1 /* 2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the Computer Systems 16 * Engineering Group at Lawrence Berkeley Laboratory. 17 * 4. Neither the name of the University nor of the Laboratory may be used 18 * to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #ifdef HAVE_CONFIG_H 35 #include <config.h> 36 #endif 37 38 #include <pcap-types.h> 39 #ifndef _WIN32 40 #include <sys/param.h> 41 #ifndef MSDOS 42 #include <sys/file.h> 43 #endif 44 #include <sys/ioctl.h> 45 #include <sys/socket.h> 46 #ifdef HAVE_SYS_SOCKIO_H 47 #include <sys/sockio.h> 48 #endif 49 50 struct mbuf; /* Squelch compiler warnings on some platforms for */ 51 struct rtentry; /* declarations in <net/if.h> */ 52 #include <net/if.h> 53 #include <netinet/in.h> 54 #endif /* _WIN32 */ 55 56 #include <ctype.h> 57 #include <stdio.h> 58 #include <stdlib.h> 59 #include <string.h> 60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 61 #include <unistd.h> 62 #endif 63 #include <fcntl.h> 64 #include <errno.h> 65 #ifdef HAVE_LIMITS_H 66 #include <limits.h> 67 #else 68 #define INT_MAX 2147483647 69 #endif 70 71 #ifdef HAVE_OS_PROTO_H 72 #include "os-proto.h" 73 #endif 74 75 #ifdef MSDOS 76 #include "pcap-dos.h" 77 #endif 78 79 #include "pcap-int.h" 80 81 #include "optimize.h" 82 83 #ifdef HAVE_DAG_API 84 #include "pcap-dag.h" 85 #endif /* HAVE_DAG_API */ 86 87 #ifdef HAVE_SEPTEL_API 88 #include "pcap-septel.h" 89 #endif /* HAVE_SEPTEL_API */ 90 91 #ifdef HAVE_SNF_API 92 #include "pcap-snf.h" 93 #endif /* HAVE_SNF_API */ 94 95 #ifdef HAVE_TC_API 96 #include "pcap-tc.h" 97 #endif /* HAVE_TC_API */ 98 99 #ifdef PCAP_SUPPORT_USB 100 #include "pcap-usb-linux.h" 101 #endif 102 103 #ifdef PCAP_SUPPORT_BT 104 #include "pcap-bt-linux.h" 105 #endif 106 107 #ifdef PCAP_SUPPORT_BT_MONITOR 108 #include "pcap-bt-monitor-linux.h" 109 #endif 110 111 #ifdef PCAP_SUPPORT_NETFILTER 112 #include "pcap-netfilter-linux.h" 113 #endif 114 115 #ifdef PCAP_SUPPORT_NETMAP 116 #include "pcap-netmap.h" 117 #endif 118 119 #ifdef PCAP_SUPPORT_DBUS 120 #include "pcap-dbus.h" 121 #endif 122 123 #ifdef PCAP_SUPPORT_RDMASNIFF 124 #include "pcap-rdmasniff.h" 125 #endif 126 127 #ifdef _WIN32 128 /* 129 * DllMain(), required when built as a Windows DLL. 130 */ 131 BOOL WINAPI DllMain( 132 HANDLE hinstDLL, 133 DWORD dwReason, 134 LPVOID lpvReserved 135 ) 136 { 137 return (TRUE); 138 } 139 140 /* 141 * Start WinSock. 142 * Exported in case some applications using WinPcap called it, 143 * even though it wasn't exported. 144 */ 145 int 146 wsockinit(void) 147 { 148 WORD wVersionRequested; 149 WSADATA wsaData; 150 static int err = -1; 151 static int done = 0; 152 153 if (done) 154 return (err); 155 156 wVersionRequested = MAKEWORD( 1, 1); 157 err = WSAStartup( wVersionRequested, &wsaData ); 158 atexit ((void(*)(void))WSACleanup); 159 done = 1; 160 161 if ( err != 0 ) 162 err = -1; 163 return (err); 164 } 165 166 /* 167 * This is the exported function; new programs should call this. 168 */ 169 int 170 pcap_wsockinit(void) 171 { 172 return (wsockinit()); 173 } 174 #endif /* _WIN32 */ 175 176 /* 177 * String containing the library version. 178 * Not explicitly exported via a header file - the right API to use 179 * is pcap_lib_version() - but some programs included it, so we 180 * provide it. 181 * 182 * We declare it here, right before defining it, to squelch any 183 * warnings we might get from compilers about the lack of a 184 * declaration. 185 */ 186 PCAP_API char pcap_version[]; 187 PCAP_API_DEF char pcap_version[] = PACKAGE_VERSION; 188 189 static int 190 pcap_not_initialized(pcap_t *pcap) 191 { 192 if (pcap->activated) { 193 /* A module probably forgot to set the function pointer */ 194 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 195 "This operation isn't properly handled by that device"); 196 return (PCAP_ERROR); 197 } 198 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */ 199 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 200 "This handle hasn't been activated yet"); 201 /* this means 'not initialized' */ 202 return (PCAP_ERROR_NOT_ACTIVATED); 203 } 204 205 #ifdef _WIN32 206 static void * 207 pcap_not_initialized_ptr(pcap_t *pcap) 208 { 209 if (pcap->activated) { 210 /* A module probably forgot to set the function pointer */ 211 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 212 "This operation isn't properly handled by that device"); 213 return (NULL); 214 } 215 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 216 "This handle hasn't been activated yet"); 217 return (NULL); 218 } 219 220 static HANDLE 221 pcap_getevent_not_initialized(pcap_t *pcap) 222 { 223 if (pcap->activated) { 224 /* A module probably forgot to set the function pointer */ 225 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 226 "This operation isn't properly handled by that device"); 227 return (INVALID_HANDLE_VALUE); 228 } 229 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 230 "This handle hasn't been activated yet"); 231 return (INVALID_HANDLE_VALUE); 232 } 233 234 static u_int 235 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue, int sync) 236 { 237 if (pcap->activated) { 238 /* A module probably forgot to set the function pointer */ 239 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 240 "This operation isn't properly handled by that device"); 241 return (0); 242 } 243 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 244 "This handle hasn't been activated yet"); 245 return (0); 246 } 247 248 static PAirpcapHandle 249 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap) 250 { 251 if (pcap->activated) { 252 /* A module probably forgot to set the function pointer */ 253 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 254 "This operation isn't properly handled by that device"); 255 return (NULL); 256 } 257 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf), 258 "This handle hasn't been activated yet"); 259 return (NULL); 260 } 261 #endif 262 263 /* 264 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 265 * a PCAP_ERROR value on an error. 266 */ 267 int 268 pcap_can_set_rfmon(pcap_t *p) 269 { 270 return (p->can_set_rfmon_op(p)); 271 } 272 273 /* 274 * For systems where rfmon mode is never supported. 275 */ 276 static int 277 pcap_cant_set_rfmon(pcap_t *p _U_) 278 { 279 return (0); 280 } 281 282 /* 283 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 284 * types; the return value is the number of supported time stamp types. 285 * The list should be freed by a call to pcap_free_tstamp_types() when 286 * you're done with it. 287 * 288 * A return value of 0 means "you don't get a choice of time stamp type", 289 * in which case *tstamp_typesp is set to null. 290 * 291 * PCAP_ERROR is returned on error. 292 */ 293 int 294 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 295 { 296 if (p->tstamp_type_count == 0) { 297 /* 298 * We don't support multiple time stamp types. 299 */ 300 *tstamp_typesp = NULL; 301 } else { 302 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp), 303 p->tstamp_type_count); 304 if (*tstamp_typesp == NULL) { 305 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 306 errno, "malloc"); 307 return (PCAP_ERROR); 308 } 309 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 310 sizeof(**tstamp_typesp) * p->tstamp_type_count); 311 } 312 return (p->tstamp_type_count); 313 } 314 315 /* 316 * In Windows, you might have a library built with one version of the 317 * C runtime library and an application built with another version of 318 * the C runtime library, which means that the library might use one 319 * version of malloc() and free() and the application might use another 320 * version of malloc() and free(). If so, that means something 321 * allocated by the library cannot be freed by the application, so we 322 * need to have a pcap_free_tstamp_types() routine to free up the list 323 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 324 * around free(). 325 */ 326 void 327 pcap_free_tstamp_types(int *tstamp_type_list) 328 { 329 free(tstamp_type_list); 330 } 331 332 /* 333 * Default one-shot callback; overridden for capture types where the 334 * packet data cannot be guaranteed to be available after the callback 335 * returns, so that a copy must be made. 336 */ 337 void 338 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 339 { 340 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 341 342 *sp->hdr = *h; 343 *sp->pkt = pkt; 344 } 345 346 const u_char * 347 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 348 { 349 struct oneshot_userdata s; 350 const u_char *pkt; 351 352 s.hdr = h; 353 s.pkt = &pkt; 354 s.pd = p; 355 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 356 return (0); 357 return (pkt); 358 } 359 360 int 361 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 362 const u_char **pkt_data) 363 { 364 struct oneshot_userdata s; 365 366 s.hdr = &p->pcap_header; 367 s.pkt = pkt_data; 368 s.pd = p; 369 370 /* Saves a pointer to the packet headers */ 371 *pkt_header= &p->pcap_header; 372 373 if (p->rfile != NULL) { 374 int status; 375 376 /* We are on an offline capture */ 377 status = pcap_offline_read(p, 1, p->oneshot_callback, 378 (u_char *)&s); 379 380 /* 381 * Return codes for pcap_offline_read() are: 382 * - 0: EOF 383 * - -1: error 384 * - >1: OK 385 * The first one ('0') conflicts with the return code of 386 * 0 from pcap_read() meaning "no packets arrived before 387 * the timeout expired", so we map it to -2 so you can 388 * distinguish between an EOF from a savefile and a 389 * "no packets arrived before the timeout expired, try 390 * again" from a live capture. 391 */ 392 if (status == 0) 393 return (-2); 394 else 395 return (status); 396 } 397 398 /* 399 * Return codes for pcap_read() are: 400 * - 0: timeout 401 * - -1: error 402 * - -2: loop was broken out of with pcap_breakloop() 403 * - >1: OK 404 * The first one ('0') conflicts with the return code of 0 from 405 * pcap_offline_read() meaning "end of file". 406 */ 407 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 408 } 409 410 /* 411 * Implementation of a pcap_if_list_t. 412 */ 413 struct pcap_if_list { 414 pcap_if_t *beginning; 415 }; 416 417 static struct capture_source_type { 418 int (*findalldevs_op)(pcap_if_list_t *, char *); 419 pcap_t *(*create_op)(const char *, char *, int *); 420 } capture_source_types[] = { 421 #ifdef HAVE_DAG_API 422 { dag_findalldevs, dag_create }, 423 #endif 424 #ifdef HAVE_SEPTEL_API 425 { septel_findalldevs, septel_create }, 426 #endif 427 #ifdef HAVE_SNF_API 428 { snf_findalldevs, snf_create }, 429 #endif 430 #ifdef HAVE_TC_API 431 { TcFindAllDevs, TcCreate }, 432 #endif 433 #ifdef PCAP_SUPPORT_BT 434 { bt_findalldevs, bt_create }, 435 #endif 436 #ifdef PCAP_SUPPORT_BT_MONITOR 437 { bt_monitor_findalldevs, bt_monitor_create }, 438 #endif 439 #ifdef PCAP_SUPPORT_USB 440 { usb_findalldevs, usb_create }, 441 #endif 442 #ifdef PCAP_SUPPORT_NETFILTER 443 { netfilter_findalldevs, netfilter_create }, 444 #endif 445 #ifdef PCAP_SUPPORT_NETMAP 446 { pcap_netmap_findalldevs, pcap_netmap_create }, 447 #endif 448 #ifdef PCAP_SUPPORT_DBUS 449 { dbus_findalldevs, dbus_create }, 450 #endif 451 #ifdef PCAP_SUPPORT_RDMASNIFF 452 { rdmasniff_findalldevs, rdmasniff_create }, 453 #endif 454 { NULL, NULL } 455 }; 456 457 /* 458 * Get a list of all capture sources that are up and that we can open. 459 * Returns -1 on error, 0 otherwise. 460 * The list, as returned through "alldevsp", may be null if no interfaces 461 * were up and could be opened. 462 */ 463 int 464 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 465 { 466 size_t i; 467 pcap_if_list_t devlist; 468 469 /* 470 * Find all the local network interfaces on which we 471 * can capture. 472 */ 473 devlist.beginning = NULL; 474 if (pcap_platform_finddevs(&devlist, errbuf) == -1) { 475 /* 476 * Failed - free all of the entries we were given 477 * before we failed. 478 */ 479 if (devlist.beginning != NULL) 480 pcap_freealldevs(devlist.beginning); 481 *alldevsp = NULL; 482 return (-1); 483 } 484 485 /* 486 * Ask each of the non-local-network-interface capture 487 * source types what interfaces they have. 488 */ 489 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 490 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) { 491 /* 492 * We had an error; free the list we've been 493 * constructing. 494 */ 495 if (devlist.beginning != NULL) 496 pcap_freealldevs(devlist.beginning); 497 *alldevsp = NULL; 498 return (-1); 499 } 500 } 501 502 /* 503 * Return the first entry of the list of all devices. 504 */ 505 *alldevsp = devlist.beginning; 506 return (0); 507 } 508 509 static struct sockaddr * 510 dup_sockaddr(struct sockaddr *sa, size_t sa_length) 511 { 512 struct sockaddr *newsa; 513 514 if ((newsa = malloc(sa_length)) == NULL) 515 return (NULL); 516 return (memcpy(newsa, sa, sa_length)); 517 } 518 519 /* 520 * Construct a "figure of merit" for an interface, for use when sorting 521 * the list of interfaces, in which interfaces that are up are superior 522 * to interfaces that aren't up, interfaces that are up and running are 523 * superior to interfaces that are up but not running, and non-loopback 524 * interfaces that are up and running are superior to loopback interfaces, 525 * and interfaces with the same flags have a figure of merit that's higher 526 * the lower the instance number. 527 * 528 * The goal is to try to put the interfaces most likely to be useful for 529 * capture at the beginning of the list. 530 * 531 * The figure of merit, which is lower the "better" the interface is, 532 * has the uppermost bit set if the interface isn't running, the bit 533 * below that set if the interface isn't up, the bit below that set 534 * if the interface is a loopback interface, and the interface index 535 * in the 29 bits below that. (Yes, we assume u_int is 32 bits.) 536 */ 537 static u_int 538 get_figure_of_merit(pcap_if_t *dev) 539 { 540 const char *cp; 541 u_int n; 542 543 if (strcmp(dev->name, "any") == 0) { 544 /* 545 * Give the "any" device an artificially high instance 546 * number, so it shows up after all other non-loopback 547 * interfaces. 