Merge libpcap 0.7.1

MFC after:	2 weeks

contrib/libpcap/bpf/net/bpf.h

@@ -37,8 +37,9 @@
  *
  *      @(#)bpf.h       7.1 (Berkeley) 5/7/91
  *
+ * @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.51 2001/11/28 05:50:05 guy Exp $ (LBL)
+ *
  * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.44 2000/12/21 10:29:24 guy Exp $ (LBL)
  */
 
 #ifndef BPF_MAJOR_VERSION
@@ -209,11 +210,18 @@ struct bpf_hdr {
 #define DLT_ATM_CLIP	19	/* Linux Classical-IP over ATM */
 
 /*
- * This value is defined by NetBSD; other platforms should refrain from
+ * These values are defined by NetBSD; other platforms should refrain from
- * using it for other purposes, so that NetBSD savefiles with a link
+ * using them for other purposes, so that NetBSD savefiles with link
- * type of 50 can be read as this type on all platforms.
+ * types of 50 or 51 can be read as this type on all platforms.
  */
 #define DLT_PPP_SERIAL	50	/* PPP over serial with HDLC encapsulation */
+#define DLT_PPP_ETHER	51	/* PPP over Ethernet */
+
+/*
+ * Values between 100 and 103 are used in capture file headers as
+ * link-layer types corresponding to DLT_ types that differ
+ * between platforms; don't use those values for new DLT_ new types.
+ */
 
 /*
  * This value was defined by libpcap 0.5; platforms that have defined
@@ -232,16 +240,6 @@ struct bpf_hdr {
 #define DLT_C_HDLC	104	/* Cisco HDLC */
 #define DLT_CHDLC	DLT_C_HDLC
 
-/*
- * Reserved for future use.
- * Do not pick other numerical value for these unless you have also
- * picked up the tcpdump.org top-of-CVS-tree version of "savefile.c",
- * which will arrange that capture files for these DLT_ types have
- * the same "network" value on all platforms, regardless of what
- * value is chosen for their DLT_ type (thus allowing captures made
- * on one platform to be read on other platforms, even if the two
- * platforms don't use the same numerical values for all DLT_ types).
- */
 #define DLT_IEEE802_11	105	/* IEEE 802.11 wireless */
 
 /*
@@ -257,14 +255,15 @@ struct bpf_hdr {
  * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
  * define it as 108 here.  If OpenBSD picks up this file, it should
  * define DLT_LOOP as 12 in its version, as per the comment above -
- * and should not use 108 for any purpose.
+ * and should not use 108 as a DLT_ value.
  */
 #define DLT_LOOP	108
 
 /*
  * Values between 109 and 112 are used in capture file headers as
  * link-layer types corresponding to DLT_ types that might differ
- * between platforms; don't use those values for new DLT_ new types.
+ * between platforms; don't use those values for new DLT_ types
+ * other than the corresponding DLT_ types.
  */
 
 /*
@@ -272,6 +271,47 @@ struct bpf_hdr {
  */
 #define DLT_LINUX_SLL	113
 
+/*
+ * Apple LocalTalk hardware.
+ */
+#define DLT_LTALK	114
+
+/*
+ * Acorn Econet.
+ */
+#define DLT_ECONET	115
+
+/*
+ * Reserved for use with OpenBSD ipfilter.
+ */
+#define DLT_IPFILTER	116
+
+/*
+ * Reserved for use in capture-file headers as a link-layer type
+ * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
+ * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
+ * in capture-file headers.
+ */
+#define DLT_PFLOG	117
+
+/*
+ * Registered for Cisco-internal use.
+ */
+#define DLT_CISCO_IOS	118
+
+/*
+ * Reserved for 802.11 cards using the Prism II chips, with a link-layer
+ * header including Prism monitor mode information plus an 802.11
+ * header.
+ */
+#define DLT_PRISM_HEADER	119
+
+/*
+ * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
+ * (see Doug Ambrisko's FreeBSD patches).
+ */
+#define DLT_AIRONET_HEADER	120
+
 /*
  * The instruction encodings.
  */

contrib/libpcap/gencode.h

@@ -18,8 +18,9 @@
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.53 2001/05/10 14:48:02 fenner Exp $ (LBL)
+ *
  * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.47 2000/11/04 10:09:55 guy Exp $ (LBL)
  */
 
