1 /*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifndef lint
35 static const char rcsid[] _U_ =
36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)";
37 #endif
38
39 #ifdef HAVE_CONFIG_H
40 #include "config.h"
41 #endif
42
43 #ifdef WIN32
44 #include <pcap-stdinc.h>
45 #else /* WIN32 */
46 #if HAVE_INTTYPES_H
47 #include <inttypes.h>
48 #elif HAVE_STDINT_H
49 #include <stdint.h>
50 #endif
51 #ifdef HAVE_SYS_BITYPES_H
52 #include <sys/bitypes.h>
53 #endif
54 #include <sys/types.h>
55 #include <sys/mman.h>
56 #endif /* WIN32 */
57
58 #include <stdio.h>
59 #include <stdlib.h>
60 #include <string.h>
61 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
62 #include <unistd.h>
63 #endif
64 #include <fcntl.h>
65 #include <errno.h>
66
67 #ifdef HAVE_OS_PROTO_H
68 #include "os-proto.h"
69 #endif
70
71 #ifdef MSDOS
72 #include "pcap-dos.h"
73 #endif
74
75 #include "pcap-int.h"
76
77 #ifdef HAVE_DAG_API
78 #include "pcap-dag.h"
79 #endif /* HAVE_DAG_API */
80
81 #ifdef HAVE_SEPTEL_API
82 #include "pcap-septel.h"
83 #endif /* HAVE_SEPTEL_API */
84
85 #ifdef HAVE_SNF_API
86 #include "pcap-snf.h"
87 #endif /* HAVE_SNF_API */
88
89 #ifdef PCAP_SUPPORT_USB
90 #include "pcap-usb-linux.h"
91 #endif
92
93 #ifdef PCAP_SUPPORT_BT
94 #include "pcap-bt-linux.h"
95 #endif
96
97 #ifdef PCAP_SUPPORT_CAN
98 #include "pcap-can-linux.h"
99 #endif
100
101 #ifdef PCAP_SUPPORT_CANUSB
102 #include "pcap-canusb-linux.h"
103 #endif
104
105 #ifdef PCAP_SUPPORT_NETFILTER
106 #include "pcap-netfilter-linux.h"
107 #endif
108
109 int
pcap_not_initialized(pcap_t * pcap)110 pcap_not_initialized(pcap_t *pcap)
111 {
112 /* this means 'not initialized' */
113 return (PCAP_ERROR_NOT_ACTIVATED);
114 }
115
116 /*
117 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
118 * a PCAP_ERROR value on an error.
119 */
120 int
pcap_can_set_rfmon(pcap_t * p)121 pcap_can_set_rfmon(pcap_t *p)
122 {
123 return (p->can_set_rfmon_op(p));
124 }
125
126 /*
127 * For systems where rfmon mode is never supported.
128 */
129 static int
pcap_cant_set_rfmon(pcap_t * p _U_)130 pcap_cant_set_rfmon(pcap_t *p _U_)
131 {
132 return (0);
133 }
134
135 /*
136 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
137 * types; the return value is the number of supported time stamp types.
138 * The list should be freed by a call to pcap_free_tstamp_types() when
139 * you're done with it.
140 *
141 * A return value of 0 means "you don't get a choice of time stamp type",
142 * in which case *tstamp_typesp is set to null.
143 *
144 * PCAP_ERROR is returned on error.
145 */
146 int
pcap_list_tstamp_types(pcap_t * p,int ** tstamp_typesp)147 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
148 {
149 if (p->tstamp_type_count == 0) {
150 /*
151 * We don't support multiple time stamp types.
152 */
153 *tstamp_typesp = NULL;
154 } else {
155 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
156 p->tstamp_type_count);
157 if (*tstamp_typesp == NULL) {
158 (void)snprintf(p->errbuf, sizeof(p->errbuf),
159 "malloc: %s", pcap_strerror(errno));
160 return (PCAP_ERROR);
161 }
162 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
163 sizeof(**tstamp_typesp) * p->tstamp_type_count);
164 }
165 return (p->tstamp_type_count);
166 }
167
168 /*
169 * In Windows, you might have a library built with one version of the
170 * C runtime library and an application built with another version of
171 * the C runtime library, which means that the library might use one
172 * version of malloc() and free() and the application might use another
173 * version of malloc() and free(). If so, that means something
174 * allocated by the library cannot be freed by the application, so we
175 * need to have a pcap_free_tstamp_types() routine to free up the list
176 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
177 * around free().
178 */
179 void
pcap_free_tstamp_types(int * tstamp_type_list)180 pcap_free_tstamp_types(int *tstamp_type_list)
181 {
182 free(tstamp_type_list);
183 }
184
185 /*
186 * Default one-shot callback; overridden for capture types where the
187 * packet data cannot be guaranteed to be available after the callback
188 * returns, so that a copy must be made.
189 */
190 static void
pcap_oneshot(u_char * user,const struct pcap_pkthdr * h,const u_char * pkt)191 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
192 {
193 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
194
195 *sp->hdr = *h;
196 *sp->pkt = pkt;
197 }
198
199 const u_char *
pcap_next(pcap_t * p,struct pcap_pkthdr * h)200 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
201 {
202 struct oneshot_userdata s;
203 const u_char *pkt;
204
205 s.hdr = h;
206 s.pkt = &pkt;
207 s.pd = p;
208 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
209 return (0);
210 return (pkt);
211 }
212
213 int
pcap_next_ex(pcap_t * p,struct pcap_pkthdr ** pkt_header,const u_char ** pkt_data)214 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
215 const u_char **pkt_data)
216 {
217 struct oneshot_userdata s;
218
219 s.hdr = &p->pcap_header;
220 s.pkt = pkt_data;
221 s.pd = p;
222
223 /* Saves a pointer to the packet headers */
224 *pkt_header= &p->pcap_header;
225
226 if (p->sf.rfile != NULL) {
227 int status;
228
229 /* We are on an offline capture */
230 status = pcap_offline_read(p, 1, p->oneshot_callback,
231 (u_char *)&s);
232
233 /*
234 * Return codes for pcap_offline_read() are:
235 * - 0: EOF
236 * - -1: error
237 * - >1: OK
238 * The first one ('0') conflicts with the return code of
239 * 0 from pcap_read() meaning "no packets arrived before
240 * the timeout expired", so we map it to -2 so you can
241 * distinguish between an EOF from a savefile and a
242 * "no packets arrived before the timeout expired, try
243 * again" from a live capture.
