1 |
|
|
/* $OpenBSD: pcap.c,v 1.20 2016/11/16 13:47:27 reyk Exp $ */ |
2 |
|
|
|
3 |
|
|
/* |
4 |
|
|
* Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 |
5 |
|
|
* The Regents of the University of California. All rights reserved. |
6 |
|
|
* |
7 |
|
|
* Redistribution and use in source and binary forms, with or without |
8 |
|
|
* modification, are permitted provided that the following conditions |
9 |
|
|
* are met: |
10 |
|
|
* 1. Redistributions of source code must retain the above copyright |
11 |
|
|
* notice, this list of conditions and the following disclaimer. |
12 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
13 |
|
|
* notice, this list of conditions and the following disclaimer in the |
14 |
|
|
* documentation and/or other materials provided with the distribution. |
15 |
|
|
* 3. All advertising materials mentioning features or use of this software |
16 |
|
|
* must display the following acknowledgement: |
17 |
|
|
* This product includes software developed by the Computer Systems |
18 |
|
|
* Engineering Group at Lawrence Berkeley Laboratory. |
19 |
|
|
* 4. Neither the name of the University nor of the Laboratory may be used |
20 |
|
|
* to endorse or promote products derived from this software without |
21 |
|
|
* specific prior written permission. |
22 |
|
|
* |
23 |
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
24 |
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
25 |
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
26 |
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
27 |
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
28 |
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
29 |
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
30 |
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
31 |
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
32 |
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
33 |
|
|
* SUCH DAMAGE. |
34 |
|
|
*/ |
35 |
|
|
|
36 |
|
|
#include <sys/types.h> |
37 |
|
|
|
38 |
|
|
#include <stdio.h> |
39 |
|
|
#include <stdlib.h> |
40 |
|
|
#include <string.h> |
41 |
|
|
#include <unistd.h> |
42 |
|
|
#include <errno.h> |
43 |
|
|
#include <fcntl.h> |
44 |
|
|
|
45 |
|
|
#ifdef HAVE_OS_PROTO_H |
46 |
|
|
#include "os-proto.h" |
47 |
|
|
#endif |
48 |
|
|
|
49 |
|
|
#include "pcap-int.h" |
50 |
|
|
|
51 |
|
|
static const char pcap_version_string[] = "OpenBSD libpcap"; |
52 |
|
|
|
53 |
|
|
int |
54 |
|
|
pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
55 |
|
|
{ |
56 |
|
|
|
57 |
✓✓ |
82 |
if (p->sf.rfile != NULL) |
58 |
|
38 |
return (pcap_offline_read(p, cnt, callback, user)); |
59 |
|
3 |
return (pcap_read(p, cnt, callback, user)); |
60 |
|
41 |
} |
61 |
|
|
|
62 |
|
|
int |
63 |
|
|
pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) |