 /* Address qualifiers. */
@@ -37,34 +38,42 @@
 #define Q_IP		2
 #define Q_ARP		3
 #define Q_RARP		4
-#define Q_TCP		5
+#define Q_SCTP		5
-#define Q_UDP		6
+#define Q_TCP		6
-#define Q_ICMP		7
+#define Q_UDP		7
-#define Q_IGMP		8
+#define Q_ICMP		8
-#define Q_IGRP		9
+#define Q_IGMP		9
+#define Q_IGRP		10
 
 
-#define	Q_ATALK		10
+#define	Q_ATALK		11
-#define	Q_DECNET	11
+#define	Q_DECNET	12
-#define	Q_LAT		12
+#define	Q_LAT		13
-#define Q_SCA		13
+#define Q_SCA		14
-#define	Q_MOPRC		14
+#define	Q_MOPRC		15
-#define	Q_MOPDL		15
+#define	Q_MOPDL		16
 
 
-#define Q_IPV6		16
+#define Q_IPV6		17
-#define Q_ICMPV6	17
+#define Q_ICMPV6	18
-#define Q_AH		18
+#define Q_AH		19
-#define Q_ESP		19
+#define Q_ESP		20
 
-#define Q_PIM		20
+#define Q_PIM		21
+#define Q_VRRP		22
 
-#define	Q_AARP		21
+#define Q_AARP		23
 
-#define Q_ISO		22
+#define Q_ISO		24
-#define Q_ESIS		23
+#define Q_ESIS		25
-#define Q_ISIS		24
+#define Q_ISIS		26
-#define Q_CLNP		25
+#define Q_CLNP		27
+
+#define Q_STP		28
+
+#define Q_IPX		29
+
+#define Q_NETBEUI	30
 
 /* Directional qualifiers. */
 
@@ -167,6 +176,7 @@ void gen_not(struct block *);
 
 struct block *gen_scode(const char *, struct qual);
 struct block *gen_ecode(const u_char *, struct qual);
+struct block *gen_acode(const u_char *, struct qual);
 struct block *gen_mcode(const char *, const char *, int, struct qual);
 #ifdef INET6
 struct block *gen_mcode6(const char *, const char *, int, struct qual);

contrib/libpcap/grammar.y

@@ -23,7 +23,7 @@
  */
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.64 2000/10/28 10:18:40 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.71 2001/07/03 19:15:48 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -107,21 +107,25 @@ pcap_parse()
 
 %token  DST SRC HOST GATEWAY
 %token  NET MASK PORT LESS GREATER PROTO PROTOCHAIN BYTE
-%token  ARP RARP IP TCP UDP ICMP IGMP IGRP PIM
+%token  ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP
 %token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
 %token  LINK
 %token	GEQ LEQ NEQ
-%token	ID EID HID HID6
+%token	ID EID HID HID6 AID
 %token	LSH RSH
 %token  LEN
 %token  IPV6 ICMPV6 AH ESP
 %token	VLAN
 %token  ISO ESIS ISIS CLNP
+%token  STP
+%token  IPX
+%token  NETBEUI
 
