pcap-bpf.c revision 222654
117683Spst/* 239291Sfenner * Copyright (c) 1993, 1994, 1995, 1996, 1998 317683Spst * The Regents of the University of California. All rights reserved. 417683Spst * 517683Spst * Redistribution and use in source and binary forms, with or without 617683Spst * modification, are permitted provided that: (1) source code distributions 717683Spst * retain the above copyright notice and this paragraph in its entirety, (2) 817683Spst * distributions including binary code include the above copyright notice and 917683Spst * this paragraph in its entirety in the documentation or other materials 1017683Spst * provided with the distribution, and (3) all advertising materials mentioning 1117683Spst * features or use of this software display the following acknowledgement: 1217683Spst * ``This product includes software developed by the University of California, 1317683Spst * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 1417683Spst * the University nor the names of its contributors may be used to endorse 1517683Spst * or promote products derived from this software without specific prior 1617683Spst * written permission. 1717683Spst * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 1817683Spst * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 1917683Spst * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20162020Ssam * 21162020Ssam * $FreeBSD: head/contrib/libpcap/pcap-bpf.c 222654 2011-06-03 14:57:38Z csjp $ 2217683Spst */ 2317683Spst#ifndef lint 24127664Sbmsstatic const char rcsid[] _U_ = 25214518Srpaulo "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.116 2008-09-16 18:42:29 guy Exp $ (LBL)"; 2617683Spst#endif 2717683Spst 2875107Sfenner#ifdef HAVE_CONFIG_H 2975107Sfenner#include "config.h" 3075107Sfenner#endif 3175107Sfenner 3217683Spst#include <sys/param.h> /* optionally get BSD define */ 33190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 34183102Scsjp#include <sys/mman.h> 35190225Srpaulo#endif 3617683Spst#include <sys/time.h> 3717683Spst#include <sys/socket.h> 38214518Srpaulo/* 39214518Srpaulo * <net/bpf.h> defines ioctls, but doesn't include <sys/ioccom.h>. 40214518Srpaulo * 41214518Srpaulo * We include <sys/ioctl.h> as it might be necessary to declare ioctl(); 42214518Srpaulo * at least on *BSD and Mac OS X, it also defines various SIOC ioctls - 43214518Srpaulo * we could include <sys/sockio.h>, but if we're already including 44214518Srpaulo * <sys/ioctl.h>, which includes <sys/sockio.h> on those platforms, 45214518Srpaulo * there's not much point in doing so. 46214518Srpaulo * 47214518Srpaulo * If we have <sys/ioccom.h>, we include it as well, to handle systems 48214518Srpaulo * such as Solaris which don't arrange to include <sys/ioccom.h> if you 49214518Srpaulo * include <sys/ioctl.h> 50214518Srpaulo */ 5117683Spst#include <sys/ioctl.h> 52214518Srpaulo#ifdef HAVE_SYS_IOCCOM_H 53214518Srpaulo#include <sys/ioccom.h> 54214518Srpaulo#endif 55127664Sbms#include <sys/utsname.h> 5617683Spst 57190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 58190225Srpaulo#include <machine/atomic.h> 59190225Srpaulo#endif 60190225Srpaulo 6117683Spst#include <net/if.h> 62127664Sbms 6398530Sfenner#ifdef _AIX 64127664Sbms 6598530Sfenner/* 66190225Srpaulo * Make "pcap.h" not include "pcap/bpf.h"; we are going to include the 67127664Sbms * native OS version, as we need "struct bpf_config" from it. 6898530Sfenner */ 69127664Sbms#define PCAP_DONT_INCLUDE_PCAP_BPF_H 70127664Sbms 71127664Sbms#include <sys/types.h> 72127664Sbms 73127664Sbms/* 74127664Sbms * Prevent bpf.h from redefining the DLT_ values to their 75127664Sbms * IFT_ values, as we're going to return the standard libpcap 76127664Sbms * values, not IBM's non-standard IFT_ values. 77127664Sbms */ 78127664Sbms#undef _AIX 79127664Sbms#include <net/bpf.h> 80127664Sbms#define _AIX 81127664Sbms 8298530Sfenner#include <net/if_types.h> /* for IFT_ values */ 83127664Sbms#include <sys/sysconfig.h> 84127664Sbms#include <sys/device.h> 85147894Ssam#include <sys/cfgodm.h> 86127664Sbms#include <cf.h> 8717683Spst 88127664Sbms#ifdef __64BIT__ 89127664Sbms#define domakedev makedev64 90127664Sbms#define getmajor major64 91127664Sbms#define bpf_hdr bpf_hdr32 92127664Sbms#else /* __64BIT__ */ 93127664Sbms#define domakedev makedev 94127664Sbms#define getmajor major 95127664Sbms#endif /* __64BIT__ */ 96127664Sbms 97127664Sbms#define BPF_NAME "bpf" 98127664Sbms#define BPF_MINORS 4 99127664Sbms#define DRIVER_PATH "/usr/lib/drivers" 100127664Sbms#define BPF_NODE "/dev/bpf" 101127664Sbmsstatic int bpfloadedflag = 0; 102127664Sbmsstatic int odmlockid = 0; 103127664Sbms 104214518Srpaulostatic int bpf_load(char *errbuf); 105214518Srpaulo 106127664Sbms#else /* _AIX */ 107127664Sbms 108127664Sbms#include <net/bpf.h> 109127664Sbms 110127664Sbms#endif /* _AIX */ 111127664Sbms 11217683Spst#include <ctype.h> 113214518Srpaulo#include <fcntl.h> 11417683Spst#include <errno.h> 11517683Spst#include <netdb.h> 11617683Spst#include <stdio.h> 11717683Spst#include <stdlib.h> 11817683Spst#include <string.h> 11917683Spst#include <unistd.h> 12017683Spst 121190225Srpaulo#ifdef HAVE_NET_IF_MEDIA_H 122190225Srpaulo# include <net/if_media.h> 123190225Srpaulo#endif 124190225Srpaulo 12517683Spst#include "pcap-int.h" 12617683Spst 127127664Sbms#ifdef HAVE_DAG_API 128127664Sbms#include "pcap-dag.h" 129127664Sbms#endif /* HAVE_DAG_API */ 130127664Sbms 131214518Srpaulo#ifdef HAVE_SNF_API 132214518Srpaulo#include "pcap-snf.h" 133214518Srpaulo#endif /* HAVE_SNF_API */ 134214518Srpaulo 13517683Spst#ifdef HAVE_OS_PROTO_H 13617683Spst#include "os-proto.h" 13717683Spst#endif 13817683Spst 139190225Srpaulo#ifdef BIOCGDLTLIST 140190225Srpaulo# if (defined(HAVE_NET_IF_MEDIA_H) && defined(IFM_IEEE80211)) && !defined(__APPLE__) 141190225Srpaulo#define HAVE_BSD_IEEE80211 142190225Srpaulo# endif 14356889Sfenner 144190225Srpaulo# if defined(__APPLE__) || defined(HAVE_BSD_IEEE80211) 145190225Srpaulostatic int find_802_11(struct bpf_dltlist *); 146190225Srpaulo 147190225Srpaulo# ifdef HAVE_BSD_IEEE80211 148190225Srpaulostatic int monitor_mode(pcap_t *, int); 149190225Srpaulo# endif 150190225Srpaulo 151190225Srpaulo# if defined(__APPLE__) 152190225Srpaulostatic void remove_en(pcap_t *); 153190225Srpaulostatic void remove_802_11(pcap_t *); 154190225Srpaulo# endif 155190225Srpaulo 156190225Srpaulo# endif /* defined(__APPLE__) || defined(HAVE_BSD_IEEE80211) */ 157190225Srpaulo 158190225Srpaulo#endif /* BIOCGDLTLIST */ 159190225Srpaulo 160190225Srpaulo/* 161190225Srpaulo * We include the OS's <net/bpf.h>, not our "pcap/bpf.h", so we probably 162190225Srpaulo * don't get DLT_DOCSIS defined. 163190225Srpaulo */ 164190225Srpaulo#ifndef DLT_DOCSIS 165190225Srpaulo#define DLT_DOCSIS 143 166190225Srpaulo#endif 167190225Srpaulo 168190225Srpaulo/* 169190225Srpaulo * On OS X, we don't even get any of the 802.11-plus-radio-header DLT_'s 170190225Srpaulo * defined, even though some of them are used by various Airport drivers. 171190225Srpaulo */ 172190225Srpaulo#ifndef DLT_PRISM_HEADER 173190225Srpaulo#define DLT_PRISM_HEADER 119 174190225Srpaulo#endif 175190225Srpaulo#ifndef DLT_AIRONET_HEADER 176190225Srpaulo#define DLT_AIRONET_HEADER 120 177190225Srpaulo#endif 178190225Srpaulo#ifndef DLT_IEEE802_11_RADIO 179190225Srpaulo#define DLT_IEEE802_11_RADIO 127 180190225Srpaulo#endif 181190225Srpaulo#ifndef DLT_IEEE802_11_RADIO_AVS 182190225Srpaulo#define DLT_IEEE802_11_RADIO_AVS 163 183190225Srpaulo#endif 184190225Srpaulo 185190225Srpaulostatic int pcap_can_set_rfmon_bpf(pcap_t *p); 186190225Srpaulostatic int pcap_activate_bpf(pcap_t *p); 187127664Sbmsstatic int pcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp); 188162012Ssamstatic int pcap_setdirection_bpf(pcap_t *, pcap_direction_t); 189127664Sbmsstatic int pcap_set_datalink_bpf(pcap_t *p, int dlt); 190127664Sbms 191190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 192190225Srpaulo/* 193190225Srpaulo * For zerocopy bpf, we need to override the setnonblock/getnonblock routines 194190225Srpaulo * so we don't call select(2) if the pcap handle is in non-blocking mode. We 195190225Srpaulo * preserve the timeout supplied by pcap_open functions to make sure it 196190225Srpaulo * does not get clobbered if the pcap handle moves between blocking and non- 197190225Srpaulo * blocking mode. 198190225Srpaulo */ 199127664Sbmsstatic int 200190225Srpaulopcap_getnonblock_zbuf(pcap_t *p, char *errbuf) 201190225Srpaulo{ 202190225Srpaulo /* 203190225Srpaulo * Use a negative value for the timeout to represent that the 204190225Srpaulo * pcap handle is in non-blocking mode. 205190225Srpaulo */ 206190225Srpaulo return (p->md.timeout < 0); 207190225Srpaulo} 208190225Srpaulo 209190225Srpaulostatic int 210190225Srpaulopcap_setnonblock_zbuf(pcap_t *p, int nonblock, char *errbuf) 211190225Srpaulo{ 212190225Srpaulo /* 213190225Srpaulo * Map each value to the corresponding 2's complement, to 214190225Srpaulo * preserve the timeout value provided with pcap_set_timeout. 215190225Srpaulo * (from pcap-linux.c). 216190225Srpaulo */ 217190225Srpaulo if (nonblock) { 218214518Srpaulo if (p->md.timeout >= 0) { 219214518Srpaulo /* 220214518Srpaulo * Timeout is non-negative, so we're not already 221214518Srpaulo * in non-blocking mode; set it to the 2's 222214518Srpaulo * complement, to make it negative, as an 223214518Srpaulo * indication that we're in non-blocking mode. 224214518Srpaulo */ 225190225Srpaulo p->md.timeout = p->md.timeout * -1 - 1; 226214518Srpaulo } 227214518Srpaulo } else { 228214518Srpaulo if (p->md.timeout < 0) { 229214518Srpaulo /* 230214518Srpaulo * Timeout is negative, so we're not already 231214518Srpaulo * in blocking mode; reverse the previous 232214518Srpaulo * operation, to make the timeout non-negative 233214518Srpaulo * again. 234214518Srpaulo */ 235190225Srpaulo p->md.timeout = (p->md.timeout + 1) * -1; 236214518Srpaulo } 237214518Srpaulo } 238190225Srpaulo return (0); 239190225Srpaulo} 240190225Srpaulo 241190225Srpaulo/* 242190225Srpaulo * Zero-copy specific close method. Un-map the shared buffers then call 243190225Srpaulo * pcap_cleanup_live_common. 244190225Srpaulo */ 245190225Srpaulostatic void 246190225Srpaulopcap_cleanup_zbuf(pcap_t *p) 247190225Srpaulo{ 248190225Srpaulo /* 249190225Srpaulo * Delete the mappings. Note that p->buffer gets initialized to one 250190225Srpaulo * of the mmapped regions in this case, so do not try and free it 251190225Srpaulo * directly; null it out so that pcap_cleanup_live_common() doesn't 252190225Srpaulo * try to free it. 253190225Srpaulo */ 254190225Srpaulo if (p->md.zbuf1 != MAP_FAILED && p->md.zbuf1 != NULL) 255190225Srpaulo (void) munmap(p->md.zbuf1, p->md.zbufsize); 256190225Srpaulo if (p->md.zbuf2 != MAP_FAILED && p->md.zbuf2 != NULL) 257190225Srpaulo (void) munmap(p->md.zbuf2, p->md.zbufsize); 258190225Srpaulo p->buffer = NULL; 259190225Srpaulo pcap_cleanup_live_common(p); 260190225Srpaulo} 261190225Srpaulo 262190225Srpaulo/* 263190225Srpaulo * Zero-copy BPF buffer routines to check for and acknowledge BPF data in 264190225Srpaulo * shared memory buffers. 265190225Srpaulo * 266190225Srpaulo * pcap_next_zbuf_shm(): Check for a newly available shared memory buffer, 267190225Srpaulo * and set up p->buffer and cc to reflect one if available. Notice that if 268190225Srpaulo * there was no prior buffer, we select zbuf1 as this will be the first 269190225Srpaulo * buffer filled for a fresh BPF session. 270190225Srpaulo */ 271190225Srpaulostatic int 272190225Srpaulopcap_next_zbuf_shm(pcap_t *p, int *cc) 273190225Srpaulo{ 274190225Srpaulo struct bpf_zbuf_header *bzh; 275190225Srpaulo 276190225Srpaulo if (p->md.zbuffer == p->md.zbuf2 || p->md.zbuffer == NULL) { 277190225Srpaulo bzh = (struct bpf_zbuf_header *)p->md.zbuf1; 278190225Srpaulo if (bzh->bzh_user_gen != 279190225Srpaulo atomic_load_acq_int(&bzh->bzh_kernel_gen)) { 280190225Srpaulo p->md.bzh = bzh; 281190225Srpaulo p->md.zbuffer = (u_char *)p->md.zbuf1; 282190225Srpaulo p->buffer = p->md.zbuffer + sizeof(*bzh); 283190225Srpaulo *cc = bzh->bzh_kernel_len; 284190225Srpaulo return (1); 285190225Srpaulo } 286190225Srpaulo } else if (p->md.zbuffer == p->md.zbuf1) { 287190225Srpaulo bzh = (struct bpf_zbuf_header *)p->md.zbuf2; 288190225Srpaulo if (bzh->bzh_user_gen != 289190225Srpaulo atomic_load_acq_int(&bzh->bzh_kernel_gen)) { 290190225Srpaulo p->md.bzh = bzh; 291190225Srpaulo p->md.zbuffer = (u_char *)p->md.zbuf2; 292190225Srpaulo p->buffer = p->md.zbuffer + sizeof(*bzh); 293190225Srpaulo *cc = bzh->bzh_kernel_len; 294190225Srpaulo return (1); 295190225Srpaulo } 296190225Srpaulo } 297190225Srpaulo *cc = 0; 298190225Srpaulo return (0); 299190225Srpaulo} 300190225Srpaulo 301190225Srpaulo/* 302190225Srpaulo * pcap_next_zbuf() -- Similar to pcap_next_zbuf_shm(), except wait using 303190225Srpaulo * select() for data or a timeout, and possibly force rotation of the buffer 304190225Srpaulo * in the event we time out or are in immediate mode. Invoke the shared 305190225Srpaulo * memory check before doing system calls in order to avoid doing avoidable 306190225Srpaulo * work. 307190225Srpaulo */ 308190225Srpaulostatic int 309190225Srpaulopcap_next_zbuf(pcap_t *p, int *cc) 310190225Srpaulo{ 311190225Srpaulo struct bpf_zbuf bz; 312190225Srpaulo struct timeval tv; 313190225Srpaulo struct timespec cur; 314190225Srpaulo fd_set r_set; 315190225Srpaulo int data, r; 316190225Srpaulo int expire, tmout; 317190225Srpaulo 318190225Srpaulo#define TSTOMILLI(ts) (((ts)->tv_sec * 1000) + ((ts)->tv_nsec / 1000000)) 319190225Srpaulo /* 320190225Srpaulo * Start out by seeing whether anything is waiting by checking the 321190225Srpaulo * next shared memory buffer for data. 322190225Srpaulo */ 323190225Srpaulo data = pcap_next_zbuf_shm(p, cc); 324190225Srpaulo if (data) 325190225Srpaulo return (data); 326190225Srpaulo /* 327190225Srpaulo * If a previous sleep was interrupted due to signal delivery, make 328190225Srpaulo * sure that the timeout gets adjusted accordingly. This requires 329190225Srpaulo * that we analyze when the timeout should be been expired, and 330190225Srpaulo * subtract the current time from that. If after this operation, 331190225Srpaulo * our timeout is less then or equal to zero, handle it like a 332190225Srpaulo * regular timeout. 333190225Srpaulo */ 334190225Srpaulo tmout = p->md.timeout; 335190225Srpaulo if (tmout) 336190225Srpaulo (void) clock_gettime(CLOCK_MONOTONIC, &cur); 337190225Srpaulo if (p->md.interrupted && p->md.timeout) { 338190225Srpaulo expire = TSTOMILLI(&p->md.firstsel) + p->md.timeout; 339190225Srpaulo tmout = expire - TSTOMILLI(&cur); 340190225Srpaulo#undef TSTOMILLI 341190225Srpaulo if (tmout <= 0) { 342190225Srpaulo p->md.interrupted = 0; 343190225Srpaulo data = pcap_next_zbuf_shm(p, cc); 344190225Srpaulo if (data) 345190225Srpaulo return (data); 346190225Srpaulo if (ioctl(p->fd, BIOCROTZBUF, &bz) < 0) { 347190225Srpaulo (void) snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 348190225Srpaulo "BIOCROTZBUF: %s", strerror(errno)); 349190225Srpaulo return (PCAP_ERROR); 350190225Srpaulo } 351190225Srpaulo return (pcap_next_zbuf_shm(p, cc)); 352190225Srpaulo } 353190225Srpaulo } 354190225Srpaulo /* 355190225Srpaulo * No data in the buffer, so must use select() to wait for data or 356190225Srpaulo * the next timeout. Note that we only call select if the handle 357190225Srpaulo * is in blocking mode. 358190225Srpaulo */ 359190225Srpaulo if (p->md.timeout >= 0) { 360190225Srpaulo FD_ZERO(&r_set); 361190225Srpaulo FD_SET(p->fd, &r_set); 362190225Srpaulo if (tmout != 0) { 363190225Srpaulo tv.tv_sec = tmout / 1000; 364190225Srpaulo tv.tv_usec = (tmout * 1000) % 1000000; 365190225Srpaulo } 366190225Srpaulo r = select(p->fd + 1, &r_set, NULL, NULL, 367190225Srpaulo p->md.timeout != 0 ? &tv : NULL); 368190225Srpaulo if (r < 0 && errno == EINTR) { 369190225Srpaulo if (!p->md.interrupted && p->md.timeout) { 370190225Srpaulo p->md.interrupted = 1; 371190225Srpaulo p->md.firstsel = cur; 372190225Srpaulo } 373190225Srpaulo return (0); 374190225Srpaulo } else if (r < 0) { 375190225Srpaulo (void) snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 376190225Srpaulo "select: %s", strerror(errno)); 377190225Srpaulo return (PCAP_ERROR); 378190225Srpaulo } 379190225Srpaulo } 380190225Srpaulo p->md.interrupted = 0; 381190225Srpaulo /* 382190225Srpaulo * Check again for data, which may exist now that we've either been 383190225Srpaulo * woken up as a result of data or timed out. Try the "there's data" 384190225Srpaulo * case first since it doesn't require a system call. 385190225Srpaulo */ 386190225Srpaulo data = pcap_next_zbuf_shm(p, cc); 387190225Srpaulo if (data) 388190225Srpaulo return (data); 389190225Srpaulo /* 390190225Srpaulo * Try forcing a buffer rotation to dislodge timed out or immediate 391190225Srpaulo * data. 392190225Srpaulo */ 393190225Srpaulo if (ioctl(p->fd, BIOCROTZBUF, &bz) < 0) { 394190225Srpaulo (void) snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 395190225Srpaulo "BIOCROTZBUF: %s", strerror(errno)); 396190225Srpaulo return (PCAP_ERROR); 397190225Srpaulo } 398190225Srpaulo return (pcap_next_zbuf_shm(p, cc)); 399190225Srpaulo} 400190225Srpaulo 401190225Srpaulo/* 402190225Srpaulo * Notify kernel that we are done with the buffer. We don't reset zbuffer so 403190225Srpaulo * that we know which buffer to use next time around. 404190225Srpaulo */ 405190225Srpaulostatic int 406190225Srpaulopcap_ack_zbuf(pcap_t *p) 407190225Srpaulo{ 408190225Srpaulo 409190225Srpaulo atomic_store_rel_int(&p->md.bzh->bzh_user_gen, 410190225Srpaulo p->md.bzh->bzh_kernel_gen); 411190225Srpaulo p->md.bzh = NULL; 412190225Srpaulo p->buffer = NULL; 413190225Srpaulo return (0); 414190225Srpaulo} 415190225Srpaulo#endif 416190225Srpaulo 417190225Srpaulopcap_t * 418190225Srpaulopcap_create(const char *device, char *ebuf) 419190225Srpaulo{ 420190225Srpaulo pcap_t *p; 421190225Srpaulo 422190225Srpaulo#ifdef HAVE_DAG_API 423190225Srpaulo if (strstr(device, "dag")) 424190225Srpaulo return (dag_create(device, ebuf)); 425190225Srpaulo#endif /* HAVE_DAG_API */ 426214518Srpaulo#ifdef HAVE_SNF_API 427214518Srpaulo if (strstr(device, "snf")) 428214518Srpaulo return (snf_create(device, ebuf)); 429214518Srpaulo#endif /* HAVE_SNF_API */ 430190225Srpaulo 431190225Srpaulo p = pcap_create_common(device, ebuf); 432190225Srpaulo if (p == NULL) 433190225Srpaulo return (NULL); 434190225Srpaulo 435190225Srpaulo p->activate_op = pcap_activate_bpf; 436190225Srpaulo p->can_set_rfmon_op = pcap_can_set_rfmon_bpf; 437190225Srpaulo return (p); 438190225Srpaulo} 439190225Srpaulo 440190225Srpaulostatic int 441190225Srpaulobpf_open(pcap_t *p) 442190225Srpaulo{ 443190225Srpaulo int fd; 444190225Srpaulo#ifdef HAVE_CLONING_BPF 445190225Srpaulo static const char device[] = "/dev/bpf"; 446190225Srpaulo#else 447190225Srpaulo int n = 0; 448190225Srpaulo char device[sizeof "/dev/bpf0000000000"]; 449190225Srpaulo#endif 450190225Srpaulo 451190225Srpaulo#ifdef _AIX 452190225Srpaulo /* 453190225Srpaulo * Load the bpf driver, if it isn't already loaded, 454190225Srpaulo * and create the BPF device entries, if they don't 455190225Srpaulo * already exist. 456190225Srpaulo */ 457190225Srpaulo if (bpf_load(p->errbuf) == PCAP_ERROR) 458190225Srpaulo return (PCAP_ERROR); 459190225Srpaulo#endif 460190225Srpaulo 461190225Srpaulo#ifdef HAVE_CLONING_BPF 462190225Srpaulo if ((fd = open(device, O_RDWR)) == -1 && 463190225Srpaulo (errno != EACCES || (fd = open(device, O_RDONLY)) == -1)) { 464190225Srpaulo if (errno == EACCES) 465190225Srpaulo fd = PCAP_ERROR_PERM_DENIED; 466190225Srpaulo else 467190225Srpaulo fd = PCAP_ERROR; 468190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 469190225Srpaulo "(cannot open device) %s: %s", device, pcap_strerror(errno)); 470190225Srpaulo } 471190225Srpaulo#else 472190225Srpaulo /* 473190225Srpaulo * Go through all the minors and find one that isn't in use. 474190225Srpaulo */ 475190225Srpaulo do { 476190225Srpaulo (void)snprintf(device, sizeof(device), "/dev/bpf%d", n++); 477190225Srpaulo /* 478190225Srpaulo * Initially try a read/write open (to allow the inject 479190225Srpaulo * method to work). If that fails due to permission 480190225Srpaulo * issues, fall back to read-only. This allows a 481190225Srpaulo * non-root user to be granted specific access to pcap 482190225Srpaulo * capabilities via file permissions. 483190225Srpaulo * 484190225Srpaulo * XXX - we should have an API that has a flag that 485190225Srpaulo * controls whether to open read-only or read-write, 486190225Srpaulo * so that denial of permission to send (or inability 487190225Srpaulo * to send, if sending packets isn't supported on 488190225Srpaulo * the device in question) can be indicated at open 489190225Srpaulo * time. 490190225Srpaulo */ 491190225Srpaulo fd = open(device, O_RDWR); 492190225Srpaulo if (fd == -1 && errno == EACCES) 493190225Srpaulo fd = open(device, O_RDONLY); 494190225Srpaulo } while (fd < 0 && errno == EBUSY); 495190225Srpaulo 496190225Srpaulo /* 497190225Srpaulo * XXX better message for all minors used 498190225Srpaulo */ 499190225Srpaulo if (fd < 0) { 500190225Srpaulo if (errno == EACCES) 501190225Srpaulo fd = PCAP_ERROR_PERM_DENIED; 502190225Srpaulo else 503190225Srpaulo fd = PCAP_ERROR; 504190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "(no devices found) %s: %s", 505190225Srpaulo device, pcap_strerror(errno)); 506190225Srpaulo } 507190225Srpaulo#endif 508190225Srpaulo 509190225Srpaulo return (fd); 510190225Srpaulo} 511190225Srpaulo 512190225Srpaulo#ifdef BIOCGDLTLIST 513190225Srpaulostatic int 514190225Srpauloget_dlt_list(int fd, int v, struct bpf_dltlist *bdlp, char *ebuf) 515190225Srpaulo{ 516190225Srpaulo memset(bdlp, 0, sizeof(*bdlp)); 517190225Srpaulo if (ioctl(fd, BIOCGDLTLIST, (caddr_t)bdlp) == 0) { 518190225Srpaulo u_int i; 519190225Srpaulo int is_ethernet; 520190225Srpaulo 521190225Srpaulo bdlp->bfl_list = (u_int *) malloc(sizeof(u_int) * (bdlp->bfl_len + 1)); 522190225Srpaulo if (bdlp->bfl_list == NULL) { 523190225Srpaulo (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 524190225Srpaulo pcap_strerror(errno)); 525190225Srpaulo return (PCAP_ERROR); 526190225Srpaulo } 527190225Srpaulo 528190225Srpaulo if (ioctl(fd, BIOCGDLTLIST, (caddr_t)bdlp) < 0) { 529190225Srpaulo (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, 530190225Srpaulo "BIOCGDLTLIST: %s", pcap_strerror(errno)); 531190225Srpaulo free(bdlp->bfl_list); 532190225Srpaulo return (PCAP_ERROR); 533190225Srpaulo } 534190225Srpaulo 535190225Srpaulo /* 536190225Srpaulo * OK, for real Ethernet devices, add DLT_DOCSIS to the 537190225Srpaulo * list, so that an application can let you choose it, 538190225Srpaulo * in case you're capturing DOCSIS traffic that a Cisco 539190225Srpaulo * Cable Modem Termination System is putting out onto 540190225Srpaulo * an Ethernet (it doesn't put an Ethernet header onto 541190225Srpaulo * the wire, it puts raw DOCSIS frames out on the wire 542190225Srpaulo * inside the low-level Ethernet framing). 543190225Srpaulo * 544190225Srpaulo * A "real Ethernet device" is defined here as a device 545190225Srpaulo * that has a link-layer type of DLT_EN10MB and that has 546190225Srpaulo * no alternate link-layer types; that's done to exclude 547190225Srpaulo * 802.11 interfaces (which might or might not be the 548190225Srpaulo * right thing to do, but I suspect it is - Ethernet <-> 549190225Srpaulo * 802.11 bridges would probably badly mishandle frames 550190225Srpaulo * that don't have Ethernet headers). 551214518Srpaulo * 552214518Srpaulo * On Solaris with BPF, Ethernet devices also offer 553214518Srpaulo * DLT_IPNET, so we, if DLT_IPNET is defined, we don't 554214518Srpaulo * treat it as an indication that the device isn't an 555214518Srpaulo * Ethernet. 556190225Srpaulo */ 557190225Srpaulo if (v == DLT_EN10MB) { 558190225Srpaulo is_ethernet = 1; 559190225Srpaulo for (i = 0; i < bdlp->bfl_len; i++) { 560214518Srpaulo if (bdlp->bfl_list[i] != DLT_EN10MB 561214518Srpaulo#ifdef DLT_IPNET 562214518Srpaulo && bdlp->bfl_list[i] != DLT_IPNET 563214518Srpaulo#endif 564214518Srpaulo ) { 565190225Srpaulo is_ethernet = 0; 566190225Srpaulo break; 567190225Srpaulo } 568190225Srpaulo } 569190225Srpaulo if (is_ethernet) { 570190225Srpaulo /* 571190225Srpaulo * We reserved one more slot at the end of 572190225Srpaulo * the list. 573190225Srpaulo */ 574190225Srpaulo bdlp->bfl_list[bdlp->bfl_len] = DLT_DOCSIS; 575190225Srpaulo bdlp->bfl_len++; 576190225Srpaulo } 577190225Srpaulo } 578190225Srpaulo } else { 579190225Srpaulo /* 580190225Srpaulo * EINVAL just means "we don't support this ioctl on 581190225Srpaulo * this device"; don't treat it as an error. 582190225Srpaulo */ 583190225Srpaulo if (errno != EINVAL) { 584190225Srpaulo (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, 585190225Srpaulo "BIOCGDLTLIST: %s", pcap_strerror(errno)); 586190225Srpaulo return (PCAP_ERROR); 587190225Srpaulo } 588190225Srpaulo } 589190225Srpaulo return (0); 590190225Srpaulo} 591190225Srpaulo#endif 592190225Srpaulo 593190225Srpaulostatic int 594190225Srpaulopcap_can_set_rfmon_bpf(pcap_t *p) 595190225Srpaulo{ 596190225Srpaulo#if defined(__APPLE__) 597190225Srpaulo struct utsname osinfo; 598190225Srpaulo struct ifreq ifr; 599190225Srpaulo int fd; 600190225Srpaulo#ifdef BIOCGDLTLIST 601190225Srpaulo struct bpf_dltlist bdl; 602190225Srpaulo#endif 603190225Srpaulo 604190225Srpaulo /* 605190225Srpaulo * The joys of monitor mode on OS X. 606190225Srpaulo * 607190225Srpaulo * Prior to 10.4, it's not supported at all. 608190225Srpaulo * 609190225Srpaulo * In 10.4, if adapter enN supports monitor mode, there's a 610190225Srpaulo * wltN adapter corresponding to it; you open it, instead of 611190225Srpaulo * enN, to get monitor mode. You get whatever link-layer 612190225Srpaulo * headers it supplies. 613190225Srpaulo * 614190225Srpaulo * In 10.5, and, we assume, later releases, if adapter enN 615190225Srpaulo * supports monitor mode, it offers, among its selectable 616190225Srpaulo * DLT_ values, values that let you get the 802.11 header; 617190225Srpaulo * selecting one of those values puts the adapter into monitor 618190225Srpaulo * mode (i.e., you can't get 802.11 headers except in monitor 619190225Srpaulo * mode, and you can't get Ethernet headers in monitor mode). 620190225Srpaulo */ 621190225Srpaulo if (uname(&osinfo) == -1) { 622190225Srpaulo /* 623190225Srpaulo * Can't get the OS version; just say "no". 624190225Srpaulo */ 625190225Srpaulo return (0); 626190225Srpaulo } 627190225Srpaulo /* 628190225Srpaulo * We assume osinfo.sysname is "Darwin", because 629190225Srpaulo * __APPLE__ is defined. We just check the version. 