncmp("cip", device, 3) == 0 ||
-	    strncmp("el", device, 2) == 0) {
+	if (strncmp("et", p->opt.source, 2) == 0 ||	/* Challenge 10 Mbit */
+	    strncmp("ec", p->opt.source, 2) == 0 ||	/* Indigo/Indy 10 Mbit,
+							   O2 10/100 */
+	    strncmp("ef", p->opt.source, 2) == 0 ||	/* O200/2000 10/100 Mbit */
+	    strncmp("eg", p->opt.source, 2) == 0 ||	/* Octane/O2xxx/O3xxx Gigabit */
+	    strncmp("gfe", p->opt.source, 3) == 0 ||	/* GIO 100 Mbit */
+	    strncmp("fxp", p->opt.source, 3) == 0 ||	/* Challenge VME Enet */
+	    strncmp("ep", p->opt.source, 2) == 0 ||	/* Challenge 8x10 Mbit EPLEX */
+	    strncmp("vfe", p->opt.source, 3) == 0 ||	/* Challenge VME 100Mbit */
+	    strncmp("fa", p->opt.source, 2) == 0 ||
+	    strncmp("qaa", p->opt.source, 3) == 0 ||
+	    strncmp("cip", p->opt.source, 3) == 0 ||
+	    strncmp("el", p->opt.source, 2) == 0) {
 		p->linktype = DLT_EN10MB;
 		p->offset = RAW_HDRPAD(sizeof(struct ether_header));
 		ll_hdrlen = sizeof(struct ether_header);
@ -285,29 +279,38 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 			p->dlt_list[1] = DLT_DOCSIS;
 			p->dlt_count = 2;
 		}
-	} else if (strncmp("ipg", device, 3) == 0 ||
-		   strncmp("rns", device, 3) == 0 ||	/* O2/200/2000 FDDI */
-		   strncmp("xpi", device, 3) == 0) {
+	} else if (strncmp("ipg", p->opt.source, 3) == 0 ||
+		   strncmp("rns", p->opt.source, 3) == 0 ||	/* O2/200/2000 FDDI */
+		   strncmp("xpi", p->opt.source, 3) == 0) {
 		p->linktype = DLT_FDDI;
 		p->offset = 3;				/* XXX yeah? */
 		ll_hdrlen = 13;
-	} else if (strncmp("ppp", device, 3) == 0) {
+	} else if (strncmp("ppp", p->opt.source, 3) == 0) {
 		p->linktype = DLT_RAW;
 		ll_hdrlen = 0;	/* DLT_RAW meaning "no PPP header, just the IP packet"? */
-	} else if (strncmp("qfa", device, 3) == 0) {
+	} else if (strncmp("qfa", p->opt.source, 3) == 0) {
 		p->linktype = DLT_IP_OVER_FC;
 		ll_hdrlen = 24;
-	} else if (strncmp("pl", device, 2) == 0) {
+	} else if (strncmp("pl", p->opt.source, 2) == 0) {
 		p->linktype = DLT_RAW;
 		ll_hdrlen = 0;	/* Cray UNICOS/mp pseudo link */
-	} else if (strncmp("lo", device, 2) == 0) {
+	} else if (strncmp("lo", p->opt.source, 2) == 0) {
 		p->linktype = DLT_NULL;
 		ll_hdrlen = 4;
 	} else {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE,
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
 		    "snoop: unknown physical layer type");
 		goto bad;
 	}
+
+	if (p->opt.rfmon) {
+		/*
+		 * No monitor mode on Irix (no Wi-Fi devices on
+		 * hardware supported by Irix).
+		 */
+		return (PCAP_ERROR_RFMON_NOTSUP);
+	}
+
 #ifdef SIOCGIFMTU
 	/*
 	 * XXX - IRIX appears to give you an error if you try to set the
@ -315,9 +318,9 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	 * the MTU first and, if that succeeds, trim the snap length
 	 * to be no greater than the MTU.
 	 */
-	(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
+	(void)strncpy(ifr.ifr_name, p->opt.source, sizeof(ifr.ifr_name));
 	if (ioctl(fd, SIOCGIFMTU, (char *)&ifr) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCGIFMTU: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFMTU: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
@ -338,8 +341,8 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 #ifndef ifr_mtu
 #define ifr_mtu	ifr_metric
 #endif
-	if (snaplen > ifr.ifr_mtu + ll_hdrlen)
-		snaplen = ifr.ifr_mtu + ll_hdrlen;
+	if (p->snapshot > ifr.ifr_mtu + ll_hdrlen)
+		p->snapshot = ifr.ifr_mtu + ll_hdrlen;
 #endif

 	/*
@ -347,18 +350,17 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	 * payload bytes to capture - it doesn't count link-layer
 	 * header bytes.
