| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
|
|
|
|
| |
This lets us move the Windows version to pcap-win32.c, so we don't have
to include packet32.h in pcap.c.
It also gets rid of some #ifdefs, and lets us construct the version
string on UN*X platforms, and MS-DOS, at compile time.
|
|
|
|
|
|
|
| |
That avoids leaking packet.dll stuff into the generic code.
Have, instead, a HANDLE, and set it to the hFile member of the ADAPTER
structure, so we can return it from pcap_fileno().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the Linux-specific pcap_set_protocol(), which allows you to
specify a specific protocol to be captured. A protocol value specified
with this function will be used instead of ETH_P_ALL when creating and
binding a packet socket.
For ethernet packets, a similar result can be achieved by explicitly
creating a BPF filter that filters on ethertype and attaching that
filter to the packet socket, however, filtering using the packet socket
protocol field is slightly more efficient.
Also, in some cases, the packet socket protocol field and the
ethertype field have different values, and in those cases it is
impossible to achieve the same result by using a BPF filter. An
example of this is on Arista platforms, where sFlow-sampled packets
are delivered, unmodified, to virtual interfaces on the management
CPU with their packet socket protocol value set to the magic value
0x002d, independently of their actual ethertype.
|
|
|
|
|
| |
For example, on Linux, we add information about memory-mapped capture
support; see comments on GitHub issue #600.
|
|
|
|
|
|
|
| |
Move the declarations of the interfaces that are currently used for
RPCAP by pcap_open_live(), pcap_open(), and pcap_findalldevs_ex() to
pcap-rpcap.h; in the future, that will hold the routines used by
pcap_create() and any future API for enumerating interfaces.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be able to arrange that, when doing a remote capture, the
machine doing the capturing doesn't capture the traffic it sends
containing the captured packets, we have to tweak the user's filter to
filter out traffic to and from the port(s) being used for capturing, and
tell the remote machine to use that as the filter.
WinPcap did this by inserting a hack into pcap_compile() to save the
filter.
We do it by having a hook, called by pcap_compile(), so it doesn't have
to know anything about remote packet capture; we handle that all in our
hook routine.
Ideally, we should do this by compiling the additional filter code
ourselves and combining it with the existing filter code in our
pcap_setfilter routine, and get rid of this hack entirely. That way, we
don't have to *assume* that 1) the filter code being used was generated
by pcap_compile() (which needn't be the case), 2) the filter is in
standard pcap syntax (which it might not be - there's a pull request to
add the ability to specify raw BPF machine code, in binary form, to
pcap_compile()), and 3) nobody ever calls pcap_compile() to compile a
filter that they *aren't* going to hand to pcap_setfilter (which they
might do, e.g. if they're using BPF filters to do packet classification
on packets we hand them).
Fix up some comments while we're at it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a configuration option to enable remote capture in libpcap. It
defaults to being disabled, and, if enabled, warns that it might expose
libpcap-based programs to attack by malicious remote capture servers.
(The code needs to be carefully audite to make sure there aren't any
buffer overflow, etc. exploits before we remove that warning or default
to enabling it.)
Put the sampling parameters into the pcap_t; in theory, at least, it
could be supported by all capture mechanisms, although it's currently
only supported by Win32 local capture and rpcap-based capture.
Have a private data structure for remote capture, just as we do for
local capture sources. Have it contain only what's needed for remote
capture.
Have a pcap_open_rpcap() routine that does all the work of opening a
pcap_t; if remote capture is enabled, call it from pcap_open() and
pcap_open_live() if pcap_parsesrc() indicates that we were handed a
remote capture URL.
Put back the sampling code into the Win32 local capture code. Turn the
static variables used for sampling into members of its private data
structure, so we don't get collisions if there's more than one pcap_t
open.
