1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #ifdef WIN32
39 #include <pcap-stdinc.h>
40 #else /* WIN32 */
41 #if HAVE_INTTYPES_H
42 #include <inttypes.h>
43 #elif HAVE_STDINT_H
44 #include <stdint.h>
45 #endif
46 #ifdef HAVE_SYS_BITYPES_H
47 #include <sys/bitypes.h>
48 #endif
49 #include <sys/types.h>
50 #endif /* WIN32 */
51
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
56 #include <unistd.h>
57 #endif
58 #include <fcntl.h>
59 #include <errno.h>
60
61 #ifdef HAVE_OS_PROTO_H
62 #include "os-proto.h"
63 #endif
64
65 #ifdef MSDOS
66 #include "pcap-dos.h"
67 #endif
68
69 #include "pcap-int.h"
70
71 #ifdef HAVE_DAG_API
72 #include "pcap-dag.h"
73 #endif /* HAVE_DAG_API */
74
75 #ifdef HAVE_SEPTEL_API
76 #include "pcap-septel.h"
77 #endif /* HAVE_SEPTEL_API */
78
79 #ifdef HAVE_SNF_API
80 #include "pcap-snf.h"
81 #endif /* HAVE_SNF_API */
82
83 #ifdef PCAP_SUPPORT_USB
84 #include "pcap-usb-linux.h"
85 #endif
86
87 #ifdef PCAP_SUPPORT_BT
88 #include "pcap-bt-linux.h"
89 #endif
90
91 #ifdef PCAP_SUPPORT_BT_MONITOR
92 #include "pcap-bt-monitor-linux.h"
93 #endif
94
95 #ifdef PCAP_SUPPORT_CAN
96 #include "pcap-can-linux.h"
97 #endif
98
99 #ifdef PCAP_SUPPORT_CANUSB
100 #include "pcap-canusb-linux.h"
101 #endif
102
103 #ifdef PCAP_SUPPORT_NETFILTER
104 #include "pcap-netfilter-linux.h"
105 #endif
106
107 #ifdef PCAP_SUPPORT_DBUS
108 #include "pcap-dbus.h"
109 #endif
110
111 int
pcap_not_initialized(pcap_t * pcap _U_)112 pcap_not_initialized(pcap_t *pcap _U_)
113 {
114 /* this means 'not initialized' */
115 return (PCAP_ERROR_NOT_ACTIVATED);
116 }
117
118 #ifdef WIN32
119 Adapter *
pcap_no_adapter(pcap_t * pcap _U_)120 pcap_no_adapter(pcap_t *pcap _U_)
121 {
122 return (NULL);
123 }
124 #endif
125
126 /*
127 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
128 * a PCAP_ERROR value on an error.
129 */
130 int
pcap_can_set_rfmon(pcap_t * p)131 pcap_can_set_rfmon(pcap_t *p)
132 {
133 return (p->can_set_rfmon_op(p));
134 }
135
136 /*
137 * For systems where rfmon mode is never supported.
138 */
139 static int
pcap_cant_set_rfmon(pcap_t * p _U_)140 pcap_cant_set_rfmon(pcap_t *p _U_)
141 {
142 return (0);
143 }
144
145 /*
146 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
147 * types; the return value is the number of supported time stamp types.
148 * The list should be freed by a call to pcap_free_tstamp_types() when
149 * you're done with it.
150 *
151 * A return value of 0 means "you don't get a choice of time stamp type",
152 * in which case *tstamp_typesp is set to null.
153 *
154 * PCAP_ERROR is returned on error.
155 */
156 int
pcap_list_tstamp_types(pcap_t * p,int ** tstamp_typesp)157 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
158 {
159 if (p->tstamp_type_count == 0) {
160 /*
161 * We don't support multiple time stamp types.
162 */
163 *tstamp_typesp = NULL;
164 } else {
165 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
166 p->tstamp_type_count);
167 if (*tstamp_typesp == NULL) {
168 (void)snprintf(p->errbuf, sizeof(p->errbuf),
169 "malloc: %s", pcap_strerror(errno));
170 return (PCAP_ERROR);
171 }
172 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
173 sizeof(**tstamp_typesp) * p->tstamp_type_count);
174 }
175 return (p->tstamp_type_count);
176 }
177
178 /*
179 * In Windows, you might have a library built with one version of the
180 * C runtime library and an application built with another version of
181 * the C runtime library, which means that the library might use one
182 * version of malloc() and free() and the application might use another
183 * version of malloc() and free(). If so, that means something
184 * allocated by the library cannot be freed by the application, so we
185 * need to have a pcap_free_tstamp_types() routine to free up the list
186 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
187 * around free().
188 */
189 void
pcap_free_tstamp_types(int * tstamp_type_list)190 pcap_free_tstamp_types(int *tstamp_type_list)
191 {
192 free(tstamp_type_list);
193 }
194
195 /*
196 * Default one-shot callback; overridden for capture types where the
197 * packet data cannot be guaranteed to be available after the callback
198 * returns, so that a copy must be made.
199 */
200 void
pcap_oneshot(u_char * user,const struct pcap_pkthdr * h,const u_char * pkt)201 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
202 {
203 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
204
205 *sp->hdr = *h;
206 *sp->pkt = pkt;
207 }
208
209 const u_char *
pcap_next(pcap_t * p,struct pcap_pkthdr * h)210 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
211 {
212 struct oneshot_userdata s;
213 const u_char *pkt;
214
215 s.hdr = h;
216 s.pkt = &pkt;
217 s.pd = p;
218 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
219 return (0);
220 return (pkt);
221 }
222
223 int
pcap_next_ex(pcap_t * p,struct pcap_pkthdr ** pkt_header,const u_char ** pkt_data)224 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
225 const u_char **pkt_data)
226 {
227 struct oneshot_userdata s;
228
229 s.hdr = &p->pcap_header;
230 s.pkt = pkt_data;
231 s.pd = p;
232
233 /* Saves a pointer to the packet headers */
234 *pkt_header= &p->pcap_header;
235
236 if (p->rfile != NULL) {
237 int status;
238
239 /* We are on an offline capture */
240 status = pcap_offline_read(p, 1, p->oneshot_callback,
241 (u_char *)&s);
242
243 /*
244 * Return codes for pcap_offline_read() are:
245 * - 0: EOF
246 * - -1: error
247 * - >1: OK
248 * The first one ('0') conflicts with the return code of
249 * 0 from pcap_read() meaning "no packets arrived before
250 * the timeout expired", so we map it to -2 so you can
251 * distinguish between an EOF from a savefile and a
252 * "no packets arrived before the timeout expired, try
253 * again" from a live capture.
254 */
255 if (status == 0)
256 return (-2);
257 else
258 return (status);
259 }
260
261 /*
262 * Return codes for pcap_read() are:
263 * - 0: timeout
264 * - -1: error
265 * - -2: loop was broken out of with pcap_breakloop()
266 * - >1: OK
267 * The first one ('0') conflicts with the return code of 0 from
268 * pcap_offline_read() meaning "end of file".
