1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include "config.h"
36 #endif
37
38 #ifdef _WIN32
39 #include <pcap-stdinc.h>
40 #else /* _WIN32 */
41 #if HAVE_INTTYPES_H
42 #include <inttypes.h>
43 #elif HAVE_STDINT_H
44 #include <stdint.h>
45 #endif
46 #ifdef HAVE_SYS_BITYPES_H
47 #include <sys/bitypes.h>
48 #endif
49 #include <sys/types.h>
50 #endif /* _WIN32 */
51
52 #include <stdio.h>
53 #include <stdlib.h>
54 #include <string.h>
55 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
56 #include <unistd.h>
57 #endif
58 #include <fcntl.h>
59 #include <errno.h>
60
61 #ifdef HAVE_OS_PROTO_H
62 #include "os-proto.h"
63 #endif
64
65 #ifdef MSDOS
66 #include "pcap-dos.h"
67 #endif
68
69 #include "pcap-int.h"
70
71 #ifdef HAVE_DAG_API
72 #include "pcap-dag.h"
73 #endif /* HAVE_DAG_API */
74
75 #ifdef HAVE_SEPTEL_API
76 #include "pcap-septel.h"
77 #endif /* HAVE_SEPTEL_API */
78
79 #ifdef HAVE_SNF_API
80 #include "pcap-snf.h"
81 #endif /* HAVE_SNF_API */
82
83 #ifdef HAVE_TC_API
84 #include "pcap-tc.h"
85 #endif /* HAVE_TC_API */
86
87 #ifdef PCAP_SUPPORT_USB
88 #include "pcap-usb-linux.h"
89 #endif
90
91 #ifdef PCAP_SUPPORT_BT
92 #include "pcap-bt-linux.h"
93 #endif
94
95 #ifdef PCAP_SUPPORT_BT_MONITOR
96 #include "pcap-bt-monitor-linux.h"
97 #endif
98
99 #ifdef PCAP_SUPPORT_NETFILTER
100 #include "pcap-netfilter-linux.h"
101 #endif
102
103 #ifdef PCAP_SUPPORT_DBUS
104 #include "pcap-dbus.h"
105 #endif
106
107 static int
pcap_not_initialized(pcap_t * pcap)108 pcap_not_initialized(pcap_t *pcap)
109 {
110 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */
111 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
112 "This handle hasn't been activated yet");
113 /* this means 'not initialized' */
114 return (PCAP_ERROR_NOT_ACTIVATED);
115 }
116
117 #ifdef _WIN32
118 static void *
pcap_not_initialized_ptr(pcap_t * pcap)119 pcap_not_initialized_ptr(pcap_t *pcap)
120 {
121 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
122 "This handle hasn't been activated yet");
123 return (NULL);
124 }
125
126 static HANDLE
pcap_getevent_not_initialized(pcap_t * pcap)127 pcap_getevent_not_initialized(pcap_t *pcap)
128 {
129 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
130 "This handle hasn't been activated yet");
131 return (INVALID_HANDLE_VALUE);
132 }
133
134 static u_int
pcap_sendqueue_transmit_not_initialized(pcap_t * pcap,pcap_send_queue * queue,int sync)135 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue, int sync)
136 {
137 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
138 "This handle hasn't been activated yet");
139 return (0);
140 }
141
142 static PAirpcapHandle
pcap_get_airpcap_handle_not_initialized(pcap_t * pcap)143 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap)
144 {
145 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
146 "This handle hasn't been activated yet");
147 return (NULL);
148 }
149 #endif
150
151 /*
152 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
153 * a PCAP_ERROR value on an error.
154 */
155 int
pcap_can_set_rfmon(pcap_t * p)156 pcap_can_set_rfmon(pcap_t *p)
157 {
158 return (p->can_set_rfmon_op(p));
159 }
160
161 /*
162 * For systems where rfmon mode is never supported.
163 */
164 static int
pcap_cant_set_rfmon(pcap_t * p _U_)165 pcap_cant_set_rfmon(pcap_t *p _U_)
166 {
167 return (0);
168 }
169
170 /*
171 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
172 * types; the return value is the number of supported time stamp types.
173 * The list should be freed by a call to pcap_free_tstamp_types() when
174 * you're done with it.
175 *
176 * A return value of 0 means "you don't get a choice of time stamp type",
177 * in which case *tstamp_typesp is set to null.
178 *
179 * PCAP_ERROR is returned on error.
180 */
181 int
pcap_list_tstamp_types(pcap_t * p,int ** tstamp_typesp)182 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
183 {
184 if (p->tstamp_type_count == 0) {
185 /*
186 * We don't support multiple time stamp types.
187 */
188 *tstamp_typesp = NULL;
189 } else {
190 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
191 p->tstamp_type_count);
192 if (*tstamp_typesp == NULL) {
193 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
194 "malloc: %s", pcap_strerror(errno));
195 return (PCAP_ERROR);
196 }
197 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
198 sizeof(**tstamp_typesp) * p->tstamp_type_count);
199 }
200 return (p->tstamp_type_count);
201 }
202
203 /*
204 * In Windows, you might have a library built with one version of the
205 * C runtime library and an application built with another version of
206 * the C runtime library, which means that the library might use one
207 * version of malloc() and free() and the application might use another
208 * version of malloc() and free(). If so, that means something
209 * allocated by the library cannot be freed by the application, so we
210 * need to have a pcap_free_tstamp_types() routine to free up the list
211 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
212 * around free().
213 */
214 void
pcap_free_tstamp_types(int * tstamp_type_list)215 pcap_free_tstamp_types(int *tstamp_type_list)
216 {
217 free(tstamp_type_list);
218 }
219
220 /*
221 * Default one-shot callback; overridden for capture types where the
222 * packet data cannot be guaranteed to be available after the callback
223 * returns, so that a copy must be made.
224 */
225 void
pcap_oneshot(u_char * user,const struct pcap_pkthdr * h,const u_char * pkt)226 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
227 {
228 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
229
230 *sp->hdr = *h;
231 *sp->pkt = pkt;
232 }
233
234 const u_char *
pcap_next(pcap_t * p,struct pcap_pkthdr * h)235 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
236 {
237 struct oneshot_userdata s;
238 const u_char *pkt;
239
240 s.hdr = h;
241 s.pkt = &pkt;
242 s.pd = p;
243 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
244 return (0);
245 return (pkt);
246 }
247
248 int
pcap_next_ex(pcap_t * p,struct pcap_pkthdr ** pkt_header,const u_char ** pkt_data)249 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
250 const u_char **pkt_data)
251 {
252 struct oneshot_userdata s;
253
254 s.hdr = &p->pcap_header;
255 s.pkt = pkt_data;
256 s.pd = p;
257
258 /* Saves a pointer to the packet headers */
259 *pkt_header= &p->pcap_header;
260
261 if (p->rfile != NULL) {
262 int status;
263
264 /* We are on an offline capture */
265 status = pcap_offline_read(p, 1, p->oneshot_callback,
266 (u_char *)&s);
267
268 /*
269 * Return codes for pcap_offline_read() are:
270 * - 0: EOF
271 * - -1: error
272 * - >1: OK
273 * The first one ('0') conflicts with the return code of
274 * 0 from pcap_read() meaning "no packets arrived before
275 * the timeout expired", so we map it to -2 so you can
276 * distinguish between an EOF from a savefile and a
277 * "no packets arrived before the timeout expired, try
278 * again" from a live capture.
279 */
280 if (status == 0)
281 return (-2);
282 else
283 return (status);
284 }
285
286 /*
287 * Return codes for pcap_read() are:
288 * - 0: timeout
289 * - -1: error
290 * - -2: loop was broken out of with pcap_breakloop()
291 * - >1: OK
292 * The first one ('0') conflicts with the return code of 0 from
293 * pcap_offline_read() meaning "end of file".
294 */
295 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
296 }
297
298 static struct capture_source_type {
299 int (*findalldevs_op)(pcap_if_t **, char *);
300 pcap_t *(*create_op)(const char *, char *, int *);
301 } capture_source_types[] = {
302 #ifdef HAVE_DAG_API
303 { dag_findalldevs, dag_create },
304 #endif
305 #ifdef HAVE_SEPTEL_API
306 { septel_findalldevs, septel_create },
307 #endif
308 #ifdef HAVE_SNF_API
309 { snf_findalldevs, snf_create },
310 #endif
311 #ifdef HAVE_TC_API
312 { TcFindAllDevs, TcCreate },
313 #endif
314 #ifdef PCAP_SUPPORT_BT
315 { bt_findalldevs, bt_create },
316 #endif
317 #ifdef PCAP_SUPPORT_BT_MONITOR
318 { bt_monitor_findalldevs, bt_monitor_create },
319 #endif
320 #ifdef PCAP_SUPPORT_USB
321 { usb_findalldevs, usb_create },
322 #endif
323 #ifdef PCAP_SUPPORT_NETFILTER
324 { netfilter_findalldevs, netfilter_create },
325 #endif
326 #ifdef PCAP_SUPPORT_DBUS
327 { dbus_findalldevs, dbus_create },
328 #endif
329 { NULL, NULL }
330 };
331
332 /*
333 * Get a list of all capture sources that are up and that we can open.