64 |
|
|
{ |
65 |
|
|
int n; |
66 |
|
|
|
67 |
|
12 |
for (;;) { |
68 |
✗✓ |
9 |
if (p->sf.rfile != NULL) |
69 |
|
|
n = pcap_offline_read(p, cnt, callback, user); |
70 |
|
|
else { |
71 |
|
|
/* |
72 |
|
|
* XXX keep reading until we get something |
73 |
|
|
* (or an error occurs) |
74 |
|
|
*/ |
75 |
|
9 |
do { |
76 |
|
18 |
n = pcap_read(p, cnt, callback, user); |
77 |
✓✓ |
18 |
} while (n == 0); |
78 |
|
|
} |
79 |
✗✓ |
9 |
if (n <= 0) |
80 |
|
|
return (n); |
81 |
✓✗ |
9 |
if (cnt > 0) { |
82 |
|
9 |
cnt -= n; |
83 |
✓✓ |
9 |
if (cnt <= 0) |
84 |
|
3 |
return (0); |
85 |
|
|
} |
86 |
|
|
} |
87 |
|
3 |
} |
88 |
|
|
|
89 |
|
|
struct singleton { |
90 |
|
|
struct pcap_pkthdr *hdr; |
91 |
|
|
const u_char *pkt; |
92 |
|
|
}; |
93 |
|
|
|
94 |
|
|
|
95 |
|
|
static void |
96 |
|
|
pcap_oneshot(u_char *userData, const struct pcap_pkthdr *h, const u_char *pkt) |
97 |
|
|
{ |
98 |
|
74 |
struct singleton *sp = (struct singleton *)userData; |
99 |
|
37 |
*sp->hdr = *h; |
100 |
|
37 |
sp->pkt = pkt; |
101 |
|
37 |
} |
102 |
|
|
|
103 |
|
|
const u_char * |
104 |
|
|
pcap_next(pcap_t *p, struct pcap_pkthdr *h) |
105 |
|
|
{ |
106 |
|
82 |
struct singleton s; |
107 |
|
|
|
108 |
|
41 |
s.hdr = h; |
109 |
✓✓ |
41 |
if (pcap_dispatch(p, 1, pcap_oneshot, (u_char*)&s) <= 0) |
110 |
|
4 |
return (0); |
111 |
|
37 |
return (s.pkt); |
112 |
|
41 |
} |
113 |
|
|
|
114 |
|
|
struct pkt_for_fakecallback { |
115 |
|
|
struct pcap_pkthdr *hdr; |
116 |
|
|
const u_char **pkt; |
117 |
|
|
}; |
118 |
|
|
|
119 |
|
|
static void |
120 |
|
|
pcap_fakecallback(u_char *userData, const struct pcap_pkthdr *h, |
121 |
|
|
const u_char *pkt) |
122 |
|
|
{ |
123 |
|
|
struct pkt_for_fakecallback *sp = (struct pkt_for_fakecallback *)userData; |
124 |
|
|
|
125 |
|
|
*sp->hdr = *h; |
126 |
|
|
*sp->pkt = pkt; |
127 |
|
|
} |
128 |
|
|
|
129 |
|
|
int |
130 |
|
|
pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, |
131 |
|
|
const u_char **pkt_data) |
132 |
|
|
{ |
133 |
|
|
struct pkt_for_fakecallback s; |
134 |
|
|
|
135 |
|
|
s.hdr = &p->pcap_header; |
136 |
|
|
s.pkt = pkt_data; |
137 |
|
|
|
138 |
|
|
/* Saves a pointer to the packet headers */ |
139 |
|
|
*pkt_header= &p->pcap_header; |
140 |
|
|
|
141 |
|
|
if (p->sf.rfile != NULL) { |
142 |
|
|
int status; |
143 |
|
|
|
144 |
|
|
/* We are on an offline capture */ |
145 |
|
|
status = pcap_offline_read(p, 1, pcap_fakecallback, |
146 |
|
|
(u_char *)&s); |
147 |
|
|
|
148 |
|
|
/* |
149 |
|
|
* Return codes for pcap_offline_read() are: |
150 |
|
|
* - 0: EOF |
151 |
|
|
* - -1: error |
152 |
|
|
* - >1: OK |
153 |
|
|
* The first one ('0') conflicts with the return code of |
154 |
|
|
* 0 from pcap_read() meaning "no packets arrived before |
155 |
|
|
* the timeout expired", so we map it to -2 so you can |
