1 /* $NetBSD: pcap.c,v 1.6 2015/03/31 21:39:42 christos Exp $ */
2
3 /*
4 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by the Computer Systems
18 * Engineering Group at Lawrence Berkeley Laboratory.
19 * 4. Neither the name of the University nor of the Laboratory may be used
20 * to endorse or promote products derived from this software without
21 * specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include <sys/cdefs.h>
37 __RCSID("$NetBSD: pcap.c,v 1.6 2015/03/31 21:39:42 christos Exp $");
38
39 #ifdef HAVE_CONFIG_H
40 #include "config.h"
41 #endif
42
43 #ifdef WIN32
44 #include <pcap-stdinc.h>
45 #else /* WIN32 */
46 #if HAVE_INTTYPES_H
47 #include <inttypes.h>
48 #elif HAVE_STDINT_H
49 #include <stdint.h>
50 #endif
51 #ifdef HAVE_SYS_BITYPES_H
52 #include <sys/bitypes.h>
53 #endif
54 #include <sys/types.h>
55 #endif /* WIN32 */
56
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <string.h>
60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
61 #include <unistd.h>
62 #endif
63 #include <fcntl.h>
64 #include <errno.h>
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #ifdef MSDOS
71 #include "pcap-dos.h"
72 #endif
73
74 #include "pcap-int.h"
75
76 #ifdef HAVE_DAG_API
77 #include "pcap-dag.h"
78 #endif /* HAVE_DAG_API */
79
80 #ifdef HAVE_SEPTEL_API
81 #include "pcap-septel.h"
82 #endif /* HAVE_SEPTEL_API */
83
84 #ifdef HAVE_SNF_API
85 #include "pcap-snf.h"
86 #endif /* HAVE_SNF_API */
87
88 #ifdef PCAP_SUPPORT_USB
89 #include "pcap-usb-linux.h"
90 #endif
91
92 #ifdef PCAP_SUPPORT_BT
93 #include "pcap-bt-linux.h"
94 #endif
95
96 #ifdef PCAP_SUPPORT_BT_MONITOR
97 #include "pcap-bt-monitor-linux.h"
98 #endif
99
100 #ifdef PCAP_SUPPORT_CAN
101 #include "pcap-can-linux.h"
102 #endif
103
104 #ifdef PCAP_SUPPORT_CANUSB
105 #include "pcap-canusb-linux.h"
106 #endif
107
108 #ifdef PCAP_SUPPORT_NETFILTER
109 #include "pcap-netfilter-linux.h"
110 #endif
111
112 #ifdef PCAP_SUPPORT_DBUS
113 #include "pcap-dbus.h"
114 #endif
115
116 int
pcap_not_initialized(pcap_t * pcap _U_)117 pcap_not_initialized(pcap_t *pcap _U_)
118 {
119 /* this means 'not initialized' */
120 return (PCAP_ERROR_NOT_ACTIVATED);
121 }
122
123 #ifdef WIN32
124 Adapter *
pcap_no_adapter(pcap_t * pcap _U_)125 pcap_no_adapter(pcap_t *pcap _U_)
126 {
127 return (NULL);
128 }
129 #endif
130
131 /*
132 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
133 * a PCAP_ERROR value on an error.
134 */
135 int
pcap_can_set_rfmon(pcap_t * p)136 pcap_can_set_rfmon(pcap_t *p)
137 {
138 return (p->can_set_rfmon_op(p));
139 }
140
141 /*
142 * For systems where rfmon mode is never supported.
143 */
144 static int
pcap_cant_set_rfmon(pcap_t * p _U_)145 pcap_cant_set_rfmon(pcap_t *p _U_)
146 {
147 return (0);
148 }
149
150 /*
151 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
152 * types; the return value is the number of supported time stamp types.
153 * The list should be freed by a call to pcap_free_tstamp_types() when
154 * you're done with it.
155 *
156 * A return value of 0 means "you don't get a choice of time stamp type",
157 * in which case *tstamp_typesp is set to null.
158 *
159 * PCAP_ERROR is returned on error.
160 */
161 int
pcap_list_tstamp_types(pcap_t * p,int ** tstamp_typesp)162 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
163 {
164 if (p->tstamp_type_count == 0) {
165 /*
166 * We don't support multiple time stamp types.
167 */
168 *tstamp_typesp = NULL;
169 } else {
170 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
171 p->tstamp_type_count);
172 if (*tstamp_typesp == NULL) {
173 (void)snprintf(p->errbuf, sizeof(p->errbuf),
174 "malloc: %s", pcap_strerror(errno));
175 return (PCAP_ERROR);
176 }
177 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
178 sizeof(**tstamp_typesp) * p->tstamp_type_count);
179 }
180 return (p->tstamp_type_count);
181 }
182
183 /*
184 * In Windows, you might have a library built with one version of the
185 * C runtime library and an application built with another version of
186 * the C runtime library, which means that the library might use one
187 * version of malloc() and free() and the application might use another
188 * version of malloc() and free(). If so, that means something
189 * allocated by the library cannot be freed by the application, so we
190 * need to have a pcap_free_tstamp_types() routine to free up the list
191 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
192 * around free().
193 */
194 void
pcap_free_tstamp_types(int * tstamp_type_list)195 pcap_free_tstamp_types(int *tstamp_type_list)
196 {
197 free(tstamp_type_list);
198 }
199
200 /*
201 * Default one-shot callback; overridden for capture types where the
202 * packet data cannot be guaranteed to be available after the callback
203 * returns, so that a copy must be made.
204 */
205 void
pcap_oneshot(u_char * user,const struct pcap_pkthdr * h,const u_char * pkt)206 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
207 {
208 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
209
210 *sp->hdr = *h;
211 *sp->pkt = pkt;
212 }
213
214 const u_char *
pcap_next(pcap_t * p,struct pcap_pkthdr * h)215 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
216 {
217 struct oneshot_userdata s;
218 const u_char *pkt;
219
220 s.hdr = h;
221 s.pkt = &pkt;
222 s.pd = p;
223 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
224 return (0);
225 return (pkt);
226 }
227
228 int
pcap_next_ex(pcap_t * p,struct pcap_pkthdr ** pkt_header,const u_char ** pkt_data)229 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
230 const u_char **pkt_data)
231 {
232 struct oneshot_userdata s;
233
234 s.hdr = &p->pcap_header;
235 s.pkt = pkt_data;
236 s.pd = p;
237
238 /* Saves a pointer to the packet headers */
239 *pkt_header= &p->pcap_header;
240
241 if (p->rfile != NULL) {
242 int status;
243
244 /* We are on an offline capture */
245 status = pcap_offline_read(p, 1, p->oneshot_callback,
246 (u_char *)&s);
247
248 /*
249 * Return codes for pcap_offline_read() are:
250 * - 0: EOF
251 * - -1: error
252 * - >1: OK
253 * The first one ('0') conflicts with the return code of
254 * 0 from pcap_read() meaning "no packets arrived before
255 * the timeout expired", so we map it to -2 so you can
256 * distinguish between an EOF from a savefile and a
257 * "no packets arrived before the timeout expired, try
258 * again" from a live capture.
259 */
260 if (status == 0)
261 return (-2);
262 else
263 return (status);
264 }
265
266 /*
267 * Return codes for pcap_read() are:
268 * - 0: timeout
269 * - -1: error
270 * - -2: loop was broken out of with pcap_breakloop()
271 * - >1: OK
272 * The first one ('0') conflicts with the return code of 0 from
273 * pcap_offline_read() meaning "end of file".
