d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Virgin import of tcpdump.org libpcap v0.6.2

Browse Source
This commit is contained in:
Bill Fenner 2001-04-03 04:18:09 +00:00
parent bb63323352
commit dc2c730546
51 changed files with 6287 additions and 1348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
contrib/libpcap/.cvsignore Normal file
View File

@ -0,0 +1,10 @@
config.log
config.cache
config.status
config.h
.devel
Makefile
scanner.c
grammar.c
tokdefs.h
version.c

75
contrib/libpcap/CHANGES
View File

@ -1,11 +1,76 @@
@(#) $Header: /tcpdump/master/libpcap/CHANGES,v 1.48 1999/10/30 23:50:43 itojun Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/CHANGES,v 1.55 2001/01/10 04:10:33 guy Exp $ (LBL)
Sun Oct 19 JST 1999 itojun@iijlab.net
* bring in KAME IPv6/IPsec bpf compiler.
Tuesday January 9, 2001. guy@alum.mit.edu. Summary for 0.6 release
Sometime in 1999
* tcpdump.org imported LBL 0.4
New Linux libpcap implementation, which, in 2.2 and later
kernels, uses PF_PACKET sockets and supports kernel packet
filtering (if compiled into the kernel), and supports the "any"
device for capturing on all interfaces. Cleans up promiscuous
mode better on pre-2.2 kernels, and has various other fixes
(handles 2.4 ARPHRD_IEEE802_TR, handles ISDN devices better,
doesn't show duplicate packets on loopback interface, etc.).
Fixed HP-UX libpcap implementation to correctly get the PPA for
an interface, to allow interfaces to be opened by interface name.
libpcap savefiles have system-independent link-layer type values
in the header, rather than sometimes platform-dependent DLT_
values, to make it easier to exchange capture files between
different OSes.
Non-standard capture files produced by some Linux tcpdumps, e.g.
the one from Red Hat Linux 6.2 and later, can now be read.
Updated autoconf stock files.
Filter expressions can filter on VLAN IDs and various OSI
protocols, and work on Token Ring (with non-source-routed
packets).
"pcap_open_dead()" added to allow compiling filter expressions
to pcap code without opening a capture device or capture file.
Header files fixed to allow use in C++ programs.
Removed dependancy on native headers for packet layout.
Removed Linux specific headers that were shipped.
Security fixes: Strcpy replaced with strlcpy, sprintf replaced
with snprintf.
Fixed bug that could cause subsequent "pcap_compile()"s to fail
erroneously after one compile failed.
Assorted other bug fixes.
README.aix and README.linux files added to describe
platform-specific issues.
"getifaddrs()" rather than SIOCGIFCONF used, if available.
v0.5 Sat Jun 10 11:09:15 PDT 2000
itojun@iijlab.net
- Brought in KAME IPv6/IPsec bpf compiler.
- Fixes for NetBSD.
- Support added for OpenBSD DLT_LOOP and BSD/OS DLT_C_HDLC (Cisco HDLC),
and changes to work around different BSDs having different DLT_ types
with the same numeric value.
Assar Westerlund <assar@sics.se>
- Building outside the source code tree fixed.
- Changed to write out time stamps with 32-bit seconds and microseconds
fields, regardless of whether those fields are 32 bits or 64 bits in
the OS's native "struct timeval".
- Changed "pcap_lookupdev()" to dynamically grow the buffer into which
the list of interfaces is read as necessary in order to hold the
entire list.
Greg Troxel <gdt@ir.bbn.com>
- Added a new "pcap_compile_nopcap()", which lets you compile a filter
expression into a BPF program without having an open live capture or
capture file.
v0.4 Sat Jul 25 12:40:09 PDT 1998
- Fix endian problem with DLT_NULL devices. From FreeBSD via Bill

41
contrib/libpcap/CREDITS
View File

@ -1,15 +1,36 @@
This file lists people who contributed to libpcap or tcpdump:
Bill Fenner <fenner@research.att.com>
Assar Westerlund <assar@sics.se>
Alexei <kuznet@ms2.inr.ac.ru>
Jun-ichiro itojun Hagino <itojun@iijlab.net>
Guy Harris <gharris@flashcom.net>
Torsten Landschoff <t.landschoff@gmx.net>
Michael Richardson <mcr@sandelman.ottawa.on.ca>
This file lists people who have contributed to libpcap:
The current maintainers:
Bill Fenner <fenner@research.att.com>
Assar Westerlund <assar@sics.se>
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Jun-ichiro itojun Hagino <itojun@iijlab.net>
Guy Harris <guy@alum.mit.edu>
Torsten Landschoff <torsten@debian.org>
Michael Richardson <mcr@sandelman.ottawa.on.ca>
Sebastian Krahmer <krahmer@cs.uni-potsdam.de>
Additional people who have contributed patches:
Arkadiusz Miskiewicz <misiek@pld.org.pl>
Fulvio Risso <risso@polito.it>
Charles M. Hannum <mycroft@netbsd.org>
Chris G. Demetriou <cgd@netbsd.org>
Darren Reed <darrenr@reed.wattle.id.au>
Greg Troxel <gdt@ir.bbn.com>
Jefferson Ogata <jogata@nodc.noaa.gov>
Juergen Schoenwaelder <schoenw@ibr.cs.tu-bs.de>
Lorenzo Cavallaro <sullivan@sikurezza.org>
Love Hörnquist-Åstrand <lha@stacken.kth.se>
Monroe Williams <monroe@pobox.com>
Olaf Kirch <okir@caldera.de>
Peter Jeremy <peter.jeremy@alcatel.com.au>
Rafal Maszkowski <rzm@icm.edu.pl>
Rick Jones <raj@cup.hp.com>
Tony Li <tli@jnx.com>
Uwe Girlich <Uwe.Girlich@philosys.de>
The original LBL crew:
Steve McCanne
Craig Leres
Van Jacobson

16
contrib/libpcap/FILES
View File

@ -1,15 +1,23 @@
CHANGES
CREDITS
FILES
INSTALL
LICENSE
Makefile.in
README
SUNOS4
README.aix
README.linux
SUNOS4/nit_if.o.sparc
SUNOS4/nit_if.o.sun3
SUNOS4/nit_if.o.sun4c.4.0.3c
VERSION
aclocal.m4
bpf/net/bpf.h
bpf/net/bpf_filter.c
bpf_dump.c
bpf_image.c
config.guess
config.h.in
config.sub
configure
configure.in
@ -20,14 +28,13 @@ gencode.h
grammar.y
inet.c
install-sh
lbl/gnuc.h
lbl/os-osf4.h
lbl/os-solaris2.h
lbl/os-sunos4.h
lbl/os-ultrix4.h
linux-include/netinet/if_ether.h
linux-include/netinet/ip_var.h
mkdep
nametoaddr.c
nlpid.h
optimize.c
pcap-bpf.c
pcap-dlpi.c
@ -48,3 +55,4 @@ pcap.h
ppp.h
savefile.c
scanner.l
sll.h

124
contrib/libpcap/INSTALL
View File

@ -1,13 +1,12 @@
@(#) $Header: /tcpdump/master/libpcap/INSTALL,v 1.42.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/INSTALL,v 1.46 2000/12/16 09:05:11 guy Exp $ (LBL)
To build libpcap, first customize any paths in Makefile.in, then run
"./configure" (a shell script). The configure script will determine
your system attributes and generate an appropriate Makefile from
Makefile.in. Next run "make". If everything goes well you can su to
root and run "make install", "make install-incl" and "make
install-man". However, you need not install libpcap if you just want to
build tcpdump; just make sure the tcpdump and libpcap directory trees
have the same parent directory.
To build libpcap, run "./configure" (a shell script). The configure
script will determine your system attributes and generate an
appropriate Makefile from Makefile.in. Next run "make". If everything
goes well you can su to root and run "make install". However, you need
not install libpcap if you just want to build tcpdump; just make sure
the tcpdump and libpcap directory trees have the same parent
directory.
If configure says:
@ -34,18 +33,7 @@ You will need an ANSI C compiler to build libpcap. The configure script
will abort if your compiler is not ANSI compliant. If this happens, use
the GNU C compiler, available via anonymous ftp:
ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz
Note well: If you use gcc, you may need to run its "fixincludes"
script. Running fixincludes is not required with later versions of gcc
and in some cases (e.g. Solaris 2.5) causes problems when run. The
configure script will abort with:
checking for ANSI ioctl definitions... yes
configure: error: see the INSTALL for more info
if it detects if the fixincludes needs to be run. If the fixincludes
test in configure passes, you're probably ok.
ftp://ftp.gnu.org/pub/gnu/gcc/
If you use flex, you must use version 2.4.6 or higher. The configure
script automatically detects the version of flex and will not use it
@ -122,11 +110,15 @@ If you get an error like:
when using DLPI, look for the DL_ERROR_ACK error return values, usually
in /usr/include/sys/dlpi.h, and find the corresponding value.
Under OSF, packet capture must be enabled before it can be used. For
instructions on how to enable packet filter support, see:
Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be
enabled before it can be used. For instructions on how to enable packet
filter support, see:
ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX
Look for the "How do I configure the Berkeley Packet Filter and capture
tcpdump traces?" item.
Once you enable packet filter support, your OSF system will support bpf
natively.
@ -147,53 +139,76 @@ then you don't have the streams package. In addition, we believe you
need to install the "9.X LAN and DLPI drivers cumulative" patch
(PHNE_6855) to make the version 9 DLPI work with libpcap.
It's been reported that the DLPI streams package is standard starting
with HP-UX 10.
The DLPI streams package is standard starting with HP-UX 10.
The HP implementation of DLPI is a little bit eccentric. Unlike
Solaris, you must attach /dev/dlpi instead of the specific /dev/*
network pseudo device entry in order to capture packets. The ppa is
network pseudo device entry in order to capture packets. The PPA is
based on the ifnet "index" number. Under HP-UX 9, it is necessary to
read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,
dlpi can provide information for determining the ppa. It does not seem
DLPI can provide information for determining the PPA. It does not seem
to be possible to trace the loopback interface. Unlike other DLPI
implementations, PHYS implies MULTI and SAP and you get an error if you
try to enable more than one promiscous more than one promiscuous mode
at a time. Finally, testing shows that there can't be more than one
simultaneous dlpi user per network interface and you cannot capture
outbound packets.
try to enable more than one promiscuous mode at a time.
It is impossible to capture outbound packets on HP-UX 9. To do so on
HP-UX 10, you will, apparently, need a late "LAN products cumulative
patch" (at one point, it was claimed that this would be PHNE_18173 for
s700/10.20; at another point, it was claimed that the required patches
were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do
so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI
patches and the latest driver patch for the interface(s) in use on HP-UX
11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826,
PHNE_20008, and PHNE_20735 did the trick).
Furthermore, on HP-UX 10, you will need to turn on a kernel switch by
doing
echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem
You would have to arrange that this happen on reboots; the right way to
do that would probably be to put it into an executable script file
"/sbin/init.d/outbound_promisc" and making
"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script.
Finally, testing shows that there can't be more than one simultaneous
DLPI user per network interface.
If you use Linux, this version of libpcap is known to compile and run
under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X
versions but is guaranteed not to work with 1.X kernels. Running more
than one libpcap program at a time can cause problems since promiscuous
mode is implemented by twiddlin the interface flags from the libpcap
application. Also, packet timestamps aren't very good. This appears to
be due to haphazard handling of the timestamp in the kernel.
under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X
versions but is guaranteed not to work with 1.X kernels. Running more
than one libpcap program at a time, on a system with a 2.0.X kernel, can
cause problems since promiscuous mode is implemented by twiddling the
interface flags from the libpcap application; the packet capture
mechanism in the 2.2 and later kernels doesn't have this problem. Also,
packet timestamps aren't very good. This appears to be due to haphazard
handling of the timestamp in the kernel.
Note well: there is rumoured to be a version of tcpdump floating around
called 3.0.3 that includes libpcap and is supposed to support Linux.
You should be advised that the Network Research Group at LBNL never
generated a release with this version number. We note with interest
that a standard cracker trick to get people to install trojans is to
distribute bogus packages that have a version number higher than the
current release. We also note with annoyance that 90% of the Linux
related bug reports we get are due to changes made to unofficial
versions of our page. If you are having trouble but aren't using a
version that came from ftp.ee.lbl.gov, please try that before
submitting a bug report!
called 3.0.3 that includes libpcap and is supposed to support Linux.
You should be advised that neither the Network Research Group at LBNL
nor the Tcpdump Group ever generated a release with this version number.
The LBNL Network Research Group notes with interest that a standard
cracker trick to get people to install trojans is to distribute bogus
packages that have a version number higher than the current release.
They also noted with annoyance that 90% of the Linux related bug reports
they got are due to changes made to unofficial versions of their page.
If you are having trouble but aren't using a version that came from
tcpdump.org, please try that before submitting a bug report!
On Linux, libpcap will not work if the kernel does not have the packet
socket option enabled; see the README.linux file for information about
this.
If you use AIX, you may not be able to build libpcap from this release.
Although AIX 4 ships with tcpdump, it is an old version that predates
libpcap. We do not have an AIX system in house so it's impossible for
us to test AIX patches submitted to us. We are told that you must link
against /lib/pse.exp, that you must use AIX cc or a GNU C compiler
newer than 2.7.2 and that you may need to run strload before running a
libpcap application. Also, it may be necessary to run the configure
script as root in order for it to detect that bpf is available. Another
workaround is to use:
libpcap application.
./configure --with-pcap=bpf
Read the README.aix file for information on installing libpcap and
configuring your system to be able to support libpcap.
If you use NeXTSTEP, you will not be able to build libpcap from this
release. We hope to support this operating system in some future
@ -215,7 +230,7 @@ Another workaround is to use flex and bison.
If you use SCO, you might have trouble building libpcap from this
release. We do not have a machine running SCO and have not had reports
of anyone successfully building on it. Since SCO apparently supports
dlpi, it's possible the current version works. Meanwhile, sco provides
DLPI, it's possible the current version works. Meanwhile, SCO provides
a tcpdump binary as part of their "Network/Security Tools" package:
http://www.sco.com/technology/internet/goodies/#SECURITY
@ -236,7 +251,7 @@ a Sun4, your version of bison is broken. In any case version 1.16 or
higher is recommended (1.14 is known to cause problems 1.16 is known to
work). Either pick up a current version from:
ftp://prep.ai.mit.edu/pub/gnu/bison.tar.gz
ftp://ftp.gnu.org/pub/gnu/bison
or hack around it by inserting the lines:
@ -303,7 +318,6 @@ inet.c - network routines
install-sh - BSD style install script
lbl/gnuc.h - gcc macros and defines
lbl/os-*.h - os dependent defines and prototypes
linux-include/* - network include files missing on Linux
mkdep - construct Makefile dependency list
nametoaddr.c - hostname to address routines
net - symlink to bpf/net

19
contrib/libpcap/LICENSE Normal file
View File

@ -0,0 +1,19 @@
License: BSD
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The names of the authors may not be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

73
contrib/libpcap/Makefile.in
View File

@ -17,7 +17,7 @@
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.75 1999/10/30 05:33:45 itojun Exp $ (LBL)
# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.87.2.1 2001/01/18 04:06:24 guy Exp $ (LBL)
#
# Various configurable paths (remember to edit Makefile.in, not Makefile)
@ -27,11 +27,11 @@
prefix = @prefix@
exec_prefix = @exec_prefix@
# Pathname of directory to install the include files
INCLDEST = @includedir@
includedir = @includedir@
# Pathname of directory to install the library
LIBDEST = @libdir@
libdir = @libdir@
# Pathname of directory to install the man page
MANDEST = @mandir@
mandir = @mandir@
# VPATH
srcdir = @srcdir@
@ -50,7 +50,9 @@ DEFS = @DEFS@
CFLAGS = $(CCOPT) $(INCLS) $(DEFS)
INSTALL = @INSTALL@
RANLIB = @V_RANLIB@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
RANLIB = @RANLIB@
#
# Flex and bison allow you to specify the prefixes of the global symbols
@ -69,14 +71,15 @@ YACC = @V_YACC@
PSRC = pcap-@V_PCAP@.c
CSRC = pcap.c inet.c gencode.c optimize.c nametoaddr.c \
etherent.c savefile.c bpf_filter.c bpf_image.c
etherent.c savefile.c bpf_filter.c bpf_image.c bpf_dump.c
GENSRC = scanner.c grammar.c version.c
LIBOBJS = @LIBOBJS@
SRC = $(PSRC) $(CSRC) $(GENSRC)
# We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot
# hack the extra indirection
OBJ = $(PSRC:.c=.o) $(CSRC:.c=.o) $(GENSRC:.c=.o)
OBJ = $(PSRC:.c=.o) $(CSRC:.c=.o) $(GENSRC:.c=.o) # $(LIBOBJS)
HDR = pcap.h pcap-int.h pcap-namedb.h pcap-nit.h pcap-pf.h \
ethertype.h gencode.h gnuc.h
GENHDR = \
@ -118,42 +121,59 @@ grammar.o: grammar.c
version.o: version.c
$(CC) $(CFLAGS) -c version.c
snprintf.o: $(srcdir)/../tcpdump/missing/snprintf.c
$(CC) $(CFLAGS) -o $@ -c $(srcdir)/../tcpdump/missing/snprintf.c
version.c: $(srcdir)/VERSION
@rm -f $@
sed -e 's/.*/char pcap_version[] = "&";/' $(srcdir)/VERSION > $@
bpf_filter.o: $(srcdir)/bpf/net/bpf_filter.c
$(CC) $(CFLAGS) -c $(srcdir)/bpf/net/bpf_filter.c -o bpf_filter.o
bpf_filter.c: $(srcdir)/bpf/net/bpf_filter.c
rm -f bpf_filter.c
ln -s $(srcdir)/bpf/net/bpf_filter.c bpf_filter.c
install: force
$(INSTALL) -m 444 -o bin -g bin libpcap.a $(DESTDIR)$(LIBDEST)/libpcap.a
$(RANLIB) $(DESTDIR)$(LIBDEST)/libpcap.a
bpf_filter.o: bpf_filter.c
$(CC) $(CFLAGS) -c bpf_filter.c
install-incl: force
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap.h \
$(DESTDIR)$(INCLDEST)/pcap.h
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap-namedb.h \
$(DESTDIR)$(INCLDEST)/pcap-namedb.h
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/bpf/net/bpf.h \
$(DESTDIR)$(INCLDEST)/net/bpf.h
install:
[ -d $(DESTDIR)$(libdir) ] || \
(mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
$(INSTALL_DATA) libpcap.a $(DESTDIR)$(libdir)/libpcap.a
$(RANLIB) $(DESTDIR)$(libdir)/libpcap.a
[ -d $(DESTDIR)$(includedir) ] || \
(mkdir -p $(DESTDIR)$(includedir); chmod 755 $(DESTDIR)$(includedir))
$(INSTALL_DATA) $(srcdir)/pcap.h $(DESTDIR)$(includedir)/pcap.h
$(INSTALL_DATA) $(srcdir)/pcap-namedb.h \
$(DESTDIR)$(includedir)/pcap-namedb.h
[ -d $(DESTDIR)$(includedir)/net ] || \
(mkdir -p $(DESTDIR)$(includedir)/net; chmod 755 $(DESTDIR)$(includedir)/net)
$(INSTALL_DATA) $(srcdir)/bpf/net/bpf.h \
$(DESTDIR)$(includedir)/net/bpf.h
[ -d $(DESTDIR)$(mandir)/man3 ] || \
(mkdir -p $(DESTDIR)$(mandir)/man3; chmod 755 $(DESTDIR)$(mandir)/man3)
$(INSTALL_DATA) $(srcdir)/pcap.3 \
$(DESTDIR)$(mandir)/man3/pcap.3
install-man: force
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap.3 \
$(DESTDIR)$(MANDEST)/man3/pcap.3
uninstall:
rm -f $(DESTDIR)$(libdir)/libpcap.a
rm -f $(DESTDIR)$(includedir)/pcap.h
rm -f $(DESTDIR)$(includedir)/pcap-namedb.h
rm -f $(DESTDIR)$(includedir)/net/bpf.h
rm -f $(DESTDIR)$(mandir)/man3/pcap.3
clean:
rm -f $(CLEANFILES)
distclean:
rm -f $(CLEANFILES) Makefile config.cache config.log config.status \
gnuc.h os-proto.h net
config.h gnuc.h os-proto.h net bpf_filter.c stamp-h stamp-h.in
tags: $(TAGFILES)
ctags -wtd $(TAGFILES)
tar: force
tar:
@cwd=`pwd` ; dir=`basename $$cwd` ; name=libpcap-`cat VERSION` ; \
list="" ; tar="tar chFFf" ; \
list="" ; tar="tar chf" ; \
for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \
echo \
"rm -f ../$$name; ln -s $$dir ../$$name" ; \
@ -165,6 +185,5 @@ tar: force
"rm -f ../$$name" ; \
rm -f ../$$name
force: /tmp
depend: $(GENSRC) force
depend: $(GENSRC) bpf_filter.c
./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC)

42
contrib/libpcap/README
View File

@ -1,10 +1,24 @@
@(#) $Header: /tcpdump/master/libpcap/README,v 1.18.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)
@(#) $Header: /tcpdump/master/libpcap/README,v 1.22 2000/07/13 06:24:14 guy Exp $ (LBL)
LIBPCAP 0.4
Lawrence Berkeley National Laboratory
Network Research Group
libpcap@ee.lbl.gov
ftp://ftp.ee.lbl.gov/libpcap.tar.Z
LIBPCAP 0.5
Now maintained by "The Tcpdump Group"
See www.tcpdump.org
Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
Anonymous CVS is available via:
cvs -d cvs.tcpdump.org:/tcpdump/master login
(password "anoncvs")
cvs -d cvs.tcpdump.org:/tcpdump/master checkout libpcap
Version 0.5 of LIBPCAP can be retrived with the CVS tag "libpcap_0_5":
cvs -d cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_0_5 libpcap
Please send patches against the master copy to patches@tcpdump.org.
formerly from Lawrence Berkeley National Laboratory
Network Research Group <libpcap@ee.lbl.gov>
ftp://ftp.ee.lbl.gov/libpcap.tar.Z (0.4)
This directory contains source code for libpcap, a system-independent
interface for user-level packet capture. libpcap provides a portable
@ -33,17 +47,19 @@ added overhead (especially, for selective filters). Ideally, libpcap
would translate BPF filters into a filter program that is compatible
with the underlying kernel subsystem, but this is not yet implemented.
BPF is standard in 4.4BSD, BSD/386, NetBSD, and FreeBSD. DEC OSF/1
BPF is standard in 4.4BSD, BSD/OS, NetBSD, FreeBSD, and OpenBSD. DEC OSF/1
uses the packetfilter interface but has been extended to accept BPF
filters (which libpcap utilizes). Also, you can add BPF filter support
to Ultrix using the kernel source and/or object patches available in:
ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z.
Problems, bugs, questions, desirable enhancements, source code
contributions, etc., should be sent to the email address
"libpcap@ee.lbl.gov".
Problems, bugs, questions, desirable enhancements, etc.
should be sent to the address "tcpdump-workers@tcpdump.org".
- Steve McCanne
Craig Leres
Van Jacobson
Source code contributions, etc. should be sent to the email address
"patches@tcpdump.org".
Current versions can be found at www.tcpdump.org
- The TCPdump team

46
contrib/libpcap/README.aix Normal file
View File

@ -0,0 +1,46 @@
(1) To configure libpcap under AIX 4.x, you should use DLPI instead
of BPF, since IBM's version of BPF includes some undocumented
and unsupported changes to the original BPF.
This can be done by specifying the flag:
--with-pcap=dlpi
to the "configure" script for libpcap.
(2) Also, it is a good idea to have the latest version of the DLPI
driver on your system, since certain versions may be buggy and
cause your AIX system to crash. DLPI is included in the
fileset bos.rte.tty. I found that the DLPI driver that came with
AIX 4.3.2 was buggy, and had to upgrade to bos.rte.tty 4.3.2.4:
lslpp -l bos.rte.tty
bos.rte.tty 4.3.2.4 COMMITTED Base TTY Support and Commands
Updates for AIX filesets can be obtained from:
ftp://service.software.ibm.com/aix/fixes/
These updates can be installed with the smit program.
(3) After compiling libpcap, you need to make sure that the DLPI driver
is loaded. Type:
strload -q -d dlpi
If the result is:
dlpi: yes
then the DLPI driver is loaded correctly.
If it is:
dlpi: no
Then you need to type:
strload -f /etc/dlpi.conf
Check again with strload -q -d dlpi that the dlpi driver is loaded.
Alternatively, you can uncomment the lines for DLPI in
/etc/pse.conf and reboot the machine; this way DLPI will always
be loaded when you boot your system.

