Merge branch 'master' into pcap-options

1 files changed, 238 insertions, 15 deletions

diff --git a/pcap/pcap.h b/pcap/pcap.h
index 6c65dc30..13ebfdbd 100644
--- a/pcap/pcap.h
+++ b/pcap/pcap.h
@@ -215,11 +215,59 @@ struct pcap_file_header {
 };
 
 /*
- * Macros for the value returned by pcap_datalink_ext().
- *
- * If LT_FCS_LENGTH_PRESENT(x) is true, the LT_FCS_LENGTH(x) macro
- * gives the FCS length of packets in the capture.
+ * Subfields of the field containing the link-layer header type.
+ *
+ * Link-layer header types are assigned for both pcap and
+ * pcapng, and the same value must work with both.  In pcapng,
+ * the link-layer header type field in an Interface Description
+ * Block is 16 bits, so only the bottommost 16 bits of the
+ * link-layer header type in a pcap file can be used for the
+ * header type value.
+ *
+ * In libpcap, the upper 16 bits, from the top down, are divided into:
+ *
+ *    A 4-bit "FCS length" field, to allow the FCS length to
+ *    be specified, just as it can be specified in the if_fcslen
+ *    field of the pcapng IDB.  The field is in units of 16 bits,
+ *    i.e. 1 means 16 bits of FCS, 2 means 32 bits of FCS, etc..
+ *
+ *    A reserved bit, which must be zero.
+ *
+ *    An "FCS length present" flag; if 0, the "FCS length" field
+ *    should be ignored, and if 1, the "FCS length" field should
+ *    be used.
+ *
+ *    10 reserved bits, which must be zero.  They were originally
+ *    intended to be used as a "class" field, allowing additional
+ *    classes of link-layer types to be defined, with a class value
+ *    of 0 indicating that the link-layer type is a LINKTYPE_ value.
+ *    A value of 0x224 was, at one point, used by NetBSD to define
+ *    "raw" packet types, with the lower 16 bits containing a
+ *    NetBSD AF_ value; see
+ *
+ *        https://marc.info/?l=tcpdump-workers&m=98296750229149&w=2
+ *
+ *    It's unknown whether those were ever used in capture files,
+ *    or if the intent was just to use it as a link-layer type
+ *    for BPF programs; NetBSD's libpcap used to support them in
+ *    the BPF code generator, but it no longer does so.  If it
+ *    was ever used in capture files, or if classes other than
+ *    "LINKTYPE_ value" are ever useful in capture files, we could
+ *    re-enable this, and use the reserved 16 bits following the
+ *    link-layer type in pcapng files to hold the class information
+ *    there.  (Note, BTW, that LINKTYPE_RAW/DLT_RAW is now being
+ *    interpreted by libpcap, tcpdump, and Wireshark as "raw IP",
+ *    including both IPv4 and IPv6, with the version number in the
+ *    header being checked to see which it is, not just "raw IPv4";
+ *    there are LINKTYPE_IPV4/DLT_IPV4 and LINKTYPE_IPV6/DLT_IPV6
+ *    values if "these are IPv{4,6} and only IPv{4,6} packets"
+ *    types are needed.)
+ *
+ *    Or we might be able to use it for other purposes.
  */
+#define LT_LINKTYPE(x)			((x) & 0x0000FFFF)
+#define LT_LINKTYPE_EXT(x)		((x) & 0xFFFF0000)
+#define LT_RESERVED1(x)			((x) & 0x03FF0000)
 #define LT_FCS_LENGTH_PRESENT(x)	((x) & 0x04000000)
 #define LT_FCS_LENGTH(x)		(((x) & 0xF0000000) >> 28)
 #define LT_FCS_DATALINK_EXT(x)		((((x) & 0xF) << 28) | 0x04000000)
@@ -382,6 +430,7 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
 #define PCAP_CHAR_ENC_LOCAL	0x00000000U	/* strings are in the local character encoding */
 #define PCAP_CHAR_ENC_UTF_8	0x00000001U	/* strings are in UTF-8 */
 
+PCAP_AVAILABLE_1_10
 PCAP_API int	pcap_init(unsigned int, char *);
 
