1 /* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifdef HAVE_CONFIG_H 35 #include "config.h" 36 #endif 37 38 #ifdef _WIN32 39 #include <pcap-stdinc.h> 40 #else /* _WIN32 */ 41 #if HAVE_INTTYPES_H 42 #include <inttypes.h> 43 #elif HAVE_STDINT_H 44 #include <stdint.h> 45 #endif 46 #ifdef HAVE_SYS_BITYPES_H 47 #include <sys/bitypes.h> 48 #endif 49 #include <sys/types.h> 50 #endif /* _WIN32 */ 51 52 #include <stdio.h> 53 #include <stdlib.h> 54 #include <string.h> 55 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 56 #include <unistd.h> 57 #endif 58 #include <fcntl.h> 59 #include <errno.h> 60 61 #ifdef HAVE_OS_PROTO_H 62 #include "os-proto.h" 63 #endif 64 65 #ifdef MSDOS 66 #include "pcap-dos.h" 67 #endif 68 69 #include "pcap-int.h" 70 71 #ifdef HAVE_DAG_API 72 #include "pcap-dag.h" 73 #endif /* HAVE_DAG_API */ 74 75 #ifdef HAVE_SEPTEL_API 76 #include "pcap-septel.h" 77 #endif /* HAVE_SEPTEL_API */ 78 79 #ifdef HAVE_SNF_API 80 #include "pcap-snf.h" 81 #endif /* HAVE_SNF_API */ 82 83 #ifdef HAVE_TC_API 84 #include "pcap-tc.h" 85 #endif /* HAVE_TC_API */ 86 87 #ifdef PCAP_SUPPORT_USB 88 #include "pcap-usb-linux.h" 89 #endif 90 91 #ifdef PCAP_SUPPORT_BT 92 #include "pcap-bt-linux.h" 93 #endif 94 95 #ifdef PCAP_SUPPORT_BT_MONITOR 96 #include "pcap-bt-monitor-linux.h" 97 #endif 98 99 #ifdef PCAP_SUPPORT_NETFILTER 100 #include "pcap-netfilter-linux.h" 101 #endif 102 103 #ifdef PCAP_SUPPORT_DBUS 104 #include "pcap-dbus.h" 105 #endif 106 107 static int 108 pcap_not_initialized(pcap_t *pcap) 109 { 110 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */ 111 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 112 "This handle hasn't been activated yet"); 113 /* this means 'not initialized' */ 114 return (PCAP_ERROR_NOT_ACTIVATED); 115 } 116 117 #ifdef _WIN32 118 static void * 119 pcap_not_initialized_ptr(pcap_t *pcap) 120 { 121 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 122 "This handle hasn't been activated yet"); 123 return (NULL); 124 } 125 126 static HANDLE 127 pcap_getevent_not_initialized(pcap_t *pcap) 128 { 129 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 130 "This handle hasn't been activated yet"); 131 return (INVALID_HANDLE_VALUE); 132 } 133 134 static u_int 135 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue, int sync) 136 { 137 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 138 "This handle hasn't been activated yet"); 139 return (0); 140 } 141 142 static PAirpcapHandle 143 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap) 144 { 145 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 146 "This handle hasn't been activated yet"); 147 return (NULL); 148 } 149 #endif 150 151 /* 152 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 153 * a PCAP_ERROR value on an error. 154 */ 155 int 156 pcap_can_set_rfmon(pcap_t *p) 157 { 158 return (p->can_set_rfmon_op(p)); 159 } 160 161 /* 162 * For systems where rfmon mode is never supported. 163 */ 164 static int 165 pcap_cant_set_rfmon(pcap_t *p _U_) 166 { 167 return (0); 168 } 169 170 /* 171 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 172 * types; the return value is the number of supported time stamp types. 173 * The list should be freed by a call to pcap_free_tstamp_types() when 174 * you're done with it. 175 * 176 * A return value of 0 means "you don't get a choice of time stamp type", 177 * in which case *tstamp_typesp is set to null. 178 * 179 * PCAP_ERROR is returned on error. 180 */ 181 int 182 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 183 { 184 if (p->tstamp_type_count == 0) { 185 /* 186 * We don't support multiple time stamp types. 187 */ 188 *tstamp_typesp = NULL; 189 } else { 190 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 191 p->tstamp_type_count); 192 if (*tstamp_typesp == NULL) { 193 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf), 194 "malloc: %s", pcap_strerror(errno)); 195 return (PCAP_ERROR); 196 } 197 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 198 sizeof(**tstamp_typesp) * p->tstamp_type_count); 199 } 200 return (p->tstamp_type_count); 201 } 202 203 /* 204 * In Windows, you might have a library built with one version of the 205 * C runtime library and an application built with another version of 206 * the C runtime library, which means that the library might use one 207 * version of malloc() and free() and the application might use another 208 * version of malloc() and free(). If so, that means something 209 * allocated by the library cannot be freed by the application, so we 210 * need to have a pcap_free_tstamp_types() routine to free up the list 211 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 212 * around free(). 213 */ 214 void 215 pcap_free_tstamp_types(int *tstamp_type_list) 216 { 217 free(tstamp_type_list); 218 } 219 220 /* 221 * Default one-shot callback; overridden for capture types where the 222 * packet data cannot be guaranteed to be available after the callback 223 * returns, so that a copy must be made. 224 */ 225 void 226 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 227 { 228 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 229 230 *sp->hdr = *h; 231 *sp->pkt = pkt; 232 } 233 234 const u_char * 235 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 236 { 237 struct oneshot_userdata s; 238 const u_char *pkt; 239 240 s.hdr = h; 241 s.pkt = &pkt; 242 s.pd = p; 243 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 244 return (0); 245 return (pkt); 246 } 247 248 int 249 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 250 const u_char **pkt_data) 251 { 252 struct oneshot_userdata s; 253 254 s.hdr = &p->pcap_header; 255 s.pkt = pkt_data; 256 s.pd = p; 257 258 /* Saves a pointer to the packet headers */ 259 *pkt_header= &p->pcap_header; 260 261 if (p->rfile != NULL) { 262 int status; 263 264 /* We are on an offline capture */ 265 status = pcap_offline_read(p, 1, p->oneshot_callback, 266 (u_char *)&s); 267 268 /* 269 * Return codes for pcap_offline_read() are: 270 * - 0: EOF 271 * - -1: error 272 * - >1: OK 273 * The first one ('0') conflicts with the return code of 274 * 0 from pcap_read() meaning "no packets arrived before 275 * the timeout expired", so we map it to -2 so you can 276 * distinguish between an EOF from a savefile and a 277 * "no packets arrived before the timeout expired, try 278 * again" from a live capture. 279 */ 280 if (status == 0) 281 return (-2); 282 else 283 return (status); 284 } 285 286 /* 287 * Return codes for pcap_read() are: 288 * - 0: timeout 289 * - -1: error 290 * - -2: loop was broken out of with pcap_breakloop() 291 * - >1: OK 292 * The first one ('0') conflicts with the return code of 0 from 293 * pcap_offline_read() meaning "end of file". 294 */ 295 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 296 } 297 298 static struct capture_source_type { 299 int (*findalldevs_op)(pcap_if_t **, char *); 300 pcap_t *(*create_op)(const char *, char *, int *); 301 } capture_source_types[] = { 302 #ifdef HAVE_DAG_API 303 { dag_findalldevs, dag_create }, 304 #endif 305 #ifdef HAVE_SEPTEL_API 306 { septel_findalldevs, septel_create }, 307 #endif 308 #ifdef HAVE_SNF_API 309 { snf_findalldevs, snf_create }, 310 #endif 311 #ifdef HAVE_TC_API 312 { TcFindAllDevs, TcCreate }, 313 #endif 314 #ifdef PCAP_SUPPORT_BT 315 { bt_findalldevs, bt_create }, 316 #endif 317 #ifdef PCAP_SUPPORT_BT_MONITOR 318 { bt_monitor_findalldevs, bt_monitor_create }, 319 #endif 320 #ifdef PCAP_SUPPORT_USB 321 { usb_findalldevs, usb_create }, 322 #endif 323 #ifdef PCAP_SUPPORT_NETFILTER 324 { netfilter_findalldevs, netfilter_create }, 325 #endif 326 #ifdef PCAP_SUPPORT_DBUS 327 { dbus_findalldevs, dbus_create }, 328 #endif 329 { NULL, NULL } 330 }; 331 332 /* 333 * Get a list of all capture sources that are up and that we can open. 334 * Returns -1 on error, 0 otherwise. 335 * The list, as returned through "alldevsp", may be null if no interfaces 336 * were up and could be opened. 337 */ 338 int 339 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 340 { 341 size_t i; 342 343 /* 344 * Find all the local network interfaces on which we 345 * can capture. 