70
contrib/libpcap/README.linux Normal file
View File

@ -0,0 +1,70 @@
In order for libpcap to be able to capture packets on a Linux system,
the "packet" protocol must be supported by your kernel. If it is not,
you may get error messages such as
modprobe: can't locate module net-pf-17
in "/var/adm/messages", or may get messages such as
socket: Address family not supported by protocol
from applications using libpcap.
You must configure the kernel with the CONFIG_PACKET option for this
protocol; the following note is from the Linux "Configure.help" file for
the 2.0[.x] kernel:
Packet socket
CONFIG_PACKET
The Packet protocol is used by applications which communicate
directly with network devices without an intermediate network
protocol implemented in the kernel, e.g. tcpdump. If you want them
to work, choose Y.
This driver is also available as a module called af_packet.o ( =
code which can be inserted in and removed from the running kernel
whenever you want). If you want to compile it as a module, say M
here and read Documentation/modules.txt; if you use modprobe or
kmod, you may also want to add "alias net-pf-17 af_packet" to
/etc/modules.conf.
and the note for the 2.2[.x] kernel says:
Packet socket
CONFIG_PACKET
The Packet protocol is used by applications which communicate
directly with network devices without an intermediate network
protocol implemented in the kernel, e.g. tcpdump. If you want them
to work, choose Y. This driver is also available as a module called
af_packet.o ( = code which can be inserted in and removed from the
running kernel whenever you want). If you want to compile it as a
module, say M here and read Documentation/modules.txt. You will
need to add 'alias net-pf-17 af_packet' to your /etc/conf.modules
file for the module version to function automatically. If unsure,
say Y.
In addition, there is an option that, in 2.2 and later kernels, will
allow packet capture filters specified to programs such as tcpdump to be
executed in the kernel, so that packets that don't pass the filter won't
be copied from the kernel to the program, rather than having all packets
copied to the program and libpcap doing the filtering in user mode.
Copying packets from the kernel to the program consumes a significant
amount of CPU, so filtering in the kernel can reduce the overhead of
capturing packets if a filter has been specified that discards a
significant number of packets. (If no filter is specified, it makes no
difference whether the filtering isn't performed in the kernel or isn't
performed in user mode. :-))
The option for this is the CONFIG_FILTER option; the "Configure.help"
file says:
Socket filtering
CONFIG_FILTER
The Linux Socket Filter is derived from the Berkeley Packet Filter.
If you say Y here, user-space programs can attach a filter to any
socket and thereby tell the kernel that it should allow or disallow
certain types of data to get through the socket. Linux Socket
Filtering works on all socket types except TCP for now. See the text
file linux/Documentation/networking/filter.txt for more information.
If unsure, say N.

38
contrib/libpcap/TODO Normal file
View File

@ -0,0 +1,38 @@
TODO list for libpcap
=======================
Important stuff (to be done before the next release)
---------------
General
- configure should not be in the CVS. Most open source projects have an
autogen.sh script to run autoconf etc. after checkout. I think we
should stick to the standard.
- The source files should be better documented. There is no official
design guideline what is done where. There should be a common coding
style (okay, you can guess that bye looking at the code) and a guideline
what needs to be documented.
Linux kernel interface
- Currently there is a race condition in that a socket is activated at the
same time when it is opened - before applying a filter. This has to
be corrected so that capture starts when pcap_read is called for the
first time.
Less urgent items
-----------------
- Better documentation and cleanup of the interface. I am seeing a few
problems at the first glance which needs fixing:
+ pcap_lookupnet makes little to no sense with protocols != IPv4
+ not very suited for interactive programs (think ethereal). There should
be a way for the application to get a file descriptor which it has to
monitor and a callback in pcap which has to be called on activity
+ too many functions. There are a lot of functions for everything which
violates the KISS principle. Why do we need pcap_strerror, pcap_perror
and pcap_geterr?
+ the manpage has a brief description of each function but where is the
big picture? Seems like you need to buy UNP for that...

2
contrib/libpcap/VERSION
View File

@ -1 +1 @@
0.5
0.6

87
contrib/libpcap/aclocal.m4 vendored
View File

@ -1,4 +1,4 @@
dnl @(#) $Header: /tcpdump/master/libpcap/aclocal.m4,v 1.66 1999/10/30 04:41:48 itojun Exp $ (LBL)
dnl @(#) $Header: /tcpdump/master/libpcap/aclocal.m4,v 1.71 2000/09/19 03:56:26 guy Exp $ (LBL)
dnl
dnl Copyright (c) 1995, 1996, 1997, 1998
dnl The Regents of the University of California. All rights reserved.
@ -118,7 +118,7 @@ AC_DEFUN(AC_LBL_C_INIT,
fi
CFLAGS="$savedcflags"
V_CCOPT="-Aa $V_CCOPT"
AC_DEFINE(_HPUX_SOURCE)
AC_DEFINE(_HPUX_SOURCE,1,[needed on HP-UX])
;;
*)
@ -246,14 +246,14 @@ AC_DEFUN(AC_LBL_TYPE_SIGNAL,
[AC_BEFORE([$0], [AC_LBL_LIBPCAP])
AC_TYPE_SIGNAL
if test "$ac_cv_type_signal" = void ; then
AC_DEFINE(RETSIGVAL,)
AC_DEFINE(RETSIGVAL,[],[return value of signal handlers])
else
AC_DEFINE(RETSIGVAL,(0))
AC_DEFINE(RETSIGVAL,(0),[return value of signal handlers])
fi
case "$target_os" in
irix*)
AC_DEFINE(_BSD_SIGNALS)
AC_DEFINE(_BSD_SIGNALS,1,[get BSD semantics on Irix])
;;
*)
@ -384,9 +384,9 @@ AC_DEFUN(AC_LBL_UNION_WAIT,
ac_cv_lbl_union_wait=yes))
AC_MSG_RESULT($ac_cv_lbl_union_wait)
if test $ac_cv_lbl_union_wait = yes ; then
AC_DEFINE(DECLWAITSTATUS,union wait)
AC_DEFINE(DECLWAITSTATUS,union wait,[type for wait])
else
AC_DEFINE(DECLWAITSTATUS,int)
AC_DEFINE(DECLWAITSTATUS,int,[type for wait])
fi])
dnl
@ -411,7 +411,41 @@ AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
ac_cv_lbl_sockaddr_has_sa_len=no))
AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len)
if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then
AC_DEFINE(HAVE_SOCKADDR_SA_LEN)
AC_DEFINE(HAVE_SOCKADDR_SA_LEN,1,[if struct sockaddr has sa_len])
fi])
dnl
dnl Checks to see if the dl_hp_ppa_info_t struct has the HP-UX 11.00
dnl dl_module_id_1 member
dnl
dnl usage:
dnl
dnl AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1
dnl
dnl results:
dnl
dnl HAVE_HP_PPA_INFO_T_DL_MODULE_ID_1 (defined)
dnl
dnl NOTE: any compile failure means we conclude that it doesn't have
dnl that member, so if we don't have DLPI, don't have a <sys/dlpi_ext.h>
dnl header, or have one that doesn't declare a dl_hp_ppa_info_t type,
dnl we conclude it doesn't have that member (which is OK, as either we
dnl won't be using code that would use that member, or we wouldn't
dnl compile in any case).
dnl
AC_DEFUN(AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1,
[AC_MSG_CHECKING(if dl_hp_ppa_info_t struct has dl_module_id_1 member)
AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
AC_TRY_COMPILE([
# include <sys/types.h>
# include <sys/dlpi.h>
# include <sys/dlpi_ext.h>],
[u_int i = sizeof(((dl_hp_ppa_info_t *)0)->dl_module_id_1)],
ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1=yes,
ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1=no))
AC_MSG_RESULT($ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1)
if test $ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1 = yes ; then
AC_DEFINE(HAVE_HP_PPA_INFO_T_DL_MODULE_ID_1,1,[if ppa_info_t_dl_module_id exists])
fi])
dnl
@ -466,7 +500,7 @@ AC_DEFUN(AC_LBL_CHECK_TYPE,
ac_cv_lbl_have_$1=no))
AC_MSG_RESULT($ac_cv_lbl_have_$1)
if test $ac_cv_lbl_have_$1 = no ; then
AC_DEFINE($1, $2)
AC_DEFINE($1, $2, [if we have $1])
fi])
dnl
@ -485,7 +519,8 @@ AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
AC_CACHE_VAL(ac_cv_lbl_unaligned_fail,
[case "$target_cpu" in
alpha|hp*|mips|sparc)
# XXX: should also check that they don't do weird things (like on arm)
alpha*|arm*|hp*|mips|sparc)
ac_cv_lbl_unaligned_fail=yes
;;
@ -534,7 +569,7 @@ EOF
esac])
AC_MSG_RESULT($ac_cv_lbl_unaligned_fail)
if test $ac_cv_lbl_unaligned_fail = yes ; then
AC_DEFINE(LBL_ALIGN)
AC_DEFINE(LBL_ALIGN,1,[if unaligned access fails])
fi])
dnl
@ -584,7 +619,7 @@ AC_DEFUN(AC_LBL_DEVEL,
name="lbl/os-$os.h"
if test -f $name ; then
ln -s $name os-proto.h
AC_DEFINE(HAVE_OS_PROTO_H)
AC_DEFINE(HAVE_OS_PROTO_H,1,[if there's an os_proto.h])
else
AC_MSG_WARN(can't find $name)
fi
@ -704,3 +739,31 @@ AC_DEFUN(AC_LBL_LIBRARY_NET, [
# DLPI needs putmsg under HPUX so test for -lstr while we're at it
AC_CHECK_LIB(str, putmsg)
])
dnl
dnl Test for __attribute__
dnl
AC_DEFUN(AC_C___ATTRIBUTE__, [
AC_MSG_CHECKING(for __attribute__)
AC_CACHE_VAL(ac_cv___attribute__, [
AC_TRY_COMPILE([
#include <stdlib.h>
],
[
static void foo(void) __attribute__ ((noreturn));
static void
foo(void)
{
exit(1);
}
],
ac_cv___attribute__=yes,
ac_cv___attribute__=no)])
if test "$ac_cv___attribute__" = "yes"; then
AC_DEFINE(HAVE___ATTRIBUTE__, 1, [define if your compiler has __attribute__])
fi
AC_MSG_RESULT($ac_cv___attribute__)
])

147
contrib/libpcap/bpf/net/bpf.h
View File

@ -37,7 +37,7 @@
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.37 1999/10/19 15:18:31 itojun Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.44 2000/12/21 10:29:24 guy Exp $ (LBL)
*/
#ifndef BPF_MAJOR_VERSION
@ -154,13 +154,24 @@ struct bpf_hdr {
* will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
* Only the kernel needs to know about it; applications use bh_hdrlen.
*/
#ifdef KERNEL
#if defined(KERNEL) || defined(_KERNEL)
#define SIZEOF_BPF_HDR 18
#endif
/*
* Data-link level type codes.
*/
/*
* These are the types that are the same on all platforms; on other
* platforms, a <net/bpf.h> should be supplied that defines the additional
* DLT_* codes appropriately for that platform (the BSDs, for example,
* should not just pick up this version of "bpf.h"; they should also define
* the additional DLT_* codes used by their kernels, as well as the values
* defined here - and, if the values they use for particular DLT_ types
* differ from those here, they should use their values, not the ones
* here).
*/
#define DLT_NULL 0 /* no link-layer encapsulation */
#define DLT_EN10MB 1 /* Ethernet (10Mb) */
#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
@ -172,24 +183,100 @@ struct bpf_hdr {
#define DLT_SLIP 8 /* Serial Line IP */
#define DLT_PPP 9 /* Point-to-point Protocol */
#define DLT_FDDI 10 /* FDDI */
#ifdef __FreeBSD__
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#endif
#ifdef __OpenBSD__
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_LOOP 12 /* loopback */
#endif
/* offset to avoid collision with BSD/OS values */
#ifndef DLT_ATM_RFC1483
#define DLT_ATM_RFC1483 100 /* LLC/SNAP encapsulated atm */
#endif
#define DLT_RAW 101 /* raw IP */
#define DLT_SLIP_BSDOS 102 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 103 /* BSD/OS Point-to-point Protocol */
#define DLT_CHDLC 104 /* Cisco HDLC */
/*
* The instruction encondings.
* These are values from the traditional libpcap "bpf.h".
* Ports of this to particular platforms should replace these definitions
* with the ones appropriate to that platform, if the values are
* different on that platform.
*/
#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define DLT_RAW 12 /* raw IP */
/*
* These are values from BSD/OS's "bpf.h".
* These are not the same as the values from the traditional libpcap
* "bpf.h"; however, these values shouldn't be generated by any
* OS other than BSD/OS, so the correct values to use here are the
* BSD/OS values.
*
* Platforms that have already assigned these values to other
* DLT_ codes, however, should give these codes the values
* from that platform, so that programs that use these codes will
* continue to compile - even though they won't correctly read
* files of these types.
*/
#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
/*
* This value is defined by NetBSD; other platforms should refrain from
* using it for other purposes, so that NetBSD savefiles with a link
* type of 50 can be read as this type on all platforms.
*/
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
/*
* This value was defined by libpcap 0.5; platforms that have defined
* it with a different value should define it here with that value -
* a link type of 104 in a save file will be mapped to DLT_C_HDLC,
* whatever value that happens to be, so programs will correctly
* handle files with that link type regardless of the value of
* DLT_C_HDLC.
*
* The name DLT_C_HDLC was used by BSD/OS; we use that name for source
* compatibility with programs written for BSD/OS.
*
* libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
* for source compatibility with programs written for libpcap 0.5.
*/
#define DLT_C_HDLC 104 /* Cisco HDLC */
#define DLT_CHDLC DLT_C_HDLC
/*
* Reserved for future use.
* Do not pick other numerical value for these unless you have also
* picked up the tcpdump.org top-of-CVS-tree version of "savefile.c",
* which will arrange that capture files for these DLT_ types have
* the same "network" value on all platforms, regardless of what
* value is chosen for their DLT_ type (thus allowing captures made
* on one platform to be read on other platforms, even if the two
* platforms don't use the same numerical values for all DLT_ types).
*/
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
/*
* Values between 106 and 107 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
* that the AF_ type in the link-layer header is in network byte order.
*
* OpenBSD defines it as 12, but that collides with DLT_RAW, so we
* define it as 108 here. If OpenBSD picks up this file, it should
* define DLT_LOOP as 12 in its version, as per the comment above -
* and should not use 108 for any purpose.
*/
#define DLT_LOOP 108
/*
* Values between 109 and 112 are used in capture file headers as
* link-layer types corresponding to DLT_ types that might differ
* between platforms; don't use those values for new DLT_ new types.
*/
/*
* This is for Linux cooked sockets.
*/
#define DLT_LINUX_SLL 113
/*
* The instruction encodings.
*/
/* instruction classes */
#define BPF_CLASS(code) ((code) & 0x07)
@ -260,15 +347,29 @@ struct bpf_insn {
#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
#ifdef KERNEL
extern u_int bpf_filter();
extern void bpfattach();
#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
/*
* Systems based on non-BSD kernels don't have ifnet's (or they don't mean
* anything if it is in <net/if.h>) and won't work like this.
*/
# if __STDC__
extern void bpf_tap(struct ifnet *, u_char *, u_int);
extern void bpf_mtap(struct ifnet *, struct mbuf *);
extern void bpfattach(struct ifnet *, u_int, u_int);
extern void bpfilterattach(int);
# else
extern void bpf_tap();
extern void bpf_mtap();
#else
extern void bpfattach();
extern void bpfilterattach();
# endif /* __STDC__ */
#endif /* BSD && (_KERNEL || KERNEL) */
#if __STDC__
extern int bpf_validate(struct bpf_insn *, int);
extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
#endif
#else
extern int bpf_validate();
extern u_int bpf_filter();
#endif
/*

130
contrib/libpcap/bpf/net/bpf_filter.c
View File

@ -38,17 +38,30 @@
* @(#)bpf.c 7.5 (Berkeley) 7/15/91
*/
#if !(defined(lint) || defined(KERNEL))
#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.33.1.1 1999/10/07 23:46:41 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.35 2000/10/23 19:32:21 fenner Exp $ (LBL)";
#endif
#include <sys/param.h>
#include <sys/types.h>
#include <sys/time.h>
#define SOLARIS (defined(sun) && (defined(__SVR4) || defined(__svr4__)))
#if defined(__hpux) || SOLARIS
# include <sys/sysmacros.h>
# include <sys/stream.h>
# define mbuf msgb
# define m_next b_cont
# define MLEN(m) ((m)->b_wptr - (m)->b_rptr)
# define mtod(m,t) ((t)(m)->b_rptr)
#else
# define MLEN(m) ((m)->m_len)
#endif
#include <net/bpf.h>
#ifndef KERNEL
#if !defined(KERNEL) && !defined(_KERNEL)
#include <stdlib.h>
#endif
@ -79,17 +92,19 @@ static const char rcsid[] =
(u_int32)*((u_char *)p+3)<<0)
#endif
#ifdef KERNEL
#if defined(KERNEL) || defined(_KERNEL)
# if !defined(__hpux) && !SOLARIS
#include <sys/mbuf.h>
#define MINDEX(len, m, k) \
# endif
#define MINDEX(len, _m, _k) \
{ \
len = m->m_len; \
while (k >= len) { \
k -= len; \
m = m->m_next; \
if (m == 0) \
len = MLEN(m); \
while ((_k) >= len) { \
(_k) -= len; \
(_m) = (_m)->m_next; \
if ((_m) == 0) \
return 0; \
len = m->m_len; \
len = MLEN(m); \
} \
}
@ -109,7 +124,7 @@ m_xword(m, k, err)
return EXTRACT_LONG(cp);
}
m0 = m->m_next;
if (m0 == 0 || m0->m_len + len - k < 4)
if (m0 == 0 || MLEN(m0) + len - k < 4)
goto bad;
*err = 0;
np = mtod(m0, u_char *);
@ -159,6 +174,8 @@ m_xhalf(m, k, err)
* Execute the filter program starting at pc on the packet p
* wirelen is the length of the original packet
* buflen is the amount of data present
* For the kernel, p is assumed to be a pointer to an mbuf if buflen is 0,
* in all other cases, p is a pointer to a buffer and buflen is its size.
*/
u_int
bpf_filter(pc, p, wirelen, buflen)
@ -170,6 +187,17 @@ bpf_filter(pc, p, wirelen, buflen)
register u_int32 A, X;
register int k;
int32 mem[BPF_MEMWORDS];
#if defined(KERNEL) || defined(_KERNEL)
struct mbuf *m, *n;
int merr, len;
if (buflen == 0) {
m = (struct mbuf *)p;
p = mtod(m, u_char *);
buflen = MLEN(m);
} else
m = NULL;
#endif
if (pc == 0)
/*
@ -184,7 +212,7 @@ bpf_filter(pc, p, wirelen, buflen)
switch (pc->code) {
default:
#ifdef KERNEL
#if defined(KERNEL) || defined(_KERNEL)
return 0;
#else
abort();
@ -198,12 +226,10 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LD|BPF_W|BPF_ABS:
k = pc->k;
if (k + sizeof(int32) > buflen) {
#ifdef KERNEL
int merr;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
A = m_xword((struct mbuf *)p, k, &merr);
A = m_xword(m, k, &merr);
if (merr != 0)
return 0;
continue;
@ -217,12 +243,12 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LD|BPF_H|BPF_ABS:
k = pc->k;
if (k + sizeof(short) > buflen) {
#ifdef KERNEL
int merr;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
A = m_xhalf(m, k, &merr);
if (merr != 0)
return 0;
A = m_xhalf((struct mbuf *)p, k, &merr);
continue;
#else
return 0;
@ -234,15 +260,12 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LD|BPF_B|BPF_ABS:
k = pc->k;
if (k >= buflen) {
#ifdef KERNEL
register struct mbuf *m;
register int len;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
m = (struct mbuf *)p;
MINDEX(len, m, k);
A = mtod(m, u_char *)[k];
n = m;
MINDEX(len, n, k);
A = mtod(n, u_char *)[k];
continue;
#else
return 0;
@ -262,12 +285,10 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LD|BPF_W|BPF_IND:
k = X + pc->k;
if (k + sizeof(int32) > buflen) {
#ifdef KERNEL
int merr;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
A = m_xword((struct mbuf *)p, k, &merr);
A = m_xword(m, k, &merr);
if (merr != 0)
return 0;
continue;
@ -281,12 +302,10 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LD|BPF_H|BPF_IND:
k = X + pc->k;
if (k + sizeof(short) > buflen) {
#ifdef KERNEL
int merr;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
A = m_xhalf((struct mbuf *)p, k, &merr);
A = m_xhalf(m, k, &merr);
if (merr != 0)
return 0;
continue;
@ -300,15 +319,12 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LD|BPF_B|BPF_IND:
k = X + pc->k;
if (k >= buflen) {
#ifdef KERNEL
register struct mbuf *m;
register int len;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
m = (struct mbuf *)p;
MINDEX(len, m, k);
A = mtod(m, u_char *)[k];
n = m;
MINDEX(len, n, k);
A = mtod(n, u_char *)[k];
continue;
#else
return 0;
@ -320,15 +336,12 @@ bpf_filter(pc, p, wirelen, buflen)
case BPF_LDX|BPF_MSH|BPF_B:
k = pc->k;
if (k >= buflen) {
#ifdef KERNEL
register struct mbuf *m;
register int len;
if (buflen != 0)
#if defined(KERNEL) || defined(_KERNEL)
if (m == NULL)
return 0;
m = (struct mbuf *)p;
MINDEX(len, m, k);
X = (mtod(m, char *)[k] & 0xf) << 2;
n = m;
MINDEX(len, n, k);
X = (mtod(n, char *)[k] & 0xf) << 2;
continue;
#else
return 0;
@ -478,7 +491,7 @@ bpf_filter(pc, p, wirelen, buflen)
}
}
#ifdef KERNEL
/*
* Return true if the 'fcode' is a valid filter program.
* The constraints are that each jump be forward and to a valid
@ -529,4 +542,3 @@ bpf_validate(f, len)
}
return BPF_CLASS(f[len - 1].code) == BPF_RET;
}
#endif

