1/* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef lint 35static const char rcsid[] _U_ = 36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)"; 37#endif 38 39#ifdef HAVE_CONFIG_H 40#include "config.h" 41#endif 42 43#ifdef WIN32 44#include <pcap-stdinc.h> 45#else /* WIN32 */ 46#if HAVE_INTTYPES_H 47#include <inttypes.h> 48#elif HAVE_STDINT_H 49#include <stdint.h> 50#endif 51#ifdef HAVE_SYS_BITYPES_H 52#include <sys/bitypes.h> 53#endif 54#include <sys/types.h> 55#include <sys/mman.h> 56#endif /* WIN32 */ 57 58#include <stdio.h> 59#include <stdlib.h> 60#include <string.h> 61#if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 62#include <unistd.h> 63#endif 64#include <fcntl.h> 65#include <errno.h> 66 67#ifdef HAVE_OS_PROTO_H 68#include "os-proto.h" 69#endif 70 71#ifdef MSDOS 72#include "pcap-dos.h" 73#endif 74 75#include "pcap-int.h" 76 77#ifdef HAVE_DAG_API 78#include "pcap-dag.h" 79#endif /* HAVE_DAG_API */ 80 81#ifdef HAVE_SEPTEL_API 82#include "pcap-septel.h" 83#endif /* HAVE_SEPTEL_API */ 84 85#ifdef HAVE_SNF_API 86#include "pcap-snf.h" 87#endif /* HAVE_SNF_API */ 88 89#ifdef PCAP_SUPPORT_USB 90#include "pcap-usb-linux.h" 91#endif 92 93#ifdef PCAP_SUPPORT_BT 94#include "pcap-bt-linux.h" 95#endif 96 97#ifdef PCAP_SUPPORT_CAN 98#include "pcap-can-linux.h" 99#endif 100 101#ifdef PCAP_SUPPORT_CANUSB 102#include "pcap-canusb-linux.h" 103#endif 104 105#ifdef PCAP_SUPPORT_NETFILTER 106#include "pcap-netfilter-linux.h" 107#endif 108 109int 110pcap_not_initialized(pcap_t *pcap) 111{ 112 /* this means 'not initialized' */ 113 return (PCAP_ERROR_NOT_ACTIVATED); 114} 115 116/* 117 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 118 * a PCAP_ERROR value on an error. 119 */ 120int 121pcap_can_set_rfmon(pcap_t *p) 122{ 123 return (p->can_set_rfmon_op(p)); 124} 125 126/* 127 * For systems where rfmon mode is never supported. 128 */ 129static int 130pcap_cant_set_rfmon(pcap_t *p _U_) 131{ 132 return (0); 133} 134 135/* 136 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 137 * types; the return value is the number of supported time stamp types. 138 * The list should be freed by a call to pcap_free_tstamp_types() when 139 * you're done with it. 140 * 141 * A return value of 0 means "you don't get a choice of time stamp type", 142 * in which case *tstamp_typesp is set to null. 143 * 144 * PCAP_ERROR is returned on error. 145 */ 146int 147pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 148{ 149 if (p->tstamp_type_count == 0) { 150 /* 151 * We don't support multiple time stamp types. 152 */ 153 *tstamp_typesp = NULL; 154 } else { 155 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 156 p->tstamp_type_count); 157 if (*tstamp_typesp == NULL) { 158 (void)snprintf(p->errbuf, sizeof(p->errbuf), 159 "malloc: %s", pcap_strerror(errno)); 160 return (PCAP_ERROR); 161 } 162 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 163 sizeof(**tstamp_typesp) * p->tstamp_type_count); 164 } 165 return (p->tstamp_type_count); 166} 167 168/* 169 * In Windows, you might have a library built with one version of the 170 * C runtime library and an application built with another version of 171 * the C runtime library, which means that the library might use one 172 * version of malloc() and free() and the application might use another 173 * version of malloc() and free(). If so, that means something 174 * allocated by the library cannot be freed by the application, so we 175 * need to have a pcap_free_tstamp_types() routine to free up the list 176 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 177 * around free(). 178 */ 179void 180pcap_free_tstamp_types(int *tstamp_type_list) 181{ 182 free(tstamp_type_list); 183} 184 185/* 186 * Default one-shot callback; overridden for capture types where the 187 * packet data cannot be guaranteed to be available after the callback 188 * returns, so that a copy must be made. 189 */ 190static void 191pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 192{ 193 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 194 195 *sp->hdr = *h; 196 *sp->pkt = pkt; 197} 198 199const u_char * 200pcap_next(pcap_t *p, struct pcap_pkthdr *h) 201{ 202 struct oneshot_userdata s; 203 const u_char *pkt; 204 205 s.hdr = h; 206 s.pkt = &pkt; 207 s.pd = p; 208 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 209 return (0); 210 return (pkt); 211} 212 213int 214pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 215 const u_char **pkt_data) 216{ 217 struct oneshot_userdata s; 218 219 s.hdr = &p->pcap_header; 220 s.pkt = pkt_data; 221 s.pd = p; 222 223 /* Saves a pointer to the packet headers */ 224 *pkt_header= &p->pcap_header; 225 226 if (p->sf.rfile != NULL) { 227 int status; 228 229 /* We are on an offline capture */ 230 status = pcap_offline_read(p, 1, p->oneshot_callback, 231 (u_char *)&s); 232 233 /* 234 * Return codes for pcap_offline_read() are: 235 * - 0: EOF 236 * - -1: error 237 * - >1: OK 238 * The first one ('0') conflicts with the return code of 239 * 0 from pcap_read() meaning "no packets arrived before 240 * the timeout expired", so we map it to -2 so you can 241 * distinguish between an EOF from a savefile and a 242 * "no packets arrived before the timeout expired, try 243 * again" from a live capture. 244 */ 245 if (status == 0) 246 return (-2); 247 else 248 return (status); 249 } 250 251 /* 252 * Return codes for pcap_read() are: 253 * - 0: timeout 254 * - -1: error 255 * - -2: loop was broken out of with pcap_breakloop() 256 * - >1: OK 257 * The first one ('0') conflicts with the return code of 0 from 258 * pcap_offline_read() meaning "end of file". 