2 * Copyright (c) 1993, 1994, 1995, 1996, 1997, 1998
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the Computer Systems
16 * Engineering Group at Lawrence Berkeley Laboratory.
17 * 4. Neither the name of the University nor of the Laboratory may be used
18 * to endorse or promote products derived from this software without
19 * specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include <pcap-stdinc.h>
46 #ifdef HAVE_SYS_BITYPES_H
47 #include <sys/bitypes.h>
49 #include <sys/types.h>
56 #if !defined(_MSC_VER) && !defined(__BORLANDC__) && !defined(__MINGW32__)
62 #ifdef HAVE_OS_PROTO_H
74 #endif /* HAVE_DAG_API */
76 #ifdef HAVE_SEPTEL_API
77 #include "pcap-septel.h"
78 #endif /* HAVE_SEPTEL_API */
82 #endif /* HAVE_SNF_API */
86 #endif /* HAVE_TC_API */
88 #ifdef PCAP_SUPPORT_USB
89 #include "pcap-usb-linux.h"
92 #ifdef PCAP_SUPPORT_BT
93 #include "pcap-bt-linux.h"
96 #ifdef PCAP_SUPPORT_BT_MONITOR
97 #include "pcap-bt-monitor-linux.h"
100 #ifdef PCAP_SUPPORT_NETFILTER
101 #include "pcap-netfilter-linux.h"
104 #ifdef PCAP_SUPPORT_NETMAP
105 pcap_t* pcap_netmap_create(const char *device, char *ebuf, int *is_ours);
108 #ifdef PCAP_SUPPORT_DBUS
109 #include "pcap-dbus.h"
113 pcap_not_initialized(pcap_t *pcap)
115 /* in case the caller doesn't check for PCAP_ERROR_NOT_ACTIVATED */
116 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
117 "This handle hasn't been activated yet");
118 /* this means 'not initialized' */
119 return (PCAP_ERROR_NOT_ACTIVATED);
124 pcap_not_initialized_ptr(pcap_t *pcap)
126 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
127 "This handle hasn't been activated yet");
132 pcap_getevent_not_initialized(pcap_t *pcap)
134 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
135 "This handle hasn't been activated yet");
136 return (INVALID_HANDLE_VALUE);
140 pcap_sendqueue_transmit_not_initialized(pcap_t *pcap, pcap_send_queue* queue, int sync)
142 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
143 "This handle hasn't been activated yet");
147 static PAirpcapHandle
148 pcap_get_airpcap_handle_not_initialized(pcap_t *pcap)
150 (void)pcap_snprintf(pcap->errbuf, sizeof(pcap->errbuf),
151 "This handle hasn't been activated yet");
157 * Returns 1 if rfmon mode can be set on the pcap_t, 0 if it can't,
158 * a PCAP_ERROR value on an error.
161 pcap_can_set_rfmon(pcap_t *p)
163 return (p->can_set_rfmon_op(p));
167 * For systems where rfmon mode is never supported.
170 pcap_cant_set_rfmon(pcap_t *p _U_)
176 * Sets *tstamp_typesp to point to an array 1 or more supported time stamp
177 * types; the return value is the number of supported time stamp types.
178 * The list should be freed by a call to pcap_free_tstamp_types() when
179 * you're done with it.
181 * A return value of 0 means "you don't get a choice of time stamp type",
182 * in which case *tstamp_typesp is set to null.
184 * PCAP_ERROR is returned on error.
187 pcap_list_tstamp_types(pcap_t *p, int **tstamp_typesp)
189 if (p->tstamp_type_count == 0) {
191 * We don't support multiple time stamp types.
193 *tstamp_typesp = NULL;
195 *tstamp_typesp = (int*)calloc(sizeof(**tstamp_typesp),
196 p->tstamp_type_count);
197 if (*tstamp_typesp == NULL) {
198 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
199 "malloc: %s", pcap_strerror(errno));
202 (void)memcpy(*tstamp_typesp, p->tstamp_type_list,
203 sizeof(**tstamp_typesp) * p->tstamp_type_count);
205 return (p->tstamp_type_count);
209 * In Windows, you might have a library built with one version of the
210 * C runtime library and an application built with another version of
211 * the C runtime library, which means that the library might use one
212 * version of malloc() and free() and the application might use another
213 * version of malloc() and free(). If so, that means something
214 * allocated by the library cannot be freed by the application, so we
215 * need to have a pcap_free_tstamp_types() routine to free up the list
216 * allocated by pcap_list_tstamp_types(), even though it's just a wrapper
220 pcap_free_tstamp_types(int *tstamp_type_list)
222 free(tstamp_type_list);
226 * Default one-shot callback; overridden for capture types where the
227 * packet data cannot be guaranteed to be available after the callback
228 * returns, so that a copy must be made.
231 pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
233 struct oneshot_userdata *sp = (struct oneshot_userdata *)user;
240 pcap_next(pcap_t *p, struct pcap_pkthdr *h)
242 struct oneshot_userdata s;
248 if (pcap_dispatch(p, 1, p->oneshot_callback, (u_char *)&s) <= 0)
254 pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
255 const u_char **pkt_data)
257 struct oneshot_userdata s;
259 s.hdr = &p->pcap_header;
263 /* Saves a pointer to the packet headers */
264 *pkt_header= &p->pcap_header;
266 if (p->rfile != NULL) {
269 /* We are on an offline capture */
270 status = pcap_offline_read(p, 1, p->oneshot_callback,
274 * Return codes for pcap_offline_read() are:
278 * The first one ('0') conflicts with the return code of
279 * 0 from pcap_read() meaning "no packets arrived before
280 * the timeout expired", so we map it to -2 so you can
281 * distinguish between an EOF from a savefile and a
282 * "no packets arrived before the timeout expired, try
283 * again" from a live capture.
292 * Return codes for pcap_read() are:
295 * - -2: loop was broken out of with pcap_breakloop()
297 * The first one ('0') conflicts with the return code of 0 from
298 * pcap_offline_read() meaning "end of file".
300 return (p->read_op(p, 1, p->oneshot_callback, (u_char *)&s));
303 static struct capture_source_type {
304 int (*findalldevs_op)(pcap_if_t **, char *);
305 pcap_t *(*create_op)(const char *, char *, int *);
306 } capture_source_types[] = {
307 #ifdef PCAP_SUPPORT_NETMAP
308 { NULL, pcap_netmap_create },
311 { dag_findalldevs, dag_create },
313 #ifdef HAVE_SEPTEL_API
314 { septel_findalldevs, septel_create },
317 { snf_findalldevs, snf_create },
320 { TcFindAllDevs, TcCreate },
322 #ifdef PCAP_SUPPORT_BT
323 { bt_findalldevs, bt_create },
325 #ifdef PCAP_SUPPORT_BT_MONITOR
326 { bt_monitor_findalldevs, bt_monitor_create },
328 #ifdef PCAP_SUPPORT_USB
329 { usb_findalldevs, usb_create },
331 #ifdef PCAP_SUPPORT_NETFILTER
332 { netfilter_findalldevs, netfilter_create },
334 #ifdef PCAP_SUPPORT_DBUS
335 { dbus_findalldevs, dbus_create },
341 * Get a list of all capture sources that are up and that we can open.
342 * Returns -1 on error, 0 otherwise.
343 * The list, as returned through "alldevsp", may be null if no interfaces
344 * were up and could be opened.
347 pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
352 * Find all the local network interfaces on which we
355 if (pcap_platform_finddevs(alldevsp, errbuf) == -1)
359 * Ask each of the non-local-network-interface capture
360 * source types what interfaces they have.
362 for (i = 0; capture_source_types[i].findalldevs_op != NULL; i++) {
363 if (capture_source_types[i].findalldevs_op(alldevsp, errbuf) == -1) {
365 * We had an error; free the list we've been
368 if (*alldevsp != NULL) {
369 pcap_freealldevs(*alldevsp);
380 pcap_create(const char *device, char *errbuf)
388 * A null device name is equivalent to the "any" device -
389 * which might not be supported on this platform, but
390 * this means that you'll get a "not supported" error
391 * rather than, say, a crash when we try to dereference
395 device_str = strdup("any");
399 * If the string appears to be little-endian UCS-2/UTF-16,
400 * convert it to ASCII.
402 * XXX - to UTF-8 instead? Or report an error if any
403 * character isn't ASCII?
405 if (device[0] != '\0' && device[1] == '\0') {
408 length = wcslen((wchar_t *)device);
409 device_str = (char *)malloc(length + 1);
410 if (device_str == NULL) {
411 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
412 "malloc: %s", pcap_strerror(errno));
416 pcap_snprintf(device_str, length + 1, "%ws",
417 (const wchar_t *)device);
420 device_str = strdup(device);
422 if (device_str == NULL) {
423 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
424 "malloc: %s", pcap_strerror(errno));
429 * Try each of the non-local-network-interface capture
430 * source types until we find one that works for this
431 * device or run out of types.
433 for (i = 0; capture_source_types[i].create_op != NULL; i++) {
435 p = capture_source_types[i].create_op(device_str, errbuf,
439 * The device name refers to a device of the
440 * type in question; either it succeeded,
441 * in which case p refers to a pcap_t to
442 * later activate for the device, or it
443 * failed, in which case p is null and we
444 * should return that to report the failure
449 * We assume the caller filled in errbuf.
454 p->opt.device = device_str;
460 * OK, try it as a regular network interface.
462 p = pcap_create_interface(device_str, errbuf);
465 * We assume the caller filled in errbuf.
470 p->opt.device = device_str;
475 initialize_ops(pcap_t *p)
478 * Set operation pointers for operations that only work on
479 * an activated pcap_t to point to a routine that returns
480 * a "this isn't activated" error.
482 p->read_op = (read_op_t)pcap_not_initialized;
483 p->inject_op = (inject_op_t)pcap_not_initialized;
484 p->setfilter_op = (setfilter_op_t)pcap_not_initialized;
485 p->setdirection_op = (setdirection_op_t)pcap_not_initialized;
486 p->set_datalink_op = (set_datalink_op_t)pcap_not_initialized;
487 p->getnonblock_op = (getnonblock_op_t)pcap_not_initialized;
488 p->setnonblock_op = (setnonblock_op_t)pcap_not_initialized;
489 p->stats_op = (stats_op_t)pcap_not_initialized;
491 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
492 p->setbuff_op = (setbuff_op_t)pcap_not_initialized;
493 p->setmode_op = (setmode_op_t)pcap_not_initialized;
494 p->setmintocopy_op = (setmintocopy_op_t)pcap_not_initialized;
495 p->getevent_op = pcap_getevent_not_initialized;
496 p->oid_get_request_op = (oid_get_request_op_t)pcap_not_initialized;
497 p->oid_set_request_op = (oid_set_request_op_t)pcap_not_initialized;
498 p->sendqueue_transmit_op = pcap_sendqueue_transmit_not_initialized;
499 p->setuserbuffer_op = (setuserbuffer_op_t)pcap_not_initialized;
500 p->live_dump_op = (live_dump_op_t)pcap_not_initialized;
501 p->live_dump_ended_op = (live_dump_ended_op_t)pcap_not_initialized;
502 p->get_airpcap_handle_op = pcap_get_airpcap_handle_not_initialized;
506 * Default cleanup operation - implementations can override
507 * this, but should call pcap_cleanup_live_common() after
508 * doing their own additional cleanup.
510 p->cleanup_op = pcap_cleanup_live_common;
513 * In most cases, the standard one-shot callback can
514 * be used for pcap_next()/pcap_next_ex().
516 p->oneshot_callback = pcap_oneshot;
520 pcap_alloc_pcap_t(char *ebuf, size_t size)
526 * Allocate a chunk of memory big enough for a pcap_t
527 * plus a structure following it of size "size". The
528 * structure following it is a private data structure
529 * for the routines that handle this pcap_t.
531 chunk = malloc(sizeof (pcap_t) + size);
533 pcap_snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
534 pcap_strerror(errno));
537 memset(chunk, 0, sizeof (pcap_t) + size);
540 * Get a pointer to the pcap_t at the beginning.
545 p->fd = -1; /* not opened yet */
546 p->selectable_fd = -1;
550 /* No private data was requested. */
554 * Set the pointer to the private data; that's the structure
555 * of size "size" following the pcap_t.
557 p->priv = (void *)(chunk + sizeof (pcap_t));
564 pcap_create_common(char *ebuf, size_t size)
568 p = pcap_alloc_pcap_t(ebuf, size);
573 * Default to "can't set rfmon mode"; if it's supported by
574 * a platform, the create routine that called us can set
575 * the op to its routine to check whether a particular
576 * device supports it.
578 p->can_set_rfmon_op = pcap_cant_set_rfmon;
582 /* put in some defaults*/
583 p->snapshot = MAXIMUM_SNAPLEN; /* max packet size */
584 p->opt.timeout = 0; /* no timeout specified */
585 p->opt.buffer_size = 0; /* use the platform's default */
588 p->opt.immediate = 0;
589 p->opt.tstamp_type = -1; /* default to not setting time stamp type */
590 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
593 * Start out with no BPF code generation flags set.
595 p->bpf_codegen_flags = 0;
601 pcap_check_activated(pcap_t *p)
604 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "can't perform "
605 " operation on activated capture");
612 pcap_set_snaplen(pcap_t *p, int snaplen)
614 if (pcap_check_activated(p))
615 return (PCAP_ERROR_ACTIVATED);
618 * Turn invalid values, or excessively large values, into
619 * the maximum allowed value.
621 * If some application really *needs* a bigger snapshot
622 * length, we should just increase MAXIMUM_SNAPLEN.
624 if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN)
625 snaplen = MAXIMUM_SNAPLEN;
626 p->snapshot = snaplen;
631 pcap_set_promisc(pcap_t *p, int promisc)
633 if (pcap_check_activated(p))
634 return (PCAP_ERROR_ACTIVATED);
635 p->opt.promisc = promisc;
640 pcap_set_rfmon(pcap_t *p, int rfmon)
642 if (pcap_check_activated(p))
643 return (PCAP_ERROR_ACTIVATED);
644 p->opt.rfmon = rfmon;
649 pcap_set_timeout(pcap_t *p, int timeout_ms)
651 if (pcap_check_activated(p))
652 return (PCAP_ERROR_ACTIVATED);
653 p->opt.timeout = timeout_ms;
658 pcap_set_tstamp_type(pcap_t *p, int tstamp_type)
662 if (pcap_check_activated(p))
663 return (PCAP_ERROR_ACTIVATED);
666 * The argument should have been u_int, but that's too late
667 * to change now - it's an API.
670 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
673 * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST;
674 * the default time stamp type is PCAP_TSTAMP_HOST.
676 if (p->tstamp_type_count == 0) {
677 if (tstamp_type == PCAP_TSTAMP_HOST) {
678 p->opt.tstamp_type = tstamp_type;
683 * Check whether we claim to support this type of time stamp.
685 for (i = 0; i < p->tstamp_type_count; i++) {
686 if (p->tstamp_type_list[i] == (u_int)tstamp_type) {
690 p->opt.tstamp_type = tstamp_type;
697 * We don't support this type of time stamp.
699 return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP);
703 pcap_set_immediate_mode(pcap_t *p, int immediate)
705 if (pcap_check_activated(p))
706 return (PCAP_ERROR_ACTIVATED);
707 p->opt.immediate = immediate;
712 pcap_set_buffer_size(pcap_t *p, int buffer_size)
714 if (pcap_check_activated(p))
715 return (PCAP_ERROR_ACTIVATED);
716 if (buffer_size <= 0) {
718 * Silently ignore invalid values.
722 p->opt.buffer_size = buffer_size;
727 pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision)
731 if (pcap_check_activated(p))
732 return (PCAP_ERROR_ACTIVATED);
735 * The argument should have been u_int, but that's too late
736 * to change now - it's an API.
738 if (tstamp_precision < 0)
739 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
742 * If p->tstamp_precision_count is 0, we only support setting
743 * the time stamp precision to microsecond precision; every
744 * pcap module *MUST* support microsecond precision, even if
745 * it does so by converting the native precision to
748 if (p->tstamp_precision_count == 0) {
749 if (tstamp_precision == PCAP_TSTAMP_PRECISION_MICRO) {
750 p->opt.tstamp_precision = tstamp_precision;
755 * Check whether we claim to support this precision of
758 for (i = 0; i < p->tstamp_precision_count; i++) {
759 if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) {
763 p->opt.tstamp_precision = tstamp_precision;
770 * We don't support this time stamp precision.
772 return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP);
776 pcap_get_tstamp_precision(pcap_t *p)
778 return (p->opt.tstamp_precision);
782 pcap_activate(pcap_t *p)
787 * Catch attempts to re-activate an already-activated
788 * pcap_t; this should, for example, catch code that
789 * calls pcap_open_live() followed by pcap_activate(),
790 * as some code that showed up in a Stack Exchange
793 if (pcap_check_activated(p))
794 return (PCAP_ERROR_ACTIVATED);
795 status = p->activate_op(p);
799 if (p->errbuf[0] == '\0') {
801 * No error message supplied by the activate routine;
802 * for the benefit of programs that don't specially
803 * handle errors other than PCAP_ERROR, return the
804 * error message corresponding to the status.
806 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s",
807 pcap_statustostr(status));
811 * Undo any operation pointer setting, etc. done by
812 * the activate operation.
820 pcap_open_live(const char *device, int snaplen, int promisc, int to_ms, char *errbuf)
825 p = pcap_create(device, errbuf);
828 status = pcap_set_snaplen(p, snaplen);
831 status = pcap_set_promisc(p, promisc);
834 status = pcap_set_timeout(p, to_ms);
838 * Mark this as opened with pcap_open_live(), so that, for
839 * example, we show the full list of DLT_ values, rather
840 * than just the ones that are compatible with capturing
841 * when not in monitor mode. That allows existing applications
842 * to work the way they used to work, but allows new applications
843 * that know about the new open API to, for example, find out the
844 * DLT_ values that they can select without changing whether
845 * the adapter is in monitor mode or not.
848 status = pcap_activate(p);
853 if (status == PCAP_ERROR)
854 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
856 else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
857 status == PCAP_ERROR_PERM_DENIED ||
858 status == PCAP_ERROR_PROMISC_PERM_DENIED)
859 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", device,
860 pcap_statustostr(status), p->errbuf);
862 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device,
863 pcap_statustostr(status));
869 pcap_open_offline_common(char *ebuf, size_t size)
873 p = pcap_alloc_pcap_t(ebuf, size);
877 p->opt.tstamp_precision = PCAP_TSTAMP_PRECISION_MICRO;
883 pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
885 return (p->read_op(p, cnt, callback, user));
889 pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
894 if (p->rfile != NULL) {
896 * 0 means EOF, so don't loop if we get 0.
898 n = pcap_offline_read(p, cnt, callback, user);
901 * XXX keep reading until we get something
902 * (or an error occurs)
905 n = p->read_op(p, cnt, callback, user);
910 if (!PACKET_COUNT_IS_UNLIMITED(cnt)) {
919 * Force the loop in "pcap_read()" or "pcap_read_offline()" to terminate.
922 pcap_breakloop(pcap_t *p)
928 pcap_datalink(pcap_t *p)
931 return (PCAP_ERROR_NOT_ACTIVATED);
932 return (p->linktype);
936 pcap_datalink_ext(pcap_t *p)
939 return (PCAP_ERROR_NOT_ACTIVATED);
940 return (p->linktype_ext);
944 pcap_list_datalinks(pcap_t *p, int **dlt_buffer)
947 return (PCAP_ERROR_NOT_ACTIVATED);
948 if (p->dlt_count == 0) {
950 * We couldn't fetch the list of DLTs, which means
951 * this platform doesn't support changing the
952 * DLT for an interface. Return a list of DLTs
953 * containing only the DLT this device supports.
955 *dlt_buffer = (int*)malloc(sizeof(**dlt_buffer));
956 if (*dlt_buffer == NULL) {
957 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
958 "malloc: %s", pcap_strerror(errno));
961 **dlt_buffer = p->linktype;
964 *dlt_buffer = (int*)calloc(sizeof(**dlt_buffer), p->dlt_count);
965 if (*dlt_buffer == NULL) {
966 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
967 "malloc: %s", pcap_strerror(errno));
970 (void)memcpy(*dlt_buffer, p->dlt_list,
971 sizeof(**dlt_buffer) * p->dlt_count);
972 return (p->dlt_count);
977 * In Windows, you might have a library built with one version of the
978 * C runtime library and an application built with another version of
979 * the C runtime library, which means that the library might use one
980 * version of malloc() and free() and the application might use another
981 * version of malloc() and free(). If so, that means something
982 * allocated by the library cannot be freed by the application, so we
983 * need to have a pcap_free_datalinks() routine to free up the list
984 * allocated by pcap_list_datalinks(), even though it's just a wrapper
988 pcap_free_datalinks(int *dlt_list)
994 pcap_set_datalink(pcap_t *p, int dlt)
997 const char *dlt_name;
1002 if (p->dlt_count == 0 || p->set_datalink_op == NULL) {
1004 * We couldn't fetch the list of DLTs, or we don't
1005 * have a "set datalink" operation, which means
1006 * this platform doesn't support changing the
1007 * DLT for an interface. Check whether the new
1008 * DLT is the one this interface supports.
1010 if (p->linktype != dlt)
1014 * It is, so there's nothing we need to do here.
1018 for (i = 0; i < p->dlt_count; i++)
1019 if (p->dlt_list[i] == (u_int)dlt)
1021 if (i >= p->dlt_count)
1023 if (p->dlt_count == 2 && p->dlt_list[0] == DLT_EN10MB &&
1024 dlt == DLT_DOCSIS) {
1026 * This is presumably an Ethernet device, as the first
1027 * link-layer type it offers is DLT_EN10MB, and the only
1028 * other type it offers is DLT_DOCSIS. That means that
1029 * we can't tell the driver to supply DOCSIS link-layer
1030 * headers - we're just pretending that's what we're
1031 * getting, as, presumably, we're capturing on a dedicated
1032 * link to a Cisco Cable Modem Termination System, and
1033 * it's putting raw DOCSIS frames on the wire inside low-level
1039 if (p->set_datalink_op(p, dlt) == -1)
1045 dlt_name = pcap_datalink_val_to_name(dlt);
1046 if (dlt_name != NULL) {
1047 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1048 "%s is not one of the DLTs supported by this device",
1051 (void) pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1052 "DLT %d is not one of the DLTs supported by this device",
1059 * This array is designed for mapping upper and lower case letter
1060 * together for a case independent comparison. The mappings are
1061 * based upon ascii character sequences.
1063 static const u_char charmap[] = {
1064 (u_char)'\000', (u_char)'\001', (u_char)'\002', (u_char)'\003',
1065 (u_char)'\004', (u_char)'\005', (u_char)'\006', (u_char)'\007',
1066 (u_char)'\010', (u_char)'\011', (u_char)'\012', (u_char)'\013',
1067 (u_char)'\014', (u_char)'\015', (u_char)'\016', (u_char)'\017',
1068 (u_char)'\020', (u_char)'\021', (u_char)'\022', (u_char)'\023',
1069 (u_char)'\024', (u_char)'\025', (u_char)'\026', (u_char)'\027',
1070 (u_char)'\030', (u_char)'\031', (u_char)'\032', (u_char)'\033',
1071 (u_char)'\034', (u_char)'\035', (u_char)'\036', (u_char)'\037',
1072 (u_char)'\040', (u_char)'\041', (u_char)'\042', (u_char)'\043',
1073 (u_char)'\044', (u_char)'\045', (u_char)'\046', (u_char)'\047',
1074 (u_char)'\050', (u_char)'\051', (u_char)'\052', (u_char)'\053',
1075 (u_char)'\054', (u_char)'\055', (u_char)'\056', (u_char)'\057',
1076 (u_char)'\060', (u_char)'\061', (u_char)'\062', (u_char)'\063',
1077 (u_char)'\064', (u_char)'\065', (u_char)'\066', (u_char)'\067',
1078 (u_char)'\070', (u_char)'\071', (u_char)'\072', (u_char)'\073',
1079 (u_char)'\074', (u_char)'\075', (u_char)'\076', (u_char)'\077',
1080 (u_char)'\100', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1081 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1082 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1083 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1084 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1085 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1086 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\133',
1087 (u_char)'\134', (u_char)'\135', (u_char)'\136', (u_char)'\137',
1088 (u_char)'\140', (u_char)'\141', (u_char)'\142', (u_char)'\143',
1089 (u_char)'\144', (u_char)'\145', (u_char)'\146', (u_char)'\147',
1090 (u_char)'\150', (u_char)'\151', (u_char)'\152', (u_char)'\153',
1091 (u_char)'\154', (u_char)'\155', (u_char)'\156', (u_char)'\157',
1092 (u_char)'\160', (u_char)'\161', (u_char)'\162', (u_char)'\163',
1093 (u_char)'\164', (u_char)'\165', (u_char)'\166', (u_char)'\167',
1094 (u_char)'\170', (u_char)'\171', (u_char)'\172', (u_char)'\173',
1095 (u_char)'\174', (u_char)'\175', (u_char)'\176', (u_char)'\177',
1096 (u_char)'\200', (u_char)'\201', (u_char)'\202', (u_char)'\203',
1097 (u_char)'\204', (u_char)'\205', (u_char)'\206', (u_char)'\207',
1098 (u_char)'\210', (u_char)'\211', (u_char)'\212', (u_char)'\213',
1099 (u_char)'\214', (u_char)'\215', (u_char)'\216', (u_char)'\217',
1100 (u_char)'\220', (u_char)'\221', (u_char)'\222', (u_char)'\223',
1101 (u_char)'\224', (u_char)'\225', (u_char)'\226', (u_char)'\227',
1102 (u_char)'\230', (u_char)'\231', (u_char)'\232', (u_char)'\233',
1103 (u_char)'\234', (u_char)'\235', (u_char)'\236', (u_char)'\237',
1104 (u_char)'\240', (u_char)'\241', (u_char)'\242', (u_char)'\243',
1105 (u_char)'\244', (u_char)'\245', (u_char)'\246', (u_char)'\247',
1106 (u_char)'\250', (u_char)'\251', (u_char)'\252', (u_char)'\253',
1107 (u_char)'\254', (u_char)'\255', (u_char)'\256', (u_char)'\257',
1108 (u_char)'\260', (u_char)'\261', (u_char)'\262', (u_char)'\263',
1109 (u_char)'\264', (u_char)'\265', (u_char)'\266', (u_char)'\267',
1110 (u_char)'\270', (u_char)'\271', (u_char)'\272', (u_char)'\273',
1111 (u_char)'\274', (u_char)'\275', (u_char)'\276', (u_char)'\277',
1112 (u_char)'\300', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1113 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1114 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1115 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1116 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1117 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1118 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\333',
1119 (u_char)'\334', (u_char)'\335', (u_char)'\336', (u_char)'\337',
1120 (u_char)'\340', (u_char)'\341', (u_char)'\342', (u_char)'\343',
1121 (u_char)'\344', (u_char)'\345', (u_char)'\346', (u_char)'\347',
1122 (u_char)'\350', (u_char)'\351', (u_char)'\352', (u_char)'\353',
1123 (u_char)'\354', (u_char)'\355', (u_char)'\356', (u_char)'\357',
1124 (u_char)'\360', (u_char)'\361', (u_char)'\362', (u_char)'\363',
1125 (u_char)'\364', (u_char)'\365', (u_char)'\366', (u_char)'\367',
1126 (u_char)'\370', (u_char)'\371', (u_char)'\372', (u_char)'\373',
1127 (u_char)'\374', (u_char)'\375', (u_char)'\376', (u_char)'\377',
1131 pcap_strcasecmp(const char *s1, const char *s2)
1133 register const u_char *cm = charmap,
1134 *us1 = (const u_char *)s1,
1135 *us2 = (const u_char *)s2;
1137 while (cm[*us1] == cm[*us2++])
1140 return (cm[*us1] - cm[*--us2]);
1145 const char *description;
1149 #define DLT_CHOICE(code, description) { #code, description, DLT_ ## code }
1150 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
1152 static struct dlt_choice dlt_choices[] = {
1153 DLT_CHOICE(NULL, "BSD loopback"),
1154 DLT_CHOICE(EN10MB, "Ethernet"),
1155 DLT_CHOICE(IEEE802, "Token ring"),
1156 DLT_CHOICE(ARCNET, "BSD ARCNET"),
1157 DLT_CHOICE(SLIP, "SLIP"),
1158 DLT_CHOICE(PPP, "PPP"),
1159 DLT_CHOICE(FDDI, "FDDI"),
1160 DLT_CHOICE(ATM_RFC1483, "RFC 1483 LLC-encapsulated ATM"),
1161 DLT_CHOICE(RAW, "Raw IP"),
1162 DLT_CHOICE(SLIP_BSDOS, "BSD/OS SLIP"),
1163 DLT_CHOICE(PPP_BSDOS, "BSD/OS PPP"),
1164 DLT_CHOICE(ATM_CLIP, "Linux Classical IP-over-ATM"),
1165 DLT_CHOICE(PPP_SERIAL, "PPP over serial"),
1166 DLT_CHOICE(PPP_ETHER, "PPPoE"),
1167 DLT_CHOICE(SYMANTEC_FIREWALL, "Symantec Firewall"),
1168 DLT_CHOICE(C_HDLC, "Cisco HDLC"),
1169 DLT_CHOICE(IEEE802_11, "802.11"),
1170 DLT_CHOICE(FRELAY, "Frame Relay"),
1171 DLT_CHOICE(LOOP, "OpenBSD loopback"),
1172 DLT_CHOICE(ENC, "OpenBSD encapsulated IP"),
1173 DLT_CHOICE(LINUX_SLL, "Linux cooked"),
1174 DLT_CHOICE(LTALK, "Localtalk"),
1175 DLT_CHOICE(PFLOG, "OpenBSD pflog file"),
1176 DLT_CHOICE(PFSYNC, "Packet filter state syncing"),
1177 DLT_CHOICE(PRISM_HEADER, "802.11 plus Prism header"),
1178 DLT_CHOICE(IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
1179 DLT_CHOICE(SUNATM, "Sun raw ATM"),
1180 DLT_CHOICE(IEEE802_11_RADIO, "802.11 plus radiotap header"),
1181 DLT_CHOICE(ARCNET_LINUX, "Linux ARCNET"),
1182 DLT_CHOICE(JUNIPER_MLPPP, "Juniper Multi-Link PPP"),
1183 DLT_CHOICE(JUNIPER_MLFR, "Juniper Multi-Link Frame Relay"),
1184 DLT_CHOICE(JUNIPER_ES, "Juniper Encryption Services PIC"),
1185 DLT_CHOICE(JUNIPER_GGSN, "Juniper GGSN PIC"),
1186 DLT_CHOICE(JUNIPER_MFR, "Juniper FRF.16 Frame Relay"),
1187 DLT_CHOICE(JUNIPER_ATM2, "Juniper ATM2 PIC"),
1188 DLT_CHOICE(JUNIPER_SERVICES, "Juniper Advanced Services PIC"),
1189 DLT_CHOICE(JUNIPER_ATM1, "Juniper ATM1 PIC"),
1190 DLT_CHOICE(APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
1191 DLT_CHOICE(MTP2_WITH_PHDR, "SS7 MTP2 with Pseudo-header"),
1192 DLT_CHOICE(MTP2, "SS7 MTP2"),
1193 DLT_CHOICE(MTP3, "SS7 MTP3"),
1194 DLT_CHOICE(SCCP, "SS7 SCCP"),
1195 DLT_CHOICE(DOCSIS, "DOCSIS"),
1196 DLT_CHOICE(LINUX_IRDA, "Linux IrDA"),
1197 DLT_CHOICE(IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
1198 DLT_CHOICE(JUNIPER_MONITOR, "Juniper Passive Monitor PIC"),
1199 DLT_CHOICE(BACNET_MS_TP, "BACnet MS/TP"),
1200 DLT_CHOICE(PPP_PPPD, "PPP for pppd, with direction flag"),
1201 DLT_CHOICE(JUNIPER_PPPOE, "Juniper PPPoE"),
1202 DLT_CHOICE(JUNIPER_PPPOE_ATM, "Juniper PPPoE/ATM"),
1203 DLT_CHOICE(GPRS_LLC, "GPRS LLC"),
1204 DLT_CHOICE(GPF_T, "GPF-T"),
1205 DLT_CHOICE(GPF_F, "GPF-F"),
1206 DLT_CHOICE(JUNIPER_PIC_PEER, "Juniper PIC Peer"),
1207 DLT_CHOICE(ERF_ETH, "Ethernet with Endace ERF header"),
1208 DLT_CHOICE(ERF_POS, "Packet-over-SONET with Endace ERF header"),
1209 DLT_CHOICE(LINUX_LAPD, "Linux vISDN LAPD"),
1210 DLT_CHOICE(JUNIPER_ETHER, "Juniper Ethernet"),
1211 DLT_CHOICE(JUNIPER_PPP, "Juniper PPP"),
1212 DLT_CHOICE(JUNIPER_FRELAY, "Juniper Frame Relay"),
1213 DLT_CHOICE(JUNIPER_CHDLC, "Juniper C-HDLC"),
1214 DLT_CHOICE(MFR, "FRF.16 Frame Relay"),
1215 DLT_CHOICE(JUNIPER_VP, "Juniper Voice PIC"),
1216 DLT_CHOICE(A429, "Arinc 429"),
1217 DLT_CHOICE(A653_ICM, "Arinc 653 Interpartition Communication"),
1218 DLT_CHOICE(USB_FREEBSD, "USB with FreeBSD header"),
1219 DLT_CHOICE(BLUETOOTH_HCI_H4, "Bluetooth HCI UART transport layer"),
1220 DLT_CHOICE(IEEE802_16_MAC_CPS, "IEEE 802.16 MAC Common Part Sublayer"),
1221 DLT_CHOICE(USB_LINUX, "USB with Linux header"),
1222 DLT_CHOICE(CAN20B, "Controller Area Network (CAN) v. 2.0B"),
1223 DLT_CHOICE(IEEE802_15_4_LINUX, "IEEE 802.15.4 with Linux padding"),
1224 DLT_CHOICE(PPI, "Per-Packet Information"),
1225 DLT_CHOICE(IEEE802_16_MAC_CPS_RADIO, "IEEE 802.16 MAC Common Part Sublayer plus radiotap header"),
1226 DLT_CHOICE(JUNIPER_ISM, "Juniper Integrated Service Module"),
1227 DLT_CHOICE(IEEE802_15_4, "IEEE 802.15.4 with FCS"),
1228 DLT_CHOICE(SITA, "SITA pseudo-header"),
1229 DLT_CHOICE(ERF, "Endace ERF header"),
1230 DLT_CHOICE(RAIF1, "Ethernet with u10 Networks pseudo-header"),
1231 DLT_CHOICE(IPMB, "IPMB"),
1232 DLT_CHOICE(JUNIPER_ST, "Juniper Secure Tunnel"),
1233 DLT_CHOICE(BLUETOOTH_HCI_H4_WITH_PHDR, "Bluetooth HCI UART transport layer plus pseudo-header"),
1234 DLT_CHOICE(AX25_KISS, "AX.25 with KISS header"),
1235 DLT_CHOICE(IEEE802_15_4_NONASK_PHY, "IEEE 802.15.4 with non-ASK PHY data"),
1236 DLT_CHOICE(MPLS, "MPLS with label as link-layer header"),
1237 DLT_CHOICE(LINUX_EVDEV, "Linux evdev events"),
1238 DLT_CHOICE(USB_LINUX_MMAPPED, "USB with padded Linux header"),
1239 DLT_CHOICE(DECT, "DECT"),
1240 DLT_CHOICE(AOS, "AOS Space Data Link protocol"),
1241 DLT_CHOICE(WIHART, "Wireless HART"),
1242 DLT_CHOICE(FC_2, "Fibre Channel FC-2"),
1243 DLT_CHOICE(FC_2_WITH_FRAME_DELIMS, "Fibre Channel FC-2 with frame delimiters"),
1244 DLT_CHOICE(IPNET, "Solaris ipnet"),
1245 DLT_CHOICE(CAN_SOCKETCAN, "CAN-bus with SocketCAN headers"),
1246 DLT_CHOICE(IPV4, "Raw IPv4"),
1247 DLT_CHOICE(IPV6, "Raw IPv6"),
1248 DLT_CHOICE(IEEE802_15_4_NOFCS, "IEEE 802.15.4 without FCS"),
1249 DLT_CHOICE(DBUS, "D-Bus"),
1250 DLT_CHOICE(JUNIPER_VS, "Juniper Virtual Server"),
1251 DLT_CHOICE(JUNIPER_SRX_E2E, "Juniper SRX E2E"),
1252 DLT_CHOICE(JUNIPER_FIBRECHANNEL, "Juniper Fibre Channel"),
1253 DLT_CHOICE(DVB_CI, "DVB-CI"),
1254 DLT_CHOICE(MUX27010, "MUX27010"),
1255 DLT_CHOICE(STANAG_5066_D_PDU, "STANAG 5066 D_PDUs"),
1256 DLT_CHOICE(JUNIPER_ATM_CEMIC, "Juniper ATM CEMIC"),
1257 DLT_CHOICE(NFLOG, "Linux netfilter log messages"),
1258 DLT_CHOICE(NETANALYZER, "Ethernet with Hilscher netANALYZER pseudo-header"),
1259 DLT_CHOICE(NETANALYZER_TRANSPARENT, "Ethernet with Hilscher netANALYZER pseudo-header and with preamble and SFD"),
1260 DLT_CHOICE(IPOIB, "RFC 4391 IP-over-Infiniband"),
1261 DLT_CHOICE(MPEG_2_TS, "MPEG-2 transport stream"),
1262 DLT_CHOICE(NG40, "ng40 protocol tester Iub/Iur"),
1263 DLT_CHOICE(NFC_LLCP, "NFC LLCP PDUs with pseudo-header"),
1264 DLT_CHOICE(INFINIBAND, "InfiniBand"),
1265 DLT_CHOICE(SCTP, "SCTP"),
1266 DLT_CHOICE(USBPCAP, "USB with USBPcap header"),
1267 DLT_CHOICE(RTAC_SERIAL, "Schweitzer Engineering Laboratories RTAC packets"),
1268 DLT_CHOICE(BLUETOOTH_LE_LL, "Bluetooth Low Energy air interface"),
1269 DLT_CHOICE(NETLINK, "Linux netlink"),
1270 DLT_CHOICE(BLUETOOTH_LINUX_MONITOR, "Bluetooth Linux Monitor"),
1271 DLT_CHOICE(BLUETOOTH_BREDR_BB, "Bluetooth Basic Rate/Enhanced Data Rate baseband packets"),
1272 DLT_CHOICE(BLUETOOTH_LE_LL_WITH_PHDR, "Bluetooth Low Energy air interface with pseudo-header"),
1273 DLT_CHOICE(PROFIBUS_DL, "PROFIBUS data link layer"),
1274 DLT_CHOICE(PKTAP, "Apple DLT_PKTAP"),
1275 DLT_CHOICE(EPON, "Ethernet with 802.3 Clause 65 EPON preamble"),
1276 DLT_CHOICE(IPMI_HPM_2, "IPMI trace packets"),
1277 DLT_CHOICE(ZWAVE_R1_R2, "Z-Wave RF profile R1 and R2 packets"),
1278 DLT_CHOICE(ZWAVE_R3, "Z-Wave RF profile R3 packets"),
1279 DLT_CHOICE(WATTSTOPPER_DLM, "WattStopper Digital Lighting Management (DLM) and Legrand Nitoo Open protocol"),
1280 DLT_CHOICE(ISO_14443, "ISO 14443 messages"),
1281 DLT_CHOICE(RDS, "IEC 62106 Radio Data System groups"),
1286 pcap_datalink_name_to_val(const char *name)
1290 for (i = 0; dlt_choices[i].name != NULL; i++) {
1291 if (pcap_strcasecmp(dlt_choices[i].name, name) == 0)
1292 return (dlt_choices[i].dlt);
1298 pcap_datalink_val_to_name(int dlt)
1302 for (i = 0; dlt_choices[i].name != NULL; i++) {
1303 if (dlt_choices[i].dlt == dlt)
1304 return (dlt_choices[i].name);
1310 pcap_datalink_val_to_description(int dlt)
1314 for (i = 0; dlt_choices[i].name != NULL; i++) {
1315 if (dlt_choices[i].dlt == dlt)
1316 return (dlt_choices[i].description);
1321 struct tstamp_type_choice {
1323 const char *description;
1327 static struct tstamp_type_choice tstamp_type_choices[] = {
1328 { "host", "Host", PCAP_TSTAMP_HOST },
1329 { "host_lowprec", "Host, low precision", PCAP_TSTAMP_HOST_LOWPREC },
1330 { "host_hiprec", "Host, high precision", PCAP_TSTAMP_HOST_HIPREC },
1331 { "adapter", "Adapter", PCAP_TSTAMP_ADAPTER },
1332 { "adapter_unsynced", "Adapter, not synced with system time", PCAP_TSTAMP_ADAPTER_UNSYNCED },
1337 pcap_tstamp_type_name_to_val(const char *name)
1341 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1342 if (pcap_strcasecmp(tstamp_type_choices[i].name, name) == 0)
1343 return (tstamp_type_choices[i].type);
1345 return (PCAP_ERROR);
1349 pcap_tstamp_type_val_to_name(int tstamp_type)
1353 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1354 if (tstamp_type_choices[i].type == tstamp_type)
1355 return (tstamp_type_choices[i].name);
1361 pcap_tstamp_type_val_to_description(int tstamp_type)
1365 for (i = 0; tstamp_type_choices[i].name != NULL; i++) {
1366 if (tstamp_type_choices[i].type == tstamp_type)
1367 return (tstamp_type_choices[i].description);
1373 pcap_snapshot(pcap_t *p)
1376 return (PCAP_ERROR_NOT_ACTIVATED);
1377 return (p->snapshot);
1381 pcap_is_swapped(pcap_t *p)
1384 return (PCAP_ERROR_NOT_ACTIVATED);
1385 return (p->swapped);
1389 pcap_major_version(pcap_t *p)
1392 return (PCAP_ERROR_NOT_ACTIVATED);
1393 return (p->version_major);
1397 pcap_minor_version(pcap_t *p)
1400 return (PCAP_ERROR_NOT_ACTIVATED);
1401 return (p->version_minor);
1405 pcap_file(pcap_t *p)
1411 pcap_fileno(pcap_t *p)
1416 if (p->adapter != NULL)
1417 return ((int)(DWORD)p->adapter->hFile);
1419 return (PCAP_ERROR);
1423 #if !defined(_WIN32) && !defined(MSDOS)
1425 pcap_get_selectable_fd(pcap_t *p)
1427 return (p->selectable_fd);
1432 pcap_perror(pcap_t *p, const char *prefix)
1434 fprintf(stderr, "%s: %s\n", prefix, p->errbuf);
1438 pcap_geterr(pcap_t *p)
1444 pcap_getnonblock(pcap_t *p, char *errbuf)
1448 ret = p->getnonblock_op(p, errbuf);
1451 * In case somebody depended on the bug wherein
1452 * the error message was put into p->errbuf
1453 * by pcap_getnonblock_fd().
1455 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1461 * Get the current non-blocking mode setting, under the assumption that
1462 * it's just the standard POSIX non-blocking flag.
1464 #if !defined(_WIN32) && !defined(MSDOS)
1466 pcap_getnonblock_fd(pcap_t *p, char *errbuf)
1470 fdflags = fcntl(p->fd, F_GETFL, 0);
1471 if (fdflags == -1) {
1472 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1473 pcap_strerror(errno));
1476 if (fdflags & O_NONBLOCK)
1484 pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf)
1488 ret = p->setnonblock_op(p, nonblock, errbuf);
1491 * In case somebody depended on the bug wherein
1492 * the error message was put into p->errbuf
1493 * by pcap_setnonblock_fd().
1495 strlcpy(p->errbuf, errbuf, PCAP_ERRBUF_SIZE);
1500 #if !defined(_WIN32) && !defined(MSDOS)
1502 * Set non-blocking mode, under the assumption that it's just the
1503 * standard POSIX non-blocking flag. (This can be called by the
1504 * per-platform non-blocking-mode routine if that routine also
1505 * needs to do some additional work.)
1508 pcap_setnonblock_fd(pcap_t *p, int nonblock, char *errbuf)
1512 fdflags = fcntl(p->fd, F_GETFL, 0);
1513 if (fdflags == -1) {
1514 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_GETFL: %s",
1515 pcap_strerror(errno));
1519 fdflags |= O_NONBLOCK;
1521 fdflags &= ~O_NONBLOCK;
1522 if (fcntl(p->fd, F_SETFL, fdflags) == -1) {
1523 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "F_SETFL: %s",
1524 pcap_strerror(errno));
1533 * Generate a string for a Win32-specific error (i.e. an error generated when
1534 * calling a Win32 API).
1535 * For errors occurred during standard C calls, we still use pcap_strerror()
1538 pcap_win32_err_to_str(DWORD error, char *errbuf)
1543 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error, 0, errbuf,
1544 PCAP_ERRBUF_SIZE, NULL);
1547 * "FormatMessage()" "helpfully" sticks CR/LF at the end of the
1548 * message. Get rid of it.
1550 errlen = strlen(errbuf);
1552 errbuf[errlen - 1] = '\0';
1553 errbuf[errlen - 2] = '\0';
1555 p = strchr(errbuf, '\0');
1556 pcap_snprintf (p, PCAP_ERRBUF_SIZE+1-(p-errbuf), " (%lu)", error);
1561 * Generate error strings for PCAP_ERROR_ and PCAP_WARNING_ values.
1564 pcap_statustostr(int errnum)
1566 static char ebuf[15+10+1];
1571 return("Generic warning");
1573 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1574 return ("That type of time stamp is not supported by that device");
1576 case PCAP_WARNING_PROMISC_NOTSUP:
1577 return ("That device doesn't support promiscuous mode");
1580 return("Generic error");
1582 case PCAP_ERROR_BREAK:
1583 return("Loop terminated by pcap_breakloop");
1585 case PCAP_ERROR_NOT_ACTIVATED:
1586 return("The pcap_t has not been activated");
1588 case PCAP_ERROR_ACTIVATED:
1589 return ("The setting can't be changed after the pcap_t is activated");
1591 case PCAP_ERROR_NO_SUCH_DEVICE:
1592 return ("No such device exists");
1594 case PCAP_ERROR_RFMON_NOTSUP:
1595 return ("That device doesn't support monitor mode");
1597 case PCAP_ERROR_NOT_RFMON:
1598 return ("That operation is supported only in monitor mode");
1600 case PCAP_ERROR_PERM_DENIED:
1601 return ("You don't have permission to capture on that device");
1603 case PCAP_ERROR_IFACE_NOT_UP:
1604 return ("That device is not up");
1606 case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
1607 return ("That device doesn't support setting the time stamp type");
1609 case PCAP_ERROR_PROMISC_PERM_DENIED:
1610 return ("You don't have permission to capture in promiscuous mode on that device");
1612 case PCAP_ERROR_TSTAMP_PRECISION_NOTSUP:
1613 return ("That device doesn't support that time stamp precision");
1615 (void)pcap_snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
1620 * Not all systems have strerror().
1623 pcap_strerror(int errnum)
1625 #ifdef HAVE_STRERROR
1627 static char errbuf[PCAP_ERRBUF_SIZE];
1629 errno = strerror_s(errbuf, PCAP_ERRBUF_SIZE, errnum);
1630 if (errno != 0) /* errno = 0 if successful */
1631 strlcpy(errbuf, "strerror_s() error", PCAP_ERRBUF_SIZE);
1634 return (strerror(errnum));
1637 extern int sys_nerr;
1638 extern const char *const sys_errlist[];
1639 static char errbuf[PCAP_ERRBUF_SIZE];
1641 if ((unsigned int)errnum < sys_nerr)
1642 return ((char *)sys_errlist[errnum]);
1643 (void)pcap_snprintf(errbuf, sizeof errbuf, "Unknown error: %d", errnum);
1649 pcap_setfilter(pcap_t *p, struct bpf_program *fp)
1651 return (p->setfilter_op(p, fp));
1655 * Set direction flag, which controls whether we accept only incoming
1656 * packets, only outgoing packets, or both.
1657 * Note that, depending on the platform, some or all direction arguments
1658 * might not be supported.
1661 pcap_setdirection(pcap_t *p, pcap_direction_t d)
1663 if (p->setdirection_op == NULL) {
1664 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1665 "Setting direction is not implemented on this platform");
1668 return (p->setdirection_op(p, d));
1672 pcap_stats(pcap_t *p, struct pcap_stat *ps)
1674 return (p->stats_op(p, ps));
1678 pcap_stats_dead(pcap_t *p, struct pcap_stat *ps _U_)
1680 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1681 "Statistics aren't available from a pcap_open_dead pcap_t");
1687 pcap_stats_ex(pcap_t *p, int *pcap_stat_size)
1689 return (p->stats_ex_op(p, pcap_stat_size));
1693 pcap_setbuff(pcap_t *p, int dim)
1695 return (p->setbuff_op(p, dim));
1699 pcap_setbuff_dead(pcap_t *p, int dim)
1701 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1702 "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
1707 pcap_setmode(pcap_t *p, int mode)
1709 return (p->setmode_op(p, mode));
1713 pcap_setmode_dead(pcap_t *p, int mode)
1715 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1716 "impossible to set mode on a pcap_open_dead pcap_t");
1721 pcap_setmintocopy(pcap_t *p, int size)
1723 return (p->setmintocopy_op(p, size));
1727 pcap_setmintocopy_dead(pcap_t *p, int size)
1729 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1730 "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
1735 pcap_getevent(pcap_t *p)
1737 return (p->getevent_op(p));
1741 pcap_getevent_dead(pcap_t *p)
1743 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1744 "A pcap_open_dead pcap_t has no event handle");
1745 return (INVALID_HANDLE_VALUE);
1749 pcap_oid_get_request(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
1751 return (p->oid_get_request_op(p, oid, data, lenp));
1755 pcap_oid_get_request_dead(pcap_t *p, bpf_u_int32 oid _U_, void *data _U_,
1758 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1759 "An OID get request cannot be performed on a pcap_open_dead pcap_t");
1760 return (PCAP_ERROR);
1764 pcap_oid_set_request(pcap_t *p, bpf_u_int32 oid, const void *data, size_t *lenp)
1766 return (p->oid_set_request_op(p, oid, data, lenp));
1770 pcap_oid_set_request_dead(pcap_t *p, bpf_u_int32 oid _U_, const void *data _U_,
1773 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1774 "An OID set request cannot be performed on a pcap_open_dead pcap_t");
1775 return (PCAP_ERROR);
1779 pcap_sendqueue_alloc(u_int memsize)
1781 pcap_send_queue *tqueue;
1783 /* Allocate the queue */
1784 tqueue = (pcap_send_queue *)malloc(sizeof(pcap_send_queue));
1785 if (tqueue == NULL){
1789 /* Allocate the buffer */
1790 tqueue->buffer = (char *)malloc(memsize);
1791 if (tqueue->buffer == NULL) {
1796 tqueue->maxlen = memsize;
1803 pcap_sendqueue_destroy(pcap_send_queue *queue)
1805 free(queue->buffer);
1810 pcap_sendqueue_queue(pcap_send_queue *queue, const struct pcap_pkthdr *pkt_header, const u_char *pkt_data)
1812 if (queue->len + sizeof(struct pcap_pkthdr) + pkt_header->caplen > queue->maxlen){
1816 /* Copy the pcap_pkthdr header*/
1817 memcpy(queue->buffer + queue->len, pkt_header, sizeof(struct pcap_pkthdr));
1818 queue->len += sizeof(struct pcap_pkthdr);
1820 /* copy the packet */
1821 memcpy(queue->buffer + queue->len, pkt_data, pkt_header->caplen);
1822 queue->len += pkt_header->caplen;
1828 pcap_sendqueue_transmit(pcap_t *p, pcap_send_queue *queue, int sync)
1830 return (p->sendqueue_transmit_op(p, queue, sync));
1834 pcap_sendqueue_transmit_dead(pcap_t *p, pcap_send_queue *queue, int sync)
1836 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1837 "Packets cannot be transmitted on a pcap_open_dead pcap_t");
1842 pcap_setuserbuffer(pcap_t *p, int size)
1844 return (p->setuserbuffer_op(p, size));
1848 pcap_setuserbuffer_dead(pcap_t *p, int size)
1850 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1851 "The user buffer cannot be set on a pcap_open_dead pcap_t");
1856 pcap_live_dump(pcap_t *p, char *filename, int maxsize, int maxpacks)
1858 return (p->live_dump_op(p, filename, maxsize, maxpacks));
1862 pcap_live_dump_dead(pcap_t *p, char *filename, int maxsize, int maxpacks)
1864 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1865 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
1870 pcap_live_dump_ended(pcap_t *p, int sync)
1872 return (p->live_dump_ended_op(p, sync));
1876 pcap_live_dump_ended_dead(pcap_t *p, int sync)
1878 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1879 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
1884 pcap_get_airpcap_handle(pcap_t *p)
1886 PAirpcapHandle handle;
1888 handle = p->get_airpcap_handle_op(p);
1889 if (handle == NULL) {
1890 (void)pcap_snprintf(p->errbuf, sizeof(p->errbuf),
1891 "This isn't an AirPcap device");
1896 static PAirpcapHandle
1897 pcap_get_airpcap_handle_dead(pcap_t *p)
1904 * On some platforms, we need to clean up promiscuous or monitor mode
1905 * when we close a device - and we want that to happen even if the
1906 * application just exits without explicitl closing devices.
1907 * On those platforms, we need to register a "close all the pcaps"
1908 * routine to be called when we exit, and need to maintain a list of
1909 * pcaps that need to be closed to clean up modes.
1911 * XXX - not thread-safe.
1915 * List of pcaps on which we've done something that needs to be
1917 * If there are any such pcaps, we arrange to call "pcap_close_all()"
1918 * when we exit, and have it close all of them.
1920 static struct pcap *pcaps_to_close;
1923 * TRUE if we've already called "atexit()" to cause "pcap_close_all()" to
1924 * be called on exit.
1926 static int did_atexit;
1929 pcap_close_all(void)
1931 struct pcap *handle;
1933 while ((handle = pcaps_to_close) != NULL)
1938 pcap_do_addexit(pcap_t *p)
1941 * If we haven't already done so, arrange to have
1942 * "pcap_close_all()" called when we exit.
1945 if (atexit(pcap_close_all) != 0) {
1947 * "atexit()" failed; let our caller know.
1949 strlcpy(p->errbuf, "atexit failed", PCAP_ERRBUF_SIZE);
1958 pcap_add_to_pcaps_to_close(pcap_t *p)
1960 p->next = pcaps_to_close;
1965 pcap_remove_from_pcaps_to_close(pcap_t *p)
1967 pcap_t *pc, *prevpc;
1969 for (pc = pcaps_to_close, prevpc = NULL; pc != NULL;
1970 prevpc = pc, pc = pc->next) {
1973 * Found it. Remove it from the list.
1975 if (prevpc == NULL) {
1977 * It was at the head of the list.
1979 pcaps_to_close = pc->next;
1982 * It was in the middle of the list.
1984 prevpc->next = pc->next;
1992 pcap_cleanup_live_common(pcap_t *p)
1994 if (p->buffer != NULL) {
1998 if (p->dlt_list != NULL) {
2003 if (p->tstamp_type_list != NULL) {
2004 free(p->tstamp_type_list);
2005 p->tstamp_type_list = NULL;
2006 p->tstamp_type_count = 0;
2008 if (p->tstamp_precision_list != NULL) {
2009 free(p->tstamp_precision_list);
2010 p->tstamp_precision_list = NULL;
2011 p->tstamp_precision_count = 0;
2013 pcap_freecode(&p->fcode);
2014 #if !defined(_WIN32) && !defined(MSDOS)
2019 p->selectable_fd = -1;
2024 pcap_cleanup_dead(pcap_t *p _U_)
2026 /* Nothing to do. */
2030 pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision)
2034 switch (precision) {
2036 case PCAP_TSTAMP_PRECISION_MICRO:
2037 case PCAP_TSTAMP_PRECISION_NANO:
2043 p = malloc(sizeof(*p));
2046 memset (p, 0, sizeof(*p));
2047 p->snapshot = snaplen;
2048 p->linktype = linktype;
2049 p->opt.tstamp_precision = precision;
2050 p->stats_op = pcap_stats_dead;
2052 p->stats_ex_op = (stats_ex_op_t)pcap_not_initialized_ptr;
2053 p->setbuff_op = pcap_setbuff_dead;
2054 p->setmode_op = pcap_setmode_dead;
2055 p->setmintocopy_op = pcap_setmintocopy_dead;
2056 p->getevent_op = pcap_getevent_dead;
2057 p->oid_get_request_op = pcap_oid_get_request_dead;
2058 p->oid_set_request_op = pcap_oid_set_request_dead;
2059 p->sendqueue_transmit_op = pcap_sendqueue_transmit_dead;
2060 p->setuserbuffer_op = pcap_setuserbuffer_dead;
2061 p->live_dump_op = pcap_live_dump_dead;
2062 p->live_dump_ended_op = pcap_live_dump_ended_dead;
2063 p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
2065 p->cleanup_op = pcap_cleanup_dead;
2068 * A "dead" pcap_t never requires special BPF code generation.
2070 p->bpf_codegen_flags = 0;
2077 pcap_open_dead(int linktype, int snaplen)
2079 return (pcap_open_dead_with_tstamp_precision(linktype, snaplen,
2080 PCAP_TSTAMP_PRECISION_MICRO));
2084 * API compatible with WinPcap's "send a packet" routine - returns -1
2085 * on error, 0 otherwise.
2087 * XXX - what if we get a short write?
2090 pcap_sendpacket(pcap_t *p, const u_char *buf, int size)
2092 if (p->inject_op(p, buf, size) == -1)
2098 * API compatible with OpenBSD's "send a packet" routine - returns -1 on
2099 * error, number of bytes written otherwise.
2102 pcap_inject(pcap_t *p, const void *buf, size_t size)
2104 return (p->inject_op(p, buf, size));
2108 pcap_close(pcap_t *p)
2110 if (p->opt.device != NULL)
2111 free(p->opt.device);
2117 * Given a BPF program, a pcap_pkthdr structure for a packet, and the raw
2118 * data for the packet, check whether the packet passes the filter.
2119 * Returns the return value of the filter program, which will be zero if
2120 * the packet doesn't pass and non-zero if the packet does pass.
2123 pcap_offline_filter(const struct bpf_program *fp, const struct pcap_pkthdr *h,
2126 const struct bpf_insn *fcode = fp->bf_insns;
2129 return (bpf_filter(fcode, pkt, h->len, h->caplen));
2134 #include "pcap_version.h"
2138 static char *full_pcap_version_string;
2140 #ifdef HAVE_VERSION_H
2142 * libpcap being built for Windows, as part of a WinPcap/Npcap source
2143 * tree. Include version.h from that source tree to get the WinPcap/Npcap
2146 * XXX - it'd be nice if we could somehow generate the WinPcap version number
2147 * when building WinPcap. (It'd be nice to do so for the packet.dll version
2150 #include "../../version.h"
2152 static const char wpcap_version_string[] = WINPCAP_VER_STRING;
2153 static const char pcap_version_string_fmt[] =
2154 WINPCAP_PRODUCT_NAME " version %s, based on %s";
2155 static const char pcap_version_string_packet_dll_fmt[] =
2156 WINPCAP_PRODUCT_NAME " version %s (packet.dll version %s), based on %s";
2159 pcap_lib_version(void)
2161 char *packet_version_string;
2162 size_t full_pcap_version_string_len;
2164 if (full_pcap_version_string == NULL) {
2166 * Generate the version string.
2168 packet_version_string = PacketGetVersion();
2169 if (strcmp(wpcap_version_string, packet_version_string) == 0) {
2171 * WinPcap version string and packet.dll version
2172 * string are the same; just report the WinPcap
2175 full_pcap_version_string_len =
2176 (sizeof pcap_version_string_fmt - 4) +
2177 strlen(wpcap_version_string) +
2178 strlen(pcap_version_string);
2179 full_pcap_version_string =
2180 malloc(full_pcap_version_string_len);
2181 if (full_pcap_version_string == NULL)
2183 pcap_snprintf(full_pcap_version_string,
2184 full_pcap_version_string_len,
2185 pcap_version_string_fmt,
2186 wpcap_version_string,
2187 pcap_version_string);
2190 * WinPcap version string and packet.dll version
2191 * string are different; that shouldn't be the
2192 * case (the two libraries should come from the
2193 * same version of WinPcap), so we report both
2196 full_pcap_version_string_len =
2197 (sizeof pcap_version_string_packet_dll_fmt - 6) +
2198 strlen(wpcap_version_string) +
2199 strlen(packet_version_string) +
2200 strlen(pcap_version_string);
2201 full_pcap_version_string = malloc(full_pcap_version_string_len);
2202 if (full_pcap_version_string == NULL)
2204 pcap_snprintf(full_pcap_version_string,
2205 full_pcap_version_string_len,
2206 pcap_version_string_packet_dll_fmt,
2207 wpcap_version_string,
2208 packet_version_string,
2209 pcap_version_string);
2212 return (full_pcap_version_string);
2215 #else /* HAVE_VERSION_H */
2218 * libpcap being built for Windows, not as part of a WinPcap/Npcap source
2221 static const char pcap_version_string_packet_dll_fmt[] =
2222 "%s (packet.dll version %s)";
2224 pcap_lib_version(void)
2226 char *packet_version_string;
2227 size_t full_pcap_version_string_len;
2229 if (full_pcap_version_string == NULL) {
2231 * Generate the version string. Report the packet.dll
2234 packet_version_string = PacketGetVersion();
2235 full_pcap_version_string_len =
2236 (sizeof pcap_version_string_packet_dll_fmt - 4) +
2237 strlen(pcap_version_string) +
2238 strlen(packet_version_string);
2239 full_pcap_version_string = malloc(full_pcap_version_string_len);
2240 if (full_pcap_version_string == NULL)
2242 pcap_snprintf(full_pcap_version_string,
2243 full_pcap_version_string_len,
2244 pcap_version_string_packet_dll_fmt,
2245 pcap_version_string,
2246 packet_version_string);
2248 return (full_pcap_version_string);
2251 #endif /* HAVE_VERSION_H */
2253 #elif defined(MSDOS)
2255 static char *full_pcap_version_string;
2258 pcap_lib_version (void)
2260 char *packet_version_string;
2261 size_t full_pcap_version_string_len;
2262 static char dospfx[] = "DOS-";
2264 if (full_pcap_version_string == NULL) {
2266 * Generate the version string.
2268 full_pcap_version_string_len =
2269 sizeof dospfx + strlen(pcap_version_string);
2270 full_pcap_version_string =
2271 malloc(full_pcap_version_string_len);
2272 if (full_pcap_version_string == NULL)
2274 strcpy(full_pcap_version_string, dospfx);
2275 strcat(full_pcap_version_string, pcap_version_string);
2277 return (full_pcap_version_string);
2283 pcap_lib_version(void)
2285 return (pcap_version_string);
2291 * Set the internal "debug printout" flag for the filter expression parser.
2292 * The code to print that stuff is present only if YYDEBUG is defined, so
2293 * the flag, and the routine to set it, are defined only if YYDEBUG is
2296 * This is intended for libpcap developers, not for general use.
2297 * If you want to set these in a program, you'll have to declare this
2298 * routine yourself, with the appropriate DLL import attribute on Windows;
2299 * it's not declared in any header file, and won't be declared in any
2300 * header file provided by libpcap.
2302 PCAP_API void pcap_set_parser_debug(int value);
2305 pcap_set_parser_debug(int value)
2307 extern int pcap_debug;
2315 * Set the internal "debug printout" flag for the filter expression optimizer.
2316 * The code to print that stuff is present only if BDEBUG is defined, so
2317 * the flag, and the routine to set it, are defined only if BDEBUG is
2320 * This is intended for libpcap developers, not for general use.
2321 * If you want to set these in a program, you'll have to declare this
2322 * routine yourself, with the appropriate DLL import attribute on Windows;
2323 * it's not declared in any header file, and won't be declared in any
2324 * header file provided by libpcap.
2326 PCAP_API void pcap_set_optimizer_debug(int value);
2329 pcap_set_optimizer_debug(int value)
2331 extern int pcap_optimizer_debug;
2333 pcap_optimizer_debug = value;