156 |
|
|
* distinguish between an EOF from a savefile and a |
157 |
|
|
* "no packets arrived before the timeout expired, try |
158 |
|
|
* again" from a live capture. |
159 |
|
|
*/ |
160 |
|
|
if (status == 0) |
161 |
|
|
return (-2); |
162 |
|
|
else |
163 |
|
|
return (status); |
164 |
|
|
} |
165 |
|
|
|
166 |
|
|
/* |
167 |
|
|
* Return codes for pcap_read() are: |
168 |
|
|
* - 0: timeout |
169 |
|
|
* - -1: error |
170 |
|
|
* - -2: loop was broken out of with pcap_breakloop() |
171 |
|
|
* - >1: OK |
172 |
|
|
* The first one ('0') conflicts with the return code of 0 from |
173 |
|
|
* pcap_offline_read() meaning "end of file". |
174 |
|
|
*/ |
175 |
|
|
return (pcap_read(p, 1, pcap_fakecallback, (u_char *)&s)); |
176 |
|
|
} |
177 |
|
|
|
178 |
|
|
int |
179 |
|
|
pcap_check_activated(pcap_t *p) |
180 |
|
|
{ |
181 |
✗✓ |
90 |
if (p->activated) { |
182 |
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " |
183 |
|
|
" operation on activated capture"); |
184 |
|
|
return -1; |
185 |
|
|
} |
186 |
|
45 |
return 0; |
187 |
|
45 |
} |
188 |
|
|
|
189 |
|
|
int |
190 |
|
|
pcap_set_snaplen(pcap_t *p, int snaplen) |
191 |
|
|
{ |
192 |
✗✓ |
36 |
if (pcap_check_activated(p)) |
193 |
|
|
return PCAP_ERROR_ACTIVATED; |
194 |
|
18 |
p->snapshot = snaplen; |
195 |
|
18 |
return 0; |
196 |
|
18 |
} |
197 |
|
|
|
198 |
|
|
int |
199 |
|
|
pcap_set_promisc(pcap_t *p, int promisc) |
200 |
|
|
{ |
201 |
✗✓ |
18 |
if (pcap_check_activated(p)) |
202 |
|
|
return PCAP_ERROR_ACTIVATED; |
203 |
|
9 |
p->opt.promisc = promisc; |
204 |
|
9 |
return 0; |
205 |
|
9 |
} |
206 |
|
|
|
207 |
|
|
int |
208 |
|
|
pcap_set_rfmon(pcap_t *p, int rfmon) |
209 |
|
|
{ |
210 |
|
|
if (pcap_check_activated(p)) |
211 |
|
|
return PCAP_ERROR_ACTIVATED; |
212 |
|
|
p->opt.rfmon = rfmon; |
213 |
|
|
return 0; |
214 |
|
|
} |
215 |
|
|
|
216 |
|
|
int |
217 |
|
|
pcap_set_timeout(pcap_t *p, int timeout_ms) |
218 |
|
|
{ |
219 |
✗✓ |
36 |
if (pcap_check_activated(p)) |
220 |
|
|
return PCAP_ERROR_ACTIVATED; |
221 |
|
18 |
p->md.timeout = timeout_ms; |
222 |
|
18 |
return 0; |
223 |
|
18 |
} |
224 |
|
|
|
225 |
|
|
int |
226 |
|
|
pcap_set_buffer_size(pcap_t *p, int buffer_size) |
227 |
|
|
{ |
228 |
|
|
if (pcap_check_activated(p)) |
229 |
|
|
return PCAP_ERROR_ACTIVATED; |
230 |
|
|
p->opt.buffer_size = buffer_size; |
231 |
|
|
return 0; |
232 |
|
|
} |
233 |
|
|
|
234 |
|
|
/* |
235 |
|
|
* Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. |
236 |
|
|
*/ |
237 |
|
|
void |
238 |
|
|
pcap_breakloop(pcap_t *p) |
239 |
|
|
{ |
240 |
|
|
p->break_loop = 1; |
241 |
|
|
} |
242 |
|
|
|
243 |
|
|
int |
244 |
|
|
pcap_datalink(pcap_t *p) |
245 |
|
|
{ |
246 |
|
12 |
return (p->linktype); |
247 |
|
|
} |
248 |
|
|
|
249 |
|
|
int |
250 |
|
|
