]> The Tcpdump Group git mirrors - libpcap/blob - pcap.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #1 from the-tcpdump-group/master
[libpcap] / pcap.c
1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #ifdef _WIN32
39 #include <pcap-stdinc.h>
40 #else /* _WIN32 */
41 #if HAVE_INTTYPES_H
42 #include <inttypes.h>
43 #elif HAVE_STDINT_H
44 #include <stdint.h>
45 #endif
46 #ifdef HAVE_SYS_BITYPES_H
47 #include <sys/bitypes.h>
48 #endif
49 #include <sys/param.h>
50 #include <sys/types.h>
51 #ifndef MSDOS
52 #include <sys/file.h>
53 #endif
54 #include <sys/ioctl.h>
55 #include <sys/socket.h>
56 #ifdef HAVE_SYS_SOCKIO_H
57 #include <sys/sockio.h>
58 #endif
59
60 struct mbuf; /* Squelch compiler warnings on some platforms for */
61 struct rtentry; /* declarations in <net/if.h> */
62 #include <net/if.h>
63 #include <netinet/in.h>
64 #endif /* _WIN32 */
65
66 #include <ctype.h>
67 #include <stdio.h>
68 #include <stdlib.h>
69 #include <string.h>
70 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
71 #include <unistd.h>
72 #endif
73 #include <fcntl.h>
74 #include <errno.h>
75 #ifdef HAVE_LIMITS_H
76 #include <limits.h>
77 #else
78 #define INT_MAX 2147483647
79 #endif
80
81 #ifdef HAVE_OS_PROTO_H
82 #include "os-proto.h"
83 #endif
84
85 #ifdef MSDOS
86 #include "pcap-dos.h"
87 #endif
88
89 #include "pcap-int.h"
90
91 #ifdef HAVE_DAG_API
92 #include "pcap-dag.h"
93 #endif /* HAVE_DAG_API */
94
95 #ifdef HAVE_SEPTEL_API
96 #include "pcap-septel.h"
97 #endif /* HAVE_SEPTEL_API */
98
99 #ifdef HAVE_SNF_API
100 #include "pcap-snf.h"
101 #endif /* HAVE_SNF_API */
102
103 #ifdef HAVE_TC_API
104 #include "pcap-tc.h"
105 #endif /* HAVE_TC_API */
106
107 #ifdef PCAP_SUPPORT_USB
108 #include "pcap-usb-linux.h"
109 #endif
110
111 #ifdef PCAP_SUPPORT_BT
112 #include "pcap-bt-linux.h"
113 #endif
114
115 #ifdef PCAP_SUPPORT_BT_MONITOR
116 #include "pcap-bt-monitor-linux.h"
117 #endif
118
119 #ifdef PCAP_SUPPORT_NETFILTER
120 #include "pcap-netfilter-linux.h"
121 #endif
122
123 #ifdef PCAP_SUPPORT_DBUS
124 #include "pcap-dbus.h"
125 #endif
126
127 static int
128 pcap_not_initialized(pcap_t *pcap)
129 {
130 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */
131 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
132 "This handle hasn't been activated yet");
133 /* this means 'not initialized' */
134 return (PCAP_ERROR_NOT_ACTIVATED);
135 }
136
137 #ifdef _WIN32
138 static void *
139 pcap_not_initialized_ptr(pcap_t *pcap)
140 {
141 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
142 "This handle hasn't been activated yet");
143 return (NULL);
144 }
145
146 static HANDLE
147 pcap_getevent_not_initialized(pcap_t *pcap)
148 {
149 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
150 "This handle hasn't been activated yet");
151 return (INVALID_HANDLE_VALUE);
152 }
153
154 static u_int
155 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue, int sync)
156 {
157 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
158 "This handle hasn't been activated yet");
159 return (0);
160 }
161
162 static PAirpcapHandle
163 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap)
164 {
165 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
166 "This handle hasn't been activated yet");
167 return (NULL);
168 }
169 #endif
170
171 /*
172 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
173 * a PCAP_ERROR value on an error.
174 */
175 int
176 pcap_can_set_rfmon(pcap_t *p)
177 {
178 return (p->can_set_rfmon_op(p));
179 }
180
181 /*
182 * For systems where rfmon mode is never supported.
183 */
184 static int
185 pcap_cant_set_rfmon(pcap_t *p _U_)
186 {
187 return (0);
188 }
189
190 /*
191 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
192 * types; the return value is the number of supported time stamp types.
193 * The list should be freed by a call to pcap_free_tstamp_types() when
194 * you're done with it.
195 *
196 * A return value of 0 means "you don't get a choice of time stamp type",
197 * in which case *tstamp_typesp is set to null.
198 *
199 * PCAP_ERROR is returned on error.
200 */
201 int
202 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
203 {
204 if (p->tstamp_type_count == 0) {
205 /*
206 * We don't support multiple time stamp types.
207 */
208 *tstamp_typesp = NULL;
209 } else {
210 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
211 p->tstamp_type_count);
212 if (*tstamp_typesp == NULL) {
213 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
214 "malloc: %s", pcap_strerror(errno));
215 return (PCAP_ERROR);
216 }
217 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
218 sizeof(**tstamp_typesp) * p->tstamp_type_count);
219 }
220 return (p->tstamp_type_count);
221 }
222
223 /*
224 * In Windows, you might have a library built with one version of the
225 * C runtime library and an application built with another version of
226 * the C runtime library, which means that the library might use one
227 * version of malloc() and free() and the application might use another
228 * version of malloc() and free(). If so, that means something
229 * allocated by the library cannot be freed by the application, so we
230 * need to have a pcap_free_tstamp_types() routine to free up the list
231 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
232 * around free().
233 */
234 void
235 pcap_free_tstamp_types(int *tstamp_type_list)
236 {
237 free(tstamp_type_list);
238 }
239
240 /*
241 * Default one-shot callback; overridden for capture types where the
242 * packet data cannot be guaranteed to be available after the callback
243 * returns, so that a copy must be made.
244 */
245 void
246 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
247 {
248 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
249
250 *sp->hdr = *h;
251 *sp->pkt = pkt;
252 }
253
254 const u_char *
255 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
256 {
257 struct oneshot_userdata s;
258 const u_char *pkt;
259
260 s.hdr = h;
261 s.pkt = &pkt;
262 s.pd = p;
263 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
264 return (0);
265 return (pkt);
266 }
267
268 int
269 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
270 const u_char **pkt_data)
271 {
272 struct oneshot_userdata s;
273
274 s.hdr = &p->pcap_header;
275 s.pkt = pkt_data;
276 s.pd = p;
277
278 /* Saves a pointer to the packet headers */
279 *pkt_header= &p->pcap_header;
280
281 if (p->rfile != NULL) {
282 int status;
283
284 /* We are on an offline capture */
285 status = pcap_offline_read(p, 1, p->oneshot_callback,
286 (u_char *)&s);
287
288 /*
289 * Return codes for pcap_offline_read() are:
290 * - 0: EOF
291 * - -1: error
292 * - >1: OK
293 * The first one ('0') conflicts with the return code of
294 * 0 from pcap_read() meaning "no packets arrived before
295 * the timeout expired", so we map it to -2 so you can
296 * distinguish between an EOF from a savefile and a
297 * "no packets arrived before the timeout expired, try
298 * again" from a live capture.
299 */
300 if (status == 0)
301 return (-2);
302 else
303 return (status);
304 }
305
306 /*
307 * Return codes for pcap_read() are:
308 * - 0: timeout
309 * - -1: error
310 * - -2: loop was broken out of with pcap_breakloop()
311 * - >1: OK
312 * The first one ('0') conflicts with the return code of 0 from
313 * pcap_offline_read() meaning "end of file".
314 */
315 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
316 }
317
318 /*
319 * Implementation of a pcap_if_list_t.
320 */
321 struct pcap_if_list {
322 pcap_if_t *beginning;
323 };
324
325 static struct capture_source_type {
326 int (*findalldevs_op)(pcap_if_list_t *, char *);
327 pcap_t *(*create_op)(const char *, char *, int *);
328 } capture_source_types[] = {
329 #ifdef HAVE_DAG_API
330 { dag_findalldevs, dag_create },
331 #endif
332 #ifdef HAVE_SEPTEL_API
333 { septel_findalldevs, septel_create },
334 #endif
335 #ifdef HAVE_SNF_API
336 { snf_findalldevs, snf_create },
337 #endif
338 #ifdef HAVE_TC_API
339 { TcFindAllDevs, TcCreate },
340 #endif
341 #ifdef PCAP_SUPPORT_BT
342 { bt_findalldevs, bt_create },
343 #endif
344 #ifdef PCAP_SUPPORT_BT_MONITOR
345 { bt_monitor_findalldevs, bt_monitor_create },
346 #endif
347 #ifdef PCAP_SUPPORT_USB
348 { usb_findalldevs, usb_create },
349 #endif
350 #ifdef PCAP_SUPPORT_NETFILTER
351 { netfilter_findalldevs, netfilter_create },
352 #endif
353 #ifdef PCAP_SUPPORT_DBUS
354 { dbus_findalldevs, dbus_create },
355 #endif
356 { NULL, NULL }
357 };
358
359 /*
360 * Get a list of all capture sources that are up and that we can open.
361 * Returns -1 on error, 0 otherwise.
362 * The list, as returned through "alldevsp", may be null if no interfaces
363 * were up and could be opened.
364 */
365 int
366 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
367 {
368 size_t i;
369 pcap_if_list_t devlist;
370
371 /*
372 * Find all the local network interfaces on which we
373 * can capture.
374 */
375 devlist.beginning = NULL;
376 if (pcap_platform_finddevs(&devlist, errbuf) == -1) {
377 /*
378 * Failed - free all of the entries we were given
379 * before we failed.
380 */
381 if (devlist.beginning != NULL)
382 pcap_freealldevs(devlist.beginning);
383 *alldevsp = NULL;
384 return (-1);
385 }
386
387 /*
388 * Ask each of the non-local-network-interface capture
389 * source types what interfaces they have.
390 */
391 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
392 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) {
393 /*
394 * We had an error; free the list we've been
395 * constructing.
396 */
397 if (devlist.beginning != NULL)
398 pcap_freealldevs(devlist.beginning);
399 *alldevsp = NULL;
400 return (-1);
401 }
402 }
403
404 /*
405 * Return the first entry of the list of all devices.
406 */
407 *alldevsp = devlist.beginning;
408 return (0);
409 }
410
411 static struct sockaddr *
412 dup_sockaddr(struct sockaddr *sa, size_t sa_length)
413 {
414 struct sockaddr *newsa;
415
416 if ((newsa = malloc(sa_length)) == NULL)
417 return (NULL);
418 return (memcpy(newsa, sa, sa_length));
419 }
420
421 /*
422 * Construct a "figure of merit" for an interface, for use when sorting
423 * the list of interfaces, in which interfaces that are up are superior
424 * to interfaces that aren't up, interfaces that are up and running are
425 * superior to interfaces that are up but not running, and non-loopback
426 * interfaces that are up and running are superior to loopback interfaces,
427 * and interfaces with the same flags have a figure of merit that's higher
428 * the lower the instance number.
429 *
430 * The goal is to try to put the interfaces most likely to be useful for
431 * capture at the beginning of the list.
432 *
433 * The figure of merit, which is lower the "better" the interface is,
434 * has the uppermost bit set if the interface isn't running, the bit
435 * below that set if the interface isn't up, the bit below that set
436 * if the interface is a loopback interface, and the interface index
437 * in the 29 bits below that. (Yes, we assume u_int is 32 bits.)
438 */
439 static u_int
440 get_figure_of_merit(pcap_if_t *dev)
441 {
442 const char *cp;
443 u_int n;
444
445 if (strcmp(dev->name, "any") == 0) {
446 /*
447 * Give the "any" device an artificially high instance
448 * number, so it shows up after all other non-loopback
449 * interfaces.
450 */
451 n = 0x1FFFFFFF; /* 29 all-1 bits */
452 } else {
453 /*
454 * A number at the end of the device name string is
455 * assumed to be an instance number. Add 1 to the
456 * instance number, and use 0 for "no instance
457 * number", so we don't put "no instance number"
458 * devices and "instance 0" devices together.
459 */
460 cp = dev->name + strlen(dev->name) - 1;
461 while (cp-1 >= dev->name && *(cp-1) >= '0' && *(cp-1) <= '9')
462 cp--;
463 if (*cp >= '0' && *cp <= '9')
464 n = atoi(cp) + 1;
465 else
466 n = 0;
467 }
468 if (!(dev->flags & PCAP_IF_RUNNING))
469 n |= 0x80000000;
470 if (!(dev->flags & PCAP_IF_UP))
471 n |= 0x40000000;
472 if (dev->flags & PCAP_IF_LOOPBACK)
473 n |= 0x20000000;
474 return (n);
475 }
476
477 #ifndef _WIN32
478 /*
479 * Try to get a description for a given device.
480 * Returns a mallocated description if it could and NULL if it couldn't.
481 *
482 * XXX - on FreeBSDs that support it, should it get the sysctl named
483 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description
484 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800"
485 * with my Cisco 350 card, so the name isn't entirely descriptive. The
486 * "dev.an.0.%pnpinfo" has a better description, although one might argue
487 * that the problem is really a driver bug - if it can find out that it's
488 * a Cisco 340 or 350, rather than an old Aironet card, it should use
489 * that in the description.
490 *
491 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD
492 * and OpenBSD let you get a description, but it's not generated by the OS,
493 * it's set with another ioctl that ifconfig supports; we use that to get
494 * a description in FreeBSD and OpenBSD, but if there is no such
495 * description available, it still might be nice to get some description
496 * string based on the device type or something such as that.
497 *
498 * In OS X, the System Configuration framework can apparently return
499 * names in 10.4 and later.
500 *
501 * It also appears that freedesktop.org's HAL offers an "info.product"
502 * string, but the HAL specification says it "should not be used in any
503 * UI" and "subsystem/capability specific properties" should be used
504 * instead and, in any case, I think HAL is being deprecated in
505 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear
506 * to have any obvious product information for devices, but maybe
507 * I haven't looked hard enough.
508 *
509 * Using the System Configuration framework, or HAL, or DeviceKit, or
510 * whatever, would require that libpcap applications be linked with
511 * the frameworks/libraries in question. That shouldn't be a problem
512 * for programs linking with the shared version of libpcap (unless
513 * you're running on AIX - which I think is the only UN*X that doesn't
514 * support linking a shared library with other libraries on which it
515 * depends, and having an executable linked only with the first shared
516 * library automatically pick up the other libraries when started -
517 * and using HAL or whatever). Programs linked with the static
518 * version of libpcap would have to use pcap-config with the --static
519 * flag in order to get the right linker flags in order to pick up
520 * the additional libraries/frameworks; those programs need that anyway
521 * for libpcap 1.1 and beyond on Linux, as, by default, it requires
522 * -lnl.
523 *
524 * Do any other UN*Xes, or desktop environments support getting a
525 * description?
526 */
527 static char *
528 get_if_description(const char *name)
529 {
530 #ifdef SIOCGIFDESCR
531 char *description = NULL;
532 int s;
533 struct ifreq ifrdesc;
534 #ifndef IFDESCRSIZE
535 size_t descrlen = 64;
536 #else
537 size_t descrlen = IFDESCRSIZE;
538 #endif /* IFDESCRSIZE */
539
540 /*
541 * Get the description for the interface.
542 */
543 memset(&ifrdesc, 0, sizeof ifrdesc);
544 strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
545 s = socket(AF_INET, SOCK_DGRAM, 0);
546 if (s >= 0) {
547 #ifdef __FreeBSD__
548 /*
549 * On FreeBSD, if the buffer isn't big enough for the
550 * description, the ioctl succeeds, but the description
551 * isn't copied, ifr_buffer.length is set to the description
552 * length, and ifr_buffer.buffer is set to NULL.
553 */
554 for (;;) {
555 free(description);
556 if ((description = malloc(descrlen)) != NULL) {
557 ifrdesc.ifr_buffer.buffer = description;
558 ifrdesc.ifr_buffer.length = descrlen;
559 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
560 if (ifrdesc.ifr_buffer.buffer ==
561 description)
562 break;
563 else
564 descrlen = ifrdesc.ifr_buffer.length;
565 } else {
566 /*
567 * Failed to get interface description.
568 */
569 free(description);
570 description = NULL;
571 break;
572 }
573 } else
574 break;
575 }
576 #else /* __FreeBSD__ */
577 /*
578 * The only other OS that currently supports
579 * SIOCGIFDESCR is OpenBSD, and it has no way
580 * to get the description length - it's clamped
581 * to a maximum of IFDESCRSIZE.
582 */
583 if ((description = malloc(descrlen)) != NULL) {
584 ifrdesc.ifr_data = (caddr_t)description;
585 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
586 /*
587 * Failed to get interface description.
588 */
589 free(description);
590 description = NULL;
591 }
592 }
593 #endif /* __FreeBSD__ */
594 close(s);
595 if (description != NULL && strlen(description) == 0) {
596 /*
597 * Description is empty, so discard it.
598 */
599 free(description);
600 description = NULL;
601 }
602 }
603
604 #ifdef __FreeBSD__
605 /*
606 * For FreeBSD, if we didn't get a description, and this is
607 * a device with a name of the form usbusN, label it as a USB
608 * bus.
609 */
610 if (description == NULL) {
611 if (strncmp(name, "usbus", 5) == 0) {
612 /*
613 * OK, it begins with "usbus".
614 */
615 long busnum;
616 char *p;
617
618 errno = 0;
619 busnum = strtol(name + 5, &p, 10);
620 if (errno == 0 && p != name + 5 && *p == '\0' &&
621 busnum >= 0 && busnum <= INT_MAX) {
622 /*
623 * OK, it's a valid number that's not
624 * bigger than INT_MAX. Construct
625 * a description from it.
626 */
627 static const char descr_prefix[] = "USB bus number ";
628 size_t descr_size;
629
630 /*
631 * Allow enough room for a 32-bit bus number.
632 * sizeof (descr_prefix) includes the
633 * terminating NUL.
634 */
635 descr_size = sizeof (descr_prefix) + 10;
636 description = malloc(descr_size);
637 if (description != NULL) {
638 pcap_snprintf(description, descr_size,
639 "%s%ld", descr_prefix, busnum);
640 }
641 }
642 }
643 }
644 #endif
645 return (description);
646 #else /* SIOCGIFDESCR */
647 return (NULL);
648 #endif /* SIOCGIFDESCR */
649 }
650
651 /*
652 * Look for a given device in the specified list of devices.
653 *
654 * If we find it, return a pointer to its entry.
655 *
656 * If we don't find it, attempt to add an entry for it, with the specified
657 * IFF_ flags and description, and, if that succeeds, return a pointer to
658 * the new entry, otherwise return NULL and set errbuf to an error message.
659 */
660 pcap_if_t *
661 find_or_add_if(pcap_if_list_t *devlistp, const char *name,
662 bpf_u_int32 if_flags, char *errbuf)
663 {
664 bpf_u_int32 pcap_flags;
665
666 /*
667 * Convert IFF_ flags to pcap flags.
668 */
669 pcap_flags = 0;
670 #ifdef IFF_LOOPBACK
671 if (if_flags & IFF_LOOPBACK)
672 pcap_flags |= PCAP_IF_LOOPBACK;
673 #else
674 /*
675 * We don't have IFF_LOOPBACK, so look at the device name to
676 * see if it looks like a loopback device.
677 */
678 if (name[0] == 'l' && name[1] == 'o' &&
679 (isdigit((unsigned char)(name[2])) || name[2] == '\0')
680 pcap_flags |= PCAP_IF_LOOPBACK;
681 #endif
682 #ifdef IFF_UP
683 if (if_flags & IFF_UP)
684 pcap_flags |= PCAP_IF_UP;
685 #endif
686 #ifdef IFF_RUNNING
687 if (if_flags & IFF_RUNNING)
688 pcap_flags |= PCAP_IF_RUNNING;
689 #endif
690
691 /*
692 * Attempt to find an entry for this device; if we don't find one,
693 * attempt to add one.
694 */
695 return (find_or_add_dev(devlistp, name, pcap_flags,
696 get_if_description(name), errbuf));
697 }
698
699 /*
700 * Look for a given device in the specified list of devices.
701 *
702 * If we find it, then, if the specified address isn't null, add it to
703 * the list of addresses for the device and return 0.
704 *
705 * If we don't find it, attempt to add an entry for it, with the specified
706 * IFF_ flags and description, and, if that succeeds, add the specified
707 * address to its list of addresses if that address is non-null, and
708 * return 0, otherwise return -1 and set errbuf to an error message.
709 *
710 * (We can get called with a null address because we might get a list
711 * of interface name/address combinations from the underlying OS, with
712 * the address being absent in some cases, rather than a list of
713 * interfaces with each interface having a list of addresses, so this
714 * call may be the only call made to add to the list, and we want to
715 * add interfaces even if they have no addresses.)
716 */
717 int
718 add_addr_to_if(pcap_if_list_t *devlistp, const char *name,
719 bpf_u_int32 if_flags,
720 struct sockaddr *addr, size_t addr_size,
721 struct sockaddr *netmask, size_t netmask_size,
722 struct sockaddr *broadaddr, size_t broadaddr_size,
723 struct sockaddr *dstaddr, size_t dstaddr_size,
724 char *errbuf)
725 {
726 pcap_if_t *curdev;
727
728 /*
729 * Check whether the device exists and, if not, add it.
730 */
731 curdev = find_or_add_if(devlistp, name, if_flags, errbuf);
732 if (curdev == NULL) {
733 /*
734 * Error - give up.
735 */
736 return (-1);
737 }
738
739 if (addr == NULL) {
740 /*
741 * There's no address to add; this entry just meant
742 * "here's a new interface".
743 */
744 return (0);
745 }
746
747 /*
748 * "curdev" is an entry for this interface, and we have an
749 * address for it; add an entry for that address to the
750 * interface's list of addresses.
751 */
752 return (add_addr_to_dev(curdev, addr, addr_size, netmask,
753 netmask_size, broadaddr, broadaddr_size, dstaddr,
754 dstaddr_size, errbuf));
755 }
756 #endif /* _WIN32 */
757
758 /*
759 * Add an entry to the list of addresses for an interface.
760 * "curdev" is the entry for that interface.
761 */
762 int
763 add_addr_to_dev(pcap_if_t *curdev,
764 struct sockaddr *addr, size_t addr_size,
765 struct sockaddr *netmask, size_t netmask_size,
766 struct sockaddr *broadaddr, size_t broadaddr_size,
767 struct sockaddr *dstaddr, size_t dstaddr_size,
768 char *errbuf)
769 {
770 pcap_addr_t *curaddr, *prevaddr, *nextaddr;
771
772 /*
773 * Allocate the new entry and fill it in.
774 */
775 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t));
776 if (curaddr == NULL) {
777 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
778 "malloc: %s", pcap_strerror(errno));
779 return (-1);
780 }
781
782 curaddr->next = NULL;
783 if (addr != NULL && addr_size != 0) {
784 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size);
785 if (curaddr->addr == NULL) {
786 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
787 "malloc: %s", pcap_strerror(errno));
788 free(curaddr);
789 return (-1);
790 }
791 } else
792 curaddr->addr = NULL;
793
794 if (netmask != NULL && netmask_size != 0) {
795 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size);
796 if (curaddr->netmask == NULL) {
797 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
798 "malloc: %s", pcap_strerror(errno));
799 if (curaddr->addr != NULL)
800 free(curaddr->addr);
801 free(curaddr);
802 return (-1);
803 }
804 } else
805 curaddr->netmask = NULL;
806
807 if (broadaddr != NULL && broadaddr_size != 0) {
808 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size);
809 if (curaddr->broadaddr == NULL) {
810 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
811 "malloc: %s", pcap_strerror(errno));
812 if (curaddr->netmask != NULL)
813 free(curaddr->netmask);
814 if (curaddr->addr != NULL)
815 free(curaddr->addr);
816 free(curaddr);
817 return (-1);
818 }
819 } else
820 curaddr->broadaddr = NULL;
821
822 if (dstaddr != NULL && dstaddr_size != 0) {
823 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size);
824 if (curaddr->dstaddr == NULL) {
825 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
826 "malloc: %s", pcap_strerror(errno));
827 if (curaddr->broadaddr != NULL)
828 free(curaddr->broadaddr);
829 if (curaddr->netmask != NULL)
830 free(curaddr->netmask);
831 if (curaddr->addr != NULL)
832 free(curaddr->addr);
833 free(curaddr);
834 return (-1);
835 }
836 } else
837 curaddr->dstaddr = NULL;
838
839 /*
840 * Find the end of the list of addresses.
841 */
842 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) {
843 nextaddr = prevaddr->next;
844 if (nextaddr == NULL) {
845 /*
846 * This is the end of the list.
847 */
848 break;
849 }
850 }
851
852 if (prevaddr == NULL) {
853 /*
854 * The list was empty; this is the first member.
855 */
856 curdev->addresses = curaddr;
857 } else {
858 /*
859 * "prevaddr" is the last member of the list; append
860 * this member to it.
861 */
862 prevaddr->next = curaddr;
863 }
864
865 return (0);
866 }
867
868 /*
869 * Look for a given device in the specified list of devices.
870 *
871 * If we find it, return 0 and set *curdev_ret to point to it.
872 *
873 * If we don't find it, attempt to add an entry for it, with the specified
874 * flags and description, and, if that succeeds, return 0, otherwise
875 * return -1 and set errbuf to an error message.
876 */
877 pcap_if_t *
878 find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags,
879 const char *description, char *errbuf)
880 {
881 pcap_if_t *curdev;
882
883 /*
884 * Is there already an entry in the list for this device?
885 */
886 curdev = find_dev(devlistp, name);
887 if (curdev != NULL) {
888 /*
889 * Yes, return it.
890 */
891 return (curdev);
892 }
893
894 /*
895 * No, we didn't find it. Try to add it to the list of devices.
896 */
897 return (add_dev(devlistp, name, flags, description, errbuf));
898 }
899
900 /*
901 * Look for a given device in the specified list of devices, and return
902 * the entry for it if we find it or NULL if we don't.
903 */
904 pcap_if_t *
905 find_dev(pcap_if_list_t *devlistp, const char *name)
906 {
907 pcap_if_t *curdev;
908
909 /*
910 * Is there an entry in the list for this device?
911 */
912 for (curdev = devlistp->beginning; curdev != NULL;
913 curdev = curdev->next) {
914 if (strcmp(name, curdev->name) == 0) {
915 /*
916 * We found it, so, yes, there is. No need to
917 * add it. Provide the entry we found to our
918 * caller.
919 */
920 return (curdev);
921 }
922 }
923
924 /*
925 * No.
926 */
927 return (NULL);
928 }
929
930 /*
931 * Attempt to add an entry for a device, with the specified flags
932 * and description, and, if that succeeds, return 0 and return a pointer
933 * to the new entry, otherwise return NULL and set errbuf to an error
934 * message.
935 *
936 * If we weren't given a description, try to get one.
937 */
938 pcap_if_t *
939 add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags,
940 const char *description, char *errbuf)
941 {
942 pcap_if_t *curdev, *prevdev, *nextdev;
943 u_int this_figure_of_merit, nextdev_figure_of_merit;
944
945 curdev = malloc(sizeof(pcap_if_t));
946 if (curdev == NULL) {
947 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
948 "malloc: %s", pcap_strerror(errno));
949 return (NULL);
950 }
951
952 /*
953 * Fill in the entry.
954 */
955 curdev->next = NULL;
956 curdev->name = strdup(name);
957 if (curdev->name == NULL) {
958 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
959 "malloc: %s", pcap_strerror(errno));
960 free(curdev);
961 return (NULL);
962 }
963 if (description == NULL) {
964 /*
965 * We weren't handed a description for the interface.
966 */
967 curdev->description = NULL;
968 } else {
969 /*
970 * We were handed a description; make a copy.
971 */
972 curdev->description = strdup(description);
973 if (curdev->description == NULL) {
974 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
975 "malloc: %s", pcap_strerror(errno));
976 free(curdev->name);
977 free(curdev);
978 return (NULL);
979 }
980 }
981 curdev->addresses = NULL; /* list starts out as empty */
982 curdev->flags = flags;
983
984 /*
985 * Add it to the list, in the appropriate location.
986 * First, get the "figure of merit" for this interface.
987 */
988 this_figure_of_merit = get_figure_of_merit(curdev);
989
990 /*
991 * Now look for the last interface with an figure of merit
992 * less than or equal to the new interface's figure of merit.
993 *
994 * We start with "prevdev" being NULL, meaning we're before
995 * the first element in the list.
996 */
997 prevdev = NULL;
998 for (;;) {
999 /*
1000 * Get the interface after this one.
1001 */
1002 if (prevdev == NULL) {
1003 /*
1004 * The next element is the first element.
1005 */
1006 nextdev = devlistp->beginning;
1007 } else
1008 nextdev = prevdev->next;
1009
1010 /*
1011 * Are we at the end of the list?
1012 */
1013 if (nextdev == NULL) {
1014 /*
1015 * Yes - we have to put the new entry after "prevdev".
1016 */
1017 break;
1018 }
1019
1020 /*
1021 * Is the new interface's figure of merit less
1022 * than the next interface's figure of merit,
1023 * meaning that the new interface is better
1024 * than the next interface?
1025 */
1026 nextdev_figure_of_merit = get_figure_of_merit(nextdev);
1027 if (this_figure_of_merit < nextdev_figure_of_merit) {
1028 /*
1029 * Yes - we should put the new entry
1030 * before "nextdev", i.e. after "prevdev".
1031 */
1032 break;
1033 }
1034
1035 prevdev = nextdev;
1036 }
1037
1038 /*
1039 * Insert before "nextdev".
1040 */
1041 curdev->next = nextdev;
1042
1043 /*
1044 * Insert after "prevdev" - unless "prevdev" is null,
1045 * in which case this is the first interface.
1046 */
1047 if (prevdev == NULL) {
1048 /*
1049 * This is the first interface. Make it
1050 * the first element in the list of devices.
1051 */
1052 devlistp->beginning = curdev;
1053 } else
1054 prevdev->next = curdev;
1055 return (curdev);
1056 }
1057
1058 /*
1059 * Free a list of interfaces.
1060 */
1061 void
1062 pcap_freealldevs(pcap_if_t *alldevs)
1063 {
1064 pcap_if_t *curdev, *nextdev;
1065 pcap_addr_t *curaddr, *nextaddr;
1066
1067 for (curdev = alldevs; curdev != NULL; curdev = nextdev) {
1068 nextdev = curdev->next;
1069
1070 /*
1071 * Free all addresses.
1072 */
1073 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) {
1074 nextaddr = curaddr->next;
1075 if (curaddr->addr)
1076 free(curaddr->addr);
1077 if (curaddr->netmask)
1078 free(curaddr->netmask);
1079 if (curaddr->broadaddr)
1080 free(curaddr->broadaddr);
1081 if (curaddr->dstaddr)
1082 free(curaddr->dstaddr);
1083 free(curaddr);
1084 }
1085
1086 /*
1087 * Free the name string.
1088 */
1089 free(curdev->name);
1090
1091 /*
1092 * Free the description string, if any.
1093 */
1094 if (curdev->description != NULL)
1095 free(curdev->description);
1096
1097 /*
1098 * Free the interface.
1099 */
1100 free(curdev);
1101 }
1102 }
1103
1104 pcap_t *
1105 pcap_create(const char *device, char *errbuf)
1106 {
1107 size_t i;
1108 int is_theirs;
1109 pcap_t *p;
1110 char *device_str;
1111
1112 /*
1113 * A null device name is equivalent to the "any" device -
1114 * which might not be supported on this platform, but
1115 * this means that you'll get a "not supported" error
1116 * rather than, say, a crash when we try to dereference
1117 * the null pointer.
1118 */
1119 if (device == NULL)
1120 device_str = strdup("any");
1121 else {
1122 #ifdef _WIN32
1123 /*
1124 * If the string appears to be little-endian UCS-2/UTF-16,
1125 * convert it to ASCII.
1126 *
1127 * XXX - to UTF-8 instead? Or report an error if any
1128 * character isn't ASCII?
1129 */
1130 if (device[0] != '\0' && device[1] == '\0') {
1131 size_t length;
1132
1133 length = wcslen((wchar_t *)device);
1134 device_str = (char *)malloc(length + 1);
1135 if (device_str == NULL) {
1136 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
1137 "malloc: %s", pcap_strerror(errno));
1138 return (NULL);
1139 }
1140
1141 pcap_snprintf(device_str, length + 1, "%ws",
1142 (const wchar_t *)device);
1143 } else
1144 #endif
1145 device_str = strdup(device);
1146 }
1147 if (device_str == NULL) {
1148 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
1149 "malloc: %s", pcap_strerror(errno));
1150 return (NULL);
1151 }
1152
1153 /*
1154 * Try each of the non-local-network-interface capture
1155 * source types until we find one that works for this
1156 * device or run out of types.
1157 */
1158 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
1159 is_theirs = 0;
1160 p = capture_source_types[i].create_op(device_str, errbuf,
1161 &is_theirs);
1162 if (is_theirs) {
1163 /*
1164 * The device name refers to a device of the
1165 * type in question; either it succeeded,
1166 * in which case p refers to a pcap_t to
1167 * later activate for the device, or it
1168 * failed, in which case p is null and we
1169 * should return that to report the failure
1170 * to create.
1171 */
1172 if (p == NULL) {
1173 /*
1174 * We assume the caller filled in errbuf.
1175 */
1176 free(device_str);
1177 return (NULL);
1178 }
1179 p->opt.device = device_str;
1180 return (p);
1181 }
1182 }
1183
1184 /*
1185 * OK, try it as a regular network interface.
1186 */
1187 p = pcap_create_interface(device_str, errbuf);
1188 if (p == NULL) {
1189 /*
1190 * We assume the caller filled in errbuf.
1191 */
1192 free(device_str);
1193 return (NULL);
1194 }
1195 p->opt.device = device_str;
1196 return (p);
1197 }
1198
1199 /*
1200 * Set nonblocking mode on an unactivated pcap_t; this sets a flag
1201 * checked by pcap_activate(), which sets the mode after calling
1202 * the activate routine.
1203 */
1204 static int
1205 pcap_setnonblock_unactivated(pcap_t *p, int nonblock)
1206 {
1207 p->opt.nonblock = nonblock;
1208 return (0);
1209 }
1210
1211 static void
1212 initialize_ops(pcap_t *p)
1213 {
1214 /*
1215 * Set operation pointers for operations that only work on
1216 * an activated pcap_t to point to a routine that returns
1217 * a "this isn't activated" error.
1218 */
1219 p->read_op = (read_op_t)pcap_not_initialized;
1220 p->inject_op = (inject_op_t)pcap_not_initialized;
1221 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
1222 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
1223 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
1224 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
1225 p->stats_op = (stats_op_t)pcap_not_initialized;
1226 #ifdef _WIN32
1227 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
1228 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
1229 p->setmode_op = (setmode_op_t)pcap_not_initialized;
1230 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
1231 p->getevent_op = pcap_getevent_not_initialized;
1232 p->oid_get_request_op = (oid_get_request_op_t)pcap_not_initialized;
1233 p->oid_set_request_op = (oid_set_request_op_t)pcap_not_initialized;
1234 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized;
1235 p->setuserbuffer_op = (setuserbuffer_op_t)pcap_not_initialized;
1236 p->live_dump_op = (live_dump_op_t)pcap_not_initialized;
1237 p->live_dump_ended_op = (live_dump_ended_op_t)pcap_not_initialized;
1238 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized;
1239 #endif
1240
1241 /*
1242 * Default cleanup operation - implementations can override
1243 * this, but should call pcap_cleanup_live_common() after
1244 * doing their own additional cleanup.
1245 */
1246 p->cleanup_op = pcap_cleanup_live_common;
1247
1248 /*
1249 * In most cases, the standard one-shot callback can
1250 * be used for pcap_next()/pcap_next_ex().
1251 */
1252 p->oneshot_callback = pcap_oneshot;
1253 }
1254
1255 static pcap_t *
1256 pcap_alloc_pcap_t(char *ebuf, size_t size)
1257 {
1258 char *chunk;
1259 pcap_t *p;
1260
1261 /*
1262 * Allocate a chunk of memory big enough for a pcap_t
1263 * plus a structure following it of size "size". The
1264 * structure following it is a private data structure
1265 * for the routines that handle this pcap_t.
1266 */
1267 chunk = malloc(sizeof (pcap_t) + size);
1268 if (chunk == NULL) {
1269 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
1270 pcap_strerror(errno));
1271 return (NULL);
1272 }
1273 memset(chunk, 0, sizeof (pcap_t) + size);
1274
1275 /*
1276 * Get a pointer to the pcap_t at the beginning.
1277 */
1278 p = (pcap_t *)chunk;
1279
1280 #ifndef _WIN32
1281 p->fd = -1; /* not opened yet */
1282 p->selectable_fd = -1;
1283 #endif
1284
1285 if (size == 0) {
1286 /* No private data was requested. */
1287 p->priv = NULL;
1288 } else {
1289 /*
1290 * Set the pointer to the private data; that's the structure
1291 * of size "size" following the pcap_t.
1292 */
1293 p->priv = (void *)(chunk + sizeof (pcap_t));
1294 }
1295
1296 return (p);
1297 }
1298
1299 pcap_t *
1300 pcap_create_common(char *ebuf, size_t size)
1301 {
1302 pcap_t *p;
1303
1304 p = pcap_alloc_pcap_t(ebuf, size);
1305 if (p == NULL)
1306 return (NULL);
1307
1308 /*
1309 * Default to "can't set rfmon mode"; if it's supported by
1310 * a platform, the create routine that called us can set
1311 * the op to its routine to check whether a particular
1312 * device supports it.
1313 */
1314 p->can_set_rfmon_op = pcap_cant_set_rfmon;
1315
1316 /*
1317 * If pcap_setnonblock() is called on a not-yet-activated
1318 * pcap_t, default to setting a flag and turning
1319 * on non-blocking mode when activated.
1320 */
1321 p->setnonblock_op = pcap_setnonblock_unactivated;
1322
1323 initialize_ops(p);
1324
1325 /* put in some defaults*/
1326 p->snapshot = MAXIMUM_SNAPLEN; /* max packet size */
1327 p->opt.timeout = 0; /* no timeout specified */
1328 p->opt.buffer_size = 0; /* use the platform's default */
1329 p->opt.promisc = 0;
1330 p->opt.rfmon = 0;
1331 p->opt.immediate = 0;
1332 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
1333 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
1334
1335 /*
1336 * Start out with no BPF code generation flags set.
1337 */
1338 p->bpf_codegen_flags = 0;
1339
1340 return (p);
1341 }
1342
1343 int
1344 pcap_check_activated(pcap_t *p)
1345 {
1346 if (p->activated) {
1347 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
1348 " operation on activated capture");
1349 return (-1);
1350 }
1351 return (0);
1352 }
1353
1354 int
1355 pcap_set_snaplen(pcap_t *p, int snaplen)
1356 {
1357 if (pcap_check_activated(p))
1358 return (PCAP_ERROR_ACTIVATED);
1359
1360 /*
1361 * Turn invalid values, or excessively large values, into
1362 * the maximum allowed value.
1363 *
1364 * If some application really *needs* a bigger snapshot
1365 * length, we should just increase MAXIMUM_SNAPLEN.
1366 */
1367 if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN)
1368 snaplen = MAXIMUM_SNAPLEN;
1369 p->snapshot = snaplen;
1370 return (0);
1371 }
1372
1373 int
1374 pcap_set_promisc(pcap_t *p, int promisc)
1375 {
1376 if (pcap_check_activated(p))
1377 return (PCAP_ERROR_ACTIVATED);
1378 p->opt.promisc = promisc;
1379 return (0);
1380 }
1381
1382 int
1383 pcap_set_rfmon(pcap_t *p, int rfmon)
1384 {
1385 if (pcap_check_activated(p))
1386 return (PCAP_ERROR_ACTIVATED);
1387 p->opt.rfmon = rfmon;
1388 return (0);
1389 }
1390
1391 int
1392 pcap_set_timeout(pcap_t *p, int timeout_ms)
1393 {
1394 if (pcap_check_activated(p))
1395 return (PCAP_ERROR_ACTIVATED);
1396 p->opt.timeout = timeout_ms;
1397 return (0);
1398 }
1399
1400 int
1401 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
1402 {
1403 int i;
1404
1405 if (pcap_check_activated(p))
1406 return (PCAP_ERROR_ACTIVATED);
1407
1408 /*
1409 * The argument should have been u_int, but that's too late
1410 * to change now - it's an API.
1411 */
1412 if (tstamp_type < 0)
1413 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
1414
1415 /*
1416 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
1417 * the default time stamp type is PCAP_TSTAMP_HOST.
1418 */
1419 if (p->tstamp_type_count == 0) {
1420 if (tstamp_type == PCAP_TSTAMP_HOST) {
1421 p->opt.tstamp_type = tstamp_type;
1422 return (0);
1423 }
1424 } else {
1425 /*
1426 * Check whether we claim to support this type of time stamp.
1427 */
1428 for (i = 0; i < p->tstamp_type_count; i++) {
1429 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
1430 /*
1431 * Yes.
1432 */
1433 p->opt.tstamp_type = tstamp_type;
1434 return (0);
1435 }
1436 }
1437 }
1438
1439 /*
1440 * We don't support this type of time stamp.
1441 */
1442 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
1443 }
1444
1445 int
1446 pcap_set_immediate_mode(pcap_t *p, int immediate)
1447 {
1448 if (pcap_check_activated(p))
1449 return (PCAP_ERROR_ACTIVATED);
1450 p->opt.immediate = immediate;
1451 return (0);
1452 }
1453
1454 int
1455 pcap_set_buffer_size(pcap_t *p, int buffer_size)
1456 {
1457 if (pcap_check_activated(p))
1458 return (PCAP_ERROR_ACTIVATED);
1459 if (buffer_size <= 0) {
1460 /*
1461 * Silently ignore invalid values.
1462 */
1463 return (0);
1464 }
1465 p->opt.buffer_size = buffer_size;
1466 return (0);
1467 }
1468
1469 int
1470 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
1471 {
1472 int i;
1473
1474 if (pcap_check_activated(p))
1475 return (PCAP_ERROR_ACTIVATED);
1476
1477 /*
1478 * The argument should have been u_int, but that's too late
1479 * to change now - it's an API.
1480 */
1481 if (tstamp_precision < 0)
1482 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
1483
1484 /*
1485 * If p->tstamp_precision_count is 0, we only support setting
1486 * the time stamp precision to microsecond precision; every
1487 * pcap module *MUST* support microsecond precision, even if
1488 * it does so by converting the native precision to
1489 * microseconds.
1490 */
1491 if (p->tstamp_precision_count == 0) {
1492 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
1493 p->opt.tstamp_precision = tstamp_precision;
1494 return (0);
1495 }
1496 } else {
1497 /*
1498 * Check whether we claim to support this precision of
1499 * time stamp.
1500 */
1501 for (i = 0; i < p->tstamp_precision_count; i++) {
1502 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
1503 /*
1504 * Yes.
1505 */
1506 p->opt.tstamp_precision = tstamp_precision;
1507 return (0);
1508 }
1509 }
1510 }
1511
1512 /*
1513 * We don't support this time stamp precision.
1514 */
1515 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
1516 }
1517
1518 int
1519 pcap_get_tstamp_precision(pcap_t *p)
1520 {
1521 return (p->opt.tstamp_precision);
1522 }
1523
1524 int
1525 pcap_activate(pcap_t *p)
1526 {
1527 int status;
1528
1529 /*
1530 * Catch attempts to re-activate an already-activated
1531 * pcap_t; this should, for example, catch code that
1532 * calls pcap_open_live() followed by pcap_activate(),
1533 * as some code that showed up in a Stack Exchange
1534 * question did.
1535 */
1536 if (pcap_check_activated(p))
1537 return (PCAP_ERROR_ACTIVATED);
1538 status = p->activate_op(p);
1539 if (status >= 0) {
1540 /*
1541 * If somebody requested non-blocking mode before
1542 * calling pcap_activate(), turn it on now.
1543 */
1544 if (p->opt.nonblock) {
1545 status = p->setnonblock_op(p, 1);
1546 if (status < 0) {
1547 /*
1548 * Failed. Undo everything done by
1549 * the activate operation.
1550 */
1551 p->cleanup_op(p);
1552 initialize_ops(p);
1553 return (status);
1554 }
1555 }
1556 p->activated = 1;
1557 } else {
1558 if (p->errbuf[0] == '\0') {
1559 /*
1560 * No error message supplied by the activate routine;
1561 * for the benefit of programs that don't specially
1562 * handle errors other than PCAP_ERROR, return the
1563 * error message corresponding to the status.
1564 */
1565 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
1566 pcap_statustostr(status));
1567 }
1568
1569 /*
1570 * Undo any operation pointer setting, etc. done by
1571 * the activate operation.
1572 */
1573 initialize_ops(p);
1574 }
1575 return (status);
1576 }
1577
1578 pcap_t *
1579 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
1580 {
1581 pcap_t *p;
1582 int status;
1583 #ifdef HAVE_REMOTE
1584 char host[PCAP_BUF_SIZE + 1];
1585 char port[PCAP_BUF_SIZE + 1];
1586 char name[PCAP_BUF_SIZE + 1];
1587 int srctype;
1588
1589 /*
1590 * Retrofit - we have to make older applications compatible with
1591 * remote capture.
1592 * So we're calling pcap_open_remote() from here; this is a very
1593 * dirty hack.
1594 * Obviously, we cannot exploit all the new features; for instance,
1595 * we cannot send authentication, we cannot use a UDP data connection,
1596 * and so on.
1597 */
1598 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf))
1599 return (NULL);
1600
1601 if (srctype == PCAP_SRC_IFREMOTE) {
1602 /*
1603 * Although we already have host, port and iface, we prefer
1604 * to pass only 'device' to pcap_open_rpcap(), so that it has
1605 * to call pcap_parsesrcstr() again.
1606 * This is less optimized, but much clearer.
1607 */
1608 return (pcap_open_rpcap(device, snaplen,
1609 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms,
1610 NULL, errbuf));
1611 }
1612 if (srctype == PCAP_SRC_FILE) {
1613 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\"");
1614 return (NULL);
1615 }
1616 if (srctype == PCAP_SRC_IFLOCAL) {
1617 /*
1618 * If it starts with rpcap://, that refers to a local device
1619 * (no host part in the URL). Remove the rpcap://, and
1620 * fall through to the regular open path.
1621 */
1622 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) {
1623 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1;
1624
1625 if (len > 0)
1626 device += strlen(PCAP_SRC_IF_STRING);
1627 }
1628 }
1629 #endif /* HAVE_REMOTE */
1630
1631 p = pcap_create(device, errbuf);
1632 if (p == NULL)
1633 return (NULL);
1634 status = pcap_set_snaplen(p, snaplen);
1635 if (status < 0)
1636 goto fail;
1637 status = pcap_set_promisc(p, promisc);
1638 if (status < 0)
1639 goto fail;
1640 status = pcap_set_timeout(p, to_ms);
1641 if (status < 0)
1642 goto fail;
1643 /*
1644 * Mark this as opened with pcap_open_live(), so that, for
1645 * example, we show the full list of DLT_ values, rather
1646 * than just the ones that are compatible with capturing
1647 * when not in monitor mode. That allows existing applications
1648 * to work the way they used to work, but allows new applications
1649 * that know about the new open API to, for example, find out the
1650 * DLT_ values that they can select without changing whether
1651 * the adapter is in monitor mode or not.
1652 */
1653 p->oldstyle = 1;
1654 status = pcap_activate(p);
1655 if (status < 0)
1656 goto fail;
1657 return (p);
1658 fail:
1659 if (status == PCAP_ERROR)
1660 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
1661 p->errbuf);
1662 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
1663 status == PCAP_ERROR_PERM_DENIED ||
1664 status == PCAP_ERROR_PROMISC_PERM_DENIED)
1665 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", device,
1666 pcap_statustostr(status), p->errbuf);
1667 else
1668 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
1669 pcap_statustostr(status));
1670 pcap_close(p);
1671 return (NULL);
1672 }
1673
1674 pcap_t *
1675 pcap_open_offline_common(char *ebuf, size_t size)
1676 {
1677 pcap_t *p;
1678
1679 p = pcap_alloc_pcap_t(ebuf, size);
1680 if (p == NULL)
1681 return (NULL);
1682
1683 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
1684
1685 return (p);
1686 }
1687
1688 int
1689 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
1690 {
1691 return (p->read_op(p, cnt, callback, user));
1692 }
1693
1694 int
1695 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
1696 {
1697 register int n;
1698
1699 for (;;) {
1700 if (p->rfile != NULL) {
1701 /*
1702 * 0 means EOF, so don't loop if we get 0.
1703 */
1704 n = pcap_offline_read(p, cnt, callback, user);
1705 } else {
1706 /*
1707 * XXX keep reading until we get something
1708 * (or an error occurs)
1709 */
1710 do {
1711 n = p->read_op(p, cnt, callback, user);
1712 } while (n == 0);
1713 }
1714 if (n <= 0)
1715 return (n);
1716 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
1717 cnt -= n;
1718 if (cnt <= 0)
1719 return (0);
1720 }
1721 }
1722 }
1723
1724 /*
1725 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
1726 */
1727 void
1728 pcap_breakloop(pcap_t *p)
1729 {
1730 p->break_loop = 1;
1731 }
1732
1733 int
1734 pcap_datalink(pcap_t *p)
1735 {
1736 if (!p->activated)
1737 return (PCAP_ERROR_NOT_ACTIVATED);
1738 return (p->linktype);
1739 }
1740
1741 int
1742 pcap_datalink_ext(pcap_t *p)
1743 {
1744 if (!p->activated)
1745 return (PCAP_ERROR_NOT_ACTIVATED);
1746 return (p->linktype_ext);
1747 }
1748
1749 int
1750 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
1751 {
1752 if (!p->activated)
1753 return (PCAP_ERROR_NOT_ACTIVATED);
1754 if (p->dlt_count == 0) {
1755 /*
1756 * We couldn't fetch the list of DLTs, which means
1757 * this platform doesn't support changing the
1758 * DLT for an interface. Return a list of DLTs
1759 * containing only the DLT this device supports.
1760 */
1761 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
1762 if (*dlt_buffer == NULL) {
1763 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1764 "malloc: %s", pcap_strerror(errno));
1765 return (PCAP_ERROR);
1766 }
1767 **dlt_buffer = p->linktype;
1768 return (1);
1769 } else {
1770 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
1771 if (*dlt_buffer == NULL) {
1772 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1773 "malloc: %s", pcap_strerror(errno));
1774 return (PCAP_ERROR);
1775 }
1776 (void)memcpy(*dlt_buffer, p->dlt_list,
1777 sizeof(**dlt_buffer) * p->dlt_count);
1778 return (p->dlt_count);
1779 }
1780 }
1781
1782 /*
1783 * In Windows, you might have a library built with one version of the
1784 * C runtime library and an application built with another version of
1785 * the C runtime library, which means that the library might use one
1786 * version of malloc() and free() and the application might use another
1787 * version of malloc() and free(). If so, that means something
1788 * allocated by the library cannot be freed by the application, so we
1789 * need to have a pcap_free_datalinks() routine to free up the list
1790 * allocated by pcap_list_datalinks(), even though it's just a wrapper
1791 * around free().
1792 */
1793 void
1794 pcap_free_datalinks(int *dlt_list)
1795 {
1796 free(dlt_list);
1797 }
1798
1799 int
1800 pcap_set_datalink(pcap_t *p, int dlt)
1801 {
1802 int i;
1803 const char *dlt_name;
1804
1805 if (dlt < 0)
1806 goto unsupported;
1807
1808 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
1809 /*
1810 * We couldn't fetch the list of DLTs, or we don't
1811 * have a "set datalink" operation, which means
1812 * this platform doesn't support changing the
1813 * DLT for an interface. Check whether the new
1814 * DLT is the one this interface supports.
1815 */
1816 if (p->linktype != dlt)
1817 goto unsupported;
1818
1819 /*
1820 * It is, so there's nothing we need to do here.
1821 */
1822 return (0);
1823 }
1824 for (i = 0; i < p->dlt_count; i++)
1825 if (p->dlt_list[i] == (u_int)dlt)
1826 break;
1827 if (i >= p->dlt_count)
1828 goto unsupported;
1829 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
1830 dlt == DLT_DOCSIS) {
1831 /*
1832 * This is presumably an Ethernet device, as the first
1833 * link-layer type it offers is DLT_EN10MB, and the only
1834 * other type it offers is DLT_DOCSIS. That means that
1835 * we can't tell the driver to supply DOCSIS link-layer
1836 * headers - we're just pretending that's what we're
1837 * getting, as, presumably, we're capturing on a dedicated
1838 * link to a Cisco Cable Modem Termination System, and
1839 * it's putting raw DOCSIS frames on the wire inside low-level
1840 * Ethernet framing.
1841 */
1842 p->linktype = dlt;
1843 return (0);
1844 }
1845 if (p->set_datalink_op(p, dlt) == -1)
1846 return (-1);
1847 p->linktype = dlt;
1848 return (0);
1849
1850 unsupported:
1851 dlt_name = pcap_datalink_val_to_name(dlt);
1852 if (dlt_name != NULL) {
1853 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1854 "%s is not one of the DLTs supported by this device",
1855 dlt_name);
1856 } else {
1857 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1858 "DLT %d is not one of the DLTs supported by this device",
1859 dlt);
1860 }
1861 return (-1);
1862 }
1863
1864 /*
1865 * This array is designed for mapping upper and lower case letter
1866 * together for a case independent comparison. The mappings are
1867 * based upon ascii character sequences.
1868 */
1869 static const u_char charmap[] = {
1870 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1871 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1872 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1873 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1874 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1875 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1876 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1877 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1878 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1879 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1880 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1881 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1882 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1883 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1884 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1885 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1886 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1887 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1888 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1889 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1890 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1891 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1892 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1893 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1894 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1895 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1896 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1897 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1898 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1899 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1900 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1901 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1902 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1903 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1904 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1905 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1906 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1907 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1908 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1909 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1910 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1911 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1912 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1913 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1914 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1915 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1916 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1917 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1918 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1919 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1920 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1921 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1922 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1923 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1924 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1925 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1926 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1927 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1928 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1929 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1930 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1931 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1932 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1933 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1934 };
1935
1936 int
1937 pcap_strcasecmp(const char *s1, const char *s2)
1938 {
1939 register const u_char *cm = charmap,
1940 *us1 = (const u_char *)s1,
1941 *us2 = (const u_char *)s2;
1942
1943 while (cm[*us1] == cm[*us2++])
1944 if (*us1++ == '\0')
1945 return(0);
1946 return (cm[*us1] - cm[*--us2]);
1947 }
1948
1949 struct dlt_choice {
1950 const char *name;
1951 const char *description;
1952 int dlt;
1953 };
1954
1955 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code }
1956 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1957
1958 static struct dlt_choice dlt_choices[] = {
1959 DLT_CHOICE(NULL, "BSD loopback"),
1960 DLT_CHOICE(EN10MB, "Ethernet"),
1961 DLT_CHOICE(IEEE802, "Token ring"),
1962 DLT_CHOICE(ARCNET, "BSD ARCNET"),
1963 DLT_CHOICE(SLIP, "SLIP"),
1964 DLT_CHOICE(PPP, "PPP"),
1965 DLT_CHOICE(FDDI, "FDDI"),
1966 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1967 DLT_CHOICE(RAW, "Raw IP"),
1968 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"),
1969 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"),
1970 DLT_CHOICE(ATM_CLIP, "Linux Classical IP-over-ATM"),
1971 DLT_CHOICE(PPP_SERIAL, "PPP over serial"),
1972 DLT_CHOICE(PPP_ETHER, "PPPoE"),
1973 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"),
1974 DLT_CHOICE(C_HDLC, "Cisco HDLC"),
1975 DLT_CHOICE(IEEE802_11, "802.11"),
1976 DLT_CHOICE(FRELAY, "Frame Relay"),
1977 DLT_CHOICE(LOOP, "OpenBSD loopback"),
1978 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"),
1979 DLT_CHOICE(LINUX_SLL, "Linux cooked"),
1980 DLT_CHOICE(LTALK, "Localtalk"),
1981 DLT_CHOICE(PFLOG, "OpenBSD pflog file"),
1982 DLT_CHOICE(PFSYNC, "Packet filter state syncing"),
1983 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"),
1984 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1985 DLT_CHOICE(SUNATM, "Sun raw ATM"),
1986 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"),
1987 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"),
1988 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1989 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1990 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"),
1991 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"),
1992 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1993 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"),
1994 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1995 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"),
1996 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1997 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1998 DLT_CHOICE(MTP2, "SS7 MTP2"),
1999 DLT_CHOICE(MTP3, "SS7 MTP3"),
2000 DLT_CHOICE(SCCP, "SS7 SCCP"),
2001 DLT_CHOICE(DOCSIS, "DOCSIS"),
2002 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"),
2003 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
2004 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
2005 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"),
2006 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"),
2007 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"),
2008 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
2009 DLT_CHOICE(GPRS_LLC, "GPRS LLC"),
2010 DLT_CHOICE(GPF_T, "GPF-T"),
2011 DLT_CHOICE(GPF_F, "GPF-F"),
2012 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"),
2013 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"),
2014 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"),
2015 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"),
2016 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"),
2017 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"),
2018 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"),
2019 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"),
2020 DLT_CHOICE(MFR, "FRF.16 Frame Relay"),
2021 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"),
2022 DLT_CHOICE(A429, "Arinc 429"),
2023 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"),
2024 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"),
2025 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
2026 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
2027 DLT_CHOICE(USB_LINUX, "USB with Linux header"),
2028 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"),
2029 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
2030 DLT_CHOICE(PPI, "Per-Packet Information"),
2031 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
2032 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"),
2033 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"),
2034 DLT_CHOICE(SITA, "SITA pseudo-header"),
2035 DLT_CHOICE(ERF, "Endace ERF header"),
2036 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"),
2037 DLT_CHOICE(IPMB, "IPMB"),
2038 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"),
2039 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
2040 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"),
2041 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
2042 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"),
2043 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"),
2044 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"),
2045 DLT_CHOICE(DECT, "DECT"),
2046 DLT_CHOICE(AOS, "AOS Space Data Link protocol"),
2047 DLT_CHOICE(WIHART, "Wireless HART"),
2048 DLT_CHOICE(FC_2, "Fibre Channel FC-2"),
2049 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
2050 DLT_CHOICE(IPNET, "Solaris ipnet"),
2051 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
2052 DLT_CHOICE(IPV4, "Raw IPv4"),
2053 DLT_CHOICE(IPV6, "Raw IPv6"),
2054 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
2055 DLT_CHOICE(DBUS, "D-Bus"),
2056 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"),
2057 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"),
2058 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
2059 DLT_CHOICE(DVB_CI, "DVB-CI"),
2060 DLT_CHOICE(MUX27010, "MUX27010"),
2061 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
2062 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
2063 DLT_CHOICE(NFLOG, "Linux netfilter log messages"),
2064 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
2065 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
2066 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"),
2067 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"),
2068 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"),
2069 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
2070 DLT_CHOICE(INFINIBAND, "InfiniBand"),
2071 DLT_CHOICE(SCTP, "SCTP"),
2072 DLT_CHOICE(USBPCAP, "USB with USBPcap header"),
2073 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
2074 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
2075 DLT_CHOICE(NETLINK, "Linux netlink"),
2076 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
2077 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
2078 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
2079 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"),
2080 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"),
2081 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
2082 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"),
2083 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"),
2084 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"),
2085 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"),
2086 DLT_CHOICE(ISO_14443, "ISO 14443 messages"),
2087 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"),
2088 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"),
2089 DLT_CHOICE(OPENFLOW, "OpenBSD DLT_OPENFLOW"),
2090 DLT_CHOICE_SENTINEL
2091 };
2092
2093 int
2094 pcap_datalink_name_to_val(const char *name)
2095 {
2096 int i;
2097
2098 for (i = 0; dlt_choices[i].name != NULL; i++) {
2099 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0)
2100 return (dlt_choices[i].dlt);
2101 }
2102 return (-1);
2103 }
2104
2105 const char *
2106 pcap_datalink_val_to_name(int dlt)
2107 {
2108 int i;
2109
2110 for (i = 0; dlt_choices[i].name != NULL; i++) {
2111 if (dlt_choices[i].dlt == dlt)
2112 return (dlt_choices[i].name);
2113 }
2114 return (NULL);
2115 }
2116
2117 const char *
2118 pcap_datalink_val_to_description(int dlt)
2119 {
2120 int i;
2121
2122 for (i = 0; dlt_choices[i].name != NULL; i++) {
2123 if (dlt_choices[i].dlt == dlt)
2124 return (dlt_choices[i].description);
2125 }
2126 return (NULL);
2127 }
2128
2129 struct tstamp_type_choice {
2130 const char *name;
2131 const char *description;
2132 int type;
2133 };
2134
2135 static struct tstamp_type_choice tstamp_type_choices[] = {
2136 { "host", "Host", PCAP_TSTAMP_HOST },
2137 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
2138 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
2139 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
2140 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
2141 { NULL, NULL, 0 }
2142 };
2143
2144 int
2145 pcap_tstamp_type_name_to_val(const char *name)
2146 {
2147 int i;
2148
2149 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
2150 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
2151 return (tstamp_type_choices[i].type);
2152 }
2153 return (PCAP_ERROR);
2154 }
2155
2156 const char *
2157 pcap_tstamp_type_val_to_name(int tstamp_type)
2158 {
2159 int i;
2160
2161 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
2162 if (tstamp_type_choices[i].type == tstamp_type)
2163 return (tstamp_type_choices[i].name);
2164 }
2165 return (NULL);
2166 }
2167
2168 const char *
2169 pcap_tstamp_type_val_to_description(int tstamp_type)
2170 {
2171 int i;
2172
2173 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
2174 if (tstamp_type_choices[i].type == tstamp_type)
2175 return (tstamp_type_choices[i].description);
2176 }
2177 return (NULL);
2178 }
2179
2180 int
2181 pcap_snapshot(pcap_t *p)
2182 {
2183 if (!p->activated)
2184 return (PCAP_ERROR_NOT_ACTIVATED);
2185 return (p->snapshot);
2186 }
2187
2188 int
2189 pcap_is_swapped(pcap_t *p)
2190 {
2191 if (!p->activated)
2192 return (PCAP_ERROR_NOT_ACTIVATED);
2193 return (p->swapped);
2194 }
2195
2196 int
2197 pcap_major_version(pcap_t *p)
2198 {
2199 if (!p->activated)
2200 return (PCAP_ERROR_NOT_ACTIVATED);
2201 return (p->version_major);
2202 }
2203
2204 int
2205 pcap_minor_version(pcap_t *p)
2206 {
2207 if (!p->activated)
2208 return (PCAP_ERROR_NOT_ACTIVATED);
2209 return (p->version_minor);
2210 }
2211
2212 int
2213 pcap_bufsize(pcap_t *p)
2214 {
2215 if (!p->activated)
2216 return (PCAP_ERROR_NOT_ACTIVATED);
2217 return (p->bufsize);
2218 }
2219
2220 FILE *
2221 pcap_file(pcap_t *p)
2222 {
2223 return (p->rfile);
2224 }
2225
2226 int
2227 pcap_fileno(pcap_t *p)
2228 {
2229 #ifndef _WIN32
2230 return (p->fd);
2231 #else
2232 if (p->adapter != NULL)
2233 return ((int)(DWORD)p->adapter->hFile);
2234 else
2235 return (PCAP_ERROR);
2236 #endif
2237 }
2238
2239 #if !defined(_WIN32) && !defined(MSDOS)
2240 int
2241 pcap_get_selectable_fd(pcap_t *p)
2242 {
2243 return (p->selectable_fd);
2244 }
2245 #endif
2246
2247 void
2248 pcap_perror(pcap_t *p, const char *prefix)
2249 {
2250 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
2251 }
2252
2253 char *
2254 pcap_geterr(pcap_t *p)
2255 {
2256 return (p->errbuf);
2257 }
2258
2259 int
2260 pcap_getnonblock(pcap_t *p, char *errbuf)
2261 {
2262 int ret;
2263
2264 ret = p->getnonblock_op(p);
2265 if (ret == -1) {
2266 /*
2267 * The get nonblock operation sets p->errbuf; this
2268 * function *shouldn't* have had a separate errbuf
2269 * argument, as it didn't need one, but I goofed
2270 * when adding it.
2271 *
2272 * We copy the error message to errbuf, so callers
2273 * can find it in either place.
2274 */
2275 strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
2276 }
2277 return (ret);
2278 }
2279
2280 /*
2281 * Get the current non-blocking mode setting, under the assumption that
2282 * it's just the standard POSIX non-blocking flag.
2283 */
2284 #if !defined(_WIN32) && !defined(MSDOS)
2285 int
2286 pcap_getnonblock_fd(pcap_t *p)
2287 {
2288 int fdflags;
2289
2290 fdflags = fcntl(p->fd, F_GETFL, 0);
2291 if (fdflags == -1) {
2292 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
2293 pcap_strerror(errno));
2294 return (-1);
2295 }
2296 if (fdflags & O_NONBLOCK)
2297 return (1);
2298 else
2299 return (0);
2300 }
2301 #endif
2302
2303 int
2304 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
2305 {
2306 int ret;
2307
2308 ret = p->setnonblock_op(p, nonblock);
2309 if (ret == -1) {
2310 /*
2311 * The set nonblock operation sets p->errbuf; this
2312 * function *shouldn't* have had a separate errbuf
2313 * argument, as it didn't need one, but I goofed
2314 * when adding it.
2315 *
2316 * We copy the error message to errbuf, so callers
2317 * can find it in either place.
2318 */
2319 strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
2320 }
2321 return (ret);
2322 }
2323
2324 #if !defined(_WIN32) && !defined(MSDOS)
2325 /*
2326 * Set non-blocking mode, under the assumption that it's just the
2327 * standard POSIX non-blocking flag. (This can be called by the
2328 * per-platform non-blocking-mode routine if that routine also
2329 * needs to do some additional work.)
2330 */
2331 int
2332 pcap_setnonblock_fd(pcap_t *p, int nonblock)
2333 {
2334 int fdflags;
2335
2336 fdflags = fcntl(p->fd, F_GETFL, 0);
2337 if (fdflags == -1) {
2338 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
2339 pcap_strerror(errno));
2340 return (-1);
2341 }
2342 if (nonblock)
2343 fdflags |= O_NONBLOCK;
2344 else
2345 fdflags &= ~O_NONBLOCK;
2346 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
2347 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
2348 pcap_strerror(errno));
2349 return (-1);
2350 }
2351 return (0);
2352 }
2353 #endif
2354
2355 #ifdef _WIN32
2356 /*
2357 * Generate a string for a Win32-specific error (i.e. an error generated when
2358 * calling a Win32 API).
2359 * For errors occurred during standard C calls, we still use pcap_strerror()
2360 */
2361 void
2362 pcap_win32_err_to_str(DWORD error, char *errbuf)
2363 {
2364 size_t errlen;
2365 char *p;
2366
2367 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
2368 PCAP_ERRBUF_SIZE, NULL);
2369
2370 /*
2371 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
2372 * message. Get rid of it.
2373 */
2374 errlen = strlen(errbuf);
2375 if (errlen >= 2) {
2376 errbuf[errlen - 1] = '\0';
2377 errbuf[errlen - 2] = '\0';
2378 }
2379 p = strchr(errbuf, '\0');
2380 pcap_snprintf (p, PCAP_ERRBUF_SIZE+1-(p-errbuf), " (%lu)", error);
2381 }
2382 #endif
2383
2384 /*
2385 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
2386 */
2387 const char *
2388 pcap_statustostr(int errnum)
2389 {
2390 static char ebuf[15+10+1];
2391
2392 switch (errnum) {
2393
2394 case PCAP_WARNING:
2395 return("Generic warning");
2396
2397 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
2398 return ("That type of time stamp is not supported by that device");
2399
2400 case PCAP_WARNING_PROMISC_NOTSUP:
2401 return ("That device doesn't support promiscuous mode");
2402
2403 case PCAP_ERROR:
2404 return("Generic error");
2405
2406 case PCAP_ERROR_BREAK:
2407 return("Loop terminated by pcap_breakloop");
2408
2409 case PCAP_ERROR_NOT_ACTIVATED:
2410 return("The pcap_t has not been activated");
2411
2412 case PCAP_ERROR_ACTIVATED:
2413 return ("The setting can't be changed after the pcap_t is activated");
2414
2415 case PCAP_ERROR_NO_SUCH_DEVICE:
2416 return ("No such device exists");
2417
2418 case PCAP_ERROR_RFMON_NOTSUP:
2419 return ("That device doesn't support monitor mode");
2420
2421 case PCAP_ERROR_NOT_RFMON:
2422 return ("That operation is supported only in monitor mode");
2423
2424 case PCAP_ERROR_PERM_DENIED:
2425 return ("You don't have permission to capture on that device");
2426
2427 case PCAP_ERROR_IFACE_NOT_UP:
2428 return ("That device is not up");
2429
2430 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
2431 return ("That device doesn't support setting the time stamp type");
2432
2433 case PCAP_ERROR_PROMISC_PERM_DENIED:
2434 return ("You don't have permission to capture in promiscuous mode on that device");
2435
2436 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
2437 return ("That device doesn't support that time stamp precision");
2438 }
2439 (void)pcap_snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
2440 return(ebuf);
2441 }
2442
2443 /*
2444 * Not all systems have strerror().
2445 */
2446 const char *
2447 pcap_strerror(int errnum)
2448 {
2449 #ifdef HAVE_STRERROR
2450 #ifdef _WIN32
2451 static char errbuf[PCAP_ERRBUF_SIZE];
2452 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum);
2453
2454 if (err != 0) /* err = 0 if successful */
2455 strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE);
2456 return (errbuf);
2457 #else
2458 return (strerror(errnum));
2459 #endif /* _WIN32 */
2460 #else
2461 extern int sys_nerr;
2462 extern const char *const sys_errlist[];
2463 static char errbuf[PCAP_ERRBUF_SIZE];
2464
2465 if ((unsigned int)errnum < sys_nerr)
2466 return ((char *)sys_errlist[errnum]);
2467 (void)pcap_snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum);
2468 return (errbuf);
2469 #endif
2470 }
2471
2472 int
2473 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
2474 {
2475 return (p->setfilter_op(p, fp));
2476 }
2477
2478 /*
2479 * Set direction flag, which controls whether we accept only incoming
2480 * packets, only outgoing packets, or both.
2481 * Note that, depending on the platform, some or all direction arguments
2482 * might not be supported.
2483 */
2484 int
2485 pcap_setdirection(pcap_t *p, pcap_direction_t d)
2486 {
2487 if (p->setdirection_op == NULL) {
2488 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2489 "Setting direction is not implemented on this platform");
2490 return (-1);
2491 } else
2492 return (p->setdirection_op(p, d));
2493 }
2494
2495 int
2496 pcap_stats(pcap_t *p, struct pcap_stat *ps)
2497 {
2498 return (p->stats_op(p, ps));
2499 }
2500
2501 static int
2502 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
2503 {
2504 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2505 "Statistics aren't available from a pcap_open_dead pcap_t");
2506 return (-1);
2507 }
2508
2509 #ifdef _WIN32
2510 struct pcap_stat *
2511 pcap_stats_ex(pcap_t *p, int *pcap_stat_size)
2512 {
2513 return (p->stats_ex_op(p, pcap_stat_size));
2514 }
2515
2516 int
2517 pcap_setbuff(pcap_t *p, int dim)
2518 {
2519 return (p->setbuff_op(p, dim));
2520 }
2521
2522 static int
2523 pcap_setbuff_dead(pcap_t *p, int dim)
2524 {
2525 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2526 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
2527 return (-1);
2528 }
2529
2530 int
2531 pcap_setmode(pcap_t *p, int mode)
2532 {
2533 return (p->setmode_op(p, mode));
2534 }
2535
2536 static int
2537 pcap_setmode_dead(pcap_t *p, int mode)
2538 {
2539 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2540 "impossible to set mode on a pcap_open_dead pcap_t");
2541 return (-1);
2542 }
2543
2544 int
2545 pcap_setmintocopy(pcap_t *p, int size)
2546 {
2547 return (p->setmintocopy_op(p, size));
2548 }
2549
2550 static int
2551 pcap_setmintocopy_dead(pcap_t *p, int size)
2552 {
2553 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2554 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
2555 return (-1);
2556 }
2557
2558 HANDLE
2559 pcap_getevent(pcap_t *p)
2560 {
2561 return (p->getevent_op(p));
2562 }
2563
2564 static HANDLE
2565 pcap_getevent_dead(pcap_t *p)
2566 {
2567 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2568 "A pcap_open_dead pcap_t has no event handle");
2569 return (INVALID_HANDLE_VALUE);
2570 }
2571
2572 int
2573 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
2574 {
2575 return (p->oid_get_request_op(p, oid, data, lenp));
2576 }
2577
2578 static int
2579 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_,
2580 size_t *lenp _U_)
2581 {
2582 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2583 "An OID get request cannot be performed on a pcap_open_dead pcap_t");
2584 return (PCAP_ERROR);
2585 }
2586
2587 int
2588 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp)
2589 {
2590 return (p->oid_set_request_op(p, oid, data, lenp));
2591 }
2592
2593 static int
2594 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
2595 size_t *lenp _U_)
2596 {
2597 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2598 "An OID set request cannot be performed on a pcap_open_dead pcap_t");
2599 return (PCAP_ERROR);
2600 }
2601
2602 pcap_send_queue *
2603 pcap_sendqueue_alloc(u_int memsize)
2604 {
2605 pcap_send_queue *tqueue;
2606
2607 /* Allocate the queue */
2608 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue));
2609 if (tqueue == NULL){
2610 return (NULL);
2611 }
2612
2613 /* Allocate the buffer */
2614 tqueue->buffer = (char *)malloc(memsize);
2615 if (tqueue->buffer == NULL) {
2616 free(tqueue);
2617 return (NULL);
2618 }
2619
2620 tqueue->maxlen = memsize;
2621 tqueue->len = 0;
2622
2623 return (tqueue);
2624 }
2625
2626 void
2627 pcap_sendqueue_destroy(pcap_send_queue *queue)
2628 {
2629 free(queue->buffer);
2630 free(queue);
2631 }
2632
2633 int
2634 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
2635 {
2636 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){
2637 return (-1);
2638 }
2639
2640 /* Copy the pcap_pkthdr header*/
2641 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr));
2642 queue->len += sizeof(struct pcap_pkthdr);
2643
2644 /* copy the packet */
2645 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen);
2646 queue->len += pkt_header->caplen;
2647
2648 return (0);
2649 }
2650
2651 u_int
2652 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync)
2653 {
2654 return (p->sendqueue_transmit_op(p, queue, sync));
2655 }
2656
2657 static u_int
2658 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue, int sync)
2659 {
2660 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2661 "Packets cannot be transmitted on a pcap_open_dead pcap_t");
2662 return (0);
2663 }
2664
2665 int
2666 pcap_setuserbuffer(pcap_t *p, int size)
2667 {
2668 return (p->setuserbuffer_op(p, size));
2669 }
2670
2671 static int
2672 pcap_setuserbuffer_dead(pcap_t *p, int size)
2673 {
2674 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2675 "The user buffer cannot be set on a pcap_open_dead pcap_t");
2676 return (-1);
2677 }
2678
2679 int
2680 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks)
2681 {
2682 return (p->live_dump_op(p, filename, maxsize, maxpacks));
2683 }
2684
2685 static int
2686 pcap_live_dump_dead(pcap_t *p, char *filename, int maxsize, int maxpacks)
2687 {
2688 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2689 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
2690 return (-1);
2691 }
2692
2693 int
2694 pcap_live_dump_ended(pcap_t *p, int sync)
2695 {
2696 return (p->live_dump_ended_op(p, sync));
2697 }
2698
2699 static int
2700 pcap_live_dump_ended_dead(pcap_t *p, int sync)
2701 {
2702 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
2703 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
2704 return (-1);
2705 }
2706
2707 PAirpcapHandle
2708 pcap_get_airpcap_handle(pcap_t *p)
2709 {
2710 PAirpcapHandle handle;
2711
2712 handle = p->get_airpcap_handle_op(p);
2713 if (handle == NULL) {
2714 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
2715 "This isn't an AirPcap device");
2716 }
2717 return (handle);
2718 }
2719
2720 static PAirpcapHandle
2721 pcap_get_airpcap_handle_dead(pcap_t *p)
2722 {
2723 return (NULL);
2724 }
2725 #endif
2726
2727 /*
2728 * On some platforms, we need to clean up promiscuous or monitor mode
2729 * when we close a device - and we want that to happen even if the
2730 * application just exits without explicitl closing devices.
2731 * On those platforms, we need to register a "close all the pcaps"
2732 * routine to be called when we exit, and need to maintain a list of
2733 * pcaps that need to be closed to clean up modes.
2734 *
2735 * XXX - not thread-safe.
2736 */
2737
2738 /*
2739 * List of pcaps on which we've done something that needs to be
2740 * cleaned up.
2741 * If there are any such pcaps, we arrange to call "pcap_close_all()"
2742 * when we exit, and have it close all of them.
2743 */
2744 static struct pcap *pcaps_to_close;
2745
2746 /*
2747 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
2748 * be called on exit.
2749 */
2750 static int did_atexit;
2751
2752 static void
2753 pcap_close_all(void)
2754 {
2755 struct pcap *handle;
2756
2757 while ((handle = pcaps_to_close) != NULL)
2758 pcap_close(handle);
2759 }
2760
2761 int
2762 pcap_do_addexit(pcap_t *p)
2763 {
2764 /*
2765 * If we haven't already done so, arrange to have
2766 * "pcap_close_all()" called when we exit.
2767 */
2768 if (!did_atexit) {
2769 if (atexit(pcap_close_all) != 0) {
2770 /*
2771 * "atexit()" failed; let our caller know.
2772 */
2773 strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE);
2774 return (0);
2775 }
2776 did_atexit = 1;
2777 }
2778 return (1);
2779 }
2780
2781 void
2782 pcap_add_to_pcaps_to_close(pcap_t *p)
2783 {
2784 p->next = pcaps_to_close;
2785 pcaps_to_close = p;
2786 }
2787
2788 void
2789 pcap_remove_from_pcaps_to_close(pcap_t *p)
2790 {
2791 pcap_t *pc, *prevpc;
2792
2793 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
2794 prevpc = pc, pc = pc->next) {
2795 if (pc == p) {
2796 /*
2797 * Found it. Remove it from the list.
2798 */
2799 if (prevpc == NULL) {
2800 /*
2801 * It was at the head of the list.
2802 */
2803 pcaps_to_close = pc->next;
2804 } else {
2805 /*
2806 * It was in the middle of the list.
2807 */
2808 prevpc->next = pc->next;
2809 }
2810 break;
2811 }
2812 }
2813 }
2814
2815 void
2816 pcap_cleanup_live_common(pcap_t *p)
2817 {
2818 if (p->buffer != NULL) {
2819 free(p->buffer);
2820 p->buffer = NULL;
2821 }
2822 if (p->dlt_list != NULL) {
2823 free(p->dlt_list);
2824 p->dlt_list = NULL;
2825 p->dlt_count = 0;
2826 }
2827 if (p->tstamp_type_list != NULL) {
2828 free(p->tstamp_type_list);
2829 p->tstamp_type_list = NULL;
2830 p->tstamp_type_count = 0;
2831 }
2832 if (p->tstamp_precision_list != NULL) {
2833 free(p->tstamp_precision_list);
2834 p->tstamp_precision_list = NULL;
2835 p->tstamp_precision_count = 0;
2836 }
2837 pcap_freecode(&p->fcode);
2838 #if !defined(_WIN32) && !defined(MSDOS)
2839 if (p->fd >= 0) {
2840 close(p->fd);
2841 p->fd = -1;
2842 }
2843 p->selectable_fd = -1;
2844 #endif
2845 }
2846
2847 static void
2848 pcap_cleanup_dead(pcap_t *p _U_)
2849 {
2850 /* Nothing to do. */
2851 }
2852
2853 pcap_t *
2854 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
2855 {
2856 pcap_t *p;
2857
2858 switch (precision) {
2859
2860 case PCAP_TSTAMP_PRECISION_MICRO:
2861 case PCAP_TSTAMP_PRECISION_NANO:
2862 break;
2863
2864 default:
2865 return NULL;
2866 }
2867 p = malloc(sizeof(*p));
2868 if (p == NULL)
2869 return NULL;
2870 memset (p, 0, sizeof(*p));
2871 p->snapshot = snaplen;
2872 p->linktype = linktype;
2873 p->opt.tstamp_precision = precision;
2874 p->stats_op = pcap_stats_dead;
2875 #ifdef _WIN32
2876 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
2877 p->setbuff_op = pcap_setbuff_dead;
2878 p->setmode_op = pcap_setmode_dead;
2879 p->setmintocopy_op = pcap_setmintocopy_dead;
2880 p->getevent_op = pcap_getevent_dead;
2881 p->oid_get_request_op = pcap_oid_get_request_dead;
2882 p->oid_set_request_op = pcap_oid_set_request_dead;
2883 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead;
2884 p->setuserbuffer_op = pcap_setuserbuffer_dead;
2885 p->live_dump_op = pcap_live_dump_dead;
2886 p->live_dump_ended_op = pcap_live_dump_ended_dead;
2887 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
2888 #endif
2889 p->cleanup_op = pcap_cleanup_dead;
2890
2891 /*
2892 * A "dead" pcap_t never requires special BPF code generation.
2893 */
2894 p->bpf_codegen_flags = 0;
2895
2896 p->activated = 1;
2897 return (p);
2898 }
2899
2900 pcap_t *
2901 pcap_open_dead(int linktype, int snaplen)
2902 {
2903 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
2904 PCAP_TSTAMP_PRECISION_MICRO));
2905 }
2906
2907 /*
2908 * API compatible with WinPcap's "send a packet" routine - returns -1
2909 * on error, 0 otherwise.
2910 *
2911 * XXX - what if we get a short write?
2912 */
2913 int
2914 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
2915 {
2916 if (p->inject_op(p, buf, size) == -1)
2917 return (-1);
2918 return (0);
2919 }
2920
2921 /*
2922 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
2923 * error, number of bytes written otherwise.
2924 */
2925 int
2926 pcap_inject(pcap_t *p, const void *buf, size_t size)
2927 {
2928 return (p->inject_op(p, buf, size));
2929 }
2930
2931 void
2932 pcap_close(pcap_t *p)
2933 {
2934 if (p->opt.device != NULL)
2935 free(p->opt.device);
2936 p->cleanup_op(p);
2937 free(p);
2938 }
2939
2940 /*
2941 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
2942 * data for the packet, check whether the packet passes the filter.
2943 * Returns the return value of the filter program, which will be zero if
2944 * the packet doesn't pass and non-zero if the packet does pass.
2945 */
2946 int
2947 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
2948 const u_char *pkt)
2949 {
2950 const struct bpf_insn *fcode = fp->bf_insns;
2951
2952 if (fcode != NULL)
2953 return (bpf_filter(fcode, pkt, h->len, h->caplen));
2954 else
2955 return (0);
2956 }
2957
2958 #include "pcap_version.h"
2959
2960 #ifdef _WIN32
2961
2962 static char *full_pcap_version_string;
2963
2964 #ifdef HAVE_VERSION_H
2965 /*
2966 * libpcap being built for Windows, as part of a WinPcap/Npcap source
2967 * tree. Include version.h from that source tree to get the WinPcap/Npcap
2968 * version.
2969 *
2970 * XXX - it'd be nice if we could somehow generate the WinPcap version number
2971 * when building WinPcap. (It'd be nice to do so for the packet.dll version
2972 * number as well.)
2973 */
2974 #include "../../version.h"
2975
2976 static const char wpcap_version_string[] = WINPCAP_VER_STRING;
2977 static const char pcap_version_string_fmt[] =
2978 WINPCAP_PRODUCT_NAME " version %s, based on %s";
2979 static const char pcap_version_string_packet_dll_fmt[] =
2980 WINPCAP_PRODUCT_NAME " version %s (packet.dll version %s), based on %s";
2981
2982 const char *
2983 pcap_lib_version(void)
2984 {
2985 char *packet_version_string;
2986 size_t full_pcap_version_string_len;
2987
2988 if (full_pcap_version_string == NULL) {
2989 /*
2990 * Generate the version string.
2991 */
2992 packet_version_string = PacketGetVersion();
2993 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
2994 /*
2995 * WinPcap version string and packet.dll version
2996 * string are the same; just report the WinPcap
2997 * version.
2998 */
2999 full_pcap_version_string_len =
3000 (sizeof pcap_version_string_fmt - 4) +
3001 strlen(wpcap_version_string) +
3002 strlen(pcap_version_string);
3003 full_pcap_version_string =
3004 malloc(full_pcap_version_string_len);
3005 if (full_pcap_version_string == NULL)
3006 return (NULL);
3007 pcap_snprintf(full_pcap_version_string,
3008 full_pcap_version_string_len,
3009 pcap_version_string_fmt,
3010 wpcap_version_string,
3011 pcap_version_string);
3012 } else {
3013 /*
3014 * WinPcap version string and packet.dll version
3015 * string are different; that shouldn't be the
3016 * case (the two libraries should come from the
3017 * same version of WinPcap), so we report both
3018 * versions.
3019 */
3020 full_pcap_version_string_len =
3021 (sizeof pcap_version_string_packet_dll_fmt - 6) +
3022 strlen(wpcap_version_string) +
3023 strlen(packet_version_string) +
3024 strlen(pcap_version_string);
3025 full_pcap_version_string = malloc(full_pcap_version_string_len);
3026 if (full_pcap_version_string == NULL)
3027 return (NULL);
3028 pcap_snprintf(full_pcap_version_string,
3029 full_pcap_version_string_len,
3030 pcap_version_string_packet_dll_fmt,
3031 wpcap_version_string,
3032 packet_version_string,
3033 pcap_version_string);
3034 }
3035 }
3036 return (full_pcap_version_string);
3037 }
3038
3039 #else /* HAVE_VERSION_H */
3040
3041 /*
3042 * libpcap being built for Windows, not as part of a WinPcap/Npcap source
3043 * tree.
3044 */
3045 static const char pcap_version_string_packet_dll_fmt[] =
3046 "%s (packet.dll version %s)";
3047 const char *
3048 pcap_lib_version(void)
3049 {
3050 char *packet_version_string;
3051 size_t full_pcap_version_string_len;
3052
3053 if (full_pcap_version_string == NULL) {
3054 /*
3055 * Generate the version string. Report the packet.dll
3056 * version.
3057 */
3058 packet_version_string = PacketGetVersion();
3059 full_pcap_version_string_len =
3060 (sizeof pcap_version_string_packet_dll_fmt - 4) +
3061 strlen(pcap_version_string) +
3062 strlen(packet_version_string);
3063 full_pcap_version_string = malloc(full_pcap_version_string_len);
3064 if (full_pcap_version_string == NULL)
3065 return (NULL);
3066 pcap_snprintf(full_pcap_version_string,
3067 full_pcap_version_string_len,
3068 pcap_version_string_packet_dll_fmt,
3069 pcap_version_string,
3070 packet_version_string);
3071 }
3072 return (full_pcap_version_string);
3073 }
3074
3075 #endif /* HAVE_VERSION_H */
3076
3077 #elif defined(MSDOS)
3078
3079 static char *full_pcap_version_string;
3080
3081 const char *
3082 pcap_lib_version (void)
3083 {
3084 char *packet_version_string;
3085 size_t full_pcap_version_string_len;
3086 static char dospfx[] = "DOS-";
3087
3088 if (full_pcap_version_string == NULL) {
3089 /*
3090 * Generate the version string.
3091 */
3092 full_pcap_version_string_len =
3093 sizeof dospfx + strlen(pcap_version_string);
3094 full_pcap_version_string =
3095 malloc(full_pcap_version_string_len);
3096 if (full_pcap_version_string == NULL)
3097 return (NULL);
3098 strcpy(full_pcap_version_string, dospfx);
3099 strcat(full_pcap_version_string, pcap_version_string);
3100 }
3101 return (full_pcap_version_string);
3102 }
3103
3104 #else /* UN*X */
3105
3106 const char *
3107 pcap_lib_version(void)
3108 {
3109 return (pcap_version_string);
3110 }
3111 #endif
3112
3113 #ifdef YYDEBUG
3114 /*
3115 * Set the internal "debug printout" flag for the filter expression parser.
3116 * The code to print that stuff is present only if YYDEBUG is defined, so
3117 * the flag, and the routine to set it, are defined only if YYDEBUG is
3118 * defined.
3119 *
3120 * This is intended for libpcap developers, not for general use.
3121 * If you want to set these in a program, you'll have to declare this
3122 * routine yourself, with the appropriate DLL import attribute on Windows;
3123 * it's not declared in any header file, and won't be declared in any
3124 * header file provided by libpcap.
3125 */
3126 PCAP_API void pcap_set_parser_debug(int value);
3127
3128 PCAP_API_DEF void
3129 pcap_set_parser_debug(int value)
3130 {
3131 extern int pcap_debug;
3132
3133 pcap_debug = value;
3134 }
3135 #endif
3136
3137 #ifdef BDEBUG
3138 /*
3139 * Set the internal "debug printout" flag for the filter expression optimizer.
3140 * The code to print that stuff is present only if BDEBUG is defined, so
3141 * the flag, and the routine to set it, are defined only if BDEBUG is
3142 * defined.
3143 *
3144 * This is intended for libpcap developers, not for general use.
3145 * If you want to set these in a program, you'll have to declare this
3146 * routine yourself, with the appropriate DLL import attribute on Windows;
3147 * it's not declared in any header file, and won't be declared in any
3148 * header file provided by libpcap.
3149 */
3150 PCAP_API void pcap_set_optimizer_debug(int value);
3151
3152 PCAP_API_DEF void
3153 pcap_set_optimizer_debug(int value)
3154 {
3155 extern int pcap_optimizer_debug;
3156
3157 pcap_optimizer_debug = value;
3158 }
3159 #endif
[mirror] the LIBpcap interface to various kernel packet capture mechanism