334 * Returns -1 on error, 0 otherwise.
335 * The list, as returned through "alldevsp", may be null if no interfaces
336 * were up and could be opened.
337 */
338 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)339 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
340 {
341 size_t i;
342
343 /*
344 * Find all the local network interfaces on which we
345 * can capture.
346 */
347 if (pcap_platform_finddevs(alldevsp, errbuf) == -1)
348 return (-1);
349
350 /*
351 * Ask each of the non-local-network-interface capture
352 * source types what interfaces they have.
353 */
354 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
355 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
356 /*
357 * We had an error; free the list we've been
358 * constructing.
359 */
360 if (*alldevsp != NULL) {
361 pcap_freealldevs(*alldevsp);
362 *alldevsp = NULL;
363 }
364 return (-1);
365 }
366 }
367
368 return (0);
369 }
370
371 pcap_t *
pcap_create(const char * device,char * errbuf)372 pcap_create(const char *device, char *errbuf)
373 {
374 size_t i;
375 int is_theirs;
376 pcap_t *p;
377 char *device_str;
378
379 /*
380 * A null device name is equivalent to the "any" device -
381 * which might not be supported on this platform, but
382 * this means that you'll get a "not supported" error
383 * rather than, say, a crash when we try to dereference
384 * the null pointer.
385 */
386 if (device == NULL)
387 device_str = strdup("any");
388 else {
389 #ifdef _WIN32
390 /*
391 * If the string appears to be little-endian UCS-2/UTF-16,
392 * convert it to ASCII.
393 *
394 * XXX - to UTF-8 instead? Or report an error if any
395 * character isn't ASCII?
396 */
397 if (device[0] != '\0' && device[1] == '\0') {
398 size_t length;
399
400 length = wcslen((wchar_t *)device);
401 device_str = (char *)malloc(length + 1);
402 if (device_str == NULL) {
403 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
404 "malloc: %s", pcap_strerror(errno));
405 return (NULL);
406 }
407
408 pcap_snprintf(device_str, length + 1, "%ws",
409 (const wchar_t *)device);
410 } else
411 #endif
412 device_str = strdup(device);
413 }
414 if (device_str == NULL) {
415 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
416 "malloc: %s", pcap_strerror(errno));
417 return (NULL);
418 }
419
420 /*
421 * Try each of the non-local-network-interface capture
422 * source types until we find one that works for this
423 * device or run out of types.
424 */
425 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
426 is_theirs = 0;
427 p = capture_source_types[i].create_op(device_str, errbuf,
428 &is_theirs);
429 if (is_theirs) {
430 /*
431 * The device name refers to a device of the
432 * type in question; either it succeeded,
433 * in which case p refers to a pcap_t to
434 * later activate for the device, or it
435 * failed, in which case p is null and we
436 * should return that to report the failure
437 * to create.
438 */
439 if (p == NULL) {
440 /*
441 * We assume the caller filled in errbuf.
442 */
443 free(device_str);
444 return (NULL);
445 }
446 p->opt.device = device_str;
447 return (p);
448 }
449 }
450
451 /*
452 * OK, try it as a regular network interface.
453 */
454 p = pcap_create_interface(device_str, errbuf);
455 if (p == NULL) {
456 /*
457 * We assume the caller filled in errbuf.
458 */
459 free(device_str);
460 return (NULL);
461 }
462 p->opt.device = device_str;
463 return (p);
464 }
465
466 static void
initialize_ops(pcap_t * p)467 initialize_ops(pcap_t *p)
468 {
469 /*
470 * Set operation pointers for operations that only work on
471 * an activated pcap_t to point to a routine that returns
472 * a "this isn't activated" error.
473 */
474 p->read_op = (read_op_t)pcap_not_initialized;
475 p->inject_op = (inject_op_t)pcap_not_initialized;
476 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
477 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
478 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
479 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
480 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
481 p->stats_op = (stats_op_t)pcap_not_initialized;
482 #ifdef _WIN32
483 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
484 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
485 p->setmode_op = (setmode_op_t)pcap_not_initialized;
486 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
487 p->getevent_op = pcap_getevent_not_initialized;
488 p->oid_get_request_op = (oid_get_request_op_t)pcap_not_initialized;
489 p->oid_set_request_op = (oid_set_request_op_t)pcap_not_initialized;
490 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized;
491 p->setuserbuffer_op = (setuserbuffer_op_t)pcap_not_initialized;
492 p->live_dump_op = (live_dump_op_t)pcap_not_initialized;
493 p->live_dump_ended_op = (live_dump_ended_op_t)pcap_not_initialized;
494 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized;
495 #endif
496
497 /*
498 * Default cleanup operation - implementations can override
499 * this, but should call pcap_cleanup_live_common() after
500 * doing their own additional cleanup.
501 */
502 p->cleanup_op = pcap_cleanup_live_common;
503
504 /*
505 * In most cases, the standard one-shot callback can
506 * be used for pcap_next()/pcap_next_ex().
507 */
508 p->oneshot_callback = pcap_oneshot;
509 }
510
511 static pcap_t *
pcap_alloc_pcap_t(char * ebuf,size_t size)512 pcap_alloc_pcap_t(char *ebuf, size_t size)
513 {
514 char *chunk;
515 pcap_t *p;
516
517 /*
518 * Allocate a chunk of memory big enough for a pcap_t
519 * plus a structure following it of size "size". The
520 * structure following it is a private data structure
521 * for the routines that handle this pcap_t.
522 */
523 chunk = malloc(sizeof (pcap_t) + size);
524 if (chunk == NULL) {
525 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
526 pcap_strerror(errno));
527 return (NULL);
528 }
529 memset(chunk, 0, sizeof (pcap_t) + size);
530
531 /*
532 * Get a pointer to the pcap_t at the beginning.
533 */
534 p = (pcap_t *)chunk;
535
536 #ifndef _WIN32
537 p->fd = -1; /* not opened yet */
538 p->selectable_fd = -1;
539 #endif
540
541 if (size == 0) {
542 /* No private data was requested. */
543 p->priv = NULL;
544 } else {
545 /*
546 * Set the pointer to the private data; that's the structure
547 * of size "size" following the pcap_t.
548 */
549 p->priv = (void *)(chunk + sizeof (pcap_t));
550 }
551
552 return (p);
553 }
554
555 pcap_t *
pcap_create_common(char * ebuf,size_t size)556 pcap_create_common(char *ebuf, size_t size)
557 {
558 pcap_t *p;
559
560 p = pcap_alloc_pcap_t(ebuf, size);
561 if (p == NULL)
562 return (NULL);
563
564 /*
565 * Default to "can't set rfmon mode"; if it's supported by
566 * a platform, the create routine that called us can set
567 * the op to its routine to check whether a particular
568 * device supports it.
569 */
570 p->can_set_rfmon_op = pcap_cant_set_rfmon;
571
572 initialize_ops(p);
573
574 /* put in some defaults*/
575 p->snapshot = MAXIMUM_SNAPLEN; /* max packet size */
576 p->opt.timeout = 0; /* no timeout specified */
577 p->opt.buffer_size = 0; /* use the platform's default */
578 p->opt.promisc = 0;
579 p->opt.rfmon = 0;
580 p->opt.immediate = 0;
581 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
582 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
583
584 /*
585 * Start out with no BPF code generation flags set.
586 */
587 p->bpf_codegen_flags = 0;
588
589 return (p);
590 }
591
592 int
pcap_check_activated(pcap_t * p)593 pcap_check_activated(pcap_t *p)
594 {
595 if (p->activated) {
596 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
597 " operation on activated capture");
598 return (-1);
599 }
600 return (0);
601 }
602
603 int
pcap_set_snaplen(pcap_t * p,int snaplen)604 pcap_set_snaplen(pcap_t *p, int snaplen)
605 {
606 if (pcap_check_activated(p))
607 return (PCAP_ERROR_ACTIVATED);
608
609 /*
610 * Turn invalid values, or excessively large values, into
611 * the maximum allowed value.
612 *
613 * If some application really *needs* a bigger snapshot
614 * length, we should just increase MAXIMUM_SNAPLEN.