65
contrib/libpcap/bpf_dump.c Normal file
View File

@ -0,0 +1,65 @@
/*
* Copyright (c) 1992, 1993, 1994, 1995, 1996
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.12 2000/06/26 04:17:05 assar Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <pcap.h>
#include <stdio.h>
void
bpf_dump(struct bpf_program *p, int option)
{
struct bpf_insn *insn;
int i;
int n = p->bf_len;
insn = p->bf_insns;
if (option > 2) {
printf("%d\n", n);
for (i = 0; i < n; ++insn, ++i) {
printf("%u %u %u %u\n", insn->code,
insn->jt, insn->jf, insn->k);
}
return ;
}
if (option > 1) {
for (i = 0; i < n; ++insn, ++i)
printf("{ 0x%x, %d, %d, 0x%08x },\n",
insn->code, insn->jt, insn->jf, insn->k);
return;
}
for (i = 0; i < n; ++insn, ++i) {
#ifdef BDEBUG
extern int bids[];
printf(bids[i] > 0 ? "[%02d]" : " -- ", bids[i] - 1);
#endif
puts(bpf_image(insn, i));
}
}

11
contrib/libpcap/bpf_image.c
View File

@ -21,7 +21,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.22.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.24 2000/07/11 00:37:04 assar Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -32,7 +36,6 @@ static const char rcsid[] =
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -277,8 +280,8 @@ bpf_image(p, n)
fmt = "";
break;
}
(void)sprintf(operand, fmt, v);
(void)sprintf(image,
(void)snprintf(operand, sizeof operand, fmt, v);
(void)snprintf(image, sizeof image,
(BPF_CLASS(p->code) == BPF_JMP &&
BPF_OP(p->code) != BPF_JA) ?
"(%03d) %-8s %-16s jt %d\tjf %d"

907
contrib/libpcap/config.guess vendored
View File

File diff suppressed because it is too large Load Diff

95
contrib/libpcap/config.h.in Normal file
View File

@ -0,0 +1,95 @@
/* config.h.in. Generated automatically from configure.in by autoheader. */
/* Define to empty if the keyword does not work. */
#undef const
/* Define as __inline if that's what the C compiler calls it. */
#undef inline
/* Define if you have the ether_hostton function. */
#undef HAVE_ETHER_HOSTTON
/* Define if you have the freeifaddrs function. */
#undef HAVE_FREEIFADDRS
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
/* Define if you have the strlcpy function. */
#undef HAVE_STRLCPY
/* Define if you have the <ifaddrs.h> header file. */
#undef HAVE_IFADDRS_H
/* Define if you have the <netinet/if_ether.h> header file. */
#undef HAVE_NETINET_IF_ETHER_H
/* Define if you have the <netpacket/packet.h> header file. */
#undef HAVE_NETPACKET_PACKET_H
/* Define if you have the <sys/bufmod.h> header file. */
#undef HAVE_SYS_BUFMOD_H
/* Define if you have the <sys/dlpi_ext.h> header file. */
#undef HAVE_SYS_DLPI_EXT_H
/* Define if you have the <sys/ioccom.h> header file. */
#undef HAVE_SYS_IOCCOM_H
/* Define if you have the <sys/sockio.h> header file. */
#undef HAVE_SYS_SOCKIO_H
/* needed on HP-UX */
#undef _HPUX_SOURCE
/* define if your compiler has __attribute__ */
#undef HAVE___ATTRIBUTE__
/* if we have u_int8_t */
#undef u_int8_t
/* if we have u_int16_t */
#undef u_int16_t
/* if we have u_int32_t */
#undef u_int32_t
/* do not use protochain */
#undef NO_PROTOCHAIN
/* IPv6 */
#undef INET6
/* define if you have a /dev/dlpi */
#undef HAVE_DEV_DLPI
/* /dev/dlpi directory */
#undef PCAP_DEV_PREFIX
/* define on AIX to get certain functions */
#undef _SUN
/* on HP-UX 9.x */
#undef HAVE_HPUX9
/* on HP-UX 10.20 */
#undef HAVE_HPUX10_20
/* on sinix */
#undef sinix
/* On solaris */
#undef HAVE_SOLARIS
/* if there's an os_proto.h */
#undef HAVE_OS_PROTO_H
/* if struct sockaddr has sa_len */
#undef HAVE_SOCKADDR_SA_LEN
/* if ppa_info_t_dl_module_id exists */
#undef HAVE_HP_PPA_INFO_T_DL_MODULE_ID_1
/* if unaligned access fails */
#undef LBL_ALIGN

565
contrib/libpcap/config.sub vendored
View File

@ -1,6 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script, version 1.1.
# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc.
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
timestamp='2000-12-15'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
@ -25,6 +29,8 @@
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Please send patches to <config-patches@gnu.org>.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
@ -45,30 +51,73 @@
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
if [ x$1 = x ]
then
echo Configuration name missing. 1>&2
echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
echo "or $0 ALIAS" 1>&2
echo where ALIAS is a recognized configuration type. 1>&2
exit 1
fi
me=`echo "$0" | sed -e 's,.*/,,'`
# First pass through any local machine types.
case $1 in
*local*)
echo $1
exit 0
;;
*)
;;
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Canonicalize a configuration name.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright (C) 1992, 93, 94, 95, 96, 97, 98, 99, 2000
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit 0 ;;
--version | -v )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help"
exit 1 ;;
*local*)
# First pass through any local machine types.
echo $1
exit 0;;
* )
break ;;
esac
done
case $# in
0) echo "$me: missing argument$help" >&2
exit 1;;
1) ;;
*) echo "$me: too many arguments$help" >&2
exit 1;;
esac
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
linux-gnu*)
nto-qnx* | linux-gnu* | storm-chaos*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@ -94,15 +143,25 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple)
-apple | -axis)
os=
basic_machine=$1
;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
;;
-scout)
;;
-wrs)
os=-vxworks
basic_machine=$1
;;
-hiux*)
os=-hiuxwe2
;;
-sco5)
os=sco3.2v5
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco4)
@ -121,6 +180,9 @@ case $os in
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-udk*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-isc)
os=-isc2.2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@ -143,25 +205,47 @@ case $os in
-psos*)
os=-psos
;;
-mint | -mint[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
esac
# Decode aliases for certain CPU-COMPANY combinations.
case $basic_machine in
# Recognize the basic CPU types without company name.
# Some are omitted here because they have special meanings below.
tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \
| arme[lb] | pyramid \
| tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \
| alpha | we32k | ns16k | clipper | i370 | sh \
| powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \
| pdp11 | mips64el | mips64orion | mips64orionel \
| sparc | sparclet | sparclite | sparc64)
tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \
| arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \
| pyramid | mn10200 | mn10300 | tron | a29k \
| 580 | i960 | h8300 \
| x86 | ppcbe | mipsbe | mipsle | shbe | shle \
| hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
| hppa64 \
| alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
| alphaev6[78] \
| we32k | ns16k | clipper | i370 | sh | sh[34] \
| powerpc | powerpcle \
| 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \
| mips64orion | mips64orionel | mipstx39 | mipstx39el \
| mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
| mips64vr5000 | miprs64vr5000el | mcore \
| sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \
| thumb | d10v | d30v | fr30 | avr)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl)
;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
i[3456]86)
i[234567]86 | x86_64)
basic_machine=$basic_machine-pc
;;
# Object if more than one company name word.
@ -170,23 +254,50 @@ case $basic_machine in
exit 1
;;
# Recognize the basic CPU types with company name.
vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \
| sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \
| mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \
| none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \
| hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \
| pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \
| pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \
| mips64el-* | mips64orion-* | mips64orionel-* | f301-*)
# FIXME: clean up the formatting here.
vax-* | tahoe-* | i[234567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
| m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \
| arm-* | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \
| mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
| power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
| xmp-* | ymp-* \
| x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \
| hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
| hppa2.0n-* | hppa64-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
| alphaev6[78]-* \
| we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
| clipper-* | orion-* \
| sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
| sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \
| mips64el-* | mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
| mipstx39-* | mipstx39el-* | mcore-* \
| f30[01]-* | s390-* | sv1-* | t3e-* \
| m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
| thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \
| bs2000-* | tic54x-* | c54x-* | x86_64-*)
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
basic_machine=i386-unknown
os=-bsd
;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
basic_machine=m68000-att
;;
3b*)
basic_machine=we32k-att
;;
a29khif)
basic_machine=a29k-amd
os=-udi
;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
;;
alliant | fx80)
basic_machine=fx80-alliant
;;
@ -202,20 +313,24 @@ case $basic_machine in
os=-sysv
;;
amiga | amiga-*)
basic_machine=m68k-cbm
basic_machine=m68k-unknown
;;
amigados)
basic_machine=m68k-cbm
os=-amigados
amigaos | amigados)
basic_machine=m68k-unknown
os=-amigaos
;;
amigaunix | amix)
basic_machine=m68k-cbm
basic_machine=m68k-unknown
os=-sysv4
;;
apollo68)
basic_machine=m68k-apollo
os=-sysv
;;
apollo68bsd)
basic_machine=m68k-apollo
os=-bsd
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -259,6 +374,9 @@ case $basic_machine in
crds | unos)
basic_machine=m68k-crds
;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
da30 | da30-*)
basic_machine=m68k-da30
;;
@ -292,6 +410,10 @@ case $basic_machine in
encore | umax | mmax)
basic_machine=ns32k-encore
;;
es1800 | OSE68k | ose68k | ose | OSE)
basic_machine=m68k-ericsson
os=-ose
;;
fx2800)
basic_machine=i860-alliant
;;
@ -310,6 +432,14 @@ case $basic_machine in
basic_machine=h8300-hitachi
os=-hms
;;
h8300xray)
basic_machine=h8300-hitachi
os=-xray
;;
h8500hms)
basic_machine=h8500-hitachi
os=-hms
;;
harris)
basic_machine=m88k-harris
os=-sysv3
@ -325,13 +455,30 @@ case $basic_machine in
basic_machine=m68k-hp
os=-hpux
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
basic_machine=m68000-hp
;;
hp9k3[2-9][0-9])
basic_machine=m68k-hp
;;
hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
hp9k6[0-9][0-9] | hp6[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
basic_machine=hppa1.1-hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
@ -340,27 +487,54 @@ case $basic_machine in
hppa-next)
os=-nextstep3
;;
hppaosf)
basic_machine=hppa1.1-hp
os=-osf
;;
hppro)
basic_machine=hppa1.1-hp
os=-proelf
;;
i370-ibm* | ibm*)
basic_machine=i370-ibm
os=-mvs
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i[3456]86v32)
i[34567]86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv32
;;
i[3456]86v4*)
i[34567]86v4*)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv4
;;
i[3456]86v)
i[34567]86v)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-sysv
;;
i[3456]86sol2)
i[34567]86sol2)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-solaris2
;;
i386mach)
basic_machine=i386-mach
os=-mach
;;
i386-vsta | vsta)
basic_machine=i386-unknown
os=-vsta
;;
i386-go32 | go32)
basic_machine=i386-unknown
os=-go32
;;
i386-mingw32 | mingw32)
basic_machine=i386-unknown
os=-mingw32
;;
i[34567]86-pw32 | pw32)
basic_machine=i586-unknown
os=-pw32
;;
iris | iris4d)
basic_machine=mips-sgi
case $os in
@ -389,16 +563,52 @@ case $basic_machine in
miniframe)
basic_machine=m68000-convergent
;;
*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
mipsel*-linux*)
basic_machine=mipsel-unknown
os=-linux-gnu
;;
mips*-linux*)
basic_machine=mips-unknown
os=-linux-gnu
;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
;;
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
mmix*)
basic_machine=mmix-knuth
os=-mmixware
;;
monitor)
basic_machine=m68k-rom68k
os=-coff
;;
msdos)
basic_machine=i386-unknown
os=-msdos
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
;;
netbsd386)
basic_machine=i386-unknown
os=-netbsd
;;
netwinder)
basic_machine=armv4l-rebel
os=-linux
;;
news | news700 | news800 | news900)
basic_machine=m68k-sony
os=-newsos
@ -411,6 +621,10 @@ case $basic_machine in
basic_machine=mips-sony
os=-newsos
;;
necv70)
basic_machine=v70-nec
os=-sysv
;;
next | m*-next )
basic_machine=m68k-next
case $os in
@ -436,9 +650,32 @@ case $basic_machine in
basic_machine=i960-intel
os=-nindy
;;
mon960)
basic_machine=i960-intel
os=-mon960
;;
nonstopux)
basic_machine=mips-compaq
os=-nonstopux
;;
np1)
basic_machine=np1-gould
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
;;
os68k)
basic_machine=m68k-none
os=-os68k
;;
pa-hitachi)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
@ -456,30 +693,28 @@ case $basic_machine in
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5)
basic_machine=i586-intel
pentium | p5 | k5 | k6 | nexgen)
basic_machine=i586-pc
;;
pentiumpro | p6)
basic_machine=i686-intel
pentiumpro | p6 | 6x86 | athlon)
basic_machine=i686-pc
;;
pentium-* | p5-*)
pentiumii | pentium2)
basic_machine=i686-pc
;;
pentium-* | p5-* | k5-* | k6-* | nexgen-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-*)
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
k5)
# We don't have specific support for AMD's K5 yet, so just call it a Pentium
basic_machine=i586-amd
;;
nexen)
# We don't have specific support for Nexgen yet, so just call it a Pentium
basic_machine=i586-nexgen
pentiumii-* | pentium2-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pn)
basic_machine=pn-gould
;;
power) basic_machine=rs6000-ibm
power) basic_machine=power-ibm
;;
ppc) basic_machine=powerpc-unknown
;;
@ -494,12 +729,20 @@ case $basic_machine in
ps2)
basic_machine=i386-ibm
;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
;;
rm[46]00)
basic_machine=mips-siemens
;;
rtpc | rtpc-*)
basic_machine=romp-ibm
;;
sa29200)
basic_machine=a29k-amd
os=-udi
;;
sequent)
basic_machine=i386-sequent
;;
@ -507,6 +750,10 @@ case $basic_machine in
basic_machine=sh-hitachi
os=-hms
;;
sparclite-wrs)
basic_machine=sparclite-wrs
os=-vxworks
;;
sps7)
basic_machine=m68k-bull
os=-sysv2
@ -514,6 +761,13 @@ case $basic_machine in
spur)
basic_machine=spur-unknown
;;
st2000)
basic_machine=m68k-tandem
;;
stratus)
basic_machine=i860-stratus
os=-sysv4
;;
sun2)
basic_machine=m68000-sun
;;
@ -554,10 +808,28 @@ case $basic_machine in
sun386 | sun386i | roadrunner)
basic_machine=i386-sun
;;
sv1)
basic_machine=sv1-cray
os=-unicos
;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
t3e)
basic_machine=t3e-cray
os=-unicos
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tx39)
basic_machine=mipstx39-unknown
;;
tx39el)
basic_machine=mipstx39el-unknown
;;
tower | tower-32)
basic_machine=m68k-ncr
;;
@ -569,6 +841,10 @@ case $basic_machine in
basic_machine=a29k-nyu
os=-sym1
;;
v810 | necv810)
basic_machine=v810-nec
os=-none
;;
vaxv)
basic_machine=vax-dec
os=-sysv
@ -577,7 +853,7 @@ case $basic_machine in
basic_machine=vax-dec
os=-vms
;;
vpp*|vx|vx-*)
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
vxworks960)
@ -592,6 +868,14 @@ case $basic_machine in
basic_machine=a29k-wrs
os=-vxworks
;;
w65*)
basic_machine=w65-wdc
os=-none
;;
w89k-*)
basic_machine=hppa1.1-winbond
os=-proelf
;;
xmp)
basic_machine=xmp-cray
os=-unicos
@ -599,6 +883,10 @@ case $basic_machine in
xps | xps100)
basic_machine=xps100-honeywell
;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
;;
none)
basic_machine=none-none
os=-none
@ -606,8 +894,21 @@ case $basic_machine in
# Here we handle the default manufacturer of certain CPU types. It is in
# some cases the only manufacturer, in others, it is the most popular.
w89k)
basic_machine=hppa1.1-winbond
;;
op50n)
basic_machine=hppa1.1-oki
;;
op60c)
basic_machine=hppa1.1-oki
;;
mips)
basic_machine=mips-mips
if [ x$os = x-linux-gnu ]; then
basic_machine=mips-unknown
else
basic_machine=mips-mips
fi
;;
romp)
basic_machine=romp-ibm
@ -624,7 +925,10 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
sparc)
sh3 | sh4)
basic_machine=sh-unknown
;;
sparc | sparcv9)
basic_machine=sparc-sun
;;
cydra)
@ -636,6 +940,16 @@ case $basic_machine in
orion105)
basic_machine=clipper-highlevel
;;
mac | mpw | mac-mpw)
basic_machine=m68k-apple
;;
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
c4x*)
basic_machine=c4x-none
os=-coff
;;
*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
@ -668,9 +982,12 @@ case $os in
-solaris)
os=-solaris2
;;
-unixware* | svr4*)
-svr4*)
os=-sysv4
;;
-unixware*)
os=-sysv4.2uw
;;
-gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
@ -681,17 +998,39 @@ case $os in
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
| -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -linux-gnu* | -uxpv*)
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* | -storm-chaos*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
case $basic_machine in
x86-* | i[34567]86-*)
;;
*)
os=-nto$os
;;
esac
;;
-nto*)
os=-nto-qnx
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
@ -701,6 +1040,12 @@ case $os in
-sunos6*)
os=`echo $os | sed -e 's|sunos6|solaris3|'`
;;
-opened*)
os=-openedition
;;
-wince*)
os=-wince
;;
-osfrose*)
os=-osfrose
;;
@ -716,12 +1061,18 @@ case $os in
-acis*)
os=-aos
;;
-386bsd)
os=-bsd
;;
-ctix* | -uts*)
os=-sysv
;;
-ns2 )
os=-nextstep2
;;
-nsk*)
os=-nsk
;;
# Preserve the version number of sinix5.
-sinix5.*)
os=`echo $os | sed -e 's|sinix|sysv|'`
@ -747,9 +1098,18 @@ case $os in
# This must come after -sysvr4.
-sysv*)
;;
-ose*)
os=-ose
;;
-es1800*)
os=-ose
;;
-xenix)
os=-xenix
;;
-*mint | -*MiNT)
os=-mint
;;
-none)
;;
*)
@ -775,6 +1135,9 @@ case $basic_machine in
*-acorn)
os=-riscix1.2
;;
arm*-rebel)
os=-linux
;;
arm*-semi)
os=-aout
;;
@ -796,15 +1159,36 @@ case $basic_machine in
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout
;;
mips*-cisco)
os=-elf
;;
mips*-*)
os=-elf
;;
*-tti) # must be before sparc entry or we get the wrong os.
os=-sysv3
;;
sparc-* | *-sun)
os=-sunos4.1.1
;;
*-be)
os=-beos
;;
*-ibm)
os=-aix
;;
*-wec)
os=-proelf
;;
*-winbond)
os=-proelf
;;
*-oki)
os=-proelf
;;
*-hp)
os=-hpux
;;
@ -815,7 +1199,7 @@ case $basic_machine in
os=-sysv
;;
*-cbm)
os=-amigados
os=-amigaos
;;
*-dg)
os=-dgux
@ -865,9 +1249,21 @@ case $basic_machine in
*-masscomp)
os=-rtu
;;
f301-fujitsu)
f30[01]-fujitsu)
os=-uxpv
;;
*-rom68k)
os=-coff
;;
*-*bug)
os=-coff
;;
*-apple)
os=-macos
;;
*-atari*)
os=-mint
;;
*)
os=-none
;;
@ -889,9 +1285,15 @@ case $basic_machine in
-aix*)
vendor=ibm
;;
-beos*)
vendor=be
;;
-hpux*)
vendor=hp
;;
-mpeix*)
vendor=hp
;;
-hiux*)
vendor=hitachi
;;
@ -907,7 +1309,7 @@ case $basic_machine in
-genix*)
vendor=ns
;;
-mvs*)
-mvs* | -opened*)
vendor=ibm
;;
-ptx*)
@ -919,9 +1321,26 @@ case $basic_machine in
-aux*)
vendor=apple
;;
-hms*)
vendor=hitachi
;;
-mpw* | -macos*)
vendor=apple
;;
-*mint | -*MiNT)
vendor=atari
;;
esac
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
;;
esac
echo $basic_machine$os
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:

618
contrib/libpcap/configure vendored
View File

File diff suppressed because it is too large Load Diff

95
contrib/libpcap/configure.in
View File

@ -1,4 +1,4 @@
dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.71 1999/11/01 15:56:40 itojun Exp $ (LBL)
dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.87.2.1 2001/01/17 18:21:54 guy Exp $ (LBL)
dnl
dnl Copyright (c) 1994, 1995, 1996, 1997
dnl The Regents of the University of California. All rights reserved.
@ -6,23 +6,30 @@ dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_REVISION($Revision: 1.87.2.1 $)
AC_INIT(pcap.c)
AC_CANONICAL_SYSTEM
umask 002
if test -z "$PWD" ; then
PWD=`pwd`
fi
AC_LBL_C_INIT(V_CCOPT, V_INCLS)
AC_C_INLINE
AC_C___ATTRIBUTE__
AC_CHECK_HEADERS(malloc.h sys/ioccom.h sys/sockio.h)
AC_LBL_CHECK_TYPE(u_int8_t, u_char)
AC_LBL_CHECK_TYPE(u_int16_t, u_short)
AC_LBL_CHECK_TYPE(u_int32_t, u_int)
dnl
dnl libpcap doesn't itself use <sys/ioccom.h>; however, the test program
dnl in "AC_LBL_FIXINCLUDES" in "aclocal.m4" uses it, so we have to
dnl test for it and set "HAVE_SYS_IOCCOM_H" if we have it, otherwise
dnl "AC_LBL_FIXINCLUDES" won't work on some platforms such as Solaris.
dnl
AC_CHECK_HEADERS(sys/ioccom.h sys/sockio.h ifaddrs.h netinet/if_ether.h)
AC_LBL_FIXINCLUDES
AC_CHECK_FUNCS(ether_hostton strerror)
AC_CHECK_FUNCS(ether_hostton strerror freeifaddrs strlcpy)
dnl to pacify those who hate protochain insn
AC_MSG_CHECKING(if --disable-protochain option is specified)
@ -34,7 +41,7 @@ x) enable_protochain=enabled ;;
esac
if test "$enable_protochain" = "disabled"; then
AC_DEFINE(NO_PROTOCHAIN)
AC_DEFINE(NO_PROTOCHAIN,1,[do not use protochain])
fi
AC_MSG_RESULT(${enable_protochain})
@ -44,6 +51,11 @@ dnl better way of testing since the device might be protected. So we
dnl check in our normal order using -r and then check the for the /dev
dnl guys again using -c.
dnl
dnl XXX This could be done for cross-compiling, but for now it's not.
dnl
if test -z "$with_pcap" && test "$cross_compiling" = yes; then
AC_MSG_ERROR(pcap type not determined when cross-compiling; use --with-pcap=...)
fi
AC_ARG_WITH(pcap, [ --with-pcap=TYPE use packet capture TYPE])
AC_MSG_CHECKING(packet capture type)
if test ! -z "$with_pcap" ; then
@ -78,7 +90,7 @@ AC_MSG_RESULT($V_PCAP)
AC_MSG_CHECKING(if --enable-ipv6 option is specified)
AC_ARG_ENABLE(ipv6, [ --enable-ipv6 build IPv6-capable version])
if test "$enable_ipv6" = "yes"; then
AC_DEFINE(INET6)
AC_DEFINE(INET6,1,[IPv6])
fi
AC_MSG_RESULT(${enable_ipv6-no})
@ -89,14 +101,14 @@ dlpi)
AC_MSG_CHECKING(for /dev/dlpi device)
if test -c /dev/dlpi ; then
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_DEV_DLPI)
AC_DEFINE(HAVE_DEV_DLPI, 1, [define if you have a /dev/dlpi])
else
AC_MSG_RESULT(no)
dir="/dev/dlpi"
AC_MSG_CHECKING(for $dir directory)
if test -d $dir ; then
AC_MSG_RESULT(yes)
AC_DEFINE_UNQUOTED(PCAP_DEV_PREFIX, "$dir")
AC_DEFINE_UNQUOTED(PCAP_DEV_PREFIX, "$dir", [/dev/dlpi directory])
else
AC_MSG_RESULT(no)
fi
@ -104,12 +116,20 @@ dlpi)
;;
linux)
AC_CHECK_HEADERS(net/if_arp.h)
AC_CHECK_HEADERS(netpacket/packet.h)
AC_MSG_CHECKING(Linux kernel version)
AC_CACHE_VAL(ac_cv_linux_vers,
ac_cv_linux_vers=`uname -r 2>&1 | \
sed -n -e '$s/.* //' -e '$s/\..*//p'`)
if test "$cross_compiling" = yes; then
AC_CACHE_VAL(ac_cv_linux_vers,
ac_cv_linux_vers=unknown)
else
AC_CACHE_VAL(ac_cv_linux_vers,
ac_cv_linux_vers=`uname -r 2>&1 | \
sed -n -e '$s/.* //' -e '$s/\..*//p'`)
fi
AC_MSG_RESULT($ac_cv_linux_vers)
if test $ac_cv_linux_vers = unknown ; then
AC_MSG_ERROR(cannot determine linux version when cross-compiling)
fi
if test $ac_cv_linux_vers -lt 2 ; then
AC_MSG_ERROR(version 2 or higher required; see the INSTALL doc for more info)
fi
@ -123,16 +143,32 @@ null)
esac
AC_LBL_LEX_AND_YACC(V_LEX, V_YACC, pcap_)
if test "$V_LEX" = lex ; then
# Some versions of lex can't handle the definitions section of scanner.l .
# Try lexing it and complain if it can't deal.
AC_CACHE_CHECK([for capable lex], tcpdump_cv_capable_lex,
if lex -t scanner.l > /dev/null 2>&1; then
tcpdump_cv_capable_lex=yes
else
tcpdump_cv_capable_lex=insufficient
fi)
if test $tcpdump_cv_capable_lex = insufficient ; then
AC_MSG_ERROR([Your operating system's lex is insufficient to compile
libpcap. flex is a lex replacement that has many advantages, including
being able to compile libpcap. For more information, see
http://www.gnu.org/software/flex/flex.html .])
fi
fi
case "$target_os" in
aix*)
dnl Workaround to enable certain features
AC_DEFINE(_SUN)
AC_DEFINE(_SUN,1,[define on AIX to get certain functions])
;;
hpux9*)
AC_DEFINE(HAVE_HPUX9)
AC_DEFINE(HAVE_HPUX9,1,[on HP-UX 9.x])
;;
hpux10.0*)
@ -143,7 +179,7 @@ hpux10.1*)
hpux*)
dnl HPUX 10.20 and above is similar to HPUX 9...
AC_DEFINE(HAVE_HPUX10_20)
AC_DEFINE(HAVE_HPUX10_20,1,[on HP-UX 10.20])
;;
sinix*)
@ -156,31 +192,24 @@ sinix*)
ac_cv_cc_sinix_defined=no))
AC_MSG_RESULT($ac_cv_cc_sinix_defined)
if test $ac_cv_cc_sinix_defined = no ; then
AC_DEFINE(sinix)
AC_DEFINE(sinix,1,[on sinix])
fi
;;
solaris*)
AC_DEFINE(HAVE_SOLARIS)
;;
linux*)
V_INCLS="$V_INCLS -Ilinux-include"
AC_DEFINE(HAVE_SOLARIS,1,[On solaris])
;;
esac
AC_CHECK_PROGS(V_RANLIB, ranlib, @true)
AC_PROG_RANLIB
AC_LBL_DEVEL(V_CCOPT)
AC_LBL_SOCKADDR_SA_LEN
AC_LBL_UNALIGNED_ACCESS
AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1
if test -r ${srcdir}/lbl/gnuc.h ; then
rm -f gnuc.h
ln -s ${srcdir}/lbl/gnuc.h gnuc.h
fi
AC_LBL_UNALIGNED_ACCESS
rm -f net
ln -s ${srcdir}/bpf/net net
@ -194,6 +223,8 @@ AC_SUBST(V_YACC)
AC_PROG_INSTALL
AC_CONFIG_HEADER(config.h)
AC_OUTPUT(Makefile)
if test -f .devel ; then

7
contrib/libpcap/etherent.c
View File

@ -21,7 +21,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.20.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.21 2000/07/11 00:37:04 assar Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -35,7 +39,6 @@ static const char rcsid[] =
#include <pcap-namedb.h>
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif

31
contrib/libpcap/ethertype.h
View File

@ -18,11 +18,33 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /tcpdump/master/libpcap/ethertype.h,v 1.7 1999/10/30 04:30:13 itojun Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/ethertype.h,v 1.11 2000/10/22 04:15:55 guy Exp $ (LBL)
*/
/* Types missing from some systems */
/*
* Ethernet types.
*
* We wrap the declarations with #ifdef, so that if a file includes
* <netinet/if_ether.h>, which may declare some of these, we don't
* get a bunch of complaints from the C compiler about redefinitions
* of these values.
*
* We declare all of them here so that no file has to include
* <netinet/if_ether.h> if all it needs are ETHERTYPE_ values.
*/
#ifndef ETHERTYPE_PUP
#define ETHERTYPE_PUP 0x0200 /* PUP protocol */
#endif
#ifndef ETHERTYPE_IP
#define ETHERTYPE_IP 0x0800 /* IP protocol */
#endif
#ifndef ETHERTYPE_ARP
#define ETHERTYPE_ARP 0x0806 /* Addr. resolution protocol */
#endif
#ifndef ETHERTYPE_REVARP
#define ETHERTYPE_REVARP 0x8035 /* reverse Addr. resolution protocol */
#endif
#ifndef ETHERTYPE_NS
#define ETHERTYPE_NS 0x0600
#endif
@ -72,7 +94,10 @@
#define ETHERTYPE_AARP 0x80f3
#endif
#ifndef ETHERTYPE_IPV6
#define ETHERTYPE_IPV6 0x80f3
#define ETHERTYPE_IPV6 0x86dd
#endif
#ifndef ETHERTYPE_8021Q
#define ETHERTYPE_8021Q 0x8100
#endif
#ifndef ETHERTYPE_LOOPBACK
#define ETHERTYPE_LOOPBACK 0x9000

660
contrib/libpcap/gencode.c
View File

File diff suppressed because it is too large Load Diff

22
contrib/libpcap/gencode.h
View File

@ -18,12 +18,9 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.37 1999/10/19 15:18:29 itojun Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.47 2000/11/04 10:09:55 guy Exp $ (LBL)
*/
/*XXX*/
#include "gnuc.h"
/* Address qualifiers. */
#define Q_HOST 1
@ -61,6 +58,13 @@
#define Q_PIM 20
#define Q_AARP 21
#define Q_ISO 22
#define Q_ESIS 23
#define Q_ISIS 24
#define Q_CLNP 25
/* Directional qualifiers. */
#define Q_SRC 1
@ -176,11 +180,14 @@ struct block *gen_broadcast(int);
struct block *gen_multicast(int);
struct block *gen_inbound(int);
struct block *gen_vlan(int);
void bpf_optimize(struct block **);
#if __STDC__
__dead void bpf_error(const char *, ...)
__attribute__((volatile, format (printf, 1, 2)));
void bpf_error(const char *, ...)
#if HAVE___ATTRIBUTE__
__attribute__((noreturn, format (printf, 1, 2)))
#endif
;
void finish_parse(struct block *);
char *sdup(const char *);
@ -188,6 +195,7 @@ char *sdup(const char *);
struct bpf_insn *icode_to_fcode(struct block *, int *);
int pcap_parse(void);
void lex_init(char *);
void lex_cleanup(void);
void sappend(struct slist *, struct slist *);
/* XXX */

29
contrib/libpcap/grammar.y
View File

@ -22,12 +22,17 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.57 1999/10/19 15:18:30 itojun Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.64 2000/10/28 10:18:40 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <stdlib.h>
#if __STDC__
struct mbuf;
@ -37,7 +42,6 @@ struct rtentry;
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <stdio.h>
@ -46,7 +50,6 @@ struct rtentry;
#include "gencode.h"
#include <pcap-namedb.h>
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -104,7 +107,7 @@ pcap_parse()
%token DST SRC HOST GATEWAY
%token NET MASK PORT LESS GREATER PROTO PROTOCHAIN BYTE
%token ARP RARP IP TCP UDP ICMP IGMP IGRP PIM
%token ATALK DECNET LAT SCA MOPRC MOPDL
%token ATALK AARP DECNET LAT SCA MOPRC MOPDL
%token TK_BROADCAST TK_MULTICAST
%token NUM INBOUND OUTBOUND
%token LINK
@ -113,6 +116,8 @@ pcap_parse()
%token LSH RSH
%token LEN
%token IPV6 ICMPV6 AH ESP
%token VLAN
%token ISO ESIS ISIS CLNP
%type <s> ID
%type <e> EID
@ -159,14 +164,7 @@ nid: ID { $$.b = gen_scode($1, $$.q = $<blk>0.q); }
| HID {
/* Decide how to parse HID based on proto */
$$.q = $<blk>0.q;
switch ($$.q.proto) {
case Q_DECNET:
$$.b = gen_ncode($1, 0, $$.q);
break;
default:
$$.b = gen_ncode($1, 0, $$.q);
break;
}
$$.b = gen_ncode($1, 0, $$.q);
}
| HID6 '/' NUM {
#ifdef INET6
@ -251,6 +249,7 @@ pname: LINK { $$ = Q_LINK; }
| IGRP { $$ = Q_IGRP; }
| PIM { $$ = Q_PIM; }
| ATALK { $$ = Q_ATALK; }
| AARP { $$ = Q_AARP; }
| DECNET { $$ = Q_DECNET; }
| LAT { $$ = Q_LAT; }
| SCA { $$ = Q_SCA; }
@ -260,6 +259,10 @@ pname: LINK { $$ = Q_LINK; }
| ICMPV6 { $$ = Q_ICMPV6; }
| AH { $$ = Q_AH; }
| ESP { $$ = Q_ESP; }
| ISO { $$ = Q_ISO; }
| ESIS { $$ = Q_ESIS; }
| ISIS { $$ = Q_ISIS; }
| CLNP { $$ = Q_CLNP; }
;
other: pqual TK_BROADCAST { $$ = gen_broadcast($1); }
| pqual TK_MULTICAST { $$ = gen_multicast($1); }
@ -268,6 +271,8 @@ other: pqual TK_BROADCAST { $$ = gen_broadcast($1); }
| BYTE NUM byteop NUM { $$ = gen_byteop($3, $2, $4); }
| INBOUND { $$ = gen_inbound(0); }
| OUTBOUND { $$ = gen_inbound(1); }
| VLAN pnum { $$ = gen_vlan($2); }
| VLAN { $$ = gen_vlan(-1); }
;
relop: '>' { $$ = BPF_JGT; }
| GEQ { $$ = BPF_JGE; }

132
contrib/libpcap/inet.c
View File

@ -33,7 +33,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.26 2000/01/14 23:55:31 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.36 2000/09/20 15:10:29 torsten Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/param.h>
@ -45,11 +49,8 @@ static const char rcsid[] =
#endif
#include <sys/time.h> /* concession to AIX */
#if __STDC__
struct mbuf;
struct rtentry;
#endif
#include <net/if.h>
#include <netinet/in.h>
@ -60,10 +61,12 @@ struct rtentry;
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_IFADDRS_H
#include <ifaddrs.h>
#endif
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -71,9 +74,12 @@ struct rtentry;
/* Not all systems have IFF_LOOPBACK */
#ifdef IFF_LOOPBACK
#define ISLOOPBACK(p) ((p)->ifr_flags & IFF_LOOPBACK)
#define ISLOOPBACK_IFA(p) ((p)->ifa_flags & IFF_LOOPBACK)
#else
#define ISLOOPBACK(p) ((p)->ifr_name[0] == 'l' && (p)->ifr_name[1] == 'o' && \
(isdigit((p)->ifr_name[2]) || (p)->ifr_name[2] == '\0'))
#define ISLOOPBACK_IFA(p) ((p)->ifa_name[0] == 'l' && (p)->ifa_name[1] == 'o' && \
(isdigit((p)->ifa_name[2]) || (p)->ifa_name[2] == '\0'))
#endif
/*
@ -85,6 +91,59 @@ char *
pcap_lookupdev(errbuf)
register char *errbuf;
{
#ifdef HAVE_IFADDRS_H
struct ifaddrs *ifap, *ifa, *mp;
int n, minunit;
char *cp;
static char device[IF_NAMESIZE + 1];
if (getifaddrs(&ifap) != 0) {
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"getifaddrs: %s", pcap_strerror(errno));
return NULL;
}
mp = NULL;
minunit = 666;
for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
const char *endcp;
if ((ifa->ifa_flags & IFF_UP) == 0 || ISLOOPBACK_IFA(ifa))
continue;
endcp = ifa->ifa_name + strlen(ifa->ifa_name);
for (cp = ifa->ifa_name; cp < endcp && !isdigit(*cp); ++cp)
continue;
if (isdigit (*cp)) {
n = atoi(cp);
} else {
n = 0;
}
if (n < minunit) {
minunit = n;
mp = ifa;
}
}
if (mp == NULL) {
(void)strlcpy(errbuf, "no suitable device found",
PCAP_ERRBUF_SIZE);
#ifdef HAVE_FREEIFADDRS
freeifaddrs(ifap);
#else
free(ifap);
#endif
return (NULL);
}
(void)strlcpy(device, mp->ifa_name, sizeof(device));
#ifdef HAVE_FREEIFADDRS
freeifaddrs(ifap);
#else
free(ifap);
#endif
return (device);
#else
register int fd, minunit, n;
register char *cp;
register struct ifreq *ifrp, *ifend, *ifnext, *mp;
@ -96,7 +155,8 @@ pcap_lookupdev(errbuf)
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd < 0) {
(void)sprintf(errbuf, "socket: %s", pcap_strerror(errno));
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"socket: %s", pcap_strerror(errno));
return (NULL);
}
@ -106,17 +166,19 @@ pcap_lookupdev(errbuf)
buf = malloc (buf_size);
if (buf == NULL) {
close (fd);
(void)sprintf(errbuf, "out of memory");
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"out of memory");
return (NULL);
}
ifc.ifc_len = buf_size;
ifc.ifc_buf = buf;
memset (buf, 0, buf_size);
if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0) {
if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0
&& errno != EINVAL) {
free (buf);
(void)sprintf(errbuf, "SIOCGIFCONF: %s",
pcap_strerror(errno));
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"SIOCGIFCONF: %s", pcap_strerror(errno));
(void)close(fd);
return (NULL);
}
@ -132,6 +194,8 @@ pcap_lookupdev(errbuf)
mp = NULL;
minunit = 666;
for (; ifrp < ifend; ifrp = ifnext) {
const char *endcp;
#ifdef HAVE_SOCKADDR_SA_LEN
n = ifrp->ifr_addr.sa_len + sizeof(ifrp->ifr_name);
if (n < sizeof(*ifrp))
@ -153,7 +217,8 @@ pcap_lookupdev(errbuf)
if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) {
if (errno == ENXIO)
continue;
(void)sprintf(errbuf, "SIOCGIFFLAGS: %.*s: %s",
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"SIOCGIFFLAGS: %.*s: %s",
(int)sizeof(ifr.ifr_name), ifr.ifr_name,
pcap_strerror(errno));
(void)close(fd);
@ -165,9 +230,15 @@ pcap_lookupdev(errbuf)
if ((ifr.ifr_flags & IFF_UP) == 0 || ISLOOPBACK(&ifr))
continue;
for (cp = ifrp->ifr_name; !isdigit(*cp); ++cp)
endcp = ifrp->ifr_name + strlen(ifrp->ifr_name);
for (cp = ifrp->ifr_name; cp < endcp && !isdigit(*cp); ++cp)
continue;
n = atoi(cp);
if (isdigit (*cp)) {
n = atoi(cp);
} else {
n = 0;
}
if (n < minunit) {
minunit = n;
mp = ifrp;
@ -175,15 +246,16 @@ pcap_lookupdev(errbuf)
}
(void)close(fd);
if (mp == NULL) {
(void)strcpy(errbuf, "no suitable device found");
(void)strlcpy(errbuf, "no suitable device found",
PCAP_ERRBUF_SIZE);
free(buf);
return (NULL);
}
(void)strncpy(device, mp->ifr_name, sizeof(device) - 1);
device[sizeof(device) - 1] = '\0';
(void)strlcpy(device, mp->ifr_name, sizeof(device));
free(buf);
return (device);
#endif
}
int
@ -196,9 +268,20 @@ pcap_lookupnet(device, netp, maskp, errbuf)
register struct sockaddr_in *sin;
struct ifreq ifr;
/*
* The pseudo-device "any" listens on all interfaces and therefore
* has the network address and -mask "0.0.0.0" therefore catching
* all traffic. Using NULL for the interface is the same as "any".
*/
if (!device || strcmp(device, "any") == 0) {
*netp = *maskp = 0;
return 0;
}
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd < 0) {
(void)sprintf(errbuf, "socket: %s", pcap_strerror(errno));
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s",
pcap_strerror(errno));
return (-1);
}
memset(&ifr, 0, sizeof(ifr));
@ -209,10 +292,11 @@ pcap_lookupnet(device, netp, maskp, errbuf)
(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) {
if (errno == EADDRNOTAVAIL) {
(void)sprintf(errbuf, "%s: no IPv4 address assigned",
device);
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"%s: no IPv4 address assigned", device);
} else {
(void)sprintf(errbuf, "SIOCGIFADDR: %s: %s",
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"SIOCGIFADDR: %s: %s",
device, pcap_strerror(errno));
}
(void)close(fd);
@ -221,8 +305,8 @@ pcap_lookupnet(device, netp, maskp, errbuf)
sin = (struct sockaddr_in *)&ifr.ifr_addr;
*netp = sin->sin_addr.s_addr;
if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) {
(void)sprintf(errbuf, "SIOCGIFNETMASK: %s: %s",
device, pcap_strerror(errno));
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"SIOCGIFNETMASK: %s: %s", device, pcap_strerror(errno));
(void)close(fd);
return (-1);
}
@ -236,8 +320,8 @@ pcap_lookupnet(device, netp, maskp, errbuf)
else if (IN_CLASSC(*netp))
*maskp = IN_CLASSC_NET;
else {
(void)sprintf(errbuf, "inet class for 0x%x unknown",
*netp);
(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
"inet class for 0x%x unknown", *netp);
return (-1);
}
}

28
contrib/libpcap/lbl/os-osf4.h Normal file
View File

@ -0,0 +1,28 @@
/*
* Copyright (c) 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /tcpdump/master/libpcap/lbl/os-osf4.h,v 1.2 2000/12/22 11:51:33 guy Exp $ (LBL)
*/
/* Prototypes missing in Digital UNIX 4.x */
int snprintf(char *, size_t, const char *, ...);
int vsnprintf(char *, size_t, const char *, va_list);
int pfopen(char *, int);

30
contrib/libpcap/lbl/os-solaris2.h
View File

@ -18,37 +18,9 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /tcpdump/master/libpcap/lbl/os-solaris2.h,v 1.18.1.1 1999/10/07 23:46:41 mcr Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/lbl/os-solaris2.h,v 1.19 2000/10/11 04:02:52 guy Exp $ (LBL)
*/
/* Prototypes missing in SunOS 5 */
int daemon(int, int);
int dn_expand(const u_char *, const u_char *, const u_char *, char *, int);
int dn_skipname(const u_char *, const u_char *);
int flock(int, int);
int getdtablesize(void);
int gethostname(char *, int);
int getpagesize(void);
char *getusershell(void);
char *getwd(char *);
int iruserok(u_int, int, char *, char *);
#ifdef __STDC__
struct utmp;
void login(struct utmp *);
#endif
int logout(const char *);
int res_query(const char *, int, int, u_char *, int);
int setenv(const char *, const char *, int);
#if defined(_STDIO_H) && defined(HAVE_SETLINEBUF)
int setlinebuf(FILE *);
#endif
int sigblock(int);
int sigsetmask(int);
char *strerror(int);
int snprintf(char *, size_t, const char *, ...);
int strcasecmp(const char *, const char *);
void unsetenv(const char *);
#ifdef __STDC__
struct timeval;
#endif
int utimes(const char *, struct timeval *);

66
contrib/libpcap/llc.h Normal file
View File

@ -0,0 +1,66 @@
/*
* Copyright (c) 1993, 1994, 1997
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /tcpdump/master/libpcap/llc.h,v 1.1 2001/01/14 21:26:53 guy Exp $ (LBL)
*/
/*
* 802.2 LLC SAP values.
*/
#ifndef LLCSAP_NULL
#define LLCSAP_NULL 0x00
#endif
#ifndef LLCSAP_GLOBAL
#define LLCSAP_GLOBAL 0xff
#endif
#ifndef LLCSAP_8021B
#define LLCSAP_8021B_I 0x02
#endif
#ifndef LLCSAP_8021B
#define LLCSAP_8021B_G 0x03
#endif
#ifndef LLCSAP_IP
#define LLCSAP_IP 0x06
#endif
#ifndef LLCSAP_PROWAYNM
#define LLCSAP_PROWAYNM 0x0e
#endif
#ifndef LLCSAP_8021D
#define LLCSAP_8021D 0x42
#endif
#ifndef LLCSAP_RS511
#define LLCSAP_RS511 0x4e
#endif
#ifndef LLCSAP_ISO8208
#define LLCSAP_ISO8208 0x7e
#endif
#ifndef LLCSAP_PROWAY
#define LLCSAP_PROWAY 0x8e
#endif
#ifndef LLCSAP_SNAP
#define LLCSAP_SNAP 0xaa
#endif
#ifndef LLCSAP_ISONS
#define LLCSAP_ISONS 0xfe
#endif
#ifndef LLCSAP_IPX
#define LLCSAP_IPX 0xe0
#endif

