d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Resolve merge conflicts

Browse Source 
Approved by:	re (kensmith)
Obtained from:	tcpdump.org
This commit is contained in:
Max Laier 2007-10-16 02:07:55 +00:00
parent 1f372e4dae
commit 5357e0fedb
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=172680
12 changed files with 964 additions and 892 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

342
contrib/libpcap/INSTALL
View File

@ -1,342 +0,0 @@
@(#) $Header: /tcpdump/master/libpcap/INSTALL,v 1.46 2000/12/16 09:05:11 guy Exp $ (LBL)
To build libpcap, run "./configure" (a shell script). The configure
script will determine your system attributes and generate an
appropriate Makefile from Makefile.in. Next run "make". If everything
goes well you can su to root and run "make install". However, you need
not install libpcap if you just want to build tcpdump; just make sure
the tcpdump and libpcap directory trees have the same parent
directory.
If configure says:
configure: warning: cannot determine packet capture interface
configure: warning: (see INSTALL for more info)
then your system either does not support packet capture or your system
does support packet capture but libpcap does not support that
particular type. (If you have HP-UX, see below.) If your system uses a
packet capture not supported by libpcap, please send us patches; don't
forget to include an autoconf fragment suitable for use in
configure.in.
It is possible to override the default packet capture type, although
the circumstance where this works are limited. For example if you have
installed bpf under SunOS 4 and wish to build a snit libpcap:
./configure --with-pcap=snit
Another example is to force a supported packet capture type in the case
where the configure scripts fails to detect it.
You will need an ANSI C compiler to build libpcap. The configure script
will abort if your compiler is not ANSI compliant. If this happens, use
the GNU C compiler, available via anonymous ftp:
ftp://ftp.gnu.org/pub/gnu/gcc/
If you use flex, you must use version 2.4.6 or higher. The configure
script automatically detects the version of flex and will not use it
unless it is new enough. You can use "flex -V" to see what version you
have (unless it's really old). The current version of flex is available
via anonymous ftp:
ftp://ftp.ee.lbl.gov/flex-*.tar.Z
As of this writing, the current version is 2.5.4.
If you use bison, you must use flex (and visa versa). The configure
script automatically falls back to lex and yacc if both flex and bison
are not found.
Sometimes the stock C compiler does not interact well with flex and
bison. The list of problems includes undefined references for alloca.
You can get around this by installing gcc or manually disabling flex
and bison with:
./configure --without-flex --without-bison
If your system only has AT&T lex, this is okay unless your libpcap
program uses other lex/yacc generated code. (Although it's possible to
map the yy* identifiers with a script, we use flex and bison so we
don't feel this is necessary.)
Some systems support the Berkeley Packet Filter natively; for example
out of the box OSF and BSD/OS have bpf. If your system does not support
bpf, you will need to pick up:
ftp://ftp.ee.lbl.gov/bpf-*.tar.Z
Note well: you MUST have kernel source for your operating system in
order to install bpf. An exception is SunOS 4; the bpf distribution
includes replacement kernel objects for some of the standard SunOS 4
network device drivers. See the bpf INSTALL document for more
information.
If you use Solaris, there is a bug with bufmod(7) that is fixed in
Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the
broken bufmod(7) results in data be truncated from the FRONT of the
packet instead of the end. The work around is to not set a snapshot
length but this results in performance problems since the entire packet
is copied to user space. If you must run an older version of Solaris,
there is a patch available from Sun; ask for bugid 1149065. After
installing the patch, use "setenv BUFMOD_FIXED" to enable use of
bufmod(7). However, we recommend you run a more current release of
Solaris.
If you use the SPARCompiler, you must be careful to not use the
/usr/ucb/cc interface. If you do, you will get bogus warnings and
perhaps errors. Either make sure your path has /opt/SUNWspro/bin
before /usr/ucb or else:
setenv CC /opt/SUNWspro/bin/cc
before running configure. (You might have to do a "make distclean"
if you already ran configure once).
Also note that "make depend" won't work; while all of the known
universe uses -M, the SPARCompiler uses -xM to generate makefile
dependencies.
If you are trying to do packet capture with a FORE ATM card, you may or
may not be able to. They usually only release their driver in object
code so unless their driver supports packet capture, there's not much
libpcap can do.
If you get an error like:
tcpdump: recv_ack: bind error 0x???
when using DLPI, look for the DL_ERROR_ACK error return values, usually
in /usr/include/sys/dlpi.h, and find the corresponding value.
Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be
enabled before it can be used. For instructions on how to enable packet
filter support, see:
ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX
Look for the "How do I configure the Berkeley Packet Filter and capture
tcpdump traces?" item.
Once you enable packet filter support, your OSF system will support bpf
natively.
Under Ultrix, packet capture must be enabled before it can be used. For
instructions on how to enable packet filter support, see:
ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix
If you use HP-UX, you must have at least version 9 and either the
version of cc that supports ANSI C (cc -Aa) or else use the GNU C
compiler. You must also buy the optional streams package. If you don't
have:
/usr/include/sys/dlpi.h
/usr/include/sys/dlpi_ext.h
then you don't have the streams package. In addition, we believe you
need to install the "9.X LAN and DLPI drivers cumulative" patch
(PHNE_6855) to make the version 9 DLPI work with libpcap.
The DLPI streams package is standard starting with HP-UX 10.
The HP implementation of DLPI is a little bit eccentric. Unlike
Solaris, you must attach /dev/dlpi instead of the specific /dev/*
network pseudo device entry in order to capture packets. The PPA is
based on the ifnet "index" number. Under HP-UX 9, it is necessary to
read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,
DLPI can provide information for determining the PPA. It does not seem
to be possible to trace the loopback interface. Unlike other DLPI
implementations, PHYS implies MULTI and SAP and you get an error if you
try to enable more than one promiscuous mode at a time.
It is impossible to capture outbound packets on HP-UX 9. To do so on
HP-UX 10, you will, apparently, need a late "LAN products cumulative
patch" (at one point, it was claimed that this would be PHNE_18173 for
s700/10.20; at another point, it was claimed that the required patches
were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do
so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI
patches and the latest driver patch for the interface(s) in use on HP-UX
11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826,
PHNE_20008, and PHNE_20735 did the trick).
Furthermore, on HP-UX 10, you will need to turn on a kernel switch by
doing
echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem
You would have to arrange that this happen on reboots; the right way to
do that would probably be to put it into an executable script file
"/sbin/init.d/outbound_promisc" and making
"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script.
Finally, testing shows that there can't be more than one simultaneous
DLPI user per network interface.
If you use Linux, this version of libpcap is known to compile and run
under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X
versions but is guaranteed not to work with 1.X kernels. Running more
than one libpcap program at a time, on a system with a 2.0.X kernel, can
cause problems since promiscuous mode is implemented by twiddling the
interface flags from the libpcap application; the packet capture
mechanism in the 2.2 and later kernels doesn't have this problem. Also,
packet timestamps aren't very good. This appears to be due to haphazard
handling of the timestamp in the kernel.
Note well: there is rumoured to be a version of tcpdump floating around
called 3.0.3 that includes libpcap and is supposed to support Linux.
You should be advised that neither the Network Research Group at LBNL
nor the Tcpdump Group ever generated a release with this version number.
The LBNL Network Research Group notes with interest that a standard
cracker trick to get people to install trojans is to distribute bogus
packages that have a version number higher than the current release.
They also noted with annoyance that 90% of the Linux related bug reports
they got are due to changes made to unofficial versions of their page.
If you are having trouble but aren't using a version that came from
tcpdump.org, please try that before submitting a bug report!
On Linux, libpcap will not work if the kernel does not have the packet
socket option enabled; see the README.linux file for information about
this.
If you use AIX, you may not be able to build libpcap from this release.
libpcap. We do not have an AIX system in house so it's impossible for
us to test AIX patches submitted to us. We are told that you must link
against /lib/pse.exp, that you must use AIX cc or a GNU C compiler
newer than 2.7.2 and that you may need to run strload before running a
libpcap application.
Read the README.aix file for information on installing libpcap and
configuring your system to be able to support libpcap.
If you use NeXTSTEP, you will not be able to build libpcap from this
release. We hope to support this operating system in some future
release of libpcap.
If you use SINIX, you should be able to build libpcap from this
release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS
V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc
emits incorrect code; if grammar.y fails to compile, change every
occurence of:
#ifdef YYDEBUG
to:
#if YYDEBUG
Another workaround is to use flex and bison.
If you use SCO, you might have trouble building libpcap from this
release. We do not have a machine running SCO and have not had reports
of anyone successfully building on it. Since SCO apparently supports
DLPI, it's possible the current version works. Meanwhile, SCO provides
a tcpdump binary as part of their "Network/Security Tools" package:
http://www.sco.com/technology/internet/goodies/#SECURITY
There is also a README that explains how to enable packet capture.
If you use UnixWare, you will not be able to build libpcap from this
release. We hope to support this operating system in some future
release of libpcap. Meanwhile, there appears to be an UnixWare port of
libpcap 0.0 (and tcpdump 3.0) in:
ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/
UnixWare appears to use a hacked version of DLPI.
If linking tcpdump fails with "Undefined: _alloca" when using bison on
a Sun4, your version of bison is broken. In any case version 1.16 or
higher is recommended (1.14 is known to cause problems 1.16 is known to
work). Either pick up a current version from:
ftp://ftp.gnu.org/pub/gnu/bison
or hack around it by inserting the lines:
#ifdef __GNUC__
#define alloca __builtin_alloca
#else
#ifdef sparc
#include <alloca.h>
#else
char *alloca ();
#endif
#endif
right after the (100 line!) GNU license comment in bison.simple, remove
grammar.[co] and fire up make again.
If you use SunOS 4, your kernel must support streams NIT. If you run a
libpcap program and it dies with:
/dev/nit: No such device
You must add streams NIT support to your kernel configuration, run
config and boot the new kernel.
If you are running a version of SunOS earlier than 4.1, you will need
to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the
appropriate version from this distribution's SUNOS4 subdirectory and
build a new kernel:
nit_if.o.sun3-sunos4 (any flavor of sun3)
nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.)
nit_if.o.sun4-sunos4 (Sun4's not covered by
nit_if.o.sun4c-sunos4.0.3c)
These nit replacements fix a bug that makes nit essentially unusable in
pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you
timestamps to the resolution of the SS-1 clock (1 us) rather than the
lousy 20ms timestamps Sun gives you (tcpdump will print out the full
timestamp resolution if it finds it's running on a SS-1).
FILES
-----
CHANGES - description of differences between releases
FILES - list of files exported as part of the distribution
INSTALL - this file
Makefile.in - compilation rules (input to the configure script)
README - description of distribution
SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules
VERSION - version of this release
aclocal.m4 - autoconf macros
bpf/net - copies of bpf_filter.c and bpf.h
bpf_filter.c - symlink to bpf/net/bpf_filter.c
bpf_image.c - bpf disassembly routine
config.guess - autoconf support
config.sub - autoconf support
configure - configure script (run this first)
configure.in - configure script source
etherent.c - /etc/ethers support routines
ethertype.h - ethernet protocol types and names definitions
gencode.c - bpf code generation routines
gencode.h - bpf code generation definitions
grammar.y - filter string grammar
inet.c - network routines
install-sh - BSD style install script
lbl/gnuc.h - gcc macros and defines
lbl/os-*.h - os dependent defines and prototypes
mkdep - construct Makefile dependency list
nametoaddr.c - hostname to address routines
net - symlink to bpf/net
optimize.c - bpf optimization routines
pcap-bpf.c - BSD Packet Filter support
pcap-dlpi.c - Data Link Provider Interface support
pcap-enet.c - enet support
pcap-int.h - internal libpcap definitions
pcap-namedb.h - public libpcap name database definitions
pcap-nit.c - Network Interface Tap support
pcap-nit.h - Network Interface Tap definitions
pcap-null.c - dummy monitor support (allows offline use of libpcap)
pcap-pf.c - Packet Filter support
pcap-pf.h - Packet Filter definitions
pcap-snit.c - Streams based Network Interface Tap support
pcap-snoop.c - Snoop network monitoring support
pcap.3 - manual entry
pcap.c - pcap utility routines
pcap.h - public libpcap definitions
ppp.h - Point to Point Protocol definitions
savefile.c - offline support
scanner.l - filter string scanner

1161
contrib/libpcap/gencode.c
View File

File diff suppressed because it is too large Load Diff

20
contrib/libpcap/gencode.h
View File

@ -19,7 +19,7 @@
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $FreeBSD$
* @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.60.2.6 2005/09/05 09:08:06 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.60.2.11 2007/06/11 09:52:04 guy Exp $ (LBL)
*/
/*
@ -174,11 +174,16 @@
end-to-end circuits, ILMI circuits or
connection signalling circuit. */
/*MTP3 field types */
#define M_SIO 1
#define M_OPC 2
#define M_DPC 3
#define M_SLS 4
/* MTP2 types */
#define M_FISU 22 /* FISU */
#define M_LSSU 23 /* LSSU */
#define M_MSU 24 /* MSU */
/* MTP3 field types */
#define M_SIO 1
#define M_OPC 2
#define M_DPC 3
#define M_SLS 4
struct slist;
@ -297,6 +302,7 @@ struct block *gen_atmfield_code(int atmfield, bpf_int32 jvalue, bpf_u_int32 jtyp
struct block *gen_atmtype_abbrev(int type);
struct block *gen_atmmulti_abbrev(int type);
struct block *gen_mtp2type_abbrev(int type);
struct block *gen_mtp3field_code(int mtp3field, bpf_u_int32 jvalue, bpf_u_int32 jtype, int reverse);
struct block *gen_pf_ifname(const char *);
@ -316,7 +322,7 @@ char *sdup(const char *);
struct bpf_insn *icode_to_fcode(struct block *, int *);
int pcap_parse(void);
void lex_init(char *);
void lex_init(const char *);
void lex_cleanup(void);
void sappend(struct slist *, struct slist *);

90
contrib/libpcap/grammar.y
View File

@ -23,7 +23,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.86.2.5 2005/09/05 09:08:06 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.86.2.9 2007/09/12 19:17:25 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -53,7 +53,11 @@ struct rtentry;
#include "pcap-int.h"
#include "gencode.h"
#include "pf.h"
#ifdef HAVE_NET_PFVAR_H
#include <net/if.h>
#include <net/pfvar.h>
#include <net/if_pflog.h>
#endif
#include <pcap-namedb.h>
#ifdef HAVE_OS_PROTO_H
@ -69,7 +73,7 @@ int n_errors = 0;
static struct qual qerr = { Q_UNDEF, Q_UNDEF, Q_UNDEF, Q_UNDEF };
static void
yyerror(char *msg)
yyerror(const char *msg)
{
++n_errors;
bpf_error("%s", msg);
@ -86,6 +90,50 @@ pcap_parse()
}
#endif
#ifdef HAVE_NET_PFVAR_H
static int
pfreason_to_num(const char *reason)
{
const char *reasons[] = PFRES_NAMES;
int i;
for (i = 0; reasons[i]; i++) {
if (pcap_strcasecmp(reason, reasons[i]) == 0)
return (i);
}
bpf_error("unknown PF reason");
/*NOTREACHED*/
}
static int
pfaction_to_num(const char *action)
{
if (pcap_strcasecmp(action, "pass") == 0 ||
pcap_strcasecmp(action, "accept") == 0)
return (PF_PASS);
else if (pcap_strcasecmp(action, "drop") == 0 ||
pcap_strcasecmp(action, "block") == 0)
return (PF_DROP);
else {
bpf_error("unknown PF action");
/*NOTREACHED*/
}
}
#else /* !HAVE_NET_PFVAR_H */
static int
pfreason_to_num(const char *reason)
{
bpf_error("libpcap was compiled on a machine without pf support");
/*NOTREACHED*/
}
static int
pfaction_to_num(const char *action)
{
bpf_error("libpcap was compiled on a machine without pf support");
/*NOTREACHED*/
}
#endif /* HAVE_NET_PFVAR_H */
%}
%union {
@ -114,8 +162,9 @@ pcap_parse()
%type <i> atmtype atmmultitype
%type <blk> atmfield
%type <blk> atmfieldvalue atmvalue atmlistvalue
%type <blk> mtp3field
%type <blk> mtp3fieldvalue mtp3value mtp3listvalue
%type <i> mtp2type
%type <blk> mtp3field
%type <blk> mtp3fieldvalue mtp3value mtp3listvalue
%token DST SRC HOST GATEWAY
@ -141,7 +190,8 @@ pcap_parse()
%token OAM OAMF4 CONNECTMSG METACONNECT
%token VPI VCI
%token RADIO
%token SIO OPC DPC SLS
%token FISU LSSU MSU
%token SIO OPC DPC SLS
%type <s> ID
%type <e> EID
@ -262,6 +312,7 @@ rterm: head id { $$ = $2; }
| atmtype { $$.b = gen_atmtype_abbrev($1); $$.q = qerr; }
| atmmultitype { $$.b = gen_atmmulti_abbrev($1); $$.q = qerr; }
| atmfield atmvalue { $$.b = $2.b; $$.q = qerr; }
| mtp2type { $$.b = gen_mtp2type_abbrev($1); $$.q = qerr; }
| mtp3field mtp3value { $$.b = $2.b; $$.q = qerr; }
;
/* protocol level qualifiers */
@ -349,28 +400,10 @@ pfvar: PF_IFNAME ID { $$ = gen_pf_ifname($2); }
;
reason: NUM { $$ = $1; }
| ID { const char *reasons[] = PFRES_NAMES;
int i;
for (i = 0; reasons[i]; i++) {
if (pcap_strcasecmp($1, reasons[i]) == 0) {
$$ = i;
break;
}
}
if (reasons[i] == NULL)
bpf_error("unknown PF reason");
}
| ID { $$ = pfreason_to_num($1); }
;
action: ID { if (pcap_strcasecmp($1, "pass") == 0 ||
pcap_strcasecmp($1, "accept") == 0)
$$ = PF_PASS;
else if (pcap_strcasecmp($1, "drop") == 0 ||
pcap_strcasecmp($1, "block") == 0)
$$ = PF_DROP;
else
bpf_error("unknown PF action");
}
action: ID { $$ = pfaction_to_num($1); }
;
relop: '>' { $$ = BPF_JGT; }
@ -440,6 +473,11 @@ atmfieldvalue: NUM {
atmlistvalue: atmfieldvalue
| atmlistvalue or atmfieldvalue { gen_or($1.b, $3.b); $$ = $3; }
;
/* MTP2 types quantifier */
mtp2type: FISU { $$ = M_FISU; }
| LSSU { $$ = M_LSSU; }
| MSU { $$ = M_MSU; }
;
/* MTP3 field types quantifier */
mtp3field: SIO { $$.mtp3fieldtype = M_SIO; }
| OPC { $$.mtp3fieldtype = M_OPC; }

43
contrib/libpcap/lbl/gnuc.h
View File

@ -1,43 +0,0 @@
/* @(#) $Header: /tcpdump/master/libpcap/lbl/gnuc.h,v 1.3.1.1 1999/10/07 23:46:41 mcr Exp $ (LBL) */
/* Define __P() macro, if necessary */
#ifndef __P
#if __STDC__
#define __P(protos) protos
#else
#define __P(protos) ()
#endif
#endif
/* inline foo */
#ifdef __GNUC__
#define inline __inline
#else
#define inline
#endif
/*
* Handle new and old "dead" routine prototypes
*
* For example:
*
* __dead void foo(void) __attribute__((volatile));
*
*/
#ifdef __GNUC__
#ifndef __dead
#define __dead volatile
#endif
#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
#ifndef __attribute__
#define __attribute__(args)
#endif
#endif
#else
#ifndef __dead
#define __dead
#endif
#ifndef __attribute__
#define __attribute__(args)
#endif
#endif

8
contrib/libpcap/nametoaddr.c
View File

@ -26,7 +26,7 @@
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.77.2.3 2005/04/20 11:13:51 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.77.2.4 2007/06/11 09:52:05 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -278,7 +278,7 @@ pcap_nametoproto(const char *str)
#include "ethertype.h"
struct eproto {
char *s;
const char *s;
u_short p;
};
@ -399,7 +399,7 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
u_int node, area;
if (sscanf((char *)s, "%d.%d", &area, &node) != 2)
if (sscanf(s, "%d.%d", &area, &node) != 2)
bpf_error("malformed decnet address '%s'", s);
*addr = (area << AREASHIFT) & AREAMASK;
@ -485,7 +485,7 @@ pcap_ether_hostton(const char *name)
u_char a[6];
ap = NULL;
if (ether_hostton((char *)name, (struct ether_addr *)a) == 0) {
if (ether_hostton(name, (struct ether_addr *)a) == 0) {
ap = (u_char *)malloc(6);
if (ap != NULL)
memcpy((char *)ap, (char *)a, 6);

13
contrib/libpcap/pcap-bpf.c
View File

@ -22,7 +22,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.86.2.8 2005/07/10 10:55:31 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.86.2.12 2007/06/15 17:57:27 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -525,8 +525,12 @@ static inline int
bpf_open(pcap_t *p, char *errbuf)
{
int fd;
#ifdef HAVE_CLONING_BPF
static const char device[] = "/dev/bpf";
#else
int n = 0;
char device[sizeof "/dev/bpf0000000000"];
#endif
#ifdef _AIX
/*
@ -538,6 +542,12 @@ bpf_open(pcap_t *p, char *errbuf)
return (-1);
#endif
#ifdef HAVE_CLONING_BPF
if ((fd = open(device, O_RDWR)) == -1 &&
(errno != EACCES || (fd = open(device, O_RDONLY)) == -1))
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"(cannot open device) %s: %s", device, pcap_strerror(errno));
#else
/*
* Go through all the minors and find one that isn't in use.
*/
@ -568,6 +578,7 @@ bpf_open(pcap_t *p, char *errbuf)
if (fd < 0)
snprintf(errbuf, PCAP_ERRBUF_SIZE, "(no devices found) %s: %s",
device, pcap_strerror(errno));
#endif
return (fd);
}

37
contrib/libpcap/pcap-int.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* $FreeBSD$
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.68.2.6 2005/07/07 06:56:04 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.68.2.11 2007/06/22 06:43:58 guy Exp $ (LBL)
*/
#ifndef pcap_int_h
@ -44,7 +44,7 @@ extern "C" {
#include <pcap.h>
#ifdef WIN32
#include <packet32.h>
#include <Packet32.h>
#endif /* WIN32 */
#ifdef MSDOS
@ -52,6 +52,19 @@ extern "C" {
#include <io.h>
#endif
/*
* Swap byte ordering of unsigned long long timestamp on a big endian
* machine.
*/
#define SWAPLL(ull) ((ull & 0xff00000000000000LL) >> 56) | \
((ull & 0x00ff000000000000LL) >> 40) | \
((ull & 0x0000ff0000000000LL) >> 24) | \
((ull & 0x000000ff00000000LL) >> 8) | \
((ull & 0x00000000ff000000LL) << 8) | \
((ull & 0x0000000000ff0000LL) << 24) | \
((ull & 0x000000000000ff00LL) << 40) | \
((ull & 0x00000000000000ffLL) << 56)
/*
* Savefile
*/
@ -89,6 +102,7 @@ struct pcap_md {
int ifindex; /* interface index of device we're bound to */
int lo_ifindex; /* interface index of the loopback device */
struct pcap *next; /* list of open promiscuous sock_packet pcaps */
u_int packets_read; /* count of packets read with recvfrom() */
#endif
#ifdef HAVE_DAG_API
@ -111,8 +125,13 @@ struct pcap_md {
/*
* Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
* Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
* Tru64 UNIX, and some versions of NetBSD pad FDDI packets to make everything
* line up on a nice boundary.
*/
#ifdef __NetBSD__
#include <sys/param.h> /* needed to declare __NetBSD_Version__ */
#endif
#if defined(ultrix) || defined(__osf__) || (defined(__NetBSD__) && __NetBSD_Version__ > 106000000)
#define PCAP_FDDIPAD 3
#endif
@ -189,9 +208,13 @@ struct pcap {
};
/*
* This is a timeval as stored in disk in a dumpfile.
* This is a timeval as stored in a savefile.
* It has to use the same types everywhere, independent of the actual
* `struct timeval'
* `struct timeval'; `struct timeval' has 32-bit tv_sec values on some
* platforms and 64-bit tv_sec values on other platforms, and writing
* out native `struct timeval' values would mean files could only be
* read on systems with the same tv_sec size as the system on which
* the file was written.
*/
struct pcap_timeval {
@ -200,7 +223,7 @@ struct pcap_timeval {
};
/*
* How a `pcap_pkthdr' is actually stored in the dumpfile.
* This is a `pcap_pkthdr' as actually stored in a savefile.
*
* Do not change the format of this structure, in any way (this includes
* changes that only affect the length of fields in this structure),
@ -232,7 +255,7 @@ struct pcap_sf_pkthdr {
};
/*
* How a `pcap_pkthdr' is actually stored in dumpfiles written
* How a `pcap_pkthdr' is actually stored in savefiles written
* by some patched versions of libpcap (e.g. the ones in Red
* Hat Linux 6.1 and 6.2).
*

22
contrib/libpcap/pcap.3
View File

@ -1,4 +1,4 @@
.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.64.2.8 2005/09/07 08:29:17 guy Exp $
.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.64.2.11 2007/06/11 09:52:05 guy Exp $
.\"
.\" Copyright (c) 1994, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
@ -79,7 +79,7 @@ u_char *sp)
.ft B
int pcap_compile(pcap_t *p, struct bpf_program *fp,
.ti +8
char *str, int optimize, bpf_u_int32 netmask)
const char *str, int optimize, bpf_u_int32 netmask)
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
void pcap_freecode(struct bpf_program *)
int pcap_setdirection(pcap_t *p, pcap_direction_t d)
@ -118,7 +118,7 @@ int pcap_fileno(pcap_t *p)
int pcap_get_selectable_fd(pcap_t *p);
void pcap_perror(pcap_t *p, char *prefix)
char *pcap_geterr(pcap_t *p)
char *pcap_strerror(int error)
const char *pcap_strerror(int error)
const char *pcap_lib_version(void)
.ft
.LP
@ -1081,6 +1081,11 @@ and type bytes.
Linux-IrDA packets, with a
.B DLT_LINUX_SLL
header followed by the IrLAP header.
.TP 5
.B DLT_LINUX_LAPD
LAPD (Q.921) frames, with a
.B DLT_LINUX_SLL
header captured via vISDN.
.RE
.PP
.B pcap_list_datalinks()
@ -1160,12 +1165,13 @@ or NULL, if a network device was opened with
.BR pcap_open_live() .
.PP
.B pcap_stats()
returns 0 and fills in a
returns 0 and fills in the
.B pcap_stat
struct. The values represent packet statistics from the start of the
run to the time of the call. If there is an error or the underlying
packet capture doesn't support packet statistics, \-1 is returned and
the error text can be obtained with
structure pointed to by its second argument. The values represent
packet statistics from the start of the run to the time of the call. If
there is an error or the underlying packet capture doesn't support
packet statistics, \-1 is returned and the error text can be obtained
with
.B pcap_perror()
or
.BR pcap_geterr() .

25
contrib/libpcap/pcap.h
View File

@ -32,7 +32,7 @@
* SUCH DAMAGE.
*
* $FreeBSD$
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.52.2.5 2005/07/07 02:04:36 guy Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.52.2.7 2007/06/11 09:52:05 guy Exp $ (LBL)
*/
#ifndef lib_pcap_h
@ -41,7 +41,9 @@
#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>
#ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H
#include <pcap-bpf.h>
#endif
#include <stdio.h>
@ -119,9 +121,16 @@ typedef enum {
} pcap_direction_t;
/*
* Each packet in the dump file is prepended with this generic header.
* This gets around the problem of different headers for different
* packet interfaces.
* Generic per-packet information, as supplied by libpcap.
*
* The time stamp can and should be a "struct timeval", regardless of
* whether your system supports 32-bit tv_sec in "struct timeval",
* 64-bit tv_sec in "struct timeval", or both if it supports both 32-bit
* and 64-bit applications. The on-disk format of savefiles uses 32-bit
* tv_sec (and tv_usec); this structure is irrelevant to that. 32-bit
* and 64-bit versions of libpcap, even if they're on the same platform,
* should supply the appropriate version of "struct timeval", even if
* that's not what the underlying packet capture mechanism supplies.
*/
struct pcap_pkthdr {
struct timeval ts; /* time stamp */
@ -222,12 +231,12 @@ int pcap_setnonblock(pcap_t *, int, char *);
void pcap_perror(pcap_t *, char *);
int pcap_inject(pcap_t *, const void *, size_t);
int pcap_sendpacket(pcap_t *, const u_char *, int);
char *pcap_strerror(int);
const char *pcap_strerror(int);
char *pcap_geterr(pcap_t *);
int pcap_compile(pcap_t *, struct bpf_program *, char *, int,
int pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
bpf_u_int32);
int pcap_compile_nopcap(int, int, struct bpf_program *,
char *, int, bpf_u_int32);
const char *, int, bpf_u_int32);
void pcap_freecode(struct bpf_program *);
int pcap_datalink(pcap_t *);
int pcap_list_datalinks(pcap_t *, int **);

77
contrib/libpcap/pf.h
View File

@ -1,77 +0,0 @@
/*
* Copyright (c) 2001 Daniel Hartmeier
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pf.h,v 1.3 2004/04/02 06:33:30 guy Exp $ (LBL)
*/
/* from $OpenBSD: pfvar.h,v 1.170 2003/08/22 21:50:34 david Exp $ */
enum { PF_INOUT=0, PF_IN=1, PF_OUT=2 };
enum { PF_PASS=0, PF_DROP=1, PF_SCRUB=2, PF_NAT=3, PF_NONAT=4,
PF_BINAT=5, PF_NOBINAT=6, PF_RDR=7, PF_NORDR=8, PF_SYNPROXY_DROP=9 };
/* Reasons code for passing/dropping a packet */
#define PFRES_MATCH 0 /* Explicit match of a rule */
#define PFRES_BADOFF 1 /* Bad offset for pull_hdr */
#define PFRES_FRAG 2 /* Dropping following fragment */
#define PFRES_SHORT 3 /* Dropping short packet */
#define PFRES_NORM 4 /* Dropping by normalizer */
#define PFRES_MEMORY 5 /* Dropped due to lacking mem */
#define PFRES_MAX 6 /* total+1 */
#define PFRES_NAMES { \
"match", \
"bad-offset", \
"fragment", \
"short", \
"normalize", \
"memory", \
NULL \
}
#define PF_RULESET_NAME_SIZE 16
/* from $OpenBSD: if_pflog.h,v 1.9 2003/07/15 20:27:27 dhartmei Exp $ */
#ifndef IFNAMSIZ
#define IFNAMSIZ 16
#endif
struct pfloghdr {
u_int8_t length;
u_int8_t af;
u_int8_t action;
u_int8_t reason;
char ifname[IFNAMSIZ];
char ruleset[PF_RULESET_NAME_SIZE];
u_int32_t rulenr;
u_int32_t subrulenr;
u_int8_t dir;
u_int8_t pad[3];
};
#define PFLOG_HDRLEN sizeof(struct pfloghdr)

18
contrib/libpcap/scanner.l
View File

@ -24,7 +24,7 @@
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.99.2.4 2005/09/05 09:08:07 guy Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.99.2.9 2007/06/11 09:52:05 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@ -82,11 +82,11 @@ N ([0-9]+|(0X|0x)[0-9A-Fa-f]+)
B ([0-9A-Fa-f][0-9A-Fa-f]?)
W ([0-9A-Fa-f][0-9A-Fa-f]?[0-9A-Fa-f]?[0-9A-Fa-f]?)
%a 16000
%o 19000
%e 6000
%k 4000
%p 25000
%a 18400
%o 21500
%e 7600
%k 4550
%p 27600
%n 2000
V680 {W}:{W}:{W}:{W}:{W}:{W}:{W}:{W}
@ -289,6 +289,10 @@ srnr|subrulenum return PF_SRNR;
reason return PF_REASON;
action return PF_ACTION;
fisu return FISU;
lssu return LSSU;
lsu return LSSU;
msu return MSU;
sio return SIO;
opc return OPC;
dpc return DPC;
@ -358,7 +362,7 @@ tcp-urg { yylval.i = 0x20; return NUM; }
%%
void
lex_init(buf)
char *buf;
const char *buf;
{
#ifdef FLEX_SCANNER
in_buffer = yy_scan_string(buf);