615 */
616 if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN)
617 snaplen = MAXIMUM_SNAPLEN;
618 p->snapshot = snaplen;
619 return (0);
620 }
621
622 int
pcap_set_promisc(pcap_t * p,int promisc)623 pcap_set_promisc(pcap_t *p, int promisc)
624 {
625 if (pcap_check_activated(p))
626 return (PCAP_ERROR_ACTIVATED);
627 p->opt.promisc = promisc;
628 return (0);
629 }
630
631 int
pcap_set_rfmon(pcap_t * p,int rfmon)632 pcap_set_rfmon(pcap_t *p, int rfmon)
633 {
634 if (pcap_check_activated(p))
635 return (PCAP_ERROR_ACTIVATED);
636 p->opt.rfmon = rfmon;
637 return (0);
638 }
639
640 int
pcap_set_timeout(pcap_t * p,int timeout_ms)641 pcap_set_timeout(pcap_t *p, int timeout_ms)
642 {
643 if (pcap_check_activated(p))
644 return (PCAP_ERROR_ACTIVATED);
645 p->opt.timeout = timeout_ms;
646 return (0);
647 }
648
649 int
pcap_set_tstamp_type(pcap_t * p,int tstamp_type)650 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
651 {
652 int i;
653
654 if (pcap_check_activated(p))
655 return (PCAP_ERROR_ACTIVATED);
656
657 /*
658 * The argument should have been u_int, but that's too late
659 * to change now - it's an API.
660 */
661 if (tstamp_type < 0)
662 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
663
664 /*
665 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
666 * the default time stamp type is PCAP_TSTAMP_HOST.
667 */
668 if (p->tstamp_type_count == 0) {
669 if (tstamp_type == PCAP_TSTAMP_HOST) {
670 p->opt.tstamp_type = tstamp_type;
671 return (0);
672 }
673 } else {
674 /*
675 * Check whether we claim to support this type of time stamp.
676 */
677 for (i = 0; i < p->tstamp_type_count; i++) {
678 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
679 /*
680 * Yes.
681 */
682 p->opt.tstamp_type = tstamp_type;
683 return (0);
684 }
685 }
686 }
687
688 /*
689 * We don't support this type of time stamp.
690 */
691 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
692 }
693
694 int
pcap_set_immediate_mode(pcap_t * p,int immediate)695 pcap_set_immediate_mode(pcap_t *p, int immediate)
696 {
697 if (pcap_check_activated(p))
698 return (PCAP_ERROR_ACTIVATED);
699 p->opt.immediate = immediate;
700 return (0);
701 }
702
703 int
pcap_set_buffer_size(pcap_t * p,int buffer_size)704 pcap_set_buffer_size(pcap_t *p, int buffer_size)
705 {
706 if (pcap_check_activated(p))
707 return (PCAP_ERROR_ACTIVATED);
708 if (buffer_size <= 0) {
709 /*
710 * Silently ignore invalid values.
711 */
712 return (0);
713 }
714 p->opt.buffer_size = buffer_size;
715 return (0);
716 }
717
718 int
pcap_set_tstamp_precision(pcap_t * p,int tstamp_precision)719 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
720 {
721 int i;
722
723 if (pcap_check_activated(p))
724 return (PCAP_ERROR_ACTIVATED);
725
726 /*
727 * The argument should have been u_int, but that's too late
728 * to change now - it's an API.
729 */
730 if (tstamp_precision < 0)
731 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
732
733 /*
734 * If p->tstamp_precision_count is 0, we only support setting
735 * the time stamp precision to microsecond precision; every
736 * pcap module *MUST* support microsecond precision, even if
737 * it does so by converting the native precision to
738 * microseconds.
739 */
740 if (p->tstamp_precision_count == 0) {
741 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
742 p->opt.tstamp_precision = tstamp_precision;
743 return (0);
744 }
745 } else {
746 /*
747 * Check whether we claim to support this precision of
748 * time stamp.
749 */
750 for (i = 0; i < p->tstamp_precision_count; i++) {
751 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
752 /*
753 * Yes.
754 */
755 p->opt.tstamp_precision = tstamp_precision;
756 return (0);
757 }
758 }
759 }
760
761 /*
762 * We don't support this time stamp precision.
763 */
764 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
765 }
766
767 int
pcap_get_tstamp_precision(pcap_t * p)768 pcap_get_tstamp_precision(pcap_t *p)
769 {
770 return (p->opt.tstamp_precision);
771 }
772
773 int
pcap_activate(pcap_t * p)774 pcap_activate(pcap_t *p)
775 {
776 int status;
777
778 /*
779 * Catch attempts to re-activate an already-activated
780 * pcap_t; this should, for example, catch code that
781 * calls pcap_open_live() followed by pcap_activate(),
782 * as some code that showed up in a Stack Exchange
783 * question did.
784 */
785 if (pcap_check_activated(p))
786 return (PCAP_ERROR_ACTIVATED);
787 status = p->activate_op(p);
788 if (status >= 0)
789 p->activated = 1;
790 else {
791 if (p->errbuf[0] == '\0') {
792 /*
793 * No error message supplied by the activate routine;
794 * for the benefit of programs that don't specially
795 * handle errors other than PCAP_ERROR, return the
796 * error message corresponding to the status.
797 */
798 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
799 pcap_statustostr(status));
800 }
801
802 /*
803 * Undo any operation pointer setting, etc. done by
804 * the activate operation.
805 */
806 initialize_ops(p);
807 }
808 return (status);
809 }
810
811 pcap_t *
pcap_open_live(const char * device,int snaplen,int promisc,int to_ms,char * errbuf)812 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
813 {
814 pcap_t *p;
815 int status;
816
817 p = pcap_create(device, errbuf);
818 if (p == NULL)
819 return (NULL);
820 status = pcap_set_snaplen(p, snaplen);
821 if (status < 0)
822 goto fail;
823 status = pcap_set_promisc(p, promisc);
824 if (status < 0)
825 goto fail;
826 status = pcap_set_timeout(p, to_ms);
827 if (status < 0)
828 goto fail;
829 /*
830 * Mark this as opened with pcap_open_live(), so that, for
831 * example, we show the full list of DLT_ values, rather
832 * than just the ones that are compatible with capturing
833 * when not in monitor mode. That allows existing applications
834 * to work the way they used to work, but allows new applications
835 * that know about the new open API to, for example, find out the
836 * DLT_ values that they can select without changing whether
837 * the adapter is in monitor mode or not.
838 */
839 p->oldstyle = 1;
840 status = pcap_activate(p);
841 if (status < 0)
842 goto fail;
843 return (p);
844 fail:
845 if (status == PCAP_ERROR)
846 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
847 p->errbuf);
848 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
849 status == PCAP_ERROR_PERM_DENIED ||
850 status == PCAP_ERROR_PROMISC_PERM_DENIED)
851 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", device,
852 pcap_statustostr(status), p->errbuf);
853 else
854 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
855 pcap_statustostr(status));
856 pcap_close(p);
857 return (NULL);
858 }
859
860 pcap_t *
pcap_open_offline_common(char * ebuf,size_t size)861 pcap_open_offline_common(char *ebuf, size_t size)
862 {
863 pcap_t *p;
864
865 p = pcap_alloc_pcap_t(ebuf, size);
866 if (p == NULL)
867 return (NULL);
868
869 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
870
871 return (p);
872 }
873
874 int
pcap_dispatch(pcap_t * p,int cnt,pcap_handler callback,u_char * user)875 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
876 {
877 return (p->read_op(p, cnt, callback, user));
878 }
879
880 int
pcap_loop(pcap_t * p,int cnt,pcap_handler callback,u_char * user)881 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
882 {
883 register int n;
884
885 for (;;) {
886 if (p->rfile != NULL) {
887 /*
888 * 0 means EOF, so don't loop if we get 0.
889 */
890 n = pcap_offline_read(p, cnt, callback, user);
891 } else {
892 /*
893 * XXX keep reading until we get something
894 * (or an error occurs)
895 */
896 do {
897 n = p->read_op(p, cnt, callback, user);
898 } while (n == 0);
899 }
900 if (n <= 0)
901 return (n);
902 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
903 cnt -= n;
904 if (cnt <= 0)
905 return (0);
906 }
907 }
908 }
909
910 /*
911 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
912 */
913 void
pcap_breakloop(pcap_t * p)914 pcap_breakloop(pcap_t *p)
915 {
916 p->break_loop = 1;
917 }
918
919 int
pcap_datalink(pcap_t * p)920 pcap_datalink(pcap_t *p)
921 {
922 if (!p->activated)
923 return (PCAP_ERROR_NOT_ACTIVATED);
924 return (p->linktype);
925 }
926
927 int
pcap_datalink_ext(pcap_t * p)928 pcap_datalink_ext(pcap_t *p)
929 {
930 if (!p->activated)
931 return (PCAP_ERROR_NOT_ACTIVATED);
932 return (p->linktype_ext);
933 }
934
935 int
pcap_list_datalinks(pcap_t * p,int ** dlt_buffer)936 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
937 {
938 if (!p->activated)
939 return (PCAP_ERROR_NOT_ACTIVATED);
940 if (p->dlt_count == 0) {
941 /*
942 * We couldn't fetch the list of DLTs, which means
943 * this platform doesn't support changing the
944 * DLT for an interface. Return a list of DLTs
945 * containing only the DLT this device supports.
