1 /* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifdef HAVE_CONFIG_H 35 #include <config.h> 36 #endif 37 38 #include <pcap-types.h> 39 #ifndef _WIN32 40 #include <sys/param.h> 41 #ifndef MSDOS 42 #include <sys/file.h> 43 #endif 44 #include <sys/ioctl.h> 45 #include <sys/socket.h> 46 #ifdef HAVE_SYS_SOCKIO_H 47 #include <sys/sockio.h> 48 #endif 49 50 struct mbuf; /* Squelch compiler warnings on some platforms for */ 51 struct rtentry; /* declarations in <net/if.h> */ 52 #include <net/if.h> 53 #include <netinet/in.h> 54 #endif /* _WIN32 */ 55 56 #include <stdio.h> 57 #include <stdlib.h> 58 #include <string.h> 59 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 60 #include <unistd.h> 61 #endif 62 #include <fcntl.h> 63 #include <errno.h> 64 #include <limits.h> 65 66 #include "diag-control.h" 67 68 #ifdef HAVE_OS_PROTO_H 69 #include "os-proto.h" 70 #endif 71 72 #ifdef MSDOS 73 #include "pcap-dos.h" 74 #endif 75 76 #include "pcap-int.h" 77 78 #include "optimize.h" 79 80 #ifdef HAVE_DAG_API 81 #include "pcap-dag.h" 82 #endif /* HAVE_DAG_API */ 83 84 #ifdef HAVE_SEPTEL_API 85 #include "pcap-septel.h" 86 #endif /* HAVE_SEPTEL_API */ 87 88 #ifdef HAVE_SNF_API 89 #include "pcap-snf.h" 90 #endif /* HAVE_SNF_API */ 91 92 #ifdef HAVE_TC_API 93 #include "pcap-tc.h" 94 #endif /* HAVE_TC_API */ 95 96 #ifdef PCAP_SUPPORT_LINUX_USBMON 97 #include "pcap-usb-linux.h" 98 #endif 99 100 #ifdef PCAP_SUPPORT_BT 101 #include "pcap-bt-linux.h" 102 #endif 103 104 #ifdef PCAP_SUPPORT_BT_MONITOR 105 #include "pcap-bt-monitor-linux.h" 106 #endif 107 108 #ifdef PCAP_SUPPORT_NETFILTER 109 #include "pcap-netfilter-linux.h" 110 #endif 111 112 #ifdef PCAP_SUPPORT_NETMAP 113 #include "pcap-netmap.h" 114 #endif 115 116 #ifdef PCAP_SUPPORT_DBUS 117 #include "pcap-dbus.h" 118 #endif 119 120 #ifdef PCAP_SUPPORT_RDMASNIFF 121 #include "pcap-rdmasniff.h" 122 #endif 123 124 #ifdef PCAP_SUPPORT_DPDK 125 #include "pcap-dpdk.h" 126 #endif 127 128 #ifdef HAVE_AIRPCAP_API 129 #include "pcap-airpcap.h" 130 #endif 131 132 #ifdef _WIN32 133 /* 134 * DllMain(), required when built as a Windows DLL. 135 * 136 * To quote the WSAStartup() documentation: 137 * 138 * The WSAStartup function typically leads to protocol-specific helper 139 * DLLs being loaded. As a result, the WSAStartup function should not 140 * be called from the DllMain function in a application DLL. This can 141 * potentially cause deadlocks. 142 * 143 * and the WSACleanup() documentation: 144 * 145 * The WSACleanup function typically leads to protocol-specific helper 146 * DLLs being unloaded. As a result, the WSACleanup function should not 147 * be called from the DllMain function in a application DLL. This can 148 * potentially cause deadlocks. 149 * 150 * So we don't initialize Winsock here. pcap_init() should be called 151 * to initialize pcap on both UN*X and Windows; it will initialize 152 * Winsock on Windows. (It will also be initialized as needed if 153 * pcap_init() hasn't been called.) 154 */ 155 BOOL WINAPI DllMain( 156 HANDLE hinstDLL _U_, 157 DWORD dwReason _U_, 158 LPVOID lpvReserved _U_ 159 ) 160 { 161 return (TRUE); 162 } 163 164 /* 165 * Start Winsock. 166 * Internal routine. 167 */ 168 static int 169 internal_wsockinit(char *errbuf) 170 { 171 WORD wVersionRequested; 172 WSADATA wsaData; 173 static int err = -1; 174 static int done = 0; 175 int status; 176 177 if (done) 178 return (err); 179 180 /* 181 * Versions of Windows that don't support Winsock 2.2 are 182 * too old for us. 183 */ 184 wVersionRequested = MAKEWORD(2, 2); 185 status = WSAStartup(wVersionRequested, &wsaData); 186 done = 1; 187 if (status != 0) { 188 if (errbuf != NULL) { 189 pcap_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE, 190 status, "WSAStartup() failed"); 191 } 192 return (err); 193 } 194 atexit ((void(*)(void))WSACleanup); 195 err = 0; 196 return (err); 197 } 198 199 /* 200 * Exported in case some applications using WinPcap/Npcap called it, 201 * even though it wasn't exported. 202 */ 203 int 204 wsockinit(void) 205 { 206 return (internal_wsockinit(NULL)); 207 } 208 209 /* 210 * This is the exported function; new programs should call this. 211 * *Newer* programs should call pcap_init(). 212 */ 213 int 214 pcap_wsockinit(void) 215 { 216 return (internal_wsockinit(NULL)); 217 } 218 #endif /* _WIN32 */ 219 220 /* 221 * Do whatever initialization is needed for libpcap. 222 * 223 * The argument specifies whether we use the local code page or UTF-8 224 * for strings; on UN*X, we just assume UTF-8 in places where the encoding 225 * would matter, whereas, on Windows, we use the local code page for 226 * PCAP_CHAR_ENC_LOCAL and UTF-8 for PCAP_CHAR_ENC_UTF_8. 227 * 228 * On Windows, we also disable the hack in pcap_create() to deal with 229 * being handed UTF-16 strings, because if the user calls this they're 230 * explicitly declaring that they will either be passing local code 231 * page strings or UTF-8 strings, so we don't need to allow UTF-16LE 232 * strings to be passed. For good measure, on Windows *and* UN*X, 233 * we disable pcap_lookupdev(), to prevent anybody from even 234 * *trying* to pass the result of pcap_lookupdev() - which might be 235 * UTF-16LE on Windows, for ugly compatibility reasons - to pcap_create() 236 * or pcap_open_live() or pcap_open(). 237 * 238 * Returns 0 on success, -1 on error. 239 */ 240 int pcap_new_api; /* pcap_lookupdev() always fails */ 241 int pcap_utf_8_mode; /* Strings should be in UTF-8. */ 242 243 int 244 pcap_init(unsigned int opts, char *errbuf) 245 { 246 static int initialized; 247 248 /* 249 * Don't allow multiple calls that set different modes; that 250 * may mean a library is initializing pcap in one mode and 251 * a program using that library, or another library used by 252 * that program, is initializing it in another mode. 253 */ 254 switch (opts) { 255 256 case PCAP_CHAR_ENC_LOCAL: 257 /* Leave "UTF-8 mode" off. */ 258 if (initialized) { 259 if (pcap_utf_8_mode) { 260 snprintf(errbuf, PCAP_ERRBUF_SIZE, 261 "Multiple pcap_init calls with different character encodings"); 262 return (-1); 263 } 264 } 265 break; 266 267 case PCAP_CHAR_ENC_UTF_8: 268 /* Turn on "UTF-8 mode". */ 269 if (initialized) { 270 if (!pcap_utf_8_mode) { 271 snprintf(errbuf, PCAP_ERRBUF_SIZE, 272 "Multiple pcap_init calls with different character encodings"); 273 return (-1); 274 } 275 } 276 pcap_utf_8_mode = 1; 277 break; 278 279 default: 280 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Unknown options specified"); 281 return (-1); 282 } 283 284 /* 285 * Turn the appropriate mode on for error messages; those routines 286 * are also used in rpcapd, which has no access to pcap's internal 287 * UTF-8 mode flag, so we have to call a routine to set its 288 * UTF-8 mode flag. 289 */ 290 pcap_fmt_set_encoding(opts); 291 292 if (initialized) { 293 /* 294 * Nothing more to do; for example, on Windows, we've 295 * already initialized Winsock. 296 */ 297 return (0); 298 } 299 300 #ifdef _WIN32 301 /* 302 * Now set up Winsock. 303 */ 304 if (internal_wsockinit(errbuf) == -1) { 305 /* Failed. */ 306 return (-1); 307 } 308 #endif 309 310 /* 311 * We're done. 312 */ 313 initialized = 1; 314 pcap_new_api = 1; 315 return (0); 316 } 317 318 /* 319 * String containing the library version. 320 * Not explicitly exported via a header file - the right API to use 321 * is pcap_lib_version() - but some programs included it, so we 322 * provide it. 323 * 324 * We declare it here, right before defining it, to squelch any 325 * warnings we might get from compilers about the lack of a 326 * declaration. 327 */ 328 PCAP_API char pcap_version[]; 329 PCAP_API_DEF char pcap_version[] = PACKAGE_VERSION; 330 331 static void 332 pcap_set_not_initialized_message(pcap_t *pcap) 333 { 334 if (pcap->activated) { 335 /* A module probably forgot to set the function pointer */ 336 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), 337 "This operation isn't properly handled by that device"); 338 return; 339 } 340 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */ 341 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), 342 "This handle hasn't been activated yet"); 343 } 344 345 static int 346 pcap_read_not_initialized(pcap_t *pcap, int cnt _U_, pcap_handler callback _U_, 347 u_char *user _U_) 348 { 349 pcap_set_not_initialized_message(pcap); 350 /* this means 'not initialized' */ 351 return (PCAP_ERROR_NOT_ACTIVATED); 352 } 353 354 static int 355 pcap_inject_not_initialized(pcap_t *pcap, const void * buf _U_, int size _U_) 356 { 357 pcap_set_not_initialized_message(pcap); 358 /* this means 'not initialized' */ 359 return (PCAP_ERROR_NOT_ACTIVATED); 360 } 361 362 static int 363 pcap_setfilter_not_initialized(pcap_t *pcap, struct bpf_program *fp _U_) 364 { 365 pcap_set_not_initialized_message(pcap); 366 /* this means 'not initialized' */ 367 return (PCAP_ERROR_NOT_ACTIVATED); 368 } 369 370 static int 371 pcap_setdirection_not_initialized(pcap_t *pcap, pcap_direction_t d _U_) 372 { 373 pcap_set_not_initialized_message(pcap); 374 /* this means 'not initialized' */ 375 return (PCAP_ERROR_NOT_ACTIVATED); 376 } 377 378 static int 379 pcap_set_datalink_not_initialized(pcap_t *pcap, int dlt _U_) 380 { 381 pcap_set_not_initialized_message(pcap); 382 /* this means 'not initialized' */ 383 return (PCAP_ERROR_NOT_ACTIVATED); 384 } 385 386 static int 387 pcap_getnonblock_not_initialized(pcap_t *pcap) 388 { 389 pcap_set_not_initialized_message(pcap); 390 /* this means 'not initialized' */ 391 return (PCAP_ERROR_NOT_ACTIVATED); 392 } 393 394 static int 395 pcap_stats_not_initialized(pcap_t *pcap, struct pcap_stat *ps _U_) 396 { 397 pcap_set_not_initialized_message(pcap); 398 /* this means 'not initialized' */ 399 return (PCAP_ERROR_NOT_ACTIVATED); 400 } 401 402 #ifdef _WIN32 403 static struct pcap_stat * 404 pcap_stats_ex_not_initialized(pcap_t *pcap, int *pcap_stat_size _U_) 405 { 406 pcap_set_not_initialized_message(pcap); 407 return (NULL); 408 } 409 410 static int 411 pcap_setbuff_not_initialized(pcap_t *pcap, int dim _U_) 412 { 413 pcap_set_not_initialized_message(pcap); 414 /* this means 'not initialized' */ 415 return (PCAP_ERROR_NOT_ACTIVATED); 416 } 417 418 static int 419 pcap_setmode_not_initialized(pcap_t *pcap, int mode _U_) 420 { 421 pcap_set_not_initialized_message(pcap); 422 /* this means 'not initialized' */ 423 return (PCAP_ERROR_NOT_ACTIVATED); 424 } 425 426 static int 427 pcap_setmintocopy_not_initialized(pcap_t *pcap, int size _U_) 428 { 429 pcap_set_not_initialized_message(pcap); 430 /* this means 'not initialized' */ 431 return (PCAP_ERROR_NOT_ACTIVATED); 432 } 433 434 static HANDLE 435 pcap_getevent_not_initialized(pcap_t *pcap) 436 { 437 pcap_set_not_initialized_message(pcap); 438 return (INVALID_HANDLE_VALUE); 439 } 440 441 static int 442 pcap_oid_get_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_, 443 void *data _U_, size_t *lenp _U_) 444 { 445 pcap_set_not_initialized_message(pcap); 446 return (PCAP_ERROR_NOT_ACTIVATED); 447 } 448 449 static int 450 pcap_oid_set_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_, 451 const void *data _U_, size_t *lenp _U_) 452 { 453 pcap_set_not_initialized_message(pcap); 454 return (PCAP_ERROR_NOT_ACTIVATED); 455 } 456 457 static u_int 458 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue _U_, 459 int sync _U_) 460 { 461 pcap_set_not_initialized_message(pcap); 462 return (0); 463 } 464 465 static int 466 pcap_setuserbuffer_not_initialized(pcap_t *pcap, int size _U_) 467 { 468 pcap_set_not_initialized_message(pcap); 469 return (PCAP_ERROR_NOT_ACTIVATED); 470 } 471 472 static int 473 pcap_live_dump_not_initialized(pcap_t *pcap, char *filename _U_, int maxsize _U_, 474 int maxpacks _U_) 475 { 476 pcap_set_not_initialized_message(pcap); 477 return (PCAP_ERROR_NOT_ACTIVATED); 478 } 479 480 static int 481 pcap_live_dump_ended_not_initialized(pcap_t *pcap, int sync _U_) 482 { 483 pcap_set_not_initialized_message(pcap); 484 return (PCAP_ERROR_NOT_ACTIVATED); 485 } 486 487 static PAirpcapHandle 488 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap) 489 { 490 pcap_set_not_initialized_message(pcap); 491 return (NULL); 492 } 493 #endif 494 495 /* 496 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 497 * a PCAP_ERROR value on an error. 498 */ 499 int 500 pcap_can_set_rfmon(pcap_t *p) 501 { 502 return (p->can_set_rfmon_op(p)); 503 } 504 505 /* 506 * For systems where rfmon mode is never supported. 507 */ 508 static int 509 pcap_cant_set_rfmon(pcap_t *p _U_) 510 { 511 return (0); 512 } 513 514 /* 515 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 516 * types; the return value is the number of supported time stamp types. 517 * The list should be freed by a call to pcap_free_tstamp_types() when 518 * you're done with it. 519 * 520 * A return value of 0 means "you don't get a choice of time stamp type", 521 * in which case *tstamp_typesp is set to null. 522 * 523 * PCAP_ERROR is returned on error. 524 */ 525 int 526 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 527 { 528 if (p->tstamp_type_count == 0) { 529 /* 530 * We don't support multiple time stamp types. 531 * That means the only type we support is PCAP_TSTAMP_HOST; 532 * set up a list containing only that type. 533 */ 534 *tstamp_typesp = (int*)malloc(sizeof(**tstamp_typesp)); 535 if (*tstamp_typesp == NULL) { 536 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 537 errno, "malloc"); 538 return (PCAP_ERROR); 539 } 540 **tstamp_typesp = PCAP_TSTAMP_HOST; 541 return (1); 542 } else { 543 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 544 p->tstamp_type_count); 545 if (*tstamp_typesp == NULL) { 546 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 547 errno, "malloc"); 548 return (PCAP_ERROR); 549 } 550 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 551 sizeof(**tstamp_typesp) * p->tstamp_type_count); 552 return (p->tstamp_type_count); 553 } 554 } 555 556 /* 557 * In Windows, you might have a library built with one version of the 558 * C runtime library and an application built with another version of 559 * the C runtime library, which means that the library might use one 560 * version of malloc() and free() and the application might use another 561 * version of malloc() and free(). If so, that means something 562 * allocated by the library cannot be freed by the application, so we 563 * need to have a pcap_free_tstamp_types() routine to free up the list 564 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 565 * around free(). 566 */ 567 void 568 pcap_free_tstamp_types(int *tstamp_type_list) 569 { 570 free(tstamp_type_list); 571 } 572 573 /* 574 * Default one-shot callback; overridden for capture types where the 575 * packet data cannot be guaranteed to be available after the callback 576 * returns, so that a copy must be made. 577 */ 578 void 579 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 580 { 581 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 582 583 *sp->hdr = *h; 584 *sp->pkt = pkt; 585 } 586 587 const u_char * 588 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 589 { 590 struct oneshot_userdata s; 591 const u_char *pkt; 592 593 s.hdr = h; 594 s.pkt = &pkt; 595 s.pd = p; 596 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 597 return (0); 598 return (pkt); 599 } 600 601 int 602 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 603 const u_char **pkt_data) 604 { 605 struct oneshot_userdata s; 606 607 s.hdr = &p->pcap_header; 608 s.pkt = pkt_data; 609 s.pd = p; 610 611 /* Saves a pointer to the packet headers */ 612 *pkt_header= &p->pcap_header; 613 614 if (p->rfile != NULL) { 615 int status; 616 617 /* We are on an offline capture */ 618 status = pcap_offline_read(p, 1, p->oneshot_callback, 619 (u_char *)&s); 620 621 /* 622 * Return codes for pcap_offline_read() are: 623 * - 0: EOF 624 * - -1: error 625 * - >1: OK 626 * The first one ('0') conflicts with the return code of 627 * 0 from pcap_read() meaning "no packets arrived before 628 * the timeout expired", so we map it to -2 so you can 629 * distinguish between an EOF from a savefile and a 630 * "no packets arrived before the timeout expired, try 631 * again" from a live capture. 