Merge libpcap 0.6.2

svn path=/head/; revision=75110
2001-04-03 04:32:48 +00:00 · 2001-04-03 04:32:48 +00:00 · 8e1481d144 · 2020-12-20 02:59:44 +00:00
commit 8e1481d144
parent bd053aaff0
11 changed files with 997 additions and 292 deletions
--- a/contrib/libpcap/bpf/net/bpf.h
+++ b/contrib/libpcap/bpf/net/bpf.h
@ -38,7 +38,7 @@
 *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
 *
 * $FreeBSD$
- * @(#) $Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.44 2000/12/21 10:29:24 guy Exp $ (LBL)
 */

 #ifndef BPF_MAJOR_VERSION
@ -151,13 +151,24 @@ struct bpf_hdr {
 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
 * Only the kernel needs to know about it; applications use bh_hdrlen.
 */
-#ifdef KERNEL
+#if defined(KERNEL) || defined(_KERNEL)
 #define SIZEOF_BPF_HDR 18
 #endif

 /*
 * Data-link level type codes.
 */
+
+/*
+ * These are the types that are the same on all platforms; on other
+ * platforms, a <net/bpf.h> should be supplied that defines the additional
+ * DLT_* codes appropriately for that platform (the BSDs, for example,
+ * should not just pick up this version of "bpf.h"; they should also define
+ * the additional DLT_* codes used by their kernels, as well as the values
+ * defined here - and, if the values they use for particular DLT_ types
+ * differ from those here, they should use their values, not the ones
+ * here).
+ */
 #define DLT_NULL	0	/* no link-layer encapsulation */
 #define DLT_EN10MB	1	/* Ethernet (10Mb) */
 #define DLT_EN3MB	2	/* Experimental Ethernet (3Mb) */
@ -169,13 +180,100 @@ struct bpf_hdr {
 #define DLT_SLIP	8	/* Serial Line IP */
 #define DLT_PPP		9	/* Point-to-point Protocol */
 #define DLT_FDDI	10	/* FDDI */
-#define DLT_ATM_RFC1483	11	/* LLC/SNAP encapsulated atm */
-#define DLT_RAW		12	/* raw IP */
-#define DLT_SLIP_BSDOS	13	/* BSD/OS Serial Line IP */
-#define DLT_PPP_BSDOS	14	/* BSD/OS Point-to-point Protocol */

 /*
- * The instruction encondings.
+ * These are values from the traditional libpcap "bpf.h".
+ * Ports of this to particular platforms should replace these definitions
+ * with the ones appropriate to that platform, if the values are
+ * different on that platform.
+ */
+#define DLT_ATM_RFC1483	11	/* LLC/SNAP encapsulated atm */
+#define DLT_RAW		12	/* raw IP */
+
+/*
+ * These are values from BSD/OS's "bpf.h".
+ * These are not the same as the values from the traditional libpcap
+ * "bpf.h"; however, these values shouldn't be generated by any
+ * OS other than BSD/OS, so the correct values to use here are the
+ * BSD/OS values.
+ *
+ * Platforms that have already assigned these values to other
+ * DLT_ codes, however, should give these codes the values
+ * from that platform, so that programs that use these codes will
+ * continue to compile - even though they won't correctly read
+ * files of these types.
+ */
+#define DLT_SLIP_BSDOS	15	/* BSD/OS Serial Line IP */
+#define DLT_PPP_BSDOS	16	/* BSD/OS Point-to-point Protocol */
+
+#define DLT_ATM_CLIP	19	/* Linux Classical-IP over ATM */
+
+/*
+ * This value is defined by NetBSD; other platforms should refrain from
+ * using it for other purposes, so that NetBSD savefiles with a link
+ * type of 50 can be read as this type on all platforms.
+ */
+#define DLT_PPP_SERIAL	50	/* PPP over serial with HDLC encapsulation */
+
+/*
+ * This value was defined by libpcap 0.5; platforms that have defined
+ * it with a different value should define it here with that value -
+ * a link type of 104 in a save file will be mapped to DLT_C_HDLC,
+ * whatever value that happens to be, so programs will correctly
+ * handle files with that link type regardless of the value of
+ * DLT_C_HDLC.
+ *
+ * The name DLT_C_HDLC was used by BSD/OS; we use that name for source
+ * compatibility with programs written for BSD/OS.
+ *
+ * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
+ * for source compatibility with programs written for libpcap 0.5.
+ */
+#define DLT_C_HDLC	104	/* Cisco HDLC */
+#define DLT_CHDLC	DLT_C_HDLC
+
+/*
+ * Reserved for future use.
+ * Do not pick other numerical value for these unless you have also
+ * picked up the tcpdump.org top-of-CVS-tree version of "savefile.c",
+ * which will arrange that capture files for these DLT_ types have
+ * the same "network" value on all platforms, regardless of what
+ * value is chosen for their DLT_ type (thus allowing captures made
+ * on one platform to be read on other platforms, even if the two
+ * platforms don't use the same numerical values for all DLT_ types).
+ */
+#define DLT_IEEE802_11	105	/* IEEE 802.11 wireless */
+
+/*
+ * Values between 106 and 107 are used in capture file headers as
+ * link-layer types corresponding to DLT_ types that might differ
+ * between platforms; don't use those values for new DLT_ new types.
+ */
+
+/*
+ * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
+ * that the AF_ type in the link-layer header is in network byte order.
+ *
+ * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
+ * define it as 108 here.  If OpenBSD picks up this file, it should
+ * define DLT_LOOP as 12 in its version, as per the comment above -
+ * and should not use 108 for any purpose.
+ */
+#define DLT_LOOP	108
+
+/*
+ * Values between 109 and 112 are used in capture file headers as
+ * link-layer types corresponding to DLT_ types that might differ
+ * between platforms; don't use those values for new DLT_ new types.
+ */
+
+/*
+ * This is for Linux cooked sockets.
+ */
+#define DLT_LINUX_SLL	113
+
+/*
+ * The instruction encodings.
 */
 /* instruction classes */
 #define BPF_CLASS(code) ((code) & 0x07)
@ -246,15 +344,29 @@ struct bpf_insn {
 #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
 #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }

-#ifdef KERNEL
-extern u_int bpf_filter();
-extern void bpfattach();
+#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
+/*
+ * Systems based on non-BSD kernels don't have ifnet's (or they don't mean
+ * anything if it is in <net/if.h>) and won't work like this.
+ */
+# if __STDC__
+extern void bpf_tap(struct ifnet *, u_char *, u_int);
+extern void bpf_mtap(struct ifnet *, struct mbuf *);
+extern void bpfattach(struct ifnet *, u_int, u_int);
+extern void bpfilterattach(int);
+# else
 extern void bpf_tap();
 extern void bpf_mtap();
-#else
+extern void bpfattach();
+extern void bpfilterattach();
+# endif /* __STDC__ */
+#endif /* BSD && (_KERNEL || KERNEL) */
 #if __STDC__
+extern int bpf_validate(struct bpf_insn *, int);
 extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
-#endif
+#else
+extern int bpf_validate();
+extern u_int bpf_filter();
 #endif

 /*
--- a/contrib/libpcap/gencode.c
+++ b/contrib/libpcap/gencode.c
--- a/contrib/libpcap/gencode.h
+++ b/contrib/libpcap/gencode.h
@ -19,12 +19,9 @@
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
 * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.37 1999/10/19 15:18:29 itojun Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.47 2000/11/04 10:09:55 guy Exp $ (LBL)
 */

-/*XXX*/
-#include "gnuc.h"
-
 /* Address qualifiers. */

 #define Q_HOST		1
@ -54,6 +51,7 @@
 #define	Q_MOPRC		14
 #define	Q_MOPDL		15

+
 #define Q_IPV6		16
 #define Q_ICMPV6	17
 #define Q_AH		18
@ -61,9 +59,12 @@

 #define Q_PIM		20

-#define Q_ISO		21
-#define Q_ESIS		22
-#define Q_ISIS		23
+#define	Q_AARP		21
+
+#define Q_ISO		22
+#define Q_ESIS		23
+#define Q_ISIS		24
+#define Q_CLNP		25

 /* Directional qualifiers. */

@ -180,11 +181,14 @@ struct block *gen_broadcast(int);
 struct block *gen_multicast(int);
 struct block *gen_inbound(int);

+struct block *gen_vlan(int);
+
 void bpf_optimize(struct block **);
-#if __STDC__
-__dead void bpf_error(const char *, ...)
-    __attribute__((volatile, format (printf, 1, 2)));
+void bpf_error(const char *, ...)
+#if HAVE___ATTRIBUTE__
+    __attribute__((noreturn, format (printf, 1, 2)))
 #endif
+;

 void finish_parse(struct block *);
 char *sdup(const char *);
@ -192,6 +196,7 @@ char *sdup(const char *);
 struct bpf_insn *icode_to_fcode(struct block *, int *);
 int pcap_parse(void);
 void lex_init(char *);
+void lex_cleanup(void);
 void sappend(struct slist *, struct slist *);

 /* XXX */
--- a/contrib/libpcap/grammar.y
+++ b/contrib/libpcap/grammar.y
@ -23,12 +23,17 @@
 */
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.57 1999/10/19 15:18:30 itojun Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.64 2000/10/28 10:18:40 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
 #endif

 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/socket.h>
+#include <stdlib.h>

