]> The Tcpdump Group git mirrors - libpcap/blob - pcap.c
projects / libpcap / blob


1d684cc3cf4068b6aa120aa26d2d70d4bf1a56df
[libpcap] / pcap.c
1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37
38 #include <pcap-types.h>
39 #ifndef _WIN32
40 #include <sys/param.h>
41 #ifndef MSDOS
42 #include <sys/file.h>
43 #endif
44 #include <sys/ioctl.h>
45 #include <sys/socket.h>
46 #ifdef HAVE_SYS_SOCKIO_H
47 #include <sys/sockio.h>
48 #endif
49
50 struct mbuf; /* Squelch compiler warnings on some platforms for */
51 struct rtentry; /* declarations in <net/if.h> */
52 #include <net/if.h>
53 #include <netinet/in.h>
54 #endif /* _WIN32 */
55
56 #include <stdio.h>
57 #include <stdlib.h>
58 #include <string.h>
59 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
60 #include <unistd.h>
61 #endif
62 #include <fcntl.h>
63 #include <errno.h>
64 #include <limits.h>
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #ifdef MSDOS
71 #include "pcap-dos.h"
72 #endif
73
74 #include "pcap-int.h"
75
76 #include "optimize.h"
77
78 #ifdef HAVE_DAG_API
79 #include "pcap-dag.h"
80 #endif /* HAVE_DAG_API */
81
82 #ifdef HAVE_SEPTEL_API
83 #include "pcap-septel.h"
84 #endif /* HAVE_SEPTEL_API */
85
86 #ifdef HAVE_SNF_API
87 #include "pcap-snf.h"
88 #endif /* HAVE_SNF_API */
89
90 #ifdef HAVE_TC_API
91 #include "pcap-tc.h"
92 #endif /* HAVE_TC_API */
93
94 #ifdef PCAP_SUPPORT_LINUX_USBMON
95 #include "pcap-usb-linux.h"
96 #endif
97
98 #ifdef PCAP_SUPPORT_BT
99 #include "pcap-bt-linux.h"
100 #endif
101
102 #ifdef PCAP_SUPPORT_BT_MONITOR
103 #include "pcap-bt-monitor-linux.h"
104 #endif
105
106 #ifdef PCAP_SUPPORT_NETFILTER
107 #include "pcap-netfilter-linux.h"
108 #endif
109
110 #ifdef PCAP_SUPPORT_NETMAP
111 #include "pcap-netmap.h"
112 #endif
113
114 #ifdef PCAP_SUPPORT_DBUS
115 #include "pcap-dbus.h"
116 #endif
117
118 #ifdef PCAP_SUPPORT_RDMASNIFF
119 #include "pcap-rdmasniff.h"
120 #endif
121
122 #ifdef PCAP_SUPPORT_DPDK
123 #include "pcap-dpdk.h"
124 #endif
125
126 #ifdef _WIN32
127 /*
128 * DllMain(), required when built as a Windows DLL.
129 */
130 BOOL WINAPI DllMain(
131 HANDLE hinstDLL _U_,
132 DWORD dwReason _U_,
133 LPVOID lpvReserved _U_
134 )
135 {
136 return (TRUE);
137 }
138
139 /*
140 * Start WinSock.
141 * Exported in case some applications using WinPcap/Npcap called it,
142 * even though it wasn't exported.
143 */
144 int
145 wsockinit(void)
146 {
147 WORD wVersionRequested;
148 WSADATA wsaData;
149 static int err = -1;
150 static int done = 0;
151
152 if (done)
153 return (err);
154
155 wVersionRequested = MAKEWORD( 1, 1);
156 err = WSAStartup( wVersionRequested, &wsaData );
157 atexit ((void(*)(void))WSACleanup);
158 done = 1;
159
160 if ( err != 0 )
161 err = -1;
162 return (err);
163 }
164
165 /*
166 * This is the exported function; new programs should call this.
167 */
168 int
169 pcap_wsockinit(void)
170 {
171 return (wsockinit());
172 }
173 #endif /* _WIN32 */
174
175 /*
176 * String containing the library version.
177 * Not explicitly exported via a header file - the right API to use
178 * is pcap_lib_version() - but some programs included it, so we
179 * provide it.
180 *
181 * We declare it here, right before defining it, to squelch any
182 * warnings we might get from compilers about the lack of a
183 * declaration.
184 */
185 PCAP_API char pcap_version[];
186 PCAP_API_DEF char pcap_version[] = PACKAGE_VERSION;
187
188 static void
189 pcap_set_not_initialized_message(pcap_t *pcap)
190 {
191 if (pcap->activated) {
192 /* A module probably forgot to set the function pointer */
193 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf),
194 "This operation isn't properly handled by that device");
195 return;
196 }
197 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */
198 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf),
199 "This handle hasn't been activated yet");
200 }
201
202 static int
203 pcap_read_not_initialized(pcap_t *pcap, int cnt _U_, pcap_handler callback _U_,
204 u_char *user _U_)
205 {
206 pcap_set_not_initialized_message(pcap);
207 /* this means 'not initialized' */
208 return (PCAP_ERROR_NOT_ACTIVATED);
209 }
210
211 static int
212 pcap_inject_not_initialized(pcap_t *pcap, const void * buf _U_, int size _U_)
213 {
214 pcap_set_not_initialized_message(pcap);
215 /* this means 'not initialized' */
216 return (PCAP_ERROR_NOT_ACTIVATED);
217 }
218
219 static int
220 pcap_setfilter_not_initialized(pcap_t *pcap, struct bpf_program *fp _U_)
221 {
222 pcap_set_not_initialized_message(pcap);
223 /* this means 'not initialized' */
224 return (PCAP_ERROR_NOT_ACTIVATED);
225 }
226
227 static int
228 pcap_setdirection_not_initialized(pcap_t *pcap, pcap_direction_t d _U_)
229 {
230 pcap_set_not_initialized_message(pcap);
231 /* this means 'not initialized' */
232 return (PCAP_ERROR_NOT_ACTIVATED);
233 }
234
235 static int
236 pcap_set_datalink_not_initialized(pcap_t *pcap, int dlt _U_)
237 {
238 pcap_set_not_initialized_message(pcap);
239 /* this means 'not initialized' */
240 return (PCAP_ERROR_NOT_ACTIVATED);
241 }
242
243 static int
244 pcap_getnonblock_not_initialized(pcap_t *pcap)
245 {
246 pcap_set_not_initialized_message(pcap);
247 /* this means 'not initialized' */
248 return (PCAP_ERROR_NOT_ACTIVATED);
249 }
250
251 static int
252 pcap_stats_not_initialized(pcap_t *pcap, struct pcap_stat *ps _U_)
253 {
254 pcap_set_not_initialized_message(pcap);
255 /* this means 'not initialized' */
256 return (PCAP_ERROR_NOT_ACTIVATED);
257 }
258
259 #ifdef _WIN32
260 static struct pcap_stat *
261 pcap_stats_ex_not_initialized(pcap_t *pcap, int *pcap_stat_size _U_)
262 {
263 pcap_set_not_initialized_message(pcap);
264 return (NULL);
265 }
266
267 static int
268 pcap_setbuff_not_initialized(pcap_t *pcap, int dim _U_)
269 {
270 pcap_set_not_initialized_message(pcap);
271 /* this means 'not initialized' */
272 return (PCAP_ERROR_NOT_ACTIVATED);
273 }
274
275 static int
276 pcap_setmode_not_initialized(pcap_t *pcap, int mode _U_)
277 {
278 pcap_set_not_initialized_message(pcap);
279 /* this means 'not initialized' */
280 return (PCAP_ERROR_NOT_ACTIVATED);
281 }
282
283 static int
284 pcap_setmintocopy_not_initialized(pcap_t *pcap, int size _U_)
285 {
286 pcap_set_not_initialized_message(pcap);
287 /* this means 'not initialized' */
288 return (PCAP_ERROR_NOT_ACTIVATED);
289 }
290
291 static HANDLE
292 pcap_getevent_not_initialized(pcap_t *pcap)
293 {
294 pcap_set_not_initialized_message(pcap);
295 return (INVALID_HANDLE_VALUE);
296 }
297
298 static int
299 pcap_oid_get_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_,
300 void *data _U_, size_t *lenp _U_)
301 {
302 pcap_set_not_initialized_message(pcap);
303 return (PCAP_ERROR_NOT_ACTIVATED);
304 }
305
306 static int
307 pcap_oid_set_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_,
308 const void *data _U_, size_t *lenp _U_)
309 {
310 pcap_set_not_initialized_message(pcap);
311 return (PCAP_ERROR_NOT_ACTIVATED);
312 }
313
314 static u_int
315 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue _U_,
316 int sync _U_)
317 {
318 pcap_set_not_initialized_message(pcap);
319 return (0);
320 }
321
322 static int
323 pcap_setuserbuffer_not_initialized(pcap_t *pcap, int size _U_)
324 {
325 pcap_set_not_initialized_message(pcap);
326 return (PCAP_ERROR_NOT_ACTIVATED);
327 }
328
329 static int
330 pcap_live_dump_not_initialized(pcap_t *pcap, char *filename _U_, int maxsize _U_,
331 int maxpacks _U_)
332 {
333 pcap_set_not_initialized_message(pcap);
334 return (PCAP_ERROR_NOT_ACTIVATED);
335 }
336
337 static int
338 pcap_live_dump_ended_not_initialized(pcap_t *pcap, int sync _U_)
339 {
340 pcap_set_not_initialized_message(pcap);
341 return (PCAP_ERROR_NOT_ACTIVATED);
342 }
343
344 static PAirpcapHandle
345 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap)
346 {
347 pcap_set_not_initialized_message(pcap);
348 return (NULL);
349 }
350 #endif
351
352 /*
353 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
354 * a PCAP_ERROR value on an error.
355 */
356 int
357 pcap_can_set_rfmon(pcap_t *p)
358 {
359 return (p->can_set_rfmon_op(p));
360 }
361
362 /*
363 * For systems where rfmon mode is never supported.
364 */
365 static int
366 pcap_cant_set_rfmon(pcap_t *p _U_)
367 {
368 return (0);
369 }
370
371 /*
372 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
373 * types; the return value is the number of supported time stamp types.
374 * The list should be freed by a call to pcap_free_tstamp_types() when
375 * you're done with it.
376 *
377 * A return value of 0 means "you don't get a choice of time stamp type",
378 * in which case *tstamp_typesp is set to null.
379 *
380 * PCAP_ERROR is returned on error.
381 */
382 int
383 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
384 {
385 if (p->tstamp_type_count == 0) {
386 /*
387 * We don't support multiple time stamp types.
388 * That means the only type we support is PCAP_TSTAMP_HOST;
389 * set up a list containing only that type.
390 */
391 *tstamp_typesp = (int*)malloc(sizeof(**tstamp_typesp));
392 if (*tstamp_typesp == NULL) {
393 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf),
394 errno, "malloc");
395 return (PCAP_ERROR);
396 }
397 **tstamp_typesp = PCAP_TSTAMP_HOST;
398 return (1);
399 } else {
400 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
401 p->tstamp_type_count);
402 if (*tstamp_typesp == NULL) {
403 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf),
404 errno, "malloc");
405 return (PCAP_ERROR);
406 }
407 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
408 sizeof(**tstamp_typesp) * p->tstamp_type_count);
409 return (p->tstamp_type_count);
410 }
411 }
412
413 /*
414 * In Windows, you might have a library built with one version of the
415 * C runtime library and an application built with another version of
416 * the C runtime library, which means that the library might use one
417 * version of malloc() and free() and the application might use another
418 * version of malloc() and free(). If so, that means something
419 * allocated by the library cannot be freed by the application, so we
420 * need to have a pcap_free_tstamp_types() routine to free up the list
421 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
422 * around free().
423 */
424 void
425 pcap_free_tstamp_types(int *tstamp_type_list)
426 {
427 free(tstamp_type_list);
428 }
429
430 /*
431 * Default one-shot callback; overridden for capture types where the
432 * packet data cannot be guaranteed to be available after the callback
433 * returns, so that a copy must be made.
434 */
435 void
436 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
437 {
438 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
439
440 *sp->hdr = *h;
441 *sp->pkt = pkt;
442 }
443
444 const u_char *
445 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
446 {
447 struct oneshot_userdata s;
448 const u_char *pkt;
449
450 s.hdr = h;
451 s.pkt = &pkt;
452 s.pd = p;
453 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
454 return (0);
455 return (pkt);
456 }
457
458 int
459 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
460 const u_char **pkt_data)
461 {
462 struct oneshot_userdata s;
463
464 s.hdr = &p->pcap_header;
465 s.pkt = pkt_data;
466 s.pd = p;
467
468 /* Saves a pointer to the packet headers */
469 *pkt_header= &p->pcap_header;
470
471 if (p->rfile != NULL) {
472 int status;
473
474 /* We are on an offline capture */
475 status = pcap_offline_read(p, 1, p->oneshot_callback,
476 (u_char *)&s);
477
478 /*
479 * Return codes for pcap_offline_read() are:
480 * - 0: EOF
481 * - -1: error
482 * - >1: OK
483 * The first one ('0') conflicts with the return code of
484 * 0 from pcap_read() meaning "no packets arrived before
485 * the timeout expired", so we map it to -2 so you can
486 * distinguish between an EOF from a savefile and a
487 * "no packets arrived before the timeout expired, try
488 * again" from a live capture.
489 */
490 if (status == 0)
491 return (-2);
492 else
493 return (status);
494 }
495
496 /*
497 * Return codes for pcap_read() are:
498 * - 0: timeout
499 * - -1: error
500 * - -2: loop was broken out of with pcap_breakloop()
501 * - >1: OK
502 * The first one ('0') conflicts with the return code of 0 from
503 * pcap_offline_read() meaning "end of file".
504 */
505 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
506 }
507
508 /*
509 * Implementation of a pcap_if_list_t.
510 */
511 struct pcap_if_list {
512 pcap_if_t *beginning;
513 };
514
515 static struct capture_source_type {
516 int (*findalldevs_op)(pcap_if_list_t *, char *);
517 pcap_t *(*create_op)(const char *, char *, int *);
518 } capture_source_types[] = {
519 #ifdef HAVE_DAG_API
520 { dag_findalldevs, dag_create },
521 #endif
522 #ifdef HAVE_SEPTEL_API
523 { septel_findalldevs, septel_create },
524 #endif
525 #ifdef HAVE_SNF_API
526 { snf_findalldevs, snf_create },
527 #endif
528 #ifdef HAVE_TC_API
529 { TcFindAllDevs, TcCreate },
530 #endif
531 #ifdef PCAP_SUPPORT_BT
532 { bt_findalldevs, bt_create },
533 #endif
534 #ifdef PCAP_SUPPORT_BT_MONITOR
535 { bt_monitor_findalldevs, bt_monitor_create },
536 #endif
537 #ifdef PCAP_SUPPORT_LINUX_USBMON
538 { usb_findalldevs, usb_create },
539 #endif
540 #ifdef PCAP_SUPPORT_NETFILTER
541 { netfilter_findalldevs, netfilter_create },
542 #endif
543 #ifdef PCAP_SUPPORT_NETMAP
544 { pcap_netmap_findalldevs, pcap_netmap_create },
545 #endif
546 #ifdef PCAP_SUPPORT_DBUS
547 { dbus_findalldevs, dbus_create },
548 #endif
549 #ifdef PCAP_SUPPORT_RDMASNIFF
550 { rdmasniff_findalldevs, rdmasniff_create },
551 #endif
552 #ifdef PCAP_SUPPORT_DPDK
553 { pcap_dpdk_findalldevs, pcap_dpdk_create },
554 #endif
555 { NULL, NULL }
556 };
557
558 /*
559 * Get a list of all capture sources that are up and that we can open.
560 * Returns -1 on error, 0 otherwise.
561 * The list, as returned through "alldevsp", may be null if no interfaces
562 * were up and could be opened.