259 */ 260 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 261} 262 263#if defined(DAG_ONLY) 264int 265pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 266{ 267 return (dag_findalldevs(alldevsp, errbuf)); 268} 269 270pcap_t * 271pcap_create(const char *source, char *errbuf) 272{ 273 return (dag_create(source, errbuf)); 274} 275#elif defined(SEPTEL_ONLY) 276int 277pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 278{ 279 return (septel_findalldevs(alldevsp, errbuf)); 280} 281 282pcap_t * 283pcap_create(const char *source, char *errbuf) 284{ 285 return (septel_create(source, errbuf)); 286} 287#elif defined(SNF_ONLY) 288int 289pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 290{ 291 return (snf_findalldevs(alldevsp, errbuf)); 292} 293 294pcap_t * 295pcap_create(const char *source, char *errbuf) 296{ 297 return (snf_create(source, errbuf)); 298} 299#else /* regular pcap */ 300struct capture_source_type { 301 int (*findalldevs_op)(pcap_if_t **, char *); 302 pcap_t *(*create_op)(const char *, char *, int *); 303} capture_source_types[] = { 304#ifdef HAVE_DAG_API 305 { dag_findalldevs, dag_create }, 306#endif 307#ifdef HAVE_SEPTEL_API 308 { septel_findalldevs, septel_create }, 309#endif 310#ifdef HAVE_SNF_API 311 { snf_findalldevs, snf_create }, 312#endif 313#ifdef PCAP_SUPPORT_BT 314 { bt_findalldevs, bt_create }, 315#endif 316#if PCAP_SUPPORT_CANUSB 317 { canusb_findalldevs, canusb_create }, 318#endif 319#ifdef PCAP_SUPPORT_CAN 320 { can_findalldevs, can_create }, 321#endif 322#ifdef PCAP_SUPPORT_USB 323 { usb_findalldevs, usb_create }, 324#endif 325#ifdef PCAP_SUPPORT_NETFILTER 326 { netfilter_findalldevs, netfilter_create }, 327#endif 328 { NULL, NULL } 329}; 330 331/* 332 * Get a list of all capture sources that are up and that we can open. 333 * Returns -1 on error, 0 otherwise. 334 * The list, as returned through "alldevsp", may be null if no interfaces 335 * were up and could be opened. 336 */ 337int 338pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 339{ 340 size_t i; 341 342 /* 343 * Get the list of regular interfaces first. 344 */ 345 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1) 346 return (-1); /* failure */ 347 348 /* 349 * Add any interfaces that need a platform-specific mechanism 350 * to find. 351 */ 352 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) { 353 /* 354 * We had an error; free the list we've been 355 * constructing. 356 */ 357 if (*alldevsp != NULL) { 358 pcap_freealldevs(*alldevsp); 359 *alldevsp = NULL; 360 } 361 return (-1); 362 } 363 364 /* 365 * Ask each of the non-local-network-interface capture 366 * source types what interfaces they have. 367 */ 368 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 369 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) { 370 /* 371 * We had an error; free the list we've been 372 * constructing. 373 */ 374 if (*alldevsp != NULL) { 375 pcap_freealldevs(*alldevsp); 376 *alldevsp = NULL; 377 } 378 return (-1); 379 } 380 } 381 return (0); 382} 383 384pcap_t * 385pcap_create(const char *source, char *errbuf) 386{ 387 size_t i; 388 int is_theirs; 389 pcap_t *p; 390 391 /* 392 * A null source name is equivalent to the "any" device - 393 * which might not be supported on this platform, but 394 * this means that you'll get a "not supported" error 395 * rather than, say, a crash when we try to dereference 396 * the null pointer. 397 */ 398 if (source == NULL) 399 source = "any"; 400 401 /* 402 * Try each of the non-local-network-interface capture 403 * source types until we find one that works for this 404 * device or run out of types. 405 */ 406 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 407 is_theirs = 0; 408 p = capture_source_types[i].create_op(source, errbuf, &is_theirs); 409 if (is_theirs) { 410 /* 411 * The device name refers to a device of the 412 * type in question; either it succeeded, 413 * in which case p refers to a pcap_t to 414 * later activate for the device, or it 415 * failed, in which case p is null and we 416 * should return that to report the failure 417 * to create. 418 */ 419 return (p); 420 } 421 } 422 423 /* 424 * OK, try it as a regular network interface. 425 */ 426 return (pcap_create_interface(source, errbuf)); 427} 428#endif 429 430static void 431initialize_ops(pcap_t *p) 432{ 433 /* 434 * Set operation pointers for operations that only work on 435 * an activated pcap_t to point to a routine that returns 436 * a "this isn't activated" error. 437 */ 438 p->read_op = (read_op_t)pcap_not_initialized; 439 p->inject_op = (inject_op_t)pcap_not_initialized; 440 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 441 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 442 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 443 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 444 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 445 p->stats_op = (stats_op_t)pcap_not_initialized; 446#ifdef WIN32 447 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 448 p->setmode_op = (setmode_op_t)pcap_not_initialized; 449 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 450#endif 451 452 /* 453 * Default cleanup operation - implementations can override 454 * this, but should call pcap_cleanup_live_common() after 455 * doing their own additional cleanup. 456 */ 457 p->cleanup_op = pcap_cleanup_live_common; 458 459 /* 460 * In most cases, the standard one-short callback can 461 * be used for pcap_next()/pcap_next_ex(). 462 */ 463 p->oneshot_callback = pcap_oneshot; 464} 465 466pcap_t * 467pcap_create_common(const char *source, char *ebuf) 468{ 469 pcap_t *p; 470 471 p = malloc(sizeof(*p)); 472 if (p == NULL) { 473 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 474 pcap_strerror(errno)); 475 return (NULL); 476 } 477 memset(p, 0, sizeof(*p)); 478#ifndef WIN32 479 p->fd = -1; /* not opened yet */ 480 p->selectable_fd = -1; 481 p->send_fd = -1; 482#endif 483 484 p->opt.source = strdup(source); 485 if (p->opt.source == NULL) { 486 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 487 pcap_strerror(errno)); 488 free(p); 489 return (NULL); 490 } 491 492 /* 493 * Default to "can't set rfmon mode"; if it's supported by 494 * a platform, the create routine that called us can set 495 * the op to its routine to check whether a particular 496 * device supports it. 497 */ 498 p->can_set_rfmon_op = pcap_cant_set_rfmon; 499 500 initialize_ops(p); 501 502 /* put in some defaults*/ 503 pcap_set_timeout(p, 0); 504 pcap_set_snaplen(p, 65535); /* max packet size */ 505 p->opt.promisc = 0; 506 p->opt.buffer_size = 0; 507 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 508 return (p); 509} 510 511int 512pcap_check_activated(pcap_t *p) 513{ 514 if (p->activated) { 515 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 516 " operation on activated capture"); 517 return (-1); 518 } 519 return (0); 520} 521 522int 523pcap_set_snaplen(pcap_t *p, int snaplen) 524{ 525 if (pcap_check_activated(p)) 526 return (PCAP_ERROR_ACTIVATED); 527 p->snapshot = snaplen; 528 return (0); 529} 530 531int 532pcap_set_promisc(pcap_t *p, int promisc) 533{ 534 if (pcap_check_activated(p)) 535 return (PCAP_ERROR_ACTIVATED); 536 p->opt.promisc = promisc; 537 return (0); 538} 539 540int 541pcap_set_rfmon(pcap_t *p, int rfmon) 542{ 543 if (pcap_check_activated(p)) 544 return (PCAP_ERROR_ACTIVATED); 545 p->opt.rfmon = rfmon; 546 return (0); 547} 548 549int 550pcap_set_timeout(pcap_t *p, int timeout_ms) 551{ 552 if (pcap_check_activated(p)) 553 return (PCAP_ERROR_ACTIVATED); 554 p->md.timeout = timeout_ms; 555 return (0); 556} 557 558int 559pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 560{ 561 int i; 562 563 if (pcap_check_activated(p)) 564 return (PCAP_ERROR_ACTIVATED); 565 566 /* 567 * If p->tstamp_type_count is 0, we don't support setting 568 * the time stamp type at all. 569 */ 570 if (p->tstamp_type_count == 0) 571 return (PCAP_ERROR_CANTSET_TSTAMP_TYPE); 572 573 /* 574 * Check whether we claim to support this type of time stamp. 575 */ 576 for (i = 0; i < p->tstamp_type_count; i++) { 577 if (p->tstamp_type_list[i] == tstamp_type) { 578 /* 579 * Yes. 580 */ 581 p->opt.tstamp_type = tstamp_type; 582 return (0); 583 } 584 } 585 586 /* 587 * No. We support setting the time stamp type, but not to this 588 * particular value. 589 */ 590 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 591} 592 593int 594pcap_set_buffer_size(pcap_t *p, int buffer_size) 595{ 596 if (pcap_check_activated(p)) 597 return (PCAP_ERROR_ACTIVATED); 598 p->opt.buffer_size = buffer_size; 599 return (0); 600} 601 602int 603pcap_activate(pcap_t *p) 604{ 605 int status; 606 607 /* 608 * Catch attempts to re-activate an already-activated 609 * pcap_t; this should, for example, catch code that 610 * calls pcap_open_live() followed by pcap_activate(), 611 * as some code that showed up in a Stack Exchange 612 * question did. 613 */ 614 if (pcap_check_activated(p)) 615 return (PCAP_ERROR_ACTIVATED); 616 status = p->activate_op(p); 617 if (status >= 0) 618 p->activated = 1; 619 else { 620 if (p->errbuf[0] == '\0') { 621 /* 622 * No error message supplied by the activate routine; 623 * for the benefit of programs that don't specially 624 * handle errors other than PCAP_ERROR, return the 625 * error message corresponding to the status. 626 */ 627 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 628 pcap_statustostr(status)); 629 } 630 631 /* 632 * Undo any operation pointer setting, etc. done by 633 * the activate operation. 634 */ 635 initialize_ops(p); 636 } 637 return (status); 638} 639 640pcap_t * 641pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf) 642{ 643 pcap_t *p; 644 int status; 645 646 p = pcap_create(source, errbuf); 647 if (p == NULL) 648 return (NULL); 649 status = pcap_set_snaplen(p, snaplen); 650 if (status < 0) 651 goto fail; 652 status = pcap_set_promisc(p, promisc); 653 if (status < 0) 654 goto fail; 655 status = pcap_set_timeout(p, to_ms); 656 if (status < 0) 657 goto fail; 658 /* 659 * Mark this as opened with pcap_open_live(), so that, for 660 * example, we show the full list of DLT_ values, rather 661 * than just the ones that are compatible with capturing 662 * when not in monitor mode. That allows existing applications 663 * to work the way they used to work, but allows new applications 664 * that know about the new open API to, for example, find out the 665 * DLT_ values that they can select without changing whether 666 * the adapter is in monitor mode or not. 667 */ 668 p->oldstyle = 1; 669 status = pcap_activate(p); 670 if (status < 0) 671 goto fail; 672 return (p); 673fail: 674 if (status == PCAP_ERROR) 675 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 676 p->errbuf); 677 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 678 status == PCAP_ERROR_PERM_DENIED || 679 status == PCAP_ERROR_PROMISC_PERM_DENIED) 680 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, 681 pcap_statustostr(status), p->errbuf); 682 else 683 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 684 pcap_statustostr(status)); 685 pcap_close(p); 686 return (NULL); 687} 688 689int 690pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 691{ 692 return (p->read_op(p, cnt, callback, user)); 693} 694 695/* 696 * XXX - is this necessary? 697 */ 698int 699pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 700{ 701 702 return (p->read_op(p, cnt, callback, user)); 703} 704 705int 706pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 707{ 708 register int n; 709 710 for (;;) { 711 if (p->sf.rfile != NULL) { 712 /* 713 * 0 means EOF, so don't loop if we get 0. 714 */ 715 n = pcap_offline_read(p, cnt, callback, user); 716 } else { 717 /* 718 * XXX keep reading until we get something 719 * (or an error occurs) 720 */ 721 do { 722 n = p->read_op(p, cnt, callback, user); 723 } while (n == 0); 724 } 725 if (n <= 0) 726 return (n); 727 if (cnt > 0) { 728 cnt -= n; 729 if (cnt <= 0) 730 return (0); 731 } 732 } 733} 734 735/* 736 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 737 */ 738void 739pcap_breakloop(pcap_t *p) 740{ 741 p->break_loop = 1; 742} 743 744int 745pcap_datalink(pcap_t *p) 746{ 747 return (p->linktype); 748} 749 750int 751pcap_datalink_ext(pcap_t *p) 752{ 753 return (p->linktype_ext); 754} 755 756int 757pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 758{ 759 if (p->dlt_count == 0) { 760 /* 761 * We couldn't fetch the list of DLTs, which means 762 * this platform doesn't support changing the 763 * DLT for an interface. Return a list of DLTs 764 * containing only the DLT this device supports. 765 */ 766 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 767 if (*dlt_buffer == NULL) { 768 (void)snprintf(p->errbuf, sizeof(p->errbuf), 769 "malloc: %s", pcap_strerror(errno)); 770 return (-1); 771 } 772 **dlt_buffer = p->linktype; 773 return (1); 774 } else { 775 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 776 if (*dlt_buffer == NULL) { 777 (void)snprintf(p->errbuf, sizeof(p->errbuf), 778 "malloc: %s", pcap_strerror(errno)); 779 return (-1); 780 } 781 (void)memcpy(*dlt_buffer, p->dlt_list, 782 sizeof(**dlt_buffer) * p->dlt_count); 783 return (p->dlt_count); 784 } 785} 786 787/* 788 * In Windows, you might have a library built with one version of the 789 * C runtime library and an application built with another version of 790 * the C runtime library, which means that the library might use one 791 * version of malloc() and free() and the application might use another 792 * version of malloc() and free(). If so, that means something 793 * allocated by the library cannot be freed by the application, so we 794 * need to have a pcap_free_datalinks() routine to free up the list 795 * allocated by pcap_list_datalinks(), even though it's just a wrapper 796 * around free(). 