1 /* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifndef lint 35 static const char rcsid[] _U_ = 36 "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)"; 37 #endif 38 39 #ifdef HAVE_CONFIG_H 40 #include "config.h" 41 #endif 42 43 #ifdef WIN32 44 #include <pcap-stdinc.h> 45 #else /* WIN32 */ 46 #if HAVE_INTTYPES_H 47 #include <inttypes.h> 48 #elif HAVE_STDINT_H 49 #include <stdint.h> 50 #endif 51 #ifdef HAVE_SYS_BITYPES_H 52 #include <sys/bitypes.h> 53 #endif 54 #include <sys/types.h> 55 #include <sys/mman.h> 56 #endif /* WIN32 */ 57 58 #include <stdio.h> 59 #include <stdlib.h> 60 #include <string.h> 61 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 62 #include <unistd.h> 63 #endif 64 #include <fcntl.h> 65 #include <errno.h> 66 67 #ifdef HAVE_OS_PROTO_H 68 #include "os-proto.h" 69 #endif 70 71 #ifdef MSDOS 72 #include "pcap-dos.h" 73 #endif 74 75 #include "pcap-int.h" 76 77 #ifdef HAVE_DAG_API 78 #include "pcap-dag.h" 79 #endif /* HAVE_DAG_API */ 80 81 #ifdef HAVE_SEPTEL_API 82 #include "pcap-septel.h" 83 #endif /* HAVE_SEPTEL_API */ 84 85 #ifdef HAVE_SNF_API 86 #include "pcap-snf.h" 87 #endif /* HAVE_SNF_API */ 88 89 #ifdef PCAP_SUPPORT_USB 90 #include "pcap-usb-linux.h" 91 #endif 92 93 #ifdef PCAP_SUPPORT_BT 94 #include "pcap-bt-linux.h" 95 #endif 96 97 #ifdef PCAP_SUPPORT_CAN 98 #include "pcap-can-linux.h" 99 #endif 100 101 #ifdef PCAP_SUPPORT_CANUSB 102 #include "pcap-canusb-linux.h" 103 #endif 104 105 #ifdef PCAP_SUPPORT_NETFILTER 106 #include "pcap-netfilter-linux.h" 107 #endif 108 109 #ifdef PCAP_SUPPORT_NETMAP 110 pcap_t* pcap_netmap_create(const char *device, char *ebuf, int *is_ours); 111 #endif 112 113 int 114 pcap_not_initialized(pcap_t *pcap) 115 { 116 /* this means 'not initialized' */ 117 return (PCAP_ERROR_NOT_ACTIVATED); 118 } 119 120 /* 121 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 122 * a PCAP_ERROR value on an error. 123 */ 124 int 125 pcap_can_set_rfmon(pcap_t *p) 126 { 127 return (p->can_set_rfmon_op(p)); 128 } 129 130 /* 131 * For systems where rfmon mode is never supported. 132 */ 133 static int 134 pcap_cant_set_rfmon(pcap_t *p _U_) 135 { 136 return (0); 137 } 138 139 /* 140 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 141 * types; the return value is the number of supported time stamp types. 142 * The list should be freed by a call to pcap_free_tstamp_types() when 143 * you're done with it. 144 * 145 * A return value of 0 means "you don't get a choice of time stamp type", 146 * in which case *tstamp_typesp is set to null. 147 * 148 * PCAP_ERROR is returned on error. 149 */ 150 int 151 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 152 { 153 if (p->tstamp_type_count == 0) { 154 /* 155 * We don't support multiple time stamp types. 156 */ 157 *tstamp_typesp = NULL; 158 } else { 159 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 160 p->tstamp_type_count); 161 if (*tstamp_typesp == NULL) { 162 (void)snprintf(p->errbuf, sizeof(p->errbuf), 163 "malloc: %s", pcap_strerror(errno)); 164 return (PCAP_ERROR); 165 } 166 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 167 sizeof(**tstamp_typesp) * p->tstamp_type_count); 168 } 169 return (p->tstamp_type_count); 170 } 171 172 /* 173 * In Windows, you might have a library built with one version of the 174 * C runtime library and an application built with another version of 175 * the C runtime library, which means that the library might use one 176 * version of malloc() and free() and the application might use another 177 * version of malloc() and free(). If so, that means something 178 * allocated by the library cannot be freed by the application, so we 179 * need to have a pcap_free_tstamp_types() routine to free up the list 180 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 181 * around free(). 182 */ 183 void 184 pcap_free_tstamp_types(int *tstamp_type_list) 185 { 186 free(tstamp_type_list); 187 } 188 189 /* 190 * Default one-shot callback; overridden for capture types where the 191 * packet data cannot be guaranteed to be available after the callback 192 * returns, so that a copy must be made. 193 */ 194 static void 195 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 196 { 197 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 198 199 *sp->hdr = *h; 200 *sp->pkt = pkt; 201 } 202 203 const u_char * 204 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 205 { 206 struct oneshot_userdata s; 207 const u_char *pkt; 208 209 s.hdr = h; 210 s.pkt = &pkt; 211 s.pd = p; 212 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 213 return (0); 214 return (pkt); 215 } 216 217 int 218 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 219 const u_char **pkt_data) 220 { 221 struct oneshot_userdata s; 222 223 s.hdr = &p->pcap_header; 224 s.pkt = pkt_data; 225 s.pd = p; 226 227 /* Saves a pointer to the packet headers */ 228 *pkt_header= &p->pcap_header; 229 230 if (p->sf.rfile != NULL) { 231 int status; 232 233 /* We are on an offline capture */ 234 status = pcap_offline_read(p, 1, p->oneshot_callback, 235 (u_char *)&s); 236 237 /* 238 * Return codes for pcap_offline_read() are: 239 * - 0: EOF 240 * - -1: error 241 * - >1: OK 242 * The first one ('0') conflicts with the return code of 243 * 0 from pcap_read() meaning "no packets arrived before 244 * the timeout expired", so we map it to -2 so you can 245 * distinguish between an EOF from a savefile and a 246 * "no packets arrived before the timeout expired, try 247 * again" from a live capture. 248 */ 249 if (status == 0) 250 return (-2); 251 else 252 return (status); 253 } 254 255 /* 256 * Return codes for pcap_read() are: 257 * - 0: timeout 258 * - -1: error 259 * - -2: loop was broken out of with pcap_breakloop() 260 * - >1: OK 261 * The first one ('0') conflicts with the return code of 0 from 262 * pcap_offline_read() meaning "end of file". 