31
contrib/libpcap/nametoaddr.c
View File

@ -24,7 +24,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.51 1999/11/25 08:25:35 itojun Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.57.2.1 2001/01/17 18:21:56 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/param.h>
@ -32,14 +36,13 @@ static const char rcsid[] =
#include <sys/socket.h>
#include <sys/time.h>
#if __STDC__
struct mbuf;
struct rtentry;
#endif
#include <net/if.h>
#include <netinet/in.h>
#ifdef HAVE_NETINET_IF_ETHER_H
#include <netinet/if_ether.h>
#endif
#include <arpa/inet.h>
#ifdef INET6
#include <netdb.h>
@ -58,7 +61,6 @@ struct rtentry;
#include "gencode.h"
#include <pcap-namedb.h>
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -74,7 +76,6 @@ static inline int xdtoi(int);
* Convert host name to internet address.
* Return 0 upon failure.
*/
#ifndef INET6
bpf_u_int32 **
pcap_nametoaddr(const char *name)
{
@ -98,9 +99,10 @@ pcap_nametoaddr(const char *name)
else
return 0;
}
#else
#ifdef INET6
struct addrinfo *
pcap_nametoaddr(const char *name)
pcap_nametoaddrinfo(const char *name)
{
struct addrinfo hints, *res;
int error;
@ -329,7 +331,7 @@ pcap_ether_hostton(const char *name)
register struct pcap_etherent *ep;
register u_char *ap;
static FILE *fp = NULL;
static init = 0;
static int init = 0;
if (!init) {
fp = fopen(PCAP_ETHERS_FILE, "r");
@ -355,7 +357,16 @@ pcap_ether_hostton(const char *name)
}
#else
#if !defined(sgi) && !defined(__NetBSD__)
/*
* XXX - perhaps this should, instead, be declared in "lbl/os-XXX.h" files,
* for those OS versions that don't declare it, rather than being declared
* here? That way, for example, we could declare it on FreeBSD 2.x (which
* doesn't declare it), but not on FreeBSD 3.x (which declares it like
* this) or FreeBSD 4.x (which declares it with its first argument as
* "const char *", so no matter how we declare it here, it'll fail to
* compile on one of 3.x or 4.x).
*/
#if !defined(sgi) && !defined(__NetBSD__) && !defined(__FreeBSD__)
extern int ether_hostton(char *, struct ether_addr *);
#endif

43
contrib/libpcap/nlpid.h Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (c) 1996
* Juniper Networks, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution. The name of Juniper Networks may not
* be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* @(#) $Header: /tcpdump/master/libpcap/nlpid.h,v 1.1 2000/10/28 09:30:22 guy Exp $ (Juniper)
*/
/* Types missing from some systems */
/*
* Network layer prototocol identifiers
*/
#ifndef ISO8473_CLNP
#define ISO8473_CLNP 0x81
#endif
#ifndef ISO9542_ESIS
#define ISO9542_ESIS 0x82
#endif
#ifndef ISO9542X25_ESIS
#define ISO9542X25_ESIS 0x8a
#endif
#ifndef ISO10589_ISIS
#define ISO10589_ISIS 0x83
#endif
#ifndef ISO8878A_CONS
#define ISO8878A_CONS 0x84
#endif
#ifndef ISO10747_IDRP
#define ISO10747_IDRP 0x85
#endif

64
contrib/libpcap/optimize.c
View File

@ -22,7 +22,11 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.61 1999/10/19 15:18:30 itojun Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.67 2000/11/19 13:37:20 itojun Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -32,11 +36,12 @@ static const char rcsid[] =
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include "pcap-int.h"
#include "gencode.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -1481,6 +1486,8 @@ opt_blks(root, do_stmts)
init_val();
maxlevel = root->level;
find_inedges(root);
for (i = maxlevel; i >= 0; --i)
for (p = levels[i]; p; p = p->link)
opt_blk(p, do_stmts);
@ -1498,6 +1505,8 @@ opt_blks(root, do_stmts)
opt_j(&p->ef);
}
}
find_inedges(root);
for (i = 1; i <= maxlevel; ++i) {
for (p = levels[i]; p; p = p->link) {
or_pullup(p);
@ -1577,7 +1586,6 @@ opt_loop(root, do_stmts)
find_levels(root);
find_dom(root);
find_closure(root);
find_inedges(root);
find_ud(root);
find_edom(root);
opt_blks(root, do_stmts);
@ -1777,6 +1785,20 @@ number_blks_r(p)
/*
* Return the number of stmts in the flowgraph reachable by 'p'.
* The nodes should be unmarked before calling.
*
* Note that "stmts" means "instructions", and that this includes
*
* side-effect statements in 'p' (slength(p->stmts));
*
* statements in the true branch from 'p' (count_stmts(JT(p)));
*
* statements in the false branch from 'p' (count_stmts(JF(p)));
*
* the conditional jump itself (1);
*
* an extra long jump if the true branch requires it (p->longjt);
*
* an extra long jump if the false branch requires it (p->longjf).
*/
static int
count_stmts(p)
@ -1788,7 +1810,7 @@ count_stmts(p)
return 0;
Mark(p);
n = count_stmts(JT(p)) + count_stmts(JF(p));
return slength(p->stmts) + n + 1;
return slength(p->stmts) + n + 1 + p->longjt + p->longjf;
}
/*
@ -1864,7 +1886,7 @@ opt_init(root)
*/
maxval = 3 * max_stmts;
vmap = (struct vmapinfo *)malloc(maxval * sizeof(*vmap));
vnode_base = (struct valnode *)malloc(maxval * sizeof(*vmap));
vnode_base = (struct valnode *)malloc(maxval * sizeof(*vnode_base));
}
/*
@ -1936,7 +1958,7 @@ convert_code_r(p)
dst->k = src->s.k;
/* fill block-local relative jump */
if (BPF_CLASS(src->s.code) != BPF_JMP || src->s.code == BPF_JMP|BPF_JA) {
if (BPF_CLASS(src->s.code) != BPF_JMP || src->s.code == (BPF_JMP|BPF_JA)) {
#if 0
if (src->s.jt || src->s.jf) {
bpf_error("illegal jmp destination");
@ -2074,6 +2096,36 @@ icode_to_fcode(root, lenp)
return fp;
}
/*
* Make a copy of a BPF program and put it in the "fcode" member of
* a "pcap_t".
*
* If we fail to allocate memory for the copy, fill in the "errbuf"
* member of the "pcap_t" with an error message, and return -1;
* otherwise, return 0.
*/
int
install_bpf_program(pcap_t *p, struct bpf_program *fp)
{
size_t prog_size;
/*
* Free up any already installed program.
*/
pcap_freecode(&p->fcode);
prog_size = sizeof(*fp->bf_insns) * fp->bf_len;
p->fcode.bf_len = fp->bf_len;
p->fcode.bf_insns = (struct bpf_insn *)malloc(prog_size);
if (p->fcode.bf_insns == NULL) {
snprintf(p->errbuf, sizeof(p->errbuf),
"malloc: %s", pcap_strerror(errno));
return (-1);
}
memcpy(p->fcode.bf_insns, fp->bf_insns, prog_size);
return (0);
}
#ifdef BDEBUG
static void
opt_dump(root)

164
contrib/libpcap/pcap-bpf.c
View File

@ -20,7 +20,11 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.32 1999/10/19 15:18:30 itojun Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.44 2000/10/28 00:01:28 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/param.h> /* optionally get BSD define */
@ -42,7 +46,6 @@ static const char rcsid[] =
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -55,7 +58,8 @@ pcap_stats(pcap_t *p, struct pcap_stat *ps)
struct bpf_stat s;
if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) {
sprintf(p->errbuf, "BIOCGSTATS: %s", pcap_strerror(errno));
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s",
pcap_strerror(errno));
return (-1);
}
@ -99,7 +103,8 @@ pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
/* fall through */
#endif
}
sprintf(p->errbuf, "read: %s", pcap_strerror(errno));
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read: %s",
pcap_strerror(errno));
return (-1);
}
bp = p->buffer;
@ -136,13 +141,13 @@ bpf_open(pcap_t *p, char *errbuf)
{
int fd;
int n = 0;
char device[sizeof "/dev/bpf000"];
char device[sizeof "/dev/bpf0000000000"];
/*
* Go through all the minors and find one that isn't in use.
*/
do {
(void)sprintf(device, "/dev/bpf%d", n++);
(void)snprintf(device, sizeof(device), "/dev/bpf%d", n++);
fd = open(device, O_RDONLY);
} while (fd < 0 && errno == EBUSY);
@ -150,7 +155,8 @@ bpf_open(pcap_t *p, char *errbuf)
* XXX better message for all minors used
*/
if (fd < 0)
sprintf(errbuf, "%s: %s", device, pcap_strerror(errno));
snprintf(errbuf, PCAP_ERRBUF_SIZE, "(no devices found) %s: %s",
device, pcap_strerror(errno));
return (fd);
}
@ -166,10 +172,11 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
sprintf(ebuf, "malloc: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
pcap_strerror(errno));
return (NULL);
}
bzero(p, sizeof(*p));
memset(p, 0, sizeof(*p));
fd = bpf_open(p, ebuf);
if (fd < 0)
goto bad;
@ -178,35 +185,65 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p->snapshot = snaplen;
if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) {
sprintf(ebuf, "BIOCVERSION: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s",
pcap_strerror(errno));
goto bad;
}
if (bv.bv_major != BPF_MAJOR_VERSION ||
bv.bv_minor < BPF_MINOR_VERSION) {
sprintf(ebuf, "kernel bpf filter out of date");
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"kernel bpf filter out of date");
goto bad;
}
v = 32768; /* XXX this should be a user-accessible hook */
/* Ignore the return value - this is because the call fails on
* BPF systems that don't have kernel malloc. And if the call
* fails, it's no big deal, we just continue to use the standard
* buffer size.
*/
(void) ioctl(fd, BIOCSBLEN, (caddr_t)&v);
(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) {
sprintf(ebuf, "%s: %s", device, pcap_strerror(errno));
/*
* Try finding a good size for the buffer; 32768 may be too
* big, so keep cutting it in half until we find a size
* that works, or run out of sizes to try.
*
* XXX - there should be a user-accessible hook to set the
* initial buffer size.
*/
for (v = 32768; v != 0; v >>= 1) {
/* Ignore the return value - this is because the call fails
* on BPF systems that don't have kernel malloc. And if
* the call fails, it's no big deal, we just continue to
* use the standard buffer size.
*/
(void) ioctl(fd, BIOCSBLEN, (caddr_t)&v);
(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0)
break; /* that size worked; we're done */
if (errno != ENOBUFS) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s",
device, pcap_strerror(errno));
goto bad;
}
}
if (v == 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"BIOCSBLEN: %s: No buffer size worked", device);
goto bad;
}
/* Get the data link layer type. */
if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) {
sprintf(ebuf, "BIOCGDLT: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s",
pcap_strerror(errno));
goto bad;
}
#ifdef __OpenBSD__
switch (v) {
case DLT_LOOP:
/*
* XXX - DLT_LOOP has a network-byte-order, rather than
* a host-byte-order, AF_ value as the link-layer
* header; will the BPF code generator handle that
* correctly on little-endian machines?
*/
v = DLT_NULL;
break;
}
@ -240,23 +277,83 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
to.tv_sec = to_ms / 1000;
to.tv_usec = (to_ms * 1000) % 1000000;
if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) {
sprintf(ebuf, "BIOCSRTIMEOUT: %s",
pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s",
pcap_strerror(errno));
goto bad;
}
}
#ifdef _AIX
#ifdef BIOCIMMEDIATE
/*
* Darren Reed notes that
*
* On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the
* timeout appears to be ignored and it waits until the buffer
* is filled before returning. The result of not having it
* set is almost worse than useless if your BPF filter
* is reducing things to only a few packets (i.e. one every
* second or so).
*
* so we turn BIOCIMMEDIATE mode on if this is AIX.
*
* We don't turn it on for other platforms, as that means we
* get woken up for every packet, which may not be what we want;
* in the Winter 1993 USENIX paper on BPF, they say:
*
* Since a process might want to look at every packet on a
* network and the time between packets can be only a few
* microseconds, it is not possible to do a read system call
* per packet and BPF must collect the data from several
* packets and return it as a unit when the monitoring
* application does a read.
*
* which I infer is the reason for the timeout - it means we
* wait that amount of time, in the hopes that more packets
* will arrive and we'll get them all with one read.
*
* Setting BIOCIMMEDIATE mode on FreeBSD (and probably other
* BSDs) causes the timeout to be ignored.
*
* On the other hand, some platforms (e.g., Linux) don't support
* timeouts, they just hand stuff to you as soon as it arrives;
* if that doesn't cause a problem on those platforms, it may
* be OK to have BIOCIMMEDIATE mode on BSD as well.
*
* (Note, though, that applications may depend on the read
* completing, even if no packets have arrived, when the timeout
* expires, e.g. GUI applications that have to check for input
* while waiting for packets to arrive; a non-zero timeout
* prevents "select()" from working right on FreeBSD and
* possibly other BSDs, as the timer doesn't start until a
* "read()" is done, so the timer isn't in effect if the
* application is blocked on a "select()", and the "select()"
* doesn't get woken up for a BPF device until the buffer
* fills up.)
*/
v = 1;
if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s",
pcap_strerror(errno));
goto bad;
}
#endif /* BIOCIMMEDIATE */
#endif /* _AIX */
if (promisc)
/* set promiscuous mode, okay if it fails */
(void)ioctl(p->fd, BIOCPROMISC, NULL);
if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) {
sprintf(ebuf, "BIOCGBLEN: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s",
pcap_strerror(errno));
goto bad;
}
p->bufsize = v;
p->buffer = (u_char *)malloc(p->bufsize);
if (p->buffer == NULL) {
sprintf(ebuf, "malloc: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
pcap_strerror(errno));
goto bad;
}
@ -275,12 +372,15 @@ pcap_setfilter(pcap_t *p, struct bpf_program *fp)
* compatible with some of kernel BPF code (for example BSD/OS 3.1).
* Take a safer side for now.
*/
if (no_optimize)
p->fcode = *fp;
else if (p->sf.rfile != NULL)
p->fcode = *fp;
else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) {
sprintf(p->errbuf, "BIOCSETF: %s", pcap_strerror(errno));
if (no_optimize) {
if (install_bpf_program(p, fp) < 0)
return (-1);
} else if (p->sf.rfile != NULL) {
if (install_bpf_program(p, fp) < 0)
return (-1);
} else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s",
pcap_strerror(errno));
return (-1);
}
return (0);

