| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
As per Michael Richardson's suggestion at
https://github.com/the-tcpdump-group/libpcap/commit/e65d3cab20910a693a30e18b37576d6649be2e61#r39401988
|
| |
|
|
|
|
|
| |
This centralizes the way we get such a socket for ioctls if we don't
have one already, so that there's only one mechanism for doing that.
This should address GitHub pull request #925.
|
| |
|
|
|
|
|
| |
Version 2 was, apparently, short-lived, and version 1 is source and
binary incompatible with version 3, and it appears that, these days,
everybody's using version 3. We're not supporting older versions of the
Linux kernel; let's drop support for older versions of libnl, too.
|
| | |
|
| |
|
|
| |
[skip ci]
|
| | |
|
| |\
| |
| | |
Linux: refactor broken TPACKET_V3 detection.
|
| | |
| |
| |
| |
| | |
Extracted to a separate function and using sscanf
for version parsing to make it easier to follow.
|
| | |
| |
| |
| |
| | |
It dates back to before the 2.6.27 kernel, and we require a 2.6.27 or
later kernel, so it will be defined.
|
| | |
| |
| |
| |
| | |
We only support building for 2.6.27 or later, and those have both of
those defined.
|
| | |
| |
| |
| |
| | |
It was introduced long before 2.6.27, and we require 2.6.27 or newer, so
we can just assume we have it.
|
| | |
| |
| |
| |
| | |
We use it in another switch statement *without* checking whether it's
defined, so there's no point in checking it there.
|
| | |
| |
| |
| |
| | |
If we're building for Linux, we require 2.6.27 or later, and they have
PF_PACKET and SO_ATTACH_FILTER.
|
| | |
| |
| |
| | |
We require Linux 2.6.27 or later, and that has ethtool.h.
|
| | |
| |
| |
| |
| | |
We unconditionally include it in pcap-linux.c; don't check for it, and
don't subsequently conditionally include it again.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Set the function pointers for the pcap_t just before
pcap_activate_linux() returns success; in all other cases, the activate
fails, so we want the old "not activated yet" function pointers.
Do all the function pointer setting in pcap_activate_linux(); none of it
depends on whether we have memory-mapped capture support, as we don't
support non-memory-mapped capture at all.
Rename some XXX_mmap() routines to XXX_linux(), as there is no
non-mmapped code.
Combine all the "set filter" code into one pcap_setfilter_linux()
routine.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Since eventfd was introduced in the same release (2.6.27) as
TPACKET_V2, and we require TPACKET_V2 to function, it's a
reasonably certain assumption that we can use eventfd for
signaling termination.
|
| | | |
|
| | |
| |
| |
| |
| | |
Just destroy the ring and free the oneshot buffer in the regular cleanup
routine; destroy_ring() will work OK if there's nothing to destroy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Have separate error messages for "kernel doesn't support memory-mapped
capture at all" (say we need 2.6.27 or later *and*, for 2.x kernels, you
need to enable CONFIG_PACKET_MMAP) and for "kernel supports it but only
supports TPACKET_V11 (again, say we need 2.6.27 or later, but leave out
the CONFIG_PACKET_MMAP stuff).
Also, update a comment to speak of 2.6.27.
|
| | |
| |
| |
| |
| | |
TPACKET_V2 is an enum member, so the test doesn't work. TPACKET2_HDRLEN
is a #define.
|
| | | |
|
| | |
| |
| |
| | |
This also removes some leftovers from non-mmapped mode.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a pain to detect, because the PF_PACKET socket code appears to
get separate "interface went down" and "interface went away"
notifications in my "unplug a USB Wi-Fi adapter" tests on my VMware
Fusion Ubuntu 18.04 virtual machine (5.3.0 kernel), and the first
notification delivers a wakeup and returns ENETDOWN while the second
notificaiton delivers *no* wakeup and sets the ifindex member of the
struct packet_sock for the socket, so there's nothing we can test after
the wakeup that's guaranteed to indicate that the interface has
disappeared.
So what we have to do is remember the ENETDOWN but not return it as an
error, and then arrange to periodically check whether the interface is
still there; if it isn't, we *then* return the "interface went away"
error, and, if we see traffic or see that the interface is up, we clear
the remembered ENETDOWN and stop doing the periodic checks.
