freebsd-skq/contrib/libpcap/sf-pcap-ng.c

1110 lines
27 KiB
C
Raw Normal View History

Update libpcap to 1.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 1.1.1 libpcap release Update CHANGES to reflect more of the changes in 1.1.0. Fix build on RHEL5. Fix shared library build on AIX. Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 1.1.0 libpcap release Add SocketCAN capture support Add Myricom SNF API support Update Endace DAG and ERF support Add support for shared libraries on Solaris, HP-UX, and AIX Build, install, and un-install shared libraries by default; don't build/install shared libraries on platforms we don't support Fix building from a directory other than the source directory Fix compiler warnings and builds on some platforms Update config.guess and config.sub Support monitor mode on mac80211 devices on Linux Fix USB memory-mapped capturing on Linux; it requires a new DLT_ value On Linux, scan /sys/class/net for devices if we have it; scan it, or /proc/net/dev if we don't have /sys/class/net, even if we have getifaddrs(), as it'll find interfaces with no addresses Add limited support for reading pcap-ng files Fix BPF driver-loading error handling on AIX Support getting the full-length interface description on FreeBSD In the lexical analyzer, free up any addrinfo structure we got back from getaddrinfo(). Add support for BPF and libdlpi in OpenSolaris (and SXCE) Hyphenate "link-layer" everywhere Add /sys/kernel/debug/usb/usbmon to the list of usbmon locations In pcap_read_linux_mmap(), if there are no frames available, call poll() even if we're in non-blocking mode, so we pick up errors, and check for the errors in question. Note that poll() works on BPF devices is Snow Leopard If an ENXIO or ENETDOWN is received, it may mean the device has gone away. Deal with it. For BPF, raise the default capture buffer size to from 32k to 512k Support ps_ifdrop on Linux Added a bunch of #ifdef directives to make wpcap.dll (WinPcap) compile under cygwin. Changes to Linux mmapped captures. Fix bug where create_ring would fail for particular snaplen and buffer size combinations Update pcap-config so that it handles libpcap requiring additional libraries Add workaround for threadsafeness on Windows Add missing mapping for DLT_ENC <-> LINKTYPE_ENC DLT: Add DLT_CAN_SOCKETCAN DLT: Add Solaris ipnet Don't check for DLT_IPNET if it's not defined Add link-layer types for Fibre Channel FC-2 Add link-layer types for Wireless HART Add link-layer types for AOS Add link-layer types for DECT Autoconf fixes (AIX, HP-UX, OSF/1, Tru64 cleanups) Install headers unconditionally, and include vlan.h/bluetooth.h if enabled Autoconf fixes+cleanup Support enabling/disabling bluetooth (--{en,dis}able-bluetooth) Support disabling SITA support (--without-sita) Return -1 on failure to create packet ring (if supported but creation failed) Fix handling of 'any' device, so that it can be opened, and no longer attempt to open it in Monitor mode Add support for snapshot length for USB Memory-Mapped Interface Fix configure and build on recent Linux kernels Fix memory-mapped Linux capture to support pcap_next() and pcap_next_ex() Fixes for Linux USB capture DLT: Add DLT_LINUX_EVDEV DLT: Add DLT_GSMTAP_UM DLT: Add DLT_GSMTAP_ABIS
2010-10-28 16:22:13 +00:00
/*
* Copyright (c) 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code distributions
* retain the above copyright notice and this paragraph in its entirety, (2)
* distributions including binary code include the above copyright notice and
* this paragraph in its entirety in the documentation or other materials
* provided with the distribution, and (3) all advertising materials mentioning
* features or use of this software display the following acknowledgement:
* ``This product includes software developed by the University of California,
* Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
* the University nor the names of its contributors may be used to endorse
* or promote products derived from this software without specific prior
* written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* sf-pcap-ng.c - pcap-ng-file-format-specific code from savefile.c
*/
#ifndef lint
static const char rcsid[] _U_ =
"@(#) $Header$ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef WIN32
#include <pcap-stdinc.h>
#else /* WIN32 */
#if HAVE_INTTYPES_H
#include <inttypes.h>
#elif HAVE_STDINT_H
#include <stdint.h>
#endif
#ifdef HAVE_SYS_BITYPES_H
#include <sys/bitypes.h>
#endif
#include <sys/types.h>
#endif /* WIN32 */
#include <errno.h>
#include <memory.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "pcap-int.h"
#include "pcap-common.h"
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
#endif
#include "sf-pcap-ng.h"
/*
* Block types.
*/
/*
* Common part at the beginning of all blocks.
*/
struct block_header {
bpf_u_int32 block_type;
bpf_u_int32 total_length;
};
/*
* Common trailer at the end of all blocks.