263 */ 264 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 265 } 266 267 #if defined(DAG_ONLY) 268 int 269 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 270 { 271 return (dag_findalldevs(alldevsp, errbuf)); 272 } 273 274 pcap_t * 275 pcap_create(const char *source, char *errbuf) 276 { 277 return (dag_create(source, errbuf)); 278 } 279 #elif defined(SEPTEL_ONLY) 280 int 281 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 282 { 283 return (septel_findalldevs(alldevsp, errbuf)); 284 } 285 286 pcap_t * 287 pcap_create(const char *source, char *errbuf) 288 { 289 return (septel_create(source, errbuf)); 290 } 291 #elif defined(SNF_ONLY) 292 int 293 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 294 { 295 return (snf_findalldevs(alldevsp, errbuf)); 296 } 297 298 pcap_t * 299 pcap_create(const char *source, char *errbuf) 300 { 301 return (snf_create(source, errbuf)); 302 } 303 #else /* regular pcap */ 304 struct capture_source_type { 305 int (*findalldevs_op)(pcap_if_t **, char *); 306 pcap_t *(*create_op)(const char *, char *, int *); 307 } capture_source_types[] = { 308 #ifdef PCAP_SUPPORT_NETMAP 309 { NULL, pcap_netmap_create }, 310 #endif 311 #ifdef HAVE_DAG_API 312 { dag_findalldevs, dag_create }, 313 #endif 314 #ifdef HAVE_SEPTEL_API 315 { septel_findalldevs, septel_create }, 316 #endif 317 #ifdef HAVE_SNF_API 318 { snf_findalldevs, snf_create }, 319 #endif 320 #ifdef PCAP_SUPPORT_BT 321 { bt_findalldevs, bt_create }, 322 #endif 323 #if PCAP_SUPPORT_CANUSB 324 { canusb_findalldevs, canusb_create }, 325 #endif 326 #ifdef PCAP_SUPPORT_CAN 327 { can_findalldevs, can_create }, 328 #endif 329 #ifdef PCAP_SUPPORT_USB 330 { usb_findalldevs, usb_create }, 331 #endif 332 #ifdef PCAP_SUPPORT_NETFILTER 333 { netfilter_findalldevs, netfilter_create }, 334 #endif 335 { NULL, NULL } 336 }; 337 338 /* 339 * Get a list of all capture sources that are up and that we can open. 340 * Returns -1 on error, 0 otherwise. 341 * The list, as returned through "alldevsp", may be null if no interfaces 342 * were up and could be opened. 343 */ 344 int 345 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 346 { 347 size_t i; 348 349 /* 350 * Get the list of regular interfaces first. 351 */ 352 if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1) 353 return (-1); /* failure */ 354 355 /* 356 * Add any interfaces that need a platform-specific mechanism 357 * to find. 358 */ 359 if (pcap_platform_finddevs(alldevsp, errbuf) == -1) { 360 /* 361 * We had an error; free the list we've been 362 * constructing. 363 */ 364 if (*alldevsp != NULL) { 365 pcap_freealldevs(*alldevsp); 366 *alldevsp = NULL; 367 } 368 return (-1); 369 } 370 371 /* 372 * Ask each of the non-local-network-interface capture 373 * source types what interfaces they have. 374 */ 375 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 376 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) { 377 /* 378 * We had an error; free the list we've been 379 * constructing. 380 */ 381 if (*alldevsp != NULL) { 382 pcap_freealldevs(*alldevsp); 383 *alldevsp = NULL; 384 } 385 return (-1); 386 } 387 } 388 return (0); 389 } 390 391 pcap_t * 392 pcap_create(const char *source, char *errbuf) 393 { 394 size_t i; 395 int is_theirs; 396 pcap_t *p; 397 398 /* 399 * A null source name is equivalent to the "any" device - 400 * which might not be supported on this platform, but 401 * this means that you'll get a "not supported" error 402 * rather than, say, a crash when we try to dereference 403 * the null pointer. 404 */ 405 if (source == NULL) 406 source = "any"; 407 408 /* 409 * Try each of the non-local-network-interface capture 410 * source types until we find one that works for this 411 * device or run out of types. 412 */ 413 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 414 is_theirs = 0; 415 p = capture_source_types[i].create_op(source, errbuf, &is_theirs); 416 if (is_theirs) { 417 /* 418 * The device name refers to a device of the 419 * type in question; either it succeeded, 420 * in which case p refers to a pcap_t to 421 * later activate for the device, or it 422 * failed, in which case p is null and we 423 * should return that to report the failure 424 * to create. 425 */ 426 return (p); 427 } 428 } 429 430 /* 431 * OK, try it as a regular network interface. 432 */ 433 return (pcap_create_interface(source, errbuf)); 434 } 435 #endif 436 437 static void 438 initialize_ops(pcap_t *p) 439 { 440 /* 441 * Set operation pointers for operations that only work on 442 * an activated pcap_t to point to a routine that returns 443 * a "this isn't activated" error. 444 */ 445 p->read_op = (read_op_t)pcap_not_initialized; 446 p->inject_op = (inject_op_t)pcap_not_initialized; 447 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 448 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 449 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 450 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 451 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized; 452 p->stats_op = (stats_op_t)pcap_not_initialized; 453 #ifdef WIN32 454 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 455 p->setmode_op = (setmode_op_t)pcap_not_initialized; 456 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 457 #endif 458 459 /* 460 * Default cleanup operation - implementations can override 461 * this, but should call pcap_cleanup_live_common() after 462 * doing their own additional cleanup. 463 */ 464 p->cleanup_op = pcap_cleanup_live_common; 465 466 /* 467 * In most cases, the standard one-short callback can 468 * be used for pcap_next()/pcap_next_ex(). 469 */ 470 p->oneshot_callback = pcap_oneshot; 471 } 472 473 pcap_t * 474 pcap_create_common(const char *source, char *ebuf) 475 { 476 pcap_t *p; 477 478 p = malloc(sizeof(*p)); 479 if (p == NULL) { 480 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 481 pcap_strerror(errno)); 482 return (NULL); 483 } 484 memset(p, 0, sizeof(*p)); 485 #ifndef WIN32 486 p->fd = -1; /* not opened yet */ 487 p->selectable_fd = -1; 488 p->send_fd = -1; 489 #endif 490 491 p->opt.source = strdup(source); 492 if (p->opt.source == NULL) { 493 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 494 pcap_strerror(errno)); 495 free(p); 496 return (NULL); 497 } 498 499 /* 500 * Default to "can't set rfmon mode"; if it's supported by 501 * a platform, the create routine that called us can set 502 * the op to its routine to check whether a particular 503 * device supports it. 504 */ 505 p->can_set_rfmon_op = pcap_cant_set_rfmon; 506 507 initialize_ops(p); 508 509 /* put in some defaults*/ 510 pcap_set_timeout(p, 0); 511 pcap_set_snaplen(p, 65535); /* max packet size */ 512 p->opt.promisc = 0; 513 p->opt.buffer_size = 0; 514 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 515 return (p); 516 } 517 518 int 519 pcap_check_activated(pcap_t *p) 520 { 521 if (p->activated) { 522 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 523 " operation on