632 */ 633 if (status == 0) 634 return (-2); 635 else 636 return (status); 637 } 638 639 /* 640 * Return codes for pcap_read() are: 641 * - 0: timeout 642 * - -1: error 643 * - -2: loop was broken out of with pcap_breakloop() 644 * - >1: OK 645 * The first one ('0') conflicts with the return code of 0 from 646 * pcap_offline_read() meaning "end of file". 647 */ 648 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 649 } 650 651 /* 652 * Implementation of a pcap_if_list_t. 653 */ 654 struct pcap_if_list { 655 pcap_if_t *beginning; 656 }; 657 658 static struct capture_source_type { 659 int (*findalldevs_op)(pcap_if_list_t *, char *); 660 pcap_t *(*create_op)(const char *, char *, int *); 661 } capture_source_types[] = { 662 #ifdef HAVE_DAG_API 663 { dag_findalldevs, dag_create }, 664 #endif 665 #ifdef HAVE_SEPTEL_API 666 { septel_findalldevs, septel_create }, 667 #endif 668 #ifdef HAVE_SNF_API 669 { snf_findalldevs, snf_create }, 670 #endif 671 #ifdef HAVE_TC_API 672 { TcFindAllDevs, TcCreate }, 673 #endif 674 #ifdef PCAP_SUPPORT_BT 675 { bt_findalldevs, bt_create }, 676 #endif 677 #ifdef PCAP_SUPPORT_BT_MONITOR 678 { bt_monitor_findalldevs, bt_monitor_create }, 679 #endif 680 #ifdef PCAP_SUPPORT_LINUX_USBMON 681 { usb_findalldevs, usb_create }, 682 #endif 683 #ifdef PCAP_SUPPORT_NETFILTER 684 { netfilter_findalldevs, netfilter_create }, 685 #endif 686 #ifdef PCAP_SUPPORT_NETMAP 687 { pcap_netmap_findalldevs, pcap_netmap_create }, 688 #endif 689 #ifdef PCAP_SUPPORT_DBUS 690 { dbus_findalldevs, dbus_create }, 691 #endif 692 #ifdef PCAP_SUPPORT_RDMASNIFF 693 { rdmasniff_findalldevs, rdmasniff_create }, 694 #endif 695 #ifdef PCAP_SUPPORT_DPDK 696 { pcap_dpdk_findalldevs, pcap_dpdk_create }, 697 #endif 698 #ifdef HAVE_AIRPCAP_API 699 { airpcap_findalldevs, airpcap_create }, 700 #endif 701 { NULL, NULL } 702 }; 703 704 /* 705 * Get a list of all capture sources that are up and that we can open. 706 * Returns -1 on error, 0 otherwise. 707 * The list, as returned through "alldevsp", may be null if no interfaces 708 * were up and could be opened. 709 */ 710 int 711 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 712 { 713 size_t i; 714 pcap_if_list_t devlist; 715 716 /* 717 * Find all the local network interfaces on which we 718 * can capture. 719 */ 720 devlist.beginning = NULL; 721 if (pcap_platform_finddevs(&devlist, errbuf) == -1) { 722 /* 723 * Failed - free all of the entries we were given 724 * before we failed. 725 */ 726 if (devlist.beginning != NULL) 727 pcap_freealldevs(devlist.beginning); 728 *alldevsp = NULL; 729 return (-1); 730 } 731 732 /* 733 * Ask each of the non-local-network-interface capture 734 * source types what interfaces they have. 735 */ 736 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 737 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) { 738 /* 739 * We had an error; free the list we've been 740 * constructing. 741 */ 742 if (devlist.beginning != NULL) 743 pcap_freealldevs(devlist.beginning); 744 *alldevsp = NULL; 745 return (-1); 746 } 747 } 748 749 /* 750 * Return the first entry of the list of all devices. 751 */ 752 *alldevsp = devlist.beginning; 753 return (0); 754 } 755 756 static struct sockaddr * 757 dup_sockaddr(struct sockaddr *sa, size_t sa_length) 758 { 759 struct sockaddr *newsa; 760 761 if ((newsa = malloc(sa_length)) == NULL) 762 return (NULL); 763 return (memcpy(newsa, sa, sa_length)); 764 } 765 766 /* 767 * Construct a "figure of merit" for an interface, for use when sorting 768 * the list of interfaces, in which interfaces that are up are superior 769 * to interfaces that aren't up, interfaces that are up and running are 770 * superior to interfaces that are up but not running, and non-loopback 771 * interfaces that are up and running are superior to loopback interfaces, 772 * and interfaces with the same flags have a figure of merit that's higher 773 * the lower the instance number. 774 * 775 * The goal is to try to put the interfaces most likely to be useful for 776 * capture at the beginning of the list. 777 * 778 * The figure of merit, which is lower the "better" the interface is, 779 * has the uppermost bit set if the interface isn't running, the bit 780 * below that set if the interface isn't up, the bit below that 781 * set if the interface is a loopback interface, and the bit below 782 * that set if it's the "any" interface. 783 * 784 * Note: we don't sort by unit number because 1) not all interfaces have 785 * a unit number (systemd, for example, might assign interface names 786 * based on the interface's MAC address or on the physical location of 787 * the adapter's connector), and 2) if the name does end with a simple 788 * unit number, it's not a global property of the interface, it's only 789 * useful as a sort key for device names with the same prefix, so xyz0 790 * shouldn't necessarily sort before abc2. This means that interfaces 791 * with the same figure of merit will be sorted by the order in which 792 * the mechanism from which we're getting the interfaces supplies them. 793 */ 794 static u_int 795 get_figure_of_merit(pcap_if_t *dev) 796 { 797 u_int n; 798 799 n = 0; 800 if (!(dev->flags & PCAP_IF_RUNNING)) 801 n |= 0x80000000; 802 if (!(dev->flags & PCAP_IF_UP)) 803 n |= 0x40000000; 804 805 /* 806 * Give non-wireless interfaces that aren't disconnected a better 807 * figure of merit than interfaces that are disconnected, as 808 * "disconnected" should indicate that the interface isn't 809 * plugged into a network and thus won't give you any traffic. 810 * 811 * For wireless interfaces, it means "associated with a network", 812 * which we presume not to necessarily prevent capture, as you 813 * might run the adapter in some flavor of monitor mode. 814 */ 815 if (!(dev->flags & PCAP_IF_WIRELESS) && 816 (dev->flags & PCAP_IF_CONNECTION_STATUS) == PCAP_IF_CONNECTION_STATUS_DISCONNECTED) 817 n |= 0x20000000; 818 819 /* 820 * Sort loopback devices after non-loopback devices, *except* for 821 * disconnected devices. 822 */ 823 if (dev->flags & PCAP_IF_LOOPBACK) 824 n |= 0x10000000; 825 826 /* 827 * Sort the "any" device before loopback and disconnected devices, 828 * but after all other devices. 829 */ 830 if (strcmp(dev->name, "any") == 0) 831 n |= 0x08000000; 832 833 return (n); 834 } 835 836 #ifndef _WIN32 837 /* 838 * Try to get a description for a given device. 839 * Returns a mallocated description if it could and NULL if it couldn't. 840 * 841 * XXX - on FreeBSDs that support it, should it get the sysctl named 842 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description 843 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800" 844 * with my Cisco 350 card, so the name isn't entirely descriptive. The 845 * "dev.an.0.%pnpinfo" has a better description, although one might argue 846 * that the problem is really a driver bug - if it can find out that it's 847 * a Cisco 340 or 350, rather than an old Aironet card, it should use 848 * that in the description. 849 * 850 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD 851 * and OpenBSD let you get a description, but it's not generated by the OS, 852 * it's set with another ioctl that ifconfig supports; we use that to get 853 * a description in FreeBSD and OpenBSD, but if there is no such 854 * description available, it still might be nice to get some description 855 * string based on the device type or something such as that. 856 * 857 * In macOS, the System Configuration framework can apparently return 858 * names in 10.4 and later. 859 * 860 * It also appears that freedesktop.org's HAL offers an "info.product" 861 * string, but the HAL specification says it "should not be used in any 862 * UI" and "subsystem/capability specific properties" should be used 863 * instead and, in any case, I think HAL is being deprecated in 864 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear 865 * to have any obvious product information for devices, but maybe 866 * I haven't looked hard enough. 867 * 868 * Using the System Configuration framework, or HAL, or DeviceKit, or 869 * whatever, would require that libpcap applications be linked with 870 * the frameworks/libraries in question. That shouldn't be a problem 871 * for programs linking with the shared version of libpcap (unless 872 * you're running on AIX - which I think is the only UN*X that doesn't 873 * support linking a shared library with other libraries on which it 874 * depends, and having an executable linked only with the first shared 875 * library automatically pick up the other libraries when started - 876 * and using HAL or whatever). Programs linked with the static 877 * version of libpcap would have to use pcap-config with the --static 878 * flag in order to get the right linker flags in order to pick up 879 * the additional libraries/frameworks; those programs need that anyway 880 * for libpcap 1.1 and beyond on Linux, as, by default, it requires 881 * -lnl. 882 * 883 * Do any other UN*Xes, or desktop environments support getting a 884 * description? 885 */ 886 static char * 887 #ifdef SIOCGIFDESCR 888 get_if_description(const char *name) 889 { 890 char *description = NULL; 891 int s; 892 struct ifreq ifrdesc; 893 #ifndef IFDESCRSIZE 894 size_t descrlen = 64; 895 #else 896 size_t descrlen = IFDESCRSIZE; 897 #endif /* IFDESCRSIZE */ 898 899 /* 900 * Get the description for the interface. 901 */ 902 memset(&ifrdesc, 0, sizeof ifrdesc); 903 pcap_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name); 904 s = socket(AF_INET, SOCK_DGRAM, 0); 905 if (s >= 0) { 906 #ifdef __FreeBSD__ 907 /* 908 * On FreeBSD, if the buffer isn't big enough for the 909 * description, the ioctl succeeds, but the description 910 * isn't copied, ifr_buffer.length is set to the description 911 * length, and ifr_buffer.buffer is set to NULL. 912 */ 913 for (;;) { 914 free(description); 915 if ((description = malloc(descrlen)) != NULL) { 916 ifrdesc.ifr_buffer.buffer = description; 917 ifrdesc.ifr_buffer.length = descrlen; 918 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) { 919 if (ifrdesc.ifr_buffer.buffer == 920 description) 921 break; 922 else 923 descrlen = ifrdesc.ifr_buffer.length; 924 } else { 925 /* 926 * Failed to get interface description. 927 */ 928 free(description); 929 description = NULL; 930 break; 931 } 932 } else 933 break; 934 } 935 #else /* __FreeBSD__ */ 936 /* 937 * The only other OS that currently supports 938 * SIOCGIFDESCR is OpenBSD, and it has no way 939 * to get the description length - it's clamped 940 * to a maximum of IFDESCRSIZE. 941 */ 942 if ((description = malloc(descrlen)) != NULL) { 943 ifrdesc.ifr_data = (caddr_t)description; 944 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) { 945 /* 946 * Failed to get interface description. 947 */ 948 free(description); 949 description = NULL; 950 } 951 } 952 #endif /* __FreeBSD__ */ 953 close(s); 954 if (description != NULL && description[0] == '\0') { 955 /* 956 * Description is empty, so discard it. 957 */ 958 free(description); 959 description = NULL; 960 } 961 } 962 963 #ifdef __FreeBSD__ 964 /* 965 * For FreeBSD, if we didn't get a description, and this is 966 * a device with a name of the form usbusN, label it as a USB 967 * bus. 968 */ 969 if (description == NULL) { 970 if (strncmp(name, "usbus", 5) == 0) { 971 /* 972 * OK, it begins with "usbus". 973 */ 974 long busnum; 975 char *p; 976 977 errno = 0; 978 busnum = strtol(name + 5, &p, 10); 979 if (errno == 0 && p != name + 5 && *p == '\0' && 980 busnum >= 0 && busnum <= INT_MAX) { 981 /* 982 * OK, it's a valid number that's not 983 * bigger than INT_MAX. Construct 984 * a description from it. 985 * (If that fails, we don't worry about 986 * it, we just return NULL.) 987 */ 988 if (pcap_asprintf(&description, 989 "USB bus number %ld", busnum) == -1) { 990 /* Failed. */ 991 description = NULL; 992 } 993 } 994 } 995 } 996 #endif 997 return (description); 998 #else /* SIOCGIFDESCR */ 999 get_if_description(const char *name _U_) 1000 { 1001 return (NULL); 1002 #endif /* SIOCGIFDESCR */ 1003 } 1004 1005 /* 1006 * Look for a given device in the specified list of devices. 1007 * 1008 * If we find it, return a pointer to its entry. 1009 * 1010 * If we don't find it, attempt to add an entry for it, with the specified 1011 * IFF_ flags and description, and, if that succeeds, return a pointer to 1012 * the new entry, otherwise return NULL and set errbuf to an error message. 1013 */ 1014 pcap_if_t * 1015 find_or_add_if(pcap_if_list_t *devlistp, const char *name, 1016 bpf_u_int32 if_flags, get_if_flags_func get_flags_func, char *errbuf) 1017 { 1018 bpf_u_int32 pcap_flags; 1019 1020 /* 1021 * Convert IFF_ flags to pcap flags. 1022 */ 1023 pcap_flags = 0; 1024 #ifdef IFF_LOOPBACK 1025 if (if_flags & IFF_LOOPBACK) 1026 pcap_flags |= PCAP_IF_LOOPBACK; 1027 #else 1028 /* 1029 * We don't have IFF_LOOPBACK, so look at the device name to 1030 * see if it looks like a loopback device. 1031 */ 1032 if (name[0] == 'l' && name[1] == 'o' && 1033 (PCAP_ISDIGIT(name[2]) || name[2] == '\0')) 1034 pcap_flags |= PCAP_IF_LOOPBACK; 1035 #endif 1036 #ifdef IFF_UP 1037 if (if_flags & IFF_UP) 1038 pcap_flags |= PCAP_IF_UP; 1039 #endif 1040 #ifdef IFF_RUNNING 1041 if (if_flags & IFF_RUNNING) 1042 pcap_flags |= PCAP_IF_RUNNING; 1043 #endif 1044 1045 /* 1046 * Attempt to find an entry for this device; if we don't find one, 1047 * attempt to add one. 1048 */ 1049 return (find_or_add_dev(devlistp, name, pcap_flags, 1050 get_flags_func, get_if_description(name), errbuf)); 1051 } 1052 1053 /* 1054 * Look for a given device in the specified list of devices. 1055 * 1056 * If we find it, then, if the specified address isn't null, add it to 1057 * the list of addresses for the device and return 0. 1058 * 1059 * If we don't find it, attempt to add an entry for it, with the specified 1060 * IFF_ flags and description, and, if that succeeds, add the specified 1061 * address to its list of addresses if that address is non-null, and 1062 * return 0, otherwise return -1 and set errbuf to an error message. 1063 * 1064 * (We can get called with a null address because we might get a list 1065 * of interface name/address combinations from the underlying OS, with 1066 * the address being absent in some cases, rather than a list of 1067 * interfaces with each interface having a list of addresses, so this 1068 * call may be the only call made to add to the list, and we want to 1069 * add interfaces even if they have no addresses.) 1070 */ 1071 int 1072 add_addr_to_if(pcap_if_list_t *devlistp, const char *name, 1073 bpf_u_int32 if_flags, get_if_flags_func get_flags_func, 1074 struct sockaddr *addr, size_t addr_size, 1075 struct sockaddr *netmask, size_t netmask_size, 1076 struct sockaddr *broadaddr, size_t broadaddr_size, 1077 struct sockaddr *dstaddr, size_t dstaddr_size, 1078 char *errbuf) 1079 { 1080 pcap_if_t *curdev; 1081 1082 /* 1083 * Check whether the device exists and, if not, add it. 1084 */ 1085 curdev = find_or_add_if(devlistp, name, if_flags, get_flags_func, 1086 errbuf); 1087 if (curdev == NULL) { 1088 /* 1089 * Error - give up. 1090 */ 1091 return (-1); 1092 } 1093 1094 if (addr == NULL) { 1095 /* 1096 * There's no address to add; this entry just meant 1097 * "here's a new interface". 1098 */ 1099 return (0); 1100 } 1101 1102 /* 1103 * "curdev" is an entry for this interface, and we have an 1104 * address for it; add an entry for that address to the 1105 * interface's list of addresses. 1106 */ 1107 return (add_addr_to_dev(curdev, addr, addr_size, netmask, 1108 netmask_size, broadaddr, broadaddr_size, dstaddr, 1109 dstaddr_size, errbuf)); 1110 } 1111 #endif /* _WIN32 */ 1112 1113 /* 1114 * Add an entry to the list of addresses for an interface. 1115 * "curdev" is the entry for that interface. 