]> The Tcpdump Group git mirrors - libpcap/blob - pcap.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Make the checks and adjustment of the snapshot length module-dependent.
[libpcap] / pcap.c
1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #ifdef _WIN32
39 #include <pcap-stdinc.h>
40 #else /* _WIN32 */
41 #if HAVE_INTTYPES_H
42 #include <inttypes.h>
43 #elif HAVE_STDINT_H
44 #include <stdint.h>
45 #endif
46 #ifdef HAVE_SYS_BITYPES_H
47 #include <sys/bitypes.h>
48 #endif
49 #include <sys/param.h>
50 #include <sys/types.h>
51 #ifndef MSDOS
52 #include <sys/file.h>
53 #endif
54 #include <sys/ioctl.h>
55 #include <sys/socket.h>
56 #ifdef HAVE_SYS_SOCKIO_H
57 #include <sys/sockio.h>
58 #endif
59
60 struct mbuf; /* Squelch compiler warnings on some platforms for */
61 struct rtentry; /* declarations in <net/if.h> */
62 #include <net/if.h>
63 #include <netinet/in.h>
64 #endif /* _WIN32 */
65
66 #include <ctype.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
71 #include <unistd.h>
72 #endif
73 #include <fcntl.h>
74 #include <errno.h>
75 #ifdef HAVE_LIMITS_H
76 #include <limits.h>
77 #else
78 #define INT_MAX 2147483647
79 #endif
80
81 #ifdef HAVE_OS_PROTO_H
82 #include "os-proto.h"
83 #endif
84
85 #ifdef MSDOS
86 #include "pcap-dos.h"
87 #endif
88
89 #include "pcap-int.h"
90
91 #ifdef HAVE_DAG_API
92 #include "pcap-dag.h"
93 #endif /* HAVE_DAG_API */
94
95 #ifdef HAVE_SEPTEL_API
96 #include "pcap-septel.h"
97 #endif /* HAVE_SEPTEL_API */
98
99 #ifdef HAVE_SNF_API
100 #include "pcap-snf.h"
101 #endif /* HAVE_SNF_API */
102
103 #ifdef HAVE_TC_API
104 #include "pcap-tc.h"
105 #endif /* HAVE_TC_API */
106
107 #ifdef PCAP_SUPPORT_USB
108 #include "pcap-usb-linux.h"
109 #endif
110
111 #ifdef PCAP_SUPPORT_BT
112 #include "pcap-bt-linux.h"
113 #endif
114
115 #ifdef PCAP_SUPPORT_BT_MONITOR
116 #include "pcap-bt-monitor-linux.h"
117 #endif
118
119 #ifdef PCAP_SUPPORT_NETFILTER
120 #include "pcap-netfilter-linux.h"
121 #endif
122
123 #ifdef PCAP_SUPPORT_NETMAP
124 #include "pcap-netmap.h"
125 #endif
126
127 #ifdef PCAP_SUPPORT_DBUS
128 #include "pcap-dbus.h"
129 #endif
130
131 static int
132 pcap_not_initialized(pcap_t *pcap)
133 {
134 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */
135 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
136 "This handle hasn't been activated yet");
137 /* this means 'not initialized' */
138 return (PCAP_ERROR_NOT_ACTIVATED);
139 }
140
141 #ifdef _WIN32
142 static void *
143 pcap_not_initialized_ptr(pcap_t *pcap)
144 {
145 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
146 "This handle hasn't been activated yet");
147 return (NULL);
148 }
149
150 static HANDLE
151 pcap_getevent_not_initialized(pcap_t *pcap)
152 {
153 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
154 "This handle hasn't been activated yet");
155 return (INVALID_HANDLE_VALUE);
156 }
157
158 static u_int
159 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue, int sync)
160 {
161 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
162 "This handle hasn't been activated yet");
163 return (0);
164 }
165
166 static PAirpcapHandle
167 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap)
168 {
169 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
170 "This handle hasn't been activated yet");
171 return (NULL);
172 }
173 #endif
174
175 /*
176 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
177 * a PCAP_ERROR value on an error.
178 */
179 int
180 pcap_can_set_rfmon(pcap_t *p)
181 {
182 return (p->can_set_rfmon_op(p));
183 }
184
185 /*
186 * For systems where rfmon mode is never supported.
187 */
188 static int
189 pcap_cant_set_rfmon(pcap_t *p _U_)
190 {
191 return (0);
192 }
193
194 /*
195 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
196 * types; the return value is the number of supported time stamp types.
197 * The list should be freed by a call to pcap_free_tstamp_types() when
198 * you're done with it.
199 *
200 * A return value of 0 means "you don't get a choice of time stamp type",
201 * in which case *tstamp_typesp is set to null.
202 *
203 * PCAP_ERROR is returned on error.
204 */
205 int
206 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
207 {
208 if (p->tstamp_type_count == 0) {
209 /*
210 * We don't support multiple time stamp types.
211 */
212 *tstamp_typesp = NULL;
213 } else {
214 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
215 p->tstamp_type_count);
216 if (*tstamp_typesp == NULL) {
217 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
218 "malloc: %s", pcap_strerror(errno));
219 return (PCAP_ERROR);
220 }
221 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
222 sizeof(**tstamp_typesp) * p->tstamp_type_count);
223 }
224 return (p->tstamp_type_count);
225 }
226
227 /*
228 * In Windows, you might have a library built with one version of the
229 * C runtime library and an application built with another version of
230 * the C runtime library, which means that the library might use one
231 * version of malloc() and free() and the application might use another
232 * version of malloc() and free(). If so, that means something
233 * allocated by the library cannot be freed by the application, so we
234 * need to have a pcap_free_tstamp_types() routine to free up the list
235 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
236 * around free().
237 */
238 void
239 pcap_free_tstamp_types(int *tstamp_type_list)
240 {
241 free(tstamp_type_list);
242 }
243
244 /*
245 * Default one-shot callback; overridden for capture types where the
246 * packet data cannot be guaranteed to be available after the callback
247 * returns, so that a copy must be made.
248 */
249 void
250 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
251 {
252 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
253
254 *sp->hdr = *h;
255 *sp->pkt = pkt;
256 }
257
258 const u_char *
259 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
260 {
261 struct oneshot_userdata s;
262 const u_char *pkt;
263
264 s.hdr = h;
265 s.pkt = &pkt;
266 s.pd = p;
267 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
268 return (0);
269 return (pkt);
270 }
271
272 int
273 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
274 const u_char **pkt_data)
275 {
276 struct oneshot_userdata s;
277
278 s.hdr = &p->pcap_header;
279 s.pkt = pkt_data;
280 s.pd = p;
281
282 /* Saves a pointer to the packet headers */
283 *pkt_header= &p->pcap_header;
284
285 if (p->rfile != NULL) {
286 int status;
287
288 /* We are on an offline capture */
289 status = pcap_offline_read(p, 1, p->oneshot_callback,
290 (u_char *)&s);
291
292 /*
293 * Return codes for pcap_offline_read() are:
294 * - 0: EOF
295 * - -1: error
296 * - >1: OK
297 * The first one ('0') conflicts with the return code of
298 * 0 from pcap_read() meaning "no packets arrived before
299 * the timeout expired", so we map it to -2 so you can
300 * distinguish between an EOF from a savefile and a
301 * "no packets arrived before the timeout expired, try
302 * again" from a live capture.
303 */
304 if (status == 0)
305 return (-2);
306 else
307 return (status);
308 }
309
310 /*
311 * Return codes for pcap_read() are:
312 * - 0: timeout
313 * - -1: error
314 * - -2: loop was broken out of with pcap_breakloop()
315 * - >1: OK
316 * The first one ('0') conflicts with the return code of 0 from
317 * pcap_offline_read() meaning "end of file".
318 */
319 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
320 }
321
322 /*
323 * Implementation of a pcap_if_list_t.
324 */
325 struct pcap_if_list {
326 pcap_if_t *beginning;
327 };
328
329 static struct capture_source_type {
330 int (*findalldevs_op)(pcap_if_list_t *, char *);
331 pcap_t *(*create_op)(const char *, char *, int *);
332 } capture_source_types[] = {
333 #ifdef HAVE_DAG_API
334 { dag_findalldevs, dag_create },
335 #endif
336 #ifdef HAVE_SEPTEL_API
337 { septel_findalldevs, septel_create },
338 #endif
339 #ifdef HAVE_SNF_API
340 { snf_findalldevs, snf_create },
341 #endif
342 #ifdef HAVE_TC_API
343 { TcFindAllDevs, TcCreate },
344 #endif
345 #ifdef PCAP_SUPPORT_BT
346 { bt_findalldevs, bt_create },
347 #endif
348 #ifdef PCAP_SUPPORT_BT_MONITOR
349 { bt_monitor_findalldevs, bt_monitor_create },
350 #endif
351 #ifdef PCAP_SUPPORT_USB
352 { usb_findalldevs, usb_create },
353 #endif
354 #ifdef PCAP_SUPPORT_NETFILTER
355 { netfilter_findalldevs, netfilter_create },
356 #endif
357 #ifdef PCAP_SUPPORT_NETMAP
358 { pcap_netmap_findalldevs, pcap_netmap_create },
359 #endif
360 #ifdef PCAP_SUPPORT_DBUS
361 { dbus_findalldevs, dbus_create },
362 #endif
363 { NULL, NULL }
364 };
365
366 /*
367 * Get a list of all capture sources that are up and that we can open.
368 * Returns -1 on error, 0 otherwise.
369 * The list, as returned through "alldevsp", may be null if no interfaces
370 * were up and could be opened.
371 */
372 int
373 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
374 {
375 size_t i;
376 pcap_if_list_t devlist;
377
378 /*
379 * Find all the local network interfaces on which we
380 * can capture.
381 */
382 devlist.beginning = NULL;
383 if (pcap_platform_finddevs(&devlist, errbuf) == -1) {
384 /*
385 * Failed - free all of the entries we were given
386 * before we failed.
387 */
388 if (devlist.beginning != NULL)
389 pcap_freealldevs(devlist.beginning);
390 *alldevsp = NULL;
391 return (-1);
392 }
393
394 /*
395 * Ask each of the non-local-network-interface capture
396 * source types what interfaces they have.
397 */
398 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
399 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) {
400 /*
401 * We had an error; free the list we've been
402 * constructing.
403 */
404 if (devlist.beginning != NULL)
405 pcap_freealldevs(devlist.beginning);
406 *alldevsp = NULL;
407 return (-1);
408 }
409 }
410
411 /*
412 * Return the first entry of the list of all devices.
413 */
414 *alldevsp = devlist.beginning;
415 return (0);
416 }
417
418 static struct sockaddr *
419 dup_sockaddr(struct sockaddr *sa, size_t sa_length)
420 {
421 struct sockaddr *newsa;
422
423 if ((newsa = malloc(sa_length)) == NULL)
424 return (NULL);
425 return (memcpy(newsa, sa, sa_length));
426 }
427
428 /*
429 * Construct a "figure of merit" for an interface, for use when sorting
430 * the list of interfaces, in which interfaces that are up are superior
431 * to interfaces that aren't up, interfaces that are up and running are
432 * superior to interfaces that are up but not running, and non-loopback
433 * interfaces that are up and running are superior to loopback interfaces,
434 * and interfaces with the same flags have a figure of merit that's higher
435 * the lower the instance number.
436 *
437 * The goal is to try to put the interfaces most likely to be useful for
438 * capture at the beginning of the list.
439 *
440 * The figure of merit, which is lower the "better" the interface is,
441 * has the uppermost bit set if the interface isn't running, the bit
442 * below that set if the interface isn't up, the bit below that set
443 * if the interface is a loopback interface, and the interface index
444 * in the 29 bits below that. (Yes, we assume u_int is 32 bits.)