548 */ 549 n = 0x1FFFFFFF; /* 29 all-1 bits */ 550 } else { 551 /* 552 * A number at the end of the device name string is 553 * assumed to be an instance number. Add 1 to the 554 * instance number, and use 0 for "no instance 555 * number", so we don't put "no instance number" 556 * devices and "instance 0" devices together. 557 */ 558 cp = dev->name + strlen(dev->name) - 1; 559 while (cp-1 >= dev->name && *(cp-1) >= '0' && *(cp-1) <= '9') 560 cp--; 561 if (*cp >= '0' && *cp <= '9') 562 n = atoi(cp) + 1; 563 else 564 n = 0; 565 } 566 if (!(dev->flags & PCAP_IF_RUNNING)) 567 n |= 0x80000000; 568 if (!(dev->flags & PCAP_IF_UP)) 569 n |= 0x40000000; 570 571 /* 572 * Give non-wireless interfaces that aren't disconnected a better 573 * figure of merit than interfaces that are disconnected, as 574 * "disconnected" should indicate that the interface isn't 575 * plugged into a network and thus won't give you any traffic. 576 * 577 * For wireless interfaces, it means "associated with a network", 578 * which we presume not to necessarily prevent capture, as you 579 * might run the adapter in some flavor of monitor mode. 580 */ 581 if (!(dev->flags & PCAP_IF_WIRELESS) && 582 (dev->flags & PCAP_IF_CONNECTION_STATUS) == PCAP_IF_CONNECTION_STATUS_DISCONNECTED) 583 n |= 0x20000000; 584 585 /* 586 * Sort loopback devices after non-loopback devices, *except* for 587 * disconnected devices. 588 */ 589 if (dev->flags & PCAP_IF_LOOPBACK) 590 n |= 0x10000000; 591 592 return (n); 593 } 594 595 #ifndef _WIN32 596 /* 597 * Try to get a description for a given device. 598 * Returns a mallocated description if it could and NULL if it couldn't. 599 * 600 * XXX - on FreeBSDs that support it, should it get the sysctl named 601 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description 602 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800" 603 * with my Cisco 350 card, so the name isn't entirely descriptive. The 604 * "dev.an.0.%pnpinfo" has a better description, although one might argue 605 * that the problem is really a driver bug - if it can find out that it's 606 * a Cisco 340 or 350, rather than an old Aironet card, it should use 607 * that in the description. 608 * 609 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD 610 * and OpenBSD let you get a description, but it's not generated by the OS, 611 * it's set with another ioctl that ifconfig supports; we use that to get 612 * a description in FreeBSD and OpenBSD, but if there is no such 613 * description available, it still might be nice to get some description 614 * string based on the device type or something such as that. 615 * 616 * In macOS, the System Configuration framework can apparently return 617 * names in 10.4 and later. 618 * 619 * It also appears that freedesktop.org's HAL offers an "info.product" 620 * string, but the HAL specification says it "should not be used in any 621 * UI" and "subsystem/capability specific properties" should be used 622 * instead and, in any case, I think HAL is being deprecated in 623 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear 624 * to have any obvious product information for devices, but maybe 625 * I haven't looked hard enough. 626 * 627 * Using the System Configuration framework, or HAL, or DeviceKit, or 628 * whatever, would require that libpcap applications be linked with 629 * the frameworks/libraries in question. That shouldn't be a problem 630 * for programs linking with the shared version of libpcap (unless 631 * you're running on AIX - which I think is the only UN*X that doesn't 632 * support linking a shared library with other libraries on which it 633 * depends, and having an executable linked only with the first shared 634 * library automatically pick up the other libraries when started - 635 * and using HAL or whatever). Programs linked with the static 636 * version of libpcap would have to use pcap-config with the --static 637 * flag in order to get the right linker flags in order to pick up 638 * the additional libraries/frameworks; those programs need that anyway 639 * for libpcap 1.1 and beyond on Linux, as, by default, it requires 640 * -lnl. 641 * 642 * Do any other UN*Xes, or desktop environments support getting a 643 * description? 644 */ 645 static char * 646 #ifdef SIOCGIFDESCR 647 get_if_description(const char *name) 648 { 649 char *description = NULL; 650 int s; 651 struct ifreq ifrdesc; 652 #ifndef IFDESCRSIZE 653 size_t descrlen = 64; 654 #else 655 size_t descrlen = IFDESCRSIZE; 656 #endif /* IFDESCRSIZE */ 657 658 /* 659 * Get the description for the interface. 660 */ 661 memset(&ifrdesc, 0, sizeof ifrdesc); 662 strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name); 663 s = socket(AF_INET, SOCK_DGRAM, 0); 664 if (s >= 0) { 665 #ifdef __FreeBSD__ 666 /* 667 * On FreeBSD, if the buffer isn't big enough for the 668 * description, the ioctl succeeds, but the description 669 * isn't copied, ifr_buffer.length is set to the description 670 * length, and ifr_buffer.buffer is set to NULL. 671 */ 672 for (;;) { 673 free(description); 674 if ((description = malloc(descrlen)) != NULL) { 675 ifrdesc.ifr_buffer.buffer = description; 676 ifrdesc.ifr_buffer.length = descrlen; 677 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) { 678 if (ifrdesc.ifr_buffer.buffer == 679 description) 680 break; 681 else 682 descrlen = ifrdesc.ifr_buffer.length; 683 } else { 684 /* 685 * Failed to get interface description. 686 */ 687 free(description); 688 description = NULL; 689 break; 690 } 691 } else 692 break; 693 } 694 #else /* __FreeBSD__ */ 695 /* 696 * The only other OS that currently supports 697 * SIOCGIFDESCR is OpenBSD, and it has no way 698 * to get the description length - it's clamped 699 * to a maximum of IFDESCRSIZE. 700 */ 701 if ((description = malloc(descrlen)) != NULL) { 702 ifrdesc.ifr_data = (caddr_t)description; 703 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) { 704 /* 705 * Failed to get interface description. 706 */ 707 free(description); 708 description = NULL; 709 } 710 } 711 #endif /* __FreeBSD__ */ 712 close(s); 713 if (description != NULL && strlen(description) == 0) { 714 /* 715 * Description is empty, so discard it. 716 */ 717 free(description); 718 description = NULL; 719 } 720 } 721 722 #ifdef __FreeBSD__ 723 /* 724 * For FreeBSD, if we didn't get a description, and this is 725 * a device with a name of the form usbusN, label it as a USB 726 * bus. 727 */ 728 if (description == NULL) { 729 if (strncmp(name, "usbus", 5) == 0) { 730 /* 731 * OK, it begins with "usbus". 732 */ 733 long busnum; 734 char *p; 735 736 errno = 0; 737 busnum = strtol(name + 5, &p, 10); 738 if (errno == 0 && p != name + 5 && *p == '\0' && 739 busnum >= 0 && busnum <= INT_MAX) { 740 /* 741 * OK, it's a valid number that's not 742 * bigger than INT_MAX. Construct 743 * a description from it. 744 */ 745 static const char descr_prefix[] = "USB bus number "; 746 size_t descr_size; 747 748 /* 749 * Allow enough room for a 32-bit bus number. 750 * sizeof (descr_prefix) includes the 751 * terminating NUL. 752 */ 753 descr_size = sizeof (descr_prefix) + 10; 754 description = malloc(descr_size); 755 if (description != NULL) { 756 pcap_snprintf(description, descr_size, 757 "%s%ld", descr_prefix, busnum); 758 } 759 } 760 } 761 } 762 #endif 763 return (description); 764 #else /* SIOCGIFDESCR */ 765 get_if_description(const char *name _U_) 766 { 767 return (NULL); 768 #endif /* SIOCGIFDESCR */ 769 } 770 771 /* 772 * Look for a given device in the specified list of devices. 773 * 774 * If we find it, return a pointer to its entry. 775 * 776 * If we don't find it, attempt to add an entry for it, with the specified 777 * IFF_ flags and description, and, if that succeeds, return a pointer to 778 * the new entry, otherwise return NULL and set errbuf to an error message. 779 */ 780 pcap_if_t * 781 find_or_add_if(pcap_if_list_t *devlistp, const char *name, 782 bpf_u_int32 if_flags, get_if_flags_func get_flags_func, char *errbuf) 783 { 784 bpf_u_int32 pcap_flags; 785 786 /* 787 * Convert IFF_ flags to pcap flags. 788 */ 789 pcap_flags = 0; 790 #ifdef IFF_LOOPBACK 791 if (if_flags & IFF_LOOPBACK) 792 pcap_flags |= PCAP_IF_LOOPBACK; 793 #else 794 /* 795 * We don't have IFF_LOOPBACK, so look at the device name to 796 * see if it looks like a loopback device. 797 */ 798 if (name[0] == 'l' && name[1] == 'o' && 799 (isdigit((unsigned char)(name[2])) || name[2] == '\0') 800 pcap_flags |= PCAP_IF_LOOPBACK; 801 #endif 802 #ifdef IFF_UP 803 if (if_flags & IFF_UP) 804 pcap_flags |= PCAP_IF_UP; 805 #endif 806 #ifdef IFF_RUNNING 807 if (if_flags & IFF_RUNNING) 808 pcap_flags |= PCAP_IF_RUNNING; 809 #endif 810 811 /* 812 * Attempt to find an entry for this device; if we don't find one, 813 * attempt to add one. 814 */ 815 return (find_or_add_dev(devlistp, name, pcap_flags, 816 get_flags_func, get_if_description(name), errbuf)); 817 } 818 819 /* 820 * Look for a given device in the specified list of devices. 821 * 822 * If we find it, then, if the specified address isn't null, add it to 823 * the list of addresses for the device and return 0. 824 * 825 * If we don't find it, attempt to add an entry for it, with the specified 826 * IFF_ flags and description, and, if that succeeds, add the specified 827 * address to its list of addresses if that address is non-null, and 828 * return 0, otherwise return -1 and set errbuf to an error message. 829 * 830 * (We can get called with a null address because we might get a list 831 * of interface name/address combinations from the underlying OS, with 832 * the address being absent in some cases, rather than a list of 833 * interfaces with each interface having a list of addresses, so this 834 * call may be the only call made to add to the list, and we want to 835 * add interfaces even if they have no addresses.) 836 */ 837 int 838 add_addr_to_if(pcap_if_list_t *devlistp, const char *name, 839 bpf_u_int32 if_flags, get_if_flags_func get_flags_func, 840 struct sockaddr *addr, size_t addr_size, 841 struct sockaddr *netmask, size_t netmask_size, 842 struct sockaddr *broadaddr, size_t broadaddr_size, 843 struct sockaddr *dstaddr, size_t dstaddr_size, 844 char *errbuf) 845 { 846 pcap_if_t *curdev; 847 848 /* 849 * Check whether the device exists and, if not, add it. 850 */ 851 curdev = find_or_add_if(devlistp, name, if_flags, get_flags_func, 852 errbuf); 853 if (curdev == NULL) { 854 /* 855 * Error - give up. 856 */ 857 return (-1); 858 } 859 860 if (addr == NULL) { 861 /* 862 * There's no address to add; this entry just meant 863 * "here's a new interface". 864 */ 865 return (0); 866 } 867 868 /* 869 * "curdev" is an entry for this interface, and we have an 870 * address for it; add an entry for that address to the 871 * interface's list of addresses. 872 */ 873 return (add_addr_to_dev(curdev, addr, addr_size, netmask, 874 netmask_size, broadaddr, broadaddr_size, dstaddr, 875 dstaddr_size, errbuf)); 876 } 877 #endif /* _WIN32 */ 878 879 /* 880 * Add an entry to the list of addresses for an interface. 881 * "curdev" is the entry for that interface. 882 */ 883 int 884 add_addr_to_dev(pcap_if_t *curdev, 885 struct sockaddr *addr, size_t addr_size, 886 struct sockaddr *netmask, size_t netmask_size, 887 struct sockaddr *broadaddr, size_t broadaddr_size, 888 struct sockaddr *dstaddr, size_t dstaddr_size, 889 char *errbuf) 890 { 891 pcap_addr_t *curaddr, *prevaddr, *nextaddr; 892 893 /* 894 * Allocate the new entry and fill it in. 895 */ 896 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t)); 897 if (curaddr == NULL) { 898 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 899 errno, "malloc"); 900 return (-1); 901 } 902 903 curaddr->next = NULL; 904 if (addr != NULL && addr_size != 0) { 905 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size); 906 if (curaddr->addr == NULL) { 907 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 908 errno, "malloc"); 909 free(curaddr); 910 return (-1); 911 } 912 } else 913 curaddr->addr = NULL; 914 915 if (netmask != NULL && netmask_size != 0) { 916 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size); 917 if (curaddr->netmask == NULL) { 918 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 919 errno, "malloc"); 920 if (curaddr->addr != NULL) 921 free(curaddr->addr); 922 free(curaddr); 923 return (-1); 924 } 925 } else 926 curaddr->netmask = NULL; 927 928 if (broadaddr != NULL && broadaddr_size != 0) { 929 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size); 930 if (curaddr->broadaddr == NULL) { 931 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 932 errno, "malloc"); 933 if (curaddr->netmask != NULL) 934 free(curaddr->netmask); 935 if (curaddr->addr != NULL) 936 free(curaddr->addr); 937 free(curaddr); 938 return (-1); 939 } 940 } else 941 curaddr->broadaddr = NULL; 942 943 if (dstaddr != NULL && dstaddr_size != 0) { 944 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size); 945 if (curaddr->dstaddr == NULL) { 946 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 947 errno, "malloc"); 948 if (curaddr->broadaddr != NULL) 949 free(curaddr->broadaddr); 950 if (curaddr->netmask != NULL) 951 free(curaddr->netmask); 952 if (curaddr->addr != NULL) 953 free(curaddr->addr); 954 free(curaddr); 955 return (-1); 956 } 957 } else 958 curaddr->dstaddr = NULL; 959 960 /* 961 * Find the end of the list of addresses. 962 */ 963 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) { 964 nextaddr = prevaddr->next; 965 if (nextaddr == NULL) { 966 /* 967 * This is the end of the list. 968 */ 969 break; 970 } 971 } 972 973 if (prevaddr == NULL) { 974 /* 975 * The list was empty; this is the first member. 976 */ 977 curdev->addresses = curaddr; 978 } else { 979 /* 980 * "prevaddr" is the last member of the list; append 981 * this member to it. 982 */ 983 prevaddr->next = curaddr; 984 } 985 986 return (0); 987 } 988 989 /* 990 * Look for a given device in the specified list of devices. 