pcap-bpf.c revision 109839 
117683Spst/*
239291Sfenner * Copyright (c) 1993, 1994, 1995, 1996, 1998
317683Spst *	The Regents of the University of California.  All rights reserved.
417683Spst *
517683Spst * Redistribution and use in source and binary forms, with or without
617683Spst * modification, are permitted provided that: (1) source code distributions
717683Spst * retain the above copyright notice and this paragraph in its entirety, (2)
817683Spst * distributions including binary code include the above copyright notice and
917683Spst * this paragraph in its entirety in the documentation or other materials
1017683Spst * provided with the distribution, and (3) all advertising materials mentioning
1117683Spst * features or use of this software display the following acknowledgement:
1217683Spst * ``This product includes software developed by the University of California,
1317683Spst * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
1417683Spst * the University nor the names of its contributors may be used to endorse
1517683Spst * or promote products derived from this software without specific prior
1617683Spst * written permission.
1717683Spst * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
1817683Spst * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
1917683Spst * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
2017683Spst */
2117683Spst#ifndef lint
2226175Sfennerstatic const char rcsid[] =
2398530Sfenner    "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.48 2001/12/10 07:14:14 guy Exp $ (LBL)";
2417683Spst#endif
2517683Spst
2675107Sfenner#ifdef HAVE_CONFIG_H
2775107Sfenner#include "config.h"
2875107Sfenner#endif
2975107Sfenner
3017683Spst#include <sys/param.h>			/* optionally get BSD define */
3117683Spst#include <sys/time.h>
3217683Spst#include <sys/timeb.h>
3317683Spst#include <sys/socket.h>
3417683Spst#include <sys/file.h>
3517683Spst#include <sys/ioctl.h>
3617683Spst
3717683Spst#include <net/if.h>
3898530Sfenner#ifdef _AIX
3998530Sfenner/*
4098530Sfenner * XXX - I'm guessing here AIX defines IFT_ values in <net/if_types.h>,
4198530Sfenner * as BSD does.  If not, this code won't compile, but, if not, you
4298530Sfenner * want to send us a bug report and fall back on using DLPI.
4398530Sfenner * It's not as if BPF used to work right on AIX before this change;
4498530Sfenner * this change attempts to fix the fact that it didn't....
4598530Sfenner */
4698530Sfenner#include <net/if_types.h>		/* for IFT_ values */
4798530Sfenner#endif
4817683Spst
4917683Spst#include <ctype.h>
5017683Spst#include <errno.h>
5117683Spst#include <netdb.h>
5217683Spst#include <stdio.h>
5317683Spst#include <stdlib.h>
5417683Spst#include <string.h>
5517683Spst#include <unistd.h>
5617683Spst
5717683Spst#include "pcap-int.h"
5817683Spst
5917683Spst#ifdef HAVE_OS_PROTO_H
6017683Spst#include "os-proto.h"
6117683Spst#endif
6217683Spst
6356889Sfenner#include "gencode.h"
6456889Sfenner
6517683Spstint
6617683Spstpcap_stats(pcap_t *p, struct pcap_stat *ps)
6717683Spst{
6817683Spst	struct bpf_stat s;
6917683Spst
7098530Sfenner	/*
7198530Sfenner	 * "ps_recv" counts packets handed to the filter, not packets
7298530Sfenner	 * that passed the filter.  This includes packets later dropped
7398530Sfenner	 * because we ran out of buffer space.
7498530Sfenner	 *
7598530Sfenner	 * "ps_drop" counts packets dropped inside the BPF device
7698530Sfenner	 * because we ran out of buffer space.  It doesn't count
7798530Sfenner	 * packets dropped by the interface driver.  It counts
7898530Sfenner	 * only packets that passed the filter.
7998530Sfenner	 *
8098530Sfenner	 * Both statistics include packets not yet read from the kernel
8198530Sfenner	 * by libpcap, and thus not yet seen by the application.
8298530Sfenner	 */
8317683Spst	if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) {
8475107Sfenner		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s",
8575107Sfenner		    pcap_strerror(errno));
8617683Spst		return (-1);
8717683Spst	}
8817683Spst
8917683Spst	ps->ps_recv = s.bs_recv;
9017683Spst	ps->ps_drop = s.bs_drop;
9117683Spst	return (0);
9217683Spst}
9317683Spst
9417683Spstint
9517683Spstpcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
9617683Spst{
9717683Spst	int cc;
9817683Spst	int n = 0;
9917683Spst	register u_char *bp, *ep;
10017683Spst
10117683Spst again:
10217683Spst	cc = p->cc;
10317683Spst	if (p->cc == 0) {
10417683Spst		cc = read(p->fd, (char *)p->buffer, p->bufsize);
10517683Spst		if (cc < 0) {
10617683Spst			/* Don't choke when we get ptraced */
10717683Spst			switch (errno) {
10817683Spst
10917683Spst			case EINTR:
11017683Spst				goto again;
11117683Spst
11217683Spst			case EWOULDBLOCK:
11317683Spst				return (0);
11417683Spst#if defined(sun) && !defined(BSD)
11517683Spst			/*
11617683Spst			 * Due to a SunOS bug, after 2^31 bytes, the kernel
11717683Spst			 * file offset overflows and read fails with EINVAL.
