| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
| |
Use it to free up all memory attached to the pcap_t, as well as the
pcap_t itself; that closes some memory leaks.
Fixes GitHub issue #432.
|
| |
|
|
|
|
| |
A new API for advertising/recording reference clock sources and synchronisation state may be available in future.
|
|
|
|
| |
from dagpci.h.
|
|
|
|
| |
It was subtracting the extension header count from caplen after reducing it to packet_len, resulting in truncated records.
|
| |
|
| |
|
|
|
|
|
|
| |
This change removes CVS keywords that express that the file belongs to
libpcap repository. All such keywords represented the revision and
timestamp by the end of 2008 or even older.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In read routines, a packet count <= 0 means "keep supplying packets
until you run out of packets in the buffer", and it means "keep supply
packets until the loop is broken out of or you get an error" in
pcap_loop().
Use the macro in all tests for that, so the right test is always done
(i.e., a count of 0 means "unlimited", not "supply zero packets"); this
fixes some cases where we weren't doing the right test (and hopefully
encourages programmers to use it and get the test right in new modules).
|
|
|
|
|
|
| |
DAG capture device names are of the format dagN or dagN:M where N
is the device number and M is the stream number. The former implies
stream 0.
|
|
|
|
|
| |
"private" is a C++ keyword; rename the "private" member of a pcap_t to
"priv" to avoid that, as per Gisle Vanem's suggestion.
|
|
|
|
| |
In "immediate mode", packets are delivered as soon as they arrive.
|
|
|
|
| |
If an ERF record has 0 'payload' bytes the last extension header will not be counted and the header length will be calculated incorrectly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Put the private data right after the pcap_t structure, with a pointer to
it in the pcap_t.
The initial goal is to allow new pcap modules to be added without having
to hack pcap-int.h.
In the longer term, we may want to freeze the pcap_t structure, except
possibly for adding new method pointers at the end, and provide an ABI
for adding modules.
We also put the stuff used by the read path at the beginning of the
pcap_t structure, to try to keep it on the same set of cache lines.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Have a table of routines to do pcap_create() for devices that aren't
regular network interfaces. Try each of those in succession until one
says "it's mine" (whether it succeeds or fails); if none do, do a
pcap_create() for a regular interface.
Have those routines do more stringent tests of the name - don't just
accept any name that has a particular substring anywhere in it. That
reduces the likelihood of a false match (as happened with the CANbus
module when somebody renamed their Ethernet interface "canopy").
Have the table also include routines for pcap_findalldevs().
|
|
|
|
|
|
|
|
| |
Find dags 0-31 instead of 0-9.
Find streams up to DAG_MAX_STREAMS (currently 64) not 16.
Use rxstreams count to reduce number of test attaches required.
|
|
|
|
|
| |
pcap_t, but, as long as we're initializing ps_drop and ps_recv,
initialize ps_ifdrop.
|
|
|
|
|
|
|
|
|
|
| |
- Ensure all 'MC' ERF types are handled correctly by DLT_ERF.
- Allow capture of ERF 'TYPE_IPV6' records as DLT_RAW.
- Add new ERF types
- Explicitly list known ERF types with no matching native DLT.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
used to clean up after a failed pcap_activate() call. Convert the
existing close_op routines to cleanup_op routines, and use them to clean
up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
directly if there's no platform-dependent cleanup needed. That means we
don't have to write the same cleanup code twice (and possibly forget
stuff in the version done on a failed pcap_activate() call).
Have the cleanup routines do whatever is necessary to indicate that
cleanup has been done, and not do any particular cleaning up if it's
already been done (i.e., don't free something if the pointer to it is
null and null out the pointer once it's been freed, don't close an FD if
it's -1 and set it to -1 once it's been closed, etc.).
For device types/platforms where we don't support monitor mode, check
for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
checked whether we can open the device, so we return "no such device" or
"permission denied" rather than "that device doesn't support monitor
mode" if we can't open the device in the first place.
Fix a comment.
|
|
|
|
| |
the create/activate mode.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handle" routine, an 'activate a pcap_t handle" routine, and some "set
the properties of the pcap_t handle" routines, so that, for example, the
buffer size can be set on a BPF device before the device is bound to an
interface.
Add additional routines to set monitor mode, and make at least an
initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
10.5. (Very much "initial" for Linux, which is a twisty little maze of
wireless drivers, many different.)
Have a "timeout" member of the pcap_md structure on all platforms, use
that on Windows instead of the "timeout" member of the pcap_t structure,
and get rid of the "timeout" member of that structure.
|
|
|
|
|
| |
read_op loops do, to clarify that a zero or negative "cnt" value means
"loop until we run out of packets".
|
| |
|
|
|
|
|
|
|
|
| |
Changing the behaviour when the ERF type is unknown, and for ERF
TYPE_PAD.
Unknown ERF types can always be captured as DLT_ERF. TYPE_PAD
records are dropped silently.
|
|
|
|
|
|
|
|
|
| |
support ERF extension headers;
collect the ifdefs for different ERF types into a header
to improve readability;
add in a couple of new types.
|
|
|
|
|
|
|
|
| |
Clean up the configure output for the dag libraries a bit.
