1 /* $NetBSD: pcap.c,v 1.6 2015/03/31 21:39:42 christos Exp $ */
4 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
5 * The Regents of the University of California. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by the Computer Systems
18 * Engineering Group at Lawrence Berkeley Laboratory.
19 * 4. Neither the name of the University nor of the Laboratory may be used
20 * to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <sys/cdefs.h>
37 __RCSID("$NetBSD: pcap.c,v 1.6 2015/03/31 21:39:42 christos Exp $");
44 #include <pcap-stdinc.h>
51 #ifdef HAVE_SYS_BITYPES_H
52 #include <sys/bitypes.h>
54 #include <sys/types.h>
60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
66 #ifdef HAVE_OS_PROTO_H
78 #endif /* HAVE_DAG_API */
80 #ifdef HAVE_SEPTEL_API
81 #include "pcap-septel.h"
82 #endif /* HAVE_SEPTEL_API */
86 #endif /* HAVE_SNF_API */
88 #ifdef PCAP_SUPPORT_USB
89 #include "pcap-usb-linux.h"
92 #ifdef PCAP_SUPPORT_BT
93 #include "pcap-bt-linux.h"
96 #ifdef PCAP_SUPPORT_BT_MONITOR
97 #include "pcap-bt-monitor-linux.h"
100 #ifdef PCAP_SUPPORT_CAN
101 #include "pcap-can-linux.h"
104 #ifdef PCAP_SUPPORT_CANUSB
105 #include "pcap-canusb-linux.h"
108 #ifdef PCAP_SUPPORT_NETFILTER
109 #include "pcap-netfilter-linux.h"
112 #ifdef PCAP_SUPPORT_DBUS
113 #include "pcap-dbus.h"
117 pcap_not_initialized(pcap_t
*pcap _U_
)
119 /* this means 'not initialized' */
120 return (PCAP_ERROR_NOT_ACTIVATED
);
125 pcap_no_adapter(pcap_t
*pcap _U_
)
132 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
133 * a PCAP_ERROR value on an error.
136 pcap_can_set_rfmon(pcap_t
*p
)
138 return (p
->can_set_rfmon_op(p
));
142 * For systems where rfmon mode is never supported.
145 pcap_cant_set_rfmon(pcap_t
*p _U_
)
151 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
152 * types; the return value is the number of supported time stamp types.
153 * The list should be freed by a call to pcap_free_tstamp_types() when
154 * you're done with it.
156 * A return value of 0 means "you don't get a choice of time stamp type",
157 * in which case *tstamp_typesp is set to null.
159 * PCAP_ERROR is returned on error.
162 pcap_list_tstamp_types(pcap_t
*p
, int **tstamp_typesp
)
164 if (p
->tstamp_type_count
== 0) {
166 * We don't support multiple time stamp types.
168 *tstamp_typesp
= NULL
;
170 *tstamp_typesp
= (int*)calloc(sizeof(**tstamp_typesp
),
171 p
->tstamp_type_count
);
172 if (*tstamp_typesp
== NULL
) {
173 (void)snprintf(p
->errbuf
, sizeof(p
->errbuf
),
174 "malloc: %s", pcap_strerror(errno
));
177 (void)memcpy(*tstamp_typesp
, p
->tstamp_type_list
,
178 sizeof(**tstamp_typesp
) * p
->tstamp_type_count
);
180 return (p
->tstamp_type_count
);
184 * In Windows, you might have a library built with one version of the
185 * C runtime library and an application built with another version of
186 * the C runtime library, which means that the library might use one
187 * version of malloc() and free() and the application might use another
188 * version of malloc() and free(). If so, that means something
189 * allocated by the library cannot be freed by the application, so we
190 * need to have a pcap_free_tstamp_types() routine to free up the list
191 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
195 pcap_free_tstamp_types(int *tstamp_type_list
)
197 free(tstamp_type_list
);
201 * Default one-shot callback; overridden for capture types where the
202 * packet data cannot be guaranteed to be available after the callback
203 * returns, so that a copy must be made.
206 pcap_oneshot(u_char
*user
, const struct pcap_pkthdr
*h
, const u_char
*pkt
)
208 struct oneshot_userdata
*sp
= (struct oneshot_userdata
*)user
;
215 pcap_next(pcap_t
*p
, struct pcap_pkthdr
*h
)
217 struct oneshot_userdata s
;
223 if (pcap_dispatch(p
, 1, p
->oneshot_callback
, (u_char
*)&s
) <= 0)
229 pcap_next_ex(pcap_t
*p
, struct pcap_pkthdr
**pkt_header
,
230 const u_char
**pkt_data
)
232 struct oneshot_userdata s
;
234 s
.hdr
= &p
->pcap_header
;
238 /* Saves a pointer to the packet headers */
239 *pkt_header
= &p
->pcap_header
;
241 if (p
->rfile
!= NULL
) {
244 /* We are on an offline capture */
245 status
= pcap_offline_read(p
, 1, p
->oneshot_callback
,
249 * Return codes for pcap_offline_read() are:
253 * The first one ('0') conflicts with the return code of
254 * 0 from pcap_read() meaning "no packets arrived before
255 * the timeout expired", so we map it to -2 so you can
256 * distinguish between an EOF from a savefile and a
257 * "no packets arrived before the timeout expired, try
258 * again" from a live capture.
267 * Return codes for pcap_read() are:
270 * - -2: loop was broken out of with pcap_breakloop()
272 * The first one ('0') conflicts with the return code of 0 from
273 * pcap_offline_read() meaning "end of file".
275 return (p
->read_op(p
, 1, p
->oneshot_callback
, (u_char
*)&s
));
278 #if defined(DAG_ONLY)
280 pcap_findalldevs(pcap_if_t
**alldevsp
, char *errbuf
)
282 return (dag_findalldevs(alldevsp
, errbuf
));
286 pcap_create(const char *source
, char *errbuf
)
289 return (dag_create(source
, errbuf
, &is_ours
));
291 #elif defined(SEPTEL_ONLY)
293 pcap_findalldevs(pcap_if_t
**alldevsp
, char *errbuf
)
295 return (septel_findalldevs(alldevsp
, errbuf
));
299 pcap_create(const char *source
, char *errbuf
)
302 return (septel_create(source
, errbuf
, &is_ours
));
304 #elif defined(SNF_ONLY)
306 pcap_findalldevs(pcap_if_t
**alldevsp
, char *errbuf
)
308 return (snf_findalldevs(alldevsp
, errbuf
));
312 pcap_create(const char *source
, char *errbuf
)
315 return (snf_create(source
, errbuf
, &is_ours
));
317 #else /* regular pcap */
318 struct capture_source_type
{
319 int (*findalldevs_op
)(pcap_if_t
**, char *);
320 pcap_t
*(*create_op
)(const char *, char *, int *);
321 } capture_source_types
[] = {
323 { dag_findalldevs
, dag_create
},
325 #ifdef HAVE_SEPTEL_API
326 { septel_findalldevs
, septel_create
},
329 { snf_findalldevs
, snf_create
},
331 #ifdef PCAP_SUPPORT_BT
332 { bt_findalldevs
, bt_create
},
334 #ifdef PCAP_SUPPORT_BT_MONITOR
335 { bt_monitor_findalldevs
, bt_monitor_create
},
337 #if PCAP_SUPPORT_CANUSB
338 { canusb_findalldevs
, canusb_create
},
340 #ifdef PCAP_SUPPORT_CAN
341 { can_findalldevs
, can_create
},
343 #ifdef PCAP_SUPPORT_USB
344 { usb_findalldevs
, usb_create
},
346 #ifdef PCAP_SUPPORT_NETFILTER
347 { netfilter_findalldevs
, netfilter_create
},
349 #ifdef PCAP_SUPPORT_DBUS
350 { dbus_findalldevs
, dbus_create
},
356 * Get a list of all capture sources that are up and that we can open.
357 * Returns -1 on error, 0 otherwise.
358 * The list, as returned through "alldevsp", may be null if no interfaces
359 * were up and could be opened.