1116 */ 1117 int 1118 add_addr_to_dev(pcap_if_t *curdev, 1119 struct sockaddr *addr, size_t addr_size, 1120 struct sockaddr *netmask, size_t netmask_size, 1121 struct sockaddr *broadaddr, size_t broadaddr_size, 1122 struct sockaddr *dstaddr, size_t dstaddr_size, 1123 char *errbuf) 1124 { 1125 pcap_addr_t *curaddr, *prevaddr, *nextaddr; 1126 1127 /* 1128 * Allocate the new entry and fill it in. 1129 */ 1130 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t)); 1131 if (curaddr == NULL) { 1132 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1133 errno, "malloc"); 1134 return (-1); 1135 } 1136 1137 curaddr->next = NULL; 1138 if (addr != NULL && addr_size != 0) { 1139 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size); 1140 if (curaddr->addr == NULL) { 1141 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1142 errno, "malloc"); 1143 free(curaddr); 1144 return (-1); 1145 } 1146 } else 1147 curaddr->addr = NULL; 1148 1149 if (netmask != NULL && netmask_size != 0) { 1150 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size); 1151 if (curaddr->netmask == NULL) { 1152 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1153 errno, "malloc"); 1154 if (curaddr->addr != NULL) 1155 free(curaddr->addr); 1156 free(curaddr); 1157 return (-1); 1158 } 1159 } else 1160 curaddr->netmask = NULL; 1161 1162 if (broadaddr != NULL && broadaddr_size != 0) { 1163 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size); 1164 if (curaddr->broadaddr == NULL) { 1165 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1166 errno, "malloc"); 1167 if (curaddr->netmask != NULL) 1168 free(curaddr->netmask); 1169 if (curaddr->addr != NULL) 1170 free(curaddr->addr); 1171 free(curaddr); 1172 return (-1); 1173 } 1174 } else 1175 curaddr->broadaddr = NULL; 1176 1177 if (dstaddr != NULL && dstaddr_size != 0) { 1178 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size); 1179 if (curaddr->dstaddr == NULL) { 1180 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1181 errno, "malloc"); 1182 if (curaddr->broadaddr != NULL) 1183 free(curaddr->broadaddr); 1184 if (curaddr->netmask != NULL) 1185 free(curaddr->netmask); 1186 if (curaddr->addr != NULL) 1187 free(curaddr->addr); 1188 free(curaddr); 1189 return (-1); 1190 } 1191 } else 1192 curaddr->dstaddr = NULL; 1193 1194 /* 1195 * Find the end of the list of addresses. 1196 */ 1197 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) { 1198 nextaddr = prevaddr->next; 1199 if (nextaddr == NULL) { 1200 /* 1201 * This is the end of the list. 1202 */ 1203 break; 1204 } 1205 } 1206 1207 if (prevaddr == NULL) { 1208 /* 1209 * The list was empty; this is the first member. 1210 */ 1211 curdev->addresses = curaddr; 1212 } else { 1213 /* 1214 * "prevaddr" is the last member of the list; append 1215 * this member to it. 1216 */ 1217 prevaddr->next = curaddr; 1218 } 1219 1220 return (0); 1221 } 1222 1223 /* 1224 * Look for a given device in the specified list of devices. 1225 * 1226 * If we find it, return 0 and set *curdev_ret to point to it. 1227 * 1228 * If we don't find it, attempt to add an entry for it, with the specified 1229 * flags and description, and, if that succeeds, return 0, otherwise 1230 * return -1 and set errbuf to an error message. 1231 */ 1232 pcap_if_t * 1233 find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1234 get_if_flags_func get_flags_func, const char *description, char *errbuf) 1235 { 1236 pcap_if_t *curdev; 1237 1238 /* 1239 * Is there already an entry in the list for this device? 1240 */ 1241 curdev = find_dev(devlistp, name); 1242 if (curdev != NULL) { 1243 /* 1244 * Yes, return it. 1245 */ 1246 return (curdev); 1247 } 1248 1249 /* 1250 * No, we didn't find it. 1251 */ 1252 1253 /* 1254 * Try to get additional flags for the device. 1255 */ 1256 if ((*get_flags_func)(name, &flags, errbuf) == -1) { 1257 /* 1258 * Failed. 1259 */ 1260 return (NULL); 1261 } 1262 1263 /* 1264 * Now, try to add it to the list of devices. 1265 */ 1266 return (add_dev(devlistp, name, flags, description, errbuf)); 1267 } 1268 1269 /* 1270 * Look for a given device in the specified list of devices, and return 1271 * the entry for it if we find it or NULL if we don't. 1272 */ 1273 pcap_if_t * 1274 find_dev(pcap_if_list_t *devlistp, const char *name) 1275 { 1276 pcap_if_t *curdev; 1277 1278 /* 1279 * Is there an entry in the list for this device? 1280 */ 1281 for (curdev = devlistp->beginning; curdev != NULL; 1282 curdev = curdev->next) { 1283 if (strcmp(name, curdev->name) == 0) { 1284 /* 1285 * We found it, so, yes, there is. No need to 1286 * add it. Provide the entry we found to our 1287 * caller. 1288 */ 1289 return (curdev); 1290 } 1291 } 1292 1293 /* 1294 * No. 1295 */ 1296 return (NULL); 1297 } 1298 1299 /* 1300 * Attempt to add an entry for a device, with the specified flags 1301 * and description, and, if that succeeds, return 0 and return a pointer 1302 * to the new entry, otherwise return NULL and set errbuf to an error 1303 * message. 1304 * 1305 * If we weren't given a description, try to get one. 1306 */ 1307 pcap_if_t * 1308 add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1309 const char *description, char *errbuf) 1310 { 1311 pcap_if_t *curdev, *prevdev, *nextdev; 1312 u_int this_figure_of_merit, nextdev_figure_of_merit; 1313 1314 curdev = malloc(sizeof(pcap_if_t)); 1315 if (curdev == NULL) { 1316 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1317 errno, "malloc"); 1318 return (NULL); 1319 } 1320 1321 /* 1322 * Fill in the entry. 1323 */ 1324 curdev->next = NULL; 1325 curdev->name = strdup(name); 1326 if (curdev->name == NULL) { 1327 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1328 errno, "malloc"); 1329 free(curdev); 1330 return (NULL); 1331 } 1332 if (description == NULL) { 1333 /* 1334 * We weren't handed a description for the interface. 1335 */ 1336 curdev->description = NULL; 1337 } else { 1338 /* 1339 * We were handed a description; make a copy. 1340 */ 1341 curdev->description = strdup(description); 1342 if (curdev->description == NULL) { 1343 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1344 errno, "malloc"); 1345 free(curdev->name); 1346 free(curdev); 1347 return (NULL); 1348 } 1349 } 1350 curdev->addresses = NULL; /* list starts out as empty */ 1351 curdev->flags = flags; 1352 1353 /* 1354 * Add it to the list, in the appropriate location. 1355 * First, get the "figure of merit" for this interface. 1356 */ 1357 this_figure_of_merit = get_figure_of_merit(curdev); 1358 1359 /* 1360 * Now look for the last interface with an figure of merit 1361 * less than or equal to the new interface's figure of merit. 1362 * 1363 * We start with "prevdev" being NULL, meaning we're before 1364 * the first element in the list. 1365 */ 1366 prevdev = NULL; 1367 for (;;) { 1368 /* 1369 * Get the interface after this one. 1370 */ 1371 if (prevdev == NULL) { 1372 /* 1373 * The next element is the first element. 1374 */ 1375 nextdev = devlistp->beginning; 1376 } else 1377 nextdev = prevdev->next; 1378 1379 /* 1380 * Are we at the end of the list? 1381 */ 1382 if (nextdev == NULL) { 1383 /* 1384 * Yes - we have to put the new entry after "prevdev". 1385 */ 1386 break; 1387 } 1388 1389 /* 1390 * Is the new interface's figure of merit less 1391 * than the next interface's figure of merit, 1392 * meaning that the new interface is better 1393 * than the next interface? 1394 */ 1395 nextdev_figure_of_merit = get_figure_of_merit(nextdev); 1396 if (this_figure_of_merit < nextdev_figure_of_merit) { 1397 /* 1398 * Yes - we should put the new entry 1399 * before "nextdev", i.e. after "prevdev". 1400 */ 1401 break; 1402 } 1403 1404 prevdev = nextdev; 1405 } 1406 1407 /* 1408 * Insert before "nextdev". 1409 */ 1410 curdev->next = nextdev; 1411 1412 /* 1413 * Insert after "prevdev" - unless "prevdev" is null, 1414 * in which case this is the first interface. 1415 */ 1416 if (prevdev == NULL) { 1417 /* 1418 * This is the first interface. Make it 1419 * the first element in the list of devices. 1420 */ 1421 devlistp->beginning = curdev; 1422 } else 1423 prevdev->next = curdev; 1424 return (curdev); 1425 } 1426 1427 /* 1428 * Free a list of interfaces. 1429 */ 1430 void 1431 pcap_freealldevs(pcap_if_t *alldevs) 1432 { 1433 pcap_if_t *curdev, *nextdev; 1434 pcap_addr_t *curaddr, *nextaddr; 1435 1436 for (curdev = alldevs; curdev != NULL; curdev = nextdev) { 1437 nextdev = curdev->next; 1438 1439 /* 1440 * Free all addresses. 1441 */ 1442 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) { 1443 nextaddr = curaddr->next; 1444 if (curaddr->addr) 1445 free(curaddr->addr); 1446 if (curaddr->netmask) 1447 free(curaddr->netmask); 1448 if (curaddr->broadaddr) 1449 free(curaddr->broadaddr); 1450 if (curaddr->dstaddr) 1451 free(curaddr->dstaddr); 1452 free(curaddr); 1453 } 1454 1455 /* 1456 * Free the name string. 1457 */ 1458 free(curdev->name); 1459 1460 /* 1461 * Free the description string, if any. 1462 */ 1463 if (curdev->description != NULL) 1464 free(curdev->description); 1465 1466 /* 1467 * Free the interface. 1468 */ 1469 free(curdev); 1470 } 1471 } 1472 1473 /* 1474 * pcap-npf.c has its own pcap_lookupdev(), for compatibility reasons, as 1475 * it actually returns the names of all interfaces, with a NUL separator 1476 * between them; some callers may depend on that. 1477 * 1478 * MS-DOS has its own pcap_lookupdev(), but that might be useful only 1479 * as an optimization. 1480 * 1481 * In all other cases, we just use pcap_findalldevs() to get a list of 1482 * devices, and pick from that list. 1483 */ 1484 #if !defined(HAVE_PACKET32) && !defined(MSDOS) 1485 /* 1486 * Return the name of a network interface attached to the system, or NULL 1487 * if none can be found. The interface must be configured up; the 1488 * lowest unit number is preferred; loopback is ignored. 1489 */ 1490 char * 1491 pcap_lookupdev(char *errbuf) 1492 { 1493 pcap_if_t *alldevs; 1494 #ifdef _WIN32 1495 /* 1496 * Windows - use the same size as the old WinPcap 3.1 code. 1497 * XXX - this is probably bigger than it needs to be. 1498 */ 1499 #define IF_NAMESIZE 8192 1500 #else 1501 /* 1502 * UN*X - use the system's interface name size. 1503 * XXX - that might not be large enough for capture devices 1504 * that aren't regular network interfaces. 1505 */ 1506 /* for old BSD systems, including bsdi3 */ 1507 #ifndef IF_NAMESIZE 1508 #define IF_NAMESIZE IFNAMSIZ 1509 #endif 1510 #endif 1511 static char device[IF_NAMESIZE + 1]; 1512 char *ret; 1513 1514 /* 1515 * We disable this in "new API" mode, because 1) in WinPcap/Npcap, 1516 * it may return UTF-16 strings, for backwards-compatibility 1517 * reasons, and we're also disabling the hack to make that work, 1518 * for not-going-past-the-end-of-a-string reasons, and 2) we 1519 * want its behavior to be consistent. 1520 * 1521 * In addition, it's not thread-safe, so we've marked it as 1522 * deprecated. 1523 */ 1524 if (pcap_new_api) { 1525 snprintf(errbuf, PCAP_ERRBUF_SIZE, 1526 "pcap_lookupdev() is deprecated and is not supported in programs calling pcap_init()"); 1527 return (NULL); 1528 } 1529 1530 if (pcap_findalldevs(&alldevs, errbuf) == -1) 1531 return (NULL); 1532 1533 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) { 1534 /* 1535 * There are no devices on the list, or the first device 1536 * on the list is a loopback device, which means there 1537 * are no non-loopback devices on the list. This means 1538 * we can't return any device. 1539 * 1540 * XXX - why not return a loopback device? If we can't 1541 * capture on it, it won't be on the list, and if it's 1542 * on the list, there aren't any non-loopback devices, 1543 * so why not just supply it as the default device? 1544 */ 1545 (void)pcap_strlcpy(errbuf, "no suitable device found", 1546 PCAP_ERRBUF_SIZE); 1547 ret = NULL; 1548 } else { 1549 /* 1550 * Return the name of the first device on the list. 1551 */ 1552 (void)pcap_strlcpy(device, alldevs->name, sizeof(device)); 1553 ret = device; 1554 } 1555 1556 pcap_freealldevs(alldevs); 1557 return (ret); 1558 } 1559 #endif /* !defined(HAVE_PACKET32) && !defined(MSDOS) */ 1560 1561 #if !defined(_WIN32) && !defined(MSDOS) 1562 /* 1563 * We don't just fetch the entire list of devices, search for the 1564 * particular device, and use its first IPv4 address, as that's too 1565 * much work to get just one device's netmask. 1566 * 1567 * If we had an API to get attributes for a given device, we could 1568 * use that. 1569 */ 1570 int 1571 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, 1572 char *errbuf) 1573 { 1574 register int fd; 1575 register struct sockaddr_in *sin4; 1576 struct ifreq ifr; 1577 1578 /* 1579 * The pseudo-device "any" listens on all interfaces and therefore 1580 * has the network address and -mask "0.0.0.0" therefore catching 1581 * all traffic. Using NULL for the interface is the same as "any". 1582 */ 1583 if (!device || strcmp(device, "any") == 0 1584 #ifdef HAVE_DAG_API 1585 || strstr(device, "dag") != NULL 1586 #endif 1587 #ifdef HAVE_SEPTEL_API 1588 || strstr(device, "septel") != NULL 1589 #endif 1590 #ifdef PCAP_SUPPORT_BT 1591 || strstr(device, "bluetooth") != NULL 1592 #endif 1593 #ifdef PCAP_SUPPORT_LINUX_USBMON 1594 || strstr(device, "usbmon") != NULL 1595 #endif 1596 #ifdef HAVE_SNF_API 1597 || strstr(device, "snf") != NULL 1598 #endif 1599 #ifdef PCAP_SUPPORT_NETMAP 1600 || strncmp(device, "netmap:", 7) == 0 1601 || strncmp(device, "vale", 4) == 0 1602 #endif 1603 #ifdef PCAP_SUPPORT_DPDK 1604 || strncmp(device, "dpdk:", 5) == 0 1605 #endif 1606 ) { 1607 *netp = *maskp = 0; 1608 return 0; 1609 } 1610 1611 fd = socket(AF_INET, SOCK_DGRAM, 0); 1612 if (fd < 0) { 1613 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1614 errno, "socket"); 1615 return (-1); 1616 } 1617 memset(&ifr, 0, sizeof(ifr)); 1618 #ifdef linux 1619 /* XXX Work around Linux kernel bug */ 1620 ifr.ifr_addr.sa_family = AF_INET; 1621 #endif 1622 (void)pcap_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1623 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { 1624 if (errno == EADDRNOTAVAIL) { 1625 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 1626 "%s: no IPv4 address assigned", device); 1627 } else { 1628 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1629 errno, "SIOCGIFADDR: %s", device); 1630 } 1631 (void)close(fd); 1632 return (-1); 1633 } 1634 sin4 = (struct sockaddr_in *)&ifr.ifr_addr; 1635 *netp = sin4->sin_addr.s_addr; 1636 memset(&ifr, 0, sizeof(ifr)); 1637 #ifdef linux 1638 /* XXX Work around Linux kernel bug */ 1639 ifr.ifr_addr.sa_family = AF_INET; 1640 #endif 1641 (void)pcap_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1642 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { 1643 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1644 errno, "SIOCGIFNETMASK: %s", device); 1645 (void)close(fd); 1646 return (-1); 1647 } 1648 (void)close(fd); 1649 *maskp = sin4->sin_addr.s_addr; 1650 if (*maskp == 0) { 1651 if (IN_CLASSA(*netp)) 1652 *maskp = IN_CLASSA_NET; 1653 else if (IN_CLASSB(*netp)) 1654 *maskp = IN_CLASSB_NET; 1655 else if (IN_CLASSC(*netp)) 1656 *maskp = IN_CLASSC_NET; 1657 else { 1658 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 1659 "inet class for 0x%x unknown", *netp); 1660 return (-1); 1661 } 1662 } 1663 *netp &= *maskp; 1664 return (0); 1665 } 1666 #endif /* !defined(_WIN32) && !defined(MSDOS) */ 1667 1668 #ifdef ENABLE_REMOTE 1669 #include "pcap-rpcap.h" 1670 1671 /* 1672 * Extract a substring from a string. 1673 */ 1674 static char * 1675 get_substring(const char *p, size_t len, char *ebuf) 1676 { 1677 char *token; 1678 1679 token = malloc(len + 1); 1680 if (token == NULL) { 1681 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1682 errno, "malloc"); 1683 return (NULL); 1684 } 1685 memcpy(token, p, len); 1686 token[len] = '\0'; 1687 return (token); 1688 } 1689 1690 /* 1691 * Parse a capture source that might be a URL. 1692 * 1693 * If the source is not a URL, *schemep, *userinfop, *hostp, and *portp 1694 * are set to NULL, *pathp is set to point to the source, and 0 is 1695 * returned. 