269 */
270 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
271 }
272
273 #if defined(DAG_ONLY)
274 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)275 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
276 {
277 return (dag_findalldevs(alldevsp, errbuf));
278 }
279
280 pcap_t *
pcap_create(const char * source,char * errbuf)281 pcap_create(const char *source, char *errbuf)
282 {
283 int is_ours;
284 return (dag_create(source, errbuf, &is_ours));
285 }
286 #elif defined(SEPTEL_ONLY)
287 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)288 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
289 {
290 return (septel_findalldevs(alldevsp, errbuf));
291 }
292
293 pcap_t *
pcap_create(const char * source,char * errbuf)294 pcap_create(const char *source, char *errbuf)
295 {
296 int is_ours;
297 return (septel_create(source, errbuf, &is_ours));
298 }
299 #elif defined(SNF_ONLY)
300 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)301 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
302 {
303 return (snf_findalldevs(alldevsp, errbuf));
304 }
305
306 pcap_t *
pcap_create(const char * source,char * errbuf)307 pcap_create(const char *source, char *errbuf)
308 {
309 int is_ours;
310 return (snf_create(source, errbuf, &is_ours));
311 }
312 #else /* regular pcap */
313 struct capture_source_type {
314 int (*findalldevs_op)(pcap_if_t **, char *);
315 pcap_t *(*create_op)(const char *, char *, int *);
316 } capture_source_types[] = {
317 #ifdef HAVE_DAG_API
318 { dag_findalldevs, dag_create },
319 #endif
320 #ifdef HAVE_SEPTEL_API
321 { septel_findalldevs, septel_create },
322 #endif
323 #ifdef HAVE_SNF_API
324 { snf_findalldevs, snf_create },
325 #endif
326 #ifdef PCAP_SUPPORT_BT
327 { bt_findalldevs, bt_create },
328 #endif
329 #ifdef PCAP_SUPPORT_BT_MONITOR
330 { bt_monitor_findalldevs, bt_monitor_create },
331 #endif
332 #if PCAP_SUPPORT_CANUSB
333 { canusb_findalldevs, canusb_create },
334 #endif
335 #ifdef PCAP_SUPPORT_CAN
336 { can_findalldevs, can_create },
337 #endif
338 #ifdef PCAP_SUPPORT_USB
339 { usb_findalldevs, usb_create },
340 #endif
341 #ifdef PCAP_SUPPORT_NETFILTER
342 { netfilter_findalldevs, netfilter_create },
343 #endif
344 #ifdef PCAP_SUPPORT_DBUS
345 { dbus_findalldevs, dbus_create },
346 #endif
347 { NULL, NULL }
348 };
349
350 /*
351 * Get a list of all capture sources that are up and that we can open.
352 * Returns -1 on error, 0 otherwise.
353 * The list, as returned through "alldevsp", may be null if no interfaces
354 * were up and could be opened.
355 */
356 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)357 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
358 {
359 size_t i;
360
361 /*
362 * Get the list of regular interfaces first.
363 */
364 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1)
365 return (-1); /* failure */
366
367 /*
368 * Add any interfaces that need a platform-specific mechanism
369 * to find.
370 */
371 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) {
372 /*
373 * We had an error; free the list we've been
374 * constructing.
375 */
376 if (*alldevsp != NULL) {
377 pcap_freealldevs(*alldevsp);
378 *alldevsp = NULL;
379 }
380 return (-1);
381 }
382
383 /*
384 * Ask each of the non-local-network-interface capture
385 * source types what interfaces they have.
386 */
387 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
388 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
389 /*
390 * We had an error; free the list we've been
391 * constructing.
392 */
393 if (*alldevsp != NULL) {
394 pcap_freealldevs(*alldevsp);
395 *alldevsp = NULL;
396 }
397 return (-1);
398 }
399 }
400
401 return (0);
402 }
403
404 pcap_t *
pcap_create(const char * source,char * errbuf)405 pcap_create(const char *source, char *errbuf)
406 {
407 size_t i;
408 int is_theirs;
409 pcap_t *p;
410
411 /*
412 * A null source name is equivalent to the "any" device -
413 * which might not be supported on this platform, but
414 * this means that you'll get a "not supported" error
415 * rather than, say, a crash when we try to dereference
416 * the null pointer.
417 */
418 if (source == NULL)
419 source = "any";
420
421 /*
422 * Try each of the non-local-network-interface capture
423 * source types until we find one that works for this
424 * device or run out of types.
425 */
426 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
427 is_theirs = 0;
428 p = capture_source_types[i].create_op(source, errbuf, &is_theirs);
429 if (is_theirs) {
430 /*
431 * The device name refers to a device of the
432 * type in question; either it succeeded,
433 * in which case p refers to a pcap_t to
434 * later activate for the device, or it
435 * failed, in which case p is null and we
436 * should return that to report the failure
437 * to create.
438 */
439 return (p);
440 }
441 }
442
443 /*
444 * OK, try it as a regular network interface.
445 */
446 return (pcap_create_interface(source, errbuf));
447 }
448 #endif
449
450 static void
initialize_ops(pcap_t * p)451 initialize_ops(pcap_t *p)
452 {
453 /*
454 * Set operation pointers for operations that only work on
455 * an activated pcap_t to point to a routine that returns
456 * a "this isn't activated" error.
457 */
458 p->read_op = (read_op_t)pcap_not_initialized;
459 p->inject_op = (inject_op_t)pcap_not_initialized;
460 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
461 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
462 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
463 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
464 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
465 p->stats_op = (stats_op_t)pcap_not_initialized;
466 #ifdef WIN32
467 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
468 p->setmode_op = (setmode_op_t)pcap_not_initialized;
469 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
470 p->getadapter_op = pcap_no_adapter;
471 #endif
472
473 /*
474 * Default cleanup operation - implementations can override
475 * this, but should call pcap_cleanup_live_common() after
476 * doing their own additional cleanup.
477 */
478 p->cleanup_op = pcap_cleanup_live_common;
479
480 /*
481 * In most cases, the standard one-shot callback can
482 * be used for pcap_next()/pcap_next_ex().
483 */
484 p->oneshot_callback = pcap_oneshot;
485 }
486
487 static pcap_t *
pcap_alloc_pcap_t(char * ebuf,size_t size)488 pcap_alloc_pcap_t(char *ebuf, size_t size)
489 {
490 char *chunk;
491 pcap_t *p;
492
493 /*
494 * Allocate a chunk of memory big enough for a pcap_t
495 * plus a structure following it of size "size". The
496 * structure following it is a private data structure
497 * for the routines that handle this pcap_t.
498 */
499 chunk = malloc(sizeof (pcap_t) + size);
500 if (chunk == NULL) {
501 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
502 pcap_strerror(errno));
503 return (NULL);
504 }
505 memset(chunk, 0, sizeof (pcap_t) + size);
506
507 /*
508 * Get a pointer to the pcap_t at the beginning.
509 */
510 p = (pcap_t *)chunk;
511
512 #ifndef WIN32
513 p->fd = -1; /* not opened yet */
514 p->selectable_fd = -1;
515 #endif
516
517 if (size == 0) {
518 /* No private data was requested. */
519 p->priv = NULL;
520 } else {
521 /*
522 * Set the pointer to the private data; that's the structure
523 * of size "size" following the pcap_t.
524 */
525 p->priv = (void *)(chunk + sizeof (pcap_t));
526 }
527
528 return (p);
529 }
530
531 pcap_t *
pcap_create_common(const char * source,char * ebuf,size_t size)532 pcap_create_common(const char *source, char *ebuf, size_t size)
533 {
534 pcap_t *p;
535
536 p = pcap_alloc_pcap_t(ebuf, size);
537 if (p == NULL)
538 return (NULL);
539
540 p->opt.source = strdup(source);
541 if (p->opt.source == NULL) {
542 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
543 pcap_strerror(errno));
544 free(p);
545 return (NULL);
546 }
547
548 /*
549 * Default to "can't set rfmon mode"; if it's supported by
550 * a platform, the create routine that called us can set
551 * the op to its routine to check whether a particular
552 * device supports it.