 %type	<s> ID
 %type	<e> EID
+%type	<e> AID
 %type	<s> HID HID6
 %type	<i> NUM
 
@@ -185,7 +189,24 @@ nid:	  ID			{ $$.b = gen_scode($1, $$.q = $<blk>0.q); }
 					"in this configuration");
 #endif /*INET6*/
 				}
-	| EID			{ $$.b = gen_ecode($1, $$.q = $<blk>0.q); }
+	| EID			{ 
+				  $$.b = gen_ecode($1, $$.q = $<blk>0.q);
+				  /*
+				   * $1 was allocated by "pcap_ether_aton()",
+				   * so we must free it now that we're done
+				   * with it.
+				   */
+				  free($1);
+				}
+	| AID			{
+				  $$.b = gen_acode($1, $$.q = $<blk>0.q);
+				  /*
+				   * $1 was allocated by "pcap_ether_aton()",
+				   * so we must free it now that we're done
+				   * with it.
+				   */
+				  free($1);
+				}
 	| not id		{ gen_not($2.b); $$ = $2; }
 	;
 not:	  '!'			{ $$ = $<blk>0; }
@@ -243,12 +264,14 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| IP			{ $$ = Q_IP; }
 	| ARP			{ $$ = Q_ARP; }
 	| RARP			{ $$ = Q_RARP; }
+	| SCTP			{ $$ = Q_SCTP; }
 	| TCP			{ $$ = Q_TCP; }
 	| UDP			{ $$ = Q_UDP; }
 	| ICMP			{ $$ = Q_ICMP; }
 	| IGMP			{ $$ = Q_IGMP; }
 	| IGRP			{ $$ = Q_IGRP; }
 	| PIM			{ $$ = Q_PIM; }
+	| VRRP			{ $$ = Q_VRRP; }
 	| ATALK			{ $$ = Q_ATALK; }
 	| AARP			{ $$ = Q_AARP; }
 	| DECNET		{ $$ = Q_DECNET; }
@@ -264,6 +287,9 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| ESIS			{ $$ = Q_ESIS; }
 	| ISIS			{ $$ = Q_ISIS; }
 	| CLNP			{ $$ = Q_CLNP; }
+	| STP			{ $$ = Q_STP; }
+	| IPX			{ $$ = Q_IPX; }
+	| NETBEUI		{ $$ = Q_NETBEUI; }
 	;
 other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| pqual TK_MULTICAST	{ $$ = gen_multicast($1); }

contrib/libpcap/nametoaddr.c

@@ -26,7 +26,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.57.2.1 2001/01/17 18:21:56 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.60 2001/07/28 22:56:35 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -324,7 +324,7 @@ pcap_ether_aton(const char *s)
 		if (*s == ':')
 			s += 1;
 		d = xdtoi(*s++);
-		if (isxdigit(*s)) {
+		if (isxdigit((unsigned char)*s)) {
 			d <<= 4;
 			d |= xdtoi(*s++);
 		}
@@ -415,5 +415,6 @@ __pcap_nametodnaddr(const char *name)
 #else
 	bpf_error("decnet name support not included, '%s' cannot be translated\n",
 		name);
+	return(0);
 #endif
 }

contrib/libpcap/pcap-int.h

@@ -30,8 +30,9 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.33 2001/08/24 07:46:52 guy Exp $ (LBL)
+ *
  * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/pcap-int.h,v 1.32 2000/12/21 10:29:23 guy Exp $ (LBL)
  */
 
 #ifndef pcap_int_h
@@ -66,7 +67,6 @@ struct pcap_md {
 	long	OrigMissed;	/* missed by i/f before this run */
 #ifdef linux
 	int	sock_packet;	/* using Linux 2.0 compatible interface */
-	int	readlen;	/* byte count to hand to "recvmsg()" */
 	int	timeout;	/* timeout specified to pcap_open_live */
 	int	clear_promisc;	/* must clear promiscuous mode when we close */
 	int	cooked;		/* using SOCK_DGRAM rather than SOCK_RAW */

