1 /* $NetBSD: pcap.c,v 1.6 2015/03/31 21:39:42 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the Computer Systems 18 * Engineering Group at Lawrence Berkeley Laboratory. 19 * 4. Neither the name of the University nor of the Laboratory may be used 20 * to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 __RCSID("$NetBSD: pcap.c,v 1.6 2015/03/31 21:39:42 christos Exp $"); 38 39 #ifdef HAVE_CONFIG_H 40 #include "config.h" 41 #endif 42 43 #ifdef WIN32 44 #include <pcap-stdinc.h> 45 #else /* WIN32 */ 46 #if HAVE_INTTYPES_H 47 #include <inttypes.h> 48 #elif HAVE_STDINT_H 49 #include <stdint.h> 50 #endif 51 #ifdef HAVE_SYS_BITYPES_H 52 #include <sys/bitypes.h> 53 #endif 54 #include <sys/types.h> 55 #endif /* WIN32 */ 56 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 61 #include <unistd.h> 62 #endif 63 #include <fcntl.h> 64 #include <errno.h> 65 66 #ifdef HAVE_OS_PROTO_H 67 #include "os-proto.h" 68 #endif 69 70 #ifdef MSDOS 71 #include "pcap-dos.h" 72 #endif 73 74 #include "pcap-int.h" 75 76 #ifdef HAVE_DAG_API 77 #include "pcap-dag.h" 78 #endif /* HAVE_DAG_API */ 79 80 #ifdef HAVE_SEPTEL_API 81 #include "pcap-septel.h" 82 #endif /* HAVE_SEPTEL_API */ 83 84 #ifdef HAVE_SNF_API 85 #include "pcap-snf.h" 86 #endif /* HAVE_SNF_API */ 87 88 #ifdef PCAP_SUPPORT_USB 89 #include "pcap-usb-linux.h" 90 #endif 91 92 #ifdef PCAP_SUPPORT_BT 93 #include "pcap-bt-linux.h" 94 #endif 95 96 #ifdef PCAP_SUPPORT_BT_MONITOR 97 #include "pcap-bt-monitor-linux.h" 98 #endif 99 100 #ifdef PCAP_SUPPORT_CAN 101 #include "pcap-can-linux.h" 102 #endif 103 104 #ifdef PCAP_SUPPORT_CANUSB 105 #include "pcap-canusb-linux.h" 106 #endif 107 108 #ifdef PCAP_SUPPORT_NETFILTER 109 #include "pcap-netfilter-linux.h" 110 #endif 111 112 #ifdef PCAP_SUPPORT_DBUS 113 #include "pcap-dbus.h" 114 #endif 115 116 int 117 pcap_not_initialized(pcap_t *pcap _U_) 118 { 119 /* this means 'not initialized' */ 120 return (PCAP_ERROR_NOT_ACTIVATED); 121 } 122 123 #ifdef WIN32 124 Adapter * 125 pcap_no_adapter(pcap_t *pcap _U_) 126 { 127 return (NULL); 128 } 129 #endif 130 131 /* 132 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 133 * a PCAP_ERROR value on an error. 134 */ 135 int 136 pcap_can_set_rfmon(pcap_t *p) 137 { 138 return (p->can_set_rfmon_op(p)); 139 } 140 141 /* 142 * For systems where rfmon mode is never supported. 143 */ 144 static int 145 pcap_cant_set_rfmon(pcap_t *p _U_) 146 { 147 return (0); 148 } 149 150 /* 151 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 152 * types; the return value is the number of supported time stamp types. 153 * The list should be freed by a call to pcap_free_tstamp_types() when 154 * you're done with it. 155 * 156 * A return value of 0 means "you don't get a choice of time stamp type", 157 * in which case *tstamp_typesp is set to null. 158 * 159 * PCAP_ERROR is returned on error. 160 */ 161 int 162 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 163 { 164 if (p->tstamp_type_count == 0) { 165 /* 166 * We don't support multiple time stamp types. 167 */ 168 *tstamp_typesp = NULL; 169 } else { 170 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 171 p->tstamp_type_count); 172 if (*tstamp_typesp == NULL) { 173 (void)snprintf(p->errbuf, sizeof(p->errbuf), 174 "malloc: %s", pcap_strerror(errno)); 175 return (PCAP_ERROR); 176 } 177 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 178 sizeof(**tstamp_typesp) * p->tstamp_type_count); 179 } 180 return (p->tstamp_type_count); 181 } 182 183 /* 184 * In Windows, you might have a library built with one version of the 185 * C runtime library and an application built with another version of 186 * the C runtime library, which means that the library might use one 187 * version of malloc() and free() and the application might use another 188 * version of malloc() and free(). If so, that means something 189 * allocated by the library cannot be freed by the application, so we 190 * need to have a pcap_free_tstamp_types() routine to free up the list 191 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 192 * around free(). 193 */ 194 void 195 pcap_free_tstamp_types(int *tstamp_type_list) 196 { 197 free(tstamp_type_list); 198 } 199 200 /* 201 * Default one-shot callback; overridden for capture types where the 202 * packet data cannot be guaranteed to be available after the callback 203 * returns, so that a copy must be made. 204 */ 205 void 206 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 207 { 208 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 209 210 *sp->hdr = *h; 211 *sp->pkt = pkt; 212 } 213 214 const u_char * 215 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 216 { 217 struct oneshot_userdata s; 218 const u_char *pkt; 219 220 s.hdr = h; 221 s.pkt = &pkt; 222 s.pd = p; 223 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 224 return (0); 225 return (pkt); 226 } 227 228 int 229 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 230 const u_char **pkt_data) 231 { 232 struct oneshot_userdata s; 233 234 s.hdr = &p->pcap_header; 235 s.pkt = pkt_data; 236 s.pd = p; 237 238 /* Saves a pointer to the packet headers */ 239 *pkt_header= &p->pcap_header; 240 241 if (p->rfile != NULL) { 242 int status; 243 244 /* We are on an offline capture */ 245 status = pcap_offline_read(p, 1, p->oneshot_callback, 246 (u_char *)&s); 247 248 /* 249 * Return codes for pcap_offline_read() are: 250 * - 0: EOF 251 * - -1: error 252 * - >1: OK 253 * The first one ('0') conflicts with the return code of 254 * 0 from pcap_read() meaning "no packets arrived before 255 * the timeout expired", so we map it to -2 so you can 256 * distinguish between an EOF from a savefile and a 257 * "no packets arrived before the timeout expired, try 258 * again" from a live capture. 259 */ 260 if (status == 0) 261 return (-2); 262 else 263 return (status); 264 } 265 266 /* 267 * Return codes for pcap_read() are: 268 * - 0: timeout 269 * - -1: error 270 * - -2: loop was broken out of with pcap_breakloop() 271 * - >1: OK 272 * The first one ('0') conflicts with the return code of 0 from 273 * pcap_offline_read() meaning "end of file". 274 */ 275 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 276 } 277 278 #if defined(DAG_ONLY) 279 int 280 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 281 { 282 return (dag_findalldevs(alldevsp, errbuf)); 283 } 284 285 pcap_t * 286 pcap_create(const char *source, char *errbuf) 287 { 288 int is_ours; 289 return (dag_create(source, errbuf, &is_ours)); 290 } 291 #elif defined(SEPTEL_ONLY) 292 int 293 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 294 { 295 return (septel_findalldevs(alldevsp, errbuf)); 296 } 297 298 pcap_t * 299 pcap_create(const char *source, char *errbuf) 300 { 301 int is_ours; 302 return (septel_create(source, errbuf, &is_ours)); 303 } 304 #elif defined(SNF_ONLY) 305 int 306 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 307 { 308 return (snf_findalldevs(alldevsp, errbuf)); 309 } 310 311 pcap_t * 312 pcap_create(const char *source, char *errbuf) 313 { 314 int is_ours; 315 return (snf_create(source, errbuf, &is_ours)); 316 } 317 #else /* regular pcap */ 318 struct capture_source_type { 319 int (*findalldevs_op)(pcap_if_t **, char *); 320 pcap_t *(*create_op)(const char *, char *, int *); 321 } capture_source_types[] = { 322 #ifdef HAVE_DAG_API 323 { dag_findalldevs, dag_create }, 324 #endif 325 #ifdef HAVE_SEPTEL_API 326 { septel_findalldevs, septel_create }, 327 #endif 328 #ifdef HAVE_SNF_API 329 { snf_findalldevs, snf_create }, 330 #endif 331 #ifdef PCAP_SUPPORT_BT 332 { bt_findalldevs, bt_create }, 333 #endif 334 #ifdef PCAP_SUPPORT_BT_MONITOR 335 { bt_monitor_findalldevs, bt_monitor_create }, 336 #endif 337 #if PCAP_SUPPORT_CANUSB 338 { canusb_findalldevs, canusb_create }, 339 #endif 340 #ifdef PCAP_SUPPORT_CAN 341 { can_findalldevs, can_create }, 342 #endif 343 #ifdef PCAP_SUPPORT_USB 344 { usb_findalldevs, usb_create }, 345 #endif 346 #ifdef PCAP_SUPPORT_NETFILTER 347 { netfilter_findalldevs, netfilter_create }, 348 #endif 349 #ifdef PCAP_SUPPORT_DBUS 350 { dbus_findalldevs, dbus_create }, 351 #endif 352 { NULL, NULL } 353 }; 354 355 /* 356 * Get a list of all capture sources that are up and that we can open. 357 * Returns -1 on error, 0 otherwise. 