| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The code that should have given a warning wasn't compiled in AppVeyor,
because we were building libpcap on its own rather than as part of a
WinPcap or Npcap build.
[skip ci]
|
|
|
|
| |
[skip ci]
|
|
|
|
| |
[skip ci]
|
|
|
|
|
|
| |
This reverts commit 10dbaabafb2ea88f5c3cce8a66f00831abca1ebd.
OK, we got the warnings we expected.
|
|
|
|
|
|
|
| |
There appears to be a case with MSVC where that's not happening; make
sure all the compilers we use, including MSVC, warn about that.
This will be removed once the CI builders are done with it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sizeof operator and alignof macro can be given a type "name" that's
anonymous, e.g. sizeof(struct { int a; char *b; }). Have
pcap_create_common() and pcap_open_offline_common() take, as arguments,
the total size of a structure containing both the pcap_t and the private
data as members, and the offset of the private data in that structure,
and define macros that calculate those given, as an argument, the data
type of the private data.
This avoids making assumptions about the alignment of those two items
within the structure; that *might* fix GitHub issue #940 if the issue is
that the ARM compiler being used does 16-byte alignment of the private
structure, rather than the 8-byte alignment we were wiring in.
|
|
|
|
|
|
|
|
| |
I backed pcap_handle() out; we'll provide it if there's a demand for it,
but I'm not sure how useful getting the HANDLE for an NPF device is
(what can you do with it?).
[skip ci]
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't know whether a Windows HANDLE can be expected to survive
conversion to an int - and there's no need for it to have to be
converted. If a caller needs to do something with a HANDLE associated
with a pcap_t, it should call the new pcap_handle() routine and get a
HANDLE; code for UN*X that uses the result of pcap_fileno() is unlikely
to work on Windows anyway.
Squelch the "pointer truncation from 'HANDLE' to 'DWORD'" warning, as,
if that truncation causes an issue, callers should use pcap_handle(),
and if it *doesn't* cause an issue, it's, well, not an issue.
|
|
|
|
|
|
|
|
| |
This allows us to update the support for newer APIs in the future - and
in the present, with pcap_set_datalink() - and would allow Npcap to
remove its AirPcap support.
Add another test program, while we're at it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a routine pcap_init() that initializes pcap, specifying whether
strings should be treated as being in UTF-8 or a local character
encoding.
On UN*Xes, we don't change our behavior based on that setting; if there
is ever an issue with local character encodings *other* than UTF-8, we
can use it.
On Windows, the local character encoding is the local ANSI code page; if
pcap_init() isn't called, or is called with PCAP_CHAR_ENC_LOCAL, strings
are treated as being in the current ANSI code page, as before, otherwise
they're treated as being in UTF-8. This includes file path names and
error messages.
In addition, if pcap_init() is called, regardless of the options, we
disable pcap_lookupdev(), making it always return NULL, as it retunred
*UTF-16LE* strings (plural!) on Windows NT, and pcap_create() had to
check for UTF-16LE strings to work around that. That workaround is
unsafe (it will read past the end of the input string if the string is
one ASCII character), and is also disabled if pcap_init() is called.
We also make rpcapd send UTF-8 error message strings over the wire;
sending local code page strings is a Bad Idea, as the client has no idea
what the server's code page is. (Do not assume the client and server
are necessarily in the same location.)
Fix the capitalization of "Winsock" while we're at it; Microsoft appears
to spell it "Winsock", rather than "WinSock".
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a pain to detect, because the PF_PACKET socket code appears to
get separate "interface went down" and "interface went away"
notifications in my "unplug a USB Wi-Fi adapter" tests on my VMware
Fusion Ubuntu 18.04 virtual machine (5.3.0 kernel), and the first
notification delivers a wakeup and returns ENETDOWN while the second
notificaiton delivers *no* wakeup and sets the ifindex member of the
struct packet_sock for the socket, so there's nothing we can test after
the wakeup that's guaranteed to indicate that the interface has
disappeared.
