1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifndef lint
35 static const char rcsid[] _U_ =
36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)";
37 #endif
38
39 #ifdef HAVE_CONFIG_H
40 #include "config.h"
41 #endif
42
43 #ifdef WIN32
44 #include <pcap-stdinc.h>
45 #else /* WIN32 */
46 #if HAVE_INTTYPES_H
47 #include <inttypes.h>
48 #elif HAVE_STDINT_H
49 #include <stdint.h>
50 #endif
51 #ifdef HAVE_SYS_BITYPES_H
52 #include <sys/bitypes.h>
53 #endif
54 #include <sys/types.h>
55 #endif /* WIN32 */
56
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <string.h>
60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
61 #include <unistd.h>
62 #endif
63 #include <fcntl.h>
64 #include <errno.h>
65
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69
70 #ifdef MSDOS
71 #include "pcap-dos.h"
72 #endif
73
74 #include "pcap-int.h"
75
76 #ifdef HAVE_DAG_API
77 #include "pcap-dag.h"
78 #endif /* HAVE_DAG_API */
79
80 #ifdef HAVE_SEPTEL_API
81 #include "pcap-septel.h"
82 #endif /* HAVE_SEPTEL_API */
83
84 #ifdef HAVE_SNF_API
85 #include "pcap-snf.h"
86 #endif /* HAVE_SNF_API */
87
88 #ifdef PCAP_SUPPORT_USB
89 #include "pcap-usb-linux.h"
90 #endif
91
92 #ifdef PCAP_SUPPORT_BT
93 #include "pcap-bt-linux.h"
94 #endif
95
96 #ifdef PCAP_SUPPORT_CAN
97 #include "pcap-can-linux.h"
98 #endif
99
100 #ifdef PCAP_SUPPORT_CANUSB
101 #include "pcap-canusb-linux.h"
102 #endif
103
104 #ifdef PCAP_SUPPORT_NETFILTER
105 #include "pcap-netfilter-linux.h"
106 #endif
107
108 #ifdef PCAP_SUPPORT_DBUS
109 #include "pcap-dbus.h"
110 #endif
111
112 int
pcap_not_initialized(pcap_t * pcap _U_)113 pcap_not_initialized(pcap_t *pcap _U_)
114 {
115 /* this means 'not initialized' */
116 return (PCAP_ERROR_NOT_ACTIVATED);
117 }
118
119 #ifdef WIN32
120 Adapter *
pcap_no_adapter(pcap_t * pcap _U_)121 pcap_no_adapter(pcap_t *pcap _U_)
122 {
123 return (NULL);
124 }
125 #endif
126
127 /*
128 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
129 * a PCAP_ERROR value on an error.
130 */
131 int
pcap_can_set_rfmon(pcap_t * p)132 pcap_can_set_rfmon(pcap_t *p)
133 {
134 return (p->can_set_rfmon_op(p));
135 }
136
137 /*
138 * For systems where rfmon mode is never supported.
139 */
140 static int
pcap_cant_set_rfmon(pcap_t * p _U_)141 pcap_cant_set_rfmon(pcap_t *p _U_)
142 {
143 return (0);
144 }
145
146 /*
147 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
148 * types; the return value is the number of supported time stamp types.
149 * The list should be freed by a call to pcap_free_tstamp_types() when
150 * you're done with it.
151 *
152 * A return value of 0 means "you don't get a choice of time stamp type",
153 * in which case *tstamp_typesp is set to null.
154 *
155 * PCAP_ERROR is returned on error.
156 */
157 int
pcap_list_tstamp_types(pcap_t * p,int ** tstamp_typesp)158 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
159 {
160 if (p->tstamp_type_count == 0) {
161 /*
162 * We don't support multiple time stamp types.
163 */
164 *tstamp_typesp = NULL;
165 } else {
166 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
167 p->tstamp_type_count);
168 if (*tstamp_typesp == NULL) {
169 (void)snprintf(p->errbuf, sizeof(p->errbuf),
170 "malloc: %s", pcap_strerror(errno));
171 return (PCAP_ERROR);
172 }
173 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
174 sizeof(**tstamp_typesp) * p->tstamp_type_count);
175 }
176 return (p->tstamp_type_count);
177 }
178
179 /*
180 * In Windows, you might have a library built with one version of the
181 * C runtime library and an application built with another version of
182 * the C runtime library, which means that the library might use one
183 * version of malloc() and free() and the application might use another
184 * version of malloc() and free(). If so, that means something
185 * allocated by the library cannot be freed by the application, so we
186 * need to have a pcap_free_tstamp_types() routine to free up the list
187 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
188 * around free().
189 */
190 void
pcap_free_tstamp_types(int * tstamp_type_list)191 pcap_free_tstamp_types(int *tstamp_type_list)
192 {
193 free(tstamp_type_list);
194 }
195
196 /*
197 * Default one-shot callback; overridden for capture types where the
198 * packet data cannot be guaranteed to be available after the callback
199 * returns, so that a copy must be made.
200 */
201 void
pcap_oneshot(u_char * user,const struct pcap_pkthdr * h,const u_char * pkt)202 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
203 {
204 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
205
206 *sp->hdr = *h;
207 *sp->pkt = pkt;
208 }
209
210 const u_char *
pcap_next(pcap_t * p,struct pcap_pkthdr * h)211 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
212 {
213 struct oneshot_userdata s;
214 const u_char *pkt;
215
216 s.hdr = h;
217 s.pkt = &pkt;
218 s.pd = p;
219 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
220 return (0);
221 return (pkt);
222 }
223
224 int
pcap_next_ex(pcap_t * p,struct pcap_pkthdr ** pkt_header,const u_char ** pkt_data)225 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
226 const u_char **pkt_data)
227 {
228 struct oneshot_userdata s;
229
230 s.hdr = &p->pcap_header;
231 s.pkt = pkt_data;
232 s.pd = p;
233
234 /* Saves a pointer to the packet headers */
235 *pkt_header= &p->pcap_header;
236
237 if (p->rfile != NULL) {
238 int status;
239
240 /* We are on an offline capture */
241 status = pcap_offline_read(p, 1, p->oneshot_callback,
242 (u_char *)&s);
243
244 /*
245 * Return codes for pcap_offline_read() are:
246 * - 0: EOF
247 * - -1: error
248 * - >1: OK
249 * The first one ('0') conflicts with the return code of
250 * 0 from pcap_read() meaning "no packets arrived before
251 * the timeout expired", so we map it to -2 so you can
252 * distinguish between an EOF from a savefile and a
253 * "no packets arrived before the timeout expired, try
254 * again" from a live capture.
255 */
256 if (status == 0)
257 return (-2);
258 else
259 return (status);
260 }
261
262 /*
263 * Return codes for pcap_read() are:
264 * - 0: timeout
265 * - -1: error
266 * - -2: loop was broken out of with pcap_breakloop()
267 * - >1: OK
268 * The first one ('0') conflicts with the return code of 0 from
269 * pcap_offline_read() meaning "end of file".