445 */
446 static u_int
447 get_figure_of_merit(pcap_if_t *dev)
448 {
449 const char *cp;
450 u_int n;
451
452 if (strcmp(dev->name, "any") == 0) {
453 /*
454 * Give the "any" device an artificially high instance
455 * number, so it shows up after all other non-loopback
456 * interfaces.
457 */
458 n = 0x1FFFFFFF; /* 29 all-1 bits */
459 } else {
460 /*
461 * A number at the end of the device name string is
462 * assumed to be an instance number. Add 1 to the
463 * instance number, and use 0 for "no instance
464 * number", so we don't put "no instance number"
465 * devices and "instance 0" devices together.
466 */
467 cp = dev->name + strlen(dev->name) - 1;
468 while (cp-1 >= dev->name && *(cp-1) >= '0' && *(cp-1) <= '9')
469 cp--;
470 if (*cp >= '0' && *cp <= '9')
471 n = atoi(cp) + 1;
472 else
473 n = 0;
474 }
475 if (!(dev->flags & PCAP_IF_RUNNING))
476 n |= 0x80000000;
477 if (!(dev->flags & PCAP_IF_UP))
478 n |= 0x40000000;
479 if (dev->flags & PCAP_IF_LOOPBACK)
480 n |= 0x20000000;
481 return (n);
482 }
483
484 #ifndef _WIN32
485 /*
486 * Try to get a description for a given device.
487 * Returns a mallocated description if it could and NULL if it couldn't.
488 *
489 * XXX - on FreeBSDs that support it, should it get the sysctl named
490 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description
491 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800"
492 * with my Cisco 350 card, so the name isn't entirely descriptive. The
493 * "dev.an.0.%pnpinfo" has a better description, although one might argue
494 * that the problem is really a driver bug - if it can find out that it's
495 * a Cisco 340 or 350, rather than an old Aironet card, it should use
496 * that in the description.
497 *
498 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD
499 * and OpenBSD let you get a description, but it's not generated by the OS,
500 * it's set with another ioctl that ifconfig supports; we use that to get
501 * a description in FreeBSD and OpenBSD, but if there is no such
502 * description available, it still might be nice to get some description
503 * string based on the device type or something such as that.
504 *
505 * In OS X, the System Configuration framework can apparently return
506 * names in 10.4 and later.
507 *
508 * It also appears that freedesktop.org's HAL offers an "info.product"
509 * string, but the HAL specification says it "should not be used in any
510 * UI" and "subsystem/capability specific properties" should be used
511 * instead and, in any case, I think HAL is being deprecated in
512 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear
513 * to have any obvious product information for devices, but maybe
514 * I haven't looked hard enough.
515 *
516 * Using the System Configuration framework, or HAL, or DeviceKit, or
517 * whatever, would require that libpcap applications be linked with
518 * the frameworks/libraries in question. That shouldn't be a problem
519 * for programs linking with the shared version of libpcap (unless
520 * you're running on AIX - which I think is the only UN*X that doesn't
521 * support linking a shared library with other libraries on which it
522 * depends, and having an executable linked only with the first shared
523 * library automatically pick up the other libraries when started -
524 * and using HAL or whatever). Programs linked with the static
525 * version of libpcap would have to use pcap-config with the --static
526 * flag in order to get the right linker flags in order to pick up
527 * the additional libraries/frameworks; those programs need that anyway
528 * for libpcap 1.1 and beyond on Linux, as, by default, it requires
529 * -lnl.
530 *
531 * Do any other UN*Xes, or desktop environments support getting a
532 * description?
533 */
534 static char *
535 get_if_description(const char *name)
536 {
537 #ifdef SIOCGIFDESCR
538 char *description = NULL;
539 int s;
540 struct ifreq ifrdesc;
541 #ifndef IFDESCRSIZE
542 size_t descrlen = 64;
543 #else
544 size_t descrlen = IFDESCRSIZE;
545 #endif /* IFDESCRSIZE */
546
547 /*
548 * Get the description for the interface.
549 */
550 memset(&ifrdesc, 0, sizeof ifrdesc);
551 strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
552 s = socket(AF_INET, SOCK_DGRAM, 0);
553 if (s >= 0) {
554 #ifdef __FreeBSD__
555 /*
556 * On FreeBSD, if the buffer isn't big enough for the
557 * description, the ioctl succeeds, but the description
558 * isn't copied, ifr_buffer.length is set to the description
559 * length, and ifr_buffer.buffer is set to NULL.
560 */
561 for (;;) {
562 free(description);
563 if ((description = malloc(descrlen)) != NULL) {
564 ifrdesc.ifr_buffer.buffer = description;
565 ifrdesc.ifr_buffer.length = descrlen;
566 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
567 if (ifrdesc.ifr_buffer.buffer ==
568 description)
569 break;
570 else
571 descrlen = ifrdesc.ifr_buffer.length;
572 } else {
573 /*
574 * Failed to get interface description.
575 */
576 free(description);
577 description = NULL;
578 break;
579 }
580 } else
581 break;
582 }
583 #else /* __FreeBSD__ */
584 /*
585 * The only other OS that currently supports
586 * SIOCGIFDESCR is OpenBSD, and it has no way
587 * to get the description length - it's clamped
588 * to a maximum of IFDESCRSIZE.
589 */
590 if ((description = malloc(descrlen)) != NULL) {
591 ifrdesc.ifr_data = (caddr_t)description;
592 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
593 /*
594 * Failed to get interface description.
595 */
596 free(description);
597 description = NULL;
598 }
599 }
600 #endif /* __FreeBSD__ */
601 close(s);
602 if (description != NULL && strlen(description) == 0) {
603 /*
604 * Description is empty, so discard it.
605 */
606 free(description);
607 description = NULL;
608 }
609 }
610
611 #ifdef __FreeBSD__
612 /*
613 * For FreeBSD, if we didn't get a description, and this is
614 * a device with a name of the form usbusN, label it as a USB
615 * bus.
616 */
617 if (description == NULL) {
618 if (strncmp(name, "usbus", 5) == 0) {
619 /*
620 * OK, it begins with "usbus".
621 */
622 long busnum;
623 char *p;
624
625 errno = 0;
626 busnum = strtol(name + 5, &p, 10);
627 if (errno == 0 && p != name + 5 && *p == '\0' &&
628 busnum >= 0 && busnum <= INT_MAX) {
629 /*
630 * OK, it's a valid number that's not
631 * bigger than INT_MAX. Construct
632 * a description from it.
633 */
634 static const char descr_prefix[] = "USB bus number ";
635 size_t descr_size;
636
637 /*
638 * Allow enough room for a 32-bit bus number.
639 * sizeof (descr_prefix) includes the
640 * terminating NUL.
641 */
642 descr_size = sizeof (descr_prefix) + 10;
643 description = malloc(descr_size);
644 if (description != NULL) {
645 pcap_snprintf(description, descr_size,
646 "%s%ld", descr_prefix, busnum);
647 }
648 }
649 }
650 }
651 #endif
652 return (description);
653 #else /* SIOCGIFDESCR */
654 return (NULL);
655 #endif /* SIOCGIFDESCR */
656 }
657
658 /*
659 * Look for a given device in the specified list of devices.
660 *
661 * If we find it, return a pointer to its entry.
662 *
663 * If we don't find it, attempt to add an entry for it, with the specified
664 * IFF_ flags and description, and, if that succeeds, return a pointer to
665 * the new entry, otherwise return NULL and set errbuf to an error message.
666 */
667 pcap_if_t *
668 find_or_add_if(pcap_if_list_t *devlistp, const char *name,
669 bpf_u_int32 if_flags, char *errbuf)
670 {
671 bpf_u_int32 pcap_flags;
672
673 /*
674 * Convert IFF_ flags to pcap flags.
675 */
676 pcap_flags = 0;
677 #ifdef IFF_LOOPBACK
678 if (if_flags & IFF_LOOPBACK)
679 pcap_flags |= PCAP_IF_LOOPBACK;
680 #else
681 /*
682 * We don't have IFF_LOOPBACK, so look at the device name to
683 * see if it looks like a loopback device.
684 */
685 if (name[0] == 'l' && name[1] == 'o' &&
686 (isdigit((unsigned char)(name[2])) || name[2] == '\0')
687 pcap_flags |= PCAP_IF_LOOPBACK;
688 #endif
689 #ifdef IFF_UP
690 if (if_flags & IFF_UP)
691 pcap_flags |= PCAP_IF_UP;
692 #endif
693 #ifdef IFF_RUNNING
694 if (if_flags & IFF_RUNNING)
695 pcap_flags |= PCAP_IF_RUNNING;
696 #endif
697
698 /*
699 * Attempt to find an entry for this device; if we don't find one,
700 * attempt to add one.
701 */
702 return (find_or_add_dev(devlistp, name, pcap_flags,
703 get_if_description(name), errbuf));
704 }
705
706 /*
707 * Look for a given device in the specified list of devices.
708 *
709 * If we find it, then, if the specified address isn't null, add it to
710 * the list of addresses for the device and return 0.
711 *
712 * If we don't find it, attempt to add an entry for it, with the specified
713 * IFF_ flags and description, and, if that succeeds, add the specified
714 * address to its list of addresses if that address is non-null, and
715 * return 0, otherwise return -1 and set errbuf to an error message.
716 *
717 * (We can get called with a null address because we might get a list
718 * of interface name/address combinations from the underlying OS, with
719 * the address being absent in some cases, rather than a list of
720 * interfaces with each interface having a list of addresses, so this
721 * call may be the only call made to add to the list, and we want to
722 * add interfaces even if they have no addresses.)
723 */
724 int
725 add_addr_to_if(pcap_if_list_t *devlistp, const char *name,
726 bpf_u_int32 if_flags,
727 struct sockaddr *addr, size_t addr_size,
728 struct sockaddr *netmask, size_t netmask_size,
729 struct sockaddr *broadaddr, size_t broadaddr_size,
730 struct sockaddr *dstaddr, size_t dstaddr_size,
731 char *errbuf)
732 {
733 pcap_if_t *curdev;
734
735 /*
736 * Check whether the device exists and, if not, add it.
737 */
738 curdev = find_or_add_if(devlistp, name, if_flags, errbuf);
739 if (curdev == NULL) {
740 /*
741 * Error - give up.
742 */
743 return (-1);
744 }
745
746 if (addr == NULL) {
747 /*
748 * There's no address to add; this entry just meant
749 * "here's a new interface".
750 */
751 return (0);
752 }
753
754 /*
755 * "curdev" is an entry for this interface, and we have an
756 * address for it; add an entry for that address to the
757 * interface's list of addresses.
758 */
759 return (add_addr_to_dev(curdev, addr, addr_size, netmask,
760 netmask_size, broadaddr, broadaddr_size, dstaddr,
761 dstaddr_size, errbuf));
762 }
763 #endif /* _WIN32 */
764
765 /*
766 * Add an entry to the list of addresses for an interface.
767 * "curdev" is the entry for that interface.
768 */
769 int
770 add_addr_to_dev(pcap_if_t *curdev,
771 struct sockaddr *addr, size_t addr_size,
772 struct sockaddr *netmask, size_t netmask_size,
773 struct sockaddr *broadaddr, size_t broadaddr_size,
774 struct sockaddr *dstaddr, size_t dstaddr_size,
775 char *errbuf)
776 {
777 pcap_addr_t *curaddr, *prevaddr, *nextaddr;
778
779 /*
780 * Allocate the new entry and fill it in.