563 */
564 int
565 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
566 {
567 size_t i;
568 pcap_if_list_t devlist;
569
570 /*
571 * Find all the local network interfaces on which we
572 * can capture.
573 */
574 devlist.beginning = NULL;
575 if (pcap_platform_finddevs(&devlist, errbuf) == -1) {
576 /*
577 * Failed - free all of the entries we were given
578 * before we failed.
579 */
580 if (devlist.beginning != NULL)
581 pcap_freealldevs(devlist.beginning);
582 *alldevsp = NULL;
583 return (-1);
584 }
585
586 /*
587 * Ask each of the non-local-network-interface capture
588 * source types what interfaces they have.
589 */
590 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
591 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) {
592 /*
593 * We had an error; free the list we've been
594 * constructing.
595 */
596 if (devlist.beginning != NULL)
597 pcap_freealldevs(devlist.beginning);
598 *alldevsp = NULL;
599 return (-1);
600 }
601 }
602
603 /*
604 * Return the first entry of the list of all devices.
605 */
606 *alldevsp = devlist.beginning;
607 return (0);
608 }
609
610 static struct sockaddr *
611 dup_sockaddr(struct sockaddr *sa, size_t sa_length)
612 {
613 struct sockaddr *newsa;
614
615 if ((newsa = malloc(sa_length)) == NULL)
616 return (NULL);
617 return (memcpy(newsa, sa, sa_length));
618 }
619
620 /*
621 * Construct a "figure of merit" for an interface, for use when sorting
622 * the list of interfaces, in which interfaces that are up are superior
623 * to interfaces that aren't up, interfaces that are up and running are
624 * superior to interfaces that are up but not running, and non-loopback
625 * interfaces that are up and running are superior to loopback interfaces,
626 * and interfaces with the same flags have a figure of merit that's higher
627 * the lower the instance number.
628 *
629 * The goal is to try to put the interfaces most likely to be useful for
630 * capture at the beginning of the list.
631 *
632 * The figure of merit, which is lower the "better" the interface is,
633 * has the uppermost bit set if the interface isn't running, the bit
634 * below that set if the interface isn't up, the bit below that
635 * set if the interface is a loopback interface, and the bit below
636 * that set if it's the "any" interface.
637 *
638 * Note: we don't sort by unit number because 1) not all interfaces have
639 * a unit number (systemd, for example, might assign interface names
640 * based on the interface's MAC address or on the physical location of
641 * the adapter's connector), and 2) if the name does end with a simple
642 * unit number, it's not a global property of the interface, it's only
643 * useful as a sort key for device names with the same prefix, so xyz0
644 * shouldn't necessarily sort before abc2. This means that interfaces
645 * with the same figure of merit will be sorted by the order in which
646 * the mechanism from which we're getting the interfaces supplies them.
647 */
648 static u_int
649 get_figure_of_merit(pcap_if_t *dev)
650 {
651 u_int n;
652
653 n = 0;
654 if (!(dev->flags & PCAP_IF_RUNNING))
655 n |= 0x80000000;
656 if (!(dev->flags & PCAP_IF_UP))
657 n |= 0x40000000;
658
659 /*
660 * Give non-wireless interfaces that aren't disconnected a better
661 * figure of merit than interfaces that are disconnected, as
662 * "disconnected" should indicate that the interface isn't
663 * plugged into a network and thus won't give you any traffic.
664 *
665 * For wireless interfaces, it means "associated with a network",
666 * which we presume not to necessarily prevent capture, as you
667 * might run the adapter in some flavor of monitor mode.
668 */
669 if (!(dev->flags & PCAP_IF_WIRELESS) &&
670 (dev->flags & PCAP_IF_CONNECTION_STATUS) == PCAP_IF_CONNECTION_STATUS_DISCONNECTED)
671 n |= 0x20000000;
672
673 /*
674 * Sort loopback devices after non-loopback devices, *except* for
675 * disconnected devices.
676 */
677 if (dev->flags & PCAP_IF_LOOPBACK)
678 n |= 0x10000000;
679
680 /*
681 * Sort the "any" device before loopback and disconnected devices,
682 * but after all other devices.
683 */
684 if (strcmp(dev->name, "any") == 0)
685 n |= 0x08000000;
686
687 return (n);
688 }
689
690 #ifndef _WIN32
691 /*
692 * Try to get a description for a given device.
693 * Returns a mallocated description if it could and NULL if it couldn't.
694 *
695 * XXX - on FreeBSDs that support it, should it get the sysctl named
696 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description
697 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800"
698 * with my Cisco 350 card, so the name isn't entirely descriptive. The
699 * "dev.an.0.%pnpinfo" has a better description, although one might argue
700 * that the problem is really a driver bug - if it can find out that it's
701 * a Cisco 340 or 350, rather than an old Aironet card, it should use
702 * that in the description.
703 *
704 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD
705 * and OpenBSD let you get a description, but it's not generated by the OS,
706 * it's set with another ioctl that ifconfig supports; we use that to get
707 * a description in FreeBSD and OpenBSD, but if there is no such
708 * description available, it still might be nice to get some description
709 * string based on the device type or something such as that.
710 *
711 * In macOS, the System Configuration framework can apparently return
712 * names in 10.4 and later.
713 *
714 * It also appears that freedesktop.org's HAL offers an "info.product"
715 * string, but the HAL specification says it "should not be used in any
716 * UI" and "subsystem/capability specific properties" should be used
717 * instead and, in any case, I think HAL is being deprecated in
718 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear
719 * to have any obvious product information for devices, but maybe
720 * I haven't looked hard enough.
721 *
722 * Using the System Configuration framework, or HAL, or DeviceKit, or
723 * whatever, would require that libpcap applications be linked with
724 * the frameworks/libraries in question. That shouldn't be a problem
725 * for programs linking with the shared version of libpcap (unless
726 * you're running on AIX - which I think is the only UN*X that doesn't
727 * support linking a shared library with other libraries on which it
728 * depends, and having an executable linked only with the first shared
729 * library automatically pick up the other libraries when started -
730 * and using HAL or whatever). Programs linked with the static
731 * version of libpcap would have to use pcap-config with the --static
732 * flag in order to get the right linker flags in order to pick up
733 * the additional libraries/frameworks; those programs need that anyway
734 * for libpcap 1.1 and beyond on Linux, as, by default, it requires
735 * -lnl.
736 *
737 * Do any other UN*Xes, or desktop environments support getting a
738 * description?
739 */
740 static char *
741 #ifdef SIOCGIFDESCR
742 get_if_description(const char *name)
743 {
744 char *description = NULL;
745 int s;
746 struct ifreq ifrdesc;
747 #ifndef IFDESCRSIZE
748 size_t descrlen = 64;
749 #else
750 size_t descrlen = IFDESCRSIZE;
751 #endif /* IFDESCRSIZE */
752
753 /*
754 * Get the description for the interface.
755 */
756 memset(&ifrdesc, 0, sizeof ifrdesc);
757 pcap_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
758 s = socket(AF_INET, SOCK_DGRAM, 0);
759 if (s >= 0) {
760 #ifdef __FreeBSD__
761 /*
762 * On FreeBSD, if the buffer isn't big enough for the
763 * description, the ioctl succeeds, but the description
764 * isn't copied, ifr_buffer.length is set to the description
765 * length, and ifr_buffer.buffer is set to NULL.
766 */
767 for (;;) {
768 free(description);
769 if ((description = malloc(descrlen)) != NULL) {
770 ifrdesc.ifr_buffer.buffer = description;
771 ifrdesc.ifr_buffer.length = descrlen;
772 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
773 if (ifrdesc.ifr_buffer.buffer ==
774 description)
775 break;
776 else
777 descrlen = ifrdesc.ifr_buffer.length;
778 } else {
779 /*
780 * Failed to get interface description.
781 */
782 free(description);
783 description = NULL;
784 break;
785 }
786 } else
787 break;
788 }
789 #else /* __FreeBSD__ */
790 /*
791 * The only other OS that currently supports
792 * SIOCGIFDESCR is OpenBSD, and it has no way
793 * to get the description length - it's clamped
794 * to a maximum of IFDESCRSIZE.
795 */
796 if ((description = malloc(descrlen)) != NULL) {
797 ifrdesc.ifr_data = (caddr_t)description;
798 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
799 /*
800 * Failed to get interface description.
801 */
802 free(description);
803 description = NULL;
804 }
805 }
806 #endif /* __FreeBSD__ */
807 close(s);
808 if (description != NULL && description[0] == '\0') {
809 /*
810 * Description is empty, so discard it.
811 */
812 free(description);
813 description = NULL;
814 }
815 }
816
817 #ifdef __FreeBSD__
818 /*
819 * For FreeBSD, if we didn't get a description, and this is
820 * a device with a name of the form usbusN, label it as a USB
821 * bus.
822 */
823 if (description == NULL) {
824 if (strncmp(name, "usbus", 5) == 0) {
825 /*
826 * OK, it begins with "usbus".
827 */
828 long busnum;
829 char *p;
830
831 errno = 0;
832 busnum = strtol(name + 5, &p, 10);
833 if (errno == 0 && p != name + 5 && *p == '\0' &&
834 busnum >= 0 && busnum <= INT_MAX) {
835 /*
836 * OK, it's a valid number that's not
837 * bigger than INT_MAX. Construct
838 * a description from it.
839 * (If that fails, we don't worry about
840 * it, we just return NULL.)
841 */
842 if (pcap_asprintf(&description,
843 "USB bus number %ld", busnum) == -1) {
844 /* Failed. */
845 description = NULL;
846 }
847 }
848 }
849 }
850 #endif
851 return (description);
852 #else /* SIOCGIFDESCR */
853 get_if_description(const char *name _U_)
854 {
855 return (NULL);
856 #endif /* SIOCGIFDESCR */
857 }
858
859 /*
860 * Look for a given device in the specified list of devices.
861 *
862 * If we find it, return a pointer to its entry.
863 *
864 * If we don't find it, attempt to add an entry for it, with the specified
865 * IFF_ flags and description, and, if that succeeds, return a pointer to
866 * the new entry, otherwise return NULL and set errbuf to an error message.
867 */
868 pcap_if_t *
869 find_or_add_if(pcap_if_list_t *devlistp, const char *name,
870 bpf_u_int32 if_flags, get_if_flags_func get_flags_func, char *errbuf)
871 {
872 bpf_u_int32 pcap_flags;
873
874 /*
875 * Convert IFF_ flags to pcap flags.
876 */
877 pcap_flags = 0;
878 #ifdef IFF_LOOPBACK
879 if (if_flags & IFF_LOOPBACK)
880 pcap_flags |= PCAP_IF_LOOPBACK;
881 #else
882 /*
883 * We don't have IFF_LOOPBACK, so look at the device name to
884 * see if it looks like a loopback device.
885 */
886 if (name[0] == 'l' && name[1] == 'o' &&
887 (PCAP_ISDIGIT(name[2]) || name[2] == '\0')
888 pcap_flags |= PCAP_IF_LOOPBACK;
889 #endif
890 #ifdef IFF_UP
891 if (if_flags & IFF_UP)
892 pcap_flags |= PCAP_IF_UP;
893 #endif
894 #ifdef IFF_RUNNING
895 if (if_flags & IFF_RUNNING)
896 pcap_flags |= PCAP_IF_RUNNING;
897 #endif
898
899 /*
900 * Attempt to find an entry for this device; if we don't find one,
901 * attempt to add one.
902 */
903 return (find_or_add_dev(devlistp, name, pcap_flags,
904 get_flags_func, get_if_description(name), errbuf));
905 }
906
907 /*
908 * Look for a given device in the specified list of devices.
909 *
910 * If we find it, then, if the specified address isn't null, add it to
911 * the list of addresses for the device and return 0.
912 *
913 * If we don't find it, attempt to add an entry for it, with the specified
914 * IFF_ flags and description, and, if that succeeds, add the specified
915 * address to its list of addresses if that address is non-null, and
916 * return 0, otherwise return -1 and set errbuf to an error message.
917 *
918 * (We can get called with a null address because we might get a list
919 * of interface name/address combinations from the underlying OS, with
920 * the address being absent in some cases, rather than a list of
921 * interfaces with each interface having a list of addresses, so this
922 * call may be the only call made to add to the list, and we want to
923 * add interfaces even if they have no addresses.)
924 */
925 int
926 add_addr_to_if(pcap_if_list_t *devlistp, const char *name,
927 bpf_u_int32 if_flags, get_if_flags_func get_flags_func,
928 struct sockaddr *addr, size_t addr_size,
929 struct sockaddr *netmask, size_t netmask_size,
930 struct sockaddr *broadaddr, size_t broadaddr_size,
931 struct sockaddr *dstaddr, size_t dstaddr_size,
932 char *errbuf)
933 {
934 pcap_if_t *curdev;
935
936 /*
937 * Check whether the device exists and, if not, add it.
938 */
939 curdev = find_or_add_if(devlistp, name, if_flags, get_flags_func,
940 errbuf);
941 if (curdev == NULL) {
942 /*
943 * Error - give up.
944 */
945 return (-1);
946 }
947
948 if (addr == NULL) {
949 /*
950 * There's no address to add; this entry just meant
951 * "here's a new interface".
952 */
953 return (0);
954 }
955
956 /*
957 * "curdev" is an entry for this interface, and we have an
958 * address for it; add an entry for that address to the
959 * interface's list of addresses.
960 */
961 return (add_addr_to_dev(curdev, addr, addr_size, netmask,
962 netmask_size, broadaddr, broadaddr_size, dstaddr,
963 dstaddr_size, errbuf));
964 }
965 #endif /* _WIN32 */
966
967 /*
968 * Add an entry to the list of addresses for an interface.
969 * "curdev" is the entry for that interface.
970 */
971 int
972 add_addr_to_dev(pcap_if_t *curdev,
973 struct sockaddr *addr, size_t addr_size,
974 struct sockaddr *netmask, size_t netmask_size,
975 struct sockaddr *broadaddr, size_t broadaddr_size,
976 struct sockaddr *dstaddr, size_t dstaddr_size,
977 char *errbuf)
978 {
979 pcap_addr_t *curaddr, *prevaddr, *nextaddr;
980
981 /*
982 * Allocate the new entry and fill it in.
983 */
984 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t));
985 if (curaddr == NULL) {
986 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
987 errno, "malloc");
988 return (-1);
989 }
990
991 curaddr->next = NULL;
992 if (addr != NULL && addr_size != 0) {
993 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size);
994 if (curaddr->addr == NULL) {
995 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
996 errno, "malloc");
997 free(curaddr);
998 return (-1);
999 }
1000 } else
1001 curaddr->addr = NULL;
1002
1003 if (netmask != NULL && netmask_size != 0) {
1004 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size);
1005 if (curaddr->netmask == NULL) {
1006 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1007 errno, "malloc");
1008 if (curaddr->addr != NULL)
1009 free(curaddr->addr);
1010 free(curaddr);
1011 return (-1);
1012 }
1013 } else
1014 curaddr->netmask = NULL;
1015
1016 if (broadaddr != NULL && broadaddr_size != 0) {
1017 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size);
1018 if (curaddr->broadaddr == NULL) {
1019 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1020 errno, "malloc");
1021 if (curaddr->netmask != NULL)
1022 free(curaddr->netmask);
1023 if (curaddr->addr != NULL)
1024 free(curaddr->addr);
1025 free(curaddr);
1026 return (-1);
1027 }
1028 } else
1029 curaddr->broadaddr = NULL;
1030
1031 if (dstaddr != NULL && dstaddr_size != 0) {
1032 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size);
1033 if (curaddr->dstaddr == NULL) {
1034 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1035 errno, "malloc");
1036 if (curaddr->broadaddr != NULL)
1037 free(curaddr->broadaddr);
1038 if (curaddr->netmask != NULL)
1039 free(curaddr->netmask);
1040 if (curaddr->addr != NULL)
1041 free(curaddr->addr);
1042 free(curaddr);
1043 return (-1);
1044 }
1045 } else
1046 curaddr->dstaddr = NULL;
1047
1048 /*
1049 * Find the end of the list of addresses.
