Merge of libpcap 0.8.3 from tcpdump.org.

2004-03-31 09:15:09 +00:00 · 2004-03-31 09:15:09 +00:00 · eb9f0330c0
commit eb9f0330c0
parent 2f9208fff6
12 changed files with 2813 additions and 944 deletions
--- a/contrib/libpcap/bpf/net/bpf.h
+++ b/contrib/libpcap/bpf/net/bpf.h
@ -1,417 +0,0 @@
 /*-
 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
 *	The Regents of the University of California.  All rights reserved.
 *
 * This code is derived from the Stanford/CMU enet packet filter,
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence 
 * Berkeley Laboratory.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by the University of
 *      California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
 *
 * @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.51 2001/11/28 05:50:05 guy Exp $ (LBL)
 *
 * $FreeBSD$
 */
 #ifndef BPF_MAJOR_VERSION
 /* BSD style release date */
 #define BPF_RELEASE 199606
 typedef	int bpf_int32;
 typedef	u_int bpf_u_int32;
 /*
 * Alignment macros.  BPF_WORDALIGN rounds up to the next 
 * even multiple of BPF_ALIGNMENT. 
 */
 #define BPF_ALIGNMENT sizeof(bpf_int32)
 #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
 #define BPF_MAXINSNS 512
 #define BPF_MAXBUFSIZE 0x8000
 #define BPF_MINBUFSIZE 32
 /*
 *  Structure for BIOCSETF.
 */
 struct bpf_program {
 	u_int bf_len;
 	struct bpf_insn *bf_insns;
 };
 /*
 * Struct returned by BIOCGSTATS.
 */
 struct bpf_stat {
 	u_int bs_recv;		/* number of packets received */
 	u_int bs_drop;		/* number of packets dropped */
 };
 /*
 * Struct return by BIOCVERSION.  This represents the version number of 
 * the filter language described by the instruction encodings below.
 * bpf understands a program iff kernel_major == filter_major &&
 * kernel_minor >= filter_minor, that is, if the value returned by the
 * running kernel has the same major number and a minor number equal
 * equal to or less than the filter being downloaded.  Otherwise, the
 * results are undefined, meaning an error may be returned or packets
 * may be accepted haphazardly.
 * It has nothing to do with the source code version.
 */
 struct bpf_version {
 	u_short bv_major;
 	u_short bv_minor;
 };
 /* Current version number of filter architecture. */
 #define BPF_MAJOR_VERSION 1
 #define BPF_MINOR_VERSION 1
 /*
 * BPF ioctls
 *
 * The first set is for compatibility with Sun's pcc style
 * header files.  If your using gcc, we assume that you
 * have run fixincludes so the latter set should work.
 */
 #if (defined(sun) || defined(ibm032)) && !defined(__GNUC__)
 #define	BIOCGBLEN	_IOR(B,102, u_int)
 #define	BIOCSBLEN	_IOWR(B,102, u_int)
 #define	BIOCSETF	_IOW(B,103, struct bpf_program)
 #define	BIOCFLUSH	_IO(B,104)
 #define BIOCPROMISC	_IO(B,105)
 #define	BIOCGDLT	_IOR(B,106, u_int)
 #define BIOCGETIF	_IOR(B,107, struct ifreq)
 #define BIOCSETIF	_IOW(B,108, struct ifreq)
 #define BIOCSRTIMEOUT	_IOW(B,109, struct timeval)
 #define BIOCGRTIMEOUT	_IOR(B,110, struct timeval)
 #define BIOCGSTATS	_IOR(B,111, struct bpf_stat)
 #define BIOCIMMEDIATE	_IOW(B,112, u_int)
 #define BIOCVERSION	_IOR(B,113, struct bpf_version)
 #define BIOCSTCPF	_IOW(B,114, struct bpf_program)
 #define BIOCSUDPF	_IOW(B,115, struct bpf_program)
 #else
 #define	BIOCGBLEN	_IOR('B',102, u_int)
 #define	BIOCSBLEN	_IOWR('B',102, u_int)
 #define	BIOCSETF	_IOW('B',103, struct bpf_program)
 #define	BIOCFLUSH	_IO('B',104)
 #define BIOCPROMISC	_IO('B',105)
 #define	BIOCGDLT	_IOR('B',106, u_int)
 #define BIOCGETIF	_IOR('B',107, struct ifreq)
 #define BIOCSETIF	_IOW('B',108, struct ifreq)
 #define BIOCSRTIMEOUT	_IOW('B',109, struct timeval)
 #define BIOCGRTIMEOUT	_IOR('B',110, struct timeval)
 #define BIOCGSTATS	_IOR('B',111, struct bpf_stat)
 #define BIOCIMMEDIATE	_IOW('B',112, u_int)
 #define BIOCVERSION	_IOR('B',113, struct bpf_version)
 #define BIOCSTCPF	_IOW('B',114, struct bpf_program)
 #define BIOCSUDPF	_IOW('B',115, struct bpf_program)
 #endif
 /*
 * Structure prepended to each packet.
 */
 struct bpf_hdr {
 	struct timeval	bh_tstamp;	/* time stamp */
 	bpf_u_int32	bh_caplen;	/* length of captured portion */
 	bpf_u_int32	bh_datalen;	/* original length of packet */
 	u_short		bh_hdrlen;	/* length of bpf header (this struct
 					   plus alignment padding) */
 };
 /*
 * Because the structure above is not a multiple of 4 bytes, some compilers
 * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
 * Only the kernel needs to know about it; applications use bh_hdrlen.
 */
 #if defined(KERNEL) || defined(_KERNEL)
 #define SIZEOF_BPF_HDR 18
 #endif
 /*
 * Data-link level type codes.
 */
 /*
 * These are the types that are the same on all platforms; on other
 * platforms, a <net/bpf.h> should be supplied that defines the additional
 * DLT_* codes appropriately for that platform (the BSDs, for example,
 * should not just pick up this version of "bpf.h"; they should also define
 * the additional DLT_* codes used by their kernels, as well as the values
 * defined here - and, if the values they use for particular DLT_ types
 * differ from those here, they should use their values, not the ones
 * here).
 */
 #define DLT_NULL	0	/* no link-layer encapsulation */
 #define DLT_EN10MB	1	/* Ethernet (10Mb) */
 #define DLT_EN3MB	2	/* Experimental Ethernet (3Mb) */
 #define DLT_AX25	3	/* Amateur Radio AX.25 */
 #define DLT_PRONET	4	/* Proteon ProNET Token Ring */
 #define DLT_CHAOS	5	/* Chaos */
 #define DLT_IEEE802	6	/* IEEE 802 Networks */
 #define DLT_ARCNET	7	/* ARCNET */
 #define DLT_SLIP	8	/* Serial Line IP */
 #define DLT_PPP		9	/* Point-to-point Protocol */
 #define DLT_FDDI	10	/* FDDI */
 /*
 * These are values from the traditional libpcap "bpf.h".
 * Ports of this to particular platforms should replace these definitions
 * with the ones appropriate to that platform, if the values are
 * different on that platform.
 */
 #define DLT_ATM_RFC1483	11	/* LLC/SNAP encapsulated atm */
 #define DLT_RAW		12	/* raw IP */
 /*
 * These are values from BSD/OS's "bpf.h".
 * These are not the same as the values from the traditional libpcap
 * "bpf.h"; however, these values shouldn't be generated by any
 * OS other than BSD/OS, so the correct values to use here are the
 * BSD/OS values.
 *
 * Platforms that have already assigned these values to other
 * DLT_ codes, however, should give these codes the values
 * from that platform, so that programs that use these codes will
 * continue to compile - even though they won't correctly read
 * files of these types.
 */
 #define DLT_SLIP_BSDOS	15	/* BSD/OS Serial Line IP */
 #define DLT_PPP_BSDOS	16	/* BSD/OS Point-to-point Protocol */
 #define DLT_ATM_CLIP	19	/* Linux Classical-IP over ATM */
 /*
 * These values are defined by NetBSD; other platforms should refrain from
 * using them for other purposes, so that NetBSD savefiles with link
 * types of 50 or 51 can be read as this type on all platforms.
 */
 #define DLT_PPP_SERIAL	50	/* PPP over serial with HDLC encapsulation */
 #define DLT_PPP_ETHER	51	/* PPP over Ethernet */
 /*
 * Values between 100 and 103 are used in capture file headers as
 * link-layer types corresponding to DLT_ types that differ
 * between platforms; don't use those values for new DLT_ new types.
 */
 /*
 * This value was defined by libpcap 0.5; platforms that have defined
 * it with a different value should define it here with that value -
 * a link type of 104 in a save file will be mapped to DLT_C_HDLC,
 * whatever value that happens to be, so programs will correctly
 * handle files with that link type regardless of the value of
 * DLT_C_HDLC.
 *
 * The name DLT_C_HDLC was used by BSD/OS; we use that name for source
 * compatibility with programs written for BSD/OS.
 *
 * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
 * for source compatibility with programs written for libpcap 0.5.
 */
 #define DLT_C_HDLC	104	/* Cisco HDLC */
 #define DLT_CHDLC	DLT_C_HDLC
 #define DLT_IEEE802_11	105	/* IEEE 802.11 wireless */
 /*
 * Values between 106 and 107 are used in capture file headers as
 * link-layer types corresponding to DLT_ types that might differ
 * between platforms; don't use those values for new DLT_ new types.
 */
 /*
 * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
 * that the AF_ type in the link-layer header is in network byte order.