11817683Spst			 * The lseek() to 0 will fix things.
11917683Spst			 */
12017683Spst			case EINVAL:
12117683Spst				if (lseek(p->fd, 0L, SEEK_CUR) +
12217683Spst				    p->bufsize < 0) {
12317683Spst					(void)lseek(p->fd, 0L, SEEK_SET);
12417683Spst					goto again;
12517683Spst				}
12617683Spst				/* fall through */
12717683Spst#endif
12817683Spst			}
12975107Sfenner			snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read: %s",
13075107Sfenner			    pcap_strerror(errno));
13117683Spst			return (-1);
13217683Spst		}
13317683Spst		bp = p->buffer;
13417683Spst	} else
13517683Spst		bp = p->bp;
13617683Spst
13717683Spst	/*
13817683Spst	 * Loop through each packet.
13917683Spst	 */
14017683Spst#define bhp ((struct bpf_hdr *)bp)
14117683Spst	ep = bp + cc;
14217683Spst	while (bp < ep) {
14317683Spst		register int caplen, hdrlen;
14417683Spst		caplen = bhp->bh_caplen;
14517683Spst		hdrlen = bhp->bh_hdrlen;
14617683Spst		/*
14717683Spst		 * XXX A bpf_hdr matches a pcap_pkthdr.
14817683Spst		 */
14998530Sfenner#ifdef _AIX
15098530Sfenner		/*
15198530Sfenner		 * AIX's BPF returns seconds/nanoseconds time stamps, not
15298530Sfenner		 * seconds/microseconds time stamps.
15398530Sfenner		 *
15498530Sfenner		 * XXX - I'm guessing here that it's a "struct timestamp";
15598530Sfenner		 * if not, this code won't compile, but, if not, you
15698530Sfenner		 * want to send us a bug report and fall back on using
15798530Sfenner		 * DLPI.  It's not as if BPF used to work right on
15898530Sfenner		 * AIX before this change; this change attempts to fix
15998530Sfenner		 * the fact that it didn't....
16098530Sfenner		 */
16198530Sfenner		bhp->bh_tstamp.tv_usec = bhp->bh_tstamp.tv_usec/1000;
16298530Sfenner#endif
16317683Spst		(*callback)(user, (struct pcap_pkthdr*)bp, bp + hdrlen);
16417683Spst		bp += BPF_WORDALIGN(caplen + hdrlen);
16517683Spst		if (++n >= cnt && cnt > 0) {
16617683Spst			p->bp = bp;
16717683Spst			p->cc = ep - bp;
16817683Spst			return (n);
16917683Spst		}
17017683Spst	}
17117683Spst#undef bhp
17217683Spst	p->cc = 0;
17317683Spst	return (n);
17417683Spst}
17517683Spst
17617683Spststatic inline int
17717683Spstbpf_open(pcap_t *p, char *errbuf)
17817683Spst{
17917683Spst	int fd;
18017683Spst	int n = 0;
18175107Sfenner	char device[sizeof "/dev/bpf0000000000"];
18217683Spst
18317683Spst	/*
18417683Spst	 * Go through all the minors and find one that isn't in use.