 	 */
-	snooplen = snaplen - ll_hdrlen;
+	snooplen = p->snapshot - ll_hdrlen;
 	if (snooplen < 0)
 		snooplen = 0;
 	if (ioctl(fd, SIOCSNOOPLEN, &snooplen) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCSNOOPLEN: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCSNOOPLEN: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
-	p->snapshot = snaplen;
 	v = 1;
 	if (ioctl(fd, SIOCSNOOPING, &v) < 0) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCSNOOPING: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCSNOOPING: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
@ -366,7 +368,7 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	p->bufsize = 4096;				/* XXX */
 	p->buffer = (u_char *)malloc(p->bufsize);
 	if (p->buffer == NULL) {
-		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
+		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "malloc: %s",
 		    pcap_strerror(errno));
 		goto bad;
 	}
@ -379,22 +381,29 @@ pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
 	p->read_op = pcap_read_snoop;
 	p->inject_op = pcap_inject_snoop;
 	p->setfilter_op = install_bpf_program;	/* no kernel filtering */
+	p->setdirection_op = NULL;	/* Not implemented. */
 	p->set_datalink_op = NULL;	/* can't change data link type */
 	p->getnonblock_op = pcap_getnonblock_fd;
 	p->setnonblock_op = pcap_setnonblock_fd;
 	p->stats_op = pcap_stats_snoop;
-	p->close_op = pcap_close_common;

-	return (p);
+	return (0);
 bad:
-	(void)close(fd);
-	/*
-	 * Get rid of any link-layer type list we allocated.
-	 */
-	if (p->dlt_list != NULL)
-		free(p->dlt_list);
-	free(p);
-	return (NULL);
+	pcap_cleanup_live_common(p);
+	return (PCAP_ERROR);
+}
+
+pcap_t *
+pcap_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = pcap_activate_snoop;
+	return (p);
 }

 int
--- a/pcap-stdinc.h
+++ b/pcap-stdinc.h
@ -1,6 +1,6 @@
 /*
- * Copyright (c) 2002 - 2003
- * NetGroup, Politecnico di Torino (Italy)
+ * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
+ * Copyright (c) 2005 - 2009 CACE Technologies, Inc. Davis (California)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
@ -28,11 +28,10 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.10.2.1 2008-10-06 15:38:39 gianluca Exp $ (LBL)
 */
-
-#define SIZEOF_CHAR 1
-#define SIZEOF_SHORT 2
-#define SIZEOF_INT 4
+#ifndef pcap_stdinc_h
+#define pcap_stdinc_h

 /*
 * Avoids a compiler warning in case this was already defined      
@ -56,6 +55,35 @@

 #define caddr_t char*

+#if _MSC_VER < 1500
 #define snprintf _snprintf
 #define vsnprintf _vsnprintf
+#define strdup _strdup
+#endif
+
 #define inline __inline 
+
+#ifdef __MINGW32__
+#include <stdint.h>
+#else /*__MINGW32__*/
+/* MSVC compiler */
+#ifndef _UINTPTR_T_DEFINED
+#ifdef  _WIN64
+typedef unsigned __int64    uintptr_t;
+#else
+typedef _W64 unsigned int   uintptr_t;
+#endif
+#define _UINTPTR_T_DEFINED
+#endif
+
+#ifndef _INTPTR_T_DEFINED
+#ifdef  _WIN64
+typedef __int64    intptr_t;
+#else
+typedef _W64 int   intptr_t;
+#endif
+#define _INTPTR_T_DEFINED
+#endif 
+
+#endif /*__MINGW32__*/
+#endif /* pcap_stdinc_h */
--- a/pcap-tstamp.manmisc.in
+++ b/pcap-tstamp.manmisc.in
@ -0,0 +1,132 @@
+.\"
+.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
+.\"	The Regents of the University of California.  All rights reserved.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that: (1) source code distributions
+.\" retain the above copyright notice and this paragraph in its entirety, (2)
+.\" distributions including binary code include the above copyright notice and
+.\" this paragraph in its entirety in the documentation or other materials
+.\" provided with the distribution, and (3) all advertising materials mentioning
+.\" features or use of this software display the following acknowledgement:
+.\" ``This product includes software developed by the University of California,
+.\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+.\" the University nor the names of its contributors may be used to endorse
+.\" or promote products derived from this software without specific prior
+.\" written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.TH PCAP-TSTAMP @MAN_MISC_INFO@ "22 August 2010"
+.SH NAME
+pcap-tstamp \- packet time stamps in libpcap
+.SH DESCRIPTION
+When capturing traffic, each packet is given a time stamp representing,
+for incoming packets, the arrival time of the packet and, for outgoing
+packets, the transmission time of the packet.  This time is an
+approximation of the arrival or transmission time.  If it is supplied by
+the operating system running on the host on which the capture is being
+done, there are several reasons why it might not precisely represent the
+arrival or transmission time:
+.IP
+if the time stamp is applied to the packet when the networking stack
+receives the packet, the networking stack might not see the packet until
+an interrupt is delivered for the packet or a timer event causes the
+networking device driver to poll for packets, and the time stamp might
+not be applied until the packet has had some processing done by other
+code in the networking stack, so there might be a significant delay
+between the time when the last bit of the packet is received by the
+capture device and when the networking stack time-stamps the packet;
+.IP
+the timer used to generate the time stamps might have low resolution,
+for example, it might be a timer updated once per host operating system
+timer tick, with the host operating system timer ticking once every few
+milliseconds;
+.IP
+a high-resolution timer might use a counter that runs at a rate
+dependent on the processor clock speed, and that clock speed might be
+adjusted upwards or downwards over time and the timer might not be able
+to compensate for all those adjustments;
+.IP
+the host operating system's clock might be adjusted over time to match a
+time standard to which the host is being synchronized, which might be
+done by temporarily slowing down or speeding up the clock or by making a
+single adjustment;
+.IP
+different CPU cores on a multi-core or multi-processor system might be
+running at different speeds, or might not have time counters all
+synchronized, so packets time-stamped by different cores might not have
+consistent time stamps.
