1 /* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifndef lint 35 static const char rcsid[] _U_ = 36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)"; 37 #endif 38 39 #ifdef HAVE_CONFIG_H 40 #include "config.h" 41 #endif 42 43 #ifdef WIN32 44 #include <pcap-stdinc.h> 45 #else /* WIN32 */ 46 #if HAVE_INTTYPES_H 47 #include <inttypes.h> 48 #elif HAVE_STDINT_H 49 #include <stdint.h> 50 #endif 51 #ifdef HAVE_SYS_BITYPES_H 52 #include <sys/bitypes.h> 53 #endif 54 #include <sys/types.h> 55 #endif /* WIN32 */ 56 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 61 #include <unistd.h> 62 #endif 63 #include <fcntl.h> 64 #include <errno.h> 65 66 #ifdef HAVE_OS_PROTO_H 67 #include "os-proto.h" 68 #endif 69 70 #ifdef MSDOS 71 #include "pcap-dos.h" 72 #endif 73 74 #include "pcap-int.h" 75 76 #ifdef HAVE_DAG_API 77 #include <dagnew.h> 78 #include <dagapi.h> 79 #endif 80 81 int 82 pcap_not_initialized(pcap_t *pcap) 83 { 84 /* this means 'not initialized' */ 85 return (PCAP_ERROR_NOT_ACTIVATED); 86 } 87 88 /* 89 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 90 * a PCAP_ERROR value on an error. 91 */ 92 int 93 pcap_can_set_rfmon(pcap_t *p) 94 { 95 return (p->can_set_rfmon_op(p)); 96 } 97 98 /* 99 * For systems where rfmon mode is never supported. 100 */ 101 static int 102 pcap_cant_set_rfmon(pcap_t *p _U_) 103 { 104 return (0); 105 } 106 107 /* 108 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 109 * types; the return value is the number of supported time stamp types. 110 * The list should be freed by a call to pcap_free_tstamp_types() when 111 * you're done with it. 112 * 113 * A return value of 0 means "you don't get a choice of time stamp type", 114 * in which case *tstamp_typesp is set to null. 115 * 116 * PCAP_ERROR is returned on error. 117 */ 118 int 119 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 120 { 121 if (p->tstamp_type_count == 0) { 122 /* 123 * We don't support multiple time stamp types. 124 */ 125 *tstamp_typesp = NULL; 126 } else { 127 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 128 p->tstamp_type_count); 129 if (*tstamp_typesp == NULL) { 130 (void)snprintf(p->errbuf, sizeof(p->errbuf), 131 "malloc: %s", pcap_strerror(errno)); 132 return (PCAP_ERROR); 133 } 134 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 135 sizeof(**tstamp_typesp) * p->tstamp_type_count); 136 } 137 return (p->tstamp_type_count); 138 } 139 140 /* 141 * In Windows, you might have a library built with one version of the 142 * C runtime library and an application built with another version of 143 * the C runtime library, which means that the library might use one 144 * version of malloc() and free() and the application might use another 145 * version of malloc() and free(). If so, that means something 146 * allocated by the library cannot be freed by the application, so we 147 * need to have a pcap_free_tstamp_types() routine to free up the list 148 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 149 * around free(). 150 */ 151 void 152 pcap_free_tstamp_types(int *tstamp_type_list) 153 { 154 free(tstamp_type_list); 155 } 156 157 /* 158 * Default one-shot callback; overridden for capture types where the 159 * packet data cannot be guaranteed to be available after the callback 160 * returns, so that a copy must be made. 161 */ 162 static void 163 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 164 { 165 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 166 167 *sp->hdr = *h; 168 *sp->pkt = pkt; 169 } 170 171 const u_char * 172 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 173 { 174 struct oneshot_userdata s; 175 const u_char *pkt; 176 177 s.hdr = h; 178 s.pkt = &pkt; 179 s.pd = p; 180 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 181 return (0); 182 return (pkt); 183 } 184 185 int 186 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 187 const u_char **pkt_data) 188 { 189 struct oneshot_userdata s; 190 191 s.hdr = &p->pcap_header; 192 s.pkt = pkt_data; 193 s.pd = p; 194 195 /* Saves a pointer to the packet headers */ 196 *pkt_header= &p->pcap_header; 197 198 if (p->sf.rfile != NULL) { 199 int status; 200 201 /* We are on an offline capture */ 202 status = pcap_offline_read(p, 1, p->oneshot_callback, 203 (u_char *)&s); 204 205 /* 206 * Return codes for pcap_offline_read() are: 207 * - 0: EOF 208 * - -1: error 209 * - >1: OK 210 * The first one ('0') conflicts with the return code of 211 * 0 from pcap_read() meaning "no packets arrived before 212 * the timeout expired", so we map it to -2 so you can 213 * distinguish between an EOF from a savefile and a 214 * "no packets arrived before the timeout expired, try 215 * again" from a live capture. 216 */ 217 if (status == 0) 218 return (-2); 219 else 220 return (status); 221 } 222 223 /* 224 * Return codes for pcap_read() are: 225 * - 0: timeout 226 * - -1: error 227 * - -2: loop was broken out of with pcap_breakloop() 228 * - >1: OK 229 * The first one ('0') conflicts with the return code of 0 from 230 * pcap_offline_read() meaning "end of file". 231 */ 232 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 233 } 234 235 static void 236 initialize_ops(pcap_t *p) 237 { 238 /* 239 * Set operation pointers for operations that only work on 240 * an activated pcap_t to point to a routine that returns 241 * a "this isn't activated" error. 