| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
We can't currently *report* them, but at least we *could* handle an
interface with more than 2^32 rx_missed_errors or rx_fifo_errors (not
that it's likely - if you're dropping that many packets due to issues
with buffering on the *adapter*, You Have A Problem).
|
| |
|
|
|
| |
Consistently use {if_name} and other {XXX_name} as a component for
/sys/class pathnames.
|
| |
|
|
| |
Also fixes a swap in the original /sys/class/net comment
|
| | |
|
| |
|
|
|
| |
This fixes the offset issue I mention in
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
|
| |
|
|
|
| |
A timeout of zero means "wait indefinitely", not "wait for some
kernel-chosen default block retirement timeout".
|
| |
|
|
|
|
|
| |
Explicitly check for the characters we care about, to make it clearer
what we're doing.
Fix a bug introduced by an earlier change in the process.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of them are locale-dependent, and all of them run the risk of
failing if you hand them a char with the 8th bit set.
Define our own locale-independent macros that can be handed any integral
value.
Don't include <ctype.h>.
This should address the issue in GitHub pull request #839, and should
also catch any (highly unlikely) cases in which something other than
Boring Old Space And Tab and, sometimes, CR and LF are treated as white
space. (No, we don't want FF or VT treated as white space.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
linux/if_arp.h is a "uapi" header, so it's part of the user-mode API to
the Linux kernel, and we're user-mode code that's using Linux-specific
kernel APIs, so it's what we should be using - especially given that C
libraries that provide a <net/if_arp.h> header don't necessarily keep
them up-to-date with all the kernel ARPHRD_ values.
(I.e., skip the middleman; the kernel is the appropriate authority as to
what ARPHRD_ values it returns.)
This should address the problem in GitHub pull request #836.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Require Visual Studio 2015 or later; fail if we don't have it, and
remove checks for older versions.
That means we have C99-compliant snprintf() and vsnprintf(); require
them when configuring for UN*X, and then use them directly, rather than
having wrappers for systems lacking them.
If we're using MSVC, skip the tests for options to request C99
compatibility - either we have VS 2015, which is sufficient, or we
don't, in which case we fail.
|
| | |
|
| | |
|
| |
|
|
|
| |
That should help us fix those cases, by reporting the OS's link-layer
type value.
|
| |
|
|
|
| |
In addition to the support for DSA data link types added by 993db38,
this commit adds support for the Marvell DSA and EDSA tagging formats.
|
| | |
|
| | |
|
| |
|
|
|
| |
It's passed a pcap_t *, and should and does fill in the pcap_t's error
message buffer.
|
| |
|
|
|
|
|
|
| |
r is known to be >= 0 at that point; just cast it to size_t.
Don't treat strcmp() as a Boolean while we're at it (the intent was
presumably "{string A} {OP} {string B}" is done as
"strcmp({string A}, {string B}) {OP} 0").
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux kernel 4.20 and greater can report what type of Distributed Switch
Architecture tagging protocol is used on the DSA master/management
interface. We need to map the protocol to a specific DLT and linktype
value in the pcap file because these protocols typically cannot be
decoded simply by making use of heuristics. The sysfs attribute that is
being checked and parsed is documented in this commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3d7e01da06013dc580641a1da57c3b482d58157
For now, the description of the Broadcom 4 byte Ethernet switch tagging
protocol is provided and more tags can be added in the future using the
same infrastructure.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
We now wrap all the PF_PACKET socket code in HAVE_PF_PACKET_SOCKETS,
rather than having stubs if we don't have PF_PACKET socket support.
We also determine whether to use PF_PACKET sockets or not in
pcap_activate_linux().
That reduces the number of places that have to decide whether to use
PF_PACKET sockets.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If you can open a PF_PACKET socket, you don't need to fall back on
PF_INET/SOCK_PACKET sockets, and we've already opened that socket by the
time we call iface_bind().
Have iface_bind() return 0 on success and a PCAP_ERROR_ value on
failure. If the bind() call fails with ENODEV, return
PCAP_ERROR_NO_SUCH_DEVICE, otherwise return PCAP_ERROR.
If getsockopt(SO_ERROR) fails, that's an error; if it succeeds, and
supplies a pending error code, that's an error, too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
snprintf() can modify errno; do all errno tests before calling
pcap_fmt_errmsg_for_errno() to generate an error message. (Yes, we want
to set the error string even for PCAP_WARNING_PROMISC_NOTSUP,
PCAP_ERROR_NO_SUCH_DEVICE, and PCAP_ERROR_PERM_DENIED; the
pcap_activate() man page says
If PCAP_WARNING_PROMISC_NOTSUP, PCAP_ERROR_NO_SUCH_DEVICE, or
PCAP_ERROR_PERM_DENIED is returned, pcap_geterr() or
pcap_perror() may be called with p as an argument to fetch or
display an message giving additional details about the problem
that might be useful for debugging the problem if it's
unexpected.
|
| |
|
|
|
|
|
|
|
| |
If we're using TPACKET_V1, it's because we have a kernel that doesn't
support TPACKET_V2; such a kernel also doesn't support PACKET_RESERVE,
as TPACKET_V2 and PACKET_RESERVE were both added in 2.6.27.
If we *aren't* using TPACKET_V1, treat any failure of PACKET_RESERVE as
an error, as it should be supported, and we should never get ENOPROTOOPT.
|
| |
|
|
|
|
| |
Do it all in one setsockopt() call; don't set up the VLAN tag reserve,
and then fetch it, add the DLT_LINUX_SLL2 reserve to it, and set it
again.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Those sockets must be bound to an interface, so they can't support the
"any" device; check for the "any" device, and fail if we're trying to
open that device, before we even create the socket.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We now depend on the *full* semantics of those routines, including the
return value being usable for truncation checks.
If we're building for a UN*X that has them, define pcap_strl{cpy,cat} to
be strl{cpy,cat}.
If we're building for Windows using MSVC, define pcap_strl{cpy,cat}, not
strl{cpy,cat}.
Otherwise, build our won versions of pcap_strl{cpy,cat} from BSD-derived
source code.
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
Careful with that microEMACS, Eugene.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If net/bpf.h declares bpf_filter() one way and libpcap defines it
another way, even pcap-bpf.c needs a declaration that matches how
libpcap defines it, not how net/bpf.h (mistakenly) declares it.
("Mistakenly" because it should *not* be declaring the kernel's version
of bpf_filter() unless it's being used in a *kernel* build; other *BSDs,
and macOS, declare it only in kernel builds by testing for a #define
such as KERNEL or KERNEL_PRIVATE, but NetBSD doesn't - it *should*, but
it doesn't.)
So we rename the internal-to-pcap filtering routine as pcap_filter(),
which is not exported from libpcap, and have bpf_filter() be a wrapper
around pcap_filter() that is exported.
Use pcap_filter(), rather than bpf_filter(), for all filtering inside
libpcap (except for filtering that uses bpf_filter_with_aux_data(),
which we rename pcap_filter_with_aux_data()).
Do the same for bpf_validate(), which is *also* declared in net/bpf.h,
even for non-kernel builds, in NetBSD.
As we're not exporting pcap_filter_with_aux_data(), don't even *declare*
it in a public header; don't declare struct bpf_aux_data in a public
header, either. That way we can change it without worrying about
breaking APIs or ABIs; we may do that if, for example, we want to
support the "inbound" and "outbound" filters when reading pcapng files,
adding a direction indicator to that structure.
Declare bpf_filter() in pcap/bpf.h even on NetBSD and QNX; pcap-bpf.c
doesn't include pcap/bpf.h (it sets a #define to force pcap/pcap.h not
to include it), so we won't get any collisions if net/bpf.h (which it
does include) declares it. The only collisions will occur in programs
that include *both* pcap/pcap.h or pcap/bpf.h *and* net/bpf.h, and that
will occur only if net/bpf.h declares bpf_filter() even when building
userland code, and the correct fix for *that* is to fix net/bpf.h not to
declare them in non-kernel builds.
|
| | |
| |
| |
| | |
Should fix GitHub issue #689.
|
| |/
|
|
| |
On platforms that support it use an eventfd to exit any polling.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As far as Ubuntu 18.04 kernel headers go, _UTSNAME_RELEASE_LENGTH =
= _UTSNAME_VERSION_LENGTH = _UTSNAME_MACHINE_LENGTH = _UTSNAME_LENGTH =
= 65.
char release[_UTSNAME_RELEASE_LENGTH] contains the kernel version and
possibly some suffixes, e.g. "4.15.0-29-generic". For most cases 32 bytes
should be enough.
char version[_UTSNAME_VERSION_LENGTH] contains the kernel build number,
name and date, e.g. "#31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018". This
may actually take up to 64 characters.
char machine[_UTSNAME_MACHINE_LENGTH] contains the hardware name, e.g.
"x86_64". For most cases 16 bytes should be enough.
./pcap-linux.c: In function ‘pcap_handle_packet_mmap’:
./pcap-linux.c:5030:5: warning: ‘%s’ directive output may be truncated writing up to 64 bytes into a region of size between 9 and 160 [-Wformat-truncation=]
"corrupted frame on kernel ring mac "
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./pcap-linux.c:5035:5:
utsname.machine);
~~~~~~~
./pcap-linux.c:5032:37: note: format string is defined here
"(kernel %s version %s, machine %s)",
^~
|
| |
|
|
|
| |
If there's a kernel-dependent or ISA-dependent issue, this may provide
some helpful information.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They're defined in a header under include/uapi in the Linux kernel
source, so they're part of the official kernel API and, at least from
what I understand Mr. Torvalds believes, part of the official kernel
ABI, so we don't have to worry about the numerical values changing.
So:
for the SLL header, we just directly htons() them, rather than
doing a trivial mapping from PACKET_xxx values to LINUX_SLL_xxx
values;
for the SLL2 header, we just use them, as they're a one-byte
value in both headers, so there's no need to do any byte
swapping.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
./pcap-linux.c: In function ‘pcap_read_packet’:
./pcap-linux.c:1911:7: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
if (handle->linktype = DLT_LINUX_SLL2) {
^~~~~~
./pcap-linux.c: In function ‘fix_offset’:
./pcap-linux.c:7169:14: warning: unused variable ‘hdr_len’ [-Wunused-variable]
bpf_u_int32 hdr_len;
^~~~~~~
[skip ci]
|
| | |
|