362 pcap_findalldevs(pcap_if_t
**alldevsp
, char *errbuf
)
367 * Get the list of regular interfaces first.
369 if (pcap_findalldevs_interfaces(alldevsp
, errbuf
) == -1)
370 return (-1); /* failure */
373 * Add any interfaces that need a platform-specific mechanism
376 if (pcap_platform_finddevs(alldevsp
, errbuf
) == -1) {
378 * We had an error; free the list we've been
381 if (*alldevsp
!= NULL
) {
382 pcap_freealldevs(*alldevsp
);
389 * Ask each of the non-local-network-interface capture
390 * source types what interfaces they have.
392 for (i
= 0; capture_source_types
[i
].findalldevs_op
!= NULL
; i
++) {
393 if (capture_source_types
[i
].findalldevs_op(alldevsp
, errbuf
) == -1) {
395 * We had an error; free the list we've been
398 if (*alldevsp
!= NULL
) {
399 pcap_freealldevs(*alldevsp
);
410 pcap_create(const char *source
, char *errbuf
)
417 * A null source name is equivalent to the "any" device -
418 * which might not be supported on this platform, but
419 * this means that you'll get a "not supported" error
420 * rather than, say, a crash when we try to dereference
427 * Try each of the non-local-network-interface capture
428 * source types until we find one that works for this
429 * device or run out of types.
431 for (i
= 0; capture_source_types
[i
].create_op
!= NULL
; i
++) {
433 p
= capture_source_types
[i
].create_op(source
, errbuf
, &is_theirs
);
436 * The device name refers to a device of the
437 * type in question; either it succeeded,
438 * in which case p refers to a pcap_t to
439 * later activate for the device, or it
440 * failed, in which case p is null and we
441 * should return that to report the failure
449 * OK, try it as a regular network interface.
451 return (pcap_create_interface(source
, errbuf
));
456 initialize_ops(pcap_t
*p
)
459 * Set operation pointers for operations that only work on
460 * an activated pcap_t to point to a routine that returns
461 * a "this isn't activated" error.
463 p
->read_op
= (read_op_t
)pcap_not_initialized
;
464 p
->inject_op
= (inject_op_t
)pcap_not_initialized
;
465 p
->setfilter_op
= (setfilter_op_t
)pcap_not_initialized
;
466 p
->setdirection_op
= (setdirection_op_t
)pcap_not_initialized
;
467 p
->set_datalink_op
= (set_datalink_op_t
)pcap_not_initialized
;
468 p
->getnonblock_op
= (getnonblock_op_t
)pcap_not_initialized
;
469 p
->setnonblock_op
= (setnonblock_op_t
)pcap_not_initialized
;
470 p
->stats_op
= (stats_op_t
)pcap_not_initialized
;
472 p
->setbuff_op
= (setbuff_op_t
)pcap_not_initialized
;
473 p
->setmode_op
= (setmode_op_t
)pcap_not_initialized
;
474 p
->setmintocopy_op
= (setmintocopy_op_t
)pcap_not_initialized
;
475 p
->getadapter_op
= pcap_no_adapter
;
479 * Default cleanup operation - implementations can override
480 * this, but should call pcap_cleanup_live_common() after
481 * doing their own additional cleanup.
483 p
->cleanup_op
= pcap_cleanup_live_common
;
486 * In most cases, the standard one-shot callback can
487 * be used for pcap_next()/pcap_next_ex().
489 p
->oneshot_callback
= pcap_oneshot
;
493 pcap_alloc_pcap_t(char *ebuf
, size_t size
)
499 * Allocate a chunk of memory big enough for a pcap_t
500 * plus a structure following it of size "size". The
501 * structure following it is a private data structure
502 * for the routines that handle this pcap_t.
504 chunk
= malloc(sizeof (pcap_t
) + size
);
506 snprintf(ebuf
, PCAP_ERRBUF_SIZE
, "malloc: %s",
507 pcap_strerror(errno
));
510 memset(chunk
, 0, sizeof (pcap_t
) + size
);
513 * Get a pointer to the pcap_t at the beginning.
518 p
->fd
= -1; /* not opened yet */
519 p
->selectable_fd
= -1;
523 /* No private data was requested. */
527 * Set the pointer to the private data; that's the structure
528 * of size "size" following the pcap_t.
530 p
->priv
= (void *)(chunk
+ sizeof (pcap_t
));
537 pcap_create_common(const char *source
, char *ebuf
, size_t size
)
541 p
= pcap_alloc_pcap_t(ebuf
, size
);
545 p
->opt
.source
= strdup(source
);
546 if (p
->opt
.source
== NULL
) {
547 snprintf(ebuf
, PCAP_ERRBUF_SIZE
, "malloc: %s",
548 pcap_strerror(errno
));
554 * Default to "can't set rfmon mode"; if it's supported by
555 * a platform, the create routine that called us can set
556 * the op to its routine to check whether a particular
557 * device supports it.
559 p
->can_set_rfmon_op
= pcap_cant_set_rfmon
;
563 /* put in some defaults*/
564 pcap_set_snaplen(p
, MAXIMUM_SNAPLEN
); /* max packet size */
565 p
->opt
.timeout
= 0; /* no timeout specified */
566 p
->opt
.buffer_size
= 0; /* use the platform's default */
569 p
->opt
.immediate
= 0;
570 p
->opt
.tstamp_type
= -1; /* default to not setting time stamp type */
571 p
->opt
.tstamp_precision
= PCAP_TSTAMP_PRECISION_MICRO
;
574 * Start out with no BPF code generation flags set.
576 p
->bpf_codegen_flags
= 0;
582 pcap_check_activated(pcap_t
*p
)
585 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
, "can't perform "
586 " operation on activated capture");
593 pcap_set_snaplen(pcap_t
*p
, int snaplen
)
595 if (pcap_check_activated(p
))
596 return (PCAP_ERROR_ACTIVATED
);
597 p
->snapshot
= snaplen
;
602 pcap_set_promisc(pcap_t
*p
, int promisc
)
604 if (pcap_check_activated(p
))
605 return (PCAP_ERROR_ACTIVATED
);
606 p
->opt
.promisc
= promisc
;
611 pcap_set_rfmon(pcap_t
*p
, int rfmon
)
613 if (pcap_check_activated(p
))
614 return (PCAP_ERROR_ACTIVATED
);
615 p
->opt
.rfmon
= rfmon
;
620 pcap_set_timeout(pcap_t
*p
, int timeout_ms
)
622 if (pcap_check_activated(p
))
623 return (PCAP_ERROR_ACTIVATED
);
624 p
->opt
.timeout
= timeout_ms
;
629 pcap_set_tstamp_type(pcap_t
*p
, int tstamp_type
)
633 if (pcap_check_activated(p
))
634 return (PCAP_ERROR_ACTIVATED
);
637 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
638 * the default time stamp type is PCAP_TSTAMP_HOST.
640 if (p
->tstamp_type_count
== 0) {
641 if (tstamp_type
== PCAP_TSTAMP_HOST
) {
642 p
->opt
.tstamp_type
= tstamp_type
;
647 * Check whether we claim to support this type of time stamp.
649 for (i
= 0; i
< p
->tstamp_type_count
; i
++) {
650 if (p
->tstamp_type_list
[i
] == (u_int
)tstamp_type
) {
654 p
->opt
.tstamp_type
= tstamp_type
;
661 * We don't support this type of time stamp.