1050 */
1051 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) {
1052 nextaddr = prevaddr->next;
1053 if (nextaddr == NULL) {
1054 /*
1055 * This is the end of the list.
1056 */
1057 break;
1058 }
1059 }
1060
1061 if (prevaddr == NULL) {
1062 /*
1063 * The list was empty; this is the first member.
1064 */
1065 curdev->addresses = curaddr;
1066 } else {
1067 /*
1068 * "prevaddr" is the last member of the list; append
1069 * this member to it.
1070 */
1071 prevaddr->next = curaddr;
1072 }
1073
1074 return (0);
1075 }
1076
1077 /*
1078 * Look for a given device in the specified list of devices.
1079 *
1080 * If we find it, return 0 and set *curdev_ret to point to it.
1081 *
1082 * If we don't find it, attempt to add an entry for it, with the specified
1083 * flags and description, and, if that succeeds, return 0, otherwise
1084 * return -1 and set errbuf to an error message.
1085 */
1086 pcap_if_t *
1087 find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags,
1088 get_if_flags_func get_flags_func, const char *description, char *errbuf)
1089 {
1090 pcap_if_t *curdev;
1091
1092 /*
1093 * Is there already an entry in the list for this device?
1094 */
1095 curdev = find_dev(devlistp, name);
1096 if (curdev != NULL) {
1097 /*
1098 * Yes, return it.
1099 */
1100 return (curdev);
1101 }
1102
1103 /*
1104 * No, we didn't find it.
1105 */
1106
1107 /*
1108 * Try to get additional flags for the device.
1109 */
1110 if ((*get_flags_func)(name, &flags, errbuf) == -1) {
1111 /*
1112 * Failed.
1113 */
1114 return (NULL);
1115 }
1116
1117 /*
1118 * Now, try to add it to the list of devices.
1119 */
1120 return (add_dev(devlistp, name, flags, description, errbuf));
1121 }
1122
1123 /*
1124 * Look for a given device in the specified list of devices, and return
1125 * the entry for it if we find it or NULL if we don't.
1126 */
1127 pcap_if_t *
1128 find_dev(pcap_if_list_t *devlistp, const char *name)
1129 {
1130 pcap_if_t *curdev;
1131
1132 /*
1133 * Is there an entry in the list for this device?
1134 */
1135 for (curdev = devlistp->beginning; curdev != NULL;
1136 curdev = curdev->next) {
1137 if (strcmp(name, curdev->name) == 0) {
1138 /*
1139 * We found it, so, yes, there is. No need to
1140 * add it. Provide the entry we found to our
1141 * caller.
1142 */
1143 return (curdev);
1144 }
1145 }
1146
1147 /*
1148 * No.
1149 */
1150 return (NULL);
1151 }
1152
1153 /*
1154 * Attempt to add an entry for a device, with the specified flags
1155 * and description, and, if that succeeds, return 0 and return a pointer
1156 * to the new entry, otherwise return NULL and set errbuf to an error
1157 * message.
1158 *
1159 * If we weren't given a description, try to get one.
1160 */
1161 pcap_if_t *
1162 add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags,
1163 const char *description, char *errbuf)
1164 {
1165 pcap_if_t *curdev, *prevdev, *nextdev;
1166 u_int this_figure_of_merit, nextdev_figure_of_merit;
1167
1168 curdev = malloc(sizeof(pcap_if_t));
1169 if (curdev == NULL) {
1170 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1171 errno, "malloc");
1172 return (NULL);
1173 }
1174
1175 /*
1176 * Fill in the entry.
1177 */
1178 curdev->next = NULL;
1179 curdev->name = strdup(name);
1180 if (curdev->name == NULL) {
1181 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1182 errno, "malloc");
1183 free(curdev);
1184 return (NULL);
1185 }
1186 if (description == NULL) {
1187 /*
1188 * We weren't handed a description for the interface.
1189 */
1190 curdev->description = NULL;
1191 } else {
1192 /*
1193 * We were handed a description; make a copy.
1194 */
1195 curdev->description = strdup(description);
1196 if (curdev->description == NULL) {
1197 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1198 errno, "malloc");
1199 free(curdev->name);
1200 free(curdev);
1201 return (NULL);
1202 }
1203 }
1204 curdev->addresses = NULL; /* list starts out as empty */
1205 curdev->flags = flags;
1206
1207 /*
1208 * Add it to the list, in the appropriate location.
1209 * First, get the "figure of merit" for this interface.
1210 */
1211 this_figure_of_merit = get_figure_of_merit(curdev);
1212
1213 /*
1214 * Now look for the last interface with an figure of merit
1215 * less than or equal to the new interface's figure of merit.
1216 *
1217 * We start with "prevdev" being NULL, meaning we're before
1218 * the first element in the list.
1219 */
1220 prevdev = NULL;
1221 for (;;) {
1222 /*
1223 * Get the interface after this one.
1224 */
1225 if (prevdev == NULL) {
1226 /*
1227 * The next element is the first element.
1228 */
1229 nextdev = devlistp->beginning;
1230 } else
1231 nextdev = prevdev->next;
1232
1233 /*
1234 * Are we at the end of the list?
1235 */
1236 if (nextdev == NULL) {
1237 /*
1238 * Yes - we have to put the new entry after "prevdev".
1239 */
1240 break;
1241 }
1242
1243 /*
1244 * Is the new interface's figure of merit less
1245 * than the next interface's figure of merit,
1246 * meaning that the new interface is better
1247 * than the next interface?
1248 */
1249 nextdev_figure_of_merit = get_figure_of_merit(nextdev);
1250 if (this_figure_of_merit < nextdev_figure_of_merit) {
1251 /*
1252 * Yes - we should put the new entry
1253 * before "nextdev", i.e. after "prevdev".
1254 */
1255 break;
1256 }
1257
1258 prevdev = nextdev;
1259 }
1260
1261 /*
1262 * Insert before "nextdev".
1263 */
1264 curdev->next = nextdev;
1265
1266 /*
1267 * Insert after "prevdev" - unless "prevdev" is null,
1268 * in which case this is the first interface.
1269 */
1270 if (prevdev == NULL) {
1271 /*
1272 * This is the first interface. Make it
1273 * the first element in the list of devices.
1274 */
1275 devlistp->beginning = curdev;
1276 } else
1277 prevdev->next = curdev;
1278 return (curdev);
1279 }
1280
1281 /*
1282 * Free a list of interfaces.
1283 */
1284 void
1285 pcap_freealldevs(pcap_if_t *alldevs)
1286 {
1287 pcap_if_t *curdev, *nextdev;
1288 pcap_addr_t *curaddr, *nextaddr;
1289
1290 for (curdev = alldevs; curdev != NULL; curdev = nextdev) {
1291 nextdev = curdev->next;
1292
1293 /*
1294 * Free all addresses.
1295 */
1296 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) {
1297 nextaddr = curaddr->next;
1298 if (curaddr->addr)
1299 free(curaddr->addr);
1300 if (curaddr->netmask)
1301 free(curaddr->netmask);
1302 if (curaddr->broadaddr)
1303 free(curaddr->broadaddr);
1304 if (curaddr->dstaddr)
1305 free(curaddr->dstaddr);
1306 free(curaddr);
1307 }
1308
1309 /*
1310 * Free the name string.
1311 */
1312 free(curdev->name);
1313
1314 /*
1315 * Free the description string, if any.
1316 */
1317 if (curdev->description != NULL)
1318 free(curdev->description);
1319
1320 /*
1321 * Free the interface.
1322 */
1323 free(curdev);
1324 }
1325 }
1326
1327 /*
1328 * pcap-npf.c has its own pcap_lookupdev(), for compatibility reasons, as
1329 * it actually returns the names of all interfaces, with a NUL separator
1330 * between them; some callers may depend on that.
1331 *
1332 * MS-DOS has its own pcap_lookupdev(), but that might be useful only
1333 * as an optimization.
1334 *
1335 * In all other cases, we just use pcap_findalldevs() to get a list of
1336 * devices, and pick from that list.
1337 */
1338 #if !defined(HAVE_PACKET32) && !defined(MSDOS)
1339 /*
1340 * Return the name of a network interface attached to the system, or NULL
1341 * if none can be found. The interface must be configured up; the
1342 * lowest unit number is preferred; loopback is ignored.
1343 */
1344 char *
1345 pcap_lookupdev(char *errbuf)
1346 {
1347 pcap_if_t *alldevs;
1348 #ifdef _WIN32
1349 /*
1350 * Windows - use the same size as the old WinPcap 3.1 code.
1351 * XXX - this is probably bigger than it needs to be.
1352 */
1353 #define IF_NAMESIZE 8192
1354 #else
1355 /*
1356 * UN*X - use the system's interface name size.
1357 * XXX - that might not be large enough for capture devices
1358 * that aren't regular network interfaces.
1359 */
1360 /* for old BSD systems, including bsdi3 */
1361 #ifndef IF_NAMESIZE
1362 #define IF_NAMESIZE IFNAMSIZ
1363 #endif
1364 #endif
1365 static char device[IF_NAMESIZE + 1];
1366 char *ret;
1367
1368 if (pcap_findalldevs(&alldevs, errbuf) == -1)
1369 return (NULL);
1370
1371 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) {
1372 /*
1373 * There are no devices on the list, or the first device
1374 * on the list is a loopback device, which means there
1375 * are no non-loopback devices on the list. This means
1376 * we can't return any device.
1377 *
1378 * XXX - why not return a loopback device? If we can't
1379 * capture on it, it won't be on the list, and if it's
1380 * on the list, there aren't any non-loopback devices,
1381 * so why not just supply it as the default device?
1382 */
1383 (void)pcap_strlcpy(errbuf, "no suitable device found",
1384 PCAP_ERRBUF_SIZE);
1385 ret = NULL;
1386 } else {
1387 /*
1388 * Return the name of the first device on the list.
1389 */
1390 (void)pcap_strlcpy(device, alldevs->name, sizeof(device));
1391 ret = device;
1392 }
1393
1394 pcap_freealldevs(alldevs);
1395 return (ret);
1396 }
1397 #endif /* !defined(HAVE_PACKET32) && !defined(MSDOS) */
1398
1399 #if !defined(_WIN32) && !defined(MSDOS)
1400 /*
1401 * We don't just fetch the entire list of devices, search for the
1402 * particular device, and use its first IPv4 address, as that's too
1403 * much work to get just one device's netmask.
1404 *
1405 * If we had an API to get attributes for a given device, we could
1406 * use that.
1407 */
1408 int
1409 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp,
1410 char *errbuf)
1411 {
1412 register int fd;
1413 register struct sockaddr_in *sin4;
1414 struct ifreq ifr;
1415
1416 /*
1417 * The pseudo-device "any" listens on all interfaces and therefore
1418 * has the network address and -mask "0.0.0.0" therefore catching
1419 * all traffic. Using NULL for the interface is the same as "any".
1420 */
1421 if (!device || strcmp(device, "any") == 0
1422 #ifdef HAVE_DAG_API
1423 || strstr(device, "dag") != NULL
1424 #endif
1425 #ifdef HAVE_SEPTEL_API
1426 || strstr(device, "septel") != NULL
1427 #endif
1428 #ifdef PCAP_SUPPORT_BT
1429 || strstr(device, "bluetooth") != NULL
1430 #endif
1431 #ifdef PCAP_SUPPORT_LINUX_USBMON
1432 || strstr(device, "usbmon") != NULL
1433 #endif
1434 #ifdef HAVE_SNF_API
1435 || strstr(device, "snf") != NULL
1436 #endif
1437 #ifdef PCAP_SUPPORT_NETMAP
1438 || strncmp(device, "netmap:", 7) == 0
1439 || strncmp(device, "vale", 4) == 0
1440 #endif
1441 #ifdef PCAP_SUPPORT_DPDK
1442 || strncmp(device, "dpdk:", 5) == 0
1443 #endif
1444 ) {
1445 *netp = *maskp = 0;
1446 return 0;
1447 }
1448
1449 fd = socket(AF_INET, SOCK_DGRAM, 0);
1450 if (fd < 0) {
1451 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1452 errno, "socket");
1453 return (-1);
1454 }
1455 memset(&ifr, 0, sizeof(ifr));
1456 #ifdef linux
1457 /* XXX Work around Linux kernel bug */
1458 ifr.ifr_addr.sa_family = AF_INET;
1459 #endif
1460 (void)pcap_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
1461 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) {
1462 if (errno == EADDRNOTAVAIL) {
1463 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
1464 "%s: no IPv4 address assigned", device);
1465 } else {
1466 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1467 errno, "SIOCGIFADDR: %s", device);
1468 }
1469 (void)close(fd);
1470 return (-1);
1471 }
1472 sin4 = (struct sockaddr_in *)&ifr.ifr_addr;
1473 *netp = sin4->sin_addr.s_addr;
1474 memset(&ifr, 0, sizeof(ifr));
1475 #ifdef linux
1476 /* XXX Work around Linux kernel bug */
1477 ifr.ifr_addr.sa_family = AF_INET;
1478 #endif
1479 (void)pcap_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
1480 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) {
1481 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
1482 errno, "SIOCGIFNETMASK: %s", device);
1483 (void)close(fd);
1484 return (-1);
1485 }
1486 (void)close(fd);
1487 *maskp = sin4->sin_addr.s_addr;
1488 if (*maskp == 0) {
1489 if (IN_CLASSA(*netp))
1490 *maskp = IN_CLASSA_NET;
1491 else if (IN_CLASSB(*netp))
1492 *maskp = IN_CLASSB_NET;
1493 else if (IN_CLASSC(*netp))
1494 *maskp = IN_CLASSC_NET;
1495 else {
1496 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
1497 "inet class for 0x%x unknown", *netp);
1498 return (-1);
1499 }
1500 }
1501 *netp &= *maskp;
1502 return (0);
1503 }
1504 #endif /* !defined(_WIN32) && !defined(MSDOS) */
1505
1506 #ifdef ENABLE_REMOTE
1507 #include "pcap-rpcap.h"
1508
1509 /*
1510 * Extract a substring from a string.
1511 */
1512 static char *
1513 get_substring(const char *p, size_t len, char *ebuf)
1514 {
1515 char *token;
1516
1517 token = malloc(len + 1);
1518 if (token == NULL) {
1519 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1520 errno, "malloc");
1521 return (NULL);
1522 }
1523 memcpy(token, p, len);
1524 token[len] = '\0';
1525 return (token);
1526 }
1527
1528 /*
1529 * Parse a capture source that might be a URL.
1530 *
1531 * If the source is not a URL, *schemep, *userinfop, *hostp, and *portp
1532 * are set to NULL, *pathp is set to point to the source, and 0 is
1533 * returned.
1534 *
1535 * If source is a URL, and the URL refers to a local device (a special
1536 * case of rpcap:), *schemep, *userinfop, *hostp, and *portp are set
1537 * to NULL, *pathp is set to point to the device name, and 0 is returned.
1538 *
1539 * If source is a URL, and it's not a special case that refers to a local
1540 * device, and the parse succeeds:
1541 *
1542 * *schemep is set to point to an allocated string containing the scheme;
1543 *
1544 * if user information is present in the URL, *userinfop is set to point
1545 * to an allocated string containing the user information, otherwise
1546 * it's set to NULL;
1547 *
1548 * if host information is present in the URL, *hostp is set to point
1549 * to an allocated string containing the host information, otherwise
1550 * it's set to NULL;
1551 *
1552 * if a port number is present in the URL, *portp is set to point
1553 * to an allocated string containing the port number, otherwise
1554 * it's set to NULL;
1555 *
1556 * *pathp is set to point to an allocated string containing the
1557 * path;
1558 *
1559 * and 0 is returned.