346 */ 347 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) 348 return (-1); 349 350 /* 351 * Ask each of the non-local-network-interface capture 352 * source types what interfaces they have. 353 */ 354 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 355 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) { 356 /* 357 * We had an error; free the list we've been 358 * constructing. 359 */ 360 if (*alldevsp != NULL) { 361 pcap_freealldevs(*alldevsp); 362 *alldevsp = NULL; 363 } 364 return (-1); 365 } 366 } 367 368 return (0); 369 } 370 371 pcap_t * 372 pcap_create(const char *device, char *errbuf) 373 { 374 size_t i; 375 int is_theirs; 376 pcap_t *p; 377 char *device_str; 378 379 /* 380 * A null device name is equivalent to the "any" device - 381 * which might not be supported on this platform, but 382 * this means that you'll get a "not supported" error 383 * rather than, say, a crash when we try to dereference 384 * the null pointer. 385 */ 386 if (device == NULL) 387 device_str = strdup("any"); 388 else { 389 #ifdef _WIN32 390 /* 391 * If the string appears to be little-endian UCS-2/UTF-16, 392 * convert it to ASCII. 393 * 394 * XXX - to UTF-8 instead? Or report an error if any 395 * character isn't ASCII? 396 */ 397 if (device[0] != '\0' && device[1] == '\0') { 398 size_t length; 399 400 length = wcslen((wchar_t *)device); 401 device_str = (char *)malloc(length + 1); 402 if (device_str == NULL) { 403 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 404 "malloc: %s", pcap_strerror(errno)); 405 return (NULL); 406 } 407 408 pcap_snprintf(device_str, length + 1, "%ws", 409 (const wchar_t *)device); 410 } else 411 #endif 412 device_str = strdup(device); 413 } 414 if (device_str == NULL) { 415 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 416 "malloc: %s", pcap_strerror(errno)); 417 return (NULL); 418 } 419 420 /* 421 * Try each of the non-local-network-interface capture 422 * source types until we find one that works for this 423 * device or run out of types. 424 */ 425 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 426 is_theirs = 0; 427 p = capture_source_types[i].create_op(device_str, errbuf, 428 &is_theirs); 429 if (is_theirs) { 430 /* 431 * The device name refers to a device of the 432 * type in question; either it succeeded, 433 * in which case p refers to a pcap_t to 434 * later activate for the device, or it 435 * failed, in which case p is null and we 436 * should return that to report the failure 437 * to create. 438 */ 439 if (p == NULL) { 440 /* 441 * We assume the caller filled in errbuf. 442 */ 443 free(device_str); 444 return (NULL); 445 } 446 p->opt.device = device_str; 447 return (p); 448 } 449 } 450 451 /* 452 * OK, try it as a regular network interface. 453 */ 454 p = pcap_create_interface(device_str, errbuf); 455 if (p == NULL) { 456 /* 457 * We assume the caller filled in errbuf. 458 */ 459 free(device_str); 460 return (NULL); 461 } 462 p->opt.device = device_str; 463 return (p); 464 } 465 466 static void 467 initialize_ops(pcap_t *p) 468 { 469 /* 470 * Set operation pointers for operations that only work on 471 * an activated pcap_t to point to a routine that returns 472 * a "this isn't activated" error. 473 */ 474 p->read_op = (read_op_t)pcap_not_initialized; 475 p->inject_op = (inject_op_t)pcap_not_initialized; 476 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 477 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 478 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 479 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 480 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 481 p->stats_op = (stats_op_t)pcap_not_initialized; 482 #ifdef _WIN32 483 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr; 484 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 485 p->setmode_op = (setmode_op_t)pcap_not_initialized; 486 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 487 p->getevent_op = pcap_getevent_not_initialized; 488 p->oid_get_request_op = (oid_get_request_op_t)pcap_not_initialized; 489 p->oid_set_request_op = (oid_set_request_op_t)pcap_not_initialized; 490 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized; 491 p->setuserbuffer_op = (setuserbuffer_op_t)pcap_not_initialized; 492 p->live_dump_op = (live_dump_op_t)pcap_not_initialized; 493 p->live_dump_ended_op = (live_dump_ended_op_t)pcap_not_initialized; 494 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized; 495 #endif 496 497 /* 498 * Default cleanup operation - implementations can override 499 * this, but should call pcap_cleanup_live_common() after 500 * doing their own additional cleanup. 501 */ 502 p->cleanup_op = pcap_cleanup_live_common; 503 504 /* 505 * In most cases, the standard one-shot callback can 506 * be used for pcap_next()/pcap_next_ex(). 507 */ 508 p->oneshot_callback = pcap_oneshot; 509 } 510 511 static pcap_t * 512 pcap_alloc_pcap_t(char *ebuf, size_t size) 513 { 514 char *chunk; 515 pcap_t *p; 516 517 /* 518 * Allocate a chunk of memory big enough for a pcap_t 519 * plus a structure following it of size "size". The 520 * structure following it is a private data structure 521 * for the routines that handle this pcap_t. 522 */ 523 chunk = malloc(sizeof (pcap_t) + size); 524 if (chunk == NULL) { 525 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 526 pcap_strerror(errno)); 527 return (NULL); 528 } 529 memset(chunk, 0, sizeof (pcap_t) + size); 530 531 /* 532 * Get a pointer to the pcap_t at the beginning. 533 */ 534 p = (pcap_t *)chunk; 535 536 #ifndef _WIN32 537 p->fd = -1; /* not opened yet */ 538 p->selectable_fd = -1; 539 #endif 540 541 if (size == 0) { 542 /* No private data was requested. */ 543 p->priv = NULL; 544 } else { 545 /* 546 * Set the pointer to the private data; that's the structure 547 * of size "size" following the pcap_t. 548 */ 549 p->priv = (void *)(chunk + sizeof (pcap_t)); 550 } 551 552 return (p); 553 } 554 555 pcap_t * 556 pcap_create_common(char *ebuf, size_t size) 557 { 558 pcap_t *p; 559 560 p = pcap_alloc_pcap_t(ebuf, size); 561 if (p == NULL) 562 return (NULL); 563 564 /* 565 * Default to "can't set rfmon mode"; if it's supported by 566 * a platform, the create routine that called us can set 567 * the op to its routine to check whether a particular 568 * device supports it. 569 */ 570 p->can_set_rfmon_op = pcap_cant_set_rfmon; 571 572 initialize_ops(p); 573 574 /* put in some defaults*/ 575 p->snapshot = MAXIMUM_SNAPLEN; /* max packet size */ 576 p->opt.timeout = 0; /* no timeout specified */ 577 p->opt.buffer_size = 0; /* use the platform's default */ 578 p->opt.promisc = 0; 579 p->opt.rfmon = 0; 580 p->opt.immediate = 0; 581 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 582 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 583 584 /* 585 * Start out with no BPF code generation flags set. 586 */ 587 p->bpf_codegen_flags = 0; 588 589 return (p); 590 } 591 592 int 593 pcap_check_activated(pcap_t *p) 594 { 595 if (p->activated) { 596 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 597 " operation on activated capture"); 598 return (-1); 599 } 600 return (0); 601 } 602 603 int 604 pcap_set_snaplen(pcap_t *p, int snaplen) 605 { 606 if (pcap_check_activated(p)) 607 return (PCAP_ERROR_ACTIVATED); 608 609 /* 610 * Turn invalid values, or excessively large values, into 611 * the maximum allowed value. 612 * 613 * If some application really *needs* a bigger snapshot 614 * length, we should just increase MAXIMUM_SNAPLEN. 615 */ 616 if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN) 617 snaplen = MAXIMUM_SNAPLEN; 618 p->snapshot = snaplen; 619 return (0); 620 } 621 622 int 623 pcap_set_promisc(pcap_t *p, int promisc) 624 { 625 if (pcap_check_activated(p)) 626 return (PCAP_ERROR_ACTIVATED); 627 p->opt.promisc = promisc; 628 return (0); 629 } 630 631 int 632 pcap_set_rfmon(pcap_t *p, int rfmon) 633 { 634 if (pcap_check_activated(p)) 635 return (PCAP_ERROR_ACTIVATED); 636 p->opt.rfmon = rfmon; 637 return (0); 638 } 639 640 int 641 pcap_set_timeout(pcap_t *p, int timeout_ms) 642 { 643 if (pcap_check_activated(p)) 644 return (PCAP_ERROR_ACTIVATED); 645 p->opt.timeout = timeout_ms; 646 return (0); 647 } 648 649 int 650 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 651 { 652 int i; 653 654 if (pcap_check_activated(p)) 655 return (PCAP_ERROR_ACTIVATED); 656 657 /* 658 * The argument should have been u_int, but that's too late 659 * to change now - it's an API. 660 */ 661 if (tstamp_type < 0) 662 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 663 664 /* 665 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; 666 * the default time stamp type is PCAP_TSTAMP_HOST. 667 */ 668 if (p->tstamp_type_count == 0) { 669 if (tstamp_type == PCAP_TSTAMP_HOST) { 670 p->opt.tstamp_type = tstamp_type; 671 return (0); 672 } 673 } else { 674 /* 675 * Check whether we claim to support this type of time stamp. 