781 */
782 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t));
783 if (curaddr == NULL) {
784 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
785 "malloc: %s", pcap_strerror(errno));
786 return (-1);
787 }
788
789 curaddr->next = NULL;
790 if (addr != NULL && addr_size != 0) {
791 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size);
792 if (curaddr->addr == NULL) {
793 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
794 "malloc: %s", pcap_strerror(errno));
795 free(curaddr);
796 return (-1);
797 }
798 } else
799 curaddr->addr = NULL;
800
801 if (netmask != NULL && netmask_size != 0) {
802 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size);
803 if (curaddr->netmask == NULL) {
804 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
805 "malloc: %s", pcap_strerror(errno));
806 if (curaddr->addr != NULL)
807 free(curaddr->addr);
808 free(curaddr);
809 return (-1);
810 }
811 } else
812 curaddr->netmask = NULL;
813
814 if (broadaddr != NULL && broadaddr_size != 0) {
815 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size);
816 if (curaddr->broadaddr == NULL) {
817 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
818 "malloc: %s", pcap_strerror(errno));
819 if (curaddr->netmask != NULL)
820 free(curaddr->netmask);
821 if (curaddr->addr != NULL)
822 free(curaddr->addr);
823 free(curaddr);
824 return (-1);
825 }
826 } else
827 curaddr->broadaddr = NULL;
828
829 if (dstaddr != NULL && dstaddr_size != 0) {
830 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size);
831 if (curaddr->dstaddr == NULL) {
832 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
833 "malloc: %s", pcap_strerror(errno));
834 if (curaddr->broadaddr != NULL)
835 free(curaddr->broadaddr);
836 if (curaddr->netmask != NULL)
837 free(curaddr->netmask);
838 if (curaddr->addr != NULL)
839 free(curaddr->addr);
840 free(curaddr);
841 return (-1);
842 }
843 } else
844 curaddr->dstaddr = NULL;
845
846 /*
847 * Find the end of the list of addresses.
848 */
849 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) {
850 nextaddr = prevaddr->next;
851 if (nextaddr == NULL) {
852 /*
853 * This is the end of the list.
854 */
855 break;
856 }
857 }
858
859 if (prevaddr == NULL) {
860 /*
861 * The list was empty; this is the first member.
862 */
863 curdev->addresses = curaddr;
864 } else {
865 /*
866 * "prevaddr" is the last member of the list; append
867 * this member to it.
868 */
869 prevaddr->next = curaddr;
870 }
871
872 return (0);
873 }
874
875 /*
876 * Look for a given device in the specified list of devices.
877 *
878 * If we find it, return 0 and set *curdev_ret to point to it.
879 *
880 * If we don't find it, attempt to add an entry for it, with the specified
881 * flags and description, and, if that succeeds, return 0, otherwise
882 * return -1 and set errbuf to an error message.
883 */
884 pcap_if_t *
885 find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags,
886 const char *description, char *errbuf)
887 {
888 pcap_if_t *curdev;
889
890 /*
891 * Is there already an entry in the list for this device?
892 */
893 curdev = find_dev(devlistp, name);
894 if (curdev != NULL) {
895 /*
896 * Yes, return it.
897 */
898 return (curdev);
899 }
900
901 /*
902 * No, we didn't find it. Try to add it to the list of devices.
903 */
904 return (add_dev(devlistp, name, flags, description, errbuf));
905 }
906
907 /*
908 * Look for a given device in the specified list of devices, and return
909 * the entry for it if we find it or NULL if we don't.
910 */
911 pcap_if_t *
912 find_dev(pcap_if_list_t *devlistp, const char *name)
913 {
914 pcap_if_t *curdev;
915
916 /*
917 * Is there an entry in the list for this device?
918 */
919 for (curdev = devlistp->beginning; curdev != NULL;
920 curdev = curdev->next) {
921 if (strcmp(name, curdev->name) == 0) {
922 /*
923 * We found it, so, yes, there is. No need to
924 * add it. Provide the entry we found to our
925 * caller.
926 */
927 return (curdev);
928 }
929 }
930
931 /*
932 * No.
933 */
934 return (NULL);
935 }
936
937 /*
938 * Attempt to add an entry for a device, with the specified flags
939 * and description, and, if that succeeds, return 0 and return a pointer
940 * to the new entry, otherwise return NULL and set errbuf to an error
941 * message.
942 *
943 * If we weren't given a description, try to get one.
944 */
945 pcap_if_t *
946 add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags,
947 const char *description, char *errbuf)
948 {
949 pcap_if_t *curdev, *prevdev, *nextdev;
950 u_int this_figure_of_merit, nextdev_figure_of_merit;
951
952 curdev = malloc(sizeof(pcap_if_t));
953 if (curdev == NULL) {
954 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
955 "malloc: %s", pcap_strerror(errno));
956 return (NULL);
957 }
958
959 /*
960 * Fill in the entry.
961 */
962 curdev->next = NULL;
963 curdev->name = strdup(name);
964 if (curdev->name == NULL) {
965 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
966 "malloc: %s", pcap_strerror(errno));
967 free(curdev);
968 return (NULL);
969 }
970 if (description == NULL) {
971 /*
972 * We weren't handed a description for the interface.
973 */
974 curdev->description = NULL;
975 } else {
976 /*
977 * We were handed a description; make a copy.
978 */
979 curdev->description = strdup(description);
980 if (curdev->description == NULL) {
981 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
982 "malloc: %s", pcap_strerror(errno));
983 free(curdev->name);
984 free(curdev);
985 return (NULL);
986 }
987 }
988 curdev->addresses = NULL; /* list starts out as empty */
989 curdev->flags = flags;
990
991 /*
992 * Add it to the list, in the appropriate location.
993 * First, get the "figure of merit" for this interface.
994 */
995 this_figure_of_merit = get_figure_of_merit(curdev);
996
997 /*
998 * Now look for the last interface with an figure of merit
999 * less than or equal to the new interface's figure of merit.
1000 *
1001 * We start with "prevdev" being NULL, meaning we're before
1002 * the first element in the list.
1003 */
1004 prevdev = NULL;
1005 for (;;) {
1006 /*
1007 * Get the interface after this one.
1008 */
1009 if (prevdev == NULL) {
1010 /*
1011 * The next element is the first element.
1012 */
1013 nextdev = devlistp->beginning;
1014 } else
1015 nextdev = prevdev->next;
1016
1017 /*
1018 * Are we at the end of the list?
1019 */
1020 if (nextdev == NULL) {
1021 /*
1022 * Yes - we have to put the new entry after "prevdev".
1023 */
1024 break;
1025 }
1026
1027 /*
1028 * Is the new interface's figure of merit less
1029 * than the next interface's figure of merit,
1030 * meaning that the new interface is better
1031 * than the next interface?
1032 */
1033 nextdev_figure_of_merit = get_figure_of_merit(nextdev);
1034 if (this_figure_of_merit < nextdev_figure_of_merit) {
1035 /*
1036 * Yes - we should put the new entry
1037 * before "nextdev", i.e. after "prevdev".
1038 */
1039 break;
1040 }
1041
1042 prevdev = nextdev;
1043 }
1044
1045 /*
1046 * Insert before "nextdev".
1047 */
1048 curdev->next = nextdev;
1049
1050 /*
1051 * Insert after "prevdev" - unless "prevdev" is null,
1052 * in which case this is the first interface.
1053 */
1054 if (prevdev == NULL) {
1055 /*
1056 * This is the first interface. Make it
1057 * the first element in the list of devices.
1058 */
1059 devlistp->beginning = curdev;
1060 } else
1061 prevdev->next = curdev;
1062 return (curdev);
1063 }
1064
1065 /*
1066 * Free a list of interfaces.
1067 */
1068 void
1069 pcap_freealldevs(pcap_if_t *alldevs)
1070 {
1071 pcap_if_t *curdev, *nextdev;
1072 pcap_addr_t *curaddr, *nextaddr;
1073
1074 for (curdev = alldevs; curdev != NULL; curdev = nextdev) {
1075 nextdev = curdev->next;
1076
1077 /*
1078 * Free all addresses.
1079 */
1080 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) {
1081 nextaddr = curaddr->next;
1082 if (curaddr->addr)
1083 free(curaddr->addr);
1084 if (curaddr->netmask)
1085 free(curaddr->netmask);
1086 if (curaddr->broadaddr)
1087 free(curaddr->broadaddr);
1088 if (curaddr->dstaddr)
1089 free(curaddr->dstaddr);
1090 free(curaddr);
1091 }
1092
1093 /*
1094 * Free the name string.
1095 */
1096 free(curdev->name);
1097
1098 /*
1099 * Free the description string, if any.
1100 */
1101 if (curdev->description != NULL)
1102 free(curdev->description);
1103
1104 /*
1105 * Free the interface.
1106 */
1107 free(curdev);
1108 }
1109 }
1110
1111 #ifdef HAVE_REMOTE
1112 #include "pcap-rpcap.h"
1113 #endif
1114
1115 pcap_t *
1116 pcap_create(const char *device, char *errbuf)
1117 {
1118 size_t i;
1119 int is_theirs;
1120 pcap_t *p;
1121 char *device_str;
1122
1123 /*
1124 * A null device name is equivalent to the "any" device -
1125 * which might not be supported on this platform, but
1126 * this means that you'll get a "not supported" error
1127 * rather than, say, a crash when we try to dereference
1128 * the null pointer.
1129 */
1130 if (device == NULL)
1131 device_str = strdup("any");
1132 else {
1133 #ifdef _WIN32
1134 /*
1135 * If the string appears to be little-endian UCS-2/UTF-16,
1136 * convert it to ASCII.
1137 *
1138 * XXX - to UTF-8 instead? Or report an error if any
1139 * character isn't ASCII?
1140 */
1141 if (device[0] != '\0' && device[1] == '\0') {
1142 size_t length;
1143
1144 length = wcslen((wchar_t *)device);
1145 device_str = (char *)malloc(length + 1);
1146 if (device_str == NULL) {
1147 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
1148 "malloc: %s", pcap_strerror(errno));
1149 return (NULL);
1150 }
1151
1152 pcap_snprintf(device_str, length + 1, "%ws",
1153 (const wchar_t *)device);
1154 } else
1155 #endif
1156 device_str = strdup(device);
1157 }
1158 if (device_str == NULL) {
1159 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
1160 "malloc: %s", pcap_strerror(errno));
1161 return (NULL);
1162 }
1163
1164 /*
1165 * Try each of the non-local-network-interface capture
1166 * source types until we find one that works for this
1167 * device or run out of types.
1168 */
1169 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
1170 is_theirs = 0;
1171 p = capture_source_types[i].create_op(device_str, errbuf,
1172 &is_theirs);
1173 if (is_theirs) {
1174 /*
1175 * The device name refers to a device of the
1176 * type in question; either it succeeded,
1177 * in which case p refers to a pcap_t to
1178 * later activate for the device, or it
1179 * failed, in which case p is null and we
1180 * should return that to report the failure
1181 * to create.
1182 */
1183 if (p == NULL) {
1184 /*
1185 * We assume the caller filled in errbuf.
1186 */
1187 free(device_str);
1188 return (NULL);
1189 }
1190 p->opt.device = device_str;
1191 return (p);
1192 }
1193 }
1194
1195 /*
1196 * OK, try it as a regular network interface.
1197 */
1198 p = pcap_create_interface(device_str, errbuf);
1199 if (p == NULL) {
1200 /*
1201 * We assume the caller filled in errbuf.
1202 */
1203 free(device_str);
1204 return (NULL);
1205 }
1206 p->opt.device = device_str;
1207 return (p);
1208 }
1209
1210 /*
1211 * Set nonblocking mode on an unactivated pcap_t; this sets a flag
1212 * checked by pcap_activate(), which sets the mode after calling
1213 * the activate routine.