1560 *
1561 * If the parse fails, ebuf is set to an error string, and -1 is returned.
1562 */
1563 static int
1564 pcap_parse_source(const char *source, char **schemep, char **userinfop,
1565 char **hostp, char **portp, char **pathp, char *ebuf)
1566 {
1567 char *colonp;
1568 size_t scheme_len;
1569 char *scheme;
1570 const char *endp;
1571 size_t authority_len;
1572 char *authority;
1573 char *parsep, *atsignp, *bracketp;
1574 char *userinfo, *host, *port, *path;
1575
1576 /*
1577 * Start out returning nothing.
1578 */
1579 *schemep = NULL;
1580 *userinfop = NULL;
1581 *hostp = NULL;
1582 *portp = NULL;
1583 *pathp = NULL;
1584
1585 /*
1586 * RFC 3986 says:
1587 *
1588 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
1589 *
1590 * hier-part = "//" authority path-abempty
1591 * / path-absolute
1592 * / path-rootless
1593 * / path-empty
1594 *
1595 * authority = [ userinfo "@" ] host [ ":" port ]
1596 *
1597 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
1598 *
1599 * Step 1: look for the ":" at the end of the scheme.
1600 * A colon in the source is *NOT* sufficient to indicate that
1601 * this is a URL, as interface names on some platforms might
1602 * include colons (e.g., I think some Solaris interfaces
1603 * might).
1604 */
1605 colonp = strchr(source, ':');
1606 if (colonp == NULL) {
1607 /*
1608 * The source is the device to open.
1609 * Return a NULL pointer for the scheme, user information,
1610 * host, and port, and return the device as the path.
1611 */
1612 *pathp = strdup(source);
1613 if (*pathp == NULL) {
1614 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1615 errno, "malloc");
1616 return (-1);
1617 }
1618 return (0);
1619 }
1620
1621 /*
1622 * All schemes must have "//" after them, i.e. we only support
1623 * hier-part = "//" authority path-abempty, not
1624 * hier-part = path-absolute
1625 * hier-part = path-rootless
1626 * hier-part = path-empty
1627 *
1628 * We need that in order to distinguish between a local device
1629 * name that happens to contain a colon and a URI.
1630 */
1631 if (strncmp(colonp + 1, "//", 2) != 0) {
1632 /*
1633 * The source is the device to open.
1634 * Return a NULL pointer for the scheme, user information,
1635 * host, and port, and return the device as the path.
1636 */
1637 *pathp = strdup(source);
1638 if (*pathp == NULL) {
1639 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1640 errno, "malloc");
1641 return (-1);
1642 }
1643 return (0);
1644 }
1645
1646 /*
1647 * XXX - check whether the purported scheme could be a scheme?
1648 */
1649
1650 /*
1651 * OK, this looks like a URL.
1652 * Get the scheme.
1653 */
1654 scheme_len = colonp - source;
1655 scheme = malloc(scheme_len + 1);
1656 if (scheme == NULL) {
1657 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1658 errno, "malloc");
1659 return (-1);
1660 }
1661 memcpy(scheme, source, scheme_len);
1662 scheme[scheme_len] = '\0';
1663
1664 /*
1665 * Treat file: specially - take everything after file:// as
1666 * the pathname.
1667 */
1668 if (pcap_strcasecmp(scheme, "file") == 0) {
1669 *pathp = strdup(colonp + 3);
1670 if (*pathp == NULL) {
1671 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1672 errno, "malloc");
1673 free(scheme);
1674 return (-1);
1675 }
1676 *schemep = scheme;
1677 return (0);
1678 }
1679
1680 /*
1681 * The WinPcap documentation says you can specify a local
1682 * interface with "rpcap://{device}"; we special-case
1683 * that here. If the scheme is "rpcap", and there are
1684 * no slashes past the "//", we just return the device.
1685 *
1686 * XXX - %-escaping?
1687 */
1688 if ((pcap_strcasecmp(scheme, "rpcap") == 0 ||
1689 pcap_strcasecmp(scheme, "rpcaps") == 0) &&
1690 strchr(colonp + 3, '/') == NULL) {
1691 /*
1692 * Local device.
1693 *
1694 * Return a NULL pointer for the scheme, user information,
1695 * host, and port, and return the device as the path.
1696 */
1697 free(scheme);
1698 *pathp = strdup(colonp + 3);
1699 if (*pathp == NULL) {
1700 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1701 errno, "malloc");
1702 return (-1);
1703 }
1704 return (0);
1705 }
1706
1707 /*
1708 * OK, now start parsing the authority.
1709 * Get token, terminated with / or terminated at the end of
1710 * the string.
1711 */
1712 authority_len = strcspn(colonp + 3, "/");
1713 authority = get_substring(colonp + 3, authority_len, ebuf);
1714 if (authority == NULL) {
1715 /*
1716 * Error.
1717 */
1718 free(scheme);
1719 return (-1);
1720 }
1721 endp = colonp + 3 + authority_len;
1722
1723 /*
1724 * Now carve the authority field into its components.
1725 */
1726 parsep = authority;
1727
1728 /*
1729 * Is there a userinfo field?
1730 */
1731 atsignp = strchr(parsep, '@');
1732 if (atsignp != NULL) {
1733 /*
1734 * Yes.
1735 */
1736 size_t userinfo_len;
1737
1738 userinfo_len = atsignp - parsep;
1739 userinfo = get_substring(parsep, userinfo_len, ebuf);
1740 if (userinfo == NULL) {
1741 /*
1742 * Error.
1743 */
1744 free(authority);
1745 free(scheme);
1746 return (-1);
1747 }
1748 parsep = atsignp + 1;
1749 } else {
1750 /*
1751 * No.
1752 */
1753 userinfo = NULL;
1754 }
1755
1756 /*
1757 * Is there a host field?
1758 */
1759 if (*parsep == '\0') {
1760 /*
1761 * No; there's no host field or port field.
1762 */
1763 host = NULL;
1764 port = NULL;
1765 } else {
1766 /*
1767 * Yes.
1768 */
1769 size_t host_len;
1770
1771 /*
1772 * Is it an IP-literal?
1773 */
1774 if (*parsep == '[') {
1775 /*
1776 * Yes.
1777 * Treat verything up to the closing square
1778 * bracket as the IP-Literal; we don't worry
1779 * about whether it's a valid IPv6address or
1780 * IPvFuture (or an IPv4address, for that
1781 * matter, just in case we get handed a
1782 * URL with an IPv4 IP-Literal, of the sort
1783 * that pcap_createsrcstr() used to generate,
1784 * and that pcap_parsesrcstr(), in the original
1785 * WinPcap code, accepted).
1786 */
1787 bracketp = strchr(parsep, ']');
1788 if (bracketp == NULL) {
1789 /*
1790 * There's no closing square bracket.
1791 */
1792 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1793 "IP-literal in URL doesn't end with ]");
1794 free(userinfo);
1795 free(authority);
1796 free(scheme);
1797 return (-1);
1798 }
1799 if (*(bracketp + 1) != '\0' &&
1800 *(bracketp + 1) != ':') {
1801 /*
1802 * There's extra crud after the
1803 * closing square bracketn.
1804 */
1805 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1806 "Extra text after IP-literal in URL");
1807 free(userinfo);
1808 free(authority);
1809 free(scheme);
1810 return (-1);
1811 }
1812 host_len = (bracketp - 1) - parsep;
1813 host = get_substring(parsep + 1, host_len, ebuf);
1814 if (host == NULL) {
1815 /*
1816 * Error.
1817 */
1818 free(userinfo);
1819 free(authority);
1820 free(scheme);
1821 return (-1);
1822 }
1823 parsep = bracketp + 1;
1824 } else {
1825 /*
1826 * No.
1827 * Treat everything up to a : or the end of
1828 * the string as the host.
1829 */
1830 host_len = strcspn(parsep, ":");
1831 host = get_substring(parsep, host_len, ebuf);
1832 if (host == NULL) {
1833 /*
1834 * Error.
1835 */
1836 free(userinfo);
1837 free(authority);
1838 free(scheme);
1839 return (-1);
1840 }
1841 parsep = parsep + host_len;
1842 }
1843
1844 /*
1845 * Is there a port field?
1846 */
1847 if (*parsep == ':') {
1848 /*
1849 * Yes. It's the rest of the authority field.
1850 */
1851 size_t port_len;
1852
1853 parsep++;
1854 port_len = strlen(parsep);
1855 port = get_substring(parsep, port_len, ebuf);
1856 if (port == NULL) {
1857 /*
1858 * Error.
1859 */
1860 free(host);
1861 free(userinfo);
1862 free(authority);
1863 free(scheme);
1864 return (-1);
1865 }
1866 } else {
1867 /*
1868 * No.
1869 */
1870 port = NULL;
1871 }
1872 }
1873 free(authority);
1874
1875 /*
1876 * Everything else is the path. Strip off the leading /.
1877 */
1878 if (*endp == '\0')
1879 path = strdup("");
1880 else
1881 path = strdup(endp + 1);
1882 if (path == NULL) {
1883 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
1884 errno, "malloc");
1885 free(port);
1886 free(host);
1887 free(userinfo);
1888 free(scheme);
1889 return (-1);
1890 }
1891 *schemep = scheme;
1892 *userinfop = userinfo;
1893 *hostp = host;
1894 *portp = port;
1895 *pathp = path;
1896 return (0);
1897 }
1898
1899 int
1900 pcap_createsrcstr_ex(char *source, int type, const char *host, const char *port,
1901 const char *name, unsigned char uses_ssl, char *errbuf)
1902 {
1903 switch (type) {
1904
1905 case PCAP_SRC_FILE:
1906 pcap_strlcpy(source, PCAP_SRC_FILE_STRING, PCAP_BUF_SIZE);
1907 if (name != NULL && *name != '\0') {
1908 pcap_strlcat(source, name, PCAP_BUF_SIZE);
1909 return (0);
1910 } else {
1911 snprintf(errbuf, PCAP_ERRBUF_SIZE,
1912 "The file name cannot be NULL.");
1913 return (-1);
1914 }
1915
1916 case PCAP_SRC_IFREMOTE:
1917 pcap_strlcpy(source,
1918 (uses_ssl ? "rpcaps://" : PCAP_SRC_IF_STRING),
1919 PCAP_BUF_SIZE);
1920 if (host != NULL && *host != '\0') {
1921 if (strchr(host, ':') != NULL) {
1922 /*
1923 * The host name contains a colon, so it's
1924 * probably an IPv6 address, and needs to
1925 * be included in square brackets.
1926 */
1927 pcap_strlcat(source, "[", PCAP_BUF_SIZE);
1928 pcap_strlcat(source, host, PCAP_BUF_SIZE);
1929 pcap_strlcat(source, "]", PCAP_BUF_SIZE);
1930 } else
1931 pcap_strlcat(source, host, PCAP_BUF_SIZE);
1932
1933 if (port != NULL && *port != '\0') {
1934 pcap_strlcat(source, ":", PCAP_BUF_SIZE);
1935 pcap_strlcat(source, port, PCAP_BUF_SIZE);
1936 }
1937
1938 pcap_strlcat(source, "/", PCAP_BUF_SIZE);
1939 } else {
1940 snprintf(errbuf, PCAP_ERRBUF_SIZE,
1941 "The host name cannot be NULL.");
1942 return (-1);
1943 }
1944
1945 if (name != NULL && *name != '\0')
1946 pcap_strlcat(source, name, PCAP_BUF_SIZE);
1947
1948 return (0);
1949
1950 case PCAP_SRC_IFLOCAL:
1951 pcap_strlcpy(source, PCAP_SRC_IF_STRING, PCAP_BUF_SIZE);
1952
1953 if (name != NULL && *name != '\0')
1954 pcap_strlcat(source, name, PCAP_BUF_SIZE);
1955
1956 return (0);
1957
1958 default:
1959 snprintf(errbuf, PCAP_ERRBUF_SIZE,
1960 "The interface type is not valid.");
1961 return (-1);
1962 }
1963 }
1964
1965
1966 int
1967 pcap_createsrcstr(char *source, int type, const char *host, const char *port,
1968 const char *name, char *errbuf)
1969 {
1970 return (pcap_createsrcstr_ex(source, type, host, port, name, 0, errbuf));
1971 }
1972
1973 int
1974 pcap_parsesrcstr_ex(const char *source, int *type, char *host, char *port,
1975 char *name, unsigned char *uses_ssl, char *errbuf)
1976 {
1977 char *scheme, *tmpuserinfo, *tmphost, *tmpport, *tmppath;
1978
1979 /* Initialization stuff */
1980 if (host)
1981 *host = '\0';
1982 if (port)
1983 *port = '\0';
1984 if (name)
1985 *name = '\0';
1986 if (uses_ssl)
1987 *uses_ssl = 0;
1988
1989 /* Parse the source string */
1990 if (pcap_parse_source(source, &scheme, &tmpuserinfo, &tmphost,
1991 &tmpport, &tmppath, errbuf) == -1) {
1992 /*
1993 * Fail.
1994 */
1995 return (-1);
1996 }
1997
1998 if (scheme == NULL) {
1999 /*
2000 * Local device.
2001 */
2002 if (name && tmppath)
2003 pcap_strlcpy(name, tmppath, PCAP_BUF_SIZE);
2004 if (type)
2005 *type = PCAP_SRC_IFLOCAL;
2006 free(tmppath);
2007 free(tmpport);
2008 free(tmphost);
2009 free(tmpuserinfo);
2010 return (0);
2011 }
2012
2013 int is_rpcap = 0;
2014 if (strcmp(scheme, "rpcaps") == 0) {
2015 is_rpcap = 1;
2016 if (uses_ssl) *uses_ssl = 1;
2017 } else if (strcmp(scheme, "rpcap") == 0) {
2018 is_rpcap = 1;
2019 }
2020
2021 if (is_rpcap) {
2022 /*
2023 * rpcap[s]://
2024 *
2025 * pcap_parse_source() has already handled the case of
2026 * rpcap[s]://device
2027 */
2028 if (host && tmphost) {
2029 if (tmpuserinfo)
2030 snprintf(host, PCAP_BUF_SIZE, "%s@%s",
2031 tmpuserinfo, tmphost);
2032 else
2033 pcap_strlcpy(host, tmphost, PCAP_BUF_SIZE);
2034 }
2035 if (port && tmpport)
2036 pcap_strlcpy(port, tmpport, PCAP_BUF_SIZE);
2037 if (name && tmppath)
2038 pcap_strlcpy(name, tmppath, PCAP_BUF_SIZE);
2039 if (type)
2040 *type = PCAP_SRC_IFREMOTE;
2041 free(tmppath);
2042 free(tmpport);
2043 free(tmphost);
2044 free(tmpuserinfo);
2045 free(scheme);
2046 return (0);
2047 }
2048
2049 if (strcmp(scheme, "file") == 0) {
2050 /*
2051 * file://
2052 */
2053 if (name && tmppath)
2054 pcap_strlcpy(name, tmppath, PCAP_BUF_SIZE);
2055 if (type)
2056 *type = PCAP_SRC_FILE;
2057 free(tmppath);
2058 free(tmpport);
2059 free(tmphost);
2060 free(tmpuserinfo);
2061 free(scheme);
2062 return (0);
2063 }
2064
2065 /*
2066 * Neither rpcap: nor file:; just treat the entire string
2067 * as a local device.
2068 */
2069 if (name)
2070 pcap_strlcpy(name, source, PCAP_BUF_SIZE);
2071 if (type)
2072 *type = PCAP_SRC_IFLOCAL;
2073 free(tmppath);
2074 free(tmpport);
2075 free(tmphost);
2076 free(tmpuserinfo);
2077 free(scheme);
2078 return (0);
2079 }
2080
2081 int
2082 pcap_parsesrcstr(const char *source, int *type, char *host, char *port,
2083 char *name, char *errbuf)
2084 {
2085 return (pcap_parsesrcstr_ex(source, type, host, port, name, NULL, errbuf));
2086 }
2087 #endif
2088
2089 pcap_t *
2090 pcap_create(const char *device, char *errbuf)
2091 {
2092 size_t i;
2093 int is_theirs;
2094 pcap_t *p;
2095 char *device_str;
2096
2097 /*
2098 * A null device name is equivalent to the "any" device -
2099 * which might not be supported on this platform, but
2100 * this means that you'll get a "not supported" error
2101 * rather than, say, a crash when we try to dereference
2102 * the null pointer.
2103 */
2104 if (device == NULL)
2105 device_str = strdup("any");
2106 else {
2107 #ifdef _WIN32
2108 /*
2109 * On Windows, for backwards compatibility reasons,
2110 * pcap_lookupdev() returns a pointer to a sequence of
2111 * pairs of UTF-16LE device names and local code page
2112 * description strings.
2113 *
2114 * This means that if a program uses pcap_lookupdev()
2115 * to get a default device, and hands that to an API
2116 * that opens devices, we'll get handed a UTF-16LE
2117 * string, not a string in the local code page.
2118 *
2119 * To work around that, we check whether the string
2120 * looks as if it might be a UTF-16LE string and, if
2121 * so, convert it back to the local code page's
2122 * extended ASCII.
2123 *
2124 * XXX - you *cannot* reliably detect whether a
2125 * string is UTF-16LE or not; "a" could either
2126 * be a one-character ASCII string or the first
2127 * character of a UTF-16LE string. This particular
2128 * version of this heuristic dates back to WinPcap
2129 * 4.1.1; PacketOpenAdapter() does uses the same
2130 * heuristic, with the exact same vulnerability.
2131 */
2132 if (device[0] != '\0' && device[1] == '\0') {
2133 size_t length;
2134
2135 length = wcslen((wchar_t *)device);
2136 device_str = (char *)malloc(length + 1);
2137 if (device_str == NULL) {
2138 pcap_fmt_errmsg_for_errno(errbuf,
2139 PCAP_ERRBUF_SIZE, errno,
2140 "malloc");
2141 return (NULL);
2142 }
2143
2144 snprintf(device_str, length + 1, "%ws",
2145 (const wchar_t *)device);
2146 } else
2147 #endif
2148 device_str = strdup(device);
2149 }
2150 if (device_str == NULL) {
2151 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
2152 errno, "malloc");
2153 return (NULL);
2154 }
2155
2156 /*
2157 * Try each of the non-local-network-interface capture
2158 * source types until we find one that works for this
2159 * device or run out of types.
2160 */
2161 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
2162 is_theirs = 0;
2163 p = capture_source_types[i].create_op(device_str, errbuf,
2164 &is_theirs);
2165 if (is_theirs) {
2166 /*
2167 * The device name refers to a device of the
2168 * type in question; either it succeeded,
2169 * in which case p refers to a pcap_t to
2170 * later activate for the device, or it
2171 * failed, in which case p is null and we
2172 * should return that to report the failure
2173 * to create.
2174 */
2175 if (p == NULL) {
2176 /*
2177 * We assume the caller filled in errbuf.
2178 */
2179 free(device_str);
2180 return (NULL);
2181 }
2182 p->opt.device = device_str;
2183 return (p);
2184 }
2185 }
2186
2187 /*
2188 * OK, try it as a regular network interface.
2189 */
2190 p = pcap_create_interface(device_str, errbuf);
2191 if (p == NULL) {
2192 /*
2193 * We assume the caller filled in errbuf.
2194 */
2195 free(device_str);
2196 return (NULL);
2197 }
2198 p->opt.device = device_str;
2199 return (p);
2200 }
2201
2202 /*
2203 * Set nonblocking mode on an unactivated pcap_t; this sets a flag
2204 * checked by pcap_activate(), which sets the mode after calling
2205 * the activate routine.
2206 */
2207 static int
2208 pcap_setnonblock_unactivated(pcap_t *p, int nonblock)
2209 {
2210 p->opt.nonblock = nonblock;
2211 return (0);
2212 }
2213
2214 static void
2215 initialize_ops(pcap_t *p)
2216 {
2217 /*
2218 * Set operation pointers for operations that only work on
2219 * an activated pcap_t to point to a routine that returns
2220 * a "this isn't activated" error.
2221 */
2222 p->read_op = pcap_read_not_initialized;
2223 p->inject_op = pcap_inject_not_initialized;
2224 p->setfilter_op = pcap_setfilter_not_initialized;
2225 p->setdirection_op = pcap_setdirection_not_initialized;
2226 p->set_datalink_op = pcap_set_datalink_not_initialized;
2227 p->getnonblock_op = pcap_getnonblock_not_initialized;
2228 p->stats_op = pcap_stats_not_initialized;
2229 #ifdef _WIN32
2230 p->stats_ex_op = pcap_stats_ex_not_initialized;
2231 p->setbuff_op = pcap_setbuff_not_initialized;
2232 p->setmode_op = pcap_setmode_not_initialized;
2233 p->setmintocopy_op = pcap_setmintocopy_not_initialized;
2234 p->getevent_op = pcap_getevent_not_initialized;
2235 p->oid_get_request_op = pcap_oid_get_request_not_initialized;
2236 p->oid_set_request_op = pcap_oid_set_request_not_initialized;
2237 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized;
2238 p->setuserbuffer_op = pcap_setuserbuffer_not_initialized;
2239 p->live_dump_op = pcap_live_dump_not_initialized;
2240 p->live_dump_ended_op = pcap_live_dump_ended_not_initialized;
2241 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized;
2242 #endif
2243
2244 /*
2245 * Default cleanup operation - implementations can override
2246 * this, but should call pcap_cleanup_live_common() after
2247 * doing their own additional cleanup.
2248 */
2249 p->cleanup_op = pcap_cleanup_live_common;
2250
2251 /*
2252 * In most cases, the standard one-shot callback can
2253 * be used for pcap_next()/pcap_next_ex().
2254 */
2255 p->oneshot_callback = pcap_oneshot;
2256
2257 /*
2258 * Default breakloop operation - implementations can override
2259 * this, but should call pcap_breakloop_common() before doing
2260 * their own logic.
2261 */
2262 p->breakloop_op = pcap_breakloop_common;
2263 }
2264
2265 static pcap_t *
2266 pcap_alloc_pcap_t(char *ebuf, size_t size)
2267 {
2268 char *chunk;
2269 pcap_t *p;
2270
2271 /*
2272 * Allocate a chunk of memory big enough for a pcap_t
2273 * plus a structure following it of size "size". The
2274 * structure following it is a private data structure
2275 * for the routines that handle this pcap_t.
2276 *
2277 * The structure following it must be aligned on
2278 * the appropriate alignment boundary for this platform.
2279 * We align on an 8-byte boundary as that's probably what
2280 * at least some platforms do, even with 32-bit integers,
2281 * and because we can't be sure that some values won't
2282 * require 8-byte alignment even on platforms with 32-bit
2283 * integers.
2284 */
2285 #define PCAP_T_ALIGNED_SIZE ((sizeof(pcap_t) + 7U) & ~0x7U)
2286 chunk = calloc(PCAP_T_ALIGNED_SIZE + size, 1);
2287 if (chunk == NULL) {
2288 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE,
2289 errno, "malloc");
2290 return (NULL);
2291 }
2292
2293 /*
2294 * Get a pointer to the pcap_t at the beginning.
2295 */
2296 p = (pcap_t *)chunk;
2297
2298 #ifdef _WIN32
2299 p->handle = INVALID_HANDLE_VALUE; /* not opened yet */
2300 #else /* _WIN32 */
2301 p->fd = -1; /* not opened yet */
2302 #ifndef MSDOS
2303 p->selectable_fd = -1;
2304 p->required_select_timeout = NULL;
2305 #endif /* MSDOS */
2306 #endif /* _WIN32 */
2307
2308 if (size == 0) {
2309 /* No private data was requested. */
2310 p->priv = NULL;
2311 } else {
2312 /*
2313 * Set the pointer to the private data; that's the structure
2314 * of size "size" following the pcap_t.
2315 */
2316 p->priv = (void *)(chunk + PCAP_T_ALIGNED_SIZE);
2317 }
2318
2319 return (p);
2320 }
2321
2322 pcap_t *
2323 pcap_create_common(char *ebuf, size_t size)
2324 {
2325 pcap_t *p;
2326
2327 p = pcap_alloc_pcap_t(ebuf, size);
2328 if (p == NULL)
2329 return (NULL);
2330
2331 /*
2332 * Default to "can't set rfmon mode"; if it's supported by
2333 * a platform, the create routine that called us can set
2334 * the op to its routine to check whether a particular
2335 * device supports it.
2336 */
2337 p->can_set_rfmon_op = pcap_cant_set_rfmon;
2338
2339 /*
2340 * If pcap_setnonblock() is called on a not-yet-activated
2341 * pcap_t, default to setting a flag and turning
2342 * on non-blocking mode when activated.
2343 */
2344 p->setnonblock_op = pcap_setnonblock_unactivated;
2345
2346 initialize_ops(p);
2347
2348 /* put in some defaults*/
2349 p->snapshot = 0; /* max packet size unspecified */
2350 p->opt.timeout = 0; /* no timeout specified */
2351 p->opt.buffer_size = 0; /* use the platform's default */
2352 p->opt.promisc = 0;
2353 p->opt.rfmon = 0;
2354 p->opt.immediate = 0;
2355 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
2356 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
2357 /*
2358 * Platform-dependent options.
2359 */
2360 #ifdef __linux__
2361 p->opt.protocol = 0;
2362 #endif
2363 #ifdef _WIN32
2364 p->opt.nocapture_local = 0;
2365 #endif
2366
2367 /*
2368 * Start out with no BPF code generation flags set.
2369 */
2370 p->bpf_codegen_flags = 0;
2371
2372 return (p);
2373 }
2374
2375 int
2376 pcap_check_activated(pcap_t *p)
2377 {
2378 if (p->activated) {
2379 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
2380 " operation on activated capture");
2381 return (-1);
2382 }
2383 return (0);
2384 }
2385
2386 int
2387 pcap_set_snaplen(pcap_t *p, int snaplen)
2388 {
2389 if (pcap_check_activated(p))
2390 return (PCAP_ERROR_ACTIVATED);
2391 p->snapshot = snaplen;
2392 return (0);
2393 }
2394
2395 int
2396 pcap_set_promisc(pcap_t *p, int promisc)
2397 {
2398 if (pcap_check_activated(p))
2399 return (PCAP_ERROR_ACTIVATED);
2400 p->opt.promisc = promisc;
2401 return (0);
2402 }
2403
2404 int
2405 pcap_set_rfmon(pcap_t *p, int rfmon)
2406 {
2407 if (pcap_check_activated(p))
2408 return (PCAP_ERROR_ACTIVATED);
2409 p->opt.rfmon = rfmon;
2410 return (0);
2411 }
2412
2413 int
2414 pcap_set_timeout(pcap_t *p, int timeout_ms)
2415 {
2416 if (pcap_check_activated(p))
2417 return (PCAP_ERROR_ACTIVATED);
2418 p->opt.timeout = timeout_ms;
2419 return (0);
2420 }
2421
2422 int
2423 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
2424 {
2425 int i;
2426
2427 if (pcap_check_activated(p))
2428 return (PCAP_ERROR_ACTIVATED);
2429
2430 /*
2431 * The argument should have been u_int, but that's too late
2432 * to change now - it's an API.
2433 */
2434 if (tstamp_type < 0)
2435 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
2436
2437 /*
2438 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
2439 * the default time stamp type is PCAP_TSTAMP_HOST.
2440 */
2441 if (p->tstamp_type_count == 0) {
2442 if (tstamp_type == PCAP_TSTAMP_HOST) {
2443 p->opt.tstamp_type = tstamp_type;
2444 return (0);
2445 }
2446 } else {
2447 /*
2448 * Check whether we claim to support this type of time stamp.
2449 */
2450 for (i = 0; i < p->tstamp_type_count; i++) {
2451 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
2452 /*
2453 * Yes.
2454 */
2455 p->opt.tstamp_type = tstamp_type;
2456 return (0);
2457 }
2458 }
2459 }
2460
2461 /*
2462 * We don't support this type of time stamp.
2463 */
2464 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
2465 }
2466
2467 int
2468 pcap_set_immediate_mode(pcap_t *p, int immediate)
2469 {
2470 if (pcap_check_activated(p))
2471 return (PCAP_ERROR_ACTIVATED);
2472 p->opt.immediate = immediate;
2473 return (0);
2474 }
2475
2476 int
2477 pcap_set_buffer_size(pcap_t *p, int buffer_size)
2478 {
2479 if (pcap_check_activated(p))
2480 return (PCAP_ERROR_ACTIVATED);
2481 if (buffer_size <= 0) {
2482 /*
2483 * Silently ignore invalid values.
2484 */
2485 return (0);
2486 }
2487 p->opt.buffer_size = buffer_size;
2488 return (0);
2489 }
2490
2491 int
2492 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
2493 {
2494 int i;
2495
2496 if (pcap_check_activated(p))
2497 return (PCAP_ERROR_ACTIVATED);
2498
2499 /*
2500 * The argument should have been u_int, but that's too late
2501 * to change now - it's an API.
2502 */
2503 if (tstamp_precision < 0)
2504 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
2505
2506 /*
2507 * If p->tstamp_precision_count is 0, we only support setting
2508 * the time stamp precision to microsecond precision; every
2509 * pcap module *MUST* support microsecond precision, even if
2510 * it does so by converting the native precision to
2511 * microseconds.
2512 */
2513 if (p->tstamp_precision_count == 0) {
2514 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
2515 p->opt.tstamp_precision = tstamp_precision;
2516 return (0);
2517 }
2518 } else {
2519 /*
2520 * Check whether we claim to support this precision of
2521 * time stamp.
2522 */
2523 for (i = 0; i < p->tstamp_precision_count; i++) {
2524 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
2525 /*
2526 * Yes.
2527 */
2528 p->opt.tstamp_precision = tstamp_precision;
2529 return (0);
2530 }
2531 }
2532 }
2533
2534 /*
2535 * We don't support this time stamp precision.
2536 */
2537 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
2538 }
2539
2540 int
2541 pcap_get_tstamp_precision(pcap_t *p)
2542 {
2543 return (p->opt.tstamp_precision);
2544 }
2545
2546 int
2547 pcap_activate(pcap_t *p)
2548 {
2549 int status;
2550
2551 /*
2552 * Catch attempts to re-activate an already-activated
2553 * pcap_t; this should, for example, catch code that
2554 * calls pcap_open_live() followed by pcap_activate(),
2555 * as some code that showed up in a Stack Exchange
2556 * question did.
2557 */
2558 if (pcap_check_activated(p))
2559 return (PCAP_ERROR_ACTIVATED);
2560 status = p->activate_op(p);
2561 if (status >= 0) {
2562 /*
2563 * If somebody requested non-blocking mode before
2564 * calling pcap_activate(), turn it on now.
2565 */
2566 if (p->opt.nonblock) {
2567 status = p->setnonblock_op(p, 1);
2568 if (status < 0) {
2569 /*
2570 * Failed. Undo everything done by
2571 * the activate operation.
2572 */
2573 p->cleanup_op(p);
2574 initialize_ops(p);
2575 return (status);
2576 }
2577 }
2578 p->activated = 1;
2579 } else {
2580 if (p->errbuf[0] == '\0') {
2581 /*
2582 * No error message supplied by the activate routine;
2583 * for the benefit of programs that don't specially
2584 * handle errors other than PCAP_ERROR, return the
2585 * error message corresponding to the status.
2586 */
2587 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
2588 pcap_statustostr(status));
2589 }
2590
2591 /*
2592 * Undo any operation pointer setting, etc. done by
2593 * the activate operation.
