1 /* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include <config.h> 35 36 /* Get the same variety of strerror_r() as Autoconf/CMake has detected. */ 37 #include "ftmacros.h" 38 39 #include <pcap-types.h> 40 #ifndef _WIN32 41 #include <sys/param.h> 42 #ifndef MSDOS 43 #include <sys/file.h> 44 #endif 45 #include <sys/ioctl.h> 46 #include <sys/socket.h> 47 #ifdef HAVE_SYS_SOCKIO_H 48 #include <sys/sockio.h> 49 #endif 50 51 struct mbuf; /* Squelch compiler warnings on some platforms for */ 52 struct rtentry; /* declarations in <net/if.h> */ 53 #include <net/if.h> 54 #include <netinet/in.h> 55 #endif /* _WIN32 */ 56 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 61 #include <unistd.h> 62 #endif 63 #include <fcntl.h> 64 #include <errno.h> 65 #include <limits.h> 66 67 #include "diag-control.h" 68 69 #include "thread-local.h" 70 71 #ifdef HAVE_OS_PROTO_H 72 #include "os-proto.h" 73 #endif 74 75 #ifdef MSDOS 76 #include "pcap-dos.h" 77 #endif 78 79 #include "pcap-int.h" 80 81 #include "optimize.h" 82 83 #ifdef HAVE_DAG_API 84 #include "pcap-dag.h" 85 #endif /* HAVE_DAG_API */ 86 87 #ifdef HAVE_SEPTEL_API 88 #include "pcap-septel.h" 89 #endif /* HAVE_SEPTEL_API */ 90 91 #ifdef HAVE_SNF_API 92 #include "pcap-snf.h" 93 #endif /* HAVE_SNF_API */ 94 95 #ifdef HAVE_TC_API 96 #include "pcap-tc.h" 97 #endif /* HAVE_TC_API */ 98 99 #ifdef PCAP_SUPPORT_LINUX_USBMON 100 #include "pcap-usb-linux.h" 101 #endif 102 103 #ifdef PCAP_SUPPORT_BT 104 #include "pcap-bt-linux.h" 105 #endif 106 107 #ifdef PCAP_SUPPORT_BT_MONITOR 108 #include "pcap-bt-monitor-linux.h" 109 #endif 110 111 #ifdef PCAP_SUPPORT_NETFILTER 112 #include "pcap-netfilter-linux.h" 113 #endif 114 115 #ifdef PCAP_SUPPORT_NETMAP 116 #include "pcap-netmap.h" 117 #endif 118 119 #ifdef PCAP_SUPPORT_DBUS 120 #include "pcap-dbus.h" 121 #endif 122 123 #ifdef PCAP_SUPPORT_RDMASNIFF 124 #include "pcap-rdmasniff.h" 125 #endif 126 127 #ifdef PCAP_SUPPORT_DPDK 128 #include "pcap-dpdk.h" 129 #endif 130 131 #ifdef HAVE_AIRPCAP_API 132 #include "pcap-airpcap.h" 133 #endif 134 135 #ifdef _WIN32 136 /* 137 * To quote the WSAStartup() documentation: 138 * 139 * The WSAStartup function typically leads to protocol-specific helper 140 * DLLs being loaded. As a result, the WSAStartup function should not 141 * be called from the DllMain function in a application DLL. This can 142 * potentially cause deadlocks. 143 * 144 * and the WSACleanup() documentation: 145 * 146 * The WSACleanup function typically leads to protocol-specific helper 147 * DLLs being unloaded. As a result, the WSACleanup function should not 148 * be called from the DllMain function in a application DLL. This can 149 * potentially cause deadlocks. 150 * 151 * So we don't initialize Winsock in a DllMain() routine. 152 * 153 * pcap_init() should be called to initialize pcap on both UN*X and 154 * Windows; it will initialize Winsock on Windows. (It will also be 155 * initialized as needed if pcap_init() hasn't been called.) 156 */ 157 158 /* 159 * Shut down Winsock. 160 * 161 * Ignores the return value of WSACleanup(); given that this is 162 * an atexit() routine, there's nothing much we can do about 163 * a failure. 164 */ 165 static void 166 internal_wsockfini(void) 167 { 168 WSACleanup(); 169 } 170 171 /* 172 * Start Winsock. 173 * Internal routine. 174 */ 175 static int 176 internal_wsockinit(char *errbuf) 177 { 178 WORD wVersionRequested; 179 WSADATA wsaData; 180 static int err = -1; 181 static int done = 0; 182 int status; 183 184 if (done) 185 return (err); 186 187 /* 188 * Versions of Windows that don't support Winsock 2.2 are 189 * too old for us. 190 */ 191 wVersionRequested = MAKEWORD(2, 2); 192 status = WSAStartup(wVersionRequested, &wsaData); 193 done = 1; 194 if (status != 0) { 195 if (errbuf != NULL) { 196 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE, 197 status, "WSAStartup() failed"); 198 } 199 return (err); 200 } 201 atexit(internal_wsockfini); 202 err = 0; 203 return (err); 204 } 205 206 /* 207 * Exported in case some applications using WinPcap/Npcap called it, 208 * even though it wasn't exported. 209 */ 210 int 211 wsockinit(void) 212 { 213 return (internal_wsockinit(NULL)); 214 } 215 216 /* 217 * This is the exported function; new programs should call this. 218 * *Newer* programs should call pcap_init(). 219 */ 220 int 221 pcap_wsockinit(void) 222 { 223 return (internal_wsockinit(NULL)); 224 } 225 #endif /* _WIN32 */ 226 227 /* 228 * Do whatever initialization is needed for libpcap. 229 * 230 * The argument specifies whether we use the local code page or UTF-8 231 * for strings; on UN*X, we just assume UTF-8 in places where the encoding 232 * would matter, whereas, on Windows, we use the local code page for 233 * PCAP_CHAR_ENC_LOCAL and UTF-8 for PCAP_CHAR_ENC_UTF_8. 234 * 235 * On Windows, we also disable the hack in pcap_create() to deal with 236 * being handed UTF-16 strings, because if the user calls this they're 237 * explicitly declaring that they will either be passing local code 238 * page strings or UTF-8 strings, so we don't need to allow UTF-16LE 239 * strings to be passed. For good measure, on Windows *and* UN*X, 240 * we disable pcap_lookupdev(), to prevent anybody from even 241 * *trying* to pass the result of pcap_lookupdev() - which might be 242 * UTF-16LE on Windows, for ugly compatibility reasons - to pcap_create() 243 * or pcap_open_live() or pcap_open(). 244 * 245 * Returns 0 on success, -1 on error. 246 */ 247 int pcapint_new_api; /* pcap_lookupdev() always fails */ 248 int pcapint_utf_8_mode; /* Strings should be in UTF-8. */ 249 250 int 251 pcap_init(unsigned int opts, char *errbuf) 252 { 253 static int initialized; 254 255 /* 256 * Don't allow multiple calls that set different modes; that 257 * may mean a library is initializing pcap in one mode and 258 * a program using that library, or another library used by 259 * that program, is initializing it in another mode. 260 */ 261 switch (opts) { 262 263 case PCAP_CHAR_ENC_LOCAL: 264 /* Leave "UTF-8 mode" off. */ 265 if (initialized) { 266 if (pcapint_utf_8_mode) { 267 snprintf(errbuf, PCAP_ERRBUF_SIZE, 268 "Multiple pcap_init calls with different character encodings"); 269 return (PCAP_ERROR); 270 } 271 } 272 break; 273 274 case PCAP_CHAR_ENC_UTF_8: 275 /* Turn on "UTF-8 mode". */ 276 if (initialized) { 277 if (!pcapint_utf_8_mode) { 278 snprintf(errbuf, PCAP_ERRBUF_SIZE, 279 "Multiple pcap_init calls with different character encodings"); 280 return (PCAP_ERROR); 281 } 282 } 283 pcapint_utf_8_mode = 1; 284 break; 285 286 default: 287 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Unknown options specified"); 288 return (PCAP_ERROR); 289 } 290 291 /* 292 * Turn the appropriate mode on for error messages; those routines 293 * are also used in rpcapd, which has no access to pcap's internal 294 * UTF-8 mode flag, so we have to call a routine to set its 295 * UTF-8 mode flag. 296 */ 297 pcapint_fmt_set_encoding(opts); 298 299 if (initialized) { 300 /* 301 * Nothing more to do; for example, on Windows, we've 302 * already initialized Winsock. 303 */ 304 return (0); 305 } 306 307 #ifdef _WIN32 308 /* 309 * Now set up Winsock. 310 */ 311 if (internal_wsockinit(errbuf) == -1) { 312 /* Failed. */ 313 return (PCAP_ERROR); 314 } 315 #endif 316 317 /* 318 * We're done. 319 */ 320 initialized = 1; 321 pcapint_new_api = 1; 322 return (0); 323 } 324 325 /* 326 * String containing the library version. 327 * Not explicitly exported via a header file - the right API to use 328 * is pcap_lib_version() - but some programs included it, so we 329 * provide it. 330 * 331 * We declare it here, right before defining it, to squelch any 332 * warnings we might get from compilers about the lack of a 333 * declaration. 334 */ 335 PCAP_API char pcap_version[]; 336 PCAP_API_DEF char pcap_version[] = PACKAGE_VERSION; 337 338 static void 339 pcap_set_not_initialized_message(pcap_t *pcap) 340 { 341 if (pcap->activated) { 342 /* A module probably forgot to set the function pointer */ 343 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), 344 "This operation isn't properly handled by that device"); 345 return; 346 } 347 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */ 348 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), 349 "This handle hasn't been activated yet"); 350 } 351 352 static int 353 pcap_read_not_initialized(pcap_t *pcap, int cnt _U_, pcap_handler callback _U_, 354 u_char *user _U_) 355 { 356 pcap_set_not_initialized_message(pcap); 357 /* this means 'not initialized' */ 358 return (PCAP_ERROR_NOT_ACTIVATED); 359 } 360 361 static int 362 pcap_inject_not_initialized(pcap_t *pcap, const void * buf _U_, int size _U_) 363 { 364 pcap_set_not_initialized_message(pcap); 365 /* this means 'not initialized' */ 366 return (PCAP_ERROR_NOT_ACTIVATED); 367 } 368 369 static int 370 pcap_setfilter_not_initialized(pcap_t *pcap, struct bpf_program *fp _U_) 371 { 372 pcap_set_not_initialized_message(pcap); 373 /* this means 'not initialized' */ 374 return (PCAP_ERROR_NOT_ACTIVATED); 375 } 376 377 static int 378 pcap_setdirection_not_initialized(pcap_t *pcap, pcap_direction_t d _U_) 379 { 380 pcap_set_not_initialized_message(pcap); 381 /* this means 'not initialized' */ 382 return (PCAP_ERROR_NOT_ACTIVATED); 383 } 384 385 static int 386 pcap_set_datalink_not_initialized(pcap_t *pcap, int dlt _U_) 387 { 388 pcap_set_not_initialized_message(pcap); 389 /* this means 'not initialized' */ 390 return (PCAP_ERROR_NOT_ACTIVATED); 391 } 392 393 static int 394 pcap_getnonblock_not_initialized(pcap_t *pcap) 395 { 396 pcap_set_not_initialized_message(pcap); 397 /* this means 'not initialized' */ 398 return (PCAP_ERROR_NOT_ACTIVATED); 399 } 400 401 static int 402 pcap_stats_not_initialized(pcap_t *pcap, struct pcap_stat *ps _U_) 403 { 404 pcap_set_not_initialized_message(pcap); 405 /* this means 'not initialized' */ 406 return (PCAP_ERROR_NOT_ACTIVATED); 407 } 408 409 #ifdef _WIN32 410 static struct pcap_stat * 411 pcap_stats_ex_not_initialized(pcap_t *pcap, int *pcap_stat_size _U_) 412 { 413 pcap_set_not_initialized_message(pcap); 414 return (NULL); 415 } 416 417 static int 418 pcap_setbuff_not_initialized(pcap_t *pcap, int dim _U_) 419 { 420 pcap_set_not_initialized_message(pcap); 421 /* this means 'not initialized' */ 422 return (PCAP_ERROR_NOT_ACTIVATED); 423 } 424 425 static int 426 pcap_setmode_not_initialized(pcap_t *pcap, int mode _U_) 427 { 428 pcap_set_not_initialized_message(pcap); 429 /* this means 'not initialized' */ 430 return (PCAP_ERROR_NOT_ACTIVATED); 431 } 432 433 static int 434 pcap_setmintocopy_not_initialized(pcap_t *pcap, int size _U_) 435 { 436 pcap_set_not_initialized_message(pcap); 437 /* this means 'not initialized' */ 438 return (PCAP_ERROR_NOT_ACTIVATED); 439 } 440 441 static HANDLE 442 pcap_getevent_not_initialized(pcap_t *pcap) 443 { 444 pcap_set_not_initialized_message(pcap); 445 return (INVALID_HANDLE_VALUE); 446 } 447 448 static int 449 pcap_oid_get_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_, 450 void *data _U_, size_t *lenp _U_) 451 { 452 pcap_set_not_initialized_message(pcap); 453 return (PCAP_ERROR_NOT_ACTIVATED); 454 } 455 456 static int 457 pcap_oid_set_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_, 458 const void *data _U_, size_t *lenp _U_) 459 { 460 pcap_set_not_initialized_message(pcap); 461 return (PCAP_ERROR_NOT_ACTIVATED); 462 } 463 464 static u_int 465 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue _U_, 466 int sync _U_) 467 { 468 pcap_set_not_initialized_message(pcap); 469 return (0); 470 } 471 472 static int 473 pcap_setuserbuffer_not_initialized(pcap_t *pcap, int size _U_) 474 { 475 pcap_set_not_initialized_message(pcap); 476 return (PCAP_ERROR_NOT_ACTIVATED); 477 } 478 479 static int 480 pcap_live_dump_not_initialized(pcap_t *pcap, char *filename _U_, int maxsize _U_, 481 int maxpacks _U_) 482 { 483 pcap_set_not_initialized_message(pcap); 484 return (PCAP_ERROR_NOT_ACTIVATED); 485 } 486 487 static int 488 pcap_live_dump_ended_not_initialized(pcap_t *pcap, int sync _U_) 489 { 490 pcap_set_not_initialized_message(pcap); 491 return (PCAP_ERROR_NOT_ACTIVATED); 492 } 493 494 static PAirpcapHandle 495 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap) 496 { 497 pcap_set_not_initialized_message(pcap); 498 return (NULL); 499 } 500 #endif 501 502 /* 503 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 504 * a PCAP_ERROR value on an error. 505 */ 506 int 507 pcap_can_set_rfmon(pcap_t *p) 508 { 509 return (p->can_set_rfmon_op(p)); 510 } 511 512 /* 513 * For systems where rfmon mode is never supported. 514 */ 515 static int 516 pcap_cant_set_rfmon(pcap_t *p _U_) 517 { 518 return (0); 519 } 520 521 /* 522 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 523 * types; the return value is the number of supported time stamp types. 524 * The list should be freed by a call to pcap_free_tstamp_types() when 525 * you're done with it. 526 * 527 * A return value of 0 means "you don't get a choice of time stamp type", 528 * in which case *tstamp_typesp is set to null. 529 * 530 * PCAP_ERROR is returned on error. 531 */ 532 int 533 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 534 { 535 if (p->tstamp_type_count == 0) { 536 /* 537 * We don't support multiple time stamp types. 538 * That means the only type we support is PCAP_TSTAMP_HOST; 539 * set up a list containing only that type. 540 */ 541 *tstamp_typesp = (int*)malloc(sizeof(**tstamp_typesp)); 542 if (*tstamp_typesp == NULL) { 543 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 544 errno, "malloc"); 545 return (PCAP_ERROR); 546 } 547 **tstamp_typesp = PCAP_TSTAMP_HOST; 548 return (1); 549 } else { 550 *tstamp_typesp = (int*)calloc(p->tstamp_type_count, 551 sizeof(**tstamp_typesp)); 552 if (*tstamp_typesp == NULL) { 553 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 554 errno, "malloc"); 555 return (PCAP_ERROR); 556 } 557 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 558 sizeof(**tstamp_typesp) * p->tstamp_type_count); 559 return (p->tstamp_type_count); 560 } 561 } 562 563 /* 564 * In Windows, you might have a library built with one version of the 565 * C runtime library and an application built with another version of 566 * the C runtime library, which means that the library might use one 567 * version of malloc() and free() and the application might use another 568 * version of malloc() and free(). If so, that means something 569 * allocated by the library cannot be freed by the application, so we 570 * need to have a pcap_free_tstamp_types() routine to free up the list 571 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 572 * around free(). 573 */ 574 void 575 pcap_free_tstamp_types(int *tstamp_type_list) 576 { 577 free(tstamp_type_list); 578 } 579 580 /* 581 * Default one-shot callback; overridden for capture types where the 582 * packet data cannot be guaranteed to be available after the callback 583 * returns, so that a copy must be made. 584 */ 585 void 586 pcapint_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 587 { 588 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 589 590 *sp->hdr = *h; 591 *sp->pkt = pkt; 592 } 593 594 const u_char * 595 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 596 { 597 struct oneshot_userdata s; 598 const u_char *pkt; 599 600 s.hdr = h; 601 s.pkt = &pkt; 602 s.pd = p; 603 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 604 return (0); 605 return (pkt); 606 } 607 608 int 609 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 610 const u_char **pkt_data) 611 { 612 struct oneshot_userdata s; 613 614 s.hdr = &p->pcap_header; 615 s.pkt = pkt_data; 616 s.pd = p; 617 618 /* Saves a pointer to the packet headers */ 619 *pkt_header= &p->pcap_header; 620 621 if (p->rfile != NULL) { 622 int status; 623 624 /* We are on an offline capture */ 625 status = pcapint_offline_read(p, 1, p->oneshot_callback, 626 (u_char *)&s); 627 628 /* 629 * Return codes for pcapint_offline_read() are: 630 * - 0: EOF 631 * - -1: error 632 * - >0: OK - result is number of packets read, so 633 * it will be 1 in this case, as we've passed 634 * a maximum packet count of 1 635 * The first one ('0') conflicts with the return code of 636 * 0 from pcap_read() meaning "no packets arrived before 637 * the timeout expired", so we map it to -2 so you can 638 * distinguish between an EOF from a savefile and a 639 * "no packets arrived before the timeout expired, try 640 * again" from a live capture. 641 */ 642 if (status == 0) 643 return (-2); 644 else 645 return (status); 646 } 647 648 /* 649 * Return codes for pcap_read() are: 650 * - 0: timeout 651 * - -1: error 652 * - -2: loop was broken out of with pcap_breakloop() 653 * - >0: OK, result is number of packets captured, so 654 * it will be 1 in this case, as we've passed 655 * a maximum packet count of 1 656 * The first one ('0') conflicts with the return code of 0 from 657 * pcapint_offline_read() meaning "end of file". 