 #if __STDC__
 struct mbuf;
@ -38,7 +43,6 @@ struct rtentry;
 #include <net/if.h>

 #include <netinet/in.h>
-#include <net/ethernet.h>

 #include <stdio.h>

@ -47,7 +51,6 @@ struct rtentry;
 #include "gencode.h"
 #include <pcap-namedb.h>

-#include "gnuc.h"
 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
 #endif
@ -105,7 +108,7 @@ pcap_parse()
 %token  DST SRC HOST GATEWAY
 %token  NET MASK PORT LESS GREATER PROTO PROTOCHAIN BYTE
 %token  ARP RARP IP TCP UDP ICMP IGMP IGRP PIM
-%token  ATALK DECNET LAT SCA MOPRC MOPDL
+%token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
 %token  LINK
@ -113,8 +116,9 @@ pcap_parse()
 %token	ID EID HID HID6
 %token	LSH RSH
 %token  LEN
-%token  ISO ESIS ISIS
 %token  IPV6 ICMPV6 AH ESP
+%token	VLAN
+%token  ISO ESIS ISIS CLNP

 %type	<s> ID
 %type	<e> EID
@ -161,14 +165,7 @@ nid:	  ID			{ $$.b = gen_scode($1, $$.q = $<blk>0.q); }
 	| HID			{
 				  /* Decide how to parse HID based on proto */
 				  $$.q = $<blk>0.q;
-				  switch ($$.q.proto) {
-				  case Q_DECNET:
-					$$.b = gen_ncode($1, 0, $$.q);
-					break;
-				  default:
-					$$.b = gen_ncode($1, 0, $$.q);
-					break;
-				  }
+				  $$.b = gen_ncode($1, 0, $$.q);
 				}
 	| HID6 '/' NUM		{
 #ifdef INET6
@ -253,6 +250,7 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| IGRP			{ $$ = Q_IGRP; }
 	| PIM			{ $$ = Q_PIM; }
 	| ATALK			{ $$ = Q_ATALK; }
+	| AARP			{ $$ = Q_AARP; }
 	| DECNET		{ $$ = Q_DECNET; }
 	| LAT			{ $$ = Q_LAT; }
 	| SCA			{ $$ = Q_SCA; }
@ -265,6 +263,7 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| ISO			{ $$ = Q_ISO; }
 	| ESIS			{ $$ = Q_ESIS; }
 	| ISIS			{ $$ = Q_ISIS; }
+	| CLNP			{ $$ = Q_CLNP; }
 	;
 other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| pqual TK_MULTICAST	{ $$ = gen_multicast($1); }
@ -273,6 +272,8 @@ other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| BYTE NUM byteop NUM	{ $$ = gen_byteop($3, $2, $4); }
 	| INBOUND		{ $$ = gen_inbound(0); }
 	| OUTBOUND		{ $$ = gen_inbound(1); }
+	| VLAN pnum		{ $$ = gen_vlan($2); }
+	| VLAN			{ $$ = gen_vlan(-1); }
 	;
 relop:	  '>'			{ $$ = BPF_JGT; }
 	| GEQ			{ $$ = BPF_JGE; }
--- a/contrib/libpcap/nametoaddr.c
+++ b/contrib/libpcap/nametoaddr.c
@ -26,7 +26,11 @@

 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.51 1999/11/25 08:25:35 itojun Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.57.2.1 2001/01/17 18:21:56 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
 #endif

 #include <sys/param.h>
@ -34,14 +38,13 @@ static const char rcsid[] =
 #include <sys/socket.h>
 #include <sys/time.h>

-#if __STDC__
 struct mbuf;
 struct rtentry;
-#endif
-
 #include <net/if.h>
-#include <net/ethernet.h>
 #include <netinet/in.h>
+#ifdef HAVE_NETINET_IF_ETHER_H
+#include <netinet/if_ether.h>
+#endif
 #include <arpa/inet.h>
 #ifdef INET6
 #include <netdb.h>
@ -60,7 +63,6 @@ struct rtentry;
 #include "gencode.h"
 #include <pcap-namedb.h>

-#include "gnuc.h"
 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
 #endif
@ -76,7 +78,6 @@ static inline int xdtoi(int);
 *  Convert host name to internet address.
 *  Return 0 upon failure.
 */
-#ifndef INET6
 bpf_u_int32 **
 pcap_nametoaddr(const char *name)
 {
@ -100,9 +101,10 @@ pcap_nametoaddr(const char *name)
 	else
 		return 0;
 }
-#else
+
+#ifdef INET6
 struct addrinfo *
-pcap_nametoaddr(const char *name)
+pcap_nametoaddrinfo(const char *name)
 {
 	struct addrinfo hints, *res;
 	int error;
@ -340,7 +342,7 @@ pcap_ether_hostton(const char *name)
 	register struct pcap_etherent *ep;
 	register u_char *ap;
 	static FILE *fp = NULL;
-	static init = 0;
+	static int init = 0;

 	if (!init) {
 		fp = fopen(PCAP_ETHERS_FILE, "r");
@ -366,6 +368,15 @@ pcap_ether_hostton(const char *name)
 }
 #else