contrib/libpcap/pcap.3

@@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.17.2.1 2001/01/18 04:42:11 guy Exp $
+.\" @(#) $Header: /tcpdump/master/libpcap/pcap.3,v 1.31 2001/12/29 21:57:07 guy Exp $
 .\"
 .\" Copyright (c) 1994, 1996, 1997
 .\"	The Regents of the University of California.  All rights reserved.
@@ -30,17 +30,28 @@ pcap \- Packet Capture library
 #include <pcap.h>
 .ft
 .LP
+.nf
+.ft B
+char errbuf[PCAP_ERRBUF_SIZE];
+.ft
+.LP
 .ft B
 pcap_t *pcap_open_live(char *device, int snaplen,
 .ti +8
-int promisc, int to_ms, char *ebuf)
+int promisc, int to_ms, char *errbuf)
 pcap_t *pcap_open_dead(int linktype, int snaplen)
-pcap_t *pcap_open_offline(char *fname, char *ebuf)
+pcap_t *pcap_open_offline(char *fname, char *errbuf)
 pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname)
 .ft
 .LP
 .ft B
-char errbuf[PCAP_ERRBUF_SIZE];
+int pcap_setnonblock(pcap_t *p, int nonblock, char *errbuf);
+int pcap_getnonblock(pcap_t *p, char *errbuf);
+.ft
+.LP
+.ft B
+int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
+void pcap_freealldevs(pcap_if_t *)
 char *pcap_lookupdev(char *errbuf)
 int pcap_lookupnet(char *device, bpf_u_int32 *netp,
 .ti +8
@@ -100,9 +111,13 @@ through this mechanism.
 NOTE:
 .I errbuf
 in
-.B pcap_open_live(),
+.BR pcap_open_live() ,
-.B pcap_open_offline(),
+.BR pcap_open_dead() ,
-.B pcap_lookupdev(),
+.BR pcap_open_offline() ,
+.BR pcap_setnonblock() ,
+.BR pcap_getnonblock() ,
+.BR pcap_findalldevs() ,
+.BR pcap_lookupdev() ,
 and
 .B pcap_lookupnet()
 is assumed to be able to hold at least
@@ -136,11 +151,21 @@ is seen, but that it wait for some amount of time to allow more packets
 to arrive and to read multiple packets from the OS kernel in one
 operation.  Not all platforms support a read timeout; on platforms that
 don't, the read timeout is ignored.
-.I ebuf
+.I errbuf
-is used to return error text and is only set when
+is used to return error or warning text.  It will be set to error text when
 .B pcap_open_live()
 fails and returns
 .BR NULL .
+.I errbuf
+may also be set to warning text when
+.B pcap_open_live()
+succeds; to detect this case the caller should store a zero-length string in
+.I errbuf
+before calling
+.B pcap_open_live()
+and display the warning to the user if
+.I errbuf
+is no longer a zero-length string.
 .PP
 .B pcap_open_dead()
 is used for creating a
@@ -158,7 +183,7 @@ and
 .BR tcpslice(1) .
 The name "-" in a synonym for
 .BR stdin .
-.I ebuf
+.I errbuf
 is used to return error text and is only set when
 .B pcap_open_offline()
 fails and returns
@@ -185,6 +210,131 @@ is returned,
 .B pcap_geterr()
 can be used to get the error text.
 .PP
+.B pcap_setnonblock()
+puts a capture descriptor, opened with
+.BR pcap_open_live() ,
+into ``non-blocking'' mode, or takes it out of ``non-blocking'' mode,
+depending on whether the
+.I nonblock
+argument is non-zero or zero.  It has no effect on ``savefiles''.
+If there is an error, \-1 is returned and
+.I errbuf
+is filled in with an appropriate error message; otherwise, 0 is
+returned.
+In
+``non-blocking'' mode, an attempt to read from the capture descriptor
+with
+.B pcap_dispatch()
+will, if no packets are currently available to be read, return 0
+immediately rather than blocking waiting for packets to arrive.
+.B pcap_loop()
+and
+.B pcap_next()
+will not work in ``non-blocking'' mode.
+.PP
+.B pcap_getnonblock()
+returns the current ``non-blocking'' state of the capture descriptor; it
+always returns 0 on ``savefiles''.
+If there is an error, \-1 is returned and
+.I errbuf
+is filled in with an appropriate error message.
+.PP
+.B pcap_findalldevs()
+constructs a list of network devices that can be opened with
+.BR pcap_open_live() .
+(Note that there may be network devices that cannot be opened with
+.BR pcap_open_live()
+by the
+process calling
+.BR pcap_findalldevs() ,
+because, for example, that process might not have sufficient privileges
+to open them for capturing; if so, those devices will not appear on the
+list.)
+.I alldevsp
+is set to point to the first element of the list; each element of the
+list is of type
+.BR pcap_if_t ,
+and has the following members:
+.RS
+.TP
+.B next
+if not
+.BR NULL ,
+a pointer to the next element in the list;
+.B NULL
+for the last element of the list
+.TP
+.B name
+a pointer to a string giving a name for the device to pass to
+.B pcap_open_live()
+.TP
+.B description
+if not
+.BR NULL ,
+a pointer to a string giving a human-readable description of the device
+.TP
+.B addresses
+a pointer to the first element of a list of addresses for the interface
+.TP
+.B flags
+interface flags:
+.RS
+.TP
+.B PCAP_IF_LOOPBACK
+set if the interface is a loopback interface
+.RE
+.RE
+.PP
+Each element of the list of addresses is of type
+.BR pcap_addr_t ,
+and has the following members:
+.RS
+.TP
+.B next
+if not
+.BR NULL ,
+a pointer to the next element in the list;
+.B NULL
+for the last element of the list
+.TP
+.B addr
+a pointer to a
+.B "struct sockaddr"
+containing an address
+.TP
+.B netmask
+if not
+.BR NULL ,
+a pointer to a
+.B "struct sockaddr"
+that contains the netmask corresponding to the address pointed to by
+.B addr
+.TP
+.B broadaddr
+if not
+.BR NULL ,
+a pointer to a
+.B "struct sockaddr"
+that contains the broadcast address corresponding to the address pointed
+to by
+.BR addr ;
+may be null if the interface doesn't support broadcasts
+.TP
+.B dstaddr
+if not
+.BR NULL ,
+a pointer to a
+.B "struct sockaddr"
+that contains the destination address corresponding to the address pointed
+to by
+.BR addr ;
+may be null if the interface isn't a point-to-point interface
+.RE
+.PP
+.B pcap_freealldevs()
+is used to free a list allocated by
+.BR pcap_findalldevs() .
+.PP
 .B pcap_lookupdev()
 returns a pointer to a network device suitable for use with
 .B pcap_open_live()
@@ -286,9 +436,15 @@ causes
 to loop forever (or at least until an error occurs).
 .PP
 .B pcap_next()
-returns a
+reads the next packet (by calling
+.B pcap_dispatch()
+with a
+.I cnt
+of 1) and returns a
 .I u_char
-pointer to the next packet.
+pointer to the data in that packet.  (The
+.I pcap_pkthdr
+struct for that packet is not supplied.)
 .PP
 .B pcap_dump()
 outputs a packet to the ``savefile'' opened with
@@ -297,6 +453,12 @@ Note that its calling arguments are suitable for use with
 .B pcap_dispatch()
 or
 .BR pcap_loop() .
+If called directly, the 
+.I user
+parameter is of type 
+.I pcap_dumper_t
+as returned by
+.BR pcap_dump_open() .
 .PP
 .B pcap_compile()
 is used to compile the string
@@ -358,8 +520,150 @@ has been made the filter program for a pcap structure by a call to
 .BR pcap_setfilter() .
 .PP
 .B pcap_datalink()
-returns the link layer type, e.g.
+returns the link layer type; link layer types it can return include:
-.BR DLT_EN10MB .
+.PP
+.RS 5
+.TP 5
+.B DLT_NULL
+BSD loopback encapsulation; the link layer header is a 4-byte field, in
+.I host
+byte order, containing a PF_ value from
+.B socket.h
+for the network-layer protocol of the packet
+.IP
+Note that ``host byte order'' is the byte order of the machine on which
+the packets are captured, and the PF_ values are for the OS of the
+machine on which the packets are captured; if a live capture is being
+done, ``host byte order'' is the byte order of the machine capturing the
+packets, and the PF_ values are those of the OS of the machine capturing
+the packets, but if a ``savefile'' is being read, the byte order and PF_
+values are
+.I not
+necessarily those of the machine reading the capture file.
+.TP 5
+.B DLT_EN10MB
+Ethernet (10Mb, 100Mb, 1000Mb, and up)
+.TP 5
+.B DLT_IEEE802
+IEEE 802.5 Token Ring
+.TP 5
+.B DLT_ARCNET
+ARCNET
+.TP 5
+.B DLT_SLIP
+SLIP; the link layer header contains, in order:
+.RS 10
+.LP
+a 1-byte flag, which is 0 for packets received by the machine and 1 for
+packets sent by the machine;
+.LP
+a 1-byte field, the upper 4 bits of which indicate the type of packet,
+as per RFC 1144:
+.RS 5
+.TP 5
+0x40
+an unmodified IP datagram (TYPE_IP);
+.TP 5
+0x70
+an uncompressed-TCP IP datagram (UNCOMPRESSED_TCP), with that byte being
+the first byte of the raw IP header on the wire, containing the
+connection number in the protocol field;
+.TP 5
+0x80
+a compressed-TCP IP datagram (COMPRESSED_TCP), with that byte being the
+first byte of the compressed TCP/IP datagram header;
+.RE
+.LP
+for UNCOMPRESSED_TCP, the rest of the modified IP header, and for
+COMPRESSED_TCP, the compressed TCP/IP datagram header;
+.RE
+.RS 5
+.LP
+for a total of 16 bytes; the uncompressed IP datagram follows the header
+.RE
+.TP 5
+.B DLT_PPP
+PPP; if the first 2 bytes are 0xff and 0x03, it's PPP in HDLC-like
+framing, with the PPP header following those two bytes, otherwise it's
+PPP without framing, and the packet begins with the PPP header
+.TP 5
+.B DLT_FDDI
+FDDI
+.TP 5
+.B DLT_ATM_RFC1483
+RFC 1483 LLC/SNAP-encapsulated ATM; the packet begins with an IEEE 802.2
+LLC header
+.TP 5
+.B DLT_RAW
+raw IP; the packet begins with an IP header
+.TP 5
+.B DLT_PPP_SERIAL
+PPP in HDLC-like framing, as per RFC 1662, or Cisco PPP with HDLC
+framing, as per section 4.3.1 of RFC 1547; the first byte will be 0xFF
+for PPP in HDLC-like framing, and will be 0x0F or 0x8F for Cisco PPP
+with HDLC framing
+.TP 5
+.B DLT_PPP_ETHER
+PPPoE; the packet begins with a PPPoE header, as per RFC 2516
+.TP 5
+.B DLT_C_HDLC
+Cisco PPP with HDLC framing, as per section 4.3.1 of RFC 1547
+.TP 5
+.B DLT_IEEE802_11
+IEEE 802.11 wireless LAN
+.TP 5
+.B DLT_LOOP
+OpenBSD loopback encapsulation; the link layer header is a 4-byte field, in
+.I network
+byte order, containing a PF_ value from OpenBSD's
+.B socket.h
+for the network-layer protocol of the packet
+.IP
+Note that, if a ``savefile'' is being read, those PF_ values are
+.I not
+necessarily those of the machine reading the capture file.
+.TP 5
+.B DLT_LINUX_SLL
+Linux "cooked" capture encapsulation; the link layer header contains, in
+order:
+.RS 10
+.LP
+a 2-byte "packet type", in network byte order, which is one of:
+.RS 5
+.TP 5
+0
+packet was sent to us by somebody else
+.TP 5
+1
+packet was broadcast by somebody else
+.TP 5
+2
+packet was multicast, but not broadcast, by somebody else
+.TP 5
+3
+packet was sent by somebody else to somebody else
+.TP 5
+4
+packet was sent by us
+.RE
+.LP
+a 2-byte field, in network byte order, containing a Linux ARPHRD_ value
+for the link layer device type;
+.LP
+a 2-byte field, in network byte order, containing the length of the
+link layer address of the sender of the packet (which could be 0);
+.LP
+an 8-byte field containing that number of bytes of the link layer header
+(if there are more than 8 bytes, only the first 8 are present);
+.LP
+a 2-byte field containing an Ethernet protocol type, in network byte
+order, or containing 1 for Novell 802.3 frames without an 802.2 LLC
+header or 4 for frames beginning with an 802.2 LLC header.
+.RE
+.TP 5
+.B DLT_LTALK
+Apple LocalTalk; the packet begins with an AppleTalk LLAP header
+.RE
 .PP
 .B pcap_snapshot()
 returns the snapshot length specified when
@@ -379,21 +683,33 @@ returns the minor number of the version of the pcap used to write the
 savefile.
 .PP
 .B pcap_file()
-returns the name of the ``savefile.''
+returns the standard I/O stream of the ``savefile,'' if a ``savefile''
+was opened with
+.BR pcap_open_offline() ,
+or NULL, if a network device was opened with
+.BR pcap_open_live() .
 .PP
-.B int pcap_stats()
+.B pcap_stats()
 returns 0 and fills in a
 .B pcap_stat
 struct. The values represent packet statistics from the start of the
-run to the time of the call. If there is an error or the under lying
+run to the time of the call. If there is an error or the underlying
 packet capture doesn't support packet statistics, \-1 is returned and
 the error text can be obtained with
 .B pcap_perror()
 or
 .BR pcap_geterr() .
+.B pcap_stats()
+is supported only on live captures, not on ``savefiles''; no statistics
+are stored in ``savefiles'', so no statistics are available when reading
+from a ``savefile''.
 .PP
 .B pcap_fileno()
-returns the file descriptor number of the ``savefile.''
+returns the file descriptor number from which captured packets are read,
+if a network device was opened with
+.BR pcap_open_live() ,
+or \-1, if a ``savefile'' was opened with
+.BR pcap_open_offline() .
 .PP
 .B pcap_perror()
 prints the text of the last pcap library error on

contrib/libpcap/pcap.h

@@ -1,3 +1,4 @@
+/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
 /*
  * Copyright (c) 1993, 1994, 1995, 1996, 1997
  *	The Regents of the University of California.  All rights reserved.
@@ -30,8 +31,9 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
+ * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.34 2001/12/09 05:10:03 guy Exp $ (LBL)
+ *
  * $FreeBSD$
- * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.31 2000/10/28 00:01:31 guy Exp $ (LBL)
  */
 
 #ifndef lib_pcap_h
@@ -64,6 +66,8 @@ typedef	u_int bpf_u_int32;
 
 typedef struct pcap pcap_t;
 typedef struct pcap_dumper pcap_dumper_t;
+typedef struct pcap_if pcap_if_t;
+typedef struct pcap_addr pcap_addr_t;
 
 /*
  * The first record in the file contains saved values for some
@@ -129,6 +133,30 @@ struct pcap_stat {
 	u_int ps_ifdrop;	/* drops by interface XXX not yet supported */
 };
 
+/*
+ * Item in a list of interfaces.
+ */
+struct pcap_if {
+	struct pcap_if *next;
+	char *name;		/* name to hand to "pcap_open_live()" */
+	char *description;	/* textual description of interface, or NULL */
+	struct pcap_addr *addresses;
+	u_int flags;		/* PCAP_IF_ interface flags */
+};
+
+#define PCAP_IF_LOOPBACK	0x00000001	/* interface is loopback */
+
+/*
+ * Representation of an interface address.
+ */
+struct pcap_addr {
+	struct pcap_addr *next;
+	struct sockaddr *addr;		/* address */
+	struct sockaddr *netmask;	/* netmask for that address */
+	struct sockaddr *broadaddr;	/* broadcast address for that address */
+	struct sockaddr *dstaddr;	/* P2P destination address for that address */
+};
+
 typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
 			     const u_char *);
 
@@ -144,6 +172,8 @@ const u_char*
 	pcap_next(pcap_t *, struct pcap_pkthdr *);
 int	pcap_stats(pcap_t *, struct pcap_stat *);
 int	pcap_setfilter(pcap_t *, struct bpf_program *);
+int	pcap_getnonblock(pcap_t *, char *);
+int	pcap_setnonblock(pcap_t *, int, char *);
 void	pcap_perror(pcap_t *, char *);
 char	*pcap_strerror(int);
 char	*pcap_geterr(pcap_t *);
@@ -166,6 +196,9 @@ pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
 void	pcap_dump_close(pcap_dumper_t *);
 void	pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
 
+int	pcap_findalldevs(pcap_if_t **, char *);
+void	pcap_freealldevs(pcap_if_t *);
+
 /* XXX this guy lives in the bpf tree */
 u_int	bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
 int	bpf_validate(struct bpf_insn *f, int len);

contrib/libpcap/scanner.l

@@ -24,7 +24,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.70 2000/10/28 10:18:40 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/scanner.l,v 1.81 2001/09/14 01:40:57 fenner Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -172,15 +172,29 @@ fddi|tr		return LINK;
 arp		return ARP;
 rarp		return RARP;
 ip		return IP;
+sctp		return SCTP;
 tcp		return TCP;
 udp		return UDP;
 icmp		return ICMP;
 igmp		return IGMP;
 igrp		return IGRP;
 pim		return PIM;
+vrrp		return VRRP;
 
-ip6		return IPV6;
+ip6		{
-icmp6		return ICMPV6;
+#ifdef INET6
+		return IPV6;
+#else
+		bpf_error("%s not supported", yytext);
+#endif
+		}
+icmp6		{
+#ifdef INET6
+		return ICMPV6;
+#else
+		bpf_error("%s not supported", yytext);
+#endif
+		}
 ah		return AH;
 esp		return ESP;
 
@@ -199,6 +213,12 @@ isis		return ISIS;
 is-is		return ISIS;
 clnp		return CLNP;
 
+stp		return STP;
+
+ipx		return IPX;
+
+netbeui		return NETBEUI;
+
 host		return HOST;
 net		return NET;
 mask		return MASK;
@@ -238,6 +258,8 @@ vlan		return VLAN;
 "=="			return '=';
 "<<"			return LSH;
 ">>"			return RSH;
+${B}			{ yylval.e = pcap_ether_aton(((char *)yytext)+1);
+			  return AID; }
 {N}			{ yylval.i = stoi((char *)yytext); return NUM; }
 ({N}\.{N})|({N}\.{N}\.{N})|({N}\.{N}\.{N}\.{N})	{
 			yylval.s = sdup((char *)yytext); return HID; }
@@ -259,11 +281,35 @@ vlan		return VLAN;
 #endif /*INET6*/
 			}
 {B}:+({B}:+)+		{ bpf_error("bogus ethernet address %s", yytext); }
-[A-Za-z0-9][-_.A-Za-z0-9]*[.A-Za-z0-9] {
+icmptype		{ yylval.i = 0; return NUM; }
+icmpcode		{ yylval.i = 1; return NUM; }
+icmp-echoreply		{ yylval.i = 0; return NUM; }
+icmp-unreach		{ yylval.i = 3; return NUM; }
+icmp-sourcequench	{ yylval.i = 4; return NUM; }
+icmp-redirect		{ yylval.i = 5; return NUM; }
+icmp-echo		{ yylval.i = 8; return NUM; }
+icmp-routeradvert	{ yylval.i = 9; return NUM; }
+icmp-routersolicit	{ yylval.i = 10; return NUM; }
+icmp-timxceed		{ yylval.i = 11; return NUM; }
+icmp-paramprob		{ yylval.i = 12; return NUM; }
+icmp-tstamp		{ yylval.i = 13; return NUM; }
+icmp-tstampreply	{ yylval.i = 14; return NUM; }
+icmp-ireq		{ yylval.i = 15; return NUM; }
+icmp-ireqreply		{ yylval.i = 16; return NUM; }
+icmp-maskreq		{ yylval.i = 17; return NUM; }
+icmp-maskreply		{ yylval.i = 18; return NUM; }
+tcpflags		{ yylval.i = 13; return NUM; }
+tcp-fin			{ yylval.i = 0x01; return NUM; }
+tcp-syn			{ yylval.i = 0x02; return NUM; }
+tcp-rst			{ yylval.i = 0x04; return NUM; }
+tcp-push		{ yylval.i = 0x08; return NUM; }
+tcp-ack			{ yylval.i = 0x10; return NUM; }
+tcp-urg			{ yylval.i = 0x20; return NUM; }
+[A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval.s = sdup((char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval.s = sdup((char *)yytext + 1); return ID; }
-[^ \[\]\t\n\-_.A-Za-z0-9!<>()&|=]+i {
+[^ \[\]\t\n\-_.A-Za-z0-9!<>()&|=]+ {
-			bpf_error("illegal token: %s\n", yytext); }
+			bpf_error("illegal token: %s", yytext); }
 .			{ bpf_error("illegal char '%c'", *yytext); }
 %%
 void