658 */ 659 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 660 } 661 662 /* 663 * Implementation of a pcap_if_list_t. 664 */ 665 struct pcap_if_list { 666 pcap_if_t *beginning; 667 }; 668 669 static struct capture_source_type { 670 int (*findalldevs_op)(pcap_if_list_t *, char *); 671 pcap_t *(*create_op)(const char *, char *, int *); 672 } capture_source_types[] = { 673 #ifdef HAVE_DAG_API 674 { dag_findalldevs, dag_create }, 675 #endif 676 #ifdef HAVE_SEPTEL_API 677 { septel_findalldevs, septel_create }, 678 #endif 679 #ifdef HAVE_SNF_API 680 { snf_findalldevs, snf_create }, 681 #endif 682 #ifdef HAVE_TC_API 683 { TcFindAllDevs, TcCreate }, 684 #endif 685 #ifdef PCAP_SUPPORT_BT 686 { bt_findalldevs, bt_create }, 687 #endif 688 #ifdef PCAP_SUPPORT_BT_MONITOR 689 { bt_monitor_findalldevs, bt_monitor_create }, 690 #endif 691 #ifdef PCAP_SUPPORT_LINUX_USBMON 692 { usb_findalldevs, usb_create }, 693 #endif 694 #ifdef PCAP_SUPPORT_NETFILTER 695 { netfilter_findalldevs, netfilter_create }, 696 #endif 697 #ifdef PCAP_SUPPORT_NETMAP 698 { pcap_netmap_findalldevs, pcap_netmap_create }, 699 #endif 700 #ifdef PCAP_SUPPORT_DBUS 701 { dbus_findalldevs, dbus_create }, 702 #endif 703 #ifdef PCAP_SUPPORT_RDMASNIFF 704 { rdmasniff_findalldevs, rdmasniff_create }, 705 #endif 706 #ifdef PCAP_SUPPORT_DPDK 707 { pcap_dpdk_findalldevs, pcap_dpdk_create }, 708 #endif 709 #ifdef HAVE_AIRPCAP_API 710 { airpcap_findalldevs, airpcap_create }, 711 #endif 712 { NULL, NULL } 713 }; 714 715 /* 716 * Get a list of all capture sources that are up and that we can open. 717 * Returns -1 on error, 0 otherwise. 718 * The list, as returned through "alldevsp", may be null if no interfaces 719 * were up and could be opened. 720 */ 721 int 722 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 723 { 724 size_t i; 725 pcap_if_list_t devlist; 726 727 /* 728 * Find all the local network interfaces on which we 729 * can capture. 730 */ 731 devlist.beginning = NULL; 732 if (pcapint_platform_finddevs(&devlist, errbuf) == -1) { 733 /* 734 * Failed - free all of the entries we were given 735 * before we failed. 736 */ 737 if (devlist.beginning != NULL) 738 pcap_freealldevs(devlist.beginning); 739 *alldevsp = NULL; 740 return (-1); 741 } 742 743 /* 744 * Ask each of the non-local-network-interface capture 745 * source types what interfaces they have. 746 */ 747 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 748 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) { 749 /* 750 * We had an error; free the list we've been 751 * constructing. 752 */ 753 if (devlist.beginning != NULL) 754 pcap_freealldevs(devlist.beginning); 755 *alldevsp = NULL; 756 return (-1); 757 } 758 } 759 760 /* 761 * Return the first entry of the list of all devices. 762 */ 763 *alldevsp = devlist.beginning; 764 return (0); 765 } 766 767 static struct sockaddr * 768 dup_sockaddr(struct sockaddr *sa, size_t sa_length) 769 { 770 struct sockaddr *newsa; 771 772 if ((newsa = malloc(sa_length)) == NULL) 773 return (NULL); 774 return (memcpy(newsa, sa, sa_length)); 775 } 776 777 /* 778 * Construct a "figure of merit" for an interface, for use when sorting 779 * the list of interfaces, in which interfaces that are up are superior 780 * to interfaces that aren't up, interfaces that are up and running are 781 * superior to interfaces that are up but not running, and non-loopback 782 * interfaces that are up and running are superior to loopback interfaces, 783 * and interfaces with the same flags have a figure of merit that's higher 784 * the lower the instance number. 785 * 786 * The goal is to try to put the interfaces most likely to be useful for 787 * capture at the beginning of the list. 788 * 789 * The figure of merit, which is lower the "better" the interface is, 790 * has the uppermost bit set if the interface isn't running, the bit 791 * below that set if the interface isn't up, the bit below that 792 * set if the interface is a loopback interface, and the bit below 793 * that set if it's the "any" interface. 794 * 795 * Note: we don't sort by unit number because 1) not all interfaces have 796 * a unit number (systemd, for example, might assign interface names 797 * based on the interface's MAC address or on the physical location of 798 * the adapter's connector), and 2) if the name does end with a simple 799 * unit number, it's not a global property of the interface, it's only 800 * useful as a sort key for device names with the same prefix, so xyz0 801 * shouldn't necessarily sort before abc2. This means that interfaces 802 * with the same figure of merit will be sorted by the order in which 803 * the mechanism from which we're getting the interfaces supplies them. 804 */ 805 static u_int 806 get_figure_of_merit(pcap_if_t *dev) 807 { 808 u_int n; 809 810 n = 0; 811 if (!(dev->flags & PCAP_IF_RUNNING)) 812 n |= 0x80000000; 813 if (!(dev->flags & PCAP_IF_UP)) 814 n |= 0x40000000; 815 816 /* 817 * Give non-wireless interfaces that aren't disconnected a better 818 * figure of merit than interfaces that are disconnected, as 819 * "disconnected" should indicate that the interface isn't 820 * plugged into a network and thus won't give you any traffic. 821 * 822 * For wireless interfaces, it means "associated with a network", 823 * which we presume not to necessarily prevent capture, as you 824 * might run the adapter in some flavor of monitor mode. 825 */ 826 if (!(dev->flags & PCAP_IF_WIRELESS) && 827 (dev->flags & PCAP_IF_CONNECTION_STATUS) == PCAP_IF_CONNECTION_STATUS_DISCONNECTED) 828 n |= 0x20000000; 829 830 /* 831 * Sort loopback devices after non-loopback devices, *except* for 832 * disconnected devices. 833 */ 834 if (dev->flags & PCAP_IF_LOOPBACK) 835 n |= 0x10000000; 836 837 /* 838 * Sort the "any" device before loopback and disconnected devices, 839 * but after all other devices. 840 */ 841 if (strcmp(dev->name, "any") == 0) 842 n |= 0x08000000; 843 844 return (n); 845 } 846 847 #ifndef _WIN32 848 /* 849 * Try to get a description for a given device. 850 * Returns a malloced description if it could and NULL if it couldn't. 851 * 852 * XXX - on FreeBSDs that support it, should it get the sysctl named 853 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description 854 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800" 855 * with my Cisco 350 card, so the name isn't entirely descriptive. The 856 * "dev.an.0.%pnpinfo" has a better description, although one might argue 857 * that the problem is really a driver bug - if it can find out that it's 858 * a Cisco 340 or 350, rather than an old Aironet card, it should use 859 * that in the description. 860 * 861 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD 862 * and OpenBSD let you get a description, but it's not generated by the OS, 863 * it's set with another ioctl that ifconfig supports; we use that to get 864 * a description in FreeBSD and OpenBSD, but if there is no such 865 * description available, it still might be nice to get some description 866 * string based on the device type or something such as that. 867 * 868 * In macOS, the System Configuration framework can apparently return 869 * names in 10.4 and later. 870 * 871 * It also appears that freedesktop.org's HAL offers an "info.product" 872 * string, but the HAL specification says it "should not be used in any 873 * UI" and "subsystem/capability specific properties" should be used 874 * instead and, in any case, I think HAL is being deprecated in 875 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear 876 * to have any obvious product information for devices, but maybe 877 * I haven't looked hard enough. 878 * 879 * Using the System Configuration framework, or HAL, or DeviceKit, or 880 * whatever, would require that libpcap applications be linked with 881 * the frameworks/libraries in question. That shouldn't be a problem 882 * for programs linking with the shared version of libpcap (unless 883 * you're running on AIX - which I think is the only UN*X that doesn't 884 * support linking a shared library with other libraries on which it 885 * depends, and having an executable linked only with the first shared 886 * library automatically pick up the other libraries when started - 887 * and using HAL or whatever). Programs linked with the static 888 * version of libpcap would have to use pcap-config with the --static 889 * flag in order to get the right linker flags in order to pick up 890 * the additional libraries/frameworks; those programs need that anyway 891 * for libpcap 1.1 and beyond on Linux, as, by default, it requires 892 * -lnl. 893 * 894 * Do any other UN*Xes, or desktop environments support getting a 895 * description? 896 */ 897 static char * 898 #ifdef SIOCGIFDESCR 899 get_if_description(const char *name) 900 { 901 char *description = NULL; 902 int s; 903 struct ifreq ifrdesc; 904 #ifndef IFDESCRSIZE 905 size_t descrlen = 64; 906 #else 907 size_t descrlen = IFDESCRSIZE; 908 #endif /* IFDESCRSIZE */ 909 910 /* 911 * Get the description for the interface. 912 */ 913 memset(&ifrdesc, 0, sizeof ifrdesc); 914 pcapint_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name); 915 s = socket(AF_INET, SOCK_DGRAM, 0); 916 if (s >= 0) { 917 #ifdef __FreeBSD__ 918 /* 919 * On FreeBSD, if the buffer isn't big enough for the 920 * description, the ioctl succeeds, but the description 921 * isn't copied, ifr_buffer.length is set to the description 922 * length, and ifr_buffer.buffer is set to NULL. 923 */ 924 for (;;) { 925 free(description); 926 if ((description = malloc(descrlen)) != NULL) { 927 ifrdesc.ifr_buffer.buffer = description; 928 ifrdesc.ifr_buffer.length = descrlen; 929 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) { 930 if (ifrdesc.ifr_buffer.buffer == 931 description) 932 break; 933 else 934 descrlen = ifrdesc.ifr_buffer.length; 935 } else { 936 /* 937 * Failed to get interface description. 938 */ 939 free(description); 940 description = NULL; 941 break; 942 } 943 } else 944 break; 945 } 946 #else /* __FreeBSD__ */ 947 /* 948 * The only other OS that currently supports 949 * SIOCGIFDESCR is OpenBSD, and it has no way 950 * to get the description length - it's clamped 951 * to a maximum of IFDESCRSIZE. 952 */ 953 if ((description = malloc(descrlen)) != NULL) { 954 ifrdesc.ifr_data = (caddr_t)description; 955 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) { 956 /* 957 * Failed to get interface description. 958 */ 959 free(description); 960 description = NULL; 961 } 962 } 963 #endif /* __FreeBSD__ */ 964 close(s); 965 if (description != NULL && description[0] == '\0') { 966 /* 967 * Description is empty, so discard it. 968 */ 969 free(description); 970 description = NULL; 971 } 972 } 973 974 #ifdef __FreeBSD__ 975 /* 976 * For FreeBSD, if we didn't get a description, and this is 977 * a device with a name of the form usbusN, label it as a USB 978 * bus. 979 */ 980 if (description == NULL) { 981 if (strncmp(name, "usbus", 5) == 0) { 982 /* 983 * OK, it begins with "usbus". 984 */ 985 long busnum; 986 char *p; 987 988 errno = 0; 989 busnum = strtol(name + 5, &p, 10); 990 if (errno == 0 && p != name + 5 && *p == '\0' && 991 busnum >= 0 && busnum <= INT_MAX) { 992 /* 993 * OK, it's a valid number that's not 994 * bigger than INT_MAX. Construct 995 * a description from it. 996 * (If that fails, we don't worry about 997 * it, we just return NULL.) 998 */ 999 if (pcapint_asprintf(&description, 1000 "USB bus number %ld", busnum) == -1) { 1001 /* Failed. */ 1002 description = NULL; 1003 } 1004 } 1005 } 1006 } 1007 #endif 1008 return (description); 1009 #else /* SIOCGIFDESCR */ 1010 get_if_description(const char *name _U_) 1011 { 1012 return (NULL); 1013 #endif /* SIOCGIFDESCR */ 1014 } 1015 1016 /* 1017 * Look for a given device in the specified list of devices. 1018 * 1019 * If we find it, return a pointer to its entry. 1020 * 1021 * If we don't find it, attempt to add an entry for it, with the specified 1022 * IFF_ flags and description, and, if that succeeds, return a pointer to 1023 * the new entry, otherwise return NULL and set errbuf to an error message. 1024 */ 1025 pcap_if_t * 1026 pcapint_find_or_add_if(pcap_if_list_t *devlistp, const char *name, 1027 uint64_t if_flags, get_if_flags_func get_flags_func, char *errbuf) 1028 { 1029 bpf_u_int32 pcap_flags; 1030 1031 /* 1032 * Convert IFF_ flags to pcap flags. 1033 */ 1034 pcap_flags = 0; 1035 #ifdef IFF_LOOPBACK 1036 if (if_flags & IFF_LOOPBACK) 1037 pcap_flags |= PCAP_IF_LOOPBACK; 1038 #else 1039 /* 1040 * We don't have IFF_LOOPBACK, so look at the device name to 1041 * see if it looks like a loopback device. 1042 */ 1043 if (name[0] == 'l' && name[1] == 'o' && 1044 (PCAP_ISDIGIT(name[2]) || name[2] == '\0')) 1045 pcap_flags |= PCAP_IF_LOOPBACK; 1046 #endif 1047 #ifdef IFF_UP 1048 if (if_flags & IFF_UP) 1049 pcap_flags |= PCAP_IF_UP; 1050 #endif 1051 #ifdef IFF_RUNNING 1052 if (if_flags & IFF_RUNNING) 1053 pcap_flags |= PCAP_IF_RUNNING; 1054 #endif 1055 1056 /* 1057 * Attempt to find an entry for this device; if we don't find one, 1058 * attempt to add one. 1059 */ 1060 return (pcapint_find_or_add_dev(devlistp, name, pcap_flags, 1061 get_flags_func, get_if_description(name), errbuf)); 1062 } 1063 1064 /* 1065 * Look for a given device in the specified list of devices. 1066 * 1067 * If we find it, then, if the specified address isn't null, add it to 1068 * the list of addresses for the device and return 0. 1069 * 1070 * If we don't find it, attempt to add an entry for it, with the specified 1071 * IFF_ flags and description, and, if that succeeds, add the specified 1072 * address to its list of addresses if that address is non-null, and 1073 * return 0, otherwise return -1 and set errbuf to an error message. 1074 * 1075 * (We can get called with a null address because we might get a list 1076 * of interface name/address combinations from the underlying OS, with 1077 * the address being absent in some cases, rather than a list of 1078 * interfaces with each interface having a list of addresses, so this 1079 * call may be the only call made to add to the list, and we want to 1080 * add interfaces even if they have no addresses.) 1081 */ 1082 int 1083 pcapint_add_addr_to_if(pcap_if_list_t *devlistp, const char *name, 1084 uint64_t if_flags, get_if_flags_func get_flags_func, 1085 struct sockaddr *addr, size_t addr_size, 1086 struct sockaddr *netmask, size_t netmask_size, 1087 struct sockaddr *broadaddr, size_t broadaddr_size, 1088 struct sockaddr *dstaddr, size_t dstaddr_size, 1089 char *errbuf) 1090 { 1091 pcap_if_t *curdev; 1092 1093 /* 1094 * Check whether the device exists and, if not, add it. 1095 */ 1096 curdev = pcapint_find_or_add_if(devlistp, name, if_flags, get_flags_func, 1097 errbuf); 1098 if (curdev == NULL) { 1099 /* 1100 * Error - give up. 1101 */ 1102 return (-1); 1103 } 1104 1105 if (addr == NULL) { 1106 /* 1107 * There's no address to add; this entry just meant 1108 * "here's a new interface". 1109 */ 1110 return (0); 1111 } 1112 1113 /* 1114 * "curdev" is an entry for this interface, and we have an 1115 * address for it; add an entry for that address to the 1116 * interface's list of addresses. 1117 */ 1118 return (pcapint_add_addr_to_dev(curdev, addr, addr_size, netmask, 1119 netmask_size, broadaddr, broadaddr_size, dstaddr, 1120 dstaddr_size, errbuf)); 1121 } 1122 #endif /* _WIN32 */ 1123 1124 /* 1125 * Add an entry to the list of addresses for an interface. 1126 * "curdev" is the entry for that interface. 1127 */ 1128 int 1129 pcapint_add_addr_to_dev(pcap_if_t *curdev, 1130 struct sockaddr *addr, size_t addr_size, 1131 struct sockaddr *netmask, size_t netmask_size, 1132 struct sockaddr *broadaddr, size_t broadaddr_size, 1133 struct sockaddr *dstaddr, size_t dstaddr_size, 1134 char *errbuf) 1135 { 1136 pcap_addr_t *curaddr, *prevaddr, *nextaddr; 1137 1138 /* 1139 * Allocate the new entry and fill it in. 1140 */ 1141 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t)); 1142 if (curaddr == NULL) { 1143 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1144 errno, "malloc"); 1145 return (-1); 1146 } 1147 1148 curaddr->next = NULL; 1149 if (addr != NULL && addr_size != 0) { 1150 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size); 1151 if (curaddr->addr == NULL) { 1152 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1153 errno, "malloc"); 1154 free(curaddr); 1155 return (-1); 1156 } 1157 } else 1158 curaddr->addr = NULL; 1159 1160 if (netmask != NULL && netmask_size != 0) { 1161 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size); 1162 if (curaddr->netmask == NULL) { 1163 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1164 errno, "malloc"); 1165 if (curaddr->addr != NULL) 1166 free(curaddr->addr); 1167 free(curaddr); 1168 return (-1); 1169 } 1170 } else 1171 curaddr->netmask = NULL; 1172 1173 if (broadaddr != NULL && broadaddr_size != 0) { 1174 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size); 1175 if (curaddr->broadaddr == NULL) { 1176 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1177 errno, "malloc"); 1178 if (curaddr->netmask != NULL) 1179 free(curaddr->netmask); 1180 if (curaddr->addr != NULL) 1181 free(curaddr->addr); 1182 free(curaddr); 1183 return (-1); 1184 } 1185 } else 1186 curaddr->broadaddr = NULL; 1187 1188 if (dstaddr != NULL && dstaddr_size != 0) { 1189 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size); 1190 if (curaddr->dstaddr == NULL) { 1191 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1192 errno, "malloc"); 1193 if (curaddr->broadaddr != NULL) 1194 free(curaddr->broadaddr); 1195 if (curaddr->netmask != NULL) 1196 free(curaddr->netmask); 1197 if (curaddr->addr != NULL) 1198 free(curaddr->addr); 1199 free(curaddr); 1200 return (-1); 1201 } 1202 } else 1203 curaddr->dstaddr = NULL; 1204 1205 /* 1206 * Find the end of the list of addresses. 