So what we have to do is remember the ENETDOWN but not return it as an
error, and then arrange to periodically check whether the interface is
still there; if it isn't, we *then* return the "interface went away"
error, and, if we see traffic or see that the interface is up, we clear
the remembered ENETDOWN and stop doing the periodic checks.
This is tricky, because it needs to work not only for blocking pcap_t's,
where we're in a loop doing poll() calls, so we can keep checking within
the loop, but also for non-blocking pcap_t's on which the caller is
doing select()/poll()/epoll_wait().
In order to make *that* work, we need to tweak the semantics of
pcap_get_required_select_timeout() so that it's not guaranteed that it
will always return the same value, so that it should be called within
event loops rather than called once outside the event loop. Normally,
there is no timeout required for Linux PF_PACKET sockets, but when we're
doing the periodic tests, the timeout is required.
While we're doing that, we make the return value of
pcap_get_required_select_timeout() a const pointer - there was no good
reason for the caller to modify it (it doesn't belong to the caller).
If poll() returns POLLERR, use getsockopt(SO_ERROR) to get the socket
error, rather than a read().
Update the documentation to reflect this, and make various other
cleanups (including documenting the error return value for
pcap_get_selectable_fd() to -1 rather than PCAP_ERROR - it's not an
error code, it's just a specific error value). Also note that, for
kqueues on *BSD/macOS and for select/poll on Linux, the timeout needn't
be used as a timeout for the call - you can have a timer, so that when
that *particular* timer fires, you try calling pcap_dispatch() on the
pcap_t to which it corresponds.
Update selpolltest to add more capabilities needed when testing this on
Linux.
This should address GitHub issue #859 and pull request #858.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Define PCAP_TSTAMP_HOST_{LOW,HI}PREC as synced with the system clock;
add a new PCAP_TSTAMP_HOST_HIPREC_UNSYNCED type for high-precision time
stamps not necessarily synced with the system clock.
This should better match Npcap, including a proposed future "high
precision and synced with the system clock" time stamps for Npcap on
Windows 8 and later.
(This may still not match what FreeBSD offers, but at least it removes
an Npcap mismatch.)
|
|
|
|
|
| |
That way, we don't have to do the check in the individual setdirection
op routines.
|
|
|
|
|
|
|
|
| |
Say "...on this device" for errors; it may be the OS's capture mechanism
that doesn't support setting the direction, but there may be other
devices on the system that *do* support it.
Check the validity of the direction argument in more places.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
It's a Linux-specific mechanism; on at least two other platforms,
FreeBSD and macOS, USB sniffing takes place through BPF, so it's not
something that we allow to be disabled.
Clean up the checks for Linux-specific mechanisms, putting them inside a
general "Is this Linux?" test.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Not all interfaces have a unit number (systemd, for example, might
assign interface names based on the interface's MAC address or on the
physical location of the adapter's connector).
2) If the name does end with a simple unit number, it's not a global
property of the interface, it's only useful as a sort key for device
names with the same prefix, so xyz0 shouldn't necessarily sort before
abc2.
This means that interfaces with the same figure of merit will be sorted
by the order in which the mechanism from which we're getting the
interfaces supplies them.
This will help with some macOS boxes that lack en0 but have utun0; it
may keep utun0 from getting sorted before, say, en2 just because it has
a lower unit number.
(More should be done, e.g. penalizing all interfaces through which the
default route doesn't go, putting the interface for the default route at
the top.)
|
|
|
|
|
|
|
|
|
| |
After it calls pcap_close(), the pcap_t that was closed must no longer
be at the head of the pcaps_to_close list. Abort if it still is, rather
than looping indefinitely (or crashing because we're trying to close a
now-closed-and-freed pcap_t).