663 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP
);
667 pcap_set_immediate_mode(pcap_t
*p
, int immediate
)
669 if (pcap_check_activated(p
))
670 return (PCAP_ERROR_ACTIVATED
);
671 p
->opt
.immediate
= immediate
;
676 pcap_set_buffer_size(pcap_t
*p
, int buffer_size
)
678 if (pcap_check_activated(p
))
679 return (PCAP_ERROR_ACTIVATED
);
680 p
->opt
.buffer_size
= buffer_size
;
685 pcap_set_tstamp_precision(pcap_t
*p
, int tstamp_precision
)
689 if (pcap_check_activated(p
))
690 return (PCAP_ERROR_ACTIVATED
);
693 * If p->tstamp_precision_count is 0, we only support setting
694 * the time stamp precision to microsecond precision; every
695 * pcap module *MUST* support microsecond precision, even if
696 * it does so by converting the native precision to
699 if (p
->tstamp_precision_count
== 0) {
700 if (tstamp_precision
== PCAP_TSTAMP_PRECISION_MICRO
) {
701 p
->opt
.tstamp_precision
= tstamp_precision
;
706 * Check whether we claim to support this precision of
709 for (i
= 0; i
< p
->tstamp_precision_count
; i
++) {
710 if (p
->tstamp_precision_list
[i
] == (u_int
)tstamp_precision
) {
714 p
->opt
.tstamp_precision
= tstamp_precision
;
721 * We don't support this time stamp precision.
723 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP
);
727 pcap_get_tstamp_precision(pcap_t
*p
)
729 return (p
->opt
.tstamp_precision
);
733 pcap_activate(pcap_t
*p
)
738 * Catch attempts to re-activate an already-activated
739 * pcap_t; this should, for example, catch code that
740 * calls pcap_open_live() followed by pcap_activate(),
741 * as some code that showed up in a Stack Exchange
744 if (pcap_check_activated(p
))
745 return (PCAP_ERROR_ACTIVATED
);
746 status
= p
->activate_op(p
);
750 if (p
->errbuf
[0] == '\0') {
752 * No error message supplied by the activate routine;
753 * for the benefit of programs that don't specially
754 * handle errors other than PCAP_ERROR, return the
755 * error message corresponding to the status.
757 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
, "%s",
758 pcap_statustostr(status
));
762 * Undo any operation pointer setting, etc. done by
763 * the activate operation.
771 pcap_open_live(const char *source
, int snaplen
, int promisc
, int to_ms
, char *errbuf
)
776 p
= pcap_create(source
, errbuf
);
779 status
= pcap_set_snaplen(p
, snaplen
);
782 status
= pcap_set_promisc(p
, promisc
);
785 status
= pcap_set_timeout(p
, to_ms
);
789 * Mark this as opened with pcap_open_live(), so that, for
790 * example, we show the full list of DLT_ values, rather
791 * than just the ones that are compatible with capturing
792 * when not in monitor mode. That allows existing applications
793 * to work the way they used to work, but allows new applications
794 * that know about the new open API to, for example, find out the
795 * DLT_ values that they can select without changing whether
796 * the adapter is in monitor mode or not.
799 status
= pcap_activate(p
);
804 if (status
== PCAP_ERROR
)
805 snprintf(errbuf
, PCAP_ERRBUF_SIZE
, "%s: %s", source
,
807 else if (status
== PCAP_ERROR_NO_SUCH_DEVICE
||
808 status
== PCAP_ERROR_PERM_DENIED
||
809 status
== PCAP_ERROR_PROMISC_PERM_DENIED
)
810 snprintf(errbuf
, PCAP_ERRBUF_SIZE
, "%s: %s (%s)", source
,
811 pcap_statustostr(status
), p
->errbuf
);
813 snprintf(errbuf
, PCAP_ERRBUF_SIZE
, "%s: %s", source
,
814 pcap_statustostr(status
));
820 pcap_open_offline_common(char *ebuf
, size_t size
)
824 p
= pcap_alloc_pcap_t(ebuf
, size
);
828 p
->opt
.tstamp_precision
= PCAP_TSTAMP_PRECISION_MICRO
;
829 p
->opt
.source
= strdup("(savefile)");
830 if (p
->opt
.source
== NULL
) {
831 snprintf(ebuf
, PCAP_ERRBUF_SIZE
, "malloc: %s",
832 pcap_strerror(errno
));
841 pcap_dispatch(pcap_t
*p
, int cnt
, pcap_handler callback
, u_char
*user
)
843 return (p
->read_op(p
, cnt
, callback
, user
));
847 * XXX - is this necessary?
850 pcap_read(pcap_t
*p
, int cnt
, pcap_handler callback
, u_char
*user
)
853 return (p
->read_op(p
, cnt
, callback
, user
));
857 pcap_loop(pcap_t
*p
, int cnt
, pcap_handler callback
, u_char
*user
)
862 if (p
->rfile
!= NULL
) {
864 * 0 means EOF, so don't loop if we get 0.
866 n
= pcap_offline_read(p
, cnt
, callback
, user
);
869 * XXX keep reading until we get something
870 * (or an error occurs)
873 n
= p
->read_op(p
, cnt
, callback
, user
);
878 if (!PACKET_COUNT_IS_UNLIMITED(cnt
)) {
887 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
890 pcap_breakloop(pcap_t
*p
)
896 pcap_datalink(pcap_t
*p
)
899 return (PCAP_ERROR_NOT_ACTIVATED
);
900 return (p
->linktype
);
904 pcap_datalink_ext(pcap_t
*p
)
907 return (PCAP_ERROR_NOT_ACTIVATED
);
908 return (p
->linktype_ext
);
912 pcap_list_datalinks(pcap_t
*p
, int **dlt_buffer
)
915 return (PCAP_ERROR_NOT_ACTIVATED
);
916 if (p
->dlt_count
== 0) {
918 * We couldn't fetch the list of DLTs, which means
919 * this platform doesn't support changing the
920 * DLT for an interface. Return a list of DLTs
921 * containing only the DLT this device supports.
923 *dlt_buffer
= (int*)malloc(sizeof(**dlt_buffer
));
924 if (*dlt_buffer
== NULL
) {
925 (void)snprintf(p
->errbuf
, sizeof(p
->errbuf
),
926 "malloc: %s", pcap_strerror(errno
));
929 **dlt_buffer
= p
->linktype
;
932 *dlt_buffer
= (int*)calloc(sizeof(**dlt_buffer
), p
->dlt_count
);
933 if (*dlt_buffer
== NULL
) {
934 (void)snprintf(p
->errbuf
, sizeof(p
->errbuf
),
935 "malloc: %s", pcap_strerror(errno
));
938 (void)memcpy(*dlt_buffer
, p
->dlt_list
,
939 sizeof(**dlt_buffer
) * p
->dlt_count
);
940 return (p
->dlt_count
);
945 * In Windows, you might have a library built with one version of the
946 * C runtime library and an application built with another version of
947 * the C runtime library, which means that the library might use one
948 * version of malloc() and free() and the application might use another
949 * version of malloc() and free(). If so, that means something
950 * allocated by the library cannot be freed by the application, so we
951 * need to have a pcap_free_datalinks() routine to free up the list
952 * allocated by pcap_list_datalinks(), even though it's just a wrapper
956 pcap_free_datalinks(int *dlt_list
)
962 pcap_set_datalink(pcap_t
*p
, int dlt
)
965 const char *dlt_name
;
967 if (p
->dlt_count
== 0 || p
->set_datalink_op
== NULL
) {
969 * We couldn't fetch the list of DLTs, or we don't
970 * have a "set datalink" operation, which means
971 * this platform doesn't support changing the
972 * DLT for an interface. Check whether the new
973 * DLT is the one this interface supports.
975 if (p
->linktype
!= dlt
)
979 * It is, so there's nothing we need to do here.
983 for (i
= 0; i
< p
->dlt_count
; i
++)
984 if (p
->dlt_list
[i
] == (u_int
)dlt
)
986 if (i
>= p
->dlt_count
)
988 if (p
->dlt_count
== 2 && p
->dlt_list
[0] == DLT_EN10MB
&&
991 * This is presumably an Ethernet device, as the first
992 * link-layer type it offers is DLT_EN10MB, and the only
993 * other type it offers is DLT_DOCSIS. That means that
994 * we can't tell the driver to supply DOCSIS link-layer
995 * headers - we're just pretending that's what we're
996 * getting, as, presumably, we're capturing on a dedicated
997 * link to a Cisco Cable Modem Termination System, and
998 * it's putting raw DOCSIS frames on the wire inside low-level
1004 if (p
->set_datalink_op(p
, dlt
) == -1)
1010 dlt_name
= pcap_datalink_val_to_name(dlt
);
1011 if (dlt_name
!= NULL
) {
1012 (void) snprintf(p
->errbuf
, sizeof(p
->errbuf
),
1013 "%s is not one of the DLTs supported by this device",
1016 (void) snprintf(p
->errbuf
, sizeof(p
->errbuf
),
1017 "DLT %d is not one of the DLTs supported by this device",
1024 * This array is designed for mapping upper and lower case letter
1025 * together for a case independent comparison. The mappings are
1026 * based upon ascii character sequences.