358 * The list, as returned through "alldevsp", may be null if no interfaces 359 * were up and could be opened. 360 */ 361 int 362 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 363 { 364 size_t i; 365 366 /* 367 * Get the list of regular interfaces first. 368 */ 369 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1) 370 return (-1); /* failure */ 371 372 /* 373 * Add any interfaces that need a platform-specific mechanism 374 * to find. 375 */ 376 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) { 377 /* 378 * We had an error; free the list we've been 379 * constructing. 380 */ 381 if (*alldevsp != NULL) { 382 pcap_freealldevs(*alldevsp); 383 *alldevsp = NULL; 384 } 385 return (-1); 386 } 387 388 /* 389 * Ask each of the non-local-network-interface capture 390 * source types what interfaces they have. 391 */ 392 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 393 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) { 394 /* 395 * We had an error; free the list we've been 396 * constructing. 397 */ 398 if (*alldevsp != NULL) { 399 pcap_freealldevs(*alldevsp); 400 *alldevsp = NULL; 401 } 402 return (-1); 403 } 404 } 405 406 return (0); 407 } 408 409 pcap_t * 410 pcap_create(const char *source, char *errbuf) 411 { 412 size_t i; 413 int is_theirs; 414 pcap_t *p; 415 416 /* 417 * A null source name is equivalent to the "any" device - 418 * which might not be supported on this platform, but 419 * this means that you'll get a "not supported" error 420 * rather than, say, a crash when we try to dereference 421 * the null pointer. 422 */ 423 if (source == NULL) 424 source = "any"; 425 426 /* 427 * Try each of the non-local-network-interface capture 428 * source types until we find one that works for this 429 * device or run out of types. 430 */ 431 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 432 is_theirs = 0; 433 p = capture_source_types[i].create_op(source, errbuf, &is_theirs); 434 if (is_theirs) { 435 /* 436 * The device name refers to a device of the 437 * type in question; either it succeeded, 438 * in which case p refers to a pcap_t to 439 * later activate for the device, or it 440 * failed, in which case p is null and we 441 * should return that to report the failure 442 * to create. 443 */ 444 return (p); 445 } 446 } 447 448 /* 449 * OK, try it as a regular network interface. 450 */ 451 return (pcap_create_interface(source, errbuf)); 452 } 453 #endif 454 455 static void 456 initialize_ops(pcap_t *p) 457 { 458 /* 459 * Set operation pointers for operations that only work on 460 * an activated pcap_t to point to a routine that returns 461 * a "this isn't activated" error. 462 */ 463 p->read_op = (read_op_t)pcap_not_initialized; 464 p->inject_op = (inject_op_t)pcap_not_initialized; 465 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 466 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 467 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 468 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 469 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 470 p->stats_op = (stats_op_t)pcap_not_initialized; 471 #ifdef WIN32 472 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 473 p->setmode_op = (setmode_op_t)pcap_not_initialized; 474 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 475 p->getadapter_op = pcap_no_adapter; 476 #endif 477 478 /* 479 * Default cleanup operation - implementations can override 480 * this, but should call pcap_cleanup_live_common() after 481 * doing their own additional cleanup. 482 */ 483 p->cleanup_op = pcap_cleanup_live_common; 484 485 /* 486 * In most cases, the standard one-shot callback can 487 * be used for pcap_next()/pcap_next_ex(). 488 */ 489 p->oneshot_callback = pcap_oneshot; 490 } 491 492 static pcap_t * 493 pcap_alloc_pcap_t(char *ebuf, size_t size) 494 { 495 char *chunk; 496 pcap_t *p; 497 498 /* 499 * Allocate a chunk of memory big enough for a pcap_t 500 * plus a structure following it of size "size". The 501 * structure following it is a private data structure 502 * for the routines that handle this pcap_t. 503 */ 504 chunk = malloc(sizeof (pcap_t) + size); 505 if (chunk == NULL) { 506 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 507 pcap_strerror(errno)); 508 return (NULL); 509 } 510 memset(chunk, 0, sizeof (pcap_t) + size); 511 512 /* 513 * Get a pointer to the pcap_t at the beginning. 514 */ 515 p = (pcap_t *)chunk; 516 517 #ifndef WIN32 518 p->fd = -1; /* not opened yet */ 519 p->selectable_fd = -1; 520 #endif 521 522 if (size == 0) { 523 /* No private data was requested. */ 524 p->priv = NULL; 525 } else { 526 /* 527 * Set the pointer to the private data; that's the structure 528 * of size "size" following the pcap_t. 529 */ 530 p->priv = (void *)(chunk + sizeof (pcap_t)); 531 } 532 533 return (p); 534 } 535 536 pcap_t * 537 pcap_create_common(const char *source, char *ebuf, size_t size) 538 { 539 pcap_t *p; 540 541 p = pcap_alloc_pcap_t(ebuf, size); 542 if (p == NULL) 543 return (NULL); 544 545 p->opt.source = strdup(source); 546 if (p->opt.source == NULL) { 547 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 548 pcap_strerror(errno)); 549 free(p); 550 return (NULL); 551 } 552 553 /* 554 * Default to "can't set rfmon mode"; if it's supported by 555 * a platform, the create routine that called us can set 556 * the op to its routine to check whether a particular 557 * device supports it. 558 */ 559 p->can_set_rfmon_op = pcap_cant_set_rfmon; 560 561 initialize_ops(p); 562 563 /* put in some defaults*/ 564 pcap_set_snaplen(p, MAXIMUM_SNAPLEN); /* max packet size */ 565 p->opt.timeout = 0; /* no timeout specified */ 566 p->opt.buffer_size = 0; /* use the platform's default */ 567 p->opt.promisc = 0; 568 p->opt.rfmon = 0; 569 p->opt.immediate = 0; 570 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 571 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 572 573 /* 574 * Start out with no BPF code generation flags set. 575 */ 576 p->bpf_codegen_flags = 0; 577 578 return (p); 579 } 580 581 int 582 pcap_check_activated(pcap_t *p) 583 { 584 if (p->activated) { 585 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 586 " operation on activated