2594 */
2595 initialize_ops(p);
2596 }
2597 return (status);
2598 }
2599
2600 pcap_t *
2601 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
2602 {
2603 pcap_t *p;
2604 int status;
2605 #ifdef ENABLE_REMOTE
2606 char host[PCAP_BUF_SIZE + 1];
2607 char port[PCAP_BUF_SIZE + 1];
2608 char name[PCAP_BUF_SIZE + 1];
2609 int srctype;
2610
2611 /*
2612 * A null device name is equivalent to the "any" device -
2613 * which might not be supported on this platform, but
2614 * this means that you'll get a "not supported" error
2615 * rather than, say, a crash when we try to dereference
2616 * the null pointer.
2617 */
2618 if (device == NULL)
2619 device = "any";
2620
2621 /*
2622 * Retrofit - we have to make older applications compatible with
2623 * remote capture.
2624 * So we're calling pcap_open_remote() from here; this is a very
2625 * dirty hack.
2626 * Obviously, we cannot exploit all the new features; for instance,
2627 * we cannot send authentication, we cannot use a UDP data connection,
2628 * and so on.
2629 */
2630 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf))
2631 return (NULL);
2632
2633 if (srctype == PCAP_SRC_IFREMOTE) {
2634 /*
2635 * Although we already have host, port and iface, we prefer
2636 * to pass only 'device' to pcap_open_rpcap(), so that it has
2637 * to call pcap_parsesrcstr() again.
2638 * This is less optimized, but much clearer.
2639 */
2640 return (pcap_open_rpcap(device, snaplen,
2641 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms,
2642 NULL, errbuf));
2643 }
2644 if (srctype == PCAP_SRC_FILE) {
2645 snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\"");
2646 return (NULL);
2647 }
2648 if (srctype == PCAP_SRC_IFLOCAL) {
2649 /*
2650 * If it starts with rpcap://, that refers to a local device
2651 * (no host part in the URL). Remove the rpcap://, and
2652 * fall through to the regular open path.
2653 */
2654 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) {
2655 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1;
2656
2657 if (len > 0)
2658 device += strlen(PCAP_SRC_IF_STRING);
2659 }
2660 }
2661 #endif /* ENABLE_REMOTE */
2662
2663 p = pcap_create(device, errbuf);
2664 if (p == NULL)
2665 return (NULL);
2666 status = pcap_set_snaplen(p, snaplen);
2667 if (status < 0)
2668 goto fail;
2669 status = pcap_set_promisc(p, promisc);
2670 if (status < 0)
2671 goto fail;
2672 status = pcap_set_timeout(p, to_ms);
2673 if (status < 0)
2674 goto fail;
2675 /*
2676 * Mark this as opened with pcap_open_live(), so that, for
2677 * example, we show the full list of DLT_ values, rather
2678 * than just the ones that are compatible with capturing
2679 * when not in monitor mode. That allows existing applications
2680 * to work the way they used to work, but allows new applications
2681 * that know about the new open API to, for example, find out the
2682 * DLT_ values that they can select without changing whether
2683 * the adapter is in monitor mode or not.
2684 */
2685 p->oldstyle = 1;
2686 status = pcap_activate(p);
2687 if (status < 0)
2688 goto fail;
2689 return (p);
2690 fail:
2691 if (status == PCAP_ERROR)
2692 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %.*s", device,
2693 PCAP_ERRBUF_SIZE - 3, p->errbuf);
2694 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
2695 status == PCAP_ERROR_PERM_DENIED ||
2696 status == PCAP_ERROR_PROMISC_PERM_DENIED)
2697 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%.*s)", device,
2698 pcap_statustostr(status), PCAP_ERRBUF_SIZE - 6, p->errbuf);
2699 else
2700 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
2701 pcap_statustostr(status));
2702 pcap_close(p);
2703 return (NULL);
2704 }
2705
2706 pcap_t *
2707 pcap_open_offline_common(char *ebuf, size_t size)
2708 {
2709 pcap_t *p;
2710
2711 p = pcap_alloc_pcap_t(ebuf, size);
2712 if (p == NULL)
2713 return (NULL);
2714
2715 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
2716
2717 return (p);
2718 }
2719
2720 int
2721 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
2722 {
2723 return (p->read_op(p, cnt, callback, user));
2724 }
2725
2726 int
2727 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
2728 {
2729 register int n;
2730
2731 for (;;) {
2732 if (p->rfile != NULL) {
2733 /*
2734 * 0 means EOF, so don't loop if we get 0.
2735 */
2736 n = pcap_offline_read(p, cnt, callback, user);
2737 } else {
2738 /*
2739 * XXX keep reading until we get something
2740 * (or an error occurs)
2741 */
2742 do {
2743 n = p->read_op(p, cnt, callback, user);
2744 } while (n == 0);
2745 }
2746 if (n <= 0)
2747 return (n);
2748 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
2749 cnt -= n;
2750 if (cnt <= 0)
2751 return (0);
2752 }
2753 }
2754 }
2755
2756 /*
2757 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
2758 */
2759 void
2760 pcap_breakloop(pcap_t *p)
2761 {
2762 p->breakloop_op(p);
2763 }
2764
2765 int
2766 pcap_datalink(pcap_t *p)
2767 {
2768 if (!p->activated)
2769 return (PCAP_ERROR_NOT_ACTIVATED);
2770 return (p->linktype);
2771 }
2772
2773 int
2774 pcap_datalink_ext(pcap_t *p)
2775 {
2776 if (!p->activated)
2777 return (PCAP_ERROR_NOT_ACTIVATED);
2778 return (p->linktype_ext);
2779 }
2780
2781 int
2782 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
2783 {
2784 if (!p->activated)
2785 return (PCAP_ERROR_NOT_ACTIVATED);
2786 if (p->dlt_count == 0) {
2787 /*
2788 * We couldn't fetch the list of DLTs, which means
2789 * this platform doesn't support changing the
2790 * DLT for an interface. Return a list of DLTs
2791 * containing only the DLT this device supports.
2792 */
2793 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
2794 if (*dlt_buffer == NULL) {
2795 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf),
2796 errno, "malloc");
2797 return (PCAP_ERROR);
2798 }
2799 **dlt_buffer = p->linktype;
2800 return (1);
2801 } else {
2802 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
2803 if (*dlt_buffer == NULL) {
2804 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf),
2805 errno, "malloc");
2806 return (PCAP_ERROR);
2807 }
2808 (void)memcpy(*dlt_buffer, p->dlt_list,
2809 sizeof(**dlt_buffer) * p->dlt_count);
2810 return (p->dlt_count);
2811 }
2812 }
2813
2814 /*
2815 * In Windows, you might have a library built with one version of the
2816 * C runtime library and an application built with another version of
2817 * the C runtime library, which means that the library might use one
2818 * version of malloc() and free() and the application might use another
2819 * version of malloc() and free(). If so, that means something
2820 * allocated by the library cannot be freed by the application, so we
2821 * need to have a pcap_free_datalinks() routine to free up the list
2822 * allocated by pcap_list_datalinks(), even though it's just a wrapper
2823 * around free().
2824 */
2825 void
2826 pcap_free_datalinks(int *dlt_list)
2827 {
2828 free(dlt_list);
2829 }
2830
2831 int
2832 pcap_set_datalink(pcap_t *p, int dlt)
2833 {
2834 int i;
2835 const char *dlt_name;
2836
2837 if (dlt < 0)
2838 goto unsupported;
2839
2840 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
2841 /*
2842 * We couldn't fetch the list of DLTs, or we don't
2843 * have a "set datalink" operation, which means
2844 * this platform doesn't support changing the
2845 * DLT for an interface. Check whether the new
2846 * DLT is the one this interface supports.
2847 */
2848 if (p->linktype != dlt)
2849 goto unsupported;
2850
2851 /*
2852 * It is, so there's nothing we need to do here.
2853 */
2854 return (0);
2855 }
2856 for (i = 0; i < p->dlt_count; i++)
2857 if (p->dlt_list[i] == (u_int)dlt)
2858 break;
2859 if (i >= p->dlt_count)
2860 goto unsupported;
2861 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
2862 dlt == DLT_DOCSIS) {
2863 /*
2864 * This is presumably an Ethernet device, as the first
2865 * link-layer type it offers is DLT_EN10MB, and the only
2866 * other type it offers is DLT_DOCSIS. That means that
2867 * we can't tell the driver to supply DOCSIS link-layer
2868 * headers - we're just pretending that's what we're
2869 * getting, as, presumably, we're capturing on a dedicated
2870 * link to a Cisco Cable Modem Termination System, and
2871 * it's putting raw DOCSIS frames on the wire inside low-level
2872 * Ethernet framing.
2873 */
2874 p->linktype = dlt;
2875 return (0);
2876 }
2877 if (p->set_datalink_op(p, dlt) == -1)
2878 return (-1);
2879 p->linktype = dlt;
2880 return (0);
2881
2882 unsupported:
2883 dlt_name = pcap_datalink_val_to_name(dlt);
2884 if (dlt_name != NULL) {
2885 (void) snprintf(p->errbuf, sizeof(p->errbuf),
2886 "%s is not one of the DLTs supported by this device",
2887 dlt_name);
2888 } else {
2889 (void) snprintf(p->errbuf, sizeof(p->errbuf),
2890 "DLT %d is not one of the DLTs supported by this device",
2891 dlt);
2892 }
2893 return (-1);
2894 }
2895
2896 /*
2897 * This array is designed for mapping upper and lower case letter
2898 * together for a case independent comparison. The mappings are
2899 * based upon ascii character sequences.
2900 */
2901 static const u_char charmap[] = {
2902 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
2903 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
2904 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
2905 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
2906 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
2907 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
2908 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
2909 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
2910 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
2911 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
2912 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
2913 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
2914 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
2915 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
2916 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
2917 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
2918 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
2919 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
2920 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
2921 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
2922 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
2923 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
2924 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
2925 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
2926 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
2927 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
2928 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
2929 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
2930 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
2931 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
2932 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
2933 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
2934 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
2935 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
2936 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
2937 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
2938 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
2939 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
2940 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
2941 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
2942 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
2943 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
2944 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
2945 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
2946 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
2947 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
2948 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
2949 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
2950 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
2951 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
2952 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
2953 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
2954 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
2955 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
2956 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
2957 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
2958 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
2959 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
2960 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
2961 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
2962 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
2963 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
2964 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
2965 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
2966 };
2967
2968 int
2969 pcap_strcasecmp(const char *s1, const char *s2)
2970 {
2971 register const u_char *cm = charmap,
2972 *us1 = (const u_char *)s1,
2973 *us2 = (const u_char *)s2;
2974
2975 while (cm[*us1] == cm[*us2++])
2976 if (*us1++ == '\0')
2977 return(0);
2978 return (cm[*us1] - cm[*--us2]);
2979 }
2980
2981 struct dlt_choice {
2982 const char *name;
2983 const char *description;
2984 int dlt;
2985 };
2986
2987 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code }
2988 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
2989
2990 static struct dlt_choice dlt_choices[] = {
2991 DLT_CHOICE(NULL, "BSD loopback"),
2992 DLT_CHOICE(EN10MB, "Ethernet"),
2993 DLT_CHOICE(IEEE802, "Token ring"),
2994 DLT_CHOICE(ARCNET, "BSD ARCNET"),
2995 DLT_CHOICE(SLIP, "SLIP"),
2996 DLT_CHOICE(PPP, "PPP"),
2997 DLT_CHOICE(FDDI, "FDDI"),
2998 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
2999 DLT_CHOICE(RAW, "Raw IP"),
3000 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"),
3001 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"),
3002 DLT_CHOICE(ATM_CLIP, "Linux Classical IP over ATM"),
3003 DLT_CHOICE(PPP_SERIAL, "PPP over serial"),
3004 DLT_CHOICE(PPP_ETHER, "PPPoE"),
3005 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"),
3006 DLT_CHOICE(C_HDLC, "Cisco HDLC"),
3007 DLT_CHOICE(IEEE802_11, "802.11"),
3008 DLT_CHOICE(FRELAY, "Frame Relay"),
3009 DLT_CHOICE(LOOP, "OpenBSD loopback"),
3010 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"),
3011 DLT_CHOICE(LINUX_SLL, "Linux cooked v1"),
3012 DLT_CHOICE(LTALK, "Localtalk"),
3013 DLT_CHOICE(PFLOG, "OpenBSD pflog file"),
3014 DLT_CHOICE(PFSYNC, "Packet filter state syncing"),
3015 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"),
3016 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
3017 DLT_CHOICE(SUNATM, "Sun raw ATM"),
3018 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"),
3019 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"),
3020 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
3021 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
3022 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"),
3023 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"),
3024 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
3025 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"),
3026 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
3027 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"),
3028 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
3029 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
3030 DLT_CHOICE(MTP2, "SS7 MTP2"),
3031 DLT_CHOICE(MTP3, "SS7 MTP3"),
3032 DLT_CHOICE(SCCP, "SS7 SCCP"),
3033 DLT_CHOICE(DOCSIS, "DOCSIS"),
3034 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"),
3035 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
3036 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
3037 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"),
3038 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"),
3039 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"),
3040 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
3041 DLT_CHOICE(GPRS_LLC, "GPRS LLC"),
3042 DLT_CHOICE(GPF_T, "GPF-T"),
3043 DLT_CHOICE(GPF_F, "GPF-F"),
3044 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"),
3045 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"),
3046 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"),
3047 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"),
3048 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"),
3049 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"),
3050 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"),
3051 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"),
3052 DLT_CHOICE(MFR, "FRF.16 Frame Relay"),
3053 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"),
3054 DLT_CHOICE(A429, "Arinc 429"),
3055 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"),
3056 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"),
3057 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
3058 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
3059 DLT_CHOICE(USB_LINUX, "USB with Linux header"),
3060 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"),
3061 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
3062 DLT_CHOICE(PPI, "Per-Packet Information"),
3063 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
3064 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"),
3065 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"),
3066 DLT_CHOICE(SITA, "SITA pseudo-header"),
3067 DLT_CHOICE(ERF, "Endace ERF header"),
3068 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"),
3069 DLT_CHOICE(IPMB_KONTRON, "IPMB with Kontron pseudo-header"),
3070 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"),