activated capture"); 524 return (-1); 525 } 526 return (0); 527 } 528 529 int 530 pcap_set_snaplen(pcap_t *p, int snaplen) 531 { 532 if (pcap_check_activated(p)) 533 return (PCAP_ERROR_ACTIVATED); 534 p->snapshot = snaplen; 535 return (0); 536 } 537 538 int 539 pcap_set_promisc(pcap_t *p, int promisc) 540 { 541 if (pcap_check_activated(p)) 542 return (PCAP_ERROR_ACTIVATED); 543 p->opt.promisc = promisc; 544 return (0); 545 } 546 547 int 548 pcap_set_rfmon(pcap_t *p, int rfmon) 549 { 550 if (pcap_check_activated(p)) 551 return (PCAP_ERROR_ACTIVATED); 552 p->opt.rfmon = rfmon; 553 return (0); 554 } 555 556 int 557 pcap_set_timeout(pcap_t *p, int timeout_ms) 558 { 559 if (pcap_check_activated(p)) 560 return (PCAP_ERROR_ACTIVATED); 561 p->md.timeout = timeout_ms; 562 return (0); 563 } 564 565 int 566 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 567 { 568 int i; 569 570 if (pcap_check_activated(p)) 571 return (PCAP_ERROR_ACTIVATED); 572 573 /* 574 * If p->tstamp_type_count is 0, we don't support setting 575 * the time stamp type at all. 576 */ 577 if (p->tstamp_type_count == 0) 578 return (PCAP_ERROR_CANTSET_TSTAMP_TYPE); 579 580 /* 581 * Check whether we claim to support this type of time stamp. 582 */ 583 for (i = 0; i < p->tstamp_type_count; i++) { 584 if (p->tstamp_type_list[i] == tstamp_type) { 585 /* 586 * Yes. 587 */ 588 p->opt.tstamp_type = tstamp_type; 589 return (0); 590 } 591 } 592 593 /* 594 * No. We support setting the time stamp type, but not to this 595 * particular value. 596 */ 597 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 598 } 599 600 int 601 pcap_set_buffer_size(pcap_t *p, int buffer_size) 602 { 603 if (pcap_check_activated(p)) 604 return (PCAP_ERROR_ACTIVATED); 605 p->opt.buffer_size = buffer_size; 606 return (0); 607 } 608 609 int 610 pcap_activate(pcap_t *p) 611 { 612 int status; 613 614 /* 615 * Catch attempts to re-activate an already-activated 616 * pcap_t; this should, for example, catch code that 617 * calls pcap_open_live() followed by pcap_activate(), 618 * as some code that showed up in a Stack Exchange 619 * question did. 620 */ 621 if (pcap_check_activated(p)) 622 return (PCAP_ERROR_ACTIVATED); 623 status = p->activate_op(p); 624 if (status >= 0) 625 p->activated = 1; 626 else { 627 if (p->errbuf[0] == '\0') { 628 /* 629 * No error message supplied by the activate routine; 630 * for the benefit of programs that don't specially 631 * handle errors other than PCAP_ERROR, return the 632 * error message corresponding to the status. 633 */ 634 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 635 pcap_statustostr(status)); 636 } 637 638 /* 639 * Undo any operation pointer setting, etc. done by 640 * the activate operation. 641 */ 642 initialize_ops(p); 643 } 644 return (status); 645 } 646 647 pcap_t * 648 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf) 649 { 650 pcap_t *p; 651 int status; 652 653 p = pcap_create(source, errbuf); 654 if (p == NULL) 655 return (NULL); 656 status = pcap_set_snaplen(p, snaplen); 657 if (status < 0) 658 goto fail; 659 status = pcap_set_promisc(p, promisc); 660 if (status < 0) 661 goto fail; 662 status = pcap_set_timeout(p, to_ms); 663 if (status < 0) 664 goto fail; 665 /* 666 * Mark this as opened with pcap_open_live(), so that, for 667 * example, we show the full list of DLT_ values, rather 668 * than just the ones that are compatible with capturing 669 * when not in monitor mode. That allows existing applications 670 * to work the way they used to work, but allows new applications 671 * that know about the new open API to, for example, find out the 672 * DLT_ values that they can select without changing whether 673 * the adapter is in monitor mode or not. 674 */ 675 p->oldstyle = 1; 676 status = pcap_activate(p); 677 if (status < 0) 678 goto fail; 679 return (p); 680 fail: 681 if (status == PCAP_ERROR) 682 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 683 p->errbuf); 684 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 685 status == PCAP_ERROR_PERM_DENIED || 686 status == PCAP_ERROR_PROMISC_PERM_DENIED) 687 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source, 688 pcap_statustostr(status), p->errbuf); 689 else 690 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source, 691 pcap_statustostr(status)); 692 pcap_close(p); 693 return (NULL); 694 } 695 696 int 697 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 698 { 699 return (p->read_op(p, cnt, callback, user)); 700 } 701 702 /* 703 * XXX - is this necessary? 704 */ 705 int 706 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 707 { 708 709 return (p->read_op(p, cnt, callback, user)); 710 } 711 712 int 713 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 714 { 715 register int n; 716 717 for (;;) { 718 if (p->sf.rfile != NULL) { 719 /* 720 * 0 means EOF, so don't loop if we get 0. 721 */ 722 n = pcap_offline_read(p, cnt, callback, user); 723 } else { 724 /* 725 * XXX keep reading until we get something 726 * (or an error occurs) 727 */ 728 do { 729 n = p->read_op(p, cnt, callback, user); 730 } while (n == 0); 731 } 732 if (n <= 0) 733 return (n); 734 if (cnt > 0) { 735 cnt -= n; 736 if (cnt <= 0) 737 return (0); 738 } 739 } 740 } 741 742 /* 743 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 744 */ 745 void 746 pcap_breakloop(pcap_t *p) 747 { 748 p->break_loop = 1; 749 } 750 751 int 752 pcap_datalink(pcap_t *p) 753 { 754 return (p->linktype); 755 } 756 757 int 758 pcap_datalink_ext(pcap_t *p) 759 { 760 return (p->linktype_ext); 761 } 762 763 int 764 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 765 { 766 if (p->dlt_count == 0) { 767 /* 768 * We couldn't fetch the list of DLTs, which means 769 * this platform doesn't support changing the 770 * DLT for an interface. Return a list of DLTs 771 * containing only the DLT this device supports. 