1028 static const u_char charmap
[] = {
1029 (u_char
)'\000', (u_char
)'\001', (u_char
)'\002', (u_char
)'\003',
1030 (u_char
)'\004', (u_char
)'\005', (u_char
)'\006', (u_char
)'\007',
1031 (u_char
)'\010', (u_char
)'\011', (u_char
)'\012', (u_char
)'\013',
1032 (u_char
)'\014', (u_char
)'\015', (u_char
)'\016', (u_char
)'\017',
1033 (u_char
)'\020', (u_char
)'\021', (u_char
)'\022', (u_char
)'\023',
1034 (u_char
)'\024', (u_char
)'\025', (u_char
)'\026', (u_char
)'\027',
1035 (u_char
)'\030', (u_char
)'\031', (u_char
)'\032', (u_char
)'\033',
1036 (u_char
)'\034', (u_char
)'\035', (u_char
)'\036', (u_char
)'\037',
1037 (u_char
)'\040', (u_char
)'\041', (u_char
)'\042', (u_char
)'\043',
1038 (u_char
)'\044', (u_char
)'\045', (u_char
)'\046', (u_char
)'\047',
1039 (u_char
)'\050', (u_char
)'\051', (u_char
)'\052', (u_char
)'\053',
1040 (u_char
)'\054', (u_char
)'\055', (u_char
)'\056', (u_char
)'\057',
1041 (u_char
)'\060', (u_char
)'\061', (u_char
)'\062', (u_char
)'\063',
1042 (u_char
)'\064', (u_char
)'\065', (u_char
)'\066', (u_char
)'\067',
1043 (u_char
)'\070', (u_char
)'\071', (u_char
)'\072', (u_char
)'\073',
1044 (u_char
)'\074', (u_char
)'\075', (u_char
)'\076', (u_char
)'\077',
1045 (u_char
)'\100', (u_char
)'\141', (u_char
)'\142', (u_char
)'\143',
1046 (u_char
)'\144', (u_char
)'\145', (u_char
)'\146', (u_char
)'\147',
1047 (u_char
)'\150', (u_char
)'\151', (u_char
)'\152', (u_char
)'\153',
1048 (u_char
)'\154', (u_char
)'\155', (u_char
)'\156', (u_char
)'\157',
1049 (u_char
)'\160', (u_char
)'\161', (u_char
)'\162', (u_char
)'\163',
1050 (u_char
)'\164', (u_char
)'\165', (u_char
)'\166', (u_char
)'\167',
1051 (u_char
)'\170', (u_char
)'\171', (u_char
)'\172', (u_char
)'\133',
1052 (u_char
)'\134', (u_char
)'\135', (u_char
)'\136', (u_char
)'\137',
1053 (u_char
)'\140', (u_char
)'\141', (u_char
)'\142', (u_char
)'\143',
1054 (u_char
)'\144', (u_char
)'\145', (u_char
)'\146', (u_char
)'\147',
1055 (u_char
)'\150', (u_char
)'\151', (u_char
)'\152', (u_char
)'\153',
1056 (u_char
)'\154', (u_char
)'\155', (u_char
)'\156', (u_char
)'\157',
1057 (u_char
)'\160', (u_char
)'\161', (u_char
)'\162', (u_char
)'\163',
1058 (u_char
)'\164', (u_char
)'\165', (u_char
)'\166', (u_char
)'\167',
1059 (u_char
)'\170', (u_char
)'\171', (u_char
)'\172', (u_char
)'\173',
1060 (u_char
)'\174', (u_char
)'\175', (u_char
)'\176', (u_char
)'\177',
1061 (u_char
)'\200', (u_char
)'\201', (u_char
)'\202', (u_char
)'\203',
1062 (u_char
)'\204', (u_char
)'\205', (u_char
)'\206', (u_char
)'\207',
1063 (u_char
)'\210', (u_char
)'\211', (u_char
)'\212', (u_char
)'\213',
1064 (u_char
)'\214', (u_char
)'\215', (u_char
)'\216', (u_char
)'\217',
1065 (u_char
)'\220', (u_char
)'\221', (u_char
)'\222', (u_char
)'\223',
1066 (u_char
)'\224', (u_char
)'\225', (u_char
)'\226', (u_char
)'\227',
1067 (u_char
)'\230', (u_char
)'\231', (u_char
)'\232', (u_char
)'\233',
1068 (u_char
)'\234', (u_char
)'\235', (u_char
)'\236', (u_char
)'\237',
1069 (u_char
)'\240', (u_char
)'\241', (u_char
)'\242', (u_char
)'\243',
1070 (u_char
)'\244', (u_char
)'\245', (u_char
)'\246', (u_char
)'\247',
1071 (u_char
)'\250', (u_char
)'\251', (u_char
)'\252', (u_char
)'\253',
1072 (u_char
)'\254', (u_char
)'\255', (u_char
)'\256', (u_char
)'\257',
1073 (u_char
)'\260', (u_char
)'\261', (u_char
)'\262', (u_char
)'\263',
1074 (u_char
)'\264', (u_char
)'\265', (u_char
)'\266', (u_char
)'\267',
1075 (u_char
)'\270', (u_char
)'\271', (u_char
)'\272', (u_char
)'\273',
1076 (u_char
)'\274', (u_char
)'\275', (u_char
)'\276', (u_char
)'\277',
1077 (u_char
)'\300', (u_char
)'\341', (u_char
)'\342', (u_char
)'\343',
1078 (u_char
)'\344', (u_char
)'\345', (u_char
)'\346', (u_char
)'\347',
1079 (u_char
)'\350', (u_char
)'\351', (u_char
)'\352', (u_char
)'\353',
1080 (u_char
)'\354', (u_char
)'\355', (u_char
)'\356', (u_char
)'\357',
1081 (u_char
)'\360', (u_char
)'\361', (u_char
)'\362', (u_char
)'\363',
1082 (u_char
)'\364', (u_char
)'\365', (u_char
)'\366', (u_char
)'\367',
1083 (u_char
)'\370', (u_char
)'\371', (u_char
)'\372', (u_char
)'\333',
1084 (u_char
)'\334', (u_char
)'\335', (u_char
)'\336', (u_char
)'\337',
1085 (u_char
)'\340', (u_char
)'\341', (u_char
)'\342', (u_char
)'\343',
1086 (u_char
)'\344', (u_char
)'\345', (u_char
)'\346', (u_char
)'\347',
1087 (u_char
)'\350', (u_char
)'\351', (u_char
)'\352', (u_char
)'\353',
1088 (u_char
)'\354', (u_char
)'\355', (u_char
)'\356', (u_char
)'\357',
1089 (u_char
)'\360', (u_char
)'\361', (u_char
)'\362', (u_char
)'\363',
1090 (u_char
)'\364', (u_char
)'\365', (u_char
)'\366', (u_char
)'\367',
1091 (u_char
)'\370', (u_char
)'\371', (u_char
)'\372', (u_char
)'\373',
1092 (u_char
)'\374', (u_char
)'\375', (u_char
)'\376', (u_char
)'\377',
1096 pcap_strcasecmp(const char *s1
, const char *s2
)
1098 register const u_char
*cm
= charmap
,
1099 *us1
= (const u_char
*)s1
,
1100 *us2
= (const u_char
*)s2
;
1102 while (cm
[*us1
] == cm
[*us2
++])
1105 return (cm
[*us1
] - cm
[*--us2
]);
1110 const char *description
;
1114 #define DLT_CHOICE(code, description) { #code, description, code }
1115 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1117 static struct dlt_choice dlt_choices
[] = {
1118 DLT_CHOICE(DLT_NULL
, "BSD loopback"),
1119 DLT_CHOICE(DLT_EN10MB
, "Ethernet"),
1120 DLT_CHOICE(DLT_IEEE802
, "Token ring"),
1121 DLT_CHOICE(DLT_ARCNET
, "BSD ARCNET"),
1122 DLT_CHOICE(DLT_SLIP
, "SLIP"),
1123 DLT_CHOICE(DLT_PPP
, "PPP"),
1124 DLT_CHOICE(DLT_FDDI
, "FDDI"),
1125 DLT_CHOICE(DLT_ATM_RFC1483
, "RFC 1483 LLC-encapsulated ATM"),
1126 DLT_CHOICE(DLT_RAW
, "Raw IP"),
1127 DLT_CHOICE(DLT_SLIP_BSDOS
, "BSD/OS SLIP"),
1128 DLT_CHOICE(DLT_PPP_BSDOS
, "BSD/OS PPP"),
1129 DLT_CHOICE(DLT_ATM_CLIP
, "Linux Classical IP-over-ATM"),
1130 DLT_CHOICE(DLT_PPP_SERIAL
, "PPP over serial"),
1131 DLT_CHOICE(DLT_PPP_ETHER
, "PPPoE"),
1132 DLT_CHOICE(DLT_SYMANTEC_FIREWALL
, "Symantec Firewall"),
1133 DLT_CHOICE(DLT_C_HDLC
, "Cisco HDLC"),
1134 DLT_CHOICE(DLT_IEEE802_11
, "802.11"),
1135 DLT_CHOICE(DLT_FRELAY
, "Frame Relay"),
1136 DLT_CHOICE(DLT_LOOP
, "OpenBSD loopback"),
1137 DLT_CHOICE(DLT_ENC
, "OpenBSD encapsulated IP"),
1138 DLT_CHOICE(DLT_LINUX_SLL
, "Linux cooked"),
1139 DLT_CHOICE(DLT_LTALK
, "Localtalk"),
1140 DLT_CHOICE(DLT_PFLOG
, "OpenBSD pflog file"),
1141 DLT_CHOICE(DLT_PFSYNC
, "Packet filter state syncing"),
1142 DLT_CHOICE(DLT_PRISM_HEADER
, "802.11 plus Prism header"),
1143 DLT_CHOICE(DLT_IP_OVER_FC
, "RFC 2625 IP-over-Fibre Channel"),
1144 DLT_CHOICE(DLT_SUNATM
, "Sun raw ATM"),
1145 DLT_CHOICE(DLT_IEEE802_11_RADIO
, "802.11 plus radiotap header"),
1146 DLT_CHOICE(DLT_ARCNET_LINUX
, "Linux ARCNET"),
1147 DLT_CHOICE(DLT_JUNIPER_MLPPP
, "Juniper Multi-Link PPP"),
1148 DLT_CHOICE(DLT_JUNIPER_MLFR
, "Juniper Multi-Link Frame Relay"),
1149 DLT_CHOICE(DLT_JUNIPER_ES
, "Juniper Encryption Services PIC"),
1150 DLT_CHOICE(DLT_JUNIPER_GGSN
, "Juniper GGSN PIC"),
1151 DLT_CHOICE(DLT_JUNIPER_MFR
, "Juniper FRF.16 Frame Relay"),
1152 DLT_CHOICE(DLT_JUNIPER_ATM2
, "Juniper ATM2 PIC"),
1153 DLT_CHOICE(DLT_JUNIPER_SERVICES
, "Juniper Advanced Services PIC"),
1154 DLT_CHOICE(DLT_JUNIPER_ATM1
, "Juniper ATM1 PIC"),
1155 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394
, "Apple IP-over-IEEE 1394"),
1156 DLT_CHOICE(DLT_MTP2_WITH_PHDR
, "SS7 MTP2 with Pseudo-header"),
1157 DLT_CHOICE(DLT_MTP2
, "SS7 MTP2"),
1158 DLT_CHOICE(DLT_MTP3
, "SS7 MTP3"),
1159 DLT_CHOICE(DLT_SCCP
, "SS7 SCCP"),
1160 DLT_CHOICE(DLT_DOCSIS
, "DOCSIS"),
1161 DLT_CHOICE(DLT_LINUX_IRDA
, "Linux IrDA"),
1162 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS
, "802.11 plus AVS radio information header"),
1163 DLT_CHOICE(DLT_JUNIPER_MONITOR
, "Juniper Passive Monitor PIC"),
1164 DLT_CHOICE(DLT_BACNET_MS_TP
, "BACnet MS/TP"),
1165 DLT_CHOICE(DLT_PPP_PPPD
, "PPP for pppd, with direction flag"),
1166 DLT_CHOICE(DLT_JUNIPER_PPPOE
, "Juniper PPPoE"),
1167 DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM
, "Juniper PPPoE/ATM"),
1168 DLT_CHOICE(DLT_GPRS_LLC
, "GPRS LLC"),
1169 DLT_CHOICE(DLT_GPF_T
, "GPF-T"),
1170 DLT_CHOICE(DLT_GPF_F
, "GPF-F"),
1171 DLT_CHOICE(DLT_JUNIPER_PIC_PEER
, "Juniper PIC Peer"),
1172 DLT_CHOICE(DLT_ERF_ETH
, "Ethernet with Endace ERF header"),
1173 DLT_CHOICE(DLT_ERF_POS
, "Packet-over-SONET with Endace ERF header"),
1174 DLT_CHOICE(DLT_LINUX_LAPD
, "Linux vISDN LAPD"),
1175 DLT_CHOICE(DLT_JUNIPER_ETHER
, "Juniper Ethernet"),
1176 DLT_CHOICE(DLT_JUNIPER_PPP
, "Juniper PPP"),
1177 DLT_CHOICE(DLT_JUNIPER_FRELAY
, "Juniper Frame Relay"),
1178 DLT_CHOICE(DLT_JUNIPER_CHDLC
, "Juniper C-HDLC"),
1179 DLT_CHOICE(DLT_MFR
, "FRF.16 Frame Relay"),
1180 DLT_CHOICE(DLT_JUNIPER_VP
, "Juniper Voice PIC"),
1181 DLT_CHOICE(DLT_A429
, "Arinc 429"),
1182 DLT_CHOICE(DLT_A653_ICM
, "Arinc 653 Interpartition Communication"),
1183 DLT_CHOICE(DLT_USB
, "USB"),
1184 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4
, "Bluetooth HCI UART transport layer"),
1185 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS
, "IEEE 802.16 MAC Common Part Sublayer"),
1186 DLT_CHOICE(DLT_USB_LINUX
, "USB with Linux header"),
1187 DLT_CHOICE(DLT_CAN20B
, "Controller Area Network (CAN) v. 2.0B"),
1188 DLT_CHOICE(DLT_IEEE802_15_4_LINUX
, "IEEE 802.15.4 with Linux padding"),
1189 DLT_CHOICE(DLT_PPI
, "Per-Packet Information"),
1190 DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO
, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1191 DLT_CHOICE(DLT_JUNIPER_ISM
, "Juniper Integrated Service Module"),
1192 DLT_CHOICE(DLT_IEEE802_15_4
, "IEEE 802.15.4 with FCS"),
1193 DLT_CHOICE(DLT_SITA
, "SITA pseudo-header"),
1194 DLT_CHOICE(DLT_ERF
, "Endace ERF header"),
1195 DLT_CHOICE(DLT_RAIF1
, "Ethernet with u10 Networks pseudo-header"),
1196 DLT_CHOICE(DLT_IPMB
, "IPMB"),
1197 DLT_CHOICE(DLT_JUNIPER_ST
, "Juniper Secure Tunnel"),
1198 DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR
, "Bluetooth HCI UART transport layer plus pseudo-header"),
1199 DLT_CHOICE(DLT_AX25_KISS
, "AX.25 with KISS header"),
1200 DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY
, "IEEE 802.15.4 with non-ASK PHY data"),
1201 DLT_CHOICE(DLT_MPLS
, "MPLS with label as link-layer header"),
1202 DLT_CHOICE(DLT_LINUX_EVDEV
, "Linux evdev events"),
1203 DLT_CHOICE(DLT_USB_LINUX_MMAPPED
, "USB with padded Linux header"),
1204 DLT_CHOICE(DLT_DECT
, "DECT"),
1205 DLT_CHOICE(DLT_AOS
, "AOS Space Data Link protocol"),
1206 DLT_CHOICE(DLT_WIHART
, "Wireless HART"),
1207 DLT_CHOICE(DLT_FC_2
, "Fibre Channel FC-2"),
1208 DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS
, "Fibre Channel FC-2 with frame delimiters"),
1209 DLT_CHOICE(DLT_IPNET
, "Solaris ipnet"),
1210 DLT_CHOICE(DLT_CAN_SOCKETCAN
, "CAN-bus with SocketCAN headers"),
1211 DLT_CHOICE(DLT_IPV4
, "Raw IPv4"),
1212 DLT_CHOICE(DLT_IPV6
, "Raw IPv6"),
1213 DLT_CHOICE(DLT_IEEE802_15_4_NOFCS
, "IEEE 802.15.4 without FCS"),
1214 DLT_CHOICE(DLT_DBUS
, "D-Bus"),
1215 DLT_CHOICE(DLT_JUNIPER_VS
, "Juniper Virtual Server"),
1216 DLT_CHOICE(DLT_JUNIPER_SRX_E2E
, "Juniper SRX E2E"),
1217 DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL
, "Juniper Fibre Channel"),
1218 DLT_CHOICE(DLT_DVB_CI
, "DVB-CI"),
1219 DLT_CHOICE(DLT_MUX27010
, "MUX27010"),
1220 DLT_CHOICE(DLT_STANAG_5066_D_PDU
, "STANAG 5066 D_PDUs"),
1221 DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC
, "Juniper ATM CEMIC"),
1222 DLT_CHOICE(DLT_NFLOG
, "Linux netfilter log messages"),
1223 DLT_CHOICE(DLT_NETANALYZER
, "Ethernet with Hilscher netANALYZER pseudo-header"),
1224 DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT
, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1225 DLT_CHOICE(DLT_IPOIB
, "RFC 4391 IP-over-Infiniband"),
1226 DLT_CHOICE(DLT_MPEG_2_TS
, "MPEG-2 transport stream"),
1227 DLT_CHOICE(DLT_NG40
, "ng40 protocol tester Iub/Iur"),
1228 DLT_CHOICE(DLT_NFC_LLCP
, "NFC LLCP PDUs with pseudo-header"),
1229 DLT_CHOICE(DLT_INFINIBAND
, "InfiniBand"),
1230 DLT_CHOICE(DLT_SCTP
, "SCTP"),
1231 DLT_CHOICE(DLT_USBPCAP
, "USB with USBPcap header"),
1232 DLT_CHOICE(DLT_RTAC_SERIAL
, "Schweitzer Engineering Laboratories RTAC packets"),
1233 DLT_CHOICE(DLT_BLUETOOTH_LE_LL
, "Bluetooth Low Energy air interface"),
1234 DLT_CHOICE(DLT_NETLINK
, "Linux netlink"),
1235 DLT_CHOICE(DLT_BLUETOOTH_LINUX_MONITOR
, "Bluetooth Linux Monitor"),
1236 DLT_CHOICE(DLT_BLUETOOTH_BREDR_BB
, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
1237 DLT_CHOICE(DLT_BLUETOOTH_LE_LL_WITH_PHDR
, "Bluetooth Low Energy air interface with pseudo-header"),
1238 DLT_CHOICE(DLT_PROFIBUS_DL
, "PROFIBUS data link layer"),
1239 DLT_CHOICE(DLT_PKTAP
, "Apple DLT_PKTAP"),
1240 DLT_CHOICE(DLT_EPON
, "Ethernet with 802.3 Clause 65 EPON preamble"),
1245 pcap_datalink_name_to_val(const char *name
)
1249 for (i
= 0; dlt_choices
[i
].name
!= NULL
; i
++) {
1250 if (pcap_strcasecmp(dlt_choices
[i
].name
+ sizeof("DLT_") - 1,
1252 return (dlt_choices
[i
].dlt
);
1258 pcap_datalink_val_to_name(int dlt
)
1262 for (i
= 0; dlt_choices
[i
].name
!= NULL
; i
++) {
1263 if (dlt_choices
[i
].dlt
== dlt
)
1264 return (dlt_choices
[i
].name
+ sizeof("DLT_") - 1);
1270 pcap_datalink_val_to_description(int dlt
)
1274 for (i
= 0; dlt_choices
[i
].name
!= NULL
; i
++) {
1275 if (dlt_choices
[i
].dlt
== dlt
)
1276 return (dlt_choices
[i
].description
);
1281 struct tstamp_type_choice
{
1283 const char *description
;
1287 static struct tstamp_type_choice tstamp_type_choices
[] = {
1288 { "host", "Host", PCAP_TSTAMP_HOST
},
1289 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC
},
1290 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC
},
1291 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER
},
1292 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED
},
1297 pcap_tstamp_type_name_to_val(const char *name
)
1301 for (i
= 0; tstamp_type_choices
[i
].name
!= NULL
; i
++) {
1302 if (pcap_strcasecmp(tstamp_type_choices
[i
].name
, name
) == 0)
1303 return (tstamp_type_choices
[i
].type
);
1305 return (PCAP_ERROR
);
1309 pcap_tstamp_type_val_to_name(int tstamp_type
)
1313 for (i
= 0; tstamp_type_choices
[i
].name
!= NULL
; i
++) {
1314 if (tstamp_type_choices
[i
].type
== tstamp_type
)
1315 return (tstamp_type_choices
[i
].name
);
1321 pcap_tstamp_type_val_to_description(int tstamp_type
)
1325 for (i
= 0; tstamp_type_choices
[i
].name
!= NULL
; i
++) {
1326 if (tstamp_type_choices
[i
].type
== tstamp_type
)
1327 return (tstamp_type_choices
[i
].description
);
1333 pcap_snapshot(pcap_t
*p
)
1336 return (PCAP_ERROR_NOT_ACTIVATED
);
1337 return (p
->snapshot
);
1341 pcap_is_swapped(pcap_t
*p
)
1344 return (PCAP_ERROR_NOT_ACTIVATED
);
1345 return (p
->swapped
);
1349 pcap_major_version(pcap_t
*p
)
1352 return (PCAP_ERROR_NOT_ACTIVATED
);
1353 return (p
->version_major
);
1357 pcap_minor_version(pcap_t
*p
)
1360 return (PCAP_ERROR_NOT_ACTIVATED
);
1361 return (p
->version_minor
);
1365 pcap_file(pcap_t
*p
)
1371 pcap_fileno(pcap_t
*p
)
1376 if (p
->adapter
!= NULL
)
1377 return ((int)(DWORD
)p
->adapter
->hFile
);
1379 return (PCAP_ERROR
);
1383 #if !defined(WIN32) && !defined(MSDOS)
1385 pcap_get_selectable_fd(pcap_t
*p
)
1387 return (p
->selectable_fd
);
1392 pcap_perror(pcap_t
*p
, char *prefix
)
1394 fprintf(stderr
, "%s: %s\n", prefix
, p
->errbuf
);
1398 pcap_geterr(pcap_t
*p
)
1404 pcap_getnonblock(pcap_t
*p
, char *errbuf
)
1408 ret
= p
->getnonblock_op(p
, errbuf
);
1411 * In case somebody depended on the bug wherein
1412 * the error message was put into p->errbuf
1413 * by pcap_getnonblock_fd().
1415 strlcpy(p
->errbuf
, errbuf
, PCAP_ERRBUF_SIZE
);
1421 * Get the current non-blocking mode setting, under the assumption that
1422 * it's just the standard POSIX non-blocking flag.
1424 * We don't look at "p->nonblock", in case somebody tweaked the FD
1427 #if !defined(WIN32) && !defined(MSDOS)
1429 pcap_getnonblock_fd(pcap_t
*p
, char *errbuf
)
1433 fdflags
= fcntl(p
->fd
, F_GETFL
, 0);
1434 if (fdflags
== -1) {
1435 snprintf(errbuf
, PCAP_ERRBUF_SIZE
, "F_GETFL: %s",
1436 pcap_strerror(errno
));
1439 if (fdflags
& O_NONBLOCK
)
1447 pcap_setnonblock(pcap_t
*p
, int nonblock
, char *errbuf
)
1451 ret
= p
->setnonblock_op(p
, nonblock
, errbuf
);
1454 * In case somebody depended on the bug wherein
1455 * the error message was put into p->errbuf
1456 * by pcap_setnonblock_fd().
1458 strlcpy(p
->errbuf
, errbuf
, PCAP_ERRBUF_SIZE
);
1463 #if !defined(WIN32) && !defined(MSDOS)
1465 * Set non-blocking mode, under the assumption that it's just the
1466 * standard POSIX non-blocking flag. (This can be called by the
1467 * per-platform non-blocking-mode routine if that routine also
1468 * needs to do some additional work.)
1471 pcap_setnonblock_fd(pcap_t
*p
, int nonblock
, char *errbuf
)
1475 fdflags
= fcntl(p
->fd
, F_GETFL
, 0);
1476 if (fdflags
== -1) {
1477 snprintf(errbuf
, PCAP_ERRBUF_SIZE
, "F_GETFL: %s",
1478 pcap_strerror(errno
));
1482 fdflags
|= O_NONBLOCK
;
1484 fdflags
&= ~O_NONBLOCK
;
1485 if (fcntl(p
->fd
, F_SETFL
, fdflags
) == -1) {
1486 snprintf(errbuf
, PCAP_ERRBUF_SIZE
, "F_SETFL: %s",
1487 pcap_strerror(errno
));
1496 * Generate a string for the last Win32-specific error (i.e. an error generated when
1497 * calling a Win32 API).
1498 * For errors occurred during standard C calls, we still use pcap_strerror()
1501 pcap_win32strerror(void)
1504 static char errbuf
[PCAP_ERRBUF_SIZE
+1];
1508 error
= GetLastError();
1509 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM
, NULL
, error
, 0, errbuf
,
1510 PCAP_ERRBUF_SIZE
, NULL
);
1513 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1514 * message. Get rid of it.
1516 errlen
= strlen(errbuf
);
1518 errbuf
[errlen
- 1] = '\0';
1519 errbuf
[errlen
- 2] = '\0';
1521 p
= strchr(errbuf
, '\0');
1522 snprintf (p
, sizeof(errbuf
)-(p
-errbuf
), " (%lu)", error
);
1528 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1531 pcap_statustostr(int errnum
)
1533 static char ebuf
[15+10+1];
1538 return("Generic warning");
1540 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP
:
1541 return ("That type of time stamp is not supported by that device");
1543 case PCAP_WARNING_PROMISC_NOTSUP
:
1544 return ("That device doesn't support promiscuous mode");
1547 return("Generic error");
1549 case PCAP_ERROR_BREAK
:
1550 return("Loop terminated by pcap_breakloop");
1552 case PCAP_ERROR_NOT_ACTIVATED
:
1553 return("The pcap_t has not been activated");
1555 case PCAP_ERROR_ACTIVATED
:
1556 return ("The setting can't be changed after the pcap_t is activated");
1558 case PCAP_ERROR_NO_SUCH_DEVICE
:
1559 return ("No such device exists");
1561 case PCAP_ERROR_RFMON_NOTSUP
:
1562 return ("That device doesn't support monitor mode");
1564 case PCAP_ERROR_NOT_RFMON
:
1565 return ("That operation is supported only in monitor mode");
1567 case PCAP_ERROR_PERM_DENIED
:
1568 return ("You don't have permission to capture on that device");
1570 case PCAP_ERROR_IFACE_NOT_UP
:
1571 return ("That device is not up");
1573 case PCAP_ERROR_CANTSET_TSTAMP_TYPE
:
1574 return ("That device doesn't support setting the time stamp type");
1576 case PCAP_ERROR_PROMISC_PERM_DENIED
:
1577 return ("You don't have permission to capture in promiscuous mode on that device");
1579 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP
:
1580 return ("That device doesn't support that time stamp precision");
1582 (void)snprintf(ebuf
, sizeof ebuf
, "Unknown error: %d", errnum
);
1587 * Not all systems have strerror().
1590 pcap_strerror(int errnum
)
1592 #ifdef HAVE_STRERROR
1593 return (strerror(errnum
));
1595 extern int sys_nerr
;
1596 extern const char *const sys_errlist
[];
1597 static char ebuf
[15+10+1];
1599 if ((unsigned int)errnum
< sys_nerr
)
1600 return ((char *)sys_errlist
[errnum
]);
1601 (void)snprintf(ebuf
, sizeof ebuf
, "Unknown error: %d", errnum
);
1607 pcap_setfilter(pcap_t
*p
, struct bpf_program
*fp
)
1609 return (p
->setfilter_op(p
, fp
));
1613 * Set direction flag, which controls whether we accept only incoming
1614 * packets, only outgoing packets, or both.
1615 * Note that, depending on the platform, some or all direction arguments
1616 * might not be supported.
1619 pcap_setdirection(pcap_t
*p
, pcap_direction_t d
)
1621 if (p
->setdirection_op
== NULL
) {
1622 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
,
1623 "Setting direction is not implemented on this platform");
1626 return (p
->setdirection_op(p
, d
));
1630 pcap_stats(pcap_t
*p
, struct pcap_stat
*ps
)
1632 return (p
->stats_op(p
, ps
));
1636 pcap_stats_dead(pcap_t
*p
, struct pcap_stat
*ps _U_
)
1638 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
,
1639 "Statistics aren't available from a pcap_open_dead pcap_t");
1645 pcap_setbuff(pcap_t
*p
, int dim
)
1647 return (p
->setbuff_op(p
, dim
));
1651 pcap_setbuff_dead(pcap_t
*p
, int dim
)
1653 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
,
1654 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1659 pcap_setmode(pcap_t
*p
, int mode
)
1661 return (p
->setmode_op(p
, mode
));
1665 pcap_setmode_dead(pcap_t
*p
, int mode
)
1667 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
,
1668 "impossible to set mode on a pcap_open_dead pcap_t");
1673 pcap_setmintocopy(pcap_t
*p
, int size
)
1675 return (p
->setmintocopy_op(p
, size
));
1679 pcap_get_adapter(pcap_t
*p
)
1681 return (p
->getadapter_op(p
));
1685 pcap_setmintocopy_dead(pcap_t
*p
, int size
)
1687 snprintf(p
->errbuf
, PCAP_ERRBUF_SIZE
,
1688 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1694 * On some platforms, we need to clean up promiscuous or monitor mode
1695 * when we close a device - and we want that to happen even if the
1696 * application just exits without explicitl closing devices.
1697 * On those platforms, we need to register a "close all the pcaps"
1698 * routine to be called when we exit, and need to maintain a list of
1699 * pcaps that need to be closed to clean up modes.
1701 * XXX - not thread-safe.
1705 * List of pcaps on which we've done something that needs to be
1707 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1708 * when we exit, and have it close all of them.
1710 static struct pcap
*pcaps_to_close
;
1713 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1714 * be called on exit.
1716 static int did_atexit
;
1719 pcap_close_all(void)
1721 struct pcap
*handle
;
1723 while ((handle
= pcaps_to_close
) != NULL
)
1728 pcap_do_addexit(pcap_t
*p
)
1731 * If we haven't already done so, arrange to have
1732 * "pcap_close_all()" called when we exit.
1735 if (atexit(pcap_close_all
) == -1) {
1737 * "atexit()" failed; let our caller know.
1739 strncpy(p
->errbuf
, "atexit failed",
1749 pcap_add_to_pcaps_to_close(pcap_t
*p
)
1751 p
->next
= pcaps_to_close
;
1756 pcap_remove_from_pcaps_to_close(pcap_t
*p
)
1758 pcap_t
*pc
, *prevpc
;
1760 for (pc
= pcaps_to_close
, prevpc
= NULL
; pc
!= NULL
;
1761 prevpc
= pc
, pc
= pc
->next
) {
1764 * Found it. Remove it from the list.
1766 if (prevpc
== NULL
) {
1768 * It was at the head of the list.
1770 pcaps_to_close
= pc
->next
;
1773 * It was in the middle of the list.
1775 prevpc
->next
= pc
->next
;
1783 pcap_cleanup_live_common(pcap_t
*p
)
1785 if (p
->buffer
!= NULL
) {
1789 if (p
->dlt_list
!= NULL
) {
1794 if (p
->tstamp_type_list
!= NULL
) {
1795 free(p
->tstamp_type_list
);
1796 p
->tstamp_type_list
= NULL
;
1797 p
->tstamp_type_count
= 0;
1799 if (p
->tstamp_precision_list
!= NULL
) {
1800 free(p
->tstamp_precision_list
);
1801 p
->tstamp_precision_list
= NULL
;
1802 p
->tstamp_precision_count
= 0;
1804 pcap_freecode(&p
->fcode
);
1805 #if !defined(WIN32) && !defined(MSDOS)
1810 p
->selectable_fd
= -1;
1815 pcap_cleanup_dead(pcap_t
*p _U_
)
1817 /* Nothing to do. */
1821 pcap_open_dead_with_tstamp_precision(int linktype
, int snaplen
, u_int precision
)
1825 switch (precision
) {
1827 case PCAP_TSTAMP_PRECISION_MICRO
:
1828 case PCAP_TSTAMP_PRECISION_NANO
:
1834 p
= malloc(sizeof(*p
));
1837 memset (p
, 0, sizeof(*p
));
1838 p
->snapshot
= snaplen
;
1839 p
->linktype
= linktype
;
1840 p
->opt
.tstamp_precision
= precision
;
1841 p
->stats_op
= pcap_stats_dead
;
1843 p
->setbuff_op
= pcap_setbuff_dead
;
1844 p
->setmode_op
= pcap_setmode_dead
;
1845 p
->setmintocopy_op
= pcap_setmintocopy_dead
;
1847 p
->cleanup_op
= pcap_cleanup_dead
;
1850 * A "dead" pcap_t never requires special BPF code generation.
1852 p
->bpf_codegen_flags
= 0;
1859 pcap_open_dead(int linktype
, int snaplen
)
1861 return (pcap_open_dead_with_tstamp_precision(linktype
, snaplen
,
1862 PCAP_TSTAMP_PRECISION_MICRO
));
1866 * API compatible with WinPcap's "send a packet" routine - returns -1
1867 * on error, 0 otherwise.
1869 * XXX - what if we get a short write?
1872 pcap_sendpacket(pcap_t
*p
, const u_char
*buf
, int size
)
1874 if (p
->inject_op(p
, buf
, size
) == -1)
1880 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
1881 * error, number of bytes written otherwise.
1884 pcap_inject(pcap_t
*p
, const void *buf
, size_t size
)
1886 return (p
->inject_op(p
, buf
, size
));
1890 pcap_close(pcap_t
*p
)
1892 if (p
->opt
.source
!= NULL
)
1893 free(p
->opt
.source
);
1899 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
1900 * data for the packet, check whether the packet passes the filter.
1901 * Returns the return value of the filter program, which will be zero if
1902 * the packet doesn't pass and non-zero if the packet does pass.
1905 pcap_offline_filter(const struct bpf_program
*fp
, const struct pcap_pkthdr
*h
,
1908 const struct bpf_insn
*fcode
= fp
->bf_insns
;
1911 return (bpf_filter(fcode
, pkt
, h
->len
, h
->caplen
));
1917 * We make the version string static, and return a pointer to it, rather
1918 * than exporting the version string directly. On at least some UNIXes,
1919 * if you import data from a shared library into an program, the data is
1920 * bound into the program binary, so if the string in the version of the
1921 * library with which the program was linked isn't the same as the
1922 * string in the version of the library with which the program is being
1923 * run, various undesirable things may happen (warnings, the string
1924 * being the one from the version of the library with which the program
1925 * was linked, or even weirder things, such as the string being the one
1926 * from the library but being truncated).
1928 #ifdef HAVE_VERSION_H
1929 #include "version.h"
1931 static const char pcap_version_string
[] = "libpcap version 1.x.y";
1936 * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
1937 * version numbers when building WinPcap. (It'd be nice to do so for
1938 * the packet.dll version number as well.)
1940 static const char wpcap_version_string
[] = "4.0";
1941 static const char pcap_version_string_fmt
[] =
1942 "WinPcap version %s, based on %s";
1943 static const char pcap_version_string_packet_dll_fmt
[] =
1944 "WinPcap version %s (packet.dll version %s), based on %s";
1945 static char *full_pcap_version_string
;
1948 pcap_lib_version(void)
1950 char *packet_version_string
;
1951 size_t full_pcap_version_string_len
;
1953 if (full_pcap_version_string
== NULL
) {
1955 * Generate the version string.
1957 packet_version_string
= PacketGetVersion();
1958 if (strcmp(wpcap_version_string
, packet_version_string
) == 0) {
1960 * WinPcap version string and packet.dll version
1961 * string are the same; just report the WinPcap
1964 full_pcap_version_string_len
=
1965 (sizeof pcap_version_string_fmt
- 4) +
1966 strlen(wpcap_version_string
) +
1967 strlen(pcap_version_string
);
1968 full_pcap_version_string
=
1969 malloc(full_pcap_version_string_len
);
1970 if (full_pcap_version_string
== NULL
)
1972 sprintf(full_pcap_version_string
,
1973 pcap_version_string_fmt
, wpcap_version_string
,
1974 pcap_version_string
);
1977 * WinPcap version string and packet.dll version
1978 * string are different; that shouldn't be the
1979 * case (the two libraries should come from the
1980 * same version of WinPcap), so we report both
1983 full_pcap_version_string_len
=
1984 (sizeof pcap_version_string_packet_dll_fmt
- 6) +
1985 strlen(wpcap_version_string
) +
1986 strlen(packet_version_string
) +
1987 strlen(pcap_version_string
);
1988 full_pcap_version_string
= malloc(full_pcap_version_string_len
);
1989 if (full_pcap_version_string
== NULL
)
1991 sprintf(full_pcap_version_string
,
1992 pcap_version_string_packet_dll_fmt
,
1993 wpcap_version_string
, packet_version_string
,
1994 pcap_version_string
);
1997 return (full_pcap_version_string
);
2000 #elif defined(MSDOS)
2002 static char *full_pcap_version_string
;
2005 pcap_lib_version (void)
2007 char *packet_version_string
;
2008 size_t full_pcap_version_string_len
;
2009 static char dospfx
[] = "DOS-";
2011 if (full_pcap_version_string
== NULL
) {
2013 * Generate the version string.
2015 full_pcap_version_string_len
=
2016 sizeof dospfx
+ strlen(pcap_version_string
);
2017 full_pcap_version_string
=
2018 malloc(full_pcap_version_string_len
);
2019 if (full_pcap_version_string
== NULL
)
2021 strcpy(full_pcap_version_string
, dospfx
);
2022 strcat(full_pcap_version_string
, pcap_version_string
);
2024 return (full_pcap_version_string
);
2030 pcap_lib_version(void)
2032 return (pcap_version_string
);