+.LP
+In addition, packets time-stamped by different cores might be
+time-stamped in one order and added to the queue of packets for libpcap
+to read in another order, so time stamps might not be monotonically
+increasing.
+.LP
+Some capture devices on some platforms can provide time stamps for
+packets; those time stamps are usually high-resolution time stamps, and
+are usually applied to the packet when the first or last bit of the
+packet arrives, and are thus more accurate than time stamps provided by
+the host operating system.  Those time stamps might not, however, be
+synchronized with the host operating system's clock, so that, for
+example, the time stamp of a packet might not correspond to the time
+stamp of an event on the host triggered by the arrival of that packet.
+.LP
+Depending on the capture device and the software on the host, libpcap
+might allow different types of time stamp to be used.  The
+.BR pcap_list_tstamp_types (3PCAP)
+routine provides, for a packet capture handle created by
+.BR pcap_create (3PCAP)
+but not yet activated by
+.BR pcap_activate (3PCAP),
+a list of time stamp types supported by the capture device for that
+handle.
+The list might be empty, in which case no choice of time stamp type is
+offered for that capture device.  If the list is not empty, the
+.BR pcap_set_tstamp_type (3PCAP)
+routine can be used after a
+.B pcap_create()
+call and before a
+.B pcap_activate()
+call to specify the type of time stamp to be used on the device.
+The time stamp types are listed here; the first value is the #define to
+use in code, the second value is the value returned by
+.B pcap_tstamp_type_val_to_name()
+and accepted by
+.BR pcap_tstamp_name_to_val() .
+.RS 5
+.TP 5
+.BR PCAP_TSTAMP_HOST " - " host
+Time stamp provided by the host on which the capture is being done.  The
+precision of this time stamp is unspecified; it might or might not be
+synchronized with the host operating system's clock.
+.TP 5
+.BR PCAP_TSTAMP_HOST_LOWPREC " - " host_lowprec
+Time stamp provided by the host on which the capture is being done. 
+This is a low-precision time stamp, synchronized with the host operating
+system's clock.
+.TP 5
+.BR PCAP_TSTAMP_HOST_HIPREC " - " host_hiprec
+Time stamp provided by the host on which the capture is being done. 
+This is a high-precision time stamp; it might or might not be
+synchronized with the host operating system's clock.  It might be more
+expensive to fetch than
+.BR PCAP_TSTAMP_HOST_LOWPREC .
+.TP 5
+.BR PCAP_TSTAMP_ADAPTER " - " adapter
+Time stamp provided by the network adapter on which the capture is being
+done.  This is a high-precision time stamp, synchronized with the host
+operating system's clock.
+.TP 5
+.BR PCAP_TSTAMP_ADAPTER_UNSYNCED " - " adapter_unsynced
+Time stamp provided by the network adapter on which the capture is being
+done.  This is a high-precision time stamp; it is not synchronized with
+the host operating system's clock.
+.RE
+.SH SEE ALSO
+pcap_set_tstamp_type(3PCAP),
+pcap_list_tstamp_types(3PCAP),
+pcap_tstamp_type_val_to_name(3PCAP),
+pcap_tstamp_name_to_val(3PCAP)
--- a/pcap-usb-linux.c
+++ b/pcap-usb-linux.c
@ -0,0 +1,883 @@
+/*
+ * Copyright (c) 2006 Paolo Abeni (Italy)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote 
+ * products derived from this software without specific prior written 
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * USB sniffing API implementation for Linux platform
+ * By Paolo Abeni <paolo.abeni@email.it>
+ * Modifications: Kris Katterjohn <katterjohn@gmail.com>
+ *
+ */
+#ifndef lint
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/libpcap/pcap-usb-linux.c,v 1.33 2008-12-23 21:38:50 guy Exp $ (LBL)";
+#endif
+ 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "pcap-int.h"
+#include "pcap-usb-linux.h"
+#include "pcap/usb.h"
+
+#ifdef NEED_STRERROR_H
+#include "strerror.h"
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <dirent.h>
+#include <byteswap.h>
+#include <netinet/in.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+#ifdef HAVE_LINUX_USBDEVICE_FS_H
+/*
+ * We might need <linux/compiler.h> to define __user for
+ * <linux/usbdevice_fs.h>.