244 */
245 if (status == 0)
246 return (-2);
247 else
248 return (status);
249 }
250
251 /*
252 * Return codes for pcap_read() are:
253 * - 0: timeout
254 * - -1: error
255 * - -2: loop was broken out of with pcap_breakloop()
256 * - >1: OK
257 * The first one ('0') conflicts with the return code of 0 from
258 * pcap_offline_read() meaning "end of file".
259 */
260 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
261 }
262
263 #if defined(DAG_ONLY)
264 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)265 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
266 {
267 return (dag_findalldevs(alldevsp, errbuf));
268 }
269
270 pcap_t *
pcap_create(const char * source,char * errbuf)271 pcap_create(const char *source, char *errbuf)
272 {
273 return (dag_create(source, errbuf));
274 }
275 #elif defined(SEPTEL_ONLY)
276 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)277 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
278 {
279 return (septel_findalldevs(alldevsp, errbuf));
280 }
281
282 pcap_t *
pcap_create(const char * source,char * errbuf)283 pcap_create(const char *source, char *errbuf)
284 {
285 return (septel_create(source, errbuf));
286 }
287 #elif defined(SNF_ONLY)
288 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)289 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
290 {
291 return (snf_findalldevs(alldevsp, errbuf));
292 }
293
294 pcap_t *
pcap_create(const char * source,char * errbuf)295 pcap_create(const char *source, char *errbuf)
296 {
297 return (snf_create(source, errbuf));
298 }
299 #else /* regular pcap */
300 struct capture_source_type {
301 int (*findalldevs_op)(pcap_if_t **, char *);
302 pcap_t *(*create_op)(const char *, char *, int *);
303 } capture_source_types[] = {
304 #ifdef HAVE_DAG_API
305 { dag_findalldevs, dag_create },
306 #endif
307 #ifdef HAVE_SEPTEL_API
308 { septel_findalldevs, septel_create },
309 #endif
310 #ifdef HAVE_SNF_API
311 { snf_findalldevs, snf_create },
312 #endif
313 #ifdef PCAP_SUPPORT_BT
314 { bt_findalldevs, bt_create },
315 #endif
316 #if PCAP_SUPPORT_CANUSB
317 { canusb_findalldevs, canusb_create },
318 #endif
319 #ifdef PCAP_SUPPORT_CAN
320 { can_findalldevs, can_create },
321 #endif
322 #ifdef PCAP_SUPPORT_USB
323 { usb_findalldevs, usb_create },
324 #endif
325 #ifdef PCAP_SUPPORT_NETFILTER
326 { netfilter_findalldevs, netfilter_create },
327 #endif
328 { NULL, NULL }
329 };
330
331 /*
332 * Get a list of all capture sources that are up and that we can open.
333 * Returns -1 on error, 0 otherwise.
334 * The list, as returned through "alldevsp", may be null if no interfaces
335 * were up and could be opened.
336 */
337 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)338 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
339 {
340 size_t i;
341
342 /*
343 * Get the list of regular interfaces first.
344 */
345 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1)
346 return (-1); /* failure */
347
348 /*
349 * Add any interfaces that need a platform-specific mechanism
350 * to find.
351 */
352 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) {
353 /*
354 * We had an error; free the list we've been
355 * constructing.
356 */
357 if (*alldevsp != NULL) {
358 pcap_freealldevs(*alldevsp);
359 *alldevsp = NULL;
360 }
361 return (-1);
362 }
363
364 /*
365 * Ask each of the non-local-network-interface capture
366 * source types what interfaces they have.
367 */
368 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
369 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
370 /*
371 * We had an error; free the list we've been
372 * constructing.
373 */
374 if (*alldevsp != NULL) {
375 pcap_freealldevs(*alldevsp);
376 *alldevsp = NULL;
377 }
378 return (-1);
379 }
380 }
381 return (0);
382 }
383
384 pcap_t *
pcap_create(const char * source,char * errbuf)385 pcap_create(const char *source, char *errbuf)
386 {
387 size_t i;
388 int is_theirs;
389 pcap_t *p;
390
391 /*
392 * A null source name is equivalent to the "any" device -
393 * which might not be supported on this platform, but
394 * this means that you'll get a "not supported" error
395 * rather than, say, a crash when we try to dereference
396 * the null pointer.
397 */
398 if (source == NULL)
399 source = "any";
400
401 /*
402 * Try each of the non-local-network-interface capture
403 * source types until we find one that works for this
404 * device or run out of types.
405 */
406 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
407 is_theirs = 0;
408 p = capture_source_types[i].create_op(source, errbuf, &is_theirs);
409 if (is_theirs) {
410 /*
411 * The device name refers to a device of the
412 * type in question; either it succeeded,
413 * in which case p refers to a pcap_t to
414 * later activate for the device, or it
415 * failed, in which case p is null and we
416 * should return that to report the failure
417 * to create.
418 */
419 return (p);
420 }
421 }
422
423 /*
424 * OK, try it as a regular network interface.
425 */
426 return (pcap_create_interface(source, errbuf));
427 }
428 #endif
429
430 static void
initialize_ops(pcap_t * p)431 initialize_ops(pcap_t *p)
432 {
433 /*
434 * Set operation pointers for operations that only work on
435 * an activated pcap_t to point to a routine that returns
436 * a "this isn't activated" error.
437 */
438 p->read_op = (read_op_t)pcap_not_initialized;
439 p->inject_op = (inject_op_t)pcap_not_initialized;
440 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
441 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
442 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
443 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
444 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
445 p->stats_op = (stats_op_t)pcap_not_initialized;
446 #ifdef WIN32
447 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
448 p->setmode_op = (setmode_op_t)pcap_not_initialized;
449 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
450 #endif
451
452 /*
453 * Default cleanup operation - implementations can override
454 * this, but should call pcap_cleanup_live_common() after
455 * doing their own additional cleanup.
456 */
457 p->cleanup_op = pcap_cleanup_live_common;
458
459 /*
460 * In most cases, the standard one-short callback can
461 * be used for pcap_next()/pcap_next_ex().
462 */
463 p->oneshot_callback = pcap_oneshot;
464 }
465
466 pcap_t *
pcap_create_common(const char * source,char * ebuf)467 pcap_create_common(const char *source, char *ebuf)
468 {
469 pcap_t *p;
470
471 p = malloc(sizeof(*p));
472 if (p == NULL) {
473 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
474 pcap_strerror(errno));
475 return (NULL);
476 }
477 memset(p, 0, sizeof(*p));
478 #ifndef WIN32
479 p->fd = -1; /* not opened yet */
480 p->selectable_fd = -1;
481 p->send_fd = -1;
482 #endif
483
484 p->opt.source = strdup(source);
485 if (p->opt.source == NULL) {
486 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
487 pcap_strerror(errno));
488 free(p);
489 return (NULL);
490 }
491
492 /*
493 * Default to "can't set rfmon mode"; if it's supported by
494 * a platform, the create routine that called us can set
495 * the op to its routine to check whether a particular
496 * device supports it.