pcap_list_datalinks(pcap_t *p, int **dlt_buffer) |
251 |
|
|
{ |
252 |
|
|
if (p->dlt_count == 0) { |
253 |
|
|
/* |
254 |
|
|
* We couldn't fetch the list of DLTs, which means |
255 |
|
|
* this platform doesn't support changing the |
256 |
|
|
* DLT for an interface. Return a list of DLTs |
257 |
|
|
* containing only the DLT this device supports. |
258 |
|
|
*/ |
259 |
|
|
*dlt_buffer = malloc(sizeof(**dlt_buffer)); |
260 |
|
|
if (*dlt_buffer == NULL) { |
261 |
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf), |
262 |
|
|
"malloc: %s", pcap_strerror(errno)); |
263 |
|
|
return (-1); |
264 |
|
|
} |
265 |
|
|
**dlt_buffer = p->linktype; |
266 |
|
|
return (1); |
267 |
|
|
} else { |
268 |
|
|
*dlt_buffer = reallocarray(NULL, sizeof(**dlt_buffer), |
269 |
|
|
p->dlt_count); |
270 |
|
|
if (*dlt_buffer == NULL) { |
271 |
|
|
(void)snprintf(p->errbuf, sizeof(p->errbuf), |
272 |
|
|
"malloc: %s", pcap_strerror(errno)); |
273 |
|
|
return (-1); |
274 |
|
|
} |
275 |
|
|
(void)memcpy(*dlt_buffer, p->dlt_list, |
276 |
|
|
sizeof(**dlt_buffer) * p->dlt_count); |
277 |
|
|
return (p->dlt_count); |
278 |
|
|
} |
279 |
|
|
} |
280 |
|
|
|
281 |
|
|
/* |
282 |
|
|
* In Windows, you might have a library built with one version of the |
283 |
|
|
* C runtime library and an application built with another version of |
284 |
|
|
* the C runtime library, which means that the library might use one |
285 |
|
|
* version of malloc() and free() and the application might use another |
286 |
|
|
* version of malloc() and free(). If so, that means something |
287 |
|
|
* allocated by the library cannot be freed by the application, so we |
288 |
|
|
* need to have a pcap_free_datalinks() routine to free up the list |
289 |
|
|
* allocated by pcap_list_datalinks(), even though it's just a wrapper |
290 |
|
|
* around free(). |
291 |
|
|
*/ |
292 |
|
|
void |
293 |
|
|
pcap_free_datalinks(int *dlt_list) |
294 |
|
|
{ |
295 |
|
|
free(dlt_list); |
296 |
|
|
} |
297 |
|
|
|
298 |
|
|
struct dlt_choice { |
299 |
|
|
const char *name; |
300 |
|
|
const char *description; |
301 |
|
|
int dlt; |
302 |
|
|
}; |
303 |
|
|
|
304 |
|
|
static struct dlt_choice dlts[] = { |
305 |
|
|
#define DLT_CHOICE(code, description) { #code, description, code } |
306 |
|
|
DLT_CHOICE(DLT_NULL, "no link-layer encapsulation"), |
307 |
|
|
DLT_CHOICE(DLT_EN10MB, "Ethernet (10Mb)"), |
308 |
|
|
DLT_CHOICE(DLT_EN3MB, "Experimental Ethernet (3Mb)"), |
309 |
|
|
DLT_CHOICE(DLT_AX25, "Amateur Radio AX.25"), |
310 |
|
|
DLT_CHOICE(DLT_PRONET, "Proteon ProNET Token Ring"), |
311 |
|
|
DLT_CHOICE(DLT_CHAOS, "Chaos"), |
312 |
|
|
DLT_CHOICE(DLT_IEEE802, "IEEE 802 Networks"), |
313 |
|
|
DLT_CHOICE(DLT_ARCNET, "ARCNET"), |
314 |
|
|
DLT_CHOICE(DLT_SLIP, "Serial Line IP"), |
315 |
|
|