+/*
+ * XXX - perhaps this should, instead, be declared in "lbl/os-XXX.h" files,
+ * for those OS versions that don't declare it, rather than being declared
+ * here?  That way, for example, we could declare it on FreeBSD 2.x (which
+ * doesn't declare it), but not on FreeBSD 3.x (which declares it like
+ * this) or FreeBSD 4.x (which declares it with its first argument as
+ * "const char *", so no matter how we declare it here, it'll fail to
+ * compile on one of 3.x or 4.x).
+ */
 #if !defined(sgi) && !defined(__NetBSD__) && !defined(__FreeBSD__)
 extern int ether_hostton(char *, struct ether_addr *);
 #endif
--- a/contrib/libpcap/nlpid.h
+++ b/contrib/libpcap/nlpid.h
@ -15,7 +15,8 @@
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * @(#) $Header$ (Juniper)
+ * $FreeBSD$
+ * @(#) $Header: /tcpdump/master/libpcap/nlpid.h,v 1.1 2000/10/28 09:30:22 guy Exp $ (Juniper)
 */

 /* Types missing from some systems */
--- a/contrib/libpcap/pcap-int.h
+++ b/contrib/libpcap/pcap-int.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.20 1999/11/21 01:10:20 assar Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.32 2000/12/21 10:29:23 guy Exp $ (LBL)
 */

 #ifndef pcap_int_h
@ -49,6 +49,7 @@ extern "C" {
 struct pcap_sf {
 	FILE *rfile;
 	int swapped;
+	int hdrsize;
 	int version_major;
 	int version_minor;
 	u_char *base;
@ -57,16 +58,21 @@ struct pcap_sf {
 struct pcap_md {
 	struct pcap_stat stat;
 	/*XXX*/
-	int use_bpf;
+	int use_bpf;		/* using kernel filter */
 	u_long	TotPkts;	/* can't oflow for 79 hrs on ether */
 	u_long	TotAccepted;	/* count accepted by filter */
 	u_long	TotDrops;	/* count of dropped packets */
 	long	TotMissed;	/* missed by i/f during this run */
 	long	OrigMissed;	/* missed by i/f before this run */
 #ifdef linux
-	int pad;
-	int skip;
-	char *device;
+	int	sock_packet;	/* using Linux 2.0 compatible interface */
+	int	readlen;	/* byte count to hand to "recvmsg()" */
+	int	timeout;	/* timeout specified to pcap_open_live */
+	int	clear_promisc;	/* must clear promiscuous mode when we close */
+	int	cooked;		/* using SOCK_DGRAM rather than SOCK_RAW */
+	int	lo_ifindex;	/* interface index of the loopback device */
+	char 	*device;	/* device name */
+	struct pcap *next;	/* list of open promiscuous sock_packet pcaps */
 #endif
 };

@ -115,6 +121,28 @@ struct pcap_timeval {

 /*
 * How a `pcap_pkthdr' is actually stored in the dumpfile.
+ *
+ * Do not change the format of this structure, in any way (this includes
+ * changes that only affect the length of fields in this structure),
+ * and do not make the time stamp anything other than seconds and
+ * microseconds (e.g., seconds and nanoseconds).  Instead:
+ *
+ *	introduce a new structure for the new format;
+ *
+ *	send mail to "tcpdump-workers@tcpdump.org", requesting a new
+ *	magic number for your new capture file format, and, when
+ *	you get the new magic number, put it in "savefile.c";
+ *
+ *	use that magic number for save files with the changed record
+ *	header;
+ *
+ *	make the code in "savefile.c" capable of reading files with
+ *	the old record header as well as files with the new record header
+ *	(using the magic number to determine the header format).
+ *
+ * Then supply the changes to "patches@tcpdump.org", so that future
+ * versions of libpcap and programs that use it (such as tcpdump) will
+ * be able to read your new capture file format.
 */

 struct pcap_sf_pkthdr {
@ -123,6 +151,25 @@ struct pcap_sf_pkthdr {
    bpf_u_int32 len;		/* length this packet (off wire) */
 };

+/*
+ * How a `pcap_pkthdr' is actually stored in dumpfiles written
+ * by some patched versions of libpcap (e.g. the ones in Red
+ * Hat Linux 6.1 and 6.2).
+ *
+ * Do not change the format of this structure, in any way (this includes
+ * changes that only affect the length of fields in this structure).
+ * Instead, introduce a new structure, as per the above.
+ */
+
+struct pcap_sf_patched_pkthdr {
+    struct pcap_timeval ts;	/* time stamp */
+    bpf_u_int32 caplen;		/* length of portion present */
+    bpf_u_int32 len;		/* length this packet (off wire) */
+    int		index;
+    unsigned short protocol;
+    unsigned char pkt_type;
+};
+
 int	yylex(void);

 #ifndef min
@ -133,14 +180,30 @@ int	yylex(void);
 int	pcap_offline_read(pcap_t *, int, pcap_handler, u_char *);
 int	pcap_read(pcap_t *, int cnt, pcap_handler, u_char *);

-/* Ultrix pads to make everything line up on a nice boundary */
-#if defined(ultrix) || defined(__alpha) || defined(__NetBSD__)
+/*
+ * Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
+ * Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
+ */
+#if defined(ultrix) || defined(__osf__) || defined(__NetBSD__)
 #define       PCAP_FDDIPAD 3
 #endif

+#ifndef HAVE_STRLCPY
+#define strlcpy(x, y, z) \
+	(strncpy((x), (y), (z)), \
+	 ((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \
+	 strlen((y)))
+#endif
+
+#ifdef linux
+void	pcap_close_linux(pcap_t *);
+#endif
+
 /* XXX */
 extern	int pcap_fddipad;

+int	install_bpf_program(pcap_t *, struct bpf_program *);
+
 #ifdef __cplusplus
 }
 #endif
--- a/contrib/libpcap/pcap-namedb.h
+++ b/contrib/libpcap/pcap-namedb.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.6 1999/10/19 15:18:31 itojun Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.8 2000/07/29 07:36:43 guy Exp $ (LBL)
 */

 #ifndef lib_pcap_ethers_h
@ -40,7 +40,6 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-  

 /*
 * As returned by the pcap_next_etherent()
@ -60,10 +59,9 @@ struct	pcap_etherent *pcap_next_etherent(FILE *);
 u_char *pcap_ether_hostton(const char*);
 u_char *pcap_ether_aton(const char *);

-#ifndef INET6
 bpf_u_int32 **pcap_nametoaddr(const char *);
-#else
-struct addrinfo *pcap_nametoaddr(const char *);
+#ifdef INET6
+struct addrinfo *pcap_nametoaddrinfo(const char *);
 #endif
 bpf_u_int32 pcap_nametonetaddr(const char *);

@ -86,6 +84,5 @@ u_short	__pcap_nametodnaddr(const char *);
 #ifdef __cplusplus
 }
 #endif
-     

 #endif
--- a/contrib/libpcap/pcap.3
+++ b/contrib/libpcap/pcap.3
@ -1,3 +1,5 @@
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.17.2.1 2001/01/18 04:42:11 guy Exp $
+.\"
 .\" Copyright (c) 1994, 1996, 1997
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
@ -18,9 +20,8 @@
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
 .\" $FreeBSD$
-.\" $Id$
 .\"
-.TH PCAP 3  "24 June 1998"
+.TH PCAP 3 "3 January 2001"
 .SH NAME
 pcap \- Packet Capture library
 .SH SYNOPSIS
@ -33,6 +34,7 @@ pcap \- Packet Capture library
 pcap_t *pcap_open_live(char *device, int snaplen,
 .ti +8
 int promisc, int to_ms, char *ebuf)
+pcap_t *pcap_open_dead(int linktype, int snaplen)
 pcap_t *pcap_open_offline(char *fname, char *ebuf)
 pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname)
 .ft
@ -62,6 +64,7 @@ int pcap_compile(pcap_t *p, struct bpf_program *fp,
 .ti +8
 char *str, int optimize, bpf_u_int32 netmask)
 int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
+void pcap_freecode(struct bpf_program *);
 .ft
 .LP
 .ft B
@ -94,25 +97,57 @@ on the network, even those destined for other hosts, are accessible
 through this mechanism.
 .PP
 .SH ROUTINES
+NOTE:
+.I errbuf
+in
+.B pcap_open_live(),
+.B pcap_open_offline(),
+.B pcap_lookupdev(),
+and
+.B pcap_lookupnet()
+is assumed to be able to hold at least
+.B PCAP_ERRBUF_SIZE
+chars.
+.PP
 .B pcap_open_live()
 is used to obtain a packet capture descriptor to look
 at packets on the network.
 .I device
-is a string that specifies the network device to open.
+is a string that specifies the network device to open; on Linux systems
+with 2.2 or later kernels, a
+.I device
+argument of "any" or
+.B NULL
+can be used to capture packets from all interfaces.
 .I snaplen
 specifies the maximum number of bytes to capture.
 .I promisc
 specifies if the interface is to be put into promiscuous mode.
 (Note that even if this parameter is false, the interface
-could well be in promiscuous mode for some other reason.)
+could well be in promiscuous mode for some other reason.)  For now, this
+doesn't work on the "any" device; if an argument of "any" or NULL is
+supplied, the
+.I promisc
+flag is ignored.
 .I to_ms
-specifies the read timeout in milliseconds.
+specifies the read timeout in milliseconds.  The read timeout is used to
+arrange that the read not necessarily return immediately when a packet
+is seen, but that it wait for some amount of time to allow more packets
+to arrive and to read multiple packets from the OS kernel in one
+operation.  Not all platforms support a read timeout; on platforms that
+don't, the read timeout is ignored.
 .I ebuf
 is used to return error text and is only set when
 .B pcap_open_live()
 fails and returns
 .BR NULL .
 .PP
+.B pcap_open_dead()
+is used for creating a
+.B pcap_t
+structure to use when calling the other functions in libpcap.  It is
+typically used when just using libpcap for compiling BPF code.
+.PP
 .B pcap_open_offline()
 is called to open a ``savefile'' for reading.
 .I fname
@ -172,21 +207,22 @@ and
 are
 .I bpf_u_int32
 pointers.
-A return of -1 indicates an error in which case
+A return of \-1 indicates an error in which case
 .I errbuf
 is filled in with an appropriate error message.
 .PP
 .B pcap_dispatch()
 is used to collect and process packets.
 .I cnt
-specifies the maximum number of packets to process before returning. A
+specifies the maximum number of packets to process before returning.
+This is not a minimum number; when reading a live capture, only one
+bufferful of packets is read at a time, so fewer than
 .I cnt
-of -1 processes all the packets received in one buffer. A
+packets may be processed. A
 .I cnt
-of 0 processes all packets until an error occurs,
-.B EOF
-is reached, or the read times out (when doing live reads and a non-zero
-read timeout is specified).
+of \-1 processes all the packets received in one buffer when reading a
+live capture, or all the packets in the file when reading a
+``savefile''.
 .I callback
 specifies a routine to be called with three arguments:
 a
@ -198,56 +234,35 @@ a pointer to the
 struct (which precede the actual network headers and data),
 and a
 .I u_char
-pointer to the packet data. The number of packets read is returned.
-Zero is returned when
-.B EOF
-is reached in a ``savefile.'' A return of -1 indicates
+pointer to the packet data.
+.PP
+The number of packets read is returned.
+0 is returned if no packets were read from a live capture (if, for
+example, they were discarded because they didn't pass the packet filter,
+or if, on platforms that support a read timeout that starts before any
+packets arrive, the timeout expires before any packets arrive, or if the
+file descriptor for the capture device is in non-blocking mode and no
+packets were available to be read) or if no more packets are available
+in a ``savefile.'' A return of \-1 indicates
 an error in which case
 .B pcap_perror()
 or
-.BR pcap_geterr()
+.B pcap_geterr()
 may be used to display the error text.
 .PP
-.B pcap_dump()
-outputs a packet to the ``savefile'' opened with
-.BR pcap_dump_open() .
-Note that its calling arguments are suitable for use with
-.BR pcap_dispatch() .
-.PP
-.B pcap_compile()
-is used to compile the string
-.I str
-into a filter program.
-.I program
-is a pointer to a
-.I bpf_program
-struct and is filled in by
-.BR pcap_compile() .
-.I optimize
-controls whether optimization on the resulting code is performed.
-.I netmask
-specifies the netmask of the local net.
-.PP
-.B pcap_compile_nopcap()
-is similar to
-.B pcap_compile()
-except that instead of passing a pcap structure, one passes the
-snaplen and linktype explicitly.  It is intended to be used for
-compiling filters for direct bpf usage, without necessarily having
-called
-.BR pcap_open() .
-.PP
-.B pcap_setfilter()
-is used to specify a filter program.
-.I fp
-is a pointer to an array of
-.I bpf_program
-struct, usually the result of a call to
-.BR pcap_compile() .
-.B \-1
-is returned on failure;
-.B 0
-is returned on success.
+.BR NOTE :
+when reading a live capture,
+.B pcap_dispatch()
+will not necessarily return when the read times out; on some platforms,
+the read timeout isn't supported, and, on other platforms, the timer
+doesn't start until at least one packet arrives.  This means that the
+read timeout should
+.B NOT
+be used in, for example, an interactive application, to allow the packet
+capture loop to ``poll'' for user input periodically, as there's no
+guarantee that
+.B pcap_dispatch()
+will return after the timeout expires.
 .PP
 .B pcap_loop()
 is similar to
@ -275,6 +290,73 @@ returns a
 .I u_char
 pointer to the next packet.
 .PP
+.B pcap_dump()
+outputs a packet to the ``savefile'' opened with
+.BR pcap_dump_open() .
+Note that its calling arguments are suitable for use with
+.B pcap_dispatch()
+or
+.BR pcap_loop() .
+.PP
+.B pcap_compile()
+is used to compile the string
+.I str
+into a filter program.
+.I program
+is a pointer to a
+.I bpf_program
+struct and is filled in by
+.BR pcap_compile() .
+.I optimize
+controls whether optimization on the resulting code is performed.
+.I netmask
+specifies the netmask of the local net.
+A return of \-1 indicates an error in which case
+.BR pcap_geterr()
+may be used to display the error text.
+.PP
+.B pcap_compile_nopcap()
+is similar to
+.B pcap_compile()
+except that instead of passing a pcap structure, one passes the
+snaplen and linktype explicitly.  It is intended to be used for
+compiling filters for direct BPF usage, without necessarily having
+called
+.BR pcap_open() .
+A return of \-1 indicates an error; the error text is unavailable.
+.RB ( pcap_compile_nopcap()
+is a wrapper around
+.BR pcap_open_dead() ,
+.BR pcap_compile() ,
+and
+.BR pcap_close() ;
+the latter three routines can be used directly in order to get the error
+text for a compilation error.)
+.B
+.PP
+.B pcap_setfilter()
+is used to specify a filter program.
+.I fp
+is a pointer to a
+.I bpf_program
+struct, usually the result of a call to
+.BR pcap_compile() .
+.B \-1
+is returned on failure, in which case
+.BR pcap_geterr()
+may be used to display the error text;
+.B 0
+is returned on success.
+.PP
+.B pcap_freecode()
+is used to free up allocated memory pointed to by a
+.I bpf_program
+struct generated by
+.B pcap_compile()
+when that BPF program is no longer needed, for example after it
+has been made the filter program for a pcap structure by a call to
+.BR pcap_setfilter() .
+.PP
 .B pcap_datalink()
 returns the link layer type, e.g.
 .BR DLT_EN10MB .
@ -304,7 +386,7 @@ returns 0 and fills in a
 .B pcap_stat
 struct. The values represent packet statistics from the start of the
 run to the time of the call. If there is an error or the under lying
-packet capture doesn't support packet statistics, -1 is returned and
+packet capture doesn't support packet statistics, \-1 is returned and
 the error text can be obtained with
 .B pcap_perror()
 or
@ -321,6 +403,13 @@ prefixed by
 .PP
 .B pcap_geterr()
 returns the error text pertaining to the last pcap library error.
+.BR NOTE :
+the pointer it returns will no longer point to a valid error message
+string after the
+.B pcap_t
+passed to it is closed; you must use or copy the string before closing
+the
+.BR pcap_t .
 .PP
 .B pcap_strerror()
 is provided in case
@ -338,15 +427,27 @@ closes the ``savefile.''
 .SH SEE ALSO
 tcpdump(1), tcpslice(1)
 .SH AUTHORS
+The original authors are:
+.LP
 Van Jacobson,
 Craig Leres and
 Steven McCanne, all of the
 Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.
 .LP
-The current version is available via anonymous ftp:
+The current version is available from "The Tcpdump Group"'s Web site at
 .LP
 .RS
-.I ftp://ftp.ee.lbl.gov/libpcap.tar.Z
+.I http://www.tcpdump.org/
 .RE
 .SH BUGS
-Please send bug reports to libpcap@ee.lbl.gov.
+Please send problems, bugs, questions, desirable enhancements, etc. to:
+.LP
+.RS
+tcpdump-workers@tcpdump.org
+.RE
+.LP
+Please send source code contributions, etc. to:
+.LP
+.RS
+patches@tcpdump.org
+.RE
--- a/contrib/libpcap/pcap.h
+++ b/contrib/libpcap/pcap.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.22 1999/12/08 19:54:03 mcr Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.31 2000/10/28 00:01:31 guy Exp $ (LBL)
 */

 #ifndef lib_pcap_h
@ -47,7 +47,6 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-  

 #define PCAP_VERSION_MAJOR 2
 #define PCAP_VERSION_MINOR 4
@ -71,6 +70,34 @@ typedef struct pcap_dumper pcap_dumper_t;
 * of the flags used in the printout phases of tcpdump.
 * Many fields here are 32 bit ints so compilers won't insert unwanted
 * padding; these files need to be interchangeable across architectures.
+ *
+ * Do not change the layout of this structure, in any way (this includes
+ * changes that only affect the length of fields in this structure).
+ *
+ * Also, do not change the interpretation of any of the members of this
+ * structure, in any way (this includes using values other than
+ * LINKTYPE_ values, as defined in "savefile.c", in the "linktype"
+ * field).
+ *
+ * Instead:
+ *
+ *	introduce a new structure for the new format, if the layout
+ *	of the structure changed;
+ *
+ *	send mail to "tcpdump-workers@tcpdump.org", requesting a new
+ *	magic number for your new capture file format, and, when
+ *	you get the new magic number, put it in "savefile.c";
+ *
+ *	use that magic number for save files with the changed file
+ *	header;
+ *
+ *	make the code in "savefile.c" capable of reading files with
+ *	the old file header as well as files with the new file header
+ *	(using the magic number to determine the header format).
+ *
+ * Then supply the changes to "patches@tcpdump.org", so that future
+ * versions of libpcap and programs that use it (such as tcpdump) will
+ * be able to read your new capture file format.
 */
 struct pcap_file_header {
 	bpf_u_int32 magic;
@ -79,7 +106,7 @@ struct pcap_file_header {
 	bpf_int32 thiszone;	/* gmt to local correction */
 	bpf_u_int32 sigfigs;	/* accuracy of timestamps */
 	bpf_u_int32 snaplen;	/* max length saved portion of each pkt */
-	bpf_u_int32 linktype;	/* data link type (DLT_*) */
+	bpf_u_int32 linktype;	/* data link type (LINKTYPE_*) */
 };

 /*
@ -108,6 +135,7 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
 char	*pcap_lookupdev(char *);
 int	pcap_lookupnet(char *, bpf_u_int32 *, bpf_u_int32 *, char *);
 pcap_t	*pcap_open_live(char *, int, int, int, char *);
+pcap_t	*pcap_open_dead(int, int);
 pcap_t	*pcap_open_offline(const char *, char *);
 void	pcap_close(pcap_t *);
 int	pcap_loop(pcap_t *, int, pcap_handler, u_char *);
@ -123,8 +151,7 @@ int	pcap_compile(pcap_t *, struct bpf_program *, char *, int,
 	    bpf_u_int32);
 int	pcap_compile_nopcap(int, int, struct bpf_program *,
 	    char *, int, bpf_u_int32);
-/* XXX */
-int	pcap_freecode(pcap_t *, struct bpf_program *);
+void	pcap_freecode(struct bpf_program *);
 int	pcap_datalink(pcap_t *);
 int	pcap_snapshot(pcap_t *);
 int	pcap_is_swapped(pcap_t *);
@ -141,11 +168,12 @@ void	pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);

 /* XXX this guy lives in the bpf tree */
 u_int	bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
+int	bpf_validate(struct bpf_insn *f, int len);
 char	*bpf_image(struct bpf_insn *, int);
+void	bpf_dump(struct bpf_program *, int);

 #ifdef __cplusplus
 }
 #endif
-     

 #endif
--- a/contrib/libpcap/scanner.l
+++ b/contrib/libpcap/scanner.l
@ -24,7 +24,11 @@

 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.60 1999/11/17 04:09:58 assar Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.70 2000/10/28 10:18:40 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
 #endif

 #include <sys/types.h>
@ -41,10 +45,13 @@ static const char rcsid[] =
 #ifdef INET6
 #include <netdb.h>
 #include <sys/socket.h>
+/* Workaround for AIX 4.3 */
+#if !defined(AI_NUMERICHOST)
+#define AI_NUMERICHOST 0x04
+#endif
 #endif /*INET6*/
 #include "tokdefs.h"

-#include "gnuc.h"
 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
 #endif
@ -54,22 +61,10 @@ static inline int xdtoi(int);

 #ifdef FLEX_SCANNER
 #define YY_NO_UNPUT
-#undef YY_INPUT
-#define YY_INPUT(buf, result, max)\
- {\
-	char *src = in_buffer;\
-	int i;\
-\
-	if (*src == 0)\
-		result = YY_NULL;\
-	else {\
-		for (i = 0; *src && i < max; ++i)\
-			buf[i] = *src++;\
-		in_buffer += i;\
-		result = i;\
-	}\
- }
+static YY_BUFFER_STATE in_buffer;
 #else
+static char *in_buffer;
+
 #undef getc
 #define getc(fp)  (*in_buffer == 0 ? EOF : *in_buffer++)
 #endif
@ -77,8 +72,6 @@ static inline int xdtoi(int);
 #define yylval pcap_lval
 extern YYSTYPE yylval;

-static char *in_buffer;
-
 %}

 N		([0-9]+|(0X|0x)[0-9A-Fa-f]+)
@ -90,6 +83,7 @@ W		([0-9A-Fa-f][0-9A-Fa-f]?[0-9A-Fa-f]?[0-9A-Fa-f]?)
 %e 6000
 %k 4000
 %p 19000
+%n 2000

 V680		{W}:{W}:{W}:{W}:{W}:{W}:{W}:{W}

@ -174,7 +168,7 @@ dst		return DST;
 src		return SRC;

 link|ether|ppp|slip  return LINK;
-fddi		return LINK;
+fddi|tr		return LINK;
 arp		return ARP;
 rarp		return RARP;
 ip		return IP;
@ -191,6 +185,7 @@ ah		return AH;
 esp		return ESP;

 atalk		return ATALK;
+aarp		return AARP;
 decnet		return DECNET;
 lat		return LAT;
 sca		return SCA;
@ -202,6 +197,7 @@ esis		return ESIS;
 es-is		return ESIS;
 isis		return ISIS;
 is-is		return ISIS;
+clnp		return CLNP;

 host		return HOST;
 net		return NET;
@ -232,6 +228,8 @@ len|length	return LEN;
 inbound		return INBOUND;
 outbound	return OUTBOUND;

+vlan		return VLAN;
+
 [ \n\t]			;
 [+\-*/:\[\]!<>()&|=]	return yytext[0];
 ">="			return GEQ;
@ -272,8 +270,24 @@ void
 lex_init(buf)
 	char *buf;
 {
+#ifdef FLEX_SCANNER
+	in_buffer = yy_scan_string(buf);
+#else
 	in_buffer = buf;
-	yyrestart(NULL);
+#endif
+}
+
+/*
+ * Do any cleanup necessary after parsing.
+ */
+void
+lex_cleanup()
+{
+#ifdef FLEX_SCANNER
+	if (in_buffer != NULL)
+		yy_delete_buffer(in_buffer);
+	in_buffer = NULL;
+#endif
 }

 /*
@ -325,4 +339,3 @@ stoi(s)

 	return n;
 }
-