946 */
947 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
948 if (*dlt_buffer == NULL) {
949 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
950 "malloc: %s", pcap_strerror(errno));
951 return (PCAP_ERROR);
952 }
953 **dlt_buffer = p->linktype;
954 return (1);
955 } else {
956 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
957 if (*dlt_buffer == NULL) {
958 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
959 "malloc: %s", pcap_strerror(errno));
960 return (PCAP_ERROR);
961 }
962 (void)memcpy(*dlt_buffer, p->dlt_list,
963 sizeof(**dlt_buffer) * p->dlt_count);
964 return (p->dlt_count);
965 }
966 }
967
968 /*
969 * In Windows, you might have a library built with one version of the
970 * C runtime library and an application built with another version of
971 * the C runtime library, which means that the library might use one
972 * version of malloc() and free() and the application might use another
973 * version of malloc() and free(). If so, that means something
974 * allocated by the library cannot be freed by the application, so we
975 * need to have a pcap_free_datalinks() routine to free up the list
976 * allocated by pcap_list_datalinks(), even though it's just a wrapper
977 * around free().
978 */
979 void
pcap_free_datalinks(int * dlt_list)980 pcap_free_datalinks(int *dlt_list)
981 {
982 free(dlt_list);
983 }
984
985 int
pcap_set_datalink(pcap_t * p,int dlt)986 pcap_set_datalink(pcap_t *p, int dlt)
987 {
988 int i;
989 const char *dlt_name;
990
991 if (dlt < 0)
992 goto unsupported;
993
994 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
995 /*
996 * We couldn't fetch the list of DLTs, or we don't
997 * have a "set datalink" operation, which means
998 * this platform doesn't support changing the
999 * DLT for an interface. Check whether the new
1000 * DLT is the one this interface supports.
1001 */
1002 if (p->linktype != dlt)
1003 goto unsupported;
1004
1005 /*
1006 * It is, so there's nothing we need to do here.
1007 */
1008 return (0);
1009 }
1010 for (i = 0; i < p->dlt_count; i++)
1011 if (p->dlt_list[i] == (u_int)dlt)
1012 break;
1013 if (i >= p->dlt_count)
1014 goto unsupported;
1015 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
1016 dlt == DLT_DOCSIS) {
1017 /*
1018 * This is presumably an Ethernet device, as the first
1019 * link-layer type it offers is DLT_EN10MB, and the only
1020 * other type it offers is DLT_DOCSIS. That means that
1021 * we can't tell the driver to supply DOCSIS link-layer
1022 * headers - we're just pretending that's what we're
1023 * getting, as, presumably, we're capturing on a dedicated
1024 * link to a Cisco Cable Modem Termination System, and
1025 * it's putting raw DOCSIS frames on the wire inside low-level
1026 * Ethernet framing.
1027 */
1028 p->linktype = dlt;
1029 return (0);
1030 }
1031 if (p->set_datalink_op(p, dlt) == -1)
1032 return (-1);
1033 p->linktype = dlt;
1034 return (0);
1035
1036 unsupported:
1037 dlt_name = pcap_datalink_val_to_name(dlt);
1038 if (dlt_name != NULL) {
1039 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1040 "%s is not one of the DLTs supported by this device",
1041 dlt_name);
1042 } else {
1043 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1044 "DLT %d is not one of the DLTs supported by this device",
1045 dlt);
1046 }
1047 return (-1);
1048 }
1049
1050 /*
1051 * This array is designed for mapping upper and lower case letter
1052 * together for a case independent comparison. The mappings are
1053 * based upon ascii character sequences.
1054 */
1055 static const u_char charmap[] = {
1056 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1057 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1058 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1059 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1060 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1061 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1062 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1063 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1064 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1065 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1066 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1067 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1068 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1069 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1070 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1071 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1072 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1073 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1074 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1075 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1076 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1077 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1078 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1079 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1080 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1081 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1082 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1083 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1084 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1085 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1086 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1087 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1088 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1089 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1090 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1091 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1092 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1093 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1094 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1095 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1096 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1097 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1098 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1099 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1100 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1101 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1102 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1103 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1104 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1105 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1106 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1107 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1108 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1109 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1110 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1111 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1112 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1113 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1114 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1115 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1116 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1117 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1118 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1119 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1120 };
1121
1122 int
pcap_strcasecmp(const char * s1,const char * s2)1123 pcap_strcasecmp(const char *s1, const char *s2)
1124 {
1125 register const u_char *cm = charmap,
1126 *us1 = (const u_char *)s1,
1127 *us2 = (const u_char *)s2;
1128
1129 while (cm[*us1] == cm[*us2++])
1130 if (*us1++ == '\0')
1131 return(0);
1132 return (cm[*us1] - cm[*--us2]);
1133 }
1134
1135 struct dlt_choice {
1136 const char *name;
1137 const char *description;
1138 int dlt;
1139 };
1140
1141 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code }
1142 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1143
1144 static struct dlt_choice dlt_choices[] = {
1145 DLT_CHOICE(NULL, "BSD loopback"),
1146 DLT_CHOICE(EN10MB, "Ethernet"),
1147 DLT_CHOICE(IEEE802, "Token ring"),
1148 DLT_CHOICE(ARCNET, "BSD ARCNET"),
1149 DLT_CHOICE(SLIP, "SLIP"),
1150 DLT_CHOICE(PPP, "PPP"),
1151 DLT_CHOICE(FDDI, "FDDI"),
1152 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1153 DLT_CHOICE(RAW, "Raw IP"),
1154 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"),
1155 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"),
1156 DLT_CHOICE(ATM_CLIP, "Linux Classical IP-over-ATM"),
1157 DLT_CHOICE(PPP_SERIAL, "PPP over serial"),
1158 DLT_CHOICE(PPP_ETHER, "PPPoE"),
1159 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"),
1160 DLT_CHOICE(C_HDLC, "Cisco HDLC"),
1161 DLT_CHOICE(IEEE802_11, "802.11"),
1162 DLT_CHOICE(FRELAY, "Frame Relay"),
1163 DLT_CHOICE(LOOP, "OpenBSD loopback"),
1164 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"),
1165 DLT_CHOICE(LINUX_SLL, "Linux cooked"),
1166 DLT_CHOICE(LTALK, "Localtalk"),
1167 DLT_CHOICE(PFLOG, "OpenBSD pflog file"),
1168 DLT_CHOICE(PFSYNC, "Packet filter state syncing"),
1169 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"),
1170 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1171 DLT_CHOICE(SUNATM, "Sun raw ATM"),
1172 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"),
1173 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"),
1174 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1175 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1176 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"),
1177 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"),
1178 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1179 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"),
1180 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1181 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"),
1182 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1183 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1184 DLT_CHOICE(MTP2, "SS7 MTP2"),
1185 DLT_CHOICE(MTP3, "SS7 MTP3"),
1186 DLT_CHOICE(SCCP, "SS7 SCCP"),
1187 DLT_CHOICE(DOCSIS, "DOCSIS"),
1188 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"),
1189 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1190 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1191 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"),
1192 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"),
1193 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"),
1194 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1195 DLT_CHOICE(GPRS_LLC, "GPRS LLC"),
1196 DLT_CHOICE(GPF_T, "GPF-T"),
1197 DLT_CHOICE(GPF_F, "GPF-F"),
1198 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1199 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"),
1200 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"),
1201 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"),
1202 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"),