797 */ 798void 799pcap_free_datalinks(int *dlt_list) 800{ 801 free(dlt_list); 802} 803 804int 805pcap_set_datalink(pcap_t *p, int dlt) 806{ 807 int i; 808 const char *dlt_name; 809 810 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 811 /* 812 * We couldn't fetch the list of DLTs, or we don't 813 * have a "set datalink" operation, which means 814 * this platform doesn't support changing the 815 * DLT for an interface. Check whether the new 816 * DLT is the one this interface supports. 817 */ 818 if (p->linktype != dlt) 819 goto unsupported; 820 821 /* 822 * It is, so there's nothing we need to do here. 823 */ 824 return (0); 825 } 826 for (i = 0; i < p->dlt_count; i++) 827 if (p->dlt_list[i] == dlt) 828 break; 829 if (i >= p->dlt_count) 830 goto unsupported; 831 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 832 dlt == DLT_DOCSIS) { 833 /* 834 * This is presumably an Ethernet device, as the first 835 * link-layer type it offers is DLT_EN10MB, and the only 836 * other type it offers is DLT_DOCSIS. That means that 837 * we can't tell the driver to supply DOCSIS link-layer 838 * headers - we're just pretending that's what we're 839 * getting, as, presumably, we're capturing on a dedicated 840 * link to a Cisco Cable Modem Termination System, and 841 * it's putting raw DOCSIS frames on the wire inside low-level 842 * Ethernet framing. 843 */ 844 p->linktype = dlt; 845 return (0); 846 } 847 if (p->set_datalink_op(p, dlt) == -1) 848 return (-1); 849 p->linktype = dlt; 850 return (0); 851 852unsupported: 853 dlt_name = pcap_datalink_val_to_name(dlt); 854 if (dlt_name != NULL) { 855 (void) snprintf(p->errbuf, sizeof(p->errbuf), 856 "%s is not one of the DLTs supported by this device", 857 dlt_name); 858 } else { 859 (void) snprintf(p->errbuf, sizeof(p->errbuf), 860 "DLT %d is not one of the DLTs supported by this device", 861 dlt); 862 } 863 return (-1); 864} 865 866/* 867 * This array is designed for mapping upper and lower case letter 868 * together for a case independent comparison. The mappings are 869 * based upon ascii character sequences. 870 */ 871static const u_char charmap[] = { 872 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 873 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 874 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 875 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 876 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 877 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 878 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 879 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 880 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 881 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 882 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 883 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 884 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 885 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 886 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 887 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 888 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 889 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 890 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 891 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 892 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 893 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 894 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 895 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 896 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 897 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 898 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 899 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 900 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 901 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 902 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 903 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 904 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 905 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 906 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 907 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 908 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 909 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 910 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 911 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 912 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 913 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 914 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 915 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 916 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 917 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 918 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 919 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 920 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 921 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 922 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 923 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 924 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 925 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 926 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 927 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 928 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 929 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 930 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 931 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 932 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 933 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 934 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 935 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 936}; 937 938int 