pcap.h File Reference

#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <stdio.h>

Include dependency graph for pcap.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes
struct	pcap_addr
struct	pcap_file_header
struct	pcap_if
struct	pcap_pkthdr
struct	pcap_stat
Defines
#define	PCAP_VERSION_MAJOR   2
#define	PCAP_VERSION_MINOR   4
#define	PCAP_ERRBUF_SIZE   256
#define	PCAP_IF_LOOPBACK   0x00000001
Typedefs
typedef int	bpf_int32
typedef u_int	bpf_u_int32
typedef pcap	pcap_t
typedef pcap_dumper	pcap_dumper_t
typedef pcap_if	pcap_if_t
typedef pcap_addr	pcap_addr_t
typedef void(*	pcap_handler )(u_char *, const struct pcap_pkthdr *, const u_char *)
Functions
char *	pcap_lookupdev (char *)
int	pcap_lookupnet (char *, bpf_u_int32 *, bpf_u_int32 *, char *)
pcap_t *	pcap_open_live (char *, int, int, int, char *)
pcap_t *	pcap_open_dead (int, int)
pcap_t *	pcap_open_offline (const char *, char *)
void	pcap_close (pcap_t *)
int	pcap_loop (pcap_t *, int, pcap_handler, u_char *)
int	pcap_dispatch (pcap_t *, int, pcap_handler, u_char *)
const u_char *	pcap_next (pcap_t *, struct pcap_pkthdr *)
int	pcap_stats (pcap_t *, struct pcap_stat *)
int	pcap_setfilter (pcap_t *, struct bpf_program *)
int	pcap_getnonblock (pcap_t *, char *)
int	pcap_setnonblock (pcap_t *, int, char *)
void	pcap_perror (pcap_t *, char *)
char *	pcap_strerror (int)
char *	pcap_geterr (pcap_t *)
int	pcap_compile (pcap_t *, struct bpf_program *, char *, int, bpf_u_int32)
int	pcap_compile_nopcap (int, int, struct bpf_program *, char *, int, bpf_u_int32)
void	pcap_freecode (struct bpf_program *)
int	pcap_datalink (pcap_t *)
int	pcap_snapshot (pcap_t *)
int	pcap_is_swapped (pcap_t *)
int	pcap_major_version (pcap_t *)
int	pcap_minor_version (pcap_t *)
FILE *	pcap_file (pcap_t *)
int	pcap_fileno (pcap_t *)
pcap_dumper_t *	pcap_dump_open (pcap_t *, const char *)
void	pcap_dump_close (pcap_dumper_t *)
void	pcap_dump (u_char *, const struct pcap_pkthdr *, const u_char *)
int	pcap_findalldevs (pcap_if_t **, char *)
void	pcap_freealldevs (pcap_if_t *)
u_int	bpf_filter (struct bpf_insn *, u_char *, u_int, u_int)
int	bpf_validate (struct bpf_insn *f, int len)
char *	bpf_image (struct bpf_insn *, int)
void	bpf_dump (struct bpf_program *, int)

---

Define Documentation

#define PCAP_ERRBUF_SIZE   256

Definition at line 54 of file pcap.h. Referenced by add_addr_to_iflist(), add_or_find_if(), bpf_error(), bpf_open(), BPF_Program::Compile(), iface_bind_old(), iface_get_arptype(), iface_get_mtu(), live_open_new(), live_open_old(), main(), nit_setflags(), pcap_compile(), pcap_dump_open(), pcap_findalldevs(), pcap_getnonblock(), pcap_lookupdev(), pcap_lookupnet(), pcap_open_live(), pcap_open_offline(), pcap_read(), pcap_setfilter(), pcap_setnonblock(), pcap_stats(), PktInterfaceSrc::PktInterfaceSrc(), recv_ack(), send_request(), sf_next_packet(), and split_dname().

#define PCAP_IF_LOOPBACK   0x00000001

Definition at line 145 of file pcap.h. Referenced by add_or_find_if(), and pcap_lookupdev().

#define PCAP_VERSION_MAJOR   2

Definition at line 51 of file pcap.h. Referenced by pcap_open_offline(), and sf_write_header().

#define PCAP_VERSION_MINOR   4

Definition at line 52 of file pcap.h. Referenced by sf_write_header().

---

Typedef Documentation

typedef int bpf_int32

Definition at line 61 of file pcap.h.

typedef u_int bpf_u_int32

Definition at line 62 of file pcap.h.

typedef struct pcap_addr pcap_addr_t

Definition at line 68 of file pcap.h. Referenced by add_addr_to_iflist(), and pcap_freealldevs().

typedef struct pcap_dumper pcap_dumper_t

Definition at line 66 of file pcap.h. Referenced by PktDumper::Open(), PacketDumper::PacketDumper(), pcap_dump_close(), pcap_dump_open(), and PktDumper::PcapDumper().

typedef void(* pcap_handler)(u_char *, const struct pcap_pkthdr *, const u_char *)

Definition at line 158 of file pcap.h. Referenced by pcap_dispatch(), pcap_loop(), pcap_offline_read(), pcap_read(), and pcap_read_packet().

typedef struct pcap_if pcap_if_t

Definition at line 67 of file pcap.h. Referenced by add_addr_to_iflist(), add_or_find_if(), pcap_add_if(), pcap_findalldevs(), pcap_freealldevs(), and pcap_lookupdev().

typedef struct pcap pcap_t

Definition at line 65 of file pcap.h. Referenced by add_or_find_if(), bpf_open(), BPF_Program::Compile(), install_bpf_program(), live_open_new(), live_open_old(), map_arphrd_to_dlt(), pcap_close(), pcap_close_linux(), pcap_compile(), pcap_compile_nopcap(), pcap_datalink(), pcap_dispatch(), pcap_dump_open(), pcap_file(), pcap_fileno(), pcap_geterr(), pcap_getnonblock(), pcap_is_swapped(), pcap_loop(), pcap_major_version(), pcap_minor_version(), pcap_next(), pcap_offline_read(), pcap_open_dead(), pcap_open_live(), pcap_open_offline(), pcap_perror(), pcap_read(), pcap_read_packet(), pcap_setfilter(), pcap_setnonblock(), pcap_snapshot(), pcap_stats(), PktSrc::PcapHandle(), and sf_next_packet().

---

Function Documentation

void bpf_dump (  struct bpf_program *  , int  )

Definition at line 34 of file bpf_dump.c. References bpf_image(), option, p, printf(), and puts(). { struct bpf_insn *insn; int i; int n = p->bf_len; insn = p->bf_insns; if (option > 2) { printf("%d\n", n); for (i = 0; i < n; ++insn, ++i) { printf("%u %u %u %u\n", insn->code, insn->jt, insn->jf, insn->k); } return ; } if (option > 1) { for (i = 0; i < n; ++insn, ++i) printf("{ 0x%x, %d, %d, 0x%08x },\n", insn->code, insn->jt, insn->jf, insn->k); return; } for (i = 0; i < n; ++insn, ++i) { #ifdef BDEBUG extern int bids[]; printf(bids[i] > 0 ? "[%02d]" : " -- ", bids[i] - 1); #endif puts(bpf_image(insn, i)); } }

u_int bpf_filter (  struct bpf_insn *  , u_char *  , u_int  , u_int  )

Definition at line 181 of file bpf/net/bpf_filter.c. References BPF_A, BPF_ABS, BPF_ADD, BPF_ALU, BPF_AND, BPF_B, BPF_DIV, BPF_H, BPF_IMM, BPF_IND, BPF_JA, BPF_JEQ, BPF_JGE, BPF_JGT, BPF_JMP, BPF_JSET, BPF_K, BPF_LD, BPF_LDX, BPF_LEN, BPF_LSH, BPF_MEM, BPF_MEMWORDS, BPF_MISC, BPF_MSH, BPF_MUL, BPF_NEG, BPF_OR, BPF_RET, BPF_RSH, BPF_ST, BPF_STX, BPF_SUB, BPF_TAX, BPF_TXA, BPF_W, BPF_X, EXTRACT_LONG, EXTRACT_SHORT, int32, len, MLEN, p, and u_int32. { register u_int32 A, X; register int k; int32 mem[BPF_MEMWORDS]; #if defined(KERNEL) || defined(_KERNEL) struct mbuf *m, *n; int merr, len; if (buflen == 0) { m = (struct mbuf *)p; p = mtod(m, u_char *); buflen = MLEN(m); } else m = NULL; #endif if (pc == 0) /* * No filter means accept all. */ return (u_int)-1; A = 0; X = 0; --pc; while (1) { ++pc; switch (pc->code) { default: #if defined(KERNEL) || defined(_KERNEL) return 0; #else abort(); #endif case BPF_RET|BPF_K: return (u_int)pc->k; case BPF_RET|BPF_A: return (u_int)A; case BPF_LD|BPF_W|BPF_ABS: k = pc->k; if (k + sizeof(int32) > buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; A = m_xword(m, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_ABS: k = pc->k; if (k + sizeof(short) > buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; A = m_xhalf(m, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_ABS: k = pc->k; if (k >= buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; n = m; MINDEX(len, n, k); A = mtod(n, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LD|BPF_W|BPF_LEN: A = wirelen; continue; case BPF_LDX|BPF_W|BPF_LEN: X = wirelen; continue; case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; if (k + sizeof(int32) > buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; A = m_xword(m, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; if (k + sizeof(short) > buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; A = m_xhalf(m, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_IND: k = X + pc->k; if (k >= buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; n = m; MINDEX(len, n, k); A = mtod(n, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LDX|BPF_MSH|BPF_B: k = pc->k; if (k >= buflen) { #if defined(KERNEL) || defined(_KERNEL) if (m == NULL) return 0; n = m; MINDEX(len, n, k); X = (mtod(n, char *)[k] & 0xf) << 2; continue; #else return 0; #endif } X = (p[pc->k] & 0xf) << 2; continue; case BPF_LD|BPF_IMM: A = pc->k; continue; case BPF_LDX|BPF_IMM: X = pc->k; continue; case BPF_LD|BPF_MEM: A = mem[pc->k]; continue; case BPF_LDX|BPF_MEM: X = mem[pc->k]; continue; case BPF_ST: mem[pc->k] = A; continue; case BPF_STX: mem[pc->k] = X; continue; case BPF_JMP|BPF_JA: pc += pc->k; continue; case BPF_JMP|BPF_JGT|BPF_K: pc += (A > pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_K: pc += (A >= pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_K: pc += (A == pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_K: pc += (A & pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGT|BPF_X: pc += (A > X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_X: pc += (A >= X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_X: pc += (A == X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_X: pc += (A & X) ? pc->jt : pc->jf; continue; case BPF_ALU|BPF_ADD|BPF_X: A += X; continue; case BPF_ALU|BPF_SUB|BPF_X: A -= X; continue; case BPF_ALU|BPF_MUL|BPF_X: A *= X; continue; case BPF_ALU|BPF_DIV|BPF_X: if (X == 0) return 0; A /= X; continue; case BPF_ALU|BPF_AND|BPF_X: A &= X; continue; case BPF_ALU|BPF_OR|BPF_X: A |= X; continue; case BPF_ALU|BPF_LSH|BPF_X: A <<= X; continue; case BPF_ALU|BPF_RSH|BPF_X: A >>= X; continue; case BPF_ALU|BPF_ADD|BPF_K: A += pc->k; continue; case BPF_ALU|BPF_SUB|BPF_K: A -= pc->k; continue; case BPF_ALU|BPF_MUL|BPF_K: A *= pc->k; continue; case BPF_ALU|BPF_DIV|BPF_K: A /= pc->k; continue; case BPF_ALU|BPF_AND|BPF_K: A &= pc->k; continue; case BPF_ALU|BPF_OR|BPF_K: A |= pc->k; continue; case BPF_ALU|BPF_LSH|BPF_K: A <<= pc->k; continue; case BPF_ALU|BPF_RSH|BPF_K: A >>= pc->k; continue; case BPF_ALU|BPF_NEG: A = -A; continue; case BPF_MISC|BPF_TAX: X = A; continue; case BPF_MISC|BPF_TXA: A = X; continue; } } }

char* bpf_image (  struct bpf_insn *  , int  )

Definition at line 41 of file bpf_image.c. References BPF_A, BPF_ABS, BPF_ADD, BPF_ALU, BPF_AND, BPF_B, BPF_CLASS, BPF_DIV, BPF_H, BPF_IMM, BPF_IND, BPF_JA, BPF_JEQ, BPF_JGE, BPF_JGT, BPF_JMP, BPF_JSET, BPF_K, BPF_LD, BPF_LDX, BPF_LEN, BPF_LSH, BPF_MEM, BPF_MISC, BPF_MSH, BPF_MUL, BPF_NEG, BPF_OP, BPF_OR, BPF_RET, BPF_RSH, BPF_ST, BPF_STX, BPF_SUB, BPF_TAX, BPF_TXA, BPF_W, BPF_X, fmt, p, and snprintf(). Referenced by bpf_dump(). { int v; char *fmt, *op; static char image[256]; char operand[64]; v = p->k; switch (p->code) { default: op = "unimp"; fmt = "0x%x"; v = p->code; break; case BPF_RET|BPF_K: op = "ret"; fmt = "#%d"; break; case BPF_RET|BPF_A: op = "ret"; fmt = ""; break; case BPF_LD|BPF_W|BPF_ABS: op = "ld"; fmt = "[%d]"; break; case BPF_LD|BPF_H|BPF_ABS: op = "ldh"; fmt = "[%d]"; break; case BPF_LD|BPF_B|BPF_ABS: op = "ldb"; fmt = "[%d]"; break; case BPF_LD|BPF_W|BPF_LEN: op = "ld"; fmt = "#pktlen"; break; case BPF_LD|BPF_W|BPF_IND: op = "ld"; fmt = "[x + %d]"; break; case BPF_LD|BPF_H|BPF_IND: op = "ldh"; fmt = "[x + %d]"; break; case BPF_LD|BPF_B|BPF_IND: op = "ldb"; fmt = "[x + %d]"; break; case BPF_LD|BPF_IMM: op = "ld"; fmt = "#0x%x"; break; case BPF_LDX|BPF_IMM: op = "ldx"; fmt = "#0x%x"; break; case BPF_LDX|BPF_MSH|BPF_B: op = "ldxb"; fmt = "4*([%d]&0xf)"; break; case BPF_LD|BPF_MEM: op = "ld"; fmt = "M[%d]"; break; case BPF_LDX|BPF_MEM: op = "ldx"; fmt = "M[%d]"; break; case BPF_ST: op = "st"; fmt = "M[%d]"; break; case BPF_STX: op = "stx"; fmt = "M[%d]"; break; case BPF_JMP|BPF_JA: op = "ja"; fmt = "%d"; v = n + 1 + p->k; break; case BPF_JMP|BPF_JGT|BPF_K: op = "jgt"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JGE|BPF_K: op = "jge"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JEQ|BPF_K: op = "jeq"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JSET|BPF_K: op = "jset"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JGT|BPF_X: op = "jgt"; fmt = "x"; break; case BPF_JMP|BPF_JGE|BPF_X: op = "jge"; fmt = "x"; break; case BPF_JMP|BPF_JEQ|BPF_X: op = "jeq"; fmt = "x"; break; case BPF_JMP|BPF_JSET|BPF_X: op = "jset"; fmt = "x"; break; case BPF_ALU|BPF_ADD|BPF_X: op = "add"; fmt = "x"; break; case BPF_ALU|BPF_SUB|BPF_X: op = "sub"; fmt = "x"; break; case BPF_ALU|BPF_MUL|BPF_X: op = "mul"; fmt = "x"; break; case BPF_ALU|BPF_DIV|BPF_X: op = "div"; fmt = "x"; break; case BPF_ALU|BPF_AND|BPF_X: op = "and"; fmt = "x"; break; case BPF_ALU|BPF_OR|BPF_X: op = "or"; fmt = "x"; break; case BPF_ALU|BPF_LSH|BPF_X: op = "lsh"; fmt = "x"; break; case BPF_ALU|BPF_RSH|BPF_X: op = "rsh"; fmt = "x"; break; case BPF_ALU|BPF_ADD|BPF_K: op = "add"; fmt = "#%d"; break; case BPF_ALU|BPF_SUB|BPF_K: op = "sub"; fmt = "#%d"; break; case BPF_ALU|BPF_MUL|BPF_K: op = "mul"; fmt = "#%d"; break; case BPF_ALU|BPF_DIV|BPF_K: op = "div"; fmt = "#%d"; break; case BPF_ALU|BPF_AND|BPF_K: op = "and"; fmt = "#0x%x"; break; case BPF_ALU|BPF_OR|BPF_K: op = "or"; fmt = "#0x%x"; break; case BPF_ALU|BPF_LSH|BPF_K: op = "lsh"; fmt = "#%d"; break; case BPF_ALU|BPF_RSH|BPF_K: op = "rsh"; fmt = "#%d"; break; case BPF_ALU|BPF_NEG: op = "neg"; fmt = ""; break; case BPF_MISC|BPF_TAX: op = "tax"; fmt = ""; break; case BPF_MISC|BPF_TXA: op = "txa"; fmt = ""; break; } (void)snprintf(operand, sizeof operand, fmt, v); (void)snprintf(image, sizeof image, (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) ? "(%03d) %-8s %-16s jt %d\tjf %d" : "(%03d) %-8s %s", n, op, operand, n + 1 + p->jt, n + 1 + p->jf); return image; }

int bpf_validate (  struct bpf_insn *  f, int  len )

Definition at line 506 of file bpf/net/bpf_filter.c. References BPF_ALU, BPF_CLASS, BPF_DIV, BPF_JA, BPF_JMP, BPF_K, BPF_LD, BPF_MEM, BPF_MEMWORDS, BPF_OP, BPF_RET, BPF_ST, len, and p. { register int i; register struct bpf_insn *p; for (i = 0; i < len; ++i) { /* * Check that that jumps are forward, and within * the code block. */ p = &f[i]; if (BPF_CLASS(p->code) == BPF_JMP) { register int from = i + 1; if (BPF_OP(p->code) == BPF_JA) { if (from + p->k >= (unsigned)len) return 0; } else if (from + p->jt >= len || from + p->jf >= len) return 0; } /* * Check that memory operations use valid addresses. */ if ((BPF_CLASS(p->code) == BPF_ST || (BPF_CLASS(p->code) == BPF_LD && (p->code & 0xe0) == BPF_MEM)) && (p->k >= BPF_MEMWORDS || p->k < 0)) return 0; /* * Check for constant division by 0. */ if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) return 0; } return BPF_CLASS(f[len - 1].code) == BPF_RET; }

void pcap_close (  pcap_t *   )

Definition at line 268 of file pcap.c. References pcap_sf::base, pcap::buffer, close(), pcap::fcode, pcap::fd, p, pcap_close_linux(), pcap_freecode(), pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by add_or_find_if(), PktSrc::Close(), main(), pcap_close_all(), pcap_compile_nopcap(), and PktInterfaceSrc::PktInterfaceSrc(). { /*XXX*/ if (p->fd >= 0) { #ifdef linux pcap_close_linux(p); #endif close(p->fd); } if (p->sf.rfile != NULL) { if (p->sf.rfile != stdin) (void)fclose(p->sf.rfile); if (p->sf.base != NULL) free(p->sf.base); } else if (p->buffer != NULL) free(p->buffer); pcap_freecode(&p->fcode); free(p); }

int pcap_compile (  pcap_t *  , struct bpf_program *  , char *  , int  , bpf_u_int32  )

Definition at line 285 of file gencode.c. References bpf_program::bf_insns, bpf_program::bf_len, bpf_error(), BPF_K, bpf_optimize(), bpf_pcap, BPF_RET, bpf_u_int32, stmt::code, pcap::errbuf, freechunks(), gen_retblk(), icode_to_fcode(), init_linktype(), stmt::k, len, lex_cleanup(), lex_init(), n_errors, netmask, no_optimize, optimize, p, pcap_datalink(), PCAP_ERRBUF_SIZE, pcap_parse(), pcap_snapshot(), pcap_t, root, block::s, snaplen, snprintf(), syntax(), and top_ctx. Referenced by BPF_Program::Compile(), and pcap_compile_nopcap(). { extern int n_errors; int len; no_optimize = 0; n_errors = 0; root = NULL; bpf_pcap = p; if (setjmp(top_ctx)) { lex_cleanup(); freechunks(); return (-1); } netmask = mask; snaplen = pcap_snapshot(p); if (snaplen == 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snaplen of 0 rejects all packets"); return -1; } lex_init(buf ? buf : ""); init_linktype(pcap_datalink(p)); (void)pcap_parse(); if (n_errors) syntax(); if (root == NULL) root = gen_retblk(snaplen); if (optimize && !no_optimize) { bpf_optimize(&root); if (root == NULL || (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) bpf_error("expression rejects all packets"); } program->bf_insns = icode_to_fcode(root, &len); program->bf_len = len; lex_cleanup(); freechunks(); return (0); }

int pcap_compile_nopcap (  int  , int  , struct bpf_program *  , char *  , int  , bpf_u_int32  )

Definition at line 339 of file gencode.c. References bpf_u_int32, optimize, p, pcap_close(), pcap_compile(), pcap_open_dead(), and pcap_t. Referenced by BPF_Program::Compile(). { pcap_t *p; int ret; p = pcap_open_dead(linktype_arg, snaplen_arg); if (p == NULL) return (-1); ret = pcap_compile(p, program, buf, optimize, mask); pcap_close(p); return (ret); }

int pcap_datalink (  pcap_t *   )

Definition at line 120 of file pcap.c. References pcap::linktype, p, and pcap_t. Referenced by PktDumper::HdrSize(), PktSrc::LinkType(), main(), pcap_compile(), and PktSrc::SetHdrSize(). { return (p->linktype); }

int pcap_dispatch (  pcap_t *  , int  , pcap_handler  , u_char *  )

Definition at line 59 of file pcap.c. References p, pcap_handler, pcap_offline_read(), pcap_read(), pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by pcap_next(). { if (p->sf.rfile != NULL) return (pcap_offline_read(p, cnt, callback, user)); return (pcap_read(p, cnt, callback, user)); }

void pcap_dump (  u_char *  , const struct pcap_pkthdr *  , const u_char *  )

Definition at line 604 of file savefile.c. References pcap_sf_pkthdr::caplen, pcap_pkthdr::caplen, pcap_sf_pkthdr::len, pcap_pkthdr::len, pcap_sf_pkthdr::ts, pcap_pkthdr::ts, pcap_timeval::tv_sec, and pcap_timeval::tv_usec. Referenced by PktDumper::Dump(), and PacketDumper::DumpPacket(). { register FILE *f; struct pcap_sf_pkthdr sf_hdr; f = (FILE *)user; sf_hdr.ts.tv_sec = h->ts.tv_sec; sf_hdr.ts.tv_usec = h->ts.tv_usec; sf_hdr.caplen = h->caplen; sf_hdr.len = h->len; /* XXX we should check the return status */ (void)fwrite(&sf_hdr, sizeof(sf_hdr), 1, f); (void)fwrite((char *)sp, h->caplen, 1, f); }

void pcap_dump_close (  pcap_dumper_t *   )

Definition at line 651 of file savefile.c. References error(), p, and pcap_dumper_t. Referenced by PktDumper::Close(). { #ifdef notyet if (ferror((FILE *)p)) return-an-error; /* XXX should check return from fclose() too */ #endif (void)fclose((FILE *)p); }

pcap_dumper_t* pcap_dump_open (  pcap_t *  , const char *  )

Definition at line 623 of file savefile.c. References dlt_to_linktype(), pcap::errbuf, errno, pcap::linktype, p, pcap_dumper_t, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, sf_write_header(), pcap::snapshot, snprintf(), and pcap::tzoff. Referenced by PktDumper::Open(). { FILE *f; int linktype; linktype = dlt_to_linktype(p->linktype); if (linktype == -1) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: link-layer type %d isn't supported in savefiles", fname, linktype); return (NULL); } if (fname[0] == '-' && fname[1] == '\0') f = stdout; else { f = fopen(fname, "w"); if (f == NULL) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname, pcap_strerror(errno)); return (NULL); } } (void)sf_write_header(f, linktype, p->tzoff, p->snapshot); return ((pcap_dumper_t *)f); }

FILE* pcap_file (  pcap_t *   )

Definition at line 150 of file pcap.c. References p, pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by PktFileSrc::PktFileSrc(). { return (p->sf.rfile); }

int pcap_fileno (  pcap_t *   )

Definition at line 156 of file pcap.c. References pcap::fd, p, and pcap_t. Referenced by PktInterfaceSrc::PktInterfaceSrc(). { return (p->fd); }

int pcap_findalldevs (  pcap_if_t **  , char *  )

Definition at line 672 of file inet.c. References add_addr_to_iflist(), any_descr, close(), errno, ioctl(), malloc(), pcap_add_if(), PCAP_ERRBUF_SIZE, pcap_freealldevs(), pcap_if_t, pcap_strerror(), SA_LEN, snprintf(), and socket(). Referenced by pcap_lookupdev(). { pcap_if_t *devlist = NULL; register int fd; register struct ifreq *ifrp, *ifend, *ifnext; int n; struct ifconf ifc; char *buf = NULL; unsigned buf_size; struct ifreq ifrflags, ifrnetmask, ifrbroadaddr, ifrdstaddr; struct sockaddr *netmask, *broadaddr, *dstaddr; int ret = 0; /* * Create a socket from which to fetch the list of interfaces. */ fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); return (-1); } /* * Start with an 8K buffer, and keep growing the buffer until * we get the entire interface list or fail to get it for some * reason other than EINVAL (which is presumed here to mean * "buffer is too small"). */ buf_size = 8192; for (;;) { buf = malloc(buf_size); if (buf == NULL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); (void)close(fd); return (-1); } ifc.ifc_len = buf_size; ifc.ifc_buf = buf; memset(buf, 0, buf_size); if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0 && errno != EINVAL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFCONF: %s", pcap_strerror(errno)); (void)close(fd); free(buf); return (-1); } if (ifc.ifc_len < buf_size) break; free(buf); buf_size *= 2; } ifrp = (struct ifreq *)buf; ifend = (struct ifreq *)(buf + ifc.ifc_len); for (; ifrp < ifend; ifrp = ifnext) { n = SA_LEN(&ifrp->ifr_addr) + sizeof(ifrp->ifr_name); if (n < sizeof(*ifrp)) ifnext = ifrp + 1; else ifnext = (struct ifreq *)((char *)ifrp + n); /* * Get the flags for this interface, and skip it if it's * not up. */ strncpy(ifrflags.ifr_name, ifrp->ifr_name, sizeof(ifrflags.ifr_name)); if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) { if (errno == ENXIO) continue; (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFFLAGS: %.*s: %s", (int)sizeof(ifrflags.ifr_name), ifrflags.ifr_name, pcap_strerror(errno)); ret = -1; break; } if (!(ifrflags.ifr_flags & IFF_UP)) continue; /* * Get the netmask for this address on this interface. */ strncpy(ifrnetmask.ifr_name, ifrp->ifr_name, sizeof(ifrnetmask.ifr_name)); memcpy(&ifrnetmask.ifr_addr, &ifrp->ifr_addr, sizeof(ifrnetmask.ifr_addr)); if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifrnetmask) < 0) { if (errno == EADDRNOTAVAIL) { /* * Not available. */ netmask = NULL; } else { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFNETMASK: %.*s: %s", (int)sizeof(ifrnetmask.ifr_name), ifrnetmask.ifr_name, pcap_strerror(errno)); ret = -1; break; } } else netmask = &ifrnetmask.ifr_addr; /* * Get the broadcast address for this address on this * interface (if any). */ if (ifrflags.ifr_flags & IFF_BROADCAST) { strncpy(ifrbroadaddr.ifr_name, ifrp->ifr_name, sizeof(ifrbroadaddr.ifr_name)); memcpy(&ifrbroadaddr.ifr_addr, &ifrp->ifr_addr, sizeof(ifrbroadaddr.ifr_addr)); if (ioctl(fd, SIOCGIFBRDADDR, (char *)&ifrbroadaddr) < 0) { if (errno == EADDRNOTAVAIL) { /* * Not available. */ broadaddr = NULL; } else { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFBRDADDR: %.*s: %s", (int)sizeof(ifrbroadaddr.ifr_name), ifrbroadaddr.ifr_name, pcap_strerror(errno)); ret = -1; break; } } else broadaddr = &ifrbroadaddr.ifr_broadaddr; } else { /* * Not a broadcast interface, so no broadcast * address. */ broadaddr = NULL; } /* * Get the destination address for this address on this * interface (if any). */ if (ifrflags.ifr_flags & IFF_POINTOPOINT) { strncpy(ifrdstaddr.ifr_name, ifrp->ifr_name, sizeof(ifrdstaddr.ifr_name)); memcpy(&ifrdstaddr.ifr_addr, &ifrp->ifr_addr, sizeof(ifrdstaddr.ifr_addr)); if (ioctl(fd, SIOCGIFDSTADDR, (char *)&ifrdstaddr) < 0) { if (errno == EADDRNOTAVAIL) { /* * Not available. */ dstaddr = NULL; } else { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFDSTADDR: %.*s: %s", (int)sizeof(ifrdstaddr.ifr_name), ifrdstaddr.ifr_name, pcap_strerror(errno)); ret = -1; break; } } else dstaddr = &ifrdstaddr.ifr_dstaddr; } else dstaddr = NULL; /* * Add information for this address to the list. */ if (add_addr_to_iflist(&devlist, ifrp->ifr_name, ifrflags.ifr_flags, &ifrp->ifr_addr, netmask, broadaddr, dstaddr, errbuf) < 0) { ret = -1; break; } } free(buf); #ifdef HAVE_PROC_NET_DEV if (ret != -1) { /* * We haven't had any errors yet; now read "/proc/net/dev", * and add to the list of interfaces all interfaces listed * there that we don't already have, because, on Linux, * SIOCGIFCONF reports only interfaces with IPv4 addresses, * so you need to read "/proc/net/dev" to get the names of * the rest of the interfaces. */ ret = scan_proc_net_dev(&devlist, fd, errbuf); } #endif (void)close(fd); if (ret != -1) { /* * We haven't had any errors yet; add the "any" device, * if we can open it. */ if (pcap_add_if(&devlist, "any", 0, any_descr, errbuf) < 0) { /* * Oops, we had a fatal error. */ ret = -1; } } if (ret == -1) { /* * We had an error; free the list we've been constructing. */ if (devlist != NULL) { pcap_freealldevs(devlist); devlist = NULL; } } *alldevsp = devlist; return (ret); }

void pcap_freealldevs (  pcap_if_t *   )

Definition at line 907 of file inet.c. References pcap_addr::addr, pcap_if::addresses, pcap_addr::broadaddr, pcap_if::description, pcap_addr::dstaddr, pcap_if::name, pcap_addr::netmask, pcap_addr::next, pcap_if::next, pcap_addr_t, and pcap_if_t. Referenced by pcap_findalldevs(), and pcap_lookupdev(). { pcap_if_t *curdev, *nextdev; pcap_addr_t *curaddr, *nextaddr; for (curdev = alldevs; curdev != NULL; curdev = nextdev) { nextdev = curdev->next; /* * Free all addresses. */ for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) { nextaddr = curaddr->next; if (curaddr->addr) free(curaddr->addr); if (curaddr->netmask) free(curaddr->netmask); if (curaddr->broadaddr) free(curaddr->broadaddr); if (curaddr->dstaddr) free(curaddr->dstaddr); free(curaddr); } /* * Free the name string. */ free(curdev->name); /* * Free the description string, if any. */ if (curdev->description != NULL) free(curdev->description); /* * Free the interface. */ free(curdev); } }

void pcap_freecode (  struct bpf_program *   )

Definition at line 359 of file gencode.c. References bpf_program::bf_insns, and bpf_program::bf_len. Referenced by BPF_Program::FreeCode(), install_bpf_program(), and pcap_close(). { program->bf_len = 0; if (program->bf_insns != NULL) { free((char *)program->bf_insns); program->bf_insns = NULL; } }

char* pcap_geterr (  pcap_t *   )

Definition at line 168 of file pcap.c. References pcap::errbuf, p, and pcap_t. Referenced by bpf_error(), BPF_Program::Compile(), PktDumper::Open(), and PktSrc::SetFilter(). { return (p->errbuf); }

int pcap_getnonblock (  pcap_t *  , char *  )

Definition at line 179 of file pcap.c. References pcap::errbuf, errno, pcap::fd, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_sf::rfile, pcap::sf, and snprintf(). { int fdflags; if (p->sf.rfile != NULL) { /* * This is a savefile, not a live capture file, so * never say it's in non-blocking mode. */ return (0); } fdflags = fcntl(p->fd, F_GETFL, 0); if (fdflags == -1) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", pcap_strerror(errno)); return (-1); } if (fdflags & O_NONBLOCK) return (1); else return (0); }

int pcap_is_swapped (  pcap_t *   )

Definition at line 132 of file pcap.c. References p, pcap_t, pcap::sf, and pcap_sf::swapped. { return (p->sf.swapped); }

char* pcap_lookupdev (  char *   )

Definition at line 955 of file inet.c. References pcap_if::flags, IF_NAMESIZE, pcap_if::name, PCAP_ERRBUF_SIZE, pcap_findalldevs(), pcap_freealldevs(), PCAP_IF_LOOPBACK, pcap_if_t, and strlcpy. Referenced by PktInterfaceSrc::PktInterfaceSrc(). { pcap_if_t *alldevs; /* for old BSD systems, including bsdi3 */ #ifndef IF_NAMESIZE #define IF_NAMESIZE IFNAMSIZ #endif static char device[IF_NAMESIZE + 1]; char *ret; if (pcap_findalldevs(&alldevs, errbuf) == -1) return (NULL); if (alldevs == NULL || (alldevs->flags & PCAP_IF_LOOPBACK)) { /* * There are no devices on the list, or the first device * on the list is a loopback device, which means there * are no non-loopback devices on the list. This means * we can't return any device. * * XXX - why not return a loopback device? If we can't * capture on it, it won't be on the list, and if it's * on the list, there aren't any non-loopback devices, * so why not just supply it as the default device? */ (void)strlcpy(errbuf, "no suitable device found", PCAP_ERRBUF_SIZE); ret = NULL; } else { /* * Return the name of the first device on the list. */ (void)strlcpy(device, alldevs->name, sizeof(device)); ret = device; } pcap_freealldevs(alldevs); return (ret); }

int pcap_lookupnet (  char *  , bpf_u_int32 *  , bpf_u_int32 *  , char *  )

Definition at line 997 of file inet.c. References bpf_u_int32, close(), errno, ioctl(), PCAP_ERRBUF_SIZE, pcap_strerror(), snprintf(), and socket(). Referenced by PktInterfaceSrc::PktInterfaceSrc(). { register int fd; register struct sockaddr_in *sin; struct ifreq ifr; /* * The pseudo-device "any" listens on all interfaces and therefore * has the network address and -mask "0.0.0.0" therefore catching * all traffic. Using NULL for the interface is the same as "any". */ if (!device || strcmp(device, "any") == 0) { *netp = *maskp = 0; return 0; } fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", pcap_strerror(errno)); return (-1); } memset(&ifr, 0, sizeof(ifr)); #ifdef linux /* XXX Work around Linux kernel bug */ ifr.ifr_addr.sa_family = AF_INET; #endif (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { if (errno == EADDRNOTAVAIL) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: no IPv4 address assigned", device); } else { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFADDR: %s: %s", device, pcap_strerror(errno)); } (void)close(fd); return (-1); } sin = (struct sockaddr_in *)&ifr.ifr_addr; *netp = sin->sin_addr.s_addr; if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFNETMASK: %s: %s", device, pcap_strerror(errno)); (void)close(fd); return (-1); } (void)close(fd); *maskp = sin->sin_addr.s_addr; if (*maskp == 0) { if (IN_CLASSA(*netp)) *maskp = IN_CLASSA_NET; else if (IN_CLASSB(*netp)) *maskp = IN_CLASSB_NET; else if (IN_CLASSC(*netp)) *maskp = IN_CLASSC_NET; else { (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "inet class for 0x%x unknown", *netp); return (-1); } } *netp &= *maskp; return (0); }

int pcap_loop (  pcap_t *  , int  , pcap_handler  , u_char *  )

Definition at line 68 of file pcap.c. References p, pcap_handler, pcap_offline_read(), pcap_read(), pcap_t, pcap_sf::rfile, and pcap::sf. Referenced by main(). { register int n; for (;;) { if (p->sf.rfile != NULL) n = pcap_offline_read(p, cnt, callback, user); else { /* * XXX keep reading until we get something * (or an error occurs) */ do { n = pcap_read(p, cnt, callback, user); } while (n == 0); } if (n <= 0) return (n); if (cnt > 0) { cnt -= n; if (cnt <= 0) return (0); } } }

int pcap_major_version (  pcap_t *   )

Definition at line 138 of file pcap.c. References p, pcap_t, pcap::sf, and pcap_sf::version_major. { return (p->sf.version_major); }

int pcap_minor_version (  pcap_t *   )

Definition at line 144 of file pcap.c. References p, pcap_t, pcap::sf, and pcap_sf::version_minor. { return (p->sf.version_minor); }

const u_char* pcap_next (  pcap_t *  , struct pcap_pkthdr *  )

Definition at line 109 of file pcap.c. References singleton::hdr, p, pcap_dispatch(), pcap_oneshot(), pcap_t, and singleton::pkt. Referenced by PktSrc::ExtractNextPacket(). { struct singleton s; s.hdr = h; if (pcap_dispatch(p, 1, pcap_oneshot, (u_char*)&s) <= 0) return (0); return (s.pkt); }

pcap_t* pcap_open_dead (  int  , int  )

Definition at line 253 of file pcap.c. References pcap::fd, pcap::linktype, malloc(), p, pcap_t, snaplen, and pcap::snapshot. Referenced by pcap_compile_nopcap(), and PktDumper::PktDumper(). { pcap_t *p; p = malloc(sizeof(*p)); if (p == NULL) return NULL; memset (p, 0, sizeof(*p)); p->fd = -1; p->snapshot = snaplen; p->linktype = linktype; return p; }

pcap_t* pcap_open_live (  char *  , int  , int  , int  , char *  )

Definition at line 202 of file pcap-bpf.c. References bind(), BIOCGBLEN, BIOCGDLT, BIOCIMMEDIATE, BIOCPROMISC, BIOCSBLEN, BIOCSETIF, BIOCSRTIMEOUT, BIOCVERSION, BPF_MAJOR_VERSION, BPF_MINOR_VERSION, bpf_open(), pcap::buffer, pcap::bufsize, bpf_version::bv_major, bpf_version::bv_minor, close(), DLT_CHDLC, DLT_EN10MB, DLT_FDDI, DLT_FRELAY, DLT_IEEE802, DLT_NULL, DLT_PPP, DLT_PPP_BSDOS, DLT_RAW, DLT_SLIP, DLT_SLIP_BSDOS, errno, pcap::fd, ioctl(), pcap::linktype, malloc(), pcap::offset, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, setsockopt(), snaplen, pcap::snapshot, snprintf(), and socket(). Referenced by add_or_find_if(), and PktInterfaceSrc::PktInterfaceSrc(). { int fd; struct ifreq ifr; struct bpf_version bv; u_int v; pcap_t *p; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); return (NULL); } memset(p, 0, sizeof(*p)); fd = bpf_open(p, ebuf); if (fd < 0) goto bad; p->fd = fd; p->snapshot = snaplen; if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s", pcap_strerror(errno)); goto bad; } if (bv.bv_major != BPF_MAJOR_VERSION || bv.bv_minor < BPF_MINOR_VERSION) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "kernel bpf filter out of date"); goto bad; } /* * Try finding a good size for the buffer; 32768 may be too * big, so keep cutting it in half until we find a size * that works, or run out of sizes to try. If the default * is larger, don't make it smaller. * * XXX - there should be a user-accessible hook to set the * initial buffer size. */ if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768) v = 32768; for ( ; v != 0; v >>= 1) { /* Ignore the return value - this is because the call fails * on BPF systems that don't have kernel malloc. And if * the call fails, it's no big deal, we just continue to * use the standard buffer size. */ (void) ioctl(fd, BIOCSBLEN, (caddr_t)&v); (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0) break; /* that size worked; we're done */ if (errno != ENOBUFS) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s", device, pcap_strerror(errno)); goto bad; } } if (v == 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSBLEN: %s: No buffer size worked", device); goto bad; } /* Get the data link layer type. */ if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s", pcap_strerror(errno)); goto bad; } #ifdef _AIX /* * AIX's BPF returns IFF_ types, not DLT_ types, in BIOCGDLT. */ switch (v) { case IFT_ETHER: case IFT_ISO88023: v = DLT_EN10MB; break; case IFT_FDDI: v = DLT_FDDI; break; case IFT_ISO88025: v = DLT_IEEE802; break; default: /* * We don't know what to map this to yet. */ snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown interface type %u", v); goto bad; } #endif #if _BSDI_VERSION - 0 >= 199510 /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */ switch (v) { case DLT_SLIP: v = DLT_SLIP_BSDOS; break; case DLT_PPP: v = DLT_PPP_BSDOS; break; case 11: /*DLT_FR*/ v = DLT_FRELAY; break; case 12: /*DLT_C_HDLC*/ v = DLT_CHDLC; break; } #endif p->linktype = v; /* set timeout */ if (to_ms != 0) { struct timeval to; to.tv_sec = to_ms / 1000; to.tv_usec = (to_ms * 1000) % 1000000; if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s", pcap_strerror(errno)); goto bad; } } #ifdef _AIX #ifdef BIOCIMMEDIATE /* * Darren Reed notes that * * On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the * timeout appears to be ignored and it waits until the buffer * is filled before returning. The result of not having it * set is almost worse than useless if your BPF filter * is reducing things to only a few packets (i.e. one every * second or so). * * so we turn BIOCIMMEDIATE mode on if this is AIX. * * We don't turn it on for other platforms, as that means we * get woken up for every packet, which may not be what we want; * in the Winter 1993 USENIX paper on BPF, they say: * * Since a process might want to look at every packet on a * network and the time between packets can be only a few * microseconds, it is not possible to do a read system call * per packet and BPF must collect the data from several * packets and return it as a unit when the monitoring * application does a read. * * which I infer is the reason for the timeout - it means we * wait that amount of time, in the hopes that more packets * will arrive and we'll get them all with one read. * * Setting BIOCIMMEDIATE mode on FreeBSD (and probably other * BSDs) causes the timeout to be ignored. * * On the other hand, some platforms (e.g., Linux) don't support * timeouts, they just hand stuff to you as soon as it arrives; * if that doesn't cause a problem on those platforms, it may * be OK to have BIOCIMMEDIATE mode on BSD as well. * * (Note, though, that applications may depend on the read * completing, even if no packets have arrived, when the timeout * expires, e.g. GUI applications that have to check for input * while waiting for packets to arrive; a non-zero timeout * prevents "select()" from working right on FreeBSD and * possibly other BSDs, as the timer doesn't start until a * "read()" is done, so the timer isn't in effect if the * application is blocked on a "select()", and the "select()" * doesn't get woken up for a BPF device until the buffer * fills up.) */ v = 1; if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s", pcap_strerror(errno)); goto bad; } #endif /* BIOCIMMEDIATE */ #endif /* _AIX */ if (promisc) { /* set promiscuous mode, okay if it fails */ if (ioctl(p->fd, BIOCPROMISC, NULL) < 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCPROMISC: %s", pcap_strerror(errno)); } } if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s", pcap_strerror(errno)); goto bad; } p->bufsize = v; p->buffer = (u_char *)malloc(p->bufsize); if (p->buffer == NULL) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); goto bad; } return (p); bad: (void)close(fd); free(p); return (NULL); }

pcap_t* pcap_open_offline (  const char *  , char *  )

Definition at line 360 of file savefile.c. References pcap_sf::base, BPF_ALIGNMENT, BPF_MAXBUFSIZE, bpf_u_int32, pcap::buffer, pcap::bufsize, DLT_EN10MB, DLT_FDDI, DLT_NULL, errno, pcap::fd, pcap_sf::hdrsize, pcap::linktype, linktype_to_dlt(), malloc(), p, PATCHED_TCPDUMP_MAGIC, PCAP_ERRBUF_SIZE, pcap_fddipad, pcap_strerror(), pcap_t, PCAP_VERSION_MAJOR, pcap_sf::rfile, pcap::sf, pcap::snapshot, snprintf(), strlcpy, swap_hdr(), SWAPLONG, pcap_sf::swapped, TCPDUMP_MAGIC, pcap::tzoff, pcap_sf::version_major, and pcap_sf::version_minor. Referenced by main(), and PktFileSrc::PktFileSrc(). { register pcap_t *p; register FILE *fp; struct pcap_file_header hdr; bpf_u_int32 magic; int linklen; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE); return (NULL); } memset((char *)p, 0, sizeof(*p)); /* * Set this field so we don't close stdin in pcap_close! */ p->fd = -1; if (fname[0] == '-' && fname[1] == '\0') fp = stdin; else { fp = fopen(fname, "r"); if (fp == NULL) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname, pcap_strerror(errno)); goto bad; } } if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "fread: %s", pcap_strerror(errno)); goto bad; } magic = hdr.magic; if (magic != TCPDUMP_MAGIC && magic != PATCHED_TCPDUMP_MAGIC) { magic = SWAPLONG(magic); if (magic != TCPDUMP_MAGIC && magic != PATCHED_TCPDUMP_MAGIC) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "bad dump file format"); goto bad; } p->sf.swapped = 1; swap_hdr(&hdr); } if (magic == PATCHED_TCPDUMP_MAGIC) { /* * XXX - the patch that's in some versions of libpcap * changes the packet header but not the magic number; * we'd have to use some hacks^H^H^H^H^Hheuristics to * detect that. */ p->sf.hdrsize = sizeof(struct pcap_sf_patched_pkthdr); } else p->sf.hdrsize = sizeof(struct pcap_sf_pkthdr); if (hdr.version_major < PCAP_VERSION_MAJOR) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "archaic file format"); goto bad; } p->tzoff = hdr.thiszone; p->snapshot = hdr.snaplen; p->linktype = linktype_to_dlt(hdr.linktype); p->sf.rfile = fp; p->bufsize = hdr.snaplen; /* Align link header as required for proper data alignment */ /* XXX should handle all types */ switch (p->linktype) { case DLT_EN10MB: linklen = 14; break; case DLT_FDDI: linklen = 13 + 8; /* fddi_header + llc */ break; case DLT_NULL: default: linklen = 0; break; } if (p->bufsize < 0) p->bufsize = BPF_MAXBUFSIZE; p->sf.base = (u_char *)malloc(p->bufsize + BPF_ALIGNMENT); if (p->sf.base == NULL) { strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE); goto bad; } p->buffer = p->sf.base + BPF_ALIGNMENT - (linklen % BPF_ALIGNMENT); p->sf.version_major = hdr.version_major; p->sf.version_minor = hdr.version_minor; #ifdef PCAP_FDDIPAD /* XXX padding only needed for kernel fcode */ pcap_fddipad = 0; #endif return (p); bad: free(p); return (NULL); }

void pcap_perror (  pcap_t *  , char *  )

Definition at line 162 of file pcap.c. References pcap::errbuf, p, and pcap_t. { fprintf(stderr, "%s: %s\n", prefix, p->errbuf); }

int pcap_setfilter (  pcap_t *  , struct bpf_program *  )

Definition at line 427 of file pcap-bpf.c. References BIOCSETF, pcap::errbuf, errno, pcap::fd, install_bpf_program(), ioctl(), no_optimize, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_sf::rfile, pcap::sf, and snprintf(). Referenced by PktSrc::SetFilter(). { /* * It looks that BPF code generated by gen_protochain() is not * compatible with some of kernel BPF code (for example BSD/OS 3.1). * Take a safer side for now. */ if (no_optimize) { if (install_bpf_program(p, fp) < 0) return (-1); } else if (p->sf.rfile != NULL) { if (install_bpf_program(p, fp) < 0) return (-1); } else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s", pcap_strerror(errno)); return (-1); } return (0); }

int pcap_setnonblock (  pcap_t *  , int  , char *  )

Definition at line 203 of file pcap.c. References pcap::errbuf, errno, pcap::fd, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_sf::rfile, pcap::sf, and snprintf(). Referenced by PktInterfaceSrc::PktInterfaceSrc(). { int fdflags; if (p->sf.rfile != NULL) { /* * This is a savefile, not a live capture file, so * ignore requests to put it in non-blocking mode. */ return (0); } fdflags = fcntl(p->fd, F_GETFL, 0); if (fdflags == -1) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s", pcap_strerror(errno)); return (-1); } if (nonblock) fdflags |= O_NONBLOCK; else fdflags &= ~O_NONBLOCK; if (fcntl(p->fd, F_SETFL, fdflags) == -1) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s", pcap_strerror(errno)); return (-1); } return (0); }

int pcap_snapshot (  pcap_t *   )

Definition at line 126 of file pcap.c. References p, pcap_t, and pcap::snapshot. Referenced by pcap_compile(). { return (p->snapshot); }

int pcap_stats (  pcap_t *  , struct pcap_stat *  )

Definition at line 66 of file pcap-bpf.c. References BIOCGSTATS, bpf_stat::bs_drop, bpf_stat::bs_recv, pcap::errbuf, errno, pcap::fd, ioctl(), pcap::md, p, PCAP_ERRBUF_SIZE, pcap_strerror(), pcap_t, pcap_stat::ps_drop, pcap_stat::ps_recv, snprintf(), and pcap_md::stat. Referenced by PktSrc::Statistics(). { struct bpf_stat s; /* * "ps_recv" counts packets handed to the filter, not packets * that passed the filter. This includes packets later dropped * because we ran out of buffer space. * * "ps_drop" counts packets dropped inside the BPF device * because we ran out of buffer space. It doesn't count * packets dropped by the interface driver. It counts * only packets that passed the filter. * * Both statistics include packets not yet read from the kernel * by libpcap, and thus not yet seen by the application. */ if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s", pcap_strerror(errno)); return (-1); } ps->ps_recv = s.bs_recv; ps->ps_drop = s.bs_drop; return (0); }

char* pcap_strerror (  int   )

Definition at line 236 of file pcap.c. References snprintf(), and strerror(). Referenced by add_addr_to_iflist(), add_or_find_if(), bpf_open(), iface_bind_old(), iface_get_arptype(), iface_get_mtu(), install_bpf_program(), live_open_new(), live_open_old(), nit_setflags(), pcap_dump_open(), pcap_findalldevs(), pcap_getnonblock(), pcap_lookupnet(), pcap_open_live(), pcap_open_offline(), pcap_read(), pcap_read_packet(), pcap_setfilter(), pcap_setnonblock(), pcap_stats(), recv_ack(), and send_request(). { #ifdef HAVE_STRERROR return (strerror(errnum)); #else extern int sys_nerr; extern const char *const sys_errlist[]; static char ebuf[20]; if ((unsigned int)errnum < sys_nerr) return ((char *)sys_errlist[errnum]); (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); return(ebuf); #endif }

---