aboutsummaryrefslogtreecommitdiffstats
path: root/pcap-snoop.c
AgeCommit message (Collapse)AuthorFilesLines
2009-09-21If an activate routine fails, it needs to clean up the pcap_t, closeGuy Harris1-0/+1
anything it's opened, etc.. In addition, the op pointers need to be restored to the un-activated state; do that in pcap_activate() if the call to the activate op fails. Also, in the common cleanup code, set the fd's to -1.
2008-12-02From Albert Chin: fix a cut-and-pasteo.guy1-3/+3
2008-04-14Turn close_op into cleanup_op; the routine that handles it can also beguy1-11/+10
used to clean up after a failed pcap_activate() call. Convert the existing close_op routines to cleanup_op routines, and use them to clean up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it directly if there's no platform-dependent cleanup needed. That means we don't have to write the same cleanup code twice (and possibly forget stuff in the version done on a failed pcap_activate() call). Have the cleanup routines do whatever is necessary to indicate that cleanup has been done, and not do any particular cleaning up if it's already been done (i.e., don't free something if the pointer to it is null and null out the pointer once it's been freed, don't close an FD if it's -1 and set it to -1 once it's been closed, etc.). For device types/platforms where we don't support monitor mode, check for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've checked whether we can open the device, so we return "no such device" or "permission denied" rather than "that device doesn't support monitor mode" if we can't open the device in the first place. Fix a comment.
2008-04-07For Linux non-mmapped captures, Linux bluetooth captures, and Irixguy1-2/+5
captures, set the socket buffer size to the value specified by pcap_set_buffer_size() if a value was set. Clean up if memory buffer allocation fails on Linux.
2008-04-04From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_tguy1-53/+58
handle" routine, an 'activate a pcap_t handle" routine, and some "set the properties of the pcap_t handle" routines, so that, for example, the buffer size can be set on a BPF device before the device is bound to an interface. Add additional routines to set monitor mode, and make at least an initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and 10.5. (Very much "initial" for Linux, which is a twisty little maze of wireless drivers, many different.) Have a "timeout" member of the pcap_md structure on all platforms, use that on Windows instead of the "timeout" member of the pcap_t structure, and get rid of the "timeout" member of that structure.
2005-05-03From Pawel Pokrywka: add support for requesting that only receivedguy1-1/+2
packets, only sent packets, or all packets be accepted, with an implementation for Linux. Add an implementation for BPF platforms that support BIOCSSEESENT.
2004-10-19Add a "pcap_close_common()" routine which can be used as the closeguy1-11/+2
routine for some pcap-XXX.c files and can be called by the close routine in other pcap-XXX.c files.
2004-04-07From Brian Ginsbach:guy1-3/+15
handle 65535-byte packets from the UNICOS/mp loopback interface; add a missing variable to "pcap_inject_snoop()".
2004-03-23Add support for sending packets; includes contributions from Markguy1-1/+18
Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>.
2004-03-21Fix cut-and-pasteos; thanks to Darren Reed for finding them.guy1-7/+7
2003-12-18For devices that we have some reason to believe are real live Ethernetguy1-1/+35
devices, offer DLT_DOCSIS as one of the choices of link-layer type, and support setting that type as meaning just "set libpcap's notion of the link-layer type to DLT_DOCSIS" without telling the driver to use DLT_DOCSIS.
2003-11-21Add a "pcap_get_selectable_fd()" API to get an FD on which you can do aguy1-1/+6
"select()" or "poll()" - or -1 if that won't work.
2003-11-20Add "getnonblock" and "setnonblock" operations, and set the functionguy1-1/+3
pointers appropriately, rather than using #ifdefs and run-time checks. Get rid of declaration of non-existent "pcap_set_datalink_platform()" routine.
2003-11-15Add _U_ to "rcsid[]" definitions, to eliminate "unused variable"guy1-2/+2
warnings from newer versions of GCC.
2003-11-12From Brian Ginsbach <ginsbach@cray.com>:guy1-2/+19
correctly handle loopback devices on IRIX and UNICOS/mp (tweak the packet header so that it's a 4-byte AF_ value rather than the 2-byte AF_ value supplied on snoop sockets); add support for IP-over-FC and pseudo-link devices on UNICOS/mp.
2003-11-04Add a "pcap_breakloop()" API to break out of the loop inguy1-2/+14
"pcap_dispatch()" and "pcap_loop()".
2003-07-25Add a "read" function pointer to the pcap_t structure, which handlesguy1-3/+4
reading packets from a pcap_t, and make "pcap_read()" call it. That removes the last place where we have to check for a pcap_t that refers to a DAG card rather than a live capture, so get rid of the "is_dag" flag.
2003-07-25Add a "set_datalink" function pointer to the pcap_t structure, whichhandlesguy1-7/+2
setting a filter for a pcap_t. Have "pcap_set_datalink()" call it, rather than explicitly calling "pcap_set_datalink_platform()".
2003-07-25Add a "setfilter" function pointer to the pcap_t structure, whichguy1-10/+2
handles setting a filter for a pcap_t. Have "pcap_setfilter()" call it, rather than being a per-platform function. The per-platform functions don't need to check for an offline capture any more, as they're not called for an offline capture (and the ones that just call "install_bpf_program()" don't need to exist at all).
2003-07-25Add a "stats" function pointer to the pcap_t structure, which handlesguy1-3/+4
getting statistics for a pcap_t. Have "pcap_stats()" call it, rather than being a per-platform function; have stats routines for non-live pcap_t's that return an error.
2003-07-25Add a "close" function pointer to the pcap_t structure, which handlesguy1-1/+12
the platform-dependent part of closing a pcap_t (and the live-vs-savefile part as well, so that function must close the file descriptor and free up any buffers allocated). In the Digital UNIX support, add in a check for a memory allocation failure.
2002-12-22From Yoann Vandoorselaere <yoann@prelude-ids.org>: make the "device"guy1-2/+3
argument to "pcap_open_live()" a "const" pointer. Constify some additional device name arguments, and update the man page to reflect some arguments that were already consts.
2002-12-19NetBSD support for multiple data link types on an interface, from Davidguy1-1/+7
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe <thorpej@netbsd.org>, and further changes by me to support it on BPF systems lacking BIOCGDLTLIST and other platforms lacking an equivalent feature. Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't done so already). Add APIs to map DLT names to DLT values and vice versa.
2002-07-30It appears that SIOCGIFMTU returns the MTU in the sense of "maximumguy1-3/+3
amount of payload you can put in a link-layer packet", i.e. "maximum size of a link-layer packet minus the link-layer header size", rather than returning the maximum size of a link-layer packet. The snapshot length is the maximum amount of data to capture from the entire packet, so it should be clipped at the MTU plus the link-layer header, not at the MTU.
2002-07-11Add SunATM support, based on code from Yen Yen Lim at North Dakota Stateguy1-1/+7
University.
2002-03-08Handle 64-bit mode in IRIX, where "snoop_timestamp" in a "structguy1-2/+3
snoopheader" is a "struct irix5_timeval" rather than a "struct timeval", by copying the "tv_sec" and "tv_usec" members of that structure to the time stamp in a "struct pcap_hdr".
2002-03-07Add support for gigabit Ethernet interfaces on SGI machines, from Davidguy1-1/+2
Kaelbling <drk@sgi.com>.
2001-12-10Put more information into the comments for "pcap_stats()".guy1-1/+3
2001-07-29Add comments to "pcap_stats()" indicating what the counters mean on theguy1-1/+17
various platforms (assuming the vendors' documentation is correct and that I've correctly interpreted it).
2001-06-05Support for capturing on encrypted CIPE tunnels in IRIX, from Franzguy1-1/+2
Schaefer <schaefer@mond.at>.
2000-10-28When attaching a "bpf_program" to a "pcap_t" to use as a userlandguy1-2/+3
filter, always attach a copy, as "pcap-linux.c" does; that way, after a program uses "pcap_setfilter()", it can safely use "pcap_freecode()" to free up the BPF instructions allocated by "pcap_compile()". Also, always free it up when the "pcap_t" is closed. Get rid of the "pcap_t *" argument to "pcap_freecode()", as it's not necessary. Document "pcap_freecode()", for the benefit of programs that might repeatedly compile filter programs and attach them, so that they can free them up after attaching them and avoid leaking memory for them.