1207 */ 1208 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) { 1209 nextaddr = prevaddr->next; 1210 if (nextaddr == NULL) { 1211 /* 1212 * This is the end of the list. 1213 */ 1214 break; 1215 } 1216 } 1217 1218 if (prevaddr == NULL) { 1219 /* 1220 * The list was empty; this is the first member. 1221 */ 1222 curdev->addresses = curaddr; 1223 } else { 1224 /* 1225 * "prevaddr" is the last member of the list; append 1226 * this member to it. 1227 */ 1228 prevaddr->next = curaddr; 1229 } 1230 1231 return (0); 1232 } 1233 1234 /* 1235 * Look for a given device in the specified list of devices. 1236 * 1237 * If we find it, return 0 and set *curdev_ret to point to it. 1238 * 1239 * If we don't find it, attempt to add an entry for it, with the specified 1240 * flags and description, and, if that succeeds, return 0, otherwise 1241 * return -1 and set errbuf to an error message. 1242 */ 1243 pcap_if_t * 1244 pcapint_find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1245 get_if_flags_func get_flags_func, const char *description, char *errbuf) 1246 { 1247 pcap_if_t *curdev; 1248 1249 /* 1250 * Is there already an entry in the list for this device? 1251 */ 1252 curdev = pcapint_find_dev(devlistp, name); 1253 if (curdev != NULL) { 1254 /* 1255 * Yes, return it. 1256 */ 1257 return (curdev); 1258 } 1259 1260 /* 1261 * No, we didn't find it. 1262 */ 1263 1264 /* 1265 * Try to get additional flags for the device. 1266 */ 1267 if ((*get_flags_func)(name, &flags, errbuf) == -1) { 1268 /* 1269 * Failed. 1270 */ 1271 return (NULL); 1272 } 1273 1274 /* 1275 * Now, try to add it to the list of devices. 1276 */ 1277 return (pcapint_add_dev(devlistp, name, flags, description, errbuf)); 1278 } 1279 1280 /* 1281 * Look for a given device in the specified list of devices, and return 1282 * the entry for it if we find it or NULL if we don't. 1283 */ 1284 pcap_if_t * 1285 pcapint_find_dev(pcap_if_list_t *devlistp, const char *name) 1286 { 1287 pcap_if_t *curdev; 1288 1289 /* 1290 * Is there an entry in the list for this device? 1291 */ 1292 for (curdev = devlistp->beginning; curdev != NULL; 1293 curdev = curdev->next) { 1294 if (strcmp(name, curdev->name) == 0) { 1295 /* 1296 * We found it, so, yes, there is. No need to 1297 * add it. Provide the entry we found to our 1298 * caller. 1299 */ 1300 return (curdev); 1301 } 1302 } 1303 1304 /* 1305 * No. 1306 */ 1307 return (NULL); 1308 } 1309 1310 /* 1311 * Attempt to add an entry for a device, with the specified flags 1312 * and description, and, if that succeeds, return 0 and return a pointer 1313 * to the new entry, otherwise return NULL and set errbuf to an error 1314 * message. 1315 * 1316 * If we weren't given a description, try to get one. 1317 */ 1318 pcap_if_t * 1319 pcapint_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1320 const char *description, char *errbuf) 1321 { 1322 pcap_if_t *curdev, *prevdev, *nextdev; 1323 u_int this_figure_of_merit, nextdev_figure_of_merit; 1324 1325 curdev = malloc(sizeof(pcap_if_t)); 1326 if (curdev == NULL) { 1327 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1328 errno, "malloc"); 1329 return (NULL); 1330 } 1331 1332 /* 1333 * Fill in the entry. 1334 */ 1335 curdev->next = NULL; 1336 curdev->name = strdup(name); 1337 if (curdev->name == NULL) { 1338 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1339 errno, "malloc"); 1340 free(curdev); 1341 return (NULL); 1342 } 1343 if (description == NULL) { 1344 /* 1345 * We weren't handed a description for the interface. 1346 */ 1347 curdev->description = NULL; 1348 } else { 1349 /* 1350 * We were handed a description; make a copy. 1351 */ 1352 curdev->description = strdup(description); 1353 if (curdev->description == NULL) { 1354 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1355 errno, "malloc"); 1356 free(curdev->name); 1357 free(curdev); 1358 return (NULL); 1359 } 1360 } 1361 curdev->addresses = NULL; /* list starts out as empty */ 1362 curdev->flags = flags; 1363 1364 /* 1365 * Add it to the list, in the appropriate location. 1366 * First, get the "figure of merit" for this interface. 1367 */ 1368 this_figure_of_merit = get_figure_of_merit(curdev); 1369 1370 /* 1371 * Now look for the last interface with an figure of merit 1372 * less than or equal to the new interface's figure of merit. 1373 * 1374 * We start with "prevdev" being NULL, meaning we're before 1375 * the first element in the list. 1376 */ 1377 prevdev = NULL; 1378 for (;;) { 1379 /* 1380 * Get the interface after this one. 1381 */ 1382 if (prevdev == NULL) { 1383 /* 1384 * The next element is the first element. 1385 */ 1386 nextdev = devlistp->beginning; 1387 } else 1388 nextdev = prevdev->next; 1389 1390 /* 1391 * Are we at the end of the list? 1392 */ 1393 if (nextdev == NULL) { 1394 /* 1395 * Yes - we have to put the new entry after "prevdev". 1396 */ 1397 break; 1398 } 1399 1400 /* 1401 * Is the new interface's figure of merit less 1402 * than the next interface's figure of merit, 1403 * meaning that the new interface is better 1404 * than the next interface? 1405 */ 1406 nextdev_figure_of_merit = get_figure_of_merit(nextdev); 1407 if (this_figure_of_merit < nextdev_figure_of_merit) { 1408 /* 1409 * Yes - we should put the new entry 1410 * before "nextdev", i.e. after "prevdev". 1411 */ 1412 break; 1413 } 1414 1415 prevdev = nextdev; 1416 } 1417 1418 /* 1419 * Insert before "nextdev". 1420 */ 1421 curdev->next = nextdev; 1422 1423 /* 1424 * Insert after "prevdev" - unless "prevdev" is null, 1425 * in which case this is the first interface. 1426 */ 1427 if (prevdev == NULL) { 1428 /* 1429 * This is the first interface. Make it 1430 * the first element in the list of devices. 1431 */ 1432 devlistp->beginning = curdev; 1433 } else 1434 prevdev->next = curdev; 1435 return (curdev); 1436 } 1437 1438 /* 1439 * Add an entry for the "any" device. 1440 */ 1441 pcap_if_t * 1442 pcap_add_any_dev(pcap_if_list_t *devlistp, char *errbuf) 1443 { 1444 static const char any_descr[] = "Pseudo-device that captures on all interfaces"; 1445 1446 /* 1447 * As it refers to all network devices, not to any particular 1448 * network device, the notion of "connected" vs. "disconnected" 1449 * doesn't apply to the "any" device. 1450 */ 1451 return pcapint_add_dev(devlistp, "any", 1452 PCAP_IF_UP|PCAP_IF_RUNNING|PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE, 1453 any_descr, errbuf); 1454 } 1455 1456 /* 1457 * Free a list of interfaces. 1458 */ 1459 void 1460 pcap_freealldevs(pcap_if_t *alldevs) 1461 { 1462 pcap_if_t *curdev, *nextdev; 1463 pcap_addr_t *curaddr, *nextaddr; 1464 1465 for (curdev = alldevs; curdev != NULL; curdev = nextdev) { 1466 nextdev = curdev->next; 1467 1468 /* 1469 * Free all addresses. 1470 */ 1471 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) { 1472 nextaddr = curaddr->next; 1473 if (curaddr->addr) 1474 free(curaddr->addr); 1475 if (curaddr->netmask) 1476 free(curaddr->netmask); 1477 if (curaddr->broadaddr) 1478 free(curaddr->broadaddr); 1479 if (curaddr->dstaddr) 1480 free(curaddr->dstaddr); 1481 free(curaddr); 1482 } 1483 1484 /* 1485 * Free the name string. 1486 */ 1487 free(curdev->name); 1488 1489 /* 1490 * Free the description string, if any. 1491 */ 1492 if (curdev->description != NULL) 1493 free(curdev->description); 1494 1495 /* 1496 * Free the interface. 1497 */ 1498 free(curdev); 1499 } 1500 } 1501 1502 /* 1503 * pcap-npf.c has its own pcap_lookupdev(), for compatibility reasons, as 1504 * it actually returns the names of all interfaces, with a NUL separator 1505 * between them; some callers may depend on that. 1506 * 1507 * MS-DOS has its own pcap_lookupdev(), but that might be useful only 1508 * as an optimization. 1509 * 1510 * In all other cases, we just use pcap_findalldevs() to get a list of 1511 * devices, and pick from that list. 1512 */ 1513 #if !defined(HAVE_PACKET32) && !defined(MSDOS) 1514 /* 1515 * Return the name of a network interface attached to the system, or NULL 1516 * if none can be found. The interface must be configured up; the 1517 * lowest unit number is preferred; loopback is ignored. 1518 */ 1519 char * 1520 pcap_lookupdev(char *errbuf) 1521 { 1522 pcap_if_t *alldevs; 1523 #ifdef _WIN32 1524 /* 1525 * Windows - use the same size as the old WinPcap 3.1 code. 1526 * XXX - this is probably bigger than it needs to be. 1527 */ 1528 #define IF_NAMESIZE 8192 1529 #else 1530 /* 1531 * UN*X - use the system's interface name size. 1532 * XXX - that might not be large enough for capture devices 1533 * that aren't regular network interfaces. 1534 */ 1535 /* for old BSD systems, including bsdi3 */ 1536 #ifndef IF_NAMESIZE 1537 #define IF_NAMESIZE IFNAMSIZ 1538 #endif 1539 #endif 1540 static char device[IF_NAMESIZE + 1]; 1541 char *ret; 1542 1543 /* 1544 * We disable this in "new API" mode, because 1) in WinPcap/Npcap, 1545 * it may return UTF-16 strings, for backwards-compatibility 1546 * reasons, and we're also disabling the hack to make that work, 1547 * for not-going-past-the-end-of-a-string reasons, and 2) we 1548 * want its behavior to be consistent. 1549 * 1550 * In addition, it's not thread-safe, so we've marked it as 1551 * deprecated. 1552 */ 1553 if (pcapint_new_api) { 1554 snprintf(errbuf, PCAP_ERRBUF_SIZE, 1555 "pcap_lookupdev() is deprecated and is not supported in programs calling pcap_init()"); 1556 return (NULL); 1557 } 1558 1559 if (pcap_findalldevs(&alldevs, errbuf) == -1) 1560 return (NULL); 1561 1562 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) { 1563 /* 1564 * There are no devices on the list, or the first device 1565 * on the list is a loopback device, which means there 1566 * are no non-loopback devices on the list. This means 1567 * we can't return any device. 1568 * 1569 * XXX - why not return a loopback device? If we can't 1570 * capture on it, it won't be on the list, and if it's 1571 * on the list, there aren't any non-loopback devices, 1572 * so why not just supply it as the default device? 1573 */ 1574 (void)pcapint_strlcpy(errbuf, "no suitable device found", 1575 PCAP_ERRBUF_SIZE); 1576 ret = NULL; 1577 } else { 1578 /* 1579 * Return the name of the first device on the list. 1580 */ 1581 (void)pcapint_strlcpy(device, alldevs->name, sizeof(device)); 1582 ret = device; 1583 } 1584 1585 pcap_freealldevs(alldevs); 1586 return (ret); 1587 } 1588 #endif /* !defined(HAVE_PACKET32) && !defined(MSDOS) */ 1589 1590 #if !defined(_WIN32) && !defined(MSDOS) 1591 /* 1592 * We don't just fetch the entire list of devices, search for the 1593 * particular device, and use its first IPv4 address, as that's too 1594 * much work to get just one device's netmask. 1595 * 1596 * If we had an API to get attributes for a given device, we could 1597 * use that. 1598 */ 1599 int 1600 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, 1601 char *errbuf) 1602 { 1603 register int fd; 1604 register struct sockaddr_in *sin4; 1605 struct ifreq ifr; 1606 1607 /* 1608 * The pseudo-device "any" listens on all interfaces and therefore 1609 * has the network address and -mask "0.0.0.0" therefore catching 1610 * all traffic. Using NULL for the interface is the same as "any". 1611 */ 1612 if (!device || strcmp(device, "any") == 0 1613 #ifdef HAVE_DAG_API 1614 || strstr(device, "dag") != NULL 1615 #endif 1616 #ifdef HAVE_SEPTEL_API 1617 || strstr(device, "septel") != NULL 1618 #endif 1619 #ifdef PCAP_SUPPORT_BT 1620 || strstr(device, "bluetooth") != NULL 1621 #endif 1622 #ifdef PCAP_SUPPORT_LINUX_USBMON 1623 || strstr(device, "usbmon") != NULL 1624 #endif 1625 #ifdef HAVE_SNF_API 1626 || strstr(device, "snf") != NULL 1627 #endif 1628 #ifdef PCAP_SUPPORT_NETMAP 1629 || strncmp(device, "netmap:", 7) == 0 1630 || strncmp(device, "vale", 4) == 0 1631 #endif 1632 #ifdef PCAP_SUPPORT_DPDK 1633 || strncmp(device, "dpdk:", 5) == 0 1634 #endif 1635 ) { 1636 *netp = *maskp = 0; 1637 return 0; 1638 } 1639 1640 fd = socket(AF_INET, SOCK_DGRAM, 0); 1641 if (fd < 0) { 1642 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1643 errno, "socket"); 1644 return (-1); 1645 } 1646 memset(&ifr, 0, sizeof(ifr)); 1647 #ifdef __linux__ 1648 /* XXX Work around Linux kernel bug */ 1649 ifr.ifr_addr.sa_family = AF_INET; 1650 #endif 1651 (void)pcapint_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1652 #if defined(__HAIKU__) && defined(__clang__) 1653 /* 1654 * In Haiku R1/beta4 <unistd.h> ioctl() is a macro that needs to take 4 1655 * arguments to initialize its intermediate 2-member structure fully so 1656 * that Clang does not generate a -Wmissing-field-initializers warning 1657 * (which manifests only when it runs with -Werror). This workaround 1658 * can be removed as soon as there is a Haiku release that fixes the 1659 * problem. See also https://review.haiku-os.org/c/haiku/+/6369 1660 */ 1661 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr, sizeof(ifr)) < 0) { 1662 #else 1663 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { 1664 #endif /* __HAIKU__ && __clang__ */ 1665 if (errno == EADDRNOTAVAIL) { 1666 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 1667 "%s: no IPv4 address assigned", device); 1668 } else { 1669 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1670 errno, "SIOCGIFADDR: %s", device); 1671 } 1672 (void)close(fd); 1673 return (-1); 1674 } 1675 sin4 = (struct sockaddr_in *)&ifr.ifr_addr; 1676 *netp = sin4->sin_addr.s_addr; 1677 memset(&ifr, 0, sizeof(ifr)); 1678 #ifdef __linux__ 1679 /* XXX Work around Linux kernel bug */ 1680 ifr.ifr_addr.sa_family = AF_INET; 1681 #endif 1682 (void)pcapint_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1683 #if defined(__HAIKU__) && defined(__clang__) 1684 /* Same as above. */ 1685 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr, sizeof(ifr)) < 0) { 1686 #else 1687 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { 1688 #endif /* __HAIKU__ && __clang__ */ 1689 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1690 errno, "SIOCGIFNETMASK: %s", device); 1691 (void)close(fd); 1692 return (-1); 1693 } 1694 (void)close(fd); 1695 *maskp = sin4->sin_addr.s_addr; 1696 if (*maskp == 0) { 1697 if (IN_CLASSA(*netp)) 1698 *maskp = IN_CLASSA_NET; 1699 else if (IN_CLASSB(*netp)) 1700 *maskp = IN_CLASSB_NET; 1701 else if (IN_CLASSC(*netp)) 1702 *maskp = IN_CLASSC_NET; 1703 else { 1704 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 1705 "inet class for 0x%x unknown", *netp); 1706 return (-1); 1707 } 1708 } 1709 *netp &= *maskp; 1710 return (0); 1711 } 1712 #endif /* !defined(_WIN32) && !defined(MSDOS) */ 1713 1714 #ifdef ENABLE_REMOTE 1715 #include "pcap-rpcap.h" 1716 1717 /* 1718 * Extract a substring from a string. 1719 */ 1720 static char * 1721 get_substring(const char *p, size_t len, char *ebuf) 1722 { 1723 char *token; 1724 1725 token = malloc(len + 1); 1726 if (token == NULL) { 1727 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1728 errno, "malloc"); 1729 return (NULL); 1730 } 1731 memcpy(token, p, len); 1732 token[len] = '\0'; 1733 return (token); 1734 } 1735 1736 /* 1737 * Parse a capture source that might be a URL. 1738 * 1739 * If the source is not a URL, *schemep, *userinfop, *hostp, and *portp 1740 * are set to NULL, *pathp is set to point to the source, and 0 is 1741 * returned. 1742 * 1743 * If source is a URL, and the URL refers to a local device (a special 1744 * case of rpcap:), *schemep, *userinfop, *hostp, and *portp are set 1745 * to NULL, *pathp is set to point to the device name, and 0 is returned. 1746 * 1747 * If source is a URL, and it's not a special case that refers to a local 1748 * device, and the parse succeeds: 1749 * 1750 * *schemep is set to point to an allocated string containing the scheme; 1751 * 1752 * if user information is present in the URL, *userinfop is set to point 1753 * to an allocated string containing the user information, otherwise 1754 * it's set to NULL; 1755 * 1756 * if host information is present in the URL, *hostp is set to point 1757 * to an allocated string containing the host information, otherwise 1758 * it's set to NULL; 1759 * 1760 * if a port number is present in the URL, *portp is set to point 1761 * to an allocated string containing the port number, otherwise 1762 * it's set to NULL; 1763 * 1764 * *pathp is set to point to an allocated string containing the 1765 * path; 1766 * 1767 * and 0 is returned. 