1696 * 1697 * If source is a URL, and the URL refers to a local device (a special 1698 * case of rpcap:), *schemep, *userinfop, *hostp, and *portp are set 1699 * to NULL, *pathp is set to point to the device name, and 0 is returned. 1700 * 1701 * If source is a URL, and it's not a special case that refers to a local 1702 * device, and the parse succeeds: 1703 * 1704 * *schemep is set to point to an allocated string containing the scheme; 1705 * 1706 * if user information is present in the URL, *userinfop is set to point 1707 * to an allocated string containing the user information, otherwise 1708 * it's set to NULL; 1709 * 1710 * if host information is present in the URL, *hostp is set to point 1711 * to an allocated string containing the host information, otherwise 1712 * it's set to NULL; 1713 * 1714 * if a port number is present in the URL, *portp is set to point 1715 * to an allocated string containing the port number, otherwise 1716 * it's set to NULL; 1717 * 1718 * *pathp is set to point to an allocated string containing the 1719 * path; 1720 * 1721 * and 0 is returned. 1722 * 1723 * If the parse fails, ebuf is set to an error string, and -1 is returned. 1724 */ 1725 static int 1726 pcap_parse_source(const char *source, char **schemep, char **userinfop, 1727 char **hostp, char **portp, char **pathp, char *ebuf) 1728 { 1729 char *colonp; 1730 size_t scheme_len; 1731 char *scheme; 1732 const char *endp; 1733 size_t authority_len; 1734 char *authority; 1735 char *parsep, *atsignp, *bracketp; 1736 char *userinfo, *host, *port, *path; 1737 1738 /* 1739 * Start out returning nothing. 1740 */ 1741 *schemep = NULL; 1742 *userinfop = NULL; 1743 *hostp = NULL; 1744 *portp = NULL; 1745 *pathp = NULL; 1746 1747 /* 1748 * RFC 3986 says: 1749 * 1750 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] 1751 * 1752 * hier-part = "//" authority path-abempty 1753 * / path-absolute 1754 * / path-rootless 1755 * / path-empty 1756 * 1757 * authority = [ userinfo "@" ] host [ ":" port ] 1758 * 1759 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) 1760 * 1761 * Step 1: look for the ":" at the end of the scheme. 1762 * A colon in the source is *NOT* sufficient to indicate that 1763 * this is a URL, as interface names on some platforms might 1764 * include colons (e.g., I think some Solaris interfaces 1765 * might). 1766 */ 1767 colonp = strchr(source, ':'); 1768 if (colonp == NULL) { 1769 /* 1770 * The source is the device to open. 1771 * Return a NULL pointer for the scheme, user information, 1772 * host, and port, and return the device as the path. 1773 */ 1774 *pathp = strdup(source); 1775 if (*pathp == NULL) { 1776 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1777 errno, "malloc"); 1778 return (-1); 1779 } 1780 return (0); 1781 } 1782 1783 /* 1784 * All schemes must have "//" after them, i.e. we only support 1785 * hier-part = "//" authority path-abempty, not 1786 * hier-part = path-absolute 1787 * hier-part = path-rootless 1788 * hier-part = path-empty 1789 * 1790 * We need that in order to distinguish between a local device 1791 * name that happens to contain a colon and a URI. 1792 */ 1793 if (strncmp(colonp + 1, "//", 2) != 0) { 1794 /* 1795 * The source is the device to open. 1796 * Return a NULL pointer for the scheme, user information, 1797 * host, and port, and return the device as the path. 1798 */ 1799 *pathp = strdup(source); 1800 if (*pathp == NULL) { 1801 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1802 errno, "malloc"); 1803 return (-1); 1804 } 1805 return (0); 1806 } 1807 1808 /* 1809 * XXX - check whether the purported scheme could be a scheme? 1810 */ 1811 1812 /* 1813 * OK, this looks like a URL. 1814 * Get the scheme. 1815 */ 1816 scheme_len = colonp - source; 1817 scheme = malloc(scheme_len + 1); 1818 if (scheme == NULL) { 1819 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1820 errno, "malloc"); 1821 return (-1); 1822 } 1823 memcpy(scheme, source, scheme_len); 1824 scheme[scheme_len] = '\0'; 1825 1826 /* 1827 * Treat file: specially - take everything after file:// as 1828 * the pathname. 1829 */ 1830 if (pcap_strcasecmp(scheme, "file") == 0) { 1831 *pathp = strdup(colonp + 3); 1832 if (*pathp == NULL) { 1833 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1834 errno, "malloc"); 1835 free(scheme); 1836 return (-1); 1837 } 1838 *schemep = scheme; 1839 return (0); 1840 } 1841 1842 /* 1843 * The WinPcap documentation says you can specify a local 1844 * interface with "rpcap://{device}"; we special-case 1845 * that here. If the scheme is "rpcap", and there are 1846 * no slashes past the "//", we just return the device. 1847 * 1848 * XXX - %-escaping? 1849 */ 1850 if ((pcap_strcasecmp(scheme, "rpcap") == 0 || 1851 pcap_strcasecmp(scheme, "rpcaps") == 0) && 1852 strchr(colonp + 3, '/') == NULL) { 1853 /* 1854 * Local device. 1855 * 1856 * Return a NULL pointer for the scheme, user information, 1857 * host, and port, and return the device as the path. 1858 */ 1859 free(scheme); 1860 *pathp = strdup(colonp + 3); 1861 if (*pathp == NULL) { 1862 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1863 errno, "malloc"); 1864 return (-1); 1865 } 1866 return (0); 1867 } 1868 1869 /* 1870 * OK, now start parsing the authority. 1871 * Get token, terminated with / or terminated at the end of 1872 * the string. 1873 */ 1874 authority_len = strcspn(colonp + 3, "/"); 1875 authority = get_substring(colonp + 3, authority_len, ebuf); 1876 if (authority == NULL) { 1877 /* 1878 * Error. 1879 */ 1880 free(scheme); 1881 return (-1); 1882 } 1883 endp = colonp + 3 + authority_len; 1884 1885 /* 1886 * Now carve the authority field into its components. 1887 */ 1888 parsep = authority; 1889 1890 /* 1891 * Is there a userinfo field? 1892 */ 1893 atsignp = strchr(parsep, '@'); 1894 if (atsignp != NULL) { 1895 /* 1896 * Yes. 1897 */ 1898 size_t userinfo_len; 1899 1900 userinfo_len = atsignp - parsep; 1901 userinfo = get_substring(parsep, userinfo_len, ebuf); 1902 if (userinfo == NULL) { 1903 /* 1904 * Error. 1905 */ 1906 free(authority); 1907 free(scheme); 1908 return (-1); 1909 } 1910 parsep = atsignp + 1; 1911 } else { 1912 /* 1913 * No. 1914 */ 1915 userinfo = NULL; 1916 } 1917 1918 /* 1919 * Is there a host field? 1920 */ 1921 if (*parsep == '\0') { 1922 /* 1923 * No; there's no host field or port field. 1924 */ 1925 host = NULL; 1926 port = NULL; 1927 } else { 1928 /* 1929 * Yes. 1930 */ 1931 size_t host_len; 1932 1933 /* 1934 * Is it an IP-literal? 1935 */ 1936 if (*parsep == '[') { 1937 /* 1938 * Yes. 1939 * Treat verything up to the closing square 1940 * bracket as the IP-Literal; we don't worry 1941 * about whether it's a valid IPv6address or 1942 * IPvFuture (or an IPv4address, for that 1943 * matter, just in case we get handed a 1944 * URL with an IPv4 IP-Literal, of the sort 1945 * that pcap_createsrcstr() used to generate, 1946 * and that pcap_parsesrcstr(), in the original 1947 * WinPcap code, accepted). 1948 */ 1949 bracketp = strchr(parsep, ']'); 1950 if (bracketp == NULL) { 1951 /* 1952 * There's no closing square bracket. 1953 */ 1954 snprintf(ebuf, PCAP_ERRBUF_SIZE, 1955 "IP-literal in URL doesn't end with ]"); 1956 free(userinfo); 1957 free(authority); 1958 free(scheme); 1959 return (-1); 1960 } 1961 if (*(bracketp + 1) != '\0' && 1962 *(bracketp + 1) != ':') { 1963 /* 1964 * There's extra crud after the 1965 * closing square bracketn. 1966 */ 1967 snprintf(ebuf, PCAP_ERRBUF_SIZE, 1968 "Extra text after IP-literal in URL"); 1969 free(userinfo); 1970 free(authority); 1971 free(scheme); 1972 return (-1); 1973 } 1974 host_len = (bracketp - 1) - parsep; 1975 host = get_substring(parsep + 1, host_len, ebuf); 1976 if (host == NULL) { 1977 /* 1978 * Error. 1979 */ 1980 free(userinfo); 1981 free(authority); 1982 free(scheme); 1983 return (-1); 1984 } 1985 parsep = bracketp + 1; 1986 } else { 1987 /* 1988 * No. 1989 * Treat everything up to a : or the end of 1990 * the string as the host. 1991 */ 1992 host_len = strcspn(parsep, ":"); 1993 host = get_substring(parsep, host_len, ebuf); 1994 if (host == NULL) { 1995 /* 1996 * Error. 1997 */ 1998 free(userinfo); 1999 free(authority); 2000 free(scheme); 2001 return (-1); 2002 } 2003 parsep = parsep + host_len; 2004 } 2005 2006 /* 2007 * Is there a port field? 2008 */ 2009 if (*parsep == ':') { 2010 /* 2011 * Yes. It's the rest of the authority field. 2012 */ 2013 size_t port_len; 2014 2015 parsep++; 2016 port_len = strlen(parsep); 2017 port = get_substring(parsep, port_len, ebuf); 2018 if (port == NULL) { 2019 /* 2020 * Error. 2021 */ 2022 free(host); 2023 free(userinfo); 2024 free(authority); 2025 free(scheme); 2026 return (-1); 2027 } 2028 } else { 2029 /* 2030 * No. 2031 */ 2032 port = NULL; 2033 } 2034 } 2035 free(authority); 2036 2037 /* 2038 * Everything else is the path. Strip off the leading /. 2039 */ 2040 if (*endp == '\0') 2041 path = strdup(""); 2042 else 2043 path = strdup(endp + 1); 2044 if (path == NULL) { 2045 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2046 errno, "malloc"); 2047 free(port); 2048 free(host); 2049 free(userinfo); 2050 free(scheme); 2051 return (-1); 2052 } 2053 *schemep = scheme; 2054 *userinfop = userinfo; 2055 *hostp = host; 2056 *portp = port; 2057 *pathp = path; 2058 return (0); 2059 } 2060 2061 int 2062 pcap_createsrcstr_ex(char *source, int type, const char *host, const char *port, 2063 const char *name, unsigned char uses_ssl, char *errbuf) 2064 { 2065 switch (type) { 2066 2067 case PCAP_SRC_FILE: 2068 pcap_strlcpy(source, PCAP_SRC_FILE_STRING, PCAP_BUF_SIZE); 2069 if (name != NULL && *name != '\0') { 2070 pcap_strlcat(source, name, PCAP_BUF_SIZE); 2071 return (0); 2072 } else { 2073 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2074 "The file name cannot be NULL."); 2075 return (-1); 2076 } 2077 2078 case PCAP_SRC_IFREMOTE: 2079 pcap_strlcpy(source, 2080 (uses_ssl ? "rpcaps://" : PCAP_SRC_IF_STRING), 2081 PCAP_BUF_SIZE); 2082 if (host != NULL && *host != '\0') { 2083 if (strchr(host, ':') != NULL) { 2084 /* 2085 * The host name contains a colon, so it's 2086 * probably an IPv6 address, and needs to 2087 * be included in square brackets. 2088 */ 2089 pcap_strlcat(source, "[", PCAP_BUF_SIZE); 2090 pcap_strlcat(source, host, PCAP_BUF_SIZE); 2091 pcap_strlcat(source, "]", PCAP_BUF_SIZE); 2092 } else 2093 pcap_strlcat(source, host, PCAP_BUF_SIZE); 2094 2095 if (port != NULL && *port != '\0') { 2096 pcap_strlcat(source, ":", PCAP_BUF_SIZE); 2097 pcap_strlcat(source, port, PCAP_BUF_SIZE); 2098 } 2099 2100 pcap_strlcat(source, "/", PCAP_BUF_SIZE); 2101 } else { 2102 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2103 "The host name cannot be NULL."); 2104 return (-1); 2105 } 2106 2107 if (name != NULL && *name != '\0') 2108 pcap_strlcat(source, name, PCAP_BUF_SIZE); 2109 2110 return (0); 2111 2112 case PCAP_SRC_IFLOCAL: 2113 pcap_strlcpy(source, PCAP_SRC_IF_STRING, PCAP_BUF_SIZE); 2114 2115 if (name != NULL && *name != '\0') 2116 pcap_strlcat(source, name, PCAP_BUF_SIZE); 2117 2118 return (0); 2119 2120 default: 2121 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2122 "The interface type is not valid."); 2123 return (-1); 2124 } 2125 } 2126 2127 2128 int 2129 pcap_createsrcstr(char *source, int type, const char *host, const char *port, 2130 const char *name, char *errbuf) 2131 { 2132 return (pcap_createsrcstr_ex(source, type, host, port, name, 0, errbuf)); 2133 } 2134 2135 int 2136 pcap_parsesrcstr_ex(const char *source, int *type, char *host, char *port, 2137 char *name, unsigned char *uses_ssl, char *errbuf) 2138 { 2139 char *scheme, *tmpuserinfo, *tmphost, *tmpport, *tmppath; 2140 2141 /* Initialization stuff */ 2142 if (host) 2143 *host = '\0'; 2144 if (port) 2145 *port = '\0'; 2146 if (name) 2147 *name = '\0'; 2148 if (uses_ssl) 2149 *uses_ssl = 0; 2150 2151 /* Parse the source string */ 2152 if (pcap_parse_source(source, &scheme, &tmpuserinfo, &tmphost, 2153 &tmpport, &tmppath, errbuf) == -1) { 2154 /* 2155 * Fail. 2156 */ 2157 return (-1); 2158 } 2159 2160 if (scheme == NULL) { 2161 /* 2162 * Local device. 2163 */ 2164 if (name && tmppath) 2165 pcap_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2166 if (type) 2167 *type = PCAP_SRC_IFLOCAL; 2168 free(tmppath); 2169 free(tmpport); 2170 free(tmphost); 2171 free(tmpuserinfo); 2172 return (0); 2173 } 2174 2175 int is_rpcap = 0; 2176 if (strcmp(scheme, "rpcaps") == 0) { 2177 is_rpcap = 1; 2178 if (uses_ssl) *uses_ssl = 1; 2179 } else if (strcmp(scheme, "rpcap") == 0) { 2180 is_rpcap = 1; 2181 } 2182 2183 if (is_rpcap) { 2184 /* 2185 * rpcap[s]:// 2186 * 2187 * pcap_parse_source() has already handled the case of 2188 * rpcap[s]://device 2189 */ 2190 if (host && tmphost) { 2191 if (tmpuserinfo) 2192 snprintf(host, PCAP_BUF_SIZE, "%s@%s", 2193 tmpuserinfo, tmphost); 2194 else 2195 pcap_strlcpy(host, tmphost, PCAP_BUF_SIZE); 2196 } 2197 if (port && tmpport) 2198 pcap_strlcpy(port, tmpport, PCAP_BUF_SIZE); 2199 if (name && tmppath) 2200 pcap_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2201 if (type) 2202 *type = PCAP_SRC_IFREMOTE; 2203 free(tmppath); 2204 free(tmpport); 2205 free(tmphost); 2206 free(tmpuserinfo); 2207 free(scheme); 2208 return (0); 2209 } 2210 2211 if (strcmp(scheme, "file") == 0) { 2212 /* 2213 * file:// 2214 */ 2215 if (name && tmppath) 2216 pcap_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2217 if (type) 2218 *type = PCAP_SRC_FILE; 2219 free(tmppath); 2220 free(tmpport); 2221 free(tmphost); 2222 free(tmpuserinfo); 2223 free(scheme); 2224 return (0); 2225 } 2226 2227 /* 2228 * Neither rpcap: nor file:; just treat the entire string 2229 * as a local device. 2230 */ 2231 if (name) 2232 pcap_strlcpy(name, source, PCAP_BUF_SIZE); 2233 if (type) 2234 *type = PCAP_SRC_IFLOCAL; 2235 free(tmppath); 2236 free(tmpport); 2237 free(tmphost); 2238 free(tmpuserinfo); 2239 free(scheme); 2240 return (0); 2241 } 2242 2243 int 2244 pcap_parsesrcstr(const char *source, int *type, char *host, char *port, 2245 char *name, char *errbuf) 2246 { 2247 return (pcap_parsesrcstr_ex(source, type, host, port, name, NULL, errbuf)); 2248 } 2249 #endif 2250 2251 pcap_t * 2252 pcap_create(const char *device, char *errbuf) 2253 { 2254 size_t i; 2255 int is_theirs; 2256 pcap_t *p; 2257 char *device_str; 2258 2259 /* 2260 * A null device name is equivalent to the "any" device - 2261 * which might not be supported on this platform, but 2262 * this means that you'll get a "not supported" error 2263 * rather than, say, a crash when we try to dereference 2264 * the null pointer. 2265 */ 2266 if (device == NULL) 2267 device_str = strdup("any"); 2268 else { 2269 #ifdef _WIN32 2270 /* 2271 * On Windows, for backwards compatibility reasons, 2272 * pcap_lookupdev() returns a pointer to a sequence of 2273 * pairs of UTF-16LE device names and local code page 2274 * description strings. 2275 * 2276 * This means that if a program uses pcap_lookupdev() 2277 * to get a default device, and hands that to an API 2278 * that opens devices, we'll get handed a UTF-16LE 2279 * string, not a string in the local code page. 2280 * 2281 * To work around that, we check whether the string 2282 * looks as if it might be a UTF-16LE string and, if 2283 * so, convert it back to the local code page's 2284 * extended ASCII. 2285 * 2286 * We disable that check in "new API" mode, because: 2287 * 2288 * 1) You *cannot* reliably detect whether a 2289 * string is UTF-16LE or not; "a" could either 2290 * be a one-character ASCII string or the first 2291 * character of a UTF-16LE string. 2292 * 2293 * 2) Doing that test can run past the end of 2294 * the string, if it's a 1-character ASCII 2295 * string 2296 * 2297 * This particular version of this heuristic dates 2298 * back to WinPcap 4.1.1; PacketOpenAdapter() does 2299 * uses the same heuristic, with the exact same 2300 * vulnerability. 