2000-10-12Get rid of the PCAP_ENCAP_ values - if an application uses them, thatguy1-6/+6
application won't build with any other version of libpcap, which means that a lot of applications won't use them. In addition, "pcap_linktype()" needs to return DLT_ values, so that platforms that build libpcap as a shared library won't break binary compatibility if they update to this version of libpcap. Instead, we map from DLT_ values to LINKTYPE_ values when writing savefiles, and map from LINKTYPE_ values to DLT_ values when reading savefiles, so that savefiles don't have platform-dependent DLT_ values in the header as the link type, they have platform-independent LINKTYPE_ values. This means we don't need to make DLT_ATM_RFC1483, DLT_RAW, etc. have platform-independent values starting at 100 - only the values in the savefile header need to be like that.
2000-09-17Introduce a set of PCAP_ENCAP_ codes to specify packet encapsulations.guy1-6/+6
For those PCAP_ENCAP_ codes corresponding to DLT_ codes that are (believed to be) the same in all BSDs, the PCAP_ENCAP_ codes have the same values as the corresponding DLT_ codes. For those PCAP_ENCAP_ codes corresponding to DLT_ codes that were added in libpcap 0.5 as "non-kernel" DLT_ codes, or had their values changed in libpcap 0.5 in order to cope with the fact that those DLT_ codes have different values in different systems, the PCAP_ENCAP_ codes have the same values as the corresponding DLT_ codes. We add some additional PCAP_ENCAP_ codes to handle IEEE 802.11 (which currently has its link-layer information turned into an Ethernet header by at least some of the BSDs, but John Hawkinson at MIT wants to add a DLT_ value for 802.11 and pass up the full link-layer header) and the Classical IP encapsulation for ATM on Linux (which isn't always the same as DLT_ATM_RFC1483, from what I can tell, alas). "pcap-bpf.c" maps DLT_ codes to PCAP_ENCAP_ codes, so as not to supply to libpcap's callers any DLT_ codes other than the ones that have the same values on all platforms; it supplies PCAP_ENCAP_ codes for all others. In libpcap's "bpf/net/bpf.h", we define the DLT_ values that aren't the same on all platforms with the new values starting at 100 (to keep them out of the way of the values various BSDs might assign to them), as we did in 0.5, but do so only if they're not already defined; platforms with <net/bpf.h> headers that come with the kernel (e.g., the BSDs) should define them with the values that they have always had on that platform, *not* with the values we used in 0.5. (Code using this version of libpcap should check for the new PCAP_ENCAP_ codes; those are given the values that the corresponding DLT_ values had in 0.5, so code that checks for them will handle 0.5 libpcap files correctly even if the platform defines DLT_RAW, say, as something other than 101. If that code also checks for DLT_RAW - which means it can't just use a switch statement, as DLT_RAW might be defined as 101 if the platform doesn't itself define DLT_RAW with some other value - then it will also handle old DLT_RAW captures, as long as they were made on the same platform or on another platform that used the same value for DLT_RAW. It can't handle captures from a platform that uses that value for another DLT_ code, but that's always been the case, and isn't easily fixable.) The intent here is to decouple the values that are returned by "pcap_datalink()" and put into the header of tcpdump/libpcap save files from the DLT_ values returned by BIOCGDLT in BSD kernels, allowing the BSDs to assign values to DLT_ codes, in their kernels, as they choose, without creating more incompatibilities between tcpdump/libpcap save files from different platforms.
2000-07-29replace bzero with memsetassar1-5/+5
2000-07-11add config.h, remove gnuc.h. remove __deadassar1-2/+5
2000-04-30change sprintf -> snprintf from previous patch. also from Guy Harrisassar1-55/+58
<gharris@flashcom.net>
2000-04-29set the snaplen to max(snaplen, mtu). From Guy Harrisassar1-13/+59
<gharris@flashcom.net>
2000-04-27s/PCAP_ERRBUFF_SIZE/PCAP_ERRBUF_SIZE/ (fatal typo)itojun1-9/+9
2000-04-27do not use sprintf(). always use snprintf().itojun1-11/+21
from NetBSD/OpenBSD src/lib/libpcap. use freeifaddrs() if exists.
2000-02-08Support ATM LANE emulated devices.kenh1-2/+3
1999-10-07Initial revisionmcr1-0/+216