GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libpcap/pcap.c Lines: 44 176 25.0 %
Date: 2017-11-13 Branches: 15 87 17.2 %

Line Branch Exec Source
1
/*	$OpenBSD: pcap.c,v 1.20 2016/11/16 13:47:27 reyk Exp $	*/
2
3
/*
4
 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
5
 *	The Regents of the University of California.  All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 * 3. All advertising materials mentioning features or use of this software
16
 *    must display the following acknowledgement:
17
 *	This product includes software developed by the Computer Systems
18
 *	Engineering Group at Lawrence Berkeley Laboratory.
19
 * 4. Neither the name of the University nor of the Laboratory may be used
20
 *    to endorse or promote products derived from this software without
21
 *    specific prior written permission.
22
 *
23
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33
 * SUCH DAMAGE.
34
 */
35
36
#include <sys/types.h>
37
38
#include <stdio.h>
39
#include <stdlib.h>
40
#include <string.h>
41
#include <unistd.h>
42
#include <errno.h>
43
#include <fcntl.h>
44
45
#ifdef HAVE_OS_PROTO_H
46
#include "os-proto.h"
47
#endif
48
49
#include "pcap-int.h"
50
51
static const char pcap_version_string[] = "OpenBSD libpcap";
52
53
int
54
pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
55
{
56
57
82
	if (p->sf.rfile != NULL)
58
38
		return (pcap_offline_read(p, cnt, callback, user));
59
3
	return (pcap_read(p, cnt, callback, user));
60
41
}
61
62
int
63
pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
64
{
65
	int n;
66
67
12
	for (;;) {
68
9
		if (p->sf.rfile != NULL)
69
			n = pcap_offline_read(p, cnt, callback, user);
70
		else {
71
			/*
72
			 * XXX keep reading until we get something
73
			 * (or an error occurs)
74
			 */
75
9
			do {
76
18
				n = pcap_read(p, cnt, callback, user);
77
18
			} while (n == 0);
78
		}
79
9
		if (n <= 0)
80
			return (n);
81
9
		if (cnt > 0) {
82
9
			cnt -= n;
83
9
			if (cnt <= 0)
84
3
				return (0);
85
		}
86
	}
87
3
}
88
89
struct singleton {
90
	struct pcap_pkthdr *hdr;
91
	const u_char *pkt;
92
};
93
94
95
static void
96
pcap_oneshot(u_char *userData, const struct pcap_pkthdr *h, const u_char *pkt)
97
{
98
74
	struct singleton *sp = (struct singleton *)userData;
99
37
	*sp->hdr = *h;
100
37
	sp->pkt = pkt;
101
37
}
102
103
const u_char *
104
pcap_next(pcap_t *p, struct pcap_pkthdr *h)
105
{
106
82
	struct singleton s;
107
108
41
	s.hdr = h;
109
41
	if (pcap_dispatch(p, 1, pcap_oneshot, (u_char*)&s) <= 0)
110
4
		return (0);
111
37
	return (s.pkt);
112
41
}
113
114
struct pkt_for_fakecallback {
115
	struct pcap_pkthdr *hdr;
116
	const u_char **pkt;
117
};
118
119
static void
120
pcap_fakecallback(u_char *userData, const struct pcap_pkthdr *h,
121
    const u_char *pkt)
122
{
123
	struct pkt_for_fakecallback *sp = (struct pkt_for_fakecallback *)userData;
124
125
	*sp->hdr = *h;
126
	*sp->pkt = pkt;
127
}
128
129
int
130
pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
131
    const u_char **pkt_data)
132
{
133
	struct pkt_for_fakecallback s;
134
135
	s.hdr = &p->pcap_header;
136
	s.pkt = pkt_data;
137
138
	/* Saves a pointer to the packet headers */
139
	*pkt_header= &p->pcap_header;
140
141
	if (p->sf.rfile != NULL) {
142
		int status;
143
144
		/* We are on an offline capture */
145
		status = pcap_offline_read(p, 1, pcap_fakecallback,
146
		    (u_char *)&s);
147
148
		/*
149
		 * Return codes for pcap_offline_read() are:
150
		 *   -  0: EOF
151
		 *   - -1: error
152
		 *   - >1: OK
153
		 * The first one ('0') conflicts with the return code of
154
		 * 0 from pcap_read() meaning "no packets arrived before
155
		 * the timeout expired", so we map it to -2 so you can
156
		 * distinguish between an EOF from a savefile and a
157
		 * "no packets arrived before the timeout expired, try
158
		 * again" from a live capture.