+ */
+#ifdef HAVE_LINUX_COMPILER_H
+#include <linux/compiler.h>
+#endif /* HAVE_LINUX_COMPILER_H */
+#include <linux/usbdevice_fs.h>
+#endif /* HAVE_LINUX_USBDEVICE_FS_H */
+
+#define USB_IFACE "usbmon"
+#define USB_TEXT_DIR_OLD "/sys/kernel/debug/usbmon"
+#define USB_TEXT_DIR "/sys/kernel/debug/usb/usbmon"
+#define SYS_USB_BUS_DIR "/sys/bus/usb/devices"
+#define PROC_USB_BUS_DIR "/proc/bus/usb"
+#define USB_LINE_LEN 4096
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define htols(s) s
+#define htoll(l) l
+#define htol64(ll) ll
+#else
+#define htols(s) bswap_16(s)
+#define htoll(l) bswap_32(l)
+#define htol64(ll) bswap_64(ll)
+#endif
+
+struct mon_bin_stats {
+	u_int32_t queued;
+	u_int32_t dropped;
+};
+
+struct mon_bin_get {
+	pcap_usb_header *hdr;
+	void *data;
+	size_t data_len;   /* Length of data (can be zero) */
+};
+
+struct mon_bin_mfetch {
+	int32_t *offvec;   /* Vector of events fetched */
+	int32_t nfetch;    /* Number of events to fetch (out: fetched) */
+	int32_t nflush;    /* Number of events to flush */
+};
+
+#define MON_IOC_MAGIC 0x92
+
+#define MON_IOCQ_URB_LEN _IO(MON_IOC_MAGIC, 1)
+#define MON_IOCX_URB  _IOWR(MON_IOC_MAGIC, 2, struct mon_bin_hdr)
+#define MON_IOCG_STATS _IOR(MON_IOC_MAGIC, 3, struct mon_bin_stats)
+#define MON_IOCT_RING_SIZE _IO(MON_IOC_MAGIC, 4)
+#define MON_IOCQ_RING_SIZE _IO(MON_IOC_MAGIC, 5)
+#define MON_IOCX_GET   _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get)
+#define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch)
+#define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8)
+
+#define MON_BIN_SETUP 	0x1 /* setup hdr is present*/
+#define MON_BIN_SETUP_ZERO 	0x2 /* setup buffer is not available */
+#define MON_BIN_DATA_ZERO 	0x4 /* data buffer is not available */
+#define MON_BIN_ERROR 	0x8
+
+/* forward declaration */
+static int usb_activate(pcap_t *);
+static int usb_stats_linux(pcap_t *, struct pcap_stat *);
+static int usb_stats_linux_bin(pcap_t *, struct pcap_stat *);
+static int usb_read_linux(pcap_t *, int , pcap_handler , u_char *);
+static int usb_read_linux_bin(pcap_t *, int , pcap_handler , u_char *);
+static int usb_read_linux_mmap(pcap_t *, int , pcap_handler , u_char *);
+static int usb_inject_linux(pcap_t *, const void *, size_t);
+static int usb_setdirection_linux(pcap_t *, pcap_direction_t);
+static void usb_cleanup_linux_mmap(pcap_t *);
+
+/* facility to add an USB device to the device list*/
+static int 
+usb_dev_add(pcap_if_t** alldevsp, int n, char *err_str)
+{
+	char dev_name[10];
+	char dev_descr[30]; 
+	snprintf(dev_name, 10, USB_IFACE"%d", n);
+	snprintf(dev_descr, 30, "USB bus number %d", n);
+
+	if (pcap_add_if(alldevsp, dev_name, 0, 
+	    dev_descr, err_str) < 0)
+		return -1;
+	return 0; 
+}
+
+int 
+usb_platform_finddevs(pcap_if_t **alldevsp, char *err_str)
+{
+	struct dirent* data;
+	int ret = 0;
+	DIR* dir;
+	int n;
+	char* name;
+	size_t len;
+
+	/* try scanning sysfs usb bus directory */
+	dir = opendir(SYS_USB_BUS_DIR);
+	if (dir != NULL) {
+		while ((ret == 0) && ((data = readdir(dir)) != 0)) {
+			name = data->d_name;
+
+			if (strncmp(name, "usb", 3) != 0)
+				continue;
+
+			if (sscanf(&name[3], "%d", &n) == 0) 
+				continue;
+
+			ret = usb_dev_add(alldevsp, n, err_str);
+		}
+
+		closedir(dir);
+		return ret;
+	}
+
+	/* that didn't work; try scanning procfs usb bus directory */
+	dir = opendir(PROC_USB_BUS_DIR);
+	if (dir != NULL) {
+		while ((ret == 0) && ((data = readdir(dir)) != 0)) {
+			name = data->d_name;
+			len = strlen(name);
+
+			/* if this file name does not end with a number it's not of our interest */
+			if ((len < 1) || !isdigit(name[--len]))
+				continue;
+			while (isdigit(name[--len]));
+			if (sscanf(&name[len+1], "%d", &n) != 1) 
+				continue;
+
+			ret = usb_dev_add(alldevsp, n, err_str);
+		}
+
+		closedir(dir);
+		return ret;
+	}
+
+	/* neither of them worked */
+	return 0;
+}
+
+static 
+int usb_mmap(pcap_t* handle)
+{
+	int len = ioctl(handle->fd, MON_IOCQ_RING_SIZE);
+	if (len < 0) 
+		return 0;
+
+	handle->md.mmapbuflen = len;
+	handle->md.mmapbuf = mmap(0, handle->md.mmapbuflen, PROT_READ,
+	    MAP_SHARED, handle->fd, 0);
+	return handle->md.mmapbuf != MAP_FAILED;
+}
+
+#define CTRL_TIMEOUT    (5*1000)        /* milliseconds */
+
+#define USB_DIR_IN		0x80
+#define USB_TYPE_STANDARD	0x00
+#define USB_RECIP_DEVICE	0x00
+
+#define USB_REQ_GET_DESCRIPTOR	6
+
+#define USB_DT_DEVICE		1
+
+/* probe the descriptors of the devices attached to the bus */
+/* the descriptors will end up in the captured packet stream */
+/* and be decoded by external apps like wireshark */
+/* without these identifying probes packet data can't be fully decoded */
+static void
+probe_devices(int bus)
+{
+	struct usbdevfs_ctrltransfer ctrl;
+	struct dirent* data;
+	int ret = 0;
+	char buf[40];
+	DIR* dir;
+
+	/* scan usb bus directories for device nodes */
+	snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d", bus);
+	dir = opendir(buf);
+	if (!dir)
+		return;
+
+	while ((ret >= 0) && ((data = readdir(dir)) != 0)) {
+		int fd;
+		char* name = data->d_name;
+
+		if (name[0] == '.')
+			continue;
+
+		snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d/%s", bus, data->d_name);
+		
+		fd = open(buf, O_RDWR);
+		if (fd == -1)
+			continue;
+
+		/*
+		 * Sigh.  Different kernels have different member names
+		 * for this structure.
+		 */
+#ifdef HAVE_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE
+		ctrl.bRequestType = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE;
+		ctrl.bRequest = USB_REQ_GET_DESCRIPTOR;
+		ctrl.wValue = USB_DT_DEVICE << 8;
+		ctrl.wIndex = 0;
+ 		ctrl.wLength = sizeof(buf);
+#else
+		ctrl.requesttype = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE;
+		ctrl.request = USB_REQ_GET_DESCRIPTOR;
+		ctrl.value = USB_DT_DEVICE << 8;
+		ctrl.index = 0;
+ 		ctrl.length = sizeof(buf);
+#endif
+		ctrl.data = buf;
+		ctrl.timeout = CTRL_TIMEOUT;
+
+		ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl);
+
+		close(fd);
+	}
+	closedir(dir);
+}
+
+pcap_t *
+usb_create(const char *device, char *ebuf)
+{
+	pcap_t *p;
+
+	p = pcap_create_common(device, ebuf);
+	if (p == NULL)
+		return (NULL);
+
+	p->activate_op = usb_activate;
+	return (p);
+}
+
+static int
+usb_activate(pcap_t* handle)
+{
+	char 		full_path[USB_LINE_LEN];
+
+	/* Initialize some components of the pcap structure. */
+	handle->bufsize = handle->snapshot;
+	handle->offset = 0;
+	handle->linktype = DLT_USB_LINUX;
+
+	handle->inject_op = usb_inject_linux;
+	handle->setfilter_op = install_bpf_program; /* no kernel filtering */
+	handle->setdirection_op = usb_setdirection_linux;
+	handle->set_datalink_op = NULL;	/* can't change data link type */
+	handle->getnonblock_op = pcap_getnonblock_fd;
+	handle->setnonblock_op = pcap_setnonblock_fd;
+
+	/*get usb bus index from device name */
+	if (sscanf(handle->opt.source, USB_IFACE"%d", &handle->md.ifindex) != 1)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			"Can't get USB bus index from %s", handle->opt.source);
+		return PCAP_ERROR;
+	}
+
+	/*now select the read method: try to open binary interface */
+	snprintf(full_path, USB_LINE_LEN, LINUX_USB_MON_DEV"%d", handle->md.ifindex);  
+	handle->fd = open(full_path, O_RDONLY, 0);
+	if (handle->fd >= 0)
+	{
+		if (handle->opt.rfmon) {
+			/*
+			 * Monitor mode doesn't apply to USB devices.
+			 */
+			close(handle->fd);
+			return PCAP_ERROR_RFMON_NOTSUP;
+		}
+
+		/* binary api is available, try to use fast mmap access */
+		if (usb_mmap(handle)) {
+			handle->linktype = DLT_USB_LINUX_MMAPPED;
+			handle->stats_op = usb_stats_linux_bin;
+			handle->read_op = usb_read_linux_mmap;
+			handle->cleanup_op = usb_cleanup_linux_mmap;
+			probe_devices(handle->md.ifindex);
+
+			/*
+			 * "handle->fd" is a real file, so "select()" and
+			 * "poll()" work on it.
+			 */
+			handle->selectable_fd = handle->fd;
+			return 0;
+		}
+
+		/* can't mmap, use plain binary interface access */
+		handle->stats_op = usb_stats_linux_bin;
+		handle->read_op = usb_read_linux_bin;
+		probe_devices(handle->md.ifindex);
+	}
+	else {
+		/*Binary interface not available, try open text interface */
+		snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR"/%dt", handle->md.ifindex);  
+		handle->fd = open(full_path, O_RDONLY, 0);
+		if (handle->fd < 0)
+		{
+			if (errno == ENOENT)
+			{
+				/*
+				 * Not found at the new location; try
+				 * the old location.
+				 */
+				snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%dt", handle->md.ifindex);  
+				handle->fd = open(full_path, O_RDONLY, 0);
+			}
+			if (handle->fd < 0) {
+				/* no more fallback, give it up*/
+				snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+					"Can't open USB bus file %s: %s", full_path, strerror(errno));
+				return PCAP_ERROR;
+			}
+		}
+
+		if (handle->opt.rfmon) {
+			/*
+			 * Monitor mode doesn't apply to USB devices.
+			 */
+			close(handle->fd);
+			return PCAP_ERROR_RFMON_NOTSUP;
+		}
+
+		handle->stats_op = usb_stats_linux;
+		handle->read_op = usb_read_linux;
+	}
+
+	/*
+	 * "handle->fd" is a real file, so "select()" and "poll()"
+	 * work on it.