 *
 * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
 * define it as 108 here.  If OpenBSD picks up this file, it should
 * define DLT_LOOP as 12 in its version, as per the comment above -
 * and should not use 108 as a DLT_ value.
 */
 #define DLT_LOOP	108
 /*
 * Values between 109 and 112 are used in capture file headers as
 * link-layer types corresponding to DLT_ types that might differ
 * between platforms; don't use those values for new DLT_ types
 * other than the corresponding DLT_ types.
 */
 /*
 * This is for Linux cooked sockets.
 */
 #define DLT_LINUX_SLL	113
 /*
 * Apple LocalTalk hardware.
 */
 #define DLT_LTALK	114
 /*
 * Acorn Econet.
 */
 #define DLT_ECONET	115
 /*
 * Reserved for use with OpenBSD ipfilter.
 */
 #define DLT_IPFILTER	116
 /*
 * Reserved for use in capture-file headers as a link-layer type
 * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
 * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
 * in capture-file headers.
 */
 #define DLT_PFLOG	117
 /*
 * Registered for Cisco-internal use.
 */
 #define DLT_CISCO_IOS	118
 /*
 * Reserved for 802.11 cards using the Prism II chips, with a link-layer
 * header including Prism monitor mode information plus an 802.11
 * header.
 */
 #define DLT_PRISM_HEADER	119
 /*
 * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
 * (see Doug Ambrisko's FreeBSD patches).
 */
 #define DLT_AIRONET_HEADER	120
 /*
 * The instruction encodings.
 */
 /* instruction classes */
 #define BPF_CLASS(code) ((code) & 0x07)
 #define		BPF_LD		0x00
 #define		BPF_LDX		0x01
 #define		BPF_ST		0x02
 #define		BPF_STX		0x03
 #define		BPF_ALU		0x04
 #define		BPF_JMP		0x05
 #define		BPF_RET		0x06
 #define		BPF_MISC	0x07
 /* ld/ldx fields */
 #define BPF_SIZE(code)	((code) & 0x18)
 #define		BPF_W		0x00
 #define		BPF_H		0x08
 #define		BPF_B		0x10
 #define BPF_MODE(code)	((code) & 0xe0)
 #define		BPF_IMM 	0x00
 #define		BPF_ABS		0x20
 #define		BPF_IND		0x40
 #define		BPF_MEM		0x60
 #define		BPF_LEN		0x80
 #define		BPF_MSH		0xa0
 /* alu/jmp fields */
 #define BPF_OP(code)	((code) & 0xf0)
 #define		BPF_ADD		0x00
 #define		BPF_SUB		0x10
 #define		BPF_MUL		0x20
 #define		BPF_DIV		0x30
 #define		BPF_OR		0x40
 #define		BPF_AND		0x50
 #define		BPF_LSH		0x60
 #define		BPF_RSH		0x70
 #define		BPF_NEG		0x80
 #define		BPF_JA		0x00
 #define		BPF_JEQ		0x10
 #define		BPF_JGT		0x20
 #define		BPF_JGE		0x30
 #define		BPF_JSET	0x40
 #define BPF_SRC(code)	((code) & 0x08)
 #define		BPF_K		0x00
 #define		BPF_X		0x08
 /* ret - BPF_K and BPF_X also apply */
 #define BPF_RVAL(code)	((code) & 0x18)
 #define		BPF_A		0x10
 /* misc */
 #define BPF_MISCOP(code) ((code) & 0xf8)
 #define		BPF_TAX		0x00
 #define		BPF_TXA		0x80
 /*
 * The instruction data structure.
 */
 struct bpf_insn {
 	u_short	code;
 	u_char 	jt;
 	u_char 	jf;
 	bpf_int32 k;
 };
 /*
 * Macros for insn array initializers.
 */
 #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
 #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
 #if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
 /*
 * Systems based on non-BSD kernels don't have ifnet's (or they don't mean
 * anything if it is in <net/if.h>) and won't work like this.
 */
 # if __STDC__
 extern void bpf_tap(struct ifnet *, u_char *, u_int);
 extern void bpf_mtap(struct ifnet *, struct mbuf *);
 extern void bpfattach(struct ifnet *, u_int, u_int);
 extern void bpfilterattach(int);
 # else
 extern void bpf_tap();
 extern void bpf_mtap();
 extern void bpfattach();
 extern void bpfilterattach();
 # endif /* __STDC__ */
 #endif /* BSD && (_KERNEL || KERNEL) */
 #if __STDC__
 extern int bpf_validate(struct bpf_insn *, int);
 extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
 #else
 extern int bpf_validate();
 extern u_int bpf_filter();
 #endif
 /*
 * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
 */
 #define BPF_MEMWORDS 16
 #endif
--- a/contrib/libpcap/gencode.c
+++ b/contrib/libpcap/gencode.c
--- a/contrib/libpcap/gencode.h
+++ b/contrib/libpcap/gencode.h
@ -18,9 +18,42 @@
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
 * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.53 2001/05/10 14:48:02 fenner Exp $ (LBL)
 *
 * $FreeBSD$
 * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.58.2.1 2004/03/28 21:45:31 fenner Exp $ (LBL)
 */
 /*
 * ATM support:
 *
 * Copyright (c) 1997 Yen Yen Lim and North Dakota State University
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by Yen Yen Lim and
 *      North Dakota State University
 * 4. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 /* Address qualifiers. */
@ -75,6 +108,18 @@
 #define Q_NETBEUI	30
 /* IS-IS Levels */
 #define Q_ISIS_L1       31
 #define Q_ISIS_L2       32
 /* PDU types */
 #define Q_ISIS_IIH      33
 #define Q_ISIS_LAN_IIH  34
 #define Q_ISIS_PTP_IIH  35
 #define Q_ISIS_SNP      36
 #define Q_ISIS_CSNP     37
 #define Q_ISIS_PSNP     38
 #define Q_ISIS_LSP      39
 /* Directional qualifiers. */
 #define Q_SRC		1
@ -85,6 +130,43 @@
 #define Q_DEFAULT	0
 #define Q_UNDEF		255
 /* ATM types */
 #define A_METAC		22	/* Meta signalling Circuit */
 #define A_BCC		23	/* Broadcast Circuit */
 #define A_OAMF4SC	24	/* Segment OAM F4 Circuit */
 #define A_OAMF4EC	25	/* End-to-End OAM F4 Circuit */
 #define A_SC		26	/* Signalling Circuit*/
 #define A_ILMIC		27	/* ILMI Circuit */
 #define A_OAM		28	/* OAM cells : F4 only */
 #define A_OAMF4		29	/* OAM F4 cells: Segment + End-to-end */
 #define A_LANE		30	/* LANE traffic */
 #define A_LLC		31	/* LLC-encapsulated traffic */
 /* Based on Q.2931 signalling protocol */
 #define A_SETUP		41	/* Setup message */
 #define A_CALLPROCEED	42	/* Call proceeding message */
 #define A_CONNECT	43	/* Connect message */
 #define A_CONNECTACK	44	/* Connect Ack message */
 #define A_RELEASE	45	/* Release message */
 #define A_RELEASE_DONE	46	/* Release message */
 /* ATM field types */
 #define A_VPI		51
 #define A_VCI		52
 #define A_PROTOTYPE	53
 #define A_MSGTYPE	54
 #define A_CALLREFTYPE	55
 #define A_CONNECTMSG	70	/* returns Q.2931 signalling messages for
 				   establishing and destroying switched
 				   virtual connection */
 #define A_METACONNECT	71	/* returns Q.2931 signalling messages for
 				   establishing and destroying predefined
 				   virtual circuits, such as broadcast
 				   circuit, oamf4 segment circuit, oamf4
 				   end-to-end circuits, ILMI circuits or
 				   connection signalling circuit. */
 struct slist;
 struct stmt {
@ -99,7 +181,7 @@ struct slist {
 	struct slist *next;
 };
-/* 
+/*
 * A bit vector to represent definition sets.  We assume TOT_REGISTERS
 * is smaller than 8*sizeof(atomset).
 */
@ -193,6 +275,18 @@ struct block *gen_inbound(int);
 struct block *gen_vlan(int);
 struct block *gen_atmfield_code(int atmfield, bpf_u_int32 jvalue, bpf_u_int32 jtype, int reverse);
 struct block *gen_atmtype_abbrev(int type);
 struct block *gen_atmmulti_abbrev(int type);
 struct block *gen_pf_ifname(const char *);
 struct block *gen_pf_rnr(int);
 struct block *gen_pf_srnr(int);
 struct block *gen_pf_ruleset(char *);
 struct block *gen_pf_reason(int);
 struct block *gen_pf_action(int);
 struct block *gen_pf_dir(int);
 void bpf_optimize(struct block **);
 void bpf_error(const char *, ...)