772 */ 773 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 774 if (*dlt_buffer == NULL) { 775 (void)snprintf(p->errbuf, sizeof(p->errbuf), 776 "malloc: %s", pcap_strerror(errno)); 777 return (-1); 778 } 779 **dlt_buffer = p->linktype; 780 return (1); 781 } else { 782 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 783 if (*dlt_buffer == NULL) { 784 (void)snprintf(p->errbuf, sizeof(p->errbuf), 785 "malloc: %s", pcap_strerror(errno)); 786 return (-1); 787 } 788 (void)memcpy(*dlt_buffer, p->dlt_list, 789 sizeof(**dlt_buffer) * p->dlt_count); 790 return (p->dlt_count); 791 } 792 } 793 794 /* 795 * In Windows, you might have a library built with one version of the 796 * C runtime library and an application built with another version of 797 * the C runtime library, which means that the library might use one 798 * version of malloc() and free() and the application might use another 799 * version of malloc() and free(). If so, that means something 800 * allocated by the library cannot be freed by the application, so we 801 * need to have a pcap_free_datalinks() routine to free up the list 802 * allocated by pcap_list_datalinks(), even though it's just a wrapper 803 * around free(). 804 */ 805 void 806 pcap_free_datalinks(int *dlt_list) 807 { 808 free(dlt_list); 809 } 810 811 int 812 pcap_set_datalink(pcap_t *p, int dlt) 813 { 814 int i; 815 const char *dlt_name; 816 817 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 818 /* 819 * We couldn't fetch the list of DLTs, or we don't 820 * have a "set datalink" operation, which means 821 * this platform doesn't support changing the 822 * DLT for an interface. Check whether the new 823 * DLT is the one this interface supports. 824 */ 825 if (p->linktype != dlt) 826 goto unsupported; 827 828 /* 829 * It is, so there's nothing we need to do here. 830 */ 831 return (0); 832 } 833 for (i = 0; i < p->dlt_count; i++) 834 if (p->dlt_list[i] == dlt) 835 break; 836 if (i >= p->dlt_count) 837 goto unsupported; 838 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 839 dlt == DLT_DOCSIS) { 840 /* 841 * This is presumably an Ethernet device, as the first 842 * link-layer type it offers is DLT_EN10MB, and the only 843 * other type it offers is DLT_DOCSIS. That means that 844 * we can't tell the driver to supply DOCSIS link-layer 845 * headers - we're just pretending that's what we're 846 * getting, as, presumably, we're capturing on a dedicated 847 * link to a Cisco Cable Modem Termination System, and 848 * it's putting raw DOCSIS frames on the wire inside low-level 849 * Ethernet framing. 850 */ 851 p->linktype = dlt; 852 return (0); 853 } 854 if (p->set_datalink_op(p, dlt) == -1) 855 return (-1); 856 p->linktype = dlt; 857 return (0); 858 859 unsupported: 860 dlt_name = pcap_datalink_val_to_name(dlt); 861 if (dlt_name != NULL) { 862 (void) snprintf(p->errbuf, sizeof(p->errbuf), 863 "%s is not one of the DLTs supported by this device", 864 dlt_name); 865 } else { 866 (void) snprintf(p->errbuf, sizeof(p->errbuf), 867 "DLT %d is not one of the DLTs supported by this device", 868 dlt); 869 } 870 return (-1); 871 } 872 873 /* 874 * This array is designed for mapping upper and lower case letter 875 * together for a case independent comparison. The mappings are 876 * based upon ascii character sequences. 877 */ 878 static const u_char charmap[] = { 879 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 880 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 881 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 882 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 883 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 884 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 885 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 886 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 887 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 888 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 889 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 890 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 891 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 892 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 893 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 894 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 895 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 896 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 897 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 898 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 899 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 900 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 901 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 902 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 903 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 904 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 905 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 906 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 907 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 908 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 909 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 910 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 911 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 912 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 913 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 914 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 915 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 916 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 917 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 918 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 919 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 920 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 921 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 922 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 923 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 924 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 925 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 926 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 927 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 928 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 929 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 930 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 931 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 932 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 933 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 934 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 935 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 936 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 937 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 938 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 939 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 940 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 941 