630190225Srpaulo */ 631190225Srpaulo if (osinfo.release[0] < '8' && osinfo.release[1] == '.') { 632190225Srpaulo /* 633190225Srpaulo * 10.3 (Darwin 7.x) or earlier. 634190225Srpaulo * Monitor mode not supported. 635190225Srpaulo */ 636190225Srpaulo return (0); 637190225Srpaulo } 638190225Srpaulo if (osinfo.release[0] == '8' && osinfo.release[1] == '.') { 639190225Srpaulo /* 640190225Srpaulo * 10.4 (Darwin 8.x). s/en/wlt/, and check 641190225Srpaulo * whether the device exists. 642190225Srpaulo */ 643190225Srpaulo if (strncmp(p->opt.source, "en", 2) != 0) { 644190225Srpaulo /* 645190225Srpaulo * Not an enN device; no monitor mode. 646190225Srpaulo */ 647190225Srpaulo return (0); 648190225Srpaulo } 649190225Srpaulo fd = socket(AF_INET, SOCK_DGRAM, 0); 650190225Srpaulo if (fd == -1) { 651190225Srpaulo (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 652190225Srpaulo "socket: %s", pcap_strerror(errno)); 653190225Srpaulo return (PCAP_ERROR); 654190225Srpaulo } 655190225Srpaulo strlcpy(ifr.ifr_name, "wlt", sizeof(ifr.ifr_name)); 656190225Srpaulo strlcat(ifr.ifr_name, p->opt.source + 2, sizeof(ifr.ifr_name)); 657190225Srpaulo if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) { 658190225Srpaulo /* 659190225Srpaulo * No such device? 660190225Srpaulo */ 661190225Srpaulo close(fd); 662190225Srpaulo return (0); 663190225Srpaulo } 664190225Srpaulo close(fd); 665190225Srpaulo return (1); 666190225Srpaulo } 667190225Srpaulo 668190225Srpaulo#ifdef BIOCGDLTLIST 669190225Srpaulo /* 670190225Srpaulo * Everything else is 10.5 or later; for those, 671190225Srpaulo * we just open the enN device, and check whether 672190225Srpaulo * we have any 802.11 devices. 673190225Srpaulo * 674190225Srpaulo * First, open a BPF device. 675190225Srpaulo */ 676190225Srpaulo fd = bpf_open(p); 677190225Srpaulo if (fd < 0) 678190225Srpaulo return (fd); 679190225Srpaulo 680190225Srpaulo /* 681190225Srpaulo * Now bind to the device. 682190225Srpaulo */ 683190225Srpaulo (void)strncpy(ifr.ifr_name, p->opt.source, sizeof(ifr.ifr_name)); 684190225Srpaulo if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) { 685190225Srpaulo if (errno == ENETDOWN) { 686190225Srpaulo /* 687190225Srpaulo * Return a "network down" indication, so that 688190225Srpaulo * the application can report that rather than 689190225Srpaulo * saying we had a mysterious failure and 690190225Srpaulo * suggest that they report a problem to the 691190225Srpaulo * libpcap developers. 692190225Srpaulo */ 693190225Srpaulo close(fd); 694190225Srpaulo return (PCAP_ERROR_IFACE_NOT_UP); 695190225Srpaulo } else { 696190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 697190225Srpaulo "BIOCSETIF: %s: %s", 698190225Srpaulo p->opt.source, pcap_strerror(errno)); 699190225Srpaulo close(fd); 700190225Srpaulo return (PCAP_ERROR); 701190225Srpaulo } 702190225Srpaulo } 703190225Srpaulo 704190225Srpaulo /* 705190225Srpaulo * We know the default link type -- now determine all the DLTs 706190225Srpaulo * this interface supports. If this fails with EINVAL, it's 707190225Srpaulo * not fatal; we just don't get to use the feature later. 708190225Srpaulo * (We don't care about DLT_DOCSIS, so we pass DLT_NULL 709190225Srpaulo * as the default DLT for this adapter.) 710190225Srpaulo */ 711190225Srpaulo if (get_dlt_list(fd, DLT_NULL, &bdl, p->errbuf) == PCAP_ERROR) { 712190225Srpaulo close(fd); 713190225Srpaulo return (PCAP_ERROR); 714190225Srpaulo } 715190225Srpaulo if (find_802_11(&bdl) != -1) { 716190225Srpaulo /* 717190225Srpaulo * We have an 802.11 DLT, so we can set monitor mode. 718190225Srpaulo */ 719190225Srpaulo free(bdl.bfl_list); 720190225Srpaulo close(fd); 721190225Srpaulo return (1); 722190225Srpaulo } 723190225Srpaulo free(bdl.bfl_list); 724190225Srpaulo#endif /* BIOCGDLTLIST */ 725190225Srpaulo return (0); 726190225Srpaulo#elif defined(HAVE_BSD_IEEE80211) 727190225Srpaulo int ret; 728190225Srpaulo 729190225Srpaulo ret = monitor_mode(p, 0); 730190225Srpaulo if (ret == PCAP_ERROR_RFMON_NOTSUP) 731190225Srpaulo return (0); /* not an error, just a "can't do" */ 732190225Srpaulo if (ret == 0) 733190225Srpaulo return (1); /* success */ 734190225Srpaulo return (ret); 735190225Srpaulo#else 736190225Srpaulo return (0); 737190225Srpaulo#endif 738190225Srpaulo} 739190225Srpaulo 740190225Srpaulostatic int 741127664Sbmspcap_stats_bpf(pcap_t *p, struct pcap_stat *ps) 74217683Spst{ 74317683Spst struct bpf_stat s; 74417683Spst 74598530Sfenner /* 74698530Sfenner * "ps_recv" counts packets handed to the filter, not packets 74798530Sfenner * that passed the filter. This includes packets later dropped 74898530Sfenner * because we ran out of buffer space. 74998530Sfenner * 75098530Sfenner * "ps_drop" counts packets dropped inside the BPF device 75198530Sfenner * because we ran out of buffer space. It doesn't count 75298530Sfenner * packets dropped by the interface driver. It counts 75398530Sfenner * only packets that passed the filter. 75498530Sfenner * 75598530Sfenner * Both statistics include packets not yet read from the kernel 75698530Sfenner * by libpcap, and thus not yet seen by the application. 75798530Sfenner */ 75817683Spst if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) { 75975107Sfenner snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s", 76075107Sfenner pcap_strerror(errno)); 761190225Srpaulo return (PCAP_ERROR); 76217683Spst } 76317683Spst 76417683Spst ps->ps_recv = s.bs_recv; 76517683Spst ps->ps_drop = s.bs_drop; 766214518Srpaulo ps->ps_ifdrop = 0; 76717683Spst return (0); 76817683Spst} 76917683Spst 770127664Sbmsstatic int 771127664Sbmspcap_read_bpf(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 77217683Spst{ 77317683Spst int cc; 77417683Spst int n = 0; 77517683Spst register u_char *bp, *ep; 776146768Ssam u_char *datap; 777146768Ssam#ifdef PCAP_FDDIPAD 778146768Ssam register int pad; 779146768Ssam#endif 780190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 781190225Srpaulo int i; 782190225Srpaulo#endif 78317683Spst 78417683Spst again: 785127664Sbms /* 786127664Sbms * Has "pcap_breakloop()" been called? 787127664Sbms */ 788127664Sbms if (p->break_loop) { 789127664Sbms /* 790127664Sbms * Yes - clear the flag that indicates that it 791190225Srpaulo * has, and return PCAP_ERROR_BREAK to indicate 792190225Srpaulo * that we were told to break out of the loop. 793127664Sbms */ 794127664Sbms p->break_loop = 0; 795190225Srpaulo return (PCAP_ERROR_BREAK); 796127664Sbms } 79717683Spst cc = p->cc; 79817683Spst if (p->cc == 0) { 799183102Scsjp /* 800183102Scsjp * When reading without zero-copy from a file descriptor, we 801183102Scsjp * use a single buffer and return a length of data in the 802183102Scsjp * buffer. With zero-copy, we update the p->buffer pointer 803183102Scsjp * to point at whatever underlying buffer contains the next 804183102Scsjp * data and update cc to reflect the data found in the 805183102Scsjp * buffer. 806183102Scsjp */ 807190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 808190225Srpaulo if (p->md.zerocopy) { 809183102Scsjp if (p->buffer != NULL) 810183102Scsjp pcap_ack_zbuf(p); 811183102Scsjp i = pcap_next_zbuf(p, &cc); 812183102Scsjp if (i == 0) 813183102Scsjp goto again; 814183102Scsjp if (i < 0) 815190225Srpaulo return (PCAP_ERROR); 816183102Scsjp } else 817183102Scsjp#endif 818190225Srpaulo { 819183102Scsjp cc = read(p->fd, (char *)p->buffer, p->bufsize); 820190225Srpaulo } 82117683Spst if (cc < 0) { 82217683Spst /* Don't choke when we get ptraced */ 82317683Spst switch (errno) { 82417683Spst 82517683Spst case EINTR: 82617683Spst goto again; 82717683Spst 828127664Sbms#ifdef _AIX 829127664Sbms case EFAULT: 830127664Sbms /* 831127664Sbms * Sigh. More AIX wonderfulness. 832127664Sbms * 833127664Sbms * For some unknown reason the uiomove() 834127664Sbms * operation in the bpf kernel extension 835190225Srpaulo * used to copy the buffer into user 836127664Sbms * space sometimes returns EFAULT. I have 837127664Sbms * no idea why this is the case given that 838190225Srpaulo * a kernel debugger shows the user buffer 839190225Srpaulo * is correct. This problem appears to 840190225Srpaulo * be mostly mitigated by the memset of 841190225Srpaulo * the buffer before it is first used. 842127664Sbms * Very strange.... Shaun Clowes 843127664Sbms * 844190225Srpaulo * In any case this means that we shouldn't 845127664Sbms * treat EFAULT as a fatal error; as we 846127664Sbms * don't have an API for returning 847127664Sbms * a "some packets were dropped since 848127664Sbms * the last packet you saw" indication, 849127664Sbms * we just ignore EFAULT and keep reading. 850127664Sbms */ 851127664Sbms goto again; 852190225Srpaulo#endif 853190225Srpaulo 85417683Spst case EWOULDBLOCK: 85517683Spst return (0); 856214518Srpaulo 857214518Srpaulo case ENXIO: 858214518Srpaulo /* 859214518Srpaulo * The device on which we're capturing 860214518Srpaulo * went away. 861214518Srpaulo * 862214518Srpaulo * XXX - we should really return 863214518Srpaulo * PCAP_ERROR_IFACE_NOT_UP, but 864214518Srpaulo * pcap_dispatch() etc. aren't 865214518Srpaulo * defined to retur that. 866214518Srpaulo */ 867214518Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 868214518Srpaulo "The interface went down"); 869214518Srpaulo return (PCAP_ERROR); 870214518Srpaulo 871214518Srpaulo#if defined(sun) && !defined(BSD) && !defined(__svr4__) && !defined(__SVR4) 87217683Spst /* 87317683Spst * Due to a SunOS bug, after 2^31 bytes, the kernel 87417683Spst * file offset overflows and read fails with EINVAL. 87517683Spst * The lseek() to 0 will fix things. 87617683Spst */ 87717683Spst case EINVAL: 87817683Spst if (lseek(p->fd, 0L, SEEK_CUR) + 87917683Spst p->bufsize < 0) { 88017683Spst (void)lseek(p->fd, 0L, SEEK_SET); 88117683Spst goto again; 88217683Spst } 88317683Spst /* fall through */ 88417683Spst#endif 88517683Spst } 88675107Sfenner snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read: %s", 88775107Sfenner pcap_strerror(errno)); 888190225Srpaulo return (PCAP_ERROR); 88917683Spst } 89017683Spst bp = p->buffer; 89117683Spst } else 89217683Spst bp = p->bp; 89317683Spst 89417683Spst /* 89517683Spst * Loop through each packet. 89617683Spst */ 89717683Spst#define bhp ((struct bpf_hdr *)bp) 89817683Spst ep = bp + cc; 899146768Ssam#ifdef PCAP_FDDIPAD 900146768Ssam pad = p->fddipad; 901146768Ssam#endif 90217683Spst while (bp < ep) { 90317683Spst register int caplen, hdrlen; 904127664Sbms 905127664Sbms /* 906127664Sbms * Has "pcap_breakloop()" been called? 907127664Sbms * If so, return immediately - if we haven't read any 908190225Srpaulo * packets, clear the flag and return PCAP_ERROR_BREAK 909190225Srpaulo * to indicate that we were told to break out of the loop, 910190225Srpaulo * otherwise leave the flag set, so that the *next* call 911190225Srpaulo * will break out of the loop without having read any 912190225Srpaulo * packets, and return the number of packets we've 913190225Srpaulo * processed so far. 914127664Sbms */ 915127664Sbms if (p->break_loop) { 916127664Sbms if (n == 0) { 917127664Sbms p->break_loop = 0; 918190225Srpaulo return (PCAP_ERROR_BREAK); 919127664Sbms } else { 920127664Sbms p->bp = bp; 921127664Sbms p->cc = ep - bp; 922127664Sbms return (n); 923127664Sbms } 924127664Sbms } 925127664Sbms 92617683Spst caplen = bhp->bh_caplen; 92717683Spst hdrlen = bhp->bh_hdrlen; 928146768Ssam datap = bp + hdrlen; 92917683Spst /* 930127664Sbms * Short-circuit evaluation: if using BPF filter 931190225Srpaulo * in kernel, no need to do it now - we already know 932190225Srpaulo * the packet passed the filter. 933146768Ssam * 934146768Ssam#ifdef PCAP_FDDIPAD 935146768Ssam * Note: the filter code was generated assuming 936146768Ssam * that p->fddipad was the amount of padding 937146768Ssam * before the header, as that's what's required 938146768Ssam * in the kernel, so we run the filter before 939146768Ssam * skipping that padding. 940146768Ssam#endif 94117683Spst */ 942190225Srpaulo if (p->md.use_bpf || 943190225Srpaulo bpf_filter(p->fcode.bf_insns, datap, bhp->bh_datalen, caplen)) { 944146768Ssam struct pcap_pkthdr pkthdr; 945146768Ssam 946146768Ssam pkthdr.ts.tv_sec = bhp->bh_tstamp.tv_sec; 94798530Sfenner#ifdef _AIX 948127664Sbms /* 949127664Sbms * AIX's BPF returns seconds/nanoseconds time 950127664Sbms * stamps, not seconds/microseconds time stamps. 951127664Sbms */ 952146768Ssam pkthdr.ts.tv_usec = bhp->bh_tstamp.tv_usec/1000; 953146768Ssam#else 954146768Ssam pkthdr.ts.tv_usec = bhp->bh_tstamp.tv_usec; 95598530Sfenner#endif 956146768Ssam#ifdef PCAP_FDDIPAD 957146768Ssam if (caplen > pad) 958146768Ssam pkthdr.caplen = caplen - pad; 959146768Ssam else 960146768Ssam pkthdr.caplen = 0; 961146768Ssam if (bhp->bh_datalen > pad) 962146768Ssam pkthdr.len = bhp->bh_datalen - pad; 963146768Ssam else 964146768Ssam pkthdr.len = 0; 965146768Ssam datap += pad; 966146768Ssam#else 967146768Ssam pkthdr.caplen = caplen; 968146768Ssam pkthdr.len = bhp->bh_datalen; 969146768Ssam#endif 970146768Ssam (*callback)(user, &pkthdr, datap); 971127664Sbms bp += BPF_WORDALIGN(caplen + hdrlen); 972127664Sbms if (++n >= cnt && cnt > 0) { 973127664Sbms p->bp = bp; 974127664Sbms p->cc = ep - bp; 975127664Sbms return (n); 976127664Sbms } 977127664Sbms } else { 978127664Sbms /* 979127664Sbms * Skip this packet. 980127664Sbms */ 981127664Sbms bp += BPF_WORDALIGN(caplen + hdrlen); 98217683Spst } 98317683Spst } 98417683Spst#undef bhp 98517683Spst p->cc = 0; 98617683Spst return (n); 98717683Spst} 98817683Spst 989146768Ssamstatic int 990146768Ssampcap_inject_bpf(pcap_t *p, const void *buf, size_t size) 991146768Ssam{ 992146768Ssam int ret; 993146768Ssam 994146768Ssam ret = write(p->fd, buf, size); 995146768Ssam#ifdef __APPLE__ 996146768Ssam if (ret == -1 && errno == EAFNOSUPPORT) { 997146768Ssam /* 998146768Ssam * In Mac OS X, there's a bug wherein setting the 999146768Ssam * BIOCSHDRCMPLT flag causes writes to fail; see, 1000146768Ssam * for example: 1001146768Ssam * 1002146768Ssam * http://cerberus.sourcefire.com/~jeff/archives/patches/macosx/BIOCSHDRCMPLT-10.3.3.patch 1003146768Ssam * 1004146768Ssam * So, if, on OS X, we get EAFNOSUPPORT from the write, we 1005146768Ssam * assume it's due to that bug, and turn off that flag 1006146768Ssam * and try again. If we succeed, it either means that 1007146768Ssam * somebody applied the fix from that URL, or other patches 1008146768Ssam * for that bug from 1009146768Ssam * 1010146768Ssam * http://cerberus.sourcefire.com/~jeff/archives/patches/macosx/ 1011146768Ssam * 1012146768Ssam * and are running a Darwin kernel with those fixes, or 1013146768Ssam * that Apple fixed the problem in some OS X release. 1014146768Ssam */ 1015146768Ssam u_int spoof_eth_src = 0; 1016146768Ssam 1017146768Ssam if (ioctl(p->fd, BIOCSHDRCMPLT, &spoof_eth_src) == -1) { 1018146768Ssam (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1019146768Ssam "send: can't turn off BIOCSHDRCMPLT: %s", 1020146768Ssam pcap_strerror(errno)); 1021190225Srpaulo return (PCAP_ERROR); 1022146768Ssam } 1023146768Ssam 1024146768Ssam /* 1025146768Ssam * Now try the write again. 1026146768Ssam */ 1027146768Ssam ret = write(p->fd, buf, size); 1028146768Ssam } 1029146768Ssam#endif /* __APPLE__ */ 1030146768Ssam if (ret == -1) { 1031146768Ssam snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s", 1032146768Ssam pcap_strerror(errno)); 1033190225Srpaulo return (PCAP_ERROR); 1034146768Ssam } 1035146768Ssam return (ret); 1036146768Ssam} 1037146768Ssam 1038127664Sbms#ifdef _AIX 1039190225Srpaulostatic int 1040127664Sbmsbpf_odminit(char *errbuf) 1041127664Sbms{ 1042127664Sbms char *errstr; 1043127664Sbms 1044127664Sbms if (odm_initialize() == -1) { 1045127664Sbms if (odm_err_msg(odmerrno, &errstr) == -1) 1046127664Sbms errstr = "Unknown error"; 1047127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1048127664Sbms "bpf_load: odm_initialize failed: %s", 1049127664Sbms errstr); 1050190225Srpaulo return (PCAP_ERROR); 1051127664Sbms } 1052127664Sbms 1053127664Sbms if ((odmlockid = odm_lock("/etc/objrepos/config_lock", ODM_WAIT)) == -1) { 1054127664Sbms if (odm_err_msg(odmerrno, &errstr) == -1) 1055127664Sbms errstr = "Unknown error"; 1056127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1057127664Sbms "bpf_load: odm_lock of /etc/objrepos/config_lock failed: %s", 1058127664Sbms errstr); 1059214518Srpaulo (void)odm_terminate(); 1060190225Srpaulo return (PCAP_ERROR); 1061127664Sbms } 1062127664Sbms 1063127664Sbms return (0); 1064127664Sbms} 1065127664Sbms 1066190225Srpaulostatic int 1067127664Sbmsbpf_odmcleanup(char *errbuf) 1068127664Sbms{ 1069127664Sbms char *errstr; 1070127664Sbms 1071127664Sbms if (odm_unlock(odmlockid) == -1) { 1072214518Srpaulo if (errbuf != NULL) { 1073214518Srpaulo if (odm_err_msg(odmerrno, &errstr) == -1) 1074214518Srpaulo errstr = "Unknown error"; 1075214518Srpaulo snprintf(errbuf, PCAP_ERRBUF_SIZE, 1076214518Srpaulo "bpf_load: odm_unlock failed: %s", 1077214518Srpaulo errstr); 1078214518Srpaulo } 1079190225Srpaulo return (PCAP_ERROR); 1080127664Sbms } 1081127664Sbms 1082127664Sbms if (odm_terminate() == -1) { 1083214518Srpaulo if (errbuf != NULL) { 1084214518Srpaulo if (odm_err_msg(odmerrno, &errstr) == -1) 1085214518Srpaulo errstr = "Unknown error"; 1086214518Srpaulo snprintf(errbuf, PCAP_ERRBUF_SIZE, 1087214518Srpaulo "bpf_load: odm_terminate failed: %s", 1088214518Srpaulo errstr); 1089214518Srpaulo } 1090190225Srpaulo return (PCAP_ERROR); 1091127664Sbms } 1092127664Sbms 1093127664Sbms return (0); 1094127664Sbms} 1095127664Sbms 1096127664Sbmsstatic int 1097127664Sbmsbpf_load(char *errbuf) 1098127664Sbms{ 1099127664Sbms long major; 1100127664Sbms int *minors; 1101127664Sbms int numminors, i, rc; 1102127664Sbms char buf[1024]; 1103127664Sbms struct stat sbuf; 1104127664Sbms struct bpf_config cfg_bpf; 1105127664Sbms struct cfg_load cfg_ld; 1106127664Sbms struct cfg_kmod cfg_km; 1107127664Sbms 1108127664Sbms /* 1109127664Sbms * This is very very close to what happens in the real implementation 1110127664Sbms * but I've fixed some (unlikely) bug situations. 1111127664Sbms */ 1112127664Sbms if (bpfloadedflag) 1113127664Sbms return (0); 1114127664Sbms 1115190225Srpaulo if (bpf_odminit(errbuf) == PCAP_ERROR) 1116190225Srpaulo return (PCAP_ERROR); 1117127664Sbms 1118127664Sbms major = genmajor(BPF_NAME); 1119127664Sbms if (major == -1) { 1120127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1121127664Sbms "bpf_load: genmajor failed: %s", pcap_strerror(errno)); 1122214518Srpaulo (void)bpf_odmcleanup(NULL); 1123190225Srpaulo return (PCAP_ERROR); 1124127664Sbms } 1125127664Sbms 1126127664Sbms minors = getminor(major, &numminors, BPF_NAME); 1127127664Sbms if (!minors) { 1128127664Sbms minors = genminor("bpf", major, 0, BPF_MINORS, 1, 1); 1129127664Sbms if (!minors) { 1130127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1131127664Sbms "bpf_load: genminor failed: %s", 1132127664Sbms pcap_strerror(errno)); 1133214518Srpaulo (void)bpf_odmcleanup(NULL); 1134190225Srpaulo return (PCAP_ERROR); 1135127664Sbms } 1136127664Sbms } 1137127664Sbms 1138190225Srpaulo if (bpf_odmcleanup(errbuf) == PCAP_ERROR) 1139190225Srpaulo return (PCAP_ERROR); 1140127664Sbms 1141127664Sbms rc = stat(BPF_NODE "0", &sbuf); 1142127664Sbms if (rc == -1 && errno != ENOENT) { 1143127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1144127664Sbms "bpf_load: can't stat %s: %s", 1145127664Sbms BPF_NODE "0", pcap_strerror(errno)); 1146190225Srpaulo return (PCAP_ERROR); 1147127664Sbms } 1148127664Sbms 1149127664Sbms if (rc == -1 || getmajor(sbuf.st_rdev) != major) { 1150127664Sbms for (i = 0; i < BPF_MINORS; i++) { 1151127664Sbms sprintf(buf, "%s%d", BPF_NODE, i); 1152127664Sbms unlink(buf); 1153127664Sbms if (mknod(buf, S_IRUSR | S_IFCHR, domakedev(major, i)) == -1) { 1154127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1155127664Sbms "bpf_load: can't mknod %s: %s", 1156127664Sbms buf, pcap_strerror(errno)); 1157190225Srpaulo return (PCAP_ERROR); 1158127664Sbms } 1159127664Sbms } 1160127664Sbms } 1161127664Sbms 1162127664Sbms /* Check if the driver is loaded */ 1163127664Sbms memset(&cfg_ld, 0x0, sizeof(cfg_ld)); 1164127664Sbms cfg_ld.path = buf; 1165127664Sbms sprintf(cfg_ld.path, "%s/%s", DRIVER_PATH, BPF_NAME); 1166127664Sbms if ((sysconfig(SYS_QUERYLOAD, (void *)&cfg_ld, sizeof(cfg_ld)) == -1) || 1167127664Sbms (cfg_ld.kmid == 0)) { 1168127664Sbms /* Driver isn't loaded, load it now */ 1169127664Sbms if (sysconfig(SYS_SINGLELOAD, (void *)&cfg_ld, sizeof(cfg_ld)) == -1) { 1170127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1171127664Sbms "bpf_load: could not load driver: %s", 1172127664Sbms strerror(errno)); 1173190225Srpaulo return (PCAP_ERROR); 1174127664Sbms } 1175127664Sbms } 1176127664Sbms 1177127664Sbms /* Configure the driver */ 1178127664Sbms cfg_km.cmd = CFG_INIT; 1179127664Sbms cfg_km.kmid = cfg_ld.kmid; 1180127664Sbms cfg_km.mdilen = sizeof(cfg_bpf); 1181190225Srpaulo cfg_km.mdiptr = (void *)&cfg_bpf; 1182127664Sbms for (i = 0; i < BPF_MINORS; i++) { 1183127664Sbms cfg_bpf.devno = domakedev(major, i); 1184127664Sbms if (sysconfig(SYS_CFGKMOD, (void *)&cfg_km, sizeof(cfg_km)) == -1) { 1185127664Sbms snprintf(errbuf, PCAP_ERRBUF_SIZE, 1186127664Sbms "bpf_load: could not configure driver: %s", 1187127664Sbms strerror(errno)); 1188190225Srpaulo return (PCAP_ERROR); 1189127664Sbms } 1190127664Sbms } 1191190225Srpaulo 1192127664Sbms bpfloadedflag = 1; 1193127664Sbms 1194127664Sbms return (0); 1195127664Sbms} 1196127664Sbms#endif 1197127664Sbms 1198190225Srpaulo/* 1199190225Srpaulo * Turn off rfmon mode if necessary. 1200190225Srpaulo */ 1201190225Srpaulostatic void 1202190225Srpaulopcap_cleanup_bpf(pcap_t *p) 120317683Spst{ 1204190225Srpaulo#ifdef HAVE_BSD_IEEE80211 1205190225Srpaulo int sock; 1206190225Srpaulo struct ifmediareq req; 1207190225Srpaulo struct ifreq ifr; 1208172680Smlaier#endif 120917683Spst 1210214518Srpaulo if (p->md.must_do_on_close != 0) { 1211190225Srpaulo /* 1212190225Srpaulo * There's something we have to do when closing this 1213190225Srpaulo * pcap_t. 1214190225Srpaulo */ 1215190225Srpaulo#ifdef HAVE_BSD_IEEE80211 1216214518Srpaulo if (p->md.must_do_on_close & MUST_CLEAR_RFMON) { 1217190225Srpaulo /* 1218190225Srpaulo * We put the interface into rfmon mode; 1219190225Srpaulo * take it out of rfmon mode. 1220190225Srpaulo * 1221190225Srpaulo * XXX - if somebody else wants it in rfmon 1222190225Srpaulo * mode, this code cannot know that, so it'll take 1223190225Srpaulo * it out of rfmon mode. 1224190225Srpaulo */ 1225190225Srpaulo sock = socket(AF_INET, SOCK_DGRAM, 0); 1226190225Srpaulo if (sock == -1) { 1227190225Srpaulo fprintf(stderr, 1228190225Srpaulo "Can't restore interface flags (socket() failed: %s).\n" 1229190225Srpaulo "Please adjust manually.\n", 1230190225Srpaulo strerror(errno)); 1231190225Srpaulo } else { 1232190225Srpaulo memset(&req, 0, sizeof(req)); 1233190225Srpaulo strncpy(req.ifm_name, p->md.device, 1234190225Srpaulo sizeof(req.ifm_name)); 1235190225Srpaulo if (ioctl(sock, SIOCGIFMEDIA, &req) < 0) { 1236190225Srpaulo fprintf(stderr, 1237190225Srpaulo "Can't restore interface flags (SIOCGIFMEDIA failed: %s).\n" 1238190225Srpaulo "Please adjust manually.\n", 1239190225Srpaulo strerror(errno)); 1240190225Srpaulo } else { 1241190225Srpaulo if (req.ifm_current & IFM_IEEE80211_MONITOR) { 1242190225Srpaulo /* 1243190225Srpaulo * Rfmon mode is currently on; 1244190225Srpaulo * turn it off. 1245190225Srpaulo */ 1246190225Srpaulo memset(&ifr, 0, sizeof(ifr)); 1247190225Srpaulo (void)strncpy(ifr.ifr_name, 1248190225Srpaulo p->md.device, 1249190225Srpaulo sizeof(ifr.ifr_name)); 1250190225Srpaulo ifr.ifr_media = 1251190225Srpaulo req.ifm_current & ~IFM_IEEE80211_MONITOR; 1252190225Srpaulo if (ioctl(sock, SIOCSIFMEDIA, 1253190225Srpaulo &ifr) == -1) { 1254190225Srpaulo fprintf(stderr, 1255190225Srpaulo "Can't restore interface flags (SIOCSIFMEDIA failed: %s).\n" 1256190225Srpaulo "Please adjust manually.\n", 1257190225Srpaulo strerror(errno)); 1258190225Srpaulo } 1259190225Srpaulo } 1260190225Srpaulo } 1261190225Srpaulo close(sock); 1262190225Srpaulo } 1263190225Srpaulo } 1264190225Srpaulo#endif /* HAVE_BSD_IEEE80211 */ 1265127664Sbms 1266146768Ssam /* 1267190225Srpaulo * Take this pcap out of the list of pcaps for which we 1268190225Srpaulo * have to take the interface out of some mode. 1269146768Ssam */ 1270190225Srpaulo pcap_remove_from_pcaps_to_close(p); 1271214518Srpaulo p->md.must_do_on_close = 0; 1272190225Srpaulo } 127317683Spst 1274190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 127517683Spst /* 1276190225Srpaulo * In zero-copy mode, p->buffer is just a pointer into one of the two 1277190225Srpaulo * memory-mapped buffers, so no need to free it. 127817683Spst */ 1279190225Srpaulo if (p->md.zerocopy) { 1280190225Srpaulo if (p->md.zbuf1 != MAP_FAILED && p->md.zbuf1 != NULL) 1281190225Srpaulo munmap(p->md.zbuf1, p->md.zbufsize); 1282190225Srpaulo if (p->md.zbuf2 != MAP_FAILED && p->md.zbuf2 != NULL) 1283190225Srpaulo munmap(p->md.zbuf2, p->md.zbufsize); 1284222654Scsjp p->buffer = NULL; 1285190225Srpaulo } 1286172680Smlaier#endif 1287190225Srpaulo if (p->md.device != NULL) { 1288190225Srpaulo free(p->md.device); 1289190225Srpaulo p->md.device = NULL; 1290190225Srpaulo } 1291190225Srpaulo pcap_cleanup_live_common(p); 129217683Spst} 129317683Spst 1294190225Srpaulostatic int 1295190225Srpaulocheck_setif_failure(pcap_t *p, int error) 1296190225Srpaulo{ 1297190225Srpaulo#ifdef __APPLE__ 1298190225Srpaulo int fd; 1299190225Srpaulo struct ifreq ifr; 1300190225Srpaulo int err; 1301146768Ssam#endif 1302146768Ssam 1303190225Srpaulo if (error == ENXIO) { 1304190225Srpaulo /* 1305190225Srpaulo * No such device exists. 1306190225Srpaulo */ 1307190225Srpaulo#ifdef __APPLE__ 1308190225Srpaulo if (p->opt.rfmon && strncmp(p->opt.source, "wlt", 3) == 0) { 1309190225Srpaulo /* 1310190225Srpaulo * Monitor mode was requested, and we're trying 1311190225Srpaulo * to open a "wltN" device. Assume that this 1312190225Srpaulo * is 10.4 and that we were asked to open an 1313190225Srpaulo * "enN" device; if that device exists, return 1314190225Srpaulo * "monitor mode not supported on the device". 1315190225Srpaulo */ 1316190225Srpaulo fd = socket(AF_INET, SOCK_DGRAM, 0); 1317190225Srpaulo if (fd != -1) { 1318190225Srpaulo strlcpy(ifr.ifr_name, "en", 1319190225Srpaulo sizeof(ifr.ifr_name)); 1320190225Srpaulo strlcat(ifr.ifr_name, p->opt.source + 3, 1321190225Srpaulo sizeof(ifr.ifr_name)); 1322190225Srpaulo if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) { 1323190225Srpaulo /* 1324190225Srpaulo * We assume this failed because 1325190225Srpaulo * the underlying device doesn't 1326190225Srpaulo * exist. 1327190225Srpaulo */ 1328190225Srpaulo err = PCAP_ERROR_NO_SUCH_DEVICE; 1329214518Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1330214518Srpaulo "SIOCGIFFLAGS on %s failed: %s", 1331214518Srpaulo ifr.ifr_name, pcap_strerror(errno)); 1332190225Srpaulo } else { 1333190225Srpaulo /* 1334190225Srpaulo * The underlying "enN" device 1335190225Srpaulo * exists, but there's no 1336190225Srpaulo * corresponding "wltN" device; 1337190225Srpaulo * that means that the "enN" 1338190225Srpaulo * device doesn't support 1339190225Srpaulo * monitor mode, probably because 1340190225Srpaulo * it's an Ethernet device rather 1341190225Srpaulo * than a wireless device. 1342190225Srpaulo */ 1343190225Srpaulo err = PCAP_ERROR_RFMON_NOTSUP; 1344190225Srpaulo } 1345190225Srpaulo close(fd); 1346190225Srpaulo } else { 1347190225Srpaulo /* 1348190225Srpaulo * We can't find out whether there's 1349190225Srpaulo * an underlying "enN" device, so 1350190225Srpaulo * just report "no such device". 1351190225Srpaulo */ 1352190225Srpaulo err = PCAP_ERROR_NO_SUCH_DEVICE; 1353214518Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1354214518Srpaulo "socket() failed: %s", 1355214518Srpaulo pcap_strerror(errno)); 1356190225Srpaulo } 1357190225Srpaulo return (err); 1358190225Srpaulo } 1359190225Srpaulo#endif 1360190225Srpaulo /* 1361190225Srpaulo * No such device. 1362190225Srpaulo */ 1363214518Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETIF failed: %s", 1364214518Srpaulo pcap_strerror(errno)); 1365190225Srpaulo return (PCAP_ERROR_NO_SUCH_DEVICE); 1366190225Srpaulo } else if (errno == ENETDOWN) { 1367190225Srpaulo /* 1368190225Srpaulo * Return a "network down" indication, so that 1369190225Srpaulo * the application can report that rather than 1370190225Srpaulo * saying we had a mysterious failure and 1371190225Srpaulo * suggest that they report a problem to the 1372190225Srpaulo * libpcap developers. 1373190225Srpaulo */ 1374190225Srpaulo return (PCAP_ERROR_IFACE_NOT_UP); 1375190225Srpaulo } else { 1376190225Srpaulo /* 1377190225Srpaulo * Some other error; fill in the error string, and 1378190225Srpaulo * return PCAP_ERROR. 1379190225Srpaulo */ 1380190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s", 1381190225Srpaulo p->opt.source, pcap_strerror(errno)); 1382190225Srpaulo return (PCAP_ERROR); 1383190225Srpaulo } 1384190225Srpaulo} 1385190225Srpaulo 1386214518Srpaulo/* 1387214518Srpaulo * Default capture buffer size. 1388214518Srpaulo * 32K isn't very much for modern machines with fast networks; we 1389214518Srpaulo * pick .5M, as that's the maximum on at least some systems with BPF. 1390214518Srpaulo */ 1391214518Srpaulo#define DEFAULT_BUFSIZE 524288 1392214518Srpaulo 1393190225Srpaulostatic int 1394190225Srpaulopcap_activate_bpf(pcap_t *p) 139517683Spst{ 1396190225Srpaulo int status = 0; 139717683Spst int fd; 139817683Spst struct ifreq ifr; 139917683Spst struct bpf_version bv; 1400190225Srpaulo#ifdef __APPLE__ 1401190225Srpaulo int sockfd; 1402190225Srpaulo char *wltdev = NULL; 1403190225Srpaulo#endif 1404127664Sbms#ifdef BIOCGDLTLIST 1405109839Sfenner struct bpf_dltlist bdl; 1406190225Srpaulo#if defined(__APPLE__) || defined(HAVE_BSD_IEEE80211) 1407190225Srpaulo int new_dlt; 1408127664Sbms#endif 1409190225Srpaulo#endif /* BIOCGDLTLIST */ 1410146768Ssam#if defined(BIOCGHDRCMPLT) && defined(BIOCSHDRCMPLT) 1411146768Ssam u_int spoof_eth_src = 1; 1412146768Ssam#endif 141317683Spst u_int v; 1414146768Ssam struct bpf_insn total_insn; 1415146768Ssam struct bpf_program total_prog; 1416127664Sbms struct utsname osinfo; 141717683Spst 1418127664Sbms#ifdef HAVE_DAG_API 1419127664Sbms if (strstr(device, "dag")) { 1420127664Sbms return dag_open_live(device, snaplen, promisc, to_ms, ebuf); 1421127664Sbms } 1422127664Sbms#endif /* HAVE_DAG_API */ 1423109839Sfenner 1424127664Sbms#ifdef BIOCGDLTLIST 1425127664Sbms memset(&bdl, 0, sizeof(bdl)); 1426190225Srpaulo int have_osinfo = 0; 1427190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 1428190225Srpaulo struct bpf_zbuf bz; 1429190225Srpaulo u_int bufmode, zbufmax; 1430127664Sbms#endif 1431127664Sbms 1432190225Srpaulo fd = bpf_open(p); 1433190225Srpaulo if (fd < 0) { 1434190225Srpaulo status = fd; 1435190225Srpaulo goto bad; 143617683Spst } 143717683Spst 143817683Spst p->fd = fd; 143917683Spst 144017683Spst if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) { 1441190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s", 144275107Sfenner pcap_strerror(errno)); 1443190225Srpaulo status = PCAP_ERROR; 144417683Spst goto bad; 144517683Spst } 144617683Spst if (bv.bv_major != BPF_MAJOR_VERSION || 144717683Spst bv.bv_minor < BPF_MINOR_VERSION) { 1448190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 144975107Sfenner "kernel bpf filter out of date"); 1450190225Srpaulo status = PCAP_ERROR; 145117683Spst goto bad; 145217683Spst } 145375107Sfenner 1454190225Srpaulo p->md.device = strdup(p->opt.source); 1455190225Srpaulo if (p->md.device == NULL) { 1456190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "strdup: %s", 1457190225Srpaulo pcap_strerror(errno)); 1458190225Srpaulo status = PCAP_ERROR; 1459190225Srpaulo goto bad; 1460190225Srpaulo } 1461190225Srpaulo 146275107Sfenner /* 1463190225Srpaulo * Try finding a good size for the buffer; 32768 may be too 1464190225Srpaulo * big, so keep cutting it in half until we find a size 1465190225Srpaulo * that works, or run out of sizes to try. If the default 1466190225Srpaulo * is larger, don't make it smaller. 1467190225Srpaulo * 1468190225Srpaulo * XXX - there should be a user-accessible hook to set the 1469190225Srpaulo * initial buffer size. 1470190225Srpaulo * Attempt to find out the version of the OS on which we're running. 1471190225Srpaulo */ 1472190225Srpaulo if (uname(&osinfo) == 0) 1473190225Srpaulo have_osinfo = 1; 1474190225Srpaulo 1475190225Srpaulo#ifdef __APPLE__ 1476190225Srpaulo /* 1477190225Srpaulo * See comment in pcap_can_set_rfmon_bpf() for an explanation 1478190225Srpaulo * of why we check the version number. 1479190225Srpaulo */ 1480190225Srpaulo if (p->opt.rfmon) { 1481190225Srpaulo if (have_osinfo) { 1482190225Srpaulo /* 1483190225Srpaulo * We assume osinfo.sysname is "Darwin", because 1484190225Srpaulo * __APPLE__ is defined. We just check the version. 1485190225Srpaulo */ 1486190225Srpaulo if (osinfo.release[0] < '8' && 1487190225Srpaulo osinfo.release[1] == '.') { 1488190225Srpaulo /* 1489190225Srpaulo * 10.3 (Darwin 7.x) or earlier. 1490190225Srpaulo */ 1491190225Srpaulo status = PCAP_ERROR_RFMON_NOTSUP; 1492190225Srpaulo goto bad; 1493190225Srpaulo } 1494190225Srpaulo if (osinfo.release[0] == '8' && 1495190225Srpaulo osinfo.release[1] == '.') { 1496190225Srpaulo /* 1497190225Srpaulo * 10.4 (Darwin 8.x). s/en/wlt/ 1498190225Srpaulo */ 1499190225Srpaulo if (strncmp(p->opt.source, "en", 2) != 0) { 1500190225Srpaulo /* 1501190225Srpaulo * Not an enN device; check 1502190225Srpaulo * whether the device even exists. 1503190225Srpaulo */ 1504190225Srpaulo sockfd = socket(AF_INET, SOCK_DGRAM, 0); 1505190225Srpaulo if (sockfd != -1) { 1506190225Srpaulo strlcpy(ifr.ifr_name, 1507190225Srpaulo p->opt.source, 1508190225Srpaulo sizeof(ifr.ifr_name)); 1509190225Srpaulo if (ioctl(sockfd, SIOCGIFFLAGS, 1510190225Srpaulo (char *)&ifr) < 0) { 1511190225Srpaulo /* 1512190225Srpaulo * We assume this 1513190225Srpaulo * failed because 1514190225Srpaulo * the underlying 1515190225Srpaulo * device doesn't 1516190225Srpaulo * exist. 1517190225Srpaulo */ 1518190225Srpaulo status = PCAP_ERROR_NO_SUCH_DEVICE; 1519214518Srpaulo snprintf(p->errbuf, 1520214518Srpaulo PCAP_ERRBUF_SIZE, 1521214518Srpaulo "SIOCGIFFLAGS failed: %s", 1522214518Srpaulo pcap_strerror(errno)); 1523190225Srpaulo } else 1524190225Srpaulo status = PCAP_ERROR_RFMON_NOTSUP; 1525190225Srpaulo close(sockfd); 1526190225Srpaulo } else { 1527190225Srpaulo /* 1528190225Srpaulo * We can't find out whether 1529190225Srpaulo * the device exists, so just 1530190225Srpaulo * report "no such device". 1531190225Srpaulo */ 1532190225Srpaulo status = PCAP_ERROR_NO_SUCH_DEVICE; 1533214518Srpaulo snprintf(p->errbuf, 1534214518Srpaulo PCAP_ERRBUF_SIZE, 1535214518Srpaulo "socket() failed: %s", 1536214518Srpaulo pcap_strerror(errno)); 1537190225Srpaulo } 1538190225Srpaulo goto bad; 1539190225Srpaulo } 1540190225Srpaulo wltdev = malloc(strlen(p->opt.source) + 2); 1541190225Srpaulo if (wltdev == NULL) { 1542190225Srpaulo (void)snprintf(p->errbuf, 1543190225Srpaulo PCAP_ERRBUF_SIZE, "malloc: %s", 1544190225Srpaulo pcap_strerror(errno)); 1545190225Srpaulo status = PCAP_ERROR; 1546190225Srpaulo goto bad; 1547190225Srpaulo } 1548190225Srpaulo strcpy(wltdev, "wlt"); 1549190225Srpaulo strcat(wltdev, p->opt.source + 2); 1550190225Srpaulo free(p->opt.source); 1551190225Srpaulo p->opt.source = wltdev; 1552190225Srpaulo } 1553190225Srpaulo /* 1554190225Srpaulo * Everything else is 10.5 or later; for those, 1555190225Srpaulo * we just open the enN device, and set the DLT. 1556190225Srpaulo */ 1557190225Srpaulo } 1558190225Srpaulo } 1559190225Srpaulo#endif /* __APPLE__ */ 1560190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 1561190225Srpaulo /* 1562183102Scsjp * If the BPF extension to set buffer mode is present, try setting 1563183102Scsjp * the mode to zero-copy. If that fails, use regular buffering. If 1564183102Scsjp * it succeeds but other setup fails, return an error to the user. 156539291Sfenner */ 1566183102Scsjp bufmode = BPF_BUFMODE_ZBUF; 1567183102Scsjp if (ioctl(fd, BIOCSETBUFMODE, (caddr_t)&bufmode) == 0) { 1568190225Srpaulo /* 1569190225Srpaulo * We have zerocopy BPF; use it. 1570190225Srpaulo */ 1571190225Srpaulo p->md.zerocopy = 1; 1572183102Scsjp 1573183102Scsjp /* 1574190225Srpaulo * Set the cleanup and set/get nonblocking mode ops 1575190225Srpaulo * as appropriate for zero-copy mode. 1576190225Srpaulo */ 1577190225Srpaulo p->cleanup_op = pcap_cleanup_zbuf; 1578190225Srpaulo p->setnonblock_op = pcap_setnonblock_zbuf; 1579190225Srpaulo p->getnonblock_op = pcap_getnonblock_zbuf; 1580190225Srpaulo 1581190225Srpaulo /* 1582183102Scsjp * How to pick a buffer size: first, query the maximum buffer 1583183102Scsjp * size supported by zero-copy. This also lets us quickly 1584183102Scsjp * determine whether the kernel generally supports zero-copy. 1585190225Srpaulo * Then, if a buffer size was specified, use that, otherwise 1586190225Srpaulo * query the default buffer size, which reflects kernel 1587183102Scsjp * policy for a desired default. Round to the nearest page 1588183102Scsjp * size. 158975107Sfenner */ 1590183102Scsjp if (ioctl(fd, BIOCGETZMAX, (caddr_t)&zbufmax) < 0) { 1591190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGETZMAX: %s", 1592183102Scsjp pcap_strerror(errno)); 1593183102Scsjp goto bad; 1594183102Scsjp } 1595190225Srpaulo 1596190225Srpaulo if (p->opt.buffer_size != 0) { 1597190225Srpaulo /* 1598190225Srpaulo * A buffer size was explicitly specified; use it. 1599190225Srpaulo */ 1600190225Srpaulo v = p->opt.buffer_size; 1601190225Srpaulo } else { 1602190225Srpaulo if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || 1603214518Srpaulo v < DEFAULT_BUFSIZE) 1604214518Srpaulo v = DEFAULT_BUFSIZE; 1605190225Srpaulo } 1606183102Scsjp#ifndef roundup 1607190225Srpaulo#define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) /* to any y */ 1608183102Scsjp#endif 1609190225Srpaulo p->md.zbufsize = roundup(v, getpagesize()); 1610190225Srpaulo if (p->md.zbufsize > zbufmax) 1611190225Srpaulo p->md.zbufsize = zbufmax; 1612190225Srpaulo p->md.zbuf1 = mmap(NULL, p->md.zbufsize, PROT_READ | PROT_WRITE, 1613183102Scsjp MAP_ANON, -1, 0); 1614190225Srpaulo p->md.zbuf2 = mmap(NULL, p->md.zbufsize, PROT_READ | PROT_WRITE, 1615183102Scsjp MAP_ANON, -1, 0); 1616190225Srpaulo if (p->md.zbuf1 == MAP_FAILED || p->md.zbuf2 == MAP_FAILED) { 1617190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "mmap: %s", 1618183102Scsjp pcap_strerror(errno)); 1619183102Scsjp goto bad; 1620183102Scsjp } 1621183102Scsjp bzero(&bz, sizeof(bz)); 1622190225Srpaulo bz.bz_bufa = p->md.zbuf1; 1623190225Srpaulo bz.bz_bufb = p->md.zbuf2; 1624190225Srpaulo bz.bz_buflen = p->md.zbufsize; 1625183102Scsjp if (ioctl(fd, BIOCSETZBUF, (caddr_t)&bz) < 0) { 1626190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETZBUF: %s", 1627183102Scsjp pcap_strerror(errno)); 1628183102Scsjp goto bad; 1629183102Scsjp } 1630190225Srpaulo (void)strncpy(ifr.ifr_name, p->opt.source, sizeof(ifr.ifr_name)); 1631183102Scsjp if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) { 1632190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s", 1633190225Srpaulo p->opt.source, pcap_strerror(errno)); 163475107Sfenner goto bad; 163575107Sfenner } 1636190225Srpaulo v = p->md.zbufsize - sizeof(struct bpf_zbuf_header); 1637190225Srpaulo } else 1638183102Scsjp#endif 1639190225Srpaulo { 1640183102Scsjp /* 1641190225Srpaulo * We don't have zerocopy BPF. 1642190225Srpaulo * Set the buffer size. 1643183102Scsjp */ 1644190225Srpaulo if (p->opt.buffer_size != 0) { 1645190225Srpaulo /* 1646190225Srpaulo * A buffer size was explicitly specified; use it. 1647183102Scsjp */ 1648190225Srpaulo if (ioctl(fd, BIOCSBLEN, 1649190225Srpaulo (caddr_t)&p->opt.buffer_size) < 0) { 1650190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1651190225Srpaulo "BIOCSBLEN: %s: %s", p->opt.source, 1652190225Srpaulo pcap_strerror(errno)); 1653190225Srpaulo status = PCAP_ERROR; 1654190225Srpaulo goto bad; 1655190225Srpaulo } 1656183102Scsjp 1657190225Srpaulo /* 1658190225Srpaulo * Now bind to the device. 1659190225Srpaulo */ 1660190225Srpaulo (void)strncpy(ifr.ifr_name, p->opt.source, 1661183102Scsjp sizeof(ifr.ifr_name)); 1662190225Srpaulo if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) { 1663190225Srpaulo status = check_setif_failure(p, errno); 1664190225Srpaulo goto bad; 1665190225Srpaulo } 1666190225Srpaulo } else { 1667190225Srpaulo /* 1668190225Srpaulo * No buffer size was explicitly specified. 1669190225Srpaulo * 1670214518Srpaulo * Try finding a good size for the buffer; 1671214518Srpaulo * DEFAULT_BUFSIZE may be too big, so keep 1672214518Srpaulo * cutting it in half until we find a size 1673214518Srpaulo * that works, or run out of sizes to try. 1674190225Srpaulo * If the default is larger, don't make it smaller. 1675190225Srpaulo */ 1676190225Srpaulo if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || 1677214518Srpaulo v < DEFAULT_BUFSIZE) 1678214518Srpaulo v = DEFAULT_BUFSIZE; 1679190225Srpaulo for ( ; v != 0; v >>= 1) { 1680190225Srpaulo /* 1681190225Srpaulo * Ignore the return value - this is because the 1682190225Srpaulo * call fails on BPF systems that don't have 1683190225Srpaulo * kernel malloc. And if the call fails, it's 1684190225Srpaulo * no big deal, we just continue to use the 1685190225Srpaulo * standard buffer size. 1686190225Srpaulo */ 1687190225Srpaulo (void) ioctl(fd, BIOCSBLEN, (caddr_t)&v); 1688183102Scsjp 1689190225Srpaulo (void)strncpy(ifr.ifr_name, p->opt.source, 1690190225Srpaulo sizeof(ifr.ifr_name)); 1691190225Srpaulo if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0) 1692190225Srpaulo break; /* that size worked; we're done */ 1693190225Srpaulo 1694190225Srpaulo if (errno != ENOBUFS) { 1695190225Srpaulo status = check_setif_failure(p, errno); 1696190225Srpaulo goto bad; 1697190225Srpaulo } 1698190225Srpaulo } 1699190225Srpaulo 1700190225Srpaulo if (v == 0) { 1701190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1702190225Srpaulo "BIOCSBLEN: %s: No buffer size worked", 1703190225Srpaulo p->opt.source); 1704190225Srpaulo status = PCAP_ERROR; 1705183102Scsjp goto bad; 1706183102Scsjp } 1707183102Scsjp } 170817683Spst } 1709183102Scsjp#endif 171075107Sfenner 171117683Spst /* Get the data link layer type. */ 171217683Spst if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) { 1713190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s", 171475107Sfenner pcap_strerror(errno)); 1715190225Srpaulo status = PCAP_ERROR; 171617683Spst goto bad; 171717683Spst } 1718190225Srpaulo 171998530Sfenner#ifdef _AIX 172098530Sfenner /* 172198530Sfenner * AIX's BPF returns IFF_ types, not DLT_ types, in BIOCGDLT. 172298530Sfenner */ 172356889Sfenner switch (v) { 172498530Sfenner 172598530Sfenner case IFT_ETHER: 172698530Sfenner case IFT_ISO88023: 172798530Sfenner v = DLT_EN10MB; 172898530Sfenner break; 172998530Sfenner 173098530Sfenner case IFT_FDDI: 173198530Sfenner v = DLT_FDDI; 173298530Sfenner break; 173398530Sfenner 173498530Sfenner case IFT_ISO88025: 173598530Sfenner v = DLT_IEEE802; 173698530Sfenner break; 173798530Sfenner 1738127664Sbms case IFT_LOOP: 1739127664Sbms v = DLT_NULL; 1740127664Sbms break; 1741127664Sbms 174298530Sfenner default: 174375107Sfenner /* 174498530Sfenner * We don't know what to map this to yet. 174575107Sfenner */ 1746190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown interface type %u", 174798530Sfenner v); 1748190225Srpaulo status = PCAP_ERROR; 174998530Sfenner goto bad; 175056889Sfenner } 175156889Sfenner#endif 175239291Sfenner#if _BSDI_VERSION - 0 >= 199510 175339291Sfenner /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */ 175439291Sfenner switch (v) { 175539291Sfenner 175639291Sfenner case DLT_SLIP: 175739291Sfenner v = DLT_SLIP_BSDOS; 175839291Sfenner break; 175939291Sfenner 176039291Sfenner case DLT_PPP: 176139291Sfenner v = DLT_PPP_BSDOS; 176239291Sfenner break; 176356889Sfenner 176456889Sfenner case 11: /*DLT_FR*/ 1765127664Sbms v = DLT_FRELAY; 176656889Sfenner break; 176756889Sfenner 176856889Sfenner case 12: /*DLT_C_HDLC*/ 176956889Sfenner v = DLT_CHDLC; 177056889Sfenner break; 177139291Sfenner } 177239291Sfenner#endif 177317683Spst 1774127664Sbms#ifdef BIOCGDLTLIST 1775109839Sfenner /* 1776127664Sbms * We know the default link type -- now determine all the DLTs 1777127664Sbms * this interface supports. If this fails with EINVAL, it's 1778127664Sbms * not fatal; we just don't get to use the feature later. 1779109839Sfenner */ 1780190225Srpaulo if (get_dlt_list(fd, v, &bdl, p->errbuf) == -1) { 1781190225Srpaulo status = PCAP_ERROR; 1782190225Srpaulo goto bad; 1783190225Srpaulo } 1784190225Srpaulo p->dlt_count = bdl.bfl_len; 1785190225Srpaulo p->dlt_list = bdl.bfl_list; 1786146768Ssam 1787190225Srpaulo#ifdef __APPLE__ 1788190225Srpaulo /* 1789190225Srpaulo * Monitor mode fun, continued. 1790190225Srpaulo * 1791190225Srpaulo * For 10.5 and, we're assuming, later releases, as noted above, 1792190225Srpaulo * 802.1 adapters that support monitor mode offer both DLT_EN10MB, 1793190225Srpaulo * DLT_IEEE802_11, and possibly some 802.11-plus-radio-information 1794190225Srpaulo * DLT_ value. Choosing one of the 802.11 DLT_ values will turn 1795190225Srpaulo * monitor mode on. 1796190225Srpaulo * 1797190225Srpaulo * Therefore, if the user asked for monitor mode, we filter out 1798190225Srpaulo * the DLT_EN10MB value, as you can't get that in monitor mode, 1799190225Srpaulo * and, if the user didn't ask for monitor mode, we filter out 1800190225Srpaulo * the 802.11 DLT_ values, because selecting those will turn 1801190225Srpaulo * monitor mode on. Then, for monitor mode, if an 802.11-plus- 1802190225Srpaulo * radio DLT_ value is offered, we try to select that, otherwise 1803190225Srpaulo * we try to select DLT_IEEE802_11. 1804190225Srpaulo */ 1805190225Srpaulo if (have_osinfo) { 1806190225Srpaulo if (isdigit((unsigned)osinfo.release[0]) && 1807190225Srpaulo (osinfo.release[0] == '9' || 1808190225Srpaulo isdigit((unsigned)osinfo.release[1]))) { 1809190225Srpaulo /* 1810190225Srpaulo * 10.5 (Darwin 9.x), or later. 1811190225Srpaulo */ 1812190225Srpaulo new_dlt = find_802_11(&bdl); 1813190225Srpaulo if (new_dlt != -1) { 1814190225Srpaulo /* 1815190225Srpaulo * We have at least one 802.11 DLT_ value, 1816190225Srpaulo * so this is an 802.11 interface. 1817190225Srpaulo * new_dlt is the best of the 802.11 1818190225Srpaulo * DLT_ values in the list. 1819190225Srpaulo */ 1820190225Srpaulo if (p->opt.rfmon) { 1821190225Srpaulo /* 1822190225Srpaulo * Our caller wants monitor mode. 1823190225Srpaulo * Purge DLT_EN10MB from the list 1824190225Srpaulo * of link-layer types, as selecting 1825190225Srpaulo * it will keep monitor mode off. 1826190225Srpaulo */ 1827190225Srpaulo remove_en(p); 1828190225Srpaulo 1829190225Srpaulo /* 1830190225Srpaulo * If the new mode we want isn't 1831190225Srpaulo * the default mode, attempt to 1832190225Srpaulo * select the new mode. 1833190225Srpaulo */ 1834190225Srpaulo if (new_dlt != v) { 1835190225Srpaulo if (ioctl(p->fd, BIOCSDLT, 1836190225Srpaulo &new_dlt) != -1) { 1837190225Srpaulo /* 1838190225Srpaulo * We succeeded; 1839190225Srpaulo * make this the 1840190225Srpaulo * new DLT_ value. 1841190225Srpaulo */ 1842190225Srpaulo v = new_dlt; 1843190225Srpaulo } 1844190225Srpaulo } 1845190225Srpaulo } else { 1846190225Srpaulo /* 1847190225Srpaulo * Our caller doesn't want 1848190225Srpaulo * monitor mode. Unless this 1849190225Srpaulo * is being done by pcap_open_live(), 1850190225Srpaulo * purge the 802.11 link-layer types 1851190225Srpaulo * from the list, as selecting 1852190225Srpaulo * one of them will turn monitor 1853190225Srpaulo * mode on. 1854190225Srpaulo */ 1855190225Srpaulo if (!p->oldstyle) 1856190225Srpaulo remove_802_11(p); 1857190225Srpaulo } 1858190225Srpaulo } else { 1859190225Srpaulo if (p->opt.rfmon) { 1860190225Srpaulo /* 1861190225Srpaulo * The caller requested monitor 1862190225Srpaulo * mode, but we have no 802.11 1863190225Srpaulo * link-layer types, so they 1864190225Srpaulo * can't have it. 1865190225Srpaulo */ 1866190225Srpaulo status = PCAP_ERROR_RFMON_NOTSUP; 1867190225Srpaulo goto bad; 1868190225Srpaulo } 1869190225Srpaulo } 1870109839Sfenner } 1871190225Srpaulo } 1872190225Srpaulo#elif defined(HAVE_BSD_IEEE80211) 1873190225Srpaulo /* 1874190225Srpaulo * *BSD with the new 802.11 ioctls. 1875190225Srpaulo * Do we want monitor mode? 1876190225Srpaulo */ 1877190225Srpaulo if (p->opt.rfmon) { 1878190225Srpaulo /* 1879190225Srpaulo * Try to put the interface into monitor mode. 1880190225Srpaulo */ 1881190225Srpaulo status = monitor_mode(p, 1); 1882190225Srpaulo if (status != 0) { 1883190225Srpaulo /* 1884190225Srpaulo * We failed. 1885190225Srpaulo */ 1886109839Sfenner goto bad; 1887109839Sfenner } 1888109839Sfenner 1889146768Ssam /* 1890190225Srpaulo * We're in monitor mode. 1891190225Srpaulo * Try to find the best 802.11 DLT_ value and, if we 1892190225Srpaulo * succeed, try to switch to that mode if we're not 1893190225Srpaulo * already in that mode. 1894146768Ssam */ 1895190225Srpaulo new_dlt = find_802_11(&bdl); 1896190225Srpaulo if (new_dlt != -1) { 1897190225Srpaulo /* 1898190225Srpaulo * We have at least one 802.11 DLT_ value. 1899190225Srpaulo * new_dlt is the best of the 802.11 1900190225Srpaulo * DLT_ values in the list. 1901190225Srpaulo * 1902190225Srpaulo * If the new mode we want isn't the default mode, 1903190225Srpaulo * attempt to select the new mode. 1904190225Srpaulo */ 1905190225Srpaulo if (new_dlt != v) { 1906190225Srpaulo if (ioctl(p->fd, BIOCSDLT, &new_dlt) != -1) { 1907190225Srpaulo /* 1908190225Srpaulo * We succeeded; make this the 1909190225Srpaulo * new DLT_ value. 1910190225Srpaulo */ 1911190225Srpaulo v = new_dlt; 1912146768Ssam } 1913146768Ssam } 1914146768Ssam } 1915109839Sfenner } 1916190225Srpaulo#endif /* various platforms */ 1917190225Srpaulo#endif /* BIOCGDLTLIST */ 1918109839Sfenner 1919146768Ssam /* 1920146768Ssam * If this is an Ethernet device, and we don't have a DLT_ list, 1921146768Ssam * give it a list with DLT_EN10MB and DLT_DOCSIS. (That'd give 1922146768Ssam * 802.11 interfaces DLT_DOCSIS, which isn't the right thing to 1923146768Ssam * do, but there's not much we can do about that without finding 1924146768Ssam * some other way of determining whether it's an Ethernet or 802.11 1925146768Ssam * device.) 1926146768Ssam */ 1927190225Srpaulo if (v == DLT_EN10MB && p->dlt_count == 0) { 1928146768Ssam p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2); 1929146768Ssam /* 1930146768Ssam * If that fails, just leave the list empty. 1931146768Ssam */ 1932146768Ssam if (p->dlt_list != NULL) { 1933146768Ssam p->dlt_list[0] = DLT_EN10MB; 1934146768Ssam p->dlt_list[1] = DLT_DOCSIS; 1935146768Ssam p->dlt_count = 2; 1936146768Ssam } 1937146768Ssam } 1938190225Srpaulo#ifdef PCAP_FDDIPAD 1939190225Srpaulo if (v == DLT_FDDI) 1940190225Srpaulo p->fddipad = PCAP_FDDIPAD; 1941190225Srpaulo else 1942190225Srpaulo p->fddipad = 0; 1943190225Srpaulo#endif 1944190225Srpaulo p->linktype = v; 1945190225Srpaulo 1946146768Ssam#if defined(BIOCGHDRCMPLT) && defined(BIOCSHDRCMPLT) 1947146768Ssam /* 1948146768Ssam * Do a BIOCSHDRCMPLT, if defined, to turn that flag on, so 1949146768Ssam * the link-layer source address isn't forcibly overwritten. 1950146768Ssam * (Should we ignore errors? Should we do this only if 1951146768Ssam * we're open for writing?) 1952146768Ssam * 1953146768Ssam * XXX - I seem to remember some packet-sending bug in some 1954146768Ssam * BSDs - check CVS log for "bpf.c"? 1955146768Ssam */ 1956146768Ssam if (ioctl(fd, BIOCSHDRCMPLT, &spoof_eth_src) == -1) { 1957190225Srpaulo (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1958146768Ssam "BIOCSHDRCMPLT: %s", pcap_strerror(errno)); 1959190225Srpaulo status = PCAP_ERROR; 1960146768Ssam goto bad; 1961146768Ssam } 1962146768Ssam#endif 196317683Spst /* set timeout */ 1964190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 1965190225Srpaulo if (p->md.timeout != 0 && !p->md.zerocopy) { 1966190225Srpaulo#else 1967190225Srpaulo if (p->md.timeout) { 1968190225Srpaulo#endif 1969127664Sbms /* 1970127664Sbms * XXX - is this seconds/nanoseconds in AIX? 1971127664Sbms * (Treating it as such doesn't fix the timeout 1972127664Sbms * problem described below.) 1973214518Srpaulo * 1974214518Srpaulo * XXX - Mac OS X 10.6 mishandles BIOCSRTIMEOUT in 1975214518Srpaulo * 64-bit userland - it takes, as an argument, a 1976214518Srpaulo * "struct BPF_TIMEVAL", which has 32-bit tv_sec 1977214518Srpaulo * and tv_usec, rather than a "struct timeval". 1978214518Srpaulo * 1979214518Srpaulo * If this platform defines "struct BPF_TIMEVAL", 1980214518Srpaulo * we check whether the structure size in BIOCSRTIMEOUT 1981214518Srpaulo * is that of a "struct timeval" and, if not, we use 1982214518Srpaulo * a "struct BPF_TIMEVAL" rather than a "struct timeval". 1983214518Srpaulo * (That way, if the bug is fixed in a future release, 1984214518Srpaulo * we will still do the right thing.) 1985127664Sbms */ 198617683Spst struct timeval to; 1987214518Srpaulo#ifdef HAVE_STRUCT_BPF_TIMEVAL 1988214518Srpaulo struct BPF_TIMEVAL bpf_to; 1989214518Srpaulo 1990214518Srpaulo if (IOCPARM_LEN(BIOCSRTIMEOUT) != sizeof(struct timeval)) { 1991214518Srpaulo bpf_to.tv_sec = p->md.timeout / 1000; 1992214518Srpaulo bpf_to.tv_usec = (p->md.timeout * 1000) % 1000000; 1993214518Srpaulo if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&bpf_to) < 0) { 1994214518Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1995214518Srpaulo "BIOCSRTIMEOUT: %s", pcap_strerror(errno)); 1996214518Srpaulo status = PCAP_ERROR; 1997214518Srpaulo goto bad; 1998214518Srpaulo } 1999214518Srpaulo } else { 2000214518Srpaulo#endif 2001214518Srpaulo to.tv_sec = p->md.timeout / 1000; 2002214518Srpaulo to.tv_usec = (p->md.timeout * 1000) % 1000000; 2003214518Srpaulo if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) { 2004214518Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 2005214518Srpaulo "BIOCSRTIMEOUT: %s", pcap_strerror(errno)); 2006214518Srpaulo status = PCAP_ERROR; 2007214518Srpaulo goto bad; 2008214518Srpaulo } 2009214518Srpaulo#ifdef HAVE_STRUCT_BPF_TIMEVAL 201017683Spst } 2011214518Srpaulo#endif 201217683Spst } 201375107Sfenner 201475107Sfenner#ifdef _AIX 201575107Sfenner#ifdef BIOCIMMEDIATE 201675107Sfenner /* 201775107Sfenner * Darren Reed notes that 201875107Sfenner * 201975107Sfenner * On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the 202075107Sfenner * timeout appears to be ignored and it waits until the buffer 202175107Sfenner * is filled before returning. The result of not having it 202275107Sfenner * set is almost worse than useless if your BPF filter 202375107Sfenner * is reducing things to only a few packets (i.e. one every 202475107Sfenner * second or so). 202575107Sfenner * 202675107Sfenner * so we turn BIOCIMMEDIATE mode on if this is AIX. 202775107Sfenner * 202875107Sfenner * We don't turn it on for other platforms, as that means we 202975107Sfenner * get woken up for every packet, which may not be what we want; 203075107Sfenner * in the Winter 1993 USENIX paper on BPF, they say: 203175107Sfenner * 203275107Sfenner * Since a process might want to look at every packet on a 203375107Sfenner * network and the time between packets can be only a few 203475107Sfenner * microseconds, it is not possible to do a read system call 203575107Sfenner * per packet and BPF must collect the data from several 203675107Sfenner * packets and return it as a unit when the monitoring 203775107Sfenner * application does a read. 203875107Sfenner * 203975107Sfenner * which I infer is the reason for the timeout - it means we 204075107Sfenner * wait that amount of time, in the hopes that more packets 204175107Sfenner * will arrive and we'll get them all with one read. 204275107Sfenner * 204375107Sfenner * Setting BIOCIMMEDIATE mode on FreeBSD (and probably other 204475107Sfenner * BSDs) causes the timeout to be ignored. 204575107Sfenner * 204675107Sfenner * On the other hand, some platforms (e.g., Linux) don't support 204775107Sfenner * timeouts, they just hand stuff to you as soon as it arrives; 204875107Sfenner * if that doesn't cause a problem on those platforms, it may 204975107Sfenner * be OK to have BIOCIMMEDIATE mode on BSD as well. 205075107Sfenner * 205175107Sfenner * (Note, though, that applications may depend on the read 205275107Sfenner * completing, even if no packets have arrived, when the timeout 205375107Sfenner * expires, e.g. GUI applications that have to check for input 205475107Sfenner * while waiting for packets to arrive; a non-zero timeout 205575107Sfenner * prevents "select()" from working right on FreeBSD and 205675107Sfenner * possibly other BSDs, as the timer doesn't start until a 205775107Sfenner * "read()" is done, so the timer isn't in effect if the 205875107Sfenner * application is blocked on a "select()", and the "select()" 205975107Sfenner * doesn't get woken up for a BPF device until the buffer 206075107Sfenner * fills up.) 206175107Sfenner */ 206275107Sfenner v = 1; 206375107Sfenner if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) { 2064190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s", 206575107Sfenner pcap_strerror(errno)); 2066190225Srpaulo status = PCAP_ERROR; 206775107Sfenner goto bad; 206875107Sfenner } 206975107Sfenner#endif /* BIOCIMMEDIATE */ 207075107Sfenner#endif /* _AIX */ 207175107Sfenner 2072190225Srpaulo if (p->opt.promisc) { 2073190225Srpaulo /* set promiscuous mode, just warn if it fails */ 207498530Sfenner if (ioctl(p->fd, BIOCPROMISC, NULL) < 0) { 2075190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCPROMISC: %s", 207698530Sfenner pcap_strerror(errno)); 2077190225Srpaulo status = PCAP_WARNING_PROMISC_NOTSUP; 207898530Sfenner } 207998530Sfenner } 208017683Spst 208117683Spst if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) { 2082190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s", 208375107Sfenner pcap_strerror(errno)); 2084190225Srpaulo status = PCAP_ERROR; 208517683Spst goto bad; 208617683Spst } 208717683Spst p->bufsize = v; 2088190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 2089190225Srpaulo if (!p->md.zerocopy) { 2090183102Scsjp#endif 2091190225Srpaulo p->buffer = (u_char *)malloc(p->bufsize); 2092190225Srpaulo if (p->buffer == NULL) { 2093190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", 2094190225Srpaulo pcap_strerror(errno)); 2095190225Srpaulo status = PCAP_ERROR; 2096190225Srpaulo goto bad; 2097190225Srpaulo } 2098127664Sbms#ifdef _AIX 2099190225Srpaulo /* For some strange reason this seems to prevent the EFAULT 2100190225Srpaulo * problems we have experienced from AIX BPF. */ 2101190225Srpaulo memset(p->buffer, 0x0, p->bufsize); 2102127664Sbms#endif 2103190225Srpaulo#ifdef HAVE_ZEROCOPY_BPF 2104183102Scsjp } 2105183102Scsjp#endif 210617683Spst 2107127664Sbms /* 2108146768Ssam * If there's no filter program installed, there's 2109146768Ssam * no indication to the kernel of what the snapshot 2110146768Ssam * length should be, so no snapshotting is done. 2111146768Ssam * 2112146768Ssam * Therefore, when we open the device, we install 2113146768Ssam * an "accept everything" filter with the specified 2114146768Ssam * snapshot length. 2115146768Ssam */ 2116146768Ssam total_insn.code = (u_short)(BPF_RET | BPF_K); 2117146768Ssam total_insn.jt = 0; 2118146768Ssam total_insn.jf = 0; 2119190225Srpaulo total_insn.k = p->snapshot; 2120146768Ssam 2121146768Ssam total_prog.bf_len = 1; 2122146768Ssam total_prog.bf_insns = &total_insn; 2123146768Ssam if (ioctl(p->fd, BIOCSETF, (caddr_t)&total_prog) < 0) { 2124190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s", 2125146768Ssam pcap_strerror(errno)); 2126190225Srpaulo status = PCAP_ERROR; 2127146768Ssam goto bad; 2128146768Ssam } 2129146768Ssam 2130146768Ssam /* 2131127664Sbms * On most BPF platforms, either you can do a "select()" or 2132127664Sbms * "poll()" on a BPF file descriptor and it works correctly, 2133127664Sbms * or you can do it and it will return "readable" if the 2134127664Sbms * hold buffer is full but not if the timeout expires *and* 2135127664Sbms * a non-blocking read will, if the hold buffer is empty 2136127664Sbms * but the store buffer isn't empty, rotate the buffers 2137127664Sbms * and return what packets are available. 2138127664Sbms * 2139127664Sbms * In the latter case, the fact that a non-blocking read 2140127664Sbms * will give you the available packets means you can work 2141127664Sbms * around the failure of "select()" and "poll()" to wake up 2142127664Sbms * and return "readable" when the timeout expires by using 2143127664Sbms * the timeout as the "select()" or "poll()" timeout, putting 2144127664Sbms * the BPF descriptor into non-blocking mode, and read from 2145127664Sbms * it regardless of whether "select()" reports it as readable 2146127664Sbms * or not. 2147127664Sbms * 2148127664Sbms * However, in FreeBSD 4.3 and 4.4, "select()" and "poll()" 2149127664Sbms * won't wake up and return "readable" if the timer expires 2150127664Sbms * and non-blocking reads return EWOULDBLOCK if the hold 2151127664Sbms * buffer is empty, even if the store buffer is non-empty. 2152127664Sbms * 2153127664Sbms * This means the workaround in question won't work. 2154127664Sbms * 2155127664Sbms * Therefore, on FreeBSD 4.3 and 4.4, we set "p->selectable_fd" 2156127664Sbms * to -1, which means "sorry, you can't use 'select()' or 'poll()' 2157127664Sbms * here". On all other BPF platforms, we set it to the FD for 2158127664Sbms * the BPF device; in NetBSD, OpenBSD, and Darwin, a non-blocking 2159127664Sbms * read will, if the hold buffer is empty and the store buffer 2160127664Sbms * isn't empty, rotate the buffers and return what packets are 2161127664Sbms * there (and in sufficiently recent versions of OpenBSD 2162127664Sbms * "select()" and "poll()" should work correctly). 2163127664Sbms * 2164127664Sbms * XXX - what about AIX? 2165127664Sbms */ 2166147894Ssam p->selectable_fd = p->fd; /* assume select() works until we know otherwise */ 2167190225Srpaulo if (have_osinfo) { 2168127664Sbms /* 2169127664Sbms * We can check what OS this is. 2170127664Sbms */ 2171147894Ssam if (strcmp(osinfo.sysname, "FreeBSD") == 0) { 2172147894Ssam if (strncmp(osinfo.release, "4.3-", 4) == 0 || 2173147894Ssam strncmp(osinfo.release, "4.4-", 4) == 0) 2174147894Ssam p->selectable_fd = -1; 2175147894Ssam } 2176127664Sbms } 2177127664Sbms 2178127664Sbms p->read_op = pcap_read_bpf; 2179146768Ssam p->inject_op = pcap_inject_bpf; 2180127664Sbms p->setfilter_op = pcap_setfilter_bpf; 2181147894Ssam p->setdirection_op = pcap_setdirection_bpf; 2182127664Sbms p->set_datalink_op = pcap_set_datalink_bpf; 2183127664Sbms p->getnonblock_op = pcap_getnonblock_fd; 2184127664Sbms p->setnonblock_op = pcap_setnonblock_fd; 2185127664Sbms p->stats_op = pcap_stats_bpf; 2186190225Srpaulo p->cleanup_op = pcap_cleanup_bpf; 2187127664Sbms 2188190225Srpaulo return (status); 218917683Spst bad: 2190190225Srpaulo pcap_cleanup_bpf(p); 2191190225Srpaulo return (status); 219217683Spst} 219317683Spst 219417683Spstint 2195127664Sbmspcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf) 219617683Spst{ 2197127664Sbms#ifdef HAVE_DAG_API 2198127664Sbms if (dag_platform_finddevs(alldevsp, errbuf) < 0) 2199127664Sbms return (-1); 2200127664Sbms#endif /* HAVE_DAG_API */ 2201214518Srpaulo#ifdef HAVE_SNF_API 2202214518Srpaulo if (snf_platform_finddevs(alldevsp, errbuf) < 0) 2203214518Srpaulo return (-1); 2204214518Srpaulo#endif /* HAVE_SNF_API */ 2205127664Sbms 2206127664Sbms return (0); 2207127664Sbms} 2208127664Sbms 2209190225Srpaulo#ifdef HAVE_BSD_IEEE80211 2210127664Sbmsstatic int 2211190225Srpaulomonitor_mode(pcap_t *p, int set) 2212127664Sbms{ 2213190225Srpaulo int sock; 2214190225Srpaulo struct ifmediareq req; 2215190225Srpaulo int *media_list; 2216190225Srpaulo int i; 2217190225Srpaulo int can_do; 2218190225Srpaulo struct ifreq ifr; 2219190225Srpaulo 2220190225Srpaulo sock = socket(AF_INET, SOCK_DGRAM, 0); 2221190225Srpaulo if (sock == -1) { 2222190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't open socket: %s", 2223190225Srpaulo pcap_strerror(errno)); 2224190225Srpaulo return (PCAP_ERROR); 2225190225Srpaulo } 2226190225Srpaulo 2227190225Srpaulo memset(&req, 0, sizeof req); 2228190225Srpaulo strncpy(req.ifm_name, p->opt.source, sizeof req.ifm_name); 2229190225Srpaulo 223056889Sfenner /* 2231190225Srpaulo * Find out how many media types we have. 223256889Sfenner */ 2233190225Srpaulo if (ioctl(sock, SIOCGIFMEDIA, &req) < 0) { 2234127664Sbms /* 2235190225Srpaulo * Can't get the media types. 2236127664Sbms */ 2237190225Srpaulo if (errno == EINVAL) { 2238190225Srpaulo /* 2239190225Srpaulo * Interface doesn't support SIOC{G,S}IFMEDIA. 2240190225Srpaulo */ 2241190225Srpaulo close(sock); 2242190225Srpaulo return (PCAP_ERROR_RFMON_NOTSUP); 2243190225Srpaulo } 2244190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFMEDIA 1: %s", 2245190225Srpaulo pcap_strerror(errno)); 2246190225Srpaulo close(sock); 2247190225Srpaulo return (PCAP_ERROR); 2248127664Sbms } 2249190225Srpaulo if (req.ifm_count == 0) { 2250190225Srpaulo /* 2251190225Srpaulo * No media types. 2252190225Srpaulo */ 2253190225Srpaulo close(sock); 2254190225Srpaulo return (PCAP_ERROR_RFMON_NOTSUP); 2255190225Srpaulo } 2256127664Sbms 2257127664Sbms /* 2258190225Srpaulo * Allocate a buffer to hold all the media types, and 2259190225Srpaulo * get the media types. 2260190225Srpaulo */ 2261190225Srpaulo media_list = malloc(req.ifm_count * sizeof(int)); 2262190225Srpaulo if (media_list == NULL) { 2263190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", 2264190225Srpaulo pcap_strerror(errno)); 2265190225Srpaulo close(sock); 2266190225Srpaulo return (PCAP_ERROR); 2267190225Srpaulo } 2268190225Srpaulo req.ifm_ulist = media_list; 2269190225Srpaulo if (ioctl(sock, SIOCGIFMEDIA, &req) < 0) { 2270190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFMEDIA: %s", 2271190225Srpaulo pcap_strerror(errno)); 2272190225Srpaulo free(media_list); 2273190225Srpaulo close(sock); 2274190225Srpaulo return (PCAP_ERROR); 2275190225Srpaulo } 2276190225Srpaulo 2277190225Srpaulo /* 2278190225Srpaulo * Look for an 802.11 "automatic" media type. 2279190225Srpaulo * We assume that all 802.11 adapters have that media type, 2280190225Srpaulo * and that it will carry the monitor mode supported flag. 2281190225Srpaulo */ 2282190225Srpaulo can_do = 0; 2283190225Srpaulo for (i = 0; i < req.ifm_count; i++) { 2284190225Srpaulo if (IFM_TYPE(media_list[i]) == IFM_IEEE80211 2285190225Srpaulo && IFM_SUBTYPE(media_list[i]) == IFM_AUTO) { 2286190225Srpaulo /* OK, does it do monitor mode? */ 2287190225Srpaulo if (media_list[i] & IFM_IEEE80211_MONITOR) { 2288190225Srpaulo can_do = 1; 2289190225Srpaulo break; 2290190225Srpaulo } 2291190225Srpaulo } 2292190225Srpaulo } 2293190225Srpaulo free(media_list); 2294190225Srpaulo if (!can_do) { 2295190225Srpaulo /* 2296190225Srpaulo * This adapter doesn't support monitor mode. 2297190225Srpaulo */ 2298190225Srpaulo close(sock); 2299190225Srpaulo return (PCAP_ERROR_RFMON_NOTSUP); 2300190225Srpaulo } 2301190225Srpaulo 2302190225Srpaulo if (set) { 2303190225Srpaulo /* 2304190225Srpaulo * Don't just check whether we can enable monitor mode, 2305190225Srpaulo * do so, if it's not already enabled. 2306190225Srpaulo */ 2307190225Srpaulo if ((req.ifm_current & IFM_IEEE80211_MONITOR) == 0) { 2308190225Srpaulo /* 2309190225Srpaulo * Monitor mode isn't currently on, so turn it on, 2310190225Srpaulo * and remember that we should turn it off when the 2311190225Srpaulo * pcap_t is closed. 2312190225Srpaulo */ 2313190225Srpaulo 2314190225Srpaulo /* 2315190225Srpaulo * If we haven't already done so, arrange to have 2316190225Srpaulo * "pcap_close_all()" called when we exit. 2317190225Srpaulo */ 2318190225Srpaulo if (!pcap_do_addexit(p)) { 2319190225Srpaulo /* 2320190225Srpaulo * "atexit()" failed; don't put the interface 2321190225Srpaulo * in monitor mode, just give up. 2322190225Srpaulo */ 2323190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 2324190225Srpaulo "atexit failed"); 2325190225Srpaulo close(sock); 2326190225Srpaulo return (PCAP_ERROR); 2327190225Srpaulo } 2328190225Srpaulo memset(&ifr, 0, sizeof(ifr)); 2329190225Srpaulo (void)strncpy(ifr.ifr_name, p->opt.source, 2330190225Srpaulo sizeof(ifr.ifr_name)); 2331190225Srpaulo ifr.ifr_media = req.ifm_current | IFM_IEEE80211_MONITOR; 2332190225Srpaulo if (ioctl(sock, SIOCSIFMEDIA, &ifr) == -1) { 2333190225Srpaulo snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 2334190225Srpaulo "SIOCSIFMEDIA: %s", pcap_strerror(errno)); 2335190225Srpaulo close(sock); 2336190225Srpaulo return (PCAP_ERROR); 2337190225Srpaulo } 2338190225Srpaulo 2339214518Srpaulo p->md.must_do_on_close |= MUST_CLEAR_RFMON; 2340190225Srpaulo 2341190225Srpaulo /* 2342190225Srpaulo * Add this to the list of pcaps to close when we exit. 2343190225Srpaulo */ 2344190225Srpaulo pcap_add_to_pcaps_to_close(p); 2345190225Srpaulo } 2346190225Srpaulo } 2347190225Srpaulo return (0); 2348190225Srpaulo} 2349190225Srpaulo#endif /* HAVE_BSD_IEEE80211 */ 2350190225Srpaulo 2351190225Srpaulo#if defined(BIOCGDLTLIST) && (defined(__APPLE__) || defined(HAVE_BSD_IEEE80211)) 2352190225Srpaulo/* 2353190225Srpaulo * Check whether we have any 802.11 link-layer types; return the best 2354190225Srpaulo * of the 802.11 link-layer types if we find one, and return -1 2355190225Srpaulo * otherwise. 2356190225Srpaulo * 2357190225Srpaulo * DLT_IEEE802_11_RADIO, with the radiotap header, is considered the 2358190225Srpaulo * best 802.11 link-layer type; any of the other 802.11-plus-radio 2359190225Srpaulo * headers are second-best; 802.11 with no radio information is 2360190225Srpaulo * the least good. 2361190225Srpaulo */ 2362190225Srpaulostatic int 2363190225Srpaulofind_802_11(struct bpf_dltlist *bdlp) 2364190225Srpaulo{ 2365190225Srpaulo int new_dlt; 2366190225Srpaulo int i; 2367190225Srpaulo 2368190225Srpaulo /* 2369190225Srpaulo * Scan the list of DLT_ values, looking for 802.11 values, 2370190225Srpaulo * and, if we find any, choose the best of them. 2371190225Srpaulo */ 2372190225Srpaulo new_dlt = -1; 2373190225Srpaulo for (i = 0; i < bdlp->bfl_len; i++) { 2374190225Srpaulo switch (bdlp->bfl_list[i]) { 2375190225Srpaulo 2376190225Srpaulo case DLT_IEEE802_11: 2377190225Srpaulo /* 2378190225Srpaulo * 802.11, but no radio. 2379190225Srpaulo * 2380190225Srpaulo * Offer this, and select it as the new mode 2381190225Srpaulo * unless we've already found an 802.11 2382190225Srpaulo * header with radio information. 2383190225Srpaulo */ 2384190225Srpaulo if (new_dlt == -1) 2385190225Srpaulo new_dlt = bdlp->bfl_list[i]; 2386190225Srpaulo break; 2387190225Srpaulo 2388190225Srpaulo case DLT_PRISM_HEADER: 2389190225Srpaulo case DLT_AIRONET_HEADER: 2390190225Srpaulo case DLT_IEEE802_11_RADIO_AVS: 2391190225Srpaulo /* 2392190225Srpaulo * 802.11 with radio, but not radiotap. 2393190225Srpaulo * 2394190225Srpaulo * Offer this, and select it as the new mode 2395190225Srpaulo * unless we've already found the radiotap DLT_. 2396190225Srpaulo */ 2397190225Srpaulo if (new_dlt != DLT_IEEE802_11_RADIO) 2398190225Srpaulo new_dlt = bdlp->bfl_list[i]; 2399190225Srpaulo break; 2400190225Srpaulo 2401190225Srpaulo case DLT_IEEE802_11_RADIO: 2402190225Srpaulo /* 2403190225Srpaulo * 802.11 with radiotap. 2404190225Srpaulo * 2405190225Srpaulo * Offer this, and select it as the new mode. 2406190225Srpaulo */ 2407190225Srpaulo new_dlt = bdlp->bfl_list[i]; 2408190225Srpaulo break; 2409190225Srpaulo 2410190225Srpaulo default: 2411190225Srpaulo /* 2412190225Srpaulo * Not 802.11. 2413190225Srpaulo */ 2414190225Srpaulo break; 2415190225Srpaulo } 2416190225Srpaulo } 2417190225Srpaulo 2418190225Srpaulo return (new_dlt); 2419190225Srpaulo} 2420190225Srpaulo#endif /* defined(BIOCGDLTLIST) && (defined(__APPLE__) || defined(HAVE_BSD_IEEE80211)) */ 2421190225Srpaulo 2422190225Srpaulo#if defined(__APPLE__) && defined(BIOCGDLTLIST) 2423190225Srpaulo/* 2424214518Srpaulo * Remove DLT_EN10MB from the list of DLT_ values, as we're in monitor mode, 2425214518Srpaulo * and DLT_EN10MB isn't supported in monitor mode. 2426190225Srpaulo */ 2427190225Srpaulostatic void 2428190225Srpauloremove_en(pcap_t *p) 2429190225Srpaulo{ 2430190225Srpaulo int i, j; 2431190225Srpaulo 2432190225Srpaulo /* 2433190225Srpaulo * Scan the list of DLT_ values and discard DLT_EN10MB. 2434190225Srpaulo */ 2435190225Srpaulo j = 0; 2436190225Srpaulo for (i = 0; i < p->dlt_count; i++) { 2437190225Srpaulo switch (p->dlt_list[i]) { 2438190225Srpaulo 2439190225Srpaulo case DLT_EN10MB: 2440190225Srpaulo /* 2441190225Srpaulo * Don't offer this one. 2442190225Srpaulo */ 2443190225Srpaulo continue; 2444190225Srpaulo 2445190225Srpaulo default: 2446190225Srpaulo /* 2447190225Srpaulo * Just copy this mode over. 2448190225Srpaulo */ 2449190225Srpaulo break; 2450190225Srpaulo } 2451190225Srpaulo 2452190225Srpaulo /* 2453190225Srpaulo * Copy this DLT_ value to its new position. 2454190225Srpaulo */ 2455190225Srpaulo p->dlt_list[j] = p->dlt_list[i]; 2456190225Srpaulo j++; 2457190225Srpaulo } 2458190225Srpaulo 2459190225Srpaulo /* 2460190225Srpaulo * Set the DLT_ count to the number of entries we copied. 2461190225Srpaulo */ 2462190225Srpaulo p->dlt_count = j; 2463190225Srpaulo} 2464190225Srpaulo 2465190225Srpaulo/* 2466214518Srpaulo * Remove 802.11 link-layer types from the list of DLT_ values, as 2467214518Srpaulo * we're not in monitor mode, and those DLT_ values will switch us 2468214518Srpaulo * to monitor mode. 2469190225Srpaulo */ 2470190225Srpaulostatic void 2471190225Srpauloremove_802_11(pcap_t *p) 2472190225Srpaulo{ 2473190225Srpaulo int i, j; 2474190225Srpaulo 2475190225Srpaulo /* 2476190225Srpaulo * Scan the list of DLT_ values and discard 802.11 values. 2477190225Srpaulo */ 2478190225Srpaulo j = 0; 2479190225Srpaulo for (i = 0; i < p->dlt_count; i++) { 2480190225Srpaulo switch (p->dlt_list[i]) { 2481190225Srpaulo 2482190225Srpaulo case DLT_IEEE802_11: 2483190225Srpaulo case DLT_PRISM_HEADER: 2484190225Srpaulo case DLT_AIRONET_HEADER: 2485190225Srpaulo case DLT_IEEE802_11_RADIO: 2486190225Srpaulo case DLT_IEEE802_11_RADIO_AVS: 2487190225Srpaulo /* 2488190225Srpaulo * 802.11. Don't offer this one. 2489190225Srpaulo */ 2490190225Srpaulo continue; 2491190225Srpaulo 2492190225Srpaulo default: 2493190225Srpaulo /* 2494190225Srpaulo * Just copy this mode over. 2495190225Srpaulo */ 2496190225Srpaulo break; 2497190225Srpaulo } 2498190225Srpaulo 2499190225Srpaulo /* 2500190225Srpaulo * Copy this DLT_ value to its new position. 2501190225Srpaulo */ 2502190225Srpaulo p->dlt_list[j] = p->dlt_list[i]; 2503190225Srpaulo j++; 2504190225Srpaulo } 2505190225Srpaulo 2506190225Srpaulo /* 2507190225Srpaulo * Set the DLT_ count to the number of entries we copied. 2508190225Srpaulo */ 2509190225Srpaulo p->dlt_count = j; 2510190225Srpaulo} 2511190225Srpaulo#endif /* defined(__APPLE__) && defined(BIOCGDLTLIST) */ 2512190225Srpaulo 2513190225Srpaulostatic int 2514190225Srpaulopcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp) 2515190225Srpaulo{ 2516190225Srpaulo /* 2517127664Sbms * Free any user-mode filter we might happen to have installed. 2518127664Sbms */ 2519127664Sbms pcap_freecode(&p->fcode); 2520127664Sbms 2521127664Sbms /* 2522127664Sbms * Try to install the kernel filter. 2523127664Sbms */ 2524190225Srpaulo if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) == 0) { 2525190225Srpaulo /* 2526190225Srpaulo * It worked. 2527190225Srpaulo */ 2528190225Srpaulo p->md.use_bpf = 1; /* filtering in the kernel */ 2529190225Srpaulo 2530190225Srpaulo /* 2531190225Srpaulo * Discard any previously-received packets, as they might 2532190225Srpaulo * have passed whatever filter was formerly in effect, but 2533190225Srpaulo * might not pass this filter (BIOCSETF discards packets 2534190225Srpaulo * buffered in the kernel, so you can lose packets in any 2535190225Srpaulo * case). 2536190225Srpaulo */ 2537190225Srpaulo p->cc = 0; 2538190225Srpaulo return (0); 2539190225Srpaulo } 2540190225Srpaulo 2541190225Srpaulo /* 2542190225Srpaulo * We failed. 2543190225Srpaulo * 2544190225Srpaulo * If it failed with EINVAL, that's probably because the program 2545190225Srpaulo * is invalid or too big. Validate it ourselves; if we like it 2546190225Srpaulo * (we currently allow backward branches, to support protochain), 2547190225Srpaulo * run it in userland. (There's no notion of "too big" for 2548190225Srpaulo * userland.) 2549190225Srpaulo * 2550190225Srpaulo * Otherwise, just give up. 2551190225Srpaulo * XXX - if the copy of the program into the kernel failed, 2552190225Srpaulo * we will get EINVAL rather than, say, EFAULT on at least 2553190225Srpaulo * some kernels. 2554190225Srpaulo */ 2555190225Srpaulo if (errno != EINVAL) { 255675107Sfenner snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s", 255775107Sfenner pcap_strerror(errno)); 255817683Spst return (-1); 255917683Spst } 2560146768Ssam 2561146768Ssam /* 2562190225Srpaulo * install_bpf_program() validates the program. 2563190225Srpaulo * 2564190225Srpaulo * XXX - what if we already have a filter in the kernel? 2565146768Ssam */ 2566190225Srpaulo if (install_bpf_program(p, fp) < 0) 2567190225Srpaulo return (-1); 2568190225Srpaulo p->md.use_bpf = 0; /* filtering in userland */ 256917683Spst return (0); 257017683Spst} 2571109839Sfenner 2572147894Ssam/* 2573147894Ssam * Set direction flag: Which packets do we accept on a forwarding 2574147894Ssam * single device? IN, OUT or both? 2575147894Ssam */ 2576127664Sbmsstatic int 2577162012Ssampcap_setdirection_bpf(pcap_t *p, pcap_direction_t d) 2578147894Ssam{ 2579167035Sjkim#if defined(BIOCSDIRECTION) 2580167035Sjkim u_int direction; 2581167035Sjkim 2582167035Sjkim direction = (d == PCAP_D_IN) ? BPF_D_IN : 2583167035Sjkim ((d == PCAP_D_OUT) ? BPF_D_OUT : BPF_D_INOUT); 2584167035Sjkim if (ioctl(p->fd, BIOCSDIRECTION, &direction) == -1) { 2585167035Sjkim (void) snprintf(p->errbuf, sizeof(p->errbuf), 2586167035Sjkim "Cannot set direction to %s: %s", 2587167035Sjkim (d == PCAP_D_IN) ? "PCAP_D_IN" : 2588167035Sjkim ((d == PCAP_D_OUT) ? "PCAP_D_OUT" : "PCAP_D_INOUT"), 2589167035Sjkim strerror(errno)); 2590167035Sjkim return (-1); 2591167035Sjkim } 2592167035Sjkim return (0); 2593167035Sjkim#elif defined(BIOCSSEESENT) 2594147894Ssam u_int seesent; 2595147894Ssam 2596147894Ssam /* 2597162012Ssam * We don't support PCAP_D_OUT. 2598147894Ssam */ 2599162012Ssam if (d == PCAP_D_OUT) { 2600147894Ssam snprintf(p->errbuf, sizeof(p->errbuf), 2601162012Ssam "Setting direction to PCAP_D_OUT is not supported on BPF"); 2602147894Ssam return -1; 2603147894Ssam } 2604167035Sjkim 2605162012Ssam seesent = (d == PCAP_D_INOUT); 2606147894Ssam if (ioctl(p->fd, BIOCSSEESENT, &seesent) == -1) { 2607147894Ssam (void) snprintf(p->errbuf, sizeof(p->errbuf), 2608147894Ssam "Cannot set direction to %s: %s", 2609162012Ssam (d == PCAP_D_INOUT) ? "PCAP_D_INOUT" : "PCAP_D_IN", 2610147894Ssam strerror(errno)); 2611147894Ssam return (-1); 2612147894Ssam } 2613147894Ssam return (0); 2614147894Ssam#else 2615147894Ssam (void) snprintf(p->errbuf, sizeof(p->errbuf), 2616147894Ssam "This system doesn't support BIOCSSEESENT, so the direction can't be set"); 2617147894Ssam return (-1); 2618147894Ssam#endif 2619147894Ssam} 2620147894Ssam 2621147894Ssamstatic int 2622127664Sbmspcap_set_datalink_bpf(pcap_t *p, int dlt) 2623109839Sfenner{ 2624127664Sbms#ifdef BIOCSDLT 2625109839Sfenner if (ioctl(p->fd, BIOCSDLT, &dlt) == -1) { 2626109839Sfenner (void) snprintf(p->errbuf, sizeof(p->errbuf), 2627109839Sfenner "Cannot set DLT %d: %s", dlt, strerror(errno)); 2628127664Sbms return (-1); 2629109839Sfenner } 2630127664Sbms#endif 2631127664Sbms return (0); 2632109839Sfenner} 2633