1203 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"),
1204 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"),
1205 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"),
1206 DLT_CHOICE(MFR, "FRF.16 Frame Relay"),
1207 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"),
1208 DLT_CHOICE(A429, "Arinc 429"),
1209 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"),
1210 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"),
1211 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1212 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1213 DLT_CHOICE(USB_LINUX, "USB with Linux header"),
1214 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1215 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1216 DLT_CHOICE(PPI, "Per-Packet Information"),
1217 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1218 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"),
1219 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1220 DLT_CHOICE(SITA, "SITA pseudo-header"),
1221 DLT_CHOICE(ERF, "Endace ERF header"),
1222 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"),
1223 DLT_CHOICE(IPMB, "IPMB"),
1224 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"),
1225 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1226 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"),
1227 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1228 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"),
1229 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"),
1230 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"),
1231 DLT_CHOICE(DECT, "DECT"),
1232 DLT_CHOICE(AOS, "AOS Space Data Link protocol"),
1233 DLT_CHOICE(WIHART, "Wireless HART"),
1234 DLT_CHOICE(FC_2, "Fibre Channel FC-2"),
1235 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1236 DLT_CHOICE(IPNET, "Solaris ipnet"),
1237 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1238 DLT_CHOICE(IPV4, "Raw IPv4"),
1239 DLT_CHOICE(IPV6, "Raw IPv6"),
1240 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1241 DLT_CHOICE(DBUS, "D-Bus"),
1242 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"),
1243 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1244 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1245 DLT_CHOICE(DVB_CI, "DVB-CI"),
1246 DLT_CHOICE(MUX27010, "MUX27010"),
1247 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
1248 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1249 DLT_CHOICE(NFLOG, "Linux netfilter log messages"),
1250 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1251 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1252 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"),
1253 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"),
1254 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"),
1255 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
1256 DLT_CHOICE(INFINIBAND, "InfiniBand"),
1257 DLT_CHOICE(SCTP, "SCTP"),
1258 DLT_CHOICE(USBPCAP, "USB with USBPcap header"),
1259 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
1260 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
1261 DLT_CHOICE(NETLINK, "Linux netlink"),
1262 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
1263 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
1264 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
1265 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"),
1266 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"),
1267 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
1268 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"),
1269 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"),
1270 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"),
1271 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"),
1272 DLT_CHOICE(ISO_14443, "ISO 14443 messages"),
1273 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"),
1274 DLT_CHOICE_SENTINEL
1275 };
1276
1277 int
pcap_datalink_name_to_val(const char * name)1278 pcap_datalink_name_to_val(const char *name)
1279 {
1280 int i;
1281
1282 for (i = 0; dlt_choices[i].name != NULL; i++) {
1283 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0)
1284 return (dlt_choices[i].dlt);
1285 }
1286 return (-1);
1287 }
1288
1289 const char *
pcap_datalink_val_to_name(int dlt)1290 pcap_datalink_val_to_name(int dlt)
1291 {
1292 int i;
1293
1294 for (i = 0; dlt_choices[i].name != NULL; i++) {
1295 if (dlt_choices[i].dlt == dlt)
1296 return (dlt_choices[i].name);
1297 }
1298 return (NULL);
1299 }
1300
1301 const char *
pcap_datalink_val_to_description(int dlt)1302 pcap_datalink_val_to_description(int dlt)
1303 {
1304 int i;
1305
1306 for (i = 0; dlt_choices[i].name != NULL; i++) {
1307 if (dlt_choices[i].dlt == dlt)
1308 return (dlt_choices[i].description);
1309 }
1310 return (NULL);
1311 }
1312
1313 struct tstamp_type_choice {
1314 const char *name;
1315 const char *description;
1316 int type;
1317 };
1318
1319 static struct tstamp_type_choice tstamp_type_choices[] = {
1320 { "host", "Host", PCAP_TSTAMP_HOST },
1321 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1322 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1323 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1324 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1325 { NULL, NULL, 0 }
1326 };
1327
1328 int
pcap_tstamp_type_name_to_val(const char * name)1329 pcap_tstamp_type_name_to_val(const char *name)
1330 {
1331 int i;
1332
1333 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1334 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1335 return (tstamp_type_choices[i].type);
1336 }
1337 return (PCAP_ERROR);
1338 }
1339
1340 const char *
pcap_tstamp_type_val_to_name(int tstamp_type)1341 pcap_tstamp_type_val_to_name(int tstamp_type)
1342 {
1343 int i;
1344
1345 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1346 if (tstamp_type_choices[i].type == tstamp_type)
1347 return (tstamp_type_choices[i].name);
1348 }
1349 return (NULL);
1350 }
1351
1352 const char *
pcap_tstamp_type_val_to_description(int tstamp_type)1353 pcap_tstamp_type_val_to_description(int tstamp_type)
1354 {
1355 int i;
1356
1357 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1358 if (tstamp_type_choices[i].type == tstamp_type)
1359 return (tstamp_type_choices[i].description);
1360 }
1361 return (NULL);
1362 }
1363
1364 int
pcap_snapshot(pcap_t * p)1365 pcap_snapshot(pcap_t *p)
1366 {
1367 if (!p->activated)
1368 return (PCAP_ERROR_NOT_ACTIVATED);
1369 return (p->snapshot);
1370 }
1371
1372 int
pcap_is_swapped(pcap_t * p)1373 pcap_is_swapped(pcap_t *p)
1374 {
1375 if (!p->activated)
1376 return (PCAP_ERROR_NOT_ACTIVATED);
1377 return (p->swapped);
1378 }
1379
1380 int
pcap_major_version(pcap_t * p)1381 pcap_major_version(pcap_t *p)
1382 {
1383 if (!p->activated)
1384 return (PCAP_ERROR_NOT_ACTIVATED);
1385 return (p->version_major);
1386 }
1387
1388 int
pcap_minor_version(pcap_t * p)1389 pcap_minor_version(pcap_t *p)
1390 {
1391 if (!p->activated)
1392 return (PCAP_ERROR_NOT_ACTIVATED);
1393 return (p->version_minor);
1394 }
1395
1396 FILE *
pcap_file(pcap_t * p)1397 pcap_file(pcap_t *p)
1398 {
1399 return (p->rfile);
1400 }
1401
1402 int
pcap_fileno(pcap_t * p)1403 pcap_fileno(pcap_t *p)
1404 {
1405 #ifndef _WIN32
1406 return (p->fd);
1407 #else
1408 if (p->adapter != NULL)
1409 return ((int)(DWORD)p->adapter->hFile);
1410 else
1411 return (PCAP_ERROR);
1412 #endif
1413 }
1414
1415 #if !defined(_WIN32) && !defined(MSDOS)
1416 int
pcap_get_selectable_fd(pcap_t * p)1417 pcap_get_selectable_fd(pcap_t *p)
1418 {
1419 return (p->selectable_fd);
1420 }
1421 #endif
1422
1423 void
pcap_perror(pcap_t * p,const char * prefix)1424 pcap_perror(pcap_t *p, const char *prefix)
1425 {
1426 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1427 }
1428
1429 char *
pcap_geterr(pcap_t * p)1430 pcap_geterr(pcap_t *p)
1431 {
1432 return (p->errbuf);
1433 }
1434
1435 int
pcap_getnonblock(pcap_t * p,char * errbuf)1436 pcap_getnonblock(pcap_t *p, char *errbuf)
1437 {
1438 int ret;
1439
1440 ret = p->getnonblock_op(p, errbuf);
1441 if (ret == -1) {
1442 /*
1443 * In case somebody depended on the bug wherein
1444 * the error message was put into p->errbuf
1445 * by pcap_getnonblock_fd().
1446 */
1447 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1448 }
1449 return (ret);
1450 }
1451
1452 /*
1453 * Get the current non-blocking mode setting, under the assumption that
1454 * it's just the standard POSIX non-blocking flag.
1455 */
1456 #if !defined(_WIN32) && !defined(MSDOS)
1457 int
pcap_getnonblock_fd(pcap_t * p,char * errbuf)1458 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1459 {
1460 int fdflags;
1461
1462 fdflags = fcntl(p->fd, F_GETFL, 0);
1463 if (fdflags == -1) {
1464 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1465 pcap_strerror(errno));
1466 return (-1);
1467 }
1468 if (fdflags & O_NONBLOCK)
1469 return (1);
1470 else
1471 return (0);
1472 }
1473 #endif
1474
1475 int
pcap_setnonblock(pcap_t * p,int nonblock,char * errbuf)1476 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1477 {
1478 int ret;
1479
1480 ret = p->setnonblock_op(p, nonblock, errbuf);
1481 if (ret == -1) {
1482 /*
1483 * In case somebody depended on the bug wherein
1484 * the error message was put into p->errbuf
1485 * by pcap_setnonblock_fd().
1486 */
1487 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1488 }
1489 return (ret);
1490 }
1491
1492 #if !defined(_WIN32) && !defined(MSDOS)
1493 /*
1494 * Set non-blocking mode, under the assumption that it's just the
1495 * standard POSIX non-blocking flag. (This can be called by the
1496 * per-platform non-blocking-mode routine if that routine also
1497 * needs to do some additional work.)
1498 */
1499 int
pcap_setnonblock_fd(pcap_t * p,int nonblock,char * errbuf)1500 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1501 {
1502 int fdflags;
1503
1504 fdflags = fcntl(p->fd, F_GETFL, 0);
1505 if (fdflags == -1) {
1506 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1507 pcap_strerror(errno));
1508 return (-1);
1509 }
1510 if (nonblock)
1511 fdflags |= O_NONBLOCK;
1512 else
1513 fdflags &= ~O_NONBLOCK;
1514 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1515 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1516 pcap_strerror(errno));
1517 return (-1);
1518 }
1519 return (0);
1520 }
1521 #endif
1522
1523 #ifdef _WIN32
1524 /*
1525 * Generate a string for a Win32-specific error (i.e. an error generated when
1526 * calling a Win32 API).
1527 * For errors occurred during standard C calls, we still use pcap_strerror()
1528 */
1529 void
pcap_win32_err_to_str(DWORD error,char * errbuf)1530 pcap_win32_err_to_str(DWORD error, char *errbuf)
1531 {
1532 size_t errlen;
1533 char *p;
1534
1535 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1536 PCAP_ERRBUF_SIZE, NULL);
1537
1538 /*
1539 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1540 * message. Get rid of it.