676 */ 677 for (i = 0; i < p->tstamp_type_count; i++) { 678 if (p->tstamp_type_list[i] == (u_int)tstamp_type) { 679 /* 680 * Yes. 681 */ 682 p->opt.tstamp_type = tstamp_type; 683 return (0); 684 } 685 } 686 } 687 688 /* 689 * We don't support this type of time stamp. 690 */ 691 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 692 } 693 694 int 695 pcap_set_immediate_mode(pcap_t *p, int immediate) 696 { 697 if (pcap_check_activated(p)) 698 return (PCAP_ERROR_ACTIVATED); 699 p->opt.immediate = immediate; 700 return (0); 701 } 702 703 int 704 pcap_set_buffer_size(pcap_t *p, int buffer_size) 705 { 706 if (pcap_check_activated(p)) 707 return (PCAP_ERROR_ACTIVATED); 708 if (buffer_size <= 0) { 709 /* 710 * Silently ignore invalid values. 711 */ 712 return (0); 713 } 714 p->opt.buffer_size = buffer_size; 715 return (0); 716 } 717 718 int 719 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) 720 { 721 int i; 722 723 if (pcap_check_activated(p)) 724 return (PCAP_ERROR_ACTIVATED); 725 726 /* 727 * The argument should have been u_int, but that's too late 728 * to change now - it's an API. 729 */ 730 if (tstamp_precision < 0) 731 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 732 733 /* 734 * If p->tstamp_precision_count is 0, we only support setting 735 * the time stamp precision to microsecond precision; every 736 * pcap module *MUST* support microsecond precision, even if 737 * it does so by converting the native precision to 738 * microseconds. 739 */ 740 if (p->tstamp_precision_count == 0) { 741 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) { 742 p->opt.tstamp_precision = tstamp_precision; 743 return (0); 744 } 745 } else { 746 /* 747 * Check whether we claim to support this precision of 748 * time stamp. 749 */ 750 for (i = 0; i < p->tstamp_precision_count; i++) { 751 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { 752 /* 753 * Yes. 754 */ 755 p->opt.tstamp_precision = tstamp_precision; 756 return (0); 757 } 758 } 759 } 760 761 /* 762 * We don't support this time stamp precision. 763 */ 764 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 765 } 766 767 int 768 pcap_get_tstamp_precision(pcap_t *p) 769 { 770 return (p->opt.tstamp_precision); 771 } 772 773 int 774 pcap_activate(pcap_t *p) 775 { 776 int status; 777 778 /* 779 * Catch attempts to re-activate an already-activated 780 * pcap_t; this should, for example, catch code that 781 * calls pcap_open_live() followed by pcap_activate(), 782 * as some code that showed up in a Stack Exchange 783 * question did. 784 */ 785 if (pcap_check_activated(p)) 786 return (PCAP_ERROR_ACTIVATED); 787 status = p->activate_op(p); 788 if (status >= 0) 789 p->activated = 1; 790 else { 791 if (p->errbuf[0] == '\0') { 792 /* 793 * No error message supplied by the activate routine; 794 * for the benefit of programs that don't specially 795 * handle errors other than PCAP_ERROR, return the 796 * error message corresponding to the status. 797 */ 798 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 799 pcap_statustostr(status)); 800 } 801 802 /* 803 * Undo any operation pointer setting, etc. done by 804 * the activate operation. 805 */ 806 initialize_ops(p); 807 } 808 return (status); 809 } 810 811 pcap_t * 812 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf) 813 { 814 pcap_t *p; 815 int status; 816 817 p = pcap_create(device, errbuf); 818 if (p == NULL) 819 return (NULL); 820 status = pcap_set_snaplen(p, snaplen); 821 if (status < 0) 822 goto fail; 823 status = pcap_set_promisc(p, promisc); 824 if (status < 0) 825 goto fail; 826 status = pcap_set_timeout(p, to_ms); 827 if (status < 0) 828 goto fail; 829 /* 830 * Mark this as opened with pcap_open_live(), so that, for 831 * example, we show the full list of DLT_ values, rather 832 * than just the ones that are compatible with capturing 833 * when not in monitor mode. That allows existing applications 834 * to work the way they used to work, but allows new applications 835 * that know about the new open API to, for example, find out the 836 * DLT_ values that they can select without changing whether 837 * the adapter is in monitor mode or not. 838 */ 839 p->oldstyle = 1; 840 status = pcap_activate(p); 841 if (status < 0) 842 goto fail; 843 return (p); 844 fail: 845 if (status == PCAP_ERROR) 846 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 847 p->errbuf); 848 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 849 status == PCAP_ERROR_PERM_DENIED || 850 status == PCAP_ERROR_PROMISC_PERM_DENIED) 851 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", device, 852 pcap_statustostr(status), p->errbuf); 853 else 854 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 855 pcap_statustostr(status)); 856 pcap_close(p); 857 return (NULL); 858 } 859 860 pcap_t * 861 pcap_open_offline_common(char *ebuf, size_t size) 862 { 863 pcap_t *p; 864 865 p = pcap_alloc_pcap_t(ebuf, size); 866 if (p == NULL) 867 return (NULL); 868 869 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 870 871 return (p); 872 } 873 874 int 875 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 876 { 877 return (p->read_op(p, cnt, callback, user)); 878 } 879 880 int 881 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 882 { 883 register int n; 884 885 for (;;) { 886 if (p->rfile != NULL) { 887 /* 888 * 0 means EOF, so don't loop if we get 0. 889 */ 890 n = pcap_offline_read(p, cnt, callback, user); 891 } else { 892 /* 893 * XXX keep reading until we get something 894 * (or an error occurs) 895 */ 896 do { 897 n = p->read_op(p, cnt, callback, user); 898 } while (n == 0); 899 } 900 if (n <= 0) 901 return (n); 902 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) { 903 cnt -= n; 904 if (cnt <= 0) 905 return (0); 906 } 907 } 908 } 909 910 /* 911 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 912 */ 913 void 914 pcap_breakloop(pcap_t *p) 915 { 916 p->break_loop = 1; 917 } 918 919 int 920 pcap_datalink(pcap_t *p) 921 { 922 if (!p->activated) 923 return (PCAP_ERROR_NOT_ACTIVATED); 924 return (p->linktype); 925 } 926 927 int 928 pcap_datalink_ext(pcap_t *p) 929 { 930 if (!p->activated) 931 return (PCAP_ERROR_NOT_ACTIVATED); 932 return (p->linktype_ext); 933 } 934 935 int 936 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 937 { 938 if (!p->activated) 939 return (PCAP_ERROR_NOT_ACTIVATED); 940 if (p->dlt_count == 0) { 941 /* 942 * We couldn't fetch the list of DLTs, which means 943 * this platform doesn't support changing the 944 * DLT for an interface. Return a list of DLTs 945 * containing only the DLT this device supports. 946 */ 947 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 948 if (*dlt_buffer == NULL) { 949 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf), 950 "malloc: %s", pcap_strerror(errno)); 951 return (PCAP_ERROR); 952 } 953 **dlt_buffer = p->linktype; 954 return (1); 955 } else { 956 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 957 if (*dlt_buffer == NULL) { 958 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf), 959 "malloc: %s", pcap_strerror(errno)); 960 return (PCAP_ERROR); 961 } 962 (void)memcpy(*dlt_buffer, p->dlt_list, 963 sizeof(**dlt_buffer) * p->dlt_count); 964 return (p->dlt_count); 965 } 966 } 967 968 /* 969 * In Windows, you might have a library built with one version of the 970 * C runtime library and an application built with another version of 971 * the C runtime library, which means that the library might use one 972 * version of malloc() and free() and the application might use another 973 * version of malloc() and free(). If so, that means something 974 * allocated by the library cannot be freed by the application, so we 975 * need to have a pcap_free_datalinks() routine to free up the list 976 * allocated by pcap_list_datalinks(), even though it's just a wrapper 977 * around free(). 