Cross Reference: /freebsd-10.2-release/contrib/libpcap/pcap.c

Deleted Added

sdiff udiff text old ( 235426 ) new ( 241231 )

full compact

pcap.c (235426)	pcap.c (241231)
1/* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 / 33 34#ifndef lint 35static const char rcsid[] _U_ = 36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)"; 37#endif 38 39#ifdef HAVE_CONFIG_H 40#include "config.h" 41#endif 42 43#ifdef WIN32 44#include <pcap-stdinc.h> 45#else / WIN32 / 46#if HAVE_INTTYPES_H 47#include <inttypes.h> 48#elif HAVE_STDINT_H 49#include <stdint.h> 50#endif 51#ifdef HAVE_SYS_BITYPES_H 52#include <sys/bitypes.h> 53#endif 54#include <sys/types.h> 55#include <sys/mman.h> 56#endif / WIN32 / 57 58#include <stdio.h> 59#include <stdlib.h> 60#include <string.h> 61#if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 62#include <unistd.h> 63#endif 64#include <fcntl.h> 65#include <errno.h> 66 67#ifdef HAVE_OS_PROTO_H 68#include "os-proto.h" 69#endif 70 71#ifdef MSDOS 72#include "pcap-dos.h" 73#endif 74 75#include "pcap-int.h" 76 77#ifdef HAVE_DAG_API 78#include <dagnew.h> 79#include <dagapi.h> 80#endif 81 82int 83pcap_not_initialized(pcap_t pcap) 84{ 85 /* this means 'not initialized' / 86 return (PCAP_ERROR_NOT_ACTIVATED); 87} 88 89/ 90 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 91 * a PCAP_ERROR value on an error. 92 / 93int 94pcap_can_set_rfmon(pcap_t p) 95{ 96 return (p->can_set_rfmon_op(p)); 97} 98 99/* 100 * For systems where rfmon mode is never supported. 101 / 102static int 103pcap_cant_set_rfmon(pcap_t p _U_) 104{ 105 return (0); 106} 107 108/* 109 * Sets tstamp_typesp to point to an array 1 or more supported time stamp 110* * types; the return value is the number of supported time stamp types. 111 * The list should be freed by a call to pcap_free_tstamp_types() when 112 * you're done with it. 113 * 114 * A return value of 0 means "you don't get a choice of time stamp type", 115 * in which case tstamp_typesp is set to null. 116* * 117 * PCAP_ERROR is returned on error. 118 / 119int 120pcap_list_tstamp_types(pcap_t p, int *tstamp_typesp) 121{ 122* if (p->tstamp_type_count == 0) { 123 /* 124 * We don't support multiple time stamp types. 125 / 126* tstamp_typesp = NULL; 127* } else { 128 tstamp_typesp = (int)calloc(sizeof(*tstamp_typesp), 129* p->tstamp_type_count); 130 if (tstamp_typesp == NULL) { 131* (void)snprintf(p->errbuf, sizeof(p->errbuf), 132 "malloc: %s", pcap_strerror(errno)); 133 return (PCAP_ERROR); 134 } 135 (void)memcpy(tstamp_typesp, p->tstamp_type_list, 136* sizeof(*tstamp_typesp) p->tstamp_type_count); 137 } 138 return (p->tstamp_type_count); 139} 140 141/* 142 * In Windows, you might have a library built with one version of the 143 * C runtime library and an application built with another version of 144 * the C runtime library, which means that the library might use one 145 * version of malloc() and free() and the application might use another 146 * version of malloc() and free(). If so, that means something 147 * allocated by the library cannot be freed by the application, so we 148 * need to have a pcap_free_tstamp_types() routine to free up the list 149 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 150 * around free(). 151 / 152void 153pcap_free_tstamp_types(int tstamp_type_list) 154{ 155 free(tstamp_type_list); 156} 157 158/* 159 * Default one-shot callback; overridden for capture types where the 160 * packet data cannot be guaranteed to be available after the callback 161 * returns, so that a copy must be made. 162 / 163static void 164pcap_oneshot(u_char user, const struct pcap_pkthdr h, const u_char pkt) 165{ 166 struct oneshot_userdata sp = (struct oneshot_userdata )user; 167 168 sp->hdr = h; 169 sp->pkt = pkt; 170} 171* 172const u_char * 173pcap_next(pcap_t p, struct pcap_pkthdr h) 174{ 175 struct oneshot_userdata s; 176 const u_char pkt; 177* 178 s.hdr = h; 179 s.pkt = &pkt; 180 s.pd = p; 181 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char )&s) <= 0) 182* return (0); 183 return (pkt); 184} 185 186int 187pcap_next_ex(pcap_t p, struct pcap_pkthdr pkt_header, 188* const u_char *pkt_data) 189{ 190* struct oneshot_userdata s; 191 192 s.hdr = &p->pcap_header; 193 s.pkt = pkt_data; 194 s.pd = p; 195 196 /* Saves a pointer to the packet headers / 197* pkt_header= &p->pcap_header; 198* 199 if (p->sf.rfile != NULL) { 200 int status; 201 202 /* We are on an offline capture / 203* status = pcap_offline_read(p, 1, p->oneshot_callback, 204 (u_char )&s); 205* 206 /* 207 * Return codes for pcap_offline_read() are: 208 * - 0: EOF 209 * - -1: error 210 * - >1: OK 211 * The first one ('0') conflicts with the return code of 212 * 0 from pcap_read() meaning "no packets arrived before 213 * the timeout expired", so we map it to -2 so you can 214 * distinguish between an EOF from a savefile and a 215 * "no packets arrived before the timeout expired, try 216 * again" from a live capture. 217 / 218* if (status == 0) 219 return (-2); 220 else 221 return (status); 222 } 223 224 /* 225 * Return codes for pcap_read() are: 226 * - 0: timeout 227 * - -1: error 228 * - -2: loop was broken out of with pcap_breakloop() 229 * - >1: OK 230 * The first one ('0') conflicts with the return code of 0 from 231 * pcap_offline_read() meaning "end of file". 232 / 233* return (p->read_op(p, 1, p->oneshot_callback, (u_char )&s)); 234} 235* 236static void 237initialize_ops(pcap_t p) 238{ 239* /* 240 * Set operation pointers for operations that only work on 241 * an activated pcap_t to point to a routine that returns 242 * a "this isn't activated" error. 243 / 244* p->read_op = (read_op_t)pcap_not_initialized; 245 p->inject_op = (inject_op_t)pcap_not_initialized; 246 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 247 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 248 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 249 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 250 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 251 p->stats_op = (stats_op_t)pcap_not_initialized; 252#ifdef WIN32 253 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 254 p->setmode_op = (setmode_op_t)pcap_not_initialized; 255 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 256#endif 257 258 /* 259 * Default cleanup operation - implementations can override 260 * this, but should call pcap_cleanup_live_common() after 261 * doing their own additional cleanup. 262 / 263* p->cleanup_op = pcap_cleanup_live_common; 264 265 /* 266 * In most cases, the standard one-short callback can 267 * be used for pcap_next()/pcap_next_ex(). 268 / 269* p->oneshot_callback = pcap_oneshot; 270} 271 272pcap_t * 273pcap_create_common(const char source, char ebuf) 274{ 275 pcap_t p; 276* 277 p = malloc(sizeof(p)); 278* if (p == NULL) { 279 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 280 pcap_strerror(errno)); 281 return (NULL); 282 } 283 memset(p, 0, sizeof(p)); 284#ifndef WIN32 285* p->fd = -1; /* not opened yet / 286* p->selectable_fd = -1; 287 p->send_fd = -1; 288#endif 289 290 p->opt.source = strdup(source); 291 if (p->opt.source == NULL) { 292 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 293 pcap_strerror(errno)); 294 free(p); 295 return (NULL); 296 } 297 298 /* 299 * Default to "can't set rfmon mode"; if it's supported by 300 * a platform, the create routine that called us can set 301 * the op to its routine to check whether a particular 302 * device supports it. 303 / 304* p->can_set_rfmon_op = pcap_cant_set_rfmon; 305 306 initialize_ops(p); 307 308 /* put in some defaults/ 309* pcap_set_timeout(p, 0); 310 pcap_set_snaplen(p, 65535); /* max packet size / 311* p->opt.promisc = 0; 312 p->opt.buffer_size = 0; 313 p->opt.tstamp_type = -1; /* default to not setting time stamp type / 314* return (p); 315} 316 317int 318pcap_check_activated(pcap_t p) 319{ 320* if (p->activated) { 321 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 322 " operation on activated capture"); 323 return (-1); 324 } 325 return (0); 326} 327 328int 329pcap_set_snaplen(pcap_t p, int snaplen) 330{ 331* if (pcap_check_activated(p)) 332 return (PCAP_ERROR_ACTIVATED); 333 p->snapshot = snaplen; 334 return (0); 335} 336 337int 338pcap_set_promisc(pcap_t p, int promisc) 339{ 340* if (pcap_check_activated(p)) 341 return (PCAP_ERROR_ACTIVATED); 342 p->opt.promisc = promisc; 343 return (0); 344} 345 346int 347pcap_set_rfmon(pcap_t p, int rfmon) 348{ 349* if (pcap_check_activated(p)) 350 return (PCAP_ERROR_ACTIVATED); 351 p->opt.rfmon = rfmon; 352 return (0); 353} 354 355int 356pcap_set_timeout(pcap_t p, int timeout_ms) 357{ 358* if (pcap_check_activated(p)) 359 return (PCAP_ERROR_ACTIVATED); 360 p->md.timeout = timeout_ms; 361 return (0); 362} 363 364int 365pcap_set_tstamp_type(pcap_t p, int tstamp_type) 366{ 367* int i; 368 369 if (pcap_check_activated(p)) 370 return (PCAP_ERROR_ACTIVATED); 371 372 /* 373 * If p->tstamp_type_count is 0, we don't support setting 374 * the time stamp type at all. 375 / 376* if (p->tstamp_type_count == 0) 377 return (PCAP_ERROR_CANTSET_TSTAMP_TYPE); 378 379 /* 380 * Check whether we claim to support this type of time stamp. 381 / 382* for (i = 0; i < p->tstamp_type_count; i++) { 383 if (p->tstamp_type_list[i] == tstamp_type) { 384 /* 385 * Yes. 386 / 387* p->opt.tstamp_type = tstamp_type; 388 return (0); 389 } 390 } 391 392 /* 393 * No. We support setting the time stamp type, but not to this 394 * particular value. 395 / 396* return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 397} 398 399int 400pcap_set_buffer_size(pcap_t p, int buffer_size) 401{ 402* if (pcap_check_activated(p)) 403 return (PCAP_ERROR_ACTIVATED); 404 p->opt.buffer_size = buffer_size; 405 return (0); 406} 407 408int 409pcap_activate(pcap_t p) 410{ 411* int status; 412 413 /* 414 * Catch attempts to re-activate an already-activated 415 * pcap_t; this should, for example, catch code that 416 * calls pcap_open_live() followed by pcap_activate(), 417 * as some code that showed up in a Stack Exchange 418 * question did. 419 / 420* if (pcap_check_activated(p)) 421 return (PCAP_ERROR_ACTIVATED); 422 status = p->activate_op(p); 423 if (status >= 0) 424 p->activated = 1; 425 else { 426 if (p->errbuf[0] == '\0') { 427 /* 428 * No error message supplied by the activate routine; 429 * for the benefit of programs that don't specially 430 * handle errors other than PCAP_ERROR, return the 431 * error message corresponding to the status. 432 / 433* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 434 pcap_statustostr(status)); 435 } 436 437 /* 438 * Undo any operation pointer setting, etc. done by 439 * the activate operation. 