18517683Spst	 */
18617683Spst	do {
18775107Sfenner		(void)snprintf(device, sizeof(device), "/dev/bpf%d", n++);
18817683Spst		fd = open(device, O_RDONLY);
18917683Spst	} while (fd < 0 && errno == EBUSY);
19017683Spst
19117683Spst	/*
19217683Spst	 * XXX better message for all minors used
19317683Spst	 */
19417683Spst	if (fd < 0)
19575107Sfenner		snprintf(errbuf, PCAP_ERRBUF_SIZE, "(no devices found) %s: %s",
19675107Sfenner		    device, pcap_strerror(errno));
19717683Spst
19817683Spst	return (fd);
19917683Spst}
20017683Spst
20117683Spstpcap_t *
20217683Spstpcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
20317683Spst{
20417683Spst	int fd;
20517683Spst	struct ifreq ifr;
20617683Spst	struct bpf_version bv;
207109839Sfenner	struct bpf_dltlist bdl;
20817683Spst	u_int v;
20917683Spst	pcap_t *p;
21017683Spst
211109839Sfenner	bzero(&bdl, sizeof(bdl));
212109839Sfenner
21317683Spst	p = (pcap_t *)malloc(sizeof(*p));
21417683Spst	if (p == NULL) {
21575107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
21675107Sfenner		    pcap_strerror(errno));
21717683Spst		return (NULL);
21817683Spst	}
21975107Sfenner	memset(p, 0, sizeof(*p));
22017683Spst	fd = bpf_open(p, ebuf);
22117683Spst	if (fd < 0)
22217683Spst		goto bad;
22317683Spst
22417683Spst	p->fd = fd;
22517683Spst	p->snapshot = snaplen;
22617683Spst
22717683Spst	if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) {
22875107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s",
22975107Sfenner		    pcap_strerror(errno));
23017683Spst		goto bad;
23117683Spst	}
23217683Spst	if (bv.bv_major != BPF_MAJOR_VERSION ||
23317683Spst	    bv.bv_minor < BPF_MINOR_VERSION) {
23475107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE,
23575107Sfenner		    "kernel bpf filter out of date");
23617683Spst		goto bad;
23717683Spst	}
23875107Sfenner
23975107Sfenner	/*
24075107Sfenner	 * Try finding a good size for the buffer; 32768 may be too
24175107Sfenner	 * big, so keep cutting it in half until we find a size
24275107Sfenner	 * that works, or run out of sizes to try.
24375107Sfenner	 *
24475107Sfenner	 * XXX - there should be a user-accessible hook to set the
24575107Sfenner	 * initial buffer size.
24639291Sfenner	 */
24775107Sfenner	for (v = 32768; v != 0; v >>= 1) {
24875107Sfenner		/* Ignore the return value - this is because the call fails
24975107Sfenner		 * on BPF systems that don't have kernel malloc.  And if
25075107Sfenner		 * the call fails, it's no big deal, we just continue to
25175107Sfenner		 * use the standard buffer size.
25275107Sfenner		 */
25375107Sfenner		(void) ioctl(fd, BIOCSBLEN, (caddr_t)&v);
25439291Sfenner
25575107Sfenner		(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
25675107Sfenner		if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0)
25775107Sfenner			break;	/* that size worked; we're done */
25875107Sfenner
25975107Sfenner		if (errno != ENOBUFS) {
26075107Sfenner			snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s",
26175107Sfenner			    device, pcap_strerror(errno));
26275107Sfenner			goto bad;
26375107Sfenner		}
26475107Sfenner	}
26575107Sfenner
26675107Sfenner	if (v == 0) {
26775107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE,
26875107Sfenner			 "BIOCSBLEN: %s: No buffer size worked", device);
26917683Spst		goto bad;
27017683Spst	}
27175107Sfenner
27217683Spst	/* Get the data link layer type. */
27317683Spst	if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) {
27475107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s",
27575107Sfenner		    pcap_strerror(errno));
27617683Spst		goto bad;
27717683Spst	}
27898530Sfenner#ifdef _AIX
27998530Sfenner	/*
28098530Sfenner	 * AIX's BPF returns IFF_ types, not DLT_ types, in BIOCGDLT.
28198530Sfenner	 */
28256889Sfenner	switch (v) {
28398530Sfenner
28498530Sfenner	case IFT_ETHER:
28598530Sfenner	case IFT_ISO88023:
28698530Sfenner		v = DLT_EN10MB;
28798530Sfenner		break;
28898530Sfenner
28998530Sfenner	case IFT_FDDI:
29098530Sfenner		v = DLT_FDDI;
29198530Sfenner		break;
29298530Sfenner
29398530Sfenner	case IFT_ISO88025:
29498530Sfenner		v = DLT_IEEE802;
29598530Sfenner		break;
29698530Sfenner
29798530Sfenner	default:
29875107Sfenner		/*
29998530Sfenner		 * We don't know what to map this to yet.
