diff options
| -rw-r--r-- | bpf/net/bpf.h | 72 | ||||
| -rw-r--r-- | gencode.c | 141 | ||||
| -rw-r--r-- | pcap-bpf.c | 97 | ||||
| -rw-r--r-- | pcap-dlpi.c | 6 | ||||
| -rw-r--r-- | pcap-enet.c | 4 | ||||
| -rw-r--r-- | pcap-linux.c | 47 | ||||
| -rw-r--r-- | pcap-nit.c | 4 | ||||
| -rw-r--r-- | pcap-pf.c | 12 | ||||
| -rw-r--r-- | pcap-snit.c | 4 | ||||
| -rw-r--r-- | pcap-snoop.c | 12 | ||||
| -rw-r--r-- | pcap.h | 92 | ||||
| -rw-r--r-- | savefile.c | 212 |
12 files changed, 348 insertions, 355 deletions
diff --git a/bpf/net/bpf.h b/bpf/net/bpf.h index 3e90b959..ba4c3404 100644 --- a/bpf/net/bpf.h +++ b/bpf/net/bpf.h @@ -37,7 +37,7 @@ * * @(#)bpf.h 7.1 (Berkeley) 5/7/91 * - * @(#) $Header: /tcpdump/master/libpcap/bpf/net/Attic/bpf.h,v 1.39 2000-09-17 04:04:39 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/libpcap/bpf/net/Attic/bpf.h,v 1.40 2000-10-12 03:54:02 guy Exp $ (LBL) */ #ifndef BPF_MAJOR_VERSION @@ -160,6 +160,9 @@ struct bpf_hdr { /* * Data-link level type codes. + */ + +/* * These are the types that are the same on all platforms; on other * platforms, a <net/bpf.h> should be supplied that defines the additional * DLT_* codes appropriately for that platform (the BSDs, for example, @@ -178,40 +181,57 @@ struct bpf_hdr { #define DLT_SLIP 8 /* Serial Line IP */ #define DLT_PPP 9 /* Point-to-point Protocol */ #define DLT_FDDI 10 /* FDDI */ -#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ /* - * These are the values that were traditionally defined in <net/bpf.h>, - * but that are not the same on all platforms; if they are not already - * defined (e.g., defined above because this is a BSD that defines them - * for use in its kernel), we define them to have the appropriate - * PCAP_ENCAP_* value from <pcap.h>, so that programs using those DLT_ - * codes will continue to compile and will be able to read capture files - * from the current version of libpcap. + * These are values from the traditional libpcap "bpf.h". + * Ports of this to particular platforms should replace these definitions + * with the ones appropriate to that platform, if the values are + * different on that platform. */ -#ifndef DLT_ATM_RFC1483 -#define DLT_ATM_RFC1483 100 /* LLC/SNAP encapsulated atm */ -#endif -#ifndef DLT_RAW -#define DLT_RAW 101 /* raw IP */ -#endif +#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ +#define DLT_RAW 12 /* raw IP */ + +/* + * These are values from BSD/OS's "bpf.h". + * These are not the same as the values from the traditional libpcap + * "bpf.h"; however, these values shouldn't be generated by any + * OS other than BSD/OS, so the correct values to use here are the + * BSD/OS values. + * + * Platforms that have already assigned these values to other + * DLT_ codes, however, should give these codes the values + * from that platform, so that programs that use these codes will + * continue to compile - even though they won't correctly read + * files of these types. + */ +#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ +#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ + +#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ /* - * NOTE: these two values were defined by LBL libpcap, but with values - * that didn't seem to correspond to the values that were used in BSD/OS; - * neither of them are, as far as I know, used in any kernel, so they - * should not be defined above. We therefore don't bother checking to - * see if they're already defined. + * This value is defined by NetBSD; other platforms should refrain from + * using it for other purposes, so that NetBSD savefiles with a link + * type of 50 can be read as this type on all platforms. */ -#define DLT_SLIP_BSDOS 102 /* BSD/OS Serial Line IP */ -#define DLT_PPP_BSDOS 103 /* BSD/OS Point-to-point Protocol */ +#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ /* - * This value was defined by libpcap 0.5; we now use it as a DLT_* value - * solely for backwards compatibility - new programs should use - * PCAP_ENCAP_C_HDLC instead. + * This value was defined by libpcap 0.5; platforms that have defined + * it with a different value should define it here with that value - + * a link type of 104 in a save file will be mapped to DLT_C_HDLC, + * whatever value that happens to be, so programs will correctly + * handle files with that link type regardless of the value of + * DLT_C_HDLC. + * + * The name DLT_C_HDLC was used by BSD/OS; we use that