Add Florent Drouin's changes for DLT_ERF.
Some other DAG changes.
|
|
|
|
|
|
| |
* Improved error checking in dag_read().
* More efficient dag_platform_finddevs().
* Support for new DAG API function dag_get_stream_erf_types().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
field in a capture file into:
a 16-bit link-layer type field (it's 16 bits in pcap-NG, and
that'll probably be enough for the foreseeable future);
a 10-bit "class" field, indicating the group of link-layer type
values to which the link-layer type belongs - class 0 is for
regular DLT_ values, and class 0x224 grandfathers in the NetBSD
"raw address family" link-layer types;
a 6-bit "extension" field, storing information about the
capture, such an indication of whether the packets include an
FCS and, if so, how many bytes of FCS are present.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces support for the DAG ERF type
TYPE_COLOR_MC_HDLC_POS.
The patch also allows appropriate DAG cards (DAG 3.7T, DAG 7.1S)
to optionally produce DLT_MTP2_WITH_PHDR (139) traces when
capturing from channelised HDLC links, as an alternative to
DLT_MTP2 (140). When using the new DLT, the 'DAG channel' is
recorded in the pcap record pseudo header as the 'link_number'.
Basic BPF filtering support for DLT_MTP2_WITH_PHDR is also
added.
Fix some warnings.
|
|
|
|
|
|
|
|
|
|
| |
In addition, clean up the allocation and freeing of the temporary
pathname string buffer.
Also, there's no need to set "md.device" (it's only used on Linux, and
even then used only with the old SOCK_PACKET sockets, where you have to
turn promiscuous mode off explicitly rather than having it turn off
automatically when you close the socket) or "md.timeout".
|
|
|
|
|
|
|
|
|
|
|
| |
The USB pseudo-header in DLT_USB_LINUX captures is in the host
byte order for the machine on which the capture was done. When
reading a capture file, convert the pseudo-header to the host
byte order of the host on which the file is being read.
There's a 64-bit quantity in that pseudo-header; move the 64-bit
byte-swap macro from the DAG code to pcap-int.h for use by other
code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the DAG API supports asking a card for the set of ERF types
it supports, use that capability, to handle cards that support
multiple ERF types. This is to support channelised/fractional
T1/E1.
Don't set the snapshot length - some DAG cards support multiple
capture streams, but the snapshot length is global, so it'd
affect other captures.
Update README.dag.
|
|
|
|
|
|
| |
values for an HDLC link (MTP2 is what's usually run on those links, with
MTP3 atop it); remove them. Also, boost dlt_count to match the number
of DLT_ values.
|
|
|
|
| |
updated API if available.
|
|
|
|
|
|
|
| |
packets, only sent packets, or all packets be accepted, with an
implementation for Linux.
Add an implementation for BPF platforms that support BIOCSSEESENT.
|
|
|
|
| |
it fails; there's no need for "dag_setfilter()" to do so.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DAG 4.2 OC-48 cards (and revisions thereof) produce ERF
records that do not contain the trailing FCS. However,
pcap-dag.c assumed that there is an FCS and strips the final
word of the packet. This meant that packets captured with
libpcap on a DAG 4.2 are truncated by four bytes, unless a
magical environment variable (ERF_FCS_BITS) was set. This patch
autodetects when the DAG card is a 4.2, and turns off the
FCS-stripping feature so that packets are no longer truncated.
Also, include "dagnew.h" and "dagapi.h" with quotes, not angle
brackets, as they should be in the user search path, not the
system search path.
|
|
|
|
|
|
|
| |
correctly detect a rare error condition and return a sensible
error message instead of blindly continuing;
clean up some endian-specific code.
|
|
|
|
| |
Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- don't auto-detect HDLC DLT on serial links, use
"pcap_set_datalink()" to choose the link-layer header
- for ATM, allow selecting SUNATM rather than the default
RFC1483 with "pcap_set_datalink()"
- reformat and otherwise clean up the code.
|
|
|
|
|
|
|
| |
devices, offer DLT_DOCSIS as one of the choices of link-layer type, and
support setting that type as meaning just "set libpcap's notion of the
link-layer type to DLT_DOCSIS" without telling the driver to use
DLT_DOCSIS.
|
|
|
|
| |
"select()" or "poll()" - or -1 if that won't work.
|
|
|
|
|
|
|
| |
pointers appropriately, rather than using #ifdefs and run-time checks.
Get rid of declaration of non-existent "pcap_set_datalink_platform()"
routine.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for nonblocking operation.
Added support for processing more than a single packet in
pcap_dispatch().
Fixed bug in loss counter code.
Improved portability of loss counter code (e.g. use UINT_MAX
instead of 0xffff).
Removed unused local variables.
Added required headers (ctype.h, limits.h, unistd.h,
netinet/in.h).
Changed semantics to match those of standard pcap on linux.
- packets rejected by the filter are not counted.
|
|
|
|
| |
warnings from newer versions of GCC.
|
|
|
|
| |
"pcap_dispatch()" and "pcap_loop()".
|