capture"); 587 return (-1); 588 } 589 return (0); 590 } 591 592 int 593 pcap_set_snaplen(pcap_t *p, int snaplen) 594 { 595 if (pcap_check_activated(p)) 596 return (PCAP_ERROR_ACTIVATED); 597 p->snapshot = snaplen; 598 return (0); 599 } 600 601 int 602 pcap_set_promisc(pcap_t *p, int promisc) 603 { 604 if (pcap_check_activated(p)) 605 return (PCAP_ERROR_ACTIVATED); 606 p->opt.promisc = promisc; 607 return (0); 608 } 609 610 int 611 pcap_set_rfmon(pcap_t *p, int rfmon) 612 { 613 if (pcap_check_activated(p)) 614 return (PCAP_ERROR_ACTIVATED); 615 p->opt.rfmon = rfmon; 616 return (0); 617 } 618 619 int 620 pcap_set_timeout(pcap_t *p, int timeout_ms) 621 { 622 if (pcap_check_activated(p)) 623 return (PCAP_ERROR_ACTIVATED); 624 p->opt.timeout = timeout_ms; 625 return (0); 626 } 627 628 int 629 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 630 { 631 int i; 632 633 if (pcap_check_activated(p)) 634 return (PCAP_ERROR_ACTIVATED); 635 636 /* 637 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; 638 * the default time stamp type is PCAP_TSTAMP_HOST. 639 */ 640 if (p->tstamp_type_count == 0) { 641 if (tstamp_type == PCAP_TSTAMP_HOST) { 642 p->opt.tstamp_type = tstamp_type; 643 return (0); 644 } 645 } else { 646 /* 647 * Check whether we claim to support this type of time stamp. 648 */ 649 for (i = 0; i < p->tstamp_type_count; i++) { 650 if (p->tstamp_type_list[i] == (u_int)tstamp_type) { 651 /* 652 * Yes. 653 */ 654 p->opt.tstamp_type = tstamp_type; 655 return (0); 656 } 657 } 658 } 659 660 /* 661 * We don't support this type of time stamp. 662 */ 663 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 664 } 665 666 int 667 pcap_set_immediate_mode(pcap_t *p, int immediate) 668 { 669 if (pcap_check_activated(p)) 670 return (PCAP_ERROR_ACTIVATED); 671 p->opt.immediate = immediate; 672 return (0); 673 } 674 675 int 676 pcap_set_buffer_size(pcap_t *p, int buffer_size) 677 { 678 if (pcap_check_activated(p)) 679 return (PCAP_ERROR_ACTIVATED); 680 p->opt.buffer_size = buffer_size; 681 return (0); 682 } 683 684 int 685 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) 686 { 687 int i; 688 689 if (pcap_check_activated(p)) 690 return (PCAP_ERROR_ACTIVATED); 691 692 /* 693 * If p->tstamp_precision_count is 0, we only support setting 694 * the time stamp precision to microsecond precision; every 695 * pcap module *MUST* support microsecond precision, even if 696 * it does so by converting the native precision to 697 * microseconds. 698 */ 699 if (p->tstamp_precision_count == 0) { 700 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) { 701 p->opt.tstamp_precision = tstamp_precision; 702 return (0); 703 } 704 } else { 705 /* 706 * Check whether we claim to support this precision of 707 * time stamp. 708 */ 709 for (i = 0; i < p->tstamp_precision_count; i++) { 710 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { 711 /* 712 * Yes. 713 */ 714 p->opt.tstamp_precision = tstamp_precision; 715 return (0); 716 } 717 } 718 } 719 720 /* 721 * We don't support this time stamp precision. 722 */ 723 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 724 } 725 726 int 727 pcap_get_tstamp_precision(pcap_t *p) 728 { 729 return (p->opt.tstamp_precision); 730 } 731 732 int 733 pcap_activate(pcap_t *p) 734 { 735 int status; 736 737 /* 738 * Catch attempts to re-activate an already-activated 739 * pcap_t; this should, for example, catch code that 740 * calls pcap_open_live() followed by pcap_activate(), 741 * as some code that showed up in a Stack Exchange 742 * question did. 743 */ 744 if (pcap_check_activated(p)) 745 return (PCAP_ERROR_ACTIVATED); 746 status = p->activate_op(p); 747 if (status >= 0) 748 p->activated = 1; 749 else { 750 if (p->errbuf[0] == '\0') { 751 /* 752 * No error message supplied by the activate routine; 753 * for the benefit of programs that don't specially 754 * handle errors other than PCAP_ERROR, return the 755 * error message corresponding to the status. 756 */ 757 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 758 pcap_statustostr(status)); 759 } 760 761 /* 762 * Undo any operation pointer setting, etc. done by 763 * the activate operation. 764 */ 765 initialize_ops(p); 766 } 767 return (status); 768 } 769 770 pcap_t * 771 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf) 772 { 773 pcap_t *p; 774 int status; 775 776 p = pcap_create(source, errbuf); 777 if (p == NULL) 778 return (NULL); 779 status = pcap_set_snaplen(p, snaplen); 780 if (status < 0) 781 goto fail; 782 status = pcap_set_promisc(p, promisc); 783 if (status < 0) 784 goto fail; 785 status = pcap_set_timeout(p, to_ms); 786 if (status < 0) 787 goto fail; 788 /* 789 * Mark this as opened with pcap_open_live(), so that, for 790 * example, we show the full list of DLT_ values, rather 791 * than just the ones that are compatible with capturing 792 * when not in monitor mode. That allows existing applications 793 * to work the way they used to work, but allows new applications 794 * that know about the new open API to, for example, find out the 795 * DLT_ values that they can select without changing whether 796 * the adapter is in monitor mode or not. 797 */ 798 p->oldstyle = 1; 799 status = pcap_activate(p); 800 if (status < 0) 801 goto fail; 802 return (p); 803 fail: 804 if (status == PCAP_ERROR) 805 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 806 p->errbuf); 807 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 808 status == PCAP_ERROR_PERM_DENIED || 809 status == PCAP_ERROR_PROMISC_PERM_DENIED) 810 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, 811 pcap_statustostr(status), p->errbuf); 812 else 813 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 814 pcap_statustostr(status)); 815 pcap_close(p); 816 return (NULL); 817 } 818 819 pcap_t * 820 pcap_open_offline_common(char *ebuf, size_t size) 821 { 822 pcap_t *p; 823 824 p = pcap_alloc_pcap_t(ebuf, size); 825 if (p == NULL) 826 return (NULL); 827 828 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 829 p->opt.source = strdup("(savefile)"); 830 if (p->opt.source == NULL) { 831 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 832 pcap_strerror(errno)); 833 free(p); 834 return (NULL); 835 } 836 837 return (p); 838 } 839 840 int 841 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 842 { 843 return (p->read_op(p, cnt, callback, user)); 844 } 845 846 /* 847 * XXX - is this necessary? 848 */ 849 int 850 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 851 { 852 853 return (p->read_op(p, cnt, callback, user)); 854 } 855 856 int 857 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 858 { 859 register int n; 860 861 for (;;) { 862 if (p->rfile != NULL) { 863 /* 864 * 0 means EOF, so don't loop if we get 0. 