497 */
498 p->can_set_rfmon_op = pcap_cant_set_rfmon;
499
500 initialize_ops(p);
501
502 /* put in some defaults*/
503 pcap_set_timeout(p, 0);
504 pcap_set_snaplen(p, 65535); /* max packet size */
505 p->opt.promisc = 0;
506 p->opt.buffer_size = 0;
507 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
508 return (p);
509 }
510
511 int
pcap_check_activated(pcap_t * p)512 pcap_check_activated(pcap_t *p)
513 {
514 if (p->activated) {
515 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
516 " operation on activated capture");
517 return (-1);
518 }
519 return (0);
520 }
521
522 int
pcap_set_snaplen(pcap_t * p,int snaplen)523 pcap_set_snaplen(pcap_t *p, int snaplen)
524 {
525 if (pcap_check_activated(p))
526 return (PCAP_ERROR_ACTIVATED);
527 p->snapshot = snaplen;
528 return (0);
529 }
530
531 int
pcap_set_promisc(pcap_t * p,int promisc)532 pcap_set_promisc(pcap_t *p, int promisc)
533 {
534 if (pcap_check_activated(p))
535 return (PCAP_ERROR_ACTIVATED);
536 p->opt.promisc = promisc;
537 return (0);
538 }
539
540 int
pcap_set_rfmon(pcap_t * p,int rfmon)541 pcap_set_rfmon(pcap_t *p, int rfmon)
542 {
543 if (pcap_check_activated(p))
544 return (PCAP_ERROR_ACTIVATED);
545 p->opt.rfmon = rfmon;
546 return (0);
547 }
548
549 int
pcap_set_timeout(pcap_t * p,int timeout_ms)550 pcap_set_timeout(pcap_t *p, int timeout_ms)
551 {
552 if (pcap_check_activated(p))
553 return (PCAP_ERROR_ACTIVATED);
554 p->md.timeout = timeout_ms;
555 return (0);
556 }
557
558 int
pcap_set_tstamp_type(pcap_t * p,int tstamp_type)559 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
560 {
561 int i;
562
563 if (pcap_check_activated(p))
564 return (PCAP_ERROR_ACTIVATED);
565
566 /*
567 * If p->tstamp_type_count is 0, we don't support setting
568 * the time stamp type at all.
569 */
570 if (p->tstamp_type_count == 0)
571 return (PCAP_ERROR_CANTSET_TSTAMP_TYPE);
572
573 /*
574 * Check whether we claim to support this type of time stamp.
575 */
576 for (i = 0; i < p->tstamp_type_count; i++) {
577 if (p->tstamp_type_list[i] == tstamp_type) {
578 /*
579 * Yes.
580 */
581 p->opt.tstamp_type = tstamp_type;
582 return (0);
583 }
584 }
585
586 /*
587 * No. We support setting the time stamp type, but not to this
588 * particular value.
589 */
590 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
591 }
592
593 int
pcap_set_buffer_size(pcap_t * p,int buffer_size)594 pcap_set_buffer_size(pcap_t *p, int buffer_size)
595 {
596 if (pcap_check_activated(p))
597 return (PCAP_ERROR_ACTIVATED);
598 p->opt.buffer_size = buffer_size;
599 return (0);
600 }
601
602 int
pcap_activate(pcap_t * p)603 pcap_activate(pcap_t *p)
604 {
605 int status;
606
607 /*
608 * Catch attempts to re-activate an already-activated
609 * pcap_t; this should, for example, catch code that
610 * calls pcap_open_live() followed by pcap_activate(),
611 * as some code that showed up in a Stack Exchange
612 * question did.
613 */
614 if (pcap_check_activated(p))
615 return (PCAP_ERROR_ACTIVATED);
616 status = p->activate_op(p);
617 if (status >= 0)
618 p->activated = 1;
619 else {
620 if (p->errbuf[0] == '\0') {
621 /*
622 * No error message supplied by the activate routine;
623 * for the benefit of programs that don't specially
624 * handle errors other than PCAP_ERROR, return the
625 * error message corresponding to the status.
626 */
627 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
628 pcap_statustostr(status));
629 }
630
631 /*
632 * Undo any operation pointer setting, etc. done by
633 * the activate operation.
634 */
635 initialize_ops(p);
636 }
637 return (status);
638 }
639
640 pcap_t *
pcap_open_live(const char * source,int snaplen,int promisc,int to_ms,char * errbuf)641 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
642 {
643 pcap_t *p;
644 int status;
645
646 p = pcap_create(source, errbuf);
647 if (p == NULL)
648 return (NULL);
649 status = pcap_set_snaplen(p, snaplen);
650 if (status < 0)
651 goto fail;
652 status = pcap_set_promisc(p, promisc);
653 if (status < 0)
654 goto fail;
655 status = pcap_set_timeout(p, to_ms);
656 if (status < 0)
657 goto fail;
658 /*
659 * Mark this as opened with pcap_open_live(), so that, for
660 * example, we show the full list of DLT_ values, rather
661 * than just the ones that are compatible with capturing
662 * when not in monitor mode. That allows existing applications
663 * to work the way they used to work, but allows new applications
664 * that know about the new open API to, for example, find out the
665 * DLT_ values that they can select without changing whether
666 * the adapter is in monitor mode or not.
667 */
668 p->oldstyle = 1;
669 status = pcap_activate(p);
670 if (status < 0)
671 goto fail;
672 return (p);
673 fail:
674 if (status == PCAP_ERROR)
675 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
676 p->errbuf);
677 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
678 status == PCAP_ERROR_PERM_DENIED ||
679 status == PCAP_ERROR_PROMISC_PERM_DENIED)
680 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
681 pcap_statustostr(status), p->errbuf);
682 else
683 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
684 pcap_statustostr(status));
685 pcap_close(p);
686 return (NULL);
687 }
688
689 int
pcap_dispatch(pcap_t * p,int cnt,pcap_handler callback,u_char * user)690 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
691 {
692 return (p->read_op(p, cnt, callback, user));
693 }
694
695 /*
696 * XXX - is this necessary?