1768 * 1769 * If the parse fails, ebuf is set to an error string, and -1 is returned. 1770 */ 1771 static int 1772 pcap_parse_source(const char *source, char **schemep, char **userinfop, 1773 char **hostp, char **portp, char **pathp, char *ebuf) 1774 { 1775 char *colonp; 1776 size_t scheme_len; 1777 char *scheme; 1778 const char *endp; 1779 size_t authority_len; 1780 char *authority; 1781 char *parsep, *atsignp, *bracketp; 1782 char *userinfo, *host, *port, *path; 1783 1784 if (source == NULL) { 1785 snprintf(ebuf, PCAP_ERRBUF_SIZE, 1786 "The source string must not be NULL."); 1787 return (-1); 1788 } 1789 if (! strcmp(source, "")) { 1790 snprintf(ebuf, PCAP_ERRBUF_SIZE, 1791 "The source string must not be empty."); 1792 return (-1); 1793 } 1794 1795 /* 1796 * Start out returning nothing. 1797 */ 1798 *schemep = NULL; 1799 *userinfop = NULL; 1800 *hostp = NULL; 1801 *portp = NULL; 1802 *pathp = NULL; 1803 1804 /* 1805 * RFC 3986 says: 1806 * 1807 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] 1808 * 1809 * hier-part = "//" authority path-abempty 1810 * / path-absolute 1811 * / path-rootless 1812 * / path-empty 1813 * 1814 * authority = [ userinfo "@" ] host [ ":" port ] 1815 * 1816 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) 1817 * 1818 * Step 1: look for the ":" at the end of the scheme. 1819 * A colon in the source is *NOT* sufficient to indicate that 1820 * this is a URL, as interface names on some platforms might 1821 * include colons (e.g., I think some Solaris interfaces 1822 * might). 1823 */ 1824 colonp = strchr(source, ':'); 1825 if (colonp == NULL) { 1826 /* 1827 * The source is the device to open. 1828 * Return a NULL pointer for the scheme, user information, 1829 * host, and port, and return the device as the path. 1830 */ 1831 *pathp = strdup(source); 1832 if (*pathp == NULL) { 1833 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1834 errno, "malloc"); 1835 return (-1); 1836 } 1837 return (0); 1838 } 1839 1840 /* 1841 * All schemes must have "//" after them, i.e. we only support 1842 * hier-part = "//" authority path-abempty, not 1843 * hier-part = path-absolute 1844 * hier-part = path-rootless 1845 * hier-part = path-empty 1846 * 1847 * We need that in order to distinguish between a local device 1848 * name that happens to contain a colon and a URI. 1849 */ 1850 if (strncmp(colonp + 1, "//", 2) != 0) { 1851 /* 1852 * The source is the device to open. 1853 * Return a NULL pointer for the scheme, user information, 1854 * host, and port, and return the device as the path. 1855 */ 1856 *pathp = strdup(source); 1857 if (*pathp == NULL) { 1858 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1859 errno, "malloc"); 1860 return (-1); 1861 } 1862 return (0); 1863 } 1864 1865 /* 1866 * XXX - check whether the purported scheme could be a scheme? 1867 */ 1868 1869 /* 1870 * OK, this looks like a URL. 1871 * Get the scheme. 1872 */ 1873 scheme_len = colonp - source; 1874 scheme = malloc(scheme_len + 1); 1875 if (scheme == NULL) { 1876 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1877 errno, "malloc"); 1878 return (-1); 1879 } 1880 memcpy(scheme, source, scheme_len); 1881 scheme[scheme_len] = '\0'; 1882 1883 /* 1884 * Treat file: specially - take everything after file:// as 1885 * the pathname. 1886 */ 1887 if (pcapint_strcasecmp(scheme, "file") == 0) { 1888 *pathp = strdup(colonp + 3); 1889 if (*pathp == NULL) { 1890 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1891 errno, "malloc"); 1892 free(scheme); 1893 return (-1); 1894 } 1895 *schemep = scheme; 1896 return (0); 1897 } 1898 1899 /* 1900 * The WinPcap documentation says you can specify a local 1901 * interface with "rpcap://{device}"; we special-case 1902 * that here. If the scheme is "rpcap", and there are 1903 * no slashes past the "//", we just return the device. 1904 * 1905 * XXX - %-escaping? 1906 */ 1907 if ((pcapint_strcasecmp(scheme, "rpcap") == 0 || 1908 pcapint_strcasecmp(scheme, "rpcaps") == 0) && 1909 strchr(colonp + 3, '/') == NULL) { 1910 /* 1911 * Local device. 1912 * 1913 * Return a NULL pointer for the scheme, user information, 1914 * host, and port, and return the device as the path. 1915 */ 1916 free(scheme); 1917 *pathp = strdup(colonp + 3); 1918 if (*pathp == NULL) { 1919 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1920 errno, "malloc"); 1921 return (-1); 1922 } 1923 return (0); 1924 } 1925 1926 /* 1927 * OK, now start parsing the authority. 1928 * Get token, terminated with / or terminated at the end of 1929 * the string. 1930 */ 1931 authority_len = strcspn(colonp + 3, "/"); 1932 authority = get_substring(colonp + 3, authority_len, ebuf); 1933 if (authority == NULL) { 1934 /* 1935 * Error. 1936 */ 1937 free(scheme); 1938 return (-1); 1939 } 1940 endp = colonp + 3 + authority_len; 1941 1942 /* 1943 * Now carve the authority field into its components. 1944 */ 1945 parsep = authority; 1946 1947 /* 1948 * Is there a userinfo field? 1949 */ 1950 atsignp = strchr(parsep, '@'); 1951 if (atsignp != NULL) { 1952 /* 1953 * Yes. 1954 */ 1955 size_t userinfo_len; 1956 1957 userinfo_len = atsignp - parsep; 1958 userinfo = get_substring(parsep, userinfo_len, ebuf); 1959 if (userinfo == NULL) { 1960 /* 1961 * Error. 1962 */ 1963 free(authority); 1964 free(scheme); 1965 return (-1); 1966 } 1967 parsep = atsignp + 1; 1968 } else { 1969 /* 1970 * No. 1971 */ 1972 userinfo = NULL; 1973 } 1974 1975 /* 1976 * Is there a host field? 1977 */ 1978 if (*parsep == '\0') { 1979 /* 1980 * No; there's no host field or port field. 1981 */ 1982 host = NULL; 1983 port = NULL; 1984 } else { 1985 /* 1986 * Yes. 1987 */ 1988 size_t host_len; 1989 1990 /* 1991 * Is it an IP-literal? 1992 */ 1993 if (*parsep == '[') { 1994 /* 1995 * Yes. 1996 * Treat everything up to the closing square 1997 * bracket as the IP-Literal; we don't worry 1998 * about whether it's a valid IPv6address or 1999 * IPvFuture (or an IPv4address, for that 2000 * matter, just in case we get handed a 2001 * URL with an IPv4 IP-Literal, of the sort 2002 * that pcap_createsrcstr() used to generate, 2003 * and that pcap_parsesrcstr(), in the original 2004 * WinPcap code, accepted). 2005 */ 2006 bracketp = strchr(parsep, ']'); 2007 if (bracketp == NULL) { 2008 /* 2009 * There's no closing square bracket. 2010 */ 2011 snprintf(ebuf, PCAP_ERRBUF_SIZE, 2012 "IP-literal in URL doesn't end with ]"); 2013 free(userinfo); 2014 free(authority); 2015 free(scheme); 2016 return (-1); 2017 } 2018 if (*(bracketp + 1) != '\0' && 2019 *(bracketp + 1) != ':') { 2020 /* 2021 * There's extra crud after the 2022 * closing square bracket. 2023 */ 2024 snprintf(ebuf, PCAP_ERRBUF_SIZE, 2025 "Extra text after IP-literal in URL"); 2026 free(userinfo); 2027 free(authority); 2028 free(scheme); 2029 return (-1); 2030 } 2031 host_len = (bracketp - 1) - parsep; 2032 host = get_substring(parsep + 1, host_len, ebuf); 2033 if (host == NULL) { 2034 /* 2035 * Error. 2036 */ 2037 free(userinfo); 2038 free(authority); 2039 free(scheme); 2040 return (-1); 2041 } 2042 parsep = bracketp + 1; 2043 } else { 2044 /* 2045 * No. 2046 * Treat everything up to a : or the end of 2047 * the string as the host. 2048 */ 2049 host_len = strcspn(parsep, ":"); 2050 host = get_substring(parsep, host_len, ebuf); 2051 if (host == NULL) { 2052 /* 2053 * Error. 2054 */ 2055 free(userinfo); 2056 free(authority); 2057 free(scheme); 2058 return (-1); 2059 } 2060 parsep = parsep + host_len; 2061 } 2062 2063 /* 2064 * Is there a port field? 2065 */ 2066 if (*parsep == ':') { 2067 /* 2068 * Yes. It's the rest of the authority field. 2069 */ 2070 size_t port_len; 2071 2072 parsep++; 2073 port_len = strlen(parsep); 2074 port = get_substring(parsep, port_len, ebuf); 2075 if (port == NULL) { 2076 /* 2077 * Error. 2078 */ 2079 free(host); 2080 free(userinfo); 2081 free(authority); 2082 free(scheme); 2083 return (-1); 2084 } 2085 } else { 2086 /* 2087 * No. 2088 */ 2089 port = NULL; 2090 } 2091 } 2092 free(authority); 2093 2094 /* 2095 * Everything else is the path. Strip off the leading /. 2096 */ 2097 if (*endp == '\0') 2098 path = strdup(""); 2099 else 2100 path = strdup(endp + 1); 2101 if (path == NULL) { 2102 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2103 errno, "malloc"); 2104 free(port); 2105 free(host); 2106 free(userinfo); 2107 free(scheme); 2108 return (-1); 2109 } 2110 *schemep = scheme; 2111 *userinfop = userinfo; 2112 *hostp = host; 2113 *portp = port; 2114 *pathp = path; 2115 return (0); 2116 } 2117 2118 int 2119 pcapint_createsrcstr_ex(char *source, int type, const char *host, const char *port, 2120 const char *name, unsigned char uses_ssl, char *errbuf) 2121 { 2122 switch (type) { 2123 2124 case PCAP_SRC_FILE: 2125 pcapint_strlcpy(source, PCAP_SRC_FILE_STRING, PCAP_BUF_SIZE); 2126 if (name != NULL && *name != '\0') { 2127 pcapint_strlcat(source, name, PCAP_BUF_SIZE); 2128 return (0); 2129 } else { 2130 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2131 "The file name cannot be NULL."); 2132 return (-1); 2133 } 2134 2135 case PCAP_SRC_IFREMOTE: 2136 pcapint_strlcpy(source, 2137 (uses_ssl ? "rpcaps://" : PCAP_SRC_IF_STRING), 2138 PCAP_BUF_SIZE); 2139 if (host != NULL && *host != '\0') { 2140 if (strchr(host, ':') != NULL) { 2141 /* 2142 * The host name contains a colon, so it's 2143 * probably an IPv6 address, and needs to 2144 * be included in square brackets. 2145 */ 2146 pcapint_strlcat(source, "[", PCAP_BUF_SIZE); 2147 pcapint_strlcat(source, host, PCAP_BUF_SIZE); 2148 pcapint_strlcat(source, "]", PCAP_BUF_SIZE); 2149 } else 2150 pcapint_strlcat(source, host, PCAP_BUF_SIZE); 2151 2152 if (port != NULL && *port != '\0') { 2153 pcapint_strlcat(source, ":", PCAP_BUF_SIZE); 2154 pcapint_strlcat(source, port, PCAP_BUF_SIZE); 2155 } 2156 2157 pcapint_strlcat(source, "/", PCAP_BUF_SIZE); 2158 } else { 2159 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2160 "The host name cannot be NULL."); 2161 return (-1); 2162 } 2163 2164 if (name != NULL && *name != '\0') 2165 pcapint_strlcat(source, name, PCAP_BUF_SIZE); 2166 2167 return (0); 2168 2169 case PCAP_SRC_IFLOCAL: 2170 pcapint_strlcpy(source, PCAP_SRC_IF_STRING, PCAP_BUF_SIZE); 2171 2172 if (name != NULL && *name != '\0') 2173 pcapint_strlcat(source, name, PCAP_BUF_SIZE); 2174 2175 return (0); 2176 2177 default: 2178 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2179 "The interface type is not valid."); 2180 return (-1); 2181 } 2182 } 2183 2184 2185 int 2186 pcap_createsrcstr(char *source, int type, const char *host, const char *port, 2187 const char *name, char *errbuf) 2188 { 2189 return (pcapint_createsrcstr_ex(source, type, host, port, name, 0, errbuf)); 2190 } 2191 2192 int 2193 pcapint_parsesrcstr_ex(const char *source, int *type, char *host, char *port, 2194 char *name, unsigned char *uses_ssl, char *errbuf) 2195 { 2196 char *scheme, *tmpuserinfo, *tmphost, *tmpport, *tmppath; 2197 2198 /* Initialization stuff */ 2199 if (host) 2200 *host = '\0'; 2201 if (port) 2202 *port = '\0'; 2203 if (name) 2204 *name = '\0'; 2205 if (uses_ssl) 2206 *uses_ssl = 0; 2207 2208 /* Parse the source string */ 2209 if (pcap_parse_source(source, &scheme, &tmpuserinfo, &tmphost, 2210 &tmpport, &tmppath, errbuf) == -1) { 2211 /* 2212 * Fail. 2213 */ 2214 return (-1); 2215 } 2216 2217 if (scheme == NULL) { 2218 /* 2219 * Local device. 2220 */ 2221 if (name && tmppath) 2222 pcapint_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2223 if (type) 2224 *type = PCAP_SRC_IFLOCAL; 2225 free(tmppath); 2226 free(tmpport); 2227 free(tmphost); 2228 free(tmpuserinfo); 2229 return (0); 2230 } 2231 2232 int is_rpcap = 0; 2233 if (strcmp(scheme, "rpcaps") == 0) { 2234 is_rpcap = 1; 2235 if (uses_ssl) *uses_ssl = 1; 2236 } else if (strcmp(scheme, "rpcap") == 0) { 2237 is_rpcap = 1; 2238 } 2239 2240 if (is_rpcap) { 2241 /* 2242 * rpcap[s]:// 2243 * 2244 * pcap_parse_source() has already handled the case of 2245 * rpcap[s]://device 2246 */ 2247 if (host && tmphost) { 2248 if (tmpuserinfo) 2249 snprintf(host, PCAP_BUF_SIZE, "%s@%s", 2250 tmpuserinfo, tmphost); 2251 else 2252 pcapint_strlcpy(host, tmphost, PCAP_BUF_SIZE); 2253 } 2254 if (port && tmpport) 2255 pcapint_strlcpy(port, tmpport, PCAP_BUF_SIZE); 2256 if (name && tmppath) 2257 pcapint_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2258 if (type) 2259 *type = PCAP_SRC_IFREMOTE; 2260 free(tmppath); 2261 free(tmpport); 2262 free(tmphost); 2263 free(tmpuserinfo); 2264 free(scheme); 2265 return (0); 2266 } 2267 2268 if (strcmp(scheme, "file") == 0) { 2269 /* 2270 * file:// 2271 */ 2272 if (name && tmppath) 2273 pcapint_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2274 if (type) 2275 *type = PCAP_SRC_FILE; 2276 free(tmppath); 2277 free(tmpport); 2278 free(tmphost); 2279 free(tmpuserinfo); 2280 free(scheme); 2281 return (0); 2282 } 2283 2284 /* 2285 * The code above has already completely handled the case of no scheme, 2286 * as well as each case of a valid scheme. 2287 */ 2288 snprintf(errbuf, PCAP_ERRBUF_SIZE, "The source string URL scheme is not supported."); 2289 free(tmppath); 2290 free(tmpport); 2291 free(tmphost); 2292 free(tmpuserinfo); 2293 free(scheme); 2294 return (-1); 2295 } 2296 2297 int 2298 pcap_parsesrcstr(const char *source, int *type, char *host, char *port, 2299 char *name, char *errbuf) 2300 { 2301 return (pcapint_parsesrcstr_ex(source, type, host, port, name, NULL, errbuf)); 2302 } 2303 #endif 2304 2305 pcap_t * 2306 pcap_create(const char *device, char *errbuf) 2307 { 2308 size_t i; 2309 int is_theirs; 2310 pcap_t *p; 2311 char *device_str; 2312 2313 /* 2314 * A null device name is equivalent to the "any" device - 2315 * which might not be supported on this platform, but 2316 * this means that you'll get a "not supported" error 2317 * rather than, say, a crash when we try to dereference 2318 * the null pointer. 2319 */ 2320 if (device == NULL) 2321 device_str = strdup("any"); 2322 else { 2323 #ifdef _WIN32 2324 /* 2325 * On Windows, for backwards compatibility reasons, 2326 * pcap_lookupdev() returns a pointer to a sequence of 2327 * pairs of UTF-16LE device names and local code page 2328 * description strings. 2329 * 2330 * This means that if a program uses pcap_lookupdev() 2331 * to get a default device, and hands that to an API 2332 * that opens devices, we'll get handed a UTF-16LE 2333 * string, not a string in the local code page. 2334 * 2335 * To work around that, we check whether the string 2336 * looks as if it might be a UTF-16LE string and, if 2337 * so, convert it back to the local code page's 2338 * extended ASCII. 2339 * 2340 * We disable that check in "new API" mode, because: 2341 * 2342 * 1) You *cannot* reliably detect whether a 2343 * string is UTF-16LE or not; "a" could either 2344 * be a one-character ASCII string or the first 2345 * character of a UTF-16LE string. 2346 * 2347 * 2) Doing that test can run past the end of 2348 * the string, if it's a 1-character ASCII 2349 * string 2350 * 2351 * This particular version of this heuristic dates 2352 * back to WinPcap 4.1.1; PacketOpenAdapter() does 2353 * uses the same heuristic, with the exact same 2354 * vulnerability. 2355 * 2356 * That's why we disable this in "new API" mode. 2357 * We keep it around in legacy mode for backwards 2358 * compatibility. 2359 */ 2360 if (!pcapint_new_api && device[0] != '\0' && device[1] == '\0') { 2361 size_t length; 2362 2363 length = wcslen((wchar_t *)device); 2364 device_str = (char *)malloc(length + 1); 2365 if (device_str == NULL) { 2366 pcapint_fmt_errmsg_for_errno(errbuf, 2367 PCAP_ERRBUF_SIZE, errno, 2368 "malloc"); 2369 return (NULL); 2370 } 2371 2372 snprintf(device_str, length + 1, "%ws", 2373 (const wchar_t *)device); 2374 } else 2375 #endif 2376 device_str = strdup(device); 2377 } 2378 if (device_str == NULL) { 2379 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 2380 errno, "malloc"); 2381 return (NULL); 2382 } 2383 2384 /* 2385 * Try each of the non-local-network-interface capture 2386 * source types until we find one that works for this 2387 * device or run out of types. 2388 */ 2389 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 2390 is_theirs = 0; 2391 p = capture_source_types[i].create_op(device_str, errbuf, 2392 &is_theirs); 2393 if (is_theirs) { 2394 /* 2395 * The device name refers to a device of the 2396 * type in question; either it succeeded, 2397 * in which case p refers to a pcap_t to 2398 * later activate for the device, or it 2399 * failed, in which case p is null and we 2400 * should return that to report the failure 2401 * to create. 2402 */ 2403 if (p == NULL) { 2404 /* 2405 * We assume the caller filled in errbuf. 2406 */ 2407 free(device_str); 2408 return (NULL); 2409 } 2410 p->opt.device = device_str; 2411 return (p); 2412 } 2413 } 2414 2415 /* 2416 * OK, try it as a regular network interface. 2417 */ 2418 p = pcapint_create_interface(device_str, errbuf); 2419 if (p == NULL) { 2420 /* 2421 * We assume the caller filled in errbuf. 