1 /*
2  * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by the Computer Systems
16  *	Engineering Group at Lawrence Berkeley Laboratory.
17  * 4. Neither the name of the University nor of the Laboratory may be used
18  *    to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #ifndef lint
35 static const char rcsid[] _U_ =
36     "@(#) $Header: /tcpdump/master/libpcap/pcap.c,v 1.128 2008-12-23 20:13:29 guy Exp $ (LBL)";
37 #endif
38 
39 #ifdef HAVE_CONFIG_H
40 #include "config.h"
41 #endif
42 
43 #ifdef WIN32
44 #include <pcap-stdinc.h>
45 #else /* WIN32 */
46 #if HAVE_INTTYPES_H
47 #include <inttypes.h>
48 #elif HAVE_STDINT_H
49 #include <stdint.h>
50 #endif
51 #ifdef HAVE_SYS_BITYPES_H
52 #include <sys/bitypes.h>
53 #endif
54 #include <sys/types.h>
55 #endif /* WIN32 */
56 
57 #include <stdio.h>
58 #include <stdlib.h>
59 #include <string.h>
60 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
61 #include <unistd.h>
62 #endif
63 #include <fcntl.h>
64 #include <errno.h>
65 
66 #ifdef HAVE_OS_PROTO_H
67 #include "os-proto.h"
68 #endif
69 
70 #ifdef MSDOS
71 #include "pcap-dos.h"
72 #endif
73 
74 #include "pcap-int.h"
75 
76 #ifdef HAVE_DAG_API
77 #include "pcap-dag.h"
78 #endif /* HAVE_DAG_API */
79 
80 #ifdef HAVE_SEPTEL_API
81 #include "pcap-septel.h"
82 #endif /* HAVE_SEPTEL_API */
83 
84 #ifdef HAVE_SNF_API
85 #include "pcap-snf.h"
86 #endif /* HAVE_SNF_API */
87 
88 #ifdef PCAP_SUPPORT_USB
89 #include "pcap-usb-linux.h"
90 #endif
91 
92 #ifdef PCAP_SUPPORT_BT
93 #include "pcap-bt-linux.h"
94 #endif
95 
96 #ifdef PCAP_SUPPORT_CAN
97 #include "pcap-can-linux.h"
98 #endif
99 
100 #ifdef PCAP_SUPPORT_CANUSB
101 #include "pcap-canusb-linux.h"
102 #endif
103 
104 #ifdef PCAP_SUPPORT_NETFILTER
105 #include "pcap-netfilter-linux.h"
106 #endif
107 
108 #ifdef PCAP_SUPPORT_DBUS
109 #include "pcap-dbus.h"
110 #endif
111 
112 int
pcap_not_initialized(pcap_t * pcap _U_)113 pcap_not_initialized(pcap_t *pcap _U_)
114 {
115 	/* this means 'not initialized' */
116 	return (PCAP_ERROR_NOT_ACTIVATED);
117 }
118 
119 #ifdef WIN32
120 Adapter *
pcap_no_adapter(pcap_t * pcap _U_)121 pcap_no_adapter(pcap_t *pcap _U_)
122 {
123 	return (NULL);
124 }
125 #endif
126 
127 /*
128  * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
129  * a PCAP_ERROR value on an error.
130  */
131 int
pcap_can_set_rfmon(pcap_t * p)132 pcap_can_set_rfmon(pcap_t *p)
133 {
134 	return (p->can_set_rfmon_op(p));
135 }
136 
137 /*
138  * For systems where rfmon mode is never supported.
139  */
140 static int
pcap_cant_set_rfmon(pcap_t * p _U_)141 pcap_cant_set_rfmon(pcap_t *p _U_)
142 {
143 	return (0);
144 }
145 
146 /*
147  * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
148  * types; the return value is the number of supported time stamp types.
149  * The list should be freed by a call to pcap_free_tstamp_types() when
150  * you're done with it.
151  *
152  * A return value of 0 means "you don't get a choice of time stamp type",
153  * in which case *tstamp_typesp is set to null.
154  *
155  * PCAP_ERROR is returned on error.
156  */
157 int
pcap_list_tstamp_types(pcap_t * p,int ** tstamp_typesp)158 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
159 {
160 	if (p->tstamp_type_count == 0) {
161 		/*
162 		 * We don't support multiple time stamp types.
163 		 */
164 		*tstamp_typesp = NULL;
165 	} else {
166 		*tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
167 		    p->tstamp_type_count);
168 		if (*tstamp_typesp == NULL) {
169 			(void)snprintf(p->errbuf, sizeof(p->errbuf),
170 			    "malloc: %s", pcap_strerror(errno));
171 			return (PCAP_ERROR);
172 		}
173 		(void)memcpy(*tstamp_typesp, p->tstamp_type_list,
174 		    sizeof(**tstamp_typesp) * p->tstamp_type_count);
175 	}
176 	return (p->tstamp_type_count);
177 }
178 
179 /*
180  * In Windows, you might have a library built with one version of the
181  * C runtime library and an application built with another version of
182  * the C runtime library, which means that the library might use one
183  * version of malloc() and free() and the application might use another
184  * version of malloc() and free().  If so, that means something
185  * allocated by the library cannot be freed by the application, so we
186  * need to have a pcap_free_tstamp_types() routine to free up the list
187  * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
188  * around free().
189  */
190 void
pcap_free_tstamp_types(int * tstamp_type_list)191 pcap_free_tstamp_types(int *tstamp_type_list)
192 {
193 	free(tstamp_type_list);
194 }
195 
196 /*
197  * Default one-shot callback; overridden for capture types where the
198  * packet data cannot be guaranteed to be available after the callback
199  * returns, so that a copy must be made.
200  */
201 void
pcap_oneshot(u_char * user,const struct pcap_pkthdr * h,const u_char * pkt)202 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
203 {
204 	struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
205 
206 	*sp->hdr = *h;
207 	*sp->pkt = pkt;
208 }
209 
210 const u_char *
pcap_next(pcap_t * p,struct pcap_pkthdr * h)211 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
212 {
213 	struct oneshot_userdata s;
214 	const u_char *pkt;
215 
216 	s.hdr = h;
217 	s.pkt = &pkt;
218 	s.pd = p;
219 	if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
220 		return (0);
221 	return (pkt);
222 }
223 
224 int
pcap_next_ex(pcap_t * p,struct pcap_pkthdr ** pkt_header,const u_char ** pkt_data)225 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
226     const u_char **pkt_data)
227 {
228 	struct oneshot_userdata s;
229 
230 	s.hdr = &p->pcap_header;
231 	s.pkt = pkt_data;
232 	s.pd = p;
233 
234 	/* Saves a pointer to the packet headers */
235 	*pkt_header= &p->pcap_header;
236 
237 	if (p->rfile != NULL) {
238 		int status;
239 
240 		/* We are on an offline capture */
241 		status = pcap_offline_read(p, 1, p->oneshot_callback,
242 		    (u_char *)&s);
243 
244 		/*
245 		 * Return codes for pcap_offline_read() are:
246 		 *   -  0: EOF
247 		 *   - -1: error
248 		 *   - >1: OK
249 		 * The first one ('0') conflicts with the return code of
250 		 * 0 from pcap_read() meaning "no packets arrived before
251 		 * the timeout expired", so we map it to -2 so you can
252 		 * distinguish between an EOF from a savefile and a
253 		 * "no packets arrived before the timeout expired, try
254 		 * again" from a live capture.
255 		 */
256 		if (status == 0)
257 			return (-2);
258 		else
259 			return (status);
260 	}
261 
262 	/*
263 	 * Return codes for pcap_read() are:
264 	 *   -  0: timeout
265 	 *   - -1: error
266 	 *   - -2: loop was broken out of with pcap_breakloop()
267 	 *   - >1: OK
268 	 * The first one ('0') conflicts with the return code of 0 from
269 	 * pcap_offline_read() meaning "end of file".
270 	*/
271 	return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
272 }
273 
274 #if defined(DAG_ONLY)
275 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)276 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
277 {
278 	return (dag_findalldevs(alldevsp, errbuf));
279 }
280 
281 pcap_t *
pcap_create(const char * source,char * errbuf)282 pcap_create(const char *source, char *errbuf)
283 {
284 	return (dag_create(source, errbuf));
285 }
286 #elif defined(SEPTEL_ONLY)
287 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)288 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
289 {
290 	return (septel_findalldevs(alldevsp, errbuf));
291 }
292 
293 pcap_t *
pcap_create(const char * source,char * errbuf)294 pcap_create(const char *source, char *errbuf)
295 {
296 	return (septel_create(source, errbuf));
297 }
298 #elif defined(SNF_ONLY)
299 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)300 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
301 {
302 	return (snf_findalldevs(alldevsp, errbuf));
303 }
304 
305 pcap_t *
pcap_create(const char * source,char * errbuf)306 pcap_create(const char *source, char *errbuf)
307 {
308 	return (snf_create(source, errbuf));
309 }
310 #else /* regular pcap */
311 struct capture_source_type {
312 	int (*findalldevs_op)(pcap_if_t **, char *);
313 	pcap_t *(*create_op)(const char *, char *, int *);
314 } capture_source_types[] = {
315 #ifdef HAVE_DAG_API
316 	{ dag_findalldevs, dag_create },
317 #endif
318 #ifdef HAVE_SEPTEL_API
319 	{ septel_findalldevs, septel_create },
320 #endif
321 #ifdef HAVE_SNF_API
322 	{ snf_findalldevs, snf_create },
323 #endif
324 #ifdef PCAP_SUPPORT_BT
325 	{ bt_findalldevs, bt_create },
326 #endif
327 #if PCAP_SUPPORT_CANUSB
328 	{ canusb_findalldevs, canusb_create },
329 #endif
330 #ifdef PCAP_SUPPORT_CAN
331 	{ can_findalldevs, can_create },
332 #endif
333 #ifdef PCAP_SUPPORT_USB
334 	{ usb_findalldevs, usb_create },
335 #endif
336 #ifdef PCAP_SUPPORT_NETFILTER
337 	{ netfilter_findalldevs, netfilter_create },
338 #endif
339 #ifdef PCAP_SUPPORT_DBUS
340 	{ dbus_findalldevs, dbus_create },
341 #endif
342 	{ NULL, NULL }
343 };
344 
345 /*
346  * Get a list of all capture sources that are up and that we can open.
347  * Returns -1 on error, 0 otherwise.
348  * The list, as returned through "alldevsp", may be null if no interfaces
349  * were up and could be opened.
350  */
351 int
pcap_findalldevs(pcap_if_t ** alldevsp,char * errbuf)352 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
353 {
354 	size_t i;
355 
356 	/*
357 	 * Get the list of regular interfaces first.
358 	 */
359 	if (pcap_findalldevs_interfaces(alldevsp, errbuf) == -1)
360 		return (-1);	/* failure */
361 
362 	/*
363 	 * Add any interfaces that need a platform-specific mechanism
364 	 * to find.
365 	 */
366 	if (pcap_platform_finddevs(alldevsp, errbuf) == -1) {
367 		/*
368 		 * We had an error; free the list we've been
369 		 * constructing.
370 		 */
371 		if (*alldevsp != NULL) {
372 			pcap_freealldevs(*alldevsp);
373 			*alldevsp = NULL;
374 		}
375 		return (-1);
376 	}
377 
378 	/*
379 	 * Ask each of the non-local-network-interface capture
380 	 * source types what interfaces they have.
381 	 */
382 	for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
383 		if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
384 			/*
385 			 * We had an error; free the list we've been
386 			 * constructing.
387 			 */
388 			if (*alldevsp != NULL) {
389 				pcap_freealldevs(*alldevsp);
390 				*alldevsp = NULL;
391 			}
392 			return (-1);
393 		}
394 	}
395 	return (0);
396 }
397 
398 pcap_t *
pcap_create(const char * source,char * errbuf)399 pcap_create(const char *source, char *errbuf)
400 {
401 	size_t i;
402 	int is_theirs;
403 	pcap_t *p;
404 
405 	/*
406 	 * A null source name is equivalent to the "any" device -
407 	 * which might not be supported on this platform, but
408 	 * this means that you'll get a "not supported" error
409 	 * rather than, say, a crash when we try to dereference
410 	 * the null pointer.
411 	 */
412 	if (source == NULL)
413 		source = "any";
414 
415 	/*
416 	 * Try each of the non-local-network-interface capture
417 	 * source types until we find one that works for this
418 	 * device or run out of types.
419 	 */
420 	for (i = 0; capture_source_types[i].create_op != NULL; i++) {
421 		is_theirs = 0;
422 		p = capture_source_types[i].create_op(source, errbuf, &is_theirs);
423 		if (is_theirs) {
424 			/*
425 			 * The device name refers to a device of the
426 			 * type in question; either it succeeded,
427 			 * in which case p refers to a pcap_t to
428 			 * later activate for the device, or it
429 			 * failed, in which case p is null and we
430 			 * should return that to report the failure
431 			 * to create.
432 			 */
433 			return (p);
434 		}
435 	}
436 
437 	/*
438 	 * OK, try it as a regular network interface.
439 	 */
440 	return (pcap_create_interface(source, errbuf));
441 }
442 #endif
443 
444 static void
initialize_ops(pcap_t * p)445 initialize_ops(pcap_t *p)
446 {
447 	/*
448 	 * Set operation pointers for operations that only work on
449 	 * an activated pcap_t to point to a routine that returns
450 	 * a "this isn't activated" error.
451 	 */
452 	p->read_op = (read_op_t)pcap_not_initialized;
453 	p->inject_op = (inject_op_t)pcap_not_initialized;
454 	p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
455 	p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
456 	p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
457 	p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
458 	p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
459 	p->stats_op = (stats_op_t)pcap_not_initialized;
460 #ifdef WIN32
461 	p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
462 	p->setmode_op = (setmode_op_t)pcap_not_initialized;
463 	p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
464 	p->getadapter_op = pcap_no_adapter;
465 #endif
466 
467 	/*
468 	 * Default cleanup operation - implementations can override
469 	 * this, but should call pcap_cleanup_live_common() after
470 	 * doing their own additional cleanup.
471 	 */
472 	p->cleanup_op = pcap_cleanup_live_common;
473 
474 	/*
475 	 * In most cases, the standard one-shot callback can
476 	 * be used for pcap_next()/pcap_next_ex().
477 	 */
478 	p->oneshot_callback = pcap_oneshot;
479 }
480 
481 static pcap_t *
pcap_alloc_pcap_t(char * ebuf,size_t size)482 pcap_alloc_pcap_t(char *ebuf, size_t size)
483 {
484 	char *chunk;
485 	pcap_t *p;
486 
487 	/*
488 	 * Allocate a chunk of memory big enough for a pcap_t
489 	 * plus a structure following it of size "size".  The
490 	 * structure following it is a private data structure
491 	 * for the routines that handle this pcap_t.
492 	 */
493 	chunk = malloc(sizeof (pcap_t) + size);
494 	if (chunk == NULL) {
495 		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
496 		    pcap_strerror(errno));
497 		return (NULL);
498 	}
499 	memset(chunk, 0, sizeof (pcap_t) + size);
500 
501 	/*
502 	 * Get a pointer to the pcap_t at the beginning.
503 	 */
504 	p = (pcap_t *)chunk;
505 
506 #ifndef WIN32
507 	p->fd = -1;	/* not opened yet */
508 	p->selectable_fd = -1;
509 #endif
510 
511 	if (size == 0) {
512 		/* No private data was requested. */
513 		p->priv = NULL;
514 	} else {
515 		/*
516 		 * Set the pointer to the private data; that's the structure
517 		 * of size "size" following the pcap_t.
518 		 */
519 		p->priv = (void *)(chunk + sizeof (pcap_t));
520 	}
521 
522 	return (p);
523 }
524 
525 pcap_t *
pcap_create_common(const char * source,char * ebuf,size_t size)526 pcap_create_common(const char *source, char *ebuf, size_t size)
527 {
528 	pcap_t *p;
529 
530 	p = pcap_alloc_pcap_t(ebuf, size);
531 	if (p == NULL)
532 		return (NULL);
533 
534 	p->opt.source = strdup(source);
535 	if (p->opt.source == NULL) {
536 		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
537 		    pcap_strerror(errno));
538 		free(p);
539 		return (NULL);
540 	}
541 
542 	/*
543 	 * Default to "can't set rfmon mode"; if it's supported by
544 	 * a platform, the create routine that called us can set
545 	 * the op to its routine to check whether a particular
546 	 * device supports it.
547 	 */
548 	p->can_set_rfmon_op = pcap_cant_set_rfmon;
549 
550 	initialize_ops(p);
551 
552 	/* put in some defaults*/
553  	pcap_set_snaplen(p, 65535);	/* max packet size */
554 	p->opt.timeout = 0;		/* no timeout specified */
555 	p->opt.buffer_size = 0;		/* use the platform's default */
556 	p->opt.promisc = 0;
557 	p->opt.rfmon = 0;
558 	p->opt.immediate = 0;
559 	p->opt.tstamp_type = -1;	/* default to not setting time stamp type */
560 	p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
561 	return (p);
562 }
563 
564 int
pcap_check_activated(pcap_t * p)565 pcap_check_activated(pcap_t *p)
566 {
567 	if (p->activated) {
568 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
569 			" operation on activated capture");
570 		return (-1);
571 	}
572 	return (0);
573 }
574 
575 int
pcap_set_snaplen(pcap_t * p,int snaplen)576 pcap_set_snaplen(pcap_t *p, int snaplen)
577 {
578 	if (pcap_check_activated(p))
579 		return (PCAP_ERROR_ACTIVATED);
580 	p->snapshot = snaplen;
581 	return (0);
582 }
583 
584 int
pcap_set_promisc(pcap_t * p,int promisc)585 pcap_set_promisc(pcap_t *p, int promisc)
586 {
587 	if (pcap_check_activated(p))
588 		return (PCAP_ERROR_ACTIVATED);
589 	p->opt.promisc = promisc;
590 	return (0);
591 }
592 
593 int
pcap_set_rfmon(pcap_t * p,int rfmon)594 pcap_set_rfmon(pcap_t *p, int rfmon)
595 {
596 	if (pcap_check_activated(p))
597 		return (PCAP_ERROR_ACTIVATED);
598 	p->opt.rfmon = rfmon;
599 	return (0);
600 }
601 
602 int
pcap_set_timeout(pcap_t * p,int timeout_ms)603 pcap_set_timeout(pcap_t *p, int timeout_ms)
604 {
605 	if (pcap_check_activated(p))
606 		return (PCAP_ERROR_ACTIVATED);
607 	p->opt.timeout = timeout_ms;
608 	return (0);
609 }
610 
611 int
pcap_set_tstamp_type(pcap_t * p,int tstamp_type)612 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
613 {
614 	int i;
615 
616 	if (pcap_check_activated(p))
617 		return (PCAP_ERROR_ACTIVATED);
618 
619 	/*
620 	 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
621 	 * the default time stamp type is PCAP_TSTAMP_HOST.
622 	 */
623 	if (p->tstamp_type_count == 0) {
624 		if (tstamp_type == PCAP_TSTAMP_HOST) {
625 			p->opt.tstamp_type = tstamp_type;
626 			return (0);
627 		}
628 	} else {
629 		/*
630 		 * Check whether we claim to support this type of time stamp.
631 		 */
632 		for (i = 0; i < p->tstamp_type_count; i++) {
633 			if (p->tstamp_type_list[i] == tstamp_type) {
634 				/*
635 				 * Yes.
636 				 */
637 				p->opt.tstamp_type = tstamp_type;
638 				return (0);
639 			}
640 		}
641 	}
642 
643 	/*
644 	 * We don't support this type of time stamp.
645 	 */
646 	return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
647 }
648 
649 int
pcap_set_immediate_mode(pcap_t * p,int immediate)650 pcap_set_immediate_mode(pcap_t *p, int immediate)
651 {
652 	if (pcap_check_activated(p))
653 		return (PCAP_ERROR_ACTIVATED);
654 	p->opt.immediate = immediate;
655 	return (0);
656 }
657 
658 int
pcap_set_buffer_size(pcap_t * p,int buffer_size)659 pcap_set_buffer_size(pcap_t *p, int buffer_size)
660 {
661 	if (pcap_check_activated(p))
662 		return (PCAP_ERROR_ACTIVATED);
663 	p->opt.buffer_size = buffer_size;
664 	return (0);
665 }
666 
667 int
pcap_set_tstamp_precision(pcap_t * p,int tstamp_precision)668 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
669 {
670 	int i;
671 
672 	if (pcap_check_activated(p))
673 		return (PCAP_ERROR_ACTIVATED);
674 
675 	/*
676 	 * If p->tstamp_precision_count is 0, we only support setting
677 	 * the time stamp precision to microsecond precision; every
678 	 * pcap module *MUST* support microsecond precision, even if
679 	 * it does so by converting the native precision to
680 	 * microseconds.
681 	 */
682 	if (p->tstamp_precision_count == 0) {
683 		if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
684 			p->opt.tstamp_precision = tstamp_precision;
685 			return (0);
686 		}
687 	} else {
688 		/*
689 		 * Check whether we claim to support this precision of
690 		 * time stamp.
691 		 */
692 		for (i = 0; i < p->tstamp_precision_count; i++) {
693 			if (p->tstamp_precision_list[i] == tstamp_precision) {
694 				/*
695 				 * Yes.
696 				 */
697 				p->opt.tstamp_precision = tstamp_precision;
698 				return (0);
699 			}
700 		}
701 	}
702 
703 	/*
704 	 * We don't support this time stamp precision.
705 	 */
706 	return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
707 }
708 
709 int
pcap_get_tstamp_precision(pcap_t * p)710 pcap_get_tstamp_precision(pcap_t *p)
711 {
712         return (p->opt.tstamp_precision);
713 }
714 
715 int
pcap_activate(pcap_t * p)716 pcap_activate(pcap_t *p)
717 {
718 	int status;
719 
720 	/*
721 	 * Catch attempts to re-activate an already-activated
722 	 * pcap_t; this should, for example, catch code that
723 	 * calls pcap_open_live() followed by pcap_activate(),
724 	 * as some code that showed up in a Stack Exchange
725 	 * question did.
726 	 */
727 	if (pcap_check_activated(p))
728 		return (PCAP_ERROR_ACTIVATED);
729 	status = p->activate_op(p);
730 	if (status >= 0)
731 		p->activated = 1;
732 	else {
733 		if (p->errbuf[0] == '\0') {
734 			/*
735 			 * No error message supplied by the activate routine;
736 			 * for the benefit of programs that don't specially
737 			 * handle errors other than PCAP_ERROR, return the
738 			 * error message corresponding to the status.
739 			 */
740 			snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
741 			    pcap_statustostr(status));
742 		}
743 
744 		/*
745 		 * Undo any operation pointer setting, etc. done by
746 		 * the activate operation.
747 		 */
748 		initialize_ops(p);
749 	}
750 	return (status);
751 }
752 
753 pcap_t *
pcap_open_live(const char * source,int snaplen,int promisc,int to_ms,char * errbuf)754 pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *errbuf)
755 {
756 	pcap_t *p;
757 	int status;
758 
759 	p = pcap_create(source, errbuf);
760 	if (p == NULL)
761 		return (NULL);
762 	status = pcap_set_snaplen(p, snaplen);
763 	if (status < 0)
764 		goto fail;
765 	status = pcap_set_promisc(p, promisc);
766 	if (status < 0)
767 		goto fail;
768 	status = pcap_set_timeout(p, to_ms);
769 	if (status < 0)
770 		goto fail;
771 	/*
772 	 * Mark this as opened with pcap_open_live(), so that, for
773 	 * example, we show the full list of DLT_ values, rather
774 	 * than just the ones that are compatible with capturing
775 	 * when not in monitor mode.  That allows existing applications
776 	 * to work the way they used to work, but allows new applications
777 	 * that know about the new open API to, for example, find out the
778 	 * DLT_ values that they can select without changing whether
779 	 * the adapter is in monitor mode or not.
780 	 */
781 	p->oldstyle = 1;
782 	status = pcap_activate(p);
783 	if (status < 0)
784 		goto fail;
785 	return (p);
786 fail:
787 	if (status == PCAP_ERROR)
788 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
789 		    p->errbuf);
790 	else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
791 	    status == PCAP_ERROR_PERM_DENIED ||
792 	    status == PCAP_ERROR_PROMISC_PERM_DENIED)
793 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
794 		    pcap_statustostr(status), p->errbuf);
795 	else
796 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
797 		    pcap_statustostr(status));
798 	pcap_close(p);
799 	return (NULL);
800 }
801 
802 pcap_t *
pcap_open_offline_common(char * ebuf,size_t size)803 pcap_open_offline_common(char *ebuf, size_t size)
804 {
805 	pcap_t *p;
806 
807 	p = pcap_alloc_pcap_t(ebuf, size);
808 	if (p == NULL)
809 		return (NULL);
810 
811 	p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
812 	p->opt.source = strdup("(savefile)");
813 	if (p->opt.source == NULL) {
814 		snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
815 		    pcap_strerror(errno));
816 		free(p);
817 		return (NULL);
818 	}
819 
820 	return (p);
821 }
822 
823 int
pcap_dispatch(pcap_t * p,int cnt,pcap_handler callback,u_char * user)824 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
825 {
826 	return (p->read_op(p, cnt, callback, user));
827 }
828 
829 /*
830  * XXX - is this necessary?
831  */
832 int
pcap_read(pcap_t * p,int cnt,pcap_handler callback,u_char * user)833 pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
834 {
835 
836 	return (p->read_op(p, cnt, callback, user));
837 }
838 
839 int
pcap_loop(pcap_t * p,int cnt,pcap_handler callback,u_char * user)840 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
841 {
842 	register int n;
843 
844 	for (;;) {
845 		if (p->rfile != NULL) {
846 			/*
847 			 * 0 means EOF, so don't loop if we get 0.
848 			 */
849 			n = pcap_offline_read(p, cnt, callback, user);
850 		} else {
851 			/*
852 			 * XXX keep reading until we get something
853 			 * (or an error occurs)
854 			 */
855 			do {
856 				n = p->read_op(p, cnt, callback, user);
857 			} while (n == 0);
858 		}
859 		if (n <= 0)
860 			return (n);
861 		if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
862 			cnt -= n;
863 			if (cnt <= 0)
864 				return (0);
865 		}
866 	}
867 }
868 
869 /*
870  * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
871  */
872 void
pcap_breakloop(pcap_t * p)873 pcap_breakloop(pcap_t *p)
874 {
875 	p->break_loop = 1;
876 }
877 
878 int
pcap_datalink(pcap_t * p)879 pcap_datalink(pcap_t *p)
880 {
881 	if (!p->activated)
882 		return (PCAP_ERROR_NOT_ACTIVATED);
883 	return (p->linktype);
884 }
885 
886 int
pcap_datalink_ext(pcap_t * p)887 pcap_datalink_ext(pcap_t *p)
888 {
889 	if (!p->activated)
890 		return (PCAP_ERROR_NOT_ACTIVATED);
891 	return (p->linktype_ext);
892 }
893 
894 int
pcap_list_datalinks(pcap_t * p,int ** dlt_buffer)895 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
896 {
897 	if (!p->activated)
898 		return (PCAP_ERROR_NOT_ACTIVATED);
899 	if (p->dlt_count == 0) {
900 		/*
901 		 * We couldn't fetch the list of DLTs, which means
902 		 * this platform doesn't support changing the
903 		 * DLT for an interface.  Return a list of DLTs
904 		 * containing only the DLT this device supports.
905 		 */
906 		*dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
907 		if (*dlt_buffer == NULL) {
908 			(void)snprintf(p->errbuf, sizeof(p->errbuf),
909 			    "malloc: %s", pcap_strerror(errno));
910 			return (PCAP_ERROR);
911 		}
912 		**dlt_buffer = p->linktype;
913 		return (1);
914 	} else {
915 		*dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
916 		if (*dlt_buffer == NULL) {
917 			(void)snprintf(p->errbuf, sizeof(p->errbuf),
918 			    "malloc: %s", pcap_strerror(errno));
919 			return (PCAP_ERROR);
920 		}
921 		(void)memcpy(*dlt_buffer, p->dlt_list,
922 		    sizeof(**dlt_buffer) * p->dlt_count);
923 		return (p->dlt_count);
924 	}
925 }
926 
927 /*
928  * In Windows, you might have a library built with one version of the
929  * C runtime library and an application built with another version of
930  * the C runtime library, which means that the library might use one
931  * version of malloc() and free() and the application might use another
932  * version of malloc() and free().  If so, that means something
933  * allocated by the library cannot be freed by the application, so we
934  * need to have a pcap_free_datalinks() routine to free up the list
935  * allocated by pcap_list_datalinks(), even though it's just a wrapper
936  * around free().
937  */
938 void
pcap_free_datalinks(int * dlt_list)939 pcap_free_datalinks(int *dlt_list)
940 {
941 	free(dlt_list);
942 }
943 
944 int
pcap_set_datalink(pcap_t * p,int dlt)945 pcap_set_datalink(pcap_t *p, int dlt)
946 {
947 	int i;
948 	const char *dlt_name;
949 
950 	if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
951 		/*
952 		 * We couldn't fetch the list of DLTs, or we don't
953 		 * have a "set datalink" operation, which means
954 		 * this platform doesn't support changing the
955 		 * DLT for an interface.  Check whether the new
956 		 * DLT is the one this interface supports.
957 		 */
958 		if (p->linktype != dlt)
959 			goto unsupported;
960 
961 		/*
962 		 * It is, so there's nothing we need to do here.
963 		 */
964 		return (0);
965 	}
966 	for (i = 0; i < p->dlt_count; i++)
967 		if (p->dlt_list[i] == dlt)
968 			break;
969 	if (i >= p->dlt_count)
970 		goto unsupported;
971 	if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
972 	    dlt == DLT_DOCSIS) {
973 		/*
974 		 * This is presumably an Ethernet device, as the first
975 		 * link-layer type it offers is DLT_EN10MB, and the only
976 		 * other type it offers is DLT_DOCSIS.  That means that
977 		 * we can't tell the driver to supply DOCSIS link-layer
978 		 * headers - we're just pretending that's what we're
979 		 * getting, as, presumably, we're capturing on a dedicated
980 		 * link to a Cisco Cable Modem Termination System, and
981 		 * it's putting raw DOCSIS frames on the wire inside low-level
982 		 * Ethernet framing.
983 		 */
984 		p->linktype = dlt;
985 		return (0);
986 	}
987 	if (p->set_datalink_op(p, dlt) == -1)
988 		return (-1);
989 	p->linktype = dlt;
990 	return (0);
991 
992 unsupported:
993 	dlt_name = pcap_datalink_val_to_name(dlt);
994 	if (dlt_name != NULL) {
995 		(void) snprintf(p->errbuf, sizeof(p->errbuf),
996 		    "%s is not one of the DLTs supported by this device",
997 		    dlt_name);
998 	} else {
999 		(void) snprintf(p->errbuf, sizeof(p->errbuf),
1000 		    "DLT %d is not one of the DLTs supported by this device",
1001 		    dlt);
1002 	}
1003 	return (-1);
1004 }
1005 
1006 /*
1007  * This array is designed for mapping upper and lower case letter
1008  * together for a case independent comparison.  The mappings are
1009  * based upon ascii character sequences.
1010  */
1011 static const u_char charmap[] = {
1012 	(u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1013 	(u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1014 	(u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1015 	(u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1016 	(u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1017 	(u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1018 	(u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1019 	(u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1020 	(u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1021 	(u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1022 	(u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1023 	(u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1024 	(u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1025 	(u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1026 	(u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1027 	(u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1028 	(u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1029 	(u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1030 	(u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1031 	(u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1032 	(u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1033 	(u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1034 	(u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1035 	(u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1036 	(u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1037 	(u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1038 	(u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1039 	(u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1040 	(u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1041 	(u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1042 	(u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1043 	(u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1044 	(u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1045 	(u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1046 	(u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1047 	(u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1048 	(u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1049 	(u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1050 	(u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1051 	(u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1052 	(u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1053 	(u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1054 	(u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1055 	(u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1056 	(u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1057 	(u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1058 	(u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1059 	(u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1060 	(u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1061 	(u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1062 	(u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1063 	(u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1064 	(u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1065 	(u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1066 	(u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1067 	(u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1068 	(u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1069 	(u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1070 	(u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1071 	(u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1072 	(u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1073 	(u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1074 	(u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1075 	(u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1076 };
1077 
1078 int
pcap_strcasecmp(const char * s1,const char * s2)1079 pcap_strcasecmp(const char *s1, const char *s2)
1080 {
1081 	register const u_char	*cm = charmap,
1082 				*us1 = (const u_char *)s1,
1083 				*us2 = (const u_char *)s2;
1084 
1085 	while (cm[*us1] == cm[*us2++])
1086 		if (*us1++ == '\0')
1087 			return(0);
1088 	return (cm[*us1] - cm[*--us2]);
1089 }
1090 
1091 struct dlt_choice {
1092 	const char *name;
1093 	const char *description;
1094 	int	dlt;
1095 };
1096 
1097 #define DLT_CHOICE(code, description) { #code, description, code }
1098 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1099 
1100 static struct dlt_choice dlt_choices[] = {
1101 	DLT_CHOICE(DLT_NULL, "BSD loopback"),
1102 	DLT_CHOICE(DLT_EN10MB, "Ethernet"),
1103 	DLT_CHOICE(DLT_IEEE802, "Token ring"),
1104 	DLT_CHOICE(DLT_ARCNET, "BSD ARCNET"),
1105 	DLT_CHOICE(DLT_SLIP, "SLIP"),
1106 	DLT_CHOICE(DLT_PPP, "PPP"),
1107 	DLT_CHOICE(DLT_FDDI, "FDDI"),
1108 	DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1109 	DLT_CHOICE(DLT_RAW, "Raw IP"),
1110 	DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
1111 	DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
1112 	DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
1113 	DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
1114 	DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
1115         DLT_CHOICE(DLT_SYMANTEC_FIREWALL, "Symantec Firewall"),
1116 	DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
1117 	DLT_CHOICE(DLT_IEEE802_11, "802.11"),
1118 	DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
1119 	DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
1120 	DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
1121 	DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
1122 	DLT_CHOICE(DLT_LTALK, "Localtalk"),
1123 	DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
1124 	DLT_CHOICE(DLT_PFSYNC, "Packet filter state syncing"),
1125 	DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
1126 	DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1127 	DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
1128 	DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radiotap header"),
1129 	DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
1130         DLT_CHOICE(DLT_JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1131 	DLT_CHOICE(DLT_JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1132         DLT_CHOICE(DLT_JUNIPER_ES, "Juniper Encryption Services PIC"),
1133         DLT_CHOICE(DLT_JUNIPER_GGSN, "Juniper GGSN PIC"),
1134 	DLT_CHOICE(DLT_JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1135         DLT_CHOICE(DLT_JUNIPER_ATM2, "Juniper ATM2 PIC"),
1136         DLT_CHOICE(DLT_JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1137         DLT_CHOICE(DLT_JUNIPER_ATM1, "Juniper ATM1 PIC"),
1138 	DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1139 	DLT_CHOICE(DLT_MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1140 	DLT_CHOICE(DLT_MTP2, "SS7 MTP2"),
1141 	DLT_CHOICE(DLT_MTP3, "SS7 MTP3"),
1142 	DLT_CHOICE(DLT_SCCP, "SS7 SCCP"),
1143 	DLT_CHOICE(DLT_DOCSIS, "DOCSIS"),
1144 	DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
1145 	DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1146         DLT_CHOICE(DLT_JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1147 	DLT_CHOICE(DLT_BACNET_MS_TP, "BACnet MS/TP"),
1148 	DLT_CHOICE(DLT_PPP_PPPD, "PPP for pppd, with direction flag"),
1149 	DLT_CHOICE(DLT_JUNIPER_PPPOE, "Juniper PPPoE"),
1150 	DLT_CHOICE(DLT_JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1151 	DLT_CHOICE(DLT_GPRS_LLC, "GPRS LLC"),
1152 	DLT_CHOICE(DLT_GPF_T, "GPF-T"),
1153 	DLT_CHOICE(DLT_GPF_F, "GPF-F"),
1154 	DLT_CHOICE(DLT_JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1155 	DLT_CHOICE(DLT_ERF_ETH,	"Ethernet with Endace ERF header"),
1156 	DLT_CHOICE(DLT_ERF_POS, "Packet-over-SONET with Endace ERF header"),
1157 	DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
1158 	DLT_CHOICE(DLT_JUNIPER_ETHER, "Juniper Ethernet"),
1159 	DLT_CHOICE(DLT_JUNIPER_PPP, "Juniper PPP"),
1160 	DLT_CHOICE(DLT_JUNIPER_FRELAY, "Juniper Frame Relay"),
1161 	DLT_CHOICE(DLT_JUNIPER_CHDLC, "Juniper C-HDLC"),
1162 	DLT_CHOICE(DLT_MFR, "FRF.16 Frame Relay"),
1163 	DLT_CHOICE(DLT_JUNIPER_VP, "Juniper Voice PIC"),
1164 	DLT_CHOICE(DLT_A429, "Arinc 429"),
1165 	DLT_CHOICE(DLT_A653_ICM, "Arinc 653 Interpartition Communication"),
1166 	DLT_CHOICE(DLT_USB, "USB"),
1167 	DLT_CHOICE(DLT_BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1168 	DLT_CHOICE(DLT_IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1169 	DLT_CHOICE(DLT_USB_LINUX, "USB with Linux header"),
1170 	DLT_CHOICE(DLT_CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1171 	DLT_CHOICE(DLT_IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1172 	DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
1173 	DLT_CHOICE(DLT_IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1174 	DLT_CHOICE(DLT_JUNIPER_ISM, "Juniper Integrated Service Module"),
1175 	DLT_CHOICE(DLT_IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1176 	DLT_CHOICE(DLT_SITA, "SITA pseudo-header"),
1177 	DLT_CHOICE(DLT_ERF, "Endace ERF header"),
1178 	DLT_CHOICE(DLT_RAIF1, "Ethernet with u10 Networks pseudo-header"),
1179 	DLT_CHOICE(DLT_IPMB, "IPMB"),
1180 	DLT_CHOICE(DLT_JUNIPER_ST, "Juniper Secure Tunnel"),
1181 	DLT_CHOICE(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1182 	DLT_CHOICE(DLT_AX25_KISS, "AX.25 with KISS header"),
1183 	DLT_CHOICE(DLT_IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1184 	DLT_CHOICE(DLT_MPLS, "MPLS with label as link-layer header"),
1185 	DLT_CHOICE(DLT_USB_LINUX_MMAPPED, "USB with padded Linux header"),
1186 	DLT_CHOICE(DLT_DECT, "DECT"),
1187 	DLT_CHOICE(DLT_AOS, "AOS Space Data Link protocol"),
1188 	DLT_CHOICE(DLT_WIHART, "Wireless HART"),
1189 	DLT_CHOICE(DLT_FC_2, "Fibre Channel FC-2"),
1190 	DLT_CHOICE(DLT_FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1191 	DLT_CHOICE(DLT_IPNET, "Solaris ipnet"),
1192 	DLT_CHOICE(DLT_CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1193 	DLT_CHOICE(DLT_IPV4, "Raw IPv4"),
1194 	DLT_CHOICE(DLT_IPV6, "Raw IPv6"),
1195 	DLT_CHOICE(DLT_IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1196 	DLT_CHOICE(DLT_JUNIPER_VS, "Juniper Virtual Server"),
1197 	DLT_CHOICE(DLT_JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1198 	DLT_CHOICE(DLT_JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1199 	DLT_CHOICE(DLT_DVB_CI, "DVB-CI"),
1200 	DLT_CHOICE(DLT_JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1201 	DLT_CHOICE(DLT_NFLOG, "Linux netfilter log messages"),
1202 	DLT_CHOICE(DLT_NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1203 	DLT_CHOICE(DLT_NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1204 	DLT_CHOICE(DLT_IPOIB, "RFC 4391 IP-over-Infiniband"),
1205 	DLT_CHOICE(DLT_DBUS, "D-Bus"),
1206 	DLT_CHOICE_SENTINEL
1207 };
1208 
1209 int
pcap_datalink_name_to_val(const char * name)1210 pcap_datalink_name_to_val(const char *name)
1211 {
1212 	int i;
1213 
1214 	for (i = 0; dlt_choices[i].name != NULL; i++) {
1215 		if (pcap_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
1216 		    name) == 0)
1217 			return (dlt_choices[i].dlt);
1218 	}
1219 	return (-1);
1220 }
1221 
1222 const char *
pcap_datalink_val_to_name(int dlt)1223 pcap_datalink_val_to_name(int dlt)
1224 {
1225 	int i;
1226 
1227 	for (i = 0; dlt_choices[i].name != NULL; i++) {
1228 		if (dlt_choices[i].dlt == dlt)
1229 			return (dlt_choices[i].name + sizeof("DLT_") - 1);
1230 	}
1231 	return (NULL);
1232 }
1233 
1234 const char *
pcap_datalink_val_to_description(int dlt)1235 pcap_datalink_val_to_description(int dlt)
1236 {
1237 	int i;
1238 
1239 	for (i = 0; dlt_choices[i].name != NULL; i++) {
1240 		if (dlt_choices[i].dlt == dlt)
1241 			return (dlt_choices[i].description);
1242 	}
1243 	return (NULL);
1244 }
1245 
1246 struct tstamp_type_choice {
1247 	const char *name;
1248 	const char *description;
1249 	int	type;
1250 };
1251 
1252 static struct tstamp_type_choice tstamp_type_choices[] = {
1253 	{ "host", "Host", PCAP_TSTAMP_HOST },
1254 	{ "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1255 	{ "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1256 	{ "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1257 	{ "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1258 	{ NULL, NULL, 0 }
1259 };
1260 
1261 int
pcap_tstamp_type_name_to_val(const char * name)1262 pcap_tstamp_type_name_to_val(const char *name)
1263 {
1264 	int i;
1265 
1266 	for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1267 		if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1268 			return (tstamp_type_choices[i].type);
1269 	}
1270 	return (PCAP_ERROR);
1271 }
1272 
1273 const char *
pcap_tstamp_type_val_to_name(int tstamp_type)1274 pcap_tstamp_type_val_to_name(int tstamp_type)
1275 {
1276 	int i;
1277 
1278 	for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1279 		if (tstamp_type_choices[i].type == tstamp_type)
1280 			return (tstamp_type_choices[i].name);
1281 	}
1282 	return (NULL);
1283 }
1284 
1285 const char *
pcap_tstamp_type_val_to_description(int tstamp_type)1286 pcap_tstamp_type_val_to_description(int tstamp_type)
1287 {
1288 	int i;
1289 
1290 	for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1291 		if (tstamp_type_choices[i].type == tstamp_type)
1292 			return (tstamp_type_choices[i].description);
1293 	}
1294 	return (NULL);
1295 }
1296 
1297 int
pcap_snapshot(pcap_t * p)1298 pcap_snapshot(pcap_t *p)
1299 {
1300 	if (!p->activated)
1301 		return (PCAP_ERROR_NOT_ACTIVATED);
1302 	return (p->snapshot);
1303 }
1304 
1305 int
pcap_is_swapped(pcap_t * p)1306 pcap_is_swapped(pcap_t *p)
1307 {
1308 	if (!p->activated)
1309 		return (PCAP_ERROR_NOT_ACTIVATED);
1310 	return (p->swapped);
1311 }
1312 
1313 int
pcap_major_version(pcap_t * p)1314 pcap_major_version(pcap_t *p)
1315 {
1316 	if (!p->activated)
1317 		return (PCAP_ERROR_NOT_ACTIVATED);
1318 	return (p->version_major);
1319 }
1320 
1321 int
pcap_minor_version(pcap_t * p)1322 pcap_minor_version(pcap_t *p)
1323 {
1324 	if (!p->activated)
1325 		return (PCAP_ERROR_NOT_ACTIVATED);
1326 	return (p->version_minor);
1327 }
1328 
1329 FILE *
pcap_file(pcap_t * p)1330 pcap_file(pcap_t *p)
1331 {
1332 	return (p->rfile);
1333 }
1334 
1335 int
pcap_fileno(pcap_t * p)1336 pcap_fileno(pcap_t *p)
1337 {
1338 #ifndef WIN32
1339 	return (p->fd);
1340 #else
1341 	if (p->adapter != NULL)
1342 		return ((int)(DWORD)p->adapter->hFile);
1343 	else
1344 		return (PCAP_ERROR);
1345 #endif
1346 }
1347 
1348 #if !defined(WIN32) && !defined(MSDOS)
1349 int
pcap_get_selectable_fd(pcap_t * p)1350 pcap_get_selectable_fd(pcap_t *p)
1351 {
1352 	return (p->selectable_fd);
1353 }
1354 #endif
1355 
1356 void
pcap_perror(pcap_t * p,char * prefix)1357 pcap_perror(pcap_t *p, char *prefix)
1358 {
1359 	fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1360 }
1361 
1362 char *
pcap_geterr(pcap_t * p)1363 pcap_geterr(pcap_t *p)
1364 {
1365 	return (p->errbuf);
1366 }
1367 
1368 int
pcap_getnonblock(pcap_t * p,char * errbuf)1369 pcap_getnonblock(pcap_t *p, char *errbuf)
1370 {
1371 	int ret;
1372 
1373 	ret = p->getnonblock_op(p, errbuf);
1374 	if (ret == -1) {
1375 		/*
1376 		 * In case somebody depended on the bug wherein
1377 		 * the error message was put into p->errbuf
1378 		 * by pcap_getnonblock_fd().
1379 		 */
1380 		strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1381 	}
1382 	return (ret);
1383 }
1384 
1385 /*
1386  * Get the current non-blocking mode setting, under the assumption that
1387  * it's just the standard POSIX non-blocking flag.
1388  *
1389  * We don't look at "p->nonblock", in case somebody tweaked the FD
1390  * directly.
1391  */
1392 #if !defined(WIN32) && !defined(MSDOS)
1393 int
pcap_getnonblock_fd(pcap_t * p,char * errbuf)1394 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1395 {
1396 	int fdflags;
1397 
1398 	fdflags = fcntl(p->fd, F_GETFL, 0);
1399 	if (fdflags == -1) {
1400 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1401 		    pcap_strerror(errno));
1402 		return (-1);
1403 	}
1404 	if (fdflags & O_NONBLOCK)
1405 		return (1);
1406 	else
1407 		return (0);
1408 }
1409 #endif
1410 
1411 int
pcap_setnonblock(pcap_t * p,int nonblock,char * errbuf)1412 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1413 {
1414 	int ret;
1415 
1416 	ret = p->setnonblock_op(p, nonblock, errbuf);
1417 	if (ret == -1) {
1418 		/*
1419 		 * In case somebody depended on the bug wherein
1420 		 * the error message was put into p->errbuf
1421 		 * by pcap_setnonblock_fd().
1422 		 */
1423 		strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1424 	}
1425 	return (ret);
1426 }
1427 
1428 #if !defined(WIN32) && !defined(MSDOS)
1429 /*
1430  * Set non-blocking mode, under the assumption that it's just the
1431  * standard POSIX non-blocking flag.  (This can be called by the
1432  * per-platform non-blocking-mode routine if that routine also
1433  * needs to do some additional work.)
1434  */
1435 int
pcap_setnonblock_fd(pcap_t * p,int nonblock,char * errbuf)1436 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1437 {
1438 	int fdflags;
1439 
1440 	fdflags = fcntl(p->fd, F_GETFL, 0);
1441 	if (fdflags == -1) {
1442 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1443 		    pcap_strerror(errno));
1444 		return (-1);
1445 	}
1446 	if (nonblock)
1447 		fdflags |= O_NONBLOCK;
1448 	else
1449 		fdflags &= ~O_NONBLOCK;
1450 	if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1451 		snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1452 		    pcap_strerror(errno));
1453 		return (-1);
1454 	}
1455 	return (0);
1456 }
1457 #endif
1458 
1459 #ifdef WIN32
1460 /*
1461  * Generate a string for the last Win32-specific error (i.e. an error generated when
1462  * calling a Win32 API).
1463  * For errors occurred during standard C calls, we still use pcap_strerror()
1464  */
1465 char *
pcap_win32strerror(void)1466 pcap_win32strerror(void)
1467 {
1468 	DWORD error;
1469 	static char errbuf[PCAP_ERRBUF_SIZE+1];
1470 	int errlen;
1471 	char *p;
1472 
1473 	error = GetLastError();
1474 	FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1475 	    PCAP_ERRBUF_SIZE, NULL);
1476 
1477 	/*
1478 	 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1479 	 * message.  Get rid of it.
1480 	 */
1481 	errlen = strlen(errbuf);
1482 	if (errlen >= 2) {
1483 		errbuf[errlen - 1] = '\0';
1484 		errbuf[errlen - 2] = '\0';
1485 	}
1486 	p = strchr(errbuf, '\0');
1487 	snprintf (p, sizeof(errbuf)-(p-errbuf), " (%lu)", error);
1488 	return (errbuf);
1489 }
1490 #endif
1491 
1492 /*
1493  * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1494  */
1495 const char *
pcap_statustostr(int errnum)1496 pcap_statustostr(int errnum)
1497 {
1498 	static char ebuf[15+10+1];
1499 
1500 	switch (errnum) {
1501 
1502 	case PCAP_WARNING:
1503 		return("Generic warning");
1504 
1505 	case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1506 		return ("That type of time stamp is not supported by that device");
1507 
1508 	case PCAP_WARNING_PROMISC_NOTSUP:
1509 		return ("That device doesn't support promiscuous mode");
1510 
1511 	case PCAP_ERROR:
1512 		return("Generic error");
1513 
1514 	case PCAP_ERROR_BREAK:
1515 		return("Loop terminated by pcap_breakloop");
1516 
1517 	case PCAP_ERROR_NOT_ACTIVATED:
1518 		return("The pcap_t has not been activated");
1519 
1520 	case PCAP_ERROR_ACTIVATED:
1521 		return ("The setting can't be changed after the pcap_t is activated");
1522 
1523 	case PCAP_ERROR_NO_SUCH_DEVICE:
1524 		return ("No such device exists");
1525 
1526 	case PCAP_ERROR_RFMON_NOTSUP:
1527 		return ("That device doesn't support monitor mode");
1528 
1529 	case PCAP_ERROR_NOT_RFMON:
1530 		return ("That operation is supported only in monitor mode");
1531 
1532 	case PCAP_ERROR_PERM_DENIED:
1533 		return ("You don't have permission to capture on that device");
1534 
1535 	case PCAP_ERROR_IFACE_NOT_UP:
1536 		return ("That device is not up");
1537 
1538 	case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1539 		return ("That device doesn't support setting the time stamp type");
1540 
1541 	case PCAP_ERROR_PROMISC_PERM_DENIED:
1542 		return ("You don't have permission to capture in promiscuous mode on that device");
1543 
1544 	case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
1545 		return ("That device doesn't support that time stamp precision");
1546 	}
1547 	(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1548 	return(ebuf);
1549 }
1550 
1551 /*
1552  * Not all systems have strerror().
1553  */
1554 const char *
pcap_strerror(int errnum)1555 pcap_strerror(int errnum)
1556 {
1557 #ifdef HAVE_STRERROR
1558 	return (strerror(errnum));
1559 #else
1560 	extern int sys_nerr;
1561 	extern const char *const sys_errlist[];
1562 	static char ebuf[15+10+1];
1563 
1564 	if ((unsigned int)errnum < sys_nerr)
1565 		return ((char *)sys_errlist[errnum]);
1566 	(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1567 	return(ebuf);
1568 #endif
1569 }
1570 
1571 int
pcap_setfilter(pcap_t * p,struct bpf_program * fp)1572 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1573 {
1574 	return (p->setfilter_op(p, fp));
1575 }
1576 
1577 /*
1578  * Set direction flag, which controls whether we accept only incoming
1579  * packets, only outgoing packets, or both.
1580  * Note that, depending on the platform, some or all direction arguments
1581  * might not be supported.
1582  */
1583 int
pcap_setdirection(pcap_t * p,pcap_direction_t d)1584 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1585 {
1586 	if (p->setdirection_op == NULL) {
1587 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1588 		    "Setting direction is not implemented on this platform");
1589 		return (-1);
1590 	} else
1591 		return (p->setdirection_op(p, d));
1592 }
1593 
1594 int
pcap_stats(pcap_t * p,struct pcap_stat * ps)1595 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1596 {
1597 	return (p->stats_op(p, ps));
1598 }
1599 
1600 static int
pcap_stats_dead(pcap_t * p,struct pcap_stat * ps _U_)1601 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1602 {
1603 	snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1604 	    "Statistics aren't available from a pcap_open_dead pcap_t");
1605 	return (-1);
1606 }
1607 
1608 #ifdef WIN32
1609 int
pcap_setbuff(pcap_t * p,int dim)1610 pcap_setbuff(pcap_t *p, int dim)
1611 {
1612 	return (p->setbuff_op(p, dim));
1613 }
1614 
1615 static int
pcap_setbuff_dead(pcap_t * p,int dim)1616 pcap_setbuff_dead(pcap_t *p, int dim)
1617 {
1618 	snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1619 	    "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1620 	return (-1);
1621 }
1622 
1623 int
pcap_setmode(pcap_t * p,int mode)1624 pcap_setmode(pcap_t *p, int mode)
1625 {
1626 	return (p->setmode_op(p, mode));
1627 }
1628 
1629 static int
pcap_setmode_dead(pcap_t * p,int mode)1630 pcap_setmode_dead(pcap_t *p, int mode)
1631 {
1632 	snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1633 	    "impossible to set mode on a pcap_open_dead pcap_t");
1634 	return (-1);
1635 }
1636 
1637 int
pcap_setmintocopy(pcap_t * p,int size)1638 pcap_setmintocopy(pcap_t *p, int size)
1639 {
1640 	return (p->setmintocopy_op(p, size));
1641 }
1642 
1643 Adapter *
pcap_get_adapter(pcap_t * p)1644 pcap_get_adapter(pcap_t *p)
1645 {
1646 	return (p->getadapter_op(p));
1647 }
1648 
1649 static int
pcap_setmintocopy_dead(pcap_t * p,int size)1650 pcap_setmintocopy_dead(pcap_t *p, int size)
1651 {
1652 	snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1653 	    "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1654 	return (-1);
1655 }
1656 #endif
1657 
1658 /*
1659  * On some platforms, we need to clean up promiscuous or monitor mode
1660  * when we close a device - and we want that to happen even if the
1661  * application just exits without explicitl closing devices.
1662  * On those platforms, we need to register a "close all the pcaps"
1663  * routine to be called when we exit, and need to maintain a list of
1664  * pcaps that need to be closed to clean up modes.
1665  *
1666  * XXX - not thread-safe.
1667  */
1668 
1669 /*
1670  * List of pcaps on which we've done something that needs to be
1671  * cleaned up.
1672  * If there are any such pcaps, we arrange to call "pcap_close_all()"
1673  * when we exit, and have it close all of them.
1674  */
1675 static struct pcap *pcaps_to_close;
1676 
1677 /*
1678  * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1679  * be called on exit.
1680  */
1681 static int did_atexit;
1682 
1683 static void
pcap_close_all(void)1684 pcap_close_all(void)
1685 {
1686 	struct pcap *handle;
1687 
1688 	while ((handle = pcaps_to_close) != NULL)
1689 		pcap_close(handle);
1690 }
1691 
1692 int
pcap_do_addexit(pcap_t * p)1693 pcap_do_addexit(pcap_t *p)
1694 {
1695 	/*
1696 	 * If we haven't already done so, arrange to have
1697 	 * "pcap_close_all()" called when we exit.
1698 	 */
1699 	if (!did_atexit) {
1700 		if (atexit(pcap_close_all) == -1) {
1701 			/*
1702 			 * "atexit()" failed; let our caller know.
1703 			 */
1704 			strncpy(p->errbuf, "atexit failed",
1705 			    PCAP_ERRBUF_SIZE);
1706 			return (0);
1707 		}
1708 		did_atexit = 1;
1709 	}
1710 	return (1);
1711 }
1712 
1713 void
pcap_add_to_pcaps_to_close(pcap_t * p)1714 pcap_add_to_pcaps_to_close(pcap_t *p)
1715 {
1716 	p->next = pcaps_to_close;
1717 	pcaps_to_close = p;
1718 }
1719 
1720 void
pcap_remove_from_pcaps_to_close(pcap_t * p)1721 pcap_remove_from_pcaps_to_close(pcap_t *p)
1722 {
1723 	pcap_t *pc, *prevpc;
1724 
1725 	for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1726 	    prevpc = pc, pc = pc->next) {
1727 		if (pc == p) {
1728 			/*
1729 			 * Found it.  Remove it from the list.
1730 			 */
1731 			if (prevpc == NULL) {
1732 				/*
1733 				 * It was at the head of the list.
1734 				 */
1735 				pcaps_to_close = pc->next;
1736 			} else {
1737 				/*
1738 				 * It was in the middle of the list.
1739 				 */
1740 				prevpc->next = pc->next;
1741 			}
1742 			break;
1743 		}
1744 	}
1745 }
1746 
1747 void
pcap_cleanup_live_common(pcap_t * p)1748 pcap_cleanup_live_common(pcap_t *p)
1749 {
1750 	if (p->buffer != NULL) {
1751 		free(p->buffer);
1752 		p->buffer = NULL;
1753 	}
1754 	if (p->dlt_list != NULL) {
1755 		free(p->dlt_list);
1756 		p->dlt_list = NULL;
1757 		p->dlt_count = 0;
1758 	}
1759 	if (p->tstamp_type_list != NULL) {
1760 		free(p->tstamp_type_list);
1761 		p->tstamp_type_list = NULL;
1762 		p->tstamp_type_count = 0;
1763 	}
1764 	if (p->tstamp_precision_list != NULL) {
1765 		free(p->tstamp_precision_list);
1766 		p->tstamp_precision_list = NULL;
1767 		p->tstamp_precision_count = 0;
1768 	}
1769 	pcap_freecode(&p->fcode);
1770 #if !defined(WIN32) && !defined(MSDOS)
1771 	if (p->fd >= 0) {
1772 		close(p->fd);
1773 		p->fd = -1;
1774 	}
1775 	p->selectable_fd = -1;
1776 #endif
1777 }
1778 
1779 static void
pcap_cleanup_dead(pcap_t * p _U_)1780 pcap_cleanup_dead(pcap_t *p _U_)
1781 {
1782 	/* Nothing to do. */
1783 }
1784 
1785 pcap_t *
pcap_open_dead_with_tstamp_precision(int linktype,int snaplen,u_int precision)1786 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
1787 {
1788 	pcap_t *p;
1789 
1790 	switch (precision) {
1791 
1792 	case PCAP_TSTAMP_PRECISION_MICRO:
1793 	case PCAP_TSTAMP_PRECISION_NANO:
1794 		break;
1795 
1796 	default:
1797 		return NULL;
1798 	}
1799 	p = malloc(sizeof(*p));
1800 	if (p == NULL)
1801 		return NULL;
1802 	memset (p, 0, sizeof(*p));
1803 	p->snapshot = snaplen;
1804 	p->linktype = linktype;
1805 	p->opt.tstamp_precision = precision;
1806 	p->stats_op = pcap_stats_dead;
1807 #ifdef WIN32
1808 	p->setbuff_op = pcap_setbuff_dead;
1809 	p->setmode_op = pcap_setmode_dead;
1810 	p->setmintocopy_op = pcap_setmintocopy_dead;
1811 #endif
1812 	p->cleanup_op = pcap_cleanup_dead;
1813 	p->activated = 1;
1814 	return (p);
1815 }
1816 
1817 pcap_t *
pcap_open_dead(int linktype,int snaplen)1818 pcap_open_dead(int linktype, int snaplen)
1819 {
1820 	return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
1821 	    PCAP_TSTAMP_PRECISION_MICRO));
1822 }
1823 
1824 /*
1825  * API compatible with WinPcap's "send a packet" routine - returns -1
1826  * on error, 0 otherwise.
1827  *
1828  * XXX - what if we get a short write?
1829  */
1830 int
pcap_sendpacket(pcap_t * p,const u_char * buf,int size)1831 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
1832 {
1833 	if (p->inject_op(p, buf, size) == -1)
1834 		return (-1);
1835 	return (0);
1836 }
1837 
1838 /*
1839  * API compatible with OpenBSD's "send a packet" routine - returns -1 on
1840  * error, number of bytes written otherwise.
1841  */
1842 int
pcap_inject(pcap_t * p,const void * buf,size_t size)1843 pcap_inject(pcap_t *p, const void *buf, size_t size)
1844 {
1845 	return (p->inject_op(p, buf, size));
1846 }
1847 
1848 void
pcap_close(pcap_t * p)1849 pcap_close(pcap_t *p)
1850 {
1851 	if (p->opt.source != NULL)
1852 		free(p->opt.source);
1853 	p->cleanup_op(p);
1854 	free(p);
1855 }
1856 
1857 /*
1858  * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
1859  * data for the packet, check whether the packet passes the filter.
1860  * Returns the return value of the filter program, which will be zero if
1861  * the packet doesn't pass and non-zero if the packet does pass.
1862  */
1863 int
pcap_offline_filter(const struct bpf_program * fp,const struct pcap_pkthdr * h,const u_char * pkt)1864 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
1865     const u_char *pkt)
1866 {
1867 	const struct bpf_insn *fcode = fp->bf_insns;
1868 
1869 	if (fcode != NULL)
1870 		return (bpf_filter(fcode, pkt, h->len, h->caplen));
1871 	else
1872 		return (0);
1873 }
1874 
1875 /*
1876  * We make the version string static, and return a pointer to it, rather
1877  * than exporting the version string directly.  On at least some UNIXes,
1878  * if you import data from a shared library into an program, the data is
1879  * bound into the program binary, so if the string in the version of the
1880  * library with which the program was linked isn't the same as the
1881  * string in the version of the library with which the program is being
1882  * run, various undesirable things may happen (warnings, the string
1883  * being the one from the version of the library with which the program
1884  * was linked, or even weirder things, such as the string being the one
1885  * from the library but being truncated).
1886  */
1887 #ifdef HAVE_VERSION_H
1888 #include "version.h"
1889 #else
1890 static const char pcap_version_string[] = "libpcap version 1.x.y";
1891 #endif
1892 
1893 #ifdef WIN32
1894 /*
1895  * XXX - it'd be nice if we could somehow generate the WinPcap and libpcap
1896  * version numbers when building WinPcap.  (It'd be nice to do so for
1897  * the packet.dll version number as well.)
1898  */
1899 static const char wpcap_version_string[] = "4.0";
1900 static const char pcap_version_string_fmt[] =
1901     "WinPcap version %s, based on %s";
1902 static const char pcap_version_string_packet_dll_fmt[] =
1903     "WinPcap version %s (packet.dll version %s), based on %s";
1904 static char *full_pcap_version_string;
1905 
1906 const char *
pcap_lib_version(void)1907 pcap_lib_version(void)
1908 {
1909 	char *packet_version_string;
1910 	size_t full_pcap_version_string_len;
1911 
1912 	if (full_pcap_version_string == NULL) {
1913 		/*
1914 		 * Generate the version string.
1915 		 */
1916 		packet_version_string = PacketGetVersion();
1917 		if (strcmp(wpcap_version_string, packet_version_string) == 0) {
1918 			/*
1919 			 * WinPcap version string and packet.dll version
1920 			 * string are the same; just report the WinPcap
1921 			 * version.
1922 			 */
1923 			full_pcap_version_string_len =
1924 			    (sizeof pcap_version_string_fmt - 4) +
1925 			    strlen(wpcap_version_string) +
1926 			    strlen(pcap_version_string);
1927 			full_pcap_version_string =
1928 			    malloc(full_pcap_version_string_len);
1929 			if (full_pcap_version_string == NULL)
1930 				return (NULL);
1931 			sprintf(full_pcap_version_string,
1932 			    pcap_version_string_fmt, wpcap_version_string,
1933 			    pcap_version_string);
1934 		} else {
1935 			/*
1936 			 * WinPcap version string and packet.dll version
1937 			 * string are different; that shouldn't be the
1938 			 * case (the two libraries should come from the
1939 			 * same version of WinPcap), so we report both
1940 			 * versions.
1941 			 */
1942 			full_pcap_version_string_len =
1943 			    (sizeof pcap_version_string_packet_dll_fmt - 6) +
1944 			    strlen(wpcap_version_string) +
1945 			    strlen(packet_version_string) +
1946 			    strlen(pcap_version_string);
1947 			full_pcap_version_string = malloc(full_pcap_version_string_len);
1948 			if (full_pcap_version_string == NULL)
1949 				return (NULL);
1950 			sprintf(full_pcap_version_string,
1951 			    pcap_version_string_packet_dll_fmt,
1952 			    wpcap_version_string, packet_version_string,
1953 			    pcap_version_string);
1954 		}
1955 	}
1956 	return (full_pcap_version_string);
1957 }
1958 
1959 #elif defined(MSDOS)
1960 
1961 static char *full_pcap_version_string;
1962 
1963 const char *
pcap_lib_version(void)1964 pcap_lib_version (void)
1965 {
1966 	char *packet_version_string;
1967 	size_t full_pcap_version_string_len;
1968 	static char dospfx[] = "DOS-";
1969 
1970 	if (full_pcap_version_string == NULL) {
1971 		/*
1972 		 * Generate the version string.
1973 		 */
1974 		full_pcap_version_string_len =
1975 		    sizeof dospfx + strlen(pcap_version_string);
1976 		full_pcap_version_string =
1977 		    malloc(full_pcap_version_string_len);
1978 		if (full_pcap_version_string == NULL)
1979 			return (NULL);
1980 		strcpy(full_pcap_version_string, dospfx);
1981 		strcat(full_pcap_version_string, pcap_version_string);
1982 	}
1983 	return (full_pcap_version_string);
1984 }
1985 
1986 #else /* UN*X */
1987 
1988 const char *
pcap_lib_version(void)1989 pcap_lib_version(void)
1990 {
1991 	return (pcap_version_string);
1992 }
1993 #endif
1994