697 */
698 int
pcap_read(pcap_t * p,int cnt,pcap_handler callback,u_char * user)699 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
700 {
701
702 return (p->read_op(p, cnt, callback, user));
703 }
704
705 int
pcap_loop(pcap_t * p,int cnt,pcap_handler callback,u_char * user)706 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
707 {
708 register int n;
709
710 for (;;) {
711 if (p->sf.rfile != NULL) {
712 /*
713 * 0 means EOF, so don't loop if we get 0.
714 */
715 n = pcap_offline_read(p, cnt, callback, user);
716 } else {
717 /*
718 * XXX keep reading until we get something
719 * (or an error occurs)
720 */
721 do {
722 n = p->read_op(p, cnt, callback, user);
723 } while (n == 0);
724 }
725 if (n <= 0)
726 return (n);
727 if (cnt > 0) {
728 cnt -= n;
729 if (cnt <= 0)
730 return (0);
731 }
732 }
733 }
734
735 /*
736 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
737 */
738 void
pcap_breakloop(pcap_t * p)739 pcap_breakloop(pcap_t *p)
740 {
741 p->break_loop = 1;
742 }
743
744 int
pcap_datalink(pcap_t * p)745 pcap_datalink(pcap_t *p)
746 {
747 return (p->linktype);
748 }
749
750 int
pcap_datalink_ext(pcap_t * p)751 pcap_datalink_ext(pcap_t *p)
752 {
753 return (p->linktype_ext);
754 }
755
756 int
pcap_list_datalinks(pcap_t * p,int ** dlt_buffer)757 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
758 {
759 if (p->dlt_count == 0) {
760 /*
761 * We couldn't fetch the list of DLTs, which means
762 * this platform doesn't support changing the
763 * DLT for an interface. Return a list of DLTs
764 * containing only the DLT this device supports.
765 */
766 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
767 if (*dlt_buffer == NULL) {
768 (void)snprintf(p->errbuf, sizeof(p->errbuf),
769 "malloc: %s", pcap_strerror(errno));
770 return (-1);
771 }
772 **dlt_buffer = p->linktype;
773 return (1);
774 } else {
775 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
776 if (*dlt_buffer == NULL) {
777 (void)snprintf(p->errbuf, sizeof(p->errbuf),
778 "malloc: %s", pcap_strerror(errno));
779 return (-1);
780 }
781 (void)memcpy(*dlt_buffer, p->dlt_list,
782 sizeof(**dlt_buffer) * p->dlt_count);
783 return (p->dlt_count);
784 }
785 }
786
787 /*
788 * In Windows, you might have a library built with one version of the
789 * C runtime library and an application built with another version of
790 * the C runtime library, which means that the library might use one
791 * version of malloc() and free() and the application might use another
792 * version of malloc() and free(). If so, that means something
793 * allocated by the library cannot be freed by the application, so we
794 * need to have a pcap_free_datalinks() routine to free up the list
795 * allocated by pcap_list_datalinks(), even though it's just a wrapper
796 * around free().
797 */
798 void
pcap_free_datalinks(int * dlt_list)799 pcap_free_datalinks(int *dlt_list)
800 {
801 free(dlt_list);
802 }
803
804 int
pcap_set_datalink(pcap_t * p,int dlt)805 pcap_set_datalink(pcap_t *p, int dlt)
806 {
807 int i;
808 const char *dlt_name;
809
810 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
811 /*
812 * We couldn't fetch the list of DLTs, or we don't
813 * have a "set datalink" operation, which means
814 * this platform doesn't support changing the
815 * DLT for an interface. Check whether the new
816 * DLT is the one this interface supports.
817 */
818 if (p->linktype != dlt)
819 goto unsupported;
820
821 /*
822 * It is, so there's nothing we need to do here.
823 */
824 return (0);
825 }
826 for (i = 0; i < p->dlt_count; i++)
827 if (p->dlt_list[i] == dlt)
828 break;
829 if (i >= p->dlt_count)
830 goto unsupported;
831 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
832 dlt == DLT_DOCSIS) {
833 /*
834 * This is presumably an Ethernet device, as the first
835 * link-layer type it offers is DLT_EN10MB, and the only
836 * other type it offers is DLT_DOCSIS. That means that
837 * we can't tell the driver to supply DOCSIS link-layer
838 * headers - we're just pretending that's what we're
839 * getting, as, presumably, we're capturing on a dedicated
840 * link to a Cisco Cable Modem Termination System, and
841 * it's putting raw DOCSIS frames on the wire inside low-level
842 * Ethernet framing.
843 */
844 p->linktype = dlt;
845 return (0);
846 }
847 if (p->set_datalink_op(p, dlt) == -1)
848 return (-1);
849 p->linktype = dlt;
850 return (0);
851
852 unsupported:
853 dlt_name = pcap_datalink_val_to_name(dlt);
854 if (dlt_name != NULL) {
855 (void) snprintf(p->errbuf, sizeof(p->errbuf),
856 "%s is not one of the DLTs supported by this device",
857 dlt_name);
858 } else {
859 (void) snprintf(p->errbuf, sizeof(p->errbuf),
860 "DLT %d is not one of the DLTs supported by this device",
861 dlt);
862 }
863 return (-1);
864 }
865
866 /*
867 * This array is designed for mapping upper and lower case letter
868 * together for a case independent comparison. The mappings are
869 * based upon ascii character sequences.
