1 /* $NetBSD: pcap.c,v 1.13 2026/03/18 23:43:20 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the Computer Systems 18 * Engineering Group at Lawrence Berkeley Laboratory. 19 * 4. Neither the name of the University nor of the Laboratory may be used 20 * to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 __RCSID("$NetBSD: pcap.c,v 1.13 2026/03/18 23:43:20 christos Exp $"); 38 39 #include <config.h> 40 41 /* Get the same variety of strerror_r() as Autoconf/CMake has detected. */ 42 #include "ftmacros.h" 43 44 #include <pcap-types.h> 45 #ifndef _WIN32 46 #include <sys/param.h> 47 #ifndef MSDOS 48 #include <sys/file.h> 49 #endif 50 #include <sys/ioctl.h> 51 #include <sys/socket.h> 52 #ifdef HAVE_SYS_SOCKIO_H 53 #include <sys/sockio.h> 54 #endif 55 56 struct mbuf; /* Squelch compiler warnings on some platforms for */ 57 struct rtentry; /* declarations in <net/if.h> */ 58 #include <net/if.h> 59 #include <netinet/in.h> 60 #endif /* _WIN32 */ 61 62 #include <stdio.h> 63 #include <stdlib.h> 64 #include <string.h> 65 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__) 66 #include <unistd.h> 67 #endif 68 #include <fcntl.h> 69 #include <errno.h> 70 #include <limits.h> 71 72 #include "diag-control.h" 73 74 #include "thread-local.h" 75 76 #ifdef HAVE_OS_PROTO_H 77 #include "os-proto.h" 78 #endif 79 80 #ifdef MSDOS 81 #include "pcap-dos.h" 82 #endif 83 84 #include "pcap-int.h" 85 86 #include "optimize.h" 87 88 #ifdef HAVE_DAG_API 89 #include "pcap-dag.h" 90 #endif /* HAVE_DAG_API */ 91 92 #ifdef HAVE_SEPTEL_API 93 #include "pcap-septel.h" 94 #endif /* HAVE_SEPTEL_API */ 95 96 #ifdef HAVE_SNF_API 97 #include "pcap-snf.h" 98 #endif /* HAVE_SNF_API */ 99 100 #ifdef HAVE_TC_API 101 #include "pcap-tc.h" 102 #endif /* HAVE_TC_API */ 103 104 #ifdef PCAP_SUPPORT_LINUX_USBMON 105 #include "pcap-usb-linux.h" 106 #endif 107 108 #ifdef PCAP_SUPPORT_BT 109 #include "pcap-bt-linux.h" 110 #endif 111 112 #ifdef PCAP_SUPPORT_BT_MONITOR 113 #include "pcap-bt-monitor-linux.h" 114 #endif 115 116 #ifdef PCAP_SUPPORT_NETFILTER 117 #include "pcap-netfilter-linux.h" 118 #endif 119 120 #ifdef PCAP_SUPPORT_NETMAP 121 #include "pcap-netmap.h" 122 #endif 123 124 #ifdef PCAP_SUPPORT_DBUS 125 #include "pcap-dbus.h" 126 #endif 127 128 #ifdef PCAP_SUPPORT_RPCAP 129 #include "pcap-rpcap-unix.h" 130 #endif 131 132 #ifdef PCAP_SUPPORT_RDMASNIFF 133 #include "pcap-rdmasniff.h" 134 #endif 135 136 #ifdef PCAP_SUPPORT_DPDK 137 #include "pcap-dpdk.h" 138 #endif 139 140 #ifdef HAVE_AIRPCAP_API 141 #include "pcap-airpcap.h" 142 #endif 143 144 #ifdef _WIN32 145 /* 146 * To quote the WSAStartup() documentation: 147 * 148 * The WSAStartup function typically leads to protocol-specific helper 149 * DLLs being loaded. As a result, the WSAStartup function should not 150 * be called from the DllMain function in a application DLL. This can 151 * potentially cause deadlocks. 152 * 153 * and the WSACleanup() documentation: 154 * 155 * The WSACleanup function typically leads to protocol-specific helper 156 * DLLs being unloaded. As a result, the WSACleanup function should not 157 * be called from the DllMain function in a application DLL. This can 158 * potentially cause deadlocks. 159 * 160 * So we don't initialize Winsock in a DllMain() routine. 161 * 162 * pcap_init() should be called to initialize pcap on both UN*X and 163 * Windows; it will initialize Winsock on Windows. (It will also be 164 * initialized as needed if pcap_init() hasn't been called.) 165 */ 166 167 /* 168 * Shut down Winsock. 169 * 170 * Ignores the return value of WSACleanup(); given that this is 171 * an atexit() routine, there's nothing much we can do about 172 * a failure. 173 */ 174 static void 175 internal_wsockfini(void) 176 { 177 WSACleanup(); 178 } 179 180 /* 181 * Start Winsock. 182 * Internal routine. 183 */ 184 static int 185 internal_wsockinit(char *errbuf) 186 { 187 WORD wVersionRequested; 188 WSADATA wsaData; 189 static int err = -1; 190 static int done = 0; 191 int status; 192 193 if (done) 194 return (err); 195 196 /* 197 * Versions of Windows that don't support Winsock 2.2 are 198 * too old for us. 199 */ 200 wVersionRequested = MAKEWORD(2, 2); 201 status = WSAStartup(wVersionRequested, &wsaData); 202 done = 1; 203 if (status != 0) { 204 if (errbuf != NULL) { 205 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE, 206 status, "WSAStartup() failed"); 207 } 208 return (err); 209 } 210 atexit(internal_wsockfini); 211 err = 0; 212 return (err); 213 } 214 215 /* 216 * Exported in case some applications using WinPcap/Npcap called it, 217 * even though it wasn't exported. 218 */ 219 int 220 wsockinit(void) 221 { 222 return (internal_wsockinit(NULL)); 223 } 224 225 /* 226 * This is the exported function; new programs should call this. 227 * *Newer* programs should call pcap_init(). 228 */ 229 int 230 pcap_wsockinit(void) 231 { 232 return (internal_wsockinit(NULL)); 233 } 234 #endif /* _WIN32 */ 235 236 /* 237 * Do whatever initialization is needed for libpcap. 238 * 239 * The argument specifies whether we use the local code page or UTF-8 240 * for strings; on UN*X, we just assume UTF-8 in places where the encoding 241 * would matter, whereas, on Windows, we use the local code page for 242 * PCAP_CHAR_ENC_LOCAL and UTF-8 for PCAP_CHAR_ENC_UTF_8. 243 * 244 * On Windows, we also disable the hack in pcap_create() to deal with 245 * being handed UTF-16 strings, because if the user calls this they're 246 * explicitly declaring that they will either be passing local code 247 * page strings or UTF-8 strings, so we don't need to allow UTF-16LE 248 * strings to be passed. For good measure, on Windows *and* UN*X, 249 * we disable pcap_lookupdev(), to prevent anybody from even 250 * *trying* to pass the result of pcap_lookupdev() - which might be 251 * UTF-16LE on Windows, for ugly compatibility reasons - to pcap_create() 252 * or pcap_open_live() or pcap_open(). 253 * 254 * Returns 0 on success, -1 on error. 255 */ 256 int pcapint_new_api; /* pcap_lookupdev() always fails */ 257 int pcapint_utf_8_mode; /* Strings should be in UTF-8. */ 258 259 int 260 pcap_init(unsigned int opts, char *errbuf) 261 { 262 static int initialized; 263 264 /* 265 * Don't allow multiple calls that set different modes; that 266 * may mean a library is initializing pcap in one mode and 267 * a program using that library, or another library used by 268 * that program, is initializing it in another mode. 269 */ 270 switch (opts) { 271 272 case PCAP_CHAR_ENC_LOCAL: 273 /* Leave "UTF-8 mode" off. */ 274 if (initialized) { 275 if (pcapint_utf_8_mode) { 276 snprintf(errbuf, PCAP_ERRBUF_SIZE, 277 "Multiple pcap_init calls with different character encodings"); 278 return (PCAP_ERROR); 279 } 280 } 281 break; 282 283 case PCAP_CHAR_ENC_UTF_8: 284 /* Turn on "UTF-8 mode". */ 285 if (initialized) { 286 if (!pcapint_utf_8_mode) { 287 snprintf(errbuf, PCAP_ERRBUF_SIZE, 288 "Multiple pcap_init calls with different character encodings"); 289 return (PCAP_ERROR); 290 } 291 } 292 pcapint_utf_8_mode = 1; 293 break; 294 295 default: 296 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Unknown options specified"); 297 return (PCAP_ERROR); 298 } 299 300 /* 301 * Turn the appropriate mode on for error messages; those routines 302 * are also used in rpcapd, which has no access to pcap's internal 303 * UTF-8 mode flag, so we have to call a routine to set its 304 * UTF-8 mode flag. 305 */ 306 pcapint_fmt_set_encoding(opts); 307 308 if (initialized) { 309 /* 310 * Nothing more to do; for example, on Windows, we've 311 * already initialized Winsock. 312 */ 313 return (0); 314 } 315 316 #ifdef _WIN32 317 /* 318 * Now set up Winsock. 319 */ 320 if (internal_wsockinit(errbuf) == -1) { 321 /* Failed. */ 322 return (PCAP_ERROR); 323 } 324 #endif 325 326 /* 327 * We're done. 328 */ 329 initialized = 1; 330 pcapint_new_api = 1; 331 return (0); 332 } 333 334 /* 335 * String containing the library version. 336 * Not explicitly exported via a header file - the right API to use 337 * is pcap_lib_version() - but some programs included it, so we 338 * provide it. 339 * 340 * We declare it here, right before defining it, to squelch any 341 * warnings we might get from compilers about the lack of a 342 * declaration. 343 */ 344 PCAP_API char pcap_version[]; 345 PCAP_API_DEF char pcap_version[] = PACKAGE_VERSION; 346 347 static void 348 pcap_set_not_initialized_message(pcap_t *pcap) 349 { 350 if (pcap->activated) { 351 /* A module probably forgot to set the function pointer */ 352 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), 353 "This operation isn't properly handled by that device"); 354 return; 355 } 356 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */ 357 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf), 358 "This handle hasn't been activated yet"); 359 } 360 361 static int 362 pcap_read_not_initialized(pcap_t *pcap, int cnt _U_, pcap_handler callback _U_, 363 u_char *user _U_) 364 { 365 pcap_set_not_initialized_message(pcap); 366 /* this means 'not initialized' */ 367 return (PCAP_ERROR_NOT_ACTIVATED); 368 } 369 370 static int 371 pcap_inject_not_initialized(pcap_t *pcap, const void * buf _U_, size_t size _U_) 372 { 373 pcap_set_not_initialized_message(pcap); 374 /* this means 'not initialized' */ 375 return (PCAP_ERROR_NOT_ACTIVATED); 376 } 377 378 static int 379 pcap_setfilter_not_initialized(pcap_t *pcap, struct bpf_program *fp _U_) 380 { 381 pcap_set_not_initialized_message(pcap); 382 /* this means 'not initialized' */ 383 return (PCAP_ERROR_NOT_ACTIVATED); 384 } 385 386 static int 387 pcap_setdirection_not_initialized(pcap_t *pcap, pcap_direction_t d _U_) 388 { 389 pcap_set_not_initialized_message(pcap); 390 /* this means 'not initialized' */ 391 return (PCAP_ERROR_NOT_ACTIVATED); 392 } 393 394 static int 395 pcap_set_datalink_not_initialized(pcap_t *pcap, int dlt _U_) 396 { 397 pcap_set_not_initialized_message(pcap); 398 /* this means 'not initialized' */ 399 return (PCAP_ERROR_NOT_ACTIVATED); 400 } 401 402 static int 403 pcap_getnonblock_not_initialized(pcap_t *pcap) 404 { 405 pcap_set_not_initialized_message(pcap); 406 /* this means 'not initialized' */ 407 return (PCAP_ERROR_NOT_ACTIVATED); 408 } 409 410 static int 411 pcap_stats_not_initialized(pcap_t *pcap, struct pcap_stat *ps _U_) 412 { 413 pcap_set_not_initialized_message(pcap); 414 /* this means 'not initialized' */ 415 return (PCAP_ERROR_NOT_ACTIVATED); 416 } 417 418 #ifdef _WIN32 419 static struct pcap_stat * 420 pcap_stats_ex_not_initialized(pcap_t *pcap, int *pcap_stat_size _U_) 421 { 422 pcap_set_not_initialized_message(pcap); 423 return (NULL); 424 } 425 426 static int 427 pcap_setbuff_not_initialized(pcap_t *pcap, int dim _U_) 428 { 429 pcap_set_not_initialized_message(pcap); 430 /* this means 'not initialized' */ 431 return (PCAP_ERROR_NOT_ACTIVATED); 432 } 433 434 static int 435 pcap_setmode_not_initialized(pcap_t *pcap, int mode _U_) 436 { 437 pcap_set_not_initialized_message(pcap); 438 /* this means 'not initialized' */ 439 return (PCAP_ERROR_NOT_ACTIVATED); 440 } 441 442 static int 443 pcap_setmintocopy_not_initialized(pcap_t *pcap, int size _U_) 444 { 445 pcap_set_not_initialized_message(pcap); 446 /* this means 'not initialized' */ 447 return (PCAP_ERROR_NOT_ACTIVATED); 448 } 449 450 static HANDLE 451 pcap_getevent_not_initialized(pcap_t *pcap) 452 { 453 pcap_set_not_initialized_message(pcap); 454 return (INVALID_HANDLE_VALUE); 455 } 456 457 static int 458 pcap_oid_get_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_, 459 void *data _U_, size_t *lenp _U_) 460 { 461 pcap_set_not_initialized_message(pcap); 462 return (PCAP_ERROR_NOT_ACTIVATED); 463 } 464 465 static int 466 pcap_oid_set_request_not_initialized(pcap_t *pcap, bpf_u_int32 oid _U_, 467 const void *data _U_, size_t *lenp _U_) 468 { 469 pcap_set_not_initialized_message(pcap); 470 return (PCAP_ERROR_NOT_ACTIVATED); 471 } 472 473 static u_int 474 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue _U_, 475 int sync _U_) 476 { 477 pcap_set_not_initialized_message(pcap); 478 return (0); 479 } 480 481 static int 482 pcap_setuserbuffer_not_initialized(pcap_t *pcap, int size _U_) 483 { 484 pcap_set_not_initialized_message(pcap); 485 return (PCAP_ERROR_NOT_ACTIVATED); 486 } 487 488 static int 489 pcap_live_dump_not_initialized(pcap_t *pcap, char *filename _U_, int maxsize _U_, 490 int maxpacks _U_) 491 { 492 pcap_set_not_initialized_message(pcap); 493 return (PCAP_ERROR_NOT_ACTIVATED); 494 } 495 496 static int 497 pcap_live_dump_ended_not_initialized(pcap_t *pcap, int sync _U_) 498 { 499 pcap_set_not_initialized_message(pcap); 500 return (PCAP_ERROR_NOT_ACTIVATED); 501 } 502 503 static PAirpcapHandle 504 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap) 505 { 506 pcap_set_not_initialized_message(pcap); 507 return (NULL); 508 } 509 #endif 510 511 /* 512 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't, 513 * a PCAP_ERROR value on an error. 514 */ 515 int 516 pcap_can_set_rfmon(pcap_t *p) 517 { 518 return (p->can_set_rfmon_op(p)); 519 } 520 521 /* 522 * For systems where rfmon mode is never supported. 523 */ 524 static int 525 pcap_cant_set_rfmon(pcap_t *p _U_) 526 { 527 return (0); 528 } 529 530 /* 531 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp 532 * types; the return value is the number of supported time stamp types. 533 * The list should be freed by a call to pcap_free_tstamp_types() when 534 * you're done with it. 535 * 536 * A return value of 0 means "you don't get a choice of time stamp type", 537 * in which case *tstamp_typesp is set to null. 538 * 539 * PCAP_ERROR is returned on error. 540 */ 541 int 542 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp) 543 { 544 if (p->tstamp_type_count == 0) { 545 /* 546 * We don't support multiple time stamp types. 547 * That means the only type we support is PCAP_TSTAMP_HOST; 548 * set up a list containing only that type. 549 */ 550 *tstamp_typesp = (int*)malloc(sizeof(**tstamp_typesp)); 551 if (*tstamp_typesp == NULL) { 552 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 553 errno, "malloc"); 554 return (PCAP_ERROR); 555 } 556 **tstamp_typesp = PCAP_TSTAMP_HOST; 557 return (1); 558 } else { 559 *tstamp_typesp = (int*)calloc(p->tstamp_type_count, 560 sizeof(**tstamp_typesp)); 561 if (*tstamp_typesp == NULL) { 562 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 563 errno, "malloc"); 564 return (PCAP_ERROR); 565 } 566 (void)memcpy(*tstamp_typesp, p->tstamp_type_list, 567 sizeof(**tstamp_typesp) * p->tstamp_type_count); 568 return (p->tstamp_type_count); 569 } 570 } 571 572 /* 573 * In Windows, you might have a library built with one version of the 574 * C runtime library and an application built with another version of 575 * the C runtime library, which means that the library might use one 576 * version of malloc() and free() and the application might use another 577 * version of malloc() and free(). If so, that means something 578 * allocated by the library cannot be freed by the application, so we 579 * need to have a pcap_free_tstamp_types() routine to free up the list 580 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper 581 * around free(). 582 */ 583 void 584 pcap_free_tstamp_types(int *tstamp_type_list) 585 { 586 free(tstamp_type_list); 587 } 588 589 /* 590 * Default one-shot callback; overridden for capture types where the 591 * packet data cannot be guaranteed to be available after the callback 592 * returns, so that a copy must be made. 593 */ 594 void 595 pcapint_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) 596 { 597 struct oneshot_userdata *sp = (struct oneshot_userdata *)user; 598 599 *sp->hdr = *h; 600 *sp->pkt = pkt; 601 } 602 603 const u_char * 604 pcap_next(pcap_t *p, struct pcap_pkthdr *h) 605 { 606 struct oneshot_userdata s; 607 const u_char *pkt; 608 609 s.hdr = h; 610 s.pkt = &pkt; 611 s.pd = p; 612 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0) 613 return (0); 614 return (pkt); 615 } 616 617 int 618 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header, 619 const u_char **pkt_data) 620 { 621 struct oneshot_userdata s; 622 623 s.hdr = &p->pcap_header; 624 s.pkt = pkt_data; 625 s.pd = p; 626 627 /* Saves a pointer to the packet headers */ 628 *pkt_header= &p->pcap_header; 629 630 if (p->rfile != NULL) { 631 int status; 632 633 /* We are on an offline capture */ 634 status = pcapint_offline_read(p, 1, p->oneshot_callback, 635 (u_char *)&s); 636 637 /* 638 * Return codes for pcapint_offline_read() are: 639 * - 0: EOF 640 * - -1: error 641 * - >0: OK - result is number of packets read, so 642 * it will be 1 in this case, as we've passed 643 * a maximum packet count of 1 644 * The first one ('0') conflicts with the return code of 645 * 0 from pcap_read() meaning "no packets arrived before 646 * the timeout expired", so we map it to -2 so you can 647 * distinguish between an EOF from a savefile and a 648 * "no packets arrived before the timeout expired, try 649 * again" from a live capture. 