242 */ 243 p->read_op = (read_op_t)pcap_not_initialized; 244 p->inject_op = (inject_op_t)pcap_not_initialized; 245 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 246 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 247 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 248 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 249 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 250 p->stats_op = (stats_op_t)pcap_not_initialized; 251 #ifdef WIN32 252 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 253 p->setmode_op = (setmode_op_t)pcap_not_initialized; 254 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 255 #endif 256 257 /* 258 * Default cleanup operation - implementations can override 259 * this, but should call pcap_cleanup_live_common() after 260 * doing their own additional cleanup. 261 */ 262 p->cleanup_op = pcap_cleanup_live_common; 263 264 /* 265 * In most cases, the standard one-short callback can 266 * be used for pcap_next()/pcap_next_ex(). 267 */ 268 p->oneshot_callback = pcap_oneshot; 269 } 270 271 pcap_t * 272 pcap_create_common(const char *source, char *ebuf) 273 { 274 pcap_t *p; 275 276 p = malloc(sizeof(*p)); 277 if (p == NULL) { 278 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 279 pcap_strerror(errno)); 280 return (NULL); 281 } 282 memset(p, 0, sizeof(*p)); 283 #ifndef WIN32 284 p->fd = -1; /* not opened yet */ 285 p->selectable_fd = -1; 286 p->send_fd = -1; 287 #endif 288 289 p->opt.source = strdup(source); 290 if (p->opt.source == NULL) { 291 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 292 pcap_strerror(errno)); 293 free(p); 294 return (NULL); 295 } 296 297 /* 298 * Default to "can't set rfmon mode"; if it's supported by 299 * a platform, the create routine that called us can set 300 * the op to its routine to check whether a particular 301 * device supports it. 302 */ 303 p->can_set_rfmon_op = pcap_cant_set_rfmon; 304 305 initialize_ops(p); 306 307 /* put in some defaults*/ 308 pcap_set_timeout(p, 0); 309 pcap_set_snaplen(p, 65535); /* max packet size */ 310 p->opt.promisc = 0; 311 p->opt.buffer_size = 0; 312 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 313 return (p); 314 } 315 316 int 317 pcap_check_activated(pcap_t *p) 318 { 319 if (p->activated) { 320 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 321 " operation on activated capture"); 322 return (-1); 323 } 324 return (0); 325 } 326 327 int 328 pcap_set_snaplen(pcap_t *p, int snaplen) 329 { 330 if (pcap_check_activated(p)) 331 return (PCAP_ERROR_ACTIVATED); 332 p->snapshot = snaplen; 333 return (0); 334 } 335 336 int 337 pcap_set_promisc(pcap_t *p, int promisc) 338 { 339 if (pcap_check_activated(p)) 340 return (PCAP_ERROR_ACTIVATED); 341 p->opt.promisc = promisc; 342 return (0); 343 } 344 345 int 346 pcap_set_rfmon(pcap_t *p, int rfmon) 347 { 348 if (pcap_check_activated(p)) 349 return (PCAP_ERROR_ACTIVATED); 350 p->opt.rfmon = rfmon; 351 return (0); 352 } 353 354 int 355 pcap_set_timeout(pcap_t *p, int timeout_ms) 356 { 357 if (pcap_check_activated(p)) 358 return (PCAP_ERROR_ACTIVATED); 359 p->md.timeout = timeout_ms; 360 return (0); 361 } 362 363 int 364 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 365 { 366 int i; 367 368 if (pcap_check_activated(p)) 369 return (PCAP_ERROR_ACTIVATED); 370 371 /* 372 * If p->tstamp_type_count is 0, we don't support setting 373 * the time stamp type at all. 374 */ 375 if (p->tstamp_type_count == 0) 376 return (PCAP_ERROR_CANTSET_TSTAMP_TYPE); 377 378 /* 379 * Check whether we claim to support this type of time stamp. 380 */ 381 for (i = 0; i < p->tstamp_type_count; i++) { 382 if (p->tstamp_type_list[i] == tstamp_type) { 383 /* 384 * Yes. 385 */ 386 p->opt.tstamp_type = tstamp_type; 387 return (0); 388 } 389 } 390 391 /* 392 * No. We support setting the time stamp type, but not to this 393 * particular value. 394 */ 395 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 396 } 397 398 int 399 pcap_set_buffer_size(pcap_t *p, int buffer_size) 400 { 401 if (pcap_check_activated(p)) 402 return (PCAP_ERROR_ACTIVATED); 403 p->opt.buffer_size = buffer_size; 404 return (0); 405 } 406 407 int 408 pcap_activate(pcap_t *p) 409 { 410 int status; 411 412 /* 413 * Catch attempts to re-activate an already-activated 414 * pcap_t; this should, for example, catch code that 415 * calls pcap_open_live() followed by pcap_activate(), 416 * as some code that showed up in a Stack Exchange 417 * question did. 418 */ 419 if (pcap_check_activated(p)) 420 return (PCAP_ERROR_ACTIVATED); 421 status = p->activate_op(p); 422 if (status >= 0) 423 p->activated = 1; 424 else { 425 if (p->errbuf[0] == '\0') { 426 /* 427 * No error message supplied by the activate routine; 428 * for the benefit of programs that don't specially 429 * handle errors other than PCAP_ERROR, return the 430 * error message corresponding to the status. 431 */ 432 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 433 pcap_statustostr(status)); 434 } 435 436 /* 437 * Undo any operation pointer setting, etc. done by 438 * the activate operation. 439 */ 440 initialize_ops(p); 441 } 442 return (status); 443 } 444 445 pcap_t * 446 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf) 447 { 448 pcap_t *p; 449 int status; 450 451 p = pcap_create(source, errbuf); 452 if (p == NULL) 453 return (NULL); 454 status = pcap_set_snaplen(p, snaplen); 455 if (status < 0) 456 goto fail; 457 status = pcap_set_promisc(p, promisc); 458 if (status < 0) 459 goto fail; 460 status = pcap_set_timeout(p, to_ms); 461 if (status < 0) 462 goto fail; 463 /* 464 * Mark this as opened with pcap_open_live(), so that, for 465 * example, we show the full list of DLT_ values, rather 466 * than just the ones that are compatible with capturing 467 * when not in monitor mode. That allows existing applications 468 * to work the way they used to work, but allows new applications 469 * that know about the new open API to, for example, find out the 470 * DLT_ values that they can select