1214 */
1215 static int
1216 pcap_setnonblock_unactivated(pcap_t *p, int nonblock)
1217 {
1218 p->opt.nonblock = nonblock;
1219 return (0);
1220 }
1221
1222 static void
1223 initialize_ops(pcap_t *p)
1224 {
1225 /*
1226 * Set operation pointers for operations that only work on
1227 * an activated pcap_t to point to a routine that returns
1228 * a "this isn't activated" error.
1229 */
1230 p->read_op = (read_op_t)pcap_not_initialized;
1231 p->inject_op = (inject_op_t)pcap_not_initialized;
1232 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
1233 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
1234 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
1235 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
1236 p->stats_op = (stats_op_t)pcap_not_initialized;
1237 #ifdef _WIN32
1238 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
1239 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
1240 p->setmode_op = (setmode_op_t)pcap_not_initialized;
1241 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
1242 p->getevent_op = pcap_getevent_not_initialized;
1243 p->oid_get_request_op = (oid_get_request_op_t)pcap_not_initialized;
1244 p->oid_set_request_op = (oid_set_request_op_t)pcap_not_initialized;
1245 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized;
1246 p->setuserbuffer_op = (setuserbuffer_op_t)pcap_not_initialized;
1247 p->live_dump_op = (live_dump_op_t)pcap_not_initialized;
1248 p->live_dump_ended_op = (live_dump_ended_op_t)pcap_not_initialized;
1249 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized;
1250 #endif
1251
1252 /*
1253 * Default cleanup operation - implementations can override
1254 * this, but should call pcap_cleanup_live_common() after
1255 * doing their own additional cleanup.
1256 */
1257 p->cleanup_op = pcap_cleanup_live_common;
1258
1259 /*
1260 * In most cases, the standard one-shot callback can
1261 * be used for pcap_next()/pcap_next_ex().
1262 */
1263 p->oneshot_callback = pcap_oneshot;
1264 }
1265
1266 static pcap_t *
1267 pcap_alloc_pcap_t(char *ebuf, size_t size)
1268 {
1269 char *chunk;
1270 pcap_t *p;
1271
1272 /*
1273 * Allocate a chunk of memory big enough for a pcap_t
1274 * plus a structure following it of size "size". The
1275 * structure following it is a private data structure
1276 * for the routines that handle this pcap_t.
1277 */
1278 chunk = malloc(sizeof (pcap_t) + size);
1279 if (chunk == NULL) {
1280 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
1281 pcap_strerror(errno));
1282 return (NULL);
1283 }
1284 memset(chunk, 0, sizeof (pcap_t) + size);
1285
1286 /*
1287 * Get a pointer to the pcap_t at the beginning.
1288 */
1289 p = (pcap_t *)chunk;
1290
1291 #ifndef _WIN32
1292 p->fd = -1; /* not opened yet */
1293 p->selectable_fd = -1;
1294 #endif
1295
1296 if (size == 0) {
1297 /* No private data was requested. */
1298 p->priv = NULL;
1299 } else {
1300 /*
1301 * Set the pointer to the private data; that's the structure
1302 * of size "size" following the pcap_t.
1303 */
1304 p->priv = (void *)(chunk + sizeof (pcap_t));
1305 }
1306
1307 return (p);
1308 }
1309
1310 pcap_t *
1311 pcap_create_common(char *ebuf, size_t size)
1312 {
1313 pcap_t *p;
1314
1315 p = pcap_alloc_pcap_t(ebuf, size);
1316 if (p == NULL)
1317 return (NULL);
1318
1319 /*
1320 * Default to "can't set rfmon mode"; if it's supported by
1321 * a platform, the create routine that called us can set
1322 * the op to its routine to check whether a particular
1323 * device supports it.
1324 */
1325 p->can_set_rfmon_op = pcap_cant_set_rfmon;
1326
1327 /*
1328 * If pcap_setnonblock() is called on a not-yet-activated
1329 * pcap_t, default to setting a flag and turning
1330 * on non-blocking mode when activated.
1331 */
1332 p->setnonblock_op = pcap_setnonblock_unactivated;
1333
1334 initialize_ops(p);
1335
1336 /* put in some defaults*/
1337 p->snapshot = 0; /* max packet size unspecified */
1338 p->opt.timeout = 0; /* no timeout specified */
1339 p->opt.buffer_size = 0; /* use the platform's default */
1340 p->opt.promisc = 0;
1341 p->opt.rfmon = 0;
1342 p->opt.immediate = 0;
1343 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
1344 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
1345
1346 /*
1347 * Start out with no BPF code generation flags set.
1348 */
1349 p->bpf_codegen_flags = 0;
1350
1351 return (p);
1352 }
1353
1354 int
1355 pcap_check_activated(pcap_t *p)
1356 {
1357 if (p->activated) {
1358 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
1359 " operation on activated capture");
1360 return (-1);
1361 }
1362 return (0);
1363 }
1364
1365 int
1366 pcap_set_snaplen(pcap_t *p, int snaplen)
1367 {
1368 if (pcap_check_activated(p))
1369 return (PCAP_ERROR_ACTIVATED);
1370 p->snapshot = snaplen;
1371 return (0);
1372 }
1373
1374 int
1375 pcap_set_promisc(pcap_t *p, int promisc)
1376 {
1377 if (pcap_check_activated(p))
1378 return (PCAP_ERROR_ACTIVATED);
1379 p->opt.promisc = promisc;
1380 return (0);
1381 }
1382
1383 int
1384 pcap_set_rfmon(pcap_t *p, int rfmon)
1385 {
1386 if (pcap_check_activated(p))
1387 return (PCAP_ERROR_ACTIVATED);
1388 p->opt.rfmon = rfmon;
1389 return (0);
1390 }
1391
1392 int
1393 pcap_set_timeout(pcap_t *p, int timeout_ms)
1394 {
1395 if (pcap_check_activated(p))
1396 return (PCAP_ERROR_ACTIVATED);
1397 p->opt.timeout = timeout_ms;
1398 return (0);
1399 }
1400
1401 int
1402 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
1403 {
1404 int i;
1405
1406 if (pcap_check_activated(p))
1407 return (PCAP_ERROR_ACTIVATED);
1408
1409 /*
1410 * The argument should have been u_int, but that's too late
1411 * to change now - it's an API.
1412 */
1413 if (tstamp_type < 0)
1414 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
1415
1416 /*
1417 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
1418 * the default time stamp type is PCAP_TSTAMP_HOST.
1419 */
1420 if (p->tstamp_type_count == 0) {
1421 if (tstamp_type == PCAP_TSTAMP_HOST) {
1422 p->opt.tstamp_type = tstamp_type;
1423 return (0);
1424 }
1425 } else {
1426 /*
1427 * Check whether we claim to support this type of time stamp.
1428 */
1429 for (i = 0; i < p->tstamp_type_count; i++) {
1430 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
1431 /*
1432 * Yes.
1433 */
1434 p->opt.tstamp_type = tstamp_type;
1435 return (0);
1436 }
1437 }
1438 }
1439
1440 /*
1441 * We don't support this type of time stamp.
1442 */
1443 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
1444 }
1445
1446 int
1447 pcap_set_immediate_mode(pcap_t *p, int immediate)
1448 {
1449 if (pcap_check_activated(p))
1450 return (PCAP_ERROR_ACTIVATED);
1451 p->opt.immediate = immediate;
1452 return (0);
1453 }
1454
1455 int
1456 pcap_set_buffer_size(pcap_t *p, int buffer_size)
1457 {
1458 if (pcap_check_activated(p))
1459 return (PCAP_ERROR_ACTIVATED);
1460 if (buffer_size <= 0) {
1461 /*
1462 * Silently ignore invalid values.
1463 */
1464 return (0);
1465 }
1466 p->opt.buffer_size = buffer_size;
1467 return (0);
1468 }
1469
1470 int
1471 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
1472 {
1473 int i;
1474
1475 if (pcap_check_activated(p))
1476 return (PCAP_ERROR_ACTIVATED);
1477
1478 /*
1479 * The argument should have been u_int, but that's too late
1480 * to change now - it's an API.
1481 */
1482 if (tstamp_precision < 0)
1483 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
1484
1485 /*
1486 * If p->tstamp_precision_count is 0, we only support setting
1487 * the time stamp precision to microsecond precision; every
1488 * pcap module *MUST* support microsecond precision, even if
1489 * it does so by converting the native precision to
1490 * microseconds.
1491 */
1492 if (p->tstamp_precision_count == 0) {
1493 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
1494 p->opt.tstamp_precision = tstamp_precision;
1495 return (0);
1496 }
1497 } else {
1498 /*
1499 * Check whether we claim to support this precision of
1500 * time stamp.
1501 */
1502 for (i = 0; i < p->tstamp_precision_count; i++) {
1503 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
1504 /*
1505 * Yes.
1506 */
1507 p->opt.tstamp_precision = tstamp_precision;
1508 return (0);
1509 }
1510 }
1511 }
1512
1513 /*
1514 * We don't support this time stamp precision.
1515 */
1516 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
1517 }
1518
1519 int
1520 pcap_get_tstamp_precision(pcap_t *p)
1521 {
1522 return (p->opt.tstamp_precision);
1523 }
1524
1525 int
1526 pcap_activate(pcap_t *p)
1527 {
1528 int status;
1529
1530 /*
1531 * Catch attempts to re-activate an already-activated
1532 * pcap_t; this should, for example, catch code that
1533 * calls pcap_open_live() followed by pcap_activate(),
1534 * as some code that showed up in a Stack Exchange
1535 * question did.
1536 */
1537 if (pcap_check_activated(p))
1538 return (PCAP_ERROR_ACTIVATED);
1539 status = p->activate_op(p);
1540 if (status >= 0) {
1541 /*
1542 * If somebody requested non-blocking mode before
1543 * calling pcap_activate(), turn it on now.
1544 */
1545 if (p->opt.nonblock) {
1546 status = p->setnonblock_op(p, 1);
1547 if (status < 0) {
1548 /*
1549 * Failed. Undo everything done by
1550 * the activate operation.
1551 */
1552 p->cleanup_op(p);
1553 initialize_ops(p);
1554 return (status);
1555 }
1556 }
1557 p->activated = 1;
1558 } else {
1559 if (p->errbuf[0] == '\0') {
1560 /*
1561 * No error message supplied by the activate routine;
1562 * for the benefit of programs that don't specially
1563 * handle errors other than PCAP_ERROR, return the
1564 * error message corresponding to the status.
1565 */
1566 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
1567 pcap_statustostr(status));
1568 }
1569
1570 /*
1571 * Undo any operation pointer setting, etc. done by
1572 * the activate operation.
1573 */
1574 initialize_ops(p);
1575 }
1576 return (status);
1577 }
1578
1579 pcap_t *
1580 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
1581 {
1582 pcap_t *p;
1583 int status;
1584 #ifdef HAVE_REMOTE
1585 char host[PCAP_BUF_SIZE + 1];
1586 char port[PCAP_BUF_SIZE + 1];
1587 char name[PCAP_BUF_SIZE + 1];
1588 int srctype;
1589
1590 /*
1591 * Retrofit - we have to make older applications compatible with
1592 * remote capture.
1593 * So we're calling pcap_open_remote() from here; this is a very
1594 * dirty hack.
1595 * Obviously, we cannot exploit all the new features; for instance,
1596 * we cannot send authentication, we cannot use a UDP data connection,
1597 * and so on.
1598 */
1599 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf))
1600 return (NULL);
1601
1602 if (srctype == PCAP_SRC_IFREMOTE) {
1603 /*
1604 * Although we already have host, port and iface, we prefer
1605 * to pass only 'device' to pcap_open_rpcap(), so that it has
1606 * to call pcap_parsesrcstr() again.
1607 * This is less optimized, but much clearer.