DLT_CHOICE(DLT_PPP, "Point-to-point Protocol"), |
316 |
|
|
DLT_CHOICE(DLT_FDDI, "FDDI"), |
317 |
|
|
DLT_CHOICE(DLT_ATM_RFC1483, "LLC/SNAP encapsulated atm"), |
318 |
|
|
DLT_CHOICE(DLT_LOOP, "loopback type (af header)"), |
319 |
|
|
DLT_CHOICE(DLT_ENC, "IPSEC enc type (af header, spi, flags)"), |
320 |
|
|
DLT_CHOICE(DLT_RAW, "raw IP"), |
321 |
|
|
DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS Serial Line IP"), |
322 |
|
|
DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS Point-to-point Protocol"), |
323 |
|
|
DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"), |
324 |
|
|
DLT_CHOICE(DLT_PPP_ETHER, "PPP over Ethernet; session only w/o ether header"), |
325 |
|
|
DLT_CHOICE(DLT_IEEE802_11, "IEEE 802.11 wireless"), |
326 |
|
|
DLT_CHOICE(DLT_PFLOG, "Packet filter logging, by pcap people"), |
327 |
|
|
DLT_CHOICE(DLT_IEEE802_11_RADIO, "IEEE 802.11 plus WLAN header"), |
328 |
|
|
DLT_CHOICE(DLT_OPENFLOW, "OpenFlow"), |
329 |
|
|
#undef DLT_CHOICE |
330 |
|
|
{ NULL, NULL, -1} |
331 |
|
|
}; |
332 |
|
|
|
333 |
|
|
int |
334 |
|
|
pcap_datalink_name_to_val(const char *name) |
335 |
|
|
{ |
336 |
|
|
int i; |
337 |
|
|
|
338 |
|
|
for (i = 0; dlts[i].name != NULL; i++) { |
339 |
|
|
/* Skip leading "DLT_" */ |
340 |
|
|
if (strcasecmp(dlts[i].name + 4, name) == 0) |
341 |
|
|
return (dlts[i].dlt); |
342 |
|
|
} |
343 |
|
|
return (-1); |
344 |
|
|
} |
345 |
|
|
|
346 |
|
|
const char * |
347 |
|
|
pcap_datalink_val_to_name(int dlt) |
348 |
|
|
{ |
349 |
|
|
int i; |
350 |
|
|
|
351 |
|
|
for (i = 0; dlts[i].name != NULL; i++) { |
352 |
|
|
if (dlts[i].dlt == dlt) |
353 |
|
|
return (dlts[i].name + 4); /* Skip leading "DLT_" */ |
354 |
|
|
} |
355 |
|
|
return (NULL); |
356 |
|
|
} |
357 |
|
|
|
358 |
|
|
const char * |
359 |
|
|
pcap_datalink_val_to_description(int dlt) |
360 |
|
|
{ |
361 |
|
|
int i; |
362 |
|
|
|
363 |
|
|
for (i = 0; dlts[i].name != NULL; i++) { |
364 |
|
|
if (dlts[i].dlt == dlt) |
365 |
|
|
return (dlts[i].description); |
366 |
|
|
} |
367 |
|
|
return (NULL); |
368 |
|
|
} |
369 |
|
|
|
370 |
|
|
int |
371 |
|
|
pcap_snapshot(pcap_t *p) |
372 |
|
|
{ |
373 |
|
6 |
return (p->snapshot); |
374 |
|
|
} |
375 |
|
|
|
376 |
|
|
int |
377 |
|
|
pcap_is_swapped(pcap_t *p) |
378 |
|
|
{ |
379 |
|
|
return (p->sf.swapped); |
380 |
|
|
} |
381 |
|
|
|
382 |
|
|
int |
383 |
|
|
pcap_major_version(pcap_t *p) |
384 |
|
|
{ |
385 |
|
|
return (p->sf.version_major); |
386 |
|
|
} |
387 |
|
|
|
388 |
|
|
int |
389 |
|
|
pcap_minor_version(pcap_t *p) |
390 |
|
|
{ |
391 |
|
|
return (p->sf.version_minor); |
392 |
|
|
} |
393 |
|
|
|
394 |
|
|
FILE * |
395 |
|
|
pcap_file(pcap_t *p) |
396 |
|
|
{ |
397 |
|
|
return (p->sf.rfile); |
398 |
|
|
} |
399 |
|
|
|
400 |
|
|
int |
401 |
|
|
pcap_fileno(pcap_t *p) |
402 |
|
|
