Lines Matching +full:html +full:- +full:encoding +full:- +full:sniffer
38 #include <pcap-types.h>
66 #include "diag-control.h"
69 #include "os-proto.h"
73 #include "pcap-dos.h"
76 #include "pcap-int.h"
81 #include "pcap-dag.h"
85 #include "pcap-septel.h"
89 #include "pcap-snf.h"
93 #include "pcap-tc.h"
97 #include "pcap-usb-linux.h"
101 #include "pcap-bt-linux.h"
105 #include "pcap-bt-monitor-linux.h"
109 #include "pcap-netfilter-linux.h"
113 #include "pcap-netmap.h"
117 #include "pcap-dbus.h"
121 #include "pcap-rdmasniff.h"
125 #include "pcap-dpdk.h"
129 #include "pcap-airpcap.h"
136 * The WSAStartup function typically leads to protocol-specific helper
143 * The WSACleanup function typically leads to protocol-specific helper
164 static int err = -1; in internal_wsockinit()
214 * The argument specifies whether we use the local code page or UTF-8
215 * for strings; on UN*X, we just assume UTF-8 in places where the encoding
217 * PCAP_CHAR_ENC_LOCAL and UTF-8 for PCAP_CHAR_ENC_UTF_8.
220 * being handed UTF-16 strings, because if the user calls this they're
222 * page strings or UTF-8 strings, so we don't need to allow UTF-16LE
225 * *trying* to pass the result of pcap_lookupdev() - which might be
226 * UTF-16LE on Windows, for ugly compatibility reasons - to pcap_create()
229 * Returns 0 on success, -1 on error.
232 int pcap_utf_8_mode; /* Strings should be in UTF-8. */
248 /* Leave "UTF-8 mode" off. */ in pcap_init()
259 /* Turn on "UTF-8 mode". */ in pcap_init()
278 * UTF-8 mode flag, so we have to call a routine to set its in pcap_init()
279 * UTF-8 mode flag. in pcap_init()
295 if (internal_wsockinit(errbuf) == -1) { in pcap_init()
311 * Not explicitly exported via a header file - the right API to use
312 * is pcap_lib_version() - but some programs included it, so we
325 if (pcap->activated) { in pcap_set_not_initialized_message()
327 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), in pcap_set_not_initialized_message()
332 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), in pcap_set_not_initialized_message()
493 return (p->can_set_rfmon_op(p)); in pcap_can_set_rfmon()
519 if (p->tstamp_type_count == 0) { in pcap_list_tstamp_types()
527 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), in pcap_list_tstamp_types()
535 p->tstamp_type_count); in pcap_list_tstamp_types()
537 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), in pcap_list_tstamp_types()
541 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, in pcap_list_tstamp_types()
542 sizeof(**tstamp_typesp) * p->tstamp_type_count); in pcap_list_tstamp_types()
543 return (p->tstamp_type_count); in pcap_list_tstamp_types()
565 * Default one-shot callback; overridden for capture types where the
574 *sp->hdr = *h; in pcap_oneshot()
575 *sp->pkt = pkt; in pcap_oneshot()
587 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) in pcap_next()
598 s.hdr = &p->pcap_header; in pcap_next_ex()
603 *pkt_header= &p->pcap_header; in pcap_next_ex()
605 if (p->rfile != NULL) { in pcap_next_ex()
609 status = pcap_offline_read(p, 1, p->oneshot_callback, in pcap_next_ex()
614 * - 0: EOF in pcap_next_ex()
615 * - -1: error in pcap_next_ex()
616 * - >0: OK - result is number of packets read, so in pcap_next_ex()
621 * the timeout expired", so we map it to -2 so you can in pcap_next_ex()
627 return (-2); in pcap_next_ex()
634 * - 0: timeout in pcap_next_ex()
635 * - -1: error in pcap_next_ex()
636 * - -2: loop was broken out of with pcap_breakloop() in pcap_next_ex()
637 * - >0: OK, result is number of packets captured, so in pcap_next_ex()
643 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); in pcap_next_ex()
701 * Returns -1 on error, 0 otherwise.