274 */
275 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
276 }
277
278 #if defined(DAG_ONLY)
279 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)280 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
281 {
282 return (dag_findalldevs(alldevsp, errbuf));
283 }
284
285 pcap_t *
pcap_create(const char * source,char * errbuf)286 pcap_create(const char *source, char *errbuf)
287 {
288 int is_ours;
289 return (dag_create(source, errbuf, &is_ours));
290 }
291 #elif defined(SEPTEL_ONLY)
292 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)293 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
294 {
295 return (septel_findalldevs(alldevsp, errbuf));
296 }
297
298 pcap_t *
pcap_create(const char * source,char * errbuf)299 pcap_create(const char *source, char *errbuf)
300 {
301 int is_ours;
302 return (septel_create(source, errbuf, &is_ours));
303 }
304 #elif defined(SNF_ONLY)
305 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)306 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
307 {
308 return (snf_findalldevs(alldevsp, errbuf));
309 }
310
311 pcap_t *
pcap_create(const char * source,char * errbuf)312 pcap_create(const char *source, char *errbuf)
313 {
314 int is_ours;
315 return (snf_create(source, errbuf, &is_ours));
316 }
317 #else /* regular pcap */
318 struct capture_source_type {
319 int (*findalldevs_op)(pcap_if_t **, char *);
320 pcap_t *(*create_op)(const char *, char *, int *);
321 } capture_source_types[] = {
322 #ifdef HAVE_DAG_API
323 { dag_findalldevs, dag_create },
324 #endif
325 #ifdef HAVE_SEPTEL_API
326 { septel_findalldevs, septel_create },
327 #endif
328 #ifdef HAVE_SNF_API
329 { snf_findalldevs, snf_create },
330 #endif
331 #ifdef PCAP_SUPPORT_BT
332 { bt_findalldevs, bt_create },
333 #endif
334 #ifdef PCAP_SUPPORT_BT_MONITOR
335 { bt_monitor_findalldevs, bt_monitor_create },
336 #endif
337 #if PCAP_SUPPORT_CANUSB
338 { canusb_findalldevs, canusb_create },
339 #endif
340 #ifdef PCAP_SUPPORT_CAN
341 { can_findalldevs, can_create },
342 #endif
343 #ifdef PCAP_SUPPORT_USB
344 { usb_findalldevs, usb_create },
345 #endif
346 #ifdef PCAP_SUPPORT_NETFILTER
347 { netfilter_findalldevs, netfilter_create },
348 #endif
349 #ifdef PCAP_SUPPORT_DBUS
350 { dbus_findalldevs, dbus_create },
351 #endif
352 { NULL, NULL }
353 };
354
355 /*
356 * Get a list of all capture sources that are up and that we can open.
357 * Returns -1 on error, 0 otherwise.
358 * The list, as returned through "alldevsp", may be null if no interfaces
359 * were up and could be opened.
360 */
361 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)362 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
363 {
364 size_t i;
365
366 /*
367 * Get the list of regular interfaces first.
368 */
369 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1)
370 return (-1); /* failure */
371
372 /*
373 * Add any interfaces that need a platform-specific mechanism
374 * to find.
375 */
376 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) {
377 /*
378 * We had an error; free the list we've been
379 * constructing.
380 */
381 if (*alldevsp != NULL) {
382 pcap_freealldevs(*alldevsp);
383 *alldevsp = NULL;
384 }
385 return (-1);
386 }
387
388 /*
389 * Ask each of the non-local-network-interface capture
390 * source types what interfaces they have.
391 */
392 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
393 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
394 /*
395 * We had an error; free the list we've been
396 * constructing.
397 */
398 if (*alldevsp != NULL) {
399 pcap_freealldevs(*alldevsp);
400 *alldevsp = NULL;
401 }
402 return (-1);
403 }
404 }
405
406 return (0);
407 }
408
409 pcap_t *
pcap_create(const char * source,char * errbuf)410 pcap_create(const char *source, char *errbuf)
411 {
412 size_t i;
413 int is_theirs;
414 pcap_t *p;
415
416 /*
417 * A null source name is equivalent to the "any" device -
418 * which might not be supported on this platform, but
419 * this means that you'll get a "not supported" error
420 * rather than, say, a crash when we try to dereference
421 * the null pointer.
422 */
423 if (source == NULL)
424 source = "any";
425
426 /*
427 * Try each of the non-local-network-interface capture
428 * source types until we find one that works for this
429 * device or run out of types.
430 */
431 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
432 is_theirs = 0;
433 p = capture_source_types[i].create_op(source, errbuf, &is_theirs);
434 if (is_theirs) {
435 /*
436 * The device name refers to a device of the
437 * type in question; either it succeeded,
438 * in which case p refers to a pcap_t to
439 * later activate for the device, or it
440 * failed, in which case p is null and we
441 * should return that to report the failure
442 * to create.
443 */
444 return (p);
445 }
446 }
447
448 /*
449 * OK, try it as a regular network interface.
450 */
451 return (pcap_create_interface(source, errbuf));
452 }
453 #endif
454
455 static void
initialize_ops(pcap_t * p)456 initialize_ops(pcap_t *p)
457 {
458 /*
459 * Set operation pointers for operations that only work on
460 * an activated pcap_t to point to a routine that returns
461 * a "this isn't activated" error.
462 */
463 p->read_op = (read_op_t)pcap_not_initialized;
464 p->inject_op = (inject_op_t)pcap_not_initialized;
465 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
466 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
467 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
468 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
469 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
470 p->stats_op = (stats_op_t)pcap_not_initialized;
471 #ifdef WIN32
472 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
473 p->setmode_op = (setmode_op_t)pcap_not_initialized;
474 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
475 p->getadapter_op = pcap_no_adapter;
476 #endif
477
478 /*
479 * Default cleanup operation - implementations can override
480 * this, but should call pcap_cleanup_live_common() after
481 * doing their own additional cleanup.
482 */
483 p->cleanup_op = pcap_cleanup_live_common;
484
485 /*
486 * In most cases, the standard one-shot callback can
487 * be used for pcap_next()/pcap_next_ex().
488 */
489 p->oneshot_callback = pcap_oneshot;
490 }
491
492 static pcap_t *
pcap_alloc_pcap_t(char * ebuf,size_t size)493 pcap_alloc_pcap_t(char *ebuf, size_t size)
494 {
495 char *chunk;
496 pcap_t *p;
497
498 /*
499 * Allocate a chunk of memory big enough for a pcap_t
500 * plus a structure following it of size "size". The
501 * structure following it is a private data structure
502 * for the routines that handle this pcap_t.
503 */
504 chunk = malloc(sizeof (pcap_t) + size);
505 if (chunk == NULL) {
506 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
507 pcap_strerror(errno));
508 return (NULL);
509 }
510 memset(chunk, 0, sizeof (pcap_t) + size);
511
512 /*
513 * Get a pointer to the pcap_t at the beginning.
514 */
515 p = (pcap_t *)chunk;
516
517 #ifndef WIN32
518 p->fd = -1; /* not opened yet */
519 p->selectable_fd = -1;
520 #endif
521
522 if (size == 0) {
523 /* No private data was requested. */
524 p->priv = NULL;
525 } else {
526 /*
527 * Set the pointer to the private data; that's the structure
528 * of size "size" following the pcap_t.