 /*
@@ -389,31 +438,66 @@ PCAP_API int	pcap_init(unsigned int, char *);
  * thread-safe, can behave weirdly with WinPcap).  Callers
  * should use pcap_findalldevs() and use the first device.
  */
+PCAP_AVAILABLE_0_4
 PCAP_API char	*pcap_lookupdev(char *)
 PCAP_DEPRECATED(pcap_lookupdev, "use 'pcap_findalldevs' and use the first device");
 
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_lookupnet(const char *, bpf_u_int32 *, bpf_u_int32 *, char *);
 
+PCAP_AVAILABLE_1_0
 PCAP_API pcap_t	*pcap_create(const char *, char *);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_set_snaplen(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_set_promisc(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_can_set_rfmon(pcap_t *);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_set_rfmon(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_set_timeout(pcap_t *, int);
+
+PCAP_AVAILABLE_1_2
 PCAP_API int	pcap_set_tstamp_type(pcap_t *, int);
+
+PCAP_AVAILABLE_1_5
 PCAP_API int	pcap_set_immediate_mode(pcap_t *, int);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_set_buffer_size(pcap_t *, int);
+
+PCAP_AVAILABLE_1_5
 PCAP_API int	pcap_set_tstamp_precision(pcap_t *, int);
+
+PCAP_AVAILABLE_1_5
 PCAP_API int	pcap_get_tstamp_precision(pcap_t *);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_activate(pcap_t *);
 
+PCAP_AVAILABLE_1_2
 PCAP_API int	pcap_list_tstamp_types(pcap_t *, int **);
+
+PCAP_AVAILABLE_1_2
 PCAP_API void	pcap_free_tstamp_types(int *);
+
+PCAP_AVAILABLE_1_2
 PCAP_API int	pcap_tstamp_type_name_to_val(const char *);
+
+PCAP_AVAILABLE_1_2
 PCAP_API const char *pcap_tstamp_type_val_to_name(int);
+
+PCAP_AVAILABLE_1_2
 PCAP_API const char *pcap_tstamp_type_val_to_description(int);
 
 #ifdef __linux__
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_set_protocol_linux(pcap_t *, int);
 #endif
 
@@ -475,13 +559,25 @@ PCAP_API int	pcap_set_protocol_linux(pcap_t *, int);
 #define PCAP_TSTAMP_PRECISION_MICRO	0	/* use timestamps with microsecond precision, default */
 #define PCAP_TSTAMP_PRECISION_NANO	1	/* use timestamps with nanosecond precision */
 
+PCAP_AVAILABLE_0_4
 PCAP_API pcap_t	*pcap_open_live(const char *, int, int, int, char *);
+
+PCAP_AVAILABLE_0_6
 PCAP_API pcap_t	*pcap_open_dead(int, int);
+
+PCAP_AVAILABLE_1_5
 PCAP_API pcap_t	*pcap_open_dead_with_tstamp_precision(int, int, u_int);
+
+PCAP_AVAILABLE_1_5
 PCAP_API pcap_t	*pcap_open_offline_with_tstamp_precision(const char *, u_int, char *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API pcap_t	*pcap_open_offline(const char *, char *);
+
 #ifdef _WIN32
+  PCAP_AVAILABLE_1_5
   PCAP_API pcap_t  *pcap_hopen_offline_with_tstamp_precision(intptr_t, u_int, char *);
+
   PCAP_API pcap_t  *pcap_hopen_offline(intptr_t, char *);
   /*
    * If we're building libpcap, these are internal routines in savefile.c,
@@ -503,51 +599,126 @@ PCAP_API pcap_t	*pcap_open_offline(const char *, char *);
 	pcap_hopen_offline(_get_osfhandle(_fileno(f)), b)
   #endif
 #else /*_WIN32*/
+  PCAP_AVAILABLE_1_5
   PCAP_API pcap_t	*pcap_fopen_offline_with_tstamp_precision(FILE *, u_int, char *);
+
+  PCAP_AVAILABLE_0_9
   PCAP_API pcap_t	*pcap_fopen_offline(FILE *, char *);
 #endif /*_WIN32*/
 