*/
struct block_trailer {
bpf_u_int32 total_length;
};
/*
* Common options.
*/
#define OPT_ENDOFOPT 0 /* end of options */
#define OPT_COMMENT 1 /* comment string */
/*
* Option header.
*/
struct option_header {
u_short option_code;
u_short option_length;
};
/*
* Structures for the part of each block type following the common
* part.
*/
/*
* Section Header Block.
*/
#define BT_SHB 0x0A0D0D0A
struct section_header_block {
bpf_u_int32 byte_order_magic;
u_short major_version;
u_short minor_version;
u_int64_t section_length;
/* followed by options and trailer */
};
/*
* Byte-order magic value.
*/
#define BYTE_ORDER_MAGIC 0x1A2B3C4D
/*
* Current version number. If major_version isn't PCAP_NG_VERSION_MAJOR,
* that means that this code can't read the file.
*/
#define PCAP_NG_VERSION_MAJOR 1
/*
* Interface Description Block.
*/
#define BT_IDB 0x00000001
struct interface_description_block {
u_short linktype;
u_short reserved;
bpf_u_int32 snaplen;
/* followed by options and trailer */
};
/*
* Options in the IDB.
*/
#define IF_NAME 2 /* interface name string */
#define IF_DESCRIPTION 3 /* interface description string */
#define IF_IPV4ADDR 4 /* interface's IPv4 address and netmask */
#define IF_IPV6ADDR 5 /* interface's IPv6 address and prefix length */
#define IF_MACADDR 6 /* interface's MAC address */
#define IF_EUIADDR 7 /* interface's EUI address */
#define IF_SPEED 8 /* interface's speed, in bits/s */
#define IF_TSRESOL 9 /* interface's time stamp resolution */
#define IF_TZONE 10 /* interface's time zone */
#define IF_FILTER 11 /* filter used when capturing on interface */
#define IF_OS 12 /* string OS on which capture on this interface was done */
#define IF_FCSLEN 13 /* FCS length for this interface */
#define IF_TSOFFSET 14 /* time stamp offset for this interface */
/*
* Enhanced Packet Block.
*/
#define BT_EPB 0x00000006
struct enhanced_packet_block {
bpf_u_int32 interface_id;
bpf_u_int32 timestamp_high;
bpf_u_int32 timestamp_low;
bpf_u_int32 caplen;
bpf_u_int32 len;
/* followed by packet data, options, and trailer */
};
/*
* Simple Packet Block.
*/
#define BT_SPB 0x00000003
struct simple_packet_block {
bpf_u_int32 len;
/* followed by packet data and trailer */
};
/*
* Packet Block.
*/
#define BT_PB 0x00000002
struct packet_block {
u_short interface_id;
u_short drops_count;
bpf_u_int32 timestamp_high;
bpf_u_int32 timestamp_low;
bpf_u_int32 caplen;
bpf_u_int32 len;
/* followed by packet data, options, and trailer */
};
/*
* Block cursor - used when processing the contents of a block.
* Contains a pointer into the data being processed and a count
* of bytes remaining in the block.
*/
struct block_cursor {
u_char *data;
size_t data_remaining;
bpf_u_int32 block_type;
};
static int pcap_ng_next_packet(pcap_t *p, struct pcap_pkthdr *hdr,
u_char **data);
static int
read_bytes(FILE *fp, void *buf, size_t bytes_to_read, int fail_on_eof,
char *errbuf)
{
size_t amt_read;
amt_read = fread(buf, 1, bytes_to_read, fp);
if (amt_read != bytes_to_read) {
if (ferror(fp)) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"error reading dump file: %s",
pcap_strerror(errno));
} else {
if (amt_read == 0 && !fail_on_eof)
return (0); /* EOF */
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"truncated dump file; tried to read %lu bytes, only got %lu",
(unsigned long)bytes_to_read,
(unsigned long)amt_read);
}
return (-1);
}
return (1);
}
static int
read_block(FILE *fp, pcap_t *p, struct block_cursor *cursor, char *errbuf)
{
int status;
struct block_header bhdr;
status = read_bytes(fp, &bhdr, sizeof(bhdr), 0, errbuf);
if (status <= 0)
return (status); /* error or EOF */
if (p->sf.swapped) {
bhdr.block_type = SWAPLONG(bhdr.block_type);
bhdr.total_length = SWAPLONG(bhdr.total_length);
}
/*
* Is this block "too big"?
*
* We choose 16MB as "too big", for now, so that we handle
* "reasonably" large buffers but don't chew up all the
* memory if we read a malformed file.