529 */
530 p->priv = (void *)(chunk + sizeof (pcap_t));
531 }
532
533 return (p);
534 }
535
536 pcap_t *
pcap_create_common(const char * source,char * ebuf,size_t size)537 pcap_create_common(const char *source, char *ebuf, size_t size)
538 {
539 pcap_t *p;
540
541 p = pcap_alloc_pcap_t(ebuf, size);
542 if (p == NULL)
543 return (NULL);
544
545 p->opt.source = strdup(source);
546 if (p->opt.source == NULL) {
547 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
548 pcap_strerror(errno));
549 free(p);
550 return (NULL);
551 }
552
553 /*
554 * Default to "can't set rfmon mode"; if it's supported by
555 * a platform, the create routine that called us can set
556 * the op to its routine to check whether a particular
557 * device supports it.
558 */
559 p->can_set_rfmon_op = pcap_cant_set_rfmon;
560
561 initialize_ops(p);
562
563 /* put in some defaults*/
564 pcap_set_snaplen(p, MAXIMUM_SNAPLEN); /* max packet size */
565 p->opt.timeout = 0; /* no timeout specified */
566 p->opt.buffer_size = 0; /* use the platform's default */
567 p->opt.promisc = 0;
568 p->opt.rfmon = 0;
569 p->opt.immediate = 0;
570 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
571 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
572
573 /*
574 * Start out with no BPF code generation flags set.
575 */
576 p->bpf_codegen_flags = 0;
577
578 return (p);
579 }
580
581 int
pcap_check_activated(pcap_t * p)582 pcap_check_activated(pcap_t *p)
583 {
584 if (p->activated) {
585 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
586 " operation on activated capture");
587 return (-1);
588 }
589 return (0);
590 }
591
592 int
pcap_set_snaplen(pcap_t * p,int snaplen)593 pcap_set_snaplen(pcap_t *p, int snaplen)
594 {
595 if (pcap_check_activated(p))
596 return (PCAP_ERROR_ACTIVATED);
597 p->snapshot = snaplen;
598 return (0);
599 }
600
601 int
pcap_set_promisc(pcap_t * p,int promisc)602 pcap_set_promisc(pcap_t *p, int promisc)
603 {
604 if (pcap_check_activated(p))
605 return (PCAP_ERROR_ACTIVATED);
606 p->opt.promisc = promisc;
607 return (0);
608 }
609
610 int
pcap_set_rfmon(pcap_t * p,int rfmon)611 pcap_set_rfmon(pcap_t *p, int rfmon)
612 {
613 if (pcap_check_activated(p))
614 return (PCAP_ERROR_ACTIVATED);
615 p->opt.rfmon = rfmon;
616 return (0);
617 }
618
619 int
pcap_set_timeout(pcap_t * p,int timeout_ms)620 pcap_set_timeout(pcap_t *p, int timeout_ms)
621 {
622 if (pcap_check_activated(p))
623 return (PCAP_ERROR_ACTIVATED);
624 p->opt.timeout = timeout_ms;
625 return (0);
626 }
627
628 int
pcap_set_tstamp_type(pcap_t * p,int tstamp_type)629 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
630 {
631 int i;
632
633 if (pcap_check_activated(p))
634 return (PCAP_ERROR_ACTIVATED);
635
636 /*
637 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
638 * the default time stamp type is PCAP_TSTAMP_HOST.
639 */
640 if (p->tstamp_type_count == 0) {
641 if (tstamp_type == PCAP_TSTAMP_HOST) {
642 p->opt.tstamp_type = tstamp_type;
643 return (0);
644 }
645 } else {
646 /*
647 * Check whether we claim to support this type of time stamp.
648 */
649 for (i = 0; i < p->tstamp_type_count; i++) {
650 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
651 /*
652 * Yes.
653 */
654 p->opt.tstamp_type = tstamp_type;
655 return (0);
656 }
657 }
658 }
659
660 /*
661 * We don't support this type of time stamp.
662 */
663 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
664 }
665
666 int
pcap_set_immediate_mode(pcap_t * p,int immediate)667 pcap_set_immediate_mode(pcap_t *p, int immediate)
668 {
669 if (pcap_check_activated(p))
670 return (PCAP_ERROR_ACTIVATED);
671 p->opt.immediate = immediate;
672 return (0);
673 }
674
675 int
pcap_set_buffer_size(pcap_t * p,int buffer_size)676 pcap_set_buffer_size(pcap_t *p, int buffer_size)
677 {
678 if (pcap_check_activated(p))
679 return (PCAP_ERROR_ACTIVATED);
680 p->opt.buffer_size = buffer_size;
681 return (0);
682 }
683
684 int
pcap_set_tstamp_precision(pcap_t * p,int tstamp_precision)685 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
686 {
687 int i;
688
689 if (pcap_check_activated(p))
690 return (PCAP_ERROR_ACTIVATED);
691
692 /*
693 * If p->tstamp_precision_count is 0, we only support setting
694 * the time stamp precision to microsecond precision; every
695 * pcap module *MUST* support microsecond precision, even if
696 * it does so by converting the native precision to
697 * microseconds.
698 */
699 if (p->tstamp_precision_count == 0) {
700 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
701 p->opt.tstamp_precision = tstamp_precision;
702 return (0);
703 }
704 } else {
705 /*
706 * Check whether we claim to support this precision of
707 * time stamp.
708 */
709 for (i = 0; i < p->tstamp_precision_count; i++) {
710 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
711 /*
712 * Yes.
713 */
714 p->opt.tstamp_precision = tstamp_precision;
715 return (0);
716 }
717 }
718 }
719
720 /*
721 * We don't support this time stamp precision.
722 */
723 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
724 }
725
726 int
pcap_get_tstamp_precision(pcap_t * p)727 pcap_get_tstamp_precision(pcap_t *p)
728 {
729 return (p->opt.tstamp_precision);
730 }
731
732 int
pcap_activate(pcap_t * p)733 pcap_activate(pcap_t *p)
734 {
735 int status;
736
737 /*
738 * Catch attempts to re-activate an already-activated
739 * pcap_t; this should, for example, catch code that
740 * calls pcap_open_live() followed by pcap_activate(),
741 * as some code that showed up in a Stack Exchange
742 * question did.
743 */
744 if (pcap_check_activated(p))
745 return (PCAP_ERROR_ACTIVATED);
746 status = p->activate_op(p);
747 if (status >= 0)
748 p->activated = 1;
749 else {
750 if (p->errbuf[0] == '\0') {
751 /*
752 * No error message supplied by the activate routine;
753 * for the benefit of programs that don't specially
754 * handle errors other than PCAP_ERROR, return the
755 * error message corresponding to the status.
756 */
757 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
758 pcap_statustostr(status));
759 }
760
761 /*
762 * Undo any operation pointer setting, etc. done by
763 * the activate operation.
764 */
765 initialize_ops(p);
766 }
767 return (status);
768 }
769
770 pcap_t *
pcap_open_live(const char * source,int snaplen,int promisc,int to_ms,char * errbuf)771 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
772 {
773 pcap_t *p;
774 int status;
775
776 p = pcap_create(source, errbuf);
777 if (p == NULL)
778 return (NULL);
779 status = pcap_set_snaplen(p, snaplen);
780 if (status < 0)
781 goto fail;
782 status = pcap_set_promisc(p, promisc);
783 if (status < 0)
784 goto fail;
785 status = pcap_set_timeout(p, to_ms);
786 if (status < 0)
787 goto fail;
788 /*
789 * Mark this as opened with pcap_open_live(), so that, for
790 * example, we show the full list of DLT_ values, rather
791 * than just the ones that are compatible with capturing
792 * when not in monitor mode. That allows existing applications
793 * to work the way they used to work, but allows new applications
794 * that know about the new open API to, for example, find out the
795 * DLT_ values that they can select without changing whether
796 * the adapter is in monitor mode or not.