3071 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
3072 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"),
3073 DLT_CHOICE(IPMB_LINUX, "IPMB with Linux/Pigeon Point pseudo-header"),
3074 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
3075 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"),
3076 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"),
3077 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"),
3078 DLT_CHOICE(DECT, "DECT"),
3079 DLT_CHOICE(AOS, "AOS Space Data Link protocol"),
3080 DLT_CHOICE(WIHART, "Wireless HART"),
3081 DLT_CHOICE(FC_2, "Fibre Channel FC-2"),
3082 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
3083 DLT_CHOICE(IPNET, "Solaris ipnet"),
3084 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
3085 DLT_CHOICE(IPV4, "Raw IPv4"),
3086 DLT_CHOICE(IPV6, "Raw IPv6"),
3087 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
3088 DLT_CHOICE(DBUS, "D-Bus"),
3089 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"),
3090 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"),
3091 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
3092 DLT_CHOICE(DVB_CI, "DVB-CI"),
3093 DLT_CHOICE(MUX27010, "MUX27010"),
3094 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
3095 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
3096 DLT_CHOICE(NFLOG, "Linux netfilter log messages"),
3097 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
3098 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
3099 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"),
3100 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"),
3101 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"),
3102 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
3103 DLT_CHOICE(INFINIBAND, "InfiniBand"),
3104 DLT_CHOICE(SCTP, "SCTP"),
3105 DLT_CHOICE(USBPCAP, "USB with USBPcap header"),
3106 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
3107 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
3108 DLT_CHOICE(NETLINK, "Linux netlink"),
3109 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
3110 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
3111 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
3112 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"),
3113 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"),
3114 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
3115 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"),
3116 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"),
3117 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"),
3118 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"),
3119 DLT_CHOICE(ISO_14443, "ISO 14443 messages"),
3120 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"),
3121 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"),
3122 DLT_CHOICE(OPENFLOW, "OpenBSD DLT_OPENFLOW"),
3123 DLT_CHOICE(SDLC, "IBM SDLC frames"),
3124 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"),
3125 DLT_CHOICE(VSOCK, "Linux vsock"),
3126 DLT_CHOICE(NORDIC_BLE, "Nordic Semiconductor Bluetooth LE sniffer frames"),
3127 DLT_CHOICE(DOCSIS31_XRA31, "Excentis XRA-31 DOCSIS 3.1 RF sniffer frames"),
3128 DLT_CHOICE(ETHERNET_MPACKET, "802.3br mPackets"),
3129 DLT_CHOICE(DISPLAYPORT_AUX, "DisplayPort AUX channel monitoring data"),
3130 DLT_CHOICE(LINUX_SLL2, "Linux cooked v2"),
3131 DLT_CHOICE(OPENVIZSLA, "OpenVizsla USB"),
3132 DLT_CHOICE(EBHSCR, "Elektrobit High Speed Capture and Replay (EBHSCR)"),
3133 DLT_CHOICE(VPP_DISPATCH, "VPP graph dispatch tracer"),
3134 DLT_CHOICE(DSA_TAG_BRCM, "Broadcom tag"),
3135 DLT_CHOICE(DSA_TAG_BRCM_PREPEND, "Broadcom tag (prepended)"),
3136 DLT_CHOICE(IEEE802_15_4_TAP, "IEEE 802.15.4 with pseudo-header"),
3137 DLT_CHOICE(DSA_TAG_DSA, "Marvell DSA"),
3138 DLT_CHOICE(DSA_TAG_EDSA, "Marvell EDSA"),
3139 DLT_CHOICE(ELEE, "ELEE lawful intercept packets"),
3140 DLT_CHOICE(Z_WAVE_SERIAL, "Z-Wave serial frames between host and chip"),
3141 DLT_CHOICE(USB_2_0, "USB 2.0/1.1/1.0 as transmitted over the cable"),
3142 DLT_CHOICE(ATSC_ALP, "ATSC Link-Layer Protocol packets"),
3143 DLT_CHOICE_SENTINEL
3144 };
3145
3146 int
3147 pcap_datalink_name_to_val(const char *name)
3148 {
3149 int i;
3150
3151 for (i = 0; dlt_choices[i].name != NULL; i++) {
3152 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0)
3153 return (dlt_choices[i].dlt);
3154 }
3155 return (-1);
3156 }
3157
3158 const char *
3159 pcap_datalink_val_to_name(int dlt)
3160 {
3161 int i;
3162
3163 for (i = 0; dlt_choices[i].name != NULL; i++) {
3164 if (dlt_choices[i].dlt == dlt)
3165 return (dlt_choices[i].name);
3166 }
3167 return (NULL);
3168 }
3169
3170 const char *
3171 pcap_datalink_val_to_description(int dlt)
3172 {
3173 int i;
3174
3175 for (i = 0; dlt_choices[i].name != NULL; i++) {
3176 if (dlt_choices[i].dlt == dlt)
3177 return (dlt_choices[i].description);
3178 }
3179 return (NULL);
3180 }
3181
3182 const char *
3183 pcap_datalink_val_to_description_or_dlt(int dlt)
3184 {
3185 static char unkbuf[40];
3186 const char *description;
3187
3188 description = pcap_datalink_val_to_description(dlt);
3189 if (description != NULL) {
3190 return description;
3191 } else {
3192 (void)snprintf(unkbuf, sizeof(unkbuf), "DLT %u", dlt);
3193 return unkbuf;
3194 }
3195 }
3196
3197 struct tstamp_type_choice {
3198 const char *name;
3199 const char *description;
3200 int type;
3201 };
3202
3203 static struct tstamp_type_choice tstamp_type_choices[] = {
3204 { "host", "Host", PCAP_TSTAMP_HOST },
3205 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
3206 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
3207 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
3208 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
3209 { "host_hiprec_unsynced", "Host, high precision, not synced with system time", PCAP_TSTAMP_HOST_HIPREC_UNSYNCED },
3210 { NULL, NULL, 0 }
3211 };
3212
3213 int
3214 pcap_tstamp_type_name_to_val(const char *name)
3215 {
3216 int i;
3217
3218 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
3219 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
3220 return (tstamp_type_choices[i].type);
3221 }
3222 return (PCAP_ERROR);
3223 }
3224
3225 const char *
3226 pcap_tstamp_type_val_to_name(int tstamp_type)
3227 {
3228 int i;
3229
3230 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
3231 if (tstamp_type_choices[i].type == tstamp_type)
3232 return (tstamp_type_choices[i].name);
3233 }
3234 return (NULL);
3235 }
3236
3237 const char *
3238 pcap_tstamp_type_val_to_description(int tstamp_type)
3239 {
3240 int i;
3241
3242 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
3243 if (tstamp_type_choices[i].type == tstamp_type)
3244 return (tstamp_type_choices[i].description);
3245 }
3246 return (NULL);
3247 }
3248
3249 int
3250 pcap_snapshot(pcap_t *p)
3251 {
3252 if (!p->activated)
3253 return (PCAP_ERROR_NOT_ACTIVATED);
3254 return (p->snapshot);
3255 }
3256
3257 int
3258 pcap_is_swapped(pcap_t *p)
3259 {
3260 if (!p->activated)
3261 return (PCAP_ERROR_NOT_ACTIVATED);
3262 return (p->swapped);
3263 }
3264
3265 int
3266 pcap_major_version(pcap_t *p)
3267 {
3268 if (!p->activated)
3269 return (PCAP_ERROR_NOT_ACTIVATED);
3270 return (p->version_major);
3271 }
3272
3273 int
3274 pcap_minor_version(pcap_t *p)
3275 {
3276 if (!p->activated)
3277 return (PCAP_ERROR_NOT_ACTIVATED);
3278 return (p->version_minor);
3279 }
3280
3281 int
3282 pcap_bufsize(pcap_t *p)
3283 {
3284 if (!p->activated)
3285 return (PCAP_ERROR_NOT_ACTIVATED);
3286 return (p->bufsize);
3287 }
3288
3289 FILE *
3290 pcap_file(pcap_t *p)
3291 {
3292 return (p->rfile);
3293 }
3294
3295 int
3296 pcap_fileno(pcap_t *p)
3297 {
3298 #ifndef _WIN32
3299 return (p->fd);
3300 #else
3301 if (p->handle != INVALID_HANDLE_VALUE)
3302 return ((int)(DWORD)p->handle);
3303 else
3304 return (PCAP_ERROR);
3305 #endif
3306 }
3307
3308 #if !defined(_WIN32) && !defined(MSDOS)
3309 int
3310 pcap_get_selectable_fd(pcap_t *p)
3311 {
3312 return (p->selectable_fd);
3313 }
3314
3315 const struct timeval *
3316 pcap_get_required_select_timeout(pcap_t *p)
3317 {
3318 return (p->required_select_timeout);
3319 }
3320 #endif
3321
3322 void
3323 pcap_perror(pcap_t *p, const char *prefix)
3324 {
3325 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
3326 }
3327
3328 char *
3329 pcap_geterr(pcap_t *p)
3330 {
3331 return (p->errbuf);
3332 }
3333
3334 int
3335 pcap_getnonblock(pcap_t *p, char *errbuf)
3336 {
3337 int ret;
3338
3339 ret = p->getnonblock_op(p);
3340 if (ret == -1) {
3341 /*
3342 * The get nonblock operation sets p->errbuf; this
3343 * function *shouldn't* have had a separate errbuf
3344 * argument, as it didn't need one, but I goofed
3345 * when adding it.
3346 *
3347 * We copy the error message to errbuf, so callers
3348 * can find it in either place.
3349 */
3350 pcap_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
3351 }
3352 return (ret);
3353 }
3354
3355 /*
3356 * Get the current non-blocking mode setting, under the assumption that
3357 * it's just the standard POSIX non-blocking flag.
3358 */
3359 #if !defined(_WIN32) && !defined(MSDOS)
3360 int
3361 pcap_getnonblock_fd(pcap_t *p)
3362 {
3363 int fdflags;
3364
3365 fdflags = fcntl(p->fd, F_GETFL, 0);
3366 if (fdflags == -1) {
3367 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3368 errno, "F_GETFL");
3369 return (-1);
3370 }
3371 if (fdflags & O_NONBLOCK)
3372 return (1);
3373 else
3374 return (0);
3375 }
3376 #endif
3377
3378 int
3379 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
3380 {
3381 int ret;
3382
3383 ret = p->setnonblock_op(p, nonblock);
3384 if (ret == -1) {
3385 /*
3386 * The set nonblock operation sets p->errbuf; this
3387 * function *shouldn't* have had a separate errbuf
3388 * argument, as it didn't need one, but I goofed
3389 * when adding it.
3390 *
3391 * We copy the error message to errbuf, so callers
3392 * can find it in either place.
3393 */
3394 pcap_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
3395 }
3396 return (ret);
3397 }
3398
3399 #if !defined(_WIN32) && !defined(MSDOS)
3400 /*
3401 * Set non-blocking mode, under the assumption that it's just the
3402 * standard POSIX non-blocking flag. (This can be called by the
3403 * per-platform non-blocking-mode routine if that routine also
3404 * needs to do some additional work.)
3405 */
3406 int
3407 pcap_setnonblock_fd(pcap_t *p, int nonblock)
3408 {
3409 int fdflags;
3410
3411 fdflags = fcntl(p->fd, F_GETFL, 0);
3412 if (fdflags == -1) {
3413 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3414 errno, "F_GETFL");
3415 return (-1);
3416 }
3417 if (nonblock)
3418 fdflags |= O_NONBLOCK;
3419 else
3420 fdflags &= ~O_NONBLOCK;
3421 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
3422 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3423 errno, "F_SETFL");
3424 return (-1);
3425 }
3426 return (0);
3427 }
3428 #endif
3429
3430 /*
3431 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
3432 */
3433 const char *
3434 pcap_statustostr(int errnum)
3435 {
3436 static char ebuf[15+10+1];
3437
3438 switch (errnum) {
3439
3440 case PCAP_WARNING:
3441 return("Generic warning");
3442
3443 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
3444 return ("That type of time stamp is not supported by that device");
3445
3446 case PCAP_WARNING_PROMISC_NOTSUP:
3447 return ("That device doesn't support promiscuous mode");
3448
3449 case PCAP_ERROR:
3450 return("Generic error");
3451
3452 case PCAP_ERROR_BREAK:
3453 return("Loop terminated by pcap_breakloop");
3454
3455 case PCAP_ERROR_NOT_ACTIVATED:
3456 return("The pcap_t has not been activated");
3457
3458 case PCAP_ERROR_ACTIVATED:
3459 return ("The setting can't be changed after the pcap_t is activated");
3460
3461 case PCAP_ERROR_NO_SUCH_DEVICE:
3462 return ("No such device exists");
3463
3464 case PCAP_ERROR_RFMON_NOTSUP:
3465 return ("That device doesn't support monitor mode");
3466
3467 case PCAP_ERROR_NOT_RFMON:
3468 return ("That operation is supported only in monitor mode");
3469
3470 case PCAP_ERROR_PERM_DENIED:
3471 return ("You don't have permission to capture on that device");
3472
3473 case PCAP_ERROR_IFACE_NOT_UP:
3474 return ("That device is not up");
3475
3476 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
3477 return ("That device doesn't support setting the time stamp type");
3478
3479 case PCAP_ERROR_PROMISC_PERM_DENIED:
3480 return ("You don't have permission to capture in promiscuous mode on that device");
3481
3482 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
3483 return ("That device doesn't support that time stamp precision");
3484 }
3485 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
3486 return(ebuf);
3487 }
3488
3489 /*
3490 * Not all systems have strerror().
3491 */
3492 const char *
3493 pcap_strerror(int errnum)
3494 {
3495 #ifdef HAVE_STRERROR
3496 #ifdef _WIN32
3497 static char errbuf[PCAP_ERRBUF_SIZE];
3498 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum);
3499
3500 if (err != 0) /* err = 0 if successful */
3501 pcap_strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE);
3502 return (errbuf);
3503 #else
3504 return (strerror(errnum));
3505 #endif /* _WIN32 */
3506 #else
3507 extern int sys_nerr;
3508 extern const char *const sys_errlist[];
3509 static char errbuf[PCAP_ERRBUF_SIZE];
3510
3511 if ((unsigned int)errnum < sys_nerr)
3512 return ((char *)sys_errlist[errnum]);
3513 (void)snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum);
3514 return (errbuf);
3515 #endif
3516 }
3517
3518 int
3519 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
3520 {
3521 return (p->setfilter_op(p, fp));
3522 }
3523
3524 /*
3525 * Set direction flag, which controls whether we accept only incoming
3526 * packets, only outgoing packets, or both.
3527 * Note that, depending on the platform, some or all direction arguments
3528 * might not be supported.
3529 */
3530 int
3531 pcap_setdirection(pcap_t *p, pcap_direction_t d)
3532 {
3533 if (p->setdirection_op == NULL) {
3534 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3535 "Setting direction is not supported on this device");
3536 return (-1);
3537 } else {
3538 switch (d) {
3539
3540 case PCAP_D_IN:
3541 case PCAP_D_OUT:
3542 case PCAP_D_INOUT:
3543 /*
3544 * Valid direction.
3545 */
3546 return (p->setdirection_op(p, d));
3547
3548 default:
3549 /*
3550 * Invalid direction.
3551 */
3552 snprintf(p->errbuf, sizeof(p->errbuf),
3553 "Invalid direction");
3554 return (-1);
3555 }
3556 }
3557 }
3558
3559 int
3560 pcap_stats(pcap_t *p, struct pcap_stat *ps)
3561 {
3562 return (p->stats_op(p, ps));
3563 }
3564
3565 #ifdef _WIN32
3566 struct pcap_stat *
3567 pcap_stats_ex(pcap_t *p, int *pcap_stat_size)
3568 {
3569 return (p->stats_ex_op(p, pcap_stat_size));
3570 }
3571
3572 int
3573 pcap_setbuff(pcap_t *p, int dim)
3574 {
3575 return (p->setbuff_op(p, dim));
3576 }
3577
3578 int
3579 pcap_setmode(pcap_t *p, int mode)
3580 {
3581 return (p->setmode_op(p, mode));
3582 }
3583
3584 int
3585 pcap_setmintocopy(pcap_t *p, int size)
3586 {
3587 return (p->setmintocopy_op(p, size));
3588 }
3589
3590 HANDLE
3591 pcap_getevent(pcap_t *p)
3592 {
3593 return (p->getevent_op(p));
3594 }
3595
3596 int
3597 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
3598 {
3599 return (p->oid_get_request_op(p, oid, data, lenp));
3600 }
3601
3602 int
3603 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp)
3604 {
3605 return (p->oid_set_request_op(p, oid, data, lenp));
3606 }
3607
3608 pcap_send_queue *
3609 pcap_sendqueue_alloc(u_int memsize)
3610 {
3611 pcap_send_queue *tqueue;
3612
3613 /* Allocate the queue */
3614 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue));
3615 if (tqueue == NULL){
3616 return (NULL);
3617 }
3618
3619 /* Allocate the buffer */
3620 tqueue->buffer = (char *)malloc(memsize);
3621 if (tqueue->buffer == NULL) {
3622 free(tqueue);
3623 return (NULL);
3624 }
3625
3626 tqueue->maxlen = memsize;
3627 tqueue->len = 0;
3628
3629 return (tqueue);
3630 }
3631
3632 void
3633 pcap_sendqueue_destroy(pcap_send_queue *queue)
3634 {
3635 free(queue->buffer);
3636 free(queue);
3637 }
3638
3639 int
3640 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
3641 {
3642 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){
3643 return (-1);
3644 }
3645
3646 /* Copy the pcap_pkthdr header*/
3647 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr));
3648 queue->len += sizeof(struct pcap_pkthdr);
3649
3650 /* copy the packet */
3651 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen);
3652 queue->len += pkt_header->caplen;
3653
3654 return (0);
3655 }
3656
3657 u_int
3658 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync)
3659 {
3660 return (p->sendqueue_transmit_op(p, queue, sync));
3661 }
3662
3663 int
3664 pcap_setuserbuffer(pcap_t *p, int size)
3665 {
3666 return (p->setuserbuffer_op(p, size));
3667 }
3668
3669 int
3670 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks)
3671 {
3672 return (p->live_dump_op(p, filename, maxsize, maxpacks));
3673 }
3674
3675 int
3676 pcap_live_dump_ended(pcap_t *p, int sync)
3677 {
3678 return (p->live_dump_ended_op(p, sync));
3679 }
3680
3681 PAirpcapHandle
3682 pcap_get_airpcap_handle(pcap_t *p)
3683 {
3684 PAirpcapHandle handle;
3685
3686 handle = p->get_airpcap_handle_op(p);
3687 if (handle == NULL) {
3688 (void)snprintf(p->errbuf, sizeof(p->errbuf),
3689 "This isn't an AirPcap device");
3690 }
3691 return (handle);
3692 }
3693 #endif
3694
3695 /*
3696 * On some platforms, we need to clean up promiscuous or monitor mode
3697 * when we close a device - and we want that to happen even if the
3698 * application just exits without explicitl closing devices.