716 if (pcap_platform_finddevs(&devlist, errbuf) == -1) { in pcap_findalldevs()
718 * Failed - free all of the entries we were given in pcap_findalldevs()
724 return (-1); in pcap_findalldevs()
728 * Ask each of the non-local-network-interface capture in pcap_findalldevs()
732 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) { in pcap_findalldevs()
740 return (-1); in pcap_findalldevs()
765 * superior to interfaces that are up but not running, and non-loopback
795 if (!(dev->flags & PCAP_IF_RUNNING)) in get_figure_of_merit()
797 if (!(dev->flags & PCAP_IF_UP)) in get_figure_of_merit()
801 * Give non-wireless interfaces that aren't disconnected a better in get_figure_of_merit()
810 if (!(dev->flags & PCAP_IF_WIRELESS) && in get_figure_of_merit()
811 (dev->flags & PCAP_IF_CONNECTION_STATUS) == PCAP_IF_CONNECTION_STATUS_DISCONNECTED) in get_figure_of_merit()
815 * Sort loopback devices after non-loopback devices, *except* for in get_figure_of_merit()
818 if (dev->flags & PCAP_IF_LOOPBACK) in get_figure_of_merit()
825 if (strcmp(dev->name, "any") == 0) in get_figure_of_merit()
836 * XXX - on FreeBSDs that support it, should it get the sysctl named
841 * that the problem is really a driver bug - if it can find out that it's
867 * you're running on AIX - which I think is the only UN*X that doesn't
870 * library automatically pick up the other libraries when started -
872 * version of libpcap would have to use pcap-config with the --static
876 * -lnl.
934 * to get the description length - it's clamped
984 "USB bus number %ld", busnum) == -1) {
1056 * address to its list of addresses if that address is non-null, and
1057 * return 0, otherwise return -1 and set errbuf to an error message.
1084 * Error - give up.
1086 return (-1);
1129 return (-1);
1132 curaddr->next = NULL;
1134 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size);
1135 if (curaddr->addr == NULL) {
1139 return (-1);
1142 curaddr->addr = NULL;
1145 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size);
1146 if (curaddr->netmask == NULL) {
1149 if (curaddr->addr != NULL)
1150 free(curaddr->addr);
1152 return (-1);
1155 curaddr->netmask = NULL;
1158 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size);
1159 if (curaddr->broadaddr == NULL) {
1162 if (curaddr->netmask != NULL)
1163 free(curaddr->netmask);
1164 if (curaddr->addr != NULL)
1165 free(curaddr->addr);
1167 return (-1);
1170 curaddr->broadaddr = NULL;
1173 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size);
1174 if (curaddr->dstaddr == NULL) {
1177 if (curaddr->broadaddr != NULL)
1178 free(curaddr->broadaddr);
1179 if (curaddr->netmask != NULL)
1180 free(curaddr->netmask);
1181 if (curaddr->addr != NULL)
1182 free(curaddr->addr);
1184 return (-1);
1187 curaddr->dstaddr = NULL;
1192 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) {
1193 nextaddr = prevaddr->next;
1206 curdev->addresses = curaddr;
1212 prevaddr->next = curaddr;
1225 * return -1 and set errbuf to an error message.
1251 if ((*get_flags_func)(name, &flags, errbuf) == -1) {
1276 for (curdev = devlistp->beginning; curdev != NULL;
1277 curdev = curdev->next) {
1278 if (strcmp(name, curdev->name) == 0) {
1319 curdev->next = NULL;
1320 curdev->name = strdup(name);
1321 if (curdev->name == NULL) {
1331 curdev->description = NULL;
1336 curdev->description = strdup(description);
1337 if (curdev->description == NULL) {
1340 free(curdev->name);
1345 curdev->addresses = NULL; /* list starts out as empty */
1346 curdev->flags = flags;
1370 nextdev = devlistp->beginning;
1372 nextdev = prevdev->next;
1379 * Yes - we have to put the new entry after "prevdev".