797 */
798 p->oldstyle = 1;
799 status = pcap_activate(p);
800 if (status < 0)
801 goto fail;
802 return (p);
803 fail:
804 if (status == PCAP_ERROR)
805 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
806 p->errbuf);
807 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
808 status == PCAP_ERROR_PERM_DENIED ||
809 status == PCAP_ERROR_PROMISC_PERM_DENIED)
810 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
811 pcap_statustostr(status), p->errbuf);
812 else
813 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
814 pcap_statustostr(status));
815 pcap_close(p);
816 return (NULL);
817 }
818
819 pcap_t *
pcap_open_offline_common(char * ebuf,size_t size)820 pcap_open_offline_common(char *ebuf, size_t size)
821 {
822 pcap_t *p;
823
824 p = pcap_alloc_pcap_t(ebuf, size);
825 if (p == NULL)
826 return (NULL);
827
828 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
829 p->opt.source = strdup("(savefile)");
830 if (p->opt.source == NULL) {
831 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
832 pcap_strerror(errno));
833 free(p);
834 return (NULL);
835 }
836
837 return (p);
838 }
839
840 int
pcap_dispatch(pcap_t * p,int cnt,pcap_handler callback,u_char * user)841 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
842 {
843 return (p->read_op(p, cnt, callback, user));
844 }
845
846 /*
847 * XXX - is this necessary?
848 */
849 int
pcap_read(pcap_t * p,int cnt,pcap_handler callback,u_char * user)850 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
851 {
852
853 return (p->read_op(p, cnt, callback, user));
854 }
855
856 int
pcap_loop(pcap_t * p,int cnt,pcap_handler callback,u_char * user)857 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
858 {
859 register int n;
860
861 for (;;) {
862 if (p->rfile != NULL) {
863 /*
864 * 0 means EOF, so don't loop if we get 0.
865 */
866 n = pcap_offline_read(p, cnt, callback, user);
867 } else {
868 /*
869 * XXX keep reading until we get something
870 * (or an error occurs)
871 */
872 do {
873 n = p->read_op(p, cnt, callback, user);
874 } while (n == 0);
875 }
876 if (n <= 0)
877 return (n);
878 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
879 cnt -= n;
880 if (cnt <= 0)
881 return (0);
882 }
883 }
884 }
885
886 /*
887 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
888 */
889 void
pcap_breakloop(pcap_t * p)890 pcap_breakloop(pcap_t *p)
891 {
892 p->break_loop = 1;
893 }
894
895 int
pcap_datalink(pcap_t * p)896 pcap_datalink(pcap_t *p)
897 {
898 if (!p->activated)
899 return (PCAP_ERROR_NOT_ACTIVATED);
900 return (p->linktype);
901 }
902
903 int
pcap_datalink_ext(pcap_t * p)904 pcap_datalink_ext(pcap_t *p)
905 {
906 if (!p->activated)
907 return (PCAP_ERROR_NOT_ACTIVATED);
908 return (p->linktype_ext);
909 }
910
911 int
pcap_list_datalinks(pcap_t * p,int ** dlt_buffer)912 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
913 {
914 if (!p->activated)
915 return (PCAP_ERROR_NOT_ACTIVATED);
916 if (p->dlt_count == 0) {
917 /*
918 * We couldn't fetch the list of DLTs, which means
919 * this platform doesn't support changing the
920 * DLT for an interface. Return a list of DLTs
921 * containing only the DLT this device supports.
922 */
923 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
924 if (*dlt_buffer == NULL) {
925 (void)snprintf(p->errbuf, sizeof(p->errbuf),
926 "malloc: %s", pcap_strerror(errno));
927 return (PCAP_ERROR);
928 }
929 **dlt_buffer = p->linktype;
930 return (1);
931 } else {
932 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
933 if (*dlt_buffer == NULL) {
934 (void)snprintf(p->errbuf, sizeof(p->errbuf),
935 "malloc: %s", pcap_strerror(errno));
936 return (PCAP_ERROR);
937 }
938 (void)memcpy(*dlt_buffer, p->dlt_list,
939 sizeof(**dlt_buffer) * p->dlt_count);
940 return (p->dlt_count);
941 }
942 }
943
944 /*
945 * In Windows, you might have a library built with one version of the
946 * C runtime library and an application built with another version of
947 * the C runtime library, which means that the library might use one
948 * version of malloc() and free() and the application might use another
949 * version of malloc() and free(). If so, that means something
950 * allocated by the library cannot be freed by the application, so we
951 * need to have a pcap_free_datalinks() routine to free up the list
952 * allocated by pcap_list_datalinks(), even though it's just a wrapper
953 * around free().
954 */
955 void
pcap_free_datalinks(int * dlt_list)956 pcap_free_datalinks(int *dlt_list)
957 {
958 free(dlt_list);
959 }
960
961 int
pcap_set_datalink(pcap_t * p,int dlt)962 pcap_set_datalink(pcap_t *p, int dlt)
963 {
964 int i;
965 const char *dlt_name;
966
967 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
968 /*
969 * We couldn't fetch the list of DLTs, or we don't
970 * have a "set datalink" operation, which means
971 * this platform doesn't support changing the
972 * DLT for an interface. Check whether the new
973 * DLT is the one this interface supports.
974 */
975 if (p->linktype != dlt)
976 goto unsupported;
977
978 /*
979 * It is, so there's nothing we need to do here.
980 */
981 return (0);
982 }
983 for (i = 0; i < p->dlt_count; i++)
984 if (p->dlt_list[i] == (u_int)dlt)
985 break;
986 if (i >= p->dlt_count)
987 goto unsupported;
988 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
989 dlt == DLT_DOCSIS) {
990 /*
991 * This is presumably an Ethernet device, as the first
992 * link-layer type it offers is DLT_EN10MB, and the only
993 * other type it offers is DLT_DOCSIS. That means that
994 * we can't tell the driver to supply DOCSIS link-layer
995 * headers - we're just pretending that's what we're
996 * getting, as, presumably, we're capturing on a dedicated
997 * link to a Cisco Cable Modem Termination System, and
998 * it's putting raw DOCSIS frames on the wire inside low-level
999 * Ethernet framing.
1000 */
1001 p->linktype = dlt;
1002 return (0);
1003 }
1004 if (p->set_datalink_op(p, dlt) == -1)
1005 return (-1);
1006 p->linktype = dlt;
1007 return (0);
1008
1009 unsupported:
1010 dlt_name = pcap_datalink_val_to_name(dlt);
1011 if (dlt_name != NULL) {
1012 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1013 "%s is not one of the DLTs supported by this device",
1014 dlt_name);
1015 } else {
1016 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1017 "DLT %d is not one of the DLTs supported by this device",
1018 dlt);
1019 }
1020 return (-1);
1021 }
1022
1023 /*
1024 * This array is designed for mapping upper and lower case letter
1025 * together for a case independent comparison. The mappings are
1026 * based upon ascii character sequences.