307
contrib/libpcap/pcap-dlpi.c
View File

@ -38,7 +38,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.52.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.63 2000/11/22 05:32:55 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -80,7 +84,6 @@ static const char rcsid[] =
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -159,7 +162,8 @@ pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
cc = 0;
continue;
}
strcpy(p->errbuf, pcap_strerror(errno));
strlcpy(p->errbuf, pcap_strerror(errno),
sizeof(p->errbuf));
return (-1);
}
cc = data.len;
@ -241,54 +245,101 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
strcpy(ebuf, pcap_strerror(errno));
strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
return (NULL);
}
memset(p, 0, sizeof(*p));
#ifdef HAVE_DEV_DLPI
/*
** Remove any "/dev/" on the front of the device.
*/
cp = strrchr(device, '/');
if (cp == NULL)
cp = device;
else
cp++;
strlcpy(dname, cp, sizeof(dname));
/*
* Split the name into a device type and a unit number.
*/
cp = strpbrk(dname, "0123456789");
if (cp == NULL) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"%s missing unit number", device);
goto bad;
}
ppa = strtol(cp, &eos, 10);
if (*eos != '\0') {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"%s bad unit number", device);
goto bad;
}
*cp = '\0';
/*
* Use "/dev/dlpi" as the device.
*
* XXX - HP's DLPI Programmer's Guide for HP-UX 11.00 says that
* the "dl_mjr_num" field is for the "major number of interface
* driver"; that's the major of "/dev/dlpi" on the system on
* which I tried this, but there may be DLPI devices that
* use a different driver, in which case we may need to
* search "/dev" for the appropriate device with that major
* device number, rather than hardwiring "/dev/dlpi".
*/
cp = "/dev/dlpi";
if ((p->fd = open(cp, O_RDWR)) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"%s: %s", cp, pcap_strerror(errno));
goto bad;
}
/*
* Get a table of all PPAs for that device, and search that
* table for the specified device type name and unit number.
*/
ppa = get_dlpi_ppa(p->fd, dname, ppa, ebuf);
if (ppa < 0)
goto bad;
#else
/*
** Determine device and ppa
*/
cp = strpbrk(device, "0123456789");
if (cp == NULL) {
sprintf(ebuf, "%s missing unit number", device);
snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s missing unit number",
device);
goto bad;
}
ppa = strtol(cp, &eos, 10);
if (*eos != '\0') {
sprintf(ebuf, "%s bad unit number", device);
snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s bad unit number", device);
goto bad;
}
if (*device == '/')
strcpy(dname, device);
strlcpy(dname, device, sizeof(dname));
else
sprintf(dname, "%s/%s", PCAP_DEV_PREFIX, device);
#ifdef HAVE_DEV_DLPI
/* Map network device to /dev/dlpi unit */
cp = "/dev/dlpi";
if ((p->fd = open(cp, O_RDWR)) < 0) {
sprintf(ebuf, "%s: %s", cp, pcap_strerror(errno));
goto bad;
}
/* Map network interface to /dev/dlpi unit */
ppa = get_dlpi_ppa(p->fd, dname, ppa, ebuf);
if (ppa < 0)
goto bad;
#else
snprintf(dname, sizeof(dname), "%s/%s", PCAP_DEV_PREFIX,
device);
/* Try device without unit number */
strcpy(dname2, dname);
strlcpy(dname2, dname, sizeof(dname2));
cp = strchr(dname, *cp);
*cp = '\0';
if ((p->fd = open(dname, O_RDWR)) < 0) {
if (errno != ENOENT) {
sprintf(ebuf, "%s: %s", dname, pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dname,
pcap_strerror(errno));
goto bad;
}
/* Try again with unit number */
if ((p->fd = open(dname2, O_RDWR)) < 0) {
sprintf(ebuf, "%s: %s", dname2, pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dname2,
pcap_strerror(errno));
goto bad;
}
/* XXX Assume unit zero */
@ -314,7 +365,14 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
** using SINIX)
*/
#if !defined(HAVE_HPUX9) && !defined(HAVE_HPUX10_20) && !defined(sinix)
#ifdef _AIX
/* According to IBM's AIX Support Line, the dl_sap value
** should not be less than 0x600 (1536) for standard ethernet
*/
if (dlbindreq(p->fd, 1537, ebuf) < 0 ||
#else
if (dlbindreq(p->fd, 0, ebuf) < 0 ||
#endif
dlbindack(p->fd, (char *)buf, ebuf) < 0)
goto bad;
#endif
@ -391,7 +449,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
break;
default:
sprintf(ebuf, "unknown mac type 0x%lu", infop->dl_mac_type);
snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown mac type %lu",
infop->dl_mac_type);
goto bad;
}
@ -400,7 +459,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
** This is a non standard SunOS hack to get the ethernet header.
*/
if (strioctl(p->fd, DLIOCRAW, 0, NULL) < 0) {
sprintf(ebuf, "DLIOCRAW: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "DLIOCRAW: %s",
pcap_strerror(errno));
goto bad;
}
#endif
@ -410,7 +470,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
** Another non standard call to get the data nicely buffered
*/
if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
sprintf(ebuf, "I_PUSH bufmod: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "I_PUSH bufmod: %s",
pcap_strerror(errno));
goto bad;
}
@ -437,7 +498,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
#endif
if (ss > 0 &&
strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
sprintf(ebuf, "SBIOCSSNAP: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SBIOCSSNAP: %s",
pcap_strerror(errno));
goto bad;
}
@ -445,12 +507,14 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
** Set up the bufmod flags
*/
if (strioctl(p->fd, SBIOCGFLAGS, sizeof(flag), (char *)&flag) < 0) {
sprintf(ebuf, "SBIOCGFLAGS: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SBIOCGFLAGS: %s",
pcap_strerror(errno));
goto bad;
}
flag |= SB_NO_DROPS;
if (strioctl(p->fd, SBIOCSFLAGS, sizeof(flag), (char *)&flag) != 0) {
sprintf(ebuf, "SBIOCSFLAGS: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SBIOCSFLAGS: %s",
pcap_strerror(errno));
goto bad;
}
/*
@ -462,7 +526,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
to.tv_sec = to_ms / 1000;
to.tv_usec = (to_ms * 1000) % 1000000;
if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
sprintf(ebuf, "SBIOCSTIME: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SBIOCSTIME: %s",
pcap_strerror(errno));
goto bad;
}
}
@ -472,7 +537,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
** As the last operation flush the read side.
*/
if (ioctl(p->fd, I_FLUSH, FLUSHR) != 0) {
sprintf(ebuf, "FLUSHR: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "FLUSHR: %s",
pcap_strerror(errno));
goto bad;
}
/* Allocate data buffer */
@ -489,7 +555,8 @@ int
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
{
p->fcode = *fp;
if (install_bpf_program(p, fp) < 0)
return (-1);
return (0);
}
@ -505,7 +572,8 @@ send_request(int fd, char *ptr, int len, char *what, char *ebuf)
flags = 0;
if (putmsg(fd, &ctl, (struct strbuf *) NULL, flags) < 0) {
sprintf(ebuf, "send_request: putmsg \"%s\": %s",
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"send_request: putmsg \"%s\": %s",
what, pcap_strerror(errno));
return (-1);
}
@ -525,7 +593,7 @@ recv_ack(int fd, int size, const char *what, char *bufp, char *ebuf)
flags = 0;
if (getmsg(fd, &ctl, (struct strbuf*)NULL, &flags) < 0) {
sprintf(ebuf, "recv_ack: %s getmsg: %s",
snprintf(ebuf, PCAP_ERRBUF_SIZE, "recv_ack: %s getmsg: %s",
what, pcap_strerror(errno));
return (-1);
}
@ -547,37 +615,40 @@ recv_ack(int fd, int size, const char *what, char *bufp, char *ebuf)
switch (dlp->error_ack.dl_errno) {
case DL_BADPPA:
sprintf(ebuf, "recv_ack: %s bad ppa (device unit)",
what);
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"recv_ack: %s bad ppa (device unit)", what);
break;
case DL_SYSERR:
sprintf(ebuf, "recv_ack: %s: %s",
snprintf(ebuf, PCAP_ERRBUF_SIZE, "recv_ack: %s: %s",
what, pcap_strerror(dlp->error_ack.dl_unix_errno));
break;
case DL_UNSUPPORTED:
sprintf(ebuf,
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"recv_ack: %s: Service not supplied by provider",
what);
break;
default:
sprintf(ebuf, "recv_ack: %s error 0x%x",
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"recv_ack: %s error 0x%x",
what, (bpf_u_int32)dlp->error_ack.dl_errno);
break;
}
return (-1);
default:
sprintf(ebuf, "recv_ack: %s unexpected primitive ack 0x%x ",
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"recv_ack: %s unexpected primitive ack 0x%x ",
what, (bpf_u_int32)dlp->dl_primitive);
return (-1);
}
if (ctl.len < size) {
sprintf(ebuf, "recv_ack: %s ack too small (%d < %d)",
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"recv_ack: %s ack too small (%d < %d)",
what, ctl.len, size);
return (-1);
}
@ -709,29 +780,57 @@ get_release(bpf_u_int32 *majorp, bpf_u_int32 *minorp, bpf_u_int32 *microp)
#ifdef DL_HP_PPA_ACK_OBS
/*
* Under HP-UX 10, we can ask for the ppa
* Under HP-UX 10 and HP-UX 11, we can ask for the ppa
*/
/* Determine ppa number that specifies ifname */
/*
* Determine ppa number that specifies ifname.
*
* If the "dl_hp_ppa_info_t" doesn't have a "dl_module_id_1" member,
* the code that's used here is the old code for HP-UX 10.x.
*
* However, HP-UX 10.20, at least, appears to have such a member
* in its "dl_hp_ppa_info_t" structure, so the new code is used.
* The new code didn't work on an old 10.20 system on which Rick
* Jones of HP tried it, but with later patches installed, it
* worked - it appears that the older system had those members but
* didn't put anything in them, so, if the search by name fails, we
* do the old search.
*
* Rick suggests that making sure your system is "up on the latest
* lancommon/DLPI/driver patches" is probably a good idea; it'd fix
* that problem, as well as allowing libpcap to see packets sent
* from the system on which the libpcap application is being run.
* (On 10.20, in addition to getting the latest patches, you need
* to turn the kernel "lanc_outbound_promisc_flag" flag on with ADB;
* a posting to "comp.sys.hp.hpux" at
*
* http://www.deja.com/[ST_rn=ps]/getdoc.xp?AN=558092266
*
* says that, to see the machine's outgoing traffic, you'd need to
* apply the right patches to your system, and also set that variable
* with:
echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
* which could be put in, for example, "/sbin/init.d/lan".
*
* Setting the variable is not necessary on HP-UX 11.x.
*/
static int
get_dlpi_ppa(register int fd, register const char *device, register int unit,
register char *ebuf)
{
register dl_hp_ppa_ack_t *ap;
register dl_hp_ppa_info_t *ip;
register dl_hp_ppa_info_t *ipstart, *ip;
register int i;
char dname[100];
register u_long majdev;
dl_hp_ppa_req_t req;
struct stat statbuf;
dl_hp_ppa_req_t req;
bpf_u_int32 buf[MAXDLBUF];
if (stat(device, &statbuf) < 0) {
sprintf(ebuf, "stat: %s: %s", device, pcap_strerror(errno));
return (-1);
}
majdev = major(statbuf.st_rdev);
memset((char *)&req, 0, sizeof(req));
req.dl_primitive = DL_HP_PPA_REQ;
@ -741,20 +840,81 @@ get_dlpi_ppa(register int fd, register const char *device, register int unit,
return (-1);
ap = (dl_hp_ppa_ack_t *)buf;
ip = (dl_hp_ppa_info_t *)((u_char *)ap + ap->dl_offset);
ipstart = (dl_hp_ppa_info_t *)((u_char *)ap + ap->dl_offset);
ip = ipstart;
for(i = 0; i < ap->dl_count; i++) {
if (ip->dl_mjr_num == majdev && ip->dl_instance_num == unit)
break;
#ifdef HAVE_HP_PPA_INFO_T_DL_MODULE_ID_1
/*
* The "dl_hp_ppa_info_t" structure has a "dl_module_id_1"
* member that should, in theory, contain the part of the
* name for the device that comes before the unit number,
* and should also have a "dl_module_id_2" member that may
* contain an alternate name (e.g., I think Ethernet devices
* have both "lan", for "lanN", and "snap", for "snapN", with
* the former being for Ethernet packets and the latter being
* for 802.3/802.2 packets).
*
* Search for the device that has the specified name and
* instance number.
*/
for (i = 0; i < ap->dl_count; i++) {
if ((strcmp(ip->dl_module_id_1, device) == 0 ||
strcmp(ip->dl_module_id_2, device) == 0) &&
ip->dl_instance_num == unit)
break;
ip = (dl_hp_ppa_info_t *)((u_char *)ip + ip->dl_next_offset);
}
ip = (dl_hp_ppa_info_t *)((u_char *)ipstart + ip->dl_next_offset);
}
#else
/*
* We don't have that member, so the search is impossible; make it
* look as if the search failed.
*/
i = ap->dl_count;
#endif
if (i == ap->dl_count) {
/*
* Well, we didn't, or can't, find the device by name.
*
* HP-UX 10.20, whilst it has "dl_module_id_1" and
* "dl_module_id_2" fields in the "dl_hp_ppa_info_t",
* doesn't seem to fill them in unless the system is
* at a reasonably up-to-date patch level.
*
* Older HP-UX 10.x systems might not have those fields
* at all.
*
* Therefore, we'll search for the entry with the major
* device number of a device with the name "/dev/<dev><unit>",
* if such a device exists, as the old code did.
*/
snprintf(dname, sizeof(dname), "/dev/%s%d", device, unit);
if (stat(dname, &statbuf) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "stat: %s: %s",
dname, pcap_strerror(errno));
return (-1);
}
majdev = major(statbuf.st_rdev);
ip = ipstart;
for (i = 0; i < ap->dl_count; i++) {
if (ip->dl_mjr_num == majdev &&
ip->dl_instance_num == unit)
break;
ip = (dl_hp_ppa_info_t *)((u_char *)ipstart + ip->dl_next_offset);
}
}
if (i == ap->dl_count) {
sprintf(ebuf, "can't find PPA for %s", device);
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"can't find /dev/dlpi PPA for %s%d", device, unit);
return (-1);
}
if (ip->dl_hdw_state == HDW_DEAD) {
sprintf(ebuf, "%s: hardware state: DOWN\n", device);
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"%s%d: hardware state: DOWN\n", device, unit);
return (-1);
}
return ((int)ip->dl_ppa);
@ -783,23 +943,26 @@ get_dlpi_ppa(register int fd, register const char *ifname, register int unit,
register int kd;
void *addr;
struct ifnet ifnet;
char if_name[sizeof(ifnet.if_name)], tifname[32];
char if_name[sizeof(ifnet.if_name) + 1];
cp = strrchr(ifname, '/');
if (cp != NULL)
ifname = cp + 1;
if (nlist(path_vmunix, &nl) < 0) {
sprintf(ebuf, "nlist %s failed", path_vmunix);
snprintf(ebuf, PCAP_ERRBUF_SIZE, "nlist %s failed",
path_vmunix);
return (-1);
}
if (nl[NL_IFNET].n_value == 0) {
sprintf(ebuf, "could't find %s kernel symbol",
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"could't find %s kernel symbol",
nl[NL_IFNET].n_name);
return (-1);
}
kd = open("/dev/kmem", O_RDONLY);
if (kd < 0) {
sprintf(ebuf, "kmem open: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "kmem open: %s",
pcap_strerror(errno));
return (-1);
}
if (dlpi_kread(kd, nl[NL_IFNET].n_value,
@ -811,17 +974,16 @@ get_dlpi_ppa(register int fd, register const char *ifname, register int unit,
if (dlpi_kread(kd, (off_t)addr,
&ifnet, sizeof(ifnet), ebuf) < 0 ||
dlpi_kread(kd, (off_t)ifnet.if_name,
if_name, sizeof(if_name), ebuf) < 0) {
if_name, sizeof(ifnet.if_name), ebuf) < 0) {
(void)close(kd);
return (-1);
}
sprintf(tifname, "%.*s%d",
(int)sizeof(if_name), if_name, ifnet.if_unit);
if (strcmp(tifname, ifname) == 0)
if_name[sizeof(ifnet.if_name)] = '\0';
if (strcmp(if_name, ifname) == 0 && ifnet.if_unit == unit)
return (ifnet.if_index);
}
sprintf(ebuf, "Can't find %s", ifname);
snprintf(ebuf, PCAP_ERRBUF_SIZE, "Can't find %s", ifname);
return (-1);
}
@ -832,15 +994,18 @@ dlpi_kread(register int fd, register off_t addr,
register int cc;
if (lseek(fd, addr, SEEK_SET) < 0) {
sprintf(ebuf, "lseek: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "lseek: %s",
pcap_strerror(errno));
return (-1);
}
cc = read(fd, buf, len);
if (cc < 0) {
sprintf(ebuf, "read: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "read: %s",
pcap_strerror(errno));
return (-1);
} else if (cc != len) {
sprintf(ebuf, "short read (%d != %d)", cc, len);
snprintf(ebuf, PCAP_ERRBUF_SIZE, "short read (%d != %d)", cc,
len);
return (-1);
}
return (cc);

8
contrib/libpcap/pcap-enet.c
View File

@ -6,6 +6,14 @@
*
* Rayan Zachariassen, CA*Net
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.5 2000/10/12 03:53:59 guy Exp $";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
#include <sys/time.h>

86
contrib/libpcap/pcap-int.h
View File

@ -30,12 +30,16 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.20 1999/11/21 01:10:20 assar Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.32 2000/12/21 10:29:23 guy Exp $ (LBL)
*/
#ifndef pcap_int_h
#define pcap_int_h
#ifdef __cplusplus
extern "C" {
#endif
#include <pcap.h>
/*
@ -44,6 +48,7 @@
struct pcap_sf {
FILE *rfile;
int swapped;
int hdrsize;
int version_major;
int version_minor;
u_char *base;
@ -52,16 +57,21 @@ struct pcap_sf {
struct pcap_md {
struct pcap_stat stat;
/*XXX*/
int use_bpf;
int use_bpf; /* using kernel filter */
u_long TotPkts; /* can't oflow for 79 hrs on ether */
u_long TotAccepted; /* count accepted by filter */
u_long TotDrops; /* count of dropped packets */
long TotMissed; /* missed by i/f during this run */
long OrigMissed; /* missed by i/f before this run */
#ifdef linux
int pad;
int skip;
char *device;
int sock_packet; /* using Linux 2.0 compatible interface */
int readlen; /* byte count to hand to "recvmsg()" */
int timeout; /* timeout specified to pcap_open_live */
int clear_promisc; /* must clear promiscuous mode when we close */
int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */
int lo_ifindex; /* interface index of the loopback device */
char *device; /* device name */
struct pcap *next; /* list of open promiscuous sock_packet pcaps */
#endif
};
@ -110,6 +120,28 @@ struct pcap_timeval {
/*
* How a `pcap_pkthdr' is actually stored in the dumpfile.
*
* Do not change the format of this structure, in any way (this includes
* changes that only affect the length of fields in this structure),
* and do not make the time stamp anything other than seconds and
* microseconds (e.g., seconds and nanoseconds). Instead:
*
* introduce a new structure for the new format;
*
* send mail to "tcpdump-workers@tcpdump.org", requesting a new
* magic number for your new capture file format, and, when
* you get the new magic number, put it in "savefile.c";
*
* use that magic number for save files with the changed record
* header;
*
* make the code in "savefile.c" capable of reading files with
* the old record header as well as files with the new record header
* (using the magic number to determine the header format).
*
* Then supply the changes to "patches@tcpdump.org", so that future
* versions of libpcap and programs that use it (such as tcpdump) will
* be able to read your new capture file format.
*/
struct pcap_sf_pkthdr {
@ -118,6 +150,25 @@ struct pcap_sf_pkthdr {
bpf_u_int32 len; /* length this packet (off wire) */
};
/*
* How a `pcap_pkthdr' is actually stored in dumpfiles written
* by some patched versions of libpcap (e.g. the ones in Red
* Hat Linux 6.1 and 6.2).
*
* Do not change the format of this structure, in any way (this includes
* changes that only affect the length of fields in this structure).
* Instead, introduce a new structure, as per the above.
*/
struct pcap_sf_patched_pkthdr {
struct pcap_timeval ts; /* time stamp */
bpf_u_int32 caplen; /* length of portion present */
bpf_u_int32 len; /* length this packet (off wire) */
int index;
unsigned short protocol;
unsigned char pkt_type;
};
int yylex(void);
#ifndef min
@ -128,11 +179,32 @@ int yylex(void);
int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *);
int pcap_read(pcap_t *, int cnt, pcap_handler, u_char *);
/* Ultrix pads to make everything line up on a nice boundary */
#if defined(ultrix) || defined(__alpha) || defined(__NetBSD__)
/*
* Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
* Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
*/
#if defined(ultrix) || defined(__osf__) || defined(__NetBSD__)
#define PCAP_FDDIPAD 3
#endif
#ifndef HAVE_STRLCPY
#define strlcpy(x, y, z) \
(strncpy((x), (y), (z)), \
((z) <= 0 ? 0 : ((x)[(z) - 1] = '\0')), \
strlen((y)))
#endif
#ifdef linux
void pcap_close_linux(pcap_t *);
#endif
/* XXX */
extern int pcap_fddipad;
int install_bpf_program(pcap_t *, struct bpf_program *);
#ifdef __cplusplus
}
#endif
#endif

1577
contrib/libpcap/pcap-linux.c
View File

File diff suppressed because it is too large Load Diff

15
contrib/libpcap/pcap-namedb.h
View File

@ -30,12 +30,16 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.6 1999/10/19 15:18:31 itojun Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap-namedb.h,v 1.8 2000/07/29 07:36:43 guy Exp $ (LBL)
*/
#ifndef lib_pcap_ethers_h
#define lib_pcap_ethers_h
#ifdef __cplusplus
extern "C" {
#endif
/*
* As returned by the pcap_next_etherent()
* XXX this stuff doesn't belong in this interface, but this
@ -54,10 +58,9 @@ struct pcap_etherent *pcap_next_etherent(FILE *);
u_char *pcap_ether_hostton(const char*);
u_char *pcap_ether_aton(const char *);
#ifndef INET6
bpf_u_int32 **pcap_nametoaddr(const char *);
#else
struct addrinfo *pcap_nametoaddr(const char *);
#ifdef INET6
struct addrinfo *pcap_nametoaddrinfo(const char *);
#endif
bpf_u_int32 pcap_nametonetaddr(const char *);
@ -77,4 +80,8 @@ int __pcap_atodn(const char *, bpf_u_int32 *);
int __pcap_atoin(const char *, bpf_u_int32 *);
u_short __pcap_nametodnaddr(const char *);
#ifdef __cplusplus
}
#endif
#endif

33
contrib/libpcap/pcap-nit.c
View File

@ -20,7 +20,11 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.31.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.39 2000/10/28 00:01:29 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -49,7 +53,6 @@ static const char rcsid[] =
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -91,7 +94,7 @@ pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
if (cc < 0) {
if (errno == EWOULDBLOCK)
return (0);
sprintf(p->errbuf, "pcap_read: %s",
snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s",
pcap_strerror(errno));
return (-1);
}
@ -125,7 +128,8 @@ pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
continue;
default:
sprintf(p->errbuf, "bad nit state %d", nh->nh_state);
snprintf(p->errbuf, sizeof(p->errbuf),
"bad nit state %d", nh->nh_state);
return (-1);
}
++p->md.stat.ps_recv;
@ -157,7 +161,7 @@ nit_setflags(int fd, int promisc, int to_ms, char *ebuf)
{
struct nit_ioc nioc;
bzero((char *)&nioc, sizeof(nioc));
memset(&nioc, 0, sizeof(nioc));
nioc.nioc_bufspace = BUFSPACE;
nioc.nioc_chunksize = CHUNKSIZE;
nioc.nioc_typetomatch = NT_ALLTYPES;
@ -174,7 +178,8 @@ nit_setflags(int fd, int promisc, int to_ms, char *ebuf)
nioc.nioc_flags |= NF_PROMISC;
if (ioctl(fd, SIOCSNIT, &nioc) < 0) {
sprintf(ebuf, "SIOCSNIT: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCSNIT: %s",
pcap_strerror(errno));
return (-1);
}
return (0);
@ -189,7 +194,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
strcpy(ebuf, pcap_strerror(errno));
strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
return (NULL);
}
@ -199,18 +204,19 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
*/
snaplen = 96;
bzero(p, sizeof(*p));
memset(p, 0, sizeof(*p));
p->fd = fd = socket(AF_NIT, SOCK_RAW, NITPROTO_RAW);
if (fd < 0) {
sprintf(ebuf, "socket: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"socket: %s", pcap_strerror(errno));
goto bad;
}
snit.snit_family = AF_NIT;
(void)strncpy(snit.snit_ifname, device, NITIFSIZ);
if (bind(fd, (struct sockaddr *)&snit, sizeof(snit))) {
sprintf(ebuf, "bind: %s: %s", snit.snit_ifname,
pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"bind: %s: %s", snit.snit_ifname, pcap_strerror(errno));
goto bad;
}
p->snapshot = snaplen;
@ -224,7 +230,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p->bufsize = BUFSPACE;
p->buffer = (u_char *)malloc(p->bufsize);
if (p->buffer == NULL) {
strcpy(ebuf, pcap_strerror(errno));
strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
goto bad;
}
return (p);
@ -239,6 +245,7 @@ int
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
{
p->fcode = *fp;
if (install_bpf_program(p, fp) < 0)
return (-1);
return (0);
}

23
contrib/libpcap/pcap-null.c
View File

@ -20,14 +20,17 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-null.c,v 1.7.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-null.c,v 1.13 2000/10/28 00:01:29 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/param.h> /* optionally get BSD define */
#include <string.h>
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -39,35 +42,33 @@ static char nosup[] = "live packet capture not supported on this system";
int
pcap_stats(pcap_t *p, struct pcap_stat *ps)
{
(void)sprintf(p->errbuf, "pcap_stats: %s", nosup);
(void)snprintf(p->errbuf, sizeof(p->errbuf), "pcap_stats: %s", nosup);
return (-1);
}
int
pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
(void)sprintf(p->errbuf, "pcap_read: %s", nosup);
(void)snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s", nosup);
return (-1);
}
pcap_t *
pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
{
(void)strcpy(ebuf, nosup);
(void)strlcpy(ebuf, nosup, PCAP_ERRBUF_SIZE);
return (NULL);
}
int
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
{
if (p->sf.rfile == NULL) {
(void)sprintf(p->errbuf, "pcap_setfilter: %s", nosup);
(void)snprintf(p->errbuf, sizeof(p->errbuf),
"pcap_setfilter: %s", nosup);
return (-1);
}
p->fcode = *fp;
if (install_bpf_program(p, fp) < 0)
return (-1);
return (0);
}

54
contrib/libpcap/pcap-pf.c
View File

@ -24,7 +24,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.54.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.62 2000/10/28 00:01:30 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -35,11 +39,8 @@ static const char rcsid[] =
#include <sys/ioctl.h>
#include <net/pfilt.h>
#if __STDC__
struct mbuf;
struct rtentry;
#endif
#include <net/if.h>
#include <netinet/in.h>
@ -62,7 +63,6 @@ struct rtentry;
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -108,7 +108,7 @@ pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
(void)lseek(pc->fd, 0L, SEEK_SET);
goto again;
}
sprintf(pc->errbuf, "pf read: %s",
snprintf(pc->errbuf, sizeof(pc->errbuf), "pf read: %s",
pcap_strerror(errno));
return (-1);
}
@ -127,7 +127,8 @@ pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
#endif
while (cc > 0) {
if (cc < sizeof(*sp)) {
sprintf(pc->errbuf, "pf short read (%d)", cc);
snprintf(pc->errbuf, sizeof(pc->errbuf),
"pf short read (%d)", cc);
return (-1);
}
#ifdef LBL_ALIGN
@ -138,7 +139,8 @@ pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user)
#endif
sp = (struct enstamp *)bp;
if (sp->ens_stamplen != sizeof(*sp)) {
sprintf(pc->errbuf, "pf short stamplen (%d)",
snprintf(pc->errbuf, sizeof(pc->errbuf),
"pf short stamplen (%d)",
sp->ens_stamplen);
return (-1);
}
@ -210,13 +212,14 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
sprintf(ebuf, "pcap_open_live: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"pcap_open_live: %s", pcap_strerror(errno));
return (0);
}
bzero((char *)p, sizeof(*p));
memset(p, 0, sizeof(*p));
p->fd = pfopen(device, O_RDONLY);
if (p->fd < 0) {
sprintf(ebuf, "pf open: %s: %s\n\
snprintf(ebuf, PCAP_ERRBUF_SIZE, "pf open: %s: %s\n\
your system may not be properly configured; see \"man packetfilter(4)\"\n",
device, pcap_strerror(errno));
goto bad;
@ -226,7 +229,8 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
if (promisc)
enmode |= ENPROMISC;
if (ioctl(p->fd, EIOCMBIS, (caddr_t)&enmode) < 0) {
sprintf(ebuf, "EIOCMBIS: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCMBIS: %s",
pcap_strerror(errno));
goto bad;
}
#ifdef ENCOPYALL
@ -236,12 +240,14 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
#endif
/* set the backlog */
if (ioctl(p->fd, EIOCSETW, (caddr_t)&backlog) < 0) {
sprintf(ebuf, "EIOCSETW: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCSETW: %s",
pcap_strerror(errno));
goto bad;
}
/* discover interface type */
if (ioctl(p->fd, EIOCDEVP, (caddr_t)&devparams) < 0) {
sprintf(ebuf, "EIOCDEVP: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCDEVP: %s",
pcap_strerror(errno));
goto bad;
}
/* HACK: to compile prior to Ultrix 4.2 */
@ -282,16 +288,18 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
snaplen += pcap_fddipad;
#endif
if (ioctl(p->fd, EIOCTRUNCATE, (caddr_t)&snaplen) < 0) {
sprintf(ebuf, "EIOCTRUNCATE: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCTRUNCATE: %s",
pcap_strerror(errno));
goto bad;
}
p->snapshot = snaplen;
/* accept all packets */
bzero((char *)&Filter, sizeof(Filter));
memset(&Filter, 0, sizeof(Filter));
Filter.enf_Priority = 37; /* anything > 2 */
Filter.enf_FilterLen = 0; /* means "always true" */
if (ioctl(p->fd, EIOCSETF, (caddr_t)&Filter) < 0) {
sprintf(ebuf, "EIOCSETF: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCSETF: %s",
pcap_strerror(errno));
goto bad;
}
@ -300,7 +308,7 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n",
timeout.tv_sec = to_ms / 1000;
timeout.tv_usec = (to_ms * 1000) % 1000000;
if (ioctl(p->fd, EIOCSRTIMEOUT, (caddr_t)&timeout) < 0) {
sprintf(ebuf, "EIOCSRTIMEOUT: %s",
snprintf(ebuf, PCAP_ERRBUF_SIZE, "EIOCSRTIMEOUT: %s",
pcap_strerror(errno));
goto bad;
}
@ -326,8 +334,8 @@ pcap_setfilter(pcap_t *p, struct bpf_program *fp)
struct bpf_version bv;
if (ioctl(p->fd, BIOCVERSION, (caddr_t)&bv) < 0) {
sprintf(p->errbuf, "BIOCVERSION: %s",
pcap_strerror(errno));
snprintf(p->errbuf, sizeof(p->errbuf),
"BIOCVERSION: %s", pcap_strerror(errno));
return (-1);
}
else if (bv.bv_major != BPF_MAJOR_VERSION ||
@ -339,8 +347,10 @@ pcap_setfilter(pcap_t *p, struct bpf_program *fp)
/* don't give up, just be inefficient */
p->md.use_bpf = 0;
}
} else
p->fcode = *fp;
} else {
if (install_bpf_program(p, fp) < 0)
return (-1);
}
/*XXX this goes in tcpdump*/
if (p->md.use_bpf)