*/
if (bhdr.total_length > 16*1024*1024) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"pcap-ng block size %u > maximum %u",
bhdr.total_length, 16*1024*1024);
return (-1);
}
/*
* Is this block "too small" - i.e., is it shorter than a block
* header plus a block trailer?
*/
if (bhdr.total_length < sizeof(struct block_header) +
sizeof(struct block_trailer)) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"block in pcap-ng dump file has a length of %u < %lu",
bhdr.total_length,
(unsigned long)(sizeof(struct block_header) + sizeof(struct block_trailer)));
return (-1);
}
/*
* Is the buffer big enough?
*/
if (p->bufsize < bhdr.total_length) {
/*
* No - make it big enough.
*/
p->buffer = realloc(p->buffer, bhdr.total_length);
if (p->buffer == NULL) {
snprintf(errbuf, PCAP_ERRBUF_SIZE, "out of memory");
return (-1);
}
}
/*
* Copy the stuff we've read to the buffer, and read the rest
* of the block.
*/
memcpy(p->buffer, &bhdr, sizeof(bhdr));
if (read_bytes(fp, p->buffer + sizeof(bhdr),
bhdr.total_length - sizeof(bhdr), 1, errbuf) == -1)
return (-1);
/*
* Initialize the cursor.
*/
cursor->data = p->buffer + sizeof(bhdr);
cursor->data_remaining = bhdr.total_length - sizeof(bhdr) -
sizeof(struct block_trailer);
cursor->block_type = bhdr.block_type;
return (1);
}
static void *
get_from_block_data(struct block_cursor *cursor, size_t chunk_size,
char *errbuf)
{
void *data;
/*
* Make sure we have the specified amount of data remaining in
* the block data.
*/
if (cursor->data_remaining < chunk_size) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"block of type %u in pcap-ng dump file is too short",
cursor->block_type);
return (NULL);
}
/*
* Return the current pointer, and skip past the chunk.
*/
data = cursor->data;
cursor->data += chunk_size;
cursor->data_remaining -= chunk_size;
return (data);
}
static struct option_header *
get_opthdr_from_block_data(pcap_t *p, struct block_cursor *cursor, char *errbuf)
{
struct option_header *opthdr;
opthdr = get_from_block_data(cursor, sizeof(*opthdr), errbuf);
if (opthdr == NULL) {
/*
* Option header is cut short.
*/
return (NULL);
}
/*
* Byte-swap it if necessary.
*/
if (p->sf.swapped) {
opthdr->option_code = SWAPSHORT(opthdr->option_code);
opthdr->option_length = SWAPSHORT(opthdr->option_length);
}
return (opthdr);
}
static void *
get_optvalue_from_block_data(struct block_cursor *cursor,
struct option_header *opthdr, char *errbuf)
{
size_t padded_option_len;
void *optvalue;
/* Pad option length to 4-byte boundary */
padded_option_len = opthdr->option_length;
padded_option_len = ((padded_option_len + 3)/4)*4;
optvalue = get_from_block_data(cursor, padded_option_len, errbuf);
if (optvalue == NULL) {
/*
* Option value is cut short.
*/
return (NULL);
}
return (optvalue);
}
static int
process_idb_options(pcap_t *p, struct block_cursor *cursor, u_int *tsresol,
u_int64_t *tsoffset, char *errbuf)
{
struct option_header *opthdr;
void *optvalue;
int saw_tsresol, saw_tsoffset;
u_char tsresol_opt;
u_int i;
saw_tsresol = 0;
saw_tsoffset = 0;
while (cursor->data_remaining != 0) {
/*
* Get the option header.
*/
opthdr = get_opthdr_from_block_data(p, cursor, errbuf);
if (opthdr == NULL) {
/*
* Option header is cut short.
*/
return (-1);
}
/*
* Get option value.
*/
optvalue = get_optvalue_from_block_data(cursor, opthdr,
errbuf);
if (optvalue == NULL) {
/*
* Option value is cut short.
*/
return (-1);
}
switch (opthdr->option_code) {
case OPT_ENDOFOPT:
if (opthdr->option_length != 0) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block has opt_endofopt option with length %u != 0",
opthdr->option_length);
return (-1);
}
goto done;
case IF_TSRESOL:
if (opthdr->option_length != 1) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block has if_tsresol option with length %u != 1",
opthdr->option_length);
return (-1);
}
if (saw_tsresol) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block has more than one if_tsresol option");
return (-1);
}
saw_tsresol = 1;
tsresol_opt = *(u_int *)optvalue;
if (tsresol_opt & 0x80) {
/*
* Resolution is negative power of 2.