991 * 992 * If we find it, return 0 and set *curdev_ret to point to it. 993 * 994 * If we don't find it, attempt to add an entry for it, with the specified 995 * flags and description, and, if that succeeds, return 0, otherwise 996 * return -1 and set errbuf to an error message. 997 */ 998 pcap_if_t * 999 find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1000 get_if_flags_func get_flags_func, const char *description, char *errbuf) 1001 { 1002 pcap_if_t *curdev; 1003 1004 /* 1005 * Is there already an entry in the list for this device? 1006 */ 1007 curdev = find_dev(devlistp, name); 1008 if (curdev != NULL) { 1009 /* 1010 * Yes, return it. 1011 */ 1012 return (curdev); 1013 } 1014 1015 /* 1016 * No, we didn't find it. 1017 */ 1018 1019 /* 1020 * Try to get additional flags for the device. 1021 */ 1022 if ((*get_flags_func)(name, &flags, errbuf) == -1) { 1023 /* 1024 * Failed. 1025 */ 1026 return (NULL); 1027 } 1028 1029 /* 1030 * Now, try to add it to the list of devices. 1031 */ 1032 return (add_dev(devlistp, name, flags, description, errbuf)); 1033 } 1034 1035 /* 1036 * Look for a given device in the specified list of devices, and return 1037 * the entry for it if we find it or NULL if we don't. 1038 */ 1039 pcap_if_t * 1040 find_dev(pcap_if_list_t *devlistp, const char *name) 1041 { 1042 pcap_if_t *curdev; 1043 1044 /* 1045 * Is there an entry in the list for this device? 1046 */ 1047 for (curdev = devlistp->beginning; curdev != NULL; 1048 curdev = curdev->next) { 1049 if (strcmp(name, curdev->name) == 0) { 1050 /* 1051 * We found it, so, yes, there is. No need to 1052 * add it. Provide the entry we found to our 1053 * caller. 1054 */ 1055 return (curdev); 1056 } 1057 } 1058 1059 /* 1060 * No. 1061 */ 1062 return (NULL); 1063 } 1064 1065 /* 1066 * Attempt to add an entry for a device, with the specified flags 1067 * and description, and, if that succeeds, return 0 and return a pointer 1068 * to the new entry, otherwise return NULL and set errbuf to an error 1069 * message. 1070 * 1071 * If we weren't given a description, try to get one. 1072 */ 1073 pcap_if_t * 1074 add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1075 const char *description, char *errbuf) 1076 { 1077 pcap_if_t *curdev, *prevdev, *nextdev; 1078 u_int this_figure_of_merit, nextdev_figure_of_merit; 1079 1080 curdev = malloc(sizeof(pcap_if_t)); 1081 if (curdev == NULL) { 1082 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1083 errno, "malloc"); 1084 return (NULL); 1085 } 1086 1087 /* 1088 * Fill in the entry. 1089 */ 1090 curdev->next = NULL; 1091 curdev->name = strdup(name); 1092 if (curdev->name == NULL) { 1093 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1094 errno, "malloc"); 1095 free(curdev); 1096 return (NULL); 1097 } 1098 if (description == NULL) { 1099 /* 1100 * We weren't handed a description for the interface. 1101 */ 1102 curdev->description = NULL; 1103 } else { 1104 /* 1105 * We were handed a description; make a copy. 1106 */ 1107 curdev->description = strdup(description); 1108 if (curdev->description == NULL) { 1109 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1110 errno, "malloc"); 1111 free(curdev->name); 1112 free(curdev); 1113 return (NULL); 1114 } 1115 } 1116 curdev->addresses = NULL; /* list starts out as empty */ 1117 curdev->flags = flags; 1118 1119 /* 1120 * Add it to the list, in the appropriate location. 1121 * First, get the "figure of merit" for this interface. 1122 */ 1123 this_figure_of_merit = get_figure_of_merit(curdev); 1124 1125 /* 1126 * Now look for the last interface with an figure of merit 1127 * less than or equal to the new interface's figure of merit. 1128 * 1129 * We start with "prevdev" being NULL, meaning we're before 1130 * the first element in the list. 1131 */ 1132 prevdev = NULL; 1133 for (;;) { 1134 /* 1135 * Get the interface after this one. 1136 */ 1137 if (prevdev == NULL) { 1138 /* 1139 * The next element is the first element. 1140 */ 1141 nextdev = devlistp->beginning; 1142 } else 1143 nextdev = prevdev->next; 1144 1145 /* 1146 * Are we at the end of the list? 1147 */ 1148 if (nextdev == NULL) { 1149 /* 1150 * Yes - we have to put the new entry after "prevdev". 1151 */ 1152 break; 1153 } 1154 1155 /* 1156 * Is the new interface's figure of merit less 1157 * than the next interface's figure of merit, 1158 * meaning that the new interface is better 1159 * than the next interface? 1160 */ 1161 nextdev_figure_of_merit = get_figure_of_merit(nextdev); 1162 if (this_figure_of_merit < nextdev_figure_of_merit) { 1163 /* 1164 * Yes - we should put the new entry 1165 * before "nextdev", i.e. after "prevdev". 1166 */ 1167 break; 1168 } 1169 1170 prevdev = nextdev; 1171 } 1172 1173 /* 1174 * Insert before "nextdev". 1175 */ 1176 curdev->next = nextdev; 1177 1178 /* 1179 * Insert after "prevdev" - unless "prevdev" is null, 1180 * in which case this is the first interface. 1181 */ 1182 if (prevdev == NULL) { 1183 /* 1184 * This is the first interface. Make it 1185 * the first element in the list of devices. 1186 */ 1187 devlistp->beginning = curdev; 1188 } else 1189 prevdev->next = curdev; 1190 return (curdev); 1191 } 1192 1193 /* 1194 * Free a list of interfaces. 1195 */ 1196 void 1197 pcap_freealldevs(pcap_if_t *alldevs) 1198 { 1199 pcap_if_t *curdev, *nextdev; 1200 pcap_addr_t *curaddr, *nextaddr; 1201 1202 for (curdev = alldevs; curdev != NULL; curdev = nextdev) { 1203 nextdev = curdev->next; 1204 1205 /* 1206 * Free all addresses. 1207 */ 1208 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) { 1209 nextaddr = curaddr->next; 1210 if (curaddr->addr) 1211 free(curaddr->addr); 1212 if (curaddr->netmask) 1213 free(curaddr->netmask); 1214 if (curaddr->broadaddr) 1215 free(curaddr->broadaddr); 1216 if (curaddr->dstaddr) 1217 free(curaddr->dstaddr); 1218 free(curaddr); 1219 } 1220 1221 /* 1222 * Free the name string. 1223 */ 1224 free(curdev->name); 1225 1226 /* 1227 * Free the description string, if any. 1228 */ 1229 if (curdev->description != NULL) 1230 free(curdev->description); 1231 1232 /* 1233 * Free the interface. 1234 */ 1235 free(curdev); 1236 } 1237 } 1238 1239 /* 1240 * pcap-npf.c has its own pcap_lookupdev(), for compatibility reasons, as 1241 * it actually returns the names of all interfaces, with a NUL separator 1242 * between them; some callers may depend on that. 1243 * 1244 * MS-DOS has its own pcap_lookupdev(), but that might be useful only 1245 * as an optimization. 1246 * 1247 * In all other cases, we just use pcap_findalldevs() to get a list of 1248 * devices, and pick from that list. 1249 */ 1250 #if !defined(HAVE_PACKET32) && !defined(MSDOS) 1251 /* 1252 * Return the name of a network interface attached to the system, or NULL 1253 * if none can be found. The interface must be configured up; the 1254 * lowest unit number is preferred; loopback is ignored. 1255 */ 1256 char * 1257 pcap_lookupdev(char *errbuf) 1258 { 1259 pcap_if_t *alldevs; 1260 #ifdef _WIN32 1261 /* 1262 * Windows - use the same size as the old WinPcap 3.1 code. 1263 * XXX - this is probably bigger than it needs to be. 1264 */ 1265 #define IF_NAMESIZE 8192 1266 #else 1267 /* 1268 * UN*X - use the system's interface name size. 1269 * XXX - that might not be large enough for capture devices 1270 * that aren't regular network interfaces. 1271 */ 1272 /* for old BSD systems, including bsdi3 */ 1273 #ifndef IF_NAMESIZE 1274 #define IF_NAMESIZE IFNAMSIZ 1275 #endif 1276 #endif 1277 static char device[IF_NAMESIZE + 1]; 1278 char *ret; 1279 1280 if (pcap_findalldevs(&alldevs, errbuf) == -1) 1281 return (NULL); 1282 1283 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) { 1284 /* 1285 * There are no devices on the list, or the first device 1286 * on the list is a loopback device, which means there 1287 * are no non-loopback devices on the list. This means 1288 * we can't return any device. 1289 * 1290 * XXX - why not return a loopback device? If we can't 1291 * capture on it, it won't be on the list, and if it's 1292 * on the list, there aren't any non-loopback devices, 1293 * so why not just supply it as the default device? 1294 */ 1295 (void)strlcpy(errbuf, "no suitable device found", 1296 PCAP_ERRBUF_SIZE); 1297 ret = NULL; 1298 } else { 1299 /* 1300 * Return the name of the first device on the list. 1301 */ 1302 (void)strlcpy(device, alldevs->name, sizeof(device)); 1303 ret = device; 1304 } 1305 1306 pcap_freealldevs(alldevs); 1307 return (ret); 1308 } 1309 #endif /* !defined(HAVE_PACKET32) && !defined(MSDOS) */ 1310 1311 #if !defined(_WIN32) && !defined(MSDOS) 1312 /* 1313 * We don't just fetch the entire list of devices, search for the 1314 * particular device, and use its first IPv4 address, as that's too 1315 * much work to get just one device's netmask. 1316 * 1317 * If we had an API to get attributes for a given device, we could 1318 * use that. 1319 */ 1320 int 1321 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, 1322 char *errbuf) 1323 { 1324 register int fd; 1325 register struct sockaddr_in *sin4; 1326 struct ifreq ifr; 1327 1328 /* 1329 * The pseudo-device "any" listens on all interfaces and therefore 1330 * has the network address and -mask "0.0.0.0" therefore catching 1331 * all traffic. Using NULL for the interface is the same as "any". 1332 */ 1333 if (!device || strcmp(device, "any") == 0 1334 #ifdef HAVE_DAG_API 1335 || strstr(device, "dag") != NULL 1336 #endif 1337 #ifdef HAVE_SEPTEL_API 1338 || strstr(device, "septel") != NULL 1339 #endif 1340 #ifdef PCAP_SUPPORT_BT 1341 || strstr(device, "bluetooth") != NULL 1342 #endif 1343 #ifdef PCAP_SUPPORT_USB 1344 || strstr(device, "usbmon") != NULL 1345 #endif 1346 #ifdef HAVE_SNF_API 1347 || strstr(device, "snf") != NULL 1348 #endif 1349 #ifdef PCAP_SUPPORT_NETMAP 1350 || strncmp(device, "netmap:", 7) == 0 1351 || strncmp(device, "vale", 4) == 0 1352 #endif 1353 ) { 1354 *netp = *maskp = 0; 1355 return 0; 1356 } 1357 1358 fd = socket(AF_INET, SOCK_DGRAM, 0); 1359 if (fd < 0) { 1360 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1361 errno, "socket"); 1362 return (-1); 1363 } 1364 memset(&ifr, 0, sizeof(ifr)); 1365 #ifdef linux 1366 /* XXX Work around Linux kernel bug */ 1367 ifr.ifr_addr.sa_family = AF_INET; 1368 #endif 1369 (void)strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1370 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { 1371 if (errno == EADDRNOTAVAIL) { 1372 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1373 "%s: no IPv4 address assigned", device); 1374 } else { 1375 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1376 errno, "SIOCGIFADDR: %s", device); 1377 } 1378 (void)close(fd); 1379 return (-1); 1380 } 1381 sin4 = (struct sockaddr_in *)&ifr.ifr_addr; 1382 *netp = sin4->sin_addr.s_addr; 1383 memset(&ifr, 0, sizeof(ifr)); 1384 #ifdef linux 1385 /* XXX Work around Linux kernel bug */ 1386 ifr.ifr_addr.sa_family = AF_INET; 1387 #endif 1388 (void)strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1389 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { 1390 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1391 errno, "SIOCGIFNETMASK: %s", device); 1392 (void)close(fd); 1393 return (-1); 1394 } 1395 (void)close(fd); 1396 *maskp = sin4->sin_addr.s_addr; 1397 if (*maskp == 0) { 1398 if (IN_CLASSA(*netp)) 1399 *maskp = IN_CLASSA_NET; 1400 else if (IN_CLASSB(*netp)) 1401 *maskp = IN_CLASSB_NET; 1402 else if (IN_CLASSC(*netp)) 1403 *maskp = IN_CLASSC_NET; 1404 else { 1405 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1406 "inet class for 0x%x unknown", *netp); 1407 return (-1); 1408 } 1409 } 1410 *netp &= *maskp; 1411 return (0); 1412 } 1413 #endif /* !defined(_WIN32) && !defined(MSDOS) */ 1414 1415 #ifdef ENABLE_REMOTE 1416 #include "pcap-rpcap.h" 1417 1418 /* 1419 * Extract a substring from a string. 1420 */ 1421 static char * 1422 get_substring(const char *p, size_t len, char *ebuf) 1423 { 1424 char *token; 1425 1426 token = malloc(len + 1); 1427 if (token == NULL) { 1428 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1429 errno, "malloc"); 1430 return (NULL); 1431 } 1432 memcpy(token, p, len); 1433 token[len] = '\0'; 1434 return (token); 1435 } 1436 1437 /* 1438 * Parse a capture source that might be a URL. 1439 * 1440 * If the source is not a URL, *schemep, *userinfop, *hostp, and *portp 1441 * are set to NULL, *pathp is set to point to the source, and 0 is 1442 * returned. 1443 * 1444 * If source is a URL, and the URL refers to a local device (a special 1445 * case of rpcap:), *schemep, *userinfop, *hostp, and *portp are set 1446 * to NULL, *pathp is set to point to the device name, and 0 is returned. 1447 * 1448 * If source is a URL, and it's not a special case that refers to a local 1449 * device, and the parse succeeds: 1450 * 1451 * *schemep is set to point to an allocated string containing the scheme; 1452 * 1453 * if user information is present in the URL, *userinfop is set to point 1454 * to an allocated string containing the user information, otherwise 1455 * it's set to NULL; 1456 * 1457 * if host information is present in the URL, *hostp is set to point 1458 * to an allocated string containing the host information, otherwise 1459 * it's set to NULL; 1460 * 1461 * if a port number is present in the URL, *portp is set to point 1462 * to an allocated string containing the port number, otherwise 1463 * it's set to NULL; 1464 * 1465 * *pathp is set to point to an allocated string containing the 1466 * path; 1467 * 1468 * and 0 is returned. 1469 * 1470 * If the parse fails, ebuf is set to an error string, and -1 is returned. 1471 */ 1472 static int 1473 pcap_parse_source(const char *source, char **schemep, char **userinfop, 1474 char **hostp, char **portp, char **pathp, char *ebuf) 1475 { 1476 char *colonp; 1477 size_t scheme_len; 1478 char *scheme; 1479 const char *endp; 1480 size_t authority_len; 1481 char *authority; 1482 char *parsep, *atsignp, *bracketp; 1483 char *userinfo, *host, *port, *path; 1484 1485 /* 1486 * Start out returning nothing. 