440 / 441* initialize_ops(p); 442 } 443 return (status); 444} 445 446pcap_t * 447pcap_open_live(const char source, int snaplen, int promisc, int to_ms, char errbuf) 448{ 449 pcap_t p; 450* int status; 451 452 p = pcap_create(source, errbuf); 453 if (p == NULL) 454 return (NULL); 455 status = pcap_set_snaplen(p, snaplen); 456 if (status < 0) 457 goto fail; 458 status = pcap_set_promisc(p, promisc); 459 if (status < 0) 460 goto fail; 461 status = pcap_set_timeout(p, to_ms); 462 if (status < 0) 463 goto fail; 464 /* 465 * Mark this as opened with pcap_open_live(), so that, for 466 * example, we show the full list of DLT_ values, rather 467 * than just the ones that are compatible with capturing 468 * when not in monitor mode. That allows existing applications 469 * to work the way they used to work, but allows new applications 470 * that know about the new open API to, for example, find out the 471 * DLT_ values that they can select without changing whether 472 * the adapter is in monitor mode or not. 473 / 474* p->oldstyle = 1; 475 status = pcap_activate(p); 476 if (status < 0) 477 goto fail; 478 return (p); 479fail: 480 if (status == PCAP_ERROR) 481 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 482 p->errbuf); 483 else if (status == PCAP_ERROR_NO_SUCH_DEVICE \|\| 484 status == PCAP_ERROR_PERM_DENIED \|\| 485 status == PCAP_ERROR_PROMISC_PERM_DENIED) 486 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, 487 pcap_statustostr(status), p->errbuf); 488 else 489 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 490 pcap_statustostr(status)); 491 pcap_close(p); 492 return (NULL); 493} 494 495int 496pcap_dispatch(pcap_t p, int cnt, pcap_handler callback, u_char user) 497{ 498 return (p->read_op(p, cnt, callback, user)); 499} 500 501/* 502 * XXX - is this necessary? 503 / 504int 505pcap_read(pcap_t p, int cnt, pcap_handler callback, u_char user) 506{ 507* 508 return (p->read_op(p, cnt, callback, user)); 509} 510 511int 512pcap_loop(pcap_t p, int cnt, pcap_handler callback, u_char user) 513{ 514 register int n; 515 516 for (;;) { 517 if (p->sf.rfile != NULL) { 518 /* 519 * 0 means EOF, so don't loop if we get 0. 520 / 521* n = pcap_offline_read(p, cnt, callback, user); 522 } else { 523 /* 524 * XXX keep reading until we get something 525 * (or an error occurs) 526 / 527* do { 528 n = p->read_op(p, cnt, callback, user); 529 } while (n == 0); 530 } 531 if (n <= 0) 532 return (n); 533 if (cnt > 0) { 534 cnt -= n; 535 if (cnt <= 0) 536 return (0); 537 } 538 } 539} 540 541/* 542 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 543 / 544void 545pcap_breakloop(pcap_t p) 546{ 547 p->break_loop = 1; 548} 549 550int 551pcap_datalink(pcap_t p) 552{ 553* return (p->linktype); 554} 555 556int 557pcap_datalink_ext(pcap_t p) 558{ 559* return (p->linktype_ext); 560} 561 562int 563pcap_list_datalinks(pcap_t p, int dlt_buffer) 564{ 565* if (p->dlt_count == 0) { 566 /* 567 * We couldn't fetch the list of DLTs, which means 568 * this platform doesn't support changing the 569 * DLT for an interface. Return a list of DLTs 570 * containing only the DLT this device supports. 571 / 572* dlt_buffer = (int)malloc(sizeof(*dlt_buffer)); 573* if (dlt_buffer == NULL) { 574* (void)snprintf(p->errbuf, sizeof(p->errbuf), 575 "malloc: %s", pcap_strerror(errno)); 576 return (-1); 577 } 578 *dlt_buffer = p->linktype; 579* return (1); 580 } else { 581 dlt_buffer = (int)calloc(sizeof(*dlt_buffer), p->dlt_count); 582* if (dlt_buffer == NULL) { 583* (void)snprintf(p->errbuf, sizeof(p->errbuf), 584 "malloc: %s", pcap_strerror(errno)); 585 return (-1); 586 } 587 (void)memcpy(dlt_buffer, p->dlt_list, 588* sizeof(*dlt_buffer) p->dlt_count); 589 return (p->dlt_count); 590 } 591} 592 593/* 594 * In Windows, you might have a library built with one version of the 595 * C runtime library and an application built with another version of 596 * the C runtime library, which means that the library might use one 597 * version of malloc() and free() and the application might use another 598 * version of malloc() and free(). If so, that means something 599 * allocated by the library cannot be freed by the application, so we 600 * need to have a pcap_free_datalinks() routine to free up the list 601 * allocated by pcap_list_datalinks(), even though it's just a wrapper 602 * around free(). 603 / 604void 605pcap_free_datalinks(int dlt_list) 606{ 607 free(dlt_list); 608} 609 610int 611pcap_set_datalink(pcap_t p, int dlt) 612{ 613* int i; 614 const char dlt_name; 615* 616 if (p->dlt_count == 0 \|\| p->set_datalink_op == NULL) { 617 /* 618 * We couldn't fetch the list of DLTs, or we don't 619 * have a "set datalink" operation, which means 620 * this platform doesn't support changing the 621 * DLT for an interface. Check whether the new 622 * DLT is the one this interface supports. 623 / 624* if (p->linktype != dlt) 625 goto unsupported; 626 627 /* 628 * It is, so there's nothing we need to do here. 629 / 630* return (0); 631 } 632 for (i = 0; i < p->dlt_count; i++) 633 if (p->dlt_list[i] == dlt) 634 break; 635 if (i >= p->dlt_count) 636 goto unsupported; 637 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 638 dlt == DLT_DOCSIS) { 639 /* 640 * This is presumably an Ethernet device, as the first 641 * link-layer type it offers is DLT_EN10MB, and the only 642 * other type it offers is DLT_DOCSIS. That means that 643 * we can't tell the driver to supply DOCSIS link-layer 644 * headers - we're just pretending that's what we're 645 * getting, as, presumably, we're capturing on a dedicated 646 * link to a Cisco Cable Modem Termination System, and 647 * it's putting raw DOCSIS frames on the wire inside low-level 648 * Ethernet framing. 649 / 650* p->linktype = dlt; 651 return (0); 652 } 653 if (p->set_datalink_op(p, dlt) == -1) 654 return (-1); 655 p->linktype = dlt; 656 return (0); 657 658unsupported: 659 dlt_name = pcap_datalink_val_to_name(dlt); 660 if (dlt_name != NULL) { 661 (void) snprintf(p->errbuf, sizeof(p->errbuf), 662 "%s is not one of the DLTs supported by this device", 663 dlt_name); 664 } else { 665 (void) snprintf(p->errbuf, sizeof(p->errbuf), 666 "DLT %d is not one of the DLTs supported by this device", 667 dlt); 668 } 669 return (-1); 670} 671 672/* 673 * This array is designed for mapping upper and lower case letter 674 * together for a case independent comparison. The mappings are 675 * based upon ascii character sequences. 676 / 677static const u_char charmap[] = { 678* (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 679 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 680 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 681 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 682 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 683 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 684 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 685 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 686 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 687 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 688 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 689 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 690 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 691 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 692 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 693 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 694 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 695 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 696 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 697 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 698 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 699 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 700 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 701 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 702 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 703 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 704 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 705 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 706 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 707 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 708 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 709 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 710 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 711 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 712 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 713 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 714 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 715 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 716 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 717 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 718 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 719 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 720 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 721 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 722 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 723 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 724 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 725 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 726 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 727 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 728 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 729 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 730 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 731 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 732 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 733 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 734 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 735 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 736 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 737 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 738 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 739 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 740 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 741 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 742}; 743 744int 745pcap_strcasecmp(const char s1, const char s2) 746{ 747 register const u_char cm = charmap, 748* us1 = (const u_char )s1, 749 us2 = (const u_char )s2; 750 751 while (cm[us1] == cm[us2++]) 752 if (us1++ == '\0') 753* return(0); 754 return (cm[us1] - cm[--us2]); 755} 756 757struct dlt_choice { 758 const char name; 759* const char description; 760* int dlt; 761}; 762 763#define DLT_CHOICE(code, description) { #code, description, code } 764#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 765 766static struct dlt_choice dlt_choices[] = { 767 DLT_CHOICE(DLT_NULL, "BSD loopback"), 768 DLT_CHOICE(DLT_EN10MB, "Ethernet"), 769 DLT_CHOICE(DLT_IEEE802, "Token ring"), 770 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"), 771 DLT_CHOICE(DLT_SLIP, "SLIP"), 772 DLT_CHOICE(DLT_PPP, "PPP"), 773 DLT_CHOICE(DLT_FDDI, "FDDI"), 774 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 775 DLT_CHOICE(DLT_RAW, "Raw IP"), 776 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), 777 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), 778 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), 779 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), 780 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), 781 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"), 782 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), 783 DLT_CHOICE(DLT_IEEE802_11, "802.11"), 784 DLT_CHOICE(DLT_FRELAY, "Frame Relay"), 785 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), 786 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), 787 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), 788 DLT_CHOICE(DLT_LTALK, "Localtalk"), 789 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),	1/* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 / 33 34#ifndef lint 35static const char rcsid[] _U_ = 36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)"; 37#endif 38 39#ifdef HAVE_CONFIG_H 40#include "config.h" 41#endif 42 43#ifdef WIN32 44#include <pcap-stdinc.h> 45#else / WIN32 / 46#if HAVE_INTTYPES_H 47#include <inttypes.h> 48#elif HAVE_STDINT_H 49#include <stdint.h> 50#endif 51#ifdef HAVE_SYS_BITYPES_H 52#include <sys/bitypes.h> 53#endif 54#include <sys/types.h> 55#include <sys/mman.h> 56#endif / WIN32 / 57 58#include <stdio.h> 59#include <stdlib.h> 60#include <string.h> 61#if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 62#include <unistd.h> 63#endif 64#include <fcntl.h> 65#include <errno.h> 66 67#ifdef HAVE_OS_PROTO_H 68#include "os-proto.h" 69#endif 70 71#ifdef MSDOS 72#include "pcap-dos.h" 73#endif 74 75#include "pcap-int.h" 76 77#ifdef HAVE_DAG_API 78#include <dagnew.h> 79#include <dagapi.h> 80#endif 81 82int 83pcap_not_initialized(pcap_t pcap) 84{ 85 /* this means 'not initialized' / 86 return (PCAP_ERROR_NOT_ACTIVATED); 87} 88 89/ 90 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 91 * a PCAP_ERROR value on an error. 