553 */
554 p->can_set_rfmon_op = pcap_cant_set_rfmon;
555
556 initialize_ops(p);
557
558 /* put in some defaults*/
559 pcap_set_snaplen(p, MAXIMUM_SNAPLEN); /* max packet size */
560 p->opt.timeout = 0; /* no timeout specified */
561 p->opt.buffer_size = 0; /* use the platform's default */
562 p->opt.promisc = 0;
563 p->opt.rfmon = 0;
564 p->opt.immediate = 0;
565 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
566 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
567
568 /*
569 * Start out with no BPF code generation flags set.
570 */
571 p->bpf_codegen_flags = 0;
572
573 return (p);
574 }
575
576 int
pcap_check_activated(pcap_t * p)577 pcap_check_activated(pcap_t *p)
578 {
579 if (p->activated) {
580 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
581 " operation on activated capture");
582 return (-1);
583 }
584 return (0);
585 }
586
587 int
pcap_set_snaplen(pcap_t * p,int snaplen)588 pcap_set_snaplen(pcap_t *p, int snaplen)
589 {
590 if (pcap_check_activated(p))
591 return (PCAP_ERROR_ACTIVATED);
592 p->snapshot = snaplen;
593 return (0);
594 }
595
596 int
pcap_set_promisc(pcap_t * p,int promisc)597 pcap_set_promisc(pcap_t *p, int promisc)
598 {
599 if (pcap_check_activated(p))
600 return (PCAP_ERROR_ACTIVATED);
601 p->opt.promisc = promisc;
602 return (0);
603 }
604
605 int
pcap_set_rfmon(pcap_t * p,int rfmon)606 pcap_set_rfmon(pcap_t *p, int rfmon)
607 {
608 if (pcap_check_activated(p))
609 return (PCAP_ERROR_ACTIVATED);
610 p->opt.rfmon = rfmon;
611 return (0);
612 }
613
614 int
pcap_set_timeout(pcap_t * p,int timeout_ms)615 pcap_set_timeout(pcap_t *p, int timeout_ms)
616 {
617 if (pcap_check_activated(p))
618 return (PCAP_ERROR_ACTIVATED);
619 p->opt.timeout = timeout_ms;
620 return (0);
621 }
622
623 int
pcap_set_tstamp_type(pcap_t * p,int tstamp_type)624 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
625 {
626 int i;
627
628 if (pcap_check_activated(p))
629 return (PCAP_ERROR_ACTIVATED);
630
631 /*
632 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
633 * the default time stamp type is PCAP_TSTAMP_HOST.
634 */
635 if (p->tstamp_type_count == 0) {
636 if (tstamp_type == PCAP_TSTAMP_HOST) {
637 p->opt.tstamp_type = tstamp_type;
638 return (0);
639 }
640 } else {
641 /*
642 * Check whether we claim to support this type of time stamp.
643 */
644 for (i = 0; i < p->tstamp_type_count; i++) {
645 if (p->tstamp_type_list[i] == tstamp_type) {
646 /*
647 * Yes.
648 */
649 p->opt.tstamp_type = tstamp_type;
650 return (0);
651 }
652 }
653 }
654
655 /*
656 * We don't support this type of time stamp.
657 */
658 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
659 }
660
661 int
pcap_set_immediate_mode(pcap_t * p,int immediate)662 pcap_set_immediate_mode(pcap_t *p, int immediate)
663 {
664 if (pcap_check_activated(p))
665 return (PCAP_ERROR_ACTIVATED);
666 p->opt.immediate = immediate;
667 return (0);
668 }
669
670 int
pcap_set_buffer_size(pcap_t * p,int buffer_size)671 pcap_set_buffer_size(pcap_t *p, int buffer_size)
672 {
673 if (pcap_check_activated(p))
674 return (PCAP_ERROR_ACTIVATED);
675 p->opt.buffer_size = buffer_size;
676 return (0);
677 }
678
679 int
pcap_set_tstamp_precision(pcap_t * p,int tstamp_precision)680 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
681 {
682 int i;
683
684 if (pcap_check_activated(p))
685 return (PCAP_ERROR_ACTIVATED);
686
687 /*
688 * If p->tstamp_precision_count is 0, we only support setting
689 * the time stamp precision to microsecond precision; every
690 * pcap module *MUST* support microsecond precision, even if
691 * it does so by converting the native precision to
692 * microseconds.
693 */
694 if (p->tstamp_precision_count == 0) {
695 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
696 p->opt.tstamp_precision = tstamp_precision;
697 return (0);
698 }
699 } else {
700 /*
701 * Check whether we claim to support this precision of
702 * time stamp.
703 */
704 for (i = 0; i < p->tstamp_precision_count; i++) {
705 if (p->tstamp_precision_list[i] == tstamp_precision) {
706 /*
707 * Yes.
708 */
709 p->opt.tstamp_precision = tstamp_precision;
710 return (0);
711 }
712 }
713 }
714
715 /*
716 * We don't support this time stamp precision.
717 */
718 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
719 }
720
721 int
pcap_get_tstamp_precision(pcap_t * p)722 pcap_get_tstamp_precision(pcap_t *p)
723 {
724 return (p->opt.tstamp_precision);
725 }
726
727 int
pcap_activate(pcap_t * p)728 pcap_activate(pcap_t *p)
729 {
730 int status;
731
732 /*
733 * Catch attempts to re-activate an already-activated
734 * pcap_t; this should, for example, catch code that
735 * calls pcap_open_live() followed by pcap_activate(),
736 * as some code that showed up in a Stack Exchange
737 * question did.
738 */
739 if (pcap_check_activated(p))
740 return (PCAP_ERROR_ACTIVATED);
741 status = p->activate_op(p);
742 if (status >= 0)
743 p->activated = 1;
744 else {
745 if (p->errbuf[0] == '\0') {
746 /*
747 * No error message supplied by the activate routine;
748 * for the benefit of programs that don't specially
749 * handle errors other than PCAP_ERROR, return the
750 * error message corresponding to the status.
751 */
752 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
753 pcap_statustostr(status));
754 }
755
756 /*
757 * Undo any operation pointer setting, etc. done by
758 * the activate operation.
759 */
760 initialize_ops(p);
761 }
762 return (status);
763 }
764
765 pcap_t *
pcap_open_live(const char * source,int snaplen,int promisc,int to_ms,char * errbuf)766 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
767 {
768 pcap_t *p;
769 int status;
770
771 p = pcap_create(source, errbuf);
772 if (p == NULL)
773 return (NULL);
774 status = pcap_set_snaplen(p, snaplen);
775 if (status < 0)
776 goto fail;
777 status = pcap_set_promisc(p, promisc);
778 if (status < 0)
779 goto fail;
780 status = pcap_set_timeout(p, to_ms);
781 if (status < 0)
782 goto fail;
783 /*
784 * Mark this as opened with pcap_open_live(), so that, for
785 * example, we show the full list of DLT_ values, rather
786 * than just the ones that are compatible with capturing
787 * when not in monitor mode. That allows existing applications
788 * to work the way they used to work, but allows new applications
789 * that know about the new open API to, for example, find out the
790 * DLT_ values that they can select without changing whether
791 * the adapter is in monitor mode or not.
