]> The Tcpdump Group git mirrors - libpcap/blob - pcap-bpf.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
When activating a device, return PCAP_ERROR_IFACE_NOT_UP if the device
[libpcap] / pcap-bpf.c
1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21 #ifndef lint
22 static const char rcsid[] _U_ =
23 "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.111 2008-07-01 08:02:33 guy Exp $ (LBL)";
24 #endif
25
26 #ifdef HAVE_CONFIG_H
27 #include "config.h"
28 #endif
29
30 #include <sys/param.h> /* optionally get BSD define */
31 #include <sys/time.h>
32 #include <sys/timeb.h>
33 #include <sys/socket.h>
34 #include <sys/file.h>
35 #include <sys/ioctl.h>
36 #include <sys/utsname.h>
37
38 #include <net/if.h>
39
40 #ifdef _AIX
41
42 /*
43 * Make "pcap.h" not include "pcap/bpf.h"; we are going to include the
44 * native OS version, as we need "struct bpf_config" from it.
45 */
46 #define PCAP_DONT_INCLUDE_PCAP_BPF_H
47
48 #include <sys/types.h>
49
50 /*
51 * Prevent bpf.h from redefining the DLT_ values to their
52 * IFT_ values, as we're going to return the standard libpcap
53 * values, not IBM's non-standard IFT_ values.
54 */
55 #undef _AIX
56 #include <net/bpf.h>
57 #define _AIX
58
59 #include <net/if_types.h> /* for IFT_ values */
60 #include <sys/sysconfig.h>
61 #include <sys/device.h>
62 #include <sys/cfgodm.h>
63 #include <cf.h>
64
65 #ifdef __64BIT__
66 #define domakedev makedev64
67 #define getmajor major64
68 #define bpf_hdr bpf_hdr32
69 #else /* __64BIT__ */
70 #define domakedev makedev
71 #define getmajor major
72 #endif /* __64BIT__ */
73
74 #define BPF_NAME "bpf"
75 #define BPF_MINORS 4
76 #define DRIVER_PATH "/usr/lib/drivers"
77 #define BPF_NODE "/dev/bpf"
78 static int bpfloadedflag = 0;
79 static int odmlockid = 0;
80
81 #else /* _AIX */
82
83 #include <net/bpf.h>
84
85 #endif /* _AIX */
86
87 #include <ctype.h>
88 #include <errno.h>
89 #include <netdb.h>
90 #include <stdio.h>
91 #include <stdlib.h>
92 #include <string.h>
93 #include <unistd.h>
94
95 #ifdef HAVE_NET_IF_MEDIA_H
96 # include <net/if_media.h>
97 #endif
98
99 #include "pcap-int.h"
100
101 #ifdef HAVE_DAG_API
102 #include "pcap-dag.h"
103 #endif /* HAVE_DAG_API */
104
105 #ifdef HAVE_OS_PROTO_H
106 #include "os-proto.h"
107 #endif
108
109 #ifdef BIOCGDLTLIST
110 # if (defined(HAVE_NET_IF_MEDIA_H) && defined(IFM_IEEE80211)) && !defined(__APPLE__)
111 #define HAVE_BSD_IEEE80211
112 # endif
113
114 # if defined(__APPLE__) || defined(HAVE_BSD_IEEE80211)
115 static int find_802_11(struct bpf_dltlist *);
116
117 # ifdef HAVE_BSD_IEEE80211
118 static int monitor_mode(pcap_t *, int);
119 # endif
120
121 # if defined(__APPLE__)
122 static void remove_en(pcap_t *);
123 static void remove_802_11(pcap_t *);
124 # endif
125
126 # endif /* defined(__APPLE__) || defined(HAVE_BSD_IEEE80211) */
127
128 #endif /* BIOCGDLTLIST */
129
130 /*
131 * We include the OS's <net/bpf.h>, not our "pcap/bpf.h", so we probably
132 * don't get DLT_DOCSIS defined.
133 */
134 #ifndef DLT_DOCSIS
135 #define DLT_DOCSIS 143
136 #endif
137
138 /*
139 * On OS X, we don't even get any of the 802.11-plus-radio-header DLT_'s
140 * defined, even though some of them are used by various Airport drivers.
141 */
142 #ifndef DLT_PRISM_HEADER
143 #define DLT_PRISM_HEADER 119
144 #endif
145 #ifndef DLT_AIRONET_HEADER
146 #define DLT_AIRONET_HEADER 120
147 #endif
148 #ifndef DLT_IEEE802_11_RADIO
149 #define DLT_IEEE802_11_RADIO 127
150 #endif
151 #ifndef DLT_IEEE802_11_RADIO_AVS
152 #define DLT_IEEE802_11_RADIO_AVS 163
153 #endif
154
155 static int pcap_can_set_rfmon_bpf(pcap_t *p);
156 static int pcap_activate_bpf(pcap_t *p);
157 static int pcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp);
158 static int pcap_setdirection_bpf(pcap_t *, pcap_direction_t);
159 static int pcap_set_datalink_bpf(pcap_t *p, int dlt);
160
161 pcap_t *
162 pcap_create(const char *device, char *ebuf)
163 {
164 pcap_t *p;
165
166 #ifdef HAVE_DAG_API
167 if (strstr(device, "dag"))
168 return (dag_create(device, ebuf));
169 #endif /* HAVE_DAG_API */
170
171 p = pcap_create_common(device, ebuf);
172 if (p == NULL)
173 return (NULL);
174
175 p->activate_op = pcap_activate_bpf;
176 p->can_set_rfmon_op = pcap_can_set_rfmon_bpf;
177 return (p);
178 }
179
180 static int
181 bpf_open(pcap_t *p)
182 {
183 int fd;
184 #ifdef HAVE_CLONING_BPF
185 static const char device[] = "/dev/bpf";
186 #else
187 int n = 0;
188 char device[sizeof "/dev/bpf0000000000"];
189 #endif
190
191 #ifdef _AIX
192 /*
193 * Load the bpf driver, if it isn't already loaded,
194 * and create the BPF device entries, if they don't
195 * already exist.
196 */
197 if (bpf_load(p->errbuf) == -1)
198 return (PCAP_ERROR);
199 #endif
200
201 #ifdef HAVE_CLONING_BPF
202 if ((fd = open(device, O_RDWR)) == -1 &&
203 (errno != EACCES || (fd = open(device, O_RDONLY)) == -1)) {
204 if (errno == EACCES)
205 fd = PCAP_ERROR_PERM_DENIED;
206 else
207 fd = PCAP_ERROR;
208 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
209 "(cannot open device) %s: %s", device, pcap_strerror(errno));
210 }
211 #else
212 /*
213 * Go through all the minors and find one that isn't in use.
214 */
215 do {
216 (void)snprintf(device, sizeof(device), "/dev/bpf%d", n++);
217 /*
218 * Initially try a read/write open (to allow the inject
219 * method to work). If that fails due to permission
220 * issues, fall back to read-only. This allows a
221 * non-root user to be granted specific access to pcap
222 * capabilities via file permissions.
223 *
224 * XXX - we should have an API that has a flag that
225 * controls whether to open read-only or read-write,
226 * so that denial of permission to send (or inability
227 * to send, if sending packets isn't supported on
228 * the device in question) can be indicated at open
229 * time.
230 */
231 fd = open(device, O_RDWR);
232 if (fd == -1 && errno == EACCES)
233 fd = open(device, O_RDONLY);
234 } while (fd < 0 && errno == EBUSY);
235
236 /*
237 * XXX better message for all minors used
238 */
239 if (fd < 0) {
240 if (errno == EACCES)
241 fd = PCAP_ERROR_PERM_DENIED;
242 else
243 fd = PCAP_ERROR;
244 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "(no devices found) %s: %s",
245 device, pcap_strerror(errno));
246 }
247 #endif
248
249 return (fd);
250 }
251
252 #ifdef BIOCGDLTLIST
253 static int
254 get_dlt_list(int fd, int v, struct bpf_dltlist *bdlp, char *ebuf)
255 {
256 memset(bdlp, 0, sizeof(*bdlp));
257 if (ioctl(fd, BIOCGDLTLIST, (caddr_t)bdlp) == 0) {
258 u_int i;
259 int is_ethernet;
260
261 bdlp->bfl_list = (u_int *) malloc(sizeof(u_int) * (bdlp->bfl_len + 1));
262 if (bdlp->bfl_list == NULL) {
263 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
264 pcap_strerror(errno));
265 return (-1);
266 }
267
268 if (ioctl(fd, BIOCGDLTLIST, (caddr_t)bdlp) < 0) {
269 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE,
270 "BIOCGDLTLIST: %s", pcap_strerror(errno));
271 free(bdlp->bfl_list);
272 return (-1);
273 }
274
275 /*
276 * OK, for real Ethernet devices, add DLT_DOCSIS to the
277 * list, so that an application can let you choose it,
278 * in case you're capturing DOCSIS traffic that a Cisco
279 * Cable Modem Termination System is putting out onto
280 * an Ethernet (it doesn't put an Ethernet header onto
281 * the wire, it puts raw DOCSIS frames out on the wire
282 * inside the low-level Ethernet framing).