92 / 93int 94pcap_can_set_rfmon(pcap_t p) 95{ 96 return (p->can_set_rfmon_op(p)); 97} 98 99/* 100 * For systems where rfmon mode is never supported. 101 / 102static int 103pcap_cant_set_rfmon(pcap_t p _U_) 104{ 105 return (0); 106} 107 108/* 109 * Sets tstamp_typesp to point to an array 1 or more supported time stamp 110* * types; the return value is the number of supported time stamp types. 111 * The list should be freed by a call to pcap_free_tstamp_types() when 112 * you're done with it. 113 * 114 * A return value of 0 means "you don't get a choice of time stamp type", 115 * in which case tstamp_typesp is set to null. 116* * 117 * PCAP_ERROR is returned on error. 118 / 119int 120pcap_list_tstamp_types(pcap_t p, int *tstamp_typesp) 121{ 122* if (p->tstamp_type_count == 0) { 123 /* 124 * We don't support multiple time stamp types. 125 / 126* tstamp_typesp = NULL; 127* } else { 128 tstamp_typesp = (int)calloc(sizeof(*tstamp_typesp), 129* p->tstamp_type_count); 130 if (tstamp_typesp == NULL) { 131* (void)snprintf(p->errbuf, sizeof(p->errbuf), 132 "malloc: %s", pcap_strerror(errno)); 133 return (PCAP_ERROR); 134 } 135 (void)memcpy(tstamp_typesp, p->tstamp_type_list, 136* sizeof(*tstamp_typesp) p->tstamp_type_count); 137 } 138 return (p->tstamp_type_count); 139} 140 141/* 142 * In Windows, you might have a library built with one version of the 143 * C runtime library and an application built with another version of 144 * the C runtime library, which means that the library might use one 145 * version of malloc() and free() and the application might use another 146 * version of malloc() and free(). If so, that means something 147 * allocated by the library cannot be freed by the application, so we 148 * need to have a pcap_free_tstamp_types() routine to free up the list 149 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 150 * around free(). 151 / 152void 153pcap_free_tstamp_types(int tstamp_type_list) 154{ 155 free(tstamp_type_list); 156} 157 158/* 159 * Default one-shot callback; overridden for capture types where the 160 * packet data cannot be guaranteed to be available after the callback 161 * returns, so that a copy must be made. 162 / 163static void 164pcap_oneshot(u_char user, const struct pcap_pkthdr h, const u_char pkt) 165{ 166 struct oneshot_userdata sp = (struct oneshot_userdata )user; 167 168 sp->hdr = h; 169 sp->pkt = pkt; 170} 171* 172const u_char * 173pcap_next(pcap_t p, struct pcap_pkthdr h) 174{ 175 struct oneshot_userdata s; 176 const u_char pkt; 177* 178 s.hdr = h; 179 s.pkt = &pkt; 180 s.pd = p; 181 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char )&s) <= 0) 182* return (0); 183 return (pkt); 184} 185 186int 187pcap_next_ex(pcap_t p, struct pcap_pkthdr pkt_header, 188* const u_char *pkt_data) 189{ 190* struct oneshot_userdata s; 191 192 s.hdr = &p->pcap_header; 193 s.pkt = pkt_data; 194 s.pd = p; 195 196 /* Saves a pointer to the packet headers / 197* pkt_header= &p->pcap_header; 198* 199 if (p->sf.rfile != NULL) { 200 int status; 201 202 /* We are on an offline capture / 203* status = pcap_offline_read(p, 1, p->oneshot_callback, 204 (u_char )&s); 205* 206 /* 207 * Return codes for pcap_offline_read() are: 208 * - 0: EOF 209 * - -1: error 210 * - >1: OK 211 * The first one ('0') conflicts with the return code of 212 * 0 from pcap_read() meaning "no packets arrived before 213 * the timeout expired", so we map it to -2 so you can 214 * distinguish between an EOF from a savefile and a 215 * "no packets arrived before the timeout expired, try 216 * again" from a live capture. 217 / 218* if (status == 0) 219 return (-2); 220 else 221 return (status); 222 } 223 224 /* 225 * Return codes for pcap_read() are: 226 * - 0: timeout 227 * - -1: error 228 * - -2: loop was broken out of with pcap_breakloop() 229 * - >1: OK 230 * The first one ('0') conflicts with the return code of 0 from 231 * pcap_offline_read() meaning "end of file". 232 / 233* return (p->read_op(p, 1, p->oneshot_callback, (u_char )&s)); 234} 235* 236static void 237initialize_ops(pcap_t p) 238{ 239* /* 240 * Set operation pointers for operations that only work on 241 * an activated pcap_t to point to a routine that returns 242 * a "this isn't activated" error. 243 / 244* p->read_op = (read_op_t)pcap_not_initialized; 245 p->inject_op = (inject_op_t)pcap_not_initialized; 246 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 247 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 248 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 249 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 250 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 251 p->stats_op = (stats_op_t)pcap_not_initialized; 252#ifdef WIN32 253 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 254 p->setmode_op = (setmode_op_t)pcap_not_initialized; 255 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 256#endif 257 258 /* 259 * Default cleanup operation - implementations can override 260 * this, but should call pcap_cleanup_live_common() after 261 * doing their own additional cleanup. 262 / 263* p->cleanup_op = pcap_cleanup_live_common; 264 265 /* 266 * In most cases, the standard one-short callback can 267 * be used for pcap_next()/pcap_next_ex(). 268 / 269* p->oneshot_callback = pcap_oneshot; 270} 271 272pcap_t * 273pcap_create_common(const char source, char ebuf) 274{ 275 pcap_t p; 276* 277 p = malloc(sizeof(p)); 278* if (p == NULL) { 279 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 280 pcap_strerror(errno)); 281 return (NULL); 282 } 283 memset(p, 0, sizeof(p)); 284#ifndef WIN32 285* p->fd = -1; /* not opened yet / 286* p->selectable_fd = -1; 287 p->send_fd = -1; 288#endif 289 290 p->opt.source = strdup(source); 291 if (p->opt.source == NULL) { 292 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 293 pcap_strerror(errno)); 294 free(p); 295 return (NULL); 296 } 297 298 /* 299 * Default to "can't set rfmon mode"; if it's supported by 300 * a platform, the create routine that called us can set 301 * the op to its routine to check whether a particular 302 * device supports it. 303 / 304* p->can_set_rfmon_op = pcap_cant_set_rfmon; 305 306 initialize_ops(p); 307 308 /* put in some defaults/ 309* pcap_set_timeout(p, 0); 310 pcap_set_snaplen(p, 65535); /* max packet size / 311* p->opt.promisc = 0; 312 p->opt.buffer_size = 0; 313 p->opt.tstamp_type = -1; /* default to not setting time stamp type / 314* return (p); 315} 316 317int 318pcap_check_activated(pcap_t p) 319{ 320* if (p->activated) { 321 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 322 " operation on activated capture"); 323 return (-1); 324 } 325 return (0); 326} 327 328int 329pcap_set_snaplen(pcap_t p, int snaplen) 330{ 331* if (pcap_check_activated(p)) 332 return (PCAP_ERROR_ACTIVATED); 333 p->snapshot = snaplen; 334 return (0); 335} 336 337int 338pcap_set_promisc(pcap_t p, int promisc) 339{ 340* if (pcap_check_activated(p)) 341 return (PCAP_ERROR_ACTIVATED); 342 p->opt.promisc = promisc; 343 return (0); 344} 345 346int 347pcap_set_rfmon(pcap_t p, int rfmon) 348{ 349* if (pcap_check_activated(p)) 350 return (PCAP_ERROR_ACTIVATED); 351 p->opt.rfmon = rfmon; 352 return (0); 353} 354 355int 356pcap_set_timeout(pcap_t p, int timeout_ms) 357{ 358* if (pcap_check_activated(p)) 359 return (PCAP_ERROR_ACTIVATED); 360 p->md.timeout = timeout_ms; 361 return (0); 362} 363 364int 365pcap_set_tstamp_type(pcap_t p, int tstamp_type) 366{ 367* int i; 368 369 if (pcap_check_activated(p)) 370 return (PCAP_ERROR_ACTIVATED); 371 372 /* 373 * If p->tstamp_type_count is 0, we don't support setting 374 * the time stamp type at all. 375 / 376* if (p->tstamp_type_count == 0) 377 return (PCAP_ERROR_CANTSET_TSTAMP_TYPE); 378 379 /* 380 * Check whether we claim to support this type of time stamp. 381 / 382* for (i = 0; i < p->tstamp_type_count; i++) { 383 if (p->tstamp_type_list[i] == tstamp_type) { 384 /* 385 * Yes. 386 / 387* p->opt.tstamp_type = tstamp_type; 388 return (0); 389 } 390 } 391 392 /* 393 * No. We support setting the time stamp type, but not to this 394 * particular value. 395 / 396* return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 397} 398 399int 400pcap_set_buffer_size(pcap_t p, int buffer_size) 401{ 402* if (pcap_check_activated(p)) 403 return (PCAP_ERROR_ACTIVATED); 404 p->opt.buffer_size = buffer_size; 405 return (0); 406} 407 408int 409pcap_activate(pcap_t p) 410{ 411* int status; 412 413 /* 414 * Catch attempts to re-activate an already-activated 415 * pcap_t; this should, for example, catch code that 416 * calls pcap_open_live() followed by pcap_activate(), 417 * as some code that showed up in a Stack Exchange 418 * question did. 419 / 420* if (pcap_check_activated(p)) 421 return (PCAP_ERROR_ACTIVATED); 422 status = p->activate_op(p); 423 if (status >= 0) 424 p->activated = 1; 425 else { 426 if (p->errbuf[0] == '\0') { 427 /* 428 * No error message supplied by the activate routine; 429 * for the benefit of programs that don't specially 430 * handle errors other than PCAP_ERROR, return the 431 * error message corresponding to the status. 432 / 433* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 434 pcap_statustostr(status)); 435 } 436 437 /* 438 * Undo any operation pointer setting, etc. done by 439 * the activate operation. 440 / 441* initialize_ops(p); 442 } 443 return (status); 444} 445 446pcap_t * 447pcap_open_live(const char source, int snaplen, int promisc, int to_ms, char errbuf) 448{ 449 pcap_t p; 450* int status; 451 452 p = pcap_create(source, errbuf); 453 if (p == NULL) 454 return (NULL); 455 status = pcap_set_snaplen(p, snaplen); 456 if (status < 0) 457 goto fail; 458 status = pcap_set_promisc(p, promisc); 459 if (status < 0) 460 goto fail; 461 status = pcap_set_timeout(p, to_ms); 462 if (status < 0) 463 goto fail; 464 /* 465 * Mark this as opened with pcap_open_live(), so that, for 466 * example, we show the full list of DLT_ values, rather 467 * than just the ones that are compatible with capturing 468 * when not in monitor mode. That allows existing applications 469 * to work the way they used to work, but allows new applications 470 * that know about the new open API to, for example, find out the 471 * DLT_ values that they can select without changing whether 472 * the adapter is in monitor mode or not. 473 / 474* p->oldstyle = 1; 475 status = pcap_activate(p); 476 if (status < 0) 477 goto fail; 478 return (p); 479fail: 480 if (status == PCAP_ERROR) 481 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 482 p->errbuf); 483 else if (status == PCAP_ERROR_NO_SUCH_DEVICE \|\| 484 status == PCAP_ERROR_PERM_DENIED \|\| 485 status == PCAP_ERROR_PROMISC_PERM_DENIED) 486 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, 487 pcap_statustostr(status), p->errbuf); 488 else 489 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 490 pcap_statustostr(status)); 491 pcap_close(p); 492 return (NULL); 493} 494 495int 496pcap_dispatch(pcap_t p, int cnt, pcap_handler callback, u_char user) 497{ 498 return (p->read_op(p, cnt, callback, user)); 499} 500 501/* 502 * XXX - is this necessary? 