650 */ 651 if (status == 0) 652 return (-2); 653 else 654 return (status); 655 } 656 657 /* 658 * Return codes for pcap_read() are: 659 * - 0: timeout 660 * - -1: error 661 * - -2: loop was broken out of with pcap_breakloop() 662 * - >0: OK, result is number of packets captured, so 663 * it will be 1 in this case, as we've passed 664 * a maximum packet count of 1 665 * The first one ('0') conflicts with the return code of 0 from 666 * pcapint_offline_read() meaning "end of file". 667 */ 668 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s)); 669 } 670 671 /* 672 * Implementation of a pcap_if_list_t. 673 */ 674 struct pcap_if_list { 675 pcap_if_t *beginning; 676 }; 677 678 static struct capture_source_type { 679 int (*findalldevs_op)(pcap_if_list_t *, char *); 680 pcap_t *(*create_op)(const char *, char *, int *); 681 } capture_source_types[] = { 682 #ifdef HAVE_DAG_API 683 { dag_findalldevs, dag_create }, 684 #endif 685 #ifdef HAVE_SEPTEL_API 686 { septel_findalldevs, septel_create }, 687 #endif 688 #ifdef HAVE_SNF_API 689 { snf_findalldevs, snf_create }, 690 #endif 691 #ifdef HAVE_TC_API 692 { TcFindAllDevs, TcCreate }, 693 #endif 694 #ifdef PCAP_SUPPORT_BT 695 { bt_findalldevs, bt_create }, 696 #endif 697 #ifdef PCAP_SUPPORT_BT_MONITOR 698 { bt_monitor_findalldevs, bt_monitor_create }, 699 #endif 700 #ifdef PCAP_SUPPORT_LINUX_USBMON 701 { usb_findalldevs, usb_create }, 702 #endif 703 #ifdef PCAP_SUPPORT_NETFILTER 704 { netfilter_findalldevs, netfilter_create }, 705 #endif 706 #ifdef PCAP_SUPPORT_NETMAP 707 { pcap_netmap_findalldevs, pcap_netmap_create }, 708 #endif 709 #ifdef PCAP_SUPPORT_DBUS 710 { dbus_findalldevs, dbus_create }, 711 #endif 712 #ifdef PCAP_SUPPORT_RDMASNIFF 713 { rdmasniff_findalldevs, rdmasniff_create }, 714 #endif 715 #ifdef PCAP_SUPPORT_DPDK 716 { pcap_dpdk_findalldevs, pcap_dpdk_create }, 717 #endif 718 #ifdef HAVE_AIRPCAP_API 719 { airpcap_findalldevs, airpcap_create }, 720 #endif 721 { NULL, NULL } 722 }; 723 724 /* 725 * Get a list of all capture sources that are up and that we can open. 726 * Returns -1 on error, 0 otherwise. 727 * The list, as returned through "alldevsp", may be null if no interfaces 728 * were up and could be opened. 729 */ 730 int 731 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) 732 { 733 size_t i; 734 pcap_if_list_t devlist; 735 736 /* 737 * Find all the local network interfaces on which we 738 * can capture. 739 */ 740 devlist.beginning = NULL; 741 if (pcapint_platform_finddevs(&devlist, errbuf) == -1) { 742 /* 743 * Failed - free all of the entries we were given 744 * before we failed. 745 */ 746 if (devlist.beginning != NULL) 747 pcap_freealldevs(devlist.beginning); 748 *alldevsp = NULL; 749 return (-1); 750 } 751 752 /* 753 * Ask each of the non-local-network-interface capture 754 * source types what interfaces they have. 755 */ 756 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) { 757 if (capture_source_types[i].findalldevs_op(&devlist, errbuf) == -1) { 758 /* 759 * We had an error; free the list we've been 760 * constructing. 761 */ 762 if (devlist.beginning != NULL) 763 pcap_freealldevs(devlist.beginning); 764 *alldevsp = NULL; 765 return (-1); 766 } 767 } 768 769 /* 770 * Return the first entry of the list of all devices. 771 */ 772 *alldevsp = devlist.beginning; 773 return (0); 774 } 775 776 static struct sockaddr * 777 dup_sockaddr(struct sockaddr *sa, size_t sa_length) 778 { 779 struct sockaddr *newsa; 780 781 if ((newsa = malloc(sa_length)) == NULL) 782 return (NULL); 783 return (memcpy(newsa, sa, sa_length)); 784 } 785 786 /* 787 * Construct a "figure of merit" for an interface, for use when sorting 788 * the list of interfaces, in which interfaces that are up are superior 789 * to interfaces that aren't up, interfaces that are up and running are 790 * superior to interfaces that are up but not running, and non-loopback 791 * interfaces that are up and running are superior to loopback interfaces, 792 * and interfaces with the same flags have a figure of merit that's higher 793 * the lower the instance number. 794 * 795 * The goal is to try to put the interfaces most likely to be useful for 796 * capture at the beginning of the list. 797 * 798 * The figure of merit, which is lower the "better" the interface is, 799 * has the uppermost bit set if the interface isn't running, the bit 800 * below that set if the interface isn't up, the bit below that 801 * set if the interface is a loopback interface, and the bit below 802 * that set if it's the "any" interface. 803 * 804 * Note: we don't sort by unit number because 1) not all interfaces have 805 * a unit number (systemd, for example, might assign interface names 806 * based on the interface's MAC address or on the physical location of 807 * the adapter's connector), and 2) if the name does end with a simple 808 * unit number, it's not a global property of the interface, it's only 809 * useful as a sort key for device names with the same prefix, so xyz0 810 * shouldn't necessarily sort before abc2. This means that interfaces 811 * with the same figure of merit will be sorted by the order in which 812 * the mechanism from which we're getting the interfaces supplies them. 813 */ 814 static u_int 815 get_figure_of_merit(pcap_if_t *dev) 816 { 817 u_int n; 818 819 n = 0; 820 if (!(dev->flags & PCAP_IF_RUNNING)) 821 n |= 0x80000000; 822 if (!(dev->flags & PCAP_IF_UP)) 823 n |= 0x40000000; 824 825 /* 826 * Give non-wireless interfaces that aren't disconnected a better 827 * figure of merit than interfaces that are disconnected, as 828 * "disconnected" should indicate that the interface isn't 829 * plugged into a network and thus won't give you any traffic. 830 * 831 * For wireless interfaces, it means "associated with a network", 832 * which we presume not to necessarily prevent capture, as you 833 * might run the adapter in some flavor of monitor mode. 834 */ 835 if (!(dev->flags & PCAP_IF_WIRELESS) && 836 (dev->flags & PCAP_IF_CONNECTION_STATUS) == PCAP_IF_CONNECTION_STATUS_DISCONNECTED) 837 n |= 0x20000000; 838 839 /* 840 * Sort loopback devices after non-loopback devices, *except* for 841 * disconnected devices. 842 */ 843 if (dev->flags & PCAP_IF_LOOPBACK) 844 n |= 0x10000000; 845 846 /* 847 * Sort the "any" device before loopback and disconnected devices, 848 * but after all other devices. 849 */ 850 if (strcmp(dev->name, "any") == 0) 851 n |= 0x08000000; 852 853 return (n); 854 } 855 856 #ifndef _WIN32 857 /* 858 * Try to get a description for a given device. 859 * Returns a malloced description if it could and NULL if it couldn't. 860 * 861 * XXX - on FreeBSDs that support it, should it get the sysctl named 862 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description 863 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800" 864 * with my Cisco 350 card, so the name isn't entirely descriptive. The 865 * "dev.an.0.%pnpinfo" has a better description, although one might argue 866 * that the problem is really a driver bug - if it can find out that it's 867 * a Cisco 340 or 350, rather than an old Aironet card, it should use 868 * that in the description. 869 * 870 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD 871 * and OpenBSD let you get a description, but it's not generated by the OS, 872 * it's set with another ioctl that ifconfig supports; we use that to get 873 * a description in FreeBSD and OpenBSD, but if there is no such 874 * description available, it still might be nice to get some description 875 * string based on the device type or something such as that. 876 * 877 * In macOS, the System Configuration framework can apparently return 878 * names in 10.4 and later. 879 * 880 * It also appears that freedesktop.org's HAL offers an "info.product" 881 * string, but the HAL specification says it "should not be used in any 882 * UI" and "subsystem/capability specific properties" should be used 883 * instead and, in any case, I think HAL is being deprecated in 884 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear 885 * to have any obvious product information for devices, but maybe 886 * I haven't looked hard enough. 887 * 888 * Using the System Configuration framework, or HAL, or DeviceKit, or 889 * whatever, would require that libpcap applications be linked with 890 * the frameworks/libraries in question. That shouldn't be a problem 891 * for programs linking with the shared version of libpcap (unless 892 * you're running on AIX - which I think is the only UN*X that doesn't 893 * support linking a shared library with other libraries on which it 894 * depends, and having an executable linked only with the first shared 895 * library automatically pick up the other libraries when started - 896 * and using HAL or whatever). Programs linked with the static 897 * version of libpcap would have to use pcap-config with the --static 898 * flag in order to get the right linker flags in order to pick up 899 * the additional libraries/frameworks; those programs need that anyway 900 * for libpcap 1.1 and beyond on Linux, as, by default, it requires 901 * -lnl. 902 * 903 * Do any other UN*Xes, or desktop environments support getting a 904 * description? 905 */ 906 static char * 907 #ifdef SIOCGIFDESCR 908 get_if_description(const char *name) 909 { 910 char *description = NULL; 911 int s; 912 struct ifreq ifrdesc; 913 #ifndef IFDESCRSIZE 914 size_t descrlen = 64; 915 #else 916 size_t descrlen = IFDESCRSIZE; 917 #endif /* IFDESCRSIZE */ 918 919 /* 920 * Get the description for the interface. 921 */ 922 memset(&ifrdesc, 0, sizeof ifrdesc); 923 pcapint_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name); 924 s = socket(AF_INET, SOCK_DGRAM, 0); 925 if (s >= 0) { 926 #ifdef __FreeBSD__ 927 /* 928 * On FreeBSD, if the buffer isn't big enough for the 929 * description, the ioctl succeeds, but the description 930 * isn't copied, ifr_buffer.length is set to the description 931 * length, and ifr_buffer.buffer is set to NULL. 932 */ 933 for (;;) { 934 free(description); 935 if ((description = malloc(descrlen)) != NULL) { 936 ifrdesc.ifr_buffer.buffer = description; 937 ifrdesc.ifr_buffer.length = descrlen; 938 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) { 939 if (ifrdesc.ifr_buffer.buffer == 940 description) 941 break; 942 else 943 descrlen = ifrdesc.ifr_buffer.length; 944 } else { 945 /* 946 * Failed to get interface description. 947 */ 948 free(description); 949 description = NULL; 950 break; 951 } 952 } else 953 break; 954 } 955 #else /* __FreeBSD__ */ 956 /* 957 * The only other OS that currently supports 958 * SIOCGIFDESCR is OpenBSD, and it has no way 959 * to get the description length - it's clamped 960 * to a maximum of IFDESCRSIZE. 961 */ 962 if ((description = malloc(descrlen)) != NULL) { 963 ifrdesc.ifr_data = (caddr_t)description; 964 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) { 965 /* 966 * Failed to get interface description. 967 */ 968 free(description); 969 description = NULL; 970 } 971 } 972 #endif /* __FreeBSD__ */ 973 close(s); 974 if (description != NULL && description[0] == '\0') { 975 /* 976 * Description is empty, so discard it. 977 */ 978 free(description); 979 description = NULL; 980 } 981 } 982 983 #ifdef __FreeBSD__ 984 /* 985 * For FreeBSD, if we didn't get a description, and this is 986 * a device with a name of the form usbusN, label it as a USB 987 * bus. 988 */ 989 if (description == NULL) { 990 if (strncmp(name, "usbus", 5) == 0) { 991 /* 992 * OK, it begins with "usbus". 993 */ 994 long busnum; 995 char *p; 996 997 errno = 0; 998 busnum = strtol(name + 5, &p, 10); 999 if (errno == 0 && p != name + 5 && *p == '\0' && 1000 busnum >= 0 && busnum <= INT_MAX) { 1001 /* 1002 * OK, it's a valid number that's not 1003 * bigger than INT_MAX. Construct 1004 * a description from it. 1005 * (If that fails, we don't worry about 1006 * it, we just return NULL.) 1007 */ 1008 if (pcapint_asprintf(&description, 1009 "USB bus number %ld", busnum) == -1) { 1010 /* Failed. */ 1011 description = NULL; 1012 } 1013 } 1014 } 1015 } 1016 #endif 1017 return (description); 1018 #else /* SIOCGIFDESCR */ 1019 get_if_description(const char *name _U_) 1020 { 1021 return (NULL); 1022 #endif /* SIOCGIFDESCR */ 1023 } 1024 1025 /* 1026 * Look for a given device in the specified list of devices. 1027 * 1028 * If we find it, return a pointer to its entry. 1029 * 1030 * If we don't find it, attempt to add an entry for it, with the specified 1031 * IFF_ flags and description, and, if that succeeds, return a pointer to 1032 * the new entry, otherwise return NULL and set errbuf to an error message. 1033 */ 1034 pcap_if_t * 1035 pcapint_find_or_add_if(pcap_if_list_t *devlistp, const char *name, 1036 uint64_t if_flags, get_if_flags_func get_flags_func, char *errbuf) 1037 { 1038 bpf_u_int32 pcap_flags; 1039 1040 /* 1041 * Convert IFF_ flags to pcap flags. 1042 */ 1043 pcap_flags = 0; 1044 #ifdef IFF_LOOPBACK 1045 if (if_flags & IFF_LOOPBACK) 1046 pcap_flags |= PCAP_IF_LOOPBACK; 1047 #else 1048 /* 1049 * We don't have IFF_LOOPBACK, so look at the device name to 1050 * see if it looks like a loopback device. 1051 */ 1052 if (name[0] == 'l' && name[1] == 'o' && 1053 (PCAP_ISDIGIT(name[2]) || name[2] == '\0')) 1054 pcap_flags |= PCAP_IF_LOOPBACK; 1055 #endif 1056 #ifdef IFF_UP 1057 if (if_flags & IFF_UP) 1058 pcap_flags |= PCAP_IF_UP; 1059 #endif 1060 #ifdef IFF_RUNNING 1061 if (if_flags & IFF_RUNNING) 1062 pcap_flags |= PCAP_IF_RUNNING; 1063 #endif 1064 1065 /* 1066 * Attempt to find an entry for this device; if we don't find one, 1067 * attempt to add one. 1068 */ 1069 return (pcapint_find_or_add_dev(devlistp, name, pcap_flags, 1070 get_flags_func, get_if_description(name), errbuf)); 1071 } 1072 1073 /* 1074 * Look for a given device in the specified list of devices. 1075 * 1076 * If we find it, then, if the specified address isn't null, add it to 1077 * the list of addresses for the device and return 0. 1078 * 1079 * If we don't find it, attempt to add an entry for it, with the specified 1080 * IFF_ flags and description, and, if that succeeds, add the specified 1081 * address to its list of addresses if that address is non-null, and 1082 * return 0, otherwise return -1 and set errbuf to an error message. 1083 * 1084 * (We can get called with a null address because we might get a list 1085 * of interface name/address combinations from the underlying OS, with 1086 * the address being absent in some cases, rather than a list of 1087 * interfaces with each interface having a list of addresses, so this 1088 * call may be the only call made to add to the list, and we want to 1089 * add interfaces even if they have no addresses.) 1090 */ 1091 int 1092 pcapint_add_addr_to_if(pcap_if_list_t *devlistp, const char *name, 1093 uint64_t if_flags, get_if_flags_func get_flags_func, 1094 struct sockaddr *addr, size_t addr_size, 1095 struct sockaddr *netmask, size_t netmask_size, 1096 struct sockaddr *broadaddr, size_t broadaddr_size, 1097 struct sockaddr *dstaddr, size_t dstaddr_size, 1098 char *errbuf) 1099 { 1100 pcap_if_t *curdev; 1101 1102 /* 1103 * Check whether the device exists and, if not, add it. 1104 */ 1105 curdev = pcapint_find_or_add_if(devlistp, name, if_flags, get_flags_func, 1106 errbuf); 1107 if (curdev == NULL) { 1108 /* 1109 * Error - give up. 1110 */ 1111 return (-1); 1112 } 1113 1114 if (addr == NULL) { 1115 /* 1116 * There's no address to add; this entry just meant 1117 * "here's a new interface". 1118 */ 1119 return (0); 1120 } 1121 1122 /* 1123 * "curdev" is an entry for this interface, and we have an 1124 * address for it; add an entry for that address to the 1125 * interface's list of addresses. 1126 */ 1127 return (pcapint_add_addr_to_dev(curdev, addr, addr_size, netmask, 1128 netmask_size, broadaddr, broadaddr_size, dstaddr, 1129 dstaddr_size, errbuf)); 1130 } 1131 #endif /* _WIN32 */ 1132 1133 /* 1134 * Add an entry to the list of addresses for an interface. 1135 * "curdev" is the entry for that interface. 1136 */ 1137 int 1138 pcapint_add_addr_to_dev(pcap_if_t *curdev, 1139 struct sockaddr *addr, size_t addr_size, 1140 struct sockaddr *netmask, size_t netmask_size, 1141 struct sockaddr *broadaddr, size_t broadaddr_size, 1142 struct sockaddr *dstaddr, size_t dstaddr_size, 1143 char *errbuf) 1144 { 1145 pcap_addr_t *curaddr, *prevaddr, *nextaddr; 1146 1147 /* 1148 * Allocate the new entry and fill it in. 1149 */ 1150 curaddr = (pcap_addr_t *)malloc(sizeof(pcap_addr_t)); 1151 if (curaddr == NULL) { 1152 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1153 errno, "malloc"); 1154 return (-1); 1155 } 1156 1157 curaddr->next = NULL; 1158 if (addr != NULL && addr_size != 0) { 1159 curaddr->addr = (struct sockaddr *)dup_sockaddr(addr, addr_size); 1160 if (curaddr->addr == NULL) { 1161 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1162 errno, "malloc"); 1163 free(curaddr); 1164 return (-1); 1165 } 1166 } else 1167 curaddr->addr = NULL; 1168 1169 if (netmask != NULL && netmask_size != 0) { 1170 curaddr->netmask = (struct sockaddr *)dup_sockaddr(netmask, netmask_size); 1171 if (curaddr->netmask == NULL) { 1172 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1173 errno, "malloc"); 1174 if (curaddr->addr != NULL) 1175 free(curaddr->addr); 1176 free(curaddr); 1177 return (-1); 1178 } 1179 } else 1180 curaddr->netmask = NULL; 1181 1182 if (broadaddr != NULL && broadaddr_size != 0) { 1183 curaddr->broadaddr = (struct sockaddr *)dup_sockaddr(broadaddr, broadaddr_size); 1184 if (curaddr->broadaddr == NULL) { 1185 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1186 errno, "malloc"); 1187 if (curaddr->netmask != NULL) 1188 free(curaddr->netmask); 1189 if (curaddr->addr != NULL) 1190 free(curaddr->addr); 1191 free(curaddr); 1192 return (-1); 1193 } 1194 } else 1195 curaddr->broadaddr = NULL; 1196 1197 if (dstaddr != NULL && dstaddr_size != 0) { 1198 curaddr->dstaddr = (struct sockaddr *)dup_sockaddr(dstaddr, dstaddr_size); 1199 if (curaddr->dstaddr == NULL) { 1200 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1201 errno, "malloc"); 1202 if (curaddr->broadaddr != NULL) 1203 free(curaddr->broadaddr); 1204 if (curaddr->netmask != NULL) 1205 free(curaddr->netmask); 1206 if (curaddr->addr != NULL) 1207 free(curaddr->addr); 1208 free(curaddr); 1209 return (-1); 1210 } 1211 } else 1212 curaddr->dstaddr = NULL; 1213 1214 /* 1215 * Find the end of the list of addresses. 