1487 */ 1488 *schemep = NULL; 1489 *userinfop = NULL; 1490 *hostp = NULL; 1491 *portp = NULL; 1492 *pathp = NULL; 1493 1494 /* 1495 * RFC 3986 says: 1496 * 1497 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] 1498 * 1499 * hier-part = "//" authority path-abempty 1500 * / path-absolute 1501 * / path-rootless 1502 * / path-empty 1503 * 1504 * authority = [ userinfo "@" ] host [ ":" port ] 1505 * 1506 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) 1507 * 1508 * Step 1: look for the ":" at the end of the scheme. 1509 * A colon in the source is *NOT* sufficient to indicate that 1510 * this is a URL, as interface names on some platforms might 1511 * include colons (e.g., I think some Solaris interfaces 1512 * might). 1513 */ 1514 colonp = strchr(source, ':'); 1515 if (colonp == NULL) { 1516 /* 1517 * The source is the device to open. 1518 * Return a NULL pointer for the scheme, user information, 1519 * host, and port, and return the device as the path. 1520 */ 1521 *pathp = strdup(source); 1522 if (*pathp == NULL) { 1523 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1524 errno, "malloc"); 1525 return (-1); 1526 } 1527 return (0); 1528 } 1529 1530 /* 1531 * All schemes must have "//" after them, i.e. we only support 1532 * hier-part = "//" authority path-abempty, not 1533 * hier-part = path-absolute 1534 * hier-part = path-rootless 1535 * hier-part = path-empty 1536 * 1537 * We need that in order to distinguish between a local device 1538 * name that happens to contain a colon and a URI. 1539 */ 1540 if (strncmp(colonp + 1, "//", 2) != 0) { 1541 /* 1542 * The source is the device to open. 1543 * Return a NULL pointer for the scheme, user information, 1544 * host, and port, and return the device as the path. 1545 */ 1546 *pathp = strdup(source); 1547 if (*pathp == NULL) { 1548 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1549 errno, "malloc"); 1550 return (-1); 1551 } 1552 return (0); 1553 } 1554 1555 /* 1556 * XXX - check whether the purported scheme could be a scheme? 1557 */ 1558 1559 /* 1560 * OK, this looks like a URL. 1561 * Get the scheme. 1562 */ 1563 scheme_len = colonp - source; 1564 scheme = malloc(scheme_len + 1); 1565 if (scheme == NULL) { 1566 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1567 errno, "malloc"); 1568 return (-1); 1569 } 1570 memcpy(scheme, source, scheme_len); 1571 scheme[scheme_len] = '\0'; 1572 1573 /* 1574 * Treat file: specially - take everything after file:// as 1575 * the pathname. 1576 */ 1577 if (pcap_strcasecmp(scheme, "file") == 0) { 1578 *schemep = scheme; 1579 *pathp = strdup(colonp + 3); 1580 if (*pathp == NULL) { 1581 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1582 errno, "malloc"); 1583 return (-1); 1584 } 1585 return (0); 1586 } 1587 1588 /* 1589 * The WinPcap documentation says you can specify a local 1590 * interface with "rpcap://{device}"; we special-case 1591 * that here. If the scheme is "rpcap", and there are 1592 * no slashes past the "//", we just return the device. 1593 * 1594 * XXX - %-escaping? 1595 */ 1596 if (pcap_strcasecmp(scheme, "rpcap") == 0 && 1597 strchr(colonp + 3, '/') == NULL) { 1598 /* 1599 * Local device. 1600 * 1601 * Return a NULL pointer for the scheme, user information, 1602 * host, and port, and return the device as the path. 1603 */ 1604 free(scheme); 1605 *pathp = strdup(colonp + 3); 1606 if (*pathp == NULL) { 1607 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1608 errno, "malloc"); 1609 return (-1); 1610 } 1611 return (0); 1612 } 1613 1614 /* 1615 * OK, now start parsing the authority. 1616 * Get token, terminated with / or terminated at the end of 1617 * the string. 1618 */ 1619 authority_len = strcspn(colonp + 3, "/"); 1620 authority = get_substring(colonp + 3, authority_len, ebuf); 1621 if (authority == NULL) { 1622 /* 1623 * Error. 1624 */ 1625 free(scheme); 1626 return (-1); 1627 } 1628 endp = colonp + 3 + authority_len; 1629 1630 /* 1631 * Now carve the authority field into its components. 1632 */ 1633 parsep = authority; 1634 1635 /* 1636 * Is there a userinfo field? 1637 */ 1638 atsignp = strchr(parsep, '@'); 1639 if (atsignp != NULL) { 1640 /* 1641 * Yes. 1642 */ 1643 size_t userinfo_len; 1644 1645 userinfo_len = atsignp - parsep; 1646 userinfo = get_substring(parsep, userinfo_len, ebuf); 1647 if (userinfo == NULL) { 1648 /* 1649 * Error. 1650 */ 1651 free(authority); 1652 free(scheme); 1653 return (-1); 1654 } 1655 parsep = atsignp + 1; 1656 } else { 1657 /* 1658 * No. 1659 */ 1660 userinfo = NULL; 1661 } 1662 1663 /* 1664 * Is there a host field? 1665 */ 1666 if (*parsep == '\0') { 1667 /* 1668 * No; there's no host field or port field. 1669 */ 1670 host = NULL; 1671 port = NULL; 1672 } else { 1673 /* 1674 * Yes. 1675 */ 1676 size_t host_len; 1677 1678 /* 1679 * Is it an IP-literal? 1680 */ 1681 if (*parsep == '[') { 1682 /* 1683 * Yes. 1684 * Treat verything up to the closing square 1685 * bracket as the IP-Literal; we don't worry 1686 * about whether it's a valid IPv6address or 1687 * IPvFuture. 1688 */ 1689 bracketp = strchr(parsep, ']'); 1690 if (bracketp == NULL) { 1691 /* 1692 * There's no closing square bracket. 1693 */ 1694 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, 1695 "IP-literal in URL doesn't end with ]"); 1696 free(userinfo); 1697 free(authority); 1698 free(scheme); 1699 return (-1); 1700 } 1701 if (*(bracketp + 1) != '\0' && 1702 *(bracketp + 1) != ':') { 1703 /* 1704 * There's extra crud after the 1705 * closing square bracketn. 1706 */ 1707 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, 1708 "Extra text after IP-literal in URL"); 1709 free(userinfo); 1710 free(authority); 1711 free(scheme); 1712 return (-1); 1713 } 1714 host_len = (bracketp - 1) - parsep; 1715 host = get_substring(parsep + 1, host_len, ebuf); 1716 if (host == NULL) { 1717 /* 1718 * Error. 1719 */ 1720 free(userinfo); 1721 free(authority); 1722 free(scheme); 1723 return (-1); 1724 } 1725 parsep = bracketp + 1; 1726 } else { 1727 /* 1728 * No. 1729 * Treat everything up to a : or the end of 1730 * the string as the host. 1731 */ 1732 host_len = strcspn(parsep, ":"); 1733 host = get_substring(parsep, host_len, ebuf); 1734 if (host == NULL) { 1735 /* 1736 * Error. 1737 */ 1738 free(userinfo); 1739 free(authority); 1740 free(scheme); 1741 return (-1); 1742 } 1743 parsep = parsep + host_len; 1744 } 1745 1746 /* 1747 * Is there a port field? 1748 */ 1749 if (*parsep == ':') { 1750 /* 1751 * Yes. It's the rest of the authority field. 1752 */ 1753 size_t port_len; 1754 1755 parsep++; 1756 port_len = strlen(parsep); 1757 port = get_substring(parsep, port_len, ebuf); 1758 if (port == NULL) { 1759 /* 1760 * Error. 1761 */ 1762 free(host); 1763 free(userinfo); 1764 free(authority); 1765 free(scheme); 1766 return (-1); 1767 } 1768 } else { 1769 /* 1770 * No. 1771 */ 1772 port = NULL; 1773 } 1774 } 1775 free(authority); 1776 1777 /* 1778 * Everything else is the path. Strip off the leading /. 1779 */ 1780 if (*endp == '\0') 1781 path = strdup(""); 1782 else 1783 path = strdup(endp + 1); 1784 if (path == NULL) { 1785 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1786 errno, "malloc"); 1787 free(port); 1788 free(host); 1789 free(userinfo); 1790 free(scheme); 1791 return (-1); 1792 } 1793 *schemep = scheme; 1794 *userinfop = userinfo; 1795 *hostp = host; 1796 *portp = port; 1797 *pathp = path; 1798 return (0); 1799 } 1800 1801 int 1802 pcap_createsrcstr(char *source, int type, const char *host, const char *port, 1803 const char *name, char *errbuf) 1804 { 1805 switch (type) { 1806 1807 case PCAP_SRC_FILE: 1808 strlcpy(source, PCAP_SRC_FILE_STRING, PCAP_BUF_SIZE); 1809 if (name != NULL && *name != '\0') { 1810 strlcat(source, name, PCAP_BUF_SIZE); 1811 return (0); 1812 } else { 1813 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1814 "The file name cannot be NULL."); 1815 return (-1); 1816 } 1817 1818 case PCAP_SRC_IFREMOTE: 1819 strlcpy(source, PCAP_SRC_IF_STRING, PCAP_BUF_SIZE); 1820 if (host != NULL && *host != '\0') { 1821 if (strchr(host, ':') != NULL) { 1822 /* 1823 * The host name contains a colon, so it's 1824 * probably an IPv6 address, and needs to 1825 * be included in square brackets. 1826 */ 1827 strlcat(source, "[", PCAP_BUF_SIZE); 1828 strlcat(source, host, PCAP_BUF_SIZE); 1829 strlcat(source, "]", PCAP_BUF_SIZE); 1830 } else 1831 strlcat(source, host, PCAP_BUF_SIZE); 1832 1833 if (port != NULL && *port != '\0') { 1834 strlcat(source, ":", PCAP_BUF_SIZE); 1835 strlcat(source, port, PCAP_BUF_SIZE); 1836 } 1837 1838 strlcat(source, "/", PCAP_BUF_SIZE); 1839 } else { 1840 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1841 "The host name cannot be NULL."); 1842 return (-1); 1843 } 1844 1845 if (name != NULL && *name != '\0') 1846 strlcat(source, name, PCAP_BUF_SIZE); 1847 1848 return (0); 1849 1850 case PCAP_SRC_IFLOCAL: 1851 strlcpy(source, PCAP_SRC_IF_STRING, PCAP_BUF_SIZE); 1852 1853 if (name != NULL && *name != '\0') 1854 strlcat(source, name, PCAP_BUF_SIZE); 1855 1856 return (0); 1857 1858 default: 1859 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1860 "The interface type is not valid."); 1861 return (-1); 1862 } 1863 } 1864 1865 int 1866 pcap_parsesrcstr(const char *source, int *type, char *host, char *port, 1867 char *name, char *errbuf) 1868 { 1869 char *scheme, *tmpuserinfo, *tmphost, *tmpport, *tmppath; 1870 1871 /* Initialization stuff */ 1872 if (host) 1873 *host = '\0'; 1874 if (port) 1875 *port = '\0'; 1876 if (name) 1877 *name = '\0'; 1878 1879 /* Parse the source string */ 1880 if (pcap_parse_source(source, &scheme, &tmpuserinfo, &tmphost, 1881 &tmpport, &tmppath, errbuf) == -1) { 1882 /* 1883 * Fail. 1884 */ 1885 return (-1); 1886 } 1887 1888 if (scheme == NULL) { 1889 /* 1890 * Local device. 1891 */ 1892 if (name && tmppath) 1893 strlcpy(name, tmppath, PCAP_BUF_SIZE); 1894 if (type) 1895 *type = PCAP_SRC_IFLOCAL; 1896 free(tmppath); 1897 free(tmpport); 1898 free(tmphost); 1899 free(tmpuserinfo); 1900 return (0); 1901 } 1902 1903 if (strcmp(scheme, "rpcap") == 0) { 1904 /* 1905 * rpcap:// 1906 * 1907 * pcap_parse_source() has already handled the case of 1908 * rpcap://device 1909 */ 1910 if (host && tmphost) { 1911 if (tmpuserinfo) 1912 pcap_snprintf(host, PCAP_BUF_SIZE, "%s@%s", 1913 tmpuserinfo, tmphost); 1914 else 1915 strlcpy(host, tmphost, PCAP_BUF_SIZE); 1916 } 1917 if (port && tmpport) 1918 strlcpy(port, tmpport, PCAP_BUF_SIZE); 1919 if (name && tmppath) 1920 strlcpy(name, tmppath, PCAP_BUF_SIZE); 1921 if (type) 1922 *type = PCAP_SRC_IFREMOTE; 1923 free(tmppath); 1924 free(tmpport); 1925 free(tmphost); 1926 free(tmpuserinfo); 1927 free(scheme); 1928 return (0); 1929 } 1930 1931 if (strcmp(scheme, "file") == 0) { 1932 /* 1933 * file:// 1934 */ 1935 if (name && tmppath) 1936 strlcpy(name, tmppath, PCAP_BUF_SIZE); 1937 if (type) 1938 *type = PCAP_SRC_FILE; 1939 free(tmppath); 1940 free(tmpport); 1941 free(tmphost); 1942 free(tmpuserinfo); 1943 free(scheme); 1944 return (0); 1945 } 1946 1947 /* 1948 * Neither rpcap: nor file:; just treat the entire string 1949 * as a local device. 1950 */ 1951 if (name) 1952 strlcpy(name, source, PCAP_BUF_SIZE); 1953 if (type) 1954 *type = PCAP_SRC_IFLOCAL; 1955 free(tmppath); 1956 free(tmpport); 1957 free(tmphost); 1958 free(tmpuserinfo); 1959 free(scheme); 1960 return (0); 1961 } 1962 #endif 1963 1964 pcap_t * 1965 pcap_create(const char *device, char *errbuf) 1966 { 1967 size_t i; 1968 int is_theirs; 1969 pcap_t *p; 1970 char *device_str; 1971 1972 /* 1973 * A null device name is equivalent to the "any" device - 1974 * which might not be supported on this platform, but 1975 * this means that you'll get a "not supported" error 1976 * rather than, say, a crash when we try to dereference 1977 * the null pointer. 1978 */ 1979 if (device == NULL) 1980 device_str = strdup("any"); 1981 else { 1982 #ifdef _WIN32 1983 /* 1984 * If the string appears to be little-endian UCS-2/UTF-16, 1985 * convert it to ASCII. 1986 * 1987 * XXX - to UTF-8 instead? Or report an error if any 1988 * character isn't ASCII? 1989 */ 1990 if (device[0] != '\0' && device[1] == '\0') { 1991 size_t length; 1992 1993 length = wcslen((wchar_t *)device); 1994 device_str = (char *)malloc(length + 1); 1995 if (device_str == NULL) { 1996 pcap_fmt_errmsg_for_errno(errbuf, 1997 PCAP_ERRBUF_SIZE, errno, 1998 "malloc"); 1999 return (NULL); 2000 } 2001 2002 pcap_snprintf(device_str, length + 1, "%ws", 2003 (const wchar_t *)device); 2004 } else 2005 #endif 2006 device_str = strdup(device); 2007 } 2008 if (device_str == NULL) { 2009 pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 2010 errno, "malloc"); 2011 return (NULL); 2012 } 2013 2014 /* 2015 * Try each of the non-local-network-interface capture 2016 * source types until we find one that works for this 2017 * device or run out of types. 2018 */ 2019 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 2020 is_theirs = 0; 2021 p = capture_source_types[i].create_op(device_str, errbuf, 2022 &is_theirs); 2023 if (is_theirs) { 2024 /* 2025 * The device name refers to a device of the 2026 * type in question; either it succeeded, 2027 * in which case p refers to a pcap_t to 2028 * later activate for the device, or it 2029 * failed, in which case p is null and we 2030 * should return that to report the failure 2031 * to create. 2032 */ 2033 if (p == NULL) { 2034 /* 2035 * We assume the caller filled in errbuf. 2036 */ 2037 free(device_str); 2038 return (NULL); 2039 } 2040 p->opt.device = device_str; 2041 return (p); 2042 } 2043 } 2044 2045 /* 2046 * OK, try it as a regular network interface. 2047 */ 2048 p = pcap_create_interface(device_str, errbuf); 2049 if (p == NULL) { 2050 /* 2051 * We assume the caller filled in errbuf. 2052 */ 2053 free(device_str); 2054 return (NULL); 2055 } 2056 p->opt.device = device_str; 2057 return (p); 2058 } 2059 2060 /* 2061 * Set nonblocking mode on an unactivated pcap_t; this sets a flag 2062 * checked by pcap_activate(), which sets the mode after calling 2063 * the activate routine. 