2422 */ 2423 free(device_str); 2424 return (NULL); 2425 } 2426 p->opt.device = device_str; 2427 return (p); 2428 } 2429 2430 /* 2431 * Set nonblocking mode on an unactivated pcap_t; this sets a flag 2432 * checked by pcap_activate(), which sets the mode after calling 2433 * the activate routine. 2434 */ 2435 static int 2436 pcap_setnonblock_unactivated(pcap_t *p, int nonblock) 2437 { 2438 p->opt.nonblock = nonblock; 2439 return (0); 2440 } 2441 2442 static void 2443 initialize_ops(pcap_t *p) 2444 { 2445 /* 2446 * Set operation pointers for operations that only work on 2447 * an activated pcap_t to point to a routine that returns 2448 * a "this isn't activated" error. 2449 */ 2450 p->read_op = pcap_read_not_initialized; 2451 p->inject_op = pcap_inject_not_initialized; 2452 p->setfilter_op = pcap_setfilter_not_initialized; 2453 p->setdirection_op = pcap_setdirection_not_initialized; 2454 p->set_datalink_op = pcap_set_datalink_not_initialized; 2455 p->getnonblock_op = pcap_getnonblock_not_initialized; 2456 p->stats_op = pcap_stats_not_initialized; 2457 #ifdef _WIN32 2458 p->stats_ex_op = pcap_stats_ex_not_initialized; 2459 p->setbuff_op = pcap_setbuff_not_initialized; 2460 p->setmode_op = pcap_setmode_not_initialized; 2461 p->setmintocopy_op = pcap_setmintocopy_not_initialized; 2462 p->getevent_op = pcap_getevent_not_initialized; 2463 p->oid_get_request_op = pcap_oid_get_request_not_initialized; 2464 p->oid_set_request_op = pcap_oid_set_request_not_initialized; 2465 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized; 2466 p->setuserbuffer_op = pcap_setuserbuffer_not_initialized; 2467 p->live_dump_op = pcap_live_dump_not_initialized; 2468 p->live_dump_ended_op = pcap_live_dump_ended_not_initialized; 2469 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized; 2470 #endif 2471 2472 /* 2473 * Default cleanup operation - implementations can override 2474 * this, but should call pcapint_cleanup_live_common() after 2475 * doing their own additional cleanup. 2476 */ 2477 p->cleanup_op = pcapint_cleanup_live_common; 2478 2479 /* 2480 * In most cases, the standard one-shot callback can 2481 * be used for pcap_next()/pcap_next_ex(). 2482 */ 2483 p->oneshot_callback = pcapint_oneshot; 2484 2485 /* 2486 * Default breakloop operation - implementations can override 2487 * this, but should call pcapint_breakloop_common() before doing 2488 * their own logic. 2489 */ 2490 p->breakloop_op = pcapint_breakloop_common; 2491 } 2492 2493 static pcap_t * 2494 pcap_alloc_pcap_t(char *ebuf, size_t total_size, size_t private_offset) 2495 { 2496 char *chunk; 2497 pcap_t *p; 2498 2499 /* 2500 * total_size is the size of a structure containing a pcap_t 2501 * followed by a private structure. 2502 */ 2503 chunk = calloc(total_size, 1); 2504 if (chunk == NULL) { 2505 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2506 errno, "malloc"); 2507 return (NULL); 2508 } 2509 2510 /* 2511 * Get a pointer to the pcap_t at the beginning. 2512 */ 2513 p = (pcap_t *)chunk; 2514 2515 #ifdef _WIN32 2516 p->handle = INVALID_HANDLE_VALUE; /* not opened yet */ 2517 #else /* _WIN32 */ 2518 p->fd = -1; /* not opened yet */ 2519 #ifndef MSDOS 2520 p->selectable_fd = -1; 2521 p->required_select_timeout = NULL; 2522 #endif /* MSDOS */ 2523 #endif /* _WIN32 */ 2524 2525 /* 2526 * private_offset is the offset, in bytes, of the private 2527 * data from the beginning of the structure. 2528 * 2529 * Set the pointer to the private data; that's private_offset 2530 * bytes past the pcap_t. 2531 */ 2532 p->priv = (void *)(chunk + private_offset); 2533 2534 return (p); 2535 } 2536 2537 pcap_t * 2538 pcapint_create_common(char *ebuf, size_t total_size, size_t private_offset) 2539 { 2540 pcap_t *p; 2541 2542 p = pcap_alloc_pcap_t(ebuf, total_size, private_offset); 2543 if (p == NULL) 2544 return (NULL); 2545 2546 /* 2547 * Default to "can't set rfmon mode"; if it's supported by 2548 * a platform, the create routine that called us can set 2549 * the op to its routine to check whether a particular 2550 * device supports it. 2551 */ 2552 p->can_set_rfmon_op = pcap_cant_set_rfmon; 2553 2554 /* 2555 * If pcap_setnonblock() is called on a not-yet-activated 2556 * pcap_t, default to setting a flag and turning 2557 * on non-blocking mode when activated. 2558 */ 2559 p->setnonblock_op = pcap_setnonblock_unactivated; 2560 2561 initialize_ops(p); 2562 2563 /* put in some defaults*/ 2564 p->snapshot = 0; /* max packet size unspecified */ 2565 p->opt.timeout = 0; /* no timeout specified */ 2566 p->opt.buffer_size = 0; /* use the platform's default */ 2567 p->opt.promisc = 0; 2568 p->opt.rfmon = 0; 2569 p->opt.immediate = 0; 2570 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 2571 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2572 /* 2573 * Platform-dependent options. 2574 */ 2575 #ifdef __linux__ 2576 p->opt.protocol = 0; 2577 #endif 2578 #ifdef _WIN32 2579 p->opt.nocapture_local = 0; 2580 #endif 2581 2582 /* 2583 * Start out with no BPF code generation flags set. 2584 */ 2585 p->bpf_codegen_flags = 0; 2586 2587 return (p); 2588 } 2589 2590 int 2591 pcapint_check_activated(pcap_t *p) 2592 { 2593 if (p->activated) { 2594 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 2595 " operation on activated capture"); 2596 return (-1); 2597 } 2598 return (0); 2599 } 2600 2601 int 2602 pcap_set_snaplen(pcap_t *p, int snaplen) 2603 { 2604 if (pcapint_check_activated(p)) 2605 return (PCAP_ERROR_ACTIVATED); 2606 p->snapshot = snaplen; 2607 return (0); 2608 } 2609 2610 int 2611 pcap_set_promisc(pcap_t *p, int promisc) 2612 { 2613 if (pcapint_check_activated(p)) 2614 return (PCAP_ERROR_ACTIVATED); 2615 p->opt.promisc = promisc; 2616 return (0); 2617 } 2618 2619 int 2620 pcap_set_rfmon(pcap_t *p, int rfmon) 2621 { 2622 if (pcapint_check_activated(p)) 2623 return (PCAP_ERROR_ACTIVATED); 2624 p->opt.rfmon = rfmon; 2625 return (0); 2626 } 2627 2628 int 2629 pcap_set_timeout(pcap_t *p, int timeout_ms) 2630 { 2631 if (pcapint_check_activated(p)) 2632 return (PCAP_ERROR_ACTIVATED); 2633 p->opt.timeout = timeout_ms; 2634 return (0); 2635 } 2636 2637 int 2638 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 2639 { 2640 int i; 2641 2642 if (pcapint_check_activated(p)) 2643 return (PCAP_ERROR_ACTIVATED); 2644 2645 /* 2646 * The argument should have been u_int, but that's too late 2647 * to change now - it's an API. 2648 */ 2649 if (tstamp_type < 0) 2650 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2651 2652 /* 2653 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; 2654 * the default time stamp type is PCAP_TSTAMP_HOST. 2655 */ 2656 if (p->tstamp_type_count == 0) { 2657 if (tstamp_type == PCAP_TSTAMP_HOST) { 2658 p->opt.tstamp_type = tstamp_type; 2659 return (0); 2660 } 2661 } else { 2662 /* 2663 * Check whether we claim to support this type of time stamp. 2664 */ 2665 for (i = 0; i < p->tstamp_type_count; i++) { 2666 if (p->tstamp_type_list[i] == (u_int)tstamp_type) { 2667 /* 2668 * Yes. 2669 */ 2670 p->opt.tstamp_type = tstamp_type; 2671 return (0); 2672 } 2673 } 2674 } 2675 2676 /* 2677 * We don't support this type of time stamp. 2678 */ 2679 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2680 } 2681 2682 int 2683 pcap_set_immediate_mode(pcap_t *p, int immediate) 2684 { 2685 if (pcapint_check_activated(p)) 2686 return (PCAP_ERROR_ACTIVATED); 2687 p->opt.immediate = immediate; 2688 return (0); 2689 } 2690 2691 int 2692 pcap_set_buffer_size(pcap_t *p, int buffer_size) 2693 { 2694 if (pcapint_check_activated(p)) 2695 return (PCAP_ERROR_ACTIVATED); 2696 if (buffer_size <= 0) { 2697 /* 2698 * Silently ignore invalid values. 2699 */ 2700 return (0); 2701 } 2702 p->opt.buffer_size = buffer_size; 2703 return (0); 2704 } 2705 2706 int 2707 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) 2708 { 2709 int i; 2710 2711 if (pcapint_check_activated(p)) 2712 return (PCAP_ERROR_ACTIVATED); 2713 2714 /* 2715 * The argument should have been u_int, but that's too late 2716 * to change now - it's an API. 2717 */ 2718 if (tstamp_precision < 0) 2719 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2720 2721 /* 2722 * If p->tstamp_precision_count is 0, we only support setting 2723 * the time stamp precision to microsecond precision; every 2724 * pcap module *MUST* support microsecond precision, even if 2725 * it does so by converting the native precision to 2726 * microseconds. 2727 */ 2728 if (p->tstamp_precision_count == 0) { 2729 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) { 2730 p->opt.tstamp_precision = tstamp_precision; 2731 return (0); 2732 } 2733 } else { 2734 /* 2735 * Check whether we claim to support this precision of 2736 * time stamp. 2737 */ 2738 for (i = 0; i < p->tstamp_precision_count; i++) { 2739 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { 2740 /* 2741 * Yes. 2742 */ 2743 p->opt.tstamp_precision = tstamp_precision; 2744 return (0); 2745 } 2746 } 2747 } 2748 2749 /* 2750 * We don't support this time stamp precision. 2751 */ 2752 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2753 } 2754 2755 int 2756 pcap_get_tstamp_precision(pcap_t *p) 2757 { 2758 return (p->opt.tstamp_precision); 2759 } 2760 2761 int 2762 pcap_activate(pcap_t *p) 2763 { 2764 int status; 2765 2766 /* 2767 * Catch attempts to re-activate an already-activated 2768 * pcap_t; this should, for example, catch code that 2769 * calls pcap_open_live() followed by pcap_activate(), 2770 * as some code that showed up in a Stack Exchange 2771 * question did. 2772 */ 2773 if (pcapint_check_activated(p)) 2774 return (PCAP_ERROR_ACTIVATED); 2775 status = p->activate_op(p); 2776 if (status >= 0) { 2777 /* 2778 * If somebody requested non-blocking mode before 2779 * calling pcap_activate(), turn it on now. 2780 */ 2781 if (p->opt.nonblock) { 2782 status = p->setnonblock_op(p, 1); 2783 if (status < 0) { 2784 /* 2785 * Failed. Undo everything done by 2786 * the activate operation. 2787 */ 2788 p->cleanup_op(p); 2789 initialize_ops(p); 2790 return (status); 2791 } 2792 } 2793 p->activated = 1; 2794 } else { 2795 if (p->errbuf[0] == '\0') { 2796 /* 2797 * No error message supplied by the activate routine; 2798 * for the benefit of programs that don't specially 2799 * handle errors other than PCAP_ERROR, return the 2800 * error message corresponding to the status. 2801 */ 2802 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 2803 pcap_statustostr(status)); 2804 } 2805 2806 /* 2807 * Undo any operation pointer setting, etc. done by 2808 * the activate operation. 2809 */ 2810 initialize_ops(p); 2811 } 2812 return (status); 2813 } 2814 2815 pcap_t * 2816 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf) 2817 { 2818 pcap_t *p; 2819 int status; 2820 #ifdef ENABLE_REMOTE 2821 char host[PCAP_BUF_SIZE + 1]; 2822 char port[PCAP_BUF_SIZE + 1]; 2823 char name[PCAP_BUF_SIZE + 1]; 2824 int srctype; 2825 2826 /* 2827 * A null device name is equivalent to the "any" device - 2828 * which might not be supported on this platform, but 2829 * this means that you'll get a "not supported" error 2830 * rather than, say, a crash when we try to dereference 2831 * the null pointer. 2832 */ 2833 if (device == NULL) 2834 device = "any"; 2835 2836 /* 2837 * Retrofit - we have to make older applications compatible with 2838 * remote capture. 2839 * So we're calling pcap_open_remote() from here; this is a very 2840 * dirty hack. 2841 * Obviously, we cannot exploit all the new features; for instance, 2842 * we cannot send authentication, we cannot use a UDP data connection, 2843 * and so on. 2844 */ 2845 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf)) 2846 return (NULL); 2847 2848 if (srctype == PCAP_SRC_IFREMOTE) { 2849 /* 2850 * Although we already have host, port and iface, we prefer 2851 * to pass only 'device' to pcap_open_rpcap(), so that it has 2852 * to call pcap_parsesrcstr() again. 2853 * This is less optimized, but much clearer. 2854 */ 2855 return (pcap_open_rpcap(device, snaplen, 2856 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms, 2857 NULL, errbuf)); 2858 } 2859 if (srctype == PCAP_SRC_FILE) { 2860 snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\""); 2861 return (NULL); 2862 } 2863 if (srctype == PCAP_SRC_IFLOCAL) { 2864 /* 2865 * If it starts with rpcap://, that refers to a local device 2866 * (no host part in the URL). Remove the rpcap://, and 2867 * fall through to the regular open path. 2868 */ 2869 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) { 2870 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1; 2871 2872 if (len > 0) 2873 device += strlen(PCAP_SRC_IF_STRING); 2874 } 2875 } 2876 #endif /* ENABLE_REMOTE */ 2877 2878 p = pcap_create(device, errbuf); 2879 if (p == NULL) 2880 return (NULL); 2881 status = pcap_set_snaplen(p, snaplen); 2882 if (status < 0) 2883 goto fail; 2884 status = pcap_set_promisc(p, promisc); 2885 if (status < 0) 2886 goto fail; 2887 status = pcap_set_timeout(p, to_ms); 2888 if (status < 0) 2889 goto fail; 2890 /* 2891 * Mark this as opened with pcap_open_live(), so that, for 2892 * example, we show the full list of DLT_ values, rather 2893 * than just the ones that are compatible with capturing 2894 * when not in monitor mode. That allows existing applications 2895 * to work the way they used to work, but allows new applications 2896 * that know about the new open API to, for example, find out the 2897 * DLT_ values that they can select without changing whether 2898 * the adapter is in monitor mode or not. 2899 */ 2900 p->oldstyle = 1; 2901 status = pcap_activate(p); 2902 if (status < 0) 2903 goto fail; 2904 return (p); 2905 fail: 2906 if (status == PCAP_ERROR) { 2907 /* 2908 * Another buffer is a bit cumbersome, but it avoids 2909 * -Wformat-truncation. 2910 */ 2911 char trimbuf[PCAP_ERRBUF_SIZE - 5]; /* 2 bytes shorter */ 2912 2913 pcapint_strlcpy(trimbuf, p->errbuf, sizeof(trimbuf)); 2914 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %.*s", device, 2915 PCAP_ERRBUF_SIZE - 3, trimbuf); 2916 } else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 2917 status == PCAP_ERROR_PERM_DENIED || 2918 status == PCAP_ERROR_PROMISC_PERM_DENIED) { 2919 /* 2920 * Only show the additional message if it's not 2921 * empty. 2922 */ 2923 if (p->errbuf[0] != '\0') { 2924 /* 2925 * Idem. 2926 */ 2927 char trimbuf[PCAP_ERRBUF_SIZE - 8]; /* 2 bytes shorter */ 2928 2929 pcapint_strlcpy(trimbuf, p->errbuf, sizeof(trimbuf)); 2930 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%.*s)", 2931 device, pcap_statustostr(status), 2932 PCAP_ERRBUF_SIZE - 6, trimbuf); 2933 } else { 2934 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", 2935 device, pcap_statustostr(status)); 2936 } 2937 } else { 2938 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 2939 pcap_statustostr(status)); 2940 } 2941 pcap_close(p); 2942 return (NULL); 2943 } 2944 2945 pcap_t * 2946 pcapint_open_offline_common(char *ebuf, size_t total_size, size_t private_offset) 2947 { 2948 pcap_t *p; 2949 2950 p = pcap_alloc_pcap_t(ebuf, total_size, private_offset); 2951 if (p == NULL) 2952 return (NULL); 2953 2954 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2955 2956 return (p); 2957 } 2958 2959 int 2960 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2961 { 2962 return (p->read_op(p, cnt, callback, user)); 2963 } 2964 2965 int 2966 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2967 { 2968 register int n; 2969 2970 for (;;) { 2971 if (p->rfile != NULL) { 2972 /* 2973 * 0 means EOF, so don't loop if we get 0. 2974 */ 2975 n = pcapint_offline_read(p, cnt, callback, user); 2976 } else { 2977 /* 2978 * XXX keep reading until we get something 2979 * (or an error occurs) 2980 */ 2981 do { 2982 n = p->read_op(p, cnt, callback, user); 2983 } while (n == 0); 2984 } 2985 if (n <= 0) 2986 return (n); 2987 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) { 2988 cnt -= n; 2989 if (cnt <= 0) 2990 return (0); 2991 } 2992 } 2993 } 2994 2995 /* 2996 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 2997 */ 2998 void 2999 pcap_breakloop(pcap_t *p) 3000 { 3001 p->breakloop_op(p); 3002 } 3003 3004 int 3005 pcap_datalink(pcap_t *p) 3006 { 3007 if (!p->activated) 3008 return (PCAP_ERROR_NOT_ACTIVATED); 3009 return (p->linktype); 3010 } 3011 3012 int 3013 pcap_datalink_ext(pcap_t *p) 3014 { 3015 if (!p->activated) 3016 return (PCAP_ERROR_NOT_ACTIVATED); 3017 return (p->linktype_ext); 3018 } 3019 3020 int 3021 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 3022 { 3023 if (!p->activated) 3024 return (PCAP_ERROR_NOT_ACTIVATED); 3025 if (p->dlt_count == 0) { 3026 /* 3027 * We couldn't fetch the list of DLTs, which means 3028 * this platform doesn't support changing the 3029 * DLT for an interface. Return a list of DLTs 3030 * containing only the DLT this device supports. 