{ |
403 |
|
36 |
return (p->fd); |
404 |
|
|
} |
405 |
|
|
|
406 |
|
|
void |
407 |
|
|
pcap_perror(pcap_t *p, char *prefix) |
408 |
|
|
{ |
409 |
|
|
fprintf(stderr, "%s: %s\n", prefix, p->errbuf); |
410 |
|
|
} |
411 |
|
|
|
412 |
|
|
int |
413 |
|
|
pcap_get_selectable_fd(pcap_t *p) |
414 |
|
|
{ |
415 |
|
|
return (p->fd); |
416 |
|
|
} |
417 |
|
|
|
418 |
|
|
char * |
419 |
|
|
pcap_geterr(pcap_t *p) |
420 |
|
|
{ |
421 |
|
|
return (p->errbuf); |
422 |
|
|
} |
423 |
|
|
|
424 |
|
|
int |
425 |
|
|
pcap_getnonblock(pcap_t *p, char *errbuf) |
426 |
|
|
{ |
427 |
|
|
int fdflags; |
428 |
|
|
|
429 |
|
|
fdflags = fcntl(p->fd, F_GETFL); |
430 |
|
|
if (fdflags == -1) { |
431 |
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", |
432 |
|
|
pcap_strerror(errno)); |
433 |
|
|
return (-1); |
434 |
|
|
} |
435 |
|
|
if (fdflags & O_NONBLOCK) |
436 |
|
|
return (1); |
437 |
|
|
else |
438 |
|
|
return (0); |
439 |
|
|
} |
440 |
|
|
|
441 |
|
|
int |
442 |
|
|
pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) |
443 |
|
|
{ |
444 |
|
|
int fdflags; |
445 |
|
|
|
446 |
|
|
fdflags = fcntl(p->fd, F_GETFL); |
447 |
|
|
if (fdflags == -1) { |
448 |
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", |
449 |
|
|
pcap_strerror(errno)); |
450 |
|
|
return (-1); |
451 |
|
|
} |
452 |
|
|
if (nonblock) |
453 |
|
|
fdflags |= O_NONBLOCK; |
454 |
|
|
else |
455 |
|
|
fdflags &= ~O_NONBLOCK; |
456 |
|
|
if (fcntl(p->fd, F_SETFL, fdflags) == -1) { |
457 |
|
|
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", |
458 |
|
|
pcap_strerror(errno)); |
459 |
|
|
return (-1); |
460 |
|
|
} |
461 |
|
|
return (0); |
462 |
|
|
} |
463 |
|
|
|
464 |
|
|
/* |
465 |
|
|
* Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. |
466 |
|
|
*/ |
467 |
|
|
const char * |
468 |
|
|
pcap_statustostr(int errnum) |
469 |
|
|
{ |
470 |
|
|
static char ebuf[15+10+1]; |
471 |
|
|
|
472 |
|
|
switch (errnum) { |
473 |
|
|
|
474 |
|
|
case PCAP_WARNING: |
475 |
|
|
return("Generic warning"); |
476 |
|
|
|
477 |
|
|
case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: |
478 |
|
|
return ("That type of time stamp is not supported by that device"); |
479 |
|
|
|
480 |
|
|
case PCAP_WARNING_PROMISC_NOTSUP: |
481 |
|
|
return ("That device doesn't support promiscuous mode"); |
482 |
|
|
|
483 |
|
|
case PCAP_ERROR: |
484 |
|
|
return("Generic error"); |
485 |
|
|
|
486 |
|
|
case PCAP_ERROR_BREAK: |
487 |
|
|
return("Loop terminated by pcap_breakloop"); |
488 |
|
|
|
489 |
|
|
case PCAP_ERROR_NOT_ACTIVATED: |
490 |
|
|
return("The pcap_t has not been activated"); |
491 |
|
|
|
492 |
|
|
case PCAP_ERROR_ACTIVATED: |
493 |
|
|
return ("The setting can't be changed after the pcap_t is activated"); |
494 |
|
|
|
495 |
|
|
case PCAP_ERROR_NO_SUCH_DEVICE: |
496 |