*/
*tsresol = 1 << (tsresol_opt & 0x7F);
} else {
/*
* Resolution is negative power of 10.
*/
*tsresol = 1;
for (i = 0; i < tsresol_opt; i++)
*tsresol *= 10;
}
if (*tsresol == 0) {
/*
* Resolution is too high.
*/
if (tsresol_opt & 0x80) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block if_tsresol option resolution 2^-%u is too high",
tsresol_opt & 0x7F);
} else {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block if_tsresol option resolution 10^-%u is too high",
tsresol_opt);
}
return (-1);
}
break;
case IF_TSOFFSET:
if (opthdr->option_length != 8) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block has if_tsoffset option with length %u != 8",
opthdr->option_length);
return (-1);
}
if (saw_tsoffset) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Interface Description Block has more than one if_tsoffset option");
return (-1);
}
saw_tsoffset = 1;
memcpy(tsoffset, optvalue, sizeof(*tsoffset));
if (p->sf.swapped)
*tsoffset = SWAPLL(*tsoffset);
break;
default:
break;
}
}
done:
return (0);
}
/*
* Check whether this is a pcap-ng savefile and, if it is, extract the
* relevant information from the header.
*/
int
pcap_ng_check_header(pcap_t *p, bpf_u_int32 magic, FILE *fp, char *errbuf)
{
size_t amt_read;
bpf_u_int32 total_length;
bpf_u_int32 byte_order_magic;
struct block_header *bhdrp;
struct section_header_block *shbp;
int status;
struct block_cursor cursor;
struct interface_description_block *idbp;
/*
* Check whether the first 4 bytes of the file are the block
* type for a pcap-ng savefile.
*/
if (magic != BT_SHB) {
/*
* XXX - check whether this looks like what the block
* type would be after being munged by mapping between
* UN*X and DOS/Windows text file format and, if it
* does, look for the byte-order magic number in
* the appropriate place and, if we find it, report
* this as possibly being a pcap-ng file transferred
* between UN*X and Windows in text file format?
*/
return (0); /* nope */
}
/*
* OK, they are. However, that's just \n\r\r\n, so it could,
* conceivably, be an ordinary text file.
*
* It could not, however, conceivably be any other type of
* capture file, so we can read the rest of the putative
* Section Header Block; put the block type in the common
* header, read the rest of the common header and the
* fixed-length portion of the SHB, and look for the byte-order
* magic value.
*/
amt_read = fread(&total_length, 1, sizeof(total_length), fp);
if (amt_read < sizeof(total_length)) {
if (ferror(fp)) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"error reading dump file: %s",
pcap_strerror(errno));
return (-1); /* fail */
}
/*
* Possibly a weird short text file, so just say
* "not pcap-ng".
*/
return (0);
}
amt_read = fread(&byte_order_magic, 1, sizeof(byte_order_magic), fp);
if (amt_read < sizeof(byte_order_magic)) {
if (ferror(fp)) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"error reading dump file: %s",
pcap_strerror(errno));
return (-1); /* fail */
}
/*
* Possibly a weird short text file, so just say
* "not pcap-ng".
*/
return (0);
}
if (byte_order_magic != BYTE_ORDER_MAGIC) {
byte_order_magic = SWAPLONG(byte_order_magic);
if (byte_order_magic != BYTE_ORDER_MAGIC) {
/*
* Not a pcap-ng file.
*/
return (0);
}
p->sf.swapped = 1;
total_length = SWAPLONG(total_length);
}
/*
* Check the sanity of the total length.
*/
if (total_length < sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"Section Header Block in pcap-ng dump file has a length of %u < %lu",
total_length,
(unsigned long)(sizeof(*bhdrp) + sizeof(*shbp) + sizeof(struct block_trailer)));
return (-1);
}
/*
* Allocate a buffer into which to read blocks. We default to
* the maximum of:
*
* the total length of the SHB for which we read the header;
*
* 2K, which should be more than large enough for an Enhanced
* Packet Block containing a full-size Ethernet frame, and
* leaving room for some options.
*
* If we find a bigger block, we reallocate the buffer.
*/
p->bufsize = 2048;
if (p->bufsize < total_length)
p->bufsize = total_length;
p->buffer = malloc(p->bufsize);
if (p->buffer == NULL) {
snprintf(errbuf, PCAP_ERRBUF_SIZE, "out of memory");
return (-1);
}
/*
* Copy the stuff we've read to the buffer, and read the rest
* of the SHB.