44
contrib/libpcap/pcap-snit.c
View File

@ -25,7 +25,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.45.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.54 2000/10/28 00:01:30 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -56,16 +60,12 @@ static const char rcsid[] =
#include <ctype.h>
#include <errno.h>
#ifdef HAVE_MALLOC_H
#include <malloc.h>
#endif
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -110,7 +110,7 @@ pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
if (cc < 0) {
if (errno == EWOULDBLOCK)
return (0);
sprintf(p->errbuf, "pcap_read: %s",
snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s",
pcap_strerror(errno));
return (-1);
}
@ -182,7 +182,8 @@ nit_setflags(int fd, int promisc, int to_ms, char *ebuf)
si.ic_len = sizeof(timeout);
si.ic_dp = (char *)&timeout;
if (ioctl(fd, I_STR, (char *)&si) < 0) {
sprintf(ebuf, "NIOCSTIME: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSTIME: %s",
pcap_strerror(errno));
return (-1);
}
}
@ -193,7 +194,8 @@ nit_setflags(int fd, int promisc, int to_ms, char *ebuf)
si.ic_len = sizeof(flags);
si.ic_dp = (char *)&flags;
if (ioctl(fd, I_STR, (char *)&si) < 0) {
sprintf(ebuf, "NIOCSFLAGS: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSFLAGS: %s",
pcap_strerror(errno));
return (-1);
}
return (0);
@ -211,7 +213,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
strcpy(ebuf, pcap_strerror(errno));
strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
return (NULL);
}
@ -221,20 +223,23 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
*/
snaplen = 96;
bzero(p, sizeof(*p));
memset(p, 0, sizeof(*p));
p->fd = fd = open(dev, O_RDONLY);
if (fd < 0) {
sprintf(ebuf, "%s: %s", dev, pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dev,
pcap_strerror(errno));
goto bad;
}
/* arrange to get discrete messages from the STREAM and use NIT_BUF */
if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) {
sprintf(ebuf, "I_SRDOPT: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s",
pcap_strerror(errno));
goto bad;
}
if (ioctl(fd, I_PUSH, "nbuf") < 0) {
sprintf(ebuf, "push nbuf: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "push nbuf: %s",
pcap_strerror(errno));
goto bad;
}
/* set the chunksize */
@ -243,7 +248,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
si.ic_len = sizeof(chunksize);
si.ic_dp = (char *)&chunksize;
if (ioctl(fd, I_STR, (char *)&si) < 0) {
sprintf(ebuf, "NIOCSCHUNK: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s",
pcap_strerror(errno));
goto bad;
}
@ -254,7 +260,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
si.ic_len = sizeof(ifr);
si.ic_dp = (char *)&ifr;
if (ioctl(fd, I_STR, (char *)&si) < 0) {
sprintf(ebuf, "NIOCBIND: %s: %s",
snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s",
ifr.ifr_name, pcap_strerror(errno));
goto bad;
}
@ -264,7 +270,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
si.ic_len = sizeof(snaplen);
si.ic_dp = (char *)&snaplen;
if (ioctl(fd, I_STR, (char *)&si) < 0) {
sprintf(ebuf, "NIOCSSNAP: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s",
pcap_strerror(errno));
goto bad;
}
p->snapshot = snaplen;
@ -280,7 +287,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
p->bufsize = BUFSPACE;
p->buffer = (u_char *)malloc(p->bufsize);
if (p->buffer == NULL) {
strcpy(ebuf, pcap_strerror(errno));
strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
goto bad;
}
return (p);
@ -295,6 +302,7 @@ int
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
{
p->fcode = *fp;
if (install_bpf_program(p, fp) < 0)
return (-1);
return (0);
}

116
contrib/libpcap/pcap-snoop.c
View File

@ -20,7 +20,11 @@
*/
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.20.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.30 2000/10/28 00:01:30 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/param.h>
@ -50,7 +54,6 @@ static const char rcsid[] =
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -76,7 +79,8 @@ again:
case EWOULDBLOCK:
return (0); /* XXX */
}
sprintf(p->errbuf, "read: %s", pcap_strerror(errno));
snprintf(p->errbuf, sizeof(p->errbuf),
"read: %s", pcap_strerror(errno));
return (-1);
}
sh = (struct snoopheader *)p->buffer;
@ -104,9 +108,10 @@ pcap_stats(pcap_t *p, struct pcap_stat *ps)
struct rawstats rawstats;
rs = &rawstats;
bzero((char *)rs, sizeof(*rs));
memset(rs, 0, sizeof(*rs));
if (ioctl(p->fd, SIOCRAWSTATS, (char *)rs) < 0) {
sprintf(p->errbuf, "SIOCRAWSTATS: %s", pcap_strerror(errno));
snprintf(p->errbuf, sizeof(p->errbuf),
"SIOCRAWSTATS: %s", pcap_strerror(errno));
return (-1);
}
@ -126,44 +131,41 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
struct sockaddr_raw sr;
struct snoopfilter sf;
u_int v;
int ll_hdrlen;
int snooplen;
pcap_t *p;
struct ifreq ifr;
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
sprintf(ebuf, "malloc: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
pcap_strerror(errno));
return (NULL);
}
bzero((char *)p, sizeof(*p));
memset(p, 0, sizeof(*p));
fd = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP);
if (fd < 0) {
sprintf(ebuf, "snoop socket: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "snoop socket: %s",
pcap_strerror(errno));
goto bad;
}
p->fd = fd;
bzero((char *)&sr, sizeof(sr));
memset(&sr, 0, sizeof(sr));
sr.sr_family = AF_RAW;
(void)strncpy(sr.sr_ifname, device, sizeof(sr.sr_ifname));
if (bind(fd, (struct sockaddr *)&sr, sizeof(sr))) {
sprintf(ebuf, "snoop bind: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "snoop bind: %s",
pcap_strerror(errno));
goto bad;
}
bzero((char *)&sf, sizeof(sf));
memset(&sf, 0, sizeof(sf));
if (ioctl(fd, SIOCADDSNOOP, &sf) < 0) {
sprintf(ebuf, "SIOCADDSNOOP: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCADDSNOOP: %s",
pcap_strerror(errno));
goto bad;
}
v = 64 * 1024;
(void)setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char *)&v, sizeof(v));
if (ioctl(fd, SIOCSNOOPLEN, &snaplen) < 0) {
sprintf(ebuf, "SIOCSNOOPLEN: %s", pcap_strerror(errno));
goto bad;
}
p->snapshot = snaplen;
v = 1;
if (ioctl(fd, SIOCSNOOPING, &v) < 0) {
sprintf(ebuf, "SIOCSNOOPING: %s", pcap_strerror(errno));
goto bad;
}
/*
* XXX hack - map device name to link layer type
*/
@ -176,27 +178,88 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
strncmp("ep", device, 2) == 0 || /* Challenge 8x10 Mbit EPLEX */
strncmp("vfe", device, 3) == 0 || /* Challenge VME 100Mbit */
strncmp("fa", device, 2) == 0 ||
strncmp("qaa", device, 3) == 0) {
strncmp("qaa", device, 3) == 0 ||
strncmp("el", device, 2) == 0) {
p->linktype = DLT_EN10MB;
p->offset = RAW_HDRPAD(sizeof(struct ether_header));
ll_hdrlen = sizeof(struct ether_header);
} else if (strncmp("ipg", device, 3) == 0 ||
strncmp("rns", device, 3) == 0 || /* O2/200/2000 FDDI */
strncmp("xpi", device, 3) == 0) {
p->linktype = DLT_FDDI;
p->offset = 3; /* XXX yeah? */
ll_hdrlen = 13;
} else if (strncmp("ppp", device, 3) == 0) {
p->linktype = DLT_RAW;
ll_hdrlen = 0; /* DLT_RAW meaning "no PPP header, just the IP packet"? */
} else if (strncmp("lo", device, 2) == 0) {
p->linktype = DLT_NULL;
ll_hdrlen = 4; /* is this just like BSD's loopback device? */
} else {
sprintf(ebuf, "snoop: unknown physical layer type");
snprintf(ebuf, PCAP_ERRBUF_SIZE,
"snoop: unknown physical layer type");
goto bad;
}
#ifdef SIOCGIFMTU
/*
* XXX - IRIX appears to give you an error if you try to set the
* capture length to be greater than the MTU, so let's try to get
* the MTU first and, if that succeeds, trim the snap length
* to be no greater than the MTU.
*/
(void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFMTU, (char *)&ifr) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCGIFMTU: %s",
pcap_strerror(errno));
goto bad;
}
/*
* OK, we got it.
*
* XXX - some versions of IRIX 6.5 define "ifr_mtu" and have an
* "ifru_metric" member of the "ifr_ifru" union in an "ifreq"
* structure, others don't.
*
* I've no idea what's going on, so, if "ifr_mtu" isn't defined,
* we define it as "ifr_metric", as using that field appears to
* work on the versions that lack "ifr_mtu" (and, on those that
* don't lack it, "ifru_metric" and "ifru_mtu" are both "int"
* members of the "ifr_ifru" union, which suggests that they
* may be interchangeable in this case).
*/
#ifndef ifr_mtu
#define ifr_mtu ifr_metric
#endif
if (snaplen > ifr.ifr_mtu)
snaplen = ifr.ifr_mtu;
#endif
/*
* The argument to SIOCSNOOPLEN is the number of link-layer
* payload bytes to capture - it doesn't count link-layer
* header bytes.
*/
snooplen = snaplen - ll_hdrlen;
if (snooplen < 0)
snooplen = 0;
if (ioctl(fd, SIOCSNOOPLEN, &snooplen) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCSNOOPLEN: %s",
pcap_strerror(errno));
goto bad;
}
p->snapshot = snaplen;
v = 1;
if (ioctl(fd, SIOCSNOOPING, &v) < 0) {
snprintf(ebuf, PCAP_ERRBUF_SIZE, "SIOCSNOOPING: %s",
pcap_strerror(errno));
goto bad;
}
p->bufsize = 4096; /* XXX */
p->buffer = (u_char *)malloc(p->bufsize);
if (p->buffer == NULL) {
sprintf(ebuf, "malloc: %s", pcap_strerror(errno));
snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
pcap_strerror(errno));
goto bad;
}
@ -211,6 +274,7 @@ int
pcap_setfilter(pcap_t *p, struct bpf_program *fp)
{
p->fcode = *fp;
if (install_bpf_program(p, fp) < 0)
return (-1);
return (0);
}

226
contrib/libpcap/pcap.3
View File

@ -1,3 +1,5 @@
.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.17.2.1 2001/01/18 04:42:11 guy Exp $
.\"
.\" Copyright (c) 1994, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
.\"
@ -17,7 +19,7 @@
.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
.TH PCAP 3 "24 June 1998"
.TH PCAP 3 "3 January 2001"
.SH NAME
pcap \- Packet Capture library
.SH SYNOPSIS
@ -30,6 +32,7 @@ pcap \- Packet Capture library
pcap_t *pcap_open_live(char *device, int snaplen,
.ti +8
int promisc, int to_ms, char *ebuf)
pcap_t *pcap_open_dead(int linktype, int snaplen)
pcap_t *pcap_open_offline(char *fname, char *ebuf)
pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname)
.ft
@ -59,6 +62,7 @@ int pcap_compile(pcap_t *p, struct bpf_program *fp,
.ti +8
char *str, int optimize, bpf_u_int32 netmask)
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
void pcap_freecode(struct bpf_program *);
.ft
.LP
.ft B
@ -91,25 +95,57 @@ on the network, even those destined for other hosts, are accessible
through this mechanism.
.PP
.SH ROUTINES
NOTE:
.I errbuf
in
.B pcap_open_live(),
.B pcap_open_offline(),
.B pcap_lookupdev(),
and
.B pcap_lookupnet()
is assumed to be able to hold at least
.B PCAP_ERRBUF_SIZE
chars.
.PP
.B pcap_open_live()
is used to obtain a packet capture descriptor to look
at packets on the network.
.I device
is a string that specifies the network device to open.
is a string that specifies the network device to open; on Linux systems
with 2.2 or later kernels, a
.I device
argument of "any" or
.B NULL
can be used to capture packets from all interfaces.
.I snaplen
specifies the maximum number of bytes to capture.
.I promisc
specifies if the interface is to be put into promiscuous mode.
(Note that even if this parameter is false, the interface
could well be in promiscuous mode for some other reason.)
could well be in promiscuous mode for some other reason.) For now, this
doesn't work on the "any" device; if an argument of "any" or NULL is
supplied, the
.I promisc
flag is ignored.
.I to_ms
specifies the read timeout in milliseconds.
specifies the read timeout in milliseconds. The read timeout is used to
arrange that the read not necessarily return immediately when a packet
is seen, but that it wait for some amount of time to allow more packets
to arrive and to read multiple packets from the OS kernel in one
operation. Not all platforms support a read timeout; on platforms that
don't, the read timeout is ignored.
.I ebuf
is used to return error text and is only set when
.B pcap_open_live()
fails and returns
.BR NULL .
.PP
.B pcap_open_dead()
is used for creating a
.B pcap_t
structure to use when calling the other functions in libpcap. It is
typically used when just using libpcap for compiling BPF code.
.PP
.B pcap_open_offline()
is called to open a ``savefile'' for reading.
.I fname
@ -156,7 +192,7 @@ If there is an error,
.B NULL
is returned and
.I errbuf
is filled in with with an appropriate error message.
is filled in with an appropriate error message.
.PP
.B pcap_lookupnet()
is used to determine the network number and mask
@ -169,21 +205,22 @@ and
are
.I bpf_u_int32
pointers.
A return of -1 indicates an error in which case
A return of \-1 indicates an error in which case
.I errbuf
is filled in with with an appropriate error message.
is filled in with an appropriate error message.
.PP
.B pcap_dispatch()
is used to collect and process packets.
.I cnt
specifies the maximum number of packets to process before returning. A
specifies the maximum number of packets to process before returning.
This is not a minimum number; when reading a live capture, only one
bufferful of packets is read at a time, so fewer than
.I cnt
of -1 processes all the packets received in one buffer. A
packets may be processed. A
.I cnt
of 0 processes all packets until an error occurs,
.B EOF
is reached, or the read times out (when doing live reads and a non-zero
read timeout is specified).
of \-1 processes all the packets received in one buffer when reading a
live capture, or all the packets in the file when reading a
``savefile''.
.I callback
specifies a routine to be called with three arguments:
a
@ -195,56 +232,35 @@ a pointer to the
struct (which precede the actual network headers and data),
and a
.I u_char
pointer to the packet data. The number of packets read is returned.
Zero is returned when
.B EOF
is reached in a ``savefile.'' A return of -1 indicates
pointer to the packet data.
.PP
The number of packets read is returned.
0 is returned if no packets were read from a live capture (if, for
example, they were discarded because they didn't pass the packet filter,
or if, on platforms that support a read timeout that starts before any
packets arrive, the timeout expires before any packets arrive, or if the
file descriptor for the capture device is in non-blocking mode and no
packets were available to be read) or if no more packets are available
in a ``savefile.'' A return of \-1 indicates
an error in which case
.B pcap_perror()
or
.BR pcap_geterr()
.B pcap_geterr()
may be used to display the error text.
.PP
.B pcap_dump()
outputs a packet to the ``savefile'' opened with
.BR pcap_dump_open() .
Note that its calling arguments are suitable for use with
.BR pcap_dispatch() .
.PP
.B pcap_compile()
is used to compile the string
.I str
into a filter program.
.I program
is a pointer to a
.I bpf_program
struct and is filled in by
.BR pcap_compile() .
.I optimize
controls whether optimization on the resulting code is performed.
.I netmask
specifies the netmask of the local net.
.PP
.B pcap_compile_nopcap()
is similar to
.B pcap_compile()
except that instead of passing a pcap structure, one passes the
snaplen and linktype explicitly. It is intended to be used for
compiling filters for direct bpf usage, without necessarily having
called
.BR pcap_open() .
.PP
.B pcap_setfilter()
is used to specify a filter program.
.I fp
is a pointer to an array of
.I bpf_program
struct, usually the result of a call to
.BR pcap_compile() .
.B \-1
is returned on failure;
.B 0
is returned on success.
.BR NOTE :
when reading a live capture,
.B pcap_dispatch()
will not necessarily return when the read times out; on some platforms,
the read timeout isn't supported, and, on other platforms, the timer
doesn't start until at least one packet arrives. This means that the
read timeout should
.B NOT
be used in, for example, an interactive application, to allow the packet
capture loop to ``poll'' for user input periodically, as there's no
guarantee that
.B pcap_dispatch()
will return after the timeout expires.
.PP
.B pcap_loop()
is similar to
@ -272,6 +288,73 @@ returns a
.I u_char
pointer to the next packet.
.PP
.B pcap_dump()
outputs a packet to the ``savefile'' opened with
.BR pcap_dump_open() .
Note that its calling arguments are suitable for use with
.B pcap_dispatch()
or
.BR pcap_loop() .
.PP
.B pcap_compile()
is used to compile the string
.I str
into a filter program.
.I program
is a pointer to a
.I bpf_program
struct and is filled in by
.BR pcap_compile() .
.I optimize
controls whether optimization on the resulting code is performed.
.I netmask
specifies the netmask of the local net.
A return of \-1 indicates an error in which case
.BR pcap_geterr()
may be used to display the error text.
.PP
.B pcap_compile_nopcap()
is similar to
.B pcap_compile()
except that instead of passing a pcap structure, one passes the
snaplen and linktype explicitly. It is intended to be used for
compiling filters for direct BPF usage, without necessarily having
called
.BR pcap_open() .
A return of \-1 indicates an error; the error text is unavailable.
.RB ( pcap_compile_nopcap()
is a wrapper around
.BR pcap_open_dead() ,
.BR pcap_compile() ,
and
.BR pcap_close() ;
the latter three routines can be used directly in order to get the error
text for a compilation error.)
.B
.PP
.B pcap_setfilter()
is used to specify a filter program.
.I fp
is a pointer to a
.I bpf_program
struct, usually the result of a call to
.BR pcap_compile() .
.B \-1
is returned on failure, in which case
.BR pcap_geterr()
may be used to display the error text;
.B 0
is returned on success.
.PP
.B pcap_freecode()
is used to free up allocated memory pointed to by a
.I bpf_program
struct generated by
.B pcap_compile()
when that BPF program is no longer needed, for example after it
has been made the filter program for a pcap structure by a call to
.BR pcap_setfilter() .
.PP
.B pcap_datalink()
returns the link layer type, e.g.
.BR DLT_EN10MB .
@ -301,7 +384,7 @@ returns 0 and fills in a
.B pcap_stat
struct. The values represent packet statistics from the start of the
run to the time of the call. If there is an error or the under lying
packet capture doesn't support packet statistics, -1 is returned and
packet capture doesn't support packet statistics, \-1 is returned and
the error text can be obtained with
.B pcap_perror()
or
@ -318,6 +401,13 @@ prefixed by
.PP
.B pcap_geterr()
returns the error text pertaining to the last pcap library error.
.BR NOTE :
the pointer it returns will no longer point to a valid error message
string after the
.B pcap_t
passed to it is closed; you must use or copy the string before closing
the
.BR pcap_t .
.PP
.B pcap_strerror()
is provided in case
@ -335,15 +425,27 @@ closes the ``savefile.''
.SH SEE ALSO
tcpdump(1), tcpslice(1)
.SH AUTHORS
The original authors are:
.LP
Van Jacobson,
Craig Leres and
Steven McCanne, all of the
Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.
.LP
The current version is available via anonymous ftp:
The current version is available from "The Tcpdump Group"'s Web site at
.LP
.RS
.I ftp://ftp.ee.lbl.gov/libpcap.tar.Z
.I http://www.tcpdump.org/
.RE
.SH BUGS
Please send bug reports to libpcap@ee.lbl.gov.
Please send problems, bugs, questions, desirable enhancements, etc. to:
.LP
.RS
tcpdump-workers@tcpdump.org
.RE
.LP
Please send source code contributions, etc. to:
.LP
.RS
patches@tcpdump.org
.RE

38
contrib/libpcap/pcap.c
View File

@ -33,7 +33,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.29.1.1 1999/10/07 23:46:40 mcr Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.36 2000/12/16 10:43:31 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -43,7 +47,6 @@ static const char rcsid[] =
#include <string.h>
#include <unistd.h>
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -180,27 +183,44 @@ pcap_strerror(int errnum)
if ((unsigned int)errnum < sys_nerr)
return ((char *)sys_errlist[errnum]);
(void)sprintf(ebuf, "Unknown error: %d", errnum);
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
return(ebuf);
#endif
}
pcap_t *
pcap_open_dead(int linktype, int snaplen)
{
pcap_t *p;
p = malloc(sizeof(*p));
if (p == NULL)
return NULL;
memset (p, 0, sizeof(*p));
p->fd = -1;
p->snapshot = snaplen;
p->linktype = linktype;
return p;
}
void
pcap_close(pcap_t *p)
{
/*XXX*/
if (p->fd >= 0)
if (p->fd >= 0) {
#ifdef linux
pcap_close_linux(p);
#endif
close(p->fd);
}
if (p->sf.rfile != NULL) {
(void)fclose(p->sf.rfile);
if (p->sf.rfile != stdin)
(void)fclose(p->sf.rfile);
if (p->sf.base != NULL)
free(p->sf.base);
} else if (p->buffer != NULL)
free(p->buffer);
#ifdef linux
if (p->md.device != NULL)
free(p->md.device);
#endif
pcap_freecode(&p->fcode);
free(p);
}