Don't support remote capture for pcap_create()/pcap_activate() - that
might ultimately involve API changes that existing programs would have
to be changed to handle, such as "username/password needed" and
"authentication failed" error returns for which the application might
prompt or re-prompt for a user name and/or a password - we might, for
example, have a new pcap_create_ routine that would be called by
programs prepared to handle remote capture.
NOTE: this is not the final form of the code; once full remote capture
support is added, with some pcap_create_ routine handling URLs,
pcap_open() and pcap_open_live() will not have to handle URLs
themselves, for example.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We just set a flag and attempt to set non-blocking mode after
activating.
If a module can't support non-blocking mode, it should set the set
non-blocking operator in the create routine, so a pre-activation call
will fail the same way a post-activation call fails.
While we're at it:
Have the get non-blocking and set non-blocking modes not take an error
buffer as an argument; they have the error buffer in the pcap_t to set.
pcap_getnonblock() and pcap_setnonblock() just copy the error from there
to the argument passed in.
Make sure we set the cleanup op pointer when appropriate.
|
|
|
|
| |
Rename add_addr_to_iflist() to add_addr_to_if().
|
|
|
|
|
| |
Use a new find_or_add_if() routine that takes IFF_ flags as an argument
and maps them to PCAP_IF_ flags.
|
|
|
|
|
|
|
|
| |
It's only used on UN*Xes, so it's only used on systems that have IFF_
flags; have add_addr_to_iflist() do the mapping to PCAP_IF_ flags.
That restores the workaround for systems lacking IFF_LOOPBACK and the
"don't even try" for systems lacking IFF_UP or IFF_RUNNING.
|
|
|
|
|
|
|
| |
It's not part of the API, but it's an internal structure used by the
findalldevs code. Currently, it just has a pointer to the beginning of
the list, but it could change in order to speed up the process of adding
to the list.
|
|
|
|
|
|
|
|
|
|
| |
Use the "find device" routine for CSPi's Myricom adapters; those
adapters can appear as regular network interfaces, but, when we
enumerate the Myricom adapters, we want to update the description for
those adapters, rather than adding separate entries for them. While
we're at it, add comments to packet-snf.c explaining this.
Fix some comments and some indentation while we're at it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Have a routine that unconditionally adds a device to the list of
devices, without bothering to check whether there's already a device
with that name, and a separate routine that does the check and, if it
doesn't find the device, calls the routine to add ti. That avoids
scanning the entire list in cases where we know the search will fail.
The only reasons for doing the check are that we're on a platform where
we find the list of interfaces by a call that returns a list of
*addresses*, with an interface name attached to each address, and
1) for each address, we need to make sure we don't already have
the interface, create it if we don't, and add the address to
the now-guaranteed-to-exist entry for the interface;
2) we might have to make a *separate* call to enumerate
interfaces, to find interfaces with *no* addresses, and that
call also enumerates the ones that *do* have addresses, and
we don't want to create a duplicate entry for them.
Change some findalldevs helper routines to have "dev" rather than "if"
in the name, as not all devices are regular network interfaces.
For the DAG findalldevs routine, make sure it always provides an error
message if it fails.
We don't need add_addr_to_iflist() or get_if_description() on Windows,
so don't define them on Windows.
Update comments to reflect reality.
|
|
|
|
|
| |
It's never negative, and it's compared against unsigned values, so
squelch signed vs. unsigned comparison warnings.
|
|
|
|
|
|
|
|
| |
sockutils.c needs them, but doesn't need pcap-int.h, so create a
separate header for them.
Consistently use _WIN32 as the #ifdef test in sockutils.c, while we're
at it.
|
|
|
|
|
| |
Call it with _TRUNCATE as the last argument, and the size of the
destination string buffer as the second argument.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use -Wsign-compare if the compiler supports it.
If we're comparing an unsigned value with a signed value, and we've
already determined that the signed value is >= 0, just cast it to an
unsigned type.
Use 0xffffffffU instead of -1 as the "unknown"/"unset"/etc. value for
unsigned variables and fields.