|
|
return ("No such device exists"); |
497 |
|
|
|
498 |
|
|
case PCAP_ERROR_RFMON_NOTSUP: |
499 |
|
|
return ("That device doesn't support monitor mode"); |
500 |
|
|
|
501 |
|
|
case PCAP_ERROR_NOT_RFMON: |
502 |
|
|
return ("That operation is supported only in monitor mode"); |
503 |
|
|
|
504 |
|
|
case PCAP_ERROR_PERM_DENIED: |
505 |
|
|
return ("You don't have permission to capture on that device"); |
506 |
|
|
|
507 |
|
|
case PCAP_ERROR_IFACE_NOT_UP: |
508 |
|
|
return ("That device is not up"); |
509 |
|
|
|
510 |
|
|
case PCAP_ERROR_CANTSET_TSTAMP_TYPE: |
511 |
|
|
return ("That device doesn't support setting the time stamp type"); |
512 |
|
|
|
513 |
|
|
case PCAP_ERROR_PROMISC_PERM_DENIED: |
514 |
|
|
return ("You don't have permission to capture in promiscuous mode on that device"); |
515 |
|
|
} |
516 |
|
|
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); |
517 |
|
|
return(ebuf); |
518 |
|
|
} |
519 |
|
|
|
520 |
|
|
/* |
521 |
|
|
* Not all systems have strerror(). |
522 |
|
|
*/ |
523 |
|
|
char * |
524 |
|
|
pcap_strerror(int errnum) |
525 |
|
|
{ |
526 |
|
|
#ifdef HAVE_STRERROR |
527 |
|
|
return (strerror(errnum)); |
528 |
|
|
#else |
529 |
|
|
extern int sys_nerr; |
530 |
|
|
extern const char *const sys_errlist[]; |
531 |
|
|
static char ebuf[20]; |
532 |
|
|
|
533 |
|
|
if ((unsigned int)errnum < sys_nerr) |
534 |
|
|
return ((char *)sys_errlist[errnum]); |
535 |
|
|
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); |
536 |
|
|
return(ebuf); |
537 |
|
|
#endif |
538 |
|
|
} |
539 |
|
|
|
540 |
|
|
/* |
541 |
|
|
* On some platforms, we need to clean up promiscuous or monitor mode |
542 |
|
|
* when we close a device - and we want that to happen even if the |
543 |
|
|
* application just exits without explicitl closing devices. |
544 |
|
|
* On those platforms, we need to register a "close all the pcaps" |
545 |
|
|
* routine to be called when we exit, and need to maintain a list of |
546 |
|
|
* pcaps that need to be closed to clean up modes. |
547 |
|
|
* |
548 |
|
|
* XXX - not thread-safe. |
549 |
|
|
*/ |
550 |
|
|
|
551 |
|
|
/* |
552 |
|
|
* List of pcaps on which we've done something that needs to be |
553 |
|
|
* cleaned up. |
554 |
|
|
* If there are any such pcaps, we arrange to call "pcap_close_all()" |
555 |
|
|
* when we exit, and have it close all of them. |
556 |
|
|
*/ |
557 |
|
|
static struct pcap *pcaps_to_close; |
558 |
|
|
|
559 |
|
|
/* |
560 |
|
|
* TRUE if we've already called "atexit()" to cause "pcap_close_all()" to |
561 |
|
|
* be called on exit. |
562 |
|
|
*/ |
563 |
|
|
static int did_atexit; |
564 |
|
|
|
565 |
|
|
static void |
566 |
|
|
pcap_close_all(void) |
567 |
|
|
{ |
568 |
|
|
struct pcap *handle; |
569 |
|
|
|
570 |
|
|
while ((handle = pcaps_to_close) != NULL) |
