| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
There's no good run-time test, so we test at configure time, by checking
whether /usr/include/inet/ipnet.h exists and contains IPNET_ANY_LINK.
See https://github.com/the-tcpdump-group/tcpdump/issues/1057#issuecomment-1584088911
We make a common routine to use to add that device.
|
| |
|
|
|
| |
This avoids potential and, in one case (SIMH), actual collisions with
names in other libraries or in applications using libpcap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change should avoid these cppcheck warnings:
pcap-hurd.c:77:18: warning: 'p->buffer' is of type 'void *'. When using
void pointers in calculations, the behaviour is undefined.
[arithOperationsOnVoidPointer]
pkt = p->buffer + offsetof(struct net_rcv_msg, packet)
^
pcap-hurd.c:78:8: warning: 'p->buffer+offsetof(struct net_rcv_msg,packet)'
is of type 'void *'. When using void pointers in calculations, the
behaviour is undefined. [arithOperationsOnVoidPointer]
+ sizeof(struct packet_header) - ETH_HLEN;
^
pcap-hurd.c:79:25: warning: 'p->buffer' is of type 'void *'. When using
void pointers in calculations, the behaviour is undefined.
[arithOperationsOnVoidPointer]
memmove(pkt, p->buffer + offsetof(struct net_rcv_msg, header),
^
Remove some '(u_char *)' casts accordingly.
|
| |
|
|
| |
32-bit code.
|
| |
|
|
| |
[skip ci]
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Some Npcap customers are using older versions of VS, so define the
relevant integer types ourselves in that case, so that the headers we
provide that use them can be used.
However, when building libpcap *itself*, require VS 2015 or later, as we
assume a level of C99 support found only in VS 2015 or later.
|
| |
|
|
|
|
|
| |
It's an error code seen only for NPF devices, so move it there.
While we're at it, make only one GetLastError() call for the case that
can get that error.
|
| |
|
|
| |
mobile adaptors when attempting to set non-promiscuous mode
|
| |
|
|
|
|
| |
That makes sure they're not inside extern "C" { ... }, and thus don't
get their external linkage language changed. It also makes it easier to
see what a given header file pulls in.
|
| |
|
|
|
|
|
| |
This reverts commit 8b6b13d4cbb685db047af04c49817ed81fff7c35.
That solution allowed you to intermix declarations/definitions and
before the extern "C", so you can see what's being imported.
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead, explictly flag individual functions with extern "C" by adding
it to the tag we're already using for exported functions, and creating a
new tag to use for non-exported functions.
Rename those tags, and the tags used for exported data, to say what they
do, rather than saying "this is an API" (we may export things we don't
want to be treated as part of the API, but that we have to export
because some programs use them).
|
| |
|
|
|
| |
NetBSD 9.0 defines struct bpf_aux_data in net/bpf.h; that gets included
by pcap-bpf.c, along with pcap-int.h, which causes a collision.
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
| |
The code that should have given a warning wasn't compiled in AppVeyor,
because we were building libpcap on its own rather than as part of a
WinPcap or Npcap build.
[skip ci]
|
| |
|
|
| |
[skip ci]
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sizeof operator and alignof macro can be given a type "name" that's
anonymous, e.g. sizeof(struct { int a; char *b; }). Have
pcap_create_common() and pcap_open_offline_common() take, as arguments,
the total size of a structure containing both the pcap_t and the private
data as members, and the offset of the private data in that structure,
and define macros that calculate those given, as an argument, the data
type of the private data.
This avoids making assumptions about the alignment of those two items
within the structure; that *might* fix GitHub issue #940 if the issue is
that the ARM compiler being used does 16-byte alignment of the private
structure, rather than the 8-byte alignment we were wiring in.
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
| |
This allows us to update the support for newer APIs in the future - and
in the present, with pcap_set_datalink() - and would allow Npcap to
remove its AirPcap support.
Add another test program, while we're at it.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a routine pcap_init() that initializes pcap, specifying whether
strings should be treated as being in UTF-8 or a local character
encoding.
On UN*Xes, we don't change our behavior based on that setting; if there
is ever an issue with local character encodings *other* than UTF-8, we
can use it.
On Windows, the local character encoding is the local ANSI code page; if
pcap_init() isn't called, or is called with PCAP_CHAR_ENC_LOCAL, strings
are treated as being in the current ANSI code page, as before, otherwise
they're treated as being in UTF-8. This includes file path names and
error messages.