978 */ 979 void 980 pcap_free_datalinks(int *dlt_list) 981 { 982 free(dlt_list); 983 } 984 985 int 986 pcap_set_datalink(pcap_t *p, int dlt) 987 { 988 int i; 989 const char *dlt_name; 990 991 if (dlt < 0) 992 goto unsupported; 993 994 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 995 /* 996 * We couldn't fetch the list of DLTs, or we don't 997 * have a "set datalink" operation, which means 998 * this platform doesn't support changing the 999 * DLT for an interface. Check whether the new 1000 * DLT is the one this interface supports. 1001 */ 1002 if (p->linktype != dlt) 1003 goto unsupported; 1004 1005 /* 1006 * It is, so there's nothing we need to do here. 1007 */ 1008 return (0); 1009 } 1010 for (i = 0; i < p->dlt_count; i++) 1011 if (p->dlt_list[i] == (u_int)dlt) 1012 break; 1013 if (i >= p->dlt_count) 1014 goto unsupported; 1015 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 1016 dlt == DLT_DOCSIS) { 1017 /* 1018 * This is presumably an Ethernet device, as the first 1019 * link-layer type it offers is DLT_EN10MB, and the only 1020 * other type it offers is DLT_DOCSIS. That means that 1021 * we can't tell the driver to supply DOCSIS link-layer 1022 * headers - we're just pretending that's what we're 1023 * getting, as, presumably, we're capturing on a dedicated 1024 * link to a Cisco Cable Modem Termination System, and 1025 * it's putting raw DOCSIS frames on the wire inside low-level 1026 * Ethernet framing. 1027 */ 1028 p->linktype = dlt; 1029 return (0); 1030 } 1031 if (p->set_datalink_op(p, dlt) == -1) 1032 return (-1); 1033 p->linktype = dlt; 1034 return (0); 1035 1036 unsupported: 1037 dlt_name = pcap_datalink_val_to_name(dlt); 1038 if (dlt_name != NULL) { 1039 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf), 1040 "%s is not one of the DLTs supported by this device", 1041 dlt_name); 1042 } else { 1043 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf), 1044 "DLT %d is not one of the DLTs supported by this device", 1045 dlt); 1046 } 1047 return (-1); 1048 } 1049 1050 /* 1051 * This array is designed for mapping upper and lower case letter 1052 * together for a case independent comparison. The mappings are 1053 * based upon ascii character sequences. 1054 */ 1055 static const u_char charmap[] = { 1056 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 1057 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 1058 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 1059 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 1060 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 1061 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 1062 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 1063 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 1064 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 1065 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 1066 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 1067 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 1068 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 1069 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 1070 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 1071 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 1072 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 1073 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 1074 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 1075 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 1076 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 1077 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 1078 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 1079 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 1080 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 1081 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 1082 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 1083 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 1084 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 1085 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 1086 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 1087 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 1088 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 1089 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 1090 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 1091 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 1092 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 1093 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 1094 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 1095 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 1096 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 1097 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 1098 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 1099 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 1100 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 1101 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 1102 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 1103 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 1104 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 1105 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 1106 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 1107 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 1108 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 1109 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 1110 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 1111 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 1112 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 1113 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 1114 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 1115 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 1116 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 1117 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 1118 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 1119 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 1120 }; 1121 1122 int 1123 pcap_strcasecmp(const char *s1, const char *s2) 1124 { 1125 register const u_char *cm = charmap, 1126 *us1 = (const u_char *)s1, 1127 *us2 = (const u_char *)s2; 1128 1129 while (cm[*us1] == cm[*us2++]) 1130 if (*us1++ == '\0') 1131 return(0); 1132 return (cm[*us1] - cm[*--us2]); 1133 } 1134 1135 struct dlt_choice { 1136 const char *name; 1137 const char *description; 1138 int dlt; 1139 }; 1140 1141 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code } 1142 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 1143 1144 static struct dlt_choice dlt_choices[] = { 1145 DLT_CHOICE(NULL, "BSD loopback"), 1146 DLT_CHOICE(EN10MB, "Ethernet"), 1147 DLT_CHOICE(IEEE802, "Token ring"), 1148 DLT_CHOICE(ARCNET, "BSD ARCNET"), 1149 DLT_CHOICE(SLIP, "SLIP"), 1150 DLT_CHOICE(PPP, "PPP"), 1151 DLT_CHOICE(FDDI, "FDDI"), 1152 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 1153 DLT_CHOICE(RAW, "Raw IP"), 1154 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"), 1155 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"), 1156 DLT_CHOICE(ATM_CLIP, "Linux Classical IP-over-ATM"), 1157 DLT_CHOICE(PPP_SERIAL, "PPP over serial"), 1158 DLT_CHOICE(PPP_ETHER, "PPPoE"), 1159 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"), 1160 DLT_CHOICE(C_HDLC, "Cisco HDLC"), 1161 DLT_CHOICE(IEEE802_11, "802.11"), 1162 DLT_CHOICE(FRELAY, "Frame Relay"), 1163 DLT_CHOICE(LOOP, "OpenBSD loopback"), 1164 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"), 1165 DLT_CHOICE(LINUX_SLL, "Linux cooked"), 1166 DLT_CHOICE(LTALK, "Localtalk"), 1167 DLT_CHOICE(PFLOG, "OpenBSD pflog file"), 1168 DLT_CHOICE(PFSYNC, "Packet filter state syncing"), 1169 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"), 1170 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 1171 DLT_CHOICE(SUNATM, "Sun raw ATM"), 1172 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"), 1173 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"), 1174 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 1175 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 1176 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"), 1177 