name for source + * compatibility with programs written for BSD/OS. + * + * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, + * for source compatibility with programs written for libpcap 0.5. */ -#define DLT_CHDLC 104 /* Cisco HDLC */ +#define DLT_C_HDLC 104 /* Cisco HDLC */ +#define DLT_CHDLC DLT_C_HDLC /* * The instruction encondings. @@ -21,7 +21,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.121 2000-10-10 04:53:08 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.122 2000-10-12 03:53:57 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -539,79 +539,16 @@ static void init_linktype(type) int type; { - /* - * Map DLT_ codes that don't have the same value as the - * equivalent PCAP_ENCAP_ codes to the corresponding PCAP_ENCAP_ - * code. - * - * Even though "pcap_open_live()" in "pcap-bpf.c" does a - * similar mapping, we do that mapping here as well, to - * handle filters constructed for savefiles. - * - * XXX - should we do this mapping in "savefile.c"? Doing so - * might cause programs that read one or more capture files - * and write another capture file with the same type as - * the input file(s) to use PCAP_ENCAP_ values that aren't - * supported by the libpcap on the system that wrote the original - * capture file, so we might not want to do that. - */ - switch (type) { - -#ifdef DLT_ATM_RFC1483 - case DLT_ATM_RFC1483: - linktype = PCAP_ENCAP_ATM_RFC1483; - break; -#endif - -#ifdef DLT_RAW - case DLT_RAW: - linktype = PCAP_ENCAP_RAW; - break; -#endif - -#ifdef DLT_SLIP_BSDOS - case DLT_SLIP_BSDOS: - linktype = PCAP_ENCAP_SLIP_BSDOS; - break; -#endif - -#ifdef DLT_PPP_BSDOS - case DLT_PPP_BSDOS: - linktype = PCAP_ENCAP_PPP_BSDOS; - break; -#endif - -#ifdef DLT_CIP - case DLT_CIP: - linktype = PCAP_ENCAP_ATM_CLIP; - break; -#endif - -#ifdef DLT_ATM_CLIP - case DLT_ATM_CLIP: - linktype = PCAP_ENCAP_ATM_CLIP; - break; -#endif + linktype = type; -#ifdef DLT_PPP_SERIAL - case DLT_PPP_SERIAL: - linktype = PCAP_ENCAP_PPP_HDLC; - break; -#endif - - default: - linktype = type; - break; - } - - switch (linktype) { + switch (type) { - case PCAP_ENCAP_ETHERNET: + case DLT_EN10MB: off_linktype = 12; off_nl = 14; return; - case PCAP_ENCAP_SLIP: + case DLT_SLIP: /* * SLIP doesn't have a link level type. The 16 byte * header is hacked into our SLIP driver. @@ -620,31 +557,31 @@ init_linktype(type) off_nl = 16; return; - case PCAP_ENCAP_SLIP_BSDOS: - /* XXX this may be the same as the PCAP_ENCAP_PPP_BSDOS case */ + case DLT_SLIP_BSDOS: + /* XXX this may be the same as the DLT_PPP_BSDOS case */ off_linktype = -1; /* XXX end */ off_nl = 24; return; - case PCAP_ENCAP_NULL: + case DLT_NULL: off_linktype = 0; off_nl = 4; return; - case PCAP_ENCAP_PPP: - case PCAP_ENCAP_C_HDLC: - case PCAP_ENCAP_PPP_HDLC: + case DLT_PPP: + case DLT_C_HDLC: + case DLT_PPP_SERIAL: off_linktype = 2; off_nl = 4; return; - case PCAP_ENCAP_PPP_BSDOS: + case DLT_PPP_BSDOS: off_linktype = 5; off_nl = 24; return; - case PCAP_ENCAP_FDDI: + case DLT_FDDI: /* * FDDI doesn't really have a link-level type field. * We assume that SSAP = SNAP is being used and pick @@ -662,7 +599,7 @@ init_linktype(type) #endif return; - case PCAP_ENCAP_TOKEN_RING: + case DLT_IEEE802: /* * Token Ring doesn't really have a link-level type field. * We assume that SSAP = SNAP is being used and pick @@ -689,7 +626,7 @@ init_linktype(type) off_nl = 22; return; - case PCAP_ENCAP_ATM_RFC1483: + case DLT_ATM_RFC1483: /* * assume routed, non-ISO PDUs * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) @@ -698,12 +635,12 @@ init_linktype(type) off_nl = 8; return; - case PCAP_ENCAP_RAW: + case DLT_RAW: off_linktype = -1; off_nl = 0; return; - case PCAP_ENCAP_ATM_CLIP: + case DLT_ATM_CLIP: /* Linux ATM defines this */ off_linktype = 6; off_nl = 8; return; @@ -751,11 +688,11 @@ gen_linktype(proto) switch (linktype) { - case PCAP_ENCAP_SLIP: + case DLT_SLIP: return gen_false(); - case PCAP_ENCAP_PPP: - case PCAP_ENCAP_PPP_HDLC: + case DLT_PPP: + case DLT_PPP_SERIAL: if (proto == ETHERTYPE_IP) proto = PPP_IP; /* XXX was 0x21 */ #ifdef INET6 @@ -764,7 +701,7 @@ gen_linktype(proto) #endif break; - case PCAP_ENCAP_PPP_BSDOS: + case DLT_PPP_BSDOS: switch (proto) { case ETHERTYPE_IP: @@ -796,7 +733,7 @@ gen_linktype(proto) } break; - case PCAP_ENCAP_NULL: + case DLT_NULL: /* XXX */ if (proto == ETHERTYPE_IP) return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); @@ -938,7 +875,7 @@ gen_ehostop(eaddr, dir) } /* - * Like gen_ehostop, but for PCAP_ENCAP_FDDI + * Like gen_ehostop, but for DLT_FDDI */ static struct block * gen_fhostop(eaddr, dir) @@ -980,7 +917,7 @@ gen_fhostop(eaddr, dir) } /* - * Like gen_ehostop, but for PCAP_ENCAP_TOKEN_RING + * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) */ static struct block * gen_thostop(eaddr, dir) @@ -1286,11 +1223,11 @@ gen_gateway(eaddr, alist, proto, dir) case Q_IP: case Q_ARP: case Q_RARP: - if (linktype == PCAP_ENCAP_ETHERNET) + if (linktype == DLT_EN10MB) b0 = gen_ehostop(eaddr, Q_OR); - else if (linktype == PCAP_ENCAP_FDDI) + else if (linktype == DLT_FDDI) b0 = gen_fhostop(eaddr, Q_OR); - else if (linktype == PCAP_ENCAP_TOKEN_RING) + else if (linktype == DLT_IEEE802) b0 = gen_thostop(eaddr, Q_OR); else bpf_error( @@ -2142,21 +2079,21 @@ gen_scode(name, q) if (proto == Q_LINK) { switch (linktype) { - case PCAP_ENCAP_ETHERNET: + case DLT_EN10MB: eaddr = pcap_ether_hostton(name); if (eaddr == NULL) bpf_error( "unknown ether host '%s'", name); return gen_ehostop(eaddr, dir); - case PCAP_ENCAP_FDDI: + case DLT_FDDI: eaddr = pcap_ether_hostton(name); if (eaddr == NULL) bpf_error( "unknown FDDI host '%s'", name); return gen_fhostop(eaddr, dir); - case PCAP_ENCAP_TOKEN_RING: + case DLT_IEEE802: eaddr = pcap_ether_hostton(name); if (eaddr == NULL) bpf_error( @@ -2495,11 +2432,11 @@ gen_ecode(eaddr, q) struct qual q; { if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { - if (linktype == PCAP_ENCAP_ETHERNET) + if (linktype == DLT_EN10MB) return gen_ehostop(eaddr, (int)q.dir); - if (linktype == PCAP_ENCAP_FDDI) + if (linktype == DLT_FDDI) return gen_fhostop(eaddr, (int)q.dir); - if (linktype == PCAP_ENCAP_TOKEN_RING) + if (linktype == DLT_IEEE802) return gen_thostop(eaddr, (int)q.dir); } bpf_error("ethernet address used in non-ether expression"); @@ -2894,11 +2831,11 @@ gen_broadcast(proto) case Q_DEFAULT: case Q_LINK: - if (linktype == PCAP_ENCAP_ETHERNET) + if (linktype == DLT_EN10MB) return gen_ehostop(ebroadcast, Q_DST); - if (linktype == PCAP_ENCAP_FDDI) + if (linktype == DLT_FDDI) return gen_fhostop(ebroadcast, Q_DST); - if (linktype == PCAP_ENCAP_TOKEN_RING) + if (linktype == DLT_IEEE802) return gen_thostop(ebroadcast, Q_DST); bpf_error("not a broadcast link"); break; @@ -2927,7 +2864,7 @@ gen_multicast(proto) case Q_DEFAULT: case Q_LINK: - if (linktype == PCAP_ENCAP_ETHERNET) { + if (linktype == DLT_EN10MB) { /* ether[0] & 1 != 0 */ s = new_stmt(BPF_LD|BPF_B|BPF_ABS); s->s.k = 0; @@ -2937,7 +2874,7 @@ gen_multicast(proto) return b0; } - if (linktype == PCAP_ENCAP_FDDI) { + if (linktype == DLT_FDDI) { /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ /* fddi[1] & 1 != 0 */ s = new_stmt(BPF_LD|BPF_B|BPF_ABS); @@ -2949,7 +2886,7 @@ gen_multicast(proto) } /* TODO - check how token ring handles multicast */ - /* if (linktype == PCAP_ENCAP_TOKEN_RING) ... */ + /* if (linktype == DLT_IEEE802) ... */ /* Link not known to support multicasts */ break; @@ -20,7 +20,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.42 2000-09-18 06:38:08 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.43 2000-10-12 03:53:58 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -235,97 +235,40 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) pcap_strerror(errno)); goto bad; } +#ifdef __OpenBSD__ switch (v) { - - case DLT_NULL: - case DLT_EN10MB: - case DLT_EN3MB: - case DLT_AX25: - case DLT_PRONET: - case DLT_CHAOS: - case DLT_IEEE802: - case DLT_ARCNET: - case DLT_FDDI: + case DLT_LOOP: /* - * These DLT_* types have PCAP_ENCAP_* types with values - * identical to the values of the corresponding DLT_* - * type. + * XXX - DLT_LOOP has a network-byte-order, rather than + * a host-byte-order, AF_ value as the link-layer + * header; will the BPF code generator handle that + * correctly on little-endian machines? */ + v = DLT_NULL; break; - - case DLT_ATM_RFC1483: - v = PCAP_ENCAP_ATM_RFC1483; - break; - - case DLT_RAW: - v = PCAP_ENCAP_RAW; - break; + } +#endif +#if _BSDI_VERSION - 0 >= 199510 + /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */ + switch (v) { case DLT_SLIP: -#if _BSDI_VERSION - 0 >= 199510 - /* - * The SLIP link layer header changed in BSD/OS 2.1; - * however, BSD/OS apparently continued to use DLT_SLIP - * as the DLT_* type for it - we map it to DLT_SLIP_BSDOS, - * so that BSD/OS 2.1 and later SLIP captures can be - * distinguished from other SLIP captures. - */ - v = PCAP_ENCAP_SLIP_BSDOS; -#else - /* - * DLT_SLIP and PCAP_ENCAP_SLIP have the same value. - */ -#endif + v = DLT_SLIP_BSDOS; break; case DLT_PPP: -#if _BSDI_VERSION - 0 >= 199510 - /* - * The PPP link layer header changed in BSD/OS 2.1; - * however, BSD/OS apparently continued to use DLT_PPP - * as the DLT_* type for it - we map it to DLT_PPP_BSDOS, - * so that BSD/OS 2.1 and later SLIP captures can be - * distinguished from other SLIP captures. - */ - v = PCAP_ENCAP_PPP_BSDOS; -#else - /* - * DLT_PPP and PCAP_ENCAP_PPP have the same value. - */ -#endif + v = DLT_PPP_BSDOS; break; -#ifdef DLT_FR - case DLT_FR: - /* BSD/OS Frame Relay */ - v = PCAP_ENCAP_RAW; /*XXX*/ + case 11: /*DLT_FR*/ + v = DLT_RAW; /*XXX*/ break; -#endif -#ifdef DLT_C_HDLC - case DLT_C_HDLC: - /* BSD/OS Cisco HDLC */ - v = PCAP_ENCAP_C_HDLC; + case 12: /*DLT_C_HDLC*/ + v = DLT_CHDLC; break; -#endif - -#ifdef DLT_PPP_SERIAL - case DLT_PPP_SERIAL: - /* NetBSD sync/async serial PPP (or Cisco HDLC) */ - v = PCAP_ENCAP_PPP_HDLC; - break; -#endif - - default: - /* - * We don't know what this is; we'd need to add a - * PCAP_ENCAP_* type for it, and would probably - * need to add libpcap and tcpdump support for it - * as well. - */ - snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown DLT_ type %u", v); - goto bad; } +#endif p->linktype = v; /* set timeout */ diff --git a/pcap-dlpi.c b/pcap-dlpi.c index 8337dbf6..608c8a23 100644 --- a/pcap-dlpi.c +++ b/pcap-dlpi.c @@ -38,7 +38,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.60 2000-09-17 04:04:37 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-dlpi.c,v 1.61 2000-10-12 03:53:58 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -439,12 +439,12 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) case DL_CSMACD: case DL_ETHER: - p->linktype = PCAP_ENCAP_ETHERNET; + p->linktype = DLT_EN10MB; p->offset = 2; break; case DL_FDDI: - p->linktype = PCAP_ENCAP_FDDI; + p->linktype = DLT_FDDI; p->offset = 3; break; diff --git a/pcap-enet.c b/pcap-enet.c index 829f4b0c..821a0d9e 100644 --- a/pcap-enet.c +++ b/pcap-enet.c @@ -8,7 +8,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.4 2000-09-17 04:04:37 guy Exp $"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-enet.c,v 1.5 2000-10-12 03:53:59 guy Exp $"; #endif #ifdef HAVE_CONFIG_H @@ -229,7 +229,7 @@ initdevice(char *device, int pflag, int *linktype) /* * "enetfilter" supports only ethernets. */ - *linktype = PCAP_ENCAP_ETHERNET; + *linktype = DLT_EN10MB; return(if_fd); } diff --git a/pcap-linux.c b/pcap-linux.c index 0559626a..76e5700c 100644 --- a/pcap-linux.c +++ b/pcap-linux.c @@ -26,7 +26,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.30 2000-09-20 15:10:29 torsten Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.31 2000-10-12 03:53:59 guy Exp $ (LBL)"; #endif /* @@ -459,11 +459,9 @@ pcap_setfilter(pcap_t *handle, struct bpf_program *filter) /* * Linux uses the ARP hardware type to identify the type of an - * interface. pcap uses the PCAP_ENCAP_xxx constants for this. This + * interface. pcap uses the DLT_xxx constants for this. This * function maps the ARPHRD_xxx constant to an appropriate - * PCAP_ENCAP__xxx constant. - * FIXME: This function is inappropriately named after the namechange - * DLT -> PCAP_ENCAP. + * DLT_xxx constant. * * Returns -1 if unable to map the type. */ @@ -472,42 +470,25 @@ static int map_arphrd_to_dlt(int arptype) switch (arptype) { case ARPHRD_ETHER: case ARPHRD_METRICOM: - case ARPHRD_LOOPBACK: - return PCAP_ENCAP_ETHERNET; - - case ARPHRD_EETHER: - return PCAP_ENCAP_EXP_ETHERNET; - - case ARPHRD_AX25: - return PCAP_ENCAP_AX25; - - case ARPHRD_PRONET: - return PCAP_ENCAP_PRONET; - - case ARPHRD_CHAOS: - return PCAP_ENCAP_CHAOS; - - case ARPHRD_IEEE802: - return PCAP_ENCAP_TOKEN_RING; - - case ARPHRD_ARCNET: - return PCAP_ENCAP_ARCNET; - - case ARPHRD_FDDI: - return PCAP_ENCAP_FDDI; + case ARPHRD_LOOPBACK: return DLT_EN10MB; + case ARPHRD_EETHER: return DLT_EN3MB; + case ARPHRD_AX25: return DLT_AX25; + case ARPHRD_PRONET: return DLT_PRONET; + case ARPHRD_CHAOS: return DLT_CHAOS; + case ARPHRD_IEEE802: return DLT_IEEE802; + case ARPHRD_ARCNET: return DLT_ARCNET; + case ARPHRD_FDDI: return DLT_FDDI; #ifndef ARPHRD_ATM /* FIXME: How to #include this? */ #define ARPHRD_ATM 19 #endif - case ARPHRD_ATM: - return PCAP_ENCAP_ATM_CLIP; + case ARPHRD_ATM: return DLT_ATM_CLIP; case ARPHRD_PPP: case ARPHRD_CSLIP: case ARPHRD_SLIP6: case ARPHRD_CSLIP6: - case ARPHRD_SLIP: - return PCAP_ENCAP_RAW; + case ARPHRD_SLIP: return DLT_RAW; } return -1; @@ -580,7 +561,7 @@ live_open_new(pcap_t *handle, char *device, int promisc, fprintf(stderr, "Warning: Falling back to cooked socket\n"); - handle->linktype = PCAP_ENCAP_RAW; + handle->linktype = DLT_RAW; } @@ -20,7 +20,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.37 2000-09-17 04:04:37 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-nit.c,v 1.38 2000-10-12 03:54:00 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -225,7 +225,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) /* * NIT supports only ethernets. */ - p->linktype = PCAP_ENCAP_ETHERNET; + p->linktype = DLT_EN10MB; p->bufsize = BUFSPACE; p->buffer = (u_char *)malloc(p->bufsize); @@ -24,7 +24,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.60 2000-09-17 04:04:38 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-pf.c,v 1.61 2000-10-12 03:54:00 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -120,7 +120,7 @@ pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user) */ n = 0; #ifdef PCAP_FDDIPAD - if (pc->linktype == PCAP_ENCAP_FDDI) + if (pc->linktype == DLT_FDDI) pad = pcap_fddipad; else pad = 0; @@ -257,12 +257,12 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n", switch (devparams.end_dev_type) { case ENDT_10MB: - p->linktype = PCAP_ENCAP_ETHERNET; + p->linktype = DLT_EN10MB; p->offset = 2; break; case ENDT_FDDI: - p->linktype = PCAP_ENCAP_FDDI; + p->linktype = DLT_FDDI; break; default: @@ -277,13 +277,13 @@ your system may not be properly configured; see \"man packetfilter(4)\"\n", "Packet filter data-link type %d unknown, assuming Ethernet", devparams.end_dev_type); #endif - p->linktype = PCAP_ENCAP_ETHERNET; + p->linktype = DLT_EN10MB; p->offset = 2; break; } /* set truncation */ #ifdef PCAP_FDDIPAD - if (p->linktype == PCAP_ENCAP_FDDI) + if (p->linktype == DLT_FDDI) /* packetfilter includes the padding in the snapshot */ snaplen += pcap_fddipad; #endif diff --git a/pcap-snit.c b/pcap-snit.c index 953e807a..e20a28ae 100644 --- a/pcap-snit.c +++ b/pcap-snit.c @@ -25,7 +25,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.52 2000-09-17 04:04:38 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.53 2000-10-12 03:54:00 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -282,7 +282,7 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) /* * NIT supports only ethernets. */ - p->linktype = PCAP_ENCAP_ETHERNET; + p->linktype = DLT_EN10MB; p->bufsize = BUFSPACE; p->buffer = (u_char *)malloc(p->bufsize); diff --git a/pcap-snoop.c b/pcap-snoop.c index c454933f..7268500c 100644 --- a/pcap-snoop.c +++ b/pcap-snoop.c @@ -20,7 +20,7 @@ */ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.28 2000-09-17 04:04:38 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/pcap-snoop.c,v 1.29 2000-10-12 03:54:01 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -180,20 +180,20 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) strncmp("fa", device, 2) == 0 || strncmp("qaa", device, 3) == 0 || strncmp("el", device, 2) == 0) { - p->linktype = PCAP_ENCAP_ETHERNET; + p->linktype = DLT_EN10MB; p->offset = RAW_HDRPAD(sizeof(struct ether_header)); ll_hdrlen = sizeof(struct ether_header); } else if (strncmp("ipg", device, 3) == 0 || strncmp("rns", device, 3) == 0 || /* O2/200/2000 FDDI */ strncmp("xpi", device, 3) == 0) { - p->linktype = PCAP_ENCAP_FDDI; + p->linktype = DLT_FDDI; p->offset = 3; /* XXX yeah? */ ll_hdrlen = 13; } else if (strncmp("ppp", device, 3) == 0) { - p->linktype = PCAP_ENCAP_RAW; - ll_hdrlen = 0; /* PCAP_ENCAP_RAW meaning "no PPP header, just the IP packet"? */ + p->linktype = DLT_RAW; + ll_hdrlen = 0; /* DLT_RAW meaning "no PPP header, just the IP packet"? */ } else if (strncmp("lo", device, 2) == 0) { - p->linktype = PCAP_ENCAP_NULL; + p->linktype = DLT_NULL; ll_hdrlen = 4; /* is this just like BSD's loopback device? */ } else { snprintf(ebuf, PCAP_ERRBUF_SIZE, @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.27 2000-09-18 05:08:02 guy Exp $ (LBL) + * @(#) $Header: /tcpdump/master/libpcap/pcap.h,v 1.28 2000-10-12 03:54:01 guy Exp $ (LBL) */ #ifndef lib_pcap_h @@ -98,98 +98,10 @@ struct pcap_file_header { bpf_int32 thiszone; /* gmt to local correction */ bpf_u_int32 sigfigs; /* accuracy of timestamps */ bpf_u_int32 snaplen; /* max length saved portion of each pkt */ - bpf_u_int32 linktype; /* data link type (PCAP_ENCAP_*) */ + bpf_u_int32 linktype; /* data link type (LINKTYPE_*) */ }; /* - * Values for "linktype" in the file header. - * - * In the past, these have been DLT_ codes defined by <net/bpf.h>. - * Those codes were used in two places: - * - * inside BSD kernels, as the value returned by the BIOCGDLT ioctl - * for "/dev/bpfN" devices; - * - * inside libpcap capture file headers. - * - * Unfortunately, the various flavors of BSD have not always used the same - * numerical values for the same data types, and various patches to - * libpcap for non-BSD OSes have added their own DLT_ codes for link - * layer encapsulation types seen on those OSes, and those codes have had, - * in some cases, values that were also used, on other platforms, for other - * link layer encapsulation types. - * - * This means that capture files of a type whose numerical DLT_ code - * means different things on different BSDs, or with different versions - * of libpcap, can't always be read on systems other than those like - * the one running on the machine on which the capture was made. - * - * We therefore now, in an attempt to decouple the values supplied by - * BIOCGDLT from the values used in the libpcap file header, define - * a set of PCAP_ENCAP_* codes to be used in the header; "pcap_open_live()" - * in the various "pcap-bpf.c" files should set the "linktype" field of - * the "pcap_t" it returns to a PCAP_ENCAP_* code, not to a DLT_* code. - * - * For those DLT_* codes that have, as far as we know, the same values on - * all platforms (DLT_NULL through DLT_FDDI), we define PCAP_ENCAP_xxx as - * DLT_xxx; this means that captures of those types will continue to use - * the same "linktype" value, and thus will continue to be readable by - * older versions of libpcap. - * - * The other PCAP_ENCAP_* codes are given values starting at 100, in the - * hopes that no DLT_* code will be given one of those values. - * - * In order to ensure that a given PCAP_ENCAP_* code's value will refer to - * the same encapsulation type on all platforms, you should not allocate - * a new PCAP_ENCAP_* value without consulting "tcpdump-workers@tcpdump.org". - * The tcpdump developers will allocate a value for you, and will not - * subsequently allocate it to anybody else; that value will be added to - * the "pcap.h" in the tcpdump.org CVS repository, so that a future - * libpcap release will include it. - * - * You should, if possible, also contribute patches to libpcap and tcpdump - * to handle the new encapsulation type, so that they can also be checked - * into the tcpdump.org CVS repository and so that they will appear in - * future libpcap and tcpdump releases. - * - * PCAP_ENCAP_* codes should not be used inside kernels; DLT_* codes - * should be used inside kernels that support BSD's BPF mechanism (other - * kernels may use other codes, e.g. ARPHRD_* codes in Linux kernels - * and DL_* codes in kernels using DLPI). - */ -#define PCAP_ENCAP_NULL DLT_NULL -#define PCAP_ENCAP_ETHERNET DLT_EN10MB /* also for 100Mb and up */ -#define PCAP_ENCAP_EXP_ETHERNET DLT_EN3MB /* 3Mb experimental Ethernet */ -#define PCAP_ENCAP_AX25 DLT_AX25 -#define PCAP_ENCAP_PRONET DLT_PRONET -#define PCAP_ENCAP_CHAOS DLT_CHAOS -#define PCAP_ENCAP_TOKEN_RING DLT_IEEE802 /* DLT_IEEE802 is used for Token Ring */ -#define PCAP_ENCAP_ARCNET DLT_ARCNET -#define PCAP_ENCAP_SLIP DLT_SLIP -#define PCAP_ENCAP_PPP DLT_PPP -#define PCAP_ENCAP_FDDI DLT_FDDI - -#define PCAP_ENCAP_ATM_RFC1483 100 /* LLC/SNAP-encapsulated ATM */ -#define PCAP_ENCAP_RAW 101 /* raw IP */ -#define PCAP_ENCAP_SLIP_BSDOS 102 /* BSD/OS SLIP BPF header */ -#define PCAP_ENCAP_PPP_BSDOS 103 /* BSD/OS PPP BPF header */ -#define PCAP_ENCAP_C_HDLC 104 /* Cisco HDLC */ -#define PCAP_ENCAP_IEEE802_11 105 /* IEEE 802.11 (wireless) */ -#define PCAP_ENCAP_ATM_CLIP 106 /* Linux Classical IP over ATM */ - -/* - * PCAP_ENCAP_PPP is for use when there might, or might not, be an RFC 1662 - * PPP in HDLC-like framing header (with 0xff 0x03 before the PPP protocol - * field) at the beginning of the packet. - * - * This is for use when there is always such a header; the address field - * might be 0xff, for regular PPP, or it might be an address field for Cisco - * point-to-point with HDLC framing as per section 4.3.1 of RFC 1547 ("Cisco - * HDLC"). This is, for example, what you get with NetBSD's DLT_PPP_SERIAL. - */ -#define PCAP_ENCAP_PPP_HDLC 107 /* PPP in HDLC-like framing */ - -/* * Each packet in the dump file is prepended with this generic header. * This gets around the problem of different headers for different * packet interfaces. @@ -30,7 +30,7 @@ #ifndef lint static const char rcsid[] = - "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.43 2000-10-10 04:53:09 guy Exp $ (LBL)"; + "@(#) $Header: /tcpdump/master/libpcap/savefile.c,v 1.44 2000-10-12 03:54:01 guy Exp $ (LBL)"; #endif #ifdef HAVE_CONFIG_H @@ -76,6 +76,196 @@ static const char rcsid[] = #define SFERR_BADF 3 #define SFERR_EOF 4 /* not really an error, just a status */ +/* + * We don't write DLT_* values to the capture file header, because + * they're not the same on all platforms. + * + * Unfortunately, the various flavors of BSD have not always used the same + * numerical values for the same data types, and various patches to + * libpcap for non-BSD OSes have added their own DLT_* codes for link + * layer encapsulation types seen on those OSes, and those codes have had, + * in some cases, values that were also used, on other platforms, for other + * link layer encapsulation types. + * + * This means that capture files of a type whose numerical DLT_* code + * means different things on different BSDs, or with different versions + * of libpcap, can't always be read on systems other than those like + * the one running on the machine on which the capture was made. + * + * Instead, we define here a set of LINKTYPE_* codes, and map DLT_* codes + * to LINKTYPE_* codes when writing a savefile header, and map LINKTYPE_* + * codes to DLT_* codes when reading a savefile header. + * + * For those DLT_* codes that have, as far as we know, the same values on + * all platforms (DLT_NULL through DLT_FDDI), we define LINKTYPE_xxx as + * DLT_xxx; that way, captures of those types can still be read by + * versions of libpcap that map LINKTYPE_* values to DLT_* values, and + * captures of those types written by versions of libpcap that map DLT_ + * values to LINKTYPE_ values can still be read by older versions + * of libpcap. + * + * The other LINKTYPE_* codes are given values starting at 100, in the + * hopes that no DLT_* code will be given one of those values. + * + * In order to ensure that a given LINKTYPE_* code's value will refer to + * the same encapsulation type on all platforms, you should not allocate + * a new LINKTYPE_* value without consulting "tcpdump-workers@tcpdump.org". + * The tcpdump developers will allocate a value for you, and will not + * subsequently allocate it to anybody else; that value will be added to + * the "pcap.h" in the tcpdump.org CVS repository, so that a future + * libpcap release will include it. + * + * You should, if possible, also contribute patches to libpcap and tcpdump + * to handle the new encapsulation type, so that they can also be checked + * into the tcpdump.org CVS repository and so that they will appear in + * future libpcap and tcpdump releases. + */ +#define LINKTYPE_NULL DLT_NULL +#define LINKTYPE_ETHERNET DLT_EN10MB /* also for 100Mb and up */ +#define LINKTYPE_EXP_ETHERNET DLT_EN3MB /* 3Mb experimental Ethernet */ +#define LINKTYPE_AX25 DLT_AX25 +#define LINKTYPE_PRONET DLT_PRONET +#define LINKTYPE_CHAOS DLT_CHAOS +#define LINKTYPE_TOKEN_RING DLT_IEEE802 /* DLT_IEEE802 is used for Token Ring */ +#define LINKTYPE_ARCNET DLT_ARCNET +#define LINKTYPE_SLIP DLT_SLIP +#define LINKTYPE_PPP DLT_PPP +#define LINKTYPE_FDDI DLT_FDDI + +#define LINKTYPE_ATM_RFC1483 100 /* LLC/SNAP-encapsulated ATM */ +#define LINKTYPE_RAW 101 /* raw IP */ +#define LINKTYPE_SLIP_BSDOS 102 /* BSD/OS SLIP BPF header */ +#define LINKTYPE_PPP_BSDOS 103 /* BSD/OS PPP BPF header */ +#define LINKTYPE_C_HDLC 104 /* Cisco HDLC */ +#define LINKTYPE_ATM_CLIP 106 /* Linux Classical IP over ATM */ + +/* + * Reserved for future use. + */ +#define LINKTYPE_IEEE802_11 105 /* IEEE 802.11 (wireless) */ +#define LINKTYPE_FR 107 /* BSD/OS Frame Relay */ +#define LINKTYPE_LOOP 108 /* OpenBSD loopback */ +#define LINKTYPE_ENC 109 /* OpenBSD IPSEC enc */ +#define LINKTYPE_LANE8023 110 /* ATM LANE + 802.3 */ +#define LINKTYPE_HIPPI 111 /* NetBSD HIPPI */ +#define LINKTYPE_HDLC 112 /* NetBSD HDLC framing */ + +/* + * LINKTYPE_PPP is for use when there might, or might not, be an RFC 1662 + * PPP in HDLC-like framing header (with 0xff 0x03 before the PPP protocol + * field) at the beginning of the packet. + * + * This is for use when there is always such a header; the address field + * might be 0xff, for regular PPP, or it might be an address field for Cisco + * point-to-point with HDLC framing as per section 4.3.1 of RFC 1547 ("Cisco + * HDLC"). This is, for example, what you get with NetBSD's DLT_PPP_SERIAL. + */ +#define LINKTYPE_PPP_HDLC 107 /* PPP in HDLC-like framing */ + +static struct linktype_map { + int dlt; + int linktype; +} map[] = { + /* + * These DLT_* codes have LINKTYPE_* codes with values identical + * to the values of the corresponding DLT_* code. + */ + { DLT_NULL, LINKTYPE_NULL }, + { DLT_EN10MB, LINKTYPE_ETHERNET }, + { DLT_EN3MB, LINKTYPE_EXP_ETHERNET }, + { DLT_AX25, LINKTYPE_AX25 }, + { DLT_PRONET, LINKTYPE_PRONET }, + { DLT_CHAOS, LINKTYPE_CHAOS }, + { DLT_IEEE802, LINKTYPE_TOKEN_RING }, + { DLT_ARCNET, LINKTYPE_ARCNET }, + { DLT_SLIP, LINKTYPE_SLIP }, + { DLT_PPP, LINKTYPE_PPP }, + { DLT_FDDI, LINKTYPE_FDDI }, + + /* + * These DLT_* codes have different values on different + * platforms; we map them to LINKTYPE_* codes that + * have values that should never be equal to any DLT_* + * code. + */ + { DLT_ATM_RFC1483, LINKTYPE_ATM_RFC1483 }, + { DLT_RAW, LINKTYPE_RAW }, + { DLT_SLIP_BSDOS, LINKTYPE_SLIP_BSDOS }, + { DLT_PPP_BSDOS, LINKTYPE_PPP_BSDOS }, + + /* BSD/OS Cisco HDLC */ + { DLT_C_HDLC, LINKTYPE_C_HDLC }, + + /* + * These DLT_* codes are not on all platforms, but, so far, + * there don't appear to be any platforms that define + * other codes with those values; we map them to + * different LINKTYPE_* values anyway, just in case. + */ + + /* Linux ATM Classical IP */ + { DLT_ATM_CLIP, LINKTYPE_ATM_CLIP }, + + /* NetBSD sync/async serial PPP (or Cisco HDLC) */ + { DLT_PPP_SERIAL, LINKTYPE_PPP_HDLC }, + + /* + * Any platform that defines additional DLT_* codes should: + * + * request a LINKTYPE_* code and value from tcpdump.org, + * as per the above; + * + * add, in their version of libpcap, an entry to map + * those DLT_* codes to the corresponding LINKTYPE_* + * code; + * + * redefine, in their "net/bpf.h", any DLT_* values + * that collide with the values used by their additional + * DLT_* codes, to remove those collisions (but without + * making them collide with any of the LINKTYPE_* + * values equal to 50 or above; they should also avoid + * defining DLT_* values that collide with those + * LINKTYPE_* values, either). + */ + { -1, -1 } +}; + +static int +dlt_to_linktype(int dlt) +{ + int i; + + for (i = 0; map[i].dlt != -1; i++) { + if (map[i].dlt == dlt) + return (map[i].linktype); + } + + /* + * If we don't have a mapping for this DLT_ code, return an + * error; that means that the table above needs to have an + * entry added. + */ + return (-1); +} + +static int +linktype_to_dlt(int linktype) +{ + int i; + + for (i = 0; map[i].linktype != -1; i++) { + if (map[i].linktype == linktype) + return (map[i].dlt); + } + + /* + * If we don't have an entry for this link type, return + * the link type value; it may be a DLT_ value from an + * older version of libpcap. + */ + return linktype; +} + static int sf_write_header(FILE *fp, int linktype, int thiszone, int snaplen) { @@ -170,7 +360,7 @@ pcap_open_offline(const char *fname, char *errbuf) } p->tzoff = hdr.thiszone; p->snapshot = hdr.snaplen; - p->linktype = hdr.linktype; + p->linktype = linktype_to_dlt(hdr.linktype); p->sf.rfile = fp; p->bufsize = hdr.snaplen; @@ -178,15 +368,15 @@ pcap_open_offline(const char *fname, char *errbuf) /* XXX should handle all types */ switch (p->linktype) { - case PCAP_ENCAP_ETHERNET: + case DLT_EN10MB: linklen = 14; break; - case PCAP_ENCAP_FDDI: + case DLT_FDDI: linklen = 13 + 8; /* fddi_header + llc */ break; - case PCAP_ENCAP_NULL: + case DLT_NULL: default: linklen = 0; break; @@ -374,6 +564,16 @@ pcap_dumper_t * pcap_dump_open(pcap_t *p, const char *fname) { FILE *f; + int linktype; + + linktype = dlt_to_linktype(p->linktype); + if (linktype == -1) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "%s: link-layer type %d isn't supported in savefiles", + fname, linktype); + return (NULL); + } + if (fname[0] == '-' && fname[1] == '\0') f = stdout; else { @@ -384,7 +584,7 @@ pcap_dump_open(pcap_t *p, const char *fname) return (NULL); } } - (void)sf_write_header(f, p->linktype, p->tzoff, p->snapshot); + (void)sf_write_header(f, linktype, p->tzoff, p->snapshot); return ((pcap_dumper_t *)f); } |