without changing whether 471 * the adapter is in monitor mode or not. 472 */ 473 p->oldstyle = 1; 474 status = pcap_activate(p); 475 if (status < 0) 476 goto fail; 477 return (p); 478 fail: 479 if (status == PCAP_ERROR) 480 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 481 p->errbuf); 482 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 483 status == PCAP_ERROR_PERM_DENIED || 484 status == PCAP_ERROR_PROMISC_PERM_DENIED) 485 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, 486 pcap_statustostr(status), p->errbuf); 487 else 488 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 489 pcap_statustostr(status)); 490 pcap_close(p); 491 return (NULL); 492 } 493 494 int 495 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 496 { 497 return (p->read_op(p, cnt, callback, user)); 498 } 499 500 /* 501 * XXX - is this necessary? 502 */ 503 int 504 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 505 { 506 507 return (p->read_op(p, cnt, callback, user)); 508 } 509 510 int 511 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 512 { 513 register int n; 514 515 for (;;) { 516 if (p->sf.rfile != NULL) { 517 /* 518 * 0 means EOF, so don't loop if we get 0. 519 */ 520 n = pcap_offline_read(p, cnt, callback, user); 521 } else { 522 /* 523 * XXX keep reading until we get something 524 * (or an error occurs) 525 */ 526 do { 527 n = p->read_op(p, cnt, callback, user); 528 } while (n == 0); 529 } 530 if (n <= 0) 531 return (n); 532 if (cnt > 0) { 533 cnt -= n; 534 if (cnt <= 0) 535 return (0); 536 } 537 } 538 } 539 540 /* 541 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 542 */ 543 void 544 pcap_breakloop(pcap_t *p) 545 { 546 p->break_loop = 1; 547 } 548 549 int 550 pcap_datalink(pcap_t *p) 551 { 552 return (p->linktype); 553 } 554 555 int 556 pcap_datalink_ext(pcap_t *p) 557 { 558 return (p->linktype_ext); 559 } 560 561 int 562 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 563 { 564 if (p->dlt_count == 0) { 565 /* 566 * We couldn't fetch the list of DLTs, which means 567 * this platform doesn't support changing the 568 * DLT for an interface. Return a list of DLTs 569 * containing only the DLT this device supports. 570 */ 571 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 572 if (*dlt_buffer == NULL) { 573 (void)snprintf(p->errbuf, sizeof(p->errbuf), 574 "malloc: %s", pcap_strerror(errno)); 575 return (-1); 576 } 577 **dlt_buffer = p->linktype; 578 return (1); 579 } else { 580 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 581 if (*dlt_buffer == NULL) { 582 (void)snprintf(p->errbuf, sizeof(p->errbuf), 583 "malloc: %s", pcap_strerror(errno)); 584 return (-1); 585 } 586 (void)memcpy(*dlt_buffer, p->dlt_list, 587 sizeof(**dlt_buffer) * p->dlt_count); 588 return (p->dlt_count); 589 } 590 } 591 592 /* 593 * In Windows, you might have a library built with one version of the 594 * C runtime library and an application built with another version of 595 * the C runtime library, which means that the library might use one 596 * version of malloc() and free() and the application might use another 597 * version of malloc() and free(). If so, that means something 598 * allocated by the library cannot be freed by the application, so we 599 * need to have a pcap_free_datalinks() routine to free up the list 600 * allocated by pcap_list_datalinks(), even though it's just a wrapper 601 * around free(). 602 */ 603 void 604 pcap_free_datalinks(int *dlt_list) 605 { 606 free(dlt_list); 607 } 608 609 int 610 pcap_set_datalink(pcap_t *p, int dlt) 611 { 612 int i; 613 const char *dlt_name; 614 615 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 616 /* 617 * We couldn't fetch the list of DLTs, or we don't 618 * have a "set datalink" operation, which means 619 * this platform doesn't support changing the 620 * DLT for an interface. Check whether the new 621 * DLT is the one this interface supports. 622 */ 623 if (p->linktype != dlt) 624 goto unsupported; 625 626 /* 627 * It is, so there's nothing we need to do here. 628 */ 629 return (0); 630 } 631 for (i = 0; i < p->dlt_count; i++) 632 if (p->dlt_list[i] == dlt) 633 break; 634 if (i >= p->dlt_count) 635 goto unsupported; 636 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 637 dlt == DLT_DOCSIS) { 638 /* 639 * This is presumably an Ethernet device, as the first 640 * link-layer type it offers is DLT_EN10MB, and the only 641 * other type it offers is DLT_DOCSIS. That means that 642 * we can't tell the driver to supply DOCSIS link-layer 643 * headers - we're just pretending that's what we're 644 * getting, as, presumably, we're capturing on a dedicated 645 * link to a Cisco Cable Modem Termination System, and 646 * it's putting raw DOCSIS frames on the wire inside low-level 647 * Ethernet framing. 648 */ 649 p->linktype = dlt; 650 return (0); 651 } 652 if (p->set_datalink_op(p, dlt) == -1) 653 return (-1); 654 p->linktype = dlt; 655 return (0); 656 657 unsupported: 658 dlt_name = pcap_datalink_val_to_name(dlt); 659 if (dlt_name != NULL) { 660 (void) snprintf(p->errbuf, sizeof(p->errbuf), 661 "%s is not one of the DLTs supported by this device", 662 dlt_name); 663 } else { 664 (void) snprintf(p->errbuf, sizeof(p->errbuf), 665 "DLT %d is not one of the DLTs supported by this device", 666 dlt); 667 } 668 return (-1); 669 } 670 671 /* 672 * This array is designed for mapping upper and lower case letter 673 * together for a case independent comparison. The mappings are 674 * based upon ascii character sequences. 