283 *
284 * A "real Ethernet device" is defined here as a device
285 * that has a link-layer type of DLT_EN10MB and that has
286 * no alternate link-layer types; that's done to exclude
287 * 802.11 interfaces (which might or might not be the
288 * right thing to do, but I suspect it is - Ethernet <->
289 * 802.11 bridges would probably badly mishandle frames
290 * that don't have Ethernet headers).
291 */
292 if (v == DLT_EN10MB) {
293 is_ethernet = 1;
294 for (i = 0; i < bdlp->bfl_len; i++) {
295 if (bdlp->bfl_list[i] != DLT_EN10MB) {
296 is_ethernet = 0;
297 break;
298 }
299 }
300 if (is_ethernet) {
301 /*
302 * We reserved one more slot at the end of
303 * the list.
304 */
305 bdlp->bfl_list[bdlp->bfl_len] = DLT_DOCSIS;
306 bdlp->bfl_len++;
307 }
308 }
309 } else {
310 /*
311 * EINVAL just means "we don't support this ioctl on
312 * this device"; don't treat it as an error.
313 */
314 if (errno != EINVAL) {
315 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE,
316 "BIOCGDLTLIST: %s", pcap_strerror(errno));
317 return (-1);
318 }
319 }
320 return (0);
321 }
322 #endif
323
324 static int
325 pcap_can_set_rfmon_bpf(pcap_t *p)
326 {
327 #if defined(__APPLE__)
328 struct utsname osinfo;
329 struct ifreq ifr;
330 int fd;
331 #ifdef BIOCGDLTLIST
332 struct bpf_dltlist bdl;
333 #endif
334
335 /*
336 * The joys of monitor mode on OS X.
337 *
338 * Prior to 10.4, it's not supported at all.
339 *
340 * In 10.4, if adapter enN supports monitor mode, there's a
341 * wltN adapter corresponding to it; you open it, instead of
342 * enN, to get monitor mode. You get whatever link-layer
343 * headers it supplies.
344 *
345 * In 10.5, and, we assume, later releases, if adapter enN
346 * supports monitor mode, it offers, among its selectable
347 * DLT_ values, values that let you get the 802.11 header;
348 * selecting one of those values puts the adapter into monitor
349 * mode (i.e., you can't get 802.11 headers except in monitor
350 * mode, and you can't get Ethernet headers in monitor mode).
351 */
352 if (uname(&osinfo) == -1) {
353 /*
354 * Can't get the OS version; just say "no".
355 */
356 return (0);
357 }
358 /*
359 * We assume osinfo.sysname is "Darwin", because
360 * __APPLE__ is defined. We just check the version.
361 */
362 if (osinfo.release[0] < '8' && osinfo.release[1] == '.') {
363 /*
364 * 10.3 (Darwin 7.x) or earlier.
365 * Monitor mode not supported.
366 */
367 return (0);
368 }
369 if (osinfo.release[0] == '8' && osinfo.release[1] == '.') {
370 /*
371 * 10.4 (Darwin 8.x). s/en/wlt/, and check
372 * whether the device exists.
373 */
374 if (strncmp(p->opt.source, "en", 2) != 0) {
375 /*
376 * Not an enN device; no monitor mode.
377 */
378 return (0);
379 }
380 fd = socket(AF_INET, SOCK_DGRAM, 0);
381 if (fd == -1) {
382 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
383 "socket: %s", pcap_strerror(errno));
384 return (PCAP_ERROR);
385 }
386 strlcpy(ifr.ifr_name, "wlt", sizeof(ifr.ifr_name));
387 strlcat(ifr.ifr_name, p->opt.source + 2, sizeof(ifr.ifr_name));
388 if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) {
389 /*
390 * No such device?
391 */
392 close(fd);
393 return (0);
394 }
395 close(fd);
396 return (1);
397 }
398
399 #ifdef BIOCGDLTLIST
400 /*
401 * Everything else is 10.5 or later; for those,
402 * we just open the enN device, and check whether
403 * we have any 802.11 devices.
404 *
405 * First, open a BPF device.
406 */
407 fd = bpf_open(p);
408 if (fd < 0)
409 return (fd);
410
411 /*
412 * Now bind to the device.
413 */
414 (void)strncpy(ifr.ifr_name, p->opt.source, sizeof(ifr.ifr_name));
415 if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) {
416 if (errno == ENETDOWN) {
417 /*
418 * Return a "network down" indication, so that
419 * the application can report that rather than
420 * saying we had a mysterious failure and
421 * suggest that they report a problem to the
422 * libpcap developers.
423 */
424 close(fd);
425 return (PCAP_ERROR_IFACE_NOT_UP);
426 } else {
427 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
428 "BIOCSETIF: %s: %s",
429 p->opt.source, pcap_strerror(errno));
430 close(fd);
431 return (PCAP_ERROR);
432 }
433 }
434
435 /*
436 * We know the default link type -- now determine all the DLTs
437 * this interface supports. If this fails with EINVAL, it's
438 * not fatal; we just don't get to use the feature later.
439 * (We don't care about DLT_DOCSIS, so we pass DLT_NULL
440 * as the default DLT for this adapter.)
441 */
442 if (get_dlt_list(fd, DLT_NULL, &bdl, p->errbuf) == -1) {
443 close(fd);
444 return (PCAP_ERROR);
445 }
446 if (find_802_11(&bdl) != -1) {
447 /*
448 * We have an 802.11 DLT, so we can set monitor mode.
449 */
450 free(bdl.bfl_list);
451 close(fd);
452 return (1);
453 }
454 free(bdl.bfl_list);
455 #endif /* BIOCGDLTLIST */
456 return (0);
457 #elif defined(HAVE_BSD_IEEE80211)
458 int ret;
459
460 ret = monitor_mode(p, 0);
461 if (ret == PCAP_ERROR_RFMON_NOTSUP)
462 return (0); /* not an error, just a "can't do" */
463 if (ret == 0)
464 return (1); /* success */
465 return (ret);
466 #else
467 return (0);
468 #endif
469 }
470
471 static int
472 pcap_stats_bpf(pcap_t *p, struct pcap_stat *ps)
473 {
474 struct bpf_stat s;
475
476 /*
477 * "ps_recv" counts packets handed to the filter, not packets
478 * that passed the filter. This includes packets later dropped
479 * because we ran out of buffer space.
480 *
481 * "ps_drop" counts packets dropped inside the BPF device
482 * because we ran out of buffer space. It doesn't count
483 * packets dropped by the interface driver. It counts
484 * only packets that passed the filter.
485 *
486 * Both statistics include packets not yet read from the kernel
487 * by libpcap, and thus not yet seen by the application.
488 */
489 if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) {
490 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s",
491 pcap_strerror(errno));
492 return (-1);
493 }
494
495 ps->ps_recv = s.bs_recv;
496 ps->ps_drop = s.bs_drop;
497 return (0);
498 }
499
500 static int
501 pcap_read_bpf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
502 {
503 int cc;
504 int n = 0;
505 register u_char *bp, *ep;
506 u_char *datap;
507 #ifdef PCAP_FDDIPAD
508 register int pad;
509 #endif
510
511 again:
512 /*
513 * Has "pcap_breakloop()" been called?
514 */
515 if (p->break_loop) {
516 /*
517 * Yes - clear the flag that indicates that it
518 * has, and return -2 to indicate that we were
519 * told to break out of the loop.
520 */
521 p->break_loop = 0;
522 return (-2);
523 }
524 cc = p->cc;
525 if (p->cc == 0) {
526 cc = read(p->fd, (char *)p->buffer, p->bufsize);
527 if (cc < 0) {
528 /* Don't choke when we get ptraced */
529 switch (errno) {
530
531 case EINTR:
532 goto again;
533
534 #ifdef _AIX
535 case EFAULT:
536 /*
537 * Sigh. More AIX wonderfulness.
538 *
539 * For some unknown reason the uiomove()
540 * operation in the bpf kernel extension
541 * used to copy the buffer into user
542 * space sometimes returns EFAULT. I have
543 * no idea why this is the case given that
544 * a kernel debugger shows the user buffer
545 * is correct. This problem appears to
546 * be mostly mitigated by the memset of
547 * the buffer before it is first used.
548 * Very strange.... Shaun Clowes
549 *
550 * In any case this means that we shouldn't
551 * treat EFAULT as a fatal error; as we
552 * don't have an API for returning
553 * a "some packets were dropped since
554 * the last packet you saw" indication,
555 * we just ignore EFAULT and keep reading.
556 */
557 goto again;
558 #endif
559
560 case EWOULDBLOCK:
561 return (0);
562 #if defined(sun) && !defined(BSD)
563 /*
564 * Due to a SunOS bug, after 2^31 bytes, the kernel
565 * file offset overflows and read fails with EINVAL.