 #if HAVE___ATTRIBUTE__
--- a/contrib/libpcap/grammar.y
+++ b/contrib/libpcap/grammar.y
@ -22,33 +22,40 @@
 * $FreeBSD$
 */
 #ifndef lint
-static const char rcsid[] =
+static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.71 2001/07/03 19:15:48 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.79.2.3 2004/03/28 21:45:32 fenner Exp $ (LBL)";
 #endif
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #ifdef WIN32
 #include <pcap-stdinc.h>
 #else /* WIN32 */
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/socket.h>
 #endif /* WIN32 */
 #include <stdlib.h>
 #ifndef WIN32
 #if __STDC__
 struct mbuf;
 struct rtentry;
 #endif
 #include <net/if.h>
 #include <netinet/in.h>
 #endif /* WIN32 */
 #include <stdio.h>
 #include <strings.h>
 #include "pcap-int.h"
 #include "gencode.h"
 #include "pf.h"
 #include <pcap-namedb.h>
 #ifdef HAVE_OS_PROTO_H
@ -92,6 +99,7 @@ pcap_parse()
 	struct arth *a;
 	struct {
 		struct qual q;
 		int atmfieldtype;
 		struct block *b;
 	} blk;
 	struct block *rblk;
@ -103,14 +111,18 @@ pcap_parse()
 %type	<a>	arth narth
 %type	<i>	byteop pname pnum relop irelop
 %type	<blk>	and or paren not null prog
-%type	<rblk>	other
+%type	<rblk>	other pfvar
 %type	<i>	atmtype atmmultitype
 %type	<blk>	atmfield
 %type	<blk>	atmfieldvalue atmvalue atmlistvalue
 %token  DST SRC HOST GATEWAY
-%token  NET MASK PORT LESS GREATER PROTO PROTOCHAIN BYTE
+%token  NET NETMASK PORT LESS GREATER PROTO PROTOCHAIN CBYTE
 %token  ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP
 %token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
 %token  PF_IFNAME PF_RSET PF_RNR PF_SRNR PF_REASON PF_ACTION
 %token  LINK
 %token	GEQ LEQ NEQ
 %token	ID EID HID HID6 AID
@ -118,16 +130,19 @@ pcap_parse()
 %token  LEN
 %token  IPV6 ICMPV6 AH ESP
 %token	VLAN
-%token  ISO ESIS ISIS CLNP
+%token  ISO ESIS CLNP ISIS L1 L2 IIH LSP SNP CSNP PSNP 
 %token  STP
 %token  IPX
 %token  NETBEUI
 %token	LANE LLC METAC BCC SC ILMIC OAMF4EC OAMF4SC
 %token	OAM OAMF4 CONNECTMSG METACONNECT
 %token	VPI VCI
 %type	<s> ID
 %type	<e> EID
 %type	<e> AID
 %type	<s> HID HID6
-%type	<i> NUM
+%type	<i> NUM action reason
 %left OR AND
 %nonassoc  '!'
@ -164,7 +179,7 @@ id:	  nid
 nid:	  ID			{ $$.b = gen_scode($1, $$.q = $<blk>0.q); }
 	| HID '/' NUM		{ $$.b = gen_mcode($1, NULL, $3,
 				    $$.q = $<blk>0.q); }
-	| HID MASK HID		{ $$.b = gen_mcode($1, $3, 0,
+	| HID NETMASK HID	{ $$.b = gen_mcode($1, $3, 0,
 				    $$.q = $<blk>0.q); }
 	| HID			{
 				  /* Decide how to parse HID based on proto */
@ -239,6 +254,9 @@ rterm:	  head id		{ $$ = $2; }
 	| arth irelop arth	{ $$.b = gen_relation($2, $1, $3, 1);
 				  $$.q = qerr; }
 	| other			{ $$.b = $1; $$.q = qerr; }
 	| atmtype		{ $$.b = gen_atmtype_abbrev($1); $$.q = qerr; }
 	| atmmultitype		{ $$.b = gen_atmmulti_abbrev($1); $$.q = qerr; }
 	| atmfield atmvalue	{ $$.b = $2.b; $$.q = qerr; }
 	;
 /* protocol level qualifiers */
 pqual:	  pname
@ -286,6 +304,13 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| ISO			{ $$ = Q_ISO; }
 	| ESIS			{ $$ = Q_ESIS; }
 	| ISIS			{ $$ = Q_ISIS; }
 	| L1			{ $$ = Q_ISIS_L1; }
 	| L2			{ $$ = Q_ISIS_L2; }
 	| IIH			{ $$ = Q_ISIS_IIH; }
 	| LSP			{ $$ = Q_ISIS_LSP; }
 	| SNP			{ $$ = Q_ISIS_SNP; }
 	| PSNP			{ $$ = Q_ISIS_PSNP; }
 	| CSNP			{ $$ = Q_ISIS_CSNP; }
 	| CLNP			{ $$ = Q_CLNP; }
 	| STP			{ $$ = Q_STP; }
 	| IPX			{ $$ = Q_IPX; }
@ -295,12 +320,47 @@ other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| pqual TK_MULTICAST	{ $$ = gen_multicast($1); }
 	| LESS NUM		{ $$ = gen_less($2); }
 	| GREATER NUM		{ $$ = gen_greater($2); }
-	| BYTE NUM byteop NUM	{ $$ = gen_byteop($3, $2, $4); }
+	| CBYTE NUM byteop NUM	{ $$ = gen_byteop($3, $2, $4); }
 	| INBOUND		{ $$ = gen_inbound(0); }
 	| OUTBOUND		{ $$ = gen_inbound(1); }
 	| VLAN pnum		{ $$ = gen_vlan($2); }
 	| VLAN			{ $$ = gen_vlan(-1); }
 	| pfvar			{ $$ = $1; }
 	;
 pfvar:	  PF_IFNAME ID		{ $$ = gen_pf_ifname($2); }
 	| PF_RSET ID		{ $$ = gen_pf_ruleset($2); }
 	| PF_RNR NUM		{ $$ = gen_pf_rnr($2); }
 	| PF_SRNR NUM		{ $$ = gen_pf_srnr($2); }
 	| PF_REASON reason	{ $$ = gen_pf_reason($2); }
 	| PF_ACTION action	{ $$ = gen_pf_action($2); }
 	;
 reason:	  NUM			{ $$ = $1; }
 	| ID			{ const char *reasons[] = PFRES_NAMES;
 				  int i;
 				  for (i = 0; reasons[i]; i++) {
 					  if (pcap_strcasecmp($1, reasons[i]) == 0) {
 						  $$ = i;
 						  break;
 					  }
 				  }
 				  if (reasons[i] == NULL)
 					  bpf_error("unknown PF reason");
 				}
 	;
 action:	  ID			{ if (pcap_strcasecmp($1, "pass") == 0 ||
 				      pcap_strcasecmp($1, "accept") == 0)
 					$$ = PF_PASS;
 				  else if (pcap_strcasecmp($1, "drop") == 0 ||
 				      pcap_strcasecmp($1, "block") == 0)
 					$$ = PF_DROP;
 				  else
 					  bpf_error("unknown PF action");
 				}
 	;
 relop:	  '>'			{ $$ = BPF_JGT; }
 	| GEQ			{ $$ = BPF_JGE; }
 	| '='			{ $$ = BPF_JEQ; }
@ -335,4 +395,37 @@ byteop:	  '&'			{ $$ = '&'; }
 pnum:	  NUM
 	| paren pnum ')'	{ $$ = $2; }
 	;
 atmtype: LANE			{ $$ = A_LANE; }
 	| LLC			{ $$ = A_LLC; }
 	| METAC			{ $$ = A_METAC;	}
 	| BCC			{ $$ = A_BCC; }
 	| OAMF4EC		{ $$ = A_OAMF4EC; }
 	| OAMF4SC		{ $$ = A_OAMF4SC; }
 	| SC			{ $$ = A_SC; }
 	| ILMIC			{ $$ = A_ILMIC; }
 	;
 atmmultitype: OAM		{ $$ = A_OAM; }
 	| OAMF4			{ $$ = A_OAMF4; }
 	| CONNECTMSG		{ $$ = A_CONNECTMSG; }
 	| METACONNECT		{ $$ = A_METACONNECT; }
 	;
 	/* ATM field types quantifier */
 atmfield: VPI			{ $$.atmfieldtype = A_VPI; }
 	| VCI			{ $$.atmfieldtype = A_VCI; }
 	;
 atmvalue: atmfieldvalue
 	| relop NUM		{ $$.b = gen_atmfield_code($<blk>0.atmfieldtype, (u_int)$2, (u_int)$1, 0); }
 	| irelop NUM		{ $$.b = gen_atmfield_code($<blk>0.atmfieldtype, (u_int)$2, (u_int)$1, 1); }
 	| paren atmlistvalue ')' { $$.b = $2.b; $$.q = qerr; }
 	;
 atmfieldvalue: NUM {
 	$$.atmfieldtype = $<blk>0.atmfieldtype;
 	if ($$.atmfieldtype == A_VPI ||
 	    $$.atmfieldtype == A_VCI)
 		$$.b = gen_atmfield_code($$.atmfieldtype, (u_int) $1, BPF_JEQ, 0);
 	}
 	;
 atmlistvalue: atmfieldvalue
 	| atmlistvalue or atmfieldvalue { gen_or($1.b, $3.b); $$ = $3; }
 	;
 %%
--- a/contrib/libpcap/nametoaddr.c
+++ b/contrib/libpcap/nametoaddr.c
@ -25,37 +25,51 @@
 */
 #ifndef lint
-static const char rcsid[] =
+static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.60 2001/07/28 22:56:35 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.68.2.3 2003/11/19 18:13:48 guy Exp $ (LBL)";
 #endif
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #ifdef WIN32
 #include <pcap-stdinc.h>
 #else /* WIN32 */
 #include <sys/param.h>
 #include <sys/types.h>				/* concession to AIX */
 #include <sys/socket.h>
 #include <sys/time.h>
 struct mbuf;
 struct rtentry;
 #include <net/if.h>
 #include <netinet/in.h>
-#ifdef HAVE_NETINET_IF_ETHER_H
+#endif /* WIN32 */
-#include <netinet/if_ether.h>
+
 /*
 * XXX - why was this included even on UNIX?