675 */ 676 static const u_char charmap[] = { 677 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 678 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 679 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 680 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 681 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 682 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 683 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 684 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 685 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 686 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 687 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 688 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 689 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 690 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 691 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 692 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 693 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 694 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 695 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 696 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 697 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 698 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 699 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 700 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 701 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 702 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 703 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 704 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 705 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 706 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 707 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 708 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 709 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 710 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 711 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 712 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 713 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 714 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 715 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 716 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 717 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 718 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 719 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 720 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 721 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 722 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 723 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 724 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 725 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 726 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 727 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 728 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 729 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 730 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 731 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 732 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 733 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 734 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 735 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 736 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 737 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 738 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 739 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 740 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 741 }; 742 743 int 744 pcap_strcasecmp(const char *s1, const char *s2) 745 { 746 register const u_char *cm = charmap, 747 *us1 = (const u_char *)s1, 748 *us2 = (const u_char *)s2; 749 750 while (cm[*us1] == cm[*us2++]) 751 if (*us1++ == '\0') 752 return(0); 753 return (cm[*us1] - cm[*--us2]); 754 } 755 756 struct dlt_choice { 757 const char *name; 758 const char *description; 759 int dlt; 760 }; 761 762 #define DLT_CHOICE(code, description) { #code, description, code } 763 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 764 765 static struct dlt_choice dlt_choices[] = { 766 DLT_CHOICE(DLT_NULL, "BSD loopback"), 767 DLT_CHOICE(DLT_EN10MB, "Ethernet"), 768 DLT_CHOICE(DLT_IEEE802, "Token ring"), 769 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"), 770 DLT_CHOICE(DLT_SLIP, "SLIP"), 771 DLT_CHOICE(DLT_PPP, "PPP"), 772 DLT_CHOICE(DLT_FDDI, "FDDI"), 773 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 774 DLT_CHOICE(DLT_RAW, "Raw IP"), 775 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), 776 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), 777 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), 778 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), 779 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), 780 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"), 781 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), 782 DLT_CHOICE(DLT_IEEE802_11, "802.11"), 783 DLT_CHOICE(DLT_FRELAY, "Frame Relay"), 784 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), 785 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), 786 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), 787 DLT_CHOICE(DLT_LTALK, "Localtalk"), 788 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"), 789 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), 790 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 791 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), 792 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"), 793 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), 794 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 