566 * The lseek() to 0 will fix things.
567 */
568 case EINVAL:
569 if (lseek(p->fd, 0L, SEEK_CUR) +
570 p->bufsize < 0) {
571 (void)lseek(p->fd, 0L, SEEK_SET);
572 goto again;
573 }
574 /* fall through */
575 #endif
576 }
577 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read: %s",
578 pcap_strerror(errno));
579 return (-1);
580 }
581 bp = p->buffer;
582 } else
583 bp = p->bp;
584
585 /*
586 * Loop through each packet.
587 */
588 #define bhp ((struct bpf_hdr *)bp)
589 ep = bp + cc;
590 #ifdef PCAP_FDDIPAD
591 pad = p->fddipad;
592 #endif
593 while (bp < ep) {
594 register int caplen, hdrlen;
595
596 /*
597 * Has "pcap_breakloop()" been called?
598 * If so, return immediately - if we haven't read any
599 * packets, clear the flag and return -2 to indicate
600 * that we were told to break out of the loop, otherwise
601 * leave the flag set, so that the *next* call will break
602 * out of the loop without having read any packets, and
603 * return the number of packets we've processed so far.
604 */
605 if (p->break_loop) {
606 if (n == 0) {
607 p->break_loop = 0;
608 return (-2);
609 } else {
610 p->bp = bp;
611 p->cc = ep - bp;
612 return (n);
613 }
614 }
615
616 caplen = bhp->bh_caplen;
617 hdrlen = bhp->bh_hdrlen;
618 datap = bp + hdrlen;
619 /*
620 * Short-circuit evaluation: if using BPF filter
621 * in kernel, no need to do it now - we already know
622 * the packet passed the filter.
623 *
624 #ifdef PCAP_FDDIPAD
625 * Note: the filter code was generated assuming
626 * that p->fddipad was the amount of padding
627 * before the header, as that's what's required
628 * in the kernel, so we run the filter before
629 * skipping that padding.
630 #endif
631 */
632 if (p->md.use_bpf ||
633 bpf_filter(p->fcode.bf_insns, datap, bhp->bh_datalen, caplen)) {
634 struct pcap_pkthdr pkthdr;
635
636 pkthdr.ts.tv_sec = bhp->bh_tstamp.tv_sec;
637 #ifdef _AIX
638 /*
639 * AIX's BPF returns seconds/nanoseconds time
640 * stamps, not seconds/microseconds time stamps.
641 */
642 pkthdr.ts.tv_usec = bhp->bh_tstamp.tv_usec/1000;
643 #else
644 pkthdr.ts.tv_usec = bhp->bh_tstamp.tv_usec;
645 #endif
646 #ifdef PCAP_FDDIPAD
647 if (caplen > pad)
648 pkthdr.caplen = caplen - pad;
649 else
650 pkthdr.caplen = 0;
651 if (bhp->bh_datalen > pad)
652 pkthdr.len = bhp->bh_datalen - pad;
653 else
654 pkthdr.len = 0;
655 datap += pad;
656 #else
657 pkthdr.caplen = caplen;
658 pkthdr.len = bhp->bh_datalen;
659 #endif
660 (*callback)(user, &pkthdr, datap);
661 bp += BPF_WORDALIGN(caplen + hdrlen);
662 if (++n >= cnt && cnt > 0) {
663 p->bp = bp;
664 p->cc = ep - bp;
665 return (n);
666 }
667 } else {
668 /*
669 * Skip this packet.
670 */
671 bp += BPF_WORDALIGN(caplen + hdrlen);
672 }
673 }
674 #undef bhp
675 p->cc = 0;
676 return (n);
677 }
678
679 static int
680 pcap_inject_bpf(pcap_t *p, const void *buf, size_t size)
681 {
682 int ret;
683
684 ret = write(p->fd, buf, size);
685 #ifdef __APPLE__
686 if (ret == -1 && errno == EAFNOSUPPORT) {
687 /*
688 * In Mac OS X, there's a bug wherein setting the
689 * BIOCSHDRCMPLT flag causes writes to fail; see,
690 * for example:
691 *
692 * http://cerberus.sourcefire.com/~jeff/archives/patches/macosx/BIOCSHDRCMPLT-10.3.3.patch
693 *
694 * So, if, on OS X, we get EAFNOSUPPORT from the write, we
695 * assume it's due to that bug, and turn off that flag
696 * and try again. If we succeed, it either means that
697 * somebody applied the fix from that URL, or other patches
698 * for that bug from
699 *
700 * http://cerberus.sourcefire.com/~jeff/archives/patches/macosx/
701 *
702 * and are running a Darwin kernel with those fixes, or
703 * that Apple fixed the problem in some OS X release.
704 */
705 u_int spoof_eth_src = 0;
706
707 if (ioctl(p->fd, BIOCSHDRCMPLT, &spoof_eth_src) == -1) {
708 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
709 "send: can't turn off BIOCSHDRCMPLT: %s",
710 pcap_strerror(errno));
711 return (-1);
712 }
713
714 /*
715 * Now try the write again.
716 */
717 ret = write(p->fd, buf, size);
718 }
719 #endif /* __APPLE__ */
720 if (ret == -1) {
721 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s",
722 pcap_strerror(errno));
723 return (-1);
724 }
725 return (ret);
726 }
727
728 #ifdef _AIX
729 static int
730 bpf_odminit(char *errbuf)
731 {
732 char *errstr;
733
734 if (odm_initialize() == -1) {
735 if (odm_err_msg(odmerrno, &errstr) == -1)
736 errstr = "Unknown error";
737 snprintf(errbuf, PCAP_ERRBUF_SIZE,
738 "bpf_load: odm_initialize failed: %s",
739 errstr);
740 return (-1);
741 }
742
743 if ((odmlockid = odm_lock("/etc/objrepos/config_lock", ODM_WAIT)) == -1) {
744 if (odm_err_msg(odmerrno, &errstr) == -1)
745 errstr = "Unknown error";
746 snprintf(errbuf, PCAP_ERRBUF_SIZE,
747 "bpf_load: odm_lock of /etc/objrepos/config_lock failed: %s",
748 errstr);
749 return (-1);
750 }
751
752 return (0);
753 }
754
755 static int
756 bpf_odmcleanup(char *errbuf)
757 {
758 char *errstr;
759
760 if (odm_unlock(odmlockid) == -1) {
761 if (odm_err_msg(odmerrno, &errstr) == -1)
762 errstr = "Unknown error";
763 snprintf(errbuf, PCAP_ERRBUF_SIZE,
764 "bpf_load: odm_unlock failed: %s",
765 errstr);
766 return (-1);
767 }
768
769 if (odm_terminate() == -1) {
770 if (odm_err_msg(odmerrno, &errstr) == -1)
771 errstr = "Unknown error";
772 snprintf(errbuf, PCAP_ERRBUF_SIZE,
773 "bpf_load: odm_terminate failed: %s",
774 errstr);
775 return (-1);
776 }
777
778 return (0);
779 }
780
781 static int
782 bpf_load(char *errbuf)
783 {
784 long major;
785 int *minors;
786 int numminors, i, rc;
787 char buf[1024];
788 struct stat sbuf;
789 struct bpf_config cfg_bpf;
790 struct cfg_load cfg_ld;
791 struct cfg_kmod cfg_km;
792
793 /*
794 * This is very very close to what happens in the real implementation
795 * but I've fixed some (unlikely) bug situations.