159
		 */
160
		if (status == 0)
161
			return (-2);
162
		else
163
			return (status);
164
	}
165
166
	/*
167
	 * Return codes for pcap_read() are:
168
	 *   -  0: timeout
169
	 *   - -1: error
170
	 *   - -2: loop was broken out of with pcap_breakloop()
171
	 *   - >1: OK
172
	 * The first one ('0') conflicts with the return code of 0 from
173
	 * pcap_offline_read() meaning "end of file".
174
	*/
175
	return (pcap_read(p, 1, pcap_fakecallback, (u_char *)&s));
176
}
177
178
int
179
pcap_check_activated(pcap_t *p)
180
{
181
90
	if (p->activated) {
182
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
183
			" operation on activated capture");
184
		return -1;
185
	}
186
45
	return 0;
187
45
}
188
189
int
190
pcap_set_snaplen(pcap_t *p, int snaplen)
191
{
192
36
	if (pcap_check_activated(p))
193
		return PCAP_ERROR_ACTIVATED;
194
18
	p->snapshot = snaplen;
195
18
	return 0;
196
18
}
197
198
int
199
pcap_set_promisc(pcap_t *p, int promisc)
200
{
201
18
	if (pcap_check_activated(p))
202
		return PCAP_ERROR_ACTIVATED;
203
9
	p->opt.promisc = promisc;
204
9
	return 0;
205
9
}
206
207
int
208
pcap_set_rfmon(pcap_t *p, int rfmon)
209
{
210
	if (pcap_check_activated(p))
211
		return PCAP_ERROR_ACTIVATED;
212
	p->opt.rfmon = rfmon;
213
	return 0;
214
}
215
216
int
217
pcap_set_timeout(pcap_t *p, int timeout_ms)
218
{
219
36
	if (pcap_check_activated(p))
220
		return PCAP_ERROR_ACTIVATED;
221
18
	p->md.timeout = timeout_ms;
222
18
	return 0;
223
18
}
224
225
int
226
pcap_set_buffer_size(pcap_t *p, int buffer_size)
227
{
228
	if (pcap_check_activated(p))
229
		return PCAP_ERROR_ACTIVATED;
230
	p->opt.buffer_size = buffer_size;
231
	return 0;
232
}
233
234
/*
235
 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
236
 */
237
void
238
pcap_breakloop(pcap_t *p)
239
{
240
	p->break_loop = 1;
241
}
242
243
int
244
pcap_datalink(pcap_t *p)
245
{
246
12
	return (p->linktype);
247
}
248
249
int
250
pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
251
{
252
	if (p->dlt_count == 0) {
253
		/*
254
		 * We couldn't fetch the list of DLTs, which means
255
		 * this platform doesn't support changing the
256
		 * DLT for an interface.  Return a list of DLTs
257
		 * containing only the DLT this device supports.
258
		 */
259
		*dlt_buffer = malloc(sizeof(**dlt_buffer));
260
		if (*dlt_buffer == NULL) {
261
			(void)snprintf(p->errbuf, sizeof(p->errbuf),
262
			    "malloc: %s", pcap_strerror(errno));
263
			return (-1);
264
		}
265
		**dlt_buffer = p->linktype;
266
		return (1);
267
	} else {
268
		*dlt_buffer = reallocarray(NULL, sizeof(**dlt_buffer),
269
		    p->dlt_count);
270
		if (*dlt_buffer == NULL) {
271
			(void)snprintf(p->errbuf, sizeof(p->errbuf),
272
			    "malloc: %s", pcap_strerror(errno));
273
			return (-1);
274
		}
275
		(void)memcpy(*dlt_buffer, p->dlt_list,
276
		    sizeof(**dlt_buffer) * p->dlt_count);
277
		return (p->dlt_count);
278
	}
279
}
280
281
/*
282
 * In Windows, you might have a library built with one version of the
283
 * C runtime library and an application built with another version of
284
 * the C runtime library, which means that the library might use one
285
 * version of malloc() and free() and the application might use another
286
 * version of malloc() and free().  If so, that means something
287
 * allocated by the library cannot be freed by the application, so we
288
 * need to have a pcap_free_datalinks() routine to free up the list
289
 * allocated by pcap_list_datalinks(), even though it's just a wrapper
290
 * around free().
291
 */
292
void
293
pcap_free_datalinks(int *dlt_list)
294
{
295
	free(dlt_list);
296
}
297
298
struct dlt_choice {
299
	const char *name;
300
	const char *description;
301
	int	dlt;
302
};
303
304
static struct dlt_choice dlts[] = {
305
#define DLT_CHOICE(code, description) { #code, description, code }
306
DLT_CHOICE(DLT_NULL, "no link-layer encapsulation"),
307
DLT_CHOICE(DLT_EN10MB, "Ethernet (10Mb)"),
308
DLT_CHOICE(DLT_EN3MB, "Experimental Ethernet (3Mb)"),
309
DLT_CHOICE(DLT_AX25, "Amateur Radio AX.25"),
310
DLT_CHOICE(DLT_PRONET, "Proteon ProNET Token Ring"),
311
DLT_CHOICE(DLT_CHAOS, "Chaos"),
312
DLT_CHOICE(DLT_IEEE802, "IEEE 802 Networks"),
313
DLT_CHOICE(DLT_ARCNET, "ARCNET"),
314
DLT_CHOICE(DLT_SLIP, "Serial Line IP"),
315
DLT_CHOICE(DLT_PPP, "Point-to-point Protocol"),
316
DLT_CHOICE(DLT_FDDI, "FDDI"),
317
DLT_CHOICE(DLT_ATM_RFC1483, "LLC/SNAP encapsulated atm"),
318
DLT_CHOICE(DLT_LOOP, "loopback type (af header)"),
319
DLT_CHOICE(DLT_ENC, "IPSEC enc type (af header, spi, flags)"),
320
DLT_CHOICE(DLT_RAW, "raw IP"),
321
DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS Serial Line IP"),
322
DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS Point-to-point Protocol"),
323
DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
324
DLT_CHOICE(DLT_PPP_ETHER, "PPP over Ethernet; session only w/o ether header"),
325
DLT_CHOICE(DLT_IEEE802_11, "IEEE 802.11 wireless"),
326
DLT_CHOICE(DLT_PFLOG, "Packet filter logging, by pcap people"),
327
DLT_CHOICE(DLT_IEEE802_11_RADIO, "IEEE 802.11 plus WLAN header"),
328
DLT_CHOICE(DLT_OPENFLOW, "OpenFlow"),
329
#undef DLT_CHOICE
330
	{ NULL, NULL, -1}
331
};
332
333
int
334
pcap_datalink_name_to_val(const char *name)
335
{
336
	int i;
337
338
	for (i = 0; dlts[i].name != NULL; i++) {
339
		/* Skip leading "DLT_" */
340
		if (strcasecmp(dlts[i].name + 4, name) == 0)
341
			return (dlts[i].dlt);
342
	}
343
	return (-1);
344
}
345
346
const char *
347
pcap_datalink_val_to_name(int dlt)
348
{
349
	int i;
350
351
	for (i = 0; dlts[i].name != NULL; i++) {
352
		if (dlts[i].dlt == dlt)
353
			return (dlts[i].name + 4); /* Skip leading "DLT_" */
354
	}
355
	return (NULL);
356
}
357
358
const char *
359
pcap_datalink_val_to_description(int dlt)
360
{
361
	int i;
362
363
	for (i = 0; dlts[i].name != NULL; i++) {
364
		if (dlts[i].dlt == dlt)
365
			return (dlts[i].description);
366
	}
367
	return (NULL);
368
}
369
370
int
371
pcap_snapshot(pcap_t *p)
372
{
373
6
	return (p->snapshot);
374
}
375
376
int
377
pcap_is_swapped(pcap_t *p)
378
{
379
	return (p->sf.swapped);
380
}
381
382
int
383
pcap_major_version(pcap_t *p)
384
{
385
	return (p->sf.version_major);
386
}
387
388
int
389
pcap_minor_version(pcap_t *p)
390
{
391
	return (p->sf.version_minor);
392
}
393
394
FILE *
395
pcap_file(pcap_t *p)
396
{
397
	return (p->sf.rfile);
398
}
399
400
int
401
pcap_fileno(pcap_t *p)
402
{
403
36
	return (p->fd);
404
}
405
406
void
407
pcap_perror(pcap_t *p, char *prefix)
408
{
409
	fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
410
}
411
412
int
413
pcap_get_selectable_fd(pcap_t *p)
414
{
415
	return (p->fd);
416
}
417
418
char *
419
pcap_geterr(pcap_t *p)
420
{
421
	return (p->errbuf);
422
}
423
424
int
425
pcap_getnonblock(pcap_t *p, char *errbuf)
426
{
427
	int fdflags;
428
429
	fdflags = fcntl(p->fd, F_GETFL);
430
	if (fdflags == -1) {
431
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
432
		    pcap_strerror(errno));
433
		return (-1);
434
	}
435
	if (fdflags & O_NONBLOCK)
436
		return (1);
437
	else
438
		return (0);
439
}
440
441
int
442
pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
443
{
444
	int fdflags;
445
446
	fdflags = fcntl(p->fd, F_GETFL);
447
	if (fdflags == -1) {
448
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
449
		    pcap_strerror(errno));
450
		return (-1);
451
	}
452
	if (nonblock)
453
		fdflags |= O_NONBLOCK;
454
	else
455
		fdflags &= ~O_NONBLOCK;
456
	if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
457
		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
458
		    pcap_strerror(errno));
459
		return (-1);
460
	}
461
	return (0);
462
}
463
464
/*
465
 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
466
 */
467
const char *
468
pcap_statustostr(int errnum)
469
{
470
	static char ebuf[15+10+1];
471
472
	switch (errnum) {
473
474
	case PCAP_WARNING:
475
		return("Generic warning");
476
477
	case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
478
		return ("That type of time stamp is not supported by that device");
479
480
	case PCAP_WARNING_PROMISC_NOTSUP:
481
		return ("That device doesn't support promiscuous mode");
482
483
	case PCAP_ERROR:
484
		return("Generic error");
485
486
	case PCAP_ERROR_BREAK:
487
		return("Loop terminated by pcap_breakloop");
488
489
	case PCAP_ERROR_NOT_ACTIVATED:
490
		return("The pcap_t has not been activated");
491
492
	case PCAP_ERROR_ACTIVATED:
493
		return ("The setting can't be changed after the pcap_t is activated");
494
495
	case PCAP_ERROR_NO_SUCH_DEVICE:
496
		return ("No such device exists");
497
498
	case PCAP_ERROR_RFMON_NOTSUP:
499
		return ("That device doesn't support monitor mode");
500
501
	case PCAP_ERROR_NOT_RFMON:
502
		return ("That operation is supported only in monitor mode");
503
504
	case PCAP_ERROR_PERM_DENIED:
505
		return ("You don't have permission to capture on that device");
506
507
	case PCAP_ERROR_IFACE_NOT_UP:
508
		return ("That device is not up");
509
510
	case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
511
		return ("That device doesn't support setting the time stamp type");
512
513
	case PCAP_ERROR_PROMISC_PERM_DENIED:
514
		return ("You don't have permission to capture in promiscuous mode on that device");
515
	}
516
	(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
517
	return(ebuf);
518
}
519
520
/*
521
 * Not all systems have strerror().
522
 */
523
char *
524
pcap_strerror(int errnum)
525
{
526
#ifdef HAVE_STRERROR
527
	return (strerror(errnum));
528
#else
529
	extern int sys_nerr;
530
	extern const char *const sys_errlist[];
531
	static char ebuf[20];
532
533
	if ((unsigned int)errnum < sys_nerr)
534
		return ((char *)sys_errlist[errnum]);
535
	(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
536
	return(ebuf);
537
#endif
538
}
539
540
/*
541
 * On some platforms, we need to clean up promiscuous or monitor mode
542
 * when we close a device - and we want that to happen even if the
543
 * application just exits without explicitl closing devices.
544
 * On those platforms, we need to register a "close all the pcaps"
545
 * routine to be called when we exit, and need to maintain a list of
546
 * pcaps that need to be closed to clean up modes.
547
 *
548
 * XXX - not thread-safe.
549
 */
550
551
/*
552
 * List of pcaps on which we've done something that needs to be
553
 * cleaned up.
554
 * If there are any such pcaps, we arrange to call "pcap_close_all()"
555
 * when we exit, and have it close all of them.
556
 */
557
static struct pcap *pcaps_to_close;
558
559
/*
560
 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
561
 * be called on exit.
562
 */
563
static int did_atexit;
564
565
static void
566
pcap_close_all(void)
567
{
568
	struct pcap *handle;
569
570
	while ((handle = pcaps_to_close) != NULL)
571
		pcap_close(handle);
572
}
573
574
int
575
pcap_do_addexit(pcap_t *p)
576
{
577
	/*
578
	 * If we haven't already done so, arrange to have
579
	 * "pcap_close_all()" called when we exit.
580
	 */
581
	if (!did_atexit) {
582
		if (atexit(pcap_close_all) == -1) {
583
			/*
584
			 * "atexit()" failed; let our caller know.
585
			 */
586
			(void)strlcpy(p->errbuf, "atexit failed",
587
			    PCAP_ERRBUF_SIZE);
588
			return (0);
589
		}
590
		did_atexit = 1;
591
	}
592
	return (1);
593
}
594
595
void
596
pcap_add_to_pcaps_to_close(pcap_t *p)
597
{
598
	p->md.next = pcaps_to_close;
599
	pcaps_to_close = p;
600
}
601
602
void
603
pcap_remove_from_pcaps_to_close(pcap_t *p)
604
{
605
	pcap_t *pc, *prevpc;
606
607
	for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
608
	    prevpc = pc, pc = pc->md.next) {
609
		if (pc == p) {
610
			/*
611
			 * Found it.  Remove it from the list.
612
			 */
613
			if (prevpc == NULL) {
614
				/*
615
				 * It was at the head of the list.
616
				 */
617
				pcaps_to_close = pc->md.next;
618
			} else {
619
				/*
620
				 * It was in the middle of the list.
621
				 */
622
				prevpc->md.next = pc->md.next;
623
			}
624
			break;
625
		}
626
	}
627
}
628
629
pcap_t *
630
pcap_open_dead(int linktype, int snaplen)
631
{
632
	pcap_t *p;
633
634
	p = calloc(1, sizeof(*p));
635
	if (p == NULL)
636
		return NULL;
637
	p->snapshot = snaplen;
638
	p->linktype = linktype;
639
	p->fd = -1;
640
	return p;
641
}
642
643
/*
644
 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
645
 * data for the packet, check whether the packet passes the filter.
646
 * Returns the return value of the filter program, which will be zero if
647
 * the packet doesn't pass and non-zero if the packet does pass.
648
 */
649
int
650
pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
651
        const u_char *pkt)
652
{
653
	struct bpf_insn *fcode = fp->bf_insns;
654
655
	if (fcode != NULL)
656
		return (bpf_filter(fcode, pkt, h->len, h->caplen));
657
	else
658
		return (0);
659
}
660
661
const char *
662
pcap_lib_version(void)
663
{
664
40
	return (pcap_version_string);
665
}
666