2301 * 2302 * That's why we disable this in "new API" mode. 2303 * We keep it around in legacy mode for backwards 2304 * compatibility. 2305 */ 2306 if (!pcap_new_api && device[0] != '\0' && device[1] == '\0') { 2307 size_t length; 2308 2309 length = wcslen((wchar_t *)device); 2310 device_str = (char *)malloc(length + 1); 2311 if (device_str == NULL) { 2312 pcap_fmt_errmsg_for_errno(errbuf, 2313 PCAP_ERRBUF_SIZE, errno, 2314 "malloc"); 2315 return (NULL); 2316 } 2317 2318 snprintf(device_str, length + 1, "%ws", 2319 (const wchar_t *)device); 2320 } else 2321 #endif 2322 device_str = strdup(device); 2323 } 2324 if (device_str == NULL) { 2325 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 2326 errno, "malloc"); 2327 return (NULL); 2328 } 2329 2330 /* 2331 * Try each of the non-local-network-interface capture 2332 * source types until we find one that works for this 2333 * device or run out of types. 2334 */ 2335 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 2336 is_theirs = 0; 2337 p = capture_source_types[i].create_op(device_str, errbuf, 2338 &is_theirs); 2339 if (is_theirs) { 2340 /* 2341 * The device name refers to a device of the 2342 * type in question; either it succeeded, 2343 * in which case p refers to a pcap_t to 2344 * later activate for the device, or it 2345 * failed, in which case p is null and we 2346 * should return that to report the failure 2347 * to create. 2348 */ 2349 if (p == NULL) { 2350 /* 2351 * We assume the caller filled in errbuf. 2352 */ 2353 free(device_str); 2354 return (NULL); 2355 } 2356 p->opt.device = device_str; 2357 return (p); 2358 } 2359 } 2360 2361 /* 2362 * OK, try it as a regular network interface. 2363 */ 2364 p = pcap_create_interface(device_str, errbuf); 2365 if (p == NULL) { 2366 /* 2367 * We assume the caller filled in errbuf. 2368 */ 2369 free(device_str); 2370 return (NULL); 2371 } 2372 p->opt.device = device_str; 2373 return (p); 2374 } 2375 2376 /* 2377 * Set nonblocking mode on an unactivated pcap_t; this sets a flag 2378 * checked by pcap_activate(), which sets the mode after calling 2379 * the activate routine. 2380 */ 2381 static int 2382 pcap_setnonblock_unactivated(pcap_t *p, int nonblock) 2383 { 2384 p->opt.nonblock = nonblock; 2385 return (0); 2386 } 2387 2388 static void 2389 initialize_ops(pcap_t *p) 2390 { 2391 /* 2392 * Set operation pointers for operations that only work on 2393 * an activated pcap_t to point to a routine that returns 2394 * a "this isn't activated" error. 2395 */ 2396 p->read_op = pcap_read_not_initialized; 2397 p->inject_op = pcap_inject_not_initialized; 2398 p->setfilter_op = pcap_setfilter_not_initialized; 2399 p->setdirection_op = pcap_setdirection_not_initialized; 2400 p->set_datalink_op = pcap_set_datalink_not_initialized; 2401 p->getnonblock_op = pcap_getnonblock_not_initialized; 2402 p->stats_op = pcap_stats_not_initialized; 2403 #ifdef _WIN32 2404 p->stats_ex_op = pcap_stats_ex_not_initialized; 2405 p->setbuff_op = pcap_setbuff_not_initialized; 2406 p->setmode_op = pcap_setmode_not_initialized; 2407 p->setmintocopy_op = pcap_setmintocopy_not_initialized; 2408 p->getevent_op = pcap_getevent_not_initialized; 2409 p->oid_get_request_op = pcap_oid_get_request_not_initialized; 2410 p->oid_set_request_op = pcap_oid_set_request_not_initialized; 2411 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized; 2412 p->setuserbuffer_op = pcap_setuserbuffer_not_initialized; 2413 p->live_dump_op = pcap_live_dump_not_initialized; 2414 p->live_dump_ended_op = pcap_live_dump_ended_not_initialized; 2415 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized; 2416 #endif 2417 2418 /* 2419 * Default cleanup operation - implementations can override 2420 * this, but should call pcap_cleanup_live_common() after 2421 * doing their own additional cleanup. 2422 */ 2423 p->cleanup_op = pcap_cleanup_live_common; 2424 2425 /* 2426 * In most cases, the standard one-shot callback can 2427 * be used for pcap_next()/pcap_next_ex(). 2428 */ 2429 p->oneshot_callback = pcap_oneshot; 2430 2431 /* 2432 * Default breakloop operation - implementations can override 2433 * this, but should call pcap_breakloop_common() before doing 2434 * their own logic. 2435 */ 2436 p->breakloop_op = pcap_breakloop_common; 2437 } 2438 2439 static pcap_t * 2440 pcap_alloc_pcap_t(char *ebuf, size_t total_size, size_t private_offset) 2441 { 2442 char *chunk; 2443 pcap_t *p; 2444 2445 /* 2446 * total_size is the size of a structure containing a pcap_t 2447 * followed by a private structure. 2448 */ 2449 chunk = calloc(total_size, 1); 2450 if (chunk == NULL) { 2451 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2452 errno, "malloc"); 2453 return (NULL); 2454 } 2455 2456 /* 2457 * Get a pointer to the pcap_t at the beginning. 2458 */ 2459 p = (pcap_t *)chunk; 2460 2461 #ifdef _WIN32 2462 p->handle = INVALID_HANDLE_VALUE; /* not opened yet */ 2463 #else /* _WIN32 */ 2464 p->fd = -1; /* not opened yet */ 2465 #ifndef MSDOS 2466 p->selectable_fd = -1; 2467 p->required_select_timeout = NULL; 2468 #endif /* MSDOS */ 2469 #endif /* _WIN32 */ 2470 2471 /* 2472 * private_offset is the offset, in bytes, of the private 2473 * data from the beginning of the structure. 2474 * 2475 * Set the pointer to the private data; that's private_offset 2476 * bytes past the pcap_t. 2477 */ 2478 p->priv = (void *)(chunk + private_offset); 2479 2480 return (p); 2481 } 2482 2483 pcap_t * 2484 pcap_create_common(char *ebuf, size_t total_size, size_t private_offset) 2485 { 2486 pcap_t *p; 2487 2488 p = pcap_alloc_pcap_t(ebuf, total_size, private_offset); 2489 if (p == NULL) 2490 return (NULL); 2491 2492 /* 2493 * Default to "can't set rfmon mode"; if it's supported by 2494 * a platform, the create routine that called us can set 2495 * the op to its routine to check whether a particular 2496 * device supports it. 2497 */ 2498 p->can_set_rfmon_op = pcap_cant_set_rfmon; 2499 2500 /* 2501 * If pcap_setnonblock() is called on a not-yet-activated 2502 * pcap_t, default to setting a flag and turning 2503 * on non-blocking mode when activated. 2504 */ 2505 p->setnonblock_op = pcap_setnonblock_unactivated; 2506 2507 initialize_ops(p); 2508 2509 /* put in some defaults*/ 2510 p->snapshot = 0; /* max packet size unspecified */ 2511 p->opt.timeout = 0; /* no timeout specified */ 2512 p->opt.buffer_size = 0; /* use the platform's default */ 2513 p->opt.promisc = 0; 2514 p->opt.rfmon = 0; 2515 p->opt.immediate = 0; 2516 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 2517 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2518 /* 2519 * Platform-dependent options. 2520 */ 2521 #ifdef __linux__ 2522 p->opt.protocol = 0; 2523 #endif 2524 #ifdef _WIN32 2525 p->opt.nocapture_local = 0; 2526 #endif 2527 2528 /* 2529 * Start out with no BPF code generation flags set. 2530 */ 2531 p->bpf_codegen_flags = 0; 2532 2533 return (p); 2534 } 2535 2536 int 2537 pcap_check_activated(pcap_t *p) 2538 { 2539 if (p->activated) { 2540 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 2541 " operation on activated capture"); 2542 return (-1); 2543 } 2544 return (0); 2545 } 2546 2547 int 2548 pcap_set_snaplen(pcap_t *p, int snaplen) 2549 { 2550 if (pcap_check_activated(p)) 2551 return (PCAP_ERROR_ACTIVATED); 2552 p->snapshot = snaplen; 2553 return (0); 2554 } 2555 2556 int 2557 pcap_set_promisc(pcap_t *p, int promisc) 2558 { 2559 if (pcap_check_activated(p)) 2560 return (PCAP_ERROR_ACTIVATED); 2561 p->opt.promisc = promisc; 2562 return (0); 2563 } 2564 2565 int 2566 pcap_set_rfmon(pcap_t *p, int rfmon) 2567 { 2568 if (pcap_check_activated(p)) 2569 return (PCAP_ERROR_ACTIVATED); 2570 p->opt.rfmon = rfmon; 2571 return (0); 2572 } 2573 2574 int 2575 pcap_set_timeout(pcap_t *p, int timeout_ms) 2576 { 2577 if (pcap_check_activated(p)) 2578 return (PCAP_ERROR_ACTIVATED); 2579 p->opt.timeout = timeout_ms; 2580 return (0); 2581 } 2582 2583 int 2584 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 2585 { 2586 int i; 2587 2588 if (pcap_check_activated(p)) 2589 return (PCAP_ERROR_ACTIVATED); 2590 2591 /* 2592 * The argument should have been u_int, but that's too late 2593 * to change now - it's an API. 2594 */ 2595 if (tstamp_type < 0) 2596 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2597 2598 /* 2599 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; 2600 * the default time stamp type is PCAP_TSTAMP_HOST. 2601 */ 2602 if (p->tstamp_type_count == 0) { 2603 if (tstamp_type == PCAP_TSTAMP_HOST) { 2604 p->opt.tstamp_type = tstamp_type; 2605 return (0); 2606 } 2607 } else { 2608 /* 2609 * Check whether we claim to support this type of time stamp. 2610 */ 2611 for (i = 0; i < p->tstamp_type_count; i++) { 2612 if (p->tstamp_type_list[i] == (u_int)tstamp_type) { 2613 /* 2614 * Yes. 2615 */ 2616 p->opt.tstamp_type = tstamp_type; 2617 return (0); 2618 } 2619 } 2620 } 2621 2622 /* 2623 * We don't support this type of time stamp. 2624 */ 2625 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2626 } 2627 2628 int 2629 pcap_set_immediate_mode(pcap_t *p, int immediate) 2630 { 2631 if (pcap_check_activated(p)) 2632 return (PCAP_ERROR_ACTIVATED); 2633 p->opt.immediate = immediate; 2634 return (0); 2635 } 2636 2637 int 2638 pcap_set_buffer_size(pcap_t *p, int buffer_size) 2639 { 2640 if (pcap_check_activated(p)) 2641 return (PCAP_ERROR_ACTIVATED); 2642 if (buffer_size <= 0) { 2643 /* 2644 * Silently ignore invalid values. 2645 */ 2646 return (0); 2647 } 2648 p->opt.buffer_size = buffer_size; 2649 return (0); 2650 } 2651 2652 int 2653 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) 2654 { 2655 int i; 2656 2657 if (pcap_check_activated(p)) 2658 return (PCAP_ERROR_ACTIVATED); 2659 2660 /* 2661 * The argument should have been u_int, but that's too late 2662 * to change now - it's an API. 2663 */ 2664 if (tstamp_precision < 0) 2665 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2666 2667 /* 2668 * If p->tstamp_precision_count is 0, we only support setting 2669 * the time stamp precision to microsecond precision; every 2670 * pcap module *MUST* support microsecond precision, even if 2671 * it does so by converting the native precision to 2672 * microseconds. 2673 */ 2674 if (p->tstamp_precision_count == 0) { 2675 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) { 2676 p->opt.tstamp_precision = tstamp_precision; 2677 return (0); 2678 } 2679 } else { 2680 /* 2681 * Check whether we claim to support this precision of 2682 * time stamp. 2683 */ 2684 for (i = 0; i < p->tstamp_precision_count; i++) { 2685 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { 2686 /* 2687 * Yes. 2688 */ 2689 p->opt.tstamp_precision = tstamp_precision; 2690 return (0); 2691 } 2692 } 2693 } 2694 2695 /* 2696 * We don't support this time stamp precision. 2697 */ 2698 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2699 } 2700 2701 int 2702 pcap_get_tstamp_precision(pcap_t *p) 2703 { 2704 return (p->opt.tstamp_precision); 2705 } 2706 2707 int 2708 pcap_activate(pcap_t *p) 2709 { 2710 int status; 2711 2712 /* 2713 * Catch attempts to re-activate an already-activated 2714 * pcap_t; this should, for example, catch code that 2715 * calls pcap_open_live() followed by pcap_activate(), 2716 * as some code that showed up in a Stack Exchange 2717 * question did. 2718 */ 2719 if (pcap_check_activated(p)) 2720 return (PCAP_ERROR_ACTIVATED); 2721 status = p->activate_op(p); 2722 if (status >= 0) { 2723 /* 2724 * If somebody requested non-blocking mode before 2725 * calling pcap_activate(), turn it on now. 2726 */ 2727 if (p->opt.nonblock) { 2728 status = p->setnonblock_op(p, 1); 2729 if (status < 0) { 2730 /* 2731 * Failed. Undo everything done by 2732 * the activate operation. 2733 */ 2734 p->cleanup_op(p); 2735 initialize_ops(p); 2736 return (status); 2737 } 2738 } 2739 p->activated = 1; 2740 } else { 2741 if (p->errbuf[0] == '\0') { 2742 /* 2743 * No error message supplied by the activate routine; 2744 * for the benefit of programs that don't specially 2745 * handle errors other than PCAP_ERROR, return the 2746 * error message corresponding to the status. 2747 */ 2748 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 2749 pcap_statustostr(status)); 2750 } 2751 2752 /* 2753 * Undo any operation pointer setting, etc. done by 2754 * the activate operation. 2755 */ 2756 initialize_ops(p); 2757 } 2758 return (status); 2759 } 2760 2761 pcap_t * 2762 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf) 2763 { 2764 pcap_t *p; 2765 int status; 2766 #ifdef ENABLE_REMOTE 2767 char host[PCAP_BUF_SIZE + 1]; 2768 char port[PCAP_BUF_SIZE + 1]; 2769 char name[PCAP_BUF_SIZE + 1]; 2770 int srctype; 2771 2772 /* 2773 * A null device name is equivalent to the "any" device - 2774 * which might not be supported on this platform, but 2775 * this means that you'll get a "not supported" error 2776 * rather than, say, a crash when we try to dereference 2777 * the null pointer. 2778 */ 2779 if (device == NULL) 2780 device = "any"; 2781 2782 /* 2783 * Retrofit - we have to make older applications compatible with 2784 * remote capture. 2785 * So we're calling pcap_open_remote() from here; this is a very 2786 * dirty hack. 2787 * Obviously, we cannot exploit all the new features; for instance, 2788 * we cannot send authentication, we cannot use a UDP data connection, 2789 * and so on. 2790 */ 2791 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf)) 2792 return (NULL); 2793 2794 if (srctype == PCAP_SRC_IFREMOTE) { 2795 /* 2796 * Although we already have host, port and iface, we prefer 2797 * to pass only 'device' to pcap_open_rpcap(), so that it has 2798 * to call pcap_parsesrcstr() again. 2799 * This is less optimized, but much clearer. 2800 */ 2801 return (pcap_open_rpcap(device, snaplen, 2802 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms, 2803 NULL, errbuf)); 2804 } 2805 if (srctype == PCAP_SRC_FILE) { 2806 snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\""); 2807 return (NULL); 2808 } 2809 if (srctype == PCAP_SRC_IFLOCAL) { 2810 /* 2811 * If it starts with rpcap://, that refers to a local device 2812 * (no host part in the URL). Remove the rpcap://, and 2813 * fall through to the regular open path. 2814 */ 2815 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) { 2816 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1; 2817 2818 if (len > 0) 2819 device += strlen(PCAP_SRC_IF_STRING); 2820 } 2821 } 2822 #endif /* ENABLE_REMOTE */ 2823 2824 p = pcap_create(device, errbuf); 2825 if (p == NULL) 2826 return (NULL); 2827 status = pcap_set_snaplen(p, snaplen); 2828 if (status < 0) 2829 goto fail; 2830 status = pcap_set_promisc(p, promisc); 2831 if (status < 0) 2832 goto fail; 2833 status = pcap_set_timeout(p, to_ms); 2834 if (status < 0) 2835 goto fail; 2836 /* 2837 * Mark this as opened with pcap_open_live(), so that, for 2838 * example, we show the full list of DLT_ values, rather 2839 * than just the ones that are compatible with capturing 2840 * when not in monitor mode. That allows existing applications 2841 * to work the way they used to work, but allows new applications 2842 * that know about the new open API to, for example, find out the 2843 * DLT_ values that they can select without changing whether 2844 * the adapter is in monitor mode or not. 2845 */ 2846 p->oldstyle = 1; 2847 status = pcap_activate(p); 2848 if (status < 0) 2849 goto fail; 2850 return (p); 2851 fail: 2852 if (status == PCAP_ERROR) 2853 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %.*s", device, 2854 PCAP_ERRBUF_SIZE - 3, p->errbuf); 2855 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 2856 status == PCAP_ERROR_PERM_DENIED || 2857 status == PCAP_ERROR_PROMISC_PERM_DENIED) 2858 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%.