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"), 1178 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 1179 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"), 1180 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 1181 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"), 1182 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 1183 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 1184 DLT_CHOICE(MTP2, "SS7 MTP2"), 1185 DLT_CHOICE(MTP3, "SS7 MTP3"), 1186 DLT_CHOICE(SCCP, "SS7 SCCP"), 1187 DLT_CHOICE(DOCSIS, "DOCSIS"), 1188 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"), 1189 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 1190 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 1191 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"), 1192 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"), 1193 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"), 1194 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 1195 DLT_CHOICE(GPRS_LLC, "GPRS LLC"), 1196 DLT_CHOICE(GPF_T, "GPF-T"), 1197 DLT_CHOICE(GPF_F, "GPF-F"), 1198 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"), 1199 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"), 1200 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"), 1201 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"), 1202 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"), 1203 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"), 1204 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"), 1205 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"), 1206 DLT_CHOICE(MFR, "FRF.16 Frame Relay"), 1207 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"), 1208 DLT_CHOICE(A429, "Arinc 429"), 1209 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"), 1210 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"), 1211 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 1212 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 1213 DLT_CHOICE(USB_LINUX, "USB with Linux header"), 1214 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"), 1215 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 1216 DLT_CHOICE(PPI, "Per-Packet Information"), 1217 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 1218 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"), 1219 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"), 1220 DLT_CHOICE(SITA, "SITA pseudo-header"), 1221 DLT_CHOICE(ERF, "Endace ERF header"), 1222 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"), 1223 DLT_CHOICE(IPMB, "IPMB"), 1224 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"), 1225 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 1226 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"), 1227 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 1228 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"), 1229 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"), 1230 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"), 1231 DLT_CHOICE(DECT, "DECT"), 1232 DLT_CHOICE(AOS, "AOS Space Data Link protocol"), 1233 DLT_CHOICE(WIHART, "Wireless HART"), 1234 DLT_CHOICE(FC_2, "Fibre Channel FC-2"), 1235 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 1236 DLT_CHOICE(IPNET, "Solaris ipnet"), 1237 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 1238 DLT_CHOICE(IPV4, "Raw IPv4"), 1239 DLT_CHOICE(IPV6, "Raw IPv6"), 1240 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 1241 DLT_CHOICE(DBUS, "D-Bus"), 1242 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"), 1243 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"), 1244 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 1245 DLT_CHOICE(DVB_CI, "DVB-CI"), 1246 DLT_CHOICE(MUX27010, "MUX27010"), 1247 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"), 1248 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 1249 DLT_CHOICE(NFLOG, "Linux netfilter log messages"), 1250 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 1251 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 1252 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"), 1253 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"), 1254 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"), 1255 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"), 1256 DLT_CHOICE(INFINIBAND, "InfiniBand"), 1257 DLT_CHOICE(SCTP, "SCTP"), 1258 DLT_CHOICE(USBPCAP, "USB with USBPcap header"), 1259 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"), 1260 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"), 1261 DLT_CHOICE(NETLINK, "Linux netlink"), 1262 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"), 1263 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"), 1264 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"), 1265 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"), 1266 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"), 1267 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"), 1268 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"), 1269 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"), 1270 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"), 1271 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"), 1272 DLT_CHOICE(ISO_14443, "ISO 14443 messages"), 1273 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"), 1274 DLT_CHOICE_SENTINEL 1275 }; 1276 1277 int 1278 pcap_datalink_name_to_val(const char *name) 1279 { 1280 int i; 1281 1282 for (i = 0; dlt_choices[i].name != NULL; i++) { 1283 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0) 1284 return (dlt_choices[i].dlt); 1285 } 1286 return (-1); 1287 } 1288 1289 const char * 1290 pcap_datalink_val_to_name(int dlt) 1291 { 1292 int i; 1293 1294 for (i = 0; dlt_choices[i].name != NULL; i++) { 1295 if (dlt_choices[i].dlt == dlt) 1296 return (dlt_choices[i].name); 1297 } 1298 return (NULL); 1299 } 1300 1301 const char * 1302 pcap_datalink_val_to_description(int dlt) 1303 { 1304 int i; 1305 1306 for (i = 0; dlt_choices[i].name != NULL; i++) { 1307 if (dlt_choices[i].dlt == dlt) 1308 return (dlt_choices[i].description); 1309 } 1310 return (NULL); 1311 } 1312 1313 struct tstamp_type_choice { 1314 const char *name; 1315 const char *description; 1316 int type; 1317 }; 1318 1319 static struct tstamp_type_choice tstamp_type_choices[] = { 1320 { "host", "Host", PCAP_TSTAMP_HOST }, 1321 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 1322 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 1323 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 1324 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 1325 { NULL, NULL, 0 } 1326 }; 1327 1328 int 1329 pcap_tstamp_type_name_to_val(const char *name) 1330 { 1331 int i; 1332 1333 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1334 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 1335 return (tstamp_type_choices[i].type); 1336 } 1337 return (PCAP_ERROR); 1338 } 1339 1340 const char * 1341 pcap_tstamp_type_val_to_name(int tstamp_type) 1342 { 1343 int i; 1344 1345 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1346 if (tstamp_type_choices[i].type == tstamp_type) 1347 return (tstamp_type_choices[i].name); 1348 } 1349 return (NULL); 1350 } 1351 1352 const char * 1353 pcap_tstamp_type_val_to_description(int tstamp_type) 1354 { 1355 int i; 1356 1357 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1358 if (tstamp_type_choices[i].type == tstamp_type) 1359 return (tstamp_type_choices[i].description); 1360 } 1361 return (NULL); 1362 } 1363 1364 int 1365 pcap_snapshot(pcap_t *p) 1366 { 1367 if (!p->activated) 1368 return (PCAP_ERROR_NOT_ACTIVATED); 1369 return (p->snapshot); 1370 } 1371 1372 int 1373 pcap_is_swapped(pcap_t *p) 1374 { 1375 if (!p->activated) 1376 return (PCAP_ERROR_NOT_ACTIVATED); 1377 return (p->swapped); 1378 } 1379 1380 int 1381 pcap_major_version(pcap_t *p) 1382 { 1383 if (!p->activated) 1384 return (PCAP_ERROR_NOT_ACTIVATED); 1385 return (p->version_major); 1386 } 1387 1388 int 1389 pcap_minor_version(pcap_t *p) 1390 { 1391 if (!p->activated) 1392 return (PCAP_ERROR_NOT_ACTIVATED); 1393 return (p->version_minor); 1394 } 1395 1396 FILE * 1397 pcap_file(pcap_t *p) 1398 { 1399 return (p->rfile); 1400 } 1401 1402 int 1403 pcap_fileno(pcap_t *p) 1404 { 1405 #ifndef _WIN32 1406 return (p->fd); 1407 #else 1408 if (p->adapter != NULL) 1409 return ((int)(DWORD)p->adapter->hFile); 1410 else 1411 return (PCAP_ERROR); 1412 #endif 1413 } 1414 1415 #if !defined(_WIN32) && !defined(MSDOS) 1416 int 1417 pcap_get_selectable_fd(pcap_t *p) 1418 { 1419 return (p->selectable_fd); 1420 } 1421 #endif 1422 1423 void 1424 pcap_perror(pcap_t *p, const char *prefix) 1425 { 1426 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1427 } 1428 1429 char * 1430 pcap_geterr(pcap_t *p) 1431 { 1432 return (p->errbuf); 1433 } 1434 1435 int 1436 pcap_getnonblock(pcap_t *p, char *errbuf) 1437 { 1438 int ret; 1439 1440 ret = p->getnonblock_op(p, errbuf); 1441 if (ret == -1) { 1442 /* 1443 * In case somebody depended on the bug wherein 1444 * the error message was put into p->errbuf 1445 * by pcap_getnonblock_fd(). 