2064 */ 2065 static int 2066 pcap_setnonblock_unactivated(pcap_t *p, int nonblock) 2067 { 2068 p->opt.nonblock = nonblock; 2069 return (0); 2070 } 2071 2072 static void 2073 initialize_ops(pcap_t *p) 2074 { 2075 /* 2076 * Set operation pointers for operations that only work on 2077 * an activated pcap_t to point to a routine that returns 2078 * a "this isn't activated" error. 2079 */ 2080 p->read_op = (read_op_t)pcap_not_initialized; 2081 p->inject_op = (inject_op_t)pcap_not_initialized; 2082 p->setfilter_op = (setfilter_op_t)pcap_not_initialized; 2083 p->setdirection_op = (setdirection_op_t)pcap_not_initialized; 2084 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized; 2085 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized; 2086 p->stats_op = (stats_op_t)pcap_not_initialized; 2087 #ifdef _WIN32 2088 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr; 2089 p->setbuff_op = (setbuff_op_t)pcap_not_initialized; 2090 p->setmode_op = (setmode_op_t)pcap_not_initialized; 2091 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized; 2092 p->getevent_op = pcap_getevent_not_initialized; 2093 p->oid_get_request_op = (oid_get_request_op_t)pcap_not_initialized; 2094 p->oid_set_request_op = (oid_set_request_op_t)pcap_not_initialized; 2095 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized; 2096 p->setuserbuffer_op = (setuserbuffer_op_t)pcap_not_initialized; 2097 p->live_dump_op = (live_dump_op_t)pcap_not_initialized; 2098 p->live_dump_ended_op = (live_dump_ended_op_t)pcap_not_initialized; 2099 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized; 2100 #endif 2101 2102 /* 2103 * Default cleanup operation - implementations can override 2104 * this, but should call pcap_cleanup_live_common() after 2105 * doing their own additional cleanup. 2106 */ 2107 p->cleanup_op = pcap_cleanup_live_common; 2108 2109 /* 2110 * In most cases, the standard one-shot callback can 2111 * be used for pcap_next()/pcap_next_ex(). 2112 */ 2113 p->oneshot_callback = pcap_oneshot; 2114 } 2115 2116 static pcap_t * 2117 pcap_alloc_pcap_t(char *ebuf, size_t size) 2118 { 2119 char *chunk; 2120 pcap_t *p; 2121 2122 /* 2123 * Allocate a chunk of memory big enough for a pcap_t 2124 * plus a structure following it of size "size". The 2125 * structure following it is a private data structure 2126 * for the routines that handle this pcap_t. 2127 */ 2128 chunk = malloc(sizeof (pcap_t) + size); 2129 if (chunk == NULL) { 2130 pcap_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2131 errno, "malloc"); 2132 return (NULL); 2133 } 2134 memset(chunk, 0, sizeof (pcap_t) + size); 2135 2136 /* 2137 * Get a pointer to the pcap_t at the beginning. 2138 */ 2139 p = (pcap_t *)chunk; 2140 2141 #ifdef _WIN32 2142 p->handle = INVALID_HANDLE_VALUE; /* not opened yet */ 2143 #else /* _WIN32 */ 2144 p->fd = -1; /* not opened yet */ 2145 #ifndef MSDOS 2146 p->selectable_fd = -1; 2147 p->required_select_timeout = NULL; 2148 #endif /* MSDOS */ 2149 #endif /* _WIN32 */ 2150 2151 if (size == 0) { 2152 /* No private data was requested. */ 2153 p->priv = NULL; 2154 } else { 2155 /* 2156 * Set the pointer to the private data; that's the structure 2157 * of size "size" following the pcap_t. 2158 */ 2159 p->priv = (void *)(chunk + sizeof (pcap_t)); 2160 } 2161 2162 return (p); 2163 } 2164 2165 pcap_t * 2166 pcap_create_common(char *ebuf, size_t size) 2167 { 2168 pcap_t *p; 2169 2170 p = pcap_alloc_pcap_t(ebuf, size); 2171 if (p == NULL) 2172 return (NULL); 2173 2174 /* 2175 * Default to "can't set rfmon mode"; if it's supported by 2176 * a platform, the create routine that called us can set 2177 * the op to its routine to check whether a particular 2178 * device supports it. 2179 */ 2180 p->can_set_rfmon_op = pcap_cant_set_rfmon; 2181 2182 /* 2183 * If pcap_setnonblock() is called on a not-yet-activated 2184 * pcap_t, default to setting a flag and turning 2185 * on non-blocking mode when activated. 2186 */ 2187 p->setnonblock_op = pcap_setnonblock_unactivated; 2188 2189 initialize_ops(p); 2190 2191 /* put in some defaults*/ 2192 p->snapshot = 0; /* max packet size unspecified */ 2193 p->opt.timeout = 0; /* no timeout specified */ 2194 p->opt.buffer_size = 0; /* use the platform's default */ 2195 p->opt.promisc = 0; 2196 p->opt.rfmon = 0; 2197 p->opt.immediate = 0; 2198 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 2199 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2200 /* 2201 * Platform-dependent options. 2202 */ 2203 #ifdef __linux__ 2204 p->opt.protocol = 0; 2205 #endif 2206 #ifdef _WIN32 2207 p->opt.nocapture_local = 0; 2208 #endif 2209 2210 /* 2211 * Start out with no BPF code generation flags set. 2212 */ 2213 p->bpf_codegen_flags = 0; 2214 2215 return (p); 2216 } 2217 2218 int 2219 pcap_check_activated(pcap_t *p) 2220 { 2221 if (p->activated) { 2222 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 2223 " operation on activated capture"); 2224 return (-1); 2225 } 2226 return (0); 2227 } 2228 2229 int 2230 pcap_set_snaplen(pcap_t *p, int snaplen) 2231 { 2232 if (pcap_check_activated(p)) 2233 return (PCAP_ERROR_ACTIVATED); 2234 p->snapshot = snaplen; 2235 return (0); 2236 } 2237 2238 int 2239 pcap_set_promisc(pcap_t *p, int promisc) 2240 { 2241 if (pcap_check_activated(p)) 2242 return (PCAP_ERROR_ACTIVATED); 2243 p->opt.promisc = promisc; 2244 return (0); 2245 } 2246 2247 int 2248 pcap_set_rfmon(pcap_t *p, int rfmon) 2249 { 2250 if (pcap_check_activated(p)) 2251 return (PCAP_ERROR_ACTIVATED); 2252 p->opt.rfmon = rfmon; 2253 return (0); 2254 } 2255 2256 int 2257 pcap_set_timeout(pcap_t *p, int timeout_ms) 2258 { 2259 if (pcap_check_activated(p)) 2260 return (PCAP_ERROR_ACTIVATED); 2261 p->opt.timeout = timeout_ms; 2262 return (0); 2263 } 2264 2265 int 2266 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 2267 { 2268 int i; 2269 2270 if (pcap_check_activated(p)) 2271 return (PCAP_ERROR_ACTIVATED); 2272 2273 /* 2274 * The argument should have been u_int, but that's too late 2275 * to change now - it's an API. 2276 */ 2277 if (tstamp_type < 0) 2278 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2279 2280 /* 2281 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; 2282 * the default time stamp type is PCAP_TSTAMP_HOST. 2283 */ 2284 if (p->tstamp_type_count == 0) { 2285 if (tstamp_type == PCAP_TSTAMP_HOST) { 2286 p->opt.tstamp_type = tstamp_type; 2287 return (0); 2288 } 2289 } else { 2290 /* 2291 * Check whether we claim to support this type of time stamp. 2292 */ 2293 for (i = 0; i < p->tstamp_type_count; i++) { 2294 if (p->tstamp_type_list[i] == (u_int)tstamp_type) { 2295 /* 2296 * Yes. 2297 */ 2298 p->opt.tstamp_type = tstamp_type; 2299 return (0); 2300 } 2301 } 2302 } 2303 2304 /* 2305 * We don't support this type of time stamp. 2306 */ 2307 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2308 } 2309 2310 int 2311 pcap_set_immediate_mode(pcap_t *p, int immediate) 2312 { 2313 if (pcap_check_activated(p)) 2314 return (PCAP_ERROR_ACTIVATED); 2315 p->opt.immediate = immediate; 2316 return (0); 2317 } 2318 2319 int 2320 pcap_set_buffer_size(pcap_t *p, int buffer_size) 2321 { 2322 if (pcap_check_activated(p)) 2323 return (PCAP_ERROR_ACTIVATED); 2324 if (buffer_size <= 0) { 2325 /* 2326 * Silently ignore invalid values. 2327 */ 2328 return (0); 2329 } 2330 p->opt.buffer_size = buffer_size; 2331 return (0); 2332 } 2333 2334 int 2335 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) 2336 { 2337 int i; 2338 2339 if (pcap_check_activated(p)) 2340 return (PCAP_ERROR_ACTIVATED); 2341 2342 /* 2343 * The argument should have been u_int, but that's too late 2344 * to change now - it's an API. 2345 */ 2346 if (tstamp_precision < 0) 2347 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2348 2349 /* 2350 * If p->tstamp_precision_count is 0, we only support setting 2351 * the time stamp precision to microsecond precision; every 2352 * pcap module *MUST* support microsecond precision, even if 2353 * it does so by converting the native precision to 2354 * microseconds. 2355 */ 2356 if (p->tstamp_precision_count == 0) { 2357 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) { 2358 p->opt.tstamp_precision = tstamp_precision; 2359 return (0); 2360 } 2361 } else { 2362 /* 2363 * Check whether we claim to support this precision of 2364 * time stamp. 2365 */ 2366 for (i = 0; i < p->tstamp_precision_count; i++) { 2367 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { 2368 /* 2369 * Yes. 2370 */ 2371 p->opt.tstamp_precision = tstamp_precision; 2372 return (0); 2373 } 2374 } 2375 } 2376 2377 /* 2378 * We don't support this time stamp precision. 2379 */ 2380 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2381 } 2382 2383 int 2384 pcap_get_tstamp_precision(pcap_t *p) 2385 { 2386 return (p->opt.tstamp_precision); 2387 } 2388 2389 int 2390 pcap_activate(pcap_t *p) 2391 { 2392 int status; 2393 2394 /* 2395 * Catch attempts to re-activate an already-activated 2396 * pcap_t; this should, for example, catch code that 2397 * calls pcap_open_live() followed by pcap_activate(), 2398 * as some code that showed up in a Stack Exchange 2399 * question did. 2400 */ 2401 if (pcap_check_activated(p)) 2402 return (PCAP_ERROR_ACTIVATED); 2403 status = p->activate_op(p); 2404 if (status >= 0) { 2405 /* 2406 * If somebody requested non-blocking mode before 2407 * calling pcap_activate(), turn it on now. 2408 */ 2409 if (p->opt.nonblock) { 2410 status = p->setnonblock_op(p, 1); 2411 if (status < 0) { 2412 /* 2413 * Failed. Undo everything done by 2414 * the activate operation. 2415 */ 2416 p->cleanup_op(p); 2417 initialize_ops(p); 2418 return (status); 2419 } 2420 } 2421 p->activated = 1; 2422 } else { 2423 if (p->errbuf[0] == '\0') { 2424 /* 2425 * No error message supplied by the activate routine; 2426 * for the benefit of programs that don't specially 2427 * handle errors other than PCAP_ERROR, return the 2428 * error message corresponding to the status. 2429 */ 2430 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 2431 pcap_statustostr(status)); 2432 } 2433 2434 /* 2435 * Undo any operation pointer setting, etc. done by 2436 * the activate operation. 2437 */ 2438 initialize_ops(p); 2439 } 2440 return (status); 2441 } 2442 2443 pcap_t * 2444 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf) 2445 { 2446 pcap_t *p; 2447 int status; 2448 #ifdef ENABLE_REMOTE 2449 char host[PCAP_BUF_SIZE + 1]; 2450 char port[PCAP_BUF_SIZE + 1]; 2451 char name[PCAP_BUF_SIZE + 1]; 2452 int srctype; 2453 2454 /* 2455 * Retrofit - we have to make older applications compatible with 2456 * remote capture. 2457 * So we're calling pcap_open_remote() from here; this is a very 2458 * dirty hack. 2459 * Obviously, we cannot exploit all the new features; for instance, 2460 * we cannot send authentication, we cannot use a UDP data connection, 2461 * and so on. 2462 */ 2463 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf)) 2464 return (NULL); 2465 2466 if (srctype == PCAP_SRC_IFREMOTE) { 2467 /* 2468 * Although we already have host, port and iface, we prefer 2469 * to pass only 'device' to pcap_open_rpcap(), so that it has 2470 * to call pcap_parsesrcstr() again. 2471 * This is less optimized, but much clearer. 2472 */ 2473 return (pcap_open_rpcap(device, snaplen, 2474 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms, 2475 NULL, errbuf)); 2476 } 2477 if (srctype == PCAP_SRC_FILE) { 2478 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\""); 2479 return (NULL); 2480 } 2481 if (srctype == PCAP_SRC_IFLOCAL) { 2482 /* 2483 * If it starts with rpcap://, that refers to a local device 2484 * (no host part in the URL). Remove the rpcap://, and 2485 * fall through to the regular open path. 2486 */ 2487 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) { 2488 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1; 2489 2490 if (len > 0) 2491 device += strlen(PCAP_SRC_IF_STRING); 2492 } 2493 } 2494 #endif /* ENABLE_REMOTE */ 2495 2496 p = pcap_create(device, errbuf); 2497 if (p == NULL) 2498 return (NULL); 2499 status = pcap_set_snaplen(p, snaplen); 2500 if (status < 0) 2501 goto fail; 2502 status = pcap_set_promisc(p, promisc); 2503 if (status < 0) 2504 goto fail; 2505 status = pcap_set_timeout(p, to_ms); 2506 if (status < 0) 2507 goto fail; 2508 /* 2509 * Mark this as opened with pcap_open_live(), so that, for 2510 * example, we show the full list of DLT_ values, rather 2511 * than just the ones that are compatible with capturing 2512 * when not in monitor mode. That allows existing applications 2513 * to work the way they used to work, but allows new applications 2514 * that know about the new open API to, for example, find out the 2515 * DLT_ values that they can select without changing whether 2516 * the adapter is in monitor mode or not. 2517 */ 2518 p->oldstyle = 1; 2519 status = pcap_activate(p); 2520 if (status < 0) 2521 goto fail; 2522 return (p); 2523 fail: 2524 if (status == PCAP_ERROR) 2525 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 2526 p->errbuf); 2527 else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 2528 status == PCAP_ERROR_PERM_DENIED || 2529 status == PCAP_ERROR_PROMISC_PERM_DENIED) 2530 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", device, 2531 pcap_statustostr(status), p->errbuf); 2532 else 2533 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 2534 pcap_statustostr(status)); 2535 pcap_close(p); 2536 return (NULL); 2537 } 2538 2539 pcap_t * 2540 pcap_open_offline_common(char *ebuf, size_t size) 2541 { 2542 pcap_t *p; 2543 2544 p = pcap_alloc_pcap_t(ebuf, size); 2545 if (p == NULL) 2546 return (NULL); 2547 2548 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2549 2550 return (p); 2551 } 2552 2553 int 2554 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2555 { 2556 return (p->read_op(p, cnt, callback, user)); 2557 } 2558 2559 int 2560 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2561 { 2562 register int n; 2563 2564 for (;;) { 2565 if (p->rfile != NULL) { 2566 /* 2567 * 0 means EOF, so don't loop if we get 0. 2568 */ 2569 n = pcap_offline_read(p, cnt, callback, user); 2570 } else { 2571 /* 2572 * XXX keep reading until we get something 2573 * (or an error occurs) 2574 */ 2575 do { 2576 n = p->read_op(p, cnt, callback, user); 2577 } while (n == 0); 2578 } 2579 if (n <= 0) 2580 return (n); 2581 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) { 2582 cnt -= n; 2583 if (cnt <= 0) 2584 return (0); 2585 } 2586 } 2587 } 2588 2589 /* 2590 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 2591 */ 2592 void 2593 pcap_breakloop(pcap_t *p) 2594 { 2595 p->break_loop = 1; 2596 } 2597 2598 int 2599 pcap_datalink(pcap_t *p) 2600 { 2601 if (!p->activated) 2602 return (PCAP_ERROR_NOT_ACTIVATED); 2603 return (p->linktype); 2604 } 2605 2606 int 2607 pcap_datalink_ext(pcap_t *p) 2608 { 2609 if (!p->activated) 2610 return (PCAP_ERROR_NOT_ACTIVATED); 2611 return (p->linktype_ext); 2612 } 2613 2614 int 2615 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 2616 { 2617 if (!p->activated) 2618 return (PCAP_ERROR_NOT_ACTIVATED); 2619 if (p->dlt_count == 0) { 2620 /* 2621 * We couldn't fetch the list of DLTs, which means 2622 * this platform doesn't support changing the 2623 * DLT for an interface. Return a list of DLTs 2624 * containing only the DLT this device supports. 2625 */ 2626 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 2627 if (*dlt_buffer == NULL) { 2628 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 2629 errno, "malloc"); 2630 return (PCAP_ERROR); 2631 } 2632 **dlt_buffer = p->linktype; 2633 return (1); 2634 } else { 2635 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count); 2636 if (*dlt_buffer == NULL) { 2637 pcap_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 2638 errno, "malloc"); 2639 return (PCAP_ERROR); 2640 } 2641 (void)memcpy(*dlt_buffer, p->dlt_list, 2642 sizeof(**dlt_buffer) * p->dlt_count); 2643 return (p->dlt_count); 2644 } 2645 } 2646 2647 /* 2648 * In Windows, you might have a library built with one version of the 2649 * C runtime library and an application built with another version of 2650 * the C runtime library, which means that the library might use one 2651 * version of malloc() and free() and the application might use another 2652 * version of malloc() and free(). If so, that means something 2653 * allocated by the library cannot be freed by the application, so we 2654 * need to have a pcap_free_datalinks() routine to free up the list 2655 * allocated by pcap_list_datalinks(), even though it's just a wrapper 2656 * around free(). 2657 */ 2658 void 2659 pcap_free_datalinks(int *dlt_list) 2660 { 2661 free(dlt_list); 2662 } 2663 2664 int 2665 pcap_set_datalink(pcap_t *p, int dlt) 2666 { 2667 int i; 2668 const char *dlt_name; 2669 2670 if (dlt < 0) 2671 goto unsupported; 2672 2673 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 2674 /* 2675 * We couldn't fetch the list of DLTs, or we don't 2676 * have a "set datalink" operation, which means 2677 * this platform doesn't support changing the 2678 * DLT for an interface. Check whether the new 2679 * DLT is the one this interface supports. 2680 */ 2681 if (p->linktype != dlt) 2682 goto unsupported; 2683 2684 /* 2685 * It is, so there's nothing we need to do here. 2686 */ 2687 return (0); 2688 } 2689 for (i = 0; i < p->dlt_count; i++) 2690 if (p->dlt_list[i] == (u_int)dlt) 2691 break; 2692 if (i >= p->dlt_count) 2693 goto unsupported; 2694 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 2695 dlt == DLT_DOCSIS) { 2696 /* 2697 * This is presumably an Ethernet device, as the first 2698 * link-layer type it offers is DLT_EN10MB, and the only 2699 * other type it offers is DLT_DOCSIS. That means that 2700 * we can't tell the driver to supply DOCSIS link-layer 2701 * headers - we're just pretending that's what we're 2702 * getting, as, presumably, we're capturing on a dedicated 2703 * link to a Cisco Cable Modem Termination System, and 2704 * it's putting raw DOCSIS frames on the wire inside low-level 2705 * Ethernet framing. 2706 */ 2707 p->linktype = dlt; 2708 return (0); 2709 } 2710 if (p->set_datalink_op(p, dlt) == -1) 2711 return (-1); 2712 p->linktype = dlt; 2713 return (0); 2714 2715 unsupported: 2716 dlt_name = pcap_datalink_val_to_name(dlt); 2717 if (dlt_name != NULL) { 2718 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf), 2719 "%s is not one of the DLTs supported by this device", 2720 dlt_name); 2721 } else { 2722 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf), 2723 "DLT %d is not one of the DLTs supported by this device", 2724 dlt); 2725 } 2726 return (-1); 2727 } 2728 2729 /* 2730 * This array is designed for mapping upper and lower case letter 2731 * together for a case independent comparison. The mappings are 2732 * based upon ascii character sequences. 2733 */ 2734 static const u_char charmap[] = { 2735 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 2736 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 2737 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 2738 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 2739 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 2740 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 2741 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 2742 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 2743 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 2744 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 2745 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 2746 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 2747 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 2748 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 2749 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 2750 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 2751 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 2752 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 2753 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 2754 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 2755 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 2756 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 2757 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 2758 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 2759 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 2760 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 2761 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 2762 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 2763 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 2764 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 2765 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 2766 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 2767 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 2768 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 2769 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 2770 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 2771 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 2772 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 2773 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 2774 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 2775 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 2776 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 2777 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 2778 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 2779 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 2780 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 2781 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 2782 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 2783 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 2784 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 2785 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 2786 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 2787 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 2788 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 2789 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 2790 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 2791 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 2792 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 2793 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 2794 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 2795 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 2796 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 2797 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 2798 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 2799 }; 2800 2801 int 2802 pcap_strcasecmp(const char *s1, const char *s2) 2803 { 2804 register const u_char *cm = charmap, 2805 *us1 = (const u_char *)s1, 2806 *us2 = (const u_char *)s2; 2807 2808 while (cm[*us1] == cm[*us2++]) 2809 if (*us1++ == '\0') 2810 return(0); 2811 return (cm[*us1] - cm[*--us2]); 2812 } 2813 2814 struct dlt_choice { 2815 const char *name; 2816 const char *description; 2817 int dlt; 2818 }; 2819 2820 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code } 2821 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 2822 2823 static struct dlt_choice dlt_choices[] = { 2824 DLT_CHOICE(NULL, "BSD loopback"), 2825 DLT_CHOICE(EN10MB, "Ethernet"), 2826 DLT_CHOICE(IEEE802, "Token ring"), 2827 DLT_CHOICE(ARCNET, "BSD ARCNET"), 2828 DLT_CHOICE(SLIP, "SLIP"), 2829 DLT_CHOICE(PPP, "PPP"), 2830 DLT_CHOICE(FDDI, "FDDI"), 2831 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 2832 DLT_CHOICE(RAW, "Raw IP"), 2833 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"), 2834 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"), 2835 DLT_CHOICE(ATM_CLIP, "Linux Classical IP-over-ATM"), 2836 DLT_CHOICE(PPP_SERIAL, "PPP over serial"), 2837 DLT_CHOICE(PPP_ETHER, "PPPoE"), 2838 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"), 2839 DLT_CHOICE(C_HDLC, "Cisco HDLC"), 2840 DLT_CHOICE(IEEE802_11, "802.11"), 2841 DLT_CHOICE(FRELAY, "Frame Relay"), 2842 DLT_CHOICE(LOOP, "OpenBSD loopback"), 2843 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"), 2844 DLT_CHOICE(LINUX_SLL, "Linux cooked"), 2845 DLT_CHOICE(LTALK, "Localtalk"), 2846 DLT_CHOICE(PFLOG, "OpenBSD pflog file"), 2847 DLT_CHOICE(PFSYNC, "Packet filter state syncing"), 2848 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"), 2849 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 2850 DLT_CHOICE(SUNATM, "Sun raw ATM"), 2851 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"), 2852 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"), 2853 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 2854 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 2855 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"), 2856 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"), 2857 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 2858 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"), 2859 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 2860 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"), 2861 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 2862 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 2863 DLT_CHOICE(MTP2, "SS7 MTP2"), 2864 DLT_CHOICE(MTP3, "SS7 MTP3"), 2865 DLT_CHOICE(SCCP, "SS7 SCCP"), 2866 DLT_CHOICE(DOCSIS, "DOCSIS"), 2867 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"), 2868 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 2869 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 2870 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"), 2871 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"), 2872 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"), 2873 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 2874 DLT_CHOICE(GPRS_LLC, "GPRS LLC"), 2875 DLT_CHOICE(GPF_T, "GPF-T"), 2876 DLT_CHOICE(GPF_F, "GPF-F"), 2877 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"), 2878 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"), 2879 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"), 2880 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"), 2881 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"), 2882 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"), 2883 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"), 2884 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"), 2885 DLT_CHOICE(MFR, "FRF.16 Frame Relay"), 2886 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"), 2887 DLT_CHOICE(A429, "Arinc 429"), 2888 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"), 2889 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"), 2890 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 2891 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 2892 DLT_CHOICE(USB_LINUX, "USB with Linux header"), 2893 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"), 2894 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 2895 DLT_CHOICE(PPI, "Per-Packet Information"), 2896 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 2897 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"), 2898 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"), 2899 DLT_CHOICE(SITA, "SITA pseudo-header"), 2900 DLT_CHOICE(ERF, "Endace ERF header"), 2901 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"), 2902 DLT_CHOICE(IPMB, "IPMB"), 2903 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"), 2904 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 2905 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"), 2906 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 2907 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"), 2908 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"), 2909 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"), 2910 DLT_CHOICE(DECT, "DECT"), 2911 DLT_CHOICE(AOS, "AOS Space Data Link protocol"), 2912 DLT_CHOICE(WIHART, "Wireless HART"), 2913 DLT_CHOICE(FC_2, "Fibre Channel FC-2"), 2914 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 2915 DLT_CHOICE(IPNET, "Solaris ipnet"), 2916 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 