1 /*
2  * Copyright (c) 2008 CACE Technologies, Davis (California)
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  * 3. Neither the name of CACE Technologies nor the names of its
15  * contributors may be used to endorse or promote products derived from
16  * this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  *
30  */
31 
32 #ifdef HAVE_CONFIG_H
33 #include <config.h>
34 #endif
35 
36 #include <pcap.h>
37 #include <pcap-int.h>
38 
39 #include "pcap-tc.h"
40 
41 #include <malloc.h>
42 #include <memory.h>
43 #include <string.h>
44 #include <errno.h>
45 
46 #ifdef _WIN32
47 #include <tchar.h>
48 #endif
49 
50 typedef TC_STATUS	(TC_CALLCONV *TcFcnQueryPortList)			(PTC_PORT *ppPorts, PULONG pLength);
51 typedef TC_STATUS	(TC_CALLCONV *TcFcnFreePortList)			(TC_PORT *pPorts);
52 
53 typedef PCHAR		(TC_CALLCONV *TcFcnStatusGetString)			(TC_STATUS status);
54 
55 typedef PCHAR		(TC_CALLCONV *TcFcnPortGetName)				(TC_PORT port);
56 typedef PCHAR		(TC_CALLCONV *TcFcnPortGetDescription)		(TC_PORT port);
57 
58 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceOpenByName)		(PCHAR name, PTC_INSTANCE pInstance);
59 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceClose)			(TC_INSTANCE instance);
60 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceSetFeature)		(TC_INSTANCE instance, ULONG feature, ULONG value);
61 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceQueryFeature)	(TC_INSTANCE instance, ULONG feature, PULONG pValue);
62 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceReceivePackets)	(TC_INSTANCE instance, PTC_PACKETS_BUFFER pBuffer);
63 typedef HANDLE		(TC_CALLCONV *TcFcnInstanceGetReceiveWaitHandle) (TC_INSTANCE instance);
64 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceTransmitPackets)	(TC_INSTANCE instance, TC_PACKETS_BUFFER pBuffer);
65 typedef TC_STATUS	(TC_CALLCONV *TcFcnInstanceQueryStatistics)	(TC_INSTANCE instance, PTC_STATISTICS pStatistics);
66 
67 typedef TC_STATUS	(TC_CALLCONV *TcFcnPacketsBufferCreate)		(ULONG size, PTC_PACKETS_BUFFER pBuffer);
68 typedef VOID		(TC_CALLCONV *TcFcnPacketsBufferDestroy)	(TC_PACKETS_BUFFER buffer);
69 typedef TC_STATUS	(TC_CALLCONV *TcFcnPacketsBufferQueryNextPacket)(TC_PACKETS_BUFFER buffer, PTC_PACKET_HEADER pHeader, PVOID *ppData);
70 typedef TC_STATUS	(TC_CALLCONV *TcFcnPacketsBufferCommitNextPacket)(TC_PACKETS_BUFFER buffer, PTC_PACKET_HEADER pHeader, PVOID pData);
71 
72 typedef VOID		(TC_CALLCONV *TcFcnStatisticsDestroy)		(TC_STATISTICS statistics);
73 typedef TC_STATUS	(TC_CALLCONV *TcFcnStatisticsUpdate)		(TC_STATISTICS statistics);
74 typedef TC_STATUS	(TC_CALLCONV *TcFcnStatisticsQueryValue)	(TC_STATISTICS statistics, ULONG counterId, PULONGLONG pValue);
75 
76 typedef enum LONG
77 {
78 	TC_API_UNLOADED = 0,
79 	TC_API_LOADED,
80 	TC_API_CANNOT_LOAD,
81 	TC_API_LOADING
82 }
83 	TC_API_LOAD_STATUS;
84 
85 
86 typedef struct _TC_FUNCTIONS
87 {
88 	TC_API_LOAD_STATUS			LoadStatus;
89 #ifdef _WIN32
90 	HMODULE						hTcApiDllHandle;
91 #endif
92 	TcFcnQueryPortList			QueryPortList;
93 	TcFcnFreePortList			FreePortList;
94 	TcFcnStatusGetString		StatusGetString;
95 
96 	TcFcnPortGetName			PortGetName;
97 	TcFcnPortGetDescription		PortGetDescription;
98 
99 	TcFcnInstanceOpenByName		InstanceOpenByName;
100 	TcFcnInstanceClose			InstanceClose;
101 	TcFcnInstanceSetFeature		InstanceSetFeature;
102 	TcFcnInstanceQueryFeature	InstanceQueryFeature;
103 	TcFcnInstanceReceivePackets	InstanceReceivePackets;
104 #ifdef _WIN32
105 	TcFcnInstanceGetReceiveWaitHandle InstanceGetReceiveWaitHandle;
106 #endif
107 	TcFcnInstanceTransmitPackets InstanceTransmitPackets;
108 	TcFcnInstanceQueryStatistics InstanceQueryStatistics;
109 
110 	TcFcnPacketsBufferCreate	PacketsBufferCreate;
111 	TcFcnPacketsBufferDestroy	PacketsBufferDestroy;
112 	TcFcnPacketsBufferQueryNextPacket	PacketsBufferQueryNextPacket;
113 	TcFcnPacketsBufferCommitNextPacket  PacketsBufferCommitNextPacket;
114 
115 	TcFcnStatisticsDestroy		StatisticsDestroy;
116 	TcFcnStatisticsUpdate		StatisticsUpdate;
117 	TcFcnStatisticsQueryValue	StatisticsQueryValue;
118 }
119 	TC_FUNCTIONS;
120 
121 static pcap_if_t* TcCreatePcapIfFromPort(TC_PORT port);
122 static int TcSetDatalink(pcap_t *p, int dlt);
123 static int TcGetNonBlock(pcap_t *p);
124 static int TcSetNonBlock(pcap_t *p, int nonblock);
125 static void TcCleanup(pcap_t *p);