503 / 504int 505pcap_read(pcap_t p, int cnt, pcap_handler callback, u_char user) 506{ 507* 508 return (p->read_op(p, cnt, callback, user)); 509} 510 511int 512pcap_loop(pcap_t p, int cnt, pcap_handler callback, u_char user) 513{ 514 register int n; 515 516 for (;;) { 517 if (p->sf.rfile != NULL) { 518 /* 519 * 0 means EOF, so don't loop if we get 0. 520 / 521* n = pcap_offline_read(p, cnt, callback, user); 522 } else { 523 /* 524 * XXX keep reading until we get something 525 * (or an error occurs) 526 / 527* do { 528 n = p->read_op(p, cnt, callback, user); 529 } while (n == 0); 530 } 531 if (n <= 0) 532 return (n); 533 if (cnt > 0) { 534 cnt -= n; 535 if (cnt <= 0) 536 return (0); 537 } 538 } 539} 540 541/* 542 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 543 / 544void 545pcap_breakloop(pcap_t p) 546{ 547 p->break_loop = 1; 548} 549 550int 551pcap_datalink(pcap_t p) 552{ 553* return (p->linktype); 554} 555 556int 557pcap_datalink_ext(pcap_t p) 558{ 559* return (p->linktype_ext); 560} 561 562int 563pcap_list_datalinks(pcap_t p, int dlt_buffer) 564{ 565* if (p->dlt_count == 0) { 566 /* 567 * We couldn't fetch the list of DLTs, which means 568 * this platform doesn't support changing the 569 * DLT for an interface. Return a list of DLTs 570 * containing only the DLT this device supports. 571 / 572* dlt_buffer = (int)malloc(sizeof(*dlt_buffer)); 573* if (dlt_buffer == NULL) { 574* (void)snprintf(p->errbuf, sizeof(p->errbuf), 575 "malloc: %s", pcap_strerror(errno)); 576 return (-1); 577 } 578 *dlt_buffer = p->linktype; 579* return (1); 580 } else { 581 dlt_buffer = (int)calloc(sizeof(*dlt_buffer), p->dlt_count); 582* if (dlt_buffer == NULL) { 583* (void)snprintf(p->errbuf, sizeof(p->errbuf), 584 "malloc: %s", pcap_strerror(errno)); 585 return (-1); 586 } 587 (void)memcpy(dlt_buffer, p->dlt_list, 588* sizeof(*dlt_buffer) p->dlt_count); 589 return (p->dlt_count); 590 } 591} 592 593/* 594 * In Windows, you might have a library built with one version of the 595 * C runtime library and an application built with another version of 596 * the C runtime library, which means that the library might use one 597 * version of malloc() and free() and the application might use another 598 * version of malloc() and free(). If so, that means something 599 * allocated by the library cannot be freed by the application, so we 600 * need to have a pcap_free_datalinks() routine to free up the list 601 * allocated by pcap_list_datalinks(), even though it's just a wrapper 602 * around free(). 603 / 604void 605pcap_free_datalinks(int dlt_list) 606{ 607 free(dlt_list); 608} 609 610int 611pcap_set_datalink(pcap_t p, int dlt) 612{ 613* int i; 614 const char dlt_name; 615* 616 if (p->dlt_count == 0 \|\| p->set_datalink_op == NULL) { 617 /* 618 * We couldn't fetch the list of DLTs, or we don't 619 * have a "set datalink" operation, which means 620 * this platform doesn't support changing the 621 * DLT for an interface. Check whether the new 622 * DLT is the one this interface supports. 623 / 624* if (p->linktype != dlt) 625 goto unsupported; 626 627 /* 628 * It is, so there's nothing we need to do here. 629 / 630* return (0); 631 } 632 for (i = 0; i < p->dlt_count; i++) 633 if (p->dlt_list[i] == dlt) 634 break; 635 if (i >= p->dlt_count) 636 goto unsupported; 637 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 638 dlt == DLT_DOCSIS) { 639 /* 640 * This is presumably an Ethernet device, as the first 641 * link-layer type it offers is DLT_EN10MB, and the only 642 * other type it offers is DLT_DOCSIS. That means that 643 * we can't tell the driver to supply DOCSIS link-layer 644 * headers - we're just pretending that's what we're 645 * getting, as, presumably, we're capturing on a dedicated 646 * link to a Cisco Cable Modem Termination System, and 647 * it's putting raw DOCSIS frames on the wire inside low-level 648 * Ethernet framing. 649 / 650* p->linktype = dlt; 651 return (0); 652 } 653 if (p->set_datalink_op(p, dlt) == -1) 654 return (-1); 655 p->linktype = dlt; 656 return (0); 657 658unsupported: 659 dlt_name = pcap_datalink_val_to_name(dlt); 660 if (dlt_name != NULL) { 661 (void) snprintf(p->errbuf, sizeof(p->errbuf), 662 "%s is not one of the DLTs supported by this device", 663 dlt_name); 664 } else { 665 (void) snprintf(p->errbuf, sizeof(p->errbuf), 666 "DLT %d is not one of the DLTs supported by this device", 667 dlt); 668 } 669 return (-1); 670} 671 672/* 673 * This array is designed for mapping upper and lower case letter 674 * together for a case independent comparison. The mappings are 675 * based upon ascii character sequences. 676 / 677static const u_char charmap[] = { 678* (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 679 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 680 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 681 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 682 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 683 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 684 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 685 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 686 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 687 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 688 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 689 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 690 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 691 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 692 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 693 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 694 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 695 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 696 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 697 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 698 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 699 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 700 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 701 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 702 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 703 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 704 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 705 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 706 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 707 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 708 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 709 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 710 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 711 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 712 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 713 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 714 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 715 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 716 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 717 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 718 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 719 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 720 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 721 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 722 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 723 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 724 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 725 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 726 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 727 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 728 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 729 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 730 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 731 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 732 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 733 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 734 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 735 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 736 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 737 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 738 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 739 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 740 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 741 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 742}; 743 744int 745pcap_strcasecmp(const char s1, const char s2) 746{ 747 register const u_char cm = charmap, 748* us1 = (const u_char )s1, 749 us2 = (const u_char )s2; 750 751 while (cm[us1] == cm[us2++]) 752 if (us1++ == '\0') 753* return(0); 754 return (cm[us1] - cm[--us2]); 755} 756 757struct dlt_choice { 758 const char name; 759* const char description; 760* int dlt; 761}; 762 763#define DLT_CHOICE(code, description) { #code, description, code } 764#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 765 766static struct dlt_choice dlt_choices[] = { 767 DLT_CHOICE(DLT_NULL, "BSD loopback"), 768 DLT_CHOICE(DLT_EN10MB, "Ethernet"), 769 DLT_CHOICE(DLT_IEEE802, "Token ring"), 770 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"), 771 DLT_CHOICE(DLT_SLIP, "SLIP"), 772 DLT_CHOICE(DLT_PPP, "PPP"), 773 DLT_CHOICE(DLT_FDDI, "FDDI"), 774 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 775 DLT_CHOICE(DLT_RAW, "Raw IP"), 776 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), 777 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), 778 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), 779 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), 780 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), 781 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"), 782 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), 783 DLT_CHOICE(DLT_IEEE802_11, "802.11"), 784 DLT_CHOICE(DLT_FRELAY, "Frame Relay"), 785 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), 786 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), 787 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), 788 DLT_CHOICE(DLT_LTALK, "Localtalk"), 789 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
	790 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
790 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), 791 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 792 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), 793 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"), 794 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), 795 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 796 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 797 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"), 798 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"), 799 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 800 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"), 801 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 802 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"), 803 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 804 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 805 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"), 806 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"), 807 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"), 808 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"), 809 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), 810 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 811 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 812 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"), 813 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"), 814 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 815 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"), 816 DLT_CHOICE(DLT_GPF_T, "GPF-T"), 817 DLT_CHOICE(DLT_GPF_F, "GPF-F"), 818 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"), 819 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"), 820 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"), 821 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"), 822 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"), 823 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"), 824 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"), 825 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"), 826 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"), 827 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"), 828 DLT_CHOICE(DLT_A429, "Arinc 429"), 829 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"), 830 DLT_CHOICE(DLT_USB, "USB"), 831 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 832 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 833 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"), 834 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"), 835 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 836 DLT_CHOICE(DLT_PPI, "Per-Packet Information"), 837 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 838 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"), 839 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"), 840 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"), 841 DLT_CHOICE(DLT_ERF, "Endace ERF header"), 842 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"), 843 DLT_CHOICE(DLT_IPMB, "IPMB"), 844 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"), 845 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 846 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"), 847 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 848 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"), 849 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"), 850 DLT_CHOICE(DLT_DECT, "DECT"), 851 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"), 852 DLT_CHOICE(DLT_WIHART, "Wireless HART"), 853 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"), 854 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 855 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"), 856 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 857 DLT_CHOICE(DLT_IPV4, "Raw IPv4"), 858 DLT_CHOICE(DLT_IPV6, "Raw IPv6"), 859 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 860 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"), 861 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"), 862 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 863 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"), 864 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 865 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"), 866 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 867 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 868 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"), 869 DLT_CHOICE_SENTINEL 870}; 871 872int 873pcap_datalink_name_to_val(const char name) 874{ 875* int i; 876 877 for (i = 0; dlt_choices[i].name != NULL; i++) { 878 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, 879 name) == 0) 880 return (dlt_choices[i].dlt); 881 } 882 return (-1); 883} 884 885const char * 886pcap_datalink_val_to_name(int dlt) 887{ 888 int i; 889 890 for (i = 0; dlt_choices[i].name != NULL; i++) { 891 if (dlt_choices[i].dlt == dlt) 892 return (dlt_choices[i].name + sizeof("DLT_") - 1); 893 } 894 return (NULL); 895} 896 897const char * 898pcap_datalink_val_to_description(int dlt) 899{ 900 int i; 901 902 for (i = 0; dlt_choices[i].name != NULL; i++) { 903 if (dlt_choices[i].dlt == dlt) 904 return (dlt_choices[i].description); 905 } 906 return (NULL); 907} 908 909struct tstamp_type_choice { 910 const char name; 911* const char description; 912* int type; 913}; 914 915static struct tstamp_type_choice tstamp_type_choices[] = { 916 { "host", "Host", PCAP_TSTAMP_HOST }, 917 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 918 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 919 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 920 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 921 { NULL, NULL, 0 } 922}; 923 924int 925pcap_tstamp_type_name_to_val(const char name) 926{ 927* int i; 928 929 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 930 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 931 return (tstamp_type_choices[i].type); 932 } 933 return (PCAP_ERROR); 934} 935 936const char * 937pcap_tstamp_type_val_to_name(int tstamp_type) 938{ 939 int i; 940 941 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 942 if (tstamp_type_choices[i].type == tstamp_type) 943 return (tstamp_type_choices[i].name); 944 } 945 return (NULL); 946} 947 948const char * 949pcap_tstamp_type_val_to_description(int tstamp_type) 950{ 951 int i; 952 953 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 954 if (tstamp_type_choices[i].type == tstamp_type) 955 return (tstamp_type_choices[i].description); 956 } 957 return (NULL); 958} 959 960int 961pcap_snapshot(pcap_t p) 962{ 963* return (p->snapshot); 964} 965 966int 967pcap_is_swapped(pcap_t p) 968{ 969* return (p->sf.swapped); 970} 971 972int 973pcap_major_version(pcap_t p) 974{ 975* return (p->sf.version_major); 976} 977 978int 979pcap_minor_version(pcap_t p) 980{ 981* return (p->sf.version_minor); 982} 983 984FILE * 985pcap_file(pcap_t p) 986{ 987* return (p->sf.rfile); 988} 989 990int 991pcap_fileno(pcap_t p) 992{ 993#ifndef WIN32 994* return (p->fd); 995#else 996 if (p->adapter != NULL) 997 return ((int)(DWORD)p->adapter->hFile); 998 else 999 return (-1); 1000#endif 1001} 1002 1003#if !defined(WIN32) && !defined(MSDOS) 1004int 1005pcap_get_selectable_fd(pcap_t p) 1006{ 1007* return (p->selectable_fd); 1008} 1009#endif 1010 1011void 1012pcap_perror(pcap_t p, char prefix) 1013{ 1014 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1015} 1016 1017char * 1018pcap_geterr(pcap_t p) 1019{ 1020* return (p->errbuf); 1021} 1022 1023int 1024pcap_getnonblock(pcap_t p, char errbuf) 1025{ 1026 return (p->getnonblock_op(p, errbuf)); 1027} 1028 1029/* 1030 * Get the current non-blocking mode setting, under the assumption that 1031 * it's just the standard POSIX non-blocking flag. 1032 * 1033 * We don't look at "p->nonblock", in case somebody tweaked the FD 1034 * directly. 1035 / 1036#if !defined(WIN32) && !defined(MSDOS) 1037int 1038pcap_getnonblock_fd(pcap_t p, char errbuf) 1039{ 1040* int fdflags; 1041 1042 fdflags = fcntl(p->fd, F_GETFL, 0); 1043 if (fdflags == -1) { 1044 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1045 pcap_strerror(errno)); 1046 return (-1); 1047 } 1048 if (fdflags & O_NONBLOCK) 1049 return (1); 1050 else 1051 return (0); 1052} 1053#endif 1054 1055int 1056pcap_setnonblock(pcap_t p, int nonblock, char errbuf) 1057{ 1058 return (p->setnonblock_op(p, nonblock, errbuf)); 1059} 1060 1061#if !defined(WIN32) && !defined(MSDOS) 1062/* 1063 * Set non-blocking mode, under the assumption that it's just the 1064 * standard POSIX non-blocking flag. (This can be called by the 1065 * per-platform non-blocking-mode routine if that routine also 1066 * needs to do some additional work.) 1067 / 1068int 1069pcap_setnonblock_fd(pcap_t p, int nonblock, char errbuf) 1070{ 1071* int fdflags; 1072 1073 fdflags = fcntl(p->fd, F_GETFL, 0); 1074 if (fdflags == -1) { 1075 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1076 pcap_strerror(errno)); 1077 return (-1); 1078 } 1079 if (nonblock) 1080 fdflags \|= O_NONBLOCK; 1081 else 1082 fdflags &= ~O_NONBLOCK; 1083 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1084 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1085 pcap_strerror(errno)); 1086 return (-1); 1087 } 1088 return (0); 1089} 1090#endif 1091 1092#ifdef WIN32 1093/* 1094 * Generate a string for the last Win32-specific error (i.e. an error generated when 1095 * calling a Win32 API). 1096 * For errors occurred during standard C calls, we still use pcap_strerror() 1097 / 1098char 1099pcap_win32strerror(void) 1100{ 1101 DWORD error; 1102 static char errbuf[PCAP_ERRBUF_SIZE+1]; 1103 int errlen; 1104 char p; 1105* 1106 error = GetLastError(); 1107 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1108 PCAP_ERRBUF_SIZE, NULL); 1109 1110 /* 1111 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1112 * message. Get rid of it. 1113 / 1114* errlen = strlen(errbuf); 1115 if (errlen >= 2) { 1116 errbuf[errlen - 1] = '\0'; 1117 errbuf[errlen - 2] = '\0'; 1118 } 1119 p = strchr(errbuf, '\0'); 1120 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error); 1121 return (errbuf); 1122} 1123#endif 1124 1125/* 1126 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1127 / 1128const char 1129pcap_statustostr(int errnum) 1130{ 1131 static char ebuf[15+10+1]; 1132 1133 switch (errnum) { 1134 1135 case PCAP_WARNING: 1136 return("Generic warning"); 1137 1138 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1139 return ("That type of time stamp is not supported by that device"); 1140 1141 case PCAP_WARNING_PROMISC_NOTSUP: 1142 return ("That device doesn't support promiscuous mode"); 1143 1144 case PCAP_ERROR: 1145 return("Generic error"); 1146 1147 case PCAP_ERROR_BREAK: 1148 return("Loop terminated by pcap_breakloop"); 1149 1150 case PCAP_ERROR_NOT_ACTIVATED: 1151 return("The pcap_t has not been activated"); 1152 1153 case PCAP_ERROR_ACTIVATED: 1154 return ("The setting can't be changed after the pcap_t is activated"); 1155 1156 case PCAP_ERROR_NO_SUCH_DEVICE: 1157 return ("No such device exists"); 1158 1159 case PCAP_ERROR_RFMON_NOTSUP: 1160 return ("That device doesn't support monitor mode"); 1161 1162 case PCAP_ERROR_NOT_RFMON: 1163 return ("That operation is supported only in monitor mode"); 1164 1165 case PCAP_ERROR_PERM_DENIED: 1166 return ("You don't have permission to capture on that device"); 1167 1168 case PCAP_ERROR_IFACE_NOT_UP: 1169 return ("That device is not up"); 1170 1171 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1172 return ("That device doesn't support setting the time stamp type"); 1173 1174 case PCAP_ERROR_PROMISC_PERM_DENIED: 1175 return ("You don't have permission to capture in promiscuous mode on that device"); 1176 } 1177 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1178 return(ebuf); 1179} 1180 1181/* 1182 * Not all systems have strerror(). 1183 / 1184const char 1185pcap_strerror(int errnum) 1186{ 1187#ifdef HAVE_STRERROR 1188 return (strerror(errnum)); 1189#else 1190 extern int sys_nerr; 1191 extern const char const sys_errlist[]; 1192* static char ebuf[15+10+1]; 1193 1194 if ((unsigned int)errnum < sys_nerr) 1195 return ((char )sys_errlist[errnum]); 1196* (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1197 return(ebuf); 1198#endif 1199} 1200 1201int 1202pcap_setfilter(pcap_t p, struct bpf_program fp) 1203{ 1204 return (p->setfilter_op(p, fp)); 1205} 1206 1207/* 1208 * Set direction flag, which controls whether we accept only incoming 1209 * packets, only outgoing packets, or both. 1210 * Note that, depending on the platform, some or all direction arguments 1211 * might not be supported. 1212 / 1213int 1214pcap_setdirection(pcap_t p, pcap_direction_t d) 1215{ 1216 if (p->setdirection_op == NULL) { 1217 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1218 "Setting direction is not implemented on this platform"); 1219 return (-1); 1220 } else 1221 return (p->setdirection_op(p, d)); 1222} 1223 1224int 1225pcap_stats(pcap_t p, struct pcap_stat ps) 1226{ 1227 return (p->stats_op(p, ps)); 1228} 1229 1230static int 1231pcap_stats_dead(pcap_t p, struct pcap_stat ps _U_) 1232{ 1233 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1234 "Statistics aren't available from a pcap_open_dead pcap_t"); 1235 return (-1); 1236} 1237 1238#ifdef WIN32 1239int 1240pcap_setbuff(pcap_t p, int dim) 1241{ 1242* return (p->setbuff_op(p, dim)); 1243} 1244 1245static int 1246pcap_setbuff_dead(pcap_t p, int dim) 1247{ 1248* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1249 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1250 return (-1); 1251} 1252 1253int 1254pcap_setmode(pcap_t p, int mode) 1255{ 1256* return (p->setmode_op(p, mode)); 1257} 1258 1259static int 1260pcap_setmode_dead(pcap_t p, int mode) 1261{ 1262* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1263 "impossible to set mode on a pcap_open_dead pcap_t"); 1264 return (-1); 1265} 1266 1267int 1268pcap_setmintocopy(pcap_t p, int size) 1269{ 1270* return (p->setmintocopy_op(p, size)); 1271} 1272 1273static int 1274pcap_setmintocopy_dead(pcap_t p, int size) 1275{ 1276* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1277 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1278 return (-1); 1279} 1280#endif 1281 1282/* 1283 * On some platforms, we need to clean up promiscuous or monitor mode 1284 * when we close a device - and we want that to happen even if the 1285 * application just exits without explicitl closing devices. 1286 * On those platforms, we need to register a "close all the pcaps" 1287 * routine to be called when we exit, and need to maintain a list of 1288 * pcaps that need to be closed to clean up modes. 1289 * 1290 * XXX - not thread-safe. 1291 / 1292* 1293/* 1294 * List of pcaps on which we've done something that needs to be 1295 * cleaned up. 1296 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1297 * when we exit, and have it close all of them. 1298 / 1299static struct pcap pcaps_to_close; 1300 1301/* 1302 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1303 * be called on exit. 1304 / 1305static int did_atexit; 1306* 1307static void 1308pcap_close_all(void) 1309{ 1310 struct pcap handle; 1311* 1312 while ((handle = pcaps_to_close) != NULL) 1313 pcap_close(handle); 1314} 1315 1316int 1317pcap_do_addexit(pcap_t p) 1318{ 1319* /* 1320 * If we haven't already done so, arrange to have 1321 * "pcap_close_all()" called when we exit. 1322 / 1323* if (!did_atexit) { 1324 if (atexit(pcap_close_all) == -1) { 1325 /* 1326 * "atexit()" failed; let our caller know. 1327 / 1328* strncpy(p->errbuf, "atexit failed", 1329 PCAP_ERRBUF_SIZE); 1330 return (0); 1331 } 1332 did_atexit = 1; 1333 } 1334 return (1); 1335} 1336 1337void 1338pcap_add_to_pcaps_to_close(pcap_t p) 1339{ 1340* p->md.next = pcaps_to_close; 1341 pcaps_to_close = p; 1342} 1343 1344void 1345pcap_remove_from_pcaps_to_close(pcap_t p) 1346{ 1347* pcap_t pc, prevpc; 1348 1349 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1350 prevpc = pc, pc = pc->md.next) { 1351 if (pc == p) { 1352 /* 1353 * Found it. Remove it from the list. 1354 / 1355* if (prevpc == NULL) { 1356 /* 1357 * It was at the head of the list. 1358 / 1359* pcaps_to_close = pc->md.next; 1360 } else { 1361 /* 1362 * It was in the middle of the list. 1363 / 1364* prevpc->md.next = pc->md.next; 1365 } 1366 break; 1367 } 1368 } 1369} 1370 1371void 1372pcap_cleanup_live_common(pcap_t p) 1373{ 1374* if (p->buffer != NULL) { 1375 free(p->buffer); 1376 p->buffer = NULL; 1377 } 1378 if (p->dlt_list != NULL) { 1379 free(p->dlt_list); 1380 p->dlt_list = NULL; 1381 p->dlt_count = 0; 1382 } 1383 if (p->tstamp_type_list != NULL) { 1384 free(p->tstamp_type_list); 1385 p->tstamp_type_list = NULL; 1386 p->tstamp_type_count = 0; 1387 } 1388 pcap_freecode(&p->fcode); 1389#if !defined(WIN32) && !defined(MSDOS) 1390 if (p->fd >= 0) { 1391 close(p->fd); 1392 p->fd = -1; 1393 } 1394 p->selectable_fd = -1; 1395 p->send_fd = -1; 1396#endif 1397} 1398 1399static void 1400pcap_cleanup_dead(pcap_t p _U_) 1401{ 1402* /* Nothing to do. / 1403} 1404* 1405pcap_t * 1406pcap_open_dead(int linktype, int snaplen) 1407{ 1408 pcap_t p; 1409* 1410 p = malloc(sizeof(p)); 1411* if (p == NULL) 1412 return NULL; 1413 memset (p, 0, sizeof(p)); 1414* p->snapshot = snaplen; 1415 p->linktype = linktype; 1416 p->stats_op = pcap_stats_dead; 1417#ifdef WIN32 1418 p->setbuff_op = pcap_setbuff_dead; 1419 p->setmode_op = pcap_setmode_dead; 1420 p->setmintocopy_op = pcap_setmintocopy_dead; 1421#endif 1422 p->cleanup_op = pcap_cleanup_dead; 1423 p->activated = 1; 1424 return (p); 1425} 1426 1427/* 1428 * API compatible with WinPcap's "send a packet" routine - returns -1 1429 * on error, 0 otherwise. 1430 * 1431 * XXX - what if we get a short write? 1432 / 1433int 1434pcap_sendpacket(pcap_t p, const u_char buf, int size) 1435{ 1436* if (p->inject_op(p, buf, size) == -1) 1437 return (-1); 1438 return (0); 1439} 1440 1441/* 1442 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 1443 * error, number of bytes written otherwise. 1444 / 1445int 1446pcap_inject(pcap_t p, const void buf, size_t size) 1447{ 1448* return (p->inject_op(p, buf, size)); 1449} 1450 1451void 1452pcap_close(pcap_t p) 1453{ 1454* if (p->opt.source != NULL) 1455 free(p->opt.source); 1456 p->cleanup_op(p); 1457 free(p); 1458} 1459 1460/* 1461 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 1462 * data for the packet, check whether the packet passes the filter. 1463 * Returns the return value of the filter program, which will be zero if 1464 * the packet doesn't pass and non-zero if the packet does pass. 1465 / 1466int 1467pcap_offline_filter(struct bpf_program fp, const struct pcap_pkthdr h, 1468* const u_char pkt) 1469{ 1470* struct bpf_insn fcode = fp->bf_insns; 1471* 1472 if (fcode != NULL) 1473 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 1474 else 1475 return (0); 1476} 1477 1478/* 1479 * We make the version string static, and return a pointer to it, rather 1480 * than exporting the version string directly. On at least some UNIXes, 1481 * if you import data from a shared library into an program, the data is 1482 * bound into the program binary, so if the string in the version of the 1483 * library with which the program was linked isn't the same as the 1484 * string in the version of the library with which the program is being 1485 * run, various undesirable things may happen (warnings, the string 1486 * being the one from the version of the library with which the program 1487 * was linked, or even weirder things, such as the string being the one 1488 * from the library but being truncated). 1489 / 1490#ifdef HAVE_VERSION_H 1491#include "version.h" 1492#else 1493static const char pcap_version_string[] = "libpcap version 1.x.y"; 1494#endif 1495* 1496#ifdef WIN32 1497/* 1498 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap 1499 * version numbers when building WinPcap. (It'd be nice to do so for 1500 * the packet.dll version number as well.) 1501 / 1502static const char wpcap_version_string[] = "4.0"; 1503static const char pcap_version_string_fmt[] = 1504* "WinPcap version %s, based on %s"; 1505static const char pcap_version_string_packet_dll_fmt[] = 1506 "WinPcap version %s (packet.dll version %s), based on %s"; 1507static char full_pcap_version_string; 1508* 1509const char * 1510pcap_lib_version(void) 1511{ 1512 char packet_version_string; 1513* size_t full_pcap_version_string_len; 1514 1515 if (full_pcap_version_string == NULL) { 1516 /* 1517 * Generate the version string. 1518 / 1519* packet_version_string = PacketGetVersion(); 1520 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 1521 /* 1522 * WinPcap version string and packet.dll version 1523 * string are the same; just report the WinPcap 1524 * version. 1525 / 1526* full_pcap_version_string_len = 1527 (sizeof pcap_version_string_fmt - 4) + 1528 strlen(wpcap_version_string) + 1529 strlen(pcap_version_string); 1530 full_pcap_version_string = 1531 malloc(full_pcap_version_string_len); 1532 sprintf(full_pcap_version_string, 1533 pcap_version_string_fmt, wpcap_version_string, 1534 pcap_version_string); 1535 } else { 1536 /* 1537 * WinPcap version string and packet.dll version 1538 * string are different; that shouldn't be the 1539 * case (the two libraries should come from the 1540 * same version of WinPcap), so we report both 1541 * versions. 1542 / 1543* full_pcap_version_string_len = 1544 (sizeof pcap_version_string_packet_dll_fmt - 6) + 1545 strlen(wpcap_version_string) + 1546 strlen(packet_version_string) + 1547 strlen(pcap_version_string); 1548 full_pcap_version_string = malloc(full_pcap_version_string_len); 1549 1550 sprintf(full_pcap_version_string, 1551 pcap_version_string_packet_dll_fmt, 1552 wpcap_version_string, packet_version_string, 1553 pcap_version_string); 1554 } 1555 } 1556 return (full_pcap_version_string); 1557} 1558 1559#elif defined(MSDOS) 1560 1561static char full_pcap_version_string; 1562* 1563const char * 1564pcap_lib_version (void) 1565{ 1566 char packet_version_string; 1567* size_t full_pcap_version_string_len; 1568 static char dospfx[] = "DOS-"; 1569 1570 if (full_pcap_version_string == NULL) { 1571 /* 1572 * Generate the version string. 