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 942 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 943 }; 944 945 int 946 pcap_strcasecmp(const char *s1, const char *s2) 947 { 948 register const u_char *cm = charmap, 949 *us1 = (const u_char *)s1, 950 *us2 = (const u_char *)s2; 951 952 while (cm[*us1] == cm[*us2++]) 953 if (*us1++ == '\0') 954 return(0); 955 return (cm[*us1] - cm[*--us2]); 956 } 957 958 struct dlt_choice { 959 const char *name; 960 const char *description; 961 int dlt; 962 }; 963 964 #define DLT_CHOICE(code, description) { #code, description, code } 965 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 966 967 static struct dlt_choice dlt_choices[] = { 968 DLT_CHOICE(DLT_NULL, "BSD loopback"), 969 DLT_CHOICE(DLT_EN10MB, "Ethernet"), 970 DLT_CHOICE(DLT_IEEE802, "Token ring"), 971 DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"), 972 DLT_CHOICE(DLT_SLIP, "SLIP"), 973 DLT_CHOICE(DLT_PPP, "PPP"), 974 DLT_CHOICE(DLT_FDDI, "FDDI"), 975 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 976 DLT_CHOICE(DLT_RAW, "Raw IP"), 977 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), 978 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), 979 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), 980 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), 981 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), 982 DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"), 983 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), 984 DLT_CHOICE(DLT_IEEE802_11, "802.11"), 985 DLT_CHOICE(DLT_FRELAY, "Frame Relay"), 986 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), 987 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), 988 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), 989 DLT_CHOICE(DLT_LTALK, "Localtalk"), 990 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"), 991 DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"), 992 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), 993 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 994 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), 995 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"), 996 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), 997 DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 998 DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 999 DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"), 1000 DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"), 1001 DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 1002 DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"), 1003 DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 1004 DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"), 1005 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 1006 DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 1007 DLT_CHOICE(DLT_MTP2, "SS7 MTP2"), 1008 DLT_CHOICE(DLT_MTP3, "SS7 MTP3"), 1009 DLT_CHOICE(DLT_SCCP, "SS7 SCCP"), 1010 DLT_CHOICE(DLT_DOCSIS, "DOCSIS"), 1011 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), 1012 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 1013 DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 1014 DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"), 1015 DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"), 1016 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 1017 DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"), 1018 DLT_CHOICE(DLT_GPF_T, "GPF-T"), 1019 DLT_CHOICE(DLT_GPF_F, "GPF-F"), 1020 DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"), 1021 DLT_CHOICE(DLT_ERF_ETH, "Ethernet with Endace ERF header"), 1022 DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"), 1023 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"), 1024 DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"), 1025 DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"), 1026 DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"), 1027 DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"), 1028 DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"), 1029 DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"), 1030 DLT_CHOICE(DLT_A429, "Arinc 429"), 1031 DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"), 1032 DLT_CHOICE(DLT_USB, "USB"), 1033 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 1034 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 1035 DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"), 1036 DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"), 1037 DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 1038 DLT_CHOICE(DLT_PPI, "Per-Packet Information"), 1039 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 1040 DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"), 1041 DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"), 1042 DLT_CHOICE(DLT_SITA, "SITA pseudo-header"), 1043 DLT_CHOICE(DLT_ERF, "Endace ERF header"), 1044 DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"), 1045 DLT_CHOICE(DLT_IPMB, "IPMB"), 1046 DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"), 1047 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 1048 DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"), 1049 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 1050 DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"), 1051 DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"), 1052 DLT_CHOICE(DLT_DECT, "DECT"), 1053 DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"), 1054 DLT_CHOICE(DLT_WIHART, "Wireless HART"), 1055 DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"), 1056 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 1057 DLT_CHOICE(DLT_IPNET, "Solaris ipnet"), 1058 DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 1059 DLT_CHOICE(DLT_IPV4, "Raw IPv4"), 1060 DLT_CHOICE(DLT_IPV6, "Raw IPv6"), 1061 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 1062 DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"), 1063 DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"), 1064 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 1065 DLT_CHOICE(DLT_DVB_CI, "DVB-CI"), 1066 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 1067 DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"), 1068 DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 1069 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 1070 DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"), 1071 