 */
 #ifdef __MINGW32__
 #include "IP6_misc.h"
 #endif
 #ifndef WIN32
 #ifdef HAVE_ETHER_HOSTTON
 #ifdef HAVE_NETINET_IF_ETHER_H
 struct mbuf;		/* Squelch compiler warnings on some platforms for */
 struct rtentry;		/* declarations in <net/if.h> */
 #include <net/if.h>	/* for "struct ifnet" in "struct arpcom" on Solaris */
 #include <netinet/if_ether.h>
 #endif /* HAVE_NETINET_IF_ETHER_H */
 #endif /* HAVE_ETHER_HOSTTON */
 #include <arpa/inet.h>
 #ifdef INET6
 #include <netdb.h>
-#include <sys/socket.h>
+#endif /* WIN32 */
 #endif /*INET6*/
 #include <ctype.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <memory.h>
 #include <netdb.h>
 #include <stdio.h>
 #include "pcap-int.h"
@ -127,12 +141,19 @@ pcap_nametoaddrinfo(const char *name)
 bpf_u_int32
 pcap_nametonetaddr(const char *name)
 {
 #ifndef WIN32
 	struct netent *np;
 	if ((np = getnetbyname(name)) != NULL)
 		return np->n_net;
 	else
 		return 0;
 #else
 	/*
 	 * There's no "getnetbyname()" on Windows.
 	 */
 	return 0;
 #endif
 }
 /*
@ -144,38 +165,40 @@ int
 pcap_nametoport(const char *name, int *port, int *proto)
 {
 	struct servent *sp;
-	char *other;
+	int tcp_port = -1;
 	int udp_port = -1;
-	sp = getservbyname(name, (char *)0);
+	/*
-	if (sp != NULL) {
+	 * We need to check /etc/services for ambiguous entries.
-		NTOHS(sp->s_port);
+	 * If we find the ambiguous entry, and it has the
-		*port = sp->s_port;
+	 * same port number, change the proto to PROTO_UNDEF
-		*proto = pcap_nametoproto(sp->s_proto);
+	 * so both TCP and UDP will be checked.
-		/*
+	 */
-		 * We need to check /etc/services for ambiguous entries.
+	sp = getservbyname(name, "tcp");
-		 * If we find the ambiguous entry, and it has the
+	if (sp != NULL) tcp_port = ntohs(sp->s_port);
-		 * same port number, change the proto to PROTO_UNDEF
+	sp = getservbyname(name, "udp");
-		 * so both TCP and UDP will be checked.
+	if (sp != NULL) udp_port = ntohs(sp->s_port);
-		 */
+	if (tcp_port >= 0) {
-		if (*proto == IPPROTO_TCP)
+		*port = tcp_port;
-			other = "udp";
+		*proto = IPPROTO_TCP;
-		else
+		if (udp_port >= 0) {
-			other = "tcp";
+			if (udp_port == tcp_port)
-
+				*proto = PROTO_UNDEF;
 		sp = getservbyname(name, other);
 		if (sp != 0) {
 			NTOHS(sp->s_port);
 #ifdef notdef
-			if (*port != sp->s_port)
+			else
 				/* Can't handle ambiguous names that refer
 				   to different port numbers. */
 				warning("ambiguous port %s in /etc/services",
 					name);
 #endif
 			*proto = PROTO_UNDEF;
 		}
 		return 1;
 	}
 	if (udp_port >= 0) {
 		*port = udp_port;
 		*proto = IPPROTO_UDP;
 		return 1;
 	}
 #if defined(ultrix) || defined(__osf__)
 	/* Special hack in case NFS isn't in /etc/services */
 	if (strcmp(name, "nfs") == 0) {
@ -353,7 +376,7 @@ pcap_ether_hostton(const char *name)
 		return (NULL);
 	else
 		rewind(fp);
-	
+
 	while ((ep = pcap_next_etherent(fp)) != NULL) {
 		if (strcmp(ep->name, name) == 0) {
 			ap = (u_char *)malloc(6);
@ -377,7 +400,8 @@ pcap_ether_hostton(const char *name)
 * "const char *", so no matter how we declare it here, it'll fail to
 * compile on one of 3.x or 4.x).
 */
-#if !defined(sgi) && !defined(__NetBSD__) && !defined(__FreeBSD__)
+#if !defined(sgi) && !defined(__NetBSD__) && !defined(__FreeBSD__) && \
       !defined(_UNICOSMP)
 extern int ether_hostton(char *, struct ether_addr *);
 #endif
--- a/contrib/libpcap/nlpid.h
+++ b/contrib/libpcap/nlpid.h
@ -16,7 +16,7 @@
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
 * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/nlpid.h,v 1.1 2000/10/28 09:30:22 guy Exp $ (Juniper)
+ * @(#) $Header: /tcpdump/master/libpcap/nlpid.h,v 1.2 2002/12/06 00:01:34 hannes Exp $ (Juniper)
 */
 /* Types missing from some systems */
@ -36,6 +36,21 @@
 #ifndef	ISO10589_ISIS
 #define	ISO10589_ISIS		0x83
 #endif
 /*
 * this does not really belong in the nlpid.h file
 * however we need it for generating nice
 * IS-IS related BPF filters
 */
 #define ISIS_L1_LAN_IIH      15
 #define ISIS_L2_LAN_IIH      16
 #define ISIS_PTP_IIH         17
 #define ISIS_L1_LSP          18
 #define ISIS_L2_LSP          20
 #define ISIS_L1_CSNP         24
 #define ISIS_L2_CSNP         25
 #define ISIS_L1_PSNP         26
 #define ISIS_L2_PSNP         27
 #ifndef ISO8878A_CONS
 #define	ISO8878A_CONS		0x84
 #endif
--- a/contrib/libpcap/packaging/pcap.spec
+++ b/contrib/libpcap/packaging/pcap.spec
@ -1,65 +0,0 @@
 %define prefix   /usr
 %define version 0.8
 Summary: packet capture library
 Name: libpcap
 Version: %version
 Release: 1
 Group: Development/Libraries
 Copyright: BSD
 Source: libpcap-0.8.tar.gz
 BuildRoot: /tmp/%{name}-buildroot
 URL: http://www.tcpdump.org
 %description
 Packet-capture library LIBPCAP 0.8
 Now maintained by "The Tcpdump Group"
 See http://www.tcpdump.org
 Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
 %prep
 %setup
 %post
 ldconfig
 %build
 CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix
 make
 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/usr/{lib,include}
 mkdir -p $RPM_BUILD_ROOT/usr/share/man
 mkdir -p $RPM_BUILD_ROOT/usr/include/net
 mkdir -p $RPM_BUILD_ROOT/usr/man/man3
 make install DESTDIR=$RPM_BUILD_ROOT mandir=/usr/share/man
 cd $RPM_BUILD_ROOT/usr/lib
 V1=`echo 0.8 | sed 's/\\.[^\.]*$//g'`
 V2=`echo 0.8 | sed 's/\\.[^\.]*\.[^\.]*$//g'`
 ln -sf libpcap.so.0.8 libpcap.so.$V1
 if test "$V2" -ne "$V1"; then
    ln -sf libpcap.so.$V1 libpcap.so.$V2
    ln -sf libpcap.so.$V2 libpcap.so
 else
    ln -sf libpcap.so.$V1 libpcap.so
 fi
 #install -m 755 -o root libpcap.a $RPM_BUILD_ROOT/usr/lib
 #install -m 644 -o root pcap.3 $RPM_BUILD_ROOT/usr/man/man3
 #install -m 644 -o root pcap.h $RPM_BUILD_ROOT/usr/include
 #install -m 644 -o root pcap-bpf.h $RPM_BUILD_ROOT/usr/include/net
 #install -m 644 -o root pcap-namedb.h $RPM_BUILD_ROOT/usr/include
 %clean
 rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(-,root,root)
 %doc LICENSE CHANGES INSTALL.txt README.linux TODO VERSION CREDITS packaging/pcap.spec
 /usr/lib/libpcap.a
 /usr/share/man/man3/*
 /usr/include/pcap.h
 /usr/include/pcap-bpf.h
 /usr/include/pcap-namedb.h
 /usr/lib/libpcap.so*
--- a/contrib/libpcap/pcap-int.h
+++ b/contrib/libpcap/pcap-int.h
@ -30,9 +30,8 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.33 2001/08/24 07:46:52 guy Exp $ (LBL)
 *
 * $FreeBSD$
 * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.55.2.4 2003/12/15 01:42:24 guy Exp $ (LBL)
 */
 #ifndef pcap_int_h
@ -44,13 +43,24 @@ extern "C" {
 #include <pcap.h>
 #ifdef WIN32
 #include <packet32.h>
 #endif /* WIN32 */
 /*
 * Savefile
 */
 typedef enum {
 	NOT_SWAPPED,
 	SWAPPED,
 	MAYBE_SWAPPED
 } swapped_type_t;
 struct pcap_sf {
 	FILE *rfile;
 	int swapped;
 	int hdrsize;
 	swapped_type_t lengths_swapped;
 	int version_major;
 	int version_minor;
 	u_char *base;
@ -71,18 +81,36 @@ struct pcap_md {
 	int	clear_promisc;	/* must clear promiscuous mode when we close */
 	int	cooked;		/* using SOCK_DGRAM rather than SOCK_RAW */
 	int	lo_ifindex;	/* interface index of the loopback device */
-	char 	*device;	/* device name */
+	char	*device;	/* device name */
 	struct pcap *next;	/* list of open promiscuous sock_packet pcaps */
 #endif
 #ifdef HAVE_DAG_API
 	void	*dag_mem_base;	/* DAG card memory base address */
 	u_int	dag_mem_bottom;	/* DAG card current memory bottom pointer */
 	u_int	dag_mem_top;	/* DAG card current memory top pointer */
 	int	dag_fcs_bits;	/* Number of checksum bits from link layer */
 	int dag_offset_flags; /* Flags to pass to dag_offset(). */
 #endif
 };
 struct pcap {
 #ifdef WIN32
 	ADAPTER *adapter;
 	LPPACKET Packet;
 	int timeout;
 	int nonblock;
 #else
 	int fd;
 	int selectable_fd;
 #endif /* WIN32 */
 	int snapshot;
 	int linktype;
 	int tzoff;		/* timezone offset */
 	int offset;		/* offset for proper alignment */
 	int break_loop;		/* flag set to force break from packet-reading loop */
 	struct pcap_sf sf;
 	struct pcap_md md;
@ -99,15 +127,27 @@ struct pcap {
 	 */
 	u_char *pkt;
-	
+	/*
 	 * Methods.