30075107Sfenner		 */
30198530Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown interface type %lu",
30298530Sfenner		    v);
30398530Sfenner		goto bad;
30456889Sfenner	}
30556889Sfenner#endif
30639291Sfenner#if _BSDI_VERSION - 0 >= 199510
30739291Sfenner	/* The SLIP and PPP link layer header changed in BSD/OS 2.1 */
30839291Sfenner	switch (v) {
30939291Sfenner
31039291Sfenner	case DLT_SLIP:
31139291Sfenner		v = DLT_SLIP_BSDOS;
31239291Sfenner		break;
31339291Sfenner
31439291Sfenner	case DLT_PPP:
31539291Sfenner		v = DLT_PPP_BSDOS;
31639291Sfenner		break;
31756889Sfenner
31856889Sfenner	case 11:	/*DLT_FR*/
31956889Sfenner		v = DLT_RAW;	/*XXX*/
32056889Sfenner		break;
32156889Sfenner
32256889Sfenner	case 12:	/*DLT_C_HDLC*/
32356889Sfenner		v = DLT_CHDLC;
32456889Sfenner		break;
32539291Sfenner	}
32639291Sfenner#endif
32717683Spst	p->linktype = v;
32817683Spst
329109839Sfenner	/*
330109839Sfenner	 * We know the default link type -- now determine any additional
331109839Sfenner	 * DLTs this interface supports.  If this fails, it's not fatal;
332109839Sfenner	 * we just don't get to use the feature later.
333109839Sfenner	 */
334109839Sfenner	if (ioctl(fd, BIOCGDLTLIST, (caddr_t) &bdl) == 0) {
335109839Sfenner		bdl.bfl_list = (u_int *) malloc(sizeof(u_int) * bdl.bfl_len);
336109839Sfenner		if (bdl.bfl_list == NULL) {
337109839Sfenner			(void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
338109839Sfenner			    pcap_strerror(errno));
339109839Sfenner			goto bad;
340109839Sfenner		}
341109839Sfenner
342109839Sfenner		if (ioctl(fd, BIOCGDLTLIST, (caddr_t) &bdl) < 0) {
343109839Sfenner			(void)snprintf(ebuf, PCAP_ERRBUF_SIZE,
344109839Sfenner			    "BIOCGDLTLIST: %s", pcap_strerror(errno));
345109839Sfenner			free(bdl.bfl_list);
346109839Sfenner			goto bad;
347109839Sfenner		}
348109839Sfenner
349109839Sfenner		p->dlt_count = bdl.bfl_len;
350109839Sfenner		p->dlt_list = bdl.bfl_list;
351109839Sfenner	}
352109839Sfenner
35317683Spst	/* set timeout */
35417683Spst	if (to_ms != 0) {
35517683Spst		struct timeval to;
35617683Spst		to.tv_sec = to_ms / 1000;
35717683Spst		to.tv_usec = (to_ms * 1000) % 1000000;
35817683Spst		if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) {
35975107Sfenner			snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s",
36075107Sfenner			    pcap_strerror(errno));
36117683Spst			goto bad;
36217683Spst		}
36317683Spst	}
36475107Sfenner
36575107Sfenner#ifdef _AIX
36675107Sfenner#ifdef	BIOCIMMEDIATE
36775107Sfenner	/*
36875107Sfenner	 * Darren Reed notes that
36975107Sfenner	 *
37075107Sfenner	 *	On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the
37175107Sfenner	 *	timeout appears to be ignored and it waits until the buffer
37275107Sfenner	 *	is filled before returning.  The result of not having it
37375107Sfenner	 *	set is almost worse than useless if your BPF filter
37475107Sfenner	 *	is reducing things to only a few packets (i.e. one every
37575107Sfenner	 *	second or so).
37675107Sfenner	 *
37775107Sfenner	 * so we turn BIOCIMMEDIATE mode on if this is AIX.
37875107Sfenner	 *
37975107Sfenner	 * We don't turn it on for other platforms, as that means we
38075107Sfenner	 * get woken up for every packet, which may not be what we want;
38175107Sfenner	 * in the Winter 1993 USENIX paper on BPF, they say:
38275107Sfenner	 *
38375107Sfenner	 *	Since a process might want to look at every packet on a
38475107Sfenner	 *	network and the time between packets can be only a few
38575107Sfenner	 *	microseconds, it is not possible to do a read system call
38675107Sfenner	 *	per packet and BPF must collect the data from several
38775107Sfenner	 *	packets and return it as a unit when the monitoring
38875107Sfenner	 *	application does a read.
38975107Sfenner	 *
39075107Sfenner	 * which I infer is the reason for the timeout - it means we
39175107Sfenner	 * wait that amount of time, in the hopes that more packets
39275107Sfenner	 * will arrive and we'll get them all with one read.
39375107Sfenner	 *
39475107Sfenner	 * Setting BIOCIMMEDIATE mode on FreeBSD (and probably other
39575107Sfenner	 * BSDs) causes the timeout to be ignored.
39675107Sfenner	 *
39775107Sfenner	 * On the other hand, some platforms (e.g., Linux) don't support
39875107Sfenner	 * timeouts, they just hand stuff to you as soon as it arrives;
39975107Sfenner	 * if that doesn't cause a problem on those platforms, it may
40075107Sfenner	 * be OK to have BIOCIMMEDIATE mode on BSD as well.