796 */
797 if (bpfloadedflag)
798 return (0);
799
800 if (bpf_odminit(errbuf) != 0)
801 return (-1);
802
803 major = genmajor(BPF_NAME);
804 if (major == -1) {
805 snprintf(errbuf, PCAP_ERRBUF_SIZE,
806 "bpf_load: genmajor failed: %s", pcap_strerror(errno));
807 return (-1);
808 }
809
810 minors = getminor(major, &numminors, BPF_NAME);
811 if (!minors) {
812 minors = genminor("bpf", major, 0, BPF_MINORS, 1, 1);
813 if (!minors) {
814 snprintf(errbuf, PCAP_ERRBUF_SIZE,
815 "bpf_load: genminor failed: %s",
816 pcap_strerror(errno));
817 return (-1);
818 }
819 }
820
821 if (bpf_odmcleanup(errbuf))
822 return (-1);
823
824 rc = stat(BPF_NODE "0", &sbuf);
825 if (rc == -1 && errno != ENOENT) {
826 snprintf(errbuf, PCAP_ERRBUF_SIZE,
827 "bpf_load: can't stat %s: %s",
828 BPF_NODE "0", pcap_strerror(errno));
829 return (-1);
830 }
831
832 if (rc == -1 || getmajor(sbuf.st_rdev) != major) {
833 for (i = 0; i < BPF_MINORS; i++) {
834 sprintf(buf, "%s%d", BPF_NODE, i);
835 unlink(buf);
836 if (mknod(buf, S_IRUSR | S_IFCHR, domakedev(major, i)) == -1) {
837 snprintf(errbuf, PCAP_ERRBUF_SIZE,
838 "bpf_load: can't mknod %s: %s",
839 buf, pcap_strerror(errno));
840 return (-1);
841 }
842 }
843 }
844
845 /* Check if the driver is loaded */
846 memset(&cfg_ld, 0x0, sizeof(cfg_ld));
847 cfg_ld.path = buf;
848 sprintf(cfg_ld.path, "%s/%s", DRIVER_PATH, BPF_NAME);
849 if ((sysconfig(SYS_QUERYLOAD, (void *)&cfg_ld, sizeof(cfg_ld)) == -1) ||
850 (cfg_ld.kmid == 0)) {
851 /* Driver isn't loaded, load it now */
852 if (sysconfig(SYS_SINGLELOAD, (void *)&cfg_ld, sizeof(cfg_ld)) == -1) {
853 snprintf(errbuf, PCAP_ERRBUF_SIZE,
854 "bpf_load: could not load driver: %s",
855 strerror(errno));
856 return (-1);
857 }
858 }
859
860 /* Configure the driver */
861 cfg_km.cmd = CFG_INIT;
862 cfg_km.kmid = cfg_ld.kmid;
863 cfg_km.mdilen = sizeof(cfg_bpf);
864 cfg_km.mdiptr = (void *)&cfg_bpf;
865 for (i = 0; i < BPF_MINORS; i++) {
866 cfg_bpf.devno = domakedev(major, i);
867 if (sysconfig(SYS_CFGKMOD, (void *)&cfg_km, sizeof(cfg_km)) == -1) {
868 snprintf(errbuf, PCAP_ERRBUF_SIZE,
869 "bpf_load: could not configure driver: %s",
870 strerror(errno));
871 return (-1);
872 }
873 }
874
875 bpfloadedflag = 1;
876
877 return (0);
878 }
879 #endif
880
881 /*
882 * Turn off rfmon mode if necessary.
883 */
884 static void
885 pcap_cleanup_bpf(pcap_t *p)
886 {
887 #ifdef HAVE_BSD_IEEE80211
888 int sock;
889 struct ifmediareq req;
890 struct ifreq ifr;
891 #endif
892
893 if (p->md.must_clear != 0) {
894 /*
895 * There's something we have to do when closing this
896 * pcap_t.
897 */
898 #ifdef HAVE_BSD_IEEE80211
899 if (p->md.must_clear & MUST_CLEAR_RFMON) {
900 /*
901 * We put the interface into rfmon mode;
902 * take it out of rfmon mode.
903 *
904 * XXX - if somebody else wants it in rfmon
905 * mode, this code cannot know that, so it'll take
906 * it out of rfmon mode.
907 */
908 sock = socket(AF_INET, SOCK_DGRAM, 0);
909 if (sock == -1) {
910 fprintf(stderr,
911 "Can't restore interface flags (socket() failed: %s).\n"
912 "Please adjust manually.\n",
913 strerror(errno));
914 } else {
915 memset(&req, 0, sizeof(req));
916 strncpy(req.ifm_name, p->md.device,
917 sizeof(req.ifm_name));
918 if (ioctl(sock, SIOCGIFMEDIA, &req) < 0) {
919 fprintf(stderr,
920 "Can't restore interface flags (SIOCGIFMEDIA failed: %s).\n"
921 "Please adjust manually.\n",
922 strerror(errno));
923 } else {
924 if (req.ifm_current & IFM_IEEE80211_MONITOR) {
925 /*
926 * Rfmon mode is currently on;
927 * turn it off.
928 */
929 memset(&ifr, 0, sizeof(ifr));
930 (void)strncpy(ifr.ifr_name,
931 p->md.device,
932 sizeof(ifr.ifr_name));
933 ifr.ifr_media =
934 req.ifm_current & ~IFM_IEEE80211_MONITOR;
935 if (ioctl(sock, SIOCSIFMEDIA,
936 &ifr) == -1) {
937 fprintf(stderr,
938 "Can't restore interface flags (SIOCSIFMEDIA failed: %s).\n"
939 "Please adjust manually.\n",
940 strerror(errno));
941 }
942 }
943 }
944 close(sock);
945 }
946 }
947 #endif /* HAVE_BSD_IEEE80211 */
948
949 /*
950 * Take this pcap out of the list of pcaps for which we
951 * have to take the interface out of some mode.
952 */
953 pcap_remove_from_pcaps_to_close(p);
954 p->md.must_clear = 0;
955 }
956
957 if (p->md.device != NULL) {
958 free(p->md.device);
959 p->md.device = NULL;
960 }
961 pcap_cleanup_live_common(p);
962 }
963
964 static int
965 check_setif_failure(pcap_t *p, int error)
966 {
967 #ifdef __APPLE__
968 int fd;
969 struct ifreq ifr;
970 int err;
971 #endif
972
973 if (error == ENXIO) {
974 /*
975 * No such device exists.
976 */
977 #ifdef __APPLE__
978 if (p->opt.rfmon && strncmp(p->opt.source, "wlt", 3) == 0) {
979 /*
980 * Monitor mode was requested, and we're trying
981 * to open a "wltN" device. Assume that this
982 * is 10.4 and that we were asked to open an
983 * "enN" device; if that device exists, return
984 * "monitor mode not supported on the device".
985 */
986 fd = socket(AF_INET, SOCK_DGRAM, 0);
987 if (fd != -1) {
988 strlcpy(ifr.ifr_name, "en",
989 sizeof(ifr.ifr_name));
990 strlcat(ifr.ifr_name, p->opt.source + 3,
991 sizeof(ifr.ifr_name));
992 if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) {
993 /*
994 * We assume this failed because
995 * the underlying device doesn't
996 * exist.
997 */
998 err = PCAP_ERROR_NO_SUCH_DEVICE;
999 strcpy(p->errbuf, "");
1000 } else {
1001 /*
1002 * The underlying "enN" device
1003 * exists, but there's no
1004 * corresponding "wltN" device;
1005 * that means that the "enN"
1006 * device doesn't support
1007 * monitor mode, probably because
1008 * it's an Ethernet device rather
1009 * than a wireless device.
1010 */
1011 err = PCAP_ERROR_RFMON_NOTSUP;
1012 }
1013 close(fd);
1014 } else {
1015 /*
1016 * We can't find out whether there's
1017 * an underlying "enN" device, so
1018 * just report "no such device".
1019 */
1020 err = PCAP_ERROR_NO_SUCH_DEVICE;
1021 strcpy(p->errbuf, "");
1022 }
1023 return (err);
1024 }
1025 #endif
1026 /*
1027 * No such device.
1028 */
1029 strcpy(p->errbuf, "");
1030 return (PCAP_ERROR_NO_SUCH_DEVICE);
1031 } else if (errno == ENETDOWN) {
1032 /*
1033 * Return a "network down" indication, so that
1034 * the application can report that rather than
1035 * saying we had a mysterious failure and
1036 * suggest that they report a problem to the
1037 * libpcap developers.
1038 */
1039 return (PCAP_ERROR_IFACE_NOT_UP);
1040 } else {
1041 /*
1042 * Some other error; fill in the error string, and
1043 * return PCAP_ERROR.
1044 */
1045 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s",
1046 p->opt.source, pcap_strerror(errno));
1047 return (PCAP_ERROR);
1048 }
1049 }
1050
1051 static int
1052 pcap_activate_bpf(pcap_t *p)
1053 {
1054 int status = 0;
1055 int fd;
1056 struct ifreq ifr;
1057 struct bpf_version bv;
1058 #ifdef __APPLE__
1059 int sockfd;
1060 char *wltdev = NULL;
1061 #endif
1062 #ifdef BIOCGDLTLIST
1063 struct bpf_dltlist bdl;
1064 #if defined(__APPLE__) || defined(HAVE_BSD_IEEE80211)
1065 int new_dlt;
1066 #endif
1067 #endif /* BIOCGDLTLIST */
1068 #if defined(BIOCGHDRCMPLT) && defined(BIOCSHDRCMPLT)
1069 u_int spoof_eth_src = 1;
1070 #endif
1071 u_int v;
1072 struct bpf_insn total_insn;
1073 struct bpf_program total_prog;
1074 struct utsname osinfo;
1075 int have_osinfo = 0;
1076
1077 fd = bpf_open(p);
1078 if (fd < 0) {
1079 status = fd;
1080 goto bad;
1081 }
1082
1083 p->fd = fd;
1084
1085 if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) {
1086 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s",
1087 pcap_strerror(errno));
1088 status = PCAP_ERROR;
1089 goto bad;
1090 }
1091 if (bv.bv_major != BPF_MAJOR_VERSION ||
1092 bv.bv_minor < BPF_MINOR_VERSION) {
1093 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1094 "kernel bpf filter out of date");
1095 status = PCAP_ERROR;
1096 goto bad;
1097 }
1098
1099 p->md.device = strdup(p->opt.source);
1100 if (p->md.device == NULL) {
1101 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "strdup: %s",
1102 pcap_strerror(errno));
1103 status = PCAP_ERROR;
1104 goto bad;
1105 }
1106
1107 /*
1108 * Attempt to find out the version of the OS on which we're running.