 	 */
 	int	(*read_op)(pcap_t *, int cnt, pcap_handler, u_char *);
 	int	(*setfilter_op)(pcap_t *, struct bpf_program *);
 	int	(*set_datalink_op)(pcap_t *, int);
 	int	(*getnonblock_op)(pcap_t *, char *);
 	int	(*setnonblock_op)(pcap_t *, int, char *);
 	int	(*stats_op)(pcap_t *, struct pcap_stat *);
 	void	(*close_op)(pcap_t *);
 	/*
 	 * Placeholder for filter code if bpf not in kernel.
 	 */
 	struct bpf_program fcode;
-	char errbuf[PCAP_ERRBUF_SIZE];
+	char errbuf[PCAP_ERRBUF_SIZE + 1];
 	int dlt_count;
 	int *dlt_list;
 	struct pcap_pkthdr pcap_header;	/* This is needed for the pcap_next_ex() to work */
 };
 /*
@ -182,6 +222,7 @@ int	yylex(void);
 int	pcap_offline_read(pcap_t *, int, pcap_handler, u_char *);
 int	pcap_read(pcap_t *, int cnt, pcap_handler, u_char *);
 /*
 * Ultrix, DEC OSF/1^H^H^H^H^H^H^H^H^HDigital UNIX^H^H^H^H^H^H^H^H^H^H^H^H
 * Tru64 UNIX, and NetBSD pad to make everything line up on a nice boundary.
@ -197,8 +238,46 @@ int	pcap_read(pcap_t *, int cnt, pcap_handler, u_char *);
 	 strlen((y)))
 #endif
-#ifdef linux
+#include <stdarg.h>
-void	pcap_close_linux(pcap_t *);
+
 #if !defined(HAVE_SNPRINTF)
 #define snprintf pcap_snprintf
 extern int snprintf (char *, size_t, const char *, ...);
 #endif
 #if !defined(HAVE_VSNPRINTF)
 #define vsnprintf pcap_vsnprintf
 extern int vsnprintf (char *, size_t, const char *, va_list ap);
 #endif
 /*
 * Routines that most pcap implementations can use for non-blocking mode.
 */
 #ifndef WIN32
 int	pcap_getnonblock_fd(pcap_t *, char *);
 int	pcap_setnonblock_fd(pcap_t *p, int, char *);
 #endif
 /*
 * Internal interfaces for "pcap_findalldevs()".
 *
 * "pcap_platform_finddevs()" is a platform-dependent routine to
 * add devices not found by the "standard" mechanisms (SIOCGIFCONF,
 * "getifaddrs()", etc..
 *
 * "pcap_add_if()" adds an interface to the list of interfaces.
 */
 int	pcap_platform_finddevs(pcap_if_t **, char *);
 int	add_addr_to_iflist(pcap_if_t **, char *, u_int, struct sockaddr *,
 	    size_t, struct sockaddr *, size_t, struct sockaddr *, size_t,
 	    struct sockaddr *, size_t, char *);
 int	pcap_add_if(pcap_if_t **, char *, u_int, const char *, char *);
 struct sockaddr *dup_sockaddr(struct sockaddr *, size_t);
 int	add_or_find_if(pcap_if_t **, pcap_if_t **, const char *, u_int,
 	    const char *, char *);
 #ifdef WIN32
 char	*pcap_win32strerror(void);
 #endif
 /* XXX */
@ -206,6 +285,8 @@ extern	int pcap_fddipad;
 int	install_bpf_program(pcap_t *, struct bpf_program *);
 int	pcap_strcasecmp(const char *, const char *);
 #ifdef __cplusplus
 }
 #endif
--- a/contrib/libpcap/pcap.3
+++ b/contrib/libpcap/pcap.3
@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.31 2001/12/29 21:57:07 guy Exp $
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.51.2.9 2004/03/28 21:45:32 fenner Exp $
 .\"
 .\" Copyright (c) 1994, 1996, 1997
 .\"	The Regents of the University of California.  All rights reserved.
@ -21,7 +21,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.TH PCAP 3 "3 January 2001"
+.TH PCAP 3 "27 February 2004"
 .SH NAME
 pcap \- Packet Capture library
 .SH SYNOPSIS
@ -36,12 +36,12 @@ char errbuf[PCAP_ERRBUF_SIZE];
 .ft
 .LP
 .ft B
-pcap_t *pcap_open_live(char *device, int snaplen,
+pcap_t *pcap_open_live(const char *device, int snaplen,
 .ti +8
 int promisc, int to_ms, char *errbuf)
 pcap_t *pcap_open_dead(int linktype, int snaplen)
-pcap_t *pcap_open_offline(char *fname, char *errbuf)
+pcap_t *pcap_open_offline(const char *fname, char *errbuf)
-pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname)
+pcap_dumper_t *pcap_dump_open(pcap_t *p, const char *fname)
 .ft
 .LP
 .ft B
@ -51,9 +51,9 @@ int pcap_getnonblock(pcap_t *p, char *errbuf);
 .LP
 .ft B
 int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
-void pcap_freealldevs(pcap_if_t *)
+void pcap_freealldevs(pcap_if_t *alldevs)
 char *pcap_lookupdev(char *errbuf)
-int pcap_lookupnet(char *device, bpf_u_int32 *netp,
+int pcap_lookupnet(const char *device, bpf_u_int32 *netp,
 .ti +8
 bpf_u_int32 *maskp, char *errbuf)
 .ft
@ -79,13 +79,23 @@ void pcap_freecode(struct bpf_program *);
 .ft
 .LP
 .ft B
-u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h)
+const u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h)
 int pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
 .ti +8
 const u_char **pkt_data)
 .ft
 .LP
 .ft B
 void pcap_breakloop(pcap_t *)
 .ft
 .LP
 .ft B
 int pcap_datalink(pcap_t *p)
 int pcap_list_datalinks(pcap_t *p, int **dlt_buf);
 int pcap_set_datalink(pcap_t *p, int dlt);
 int pcap_datalink_name_to_val(const char *name);
 const char *pcap_datalink_val_to_name(int dlt);
 const char *pcap_datalink_val_to_description(int dlt);
 int pcap_snapshot(pcap_t *p)
 int pcap_is_swapped(pcap_t *p)
 int pcap_major_version(pcap_t *p)
@ -93,13 +103,17 @@ int pcap_minor_version(pcap_t *p)
 int pcap_stats(pcap_t *p, struct pcap_stat *ps)
 FILE *pcap_file(pcap_t *p)
 int pcap_fileno(pcap_t *p)
 int pcap_get_selectable_fd(pcap_t *p)
 void pcap_perror(pcap_t *p, char *prefix)
 char *pcap_geterr(pcap_t *p)
 char *pcap_strerror(int error)
 const char *pcap_lib_version(void)
 .ft
 .LP
 .ft B
 void pcap_close(pcap_t *p)
 int pcap_dump_flush(pcap_dumper_t *p)
 FILE *pcap_dump_file(pcap_dumper_t *p)
 void pcap_dump_close(pcap_dumper_t *p)
 .ft
 .fi
@ -137,7 +151,12 @@ argument of "any" or
 .B NULL
 can be used to capture packets from all interfaces.
 .I snaplen
-specifies the maximum number of bytes to capture.
+specifies the maximum number of bytes to capture.  If this value is less
 than the size of a packet that is captured, only the first
 .I snaplen
 bytes of that packet will be captured and provided as packet data.  A
 value of 65535 should be sufficient, on most if not all networks, to
 capture all the data available from the packet.
 .I promisc
 specifies if the interface is to be put into promiscuous mode.
 (Note that even if this parameter is false, the interface
@ -152,7 +171,11 @@ arrange that the read not necessarily return immediately when a packet
 is seen, but that it wait for some amount of time to allow more packets
 to arrive and to read multiple packets from the OS kernel in one
 operation.  Not all platforms support a read timeout; on platforms that
-don't, the read timeout is ignored.
+don't, the read timeout is ignored.  A zero value for
 .IR to_ms ,
 on platforms that support a read timeout,
 will cause a read to wait forever to allow enough packets to
 arrive, with no timeout.
 .I errbuf
 is used to return error or warning text.  It will be set to error text when
 .B pcap_open_live()
@ -333,6 +356,13 @@ to by
 may be null if the interface isn't a point-to-point interface
 .RE
 .PP
 .B \-1
 is returned on failure, in which case
 .B errbuf
 is filled in with an appropriate error message;
 .B 0
 is returned on success.
 .PP
 .B pcap_freealldevs()
 is used to free a list allocated by
 .BR pcap_findalldevs() .