1027 */
1028 static const u_char charmap[] = {
1029 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1030 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1031 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1032 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1033 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1034 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1035 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1036 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1037 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1038 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1039 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1040 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1041 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1042 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1043 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1044 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1045 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1046 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1047 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1048 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1049 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1050 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1051 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1052 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1053 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1054 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1055 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1056 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1057 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1058 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1059 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1060 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1061 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1062 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1063 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1064 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1065 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1066 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1067 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1068 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1069 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1070 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1071 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1072 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1073 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1074 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1075 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1076 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1077 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1078 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1079 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1080 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1081 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1082 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1083 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1084 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1085 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1086 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1087 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1088 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1089 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1090 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1091 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1092 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1093 };
1094
1095 int
pcap_strcasecmp(const char * s1,const char * s2)1096 pcap_strcasecmp(const char *s1, const char *s2)
1097 {
1098 register const u_char *cm = charmap,
1099 *us1 = (const u_char *)s1,
1100 *us2 = (const u_char *)s2;
1101
1102 while (cm[*us1] == cm[*us2++])
1103 if (*us1++ == '\0')
1104 return(0);
1105 return (cm[*us1] - cm[*--us2]);
1106 }
1107
1108 struct dlt_choice {
1109 const char *name;
1110 const char *description;
1111 int dlt;
1112 };
1113
1114 #define DLT_CHOICE(code, description) { #code, description, code }
1115 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1116
1117 static struct dlt_choice dlt_choices[] = {
1118 DLT_CHOICE(DLT_NULL, "BSD loopback"),
1119 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
1120 DLT_CHOICE(DLT_IEEE802, "Token ring"),
1121 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
1122 DLT_CHOICE(DLT_SLIP, "SLIP"),
1123 DLT_CHOICE(DLT_PPP, "PPP"),
1124 DLT_CHOICE(DLT_FDDI, "FDDI"),
1125 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1126 DLT_CHOICE(DLT_RAW, "Raw IP"),
1127 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
1128 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
1129 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
1130 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
1131 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
1132 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
1133 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
1134 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
1135 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
1136 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
1137 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
1138 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
1139 DLT_CHOICE(DLT_LTALK, "Localtalk"),
1140 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
1141 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
1142 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
1143 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1144 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
1145 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
1146 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
1147 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1148 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1149 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
1150 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
1151 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1152 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
1153 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1154 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
1155 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1156 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1157 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
1158 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
1159 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
1160 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
1161 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
1162 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1163 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1164 DLT_CHOICE(DLT_BACNET_MS_TP, "BACnet MS/TP"),
1165 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
1166 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
1167 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1168 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
1169 DLT_CHOICE(DLT_GPF_T, "GPF-T"),
1170 DLT_CHOICE(DLT_GPF_F, "GPF-F"),
1171 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1172 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"),
1173 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
1174 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
1175 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
1176 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
1177 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
1178 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
1179 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
1180 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
1181 DLT_CHOICE(DLT_A429, "Arinc 429"),
1182 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
1183 DLT_CHOICE(DLT_USB, "USB"),
1184 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1185 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1186 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
1187 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1188 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1189 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
1190 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1191 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
1192 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1193 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
1194 DLT_CHOICE(DLT_ERF, "Endace ERF header"),
1195 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
1196 DLT_CHOICE(DLT_IPMB, "IPMB"),
1197 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
1198 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1199 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
1200 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1201 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
1202 DLT_CHOICE(DLT_LINUX_EVDEV, "Linux evdev events"),
1203 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
1204 DLT_CHOICE(DLT_DECT, "DECT"),
1205 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"),
1206 DLT_CHOICE(DLT_WIHART, "Wireless HART"),
1207 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"),
1208 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1209 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"),
1210 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1211 DLT_CHOICE(DLT_IPV4, "Raw IPv4"),
1212 DLT_CHOICE(DLT_IPV6, "Raw IPv6"),
1213 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1214 DLT_CHOICE(DLT_DBUS, "D-Bus"),
1215 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"),
1216 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1217 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1218 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"),
1219 DLT_CHOICE(DLT_MUX27010, "MUX27010"),
1220 DLT_CHOICE(DLT_STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
1221 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1222 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"),
1223 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1224 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1225 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"),
1226 DLT_CHOICE(DLT_MPEG_2_TS, "MPEG-2 transport stream"),
1227 DLT_CHOICE(DLT_NG40, "ng40 protocol tester Iub/Iur"),
1228 DLT_CHOICE(DLT_NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
1229 DLT_CHOICE(DLT_INFINIBAND, "InfiniBand"),
1230 DLT_CHOICE(DLT_SCTP, "SCTP"),
1231 DLT_CHOICE(DLT_USBPCAP, "USB with USBPcap header"),
1232 DLT_CHOICE(DLT_RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
1233 DLT_CHOICE(DLT_BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
1234 DLT_CHOICE(DLT_NETLINK, "Linux netlink"),
1235 DLT_CHOICE(DLT_BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
1236 DLT_CHOICE(DLT_BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
1237 DLT_CHOICE(DLT_BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
1238 DLT_CHOICE(DLT_PROFIBUS_DL, "PROFIBUS data link layer"),
1239 DLT_CHOICE(DLT_PKTAP, "Apple DLT_PKTAP"),
1240 DLT_CHOICE(DLT_EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
1241 DLT_CHOICE_SENTINEL
1242 };
1243
1244 int
pcap_datalink_name_to_val(const char * name)1245 pcap_datalink_name_to_val(const char *name)
1246 {
1247 int i;
1248
1249 for (i = 0; dlt_choices[i].name != NULL; i++) {
1250 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
1251 name) == 0)
1252 return (dlt_choices[i].dlt);
1253 }
1254 return (-1);
1255 }
1256
1257 const char *
pcap_datalink_val_to_name(int dlt)1258 pcap_datalink_val_to_name(int dlt)
1259 {
1260 int i;
1261
1262 for (i = 0; dlt_choices[i].name != NULL; i++) {
1263 if (dlt_choices[i].dlt == dlt)
1264 return (dlt_choices[i].name + sizeof("DLT_") - 1);
1265 }
1266 return (NULL);
1267 }
1268
1269 const char *
pcap_datalink_val_to_description(int dlt)1270 pcap_datalink_val_to_description(int dlt)
1271 {
1272 int i;
1273
1274 for (i = 0; dlt_choices[i].name != NULL; i++) {
1275 if (dlt_choices[i].dlt == dlt)
1276 return (dlt_choices[i].description);
1277 }
1278 return (NULL);
1279 }
1280
1281 struct tstamp_type_choice {
1282 const char *name;
1283 const char *description;
1284 int type;
1285 };
1286
1287 static struct tstamp_type_choice tstamp_type_choices[] = {
1288 { "host", "Host", PCAP_TSTAMP_HOST },
1289 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1290 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1291 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1292 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1293 { NULL, NULL, 0 }
1294 };
1295
1296 int
pcap_tstamp_type_name_to_val(const char * name)1297 pcap_tstamp_type_name_to_val(const char *name)
1298 {
1299 int i;
1300
1301 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1302 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1303 return (tstamp_type_choices[i].type);
1304 }
1305 return (PCAP_ERROR);
1306 }
1307
1308 const char *
pcap_tstamp_type_val_to_name(int tstamp_type)1309 pcap_tstamp_type_val_to_name(int tstamp_type)
1310 {
1311 int i;
1312
1313 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1314 if (tstamp_type_choices[i].type == tstamp_type)
1315 return (tstamp_type_choices[i].name);
1316 }
1317 return (NULL);
1318 }
1319
1320 const char *
pcap_tstamp_type_val_to_description(int tstamp_type)1321 pcap_tstamp_type_val_to_description(int tstamp_type)
1322 {
1323 int i;
1324
1325 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1326 if (tstamp_type_choices[i].type == tstamp_type)
1327 return (tstamp_type_choices[i].description);
1328 }
1329 return (NULL);
1330 }
1331
1332 int
pcap_snapshot(pcap_t * p)1333 pcap_snapshot(pcap_t *p)
1334 {
1335 if (!p->activated)
1336 return (PCAP_ERROR_NOT_ACTIVATED);
1337 return (p->snapshot);
1338 }
1339
1340 int
pcap_is_swapped(pcap_t * p)1341 pcap_is_swapped(pcap_t *p)
1342 {
1343 if (!p->activated)
1344 return (PCAP_ERROR_NOT_ACTIVATED);
1345 return (p->swapped);
1346 }
1347
1348 int
pcap_major_version(pcap_t * p)1349 pcap_major_version(pcap_t *p)
1350 {
1351 if (!p->activated)
1352 return (PCAP_ERROR_NOT_ACTIVATED);
1353 return (p->version_major);
1354 }
1355
1356 int
pcap_minor_version(pcap_t * p)1357 pcap_minor_version(pcap_t *p)
1358 {
1359 if (!p->activated)
1360 return (PCAP_ERROR_NOT_ACTIVATED);
1361 return (p->version_minor);
1362 }
1363
1364 FILE *
pcap_file(pcap_t * p)1365 pcap_file(pcap_t *p)
1366 {
1367 return (p->rfile);
1368 }
1369
1370 int
pcap_fileno(pcap_t * p)1371 pcap_fileno(pcap_t *p)
1372 {
1373 #ifndef WIN32
1374 return (p->fd);
1375 #else
1376 if (p->adapter != NULL)
1377 return ((int)(DWORD)p->adapter->hFile);
1378 else
1379 return (PCAP_ERROR);
1380 #endif
1381 }
1382
1383 #if !defined(WIN32) && !defined(MSDOS)
1384 int
pcap_get_selectable_fd(pcap_t * p)1385 pcap_get_selectable_fd(pcap_t *p)
1386 {
1387 return (p->selectable_fd);
1388 }
1389 #endif
1390
1391 void
pcap_perror(pcap_t * p,char * prefix)1392 pcap_perror(pcap_t *p, char *prefix)
1393 {
1394 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1395 }
1396
1397 char *
pcap_geterr(pcap_t * p)1398 pcap_geterr(pcap_t *p)
1399 {
1400 return (p->errbuf);
1401 }
1402
1403 int
pcap_getnonblock(pcap_t * p,char * errbuf)1404 pcap_getnonblock(pcap_t *p, char *errbuf)
1405 {
1406 int ret;
1407
1408 ret = p->getnonblock_op(p, errbuf);
1409 if (ret == -1) {
1410 /*
1411 * In case somebody depended on the bug wherein
1412 * the error message was put into p->errbuf
1413 * by pcap_getnonblock_fd().
1414 */
1415 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1416 }
1417 return (ret);
1418 }
1419
1420 /*
1421 * Get the current non-blocking mode setting, under the assumption that
1422 * it's just the standard POSIX non-blocking flag.
1423 *
1424 * We don't look at "p->nonblock", in case somebody tweaked the FD
1425 * directly.
1426 */
1427 #if !defined(WIN32) && !defined(MSDOS)
1428 int
pcap_getnonblock_fd(pcap_t * p,char * errbuf)1429 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1430 {
1431 int fdflags;
1432
1433 fdflags = fcntl(p->fd, F_GETFL, 0);
1434 if (fdflags == -1) {
1435 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1436 pcap_strerror(errno));
1437 return (-1);
1438 }
1439 if (fdflags & O_NONBLOCK)
1440 return (1);
1441 else
1442 return (0);
1443 }
1444 #endif
1445
1446 int
pcap_setnonblock(pcap_t * p,int nonblock,char * errbuf)1447 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1448 {
1449 int ret;
1450
1451 ret = p->setnonblock_op(p, nonblock, errbuf);
1452 if (ret == -1) {
1453 /*
1454 * In case somebody depended on the bug wherein
1455 * the error message was put into p->errbuf
1456 * by pcap_setnonblock_fd().
1457 */
1458 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1459 }
1460 return (ret);
1461 }
1462
1463 #if !defined(WIN32) && !defined(MSDOS)
1464 /*
1465 * Set non-blocking mode, under the assumption that it's just the
1466 * standard POSIX non-blocking flag. (This can be called by the
1467 * per-platform non-blocking-mode routine if that routine also
1468 * needs to do some additional work.)
1469 */
1470 int
pcap_setnonblock_fd(pcap_t * p,int nonblock,char * errbuf)1471 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1472 {
1473 int fdflags;
1474
1475 fdflags = fcntl(p->fd, F_GETFL, 0);
1476 if (fdflags == -1) {
1477 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1478 pcap_strerror(errno));
1479 return (-1);
1480 }
1481 if (nonblock)
1482 fdflags |= O_NONBLOCK;
1483 else
1484 fdflags &= ~O_NONBLOCK;
1485 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1486 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1487 pcap_strerror(errno));
1488 return (-1);
1489 }
1490 return (0);
1491 }
1492 #endif
1493
1494 #ifdef WIN32
1495 /*
1496 * Generate a string for the last Win32-specific error (i.e. an error generated when
1497 * calling a Win32 API).
1498 * For errors occurred during standard C calls, we still use pcap_strerror()
1499 */
1500 char *
pcap_win32strerror(void)1501 pcap_win32strerror(void)
1502 {
1503 DWORD error;
1504 static char errbuf[PCAP_ERRBUF_SIZE+1];
1505 int errlen;
1506 char *p;
1507
1508 error = GetLastError();
1509 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1510 PCAP_ERRBUF_SIZE, NULL);
1511
1512 /*
1513 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1514 * message. Get rid of it.
1515 */
1516 errlen = strlen(errbuf);
1517 if (errlen >= 2) {
1518 errbuf[errlen - 1] = '\0';
1519 errbuf[errlen - 2] = '\0';
1520 }
1521 p = strchr(errbuf, '\0');
1522 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
1523 return (errbuf);
1524 }
1525 #endif
1526
1527 /*
1528 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1529 */
1530 const char *
pcap_statustostr(int errnum)1531 pcap_statustostr(int errnum)
1532 {
1533 static char ebuf[15+10+1];
1534
1535 switch (errnum) {
1536
1537 case PCAP_WARNING:
1538 return("Generic warning");
1539
1540 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1541 return ("That type of time stamp is not supported by that device");
1542
1543 case PCAP_WARNING_PROMISC_NOTSUP:
1544 return ("That device doesn't support promiscuous mode");
1545
1546 case PCAP_ERROR:
1547 return("Generic error");
1548
1549 case PCAP_ERROR_BREAK:
1550 return("Loop terminated by pcap_breakloop");
1551
1552 case PCAP_ERROR_NOT_ACTIVATED:
1553 return("The pcap_t has not been activated");
1554
1555 case PCAP_ERROR_ACTIVATED:
1556 return ("The setting can't be changed after the pcap_t is activated");
1557
1558 case PCAP_ERROR_NO_SUCH_DEVICE:
1559 return ("No such device exists");
1560
1561 case PCAP_ERROR_RFMON_NOTSUP:
1562 return ("That device doesn't support monitor mode");
1563
1564 case PCAP_ERROR_NOT_RFMON:
1565 return ("That operation is supported only in monitor mode");
1566
1567 case PCAP_ERROR_PERM_DENIED:
1568 return ("You don't have permission to capture on that device");
1569
1570 case PCAP_ERROR_IFACE_NOT_UP:
1571 return ("That device is not up");
1572
1573 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1574 return ("That device doesn't support setting the time stamp type");
1575
1576 case PCAP_ERROR_PROMISC_PERM_DENIED:
1577 return ("You don't have permission to capture in promiscuous mode on that device");
1578
1579 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
1580 return ("That device doesn't support that time stamp precision");
1581 }
1582 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1583 return(ebuf);
1584 }
1585
1586 /*
1587 * Not all systems have strerror().