1541 */
1542 errlen = strlen(errbuf);
1543 if (errlen >= 2) {
1544 errbuf[errlen - 1] = '\0';
1545 errbuf[errlen - 2] = '\0';
1546 }
1547 p = strchr(errbuf, '\0');
1548 pcap_snprintf (p, PCAP_ERRBUF_SIZE+1-(p-errbuf), " (%lu)", error);
1549 }
1550 #endif
1551
1552 /*
1553 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1554 */
1555 const char *
pcap_statustostr(int errnum)1556 pcap_statustostr(int errnum)
1557 {
1558 static char ebuf[15+10+1];
1559
1560 switch (errnum) {
1561
1562 case PCAP_WARNING:
1563 return("Generic warning");
1564
1565 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1566 return ("That type of time stamp is not supported by that device");
1567
1568 case PCAP_WARNING_PROMISC_NOTSUP:
1569 return ("That device doesn't support promiscuous mode");
1570
1571 case PCAP_ERROR:
1572 return("Generic error");
1573
1574 case PCAP_ERROR_BREAK:
1575 return("Loop terminated by pcap_breakloop");
1576
1577 case PCAP_ERROR_NOT_ACTIVATED:
1578 return("The pcap_t has not been activated");
1579
1580 case PCAP_ERROR_ACTIVATED:
1581 return ("The setting can't be changed after the pcap_t is activated");
1582
1583 case PCAP_ERROR_NO_SUCH_DEVICE:
1584 return ("No such device exists");
1585
1586 case PCAP_ERROR_RFMON_NOTSUP:
1587 return ("That device doesn't support monitor mode");
1588
1589 case PCAP_ERROR_NOT_RFMON:
1590 return ("That operation is supported only in monitor mode");
1591
1592 case PCAP_ERROR_PERM_DENIED:
1593 return ("You don't have permission to capture on that device");
1594
1595 case PCAP_ERROR_IFACE_NOT_UP:
1596 return ("That device is not up");
1597
1598 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1599 return ("That device doesn't support setting the time stamp type");
1600
1601 case PCAP_ERROR_PROMISC_PERM_DENIED:
1602 return ("You don't have permission to capture in promiscuous mode on that device");
1603
1604 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
1605 return ("That device doesn't support that time stamp precision");
1606 }
1607 (void)pcap_snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1608 return(ebuf);
1609 }
1610
1611 /*
1612 * Not all systems have strerror().
1613 */
1614 const char *
pcap_strerror(int errnum)1615 pcap_strerror(int errnum)
1616 {
1617 #ifdef HAVE_STRERROR
1618 #ifdef _WIN32
1619 static char errbuf[PCAP_ERRBUF_SIZE];
1620 errno_t errno;
1621 errno = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum);
1622 if (errno != 0) /* errno = 0 if successful */
1623 strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE);
1624 return (errbuf);
1625 #else
1626 return (strerror(errnum));
1627 #endif /* _WIN32 */
1628 #else
1629 extern int sys_nerr;
1630 extern const char *const sys_errlist[];
1631 static char errbuf[PCAP_ERRBUF_SIZE];
1632
1633 if ((unsigned int)errnum < sys_nerr)
1634 return ((char *)sys_errlist[errnum]);
1635 (void)pcap_snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum);
1636 return (errbuf);
1637 #endif
1638 }
1639
1640 int
pcap_setfilter(pcap_t * p,struct bpf_program * fp)1641 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1642 {
1643 return (p->setfilter_op(p, fp));
1644 }
1645
1646 /*
1647 * Set direction flag, which controls whether we accept only incoming
1648 * packets, only outgoing packets, or both.
1649 * Note that, depending on the platform, some or all direction arguments
1650 * might not be supported.
1651 */
1652 int
pcap_setdirection(pcap_t * p,pcap_direction_t d)1653 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1654 {
1655 if (p->setdirection_op == NULL) {
1656 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1657 "Setting direction is not implemented on this platform");
1658 return (-1);
1659 } else
1660 return (p->setdirection_op(p, d));
1661 }
1662
1663 int
pcap_stats(pcap_t * p,struct pcap_stat * ps)1664 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1665 {
1666 return (p->stats_op(p, ps));
1667 }
1668
1669 static int
pcap_stats_dead(pcap_t * p,struct pcap_stat * ps _U_)1670 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1671 {
1672 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1673 "Statistics aren't available from a pcap_open_dead pcap_t");
1674 return (-1);
1675 }
1676
1677 #ifdef _WIN32
1678 struct pcap_stat *
pcap_stats_ex(pcap_t * p,int * pcap_stat_size)1679 pcap_stats_ex(pcap_t *p, int *pcap_stat_size)
1680 {
1681 return (p->stats_ex_op(p, pcap_stat_size));
1682 }
1683
1684 int
pcap_setbuff(pcap_t * p,int dim)1685 pcap_setbuff(pcap_t *p, int dim)
1686 {
1687 return (p->setbuff_op(p, dim));
1688 }
1689
1690 static int
pcap_setbuff_dead(pcap_t * p,int dim)1691 pcap_setbuff_dead(pcap_t *p, int dim)
1692 {
1693 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1694 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1695 return (-1);
1696 }
1697
1698 int
pcap_setmode(pcap_t * p,int mode)1699 pcap_setmode(pcap_t *p, int mode)
1700 {
1701 return (p->setmode_op(p, mode));
1702 }
1703
1704 static int
pcap_setmode_dead(pcap_t * p,int mode)1705 pcap_setmode_dead(pcap_t *p, int mode)
1706 {
1707 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1708 "impossible to set mode on a pcap_open_dead pcap_t");
1709 return (-1);
1710 }
1711
1712 int
pcap_setmintocopy(pcap_t * p,int size)1713 pcap_setmintocopy(pcap_t *p, int size)
1714 {
1715 return (p->setmintocopy_op(p, size));
1716 }
1717
1718 static int
pcap_setmintocopy_dead(pcap_t * p,int size)1719 pcap_setmintocopy_dead(pcap_t *p, int size)
1720 {
1721 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1722 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1723 return (-1);
1724 }
1725
1726 HANDLE
pcap_getevent(pcap_t * p)1727 pcap_getevent(pcap_t *p)
1728 {
1729 return (p->getevent_op(p));
1730 }
1731
1732 static HANDLE
pcap_getevent_dead(pcap_t * p)1733 pcap_getevent_dead(pcap_t *p)
1734 {
1735 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1736 "A pcap_open_dead pcap_t has no event handle");
1737 return (INVALID_HANDLE_VALUE);
1738 }
1739
1740 int
pcap_oid_get_request(pcap_t * p,bpf_u_int32 oid,void * data,size_t * lenp)1741 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
1742 {
1743 return (p->oid_get_request_op(p, oid, data, lenp));
1744 }
1745
1746 static int
pcap_oid_get_request_dead(pcap_t * p,bpf_u_int32 oid _U_,void * data _U_,size_t * lenp _U_)1747 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_,
1748 size_t *lenp _U_)
1749 {
1750 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1751 "An OID get request cannot be performed on a pcap_open_dead pcap_t");
1752 return (PCAP_ERROR);
1753 }
1754
1755 int
pcap_oid_set_request(pcap_t * p,bpf_u_int32 oid,const void * data,size_t * lenp)1756 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp)
1757 {
1758 return (p->oid_set_request_op(p, oid, data, lenp));
1759 }
1760
1761 static int
pcap_oid_set_request_dead(pcap_t * p,bpf_u_int32 oid _U_,const void * data _U_,size_t * lenp _U_)1762 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
1763 size_t *lenp _U_)
1764 {
1765 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1766 "An OID set request cannot be performed on a pcap_open_dead pcap_t");
1767 return (PCAP_ERROR);
1768 }
1769
1770 pcap_send_queue *
pcap_sendqueue_alloc(u_int memsize)1771 pcap_sendqueue_alloc(u_int memsize)
1772 {
1773 pcap_send_queue *tqueue;
1774
1775 /* Allocate the queue */
1776 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue));
1777 if (tqueue == NULL){
1778 return (NULL);
1779 }
1780
1781 /* Allocate the buffer */
1782 tqueue->buffer = (char *)malloc(memsize);
1783 if (tqueue->buffer == NULL) {
1784 free(tqueue);
1785 return (NULL);
1786 }
1787
1788 tqueue->maxlen = memsize;
1789 tqueue->len = 0;
1790
1791 return (tqueue);
1792 }
1793
1794 void
pcap_sendqueue_destroy(pcap_send_queue * queue)1795 pcap_sendqueue_destroy(pcap_send_queue *queue)
1796 {
1797 free(queue->buffer);
1798 free(queue);
1799 }
1800
1801 int