+PCAP_AVAILABLE_0_4
 PCAP_API void	pcap_close(pcap_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_loop(pcap_t *, int, pcap_handler, u_char *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_dispatch(pcap_t *, int, pcap_handler, u_char *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API const u_char *pcap_next(pcap_t *, struct pcap_pkthdr *);
+
+PCAP_AVAILABLE_0_8
 PCAP_API int 	pcap_next_ex(pcap_t *, struct pcap_pkthdr **, const u_char **);
+
+PCAP_AVAILABLE_0_8
 PCAP_API void	pcap_breakloop(pcap_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_stats(pcap_t *, struct pcap_stat *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_setfilter(pcap_t *, struct bpf_program *);
+
+PCAP_AVAILABLE_0_9
 PCAP_API int 	pcap_setdirection(pcap_t *, pcap_direction_t);
+
+PCAP_AVAILABLE_0_7
 PCAP_API int	pcap_getnonblock(pcap_t *, char *);
+
+PCAP_AVAILABLE_0_7
 PCAP_API int	pcap_setnonblock(pcap_t *, int, char *);
+
+PCAP_AVAILABLE_0_9
 PCAP_API int	pcap_inject(pcap_t *, const void *, size_t);
+
+PCAP_AVAILABLE_0_8
 PCAP_API int	pcap_sendpacket(pcap_t *, const u_char *, int);
+
+PCAP_AVAILABLE_1_0
 PCAP_API const char *pcap_statustostr(int);
+
+PCAP_AVAILABLE_0_4
 PCAP_API const char *pcap_strerror(int);
+
+PCAP_AVAILABLE_0_4
 PCAP_API char	*pcap_geterr(pcap_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API void	pcap_perror(pcap_t *, const char *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_compile(pcap_t *, struct bpf_program *, const char *, int,
 	    bpf_u_int32);
+
+PCAP_AVAILABLE_0_5
 PCAP_API int	pcap_compile_nopcap(int, int, struct bpf_program *,
 	    const char *, int, bpf_u_int32);
+
+/* XXX - this took two arguments in 0.4 and 0.5 */
+PCAP_AVAILABLE_0_6
 PCAP_API void	pcap_freecode(struct bpf_program *);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_offline_filter(const struct bpf_program *,
 	    const struct pcap_pkthdr *, const u_char *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_datalink(pcap_t *);
+
+PCAP_AVAILABLE_1_0
 PCAP_API int	pcap_datalink_ext(pcap_t *);
+
+PCAP_AVAILABLE_0_8
 PCAP_API int	pcap_list_datalinks(pcap_t *, int **);
+
+PCAP_AVAILABLE_0_8
 PCAP_API int	pcap_set_datalink(pcap_t *, int);
+
+PCAP_AVAILABLE_0_8
 PCAP_API void	pcap_free_datalinks(int *);
+
+PCAP_AVAILABLE_0_8
 PCAP_API int	pcap_datalink_name_to_val(const char *);
+
+PCAP_AVAILABLE_0_8
 PCAP_API const char *pcap_datalink_val_to_name(int);
+
+PCAP_AVAILABLE_0_8
 PCAP_API const char *pcap_datalink_val_to_description(int);
+
+PCAP_AVAILABLE_1_10
 PCAP_API const char *pcap_datalink_val_to_description_or_dlt(int);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_snapshot(pcap_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_is_swapped(pcap_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_major_version(pcap_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_minor_version(pcap_t *);
+
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_bufsize(pcap_t *);
 
 /* XXX */
+PCAP_AVAILABLE_0_4
 PCAP_API FILE	*pcap_file(pcap_t *);
+
 #ifdef _WIN32
 /*
  * This probably shouldn't have been kept in WinPcap; most if not all
@@ -556,9 +727,11 @@ PCAP_API FILE	*pcap_file(pcap_t *);
  * with a pcap_t (there's no guarantee that there is one), we can add
  * a Windows-only pcap_handle() API that returns the HANDLE.
  */
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_fileno(pcap_t *)
-PCAP_DEPRECATED(pcap_fileno, "use 'pcap_handle'");
+PCAP_DEPRECATED(pcap_fileno, "request a 'pcap_handle' that returns a HANDLE if you need it");
 #else /* _WIN32 */
+PCAP_AVAILABLE_0_4
 PCAP_API int	pcap_fileno(pcap_t *);
 #endif /* _WIN32 */
 
@@ -566,9 +739,13 @@ PCAP_API int	pcap_fileno(pcap_t *);
   PCAP_API int	pcap_wsockinit(void);
 #endif
 