3031 */ 3032 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 3033 if (*dlt_buffer == NULL) { 3034 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 3035 errno, "malloc"); 3036 return (PCAP_ERROR); 3037 } 3038 **dlt_buffer = p->linktype; 3039 return (1); 3040 } else { 3041 *dlt_buffer = (int*)calloc(p->dlt_count, sizeof(**dlt_buffer)); 3042 if (*dlt_buffer == NULL) { 3043 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 3044 errno, "malloc"); 3045 return (PCAP_ERROR); 3046 } 3047 (void)memcpy(*dlt_buffer, p->dlt_list, 3048 sizeof(**dlt_buffer) * p->dlt_count); 3049 return (p->dlt_count); 3050 } 3051 } 3052 3053 /* 3054 * In Windows, you might have a library built with one version of the 3055 * C runtime library and an application built with another version of 3056 * the C runtime library, which means that the library might use one 3057 * version of malloc() and free() and the application might use another 3058 * version of malloc() and free(). If so, that means something 3059 * allocated by the library cannot be freed by the application, so we 3060 * need to have a pcap_free_datalinks() routine to free up the list 3061 * allocated by pcap_list_datalinks(), even though it's just a wrapper 3062 * around free(). 3063 */ 3064 void 3065 pcap_free_datalinks(int *dlt_list) 3066 { 3067 free(dlt_list); 3068 } 3069 3070 int 3071 pcap_set_datalink(pcap_t *p, int dlt) 3072 { 3073 int i; 3074 const char *dlt_name; 3075 3076 if (dlt < 0) 3077 goto unsupported; 3078 3079 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 3080 /* 3081 * We couldn't fetch the list of DLTs, or we don't 3082 * have a "set datalink" operation, which means 3083 * this platform doesn't support changing the 3084 * DLT for an interface. Check whether the new 3085 * DLT is the one this interface supports. 3086 */ 3087 if (p->linktype != dlt) 3088 goto unsupported; 3089 3090 /* 3091 * It is, so there's nothing we need to do here. 3092 */ 3093 return (0); 3094 } 3095 for (i = 0; i < p->dlt_count; i++) 3096 if (p->dlt_list[i] == (u_int)dlt) 3097 break; 3098 if (i >= p->dlt_count) 3099 goto unsupported; 3100 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 3101 dlt == DLT_DOCSIS) { 3102 /* 3103 * This is presumably an Ethernet device, as the first 3104 * link-layer type it offers is DLT_EN10MB, and the only 3105 * other type it offers is DLT_DOCSIS. That means that 3106 * we can't tell the driver to supply DOCSIS link-layer 3107 * headers - we're just pretending that's what we're 3108 * getting, as, presumably, we're capturing on a dedicated 3109 * link to a Cisco Cable Modem Termination System, and 3110 * it's putting raw DOCSIS frames on the wire inside low-level 3111 * Ethernet framing. 3112 */ 3113 p->linktype = dlt; 3114 return (0); 3115 } 3116 if (p->set_datalink_op(p, dlt) == -1) 3117 return (-1); 3118 p->linktype = dlt; 3119 return (0); 3120 3121 unsupported: 3122 dlt_name = pcap_datalink_val_to_name(dlt); 3123 if (dlt_name != NULL) { 3124 (void) snprintf(p->errbuf, sizeof(p->errbuf), 3125 "%s is not one of the DLTs supported by this device", 3126 dlt_name); 3127 } else { 3128 (void) snprintf(p->errbuf, sizeof(p->errbuf), 3129 "DLT %d is not one of the DLTs supported by this device", 3130 dlt); 3131 } 3132 return (-1); 3133 } 3134 3135 /* 3136 * This array is designed for mapping upper and lower case letter 3137 * together for a case independent comparison. The mappings are 3138 * based upon ascii character sequences. 3139 */ 3140 static const u_char charmap[] = { 3141 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 3142 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 3143 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 3144 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 3145 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 3146 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 3147 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 3148 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 3149 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 3150 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 3151 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 3152 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 3153 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 3154 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 3155 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 3156 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 3157 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 3158 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 3159 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 3160 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 3161 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 3162 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 3163 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 3164 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 3165 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 3166 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 3167 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 3168 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 3169 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 3170 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 3171 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 3172 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 3173 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 3174 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 3175 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 3176 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 3177 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 3178 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 3179 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 3180 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 3181 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 3182 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 3183 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 3184 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 3185 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 3186 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 3187 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 3188 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 3189 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 3190 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 3191 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 3192 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 3193 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 3194 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 3195 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 3196 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 3197 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 3198 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 3199 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 3200 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 3201 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 3202 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 3203 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 3204 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 3205 }; 3206 3207 int 3208 pcapint_strcasecmp(const char *s1, const char *s2) 3209 { 3210 register const u_char *cm = charmap, 3211 *us1 = (const u_char *)s1, 3212 *us2 = (const u_char *)s2; 3213 3214 while (cm[*us1] == cm[*us2++]) 3215 if (*us1++ == '\0') 3216 return(0); 3217 return (cm[*us1] - cm[*--us2]); 3218 } 3219 3220 struct dlt_choice { 3221 const char *name; 3222 const char *description; 3223 int dlt; 3224 }; 3225 3226 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code } 3227 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 3228 3229 static struct dlt_choice dlt_choices[] = { 3230 DLT_CHOICE(NULL, "BSD loopback"), 3231 DLT_CHOICE(EN10MB, "Ethernet"), 3232 DLT_CHOICE(IEEE802, "Token ring"), 3233 DLT_CHOICE(ARCNET, "BSD ARCNET"), 3234 DLT_CHOICE(SLIP, "SLIP"), 3235 DLT_CHOICE(PPP, "PPP"), 3236 DLT_CHOICE(FDDI, "FDDI"), 3237 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 3238 DLT_CHOICE(RAW, "Raw IP"), 3239 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"), 3240 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"), 3241 DLT_CHOICE(ATM_CLIP, "Linux Classical IP over ATM"), 3242 DLT_CHOICE(PPP_SERIAL, "PPP over serial"), 3243 DLT_CHOICE(PPP_ETHER, "PPPoE"), 3244 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"), 3245 DLT_CHOICE(C_HDLC, "Cisco HDLC"), 3246 DLT_CHOICE(IEEE802_11, "802.11"), 3247 DLT_CHOICE(FRELAY, "Frame Relay"), 3248 DLT_CHOICE(LOOP, "OpenBSD loopback"), 3249 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"), 3250 DLT_CHOICE(LINUX_SLL, "Linux cooked v1"), 3251 DLT_CHOICE(LTALK, "Localtalk"), 3252 DLT_CHOICE(PFLOG, "OpenBSD pflog file"), 3253 DLT_CHOICE(PFSYNC, "Packet filter state syncing"), 3254 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"), 3255 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 3256 DLT_CHOICE(SUNATM, "Sun raw ATM"), 3257 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"), 3258 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"), 3259 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 3260 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 3261 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"), 3262 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"), 3263 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 3264 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"), 3265 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 3266 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"), 3267 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 3268 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 3269 DLT_CHOICE(MTP2, "SS7 MTP2"), 3270 DLT_CHOICE(MTP3, "SS7 MTP3"), 3271 DLT_CHOICE(SCCP, "SS7 SCCP"), 3272 DLT_CHOICE(DOCSIS, "DOCSIS"), 3273 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"), 3274 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 3275 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 3276 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"), 3277 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"), 3278 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"), 3279 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 3280 DLT_CHOICE(GPRS_LLC, "GPRS LLC"), 3281 DLT_CHOICE(GPF_T, "GPF-T"), 3282 DLT_CHOICE(GPF_F, "GPF-F"), 3283 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"), 3284 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"), 3285 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"), 3286 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"), 3287 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"), 3288 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"), 3289 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"), 3290 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"), 3291 DLT_CHOICE(MFR, "FRF.16 Frame Relay"), 3292 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"), 3293 DLT_CHOICE(A429, "Arinc 429"), 3294 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"), 3295 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"), 3296 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 3297 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 3298 DLT_CHOICE(USB_LINUX, "USB with Linux header"), 3299 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"), 3300 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 3301 DLT_CHOICE(PPI, "Per-Packet Information"), 3302 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 3303 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"), 3304 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"), 3305 DLT_CHOICE(SITA, "SITA pseudo-header"), 3306 DLT_CHOICE(ERF, "Endace ERF header"), 3307 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"), 3308 DLT_CHOICE(IPMB_KONTRON, "IPMB with Kontron pseudo-header"), 3309 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"), 3310 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 3311 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"), 3312 DLT_CHOICE(IPMB_LINUX, "IPMB with Linux/Pigeon Point pseudo-header"), 3313 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 3314 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"), 3315 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"), 3316 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"), 3317 DLT_CHOICE(DECT, "DECT"), 3318 DLT_CHOICE(AOS, "AOS Space Data Link protocol"), 3319 DLT_CHOICE(WIHART, "WirelessHART"), 3320 DLT_CHOICE(FC_2, "Fibre Channel FC-2"), 3321 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 3322 DLT_CHOICE(IPNET, "Solaris ipnet"), 3323 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 3324 DLT_CHOICE(IPV4, "Raw IPv4"), 3325 DLT_CHOICE(IPV6, "Raw IPv6"), 3326 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 3327 DLT_CHOICE(DBUS, "D-Bus"), 3328 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"), 3329 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"), 3330 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 3331 DLT_CHOICE(DVB_CI, "DVB-CI"), 3332 DLT_CHOICE(MUX27010, "MUX27010"), 3333 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"), 3334 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 3335 DLT_CHOICE(NFLOG, "Linux netfilter log messages"), 3336 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 3337 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 3338 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"), 3339 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"), 3340 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"), 3341 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"), 3342 DLT_CHOICE(INFINIBAND, "InfiniBand"), 3343 DLT_CHOICE(SCTP, "SCTP"), 3344 DLT_CHOICE(USBPCAP, "USB with USBPcap header"), 3345 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"), 3346 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"), 3347 DLT_CHOICE(NETLINK, "Linux netlink"), 3348 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"), 3349 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"), 3350 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"), 3351 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"), 3352 DLT_CHOICE(PKTAP, "Apple PKTAP"), 3353 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"), 3354 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"), 3355 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"), 3356 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"), 3357 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"), 3358 DLT_CHOICE(ISO_14443, "ISO 14443 messages"), 3359 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"), 3360 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"), 3361 DLT_CHOICE(OPENFLOW, "OpenBSD OpenFlow"), 3362 DLT_CHOICE(SDLC, "IBM SDLC frames"), 3363 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"), 3364 DLT_CHOICE(VSOCK, "Linux vsock"), 3365 DLT_CHOICE(NORDIC_BLE, "Nordic Semiconductor Bluetooth LE sniffer frames"), 3366 DLT_CHOICE(DOCSIS31_XRA31, "Excentis XRA-31 DOCSIS 3.1 RF sniffer frames"), 3367 DLT_CHOICE(ETHERNET_MPACKET, "802.3br mPackets"), 3368 DLT_CHOICE(DISPLAYPORT_AUX, "DisplayPort AUX channel monitoring data"), 3369 DLT_CHOICE(LINUX_SLL2, "Linux cooked v2"), 3370 DLT_CHOICE(OPENVIZSLA, "OpenVizsla USB"), 3371 DLT_CHOICE(EBHSCR, "Elektrobit High Speed Capture and Replay (EBHSCR)"), 3372 DLT_CHOICE(VPP_DISPATCH, "VPP graph dispatch tracer"), 3373 DLT_CHOICE(DSA_TAG_BRCM, "Broadcom tag"), 3374 DLT_CHOICE(DSA_TAG_BRCM_PREPEND, "Broadcom tag (prepended)"), 3375 DLT_CHOICE(IEEE802_15_4_TAP, "IEEE 802.15.4 with pseudo-header"), 3376 DLT_CHOICE(DSA_TAG_DSA, "Marvell DSA"), 3377 DLT_CHOICE(DSA_TAG_EDSA, "Marvell EDSA"), 3378 DLT_CHOICE(ELEE, "ELEE lawful intercept packets"), 3379 DLT_CHOICE(Z_WAVE_SERIAL, "Z-Wave serial frames between host and chip"), 3380 DLT_CHOICE(USB_2_0, "USB 2.0/1.1/1.0 as transmitted over the cable"), 3381 DLT_CHOICE(ATSC_ALP, "ATSC Link-Layer Protocol packets"), 3382 DLT_CHOICE(ETW, "Event Tracing for Windows messages"), 3383 DLT_CHOICE(NETANALYZER_NG, "Hilscher netANALYZER NG pseudo-footer"), 3384 DLT_CHOICE(ZBOSS_NCP, "ZBOSS NCP protocol with pseudo-header"), 3385 DLT_CHOICE(USB_2_0_LOW_SPEED, "Low-Speed USB 2.0/1.1/1.0 as transmitted over the cable"), 3386 DLT_CHOICE(USB_2_0_FULL_SPEED, "Full-Speed USB 2.0/1.1/1.0 as transmitted over the cable"), 3387 DLT_CHOICE(USB_2_0_HIGH_SPEED, "High-Speed USB 2.0 as transmitted over the cable"), 3388 DLT_CHOICE(AUERSWALD_LOG, "Auerswald Logger Protocol"), 3389 DLT_CHOICE(ZWAVE_TAP, "Z-Wave packets with a TAP meta-data header"), 3390 DLT_CHOICE(SILABS_DEBUG_CHANNEL, "Silicon Labs debug channel protocol"), 3391 DLT_CHOICE(FIRA_UCI, "Ultra-wideband controller interface protocol"), 3392 DLT_CHOICE(MDB, "Multi-Drop Bus"), 3393 DLT_CHOICE(DECT_NR, "DECT New Radio"), 3394 DLT_CHOICE(USER0, "Private use 0"), 3395 DLT_CHOICE(USER1, "Private use 1"), 3396 DLT_CHOICE(USER2, "Private use 2"), 3397 DLT_CHOICE(USER3, "Private use 3"), 3398 DLT_CHOICE(USER4, "Private use 4"), 3399 DLT_CHOICE(USER5, "Private use 5"), 3400 