Reported by Charles Smith at Tangible Security.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In change 6e0c54a8f9640973e95ae755e6f60e1cceb7985f, we "have both the
time stamp type-setting and precision-setting routines allow the default
value (PCAP_TSTAMP_NONE/PCAP_TSTAMP_PRECISION_MICRO) if no list is
supplied." That means that, for example, "tcpdump -J" may report "Time
stamp type cannot be set", but "tcpdump -j host" is allowed. One could
argue that you're not "setting" the time stamp, as "host" is the
default, but it's confusing.
This means that "host" will be reported as the one and only time stamp
type if that's supported.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of them are locale-dependent, and all of them run the risk of
failing if you hand them a char with the 8th bit set.
Define our own locale-independent macros that can be handed any integral
value.
Don't include <ctype.h>.
This should address the issue in GitHub pull request #839, and should
also catch any (highly unlikely) cases in which something other than
Boring Old Space And Tab and, sometimes, CR and LF are treated as white
space. (No, we don't want FF or VT treated as white space.)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Require Visual Studio 2015 or later; fail if we don't have it, and
remove checks for older versions.
That means we have C99-compliant snprintf() and vsnprintf(); require
them when configuring for UN*X, and then use them directly, rather than
having wrappers for systems lacking them.
If we're using MSVC, skip the tests for options to request C99
compatibility - either we have VS 2015, which is sufficient, or we
don't, in which case we fail.
|
|
|
|
|
|
|
|
|
|
|
| |
"7" is signed, and C's promotion etc. rules cause it to be
sign-extended. This probably doesn't cause a problem in practice, but
it does cause undefined behavior sanitizers to complain.
Use 7U, to ensure it's all unsigned.
This should address the pcap.c part of GitHub issue
the-tcpdump-group/tcpdump#785.
|
|
|
|
| |
Also, add some missing values to dlt_choices.
|
|
|
|
| |
[skip ci]
|
| |
|
| |
|
|
|
|
| |
[skip ci]
|
| |
|
| |
|
|\
| |
| | |
Report the DLT description in error messages
|
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce pcap_datalink_val_to_description_or_dlt, and
use that when reporting an error. This was inspired by
seeing "tcpdump: no VLAN support for data link type 113".
The new equivalent message is
"tcpdump: no VLAN support for Linux cooked".
|
|/
|
|
|
| |
In addition to the support for DSA data link types added by 993db38,
this commit adds support for the Marvell DSA and EDSA tagging formats.
|
|
|
|
|
| |
Check for it in pcap_open_live() and pcap_open() before trying to
dereference it.
|
|
|
|
|
|
|
|
|
|
| |
Apparently the Kontron person who said that the packets begin with the
I2C slave address didn't understand the question, because the Kontron
code adds a 2-byte pseudo-header before the I2C slave address. Rename
the DLT_ and LINKTYPE_ values to reflect this, and update the comments.
Add support for the Linux/Pigeon Point pseudo-header in some places
where it was missing.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
If the URL had "file" as the scheme, *and* if we couldn't allocate
memory for the path, we'd leak the memory we allocated for the scheme.
Should address Coverity CID 1442632 (although Coverity misdiagnosed the
underlying problem).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lets us get rid of places where we calculate the length that a
formatted string will require, attempt to allocate a buffer for the
string, and then format the string into that buffer; this way, we don't
have to hope we got the calculation correct, we rely on the same code
that formats strings to do the calculation.
Provide versions of asprintf() for:
1) Windows and the MSVC runtime, where we use _vscprintf() to determine
the length;
2) systems that have (what is presumed to be) an snprintf() that, when
handed a too-short buffer, returns the number of characters that would
have been written had the buffer been long enough (as C99 specifies),
where we format to a one-character buffer to determine the length;
3) systems that don't have snprintf(), where we use the asprintf()
provided by the missing/snprintf.c file that also provides snprintf().
While we're at it, include "portability.h" in missing/win_snprintf.c, to
get declaration/definition checking done.
|
| |
|