+	 */
+	handle->selectable_fd = handle->fd;
+
+	/* for plain binary access and text access we need to allocate the read
+	 * buffer */
+	handle->buffer = malloc(handle->bufsize);
+	if (!handle->buffer) {
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			 "malloc: %s", pcap_strerror(errno));
+		close(handle->fd);
+		return PCAP_ERROR;
+	}
+	return 0;
+}
+
+static inline int 
+ascii_to_int(char c)
+{
+	return c < 'A' ? c- '0': ((c<'a') ? c - 'A' + 10: c-'a'+10);
+}
+
+/*
+ * see <linux-kernel-source>/Documentation/usb/usbmon.txt and 
+ * <linux-kernel-source>/drivers/usb/mon/mon_text.c for urb string 
+ * format description
+ */
+static int
+usb_read_linux(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
+{
+	/* see:
+	* /usr/src/linux/Documentation/usb/usbmon.txt 
+	* for message format
+	*/
+	unsigned timestamp;
+	int tag, cnt, ep_num, dev_addr, dummy, ret, urb_len, data_len;
+	char etype, pipeid1, pipeid2, status[16], urb_tag, line[USB_LINE_LEN];
+	char *string = line;
+	u_char * rawdata = handle->buffer;
+	struct pcap_pkthdr pkth;
+	pcap_usb_header* uhdr = (pcap_usb_header*)handle->buffer;
+	u_char urb_transfer=0;
+	int incoming=0;
+
+	/* ignore interrupt system call errors */
+	do {
+		ret = read(handle->fd, line, USB_LINE_LEN - 1);
+		if (handle->break_loop)
+		{
+			handle->break_loop = 0;
+			return -2;
+		}
+	} while ((ret == -1) && (errno == EINTR));
+	if (ret < 0)
+	{
+		if (errno == EAGAIN)
+			return 0;	/* no data there */
+
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+		    "Can't read from fd %d: %s", handle->fd, strerror(errno));
+		return -1;
+	}
+
+	/* read urb header; %n argument may increment return value, but it's 
+	* not mandatory, so does not count on it*/
+	string[ret] = 0;
+	ret = sscanf(string, "%x %d %c %c%c:%d:%d %s%n", &tag, &timestamp, &etype, 
+		&pipeid1, &pipeid2, &dev_addr, &ep_num, status, 
+		&cnt);
+	if (ret < 8)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+		    "Can't parse USB bus message '%s', too few tokens (expected 8 got %d)",
+		    string, ret);
+		return -1;
+	}
+	uhdr->id = tag;
+	uhdr->device_address = dev_addr;
+	uhdr->bus_id = handle->md.ifindex;
+	uhdr->status = 0;
+	string += cnt;
+
+	/* don't use usbmon provided timestamp, since it have low precision*/
+	if (gettimeofday(&pkth.ts, NULL) < 0) 
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			"Can't get timestamp for message '%s' %d:%s", 
+			string, errno, strerror(errno));
+		return -1;
+	}
+	uhdr->ts_sec = pkth.ts.tv_sec;
+	uhdr->ts_usec = pkth.ts.tv_usec;
+
+	/* parse endpoint information */
+	if (pipeid1 == 'C')
+		urb_transfer = URB_CONTROL;
+	else if (pipeid1 == 'Z')
+		urb_transfer = URB_ISOCHRONOUS;
+	else if (pipeid1 == 'I')
+		urb_transfer = URB_INTERRUPT;
+	else if (pipeid1 == 'B')
+		urb_transfer = URB_BULK;
+	if (pipeid2 == 'i') {
+		ep_num |= URB_TRANSFER_IN;
+		incoming = 1;
+	}
+	if (etype == 'C')
+		incoming = !incoming;
+
+	/* direction check*/
+	if (incoming)
+	{
+		if (handle->direction == PCAP_D_OUT)
+			return 0;
+	}
+	else
+		if (handle->direction == PCAP_D_IN)
+			return 0;
+	uhdr->event_type = etype;
+	uhdr->transfer_type = urb_transfer;
+	uhdr->endpoint_number = ep_num;
+	pkth.caplen = sizeof(pcap_usb_header);
+	rawdata += sizeof(pcap_usb_header);
+
+	/* check if this is a setup packet */
+	ret = sscanf(status, "%d", &dummy);
+	if (ret != 1)
+	{
+		/* this a setup packet, setup data can be filled with underscore if
+		* usbmon has not been able to read them, so we must parse this fields as 
+		* strings */
+		pcap_usb_setup* shdr;
+		char str1[3], str2[3], str3[5], str4[5], str5[5];
+		ret = sscanf(string, "%s %s %s %s %s%n", str1, str2, str3, str4, 
+		str5, &cnt);
+		if (ret < 5)
+		{
+			snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+				"Can't parse USB bus message '%s', too few tokens (expected 5 got %d)",
+				string, ret);
+			return -1;
+		}
+		string += cnt;
+
+		/* try to convert to corresponding integer */
+		shdr = &uhdr->setup;
+		shdr->bmRequestType = strtoul(str1, 0, 16);
+		shdr->bRequest = strtoul(str2, 0, 16);
+		shdr->wValue = htols(strtoul(str3, 0, 16));
+		shdr->wIndex = htols(strtoul(str4, 0, 16));
+		shdr->wLength = htols(strtoul(str5, 0, 16));
+
+		uhdr->setup_flag = 0;
+	}
+	else 
+		uhdr->setup_flag = 1;
+
+	/* read urb data */
+	ret = sscanf(string, " %d%n", &urb_len, &cnt);
+	if (ret < 1)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+		  "Can't parse urb length from '%s'", string);
+		return -1;
+	}
+	string += cnt;
+
+	/* urb tag is not present if urb length is 0, so we can stop here 
+	 * text parsing */
+	pkth.len = urb_len+pkth.caplen;
+	uhdr->urb_len = urb_len;
+	uhdr->data_flag = 1;
+	data_len = 0;
+	if (uhdr->urb_len == 0)
+		goto got;
+
+	/* check for data presence; data is present if and only if urb tag is '=' */
+	if (sscanf(string, " %c", &urb_tag) != 1)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			"Can't parse urb tag from '%s'", string);
+		return -1;
+	}
+
+	if (urb_tag != '=') 
+		goto got;
+
+	/* skip urb tag and following space */
+	string += 3;
+
+	/* if we reach this point we got some urb data*/
+	uhdr->data_flag = 0;
+
+	/* read all urb data; if urb length is greater then the usbmon internal 
+	 * buffer length used by the kernel to spool the URB, we get only
+	 * a partial information.
+	 * At least until linux 2.6.17 there is no way to set usbmon intenal buffer
+	 * length and default value is 130. */
+	while ((string[0] != 0) && (string[1] != 0) && (pkth.caplen < handle->snapshot))
+	{
+		rawdata[0] = ascii_to_int(string[0]) * 16 + ascii_to_int(string[1]);
+		rawdata++;
+		string+=2;
+		if (string[0] == ' ')
+			string++;
+		pkth.caplen++;
+		data_len++;
+	}
+
+got:
+	uhdr->data_len = data_len;
+	if (pkth.caplen > handle->snapshot)
+		pkth.caplen = handle->snapshot;
+
+	if (handle->fcode.bf_insns == NULL ||
+	    bpf_filter(handle->fcode.bf_insns, handle->buffer,
+	      pkth.len, pkth.caplen)) {
+		handle->md.packets_read++;
+		callback(user, &pkth, handle->buffer);
+		return 1;
+	}
+	return 0;	/* didn't pass filter */
+}
+
+static int
+usb_inject_linux(pcap_t *handle, const void *buf, size_t size)
+{
+	snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "inject not supported on "
+		"USB devices");
+	return (-1);
+}
+
+static int 
+usb_stats_linux(pcap_t *handle, struct pcap_stat *stats)
+{
+	int dummy, ret, consumed, cnt;
+	char string[USB_LINE_LEN];
+	char token[USB_LINE_LEN];
+	char * ptr = string;
+	int fd;
+
+	snprintf(string, USB_LINE_LEN, USB_TEXT_DIR"/%ds", handle->md.ifindex);
+	fd = open(string, O_RDONLY, 0);
+	if (fd < 0)
+	{
+		if (errno == ENOENT)
+		{
+			/*
+			 * Not found at the new location; try the old
+			 * location.
+			 */
+			snprintf(string, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%ds", handle->md.ifindex);
+			fd = open(string, O_RDONLY, 0);
+		}
+		if (fd < 0) {
+			snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+				"Can't open USB stats file %s: %s", 
+				string, strerror(errno));
+			return -1;
+		}
+	}
+
+	/* read stats line */
+	do {
+		ret = read(fd, string, USB_LINE_LEN-1);
+	} while ((ret == -1) && (errno == EINTR));
+	close(fd);
+
+	if (ret < 0)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			"Can't read stats from fd %d ", fd);
+		return -1;
+	}
+	string[ret] = 0;
+
+	/* extract info on dropped urbs */
+	for (consumed=0; consumed < ret; ) {
+		/* from the sscanf man page: 
+ 		 * The C standard says: "Execution of a %n directive does 
+ 		 * not increment the assignment count returned at the completion
+		 * of  execution" but the Corrigendum seems to contradict this.
+		 * Do not make any assumptions on the effect of %n conversions 
+		 * on the return value and explicitly check for cnt assignmet*/
+		int ntok;
+
+		cnt = -1;
+		ntok = sscanf(ptr, "%s%n", token, &cnt);
+		if ((ntok < 1) || (cnt < 0))
+			break;
+		consumed += cnt;
+		ptr += cnt;
+		if (strcmp(token, "nreaders") == 0)
+			ret = sscanf(ptr, "%d", &stats->ps_drop);
+		else 
+			ret = sscanf(ptr, "%d", &dummy);
+		if (ntok != 1)
+			break;
+		consumed += cnt;
+		ptr += cnt;
+	}
+
+	stats->ps_recv = handle->md.packets_read;
+	stats->ps_ifdrop = 0;
+	return 0;
+}
+
+static int 
+usb_setdirection_linux(pcap_t *p, pcap_direction_t d)
+{
+	p->direction = d;
+	return 0;
+}
+
+
+static int 
+usb_stats_linux_bin(pcap_t *handle, struct pcap_stat *stats)
+{
+	int ret;
+	struct mon_bin_stats st;
+	ret = ioctl(handle->fd, MON_IOCG_STATS, &st);
+	if (ret < 0)
+	{
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			"Can't read stats from fd %d:%s ", handle->fd, strerror(errno));
+		return -1;
+	}
+
+	stats->ps_recv = handle->md.packets_read + st.queued;
+	stats->ps_drop = st.dropped;
+	stats->ps_ifdrop = 0;
+	return 0;
+}
+
+/*
+ * see <linux-kernel-source>/Documentation/usb/usbmon.txt and 
+ * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI
+ */
+static int
+usb_read_linux_bin(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
+{
+	struct mon_bin_get info;
+	int ret;
+	struct pcap_pkthdr pkth;
+	int clen = handle->snapshot - sizeof(pcap_usb_header);
+
+	/* the usb header is going to be part of 'packet' data*/
+	info.hdr = (pcap_usb_header*) handle->buffer;
+	info.data = handle->buffer + sizeof(pcap_usb_header);
+	info.data_len = clen;
+
+	/* ignore interrupt system call errors */
+	do {
+		ret = ioctl(handle->fd, MON_IOCX_GET, &info);
+		if (handle->break_loop)
+		{
+			handle->break_loop = 0;
+			return -2;
+		}
+	} while ((ret == -1) && (errno == EINTR));
+	if (ret < 0)
+	{