*s)", device, 2859 pcap_statustostr(status), PCAP_ERRBUF_SIZE - 6, p->errbuf); 2860 else 2861 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 2862 pcap_statustostr(status)); 2863 pcap_close(p); 2864 return (NULL); 2865 } 2866 2867 pcap_t * 2868 pcap_open_offline_common(char *ebuf, size_t total_size, size_t private_offset) 2869 { 2870 pcap_t *p; 2871 2872 p = pcap_alloc_pcap_t(ebuf, total_size, private_offset); 2873 if (p == NULL) 2874 return (NULL); 2875 2876 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2877 2878 return (p); 2879 } 2880 2881 int 2882 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2883 { 2884 return (p->read_op(p, cnt, callback, user)); 2885 } 2886 2887 int 2888 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2889 { 2890 register int n; 2891 2892 for (;;) { 2893 if (p->rfile != NULL) { 2894 /* 2895 * 0 means EOF, so don't loop if we get 0. 2896 */ 2897 n = pcap_offline_read(p, cnt, callback, user); 2898 } else { 2899 /* 2900 * XXX keep reading until we get something 2901 * (or an error occurs) 2902 */ 2903 do { 2904 n = p->read_op(p, cnt, callback, user); 2905 } while (n == 0); 2906 } 2907 if (n <= 0) 2908 return (n); 2909 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) { 2910 cnt -= n; 2911 if (cnt <= 0) 2912 return (0); 2913 } 2914 } 2915 } 2916 2917 /* 2918 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 2919 */ 2920 void 2921 pcap_breakloop(pcap_t *p) 2922 { 2923 p->breakloop_op(p); 2924 } 2925 2926 int 2927 pcap_datalink(pcap_t *p) 2928 { 2929 if (!p->activated) 2930 return (PCAP_ERROR_NOT_ACTIVATED); 2931 return (p->linktype); 2932 } 2933 2934 int 2935 pcap_datalink_ext(pcap_t *p) 2936 { 2937 if (!p->activated) 2938 return (PCAP_ERROR_NOT_ACTIVATED); 2939 return (p->linktype_ext); 2940 } 2941 2942 int 2943 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 2944 { 2945 if (!p->activated) 2946 return (PCAP_ERROR_NOT_ACTIVATED); 2947 if (p->dlt_count == 0) { 2948 /* 2949 * We couldn't fetch the list of DLTs, which means 2950 * this platform doesn't support changing the 2951 * DLT for an interface. Return a list of DLTs 2952 * containing only the DLT this device supports. 2953 */ 2954 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 2955 if (*dlt_buffer == NULL) { 2956 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 2957 errno, "malloc"); 2958 return (PCAP_ERROR); 2959 } 2960 **dlt_buffer = p->linktype; 2961 return (1); 2962 } else { 2963 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 2964 if (*dlt_buffer == NULL) { 2965 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 2966 errno, "malloc"); 2967 return (PCAP_ERROR); 2968 } 2969 (void)memcpy(*dlt_buffer, p->dlt_list, 2970 sizeof(**dlt_buffer) * p->dlt_count); 2971 return (p->dlt_count); 2972 } 2973 } 2974 2975 /* 2976 * In Windows, you might have a library built with one version of the 2977 * C runtime library and an application built with another version of 2978 * the C runtime library, which means that the library might use one 2979 * version of malloc() and free() and the application might use another 2980 * version of malloc() and free(). If so, that means something 2981 * allocated by the library cannot be freed by the application, so we 2982 * need to have a pcap_free_datalinks() routine to free up the list 2983 * allocated by pcap_list_datalinks(), even though it's just a wrapper 2984 * around free(). 2985 */ 2986 void 2987 pcap_free_datalinks(int *dlt_list) 2988 { 2989 free(dlt_list); 2990 } 2991 2992 int 2993 pcap_set_datalink(pcap_t *p, int dlt) 2994 { 2995 int i; 2996 const char *dlt_name; 2997 2998 if (dlt < 0) 2999 goto unsupported; 3000 3001 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 3002 /* 3003 * We couldn't fetch the list of DLTs, or we don't 3004 * have a "set datalink" operation, which means 3005 * this platform doesn't support changing the 3006 * DLT for an interface. Check whether the new 3007 * DLT is the one this interface supports. 3008 */ 3009 if (p->linktype != dlt) 3010 goto unsupported; 3011 3012 /* 3013 * It is, so there's nothing we need to do here. 3014 */ 3015 return (0); 3016 } 3017 for (i = 0; i < p->dlt_count; i++) 3018 if (p->dlt_list[i] == (u_int)dlt) 3019 break; 3020 if (i >= p->dlt_count) 3021 goto unsupported; 3022 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 3023 dlt == DLT_DOCSIS) { 3024 /* 3025 * This is presumably an Ethernet device, as the first 3026 * link-layer type it offers is DLT_EN10MB, and the only 3027 * other type it offers is DLT_DOCSIS. That means that 3028 * we can't tell the driver to supply DOCSIS link-layer 3029 * headers - we're just pretending that's what we're 3030 * getting, as, presumably, we're capturing on a dedicated 3031 * link to a Cisco Cable Modem Termination System, and 3032 * it's putting raw DOCSIS frames on the wire inside low-level 3033 * Ethernet framing. 3034 */ 3035 p->linktype = dlt; 3036 return (0); 3037 } 3038 if (p->set_datalink_op(p, dlt) == -1) 3039 return (-1); 3040 p->linktype = dlt; 3041 return (0); 3042 3043 unsupported: 3044 dlt_name = pcap_datalink_val_to_name(dlt); 3045 if (dlt_name != NULL) { 3046 (void) snprintf(p->errbuf, sizeof(p->errbuf), 3047 "%s is not one of the DLTs supported by this device", 3048 dlt_name); 3049 } else { 3050 (void) snprintf(p->errbuf, sizeof(p->errbuf), 3051 "DLT %d is not one of the DLTs supported by this device", 3052 dlt); 3053 } 3054 return (-1); 3055 } 3056 3057 /* 3058 * This array is designed for mapping upper and lower case letter 3059 * together for a case independent comparison. The mappings are 3060 * based upon ascii character sequences. 3061 */ 3062 static const u_char charmap[] = { 3063 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 3064 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 3065 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 3066 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 3067 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 3068 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 3069 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 3070 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 3071 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 3072 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 3073 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 3074 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 3075 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 3076 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 3077 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 3078 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 3079 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 3080 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 3081 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 3082 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 3083 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 3084 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 3085 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 3086 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 3087 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 3088 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 3089 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 3090 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 3091 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 3092 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 3093 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 3094 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 3095 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 3096 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 3097 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 3098 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 3099 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 3100 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 3101 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 3102 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 3103 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 3104 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 3105 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 3106 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 3107 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 3108 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 3109 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 3110 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 3111 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 3112 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 3113 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 3114 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 3115 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 3116 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 3117 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 3118 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 3119 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 3120 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 3121 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 3122 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 3123 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 3124 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 3125 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 3126 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 3127 }; 3128 3129 int 3130 pcap_strcasecmp(const char *s1, const char *s2) 3131 { 3132 register const u_char *cm = charmap, 3133 *us1 = (const u_char *)s1, 3134 *us2 = (const u_char *)s2; 3135 3136 while (cm[*us1] == cm[*us2++]) 3137 if (*us1++ == '\0') 3138 return(0); 3139 return (cm[*us1] - cm[*--us2]); 3140 } 3141 3142 struct dlt_choice { 3143 const char *name; 3144 const char *description; 3145 int dlt; 3146 }; 3147 3148 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code } 3149 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 3150 3151 static struct dlt_choice dlt_choices[] = { 3152 DLT_CHOICE(NULL, "BSD loopback"), 3153 DLT_CHOICE(EN10MB, "Ethernet"), 3154 DLT_CHOICE(IEEE802, "Token ring"), 3155 DLT_CHOICE(ARCNET, "BSD ARCNET"), 3156 DLT_CHOICE(SLIP, "SLIP"), 3157 DLT_CHOICE(PPP, "PPP"), 3158 DLT_CHOICE(FDDI, "FDDI"), 3159 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 3160 DLT_CHOICE(RAW, "Raw IP"), 3161 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"), 3162 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"), 3163 DLT_CHOICE(ATM_CLIP, "Linux Classical IP over ATM"), 3164 DLT_CHOICE(PPP_SERIAL, "PPP over serial"), 3165 DLT_CHOICE(PPP_ETHER, "PPPoE"), 3166 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"), 3167 DLT_CHOICE(C_HDLC, "Cisco HDLC"), 3168 DLT_CHOICE(IEEE802_11, "802.11"), 3169 DLT_CHOICE(FRELAY, "Frame Relay"), 3170 DLT_CHOICE(LOOP, "OpenBSD loopback"), 3171 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"), 3172 DLT_CHOICE(LINUX_SLL, "Linux cooked v1"), 3173 DLT_CHOICE(LTALK, "Localtalk"), 3174 DLT_CHOICE(PFLOG, "OpenBSD pflog file"), 3175 DLT_CHOICE(PFSYNC, "Packet filter state syncing"), 3176 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"), 3177 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 3178 DLT_CHOICE(SUNATM, "Sun raw ATM"), 3179 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"), 3180 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"), 3181 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 3182 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 3183 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"), 3184 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"), 3185 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 3186 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"), 3187 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 3188 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"), 3189 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 3190 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 3191 DLT_CHOICE(MTP2, "SS7 MTP2"), 3192 DLT_CHOICE(MTP3, "SS7 MTP3"), 3193 DLT_CHOICE(SCCP, "SS7 SCCP"), 3194 DLT_CHOICE(DOCSIS, "DOCSIS"), 3195 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"), 3196 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 3197 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 3198 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"), 3199 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"), 3200 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"), 3201 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 3202 DLT_CHOICE(GPRS_LLC, "GPRS LLC"), 3203 DLT_CHOICE(GPF_T, "GPF-T"), 3204 DLT_CHOICE(GPF_F, "GPF-F"), 3205 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"), 3206 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"), 3207 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"), 3208 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"), 3209 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"), 3210 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"), 3211 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"), 3212 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"), 3213 DLT_CHOICE(MFR, "FRF.16 Frame Relay"), 3214 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"), 3215 DLT_CHOICE(A429, "Arinc 429"), 3216 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"), 3217 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"), 3218 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 3219 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 3220 DLT_CHOICE(USB_LINUX, "USB with Linux header"), 3221 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"), 3222 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 3223 DLT_CHOICE(PPI, "Per-Packet Information"), 3224 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 3225 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"), 3226 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"), 3227 DLT_CHOICE(SITA, "SITA pseudo-header"), 3228 DLT_CHOICE(ERF, "Endace ERF header"), 3229 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"), 3230 DLT_CHOICE(IPMB_KONTRON, "IPMB with Kontron pseudo-header"), 3231 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"), 3232 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 3233 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"), 3234 DLT_CHOICE(IPMB_LINUX, "IPMB with Linux/Pigeon Point pseudo-header"), 3235 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 3236 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"), 3237 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"), 3238 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"), 3239 DLT_CHOICE(DECT, "DECT"), 3240 DLT_CHOICE(AOS, "AOS Space Data Link protocol"), 3241 DLT_CHOICE(WIHART, "Wireless HART"), 3242 DLT_CHOICE(FC_2, "Fibre Channel FC-2"), 3243 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 3244 DLT_CHOICE(IPNET, "Solaris ipnet"), 3245 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 3246 DLT_CHOICE(IPV4, "Raw IPv4"), 3247 DLT_CHOICE(IPV6, "Raw IPv6"), 3248 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 3249 DLT_CHOICE(DBUS, "D-Bus"), 3250 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"), 3251 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"), 3252 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 3253 DLT_CHOICE(DVB_CI, "DVB-CI"), 3254 DLT_CHOICE(MUX27010, "MUX27010"), 3255 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"), 3256 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 3257 DLT_CHOICE(NFLOG, "Linux netfilter log messages"), 3258 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 3259 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 3260 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"), 3261 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"), 3262 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"), 3263 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"), 3264 DLT_CHOICE(INFINIBAND, "InfiniBand"), 3265 DLT_CHOICE(SCTP, "SCTP"), 3266 DLT_CHOICE(USBPCAP, "USB with USBPcap header"), 3267 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"), 3268 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"), 