795 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 796 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"), 797 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"), 798 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 799 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"), 800 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 801 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"), 802 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 803 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 804 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"), 805 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"), 806 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"), 807 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"), 808 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), 809 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 810 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 811 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"), 812 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"), 813 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 814 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"), 815 DLT_CHOICE(DLT_GPF_T, "GPF-T"), 816 DLT_CHOICE(DLT_GPF_F, "GPF-F"), 817 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"), 818 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"), 819 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"), 820 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"), 821 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"), 822 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"), 823 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"), 824 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"), 825 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"), 826 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"), 827 DLT_CHOICE(DLT_A429, "Arinc 429"), 828 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"), 829 DLT_CHOICE(DLT_USB, "USB"), 830 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 831 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 832 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"), 833 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"), 834 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 835 DLT_CHOICE(DLT_PPI, "Per-Packet Information"), 836 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 837 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"), 838 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"), 839 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"), 840 DLT_CHOICE(DLT_ERF, "Endace ERF header"), 841 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"), 842 DLT_CHOICE(DLT_IPMB, "IPMB"), 843 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"), 844 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 845 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"), 846 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 847 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"), 848 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"), 849 DLT_CHOICE(DLT_DECT, "DECT"), 850 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"), 851 DLT_CHOICE(DLT_WIHART, "Wireless HART"), 852 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"), 853 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 854 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"), 855 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 856 DLT_CHOICE(DLT_IPV4, "Raw IPv4"), 857 DLT_CHOICE(DLT_IPV6, "Raw IPv6"), 858 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 859 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"), 860 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"), 861 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 862 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"), 863 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 864 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"), 865 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 866 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 867 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"), 868 DLT_CHOICE_SENTINEL 869 }; 870 871 int 872 pcap_datalink_name_to_val(const char *name) 873 { 874 int i; 875 876 for (i = 0; dlt_choices[i].name != NULL; i++) { 877 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, 878 name) == 0) 879 return (dlt_choices[i].dlt); 880 } 881 return (-1); 882 } 883 884 const char * 885 pcap_datalink_val_to_name(int dlt) 886 { 887 int i; 888 889 for (i = 0; dlt_choices[i].name != NULL; i++) { 890 if (dlt_choices[i].dlt == dlt) 891 return (dlt_choices[i].name + sizeof("DLT_") - 1); 892 } 893 return (NULL); 894 } 895 896 const char * 897 pcap_datalink_val_to_description(int dlt) 898 { 899 int i; 900 901 for (i = 0; dlt_choices[i].name != NULL; i++) { 902 if (dlt_choices[i].dlt == dlt) 903 return (dlt_choices[i].description); 904 } 905 return (NULL); 906 } 907 908 struct tstamp_type_choice { 909 const char *name; 910 const char *description; 911 int type; 912 }; 913 914 static struct tstamp_type_choice tstamp_type_choices[] = { 915 { "host", "Host", PCAP_TSTAMP_HOST }, 916 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 917 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 918 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 919 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 920 { NULL, NULL, 0 } 921 }; 922 923 int 924 pcap_tstamp_type_name_to_val(const char *name) 925 { 926 int i; 927 928 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 929 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 930 return (tstamp_type_choices[i].type); 931 } 932 return (PCAP_ERROR); 933 } 934 935 const char * 936 pcap_tstamp_type_val_to_name(int tstamp_type) 937 { 938 int i; 939 940 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 941 if (tstamp_type_choices[i].type == tstamp_type) 942 return (tstamp_type_choices[i].name); 943 } 944 return (NULL); 945 } 946 947 const char * 948 pcap_tstamp_type_val_to_description(int tstamp_type) 949 { 950 int i; 951 952 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 953 if (tstamp_type_choices[i].type == tstamp_type) 954 return (tstamp_type_choices[i].description); 955 } 956 return (NULL); 957 } 958 959 int 960 pcap_snapshot(pcap_t *p) 961 { 962 return (p->snapshot); 963 } 964 965 int 966 pcap_is_swapped(pcap_t *p) 967 { 968 return (p->sf.swapped); 969 } 970 971 int 972 pcap_major_version(pcap_t *p) 973 { 974 return (p->sf.version_major); 975 } 976 977 int 978 pcap_minor_version(pcap_t *p) 979 { 980 return (p->sf.version_minor); 981 } 982 983 FILE * 984 pcap_file(pcap_t *p) 985 { 986 return (p->sf.rfile); 987 } 988 989 int 990 pcap_fileno(pcap_t *p) 991 { 992 #ifndef WIN32 993 return (p->fd); 994 #else 995 if (p->adapter != NULL) 996 return ((int)(DWORD)p->adapter->hFile); 997 else 998 return (-1); 999 #endif 1000 } 1001 1002 #if !defined(WIN32) && !defined(MSDOS) 1003 int 1004 pcap_get_selectable_fd(pcap_t *p) 1005 { 1006 return (p->selectable_fd); 1007 } 1008 #endif 1009 1010 void 1011 pcap_perror(pcap_t *p, char *prefix) 1012 { 1013 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1014 } 1015 1016 char * 1017 pcap_geterr(pcap_t *p) 1018 { 1019 return (p->errbuf); 1020 } 1021 1022 int 1023 pcap_getnonblock(pcap_t *p, char *errbuf) 1024 { 1025 return (p->getnonblock_op(p, errbuf)); 1026 } 1027 1028 /* 1029 * Get the current non-blocking mode setting, under the assumption that 1030 * it's just the standard POSIX non-blocking flag. 1031 * 1032 * We don't look at "p->nonblock", in case somebody tweaked the FD 1033 * directly. 1034 */ 1035 #if !defined(WIN32) && !defined(MSDOS) 1036 int 1037 pcap_getnonblock_fd(pcap_t *p, char *errbuf) 1038 { 1039 int fdflags; 1040 1041 fdflags = fcntl(p->fd, F_GETFL, 0); 1042 if (fdflags == -1) { 1043 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1044 pcap_strerror(errno)); 1045 return (-1); 1046 } 1047 if (fdflags & O_NONBLOCK) 1048 return (1); 1049 else 1050 return (0); 1051 } 1052 #endif 1053 1054 int 1055 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 1056 { 1057 return (p->setnonblock_op(p, nonblock, errbuf)); 1058 } 1059 1060 #if !defined(WIN32) && !defined(MSDOS) 1061 /* 1062 * Set non-blocking mode, under the assumption that it's just the 1063 * standard POSIX non-blocking flag. (This can be called by the 1064 * per-platform non-blocking-mode routine if that routine also 1065 * needs to do some additional work.) 1066 */ 1067 int 1068 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf) 1069 { 1070 int fdflags; 1071 1072 fdflags = fcntl(p->fd, F_GETFL, 0); 1073 if (fdflags == -1) { 1074 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1075 pcap_strerror(errno)); 1076 return (-1); 1077 } 1078 if (nonblock) 1079 fdflags |= O_NONBLOCK; 1080 else 1081 fdflags &= ~O_NONBLOCK; 1082 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1083 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1084 pcap_strerror(errno)); 1085 return (-1); 1086 } 1087 return (0); 1088 } 1089 #endif 1090 1091 #ifdef WIN32 1092 /* 1093 * Generate a string for the last Win32-specific error (i.e. an error generated when 1094 * calling a Win32 API). 1095 * For errors occurred during standard C calls, we still use pcap_strerror() 1096 */ 1097 char * 1098 pcap_win32strerror(void) 1099 { 1100 DWORD error; 1101 static char errbuf[PCAP_ERRBUF_SIZE+1]; 1102 int errlen; 1103 char *p; 1104 1105 error = GetLastError(); 1106 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1107 PCAP_ERRBUF_SIZE, NULL); 1108 1109 /* 1110 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1111 * message. Get rid of it. 1112 */ 1113 errlen = strlen(errbuf); 1114 if (errlen >= 2) { 1115 errbuf[errlen - 1] = '\0'; 1116 errbuf[errlen - 2] = '\0'; 1117 } 1118 p = strchr(errbuf, '\0'); 1119 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error); 1120 return (errbuf); 1121 } 1122 #endif 1123 1124 /* 1125 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1126 */ 1127 const char * 1128 pcap_statustostr(int errnum) 1129 { 1130 static char ebuf[15+10+1]; 1131 1132 switch (errnum) { 1133 1134 case PCAP_WARNING: 1135 return("Generic warning"); 1136 1137 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1138 return ("That type of time stamp is not supported by that device"); 1139 1140 case PCAP_WARNING_PROMISC_NOTSUP: 1141 return ("That device doesn't support promiscuous mode"); 1142 1143 case PCAP_ERROR: 1144 return("Generic error"); 1145 1146 case PCAP_ERROR_BREAK: 1147 return("Loop terminated by pcap_breakloop"); 1148 1149 case PCAP_ERROR_NOT_ACTIVATED: 1150 return("The pcap_t has not been activated"); 1151 1152 case PCAP_ERROR_ACTIVATED: 1153 return ("The setting can't be changed after the pcap_t is activated"); 1154 1155 case PCAP_ERROR_NO_SUCH_DEVICE: 1156 return ("No such device exists"); 1157 1158 case PCAP_ERROR_RFMON_NOTSUP: 1159 return ("That device doesn't support monitor mode"); 1160 1161 case PCAP_ERROR_NOT_RFMON: 1162 return ("That operation is supported only in monitor mode"); 1163 1164 case PCAP_ERROR_PERM_DENIED: 1165 return ("You don't have permission to capture on that device"); 1166 1167 case PCAP_ERROR_IFACE_NOT_UP: 1168 return ("That device is not up"); 1169 1170 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1171 return ("That device doesn't support setting the time stamp type"); 1172 1173 case PCAP_ERROR_PROMISC_PERM_DENIED: 1174 return ("You don't have permission to capture in promiscuous mode on that device"); 1175 } 1176 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1177 return(ebuf); 1178 } 1179 1180 /* 1181 * Not all systems have strerror(). 1182 */ 1183 const char * 1184 pcap_strerror(int errnum) 1185 { 1186 #ifdef HAVE_STRERROR 1187 return (strerror(errnum)); 1188 #else 1189 extern int sys_nerr; 1190 extern const char *const sys_errlist[]; 1191 static char ebuf[15+10+1]; 1192 1193 if ((unsigned int)errnum < sys_nerr) 1194 return ((char *)sys_errlist[errnum]); 1195 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1196 return(ebuf); 1197 #endif 1198 } 1199 1200 int 1201 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 1202 { 1203 return (p->setfilter_op(p, fp)); 1204 } 1205 1206 /* 1207 * Set direction flag, which controls whether we accept only incoming 1208 * packets, only outgoing packets, or both. 1209 * Note that, depending on the platform, some or all direction arguments 1210 * might not be supported. 1211 */ 1212 int 1213 pcap_setdirection(pcap_t *p, pcap_direction_t d) 1214 { 1215 if (p->setdirection_op == NULL) { 1216 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1217 "Setting direction is not implemented on this platform"); 1218 return (-1); 1219 } else 1220 return (p->setdirection_op(p, d)); 1221 } 1222 1223 int 1224 pcap_stats(pcap_t *p, struct pcap_stat *ps) 1225 { 1226 return (p->stats_op(p, ps)); 1227 } 1228 1229 static int 1230 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 1231 { 1232 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1233 "Statistics aren't available from a pcap_open_dead pcap_t"); 1234 return (-1); 1235 } 1236 1237 #ifdef WIN32 1238 int 1239 pcap_setbuff(pcap_t *p, int dim) 1240 { 1241 return (p->setbuff_op(p, dim)); 1242 } 1243 1244 static int 1245 pcap_setbuff_dead(pcap_t *p, int dim) 1246 { 1247 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1248 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1249 return (-1); 1250 } 1251 1252 int 1253 pcap_setmode(pcap_t *p, int mode) 1254 { 1255 return (p->setmode_op(p, mode)); 1256 } 1257 1258 static int 1259 pcap_setmode_dead(pcap_t *p, int mode) 1260 { 1261 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1262 "impossible to set mode on a pcap_open_dead pcap_t"); 1263 return (-1); 1264 } 1265 1266 int 1267 pcap_setmintocopy(pcap_t *p, int size) 1268 { 1269 return (p->setmintocopy_op(p, size)); 1270 } 1271 1272 static int 1273 pcap_setmintocopy_dead(pcap_t *p, int size) 1274 { 1275 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1276 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1277 return (-1); 1278 } 1279 #endif 1280 1281 /* 1282 * On some platforms, we need to clean up promiscuous or monitor mode 1283 * when we close a device - and we want that to happen even if the 1284 * application just exits without explicitl closing devices. 1285 * On those platforms, we need to register a "close all the pcaps" 1286 * routine to be called when we exit, and need to maintain a list of 1287 * pcaps that need to be closed to clean up modes. 1288 * 1289 * XXX - not thread-safe. 1290 */ 1291 1292 /* 1293 * List of pcaps on which we've done something that needs to be 1294 * cleaned up. 1295 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1296 * when we exit, and have it close all of them. 1297 */ 1298 static struct pcap *pcaps_to_close; 1299 1300 /* 1301 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1302 * be called on exit. 1303 */ 1304 static int did_atexit; 1305 1306 static void 1307 pcap_close_all(void) 1308 { 1309 struct pcap *handle; 1310 1311 while ((handle = pcaps_to_close) != NULL) 1312 pcap_close(handle); 1313 } 1314 1315 int 1316 pcap_do_addexit(pcap_t *p) 1317 { 1318 /* 1319 * If we haven't already done so, arrange to have 1320 * "pcap_close_all()" called when we exit. 1321 */ 1322 if (!did_atexit) { 1323 if (atexit(pcap_close_all) == -1) { 1324 /* 1325 * "atexit()" failed; let our caller know. 1326 */ 1327 strncpy(p->errbuf, "atexit failed", 1328 PCAP_ERRBUF_SIZE); 1329 return (0); 1330 } 1331 did_atexit = 1; 1332 } 1333 return (1); 1334 } 1335 1336 void 1337 pcap_add_to_pcaps_to_close(pcap_t *p) 1338 { 1339 p->md.next = pcaps_to_close; 1340 pcaps_to_close = p; 1341 } 1342 1343 void 1344 pcap_remove_from_pcaps_to_close(pcap_t *p) 1345 { 1346 pcap_t *pc, *prevpc; 1347 1348 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1349 prevpc = pc, pc = pc->md.next) { 1350 if (pc == p) { 1351 /* 1352 * Found it. Remove it from the list. 1353 */ 1354 if (prevpc == NULL) { 1355 /* 1356 * It was at the head of the list. 1357 */ 1358 pcaps_to_close = pc->md.next; 1359 } else { 1360 /* 1361 * It was in the middle of the list. 1362 */ 1363 prevpc->md.next = pc->md.next; 1364 } 1365 break; 1366 } 1367 } 1368 } 1369 1370 void 1371 pcap_cleanup_live_common(pcap_t *p) 1372 { 1373 if (p->buffer != NULL) { 1374 free(p->buffer); 1375 p->buffer = NULL; 1376 } 1377 if (p->dlt_list != NULL) { 1378 free(p->dlt_list); 1379 p->dlt_list = NULL; 1380 p->dlt_count = 0; 1381 } 1382 if (p->tstamp_type_list != NULL) { 1383 free(p->tstamp_type_list); 1384 p->tstamp_type_list = NULL; 1385 p->tstamp_type_count = 0; 1386 } 1387 pcap_freecode(&p->fcode); 1388 #if !defined(WIN32) && !defined(MSDOS) 1389 if (p->fd >= 0) { 1390 close(p->fd); 1391 p->fd = -1; 1392 } 1393 p->selectable_fd = -1; 1394 p->send_fd = -1; 1395 #endif 1396 } 1397 1398 static void 1399 pcap_cleanup_dead(pcap_t *p _U_) 1400 { 1401 /* Nothing to do. */ 1402 } 1403 1404 pcap_t * 1405 pcap_open_dead(int linktype, int snaplen) 1406 { 1407 pcap_t *p; 1408 1409 p = malloc(sizeof(*p)); 1410 if (p == NULL) 1411 return NULL; 1412 memset (p, 0, sizeof(*p)); 1413 p->snapshot = snaplen; 1414 p->linktype = linktype; 1415 p->stats_op = pcap_stats_dead; 1416 #ifdef WIN32 1417 p->setbuff_op = pcap_setbuff_dead; 1418 p->setmode_op = pcap_setmode_dead; 1419 p->setmintocopy_op = pcap_setmintocopy_dead; 1420 #endif 1421 p->cleanup_op = pcap_cleanup_dead; 1422 p->activated = 1; 1423 return (p); 1424 } 1425 1426 /* 1427 * API compatible with WinPcap's "send a packet" routine - returns -1 1428 * on error, 0 otherwise. 