1109 */
1110 if (uname(&osinfo) == 0)
1111 have_osinfo = 1;
1112
1113 #ifdef __APPLE__
1114 /*
1115 * See comment in pcap_can_set_rfmon_bpf() for an explanation
1116 * of why we check the version number.
1117 */
1118 if (p->opt.rfmon) {
1119 if (have_osinfo) {
1120 /*
1121 * We assume osinfo.sysname is "Darwin", because
1122 * __APPLE__ is defined. We just check the version.
1123 */
1124 if (osinfo.release[0] < '8' &&
1125 osinfo.release[1] == '.') {
1126 /*
1127 * 10.3 (Darwin 7.x) or earlier.
1128 */
1129 status = PCAP_ERROR_RFMON_NOTSUP;
1130 goto bad;
1131 }
1132 if (osinfo.release[0] == '8' &&
1133 osinfo.release[1] == '.') {
1134 /*
1135 * 10.4 (Darwin 8.x). s/en/wlt/
1136 */
1137 if (strncmp(p->opt.source, "en", 2) != 0) {
1138 /*
1139 * Not an enN device; check
1140 * whether the device even exists.
1141 */
1142 sockfd = socket(AF_INET, SOCK_DGRAM, 0);
1143 if (sockfd != -1) {
1144 strlcpy(ifr.ifr_name,
1145 p->opt.source,
1146 sizeof(ifr.ifr_name));
1147 if (ioctl(sockfd, SIOCGIFFLAGS,
1148 (char *)&ifr) < 0) {
1149 /*
1150 * We assume this
1151 * failed because
1152 * the underlying
1153 * device doesn't
1154 * exist.
1155 */
1156 status = PCAP_ERROR_NO_SUCH_DEVICE;
1157 strcpy(p->errbuf, "");
1158 } else
1159 status = PCAP_ERROR_RFMON_NOTSUP;
1160 close(sockfd);
1161 } else {
1162 /*
1163 * We can't find out whether
1164 * the device exists, so just
1165 * report "no such device".
1166 */
1167 status = PCAP_ERROR_NO_SUCH_DEVICE;
1168 strcpy(p->errbuf, "");
1169 }
1170 goto bad;
1171 }
1172 wltdev = malloc(strlen(p->opt.source) + 2);
1173 if (wltdev == NULL) {
1174 (void)snprintf(p->errbuf,
1175 PCAP_ERRBUF_SIZE, "malloc: %s",
1176 pcap_strerror(errno));
1177 status = PCAP_ERROR;
1178 goto bad;
1179 }
1180 strcpy(wltdev, "wlt");
1181 strcat(wltdev, p->opt.source + 2);
1182 free(p->opt.source);
1183 p->opt.source = wltdev;
1184 }
1185 /*
1186 * Everything else is 10.5 or later; for those,
1187 * we just open the enN device, and set the DLT.
1188 */
1189 }
1190 }
1191 #endif /* __APPLE__ */
1192
1193 /*
1194 * Set the buffer size.
1195 */
1196 if (p->opt.buffer_size != 0) {
1197 /*
1198 * A buffer size was explicitly specified; use it.
1199 */
1200 if (ioctl(fd, BIOCSBLEN, (caddr_t)&p->opt.buffer_size) < 0) {
1201 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1202 "BIOCSBLEN: %s: %s", p->opt.source,
1203 pcap_strerror(errno));
1204 status = PCAP_ERROR;
1205 goto bad;
1206 }
1207
1208 /*
1209 * Now bind to the device.
1210 */
1211 (void)strncpy(ifr.ifr_name, p->opt.source,
1212 sizeof(ifr.ifr_name));
1213 if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) {
1214 status = check_setif_failure(p, errno);
1215 goto bad;
1216 }
1217 } else {
1218 /*
1219 * No buffer size was explicitly specified.
1220 *
1221 * Try finding a good size for the buffer; 32768 may
1222 * be too big, so keep cutting it in half until we
1223 * find a size that works, or run out of sizes to try.
1224 * If the default is larger, don't make it smaller.
1225 */
1226 if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768)
1227 v = 32768;
1228 for ( ; v != 0; v >>= 1) {
1229 /*
1230 * Ignore the return value - this is because the
1231 * call fails on BPF systems that don't have
1232 * kernel malloc. And if the call fails, it's
1233 * no big deal, we just continue to use the
1234 * standard buffer size.
1235 */
1236 (void) ioctl(fd, BIOCSBLEN, (caddr_t)&v);
1237
1238 (void)strncpy(ifr.ifr_name, p->opt.source,
1239 sizeof(ifr.ifr_name));
1240 if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0)
1241 break; /* that size worked; we're done */
1242
1243 if (errno != ENOBUFS) {
1244 status = check_setif_failure(p, errno);
1245 goto bad;
1246 }
1247 }
1248
1249 if (v == 0) {
1250 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1251 "BIOCSBLEN: %s: No buffer size worked",
1252 p->opt.source);
1253 status = PCAP_ERROR;
1254 goto bad;
1255 }
1256 }
1257
1258 /* Get the data link layer type. */
1259 if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) {
1260 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s",
1261 pcap_strerror(errno));
1262 status = PCAP_ERROR;
1263 goto bad;
1264 }
1265
1266 #ifdef _AIX
1267 /*
1268 * AIX's BPF returns IFF_ types, not DLT_ types, in BIOCGDLT.
1269 */
1270 switch (v) {
1271
1272 case IFT_ETHER:
1273 case IFT_ISO88023:
1274 v = DLT_EN10MB;
1275 break;
1276
1277 case IFT_FDDI:
1278 v = DLT_FDDI;
1279 break;
1280
1281 case IFT_ISO88025:
1282 v = DLT_IEEE802;
1283 break;
1284
1285 case IFT_LOOP:
1286 v = DLT_NULL;
1287 break;
1288
1289 default:
1290 /*
1291 * We don't know what to map this to yet.
1292 */
1293 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown interface type %u",
1294 v);
1295 status = PCAP_ERROR;
1296 goto bad;
1297 }
1298 #endif
1299 #if _BSDI_VERSION - 0 >= 199510
1300 /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */
1301 switch (v) {
1302
1303 case DLT_SLIP:
1304 v = DLT_SLIP_BSDOS;
1305 break;
1306
1307 case DLT_PPP:
1308 v = DLT_PPP_BSDOS;
1309 break;
1310
1311 case 11: /*DLT_FR*/
1312 v = DLT_FRELAY;
1313 break;
1314
1315 case 12: /*DLT_C_HDLC*/
1316 v = DLT_CHDLC;
1317 break;
1318 }
1319 #endif
1320
1321 #ifdef BIOCGDLTLIST
1322 /*
1323 * We know the default link type -- now determine all the DLTs
1324 * this interface supports. If this fails with EINVAL, it's
1325 * not fatal; we just don't get to use the feature later.
1326 */
1327 if (get_dlt_list(fd, v, &bdl, p->errbuf) == -1) {
1328 status = PCAP_ERROR;
1329 goto bad;
1330 }
1331 p->dlt_count = bdl.bfl_len;
1332 p->dlt_list = bdl.bfl_list;
1333
1334 #ifdef __APPLE__
1335 /*
1336 * Monitor mode fun, continued.
1337 *
1338 * For 10.5 and, we're assuming, later releases, as noted above,
1339 * 802.1 adapters that support monitor mode offer both DLT_EN10MB,
1340 * DLT_IEEE802_11, and possibly some 802.11-plus-radio-information
1341 * DLT_ value. Choosing one of the 802.11 DLT_ values will turn
1342 * monitor mode on.
1343 *
1344 * Therefore, if the user asked for monitor mode, we filter out
1345 * the DLT_EN10MB value, as you can't get that in monitor mode,
1346 * and, if the user didn't ask for monitor mode, we filter out
1347 * the 802.11 DLT_ values, because selecting those will turn
1348 * monitor mode on. Then, for monitor mode, if an 802.11-plus-
1349 * radio DLT_ value is offered, we try to select that, otherwise
1350 * we try to select DLT_IEEE802_11.
1351 */
1352 if (have_osinfo) {
1353 if (isdigit((unsigned)osinfo.release[0]) &&
1354 (osinfo.release[0] == '9' ||
1355 isdigit((unsigned)osinfo.release[1]))) {
1356 /*
1357 * 10.5 (Darwin 9.x), or later.
1358 */
1359 new_dlt = find_802_11(&bdl);
1360 if (new_dlt != -1) {
1361 /*
1362 * We have at least one 802.11 DLT_ value,
1363 * so this is an 802.11 interface.
1364 * new_dlt is the best of the 802.11
1365 * DLT_ values in the list.