270 */
271 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
272 }
273
274 #if defined(DAG_ONLY)
275 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)276 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
277 {
278 return (dag_findalldevs(alldevsp, errbuf));
279 }
280
281 pcap_t *
pcap_create(const char * source,char * errbuf)282 pcap_create(const char *source, char *errbuf)
283 {
284 return (dag_create(source, errbuf));
285 }
286 #elif defined(SEPTEL_ONLY)
287 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)288 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
289 {
290 return (septel_findalldevs(alldevsp, errbuf));
291 }
292
293 pcap_t *
pcap_create(const char * source,char * errbuf)294 pcap_create(const char *source, char *errbuf)
295 {
296 return (septel_create(source, errbuf));
297 }
298 #elif defined(SNF_ONLY)
299 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)300 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
301 {
302 return (snf_findalldevs(alldevsp, errbuf));
303 }
304
305 pcap_t *
pcap_create(const char * source,char * errbuf)306 pcap_create(const char *source, char *errbuf)
307 {
308 return (snf_create(source, errbuf));
309 }
310 #else /* regular pcap */
311 struct capture_source_type {
312 int (*findalldevs_op)(pcap_if_t **, char *);
313 pcap_t *(*create_op)(const char *, char *, int *);
314 } capture_source_types[] = {
315 #ifdef HAVE_DAG_API
316 { dag_findalldevs, dag_create },
317 #endif
318 #ifdef HAVE_SEPTEL_API
319 { septel_findalldevs, septel_create },
320 #endif
321 #ifdef HAVE_SNF_API
322 { snf_findalldevs, snf_create },
323 #endif
324 #ifdef PCAP_SUPPORT_BT
325 { bt_findalldevs, bt_create },
326 #endif
327 #if PCAP_SUPPORT_CANUSB
328 { canusb_findalldevs, canusb_create },
329 #endif
330 #ifdef PCAP_SUPPORT_CAN
331 { can_findalldevs, can_create },
332 #endif
333 #ifdef PCAP_SUPPORT_USB
334 { usb_findalldevs, usb_create },
335 #endif
336 #ifdef PCAP_SUPPORT_NETFILTER
337 { netfilter_findalldevs, netfilter_create },
338 #endif
339 #ifdef PCAP_SUPPORT_DBUS
340 { dbus_findalldevs, dbus_create },
341 #endif
342 { NULL, NULL }
343 };
344
345 /*
346 * Get a list of all capture sources that are up and that we can open.
347 * Returns -1 on error, 0 otherwise.
348 * The list, as returned through "alldevsp", may be null if no interfaces
349 * were up and could be opened.
350 */
351 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)352 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
353 {
354 size_t i;
355
356 /*
357 * Get the list of regular interfaces first.
358 */
359 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1)
360 return (-1); /* failure */
361
362 /*
363 * Add any interfaces that need a platform-specific mechanism
364 * to find.
365 */
366 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) {
367 /*
368 * We had an error; free the list we've been
369 * constructing.
370 */
371 if (*alldevsp != NULL) {
372 pcap_freealldevs(*alldevsp);
373 *alldevsp = NULL;
374 }
375 return (-1);
376 }
377
378 /*
379 * Ask each of the non-local-network-interface capture
380 * source types what interfaces they have.
381 */
382 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
383 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
384 /*
385 * We had an error; free the list we've been
386 * constructing.
387 */
388 if (*alldevsp != NULL) {
389 pcap_freealldevs(*alldevsp);
390 *alldevsp = NULL;
391 }
392 return (-1);
393 }
394 }
395 return (0);
396 }
397
398 pcap_t *
pcap_create(const char * source,char * errbuf)399 pcap_create(const char *source, char *errbuf)
400 {
401 size_t i;
402 int is_theirs;
403 pcap_t *p;
404
405 /*
406 * A null source name is equivalent to the "any" device -
407 * which might not be supported on this platform, but
408 * this means that you'll get a "not supported" error
409 * rather than, say, a crash when we try to dereference
410 * the null pointer.
411 */
412 if (source == NULL)
413 source = "any";
414
415 /*
416 * Try each of the non-local-network-interface capture
417 * source types until we find one that works for this
418 * device or run out of types.
419 */
420 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
421 is_theirs = 0;
422 p = capture_source_types[i].create_op(source, errbuf, &is_theirs);
423 if (is_theirs) {
424 /*
425 * The device name refers to a device of the
426 * type in question; either it succeeded,
427 * in which case p refers to a pcap_t to
428 * later activate for the device, or it
429 * failed, in which case p is null and we
430 * should return that to report the failure
431 * to create.
432 */
433 return (p);
434 }
435 }
436
437 /*
438 * OK, try it as a regular network interface.
439 */
440 return (pcap_create_interface(source, errbuf));
441 }
442 #endif
443
444 static void
initialize_ops(pcap_t * p)445 initialize_ops(pcap_t *p)
446 {
447 /*
448 * Set operation pointers for operations that only work on
449 * an activated pcap_t to point to a routine that returns
450 * a "this isn't activated" error.
451 */
452 p->read_op = (read_op_t)pcap_not_initialized;
453 p->inject_op = (inject_op_t)pcap_not_initialized;
454 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
455 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
456 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
457 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
458 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
459 p->stats_op = (stats_op_t)pcap_not_initialized;
460 #ifdef WIN32
461 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
462 p->setmode_op = (setmode_op_t)pcap_not_initialized;
463 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
464 p->getadapter_op = pcap_no_adapter;
465 #endif
466
467 /*
468 * Default cleanup operation - implementations can override
469 * this, but should call pcap_cleanup_live_common() after
470 * doing their own additional cleanup.
471 */
472 p->cleanup_op = pcap_cleanup_live_common;
473
474 /*
475 * In most cases, the standard one-shot callback can
476 * be used for pcap_next()/pcap_next_ex().
477 */
478 p->oneshot_callback = pcap_oneshot;
479 }
480
481 static pcap_t *
pcap_alloc_pcap_t(char * ebuf,size_t size)482 pcap_alloc_pcap_t(char *ebuf, size_t size)
483 {
484 char *chunk;
485 pcap_t *p;
486
487 /*
488 * Allocate a chunk of memory big enough for a pcap_t
489 * plus a structure following it of size "size". The
490 * structure following it is a private data structure
491 * for the routines that handle this pcap_t.
492 */
493 chunk = malloc(sizeof (pcap_t) + size);
494 if (chunk == NULL) {
495 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
496 pcap_strerror(errno));
497 return (NULL);
498 }
499 memset(chunk, 0, sizeof (pcap_t) + size);
500
501 /*
502 * Get a pointer to the pcap_t at the beginning.
503 */
504 p = (pcap_t *)chunk;
505
506 #ifndef WIN32
507 p->fd = -1; /* not opened yet */
508 p->selectable_fd = -1;
509 #endif
510
511 if (size == 0) {
512 /* No private data was requested. */
513 p->priv = NULL;
514 } else {
515 /*
516 * Set the pointer to the private data; that's the structure
517 * of size "size" following the pcap_t.
518 */
519 p->priv = (void *)(chunk + sizeof (pcap_t));
520 }
521
522 return (p);
523 }
524
525 pcap_t *
pcap_create_common(const char * source,char * ebuf,size_t size)526 pcap_create_common(const char *source, char *ebuf, size_t size)
527 {
528 pcap_t *p;
529
530 p = pcap_alloc_pcap_t(ebuf, size);
531 if (p == NULL)
532 return (NULL);
533
534 p->opt.source = strdup(source);
535 if (p->opt.source == NULL) {
536 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
537 pcap_strerror(errno));
538 free(p);
539 return (NULL);
540 }
541
542 /*
543 * Default to "can't set rfmon mode"; if it's supported by
544 * a platform, the create routine that called us can set
545 * the op to its routine to check whether a particular
546 * device supports it.