In addition, if pcap_init() is called, regardless of the options, we
disable pcap_lookupdev(), making it always return NULL, as it retunred
*UTF-16LE* strings (plural!) on Windows NT, and pcap_create() had to
check for UTF-16LE strings to work around that. That workaround is
unsafe (it will read past the end of the input string if the string is
one ASCII character), and is also disabled if pcap_init() is called.
We also make rpcapd send UTF-8 error message strings over the wire;
sending local code page strings is a Bad Idea, as the client has no idea
what the server's code page is. (Do not assume the client and server
are necessarily in the same location.)
Fix the capitalization of "Winsock" while we're at it; Microsoft appears
to spell it "Winsock", rather than "WinSock".
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a pain to detect, because the PF_PACKET socket code appears to
get separate "interface went down" and "interface went away"
notifications in my "unplug a USB Wi-Fi adapter" tests on my VMware
Fusion Ubuntu 18.04 virtual machine (5.3.0 kernel), and the first
notification delivers a wakeup and returns ENETDOWN while the second
notificaiton delivers *no* wakeup and sets the ifindex member of the
struct packet_sock for the socket, so there's nothing we can test after
the wakeup that's guaranteed to indicate that the interface has
disappeared.
So what we have to do is remember the ENETDOWN but not return it as an
error, and then arrange to periodically check whether the interface is
still there; if it isn't, we *then* return the "interface went away"
error, and, if we see traffic or see that the interface is up, we clear
the remembered ENETDOWN and stop doing the periodic checks.
This is tricky, because it needs to work not only for blocking pcap_t's,
where we're in a loop doing poll() calls, so we can keep checking within
the loop, but also for non-blocking pcap_t's on which the caller is
doing select()/poll()/epoll_wait().
In order to make *that* work, we need to tweak the semantics of
pcap_get_required_select_timeout() so that it's not guaranteed that it
will always return the same value, so that it should be called within
event loops rather than called once outside the event loop. Normally,
there is no timeout required for Linux PF_PACKET sockets, but when we're
doing the periodic tests, the timeout is required.
While we're doing that, we make the return value of
pcap_get_required_select_timeout() a const pointer - there was no good
reason for the caller to modify it (it doesn't belong to the caller).
If poll() returns POLLERR, use getsockopt(SO_ERROR) to get the socket
error, rather than a read().
Update the documentation to reflect this, and make various other
cleanups (including documenting the error return value for
pcap_get_selectable_fd() to -1 rather than PCAP_ERROR - it's not an
error code, it's just a specific error value). Also note that, for
kqueues on *BSD/macOS and for select/poll on Linux, the timeout needn't
be used as a timeout for the call - you can have a timer, so that when
that *particular* timer fires, you try calling pcap_dispatch() on the
pcap_t to which it corresponds.
Update selpolltest to add more capabilities needed when testing this on
Linux.
This should address GitHub issue #859 and pull request #858.
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
| |
Explicitly check for the characters we care about, to make it clearer
what we're doing.
Fix a bug introduced by an earlier change in the process.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of them are locale-dependent, and all of them run the risk of
failing if you hand them a char with the 8th bit set.
Define our own locale-independent macros that can be handed any integral
value.
Don't include <ctype.h>.
This should address the issue in GitHub pull request #839, and should
also catch any (highly unlikely) cases in which something other than
Boring Old Space And Tab and, sometimes, CR and LF are treated as white
space. (No, we don't want FF or VT treated as white space.)
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the snapshot length is 0, or doesn't fit in an int, we adjust it. If
we see an IDB after the first IDB, perform the same adjustment on *its*
snapshot length before comparing it with the adjusted snapshot length
for the first IDB.
(Yes, this means that if the IDBs have different snapshot lengths, but
they both adjust to the same value, they will be treated as equal.
That's not a bug, that's a feature - the only reason we insist that they
be the same is so that the value that pcap_snapshot() returns, which,
for pcapng files, is the adjusted snapshot length for the first IDB,
applies to all IDBs, so the IDBs all just have to have the same adjusted
snapshot length.)
This should fix GitHub issue #832.
|
| |
|
|
|
|
| |
If we're fetching interfaces with pcap_findalldevs_ex() with an
rpcaps:// URL, put rpcaps:// rather than rpcap:// into the URLs that we
return.
|
| |
|
|
|
|
|
|
| |
We don't need N different places all doing their own calls to
FormatMessage(); centralize it in pcap_win32_err_to_str(), now in
fmtutils.c for use in rpcapd as well as libpcap.
Merge in some fixes from the code in sock_fmterror().
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch also encode the control sockets in adition to the data
socket. Clients performs a TLS handshake when the scheme is rpcaps://
rather than rpcap://. Both active and passive modes are supported, but
transfert via UDP is not (yet) supported (the lib returns an error in
that case).
I did some adaptation to the windows code but couldn't tested so for all
I know it may not even compile.
Also tried to fix the indentation.
|
| |\| |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If net/bpf.h declares bpf_filter() one way and libpcap defines it
another way, even pcap-bpf.c needs a declaration that matches how
libpcap defines it, not how net/bpf.h (mistakenly) declares it.
("Mistakenly" because it should *not* be declaring the kernel's version
of bpf_filter() unless it's being used in a *kernel* build; other *BSDs,
and macOS, declare it only in kernel builds by testing for a #define
such as KERNEL or KERNEL_PRIVATE, but NetBSD doesn't - it *should*, but
it doesn't.)
So we rename the internal-to-pcap filtering routine as pcap_filter(),
which is not exported from libpcap, and have bpf_filter() be a wrapper
around pcap_filter() that is exported.
Use pcap_filter(), rather than bpf_filter(), for all filtering inside
libpcap (except for filtering that uses bpf_filter_with_aux_data(),
which we rename pcap_filter_with_aux_data()).
Do the same for bpf_validate(), which is *also* declared in net/bpf.h,
even for non-kernel builds, in NetBSD.
As we're not exporting pcap_filter_with_aux_data(), don't even *declare*
it in a public header; don't declare struct bpf_aux_data in a public
header, either. That way we can change it without worrying about
breaking APIs or ABIs; we may do that if, for example, we want to
support the "inbound" and "outbound" filters when reading pcapng files,
adding a direction indicator to that structure.
Declare bpf_filter() in pcap/bpf.h even on NetBSD and QNX; pcap-bpf.c
doesn't include pcap/bpf.h (it sets a #define to force pcap/pcap.h not
to include it), so we won't get any collisions if net/bpf.h (which it
does include) declares it. The only collisions will occur in programs
that include *both* pcap/pcap.h or pcap/bpf.h *and* net/bpf.h, and that
will occur only if net/bpf.h declares bpf_filter() even when building
userland code, and the correct fix for *that* is to fix net/bpf.h not to
declare them in non-kernel builds.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't put struct bpf_aux_data there, either.
bpf_filter_with_aux_data() is an internal-only routine, and struct
bpf_aux_data is a data structure subject to change in the future; don't
make them public, so that we *can* change it in the future without
having to worry about breaking APIs or ABIs.
(Note to any upstream packager of libpcap: if you've made it public,
so that it's exported by a shared libary, that was a mistake, so undo
it.)
|
| |/
|
|
| |
On platforms that support it use an eventfd to exit any polling.
|
| |
|
|
| |
As a follow-up to comit 5f2a5c03e0f91bc2dc2ae33838db273dd6c7d8d9.
|
| | |
|
| |
|
|
|
| |
Put the "get more interface flags" routine pointer right after the
"interface flags" pointer.
|
| |
|
|
|
| |
This lets us make it a static function - or eliminate it entirely for
pcap-null.c.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add:
PCAP_IF_WIRELESS, which indicates whether the interface is "wireless" or
not.
PCAP_IF_CONNECTION_STATUS, which is a bitmask for a two-bit field that
can have one of the values:
PCAP_IF_CONNECTION_STATUS_UNKNOWN if the status of whether the interface
is "connected" or "disconnected" is unknown;
PCAP_IF_CONNECTION_STATUS_CONNECTED if the interface is "connected";
PCAP_IF_CONNECTION_STATUS_DISCONNECTED if the interface is
"disconnected";
PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE if the notion of "connected" or
"disconnected" doesn't apply to this interface.
Take that into account when sorting interfaces in the interface list,
penalizing "disconnected" interfaces, as you won't see traffic on them
if they're not wireless and you'd have to be in some form of "monitor
mode" to see traffic on them if they're wireless.
This should address GitHub issue #700.
|
| | |
|
| |
|
|
|
|
| |
For the epoll mechanism, the call to wait for events is epoll_wait()
(and epoll_pwait()); for the kqueue mechanism, the call to wait for
events is kevent() (and additional calls in Darwin-based systems).
|
| |
|
|
|
|
|
|
|
|
|
| |
DAG adapters don't support blocking until packets arrive; a program
using select()/poll()/epoll()/kqueue-based event loop must periodically
poll DAG pcap_t's to see if they have packets available. Add
pcap_get_required_select_timeout(), which returns a pointer to a struct
timeval containing the appropriate timeout interval if polling is
required and NULL if polling isn't required or isn't supported.
Clean up the pcap_get_selectable_fd() documentation while we're at it.
|
| |
|
|
| |
One less thing that has to be done in autotools and CMake.
|
