mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-29 00:12:45 +00:00
Merge libpcap 0.7.1
MFC after: 2 weeks
This commit is contained in:
parent
8e10e3e69d
commit
c0653930da
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=98533
@ -37,8 +37,9 @@
|
||||
*
|
||||
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.51 2001/11/28 05:50:05 guy Exp $ (LBL)
|
||||
*
|
||||
* $FreeBSD$
|
||||
* @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.44 2000/12/21 10:29:24 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef BPF_MAJOR_VERSION
|
||||
@ -209,11 +210,18 @@ struct bpf_hdr {
|
||||
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
|
||||
|
||||
/*
|
||||
* This value is defined by NetBSD; other platforms should refrain from
|
||||
* using it for other purposes, so that NetBSD savefiles with a link
|
||||
* type of 50 can be read as this type on all platforms.
|
||||
* These values are defined by NetBSD; other platforms should refrain from
|
||||
* using them for other purposes, so that NetBSD savefiles with link
|
||||
* types of 50 or 51 can be read as this type on all platforms.
|
||||
*/
|
||||
#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
|
||||
#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
|
||||
|
||||
/*
|
||||
* Values between 100 and 103 are used in capture file headers as
|
||||
* link-layer types corresponding to DLT_ types that differ
|
||||
* between platforms; don't use those values for new DLT_ new types.
|
||||
*/
|
||||
|
||||
/*
|
||||
* This value was defined by libpcap 0.5; platforms that have defined
|
||||
@ -232,16 +240,6 @@ struct bpf_hdr {
|
||||
#define DLT_C_HDLC 104 /* Cisco HDLC */
|
||||
#define DLT_CHDLC DLT_C_HDLC
|
||||
|
||||
/*
|
||||
* Reserved for future use.
|
||||
* Do not pick other numerical value for these unless you have also
|
||||
* picked up the tcpdump.org top-of-CVS-tree version of "savefile.c",
|
||||
* which will arrange that capture files for these DLT_ types have
|
||||
* the same "network" value on all platforms, regardless of what
|
||||
* value is chosen for their DLT_ type (thus allowing captures made
|
||||
* on one platform to be read on other platforms, even if the two
|
||||
* platforms don't use the same numerical values for all DLT_ types).
|
||||
*/
|
||||
#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
|
||||
|
||||
/*
|
||||
@ -257,14 +255,15 @@ struct bpf_hdr {
|
||||
* OpenBSD defines it as 12, but that collides with DLT_RAW, so we
|
||||
* define it as 108 here. If OpenBSD picks up this file, it should
|
||||
* define DLT_LOOP as 12 in its version, as per the comment above -
|
||||
* and should not use 108 for any purpose.
|
||||
* and should not use 108 as a DLT_ value.
|
||||
*/
|
||||
#define DLT_LOOP 108
|
||||
|
||||
/*
|
||||
* Values between 109 and 112 are used in capture file headers as
|
||||
* link-layer types corresponding to DLT_ types that might differ
|
||||
* between platforms; don't use those values for new DLT_ new types.
|
||||
* between platforms; don't use those values for new DLT_ types
|
||||
* other than the corresponding DLT_ types.
|
||||
*/
|
||||
|
||||
/*
|
||||
@ -272,6 +271,47 @@ struct bpf_hdr {
|
||||
*/
|
||||
#define DLT_LINUX_SLL 113
|
||||
|
||||
/*
|
||||
* Apple LocalTalk hardware.
|
||||
*/
|
||||
#define DLT_LTALK 114
|
||||
|
||||
/*
|
||||
* Acorn Econet.
|
||||
*/
|
||||
#define DLT_ECONET 115
|
||||
|
||||
/*
|
||||
* Reserved for use with OpenBSD ipfilter.
|
||||
*/
|
||||
#define DLT_IPFILTER 116
|
||||
|
||||
/*
|
||||
* Reserved for use in capture-file headers as a link-layer type
|
||||
* corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
|
||||
* but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
|
||||
* in capture-file headers.
|
||||
*/
|
||||
#define DLT_PFLOG 117
|
||||
|
||||
/*
|
||||
* Registered for Cisco-internal use.
|
||||
*/
|
||||
#define DLT_CISCO_IOS 118
|
||||
|
||||
/*
|
||||
* Reserved for 802.11 cards using the Prism II chips, with a link-layer
|
||||
* header including Prism monitor mode information plus an 802.11
|
||||
* header.
|
||||
*/
|
||||
#define DLT_PRISM_HEADER 119
|
||||
|
||||
/*
|
||||
* Reserved for Aironet 802.11 cards, with an Aironet link-layer header
|
||||
* (see Doug Ambrisko's FreeBSD patches).
|
||||
*/
|
||||
#define DLT_AIRONET_HEADER 120
|
||||
|
||||
/*
|
||||
* The instruction encodings.