@ -381,12 +411,45 @@ a
 .I u_char
 pointer which is passed in from
 .BR pcap_dispatch() ,
-a pointer to the
+a
-.I pcap_pkthdr
+.I const struct pcap_pkthdr
-struct (which precede the actual network headers and data),
+pointer to a structure with the following members:
 .RS
 .TP
 .B ts
 a
 .I struct timeval
 containing the time when the packet was captured
 .TP
 .B caplen
 a
 .I bpf_u_int32
 giving the number of bytes of the packet that are available from the
 capture
 .TP
 .B len
 a
 .I bpf_u_int32
 giving the length of the packet, in bytes (which might be more than the
 number of bytes available from the capture, if the length of the packet
 is larger than the maximum number of bytes to capture)
 .RE
 .PP
 and a
-.I u_char
+.I const u_char
-pointer to the packet data.
+pointer to the first
 .B caplen
 (as given in the
 .I struct pcap_pkthdr
 a pointer to which is passed to the callback routine)
 bytes of data from the packet (which won't necessarily be the entire
 packet; to capture the entire packet, you will have to provide a value
 for
 .I snaplen
 in your call to
 .B pcap_open_live()
 that is sufficiently large to get all of the packet's data - a value of
 65535 should be sufficient on most if not all networks).
 .PP
 The number of packets read is returned.
 0 is returned if no packets were read from a live capture (if, for
@ -401,6 +464,14 @@ an error in which case
 or
 .B pcap_geterr()
 may be used to display the error text.
 A return of \-2 indicates that the loop terminated due to a call to
 .B pcap_breakloop()
 before any packets were processed.
 .ft B
 If your application uses pcap_breakloop(),
 make sure that you explicitly check for \-1 and \-2, rather than just
 checking for a return value < 0.
 .ft R
 .PP
 .BR NOTE :
 when reading a live capture,
@ -435,7 +506,17 @@ A negative
 .I cnt
 causes
 .B pcap_loop()
-to loop forever (or at least until an error occurs).
+to loop forever (or at least until an error occurs).  \-1 is returned on
 an error; 0 is returned if
 .I cnt
 is exhausted; \-2 is returned if the loop terminated due to a call to
 .B pcap_breakloop()
 before any packets were processed.
 .ft B
 If your application uses pcap_breakloop(),
 make sure that you explicitly check for \-1 and \-2, rather than just
 checking for a return value < 0.
 .ft R
 .PP
 .B pcap_next()
 reads the next packet (by calling
@ -447,6 +528,107 @@ of 1) and returns a
 pointer to the data in that packet.  (The
 .I pcap_pkthdr
 struct for that packet is not supplied.)
 .B NULL
 is returned if an error occured, or if no packets were read from a live
 capture (if, for example, they were discarded because they didn't pass
 the packet filter, or if, on platforms that support a read timeout that
 starts before any packets arrive, the timeout expires before any packets
 arrive, or if the file descriptor for the capture device is in
 non-blocking mode and no packets were available to be read), or if no
 more packets are available in a ``savefile.''  Unfortunately, there is
 no way to determine whether an error occured or not.
 .PP
 .B pcap_next_ex()
 reads the next packet and returns a success/failure indication:
 .RS
 .TP
 1
 the packet was read without problems
 .TP
 0
 packets are being read from a live capture, and the timeout expired
 .TP
 \-1
 an error occurred while reading the packet
 .TP
 \-2
 packets are being read from a ``savefile'', and there are no more
 packets to read from the savefile.
 .RE
 .PP
 If the packet was read without problems, the pointer pointed to by the
 .I pkt_header
 argument is set to point to the
 .I pcap_pkthdr
 struct for the packet, and the
 pointer pointed to by the
 .I pkt_data
 argument is set to point to the data in the packet.
 .PP
 .B pcap_breakloop()
 sets a flag that will force
 .B pcap_dispatch()
 or
 .B pcap_loop()
 to return rather than looping; they will return the number of packets
 that have been processed so far, or \-2 if no packets have been
 processed so far.
 .PP
 This routine is safe to use inside a signal handler on UNIX or a console
 control handler on Windows, as it merely sets a flag that is checked
 within the loop.
 .PP
 The flag is checked in loops reading packets from the OS - a signal by
 itself will not necessarily terminate those loops - as well as in loops
 processing a set of packets returned by the OS.
 .ft B
 Note that if you are catching signals on UNIX systems that support
 restarting system calls after a signal, and calling pcap_breakloop()
 in the signal handler, you must specify, when catching those signals,
 that system calls should NOT be restarted by that signal.  Otherwise,
 if the signal interrupted a call reading packets in a live capture,
 when your signal handler returns after calling pcap_breakloop(), the
 call will be restarted, and the loop will not terminate until more
 packets arrive and the call completes.
 .PP
 Note also that, in a multi-threaded application, if one thread is
 blocked in
 .BR pcap_dispatch() ,
 .BR pcap_loop() ,
 .BR pcap_next() ,
 or
 .BR pcap_next_ex() ,
 a call to
 .B pcap_breakloop()
 in a different thread will not unblock that thread; you will need to use
 whatever mechanism the OS provides for breaking a thread out of blocking
 calls in order to unblock the thread, such as thread cancellation in
 systems that support POSIX threads.
 .ft R
 .PP
 Note that
 .B pcap_next()
 will, on some platforms, loop reading packets from the OS; that loop
 will not necessarily be terminated by a signal, so
 .B pcap_breakloop()
 should be used to terminate packet processing even if
 .B pcap_next()
 is being used.
 .PP
 .B pcap_breakloop()
 does not guarantee that no further packets will be processed by
 .B pcap_dispatch()
 or
 .B pcap_loop()
 after it is called; at most one more packet might be processed.
 .PP
 If \-2 is returned from
 .B pcap_dispatch()
 or
 .BR pcap_loop() ,
 the flag is cleared, so a subsequent call will resume reading packets. 
 If a positive number is returned, the flag is not cleared, so a
 subsequent call will return \-2 and clear the flag.
 .PP
 .B pcap_dump()
 outputs a packet to the ``savefile'' opened with
@ -474,8 +656,14 @@ struct and is filled in by
 .I optimize
 controls whether optimization on the resulting code is performed.
 .I netmask
-specifies the netmask of the local net.
+specifies the IPv4 netmask of the network on which packets are being
-A return of \-1 indicates an error in which case
+captured; it is used only when checking for IPv4 broadcast addresses in
 the filter program.  If the netmask of the network on which packets are
 being captured isn't known to the program, or if packets are being
 captured on the Linux "any" pseudo-interface that can capture on more
 than one network, a value of 0 can be supplied; tests for IPv4 broadcast
 addreses won't be done correctly, but all other tests in the filter
 program will be OK.  A return of \-1 indicates an error in which case
 .BR pcap_geterr()
 may be used to display the error text.
 .PP
@ -531,7 +719,7 @@ BSD loopback encapsulation; the link layer header is a 4-byte field, in
 .I host
 byte order, containing a PF_ value from
 .B socket.h
-for the network-layer protocol of the packet
+for the network-layer protocol of the packet.
 .IP
 Note that ``host byte order'' is the byte order of the machine on which
 the packets are captured, and the PF_ values are for the OS of the
@ -581,45 +769,48 @@ COMPRESSED_TCP, the compressed TCP/IP datagram header;
 .RE
 .RS 5
 .LP
-for a total of 16 bytes; the uncompressed IP datagram follows the header
+for a total of 16 bytes; the uncompressed IP datagram follows the header.
 .RE
 .TP 5
 .B DLT_PPP
 PPP; if the first 2 bytes are 0xff and 0x03, it's PPP in HDLC-like
 framing, with the PPP header following those two bytes, otherwise it's
-PPP without framing, and the packet begins with the PPP header
+PPP without framing, and the packet begins with the PPP header.
 .TP 5
 .B DLT_FDDI
 FDDI
 .TP 5
 .B DLT_ATM_RFC1483
 RFC 1483 LLC/SNAP-encapsulated ATM; the packet begins with an IEEE 802.2
-LLC header
+LLC header.
 .TP 5
 .B DLT_RAW
-raw IP; the packet begins with an IP header
+raw IP; the packet begins with an IP header.
 .TP 5
 .B DLT_PPP_SERIAL
 PPP in HDLC-like framing, as per RFC 1662, or Cisco PPP with HDLC
 framing, as per section 4.3.1 of RFC 1547; the first byte will be 0xFF
 for PPP in HDLC-like framing, and will be 0x0F or 0x8F for Cisco PPP
-with HDLC framing
+with HDLC framing.
 .TP 5
 .B DLT_PPP_ETHER
-PPPoE; the packet begins with a PPPoE header, as per RFC 2516
+PPPoE; the packet begins with a PPPoE header, as per RFC 2516.
 .TP 5
 .B DLT_C_HDLC
-Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547
+Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547.
 .TP 5
 .B DLT_IEEE802_11
 IEEE 802.11 wireless LAN
 .TP 5
 .B DLT_FRELAY
 Frame Relay
 .TP 5
 .B DLT_LOOP
 OpenBSD loopback encapsulation; the link layer header is a 4-byte field, in
 .I network
 byte order, containing a PF_ value from OpenBSD's
 .B socket.h
-for the network-layer protocol of the packet
+for the network-layer protocol of the packet.
 .IP
 Note that, if a ``savefile'' is being read, those PF_ values are
 .I not
@ -664,8 +855,168 @@ header or 4 for frames beginning with an 802.2 LLC header.
 .RE
 .TP 5
 .B DLT_LTALK
-Apple LocalTalk; the packet begins with an AppleTalk LLAP header
+Apple LocalTalk; the packet begins with an AppleTalk LLAP header.
 .TP 5
 .B DLT_PFLOG
 OpenBSD pflog; the link layer header contains, in order:
 .RS 10
 .LP
 a 1-byte header length, in host byte order;
 .LP
 a 4-byte PF_ value, in host byte order;
 .LP
 a 2-byte action code, in network byte order, which is one of:
 .RS 5
 .TP 5
 0
 passed
 .TP 5
 1
 dropped
 .TP 5
 2
 scrubbed
 .RE
 .LP
 a 2-byte reason code, in network byte order, which is one of:
 .RS 5
 .TP 5
 0
 match
 .TP 5
 1
 bad offset
 .TP 5
 2
 fragment
 .TP 5
 3
 short
 .TP 5
 4
 normalize
 .TP 5
 5
 memory
 .RE
 .LP
 a 16-character interface name;
 .LP
 a 16-character ruleset name (only meaningful if subrule is set);
 .LP
 a 4-byte rule number, in network byte order;
 .LP
 a 4-byte subrule number, in network byte order;
 .LP
 a 1-byte direction, in network byte order, which is one of:
 .RS 5
 .TP 5
 0
 incoming or outgoing
 .TP 5
 1
 incoming
 .TP 5
 2
 outgoing
 .RE
 .RE
 .TP 5
 .B DLT_PRISM_HEADER
 Prism monitor mode information followed by an 802.11 header.
 .TP 5
 .B DLT_IP_OVER_FC
 RFC 2625 IP-over-Fibre Channel, with the link-layer header being the
 Network_Header as described in that RFC.
 .TP 5
 .B DLT_SUNATM
 SunATM devices; the link layer header contains, in order:
 .RS 10
 .LP
 a 1-byte flag field, containing a direction flag in the uppermost bit,
 which is set for packets transmitted by the machine and clear for
 packets received by the machine, and a 4-byte traffic type in the
 low-order 4 bits, which is one of:
 .RS 5
 .TP 5
 0
 raw traffic
 .TP 5
 1
 LANE traffic
 .TP 5
 2
 LLC-encapsulated traffic
 .TP 5
 3
 MARS traffic
 .TP 5
 4
 IFMP traffic
 .TP 5
 5
 ILMI traffic
 .TP 5
 6
 Q.2931 traffic
 .RE
 .LP
 a 1-byte VPI value;
 .LP
 a 2-byte VCI field, in network byte order.
 .RE
 .TP 5
 .B DLT_IEEE802_11_RADIO
 link-layer information followed by an 802.11 header - see
 http://www.shaftnet.org/~pizza/software/capturefrm.txt for a description
 of the link-layer information.
 .TP 5
 .B DLT_ARCNET_LINUX
 ARCNET, with no exception frames, reassembled packets rather than raw
 frames, and an extra 16-bit offset field between the destination host
 and type bytes.
 .TP 5
 .B DLT_LINUX_IRDA
 Linux-IrDA packets, with a
 .B DLT_LINUX_SLL
 header followed by the IrLAP header.
 .RE
 .PP
 .B pcap_list_datalinks()
 is used to get a list of the supported data link types of the interface
 associated with the pcap descriptor.
 .B pcap_list_datalinks()
 allocates an array to hold the list and sets
 .IR *dlt_buf .
 The caller is responsible for freeing the array.
 .B \-1
 is returned on failure;
 otherwise, the number of data link types in the array is returned.
 .PP
 .B pcap_set_datalink()
 is used to set the current data link type of the pcap descriptor
 to the type specified by
 .IR dlt .
 .B \-1
 is returned on failure.
 .PP
 .B pcap_datalink_name_to_val()
 translates a data link type name, which is a
 .B DLT_
 name with the
 .B DLT_
 removed, to the corresponding data link type value.  The translation
 is case-insensitive.  
 .B \-1
 is returned on failure.
 .PP
 .B pcap_datalink_val_to_name()
 translates a data link type value to the corresponding data link type
 name.  NULL is returned on failure.
 .PP
 .B pcap_datalink_val_to_description()
 translates a data link type value to a short description of that data
 link type.  NULL is returned on failure.
 .PP
 .B pcap_list_datalinks()
 is used to get a list of the supported data link types of the interface
@ -687,7 +1038,7 @@ is returned on failure.
 .PP
 .B pcap_snapshot()
 returns the snapshot length specified when
-.B pcap_open_live
+.B pcap_open_live()
 was called.
 .PP
 .B pcap_is_swapped()
@ -695,12 +1046,10 @@ returns true if the current ``savefile'' uses a different byte order
 than the current system.
 .PP
 .B pcap_major_version()
-returns the major number of the version of the pcap used to write the
+returns the major number of the file format of the savefile;
 savefile.
 .PP
 .B pcap_minor_version()
-returns the minor number of the version of the pcap used to write the
+returns the minor number of the file format of the savefile.  The
-savefile.
+version number is stored in the header of the savefile.
 .PP
 .B pcap_file()
 returns the standard I/O stream of the ``savefile,'' if a ``savefile''
@ -731,6 +1080,67 @@ if a network device was opened with
 or \-1, if a ``savefile'' was opened with
 .BR pcap_open_offline() .
 .PP
 .B pcap_get_selectable_fd()
 returns, on UNIX, a file descriptor number for a file descriptor on
 which one can
 do a
 .B select()
 or
 .B poll()
 to wait for it to be possible to read packets without blocking, if such
 a descriptor exists, or \-1, if no such descriptor exists.  Some network
 devices opened with
 .B pcap_open_live()
 do not support
 .B select()
 or
 .B poll()
 (for example, regular network devices on FreeBSD 4.3 and 4.4, and Endace
 DAG devices), so \-1 is returned for those devices.
 .PP
 Note that on most versions of most BSDs (including Mac OS X)
 .B select()
 and
 .B poll()
 do not work correctly on BPF devices;
 .B pcap_get_selectable_fd()
 will return a file descriptor on most of those versions (the exceptions
 being FreeBSD 4.3 and 4.4), a simple
 .B select()
 or
 .B poll()
 will not return even after a timeout specified in
 .B pcap_open_live()
 expires.  To work around this, an application that uses
 .B select()
 or
 .B poll()
 to wait for packets to arrive must put the
 .B pcap_t
 in non-blocking mode, and must arrange that the
 .B select()
 or
 .B poll()
 have a timeout less than or equal to the timeout specified in
 .BR pcap_open_live() ,
 and must try to read packets after that timeout expires, regardless of
 whether
 .B select()
 or
 .B poll()
 indicated that the file descriptor for the
 .B pcap_t
 is ready to be read or not.  (That workaround will not work in FreeBSD
 4.3 and later; however, in FreeBSD 4.6 and later,
 .B select()
 and
 .B poll()
 work correctly on BPF devices, so the workaround isn't necessary,
 although it does no harm.)
 .PP
 .B pcap_get_selectable_fd()
 is not available on Windows.
 .PP
 .B pcap_perror()
 prints the text of the last pcap library error on
 .BR stderr ,
@ -752,11 +1162,28 @@ is provided in case
 .BR strerror (1)
 isn't available.
 .PP
 .B pcap_lib_version()
 returns a pointer to a string giving information about the version of
 the libpcap library being used; note that it contains more information
 than just a version number.
 .PP
 .B pcap_close()
 closes the files associated with
 .I p
 and deallocates resources.
 .PP
 .B pcap_dump_file()
 returns the standard I/O stream of the ``savefile'' opened by
 .BR pcap_dump_open().
 .PP
 .B pcap_dump_flush()
 flushes the output buffer to the ``savefile,'' so that any packets
 written with
 .B pcap_dump()
 but not yet written to the ``savefile'' will be written.
 .B \-1
 is returned on error, 0 on success.
 .PP
 .B pcap_dump_close()
 closes the ``savefile.''