547 */
548 p->can_set_rfmon_op = pcap_cant_set_rfmon;
549
550 initialize_ops(p);
551
552 /* put in some defaults*/
553 pcap_set_snaplen(p, 65535); /* max packet size */
554 p->opt.timeout = 0; /* no timeout specified */
555 p->opt.buffer_size = 0; /* use the platform's default */
556 p->opt.promisc = 0;
557 p->opt.rfmon = 0;
558 p->opt.immediate = 0;
559 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
560 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
561 return (p);
562 }
563
564 int
pcap_check_activated(pcap_t * p)565 pcap_check_activated(pcap_t *p)
566 {
567 if (p->activated) {
568 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
569 " operation on activated capture");
570 return (-1);
571 }
572 return (0);
573 }
574
575 int
pcap_set_snaplen(pcap_t * p,int snaplen)576 pcap_set_snaplen(pcap_t *p, int snaplen)
577 {
578 if (pcap_check_activated(p))
579 return (PCAP_ERROR_ACTIVATED);
580 p->snapshot = snaplen;
581 return (0);
582 }
583
584 int
pcap_set_promisc(pcap_t * p,int promisc)585 pcap_set_promisc(pcap_t *p, int promisc)
586 {
587 if (pcap_check_activated(p))
588 return (PCAP_ERROR_ACTIVATED);
589 p->opt.promisc = promisc;
590 return (0);
591 }
592
593 int
pcap_set_rfmon(pcap_t * p,int rfmon)594 pcap_set_rfmon(pcap_t *p, int rfmon)
595 {
596 if (pcap_check_activated(p))
597 return (PCAP_ERROR_ACTIVATED);
598 p->opt.rfmon = rfmon;
599 return (0);
600 }
601
602 int
pcap_set_timeout(pcap_t * p,int timeout_ms)603 pcap_set_timeout(pcap_t *p, int timeout_ms)
604 {
605 if (pcap_check_activated(p))
606 return (PCAP_ERROR_ACTIVATED);
607 p->opt.timeout = timeout_ms;
608 return (0);
609 }
610
611 int
pcap_set_tstamp_type(pcap_t * p,int tstamp_type)612 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
613 {
614 int i;
615
616 if (pcap_check_activated(p))
617 return (PCAP_ERROR_ACTIVATED);
618
619 /*
620 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
621 * the default time stamp type is PCAP_TSTAMP_HOST.
622 */
623 if (p->tstamp_type_count == 0) {
624 if (tstamp_type == PCAP_TSTAMP_HOST) {
625 p->opt.tstamp_type = tstamp_type;
626 return (0);
627 }
628 } else {
629 /*
630 * Check whether we claim to support this type of time stamp.
631 */
632 for (i = 0; i < p->tstamp_type_count; i++) {
633 if (p->tstamp_type_list[i] == tstamp_type) {
634 /*
635 * Yes.
636 */
637 p->opt.tstamp_type = tstamp_type;
638 return (0);
639 }
640 }
641 }
642
643 /*
644 * We don't support this type of time stamp.
645 */
646 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
647 }
648
649 int
pcap_set_immediate_mode(pcap_t * p,int immediate)650 pcap_set_immediate_mode(pcap_t *p, int immediate)
651 {
652 if (pcap_check_activated(p))
653 return (PCAP_ERROR_ACTIVATED);
654 p->opt.immediate = immediate;
655 return (0);
656 }
657
658 int
pcap_set_buffer_size(pcap_t * p,int buffer_size)659 pcap_set_buffer_size(pcap_t *p, int buffer_size)
660 {
661 if (pcap_check_activated(p))
662 return (PCAP_ERROR_ACTIVATED);
663 p->opt.buffer_size = buffer_size;
664 return (0);
665 }
666
667 int
pcap_set_tstamp_precision(pcap_t * p,int tstamp_precision)668 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
669 {
670 int i;
671
672 if (pcap_check_activated(p))
673 return (PCAP_ERROR_ACTIVATED);
674
675 /*
676 * If p->tstamp_precision_count is 0, we only support setting
677 * the time stamp precision to microsecond precision; every
678 * pcap module *MUST* support microsecond precision, even if
679 * it does so by converting the native precision to
680 * microseconds.
681 */
682 if (p->tstamp_precision_count == 0) {
683 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
684 p->opt.tstamp_precision = tstamp_precision;
685 return (0);
686 }
687 } else {
688 /*
689 * Check whether we claim to support this precision of
690 * time stamp.
691 */
692 for (i = 0; i < p->tstamp_precision_count; i++) {
693 if (p->tstamp_precision_list[i] == tstamp_precision) {
694 /*
695 * Yes.
696 */
697 p->opt.tstamp_precision = tstamp_precision;
698 return (0);
699 }
700 }
701 }
702
703 /*
704 * We don't support this time stamp precision.
705 */
706 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
707 }
708
709 int
pcap_get_tstamp_precision(pcap_t * p)710 pcap_get_tstamp_precision(pcap_t *p)
711 {
712 return (p->opt.tstamp_precision);
713 }
714
715 int
pcap_activate(pcap_t * p)716 pcap_activate(pcap_t *p)
717 {
718 int status;
719
720 /*
721 * Catch attempts to re-activate an already-activated
722 * pcap_t; this should, for example, catch code that
723 * calls pcap_open_live() followed by pcap_activate(),
724 * as some code that showed up in a Stack Exchange
725 * question did.
726 */
727 if (pcap_check_activated(p))
728 return (PCAP_ERROR_ACTIVATED);
729 status = p->activate_op(p);
730 if (status >= 0)
731 p->activated = 1;
732 else {
733 if (p->errbuf[0] == '\0') {
734 /*
735 * No error message supplied by the activate routine;
736 * for the benefit of programs that don't specially
737 * handle errors other than PCAP_ERROR, return the
738 * error message corresponding to the status.
739 */
740 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
741 pcap_statustostr(status));
742 }
743
744 /*
745 * Undo any operation pointer setting, etc. done by
746 * the activate operation.
747 */
748 initialize_ops(p);
749 }
750 return (status);
751 }
752
753 pcap_t *
pcap_open_live(const char * source,int snaplen,int promisc,int to_ms,char * errbuf)754 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
755 {
756 pcap_t *p;
757 int status;
758
759 p = pcap_create(source, errbuf);
760 if (p == NULL)
761 return (NULL);
762 status = pcap_set_snaplen(p, snaplen);
763 if (status < 0)
764 goto fail;
765 status = pcap_set_promisc(p, promisc);
766 if (status < 0)
767 goto fail;
768 status = pcap_set_timeout(p, to_ms);
769 if (status < 0)
770 goto fail;
771 /*
772 * Mark this as opened with pcap_open_live(), so that, for
773 * example, we show the full list of DLT_ values, rather
774 * than just the ones that are compatible with capturing
775 * when not in monitor mode. That allows existing applications
776 * to work the way they used to work, but allows new applications
777 * that know about the new open API to, for example, find out the
778 * DLT_ values that they can select without changing whether
779 * the adapter is in monitor mode or not.
780 */
781 p->oldstyle = 1;
782 status = pcap_activate(p);
783 if (status < 0)
784 goto fail;
785 return (p);
786 fail:
787 if (status == PCAP_ERROR)
788 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
789 p->errbuf);
790 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
791 status == PCAP_ERROR_PERM_DENIED ||
792 status == PCAP_ERROR_PROMISC_PERM_DENIED)
793 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
794 pcap_statustostr(status), p->errbuf);
795 else
796 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
797 pcap_statustostr(status));
798 pcap_close(p);
799 return (NULL);
800 }
801
802 pcap_t *
pcap_open_offline_common(char * ebuf,size_t size)803 pcap_open_offline_common(char *ebuf, size_t size)
804 {
805 pcap_t *p;
806
807 p = pcap_alloc_pcap_t(ebuf, size);
808 if (p == NULL)
809 return (NULL);
810
811 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
812 p->opt.source = strdup("(savefile)");
813 if (p->opt.source == NULL) {
814 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
815 pcap_strerror(errno));
816 free(p);
817 return (NULL);
818 }
819
820 return (p);
821 }
822
823 int
pcap_dispatch(pcap_t * p,int cnt,pcap_handler callback,u_char * user)824 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
825 {
826 return (p->read_op(p, cnt, callback, user));
827 }
828
829 /*
830 * XXX - is this necessary?
831 */
832 int
pcap_read(pcap_t * p,int cnt,pcap_handler callback,u_char * user)833 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
834 {
835
836 return (p->read_op(p, cnt, callback, user));
837 }
838
839 int
pcap_loop(pcap_t * p,int cnt,pcap_handler callback,u_char * user)840 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
841 {
842 register int n;
843
844 for (;;) {
845 if (p->rfile != NULL) {
846 /*
847 * 0 means EOF, so don't loop if we get 0.
848 */
849 n = pcap_offline_read(p, cnt, callback, user);
850 } else {
851 /*
852 * XXX keep reading until we get something
853 * (or an error occurs)
854 */
855 do {
856 n = p->read_op(p, cnt, callback, user);
857 } while (n == 0);
858 }
859 if (n <= 0)
860 return (n);
861 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
862 cnt -= n;
863 if (cnt <= 0)
864 return (0);
865 }
866 }
867 }
868
869 /*
870 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
871 */
872 void
pcap_breakloop(pcap_t * p)873 pcap_breakloop(pcap_t *p)
874 {
875 p->break_loop = 1;
876 }
877
878 int
pcap_datalink(pcap_t * p)879 pcap_datalink(pcap_t *p)
880 {
881 if (!p->activated)
882 return (PCAP_ERROR_NOT_ACTIVATED);
883 return (p->linktype);
884 }
885
886 int
pcap_datalink_ext(pcap_t * p)887 pcap_datalink_ext(pcap_t *p)
888 {
889 if (!p->activated)
890 return (PCAP_ERROR_NOT_ACTIVATED);
891 return (p->linktype_ext);
892 }
893
894 int
pcap_list_datalinks(pcap_t * p,int ** dlt_buffer)895 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
896 {
897 if (!p->activated)
898 return (PCAP_ERROR_NOT_ACTIVATED);
899 if (p->dlt_count == 0) {
900 /*
901 * We couldn't fetch the list of DLTs, which means
902 * this platform doesn't support changing the
903 * DLT for an interface. Return a list of DLTs
904 * containing only the DLT this device supports.
905 */
906 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
907 if (*dlt_buffer == NULL) {
908 (void)snprintf(p->errbuf, sizeof(p->errbuf),
909 "malloc: %s", pcap_strerror(errno));
910 return (PCAP_ERROR);
911 }
912 **dlt_buffer = p->linktype;
913 return (1);
914 } else {
915 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
916 if (*dlt_buffer == NULL) {
917 (void)snprintf(p->errbuf, sizeof(p->errbuf),
918 "malloc: %s", pcap_strerror(errno));
919 return (PCAP_ERROR);
920 }
921 (void)memcpy(*dlt_buffer, p->dlt_list,
922 sizeof(**dlt_buffer) * p->dlt_count);
923 return (p->dlt_count);
924 }
925 }
926
927 /*
928 * In Windows, you might have a library built with one version of the
929 * C runtime library and an application built with another version of
930 * the C runtime library, which means that the library might use one
931 * version of malloc() and free() and the application might use another
932 * version of malloc() and free(). If so, that means something
933 * allocated by the library cannot be freed by the application, so we
934 * need to have a pcap_free_datalinks() routine to free up the list
935 * allocated by pcap_list_datalinks(), even though it's just a wrapper
936 * around free().
937 */
938 void
pcap_free_datalinks(int * dlt_list)939 pcap_free_datalinks(int *dlt_list)
940 {
941 free(dlt_list);
942 }
943
944 int
pcap_set_datalink(pcap_t * p,int dlt)945 pcap_set_datalink(pcap_t *p, int dlt)
946 {
947 int i;
948 const char *dlt_name;
949
950 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
951 /*
952 * We couldn't fetch the list of DLTs, or we don't
953 * have a "set datalink" operation, which means
954 * this platform doesn't support changing the
955 * DLT for an interface. Check whether the new
956 * DLT is the one this interface supports.
957 */
958 if (p->linktype != dlt)
959 goto unsupported;
960
961 /*
962 * It is, so there's nothing we need to do here.
963 */
964 return (0);
965 }
966 for (i = 0; i < p->dlt_count; i++)
967 if (p->dlt_list[i] == dlt)
968 break;
969 if (i >= p->dlt_count)
970 goto unsupported;
971 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
972 dlt == DLT_DOCSIS) {
973 /*
974 * This is presumably an Ethernet device, as the first
975 * link-layer type it offers is DLT_EN10MB, and the only
976 * other type it offers is DLT_DOCSIS. That means that
977 * we can't tell the driver to supply DOCSIS link-layer
978 * headers - we're just pretending that's what we're
979 * getting, as, presumably, we're capturing on a dedicated
980 * link to a Cisco Cable Modem Termination System, and
981 * it's putting raw DOCSIS frames on the wire inside low-level
982 * Ethernet framing.
983 */
984 p->linktype = dlt;
985 return (0);
986 }
987 if (p->set_datalink_op(p, dlt) == -1)
988 return (-1);
989 p->linktype = dlt;
990 return (0);
991
992 unsupported:
993 dlt_name = pcap_datalink_val_to_name(dlt);
994 if (dlt_name != NULL) {
995 (void) snprintf(p->errbuf, sizeof(p->errbuf),
996 "%s is not one of the DLTs supported by this device",
997 dlt_name);
998 } else {
999 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1000 "DLT %d is not one of the DLTs supported by this device",
1001 dlt);
1002 }
1003 return (-1);
1004 }
1005
1006 /*
1007 * This array is designed for mapping upper and lower case letter
1008 * together for a case independent comparison. The mappings are
1009 * based upon ascii character sequences.
1010 */
1011 static const u_char charmap[] = {
1012 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1013 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1014 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1015 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1016 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1017 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1018 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1019 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1020 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1021 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1022 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1023 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1024 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1025 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1026 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1027 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1028 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1029 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1030 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1031 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1032 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1033 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1034 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1035 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1036 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1037 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1038 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1039 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1040 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1041 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1042 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1043 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1044 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1045 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1046 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1047 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1048 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1049 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1050 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1051 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1052 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1053 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1054 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1055 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1056 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1057 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1058 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1059 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1060 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1061 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1062 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1063 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1064 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1065 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1066 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1067 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1068 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1069 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1070 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1071 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1072 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1073 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1074 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1075 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1076 };
1077
1078 int
pcap_strcasecmp(const char * s1,const char * s2)1079 pcap_strcasecmp(const char *s1, const char *s2)
1080 {
1081 register const u_char *cm = charmap,
1082 *us1 = (const u_char *)s1,
1083 *us2 = (const u_char *)s2;
1084
1085 while (cm[*us1] == cm[*us2++])
1086 if (*us1++ == '\0')
1087 return(0);
1088 return (cm[*us1] - cm[*--us2]);
1089 }
1090
1091 struct dlt_choice {
1092 const char *name;
1093 const char *description;
1094 int dlt;
1095 };
1096
1097 #define DLT_CHOICE(code, description) { #code, description, code }
1098 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1099
1100 static struct dlt_choice dlt_choices[] = {
1101 DLT_CHOICE(DLT_NULL, "BSD loopback"),
1102 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
1103 DLT_CHOICE(DLT_IEEE802, "Token ring"),
1104 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
1105 DLT_CHOICE(DLT_SLIP, "SLIP"),
1106 DLT_CHOICE(DLT_PPP, "PPP"),
1107 DLT_CHOICE(DLT_FDDI, "FDDI"),
1108 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1109 DLT_CHOICE(DLT_RAW, "Raw IP"),
1110 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
1111 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
1112 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
1113 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
1114 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
1115 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
1116 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
1117 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
1118 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
1119 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
1120 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
1121 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
1122 DLT_CHOICE(DLT_LTALK, "Localtalk"),
1123 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
1124 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
1125 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
1126 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1127 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
1128 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
1129 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
1130 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1131 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1132 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
1133 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
1134 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1135 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
1136 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1137 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
1138 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1139 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1140 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
1141 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
1142 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
1143 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
1144 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
1145 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1146 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1147 DLT_CHOICE(DLT_BACNET_MS_TP, "BACnet MS/TP"),
1148 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
1149 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
1150 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1151 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
1152 DLT_CHOICE(DLT_GPF_T, "GPF-T"),
1153 DLT_CHOICE(DLT_GPF_F, "GPF-F"),
1154 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1155 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"),
1156 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
1157 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
1158 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
1159 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
1160 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
1161 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
1162 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
1163 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
1164 DLT_CHOICE(DLT_A429, "Arinc 429"),
1165 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
1166 DLT_CHOICE(DLT_USB, "USB"),
1167 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1168 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1169 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
1170 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1171 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1172 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
1173 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1174 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
1175 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1176 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
1177 DLT_CHOICE(DLT_ERF, "Endace ERF header"),
1178 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
1179 DLT_CHOICE(DLT_IPMB, "IPMB"),
1180 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
1181 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1182 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
1183 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1184 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
1185 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
1186 DLT_CHOICE(DLT_DECT, "DECT"),
1187 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"),
1188 DLT_CHOICE(DLT_WIHART, "Wireless HART"),
1189 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"),
1190 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1191 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"),
1192 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1193 DLT_CHOICE(DLT_IPV4, "Raw IPv4"),
1194 DLT_CHOICE(DLT_IPV6, "Raw IPv6"),
1195 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1196 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"),
1197 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1198 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1199 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"),
1200 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1201 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"),
1202 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1203 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1204 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"),
1205 DLT_CHOICE(DLT_DBUS, "D-Bus"),
1206 DLT_CHOICE_SENTINEL
1207 };
1208
1209 int
pcap_datalink_name_to_val(const char * name)1210 pcap_datalink_name_to_val(const char *name)
1211 {
1212 int i;
1213
1214 for (i = 0; dlt_choices[i].name != NULL; i++) {
1215 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
1216 name) == 0)
1217 return (dlt_choices[i].dlt);
1218 }
1219 return (-1);
1220 }
1221
1222 const char *
pcap_datalink_val_to_name(int dlt)1223 pcap_datalink_val_to_name(int dlt)
1224 {
1225 int i;
1226
1227 for (i = 0; dlt_choices[i].name != NULL; i++) {
1228 if (dlt_choices[i].dlt == dlt)
1229 return (dlt_choices[i].name + sizeof("DLT_") - 1);
1230 }
1231 return (NULL);
1232 }
1233
1234 const char *
pcap_datalink_val_to_description(int dlt)1235 pcap_datalink_val_to_description(int dlt)
1236 {
1237 int i;
1238
1239 for (i = 0; dlt_choices[i].name != NULL; i++) {
1240 if (dlt_choices[i].dlt == dlt)
1241 return (dlt_choices[i].description);
1242 }
1243 return (NULL);
1244 }
1245
1246 struct tstamp_type_choice {
1247 const char *name;
1248 const char *description;
1249 int type;
1250 };
1251
1252 static struct tstamp_type_choice tstamp_type_choices[] = {
1253 { "host", "Host", PCAP_TSTAMP_HOST },
1254 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1255 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1256 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1257 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1258 { NULL, NULL, 0 }
1259 };
1260
1261 int
pcap_tstamp_type_name_to_val(const char * name)1262 pcap_tstamp_type_name_to_val(const char *name)
1263 {
1264 int i;
1265
1266 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1267 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1268 return (tstamp_type_choices[i].type);
1269 }
1270 return (PCAP_ERROR);
1271 }
1272
1273 const char *
pcap_tstamp_type_val_to_name(int tstamp_type)1274 pcap_tstamp_type_val_to_name(int tstamp_type)
1275 {
1276 int i;
1277
1278 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1279 if (tstamp_type_choices[i].type == tstamp_type)
1280 return (tstamp_type_choices[i].name);
1281 }
1282 return (NULL);
1283 }
1284
1285 const char *
pcap_tstamp_type_val_to_description(int tstamp_type)1286 pcap_tstamp_type_val_to_description(int tstamp_type)
1287 {
1288 int i;
1289
1290 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1291 if (tstamp_type_choices[i].type == tstamp_type)
1292 return (tstamp_type_choices[i].description);
1293 }
1294 return (NULL);
1295 }
1296
1297 int
pcap_snapshot(pcap_t * p)1298 pcap_snapshot(pcap_t *p)
1299 {
1300 if (!p->activated)
1301 return (PCAP_ERROR_NOT_ACTIVATED);
1302 return (p->snapshot);
1303 }
1304
1305 int
pcap_is_swapped(pcap_t * p)1306 pcap_is_swapped(pcap_t *p)
1307 {
1308 if (!p->activated)
1309 return (PCAP_ERROR_NOT_ACTIVATED);
1310 return (p->swapped);
1311 }
1312
1313 int
pcap_major_version(pcap_t * p)1314 pcap_major_version(pcap_t *p)
1315 {
1316 if (!p->activated)
1317 return (PCAP_ERROR_NOT_ACTIVATED);
1318 return (p->version_major);
1319 }
1320
1321 int
pcap_minor_version(pcap_t * p)1322 pcap_minor_version(pcap_t *p)
1323 {
1324 if (!p->activated)
1325 return (PCAP_ERROR_NOT_ACTIVATED);
1326 return (p->version_minor);
1327 }
1328
1329 FILE *
pcap_file(pcap_t * p)1330 pcap_file(pcap_t *p)
1331 {
1332 return (p->rfile);
1333 }
1334
1335 int
pcap_fileno(pcap_t * p)1336 pcap_fileno(pcap_t *p)
1337 {
1338 #ifndef WIN32
1339 return (p->fd);
1340 #else
1341 if (p->adapter != NULL)
1342 return ((int)(DWORD)p->adapter->hFile);
1343 else
1344 return (PCAP_ERROR);
1345 #endif
1346 }
1347
1348 #if !defined(WIN32) && !defined(MSDOS)
1349 int
pcap_get_selectable_fd(pcap_t * p)1350 pcap_get_selectable_fd(pcap_t *p)
1351 {
1352 return (p->selectable_fd);
1353 }
1354 #endif
1355
1356 void
pcap_perror(pcap_t * p,char * prefix)1357 pcap_perror(pcap_t *p, char *prefix)
1358 {
1359 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1360 }
1361
1362 char *
pcap_geterr(pcap_t * p)1363 pcap_geterr(pcap_t *p)
1364 {
1365 return (p->errbuf);
1366 }
1367
1368 int
pcap_getnonblock(pcap_t * p,char * errbuf)1369 pcap_getnonblock(pcap_t *p, char *errbuf)
1370 {
1371 int ret;
1372
1373 ret = p->getnonblock_op(p, errbuf);
1374 if (ret == -1) {
1375 /*
1376 * In case somebody depended on the bug wherein
1377 * the error message was put into p->errbuf
1378 * by pcap_getnonblock_fd().
1379 */
1380 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1381 }
1382 return (ret);
1383 }
1384
1385 /*
1386 * Get the current non-blocking mode setting, under the assumption that
1387 * it's just the standard POSIX non-blocking flag.
1388 *
1389 * We don't look at "p->nonblock", in case somebody tweaked the FD
1390 * directly.
1391 */
1392 #if !defined(WIN32) && !defined(MSDOS)
1393 int
pcap_getnonblock_fd(pcap_t * p,char * errbuf)1394 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1395 {
1396 int fdflags;
1397
1398 fdflags = fcntl(p->fd, F_GETFL, 0);
1399 if (fdflags == -1) {
1400 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1401 pcap_strerror(errno));
1402 return (-1);
1403 }
1404 if (fdflags & O_NONBLOCK)
1405 return (1);
1406 else
1407 return (0);
1408 }
1409 #endif
1410
1411 int
pcap_setnonblock(pcap_t * p,int nonblock,char * errbuf)1412 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1413 {
1414 int ret;
1415
1416 ret = p->setnonblock_op(p, nonblock, errbuf);
1417 if (ret == -1) {
1418 /*
1419 * In case somebody depended on the bug wherein
1420 * the error message was put into p->errbuf
1421 * by pcap_setnonblock_fd().
1422 */
1423 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1424 }
1425 return (ret);
1426 }
1427
1428 #if !defined(WIN32) && !defined(MSDOS)
1429 /*
1430 * Set non-blocking mode, under the assumption that it's just the
1431 * standard POSIX non-blocking flag. (This can be called by the
1432 * per-platform non-blocking-mode routine if that routine also
1433 * needs to do some additional work.)
1434 */
1435 int
pcap_setnonblock_fd(pcap_t * p,int nonblock,char * errbuf)1436 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1437 {
1438 int fdflags;
1439
1440 fdflags = fcntl(p->fd, F_GETFL, 0);
1441 if (fdflags == -1) {
1442 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1443 pcap_strerror(errno));
1444 return (-1);
1445 }
1446 if (nonblock)
1447 fdflags |= O_NONBLOCK;
1448 else
1449 fdflags &= ~O_NONBLOCK;
1450 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1451 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1452 pcap_strerror(errno));
1453 return (-1);
1454 }
1455 return (0);
1456 }
1457 #endif
1458
1459 #ifdef WIN32
1460 /*
1461 * Generate a string for the last Win32-specific error (i.e. an error generated when
1462 * calling a Win32 API).
1463 * For errors occurred during standard C calls, we still use pcap_strerror()
1464 */
1465 char *
pcap_win32strerror(void)1466 pcap_win32strerror(void)
1467 {
1468 DWORD error;
1469 static char errbuf[PCAP_ERRBUF_SIZE+1];
1470 int errlen;
1471 char *p;
1472
1473 error = GetLastError();
1474 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1475 PCAP_ERRBUF_SIZE, NULL);
1476
1477 /*
1478 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1479 * message. Get rid of it.
1480 */
1481 errlen = strlen(errbuf);
1482 if (errlen >= 2) {
1483 errbuf[errlen - 1] = '\0';
1484 errbuf[errlen - 2] = '\0';
1485 }
1486 p = strchr(errbuf, '\0');
1487 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
1488 return (errbuf);
1489 }
1490 #endif
1491
1492 /*
1493 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1494 */
1495 const char *
pcap_statustostr(int errnum)1496 pcap_statustostr(int errnum)
1497 {
1498 static char ebuf[15+10+1];
1499
1500 switch (errnum) {
1501
1502 case PCAP_WARNING:
1503 return("Generic warning");
1504
1505 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1506 return ("That type of time stamp is not supported by that device");
1507
1508 case PCAP_WARNING_PROMISC_NOTSUP:
1509 return ("That device doesn't support promiscuous mode");
1510
1511 case PCAP_ERROR:
1512 return("Generic error");
1513
1514 case PCAP_ERROR_BREAK:
1515 return("Loop terminated by pcap_breakloop");
1516
1517 case PCAP_ERROR_NOT_ACTIVATED:
1518 return("The pcap_t has not been activated");
1519
1520 case PCAP_ERROR_ACTIVATED:
1521 return ("The setting can't be changed after the pcap_t is activated");
1522
1523 case PCAP_ERROR_NO_SUCH_DEVICE:
1524 return ("No such device exists");
1525
1526 case PCAP_ERROR_RFMON_NOTSUP:
1527 return ("That device doesn't support monitor mode");
1528
1529 case PCAP_ERROR_NOT_RFMON:
1530 return ("That operation is supported only in monitor mode");
1531
1532 case PCAP_ERROR_PERM_DENIED:
1533 return ("You don't have permission to capture on that device");
1534
1535 case PCAP_ERROR_IFACE_NOT_UP:
1536 return ("That device is not up");
1537
1538 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1539 return ("That device doesn't support setting the time stamp type");
1540
1541 case PCAP_ERROR_PROMISC_PERM_DENIED:
1542 return ("You don't have permission to capture in promiscuous mode on that device");
1543
1544 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
1545 return ("That device doesn't support that time stamp precision");
1546 }
1547 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1548 return(ebuf);
1549 }
1550
1551 /*
1552 * Not all systems have strerror().
1553 */
1554 const char *
pcap_strerror(int errnum)1555 pcap_strerror(int errnum)
1556 {
1557 #ifdef HAVE_STRERROR
1558 return (strerror(errnum));
1559 #else
1560 extern int sys_nerr;
1561 extern const char *const sys_errlist[];
1562 static char ebuf[15+10+1];
1563
1564 if ((unsigned int)errnum < sys_nerr)
1565 return ((char *)sys_errlist[errnum]);
1566 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1567 return(ebuf);
1568 #endif
1569 }
1570
1571 int
pcap_setfilter(pcap_t * p,struct bpf_program * fp)1572 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1573 {
1574 return (p->setfilter_op(p, fp));
1575 }
1576
1577 /*
1578 * Set direction flag, which controls whether we accept only incoming
1579 * packets, only outgoing packets, or both.
1580 * Note that, depending on the platform, some or all direction arguments
1581 * might not be supported.
1582 */
1583 int
pcap_setdirection(pcap_t * p,pcap_direction_t d)1584 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1585 {
1586 if (p->setdirection_op == NULL) {
1587 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1588 "Setting direction is not implemented on this platform");
1589 return (-1);
1590 } else
1591 return (p->setdirection_op(p, d));
1592 }
1593
1594 int
pcap_stats(pcap_t * p,struct pcap_stat * ps)1595 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1596 {
1597 return (p->stats_op(p, ps));
1598 }
1599
1600 static int
pcap_stats_dead(pcap_t * p,struct pcap_stat * ps _U_)1601 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1602 {
1603 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1604 "Statistics aren't available from a pcap_open_dead pcap_t");
1605 return (-1);
1606 }
1607
1608 #ifdef WIN32
1609 int
pcap_setbuff(pcap_t * p,int dim)1610 pcap_setbuff(pcap_t *p, int dim)
1611 {
1612 return (p->setbuff_op(p, dim));
1613 }
1614
1615 static int
pcap_setbuff_dead(pcap_t * p,int dim)1616 pcap_setbuff_dead(pcap_t *p, int dim)
1617 {
1618 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1619 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1620 return (-1);
1621 }
1622
1623 int
pcap_setmode(pcap_t * p,int mode)1624 pcap_setmode(pcap_t *p, int mode)
1625 {
1626 return (p->setmode_op(p, mode));
1627 }
1628
1629 static int
pcap_setmode_dead(pcap_t * p,int mode)1630 pcap_setmode_dead(pcap_t *p, int mode)
1631 {
1632 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1633 "impossible to set mode on a pcap_open_dead pcap_t");
1634 return (-1);
1635 }
1636
1637 int
pcap_setmintocopy(pcap_t * p,int size)1638 pcap_setmintocopy(pcap_t *p, int size)
1639 {
1640 return (p->setmintocopy_op(p, size));
1641 }
1642
1643 Adapter *
pcap_get_adapter(pcap_t * p)1644 pcap_get_adapter(pcap_t *p)
1645 {
1646 return (p->getadapter_op(p));
1647 }
1648
1649 static int
pcap_setmintocopy_dead(pcap_t * p,int size)1650 pcap_setmintocopy_dead(pcap_t *p, int size)
1651 {
1652 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1653 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1654 return (-1);
1655 }
1656 #endif
1657
1658 /*
1659 * On some platforms, we need to clean up promiscuous or monitor mode
1660 * when we close a device - and we want that to happen even if the
1661 * application just exits without explicitl closing devices.
1662 * On those platforms, we need to register a "close all the pcaps"
1663 * routine to be called when we exit, and need to maintain a list of
1664 * pcaps that need to be closed to clean up modes.
1665 *
1666 * XXX - not thread-safe.
1667 */
1668
1669 /*
1670 * List of pcaps on which we've done something that needs to be
1671 * cleaned up.
1672 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1673 * when we exit, and have it close all of them.
1674 */
1675 static struct pcap *pcaps_to_close;
1676
1677 /*
1678 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1679 * be called on exit.
1680 */
1681 static int did_atexit;
1682
1683 static void
pcap_close_all(void)1684 pcap_close_all(void)
1685 {
1686 struct pcap *handle;
1687
1688 while ((handle = pcaps_to_close) != NULL)
1689 pcap_close(handle);
1690 }
1691
1692 int
pcap_do_addexit(pcap_t * p)1693 pcap_do_addexit(pcap_t *p)
1694 {
1695 /*
1696 * If we haven't already done so, arrange to have
1697 * "pcap_close_all()" called when we exit.
1698 */
1699 if (!did_atexit) {
1700 if (atexit(pcap_close_all) == -1) {
1701 /*
1702 * "atexit()" failed; let our caller know.
1703 */
1704 strncpy(p->errbuf, "atexit failed",
1705 PCAP_ERRBUF_SIZE);
1706 return (0);
1707 }
1708 did_atexit = 1;
1709 }
1710 return (1);
1711 }
1712
1713 void
pcap_add_to_pcaps_to_close(pcap_t * p)1714 pcap_add_to_pcaps_to_close(pcap_t *p)
1715 {
1716 p->next = pcaps_to_close;
1717 pcaps_to_close = p;
1718 }
1719
1720 void
pcap_remove_from_pcaps_to_close(pcap_t * p)1721 pcap_remove_from_pcaps_to_close(pcap_t *p)
1722 {
1723 pcap_t *pc, *prevpc;
1724
1725 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1726 prevpc = pc, pc = pc->next) {
1727 if (pc == p) {
1728 /*
1729 * Found it. Remove it from the list.
1730 */
1731 if (prevpc == NULL) {
1732 /*
1733 * It was at the head of the list.
1734 */
1735 pcaps_to_close = pc->next;
1736 } else {
1737 /*
1738 * It was in the middle of the list.
1739 */
1740 prevpc->next = pc->next;
1741 }
1742 break;
1743 }
1744 }
1745 }
1746
1747 void
pcap_cleanup_live_common(pcap_t * p)1748 pcap_cleanup_live_common(pcap_t *p)
1749 {
1750 if (p->buffer != NULL) {
1751 free(p->buffer);
1752 p->buffer = NULL;
1753 }
1754 if (p->dlt_list != NULL) {
1755 free(p->dlt_list);
1756 p->dlt_list = NULL;
1757 p->dlt_count = 0;
1758 }
1759 if (p->tstamp_type_list != NULL) {
1760 free(p->tstamp_type_list);
1761 p->tstamp_type_list = NULL;
1762 p->tstamp_type_count = 0;
1763 }
1764 if (p->tstamp_precision_list != NULL) {
1765 free(p->tstamp_precision_list);
1766 p->tstamp_precision_list = NULL;
1767 p->tstamp_precision_count = 0;
1768 }
1769 pcap_freecode(&p->fcode);
1770 #if !defined(WIN32) && !defined(MSDOS)
1771 if (p->fd >= 0) {
1772 close(p->fd);
1773 p->fd = -1;
1774 }
1775 p->selectable_fd = -1;
1776 #endif
1777 }
1778
1779 static void
pcap_cleanup_dead(pcap_t * p _U_)1780 pcap_cleanup_dead(pcap_t *p _U_)
1781 {
1782 /* Nothing to do. */
1783 }
1784
1785 pcap_t *
pcap_open_dead_with_tstamp_precision(int linktype,int snaplen,u_int precision)1786 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
1787 {
1788 pcap_t *p;
1789
1790 switch (precision) {
1791
1792 case PCAP_TSTAMP_PRECISION_MICRO:
1793 case PCAP_TSTAMP_PRECISION_NANO:
1794 break;
1795
1796 default:
1797 return NULL;
1798 }
1799 p = malloc(sizeof(*p));
1800 if (p == NULL)
1801 return NULL;
1802 memset (p, 0, sizeof(*p));
1803 p->snapshot = snaplen;
1804 p->linktype = linktype;
1805 p->opt.tstamp_precision = precision;
1806 p->stats_op = pcap_stats_dead;
1807 #ifdef WIN32
1808 p->setbuff_op = pcap_setbuff_dead;
1809 p->setmode_op = pcap_setmode_dead;
1810 p->setmintocopy_op = pcap_setmintocopy_dead;
1811 #endif
1812 p->cleanup_op = pcap_cleanup_dead;
1813 p->activated = 1;
1814 return (p);
1815 }
1816
1817 pcap_t *
pcap_open_dead(int linktype,int snaplen)1818 pcap_open_dead(int linktype, int snaplen)
1819 {
1820 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
1821 PCAP_TSTAMP_PRECISION_MICRO));
1822 }
1823
1824 /*
1825 * API compatible with WinPcap's "send a packet" routine - returns -1
1826 * on error, 0 otherwise.