DLT_CHOICE_SENTINEL 1072 }; 1073 1074 int 1075 pcap_datalink_name_to_val(const char *name) 1076 { 1077 int i; 1078 1079 for (i = 0; dlt_choices[i].name != NULL; i++) { 1080 if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, 1081 name) == 0) 1082 return (dlt_choices[i].dlt); 1083 } 1084 return (-1); 1085 } 1086 1087 const char * 1088 pcap_datalink_val_to_name(int dlt) 1089 { 1090 int i; 1091 1092 for (i = 0; dlt_choices[i].name != NULL; i++) { 1093 if (dlt_choices[i].dlt == dlt) 1094 return (dlt_choices[i].name + sizeof("DLT_") - 1); 1095 } 1096 return (NULL); 1097 } 1098 1099 const char * 1100 pcap_datalink_val_to_description(int dlt) 1101 { 1102 int i; 1103 1104 for (i = 0; dlt_choices[i].name != NULL; i++) { 1105 if (dlt_choices[i].dlt == dlt) 1106 return (dlt_choices[i].description); 1107 } 1108 return (NULL); 1109 } 1110 1111 struct tstamp_type_choice { 1112 const char *name; 1113 const char *description; 1114 int type; 1115 }; 1116 1117 static struct tstamp_type_choice tstamp_type_choices[] = { 1118 { "host", "Host", PCAP_TSTAMP_HOST }, 1119 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 1120 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 1121 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 1122 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 1123 { NULL, NULL, 0 } 1124 }; 1125 1126 int 1127 pcap_tstamp_type_name_to_val(const char *name) 1128 { 1129 int i; 1130 1131 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1132 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 1133 return (tstamp_type_choices[i].type); 1134 } 1135 return (PCAP_ERROR); 1136 } 1137 1138 const char * 1139 pcap_tstamp_type_val_to_name(int tstamp_type) 1140 { 1141 int i; 1142 1143 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1144 if (tstamp_type_choices[i].type == tstamp_type) 1145 return (tstamp_type_choices[i].name); 1146 } 1147 return (NULL); 1148 } 1149 1150 const char * 1151 pcap_tstamp_type_val_to_description(int tstamp_type) 1152 { 1153 int i; 1154 1155 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 1156 if (tstamp_type_choices[i].type == tstamp_type) 1157 return (tstamp_type_choices[i].description); 1158 } 1159 return (NULL); 1160 } 1161 1162 int 1163 pcap_snapshot(pcap_t *p) 1164 { 1165 return (p->snapshot); 1166 } 1167 1168 int 1169 pcap_is_swapped(pcap_t *p) 1170 { 1171 return (p->sf.swapped); 1172 } 1173 1174 int 1175 pcap_major_version(pcap_t *p) 1176 { 1177 return (p->sf.version_major); 1178 } 1179 1180 int 1181 pcap_minor_version(pcap_t *p) 1182 { 1183 return (p->sf.version_minor); 1184 } 1185 1186 FILE * 1187 pcap_file(pcap_t *p) 1188 { 1189 return (p->sf.rfile); 1190 } 1191 1192 int 1193 pcap_fileno(pcap_t *p) 1194 { 1195 #ifndef WIN32 1196 return (p->fd); 1197 #else 1198 if (p->adapter != NULL) 1199 return ((int)(DWORD)p->adapter->hFile); 1200 else 1201 return (-1); 1202 #endif 1203 } 1204 1205 #if !defined(WIN32) && !defined(MSDOS) 1206 int 1207 pcap_get_selectable_fd(pcap_t *p) 1208 { 1209 return (p->selectable_fd); 1210 } 1211 #endif 1212 1213 void 1214 pcap_perror(pcap_t *p, char *prefix) 1215 { 1216 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 1217 } 1218 1219 char * 1220 pcap_geterr(pcap_t *p) 1221 { 1222 return (p->errbuf); 1223 } 1224 1225 int 1226 pcap_getnonblock(pcap_t *p, char *errbuf) 1227 { 1228 int ret; 1229 1230 ret = p->getnonblock_op(p, errbuf); 1231 if (ret == -1) { 1232 /* 1233 * In case somebody depended on the bug wherein 1234 * the error message was put into p->errbuf 1235 * by pcap_getnonblock_fd(). 1236 */ 1237 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1238 } 1239 return (ret); 1240 } 1241 1242 /* 1243 * Get the current non-blocking mode setting, under the assumption that 1244 * it's just the standard POSIX non-blocking flag. 1245 * 1246 * We don't look at "p->nonblock", in case somebody tweaked the FD 1247 * directly. 1248 */ 1249 #if !defined(WIN32) && !defined(MSDOS) 1250 int 1251 pcap_getnonblock_fd(pcap_t *p, char *errbuf) 1252 { 1253 int fdflags; 1254 1255 fdflags = fcntl(p->fd, F_GETFL, 0); 1256 if (fdflags == -1) { 1257 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1258 pcap_strerror(errno)); 1259 return (-1); 1260 } 1261 if (fdflags & O_NONBLOCK) 1262 return (1); 1263 else 1264 return (0); 1265 } 1266 #endif 1267 1268 int 1269 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 1270 { 1271 int ret; 1272 1273 ret = p->setnonblock_op(p, nonblock, errbuf); 1274 if (ret == -1) { 1275 /* 1276 * In case somebody depended on the bug wherein 1277 * the error message was put into p->errbuf 1278 * by pcap_setnonblock_fd(). 1279 */ 1280 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE); 1281 } 1282 return (ret); 1283 } 1284 1285 #if !defined(WIN32) && !defined(MSDOS) 1286 /* 1287 * Set non-blocking mode, under the assumption that it's just the 1288 * standard POSIX non-blocking flag. (This can be called by the 1289 * per-platform non-blocking-mode routine if that routine also 1290 * needs to do some additional work.) 1291 */ 1292 int 1293 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf) 1294 { 1295 int fdflags; 1296 1297 fdflags = fcntl(p->fd, F_GETFL, 0); 1298 if (fdflags == -1) { 1299 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 1300 pcap_strerror(errno)); 1301 return (-1); 1302 } 1303 if (nonblock) 1304 fdflags |= O_NONBLOCK; 1305 else 1306 fdflags &= ~O_NONBLOCK; 1307 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 1308 snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 1309 pcap_strerror(errno)); 1310 return (-1); 1311 } 1312 return (0); 1313 } 1314 #endif 1315 1316 #ifdef WIN32 1317 /* 1318 * Generate a string for the last Win32-specific error (i.e. an error generated when 1319 * calling a Win32 API). 