3699 * On those platforms, we need to register a "close all the pcaps"
3700 * routine to be called when we exit, and need to maintain a list of
3701 * pcaps that need to be closed to clean up modes.
3702 *
3703 * XXX - not thread-safe.
3704 */
3705
3706 /*
3707 * List of pcaps on which we've done something that needs to be
3708 * cleaned up.
3709 * If there are any such pcaps, we arrange to call "pcap_close_all()"
3710 * when we exit, and have it close all of them.
3711 */
3712 static struct pcap *pcaps_to_close;
3713
3714 /*
3715 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
3716 * be called on exit.
3717 */
3718 static int did_atexit;
3719
3720 static void
3721 pcap_close_all(void)
3722 {
3723 struct pcap *handle;
3724
3725 while ((handle = pcaps_to_close) != NULL) {
3726 pcap_close(handle);
3727
3728 /*
3729 * If a pcap module adds a pcap_t to the "close all"
3730 * list by calling pcap_add_to_pcaps_to_close(), it
3731 * must have a cleanup routine that removes it from the
3732 * list, by calling pcap_remove_from_pcaps_to_close(),
3733 * and must make that cleanup routine the cleanup_op
3734 * for the pcap_t.
3735 *
3736 * That means that, after pcap_close() - which calls
3737 * the cleanup_op for the pcap_t - the pcap_t must
3738 * have been removed from the list, so pcaps_to_close
3739 * must not be equal to handle.
3740 *
3741 * We check for that, and abort if handle is still
3742 * at the head of the list, to prevent infinite loops.
3743 */
3744 if (pcaps_to_close == handle)
3745 abort();
3746 }
3747 }
3748
3749 int
3750 pcap_do_addexit(pcap_t *p)
3751 {
3752 /*
3753 * If we haven't already done so, arrange to have
3754 * "pcap_close_all()" called when we exit.
3755 */
3756 if (!did_atexit) {
3757 if (atexit(pcap_close_all) != 0) {
3758 /*
3759 * "atexit()" failed; let our caller know.
3760 */
3761 pcap_strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE);
3762 return (0);
3763 }
3764 did_atexit = 1;
3765 }
3766 return (1);
3767 }
3768
3769 void
3770 pcap_add_to_pcaps_to_close(pcap_t *p)
3771 {
3772 p->next = pcaps_to_close;
3773 pcaps_to_close = p;
3774 }
3775
3776 void
3777 pcap_remove_from_pcaps_to_close(pcap_t *p)
3778 {
3779 pcap_t *pc, *prevpc;
3780
3781 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
3782 prevpc = pc, pc = pc->next) {
3783 if (pc == p) {
3784 /*
3785 * Found it. Remove it from the list.
3786 */
3787 if (prevpc == NULL) {
3788 /*
3789 * It was at the head of the list.
3790 */
3791 pcaps_to_close = pc->next;
3792 } else {
3793 /*
3794 * It was in the middle of the list.
3795 */
3796 prevpc->next = pc->next;
3797 }
3798 break;
3799 }
3800 }
3801 }
3802
3803 void
3804 pcap_breakloop_common(pcap_t *p)
3805 {
3806 p->break_loop = 1;
3807 }
3808
3809
3810 void
3811 pcap_cleanup_live_common(pcap_t *p)
3812 {
3813 if (p->buffer != NULL) {
3814 free(p->buffer);
3815 p->buffer = NULL;
3816 }
3817 if (p->dlt_list != NULL) {
3818 free(p->dlt_list);
3819 p->dlt_list = NULL;
3820 p->dlt_count = 0;
3821 }
3822 if (p->tstamp_type_list != NULL) {
3823 free(p->tstamp_type_list);
3824 p->tstamp_type_list = NULL;
3825 p->tstamp_type_count = 0;
3826 }
3827 if (p->tstamp_precision_list != NULL) {
3828 free(p->tstamp_precision_list);
3829 p->tstamp_precision_list = NULL;
3830 p->tstamp_precision_count = 0;
3831 }
3832 pcap_freecode(&p->fcode);
3833 #if !defined(_WIN32) && !defined(MSDOS)
3834 if (p->fd >= 0) {
3835 close(p->fd);
3836 p->fd = -1;
3837 }
3838 p->selectable_fd = -1;
3839 #endif
3840 }
3841
3842 /*
3843 * API compatible with WinPcap's "send a packet" routine - returns -1
3844 * on error, 0 otherwise.
3845 *
3846 * XXX - what if we get a short write?
3847 */
3848 int
3849 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
3850 {
3851 if (size <= 0) {
3852 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3853 errno, "The number of bytes to be sent must be positive");
3854 return (PCAP_ERROR);
3855 }
3856
3857 if (p->inject_op(p, buf, size) == -1)
3858 return (-1);
3859 return (0);
3860 }
3861
3862 /*
3863 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
3864 * error, number of bytes written otherwise.
3865 */
3866 int
3867 pcap_inject(pcap_t *p, const void *buf, size_t size)
3868 {
3869 /*
3870 * We return the number of bytes written, so the number of
3871 * bytes to write must fit in an int.
3872 */
3873 if (size > INT_MAX) {
3874 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3875 errno, "More than %d bytes cannot be injected", INT_MAX);
3876 return (PCAP_ERROR);
3877 }
3878
3879 if (size == 0) {
3880 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3881 errno, "The number of bytes to be injected must not be zero");
3882 return (PCAP_ERROR);
3883 }
3884
3885 return (p->inject_op(p, buf, (int)size));
3886 }
3887
3888 void
3889 pcap_close(pcap_t *p)
3890 {
3891 if (p->opt.device != NULL)
3892 free(p->opt.device);
3893 p->cleanup_op(p);
3894 free(p);
3895 }
3896
3897 /*
3898 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
3899 * data for the packet, check whether the packet passes the filter.
3900 * Returns the return value of the filter program, which will be zero if
3901 * the packet doesn't pass and non-zero if the packet does pass.
3902 */
3903 int
3904 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
3905 const u_char *pkt)
3906 {
3907 const struct bpf_insn *fcode = fp->bf_insns;
3908
3909 if (fcode != NULL)
3910 return (pcap_filter(fcode, pkt, h->len, h->caplen));
3911 else
3912 return (0);
3913 }
3914
3915 static int
3916 pcap_can_set_rfmon_dead(pcap_t *p)
3917 {
3918 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3919 "Rfmon mode doesn't apply on a pcap_open_dead pcap_t");
3920 return (PCAP_ERROR);
3921 }
3922
3923 static int
3924 pcap_read_dead(pcap_t *p, int cnt _U_, pcap_handler callback _U_,
3925 u_char *user _U_)
3926 {
3927 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3928 "Packets aren't available from a pcap_open_dead pcap_t");
3929 return (-1);
3930 }
3931
3932 static int
3933 pcap_inject_dead(pcap_t *p, const void *buf _U_, int size _U_)
3934 {
3935 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3936 "Packets can't be sent on a pcap_open_dead pcap_t");
3937 return (-1);
3938 }
3939
3940 static int
3941 pcap_setfilter_dead(pcap_t *p, struct bpf_program *fp _U_)
3942 {
3943 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3944 "A filter cannot be set on a pcap_open_dead pcap_t");
3945 return (-1);
3946 }
3947
3948 static int
3949 pcap_setdirection_dead(pcap_t *p, pcap_direction_t d _U_)
3950 {
3951 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3952 "The packet direction cannot be set on a pcap_open_dead pcap_t");
3953 return (-1);
3954 }
3955
3956 static int
3957 pcap_set_datalink_dead(pcap_t *p, int dlt _U_)
3958 {
3959 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3960 "The link-layer header type cannot be set on a pcap_open_dead pcap_t");
3961 return (-1);
3962 }
3963
3964 static int
3965 pcap_getnonblock_dead(pcap_t *p)
3966 {
3967 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3968 "A pcap_open_dead pcap_t does not have a non-blocking mode setting");
3969 return (-1);
3970 }
3971
3972 static int
3973 pcap_setnonblock_dead(pcap_t *p, int nonblock _U_)
3974 {
3975 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3976 "A pcap_open_dead pcap_t does not have a non-blocking mode setting");
3977 return (-1);
3978 }
3979
3980 static int
3981 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
3982 {
3983 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3984 "Statistics aren't available from a pcap_open_dead pcap_t");
3985 return (-1);
3986 }
3987
3988 #ifdef _WIN32
3989 static struct pcap_stat *
3990 pcap_stats_ex_dead(pcap_t *p, int *pcap_stat_size _U_)
3991 {
3992 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3993 "Statistics aren't available from a pcap_open_dead pcap_t");
3994 return (NULL);
3995 }
3996
3997 static int
3998 pcap_setbuff_dead(pcap_t *p, int dim _U_)
3999 {
4000 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4001 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
4002 return (-1);
4003 }
4004
4005 static int
4006 pcap_setmode_dead(pcap_t *p, int mode _U_)
4007 {
4008 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4009 "impossible to set mode on a pcap_open_dead pcap_t");
4010 return (-1);
4011 }
4012
4013 static int
4014 pcap_setmintocopy_dead(pcap_t *p, int size _U_)
4015 {
4016 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4017 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
4018 return (-1);
4019 }
4020
4021 static HANDLE
4022 pcap_getevent_dead(pcap_t *p)
4023 {
4024 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4025 "A pcap_open_dead pcap_t has no event handle");
4026 return (INVALID_HANDLE_VALUE);
4027 }
4028
4029 static int
4030 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_,
4031 size_t *lenp _U_)
4032 {
4033 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4034 "An OID get request cannot be performed on a pcap_open_dead pcap_t");
4035 return (PCAP_ERROR);
4036 }
4037
4038 static int
4039 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
4040 size_t *lenp _U_)
4041 {
4042 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4043 "An OID set request cannot be performed on a pcap_open_dead pcap_t");
4044 return (PCAP_ERROR);
4045 }
4046
4047 static u_int
4048 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue _U_,
4049 int sync _U_)
4050 {
4051 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4052 "Packets cannot be transmitted on a pcap_open_dead pcap_t");
4053 return (0);
4054 }
4055
4056 static int
4057 pcap_setuserbuffer_dead(pcap_t *p, int size _U_)
4058 {
4059 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4060 "The user buffer cannot be set on a pcap_open_dead pcap_t");
4061 return (-1);
4062 }
4063
4064 static int
4065 pcap_live_dump_dead(pcap_t *p, char *filename _U_, int maxsize _U_,
4066 int maxpacks _U_)
4067 {
4068 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4069 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
4070 return (-1);
4071 }
4072
4073 static int
4074 pcap_live_dump_ended_dead(pcap_t *p, int sync _U_)
4075 {
4076 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4077 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
4078 return (-1);
4079 }
4080
4081 static PAirpcapHandle
4082 pcap_get_airpcap_handle_dead(pcap_t *p _U_)
4083 {
4084 return (NULL);
4085 }
4086 #endif /* _WIN32 */
4087
4088 static void
4089 pcap_cleanup_dead(pcap_t *p _U_)
4090 {
4091 /* Nothing to do. */
4092 }
4093
4094 pcap_t *
4095 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
4096 {
4097 pcap_t *p;
4098
4099 switch (precision) {
4100
4101 case PCAP_TSTAMP_PRECISION_MICRO:
4102 case PCAP_TSTAMP_PRECISION_NANO:
4103 break;
4104
4105 default:
4106 /*
4107 * This doesn't really matter, but we don't have any way
4108 * to report particular errors, so the only failure we
4109 * should have is a memory allocation failure. Just
4110 * pick microsecond precision.
4111 */
4112 precision = PCAP_TSTAMP_PRECISION_MICRO;
4113 break;
4114 }
4115 p = malloc(sizeof(*p));
4116 if (p == NULL)
4117 return NULL;
4118 memset (p, 0, sizeof(*p));
4119 p->snapshot = snaplen;
4120 p->linktype = linktype;
4121 p->opt.tstamp_precision = precision;
4122 p->can_set_rfmon_op = pcap_can_set_rfmon_dead;
4123 p->read_op = pcap_read_dead;
4124 p->inject_op = pcap_inject_dead;
4125 p->setfilter_op = pcap_setfilter_dead;
4126 p->setdirection_op = pcap_setdirection_dead;
4127 p->set_datalink_op = pcap_set_datalink_dead;
4128 p->getnonblock_op = pcap_getnonblock_dead;
4129 p->setnonblock_op = pcap_setnonblock_dead;
4130 p->stats_op = pcap_stats_dead;
4131 #ifdef _WIN32
4132 p->stats_ex_op = pcap_stats_ex_dead;
4133 p->setbuff_op = pcap_setbuff_dead;
4134 p->setmode_op = pcap_setmode_dead;
4135 p->setmintocopy_op = pcap_setmintocopy_dead;
4136 p->getevent_op = pcap_getevent_dead;
4137 p->oid_get_request_op = pcap_oid_get_request_dead;
4138 p->oid_set_request_op = pcap_oid_set_request_dead;
4139 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead;
4140 p->setuserbuffer_op = pcap_setuserbuffer_dead;
4141 p->live_dump_op = pcap_live_dump_dead;
4142 p->live_dump_ended_op = pcap_live_dump_ended_dead;
4143 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
4144 #endif
4145 p->cleanup_op = pcap_cleanup_dead;
4146
4147 /*
4148 * A "dead" pcap_t never requires special BPF code generation.
4149 */
4150 p->bpf_codegen_flags = 0;
4151
4152 p->activated = 1;
4153 return (p);
4154 }
4155
4156 pcap_t *
4157 pcap_open_dead(int linktype, int snaplen)
4158 {
4159 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
4160 PCAP_TSTAMP_PRECISION_MICRO));
4161 }
4162
4163 #ifdef YYDEBUG
4164 /*
4165 * Set the internal "debug printout" flag for the filter expression parser.
4166 * The code to print that stuff is present only if YYDEBUG is defined, so
4167 * the flag, and the routine to set it, are defined only if YYDEBUG is
4168 * defined.
4169 *
4170 * This is intended for libpcap developers, not for general use.
4171 * If you want to set these in a program, you'll have to declare this
4172 * routine yourself, with the appropriate DLL import attribute on Windows;
4173 * it's not declared in any header file, and won't be declared in any
4174 * header file provided by libpcap.
4175 */
4176 PCAP_API void pcap_set_parser_debug(int value);
4177
4178 PCAP_API_DEF void
4179 pcap_set_parser_debug(int value)
4180 {
4181 pcap_debug = value;
4182 }
4183 #endif
[mirror] the LIBpcap interface to various kernel packet capture mechanism