1393 * Yes - we should put the new entry
1405 curdev->next = nextdev;
1408 * Insert after "prevdev" - unless "prevdev" is null,
1416 devlistp->beginning = curdev;
1418 prevdev->next = curdev;
1432 nextdev = curdev->next;
1437 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) {
1438 nextaddr = curaddr->next;
1439 if (curaddr->addr)
1440 free(curaddr->addr);
1441 if (curaddr->netmask)
1442 free(curaddr->netmask);
1443 if (curaddr->broadaddr)
1444 free(curaddr->broadaddr);
1445 if (curaddr->dstaddr)
1446 free(curaddr->dstaddr);
1453 free(curdev->name);
1458 if (curdev->description != NULL)
1459 free(curdev->description);
1469 * pcap-npf.c has its own pcap_lookupdev(), for compatibility reasons, as
1473 * MS-DOS has its own pcap_lookupdev(), but that might be useful only
1491 * Windows - use the same size as the old WinPcap 3.1 code.
1492 * XXX - this is probably bigger than it needs to be.
1497 * UN*X - use the system's interface name size.
1498 * XXX - that might not be large enough for capture devices
1511 * it may return UTF-16 strings, for backwards-compatibility
1513 * for not-going-past-the-end-of-a-string reasons, and 2) we
1516 * In addition, it's not thread-safe, so we've marked it as
1525 if (pcap_findalldevs(&alldevs, errbuf) == -1)
1528 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) {
1532 * are no non-loopback devices on the list. This means
1535 * XXX - why not return a loopback device? If we can't
1537 * on the list, there aren't any non-loopback devices,
1547 (void)pcap_strlcpy(device, alldevs->name, sizeof(device));
1574 * The pseudo-device "any" listens on all interfaces and therefore
1575 * has the network address and -mask "0.0.0.0" therefore catching
1610 return (-1);
1627 return (-1);
1630 *netp = sin4->sin_addr.s_addr;
1641 return (-1);
1644 *maskp = sin4->sin_addr.s_addr;
1655 return (-1);
1664 #include "pcap-rpcap.h"
1718 * If the parse fails, ebuf is set to an error string, and -1 is returned.
1745 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
1747 * hier-part = "//" authority path-abempty
1748 * / path-absolute
1749 * / path-rootless
1750 * / path-empty
1754 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
1773 return (-1);
1780 * hier-part = "//" authority path-abempty, not
1781 * hier-part = path-absolute
1782 * hier-part = path-rootless
1783 * hier-part = path-empty
1798 return (-1);
1804 * XXX - check whether the purported scheme could be a scheme?
1811 scheme_len = colonp - source;
1816 return (-1);
1822 * Treat file: specially - take everything after file:// as
1831 return (-1);
1839 * interface with "rpcap://{device}"; we special-case
1843 * XXX - %-escaping?
1859 return (-1);
1876 return (-1);
1895 userinfo_len = atsignp - parsep;
1903 return (-1);
1929 * Is it an IP-literal?
1935 * bracket as the IP-Literal; we don't worry
1939 * URL with an IPv4 IP-Literal, of the sort
1950 "IP-literal in URL doesn't end with ]");
1954 return (-1);
1963 "Extra text after IP-literal in URL");
1967 return (-1);
1969 host_len = (bracketp - 1) - parsep;
1978 return (-1);
1996 return (-1);
2021 return (-1);
2046 return (-1);
2070 return (-1);
2099 return (-1);
2118 return (-1);
2148 &tmpport, &tmppath, errbuf) == -1) {
2152 return (-1);
2255 * A null device name is equivalent to the "any" device -
2268 * pairs of UTF-16LE device names and local code page
2273 * that opens devices, we'll get handed a UTF-16LE
2277 * looks as if it might be a UTF-16LE string and, if
2284 * string is UTF-16LE or not; "a" could either
2285 * be a one-character ASCII string or the first
2286 * character of a UTF-16LE string.