1320 * For errors occurred during standard C calls, we still use pcap_strerror() 1321 */ 1322 char * 1323 pcap_win32strerror(void) 1324 { 1325 DWORD error; 1326 static char errbuf[PCAP_ERRBUF_SIZE+1]; 1327 int errlen; 1328 char *p; 1329 1330 error = GetLastError(); 1331 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 1332 PCAP_ERRBUF_SIZE, NULL); 1333 1334 /* 1335 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 1336 * message. Get rid of it. 1337 */ 1338 errlen = strlen(errbuf); 1339 if (errlen >= 2) { 1340 errbuf[errlen - 1] = '\0'; 1341 errbuf[errlen - 2] = '\0'; 1342 } 1343 p = strchr(errbuf, '\0'); 1344 snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error); 1345 return (errbuf); 1346 } 1347 #endif 1348 1349 /* 1350 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 1351 */ 1352 const char * 1353 pcap_statustostr(int errnum) 1354 { 1355 static char ebuf[15+10+1]; 1356 1357 switch (errnum) { 1358 1359 case PCAP_WARNING: 1360 return("Generic warning"); 1361 1362 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 1363 return ("That type of time stamp is not supported by that device"); 1364 1365 case PCAP_WARNING_PROMISC_NOTSUP: 1366 return ("That device doesn't support promiscuous mode"); 1367 1368 case PCAP_ERROR: 1369 return("Generic error"); 1370 1371 case PCAP_ERROR_BREAK: 1372 return("Loop terminated by pcap_breakloop"); 1373 1374 case PCAP_ERROR_NOT_ACTIVATED: 1375 return("The pcap_t has not been activated"); 1376 1377 case PCAP_ERROR_ACTIVATED: 1378 return ("The setting can't be changed after the pcap_t is activated"); 1379 1380 case PCAP_ERROR_NO_SUCH_DEVICE: 1381 return ("No such device exists"); 1382 1383 case PCAP_ERROR_RFMON_NOTSUP: 1384 return ("That device doesn't support monitor mode"); 1385 1386 case PCAP_ERROR_NOT_RFMON: 1387 return ("That operation is supported only in monitor mode"); 1388 1389 case PCAP_ERROR_PERM_DENIED: 1390 return ("You don't have permission to capture on that device"); 1391 1392 case PCAP_ERROR_IFACE_NOT_UP: 1393 return ("That device is not up"); 1394 1395 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 1396 return ("That device doesn't support setting the time stamp type"); 1397 1398 case PCAP_ERROR_PROMISC_PERM_DENIED: 1399 return ("You don't have permission to capture in promiscuous mode on that device"); 1400 } 1401 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1402 return(ebuf); 1403 } 1404 1405 /* 1406 * Not all systems have strerror(). 1407 */ 1408 const char * 1409 pcap_strerror(int errnum) 1410 { 1411 #ifdef HAVE_STRERROR 1412 return (strerror(errnum)); 1413 #else 1414 extern int sys_nerr; 1415 extern const char *const sys_errlist[]; 1416 static char ebuf[15+10+1]; 1417 1418 if ((unsigned int)errnum < sys_nerr) 1419 return ((char *)sys_errlist[errnum]); 1420 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 1421 return(ebuf); 1422 #endif 1423 } 1424 1425 int 1426 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 1427 { 1428 return (p->setfilter_op(p, fp)); 1429 } 1430 1431 /* 1432 * Set direction flag, which controls whether we accept only incoming 1433 * packets, only outgoing packets, or both. 1434 * Note that, depending on the platform, some or all direction arguments 1435 * might not be supported. 1436 */ 1437 int 1438 pcap_setdirection(pcap_t *p, pcap_direction_t d) 1439 { 1440 if (p->setdirection_op == NULL) { 1441 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1442 "Setting direction is not implemented on this platform"); 1443 return (-1); 1444 } else 1445 return (p->setdirection_op(p, d)); 1446 } 1447 1448 int 1449 pcap_stats(pcap_t *p, struct pcap_stat *ps) 1450 { 1451 return (p->stats_op(p, ps)); 1452 } 1453 1454 static int 1455 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 1456 { 1457 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1458 "Statistics aren't available from a pcap_open_dead pcap_t"); 1459 return (-1); 1460 } 1461 1462 #ifdef WIN32 1463 int 1464 pcap_setbuff(pcap_t *p, int dim) 1465 { 1466 return (p->setbuff_op(p, dim)); 1467 } 1468 1469 static int 1470 pcap_setbuff_dead(pcap_t *p, int dim) 1471 { 1472 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1473 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 1474 return (-1); 1475 } 1476 1477 int 1478 pcap_setmode(pcap_t *p, int mode) 1479 { 1480 return (p->setmode_op(p, mode)); 1481 } 1482 1483 static int 1484 pcap_setmode_dead(pcap_t *p, int mode) 1485 { 1486 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1487 "impossible to set mode on a pcap_open_dead pcap_t"); 1488 return (-1); 1489 } 1490 1491 int 1492 pcap_setmintocopy(pcap_t *p, int size) 1493 { 1494 return (p->setmintocopy_op(p, size)); 1495 } 1496 1497 static int 1498 pcap_setmintocopy_dead(pcap_t *p, int size) 1499 { 1500 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1501 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 1502 return (-1); 1503 } 1504 #endif 1505 1506 /* 1507 * On some platforms, we need to clean up promiscuous or monitor mode 1508 * when we close a device - and we want that to happen even if the 1509 * application just exits without explicitl closing devices. 1510 * On those platforms, we need to register a "close all the pcaps" 1511 * routine to be called when we exit, and need to maintain a list of 1512 * pcaps that need to be closed to clean up modes. 1513 * 1514 * XXX - not thread-safe. 1515 */ 1516 1517 /* 1518 * List of pcaps on which we've done something that needs to be 1519 * cleaned up. 1520 * If there are any such pcaps, we arrange to call "pcap_close_all()" 1521 * when we exit, and have it close all of them. 1522 */ 1523 static struct pcap *pcaps_to_close; 1524 1525 /* 1526 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 1527 * be called on exit. 1528 */ 1529 static int did_atexit; 1530 1531 static void 1532 pcap_close_all(void) 1533 { 1534 struct pcap *handle; 1535 1536 while ((handle = pcaps_to_close) != NULL) 1537 pcap_close(handle); 1538 } 1539 1540 int 1541 pcap_do_addexit(pcap_t *p) 1542 { 1543 /* 1544 * If we haven't already done so, arrange to have 1545 * "pcap_close_all()" called when we exit. 1546 */ 1547 if (!did_atexit) { 1548 if (atexit(pcap_close_all) == -1) { 1549 /* 1550 * "atexit()" failed; let our caller know. 1551 */ 1552 strncpy(p->errbuf, "atexit failed", 1553 PCAP_ERRBUF_SIZE); 1554 return (0); 1555 } 1556 did_atexit = 1; 1557 } 1558 return (1); 1559 } 1560 1561 void 1562 pcap_add_to_pcaps_to_close(pcap_t *p) 1563 { 1564 p->md.next = pcaps_to_close; 1565 pcaps_to_close = p; 1566 } 1567 1568 void 1569 pcap_remove_from_pcaps_to_close(pcap_t *p) 1570 { 1571 pcap_t *pc, *prevpc; 1572 1573 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 1574 prevpc = pc, pc = pc->md.next) { 1575 if (pc == p) { 1576 /* 1577 * Found it. Remove it from the list. 1578 */ 1579 if (prevpc == NULL) { 1580 /* 1581 * It was at the head of the list. 1582 */ 1583 pcaps_to_close = pc->md.next; 1584 } else { 1585 /* 1586 * It was in the middle of the list. 1587 */ 1588 prevpc->md.next = pc->md.next; 1589 } 1590 break; 