47
contrib/libpcap/pcap.h
View File

@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.22 1999/12/08 19:54:03 mcr Exp $ (LBL)
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.31 2000/10/28 00:01:31 guy Exp $ (LBL)
*/
#ifndef lib_pcap_h
@ -43,6 +43,10 @@
#include <stdio.h>
#ifdef __cplusplus
extern "C" {
#endif
#define PCAP_VERSION_MAJOR 2
#define PCAP_VERSION_MINOR 4
@ -65,6 +69,34 @@ typedef struct pcap_dumper pcap_dumper_t;
* of the flags used in the printout phases of tcpdump.
* Many fields here are 32 bit ints so compilers won't insert unwanted
* padding; these files need to be interchangeable across architectures.
*
* Do not change the layout of this structure, in any way (this includes
* changes that only affect the length of fields in this structure).
*
* Also, do not change the interpretation of any of the members of this
* structure, in any way (this includes using values other than
* LINKTYPE_ values, as defined in "savefile.c", in the "linktype"
* field).
*
* Instead:
*
* introduce a new structure for the new format, if the layout
* of the structure changed;
*
* send mail to "tcpdump-workers@tcpdump.org", requesting a new
* magic number for your new capture file format, and, when
* you get the new magic number, put it in "savefile.c";
*
* use that magic number for save files with the changed file
* header;
*
* make the code in "savefile.c" capable of reading files with
* the old file header as well as files with the new file header
* (using the magic number to determine the header format).
*
* Then supply the changes to "patches@tcpdump.org", so that future
* versions of libpcap and programs that use it (such as tcpdump) will
* be able to read your new capture file format.
*/
struct pcap_file_header {
bpf_u_int32 magic;
@ -73,7 +105,7 @@ struct pcap_file_header {
bpf_int32 thiszone; /* gmt to local correction */
bpf_u_int32 sigfigs; /* accuracy of timestamps */
bpf_u_int32 snaplen; /* max length saved portion of each pkt */
bpf_u_int32 linktype; /* data link type (DLT_*) */
bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */
};
/*
@ -102,6 +134,7 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
char *pcap_lookupdev(char *);
int pcap_lookupnet(char *, bpf_u_int32 *, bpf_u_int32 *, char *);
pcap_t *pcap_open_live(char *, int, int, int, char *);
pcap_t *pcap_open_dead(int, int);
pcap_t *pcap_open_offline(const char *, char *);
void pcap_close(pcap_t *);
int pcap_loop(pcap_t *, int, pcap_handler, u_char *);
@ -117,8 +150,7 @@ int pcap_compile(pcap_t *, struct bpf_program *, char *, int,
bpf_u_int32);
int pcap_compile_nopcap(int, int, struct bpf_program *,
char *, int, bpf_u_int32);
/* XXX */
int pcap_freecode(pcap_t *, struct bpf_program *);
void pcap_freecode(struct bpf_program *);
int pcap_datalink(pcap_t *);
int pcap_snapshot(pcap_t *);
int pcap_is_swapped(pcap_t *);
@ -135,5 +167,12 @@ void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
/* XXX this guy lives in the bpf tree */
u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
int bpf_validate(struct bpf_insn *f, int len);
char *bpf_image(struct bpf_insn *, int);
void bpf_dump(struct bpf_program *, int);
#ifdef __cplusplus
}
#endif
#endif

292
contrib/libpcap/savefile.c
View File

@ -30,7 +30,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.38 1999/11/21 01:11:58 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.49 2000/12/21 10:29:23 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -40,16 +44,17 @@ static const char rcsid[] =
#include <memory.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "pcap-int.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
#define TCPDUMP_MAGIC 0xa1b2c3d4
#define PATCHED_TCPDUMP_MAGIC 0xa1b2cd34
/*
* We use the "receiver-makes-right" approach to byte order,
@ -71,6 +76,212 @@ static const char rcsid[] =
#define SFERR_BADF 3
#define SFERR_EOF 4 /* not really an error, just a status */
/*
* We don't write DLT_* values to the capture file header, because
* they're not the same on all platforms.
*
* Unfortunately, the various flavors of BSD have not always used the same
* numerical values for the same data types, and various patches to
* libpcap for non-BSD OSes have added their own DLT_* codes for link
* layer encapsulation types seen on those OSes, and those codes have had,
* in some cases, values that were also used, on other platforms, for other
* link layer encapsulation types.
*
* This means that capture files of a type whose numerical DLT_* code
* means different things on different BSDs, or with different versions
* of libpcap, can't always be read on systems other than those like
* the one running on the machine on which the capture was made.
*
* Instead, we define here a set of LINKTYPE_* codes, and map DLT_* codes
* to LINKTYPE_* codes when writing a savefile header, and map LINKTYPE_*
* codes to DLT_* codes when reading a savefile header.
*
* For those DLT_* codes that have, as far as we know, the same values on
* all platforms (DLT_NULL through DLT_FDDI), we define LINKTYPE_xxx as
* DLT_xxx; that way, captures of those types can still be read by
* versions of libpcap that map LINKTYPE_* values to DLT_* values, and
* captures of those types written by versions of libpcap that map DLT_
* values to LINKTYPE_ values can still be read by older versions
* of libpcap.
*
* The other LINKTYPE_* codes are given values starting at 100, in the
* hopes that no DLT_* code will be given one of those values.
*
* In order to ensure that a given LINKTYPE_* code's value will refer to
* the same encapsulation type on all platforms, you should not allocate
* a new LINKTYPE_* value without consulting "tcpdump-workers@tcpdump.org".
* The tcpdump developers will allocate a value for you, and will not
* subsequently allocate it to anybody else; that value will be added to
* the "pcap.h" in the tcpdump.org CVS repository, so that a future
* libpcap release will include it.
*
* You should, if possible, also contribute patches to libpcap and tcpdump
* to handle the new encapsulation type, so that they can also be checked
* into the tcpdump.org CVS repository and so that they will appear in
* future libpcap and tcpdump releases.
*/
#define LINKTYPE_NULL DLT_NULL
#define LINKTYPE_ETHERNET DLT_EN10MB /* also for 100Mb and up */
#define LINKTYPE_EXP_ETHERNET DLT_EN3MB /* 3Mb experimental Ethernet */
#define LINKTYPE_AX25 DLT_AX25
#define LINKTYPE_PRONET DLT_PRONET
#define LINKTYPE_CHAOS DLT_CHAOS
#define LINKTYPE_TOKEN_RING DLT_IEEE802 /* DLT_IEEE802 is used for Token Ring */
#define LINKTYPE_ARCNET DLT_ARCNET
#define LINKTYPE_SLIP DLT_SLIP
#define LINKTYPE_PPP DLT_PPP
#define LINKTYPE_FDDI DLT_FDDI
/*
* LINKTYPE_PPP is for use when there might, or might not, be an RFC 1662
* PPP in HDLC-like framing header (with 0xff 0x03 before the PPP protocol
* field) at the beginning of the packet.
*
* This is for use when there is always such a header; the address field
* might be 0xff, for regular PPP, or it might be an address field for Cisco
* point-to-point with HDLC framing as per section 4.3.1 of RFC 1547 ("Cisco
* HDLC"). This is, for example, what you get with NetBSD's DLT_PPP_SERIAL.
*
* We give it the same value as NetBSD's DLT_PPP_SERIAL, in the hopes that
* nobody else will choose a DLT_ value of 50, and so that DLT_PPP_SERIAL
* captures will be written out with a link type that NetBSD's tcpdump
* can read.
*/
#define LINKTYPE_PPP_HDLC 50 /* PPP in HDLC-like framing */
#define LINKTYPE_ATM_RFC1483 100 /* LLC/SNAP-encapsulated ATM */
#define LINKTYPE_RAW 101 /* raw IP */
#define LINKTYPE_SLIP_BSDOS 102 /* BSD/OS SLIP BPF header */
#define LINKTYPE_PPP_BSDOS 103 /* BSD/OS PPP BPF header */
#define LINKTYPE_C_HDLC 104 /* Cisco HDLC */
#define LINKTYPE_ATM_CLIP 106 /* Linux Classical IP over ATM */
/*
* Reserved for future use.
*/
#define LINKTYPE_IEEE802_11 105 /* IEEE 802.11 (wireless) */
#define LINKTYPE_FR 107 /* BSD/OS Frame Relay */
#define LINKTYPE_LOOP 108 /* OpenBSD loopback */
#define LINKTYPE_ENC 109 /* OpenBSD IPSEC enc */
#define LINKTYPE_LANE8023 110 /* ATM LANE + 802.3 */
#define LINKTYPE_HIPPI 111 /* NetBSD HIPPI */
#define LINKTYPE_HDLC 112 /* NetBSD HDLC framing */
#define LINKTYPE_LINUX_SLL 113 /* Linux cooked socket capture */
static struct linktype_map {
int dlt;
int linktype;
} map[] = {
/*
* These DLT_* codes have LINKTYPE_* codes with values identical
* to the values of the corresponding DLT_* code.
*/
{ DLT_NULL, LINKTYPE_NULL },
{ DLT_EN10MB, LINKTYPE_ETHERNET },
{ DLT_EN3MB, LINKTYPE_EXP_ETHERNET },
{ DLT_AX25, LINKTYPE_AX25 },
{ DLT_PRONET, LINKTYPE_PRONET },
{ DLT_CHAOS, LINKTYPE_CHAOS },
{ DLT_IEEE802, LINKTYPE_TOKEN_RING },
{ DLT_ARCNET, LINKTYPE_ARCNET },
{ DLT_SLIP, LINKTYPE_SLIP },
{ DLT_PPP, LINKTYPE_PPP },
{ DLT_FDDI, LINKTYPE_FDDI },
/*
* These DLT_* codes have different values on different
* platforms; we map them to LINKTYPE_* codes that
* have values that should never be equal to any DLT_*
* code.
*/
{ DLT_ATM_RFC1483, LINKTYPE_ATM_RFC1483 },
{ DLT_RAW, LINKTYPE_RAW },
{ DLT_SLIP_BSDOS, LINKTYPE_SLIP_BSDOS },
{ DLT_PPP_BSDOS, LINKTYPE_PPP_BSDOS },
/* BSD/OS Cisco HDLC */
{ DLT_C_HDLC, LINKTYPE_C_HDLC },
/*
* These DLT_* codes are not on all platforms, but, so far,
* there don't appear to be any platforms that define
* other codes with those values; we map them to
* different LINKTYPE_* values anyway, just in case.
*/
/* Linux ATM Classical IP */
{ DLT_ATM_CLIP, LINKTYPE_ATM_CLIP },
/* NetBSD sync/async serial PPP (or Cisco HDLC) */
{ DLT_PPP_SERIAL, LINKTYPE_PPP_HDLC },
/* IEEE 802.11 wireless */
{ DLT_IEEE802_11, LINKTYPE_IEEE802_11 },
/* OpenBSD loopback */
{ DLT_LOOP, LINKTYPE_LOOP },
/* Linux cooked socket capture */
{ DLT_LINUX_SLL, LINKTYPE_LINUX_SLL },
/*
* Any platform that defines additional DLT_* codes should:
*
* request a LINKTYPE_* code and value from tcpdump.org,
* as per the above;
*
* add, in their version of libpcap, an entry to map
* those DLT_* codes to the corresponding LINKTYPE_*
* code;
*
* redefine, in their "net/bpf.h", any DLT_* values
* that collide with the values used by their additional
* DLT_* codes, to remove those collisions (but without
* making them collide with any of the LINKTYPE_*
* values equal to 50 or above; they should also avoid
* defining DLT_* values that collide with those
* LINKTYPE_* values, either).
*/
{ -1, -1 }
};
static int
dlt_to_linktype(int dlt)
{
int i;
for (i = 0; map[i].dlt != -1; i++) {
if (map[i].dlt == dlt)
return (map[i].linktype);
}
/*
* If we don't have a mapping for this DLT_ code, return an
* error; that means that the table above needs to have an
* entry added.
*/
return (-1);
}
static int
linktype_to_dlt(int linktype)
{
int i;
for (i = 0; map[i].linktype != -1; i++) {
if (map[i].linktype == linktype)
return (map[i].dlt);
}
/*
* If we don't have an entry for this link type, return
* the link type value; it may be a DLT_ value from an
* older version of libpcap.
*/
return linktype;
}
static int
sf_write_header(FILE *fp, int linktype, int thiszone, int snaplen)
{
@ -108,11 +319,12 @@ pcap_open_offline(const char *fname, char *errbuf)
register pcap_t *p;
register FILE *fp;
struct pcap_file_header hdr;
bpf_u_int32 magic;
int linklen;
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
strcpy(errbuf, "out of swap");
strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE);
return (NULL);
}
@ -127,29 +339,44 @@ pcap_open_offline(const char *fname, char *errbuf)
else {
fp = fopen(fname, "r");
if (fp == NULL) {
sprintf(errbuf, "%s: %s", fname, pcap_strerror(errno));
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname,
pcap_strerror(errno));
goto bad;
}
}
if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) {
sprintf(errbuf, "fread: %s", pcap_strerror(errno));
snprintf(errbuf, PCAP_ERRBUF_SIZE, "fread: %s",
pcap_strerror(errno));
goto bad;
}
if (hdr.magic != TCPDUMP_MAGIC) {
if (SWAPLONG(hdr.magic) != TCPDUMP_MAGIC) {
sprintf(errbuf, "bad dump file format");
magic = hdr.magic;
if (magic != TCPDUMP_MAGIC && magic != PATCHED_TCPDUMP_MAGIC) {
magic = SWAPLONG(magic);
if (magic != TCPDUMP_MAGIC && magic != PATCHED_TCPDUMP_MAGIC) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"bad dump file format");
goto bad;
}
p->sf.swapped = 1;
swap_hdr(&hdr);
}
if (magic == PATCHED_TCPDUMP_MAGIC) {
/*
* XXX - the patch that's in some versions of libpcap
* changes the packet header but not the magic number;
* we'd have to use some hacks^H^H^H^H^Hheuristics to
* detect that.
*/
p->sf.hdrsize = sizeof(struct pcap_sf_patched_pkthdr);
} else
p->sf.hdrsize = sizeof(struct pcap_sf_pkthdr);
if (hdr.version_major < PCAP_VERSION_MAJOR) {
sprintf(errbuf, "archaic file format");
snprintf(errbuf, PCAP_ERRBUF_SIZE, "archaic file format");
goto bad;
}
p->tzoff = hdr.thiszone;
p->snapshot = hdr.snaplen;
p->linktype = hdr.linktype;
p->linktype = linktype_to_dlt(hdr.linktype);
p->sf.rfile = fp;
p->bufsize = hdr.snaplen;
@ -171,7 +398,13 @@ pcap_open_offline(const char *fname, char *errbuf)
break;
}
if (p->bufsize < 0)
p->bufsize = BPF_MAXBUFSIZE;
p->sf.base = (u_char *)malloc(p->bufsize + BPF_ALIGNMENT);
if (p->sf.base == NULL) {
strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE);
goto bad;
}
p->buffer = p->sf.base + BPF_ALIGNMENT - (linklen % BPF_ALIGNMENT);
p->sf.version_major = hdr.version_major;
p->sf.version_minor = hdr.version_minor;
@ -194,11 +427,17 @@ pcap_open_offline(const char *fname, char *errbuf)
static int
sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen)
{
struct pcap_sf_pkthdr sf_hdr;
struct pcap_sf_patched_pkthdr sf_hdr;
FILE *fp = p->sf.rfile;
/* read the stamp */
if (fread(&sf_hdr, sizeof(struct pcap_sf_pkthdr), 1, fp) != 1) {
/*
* Read the packet header; the structure we use as a buffer
* is the longer structure for files generated by the patched
* libpcap, but if the file has the magic number for an
* unpatched libpcap we only read as many bytes as the regular
* header has.
*/
if (fread(&sf_hdr, p->sf.hdrsize, 1, fp) != 1) {
/* probably an EOF, though could be a truncated packet */
return (1);
}
@ -239,9 +478,11 @@ sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen)
static int tsize = 0;
if (hdr->caplen > 65535) {
sprintf(p->errbuf, "bogus savefile header");
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"bogus savefile header");
return (-1);
}
if (tsize < hdr->caplen) {
tsize = ((hdr->caplen + 1023) / 1024) * 1024;
if (tp != NULL)
@ -249,12 +490,14 @@ sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen)
tp = (u_char *)malloc(tsize);
if (tp == NULL) {
tsize = 0;
sprintf(p->errbuf, "BUFMOD hack malloc");
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"BUFMOD hack malloc");
return (-1);
}
}
if (fread((char *)tp, hdr->caplen, 1, fp) != 1) {
sprintf(p->errbuf, "truncated dump file");
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"truncated dump file");
return (-1);
}
/*
@ -271,7 +514,8 @@ sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen)
/* read the packet itself */
if (fread((char *)buf, hdr->caplen, 1, fp) != 1) {
sprintf(p->errbuf, "truncated dump file");
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"truncated dump file");
return (-1);
}
}
@ -336,17 +580,27 @@ pcap_dumper_t *
pcap_dump_open(pcap_t *p, const char *fname)
{
FILE *f;
int linktype;
linktype = dlt_to_linktype(p->linktype);
if (linktype == -1) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"%s: link-layer type %d isn't supported in savefiles",
fname, linktype);
return (NULL);
}
if (fname[0] == '-' && fname[1] == '\0')
f = stdout;
else {
f = fopen(fname, "w");
if (f == NULL) {
sprintf(p->errbuf, "%s: %s",
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s",
fname, pcap_strerror(errno));
return (NULL);
}
}
(void)sf_write_header(f, p->linktype, p->tzoff, p->snapshot);
(void)sf_write_header(f, linktype, p->tzoff, p->snapshot);
return ((pcap_dumper_t *)f);
}

62
contrib/libpcap/scanner.l
View File

@ -22,7 +22,11 @@
#ifndef lint
static const char rcsid[] =
"@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.60 1999/11/17 04:09:58 assar Exp $ (LBL)";
"@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.70 2000/10/28 10:18:40 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
@ -39,10 +43,13 @@ static const char rcsid[] =
#ifdef INET6
#include <netdb.h>
#include <sys/socket.h>
/* Workaround for AIX 4.3 */
#if !defined(AI_NUMERICHOST)
#define AI_NUMERICHOST 0x04
#endif
#endif /*INET6*/
#include "tokdefs.h"
#include "gnuc.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
@ -52,22 +59,10 @@ static inline int xdtoi(int);
#ifdef FLEX_SCANNER
#define YY_NO_UNPUT
#undef YY_INPUT
#define YY_INPUT(buf, result, max)\
{\
char *src = in_buffer;\
int i;\
\
if (*src == 0)\
result = YY_NULL;\
else {\
for (i = 0; *src && i < max; ++i)\
buf[i] = *src++;\
in_buffer += i;\
result = i;\
}\
}
static YY_BUFFER_STATE in_buffer;
#else
static char *in_buffer;
#undef getc
#define getc(fp) (*in_buffer == 0 ? EOF : *in_buffer++)
#endif
@ -75,8 +70,6 @@ static inline int xdtoi(int);
#define yylval pcap_lval
extern YYSTYPE yylval;
static char *in_buffer;
%}
N ([0-9]+|(0X|0x)[0-9A-Fa-f]+)
@ -88,6 +81,7 @@ W ([0-9A-Fa-f][0-9A-Fa-f]?[0-9A-Fa-f]?[0-9A-Fa-f]?)
%e 6000
%k 4000
%p 19000
%n 2000
V680 {W}:{W}:{W}:{W}:{W}:{W}:{W}:{W}
@ -172,7 +166,7 @@ dst return DST;
src return SRC;
link|ether|ppp|slip return LINK;
fddi return LINK;
fddi|tr return LINK;
arp return ARP;
rarp return RARP;
ip return IP;
@ -189,12 +183,20 @@ ah return AH;
esp return ESP;
atalk return ATALK;
aarp return AARP;
decnet return DECNET;
lat return LAT;
sca return SCA;
moprc return MOPRC;
mopdl return MOPDL;
iso return ISO;
esis return ESIS;
es-is return ESIS;
isis return ISIS;
is-is return ISIS;
clnp return CLNP;
host return HOST;
net return NET;
mask return MASK;
@ -224,6 +226,8 @@ len|length return LEN;
inbound return INBOUND;
outbound return OUTBOUND;
vlan return VLAN;
[ \n\t] ;
[+\-*/:\[\]!<>()&|=] return yytext[0];
">=" return GEQ;
@ -264,7 +268,24 @@ void
lex_init(buf)
char *buf;
{
#ifdef FLEX_SCANNER
in_buffer = yy_scan_string(buf);
#else
in_buffer = buf;
#endif
}
/*
* Do any cleanup necessary after parsing.
*/
void
lex_cleanup()
{
#ifdef FLEX_SCANNER
if (in_buffer != NULL)
yy_delete_buffer(in_buffer);
in_buffer = NULL;
#endif
}
/*
@ -316,4 +337,3 @@ stoi(s)
return n;
}

124
contrib/libpcap/sll.h Normal file
View File

@ -0,0 +1,124 @@
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* This code is derived from the Stanford/CMU enet packet filter,
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
* Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#) $Header: /tcpdump/master/libpcap/sll.h,v 1.6 2000/12/23 07:50:19 guy Exp $ (LBL)
*/
/*
* For captures on Linux cooked sockets, we construct a fake header
* that includes:
*
* a 2-byte "packet type" which is one of:
*
* LINUX_SLL_HOST packet was sent to us
* LINUX_SLL_BROADCAST packet was broadcast
* LINUX_SLL_MULTICAST packet was multicast
* LINUX_SLL_OTHERHOST packet was sent to somebody else
* LINUX_SLL_OUTGOING packet was sent *by* us;
*
* a 2-byte Ethernet protocol field;
*
* a 2-byte link-layer type;
*
* a 2-byte link-layer address length;
*
* an 8-byte source link-layer address, whose actual length is
* specified by the previous value.
*
* All fields except for the link-layer address are in network byte order.
*
* DO NOT change the layout of this structure, or change any of the
* LINUX_SLL_ values below. If you must change the link-layer header
* for a "cooked" Linux capture, introduce a new DLT_ type (ask
* "tcpdump-workers@tcpdump.org" for one, so that you don't give it a
* value that collides with a value already being used), and use the
* new header in captures of that type, so that programs that can
* handle DLT_LINUX_SLL captures will continue to handle them correctly
* without any change, and so that capture files with different headers
* can be told apart and programs that read them can dissect the
* packets in them.
*/
/*
* A DLT_LINUX_SLL fake link-layer header.
*/
#define SLL_HDR_LEN 16 /* total header length */
#define SLL_ADDRLEN 8 /* length of address field */
struct sll_header {
u_int16_t sll_pkttype; /* packet type */
u_int16_t sll_hatype; /* link-layer address type */
u_int16_t sll_halen; /* link-layer address length */
u_int8_t sll_addr[SLL_ADDRLEN]; /* link-layer address */
u_int16_t sll_protocol; /* protocol */
};
/*
* The LINUX_SLL_ values for "sll_pkttype"; these correspond to the
* PACKET_ values on Linux, but are defined here so that they're
* available even on systems other than Linux, and so that they
* don't change even if the PACKET_ values change.
*/
#define LINUX_SLL_HOST 0
#define LINUX_SLL_BROADCAST 1
#define LINUX_SLL_MULTICAST 2
#define LINUX_SLL_OTHERHOST 3
#define LINUX_SLL_OUTGOING 4
/*
* The LINUX_SLL_ values for "sll_protocol"; these correspond to the
* ETH_P_ values on Linux, but are defined here so that they're
* available even on systems other than Linux. We assume, for now,
* that the ETH_P_ values won't change in Linux; if they do, then:
*
* if we don't translate them in "pcap-linux.c", capture files
* won't necessarily be readable if captured on a system that
* defines ETH_P_ values that don't match these values;
*
* if we do translate them in "pcap-linux.c", that makes life
* unpleasant for the BPF code generator, as the values you test
* for in the kernel aren't the values that you test for when
* reading a capture file, so the fixup code run on BPF programs
* handed to the kernel ends up having to do more work.
*
* Add other values here as necessary, for handling packet types that
* might show up on non-Ethernet, non-802.x networks. (Not all the ones
* in the Linux "if_ether.h" will, I suspect, actually show up in
* captures.)
*/
#define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */
#define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */