1/* 2 * Copyright (c) 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifndef pcap_int_h 35#define pcap_int_h 36 37#include <stddef.h> 38 39#include <signal.h> 40 41#include <pcap/pcap.h> 42 43#ifdef MSDOS 44 #include <fcntl.h> 45 #include <io.h> 46#endif 47 48#include "varattrs.h" 49#include "fmtutils.h" 50 51#include <stdarg.h> 52 53#include "portability.h" 54 55/* 56 * If we're compiling with Visual Studio, make sure we have at least 57 * VS 2015 or later, so we have sufficient C99 support. 58 * 59 * XXX - verify that we have at least C99 support on UN*Xes? 60 * 61 * What about MinGW or various DOS toolchains? We're currently assuming 62 * sufficient C99 support there. 63 */ 64#if defined(_MSC_VER) 65 /* 66 * Compiler is MSVC. Make sure we have VS 2015 or later. 67 */ 68 #if _MSC_VER < 1900 69 #error "Building libpcap requires VS 2015 or later" 70 #endif 71#endif 72 73/* 74 * Version string. 75 * Uses PACKAGE_VERSION from config.h. 76 */ 77#define PCAP_VERSION_STRING "libpcap version " PACKAGE_VERSION 78 79#ifdef __cplusplus 80extern "C" { 81#endif 82 83/* 84 * If pcap_new_api is set, we disable pcap_lookupdev(), because: 85 * 86 * it's not thread-safe, and is marked as deprecated, on all 87 * platforms; 88 * 89 * on Windows, it may return UTF-16LE strings, which the program 90 * might then pass to pcap_create() (or to pcap_open_live(), which 91 * then passes them to pcap_create()), requiring pcap_create() to 92 * check for UTF-16LE strings using a hack, and that hack 1) 93 * *cannot* be 100% reliable and 2) runs the risk of going past the 94 * end of the string. 95 * 96 * We keep it around in legacy mode for compatibility. 97 * 98 * We also disable the aforementioned hack in pcap_create(). 99 */ 100extern int pcap_new_api; 101 102/* 103 * If pcap_utf_8_mode is set, on Windows we treat strings as UTF-8. 104 * 105 * On UN*Xes, we assume all strings are and should be in UTF-8, regardless 106 * of the setting of this flag. 107 */ 108extern int pcap_utf_8_mode; 109 110/* 111 * Swap byte ordering of unsigned long long timestamp on a big endian 112 * machine. 113 */ 114#define SWAPLL(ull) ((ull & 0xff00000000000000ULL) >> 56) | \ 115 ((ull & 0x00ff000000000000ULL) >> 40) | \ 116 ((ull & 0x0000ff0000000000ULL) >> 24) | \ 117 ((ull & 0x000000ff00000000ULL) >> 8) | \ 118 ((ull & 0x00000000ff000000ULL) << 8) | \ 119 ((ull & 0x0000000000ff0000ULL) << 24) | \ 120 ((ull & 0x000000000000ff00ULL) << 40) | \ 121 ((ull & 0x00000000000000ffULL) << 56) 122 123/* 124 * Maximum snapshot length. 125 * 126 * Somewhat arbitrary, but chosen to be: 127 * 128 * 1) big enough for maximum-size Linux loopback packets (65549) 129 * and some USB packets captured with USBPcap: 130 * 131 * https://desowin.org/usbpcap/ 132 * 133 * (> 131072, < 262144) 134 * 135 * and 136 * 137 * 2) small enough not to cause attempts to allocate huge amounts of 138 * memory; some applications might use the snapshot length in a 139 * savefile header to control the size of the buffer they allocate, 140 * so a size of, say, 2^31-1 might not work well. (libpcap uses it 141 * as a hint, but doesn't start out allocating a buffer bigger than 142 * 2 KiB, and grows the buffer as necessary, but not beyond the 143 * per-linktype maximum snapshot length. Other code might naively 144 * use it; we want to avoid writing a too-large snapshot length, 145 * in order not to cause that code problems.) 146 * 147 * We don't enforce this in pcap_set_snaplen(), but we use it internally. 148 */ 149#define MAXIMUM_SNAPLEN 262144 150 151/* 152 * Locale-independent macros for testing character types. 