1608 */
1609 return (pcap_open_rpcap(device, snaplen,
1610 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms,
1611 NULL, errbuf));
1612 }
1613 if (srctype == PCAP_SRC_FILE) {
1614 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\"");
1615 return (NULL);
1616 }
1617 if (srctype == PCAP_SRC_IFLOCAL) {
1618 /*
1619 * If it starts with rpcap://, that refers to a local device
1620 * (no host part in the URL). Remove the rpcap://, and
1621 * fall through to the regular open path.
1622 */
1623 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) {
1624 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1;
1625
1626 if (len > 0)
1627 device += strlen(PCAP_SRC_IF_STRING);
1628 }
1629 }
1630 #endif /* HAVE_REMOTE */
1631
1632 p = pcap_create(device, errbuf);
1633 if (p == NULL)
1634 return (NULL);
1635 status = pcap_set_snaplen(p, snaplen);
1636 if (status < 0)
1637 goto fail;
1638 status = pcap_set_promisc(p, promisc);
1639 if (status < 0)
1640 goto fail;
1641 status = pcap_set_timeout(p, to_ms);
1642 if (status < 0)
1643 goto fail;
1644 /*
1645 * Mark this as opened with pcap_open_live(), so that, for
1646 * example, we show the full list of DLT_ values, rather
1647 * than just the ones that are compatible with capturing
1648 * when not in monitor mode. That allows existing applications
1649 * to work the way they used to work, but allows new applications
1650 * that know about the new open API to, for example, find out the
1651 * DLT_ values that they can select without changing whether
1652 * the adapter is in monitor mode or not.
1653 */
1654 p->oldstyle = 1;
1655 status = pcap_activate(p);
1656 if (status < 0)
1657 goto fail;
1658 return (p);
1659 fail:
1660 if (status == PCAP_ERROR)
1661 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
1662 p->errbuf);
1663 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
1664 status == PCAP_ERROR_PERM_DENIED ||
1665 status == PCAP_ERROR_PROMISC_PERM_DENIED)
1666 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", device,
1667 pcap_statustostr(status), p->errbuf);
1668 else
1669 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
1670 pcap_statustostr(status));
1671 pcap_close(p);
1672 return (NULL);
1673 }
1674
1675 pcap_t *
1676 pcap_open_offline_common(char *ebuf, size_t size)
1677 {
1678 pcap_t *p;
1679
1680 p = pcap_alloc_pcap_t(ebuf, size);
1681 if (p == NULL)
1682 return (NULL);
1683
1684 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
1685
1686 return (p);
1687 }
1688
1689 int
1690 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
1691 {
1692 return (p->read_op(p, cnt, callback, user));
1693 }
1694
1695 int
1696 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
1697 {
1698 register int n;
1699
1700 for (;;) {
1701 if (p->rfile != NULL) {
1702 /*
1703 * 0 means EOF, so don't loop if we get 0.
1704 */
1705 n = pcap_offline_read(p, cnt, callback, user);
1706 } else {
1707 /*
1708 * XXX keep reading until we get something
1709 * (or an error occurs)
1710 */
1711 do {
1712 n = p->read_op(p, cnt, callback, user);
1713 } while (n == 0);
1714 }
1715 if (n <= 0)
1716 return (n);
1717 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
1718 cnt -= n;
1719 if (cnt <= 0)
1720 return (0);
1721 }
1722 }
1723 }
1724
1725 /*
1726 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
1727 */
1728 void
1729 pcap_breakloop(pcap_t *p)
1730 {
1731 p->break_loop = 1;
1732 }
1733
1734 int
1735 pcap_datalink(pcap_t *p)
1736 {
1737 if (!p->activated)
1738 return (PCAP_ERROR_NOT_ACTIVATED);
1739 return (p->linktype);
1740 }
1741
1742 int
1743 pcap_datalink_ext(pcap_t *p)
1744 {
1745 if (!p->activated)
1746 return (PCAP_ERROR_NOT_ACTIVATED);
1747 return (p->linktype_ext);
1748 }
1749
1750 int
1751 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
1752 {
1753 if (!p->activated)
1754 return (PCAP_ERROR_NOT_ACTIVATED);
1755 if (p->dlt_count == 0) {
1756 /*
1757 * We couldn't fetch the list of DLTs, which means
1758 * this platform doesn't support changing the
1759 * DLT for an interface. Return a list of DLTs
1760 * containing only the DLT this device supports.
1761 */
1762 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
1763 if (*dlt_buffer == NULL) {
1764 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1765 "malloc: %s", pcap_strerror(errno));
1766 return (PCAP_ERROR);
1767 }
1768 **dlt_buffer = p->linktype;
1769 return (1);
1770 } else {
1771 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
1772 if (*dlt_buffer == NULL) {
1773 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1774 "malloc: %s", pcap_strerror(errno));
1775 return (PCAP_ERROR);
1776 }
1777 (void)memcpy(*dlt_buffer, p->dlt_list,
1778 sizeof(**dlt_buffer) * p->dlt_count);
1779 return (p->dlt_count);
1780 }
1781 }
1782
1783 /*
1784 * In Windows, you might have a library built with one version of the
1785 * C runtime library and an application built with another version of
1786 * the C runtime library, which means that the library might use one
1787 * version of malloc() and free() and the application might use another
1788 * version of malloc() and free(). If so, that means something
1789 * allocated by the library cannot be freed by the application, so we
1790 * need to have a pcap_free_datalinks() routine to free up the list
1791 * allocated by pcap_list_datalinks(), even though it's just a wrapper
1792 * around free().
1793 */
1794 void
1795 pcap_free_datalinks(int *dlt_list)
1796 {
1797 free(dlt_list);
1798 }
1799
1800 int
1801 pcap_set_datalink(pcap_t *p, int dlt)
1802 {
1803 int i;
1804 const char *dlt_name;
1805
1806 if (dlt < 0)
1807 goto unsupported;
1808
1809 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
1810 /*
1811 * We couldn't fetch the list of DLTs, or we don't
1812 * have a "set datalink" operation, which means
1813 * this platform doesn't support changing the
1814 * DLT for an interface. Check whether the new
1815 * DLT is the one this interface supports.
1816 */
1817 if (p->linktype != dlt)
1818 goto unsupported;
1819
1820 /*
1821 * It is, so there's nothing we need to do here.
1822 */
1823 return (0);
1824 }
1825 for (i = 0; i < p->dlt_count; i++)
1826 if (p->dlt_list[i] == (u_int)dlt)
1827 break;
1828 if (i >= p->dlt_count)
1829 goto unsupported;
1830 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
1831 dlt == DLT_DOCSIS) {
1832 /*
1833 * This is presumably an Ethernet device, as the first
1834 * link-layer type it offers is DLT_EN10MB, and the only
1835 * other type it offers is DLT_DOCSIS. That means that
1836 * we can't tell the driver to supply DOCSIS link-layer
1837 * headers - we're just pretending that's what we're
1838 * getting, as, presumably, we're capturing on a dedicated
1839 * link to a Cisco Cable Modem Termination System, and
1840 * it's putting raw DOCSIS frames on the wire inside low-level
1841 * Ethernet framing.
1842 */
1843 p->linktype = dlt;
1844 return (0);
1845 }
1846 if (p->set_datalink_op(p, dlt) == -1)
1847 return (-1);
1848 p->linktype = dlt;
1849 return (0);
1850
1851 unsupported:
1852 dlt_name = pcap_datalink_val_to_name(dlt);
1853 if (dlt_name != NULL) {
1854 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1855 "%s is not one of the DLTs supported by this device",
1856 dlt_name);
1857 } else {
1858 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1859 "DLT %d is not one of the DLTs supported by this device",
1860 dlt);
1861 }
1862 return (-1);
1863 }
1864
1865 /*
1866 * This array is designed for mapping upper and lower case letter
1867 * together for a case independent comparison. The mappings are
1868 * based upon ascii character sequences.
1869 */
1870 static const u_char charmap[] = {
1871 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1872 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1873 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1874 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1875 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1876 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1877 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1878 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1879 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1880 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1881 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1882 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1883 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1884 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1885 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1886 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1887 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1888 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1889 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1890 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1891 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1892 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1893 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1894 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1895 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1896 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1897 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1898 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1899 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1900 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1901 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1902 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1903 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1904 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1905 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1906 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1907 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1908 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1909 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1910 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1911 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1912 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1913 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1914 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1915 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1916 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1917 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1918 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1919 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1920 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1921 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1922 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1923 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1924 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1925 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1926 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1927 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1928 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1929 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1930 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1931 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1932 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1933 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1934 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1935 };
1936
1937 int
1938 pcap_strcasecmp(const char *s1, const char *s2)
1939 {
1940 register const u_char *cm = charmap,
1941 *us1 = (const u_char *)s1,
1942 *us2 = (const u_char *)s2;
1943
1944 while (cm[*us1] == cm[*us2++])
1945 if (*us1++ == '\0')
1946 return(0);
1947 return (cm[*us1] - cm[*--us2]);
1948 }
1949
1950 struct dlt_choice {
1951 const char *name;
1952 const char *description;
1953 int dlt;
1954 };
1955
1956 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code }
1957 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1958
1959 static struct dlt_choice dlt_choices[] = {
1960 DLT_CHOICE(NULL, "BSD loopback"),
1961 DLT_CHOICE(EN10MB, "Ethernet"),
1962 DLT_CHOICE(IEEE802, "Token ring"),
1963 DLT_CHOICE(ARCNET, "BSD ARCNET"),
1964 DLT_CHOICE(SLIP, "SLIP"),
1965 DLT_CHOICE(PPP, "PPP"),
1966 DLT_CHOICE(FDDI, "FDDI"),
1967 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1968 DLT_CHOICE(RAW, "Raw IP"),
1969 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"),
1970 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"),
1971 DLT_CHOICE(ATM_CLIP, "Linux Classical IP-over-ATM"),
1972 DLT_CHOICE(PPP_SERIAL, "PPP over serial"),
1973 DLT_CHOICE(PPP_ETHER, "PPPoE"),
1974 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"),
1975 DLT_CHOICE(C_HDLC, "Cisco HDLC"),
1976 DLT_CHOICE(IEEE802_11, "802.11"),
1977 DLT_CHOICE(FRELAY, "Frame Relay"),
1978 DLT_CHOICE(LOOP, "OpenBSD loopback"),
1979 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"),
1980 DLT_CHOICE(LINUX_SLL, "Linux cooked"),
1981 DLT_CHOICE(LTALK, "Localtalk"),
1982 DLT_CHOICE(PFLOG, "OpenBSD pflog file"),
1983 DLT_CHOICE(PFSYNC, "Packet filter state syncing"),
1984 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"),
1985 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1986 DLT_CHOICE(SUNATM, "Sun raw ATM"),
1987 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"),
1988 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"),
1989 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1990 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1991 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"),
1992 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"),
1993 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1994 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"),
1995 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1996 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"),
1997 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1998 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1999 DLT_CHOICE(MTP2, "SS7 MTP2"),