DLT_CHOICE(USER6, "Private use 6"), 3401 DLT_CHOICE(USER7, "Private use 7"), 3402 DLT_CHOICE(USER8, "Private use 8"), 3403 DLT_CHOICE(USER9, "Private use 9"), 3404 DLT_CHOICE(USER10, "Private use 10"), 3405 DLT_CHOICE(USER11, "Private use 11"), 3406 DLT_CHOICE(USER12, "Private use 12"), 3407 DLT_CHOICE(USER13, "Private use 13"), 3408 DLT_CHOICE(USER14, "Private use 14"), 3409 DLT_CHOICE(USER15, "Private use 15"), 3410 DLT_CHOICE(EDK2_MM, "edk2 mm request serialization protocol"), 3411 DLT_CHOICE(DEBUG_ONLY, "unstructured data for manual debugging only"), 3412 DLT_CHOICE_SENTINEL 3413 }; 3414 3415 int 3416 pcap_datalink_name_to_val(const char *name) 3417 { 3418 int i; 3419 3420 for (i = 0; dlt_choices[i].name != NULL; i++) { 3421 if (pcapint_strcasecmp(dlt_choices[i].name, name) == 0) 3422 return (dlt_choices[i].dlt); 3423 } 3424 return (-1); 3425 } 3426 3427 const char * 3428 pcap_datalink_val_to_name(int dlt) 3429 { 3430 int i; 3431 3432 for (i = 0; dlt_choices[i].name != NULL; i++) { 3433 if (dlt_choices[i].dlt == dlt) 3434 return (dlt_choices[i].name); 3435 } 3436 return (NULL); 3437 } 3438 3439 const char * 3440 pcap_datalink_val_to_description(int dlt) 3441 { 3442 int i; 3443 3444 for (i = 0; dlt_choices[i].name != NULL; i++) { 3445 if (dlt_choices[i].dlt == dlt) 3446 return (dlt_choices[i].description); 3447 } 3448 return (NULL); 3449 } 3450 3451 const char * 3452 pcap_datalink_val_to_description_or_dlt(int dlt) 3453 { 3454 static thread_local char unkbuf[40]; 3455 const char *description; 3456 3457 description = pcap_datalink_val_to_description(dlt); 3458 if (description != NULL) { 3459 return description; 3460 } else { 3461 (void)snprintf(unkbuf, sizeof(unkbuf), "DLT %d", dlt); 3462 return unkbuf; 3463 } 3464 } 3465 3466 struct tstamp_type_choice { 3467 const char *name; 3468 const char *description; 3469 int type; 3470 }; 3471 3472 static struct tstamp_type_choice tstamp_type_choices[] = { 3473 { "host", "Host", PCAP_TSTAMP_HOST }, 3474 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 3475 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 3476 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 3477 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 3478 { "host_hiprec_unsynced", "Host, high precision, not synced with system time", PCAP_TSTAMP_HOST_HIPREC_UNSYNCED }, 3479 { NULL, NULL, 0 } 3480 }; 3481 3482 int 3483 pcap_tstamp_type_name_to_val(const char *name) 3484 { 3485 int i; 3486 3487 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3488 if (pcapint_strcasecmp(tstamp_type_choices[i].name, name) == 0) 3489 return (tstamp_type_choices[i].type); 3490 } 3491 return (PCAP_ERROR); 3492 } 3493 3494 const char * 3495 pcap_tstamp_type_val_to_name(int tstamp_type) 3496 { 3497 int i; 3498 3499 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3500 if (tstamp_type_choices[i].type == tstamp_type) 3501 return (tstamp_type_choices[i].name); 3502 } 3503 return (NULL); 3504 } 3505 3506 const char * 3507 pcap_tstamp_type_val_to_description(int tstamp_type) 3508 { 3509 int i; 3510 3511 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3512 if (tstamp_type_choices[i].type == tstamp_type) 3513 return (tstamp_type_choices[i].description); 3514 } 3515 return (NULL); 3516 } 3517 3518 int 3519 pcap_snapshot(pcap_t *p) 3520 { 3521 if (!p->activated) 3522 return (PCAP_ERROR_NOT_ACTIVATED); 3523 return (p->snapshot); 3524 } 3525 3526 int 3527 pcap_is_swapped(pcap_t *p) 3528 { 3529 if (!p->activated) 3530 return (PCAP_ERROR_NOT_ACTIVATED); 3531 return (p->swapped); 3532 } 3533 3534 int 3535 pcap_major_version(pcap_t *p) 3536 { 3537 if (!p->activated) 3538 return (PCAP_ERROR_NOT_ACTIVATED); 3539 return (p->version_major); 3540 } 3541 3542 int 3543 pcap_minor_version(pcap_t *p) 3544 { 3545 if (!p->activated) 3546 return (PCAP_ERROR_NOT_ACTIVATED); 3547 return (p->version_minor); 3548 } 3549 3550 int 3551 pcap_bufsize(pcap_t *p) 3552 { 3553 if (!p->activated) 3554 return (PCAP_ERROR_NOT_ACTIVATED); 3555 return (p->bufsize); 3556 } 3557 3558 FILE * 3559 pcap_file(pcap_t *p) 3560 { 3561 return (p->rfile); 3562 } 3563 3564 #ifdef _WIN32 3565 int 3566 pcap_fileno(pcap_t *p) 3567 { 3568 if (p->handle != INVALID_HANDLE_VALUE) { 3569 /* 3570 * This is a bogus and now-deprecated API; we 3571 * squelch the narrowing warning for the cast 3572 * from HANDLE to intptr_t. If Windows programmers 3573 * need to get at the HANDLE for a pcap_t, *if* 3574 * there is one, they should request such a 3575 * routine (and be prepared for it to return 3576 * INVALID_HANDLE_VALUE). 3577 */ 3578 DIAG_OFF_NARROWING 3579 return ((int)(intptr_t)p->handle); 3580 DIAG_ON_NARROWING 3581 } else 3582 return (PCAP_ERROR); 3583 } 3584 #else /* _WIN32 */ 3585 int 3586 pcap_fileno(pcap_t *p) 3587 { 3588 return (p->fd); 3589 } 3590 #endif /* _WIN32 */ 3591 3592 #if !defined(_WIN32) && !defined(MSDOS) 3593 int 3594 pcap_get_selectable_fd(pcap_t *p) 3595 { 3596 return (p->selectable_fd); 3597 } 3598 3599 const struct timeval * 3600 pcap_get_required_select_timeout(pcap_t *p) 3601 { 3602 return (p->required_select_timeout); 3603 } 3604 #endif 3605 3606 void 3607 pcap_perror(pcap_t *p, const char *prefix) 3608 { 3609 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 3610 } 3611 3612 char * 3613 pcap_geterr(pcap_t *p) 3614 { 3615 return (p->errbuf); 3616 } 3617 3618 int 3619 pcap_getnonblock(pcap_t *p, char *errbuf) 3620 { 3621 int ret; 3622 3623 ret = p->getnonblock_op(p); 3624 if (ret == -1) { 3625 /* 3626 * The get nonblock operation sets p->errbuf; this 3627 * function *shouldn't* have had a separate errbuf 3628 * argument, as it didn't need one, but I goofed 3629 * when adding it. 3630 * 3631 * We copy the error message to errbuf, so callers 3632 * can find it in either place. 3633 */ 3634 pcapint_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3635 } 3636 return (ret); 3637 } 3638 3639 /* 3640 * Get the current non-blocking mode setting, under the assumption that 3641 * it's just the standard POSIX non-blocking flag. 3642 */ 3643 #if !defined(_WIN32) && !defined(MSDOS) 3644 int 3645 pcapint_getnonblock_fd(pcap_t *p) 3646 { 3647 int fdflags; 3648 3649 fdflags = fcntl(p->fd, F_GETFL, 0); 3650 if (fdflags == -1) { 3651 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3652 errno, "F_GETFL"); 3653 return (-1); 3654 } 3655 if (fdflags & O_NONBLOCK) 3656 return (1); 3657 else 3658 return (0); 3659 } 3660 #endif 3661 3662 int 3663 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 3664 { 3665 int ret; 3666 3667 ret = p->setnonblock_op(p, nonblock); 3668 if (ret == -1) { 3669 /* 3670 * The set nonblock operation sets p->errbuf; this 3671 * function *shouldn't* have had a separate errbuf 3672 * argument, as it didn't need one, but I goofed 3673 * when adding it. 3674 * 3675 * We copy the error message to errbuf, so callers 3676 * can find it in either place. 3677 */ 3678 pcapint_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3679 } 3680 return (ret); 3681 } 3682 3683 #if !defined(_WIN32) && !defined(MSDOS) 3684 /* 3685 * Set non-blocking mode, under the assumption that it's just the 3686 * standard POSIX non-blocking flag. (This can be called by the 3687 * per-platform non-blocking-mode routine if that routine also 3688 * needs to do some additional work.) 3689 */ 3690 int 3691 pcapint_setnonblock_fd(pcap_t *p, int nonblock) 3692 { 3693 int fdflags; 3694 3695 fdflags = fcntl(p->fd, F_GETFL, 0); 3696 if (fdflags == -1) { 3697 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3698 errno, "F_GETFL"); 3699 return (-1); 3700 } 3701 if (nonblock) 3702 fdflags |= O_NONBLOCK; 3703 else 3704 fdflags &= ~O_NONBLOCK; 3705 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 3706 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3707 errno, "F_SETFL"); 3708 return (-1); 3709 } 3710 return (0); 3711 } 3712 #endif 3713 3714 /* 3715 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 3716 */ 3717 const char * 3718 pcap_statustostr(int errnum) 3719 { 3720 static thread_local char ebuf[15+10+1]; 3721 3722 switch (errnum) { 3723 3724 case PCAP_WARNING: 3725 return("Generic warning"); 3726 3727 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 3728 return ("That type of time stamp is not supported by that device"); 3729 3730 case PCAP_WARNING_PROMISC_NOTSUP: 3731 return ("That device doesn't support promiscuous mode"); 3732 3733 case PCAP_ERROR: 3734 return("Generic error"); 3735 3736 case PCAP_ERROR_BREAK: 3737 return("Loop terminated by pcap_breakloop"); 3738 3739 case PCAP_ERROR_NOT_ACTIVATED: 3740 return("The pcap_t has not been activated"); 3741 3742 case PCAP_ERROR_ACTIVATED: 3743 return ("The setting can't be changed after the pcap_t is activated"); 3744 3745 case PCAP_ERROR_NO_SUCH_DEVICE: 3746 return ("No such device exists"); 3747 3748 case PCAP_ERROR_RFMON_NOTSUP: 3749 return ("That device doesn't support monitor mode"); 3750 3751 case PCAP_ERROR_NOT_RFMON: 3752 return ("That operation is supported only in monitor mode"); 3753 3754 case PCAP_ERROR_PERM_DENIED: 3755 return ("You don't have permission to perform this capture on that device"); 3756 3757 case PCAP_ERROR_IFACE_NOT_UP: 3758 return ("That device is not up"); 3759 3760 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 3761 return ("That device doesn't support setting the time stamp type"); 3762 3763 case PCAP_ERROR_PROMISC_PERM_DENIED: 3764 return ("You don't have permission to capture in promiscuous mode on that device"); 3765 3766 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP: 3767 return ("That device doesn't support that time stamp precision"); 3768 3769 case PCAP_ERROR_CAPTURE_NOTSUP: 3770 return ("Packet capture is not supported on that device"); 3771 } 3772 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 3773 return(ebuf); 3774 } 3775 3776 /* 3777 * A long time ago the purpose of this function was to hide the difference 3778 * between those Unix-like OSes that implemented strerror() and those that 3779 * didn't. All the currently supported OSes implement strerror(), which is in 3780 * POSIX.1-2001, uniformly and that particular problem no longer exists. But 3781 * now they implement a few incompatible thread-safe variants of strerror(), 3782 * and hiding that difference is the current purpose of this function. 3783 */ 3784 const char * 3785 pcap_strerror(int errnum) 3786 { 3787 #ifdef _WIN32 3788 static thread_local char errbuf[PCAP_ERRBUF_SIZE]; 3789 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum); 3790 3791 if (err != 0) /* err = 0 if successful */ 3792 pcapint_strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE); 3793 return (errbuf); 3794 #elif defined(HAVE_GNU_STRERROR_R) 3795 /* 3796 * We have a GNU-style strerror_r(), which is *not* guaranteed to 3797 * do anything to the buffer handed to it, and which returns a 3798 * pointer to the error string, which may or may not be in 3799 * the buffer. 3800 * 3801 * It is, however, guaranteed to succeed. 3802 * 3803 * At the time of this writing this applies to the following cases, 3804 * each of which allows to use either the GNU implementation or the 3805 * POSIX implementation, and this source tree defines _GNU_SOURCE to 3806 * use the GNU implementation: 3807 * - Hurd 3808 * - Linux with GNU libc 3809 * - Linux with uClibc-ng 3810 */ 3811 static thread_local char errbuf[PCAP_ERRBUF_SIZE]; 3812 return strerror_r(errnum, errbuf, PCAP_ERRBUF_SIZE); 3813 #elif defined(HAVE_POSIX_STRERROR_R) 3814 /* 3815 * We have a POSIX-style strerror_r(), which is guaranteed to fill 3816 * in the buffer, but is not guaranteed to succeed. 3817 * 3818 * At the time of this writing this applies to the following cases: 3819 * - AIX 7 3820 * - FreeBSD 3821 * - Haiku 3822 * - HP-UX 11 3823 * - illumos 3824 * - Linux with musl libc 3825 * - macOS 3826 * - NetBSD 3827 * - OpenBSD 3828 * - Solaris 10 & 11 3829 */ 3830 static thread_local char errbuf[PCAP_ERRBUF_SIZE]; 3831 int err = strerror_r(errnum, errbuf, PCAP_ERRBUF_SIZE); 3832 switch (err) { 3833 case 0: 3834 /* That worked. */ 3835 break; 3836 3837 case EINVAL: 3838 /* 3839 * UNIX 03 says this isn't guaranteed to produce a 3840 * fallback error message. 3841 */ 3842 snprintf(errbuf, PCAP_ERRBUF_SIZE, 3843 "Unknown error: %d", errnum); 3844 break; 3845 case ERANGE: 3846 /* 3847 * UNIX 03 says this isn't guaranteed to produce a 3848 * fallback error message. 3849 */ 3850 snprintf(errbuf, PCAP_ERRBUF_SIZE, 3851 "Message for error %d is too long", errnum); 3852 break; 3853 default: 3854 snprintf(errbuf, PCAP_ERRBUF_SIZE, 3855 "strerror_r(%d, ...) unexpectedly returned %d", 3856 errnum, err); 3857 } 3858 return errbuf; 3859 #else 3860 /* 3861 * At the time of this writing every supported OS implements strerror() 3862 * and at least one thread-safe variant thereof, so this is a very 3863 * unlikely last-resort branch. Particular implementations of strerror() 3864 * may be thread-safe, but this is neither required nor guaranteed. 3865 */ 3866 return (strerror(errnum)); 3867 #endif /* _WIN32 */ 3868 } 3869 3870 int 3871 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 3872 { 3873 return (p->setfilter_op(p, fp)); 3874 } 3875 3876 /* 3877 * Set direction flag, which controls whether we accept only incoming 3878 * packets, only outgoing packets, or both. 3879 * Note that, depending on the platform, some or all direction arguments 3880 * might not be supported. 3881 */ 3882 int 3883 pcap_setdirection(pcap_t *p, pcap_direction_t d) 3884 { 3885 if (p->setdirection_op == NULL) { 3886 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3887 "Setting direction is not supported on this device"); 3888 return (-1); 3889 } else { 3890 switch (d) { 3891 3892 case PCAP_D_IN: 3893 case PCAP_D_OUT: 3894 case PCAP_D_INOUT: 3895 /* 3896 * Valid direction. 3897 */ 3898 return (p->setdirection_op(p, d)); 3899 3900 default: 3901 /* 3902 * Invalid direction. 3903 */ 3904 snprintf(p->errbuf, sizeof(p->errbuf), 3905 "Invalid direction"); 3906 return (-1); 3907 } 3908 } 3909 } 3910 3911 int 3912 pcap_stats(pcap_t *p, struct pcap_stat *ps) 3913 { 3914 return (p->stats_op(p, ps)); 3915 } 3916 3917 #ifdef _WIN32 3918 struct pcap_stat * 3919 pcap_stats_ex(pcap_t *p, int *pcap_stat_size) 3920 { 3921 return (p->stats_ex_op(p, pcap_stat_size)); 3922 } 3923 3924 int 3925 pcap_setbuff(pcap_t *p, int dim) 3926 { 3927 return (p->setbuff_op(p, dim)); 3928 } 3929 3930 int 3931 pcap_setmode(pcap_t *p, int mode) 3932 { 3933 return (p->setmode_op(p, mode)); 3934 } 3935 3936 int 3937 pcap_setmintocopy(pcap_t *p, int size) 3938 { 3939 return (p->setmintocopy_op(p, size)); 3940 } 3941 3942 HANDLE 3943 pcap_getevent(pcap_t *p) 3944 { 3945 return (p->getevent_op(p)); 3946 } 3947 3948 int 3949 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp) 3950 { 3951 return (p->oid_get_request_op(p, oid, data, lenp)); 3952 } 3953 3954 int 3955 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp) 3956 { 3957 return (p->oid_set_request_op(p, oid, data, lenp)); 3958 } 3959 3960 pcap_send_queue * 3961 pcap_sendqueue_alloc(u_int memsize) 3962 { 3963 pcap_send_queue *tqueue; 3964 3965 /* Allocate the queue */ 3966 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue)); 3967 if (tqueue == NULL){ 3968 return (NULL); 3969 } 3970 3971 /* Allocate the buffer */ 3972 tqueue->buffer = (char *)malloc(memsize); 3973 if (tqueue->buffer == NULL) { 3974 free(tqueue); 3975 return (NULL); 3976 } 3977 3978 tqueue->maxlen = memsize; 3979 tqueue->len = 0; 3980 3981 return (tqueue); 3982 } 3983 3984 void 3985 pcap_sendqueue_destroy(pcap_send_queue *queue) 3986 { 3987 free(queue->buffer); 3988 free(queue); 3989 } 3990 3991 int 3992 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 3993 { 3994 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){ 3995 return (-1); 3996 } 3997 3998 /* Copy the pcap_pkthdr header*/ 3999 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr)); 4000 queue->len += sizeof(struct pcap_pkthdr); 4001 4002 /* copy the packet */ 4003 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen); 4004 queue->len += pkt_header->caplen; 4005 4006 return (0); 4007 } 4008 4009 u_int 4010 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync) 4011 { 4012 return (p->sendqueue_transmit_op(p, queue, sync)); 4013 } 4014 4015 int 4016 pcap_setuserbuffer(pcap_t *p, int size) 4017 { 4018 return (p->setuserbuffer_op(p, size)); 4019 } 4020 4021 int 4022 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks) 4023 { 4024 return (p->live_dump_op(p, filename, maxsize, maxpacks)); 4025 } 4026 4027 int 4028 pcap_live_dump_ended(pcap_t *p, int sync) 4029 { 4030 return (p->live_dump_ended_op(p, sync)); 4031 } 4032 4033 PAirpcapHandle 4034 pcap_get_airpcap_handle(pcap_t *p) 4035 { 4036 PAirpcapHandle handle; 4037 4038 handle = p->get_airpcap_handle_op(p); 4039 if (handle == NULL) { 4040 (void)snprintf(p->errbuf, sizeof(p->errbuf), 4041 "This isn't an AirPcap device"); 4042 } 4043 return (handle); 4044 } 4045 #endif 4046 4047 /* 4048 * On some platforms, we need to clean up promiscuous or monitor mode 4049 * when we close a device - and we want that to happen even if the 4050 * application just exits without explicitly closing devices. 