pcap_sendqueue_queue(pcap_send_queue * queue,const struct pcap_pkthdr * pkt_header,const u_char * pkt_data)1802 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
1803 {
1804 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){
1805 return (-1);
1806 }
1807
1808 /* Copy the pcap_pkthdr header*/
1809 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr));
1810 queue->len += sizeof(struct pcap_pkthdr);
1811
1812 /* copy the packet */
1813 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen);
1814 queue->len += pkt_header->caplen;
1815
1816 return (0);
1817 }
1818
1819 u_int
pcap_sendqueue_transmit(pcap_t * p,pcap_send_queue * queue,int sync)1820 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync)
1821 {
1822 return (p->sendqueue_transmit_op(p, queue, sync));
1823 }
1824
1825 static u_int
pcap_sendqueue_transmit_dead(pcap_t * p,pcap_send_queue * queue,int sync)1826 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue, int sync)
1827 {
1828 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1829 "Packets cannot be transmitted on a pcap_open_dead pcap_t");
1830 return (0);
1831 }
1832
1833 int
pcap_setuserbuffer(pcap_t * p,int size)1834 pcap_setuserbuffer(pcap_t *p, int size)
1835 {
1836 return (p->setuserbuffer_op(p, size));
1837 }
1838
1839 static int
pcap_setuserbuffer_dead(pcap_t * p,int size)1840 pcap_setuserbuffer_dead(pcap_t *p, int size)
1841 {
1842 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1843 "The user buffer cannot be set on a pcap_open_dead pcap_t");
1844 return (-1);
1845 }
1846
1847 int
pcap_live_dump(pcap_t * p,char * filename,int maxsize,int maxpacks)1848 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks)
1849 {
1850 return (p->live_dump_op(p, filename, maxsize, maxpacks));
1851 }
1852
1853 static int
pcap_live_dump_dead(pcap_t * p,char * filename,int maxsize,int maxpacks)1854 pcap_live_dump_dead(pcap_t *p, char *filename, int maxsize, int maxpacks)
1855 {
1856 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1857 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
1858 return (-1);
1859 }
1860
1861 int
pcap_live_dump_ended(pcap_t * p,int sync)1862 pcap_live_dump_ended(pcap_t *p, int sync)
1863 {
1864 return (p->live_dump_ended_op(p, sync));
1865 }
1866
1867 static int
pcap_live_dump_ended_dead(pcap_t * p,int sync)1868 pcap_live_dump_ended_dead(pcap_t *p, int sync)
1869 {
1870 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1871 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
1872 return (-1);
1873 }
1874
1875 PAirpcapHandle
pcap_get_airpcap_handle(pcap_t * p)1876 pcap_get_airpcap_handle(pcap_t *p)
1877 {
1878 PAirpcapHandle handle;
1879
1880 handle = p->get_airpcap_handle_op(p);
1881 if (handle == NULL) {
1882 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1883 "This isn't an AirPcap device");
1884 }
1885 return (handle);
1886 }
1887
1888 static PAirpcapHandle
pcap_get_airpcap_handle_dead(pcap_t * p)1889 pcap_get_airpcap_handle_dead(pcap_t *p)
1890 {
1891 return (NULL);
1892 }
1893 #endif
1894
1895 /*
1896 * On some platforms, we need to clean up promiscuous or monitor mode
1897 * when we close a device - and we want that to happen even if the
1898 * application just exits without explicitl closing devices.
1899 * On those platforms, we need to register a "close all the pcaps"
1900 * routine to be called when we exit, and need to maintain a list of
1901 * pcaps that need to be closed to clean up modes.
1902 *
1903 * XXX - not thread-safe.
1904 */
1905
1906 /*
1907 * List of pcaps on which we've done something that needs to be
1908 * cleaned up.
1909 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1910 * when we exit, and have it close all of them.
1911 */
1912 static struct pcap *pcaps_to_close;
1913
1914 /*
1915 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1916 * be called on exit.
1917 */
1918 static int did_atexit;
1919
1920 static void
pcap_close_all(void)1921 pcap_close_all(void)
1922 {
1923 struct pcap *handle;
1924
1925 while ((handle = pcaps_to_close) != NULL)
1926 pcap_close(handle);
1927 }
1928
1929 int
pcap_do_addexit(pcap_t * p)1930 pcap_do_addexit(pcap_t *p)
1931 {
1932 /*
1933 * If we haven't already done so, arrange to have
1934 * "pcap_close_all()" called when we exit.
1935 */
1936 if (!did_atexit) {
1937 if (atexit(pcap_close_all) != 0) {
1938 /*
1939 * "atexit()" failed; let our caller know.
1940 */
1941 strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE);
1942 return (0);
1943 }
1944 did_atexit = 1;
1945 }
1946 return (1);
1947 }
1948
1949 void
pcap_add_to_pcaps_to_close(pcap_t * p)1950 pcap_add_to_pcaps_to_close(pcap_t *p)
1951 {
1952 p->next = pcaps_to_close;
1953 pcaps_to_close = p;
1954 }
1955
1956 void
pcap_remove_from_pcaps_to_close(pcap_t * p)1957 pcap_remove_from_pcaps_to_close(pcap_t *p)
1958 {
1959 pcap_t *pc, *prevpc;
1960
1961 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1962 prevpc = pc, pc = pc->next) {
1963 if (pc == p) {
1964 /*
1965 * Found it. Remove it from the list.
1966 */
1967 if (prevpc == NULL) {
1968 /*
1969 * It was at the head of the list.
1970 */
1971 pcaps_to_close = pc->next;
1972 } else {
1973 /*
1974 * It was in the middle of the list.
1975 */
1976 prevpc->next = pc->next;
1977 }
1978 break;
1979 }
1980 }
1981 }
1982
1983 void
pcap_cleanup_live_common(pcap_t * p)1984 pcap_cleanup_live_common(pcap_t *p)
1985 {
1986 if (p->buffer != NULL) {
1987 free(p->buffer);
1988 p->buffer = NULL;
1989 }
1990 if (p->dlt_list != NULL) {
1991 free(p->dlt_list);
1992 p->dlt_list = NULL;
1993 p->dlt_count = 0;
1994 }
1995 if (p->tstamp_type_list != NULL) {
1996 free(p->tstamp_type_list);
1997 p->tstamp_type_list = NULL;
1998 p->tstamp_type_count = 0;
1999 }
2000 if (p->tstamp_precision_list != NULL) {
2001 free(p->tstamp_precision_list);
2002 p->tstamp_precision_list = NULL;
2003 p->tstamp_precision_count = 0;
2004 }
2005 pcap_freecode(&p->fcode);
2006 #if !defined(_WIN32) && !defined(MSDOS)
2007 if (p->fd >= 0) {
2008 close(p->fd);
2009 p->fd = -1;
2010 }
2011 p->selectable_fd = -1;
2012 #endif
2013 }
2014
2015 static void
pcap_cleanup_dead(pcap_t * p _U_)2016 pcap_cleanup_dead(pcap_t *p _U_)
2017 {
2018 /* Nothing to do. */
2019 }
2020
2021 pcap_t *
pcap_open_dead_with_tstamp_precision(int linktype,int snaplen,u_int precision)2022 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
2023 {
2024 pcap_t *p;
2025
2026 switch (precision) {
2027
2028 case PCAP_TSTAMP_PRECISION_MICRO:
2029 case PCAP_TSTAMP_PRECISION_NANO:
2030 break;
2031
2032 default:
2033 return NULL;
2034 }
2035 p = malloc(sizeof(*p));
2036 if (p == NULL)
2037 return NULL;
2038 memset (p, 0, sizeof(*p));
2039 p->snapshot = snaplen;
2040 p->linktype = linktype;
2041 p->opt.tstamp_precision = precision;
2042 p->stats_op = pcap_stats_dead;
2043 #ifdef _WIN32
2044 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
2045 p->setbuff_op = pcap_setbuff_dead;
2046 p->setmode_op = pcap_setmode_dead;
2047 p->setmintocopy_op = pcap_setmintocopy_dead;
2048 p->getevent_op = pcap_getevent_dead;
2049 p->oid_get_request_op = pcap_oid_get_request_dead;
2050 p->oid_set_request_op = pcap_oid_set_request_dead;
2051 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead;
2052 p->setuserbuffer_op = pcap_setuserbuffer_dead;
2053 p->live_dump_op = pcap_live_dump_dead;
2054 p->live_dump_ended_op = pcap_live_dump_ended_dead;
2055 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
2056 #endif
2057 p->cleanup_op = pcap_cleanup_dead;
2058
2059 /*
2060 * A "dead" pcap_t never requires special BPF code generation.
2061 */
2062 p->bpf_codegen_flags = 0;
2063
2064 p->activated = 1;
2065 return (p);
2066 }
2067
2068 pcap_t *
pcap_open_dead(int linktype,int snaplen)2069 pcap_open_dead(int linktype, int snaplen)
2070 {
2071 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
2072 PCAP_TSTAMP_PRECISION_MICRO));
2073 }
2074
2075 /*
2076 * API compatible with WinPcap's "send a packet" routine - returns -1
2077 * on error, 0 otherwise.
