aboutsummaryrefslogtreecommitdiff
path: root/pcap-linux.c
Commit message (Collapse)AuthorAgeFilesLines
* treat ARPHRD_TUNNEL6 tunnels as validHimbeerserverDE2024-02-151-0/+1
|
* Merge pull request #1082 from luizluca/realtek_tag_2Guy Harris2023-08-071-0/+3
|\ | | | | Add support for Realtek (Ethertype) DSA data
| * Add support for Realtek (Ethertype) DSA dataLuiz Angelo Daros de Luca2022-03-071-0/+3
| | | | | | | | | | | | | | | | | | | | Realtek switchtag rtl4a (4 bytes long, protocol 0xA) and rtl8_4 (8 bytes long, protocol 0x04) are Ethertype DSA tags, inserted in the Ethernet header similar to an 802.1Q tag. Both shares the same Ethertype 0x8899 as other Realtek proprietary protocols. Realtek switchtag rtl8_4t is identical to rtl8_4 but positioned before the CRC, at the end of the Ethernet frame.
* | pcap-linux: plug an FD leak.Guy Harris2023-08-011-1/+3
| | | | | | | | | | | | | | If map_arphrd_to_dlt() fails, free sock_fd before returning the error status, as we do elsewhere. Fixes Coverity CID 1539177.
* | Fix spellingJosh Soref2023-06-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * amount * anymore * authentication * availability * bracket * captured * casted * communications * compliant * configurable * cumulate * deinitialize * descriptors * didn't * disassembler * disassociate * distributions * divvy * doing * entries * everything * explicitly * explosion * expression * extracting * failed * family * find * github * global * implementations * incorrectly * intel * interlocked * justifying * know * launched * libraries * malloced * mask * maximum * network * nonexistent * number * occurred * optimizer * overflow * overwrite lower * packet * packetfilter * packets * parse hosts * payload * phase * programmers * promiscuous * protocol * receiving * redefinition * sampling * savefile * schwartz * should * snapshot * something * specifies * straightforward * stream * subdir * support * surrogate * suse * system is * test with * than * those * unmaintained * valid * way * western * wireshark Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* | If we can't allocate a DLT_ list, fail.Guy Harris2023-06-241-29/+34
| | | | | | | | | | | | | | | | Some code already was doing that (for example, pcap-bpf.c if fetching the DLT list with an ioctl), and, if you can't allocate a DLT_ list, which is usually pretty small, you may have other memory allocation problems later, so letting the program open an interface (and not get a correct list of all link-layer types supported) may not be worth it.
* | linux: only use DLT_LINUX_SLL2 for the "any" device.Guy Harris2023-06-241-22/+10
| | | | | | | | | | | | | | The only thing DLT_LINUX_SLL2 adds is the interface index and, if we're falling back on cooked captures just because we don't have a DLT_ to which to map the ARPHRD_ type, we're capturing on a single device and the interface index adds no additional information.
* | linux: fix code path to properly return warnings.Guy Harris2023-06-241-64/+72
| | | | | | | | | | | | | | | | | | Don't overwrite PCAP_WARNING_ codes with 0 (success). While we're at it, clean up some leftovers from when we supported older Linux kernels and failures to, for example, set up PF_PACKET sockets or to set up a memory-mapped buffer meant "fall back on older mechanisms" rather than "fail".
* | diffs: fix up the "warn about the fallback to a cooked socket" message.Guy Harris2023-06-241-6/+1
| | | | | | | | | | | | Only test for "I don't know what DLT to map this ARPHRD to" case once and, if we don't know that, set the error message and arrange that we return PCAP_WARNING.
* | Add the Solaris "any" device in pcap_findalldevs() if we have it.Guy Harris2023-06-131-11/+1
| | | | | | | | | | | | | | | | There's no good run-time test, so we test at configure time, by checking whether /usr/include/inet/ipnet.h exists and contains IPNET_ANY_LINK. See https://github.com/the-tcpdump-group/tcpdump/issues/1057#issuecomment-1584088911 We make a common routine to use to add that device.
* | Prefix routines declared in pcap-int.h with pcap_.Guy Harris2023-05-261-3/+3
| | | | | | | | | | This avoids potential and, in one case (SIMH), actual collisions with names in other libraries or in applications using libpcap.
* | Fix spaces before tabs in indentationFrancois-Xavier Le Bail2023-02-151-4/+4
| |
* | Add an option to force memory-mapped buffers to be mapped as accessible to ↵Hans Leidekker2022-12-201-2/+8
| | | | | | | | 32-bit code.
* | linux: Use an anonymous private mapping for the one shot buffer.Hans Leidekker2022-12-201-6/+6
| |
* | Merge pull request #1113 from fenner/no-eventfdGuy Harris2022-08-251-5/+39
|\ \ | | | | | | Close the eventfd if we are non-blocking
| * | Close the eventfd if we are non-blockingBill Fenner2022-08-251-5/+39
| | | | | | | | | | | | | | | | | | | | | The eventfd is used to break out of a poll() before it times out, used by pcap_breakloop(). If we are non-blocking, then the eventfd is never needed, so we close it. (And open a new eventfd if we switch to blocking).
* | | Fix some typosFrancois-Xavier Le Bail2022-07-101-1/+1
| | | | | | | | | | | | [skip ci]
* | | Fix some typosFrancois-Xavier Le Bail2022-07-041-1/+1
|/ / | | | | | | [skip ci]
* | linux: reserve space for DLT_LINUX_SLL2 on all cooked captures.Guy Harris2022-04-131-12/+12
| | | | | | | | | | Don't just do it if we're using DLT_LINUX_SLL2 up front; that can be changed by the software using libpcap at any point.
* | linux: rename a routine to make its function clearer.Guy Harris2022-04-131-6/+6
| | | | | | | | | | | | | | | | Its function is to set up the socket for capture, so call it setup_socket(). "pf_packet" in "activate_pf_packet()" iss redundant, as the only type of socket we now support is PF_PACKET (we dropped support for systems without PF_PACKET sockets a while ago), and it doesn't do a full activation, it just does some socket setup.
* | linux: we require 2.6.27 or later, so PACKET_RESERVE is available.Guy Harris2022-04-131-43/+12
| | | | | | | | | | | | | | Don't bother checking whether it's supported; if it's not, we just fail. Update a comment to reflect that, as we require 2.6.27 or later, we always use memory-mapped capture and we always use PACKET_RESERVE.
* | linux: don't bother testing for PACKET_AUXDATA support.Guy Harris2022-04-121-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | We require Linux 2.6.27 or later, and that version has PACKET_AUXDATA. Also update a question to reflect that 1) the build will fail before that point if it's not building for 2.6.27 or later, so auxiliary data is guaranteed to be supported and 2) it appears that, for memory-mapped capture - which is all we support - the auxiliary data is provided regardless of whether it's enabled. This was noticed in issue #1105; the PACKET_AUXDATA support wasn't getting compiled in.
* | linux: set handlep->vlan_offset if the linktype is changed.Guy Harris2022-04-091-23/+41
| | | | | | | | | | | | | | The change to the linktype might change the offset at which to insert VLAN tags (or change it to -1, meaning "don't insert VLAN tags"). This should fix issue #1105.
* | Make sure some error message is provided for PCAP_ERROR_NO_SUCH_DEVICE.Guy Harris2022-03-141-7/+23
| | | | | | | | If there's no more information to provide, provide an empty string.
* | Set the error message for "permission denied" errors.Guy Harris2022-03-111-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a suggestion for PCAP_ERROR_PERM_DENIED and PCAP_ERROR_PROMISC_PERM_DENIED; the suggestion may be nothing more than "you might require root permission", but at least it's something. Note also what we were trying to do, to indicate that the problem might be that you need root permission to set promiscuous mode even if you don't need it to capture, or that you need CAP_NET_ADMIN permission to change the time stamp mode of an adapter on Linux even though you don't need it to capture. (The latter was done as per the discussion in issue and that triggered the same double-free bug that failing to set up the memory-mapped ring buffer caused in issue #1054.)
* | linux: fix a comment. [skip ci]Guy Harris2022-02-191-2/+2
| |
* | linux: fix a routine name.Guy Harris2022-02-191-5/+7
| | | | | | | | | | | | | | | | | | | | | | iface_get_ts_info() does use an ethtool ioctl whose name ends with GET_TS_INFO to fetch information about the adapter's time stamping support, but the goal is to get the types of time stamping we support. Rename it to iface_get_ts_types() to make it clearer what it does. Update a comment to express a hope that said ioctl has been fixed not to lie as much as it did when I sent that message to linux-netdev back in 2016 (the ixgbe driver appears to have been fixed).
* | linux: clean up fetching of time stamp types.Guy Harris2022-02-191-9/+13
| | | | | | | | | | | | | | | | | | Always define an internal iface_get_ts_info() routine to fetch the time stamp types, even if there's no support for time stamp types - in that case, we simply don't set any time stamp types. This gets rid of an #ifdef in pcap_create_interface(), and avoids some potention "argument not used" warnings.
* | linux: print a better message for "out of memory" errors for kernel filters.Guy Harris2022-02-041-1/+12
| | | | | | | | | | | | | | | | | | | | If attempting to set a kernel filter gets ENOMEM, print a message suggesting that they increase the value of the net.core.optmem_max sysctl. See GitHub issue #1089 for an example of a complicated but not too complicated filter that exceeds the default "other/option memory per socket" maximum.
