#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <stdio.h>
Include dependency graph for pcap.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
|
|
Definition at line 145 of file pcap.h. Referenced by add_or_find_if(), and pcap_lookupdev(). |
|
Definition at line 51 of file pcap.h. Referenced by pcap_open_offline(), and sf_write_header(). |
|
Definition at line 52 of file pcap.h. Referenced by sf_write_header(). |
|
|
|
|
|
Definition at line 68 of file pcap.h. Referenced by add_addr_to_iflist(), and pcap_freealldevs(). |
|
Definition at line 66 of file pcap.h. Referenced by PktDumper::Open(), PacketDumper::PacketDumper(), pcap_dump_close(), pcap_dump_open(), and PktDumper::PcapDumper(). |
|
Definition at line 158 of file pcap.h. Referenced by pcap_dispatch(), pcap_loop(), pcap_offline_read(), pcap_read(), and pcap_read_packet(). |
|
Definition at line 67 of file pcap.h. Referenced by add_addr_to_iflist(), add_or_find_if(), pcap_add_if(), pcap_findalldevs(), pcap_freealldevs(), and pcap_lookupdev(). |
|
|
Definition at line 34 of file bpf_dump.c. References bpf_image(), option, p, printf(), and puts().
00035 { 00036 struct bpf_insn *insn; 00037 int i; 00038 int n = p->bf_len; 00039 00040 insn = p->bf_insns; 00041 if (option > 2) { 00042 printf("%d\n", n); 00043 for (i = 0; i < n; ++insn, ++i) { 00044 printf("%u %u %u %u\n", insn->code, 00045 insn->jt, insn->jf, insn->k); 00046 } 00047 return ; 00048 } 00049 if (option > 1) { 00050 for (i = 0; i < n; ++insn, ++i) 00051 printf("{ 0x%x, %d, %d, 0x%08x },\n", 00052 insn->code, insn->jt, insn->jf, insn->k); 00053 return; 00054 } 00055 for (i = 0; i < n; ++insn, ++i) { 00056 #ifdef BDEBUG 00057 extern int bids[]; 00058 printf(bids[i] > 0 ? "[%02d]" : " -- ", bids[i] - 1); 00059 #endif 00060 puts(bpf_image(insn, i)); 00061 } 00062 } |
|
Definition at line 181 of file bpf/net/bpf_filter.c. References BPF_A, BPF_ABS, BPF_ADD, BPF_ALU, BPF_AND, BPF_B, BPF_DIV, BPF_H, BPF_IMM, BPF_IND, BPF_JA, BPF_JEQ, BPF_JGE, BPF_JGT, BPF_JMP, BPF_JSET, BPF_K, BPF_LD, BPF_LDX, BPF_LEN, BPF_LSH, BPF_MEM, BPF_MEMWORDS, BPF_MISC, BPF_MSH, BPF_MUL, BPF_NEG, BPF_OR, BPF_RET, BPF_RSH, BPF_ST, BPF_STX, BPF_SUB, BPF_TAX, BPF_TXA, BPF_W, BPF_X, EXTRACT_LONG, EXTRACT_SHORT, int32, len, MLEN, p, and u_int32.
00186 { 00187 register u_int32 A, X; 00188 register int k; 00189 int32 mem[BPF_MEMWORDS]; 00190 #if defined(KERNEL) || defined(_KERNEL) 00191 struct mbuf *m, *n; 00192 int merr, len; 00193 00194 if (buflen == 0) { 00195 m = (struct mbuf *)p; 00196 p = mtod(m, u_char *); 00197 buflen = MLEN(m); 00198 } else 00199 m = NULL; 00200 #endif 00201 00202 if (pc == 0) 00203 /* 00204 * No filter means accept all. 00205 */ 00206 return (u_int)-1; 00207 A = 0; 00208 X = 0; 00209 --pc; 00210 while (1) { 00211 ++pc; 00212 switch (pc->code) { 00213 00214 default: 00215 #if defined(KERNEL) || defined(_KERNEL) 00216 return 0; 00217 #else 00218 abort(); 00219 #endif 00220 case BPF_RET|BPF_K: 00221 return (u_int)pc->k; 00222 00223 case BPF_RET|BPF_A: 00224 return (u_int)A; 00225 00226 case BPF_LD|BPF_W|BPF_ABS: 00227 k = pc->k; 00228 if (k + sizeof(int32) > buflen) { 00229 #if defined(KERNEL) || defined(_KERNEL) 00230 if (m == NULL) 00231 return 0; 00232 A = m_xword(m, k, &merr); 00233 if (merr != 0) 00234 return 0; 00235 continue; 00236 #else 00237 return 0; 00238 #endif 00239 } 00240 A = EXTRACT_LONG(&p[k]); 00241 continue; 00242 00243 case BPF_LD|BPF_H|BPF_ABS: 00244 k = pc->k; 00245 if (k + sizeof(short) > buflen) { 00246 #if defined(KERNEL) || defined(_KERNEL) 00247 if (m == NULL) 00248 return 0; 00249 A = m_xhalf(m, k, &merr); 00250 if (merr != 0) 00251 return 0; 00252 continue; 00253 #else 00254 return 0; 00255 #endif 00256 } 00257 A = EXTRACT_SHORT(&p[k]); 00258 continue; 00259 00260 case BPF_LD|BPF_B|BPF_ABS: 00261 k = pc->k; 00262 if (k >= buflen) { 00263 #if defined(KERNEL) || defined(_KERNEL) 00264 if (m == NULL) 00265 return 0; 00266 n = m; 00267 MINDEX(len, n, k); 00268 A = mtod(n, u_char *)[k]; 00269 continue; 00270 #else 00271 return 0; 00272 #endif 00273 } 00274 A = p[k]; 00275 continue; 00276 00277 case BPF_LD|BPF_W|BPF_LEN: 00278 A = wirelen; 00279 continue; 00280 00281 case BPF_LDX|BPF_W|BPF_LEN: 00282 X = wirelen; 00283 continue; 00284 00285 case BPF_LD|BPF_W|BPF_IND: 00286 k = X + pc->k; 00287 if (k + sizeof(int32) > buflen) { 00288 #if defined(KERNEL) || defined(_KERNEL) 00289 if (m == NULL) 00290 return 0; 00291 A = m_xword(m, k, &merr); 00292 if (merr != 0) 00293 return 0; 00294 continue; 00295 #else 00296 return 0; 00297 #endif 00298 } 00299 A = EXTRACT_LONG(&p[k]); 00300 continue; 00301 00302 case BPF_LD|BPF_H|BPF_IND: 00303 k = X + pc->k; 00304 if (k + sizeof(short) > buflen) { 00305 #if defined(KERNEL) || defined(_KERNEL) 00306 if (m == NULL) 00307 return 0; 00308 A = m_xhalf(m, k, &merr); 00309 if (merr != 0) 00310 return 0; 00311 continue; 00312 #else 00313 return 0; 00314 #endif 00315 } 00316 A = EXTRACT_SHORT(&p[k]); 00317 continue; 00318 00319 case BPF_LD|BPF_B|BPF_IND: 00320 k = X + pc->k; 00321 if (k >= buflen) { 00322 #if defined(KERNEL) || defined(_KERNEL) 00323 if (m == NULL) 00324 return 0; 00325 n = m; 00326 MINDEX(len, n, k); 00327 A = mtod(n, u_char *)[k]; 00328 continue; 00329 #else 00330 return 0; 00331 #endif 00332 } 00333 A = p[k]; 00334 continue; 00335 00336 case BPF_LDX|BPF_MSH|BPF_B: 00337 k = pc->k; 00338 if (k >= buflen) { 00339 #if defined(KERNEL) || defined(_KERNEL) 00340 if (m == NULL) 00341 return 0; 00342 n = m; 00343 MINDEX(len, n, k); 00344 X = (mtod(n, char *)[k] & 0xf) << 2; 00345 continue; 00346 #else 00347 return 0; 00348 #endif 00349 } 00350 X = (p[pc->k] & 0xf) << 2; 00351 continue; 00352 00353 case BPF_LD|BPF_IMM: 00354 A = pc->k; 00355 continue; 00356 00357 case BPF_LDX|BPF_IMM: 00358 X = pc->k; 00359 continue; 00360 00361 case BPF_LD|BPF_MEM: 00362 A = mem[pc->k]; 00363 continue; 00364 00365 case BPF_LDX|BPF_MEM: 00366 X = mem[pc->k]; 00367 continue; 00368 00369 case BPF_ST: 00370 mem[pc->k] = A; 00371 continue; 00372 00373 case BPF_STX: 00374 mem[pc->k] = X; 00375 continue; 00376 00377 case BPF_JMP|BPF_JA: 00378 pc += pc->k; 00379 continue; 00380 00381 case BPF_JMP|BPF_JGT|BPF_K: 00382 pc += (A > pc->k) ? pc->jt : pc->jf; 00383 continue; 00384 00385 case BPF_JMP|BPF_JGE|BPF_K: 00386 pc += (A >= pc->k) ? pc->jt : pc->jf; 00387 continue; 00388 00389 case BPF_JMP|BPF_JEQ|BPF_K: 00390 pc += (A == pc->k) ? pc->jt : pc->jf; 00391 continue; 00392 00393 case BPF_JMP|BPF_JSET|BPF_K: 00394 pc += (A & pc->k) ? pc->jt : pc->jf; 00395 continue; 00396 00397 case BPF_JMP|BPF_JGT|BPF_X: 00398 pc += (A > X) ? pc->jt : pc->jf; 00399 continue; 00400 00401 case BPF_JMP|BPF_JGE|BPF_X: 00402 pc += (A >= X) ? pc->jt : pc->jf; 00403 continue; 00404 00405 case BPF_JMP|BPF_JEQ|BPF_X: 00406 pc += (A == X) ? pc->jt : pc->jf; 00407 continue; 00408 00409 case BPF_JMP|BPF_JSET|BPF_X: 00410 pc += (A & X) ? pc->jt : pc->jf; 00411 continue; 00412 00413 case BPF_ALU|BPF_ADD|BPF_X: 00414 A += X; 00415 continue; 00416 00417 case BPF_ALU|BPF_SUB|BPF_X: 00418 A -= X; 00419 continue; 00420 00421 case BPF_ALU|BPF_MUL|BPF_X: 00422 A *= X; 00423 continue; 00424 00425 case BPF_ALU|BPF_DIV|BPF_X: 00426 if (X == 0) 00427 return 0; 00428 A /= X; 00429 continue; 00430 00431 case BPF_ALU|BPF_AND|BPF_X: 00432 A &= X; 00433 continue; 00434 00435 case BPF_ALU|BPF_OR|BPF_X: 00436 A |= X; 00437 continue; 00438 00439 case BPF_ALU|BPF_LSH|BPF_X: 00440 A <<= X; 00441 continue; 00442 00443 case BPF_ALU|BPF_RSH|BPF_X: 00444 A >>= X; 00445 continue; 00446 00447 case BPF_ALU|BPF_ADD|BPF_K: 00448 A += pc->k; 00449 continue; 00450 00451 case BPF_ALU|BPF_SUB|BPF_K: 00452 A -= pc->k; 00453 continue; 00454 00455 case BPF_ALU|BPF_MUL|BPF_K: 00456 A *= pc->k; 00457 continue; 00458 00459 case BPF_ALU|BPF_DIV|BPF_K: 00460 A /= pc->k; 00461 continue; 00462 00463 case BPF_ALU|BPF_AND|BPF_K: 00464 A &= pc->k; 00465 continue; 00466 00467 case BPF_ALU|BPF_OR|BPF_K: 00468 A |= pc->k; 00469 continue; 00470 00471 case BPF_ALU|BPF_LSH|BPF_K: 00472 A <<= pc->k; 00473 continue; 00474 00475 case BPF_ALU|BPF_RSH|BPF_K: 00476 A >>= pc->k; 00477 continue; 00478 00479 case BPF_ALU|BPF_NEG: 00480 A = -A; 00481 continue; 00482 00483 case BPF_MISC|BPF_TAX: 00484 X = A; 00485 continue; 00486 00487 case BPF_MISC|BPF_TXA: 00488 A = X; 00489 continue; 00490 } 00491 } 00492 } |
|
Definition at line 41 of file bpf_image.c. References BPF_A, BPF_ABS, BPF_ADD, BPF_ALU, BPF_AND, BPF_B, BPF_CLASS, BPF_DIV, BPF_H, BPF_IMM, BPF_IND, BPF_JA, BPF_JEQ, BPF_JGE, BPF_JGT, BPF_JMP, BPF_JSET, BPF_K, BPF_LD, BPF_LDX, BPF_LEN, BPF_LSH, BPF_MEM, BPF_MISC, BPF_MSH, BPF_MUL, BPF_NEG, BPF_OP, BPF_OR, BPF_RET, BPF_RSH, BPF_ST, BPF_STX, BPF_SUB, BPF_TAX, BPF_TXA, BPF_W, BPF_X, fmt, p, and snprintf(). Referenced by bpf_dump().
00044 { 00045 int v; 00046 char *fmt, *op; 00047 static char image[256]; 00048 char operand[64]; 00049 00050 v = p->k; 00051 switch (p->code) { 00052 00053 default: 00054 op = "unimp"; 00055 fmt = "0x%x"; 00056 v = p->code; 00057 break; 00058 00059 case BPF_RET|BPF_K: 00060 op = "ret"; 00061 fmt = "#%d"; 00062 break; 00063 00064 case BPF_RET|BPF_A: 00065 op = "ret"; 00066 fmt = ""; 00067 break; 00068 00069 case BPF_LD|BPF_W|BPF_ABS: 00070 op = "ld"; 00071 fmt = "[%d]"; 00072 break; 00073 00074 case BPF_LD|BPF_H|BPF_ABS: 00075 op = "ldh"; 00076 fmt = "[%d]"; 00077 break; 00078 00079 case BPF_LD|BPF_B|BPF_ABS: 00080 op = "ldb"; 00081 fmt = "[%d]"; 00082 break; 00083 00084 case BPF_LD|BPF_W|BPF_LEN: 00085 op = "ld"; 00086 fmt = "#pktlen"; 00087 break; 00088 00089 case BPF_LD|BPF_W|BPF_IND: 00090 op = "ld"; 00091 fmt = "[x + %d]"; 00092 break; 00093 00094 case BPF_LD|BPF_H|BPF_IND: 00095 op = "ldh"; 00096 fmt = "[x + %d]"; 00097 break; 00098 00099 case BPF_LD|BPF_B|BPF_IND: 00100 op = "ldb"; 00101 fmt = "[x + %d]"; 00102 break; 00103 00104 case BPF_LD|BPF_IMM: 00105 op = "ld"; 00106 fmt = "#0x%x"; 00107 break; 00108 00109 case BPF_LDX|BPF_IMM: 00110 op = "ldx"; 00111 fmt = "#0x%x"; 00112 break; 00113 00114 case BPF_LDX|BPF_MSH|BPF_B: 00115 op = "ldxb"; 00116 fmt = "4*([%d]&0xf)"; 00117 break; 00118 00119 case BPF_LD|BPF_MEM: 00120 op = "ld"; 00121 fmt = "M[%d]"; 00122 break; 00123 00124 case BPF_LDX|BPF_MEM: 00125 op = "ldx"; 00126 fmt = "M[%d]"; 00127 break; 00128 00129 case BPF_ST: 00130 op = "st"; 00131 fmt = "M[%d]"; 00132 break; 00133 00134 case BPF_STX: 00135 op = "stx"; 00136 fmt = "M[%d]"; 00137 break; 00138 00139 case BPF_JMP|BPF_JA: 00140 op = "ja"; 00141 fmt = "%d"; 00142 v = n + 1 + p->k; 00143 break; 00144 00145 case BPF_JMP|BPF_JGT|BPF_K: 00146 op = "jgt"; 00147 fmt = "#0x%x"; 00148 break; 00149 00150 case BPF_JMP|BPF_JGE|BPF_K: 00151 op = "jge"; 00152 fmt = "#0x%x"; 00153 break; 00154 00155 case BPF_JMP|BPF_JEQ|BPF_K: 00156 op = "jeq"; 00157 fmt = "#0x%x"; 00158 break; 00159 00160 case BPF_JMP|BPF_JSET|BPF_K: 00161 op = "jset"; 00162 fmt = "#0x%x"; 00163 break; 00164 00165 case BPF_JMP|BPF_JGT|BPF_X: 00166 op = "jgt"; 00167 fmt = "x"; 00168 break; 00169 00170 case BPF_JMP|BPF_JGE|BPF_X: 00171 op = "jge"; 00172 fmt = "x"; 00173 break; 00174 00175 case BPF_JMP|BPF_JEQ|BPF_X: 00176 op = "jeq"; 00177 fmt = "x"; 00178 break; 00179 00180 case BPF_JMP|BPF_JSET|BPF_X: 00181 op = "jset"; 00182 fmt = "x"; 00183 break; 00184 00185 case BPF_ALU|BPF_ADD|BPF_X: 00186 op = "add"; 00187 fmt = "x"; 00188 break; 00189 00190 case BPF_ALU|BPF_SUB|BPF_X: 00191 op = "sub"; 00192 fmt = "x"; 00193 break; 00194 00195 case BPF_ALU|BPF_MUL|BPF_X: 00196 op = "mul"; 00197 fmt = "x"; 00198 break; 00199 00200 case BPF_ALU|BPF_DIV|BPF_X: 00201 op = "div"; 00202 fmt = "x"; 00203 break; 00204 00205 case BPF_ALU|BPF_AND|BPF_X: 00206 op = "and"; 00207 fmt = "x"; 00208 break; 00209 00210 case BPF_ALU|BPF_OR|BPF_X: 00211 op = "or"; 00212 fmt = "x"; 00213 break; 00214 00215 case BPF_ALU|BPF_LSH|BPF_X: 00216 op = "lsh"; 00217 fmt = "x"; 00218 break; 00219 00220 case BPF_ALU|BPF_RSH|BPF_X: 00221 op = "rsh"; 00222 fmt = "x"; 00223 break; 00224 00225 case BPF_ALU|BPF_ADD|BPF_K: 00226 op = "add"; 00227 fmt = "#%d"; 00228 break; 00229 00230 case BPF_ALU|BPF_SUB|BPF_K: 00231 op = "sub"; 00232 fmt = "#%d"; 00233 break; 00234 00235 case BPF_ALU|BPF_MUL|BPF_K: 00236 op = "mul"; 00237 fmt = "#%d"; 00238 break; 00239 00240 case BPF_ALU|BPF_DIV|BPF_K: 00241 op = "div"; 00242 fmt = "#%d"; 00243 break; 00244 00245 case BPF_ALU|BPF_AND|BPF_K: 00246 op = "and"; 00247 fmt = "#0x%x"; 00248 break; 00249 00250 case BPF_ALU|BPF_OR|BPF_K: 00251 op = "or"; 00252 fmt = "#0x%x"; 00253 break; 00254 00255 case BPF_ALU|BPF_LSH|BPF_K: 00256 op = "lsh"; 00257 fmt = "#%d"; 00258 break; 00259 00260 case BPF_ALU|BPF_RSH|BPF_K: 00261 op = "rsh"; 00262 fmt = "#%d"; 00263 break; 00264 00265 case BPF_ALU|BPF_NEG: 00266 op = "neg"; 00267 fmt = ""; 00268 break; 00269 00270 case BPF_MISC|BPF_TAX: 00271 op = "tax"; 00272 fmt = ""; 00273 break; 00274 00275 case BPF_MISC|BPF_TXA: 00276 op = "txa"; 00277 fmt = ""; 00278 break; 00279 } 00280 (void)snprintf(operand, sizeof operand, fmt, v); 00281 (void)snprintf(image, sizeof image, 00282 (BPF_CLASS(p->code) == BPF_JMP && 00283 BPF_OP(p->code) != BPF_JA) ? 00284 "(%03d) %-8s %-16s jt %d\tjf %d" 00285 : "(%03d) %-8s %s", 00286 n, op, operand, n + 1 + p->jt, n + 1 + p->jf); 00287 return image; 00288 } |
|
Definition at line 506 of file bpf/net/bpf_filter.c. References BPF_ALU, BPF_CLASS, BPF_DIV, BPF_JA, BPF_JMP, BPF_K, BPF_LD, BPF_MEM, BPF_MEMWORDS, BPF_OP, BPF_RET, BPF_ST, len, and p.
00509 { 00510 register int i; 00511 register struct bpf_insn *p; 00512 00513 for (i = 0; i < len; ++i) { 00514 /* 00515 * Check that that jumps are forward, and within 00516 * the code block. 00517 */ 00518 p = &f[i]; 00519 if (BPF_CLASS(p->code) == BPF_JMP) { 00520 register int from = i + 1; 00521 00522 if (BPF_OP(p->code) == BPF_JA) { 00523 if (from + p->k >= (unsigned)len) 00524 return 0; 00525 } 00526 else if (from + p->jt >= len || from + p->jf >= len) 00527 return 0; 00528 } 00529 /* 00530 * Check that memory operations use valid addresses. 00531 */ 00532 if ((BPF_CLASS(p->code) == BPF_ST || 00533 (BPF_CLASS(p->code) == BPF_LD && 00534 (p->code & 0xe0) == BPF_MEM)) && 00535 (p->k >= BPF_MEMWORDS || p->k < 0)) 00536 return 0; 00537 /* 00538 * Check for constant division by 0. 00539 */ 00540 if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) 00541 return 0; 00542 } 00543 return BPF_CLASS(f[len - 1].code) == BPF_RET; 00544 } |
|
Definition at line 268 of file pcap.c. References pcap_sf::base, pcap::buffer, close(), pcap::fcode, pcap::fd, p, pcap_close_linux(), pcap_freecode(), pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by add_or_find_if(), PktSrc::Close(), main(), pcap_close_all(), pcap_compile_nopcap(), and PktInterfaceSrc::PktInterfaceSrc().
00269 { 00270 /*XXX*/ 00271 if (p->fd >= 0) { 00272 #ifdef linux 00273 pcap_close_linux(p); 00274 #endif 00275 close(p->fd); 00276 } 00277 if (p->sf.rfile != NULL) { 00278 if (p->sf.rfile != stdin) 00279 (void)fclose(p->sf.rfile); 00280 if (p->sf.base != NULL) 00281 free(p->sf.base); 00282 } else if (p->buffer != NULL) 00283 free(p->buffer); 00284 00285 pcap_freecode(&p->fcode); 00286 free(p); 00287 } |
|
Definition at line 285 of file gencode.c. References bpf_program::bf_insns, bpf_program::bf_len, bpf_error(), BPF_K, bpf_optimize(), bpf_pcap, BPF_RET, bpf_u_int32, stmt::code, pcap::errbuf, freechunks(), gen_retblk(), icode_to_fcode(), init_linktype(), stmt::k, len, lex_cleanup(), lex_init(), n_errors, netmask, no_optimize, optimize, p, pcap_datalink(), PCAP_ERRBUF_SIZE, pcap_parse(), pcap_snapshot(), pcap_t, root, block::s, snaplen, snprintf(), syntax(), and top_ctx. Referenced by BPF_Program::Compile(), and pcap_compile_nopcap().
00287 { 00288 extern int n_errors; 00289 int len; 00290 00291 no_optimize = 0; 00292 n_errors = 0; 00293 root = NULL; 00294 bpf_pcap = p; 00295 if (setjmp(top_ctx)) { 00296 lex_cleanup(); 00297 freechunks(); 00298 return (-1); 00299 } 00300 00301 netmask = mask; 00302 00303 snaplen = pcap_snapshot(p); 00304 if (snaplen == 0) { 00305 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 00306 "snaplen of 0 rejects all packets"); 00307 return -1; 00308 } 00309 00310 lex_init(buf ? buf : ""); 00311 init_linktype(pcap_datalink(p)); 00312 (void)pcap_parse(); 00313 00314 if (n_errors) 00315 syntax(); 00316 00317 if (root == NULL) 00318 root = gen_retblk(snaplen); 00319 00320 if (optimize && !no_optimize) { 00321 bpf_optimize(&root); 00322 if (root == NULL || 00323 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 00324 bpf_error("expression rejects all packets"); 00325 } 00326 program->bf_insns = icode_to_fcode(root, &len); 00327 program->bf_len = len; 00328 00329 lex_cleanup(); 00330 freechunks(); 00331 return (0); 00332 } |
|
Definition at line 339 of file gencode.c. References bpf_u_int32, optimize, p, pcap_close(), pcap_compile(), pcap_open_dead(), and pcap_t. Referenced by BPF_Program::Compile().
00342 { 00343 pcap_t *p; 00344 int ret; 00345 00346 p = pcap_open_dead(linktype_arg, snaplen_arg); 00347 if (p == NULL) 00348 return (-1); 00349 ret = pcap_compile(p, program, buf, optimize, mask); 00350 pcap_close(p); 00351 return (ret); 00352 } |
|
Definition at line 120 of file pcap.c. References pcap::linktype, p, and pcap_t. Referenced by PktDumper::HdrSize(), PktSrc::LinkType(), main(), pcap_compile(), and PktSrc::SetHdrSize().
|
|
Definition at line 59 of file pcap.c. References p, pcap_handler, pcap_offline_read(), pcap_read(), pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by pcap_next().
00060 { 00061 00062 if (p->sf.rfile != NULL) 00063 return (pcap_offline_read(p, cnt, callback, user)); 00064 return (pcap_read(p, cnt, callback, user)); 00065 } |
|
Definition at line 604 of file savefile.c. References pcap_sf_pkthdr::caplen, pcap_pkthdr::caplen, pcap_sf_pkthdr::len, pcap_pkthdr::len, pcap_sf_pkthdr::ts, pcap_pkthdr::ts, pcap_timeval::tv_sec, and pcap_timeval::tv_usec. Referenced by PktDumper::Dump(), and PacketDumper::DumpPacket().
00605 { 00606 register FILE *f; 00607 struct pcap_sf_pkthdr sf_hdr; 00608 00609 f = (FILE *)user; 00610 sf_hdr.ts.tv_sec = h->ts.tv_sec; 00611 sf_hdr.ts.tv_usec = h->ts.tv_usec; 00612 sf_hdr.caplen = h->caplen; 00613 sf_hdr.len = h->len; 00614 /* XXX we should check the return status */ 00615 (void)fwrite(&sf_hdr, sizeof(sf_hdr), 1, f); 00616 (void)fwrite((char *)sp, h->caplen, 1, f); 00617 } |
|
Definition at line 651 of file savefile.c. References error(), p, and pcap_dumper_t. Referenced by PktDumper::Close().
00652 { 00653 00654 #ifdef notyet 00655 if (ferror((FILE *)p)) 00656 return-an-error; 00657 /* XXX should check return from fclose() too */ 00658 #endif 00659 (void)fclose((FILE *)p); 00660 } |
|
Definition at line 623 of file savefile.c. References dlt_to_linktype(), pcap::errbuf, errno, pcap::linktype, p, pcap_dumper_t, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, sf_write_header(), pcap::snapshot, snprintf(), and pcap::tzoff. Referenced by PktDumper::Open().
00624 { 00625 FILE *f; 00626 int linktype; 00627 00628 linktype = dlt_to_linktype(p->linktype); 00629 if (linktype == -1) { 00630 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 00631 "%s: link-layer type %d isn't supported in savefiles", 00632 fname, linktype); 00633 return (NULL); 00634 } 00635 00636 if (fname[0] == '-' && fname[1] == '\0') 00637 f = stdout; 00638 else { 00639 f = fopen(fname, "w"); 00640 if (f == NULL) { 00641 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", 00642 fname, pcap_strerror(errno)); 00643 return (NULL); 00644 } 00645 } 00646 (void)sf_write_header(f, linktype, p->tzoff, p->snapshot); 00647 return ((pcap_dumper_t *)f); 00648 } |
|
Definition at line 150 of file pcap.c. References p, pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by PktFileSrc::PktFileSrc().
|
|
Definition at line 156 of file pcap.c. References pcap::fd, p, and pcap_t. Referenced by PktInterfaceSrc::PktInterfaceSrc().
|
|
Definition at line 672 of file inet.c. References add_addr_to_iflist(), any_descr, close(), errno, ioctl(), malloc(), pcap_add_if(), PCAP_ERRBUF_SIZE, pcap_freealldevs(), pcap_if_t, pcap_strerror(), SA_LEN, snprintf(), and socket(). Referenced by pcap_lookupdev().
00673 { 00674 pcap_if_t *devlist = NULL; 00675 register int fd; 00676 register struct ifreq *ifrp, *ifend, *ifnext; 00677 int n; 00678 struct ifconf ifc; 00679 char *buf = NULL; 00680 unsigned buf_size; 00681 struct ifreq ifrflags, ifrnetmask, ifrbroadaddr, ifrdstaddr; 00682 struct sockaddr *netmask, *broadaddr, *dstaddr; 00683 int ret = 0; 00684 00685 /* 00686 * Create a socket from which to fetch the list of interfaces. 00687 */ 00688 fd = socket(AF_INET, SOCK_DGRAM, 0); 00689 if (fd < 0) { 00690 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00691 "socket: %s", pcap_strerror(errno)); 00692 return (-1); 00693 } 00694 00695 /* 00696 * Start with an 8K buffer, and keep growing the buffer until 00697 * we get the entire interface list or fail to get it for some 00698 * reason other than EINVAL (which is presumed here to mean 00699 * "buffer is too small"). 00700 */ 00701 buf_size = 8192; 00702 for (;;) { 00703 buf = malloc(buf_size); 00704 if (buf == NULL) { 00705 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00706 "malloc: %s", pcap_strerror(errno)); 00707 (void)close(fd); 00708 return (-1); 00709 } 00710 00711 ifc.ifc_len = buf_size; 00712 ifc.ifc_buf = buf; 00713 memset(buf, 0, buf_size); 00714 if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0 00715 && errno != EINVAL) { 00716 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00717 "SIOCGIFCONF: %s", pcap_strerror(errno)); 00718 (void)close(fd); 00719 free(buf); 00720 return (-1); 00721 } 00722 if (ifc.ifc_len < buf_size) 00723 break; 00724 free(buf); 00725 buf_size *= 2; 00726 } 00727 00728 ifrp = (struct ifreq *)buf; 00729 ifend = (struct ifreq *)(buf + ifc.ifc_len); 00730 00731 for (; ifrp < ifend; ifrp = ifnext) { 00732 n = SA_LEN(&ifrp->ifr_addr) + sizeof(ifrp->ifr_name); 00733 if (n < sizeof(*ifrp)) 00734 ifnext = ifrp + 1; 00735 else 00736 ifnext = (struct ifreq *)((char *)ifrp + n); 00737 00738 /* 00739 * Get the flags for this interface, and skip it if it's 00740 * not up. 00741 */ 00742 strncpy(ifrflags.ifr_name, ifrp->ifr_name, 00743 sizeof(ifrflags.ifr_name)); 00744 if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) { 00745 if (errno == ENXIO) 00746 continue; 00747 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00748 "SIOCGIFFLAGS: %.*s: %s", 00749 (int)sizeof(ifrflags.ifr_name), 00750 ifrflags.ifr_name, 00751 pcap_strerror(errno)); 00752 ret = -1; 00753 break; 00754 } 00755 if (!(ifrflags.ifr_flags & IFF_UP)) 00756 continue; 00757 00758 /* 00759 * Get the netmask for this address on this interface. 00760 */ 00761 strncpy(ifrnetmask.ifr_name, ifrp->ifr_name, 00762 sizeof(ifrnetmask.ifr_name)); 00763 memcpy(&ifrnetmask.ifr_addr, &ifrp->ifr_addr, 00764 sizeof(ifrnetmask.ifr_addr)); 00765 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifrnetmask) < 0) { 00766 if (errno == EADDRNOTAVAIL) { 00767 /* 00768 * Not available. 00769 */ 00770 netmask = NULL; 00771 } else { 00772 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00773 "SIOCGIFNETMASK: %.*s: %s", 00774 (int)sizeof(ifrnetmask.ifr_name), 00775 ifrnetmask.ifr_name, 00776 pcap_strerror(errno)); 00777 ret = -1; 00778 break; 00779 } 00780 } else 00781 netmask = &ifrnetmask.ifr_addr; 00782 00783 /* 00784 * Get the broadcast address for this address on this 00785 * interface (if any). 00786 */ 00787 if (ifrflags.ifr_flags & IFF_BROADCAST) { 00788 strncpy(ifrbroadaddr.ifr_name, ifrp->ifr_name, 00789 sizeof(ifrbroadaddr.ifr_name)); 00790 memcpy(&ifrbroadaddr.ifr_addr, &ifrp->ifr_addr, 00791 sizeof(ifrbroadaddr.ifr_addr)); 00792 if (ioctl(fd, SIOCGIFBRDADDR, 00793 (char *)&ifrbroadaddr) < 0) { 00794 if (errno == EADDRNOTAVAIL) { 00795 /* 00796 * Not available. 00797 */ 00798 broadaddr = NULL; 00799 } else { 00800 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00801 "SIOCGIFBRDADDR: %.*s: %s", 00802 (int)sizeof(ifrbroadaddr.ifr_name), 00803 ifrbroadaddr.ifr_name, 00804 pcap_strerror(errno)); 00805 ret = -1; 00806 break; 00807 } 00808 } else 00809 broadaddr = &ifrbroadaddr.ifr_broadaddr; 00810 } else { 00811 /* 00812 * Not a broadcast interface, so no broadcast 00813 * address. 00814 */ 00815 broadaddr = NULL; 00816 } 00817 00818 /* 00819 * Get the destination address for this address on this 00820 * interface (if any). 00821 */ 00822 if (ifrflags.ifr_flags & IFF_POINTOPOINT) { 00823 strncpy(ifrdstaddr.ifr_name, ifrp->ifr_name, 00824 sizeof(ifrdstaddr.ifr_name)); 00825 memcpy(&ifrdstaddr.ifr_addr, &ifrp->ifr_addr, 00826 sizeof(ifrdstaddr.ifr_addr)); 00827 if (ioctl(fd, SIOCGIFDSTADDR, 00828 (char *)&ifrdstaddr) < 0) { 00829 if (errno == EADDRNOTAVAIL) { 00830 /* 00831 * Not available. 00832 */ 00833 dstaddr = NULL; 00834 } else { 00835 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 00836 "SIOCGIFDSTADDR: %.*s: %s", 00837 (int)sizeof(ifrdstaddr.ifr_name), 00838 ifrdstaddr.ifr_name, 00839 pcap_strerror(errno)); 00840 ret = -1; 00841 break; 00842 } 00843 } else 00844 dstaddr = &ifrdstaddr.ifr_dstaddr; 00845 } else 00846 dstaddr = NULL; 00847 00848 /* 00849 * Add information for this address to the list. 00850 */ 00851 if (add_addr_to_iflist(&devlist, ifrp->ifr_name, 00852 ifrflags.ifr_flags, &ifrp->ifr_addr, 00853 netmask, broadaddr, dstaddr, errbuf) < 0) { 00854 ret = -1; 00855 break; 00856 } 00857 } 00858 free(buf); 00859 00860 #ifdef HAVE_PROC_NET_DEV 00861 if (ret != -1) { 00862 /* 00863 * We haven't had any errors yet; now read "/proc/net/dev", 00864 * and add to the list of interfaces all interfaces listed 00865 * there that we don't already have, because, on Linux, 00866 * SIOCGIFCONF reports only interfaces with IPv4 addresses, 00867 * so you need to read "/proc/net/dev" to get the names of 00868 * the rest of the interfaces. 00869 */ 00870 ret = scan_proc_net_dev(&devlist, fd, errbuf); 00871 } 00872 #endif 00873 (void)close(fd); 00874 00875 if (ret != -1) { 00876 /* 00877 * We haven't had any errors yet; add the "any" device, 00878 * if we can open it. 00879 */ 00880 if (pcap_add_if(&devlist, "any", 0, any_descr, errbuf) < 0) { 00881 /* 00882 * Oops, we had a fatal error. 00883 */ 00884 ret = -1; 00885 } 00886 } 00887 00888 if (ret == -1) { 00889 /* 00890 * We had an error; free the list we've been constructing. 00891 */ 00892 if (devlist != NULL) { 00893 pcap_freealldevs(devlist); 00894 devlist = NULL; 00895 } 00896 } 00897 00898 *alldevsp = devlist; 00899 return (ret); 00900 } |
|
Definition at line 907 of file inet.c. References pcap_addr::addr, pcap_if::addresses, pcap_addr::broadaddr, pcap_if::description, pcap_addr::dstaddr, pcap_if::name, pcap_addr::netmask, pcap_addr::next, pcap_if::next, pcap_addr_t, and pcap_if_t. Referenced by pcap_findalldevs(), and pcap_lookupdev().
00908 { 00909 pcap_if_t *curdev, *nextdev; 00910 pcap_addr_t *curaddr, *nextaddr; 00911 00912 for (curdev = alldevs; curdev != NULL; curdev = nextdev) { 00913 nextdev = curdev->next; 00914 00915 /* 00916 * Free all addresses. 00917 */ 00918 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) { 00919 nextaddr = curaddr->next; 00920 if (curaddr->addr) 00921 free(curaddr->addr); 00922 if (curaddr->netmask) 00923 free(curaddr->netmask); 00924 if (curaddr->broadaddr) 00925 free(curaddr->broadaddr); 00926 if (curaddr->dstaddr) 00927 free(curaddr->dstaddr); 00928 free(curaddr); 00929 } 00930 00931 /* 00932 * Free the name string. 00933 */ 00934 free(curdev->name); 00935 00936 /* 00937 * Free the description string, if any. 00938 */ 00939 if (curdev->description != NULL) 00940 free(curdev->description); 00941 00942 /* 00943 * Free the interface. 00944 */ 00945 free(curdev); 00946 } 00947 } |
|
Definition at line 359 of file gencode.c. References bpf_program::bf_insns, and bpf_program::bf_len. Referenced by BPF_Program::FreeCode(), install_bpf_program(), and pcap_close().
00360 { 00361 program->bf_len = 0; 00362 if (program->bf_insns != NULL) { 00363 free((char *)program->bf_insns); 00364 program->bf_insns = NULL; 00365 } 00366 } |
|
Definition at line 168 of file pcap.c. References pcap::errbuf, p, and pcap_t. Referenced by bpf_error(), BPF_Program::Compile(), PktDumper::Open(), and PktSrc::SetFilter().
|
|
Definition at line 179 of file pcap.c. References pcap::errbuf, errno, pcap::fd, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_sf::rfile, pcap::sf, and snprintf().
00180 { 00181 int fdflags; 00182 00183 if (p->sf.rfile != NULL) { 00184 /* 00185 * This is a savefile, not a live capture file, so 00186 * never say it's in non-blocking mode. 00187 */ 00188 return (0); 00189 } 00190 fdflags = fcntl(p->fd, F_GETFL, 0); 00191 if (fdflags == -1) { 00192 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 00193 pcap_strerror(errno)); 00194 return (-1); 00195 } 00196 if (fdflags & O_NONBLOCK) 00197 return (1); 00198 else 00199 return (0); 00200 } |
|
Definition at line 132 of file pcap.c. References p, pcap_t, pcap::sf, and pcap_sf::swapped.
|
|
Definition at line 955 of file inet.c. References pcap_if::flags, IF_NAMESIZE, pcap_if::name, PCAP_ERRBUF_SIZE, pcap_findalldevs(), pcap_freealldevs(), PCAP_IF_LOOPBACK, pcap_if_t, and strlcpy. Referenced by PktInterfaceSrc::PktInterfaceSrc().
00957 { 00958 pcap_if_t *alldevs; 00959 /* for old BSD systems, including bsdi3 */ 00960 #ifndef IF_NAMESIZE 00961 #define IF_NAMESIZE IFNAMSIZ 00962 #endif 00963 static char device[IF_NAMESIZE + 1]; 00964 char *ret; 00965 00966 if (pcap_findalldevs(&alldevs, errbuf) == -1) 00967 return (NULL); 00968 00969 if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) { 00970 /* 00971 * There are no devices on the list, or the first device 00972 * on the list is a loopback device, which means there 00973 * are no non-loopback devices on the list. This means 00974 * we can't return any device. 00975 * 00976 * XXX - why not return a loopback device? If we can't 00977 * capture on it, it won't be on the list, and if it's 00978 * on the list, there aren't any non-loopback devices, 00979 * so why not just supply it as the default device? 00980 */ 00981 (void)strlcpy(errbuf, "no suitable device found", 00982 PCAP_ERRBUF_SIZE); 00983 ret = NULL; 00984 } else { 00985 /* 00986 * Return the name of the first device on the list. 00987 */ 00988 (void)strlcpy(device, alldevs->name, sizeof(device)); 00989 ret = device; 00990 } 00991 00992 pcap_freealldevs(alldevs); 00993 return (ret); 00994 } |
|
Definition at line 997 of file inet.c. References bpf_u_int32, close(), errno, ioctl(), PCAP_ERRBUF_SIZE, pcap_strerror(), snprintf(), and socket(). Referenced by PktInterfaceSrc::PktInterfaceSrc().
01001 { 01002 register int fd; 01003 register struct sockaddr_in *sin; 01004 struct ifreq ifr; 01005 01006 /* 01007 * The pseudo-device "any" listens on all interfaces and therefore 01008 * has the network address and -mask "0.0.0.0" therefore catching 01009 * all traffic. Using NULL for the interface is the same as "any". 01010 */ 01011 if (!device || strcmp(device, "any") == 0) { 01012 *netp = *maskp = 0; 01013 return 0; 01014 } 01015 01016 fd = socket(AF_INET, SOCK_DGRAM, 0); 01017 if (fd < 0) { 01018 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", 01019 pcap_strerror(errno)); 01020 return (-1); 01021 } 01022 memset(&ifr, 0, sizeof(ifr)); 01023 #ifdef linux 01024 /* XXX Work around Linux kernel bug */ 01025 ifr.ifr_addr.sa_family = AF_INET; 01026 #endif 01027 (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 01028 if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { 01029 if (errno == EADDRNOTAVAIL) { 01030 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 01031 "%s: no IPv4 address assigned", device); 01032 } else { 01033 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 01034 "SIOCGIFADDR: %s: %s", 01035 device, pcap_strerror(errno)); 01036 } 01037 (void)close(fd); 01038 return (-1); 01039 } 01040 sin = (struct sockaddr_in *)&ifr.ifr_addr; 01041 *netp = sin->sin_addr.s_addr; 01042 if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { 01043 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 01044 "SIOCGIFNETMASK: %s: %s", device, pcap_strerror(errno)); 01045 (void)close(fd); 01046 return (-1); 01047 } 01048 (void)close(fd); 01049 *maskp = sin->sin_addr.s_addr; 01050 if (*maskp == 0) { 01051 if (IN_CLASSA(*netp)) 01052 *maskp = IN_CLASSA_NET; 01053 else if (IN_CLASSB(*netp)) 01054 *maskp = IN_CLASSB_NET; 01055 else if (IN_CLASSC(*netp)) 01056 *maskp = IN_CLASSC_NET; 01057 else { 01058 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, 01059 "inet class for 0x%x unknown", *netp); 01060 return (-1); 01061 } 01062 } 01063 *netp &= *maskp; 01064 return (0); 01065 } |
|
Definition at line 68 of file pcap.c. References p, pcap_handler, pcap_offline_read(), pcap_read(), pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by main().
00069 { 00070 register int n; 00071 00072 for (;;) { 00073 if (p->sf.rfile != NULL) 00074 n = pcap_offline_read(p, cnt, callback, user); 00075 else { 00076 /* 00077 * XXX keep reading until we get something 00078 * (or an error occurs) 00079 */ 00080 do { 00081 n = pcap_read(p, cnt, callback, user); 00082 } while (n == 0); 00083 } 00084 if (n <= 0) 00085 return (n); 00086 if (cnt > 0) { 00087 cnt -= n; 00088 if (cnt <= 0) 00089 return (0); 00090 } 00091 } 00092 } |
|
Definition at line 138 of file pcap.c. References p, pcap_t, pcap::sf, and pcap_sf::version_major.
00139 { 00140 return (p->sf.version_major); 00141 } |
|
Definition at line 144 of file pcap.c. References p, pcap_t, pcap::sf, and pcap_sf::version_minor.
00145 { 00146 return (p->sf.version_minor); 00147 } |
|
Definition at line 109 of file pcap.c. References singleton::hdr, p, pcap_dispatch(), pcap_oneshot(), pcap_t, and singleton::pkt. Referenced by PktSrc::ExtractNextPacket().
00110 { 00111 struct singleton s; 00112 00113 s.hdr = h; 00114 if (pcap_dispatch(p, 1, pcap_oneshot, (u_char*)&s) <= 0) 00115 return (0); 00116 return (s.pkt); 00117 } |
|
Definition at line 253 of file pcap.c. References pcap::fd, pcap::linktype, malloc(), p, pcap_t, snaplen, and pcap::snapshot. Referenced by pcap_compile_nopcap(), and PktDumper::PktDumper().
|
|
Definition at line 202 of file pcap-bpf.c. References bind(), BIOCGBLEN, BIOCGDLT, BIOCIMMEDIATE, BIOCPROMISC, BIOCSBLEN, BIOCSETIF, BIOCSRTIMEOUT, BIOCVERSION, BPF_MAJOR_VERSION, BPF_MINOR_VERSION, bpf_open(), pcap::buffer, pcap::bufsize, bpf_version::bv_major, bpf_version::bv_minor, close(), DLT_CHDLC, DLT_EN10MB, DLT_FDDI, DLT_FRELAY, DLT_IEEE802, DLT_NULL, DLT_PPP, DLT_PPP_BSDOS, DLT_RAW, DLT_SLIP, DLT_SLIP_BSDOS, errno, pcap::fd, ioctl(), pcap::linktype, malloc(), pcap::offset, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, setsockopt(), snaplen, pcap::snapshot, snprintf(), and socket(). Referenced by add_or_find_if(), and PktInterfaceSrc::PktInterfaceSrc().
00203 { 00204 int fd; 00205 struct ifreq ifr; 00206 struct bpf_version bv; 00207 u_int v; 00208 pcap_t *p; 00209 00210 p = (pcap_t *)malloc(sizeof(*p)); 00211 if (p == NULL) { 00212 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 00213 pcap_strerror(errno)); 00214 return (NULL); 00215 } 00216 memset(p, 0, sizeof(*p)); 00217 fd = bpf_open(p, ebuf); 00218 if (fd < 0) 00219 goto bad; 00220 00221 p->fd = fd; 00222 p->snapshot = snaplen; 00223 00224 if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) { 00225 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s", 00226 pcap_strerror(errno)); 00227 goto bad; 00228 } 00229 if (bv.bv_major != BPF_MAJOR_VERSION || 00230 bv.bv_minor < BPF_MINOR_VERSION) { 00231 snprintf(ebuf, PCAP_ERRBUF_SIZE, 00232 "kernel bpf filter out of date"); 00233 goto bad; 00234 } 00235 00236 /* 00237 * Try finding a good size for the buffer; 32768 may be too 00238 * big, so keep cutting it in half until we find a size 00239 * that works, or run out of sizes to try. If the default 00240 * is larger, don't make it smaller. 00241 * 00242 * XXX - there should be a user-accessible hook to set the 00243 * initial buffer size. 00244 */ 00245 if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768) 00246 v = 32768; 00247 for ( ; v != 0; v >>= 1) { 00248 /* Ignore the return value - this is because the call fails 00249 * on BPF systems that don't have kernel malloc. And if 00250 * the call fails, it's no big deal, we just continue to 00251 * use the standard buffer size. 00252 */ 00253 (void) ioctl(fd, BIOCSBLEN, (caddr_t)&v); 00254 00255 (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 00256 if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0) 00257 break; /* that size worked; we're done */ 00258 00259 if (errno != ENOBUFS) { 00260 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s", 00261 device, pcap_strerror(errno)); 00262 goto bad; 00263 } 00264 } 00265 00266 if (v == 0) { 00267 snprintf(ebuf, PCAP_ERRBUF_SIZE, 00268 "BIOCSBLEN: %s: No buffer size worked", device); 00269 goto bad; 00270 } 00271 00272 /* Get the data link layer type. */ 00273 if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) { 00274 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s", 00275 pcap_strerror(errno)); 00276 goto bad; 00277 } 00278 #ifdef _AIX 00279 /* 00280 * AIX's BPF returns IFF_ types, not DLT_ types, in BIOCGDLT. 00281 */ 00282 switch (v) { 00283 00284 case IFT_ETHER: 00285 case IFT_ISO88023: 00286 v = DLT_EN10MB; 00287 break; 00288 00289 case IFT_FDDI: 00290 v = DLT_FDDI; 00291 break; 00292 00293 case IFT_ISO88025: 00294 v = DLT_IEEE802; 00295 break; 00296 00297 default: 00298 /* 00299 * We don't know what to map this to yet. 00300 */ 00301 snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown interface type %u", 00302 v); 00303 goto bad; 00304 } 00305 #endif 00306 #if _BSDI_VERSION - 0 >= 199510 00307 /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */ 00308 switch (v) { 00309 00310 case DLT_SLIP: 00311 v = DLT_SLIP_BSDOS; 00312 break; 00313 00314 case DLT_PPP: 00315 v = DLT_PPP_BSDOS; 00316 break; 00317 00318 case 11: /*DLT_FR*/ 00319 v = DLT_FRELAY; 00320 break; 00321 00322 case 12: /*DLT_C_HDLC*/ 00323 v = DLT_CHDLC; 00324 break; 00325 } 00326 #endif 00327 p->linktype = v; 00328 00329 /* set timeout */ 00330 if (to_ms != 0) { 00331 struct timeval to; 00332 to.tv_sec = to_ms / 1000; 00333 to.tv_usec = (to_ms * 1000) % 1000000; 00334 if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) { 00335 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s", 00336 pcap_strerror(errno)); 00337 goto bad; 00338 } 00339 } 00340 00341 #ifdef _AIX 00342 #ifdef BIOCIMMEDIATE 00343 /* 00344 * Darren Reed notes that 00345 * 00346 * On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the 00347 * timeout appears to be ignored and it waits until the buffer 00348 * is filled before returning. The result of not having it 00349 * set is almost worse than useless if your BPF filter 00350 * is reducing things to only a few packets (i.e. one every 00351 * second or so). 00352 * 00353 * so we turn BIOCIMMEDIATE mode on if this is AIX. 00354 * 00355 * We don't turn it on for other platforms, as that means we 00356 * get woken up for every packet, which may not be what we want; 00357 * in the Winter 1993 USENIX paper on BPF, they say: 00358 * 00359 * Since a process might want to look at every packet on a 00360 * network and the time between packets can be only a few 00361 * microseconds, it is not possible to do a read system call 00362 * per packet and BPF must collect the data from several 00363 * packets and return it as a unit when the monitoring 00364 * application does a read. 00365 * 00366 * which I infer is the reason for the timeout - it means we 00367 * wait that amount of time, in the hopes that more packets 00368 * will arrive and we'll get them all with one read. 00369 * 00370 * Setting BIOCIMMEDIATE mode on FreeBSD (and probably other 00371 * BSDs) causes the timeout to be ignored. 00372 * 00373 * On the other hand, some platforms (e.g., Linux) don't support 00374 * timeouts, they just hand stuff to you as soon as it arrives; 00375 * if that doesn't cause a problem on those platforms, it may 00376 * be OK to have BIOCIMMEDIATE mode on BSD as well. 00377 * 00378 * (Note, though, that applications may depend on the read 00379 * completing, even if no packets have arrived, when the timeout 00380 * expires, e.g. GUI applications that have to check for input 00381 * while waiting for packets to arrive; a non-zero timeout 00382 * prevents "select()" from working right on FreeBSD and 00383 * possibly other BSDs, as the timer doesn't start until a 00384 * "read()" is done, so the timer isn't in effect if the 00385 * application is blocked on a "select()", and the "select()" 00386 * doesn't get woken up for a BPF device until the buffer 00387 * fills up.) 00388 */ 00389 v = 1; 00390 if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) { 00391 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s", 00392 pcap_strerror(errno)); 00393 goto bad; 00394 } 00395 #endif /* BIOCIMMEDIATE */ 00396 #endif /* _AIX */ 00397 00398 if (promisc) { 00399 /* set promiscuous mode, okay if it fails */ 00400 if (ioctl(p->fd, BIOCPROMISC, NULL) < 0) { 00401 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCPROMISC: %s", 00402 pcap_strerror(errno)); 00403 } 00404 } 00405 00406 if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) { 00407 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s", 00408 pcap_strerror(errno)); 00409 goto bad; 00410 } 00411 p->bufsize = v; 00412 p->buffer = (u_char *)malloc(p->bufsize); 00413 if (p->buffer == NULL) { 00414 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", 00415 pcap_strerror(errno)); 00416 goto bad; 00417 } 00418 00419 return (p); 00420 bad: 00421 (void)close(fd); 00422 free(p); 00423 return (NULL); 00424 } |
|
Definition at line 360 of file savefile.c. References pcap_sf::base, BPF_ALIGNMENT, BPF_MAXBUFSIZE, bpf_u_int32, pcap::buffer, pcap::bufsize, DLT_EN10MB, DLT_FDDI, DLT_NULL, errno, pcap::fd, pcap_sf::hdrsize, pcap::linktype, linktype_to_dlt(), malloc(), p, PATCHED_TCPDUMP_MAGIC, PCAP_ERRBUF_SIZE, pcap_fddipad, pcap_strerror(), pcap_t, PCAP_VERSION_MAJOR, pcap_sf::rfile, pcap::sf, pcap::snapshot, snprintf(), strlcpy, swap_hdr(), SWAPLONG, pcap_sf::swapped, TCPDUMP_MAGIC, pcap::tzoff, pcap_sf::version_major, and pcap_sf::version_minor. Referenced by main(), and PktFileSrc::PktFileSrc().
00361 { 00362 register pcap_t *p; 00363 register FILE *fp; 00364 struct pcap_file_header hdr; 00365 bpf_u_int32 magic; 00366 int linklen; 00367 00368 p = (pcap_t *)malloc(sizeof(*p)); 00369 if (p == NULL) { 00370 strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE); 00371 return (NULL); 00372 } 00373 00374 memset((char *)p, 0, sizeof(*p)); 00375 /* 00376 * Set this field so we don't close stdin in pcap_close! 00377 */ 00378 p->fd = -1; 00379 00380 if (fname[0] == '-' && fname[1] == '\0') 00381 fp = stdin; 00382 else { 00383 fp = fopen(fname, "r"); 00384 if (fp == NULL) { 00385 snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname, 00386 pcap_strerror(errno)); 00387 goto bad; 00388 } 00389 } 00390 if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) { 00391 snprintf(errbuf, PCAP_ERRBUF_SIZE, "fread: %s", 00392 pcap_strerror(errno)); 00393 goto bad; 00394 } 00395 magic = hdr.magic; 00396 if (magic != TCPDUMP_MAGIC && magic != PATCHED_TCPDUMP_MAGIC) { 00397 magic = SWAPLONG(magic); 00398 if (magic != TCPDUMP_MAGIC && magic != PATCHED_TCPDUMP_MAGIC) { 00399 snprintf(errbuf, PCAP_ERRBUF_SIZE, 00400 "bad dump file format"); 00401 goto bad; 00402 } 00403 p->sf.swapped = 1; 00404 swap_hdr(&hdr); 00405 } 00406 if (magic == PATCHED_TCPDUMP_MAGIC) { 00407 /* 00408 * XXX - the patch that's in some versions of libpcap 00409 * changes the packet header but not the magic number; 00410 * we'd have to use some hacks^H^H^H^H^Hheuristics to 00411 * detect that. 00412 */ 00413 p->sf.hdrsize = sizeof(struct pcap_sf_patched_pkthdr); 00414 } else 00415 p->sf.hdrsize = sizeof(struct pcap_sf_pkthdr); 00416 if (hdr.version_major < PCAP_VERSION_MAJOR) { 00417 snprintf(errbuf, PCAP_ERRBUF_SIZE, "archaic file format"); 00418 goto bad; 00419 } 00420 p->tzoff = hdr.thiszone; 00421 p->snapshot = hdr.snaplen; 00422 p->linktype = linktype_to_dlt(hdr.linktype); 00423 p->sf.rfile = fp; 00424 p->bufsize = hdr.snaplen; 00425 00426 /* Align link header as required for proper data alignment */ 00427 /* XXX should handle all types */ 00428 switch (p->linktype) { 00429 00430 case DLT_EN10MB: 00431 linklen = 14; 00432 break; 00433 00434 case DLT_FDDI: 00435 linklen = 13 + 8; /* fddi_header + llc */ 00436 break; 00437 00438 case DLT_NULL: 00439 default: 00440 linklen = 0; 00441 break; 00442 } 00443 00444 if (p->bufsize < 0) 00445 p->bufsize = BPF_MAXBUFSIZE; 00446 p->sf.base = (u_char *)malloc(p->bufsize + BPF_ALIGNMENT); 00447 if (p->sf.base == NULL) { 00448 strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE); 00449 goto bad; 00450 } 00451 p->buffer = p->sf.base + BPF_ALIGNMENT - (linklen % BPF_ALIGNMENT); 00452 p->sf.version_major = hdr.version_major; 00453 p->sf.version_minor = hdr.version_minor; 00454 #ifdef PCAP_FDDIPAD 00455 /* XXX padding only needed for kernel fcode */ 00456 pcap_fddipad = 0; 00457 #endif 00458 00459 return (p); 00460 bad: 00461 free(p); 00462 return (NULL); 00463 } |
|
Definition at line 162 of file pcap.c. References pcap::errbuf, p, and pcap_t.
|
|
Definition at line 427 of file pcap-bpf.c. References BIOCSETF, pcap::errbuf, errno, pcap::fd, install_bpf_program(), ioctl(), no_optimize, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_sf::rfile, pcap::sf, and snprintf(). Referenced by PktSrc::SetFilter().
00428 { 00429 /* 00430 * It looks that BPF code generated by gen_protochain() is not 00431 * compatible with some of kernel BPF code (for example BSD/OS 3.1). 00432 * Take a safer side for now. 00433 */ 00434 if (no_optimize) { 00435 if (install_bpf_program(p, fp) < 0) 00436 return (-1); 00437 } else if (p->sf.rfile != NULL) { 00438 if (install_bpf_program(p, fp) < 0) 00439 return (-1); 00440 } else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) { 00441 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s", 00442 pcap_strerror(errno)); 00443 return (-1); 00444 } 00445 return (0); 00446 } |
|
Definition at line 203 of file pcap.c. References pcap::errbuf, errno, pcap::fd, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_sf::rfile, pcap::sf, and snprintf(). Referenced by PktInterfaceSrc::PktInterfaceSrc().
00204 { 00205 int fdflags; 00206 00207 if (p->sf.rfile != NULL) { 00208 /* 00209 * This is a savefile, not a live capture file, so 00210 * ignore requests to put it in non-blocking mode. 00211 */ 00212 return (0); 00213 } 00214 fdflags = fcntl(p->fd, F_GETFL, 0); 00215 if (fdflags == -1) { 00216 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", 00217 pcap_strerror(errno)); 00218 return (-1); 00219 } 00220 if (nonblock) 00221 fdflags |= O_NONBLOCK; 00222 else 00223 fdflags &= ~O_NONBLOCK; 00224 if (fcntl(p->fd, F_SETFL, fdflags) == -1) { 00225 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", 00226 pcap_strerror(errno)); 00227 return (-1); 00228 } 00229 return (0); 00230 } |
|
Definition at line 126 of file pcap.c. References p, pcap_t, and pcap::snapshot. Referenced by pcap_compile().
|
|
Definition at line 66 of file pcap-bpf.c. References BIOCGSTATS, bpf_stat::bs_drop, bpf_stat::bs_recv, pcap::errbuf, errno, pcap::fd, ioctl(), pcap::md, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_stat::ps_drop, pcap_stat::ps_recv, snprintf(), and pcap_md::stat. Referenced by PktSrc::Statistics().
00067 { 00068 struct bpf_stat s; 00069 00070 /* 00071 * "ps_recv" counts packets handed to the filter, not packets 00072 * that passed the filter. This includes packets later dropped 00073 * because we ran out of buffer space. 00074 * 00075 * "ps_drop" counts packets dropped inside the BPF device 00076 * because we ran out of buffer space. It doesn't count 00077 * packets dropped by the interface driver. It counts 00078 * only packets that passed the filter. 00079 * 00080 * Both statistics include packets not yet read from the kernel 00081 * by libpcap, and thus not yet seen by the application. 00082 */ 00083 if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) { 00084 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s", 00085 pcap_strerror(errno)); 00086 return (-1); 00087 } 00088 00089 ps->ps_recv = s.bs_recv; 00090 ps->ps_drop = s.bs_drop; 00091 return (0); 00092 } |
|
Definition at line 236 of file pcap.c. References snprintf(), and strerror(). Referenced by add_addr_to_iflist(), add_or_find_if(), bpf_open(), iface_bind_old(), iface_get_arptype(), iface_get_mtu(), install_bpf_program(), live_open_new(), live_open_old(), nit_setflags(), pcap_dump_open(), pcap_findalldevs(), pcap_getnonblock(), pcap_lookupnet(), pcap_open_live(), pcap_open_offline(), pcap_read(), pcap_read_packet(), pcap_setfilter(), pcap_setnonblock(), pcap_stats(), recv_ack(), and send_request().
00237 { 00238 #ifdef HAVE_STRERROR 00239 return (strerror(errnum)); 00240 #else 00241 extern int sys_nerr; 00242 extern const char *const sys_errlist[]; 00243 static char ebuf[20]; 00244 00245 if ((unsigned int)errnum < sys_nerr) 00246 return ((char *)sys_errlist[errnum]); 00247 (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); 00248 return(ebuf); 00249 #endif 00250 } |