792 */
793 p->oldstyle = 1;
794 status = pcap_activate(p);
795 if (status < 0)
796 goto fail;
797 return (p);
798 fail:
799 if (status == PCAP_ERROR)
800 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
801 p->errbuf);
802 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
803 status == PCAP_ERROR_PERM_DENIED ||
804 status == PCAP_ERROR_PROMISC_PERM_DENIED)
805 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
806 pcap_statustostr(status), p->errbuf);
807 else
808 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
809 pcap_statustostr(status));
810 pcap_close(p);
811 return (NULL);
812 }
813
814 pcap_t *
pcap_open_offline_common(char * ebuf,size_t size)815 pcap_open_offline_common(char *ebuf, size_t size)
816 {
817 pcap_t *p;
818
819 p = pcap_alloc_pcap_t(ebuf, size);
820 if (p == NULL)
821 return (NULL);
822
823 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
824 p->opt.source = strdup("(savefile)");
825 if (p->opt.source == NULL) {
826 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
827 pcap_strerror(errno));
828 free(p);
829 return (NULL);
830 }
831
832 return (p);
833 }
834
835 int
pcap_dispatch(pcap_t * p,int cnt,pcap_handler callback,u_char * user)836 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
837 {
838 return (p->read_op(p, cnt, callback, user));
839 }
840
841 /*
842 * XXX - is this necessary?
843 */
844 int
pcap_read(pcap_t * p,int cnt,pcap_handler callback,u_char * user)845 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
846 {
847
848 return (p->read_op(p, cnt, callback, user));
849 }
850
851 int
pcap_loop(pcap_t * p,int cnt,pcap_handler callback,u_char * user)852 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
853 {
854 register int n;
855
856 for (;;) {
857 if (p->rfile != NULL) {
858 /*
859 * 0 means EOF, so don't loop if we get 0.
860 */
861 n = pcap_offline_read(p, cnt, callback, user);
862 } else {
863 /*
864 * XXX keep reading until we get something
865 * (or an error occurs)
866 */
867 do {
868 n = p->read_op(p, cnt, callback, user);
869 } while (n == 0);
870 }
871 if (n <= 0)
872 return (n);
873 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
874 cnt -= n;
875 if (cnt <= 0)
876 return (0);
877 }
878 }
879 }
880
881 /*
882 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
883 */
884 void
pcap_breakloop(pcap_t * p)885 pcap_breakloop(pcap_t *p)
886 {
887 p->break_loop = 1;
888 }
889
890 int
pcap_datalink(pcap_t * p)891 pcap_datalink(pcap_t *p)
892 {
893 if (!p->activated)
894 return (PCAP_ERROR_NOT_ACTIVATED);
895 return (p->linktype);
896 }
897
898 int
pcap_datalink_ext(pcap_t * p)899 pcap_datalink_ext(pcap_t *p)
900 {
901 if (!p->activated)
902 return (PCAP_ERROR_NOT_ACTIVATED);
903 return (p->linktype_ext);
904 }
905
906 int
pcap_list_datalinks(pcap_t * p,int ** dlt_buffer)907 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
908 {
909 if (!p->activated)
910 return (PCAP_ERROR_NOT_ACTIVATED);
911 if (p->dlt_count == 0) {
912 /*
913 * We couldn't fetch the list of DLTs, which means
914 * this platform doesn't support changing the
915 * DLT for an interface. Return a list of DLTs
916 * containing only the DLT this device supports.
917 */
918 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
919 if (*dlt_buffer == NULL) {
920 (void)snprintf(p->errbuf, sizeof(p->errbuf),
921 "malloc: %s", pcap_strerror(errno));
922 return (PCAP_ERROR);
923 }
924 **dlt_buffer = p->linktype;
925 return (1);
926 } else {
927 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
928 if (*dlt_buffer == NULL) {
929 (void)snprintf(p->errbuf, sizeof(p->errbuf),
930 "malloc: %s", pcap_strerror(errno));
931 return (PCAP_ERROR);
932 }
933 (void)memcpy(*dlt_buffer, p->dlt_list,
934 sizeof(**dlt_buffer) * p->dlt_count);
935 return (p->dlt_count);
936 }
937 }
938
939 /*
940 * In Windows, you might have a library built with one version of the
941 * C runtime library and an application built with another version of
942 * the C runtime library, which means that the library might use one
943 * version of malloc() and free() and the application might use another
944 * version of malloc() and free(). If so, that means something
945 * allocated by the library cannot be freed by the application, so we
946 * need to have a pcap_free_datalinks() routine to free up the list
947 * allocated by pcap_list_datalinks(), even though it's just a wrapper
948 * around free().
949 */
950 void
pcap_free_datalinks(int * dlt_list)951 pcap_free_datalinks(int *dlt_list)
952 {
953 free(dlt_list);
954 }
955
956 int
pcap_set_datalink(pcap_t * p,int dlt)957 pcap_set_datalink(pcap_t *p, int dlt)
958 {
959 int i;
960 const char *dlt_name;
961
962 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
963 /*
964 * We couldn't fetch the list of DLTs, or we don't
965 * have a "set datalink" operation, which means
966 * this platform doesn't support changing the
967 * DLT for an interface. Check whether the new
968 * DLT is the one this interface supports.
969 */
970 if (p->linktype != dlt)
971 goto unsupported;
972
973 /*
974 * It is, so there's nothing we need to do here.
975 */
976 return (0);
977 }
978 for (i = 0; i < p->dlt_count; i++)
979 if (p->dlt_list[i] == dlt)
980 break;
981 if (i >= p->dlt_count)
982 goto unsupported;
983 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
984 dlt == DLT_DOCSIS) {
985 /*
986 * This is presumably an Ethernet device, as the first
987 * link-layer type it offers is DLT_EN10MB, and the only
988 * other type it offers is DLT_DOCSIS. That means that
989 * we can't tell the driver to supply DOCSIS link-layer
990 * headers - we're just pretending that's what we're
991 * getting, as, presumably, we're capturing on a dedicated
992 * link to a Cisco Cable Modem Termination System, and
993 * it's putting raw DOCSIS frames on the wire inside low-level
994 * Ethernet framing.
995 */
996 p->linktype = dlt;
997 return (0);
998 }
999 if (p->set_datalink_op(p, dlt) == -1)
1000 return (-1);
1001 p->linktype = dlt;
1002 return (0);
1003
1004 unsupported:
1005 dlt_name = pcap_datalink_val_to_name(dlt);
1006 if (dlt_name != NULL) {
1007 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1008 "%s is not one of the DLTs supported by this device",
1009 dlt_name);
1010 } else {
1011 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1012 "DLT %d is not one of the DLTs supported by this device",
1013 dlt);
1014 }
1015 return (-1);
1016 }
1017
1018 /*
1019 * This array is designed for mapping upper and lower case letter
1020 * together for a case independent comparison. The mappings are
1021 * based upon ascii character sequences.