153 * These can be passed any integral value, without worrying about, for 154 * example, sign-extending char values, unlike the C macros. 155 */ 156#define PCAP_ISDIGIT(c) \ 157 ((c) >= '0' && (c) <= '9') 158#define PCAP_ISXDIGIT(c) \ 159 (((c) >= '0' && (c) <= '9') || \ 160 ((c) >= 'A' && (c) <= 'F') || \ 161 ((c) >= 'a' && (c) <= 'f')) 162 163struct pcap_opt { 164 char *device; 165 int timeout; /* timeout for buffering */ 166 u_int buffer_size; 167 int promisc; 168 int rfmon; /* monitor mode */ 169 int immediate; /* immediate mode - deliver packets as soon as they arrive */ 170 int nonblock; /* non-blocking mode - don't wait for packets to be delivered, return "no packets available" */ 171 int tstamp_type; 172 int tstamp_precision; 173 174 /* 175 * Platform-dependent options. 176 */ 177#ifdef __linux__ 178 int protocol; /* protocol to use when creating PF_PACKET socket */ 179#endif 180#ifdef _WIN32 181 int nocapture_local;/* disable NPF loopback */ 182#endif 183}; 184 185typedef int (*activate_op_t)(pcap_t *); 186typedef int (*can_set_rfmon_op_t)(pcap_t *); 187typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *); 188typedef int (*next_packet_op_t)(pcap_t *, struct pcap_pkthdr *, u_char **); 189typedef int (*inject_op_t)(pcap_t *, const void *, int); 190typedef void (*save_current_filter_op_t)(pcap_t *, const char *); 191typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); 192typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t); 193typedef int (*set_datalink_op_t)(pcap_t *, int); 194typedef int (*getnonblock_op_t)(pcap_t *); 195typedef int (*setnonblock_op_t)(pcap_t *, int); 196typedef int (*stats_op_t)(pcap_t *, struct pcap_stat *); 197typedef void (*breakloop_op_t)(pcap_t *); 198#ifdef _WIN32 199typedef struct pcap_stat *(*stats_ex_op_t)(pcap_t *, int *); 200typedef int (*setbuff_op_t)(pcap_t *, int); 201typedef int (*setmode_op_t)(pcap_t *, int); 202typedef int (*setmintocopy_op_t)(pcap_t *, int); 203typedef HANDLE (*getevent_op_t)(pcap_t *); 204typedef int (*oid_get_request_op_t)(pcap_t *, bpf_u_int32, void *, size_t *); 205typedef int (*oid_set_request_op_t)(pcap_t *, bpf_u_int32, const void *, size_t *); 206typedef u_int (*sendqueue_transmit_op_t)(pcap_t *, pcap_send_queue *, int); 207typedef int (*setuserbuffer_op_t)(pcap_t *, int); 208typedef int (*live_dump_op_t)(pcap_t *, char *, int, int); 209typedef int (*live_dump_ended_op_t)(pcap_t *, int); 210typedef PAirpcapHandle (*get_airpcap_handle_op_t)(pcap_t *); 211#endif 212typedef void (*cleanup_op_t)(pcap_t *); 213 214/* 215 * We put all the stuff used in the read code path at the beginning, 216 * to try to keep it together in the same cache line or lines. 217 */ 218struct pcap { 219 /* 220 * Method to call to read packets on a live capture. 221 */ 222 read_op_t read_op; 223 224 /* 225 * Method to call to read the next packet from a savefile. 226 */ 227 next_packet_op_t next_packet_op; 228 229#ifdef _WIN32 230 HANDLE handle; 231#else 232 int fd; 233#endif /* _WIN32 */ 234 235 /* 236 * Read buffer. 237 */ 238 u_int bufsize; 239 void *buffer; 240 u_char *bp; 241 int cc; 242 243 sig_atomic_t break_loop; /* flag set to force break from packet-reading loop */ 244 245 void *priv; /* private data for methods */ 246 247#ifdef ENABLE_REMOTE 248 struct pcap_samp rmt_samp; /* parameters related to the sampling process. */ 249#endif 250 251 int swapped; 252 FILE *rfile; /* null if live capture, non-null if savefile */ 253 u_int fddipad; 254 struct pcap *next; /* list of open pcaps that need stuff cleared on close */ 255 256 /* 257 * File version number; meaningful only for a savefile, but we 258 * keep it here so that apps that (mistakenly) ask for the 259 * version numbers will get the same zero values that they 260 * always did. 261 */ 262 int version_major; 263 int version_minor; 264 265 int snapshot; 266 int linktype; /* Network linktype */ 267 int linktype_ext; /* Extended information stored in the linktype field of a file */ 268 int offset; /* offset for proper alignment */ 269 int activated; /* true if the capture is really started */ 270 int oldstyle; /* if we're opening with pcap_open_live() */ 271 272 struct pcap_opt opt; 273 274 /* 275 * Place holder for pcap_next(). 276 */ 277 u_char *pkt; 278 279#ifdef _WIN32 280 struct pcap_stat stat; /* used for pcap_stats_ex() */ 281#endif 282 283 /* We're accepting only packets in this direction/these directions. */ 284 pcap_direction_t direction; 285 286 /* 287 * Flags to affect BPF code generation. 288 */ 289 int bpf_codegen_flags; 290 291#if !defined(_WIN32) && !defined(MSDOS) 292 int selectable_fd; /* FD on which select()/poll()/epoll_wait()/kevent()/etc. can be done */ 293 294 /* 295 * In case there either is no selectable FD, or there is but 296 * it doesn't necessarily work (e.g., if it doesn't get notified 297 * if the packet capture timeout expires before the buffer 298 * fills up), this points to a timeout that should be used 299 * in select()/poll()/epoll_wait()/kevent() call. The pcap_t should 300 * be put into non-blocking mode, and, if the timeout expires on 301 * the call, an attempt should be made to read packets from all 302 * pcap_t's with a required timeout, and the code must be 303 * prepared not to see any packets from the attempt. 304 */ 305 const struct timeval *required_select_timeout; 306#endif 307 308 /* 309 * Placeholder for filter code if bpf not in kernel. 310 */ 311 struct bpf_program fcode; 312 313 char errbuf[PCAP_ERRBUF_SIZE + 1]; 314#ifdef _WIN32 315 char acp_errbuf[PCAP_ERRBUF_SIZE + 1]; /* buffer for local code page error strings */ 316#endif 317 int dlt_count; 318 u_int *dlt_list; 319 int tstamp_type_count; 320 u_int *tstamp_type_list; 321 int tstamp_precision_count; 322 u_int *tstamp_precision_list; 323 324 struct pcap_pkthdr pcap_header; /* This is needed for the pcap_next_ex() to work */ 325 326 /* 327 * More methods. 328 */ 329 activate_op_t activate_op; 330 can_set_rfmon_op_t can_set_rfmon_op; 331 inject_op_t inject_op; 332 save_current_filter_op_t save_current_filter_op; 333 setfilter_op_t setfilter_op; 334 setdirection_op_t setdirection_op; 335 set_datalink_op_t set_datalink_op; 336 getnonblock_op_t getnonblock_op; 337 setnonblock_op_t setnonblock_op; 338 stats_op_t stats_op; 339 breakloop_op_t breakloop_op; 340 341 /* 342 * Routine to use as callback for pcap_next()/pcap_next_ex(). 343 */ 344 pcap_handler oneshot_callback; 345 346#ifdef _WIN32 347 /* 348 * These are, at least currently, specific to the Win32 NPF 349 * driver. 350 */ 351 stats_ex_op_t stats_ex_op; 352 setbuff_op_t setbuff_op; 353 setmode_op_t setmode_op; 354 setmintocopy_op_t setmintocopy_op; 355 getevent_op_t getevent_op; 356 oid_get_request_op_t oid_get_request_op; 357 oid_set_request_op_t oid_set_request_op; 358 sendqueue_transmit_op_t sendqueue_transmit_op; 359 setuserbuffer_op_t setuserbuffer_op; 360 live_dump_op_t live_dump_op; 361 live_dump_ended_op_t live_dump_ended_op; 362 get_airpcap_handle_op_t get_airpcap_handle_op; 363#endif 364 cleanup_op_t cleanup_op; 365}; 366 367/* 368 * BPF code generation flags. 