865 */ 866 n = pcap_offline_read(p, cnt, callback, user); 867 } else { 868 /* 869 * XXX keep reading until we get something 870 * (or an error occurs) 871 */ 872 do { 873 n = p->read_op(p, cnt, callback, user); 874 } while (n == 0); 875 } 876 if (n <= 0) 877 return (n); 878 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) { 879 cnt -= n; 880 if (cnt <= 0) 881 return (0); 882 } 883 } 884 } 885 886 /* 887 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 888 */ 889 void 890 pcap_breakloop(pcap_t *p) 891 { 892 p->break_loop = 1; 893 } 894 895 int 896 pcap_datalink(pcap_t *p) 897 { 898 if (!p->activated) 899 return (PCAP_ERROR_NOT_ACTIVATED); 900 return (p->linktype); 901 } 902 903 int 904 pcap_datalink_ext(pcap_t *p) 905 { 906 if (!p->activated) 907 return (PCAP_ERROR_NOT_ACTIVATED); 908 return (p->linktype_ext); 909 } 910 911 int 912 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 913 { 914 if (!p->activated) 915 return (PCAP_ERROR_NOT_ACTIVATED); 916 if (p->dlt_count == 0) { 917 /* 918 * We couldn't fetch the list of DLTs, which means 919 * this platform doesn't support changing the 920 * DLT for an interface. Return a list of DLTs 921 * containing only the DLT this device supports. 922 */ 923 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 924 if (*dlt_buffer == NULL) { 925 (void)snprintf(p->errbuf, sizeof(p->errbuf), 926 "malloc: %s", pcap_strerror(errno)); 927 return (PCAP_ERROR); 928 } 929 **dlt_buffer = p->linktype; 930 return (1); 931 } else { 932 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 933 if (*dlt_buffer == NULL) { 934 (void)snprintf(p->errbuf, sizeof(p->errbuf), 935 "malloc: %s", pcap_strerror(errno)); 936 return (PCAP_ERROR); 937 } 938 (void)memcpy(*dlt_buffer, p->dlt_list, 939 sizeof(**dlt_buffer) * p->dlt_count); 940 return (p->dlt_count); 941 } 942 } 943 944 /* 945 * In Windows, you might have a library built with one version of the 946 * C runtime library and an application built with another version of 947 * the C runtime library, which means that the library might use one 948 * version of malloc() and free() and the application might use another 949 * version of malloc() and free(). If so, that means something 950 * allocated by the library cannot be freed by the application, so we 951 * need to have a pcap_free_datalinks() routine to free up the list 952 * allocated by pcap_list_datalinks(), even though it's just a wrapper 953 * around free(). 954 */ 955 void 956 pcap_free_datalinks(int *dlt_list) 957 { 958 free(dlt_list); 959 } 960 961 int 962 pcap_set_datalink(pcap_t *p, int dlt) 963 { 964 int i; 965 const char *dlt_name; 966 967 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 968 /* 969 * We couldn't fetch the list of DLTs, or we don't 970 * have a "set datalink" operation, which means 971 * this platform doesn't support changing the 972 * DLT for an interface. Check whether the new 973 * DLT is the one this interface supports. 974 */ 975 if (p->linktype != dlt) 976 goto unsupported; 977 978 /* 979 * It is, so there's nothing we need to do here. 980 */ 981 return (0); 982 } 983 for (i = 0; i < p->dlt_count; i++) 984 if (p->dlt_list[i] == (u_int)dlt) 985 break; 986 if (i >= p->dlt_count) 987 goto unsupported; 988 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 989 dlt == DLT_DOCSIS) { 990 /* 991 * This is presumably an Ethernet device, as the first 992 * link-layer type it offers is DLT_EN10MB, and the only 993 * other type it offers is DLT_DOCSIS. That means that 994 * we can't tell the driver to supply DOCSIS link-layer 995 * headers - we're just pretending that's what we're 996 * getting, as, presumably, we're capturing on a dedicated 997 * link to a Cisco Cable Modem Termination System, and 998 * it's putting raw DOCSIS frames on the wire inside low-level 999 * Ethernet framing. 1000 */ 1001 p->linktype = dlt; 1002 return (0); 1003 } 1004 if (p->set_datalink_op(p, dlt) == -1) 1005 return (-1); 1006 p->linktype = dlt; 1007 return (0); 1008 1009 unsupported: 1010 dlt_name = pcap_datalink_val_to_name(dlt); 1011 if (dlt_name != NULL) { 1012 (void) snprintf(p->errbuf, sizeof(p->errbuf), 1013 "%s is not one of the DLTs supported by this device", 1014 dlt_name); 1015 } else { 1016 (void) snprintf(p->errbuf, sizeof(p->errbuf), 1017 "DLT %d is not one of the DLTs supported by this device", 1018 dlt); 1019 } 1020 return (-1); 1021 } 1022 1023 /* 1024 * This array is designed for mapping upper and lower case letter 1025 * together for a case independent comparison. The mappings are 1026 * based upon ascii character sequences. 1027 */ 1028 static const u_char charmap[] = { 1029 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 1030 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 1031 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 1032 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 1033 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 1034 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 1035 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 1036 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 1037 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 1038 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 1039 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 1040 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 1041 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 1042 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 1043 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 1044 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 1045 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 1046 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 1047 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 1048 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 1049 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 1050 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 1051 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 1052 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 1053 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 1054 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 1055 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 1056 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 1057 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 1058 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 1059 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 1060 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 1061 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 1062 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 1063 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 1064 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 1065 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 1066 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 1067 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 1068 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 1069 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 1070 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 1071 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 1072 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 1073 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 1074 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 1075 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 1076 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 1077 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 1078 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 1079 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 1080 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 1081 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 1082 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 1083 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 1084 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 1085 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 1086 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 1087 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 1088 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 1089 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 1090 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 1091 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 1092 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 1093 }; 1094 1095 int 1096 pcap_strcasecmp(const char *s1, const char *s2) 1097 { 1098 register const u_char *cm = charmap, 1099 *us1 = (const u_char *)s1, 1100 *us2 = (const u_char *)s2; 1101 1102 while (cm[*us1] == cm[*us2++]) 1103 if (*us1++ == '\0') 1104 return(0); 1105 return (cm[*us1] - cm[*--us2]); 1106 } 1107 1108 struct dlt_choice { 1109 const char *name; 1110 const char *description; 1111 int dlt; 1112 }; 1113 1114 #define DLT_CHOICE(code, description) { #code, description, code } 1115 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 1116 1117 static struct dlt_choice dlt_choices[] = { 1118 DLT_CHOICE(DLT_NULL, "BSD loopback"), 1119 DLT_CHOICE(DLT_EN10MB, "Ethernet"), 1120 DLT_CHOICE(DLT_IEEE802, "Token ring"), 1121 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"), 1122 DLT_CHOICE(DLT_SLIP, "SLIP"), 1123 DLT_CHOICE(DLT_PPP, "PPP"), 1124 DLT_CHOICE(DLT_FDDI, "FDDI"), 1125 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 1126 DLT_CHOICE(DLT_RAW, "Raw IP"), 1127 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), 1128 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), 1129 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), 1130 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), 1131 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), 1132 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"), 1133 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), 1134 DLT_CHOICE(DLT_IEEE802_11, "802.11"), 1135 DLT_CHOICE(DLT_FRELAY, "Frame Relay"), 1136 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), 1137 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), 1138 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), 1139 DLT_CHOICE(DLT_LTALK, "Localtalk"), 1140 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"), 1141 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"), 1142 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), 1143 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 1144 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), 1145 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"), 1146 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), 1147 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 1148 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 1149 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"), 1150 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"), 1151 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 1152 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"), 1153 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 1154 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"), 1155 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 1156 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 1157 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"), 1158 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"), 1159 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"), 1160 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"), 1161 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), 1162 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 1163 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 1164 DLT_CHOICE(DLT_BACNET_MS_TP, "BACnet MS/TP"), 1165 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"), 1166 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"), 1167 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 1168 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"), 1169 DLT_CHOICE(DLT_GPF_T, "GPF-T"), 1170 DLT_CHOICE(DLT_GPF_F, "GPF-F"), 1171 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"), 1172 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"), 1173 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"), 1174 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"), 1175 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"), 1176 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"), 1177 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"), 1178 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"), 1179 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"), 1180 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"), 1181 DLT_CHOICE(DLT_A429, "Arinc 429"), 1182 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"), 1183 DLT_CHOICE(DLT_USB, "USB"), 1184 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 1185 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 1186 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"), 1187 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"), 1188 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 1189 DLT_CHOICE(DLT_PPI, "Per-Packet Information"), 1190 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 1191 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"), 1192 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"), 1193 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"), 1194 DLT_CHOICE(DLT_ERF, "Endace ERF header"), 1195 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"), 1196 DLT_CHOICE(DLT_IPMB, "IPMB"), 1197 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"), 1198 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 1199 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"), 1200 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 1201 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"), 1202 DLT_CHOICE(DLT_LINUX_EVDEV, "Linux evdev events"), 1203 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"), 1204 DLT_CHOICE(DLT_DECT, "DECT"), 1205 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"), 1206 DLT_CHOICE(DLT_WIHART, "Wireless HART"), 1207 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"), 1208 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 1209 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"), 1210 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 1211 DLT_CHOICE(DLT_IPV4, "Raw IPv4"), 1212 DLT_CHOICE(DLT_IPV6, "Raw IPv6"), 1213 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 1214 DLT_CHOICE(DLT_DBUS, "D-Bus"), 1215 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"), 1216 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"), 1217 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 1218 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"), 1219 DLT_CHOICE(DLT_MUX27010, "MUX27010"), 1220 DLT_CHOICE(DLT_STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"), 1221 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 1222 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"), 