1022 */
1023 static const u_char charmap[] = {
1024 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1025 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1026 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1027 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1028 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1029 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1030 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1031 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1032 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1033 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1034 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1035 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1036 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1037 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1038 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1039 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1040 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1041 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1042 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1043 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1044 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1045 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1046 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1047 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1048 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1049 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1050 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1051 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1052 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1053 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1054 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1055 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1056 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1057 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1058 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1059 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1060 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1061 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1062 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1063 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1064 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1065 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1066 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1067 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1068 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1069 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1070 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1071 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1072 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1073 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1074 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1075 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1076 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1077 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1078 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1079 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1080 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1081 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1082 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1083 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1084 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1085 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1086 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1087 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1088 };
1089
1090 int
pcap_strcasecmp(const char * s1,const char * s2)1091 pcap_strcasecmp(const char *s1, const char *s2)
1092 {
1093 register const u_char *cm = charmap,
1094 *us1 = (const u_char *)s1,
1095 *us2 = (const u_char *)s2;
1096
1097 while (cm[*us1] == cm[*us2++])
1098 if (*us1++ == '\0')
1099 return(0);
1100 return (cm[*us1] - cm[*--us2]);
1101 }
1102
1103 struct dlt_choice {
1104 const char *name;
1105 const char *description;
1106 int dlt;
1107 };
1108
1109 #define DLT_CHOICE(code, description) { #code, description, code }
1110 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1111
1112 static struct dlt_choice dlt_choices[] = {
1113 DLT_CHOICE(DLT_NULL, "BSD loopback"),
1114 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
1115 DLT_CHOICE(DLT_IEEE802, "Token ring"),
1116 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
1117 DLT_CHOICE(DLT_SLIP, "SLIP"),
1118 DLT_CHOICE(DLT_PPP, "PPP"),
1119 DLT_CHOICE(DLT_FDDI, "FDDI"),
1120 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1121 DLT_CHOICE(DLT_RAW, "Raw IP"),
1122 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
1123 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
1124 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
1125 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
1126 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
1127 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
1128 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
1129 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
1130 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
1131 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
1132 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
1133 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
1134 DLT_CHOICE(DLT_LTALK, "Localtalk"),
1135 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
1136 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
1137 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
1138 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1139 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
1140 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
1141 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
1142 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1143 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1144 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
1145 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
1146 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1147 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
1148 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1149 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
1150 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1151 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1152 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
1153 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
1154 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
1155 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
1156 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
1157 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1158 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1159 DLT_CHOICE(DLT_BACNET_MS_TP, "BACnet MS/TP"),
1160 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
1161 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
1162 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1163 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
1164 DLT_CHOICE(DLT_GPF_T, "GPF-T"),
1165 DLT_CHOICE(DLT_GPF_F, "GPF-F"),
1166 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1167 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"),
1168 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
1169 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
1170 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
1171 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
1172 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
1173 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
1174 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
1175 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
1176 DLT_CHOICE(DLT_A429, "Arinc 429"),
1177 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
1178 DLT_CHOICE(DLT_USB, "USB"),
1179 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1180 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1181 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
1182 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1183 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1184 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
1185 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1186 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
1187 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1188 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
1189 DLT_CHOICE(DLT_ERF, "Endace ERF header"),
1190 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
1191 DLT_CHOICE(DLT_IPMB, "IPMB"),
1192 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
1193 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1194 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
1195 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1196 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
1197 DLT_CHOICE(DLT_LINUX_EVDEV, "Linux evdev events"),
1198 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
1199 DLT_CHOICE(DLT_DECT, "DECT"),
1200 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"),
1201 DLT_CHOICE(DLT_WIHART, "Wireless HART"),
1202 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"),
1203 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1204 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"),
1205 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1206 DLT_CHOICE(DLT_IPV4, "Raw IPv4"),
1207 DLT_CHOICE(DLT_IPV6, "Raw IPv6"),
1208 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1209 DLT_CHOICE(DLT_DBUS, "D-Bus"),
1210 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"),
1211 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1212 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1213 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"),
1214 DLT_CHOICE(DLT_MUX27010, "MUX27010"),
1215 DLT_CHOICE(DLT_STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
1216 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1217 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"),
1218 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1219 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1220 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"),