1429 * 1430 * XXX - what if we get a short write? 1431 */ 1432 int 1433 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 1434 { 1435 if (p->inject_op(p, buf, size) == -1) 1436 return (-1); 1437 return (0); 1438 } 1439 1440 /* 1441 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 1442 * error, number of bytes written otherwise. 1443 */ 1444 int 1445 pcap_inject(pcap_t *p, const void *buf, size_t size) 1446 { 1447 return (p->inject_op(p, buf, size)); 1448 } 1449 1450 void 1451 pcap_close(pcap_t *p) 1452 { 1453 if (p->opt.source != NULL) 1454 free(p->opt.source); 1455 p->cleanup_op(p); 1456 free(p); 1457 } 1458 1459 /* 1460 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 1461 * data for the packet, check whether the packet passes the filter. 1462 * Returns the return value of the filter program, which will be zero if 1463 * the packet doesn't pass and non-zero if the packet does pass. 1464 */ 1465 int 1466 pcap_offline_filter(struct bpf_program *fp, const struct pcap_pkthdr *h, 1467 const u_char *pkt) 1468 { 1469 struct bpf_insn *fcode = fp->bf_insns; 1470 1471 if (fcode != NULL) 1472 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 1473 else 1474 return (0); 1475 } 1476 1477 /* 1478 * We make the version string static, and return a pointer to it, rather 1479 * than exporting the version string directly. On at least some UNIXes, 1480 * if you import data from a shared library into an program, the data is 1481 * bound into the program binary, so if the string in the version of the 1482 * library with which the program was linked isn't the same as the 1483 * string in the version of the library with which the program is being 1484 * run, various undesirable things may happen (warnings, the string 1485 * being the one from the version of the library with which the program 1486 * was linked, or even weirder things, such as the string being the one 1487 * from the library but being truncated). 1488 */ 1489 #ifdef HAVE_VERSION_H 1490 #include "version.h" 1491 #else 1492 static const char pcap_version_string[] = "libpcap version 1.x.y"; 1493 #endif 1494 1495 #ifdef WIN32 1496 /* 1497 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap 1498 * version numbers when building WinPcap. (It'd be nice to do so for 1499 * the packet.dll version number as well.) 1500 */ 1501 static const char wpcap_version_string[] = "4.0"; 1502 static const char pcap_version_string_fmt[] = 1503 "WinPcap version %s, based on %s"; 1504 static const char pcap_version_string_packet_dll_fmt[] = 1505 "WinPcap version %s (packet.dll version %s), based on %s"; 1506 static char *full_pcap_version_string; 1507 1508 const char * 1509 pcap_lib_version(void) 1510 { 1511 char *packet_version_string; 1512 size_t full_pcap_version_string_len; 1513 1514 if (full_pcap_version_string == NULL) { 1515 /* 1516 * Generate the version string. 1517 */ 1518 packet_version_string = PacketGetVersion(); 1519 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 1520 /* 1521 * WinPcap version string and packet.dll version 1522 * string are the same; just report the WinPcap 1523 * version. 1524 */ 1525 full_pcap_version_string_len = 1526 (sizeof pcap_version_string_fmt - 4) + 1527 strlen(wpcap_version_string) + 1528 strlen(pcap_version_string); 1529 full_pcap_version_string = 1530 malloc(full_pcap_version_string_len); 1531 sprintf(full_pcap_version_string, 1532 pcap_version_string_fmt, wpcap_version_string, 1533 pcap_version_string); 1534 } else { 1535 /* 1536 * WinPcap version string and packet.dll version 1537 * string are different; that shouldn't be the 1538 * case (the two libraries should come from the 1539 * same version of WinPcap), so we report both 1540 * versions. 1541 */ 1542 full_pcap_version_string_len = 1543 (sizeof pcap_version_string_packet_dll_fmt - 6) + 1544 strlen(wpcap_version_string) + 1545 strlen(packet_version_string) + 1546 strlen(pcap_version_string); 1547 full_pcap_version_string = malloc(full_pcap_version_string_len); 1548 1549 sprintf(full_pcap_version_string, 1550 pcap_version_string_packet_dll_fmt, 1551 wpcap_version_string, packet_version_string, 1552 pcap_version_string); 1553 } 1554 } 1555 return (full_pcap_version_string); 1556 } 1557 1558 #elif defined(MSDOS) 1559 1560 static char *full_pcap_version_string; 1561 1562 const char * 1563 pcap_lib_version (void) 1564 { 1565 char *packet_version_string; 1566 size_t full_pcap_version_string_len; 1567 static char dospfx[] = "DOS-"; 1568 1569 if (full_pcap_version_string == NULL) { 1570 /* 1571 * Generate the version string. 1572 */ 1573 full_pcap_version_string_len = 1574 sizeof dospfx + strlen(pcap_version_string); 1575 full_pcap_version_string = 1576 malloc(full_pcap_version_string_len); 1577 strcpy(full_pcap_version_string, dospfx); 1578 strcat(full_pcap_version_string, pcap_version_string); 1579 } 1580 return (full_pcap_version_string); 1581 } 1582 1583 #else /* UN*X */ 1584 1585 const char * 1586 pcap_lib_version(void) 1587 { 1588 return (pcap_version_string); 1589 } 1590 #endif 1591