1216 */ 1217 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) { 1218 nextaddr = prevaddr->next; 1219 if (nextaddr == NULL) { 1220 /* 1221 * This is the end of the list. 1222 */ 1223 break; 1224 } 1225 } 1226 1227 if (prevaddr == NULL) { 1228 /* 1229 * The list was empty; this is the first member. 1230 */ 1231 curdev->addresses = curaddr; 1232 } else { 1233 /* 1234 * "prevaddr" is the last member of the list; append 1235 * this member to it. 1236 */ 1237 prevaddr->next = curaddr; 1238 } 1239 1240 return (0); 1241 } 1242 1243 /* 1244 * Look for a given device in the specified list of devices. 1245 * 1246 * If we find it, return 0 and set *curdev_ret to point to it. 1247 * 1248 * If we don't find it, attempt to add an entry for it, with the specified 1249 * flags and description, and, if that succeeds, return 0, otherwise 1250 * return -1 and set errbuf to an error message. 1251 */ 1252 pcap_if_t * 1253 pcapint_find_or_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1254 get_if_flags_func get_flags_func, const char *description, char *errbuf) 1255 { 1256 pcap_if_t *curdev; 1257 1258 /* 1259 * Is there already an entry in the list for this device? 1260 */ 1261 curdev = pcapint_find_dev(devlistp, name); 1262 if (curdev != NULL) { 1263 /* 1264 * Yes, return it. 1265 */ 1266 return (curdev); 1267 } 1268 1269 /* 1270 * No, we didn't find it. 1271 */ 1272 1273 /* 1274 * Try to get additional flags for the device. 1275 */ 1276 if ((*get_flags_func)(name, &flags, errbuf) == -1) { 1277 /* 1278 * Failed. 1279 */ 1280 return (NULL); 1281 } 1282 1283 /* 1284 * Now, try to add it to the list of devices. 1285 */ 1286 return (pcapint_add_dev(devlistp, name, flags, description, errbuf)); 1287 } 1288 1289 /* 1290 * Look for a given device in the specified list of devices, and return 1291 * the entry for it if we find it or NULL if we don't. 1292 */ 1293 pcap_if_t * 1294 pcapint_find_dev(pcap_if_list_t *devlistp, const char *name) 1295 { 1296 pcap_if_t *curdev; 1297 1298 /* 1299 * Is there an entry in the list for this device? 1300 */ 1301 for (curdev = devlistp->beginning; curdev != NULL; 1302 curdev = curdev->next) { 1303 if (strcmp(name, curdev->name) == 0) { 1304 /* 1305 * We found it, so, yes, there is. No need to 1306 * add it. Provide the entry we found to our 1307 * caller. 1308 */ 1309 return (curdev); 1310 } 1311 } 1312 1313 /* 1314 * No. 1315 */ 1316 return (NULL); 1317 } 1318 1319 /* 1320 * Attempt to add an entry for a device, with the specified flags 1321 * and description, and, if that succeeds, return 0 and return a pointer 1322 * to the new entry, otherwise return NULL and set errbuf to an error 1323 * message. 1324 * 1325 * If we weren't given a description, try to get one. 1326 */ 1327 pcap_if_t * 1328 pcapint_add_dev(pcap_if_list_t *devlistp, const char *name, bpf_u_int32 flags, 1329 const char *description, char *errbuf) 1330 { 1331 pcap_if_t *curdev, *prevdev, *nextdev; 1332 u_int this_figure_of_merit, nextdev_figure_of_merit; 1333 1334 curdev = malloc(sizeof(pcap_if_t)); 1335 if (curdev == NULL) { 1336 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1337 errno, "malloc"); 1338 return (NULL); 1339 } 1340 1341 /* 1342 * Fill in the entry. 1343 */ 1344 curdev->next = NULL; 1345 curdev->name = strdup(name); 1346 if (curdev->name == NULL) { 1347 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1348 errno, "malloc"); 1349 free(curdev); 1350 return (NULL); 1351 } 1352 if (description == NULL) { 1353 /* 1354 * We weren't handed a description for the interface. 1355 */ 1356 curdev->description = NULL; 1357 } else { 1358 /* 1359 * We were handed a description; make a copy. 1360 */ 1361 curdev->description = strdup(description); 1362 if (curdev->description == NULL) { 1363 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1364 errno, "malloc"); 1365 free(curdev->name); 1366 free(curdev); 1367 return (NULL); 1368 } 1369 } 1370 curdev->addresses = NULL; /* list starts out as empty */ 1371 curdev->flags = flags; 1372 1373 /* 1374 * Add it to the list, in the appropriate location. 1375 * First, get the "figure of merit" for this interface. 1376 */ 1377 this_figure_of_merit = get_figure_of_merit(curdev); 1378 1379 /* 1380 * Now look for the last interface with an figure of merit 1381 * less than or equal to the new interface's figure of merit. 1382 * 1383 * We start with "prevdev" being NULL, meaning we're before 1384 * the first element in the list. 1385 */ 1386 prevdev = NULL; 1387 for (;;) { 1388 /* 1389 * Get the interface after this one. 1390 */ 1391 if (prevdev == NULL) { 1392 /* 1393 * The next element is the first element. 1394 */ 1395 nextdev = devlistp->beginning; 1396 } else 1397 nextdev = prevdev->next; 1398 1399 /* 1400 * Are we at the end of the list? 1401 */ 1402 if (nextdev == NULL) { 1403 /* 1404 * Yes - we have to put the new entry after "prevdev". 1405 */ 1406 break; 1407 } 1408 1409 /* 1410 * Is the new interface's figure of merit less 1411 * than the next interface's figure of merit, 1412 * meaning that the new interface is better 1413 * than the next interface? 1414 */ 1415 nextdev_figure_of_merit = get_figure_of_merit(nextdev); 1416 if (this_figure_of_merit < nextdev_figure_of_merit) { 1417 /* 1418 * Yes - we should put the new entry 1419 * before "nextdev", i.e. after "prevdev". 1420 */ 1421 break; 1422 } 1423 1424 prevdev = nextdev; 1425 } 1426 1427 /* 1428 * Insert before "nextdev". 1429 */ 1430 curdev->next = nextdev; 1431 1432 /* 1433 * Insert after "prevdev" - unless "prevdev" is null, 1434 * in which case this is the first interface. 1435 */ 1436 if (prevdev == NULL) { 1437 /* 1438 * This is the first interface. Make it 1439 * the first element in the list of devices. 1440 */ 1441 devlistp->beginning = curdev; 1442 } else 1443 prevdev->next = curdev; 1444 return (curdev); 1445 } 1446 1447 /* 1448 * Add an entry for the "any" device. 1449 */ 1450 pcap_if_t * 1451 pcap_add_any_dev(pcap_if_list_t *devlistp, char *errbuf) 1452 { 1453 static const char any_descr[] = "Pseudo-device that captures on all interfaces"; 1454 1455 /* 1456 * As it refers to all network devices, not to any particular 1457 * network device, the notion of "connected" vs. "disconnected" 1458 * doesn't apply to the "any" device. 1459 */ 1460 return pcapint_add_dev(devlistp, "any", 1461 PCAP_IF_UP|PCAP_IF_RUNNING|PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE, 1462 any_descr, errbuf); 1463 } 1464 1465 /* 1466 * Free a list of interfaces. 1467 */ 1468 void 1469 pcap_freealldevs(pcap_if_t *alldevs) 1470 { 1471 pcap_if_t *curdev, *nextdev; 1472 pcap_addr_t *curaddr, *nextaddr; 1473 1474 for (curdev = alldevs; curdev != NULL; curdev = nextdev) { 1475 nextdev = curdev->next; 1476 1477 /* 1478 * Free all addresses. 1479 */ 1480 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) { 1481 nextaddr = curaddr->next; 1482 if (curaddr->addr) 1483 free(curaddr->addr); 1484 if (curaddr->netmask) 1485 free(curaddr->netmask); 1486 if (curaddr->broadaddr) 1487 free(curaddr->broadaddr); 1488 if (curaddr->dstaddr) 1489 free(curaddr->dstaddr); 1490 free(curaddr); 1491 } 1492 1493 /* 1494 * Free the name string. 1495 */ 1496 free(curdev->name); 1497 1498 /* 1499 * Free the description string, if any. 1500 */ 1501 if (curdev->description != NULL) 1502 free(curdev->description); 1503 1504 /* 1505 * Free the interface. 1506 */ 1507 free(curdev); 1508 } 1509 } 1510 1511 /* 1512 * pcap-npf.c has its own pcap_lookupdev(), for compatibility reasons, as 1513 * it actually returns the names of all interfaces, with a NUL separator 1514 * between them; some callers may depend on that. 1515 * 1516 * MS-DOS has its own pcap_lookupdev(), but that might be useful only 1517 * as an optimization. 1518 * 1519 * In all other cases, we just use pcap_findalldevs() to get a list of 1520 * devices, and pick from that list. 1521 */ 1522 #if !defined(HAVE_PACKET32) && !defined(MSDOS) 1523 /* 1524 * Return the name of a network interface attached to the system, or NULL 1525 * if none can be found. The interface must be configured up; the 1526 * lowest unit number is preferred; loopback is ignored. 1527 */ 1528 char * 1529 pcap_lookupdev(char *errbuf) 1530 { 1531 pcap_if_t *alldevs; 1532 #ifdef _WIN32 1533 /* 1534 * Windows - use the same size as the old WinPcap 3.1 code. 1535 * XXX - this is probably bigger than it needs to be. 1536 */ 1537 #define IF_NAMESIZE 8192 1538 #else 1539 /* 1540 * UN*X - use the system's interface name size. 1541 * XXX - that might not be large enough for capture devices 1542 * that aren't regular network interfaces. 1543 */ 1544 /* for old BSD systems, including bsdi3 */ 1545 #ifndef IF_NAMESIZE 1546 #define IF_NAMESIZE IFNAMSIZ 1547 #endif 1548 #endif 1549 static char device[IF_NAMESIZE + 1]; 1550 char *ret; 1551 1552 /* 1553 * We disable this in "new API" mode, because 1) in WinPcap/Npcap, 1554 * it may return UTF-16 strings, for backwards-compatibility 1555 * reasons, and we're also disabling the hack to make that work, 1556 * for not-going-past-the-end-of-a-string reasons, and 2) we 1557 * want its behavior to be consistent. 1558 * 1559 * In addition, it's not thread-safe, so we've marked it as 1560 * deprecated. 1561 */ 1562 if (pcapint_new_api) { 1563 snprintf(errbuf, PCAP_ERRBUF_SIZE, 1564 "pcap_lookupdev() is deprecated and is not supported in programs calling pcap_init()"); 1565 return (NULL); 1566 } 1567 1568 if (pcap_findalldevs(&alldevs, errbuf) == -1) 1569 return (NULL); 1570 1571 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) { 1572 /* 1573 * There are no devices on the list, or the first device 1574 * on the list is a loopback device, which means there 1575 * are no non-loopback devices on the list. This means 1576 * we can't return any device. 1577 * 1578 * XXX - why not return a loopback device? If we can't 1579 * capture on it, it won't be on the list, and if it's 1580 * on the list, there aren't any non-loopback devices, 1581 * so why not just supply it as the default device? 1582 */ 1583 (void)pcapint_strlcpy(errbuf, "no suitable device found", 1584 PCAP_ERRBUF_SIZE); 1585 ret = NULL; 1586 } else { 1587 /* 1588 * Return the name of the first device on the list. 1589 */ 1590 (void)pcapint_strlcpy(device, alldevs->name, sizeof(device)); 1591 ret = device; 1592 } 1593 1594 pcap_freealldevs(alldevs); 1595 return (ret); 1596 } 1597 #endif /* !defined(HAVE_PACKET32) && !defined(MSDOS) */ 1598 1599 #if !defined(_WIN32) && !defined(MSDOS) 1600 /* 1601 * We don't just fetch the entire list of devices, search for the 1602 * particular device, and use its first IPv4 address, as that's too 1603 * much work to get just one device's netmask. 1604 * 1605 * If we had an API to get attributes for a given device, we could 1606 * use that. 1607 */ 1608 int 1609 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, 1610 char *errbuf) 1611 { 1612 register int fd; 1613 register struct sockaddr_in *sin4; 1614 struct ifreq ifr; 1615 1616 /* 1617 * The pseudo-device "any" listens on all interfaces and therefore 1618 * has the network address and -mask "0.0.0.0" therefore catching 1619 * all traffic. Using NULL for the interface is the same as "any". 1620 */ 1621 if (!device || strcmp(device, "any") == 0 1622 #ifdef HAVE_DAG_API 1623 || strstr(device, "dag") != NULL 1624 #endif 1625 #ifdef HAVE_SEPTEL_API 1626 || strstr(device, "septel") != NULL 1627 #endif 1628 #ifdef PCAP_SUPPORT_BT 1629 || strstr(device, "bluetooth") != NULL 1630 #endif 1631 #ifdef PCAP_SUPPORT_LINUX_USBMON 1632 || strstr(device, "usbmon") != NULL 1633 #endif 1634 #ifdef HAVE_SNF_API 1635 || strstr(device, "snf") != NULL 1636 #endif 1637 #ifdef PCAP_SUPPORT_NETMAP 1638 || strncmp(device, "netmap:", 7) == 0 1639 || strncmp(device, "vale", 4) == 0 1640 #endif 1641 #ifdef PCAP_SUPPORT_DPDK 1642 || strncmp(device, "dpdk:", 5) == 0 1643 #endif 1644 ) { 1645 *netp = *maskp = 0; 1646 return 0; 1647 } 1648 1649 fd = socket(AF_INET, SOCK_DGRAM, 0); 1650 if (fd < 0) { 1651 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1652 errno, "socket"); 1653 return (-1); 1654 } 1655 memset(&ifr, 0, sizeof(ifr)); 1656 #ifdef __linux__ 1657 /* XXX Work around Linux kernel bug */ 1658 ifr.ifr_addr.sa_family = AF_INET; 1659 #endif 1660 (void)pcapint_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1661 #if defined(__HAIKU__) && defined(__clang__) 1662 /* 1663 * In Haiku R1/beta4 <unistd.h> ioctl() is a macro that needs to take 4 1664 * arguments to initialize its intermediate 2-member structure fully so 1665 * that Clang does not generate a -Wmissing-field-initializers warning 1666 * (which manifests only when it runs with -Werror). This workaround 1667 * can be removed as soon as there is a Haiku release that fixes the 1668 * problem. See also https://review.haiku-os.org/c/haiku/+/6369 1669 */ 1670 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr, sizeof(ifr)) < 0) { 1671 #else 1672 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { 1673 #endif /* __HAIKU__ && __clang__ */ 1674 if (errno == EADDRNOTAVAIL) { 1675 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 1676 "%s: no IPv4 address assigned", device); 1677 } else { 1678 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1679 errno, "SIOCGIFADDR: %s", device); 1680 } 1681 (void)close(fd); 1682 return (-1); 1683 } 1684 sin4 = (struct sockaddr_in *)&ifr.ifr_addr; 1685 *netp = sin4->sin_addr.s_addr; 1686 memset(&ifr, 0, sizeof(ifr)); 1687 #ifdef __linux__ 1688 /* XXX Work around Linux kernel bug */ 1689 ifr.ifr_addr.sa_family = AF_INET; 1690 #endif 1691 (void)pcapint_strlcpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 1692 #if defined(__HAIKU__) && defined(__clang__) 1693 /* Same as above. */ 1694 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr, sizeof(ifr)) < 0) { 1695 #else 1696 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { 1697 #endif /* __HAIKU__ && __clang__ */ 1698 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 1699 errno, "SIOCGIFNETMASK: %s", device); 1700 (void)close(fd); 1701 return (-1); 1702 } 1703 (void)close(fd); 1704 *maskp = sin4->sin_addr.s_addr; 1705 if (*maskp == 0) { 1706 if (IN_CLASSA(*netp)) 1707 *maskp = IN_CLASSA_NET; 1708 else if (IN_CLASSB(*netp)) 1709 *maskp = IN_CLASSB_NET; 1710 else if (IN_CLASSC(*netp)) 1711 *maskp = IN_CLASSC_NET; 1712 else { 1713 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 1714 "inet class for 0x%x unknown", *netp); 1715 return (-1); 1716 } 1717 } 1718 *netp &= *maskp; 1719 return (0); 1720 } 1721 #endif /* !defined(_WIN32) && !defined(MSDOS) */ 1722 1723 #ifdef ENABLE_REMOTE 1724 #include "pcap-rpcap.h" 1725 1726 /* 1727 * Extract a substring from a string. 1728 */ 1729 static char * 1730 get_substring(const char *p, size_t len, char *ebuf) 1731 { 1732 char *token; 1733 1734 token = malloc(len + 1); 1735 if (token == NULL) { 1736 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1737 errno, "malloc"); 1738 return (NULL); 1739 } 1740 memcpy(token, p, len); 1741 token[len] = '\0'; 1742 return (token); 1743 } 1744 1745 /* 1746 * Parse a capture source that might be a URL. 1747 * 1748 * If the source is not a URL, *schemep, *userinfop, *hostp, and *portp 1749 * are set to NULL, *pathp is set to point to the source, and 0 is 1750 * returned. 1751 * 1752 * If source is a URL, and the URL refers to a local device (a special 1753 * case of rpcap:), *schemep, *userinfop, *hostp, and *portp are set 1754 * to NULL, *pathp is set to point to the device name, and 0 is returned. 1755 * 1756 * If source is a URL, and it's not a special case that refers to a local 1757 * device, and the parse succeeds: 1758 * 1759 * *schemep is set to point to an allocated string containing the scheme; 1760 * 1761 * if user information is present in the URL, *userinfop is set to point 1762 * to an allocated string containing the user information, otherwise 1763 * it's set to NULL; 1764 * 1765 * if host information is present in the URL, *hostp is set to point 1766 * to an allocated string containing the host information, otherwise 1767 * it's set to NULL; 1768 * 1769 * if a port number is present in the URL, *portp is set to point 1770 * to an allocated string containing the port number, otherwise 1771 * it's set to NULL; 1772 * 1773 * *pathp is set to point to an allocated string containing the 1774 * path; 1775 * 1776 * and 0 is returned. 