4051 * On those platforms, we need to register a "close all the pcaps" 4052 * routine to be called when we exit, and need to maintain a list of 4053 * pcaps that need to be closed to clean up modes. 4054 * 4055 * XXX - not thread-safe. 4056 */ 4057 4058 /* 4059 * List of pcaps on which we've done something that needs to be 4060 * cleaned up. 4061 * If there are any such pcaps, we arrange to call "pcap_close_all()" 4062 * when we exit, and have it close all of them. 4063 */ 4064 static struct pcap *pcaps_to_close; 4065 4066 /* 4067 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 4068 * be called on exit. 4069 */ 4070 static int did_atexit; 4071 4072 static void 4073 pcap_close_all(void) 4074 { 4075 struct pcap *handle; 4076 4077 while ((handle = pcaps_to_close) != NULL) { 4078 pcap_close(handle); 4079 4080 /* 4081 * If a pcap module adds a pcap_t to the "close all" 4082 * list by calling pcapint_add_to_pcaps_to_close(), it 4083 * must have a cleanup routine that removes it from the 4084 * list, by calling pcapint_remove_from_pcaps_to_close(), 4085 * and must make that cleanup routine the cleanup_op 4086 * for the pcap_t. 4087 * 4088 * That means that, after pcap_close() - which calls 4089 * the cleanup_op for the pcap_t - the pcap_t must 4090 * have been removed from the list, so pcaps_to_close 4091 * must not be equal to handle. 4092 * 4093 * We check for that, and abort if handle is still 4094 * at the head of the list, to prevent infinite loops. 4095 */ 4096 if (pcaps_to_close == handle) 4097 abort(); 4098 } 4099 } 4100 4101 int 4102 pcapint_do_addexit(pcap_t *p) 4103 { 4104 /* 4105 * If we haven't already done so, arrange to have 4106 * "pcap_close_all()" called when we exit. 4107 */ 4108 if (!did_atexit) { 4109 if (atexit(pcap_close_all) != 0) { 4110 /* 4111 * "atexit()" failed; let our caller know. 4112 */ 4113 pcapint_strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE); 4114 return (0); 4115 } 4116 did_atexit = 1; 4117 } 4118 return (1); 4119 } 4120 4121 void 4122 pcapint_add_to_pcaps_to_close(pcap_t *p) 4123 { 4124 p->next = pcaps_to_close; 4125 pcaps_to_close = p; 4126 } 4127 4128 void 4129 pcapint_remove_from_pcaps_to_close(pcap_t *p) 4130 { 4131 pcap_t *pc, *prevpc; 4132 4133 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 4134 prevpc = pc, pc = pc->next) { 4135 if (pc == p) { 4136 /* 4137 * Found it. Remove it from the list. 4138 */ 4139 if (prevpc == NULL) { 4140 /* 4141 * It was at the head of the list. 4142 */ 4143 pcaps_to_close = pc->next; 4144 } else { 4145 /* 4146 * It was in the middle of the list. 4147 */ 4148 prevpc->next = pc->next; 4149 } 4150 break; 4151 } 4152 } 4153 } 4154 4155 void 4156 pcapint_breakloop_common(pcap_t *p) 4157 { 4158 p->break_loop = 1; 4159 } 4160 4161 4162 void 4163 pcapint_cleanup_live_common(pcap_t *p) 4164 { 4165 if (p->opt.device != NULL) { 4166 free(p->opt.device); 4167 p->opt.device = NULL; 4168 } 4169 if (p->buffer != NULL) { 4170 free(p->buffer); 4171 p->buffer = NULL; 4172 } 4173 if (p->dlt_list != NULL) { 4174 free(p->dlt_list); 4175 p->dlt_list = NULL; 4176 p->dlt_count = 0; 4177 } 4178 if (p->tstamp_type_list != NULL) { 4179 free(p->tstamp_type_list); 4180 p->tstamp_type_list = NULL; 4181 p->tstamp_type_count = 0; 4182 } 4183 if (p->tstamp_precision_list != NULL) { 4184 free(p->tstamp_precision_list); 4185 p->tstamp_precision_list = NULL; 4186 p->tstamp_precision_count = 0; 4187 } 4188 pcap_freecode(&p->fcode); 4189 #if !defined(_WIN32) && !defined(MSDOS) 4190 if (p->fd >= 0) { 4191 close(p->fd); 4192 p->fd = -1; 4193 } 4194 p->selectable_fd = -1; 4195 #endif 4196 } 4197 4198 /* 4199 * API compatible with WinPcap's "send a packet" routine - returns -1 4200 * on error, 0 otherwise. 4201 * 4202 * XXX - what if we get a short write? 4203 */ 4204 int 4205 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 4206 { 4207 if (size <= 0) { 4208 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4209 errno, "The number of bytes to be sent must be positive"); 4210 return (PCAP_ERROR); 4211 } 4212 4213 if (p->inject_op(p, buf, size) == -1) 4214 return (-1); 4215 return (0); 4216 } 4217 4218 /* 4219 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 4220 * error, number of bytes written otherwise. 4221 */ 4222 int 4223 pcap_inject(pcap_t *p, const void *buf, size_t size) 4224 { 4225 /* 4226 * We return the number of bytes written, so the number of 4227 * bytes to write must fit in an int. 4228 */ 4229 if (size > INT_MAX) { 4230 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4231 errno, "More than %d bytes cannot be injected", INT_MAX); 4232 return (PCAP_ERROR); 4233 } 4234 4235 if (size == 0) { 4236 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4237 errno, "The number of bytes to be injected must not be zero"); 4238 return (PCAP_ERROR); 4239 } 4240 4241 return (p->inject_op(p, buf, (int)size)); 4242 } 4243 4244 void 4245 pcap_close(pcap_t *p) 4246 { 4247 p->cleanup_op(p); 4248 free(p); 4249 } 4250 4251 /* 4252 * Helpers for safely loading code at run time. 4253 * Currently Windows-only. 4254 */ 4255 #ifdef _WIN32 4256 // 4257 // This wrapper around loadlibrary appends the system folder (usually 4258 // C:\Windows\System32) to the relative path of the DLL, so that the DLL 4259 // is always loaded from an absolute path (it's no longer possible to 4260 // load modules from the application folder). 4261 // This solves the DLL Hijacking issue discovered in August 2010: 4262 // 4263 // https://blog.rapid7.com/2010/08/23/exploiting-dll-hijacking-flaws/ 4264 // https://blog.rapid7.com/2010/08/23/application-dll-load-hijacking/ 4265 // (the purported Rapid7 blog post link in the first of those two links 4266 // is broken; the second of those links works.) 4267 // 4268 // If any links there are broken from all the content shuffling Rapid& 4269 // did, see archived versions of the posts at their original homes, at 4270 // 4271 // https://web.archive.org/web/20110122175058/http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html 4272 // https://web.archive.org/web/20100828112111/http://blog.rapid7.com/?p=5325 4273 // 4274 pcap_code_handle_t 4275 pcapint_load_code(const char *name) 4276 { 4277 /* 4278 * XXX - should this work in UTF-16LE rather than in the local 4279 * ANSI code page? 4280 */ 4281 CHAR path[MAX_PATH]; 4282 CHAR fullFileName[MAX_PATH]; 4283 UINT res; 4284 HMODULE hModule = NULL; 4285 4286 do 4287 { 4288 res = GetSystemDirectoryA(path, MAX_PATH); 4289 4290 if (res == 0) { 4291 // 4292 // some bad failure occurred; 4293 // 4294 break; 4295 } 4296 4297 if (res > MAX_PATH) { 4298 // 4299 // the buffer was not big enough 4300 // 4301 SetLastError(ERROR_INSUFFICIENT_BUFFER); 4302 break; 4303 } 4304 4305 if (res + 1 + strlen(name) + 1 < MAX_PATH) { 4306 memcpy(fullFileName, path, res * sizeof(TCHAR)); 4307 fullFileName[res] = '\\'; 4308 memcpy(&fullFileName[res + 1], name, (strlen(name) + 1) * sizeof(TCHAR)); 4309 4310 hModule = LoadLibraryA(fullFileName); 4311 } else 4312 SetLastError(ERROR_INSUFFICIENT_BUFFER); 4313 4314 } while(FALSE); 4315 4316 return hModule; 4317 } 4318 4319 /* 4320 * Casting from FARPROC, which is the type of the return value of 4321 * GetProcAddress(), to a function pointer gets a C4191 warning 4322 * from Visual Studio 2022. 4323 * 4324 * Casting FARPROC to void * and returning the result, and then 4325 * casting the void * to a function pointer, doesn't get the 4326 * same warning. 4327 * 4328 * Given that, and given that the equivalent UN*X API, dlsym(), 4329 * returns a void *, we have pcapint_find_function() return 4330 * a void *. 4331 */ 4332 void * 4333 pcapint_find_function(pcap_code_handle_t code, const char *func) 4334 { 4335 return ((void *)GetProcAddress(code, func)); 4336 } 4337 #endif 4338 4339 /* 4340 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 4341 * data for the packet, check whether the packet passes the filter. 4342 * Returns the return value of the filter program, which will be zero if 4343 * the packet doesn't pass and non-zero if the packet does pass. 4344 */ 4345 int 4346 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 4347 const u_char *pkt) 4348 { 4349 const struct bpf_insn *fcode = fp->bf_insns; 4350 4351 if (fcode != NULL) 4352 return (pcapint_filter(fcode, pkt, h->len, h->caplen)); 4353 else 4354 return (0); 4355 } 4356 4357 static int 4358 pcap_can_set_rfmon_dead(pcap_t *p) 4359 { 4360 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4361 "Rfmon mode doesn't apply on a pcap_open_dead pcap_t"); 4362 return (PCAP_ERROR); 4363 } 4364 4365 static int 4366 pcap_read_dead(pcap_t *p, int cnt _U_, pcap_handler callback _U_, 4367 u_char *user _U_) 4368 { 4369 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4370 "Packets aren't available from a pcap_open_dead pcap_t"); 4371 return (-1); 4372 } 4373 4374 static void 4375 pcap_breakloop_dead(pcap_t *p _U_) 4376 { 4377 /* 4378 * A "dead" pcap_t is just a placeholder to use in order to 4379 * compile a filter to BPF code or to open a savefile for 4380 * writing. It doesn't support any operations, including 4381 * capturing or reading packets, so there will never be a 4382 * get-packets loop in progress to break out *of*. 4383 * 4384 * As such, this routine doesn't need to do anything. 4385 */ 4386 } 4387 4388 static int 4389 pcap_inject_dead(pcap_t *p, const void *buf _U_, int size _U_) 4390 { 4391 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4392 "Packets can't be sent on a pcap_open_dead pcap_t"); 4393 return (-1); 4394 } 4395 4396 static int 4397 pcap_setfilter_dead(pcap_t *p, struct bpf_program *fp _U_) 4398 { 4399 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4400 "A filter cannot be set on a pcap_open_dead pcap_t"); 4401 return (-1); 4402 } 4403 4404 static int 4405 pcap_setdirection_dead(pcap_t *p, pcap_direction_t d _U_) 4406 { 4407 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4408 "The packet direction cannot be set on a pcap_open_dead pcap_t"); 4409 return (-1); 4410 } 4411 4412 static int 4413 pcap_set_datalink_dead(pcap_t *p, int dlt _U_) 4414 { 4415 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4416 "The link-layer header type cannot be set on a pcap_open_dead pcap_t"); 4417 return (-1); 4418 } 4419 4420 static int 4421 pcap_getnonblock_dead(pcap_t *p) 4422 { 4423 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4424 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 4425 return (-1); 4426 } 4427 4428 static int 4429 pcap_setnonblock_dead(pcap_t *p, int nonblock _U_) 4430 { 4431 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4432 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 4433 return (-1); 4434 } 4435 4436 static int 4437 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 4438 { 4439 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4440 "Statistics aren't available from a pcap_open_dead pcap_t"); 4441 return (-1); 4442 } 4443 4444 #ifdef _WIN32 4445 static struct pcap_stat * 4446 pcap_stats_ex_dead(pcap_t *p, int *pcap_stat_size _U_) 4447 { 4448 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4449 "Statistics aren't available from a pcap_open_dead pcap_t"); 4450 return (NULL); 4451 } 4452 4453 static int 4454 pcap_setbuff_dead(pcap_t *p, int dim _U_) 4455 { 4456 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4457 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 4458 return (-1); 4459 } 4460 4461 static int 4462 pcap_setmode_dead(pcap_t *p, int mode _U_) 4463 { 4464 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4465 "impossible to set mode on a pcap_open_dead pcap_t"); 4466 return (-1); 4467 } 4468 4469 static int 4470 pcap_setmintocopy_dead(pcap_t *p, int size _U_) 4471 { 4472 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4473 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 4474 return (-1); 4475 } 4476 4477 static HANDLE 4478 pcap_getevent_dead(pcap_t *p) 4479 { 4480 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4481 "A pcap_open_dead pcap_t has no event handle"); 4482 return (INVALID_HANDLE_VALUE); 4483 } 4484 4485 static int 4486 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, 4487 size_t *lenp _U_) 4488 { 4489 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4490 "An OID get request cannot be performed on a pcap_open_dead pcap_t"); 4491 return (PCAP_ERROR); 4492 } 4493 4494 static int 4495 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_, 4496 size_t *lenp _U_) 4497 { 4498 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4499 "An OID set request cannot be performed on a pcap_open_dead pcap_t"); 4500 return (PCAP_ERROR); 4501 } 4502 4503 static u_int 4504 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue _U_, 4505 int sync _U_) 4506 { 4507 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4508 "Packets cannot be transmitted on a pcap_open_dead pcap_t"); 4509 return (0); 4510 } 4511 4512 static int 4513 pcap_setuserbuffer_dead(pcap_t *p, int size _U_) 4514 { 4515 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4516 "The user buffer cannot be set on a pcap_open_dead pcap_t"); 4517 return (-1); 4518 } 4519 4520 static int 4521 pcap_live_dump_dead(pcap_t *p, char *filename _U_, int maxsize _U_, 4522 int maxpacks _U_) 4523 { 4524 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4525 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 4526 return (-1); 4527 } 4528 4529 static int 4530 pcap_live_dump_ended_dead(pcap_t *p, int sync _U_) 4531 { 4532 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4533 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 4534 return (-1); 4535 } 4536 4537 static PAirpcapHandle 4538 pcap_get_airpcap_handle_dead(pcap_t *p _U_) 4539 { 4540 return (NULL); 4541 } 4542 #endif /* _WIN32 */ 4543 4544 static void 4545 pcap_cleanup_dead(pcap_t *p _U_) 4546 { 4547 /* Nothing to do. */ 4548 } 4549 4550 pcap_t * 4551 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) 4552 { 4553 pcap_t *p; 4554 4555 switch (precision) { 4556 4557 case PCAP_TSTAMP_PRECISION_MICRO: 4558 case PCAP_TSTAMP_PRECISION_NANO: 4559 break; 4560 4561 default: 4562 /* 4563 * This doesn't really matter, but we don't have any way 4564 * to report particular errors, so the only failure we 4565 * should have is a memory allocation failure. Just 4566 * pick microsecond precision. 4567 */ 4568 precision = PCAP_TSTAMP_PRECISION_MICRO; 4569 break; 4570 } 4571 p = malloc(sizeof(*p)); 4572 if (p == NULL) 4573 return NULL; 4574 memset (p, 0, sizeof(*p)); 4575 p->snapshot = snaplen; 4576 p->linktype = linktype; 4577 p->opt.tstamp_precision = precision; 4578 p->can_set_rfmon_op = pcap_can_set_rfmon_dead; 4579 p->read_op = pcap_read_dead; 4580 p->inject_op = pcap_inject_dead; 4581 p->setfilter_op = pcap_setfilter_dead; 4582 p->setdirection_op = pcap_setdirection_dead; 4583 p->set_datalink_op = pcap_set_datalink_dead; 4584 p->getnonblock_op = pcap_getnonblock_dead; 4585 p->setnonblock_op = pcap_setnonblock_dead; 4586 p->stats_op = pcap_stats_dead; 4587 #ifdef _WIN32 4588 p->stats_ex_op = pcap_stats_ex_dead; 4589 p->setbuff_op = pcap_setbuff_dead; 4590 p->setmode_op = pcap_setmode_dead; 4591 p->setmintocopy_op = pcap_setmintocopy_dead; 4592 p->getevent_op = pcap_getevent_dead; 4593 p->oid_get_request_op = pcap_oid_get_request_dead; 4594 p->oid_set_request_op = pcap_oid_set_request_dead; 4595 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead; 4596 p->setuserbuffer_op = pcap_setuserbuffer_dead; 4597 p->live_dump_op = pcap_live_dump_dead; 4598 p->live_dump_ended_op = pcap_live_dump_ended_dead; 4599 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead; 4600 #endif 4601 p->breakloop_op = pcap_breakloop_dead; 4602 p->cleanup_op = pcap_cleanup_dead; 4603 4604 /* 4605 * A "dead" pcap_t never requires special BPF code generation. 4606 */ 4607 p->bpf_codegen_flags = 0; 4608 4609 p->activated = 1; 4610 return (p); 4611 } 4612 4613 pcap_t * 4614 pcap_open_dead(int linktype, int snaplen) 4615 { 4616 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen, 4617 PCAP_TSTAMP_PRECISION_MICRO)); 4618 } 4619 4620 #ifdef YYDEBUG 4621 /* 4622 * Set the internal "debug printout" flag for the filter expression parser. 4623 * The code to print that stuff is present only if YYDEBUG is defined, so 4624 * the flag, and the routine to set it, are defined only if YYDEBUG is 4625 * defined. 4626 * 4627 * This is intended for libpcap developers, not for general use. 4628 * If you want to set these in a program, you'll have to declare this 4629 * routine yourself, with the appropriate DLL import attribute on Windows; 4630 * it's not declared in any header file, and won't be declared in any 4631 * header file provided by libpcap. 4632 */ 4633 PCAP_API void pcap_set_parser_debug(int value); 4634 4635 PCAP_API_DEF void 4636 pcap_set_parser_debug(int value) 4637 { 4638 pcap_debug = value; 4639 } 4640 #endif 4641