2000 DLT_CHOICE(MTP3, "SS7 MTP3"),
2001 DLT_CHOICE(SCCP, "SS7 SCCP"),
2002 DLT_CHOICE(DOCSIS, "DOCSIS"),
2003 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"),
2004 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
2005 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
2006 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"),
2007 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"),
2008 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"),
2009 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
2010 DLT_CHOICE(GPRS_LLC, "GPRS LLC"),
2011 DLT_CHOICE(GPF_T, "GPF-T"),
2012 DLT_CHOICE(GPF_F, "GPF-F"),
2013 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"),
2014 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"),
2015 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"),
2016 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"),
2017 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"),
2018 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"),
2019 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"),
2020 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"),
2021 DLT_CHOICE(MFR, "FRF.16 Frame Relay"),
2022 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"),
2023 DLT_CHOICE(A429, "Arinc 429"),
2024 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"),
2025 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"),
2026 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
2027 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
2028 DLT_CHOICE(USB_LINUX, "USB with Linux header"),
2029 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"),
2030 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
2031 DLT_CHOICE(PPI, "Per-Packet Information"),
2032 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
2033 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"),
2034 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"),
2035 DLT_CHOICE(SITA, "SITA pseudo-header"),
2036 DLT_CHOICE(ERF, "Endace ERF header"),
2037 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"),
2038 DLT_CHOICE(IPMB, "IPMB"),
2039 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"),
2040 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
2041 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"),
2042 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
2043 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"),
2044 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"),
2045 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"),
2046 DLT_CHOICE(DECT, "DECT"),
2047 DLT_CHOICE(AOS, "AOS Space Data Link protocol"),
2048 DLT_CHOICE(WIHART, "Wireless HART"),
2049 DLT_CHOICE(FC_2, "Fibre Channel FC-2"),
2050 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
2051 DLT_CHOICE(IPNET, "Solaris ipnet"),
2052 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
2053 DLT_CHOICE(IPV4, "Raw IPv4"),
2054 DLT_CHOICE(IPV6, "Raw IPv6"),
2055 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
2056 DLT_CHOICE(DBUS, "D-Bus"),
2057 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"),
2058 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"),
2059 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
2060 DLT_CHOICE(DVB_CI, "DVB-CI"),
2061 DLT_CHOICE(MUX27010, "MUX27010"),
2062 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
2063 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
2064 DLT_CHOICE(NFLOG, "Linux netfilter log messages"),
2065 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
2066 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
2067 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"),
2068 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"),
2069 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"),
2070 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
2071 DLT_CHOICE(INFINIBAND, "InfiniBand"),
2072 DLT_CHOICE(SCTP, "SCTP"),
2073 DLT_CHOICE(USBPCAP, "USB with USBPcap header"),
2074 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
2075 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
2076 DLT_CHOICE(NETLINK, "Linux netlink"),
2077 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
2078 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
2079 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
2080 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"),
2081 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"),
2082 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
2083 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"),
2084 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"),
2085 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"),
2086 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"),
2087 DLT_CHOICE(ISO_14443, "ISO 14443 messages"),
2088 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"),
2089 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"),
2090 DLT_CHOICE(OPENFLOW, "OpenBSD DLT_OPENFLOW"),
2091 DLT_CHOICE(SDLC, "IBM SDLC frames"),
2092 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"),
2093 DLT_CHOICE_SENTINEL
2094 };
2095
2096 int
2097 pcap_datalink_name_to_val(const char *name)
2098 {
2099 int i;
2100
2101 for (i = 0; dlt_choices[i].name != NULL; i++) {
2102 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0)
2103 return (dlt_choices[i].dlt);
2104 }
2105 return (-1);
2106 }
2107
2108 const char *
2109 pcap_datalink_val_to_name(int dlt)
2110 {
2111 int i;
2112
2113 for (i = 0; dlt_choices[i].name != NULL; i++) {
2114 if (dlt_choices[i].dlt == dlt)
2115 return (dlt_choices[i].name);
2116 }
2117 return (NULL);
2118 }
2119
2120 const char *
2121 pcap_datalink_val_to_description(int dlt)
2122 {
2123 int i;
2124
2125 for (i = 0; dlt_choices[i].name != NULL; i++) {
2126 if (dlt_choices[i].dlt == dlt)
2127 return (dlt_choices[i].description);
2128 }
2129 return (NULL);
2130 }
2131
2132 struct tstamp_type_choice {
2133 const char *name;
2134 const char *description;
2135 int type;
2136 };
2137
2138 static struct tstamp_type_choice tstamp_type_choices[] = {
2139 { "host", "Host", PCAP_TSTAMP_HOST },
2140 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
2141 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
2142 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
2143 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
2144 { NULL, NULL, 0 }
2145 };
2146
2147 int
2148 pcap_tstamp_type_name_to_val(const char *name)
2149 {
2150 int i;
2151
2152 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
2153 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
2154 return (tstamp_type_choices[i].type);
2155 }
2156 return (PCAP_ERROR);
2157 }
2158
2159 const char *
2160 pcap_tstamp_type_val_to_name(int tstamp_type)
2161 {
2162 int i;
2163
2164 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
2165 if (tstamp_type_choices[i].type == tstamp_type)
2166 return (tstamp_type_choices[i].name);
2167 }
2168 return (NULL);
2169 }
2170
2171 const char *
2172 pcap_tstamp_type_val_to_description(int tstamp_type)
2173 {
2174 int i;
2175
2176 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
2177 if (tstamp_type_choices[i].type == tstamp_type)
2178 return (tstamp_type_choices[i].description);
2179 }
2180 return (NULL);
2181 }
2182
2183 int
2184 pcap_snapshot(pcap_t *p)
2185 {
2186 if (!p->activated)
2187 return (PCAP_ERROR_NOT_ACTIVATED);
2188 return (p->snapshot);
2189 }
2190
2191 int
2192 pcap_is_swapped(pcap_t *p)
2193 {
2194 if (!p->activated)
2195 return (PCAP_ERROR_NOT_ACTIVATED);
2196 return (p->swapped);
2197 }
2198
2199 int
2200 pcap_major_version(pcap_t *p)
2201 {
2202 if (!p->activated)
2203 return (PCAP_ERROR_NOT_ACTIVATED);
2204 return (p->version_major);
2205 }
2206
2207 int
2208 pcap_minor_version(pcap_t *p)
2209 {
2210 if (!p->activated)
2211 return (PCAP_ERROR_NOT_ACTIVATED);
2212 return (p->version_minor);
2213 }
2214
2215 int
2216 pcap_bufsize(pcap_t *p)
2217 {
2218 if (!p->activated)
2219 return (PCAP_ERROR_NOT_ACTIVATED);
2220 return (p->bufsize);
2221 }
2222
2223 FILE *
2224 pcap_file(pcap_t *p)
2225 {
2226 return (p->rfile);
2227 }
2228
2229 int
2230 pcap_fileno(pcap_t *p)
2231 {
2232 #ifndef _WIN32
2233 return (p->fd);
2234 #else
2235 if (p->adapter != NULL)
2236 return ((int)(DWORD)p->adapter->hFile);
2237 else
2238 return (PCAP_ERROR);
2239 #endif
2240 }
2241
2242 #if !defined(_WIN32) && !defined(MSDOS)
2243 int
2244 pcap_get_selectable_fd(pcap_t *p)
2245 {
2246 return (p->selectable_fd);
2247 }
2248 #endif
2249
2250 void
2251 pcap_perror(pcap_t *p, const char *prefix)
2252 {
2253 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
2254 }
2255
2256 char *
2257 pcap_geterr(pcap_t *p)
2258 {
2259 return (p->errbuf);
2260 }
2261
2262 int
2263 pcap_getnonblock(pcap_t *p, char *errbuf)
2264 {
2265 int ret;
2266
2267 ret = p->getnonblock_op(p);
2268 if (ret == -1) {
2269 /*
2270 * The get nonblock operation sets p->errbuf; this
2271 * function *shouldn't* have had a separate errbuf
2272 * argument, as it didn't need one, but I goofed
2273 * when adding it.
2274 *
2275 * We copy the error message to errbuf, so callers
2276 * can find it in either place.
2277 */
2278 strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
2279 }
2280 return (ret);
2281 }
2282
2283 /*
2284 * Get the current non-blocking mode setting, under the assumption that
2285 * it's just the standard POSIX non-blocking flag.
2286 */
2287 #if !defined(_WIN32) && !defined(MSDOS)
2288 int
2289 pcap_getnonblock_fd(pcap_t *p)
2290 {
2291 int fdflags;
2292
2293 fdflags = fcntl(p->fd, F_GETFL, 0);
2294 if (fdflags == -1) {
2295 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
2296 pcap_strerror(errno));
2297 return (-1);
2298 }
2299 if (fdflags & O_NONBLOCK)
2300 return (1);
2301 else
2302 return (0);
2303 }
2304 #endif
2305
2306 int
2307 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
2308 {
2309 int ret;
2310
2311 ret = p->setnonblock_op(p, nonblock);
2312 if (ret == -1) {
2313 /*
2314 * The set nonblock operation sets p->errbuf; this
2315 * function *shouldn't* have had a separate errbuf
2316 * argument, as it didn't need one, but I goofed
2317 * when adding it.
2318 *
2319 * We copy the error message to errbuf, so callers
2320 * can find it in either place.
2321 */
2322 strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
2323 }
2324 return (ret);
2325 }
2326
2327 #if !defined(_WIN32) && !defined(MSDOS)
2328 /*
2329 * Set non-blocking mode, under the assumption that it's just the
2330 * standard POSIX non-blocking flag. (This can be called by the
2331 * per-platform non-blocking-mode routine if that routine also
2332 * needs to do some additional work.)
2333 */
2334 int
2335 pcap_setnonblock_fd(pcap_t *p, int nonblock)
2336 {
2337 int fdflags;
2338
2339 fdflags = fcntl(p->fd, F_GETFL, 0);
2340 if (fdflags == -1) {
2341 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
2342 pcap_strerror(errno));
2343 return (-1);
2344 }
2345 if (nonblock)
2346 fdflags |= O_NONBLOCK;
2347 else
2348 fdflags &= ~O_NONBLOCK;
2349 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
2350 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
2351 pcap_strerror(errno));
2352 return (-1);
2353 }
2354 return (0);
2355 }
2356 #endif
2357
2358 #ifdef _WIN32
2359 /*
2360 * Generate a string for a Win32-specific error (i.e. an error generated when
2361 * calling a Win32 API).
2362 * For errors occurred during standard C calls, we still use pcap_strerror()
2363 */
2364 void
2365 pcap_win32_err_to_str(DWORD error, char *errbuf)
2366 {
2367 size_t errlen;
2368 char *p;
2369
2370 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
2371 PCAP_ERRBUF_SIZE, NULL);
2372
2373 /*
2374 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
2375 * message. Get rid of it.
2376 */
2377 errlen = strlen(errbuf);
2378 if (errlen >= 2) {
2379 errbuf[errlen - 1] = '\0';
2380 errbuf[errlen - 2] = '\0';
2381 }
2382 p = strchr(errbuf, '\0');
2383 pcap_snprintf (p, PCAP_ERRBUF_SIZE+1-(p-errbuf), " (%lu)", error);
2384 }
2385 #endif
2386
2387 /*
2388 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
2389 */
2390 const char *
2391 pcap_statustostr(int errnum)
2392 {
2393 static char ebuf[15+10+1];
2394
2395 switch (errnum) {
2396
2397 case PCAP_WARNING:
2398 return("Generic warning");
2399
2400 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
2401 return ("That type of time stamp is not supported by that device");
2402
2403 case PCAP_WARNING_PROMISC_NOTSUP:
2404 return ("That device doesn't support promiscuous mode");
2405
2406 case PCAP_ERROR:
2407 return("Generic error");
2408
2409 case PCAP_ERROR_BREAK:
2410 return("Loop terminated by pcap_breakloop");
2411
2412 case PCAP_ERROR_NOT_ACTIVATED:
2413 return("The pcap_t has not been activated");
2414
2415 case PCAP_ERROR_ACTIVATED:
2416 return ("The setting can't be changed after the pcap_t is activated");
2417
2418 case PCAP_ERROR_NO_SUCH_DEVICE:
2419 return ("No such device exists");
2420
2421 case PCAP_ERROR_RFMON_NOTSUP:
2422 return ("That device doesn't support monitor mode");
2423
2424 case PCAP_ERROR_NOT_RFMON:
2425 return ("That operation is supported only in monitor mode");
2426
2427 case PCAP_ERROR_PERM_DENIED:
2428 return ("You don't have permission to capture on that device");
2429
2430 case PCAP_ERROR_IFACE_NOT_UP:
2431 return ("That device is not up");
2432
2433 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
2434 return ("That device doesn't support setting the time stamp type");
2435
2436 case PCAP_ERROR_PROMISC_PERM_DENIED:
2437 return ("You don't have permission to capture in promiscuous mode on that device");
2438
2439 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
2440 return ("That device doesn't support that time stamp precision");
2441 }
2442 (void)pcap_snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
2443 return(ebuf);
2444 }
2445
2446 /*
2447 * Not all systems have strerror().