1223 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 1224 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 1225 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"), 1226 DLT_CHOICE(DLT_MPEG_2_TS, "MPEG-2 transport stream"), 1227 DLT_CHOICE(DLT_NG40, "ng40 protocol tester Iub/Iur"), 1228 DLT_CHOICE(DLT_NFC_LLCP, "NFC LLCP PDUs with pseudo-header"), 1229 DLT_CHOICE(DLT_INFINIBAND, "InfiniBand"), 1230 DLT_CHOICE(DLT_SCTP, "SCTP"), 1231 DLT_CHOICE(DLT_USBPCAP, "USB with USBPcap header"), 1232 DLT_CHOICE(DLT_RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"), 1233 DLT_CHOICE(DLT_BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"), 1234 DLT_CHOICE(DLT_NETLINK, "Linux netlink"), 1235 DLT_CHOICE(DLT_BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"), 1236 DLT_CHOICE(DLT_BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"), 1237 DLT_CHOICE(DLT_BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"), 1238 DLT_CHOICE(DLT_PROFIBUS_DL, "PROFIBUS data link layer"), 1239 DLT_CHOICE(DLT_PKTAP, "Apple DLT_PKTAP"), 1240 DLT_CHOICE(DLT_EPON, "Ethernet with 802.3 Clause 65 EPON preamble"), 1241 DLT_CHOICE_SENTINEL 1242 }; 1243 1244 int 1245 pcap_datalink_name_to_val(const char *name) 1246 { 1247 int i; 1248 1249 for (i = 0; dlt_choices[i].name != NULL; i++) { 1250 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, 1251 name) == 0) 1252 return (dlt_choices[i].dlt); 1253 } 1254 return (-1); 1255 } 1256 1257 const char * 1258 pcap_datalink_val_to_name(int dlt) 1259 { 1260 int i; 1261 1262 for (i = 0; dlt_choices[i].name != NULL; i++) { 1263 if (dlt_choices[i].dlt == dlt) 1264 return (dlt_choices[i].name + sizeof("DLT_") - 1); 1265 } 1266 return (NULL); 1267 } 1268 1269 const char * 1270 pcap_datalink_val_to_description(int dlt) 1271 { 1272 int i; 1273 1274 for (i = 0; dlt_choices[i].name != NULL; i++) { 1275 if (dlt_choices[i].dlt == dlt) 1276 return (dlt_choices[i].description); 1277 } 1278 return (NULL); 1279 } 1280 1281 struct tstamp_type_choice { 1282 const char *name; 1283 const char *description; 1284 int type; 1285 }; 1286 1287 static struct tstamp_type_choice tstamp_type_choices[] = { 1288 { "host", "Host", PCAP_TSTAMP_HOST }, 1289 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 1290 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 1291 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 1292 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 1293 { NULL, NULL, 0 } 1294 }; 1295 1296 int 1297 pcap_tstamp_type_name_to_val(const char *name) 1298 { 1299 int i; 1300 1301 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1302 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 1303 return (tstamp_type_choices[i].type); 1304 } 1305 return (PCAP_ERROR); 1306 } 1307 1308 const char * 1309 pcap_tstamp_type_val_to_name(int tstamp_type) 1310 { 1311 int i; 1312 1313 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1314 if (tstamp_type_choices[i].type == tstamp_type) 1315 return (tstamp_type_choices[i].name); 1316 } 1317 return (NULL); 1318 } 1319 1320 const char * 1321 pcap_tstamp_type_val_to_description(int tstamp_type) 1322 { 1323 int i; 1324 1325 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1326 if (tstamp_type_choices[i].type == tstamp_type) 1327 return (tstamp_type_choices[i].description); 1328 } 1329 return (NULL); 1330 } 1331 1332 int 1333 pcap_snapshot(pcap_t *p) 1334 { 1335 if (!p->activated) 1336 return (PCAP_ERROR_NOT_ACTIVATED); 1337 return (p->snapshot); 1338 } 1339 1340 int 1341 pcap_is_swapped(pcap_t *p) 1342 { 1343 if (!p->activated) 1344 return (PCAP_ERROR_NOT_ACTIVATED); 1345 return (p->swapped); 1346 } 1347 1348 int 1349 pcap_major_version(pcap_t *p) 1350 { 1351 if (!p->activated) 1352 return (PCAP_ERROR_NOT_ACTIVATED); 1353 return (p->version_major); 1354 } 1355 1356 int 1357 pcap_minor_version(pcap_t *p) 1358 { 1359 if (!p->activated) 1360 return (PCAP_ERROR_NOT_ACTIVATED); 1361 return (p->version_minor); 1362 } 1363 1364 FILE * 1365 pcap_file(pcap_t *p) 1366 { 1367 return (p->rfile); 1368 } 1369 1370 int 1371 pcap_fileno(pcap_t *p) 1372 { 1373 #ifndef WIN32 1374 return (p->fd); 1375 #else 1376 if (p->adapter != NULL) 1377 return ((int)(DWORD)p->adapter->hFile); 1378 else 1379 return (PCAP_ERROR); 1380 #endif 1381 } 1382 1383 #if !defined(WIN32) && !defined(MSDOS) 1384 int 1385 pcap_get_selectable_fd(pcap_t *p) 1386 { 1387 return (p->selectable_fd); 1388 } 1389 #endif 1390 1391 void 1392 pcap_perror(pcap_t *p, char *prefix) 1393 { 1394 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1395 } 1396 1397 char * 1398 pcap_geterr(pcap_t *p) 1399 { 1400 return (p->errbuf); 1401 } 1402 1403 int 1404 pcap_getnonblock(pcap_t *p, char *errbuf) 1405 { 1406 int ret; 1407 1408 ret = p->getnonblock_op(p, errbuf); 1409 if (ret == -1) { 1410 /* 1411 * In case somebody depended on the bug wherein 1412 * the error message was put into p->errbuf 1413 * by pcap_getnonblock_fd(). 1414 */ 1415 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1416 } 1417 return (ret); 1418 } 1419 1420 /* 1421 * Get the current non-blocking mode setting, under the assumption that 1422 * it's just the standard POSIX non-blocking flag. 1423 * 1424 * We don't look at "p->nonblock", in case somebody tweaked the FD 1425 * directly. 1426 */ 1427 #if !defined(WIN32) && !defined(MSDOS) 1428 int 1429 pcap_getnonblock_fd(pcap_t *p, char *errbuf) 1430 { 1431 int fdflags; 1432 1433 fdflags = fcntl(p->fd, F_GETFL, 0); 1434 if (fdflags == -1) { 1435 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1436 pcap_strerror(errno)); 1437 return (-1); 1438 } 1439 if (fdflags & O_NONBLOCK) 1440 return (1); 1441 else 1442 return (0); 1443 } 1444 #endif 1445 1446 int 1447 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 1448 { 1449 int ret; 1450 1451 ret = p->setnonblock_op(p, nonblock, errbuf); 1452 if (ret == -1) { 1453 /* 1454 * In case somebody depended on the bug wherein 1455 * the error message was put into p->errbuf 1456 * by pcap_setnonblock_fd(). 1457 */ 1458 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1459 } 1460 return (ret); 1461 } 1462 1463 #if !defined(WIN32) && !defined(MSDOS) 1464 /* 1465 * Set non-blocking mode, under the assumption that it's just the 1466 * standard POSIX non-blocking flag. (This can be called by the 1467 * per-platform non-blocking-mode routine if that routine also 1468 * needs to do some additional work.) 1469 */ 1470 int 1471 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf) 1472 { 1473 int fdflags; 1474 1475 fdflags = fcntl(p->fd, F_GETFL, 0); 1476 if (fdflags == -1) { 1477 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1478 pcap_strerror(errno)); 1479 return (-1); 1480 } 1481 if (nonblock) 1482 fdflags |= O_NONBLOCK; 1483 else 1484 fdflags &= ~O_NONBLOCK; 1485 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1486 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1487 pcap_strerror(errno)); 1488 return (-1); 1489 } 1490 return (0); 1491 } 1492 #endif 1493 1494 #ifdef WIN32 1495 /* 1496 * Generate a string for the last Win32-specific error (i.e. an error generated when 1497 * calling a Win32 API). 