1588 */
1589 const char *
pcap_strerror(int errnum)1590 pcap_strerror(int errnum)
1591 {
1592 #ifdef HAVE_STRERROR
1593 return (strerror(errnum));
1594 #else
1595 extern int sys_nerr;
1596 extern const char *const sys_errlist[];
1597 static char ebuf[15+10+1];
1598
1599 if ((unsigned int)errnum < sys_nerr)
1600 return ((char *)sys_errlist[errnum]);
1601 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1602 return(ebuf);
1603 #endif
1604 }
1605
1606 int
pcap_setfilter(pcap_t * p,struct bpf_program * fp)1607 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1608 {
1609 return (p->setfilter_op(p, fp));
1610 }
1611
1612 /*
1613 * Set direction flag, which controls whether we accept only incoming
1614 * packets, only outgoing packets, or both.
1615 * Note that, depending on the platform, some or all direction arguments
1616 * might not be supported.
1617 */
1618 int
pcap_setdirection(pcap_t * p,pcap_direction_t d)1619 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1620 {
1621 if (p->setdirection_op == NULL) {
1622 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1623 "Setting direction is not implemented on this platform");
1624 return (-1);
1625 } else
1626 return (p->setdirection_op(p, d));
1627 }
1628
1629 int
pcap_stats(pcap_t * p,struct pcap_stat * ps)1630 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1631 {
1632 return (p->stats_op(p, ps));
1633 }
1634
1635 static int
pcap_stats_dead(pcap_t * p,struct pcap_stat * ps _U_)1636 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1637 {
1638 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1639 "Statistics aren't available from a pcap_open_dead pcap_t");
1640 return (-1);
1641 }
1642
1643 #ifdef WIN32
1644 int
pcap_setbuff(pcap_t * p,int dim)1645 pcap_setbuff(pcap_t *p, int dim)
1646 {
1647 return (p->setbuff_op(p, dim));
1648 }
1649
1650 static int
pcap_setbuff_dead(pcap_t * p,int dim)1651 pcap_setbuff_dead(pcap_t *p, int dim)
1652 {
1653 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1654 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1655 return (-1);
1656 }
1657
1658 int
pcap_setmode(pcap_t * p,int mode)1659 pcap_setmode(pcap_t *p, int mode)
1660 {
1661 return (p->setmode_op(p, mode));
1662 }
1663
1664 static int
pcap_setmode_dead(pcap_t * p,int mode)1665 pcap_setmode_dead(pcap_t *p, int mode)
1666 {
1667 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1668 "impossible to set mode on a pcap_open_dead pcap_t");
1669 return (-1);
1670 }
1671
1672 int
pcap_setmintocopy(pcap_t * p,int size)1673 pcap_setmintocopy(pcap_t *p, int size)
1674 {
1675 return (p->setmintocopy_op(p, size));
1676 }
1677
1678 Adapter *
pcap_get_adapter(pcap_t * p)1679 pcap_get_adapter(pcap_t *p)
1680 {
1681 return (p->getadapter_op(p));
1682 }
1683
1684 static int
pcap_setmintocopy_dead(pcap_t * p,int size)1685 pcap_setmintocopy_dead(pcap_t *p, int size)
1686 {
1687 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1688 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1689 return (-1);
1690 }
1691 #endif
1692
1693 /*
1694 * On some platforms, we need to clean up promiscuous or monitor mode
1695 * when we close a device - and we want that to happen even if the
1696 * application just exits without explicitl closing devices.
1697 * On those platforms, we need to register a "close all the pcaps"
1698 * routine to be called when we exit, and need to maintain a list of
1699 * pcaps that need to be closed to clean up modes.
1700 *
1701 * XXX - not thread-safe.
1702 */
1703
1704 /*
1705 * List of pcaps on which we've done something that needs to be
1706 * cleaned up.
1707 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1708 * when we exit, and have it close all of them.
1709 */
1710 static struct pcap *pcaps_to_close;
1711
1712 /*
1713 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1714 * be called on exit.
1715 */
1716 static int did_atexit;
1717
1718 static void
pcap_close_all(void)1719 pcap_close_all(void)
1720 {
1721 struct pcap *handle;
1722
1723 while ((handle = pcaps_to_close) != NULL)
1724 pcap_close(handle);
1725 }
1726
1727 int
pcap_do_addexit(pcap_t * p)1728 pcap_do_addexit(pcap_t *p)
1729 {
1730 /*
1731 * If we haven't already done so, arrange to have
1732 * "pcap_close_all()" called when we exit.
1733 */
1734 if (!did_atexit) {
1735 if (atexit(pcap_close_all) == -1) {
1736 /*
1737 * "atexit()" failed; let our caller know.
1738 */
1739 strncpy(p->errbuf, "atexit failed",
1740 PCAP_ERRBUF_SIZE);
1741 return (0);
1742 }
1743 did_atexit = 1;
1744 }
1745 return (1);
1746 }
1747
1748 void
pcap_add_to_pcaps_to_close(pcap_t * p)1749 pcap_add_to_pcaps_to_close(pcap_t *p)
1750 {
1751 p->next = pcaps_to_close;
1752 pcaps_to_close = p;
1753 }
1754
1755 void
pcap_remove_from_pcaps_to_close(pcap_t * p)1756 pcap_remove_from_pcaps_to_close(pcap_t *p)
1757 {
1758 pcap_t *pc, *prevpc;
1759
1760 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1761 prevpc = pc, pc = pc->next) {
1762 if (pc == p) {
1763 /*
1764 * Found it. Remove it from the list.
1765 */
1766 if (prevpc == NULL) {
1767 /*
1768 * It was at the head of the list.
1769 */
1770 pcaps_to_close = pc->next;
1771 } else {
1772 /*
1773 * It was in the middle of the list.
1774 */
1775 prevpc->next = pc->next;
1776 }
1777 break;
1778 }
1779 }
1780 }
1781
1782 void
pcap_cleanup_live_common(pcap_t * p)1783 pcap_cleanup_live_common(pcap_t *p)
1784 {
1785 if (p->buffer != NULL) {
1786 free(p->buffer);
1787 p->buffer = NULL;
1788 }
1789 if (p->dlt_list != NULL) {
1790 free(p->dlt_list);
1791 p->dlt_list = NULL;
1792 p->dlt_count = 0;
1793 }
1794 if (p->tstamp_type_list != NULL) {
1795 free(p->tstamp_type_list);
1796 p->tstamp_type_list = NULL;
1797 p->tstamp_type_count = 0;
1798 }
1799 if (p->tstamp_precision_list != NULL) {
1800 free(p->tstamp_precision_list);
1801 p->tstamp_precision_list = NULL;
1802 p->tstamp_precision_count = 0;
1803 }
1804 pcap_freecode(&p->fcode);
1805 #if !defined(WIN32) && !defined(MSDOS)
1806 if (p->fd >= 0) {
1807 close(p->fd);
1808 p->fd = -1;
1809 }
1810 p->selectable_fd = -1;
1811 #endif
1812 }
1813
1814 static void
pcap_cleanup_dead(pcap_t * p _U_)1815 pcap_cleanup_dead(pcap_t *p _U_)
1816 {
1817 /* Nothing to do. */
1818 }
1819
1820 pcap_t *
pcap_open_dead_with_tstamp_precision(int linktype,int snaplen,u_int precision)1821 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
1822 {
1823 pcap_t *p;
1824
1825 switch (precision) {
1826
1827 case PCAP_TSTAMP_PRECISION_MICRO:
1828 case PCAP_TSTAMP_PRECISION_NANO:
1829 break;
1830
1831 default:
1832 return NULL;
1833 }
1834 p = malloc(sizeof(*p));
1835 if (p == NULL)
1836 return NULL;
1837 memset (p, 0, sizeof(*p));
1838 p->snapshot = snaplen;
1839 p->linktype = linktype;
1840 p->opt.tstamp_precision = precision;
1841 p->stats_op = pcap_stats_dead;
1842 #ifdef WIN32
1843 p->setbuff_op = pcap_setbuff_dead;
1844 p->setmode_op = pcap_setmode_dead;
1845 p->setmintocopy_op = pcap_setmintocopy_dead;
1846 #endif
1847 p->cleanup_op = pcap_cleanup_dead;
1848
1849 /*
1850 * A "dead" pcap_t never requires special BPF code generation.