3269 DLT_CHOICE(NETLINK, "Linux netlink"), 3270 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"), 3271 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"), 3272 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"), 3273 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"), 3274 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"), 3275 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"), 3276 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"), 3277 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"), 3278 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"), 3279 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"), 3280 DLT_CHOICE(ISO_14443, "ISO 14443 messages"), 3281 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"), 3282 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"), 3283 DLT_CHOICE(OPENFLOW, "OpenBSD DLT_OPENFLOW"), 3284 DLT_CHOICE(SDLC, "IBM SDLC frames"), 3285 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"), 3286 DLT_CHOICE(VSOCK, "Linux vsock"), 3287 DLT_CHOICE(NORDIC_BLE, "Nordic Semiconductor Bluetooth LE sniffer frames"), 3288 DLT_CHOICE(DOCSIS31_XRA31, "Excentis XRA-31 DOCSIS 3.1 RF sniffer frames"), 3289 DLT_CHOICE(ETHERNET_MPACKET, "802.3br mPackets"), 3290 DLT_CHOICE(DISPLAYPORT_AUX, "DisplayPort AUX channel monitoring data"), 3291 DLT_CHOICE(LINUX_SLL2, "Linux cooked v2"), 3292 DLT_CHOICE(OPENVIZSLA, "OpenVizsla USB"), 3293 DLT_CHOICE(EBHSCR, "Elektrobit High Speed Capture and Replay (EBHSCR)"), 3294 DLT_CHOICE(VPP_DISPATCH, "VPP graph dispatch tracer"), 3295 DLT_CHOICE(DSA_TAG_BRCM, "Broadcom tag"), 3296 DLT_CHOICE(DSA_TAG_BRCM_PREPEND, "Broadcom tag (prepended)"), 3297 DLT_CHOICE(IEEE802_15_4_TAP, "IEEE 802.15.4 with pseudo-header"), 3298 DLT_CHOICE(DSA_TAG_DSA, "Marvell DSA"), 3299 DLT_CHOICE(DSA_TAG_EDSA, "Marvell EDSA"), 3300 DLT_CHOICE(ELEE, "ELEE lawful intercept packets"), 3301 DLT_CHOICE(Z_WAVE_SERIAL, "Z-Wave serial frames between host and chip"), 3302 DLT_CHOICE(USB_2_0, "USB 2.0/1.1/1.0 as transmitted over the cable"), 3303 DLT_CHOICE(ATSC_ALP, "ATSC Link-Layer Protocol packets"), 3304 DLT_CHOICE_SENTINEL 3305 }; 3306 3307 int 3308 pcap_datalink_name_to_val(const char *name) 3309 { 3310 int i; 3311 3312 for (i = 0; dlt_choices[i].name != NULL; i++) { 3313 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0) 3314 return (dlt_choices[i].dlt); 3315 } 3316 return (-1); 3317 } 3318 3319 const char * 3320 pcap_datalink_val_to_name(int dlt) 3321 { 3322 int i; 3323 3324 for (i = 0; dlt_choices[i].name != NULL; i++) { 3325 if (dlt_choices[i].dlt == dlt) 3326 return (dlt_choices[i].name); 3327 } 3328 return (NULL); 3329 } 3330 3331 const char * 3332 pcap_datalink_val_to_description(int dlt) 3333 { 3334 int i; 3335 3336 for (i = 0; dlt_choices[i].name != NULL; i++) { 3337 if (dlt_choices[i].dlt == dlt) 3338 return (dlt_choices[i].description); 3339 } 3340 return (NULL); 3341 } 3342 3343 const char * 3344 pcap_datalink_val_to_description_or_dlt(int dlt) 3345 { 3346 static char unkbuf[40]; 3347 const char *description; 3348 3349 description = pcap_datalink_val_to_description(dlt); 3350 if (description != NULL) { 3351 return description; 3352 } else { 3353 (void)snprintf(unkbuf, sizeof(unkbuf), "DLT %u", dlt); 3354 return unkbuf; 3355 } 3356 } 3357 3358 struct tstamp_type_choice { 3359 const char *name; 3360 const char *description; 3361 int type; 3362 }; 3363 3364 static struct tstamp_type_choice tstamp_type_choices[] = { 3365 { "host", "Host", PCAP_TSTAMP_HOST }, 3366 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 3367 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 3368 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 3369 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 3370 { "host_hiprec_unsynced", "Host, high precision, not synced with system time", PCAP_TSTAMP_HOST_HIPREC_UNSYNCED }, 3371 { NULL, NULL, 0 } 3372 }; 3373 3374 int 3375 pcap_tstamp_type_name_to_val(const char *name) 3376 { 3377 int i; 3378 3379 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3380 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 3381 return (tstamp_type_choices[i].type); 3382 } 3383 return (PCAP_ERROR); 3384 } 3385 3386 const char * 3387 pcap_tstamp_type_val_to_name(int tstamp_type) 3388 { 3389 int i; 3390 3391 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3392 if (tstamp_type_choices[i].type == tstamp_type) 3393 return (tstamp_type_choices[i].name); 3394 } 3395 return (NULL); 3396 } 3397 3398 const char * 3399 pcap_tstamp_type_val_to_description(int tstamp_type) 3400 { 3401 int i; 3402 3403 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3404 if (tstamp_type_choices[i].type == tstamp_type) 3405 return (tstamp_type_choices[i].description); 3406 } 3407 return (NULL); 3408 } 3409 3410 int 3411 pcap_snapshot(pcap_t *p) 3412 { 3413 if (!p->activated) 3414 return (PCAP_ERROR_NOT_ACTIVATED); 3415 return (p->snapshot); 3416 } 3417 3418 int 3419 pcap_is_swapped(pcap_t *p) 3420 { 3421 if (!p->activated) 3422 return (PCAP_ERROR_NOT_ACTIVATED); 3423 return (p->swapped); 3424 } 3425 3426 int 3427 pcap_major_version(pcap_t *p) 3428 { 3429 if (!p->activated) 3430 return (PCAP_ERROR_NOT_ACTIVATED); 3431 return (p->version_major); 3432 } 3433 3434 int 3435 pcap_minor_version(pcap_t *p) 3436 { 3437 if (!p->activated) 3438 return (PCAP_ERROR_NOT_ACTIVATED); 3439 return (p->version_minor); 3440 } 3441 3442 int 3443 pcap_bufsize(pcap_t *p) 3444 { 3445 if (!p->activated) 3446 return (PCAP_ERROR_NOT_ACTIVATED); 3447 return (p->bufsize); 3448 } 3449 3450 FILE * 3451 pcap_file(pcap_t *p) 3452 { 3453 return (p->rfile); 3454 } 3455 3456 #ifdef _WIN32 3457 int 3458 pcap_fileno(pcap_t *p) 3459 { 3460 if (p->handle != INVALID_HANDLE_VALUE) { 3461 /* 3462 * This is a bogus and now-deprecated API; we 3463 * squelch the narrowing warning for the cast 3464 * from HANDLE to DWORD. If Windows programmmers 3465 * need to get at the HANDLE for a pcap_t, *if* 3466 * there is one, they should request such a 3467 * routine (and be prepared for it to return 3468 * INVALID_HANDLE_VALUE). 3469 */ 3470 DIAG_OFF_NARROWING 3471 return ((int)(DWORD)p->handle); 3472 DIAG_ON_NARROWING 3473 } else 3474 return (PCAP_ERROR); 3475 } 3476 #else /* _WIN32 */ 3477 int 3478 pcap_fileno(pcap_t *p) 3479 { 3480 return (p->fd); 3481 } 3482 #endif /* _WIN32 */ 3483 3484 #if !defined(_WIN32) && !defined(MSDOS) 3485 int 3486 pcap_get_selectable_fd(pcap_t *p) 3487 { 3488 return (p->selectable_fd); 3489 } 3490 3491 const struct timeval * 3492 pcap_get_required_select_timeout(pcap_t *p) 3493 { 3494 return (p->required_select_timeout); 3495 } 3496 #endif 3497 3498 void 3499 pcap_perror(pcap_t *p, const char *prefix) 3500 { 3501 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 3502 } 3503 3504 char * 3505 pcap_geterr(pcap_t *p) 3506 { 3507 return (p->errbuf); 3508 } 3509 3510 int 3511 pcap_getnonblock(pcap_t *p, char *errbuf) 3512 { 3513 int ret; 3514 3515 ret = p->getnonblock_op(p); 3516 if (ret == -1) { 3517 /* 3518 * The get nonblock operation sets p->errbuf; this 3519 * function *shouldn't* have had a separate errbuf 3520 * argument, as it didn't need one, but I goofed 3521 * when adding it. 3522 * 3523 * We copy the error message to errbuf, so callers 3524 * can find it in either place. 3525 */ 3526 pcap_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3527 } 3528 return (ret); 3529 } 3530 3531 /* 3532 * Get the current non-blocking mode setting, under the assumption that 3533 * it's just the standard POSIX non-blocking flag. 3534 */ 3535 #if !defined(_WIN32) && !defined(MSDOS) 3536 int 3537 pcap_getnonblock_fd(pcap_t *p) 3538 { 3539 int fdflags; 3540 3541 fdflags = fcntl(p->fd, F_GETFL, 0); 3542 if (fdflags == -1) { 3543 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3544 errno, "F_GETFL"); 3545 return (-1); 3546 } 3547 if (fdflags & O_NONBLOCK) 3548 return (1); 3549 else 3550 return (0); 3551 } 3552 #endif 3553 3554 int 3555 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 3556 { 3557 int ret; 3558 3559 ret = p->setnonblock_op(p, nonblock); 3560 if (ret == -1) { 3561 /* 3562 * The set nonblock operation sets p->errbuf; this 3563 * function *shouldn't* have had a separate errbuf 3564 * argument, as it didn't need one, but I goofed 3565 * when adding it. 3566 * 3567 * We copy the error message to errbuf, so callers 3568 * can find it in either place. 3569 */ 3570 pcap_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3571 } 3572 return (ret); 3573 } 3574 3575 #if !defined(_WIN32) && !defined(MSDOS) 3576 /* 3577 * Set non-blocking mode, under the assumption that it's just the 3578 * standard POSIX non-blocking flag. (This can be called by the 3579 * per-platform non-blocking-mode routine if that routine also 3580 * needs to do some additional work.) 3581 */ 3582 int 3583 pcap_setnonblock_fd(pcap_t *p, int nonblock) 3584 { 3585 int fdflags; 3586 3587 fdflags = fcntl(p->fd, F_GETFL, 0); 3588 if (fdflags == -1) { 3589 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3590 errno, "F_GETFL"); 3591 return (-1); 3592 } 3593 if (nonblock) 3594 fdflags |= O_NONBLOCK; 3595 else 3596 fdflags &= ~O_NONBLOCK; 3597 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 3598 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3599 errno, "F_SETFL"); 3600 return (-1); 3601 } 3602 return (0); 3603 } 3604 #endif 3605 3606 /* 3607 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 3608 */ 3609 const char * 3610 pcap_statustostr(int errnum) 3611 { 3612 static char ebuf[15+10+1]; 3613 3614 switch (errnum) { 3615 3616 case PCAP_WARNING: 3617 return("Generic warning"); 3618 3619 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 3620 return ("That type of time stamp is not supported by that device"); 3621 3622 case PCAP_WARNING_PROMISC_NOTSUP: 3623 return ("That device doesn't support promiscuous mode"); 3624 3625 case PCAP_ERROR: 3626 return("Generic error"); 3627 3628 case PCAP_ERROR_BREAK: 3629 return("Loop terminated by pcap_breakloop"); 3630 3631 case PCAP_ERROR_NOT_ACTIVATED: 3632 return("The pcap_t has not been activated"); 3633 3634 case PCAP_ERROR_ACTIVATED: 3635 return ("The setting can't be changed after the pcap_t is activated"); 3636 3637 case PCAP_ERROR_NO_SUCH_DEVICE: 3638 return ("No such device exists"); 3639 3640 case PCAP_ERROR_RFMON_NOTSUP: 3641 return ("That device doesn't support monitor mode"); 3642 3643 case PCAP_ERROR_NOT_RFMON: 3644 return ("That operation is supported only in monitor mode"); 3645 3646 case PCAP_ERROR_PERM_DENIED: 3647 return ("You don't have permission to capture on that device"); 3648 3649 case PCAP_ERROR_IFACE_NOT_UP: 3650 return ("That device is not up"); 3651 3652 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 3653 return ("That device doesn't support setting the time stamp type"); 3654 3655 case PCAP_ERROR_PROMISC_PERM_DENIED: 3656 return ("You don't have permission to capture in promiscuous mode on that device"); 3657 3658 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP: 3659 return ("That device doesn't support that time stamp precision"); 3660 } 3661 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 3662 return(ebuf); 3663 } 3664 3665 /* 3666 * Not all systems have strerror(). 3667 */ 3668 const char * 3669 pcap_strerror(int errnum) 3670 { 3671 #ifdef HAVE_STRERROR 3672 #ifdef _WIN32 3673 static char errbuf[PCAP_ERRBUF_SIZE]; 3674 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum); 3675 3676 if (err != 0) /* err = 0 if successful */ 3677 pcap_strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE); 3678 return (errbuf); 3679 #else 3680 return (strerror(errnum)); 3681 #endif /* _WIN32 */ 3682 #else 3683 extern int sys_nerr; 3684 extern const char *const sys_errlist[]; 3685 static char errbuf[PCAP_ERRBUF_SIZE]; 3686 3687 if ((unsigned int)errnum < sys_nerr) 3688 return ((char *)sys_errlist[errnum]); 3689 (void)snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum); 3690 return (errbuf); 3691 #endif 3692 } 3693 3694 int 3695 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 3696 { 3697 return (p->setfilter_op(p, fp)); 3698 } 3699 3700 /* 3701 * Set direction flag, which controls whether we accept only incoming 3702 * packets, only outgoing packets, or both. 3703 * Note that, depending on the platform, some or all direction arguments 3704 * might not be supported. 3705 */ 3706 int 3707 pcap_setdirection(pcap_t *p, pcap_direction_t d) 3708 { 3709 if (p->setdirection_op == NULL) { 3710 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3711 "Setting direction is not supported on this device"); 3712 return (-1); 3713 } else { 3714 switch (d) { 3715 3716 case PCAP_D_IN: 3717 case PCAP_D_OUT: 3718 case PCAP_D_INOUT: 3719 /* 3720 * Valid direction. 3721 */ 3722 return (p->setdirection_op(p, d)); 3723 3724 default: 3725 /* 3726 * Invalid direction. 3727 */ 3728 snprintf(p->errbuf, sizeof(p->errbuf), 3729 "Invalid direction"); 3730 return (-1); 3731 } 3732 } 3733 } 3734 3735 int 3736 pcap_stats(pcap_t *p, struct pcap_stat *ps) 3737 { 3738 return (p->stats_op(p, ps)); 3739 } 3740 3741 #ifdef _WIN32 3742 struct pcap_stat * 3743 pcap_stats_ex(pcap_t *p, int *pcap_stat_size) 3744 { 3745 return (p->stats_ex_op(p, pcap_stat_size)); 3746 } 3747 3748 int 3749 pcap_setbuff(pcap_t *p, int dim) 3750 { 3751 return (p->setbuff_op(p, dim)); 3752 } 3753 3754 int 3755 pcap_setmode(pcap_t *p, int mode) 3756 { 3757 return (p->setmode_op(p, mode)); 3758 } 3759 3760 int 3761 pcap_setmintocopy(pcap_t *p, int size) 3762 { 3763 return (p->setmintocopy_op(p, size)); 3764 } 3765 3766 HANDLE 3767 pcap_getevent(pcap_t *p) 3768 { 3769 return (p->getevent_op(p)); 3770 } 3771 3772 int 3773 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp) 3774 { 3775 return (p->oid_get_request_op(p, oid, data, lenp)); 3776 } 3777 3778 int 3779 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp) 3780 { 3781 return (p->oid_set_request_op(p, oid, data, lenp)); 3782 } 3783 3784 pcap_send_queue * 3785 pcap_sendqueue_alloc(u_int memsize) 3786 { 3787 pcap_send_queue *tqueue; 3788 3789 /* Allocate the queue */ 3790 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue)); 3791 if (tqueue == NULL){ 3792 return (NULL); 3793 } 3794 3795 /* Allocate the buffer */ 3796 tqueue->buffer = (char *)malloc(memsize); 3797 if (tqueue->buffer == NULL) { 3798 free(tqueue); 3799 return (NULL); 3800 } 3801 3802 tqueue->maxlen = memsize; 3803 tqueue->len = 0; 3804 3805 return (tqueue); 3806 } 3807 3808 void 3809 pcap_sendqueue_destroy(pcap_send_queue *queue) 3810 { 3811 free(queue->buffer); 3812 free(queue); 3813 } 3814 3815 int 3816 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 3817 { 3818 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){ 3819 return (-1); 3820 } 3821 3822 /* Copy the pcap_pkthdr header*/ 3823 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr)); 3824 queue->len += sizeof(struct pcap_pkthdr); 3825 3826 /* copy the packet */ 3827 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen); 3828 queue->len += pkt_header->caplen; 3829 3830 return (0); 3831 } 3832 3833 u_int 3834 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync) 3835 { 3836 return (p->sendqueue_transmit_op(p, queue, sync)); 3837 } 3838 3839 int 3840 pcap_setuserbuffer(pcap_t *p, int size) 3841 { 3842 return (p->setuserbuffer_op(p, size)); 3843 } 3844 3845 int 3846 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks) 3847 { 3848 return (p->live_dump_op(p, filename, maxsize, maxpacks)); 3849 } 3850 3851 int 3852 pcap_live_dump_ended(pcap_t *p, int sync) 3853 { 3854 return (p->live_dump_ended_op(p, sync)); 3855 } 3856 3857 PAirpcapHandle 3858 pcap_get_airpcap_handle(pcap_t *p) 3859 { 3860 PAirpcapHandle handle; 3861 3862 handle = p->get_airpcap_handle_op(p); 3863 if (handle == NULL) { 3864 (void)snprintf(p->errbuf, sizeof(p->errbuf), 3865 "This isn't an AirPcap device"); 3866 } 3867 return (handle); 3868 } 3869 #endif 3870 3871 /* 3872 * On some platforms, we need to clean up promiscuous or monitor mode 3873 * when we close a device - and we want that to happen even if the 3874 * application just exits without explicitl closing devices. 