|
||||
*/
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -18,8 +18,9 @@
|
||||
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.53 2001/05/10 14:48:02 fenner Exp $ (LBL)
|
||||
*
|
||||
* $FreeBSD$
|
||||
* @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.47 2000/11/04 10:09:55 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
/* Address qualifiers. */
|
||||
@ -37,34 +38,42 @@
|
||||
#define Q_IP 2
|
||||
#define Q_ARP 3
|
||||
#define Q_RARP 4
|
||||
#define Q_TCP 5
|
||||
#define Q_UDP 6
|
||||
#define Q_ICMP 7
|
||||
#define Q_IGMP 8
|
||||
#define Q_IGRP 9
|
||||
#define Q_SCTP 5
|
||||
#define Q_TCP 6
|
||||
#define Q_UDP 7
|
||||
#define Q_ICMP 8
|
||||
#define Q_IGMP 9
|
||||
#define Q_IGRP 10
|
||||
|
||||
|
||||
#define Q_ATALK 10
|
||||
#define Q_DECNET 11
|
||||
#define Q_LAT 12
|
||||
#define Q_SCA 13
|
||||
#define Q_MOPRC 14
|
||||
#define Q_MOPDL 15
|
||||
#define Q_ATALK 11
|
||||
#define Q_DECNET 12
|
||||
#define Q_LAT 13
|
||||
#define Q_SCA 14
|
||||
#define Q_MOPRC 15
|
||||
#define Q_MOPDL 16
|
||||
|
||||
|
||||
#define Q_IPV6 16
|
||||
#define Q_ICMPV6 17
|
||||
#define Q_AH 18
|
||||
#define Q_ESP 19
|
||||
#define Q_IPV6 17
|
||||
#define Q_ICMPV6 18
|
||||
#define Q_AH 19
|
||||
#define Q_ESP 20
|
||||
|
||||
#define Q_PIM 20
|
||||
#define Q_PIM 21
|
||||
#define Q_VRRP 22
|
||||
|
||||
#define Q_AARP 21
|
||||
#define Q_AARP 23
|
||||
|
||||
#define Q_ISO 22
|
||||
#define Q_ESIS 23
|
||||
#define Q_ISIS 24
|
||||
#define Q_CLNP 25
|
||||
#define Q_ISO 24
|
||||
#define Q_ESIS 25
|
||||
#define Q_ISIS 26
|
||||
#define Q_CLNP 27
|
||||
|
||||
#define Q_STP 28
|
||||
|
||||
#define Q_IPX 29
|
||||
|
||||
#define Q_NETBEUI 30
|
||||
|
||||
/* Directional qualifiers. */
|
||||
|
||||
@ -167,6 +176,7 @@ void gen_not(struct block *);
|
||||
|
||||
struct block *gen_scode(const char *, struct qual);
|
||||
struct block *gen_ecode(const u_char *, struct qual);
|
||||
struct block *gen_acode(const u_char *, struct qual);
|
||||
struct block *gen_mcode(const char *, const char *, int, struct qual);
|
||||
#ifdef INET6
|
||||
struct block *gen_mcode6(const char *, const char *, int, struct qual);
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.64 2000/10/28 10:18:40 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.71 2001/07/03 19:15:48 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@ -107,21 +107,25 @@ pcap_parse()
|
||||
|
||||
%token DST SRC HOST GATEWAY
|
||||
%token NET MASK PORT LESS GREATER PROTO PROTOCHAIN BYTE
|
||||
%token ARP RARP IP TCP UDP ICMP IGMP IGRP PIM
|
||||
%token ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP
|
||||
%token ATALK AARP DECNET LAT SCA MOPRC MOPDL
|
||||
%token TK_BROADCAST TK_MULTICAST
|
||||
%token NUM INBOUND OUTBOUND
|
||||
%token LINK
|
||||
%token GEQ LEQ NEQ
|
||||
%token ID EID HID HID6
|
||||
%token ID EID HID HID6 AID
|
||||
%token LSH RSH
|
||||
%token LEN
|
||||
%token IPV6 ICMPV6 AH ESP
|
||||
%token VLAN
|
||||
%token ISO ESIS ISIS CLNP
|
||||
%token STP
|
||||
%token IPX
|
||||
%token NETBEUI
|
||||
|
||||
%type <s> ID
|
||||
%type <e> EID
|
||||
%type <e> AID
|
||||
%type <s> HID HID6
|
||||
%type <i> NUM
|
||||
|
||||
@ -185,7 +189,24 @@ nid: ID { $$.b = gen_scode($1, $$.q = $<blk>0.q); }
|
||||
"in this configuration");
|
||||
#endif /*INET6*/
|
||||
}
|
||||
| EID { $$.b = gen_ecode($1, $$.q = $<blk>0.q); }
|
||||
| EID {
|
||||
$$.b = gen_ecode($1, $$.q = $<blk>0.q);
|
||||
/*
|
||||
* $1 was allocated by "pcap_ether_aton()",
|
||||
* so we must free it now that we're done
|
||||
* with it.
|
||||
*/
|
||||
free($1);
|
||||
}
|
||||
| AID {
|
||||
$$.b = gen_acode($1, $$.q = $<blk>0.q);
|
||||
/*
|
||||
* $1 was allocated by "pcap_ether_aton()",
|
||||
* so we must free it now that we're done
|
||||
* with it.
|
||||
*/
|
||||
free($1);
|
||||
}
|
||||
| not id { gen_not($2.b); $$ = $2; }
|
||||
;
|
||||
not: '!' { $$ = $<blk>0; }
|
||||
@ -243,12 +264,14 @@ pname: LINK { $$ = Q_LINK; }
|
||||
| IP { $$ = Q_IP; }
|
||||
| ARP { $$ = Q_ARP; }
|
||||
| RARP { $$ = Q_RARP; }
|
||||
| SCTP { $$ = Q_SCTP; }
|
||||
| TCP { $$ = Q_TCP; }
|
||||
| UDP { $$ = Q_UDP; }
|
||||
| ICMP { $$ = Q_ICMP; }
|
||||
| IGMP { $$ = Q_IGMP; }
|
||||
| IGRP { $$ = Q_IGRP; }
|
||||
| PIM { $$ = Q_PIM; }
|
||||
| VRRP { $$ = Q_VRRP; }
|
||||
| ATALK { $$ = Q_ATALK; }
|
||||
| AARP { $$ = Q_AARP; }
|
||||
| DECNET { $$ = Q_DECNET; }
|
||||
@ -264,6 +287,9 @@ pname: LINK { $$ = Q_LINK; }
|
||||
| ESIS { $$ = Q_ESIS; }
|
||||
| ISIS { $$ = Q_ISIS; }
|
||||
| CLNP { $$ = Q_CLNP; }
|
||||
| STP { $$ = Q_STP; }
|
||||
| IPX { $$ = Q_IPX; }
|
||||
| NETBEUI { $$ = Q_NETBEUI; }
|
||||
;
|
||||
other: pqual TK_BROADCAST { $$ = gen_broadcast($1); }
|
||||
| pqual TK_MULTICAST { $$ = gen_multicast($1); }
|
||||
|
@ -26,7 +26,7 @@
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.57.2.1 2001/01/17 18:21:56 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.60 2001/07/28 22:56:35 guy Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@ -324,7 +324,7 @@ pcap_ether_aton(const char *s)
|
||||
if (*s == ':')
|
||||
s += 1;
|
||||
d = xdtoi(*s++);
|
||||
if (isxdigit(*s)) {
|
||||
if (isxdigit((unsigned char)*s)) {
|
||||
d <<= 4;
|
||||
d |= xdtoi(*s++);
|
||||
}
|
||||
@ -415,5 +415,6 @@ __pcap_nametodnaddr(const char *name)
|
||||
#else
|
||||
bpf_error("decnet name support not included, '%s' cannot be translated\n",
|
||||
name);
|
||||
return(0);
|
||||
#endif
|
||||
}
|
||||
|
@ -30,8 +30,9 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.33 2001/08/24 07:46:52 guy Exp $ (LBL)
|
||||
*
|
||||
* $FreeBSD$
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.32 2000/12/21 10:29:23 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef pcap_int_h
|
||||
@ -66,7 +67,6 @@ struct pcap_md {
|
||||
long OrigMissed; /* missed by i/f before this run */
|
||||
#ifdef linux
|
||||
int sock_packet; /* using Linux 2.0 compatible interface */
|
||||
int readlen; /* byte count to hand to "recvmsg()" */
|
||||
int timeout; /* timeout specified to pcap_open_live */
|
||||
int clear_promisc; /* must clear promiscuous mode when we close */
|
||||
int cooked; /* using SOCK_DGRAM rather than SOCK_RAW */
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.17.2.1 2001/01/18 04:42:11 guy Exp $
|
||||
.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.31 2001/12/29 21:57:07 guy Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1994, 1996, 1997
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -30,17 +30,28 @@ pcap \- Packet Capture library
|
||||
#include <pcap.h>
|
||||
.ft
|
||||
.LP
|
||||
.nf
|
||||
.ft B
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
.ft
|
||||
.LP
|
||||
.ft B
|
||||
pcap_t *pcap_open_live(char *device, int snaplen,
|
||||
.ti +8
|
||||
int promisc, int to_ms, char *ebuf)
|
||||
int promisc, int to_ms, char *errbuf)
|
||||
pcap_t *pcap_open_dead(int linktype, int snaplen)
|
||||
pcap_t *pcap_open_offline(char *fname, char *ebuf)
|
||||
pcap_t *pcap_open_offline(char *fname, char *errbuf)
|
||||
pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname)
|
||||
.ft
|
||||
.LP
|
||||
.ft B
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
int pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf);
|
||||
int pcap_getnonblock(pcap_t *p, char *errbuf);
|
||||
.ft
|
||||
.LP
|
||||
.ft B
|
||||
int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
|
||||
void pcap_freealldevs(pcap_if_t *)
|
||||
char *pcap_lookupdev(char *errbuf)
|
||||
int pcap_lookupnet(char *device, bpf_u_int32 *netp,
|
||||
.ti +8
|
||||
@ -100,9 +111,13 @@ through this mechanism.
|
||||
NOTE:
|
||||
.I errbuf
|
||||
in
|
||||
.B pcap_open_live(),
|
||||
.B pcap_open_offline(),
|
||||
.B pcap_lookupdev(),
|
||||
.BR pcap_open_live() ,
|
||||
.BR pcap_open_dead() ,
|
||||
.BR pcap_open_offline() ,
|
||||
.BR pcap_setnonblock() ,
|
||||
.BR pcap_getnonblock() ,
|
||||
.BR pcap_findalldevs() ,
|
||||
.BR pcap_lookupdev() ,
|
||||
and
|
||||
.B pcap_lookupnet()
|
||||
is assumed to be able to hold at least
|
||||
@ -136,11 +151,21 @@ is seen, but that it wait for some amount of time to allow more packets
|
||||
to arrive and to read multiple packets from the OS kernel in one
|
||||
operation. Not all platforms support a read timeout; on platforms that
|
||||
don't, the read timeout is ignored.
|
||||
.I ebuf
|
||||
is used to return error text and is only set when
|
||||
.I errbuf
|
||||
is used to return error or warning text. It will be set to error text when
|
||||
.B pcap_open_live()
|
||||
fails and returns
|
||||
.BR NULL .
|
||||
.I errbuf
|
||||
may also be set to warning text when
|
||||
.B pcap_open_live()
|
||||
succeds; to detect this case the caller should store a zero-length string in
|
||||
.I errbuf
|
||||
before calling
|
||||
.B pcap_open_live()
|
||||
and display the warning to the user if
|
||||
.I errbuf
|
||||
is no longer a zero-length string.
|
||||
.PP
|
||||
.B pcap_open_dead()
|
||||
is used for creating a
|
||||
@ -158,7 +183,7 @@ and
|
||||
.BR tcpslice(1) .
|
||||
The name "-" in a synonym for
|
||||
.BR stdin .
|
||||
.I ebuf
|
||||
.I errbuf
|
||||
is used to return error text and is only set when
|
||||
.B pcap_open_offline()
|
||||
fails and returns
|
||||
@ -185,6 +210,131 @@ is returned,
|
||||
.B pcap_geterr()
|
||||
can be used to get the error text.
|
||||
.PP
|
||||
.B pcap_setnonblock()
|
||||
puts a capture descriptor, opened with
|
||||
.BR pcap_open_live() ,
|
||||
into ``non-blocking'' mode, or takes it out of ``non-blocking'' mode,
|
||||
depending on whether the
|
||||
.I nonblock
|
||||
argument is non-zero or zero. It has no effect on ``savefiles''.
|
||||
If there is an error, \-1 is returned and
|
||||
.I errbuf
|
||||
is filled in with an appropriate error message; otherwise, 0 is
|
||||
returned.
|
||||
In
|
||||
``non-blocking'' mode, an attempt to read from the capture descriptor
|
||||
with
|
||||
.B pcap_dispatch()
|
||||
will, if no packets are currently available to be read, return 0
|
||||
immediately rather than blocking waiting for packets to arrive.
|
||||
.B pcap_loop()
|
||||
and
|
||||
.B pcap_next()
|
||||
will not work in ``non-blocking'' mode.
|
||||
.PP
|
||||
.B pcap_getnonblock()
|
||||
returns the current ``non-blocking'' state of the capture descriptor; it
|
||||
always returns 0 on ``savefiles''.
|
||||
If there is an error, \-1 is returned and
|
||||
.I errbuf
|
||||
is filled in with an appropriate error message.
|
||||
.PP
|
||||
.B pcap_findalldevs()
|
||||
constructs a list of network devices that can be opened with
|
||||
.BR pcap_open_live() .
|
||||
(Note that there may be network devices that cannot be opened with
|
||||
.BR pcap_open_live()
|
||||
by the
|
||||
process calling
|
||||
.BR pcap_findalldevs() ,
|
||||
because, for example, that process might not have sufficient privileges
|
||||
to open them for capturing; if so, those devices will not appear on the
|
||||
list.)
|
||||
.I alldevsp
|
||||
is set to point to the first element of the list; each element of the
|
||||
list is of type
|
||||
.BR pcap_if_t ,
|
||||
and has the following members:
|
||||
.RS
|
||||
.TP
|
||||
.B next
|
||||
if not
|
||||
.BR NULL ,
|
||||
a pointer to the next element in the list;
|
||||
.B NULL
|
||||
for the last element of the list
|
||||
.TP
|
||||
.B name
|
||||
a pointer to a string giving a name for the device to pass to
|
||||
.B pcap_open_live()
|
||||
.TP
|
||||
.B description
|
||||
if not
|
||||
.BR NULL ,
|
||||
a pointer to a string giving a human-readable description of the device
|
||||
.TP
|
||||
.B addresses
|
||||
a pointer to the first element of a list of addresses for the interface
|
||||
.TP
|
||||
.B flags
|
||||
interface flags:
|
||||
.RS
|
||||
.TP
|
||||
.B PCAP_IF_LOOPBACK
|
||||
set if the interface is a loopback interface
|
||||
.RE
|
||||
.RE
|
||||
.PP
|
||||
Each element of the list of addresses is of type
|
||||
.BR pcap_addr_t ,
|
||||
and has the following members:
|
||||
.RS
|
||||
.TP
|
||||
.B next
|
||||
if not
|
||||
.BR NULL ,
|
||||
a pointer to the next element in the list;
|
||||
.B NULL
|
||||
for the last element of the list
|
||||
.TP
|
||||
.B addr
|
||||
a pointer to a
|
||||
.B "struct sockaddr"
|
||||
containing an address
|
||||
.TP
|
||||
.B netmask
|
||||
if not
|
||||
.BR NULL ,
|
||||
a pointer to a
|
||||
.B "struct sockaddr"
|
||||
that contains the netmask corresponding to the address pointed to by
|
||||
.B addr
|
||||
.TP
|
||||
.B broadaddr
|
||||
if not
|
||||
.BR NULL ,
|
||||
a pointer to a
|
||||
.B "struct sockaddr"
|
||||
that contains the broadcast address corresponding to the address pointed
|
||||
to by
|
||||
.BR addr ;
|
||||
may be null if the interface doesn't support broadcasts
|
||||
.TP
|
||||
.B dstaddr
|
||||
if not
|
||||
.BR NULL ,
|
||||
a pointer to a
|
||||
.B "struct sockaddr"
|
||||
that contains the destination address corresponding to the address pointed
|
||||
to by
|
||||
.BR addr ;
|
||||
may be null if the interface isn't a point-to-point interface
|
||||
.RE
|
||||
.PP
|
||||
.B pcap_freealldevs()
|
||||
is used to free a list allocated by
|
||||
.BR pcap_findalldevs() .
|
||||
.PP
|
||||
.B pcap_lookupdev()
|
||||
returns a pointer to a network device suitable for use with
|
||||
.B pcap_open_live()
|
||||
@ -286,9 +436,15 @@ causes
|
||||
to loop forever (or at least until an error occurs).
|
||||
.PP
|
||||
.B pcap_next()
|
||||
returns a
|
||||
reads the next packet (by calling
|
||||
.B pcap_dispatch()
|
||||
with a
|
||||
.I cnt
|
||||
of 1) and returns a
|
||||
.I u_char
|
||||
pointer to the next packet.
|
||||
pointer to the data in that packet. (The
|
||||
.I pcap_pkthdr
|
||||
struct for that packet is not supplied.)
|
||||
.PP
|
||||
.B pcap_dump()
|
||||
outputs a packet to the ``savefile'' opened with
|
||||
@ -297,6 +453,12 @@ Note that its calling arguments are suitable for use with
|
||||
.B pcap_dispatch()
|
||||
or
|
||||
.BR pcap_loop() .
|
||||
If called directly, the
|
||||
.I user
|
||||
parameter is of type
|
||||
.I pcap_dumper_t
|
||||
as returned by
|
||||
.BR pcap_dump_open() .
|
||||
.PP
|
||||
.B pcap_compile()
|
||||
is used to compile the string
|
||||
@ -358,8 +520,150 @@ has been made the filter program for a pcap structure by a call to
|
||||
.BR pcap_setfilter() .
|
||||
.PP
|
||||
.B pcap_datalink()
|
||||
returns the link layer type, e.g.
|
||||
.BR DLT_EN10MB .
|
||||
returns the link layer type; link layer types it can return include:
|
||||
.PP
|
||||
.RS 5
|
||||
.TP 5
|
||||
.B DLT_NULL
|
||||
BSD loopback encapsulation; the link layer header is a 4-byte field, in
|
||||
.I host
|
||||
byte order, containing a PF_ value from
|
||||
.B socket.h
|
||||
for the network-layer protocol of the packet
|
||||
.IP
|
||||
Note that ``host byte order'' is the byte order of the machine on which
|
||||
the packets are captured, and the PF_ values are for the OS of the
|
||||
machine on which the packets are captured; if a live capture is being
|
||||
done, ``host byte order'' is the byte order of the machine capturing the
|
||||
packets, and the PF_ values are those of the OS of the machine capturing
|
||||
the packets, but if a ``savefile'' is being read, the byte order and PF_
|
||||
values are
|
||||
.I not
|
||||
necessarily those of the machine reading the capture file.
|
||||
.TP 5
|
||||
.B DLT_EN10MB
|
||||
Ethernet (10Mb, 100Mb, 1000Mb, and up)
|
||||
.TP 5
|
||||
.B DLT_IEEE802
|
||||
IEEE 802.5 Token Ring
|
||||
.TP 5
|
||||
.B DLT_ARCNET
|
||||
ARCNET
|
||||
.TP 5
|
||||
.B DLT_SLIP
|
||||
SLIP; the link layer header contains, in order:
|
||||
.RS 10
|
||||
.LP
|
||||
a 1-byte flag, which is 0 for packets received by the machine and 1 for
|
||||
packets sent by the machine;
|
||||
.LP
|
||||
a 1-byte field, the upper 4 bits of which indicate the type of packet,
|
||||
as per RFC 1144:
|
||||
.RS 5
|
||||
.TP 5
|
||||
0x40
|
||||
an unmodified IP datagram (TYPE_IP);
|
||||
.TP 5
|
||||
0x70
|
||||
an uncompressed-TCP IP datagram (UNCOMPRESSED_TCP), with that byte being
|
||||
the first byte of the raw IP header on the wire, containing the
|
||||
connection number in the protocol field;
|
||||
.TP 5
|
||||
0x80
|
||||
a compressed-TCP IP datagram (COMPRESSED_TCP), with that byte being the
|
||||
first byte of the compressed TCP/IP datagram header;
|
||||
.RE
|
||||
.LP
|
||||
for UNCOMPRESSED_TCP, the rest of the modified IP header, and for
|
||||
COMPRESSED_TCP, the compressed TCP/IP datagram header;
|
||||
.RE
|
||||
.RS 5
|
||||
.LP
|
||||
for a total of 16 bytes; the uncompressed IP datagram follows the header
|
||||
.RE
|
||||
.TP 5
|
||||
.B DLT_PPP
|
||||
PPP; if the first 2 bytes are 0xff and 0x03, it's PPP in HDLC-like
|
||||
framing, with the PPP header following those two bytes, otherwise it's
|
||||
PPP without framing, and the packet begins with the PPP header
|
||||
.TP 5
|
||||
.B DLT_FDDI
|
||||
FDDI
|
||||
.TP 5
|
||||
.B DLT_ATM_RFC1483
|
||||
RFC 1483 LLC/SNAP-encapsulated ATM; the packet begins with an IEEE 802.2
|
||||
LLC header
|
||||
.TP 5
|
||||
.B DLT_RAW
|
||||
raw IP; the packet begins with an IP header
|
||||
.TP 5
|
||||
.B DLT_PPP_SERIAL
|
||||
PPP in HDLC-like framing, as per RFC 1662, or Cisco PPP with HDLC
|
||||
framing, as per section 4.3.1 of RFC 1547; the first byte will be 0xFF
|
||||
for PPP in HDLC-like framing, and will be 0x0F or 0x8F for Cisco PPP
|
||||
with HDLC framing
|
||||
.TP 5
|
||||
.B DLT_PPP_ETHER
|
||||
PPPoE; the packet begins with a PPPoE header, as per RFC 2516
|
||||
.TP 5
|
||||
.B DLT_C_HDLC
|
||||
Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547
|
||||
.TP 5
|
||||
.B DLT_IEEE802_11
|
||||
IEEE 802.11 wireless LAN
|
||||
.TP 5
|
||||
.B DLT_LOOP
|
||||
OpenBSD loopback encapsulation; the link layer header is a 4-byte field, in
|
||||
.I network
|
||||
byte order, containing a PF_ value from OpenBSD's
|
||||
.B socket.h
|
||||
for the network-layer protocol of the packet
|
||||
.IP
|
||||
Note that, if a ``savefile'' is being read, those PF_ values are
|
||||
.I not
|
||||
necessarily those of the machine reading the capture file.
|
||||
.TP 5
|
||||
.B DLT_LINUX_SLL
|
||||
Linux "cooked" capture encapsulation; the link layer header contains, in
|
||||
order:
|
||||
.RS 10
|
||||
.LP
|
||||
a 2-byte "packet type", in network byte order, which is one of:
|
||||
.RS 5
|
||||
.TP 5
|
||||
0
|
||||
packet was sent to us by somebody else
|
||||
.TP 5
|
||||
1
|
||||
packet was broadcast by somebody else
|
||||
.TP 5
|
||||
2
|
||||
packet was multicast, but not broadcast, by somebody else
|
||||
.TP 5
|
||||
3
|
||||
packet was sent by somebody else to somebody else
|
||||
.TP 5
|
||||
4
|
||||
packet was sent by us
|
||||
.RE
|
||||
.LP
|
||||
a 2-byte field, in network byte order, containing a Linux ARPHRD_ value
|
||||
for the link layer device type;
|
||||
.LP
|
||||
a 2-byte field, in network byte order, containing the length of the
|
||||
link layer address of the sender of the packet (which could be 0);
|
||||
.LP
|
||||
an 8-byte field containing that number of bytes of the link layer header
|
||||
(if there are more than 8 bytes, only the first 8 are present);
|
||||
.LP
|
||||
a 2-byte field containing an Ethernet protocol type, in network byte
|
||||
order, or containing 1 for Novell 802.3 frames without an 802.2 LLC
|
||||
header or 4 for frames beginning with an 802.2 LLC header.
|
||||
.RE
|
||||
.TP 5
|
||||
.B DLT_LTALK
|
||||
Apple LocalTalk; the packet begins with an AppleTalk LLAP header
|
||||
.RE
|
||||
.PP
|
||||
.B pcap_snapshot()
|
||||
returns the snapshot length specified when
|
||||
@ -379,21 +683,33 @@ returns the minor number of the version of the pcap used to write the
|
||||
savefile.
|
||||
.PP
|
||||
.B pcap_file()
|
||||
returns the name of the ``savefile.''
|
||||
returns the standard I/O stream of the ``savefile,'' if a ``savefile''
|
||||
was opened with
|
||||
.BR pcap_open_offline() ,
|
||||
or NULL, if a network device was opened with
|
||||
.BR pcap_open_live() .
|
||||
.PP
|
||||
.B int pcap_stats()
|
||||
.B pcap_stats()
|
||||
returns 0 and fills in a
|
||||
.B pcap_stat
|
||||
struct. The values represent packet statistics from the start of the
|
||||
run to the time of the call. If there is an error or the under lying
|
||||
run to the time of the call. If there is an error or the underlying
|
||||
packet capture doesn't support packet statistics, \-1 is returned and
|
||||
the error text can be obtained with
|
||||
.B pcap_perror()
|
||||
or
|
||||
.BR pcap_geterr() .
|
||||
.B pcap_stats()
|
||||
is supported only on live captures, not on ``savefiles''; no statistics
|
||||
are stored in ``savefiles'', so no statistics are available when reading
|
||||
from a ``savefile''.
|
||||
.PP
|
||||
.B pcap_fileno()
|
||||
returns the file descriptor number of the ``savefile.''
|
||||
returns the file descriptor number from which captured packets are read,
|
||||
if a network device was opened with
|
||||
.BR pcap_open_live() ,
|
||||
or \-1, if a ``savefile'' was opened with
|
||||
.BR pcap_open_offline() .
|
||||
.PP
|
||||
.B pcap_perror()
|
||||
prints the text of the last pcap library error on
|
||||
|
@ -1,3 +1,4 @@
|
||||
/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
|
||||
/*
|
||||
* Copyright (c) 1993, 1994, 1995, 1996, 1997
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
@ -30,8 +31,9 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.34 2001/12/09 05:10:03 guy Exp $ (LBL)
|
||||
*
|
||||
* $FreeBSD$
|
||||
* @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.31 2000/10/28 00:01:31 guy Exp $ (LBL)
|
||||
*/
|
||||
|
||||
#ifndef lib_pcap_h
|
||||
@ -64,6 +66,8 @@ typedef u_int bpf_u_int32;
|
||||
|
||||
typedef struct pcap pcap_t;
|
||||
typedef struct pcap_dumper pcap_dumper_t;
|
||||
typedef struct pcap_if pcap_if_t;
|
||||
typedef struct pcap_addr pcap_addr_t;
|
||||
|
||||
/*
|
||||
* The first record in the file contains saved values for some
|
||||
@ -129,6 +133,30 @@ struct pcap_stat {
|
||||
u_int ps_ifdrop; /* drops by interface XXX not yet supported */
|
||||
};
|
||||
|
||||
/*
|
||||
* Item in a list of interfaces.
|
||||
*/
|
||||
struct pcap_if {
|
||||
struct pcap_if *next;
|
||||
char *name; /* name to hand to "pcap_open_live()" */
|
||||
char *description; /* textual description of interface, or NULL */
|
||||
struct pcap_addr *addresses;
|
||||
u_int flags; /* PCAP_IF_ interface flags */
|
||||
};
|
||||
|
||||
#define PCAP_IF_LOOPBACK 0x00000001 /* interface is loopback */
|
||||
|
||||
/*
|
||||
* Representation of an interface address.
|
||||
*/
|
||||
struct pcap_addr {
|
||||
struct pcap_addr *next;
|
||||
struct sockaddr *addr; /* address */
|
||||
struct sockaddr *netmask; /* netmask for that address */
|
||||
struct sockaddr *broadaddr; /* broadcast address for that address */
|
||||
struct sockaddr *dstaddr; /* P2P destination address for that address */
|
||||
};
|
||||
|
||||
typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
|
||||
const u_char *);
|
||||
|
||||
@ -144,6 +172,8 @@ const u_char*
|
||||
pcap_next(pcap_t *, struct pcap_pkthdr *);
|
||||
int pcap_stats(pcap_t *, struct pcap_stat *);
|
||||
int pcap_setfilter(pcap_t *, struct bpf_program *);
|
||||
int pcap_getnonblock(pcap_t *, char *);
|
||||
int pcap_setnonblock(pcap_t *, int, char *);
|
||||
void pcap_perror(pcap_t *, char *);
|
||||
char *pcap_strerror(int);
|
||||
char *pcap_geterr(pcap_t *);
|
||||
@ -166,6 +196,9 @@ pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
|
||||
void pcap_dump_close(pcap_dumper_t *);
|
||||
void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
|
||||
|
||||
int pcap_findalldevs(pcap_if_t **, char *);
|
||||
void pcap_freealldevs(pcap_if_t *);
|
||||
|
||||
/* XXX this guy lives in the bpf tree */
|
||||
u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
|
||||
int bpf_validate(struct bpf_insn *f, int len);
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.70 2000/10/28 10:18:40 guy Exp $ (LBL)";
|
||||
"@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.81 2001/09/14 01:40:57 fenner Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
@ -172,15 +172,29 @@ fddi|tr return LINK;
|
||||
arp return ARP;
|
||||
rarp return RARP;
|
||||
ip return IP;
|
||||
sctp return SCTP;
|
||||
tcp return TCP;
|
||||
udp return UDP;
|
||||
icmp return ICMP;
|
||||
igmp return IGMP;
|
||||
igrp return IGRP;
|
||||
pim return PIM;
|
||||
vrrp return VRRP;
|
||||
|
||||
ip6 return IPV6;
|
||||
icmp6 return ICMPV6;
|
||||
ip6 {
|
||||
#ifdef INET6
|
||||
return IPV6;
|
||||
#else
|
||||
bpf_error("%s not supported", yytext);
|
||||
#endif
|
||||
}
|
||||
icmp6 {
|
||||
#ifdef INET6
|
||||
return ICMPV6;
|
||||
#else
|
||||
bpf_error("%s not supported", yytext);
|
||||
#endif
|
||||
}
|
||||
ah return AH;
|
||||
esp return ESP;
|
||||
|
||||
@ -199,6 +213,12 @@ isis return ISIS;
|
||||
is-is return ISIS;
|
||||
clnp return CLNP;
|
||||
|
||||
stp return STP;
|
||||
|
||||
ipx return IPX;
|
||||
|
||||
netbeui return NETBEUI;
|
||||
|
||||
host return HOST;
|
||||
net return NET;
|
||||
mask return MASK;
|
||||
@ -238,6 +258,8 @@ vlan return VLAN;
|
||||
"==" return '=';
|
||||
"<<" return LSH;
|
||||
">>" return RSH;
|
||||
${B} { yylval.e = pcap_ether_aton(((char *)yytext)+1);
|
||||
return AID; }
|
||||
{N} { yylval.i = stoi((char *)yytext); return NUM; }
|
||||
({N}\.{N})|({N}\.{N}\.{N})|({N}\.{N}\.{N}\.{N}) {
|
||||
yylval.s = sdup((char *)yytext); return HID; }
|
||||
@ -259,11 +281,35 @@ vlan return VLAN;
|
||||
#endif /*INET6*/
|
||||
}
|
||||
{B}:+({B}:+)+ { bpf_error("bogus ethernet address %s", yytext); }
|
||||
[A-Za-z0-9][-_.A-Za-z0-9]*[.A-Za-z0-9] {
|
||||
icmptype { yylval.i = 0; return NUM; }
|
||||
icmpcode { yylval.i = 1; return NUM; }
|
||||
icmp-echoreply { yylval.i = 0; return NUM; }
|
||||
icmp-unreach { yylval.i = 3; return NUM; }
|
||||
icmp-sourcequench { yylval.i = 4; return NUM; }
|
||||
icmp-redirect { yylval.i = 5; return NUM; }
|
||||
icmp-echo { yylval.i = 8; return NUM; }
|
||||
icmp-routeradvert { yylval.i = 9; return NUM; }
|
||||
icmp-routersolicit { yylval.i = 10; return NUM; }
|
||||
icmp-timxceed { yylval.i = 11; return NUM; }
|
||||
icmp-paramprob { yylval.i = 12; return NUM; }
|
||||
icmp-tstamp { yylval.i = 13; return NUM; }
|
||||
icmp-tstampreply { yylval.i = 14; return NUM; }
|
||||
icmp-ireq { yylval.i = 15; return NUM; }
|
||||
icmp-ireqreply { yylval.i = 16; return NUM; }
|
||||
icmp-maskreq { yylval.i = 17; return NUM; }
|
||||
icmp-maskreply { yylval.i = 18; return NUM; }
|
||||
tcpflags { yylval.i = 13; return NUM; }
|
||||
tcp-fin { yylval.i = 0x01; return NUM; }
|
||||
tcp-syn { yylval.i = 0x02; return NUM; }
|
||||
tcp-rst { yylval.i = 0x04; return NUM; }
|
||||
tcp-push { yylval.i = 0x08; return NUM; }
|
||||
tcp-ack { yylval.i = 0x10; return NUM; }
|
||||
tcp-urg { yylval.i = 0x20; return NUM; }
|
||||
[A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
|
||||
yylval.s = sdup((char *)yytext); return ID; }
|
||||
"\\"[^ !()\n\t]+ { yylval.s = sdup((char *)yytext + 1); return ID; }
|
||||
[^ \[\]\t\n\-_.A-Za-z0-9!<>()&|=]+i {
|
||||
bpf_error("illegal token: %s\n", yytext); }
|
||||
[^ \[\]\t\n\-_.A-Za-z0-9!<>()&|=]+ {
|
||||
bpf_error("illegal token: %s", yytext); }
|
||||
. { bpf_error("illegal char '%c'", *yytext); }
|
||||
%%
|
||||
void
|
||||
|
Loading…
Reference in New Issue
Block a user