1591 } 1592 } 1593 } 1594 1595 void 1596 pcap_cleanup_live_common(pcap_t *p) 1597 { 1598 if (p->buffer != NULL) { 1599 free(p->buffer); 1600 p->buffer = NULL; 1601 } 1602 if (p->dlt_list != NULL) { 1603 free(p->dlt_list); 1604 p->dlt_list = NULL; 1605 p->dlt_count = 0; 1606 } 1607 if (p->tstamp_type_list != NULL) { 1608 free(p->tstamp_type_list); 1609 p->tstamp_type_list = NULL; 1610 p->tstamp_type_count = 0; 1611 } 1612 pcap_freecode(&p->fcode); 1613 #if !defined(WIN32) && !defined(MSDOS) 1614 if (p->fd >= 0) { 1615 close(p->fd); 1616 p->fd = -1; 1617 } 1618 p->selectable_fd = -1; 1619 p->send_fd = -1; 1620 #endif 1621 } 1622 1623 static void 1624 pcap_cleanup_dead(pcap_t *p _U_) 1625 { 1626 /* Nothing to do. */ 1627 } 1628 1629 pcap_t * 1630 pcap_open_dead(int linktype, int snaplen) 1631 { 1632 pcap_t *p; 1633 1634 p = malloc(sizeof(*p)); 1635 if (p == NULL) 1636 return NULL; 1637 memset (p, 0, sizeof(*p)); 1638 p->snapshot = snaplen; 1639 p->linktype = linktype; 1640 p->stats_op = pcap_stats_dead; 1641 #ifdef WIN32 1642 p->setbuff_op = pcap_setbuff_dead; 1643 p->setmode_op = pcap_setmode_dead; 1644 p->setmintocopy_op = pcap_setmintocopy_dead; 1645 #endif 1646 p->cleanup_op = pcap_cleanup_dead; 1647 p->activated = 1; 1648 return (p); 1649 } 1650 1651 /* 1652 * API compatible with WinPcap's "send a packet" routine - returns -1 1653 * on error, 0 otherwise. 1654 * 1655 * XXX - what if we get a short write? 1656 */ 1657 int 1658 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 1659 { 1660 if (p->inject_op(p, buf, size) == -1) 1661 return (-1); 1662 return (0); 1663 } 1664 1665 /* 1666 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 1667 * error, number of bytes written otherwise. 1668 */ 1669 int 1670 pcap_inject(pcap_t *p, const void *buf, size_t size) 1671 { 1672 return (p->inject_op(p, buf, size)); 1673 } 1674 1675 void 1676 pcap_close(pcap_t *p) 1677 { 1678 if (p->opt.source != NULL) 1679 free(p->opt.source); 1680 p->cleanup_op(p); 1681 free(p); 1682 } 1683 1684 /* 1685 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 1686 * data for the packet, check whether the packet passes the filter. 1687 * Returns the return value of the filter program, which will be zero if 1688 * the packet doesn't pass and non-zero if the packet does pass. 1689 */ 1690 int 1691 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 1692 const u_char *pkt) 1693 { 1694 const struct bpf_insn *fcode = fp->bf_insns; 1695 1696 if (fcode != NULL) 1697 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 1698 else 1699 return (0); 1700 } 1701 1702 /* 1703 * We make the version string static, and return a pointer to it, rather 1704 * than exporting the version string directly. On at least some UNIXes, 1705 * if you import data from a shared library into an program, the data is 1706 * bound into the program binary, so if the string in the version of the 1707 * library with which the program was linked isn't the same as the 1708 * string in the version of the library with which the program is being 1709 * run, various undesirable things may happen (warnings, the string 1710 * being the one from the version of the library with which the program 1711 * was linked, or even weirder things, such as the string being the one 1712 * from the library but being truncated). 1713 */ 1714 #ifdef HAVE_VERSION_H 1715 #include "version.h" 1716 #else 1717 static const char pcap_version_string[] = "libpcap version 1.x.y"; 1718 #endif 1719 1720 #ifdef WIN32 1721 /* 1722 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap 1723 * version numbers when building WinPcap. (It'd be nice to do so for 1724 * the packet.dll version number as well.) 1725 */ 1726 static const char wpcap_version_string[] = "4.0"; 1727 static const char pcap_version_string_fmt[] = 1728 "WinPcap version %s, based on %s"; 1729 static const char pcap_version_string_packet_dll_fmt[] = 1730 "WinPcap version %s (packet.dll version %s), based on %s"; 1731 static char *full_pcap_version_string; 1732 1733 const char * 1734 pcap_lib_version(void) 1735 { 1736 char *packet_version_string; 1737 size_t full_pcap_version_string_len; 1738 1739 if (full_pcap_version_string == NULL) { 1740 /* 1741 * Generate the version string. 1742 */ 1743 packet_version_string = PacketGetVersion(); 1744 if (strcmp(wpcap_version_string, packet_version_string) == 0) { 1745 /* 1746 * WinPcap version string and packet.dll version 1747 * string are the same; just report the WinPcap 1748 * version. 1749 */ 1750 full_pcap_version_string_len = 1751 (sizeof pcap_version_string_fmt - 4) + 1752 strlen(wpcap_version_string) + 1753 strlen(pcap_version_string); 1754 full_pcap_version_string = 1755 malloc(full_pcap_version_string_len); 1756 sprintf(full_pcap_version_string, 1757 pcap_version_string_fmt, wpcap_version_string, 1758 pcap_version_string); 1759 } else { 1760 /* 1761 * WinPcap version string and packet.dll version 1762 * string are different; that shouldn't be the 1763 * case (the two libraries should come from the 1764 * same version of WinPcap), so we report both 1765 * versions. 1766 */ 1767 full_pcap_version_string_len = 1768 (sizeof pcap_version_string_packet_dll_fmt - 6) + 1769 strlen(wpcap_version_string) + 1770 strlen(packet_version_string) + 1771 strlen(pcap_version_string); 1772 full_pcap_version_string = malloc(full_pcap_version_string_len); 1773 1774 sprintf(full_pcap_version_string, 1775 pcap_version_string_packet_dll_fmt, 1776 wpcap_version_string, packet_version_string, 1777 pcap_version_string); 1778 } 1779 } 1780 return (full_pcap_version_string); 1781 } 1782 1783 #elif defined(MSDOS) 1784 1785 static char *full_pcap_version_string; 1786 1787 const char * 1788 pcap_lib_version (void) 1789 { 1790 char *packet_version_string; 1791 size_t full_pcap_version_string_len; 1792 static char dospfx[] = "DOS-"; 1793 1794 if (full_pcap_version_string == NULL) { 1795 /* 1796 * Generate the version string. 1797 */ 1798 full_pcap_version_string_len = 1799 sizeof dospfx + strlen(pcap_version_string); 1800 full_pcap_version_string = 1801 malloc(full_pcap_version_string_len); 1802 strcpy(full_pcap_version_string, dospfx); 1803 strcat(full_pcap_version_string, pcap_version_string); 1804 } 1805 return (full_pcap_version_string); 1806 } 1807 1808 #else /* UN*X */ 1809 1810 const char * 1811 pcap_lib_version(void) 1812 { 1813 return (pcap_version_string); 1814 } 1815 #endif 1816