+PCAP_AVAILABLE_0_4
 PCAP_API pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
+
 #ifdef _WIN32
+  PCAP_AVAILABLE_0_9
   PCAP_API pcap_dumper_t *pcap_dump_hopen(pcap_t *, intptr_t);
+
   /*
    * If we're building libpcap, this is an internal routine in sf-pcap.c, so
    * we must not define it as a macro.
@@ -587,17 +764,35 @@ PCAP_API pcap_dumper_t *pcap_dump_open(pcap_t *, const char *);
 	pcap_dump_hopen(p, _get_osfhandle(_fileno(f)))
   #endif
 #else /*_WIN32*/
+  PCAP_AVAILABLE_0_9
   PCAP_API pcap_dumper_t *pcap_dump_fopen(pcap_t *, FILE *fp);
 #endif /*_WIN32*/
+
+PCAP_AVAILABLE_1_7
 PCAP_API pcap_dumper_t *pcap_dump_open_append(pcap_t *, const char *);
+
+PCAP_AVAILABLE_0_8
 PCAP_API FILE	*pcap_dump_file(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_9
 PCAP_API long	pcap_dump_ftell(pcap_dumper_t *);
+
+PCAP_AVAILABLE_1_9
 PCAP_API int64_t	pcap_dump_ftell64(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_8
 PCAP_API int	pcap_dump_flush(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API void	pcap_dump_close(pcap_dumper_t *);
+
+PCAP_AVAILABLE_0_4
 PCAP_API void	pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *);
 
+PCAP_AVAILABLE_0_7
 PCAP_API int	pcap_findalldevs(pcap_if_t **, char *);
+
+PCAP_AVAILABLE_0_7
 PCAP_API void	pcap_freealldevs(pcap_if_t *);
 
 /*
@@ -615,6 +810,7 @@ PCAP_API void	pcap_freealldevs(pcap_if_t *);
  *
  * On Windows, the string is constructed at run time.
  */
+PCAP_AVAILABLE_0_8
 PCAP_API const char *pcap_lib_version(void);
 
 #if defined(_WIN32)
@@ -650,7 +846,10 @@ PCAP_API const char *pcap_lib_version(void);
 
   PCAP_API HANDLE pcap_getevent(pcap_t *p);
 
+  PCAP_AVAILABLE_1_8
   PCAP_API int pcap_oid_get_request(pcap_t *, bpf_u_int32, void *, size_t *);
+
+  PCAP_AVAILABLE_1_8
   PCAP_API int pcap_oid_set_request(pcap_t *, bpf_u_int32, const void *, size_t *);
 
   PCAP_API pcap_send_queue* pcap_sendqueue_alloc(u_int memsize);
@@ -693,7 +892,10 @@ PCAP_API const char *pcap_lib_version(void);
    * UN*X definitions
    */
 
+  PCAP_AVAILABLE_0_8
   PCAP_API int	pcap_get_selectable_fd(pcap_t *);
+
+  PCAP_AVAILABLE_1_9
   PCAP_API const struct timeval *pcap_get_required_select_timeout(pcap_t *);
 
 #endif /* _WIN32/MSDOS/UN*X */
@@ -722,18 +924,21 @@ PCAP_API const char *pcap_lib_version(void);
 #define PCAP_SRC_IFREMOTE	4	/* interface on a remote host, using RPCAP */
 