870 */
871 static const u_char charmap[] = {
872 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
873 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
874 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
875 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
876 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
877 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
878 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
879 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
880 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
881 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
882 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
883 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
884 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
885 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
886 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
887 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
888 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
889 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
890 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
891 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
892 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
893 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
894 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
895 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
896 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
897 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
898 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
899 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
900 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
901 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
902 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
903 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
904 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
905 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
906 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
907 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
908 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
909 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
910 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
911 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
912 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
913 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
914 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
915 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
916 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
917 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
918 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
919 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
920 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
921 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
922 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
923 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
924 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
925 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
926 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
927 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
928 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
929 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
930 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
931 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
932 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
933 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
934 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
935 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
936 };
937
938 int
pcap_strcasecmp(const char * s1,const char * s2)939 pcap_strcasecmp(const char *s1, const char *s2)
940 {
941 register const u_char *cm = charmap,
942 *us1 = (const u_char *)s1,
943 *us2 = (const u_char *)s2;
944
945 while (cm[*us1] == cm[*us2++])
946 if (*us1++ == '\0')
947 return(0);
948 return (cm[*us1] - cm[*--us2]);
949 }
950
951 struct dlt_choice {
952 const char *name;
953 const char *description;
954 int dlt;
955 };
956
957 #define DLT_CHOICE(code, description) { #code, description, code }
958 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
959
960 static struct dlt_choice dlt_choices[] = {
961 DLT_CHOICE(DLT_NULL, "BSD loopback"),
962 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
963 DLT_CHOICE(DLT_IEEE802, "Token ring"),
964 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
965 DLT_CHOICE(DLT_SLIP, "SLIP"),
966 DLT_CHOICE(DLT_PPP, "PPP"),
967 DLT_CHOICE(DLT_FDDI, "FDDI"),
968 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
969 DLT_CHOICE(DLT_RAW, "Raw IP"),
970 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
971 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
972 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
973 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
974 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
975 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
976 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
977 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
978 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
979 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
980 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
981 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
982 DLT_CHOICE(DLT_LTALK, "Localtalk"),
983 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
984 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
985 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
986 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
987 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
988 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
989 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
990 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
991 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
992 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
993 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
994 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
995 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
996 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
997 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
998 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
999 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1000 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
1001 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
1002 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
1003 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
1004 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
1005 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1006 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1007 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
1008 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
1009 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1010 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
1011 DLT_CHOICE(DLT_GPF_T, "GPF-T"),
1012 DLT_CHOICE(DLT_GPF_F, "GPF-F"),
1013 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1014 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"),
1015 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
1016 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
1017 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
1018 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
1019 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
1020 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
1021 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
1022 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
1023 DLT_CHOICE(DLT_A429, "Arinc 429"),
1024 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
1025 DLT_CHOICE(DLT_USB, "USB"),
1026 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1027 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1028 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
1029 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1030 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1031 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
1032 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1033 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
1034 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1035 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
1036 DLT_CHOICE(DLT_ERF, "Endace ERF header"),
1037 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
1038 DLT_CHOICE(DLT_IPMB, "IPMB"),
1039 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
1040 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1041 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
1042 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1043 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
1044 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
1045 DLT_CHOICE(DLT_DECT, "DECT"),
1046 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"),
1047 DLT_CHOICE(DLT_WIHART, "Wireless HART"),
1048 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"),
1049 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1050 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"),
1051 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1052 DLT_CHOICE(DLT_IPV4, "Raw IPv4"),
1053 DLT_CHOICE(DLT_IPV6, "Raw IPv6"),
1054 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1055 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"),
1056 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1057 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1058 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"),
1059 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1060 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"),
1061 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1062 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1063 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"),
1064 DLT_CHOICE_SENTINEL
1065 };
1066
1067 int
pcap_datalink_name_to_val(const char * name)1068 pcap_datalink_name_to_val(const char *name)
1069 {
1070 int i;
1071
1072 for (i = 0; dlt_choices[i].name != NULL; i++) {
1073 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
1074 name) == 0)
1075 return (dlt_choices[i].dlt);
1076 }
1077 return (-1);
1078 }
1079
1080 const char *
pcap_datalink_val_to_name(int dlt)1081 pcap_datalink_val_to_name(int dlt)
1082 {
1083 int i;
1084
1085 for (i = 0; dlt_choices[i].name != NULL; i++) {
1086 if (dlt_choices[i].dlt == dlt)
1087 return (dlt_choices[i].name + sizeof("DLT_") - 1);
1088 }
1089 return (NULL);
1090 }
1091
1092 const char *
pcap_datalink_val_to_description(int dlt)1093 pcap_datalink_val_to_description(int dlt)
1094 {
1095 int i;
1096
1097 for (i = 0; dlt_choices[i].name != NULL; i++) {
1098 if (dlt_choices[i].dlt == dlt)
1099 return (dlt_choices[i].description);
1100 }
1101 return (NULL);
1102 }
1103
1104 struct tstamp_type_choice {
1105 const char *name;
1106 const char *description;
1107 int type;
1108 };
1109
1110 static struct tstamp_type_choice tstamp_type_choices[] = {
1111 { "host", "Host", PCAP_TSTAMP_HOST },
1112 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1113 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1114 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1115 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1116 { NULL, NULL, 0 }
1117 };
1118
1119 int
pcap_tstamp_type_name_to_val(const char * name)1120 pcap_tstamp_type_name_to_val(const char *name)
1121 {
1122 int i;
1123
1124 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1125 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1126 return (tstamp_type_choices[i].type);
1127 }
1128 return (PCAP_ERROR);
1129 }
1130
1131 const char *
pcap_tstamp_type_val_to_name(int tstamp_type)1132 pcap_tstamp_type_val_to_name(int tstamp_type)
1133 {
1134 int i;
1135
1136 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1137 if (tstamp_type_choices[i].type == tstamp_type)
1138 return (tstamp_type_choices[i].name);
1139 }
1140 return (NULL);
1141 }
1142
1143 const char *
pcap_tstamp_type_val_to_description(int tstamp_type)1144 pcap_tstamp_type_val_to_description(int tstamp_type)
1145 {
1146 int i;
1147
1148 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1149 if (tstamp_type_choices[i].type == tstamp_type)
1150 return (tstamp_type_choices[i].description);
1151 }
1152 return (NULL);
1153 }
1154
1155 int
pcap_snapshot(pcap_t * p)1156 pcap_snapshot(pcap_t *p)
1157 {
1158 return (p->snapshot);
1159 }
1160
1161 int
pcap_is_swapped(pcap_t * p)1162 pcap_is_swapped(pcap_t *p)
1163 {
1164 return (p->sf.swapped);
1165 }
1166
1167 int
pcap_major_version(pcap_t * p)1168 pcap_major_version(pcap_t *p)
1169 {
1170 return (p->sf.version_major);
1171 }
1172
1173 int
pcap_minor_version(pcap_t * p)1174 pcap_minor_version(pcap_t *p)
1175 {
1176 return (p->sf.version_minor);
1177 }
1178
1179 FILE *
pcap_file(pcap_t * p)1180 pcap_file(pcap_t *p)
1181 {
1182 return (p->sf.rfile);
1183 }
1184
1185 int
pcap_fileno(pcap_t * p)1186 pcap_fileno(pcap_t *p)
1187 {
1188 #ifndef WIN32
1189 return (p->fd);
1190 #else
1191 if (p->adapter != NULL)
1192 return ((int)(DWORD)p->adapter->hFile);
1193 else
1194 return (-1);
1195 #endif
1196 }
1197
1198 #if !defined(WIN32) && !defined(MSDOS)
1199 int
pcap_get_selectable_fd(pcap_t * p)1200 pcap_get_selectable_fd(pcap_t *p)
1201 {
1202 return (p->selectable_fd);
1203 }
1204 #endif
1205
1206 void
pcap_perror(pcap_t * p,char * prefix)1207 pcap_perror(pcap_t *p, char *prefix)
1208 {
1209 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1210 }
1211
1212 char *
pcap_geterr(pcap_t * p)1213 pcap_geterr(pcap_t *p)
1214 {
1215 return (p->errbuf);
1216 }
1217
1218 int
pcap_getnonblock(pcap_t * p,char * errbuf)1219 pcap_getnonblock(pcap_t *p, char *errbuf)
1220 {
1221 int ret;
1222
1223 ret = p->getnonblock_op(p, errbuf);
1224 if (ret == -1) {
1225 /*
1226 * In case somebody depended on the bug wherein
1227 * the error message was put into p->errbuf
1228 * by pcap_getnonblock_fd().
1229 */
1230 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1231 }
1232 return (ret);
1233 }
1234
1235 /*
1236 * Get the current non-blocking mode setting, under the assumption that
1237 * it's just the standard POSIX non-blocking flag.
1238 *
1239 * We don't look at "p->nonblock", in case somebody tweaked the FD
1240 * directly.
1241 */
1242 #if !defined(WIN32) && !defined(MSDOS)
1243 int
pcap_getnonblock_fd(pcap_t * p,char * errbuf)1244 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1245 {
1246 int fdflags;
1247
1248 fdflags = fcntl(p->fd, F_GETFL, 0);
1249 if (fdflags == -1) {
1250 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1251 pcap_strerror(errno));
1252 return (-1);
1253 }
1254 if (fdflags & O_NONBLOCK)
1255 return (1);
1256 else
1257 return (0);
1258 }
1259 #endif
1260
1261 int
pcap_setnonblock(pcap_t * p,int nonblock,char * errbuf)1262 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1263 {
1264 int ret;
1265
1266 ret = p->setnonblock_op(p, nonblock, errbuf);
1267 if (ret == -1) {
1268 /*
1269 * In case somebody depended on the bug wherein
1270 * the error message was put into p->errbuf
1271 * by pcap_setnonblock_fd().
1272 */
1273 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1274 }
1275 return (ret);
1276 }
1277
1278 #if !defined(WIN32) && !defined(MSDOS)
1279 /*
1280 * Set non-blocking mode, under the assumption that it's just the
1281 * standard POSIX non-blocking flag. (This can be called by the
1282 * per-platform non-blocking-mode routine if that routine also
1283 * needs to do some additional work.)
1284 */
1285 int
pcap_setnonblock_fd(pcap_t * p,int nonblock,char * errbuf)1286 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1287 {
1288 int fdflags;
1289
1290 fdflags = fcntl(p->fd, F_GETFL, 0);
1291 if (fdflags == -1) {
1292 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1293 pcap_strerror(errno));
1294 return (-1);
1295 }
1296 if (nonblock)
1297 fdflags |= O_NONBLOCK;
1298 else
1299 fdflags &= ~O_NONBLOCK;
1300 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1301 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1302 pcap_strerror(errno));
1303 return (-1);
1304 }
1305 return (0);
1306 }
1307 #endif
1308
1309 #ifdef WIN32
1310 /*
1311 * Generate a string for the last Win32-specific error (i.e. an error generated when
1312 * calling a Win32 API).
1313 * For errors occurred during standard C calls, we still use pcap_strerror()
1314 */
1315 char *
pcap_win32strerror(void)1316 pcap_win32strerror(void)
1317 {
1318 DWORD error;
1319 static char errbuf[PCAP_ERRBUF_SIZE+1];
1320 int errlen;
1321 char *p;
1322
1323 error = GetLastError();
1324 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1325 PCAP_ERRBUF_SIZE, NULL);
1326
1327 /*
1328 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1329 * message. Get rid of it.
1330 */
1331 errlen = strlen(errbuf);
1332 if (errlen >= 2) {
1333 errbuf[errlen - 1] = '\0';
1334 errbuf[errlen - 2] = '\0';
1335 }
1336 p = strchr(errbuf, '\0');
1337 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
1338 return (errbuf);
1339 }
1340 #endif
1341
1342 /*
1343 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1344 */
1345 const char *
pcap_statustostr(int errnum)1346 pcap_statustostr(int errnum)
1347 {
1348 static char ebuf[15+10+1];
1349
1350 switch (errnum) {
1351
1352 case PCAP_WARNING:
1353 return("Generic warning");
1354
1355 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1356 return ("That type of time stamp is not supported by that device");
1357
1358 case PCAP_WARNING_PROMISC_NOTSUP:
1359 return ("That device doesn't support promiscuous mode");
1360
1361 case PCAP_ERROR:
1362 return("Generic error");
1363
1364 case PCAP_ERROR_BREAK:
1365 return("Loop terminated by pcap_breakloop");
1366
1367 case PCAP_ERROR_NOT_ACTIVATED:
1368 return("The pcap_t has not been activated");
1369
1370 case PCAP_ERROR_ACTIVATED:
1371 return ("The setting can't be changed after the pcap_t is activated");
1372
1373 case PCAP_ERROR_NO_SUCH_DEVICE:
1374 return ("No such device exists");
1375
1376 case PCAP_ERROR_RFMON_NOTSUP:
1377 return ("That device doesn't support monitor mode");
1378
1379 case PCAP_ERROR_NOT_RFMON:
1380 return ("That operation is supported only in monitor mode");
1381
1382 case PCAP_ERROR_PERM_DENIED:
1383 return ("You don't have permission to capture on that device");
1384
1385 case PCAP_ERROR_IFACE_NOT_UP:
1386 return ("That device is not up");
1387
1388 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1389 return ("That device doesn't support setting the time stamp type");
1390
1391 case PCAP_ERROR_PROMISC_PERM_DENIED:
1392 return ("You don't have permission to capture in promiscuous mode on that device");
1393 }
1394 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1395 return(ebuf);
1396 }
1397
1398 /*
1399 * Not all systems have strerror().
1400 */
1401 const char *
pcap_strerror(int errnum)1402 pcap_strerror(int errnum)
1403 {
1404 #ifdef HAVE_STRERROR
1405 return (strerror(errnum));
1406 #else
1407 extern int sys_nerr;
1408 extern const char *const sys_errlist[];
1409 static char ebuf[15+10+1];
1410
1411 if ((unsigned int)errnum < sys_nerr)
1412 return ((char *)sys_errlist[errnum]);
1413 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1414 return(ebuf);
1415 #endif
1416 }
1417
1418 int
pcap_setfilter(pcap_t * p,struct bpf_program * fp)1419 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1420 {
1421 return (p->setfilter_op(p, fp));
1422 }
1423
1424 /*
1425 * Set direction flag, which controls whether we accept only incoming
1426 * packets, only outgoing packets, or both.
1427 * Note that, depending on the platform, some or all direction arguments
1428 * might not be supported.
1429 */
1430 int
pcap_setdirection(pcap_t * p,pcap_direction_t d)1431 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1432 {
1433 if (p->setdirection_op == NULL) {
1434 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1435 "Setting direction is not implemented on this platform");
1436 return (-1);
1437 } else
1438 return (p->setdirection_op(p, d));
1439 }
1440
1441 int
pcap_stats(pcap_t * p,struct pcap_stat * ps)1442 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1443 {
1444 return (p->stats_op(p, ps));
1445 }
1446
1447 static int
pcap_stats_dead(pcap_t * p,struct pcap_stat * ps _U_)1448 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1449 {
1450 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1451 "Statistics aren't available from a pcap_open_dead pcap_t");
1452 return (-1);
1453 }
1454
1455 #ifdef WIN32
1456 int
pcap_setbuff(pcap_t * p,int dim)1457 pcap_setbuff(pcap_t *p, int dim)
1458 {
1459 return (p->setbuff_op(p, dim));
1460 }
1461
1462 static int
pcap_setbuff_dead(pcap_t * p,int dim)1463 pcap_setbuff_dead(pcap_t *p, int dim)
1464 {
1465 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1466 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1467 return (-1);
1468 }
1469
1470 int
pcap_setmode(pcap_t * p,int mode)1471 pcap_setmode(pcap_t *p, int mode)
1472 {
1473 return (p->setmode_op(p, mode));
1474 }
1475
1476 static int
pcap_setmode_dead(pcap_t * p,int mode)1477 pcap_setmode_dead(pcap_t *p, int mode)
1478 {
1479 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1480 "impossible to set mode on a pcap_open_dead pcap_t");
1481 return (-1);
1482 }
1483
1484 int
pcap_setmintocopy(pcap_t * p,int size)1485 pcap_setmintocopy(pcap_t *p, int size)
1486 {
1487 return (p->setmintocopy_op(p, size));
1488 }
1489
1490 static int
pcap_setmintocopy_dead(pcap_t * p,int size)1491 pcap_setmintocopy_dead(pcap_t *p, int size)
1492 {
1493 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1494 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1495 return (-1);
1496 }
1497 #endif
1498
1499 /*
1500 * On some platforms, we need to clean up promiscuous or monitor mode
1501 * when we close a device - and we want that to happen even if the
1502 * application just exits without explicitl closing devices.
1503 * On those platforms, we need to register a "close all the pcaps"
1504 * routine to be called when we exit, and need to maintain a list of
1505 * pcaps that need to be closed to clean up modes.
1506 *
1507 * XXX - not thread-safe.
1508 */
1509
1510 /*
1511 * List of pcaps on which we've done something that needs to be
1512 * cleaned up.
1513 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1514 * when we exit, and have it close all of them.
1515 */
1516 static struct pcap *pcaps_to_close;
1517
1518 /*
1519 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1520 * be called on exit.
1521 */
1522 static int did_atexit;
1523
1524 static void
pcap_close_all(void)1525 pcap_close_all(void)
1526 {
1527 struct pcap *handle;
1528
1529 while ((handle = pcaps_to_close) != NULL)
1530 pcap_close(handle);
1531 }
1532
1533 int
pcap_do_addexit(pcap_t * p)1534 pcap_do_addexit(pcap_t *p)
1535 {
1536 /*
1537 * If we haven't already done so, arrange to have
1538 * "pcap_close_all()" called when we exit.
1539 */
1540 if (!did_atexit) {
1541 if (atexit(pcap_close_all) == -1) {
1542 /*
1543 * "atexit()" failed; let our caller know.
1544 */
1545 strncpy(p->errbuf, "atexit failed",
1546 PCAP_ERRBUF_SIZE);
1547 return (0);
1548 }
1549 did_atexit = 1;
1550 }
1551 return (1);
1552 }
1553
1554 void
pcap_add_to_pcaps_to_close(pcap_t * p)1555 pcap_add_to_pcaps_to_close(pcap_t *p)
1556 {
1557 p->md.next = pcaps_to_close;
1558 pcaps_to_close = p;
1559 }
1560
1561 void
pcap_remove_from_pcaps_to_close(pcap_t * p)1562 pcap_remove_from_pcaps_to_close(pcap_t *p)
1563 {
1564 pcap_t *pc, *prevpc;
1565
1566 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1567 prevpc = pc, pc = pc->md.next) {
1568 if (pc == p) {
1569 /*
1570 * Found it. Remove it from the list.
1571 */
1572 if (prevpc == NULL) {
1573 /*
1574 * It was at the head of the list.
1575 */
1576 pcaps_to_close = pc->md.next;
1577 } else {
1578 /*
1579 * It was in the middle of the list.
1580 */
1581 prevpc->md.next = pc->md.next;
1582 }
1583 break;
1584 }
1585 }
1586 }
1587
1588 void
pcap_cleanup_live_common(pcap_t * p)1589 pcap_cleanup_live_common(pcap_t *p)
1590 {
1591 if (p->buffer != NULL) {
1592 free(p->buffer);
1593 p->buffer = NULL;
1594 }
1595 if (p->dlt_list != NULL) {
1596 free(p->dlt_list);
1597 p->dlt_list = NULL;
1598 p->dlt_count = 0;
1599 }
1600 if (p->tstamp_type_list != NULL) {
1601 free(p->tstamp_type_list);
1602 p->tstamp_type_list = NULL;
1603 p->tstamp_type_count = 0;
1604 }
1605 pcap_freecode(&p->fcode);
1606 #if !defined(WIN32) && !defined(MSDOS)
1607 if (p->fd >= 0) {
1608 close(p->fd);
1609 p->fd = -1;
1610 }
1611 p->selectable_fd = -1;
1612 p->send_fd = -1;
1613 #endif
1614 }
1615
1616 static void
pcap_cleanup_dead(pcap_t * p _U_)1617 pcap_cleanup_dead(pcap_t *p _U_)
1618 {
1619 /* Nothing to do. */
1620 }
1621
1622 pcap_t *
pcap_open_dead(int linktype,int snaplen)1623 pcap_open_dead(int linktype, int snaplen)
1624 {
1625 pcap_t *p;
1626
1627 p = malloc(sizeof(*p));
1628 if (p == NULL)
1629 return NULL;
1630 memset (p, 0, sizeof(*p));
1631 p->snapshot = snaplen;
1632 p->linktype = linktype;
1633 p->stats_op = pcap_stats_dead;
1634 #ifdef WIN32
1635 p->setbuff_op = pcap_setbuff_dead;
1636 p->setmode_op = pcap_setmode_dead;
1637 p->setmintocopy_op = pcap_setmintocopy_dead;
1638 #endif
1639 p->cleanup_op = pcap_cleanup_dead;
1640 p->activated = 1;
1641 return (p);
1642 }
1643
1644 /*
1645 * API compatible with WinPcap's "send a packet" routine - returns -1
1646 * on error, 0 otherwise.