1498 * For errors occurred during standard C calls, we still use pcap_strerror() 1499 */ 1500 char * 1501 pcap_win32strerror(void) 1502 { 1503 DWORD error; 1504 static char errbuf[PCAP_ERRBUF_SIZE+1]; 1505 int errlen; 1506 char *p; 1507 1508 error = GetLastError(); 1509 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1510 PCAP_ERRBUF_SIZE, NULL); 1511 1512 /* 1513 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1514 * message. Get rid of it. 1515 */ 1516 errlen = strlen(errbuf); 1517 if (errlen >= 2) { 1518 errbuf[errlen - 1] = '\0'; 1519 errbuf[errlen - 2] = '\0'; 1520 } 1521 p = strchr(errbuf, '\0'); 1522 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error); 1523 return (errbuf); 1524 } 1525 #endif 1526 1527 /* 1528 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1529 */ 1530 const char * 1531 pcap_statustostr(int errnum) 1532 { 1533 static char ebuf[15+10+1]; 1534 1535 switch (errnum) { 1536 1537 case PCAP_WARNING: 1538 return("Generic warning"); 1539 1540 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1541 return ("That type of time stamp is not supported by that device"); 1542 1543 case PCAP_WARNING_PROMISC_NOTSUP: 1544 return ("That device doesn't support promiscuous mode"); 1545 1546 case PCAP_ERROR: 1547 return("Generic error"); 1548 1549 case PCAP_ERROR_BREAK: 1550 return("Loop terminated by pcap_breakloop"); 1551 1552 case PCAP_ERROR_NOT_ACTIVATED: 1553 return("The pcap_t has not been activated"); 1554 1555 case PCAP_ERROR_ACTIVATED: 1556 return ("The setting can't be changed after the pcap_t is activated"); 1557 1558 case PCAP_ERROR_NO_SUCH_DEVICE: 1559 return ("No such device exists"); 1560 1561 case PCAP_ERROR_RFMON_NOTSUP: 1562 return ("That device doesn't support monitor mode"); 1563 1564 case PCAP_ERROR_NOT_RFMON: 1565 return ("That operation is supported only in monitor mode"); 1566 1567 case PCAP_ERROR_PERM_DENIED: 1568 return ("You don't have permission to capture on that device"); 1569 1570 case PCAP_ERROR_IFACE_NOT_UP: 1571 return ("That device is not up"); 1572 1573 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1574 return ("That device doesn't support setting the time stamp type"); 1575 1576 case PCAP_ERROR_PROMISC_PERM_DENIED: 1577 return ("You don't have permission to capture in promiscuous mode on that device"); 1578 1579 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP: 1580 return ("That device doesn't support that time stamp precision"); 1581 } 1582 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1583 return(ebuf); 1584 } 1585 1586 /* 1587 * Not all systems have strerror(). 1588 */ 1589 const char * 1590 pcap_strerror(int errnum) 1591 { 1592 #ifdef HAVE_STRERROR 1593 return (strerror(errnum)); 1594 #else 1595 extern int sys_nerr; 1596 extern const char *const sys_errlist[]; 1597 static char ebuf[15+10+1]; 1598 1599 if ((unsigned int)errnum < sys_nerr) 1600 return ((char *)sys_errlist[errnum]); 1601 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1602 return(ebuf); 1603 #endif 1604 } 1605 1606 int 1607 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 1608 { 1609 return (p->setfilter_op(p, fp)); 1610 } 1611 1612 /* 1613 * Set direction flag, which controls whether we accept only incoming 1614 * packets, only outgoing packets, or both. 1615 * Note that, depending on the platform, some or all direction arguments 1616 * might not be supported. 1617 */ 1618 int 1619 pcap_setdirection(pcap_t *p, pcap_direction_t d) 1620 { 1621 if (p->setdirection_op == NULL) { 1622 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1623 "Setting direction is not implemented on this platform"); 1624 return (-1); 1625 } else 1626 return (p->setdirection_op(p, d)); 1627 } 1628 1629 int 1630 pcap_stats(pcap_t *p, struct pcap_stat *ps) 1631 { 1632 return (p->stats_op(p, ps)); 1633 } 1634 1635 static int 1636 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 1637 { 1638 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1639 "Statistics aren't available from a pcap_open_dead pcap_t"); 1640 return (-1); 1641 } 1642 1643 #ifdef WIN32 1644 int 1645 pcap_setbuff(pcap_t *p, int dim) 1646 { 1647 return (p->setbuff_op(p, dim)); 1648 } 1649 1650 static int 1651 pcap_setbuff_dead(pcap_t *p, int dim) 1652 { 1653 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1654 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1655 return (-1); 1656 } 1657 1658 int 1659 pcap_setmode(pcap_t *p, int mode) 1660 { 1661 return (p->setmode_op(p, mode)); 1662 } 1663 1664 static int 1665 pcap_setmode_dead(pcap_t *p, int mode) 1666 { 1667 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1668 "impossible to set mode on a pcap_open_dead pcap_t"); 1669 return (-1); 1670 } 1671 1672 int 1673 pcap_setmintocopy(pcap_t *p, int size) 1674 { 1675 return (p->setmintocopy_op(p, size)); 1676 } 1677 1678 Adapter * 1679 pcap_get_adapter(pcap_t *p) 1680 { 1681 return (p->getadapter_op(p)); 1682 } 1683 1684 static int 1685 pcap_setmintocopy_dead(pcap_t *p, int size) 1686 { 1687 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1688 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1689 return (-1); 1690 } 1691 #endif 1692 1693 /* 1694 * On some platforms, we need to clean up promiscuous or monitor mode 1695 * when we close a device - and we want that to happen even if the 1696 * application just exits without explicitl closing devices. 1697 * On those platforms, we need to register a "close all the pcaps" 1698 * routine to be called when we exit, and need to maintain a list of 1699 * pcaps that need to be closed to clean up modes. 1700 * 1701 * XXX - not thread-safe. 1702 */ 1703 1704 /* 1705 * List of pcaps on which we've done something that needs to be 1706 * cleaned up. 1707 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1708 * when we exit, and have it close all of them. 1709 */ 1710 static struct pcap *pcaps_to_close; 1711 1712 /* 1713 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1714 * be called on exit. 1715 */ 1716 static int did_atexit; 1717 1718 static void 1719 pcap_close_all(void) 1720 { 1721 struct pcap *handle; 1722 1723 while ((handle = pcaps_to_close) != NULL) 1724 pcap_close(handle); 1725 } 1726 1727 int 1728 pcap_do_addexit(pcap_t *p) 1729 { 1730 /* 1731 * If we haven't already done so, arrange to have 1732 * "pcap_close_all()" called when we exit. 1733 */ 1734 if (!did_atexit) { 1735 if (atexit(pcap_close_all) == -1) { 1736 /* 1737 * "atexit()" failed; let our caller know. 1738 */ 1739 strncpy(p->errbuf, "atexit failed", 1740 PCAP_ERRBUF_SIZE); 1741 return (0); 1742 } 1743 did_atexit = 1; 1744 } 1745 return (1); 1746 } 1747 1748 void 1749 pcap_add_to_pcaps_to_close(pcap_t *p) 1750 { 1751 p->next = pcaps_to_close; 1752 pcaps_to_close = p; 1753 } 1754 1755 void 1756 pcap_remove_from_pcaps_to_close(pcap_t *p) 1757 { 1758 pcap_t *pc, *prevpc; 1759 1760 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1761 prevpc = pc, pc = pc->next) { 1762 if (pc == p) { 1763 /* 1764 * Found it. Remove it from the list. 1765 */ 1766 if (prevpc == NULL) { 1767 /* 1768 * It was at the head of the list. 1769 */ 1770 pcaps_to_close = pc->next; 1771 } else { 1772 /* 1773 * It was in the middle of the list. 1774 */ 1775 prevpc->next = pc->next; 1776 } 1777 break; 1778 } 1779 } 1780 } 1781 1782 