Assign the result of str2tok() to an int, not a u_int, as it can return
-1.
Declare some variables and fields unsigned if they don't need to be
signed. Make sure some arguments passed into "set" functions are
non-negative (and otherwise not invalid).
In the BPF optimizer, cast the "constant" fields of a struct block to an
unsigned type - the actual constant field of a BPF instruction is
unsigned.
Also, cast away one warning from MSVC.
|
|
|
|
|
| |
The warnings were:
right-hand operand of comma expression has no effect [-Wunused-value]
|
|
|
|
|
| |
So pass it the interface name, and use the name passed to it rather than
the name in the pcap_t - which hasn't yet been set at that point.
|
|
|
|
|
|
|
| |
Instead, have pcap_create() do so.
Also have pcap_create() on Windows handle converting a little-endian
UCS-2/UTF-16 string to ASCII.
|
|
|
|
|
|
|
| |
For local captures, it's jut the device. If we add remote capture
support, we'll be handed a URL, and will split the URL into multiple
components, and will store the various components in the opt structure,
with the path of the URL being opt.device.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(Git's annoying policy of expecting a short one-line description of every
change means that the first line isn't very explanatory.)
Make pcap_findalldevs_interfaces() take as an argument a function that's
used to check whether an interface can be captured on or not, rather
than doing the check by trying to open the device for capturing.
This lets pcap_findalldevs() find interfaces even if you don't have
permission to capture on them; that way, instead of users saying "why
isn't {tcpdump -D, tshark -D, dumpcap -D, Wireshark, etc.} showing me
any interfaces?", they'll say "why am I getting a 'you don't have
permissions' error when I try to capture on this interface?", which is a
better description of the underlying problem.
On some platforms, it also avoids a bunch of extra work when getting a
list of interfaces.
|
|
|
|
|
|
| |
Rename pcap_findalldevs_interfaces() to pcap_platform_finddevs(), now
that pcap_findalldevs() calls pcap_platform_finddevs() to find *all*
the local interfaces.
|
|
|
|
|
|
|
|
| |
Have pcap_findalldevs() call it to find *all* the local interfaces.
pcap_platform_finddevs() might call pcap_findalldevs_interfaces() or
might do the work itself.
Further work to come.
|
|
|
|
|
|
|
|
| |
An OID get request may return less data than requested; pass a pointer
to the length to pcap_oid_get_request(), so that it can supply the
amount of data actually supplied. It also appears that a set request
may copy less data than supplied, so do the same for
pcap_oid_set_request().
|
| |
|
|
|
|
|
|
|
|
| |
This allows multiple pcap_compile() calls to be in progress on different
pcap_t's in different threads.
(No, you can't count on that behavior in older versions of libpcap, so
only do that if you know you're using a newer version of libpcap.)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an if_flags_to_pcap_flags() routine to map the interface name (if
necessary) and IFF_ flags to PCAP_IF_ flags, and call that in the
platform-specific routines. That means that the calls to add to the
interface list don't need to use IFF_ flags, which are UN*Xisms.
Move the routines that update the interface list to fad-helpers.c,
leaving just the legacy APIs in inet.c.
Update finalldevstest to print out all the flags.
|
|
|
|
|
|
|
|
|
|
| |
If the compiler has a flag to specify that symbols should be hidden
outside the shared library unless explicitly marked as visible, specify
it. Make PCAP_API mark a symbol as visible if the compiler supports it.
If it doesn't have that, it probably also lacks the ability to mark
symbols as hidden, so don't bother with explicitly marking symbols as
hidden.
|
| |
|
|
|
|
|
| |
That means they won't be exported from the shared library on UN*X, just
as they won't be exported on Windows.
|
|
|
|
|
|
|
|
|
|
| |
It's no different from pcap_dispatch(), it's caused at least one
namespace collision with another library:
http://openvswitch.org/pipermail/dev/2014-January/036100.html
and people shouldn't have been using it in the first place - it was
never a published part of the API.
|
|
|
|
|
|
|
| |
This doesn't make pcap_compile() completely reentrant and thread-safe,
but it's a significant step along the way.
Get rid of some stuff left over from when we supported classic Lex.
|
|
|
|
|
|
|
|
|
|
|
| |
On UN*Xes with snprintf(), we just #define pcap_snprintf to snprintf.
On UN*Xes without snprintf(), we provide our own, but call it
pcap_snprintf().
On Windows, we have a routine that wraps _snprintf(), with C99 semantics
(ensuring null termination if the string won't fit), called
pcap_snprintf(), and use that.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In most cases, avoid Packet32.h's definition of BPF structures, which
are different from pcap/bpf.h's definitions, by defining
BPF_MAJOR_VERSION before including it.
In the cases where we *do* need Packet32.h's definitions, define
PCAP_DONT_INCLUDE_PCAP_BPF_H to make sure pcap/bpf.h doesn't get
included and define them, and include <Packet32.h> before pcap-int.h,
*without* BPF_MAJOR_VERSION being defined, so that it defines those
structures. For pcap-win32.h, also include pcap/dlt.h, so we get the
DLT_ values defined.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Have them take the OID, the buffer, and the length as arguments, and,
for pcap-win32.c, have the routines for those calls allocate a
PACKET_OID_DATA, fill it in as appropriate, and copy the data back.
Yeah, it's more work and another memory allocation, but it's still a
cleaner API and avoids some compiler warnings.
|
|
|
|
|
|
|
|
|
|
| |
There's no state that needs to be preserved between calls, so just use
an on-stack structure and fill it in before each PacketReceivePacket()
call.
That's one less WinPcap-specific data structure in the pcap_t structure
(and the PACKET structure itself wasn't in the pcap_t structure, so it's
not as if you got any cache locality improvement from it).
|
|
|
|
|
| |
pcap-win32.c maintains its own "non-blocking" flag; no need to keep one
in the pcap_t structure.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We probably shouldn't be exporting something called wsockinit() at all,
as it's too likely to collide with routines in code that calls us. I
don't know whether Wine implemented it in order to run Windows programs
that call it, or if there actually *are* such programs, but we'll leave
it around for now.
Call pcap_wsockinit() in pcap_compile(), and don't bother declaring it;
rely on it being declared in pcap-int.h, so we run less of a risk of the
declaration and definition getting out of sync (not that we're likely to
change its signature, but...).
In the definitions of it and wsockinit(), explicitly note that they take
no arguments.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) It's also apparently supported on Linux.
2) This cleans it up to match the way we're currently dealing with pcap
modules.
3) This cleans it up to the way we're handling the Win32 extensions.
Fix the configure script so that, if a pcap module that is supported
only if the relevant support software is available is being configured
in, we *add* its source to the list of source files to compile, rather
than making it *the* source file to compile, in case there's more than
one of them.
Fix a typo in a comment.
Add a comment about TurboCap using DLT_PPI for Ethernet.
Move the struct pcap_stat used for pcap_stats_ex() into the pcap
structure on Windows, as it's used by multiple modules.
Remove the stuff that handles TurboCap from pcap-win32.c, as the
routines that did that are now just module ops, so we call the TurboCap
versions for TurboCap devices.
Remove the stuff that handles remote captures from there as well; that
will eventually be handles by modules (plural) for the remote capture
protocols (plural).
Make all of the fields added to struct pcap_stat dependent on _WIN32 and
HAVE_REMOTE being defined. We don't want any of them for UN*X, as that
would potentially break binary compatibility; we make them all dependent
on HAVE_REMOTE being defined because that's what WinPcap currently does
(yes, that's a bad idea, but we'll be fixing this by deprecating that
structure as well as pcap_stats() and pcap_stats_ex() in favor of
something a bit more pcapng-like, which would be more extensible).
|