2448 */
2449 const char *
2450 pcap_strerror(int errnum)
2451 {
2452 #ifdef HAVE_STRERROR
2453 #ifdef _WIN32
2454 static char errbuf[PCAP_ERRBUF_SIZE];
2455 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum);
2456
2457 if (err != 0) /* err = 0 if successful */
2458 strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE);
2459 return (errbuf);
2460 #else
2461 return (strerror(errnum));
2462 #endif /* _WIN32 */
2463 #else
2464 extern int sys_nerr;
2465 extern const char *const sys_errlist[];
2466 static char errbuf[PCAP_ERRBUF_SIZE];
2467
2468 if ((unsigned int)errnum < sys_nerr)
2469 return ((char *)sys_errlist[errnum]);
2470 (void)pcap_snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum);
2471 return (errbuf);
2472 #endif
2473 }
2474
2475 int
2476 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
2477 {
2478 return (p->setfilter_op(p, fp));
2479 }
2480
2481 /*
2482 * Set direction flag, which controls whether we accept only incoming
2483 * packets, only outgoing packets, or both.
2484 * Note that, depending on the platform, some or all direction arguments
2485 * might not be supported.
2486 */
2487 int
2488 pcap_setdirection(pcap_t *p, pcap_direction_t d)
2489 {
2490 if (p->setdirection_op == NULL) {
2491 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2492 "Setting direction is not implemented on this platform");
2493 return (-1);
2494 } else
2495 return (p->setdirection_op(p, d));
2496 }
2497
2498 int
2499 pcap_stats(pcap_t *p, struct pcap_stat *ps)
2500 {
2501 return (p->stats_op(p, ps));
2502 }
2503
2504 static int
2505 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
2506 {
2507 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2508 "Statistics aren't available from a pcap_open_dead pcap_t");
2509 return (-1);
2510 }
2511
2512 #ifdef _WIN32
2513 struct pcap_stat *
2514 pcap_stats_ex(pcap_t *p, int *pcap_stat_size)
2515 {
2516 return (p->stats_ex_op(p, pcap_stat_size));
2517 }
2518
2519 int
2520 pcap_setbuff(pcap_t *p, int dim)
2521 {
2522 return (p->setbuff_op(p, dim));
2523 }
2524
2525 static int
2526 pcap_setbuff_dead(pcap_t *p, int dim)
2527 {
2528 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2529 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
2530 return (-1);
2531 }
2532
2533 int
2534 pcap_setmode(pcap_t *p, int mode)
2535 {
2536 return (p->setmode_op(p, mode));
2537 }
2538
2539 static int
2540 pcap_setmode_dead(pcap_t *p, int mode)
2541 {
2542 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2543 "impossible to set mode on a pcap_open_dead pcap_t");
2544 return (-1);
2545 }
2546
2547 int
2548 pcap_setmintocopy(pcap_t *p, int size)
2549 {
2550 return (p->setmintocopy_op(p, size));
2551 }
2552
2553 static int
2554 pcap_setmintocopy_dead(pcap_t *p, int size)
2555 {
2556 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2557 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
2558 return (-1);
2559 }
2560
2561 HANDLE
2562 pcap_getevent(pcap_t *p)
2563 {
2564 return (p->getevent_op(p));
2565 }
2566
2567 static HANDLE
2568 pcap_getevent_dead(pcap_t *p)
2569 {
2570 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2571 "A pcap_open_dead pcap_t has no event handle");
2572 return (INVALID_HANDLE_VALUE);
2573 }
2574
2575 int
2576 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
2577 {
2578 return (p->oid_get_request_op(p, oid, data, lenp));
2579 }
2580
2581 static int
2582 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_,
2583 size_t *lenp _U_)
2584 {
2585 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2586 "An OID get request cannot be performed on a pcap_open_dead pcap_t");
2587 return (PCAP_ERROR);
2588 }
2589
2590 int
2591 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp)
2592 {
2593 return (p->oid_set_request_op(p, oid, data, lenp));
2594 }
2595
2596 static int
2597 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
2598 size_t *lenp _U_)
2599 {
2600 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2601 "An OID set request cannot be performed on a pcap_open_dead pcap_t");
2602 return (PCAP_ERROR);
2603 }
2604
2605 pcap_send_queue *
2606 pcap_sendqueue_alloc(u_int memsize)
2607 {
2608 pcap_send_queue *tqueue;
2609
2610 /* Allocate the queue */
2611 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue));
2612 if (tqueue == NULL){
2613 return (NULL);
2614 }
2615
2616 /* Allocate the buffer */
2617 tqueue->buffer = (char *)malloc(memsize);
2618 if (tqueue->buffer == NULL) {
2619 free(tqueue);
2620 return (NULL);
2621 }
2622
2623 tqueue->maxlen = memsize;
2624 tqueue->len = 0;
2625
2626 return (tqueue);
2627 }
2628
2629 void
2630 pcap_sendqueue_destroy(pcap_send_queue *queue)
2631 {
2632 free(queue->buffer);
2633 free(queue);
2634 }
2635
2636 int
2637 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
2638 {
2639 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){
2640 return (-1);
2641 }
2642
2643 /* Copy the pcap_pkthdr header*/
2644 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr));
2645 queue->len += sizeof(struct pcap_pkthdr);
2646
2647 /* copy the packet */
2648 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen);
2649 queue->len += pkt_header->caplen;
2650
2651 return (0);
2652 }
2653
2654 u_int
2655 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync)
2656 {
2657 return (p->sendqueue_transmit_op(p, queue, sync));
2658 }
2659
2660 static u_int
2661 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue, int sync)
2662 {
2663 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2664 "Packets cannot be transmitted on a pcap_open_dead pcap_t");
2665 return (0);
2666 }
2667
2668 int
2669 pcap_setuserbuffer(pcap_t *p, int size)
2670 {
2671 return (p->setuserbuffer_op(p, size));
2672 }
2673
2674 static int
2675 pcap_setuserbuffer_dead(pcap_t *p, int size)
2676 {
2677 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2678 "The user buffer cannot be set on a pcap_open_dead pcap_t");
2679 return (-1);
2680 }
2681
2682 int
2683 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks)
2684 {
2685 return (p->live_dump_op(p, filename, maxsize, maxpacks));
2686 }
2687
2688 static int
2689 pcap_live_dump_dead(pcap_t *p, char *filename, int maxsize, int maxpacks)
2690 {
2691 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2692 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
2693 return (-1);
2694 }
2695
2696 int
2697 pcap_live_dump_ended(pcap_t *p, int sync)
2698 {
2699 return (p->live_dump_ended_op(p, sync));
2700 }
2701
2702 static int
2703 pcap_live_dump_ended_dead(pcap_t *p, int sync)
2704 {
2705 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2706 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
2707 return (-1);
2708 }
2709
2710 PAirpcapHandle
2711 pcap_get_airpcap_handle(pcap_t *p)
2712 {
2713 PAirpcapHandle handle;
2714
2715 handle = p->get_airpcap_handle_op(p);
2716 if (handle == NULL) {
2717 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
2718 "This isn't an AirPcap device");
2719 }
2720 return (handle);
2721 }
2722
2723 static PAirpcapHandle
2724 pcap_get_airpcap_handle_dead(pcap_t *p)
2725 {
2726 return (NULL);
2727 }
2728 #endif
2729
2730 /*
2731 * On some platforms, we need to clean up promiscuous or monitor mode
2732 * when we close a device - and we want that to happen even if the
2733 * application just exits without explicitl closing devices.
2734 * On those platforms, we need to register a "close all the pcaps"
2735 * routine to be called when we exit, and need to maintain a list of
2736 * pcaps that need to be closed to clean up modes.
2737 *
2738 * XXX - not thread-safe.
2739 */
2740
2741 /*
2742 * List of pcaps on which we've done something that needs to be
2743 * cleaned up.
2744 * If there are any such pcaps, we arrange to call "pcap_close_all()"
2745 * when we exit, and have it close all of them.
2746 */
2747 static struct pcap *pcaps_to_close;
2748
2749 /*
2750 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
2751 * be called on exit.
2752 */
2753 static int did_atexit;
2754
2755 static void
2756 pcap_close_all(void)
2757 {
2758 struct pcap *handle;
2759
2760 while ((handle = pcaps_to_close) != NULL)
2761 pcap_close(handle);
2762 }
2763
2764 int
2765 pcap_do_addexit(pcap_t *p)
2766 {
2767 /*
2768 * If we haven't already done so, arrange to have
2769 * "pcap_close_all()" called when we exit.
2770 */
2771 if (!did_atexit) {
2772 if (atexit(pcap_close_all) != 0) {
2773 /*
2774 * "atexit()" failed; let our caller know.
2775 */
2776 strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE);
2777 return (0);
2778 }
2779 did_atexit = 1;
2780 }
2781 return (1);
2782 }
2783
2784 void
2785 pcap_add_to_pcaps_to_close(pcap_t *p)
2786 {
2787 p->next = pcaps_to_close;
2788 pcaps_to_close = p;
2789 }
2790
2791 void
2792 pcap_remove_from_pcaps_to_close(pcap_t *p)
2793 {
2794 pcap_t *pc, *prevpc;
2795
2796 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
2797 prevpc = pc, pc = pc->next) {
2798 if (pc == p) {
2799 /*
2800 * Found it. Remove it from the list.
2801 */
2802 if (prevpc == NULL) {
2803 /*
2804 * It was at the head of the list.
2805 */
2806 pcaps_to_close = pc->next;
2807 } else {
2808 /*
2809 * It was in the middle of the list.
2810 */
2811 prevpc->next = pc->next;
2812 }
2813 break;
2814 }
2815 }
2816 }
2817
2818 void
2819 pcap_cleanup_live_common(pcap_t *p)
2820 {
2821 if (p->buffer != NULL) {
2822 free(p->buffer);
2823 p->buffer = NULL;
2824 }
2825 if (p->dlt_list != NULL) {
2826 free(p->dlt_list);
2827 p->dlt_list = NULL;
2828 p->dlt_count = 0;
2829 }
2830 if (p->tstamp_type_list != NULL) {
2831 free(p->tstamp_type_list);
2832 p->tstamp_type_list = NULL;
2833 p->tstamp_type_count = 0;
2834 }
2835 if (p->tstamp_precision_list != NULL) {
2836 free(p->tstamp_precision_list);
2837 p->tstamp_precision_list = NULL;
2838 p->tstamp_precision_count = 0;
2839 }
2840 pcap_freecode(&p->fcode);
2841 #if !defined(_WIN32) && !defined(MSDOS)
2842 if (p->fd >= 0) {
2843 close(p->fd);
2844 p->fd = -1;
2845 }
2846 p->selectable_fd = -1;
2847 #endif
2848 }
2849
2850 static void
2851 pcap_cleanup_dead(pcap_t *p _U_)
2852 {
2853 /* Nothing to do. */
2854 }
2855
2856 pcap_t *
2857 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
2858 {
2859 pcap_t *p;
2860
2861 switch (precision) {
2862
2863 case PCAP_TSTAMP_PRECISION_MICRO:
2864 case PCAP_TSTAMP_PRECISION_NANO:
2865 break;
2866
2867 default:
2868 return NULL;
2869 }
2870 p = malloc(sizeof(*p));
2871 if (p == NULL)
2872 return NULL;
2873 memset (p, 0, sizeof(*p));
2874 p->snapshot = snaplen;
2875 p->linktype = linktype;
2876 p->opt.tstamp_precision = precision;
2877 p->stats_op = pcap_stats_dead;
2878 #ifdef _WIN32
2879 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
2880 p->setbuff_op = pcap_setbuff_dead;
2881 p->setmode_op = pcap_setmode_dead;
2882 p->setmintocopy_op = pcap_setmintocopy_dead;
2883 p->getevent_op = pcap_getevent_dead;
2884 p->oid_get_request_op = pcap_oid_get_request_dead;
2885 p->oid_set_request_op = pcap_oid_set_request_dead;
2886 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead;
2887 p->setuserbuffer_op = pcap_setuserbuffer_dead;
2888 p->live_dump_op = pcap_live_dump_dead;
2889 p->live_dump_ended_op = pcap_live_dump_ended_dead;
2890 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
2891 #endif
2892 p->cleanup_op = pcap_cleanup_dead;
2893
2894 /*
2895 * A "dead" pcap_t never requires special BPF code generation.
2896 */
2897 p->bpf_codegen_flags = 0;
2898
2899 p->activated = 1;
2900 return (p);
2901 }
2902
2903 pcap_t *
2904 pcap_open_dead(int linktype, int snaplen)
2905 {
2906 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
2907 PCAP_TSTAMP_PRECISION_MICRO));
2908 }
2909
2910 /*
2911 * API compatible with WinPcap's "send a packet" routine - returns -1
2912 * on error, 0 otherwise.
2913 *
2914 * XXX - what if we get a short write?
2915 */
2916 int
2917 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
2918 {
2919 if (p->inject_op(p, buf, size) == -1)
2920 return (-1);
2921 return (0);
2922 }
2923
2924 /*
2925 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
2926 * error, number of bytes written otherwise.
2927 */
2928 int
2929 pcap_inject(pcap_t *p, const void *buf, size_t size)
2930 {
2931 return (p->inject_op(p, buf, size));
2932 }
2933
2934 void
2935 pcap_close(pcap_t *p)
2936 {
2937 if (p->opt.device != NULL)
2938 free(p->opt.device);
2939 p->cleanup_op(p);
2940 free(p);
2941 }
2942
2943 /*
2944 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
2945 * data for the packet, check whether the packet passes the filter.
2946 * Returns the return value of the filter program, which will be zero if
2947 * the packet doesn't pass and non-zero if the packet does pass.
2948 */
2949 int
2950 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
2951 const u_char *pkt)
2952 {
2953 const struct bpf_insn *fcode = fp->bf_insns;
2954
2955 if (fcode != NULL)
2956 return (bpf_filter(fcode, pkt, h->len, h->caplen));
2957 else
2958 return (0);
2959 }
2960
2961 #include "pcap_version.h"
2962
2963 static const char *pcap_lib_version_string;
2964
2965 #ifdef _WIN32
2966
2967 #ifdef HAVE_VERSION_H
2968 /*
2969 * libpcap being built for Windows, as part of a WinPcap/Npcap source
2970 * tree. Include version.h from that source tree to get the WinPcap/Npcap
2971 * version.
2972 *
2973 * XXX - it'd be nice if we could somehow generate the WinPcap version number
2974 * when building WinPcap. (It'd be nice to do so for the packet.dll version
2975 * number as well.)
2976 */
2977 #include "../../version.h"
2978
2979 static const char wpcap_version_string[] = WINPCAP_VER_STRING;
2980 static const char pcap_version_string_fmt[] =
2981 WINPCAP_PRODUCT_NAME " version %s, based on %s";
2982 static const char pcap_version_string_packet_dll_fmt[] =
2983 WINPCAP_PRODUCT_NAME " version %s (packet.dll version %s), based on %s";
2984
2985 const char *
2986 pcap_lib_version(void)
2987 {
2988 char *packet_version_string;
2989 size_t full_pcap_version_string_len;
2990 char *full_pcap_version_string;
2991
2992 if (pcap_lib_version_string == NULL) {
2993 /*
2994 * Generate the version string.
2995 */
2996 packet_version_string = PacketGetVersion();
2997 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
2998 /*
2999 * WinPcap version string and packet.dll version
3000 * string are the same; just report the WinPcap
3001 * version.
3002 */
3003 full_pcap_version_string_len =
3004 (sizeof pcap_version_string_fmt - 4) +
3005 strlen(wpcap_version_string) +
3006 strlen(pcap_version_string);
3007 full_pcap_version_string =
3008 malloc(full_pcap_version_string_len);
3009 if (full_pcap_version_string == NULL)
3010 return (NULL);
3011 pcap_snprintf(full_pcap_version_string,
3012 full_pcap_version_string_len,
3013 pcap_version_string_fmt,
3014 wpcap_version_string,
3015 pcap_version_string);
3016 } else {
3017 /*
3018 * WinPcap version string and packet.dll version
3019 * string are different; that shouldn't be the
3020 * case (the two libraries should come from the
3021 * same version of WinPcap), so we report both
3022 * versions.
3023 */
3024 full_pcap_version_string_len =
3025 (sizeof pcap_version_string_packet_dll_fmt - 6) +
3026 strlen(wpcap_version_string) +
3027 strlen(packet_version_string) +
3028 strlen(pcap_version_string);
3029 full_pcap_version_string = malloc(full_pcap_version_string_len);
3030 if (full_pcap_version_string == NULL)
3031 return (NULL);
3032 pcap_snprintf(full_pcap_version_string,
3033 full_pcap_version_string_len,
3034 pcap_version_string_packet_dll_fmt,
3035 wpcap_version_string,
3036 packet_version_string,
3037 pcap_version_string);
3038 }
3039 pcap_lib_version_string = full_pcap_version_string;
3040 }
3041 return (pcap_lib_version_string);
3042 }
3043
3044 #else /* HAVE_VERSION_H */
3045
3046 /*
3047 * libpcap being built for Windows, not as part of a WinPcap/Npcap source
3048 * tree.
3049 */
3050 static const char pcap_version_string_packet_dll_fmt[] =
3051 "%s (packet.dll version %s)";
3052 const char *
3053 pcap_lib_version(void)
3054 {
3055 char *packet_version_string;
3056 size_t full_pcap_version_string_len;
3057 char *full_pcap_version_string;
3058
3059 if (pcap_lib_version_string == NULL) {
3060 /*
3061 * Generate the version string. Report the packet.dll
3062 * version.
3063 */
3064 packet_version_string = PacketGetVersion();
3065 full_pcap_version_string_len =
3066 (sizeof pcap_version_string_packet_dll_fmt - 4) +
3067 strlen(pcap_version_string) +
3068 strlen(packet_version_string);
3069 full_pcap_version_string = malloc(full_pcap_version_string_len);
3070 if (full_pcap_version_string == NULL)
3071 return (NULL);
3072 pcap_snprintf(full_pcap_version_string,
3073 full_pcap_version_string_len,
3074 pcap_version_string_packet_dll_fmt,
3075 pcap_version_string,
3076 packet_version_string);
3077 pcap_lib_version_string = full_pcap_version_string;
3078 }
3079 return (pcap_lib_version_string);
3080 }
3081
3082 #endif /* HAVE_VERSION_H */
3083
3084 #elif defined(MSDOS)
3085
3086 const char *
3087 pcap_lib_version(void)
3088 {
3089 char *packet_version_string;
3090 size_t full_pcap_version_string_len;
3091 char *full_pcap_version_string;
3092 static char dospfx[] = "DOS-";
3093
3094 if (pcap_lib_version_string == NULL) {
3095 /*
3096 * Generate the version string.
3097 */
3098 full_pcap_version_string_len =
3099 sizeof dospfx + strlen(pcap_version_string);
3100 full_pcap_version_string =
3101 malloc(full_pcap_version_string_len);
3102 if (full_pcap_version_string == NULL)
3103 return (NULL);
3104 strcpy(full_pcap_version_string, dospfx);
3105 strcat(full_pcap_version_string, pcap_version_string);
3106 pcap_lib_version_string = full_pcap_version_string;
3107 }
3108 return (pcap_lib_version_string);
3109 }
3110
3111 #else /* UN*X */
3112
3113 const char *
3114 pcap_lib_version(void)
3115 {
3116 const char *platform_version_string;
3117 size_t full_pcap_version_string_len;
3118 char *full_pcap_version_string;
3119
3120 if (pcap_lib_version_string == NULL) {
3121 /*
3122 * Generate the version string.
3123 * Get any platform-specific information.
3124 *
3125 * XXX - what about all the local capture modules other
3126 * that the "native interface" one? That could make
3127 * the version string really long.
3128 */
3129 platform_version_string = pcap_platform_lib_version();
3130 if (platform_version_string == NULL) {
3131 /*
3132 * No platform-specific information.
3133 */
3134 pcap_lib_version_string = pcap_version_string;
3135 } else {
3136 /*
3137 * Add on the platform-specific information.
3138 */
3139 full_pcap_version_string_len =
3140 strlen(pcap_version_string) + 2 + strlen(platform_version_string) + 1 + 1;
3141 full_pcap_version_string =
3142 malloc(full_pcap_version_string_len);
3143 if (full_pcap_version_string == NULL)
3144 return (NULL);
3145 pcap_snprintf(full_pcap_version_string,
3146 full_pcap_version_string_len,
3147 "%s (%s)", pcap_version_string,
3148 platform_version_string);
3149 pcap_lib_version_string = full_pcap_version_string;
3150 }
3151 }
3152 return (pcap_lib_version_string);
3153 }
3154 #endif
3155
3156 #ifdef YYDEBUG
3157 /*
3158 * Set the internal "debug printout" flag for the filter expression parser.
3159 * The code to print that stuff is present only if YYDEBUG is defined, so
3160 * the flag, and the routine to set it, are defined only if YYDEBUG is
3161 * defined.
3162 *
3163 * This is intended for libpcap developers, not for general use.
3164 * If you want to set these in a program, you'll have to declare this
3165 * routine yourself, with the appropriate DLL import attribute on Windows;
3166 * it's not declared in any header file, and won't be declared in any
3167 * header file provided by libpcap.
3168 */
3169 PCAP_API void pcap_set_parser_debug(int value);
3170
3171 PCAP_API_DEF void
3172 pcap_set_parser_debug(int value)
3173 {
3174 extern int pcap_debug;
3175
3176 pcap_debug = value;
3177 }
3178 #endif
3179
3180 #ifdef BDEBUG
3181 /*
3182 * Set the internal "debug printout" flag for the filter expression optimizer.
3183 * The code to print that stuff is present only if BDEBUG is defined, so
3184 * the flag, and the routine to set it, are defined only if BDEBUG is
3185 * defined.
3186 *
3187 * This is intended for libpcap developers, not for general use.
3188 * If you want to set these in a program, you'll have to declare this
3189 * routine yourself, with the appropriate DLL import attribute on Windows;
3190 * it's not declared in any header file, and won't be declared in any
3191 * header file provided by libpcap.
3192 */
3193 PCAP_API void pcap_set_optimizer_debug(int value);
3194
3195 PCAP_API_DEF void
3196 pcap_set_optimizer_debug(int value)
3197 {
3198 extern int pcap_optimizer_debug;
3199
3200 pcap_optimizer_debug = value;
3201 }
3202 #endif
[mirror] the LIBpcap interface to various kernel packet capture mechanism