1573 / 1574* full_pcap_version_string_len = 1575 sizeof dospfx + strlen(pcap_version_string); 1576 full_pcap_version_string = 1577 malloc(full_pcap_version_string_len); 1578 strcpy(full_pcap_version_string, dospfx); 1579 strcat(full_pcap_version_string, pcap_version_string); 1580 } 1581 return (full_pcap_version_string); 1582} 1583 1584#else /* UNX / 1585 1586const char * 1587pcap_lib_version(void) 1588{ 1589 return (pcap_version_string); 1590} 1591#endif	791 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), 792 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 793 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), 794 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"), 795 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), 796 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 797 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 798 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"), 799 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"), 800 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 801 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"), 802 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 803 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"), 804 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 805 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 806 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"), 807 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"), 808 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"), 809 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"), 810 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), 811 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 812 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 813 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"), 814 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"), 815 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 816 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"), 817 DLT_CHOICE(DLT_GPF_T, "GPF-T"), 818 DLT_CHOICE(DLT_GPF_F, "GPF-F"), 819 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"), 820 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"), 821 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"), 822 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"), 823 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"), 824 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"), 825 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"), 826 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"), 827 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"), 828 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"), 829 DLT_CHOICE(DLT_A429, "Arinc 429"), 830 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"), 831 DLT_CHOICE(DLT_USB, "USB"), 832 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 833 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 834 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"), 835 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"), 836 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 837 DLT_CHOICE(DLT_PPI, "Per-Packet Information"), 838 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 839 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"), 840 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"), 841 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"), 842 DLT_CHOICE(DLT_ERF, "Endace ERF header"), 843 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"), 844 DLT_CHOICE(DLT_IPMB, "IPMB"), 845 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"), 846 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 847 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"), 848 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 849 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"), 850 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"), 851 DLT_CHOICE(DLT_DECT, "DECT"), 852 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"), 853 DLT_CHOICE(DLT_WIHART, "Wireless HART"), 854 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"), 855 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 856 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"), 857 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 858 DLT_CHOICE(DLT_IPV4, "Raw IPv4"), 859 DLT_CHOICE(DLT_IPV6, "Raw IPv6"), 860 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 861 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"), 862 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"), 863 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 864 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"), 865 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 866 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"), 867 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 868 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 869 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"), 870 DLT_CHOICE_SENTINEL 871}; 872 873int 874pcap_datalink_name_to_val(const char name) 875{ 876* int i; 877 878 for (i = 0; dlt_choices[i].name != NULL; i++) { 879 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, 880 name) == 0) 881 return (dlt_choices[i].dlt); 882 } 883 return (-1); 884} 885 886const char * 887pcap_datalink_val_to_name(int dlt) 888{ 889 int i; 890 891 for (i = 0; dlt_choices[i].name != NULL; i++) { 892 if (dlt_choices[i].dlt == dlt) 893 return (dlt_choices[i].name + sizeof("DLT_") - 1); 894 } 895 return (NULL); 896} 897 898const char * 899pcap_datalink_val_to_description(int dlt) 900{ 901 int i; 902 903 for (i = 0; dlt_choices[i].name != NULL; i++) { 904 if (dlt_choices[i].dlt == dlt) 905 return (dlt_choices[i].description); 906 } 907 return (NULL); 908} 909 910struct tstamp_type_choice { 911 const char name; 912* const char description; 913* int type; 914}; 915 916static struct tstamp_type_choice tstamp_type_choices[] = { 917 { "host", "Host", PCAP_TSTAMP_HOST }, 918 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 919 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 920 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 921 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 922 { NULL, NULL, 0 } 923}; 924 925int 926pcap_tstamp_type_name_to_val(const char name) 927{ 928* int i; 929 930 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 931 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 932 return (tstamp_type_choices[i].type); 933 } 934 return (PCAP_ERROR); 935} 936 937const char * 938pcap_tstamp_type_val_to_name(int tstamp_type) 939{ 940 int i; 941 942 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 943 if (tstamp_type_choices[i].type == tstamp_type) 944 return (tstamp_type_choices[i].name); 945 } 946 return (NULL); 947} 948 949const char * 950pcap_tstamp_type_val_to_description(int tstamp_type) 951{ 952 int i; 953 954 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 955 if (tstamp_type_choices[i].type == tstamp_type) 956 return (tstamp_type_choices[i].description); 957 } 958 return (NULL); 959} 960 961int 962pcap_snapshot(pcap_t p) 963{ 964* return (p->snapshot); 965} 966 967int 968pcap_is_swapped(pcap_t p) 969{ 970* return (p->sf.swapped); 971} 972 973int 974pcap_major_version(pcap_t p) 975{ 976* return (p->sf.version_major); 977} 978 979int 980pcap_minor_version(pcap_t p) 981{ 982* return (p->sf.version_minor); 983} 984 985FILE * 986pcap_file(pcap_t p) 987{ 988* return (p->sf.rfile); 989} 990 991int 992pcap_fileno(pcap_t p) 993{ 994#ifndef WIN32 995* return (p->fd); 996#else 997 if (p->adapter != NULL) 998 return ((int)(DWORD)p->adapter->hFile); 999 else 1000 return (-1); 1001#endif 1002} 1003 1004#if !defined(WIN32) && !defined(MSDOS) 1005int 1006pcap_get_selectable_fd(pcap_t p) 1007{ 1008* return (p->selectable_fd); 1009} 1010#endif 1011 1012void 1013pcap_perror(pcap_t p, char prefix) 1014{ 1015 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1016} 1017 1018char * 1019pcap_geterr(pcap_t p) 1020{ 1021* return (p->errbuf); 1022} 1023 1024int 1025pcap_getnonblock(pcap_t p, char errbuf) 1026{ 1027 return (p->getnonblock_op(p, errbuf)); 1028} 1029 1030/* 1031 * Get the current non-blocking mode setting, under the assumption that 1032 * it's just the standard POSIX non-blocking flag. 1033 * 1034 * We don't look at "p->nonblock", in case somebody tweaked the FD 1035 * directly. 1036 / 1037#if !defined(WIN32) && !defined(MSDOS) 1038int 1039pcap_getnonblock_fd(pcap_t p, char errbuf) 1040{ 1041* int fdflags; 1042 1043 fdflags = fcntl(p->fd, F_GETFL, 0); 1044 if (fdflags == -1) { 1045 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1046 pcap_strerror(errno)); 1047 return (-1); 1048 } 1049 if (fdflags & O_NONBLOCK) 1050 return (1); 1051 else 1052 return (0); 1053} 1054#endif 1055 1056int 1057pcap_setnonblock(pcap_t p, int nonblock, char errbuf) 1058{ 1059 return (p->setnonblock_op(p, nonblock, errbuf)); 1060} 1061 1062#if !defined(WIN32) && !defined(MSDOS) 1063/* 1064 * Set non-blocking mode, under the assumption that it's just the 1065 * standard POSIX non-blocking flag. (This can be called by the 1066 * per-platform non-blocking-mode routine if that routine also 1067 * needs to do some additional work.) 1068 / 1069int 1070pcap_setnonblock_fd(pcap_t p, int nonblock, char errbuf) 1071{ 1072* int fdflags; 1073 1074 fdflags = fcntl(p->fd, F_GETFL, 0); 1075 if (fdflags == -1) { 1076 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1077 pcap_strerror(errno)); 1078 return (-1); 1079 } 1080 if (nonblock) 1081 fdflags \|= O_NONBLOCK; 1082 else 1083 fdflags &= ~O_NONBLOCK; 1084 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1085 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1086 pcap_strerror(errno)); 1087 return (-1); 1088 } 1089 return (0); 1090} 1091#endif 1092 1093#ifdef WIN32 1094/* 1095 * Generate a string for the last Win32-specific error (i.e. an error generated when 1096 * calling a Win32 API). 1097 * For errors occurred during standard C calls, we still use pcap_strerror() 1098 / 1099char 1100pcap_win32strerror(void) 1101{ 1102 DWORD error; 1103 static char errbuf[PCAP_ERRBUF_SIZE+1]; 1104 int errlen; 1105 char p; 1106* 1107 error = GetLastError(); 1108 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1109 PCAP_ERRBUF_SIZE, NULL); 1110 1111 /* 1112 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1113 * message. Get rid of it. 1114 / 1115* errlen = strlen(errbuf); 1116 if (errlen >= 2) { 1117 errbuf[errlen - 1] = '\0'; 1118 errbuf[errlen - 2] = '\0'; 1119 } 1120 p = strchr(errbuf, '\0'); 1121 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error); 1122 return (errbuf); 1123} 1124#endif 1125 1126/* 1127 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1128 / 1129const char 1130pcap_statustostr(int errnum) 1131{ 1132 static char ebuf[15+10+1]; 1133 1134 switch (errnum) { 1135 1136 case PCAP_WARNING: 1137 return("Generic warning"); 1138 1139 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1140 return ("That type of time stamp is not supported by that device"); 1141 1142 case PCAP_WARNING_PROMISC_NOTSUP: 1143 return ("That device doesn't support promiscuous mode"); 1144 1145 case PCAP_ERROR: 1146 return("Generic error"); 1147 1148 case PCAP_ERROR_BREAK: 1149 return("Loop terminated by pcap_breakloop"); 1150 1151 case PCAP_ERROR_NOT_ACTIVATED: 1152 return("The pcap_t has not been activated"); 1153 1154 case PCAP_ERROR_ACTIVATED: 1155 return ("The setting can't be changed after the pcap_t is activated"); 1156 1157 case PCAP_ERROR_NO_SUCH_DEVICE: 1158 return ("No such device exists"); 1159 1160 case PCAP_ERROR_RFMON_NOTSUP: 1161 return ("That device doesn't support monitor mode"); 1162 1163 case PCAP_ERROR_NOT_RFMON: 1164 return ("That operation is supported only in monitor mode"); 1165 1166 case PCAP_ERROR_PERM_DENIED: 1167 return ("You don't have permission to capture on that device"); 1168 1169 case PCAP_ERROR_IFACE_NOT_UP: 1170 return ("That device is not up"); 1171 1172 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1173 return ("That device doesn't support setting the time stamp type"); 1174 1175 case PCAP_ERROR_PROMISC_PERM_DENIED: 1176 return ("You don't have permission to capture in promiscuous mode on that device"); 1177 } 1178 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1179 return(ebuf); 1180} 1181 1182/* 1183 * Not all systems have strerror(). 