2289 * the string, if it's a 1-character ASCII
2326 * Try each of the non-local-network-interface capture
2351 p->opt.device = device_str;
2367 p->opt.device = device_str;
2379 p->opt.nonblock = nonblock;
2391 p->read_op = pcap_read_not_initialized;
2392 p->inject_op = pcap_inject_not_initialized;
2393 p->setfilter_op = pcap_setfilter_not_initialized;
2394 p->setdirection_op = pcap_setdirection_not_initialized;
2395 p->set_datalink_op = pcap_set_datalink_not_initialized;
2396 p->getnonblock_op = pcap_getnonblock_not_initialized;
2397 p->stats_op = pcap_stats_not_initialized;
2399 p->stats_ex_op = pcap_stats_ex_not_initialized;
2400 p->setbuff_op = pcap_setbuff_not_initialized;
2401 p->setmode_op = pcap_setmode_not_initialized;
2402 p->setmintocopy_op = pcap_setmintocopy_not_initialized;
2403 p->getevent_op = pcap_getevent_not_initialized;
2404 p->oid_get_request_op = pcap_oid_get_request_not_initialized;
2405 p->oid_set_request_op = pcap_oid_set_request_not_initialized;
2406 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized;
2407 p->setuserbuffer_op = pcap_setuserbuffer_not_initialized;
2408 p->live_dump_op = pcap_live_dump_not_initialized;
2409 p->live_dump_ended_op = pcap_live_dump_ended_not_initialized;
2410 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized;
2414 * Default cleanup operation - implementations can override
2418 p->cleanup_op = pcap_cleanup_live_common;
2421 * In most cases, the standard one-shot callback can
2424 p->oneshot_callback = pcap_oneshot;
2427 * Default breakloop operation - implementations can override
2431 p->breakloop_op = pcap_breakloop_common;
2457 p->handle = INVALID_HANDLE_VALUE; /* not opened yet */
2459 p->fd = -1; /* not opened yet */
2461 p->selectable_fd = -1;
2462 p->required_select_timeout = NULL;
2473 p->priv = (void *)(chunk + private_offset);
2493 p->can_set_rfmon_op = pcap_cant_set_rfmon;
2496 * If pcap_setnonblock() is called on a not-yet-activated
2498 * on non-blocking mode when activated.
2500 p->setnonblock_op = pcap_setnonblock_unactivated;
2505 p->snapshot = 0; /* max packet size unspecified */
2506 p->opt.timeout = 0; /* no timeout specified */
2507 p->opt.buffer_size = 0; /* use the platform's default */
2508 p->opt.promisc = 0;
2509 p->opt.rfmon = 0;
2510 p->opt.immediate = 0;
2511 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
2512 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
2514 * Platform-dependent options.
2517 p->opt.protocol = 0;
2520 p->opt.nocapture_local = 0;
2526 p->bpf_codegen_flags = 0;
2534 if (p->activated) {
2535 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
2537 return (-1);
2547 p->snapshot = snaplen;
2556 p->opt.promisc = promisc;
2565 p->opt.rfmon = rfmon;
2574 p->opt.timeout = timeout_ms;
2588 * to change now - it's an API.
2594 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
2597 if (p->tstamp_type_count == 0) {
2599 p->opt.tstamp_type = tstamp_type;
2606 for (i = 0; i < p->tstamp_type_count; i++) {
2607 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
2611 p->opt.tstamp_type = tstamp_type;
2628 p->opt.immediate = immediate;
2643 p->opt.buffer_size = buffer_size;
2657 * to change now - it's an API.
2663 * If p->tstamp_precision_count is 0, we only support setting
2669 if (p->tstamp_precision_count == 0) {
2671 p->opt.tstamp_precision = tstamp_precision;
2679 for (i = 0; i < p->tstamp_precision_count; i++) {
2680 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
2684 p->opt.tstamp_precision = tstamp_precision;
2699 return (p->opt.tstamp_precision);
2708 * Catch attempts to re-activate an already-activated
2716 status = p->activate_op(p);
2719 * If somebody requested non-blocking mode before
2722 if (p->opt.nonblock) {
2723 status = p->setnonblock_op(p, 1);
2729 p->cleanup_op(p);
2734 p->activated = 1;
2736 if (p->errbuf[0] == '\0') {
2743 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
2768 * A null device name is equivalent to the "any" device -
2778 * Retrofit - we have to make older applications compatible with
2811 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1;
2841 p->oldstyle = 1;
2850 * -Wformat-truncation.
2852 char trimbuf[PCAP_ERRBUF_SIZE - 5]; /* 2 bytes shorter */
2854 pcap_strlcpy(trimbuf, p->errbuf, sizeof(trimbuf));
2856 PCAP_ERRBUF_SIZE - 3, trimbuf);
2864 if (p->errbuf[0] != '\0') {
2868 char trimbuf[PCAP_ERRBUF_SIZE - 8]; /* 2 bytes shorter */
2870 pcap_strlcpy(trimbuf, p->errbuf, sizeof(trimbuf));
2873 PCAP_ERRBUF_SIZE - 6, trimbuf);
2895 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
2903 return (p->read_op(p, cnt, callback, user));
2912 if (p->rfile != NULL) {
2923 n = p->read_op(p, cnt, callback, user);
2929 cnt -= n;
2942 p->breakloop_op(p);
2948 if (!p->activated)
2950 return (p->linktype);
2956 if (!p->activated)
2958 return (p->linktype_ext);
2964 if (!p->activated)
2966 if (p->dlt_count == 0) {
2975 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf),
2979 **dlt_buffer = p->linktype;
2982 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
2984 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf),
2988 (void)memcpy(*dlt_buffer, p->dlt_list,
2989 sizeof(**dlt_buffer) * p->dlt_count);
2990 return (p->dlt_count);
3020 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
3028 if (p->linktype != dlt)
3036 for (i = 0; i < p->dlt_count; i++)
3037 if (p->dlt_list[i] == (u_int)dlt)
3039 if (i >= p->dlt_count)
3041 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
3045 * link-layer type it offers is DLT_EN10MB, and the only
3047 * we can't tell the driver to supply DOCSIS link-layer
3048 * headers - we're just pretending that's what we're
3051 * it's putting raw DOCSIS frames on the wire inside low-level
3054 p->linktype = dlt;
3057 if (p->set_datalink_op(p, dlt) == -1)
3058 return (-1);
3059 p->linktype = dlt;
3065 (void) snprintf(p->errbuf, sizeof(p->errbuf),
3069 (void) snprintf(p->errbuf, sizeof(p->errbuf),
3073 return (-1);
3158 return (cm[*us1] - cm[*--us2]);
3178 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
3196 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
3200 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
3201 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
3208 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
3209 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
3222 DLT_CHOICE(GPF_T, "GPF-T"),
3223 DLT_CHOICE(GPF_F, "GPF-F"),
3226 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"),
3231 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"),
3242 DLT_CHOICE(PPI, "Per-Packet Information"),
3246 DLT_CHOICE(SITA, "SITA pseudo-header"),
3248 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"),
3249 DLT_CHOICE(IPMB_KONTRON, "IPMB with Kontron pseudo-header"),
3251 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
3253 DLT_CHOICE(IPMB_LINUX, "IPMB with Linux/Pigeon Point pseudo-header"),
3254 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
3255 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"),
3261 DLT_CHOICE(FC_2, "Fibre Channel FC-2"),
3262 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
3264 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
3268 DLT_CHOICE(DBUS, "D-Bus"),
3272 DLT_CHOICE(DVB_CI, "DVB-CI"),
3277 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
3278 …DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with pre…
3279 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"),
3280 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"),
3282 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
3291 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
3296 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"),
3297 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"),
3304 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"),
3306 DLT_CHOICE(NORDIC_BLE, "Nordic Semiconductor Bluetooth LE sniffer frames"),
3307 DLT_CHOICE(DOCSIS31_XRA31, "Excentis XRA-31 DOCSIS 3.1 RF sniffer frames"),
3316 DLT_CHOICE(IEEE802_15_4_TAP, "IEEE 802.15.4 with pseudo-header"),
3320 DLT_CHOICE(Z_WAVE_SERIAL, "Z-Wave serial frames between host and chip"),
3322 DLT_CHOICE(ATSC_ALP, "ATSC Link-Layer Protocol packets"),
3335 return (-1);
3432 if (!p->activated)
3434 return (p->snapshot);
3440 if (!p->activated)
3442 return (p->swapped);
3448 if (!p->activated)
3450 return (p->version_major);
3456 if (!p->activated)
3458 return (p->version_minor);
3464 if (!p->activated)
3466 return (p->bufsize);
3472 return (p->rfile);
3479 if (p->handle != INVALID_HANDLE_VALUE) {
3481 * This is a bogus and now-deprecated API; we
3490 return ((int)(intptr_t)p->handle);
3499 return (p->fd);
3507 return (p->selectable_fd);
3513 return (p->required_select_timeout);
3520 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
3526 return (p->errbuf);
3534 ret = p->getnonblock_op(p);
3535 if (ret == -1) {
3537 * The get nonblock operation sets p->errbuf; this
3545 pcap_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
3551 * Get the current non-blocking mode setting, under the assumption that
3552 * it's just the standard POSIX non-blocking flag.
3560 fdflags = fcntl(p->fd, F_GETFL, 0);
3561 if (fdflags == -1) {
3562 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3564 return (-1);
3578 ret = p->setnonblock_op(p, nonblock);
3579 if (ret == -1) {
3581 * The set nonblock operation sets p->errbuf; this
3589 pcap_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE);
3596 * Set non-blocking mode, under the assumption that it's just the
3597 * standard POSIX non-blocking flag. (This can be called by the
3598 * per-platform non-blocking-mode routine if that routine also
3606 fdflags = fcntl(p->fd, F_GETFL, 0);
3607 if (fdflags == -1) {
3608 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3610 return (-1);
3616 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
3617 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
3619 return (-1);
3716 return (p->setfilter_op(p, fp));
3728 if (p->setdirection_op == NULL) {
3729 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
3731 return (-1);
3741 return (p->setdirection_op(p, d));
3747 snprintf(p->errbuf, sizeof(p->errbuf),
3749 return (-1);
3757 return (p->stats_op(p, ps));
3764 return (p->stats_ex_op(p, pcap_stat_size));
3770 return (p->setbuff_op(p, dim));
3776 return (p->setmode_op(p, mode));
3782 return (p->setmintocopy_op(p, size));
3788 return (p->getevent_op(p));
3794 return (p->oid_get_request_op(p, oid, data, lenp));
3800 return (p->oid_set_request_op(p, oid, data, lenp));
3815 tqueue->buffer = (char *)malloc(memsize);
3816 if (tqueue->buffer == NULL) {
3821 tqueue->maxlen = memsize;
3822 tqueue->len = 0;
3830 free(queue->buffer);
3837 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){
3838 return (-1);
3842 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr));
3843 queue->len += sizeof(struct pcap_pkthdr);
3846 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen);
3847 queue->len += pkt_header->caplen;
3855 return (p->sendqueue_transmit_op(p, queue, sync));
3861 return (p->setuserbuffer_op(p, size));
3867 return (p->live_dump_op(p, filename, maxsize, maxpacks));
3873 return (p->live_dump_ended_op(p, sync));
3881 handle = p->get_airpcap_handle_op(p);
3883 (void)snprintf(p->errbuf, sizeof(p->errbuf),
3892 * when we close a device - and we want that to happen even if the
3898 * XXX - not thread-safe.