void 1783 pcap_cleanup_live_common(pcap_t *p) 1784 { 1785 if (p->buffer != NULL) { 1786 free(p->buffer); 1787 p->buffer = NULL; 1788 } 1789 if (p->dlt_list != NULL) { 1790 free(p->dlt_list); 1791 p->dlt_list = NULL; 1792 p->dlt_count = 0; 1793 } 1794 if (p->tstamp_type_list != NULL) { 1795 free(p->tstamp_type_list); 1796 p->tstamp_type_list = NULL; 1797 p->tstamp_type_count = 0; 1798 } 1799 if (p->tstamp_precision_list != NULL) { 1800 free(p->tstamp_precision_list); 1801 p->tstamp_precision_list = NULL; 1802 p->tstamp_precision_count = 0; 1803 } 1804 pcap_freecode(&p->fcode); 1805 #if !defined(WIN32) && !defined(MSDOS) 1806 if (p->fd >= 0) { 1807 close(p->fd); 1808 p->fd = -1; 1809 } 1810 p->selectable_fd = -1; 1811 #endif 1812 } 1813 1814 static void 1815 pcap_cleanup_dead(pcap_t *p _U_) 1816 { 1817 /* Nothing to do. */ 1818 } 1819 1820 pcap_t * 1821 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) 1822 { 1823 pcap_t *p; 1824 1825 switch (precision) { 1826 1827 case PCAP_TSTAMP_PRECISION_MICRO: 1828 case PCAP_TSTAMP_PRECISION_NANO: 1829 break; 1830 1831 default: 1832 return NULL; 1833 } 1834 p = malloc(sizeof(*p)); 1835 if (p == NULL) 1836 return NULL; 1837 memset (p, 0, sizeof(*p)); 1838 p->snapshot = snaplen; 1839 p->linktype = linktype; 1840 p->opt.tstamp_precision = precision; 1841 p->stats_op = pcap_stats_dead; 1842 #ifdef WIN32 1843 p->setbuff_op = pcap_setbuff_dead; 1844 p->setmode_op = pcap_setmode_dead; 1845 p->setmintocopy_op = pcap_setmintocopy_dead; 1846 #endif 1847 p->cleanup_op = pcap_cleanup_dead; 1848 1849 /* 1850 * A "dead" pcap_t never requires special BPF code generation. 1851 */ 1852 p->bpf_codegen_flags = 0; 1853 1854 p->activated = 1; 1855 return (p); 1856 } 1857 1858 pcap_t * 1859 pcap_open_dead(int linktype, int snaplen) 1860 { 1861 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen, 1862 PCAP_TSTAMP_PRECISION_MICRO)); 1863 } 1864 1865 /* 1866 * API compatible with WinPcap's "send a packet" routine - returns -1 1867 * on error, 0 otherwise. 1868 * 1869 * XXX - what if we get a short write? 1870 */ 1871 int 1872 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 1873 { 1874 if (p->inject_op(p, buf, size) == -1) 1875 return (-1); 1876 return (0); 1877 } 1878 1879 /* 1880 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 1881 * error, number of bytes written otherwise. 1882 */ 1883 int 1884 pcap_inject(pcap_t *p, const void *buf, size_t size) 1885 { 1886 return (p->inject_op(p, buf, size)); 1887 } 1888 1889 void 1890 pcap_close(pcap_t *p) 1891 { 1892 if (p->opt.source != NULL) 1893 free(p->opt.source); 1894 p->cleanup_op(p); 1895 free(p); 1896 } 1897 1898 /* 1899 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 1900 * data for the packet, check whether the packet passes the filter. 1901 * Returns the return value of the filter program, which will be zero if 1902 * the packet doesn't pass and non-zero if the packet does pass. 1903 */ 1904 int 1905 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 1906 const u_char *pkt) 1907 { 1908 const struct bpf_insn *fcode = fp->bf_insns; 1909 1910 if (fcode != NULL) 1911 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 1912 else 1913 return (0); 1914 } 1915 1916 /* 1917 * We make the version string static, and return a pointer to it, rather 1918 * than exporting the version string directly. On at least some UNIXes, 1919 * if you import data from a shared library into an program, the data is 1920 * bound into the program binary, so if the string in the version of the 1921 * library with which the program was linked isn't the same as the 1922 * string in the version of the library with which the program is being 1923 * run, various undesirable things may happen (warnings, the string 1924 * being the one from the version of the library with which the program 1925 * was linked, or even weirder things, such as the string being the one 1926 * from the library but being truncated). 1927 */ 1928 #ifdef HAVE_VERSION_H 1929 #include "version.h" 1930 #else 1931 static const char pcap_version_string[] = "libpcap version 1.x.y"; 1932 #endif 1933 1934 #ifdef WIN32 1935 /* 1936 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap 1937 * version numbers when building WinPcap. (It'd be nice to do so for 1938 * the packet.dll version number as well.) 1939 */ 1940 static const char wpcap_version_string[] = "4.0"; 1941 static const char pcap_version_string_fmt[] = 1942 "WinPcap version %s, based on %s"; 1943 static const char pcap_version_string_packet_dll_fmt[] = 1944 "WinPcap version %s (packet.dll version %s), based on %s"; 1945 static char *full_pcap_version_string; 1946 1947 const char * 1948 pcap_lib_version(void) 1949 { 1950 char *packet_version_string; 1951 size_t full_pcap_version_string_len; 1952 1953 if (full_pcap_version_string == NULL) { 1954 /* 1955 * Generate the version string. 1956 */ 1957 packet_version_string = PacketGetVersion(); 1958 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 1959 /* 1960 * WinPcap version string and packet.dll version 1961 * string are the same; just report the WinPcap 1962 * version. 1963 */ 1964 full_pcap_version_string_len = 1965 (sizeof pcap_version_string_fmt - 4) + 1966 strlen(wpcap_version_string) + 1967 strlen(pcap_version_string); 1968 full_pcap_version_string = 1969 malloc(full_pcap_version_string_len); 1970 if (full_pcap_version_string == NULL) 1971 return (NULL); 1972 sprintf(full_pcap_version_string, 1973 pcap_version_string_fmt, wpcap_version_string, 1974 pcap_version_string); 1975 } else { 1976 /* 1977 * WinPcap version string and packet.dll version 1978 * string are different; that shouldn't be the 1979 * case (the two libraries should come from the 1980 * same version of WinPcap), so we report both 1981 * versions. 1982 */ 1983 full_pcap_version_string_len = 1984 (sizeof pcap_version_string_packet_dll_fmt - 6) + 1985 strlen(wpcap_version_string) + 1986 strlen(packet_version_string) + 1987 strlen(pcap_version_string); 1988 full_pcap_version_string = malloc(full_pcap_version_string_len); 1989 if (full_pcap_version_string == NULL) 1990 return (NULL); 1991 sprintf(full_pcap_version_string, 1992 pcap_version_string_packet_dll_fmt, 1993 wpcap_version_string, packet_version_string, 1994 pcap_version_string); 1995 } 1996 } 1997 return (full_pcap_version_string); 1998 } 1999 2000 #elif defined(MSDOS) 2001 2002 static char *full_pcap_version_string; 2003 2004 const char * 2005 pcap_lib_version (void) 2006 { 2007 char *packet_version_string; 2008 size_t full_pcap_version_string_len; 2009 static char dospfx[] = "DOS-"; 2010 2011 if (full_pcap_version_string == NULL) { 2012 /* 2013 * Generate the version string. 2014 */ 2015 full_pcap_version_string_len = 2016 sizeof dospfx + strlen(pcap_version_string); 2017 full_pcap_version_string = 2018 malloc(full_pcap_version_string_len); 2019 if (full_pcap_version_string == NULL) 2020 return (NULL); 2021 strcpy(full_pcap_version_string, dospfx); 2022 strcat(full_pcap_version_string, pcap_version_string); 2023 } 2024 return (full_pcap_version_string); 2025 } 2026 2027 #else /* UN*X */ 2028 2029 const char * 2030 pcap_lib_version(void) 2031 { 2032 return (pcap_version_string); 2033 } 2034 #endif 2035