939pcap_strcasecmp(const char *s1, const char *s2) 940{ 941 register const u_char *cm = charmap, 942 *us1 = (const u_char *)s1, 943 *us2 = (const u_char *)s2; 944 945 while (cm[*us1] == cm[*us2++]) 946 if (*us1++ == '\0') 947 return(0); 948 return (cm[*us1] - cm[*--us2]); 949} 950 951struct dlt_choice { 952 const char *name; 953 const char *description; 954 int dlt; 955}; 956 957#define DLT_CHOICE(code, description) { #code, description, code } 958#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 959 960static struct dlt_choice dlt_choices[] = { 961 DLT_CHOICE(DLT_NULL, "BSD loopback"), 962 DLT_CHOICE(DLT_EN10MB, "Ethernet"), 963 DLT_CHOICE(DLT_IEEE802, "Token ring"), 964 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"), 965 DLT_CHOICE(DLT_SLIP, "SLIP"), 966 DLT_CHOICE(DLT_PPP, "PPP"), 967 DLT_CHOICE(DLT_FDDI, "FDDI"), 968 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 969 DLT_CHOICE(DLT_RAW, "Raw IP"), 970 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), 971 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), 972 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), 973 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), 974 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), 975 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"), 976 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), 977 DLT_CHOICE(DLT_IEEE802_11, "802.11"), 978 DLT_CHOICE(DLT_FRELAY, "Frame Relay"), 979 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), 980 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), 981 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), 982 DLT_CHOICE(DLT_LTALK, "Localtalk"), 983 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"), 984 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"), 985 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), 986 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 987 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), 988 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"), 989 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), 990 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 991 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 992 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"), 993 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"), 994 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 995 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"), 996 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 997 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"), 998 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 999 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 1000 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"), 1001 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"), 1002 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"), 1003 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"), 1004 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), 1005 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 1006 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 1007 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"), 1008 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"), 1009 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 1010 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"), 1011 DLT_CHOICE(DLT_GPF_T, "GPF-T"), 1012 DLT_CHOICE(DLT_GPF_F, "GPF-F"), 1013 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"), 1014 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"), 1015 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"), 1016 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"), 1017 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"), 1018 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"), 1019 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"), 1020 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"), 1021 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"), 1022 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"), 1023 DLT_CHOICE(DLT_A429, "Arinc 429"), 1024 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"), 1025 DLT_CHOICE(DLT_USB, "USB"), 1026 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 1027 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 1028 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"), 1029 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"), 1030 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 1031 DLT_CHOICE(DLT_PPI, "Per-Packet Information"), 1032 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 1033 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"), 1034 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"), 1035 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"), 1036 DLT_CHOICE(DLT_ERF, "Endace ERF header"), 1037 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"), 1038 DLT_CHOICE(DLT_IPMB, "IPMB"), 1039 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"), 1040 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 1041 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"), 1042 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 1043 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"), 1044 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"), 1045 DLT_CHOICE(DLT_DECT, "DECT"), 1046 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"), 1047 DLT_CHOICE(DLT_WIHART, "Wireless HART"), 1048 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"), 1049 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 1050 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"), 1051 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 1052 DLT_CHOICE(DLT_IPV4, "Raw IPv4"), 1053 DLT_CHOICE(DLT_IPV6, "Raw IPv6"), 1054 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 1055 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"), 1056 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"), 1057 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 1058 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"), 1059 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 1060 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"), 1061 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 1062 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 1063 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"), 1064 DLT_CHOICE_SENTINEL 1065}; 1066 1067int 1068pcap_datalink_name_to_val(const char *name) 1069{ 1070 int i; 1071 1072 for (i = 0; dlt_choices[i].name != NULL; i++) { 1073 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, 1074 name) == 0) 1075 return (dlt_choices[i].dlt); 1076 } 1077 return (-1); 1078} 1079 1080const char * 1081pcap_datalink_val_to_name(int dlt) 1082{ 1083 int i; 1084 1085 for (i = 0; dlt_choices[i].name != NULL; i++) { 1086 if (dlt_choices[i].dlt == dlt) 1087 return (dlt_choices[i].name + sizeof("DLT_") - 1); 1088 } 1089 return (NULL); 1090} 1091 1092const char * 1093pcap_datalink_val_to_description(int dlt) 1094{ 1095 int i; 1096 1097 for (i = 0; dlt_choices[i].name != NULL; i++) { 1098 if (dlt_choices[i].dlt == dlt) 1099 return (dlt_choices[i].description); 1100 } 1101 return (NULL); 1102} 1103 1104struct tstamp_type_choice { 1105 const char *name; 1106 const char *description; 1107 int type; 1108}; 1109 1110static struct tstamp_type_choice tstamp_type_choices[] = { 1111 { "host", "Host", PCAP_TSTAMP_HOST }, 1112 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 1113 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 1114 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 1115 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 1116 { NULL, NULL, 0 } 1117}; 1118 1119int 1120pcap_tstamp_type_name_to_val(const char *name) 1121{ 1122 int i; 1123 1124 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1125 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 1126 return (tstamp_type_choices[i].type); 1127 } 1128 return (PCAP_ERROR); 1129} 1130 1131const char * 1132pcap_tstamp_type_val_to_name(int tstamp_type) 1133{ 1134 int i; 1135 1136 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1137 if (tstamp_type_choices[i].type == tstamp_type) 1138 return (tstamp_type_choices[i].name); 1139 } 1140 return (NULL); 1141} 1142 1143const char * 1144pcap_tstamp_type_val_to_description(int tstamp_type) 1145{ 1146 int i; 1147 1148 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1149 if (tstamp_type_choices[i].type == tstamp_type) 1150 return (tstamp_type_choices[i].description); 1151 } 1152 return (NULL); 1153} 1154 1155int 1156pcap_snapshot(pcap_t *p) 1157{ 1158 return (p->snapshot); 1159} 1160 1161int 1162pcap_is_swapped(pcap_t *p) 1163{ 1164 return (p->sf.swapped); 1165} 1166 1167int 1168pcap_major_version(pcap_t *p) 1169{ 1170 return (p->sf.version_major); 1171} 1172 1173int 1174pcap_minor_version(pcap_t *p) 1175{ 1176 return (p->sf.version_minor); 1177} 1178 1179FILE * 1180pcap_file(pcap_t *p) 1181{ 1182 return (p->sf.rfile); 1183} 1184 1185int 1186pcap_fileno(pcap_t *p) 1187{ 1188#ifndef WIN32 1189 return (p->fd); 1190#else 1191 if (p->adapter != NULL) 1192 return ((int)(DWORD)p->adapter->hFile); 1193 else 1194 return (-1); 1195#endif 1196} 1197 1198#if !defined(WIN32) && !defined(MSDOS) 1199int 1200pcap_get_selectable_fd(pcap_t *p) 1201{ 1202 return (p->selectable_fd); 1203} 1204#endif 1205 1206void 1207pcap_perror(pcap_t *p, char *prefix) 1208{ 1209 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1210} 1211 1212char * 1213pcap_geterr(pcap_t *p) 1214{ 1215 return (p->errbuf); 1216} 1217 1218int 1219pcap_getnonblock(pcap_t *p, char *errbuf) 1220{ 1221 int ret; 1222 1223 ret = p->getnonblock_op(p, errbuf); 1224 if (ret == -1) { 1225 /* 1226 * In case somebody depended on the bug wherein 1227 * the error message was put into p->errbuf 1228 * by pcap_getnonblock_fd(). 1229 */ 1230 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1231 } 1232 return (ret); 1233} 1234 1235/* 1236 * Get the current non-blocking mode setting, under the assumption that 1237 * it's just the standard POSIX non-blocking flag. 1238 * 1239 * We don't look at "p->nonblock", in case somebody tweaked the FD 1240 * directly. 1241 */ 1242#if !defined(WIN32) && !defined(MSDOS) 1243int 1244pcap_getnonblock_fd(pcap_t *p, char *errbuf) 1245{ 1246 int fdflags; 1247 1248 fdflags = fcntl(p->fd, F_GETFL, 0); 1249 if (fdflags == -1) { 1250 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1251 pcap_strerror(errno)); 1252 return (-1); 1253 } 1254 if (fdflags & O_NONBLOCK) 1255 return (1); 1256 else 1257 return (0); 1258} 1259#endif 1260 1261int 1262pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 1263{ 1264 int ret; 1265 1266 ret = p->setnonblock_op(p, nonblock, errbuf); 1267 if (ret == -1) { 1268 /* 1269 * In case somebody depended on the bug wherein 1270 * the error message was put into p->errbuf 1271 * by pcap_setnonblock_fd(). 1272 */ 1273 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1274 } 1275 return (ret); 1276} 1277 1278#if !defined(WIN32) && !defined(MSDOS) 1279/* 1280 * Set non-blocking mode, under the assumption that it's just the 1281 * standard POSIX non-blocking flag. (This can be called by the 1282 * per-platform non-blocking-mode routine if that routine also 1283 * needs to do some additional work.) 1284 */ 1285int 1286pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf) 1287{ 1288 int fdflags; 1289 1290 fdflags = fcntl(p->fd, F_GETFL, 0); 1291 if (fdflags == -1) { 1292 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1293 pcap_strerror(errno)); 1294 return (-1); 1295 } 1296 if (nonblock) 1297 fdflags |= O_NONBLOCK; 1298 else 1299 fdflags &= ~O_NONBLOCK; 1300 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1301 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1302 pcap_strerror(errno)); 1303 return (-1); 1304 } 1305 return (0); 1306} 1307#endif 1308 1309#ifdef WIN32 1310/* 1311 * Generate a string for the last Win32-specific error (i.e. an error generated when 1312 * calling a Win32 API). 1313 * For errors occurred during standard C calls, we still use pcap_strerror() 1314 */ 1315char * 1316pcap_win32strerror(void) 1317{ 1318 DWORD error; 1319 static char errbuf[PCAP_ERRBUF_SIZE+1]; 1320 int errlen; 1321 char *p; 1322 1323 error = GetLastError(); 1324 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1325 PCAP_ERRBUF_SIZE, NULL); 1326 1327 /* 1328 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1329 * message. Get rid of it. 1330 */ 1331 errlen = strlen(errbuf); 1332 if (errlen >= 2) { 1333 errbuf[errlen - 1] = '\0'; 1334 errbuf[errlen - 2] = '\0'; 1335 } 1336 p = strchr(errbuf, '\0'); 1337 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error); 1338 return (errbuf); 1339} 1340#endif 1341 1342/* 1343 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1344 */ 1345const char * 1346pcap_statustostr(int errnum) 1347{ 1348 static char ebuf[15+10+1]; 1349 1350 switch (errnum) { 1351 1352 case PCAP_WARNING: 1353 return("Generic warning"); 1354 1355 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1356 return ("That type of time stamp is not supported by that device"); 1357 1358 case PCAP_WARNING_PROMISC_NOTSUP: 1359 return ("That device doesn't support promiscuous mode"); 1360 1361 case PCAP_ERROR: 1362 return("Generic error"); 1363 1364 case PCAP_ERROR_BREAK: 1365 return("Loop terminated by pcap_breakloop"); 1366 1367 case PCAP_ERROR_NOT_ACTIVATED: 1368 return("The pcap_t has not been activated"); 1369 1370 case PCAP_ERROR_ACTIVATED: 1371 return ("The setting can't be changed after the pcap_t is activated"); 1372 1373 case PCAP_ERROR_NO_SUCH_DEVICE: 1374 return ("No such device exists"); 1375 1376 case PCAP_ERROR_RFMON_NOTSUP: 1377 return ("That device doesn't support monitor mode"); 1378 1379 case PCAP_ERROR_NOT_RFMON: 1380 return ("That operation is supported only in monitor mode"); 1381 1382 case PCAP_ERROR_PERM_DENIED: 1383 return ("You don't have permission to capture on that device"); 1384 1385 case PCAP_ERROR_IFACE_NOT_UP: 1386 return ("That device is not up"); 1387 1388 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1389 return ("That device doesn't support setting the time stamp type"); 1390 1391 case PCAP_ERROR_PROMISC_PERM_DENIED: 1392 return ("You don't have permission to capture in promiscuous mode on that device"); 1393 } 1394 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1395 return(ebuf); 1396} 1397 1398/* 1399 * Not all systems have strerror(). 1400 */ 1401const char * 1402pcap_strerror(int errnum) 1403{ 1404#ifdef HAVE_STRERROR 1405 return (strerror(errnum)); 1406#else 1407 extern int sys_nerr; 1408 extern const char *const sys_errlist[]; 1409 static char ebuf[15+10+1]; 1410 1411 if ((unsigned int)errnum < sys_nerr) 1412 return ((char *)sys_errlist[errnum]); 1413 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1414 return(ebuf); 1415#endif 1416} 1417 1418int 1419pcap_setfilter(pcap_t *p, struct bpf_program *fp) 1420{ 1421 return (p->setfilter_op(p, fp)); 1422} 1423 1424/* 1425 * Set direction flag, which controls whether we accept only incoming 1426 * packets, only outgoing packets, or both. 1427 * Note that, depending on the platform, some or all direction arguments 1428 * might not be supported. 1429 */ 1430int 1431pcap_setdirection(pcap_t *p, pcap_direction_t d) 1432{ 1433 if (p->setdirection_op == NULL) { 1434 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1435 "Setting direction is not implemented on this platform"); 1436 return (-1); 1437 } else 1438 return (p->setdirection_op(p, d)); 1439} 1440 1441int 1442pcap_stats(pcap_t *p, struct pcap_stat *ps) 1443{ 1444 return (p->stats_op(p, ps)); 1445} 1446 1447static int 1448pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 1449{ 1450 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1451 "Statistics aren't available from a pcap_open_dead pcap_t"); 1452 return (-1); 1453} 1454 1455#ifdef WIN32 1456int 1457pcap_setbuff(pcap_t *p, int dim) 1458{ 1459 return (p->setbuff_op(p, dim)); 1460} 1461 1462static int 1463pcap_setbuff_dead(pcap_t *p, int dim) 1464{ 1465 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1466 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1467 return (-1); 1468} 1469 1470int 1471pcap_setmode(pcap_t *p, int mode) 1472{ 1473 return (p->setmode_op(p, mode)); 1474} 1475 1476static int 1477pcap_setmode_dead(pcap_t *p, int mode) 1478{ 1479 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1480 "impossible to set mode on a pcap_open_dead pcap_t"); 1481 return (-1); 1482} 1483 1484int 1485pcap_setmintocopy(pcap_t *p, int size) 1486{ 1487 return (p->setmintocopy_op(p, size)); 1488} 1489 1490static int 1491pcap_setmintocopy_dead(pcap_t *p, int size) 1492{ 1493 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1494 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1495 return (-1); 1496} 1497#endif 1498 1499/* 1500 * On some platforms, we need to clean up promiscuous or monitor mode 1501 * when we close a device - and we want that to happen even if the 1502 * application just exits without explicitl closing devices. 1503 * On those platforms, we need to register a "close all the pcaps" 1504 * routine to be called when we exit, and need to maintain a list of 1505 * pcaps that need to be closed to clean up modes. 1506 * 1507 * XXX - not thread-safe. 1508 */ 1509 1510/* 1511 * List of pcaps on which we've done something that needs to be 1512 * cleaned up. 1513 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1514 * when we exit, and have it close all of them. 1515 */ 1516static struct pcap *pcaps_to_close; 1517 1518/* 1519 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1520 * be called on exit. 1521 */ 1522static int did_atexit; 1523 1524static void 1525pcap_close_all(void) 1526{ 1527 struct pcap *handle; 1528 1529 while ((handle = pcaps_to_close) != NULL) 1530 pcap_close(handle); 1531} 1532 1533int 1534pcap_do_addexit(pcap_t *p) 1535{ 1536 /* 1537 * If we haven't already done so, arrange to have 1538 * "pcap_close_all()" called when we exit. 1539 */ 1540 if (!did_atexit) { 1541 if (atexit(pcap_close_all) == -1) { 1542 /* 1543 * "atexit()" failed; let our caller know. 1544 */ 1545 strncpy(p->errbuf, "atexit failed", 1546 PCAP_ERRBUF_SIZE); 1547 return (0); 1548 } 1549 did_atexit = 1; 1550 } 1551 return (1); 1552} 1553 1554void 1555pcap_add_to_pcaps_to_close(pcap_t *p) 1556{ 1557 p->md.next = pcaps_to_close; 1558 pcaps_to_close = p; 1559} 1560 1561void 1562pcap_remove_from_pcaps_to_close(pcap_t *p) 1563{ 1564 pcap_t *pc, *prevpc; 1565 1566 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1567 prevpc = pc, pc = pc->md.next) { 1568 if (pc == p) { 1569 /* 1570 * Found it. Remove it from the list. 1571 */ 1572 if (prevpc == NULL) { 1573 /* 1574 * It was at the head of the list. 1575 */ 1576 pcaps_to_close = pc->md.next; 1577 } else { 1578 /* 1579 * It was in the middle of the list. 1580 */ 1581 prevpc->md.next = pc->md.next; 1582 } 1583 break; 1584 } 1585 } 1586} 1587 1588void 1589pcap_cleanup_live_common(pcap_t *p) 1590{ 1591 if (p->buffer != NULL) { 1592 free(p->buffer); 1593 p->buffer = NULL; 1594 } 1595 if (p->dlt_list != NULL) { 1596 free(p->dlt_list); 1597 p->dlt_list = NULL; 1598 p->dlt_count = 0; 1599 } 1600 if (p->tstamp_type_list != NULL) { 1601 free(p->tstamp_type_list); 1602 p->tstamp_type_list = NULL; 1603 p->tstamp_type_count = 0; 1604 } 1605 pcap_freecode(&p->fcode); 1606#if !defined(WIN32) && !defined(MSDOS) 1607 if (p->fd >= 0) { 1608 close(p->fd); 1609 p->fd = -1; 1610 } 1611 p->selectable_fd = -1; 1612 p->send_fd = -1; 1613#endif 1614} 1615 1616static void 1617pcap_cleanup_dead(pcap_t *p _U_) 1618{ 1619 /* Nothing to do. */ 1620} 1621 1622pcap_t * 1623pcap_open_dead(int linktype, int snaplen) 1624{ 1625 pcap_t *p; 1626 1627 p = malloc(sizeof(*p)); 1628 if (p == NULL) 1629 return NULL; 1630 memset (p, 0, sizeof(*p)); 1631 p->snapshot = snaplen; 1632 p->linktype = linktype; 1633 p->stats_op = pcap_stats_dead; 1634#ifdef WIN32 1635 p->setbuff_op = pcap_setbuff_dead; 1636 p->setmode_op = pcap_setmode_dead; 1637 p->setmintocopy_op = pcap_setmintocopy_dead; 1638#endif 1639 p->cleanup_op = pcap_cleanup_dead; 1640 p->activated = 1; 1641 return (p); 1642} 1643 1644/* 1645 * API compatible with WinPcap's "send a packet" routine - returns -1 1646 * on error, 0 otherwise. 1647 * 1648 * XXX - what if we get a short write? 1649 */ 1650int 1651pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 1652{ 1653 if (p->inject_op(p, buf, size) == -1) 1654 return (-1); 1655 return (0); 1656} 1657 1658/* 1659 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 1660 * error, number of bytes written otherwise. 1661 */ 1662int 1663pcap_inject(pcap_t *p, const void *buf, size_t size) 1664{ 1665 return (p->inject_op(p, buf, size)); 1666} 1667 1668void 1669pcap_close(pcap_t *p) 1670{ 1671 if (p->opt.source != NULL) 1672 free(p->opt.source); 1673 p->cleanup_op(p); 1674 free(p); 1675} 1676 1677/* 1678 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 1679 * data for the packet, check whether the packet passes the filter. 1680 * Returns the return value of the filter program, which will be zero if 1681 * the packet doesn't pass and non-zero if the packet does pass. 1682 */ 1683int 1684pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 1685 const u_char *pkt) 1686{ 1687 const struct bpf_insn *fcode = fp->bf_insns; 1688 1689 if (fcode != NULL) 1690 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 1691 else 1692 return (0); 1693} 1694 1695/* 1696 * We make the version string static, and return a pointer to it, rather 1697 * than exporting the version string directly. On at least some UNIXes, 1698 * if you import data from a shared library into an program, the data is 1699 * bound into the program binary, so if the string in the version of the 1700 * library with which the program was linked isn't the same as the 1701 * string in the version of the library with which the program is being 1702 * run, various undesirable things may happen (warnings, the string 1703 * being the one from the version of the library with which the program 1704 * was linked, or even weirder things, such as the string being the one 1705 * from the library but being truncated). 1706 */ 1707#ifdef HAVE_VERSION_H 1708#include "version.h" 1709#else 1710static const char pcap_version_string[] = "libpcap version 1.x.y"; 1711#endif 1712 1713#ifdef WIN32 1714/* 1715 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap 1716 * version numbers when building WinPcap. (It'd be nice to do so for 1717 * the packet.dll version number as well.) 1718 */ 1719static const char wpcap_version_string[] = "4.0"; 1720static const char pcap_version_string_fmt[] = 1721 "WinPcap version %s, based on %s"; 1722static const char pcap_version_string_packet_dll_fmt[] = 1723 "WinPcap version %s (packet.dll version %s), based on %s"; 1724static char *full_pcap_version_string; 1725 1726const char * 1727pcap_lib_version(void) 1728{ 1729 char *packet_version_string; 1730 size_t full_pcap_version_string_len; 1731 1732 if (full_pcap_version_string == NULL) { 1733 /* 1734 * Generate the version string. 1735 */ 1736 packet_version_string = PacketGetVersion(); 1737 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 1738 /* 1739 * WinPcap version string and packet.dll version 1740 * string are the same; just report the WinPcap 1741 * version. 1742 */ 1743 full_pcap_version_string_len = 1744 (sizeof pcap_version_string_fmt - 4) + 1745 strlen(wpcap_version_string) + 1746 strlen(pcap_version_string); 1747 full_pcap_version_string = 1748 malloc(full_pcap_version_string_len); 1749 sprintf(full_pcap_version_string, 1750 pcap_version_string_fmt, wpcap_version_string, 1751 pcap_version_string); 1752 } else { 1753 /* 1754 * WinPcap version string and packet.dll version 1755 * string are different; that shouldn't be the 1756 * case (the two libraries should come from the 1757 * same version of WinPcap), so we report both 1758 * versions. 1759 */ 1760 full_pcap_version_string_len = 1761 (sizeof pcap_version_string_packet_dll_fmt - 6) + 1762 strlen(wpcap_version_string) + 1763 strlen(packet_version_string) + 1764 strlen(pcap_version_string); 1765 full_pcap_version_string = malloc(full_pcap_version_string_len); 1766 1767 sprintf(full_pcap_version_string, 1768 pcap_version_string_packet_dll_fmt, 1769 wpcap_version_string, packet_version_string, 1770 pcap_version_string); 1771 } 1772 } 1773 return (full_pcap_version_string); 1774} 1775 1776#elif defined(MSDOS) 1777 1778static char *full_pcap_version_string; 1779 1780const char * 1781pcap_lib_version (void) 1782{ 1783 char *packet_version_string; 1784 size_t full_pcap_version_string_len; 1785 static char dospfx[] = "DOS-"; 1786 1787 if (full_pcap_version_string == NULL) { 1788 /* 1789 * Generate the version string. 1790 */ 1791 full_pcap_version_string_len = 1792 sizeof dospfx + strlen(pcap_version_string); 1793 full_pcap_version_string = 1794 malloc(full_pcap_version_string_len); 1795 strcpy(full_pcap_version_string, dospfx); 1796 strcat(full_pcap_version_string, pcap_version_string); 1797 } 1798 return (full_pcap_version_string); 1799} 1800 1801#else /* UN*X */ 1802 1803const char * 1804pcap_lib_version(void) 1805{ 1806 return (pcap_version_string); 1807} 1808#endif 1809