*/
bhdrp = (struct block_header *)p->buffer;
shbp = (struct section_header_block *)(p->buffer + sizeof(struct block_header));
bhdrp->block_type = magic;
bhdrp->total_length = total_length;
shbp->byte_order_magic = byte_order_magic;
if (read_bytes(fp,
p->buffer + (sizeof(magic) + sizeof(total_length) + sizeof(byte_order_magic)),
total_length - (sizeof(magic) + sizeof(total_length) + sizeof(byte_order_magic)),
1, errbuf) == -1)
goto fail;
if (p->sf.swapped) {
/*
* Byte-swap the fields we've read.
*/
shbp->major_version = SWAPSHORT(shbp->major_version);
shbp->minor_version = SWAPSHORT(shbp->minor_version);
/*
* XXX - we don't care about the section length.
*/
}
if (shbp->major_version != PCAP_NG_VERSION_MAJOR) {
snprintf(errbuf, PCAP_ERRBUF_SIZE,
"unknown pcap-ng savefile major version number %u",
shbp->major_version);
goto fail;
}
p->sf.version_major = shbp->major_version;
p->sf.version_minor = shbp->minor_version;
/*
* Set the default time stamp resolution and offset.
*/
p->sf.tsresol = 1000000; /* microsecond resolution */
p->sf.tsscale = 1; /* multiply by 1 to scale to microseconds */
p->sf.tsoffset = 0; /* absolute timestamps */
/*
* Now start looking for an Interface Description Block.
*/
for (;;) {
/*
* Read the next block.
*/
status = read_block(fp, p, &cursor, errbuf);
if (status == 0) {
/* EOF - no IDB in this file */
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"the capture file has no Interface Description Blocks");
goto fail;
}
if (status == -1)
goto fail; /* error */
switch (cursor.block_type) {
case BT_IDB:
/*
* Get a pointer to the fixed-length portion of the
* IDB.
*/
idbp = get_from_block_data(&cursor, sizeof(*idbp),
errbuf);
if (idbp == NULL)
goto fail; /* error */
/*
* Byte-swap it if necessary.
*/
if (p->sf.swapped) {
idbp->linktype = SWAPSHORT(idbp->linktype);
idbp->snaplen = SWAPLONG(idbp->snaplen);
}
/*
* Count this interface.
*/
p->sf.ifcount++;
/*
* Now look for various time stamp options, so
* we know how to interpret the time stamps.
*/
if (process_idb_options(p, &cursor, &p->sf.tsresol,
&p->sf.tsoffset, errbuf) == -1)
goto fail;
/*
* Compute the scaling factor to convert the
* sub-second part of the time stamp to
* microseconds.
*/
if (p->sf.tsresol > 1000000) {
/*
* Higher than microsecond resolution;
* scale down to microseconds.
*/
p->sf.tsscale = (p->sf.tsresol / 1000000);
} else {
/*
* Lower than microsecond resolution;
* scale up to microseconds.
*/
p->sf.tsscale = (1000000 / p->sf.tsresol);
}
goto done;
case BT_EPB:
case BT_SPB:
case BT_PB:
/*
* Saw a packet before we saw any IDBs. That's
* not valid, as we don't know what link-layer
* encapsulation the packet has.
*/
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"the capture file has a packet block before any Interface Description Blocks");
goto fail;
default:
/*
* Just ignore it.
*/
break;
}
}
done:
p->tzoff = 0; /* XXX - not used in pcap */
p->snapshot = idbp->snaplen;
p->linktype = linktype_to_dlt(idbp->linktype);
Update libpcap to 1.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 1.1.1 libpcap release Update CHANGES to reflect more of the changes in 1.1.0. Fix build on RHEL5. Fix shared library build on AIX. Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 1.1.0 libpcap release Add SocketCAN capture support Add Myricom SNF API support Update Endace DAG and ERF support Add support for shared libraries on Solaris, HP-UX, and AIX Build, install, and un-install shared libraries by default; don't build/install shared libraries on platforms we don't support Fix building from a directory other than the source directory Fix compiler warnings and builds on some platforms Update config.guess and config.sub Support monitor mode on mac80211 devices on Linux Fix USB memory-mapped capturing on Linux; it requires a new DLT_ value On Linux, scan /sys/class/net for devices if we have it; scan it, or /proc/net/dev if we don't have /sys/class/net, even if we have getifaddrs(), as it'll find interfaces with no addresses Add limited support for reading pcap-ng files Fix BPF driver-loading error handling on AIX Support getting the full-length interface description on FreeBSD In the lexical analyzer, free up any addrinfo structure we got back from getaddrinfo(). Add support for BPF and libdlpi in OpenSolaris (and SXCE) Hyphenate "link-layer" everywhere Add /sys/kernel/debug/usb/usbmon to the list of usbmon locations In pcap_read_linux_mmap(), if there are no frames available, call poll() even if we're in non-blocking mode, so we pick up errors, and check for the errors in question. Note that poll() works on BPF devices is Snow Leopard If an ENXIO or ENETDOWN is received, it may mean the device has gone away. Deal with it. For BPF, raise the default capture buffer size to from 32k to 512k Support ps_ifdrop on Linux Added a bunch of #ifdef directives to make wpcap.dll (WinPcap) compile under cygwin. Changes to Linux mmapped captures. Fix bug where create_ring would fail for particular snaplen and buffer size combinations Update pcap-config so that it handles libpcap requiring additional libraries Add workaround for threadsafeness on Windows Add missing mapping for DLT_ENC <-> LINKTYPE_ENC DLT: Add DLT_CAN_SOCKETCAN DLT: Add Solaris ipnet Don't check for DLT_IPNET if it's not defined Add link-layer types for Fibre Channel FC-2 Add link-layer types for Wireless HART Add link-layer types for AOS Add link-layer types for DECT Autoconf fixes (AIX, HP-UX, OSF/1, Tru64 cleanups) Install headers unconditionally, and include vlan.h/bluetooth.h if enabled Autoconf fixes+cleanup Support enabling/disabling bluetooth (--{en,dis}able-bluetooth) Support disabling SITA support (--without-sita) Return -1 on failure to create packet ring (if supported but creation failed) Fix handling of 'any' device, so that it can be opened, and no longer attempt to open it in Monitor mode Add support for snapshot length for USB Memory-Mapped Interface Fix configure and build on recent Linux kernels Fix memory-mapped Linux capture to support pcap_next() and pcap_next_ex() Fixes for Linux USB capture DLT: Add DLT_LINUX_EVDEV DLT: Add DLT_GSMTAP_UM DLT: Add DLT_GSMTAP_ABIS
2010-10-28 16:22:13 +00:00
p->linktype_ext = 0;
p->sf.next_packet_op = pcap_ng_next_packet;
return (1);
fail:
free(p->buffer);
return (-1);
}
/*
* Read and return the next packet from the savefile. Return the header
* in hdr and a pointer to the contents in data. Return 0 on success, 1
* if there were no more packets, and -1 on an error.
*/
static int
pcap_ng_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char **data)
{
struct block_cursor cursor;
int status;
struct enhanced_packet_block *epbp;
struct simple_packet_block *spbp;
struct packet_block *pbp;
bpf_u_int32 interface_id = 0xFFFFFFFF;
struct interface_description_block *idbp;
struct section_header_block *shbp;
FILE *fp = p->sf.rfile;
u_int tsresol;
u_int64_t tsoffset;
u_int64_t t, sec, frac;
/*
* Look for an Enhanced Packet Block, a Simple Packet Block,
* or a Packet Block.
*/
for (;;) {
/*
* Read the block type and length; those are common
* to all blocks.
*/
status = read_block(fp, p, &cursor, p->errbuf);
if (status == 0)
return (1); /* EOF */
if (status == -1)
return (-1); /* error */
switch (cursor.block_type) {
case BT_EPB:
/*
* Get a pointer to the fixed-length portion of the
* EPB.
*/
epbp = get_from_block_data(&cursor, sizeof(*epbp),
p->errbuf);
if (epbp == NULL)
return (-1); /* error */
/*
* Byte-swap it if necessary.
*/
if (p->sf.swapped) {
/* these were written in opposite byte order */
interface_id = SWAPLONG(epbp->interface_id);
hdr->caplen = SWAPLONG(epbp->caplen);
hdr->len = SWAPLONG(epbp->len);
t = ((u_int64_t)SWAPLONG(epbp->timestamp_high)) << 32 |
SWAPLONG(epbp->timestamp_low);
} else {
interface_id = epbp->interface_id;
hdr->caplen = epbp->caplen;
hdr->len = epbp->len;
t = ((u_int64_t)epbp->timestamp_high) << 32 |
epbp->timestamp_low;
}
goto found;
case BT_SPB:
/*
* Get a pointer to the fixed-length portion of the
* SPB.
*/
spbp = get_from_block_data(&cursor, sizeof(*spbp),
p->errbuf);
if (spbp == NULL)
return (-1); /* error */
/*
* SPB packets are assumed to have arrived on
* the first interface.
*/
interface_id = 0;
/*
* Byte-swap it if necessary.
*/
if (p->sf.swapped) {
/* these were written in opposite byte order */
hdr->len = SWAPLONG(spbp->len);
} else
hdr->len = spbp->len;
/*
* The SPB doesn't give the captured length;
* it's the minimum of the snapshot length
* and the packet length.
*/
hdr->caplen = hdr->len;
if (hdr->caplen > p->snapshot)
hdr->caplen = p->snapshot;
t = 0; /* no time stamps */
goto found;
case BT_PB:
/*
* Get a pointer to the fixed-length portion of the
* PB.
*/
pbp = get_from_block_data(&cursor, sizeof(*pbp),
p->errbuf);
if (pbp == NULL)
return (-1); /* error */
/*
* Byte-swap it if necessary.
*/
if (p->sf.swapped) {
/* these were written in opposite byte order */
interface_id = SWAPSHORT(pbp->interface_id);
hdr->caplen = SWAPLONG(pbp->caplen);
hdr->len = SWAPLONG(pbp->len);
t = ((u_int64_t)SWAPLONG(pbp->timestamp_high)) << 32 |
SWAPLONG(pbp->timestamp_low);
} else {
interface_id = pbp->interface_id;
hdr->caplen = pbp->caplen;
hdr->len = pbp->len;
t = ((u_int64_t)pbp->timestamp_high) << 32 |
pbp->timestamp_low;
}
goto found;
case BT_IDB:
/*
* Interface Description Block. Get a pointer
* to its fixed-length portion.
*/
idbp = get_from_block_data(&cursor, sizeof(*idbp),
p->errbuf);
if (idbp == NULL)
return (-1); /* error */
/*
* Byte-swap it if necessary.
*/
if (p->sf.swapped) {
idbp->linktype = SWAPSHORT(idbp->linktype);
idbp->snaplen = SWAPLONG(idbp->snaplen);
}
/*
* If the link-layer type or snapshot length
* differ from the ones for the first IDB we
* saw, quit.
*
* XXX - just discard packets from those
* interfaces?
*/
if (p->linktype != idbp->linktype) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"an interface has a type %u different from the type of the first interface",
idbp->linktype);
return (-1);
}
if (p->snapshot != idbp->snaplen) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"an interface has a snapshot length %u different from the type of the first interface",
idbp->snaplen);
return (-1);
}
/*
* Count this interface.
*/
p->sf.ifcount++;
/*
* Set the default time stamp resolution and offset.
*/
tsresol = 1000000; /* microsecond resolution */
tsoffset = 0; /* absolute timestamps */
/*
* Now look for various time stamp options, to
* make sure they're the same.
*
* XXX - we could, in theory, handle multiple
* different resolutions and offsets, but we
* don't do so for now.
*/
if (process_idb_options(p, &cursor, &tsresol, &tsoffset,
p->errbuf) == -1)
return (-1);
if (tsresol != p->sf.tsresol) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"an interface has a time stamp resolution different from the time stamp resolution of the first interface");
return (-1);
}
if (tsoffset != p->sf.tsoffset) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"an interface has a time stamp offset different from the time stamp offset of the first interface");
return (-1);
}
break;
case BT_SHB:
/*
* Section Header Block. Get a pointer
* to its fixed-length portion.
*/
shbp = get_from_block_data(&cursor, sizeof(*shbp),
p->errbuf);
if (shbp == NULL)
return (-1); /* error */
/*
* Assume the byte order of this section is
* the same as that of the previous section.
* We'll check for that later.
*/
if (p->sf.swapped) {
shbp->byte_order_magic =
SWAPLONG(shbp->byte_order_magic);
shbp->major_version =
SWAPSHORT(shbp->major_version);
}
/*
* Make sure the byte order doesn't change;
* pcap_is_swapped() shouldn't change its
* return value in the middle of reading a capture.
*/
switch (shbp->byte_order_magic) {
case BYTE_ORDER_MAGIC:
/*
* OK.
*/
break;
case SWAPLONG(BYTE_ORDER_MAGIC):
/*
* Byte order changes.
*/
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"the file has sections with different byte orders");
return (-1);
default:
/*
* Not a valid SHB.
*/
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"the file has a section with a bad byte order magic field");
return (-1);
}
/*
* Make sure the major version is the version
* we handle.
*/
if (shbp->major_version != PCAP_NG_VERSION_MAJOR) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"unknown pcap-ng savefile major version number %u",
shbp->major_version);
return (-1);
}
/*
* Reset the interface count; this section should
* have its own set of IDBs. If any of them
* don't have the same interface type, snapshot
* length, or resolution as the first interface
* we saw, we'll fail. (And if we don't see
* any IDBs, we'll fail when we see a packet
* block.)
*/
p->sf.ifcount = 0;
break;
default:
/*
* Not a packet block, IDB, or SHB; ignore it.
*/
break;
}
}
found:
/*
* Is the interface ID an interface we know?
*/
if (interface_id >= p->sf.ifcount) {
Update libpcap to 1.1.1. Changes: Thu. April 1, 2010. guy@alum.mit.edu. Summary for 1.1.1 libpcap release Update CHANGES to reflect more of the changes in 1.1.0. Fix build on RHEL5. Fix shared library build on AIX. Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 1.1.0 libpcap release Add SocketCAN capture support Add Myricom SNF API support Update Endace DAG and ERF support Add support for shared libraries on Solaris, HP-UX, and AIX Build, install, and un-install shared libraries by default; don't build/install shared libraries on platforms we don't support Fix building from a directory other than the source directory Fix compiler warnings and builds on some platforms Update config.guess and config.sub Support monitor mode on mac80211 devices on Linux Fix USB memory-mapped capturing on Linux; it requires a new DLT_ value On Linux, scan /sys/class/net for devices if we have it; scan it, or /proc/net/dev if we don't have /sys/class/net, even if we have getifaddrs(), as it'll find interfaces with no addresses Add limited support for reading pcap-ng files Fix BPF driver-loading error handling on AIX Support getting the full-length interface description on FreeBSD In the lexical analyzer, free up any addrinfo structure we got back from getaddrinfo(). Add support for BPF and libdlpi in OpenSolaris (and SXCE) Hyphenate "link-layer" everywhere Add /sys/kernel/debug/usb/usbmon to the list of usbmon locations In pcap_read_linux_mmap(), if there are no frames available, call poll() even if we're in non-blocking mode, so we pick up errors, and check for the errors in question. Note that poll() works on BPF devices is Snow Leopard If an ENXIO or ENETDOWN is received, it may mean the device has gone away. Deal with it. For BPF, raise the default capture buffer size to from 32k to 512k Support ps_ifdrop on Linux Added a bunch of #ifdef directives to make wpcap.dll (WinPcap) compile under cygwin. Changes to Linux mmapped captures. Fix bug where create_ring would fail for particular snaplen and buffer size combinations Update pcap-config so that it handles libpcap requiring additional libraries Add workaround for threadsafeness on Windows Add missing mapping for DLT_ENC <-> LINKTYPE_ENC DLT: Add DLT_CAN_SOCKETCAN DLT: Add Solaris ipnet Don't check for DLT_IPNET if it's not defined Add link-layer types for Fibre Channel FC-2 Add link-layer types for Wireless HART Add link-layer types for AOS Add link-layer types for DECT Autoconf fixes (AIX, HP-UX, OSF/1, Tru64 cleanups) Install headers unconditionally, and include vlan.h/bluetooth.h if enabled Autoconf fixes+cleanup Support enabling/disabling bluetooth (--{en,dis}able-bluetooth) Support disabling SITA support (--without-sita) Return -1 on failure to create packet ring (if supported but creation failed) Fix handling of 'any' device, so that it can be opened, and no longer attempt to open it in Monitor mode Add support for snapshot length for USB Memory-Mapped Interface Fix configure and build on recent Linux kernels Fix memory-mapped Linux capture to support pcap_next() and pcap_next_ex() Fixes for Linux USB capture DLT: Add DLT_LINUX_EVDEV DLT: Add DLT_GSMTAP_UM DLT: Add DLT_GSMTAP_ABIS
2010-10-28 16:22:13 +00:00
/*
* Yes. Fail.
*/
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"a packet arrived on interface %u, but there's no Interface Description Block for that interface",
interface_id);
return (-1);
}
/*
* Convert the time stamp to a struct timeval.
*/
sec = t / p->sf.tsresol + p->sf.tsoffset;
frac = t % p->sf.tsresol;
if (p->sf.tsresol > 1000000) {
/*
* Higher than microsecond resolution; scale down to
* microseconds.
*/
frac /= p->sf.tsscale;
} else {
/*
* Lower than microsecond resolution; scale up to
* microseconds.
*/
frac *= p->sf.tsscale;
}
hdr->ts.tv_sec = sec;
hdr->ts.tv_usec = frac;
/*
* Get a pointer to the packet data.
*/
*data = get_from_block_data(&cursor, hdr->caplen, p->errbuf);
if (*data == NULL)
return (-1);
if (p->sf.swapped) {
/*
* Convert pseudo-headers from the byte order of
* the host on which the file was saved to our
* byte order, as necessary.
*/
switch (p->linktype) {
case DLT_USB_LINUX:
swap_linux_usb_header(hdr, *data, 0);
break;
case DLT_USB_LINUX_MMAPPED:
swap_linux_usb_header(hdr, *data, 1);
break;
}
}
return (0);
}