1221 DLT_CHOICE(DLT_MPEG_2_TS, "MPEG-2 transport stream"),
1222 DLT_CHOICE(DLT_NG40, "ng40 protocol tester Iub/Iur"),
1223 DLT_CHOICE(DLT_NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
1224 DLT_CHOICE(DLT_INFINIBAND, "InfiniBand"),
1225 DLT_CHOICE(DLT_SCTP, "SCTP"),
1226 DLT_CHOICE(DLT_USBPCAP, "USB with USBPcap header"),
1227 DLT_CHOICE(DLT_RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
1228 DLT_CHOICE(DLT_BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
1229 DLT_CHOICE(DLT_NETLINK, "Linux netlink"),
1230 DLT_CHOICE(DLT_BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
1231 DLT_CHOICE(DLT_BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
1232 DLT_CHOICE(DLT_BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
1233 DLT_CHOICE(DLT_PROFIBUS_DL, "PROFIBUS data link layer"),
1234 DLT_CHOICE(DLT_PKTAP, "Apple DLT_PKTAP"),
1235 DLT_CHOICE(DLT_EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
1236 DLT_CHOICE_SENTINEL
1237 };
1238
1239 int
pcap_datalink_name_to_val(const char * name)1240 pcap_datalink_name_to_val(const char *name)
1241 {
1242 int i;
1243
1244 for (i = 0; dlt_choices[i].name != NULL; i++) {
1245 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
1246 name) == 0)
1247 return (dlt_choices[i].dlt);
1248 }
1249 return (-1);
1250 }
1251
1252 const char *
pcap_datalink_val_to_name(int dlt)1253 pcap_datalink_val_to_name(int dlt)
1254 {
1255 int i;
1256
1257 for (i = 0; dlt_choices[i].name != NULL; i++) {
1258 if (dlt_choices[i].dlt == dlt)
1259 return (dlt_choices[i].name + sizeof("DLT_") - 1);
1260 }
1261 return (NULL);
1262 }
1263
1264 const char *
pcap_datalink_val_to_description(int dlt)1265 pcap_datalink_val_to_description(int dlt)
1266 {
1267 int i;
1268
1269 for (i = 0; dlt_choices[i].name != NULL; i++) {
1270 if (dlt_choices[i].dlt == dlt)
1271 return (dlt_choices[i].description);
1272 }
1273 return (NULL);
1274 }
1275
1276 struct tstamp_type_choice {
1277 const char *name;
1278 const char *description;
1279 int type;
1280 };
1281
1282 static struct tstamp_type_choice tstamp_type_choices[] = {
1283 { "host", "Host", PCAP_TSTAMP_HOST },
1284 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1285 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1286 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1287 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1288 { NULL, NULL, 0 }
1289 };
1290
1291 int
pcap_tstamp_type_name_to_val(const char * name)1292 pcap_tstamp_type_name_to_val(const char *name)
1293 {
1294 int i;
1295
1296 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1297 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1298 return (tstamp_type_choices[i].type);
1299 }
1300 return (PCAP_ERROR);
1301 }
1302
1303 const char *
pcap_tstamp_type_val_to_name(int tstamp_type)1304 pcap_tstamp_type_val_to_name(int tstamp_type)
1305 {
1306 int i;
1307
1308 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1309 if (tstamp_type_choices[i].type == tstamp_type)
1310 return (tstamp_type_choices[i].name);
1311 }
1312 return (NULL);
1313 }
1314
1315 const char *
pcap_tstamp_type_val_to_description(int tstamp_type)1316 pcap_tstamp_type_val_to_description(int tstamp_type)
1317 {
1318 int i;
1319
1320 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1321 if (tstamp_type_choices[i].type == tstamp_type)
1322 return (tstamp_type_choices[i].description);
1323 }
1324 return (NULL);
1325 }
1326
1327 int
pcap_snapshot(pcap_t * p)1328 pcap_snapshot(pcap_t *p)
1329 {
1330 if (!p->activated)
1331 return (PCAP_ERROR_NOT_ACTIVATED);
1332 return (p->snapshot);
1333 }
1334
1335 int
pcap_is_swapped(pcap_t * p)1336 pcap_is_swapped(pcap_t *p)
1337 {
1338 if (!p->activated)
1339 return (PCAP_ERROR_NOT_ACTIVATED);
1340 return (p->swapped);
1341 }
1342
1343 int
pcap_major_version(pcap_t * p)1344 pcap_major_version(pcap_t *p)
1345 {
1346 if (!p->activated)
1347 return (PCAP_ERROR_NOT_ACTIVATED);
1348 return (p->version_major);
1349 }
1350
1351 int
pcap_minor_version(pcap_t * p)1352 pcap_minor_version(pcap_t *p)
1353 {
1354 if (!p->activated)
1355 return (PCAP_ERROR_NOT_ACTIVATED);
1356 return (p->version_minor);
1357 }
1358
1359 FILE *
pcap_file(pcap_t * p)1360 pcap_file(pcap_t *p)
1361 {
1362 return (p->rfile);
1363 }
1364
1365 int
pcap_fileno(pcap_t * p)1366 pcap_fileno(pcap_t *p)
1367 {
1368 #ifndef WIN32
1369 return (p->fd);
1370 #else
1371 if (p->adapter != NULL)
1372 return ((int)(DWORD)p->adapter->hFile);
1373 else
1374 return (PCAP_ERROR);
1375 #endif
1376 }
1377
1378 #if !defined(WIN32) && !defined(MSDOS)
1379 int
pcap_get_selectable_fd(pcap_t * p)1380 pcap_get_selectable_fd(pcap_t *p)
1381 {
1382 return (p->selectable_fd);
1383 }
1384 #endif
1385
1386 void
pcap_perror(pcap_t * p,char * prefix)1387 pcap_perror(pcap_t *p, char *prefix)
1388 {
1389 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1390 }
1391
1392 char *
pcap_geterr(pcap_t * p)1393 pcap_geterr(pcap_t *p)
1394 {
1395 return (p->errbuf);
1396 }
1397
1398 int
pcap_getnonblock(pcap_t * p,char * errbuf)1399 pcap_getnonblock(pcap_t *p, char *errbuf)
1400 {
1401 int ret;
1402
1403 ret = p->getnonblock_op(p, errbuf);
1404 if (ret == -1) {
1405 /*
1406 * In case somebody depended on the bug wherein
1407 * the error message was put into p->errbuf
1408 * by pcap_getnonblock_fd().
1409 */
1410 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1411 }
1412 return (ret);
1413 }
1414
1415 /*
1416 * Get the current non-blocking mode setting, under the assumption that
1417 * it's just the standard POSIX non-blocking flag.
1418 *
1419 * We don't look at "p->nonblock", in case somebody tweaked the FD
1420 * directly.
1421 */
1422 #if !defined(WIN32) && !defined(MSDOS)
1423 int
pcap_getnonblock_fd(pcap_t * p,char * errbuf)1424 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1425 {
1426 int fdflags;
1427
1428 fdflags = fcntl(p->fd, F_GETFL, 0);
1429 if (fdflags == -1) {
1430 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1431 pcap_strerror(errno));
1432 return (-1);
1433 }
1434 if (fdflags & O_NONBLOCK)
1435 return (1);
1436 else
1437 return (0);
1438 }
1439 #endif
1440
1441 int
pcap_setnonblock(pcap_t * p,int nonblock,char * errbuf)1442 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1443 {
1444 int ret;
1445
1446 ret = p->setnonblock_op(p, nonblock, errbuf);
1447 if (ret == -1) {
1448 /*
1449 * In case somebody depended on the bug wherein
1450 * the error message was put into p->errbuf
1451 * by pcap_setnonblock_fd().
1452 */
1453 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1454 }
1455 return (ret);
1456 }
1457
1458 #if !defined(WIN32) && !defined(MSDOS)
1459 /*
1460 * Set non-blocking mode, under the assumption that it's just the
1461 * standard POSIX non-blocking flag. (This can be called by the
1462 * per-platform non-blocking-mode routine if that routine also
1463 * needs to do some additional work.)
1464 */
1465 int
pcap_setnonblock_fd(pcap_t * p,int nonblock,char * errbuf)1466 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1467 {
1468 int fdflags;
1469
1470 fdflags = fcntl(p->fd, F_GETFL, 0);
1471 if (fdflags == -1) {
1472 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1473 pcap_strerror(errno));
1474 return (-1);
1475 }
1476 if (nonblock)
1477 fdflags |= O_NONBLOCK;
1478 else
1479 fdflags &= ~O_NONBLOCK;
1480 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1481 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1482 pcap_strerror(errno));
1483 return (-1);
1484 }
1485 return (0);
1486 }
1487 #endif
1488
1489 #ifdef WIN32
1490 /*
1491 * Generate a string for the last Win32-specific error (i.e. an error generated when
1492 * calling a Win32 API).
1493 * For errors occurred during standard C calls, we still use pcap_strerror()
1494 */
1495 char *
pcap_win32strerror(void)1496 pcap_win32strerror(void)
1497 {
1498 DWORD error;
1499 static char errbuf[PCAP_ERRBUF_SIZE+1];
1500 int errlen;
1501 char *p;
1502
1503 error = GetLastError();
1504 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1505 PCAP_ERRBUF_SIZE, NULL);
1506
1507 /*
1508 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1509 * message. Get rid of it.
1510 */
1511 errlen = strlen(errbuf);
1512 if (errlen >= 2) {
1513 errbuf[errlen - 1] = '\0';
1514 errbuf[errlen - 2] = '\0';
1515 }
1516 p = strchr(errbuf, '\0');
1517 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
1518 return (errbuf);
1519 }
1520 #endif
1521
1522 /*
1523 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1524 */
1525 const char *
pcap_statustostr(int errnum)1526 pcap_statustostr(int errnum)
1527 {
1528 static char ebuf[15+10+1];
1529
1530 switch (errnum) {
1531
1532 case PCAP_WARNING:
1533 return("Generic warning");
1534
1535 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1536 return ("That type of time stamp is not supported by that device");
1537
1538 case PCAP_WARNING_PROMISC_NOTSUP:
1539 return ("That device doesn't support promiscuous mode");
1540
1541 case PCAP_ERROR:
1542 return("Generic error");
1543
1544 case PCAP_ERROR_BREAK:
1545 return("Loop terminated by pcap_breakloop");
1546
1547 case PCAP_ERROR_NOT_ACTIVATED:
1548 return("The pcap_t has not been activated");
1549
1550 case PCAP_ERROR_ACTIVATED:
1551 return ("The setting can't be changed after the pcap_t is activated");
1552
1553 case PCAP_ERROR_NO_SUCH_DEVICE:
1554 return ("No such device exists");
1555
1556 case PCAP_ERROR_RFMON_NOTSUP:
1557 return ("That device doesn't support monitor mode");
1558
1559 case PCAP_ERROR_NOT_RFMON:
1560 return ("That operation is supported only in monitor mode");
1561
1562 case PCAP_ERROR_PERM_DENIED:
1563 return ("You don't have permission to capture on that device");
1564
1565 case PCAP_ERROR_IFACE_NOT_UP:
1566 return ("That device is not up");
1567
1568 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1569 return ("That device doesn't support setting the time stamp type");
1570
1571 case PCAP_ERROR_PROMISC_PERM_DENIED:
1572 return ("You don't have permission to capture in promiscuous mode on that device");
1573
1574 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
1575 return ("That device doesn't support that time stamp precision");
1576 }
1577 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1578 return(ebuf);
1579 }
1580
1581 /*
1582 * Not all systems have strerror().