571 |
|
|
pcap_close(handle); |
572 |
|
|
} |
573 |
|
|
|
574 |
|
|
int |
575 |
|
|
pcap_do_addexit(pcap_t *p) |
576 |
|
|
{ |
577 |
|
|
/* |
578 |
|
|
* If we haven't already done so, arrange to have |
579 |
|
|
* "pcap_close_all()" called when we exit. |
580 |
|
|
*/ |
581 |
|
|
if (!did_atexit) { |
582 |
|
|
if (atexit(pcap_close_all) == -1) { |
583 |
|
|
/* |
584 |
|
|
* "atexit()" failed; let our caller know. |
585 |
|
|
*/ |
586 |
|
|
(void)strlcpy(p->errbuf, "atexit failed", |
587 |
|
|
PCAP_ERRBUF_SIZE); |
588 |
|
|
return (0); |
589 |
|
|
} |
590 |
|
|
did_atexit = 1; |
591 |
|
|
} |
592 |
|
|
return (1); |
593 |
|
|
} |
594 |
|
|
|
595 |
|
|
void |
596 |
|
|
pcap_add_to_pcaps_to_close(pcap_t *p) |
597 |
|
|
{ |
598 |
|
|
p->md.next = pcaps_to_close; |
599 |
|
|
pcaps_to_close = p; |
600 |
|
|
} |
601 |
|
|
|
602 |
|
|
void |
603 |
|
|
pcap_remove_from_pcaps_to_close(pcap_t *p) |
604 |
|
|
{ |
605 |
|
|
pcap_t *pc, *prevpc; |
606 |
|
|
|
607 |
|
|
for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; |
608 |
|
|
prevpc = pc, pc = pc->md.next) { |
609 |
|
|
if (pc == p) { |
610 |
|
|
/* |
611 |
|
|
* Found it. Remove it from the list. |
612 |
|
|
*/ |
613 |
|
|
if (prevpc == NULL) { |
614 |
|
|
/* |
615 |
|
|
* It was at the head of the list. |
616 |
|
|
*/ |
617 |
|
|
pcaps_to_close = pc->md.next; |
618 |
|
|
} else { |
619 |
|
|
/* |
620 |
|
|
* It was in the middle of the list. |
621 |
|
|
*/ |
622 |
|
|
prevpc->md.next = pc->md.next; |
623 |
|
|
} |
624 |
|
|
break; |
625 |
|
|
} |
626 |
|
|
} |
627 |
|
|
} |
628 |
|
|
|
629 |
|
|
pcap_t * |
630 |
|
|
pcap_open_dead(int linktype, int snaplen) |
631 |
|
|
{ |
632 |
|
|
pcap_t *p; |
633 |
|
|
|
634 |
|
|
p = calloc(1, sizeof(*p)); |
635 |
|
|
if (p == NULL) |
636 |
|
|
return NULL; |
637 |
|
|
p->snapshot = snaplen; |
638 |
|
|
p->linktype = linktype; |
639 |
|
|
p->fd = -1; |
640 |
|
|
return p; |
641 |
|
|
} |
642 |
|
|
|
643 |
|
|
/* |
644 |
|
|
* Given a BPF program, a pcap_pkthdr structure for a packet, and the raw |
645 |
|
|
* data for the packet, check whether the packet passes the filter. |
646 |
|
|
* Returns the return value of the filter program, which will be zero if |
647 |
|
|
* the packet doesn't pass and non-zero if the packet does pass. |
648 |
|
|
*/ |
649 |
|
|
int |
650 |
|
|
pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, |
651 |
|
|
const u_char *pkt) |
652 |
|
|
{ |
653 |
|
|
struct bpf_insn *fcode = fp->bf_insns; |
654 |
|
|
|
655 |
|
|
if (fcode != NULL) |
656 |
|
|
return (bpf_filter(fcode, pkt, h->len, h->caplen)); |
657 |
|
|
else |
658 |
|
|
return (0); |
659 |
|
|
} |
660 |
|
|
|
661 |
|
|
const char * |
662 |
|
|
pcap_lib_version(void) |
663 |
|
|
{ |
664 |
|
40 |
return (pcap_version_string); |
665 |
|
|
} |
666 |
|
|
|