1366 */
1367 if (p->opt.rfmon) {
1368 /*
1369 * Our caller wants monitor mode.
1370 * Purge DLT_EN10MB from the list
1371 * of link-layer types, as selecting
1372 * it will keep monitor mode off.
1373 */
1374 remove_en(p);
1375
1376 /*
1377 * If the new mode we want isn't
1378 * the default mode, attempt to
1379 * select the new mode.
1380 */
1381 if (new_dlt != v) {
1382 if (ioctl(p->fd, BIOCSDLT,
1383 &new_dlt) != -1) {
1384 /*
1385 * We succeeded;
1386 * make this the
1387 * new DLT_ value.
1388 */
1389 v = new_dlt;
1390 }
1391 }
1392 } else {
1393 /*
1394 * Our caller doesn't want
1395 * monitor mode. Unless this
1396 * is being done by pcap_open_live(),
1397 * purge the 802.11 link-layer types
1398 * from the list, as selecting
1399 * one of them will turn monitor
1400 * mode on.
1401 */
1402 if (!p->oldstyle)
1403 remove_802_11(p);
1404 }
1405 } else {
1406 if (p->opt.rfmon) {
1407 /*
1408 * The caller requested monitor
1409 * mode, but we have no 802.11
1410 * link-layer types, so they
1411 * can't have it.
1412 */
1413 status = PCAP_ERROR_RFMON_NOTSUP;
1414 goto bad;
1415 }
1416 }
1417 }
1418 }
1419 #elif defined(HAVE_BSD_IEEE80211)
1420 /*
1421 * *BSD with the new 802.11 ioctls.
1422 * Do we want monitor mode?
1423 */
1424 if (p->opt.rfmon) {
1425 /*
1426 * Try to put the interface into monitor mode.
1427 */
1428 status = monitor_mode(p, 1);
1429 if (status != 0) {
1430 /*
1431 * We failed.
1432 */
1433 goto bad;
1434 }
1435
1436 /*
1437 * We're in monitor mode.
1438 * Try to find the best 802.11 DLT_ value and, if we
1439 * succeed, try to switch to that mode if we're not
1440 * already in that mode.
1441 */
1442 new_dlt = find_802_11(&bdl);
1443 if (new_dlt != -1) {
1444 /*
1445 * We have at least one 802.11 DLT_ value.
1446 * new_dlt is the best of the 802.11
1447 * DLT_ values in the list.
1448 *
1449 * If the new mode we want isn't the default mode,
1450 * attempt to select the new mode.
1451 */
1452 if (new_dlt != v) {
1453 if (ioctl(p->fd, BIOCSDLT, &new_dlt) != -1) {
1454 /*
1455 * We succeeded; make this the
1456 * new DLT_ value.
1457 */
1458 v = new_dlt;
1459 }
1460 }
1461 }
1462 }
1463 #endif /* various platforms */
1464 #endif /* BIOCGDLTLIST */
1465
1466 /*
1467 * If this is an Ethernet device, and we don't have a DLT_ list,
1468 * give it a list with DLT_EN10MB and DLT_DOCSIS. (That'd give
1469 * 802.11 interfaces DLT_DOCSIS, which isn't the right thing to
1470 * do, but there's not much we can do about that without finding
1471 * some other way of determining whether it's an Ethernet or 802.11
1472 * device.)
1473 */
1474 if (v == DLT_EN10MB && p->dlt_count == 0) {
1475 p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
1476 /*
1477 * If that fails, just leave the list empty.
1478 */
1479 if (p->dlt_list != NULL) {
1480 p->dlt_list[0] = DLT_EN10MB;
1481 p->dlt_list[1] = DLT_DOCSIS;
1482 p->dlt_count = 2;
1483 }
1484 }
1485 #ifdef PCAP_FDDIPAD
1486 if (v == DLT_FDDI)
1487 p->fddipad = PCAP_FDDIPAD;
1488 else
1489 p->fddipad = 0;
1490 #endif
1491 p->linktype = v;
1492
1493 #if defined(BIOCGHDRCMPLT) && defined(BIOCSHDRCMPLT)
1494 /*
1495 * Do a BIOCSHDRCMPLT, if defined, to turn that flag on, so
1496 * the link-layer source address isn't forcibly overwritten.
1497 * (Should we ignore errors? Should we do this only if
1498 * we're open for writing?)
1499 *
1500 * XXX - I seem to remember some packet-sending bug in some
1501 * BSDs - check CVS log for "bpf.c"?
1502 */
1503 if (ioctl(fd, BIOCSHDRCMPLT, &spoof_eth_src) == -1) {
1504 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1505 "BIOCSHDRCMPLT: %s", pcap_strerror(errno));
1506 status = PCAP_ERROR;
1507 goto bad;
1508 }
1509 #endif
1510 /* set timeout */
1511 if (p->md.timeout != 0) {
1512 /*
1513 * XXX - is this seconds/nanoseconds in AIX?
1514 * (Treating it as such doesn't fix the timeout
1515 * problem described below.)
1516 */
1517 struct timeval to;
1518 to.tv_sec = p->md.timeout / 1000;
1519 to.tv_usec = (p->md.timeout * 1000) % 1000000;
1520 if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) {
1521 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s",
1522 pcap_strerror(errno));
1523 status = PCAP_ERROR;
1524 goto bad;
1525 }
1526 }
1527
1528 #ifdef _AIX
1529 #ifdef BIOCIMMEDIATE
1530 /*
1531 * Darren Reed notes that
1532 *
1533 * On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the
1534 * timeout appears to be ignored and it waits until the buffer
1535 * is filled before returning. The result of not having it
1536 * set is almost worse than useless if your BPF filter
1537 * is reducing things to only a few packets (i.e. one every
1538 * second or so).
1539 *
1540 * so we turn BIOCIMMEDIATE mode on if this is AIX.
1541 *
1542 * We don't turn it on for other platforms, as that means we
1543 * get woken up for every packet, which may not be what we want;
1544 * in the Winter 1993 USENIX paper on BPF, they say:
1545 *
1546 * Since a process might want to look at every packet on a
1547 * network and the time between packets can be only a few
1548 * microseconds, it is not possible to do a read system call
1549 * per packet and BPF must collect the data from several
1550 * packets and return it as a unit when the monitoring
1551 * application does a read.
1552 *
1553 * which I infer is the reason for the timeout - it means we
1554 * wait that amount of time, in the hopes that more packets
1555 * will arrive and we'll get them all with one read.
1556 *
1557 * Setting BIOCIMMEDIATE mode on FreeBSD (and probably other
1558 * BSDs) causes the timeout to be ignored.
1559 *
1560 * On the other hand, some platforms (e.g., Linux) don't support
1561 * timeouts, they just hand stuff to you as soon as it arrives;
1562 * if that doesn't cause a problem on those platforms, it may
1563 * be OK to have BIOCIMMEDIATE mode on BSD as well.
1564 *
1565 * (Note, though, that applications may depend on the read
1566 * completing, even if no packets have arrived, when the timeout
1567 * expires, e.g. GUI applications that have to check for input
1568 * while waiting for packets to arrive; a non-zero timeout
1569 * prevents "select()" from working right on FreeBSD and
1570 * possibly other BSDs, as the timer doesn't start until a
1571 * "read()" is done, so the timer isn't in effect if the
1572 * application is blocked on a "select()", and the "select()"
1573 * doesn't get woken up for a BPF device until the buffer
1574 * fills up.)
1575 */
1576 v = 1;
1577 if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) {
1578 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s",
1579 pcap_strerror(errno));
1580 status = PCAP_ERROR;
1581 goto bad;
1582 }
1583 #endif /* BIOCIMMEDIATE */
1584 #endif /* _AIX */
1585
1586 if (p->opt.promisc) {
1587 /* set promiscuous mode, just warn if it fails */
1588 if (ioctl(p->fd, BIOCPROMISC, NULL) < 0) {
1589 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCPROMISC: %s",
1590 pcap_strerror(errno));
1591 status = PCAP_WARNING_PROMISC_NOTSUP;
1592 }
1593 }
1594
1595 if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) {
1596 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s",
1597 pcap_strerror(errno));
1598 status = PCAP_ERROR;
1599 goto bad;
1600 }
1601 p->bufsize = v;
1602 p->buffer = (u_char *)malloc(p->bufsize);
1603 if (p->buffer == NULL) {
1604 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "malloc: %s",
1605 pcap_strerror(errno));
1606 status = PCAP_ERROR;
1607 goto bad;
1608 }
1609 #ifdef _AIX
1610 /* For some strange reason this seems to prevent the EFAULT
1611 * problems we have experienced from AIX BPF. */
1612 memset(p->buffer, 0x0, p->bufsize);
1613 #endif
1614
1615 /*
1616 * If there's no filter program installed, there's
1617 * no indication to the kernel of what the snapshot
1618 * length should be, so no snapshotting is done.
1619 *
1620 * Therefore, when we open the device, we install
1621 * an "accept everything" filter with the specified
1622 * snapshot length.
1623 */
1624 total_insn.code = (u_short)(BPF_RET | BPF_K);
1625 total_insn.jt = 0;
1626 total_insn.jf = 0;
1627 total_insn.k = p->snapshot;
1628
1629 total_prog.bf_len = 1;
1630 total_prog.bf_insns = &total_insn;
1631 if (ioctl(p->fd, BIOCSETF, (caddr_t)&total_prog) < 0) {
1632 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s",
1633 pcap_strerror(errno));
1634 status = PCAP_ERROR;
1635 goto bad;
1636 }
1637
1638 /*
1639 * On most BPF platforms, either you can do a "select()" or
1640 * "poll()" on a BPF file descriptor and it works correctly,
1641 * or you can do it and it will return "readable" if the
1642 * hold buffer is full but not if the timeout expires *and*
1643 * a non-blocking read will, if the hold buffer is empty
1644 * but the store buffer isn't empty, rotate the buffers
1645 * and return what packets are available.
1646 *
1647 * In the latter case, the fact that a non-blocking read
1648 * will give you the available packets means you can work
1649 * around the failure of "select()" and "poll()" to wake up
1650 * and return "readable" when the timeout expires by using
1651 * the timeout as the "select()" or "poll()" timeout, putting
1652 * the BPF descriptor into non-blocking mode, and read from
1653 * it regardless of whether "select()" reports it as readable
1654 * or not.
1655 *
1656 * However, in FreeBSD 4.3 and 4.4, "select()" and "poll()"
1657 * won't wake up and return "readable" if the timer expires
1658 * and non-blocking reads return EWOULDBLOCK if the hold
1659 * buffer is empty, even if the store buffer is non-empty.
1660 *
1661 * This means the workaround in question won't work.
1662 *
1663 * Therefore, on FreeBSD 4.3 and 4.4, we set "p->selectable_fd"
1664 * to -1, which means "sorry, you can't use 'select()' or 'poll()'
1665 * here". On all other BPF platforms, we set it to the FD for
1666 * the BPF device; in NetBSD, OpenBSD, and Darwin, a non-blocking
1667 * read will, if the hold buffer is empty and the store buffer
1668 * isn't empty, rotate the buffers and return what packets are
1669 * there (and in sufficiently recent versions of OpenBSD
1670 * "select()" and "poll()" should work correctly).
1671 *
1672 * XXX - what about AIX?
1673 */
1674 p->selectable_fd = p->fd; /* assume select() works until we know otherwise */
1675 if (have_osinfo) {
1676 /*
1677 * We can check what OS this is.
1678 */
1679 if (strcmp(osinfo.sysname, "FreeBSD") == 0) {
1680 if (strncmp(osinfo.release, "4.3-", 4) == 0 ||
1681 strncmp(osinfo.release, "4.4-", 4) == 0)
1682 p->selectable_fd = -1;
1683 }
1684 }
1685
1686 p->read_op = pcap_read_bpf;
1687 p->inject_op = pcap_inject_bpf;
1688 p->setfilter_op = pcap_setfilter_bpf;
1689 p->setdirection_op = pcap_setdirection_bpf;
1690 p->set_datalink_op = pcap_set_datalink_bpf;
1691 p->getnonblock_op = pcap_getnonblock_fd;
1692 p->setnonblock_op = pcap_setnonblock_fd;
1693 p->stats_op = pcap_stats_bpf;
1694 p->cleanup_op = pcap_cleanup_bpf;
1695
1696 return (status);
1697 bad:
1698 pcap_cleanup_bpf(p);
1699 return (status);
1700 }
1701
1702 int
1703 pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
1704 {
1705 #ifdef HAVE_DAG_API
1706 if (dag_platform_finddevs(alldevsp, errbuf) < 0)
1707 return (-1);
1708 #endif /* HAVE_DAG_API */
1709
1710 return (0);
1711 }
1712
1713 #ifdef HAVE_BSD_IEEE80211
1714 static int
1715 monitor_mode(pcap_t *p, int set)
1716 {
1717 int sock;
1718 struct ifmediareq req;
1719 int *media_list;
1720 int i;
1721 int can_do;
1722 struct ifreq ifr;
1723
1724 sock = socket(AF_INET, SOCK_DGRAM, 0);
1725 if (sock == -1) {
1726 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't open socket: %s",
1727 pcap_strerror(errno));
1728 return (PCAP_ERROR);
1729 }
1730
1731 memset(&req, 0, sizeof req);
1732 strncpy(req.ifm_name, p->opt.source, sizeof req.ifm_name);
1733
1734 /*
1735 * Find out how many media types we have.
1736 */
1737 if (ioctl(sock, SIOCGIFMEDIA, &req) < 0) {
1738 /*
1739 * Can't get the media types.
1740 */
1741 if (errno == EINVAL) {
1742 /*
1743 * Interface doesn't support SIOC{G,S}IFMEDIA.
1744 */
1745 close(sock);
1746 return (PCAP_ERROR_RFMON_NOTSUP);
1747 }
1748 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFMEDIA 1: %s",
1749 pcap_strerror(errno));
1750 close(sock);
1751 return (PCAP_ERROR);
1752 }
1753 if (req.ifm_count == 0) {
1754 /*
1755 * No media types.
1756 */
1757 close(sock);
1758 return (PCAP_ERROR_RFMON_NOTSUP);
1759 }
1760
1761 /*
1762 * Allocate a buffer to hold all the media types, and
1763 * get the media types.
1764 */
1765 media_list = malloc(req.ifm_count * sizeof(int));
1766 if (media_list == NULL) {
1767 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "malloc: %s",
1768 pcap_strerror(errno));
1769 close(sock);
1770 return (PCAP_ERROR);
1771 }
1772 req.ifm_ulist = media_list;
1773 if (ioctl(sock, SIOCGIFMEDIA, &req) < 0) {
1774 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFMEDIA: %s",
1775 pcap_strerror(errno));
1776 free(media_list);
1777 close(sock);
1778 return (PCAP_ERROR);
1779 }
1780
1781 /*
1782 * Look for an 802.11 "automatic" media type.
1783 * We assume that all 802.11 adapters have that media type,
1784 * and that it will carry the monitor mode supported flag.
1785 */
1786 can_do = 0;
1787 for (i = 0; i < req.ifm_count; i++) {
1788 if (IFM_TYPE(media_list[i]) == IFM_IEEE80211
1789 && IFM_SUBTYPE(media_list[i]) == IFM_AUTO) {
1790 /* OK, does it do monitor mode? */
1791 if (media_list[i] & IFM_IEEE80211_MONITOR) {
1792 can_do = 1;
1793 break;
1794 }
1795 }
1796 }
1797 free(media_list);
1798 if (!can_do) {
1799 /*
1800 * This adapter doesn't support monitor mode.
1801 */
1802 close(sock);
1803 return (PCAP_ERROR_RFMON_NOTSUP);
1804 }
1805
1806 if (set) {
1807 /*
1808 * Don't just check whether we can enable monitor mode,
1809 * do so, if it's not already enabled.
1810 */
1811 if ((req.ifm_current & IFM_IEEE80211_MONITOR) == 0) {
1812 /*
1813 * Monitor mode isn't currently on, so turn it on,
1814 * and remember that we should turn it off when the
1815 * pcap_t is closed.
1816 */
1817
1818 /*
1819 * If we haven't already done so, arrange to have
1820 * "pcap_close_all()" called when we exit.
1821 */
1822 if (!pcap_do_addexit(p)) {
1823 /*
1824 * "atexit()" failed; don't put the interface
1825 * in monitor mode, just give up.
1826 */
1827 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1828 "atexit failed");
1829 close(sock);
1830 return (PCAP_ERROR);
1831 }
1832 memset(&ifr, 0, sizeof(ifr));
1833 (void)strncpy(ifr.ifr_name, p->opt.source,
1834 sizeof(ifr.ifr_name));
1835 ifr.ifr_media = req.ifm_current | IFM_IEEE80211_MONITOR;
1836 if (ioctl(sock, SIOCSIFMEDIA, &ifr) == -1) {
1837 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1838 "SIOCSIFMEDIA: %s", pcap_strerror(errno));
1839 close(sock);
1840 return (PCAP_ERROR);
1841 }
1842
1843 p->md.must_clear |= MUST_CLEAR_RFMON;
1844
1845 /*
1846 * Add this to the list of pcaps to close when we exit.
1847 */
1848 pcap_add_to_pcaps_to_close(p);
1849 }
1850 }
1851 return (0);
1852 }
1853 #endif /* HAVE_BSD_IEEE80211 */
1854
1855 #if defined(BIOCGDLTLIST) && (defined(__APPLE__) || defined(HAVE_BSD_IEEE80211))
1856 /*
1857 * Check whether we have any 802.11 link-layer types; return the best
1858 * of the 802.11 link-layer types if we find one, and return -1
1859 * otherwise.