1851 */
1852 p->bpf_codegen_flags = 0;
1853
1854 p->activated = 1;
1855 return (p);
1856 }
1857
1858 pcap_t *
pcap_open_dead(int linktype,int snaplen)1859 pcap_open_dead(int linktype, int snaplen)
1860 {
1861 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
1862 PCAP_TSTAMP_PRECISION_MICRO));
1863 }
1864
1865 /*
1866 * API compatible with WinPcap's "send a packet" routine - returns -1
1867 * on error, 0 otherwise.
1868 *
1869 * XXX - what if we get a short write?
1870 */
1871 int
pcap_sendpacket(pcap_t * p,const u_char * buf,int size)1872 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
1873 {
1874 if (p->inject_op(p, buf, size) == -1)
1875 return (-1);
1876 return (0);
1877 }
1878
1879 /*
1880 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
1881 * error, number of bytes written otherwise.
1882 */
1883 int
pcap_inject(pcap_t * p,const void * buf,size_t size)1884 pcap_inject(pcap_t *p, const void *buf, size_t size)
1885 {
1886 return (p->inject_op(p, buf, size));
1887 }
1888
1889 void
pcap_close(pcap_t * p)1890 pcap_close(pcap_t *p)
1891 {
1892 if (p->opt.source != NULL)
1893 free(p->opt.source);
1894 p->cleanup_op(p);
1895 free(p);
1896 }
1897
1898 /*
1899 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
1900 * data for the packet, check whether the packet passes the filter.
1901 * Returns the return value of the filter program, which will be zero if
1902 * the packet doesn't pass and non-zero if the packet does pass.
1903 */
1904 int
pcap_offline_filter(const struct bpf_program * fp,const struct pcap_pkthdr * h,const u_char * pkt)1905 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
1906 const u_char *pkt)
1907 {
1908 const struct bpf_insn *fcode = fp->bf_insns;
1909
1910 if (fcode != NULL)
1911 return (bpf_filter(fcode, pkt, h->len, h->caplen));
1912 else
1913 return (0);
1914 }
1915
1916 /*
1917 * We make the version string static, and return a pointer to it, rather
1918 * than exporting the version string directly. On at least some UNIXes,
1919 * if you import data from a shared library into an program, the data is
1920 * bound into the program binary, so if the string in the version of the
1921 * library with which the program was linked isn't the same as the
1922 * string in the version of the library with which the program is being
1923 * run, various undesirable things may happen (warnings, the string
1924 * being the one from the version of the library with which the program
1925 * was linked, or even weirder things, such as the string being the one
1926 * from the library but being truncated).
1927 */
1928 #ifdef HAVE_VERSION_H
1929 #include "version.h"
1930 #else
1931 static const char pcap_version_string[] = "libpcap version 1.x.y";
1932 #endif
1933
1934 #ifdef WIN32
1935 /*
1936 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
1937 * version numbers when building WinPcap. (It'd be nice to do so for
1938 * the packet.dll version number as well.)
1939 */
1940 static const char wpcap_version_string[] = "4.0";
1941 static const char pcap_version_string_fmt[] =
1942 "WinPcap version %s, based on %s";
1943 static const char pcap_version_string_packet_dll_fmt[] =
1944 "WinPcap version %s (packet.dll version %s), based on %s";
1945 static char *full_pcap_version_string;
1946
1947 const char *
pcap_lib_version(void)1948 pcap_lib_version(void)
1949 {
1950 char *packet_version_string;
1951 size_t full_pcap_version_string_len;
1952
1953 if (full_pcap_version_string == NULL) {
1954 /*
1955 * Generate the version string.
1956 */
1957 packet_version_string = PacketGetVersion();
1958 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
1959 /*
1960 * WinPcap version string and packet.dll version
1961 * string are the same; just report the WinPcap
1962 * version.
1963 */
1964 full_pcap_version_string_len =
1965 (sizeof pcap_version_string_fmt - 4) +
1966 strlen(wpcap_version_string) +
1967 strlen(pcap_version_string);
1968 full_pcap_version_string =
1969 malloc(full_pcap_version_string_len);
1970 if (full_pcap_version_string == NULL)
1971 return (NULL);
1972 sprintf(full_pcap_version_string,
1973 pcap_version_string_fmt, wpcap_version_string,
1974 pcap_version_string);
1975 } else {
1976 /*
1977 * WinPcap version string and packet.dll version
1978 * string are different; that shouldn't be the
1979 * case (the two libraries should come from the
1980 * same version of WinPcap), so we report both
1981 * versions.
1982 */
1983 full_pcap_version_string_len =
1984 (sizeof pcap_version_string_packet_dll_fmt - 6) +
1985 strlen(wpcap_version_string) +
1986 strlen(packet_version_string) +
1987 strlen(pcap_version_string);
1988 full_pcap_version_string = malloc(full_pcap_version_string_len);
1989 if (full_pcap_version_string == NULL)
1990 return (NULL);
1991 sprintf(full_pcap_version_string,
1992 pcap_version_string_packet_dll_fmt,
1993 wpcap_version_string, packet_version_string,
1994 pcap_version_string);
1995 }
1996 }
1997 return (full_pcap_version_string);
1998 }
1999
2000 #elif defined(MSDOS)
2001
2002 static char *full_pcap_version_string;
2003
2004 const char *
pcap_lib_version(void)2005 pcap_lib_version (void)
2006 {
2007 char *packet_version_string;
2008 size_t full_pcap_version_string_len;
2009 static char dospfx[] = "DOS-";
2010
2011 if (full_pcap_version_string == NULL) {
2012 /*
2013 * Generate the version string.
2014 */
2015 full_pcap_version_string_len =
2016 sizeof dospfx + strlen(pcap_version_string);
2017 full_pcap_version_string =
2018 malloc(full_pcap_version_string_len);
2019 if (full_pcap_version_string == NULL)
2020 return (NULL);
2021 strcpy(full_pcap_version_string, dospfx);
2022 strcat(full_pcap_version_string, pcap_version_string);
2023 }
2024 return (full_pcap_version_string);
2025 }
2026
2027 #else /* UN*X */
2028
2029 const char *
pcap_lib_version(void)2030 pcap_lib_version(void)
2031 {
2032 return (pcap_version_string);
2033 }
2034 #endif
2035