 /*
- * The formats allowed by pcap_open() are the following:
+ * The formats allowed by pcap_open() are the following (optional parts in []):
  * - file://path_and_filename [opens a local file]
- * - rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]
- * - rpcap://host/devicename [opens the selected device available on a remote host]
- * - rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]
+ * - rpcap://devicename [opens the selected device available on the local host, without using the RPCAP protocol]
+ * - rpcap://[username:password@]host[:port]/devicename [opens the selected device available on a remote host]
+ *   - username and password, if present, will be used to authenticate to the remote host
+ *   - port, if present, will specify a port for RPCAP rather than using the default
  * - adaptername [to open a local adapter; kept for compatibility, but it is strongly discouraged]
  * - (NULL) [to open the first local adapter; kept for compatibility, but it is strongly discouraged]
  *
- * The formats allowed by the pcap_findalldevs_ex() are the following:
+ * The formats allowed by the pcap_findalldevs_ex() are the following (optional parts in []):
  * - file://folder/ [lists all the files in the given folder]
  * - rpcap:// [lists all local adapters]
- * - rpcap://host:port/ [lists the devices available on a remote host]
+ * - rpcap://[username:password@]host[:port]/ [lists the devices available on a remote host]
+ *   - username and password, if present, will be used to authenticate to the remote host
+ *   - port, if present, will specify a port for RPCAP rather than using the default
  *
  * In all the above, "rpcaps://" can be substituted for "rpcap://" to enable
  * SSL (if it has been compiled in).
@@ -750,6 +955,7 @@ PCAP_API const char *pcap_lib_version(void);
  * Here you find some allowed examples:
  * - rpcap://host.foo.bar/devicename [everything literal, no port number]
  * - rpcap://host.foo.bar:1234/devicename [everything literal, with port number]
+ * - rpcap://root:hunter2@host.foo.bar/devicename [everything literal, with username/password]
  * - rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]
  * - rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]
  * - rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]
@@ -859,10 +1065,11 @@ PCAP_API const char *pcap_lib_version(void);
  * authentication is successful (and the user has the right to open network
  * devices) the RPCAP connection will continue; otherwise it will be dropped.
  *
- * *******NOTE********: the username and password are sent over the network
- * to the capture server *IN CLEAR TEXT*.  Don't use this on a network
- * that you don't completely control!  (And be *really* careful in your
- * definition of "completely"!)
+ * *******NOTE********: unless TLS is being used, the username and password
+ * are sent over the network to the capture server *IN CLEAR TEXT*.  Don't
+ * use this, without TLS (i.e., with rpcap:// rather than rpcaps://) on
+ * a network that you don't completely control!  (And be *really* careful
+ * in your definition of "completely"!)
  */
 #define RPCAP_RMTAUTH_PWD 1
 
@@ -926,10 +1133,15 @@ struct pcap_rmtauth
  * For opening a remote capture, pcap_open() is currently the only
  * API available.
  */
+PCAP_AVAILABLE_1_9
 PCAP_API pcap_t	*pcap_open(const char *source, int snaplen, int flags,
 	    int read_timeout, struct pcap_rmtauth *auth, char *errbuf);
+
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_createsrcstr(char *source, int type, const char *host,
 	    const char *port, const char *name, char *errbuf);
+
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_parsesrcstr(const char *source, int *type, char *host,
 	    char *port, char *name, char *errbuf);
 
@@ -952,6 +1164,7 @@ PCAP_API int	pcap_parsesrcstr(const char *source, int *type, char *host,
  * For listing remote capture devices, pcap_findalldevs_ex() is currently
  * the only API available.
  */
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_findalldevs_ex(const char *source,
 	    struct pcap_rmtauth *auth, pcap_if_t **alldevs, char *errbuf);
 
@@ -1022,6 +1235,7 @@ struct pcap_samp
 /*
  * New functions.
  */
+PCAP_AVAILABLE_1_9
 PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p);
 
 /*
@@ -1031,15 +1245,24 @@ PCAP_API struct pcap_samp *pcap_setsampling(pcap_t *p);
 /* Maximum length of an host name (needed for the RPCAP active mode) */
 #define RPCAP_HOSTLIST_SIZE 1024
 
+PCAP_AVAILABLE_1_9
 PCAP_API SOCKET	pcap_remoteact_accept(const char *address, const char *port,
 	    const char *hostlist, char *connectinghost,
 	    struct pcap_rmtauth *auth, char *errbuf);
+
+PCAP_AVAILABLE_1_10
 PCAP_API SOCKET	pcap_remoteact_accept_ex(const char *address, const char *port,
 	    const char *hostlist, char *connectinghost,
 	    struct pcap_rmtauth *auth, int uses_ssl, char *errbuf);
+
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_remoteact_list(char *hostlist, char sep, int size,
 	    char *errbuf);
+
+PCAP_AVAILABLE_1_9
 PCAP_API int	pcap_remoteact_close(const char *host, char *errbuf);
+
+PCAP_AVAILABLE_1_9
 PCAP_API void	pcap_remoteact_cleanup(void);
 
 enum pcap_option_name {  /* never renumber this */