3875 * On those platforms, we need to register a "close all the pcaps" 3876 * routine to be called when we exit, and need to maintain a list of 3877 * pcaps that need to be closed to clean up modes. 3878 * 3879 * XXX - not thread-safe. 3880 */ 3881 3882 /* 3883 * List of pcaps on which we've done something that needs to be 3884 * cleaned up. 3885 * If there are any such pcaps, we arrange to call "pcap_close_all()" 3886 * when we exit, and have it close all of them. 3887 */ 3888 static struct pcap *pcaps_to_close; 3889 3890 /* 3891 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 3892 * be called on exit. 3893 */ 3894 static int did_atexit; 3895 3896 static void 3897 pcap_close_all(void) 3898 { 3899 struct pcap *handle; 3900 3901 while ((handle = pcaps_to_close) != NULL) { 3902 pcap_close(handle); 3903 3904 /* 3905 * If a pcap module adds a pcap_t to the "close all" 3906 * list by calling pcap_add_to_pcaps_to_close(), it 3907 * must have a cleanup routine that removes it from the 3908 * list, by calling pcap_remove_from_pcaps_to_close(), 3909 * and must make that cleanup routine the cleanup_op 3910 * for the pcap_t. 3911 * 3912 * That means that, after pcap_close() - which calls 3913 * the cleanup_op for the pcap_t - the pcap_t must 3914 * have been removed from the list, so pcaps_to_close 3915 * must not be equal to handle. 3916 * 3917 * We check for that, and abort if handle is still 3918 * at the head of the list, to prevent infinite loops. 3919 */ 3920 if (pcaps_to_close == handle) 3921 abort(); 3922 } 3923 } 3924 3925 int 3926 pcap_do_addexit(pcap_t *p) 3927 { 3928 /* 3929 * If we haven't already done so, arrange to have 3930 * "pcap_close_all()" called when we exit. 3931 */ 3932 if (!did_atexit) { 3933 if (atexit(pcap_close_all) != 0) { 3934 /* 3935 * "atexit()" failed; let our caller know. 3936 */ 3937 pcap_strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE); 3938 return (0); 3939 } 3940 did_atexit = 1; 3941 } 3942 return (1); 3943 } 3944 3945 void 3946 pcap_add_to_pcaps_to_close(pcap_t *p) 3947 { 3948 p->next = pcaps_to_close; 3949 pcaps_to_close = p; 3950 } 3951 3952 void 3953 pcap_remove_from_pcaps_to_close(pcap_t *p) 3954 { 3955 pcap_t *pc, *prevpc; 3956 3957 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 3958 prevpc = pc, pc = pc->next) { 3959 if (pc == p) { 3960 /* 3961 * Found it. Remove it from the list. 3962 */ 3963 if (prevpc == NULL) { 3964 /* 3965 * It was at the head of the list. 3966 */ 3967 pcaps_to_close = pc->next; 3968 } else { 3969 /* 3970 * It was in the middle of the list. 3971 */ 3972 prevpc->next = pc->next; 3973 } 3974 break; 3975 } 3976 } 3977 } 3978 3979 void 3980 pcap_breakloop_common(pcap_t *p) 3981 { 3982 p->break_loop = 1; 3983 } 3984 3985 3986 void 3987 pcap_cleanup_live_common(pcap_t *p) 3988 { 3989 if (p->buffer != NULL) { 3990 free(p->buffer); 3991 p->buffer = NULL; 3992 } 3993 if (p->dlt_list != NULL) { 3994 free(p->dlt_list); 3995 p->dlt_list = NULL; 3996 p->dlt_count = 0; 3997 } 3998 if (p->tstamp_type_list != NULL) { 3999 free(p->tstamp_type_list); 4000 p->tstamp_type_list = NULL; 4001 p->tstamp_type_count = 0; 4002 } 4003 if (p->tstamp_precision_list != NULL) { 4004 free(p->tstamp_precision_list); 4005 p->tstamp_precision_list = NULL; 4006 p->tstamp_precision_count = 0; 4007 } 4008 pcap_freecode(&p->fcode); 4009 #if !defined(_WIN32) && !defined(MSDOS) 4010 if (p->fd >= 0) { 4011 close(p->fd); 4012 p->fd = -1; 4013 } 4014 p->selectable_fd = -1; 4015 #endif 4016 } 4017 4018 /* 4019 * API compatible with WinPcap's "send a packet" routine - returns -1 4020 * on error, 0 otherwise. 4021 * 4022 * XXX - what if we get a short write? 4023 */ 4024 int 4025 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 4026 { 4027 if (size <= 0) { 4028 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4029 errno, "The number of bytes to be sent must be positive"); 4030 return (PCAP_ERROR); 4031 } 4032 4033 if (p->inject_op(p, buf, size) == -1) 4034 return (-1); 4035 return (0); 4036 } 4037 4038 /* 4039 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 4040 * error, number of bytes written otherwise. 4041 */ 4042 int 4043 pcap_inject(pcap_t *p, const void *buf, size_t size) 4044 { 4045 /* 4046 * We return the number of bytes written, so the number of 4047 * bytes to write must fit in an int. 4048 */ 4049 if (size > INT_MAX) { 4050 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4051 errno, "More than %d bytes cannot be injected", INT_MAX); 4052 return (PCAP_ERROR); 4053 } 4054 4055 if (size == 0) { 4056 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4057 errno, "The number of bytes to be injected must not be zero"); 4058 return (PCAP_ERROR); 4059 } 4060 4061 return (p->inject_op(p, buf, (int)size)); 4062 } 4063 4064 void 4065 pcap_close(pcap_t *p) 4066 { 4067 if (p->opt.device != NULL) 4068 free(p->opt.device); 4069 p->cleanup_op(p); 4070 free(p); 4071 } 4072 4073 /* 4074 * Helpers for safely loding code at run time. 4075 * Currently Windows-only. 4076 */ 4077 #ifdef _WIN32 4078 // 4079 // This wrapper around loadlibrary appends the system folder (usually 4080 // C:\Windows\System32) to the relative path of the DLL, so that the DLL 4081 // is always loaded from an absolute path (it's no longer possible to 4082 // load modules from the application folder). 4083 // This solves the DLL Hijacking issue discovered in August 2010: 4084 // 4085 // https://blog.rapid7.com/2010/08/23/exploiting-dll-hijacking-flaws/ 4086 // https://blog.rapid7.com/2010/08/23/application-dll-load-hijacking/ 4087 // (the purported Rapid7 blog post link in the first of those two links 4088 // is broken; the second of those links works.) 4089 // 4090 // If any links there are broken from all the content shuffling Rapid& 4091 // did, see archived versions of the posts at their original homes, at 4092 // 4093 // https://web.archive.org/web/20110122175058/http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html 4094 // https://web.archive.org/web/20100828112111/http://blog.rapid7.com/?p=5325 4095 // 4096 pcap_code_handle_t 4097 pcap_load_code(const char *name) 4098 { 4099 /* 4100 * XXX - should this work in UTF-16LE rather than in the local 4101 * ANSI code page? 4102 */ 4103 CHAR path[MAX_PATH]; 4104 CHAR fullFileName[MAX_PATH]; 4105 UINT res; 4106 HMODULE hModule = NULL; 4107 4108 do 4109 { 4110 res = GetSystemDirectoryA(path, MAX_PATH); 4111 4112 if (res == 0) { 4113 // 4114 // some bad failure occurred; 4115 // 4116 break; 4117 } 4118 4119 if (res > MAX_PATH) { 4120 // 4121 // the buffer was not big enough 4122 // 4123 SetLastError(ERROR_INSUFFICIENT_BUFFER); 4124 break; 4125 } 4126 4127 if (res + 1 + strlen(name) + 1 < MAX_PATH) { 4128 memcpy(fullFileName, path, res * sizeof(TCHAR)); 4129 fullFileName[res] = '\\'; 4130 memcpy(&fullFileName[res + 1], name, (strlen(name) + 1) * sizeof(TCHAR)); 4131 4132 hModule = LoadLibraryA(fullFileName); 4133 } else 4134 SetLastError(ERROR_INSUFFICIENT_BUFFER); 4135 4136 } while(FALSE); 4137 4138 return hModule; 4139 } 4140 4141 pcap_funcptr_t 4142 pcap_find_function(pcap_code_handle_t code, const char *func) 4143 { 4144 return (GetProcAddress(code, func)); 4145 } 4146 #endif 4147 4148 /* 4149 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 4150 * data for the packet, check whether the packet passes the filter. 4151 * Returns the return value of the filter program, which will be zero if 4152 * the packet doesn't pass and non-zero if the packet does pass. 4153 */ 4154 int 4155 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 4156 const u_char *pkt) 4157 { 4158 const struct bpf_insn *fcode = fp->bf_insns; 4159 4160 if (fcode != NULL) 4161 return (pcap_filter(fcode, pkt, h->len, h->caplen)); 4162 else 4163 return (0); 4164 } 4165 4166 static int 4167 pcap_can_set_rfmon_dead(pcap_t *p) 4168 { 4169 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4170 "Rfmon mode doesn't apply on a pcap_open_dead pcap_t"); 4171 return (PCAP_ERROR); 4172 } 4173 4174 static int 4175 pcap_read_dead(pcap_t *p, int cnt _U_, pcap_handler callback _U_, 4176 u_char *user _U_) 4177 { 4178 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4179 "Packets aren't available from a pcap_open_dead pcap_t"); 4180 return (-1); 4181 } 4182 4183 static int 4184 pcap_inject_dead(pcap_t *p, const void *buf _U_, int size _U_) 4185 { 4186 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4187 "Packets can't be sent on a pcap_open_dead pcap_t"); 4188 return (-1); 4189 } 4190 4191 static int 4192 pcap_setfilter_dead(pcap_t *p, struct bpf_program *fp _U_) 4193 { 4194 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4195 "A filter cannot be set on a pcap_open_dead pcap_t"); 4196 return (-1); 4197 } 4198 4199 static int 4200 pcap_setdirection_dead(pcap_t *p, pcap_direction_t d _U_) 4201 { 4202 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4203 "The packet direction cannot be set on a pcap_open_dead pcap_t"); 4204 return (-1); 4205 } 4206 4207 static int 4208 pcap_set_datalink_dead(pcap_t *p, int dlt _U_) 4209 { 4210 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4211 "The link-layer header type cannot be set on a pcap_open_dead pcap_t"); 4212 return (-1); 4213 } 4214 4215 static int 4216 pcap_getnonblock_dead(pcap_t *p) 4217 { 4218 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4219 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 4220 return (-1); 4221 } 4222 4223 static int 4224 pcap_setnonblock_dead(pcap_t *p, int nonblock _U_) 4225 { 4226 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4227 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 4228 return (-1); 4229 } 4230 4231 static int 4232 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 4233 { 4234 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4235 "Statistics aren't available from a pcap_open_dead pcap_t"); 4236 return (-1); 4237 } 4238 4239 #ifdef _WIN32 4240 static struct pcap_stat * 4241 pcap_stats_ex_dead(pcap_t *p, int *pcap_stat_size _U_) 4242 { 4243 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4244 "Statistics aren't available from a pcap_open_dead pcap_t"); 4245 return (NULL); 4246 } 4247 4248 static int 4249 pcap_setbuff_dead(pcap_t *p, int dim _U_) 4250 { 4251 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4252 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 4253 return (-1); 4254 } 4255 4256 static int 4257 pcap_setmode_dead(pcap_t *p, int mode _U_) 4258 { 4259 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4260 "impossible to set mode on a pcap_open_dead pcap_t"); 4261 return (-1); 4262 } 4263 4264 static int 4265 pcap_setmintocopy_dead(pcap_t *p, int size _U_) 4266 { 4267 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4268 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 4269 return (-1); 4270 } 4271 4272 static HANDLE 4273 pcap_getevent_dead(pcap_t *p) 4274 { 4275 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4276 "A pcap_open_dead pcap_t has no event handle"); 4277 return (INVALID_HANDLE_VALUE); 4278 } 4279 4280 static int 4281 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, 4282 size_t *lenp _U_) 4283 { 4284 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4285 "An OID get request cannot be performed on a pcap_open_dead pcap_t"); 4286 return (PCAP_ERROR); 4287 } 4288 4289 static int 4290 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_, 4291 size_t *lenp _U_) 4292 { 4293 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4294 "An OID set request cannot be performed on a pcap_open_dead pcap_t"); 4295 return (PCAP_ERROR); 4296 } 4297 4298 static u_int 4299 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue _U_, 4300 int sync _U_) 4301 { 4302 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4303 "Packets cannot be transmitted on a pcap_open_dead pcap_t"); 4304 return (0); 4305 } 4306 4307 static int 4308 pcap_setuserbuffer_dead(pcap_t *p, int size _U_) 4309 { 4310 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4311 "The user buffer cannot be set on a pcap_open_dead pcap_t"); 4312 return (-1); 4313 } 4314 4315 static int 4316 pcap_live_dump_dead(pcap_t *p, char *filename _U_, int maxsize _U_, 4317 int maxpacks _U_) 4318 { 4319 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4320 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 4321 return (-1); 4322 } 4323 4324 static int 4325 pcap_live_dump_ended_dead(pcap_t *p, int sync _U_) 4326 { 4327 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4328 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 4329 return (-1); 4330 } 4331 4332 static PAirpcapHandle 4333 pcap_get_airpcap_handle_dead(pcap_t *p _U_) 4334 { 4335 return (NULL); 4336 } 4337 #endif /* _WIN32 */ 4338 4339 static void 4340 pcap_cleanup_dead(pcap_t *p _U_) 4341 { 4342 /* Nothing to do. */ 4343 } 4344 4345 pcap_t * 4346 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) 4347 { 4348 pcap_t *p; 4349 4350 switch (precision) { 4351 4352 case PCAP_TSTAMP_PRECISION_MICRO: 4353 case PCAP_TSTAMP_PRECISION_NANO: 4354 break; 4355 4356 default: 4357 /* 4358 * This doesn't really matter, but we don't have any way 4359 * to report particular errors, so the only failure we 4360 * should have is a memory allocation failure. Just 4361 * pick microsecond precision. 4362 */ 4363 precision = PCAP_TSTAMP_PRECISION_MICRO; 4364 break; 4365 } 4366 p = malloc(sizeof(*p)); 4367 if (p == NULL) 4368 return NULL; 4369 memset (p, 0, sizeof(*p)); 4370 p->snapshot = snaplen; 4371 p->linktype = linktype; 4372 p->opt.tstamp_precision = precision; 4373 p->can_set_rfmon_op = pcap_can_set_rfmon_dead; 4374 p->read_op = pcap_read_dead; 4375 p->inject_op = pcap_inject_dead; 4376 p->setfilter_op = pcap_setfilter_dead; 4377 p->setdirection_op = pcap_setdirection_dead; 4378 p->set_datalink_op = pcap_set_datalink_dead; 4379 p->getnonblock_op = pcap_getnonblock_dead; 4380 p->setnonblock_op = pcap_setnonblock_dead; 4381 p->stats_op = pcap_stats_dead; 4382 #ifdef _WIN32 4383 p->stats_ex_op = pcap_stats_ex_dead; 4384 p->setbuff_op = pcap_setbuff_dead; 4385 p->setmode_op = pcap_setmode_dead; 4386 p->setmintocopy_op = pcap_setmintocopy_dead; 4387 p->getevent_op = pcap_getevent_dead; 4388 p->oid_get_request_op = pcap_oid_get_request_dead; 4389 p->oid_set_request_op = pcap_oid_set_request_dead; 4390 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead; 4391 p->setuserbuffer_op = pcap_setuserbuffer_dead; 4392 p->live_dump_op = pcap_live_dump_dead; 4393 p->live_dump_ended_op = pcap_live_dump_ended_dead; 4394 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead; 4395 #endif 4396 p->cleanup_op = pcap_cleanup_dead; 4397 4398 /* 4399 * A "dead" pcap_t never requires special BPF code generation. 4400 */ 4401 p->bpf_codegen_flags = 0; 4402 4403 p->activated = 1; 4404 return (p); 4405 } 4406 4407 pcap_t * 4408 pcap_open_dead(int linktype, int snaplen) 4409 { 4410 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen, 4411 PCAP_TSTAMP_PRECISION_MICRO)); 4412 } 4413 4414 #ifdef YYDEBUG 4415 /* 4416 * Set the internal "debug printout" flag for the filter expression parser. 4417 * The code to print that stuff is present only if YYDEBUG is defined, so 4418 * the flag, and the routine to set it, are defined only if YYDEBUG is 4419 * defined. 4420 * 4421 * This is intended for libpcap developers, not for general use. 4422 * If you want to set these in a program, you'll have to declare this 4423 * routine yourself, with the appropriate DLL import attribute on Windows; 4424 * it's not declared in any header file, and won't be declared in any 4425 * header file provided by libpcap. 4426 */ 4427 PCAP_API void pcap_set_parser_debug(int value); 4428 4429 PCAP_API_DEF void 4430 pcap_set_parser_debug(int value) 4431 { 4432 pcap_debug = value; 4433 } 4434 #endif 4435