 .PP
--- a/contrib/libpcap/pcap.h
+++ b/contrib/libpcap/pcap.h
@ -31,18 +31,23 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.34 2001/12/09 05:10:03 guy Exp $ (LBL)
 *
 * $FreeBSD$
 * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.45.2.4 2004/01/27 22:56:20 guy Exp $ (LBL)
 */
 #ifndef lib_pcap_h
 #define lib_pcap_h
 #ifdef WIN32
 #include <pcap-stdinc.h>
 #else /* WIN32 */
 #include <sys/types.h>
 #include <sys/time.h>
 #endif /* WIN32 */
-#include <net/bpf.h>
+#ifndef PCAP_DONT_INCLUDE_PCAP_BPF_H
 #include <pcap-bpf.h>
 #endif
 #include <stdio.h>
@ -131,6 +136,9 @@ struct pcap_stat {
 	u_int ps_recv;		/* number of packets received */
 	u_int ps_drop;		/* number of packets dropped */
 	u_int ps_ifdrop;	/* drops by interface XXX not yet supported */
 #ifdef WIN32
 	u_int bs_capt;		/* number of packets that reach the application */
 #endif /* WIN32 */
 };
 /*
@ -141,7 +149,7 @@ struct pcap_if {
 	char *name;		/* name to hand to "pcap_open_live()" */
 	char *description;	/* textual description of interface, or NULL */
 	struct pcap_addr *addresses;
-	u_int flags;		/* PCAP_IF_ interface flags */
+	bpf_u_int32 flags;	/* PCAP_IF_ interface flags */
 };
 #define PCAP_IF_LOOPBACK	0x00000001	/* interface is loopback */
@ -161,8 +169,8 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
 			     const u_char *);
 char	*pcap_lookupdev(char *);
-int	pcap_lookupnet(char *, bpf_u_int32 *, bpf_u_int32 *, char *);
+int	pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
-pcap_t	*pcap_open_live(char *, int, int, int, char *);
+pcap_t	*pcap_open_live(const char *, int, int, int, char *);
 pcap_t	*pcap_open_dead(int, int);
 pcap_t	*pcap_open_offline(const char *, char *);
 void	pcap_close(pcap_t *);
@ -170,6 +178,8 @@ int	pcap_loop(pcap_t *, int, pcap_handler, u_char *);
 int	pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
 const u_char*
 	pcap_next(pcap_t *, struct pcap_pkthdr *);
 int 	pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
 void	pcap_breakloop(pcap_t *);
 int	pcap_stats(pcap_t *, struct pcap_stat *);
 int	pcap_setfilter(pcap_t *, struct bpf_program *);
 int	pcap_getnonblock(pcap_t *, char *);
@ -185,6 +195,9 @@ void	pcap_freecode(struct bpf_program *);
 int	pcap_datalink(pcap_t *);
 int	pcap_list_datalinks(pcap_t *, int **);
 int	pcap_set_datalink(pcap_t *, int);
 int	pcap_datalink_name_to_val(const char *);
 const char *pcap_datalink_val_to_name(int);
 const char *pcap_datalink_val_to_description(int);
 int	pcap_snapshot(pcap_t *);
 int	pcap_is_swapped(pcap_t *);
 int	pcap_major_version(pcap_t *);
@ -195,18 +208,50 @@ FILE	*pcap_file(pcap_t *);
 int	pcap_fileno(pcap_t *);
 pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
 int	pcap_dump_flush(pcap_dumper_t *);
 void	pcap_dump_close(pcap_dumper_t *);
 void	pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
 FILE	*pcap_dump_file(pcap_dumper_t *);
 int	pcap_findalldevs(pcap_if_t **, char *);
 void	pcap_freealldevs(pcap_if_t *);
 const char *pcap_lib_version(void);
 /* XXX this guy lives in the bpf tree */
 u_int	bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
 int	bpf_validate(struct bpf_insn *f, int len);
 char	*bpf_image(struct bpf_insn *, int);
 void	bpf_dump(struct bpf_program *, int);
 #ifdef WIN32
 /*
 * Win32 definitions
 */
 int pcap_setbuff(pcap_t *p, int dim);
 int pcap_setmode(pcap_t *p, int mode);
 int pcap_sendpacket(pcap_t *p, u_char *buf, int size);
 int pcap_setmintocopy(pcap_t *p, int size);
 #ifdef WPCAP
 /* Include file with the wpcap-specific extensions */
 #include <Win32-Extensions.h>
 #endif
 #define MODE_CAPT 0
 #define MODE_STAT 1
 #define MODE_MON 2
 #else
 /*
 * UN*X definitions
 */
 int	pcap_get_selectable_fd(pcap_t *);
 #endif /* WIN32 */
 #ifdef __cplusplus
 }
 #endif
--- a/contrib/libpcap/scanner.l
+++ b/contrib/libpcap/scanner.l
@ -23,33 +23,38 @@
 */
 #ifndef lint
-static const char rcsid[] =
+static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.81 2001/09/14 01:40:57 fenner Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.95.2.3 2004/03/28 21:45:33 fenner Exp $ (LBL)";
 #endif
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <sys/types.h>
 #include <sys/time.h>
 #include <ctype.h>
 #include <unistd.h>
 #include <string.h>
 #include "pcap-int.h"
 #include "gencode.h"
 #include <pcap-namedb.h>
 #ifdef INET6
-#include <netdb.h>
+#ifdef WIN32
-#include <sys/socket.h>
+#include <pcap-stdinc.h>
 #ifdef __MINGW32__
 #include "IP6_misc.h"
 #endif
 #else /* WIN32 */
 #include <sys/socket.h>	/* for "struct sockaddr" in "struct addrinfo" */
 #include <netdb.h>	/* for "struct addrinfo" */
 #endif /* WIN32 */
 /* Workaround for AIX 4.3 */
 #if !defined(AI_NUMERICHOST)
 #define AI_NUMERICHOST 0x04
 #endif
 #endif /*INET6*/
 #include <pcap-namedb.h>
 #include "tokdefs.h"
 #ifdef HAVE_OS_PROTO_H
@ -77,11 +82,11 @@ N		([0-9]+|(0X|0x)[0-9A-Fa-f]+)
 B		([0-9A-Fa-f][0-9A-Fa-f]?)
 W		([0-9A-Fa-f][0-9A-Fa-f]?[0-9A-Fa-f]?[0-9A-Fa-f]?)
-%a 15000
+%a 16000
-%o 17000
+%o 19000
 %e 6000
 %k 4000
-%p 19000
+%p 25000
 %n 2000
 V680		{W}:{W}:{W}:{W}:{W}:{W}:{W}:{W}
@ -167,7 +172,7 @@ dst		return DST;
 src		return SRC;
 link|ether|ppp|slip  return LINK;
-fddi|tr		return LINK;
+fddi|tr|wlan	return LINK;
 arp		return ARP;
 rarp		return RARP;
 ip		return IP;
@ -210,6 +215,14 @@ esis		return ESIS;
 es-is		return ESIS;
 isis		return ISIS;
 is-is		return ISIS;
 l1              return L1;
 l2              return L2;
 iih             return IIH;
 lsp             return LSP;
 snp             return SNP;
 csnp            return CSNP;
 psnp            return PSNP;
 clnp		return CLNP;
 stp		return STP;
@ -220,7 +233,7 @@ netbeui		return NETBEUI;
 host		return HOST;
 net		return NET;
-mask		return MASK;
+mask		return NETMASK;
 port		return PORT;
 proto		return PROTO;
 protochain	{
@ -235,7 +248,7 @@ gateway		return GATEWAY;
 less		return LESS;
 greater		return GREATER;
-byte		return BYTE;
+byte		return CBYTE;
 broadcast	return TK_BROADCAST;
 multicast	return TK_MULTICAST;
@ -249,7 +262,29 @@ outbound	return OUTBOUND;
 vlan		return VLAN;
-[ \n\t]			;
+lane		return LANE;
 llc		return LLC;
 metac		return METAC;
 bcc		return BCC;
 oam		return OAM;
 oamf4		return OAMF4;
 oamf4ec		return OAMF4EC;
 oamf4sc		return OAMF4SC;
 sc		return SC;
 ilmic		return ILMIC;
 vpi		return VPI;
 vci		return VCI;
 connectmsg	return CONNECTMSG;
 metaconnect	return METACONNECT;
 on|ifname	return PF_IFNAME;
 rset|ruleset	return PF_RSET;
 rnr|rulenum	return PF_RNR;
 srnr|subrulenum	return PF_SRNR;
 reason		return PF_REASON;
 action		return PF_ACTION;
 [ \r\n\t]		;
 [+\-*/:\[\]!<>()&|=]	return yytext[0];
 ">="			return GEQ;
 "<="			return LEQ;
@ -273,7 +308,7 @@ ${B}			{ yylval.e = pcap_ether_aton(((char *)yytext)+1);
 			  if (getaddrinfo(yytext, NULL, &hints, &res))
 				bpf_error("bogus IPv6 address %s", yytext);
 			  else {
-				yylval.e = sdup((char *)yytext); return HID6;
+				yylval.s = sdup((char *)yytext); return HID6;
 			  }
 #else
 			  bpf_error("IPv6 address %s not supported", yytext);
--- a/lib/libpcap/Makefile
+++ b/lib/libpcap/Makefile
@ -1,18 +1,20 @@
 # Makefile for libpcap
 # $FreeBSD$
-LIB=    pcap
+LIB=	pcap
-SRCS=	grammar.y tokdefs.h pcap-bpf.c \
+SRCS=	grammar.y tokdefs.h version.h pcap-bpf.c \
-	pcap.c inet.c gencode.c optimize.c nametoaddr.c \
+	pcap.c inet.c fad-getad.c gencode.c optimize.c nametoaddr.c \
 	etherent.c savefile.c bpf_filter.c bpf_image.c bpf_dump.c \
 	scanner.l version.c
 INCS=	pcap.h pcap-int.h pcap-namedb.h
 MAN=	pcap.3
-CLEANFILES=tokdefs.h version.c
+CLEANFILES=tokdefs.h version.h version.c
 YFLAGS+=-p pcapyy
 LFLAGS+=-Ppcapyy
 CFLAGS+=-DHAVE_CONFIG_H -Dyylval=pcapyylval -I${.CURDIR} -I.
 CFLAGS+=-D_U_="__attribute__((unused))"
 CFLAGS+=-DHAVE_SNPRINTF -DHAVE_VSNPRINTF
 .if !defined(NOINET6)
 CFLAGS+=-DINET6
 .endif
@ -31,6 +33,10 @@ version.c: ${PCAP_DISTDIR}/VERSION
 	@rm -f $@
 	sed 's/.*/char pcap_version[] = "&";/' ${PCAP_DISTDIR}/VERSION > $@
 version.h: ${PCAP_DISTDIR}/VERSION
 	@rm -f $@
 	sed 's/.*/char pcap_version_string[] = "libpcap version &";/' ${PCAP_DISTDIR}/VERSION > $@
 tokdefs.h: grammar.h
 	ln -sf grammar.h tokdefs.h