3931 * That means that, after pcap_close() - which calls
3932 * the cleanup_op for the pcap_t - the pcap_t must
3956 pcap_strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE);
3967 p->next = pcaps_to_close;
3977 prevpc = pc, pc = pc->next) {
3986 pcaps_to_close = pc->next;
3991 prevpc->next = pc->next;
4001 p->break_loop = 1;
4008 if (p->opt.device != NULL) {
4009 free(p->opt.device);
4010 p->opt.device = NULL;
4012 if (p->buffer != NULL) {
4013 free(p->buffer);
4014 p->buffer = NULL;
4016 if (p->dlt_list != NULL) {
4017 free(p->dlt_list);
4018 p->dlt_list = NULL;
4019 p->dlt_count = 0;
4021 if (p->tstamp_type_list != NULL) {
4022 free(p->tstamp_type_list);
4023 p->tstamp_type_list = NULL;
4024 p->tstamp_type_count = 0;
4026 if (p->tstamp_precision_list != NULL) {
4027 free(p->tstamp_precision_list);
4028 p->tstamp_precision_list = NULL;
4029 p->tstamp_precision_count = 0;
4031 pcap_freecode(&p->fcode);
4033 if (p->fd >= 0) {
4034 close(p->fd);
4035 p->fd = -1;
4037 p->selectable_fd = -1;
4042 * API compatible with WinPcap's "send a packet" routine - returns -1
4045 * XXX - what if we get a short write?
4051 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
4056 if (p->inject_op(p, buf, size) == -1)
4057 return (-1);
4062 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
4073 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
4079 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
4084 return (p->inject_op(p, buf, (int)size));
4090 p->cleanup_op(p);
4096 * Currently Windows-only.
4106 // https://blog.rapid7.com/2010/08/23/exploiting-dll-hijacking-flaws/
4107 // https://blog.rapid7.com/2010/08/23/application-dll-load-hijacking/
4114 …chive.org/web/20110122175058/http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
4121 * XXX - should this work in UTF-16LE rather than in the local
4173 * the packet doesn't pass and non-zero if the packet does pass.
4179 const struct bpf_insn *fcode = fp->bf_insns;
4182 return (pcap_filter(fcode, pkt, h->len, h->caplen));
4190 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4199 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4201 return (-1);
4212 * get-packets loop in progress to break out *of*.
4221 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4223 return (-1);
4229 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4231 return (-1);
4237 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4239 return (-1);
4245 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4246 "The link-layer header type cannot be set on a pcap_open_dead pcap_t");
4247 return (-1);
4253 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4254 "A pcap_open_dead pcap_t does not have a non-blocking mode setting");
4255 return (-1);
4261 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4262 "A pcap_open_dead pcap_t does not have a non-blocking mode setting");
4263 return (-1);
4269 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4271 return (-1);
4278 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4286 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4288 return (-1);
4294 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4296 return (-1);
4302 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4304 return (-1);
4310 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4319 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4328 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4337 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4345 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4347 return (-1);
4354 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4356 return (-1);
4362 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
4364 return (-1);
4405 p->snapshot = snaplen;
4406 p->linktype = linktype;
4407 p->opt.tstamp_precision = precision;
4408 p->can_set_rfmon_op = pcap_can_set_rfmon_dead;
4409 p->read_op = pcap_read_dead;
4410 p->inject_op = pcap_inject_dead;
4411 p->setfilter_op = pcap_setfilter_dead;
4412 p->setdirection_op = pcap_setdirection_dead;
4413 p->set_datalink_op = pcap_set_datalink_dead;
4414 p->getnonblock_op = pcap_getnonblock_dead;
4415 p->setnonblock_op = pcap_setnonblock_dead;
4416 p->stats_op = pcap_stats_dead;
4418 p->stats_ex_op = pcap_stats_ex_dead;
4419 p->setbuff_op = pcap_setbuff_dead;
4420 p->setmode_op = pcap_setmode_dead;
4421 p->setmintocopy_op = pcap_setmintocopy_dead;
4422 p->getevent_op = pcap_getevent_dead;
4423 p->oid_get_request_op = pcap_oid_get_request_dead;
4424 p->oid_set_request_op = pcap_oid_set_request_dead;
4425 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead;
4426 p->setuserbuffer_op = pcap_setuserbuffer_dead;
4427 p->live_dump_op = pcap_live_dump_dead;
4428 p->live_dump_ended_op = pcap_live_dump_ended_dead;
4429 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
4431 p->breakloop_op = pcap_breakloop_dead;
4432 p->cleanup_op = pcap_cleanup_dead;
4437 p->bpf_codegen_flags = 0;
4439 p->activated = 1;