2078 *
2079 * XXX - what if we get a short write?
2080 */
2081 int
pcap_sendpacket(pcap_t * p,const u_char * buf,int size)2082 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
2083 {
2084 if (p->inject_op(p, buf, size) == -1)
2085 return (-1);
2086 return (0);
2087 }
2088
2089 /*
2090 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
2091 * error, number of bytes written otherwise.
2092 */
2093 int
pcap_inject(pcap_t * p,const void * buf,size_t size)2094 pcap_inject(pcap_t *p, const void *buf, size_t size)
2095 {
2096 return (p->inject_op(p, buf, size));
2097 }
2098
2099 void
pcap_close(pcap_t * p)2100 pcap_close(pcap_t *p)
2101 {
2102 if (p->opt.device != NULL)
2103 free(p->opt.device);
2104 p->cleanup_op(p);
2105 free(p);
2106 }
2107
2108 /*
2109 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
2110 * data for the packet, check whether the packet passes the filter.
2111 * Returns the return value of the filter program, which will be zero if
2112 * the packet doesn't pass and non-zero if the packet does pass.
2113 */
2114 int
pcap_offline_filter(const struct bpf_program * fp,const struct pcap_pkthdr * h,const u_char * pkt)2115 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
2116 const u_char *pkt)
2117 {
2118 const struct bpf_insn *fcode = fp->bf_insns;
2119
2120 if (fcode != NULL)
2121 return (bpf_filter(fcode, pkt, h->len, h->caplen));
2122 else
2123 return (0);
2124 }
2125
2126 #include "pcap_version.h"
2127
2128 #ifdef _WIN32
2129
2130 static char *full_pcap_version_string;
2131
2132 #ifdef HAVE_VERSION_H
2133 /*
2134 * libpcap being built for Windows, as part of a WinPcap/Npcap source
2135 * tree. Include version.h from that source tree to get the WinPcap/Npcap
2136 * version.
2137 *
2138 * XXX - it'd be nice if we could somehow generate the WinPcap version number
2139 * when building WinPcap. (It'd be nice to do so for the packet.dll version
2140 * number as well.)
2141 */
2142 #include "../../version.h"
2143
2144 static const char wpcap_version_string[] = WINPCAP_VER_STRING;
2145 static const char pcap_version_string_fmt[] =
2146 WINPCAP_PRODUCT_NAME " version %s, based on %s";
2147 static const char pcap_version_string_packet_dll_fmt[] =
2148 WINPCAP_PRODUCT_NAME " version %s (packet.dll version %s), based on %s";
2149
2150 const char *
pcap_lib_version(void)2151 pcap_lib_version(void)
2152 {
2153 char *packet_version_string;
2154 size_t full_pcap_version_string_len;
2155
2156 if (full_pcap_version_string == NULL) {
2157 /*
2158 * Generate the version string.
2159 */
2160 packet_version_string = PacketGetVersion();
2161 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
2162 /*
2163 * WinPcap version string and packet.dll version
2164 * string are the same; just report the WinPcap
2165 * version.
2166 */
2167 full_pcap_version_string_len =
2168 (sizeof pcap_version_string_fmt - 4) +
2169 strlen(wpcap_version_string) +
2170 strlen(pcap_version_string);
2171 full_pcap_version_string =
2172 malloc(full_pcap_version_string_len);
2173 if (full_pcap_version_string == NULL)
2174 return (NULL);
2175 pcap_snprintf(full_pcap_version_string,
2176 full_pcap_version_string_len,
2177 pcap_version_string_fmt,
2178 wpcap_version_string,
2179 pcap_version_string);
2180 } else {
2181 /*
2182 * WinPcap version string and packet.dll version
2183 * string are different; that shouldn't be the
2184 * case (the two libraries should come from the
2185 * same version of WinPcap), so we report both
2186 * versions.
2187 */
2188 full_pcap_version_string_len =
2189 (sizeof pcap_version_string_packet_dll_fmt - 6) +
2190 strlen(wpcap_version_string) +
2191 strlen(packet_version_string) +
2192 strlen(pcap_version_string);
2193 full_pcap_version_string = malloc(full_pcap_version_string_len);
2194 if (full_pcap_version_string == NULL)
2195 return (NULL);
2196 pcap_snprintf(full_pcap_version_string,
2197 full_pcap_version_string_len,
2198 pcap_version_string_packet_dll_fmt,
2199 wpcap_version_string,
2200 packet_version_string,
2201 pcap_version_string);
2202 }
2203 }
2204 return (full_pcap_version_string);
2205 }
2206
2207 #else /* HAVE_VERSION_H */
2208
2209 /*
2210 * libpcap being built for Windows, not as part of a WinPcap/Npcap source
2211 * tree.
2212 */
2213 static const char pcap_version_string_packet_dll_fmt[] =
2214 "%s (packet.dll version %s)";
2215 const char *
pcap_lib_version(void)2216 pcap_lib_version(void)
2217 {
2218 char *packet_version_string;
2219 size_t full_pcap_version_string_len;
2220
2221 if (full_pcap_version_string == NULL) {
2222 /*
2223 * Generate the version string. Report the packet.dll
2224 * version.
2225 */
2226 packet_version_string = PacketGetVersion();
2227 full_pcap_version_string_len =
2228 (sizeof pcap_version_string_packet_dll_fmt - 4) +
2229 strlen(pcap_version_string) +
2230 strlen(packet_version_string);
2231 full_pcap_version_string = malloc(full_pcap_version_string_len);
2232 if (full_pcap_version_string == NULL)
2233 return (NULL);
2234 pcap_snprintf(full_pcap_version_string,
2235 full_pcap_version_string_len,
2236 pcap_version_string_packet_dll_fmt,
2237 pcap_version_string,
2238 packet_version_string);
2239 }
2240 return (full_pcap_version_string);
2241 }
2242
2243 #endif /* HAVE_VERSION_H */
2244
2245 #elif defined(MSDOS)
2246
2247 static char *full_pcap_version_string;
2248
2249 const char *
pcap_lib_version(void)2250 pcap_lib_version (void)
2251 {
2252 char *packet_version_string;
2253 size_t full_pcap_version_string_len;
2254 static char dospfx[] = "DOS-";
2255
2256 if (full_pcap_version_string == NULL) {
2257 /*
2258 * Generate the version string.
2259 */
2260 full_pcap_version_string_len =
2261 sizeof dospfx + strlen(pcap_version_string);
2262 full_pcap_version_string =
2263 malloc(full_pcap_version_string_len);
2264 if (full_pcap_version_string == NULL)
2265 return (NULL);
2266 strcpy(full_pcap_version_string, dospfx);
2267 strcat(full_pcap_version_string, pcap_version_string);
2268 }
2269 return (full_pcap_version_string);
2270 }
2271
2272 #else /* UN*X */
2273
2274 const char *
pcap_lib_version(void)2275 pcap_lib_version(void)
2276 {
2277 return (pcap_version_string);
2278 }
2279 #endif
2280
2281 #ifdef YYDEBUG
2282 /*
2283 * Set the internal "debug printout" flag for the filter expression parser.
2284 * The code to print that stuff is present only if YYDEBUG is defined, so
2285 * the flag, and the routine to set it, are defined only if YYDEBUG is
2286 * defined.
2287 *
2288 * This is intended for libpcap developers, not for general use.
2289 * If you want to set these in a program, you'll have to declare this
2290 * routine yourself, with the appropriate DLL import attribute on Windows;
2291 * it's not declared in any header file, and won't be declared in any
2292 * header file provided by libpcap.
2293 */
2294 PCAP_API void pcap_set_parser_debug(int value);
2295
2296 PCAP_API_DEF void
pcap_set_parser_debug(int value)2297 pcap_set_parser_debug(int value)
2298 {
2299 extern int pcap_debug;
2300
2301 pcap_debug = value;
2302 }
2303 #endif
2304
2305 #ifdef BDEBUG
2306 /*
2307 * Set the internal "debug printout" flag for the filter expression optimizer.
2308 * The code to print that stuff is present only if BDEBUG is defined, so
2309 * the flag, and the routine to set it, are defined only if BDEBUG is
2310 * defined.
2311 *
2312 * This is intended for libpcap developers, not for general use.
2313 * If you want to set these in a program, you'll have to declare this
2314 * routine yourself, with the appropriate DLL import attribute on Windows;
2315 * it's not declared in any header file, and won't be declared in any
2316 * header file provided by libpcap.
2317 */
2318 PCAP_API void pcap_set_optimizer_debug(int value);
2319
2320 PCAP_API_DEF void
pcap_set_optimizer_debug(int value)2321 pcap_set_optimizer_debug(int value)
2322 {
2323 extern int pcap_optimizer_debug;
2324
2325 pcap_optimizer_debug = value;
2326 }
2327 #endif
2328