369 */ 370#define BPF_SPECIAL_VLAN_HANDLING 0x00000001 /* special VLAN handling for Linux */ 371 372/* 373 * This is a timeval as stored in a savefile. 374 * It has to use the same types everywhere, independent of the actual 375 * `struct timeval'; `struct timeval' has 32-bit tv_sec values on some 376 * platforms and 64-bit tv_sec values on other platforms, and writing 377 * out native `struct timeval' values would mean files could only be 378 * read on systems with the same tv_sec size as the system on which 379 * the file was written. 380 */ 381 382struct pcap_timeval { 383 bpf_int32 tv_sec; /* seconds */ 384 bpf_int32 tv_usec; /* microseconds */ 385}; 386 387/* 388 * This is a `pcap_pkthdr' as actually stored in a savefile. 389 * 390 * Do not change the format of this structure, in any way (this includes 391 * changes that only affect the length of fields in this structure), 392 * and do not make the time stamp anything other than seconds and 393 * microseconds (e.g., seconds and nanoseconds). Instead: 394 * 395 * introduce a new structure for the new format; 396 * 397 * send mail to "tcpdump-workers@lists.tcpdump.org", requesting 398 * a new magic number for your new capture file format, and, when 399 * you get the new magic number, put it in "savefile.c"; 400 * 401 * use that magic number for save files with the changed record 402 * header; 403 * 404 * make the code in "savefile.c" capable of reading files with 405 * the old record header as well as files with the new record header 406 * (using the magic number to determine the header format). 407 * 408 * Then supply the changes by forking the branch at 409 * 410 * https://github.com/the-tcpdump-group/libpcap/tree/master 411 * 412 * and issuing a pull request, so that future versions of libpcap and 413 * programs that use it (such as tcpdump) will be able to read your new 414 * capture file format. 415 */ 416 417struct pcap_sf_pkthdr { 418 struct pcap_timeval ts; /* time stamp */ 419 bpf_u_int32 caplen; /* length of portion present */ 420 bpf_u_int32 len; /* length of this packet (off wire) */ 421}; 422 423/* 424 * How a `pcap_pkthdr' is actually stored in savefiles written 425 * by some patched versions of libpcap (e.g. the ones in Red 426 * Hat Linux 6.1 and 6.2). 427 * 428 * Do not change the format of this structure, in any way (this includes 429 * changes that only affect the length of fields in this structure). 430 * Instead, introduce a new structure, as per the above. 431 */ 432 433struct pcap_sf_patched_pkthdr { 434 struct pcap_timeval ts; /* time stamp */ 435 bpf_u_int32 caplen; /* length of portion present */ 436 bpf_u_int32 len; /* length of this packet (off wire) */ 437 int index; 438 unsigned short protocol; 439 unsigned char pkt_type; 440}; 441 442/* 443 * User data structure for the one-shot callback used for pcap_next() 444 * and pcap_next_ex(). 445 */ 446struct oneshot_userdata { 447 struct pcap_pkthdr *hdr; 448 const u_char **pkt; 449 pcap_t *pd; 450}; 451 452#ifndef min 453#define min(a, b) ((a) > (b) ? (b) : (a)) 454#endif 455 456int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); 457 458/* 459 * Does the packet count argument to a module's read routine say 460 * "supply packets until you run out of packets"? 461 */ 462#define PACKET_COUNT_IS_UNLIMITED(count) ((count) <= 0) 463 464/* 465 * Routines that most pcap implementations can use for non-blocking mode. 466 */ 467#if !defined(_WIN32) && !defined(MSDOS) 468int pcap_getnonblock_fd(pcap_t *); 469int pcap_setnonblock_fd(pcap_t *p, int); 470#endif 471 472/* 473 * Internal interfaces for "pcap_create()". 474 * 475 * "pcap_create_interface()" is the routine to do a pcap_create on 476 * a regular network interface. There are multiple implementations 477 * of this, one for each platform type (Linux, BPF, DLPI, etc.), 478 * with the one used chosen by the configure script. 479 * 480 * "pcap_create_common()" allocates and fills in a pcap_t, for use 481 * by pcap_create routines. 482 */ 483pcap_t *pcap_create_interface(const char *, char *); 484 485/* 486 * This wrapper takes an error buffer pointer and a type to use for the 487 * private data, and calls pcap_create_common(), passing it the error 488 * buffer pointer, the size for the private data type, in bytes, and the 489 * offset of the private data from the beginning of the structure, in 490 * bytes. 491 */ 492#define PCAP_CREATE_COMMON(ebuf, type) \ 493 pcap_create_common(ebuf, \ 494 sizeof (struct { pcap_t __common; type __private; }), \ 495 offsetof (struct { pcap_t __common; type __private; }, __private)) 496pcap_t *pcap_create_common(char *, size_t, size_t); 497int pcap_do_addexit(pcap_t *); 498void pcap_add_to_pcaps_to_close(pcap_t *); 499void pcap_remove_from_pcaps_to_close(pcap_t *); 500void pcap_cleanup_live_common(pcap_t *); 501int pcap_check_activated(pcap_t *); 502void pcap_breakloop_common(pcap_t *); 503 504/* 505 * Internal interfaces for "pcap_findalldevs()". 506 * 507 * A pcap_if_list_t * is a reference to a list of devices. 508 * 509 * A get_if_flags_func is a platform-dependent function called to get 510 * additional interface flags. 511 * 512 * "pcap_platform_finddevs()" is the platform-dependent routine to 513 * find local network interfaces. 514 * 515 * "pcap_findalldevs_interfaces()" is a helper to find those interfaces 516 * using the "standard" mechanisms (SIOCGIFCONF, "getifaddrs()", etc.). 517 * 518 * "add_dev()" adds an entry to a pcap_if_list_t. 519 * 520 * "find_dev()" tries to find a device, by name, in a pcap_if_list_t. 521 * 522 * "find_or_add_dev()" checks whether a device is already in a pcap_if_list_t 523 * and, if not, adds an entry for it. 524 */ 525struct pcap_if_list; 526typedef struct pcap_if_list pcap_if_list_t; 527typedef int (*get_if_flags_func)(const char *, bpf_u_int32 *, char *); 528int pcap_platform_finddevs(pcap_if_list_t *, char *); 529#if !defined(_WIN32) && !defined(MSDOS) 530int pcap_findalldevs_interfaces(pcap_if_list_t *, char *, 531 int (*)(const char *), get_if_flags_func); 532#endif 533pcap_if_t *find_or_add_dev(pcap_if_list_t *, const char *, bpf_u_int32, 534 get_if_flags_func, const char *, char *); 535pcap_if_t *find_dev(pcap_if_list_t *, const char *); 536pcap_if_t *add_dev(pcap_if_list_t *, const char *, bpf_u_int32, const char *, 537 char *); 538int add_addr_to_dev(pcap_if_t *, struct sockaddr *, size_t, 539 struct sockaddr *, size_t, struct sockaddr *, size_t, 540 struct sockaddr *dstaddr, size_t, char *errbuf); 541#ifndef _WIN32 542pcap_if_t *find_or_add_if(pcap_if_list_t *, const char *, bpf_u_int32, 543 get_if_flags_func, char *); 544int add_addr_to_if(pcap_if_list_t *, const char *, bpf_u_int32, 545 get_if_flags_func, 546 struct sockaddr *, size_t, struct sockaddr *, size_t, 547 struct sockaddr *, size_t, struct sockaddr *, size_t, char *); 548#endif 549 550/* 551 * Internal interfaces for "pcap_open_offline()" and other savefile 552 * I/O routines. 553 * 554 * "pcap_open_offline_common()" allocates and fills in a pcap_t, for use 555 * by pcap_open_offline routines. 556 * 557 * "pcap_adjust_snapshot()" adjusts the snapshot to be non-zero and 558 * fit within an int. 559 * 560 * "sf_cleanup()" closes the file handle associated with a pcap_t, if 561 * appropriate, and frees all data common to all modules for handling 562 * savefile types. 563 * 564 * "charset_fopen()", in UTF-8 mode on Windows, does an fopen() that 565 * treats the pathname as being in UTF-8, rather than the local 566 * code page, on Windows. 567 */ 568 569/* 570 * This wrapper takes an error buffer pointer and a type to use for the 571 * private data, and calls pcap_create_common(), passing it the error 572 * buffer pointer, the size for the private data type, in bytes, and the 573 * offset of the private data from the beginning of the structure, in 574 * bytes. 575 */ 576#define PCAP_OPEN_OFFLINE_COMMON(ebuf, type) \ 577 pcap_open_offline_common(ebuf, \ 578 sizeof (struct { pcap_t __common; type __private; }), \ 579 offsetof (struct { pcap_t __common; type __private; }, __private)) 580pcap_t *pcap_open_offline_common(char *ebuf, size_t total_size, 581 size_t private_data); 582bpf_u_int32 pcap_adjust_snapshot(bpf_u_int32 linktype, bpf_u_int32 snaplen); 583void sf_cleanup(pcap_t *p); 584#ifdef _WIN32 585FILE *charset_fopen(const char *path, const char *mode); 586#else 587/* 588 * On other OSes, just use Boring Old fopen(). 589 */ 590#define charset_fopen(path, mode) fopen((path), (mode)) 591#endif 592 593/* 594 * Internal interfaces for loading code at run time. 595 */ 596#ifdef _WIN32 597#define pcap_code_handle_t HMODULE 598#define pcap_funcptr_t FARPROC 599 600pcap_code_handle_t pcap_load_code(const char *); 601pcap_funcptr_t pcap_find_function(pcap_code_handle_t, const char *); 602#endif 603 604/* 605 * Internal interfaces for doing user-mode filtering of packets and 606 * validating filter programs. 607 */ 608/* 609 * Auxiliary data, for use when interpreting a filter intended for the 610 * Linux kernel when the kernel rejects the filter (requiring us to 611 * run it in userland). It contains VLAN tag information. 612 */ 613struct pcap_bpf_aux_data { 614 u_short vlan_tag_present; 615 u_short vlan_tag; 616}; 617 618/* 619 * Filtering routine that takes the auxiliary data as an additional 620 * argument. 621 */ 622u_int pcap_filter_with_aux_data(const struct bpf_insn *, 623 const u_char *, u_int, u_int, const struct pcap_bpf_aux_data *); 624 625/* 626 * Filtering routine that doesn't. 627 */ 628u_int pcap_filter(const struct bpf_insn *, const u_char *, u_int, u_int); 629 630/* 631 * Routine to validate a BPF program. 632 */ 633int pcap_validate_filter(const struct bpf_insn *, int); 634 635/* 636 * Internal interfaces for both "pcap_create()" and routines that 637 * open savefiles. 638 * 639 * "pcap_oneshot()" is the standard one-shot callback for "pcap_next()" 640 * and "pcap_next_ex()". 641 */ 642void pcap_oneshot(u_char *, const struct pcap_pkthdr *, const u_char *); 643 644int install_bpf_program(pcap_t *, struct bpf_program *); 645 646int pcap_strcasecmp(const char *, const char *); 647 648/* 649 * Internal interfaces for pcap_createsrcstr and pcap_parsesrcstr with 650 * the additional bit of information regarding SSL support (rpcap:// vs. 651 * rpcaps://). 652 */ 653int pcap_createsrcstr_ex(char *, int, const char *, const char *, 654 const char *, unsigned char, char *); 655int pcap_parsesrcstr_ex(const char *, int *, char *, char *, 656 char *, unsigned char *, char *); 657 658#ifdef YYDEBUG 659extern int pcap_debug; 660#endif 661 662#ifdef __cplusplus 663} 664#endif 665 666#endif 667