40175107Sfenner	 *
40275107Sfenner	 * (Note, though, that applications may depend on the read
40375107Sfenner	 * completing, even if no packets have arrived, when the timeout
40475107Sfenner	 * expires, e.g. GUI applications that have to check for input
40575107Sfenner	 * while waiting for packets to arrive; a non-zero timeout
40675107Sfenner	 * prevents "select()" from working right on FreeBSD and
40775107Sfenner	 * possibly other BSDs, as the timer doesn't start until a
40875107Sfenner	 * "read()" is done, so the timer isn't in effect if the
40975107Sfenner	 * application is blocked on a "select()", and the "select()"
41075107Sfenner	 * doesn't get woken up for a BPF device until the buffer
41175107Sfenner	 * fills up.)
41275107Sfenner	 */
41375107Sfenner	v = 1;
41475107Sfenner	if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) {
41575107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s",
41675107Sfenner		    pcap_strerror(errno));
41775107Sfenner		goto bad;
41875107Sfenner	}
41975107Sfenner#endif	/* BIOCIMMEDIATE */
42075107Sfenner#endif	/* _AIX */
42175107Sfenner
42298530Sfenner	if (promisc) {
42317683Spst		/* set promiscuous mode, okay if it fails */
42498530Sfenner		if (ioctl(p->fd, BIOCPROMISC, NULL) < 0) {
42598530Sfenner			snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCPROMISC: %s",
42698530Sfenner			    pcap_strerror(errno));
42798530Sfenner		}
42898530Sfenner	}
42917683Spst
43017683Spst	if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) {
43175107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s",
43275107Sfenner		    pcap_strerror(errno));
43317683Spst		goto bad;
43417683Spst	}
43517683Spst	p->bufsize = v;
43617683Spst	p->buffer = (u_char *)malloc(p->bufsize);
43717683Spst	if (p->buffer == NULL) {
43875107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
43975107Sfenner		    pcap_strerror(errno));
44017683Spst		goto bad;
44117683Spst	}
44217683Spst
44317683Spst	return (p);
44417683Spst bad:
44517683Spst	(void)close(fd);
446109839Sfenner	if (bdl.bfl_list != NULL)
447109839Sfenner		free(bdl.bfl_list);
44817683Spst	free(p);
44917683Spst	return (NULL);
45017683Spst}
45117683Spst
45217683Spstint
45317683Spstpcap_setfilter(pcap_t *p, struct bpf_program *fp)
45417683Spst{
45556889Sfenner	/*
45656889Sfenner	 * It looks that BPF code generated by gen_protochain() is not
45756889Sfenner	 * compatible with some of kernel BPF code (for example BSD/OS 3.1).
45856889Sfenner	 * Take a safer side for now.
45956889Sfenner	 */
46075107Sfenner	if (no_optimize) {
46175107Sfenner		if (install_bpf_program(p, fp) < 0)
46275107Sfenner			return (-1);
46375107Sfenner	} else if (p->sf.rfile != NULL) {
46475107Sfenner		if (install_bpf_program(p, fp) < 0)
46575107Sfenner			return (-1);
46675107Sfenner	} else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) {
46775107Sfenner		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s",
46875107Sfenner		    pcap_strerror(errno));
46917683Spst		return (-1);
47017683Spst	}
47117683Spst	return (0);
47217683Spst}
473109839Sfenner
474109839Sfennerint
475109839Sfennerpcap_set_datalink(pcap_t *p, int dlt)
476109839Sfenner{
477109839Sfenner	int i;
478109839Sfenner
479109839Sfenner	for (i = 0; i < p->dlt_count; i++)
480109839Sfenner		if (p->dlt_list[i] == dlt)
481109839Sfenner			break;
482109839Sfenner	if (i >= p->dlt_count) {
483109839Sfenner		(void) snprintf(p->errbuf, sizeof(p->errbuf),
484109839Sfenner		    "No such DLT as %d", dlt);
485109839Sfenner		return -1;
486109839Sfenner	}
487109839Sfenner	if (ioctl(p->fd, BIOCSDLT, &dlt) == -1) {
488109839Sfenner		(void) snprintf(p->errbuf, sizeof(p->errbuf),
489109839Sfenner		    "Cannot set DLT %d: %s", dlt, strerror(errno));
490109839Sfenner		return -1;
491109839Sfenner	}
492109839Sfenner	p->linktype = dlt;
493109839Sfenner	return 0;
494109839Sfenner}
495