2917 DLT_CHOICE(IPV4, "Raw IPv4"), 2918 DLT_CHOICE(IPV6, "Raw IPv6"), 2919 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 2920 DLT_CHOICE(DBUS, "D-Bus"), 2921 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"), 2922 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"), 2923 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 2924 DLT_CHOICE(DVB_CI, "DVB-CI"), 2925 DLT_CHOICE(MUX27010, "MUX27010"), 2926 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"), 2927 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 2928 DLT_CHOICE(NFLOG, "Linux netfilter log messages"), 2929 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 2930 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 2931 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"), 2932 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"), 2933 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"), 2934 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"), 2935 DLT_CHOICE(INFINIBAND, "InfiniBand"), 2936 DLT_CHOICE(SCTP, "SCTP"), 2937 DLT_CHOICE(USBPCAP, "USB with USBPcap header"), 2938 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"), 2939 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"), 2940 DLT_CHOICE(NETLINK, "Linux netlink"), 2941 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"), 2942 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"), 2943 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"), 2944 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"), 2945 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"), 2946 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"), 2947 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"), 2948 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"), 2949 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"), 2950 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"), 2951 DLT_CHOICE(ISO_14443, "ISO 14443 messages"), 2952 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"), 2953 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"), 2954 DLT_CHOICE(OPENFLOW, "OpenBSD DLT_OPENFLOW"), 2955 DLT_CHOICE(SDLC, "IBM SDLC frames"), 2956 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"), 2957 DLT_CHOICE(VSOCK, "Linux vsock"), 2958 DLT_CHOICE(NORDIC_BLE, "Nordic Semiconductor Bluetooth LE sniffer frames"), 2959 DLT_CHOICE(DOCSIS31_XRA31, "Excentis XRA-31 DOCSIS 3.1 RF sniffer frames"), 2960 DLT_CHOICE(ETHERNET_MPACKET, "802.3br mPackets"), 2961 DLT_CHOICE(DISPLAYPORT_AUX, "DisplayPort AUX channel monitoring data"), 2962 DLT_CHOICE_SENTINEL 2963 }; 2964 2965 int 2966 pcap_datalink_name_to_val(const char *name) 2967 { 2968 int i; 2969 2970 for (i = 0; dlt_choices[i].name != NULL; i++) { 2971 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0) 2972 return (dlt_choices[i].dlt); 2973 } 2974 return (-1); 2975 } 2976 2977 const char * 2978 pcap_datalink_val_to_name(int dlt) 2979 { 2980 int i; 2981 2982 for (i = 0; dlt_choices[i].name != NULL; i++) { 2983 if (dlt_choices[i].dlt == dlt) 2984 return (dlt_choices[i].name); 2985 } 2986 return (NULL); 2987 } 2988 2989 const char * 2990 pcap_datalink_val_to_description(int dlt) 2991 { 2992 int i; 2993 2994 for (i = 0; dlt_choices[i].name != NULL; i++) { 2995 if (dlt_choices[i].dlt == dlt) 2996 return (dlt_choices[i].description); 2997 } 2998 return (NULL); 2999 } 3000 3001 struct tstamp_type_choice { 3002 const char *name; 3003 const char *description; 3004 int type; 3005 }; 3006 3007 static struct tstamp_type_choice tstamp_type_choices[] = { 3008 { "host", "Host", PCAP_TSTAMP_HOST }, 3009 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 3010 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 3011 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 3012 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 3013 { NULL, NULL, 0 } 3014 }; 3015 3016 int 3017 pcap_tstamp_type_name_to_val(const char *name) 3018 { 3019 int i; 3020 3021 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3022 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0) 3023 return (tstamp_type_choices[i].type); 3024 } 3025 return (PCAP_ERROR); 3026 } 3027 3028 const char * 3029 pcap_tstamp_type_val_to_name(int tstamp_type) 3030 { 3031 int i; 3032 3033 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3034 if (tstamp_type_choices[i].type == tstamp_type) 3035 return (tstamp_type_choices[i].name); 3036 } 3037 return (NULL); 3038 } 3039 3040 const char * 3041 pcap_tstamp_type_val_to_description(int tstamp_type) 3042 { 3043 int i; 3044 3045 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3046 if (tstamp_type_choices[i].type == tstamp_type) 3047 return (tstamp_type_choices[i].description); 3048 } 3049 return (NULL); 3050 } 3051 3052 int 3053 pcap_snapshot(pcap_t *p) 3054 { 3055 if (!p->activated) 3056 return (PCAP_ERROR_NOT_ACTIVATED); 3057 return (p->snapshot); 3058 } 3059 3060 int 3061 pcap_is_swapped(pcap_t *p) 3062 { 3063 if (!p->activated) 3064 return (PCAP_ERROR_NOT_ACTIVATED); 3065 return (p->swapped); 3066 } 3067 3068 int 3069 pcap_major_version(pcap_t *p) 3070 { 3071 if (!p->activated) 3072 return (PCAP_ERROR_NOT_ACTIVATED); 3073 return (p->version_major); 3074 } 3075 3076 int 3077 pcap_minor_version(pcap_t *p) 3078 { 3079 if (!p->activated) 3080 return (PCAP_ERROR_NOT_ACTIVATED); 3081 return (p->version_minor); 3082 } 3083 3084 int 3085 pcap_bufsize(pcap_t *p) 3086 { 3087 if (!p->activated) 3088 return (PCAP_ERROR_NOT_ACTIVATED); 3089 return (p->bufsize); 3090 } 3091 3092 FILE * 3093 pcap_file(pcap_t *p) 3094 { 3095 return (p->rfile); 3096 } 3097 3098 int 3099 pcap_fileno(pcap_t *p) 3100 { 3101 #ifndef _WIN32 3102 return (p->fd); 3103 #else 3104 if (p->handle != INVALID_HANDLE_VALUE) 3105 return ((int)(DWORD)p->handle); 3106 else 3107 return (PCAP_ERROR); 3108 #endif 3109 } 3110 3111 #if !defined(_WIN32) && !defined(MSDOS) 3112 int 3113 pcap_get_selectable_fd(pcap_t *p) 3114 { 3115 return (p->selectable_fd); 3116 } 3117 3118 struct timeval * 3119 pcap_get_required_select_timeout(pcap_t *p) 3120 { 3121 return (p->required_select_timeout); 3122 } 3123 #endif 3124 3125 void 3126 pcap_perror(pcap_t *p, const char *prefix) 3127 { 3128 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 3129 } 3130 3131 char * 3132 pcap_geterr(pcap_t *p) 3133 { 3134 return (p->errbuf); 3135 } 3136 3137 int 3138 pcap_getnonblock(pcap_t *p, char *errbuf) 3139 { 3140 int ret; 3141 3142 ret = p->getnonblock_op(p); 3143 if (ret == -1) { 3144 /* 3145 * The get nonblock operation sets p->errbuf; this 3146 * function *shouldn't* have had a separate errbuf 3147 * argument, as it didn't need one, but I goofed 3148 * when adding it. 3149 * 3150 * We copy the error message to errbuf, so callers 3151 * can find it in either place. 3152 */ 3153 strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3154 } 3155 return (ret); 3156 } 3157 3158 /* 3159 * Get the current non-blocking mode setting, under the assumption that 3160 * it's just the standard POSIX non-blocking flag. 3161 */ 3162 #if !defined(_WIN32) && !defined(MSDOS) 3163 int 3164 pcap_getnonblock_fd(pcap_t *p) 3165 { 3166 int fdflags; 3167 3168 fdflags = fcntl(p->fd, F_GETFL, 0); 3169 if (fdflags == -1) { 3170 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3171 errno, "F_GETFL"); 3172 return (-1); 3173 } 3174 if (fdflags & O_NONBLOCK) 3175 return (1); 3176 else 3177 return (0); 3178 } 3179 #endif 3180 3181 int 3182 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 3183 { 3184 int ret; 3185 3186 ret = p->setnonblock_op(p, nonblock); 3187 if (ret == -1) { 3188 /* 3189 * The set nonblock operation sets p->errbuf; this 3190 * function *shouldn't* have had a separate errbuf 3191 * argument, as it didn't need one, but I goofed 3192 * when adding it. 3193 * 3194 * We copy the error message to errbuf, so callers 3195 * can find it in either place. 3196 */ 3197 strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3198 } 3199 return (ret); 3200 } 3201 3202 #if !defined(_WIN32) && !defined(MSDOS) 3203 /* 3204 * Set non-blocking mode, under the assumption that it's just the 3205 * standard POSIX non-blocking flag. (This can be called by the 3206 * per-platform non-blocking-mode routine if that routine also 3207 * needs to do some additional work.) 3208 */ 3209 int 3210 pcap_setnonblock_fd(pcap_t *p, int nonblock) 3211 { 3212 int fdflags; 3213 3214 fdflags = fcntl(p->fd, F_GETFL, 0); 3215 if (fdflags == -1) { 3216 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3217 errno, "F_GETFL"); 3218 return (-1); 3219 } 3220 if (nonblock) 3221 fdflags |= O_NONBLOCK; 3222 else 3223 fdflags &= ~O_NONBLOCK; 3224 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 3225 pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3226 errno, "F_SETFL"); 3227 return (-1); 3228 } 3229 return (0); 3230 } 3231 #endif 3232 3233 #ifdef _WIN32 3234 /* 3235 * Generate a string for a Win32-specific error (i.e. an error generated when 3236 * calling a Win32 API). 3237 * For errors occurred during standard C calls, we still use pcap_strerror() 3238 */ 3239 void 3240 pcap_win32_err_to_str(DWORD error, char *errbuf) 3241 { 3242 size_t errlen; 3243 char *p; 3244 3245 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf, 3246 PCAP_ERRBUF_SIZE, NULL); 3247 3248 /* 3249 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the 3250 * message. Get rid of it. 3251 */ 3252 errlen = strlen(errbuf); 3253 if (errlen >= 2) { 3254 errbuf[errlen - 1] = '\0'; 3255 errbuf[errlen - 2] = '\0'; 3256 } 3257 p = strchr(errbuf, '\0'); 3258 pcap_snprintf (p, PCAP_ERRBUF_SIZE+1-(p-errbuf), " (%lu)", error); 3259 } 3260 #endif 3261 3262 /* 3263 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 3264 */ 3265 const char * 3266 pcap_statustostr(int errnum) 3267 { 3268 static char ebuf[15+10+1]; 3269 3270 switch (errnum) { 3271 3272 case PCAP_WARNING: 3273 return("Generic warning"); 3274 3275 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 3276 return ("That type of time stamp is not supported by that device"); 3277 3278 case PCAP_WARNING_PROMISC_NOTSUP: 3279 return ("That device doesn't support promiscuous mode"); 3280 3281 case PCAP_ERROR: 3282 return("Generic error"); 3283 3284 case PCAP_ERROR_BREAK: 3285 return("Loop terminated by pcap_breakloop"); 3286 3287 case PCAP_ERROR_NOT_ACTIVATED: 3288 return("The pcap_t has not been activated"); 3289 3290 case PCAP_ERROR_ACTIVATED: 3291 return ("The setting can't be changed after the pcap_t is activated"); 3292 3293 case PCAP_ERROR_NO_SUCH_DEVICE: 3294 return ("No such device exists"); 3295 3296 case PCAP_ERROR_RFMON_NOTSUP: 3297 return ("That device doesn't support monitor mode"); 3298 3299 case PCAP_ERROR_NOT_RFMON: 3300 return ("That operation is supported only in monitor mode"); 3301 3302 case PCAP_ERROR_PERM_DENIED: 3303 return ("You don't have permission to capture on that device"); 3304 3305 case PCAP_ERROR_IFACE_NOT_UP: 3306 return ("That device is not up"); 3307 3308 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 3309 return ("That device doesn't support setting the time stamp type"); 3310 3311 case PCAP_ERROR_PROMISC_PERM_DENIED: 3312 return ("You don't have permission to capture in promiscuous mode on that device"); 3313 3314 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP: 3315 return ("That device doesn't support that time stamp precision"); 3316 } 3317 (void)pcap_snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 3318 return(ebuf); 3319 } 3320 3321 /* 3322 * Not all systems have strerror(). 3323 */ 3324 const char * 3325 pcap_strerror(int errnum) 3326 { 3327 #ifdef HAVE_STRERROR 3328 #ifdef _WIN32 3329 static char errbuf[PCAP_ERRBUF_SIZE]; 3330 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum); 3331 3332 if (err != 0) /* err = 0 if successful */ 3333 strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE); 3334 return (errbuf); 3335 #else 3336 return (strerror(errnum)); 3337 #endif /* _WIN32 */ 3338 #else 3339 extern int sys_nerr; 3340 extern const char *const sys_errlist[]; 3341 static char errbuf[PCAP_ERRBUF_SIZE]; 3342 3343 if ((unsigned int)errnum < sys_nerr) 3344 return ((char *)sys_errlist[errnum]); 3345 (void)pcap_snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum); 3346 return (errbuf); 3347 #endif 3348 } 3349 3350 int 3351 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 3352 { 3353 return (p->setfilter_op(p, fp)); 3354 } 3355 3356 /* 3357 * Set direction flag, which controls whether we accept only incoming 3358 * packets, only outgoing packets, or both. 3359 * Note that, depending on the platform, some or all direction arguments 3360 * might not be supported. 