1860 *
1861 * DLT_IEEE802_11_RADIO, with the radiotap header, is considered the
1862 * best 802.11 link-layer type; any of the other 802.11-plus-radio
1863 * headers are second-best; 802.11 with no radio information is
1864 * the least good.
1865 */
1866 static int
1867 find_802_11(struct bpf_dltlist *bdlp)
1868 {
1869 int new_dlt;
1870 int i;
1871
1872 /*
1873 * Scan the list of DLT_ values, looking for 802.11 values,
1874 * and, if we find any, choose the best of them.
1875 */
1876 new_dlt = -1;
1877 for (i = 0; i < bdlp->bfl_len; i++) {
1878 switch (bdlp->bfl_list[i]) {
1879
1880 case DLT_IEEE802_11:
1881 /*
1882 * 802.11, but no radio.
1883 *
1884 * Offer this, and select it as the new mode
1885 * unless we've already found an 802.11
1886 * header with radio information.
1887 */
1888 if (new_dlt == -1)
1889 new_dlt = bdlp->bfl_list[i];
1890 break;
1891
1892 case DLT_PRISM_HEADER:
1893 case DLT_AIRONET_HEADER:
1894 case DLT_IEEE802_11_RADIO_AVS:
1895 /*
1896 * 802.11 with radio, but not radiotap.
1897 *
1898 * Offer this, and select it as the new mode
1899 * unless we've already found the radiotap DLT_.
1900 */
1901 if (new_dlt != DLT_IEEE802_11_RADIO)
1902 new_dlt = bdlp->bfl_list[i];
1903 break;
1904
1905 case DLT_IEEE802_11_RADIO:
1906 /*
1907 * 802.11 with radiotap.
1908 *
1909 * Offer this, and select it as the new mode.
1910 */
1911 new_dlt = bdlp->bfl_list[i];
1912 break;
1913
1914 default:
1915 /*
1916 * Not 802.11.
1917 */
1918 break;
1919 }
1920 }
1921
1922 return (new_dlt);
1923 }
1924 #endif /* defined(BIOCGDLTLIST) && (defined(__APPLE__) || defined(HAVE_BSD_IEEE80211)) */
1925
1926 #if defined(__APPLE__) && defined(BIOCGDLTLIST)
1927 /*
1928 * Remove DLT_EN10MB from the list of DLT_ values.
1929 */
1930 static void
1931 remove_en(pcap_t *p)
1932 {
1933 int i, j;
1934
1935 /*
1936 * Scan the list of DLT_ values and discard DLT_EN10MB.
1937 */
1938 j = 0;
1939 for (i = 0; i < p->dlt_count; i++) {
1940 switch (p->dlt_list[i]) {
1941
1942 case DLT_EN10MB:
1943 /*
1944 * Don't offer this one.
1945 */
1946 continue;
1947
1948 default:
1949 /*
1950 * Just copy this mode over.
1951 */
1952 break;
1953 }
1954
1955 /*
1956 * Copy this DLT_ value to its new position.
1957 */
1958 p->dlt_list[j] = p->dlt_list[i];
1959 j++;
1960 }
1961
1962 /*
1963 * Set the DLT_ count to the number of entries we copied.
1964 */
1965 p->dlt_count = j;
1966 }
1967
1968 /*
1969 * Remove DLT_EN10MB from the list of DLT_ values, and look for the
1970 * best 802.11 link-layer type in that list and return it.
1971 * Radiotap is better than anything else; 802.11 with any other radio
1972 * header is better than 802.11 with no radio header.
1973 */
1974 static void
1975 remove_802_11(pcap_t *p)
1976 {
1977 int i, j;
1978
1979 /*
1980 * Scan the list of DLT_ values and discard 802.11 values.
1981 */
1982 j = 0;
1983 for (i = 0; i < p->dlt_count; i++) {
1984 switch (p->dlt_list[i]) {
1985
1986 case DLT_IEEE802_11:
1987 case DLT_PRISM_HEADER:
1988 case DLT_AIRONET_HEADER:
1989 case DLT_IEEE802_11_RADIO:
1990 case DLT_IEEE802_11_RADIO_AVS:
1991 /*
1992 * 802.11. Don't offer this one.
1993 */
1994 continue;
1995
1996 default:
1997 /*
1998 * Just copy this mode over.
1999 */
2000 break;
2001 }
2002
2003 /*
2004 * Copy this DLT_ value to its new position.
2005 */
2006 p->dlt_list[j] = p->dlt_list[i];
2007 j++;
2008 }
2009
2010 /*
2011 * Set the DLT_ count to the number of entries we copied.
2012 */
2013 p->dlt_count = j;
2014 }
2015 #endif /* defined(__APPLE__) && defined(BIOCGDLTLIST) */
2016
2017 static int
2018 pcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp)
2019 {
2020 /*
2021 * Free any user-mode filter we might happen to have installed.
2022 */
2023 pcap_freecode(&p->fcode);
2024
2025 /*
2026 * Try to install the kernel filter.
2027 */
2028 if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) == 0) {
2029 /*
2030 * It worked.
2031 */
2032 p->md.use_bpf = 1; /* filtering in the kernel */
2033
2034 /*
2035 * Discard any previously-received packets, as they might
2036 * have passed whatever filter was formerly in effect, but
2037 * might not pass this filter (BIOCSETF discards packets
2038 * buffered in the kernel, so you can lose packets in any
2039 * case).
2040 */
2041 p->cc = 0;
2042 return (0);
2043 }
2044
2045 /*
2046 * We failed.
2047 *
2048 * If it failed with EINVAL, that's probably because the program
2049 * is invalid or too big. Validate it ourselves; if we like it
2050 * (we currently allow backward branches, to support protochain),
2051 * run it in userland. (There's no notion of "too big" for
2052 * userland.)
2053 *
2054 * Otherwise, just give up.
2055 * XXX - if the copy of the program into the kernel failed,
2056 * we will get EINVAL rather than, say, EFAULT on at least
2057 * some kernels.
2058 */
2059 if (errno != EINVAL) {
2060 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s",
2061 pcap_strerror(errno));
2062 return (-1);
2063 }
2064
2065 /*
2066 * install_bpf_program() validates the program.
2067 *
2068 * XXX - what if we already have a filter in the kernel?
2069 */
2070 if (install_bpf_program(p, fp) < 0)
2071 return (-1);
2072 p->md.use_bpf = 0; /* filtering in userland */
2073 return (0);
2074 }
2075
2076 /*
2077 * Set direction flag: Which packets do we accept on a forwarding
2078 * single device? IN, OUT or both?
2079 */
2080 static int
2081 pcap_setdirection_bpf(pcap_t *p, pcap_direction_t d)
2082 {
2083 #if defined(BIOCSDIRECTION)
2084 u_int direction;
2085
2086 direction = (d == PCAP_D_IN) ? BPF_D_IN :
2087 ((d == PCAP_D_OUT) ? BPF_D_OUT : BPF_D_INOUT);
2088 if (ioctl(p->fd, BIOCSDIRECTION, &direction) == -1) {
2089 (void) snprintf(p->errbuf, sizeof(p->errbuf),
2090 "Cannot set direction to %s: %s",
2091 (d == PCAP_D_IN) ? "PCAP_D_IN" :
2092 ((d == PCAP_D_OUT) ? "PCAP_D_OUT" : "PCAP_D_INOUT"),
2093 strerror(errno));
2094 return (-1);
2095 }
2096 return (0);
2097 #elif defined(BIOCSSEESENT)
2098 u_int seesent;
2099
2100 /*
2101 * We don't support PCAP_D_OUT.
2102 */
2103 if (d == PCAP_D_OUT) {
2104 snprintf(p->errbuf, sizeof(p->errbuf),
2105 "Setting direction to PCAP_D_OUT is not supported on BPF");
2106 return -1;
2107 }
2108
2109 seesent = (d == PCAP_D_INOUT);
2110 if (ioctl(p->fd, BIOCSSEESENT, &seesent) == -1) {
2111 (void) snprintf(p->errbuf, sizeof(p->errbuf),
2112 "Cannot set direction to %s: %s",
2113 (d == PCAP_D_INOUT) ? "PCAP_D_INOUT" : "PCAP_D_IN",
2114 strerror(errno));
2115 return (-1);
2116 }
2117 return (0);
2118 #else
2119 (void) snprintf(p->errbuf, sizeof(p->errbuf),
2120 "This system doesn't support BIOCSSEESENT, so the direction can't be set");
2121 return (-1);
2122 #endif
2123 }
2124
2125 static int
2126 pcap_set_datalink_bpf(pcap_t *p, int dlt)
2127 {
2128 #ifdef BIOCSDLT
2129 if (ioctl(p->fd, BIOCSDLT, &dlt) == -1) {
2130 (void) snprintf(p->errbuf, sizeof(p->errbuf),
2131 "Cannot set DLT %d: %s", dlt, strerror(errno));
2132 return (-1);
2133 }
2134 #endif
2135 return (0);
2136 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism