mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-28 05:55:27 +01:00
681ed54caa
MFC after: 1 month
2023 lines
52 KiB
C
2023 lines
52 KiB
C
/*
|
|
* Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the Computer Systems
|
|
* Engineering Group at Lawrence Berkeley Laboratory.
|
|
* 4. Neither the name of the University nor of the Laboratory may be used
|
|
* to endorse or promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#ifdef WIN32
|
|
#include <pcap-stdinc.h>
|
|
#else /* WIN32 */
|
|
#if HAVE_INTTYPES_H
|
|
#include <inttypes.h>
|
|
#elif HAVE_STDINT_H
|
|
#include <stdint.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_BITYPES_H
|
|
#include <sys/bitypes.h>
|
|
#endif
|
|
#include <sys/types.h>
|
|
#include <sys/mman.h>
|
|
#endif /* WIN32 */
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
|
|
#include <unistd.h>
|
|
#endif
|
|
#include <fcntl.h>
|
|
#include <errno.h>
|
|
|
|
#ifdef HAVE_OS_PROTO_H
|
|
#include "os-proto.h"
|
|
#endif
|
|
|
|
#ifdef MSDOS
|
|
#include "pcap-dos.h"
|
|
#endif
|
|
|
|
#include "pcap-int.h"
|
|
|
|
#ifdef HAVE_DAG_API
|
|
#include "pcap-dag.h"
|
|
#endif /* HAVE_DAG_API */
|
|
|
|
#ifdef HAVE_SEPTEL_API
|
|
#include "pcap-septel.h"
|
|
#endif /* HAVE_SEPTEL_API */
|
|
|
|
#ifdef HAVE_SNF_API
|
|
#include "pcap-snf.h"
|
|
#endif /* HAVE_SNF_API */
|
|
|
|
#ifdef PCAP_SUPPORT_USB
|
|
#include "pcap-usb-linux.h"
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_BT
|
|
#include "pcap-bt-linux.h"
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_BT_MONITOR
|
|
#include "pcap-bt-monitor-linux.h"
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_CAN
|
|
#include "pcap-can-linux.h"
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_CANUSB
|
|
#include "pcap-canusb-linux.h"
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_NETFILTER
|
|
#include "pcap-netfilter-linux.h"
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_NETMAP
|
|
pcap_t* pcap_netmap_create(const char *device, char *ebuf, int *is_ours);
|
|
#endif
|
|
|
|
#ifdef PCAP_SUPPORT_DBUS
|
|
#include "pcap-dbus.h"
|
|
#endif
|
|
|
|
int
|
|
pcap_not_initialized(pcap_t *pcap _U_)
|
|
{
|
|
/* this means 'not initialized' */
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
}
|
|
|
|
#ifdef WIN32
|
|
Adapter *
|
|
pcap_no_adapter(pcap_t *pcap _U_)
|
|
{
|
|
return (NULL);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
|
|
* a PCAP_ERROR value on an error.
|
|
*/
|
|
int
|
|
pcap_can_set_rfmon(pcap_t *p)
|
|
{
|
|
return (p->can_set_rfmon_op(p));
|
|
}
|
|
|
|
/*
|
|
* For systems where rfmon mode is never supported.
|
|
*/
|
|
static int
|
|
pcap_cant_set_rfmon(pcap_t *p _U_)
|
|
{
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* Sets *tstamp_typesp to point to an array 1 or more supported time stamp
|
|
* types; the return value is the number of supported time stamp types.
|
|
* The list should be freed by a call to pcap_free_tstamp_types() when
|
|
* you're done with it.
|
|
*
|
|
* A return value of 0 means "you don't get a choice of time stamp type",
|
|
* in which case *tstamp_typesp is set to null.
|
|
*
|
|
* PCAP_ERROR is returned on error.
|
|
*/
|
|
int
|
|
pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
|
|
{
|
|
if (p->tstamp_type_count == 0) {
|
|
/*
|
|
* We don't support multiple time stamp types.
|
|
*/
|
|
*tstamp_typesp = NULL;
|
|
} else {
|
|
*tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
|
|
p->tstamp_type_count);
|
|
if (*tstamp_typesp == NULL) {
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf),
|
|
"malloc: %s", pcap_strerror(errno));
|
|
return (PCAP_ERROR);
|
|
}
|
|
(void)memcpy(*tstamp_typesp, p->tstamp_type_list,
|
|
sizeof(**tstamp_typesp) * p->tstamp_type_count);
|
|
}
|
|
return (p->tstamp_type_count);
|
|
}
|
|
|
|
/*
|
|
* In Windows, you might have a library built with one version of the
|
|
* C runtime library and an application built with another version of
|
|
* the C runtime library, which means that the library might use one
|
|
* version of malloc() and free() and the application might use another
|
|
* version of malloc() and free(). If so, that means something
|
|
* allocated by the library cannot be freed by the application, so we
|
|
* need to have a pcap_free_tstamp_types() routine to free up the list
|
|
* allocated by pcap_list_tstamp_types(), even though it's just a wrapper
|
|
* around free().
|
|
*/
|
|
void
|
|
pcap_free_tstamp_types(int *tstamp_type_list)
|
|
{
|
|
free(tstamp_type_list);
|
|
}
|
|
|
|
/*
|
|
* Default one-shot callback; overridden for capture types where the
|
|
* packet data cannot be guaranteed to be available after the callback
|
|
* returns, so that a copy must be made.
|
|
*/
|
|
void
|
|
pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
|
|
{
|
|
struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
|
|
|
|
*sp->hdr = *h;
|
|
*sp->pkt = pkt;
|
|
}
|
|
|
|
const u_char *
|
|
pcap_next(pcap_t *p, struct pcap_pkthdr *h)
|
|
{
|
|
struct oneshot_userdata s;
|
|
const u_char *pkt;
|
|
|
|
s.hdr = h;
|
|
s.pkt = &pkt;
|
|
s.pd = p;
|
|
if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
|
|
return (0);
|
|
return (pkt);
|
|
}
|
|
|
|
int
|
|
pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
|
|
const u_char **pkt_data)
|
|
{
|
|
struct oneshot_userdata s;
|
|
|
|
s.hdr = &p->pcap_header;
|
|
s.pkt = pkt_data;
|
|
s.pd = p;
|
|
|
|
/* Saves a pointer to the packet headers */
|
|
*pkt_header= &p->pcap_header;
|
|
|
|
if (p->rfile != NULL) {
|
|
int status;
|
|
|
|
/* We are on an offline capture */
|
|
status = pcap_offline_read(p, 1, p->oneshot_callback,
|
|
(u_char *)&s);
|
|
|
|
/*
|
|
* Return codes for pcap_offline_read() are:
|
|
* - 0: EOF
|
|
* - -1: error
|
|
* - >1: OK
|
|
* The first one ('0') conflicts with the return code of
|
|
* 0 from pcap_read() meaning "no packets arrived before
|
|
* the timeout expired", so we map it to -2 so you can
|
|
* distinguish between an EOF from a savefile and a
|
|
* "no packets arrived before the timeout expired, try
|
|
* again" from a live capture.
|
|
*/
|
|
if (status == 0)
|
|
return (-2);
|
|
else
|
|
return (status);
|
|
}
|
|
|
|
/*
|
|
* Return codes for pcap_read() are:
|
|
* - 0: timeout
|
|
* - -1: error
|
|
* - -2: loop was broken out of with pcap_breakloop()
|
|
* - >1: OK
|
|
* The first one ('0') conflicts with the return code of 0 from
|
|
* pcap_offline_read() meaning "end of file".
|
|
*/
|
|
return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
|
|
}
|
|
|
|
#if defined(DAG_ONLY)
|
|
int
|
|
pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
|
|
{
|
|
return (dag_findalldevs(alldevsp, errbuf));
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_create(const char *source, char *errbuf)
|
|
{
|
|
return (dag_create(source, errbuf));
|
|
}
|
|
#elif defined(SEPTEL_ONLY)
|
|
int
|
|
pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
|
|
{
|
|
return (septel_findalldevs(alldevsp, errbuf));
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_create(const char *source, char *errbuf)
|
|
{
|
|
return (septel_create(source, errbuf));
|
|
}
|
|
#elif defined(SNF_ONLY)
|
|
int
|
|
pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
|
|
{
|
|
return (snf_findalldevs(alldevsp, errbuf));
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_create(const char *source, char *errbuf)
|
|
{
|
|
return (snf_create(source, errbuf));
|
|
}
|
|
#else /* regular pcap */
|
|
struct capture_source_type {
|
|
int (*findalldevs_op)(pcap_if_t **, char *);
|
|
pcap_t *(*create_op)(const char *, char *, int *);
|
|
} capture_source_types[] = {
|
|
#ifdef PCAP_SUPPORT_NETMAP
|
|
{ NULL, pcap_netmap_create },
|
|
#endif
|
|
#ifdef HAVE_DAG_API
|
|
{ dag_findalldevs, dag_create },
|
|
#endif
|
|
#ifdef HAVE_SEPTEL_API
|
|
{ septel_findalldevs, septel_create },
|
|
#endif
|
|
#ifdef HAVE_SNF_API
|
|
{ snf_findalldevs, snf_create },
|
|
#endif
|
|
#ifdef PCAP_SUPPORT_BT
|
|
{ bt_findalldevs, bt_create },
|
|
#endif
|
|
#ifdef PCAP_SUPPORT_BT_MONITOR
|
|
{ bt_monitor_findalldevs, bt_monitor_create },
|
|
#endif
|
|
#if PCAP_SUPPORT_CANUSB
|
|
{ canusb_findalldevs, canusb_create },
|
|
#endif
|
|
#ifdef PCAP_SUPPORT_CAN
|
|
{ can_findalldevs, can_create },
|
|
#endif
|
|
#ifdef PCAP_SUPPORT_USB
|
|
{ usb_findalldevs, usb_create },
|
|
#endif
|
|
#ifdef PCAP_SUPPORT_NETFILTER
|
|
{ netfilter_findalldevs, netfilter_create },
|
|
#endif
|
|
#ifdef PCAP_SUPPORT_DBUS
|
|
{ dbus_findalldevs, dbus_create },
|
|
#endif
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
/*
|
|
* Get a list of all capture sources that are up and that we can open.
|
|
* Returns -1 on error, 0 otherwise.
|
|
* The list, as returned through "alldevsp", may be null if no interfaces
|
|
* were up and could be opened.
|
|
*/
|
|
int
|
|
pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
|
|
{
|
|
size_t i;
|
|
|
|
/*
|
|
* Get the list of regular interfaces first.
|
|
*/
|
|
if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1)
|
|
return (-1); /* failure */
|
|
|
|
/*
|
|
* Add any interfaces that need a platform-specific mechanism
|
|
* to find.
|
|
*/
|
|
if (pcap_platform_finddevs(alldevsp, errbuf) == -1) {
|
|
/*
|
|
* We had an error; free the list we've been
|
|
* constructing.
|
|
*/
|
|
if (*alldevsp != NULL) {
|
|
pcap_freealldevs(*alldevsp);
|
|
*alldevsp = NULL;
|
|
}
|
|
return (-1);
|
|
}
|
|
|
|
/*
|
|
* Ask each of the non-local-network-interface capture
|
|
* source types what interfaces they have.
|
|
*/
|
|
for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
|
|
if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
|
|
/*
|
|
* We had an error; free the list we've been
|
|
* constructing.
|
|
*/
|
|
if (*alldevsp != NULL) {
|
|
pcap_freealldevs(*alldevsp);
|
|
*alldevsp = NULL;
|
|
}
|
|
return (-1);
|
|
}
|
|
}
|
|
|
|
return (0);
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_create(const char *source, char *errbuf)
|
|
{
|
|
size_t i;
|
|
int is_theirs;
|
|
pcap_t *p;
|
|
|
|
/*
|
|
* A null source name is equivalent to the "any" device -
|
|
* which might not be supported on this platform, but
|
|
* this means that you'll get a "not supported" error
|
|
* rather than, say, a crash when we try to dereference
|
|
* the null pointer.
|
|
*/
|
|
if (source == NULL)
|
|
source = "any";
|
|
|
|
/*
|
|
* Try each of the non-local-network-interface capture
|
|
* source types until we find one that works for this
|
|
* device or run out of types.
|
|
*/
|
|
for (i = 0; capture_source_types[i].create_op != NULL; i++) {
|
|
is_theirs = 0;
|
|
p = capture_source_types[i].create_op(source, errbuf, &is_theirs);
|
|
if (is_theirs) {
|
|
/*
|
|
* The device name refers to a device of the
|
|
* type in question; either it succeeded,
|
|
* in which case p refers to a pcap_t to
|
|
* later activate for the device, or it
|
|
* failed, in which case p is null and we
|
|
* should return that to report the failure
|
|
* to create.
|
|
*/
|
|
return (p);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* OK, try it as a regular network interface.
|
|
*/
|
|
return (pcap_create_interface(source, errbuf));
|
|
}
|
|
#endif
|
|
|
|
static void
|
|
initialize_ops(pcap_t *p)
|
|
{
|
|
/*
|
|
* Set operation pointers for operations that only work on
|
|
* an activated pcap_t to point to a routine that returns
|
|
* a "this isn't activated" error.
|
|
*/
|
|
p->read_op = (read_op_t)pcap_not_initialized;
|
|
p->inject_op = (inject_op_t)pcap_not_initialized;
|
|
p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
|
|
p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
|
|
p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
|
|
p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
|
|
p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
|
|
p->stats_op = (stats_op_t)pcap_not_initialized;
|
|
#ifdef WIN32
|
|
p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
|
|
p->setmode_op = (setmode_op_t)pcap_not_initialized;
|
|
p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
|
|
p->getadapter_op = pcap_no_adapter;
|
|
#endif
|
|
|
|
/*
|
|
* Default cleanup operation - implementations can override
|
|
* this, but should call pcap_cleanup_live_common() after
|
|
* doing their own additional cleanup.
|
|
*/
|
|
p->cleanup_op = pcap_cleanup_live_common;
|
|
|
|
/*
|
|
* In most cases, the standard one-shot callback can
|
|
* be used for pcap_next()/pcap_next_ex().
|
|
*/
|
|
p->oneshot_callback = pcap_oneshot;
|
|
}
|
|
|
|
static pcap_t *
|
|
pcap_alloc_pcap_t(char *ebuf, size_t size)
|
|
{
|
|
char *chunk;
|
|
pcap_t *p;
|
|
|
|
/*
|
|
* Allocate a chunk of memory big enough for a pcap_t
|
|
* plus a structure following it of size "size". The
|
|
* structure following it is a private data structure
|
|
* for the routines that handle this pcap_t.
|
|
*/
|
|
chunk = malloc(sizeof (pcap_t) + size);
|
|
if (chunk == NULL) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
|
|
pcap_strerror(errno));
|
|
return (NULL);
|
|
}
|
|
memset(chunk, 0, sizeof (pcap_t) + size);
|
|
|
|
/*
|
|
* Get a pointer to the pcap_t at the beginning.
|
|
*/
|
|
p = (pcap_t *)chunk;
|
|
|
|
#ifndef WIN32
|
|
p->fd = -1; /* not opened yet */
|
|
p->selectable_fd = -1;
|
|
#endif
|
|
|
|
if (size == 0) {
|
|
/* No private data was requested. */
|
|
p->priv = NULL;
|
|
} else {
|
|
/*
|
|
* Set the pointer to the private data; that's the structure
|
|
* of size "size" following the pcap_t.
|
|
*/
|
|
p->priv = (void *)(chunk + sizeof (pcap_t));
|
|
}
|
|
|
|
return (p);
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_create_common(const char *source, char *ebuf, size_t size)
|
|
{
|
|
pcap_t *p;
|
|
|
|
p = pcap_alloc_pcap_t(ebuf, size);
|
|
if (p == NULL)
|
|
return (NULL);
|
|
|
|
p->opt.source = strdup(source);
|
|
if (p->opt.source == NULL) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
|
|
pcap_strerror(errno));
|
|
free(p);
|
|
return (NULL);
|
|
}
|
|
|
|
/*
|
|
* Default to "can't set rfmon mode"; if it's supported by
|
|
* a platform, the create routine that called us can set
|
|
* the op to its routine to check whether a particular
|
|
* device supports it.
|
|
*/
|
|
p->can_set_rfmon_op = pcap_cant_set_rfmon;
|
|
|
|
initialize_ops(p);
|
|
|
|
/* put in some defaults*/
|
|
pcap_set_snaplen(p, MAXIMUM_SNAPLEN); /* max packet size */
|
|
p->opt.timeout = 0; /* no timeout specified */
|
|
p->opt.buffer_size = 0; /* use the platform's default */
|
|
p->opt.promisc = 0;
|
|
p->opt.rfmon = 0;
|
|
p->opt.immediate = 0;
|
|
p->opt.tstamp_type = -1; /* default to not setting time stamp type */
|
|
p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
|
|
return (p);
|
|
}
|
|
|
|
int
|
|
pcap_check_activated(pcap_t *p)
|
|
{
|
|
if (p->activated) {
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
|
|
" operation on activated capture");
|
|
return (-1);
|
|
}
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_snaplen(pcap_t *p, int snaplen)
|
|
{
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
p->snapshot = snaplen;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_promisc(pcap_t *p, int promisc)
|
|
{
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
p->opt.promisc = promisc;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_rfmon(pcap_t *p, int rfmon)
|
|
{
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
p->opt.rfmon = rfmon;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_timeout(pcap_t *p, int timeout_ms)
|
|
{
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
p->opt.timeout = timeout_ms;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
|
|
{
|
|
int i;
|
|
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
|
|
/*
|
|
* If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
|
|
* the default time stamp type is PCAP_TSTAMP_HOST.
|
|
*/
|
|
if (p->tstamp_type_count == 0) {
|
|
if (tstamp_type == PCAP_TSTAMP_HOST) {
|
|
p->opt.tstamp_type = tstamp_type;
|
|
return (0);
|
|
}
|
|
} else {
|
|
/*
|
|
* Check whether we claim to support this type of time stamp.
|
|
*/
|
|
for (i = 0; i < p->tstamp_type_count; i++) {
|
|
if (p->tstamp_type_list[i] == tstamp_type) {
|
|
/*
|
|
* Yes.
|
|
*/
|
|
p->opt.tstamp_type = tstamp_type;
|
|
return (0);
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* We don't support this type of time stamp.
|
|
*/
|
|
return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
|
|
}
|
|
|
|
int
|
|
pcap_set_immediate_mode(pcap_t *p, int immediate)
|
|
{
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
p->opt.immediate = immediate;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_buffer_size(pcap_t *p, int buffer_size)
|
|
{
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
p->opt.buffer_size = buffer_size;
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
|
|
{
|
|
int i;
|
|
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
|
|
/*
|
|
* If p->tstamp_precision_count is 0, we only support setting
|
|
* the time stamp precision to microsecond precision; every
|
|
* pcap module *MUST* support microsecond precision, even if
|
|
* it does so by converting the native precision to
|
|
* microseconds.
|
|
*/
|
|
if (p->tstamp_precision_count == 0) {
|
|
if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
|
|
p->opt.tstamp_precision = tstamp_precision;
|
|
return (0);
|
|
}
|
|
} else {
|
|
/*
|
|
* Check whether we claim to support this precision of
|
|
* time stamp.
|
|
*/
|
|
for (i = 0; i < p->tstamp_precision_count; i++) {
|
|
if (p->tstamp_precision_list[i] == tstamp_precision) {
|
|
/*
|
|
* Yes.
|
|
*/
|
|
p->opt.tstamp_precision = tstamp_precision;
|
|
return (0);
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* We don't support this time stamp precision.
|
|
*/
|
|
return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
|
|
}
|
|
|
|
int
|
|
pcap_get_tstamp_precision(pcap_t *p)
|
|
{
|
|
return (p->opt.tstamp_precision);
|
|
}
|
|
|
|
int
|
|
pcap_activate(pcap_t *p)
|
|
{
|
|
int status;
|
|
|
|
/*
|
|
* Catch attempts to re-activate an already-activated
|
|
* pcap_t; this should, for example, catch code that
|
|
* calls pcap_open_live() followed by pcap_activate(),
|
|
* as some code that showed up in a Stack Exchange
|
|
* question did.
|
|
*/
|
|
if (pcap_check_activated(p))
|
|
return (PCAP_ERROR_ACTIVATED);
|
|
status = p->activate_op(p);
|
|
if (status >= 0)
|
|
p->activated = 1;
|
|
else {
|
|
if (p->errbuf[0] == '\0') {
|
|
/*
|
|
* No error message supplied by the activate routine;
|
|
* for the benefit of programs that don't specially
|
|
* handle errors other than PCAP_ERROR, return the
|
|
* error message corresponding to the status.
|
|
*/
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
|
|
pcap_statustostr(status));
|
|
}
|
|
|
|
/*
|
|
* Undo any operation pointer setting, etc. done by
|
|
* the activate operation.
|
|
*/
|
|
initialize_ops(p);
|
|
}
|
|
return (status);
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
|
|
{
|
|
pcap_t *p;
|
|
int status;
|
|
|
|
p = pcap_create(source, errbuf);
|
|
if (p == NULL)
|
|
return (NULL);
|
|
status = pcap_set_snaplen(p, snaplen);
|
|
if (status < 0)
|
|
goto fail;
|
|
status = pcap_set_promisc(p, promisc);
|
|
if (status < 0)
|
|
goto fail;
|
|
status = pcap_set_timeout(p, to_ms);
|
|
if (status < 0)
|
|
goto fail;
|
|
/*
|
|
* Mark this as opened with pcap_open_live(), so that, for
|
|
* example, we show the full list of DLT_ values, rather
|
|
* than just the ones that are compatible with capturing
|
|
* when not in monitor mode. That allows existing applications
|
|
* to work the way they used to work, but allows new applications
|
|
* that know about the new open API to, for example, find out the
|
|
* DLT_ values that they can select without changing whether
|
|
* the adapter is in monitor mode or not.
|
|
*/
|
|
p->oldstyle = 1;
|
|
status = pcap_activate(p);
|
|
if (status < 0)
|
|
goto fail;
|
|
return (p);
|
|
fail:
|
|
if (status == PCAP_ERROR)
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
|
|
p->errbuf);
|
|
else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
|
|
status == PCAP_ERROR_PERM_DENIED ||
|
|
status == PCAP_ERROR_PROMISC_PERM_DENIED)
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
|
|
pcap_statustostr(status), p->errbuf);
|
|
else
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
|
|
pcap_statustostr(status));
|
|
pcap_close(p);
|
|
return (NULL);
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_open_offline_common(char *ebuf, size_t size)
|
|
{
|
|
pcap_t *p;
|
|
|
|
p = pcap_alloc_pcap_t(ebuf, size);
|
|
if (p == NULL)
|
|
return (NULL);
|
|
|
|
p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
|
|
p->opt.source = strdup("(savefile)");
|
|
if (p->opt.source == NULL) {
|
|
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
|
|
pcap_strerror(errno));
|
|
free(p);
|
|
return (NULL);
|
|
}
|
|
|
|
return (p);
|
|
}
|
|
|
|
int
|
|
pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|
{
|
|
return (p->read_op(p, cnt, callback, user));
|
|
}
|
|
|
|
/*
|
|
* XXX - is this necessary?
|
|
*/
|
|
int
|
|
pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|
{
|
|
|
|
return (p->read_op(p, cnt, callback, user));
|
|
}
|
|
|
|
int
|
|
pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
|
{
|
|
register int n;
|
|
|
|
for (;;) {
|
|
if (p->rfile != NULL) {
|
|
/*
|
|
* 0 means EOF, so don't loop if we get 0.
|
|
*/
|
|
n = pcap_offline_read(p, cnt, callback, user);
|
|
} else {
|
|
/*
|
|
* XXX keep reading until we get something
|
|
* (or an error occurs)
|
|
*/
|
|
do {
|
|
n = p->read_op(p, cnt, callback, user);
|
|
} while (n == 0);
|
|
}
|
|
if (n <= 0)
|
|
return (n);
|
|
if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
|
|
cnt -= n;
|
|
if (cnt <= 0)
|
|
return (0);
|
|
}
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
|
|
*/
|
|
void
|
|
pcap_breakloop(pcap_t *p)
|
|
{
|
|
p->break_loop = 1;
|
|
}
|
|
|
|
int
|
|
pcap_datalink(pcap_t *p)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
return (p->linktype);
|
|
}
|
|
|
|
int
|
|
pcap_datalink_ext(pcap_t *p)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
return (p->linktype_ext);
|
|
}
|
|
|
|
int
|
|
pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
if (p->dlt_count == 0) {
|
|
/*
|
|
* We couldn't fetch the list of DLTs, which means
|
|
* this platform doesn't support changing the
|
|
* DLT for an interface. Return a list of DLTs
|
|
* containing only the DLT this device supports.
|
|
*/
|
|
*dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
|
|
if (*dlt_buffer == NULL) {
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf),
|
|
"malloc: %s", pcap_strerror(errno));
|
|
return (PCAP_ERROR);
|
|
}
|
|
**dlt_buffer = p->linktype;
|
|
return (1);
|
|
} else {
|
|
*dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
|
|
if (*dlt_buffer == NULL) {
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf),
|
|
"malloc: %s", pcap_strerror(errno));
|
|
return (PCAP_ERROR);
|
|
}
|
|
(void)memcpy(*dlt_buffer, p->dlt_list,
|
|
sizeof(**dlt_buffer) * p->dlt_count);
|
|
return (p->dlt_count);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* In Windows, you might have a library built with one version of the
|
|
* C runtime library and an application built with another version of
|
|
* the C runtime library, which means that the library might use one
|
|
* version of malloc() and free() and the application might use another
|
|
* version of malloc() and free(). If so, that means something
|
|
* allocated by the library cannot be freed by the application, so we
|
|
* need to have a pcap_free_datalinks() routine to free up the list
|
|
* allocated by pcap_list_datalinks(), even though it's just a wrapper
|
|
* around free().
|
|
*/
|
|
void
|
|
pcap_free_datalinks(int *dlt_list)
|
|
{
|
|
free(dlt_list);
|
|
}
|
|
|
|
int
|
|
pcap_set_datalink(pcap_t *p, int dlt)
|
|
{
|
|
int i;
|
|
const char *dlt_name;
|
|
|
|
if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
|
|
/*
|
|
* We couldn't fetch the list of DLTs, or we don't
|
|
* have a "set datalink" operation, which means
|
|
* this platform doesn't support changing the
|
|
* DLT for an interface. Check whether the new
|
|
* DLT is the one this interface supports.
|
|
*/
|
|
if (p->linktype != dlt)
|
|
goto unsupported;
|
|
|
|
/*
|
|
* It is, so there's nothing we need to do here.
|
|
*/
|
|
return (0);
|
|
}
|
|
for (i = 0; i < p->dlt_count; i++)
|
|
if (p->dlt_list[i] == dlt)
|
|
break;
|
|
if (i >= p->dlt_count)
|
|
goto unsupported;
|
|
if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
|
|
dlt == DLT_DOCSIS) {
|
|
/*
|
|
* This is presumably an Ethernet device, as the first
|
|
* link-layer type it offers is DLT_EN10MB, and the only
|
|
* other type it offers is DLT_DOCSIS. That means that
|
|
* we can't tell the driver to supply DOCSIS link-layer
|
|
* headers - we're just pretending that's what we're
|
|
* getting, as, presumably, we're capturing on a dedicated
|
|
* link to a Cisco Cable Modem Termination System, and
|
|
* it's putting raw DOCSIS frames on the wire inside low-level
|
|
* Ethernet framing.
|
|
*/
|
|
p->linktype = dlt;
|
|
return (0);
|
|
}
|
|
if (p->set_datalink_op(p, dlt) == -1)
|
|
return (-1);
|
|
p->linktype = dlt;
|
|
return (0);
|
|
|
|
unsupported:
|
|
dlt_name = pcap_datalink_val_to_name(dlt);
|
|
if (dlt_name != NULL) {
|
|
(void) snprintf(p->errbuf, sizeof(p->errbuf),
|
|
"%s is not one of the DLTs supported by this device",
|
|
dlt_name);
|
|
} else {
|
|
(void) snprintf(p->errbuf, sizeof(p->errbuf),
|
|
"DLT %d is not one of the DLTs supported by this device",
|
|
dlt);
|
|
}
|
|
return (-1);
|
|
}
|
|
|
|
/*
|
|
* This array is designed for mapping upper and lower case letter
|
|
* together for a case independent comparison. The mappings are
|
|
* based upon ascii character sequences.
|
|
*/
|
|
static const u_char charmap[] = {
|
|
(u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
|
|
(u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
|
|
(u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
|
|
(u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
|
|
(u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
|
|
(u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
|
|
(u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
|
|
(u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
|
|
(u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
|
|
(u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
|
|
(u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
|
|
(u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
|
|
(u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
|
|
(u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
|
|
(u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
|
|
(u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
|
|
(u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
|
|
(u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
|
|
(u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
|
|
(u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
|
|
(u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
|
|
(u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
|
|
(u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
|
|
(u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
|
|
(u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
|
|
(u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
|
|
(u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
|
|
(u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
|
|
(u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
|
|
(u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
|
|
(u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
|
|
(u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
|
|
(u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
|
|
(u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
|
|
(u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
|
|
(u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
|
|
(u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
|
|
(u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
|
|
(u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
|
|
(u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
|
|
(u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
|
|
(u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
|
|
(u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
|
|
(u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
|
|
(u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
|
|
(u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
|
|
(u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
|
|
(u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
|
|
(u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
|
|
(u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
|
|
(u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
|
|
(u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
|
|
(u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
|
|
(u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
|
|
(u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
|
|
(u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
|
|
(u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
|
|
(u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
|
|
(u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
|
|
(u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
|
|
(u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
|
|
(u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
|
|
(u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
|
|
(u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
|
|
};
|
|
|
|
int
|
|
pcap_strcasecmp(const char *s1, const char *s2)
|
|
{
|
|
register const u_char *cm = charmap,
|
|
*us1 = (const u_char *)s1,
|
|
*us2 = (const u_char *)s2;
|
|
|
|
while (cm[*us1] == cm[*us2++])
|
|
if (*us1++ == '\0')
|
|
return(0);
|
|
return (cm[*us1] - cm[*--us2]);
|
|
}
|
|
|
|
struct dlt_choice {
|
|
const char *name;
|
|
const char *description;
|
|
int dlt;
|
|
};
|
|
|
|
#define DLT_CHOICE(code, description) { #code, description, code }
|
|
#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
|
|
|
|
static struct dlt_choice dlt_choices[] = {
|
|
DLT_CHOICE(DLT_NULL, "BSD loopback"),
|
|
DLT_CHOICE(DLT_EN10MB, "Ethernet"),
|
|
DLT_CHOICE(DLT_IEEE802, "Token ring"),
|
|
DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
|
|
DLT_CHOICE(DLT_SLIP, "SLIP"),
|
|
DLT_CHOICE(DLT_PPP, "PPP"),
|
|
DLT_CHOICE(DLT_FDDI, "FDDI"),
|
|
DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
|
|
DLT_CHOICE(DLT_RAW, "Raw IP"),
|
|
DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
|
|
DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
|
|
DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
|
|
DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
|
|
DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
|
|
DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
|
|
DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
|
|
DLT_CHOICE(DLT_IEEE802_11, "802.11"),
|
|
DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
|
|
DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
|
|
DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
|
|
DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
|
|
DLT_CHOICE(DLT_LTALK, "Localtalk"),
|
|
DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
|
|
DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
|
|
DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
|
|
DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
|
|
DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
|
|
DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
|
|
DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
|
|
DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
|
|
DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
|
|
DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
|
|
DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
|
|
DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
|
|
DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
|
|
DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
|
|
DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
|
|
DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
|
|
DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
|
|
DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
|
|
DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
|
|
DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
|
|
DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
|
|
DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
|
|
DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
|
|
DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
|
|
DLT_CHOICE(DLT_BACNET_MS_TP, "BACnet MS/TP"),
|
|
DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
|
|
DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
|
|
DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
|
|
DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
|
|
DLT_CHOICE(DLT_GPF_T, "GPF-T"),
|
|
DLT_CHOICE(DLT_GPF_F, "GPF-F"),
|
|
DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
|
|
DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"),
|
|
DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
|
|
DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
|
|
DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
|
|
DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
|
|
DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
|
|
DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
|
|
DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
|
|
DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
|
|
DLT_CHOICE(DLT_A429, "Arinc 429"),
|
|
DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
|
|
DLT_CHOICE(DLT_USB, "USB"),
|
|
DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
|
|
DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
|
|
DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
|
|
DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
|
|
DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
|
|
DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
|
|
DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
|
|
DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
|
|
DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"),
|
|
DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
|
|
DLT_CHOICE(DLT_ERF, "Endace ERF header"),
|
|
DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
|
|
DLT_CHOICE(DLT_IPMB, "IPMB"),
|
|
DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
|
|
DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
|
|
DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
|
|
DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
|
|
DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
|
|
DLT_CHOICE(DLT_LINUX_EVDEV, "Linux evdev events"),
|
|
DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
|
|
DLT_CHOICE(DLT_DECT, "DECT"),
|
|
DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"),
|
|
DLT_CHOICE(DLT_WIHART, "Wireless HART"),
|
|
DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"),
|
|
DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
|
|
DLT_CHOICE(DLT_IPNET, "Solaris ipnet"),
|
|
DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
|
|
DLT_CHOICE(DLT_IPV4, "Raw IPv4"),
|
|
DLT_CHOICE(DLT_IPV6, "Raw IPv6"),
|
|
DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
|
|
DLT_CHOICE(DLT_DBUS, "D-Bus"),
|
|
DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"),
|
|
DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"),
|
|
DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
|
|
DLT_CHOICE(DLT_DVB_CI, "DVB-CI"),
|
|
DLT_CHOICE(DLT_MUX27010, "MUX27010"),
|
|
DLT_CHOICE(DLT_STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
|
|
DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
|
|
DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"),
|
|
DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
|
|
DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
|
|
DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"),
|
|
DLT_CHOICE(DLT_MPEG_2_TS, "MPEG-2 transport stream"),
|
|
DLT_CHOICE(DLT_NG40, "ng40 protocol tester Iub/Iur"),
|
|
DLT_CHOICE(DLT_NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
|
|
DLT_CHOICE(DLT_INFINIBAND, "InfiniBand"),
|
|
DLT_CHOICE(DLT_SCTP, "SCTP"),
|
|
DLT_CHOICE(DLT_USBPCAP, "USB with USBPcap header"),
|
|
DLT_CHOICE(DLT_RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
|
|
DLT_CHOICE(DLT_BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
|
|
DLT_CHOICE(DLT_NETLINK, "Linux netlink"),
|
|
DLT_CHOICE(DLT_BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
|
|
DLT_CHOICE(DLT_BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
|
|
DLT_CHOICE(DLT_BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
|
|
DLT_CHOICE(DLT_PROFIBUS_DL, "PROFIBUS data link layer"),
|
|
DLT_CHOICE(DLT_PKTAP, "Apple DLT_PKTAP"),
|
|
DLT_CHOICE(DLT_EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
|
|
DLT_CHOICE_SENTINEL
|
|
};
|
|
|
|
int
|
|
pcap_datalink_name_to_val(const char *name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; dlt_choices[i].name != NULL; i++) {
|
|
if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
|
|
name) == 0)
|
|
return (dlt_choices[i].dlt);
|
|
}
|
|
return (-1);
|
|
}
|
|
|
|
const char *
|
|
pcap_datalink_val_to_name(int dlt)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; dlt_choices[i].name != NULL; i++) {
|
|
if (dlt_choices[i].dlt == dlt)
|
|
return (dlt_choices[i].name + sizeof("DLT_") - 1);
|
|
}
|
|
return (NULL);
|
|
}
|
|
|
|
const char *
|
|
pcap_datalink_val_to_description(int dlt)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; dlt_choices[i].name != NULL; i++) {
|
|
if (dlt_choices[i].dlt == dlt)
|
|
return (dlt_choices[i].description);
|
|
}
|
|
return (NULL);
|
|
}
|
|
|
|
struct tstamp_type_choice {
|
|
const char *name;
|
|
const char *description;
|
|
int type;
|
|
};
|
|
|
|
static struct tstamp_type_choice tstamp_type_choices[] = {
|
|
{ "host", "Host", PCAP_TSTAMP_HOST },
|
|
{ "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
|
|
{ "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
|
|
{ "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
|
|
{ "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
|
|
{ NULL, NULL, 0 }
|
|
};
|
|
|
|
int
|
|
pcap_tstamp_type_name_to_val(const char *name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
|
|
if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
|
|
return (tstamp_type_choices[i].type);
|
|
}
|
|
return (PCAP_ERROR);
|
|
}
|
|
|
|
const char *
|
|
pcap_tstamp_type_val_to_name(int tstamp_type)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
|
|
if (tstamp_type_choices[i].type == tstamp_type)
|
|
return (tstamp_type_choices[i].name);
|
|
}
|
|
return (NULL);
|
|
}
|
|
|
|
const char *
|
|
pcap_tstamp_type_val_to_description(int tstamp_type)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
|
|
if (tstamp_type_choices[i].type == tstamp_type)
|
|
return (tstamp_type_choices[i].description);
|
|
}
|
|
return (NULL);
|
|
}
|
|
|
|
int
|
|
pcap_snapshot(pcap_t *p)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
return (p->snapshot);
|
|
}
|
|
|
|
int
|
|
pcap_is_swapped(pcap_t *p)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
return (p->swapped);
|
|
}
|
|
|
|
int
|
|
pcap_major_version(pcap_t *p)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
return (p->version_major);
|
|
}
|
|
|
|
int
|
|
pcap_minor_version(pcap_t *p)
|
|
{
|
|
if (!p->activated)
|
|
return (PCAP_ERROR_NOT_ACTIVATED);
|
|
return (p->version_minor);
|
|
}
|
|
|
|
FILE *
|
|
pcap_file(pcap_t *p)
|
|
{
|
|
return (p->rfile);
|
|
}
|
|
|
|
int
|
|
pcap_fileno(pcap_t *p)
|
|
{
|
|
#ifndef WIN32
|
|
return (p->fd);
|
|
#else
|
|
if (p->adapter != NULL)
|
|
return ((int)(DWORD)p->adapter->hFile);
|
|
else
|
|
return (PCAP_ERROR);
|
|
#endif
|
|
}
|
|
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
|
int
|
|
pcap_get_selectable_fd(pcap_t *p)
|
|
{
|
|
return (p->selectable_fd);
|
|
}
|
|
#endif
|
|
|
|
void
|
|
pcap_perror(pcap_t *p, char *prefix)
|
|
{
|
|
fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
|
|
}
|
|
|
|
char *
|
|
pcap_geterr(pcap_t *p)
|
|
{
|
|
return (p->errbuf);
|
|
}
|
|
|
|
int
|
|
pcap_getnonblock(pcap_t *p, char *errbuf)
|
|
{
|
|
int ret;
|
|
|
|
ret = p->getnonblock_op(p, errbuf);
|
|
if (ret == -1) {
|
|
/*
|
|
* In case somebody depended on the bug wherein
|
|
* the error message was put into p->errbuf
|
|
* by pcap_getnonblock_fd().
|
|
*/
|
|
strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
|
|
}
|
|
return (ret);
|
|
}
|
|
|
|
/*
|
|
* Get the current non-blocking mode setting, under the assumption that
|
|
* it's just the standard POSIX non-blocking flag.
|
|
*
|
|
* We don't look at "p->nonblock", in case somebody tweaked the FD
|
|
* directly.
|
|
*/
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
|
int
|
|
pcap_getnonblock_fd(pcap_t *p, char *errbuf)
|
|
{
|
|
int fdflags;
|
|
|
|
fdflags = fcntl(p->fd, F_GETFL, 0);
|
|
if (fdflags == -1) {
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
|
|
pcap_strerror(errno));
|
|
return (-1);
|
|
}
|
|
if (fdflags & O_NONBLOCK)
|
|
return (1);
|
|
else
|
|
return (0);
|
|
}
|
|
#endif
|
|
|
|
int
|
|
pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
|
|
{
|
|
int ret;
|
|
|
|
ret = p->setnonblock_op(p, nonblock, errbuf);
|
|
if (ret == -1) {
|
|
/*
|
|
* In case somebody depended on the bug wherein
|
|
* the error message was put into p->errbuf
|
|
* by pcap_setnonblock_fd().
|
|
*/
|
|
strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
|
|
}
|
|
return (ret);
|
|
}
|
|
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
|
/*
|
|
* Set non-blocking mode, under the assumption that it's just the
|
|
* standard POSIX non-blocking flag. (This can be called by the
|
|
* per-platform non-blocking-mode routine if that routine also
|
|
* needs to do some additional work.)
|
|
*/
|
|
int
|
|
pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
|
|
{
|
|
int fdflags;
|
|
|
|
fdflags = fcntl(p->fd, F_GETFL, 0);
|
|
if (fdflags == -1) {
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
|
|
pcap_strerror(errno));
|
|
return (-1);
|
|
}
|
|
if (nonblock)
|
|
fdflags |= O_NONBLOCK;
|
|
else
|
|
fdflags &= ~O_NONBLOCK;
|
|
if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
|
|
snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
|
|
pcap_strerror(errno));
|
|
return (-1);
|
|
}
|
|
return (0);
|
|
}
|
|
#endif
|
|
|
|
#ifdef WIN32
|
|
/*
|
|
* Generate a string for the last Win32-specific error (i.e. an error generated when
|
|
* calling a Win32 API).
|
|
* For errors occurred during standard C calls, we still use pcap_strerror()
|
|
*/
|
|
char *
|
|
pcap_win32strerror(void)
|
|
{
|
|
DWORD error;
|
|
static char errbuf[PCAP_ERRBUF_SIZE+1];
|
|
int errlen;
|
|
char *p;
|
|
|
|
error = GetLastError();
|
|
FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
|
|
PCAP_ERRBUF_SIZE, NULL);
|
|
|
|
/*
|
|
* "FormatMessage()" "helpfully" sticks CR/LF at the end of the
|
|
* message. Get rid of it.
|
|
*/
|
|
errlen = strlen(errbuf);
|
|
if (errlen >= 2) {
|
|
errbuf[errlen - 1] = '\0';
|
|
errbuf[errlen - 2] = '\0';
|
|
}
|
|
p = strchr(errbuf, '\0');
|
|
snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
|
|
return (errbuf);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
|
|
*/
|
|
const char *
|
|
pcap_statustostr(int errnum)
|
|
{
|
|
static char ebuf[15+10+1];
|
|
|
|
switch (errnum) {
|
|
|
|
case PCAP_WARNING:
|
|
return("Generic warning");
|
|
|
|
case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
|
|
return ("That type of time stamp is not supported by that device");
|
|
|
|
case PCAP_WARNING_PROMISC_NOTSUP:
|
|
return ("That device doesn't support promiscuous mode");
|
|
|
|
case PCAP_ERROR:
|
|
return("Generic error");
|
|
|
|
case PCAP_ERROR_BREAK:
|
|
return("Loop terminated by pcap_breakloop");
|
|
|
|
case PCAP_ERROR_NOT_ACTIVATED:
|
|
return("The pcap_t has not been activated");
|
|
|
|
case PCAP_ERROR_ACTIVATED:
|
|
return ("The setting can't be changed after the pcap_t is activated");
|
|
|
|
case PCAP_ERROR_NO_SUCH_DEVICE:
|
|
return ("No such device exists");
|
|
|
|
case PCAP_ERROR_RFMON_NOTSUP:
|
|
return ("That device doesn't support monitor mode");
|
|
|
|
case PCAP_ERROR_NOT_RFMON:
|
|
return ("That operation is supported only in monitor mode");
|
|
|
|
case PCAP_ERROR_PERM_DENIED:
|
|
return ("You don't have permission to capture on that device");
|
|
|
|
case PCAP_ERROR_IFACE_NOT_UP:
|
|
return ("That device is not up");
|
|
|
|
case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
|
|
return ("That device doesn't support setting the time stamp type");
|
|
|
|
case PCAP_ERROR_PROMISC_PERM_DENIED:
|
|
return ("You don't have permission to capture in promiscuous mode on that device");
|
|
|
|
case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
|
|
return ("That device doesn't support that time stamp precision");
|
|
}
|
|
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
|
|
return(ebuf);
|
|
}
|
|
|
|
/*
|
|
* Not all systems have strerror().
|
|
*/
|
|
const char *
|
|
pcap_strerror(int errnum)
|
|
{
|
|
#ifdef HAVE_STRERROR
|
|
return (strerror(errnum));
|
|
#else
|
|
extern int sys_nerr;
|
|
extern const char *const sys_errlist[];
|
|
static char ebuf[15+10+1];
|
|
|
|
if ((unsigned int)errnum < sys_nerr)
|
|
return ((char *)sys_errlist[errnum]);
|
|
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
|
|
return(ebuf);
|
|
#endif
|
|
}
|
|
|
|
int
|
|
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
|
|
{
|
|
return (p->setfilter_op(p, fp));
|
|
}
|
|
|
|
/*
|
|
* Set direction flag, which controls whether we accept only incoming
|
|
* packets, only outgoing packets, or both.
|
|
* Note that, depending on the platform, some or all direction arguments
|
|
* might not be supported.
|
|
*/
|
|
int
|
|
pcap_setdirection(pcap_t *p, pcap_direction_t d)
|
|
{
|
|
if (p->setdirection_op == NULL) {
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
"Setting direction is not implemented on this platform");
|
|
return (-1);
|
|
} else
|
|
return (p->setdirection_op(p, d));
|
|
}
|
|
|
|
int
|
|
pcap_stats(pcap_t *p, struct pcap_stat *ps)
|
|
{
|
|
return (p->stats_op(p, ps));
|
|
}
|
|
|
|
static int
|
|
pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
|
|
{
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
"Statistics aren't available from a pcap_open_dead pcap_t");
|
|
return (-1);
|
|
}
|
|
|
|
#ifdef WIN32
|
|
int
|
|
pcap_setbuff(pcap_t *p, int dim)
|
|
{
|
|
return (p->setbuff_op(p, dim));
|
|
}
|
|
|
|
static int
|
|
pcap_setbuff_dead(pcap_t *p, int dim)
|
|
{
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
"The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
|
|
return (-1);
|
|
}
|
|
|
|
int
|
|
pcap_setmode(pcap_t *p, int mode)
|
|
{
|
|
return (p->setmode_op(p, mode));
|
|
}
|
|
|
|
static int
|
|
pcap_setmode_dead(pcap_t *p, int mode)
|
|
{
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
"impossible to set mode on a pcap_open_dead pcap_t");
|
|
return (-1);
|
|
}
|
|
|
|
int
|
|
pcap_setmintocopy(pcap_t *p, int size)
|
|
{
|
|
return (p->setmintocopy_op(p, size));
|
|
}
|
|
|
|
Adapter *
|
|
pcap_get_adapter(pcap_t *p)
|
|
{
|
|
return (p->getadapter_op(p));
|
|
}
|
|
|
|
static int
|
|
pcap_setmintocopy_dead(pcap_t *p, int size)
|
|
{
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
|
|
"The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
|
|
return (-1);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* On some platforms, we need to clean up promiscuous or monitor mode
|
|
* when we close a device - and we want that to happen even if the
|
|
* application just exits without explicitl closing devices.
|
|
* On those platforms, we need to register a "close all the pcaps"
|
|
* routine to be called when we exit, and need to maintain a list of
|
|
* pcaps that need to be closed to clean up modes.
|
|
*
|
|
* XXX - not thread-safe.
|
|
*/
|
|
|
|
/*
|
|
* List of pcaps on which we've done something that needs to be
|
|
* cleaned up.
|
|
* If there are any such pcaps, we arrange to call "pcap_close_all()"
|
|
* when we exit, and have it close all of them.
|
|
*/
|
|
static struct pcap *pcaps_to_close;
|
|
|
|
/*
|
|
* TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
|
|
* be called on exit.
|
|
*/
|
|
static int did_atexit;
|
|
|
|
static void
|
|
pcap_close_all(void)
|
|
{
|
|
struct pcap *handle;
|
|
|
|
while ((handle = pcaps_to_close) != NULL)
|
|
pcap_close(handle);
|
|
}
|
|
|
|
int
|
|
pcap_do_addexit(pcap_t *p)
|
|
{
|
|
/*
|
|
* If we haven't already done so, arrange to have
|
|
* "pcap_close_all()" called when we exit.
|
|
*/
|
|
if (!did_atexit) {
|
|
if (atexit(pcap_close_all) == -1) {
|
|
/*
|
|
* "atexit()" failed; let our caller know.
|
|
*/
|
|
strncpy(p->errbuf, "atexit failed",
|
|
PCAP_ERRBUF_SIZE);
|
|
return (0);
|
|
}
|
|
did_atexit = 1;
|
|
}
|
|
return (1);
|
|
}
|
|
|
|
void
|
|
pcap_add_to_pcaps_to_close(pcap_t *p)
|
|
{
|
|
p->next = pcaps_to_close;
|
|
pcaps_to_close = p;
|
|
}
|
|
|
|
void
|
|
pcap_remove_from_pcaps_to_close(pcap_t *p)
|
|
{
|
|
pcap_t *pc, *prevpc;
|
|
|
|
for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
|
|
prevpc = pc, pc = pc->next) {
|
|
if (pc == p) {
|
|
/*
|
|
* Found it. Remove it from the list.
|
|
*/
|
|
if (prevpc == NULL) {
|
|
/*
|
|
* It was at the head of the list.
|
|
*/
|
|
pcaps_to_close = pc->next;
|
|
} else {
|
|
/*
|
|
* It was in the middle of the list.
|
|
*/
|
|
prevpc->next = pc->next;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
void
|
|
pcap_cleanup_live_common(pcap_t *p)
|
|
{
|
|
if (p->buffer != NULL) {
|
|
free(p->buffer);
|
|
p->buffer = NULL;
|
|
}
|
|
if (p->dlt_list != NULL) {
|
|
free(p->dlt_list);
|
|
p->dlt_list = NULL;
|
|
p->dlt_count = 0;
|
|
}
|
|
if (p->tstamp_type_list != NULL) {
|
|
free(p->tstamp_type_list);
|
|
p->tstamp_type_list = NULL;
|
|
p->tstamp_type_count = 0;
|
|
}
|
|
if (p->tstamp_precision_list != NULL) {
|
|
free(p->tstamp_precision_list);
|
|
p->tstamp_precision_list = NULL;
|
|
p->tstamp_precision_count = 0;
|
|
}
|
|
pcap_freecode(&p->fcode);
|
|
#if !defined(WIN32) && !defined(MSDOS)
|
|
if (p->fd >= 0) {
|
|
close(p->fd);
|
|
p->fd = -1;
|
|
}
|
|
p->selectable_fd = -1;
|
|
#endif
|
|
}
|
|
|
|
static void
|
|
pcap_cleanup_dead(pcap_t *p _U_)
|
|
{
|
|
/* Nothing to do. */
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
|
|
{
|
|
pcap_t *p;
|
|
|
|
switch (precision) {
|
|
|
|
case PCAP_TSTAMP_PRECISION_MICRO:
|
|
case PCAP_TSTAMP_PRECISION_NANO:
|
|
break;
|
|
|
|
default:
|
|
return NULL;
|
|
}
|
|
p = malloc(sizeof(*p));
|
|
if (p == NULL)
|
|
return NULL;
|
|
memset (p, 0, sizeof(*p));
|
|
p->snapshot = snaplen;
|
|
p->linktype = linktype;
|
|
p->opt.tstamp_precision = precision;
|
|
p->stats_op = pcap_stats_dead;
|
|
#ifdef WIN32
|
|
p->setbuff_op = pcap_setbuff_dead;
|
|
p->setmode_op = pcap_setmode_dead;
|
|
p->setmintocopy_op = pcap_setmintocopy_dead;
|
|
#endif
|
|
p->cleanup_op = pcap_cleanup_dead;
|
|
p->activated = 1;
|
|
return (p);
|
|
}
|
|
|
|
pcap_t *
|
|
pcap_open_dead(int linktype, int snaplen)
|
|
{
|
|
return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
|
|
PCAP_TSTAMP_PRECISION_MICRO));
|
|
}
|
|
|
|
/*
|
|
* API compatible with WinPcap's "send a packet" routine - returns -1
|
|
* on error, 0 otherwise.
|
|
*
|
|
* XXX - what if we get a short write?
|
|
*/
|
|
int
|
|
pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
|
|
{
|
|
if (p->inject_op(p, buf, size) == -1)
|
|
return (-1);
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* API compatible with OpenBSD's "send a packet" routine - returns -1 on
|
|
* error, number of bytes written otherwise.
|
|
*/
|
|
int
|
|
pcap_inject(pcap_t *p, const void *buf, size_t size)
|
|
{
|
|
return (p->inject_op(p, buf, size));
|
|
}
|
|
|
|
void
|
|
pcap_close(pcap_t *p)
|
|
{
|
|
if (p->opt.source != NULL)
|
|
free(p->opt.source);
|
|
p->cleanup_op(p);
|
|
free(p);
|
|
}
|
|
|
|
/*
|
|
* Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
|
|
* data for the packet, check whether the packet passes the filter.
|
|
* Returns the return value of the filter program, which will be zero if
|
|
* the packet doesn't pass and non-zero if the packet does pass.
|
|
*/
|
|
int
|
|
pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
|
|
const u_char *pkt)
|
|
{
|
|
const struct bpf_insn *fcode = fp->bf_insns;
|
|
|
|
if (fcode != NULL)
|
|
return (bpf_filter(fcode, pkt, h->len, h->caplen));
|
|
else
|
|
return (0);
|
|
}
|
|
|
|
/*
|
|
* We make the version string static, and return a pointer to it, rather
|
|
* than exporting the version string directly. On at least some UNIXes,
|
|
* if you import data from a shared library into an program, the data is
|
|
* bound into the program binary, so if the string in the version of the
|
|
* library with which the program was linked isn't the same as the
|
|
* string in the version of the library with which the program is being
|
|
* run, various undesirable things may happen (warnings, the string
|
|
* being the one from the version of the library with which the program
|
|
* was linked, or even weirder things, such as the string being the one
|
|
* from the library but being truncated).
|
|
*/
|
|
#ifdef HAVE_VERSION_H
|
|
#include "version.h"
|
|
#else
|
|
static const char pcap_version_string[] = "libpcap version 1.x.y";
|
|
#endif
|
|
|
|
#ifdef WIN32
|
|
/*
|
|
* XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
|
|
* version numbers when building WinPcap. (It'd be nice to do so for
|
|
* the packet.dll version number as well.)
|
|
*/
|
|
static const char wpcap_version_string[] = "4.0";
|
|
static const char pcap_version_string_fmt[] =
|
|
"WinPcap version %s, based on %s";
|
|
static const char pcap_version_string_packet_dll_fmt[] =
|
|
"WinPcap version %s (packet.dll version %s), based on %s";
|
|
static char *full_pcap_version_string;
|
|
|
|
const char *
|
|
pcap_lib_version(void)
|
|
{
|
|
char *packet_version_string;
|
|
size_t full_pcap_version_string_len;
|
|
|
|
if (full_pcap_version_string == NULL) {
|
|
/*
|
|
* Generate the version string.
|
|
*/
|
|
packet_version_string = PacketGetVersion();
|
|
if (strcmp(wpcap_version_string, packet_version_string) == 0) {
|
|
/*
|
|
* WinPcap version string and packet.dll version
|
|
* string are the same; just report the WinPcap
|
|
* version.
|
|
*/
|
|
full_pcap_version_string_len =
|
|
(sizeof pcap_version_string_fmt - 4) +
|
|
strlen(wpcap_version_string) +
|
|
strlen(pcap_version_string);
|
|
full_pcap_version_string =
|
|
malloc(full_pcap_version_string_len);
|
|
if (full_pcap_version_string == NULL)
|
|
return (NULL);
|
|
sprintf(full_pcap_version_string,
|
|
pcap_version_string_fmt, wpcap_version_string,
|
|
pcap_version_string);
|
|
} else {
|
|
/*
|
|
* WinPcap version string and packet.dll version
|
|
* string are different; that shouldn't be the
|
|
* case (the two libraries should come from the
|
|
* same version of WinPcap), so we report both
|
|
* versions.
|
|
*/
|
|
full_pcap_version_string_len =
|
|
(sizeof pcap_version_string_packet_dll_fmt - 6) +
|
|
strlen(wpcap_version_string) +
|
|
strlen(packet_version_string) +
|
|
strlen(pcap_version_string);
|
|
full_pcap_version_string = malloc(full_pcap_version_string_len);
|
|
if (full_pcap_version_string == NULL)
|
|
return (NULL);
|
|
sprintf(full_pcap_version_string,
|
|
pcap_version_string_packet_dll_fmt,
|
|
wpcap_version_string, packet_version_string,
|
|
pcap_version_string);
|
|
}
|
|
}
|
|
return (full_pcap_version_string);
|
|
}
|
|
|
|
#elif defined(MSDOS)
|
|
|
|
static char *full_pcap_version_string;
|
|
|
|
const char *
|
|
pcap_lib_version (void)
|
|
{
|
|
char *packet_version_string;
|
|
size_t full_pcap_version_string_len;
|
|
static char dospfx[] = "DOS-";
|
|
|
|
if (full_pcap_version_string == NULL) {
|
|
/*
|
|
* Generate the version string.
|
|
*/
|
|
full_pcap_version_string_len =
|
|
sizeof dospfx + strlen(pcap_version_string);
|
|
full_pcap_version_string =
|
|
malloc(full_pcap_version_string_len);
|
|
if (full_pcap_version_string == NULL)
|
|
return (NULL);
|
|
strcpy(full_pcap_version_string, dospfx);
|
|
strcat(full_pcap_version_string, pcap_version_string);
|
|
}
|
|
return (full_pcap_version_string);
|
|
}
|
|
|
|
#else /* UN*X */
|
|
|
|
const char *
|
|
pcap_lib_version(void)
|
|
{
|
|
return (pcap_version_string);
|
|
}
|
|
#endif
|