126 static int TcInject(pcap_t *p, const void *buf, size_t size);
127 static int TcRead(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
128 static int TcStats(pcap_t *p, struct pcap_stat *ps);
129 static int TcSetFilter(pcap_t *p, struct bpf_program *fp);
130 #ifdef _WIN32
131 static struct pcap_stat *TcStatsEx(pcap_t *p, int *pcap_stat_size);
132 static int TcSetBuff(pcap_t *p, int dim);
133 static int TcSetMode(pcap_t *p, int mode);
134 static int TcSetMinToCopy(pcap_t *p, int size);
135 static HANDLE TcGetReceiveWaitHandle(pcap_t *p);
136 static int TcOidGetRequest(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp);
137 static int TcOidSetRequest(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp);
138 static u_int TcSendqueueTransmit(pcap_t *p, pcap_send_queue *queue, int sync);
139 static int TcSetUserBuffer(pcap_t *p, int size);
140 static int TcLiveDump(pcap_t *p, char *filename, int maxsize, int maxpacks);
141 static int TcLiveDumpEnded(pcap_t *p, int sync);
142 static PAirpcapHandle TcGetAirPcapHandle(pcap_t *p);
143 #endif
144 
145 #ifdef _WIN32
146 TC_FUNCTIONS g_TcFunctions =
147 {
148 	TC_API_UNLOADED, /* LoadStatus */
149 	NULL,  /* hTcApiDllHandle */
150 	NULL,  /* QueryPortList */
151 	NULL,  /* FreePortList */
152 	NULL,  /* StatusGetString */
153 	NULL,  /* PortGetName */
154 	NULL,  /* PortGetDescription */
155 	NULL,  /* InstanceOpenByName */
156 	NULL,  /* InstanceClose */
157 	NULL,  /* InstanceSetFeature */
158 	NULL,  /* InstanceQueryFeature */
159 	NULL,  /* InstanceReceivePackets */
160 	NULL,  /* InstanceGetReceiveWaitHandle */
161 	NULL,  /* InstanceTransmitPackets */
162 	NULL,  /* InstanceQueryStatistics */
163 	NULL,  /* PacketsBufferCreate */
164 	NULL,  /* PacketsBufferDestroy */
165 	NULL,  /* PacketsBufferQueryNextPacket */
166 	NULL,  /* PacketsBufferCommitNextPacket */
167 	NULL,  /* StatisticsDestroy */
168 	NULL,  /* StatisticsUpdate */
169 	NULL  /* StatisticsQueryValue */
170 };
171 #else
172 TC_FUNCTIONS g_TcFunctions =
173 {
174 	TC_API_LOADED, /* LoadStatus */
175 	TcQueryPortList,
176 	TcFreePortList,
177 	TcStatusGetString,
178 	TcPortGetName,
179 	TcPortGetDescription,
180 	TcInstanceOpenByName,
181 	TcInstanceClose,
182 	TcInstanceSetFeature,
183 	TcInstanceQueryFeature,
184 	TcInstanceReceivePackets,
185 #ifdef _WIN32
186 	TcInstanceGetReceiveWaitHandle,
187 #endif
188 	TcInstanceTransmitPackets,
189 	TcInstanceQueryStatistics,
190 	TcPacketsBufferCreate,
191 	TcPacketsBufferDestroy,
192 	TcPacketsBufferQueryNextPacket,
193 	TcPacketsBufferCommitNextPacket,
194 	TcStatisticsDestroy,
195 	TcStatisticsUpdate,
196 	TcStatisticsQueryValue,
197 };
198 #endif
199 
200 #define MAX_TC_PACKET_SIZE	9500
201 
202 #pragma pack(push, 1)
203 
204 #define PPH_PH_FLAG_PADDING	((UCHAR)0x01)
205 #define PPH_PH_VERSION		((UCHAR)0x00)
206 
207 typedef struct _PPI_PACKET_HEADER
208 {
209 	UCHAR	PphVersion;
210 	UCHAR	PphFlags;
211 	USHORT	PphLength;
212 	ULONG	PphDlt;
213 }
214 	PPI_PACKET_HEADER, *PPPI_PACKET_HEADER;
215 
216 typedef struct _PPI_FIELD_HEADER
217 {
218 	USHORT PfhType;
219 	USHORT PfhLength;
220 }
221 	PPI_FIELD_HEADER, *PPPI_FIELD_HEADER;
222 
223 
224 #define		PPI_FIELD_TYPE_AGGREGATION_EXTENSION	((UCHAR)0x08)
225 
226 typedef struct _PPI_FIELD_AGGREGATION_EXTENSION
227 {
228 	ULONG		InterfaceId;
229 }
230 	PPI_FIELD_AGGREGATION_EXTENSION, *PPPI_FIELD_AGGREGATION_EXTENSION;
231 
232 
233 #define		PPI_FIELD_TYPE_802_3_EXTENSION			((UCHAR)0x09)
234 
235 #define PPI_FLD_802_3_EXT_FLAG_FCS_PRESENT			((ULONG)0x00000001)
236 
237 typedef struct _PPI_FIELD_802_3_EXTENSION
238 {
239 	ULONG		Flags;
240 	ULONG		Errors;
241 }
242 	PPI_FIELD_802_3_EXTENSION, *PPPI_FIELD_802_3_EXTENSION;
243 
244 typedef struct _PPI_HEADER
245 {
246 	PPI_PACKET_HEADER PacketHeader;
247 	PPI_FIELD_HEADER  AggregationFieldHeader;
248 	PPI_FIELD_AGGREGATION_EXTENSION AggregationField;
249 	PPI_FIELD_HEADER  Dot3FieldHeader;
250 	PPI_FIELD_802_3_EXTENSION Dot3Field;
251 }
252 	PPI_HEADER, *PPPI_HEADER;
253 #pragma pack(pop)
254 
255 #ifdef _WIN32
256 //
257 // This wrapper around loadlibrary appends the system folder (usually c:\windows\system32)
258 // to the relative path of the DLL, so that the DLL is always loaded from an absolute path
259 // (It's no longer possible to load airpcap.dll from the application folder).
260 // This solves the DLL Hijacking issue discovered in August 2010
261 // http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
262 //
LoadLibrarySafe(LPCTSTR lpFileName)263 HMODULE LoadLibrarySafe(LPCTSTR lpFileName)
264 {
265   TCHAR path[MAX_PATH];
266   TCHAR fullFileName[MAX_PATH];
267   UINT res;
268   HMODULE hModule = NULL;
269   do
270   {
271 	res = GetSystemDirectory(path, MAX_PATH);
272 
273 	if (res == 0)
274 	{
275 		//
276 		// some bad failure occurred;
277 		//
278 		break;
279 	}
280 
281 	if (res > MAX_PATH)
282 	{
283 		//
284 		// the buffer was not big enough
285 		//
286 		SetLastError(ERROR_INSUFFICIENT_BUFFER);
287 		break;
288 	}
289 
290 	if (res + 1 + _tcslen(lpFileName) + 1 < MAX_PATH)
291 	{
292 		memcpy(fullFileName, path, res * sizeof(TCHAR));
293 		fullFileName[res] = _T('\\');
294 		memcpy(&fullFileName[res + 1], lpFileName, (_tcslen(lpFileName) + 1) * sizeof(TCHAR));
295 
296 		hModule = LoadLibrary(fullFileName);
297 	}
298 	else
299 	{
300 		SetLastError(ERROR_INSUFFICIENT_BUFFER);
301 	}
302 
303   }while(FALSE);
304 
305   return hModule;
306 }
307 
308 /*
309  * NOTE: this function should be called by the pcap functions that can theoretically
310  *       deal with the Tc library for the first time, namely listing the adapters and
311  *       opening one. All the other ones (close, read, write, set parameters) work
312  *       on an open instance of TC, so we do not care to call this function
313  */
LoadTcFunctions(void)314 TC_API_LOAD_STATUS LoadTcFunctions(void)
315 {
316 	TC_API_LOAD_STATUS currentStatus;
317 
318 	do
319 	{
320 		currentStatus = InterlockedCompareExchange((LONG*)&g_TcFunctions.LoadStatus, TC_API_LOADING, TC_API_UNLOADED);
321 
322 		while(currentStatus == TC_API_LOADING)
323 		{
324 			currentStatus = InterlockedCompareExchange((LONG*)&g_TcFunctions.LoadStatus, TC_API_LOADING, TC_API_LOADING);
325 			Sleep(10);
326 		}
327 
328 		/*
329 		 * at this point we are either in the LOADED state, unloaded state (i.e. we are the ones loading everything)
330 		 * or in cannot load
331 		 */
332 		if(currentStatus  == TC_API_LOADED)
333 		{
334 			return TC_API_LOADED;
335 		}
336 
337 		if (currentStatus == TC_API_CANNOT_LOAD)
338 		{
339 			return TC_API_CANNOT_LOAD;
340 		}
341 
342 		currentStatus = TC_API_CANNOT_LOAD;
343 
344 		g_TcFunctions.hTcApiDllHandle = LoadLibrarySafe("TcApi.dll");
345 		if (g_TcFunctions.hTcApiDllHandle == NULL)	break;
346 
347 		g_TcFunctions.QueryPortList					= (TcFcnQueryPortList)			GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcQueryPortList");
348 		g_TcFunctions.FreePortList					= (TcFcnFreePortList)			GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcFreePortList");
349 
350 		g_TcFunctions.StatusGetString				= (TcFcnStatusGetString)		GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatusGetString");
351 
352 		g_TcFunctions.PortGetName					= (TcFcnPortGetName)			GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPortGetName");
353 		g_TcFunctions.PortGetDescription			= (TcFcnPortGetDescription)		GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPortGetDescription");
354 
355 		g_TcFunctions.InstanceOpenByName			= (TcFcnInstanceOpenByName)		GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceOpenByName");
356 		g_TcFunctions.InstanceClose					= (TcFcnInstanceClose)			GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceClose");
357 		g_TcFunctions.InstanceSetFeature			= (TcFcnInstanceSetFeature)		GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceSetFeature");
358 		g_TcFunctions.InstanceQueryFeature			= (TcFcnInstanceQueryFeature)	GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceQueryFeature");
359 		g_TcFunctions.InstanceReceivePackets		= (TcFcnInstanceReceivePackets)	GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceReceivePackets");
360 		g_TcFunctions.InstanceGetReceiveWaitHandle	= (TcFcnInstanceGetReceiveWaitHandle)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceGetReceiveWaitHandle");
361 		g_TcFunctions.InstanceTransmitPackets		= (TcFcnInstanceTransmitPackets)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceTransmitPackets");
362 		g_TcFunctions.InstanceQueryStatistics		= (TcFcnInstanceQueryStatistics)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcInstanceQueryStatistics");
363 
364 		g_TcFunctions.PacketsBufferCreate			= (TcFcnPacketsBufferCreate)	GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferCreate");
365 		g_TcFunctions.PacketsBufferDestroy			= (TcFcnPacketsBufferDestroy)	GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferDestroy");
366 		g_TcFunctions.PacketsBufferQueryNextPacket	= (TcFcnPacketsBufferQueryNextPacket)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferQueryNextPacket");
367 		g_TcFunctions.PacketsBufferCommitNextPacket	= (TcFcnPacketsBufferCommitNextPacket)GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcPacketsBufferCommitNextPacket");
368 
369 		g_TcFunctions.StatisticsDestroy				= (TcFcnStatisticsDestroy)		GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatisticsDestroy");
370 		g_TcFunctions.StatisticsUpdate				= (TcFcnStatisticsUpdate)		GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatisticsUpdate");
371 		g_TcFunctions.StatisticsQueryValue			= (TcFcnStatisticsQueryValue)	GetProcAddress(g_TcFunctions.hTcApiDllHandle, "TcStatisticsQueryValue");
372 
373 		if (   g_TcFunctions.QueryPortList == NULL
374 			|| g_TcFunctions.FreePortList == NULL
375 			|| g_TcFunctions.StatusGetString == NULL
376 			|| g_TcFunctions.PortGetName == NULL
377 			|| g_TcFunctions.PortGetDescription == NULL
378 			|| g_TcFunctions.InstanceOpenByName == NULL
379 			|| g_TcFunctions.InstanceClose == NULL
380 			|| g_TcFunctions.InstanceSetFeature	 == NULL
381 			|| g_TcFunctions.InstanceQueryFeature == NULL
382 			|| g_TcFunctions.InstanceReceivePackets == NULL
383 			|| g_TcFunctions.InstanceGetReceiveWaitHandle == NULL
384 			|| g_TcFunctions.InstanceTransmitPackets == NULL
385 			|| g_TcFunctions.InstanceQueryStatistics == NULL
386 			|| g_TcFunctions.PacketsBufferCreate == NULL
387 			|| g_TcFunctions.PacketsBufferDestroy == NULL
388 			|| g_TcFunctions.PacketsBufferQueryNextPacket == NULL
389 			|| g_TcFunctions.PacketsBufferCommitNextPacket == NULL
390 			|| g_TcFunctions.StatisticsDestroy == NULL
391 			|| g_TcFunctions.StatisticsUpdate == NULL
392 			|| g_TcFunctions.StatisticsQueryValue == NULL
393 		)
394 		{
395 			break;
396 		}
397 
398 		/*
399 		 * everything got loaded, yay!!
400 		 */
401 		currentStatus = TC_API_LOADED;
402 	}while(FALSE);
403 
404 	if (currentStatus != TC_API_LOADED)
405 	{
406 		if (g_TcFunctions.hTcApiDllHandle != NULL)
407 		{
408 			FreeLibrary(g_TcFunctions.hTcApiDllHandle);
409 			g_TcFunctions.hTcApiDllHandle = NULL;
410 		}
411 	}
412 
413 	InterlockedExchange((LONG*)&g_TcFunctions.LoadStatus, currentStatus);
414 
415 	return currentStatus;
416 }
417 #else
418 // static linking
LoadTcFunctions(void)419 TC_API_LOAD_STATUS LoadTcFunctions(void)
420 {
421 	return TC_API_LOADED;
422 }
423 #endif
424 
425 /*
426  * Private data for capturing on TurboCap devices.
427  */
428 struct pcap_tc {
429 	TC_INSTANCE TcInstance;
430 	TC_PACKETS_BUFFER TcPacketsBuffer;
431 	ULONG TcAcceptedCount;
432 	u_char *PpiPacket;
433 };
434 
435 int
TcFindAllDevs(pcap_if_list_t * devlist,char * errbuf)436 TcFindAllDevs(pcap_if_list_t *devlist, char *errbuf)
437 {
438 	TC_API_LOAD_STATUS loadStatus;
439 	ULONG numPorts;
440 	PTC_PORT pPorts = NULL;
441 	TC_STATUS status;
442 	int result = 0;
443 	pcap_if_t *dev, *cursor;
444 	ULONG i;
445 
446 	do
447 	{
448 		loadStatus = LoadTcFunctions();
449 
450 		if (loadStatus != TC_API_LOADED)
451 		{
452 			result = 0;
453 			break;
454 		}
455 
456 		/*
457 		 * enumerate the ports, and add them to the list
458 		 */
459 		status = g_TcFunctions.QueryPortList(&pPorts, &numPorts);
460 
461 		if (status != TC_SUCCESS)
462 		{
463 			result = 0;
464 			break;
465 		}
466 
467 		for (i = 0; i < numPorts; i++)
468 		{
469 			/*
470 			 * transform the port into an entry in the list
471 			 */
472 			dev = TcCreatePcapIfFromPort(pPorts[i]);
473 
474 			if (dev != NULL)
475 			{
476 				/*
477 				 * append it at the end
478 				 */
479 				if (devlistp->beginning == NULL)
480 				{
481 					devlistp->beginning = dev;
482 				}
483 				else
484 				{
485 					for (cursor = devlistp->beginning;
486 					    cursor->next != NULL;
487 					    cursor = cursor->next);
488 					cursor->next = dev;
489 				}
490 			}
491 		}
492 
493 		if (numPorts > 0)
494 		{
495 			/*
496 			 * ignore the result here
497 			 */
498 			status = g_TcFunctions.FreePortList(pPorts);
499 		}
500 
501 	}while(FALSE);
502 
503 	return result;
504 }
505 
TcCreatePcapIfFromPort(TC_PORT port)506 static pcap_if_t* TcCreatePcapIfFromPort(TC_PORT port)
507 {
508 	CHAR *name;
509 	CHAR *description;
510 	pcap_if_t *newIf = NULL;
511 
512 	newIf = (pcap_if_t*)malloc(sizeof(*newIf));
513 	if (newIf == NULL)
514 	{
515 		return NULL;
516 	}
517 
518 	memset(newIf, 0, sizeof(*newIf));
519 
520 	name = g_TcFunctions.PortGetName(port);
521 	description = g_TcFunctions.PortGetDescription(port);
522 
523 	newIf->name = (char*)malloc(strlen(name) + 1);
524 	if (newIf->name == NULL)
525 	{
526 		free(newIf);
527 		return NULL;
528 	}
529 
530 	newIf->description = (char*)malloc(strlen(description) + 1);
531 	if (newIf->description == NULL)
532 	{
533 		free(newIf->name);
534 		free(newIf);
535 		return NULL;
536 	}
537 
538 	strcpy(newIf->name, name);
539 	strcpy(newIf->description, description);
540 
541 	newIf->addresses = NULL;
542 	newIf->next = NULL;
543 	newIf->flags = 0;
544 
545 	return newIf;
546 
547 }
548 
549 static int
TcActivate(pcap_t * p)550 TcActivate(pcap_t *p)
551 {
552 	struct pcap_tc *pt = p->priv;
553 	TC_STATUS status;
554 	ULONG timeout;
555 	PPPI_HEADER pPpiHeader;
556 
557 	if (p->opt.rfmon)
558 	{
559 		/*
560 		 * No monitor mode on Tc cards; they're Ethernet
561 		 * capture adapters.
562 		 */
563 		return PCAP_ERROR_RFMON_NOTSUP;
564 	}
565 
566 	pt->PpiPacket = malloc(sizeof(PPI_HEADER) + MAX_TC_PACKET_SIZE);
567 
568 	if (pt->PpiPacket == NULL)
569 	{
570 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Error allocating memory");
571 		return PCAP_ERROR;
572 	}
573 
574 	/*
575 	 * Turn a negative snapshot value (invalid), a snapshot value of
576 	 * 0 (unspecified), or a value bigger than the normal maximum
577 	 * value, into the maximum allowed value.
578 	 *
579 	 * If some application really *needs* a bigger snapshot
580 	 * length, we should just increase MAXIMUM_SNAPLEN.
581 	 */
582 	if (p->snapshot <= 0 || p->snapshot > MAXIMUM_SNAPLEN)
583 		p->snapshot = MAXIMUM_SNAPLEN;
584 
585 	/*
586 	 * Initialize the PPI fixed fields
587 	 */
588 	pPpiHeader = (PPPI_HEADER)pt->PpiPacket;
589 	pPpiHeader->PacketHeader.PphDlt = DLT_EN10MB;
590 	pPpiHeader->PacketHeader.PphLength = sizeof(PPI_HEADER);
591 	pPpiHeader->PacketHeader.PphFlags = 0;
592 	pPpiHeader->PacketHeader.PphVersion = 0;
593 
594 	pPpiHeader->AggregationFieldHeader.PfhLength = sizeof(PPI_FIELD_AGGREGATION_EXTENSION);
595 	pPpiHeader->AggregationFieldHeader.PfhType = PPI_FIELD_TYPE_AGGREGATION_EXTENSION;
596 
597 	pPpiHeader->Dot3FieldHeader.PfhLength = sizeof(PPI_FIELD_802_3_EXTENSION);
598 	pPpiHeader->Dot3FieldHeader.PfhType = PPI_FIELD_TYPE_802_3_EXTENSION;
599 
600 	status = g_TcFunctions.InstanceOpenByName(p->opt.device, &pt->TcInstance);
601 
602 	if (status != TC_SUCCESS)
603 	{
604 		/* Adapter detected but we are not able to open it. Return failure. */
605 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Error opening TurboCap adapter: %s", g_TcFunctions.StatusGetString(status));
606 		return PCAP_ERROR;
607 	}
608 
609 	p->linktype = DLT_EN10MB;
610 	p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
611 	/*
612 	 * If that fails, just leave the list empty.
613 	 */
614 	if (p->dlt_list != NULL) {
615 		p->dlt_list[0] = DLT_EN10MB;
616 		p->dlt_list[1] = DLT_PPI;
617 		p->dlt_count = 2;
618 	}
619 
620 	/*
621 	 * ignore promiscuous mode
622 	 * p->opt.promisc
623 	 */
624 
625 
626 	/*
627 	 * ignore all the buffer sizes
628 	 */
629 
630 	/*
631 	 * enable reception
632 	 */
633 	status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_RX_STATUS, 1);
634 
635 	if (status != TC_SUCCESS)
636 	{
637 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,"Error enabling reception on a TurboCap instance: %s", g_TcFunctions.StatusGetString(status));
638 		goto bad;
639 	}
640 
641 	/*
642 	 * enable transmission
643 	 */
644 	status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_TX_STATUS, 1);
645 	/*
646 	 * Ignore the error here.
647 	 */
648 
649 	p->inject_op = TcInject;
650 	/*
651 	 * if the timeout is -1, it means immediate return, no timeout
652 	 * if the timeout is 0, it means INFINITE
653 	 */
654 
655 	if (p->opt.timeout == 0)
656 	{
657 		timeout = 0xFFFFFFFF;
658 	}
659 	else
660 	if (p->opt.timeout < 0)
661 	{
662 		/*
663 		 *  we insert a minimal timeout here
664 		 */
665 		timeout = 10;
666 	}
667 	else
668 	{
669 		timeout = p->opt.timeout;
670 	}
671 
672 	status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_READ_TIMEOUT, timeout);
673 
674 	if (status != TC_SUCCESS)
675 	{
676 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,"Error setting the read timeout a TurboCap instance: %s", g_TcFunctions.StatusGetString(status));
677 		goto bad;
678 	}
679 
680 	p->read_op = TcRead;
681 	p->setfilter_op = TcSetFilter;
682 	p->setdirection_op = NULL;	/* Not implemented. */
683 	p->set_datalink_op = TcSetDatalink;
684 	p->getnonblock_op = TcGetNonBlock;
685 	p->setnonblock_op = TcSetNonBlock;
686 	p->stats_op = TcStats;
687 #ifdef _WIN32
688 	p->stats_ex_op = TcStatsEx;
689 	p->setbuff_op = TcSetBuff;
690 	p->setmode_op = TcSetMode;
691 	p->setmintocopy_op = TcSetMinToCopy;
692 	p->getevent_op = TcGetReceiveWaitHandle;
693 	p->oid_get_request_op = TcOidGetRequest;
694 	p->oid_set_request_op = TcOidSetRequest;
695 	p->sendqueue_transmit_op = TcSendqueueTransmit;
696 	p->setuserbuffer_op = TcSetUserBuffer;
697 	p->live_dump_op = TcLiveDump;
698 	p->live_dump_ended_op = TcLiveDumpEnded;
699 	p->get_airpcap_handle_op = TcGetAirPcapHandle;
700 #else
701 	p->selectable_fd = -1;
702 #endif
703 
704 	p->cleanup_op = TcCleanup;
705 
706 	return 0;
707 bad:
708 	TcCleanup(p);
709 	return PCAP_ERROR;
710 }
711 
712 pcap_t *
TcCreate(const char * device,char * ebuf,int * is_ours)713 TcCreate(const char *device, char *ebuf, int *is_ours)
714 {
715 	ULONG numPorts;
716 	PTC_PORT pPorts = NULL;
717 	TC_STATUS status;
718 	int is_tc;
719 	ULONG i;
720 	pcap_t *p;
721 
722 	if (LoadTcFunctions() != TC_API_LOADED)
723 	{
724 		/*
725 		 * XXX - report this as an error rather than as
726 		 * "not a TurboCap device"?
727 		 */
728 		*is_ours = 0;
729 		return NULL;
730 	}
731 
732 	/*
733 	 * enumerate the ports, and add them to the list
734 	 */
735 	status = g_TcFunctions.QueryPortList(&pPorts, &numPorts);
736 
737 	if (status != TC_SUCCESS)
738 	{
739 		/*
740 		 * XXX - report this as an error rather than as
741 		 * "not a TurboCap device"?
742 		 */
743 		*is_ours = 0;
744 		return NULL;
745 	}
746 
747 	is_tc = FALSE;
748 	for (i = 0; i < numPorts; i++)
749 	{
750 		if (strcmp(g_TcFunctions.PortGetName(pPorts[i]), device) == 0)
751 		{
752 			is_tc = TRUE;
753 			break;
754 		}
755 	}
756 
757 	if (numPorts > 0)
758 	{
759 		/*
760 		 * ignore the result here
761 		 */
762 		(void)g_TcFunctions.FreePortList(pPorts);
763 	}
764 
765 	if (!is_tc)
766 	{
767 		*is_ours = 0;
768 		return NULL;
769 	}
770 
771 	/* OK, it's probably ours. */
772 	*is_ours = 1;
773 
774 	p = pcap_create_common(ebuf, sizeof (struct pcap_tc));
775 	if (p == NULL)
776 		return NULL;
777 
778 	p->activate_op = TcActivate;
779 	/*
780 	 * Set these up front, so that, even if our client tries
781 	 * to set non-blocking mode before we're activated, or
782 	 * query the state of non-blocking mode, they get an error,
783 	 * rather than having the non-blocking mode option set
784 	 * for use later.
785 	 */
786 	p->getnonblock_op = TcGetNonBlock;
787 	p->setnonblock_op = TcSetNonBlock;
788 	return p;
789 }
790 
TcSetDatalink(pcap_t * p,int dlt)791 static int TcSetDatalink(pcap_t *p, int dlt)
792 {
793 	/*
794 	 * We don't have to do any work here; pcap_set_datalink() checks
795 	 * whether the value is in the list of DLT_ values we
796 	 * supplied, so we don't have to, and, if it is valid, sets
797 	 * p->linktype to the new value; we don't have to do anything
798 	 * in hardware, we just use what's in p->linktype.
799 	 *
800 	 * We do have to have a routine, however, so that pcap_set_datalink()
801 	 * doesn't think we don't support setting the link-layer header
802 	 * type at all.
803 	 */
804 	return 0;
805 }
806 
TcGetNonBlock(pcap_t * p)807 static int TcGetNonBlock(pcap_t *p)
808 {
809 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
810 	    "Non-blocking mode isn't supported for TurboCap ports");
811 	return -1;
812 }
813 
TcSetNonBlock(pcap_t * p,int nonblock)814 static int TcSetNonBlock(pcap_t *p, int nonblock)
815 {
816 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
817 	    "Non-blocking mode isn't supported for TurboCap ports");
818 	return -1;
819 }
820 
TcCleanup(pcap_t * p)821 static void TcCleanup(pcap_t *p)
822 {
823 	struct pcap_tc *pt = p->priv;
824 
825 	if (pt->TcPacketsBuffer != NULL)
826 	{
827 		g_TcFunctions.PacketsBufferDestroy(pt->TcPacketsBuffer);
828 		pt->TcPacketsBuffer = NULL;
829 	}
830 	if (pt->TcInstance != NULL)
831 	{
832 		/*
833 		 * here we do not check for the error values
834 		 */
835 		g_TcFunctions.InstanceClose(pt->TcInstance);
836 		pt->TcInstance = NULL;
837 	}
838 
839 	if (pt->PpiPacket != NULL)
840 	{
841 		free(pt->PpiPacket);
842 		pt->PpiPacket = NULL;
843 	}
844 
845 	pcap_cleanup_live_common(p);
846 }
847 
848 /* Send a packet to the network */
TcInject(pcap_t * p,const void * buf,size_t size)849 static int TcInject(pcap_t *p, const void *buf, size_t size)
850 {
851 	struct pcap_tc *pt = p->priv;
852 	TC_STATUS status;
853 	TC_PACKETS_BUFFER buffer;
854 	TC_PACKET_HEADER header;
855 
856 	if (size >= 0xFFFF)
857 	{
858 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: the TurboCap API does not support packets larger than 64k");
859 		return -1;
860 	}
861 
862 	status = g_TcFunctions.PacketsBufferCreate(sizeof(TC_PACKET_HEADER) + TC_ALIGN_USHORT_TO_64BIT((USHORT)size), &buffer);
863 
864 	if (status != TC_SUCCESS)
865 	{
866 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: TcPacketsBufferCreate failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
867 		return -1;
868 	}
869 
870 	/*
871 	 * we assume that the packet is without the checksum, as common with WinPcap
872 	 */
873 	memset(&header, 0, sizeof(header));
874 
875 	header.Length = (USHORT)size;
876 	header.CapturedLength = header.Length;
877 
878 	status = g_TcFunctions.PacketsBufferCommitNextPacket(buffer, &header, (PVOID)buf);
879 
880 	if (status == TC_SUCCESS)
881 	{
882 		status = g_TcFunctions.InstanceTransmitPackets(pt->TcInstance, buffer);
883 
884 		if (status != TC_SUCCESS)
885 		{
886 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: TcInstanceTransmitPackets failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
887 		}
888 	}
889 	else
890 	{
891 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: TcPacketsBufferCommitNextPacket failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
892 	}
893 
894 	g_TcFunctions.PacketsBufferDestroy(buffer);
895 
896 	if (status != TC_SUCCESS)
897 	{
898 		return -1;
899 	}
900 	else
901 	{
902 		return 0;
903 	}
904 }
905 
TcRead(pcap_t * p,int cnt,pcap_handler callback,u_char * user)906 static int TcRead(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
907 {
908 	struct pcap_tc *pt = p->priv;
909 	TC_STATUS status;
910 	int n = 0;
911 
912 	/*
913 	 * Has "pcap_breakloop()" been called?
914 	 */
915 	if (p->break_loop)
916 	{
917 		/*
918 		 * Yes - clear the flag that indicates that it
919 		 * has, and return -2 to indicate that we were
920 		 * told to break out of the loop.
921 		 */
922 		p->break_loop = 0;
923 		return -2;
924 	}
925 
926 	if (pt->TcPacketsBuffer == NULL)
927 	{
928 		status = g_TcFunctions.InstanceReceivePackets(pt->TcInstance, &pt->TcPacketsBuffer);
929 		if (status != TC_SUCCESS)
930 		{
931 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error, TcInstanceReceivePackets failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
932 			return -1;
933 		}
934 	}
935 
936 	while (TRUE)
937 	{
938 		struct pcap_pkthdr hdr;
939 		TC_PACKET_HEADER tcHeader;
940 		PVOID data;
941 		ULONG filterResult;
942 
943 		/*
944 		 * Has "pcap_breakloop()" been called?
945 		 * If so, return immediately - if we haven't read any
946 		 * packets, clear the flag and return -2 to indicate
947 		 * that we were told to break out of the loop, otherwise
948 		 * leave the flag set, so that the *next* call will break
949 		 * out of the loop without having read any packets, and
950 		 * return the number of packets we've processed so far.
951 		 */
952 		if (p->break_loop)
953 		{
954 			if (n == 0)
955 			{
956 				p->break_loop = 0;
957 				return -2;
958 			}
959 			else
960 			{
961 				return n;
962 			}
963 		}
964 
965 		if (pt->TcPacketsBuffer == NULL)
966 		{
967 			break;
968 		}
969 
970 		status = g_TcFunctions.PacketsBufferQueryNextPacket(pt->TcPacketsBuffer, &tcHeader, &data);
971 
972 		if (status == TC_ERROR_END_OF_BUFFER)
973 		{
974 			g_TcFunctions.PacketsBufferDestroy(pt->TcPacketsBuffer);
975 			pt->TcPacketsBuffer = NULL;
976 			break;
977 		}
978 
979 		if (status != TC_SUCCESS)
980 		{
981 			pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error, TcPacketsBufferQueryNextPacket failure: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
982 			return -1;
983 		}
984 
985 		/* No underlaying filtering system. We need to filter on our own */
986 		if (p->fcode.bf_insns)
987 		{
988 			filterResult = bpf_filter(p->fcode.bf_insns, data, tcHeader.Length, tcHeader.CapturedLength);
989 
990 			if (filterResult == 0)
991 			{
992 				continue;
993 			}
994 
995 			if (filterResult > tcHeader.CapturedLength)
996 			{
997 				filterResult = tcHeader.CapturedLength;
998 			}
999 		}
1000 		else
1001 		{
1002 			filterResult = tcHeader.CapturedLength;
1003 		}
1004 
1005 		pt->TcAcceptedCount ++;
1006 
1007 		hdr.ts.tv_sec = (bpf_u_int32)(tcHeader.Timestamp / (ULONGLONG)(1000  * 1000 * 1000));
1008 		hdr.ts.tv_usec = (bpf_u_int32)((tcHeader.Timestamp % (ULONGLONG)(1000  * 1000 * 1000)) / 1000);
1009 
1010 		if (p->linktype == DLT_EN10MB)
1011 		{
1012 			hdr.caplen = filterResult;
1013 			hdr.len = tcHeader.Length;
1014 			(*callback)(user, &hdr, data);
1015 		}
1016 		else
1017 		{
1018 			PPPI_HEADER pPpiHeader = (PPPI_HEADER)pt->PpiPacket;
1019 			PVOID data2 = pPpiHeader + 1;
1020 
1021 			pPpiHeader->AggregationField.InterfaceId = TC_PH_FLAGS_RX_PORT_ID(tcHeader.Flags);
1022 			pPpiHeader->Dot3Field.Errors = tcHeader.Errors;
1023 			if (tcHeader.Flags & TC_PH_FLAGS_CHECKSUM)
1024 			{
1025 				pPpiHeader->Dot3Field.Flags = PPI_FLD_802_3_EXT_FLAG_FCS_PRESENT;
1026 			}
1027 			else
1028 			{
1029 				pPpiHeader->Dot3Field.Flags = 0;
1030 			}
1031 
1032 			if (filterResult <= MAX_TC_PACKET_SIZE)
1033 			{
1034 				memcpy(data2, data, filterResult);
1035 				hdr.caplen = sizeof(PPI_HEADER) + filterResult;
1036 				hdr.len = sizeof(PPI_HEADER) + tcHeader.Length;
1037 			}
1038 			else
1039 			{
1040 				memcpy(data2, data, MAX_TC_PACKET_SIZE);
1041 				hdr.caplen = sizeof(PPI_HEADER) + MAX_TC_PACKET_SIZE;
1042 				hdr.len = sizeof(PPI_HEADER) + tcHeader.Length;
1043 			}
1044 
1045 			(*callback)(user, &hdr, pt->PpiPacket);
1046 
1047 		}
1048 
1049 		if (++n >= cnt && cnt > 0)
1050 		{
1051 			return n;
1052 		}
1053 	}
1054 
1055 	return n;
1056 }
1057 
1058 static int
TcStats(pcap_t * p,struct pcap_stat * ps)1059 TcStats(pcap_t *p, struct pcap_stat *ps)
1060 {
1061 	struct pcap_tc *pt = p->priv;
1062 	TC_STATISTICS statistics;
1063 	TC_STATUS status;
1064 	ULONGLONG counter;
1065 	struct pcap_stat s;
1066 
1067 	status = g_TcFunctions.InstanceQueryStatistics(pt->TcInstance, &statistics);
1068 
1069 	if (status != TC_SUCCESS)
1070 	{
1071 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcInstanceQueryStatistics: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1072 		return -1;
1073 	}
1074 
1075 	memset(&s, 0, sizeof(s));
1076 
1077 	status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_TOTAL_RX_PACKETS, &counter);
1078 	if (status != TC_SUCCESS)
1079 	{
1080 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1081 		return -1;
1082 	}
1083 	if (counter <= (ULONGLONG)0xFFFFFFFF)
1084 	{
1085 		s.ps_recv = (ULONG)counter;
1086 	}
1087 	else
1088 	{
1089 		s.ps_recv = 0xFFFFFFFF;
1090 	}
1091 
1092 	status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_RX_DROPPED_PACKETS, &counter);
1093 	if (status != TC_SUCCESS)
1094 	{
1095 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1096 		return -1;
1097 	}
1098 	if (counter <= (ULONGLONG)0xFFFFFFFF)
1099 	{
1100 		s.ps_ifdrop = (ULONG)counter;
1101 		s.ps_drop = (ULONG)counter;
1102 	}
1103 	else
1104 	{
1105 		s.ps_ifdrop = 0xFFFFFFFF;
1106 		s.ps_drop = 0xFFFFFFFF;
1107 	}
1108 
1109 #if defined(_WIN32) && defined(ENABLE_REMOTE)
1110 	s.ps_capt = pt->TcAcceptedCount;
1111 #endif
1112 	*ps = s;
1113 
1114 	return 0;
1115 }
1116 
1117 
1118 /*
1119  * We filter at user level, since the kernel driver does't process the packets
1120  */
1121 static int
TcSetFilter(pcap_t * p,struct bpf_program * fp)1122 TcSetFilter(pcap_t *p, struct bpf_program *fp)
1123 {
1124 	if(!fp)
1125 	{
1126 		strncpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf));
1127 		return -1;
1128 	}
1129 
1130 	/* Install a user level filter */
1131 	if (install_bpf_program(p, fp) < 0)
1132 	{
1133 		return -1;
1134 	}
1135 
1136 	return 0;
1137 }
1138 
1139 #ifdef _WIN32
1140 static struct pcap_stat *
TcStatsEx(pcap_t * p,int * pcap_stat_size)1141 TcStatsEx(pcap_t *p, int *pcap_stat_size)
1142 {
1143 	struct pcap_tc *pt = p->priv;
1144 	TC_STATISTICS statistics;
1145 	TC_STATUS status;
1146 	ULONGLONG counter;
1147 
1148 	*pcap_stat_size = sizeof (p->stat);
1149 
1150 	status = g_TcFunctions.InstanceQueryStatistics(pt->TcInstance, &statistics);
1151 
1152 	if (status != TC_SUCCESS)
1153 	{
1154 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcInstanceQueryStatistics: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1155 		return NULL;
1156 	}
1157 
1158 	memset(&p->stat, 0, sizeof(p->stat));
1159 
1160 	status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_TOTAL_RX_PACKETS, &counter);
1161 	if (status != TC_SUCCESS)
1162 	{
1163 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1164 		return NULL;
1165 	}
1166 	if (counter <= (ULONGLONG)0xFFFFFFFF)
1167 	{
1168 		p->stat.ps_recv = (ULONG)counter;
1169 	}
1170 	else
1171 	{
1172 		p->stat.ps_recv = 0xFFFFFFFF;
1173 	}
1174 
1175 	status = g_TcFunctions.StatisticsQueryValue(statistics, TC_COUNTER_INSTANCE_RX_DROPPED_PACKETS, &counter);
1176 	if (status != TC_SUCCESS)
1177 	{
1178 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error in TcStatisticsQueryValue: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1179 		return NULL;
1180 	}
1181 	if (counter <= (ULONGLONG)0xFFFFFFFF)
1182 	{
1183 		p->stat.ps_ifdrop = (ULONG)counter;
1184 		p->stat.ps_drop = (ULONG)counter;
1185 	}
1186 	else
1187 	{
1188 		p->stat.ps_ifdrop = 0xFFFFFFFF;
1189 		p->stat.ps_drop = 0xFFFFFFFF;
1190 	}
1191 
1192 #if defined(_WIN32) && defined(ENABLE_REMOTE)
1193 	p->stat.ps_capt = pt->TcAcceptedCount;
1194 #endif
1195 
1196 	return &p->stat;
1197 }
1198 
1199 /* Set the dimension of the kernel-level capture buffer */
1200 static int
TcSetBuff(pcap_t * p,int dim)1201 TcSetBuff(pcap_t *p, int dim)
1202 {
1203 	/*
1204 	 * XXX turbocap has an internal way of managing buffers.
1205 	 * And at the moment it's not configurable, so we just
1206 	 * silently ignore the request to set the buffer.
1207 	 */
1208 	return 0;
1209 }
1210 
1211 static int
TcSetMode(pcap_t * p,int mode)1212 TcSetMode(pcap_t *p, int mode)
1213 {
1214 	if (mode != MODE_CAPT)
1215 	{
1216 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Mode %u not supported by TurboCap devices. TurboCap only supports capture.", mode);
1217 		return -1;
1218 	}
1219 
1220 	return 0;
1221 }
1222 
1223 static int
TcSetMinToCopy(pcap_t * p,int size)1224 TcSetMinToCopy(pcap_t *p, int size)
1225 {
1226 	struct pcap_tc *pt = p->priv;
1227 	TC_STATUS status;
1228 
1229 	if (size < 0)
1230 	{
1231 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Mintocopy cannot be less than 0.");
1232 		return -1;
1233 	}
1234 
1235 	status = g_TcFunctions.InstanceSetFeature(pt->TcInstance, TC_INST_FT_MINTOCOPY, (ULONG)size);
1236 
1237 	if (status != TC_SUCCESS)
1238 	{
1239 		pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "TurboCap error setting the mintocopy: %s (%08x)", g_TcFunctions.StatusGetString(status), status);
1240 	}
1241 
1242 	return 0;
1243 }
1244 
1245 static HANDLE
TcGetReceiveWaitHandle(pcap_t * p)1246 TcGetReceiveWaitHandle(pcap_t *p)
1247 {
1248 	struct pcap_tc *pt = p->priv;
1249 
1250 	return g_TcFunctions.InstanceGetReceiveWaitHandle(pt->TcInstance);
1251 }
1252 
1253 static int
TcOidGetRequest(pcap_t * p,bpf_u_int32 oid _U_,void * data _U_,size_t * lenp _U_)1254 TcOidGetRequest(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_, size_t *lenp _U_)
1255 {
1256 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1257 	    "An OID get request cannot be performed on a TurboCap device");
1258 	return PCAP_ERROR;
1259 }
1260 
1261 static int
TcOidSetRequest(pcap_t * p,bpf_u_int32 oid _U_,const void * data _U_,size_t * lenp _U_)1262 TcOidSetRequest(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
1263     size_t *lenp _U_)
1264 {
1265 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1266 	    "An OID set request cannot be performed on a TurboCap device");
1267 	return PCAP_ERROR;
1268 }
1269 
1270 static u_int
TcSendqueueTransmit(pcap_t * p,pcap_send_queue * queue _U_,int sync _U_)1271 TcSendqueueTransmit(pcap_t *p, pcap_send_queue *queue _U_, int sync _U_)
1272 {
1273 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1274 	    "Packets cannot be bulk transmitted on a TurboCap device");
1275 	return 0;
1276 }
1277 
1278 static int
TcSetUserBuffer(pcap_t * p,int size _U_)1279 TcSetUserBuffer(pcap_t *p, int size _U_)
1280 {
1281 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1282 	    "The user buffer cannot be set on a TurboCap device");
1283 	return -1;
1284 }
1285 
1286 static int
TcLiveDump(pcap_t * p,char * filename _U_,int maxsize _U_,int maxpacks _U_)1287 TcLiveDump(pcap_t *p, char *filename _U_, int maxsize _U_, int maxpacks _U_)
1288 {
1289 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1290 	    "Live packet dumping cannot be performed on a TurboCap device");
1291 	return -1;
1292 }
1293 
1294 static int
TcLiveDumpEnded(pcap_t * p,int sync _U_)1295 TcLiveDumpEnded(pcap_t *p, int sync _U_)
1296 {
1297 	pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1298 	    "Live packet dumping cannot be performed on a TurboCap device");
1299 	return -1;
1300 }
1301 
1302 static PAirpcapHandle
TcGetAirPcapHandle(pcap_t * p _U_)1303 TcGetAirPcapHandle(pcap_t *p _U_)
1304 {
1305 	return NULL;
1306 }
1307 #endif
1308