1583 */
1584 const char *
pcap_strerror(int errnum)1585 pcap_strerror(int errnum)
1586 {
1587 #ifdef HAVE_STRERROR
1588 return (strerror(errnum));
1589 #else
1590 extern int sys_nerr;
1591 extern const char *const sys_errlist[];
1592 static char ebuf[15+10+1];
1593
1594 if ((unsigned int)errnum < sys_nerr)
1595 return ((char *)sys_errlist[errnum]);
1596 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1597 return(ebuf);
1598 #endif
1599 }
1600
1601 int
pcap_setfilter(pcap_t * p,struct bpf_program * fp)1602 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1603 {
1604 return (p->setfilter_op(p, fp));
1605 }
1606
1607 /*
1608 * Set direction flag, which controls whether we accept only incoming
1609 * packets, only outgoing packets, or both.
1610 * Note that, depending on the platform, some or all direction arguments
1611 * might not be supported.
1612 */
1613 int
pcap_setdirection(pcap_t * p,pcap_direction_t d)1614 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1615 {
1616 if (p->setdirection_op == NULL) {
1617 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1618 "Setting direction is not implemented on this platform");
1619 return (-1);
1620 } else
1621 return (p->setdirection_op(p, d));
1622 }
1623
1624 int
pcap_stats(pcap_t * p,struct pcap_stat * ps)1625 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1626 {
1627 return (p->stats_op(p, ps));
1628 }
1629
1630 static int
pcap_stats_dead(pcap_t * p,struct pcap_stat * ps _U_)1631 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1632 {
1633 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1634 "Statistics aren't available from a pcap_open_dead pcap_t");
1635 return (-1);
1636 }
1637
1638 #ifdef WIN32
1639 int
pcap_setbuff(pcap_t * p,int dim)1640 pcap_setbuff(pcap_t *p, int dim)
1641 {
1642 return (p->setbuff_op(p, dim));
1643 }
1644
1645 static int
pcap_setbuff_dead(pcap_t * p,int dim)1646 pcap_setbuff_dead(pcap_t *p, int dim)
1647 {
1648 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1649 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1650 return (-1);
1651 }
1652
1653 int
pcap_setmode(pcap_t * p,int mode)1654 pcap_setmode(pcap_t *p, int mode)
1655 {
1656 return (p->setmode_op(p, mode));
1657 }
1658
1659 static int
pcap_setmode_dead(pcap_t * p,int mode)1660 pcap_setmode_dead(pcap_t *p, int mode)
1661 {
1662 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1663 "impossible to set mode on a pcap_open_dead pcap_t");
1664 return (-1);
1665 }
1666
1667 int
pcap_setmintocopy(pcap_t * p,int size)1668 pcap_setmintocopy(pcap_t *p, int size)
1669 {
1670 return (p->setmintocopy_op(p, size));
1671 }
1672
1673 Adapter *
pcap_get_adapter(pcap_t * p)1674 pcap_get_adapter(pcap_t *p)
1675 {
1676 return (p->getadapter_op(p));
1677 }
1678
1679 static int
pcap_setmintocopy_dead(pcap_t * p,int size)1680 pcap_setmintocopy_dead(pcap_t *p, int size)
1681 {
1682 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1683 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1684 return (-1);
1685 }
1686 #endif
1687
1688 /*
1689 * On some platforms, we need to clean up promiscuous or monitor mode
1690 * when we close a device - and we want that to happen even if the
1691 * application just exits without explicitl closing devices.
1692 * On those platforms, we need to register a "close all the pcaps"
1693 * routine to be called when we exit, and need to maintain a list of
1694 * pcaps that need to be closed to clean up modes.
1695 *
1696 * XXX - not thread-safe.
1697 */
1698
1699 /*
1700 * List of pcaps on which we've done something that needs to be
1701 * cleaned up.
1702 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1703 * when we exit, and have it close all of them.
1704 */
1705 static struct pcap *pcaps_to_close;
1706
1707 /*
1708 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1709 * be called on exit.
1710 */
1711 static int did_atexit;
1712
1713 static void
pcap_close_all(void)1714 pcap_close_all(void)
1715 {
1716 struct pcap *handle;
1717
1718 while ((handle = pcaps_to_close) != NULL)
1719 pcap_close(handle);
1720 }
1721
1722 int
pcap_do_addexit(pcap_t * p)1723 pcap_do_addexit(pcap_t *p)
1724 {
1725 /*
1726 * If we haven't already done so, arrange to have
1727 * "pcap_close_all()" called when we exit.
1728 */
1729 if (!did_atexit) {
1730 if (atexit(pcap_close_all) == -1) {
1731 /*
1732 * "atexit()" failed; let our caller know.
1733 */
1734 strncpy(p->errbuf, "atexit failed",
1735 PCAP_ERRBUF_SIZE);
1736 return (0);
1737 }
1738 did_atexit = 1;
1739 }
1740 return (1);
1741 }
1742
1743 void
pcap_add_to_pcaps_to_close(pcap_t * p)1744 pcap_add_to_pcaps_to_close(pcap_t *p)
1745 {
1746 p->next = pcaps_to_close;
1747 pcaps_to_close = p;
1748 }
1749
1750 void
pcap_remove_from_pcaps_to_close(pcap_t * p)1751 pcap_remove_from_pcaps_to_close(pcap_t *p)
1752 {
1753 pcap_t *pc, *prevpc;
1754
1755 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1756 prevpc = pc, pc = pc->next) {
1757 if (pc == p) {
1758 /*
1759 * Found it. Remove it from the list.
1760 */
1761 if (prevpc == NULL) {
1762 /*
1763 * It was at the head of the list.
1764 */
1765 pcaps_to_close = pc->next;
1766 } else {
1767 /*
1768 * It was in the middle of the list.
1769 */
1770 prevpc->next = pc->next;
1771 }
1772 break;
1773 }
1774 }
1775 }
1776
1777 void
pcap_cleanup_live_common(pcap_t * p)1778 pcap_cleanup_live_common(pcap_t *p)
1779 {
1780 if (p->buffer != NULL) {
1781 free(p->buffer);
1782 p->buffer = NULL;
1783 }
1784 if (p->dlt_list != NULL) {
1785 free(p->dlt_list);
1786 p->dlt_list = NULL;
1787 p->dlt_count = 0;
1788 }
1789 if (p->tstamp_type_list != NULL) {
1790 free(p->tstamp_type_list);
1791 p->tstamp_type_list = NULL;
1792 p->tstamp_type_count = 0;
1793 }
1794 if (p->tstamp_precision_list != NULL) {
1795 free(p->tstamp_precision_list);
1796 p->tstamp_precision_list = NULL;
1797 p->tstamp_precision_count = 0;
1798 }
1799 pcap_freecode(&p->fcode);
1800 #if !defined(WIN32) && !defined(MSDOS)
1801 if (p->fd >= 0) {
1802 close(p->fd);
1803 p->fd = -1;
1804 }
1805 p->selectable_fd = -1;
1806 #endif
1807 }
1808
1809 static void
pcap_cleanup_dead(pcap_t * p _U_)1810 pcap_cleanup_dead(pcap_t *p _U_)
1811 {
1812 /* Nothing to do. */
1813 }
1814
1815 pcap_t *
pcap_open_dead_with_tstamp_precision(int linktype,int snaplen,u_int precision)1816 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
1817 {
1818 pcap_t *p;
1819
1820 switch (precision) {
1821
1822 case PCAP_TSTAMP_PRECISION_MICRO:
1823 case PCAP_TSTAMP_PRECISION_NANO:
1824 break;
1825
1826 default:
1827 return NULL;
1828 }
1829 p = malloc(sizeof(*p));
1830 if (p == NULL)
1831 return NULL;
1832 memset (p, 0, sizeof(*p));
1833 p->snapshot = snaplen;
1834 p->linktype = linktype;
1835 p->opt.tstamp_precision = precision;
1836 p->stats_op = pcap_stats_dead;
1837 #ifdef WIN32
1838 p->setbuff_op = pcap_setbuff_dead;
1839 p->setmode_op = pcap_setmode_dead;
1840 p->setmintocopy_op = pcap_setmintocopy_dead;
1841 #endif
1842 p->cleanup_op = pcap_cleanup_dead;
1843
1844 /*
1845 * A "dead" pcap_t never requires special BPF code generation.