1827 *
1828 * XXX - what if we get a short write?
1829 */
1830 int
pcap_sendpacket(pcap_t * p,const u_char * buf,int size)1831 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
1832 {
1833 if (p->inject_op(p, buf, size) == -1)
1834 return (-1);
1835 return (0);
1836 }
1837
1838 /*
1839 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
1840 * error, number of bytes written otherwise.
1841 */
1842 int
pcap_inject(pcap_t * p,const void * buf,size_t size)1843 pcap_inject(pcap_t *p, const void *buf, size_t size)
1844 {
1845 return (p->inject_op(p, buf, size));
1846 }
1847
1848 void
pcap_close(pcap_t * p)1849 pcap_close(pcap_t *p)
1850 {
1851 if (p->opt.source != NULL)
1852 free(p->opt.source);
1853 p->cleanup_op(p);
1854 free(p);
1855 }
1856
1857 /*
1858 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
1859 * data for the packet, check whether the packet passes the filter.
1860 * Returns the return value of the filter program, which will be zero if
1861 * the packet doesn't pass and non-zero if the packet does pass.
1862 */
1863 int
pcap_offline_filter(const struct bpf_program * fp,const struct pcap_pkthdr * h,const u_char * pkt)1864 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
1865 const u_char *pkt)
1866 {
1867 const struct bpf_insn *fcode = fp->bf_insns;
1868
1869 if (fcode != NULL)
1870 return (bpf_filter(fcode, pkt, h->len, h->caplen));
1871 else
1872 return (0);
1873 }
1874
1875 /*
1876 * We make the version string static, and return a pointer to it, rather
1877 * than exporting the version string directly. On at least some UNIXes,
1878 * if you import data from a shared library into an program, the data is
1879 * bound into the program binary, so if the string in the version of the
1880 * library with which the program was linked isn't the same as the
1881 * string in the version of the library with which the program is being
1882 * run, various undesirable things may happen (warnings, the string
1883 * being the one from the version of the library with which the program
1884 * was linked, or even weirder things, such as the string being the one
1885 * from the library but being truncated).
1886 */
1887 #ifdef HAVE_VERSION_H
1888 #include "version.h"
1889 #else
1890 static const char pcap_version_string[] = "libpcap version 1.x.y";
1891 #endif
1892
1893 #ifdef WIN32
1894 /*
1895 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
1896 * version numbers when building WinPcap. (It'd be nice to do so for
1897 * the packet.dll version number as well.)
1898 */
1899 static const char wpcap_version_string[] = "4.0";
1900 static const char pcap_version_string_fmt[] =
1901 "WinPcap version %s, based on %s";
1902 static const char pcap_version_string_packet_dll_fmt[] =
1903 "WinPcap version %s (packet.dll version %s), based on %s";
1904 static char *full_pcap_version_string;
1905
1906 const char *
pcap_lib_version(void)1907 pcap_lib_version(void)
1908 {
1909 char *packet_version_string;
1910 size_t full_pcap_version_string_len;
1911
1912 if (full_pcap_version_string == NULL) {
1913 /*
1914 * Generate the version string.
1915 */
1916 packet_version_string = PacketGetVersion();
1917 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
1918 /*
1919 * WinPcap version string and packet.dll version
1920 * string are the same; just report the WinPcap
1921 * version.
1922 */
1923 full_pcap_version_string_len =
1924 (sizeof pcap_version_string_fmt - 4) +
1925 strlen(wpcap_version_string) +
1926 strlen(pcap_version_string);
1927 full_pcap_version_string =
1928 malloc(full_pcap_version_string_len);
1929 if (full_pcap_version_string == NULL)
1930 return (NULL);
1931 sprintf(full_pcap_version_string,
1932 pcap_version_string_fmt, wpcap_version_string,
1933 pcap_version_string);
1934 } else {
1935 /*
1936 * WinPcap version string and packet.dll version
1937 * string are different; that shouldn't be the
1938 * case (the two libraries should come from the
1939 * same version of WinPcap), so we report both
1940 * versions.
1941 */
1942 full_pcap_version_string_len =
1943 (sizeof pcap_version_string_packet_dll_fmt - 6) +
1944 strlen(wpcap_version_string) +
1945 strlen(packet_version_string) +
1946 strlen(pcap_version_string);
1947 full_pcap_version_string = malloc(full_pcap_version_string_len);
1948 if (full_pcap_version_string == NULL)
1949 return (NULL);
1950 sprintf(full_pcap_version_string,
1951 pcap_version_string_packet_dll_fmt,
1952 wpcap_version_string, packet_version_string,
1953 pcap_version_string);
1954 }
1955 }
1956 return (full_pcap_version_string);
1957 }
1958
1959 #elif defined(MSDOS)
1960
1961 static char *full_pcap_version_string;
1962
1963 const char *
pcap_lib_version(void)1964 pcap_lib_version (void)
1965 {
1966 char *packet_version_string;
1967 size_t full_pcap_version_string_len;
1968 static char dospfx[] = "DOS-";
1969
1970 if (full_pcap_version_string == NULL) {
1971 /*
1972 * Generate the version string.
1973 */
1974 full_pcap_version_string_len =
1975 sizeof dospfx + strlen(pcap_version_string);
1976 full_pcap_version_string =
1977 malloc(full_pcap_version_string_len);
1978 if (full_pcap_version_string == NULL)
1979 return (NULL);
1980 strcpy(full_pcap_version_string, dospfx);
1981 strcat(full_pcap_version_string, pcap_version_string);
1982 }
1983 return (full_pcap_version_string);
1984 }
1985
1986 #else /* UN*X */
1987
1988 const char *
pcap_lib_version(void)1989 pcap_lib_version(void)
1990 {
1991 return (pcap_version_string);
1992 }
1993 #endif
1994