1184 / 1185const char 1186pcap_strerror(int errnum) 1187{ 1188#ifdef HAVE_STRERROR 1189 return (strerror(errnum)); 1190#else 1191 extern int sys_nerr; 1192 extern const char const sys_errlist[]; 1193* static char ebuf[15+10+1]; 1194 1195 if ((unsigned int)errnum < sys_nerr) 1196 return ((char )sys_errlist[errnum]); 1197* (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1198 return(ebuf); 1199#endif 1200} 1201 1202int 1203pcap_setfilter(pcap_t p, struct bpf_program fp) 1204{ 1205 return (p->setfilter_op(p, fp)); 1206} 1207 1208/* 1209 * Set direction flag, which controls whether we accept only incoming 1210 * packets, only outgoing packets, or both. 1211 * Note that, depending on the platform, some or all direction arguments 1212 * might not be supported. 1213 / 1214int 1215pcap_setdirection(pcap_t p, pcap_direction_t d) 1216{ 1217 if (p->setdirection_op == NULL) { 1218 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1219 "Setting direction is not implemented on this platform"); 1220 return (-1); 1221 } else 1222 return (p->setdirection_op(p, d)); 1223} 1224 1225int 1226pcap_stats(pcap_t p, struct pcap_stat ps) 1227{ 1228 return (p->stats_op(p, ps)); 1229} 1230 1231static int 1232pcap_stats_dead(pcap_t p, struct pcap_stat ps _U_) 1233{ 1234 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1235 "Statistics aren't available from a pcap_open_dead pcap_t"); 1236 return (-1); 1237} 1238 1239#ifdef WIN32 1240int 1241pcap_setbuff(pcap_t p, int dim) 1242{ 1243* return (p->setbuff_op(p, dim)); 1244} 1245 1246static int 1247pcap_setbuff_dead(pcap_t p, int dim) 1248{ 1249* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1250 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1251 return (-1); 1252} 1253 1254int 1255pcap_setmode(pcap_t p, int mode) 1256{ 1257* return (p->setmode_op(p, mode)); 1258} 1259 1260static int 1261pcap_setmode_dead(pcap_t p, int mode) 1262{ 1263* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1264 "impossible to set mode on a pcap_open_dead pcap_t"); 1265 return (-1); 1266} 1267 1268int 1269pcap_setmintocopy(pcap_t p, int size) 1270{ 1271* return (p->setmintocopy_op(p, size)); 1272} 1273 1274static int 1275pcap_setmintocopy_dead(pcap_t p, int size) 1276{ 1277* snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1278 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1279 return (-1); 1280} 1281#endif 1282 1283/* 1284 * On some platforms, we need to clean up promiscuous or monitor mode 1285 * when we close a device - and we want that to happen even if the 1286 * application just exits without explicitl closing devices. 1287 * On those platforms, we need to register a "close all the pcaps" 1288 * routine to be called when we exit, and need to maintain a list of 1289 * pcaps that need to be closed to clean up modes. 1290 * 1291 * XXX - not thread-safe. 1292 / 1293* 1294/* 1295 * List of pcaps on which we've done something that needs to be 1296 * cleaned up. 1297 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1298 * when we exit, and have it close all of them. 1299 / 1300static struct pcap pcaps_to_close; 1301 1302/* 1303 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1304 * be called on exit. 1305 / 1306static int did_atexit; 1307* 1308static void 1309pcap_close_all(void) 1310{ 1311 struct pcap handle; 1312* 1313 while ((handle = pcaps_to_close) != NULL) 1314 pcap_close(handle); 1315} 1316 1317int 1318pcap_do_addexit(pcap_t p) 1319{ 1320* /* 1321 * If we haven't already done so, arrange to have 1322 * "pcap_close_all()" called when we exit. 1323 / 1324* if (!did_atexit) { 1325 if (atexit(pcap_close_all) == -1) { 1326 /* 1327 * "atexit()" failed; let our caller know. 1328 / 1329* strncpy(p->errbuf, "atexit failed", 1330 PCAP_ERRBUF_SIZE); 1331 return (0); 1332 } 1333 did_atexit = 1; 1334 } 1335 return (1); 1336} 1337 1338void 1339pcap_add_to_pcaps_to_close(pcap_t p) 1340{ 1341* p->md.next = pcaps_to_close; 1342 pcaps_to_close = p; 1343} 1344 1345void 1346pcap_remove_from_pcaps_to_close(pcap_t p) 1347{ 1348* pcap_t pc, prevpc; 1349 1350 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1351 prevpc = pc, pc = pc->md.next) { 1352 if (pc == p) { 1353 /* 1354 * Found it. Remove it from the list. 1355 / 1356* if (prevpc == NULL) { 1357 /* 1358 * It was at the head of the list. 1359 / 1360* pcaps_to_close = pc->md.next; 1361 } else { 1362 /* 1363 * It was in the middle of the list. 1364 / 1365* prevpc->md.next = pc->md.next; 1366 } 1367 break; 1368 } 1369 } 1370} 1371 1372void 1373pcap_cleanup_live_common(pcap_t p) 1374{ 1375* if (p->buffer != NULL) { 1376 free(p->buffer); 1377 p->buffer = NULL; 1378 } 1379 if (p->dlt_list != NULL) { 1380 free(p->dlt_list); 1381 p->dlt_list = NULL; 1382 p->dlt_count = 0; 1383 } 1384 if (p->tstamp_type_list != NULL) { 1385 free(p->tstamp_type_list); 1386 p->tstamp_type_list = NULL; 1387 p->tstamp_type_count = 0; 1388 } 1389 pcap_freecode(&p->fcode); 1390#if !defined(WIN32) && !defined(MSDOS) 1391 if (p->fd >= 0) { 1392 close(p->fd); 1393 p->fd = -1; 1394 } 1395 p->selectable_fd = -1; 1396 p->send_fd = -1; 1397#endif 1398} 1399 1400static void 1401pcap_cleanup_dead(pcap_t p _U_) 1402{ 1403* /* Nothing to do. / 1404} 1405* 1406pcap_t * 1407pcap_open_dead(int linktype, int snaplen) 1408{ 1409 pcap_t p; 1410* 1411 p = malloc(sizeof(p)); 1412* if (p == NULL) 1413 return NULL; 1414 memset (p, 0, sizeof(p)); 1415* p->snapshot = snaplen; 1416 p->linktype = linktype; 1417 p->stats_op = pcap_stats_dead; 1418#ifdef WIN32 1419 p->setbuff_op = pcap_setbuff_dead; 1420 p->setmode_op = pcap_setmode_dead; 1421 p->setmintocopy_op = pcap_setmintocopy_dead; 1422#endif 1423 p->cleanup_op = pcap_cleanup_dead; 1424 p->activated = 1; 1425 return (p); 1426} 1427 1428/* 1429 * API compatible with WinPcap's "send a packet" routine - returns -1 1430 * on error, 0 otherwise. 1431 * 1432 * XXX - what if we get a short write? 1433 / 1434int 1435pcap_sendpacket(pcap_t p, const u_char buf, int size) 1436{ 1437* if (p->inject_op(p, buf, size) == -1) 1438 return (-1); 1439 return (0); 1440} 1441 1442/* 1443 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 1444 * error, number of bytes written otherwise. 1445 / 1446int 1447pcap_inject(pcap_t p, const void buf, size_t size) 1448{ 1449* return (p->inject_op(p, buf, size)); 1450} 1451 1452void 1453pcap_close(pcap_t p) 1454{ 1455* if (p->opt.source != NULL) 1456 free(p->opt.source); 1457 p->cleanup_op(p); 1458 free(p); 1459} 1460 1461/* 1462 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 1463 * data for the packet, check whether the packet passes the filter. 1464 * Returns the return value of the filter program, which will be zero if 1465 * the packet doesn't pass and non-zero if the packet does pass. 1466 / 1467int 1468pcap_offline_filter(struct bpf_program fp, const struct pcap_pkthdr h, 1469* const u_char pkt) 1470{ 1471* struct bpf_insn fcode = fp->bf_insns; 1472* 1473 if (fcode != NULL) 1474 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 1475 else 1476 return (0); 1477} 1478 1479/* 1480 * We make the version string static, and return a pointer to it, rather 1481 * than exporting the version string directly. On at least some UNIXes, 1482 * if you import data from a shared library into an program, the data is 1483 * bound into the program binary, so if the string in the version of the 1484 * library with which the program was linked isn't the same as the 1485 * string in the version of the library with which the program is being 1486 * run, various undesirable things may happen (warnings, the string 1487 * being the one from the version of the library with which the program 1488 * was linked, or even weirder things, such as the string being the one 1489 * from the library but being truncated). 1490 / 1491#ifdef HAVE_VERSION_H 1492#include "version.h" 1493#else 1494static const char pcap_version_string[] = "libpcap version 1.x.y"; 1495#endif 1496* 1497#ifdef WIN32 1498/* 1499 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap 1500 * version numbers when building WinPcap. (It'd be nice to do so for 1501 * the packet.dll version number as well.) 1502 / 1503static const char wpcap_version_string[] = "4.0"; 1504static const char pcap_version_string_fmt[] = 1505* "WinPcap version %s, based on %s"; 1506static const char pcap_version_string_packet_dll_fmt[] = 1507 "WinPcap version %s (packet.dll version %s), based on %s"; 1508static char full_pcap_version_string; 1509* 1510const char * 1511pcap_lib_version(void) 1512{ 1513 char packet_version_string; 1514* size_t full_pcap_version_string_len; 1515 1516 if (full_pcap_version_string == NULL) { 1517 /* 1518 * Generate the version string. 1519 / 1520* packet_version_string = PacketGetVersion(); 1521 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 1522 /* 1523 * WinPcap version string and packet.dll version 1524 * string are the same; just report the WinPcap 1525 * version. 1526 / 1527* full_pcap_version_string_len = 1528 (sizeof pcap_version_string_fmt - 4) + 1529 strlen(wpcap_version_string) + 1530 strlen(pcap_version_string); 1531 full_pcap_version_string = 1532 malloc(full_pcap_version_string_len); 1533 sprintf(full_pcap_version_string, 1534 pcap_version_string_fmt, wpcap_version_string, 1535 pcap_version_string); 1536 } else { 1537 /* 1538 * WinPcap version string and packet.dll version 1539 * string are different; that shouldn't be the 1540 * case (the two libraries should come from the 1541 * same version of WinPcap), so we report both 1542 * versions. 1543 / 1544* full_pcap_version_string_len = 1545 (sizeof pcap_version_string_packet_dll_fmt - 6) + 1546 strlen(wpcap_version_string) + 1547 strlen(packet_version_string) + 1548 strlen(pcap_version_string); 1549 full_pcap_version_string = malloc(full_pcap_version_string_len); 1550 1551 sprintf(full_pcap_version_string, 1552 pcap_version_string_packet_dll_fmt, 1553 wpcap_version_string, packet_version_string, 1554 pcap_version_string); 1555 } 1556 } 1557 return (full_pcap_version_string); 1558} 1559 1560#elif defined(MSDOS) 1561 1562static char full_pcap_version_string; 1563* 1564const char * 1565pcap_lib_version (void) 1566{ 1567 char packet_version_string; 1568* size_t full_pcap_version_string_len; 1569 static char dospfx[] = "DOS-"; 1570 1571 if (full_pcap_version_string == NULL) { 1572 /* 1573 * Generate the version string. 1574 / 1575* full_pcap_version_string_len = 1576 sizeof dospfx + strlen(pcap_version_string); 1577 full_pcap_version_string = 1578 malloc(full_pcap_version_string_len); 1579 strcpy(full_pcap_version_string, dospfx); 1580 strcat(full_pcap_version_string, pcap_version_string); 1581 } 1582 return (full_pcap_version_string); 1583} 1584 1585#else /* UNX / 1586 1587const char * 1588pcap_lib_version(void) 1589{ 1590 return (pcap_version_string); 1591} 1592#endif