1446 */ 1447 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1448 } 1449 return (ret); 1450 } 1451 1452 /* 1453 * Get the current non-blocking mode setting, under the assumption that 1454 * it's just the standard POSIX non-blocking flag. 1455 */ 1456 #if !defined(_WIN32) && !defined(MSDOS) 1457 int 1458 pcap_getnonblock_fd(pcap_t *p, char *errbuf) 1459 { 1460 int fdflags; 1461 1462 fdflags = fcntl(p->fd, F_GETFL, 0); 1463 if (fdflags == -1) { 1464 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1465 pcap_strerror(errno)); 1466 return (-1); 1467 } 1468 if (fdflags & O_NONBLOCK) 1469 return (1); 1470 else 1471 return (0); 1472 } 1473 #endif 1474 1475 int 1476 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 1477 { 1478 int ret; 1479 1480 ret = p->setnonblock_op(p, nonblock, errbuf); 1481 if (ret == -1) { 1482 /* 1483 * In case somebody depended on the bug wherein 1484 * the error message was put into p->errbuf 1485 * by pcap_setnonblock_fd(). 1486 */ 1487 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1488 } 1489 return (ret); 1490 } 1491 1492 #if !defined(_WIN32) && !defined(MSDOS) 1493 /* 1494 * Set non-blocking mode, under the assumption that it's just the 1495 * standard POSIX non-blocking flag. (This can be called by the 1496 * per-platform non-blocking-mode routine if that routine also 1497 * needs to do some additional work.) 1498 */ 1499 int 1500 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf) 1501 { 1502 int fdflags; 1503 1504 fdflags = fcntl(p->fd, F_GETFL, 0); 1505 if (fdflags == -1) { 1506 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1507 pcap_strerror(errno)); 1508 return (-1); 1509 } 1510 if (nonblock) 1511 fdflags |= O_NONBLOCK; 1512 else 1513 fdflags &= ~O_NONBLOCK; 1514 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1515 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1516 pcap_strerror(errno)); 1517 return (-1); 1518 } 1519 return (0); 1520 } 1521 #endif 1522 1523 #ifdef _WIN32 1524 /* 1525 * Generate a string for a Win32-specific error (i.e. an error generated when 1526 * calling a Win32 API). 1527 * For errors occurred during standard C calls, we still use pcap_strerror() 1528 */ 1529 void 1530 pcap_win32_err_to_str(DWORD error, char *errbuf) 1531 { 1532 size_t errlen; 1533 char *p; 1534 1535 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1536 PCAP_ERRBUF_SIZE, NULL); 1537 1538 /* 1539 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1540 * message. Get rid of it. 1541 */ 1542 errlen = strlen(errbuf); 1543 if (errlen >= 2) { 1544 errbuf[errlen - 1] = '\0'; 1545 errbuf[errlen - 2] = '\0'; 1546 } 1547 p = strchr(errbuf, '\0'); 1548 pcap_snprintf (p, PCAP_ERRBUF_SIZE+1-(p-errbuf), " (%lu)", error); 1549 } 1550 #endif 1551 1552 /* 1553 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1554 */ 1555 const char * 1556 pcap_statustostr(int errnum) 1557 { 1558 static char ebuf[15+10+1]; 1559 1560 switch (errnum) { 1561 1562 case PCAP_WARNING: 1563 return("Generic warning"); 1564 1565 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1566 return ("That type of time stamp is not supported by that device"); 1567 1568 case PCAP_WARNING_PROMISC_NOTSUP: 1569 return ("That device doesn't support promiscuous mode"); 1570 1571 case PCAP_ERROR: 1572 return("Generic error"); 1573 1574 case PCAP_ERROR_BREAK: 1575 return("Loop terminated by pcap_breakloop"); 1576 1577 case PCAP_ERROR_NOT_ACTIVATED: 1578 return("The pcap_t has not been activated"); 1579 1580 case PCAP_ERROR_ACTIVATED: 1581 return ("The setting can't be changed after the pcap_t is activated"); 1582 1583 case PCAP_ERROR_NO_SUCH_DEVICE: 1584 return ("No such device exists"); 1585 1586 case PCAP_ERROR_RFMON_NOTSUP: 1587 return ("That device doesn't support monitor mode"); 1588 1589 case PCAP_ERROR_NOT_RFMON: 1590 return ("That operation is supported only in monitor mode"); 1591 1592 case PCAP_ERROR_PERM_DENIED: 1593 return ("You don't have permission to capture on that device"); 1594 1595 case PCAP_ERROR_IFACE_NOT_UP: 1596 return ("That device is not up"); 1597 1598 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1599 return ("That device doesn't support setting the time stamp type"); 1600 1601 case PCAP_ERROR_PROMISC_PERM_DENIED: 1602 return ("You don't have permission to capture in promiscuous mode on that device"); 1603 1604 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP: 1605 return ("That device doesn't support that time stamp precision"); 1606 } 1607 (void)pcap_snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1608 return(ebuf); 1609 } 1610 1611 /* 1612 * Not all systems have strerror(). 1613 */ 1614 const char * 1615 pcap_strerror(int errnum) 1616 { 1617 #ifdef HAVE_STRERROR 1618 #ifdef _WIN32 1619 static char errbuf[PCAP_ERRBUF_SIZE]; 1620 errno_t errno; 1621 errno = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum); 1622 if (errno != 0) /* errno = 0 if successful */ 1623 strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE); 1624 return (errbuf); 1625 #else 1626 return (strerror(errnum)); 1627 #endif /* _WIN32 */ 1628 #else 1629 extern int sys_nerr; 1630 extern const char *const sys_errlist[]; 1631 static char errbuf[PCAP_ERRBUF_SIZE]; 1632 1633 if ((unsigned int)errnum < sys_nerr) 1634 return ((char *)sys_errlist[errnum]); 1635 (void)pcap_snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum); 1636 return (errbuf); 1637 #endif 1638 } 1639 1640 int 1641 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 1642 { 1643 return (p->setfilter_op(p, fp)); 1644 } 1645 1646 /* 1647 * Set direction flag, which controls whether we accept only incoming 1648 * packets, only outgoing packets, or both. 1649 * Note that, depending on the platform, some or all direction arguments 1650 * might not be supported. 1651 */ 1652 int 1653 pcap_setdirection(pcap_t *p, pcap_direction_t d) 1654 { 1655 if (p->setdirection_op == NULL) { 1656 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1657 "Setting direction is not implemented on this platform"); 1658 return (-1); 1659 } else 1660 return (p->setdirection_op(p, d)); 1661 } 1662 1663 int 1664 pcap_stats(pcap_t *p, struct pcap_stat *ps) 1665 { 1666 return (p->stats_op(p, ps)); 1667 } 1668 1669 static int 1670 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 1671 { 1672 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1673 "Statistics aren't available from a pcap_open_dead pcap_t"); 1674 return (-1); 1675 } 1676 1677 #ifdef _WIN32 1678 struct pcap_stat * 1679 pcap_stats_ex(pcap_t *p, int *pcap_stat_size) 1680 { 1681 return (p->stats_ex_op(p, pcap_stat_size)); 1682 } 1683 1684 int 1685 pcap_setbuff(pcap_t *p, int dim) 1686 { 1687 return (p->setbuff_op(p, dim)); 1688 } 1689 1690 static int 1691 pcap_setbuff_dead(pcap_t *p, int dim) 1692 { 1693 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1694 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1695 return (-1); 1696 } 1697 1698 int 1699 pcap_setmode(pcap_t *p, int mode) 1700 { 1701 return (p->setmode_op(p, mode)); 1702 } 1703 1704 static int 1705 pcap_setmode_dead(pcap_t *p, int mode) 1706 { 1707 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1708 "impossible to set mode on a pcap_open_dead pcap_t"); 1709 return (-1); 1710 } 1711 1712 int 1713 pcap_setmintocopy(pcap_t *p, int size) 1714 { 1715 return (p->setmintocopy_op(p, size)); 1716 } 1717 1718 static int 1719 pcap_setmintocopy_dead(pcap_t *p, int size) 1720 { 1721 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1722 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1723 return (-1); 1724 } 1725 1726 HANDLE 1727 pcap_getevent(pcap_t *p) 1728 { 1729 return (p->getevent_op(p)); 1730 } 1731 1732 static HANDLE 1733 pcap_getevent_dead(pcap_t *p) 1734 { 1735 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1736 "A pcap_open_dead pcap_t has no event handle"); 1737 return (INVALID_HANDLE_VALUE); 1738 } 1739 1740 int 1741 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp) 1742 { 1743 return (p->oid_get_request_op(p, oid, data, lenp)); 1744 } 1745 1746 static int 1747 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, 1748 size_t *lenp _U_) 1749 { 1750 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1751 "An OID get request cannot be performed on a pcap_open_dead pcap_t"); 1752 return (PCAP_ERROR); 1753 } 1754 1755 int 1756 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp) 1757 { 1758 return (p->oid_set_request_op(p, oid, data, lenp)); 1759 } 1760 1761 static int 1762 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_, 1763 size_t *lenp _U_) 1764 { 1765 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1766 "An OID set request cannot be performed on a pcap_open_dead pcap_t"); 1767 return (PCAP_ERROR); 1768 } 1769 1770 pcap_send_queue * 1771 pcap_sendqueue_alloc(u_int memsize) 1772 { 1773 pcap_send_queue *tqueue; 1774 1775 /* Allocate the queue */ 1776 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue)); 1777 if (tqueue == NULL){ 1778 return (NULL); 1779 } 1780 1781 /* Allocate the buffer */ 1782 tqueue->buffer = (char *)malloc(memsize); 1783 if (tqueue->buffer == NULL) { 1784 free(tqueue); 1785 return (NULL); 1786 } 1787 1788 tqueue->maxlen = memsize; 1789 tqueue->len = 0; 1790 1791 return (tqueue); 1792 } 1793 1794 void 1795 pcap_sendqueue_destroy(pcap_send_queue *queue) 1796 { 1797 free(queue->buffer); 1798 free(queue); 1799 } 1800 1801 int 1802 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 1803 { 1804 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){ 1805 return (-1); 1806 } 1807 1808 /* Copy the pcap_pkthdr header*/ 1809 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr)); 1810 queue->len += sizeof(struct pcap_pkthdr); 1811 1812 /* copy the packet */ 1813 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen); 1814 queue->len += pkt_header->caplen; 1815 1816 return (0); 1817 } 1818 1819 u_int 1820 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync) 1821 { 1822 return (p->sendqueue_transmit_op(p, queue, sync)); 1823 } 1824 1825 static u_int 1826 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue, int sync) 1827 { 1828 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1829 "Packets cannot be transmitted on a pcap_open_dead pcap_t"); 1830 return (0); 1831 } 1832 1833 int 1834 pcap_setuserbuffer(pcap_t *p, int size) 1835 { 1836 return (p->setuserbuffer_op(p, size)); 1837 } 1838 1839 static int 1840 pcap_setuserbuffer_dead(pcap_t *p, int size) 1841 { 1842 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1843 "The user buffer cannot be set on a pcap_open_dead pcap_t"); 1844 return (-1); 1845 } 1846 1847 int 1848 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks) 1849 { 1850 return (p->live_dump_op(p, filename, maxsize, maxpacks)); 1851 } 1852 1853 static int 1854 pcap_live_dump_dead(pcap_t *p, char *filename, int maxsize, int maxpacks) 1855 { 1856 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1857 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 1858 return (-1); 1859 } 1860 1861 int 1862 pcap_live_dump_ended(pcap_t *p, int sync) 1863 { 1864 return (p->live_dump_ended_op(p, sync)); 1865 } 1866 1867 static int 1868 pcap_live_dump_ended_dead(pcap_t *p, int sync) 1869 { 1870 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1871 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 1872 return (-1); 1873 } 1874 1875 PAirpcapHandle 1876 pcap_get_airpcap_handle(pcap_t *p) 1877 { 1878 PAirpcapHandle handle; 1879 1880 handle = p->get_airpcap_handle_op(p); 1881 if (handle == NULL) { 1882 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf), 1883 "This isn't an AirPcap device"); 1884 } 1885 return (handle); 1886 } 1887 1888 static PAirpcapHandle 1889 pcap_get_airpcap_handle_dead(pcap_t *p) 1890 { 1891 return (NULL); 1892 } 1893 #endif 1894 1895 /* 1896 * On some platforms, we need to clean up promiscuous or monitor mode 1897 * when we close a device - and we want that to happen even if the 1898 * application just exits without explicitl closing devices. 1899 * On those platforms, we need to register a "close all the pcaps" 1900 * routine to be called when we exit, and need to maintain a list of 1901 * pcaps that need to be closed to clean up modes. 1902 * 1903 * XXX - not thread-safe. 1904 */ 1905 1906 /* 1907 * List of pcaps on which we've done something that needs to be 1908 * cleaned up. 1909 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1910 * when we exit, and have it close all of them. 1911 */ 1912 static struct pcap *pcaps_to_close; 1913 1914 /* 1915 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1916 * be called on exit. 1917 */ 1918 static int did_atexit; 1919 1920 static void 1921 pcap_close_all(void) 1922 { 1923 struct pcap *handle; 1924 1925 while ((handle = pcaps_to_close) != NULL) 1926 pcap_close(handle); 1927 } 1928 1929 int 1930 pcap_do_addexit(pcap_t *p) 1931 { 1932 /* 1933 * If we haven't already done so, arrange to have 1934 * "pcap_close_all()" called when we exit. 1935 */ 1936 if (!did_atexit) { 1937 if (atexit(pcap_close_all) != 0) { 1938 /* 1939 * "atexit()" failed; let our caller know. 1940 */ 1941 strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE); 1942 return (0); 1943 } 1944 did_atexit = 1; 1945 } 1946 return (1); 1947 } 1948 1949 void 1950 pcap_add_to_pcaps_to_close(pcap_t *p) 1951 { 1952 p->next = pcaps_to_close; 1953 pcaps_to_close = p; 1954 } 1955 1956 void 1957 pcap_remove_from_pcaps_to_close(pcap_t *p) 1958 { 1959 pcap_t *pc, *prevpc; 1960 1961 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1962 prevpc = pc, pc = pc->next) { 1963 if (pc == p) { 1964 /* 1965 * Found it. Remove it from the list. 1966 */ 1967 if (prevpc == NULL) { 1968 /* 1969 * It was at the head of the list. 1970 */ 1971 pcaps_to_close = pc->next; 1972 } else { 1973 /* 1974 * It was in the middle of the list. 1975 */ 1976 prevpc->next = pc->next; 1977 } 1978 break; 1979 } 1980 } 1981 } 1982 1983 void 1984 pcap_cleanup_live_common(pcap_t *p) 1985 { 1986 if (p->buffer != NULL) { 1987 free(p->buffer); 1988 p->buffer = NULL; 1989 } 1990 if (p->dlt_list != NULL) { 1991 free(p->dlt_list); 1992 p->dlt_list = NULL; 1993 p->dlt_count = 0; 1994 } 1995 if (p->tstamp_type_list != NULL) { 1996 free(p->tstamp_type_list); 1997 p->tstamp_type_list = NULL; 1998 p->tstamp_type_count = 0; 1999 } 2000 if (p->tstamp_precision_list != NULL) { 2001 free(p->tstamp_precision_list); 2002 p->tstamp_precision_list = NULL; 2003 p->tstamp_precision_count = 0; 2004 } 2005 pcap_freecode(&p->fcode); 2006 #if !defined(_WIN32) && !defined(MSDOS) 2007 if (p->fd >= 0) { 2008 close(p->fd); 2009 p->fd = -1; 2010 } 2011 p->selectable_fd = -1; 2012 #endif 2013 } 2014 2015 static void 2016 pcap_cleanup_dead(pcap_t *p _U_) 2017 { 2018 /* Nothing to do. */ 2019 } 2020 2021 pcap_t * 2022 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) 2023 { 2024 pcap_t *p; 2025 2026 switch (precision) { 2027 2028 case PCAP_TSTAMP_PRECISION_MICRO: 2029 case PCAP_TSTAMP_PRECISION_NANO: 2030 break; 2031 2032 default: 2033 return NULL; 2034 } 2035 p = malloc(sizeof(*p)); 2036 if (p == NULL) 2037 return NULL; 2038 memset (p, 0, sizeof(*p)); 2039 p->snapshot = snaplen; 2040 p->linktype = linktype; 2041 p->opt.tstamp_precision = precision; 2042 p->stats_op = pcap_stats_dead; 2043 #ifdef _WIN32 2044 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr; 2045 p->setbuff_op = pcap_setbuff_dead; 2046 p->setmode_op = pcap_setmode_dead; 2047 p->setmintocopy_op = pcap_setmintocopy_dead; 2048 p->getevent_op = pcap_getevent_dead; 2049 p->oid_get_request_op = pcap_oid_get_request_dead; 2050 p->oid_set_request_op = pcap_oid_set_request_dead; 2051 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead; 2052 p->setuserbuffer_op = pcap_setuserbuffer_dead; 2053 p->live_dump_op = pcap_live_dump_dead; 2054 p->live_dump_ended_op = pcap_live_dump_ended_dead; 2055 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead; 2056 #endif 2057 p->cleanup_op = pcap_cleanup_dead; 2058 2059 /* 2060 * A "dead" pcap_t never requires special BPF code generation. 2061 */ 2062 p->bpf_codegen_flags = 0; 2063 2064 p->activated = 1; 2065 return (p); 2066 } 2067 2068 pcap_t * 2069 pcap_open_dead(int linktype, int snaplen) 2070 { 2071 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen, 2072 PCAP_TSTAMP_PRECISION_MICRO)); 2073 } 2074 2075 /* 2076 * API compatible with WinPcap's "send a packet" routine - returns -1 2077 * on error, 0 otherwise. 2078 * 2079 * XXX - what if we get a short write? 2080 */ 2081 int 2082 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 2083 { 2084 if (p->inject_op(p, buf, size) == -1) 2085 return (-1); 2086 return (0); 2087 } 2088 2089 /* 2090 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 2091 * error, number of bytes written otherwise. 2092 */ 2093 int 2094 pcap_inject(pcap_t *p, const void *buf, size_t size) 2095 { 2096 return (p->inject_op(p, buf, size)); 2097 } 2098 2099 void 2100 pcap_close(pcap_t *p) 2101 { 2102 if (p->opt.device != NULL) 2103 free(p->opt.device); 2104 p->cleanup_op(p); 2105 free(p); 2106 } 2107 2108 /* 2109 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 2110 * data for the packet, check whether the packet passes the filter. 2111 * Returns the return value of the filter program, which will be zero if 2112 * the packet doesn't pass and non-zero if the packet does pass. 2113 */ 2114 int 2115 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 2116 const u_char *pkt) 2117 { 2118 const struct bpf_insn *fcode = fp->bf_insns; 2119 2120 if (fcode != NULL) 2121 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 2122 else 2123 return (0); 2124 } 2125 2126 #include "pcap_version.h" 2127 2128 #ifdef _WIN32 2129 2130 static char *full_pcap_version_string; 2131 2132 #ifdef HAVE_VERSION_H 2133 /* 2134 * libpcap being built for Windows, as part of a WinPcap/Npcap source 2135 * tree. Include version.h from that source tree to get the WinPcap/Npcap 2136 * version. 2137 * 2138 * XXX - it'd be nice if we could somehow generate the WinPcap version number 2139 * when building WinPcap. (It'd be nice to do so for the packet.dll version 2140 * number as well.) 2141 */ 2142 #include "../../version.h" 2143 2144 static const char wpcap_version_string[] = WINPCAP_VER_STRING; 2145 static const char pcap_version_string_fmt[] = 2146 WINPCAP_PRODUCT_NAME " version %s, based on %s"; 2147 static const char pcap_version_string_packet_dll_fmt[] = 2148 WINPCAP_PRODUCT_NAME " version %s (packet.dll version %s), based on %s"; 2149 2150 const char * 2151 pcap_lib_version(void) 2152 { 2153 char *packet_version_string; 2154 size_t full_pcap_version_string_len; 2155 2156 if (full_pcap_version_string == NULL) { 2157 /* 2158 * Generate the version string. 2159 */ 2160 packet_version_string = PacketGetVersion(); 2161 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 2162 /* 2163 * WinPcap version string and packet.dll version 2164 * string are the same; just report the WinPcap 2165 * version. 2166 */ 2167 full_pcap_version_string_len = 2168 (sizeof pcap_version_string_fmt - 4) + 2169 strlen(wpcap_version_string) + 2170 strlen(pcap_version_string); 2171 full_pcap_version_string = 2172 malloc(full_pcap_version_string_len); 2173 if (full_pcap_version_string == NULL) 2174 return (NULL); 2175 pcap_snprintf(full_pcap_version_string, 2176 full_pcap_version_string_len, 2177 pcap_version_string_fmt, 2178 wpcap_version_string, 2179 pcap_version_string); 2180 } else { 2181 /* 2182 * WinPcap version string and packet.dll version 2183 * string are different; that shouldn't be the 2184 * case (the two libraries should come from the 2185 * same version of WinPcap), so we report both 2186 * versions. 2187 */ 2188 full_pcap_version_string_len = 2189 (sizeof pcap_version_string_packet_dll_fmt - 6) + 2190 strlen(wpcap_version_string) + 2191 strlen(packet_version_string) + 2192 strlen(pcap_version_string); 2193 full_pcap_version_string = malloc(full_pcap_version_string_len); 2194 if (full_pcap_version_string == NULL) 2195 return (NULL); 2196 pcap_snprintf(full_pcap_version_string, 2197 full_pcap_version_string_len, 2198 pcap_version_string_packet_dll_fmt, 2199 wpcap_version_string, 2200 packet_version_string, 2201 pcap_version_string); 2202 } 2203 } 2204 return (full_pcap_version_string); 2205 } 2206 2207 #else /* HAVE_VERSION_H */ 2208 2209 /* 2210 * libpcap being built for Windows, not as part of a WinPcap/Npcap source 2211 * tree. 2212 */ 2213 static const char pcap_version_string_packet_dll_fmt[] = 2214 "%s (packet.dll version %s)"; 2215 const char * 2216 pcap_lib_version(void) 2217 { 2218 char *packet_version_string; 2219 size_t full_pcap_version_string_len; 2220 2221 if (full_pcap_version_string == NULL) { 2222 /* 2223 * Generate the version string. Report the packet.dll 2224 * version. 2225 */ 2226 packet_version_string = PacketGetVersion(); 2227 full_pcap_version_string_len = 2228 (sizeof pcap_version_string_packet_dll_fmt - 4) + 2229 strlen(pcap_version_string) + 2230 strlen(packet_version_string); 2231 full_pcap_version_string = malloc(full_pcap_version_string_len); 2232 if (full_pcap_version_string == NULL) 2233 return (NULL); 2234 pcap_snprintf(full_pcap_version_string, 2235 full_pcap_version_string_len, 2236 pcap_version_string_packet_dll_fmt, 2237 pcap_version_string, 2238 packet_version_string); 2239 } 2240 return (full_pcap_version_string); 2241 } 2242 2243 #endif /* HAVE_VERSION_H */ 2244 2245 #elif defined(MSDOS) 2246 2247 static char *full_pcap_version_string; 2248 2249 const char * 2250 pcap_lib_version (void) 2251 { 2252 char *packet_version_string; 2253 size_t full_pcap_version_string_len; 2254 static char dospfx[] = "DOS-"; 2255 2256 if (full_pcap_version_string == NULL) { 2257 /* 2258 * Generate the version string. 2259 */ 2260 full_pcap_version_string_len = 2261 sizeof dospfx + strlen(pcap_version_string); 2262 full_pcap_version_string = 2263 malloc(full_pcap_version_string_len); 2264 if (full_pcap_version_string == NULL) 2265 return (NULL); 2266 strcpy(full_pcap_version_string, dospfx); 2267 strcat(full_pcap_version_string, pcap_version_string); 2268 } 2269 return (full_pcap_version_string); 2270 } 2271 2272 #else /* UN*X */ 2273 2274 const char * 2275 pcap_lib_version(void) 2276 { 2277 return (pcap_version_string); 2278 } 2279 #endif 2280 2281 #ifdef YYDEBUG 2282 /* 2283 * Set the internal "debug printout" flag for the filter expression parser. 2284 * The code to print that stuff is present only if YYDEBUG is defined, so 2285 * the flag, and the routine to set it, are defined only if YYDEBUG is 2286 * defined. 2287 * 2288 * This is intended for libpcap developers, not for general use. 2289 * If you want to set these in a program, you'll have to declare this 2290 * routine yourself, with the appropriate DLL import attribute on Windows; 2291 * it's not declared in any header file, and won't be declared in any 2292 * header file provided by libpcap. 2293 */ 2294 PCAP_API void pcap_set_parser_debug(int value); 2295 2296 PCAP_API_DEF void 2297 pcap_set_parser_debug(int value) 2298 { 2299 extern int pcap_debug; 2300 2301 pcap_debug = value; 2302 } 2303 #endif 2304 2305 #ifdef BDEBUG 2306 /* 2307 * Set the internal "debug printout" flag for the filter expression optimizer. 2308 * The code to print that stuff is present only if BDEBUG is defined, so 2309 * the flag, and the routine to set it, are defined only if BDEBUG is 2310 * defined. 2311 * 2312 * This is intended for libpcap developers, not for general use. 2313 * If you want to set these in a program, you'll have to declare this 2314 * routine yourself, with the appropriate DLL import attribute on Windows; 2315 * it's not declared in any header file, and won't be declared in any 2316 * header file provided by libpcap. 2317 */ 2318 PCAP_API void pcap_set_optimizer_debug(int value); 2319 2320 PCAP_API_DEF void 2321 pcap_set_optimizer_debug(int value) 2322 { 2323 extern int pcap_optimizer_debug; 2324 2325 pcap_optimizer_debug = value; 2326 } 2327 #endif 2328