1846 */
1847 p->bpf_codegen_flags = 0;
1848
1849 p->activated = 1;
1850 return (p);
1851 }
1852
1853 pcap_t *
pcap_open_dead(int linktype,int snaplen)1854 pcap_open_dead(int linktype, int snaplen)
1855 {
1856 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
1857 PCAP_TSTAMP_PRECISION_MICRO));
1858 }
1859
1860 /*
1861 * API compatible with WinPcap's "send a packet" routine - returns -1
1862 * on error, 0 otherwise.
1863 *
1864 * XXX - what if we get a short write?
1865 */
1866 int
pcap_sendpacket(pcap_t * p,const u_char * buf,int size)1867 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
1868 {
1869 if (p->inject_op(p, buf, size) == -1)
1870 return (-1);
1871 return (0);
1872 }
1873
1874 /*
1875 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
1876 * error, number of bytes written otherwise.
1877 */
1878 int
pcap_inject(pcap_t * p,const void * buf,size_t size)1879 pcap_inject(pcap_t *p, const void *buf, size_t size)
1880 {
1881 return (p->inject_op(p, buf, size));
1882 }
1883
1884 void
pcap_close(pcap_t * p)1885 pcap_close(pcap_t *p)
1886 {
1887 if (p->opt.source != NULL)
1888 free(p->opt.source);
1889 p->cleanup_op(p);
1890 free(p);
1891 }
1892
1893 /*
1894 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
1895 * data for the packet, check whether the packet passes the filter.
1896 * Returns the return value of the filter program, which will be zero if
1897 * the packet doesn't pass and non-zero if the packet does pass.
1898 */
1899 int
pcap_offline_filter(const struct bpf_program * fp,const struct pcap_pkthdr * h,const u_char * pkt)1900 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
1901 const u_char *pkt)
1902 {
1903 const struct bpf_insn *fcode = fp->bf_insns;
1904
1905 if (fcode != NULL)
1906 return (bpf_filter(fcode, pkt, h->len, h->caplen));
1907 else
1908 return (0);
1909 }
1910
1911 /*
1912 * We make the version string static, and return a pointer to it, rather
1913 * than exporting the version string directly. On at least some UNIXes,
1914 * if you import data from a shared library into an program, the data is
1915 * bound into the program binary, so if the string in the version of the
1916 * library with which the program was linked isn't the same as the
1917 * string in the version of the library with which the program is being
1918 * run, various undesirable things may happen (warnings, the string
1919 * being the one from the version of the library with which the program
1920 * was linked, or even weirder things, such as the string being the one
1921 * from the library but being truncated).
1922 */
1923 #ifdef HAVE_VERSION_H
1924 #include "version.h"
1925 #else
1926 static const char pcap_version_string[] = "libpcap version 1.x.y";
1927 #endif
1928
1929 #ifdef WIN32
1930 /*
1931 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
1932 * version numbers when building WinPcap. (It'd be nice to do so for
1933 * the packet.dll version number as well.)
1934 */
1935 static const char wpcap_version_string[] = "4.0";
1936 static const char pcap_version_string_fmt[] =
1937 "WinPcap version %s, based on %s";
1938 static const char pcap_version_string_packet_dll_fmt[] =
1939 "WinPcap version %s (packet.dll version %s), based on %s";
1940 static char *full_pcap_version_string;
1941
1942 const char *
pcap_lib_version(void)1943 pcap_lib_version(void)
1944 {
1945 char *packet_version_string;
1946 size_t full_pcap_version_string_len;
1947
1948 if (full_pcap_version_string == NULL) {
1949 /*
1950 * Generate the version string.
1951 */
1952 packet_version_string = PacketGetVersion();
1953 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
1954 /*
1955 * WinPcap version string and packet.dll version
1956 * string are the same; just report the WinPcap
1957 * version.
1958 */
1959 full_pcap_version_string_len =
1960 (sizeof pcap_version_string_fmt - 4) +
1961 strlen(wpcap_version_string) +
1962 strlen(pcap_version_string);
1963 full_pcap_version_string =
1964 malloc(full_pcap_version_string_len);
1965 if (full_pcap_version_string == NULL)
1966 return (NULL);
1967 sprintf(full_pcap_version_string,
1968 pcap_version_string_fmt, wpcap_version_string,
1969 pcap_version_string);
1970 } else {
1971 /*
1972 * WinPcap version string and packet.dll version
1973 * string are different; that shouldn't be the
1974 * case (the two libraries should come from the
1975 * same version of WinPcap), so we report both
1976 * versions.
1977 */
1978 full_pcap_version_string_len =
1979 (sizeof pcap_version_string_packet_dll_fmt - 6) +
1980 strlen(wpcap_version_string) +
1981 strlen(packet_version_string) +
1982 strlen(pcap_version_string);
1983 full_pcap_version_string = malloc(full_pcap_version_string_len);
1984 if (full_pcap_version_string == NULL)
1985 return (NULL);
1986 sprintf(full_pcap_version_string,
1987 pcap_version_string_packet_dll_fmt,
1988 wpcap_version_string, packet_version_string,
1989 pcap_version_string);
1990 }
1991 }
1992 return (full_pcap_version_string);
1993 }
1994
1995 #elif defined(MSDOS)
1996
1997 static char *full_pcap_version_string;
1998
1999 const char *
pcap_lib_version(void)2000 pcap_lib_version (void)
2001 {
2002 char *packet_version_string;
2003 size_t full_pcap_version_string_len;
2004 static char dospfx[] = "DOS-";
2005
2006 if (full_pcap_version_string == NULL) {
2007 /*
2008 * Generate the version string.
2009 */
2010 full_pcap_version_string_len =
2011 sizeof dospfx + strlen(pcap_version_string);
2012 full_pcap_version_string =
2013 malloc(full_pcap_version_string_len);
2014 if (full_pcap_version_string == NULL)
2015 return (NULL);
2016 strcpy(full_pcap_version_string, dospfx);
2017 strcat(full_pcap_version_string, pcap_version_string);
2018 }
2019 return (full_pcap_version_string);
2020 }
2021
2022 #else /* UN*X */
2023
2024 const char *
pcap_lib_version(void)2025 pcap_lib_version(void)
2026 {
2027 return (pcap_version_string);
2028 }
2029 #endif
2030