3361 */ 3362 int 3363 pcap_setdirection(pcap_t *p, pcap_direction_t d) 3364 { 3365 if (p->setdirection_op == NULL) { 3366 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3367 "Setting direction is not implemented on this platform"); 3368 return (-1); 3369 } else 3370 return (p->setdirection_op(p, d)); 3371 } 3372 3373 int 3374 pcap_stats(pcap_t *p, struct pcap_stat *ps) 3375 { 3376 return (p->stats_op(p, ps)); 3377 } 3378 3379 #ifdef _WIN32 3380 struct pcap_stat * 3381 pcap_stats_ex(pcap_t *p, int *pcap_stat_size) 3382 { 3383 return (p->stats_ex_op(p, pcap_stat_size)); 3384 } 3385 3386 int 3387 pcap_setbuff(pcap_t *p, int dim) 3388 { 3389 return (p->setbuff_op(p, dim)); 3390 } 3391 3392 int 3393 pcap_setmode(pcap_t *p, int mode) 3394 { 3395 return (p->setmode_op(p, mode)); 3396 } 3397 3398 int 3399 pcap_setmintocopy(pcap_t *p, int size) 3400 { 3401 return (p->setmintocopy_op(p, size)); 3402 } 3403 3404 HANDLE 3405 pcap_getevent(pcap_t *p) 3406 { 3407 return (p->getevent_op(p)); 3408 } 3409 3410 int 3411 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp) 3412 { 3413 return (p->oid_get_request_op(p, oid, data, lenp)); 3414 } 3415 3416 int 3417 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp) 3418 { 3419 return (p->oid_set_request_op(p, oid, data, lenp)); 3420 } 3421 3422 pcap_send_queue * 3423 pcap_sendqueue_alloc(u_int memsize) 3424 { 3425 pcap_send_queue *tqueue; 3426 3427 /* Allocate the queue */ 3428 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue)); 3429 if (tqueue == NULL){ 3430 return (NULL); 3431 } 3432 3433 /* Allocate the buffer */ 3434 tqueue->buffer = (char *)malloc(memsize); 3435 if (tqueue->buffer == NULL) { 3436 free(tqueue); 3437 return (NULL); 3438 } 3439 3440 tqueue->maxlen = memsize; 3441 tqueue->len = 0; 3442 3443 return (tqueue); 3444 } 3445 3446 void 3447 pcap_sendqueue_destroy(pcap_send_queue *queue) 3448 { 3449 free(queue->buffer); 3450 free(queue); 3451 } 3452 3453 int 3454 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 3455 { 3456 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){ 3457 return (-1); 3458 } 3459 3460 /* Copy the pcap_pkthdr header*/ 3461 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr)); 3462 queue->len += sizeof(struct pcap_pkthdr); 3463 3464 /* copy the packet */ 3465 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen); 3466 queue->len += pkt_header->caplen; 3467 3468 return (0); 3469 } 3470 3471 u_int 3472 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync) 3473 { 3474 return (p->sendqueue_transmit_op(p, queue, sync)); 3475 } 3476 3477 int 3478 pcap_setuserbuffer(pcap_t *p, int size) 3479 { 3480 return (p->setuserbuffer_op(p, size)); 3481 } 3482 3483 int 3484 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks) 3485 { 3486 return (p->live_dump_op(p, filename, maxsize, maxpacks)); 3487 } 3488 3489 int 3490 pcap_live_dump_ended(pcap_t *p, int sync) 3491 { 3492 return (p->live_dump_ended_op(p, sync)); 3493 } 3494 3495 PAirpcapHandle 3496 pcap_get_airpcap_handle(pcap_t *p) 3497 { 3498 PAirpcapHandle handle; 3499 3500 handle = p->get_airpcap_handle_op(p); 3501 if (handle == NULL) { 3502 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf), 3503 "This isn't an AirPcap device"); 3504 } 3505 return (handle); 3506 } 3507 #endif 3508 3509 /* 3510 * On some platforms, we need to clean up promiscuous or monitor mode 3511 * when we close a device - and we want that to happen even if the 3512 * application just exits without explicitl closing devices. 3513 * On those platforms, we need to register a "close all the pcaps" 3514 * routine to be called when we exit, and need to maintain a list of 3515 * pcaps that need to be closed to clean up modes. 3516 * 3517 * XXX - not thread-safe. 3518 */ 3519 3520 /* 3521 * List of pcaps on which we've done something that needs to be 3522 * cleaned up. 3523 * If there are any such pcaps, we arrange to call "pcap_close_all()" 3524 * when we exit, and have it close all of them. 3525 */ 3526 static struct pcap *pcaps_to_close; 3527 3528 /* 3529 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 3530 * be called on exit. 3531 */ 3532 static int did_atexit; 3533 3534 static void 3535 pcap_close_all(void) 3536 { 3537 struct pcap *handle; 3538 3539 while ((handle = pcaps_to_close) != NULL) 3540 pcap_close(handle); 3541 } 3542 3543 int 3544 pcap_do_addexit(pcap_t *p) 3545 { 3546 /* 3547 * If we haven't already done so, arrange to have 3548 * "pcap_close_all()" called when we exit. 3549 */ 3550 if (!did_atexit) { 3551 if (atexit(pcap_close_all) != 0) { 3552 /* 3553 * "atexit()" failed; let our caller know. 3554 */ 3555 strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE); 3556 return (0); 3557 } 3558 did_atexit = 1; 3559 } 3560 return (1); 3561 } 3562 3563 void 3564 pcap_add_to_pcaps_to_close(pcap_t *p) 3565 { 3566 p->next = pcaps_to_close; 3567 pcaps_to_close = p; 3568 } 3569 3570 void 3571 pcap_remove_from_pcaps_to_close(pcap_t *p) 3572 { 3573 pcap_t *pc, *prevpc; 3574 3575 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 3576 prevpc = pc, pc = pc->next) { 3577 if (pc == p) { 3578 /* 3579 * Found it. Remove it from the list. 3580 */ 3581 if (prevpc == NULL) { 3582 /* 3583 * It was at the head of the list. 3584 */ 3585 pcaps_to_close = pc->next; 3586 } else { 3587 /* 3588 * It was in the middle of the list. 3589 */ 3590 prevpc->next = pc->next; 3591 } 3592 break; 3593 } 3594 } 3595 } 3596 3597 void 3598 pcap_cleanup_live_common(pcap_t *p) 3599 { 3600 if (p->buffer != NULL) { 3601 free(p->buffer); 3602 p->buffer = NULL; 3603 } 3604 if (p->dlt_list != NULL) { 3605 free(p->dlt_list); 3606 p->dlt_list = NULL; 3607 p->dlt_count = 0; 3608 } 3609 if (p->tstamp_type_list != NULL) { 3610 free(p->tstamp_type_list); 3611 p->tstamp_type_list = NULL; 3612 p->tstamp_type_count = 0; 3613 } 3614 if (p->tstamp_precision_list != NULL) { 3615 free(p->tstamp_precision_list); 3616 p->tstamp_precision_list = NULL; 3617 p->tstamp_precision_count = 0; 3618 } 3619 pcap_freecode(&p->fcode); 3620 #if !defined(_WIN32) && !defined(MSDOS) 3621 if (p->fd >= 0) { 3622 close(p->fd); 3623 p->fd = -1; 3624 } 3625 p->selectable_fd = -1; 3626 #endif 3627 } 3628 3629 /* 3630 * API compatible with WinPcap's "send a packet" routine - returns -1 3631 * on error, 0 otherwise. 3632 * 3633 * XXX - what if we get a short write? 3634 */ 3635 int 3636 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 3637 { 3638 if (p->inject_op(p, buf, size) == -1) 3639 return (-1); 3640 return (0); 3641 } 3642 3643 /* 3644 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 3645 * error, number of bytes written otherwise. 3646 */ 3647 int 3648 pcap_inject(pcap_t *p, const void *buf, size_t size) 3649 { 3650 return (p->inject_op(p, buf, size)); 3651 } 3652 3653 void 3654 pcap_close(pcap_t *p) 3655 { 3656 if (p->opt.device != NULL) 3657 free(p->opt.device); 3658 p->cleanup_op(p); 3659 free(p); 3660 } 3661 3662 /* 3663 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 3664 * data for the packet, check whether the packet passes the filter. 3665 * Returns the return value of the filter program, which will be zero if 3666 * the packet doesn't pass and non-zero if the packet does pass. 3667 */ 3668 int 3669 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 3670 const u_char *pkt) 3671 { 3672 const struct bpf_insn *fcode = fp->bf_insns; 3673 3674 if (fcode != NULL) 3675 return (bpf_filter(fcode, pkt, h->len, h->caplen)); 3676 else 3677 return (0); 3678 } 3679 3680 static int 3681 pcap_can_set_rfmon_dead(pcap_t *p) 3682 { 3683 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3684 "Rfmon mode doesn't apply on a pcap_open_dead pcap_t"); 3685 return (PCAP_ERROR); 3686 } 3687 3688 static int 3689 pcap_read_dead(pcap_t *p, int cnt _U_, pcap_handler callback _U_, 3690 u_char *user _U_) 3691 { 3692 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3693 "Packets aren't available from a pcap_open_dead pcap_t"); 3694 return (-1); 3695 } 3696 3697 static int 3698 pcap_inject_dead(pcap_t *p, const void *buf _U_, size_t size _U_) 3699 { 3700 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3701 "Packets can't be sent on a pcap_open_dead pcap_t"); 3702 return (-1); 3703 } 3704 3705 static int 3706 pcap_setfilter_dead(pcap_t *p, struct bpf_program *fp _U_) 3707 { 3708 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3709 "A filter cannot be set on a pcap_open_dead pcap_t"); 3710 return (-1); 3711 } 3712 3713 static int 3714 pcap_setdirection_dead(pcap_t *p, pcap_direction_t d _U_) 3715 { 3716 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3717 "The packet direction cannot be set on a pcap_open_dead pcap_t"); 3718 return (-1); 3719 } 3720 3721 static int 3722 pcap_set_datalink_dead(pcap_t *p, int dlt _U_) 3723 { 3724 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3725 "The link-layer header type cannot be set on a pcap_open_dead pcap_t"); 3726 return (-1); 3727 } 3728 3729 static int 3730 pcap_getnonblock_dead(pcap_t *p) 3731 { 3732 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3733 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 3734 return (-1); 3735 } 3736 3737 static int 3738 pcap_setnonblock_dead(pcap_t *p, int nonblock _U_) 3739 { 3740 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3741 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 3742 return (-1); 3743 } 3744 3745 static int 3746 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 3747 { 3748 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3749 "Statistics aren't available from a pcap_open_dead pcap_t"); 3750 return (-1); 3751 } 3752 3753 #ifdef _WIN32 3754 struct pcap_stat * 3755 pcap_stats_ex_dead(pcap_t *p, int *pcap_stat_size _U_) 3756 { 3757 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3758 "Statistics aren't available from a pcap_open_dead pcap_t"); 3759 return (NULL); 3760 } 3761 3762 static int 3763 pcap_setbuff_dead(pcap_t *p, int dim) 3764 { 3765 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3766 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 3767 return (-1); 3768 } 3769 3770 static int 3771 pcap_setmode_dead(pcap_t *p, int mode) 3772 { 3773 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3774 "impossible to set mode on a pcap_open_dead pcap_t"); 3775 return (-1); 3776 } 3777 3778 static int 3779 pcap_setmintocopy_dead(pcap_t *p, int size) 3780 { 3781 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3782 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 3783 return (-1); 3784 } 3785 3786 static HANDLE 3787 pcap_getevent_dead(pcap_t *p) 3788 { 3789 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3790 "A pcap_open_dead pcap_t has no event handle"); 3791 return (INVALID_HANDLE_VALUE); 3792 } 3793 3794 static int 3795 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, 3796 size_t *lenp _U_) 3797 { 3798 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3799 "An OID get request cannot be performed on a pcap_open_dead pcap_t"); 3800 return (PCAP_ERROR); 3801 } 3802 3803 static int 3804 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_, 3805 size_t *lenp _U_) 3806 { 3807 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3808 "An OID set request cannot be performed on a pcap_open_dead pcap_t"); 3809 return (PCAP_ERROR); 3810 } 3811 3812 static u_int 3813 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue, int sync) 3814 { 3815 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3816 "Packets cannot be transmitted on a pcap_open_dead pcap_t"); 3817 return (0); 3818 } 3819 3820 static int 3821 pcap_setuserbuffer_dead(pcap_t *p, int size) 3822 { 3823 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3824 "The user buffer cannot be set on a pcap_open_dead pcap_t"); 3825 return (-1); 3826 } 3827 3828 static int 3829 pcap_live_dump_dead(pcap_t *p, char *filename, int maxsize, int maxpacks) 3830 { 3831 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3832 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 3833 return (-1); 3834 } 3835 3836 static int 3837 pcap_live_dump_ended_dead(pcap_t *p, int sync) 3838 { 3839 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3840 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 3841 return (-1); 3842 } 3843 3844 static PAirpcapHandle 3845 pcap_get_airpcap_handle_dead(pcap_t *p) 3846 { 3847 return (NULL); 3848 } 3849 #endif /* _WIN32 */ 3850 3851 static void 3852 pcap_cleanup_dead(pcap_t *p _U_) 3853 { 3854 /* Nothing to do. */ 3855 } 3856 3857 pcap_t * 3858 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) 3859 { 3860 pcap_t *p; 3861 3862 switch (precision) { 3863 3864 case PCAP_TSTAMP_PRECISION_MICRO: 3865 case PCAP_TSTAMP_PRECISION_NANO: 3866 break; 3867 3868 default: 3869 /* 3870 * This doesn't really matter, but we don't have any way 3871 * to report particular errors, so the only failure we 3872 * should have is a memory allocation failure. Just 3873 * pick microsecond precision. 3874 */ 3875 precision = PCAP_TSTAMP_PRECISION_MICRO; 3876 break; 3877 } 3878 p = malloc(sizeof(*p)); 3879 if (p == NULL) 3880 return NULL; 3881 memset (p, 0, sizeof(*p)); 3882 p->snapshot = snaplen; 3883 p->linktype = linktype; 3884 p->opt.tstamp_precision = precision; 3885 p->can_set_rfmon_op = pcap_can_set_rfmon_dead; 3886 p->read_op = pcap_read_dead; 3887 p->inject_op = pcap_inject_dead; 3888 p->setfilter_op = pcap_setfilter_dead; 3889 p->setdirection_op = pcap_setdirection_dead; 3890 p->set_datalink_op = pcap_set_datalink_dead; 3891 p->getnonblock_op = pcap_getnonblock_dead; 3892 p->setnonblock_op = pcap_setnonblock_dead; 3893 p->stats_op = pcap_stats_dead; 3894 #ifdef _WIN32 3895 p->stats_ex_op = pcap_stats_ex_dead; 3896 p->setbuff_op = pcap_setbuff_dead; 3897 p->setmode_op = pcap_setmode_dead; 3898 p->setmintocopy_op = pcap_setmintocopy_dead; 3899 p->getevent_op = pcap_getevent_dead; 3900 p->oid_get_request_op = pcap_oid_get_request_dead; 3901 p->oid_set_request_op = pcap_oid_set_request_dead; 3902 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead; 3903 p->setuserbuffer_op = pcap_setuserbuffer_dead; 3904 p->live_dump_op = pcap_live_dump_dead; 3905 p->live_dump_ended_op = pcap_live_dump_ended_dead; 3906 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead; 3907 #endif 3908 p->cleanup_op = pcap_cleanup_dead; 3909 3910 /* 3911 * A "dead" pcap_t never requires special BPF code generation. 3912 */ 3913 p->bpf_codegen_flags = 0; 3914 3915 p->activated = 1; 3916 return (p); 3917 } 3918 3919 pcap_t * 3920 pcap_open_dead(int linktype, int snaplen) 3921 { 3922 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen, 3923 PCAP_TSTAMP_PRECISION_MICRO)); 3924 } 3925 3926 #ifdef YYDEBUG 3927 /* 3928 * Set the internal "debug printout" flag for the filter expression parser. 3929 * The code to print that stuff is present only if YYDEBUG is defined, so 3930 * the flag, and the routine to set it, are defined only if YYDEBUG is 3931 * defined. 3932 * 3933 * This is intended for libpcap developers, not for general use. 3934 * If you want to set these in a program, you'll have to declare this 3935 * routine yourself, with the appropriate DLL import attribute on Windows; 3936 * it's not declared in any header file, and won't be declared in any 3937 * header file provided by libpcap. 3938 */ 3939 PCAP_API void pcap_set_parser_debug(int value); 3940 3941 PCAP_API_DEF void 3942 pcap_set_parser_debug(int value) 3943 { 3944 pcap_debug = value; 3945 } 3946 #endif 3947