This is tricky, because it needs to work not only for blocking pcap_t's,
where we're in a loop doing poll() calls, so we can keep checking within
the loop, but also for non-blocking pcap_t's on which the caller is
doing select()/poll()/epoll_wait().
In order to make *that* work, we need to tweak the semantics of
pcap_get_required_select_timeout() so that it's not guaranteed that it
will always return the same value, so that it should be called within
event loops rather than called once outside the event loop. Normally,
there is no timeout required for Linux PF_PACKET sockets, but when we're
doing the periodic tests, the timeout is required.
While we're doing that, we make the return value of
pcap_get_required_select_timeout() a const pointer - there was no good
reason for the caller to modify it (it doesn't belong to the caller).
If poll() returns POLLERR, use getsockopt(SO_ERROR) to get the socket
error, rather than a read().
Update the documentation to reflect this, and make various other
cleanups (including documenting the error return value for
pcap_get_selectable_fd() to -1 rather than PCAP_ERROR - it's not an
error code, it's just a specific error value). Also note that, for
kqueues on *BSD/macOS and for select/poll on Linux, the timeout needn't
be used as a timeout for the call - you can have a timer, so that when
that *particular* timer fires, you try calling pcap_dispatch() on the
pcap_t to which it corresponds.
Update selpolltest to add more capabilities needed when testing this on
Linux.
This should address GitHub issue #859 and pull request #858.
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
| |
We only need to do all that work once; if we start out with a SOCK_RAW
socket, and then realize we need to fall back to a SOCK_DGRAM socket,
any failure when trying to open the SOCK_DGRAM socket is a "this can't
happen" error and should be treated as such.
|
| |
|
|
| |
That's the code path for activating a PF_PACKET socket.
|
| |
|
|
| |
Always go to the "fail" label, so we do cleanup.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Take an else clause for which the if clause returns out and put it at
the top level.
Rename activate_mmap() to setup_mmapped(), as it does part, not all, of
the activation process. Put a bit more of that process into it, so it
finishes the process (except for the final "set the protocol so packets
are seen" part).
Add a setup_non_mmapped() routine that finishes the non-memory-mapped
setup process (except for the final "set the protocol so packets are
seen" part).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the memory mapped packet receive path on Linux, we find
that if the buffer is "large" we get a number of dropped packets.
This number of packets is roughly proportional to the buffer size.
It turns out that these packets are dropped by the kernel in the time
period between the socket being opened and the ring parameter setup
completing (this is where the kernel has to allocate the buffer memory).
To prevent this, we can open the socket on protocol 0, which the kernel
interprets to mean that we don't want to receive any packets at all (this
is described when opening a memory mapped packet socket for TX only). We
then set the correct protocol once everything is configured.
Signed-off-by: Mark Marshall <mark.marshall@omicronenergy.com>
|
| |
|
|
|
| |
That way, we don't have to do the check in the individual setdirection
op routines.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Since AF_PACKET is now expected, and all interfaces advertise an
AF_PACKET address, they all show up in `getifaddrs` output, so it's
no longer needed.
|
| |
|
|
|
|
|
|
| |
Say "...on this device" for errors; it may be the OS's capture mechanism
that doesn't support setting the direction, but there may be other
devices on the system that *do* support it.
Check the validity of the direction argument in more places.
|
| |
|
|
| |
[skip ci]
|
| | |
|
| |
|
|
|
|
| |
Have the "raw" pointer in union thdr be a u_char pointer, have
RING_GET_FRAME_AT() return a u_char pointer, and have the pointer
variable used when setting up the pointer array be a u_char pointer.
|
| |
|
|
|
| |
Add to a u_char * and cast the *result* to void *, rather than casting
the u_char * to void * and adding to that.
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
|
| |
The warning was:
./pcap-linux.c: At top level:
./pcap-linux.c:373:13: warning: 'iface_bind_old' declared 'static' but
never defined [-Wunused-function]
373 | static int iface_bind_old(int fd, const char *device, char *ebuf);
| ^~~~~~~~~~~~~~
|
| |\
| |
| | |
Remove dead stores.
|
| | | |
|
| | |
| |
| |
| | |
[skip ci]
|
| | |
| |
| |
| |
| |
| | |
PF_PACKET sockets turn off promiscuous for you, and we now require
PF_PACKET sockets, so we don't need to worry about turning it off when
we exit.
|
| |/ |
|
| | |
|