+		if (errno == EAGAIN)
+			return 0;	/* no data there */
+
+		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+		    "Can't read from fd %d: %s", handle->fd, strerror(errno));
+		return -1;
+	}
+
+	/* we can get less that than really captured from kernel, depending on
+	 * snaplen, so adjust header accordingly */
+	if (info.hdr->data_len < clen)
+		clen = info.hdr->data_len;
+	info.hdr->data_len = clen;
+	pkth.caplen = clen + sizeof(pcap_usb_header);
+	pkth.len = info.hdr->data_len + sizeof(pcap_usb_header);
+	pkth.ts.tv_sec = info.hdr->ts_sec;
+	pkth.ts.tv_usec = info.hdr->ts_usec;
+
+	if (handle->fcode.bf_insns == NULL ||
+	    bpf_filter(handle->fcode.bf_insns, handle->buffer,
+	      pkth.len, pkth.caplen)) {
+		handle->md.packets_read++;
+		callback(user, &pkth, handle->buffer);
+		return 1;
+	}
+
+	return 0;	/* didn't pass filter */
+}
+
+/*
+ * see <linux-kernel-source>/Documentation/usb/usbmon.txt and 
+ * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI
+ */
+#define VEC_SIZE 32
+static int
+usb_read_linux_mmap(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
+{
+	struct mon_bin_mfetch fetch;
+	int32_t vec[VEC_SIZE];
+	struct pcap_pkthdr pkth;
+	pcap_usb_header* hdr;
+	int nflush = 0;
+	int packets = 0;
+	int clen, max_clen;
+
+	max_clen = handle->snapshot - sizeof(pcap_usb_header);
+
+	for (;;) {
+		int i, ret;
+		int limit = max_packets - packets;
+		if (limit <= 0)
+			limit = VEC_SIZE;
+		if (limit > VEC_SIZE)
+			limit = VEC_SIZE;
+
+		/* try to fetch as many events as possible*/
+		fetch.offvec = vec;
+		fetch.nfetch = limit;
+		fetch.nflush = nflush;
+		/* ignore interrupt system call errors */
+		do {
+			ret = ioctl(handle->fd, MON_IOCX_MFETCH, &fetch);
+			if (handle->break_loop)
+			{
+				handle->break_loop = 0;
+				return -2;
+			}
+		} while ((ret == -1) && (errno == EINTR));
+		if (ret < 0)
+		{
+			if (errno == EAGAIN)
+				return 0;	/* no data there */
+
+			snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+			    "Can't mfetch fd %d: %s", handle->fd, strerror(errno));
+			return -1;
+		}
+
+		/* keep track of processed events, we will flush them later */
+		nflush = fetch.nfetch;
+		for (i=0; i<fetch.nfetch; ++i) {
+			/* discard filler */
+			hdr = (pcap_usb_header*) &handle->md.mmapbuf[vec[i]];
+			if (hdr->event_type == '@') 
+				continue;
+
+			/* we can get less that than really captured from kernel, depending on
+	 		* snaplen, so adjust header accordingly */
+			clen = max_clen;
+			if (hdr->data_len < clen)
+				clen = hdr->data_len;
+
+			/* get packet info from header*/
+			pkth.caplen = clen + sizeof(pcap_usb_header_mmapped);
+			pkth.len = hdr->data_len + sizeof(pcap_usb_header_mmapped);
+			pkth.ts.tv_sec = hdr->ts_sec;
+			pkth.ts.tv_usec = hdr->ts_usec;
+
+			if (handle->fcode.bf_insns == NULL ||
+			    bpf_filter(handle->fcode.bf_insns, (u_char*) hdr,
+			      pkth.len, pkth.caplen)) {
+				handle->md.packets_read++;
+				callback(user, &pkth, (u_char*) hdr);
+				packets++;
+			}
+		}
+
+		/* with max_packets <= 0 we stop afer the first chunk*/
+		if ((max_packets <= 0) || (packets == max_packets))
+			break;
+	}
+
+	/* flush pending events*/
+	ioctl(handle->fd, MON_IOCH_MFLUSH, nflush);
+	return packets;
+}
+
+static void
+usb_cleanup_linux_mmap(pcap_t* handle)
+{
+	/* if we have a memory-mapped buffer, unmap it */
+	if (handle->md.mmapbuf != NULL) {
+		munmap(handle->md.mmapbuf, handle->md.mmapbuflen);
+		handle->md.mmapbuf = NULL;
+	}
+	pcap_cleanup_live_common(handle);
+}
--- a/pcap-usb-linux.h
+++ b/pcap-usb-linux.h
@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2006 Paolo Abeni (Italy)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote 
+ * products derived from this software without specific prior written 
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * USB sniffing API implementation for Linux platform
+ * By Paolo Abeni <paolo.abeni@email.it>
+ *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-usb-linux.h,v 1.5 2008-04-04 19:37:45 guy Exp $ (LBL)
+ */
+
+/*
+ * Prototypes for USB-related functions
+ */
+int usb_platform_finddevs(pcap_if_t **alldevsp, char *err_str);
+pcap_t *usb_create(const char *device, char *ebuf);
--- a/Show More
+++ b/Show More