1647 *
1648 * XXX - what if we get a short write?
1649 */
1650 int
pcap_sendpacket(pcap_t * p,const u_char * buf,int size)1651 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
1652 {
1653 if (p->inject_op(p, buf, size) == -1)
1654 return (-1);
1655 return (0);
1656 }
1657
1658 /*
1659 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
1660 * error, number of bytes written otherwise.
1661 */
1662 int
pcap_inject(pcap_t * p,const void * buf,size_t size)1663 pcap_inject(pcap_t *p, const void *buf, size_t size)
1664 {
1665 return (p->inject_op(p, buf, size));
1666 }
1667
1668 void
pcap_close(pcap_t * p)1669 pcap_close(pcap_t *p)
1670 {
1671 if (p->opt.source != NULL)
1672 free(p->opt.source);
1673 p->cleanup_op(p);
1674 free(p);
1675 }
1676
1677 /*
1678 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
1679 * data for the packet, check whether the packet passes the filter.
1680 * Returns the return value of the filter program, which will be zero if
1681 * the packet doesn't pass and non-zero if the packet does pass.
1682 */
1683 int
pcap_offline_filter(const struct bpf_program * fp,const struct pcap_pkthdr * h,const u_char * pkt)1684 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
1685 const u_char *pkt)
1686 {
1687 const struct bpf_insn *fcode = fp->bf_insns;
1688
1689 if (fcode != NULL)
1690 return (bpf_filter(fcode, pkt, h->len, h->caplen));
1691 else
1692 return (0);
1693 }
1694
1695 /*
1696 * We make the version string static, and return a pointer to it, rather
1697 * than exporting the version string directly. On at least some UNIXes,
1698 * if you import data from a shared library into an program, the data is
1699 * bound into the program binary, so if the string in the version of the
1700 * library with which the program was linked isn't the same as the
1701 * string in the version of the library with which the program is being
1702 * run, various undesirable things may happen (warnings, the string
1703 * being the one from the version of the library with which the program
1704 * was linked, or even weirder things, such as the string being the one
1705 * from the library but being truncated).
1706 */
1707 #ifdef HAVE_VERSION_H
1708 #include "version.h"
1709 #else
1710 static const char pcap_version_string[] = "libpcap version 1.x.y";
1711 #endif
1712
1713 #ifdef WIN32
1714 /*
1715 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
1716 * version numbers when building WinPcap. (It'd be nice to do so for
1717 * the packet.dll version number as well.)
1718 */
1719 static const char wpcap_version_string[] = "4.0";
1720 static const char pcap_version_string_fmt[] =
1721 "WinPcap version %s, based on %s";
1722 static const char pcap_version_string_packet_dll_fmt[] =
1723 "WinPcap version %s (packet.dll version %s), based on %s";
1724 static char *full_pcap_version_string;
1725
1726 const char *
pcap_lib_version(void)1727 pcap_lib_version(void)
1728 {
1729 char *packet_version_string;
1730 size_t full_pcap_version_string_len;
1731
1732 if (full_pcap_version_string == NULL) {
1733 /*
1734 * Generate the version string.
1735 */
1736 packet_version_string = PacketGetVersion();
1737 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
1738 /*
1739 * WinPcap version string and packet.dll version
1740 * string are the same; just report the WinPcap
1741 * version.
1742 */
1743 full_pcap_version_string_len =
1744 (sizeof pcap_version_string_fmt - 4) +
1745 strlen(wpcap_version_string) +
1746 strlen(pcap_version_string);
1747 full_pcap_version_string =
1748 malloc(full_pcap_version_string_len);
1749 sprintf(full_pcap_version_string,
1750 pcap_version_string_fmt, wpcap_version_string,
1751 pcap_version_string);
1752 } else {
1753 /*
1754 * WinPcap version string and packet.dll version
1755 * string are different; that shouldn't be the
1756 * case (the two libraries should come from the
1757 * same version of WinPcap), so we report both
1758 * versions.
1759 */
1760 full_pcap_version_string_len =
1761 (sizeof pcap_version_string_packet_dll_fmt - 6) +
1762 strlen(wpcap_version_string) +
1763 strlen(packet_version_string) +
1764 strlen(pcap_version_string);
1765 full_pcap_version_string = malloc(full_pcap_version_string_len);
1766
1767 sprintf(full_pcap_version_string,
1768 pcap_version_string_packet_dll_fmt,
1769 wpcap_version_string, packet_version_string,
1770 pcap_version_string);
1771 }
1772 }
1773 return (full_pcap_version_string);
1774 }
1775
1776 #elif defined(MSDOS)
1777
1778 static char *full_pcap_version_string;
1779
1780 const char *
pcap_lib_version(void)1781 pcap_lib_version (void)
1782 {
1783 char *packet_version_string;
1784 size_t full_pcap_version_string_len;
1785 static char dospfx[] = "DOS-";
1786
1787 if (full_pcap_version_string == NULL) {
1788 /*
1789 * Generate the version string.
1790 */
1791 full_pcap_version_string_len =
1792 sizeof dospfx + strlen(pcap_version_string);
1793 full_pcap_version_string =
1794 malloc(full_pcap_version_string_len);
1795 strcpy(full_pcap_version_string, dospfx);
1796 strcat(full_pcap_version_string, pcap_version_string);
1797 }
1798 return (full_pcap_version_string);
1799 }
1800
1801 #else /* UN*X */
1802
1803 const char *
pcap_lib_version(void)1804 pcap_lib_version(void)
1805 {
1806 return (pcap_version_string);
1807 }
1808 #endif
1809