1777 * 1778 * If the parse fails, ebuf is set to an error string, and -1 is returned. 1779 */ 1780 static int 1781 pcap_parse_source(const char *source, char **schemep, char **userinfop, 1782 char **hostp, char **portp, char **pathp, char *ebuf) 1783 { 1784 char *colonp; 1785 size_t scheme_len; 1786 char *scheme; 1787 const char *endp; 1788 size_t authority_len; 1789 char *authority; 1790 char *parsep, *atsignp, *bracketp; 1791 char *userinfo, *host, *port, *path; 1792 1793 if (source == NULL) { 1794 snprintf(ebuf, PCAP_ERRBUF_SIZE, 1795 "The source string must not be NULL."); 1796 return (-1); 1797 } 1798 if (! strcmp(source, "")) { 1799 snprintf(ebuf, PCAP_ERRBUF_SIZE, 1800 "The source string must not be empty."); 1801 return (-1); 1802 } 1803 1804 /* 1805 * Start out returning nothing. 1806 */ 1807 *schemep = NULL; 1808 *userinfop = NULL; 1809 *hostp = NULL; 1810 *portp = NULL; 1811 *pathp = NULL; 1812 1813 /* 1814 * RFC 3986 says: 1815 * 1816 * URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ] 1817 * 1818 * hier-part = "//" authority path-abempty 1819 * / path-absolute 1820 * / path-rootless 1821 * / path-empty 1822 * 1823 * authority = [ userinfo "@" ] host [ ":" port ] 1824 * 1825 * userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) 1826 * 1827 * Step 1: look for the ":" at the end of the scheme. 1828 * A colon in the source is *NOT* sufficient to indicate that 1829 * this is a URL, as interface names on some platforms might 1830 * include colons (e.g., I think some Solaris interfaces 1831 * might). 1832 */ 1833 colonp = strchr(source, ':'); 1834 if (colonp == NULL) { 1835 /* 1836 * The source is the device to open. 1837 * Return a NULL pointer for the scheme, user information, 1838 * host, and port, and return the device as the path. 1839 */ 1840 *pathp = strdup(source); 1841 if (*pathp == NULL) { 1842 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1843 errno, "malloc"); 1844 return (-1); 1845 } 1846 return (0); 1847 } 1848 1849 /* 1850 * All schemes must have "//" after them, i.e. we only support 1851 * hier-part = "//" authority path-abempty, not 1852 * hier-part = path-absolute 1853 * hier-part = path-rootless 1854 * hier-part = path-empty 1855 * 1856 * We need that in order to distinguish between a local device 1857 * name that happens to contain a colon and a URI. 1858 */ 1859 if (strncmp(colonp + 1, "//", 2) != 0) { 1860 /* 1861 * The source is the device to open. 1862 * Return a NULL pointer for the scheme, user information, 1863 * host, and port, and return the device as the path. 1864 */ 1865 *pathp = strdup(source); 1866 if (*pathp == NULL) { 1867 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1868 errno, "malloc"); 1869 return (-1); 1870 } 1871 return (0); 1872 } 1873 1874 /* 1875 * XXX - check whether the purported scheme could be a scheme? 1876 */ 1877 1878 /* 1879 * OK, this looks like a URL. 1880 * Get the scheme. 1881 */ 1882 scheme_len = colonp - source; 1883 scheme = malloc(scheme_len + 1); 1884 if (scheme == NULL) { 1885 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1886 errno, "malloc"); 1887 return (-1); 1888 } 1889 memcpy(scheme, source, scheme_len); 1890 scheme[scheme_len] = '\0'; 1891 1892 /* 1893 * Treat file: specially - take everything after file:// as 1894 * the pathname. 1895 */ 1896 if (pcapint_strcasecmp(scheme, "file") == 0) { 1897 *pathp = strdup(colonp + 3); 1898 if (*pathp == NULL) { 1899 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1900 errno, "malloc"); 1901 free(scheme); 1902 return (-1); 1903 } 1904 *schemep = scheme; 1905 return (0); 1906 } 1907 1908 /* 1909 * The WinPcap documentation says you can specify a local 1910 * interface with "rpcap://{device}"; we special-case 1911 * that here. If the scheme is "rpcap", and there are 1912 * no slashes past the "//", we just return the device. 1913 * 1914 * XXX - %-escaping? 1915 */ 1916 if ((pcapint_strcasecmp(scheme, "rpcap") == 0 || 1917 pcapint_strcasecmp(scheme, "rpcaps") == 0) && 1918 strchr(colonp + 3, '/') == NULL) { 1919 /* 1920 * Local device. 1921 * 1922 * Return a NULL pointer for the scheme, user information, 1923 * host, and port, and return the device as the path. 1924 */ 1925 free(scheme); 1926 *pathp = strdup(colonp + 3); 1927 if (*pathp == NULL) { 1928 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 1929 errno, "malloc"); 1930 return (-1); 1931 } 1932 return (0); 1933 } 1934 1935 /* 1936 * OK, now start parsing the authority. 1937 * Get token, terminated with / or terminated at the end of 1938 * the string. 1939 */ 1940 authority_len = strcspn(colonp + 3, "/"); 1941 authority = get_substring(colonp + 3, authority_len, ebuf); 1942 if (authority == NULL) { 1943 /* 1944 * Error. 1945 */ 1946 free(scheme); 1947 return (-1); 1948 } 1949 endp = colonp + 3 + authority_len; 1950 1951 /* 1952 * Now carve the authority field into its components. 1953 */ 1954 parsep = authority; 1955 1956 /* 1957 * Is there a userinfo field? 1958 */ 1959 atsignp = strchr(parsep, '@'); 1960 if (atsignp != NULL) { 1961 /* 1962 * Yes. 1963 */ 1964 size_t userinfo_len; 1965 1966 userinfo_len = atsignp - parsep; 1967 userinfo = get_substring(parsep, userinfo_len, ebuf); 1968 if (userinfo == NULL) { 1969 /* 1970 * Error. 1971 */ 1972 free(authority); 1973 free(scheme); 1974 return (-1); 1975 } 1976 parsep = atsignp + 1; 1977 } else { 1978 /* 1979 * No. 1980 */ 1981 userinfo = NULL; 1982 } 1983 1984 /* 1985 * Is there a host field? 1986 */ 1987 if (*parsep == '\0') { 1988 /* 1989 * No; there's no host field or port field. 1990 */ 1991 host = NULL; 1992 port = NULL; 1993 } else { 1994 /* 1995 * Yes. 1996 */ 1997 size_t host_len; 1998 1999 /* 2000 * Is it an IP-literal? 2001 */ 2002 if (*parsep == '[') { 2003 /* 2004 * Yes. 2005 * Treat everything up to the closing square 2006 * bracket as the IP-Literal; we don't worry 2007 * about whether it's a valid IPv6address or 2008 * IPvFuture (or an IPv4address, for that 2009 * matter, just in case we get handed a 2010 * URL with an IPv4 IP-Literal, of the sort 2011 * that pcap_createsrcstr() used to generate, 2012 * and that pcap_parsesrcstr(), in the original 2013 * WinPcap code, accepted). 2014 */ 2015 bracketp = strchr(parsep, ']'); 2016 if (bracketp == NULL) { 2017 /* 2018 * There's no closing square bracket. 2019 */ 2020 snprintf(ebuf, PCAP_ERRBUF_SIZE, 2021 "IP-literal in URL doesn't end with ]"); 2022 free(userinfo); 2023 free(authority); 2024 free(scheme); 2025 return (-1); 2026 } 2027 if (*(bracketp + 1) != '\0' && 2028 *(bracketp + 1) != ':') { 2029 /* 2030 * There's extra crud after the 2031 * closing square bracket. 2032 */ 2033 snprintf(ebuf, PCAP_ERRBUF_SIZE, 2034 "Extra text after IP-literal in URL"); 2035 free(userinfo); 2036 free(authority); 2037 free(scheme); 2038 return (-1); 2039 } 2040 host_len = (bracketp - 1) - parsep; 2041 host = get_substring(parsep + 1, host_len, ebuf); 2042 if (host == NULL) { 2043 /* 2044 * Error. 2045 */ 2046 free(userinfo); 2047 free(authority); 2048 free(scheme); 2049 return (-1); 2050 } 2051 parsep = bracketp + 1; 2052 } else { 2053 /* 2054 * No. 2055 * Treat everything up to a : or the end of 2056 * the string as the host. 2057 */ 2058 host_len = strcspn(parsep, ":"); 2059 host = get_substring(parsep, host_len, ebuf); 2060 if (host == NULL) { 2061 /* 2062 * Error. 2063 */ 2064 free(userinfo); 2065 free(authority); 2066 free(scheme); 2067 return (-1); 2068 } 2069 parsep = parsep + host_len; 2070 } 2071 2072 /* 2073 * Is there a port field? 2074 */ 2075 if (*parsep == ':') { 2076 /* 2077 * Yes. It's the rest of the authority field. 2078 */ 2079 size_t port_len; 2080 2081 parsep++; 2082 port_len = strlen(parsep); 2083 port = get_substring(parsep, port_len, ebuf); 2084 if (port == NULL) { 2085 /* 2086 * Error. 2087 */ 2088 free(host); 2089 free(userinfo); 2090 free(authority); 2091 free(scheme); 2092 return (-1); 2093 } 2094 } else { 2095 /* 2096 * No. 2097 */ 2098 port = NULL; 2099 } 2100 } 2101 free(authority); 2102 2103 /* 2104 * Everything else is the path. Strip off the leading /. 2105 */ 2106 if (*endp == '\0') 2107 path = strdup(""); 2108 else 2109 path = strdup(endp + 1); 2110 if (path == NULL) { 2111 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2112 errno, "malloc"); 2113 free(port); 2114 free(host); 2115 free(userinfo); 2116 free(scheme); 2117 return (-1); 2118 } 2119 *schemep = scheme; 2120 *userinfop = userinfo; 2121 *hostp = host; 2122 *portp = port; 2123 *pathp = path; 2124 return (0); 2125 } 2126 2127 int 2128 pcapint_createsrcstr_ex(char *source, int type, const char *host, const char *port, 2129 const char *name, unsigned char uses_ssl, char *errbuf) 2130 { 2131 switch (type) { 2132 2133 case PCAP_SRC_FILE: 2134 pcapint_strlcpy(source, PCAP_SRC_FILE_STRING, PCAP_BUF_SIZE); 2135 if (name != NULL && *name != '\0') { 2136 pcapint_strlcat(source, name, PCAP_BUF_SIZE); 2137 return (0); 2138 } else { 2139 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2140 "The file name cannot be NULL."); 2141 return (-1); 2142 } 2143 2144 case PCAP_SRC_IFREMOTE: 2145 pcapint_strlcpy(source, 2146 (uses_ssl ? "rpcaps://" : PCAP_SRC_IF_STRING), 2147 PCAP_BUF_SIZE); 2148 if (host != NULL && *host != '\0') { 2149 if (strchr(host, ':') != NULL) { 2150 /* 2151 * The host name contains a colon, so it's 2152 * probably an IPv6 address, and needs to 2153 * be included in square brackets. 2154 */ 2155 pcapint_strlcat(source, "[", PCAP_BUF_SIZE); 2156 pcapint_strlcat(source, host, PCAP_BUF_SIZE); 2157 pcapint_strlcat(source, "]", PCAP_BUF_SIZE); 2158 } else 2159 pcapint_strlcat(source, host, PCAP_BUF_SIZE); 2160 2161 if (port != NULL && *port != '\0') { 2162 pcapint_strlcat(source, ":", PCAP_BUF_SIZE); 2163 pcapint_strlcat(source, port, PCAP_BUF_SIZE); 2164 } 2165 2166 pcapint_strlcat(source, "/", PCAP_BUF_SIZE); 2167 } else { 2168 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2169 "The host name cannot be NULL."); 2170 return (-1); 2171 } 2172 2173 if (name != NULL && *name != '\0') 2174 pcapint_strlcat(source, name, PCAP_BUF_SIZE); 2175 2176 return (0); 2177 2178 case PCAP_SRC_IFLOCAL: 2179 pcapint_strlcpy(source, PCAP_SRC_IF_STRING, PCAP_BUF_SIZE); 2180 2181 if (name != NULL && *name != '\0') 2182 pcapint_strlcat(source, name, PCAP_BUF_SIZE); 2183 2184 return (0); 2185 2186 default: 2187 snprintf(errbuf, PCAP_ERRBUF_SIZE, 2188 "The interface type is not valid."); 2189 return (-1); 2190 } 2191 } 2192 2193 2194 int 2195 pcap_createsrcstr(char *source, int type, const char *host, const char *port, 2196 const char *name, char *errbuf) 2197 { 2198 return (pcapint_createsrcstr_ex(source, type, host, port, name, 0, errbuf)); 2199 } 2200 2201 int 2202 pcapint_parsesrcstr_ex(const char *source, int *type, char *host, char *port, 2203 char *name, unsigned char *uses_ssl, char *errbuf) 2204 { 2205 char *scheme, *tmpuserinfo, *tmphost, *tmpport, *tmppath; 2206 2207 /* Initialization stuff */ 2208 if (host) 2209 *host = '\0'; 2210 if (port) 2211 *port = '\0'; 2212 if (name) 2213 *name = '\0'; 2214 if (uses_ssl) 2215 *uses_ssl = 0; 2216 2217 /* Parse the source string */ 2218 if (pcap_parse_source(source, &scheme, &tmpuserinfo, &tmphost, 2219 &tmpport, &tmppath, errbuf) == -1) { 2220 /* 2221 * Fail. 2222 */ 2223 return (-1); 2224 } 2225 2226 if (scheme == NULL) { 2227 /* 2228 * Local device. 2229 */ 2230 if (name && tmppath) 2231 pcapint_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2232 if (type) 2233 *type = PCAP_SRC_IFLOCAL; 2234 free(tmppath); 2235 free(tmpport); 2236 free(tmphost); 2237 free(tmpuserinfo); 2238 return (0); 2239 } 2240 2241 int is_rpcap = 0; 2242 if (strcmp(scheme, "rpcaps") == 0) { 2243 is_rpcap = 1; 2244 if (uses_ssl) *uses_ssl = 1; 2245 } else if (strcmp(scheme, "rpcap") == 0) { 2246 is_rpcap = 1; 2247 } 2248 2249 if (is_rpcap) { 2250 /* 2251 * rpcap[s]:// 2252 * 2253 * pcap_parse_source() has already handled the case of 2254 * rpcap[s]://device 2255 */ 2256 if (host && tmphost) { 2257 if (tmpuserinfo) 2258 snprintf(host, PCAP_BUF_SIZE, "%s@%s", 2259 tmpuserinfo, tmphost); 2260 else 2261 pcapint_strlcpy(host, tmphost, PCAP_BUF_SIZE); 2262 } 2263 if (port && tmpport) 2264 pcapint_strlcpy(port, tmpport, PCAP_BUF_SIZE); 2265 if (name && tmppath) 2266 pcapint_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2267 if (type) 2268 *type = PCAP_SRC_IFREMOTE; 2269 free(tmppath); 2270 free(tmpport); 2271 free(tmphost); 2272 free(tmpuserinfo); 2273 free(scheme); 2274 return (0); 2275 } 2276 2277 if (strcmp(scheme, "file") == 0) { 2278 /* 2279 * file:// 2280 */ 2281 if (name && tmppath) 2282 pcapint_strlcpy(name, tmppath, PCAP_BUF_SIZE); 2283 if (type) 2284 *type = PCAP_SRC_FILE; 2285 free(tmppath); 2286 free(tmpport); 2287 free(tmphost); 2288 free(tmpuserinfo); 2289 free(scheme); 2290 return (0); 2291 } 2292 2293 /* 2294 * The code above has already completely handled the case of no scheme, 2295 * as well as each case of a valid scheme. 2296 */ 2297 snprintf(errbuf, PCAP_ERRBUF_SIZE, "The source string URL scheme is not supported."); 2298 free(tmppath); 2299 free(tmpport); 2300 free(tmphost); 2301 free(tmpuserinfo); 2302 free(scheme); 2303 return (-1); 2304 } 2305 2306 int 2307 pcap_parsesrcstr(const char *source, int *type, char *host, char *port, 2308 char *name, char *errbuf) 2309 { 2310 return (pcapint_parsesrcstr_ex(source, type, host, port, name, NULL, errbuf)); 2311 } 2312 #endif 2313 2314 pcap_t * 2315 pcap_create(const char *device, char *errbuf) 2316 { 2317 size_t i; 2318 int is_theirs; 2319 pcap_t *p; 2320 char *device_str; 2321 2322 /* 2323 * A null device name is equivalent to the "any" device - 2324 * which might not be supported on this platform, but 2325 * this means that you'll get a "not supported" error 2326 * rather than, say, a crash when we try to dereference 2327 * the null pointer. 2328 */ 2329 if (device == NULL) 2330 device_str = strdup("any"); 2331 else { 2332 #ifdef _WIN32 2333 /* 2334 * On Windows, for backwards compatibility reasons, 2335 * pcap_lookupdev() returns a pointer to a sequence of 2336 * pairs of UTF-16LE device names and local code page 2337 * description strings. 2338 * 2339 * This means that if a program uses pcap_lookupdev() 2340 * to get a default device, and hands that to an API 2341 * that opens devices, we'll get handed a UTF-16LE 2342 * string, not a string in the local code page. 2343 * 2344 * To work around that, we check whether the string 2345 * looks as if it might be a UTF-16LE string and, if 2346 * so, convert it back to the local code page's 2347 * extended ASCII. 2348 * 2349 * We disable that check in "new API" mode, because: 2350 * 2351 * 1) You *cannot* reliably detect whether a 2352 * string is UTF-16LE or not; "a" could either 2353 * be a one-character ASCII string or the first 2354 * character of a UTF-16LE string. 2355 * 2356 * 2) Doing that test can run past the end of 2357 * the string, if it's a 1-character ASCII 2358 * string 2359 * 2360 * This particular version of this heuristic dates 2361 * back to WinPcap 4.1.1; PacketOpenAdapter() does 2362 * uses the same heuristic, with the exact same 2363 * vulnerability. 2364 * 2365 * That's why we disable this in "new API" mode. 2366 * We keep it around in legacy mode for backwards 2367 * compatibility. 2368 */ 2369 if (!pcapint_new_api && device[0] != '\0' && device[1] == '\0') { 2370 size_t length; 2371 2372 length = wcslen((wchar_t *)device); 2373 device_str = (char *)malloc(length + 1); 2374 if (device_str == NULL) { 2375 pcapint_fmt_errmsg_for_errno(errbuf, 2376 PCAP_ERRBUF_SIZE, errno, 2377 "malloc"); 2378 return (NULL); 2379 } 2380 2381 snprintf(device_str, length + 1, "%ws", 2382 (const wchar_t *)device); 2383 } else 2384 #endif 2385 device_str = strdup(device); 2386 } 2387 if (device_str == NULL) { 2388 pcapint_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE, 2389 errno, "malloc"); 2390 return (NULL); 2391 } 2392 2393 /* 2394 * Try each of the non-local-network-interface capture 2395 * source types until we find one that works for this 2396 * device or run out of types. 2397 */ 2398 for (i = 0; capture_source_types[i].create_op != NULL; i++) { 2399 is_theirs = 0; 2400 p = capture_source_types[i].create_op(device_str, errbuf, 2401 &is_theirs); 2402 if (is_theirs) { 2403 /* 2404 * The device name refers to a device of the 2405 * type in question; either it succeeded, 2406 * in which case p refers to a pcap_t to 2407 * later activate for the device, or it 2408 * failed, in which case p is null and we 2409 * should return that to report the failure 2410 * to create. 2411 */ 2412 if (p == NULL) { 2413 /* 2414 * We assume the caller filled in errbuf. 2415 */ 2416 free(device_str); 2417 return (NULL); 2418 } 2419 p->opt.device = device_str; 2420 return (p); 2421 } 2422 } 2423 2424 /* 2425 * OK, try it as a regular network interface. 2426 */ 2427 p = pcapint_create_interface(device_str, errbuf); 2428 if (p == NULL) { 2429 /* 2430 * We assume the caller filled in errbuf. 2431 */ 2432 free(device_str); 2433 return (NULL); 2434 } 2435 p->opt.device = device_str; 2436 return (p); 2437 } 2438 2439 /* 2440 * Set nonblocking mode on an unactivated pcap_t; this sets a flag 2441 * checked by pcap_activate(), which sets the mode after calling 2442 * the activate routine. 2443 */ 2444 static int 2445 pcap_setnonblock_unactivated(pcap_t *p, int nonblock) 2446 { 2447 p->opt.nonblock = nonblock; 2448 return (0); 2449 } 2450 2451 static void 2452 initialize_ops(pcap_t *p) 2453 { 2454 /* 2455 * Set operation pointers for operations that only work on 2456 * an activated pcap_t to point to a routine that returns 2457 * a "this isn't activated" error. 2458 */ 2459 p->read_op = pcap_read_not_initialized; 2460 p->inject_op = pcap_inject_not_initialized; 2461 p->setfilter_op = pcap_setfilter_not_initialized; 2462 p->setdirection_op = pcap_setdirection_not_initialized; 2463 p->set_datalink_op = pcap_set_datalink_not_initialized; 2464 p->getnonblock_op = pcap_getnonblock_not_initialized; 2465 p->stats_op = pcap_stats_not_initialized; 2466 #ifdef _WIN32 2467 p->stats_ex_op = pcap_stats_ex_not_initialized; 2468 p->setbuff_op = pcap_setbuff_not_initialized; 2469 p->setmode_op = pcap_setmode_not_initialized; 2470 p->setmintocopy_op = pcap_setmintocopy_not_initialized; 2471 p->getevent_op = pcap_getevent_not_initialized; 2472 p->oid_get_request_op = pcap_oid_get_request_not_initialized; 2473 p->oid_set_request_op = pcap_oid_set_request_not_initialized; 2474 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized; 2475 p->setuserbuffer_op = pcap_setuserbuffer_not_initialized; 2476 p->live_dump_op = pcap_live_dump_not_initialized; 2477 p->live_dump_ended_op = pcap_live_dump_ended_not_initialized; 2478 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized; 2479 #endif 2480 2481 /* 2482 * Default cleanup operation - implementations can override 2483 * this, but should call pcapint_cleanup_live_common() after 2484 * doing their own additional cleanup. 2485 */ 2486 p->cleanup_op = pcapint_cleanup_live_common; 2487 2488 /* 2489 * In most cases, the standard one-shot callback can 2490 * be used for pcap_next()/pcap_next_ex(). 2491 */ 2492 p->oneshot_callback = pcapint_oneshot; 2493 2494 /* 2495 * Default breakloop operation - implementations can override 2496 * this, but should call pcapint_breakloop_common() before doing 2497 * their own logic. 2498 */ 2499 p->breakloop_op = pcapint_breakloop_common; 2500 } 2501 2502 static pcap_t * 2503 pcap_alloc_pcap_t(char *ebuf, size_t total_size, size_t private_offset) 2504 { 2505 char *chunk; 2506 pcap_t *p; 2507 2508 /* 2509 * total_size is the size of a structure containing a pcap_t 2510 * followed by a private structure. 2511 */ 2512 chunk = calloc(total_size, 1); 2513 if (chunk == NULL) { 2514 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, 2515 errno, "malloc"); 2516 return (NULL); 2517 } 2518 2519 /* 2520 * Get a pointer to the pcap_t at the beginning. 2521 */ 2522 p = (pcap_t *)chunk; 2523 2524 #ifdef _WIN32 2525 p->handle = INVALID_HANDLE_VALUE; /* not opened yet */ 2526 #else /* _WIN32 */ 2527 p->fd = -1; /* not opened yet */ 2528 #ifndef MSDOS 2529 p->selectable_fd = -1; 2530 p->required_select_timeout = NULL; 2531 #endif /* MSDOS */ 2532 #endif /* _WIN32 */ 2533 2534 /* 2535 * private_offset is the offset, in bytes, of the private 2536 * data from the beginning of the structure. 2537 * 2538 * Set the pointer to the private data; that's private_offset 2539 * bytes past the pcap_t. 2540 */ 2541 p->priv = (void *)(chunk + private_offset); 2542 2543 return (p); 2544 } 2545 2546 pcap_t * 2547 pcapint_create_common(char *ebuf, size_t total_size, size_t private_offset) 2548 { 2549 pcap_t *p; 2550 2551 p = pcap_alloc_pcap_t(ebuf, total_size, private_offset); 2552 if (p == NULL) 2553 return (NULL); 2554 2555 /* 2556 * Default to "can't set rfmon mode"; if it's supported by 2557 * a platform, the create routine that called us can set 2558 * the op to its routine to check whether a particular 2559 * device supports it. 2560 */ 2561 p->can_set_rfmon_op = pcap_cant_set_rfmon; 2562 2563 /* 2564 * If pcap_setnonblock() is called on a not-yet-activated 2565 * pcap_t, default to setting a flag and turning 2566 * on non-blocking mode when activated. 2567 */ 2568 p->setnonblock_op = pcap_setnonblock_unactivated; 2569 2570 initialize_ops(p); 2571 2572 /* put in some defaults*/ 2573 p->snapshot = 0; /* max packet size unspecified */ 2574 p->opt.timeout = 0; /* no timeout specified */ 2575 p->opt.buffer_size = 0; /* use the platform's default */ 2576 p->opt.promisc = 0; 2577 p->opt.rfmon = 0; 2578 p->opt.immediate = 0; 2579 p->opt.tstamp_type = -1; /* default to not setting time stamp type */ 2580 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2581 /* 2582 * Platform-dependent options. 2583 */ 2584 #ifdef __linux__ 2585 p->opt.protocol = 0; 2586 #endif 2587 #ifdef _WIN32 2588 p->opt.nocapture_local = 0; 2589 #endif 2590 2591 /* 2592 * Start out with no BPF code generation flags set. 2593 */ 2594 p->bpf_codegen_flags = 0; 2595 2596 return (p); 2597 } 2598 2599 int 2600 pcapint_check_activated(pcap_t *p) 2601 { 2602 if (p->activated) { 2603 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform " 2604 " operation on activated capture"); 2605 return (-1); 2606 } 2607 return (0); 2608 } 2609 2610 int 2611 pcap_set_snaplen(pcap_t *p, int snaplen) 2612 { 2613 if (pcapint_check_activated(p)) 2614 return (PCAP_ERROR_ACTIVATED); 2615 p->snapshot = snaplen; 2616 return (0); 2617 } 2618 2619 int 2620 pcap_set_promisc(pcap_t *p, int promisc) 2621 { 2622 if (pcapint_check_activated(p)) 2623 return (PCAP_ERROR_ACTIVATED); 2624 p->opt.promisc = promisc; 2625 return (0); 2626 } 2627 2628 int 2629 pcap_set_rfmon(pcap_t *p, int rfmon) 2630 { 2631 if (pcapint_check_activated(p)) 2632 return (PCAP_ERROR_ACTIVATED); 2633 p->opt.rfmon = rfmon; 2634 return (0); 2635 } 2636 2637 int 2638 pcap_set_timeout(pcap_t *p, int timeout_ms) 2639 { 2640 if (pcapint_check_activated(p)) 2641 return (PCAP_ERROR_ACTIVATED); 2642 p->opt.timeout = timeout_ms; 2643 return (0); 2644 } 2645 2646 int 2647 pcap_set_tstamp_type(pcap_t *p, int tstamp_type) 2648 { 2649 int i; 2650 2651 if (pcapint_check_activated(p)) 2652 return (PCAP_ERROR_ACTIVATED); 2653 2654 /* 2655 * The argument should have been u_int, but that's too late 2656 * to change now - it's an API. 2657 */ 2658 if (tstamp_type < 0) 2659 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2660 2661 /* 2662 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; 2663 * the default time stamp type is PCAP_TSTAMP_HOST. 2664 */ 2665 if (p->tstamp_type_count == 0) { 2666 if (tstamp_type == PCAP_TSTAMP_HOST) { 2667 p->opt.tstamp_type = tstamp_type; 2668 return (0); 2669 } 2670 } else { 2671 /* 2672 * Check whether we claim to support this type of time stamp. 2673 */ 2674 for (i = 0; i < p->tstamp_type_count; i++) { 2675 if (p->tstamp_type_list[i] == (u_int)tstamp_type) { 2676 /* 2677 * Yes. 2678 */ 2679 p->opt.tstamp_type = tstamp_type; 2680 return (0); 2681 } 2682 } 2683 } 2684 2685 /* 2686 * We don't support this type of time stamp. 2687 */ 2688 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); 2689 } 2690 2691 int 2692 pcap_set_immediate_mode(pcap_t *p, int immediate) 2693 { 2694 if (pcapint_check_activated(p)) 2695 return (PCAP_ERROR_ACTIVATED); 2696 p->opt.immediate = immediate; 2697 return (0); 2698 } 2699 2700 int 2701 pcap_set_buffer_size(pcap_t *p, int buffer_size) 2702 { 2703 if (pcapint_check_activated(p)) 2704 return (PCAP_ERROR_ACTIVATED); 2705 if (buffer_size <= 0) { 2706 /* 2707 * Silently ignore invalid values. 2708 */ 2709 return (0); 2710 } 2711 p->opt.buffer_size = buffer_size; 2712 return (0); 2713 } 2714 2715 int 2716 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) 2717 { 2718 int i; 2719 2720 if (pcapint_check_activated(p)) 2721 return (PCAP_ERROR_ACTIVATED); 2722 2723 /* 2724 * The argument should have been u_int, but that's too late 2725 * to change now - it's an API. 2726 */ 2727 if (tstamp_precision < 0) 2728 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2729 2730 /* 2731 * If p->tstamp_precision_count is 0, we only support setting 2732 * the time stamp precision to microsecond precision; every 2733 * pcap module *MUST* support microsecond precision, even if 2734 * it does so by converting the native precision to 2735 * microseconds. 2736 */ 2737 if (p->tstamp_precision_count == 0) { 2738 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) { 2739 p->opt.tstamp_precision = tstamp_precision; 2740 return (0); 2741 } 2742 } else { 2743 /* 2744 * Check whether we claim to support this precision of 2745 * time stamp. 2746 */ 2747 for (i = 0; i < p->tstamp_precision_count; i++) { 2748 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { 2749 /* 2750 * Yes. 2751 */ 2752 p->opt.tstamp_precision = tstamp_precision; 2753 return (0); 2754 } 2755 } 2756 } 2757 2758 /* 2759 * We don't support this time stamp precision. 2760 */ 2761 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); 2762 } 2763 2764 int 2765 pcap_get_tstamp_precision(pcap_t *p) 2766 { 2767 return (p->opt.tstamp_precision); 2768 } 2769 2770 int 2771 pcap_activate(pcap_t *p) 2772 { 2773 int status; 2774 2775 /* 2776 * Catch attempts to re-activate an already-activated 2777 * pcap_t; this should, for example, catch code that 2778 * calls pcap_open_live() followed by pcap_activate(), 2779 * as some code that showed up in a Stack Exchange 2780 * question did. 2781 */ 2782 if (pcapint_check_activated(p)) 2783 return (PCAP_ERROR_ACTIVATED); 2784 status = p->activate_op(p); 2785 if (status >= 0) { 2786 /* 2787 * If somebody requested non-blocking mode before 2788 * calling pcap_activate(), turn it on now. 2789 */ 2790 if (p->opt.nonblock) { 2791 status = p->setnonblock_op(p, 1); 2792 if (status < 0) { 2793 /* 2794 * Failed. Undo everything done by 2795 * the activate operation. 2796 */ 2797 p->cleanup_op(p); 2798 initialize_ops(p); 2799 return (status); 2800 } 2801 } 2802 p->activated = 1; 2803 } else { 2804 if (p->errbuf[0] == '\0') { 2805 /* 2806 * No error message supplied by the activate routine; 2807 * for the benefit of programs that don't specially 2808 * handle errors other than PCAP_ERROR, return the 2809 * error message corresponding to the status. 2810 */ 2811 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s", 2812 pcap_statustostr(status)); 2813 } 2814 2815 /* 2816 * Undo any operation pointer setting, etc. done by 2817 * the activate operation. 2818 */ 2819 initialize_ops(p); 2820 } 2821 return (status); 2822 } 2823 2824 pcap_t * 2825 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf) 2826 { 2827 pcap_t *p; 2828 int status; 2829 #ifdef ENABLE_REMOTE 2830 char host[PCAP_BUF_SIZE + 1]; 2831 char port[PCAP_BUF_SIZE + 1]; 2832 char name[PCAP_BUF_SIZE + 1]; 2833 int srctype; 2834 2835 /* 2836 * A null device name is equivalent to the "any" device - 2837 * which might not be supported on this platform, but 2838 * this means that you'll get a "not supported" error 2839 * rather than, say, a crash when we try to dereference 2840 * the null pointer. 2841 */ 2842 if (device == NULL) 2843 device = "any"; 2844 2845 /* 2846 * Retrofit - we have to make older applications compatible with 2847 * remote capture. 2848 * So we're calling pcap_open_remote() from here; this is a very 2849 * dirty hack. 2850 * Obviously, we cannot exploit all the new features; for instance, 2851 * we cannot send authentication, we cannot use a UDP data connection, 2852 * and so on. 2853 */ 2854 if (pcap_parsesrcstr(device, &srctype, host, port, name, errbuf)) 2855 return (NULL); 2856 2857 if (srctype == PCAP_SRC_IFREMOTE) { 2858 /* 2859 * Although we already have host, port and iface, we prefer 2860 * to pass only 'device' to pcap_open_rpcap(), so that it has 2861 * to call pcap_parsesrcstr() again. 2862 * This is less optimized, but much clearer. 2863 */ 2864 return (pcap_open_rpcap(device, snaplen, 2865 promisc ? PCAP_OPENFLAG_PROMISCUOUS : 0, to_ms, 2866 NULL, errbuf)); 2867 } 2868 if (srctype == PCAP_SRC_FILE) { 2869 snprintf(errbuf, PCAP_ERRBUF_SIZE, "unknown URL scheme \"file\""); 2870 return (NULL); 2871 } 2872 if (srctype == PCAP_SRC_IFLOCAL) { 2873 /* 2874 * If it starts with rpcap://, that refers to a local device 2875 * (no host part in the URL). Remove the rpcap://, and 2876 * fall through to the regular open path. 2877 */ 2878 if (strncmp(device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) { 2879 size_t len = strlen(device) - strlen(PCAP_SRC_IF_STRING) + 1; 2880 2881 if (len > 0) 2882 device += strlen(PCAP_SRC_IF_STRING); 2883 } 2884 } 2885 #endif /* ENABLE_REMOTE */ 2886 2887 p = pcap_create(device, errbuf); 2888 if (p == NULL) 2889 return (NULL); 2890 status = pcap_set_snaplen(p, snaplen); 2891 if (status < 0) 2892 goto fail; 2893 status = pcap_set_promisc(p, promisc); 2894 if (status < 0) 2895 goto fail; 2896 status = pcap_set_timeout(p, to_ms); 2897 if (status < 0) 2898 goto fail; 2899 /* 2900 * Mark this as opened with pcap_open_live(), so that, for 2901 * example, we show the full list of DLT_ values, rather 2902 * than just the ones that are compatible with capturing 2903 * when not in monitor mode. That allows existing applications 2904 * to work the way they used to work, but allows new applications 2905 * that know about the new open API to, for example, find out the 2906 * DLT_ values that they can select without changing whether 2907 * the adapter is in monitor mode or not. 2908 */ 2909 p->oldstyle = 1; 2910 status = pcap_activate(p); 2911 if (status < 0) 2912 goto fail; 2913 return (p); 2914 fail: 2915 if (status == PCAP_ERROR) { 2916 /* 2917 * Another buffer is a bit cumbersome, but it avoids 2918 * -Wformat-truncation. 2919 */ 2920 char trimbuf[PCAP_ERRBUF_SIZE - 5]; /* 2 bytes shorter */ 2921 2922 pcapint_strlcpy(trimbuf, p->errbuf, sizeof(trimbuf)); 2923 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %.*s", device, 2924 PCAP_ERRBUF_SIZE - 3, trimbuf); 2925 } else if (status == PCAP_ERROR_NO_SUCH_DEVICE || 2926 status == PCAP_ERROR_PERM_DENIED || 2927 status == PCAP_ERROR_PROMISC_PERM_DENIED) { 2928 /* 2929 * Only show the additional message if it's not 2930 * empty. 2931 */ 2932 if (p->errbuf[0] != '\0') { 2933 /* 2934 * Idem. 2935 */ 2936 char trimbuf[PCAP_ERRBUF_SIZE - 8]; /* 2 bytes shorter */ 2937 2938 pcapint_strlcpy(trimbuf, p->errbuf, sizeof(trimbuf)); 2939 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%.*s)", 2940 device, pcap_statustostr(status), 2941 PCAP_ERRBUF_SIZE - 6, trimbuf); 2942 } else { 2943 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", 2944 device, pcap_statustostr(status)); 2945 } 2946 } else { 2947 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, 2948 pcap_statustostr(status)); 2949 } 2950 pcap_close(p); 2951 return (NULL); 2952 } 2953 2954 pcap_t * 2955 pcapint_open_offline_common(char *ebuf, size_t total_size, size_t private_offset) 2956 { 2957 pcap_t *p; 2958 2959 p = pcap_alloc_pcap_t(ebuf, total_size, private_offset); 2960 if (p == NULL) 2961 return (NULL); 2962 2963 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO; 2964 2965 return (p); 2966 } 2967 2968 int 2969 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2970 { 2971 return (p->read_op(p, cnt, callback, user)); 2972 } 2973 2974 int 2975 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 2976 { 2977 register int n; 2978 2979 for (;;) { 2980 if (p->rfile != NULL) { 2981 /* 2982 * 0 means EOF, so don't loop if we get 0. 2983 */ 2984 n = pcapint_offline_read(p, cnt, callback, user); 2985 } else { 2986 /* 2987 * XXX keep reading until we get something 2988 * (or an error occurs) 2989 */ 2990 do { 2991 n = p->read_op(p, cnt, callback, user); 2992 } while (n == 0); 2993 } 2994 if (n <= 0) 2995 return (n); 2996 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) { 2997 cnt -= n; 2998 if (cnt <= 0) 2999 return (0); 3000 } 3001 } 3002 } 3003 3004 /* 3005 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate. 3006 */ 3007 void 3008 pcap_breakloop(pcap_t *p) 3009 { 3010 p->breakloop_op(p); 3011 } 3012 3013 int 3014 pcap_datalink(pcap_t *p) 3015 { 3016 if (!p->activated) 3017 return (PCAP_ERROR_NOT_ACTIVATED); 3018 return (p->linktype); 3019 } 3020 3021 int 3022 pcap_datalink_ext(pcap_t *p) 3023 { 3024 if (!p->activated) 3025 return (PCAP_ERROR_NOT_ACTIVATED); 3026 return (p->linktype_ext); 3027 } 3028 3029 int 3030 pcap_list_datalinks(pcap_t *p, int **dlt_buffer) 3031 { 3032 if (!p->activated) 3033 return (PCAP_ERROR_NOT_ACTIVATED); 3034 if (p->dlt_count == 0) { 3035 /* 3036 * We couldn't fetch the list of DLTs, which means 3037 * this platform doesn't support changing the 3038 * DLT for an interface. Return a list of DLTs 3039 * containing only the DLT this device supports. 3040 */ 3041 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer)); 3042 if (*dlt_buffer == NULL) { 3043 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 3044 errno, "malloc"); 3045 return (PCAP_ERROR); 3046 } 3047 **dlt_buffer = p->linktype; 3048 return (1); 3049 } else { 3050 *dlt_buffer = (int*)calloc(p->dlt_count, sizeof(**dlt_buffer)); 3051 if (*dlt_buffer == NULL) { 3052 pcapint_fmt_errmsg_for_errno(p->errbuf, sizeof(p->errbuf), 3053 errno, "malloc"); 3054 return (PCAP_ERROR); 3055 } 3056 (void)memcpy(*dlt_buffer, p->dlt_list, 3057 sizeof(**dlt_buffer) * p->dlt_count); 3058 return (p->dlt_count); 3059 } 3060 } 3061 3062 /* 3063 * In Windows, you might have a library built with one version of the 3064 * C runtime library and an application built with another version of 3065 * the C runtime library, which means that the library might use one 3066 * version of malloc() and free() and the application might use another 3067 * version of malloc() and free(). If so, that means something 3068 * allocated by the library cannot be freed by the application, so we 3069 * need to have a pcap_free_datalinks() routine to free up the list 3070 * allocated by pcap_list_datalinks(), even though it's just a wrapper 3071 * around free(). 3072 */ 3073 void 3074 pcap_free_datalinks(int *dlt_list) 3075 { 3076 free(dlt_list); 3077 } 3078 3079 int 3080 pcap_set_datalink(pcap_t *p, int dlt) 3081 { 3082 int i; 3083 const char *dlt_name; 3084 3085 if (dlt < 0) 3086 goto unsupported; 3087 3088 if (p->dlt_count == 0 || p->set_datalink_op == NULL) { 3089 /* 3090 * We couldn't fetch the list of DLTs, or we don't 3091 * have a "set datalink" operation, which means 3092 * this platform doesn't support changing the 3093 * DLT for an interface. Check whether the new 3094 * DLT is the one this interface supports. 3095 */ 3096 if (p->linktype != dlt) 3097 goto unsupported; 3098 3099 /* 3100 * It is, so there's nothing we need to do here. 3101 */ 3102 return (0); 3103 } 3104 for (i = 0; i < p->dlt_count; i++) 3105 if (p->dlt_list[i] == (u_int)dlt) 3106 break; 3107 if (i >= p->dlt_count) 3108 goto unsupported; 3109 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB && 3110 dlt == DLT_DOCSIS) { 3111 /* 3112 * This is presumably an Ethernet device, as the first 3113 * link-layer type it offers is DLT_EN10MB, and the only 3114 * other type it offers is DLT_DOCSIS. That means that 3115 * we can't tell the driver to supply DOCSIS link-layer 3116 * headers - we're just pretending that's what we're 3117 * getting, as, presumably, we're capturing on a dedicated 3118 * link to a Cisco Cable Modem Termination System, and 3119 * it's putting raw DOCSIS frames on the wire inside low-level 3120 * Ethernet framing. 3121 */ 3122 p->linktype = dlt; 3123 return (0); 3124 } 3125 if (p->set_datalink_op(p, dlt) == -1) 3126 return (-1); 3127 p->linktype = dlt; 3128 return (0); 3129 3130 unsupported: 3131 dlt_name = pcap_datalink_val_to_name(dlt); 3132 if (dlt_name != NULL) { 3133 (void) snprintf(p->errbuf, sizeof(p->errbuf), 3134 "%s is not one of the DLTs supported by this device", 3135 dlt_name); 3136 } else { 3137 (void) snprintf(p->errbuf, sizeof(p->errbuf), 3138 "DLT %d is not one of the DLTs supported by this device", 3139 dlt); 3140 } 3141 return (-1); 3142 } 3143 3144 /* 3145 * This array is designed for mapping upper and lower case letter 3146 * together for a case independent comparison. The mappings are 3147 * based upon ascii character sequences. 3148 */ 3149 static const u_char charmap[] = { 3150 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003', 3151 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007', 3152 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013', 3153 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017', 3154 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023', 3155 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027', 3156 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033', 3157 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037', 3158 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043', 3159 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047', 3160 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053', 3161 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057', 3162 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063', 3163 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067', 3164 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073', 3165 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077', 3166 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143', 3167 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 3168 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 3169 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 3170 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 3171 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 3172 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133', 3173 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137', 3174 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143', 3175 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147', 3176 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153', 3177 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157', 3178 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163', 3179 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167', 3180 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173', 3181 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177', 3182 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203', 3183 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207', 3184 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213', 3185 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217', 3186 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223', 3187 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227', 3188 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233', 3189 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237', 3190 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243', 3191 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247', 3192 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253', 3193 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257', 3194 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263', 3195 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267', 3196 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273', 3197 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277', 3198 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343', 3199 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 3200 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 3201 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 3202 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 3203 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 3204 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333', 3205 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337', 3206 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343', 3207 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347', 3208 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353', 3209 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357', 3210 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363', 3211 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367', 3212 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373', 3213 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377', 3214 }; 3215 3216 int 3217 pcapint_strcasecmp(const char *s1, const char *s2) 3218 { 3219 register const u_char *cm = charmap, 3220 *us1 = (const u_char *)s1, 3221 *us2 = (const u_char *)s2; 3222 3223 while (cm[*us1] == cm[*us2++]) 3224 if (*us1++ == '\0') 3225 return(0); 3226 return (cm[*us1] - cm[*--us2]); 3227 } 3228 3229 struct dlt_choice { 3230 const char *name; 3231 const char *description; 3232 int dlt; 3233 }; 3234 3235 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code } 3236 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } 3237 3238 static struct dlt_choice dlt_choices[] = { 3239 DLT_CHOICE(NULL, "BSD loopback"), 3240 DLT_CHOICE(EN10MB, "Ethernet"), 3241 DLT_CHOICE(IEEE802, "Token ring"), 3242 DLT_CHOICE(ARCNET, "BSD ARCNET"), 3243 DLT_CHOICE(SLIP, "SLIP"), 3244 DLT_CHOICE(PPP, "PPP"), 3245 DLT_CHOICE(FDDI, "FDDI"), 3246 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"), 3247 DLT_CHOICE(RAW, "Raw IP"), 3248 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"), 3249 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"), 3250 DLT_CHOICE(ATM_CLIP, "Linux Classical IP over ATM"), 3251 DLT_CHOICE(PPP_SERIAL, "PPP over serial"), 3252 DLT_CHOICE(PPP_ETHER, "PPPoE"), 3253 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"), 3254 DLT_CHOICE(C_HDLC, "Cisco HDLC"), 3255 DLT_CHOICE(IEEE802_11, "802.11"), 3256 DLT_CHOICE(FRELAY, "Frame Relay"), 3257 DLT_CHOICE(LOOP, "OpenBSD loopback"), 3258 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"), 3259 DLT_CHOICE(LINUX_SLL, "Linux cooked v1"), 3260 DLT_CHOICE(LTALK, "Localtalk"), 3261 DLT_CHOICE(PFLOG, "OpenBSD pflog file"), 3262 DLT_CHOICE(PFSYNC, "Packet filter state syncing"), 3263 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"), 3264 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), 3265 DLT_CHOICE(SUNATM, "Sun raw ATM"), 3266 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"), 3267 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"), 3268 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"), 3269 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"), 3270 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"), 3271 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"), 3272 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"), 3273 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"), 3274 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"), 3275 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"), 3276 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), 3277 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"), 3278 DLT_CHOICE(MTP2, "SS7 MTP2"), 3279 DLT_CHOICE(MTP3, "SS7 MTP3"), 3280 DLT_CHOICE(SCCP, "SS7 SCCP"), 3281 DLT_CHOICE(DOCSIS, "DOCSIS"), 3282 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"), 3283 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), 3284 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"), 3285 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"), 3286 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"), 3287 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"), 3288 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"), 3289 DLT_CHOICE(GPRS_LLC, "GPRS LLC"), 3290 DLT_CHOICE(GPF_T, "GPF-T"), 3291 DLT_CHOICE(GPF_F, "GPF-F"), 3292 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"), 3293 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"), 3294 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"), 3295 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"), 3296 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"), 3297 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"), 3298 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"), 3299 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"), 3300 DLT_CHOICE(MFR, "FRF.16 Frame Relay"), 3301 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"), 3302 DLT_CHOICE(A429, "Arinc 429"), 3303 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"), 3304 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"), 3305 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"), 3306 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"), 3307 DLT_CHOICE(USB_LINUX, "USB with Linux header"), 3308 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"), 3309 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"), 3310 DLT_CHOICE(PPI, "Per-Packet Information"), 3311 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"), 3312 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"), 3313 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"), 3314 DLT_CHOICE(SITA, "SITA pseudo-header"), 3315 DLT_CHOICE(ERF, "Endace ERF header"), 3316 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"), 3317 DLT_CHOICE(IPMB_KONTRON, "IPMB with Kontron pseudo-header"), 3318 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"), 3319 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"), 3320 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"), 3321 DLT_CHOICE(IPMB_LINUX, "IPMB with Linux/Pigeon Point pseudo-header"), 3322 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"), 3323 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"), 3324 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"), 3325 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"), 3326 DLT_CHOICE(DECT, "DECT"), 3327 DLT_CHOICE(AOS, "AOS Space Data Link protocol"), 3328 DLT_CHOICE(WIHART, "WirelessHART"), 3329 DLT_CHOICE(FC_2, "Fibre Channel FC-2"), 3330 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"), 3331 DLT_CHOICE(IPNET, "Solaris ipnet"), 3332 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"), 3333 DLT_CHOICE(IPV4, "Raw IPv4"), 3334 DLT_CHOICE(IPV6, "Raw IPv6"), 3335 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"), 3336 DLT_CHOICE(DBUS, "D-Bus"), 3337 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"), 3338 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"), 3339 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"), 3340 DLT_CHOICE(DVB_CI, "DVB-CI"), 3341 DLT_CHOICE(MUX27010, "MUX27010"), 3342 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"), 3343 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"), 3344 DLT_CHOICE(NFLOG, "Linux netfilter log messages"), 3345 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"), 3346 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"), 3347 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"), 3348 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"), 3349 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"), 3350 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"), 3351 DLT_CHOICE(INFINIBAND, "InfiniBand"), 3352 DLT_CHOICE(SCTP, "SCTP"), 3353 DLT_CHOICE(USBPCAP, "USB with USBPcap header"), 3354 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"), 3355 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"), 3356 DLT_CHOICE(NETLINK, "Linux netlink"), 3357 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"), 3358 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"), 3359 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"), 3360 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"), 3361 DLT_CHOICE(PKTAP, "Apple PKTAP"), 3362 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"), 3363 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"), 3364 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"), 3365 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"), 3366 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"), 3367 DLT_CHOICE(ISO_14443, "ISO 14443 messages"), 3368 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"), 3369 DLT_CHOICE(USB_DARWIN, "USB with Darwin header"), 3370 DLT_CHOICE(OPENFLOW, "OpenBSD OpenFlow"), 3371 DLT_CHOICE(SDLC, "IBM SDLC frames"), 3372 DLT_CHOICE(TI_LLN_SNIFFER, "TI LLN sniffer frames"), 3373 DLT_CHOICE(VSOCK, "Linux vsock"), 3374 DLT_CHOICE(NORDIC_BLE, "Nordic Semiconductor Bluetooth LE sniffer frames"), 3375 DLT_CHOICE(DOCSIS31_XRA31, "Excentis XRA-31 DOCSIS 3.1 RF sniffer frames"), 3376 DLT_CHOICE(ETHERNET_MPACKET, "802.3br mPackets"), 3377 DLT_CHOICE(DISPLAYPORT_AUX, "DisplayPort AUX channel monitoring data"), 3378 DLT_CHOICE(LINUX_SLL2, "Linux cooked v2"), 3379 DLT_CHOICE(OPENVIZSLA, "OpenVizsla USB"), 3380 DLT_CHOICE(EBHSCR, "Elektrobit High Speed Capture and Replay (EBHSCR)"), 3381 DLT_CHOICE(VPP_DISPATCH, "VPP graph dispatch tracer"), 3382 DLT_CHOICE(DSA_TAG_BRCM, "Broadcom tag"), 3383 DLT_CHOICE(DSA_TAG_BRCM_PREPEND, "Broadcom tag (prepended)"), 3384 DLT_CHOICE(IEEE802_15_4_TAP, "IEEE 802.15.4 with pseudo-header"), 3385 DLT_CHOICE(DSA_TAG_DSA, "Marvell DSA"), 3386 DLT_CHOICE(DSA_TAG_EDSA, "Marvell EDSA"), 3387 DLT_CHOICE(ELEE, "ELEE lawful intercept packets"), 3388 DLT_CHOICE(Z_WAVE_SERIAL, "Z-Wave serial frames between host and chip"), 3389 DLT_CHOICE(USB_2_0, "USB 2.0/1.1/1.0 as transmitted over the cable"), 3390 DLT_CHOICE(ATSC_ALP, "ATSC Link-Layer Protocol packets"), 3391 DLT_CHOICE(ETW, "Event Tracing for Windows messages"), 3392 DLT_CHOICE(NETANALYZER_NG, "Hilscher netANALYZER NG pseudo-footer"), 3393 DLT_CHOICE(ZBOSS_NCP, "ZBOSS NCP protocol with pseudo-header"), 3394 DLT_CHOICE(USB_2_0_LOW_SPEED, "Low-Speed USB 2.0/1.1/1.0 as transmitted over the cable"), 3395 DLT_CHOICE(USB_2_0_FULL_SPEED, "Full-Speed USB 2.0/1.1/1.0 as transmitted over the cable"), 3396 DLT_CHOICE(USB_2_0_HIGH_SPEED, "High-Speed USB 2.0 as transmitted over the cable"), 3397 DLT_CHOICE(AUERSWALD_LOG, "Auerswald Logger Protocol"), 3398 DLT_CHOICE(ZWAVE_TAP, "Z-Wave packets with a TAP meta-data header"), 3399 DLT_CHOICE(SILABS_DEBUG_CHANNEL, "Silicon Labs debug channel protocol"), 3400 DLT_CHOICE(FIRA_UCI, "Ultra-wideband controller interface protocol"), 3401 DLT_CHOICE(MDB, "Multi-Drop Bus"), 3402 DLT_CHOICE(DECT_NR, "DECT New Radio"), 3403 DLT_CHOICE(USER0, "Private use 0"), 3404 DLT_CHOICE(USER1, "Private use 1"), 3405 DLT_CHOICE(USER2, "Private use 2"), 3406 DLT_CHOICE(USER3, "Private use 3"), 3407 DLT_CHOICE(USER4, "Private use 4"), 3408 DLT_CHOICE(USER5, "Private use 5"), 3409 DLT_CHOICE(USER6, "Private use 6"), 3410 DLT_CHOICE(USER7, "Private use 7"), 3411 DLT_CHOICE(USER8, "Private use 8"), 3412 DLT_CHOICE(USER9, "Private use 9"), 3413 DLT_CHOICE(USER10, "Private use 10"), 3414 DLT_CHOICE(USER11, "Private use 11"), 3415 DLT_CHOICE(USER12, "Private use 12"), 3416 DLT_CHOICE(USER13, "Private use 13"), 3417 DLT_CHOICE(USER14, "Private use 14"), 3418 DLT_CHOICE(USER15, "Private use 15"), 3419 DLT_CHOICE(EDK2_MM, "edk2 mm request serialization protocol"), 3420 DLT_CHOICE(DEBUG_ONLY, "unstructured data for manual debugging only"), 3421 DLT_CHOICE_SENTINEL 3422 }; 3423 3424 int 3425 pcap_datalink_name_to_val(const char *name) 3426 { 3427 int i; 3428 3429 for (i = 0; dlt_choices[i].name != NULL; i++) { 3430 if (pcapint_strcasecmp(dlt_choices[i].name, name) == 0) 3431 return (dlt_choices[i].dlt); 3432 } 3433 return (-1); 3434 } 3435 3436 const char * 3437 pcap_datalink_val_to_name(int dlt) 3438 { 3439 int i; 3440 3441 for (i = 0; dlt_choices[i].name != NULL; i++) { 3442 if (dlt_choices[i].dlt == dlt) 3443 return (dlt_choices[i].name); 3444 } 3445 return (NULL); 3446 } 3447 3448 const char * 3449 pcap_datalink_val_to_description(int dlt) 3450 { 3451 int i; 3452 3453 for (i = 0; dlt_choices[i].name != NULL; i++) { 3454 if (dlt_choices[i].dlt == dlt) 3455 return (dlt_choices[i].description); 3456 } 3457 return (NULL); 3458 } 3459 3460 const char * 3461 pcap_datalink_val_to_description_or_dlt(int dlt) 3462 { 3463 static thread_local char unkbuf[40]; 3464 const char *description; 3465 3466 description = pcap_datalink_val_to_description(dlt); 3467 if (description != NULL) { 3468 return description; 3469 } else { 3470 (void)snprintf(unkbuf, sizeof(unkbuf), "DLT %d", dlt); 3471 return unkbuf; 3472 } 3473 } 3474 3475 struct tstamp_type_choice { 3476 const char *name; 3477 const char *description; 3478 int type; 3479 }; 3480 3481 static struct tstamp_type_choice tstamp_type_choices[] = { 3482 { "host", "Host", PCAP_TSTAMP_HOST }, 3483 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC }, 3484 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC }, 3485 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER }, 3486 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED }, 3487 { "host_hiprec_unsynced", "Host, high precision, not synced with system time", PCAP_TSTAMP_HOST_HIPREC_UNSYNCED }, 3488 { NULL, NULL, 0 } 3489 }; 3490 3491 int 3492 pcap_tstamp_type_name_to_val(const char *name) 3493 { 3494 int i; 3495 3496 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3497 if (pcapint_strcasecmp(tstamp_type_choices[i].name, name) == 0) 3498 return (tstamp_type_choices[i].type); 3499 } 3500 return (PCAP_ERROR); 3501 } 3502 3503 const char * 3504 pcap_tstamp_type_val_to_name(int tstamp_type) 3505 { 3506 int i; 3507 3508 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3509 if (tstamp_type_choices[i].type == tstamp_type) 3510 return (tstamp_type_choices[i].name); 3511 } 3512 return (NULL); 3513 } 3514 3515 const char * 3516 pcap_tstamp_type_val_to_description(int tstamp_type) 3517 { 3518 int i; 3519 3520 for (i = 0; tstamp_type_choices[i].name != NULL; i++) { 3521 if (tstamp_type_choices[i].type == tstamp_type) 3522 return (tstamp_type_choices[i].description); 3523 } 3524 return (NULL); 3525 } 3526 3527 int 3528 pcap_snapshot(pcap_t *p) 3529 { 3530 if (!p->activated) 3531 return (PCAP_ERROR_NOT_ACTIVATED); 3532 return (p->snapshot); 3533 } 3534 3535 int 3536 pcap_is_swapped(pcap_t *p) 3537 { 3538 if (!p->activated) 3539 return (PCAP_ERROR_NOT_ACTIVATED); 3540 return (p->swapped); 3541 } 3542 3543 int 3544 pcap_major_version(pcap_t *p) 3545 { 3546 if (!p->activated) 3547 return (PCAP_ERROR_NOT_ACTIVATED); 3548 return (p->version_major); 3549 } 3550 3551 int 3552 pcap_minor_version(pcap_t *p) 3553 { 3554 if (!p->activated) 3555 return (PCAP_ERROR_NOT_ACTIVATED); 3556 return (p->version_minor); 3557 } 3558 3559 int 3560 pcap_bufsize(pcap_t *p) 3561 { 3562 if (!p->activated) 3563 return (PCAP_ERROR_NOT_ACTIVATED); 3564 return (p->bufsize); 3565 } 3566 3567 FILE * 3568 pcap_file(pcap_t *p) 3569 { 3570 return (p->rfile); 3571 } 3572 3573 #ifdef _WIN32 3574 int 3575 pcap_fileno(pcap_t *p) 3576 { 3577 if (p->handle != INVALID_HANDLE_VALUE) { 3578 /* 3579 * This is a bogus and now-deprecated API; we 3580 * squelch the narrowing warning for the cast 3581 * from HANDLE to intptr_t. If Windows programmers 3582 * need to get at the HANDLE for a pcap_t, *if* 3583 * there is one, they should request such a 3584 * routine (and be prepared for it to return 3585 * INVALID_HANDLE_VALUE). 3586 */ 3587 DIAG_OFF_NARROWING 3588 return ((int)(intptr_t)p->handle); 3589 DIAG_ON_NARROWING 3590 } else 3591 return (PCAP_ERROR); 3592 } 3593 #else /* _WIN32 */ 3594 int 3595 pcap_fileno(pcap_t *p) 3596 { 3597 return (p->fd); 3598 } 3599 #endif /* _WIN32 */ 3600 3601 #if !defined(_WIN32) && !defined(MSDOS) 3602 int 3603 pcap_get_selectable_fd(pcap_t *p) 3604 { 3605 return (p->selectable_fd); 3606 } 3607 3608 const struct timeval * 3609 pcap_get_required_select_timeout(pcap_t *p) 3610 { 3611 return (p->required_select_timeout); 3612 } 3613 #endif 3614 3615 void 3616 pcap_perror(pcap_t *p, const char *prefix) 3617 { 3618 fprintf(stderr, "%s: %s\n", prefix, p->errbuf); 3619 } 3620 3621 char * 3622 pcap_geterr(pcap_t *p) 3623 { 3624 return (p->errbuf); 3625 } 3626 3627 int 3628 pcap_getnonblock(pcap_t *p, char *errbuf) 3629 { 3630 int ret; 3631 3632 ret = p->getnonblock_op(p); 3633 if (ret == -1) { 3634 /* 3635 * The get nonblock operation sets p->errbuf; this 3636 * function *shouldn't* have had a separate errbuf 3637 * argument, as it didn't need one, but I goofed 3638 * when adding it. 3639 * 3640 * We copy the error message to errbuf, so callers 3641 * can find it in either place. 3642 */ 3643 pcapint_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3644 } 3645 return (ret); 3646 } 3647 3648 /* 3649 * Get the current non-blocking mode setting, under the assumption that 3650 * it's just the standard POSIX non-blocking flag. 3651 */ 3652 #if !defined(_WIN32) && !defined(MSDOS) 3653 int 3654 pcapint_getnonblock_fd(pcap_t *p) 3655 { 3656 int fdflags; 3657 3658 fdflags = fcntl(p->fd, F_GETFL, 0); 3659 if (fdflags == -1) { 3660 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3661 errno, "F_GETFL"); 3662 return (-1); 3663 } 3664 if (fdflags & O_NONBLOCK) 3665 return (1); 3666 else 3667 return (0); 3668 } 3669 #endif 3670 3671 int 3672 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf) 3673 { 3674 int ret; 3675 3676 ret = p->setnonblock_op(p, nonblock); 3677 if (ret == -1) { 3678 /* 3679 * The set nonblock operation sets p->errbuf; this 3680 * function *shouldn't* have had a separate errbuf 3681 * argument, as it didn't need one, but I goofed 3682 * when adding it. 3683 * 3684 * We copy the error message to errbuf, so callers 3685 * can find it in either place. 3686 */ 3687 pcapint_strlcpy(errbuf, p->errbuf, PCAP_ERRBUF_SIZE); 3688 } 3689 return (ret); 3690 } 3691 3692 #if !defined(_WIN32) && !defined(MSDOS) 3693 /* 3694 * Set non-blocking mode, under the assumption that it's just the 3695 * standard POSIX non-blocking flag. (This can be called by the 3696 * per-platform non-blocking-mode routine if that routine also 3697 * needs to do some additional work.) 3698 */ 3699 int 3700 pcapint_setnonblock_fd(pcap_t *p, int nonblock) 3701 { 3702 int fdflags; 3703 3704 fdflags = fcntl(p->fd, F_GETFL, 0); 3705 if (fdflags == -1) { 3706 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3707 errno, "F_GETFL"); 3708 return (-1); 3709 } 3710 if (nonblock) 3711 fdflags |= O_NONBLOCK; 3712 else 3713 fdflags &= ~O_NONBLOCK; 3714 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 3715 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 3716 errno, "F_SETFL"); 3717 return (-1); 3718 } 3719 return (0); 3720 } 3721 #endif 3722 3723 /* 3724 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values. 3725 */ 3726 const char * 3727 pcap_statustostr(int errnum) 3728 { 3729 static thread_local char ebuf[15+10+1]; 3730 3731 switch (errnum) { 3732 3733 case PCAP_WARNING: 3734 return("Generic warning"); 3735 3736 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP: 3737 return ("That type of time stamp is not supported by that device"); 3738 3739 case PCAP_WARNING_PROMISC_NOTSUP: 3740 return ("That device doesn't support promiscuous mode"); 3741 3742 case PCAP_ERROR: 3743 return("Generic error"); 3744 3745 case PCAP_ERROR_BREAK: 3746 return("Loop terminated by pcap_breakloop"); 3747 3748 case PCAP_ERROR_NOT_ACTIVATED: 3749 return("The pcap_t has not been activated"); 3750 3751 case PCAP_ERROR_ACTIVATED: 3752 return ("The setting can't be changed after the pcap_t is activated"); 3753 3754 case PCAP_ERROR_NO_SUCH_DEVICE: 3755 return ("No such device exists"); 3756 3757 case PCAP_ERROR_RFMON_NOTSUP: 3758 return ("That device doesn't support monitor mode"); 3759 3760 case PCAP_ERROR_NOT_RFMON: 3761 return ("That operation is supported only in monitor mode"); 3762 3763 case PCAP_ERROR_PERM_DENIED: 3764 return ("You don't have permission to perform this capture on that device"); 3765 3766 case PCAP_ERROR_IFACE_NOT_UP: 3767 return ("That device is not up"); 3768 3769 case PCAP_ERROR_CANTSET_TSTAMP_TYPE: 3770 return ("That device doesn't support setting the time stamp type"); 3771 3772 case PCAP_ERROR_PROMISC_PERM_DENIED: 3773 return ("You don't have permission to capture in promiscuous mode on that device"); 3774 3775 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP: 3776 return ("That device doesn't support that time stamp precision"); 3777 3778 case PCAP_ERROR_CAPTURE_NOTSUP: 3779 return ("Packet capture is not supported on that device"); 3780 } 3781 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 3782 return(ebuf); 3783 } 3784 3785 /* 3786 * A long time ago the purpose of this function was to hide the difference 3787 * between those Unix-like OSes that implemented strerror() and those that 3788 * didn't. All the currently supported OSes implement strerror(), which is in 3789 * POSIX.1-2001, uniformly and that particular problem no longer exists. But 3790 * now they implement a few incompatible thread-safe variants of strerror(), 3791 * and hiding that difference is the current purpose of this function. 3792 */ 3793 const char * 3794 pcap_strerror(int errnum) 3795 { 3796 #ifdef _WIN32 3797 static thread_local char errbuf[PCAP_ERRBUF_SIZE]; 3798 errno_t err = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum); 3799 3800 if (err != 0) /* err = 0 if successful */ 3801 pcapint_strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE); 3802 return (errbuf); 3803 #elif defined(HAVE_GNU_STRERROR_R) 3804 /* 3805 * We have a GNU-style strerror_r(), which is *not* guaranteed to 3806 * do anything to the buffer handed to it, and which returns a 3807 * pointer to the error string, which may or may not be in 3808 * the buffer. 3809 * 3810 * It is, however, guaranteed to succeed. 3811 * 3812 * At the time of this writing this applies to the following cases, 3813 * each of which allows to use either the GNU implementation or the 3814 * POSIX implementation, and this source tree defines _GNU_SOURCE to 3815 * use the GNU implementation: 3816 * - Hurd 3817 * - Linux with GNU libc 3818 * - Linux with uClibc-ng 3819 */ 3820 static thread_local char errbuf[PCAP_ERRBUF_SIZE]; 3821 return strerror_r(errnum, errbuf, PCAP_ERRBUF_SIZE); 3822 #elif defined(HAVE_POSIX_STRERROR_R) 3823 /* 3824 * We have a POSIX-style strerror_r(), which is guaranteed to fill 3825 * in the buffer, but is not guaranteed to succeed. 3826 * 3827 * At the time of this writing this applies to the following cases: 3828 * - AIX 7 3829 * - FreeBSD 3830 * - Haiku 3831 * - HP-UX 11 3832 * - illumos 3833 * - Linux with musl libc 3834 * - macOS 3835 * - NetBSD 3836 * - OpenBSD 3837 * - Solaris 10 & 11 3838 */ 3839 static thread_local char errbuf[PCAP_ERRBUF_SIZE]; 3840 int err = strerror_r(errnum, errbuf, PCAP_ERRBUF_SIZE); 3841 switch (err) { 3842 case 0: 3843 /* That worked. */ 3844 break; 3845 3846 case EINVAL: 3847 /* 3848 * UNIX 03 says this isn't guaranteed to produce a 3849 * fallback error message. 3850 */ 3851 snprintf(errbuf, PCAP_ERRBUF_SIZE, 3852 "Unknown error: %d", errnum); 3853 break; 3854 case ERANGE: 3855 /* 3856 * UNIX 03 says this isn't guaranteed to produce a 3857 * fallback error message. 3858 */ 3859 snprintf(errbuf, PCAP_ERRBUF_SIZE, 3860 "Message for error %d is too long", errnum); 3861 break; 3862 default: 3863 snprintf(errbuf, PCAP_ERRBUF_SIZE, 3864 "strerror_r(%d, ...) unexpectedly returned %d", 3865 errnum, err); 3866 } 3867 return errbuf; 3868 #else 3869 /* 3870 * At the time of this writing every supported OS implements strerror() 3871 * and at least one thread-safe variant thereof, so this is a very 3872 * unlikely last-resort branch. Particular implementations of strerror() 3873 * may be thread-safe, but this is neither required nor guaranteed. 3874 */ 3875 return (strerror(errnum)); 3876 #endif /* _WIN32 */ 3877 } 3878 3879 int 3880 pcap_setfilter(pcap_t *p, struct bpf_program *fp) 3881 { 3882 return (p->setfilter_op(p, fp)); 3883 } 3884 3885 /* 3886 * Set direction flag, which controls whether we accept only incoming 3887 * packets, only outgoing packets, or both. 3888 * Note that, depending on the platform, some or all direction arguments 3889 * might not be supported. 3890 */ 3891 int 3892 pcap_setdirection(pcap_t *p, pcap_direction_t d) 3893 { 3894 if (p->setdirection_op == NULL) { 3895 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 3896 "Setting direction is not supported on this device"); 3897 return (-1); 3898 } else { 3899 switch (d) { 3900 3901 case PCAP_D_IN: 3902 case PCAP_D_OUT: 3903 case PCAP_D_INOUT: 3904 /* 3905 * Valid direction. 3906 */ 3907 return (p->setdirection_op(p, d)); 3908 3909 default: 3910 /* 3911 * Invalid direction. 3912 */ 3913 snprintf(p->errbuf, sizeof(p->errbuf), 3914 "Invalid direction"); 3915 return (-1); 3916 } 3917 } 3918 } 3919 3920 int 3921 pcap_stats(pcap_t *p, struct pcap_stat *ps) 3922 { 3923 return (p->stats_op(p, ps)); 3924 } 3925 3926 #ifdef _WIN32 3927 struct pcap_stat * 3928 pcap_stats_ex(pcap_t *p, int *pcap_stat_size) 3929 { 3930 return (p->stats_ex_op(p, pcap_stat_size)); 3931 } 3932 3933 int 3934 pcap_setbuff(pcap_t *p, int dim) 3935 { 3936 return (p->setbuff_op(p, dim)); 3937 } 3938 3939 int 3940 pcap_setmode(pcap_t *p, int mode) 3941 { 3942 return (p->setmode_op(p, mode)); 3943 } 3944 3945 int 3946 pcap_setmintocopy(pcap_t *p, int size) 3947 { 3948 return (p->setmintocopy_op(p, size)); 3949 } 3950 3951 HANDLE 3952 pcap_getevent(pcap_t *p) 3953 { 3954 return (p->getevent_op(p)); 3955 } 3956 3957 int 3958 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp) 3959 { 3960 return (p->oid_get_request_op(p, oid, data, lenp)); 3961 } 3962 3963 int 3964 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp) 3965 { 3966 return (p->oid_set_request_op(p, oid, data, lenp)); 3967 } 3968 3969 pcap_send_queue * 3970 pcap_sendqueue_alloc(u_int memsize) 3971 { 3972 pcap_send_queue *tqueue; 3973 3974 /* Allocate the queue */ 3975 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue)); 3976 if (tqueue == NULL){ 3977 return (NULL); 3978 } 3979 3980 /* Allocate the buffer */ 3981 tqueue->buffer = (char *)malloc(memsize); 3982 if (tqueue->buffer == NULL) { 3983 free(tqueue); 3984 return (NULL); 3985 } 3986 3987 tqueue->maxlen = memsize; 3988 tqueue->len = 0; 3989 3990 return (tqueue); 3991 } 3992 3993 void 3994 pcap_sendqueue_destroy(pcap_send_queue *queue) 3995 { 3996 free(queue->buffer); 3997 free(queue); 3998 } 3999 4000 int 4001 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data) 4002 { 4003 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){ 4004 return (-1); 4005 } 4006 4007 /* Copy the pcap_pkthdr header*/ 4008 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr)); 4009 queue->len += sizeof(struct pcap_pkthdr); 4010 4011 /* copy the packet */ 4012 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen); 4013 queue->len += pkt_header->caplen; 4014 4015 return (0); 4016 } 4017 4018 u_int 4019 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync) 4020 { 4021 return (p->sendqueue_transmit_op(p, queue, sync)); 4022 } 4023 4024 int 4025 pcap_setuserbuffer(pcap_t *p, int size) 4026 { 4027 return (p->setuserbuffer_op(p, size)); 4028 } 4029 4030 int 4031 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks) 4032 { 4033 return (p->live_dump_op(p, filename, maxsize, maxpacks)); 4034 } 4035 4036 int 4037 pcap_live_dump_ended(pcap_t *p, int sync) 4038 { 4039 return (p->live_dump_ended_op(p, sync)); 4040 } 4041 4042 PAirpcapHandle 4043 pcap_get_airpcap_handle(pcap_t *p) 4044 { 4045 PAirpcapHandle handle; 4046 4047 handle = p->get_airpcap_handle_op(p); 4048 if (handle == NULL) { 4049 (void)snprintf(p->errbuf, sizeof(p->errbuf), 4050 "This isn't an AirPcap device"); 4051 } 4052 return (handle); 4053 } 4054 #endif 4055 4056 /* 4057 * On some platforms, we need to clean up promiscuous or monitor mode 4058 * when we close a device - and we want that to happen even if the 4059 * application just exits without explicitly closing devices. 4060 * On those platforms, we need to register a "close all the pcaps" 4061 * routine to be called when we exit, and need to maintain a list of 4062 * pcaps that need to be closed to clean up modes. 4063 * 4064 * XXX - not thread-safe. 4065 */ 4066 4067 /* 4068 * List of pcaps on which we've done something that needs to be 4069 * cleaned up. 4070 * If there are any such pcaps, we arrange to call "pcap_close_all()" 4071 * when we exit, and have it close all of them. 4072 */ 4073 static struct pcap *pcaps_to_close; 4074 4075 /* 4076 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to 4077 * be called on exit. 4078 */ 4079 static int did_atexit; 4080 4081 static void 4082 pcap_close_all(void) 4083 { 4084 struct pcap *handle; 4085 4086 while ((handle = pcaps_to_close) != NULL) { 4087 pcap_close(handle); 4088 4089 /* 4090 * If a pcap module adds a pcap_t to the "close all" 4091 * list by calling pcapint_add_to_pcaps_to_close(), it 4092 * must have a cleanup routine that removes it from the 4093 * list, by calling pcapint_remove_from_pcaps_to_close(), 4094 * and must make that cleanup routine the cleanup_op 4095 * for the pcap_t. 4096 * 4097 * That means that, after pcap_close() - which calls 4098 * the cleanup_op for the pcap_t - the pcap_t must 4099 * have been removed from the list, so pcaps_to_close 4100 * must not be equal to handle. 4101 * 4102 * We check for that, and abort if handle is still 4103 * at the head of the list, to prevent infinite loops. 4104 */ 4105 if (pcaps_to_close == handle) 4106 abort(); 4107 } 4108 } 4109 4110 int 4111 pcapint_do_addexit(pcap_t *p) 4112 { 4113 /* 4114 * If we haven't already done so, arrange to have 4115 * "pcap_close_all()" called when we exit. 4116 */ 4117 if (!did_atexit) { 4118 if (atexit(pcap_close_all) != 0) { 4119 /* 4120 * "atexit()" failed; let our caller know. 4121 */ 4122 pcapint_strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE); 4123 return (0); 4124 } 4125 did_atexit = 1; 4126 } 4127 return (1); 4128 } 4129 4130 void 4131 pcapint_add_to_pcaps_to_close(pcap_t *p) 4132 { 4133 p->next = pcaps_to_close; 4134 pcaps_to_close = p; 4135 } 4136 4137 void 4138 pcapint_remove_from_pcaps_to_close(pcap_t *p) 4139 { 4140 pcap_t *pc, *prevpc; 4141 4142 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL; 4143 prevpc = pc, pc = pc->next) { 4144 if (pc == p) { 4145 /* 4146 * Found it. Remove it from the list. 4147 */ 4148 if (prevpc == NULL) { 4149 /* 4150 * It was at the head of the list. 4151 */ 4152 pcaps_to_close = pc->next; 4153 } else { 4154 /* 4155 * It was in the middle of the list. 4156 */ 4157 prevpc->next = pc->next; 4158 } 4159 break; 4160 } 4161 } 4162 } 4163 4164 void 4165 pcapint_breakloop_common(pcap_t *p) 4166 { 4167 p->break_loop = 1; 4168 } 4169 4170 4171 void 4172 pcapint_cleanup_live_common(pcap_t *p) 4173 { 4174 if (p->opt.device != NULL) { 4175 free(p->opt.device); 4176 p->opt.device = NULL; 4177 } 4178 if (p->buffer != NULL) { 4179 free(p->buffer); 4180 p->buffer = NULL; 4181 } 4182 if (p->dlt_list != NULL) { 4183 free(p->dlt_list); 4184 p->dlt_list = NULL; 4185 p->dlt_count = 0; 4186 } 4187 if (p->tstamp_type_list != NULL) { 4188 free(p->tstamp_type_list); 4189 p->tstamp_type_list = NULL; 4190 p->tstamp_type_count = 0; 4191 } 4192 if (p->tstamp_precision_list != NULL) { 4193 free(p->tstamp_precision_list); 4194 p->tstamp_precision_list = NULL; 4195 p->tstamp_precision_count = 0; 4196 } 4197 pcap_freecode(&p->fcode); 4198 #if !defined(_WIN32) && !defined(MSDOS) 4199 if (p->fd >= 0) { 4200 close(p->fd); 4201 p->fd = -1; 4202 } 4203 p->selectable_fd = -1; 4204 #endif 4205 } 4206 4207 /* 4208 * API compatible with WinPcap's "send a packet" routine - returns -1 4209 * on error, 0 otherwise. 4210 * 4211 * XXX - what if we get a short write? 4212 */ 4213 int 4214 pcap_sendpacket(pcap_t *p, const u_char *buf, int size) 4215 { 4216 if (size <= 0) { 4217 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4218 errno, "The number of bytes to be sent must be positive"); 4219 return (PCAP_ERROR); 4220 } 4221 4222 if (p->inject_op(p, buf, size) == -1) 4223 return (-1); 4224 return (0); 4225 } 4226 4227 /* 4228 * API compatible with OpenBSD's "send a packet" routine - returns -1 on 4229 * error, number of bytes written otherwise. 4230 */ 4231 int 4232 pcap_inject(pcap_t *p, const void *buf, size_t size) 4233 { 4234 /* 4235 * We return the number of bytes written, so the number of 4236 * bytes to write must fit in an int. 4237 */ 4238 if (size > INT_MAX) { 4239 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4240 errno, "More than %d bytes cannot be injected", INT_MAX); 4241 return (PCAP_ERROR); 4242 } 4243 4244 if (size == 0) { 4245 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 4246 errno, "The number of bytes to be injected must not be zero"); 4247 return (PCAP_ERROR); 4248 } 4249 4250 return (p->inject_op(p, buf, size)); 4251 } 4252 4253 void 4254 pcap_close(pcap_t *p) 4255 { 4256 p->cleanup_op(p); 4257 free(p); 4258 } 4259 4260 /* 4261 * Helpers for safely loading code at run time. 4262 * Currently Windows-only. 4263 */ 4264 #ifdef _WIN32 4265 // 4266 // This wrapper around loadlibrary appends the system folder (usually 4267 // C:\Windows\System32) to the relative path of the DLL, so that the DLL 4268 // is always loaded from an absolute path (it's no longer possible to 4269 // load modules from the application folder). 4270 // This solves the DLL Hijacking issue discovered in August 2010: 4271 // 4272 // https://blog.rapid7.com/2010/08/23/exploiting-dll-hijacking-flaws/ 4273 // https://blog.rapid7.com/2010/08/23/application-dll-load-hijacking/ 4274 // (the purported Rapid7 blog post link in the first of those two links 4275 // is broken; the second of those links works.) 4276 // 4277 // If any links there are broken from all the content shuffling Rapid& 4278 // did, see archived versions of the posts at their original homes, at 4279 // 4280 // https://web.archive.org/web/20110122175058/http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html 4281 // https://web.archive.org/web/20100828112111/http://blog.rapid7.com/?p=5325 4282 // 4283 pcap_code_handle_t 4284 pcapint_load_code(const char *name) 4285 { 4286 /* 4287 * XXX - should this work in UTF-16LE rather than in the local 4288 * ANSI code page? 4289 */ 4290 CHAR path[MAX_PATH]; 4291 CHAR fullFileName[MAX_PATH]; 4292 UINT res; 4293 HMODULE hModule = NULL; 4294 4295 do 4296 { 4297 res = GetSystemDirectoryA(path, MAX_PATH); 4298 4299 if (res == 0) { 4300 // 4301 // some bad failure occurred; 4302 // 4303 break; 4304 } 4305 4306 if (res > MAX_PATH) { 4307 // 4308 // the buffer was not big enough 4309 // 4310 SetLastError(ERROR_INSUFFICIENT_BUFFER); 4311 break; 4312 } 4313 4314 if (res + 1 + strlen(name) + 1 < MAX_PATH) { 4315 memcpy(fullFileName, path, res * sizeof(TCHAR)); 4316 fullFileName[res] = '\\'; 4317 memcpy(&fullFileName[res + 1], name, (strlen(name) + 1) * sizeof(TCHAR)); 4318 4319 hModule = LoadLibraryA(fullFileName); 4320 } else 4321 SetLastError(ERROR_INSUFFICIENT_BUFFER); 4322 4323 } while(FALSE); 4324 4325 return hModule; 4326 } 4327 4328 /* 4329 * Casting from FARPROC, which is the type of the return value of 4330 * GetProcAddress(), to a function pointer gets a C4191 warning 4331 * from Visual Studio 2022. 4332 * 4333 * Casting FARPROC to void * and returning the result, and then 4334 * casting the void * to a function pointer, doesn't get the 4335 * same warning. 4336 * 4337 * Given that, and given that the equivalent UN*X API, dlsym(), 4338 * returns a void *, we have pcapint_find_function() return 4339 * a void *. 4340 */ 4341 void * 4342 pcapint_find_function(pcap_code_handle_t code, const char *func) 4343 { 4344 return ((void *)GetProcAddress(code, func)); 4345 } 4346 #endif 4347 4348 /* 4349 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw 4350 * data for the packet, check whether the packet passes the filter. 4351 * Returns the return value of the filter program, which will be zero if 4352 * the packet doesn't pass and non-zero if the packet does pass. 4353 */ 4354 int 4355 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h, 4356 const u_char *pkt) 4357 { 4358 const struct bpf_insn *fcode = fp->bf_insns; 4359 4360 if (fcode != NULL) 4361 return (pcapint_filter(fcode, pkt, h->len, h->caplen)); 4362 else 4363 return (0); 4364 } 4365 4366 static int 4367 pcap_can_set_rfmon_dead(pcap_t *p) 4368 { 4369 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4370 "Rfmon mode doesn't apply on a pcap_open_dead pcap_t"); 4371 return (PCAP_ERROR); 4372 } 4373 4374 static int 4375 pcap_read_dead(pcap_t *p, int cnt _U_, pcap_handler callback _U_, 4376 u_char *user _U_) 4377 { 4378 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4379 "Packets aren't available from a pcap_open_dead pcap_t"); 4380 return (-1); 4381 } 4382 4383 static void 4384 pcap_breakloop_dead(pcap_t *p _U_) 4385 { 4386 /* 4387 * A "dead" pcap_t is just a placeholder to use in order to 4388 * compile a filter to BPF code or to open a savefile for 4389 * writing. It doesn't support any operations, including 4390 * capturing or reading packets, so there will never be a 4391 * get-packets loop in progress to break out *of*. 4392 * 4393 * As such, this routine doesn't need to do anything. 4394 */ 4395 } 4396 4397 static int 4398 pcap_inject_dead(pcap_t *p, const void *buf _U_, size_t size _U_) 4399 { 4400 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4401 "Packets can't be sent on a pcap_open_dead pcap_t"); 4402 return (-1); 4403 } 4404 4405 static int 4406 pcap_setfilter_dead(pcap_t *p, struct bpf_program *fp _U_) 4407 { 4408 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4409 "A filter cannot be set on a pcap_open_dead pcap_t"); 4410 return (-1); 4411 } 4412 4413 static int 4414 pcap_setdirection_dead(pcap_t *p, pcap_direction_t d _U_) 4415 { 4416 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4417 "The packet direction cannot be set on a pcap_open_dead pcap_t"); 4418 return (-1); 4419 } 4420 4421 static int 4422 pcap_set_datalink_dead(pcap_t *p, int dlt _U_) 4423 { 4424 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4425 "The link-layer header type cannot be set on a pcap_open_dead pcap_t"); 4426 return (-1); 4427 } 4428 4429 static int 4430 pcap_getnonblock_dead(pcap_t *p) 4431 { 4432 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4433 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 4434 return (-1); 4435 } 4436 4437 static int 4438 pcap_setnonblock_dead(pcap_t *p, int nonblock _U_) 4439 { 4440 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4441 "A pcap_open_dead pcap_t does not have a non-blocking mode setting"); 4442 return (-1); 4443 } 4444 4445 static int 4446 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_) 4447 { 4448 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4449 "Statistics aren't available from a pcap_open_dead pcap_t"); 4450 return (-1); 4451 } 4452 4453 #ifdef _WIN32 4454 static struct pcap_stat * 4455 pcap_stats_ex_dead(pcap_t *p, int *pcap_stat_size _U_) 4456 { 4457 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4458 "Statistics aren't available from a pcap_open_dead pcap_t"); 4459 return (NULL); 4460 } 4461 4462 static int 4463 pcap_setbuff_dead(pcap_t *p, int dim _U_) 4464 { 4465 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4466 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t"); 4467 return (-1); 4468 } 4469 4470 static int 4471 pcap_setmode_dead(pcap_t *p, int mode _U_) 4472 { 4473 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4474 "impossible to set mode on a pcap_open_dead pcap_t"); 4475 return (-1); 4476 } 4477 4478 static int 4479 pcap_setmintocopy_dead(pcap_t *p, int size _U_) 4480 { 4481 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4482 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t"); 4483 return (-1); 4484 } 4485 4486 static HANDLE 4487 pcap_getevent_dead(pcap_t *p) 4488 { 4489 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4490 "A pcap_open_dead pcap_t has no event handle"); 4491 return (INVALID_HANDLE_VALUE); 4492 } 4493 4494 static int 4495 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, 4496 size_t *lenp _U_) 4497 { 4498 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4499 "An OID get request cannot be performed on a pcap_open_dead pcap_t"); 4500 return (PCAP_ERROR); 4501 } 4502 4503 static int 4504 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_, 4505 size_t *lenp _U_) 4506 { 4507 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4508 "An OID set request cannot be performed on a pcap_open_dead pcap_t"); 4509 return (PCAP_ERROR); 4510 } 4511 4512 static u_int 4513 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue _U_, 4514 int sync _U_) 4515 { 4516 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4517 "Packets cannot be transmitted on a pcap_open_dead pcap_t"); 4518 return (0); 4519 } 4520 4521 static int 4522 pcap_setuserbuffer_dead(pcap_t *p, int size _U_) 4523 { 4524 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4525 "The user buffer cannot be set on a pcap_open_dead pcap_t"); 4526 return (-1); 4527 } 4528 4529 static int 4530 pcap_live_dump_dead(pcap_t *p, char *filename _U_, int maxsize _U_, 4531 int maxpacks _U_) 4532 { 4533 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4534 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 4535 return (-1); 4536 } 4537 4538 static int 4539 pcap_live_dump_ended_dead(pcap_t *p, int sync _U_) 4540 { 4541 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 4542 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t"); 4543 return (-1); 4544 } 4545 4546 static PAirpcapHandle 4547 pcap_get_airpcap_handle_dead(pcap_t *p _U_) 4548 { 4549 return (NULL); 4550 } 4551 #endif /* _WIN32 */ 4552 4553 static void 4554 pcap_cleanup_dead(pcap_t *p _U_) 4555 { 4556 /* Nothing to do. */ 4557 } 4558 4559 pcap_t * 4560 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) 4561 { 4562 pcap_t *p; 4563 4564 switch (precision) { 4565 4566 case PCAP_TSTAMP_PRECISION_MICRO: 4567 case PCAP_TSTAMP_PRECISION_NANO: 4568 break; 4569 4570 default: 4571 /* 4572 * This doesn't really matter, but we don't have any way 4573 * to report particular errors, so the only failure we 4574 * should have is a memory allocation failure. Just 4575 * pick microsecond precision. 4576 */ 4577 precision = PCAP_TSTAMP_PRECISION_MICRO; 4578 break; 4579 } 4580 p = malloc(sizeof(*p)); 4581 if (p == NULL) 4582 return NULL; 4583 memset (p, 0, sizeof(*p)); 4584 p->snapshot = snaplen; 4585 p->linktype = linktype; 4586 p->opt.tstamp_precision = precision; 4587 p->can_set_rfmon_op = pcap_can_set_rfmon_dead; 4588 p->read_op = pcap_read_dead; 4589 p->inject_op = pcap_inject_dead; 4590 p->setfilter_op = pcap_setfilter_dead; 4591 p->setdirection_op = pcap_setdirection_dead; 4592 p->set_datalink_op = pcap_set_datalink_dead; 4593 p->getnonblock_op = pcap_getnonblock_dead; 4594 p->setnonblock_op = pcap_setnonblock_dead; 4595 p->stats_op = pcap_stats_dead; 4596 #ifdef _WIN32 4597 p->stats_ex_op = pcap_stats_ex_dead; 4598 p->setbuff_op = pcap_setbuff_dead; 4599 p->setmode_op = pcap_setmode_dead; 4600 p->setmintocopy_op = pcap_setmintocopy_dead; 4601 p->getevent_op = pcap_getevent_dead; 4602 p->oid_get_request_op = pcap_oid_get_request_dead; 4603 p->oid_set_request_op = pcap_oid_set_request_dead; 4604 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead; 4605 p->setuserbuffer_op = pcap_setuserbuffer_dead; 4606 p->live_dump_op = pcap_live_dump_dead; 4607 p->live_dump_ended_op = pcap_live_dump_ended_dead; 4608 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead; 4609 #endif 4610 p->breakloop_op = pcap_breakloop_dead; 4611 p->cleanup_op = pcap_cleanup_dead; 4612 4613 /* 4614 * A "dead" pcap_t never requires special BPF code generation. 4615 */ 4616 p->bpf_codegen_flags = 0; 4617 4618 p->activated = 1; 4619 return (p); 4620 } 4621 4622 pcap_t * 4623 pcap_open_dead(int linktype, int snaplen) 4624 { 4625 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen, 4626 PCAP_TSTAMP_PRECISION_MICRO)); 4627 } 4628 4629 #ifdef YYDEBUG 4630 /* 4631 * Set the internal "debug printout" flag for the filter expression parser. 4632 * The code to print that stuff is present only if YYDEBUG is defined, so 4633 * the flag, and the routine to set it, are defined only if YYDEBUG is 4634 * defined. 4635 * 4636 * This is intended for libpcap developers, not for general use. 4637 * If you want to set these in a program, you'll have to declare this 4638 * routine yourself, with the appropriate DLL import attribute on Windows; 4639 * it's not declared in any header file, and won't be declared in any 4640 * header file provided by libpcap. 4641 */ 4642 PCAP_API void pcap_set_parser_debug(int value); 4643 4644 PCAP_API_DEF void 4645 pcap_set_parser_debug(int value) 4646 { 4647 pcap_debug = value; 4648 } 4649 #endif 4650
Indexes created Mon May 25 00:24:39 UTC 2026