* | Make sure no read routine process more than INT_MAX packets.Guy Harris2022-01-261-11/+37
|/ | | | | | | | | | | | | | | | | | | Some read routines don't read a single bufferful of packets and process just those packets; if packets continue to be made available, they could conceivably process an arbitrary number of packets. That would mean that the packet count overflows; either that makes it look like a negative number, making it look as if an error occurred, or makes it look like a too-small positive number. This can't be fixed by making the count 64-bit, as it ultimately gets returned by pcap_dispatch(), which is defined to return an int. Instead, if the maximum packet count argument to those routines is a value that means "no maximum", we set the maximum to INT_MAX. Those routines are *not* defined to loop forever, so this isn't an issue. This should fix issue #1087.
* Revert "linux: clean up the SocketCAN header for classic CAN frames."Guy Harris2021-10-201-30/+9
| | | | | | | | This reverts commit e9eaad85f3888c72f79de705fae7e0768d8a622d. We only need to do this for CAN FD frames; readers of the frames can use thse heuristics to determine whether to trust the len8_dlc field without our help.
* linux: clean up the SocketCAN header for classic CAN frames.Guy Harris2021-10-201-9/+30
| | | | | | We already clean it up for CAN FD frames; clean it up for classic CAN frames as well, to allow heuristics to be used to try to guess whether the len8_dlc field was filled in.
* linux: clean up possibly-uninitialized data in the CAN header.Guy Harris2021-10-121-1/+33
| | | | | | | | | | | | | | | If the protocol is CAN FD, clear out all bits in the flags field other than the defined ones, and clear out the two reserved fields. If the protocol is *not* CAN FD, clear the CAN FD flag, to make sure the packet is interpreted as classic CAN, not CAN FD. This is done just in case the kernel or driver put uninitialized junk in the reserved bits of the CAN header, as has apparently happened in at least some LINKTYPE_CAN_SOCKETCAN captures, to allow programs reading those captures to attempt to distinguish "CANFD_FDF is set because the frame is an FD frame" from "CANFD_FDF is set because the fd_flags field contains uninitialized junk".
* linux: use DLT_CAN_SOCKETCAN for CANbus interfaces.Guy Harris2021-10-091-15/+37
| | | | | | | | | | | | | | | Don't provide a DLT_LINUX_SLL header. Instead, tweak the header provided by the kernel to 1) put the "CAN ID and flags" field in host byte order, as that's what DLT_CAN_SOCKETCAN specifies and 2) check whether the protocol field provided as metadata (which we normally incorporate into a DLT_LINUX_SLL header) is CAN FD rather than CAN and, if it's CAN FD, set the CANFD_FDF flag in the DLT_CAN_SOCKETCAN header's flags field, to indicate to the reader of the packets that it's CAN FD rather than CAN classic. This addresses GitHub issue #1052. Incorporates some changes from GitHub pull request #1035.
* linux: null handlep->oneshot_buffer after freeing it.Guy Harris2021-10-051-0/+2
| | | | That avoids double-free crashes on certain errors; see GitHub issue
* linux: fix check for CAN/CAN FD packets in the direction check routine.Guy Harris2021-09-231-2/+8
| | | | | | | | The protocol field is big-endian, not host-endian (it's big-endian in an sk_buff, and that makes it all the way to userland), so convert it to host order before comparing with the CAN and CAN FD protocol types. This addresses part of GitHub issue #1051.
* Possible resource leak in pcap-linux.cMichal Ruprich2021-07-271-1/+1
|
* On Linux, don't assume the compiler supports __atomic builtins.Guy Harris2021-05-111-0/+13
| | | | | | | | Not all compilers that are used to compile code to run on Linux have these builtins. For example, older versions of GCC don't, and at least some people are doing cross-builds for MIPS with older versions of GCC. This should fix GitHub issue #1003.
* Handle the name change to the auxiliary data structure.Guy Harris2021-01-011-1/+1
|
* Fix some typosFrancois-Xavier Le Bail2020-12-121-1/+1
| | | | [skip ci]
* Fix some spelling. [skip ci]Denis Ovsienko2020-10-091-3/+3
|
* Clean up allocation of some lists.Guy Harris2020-09-271-8/+21
| | | | | | | | Always heck wehther the allocation succeeds, and fail if it doesn't. Set the count of elements of the list only if the list was successfully allocated. For stylistic consistency, also seet it after we've set all the elements of the list.
* Amend a comment after the previous commit. [skip ci]Denis Ovsienko2020-09-261-3/+4
| | | | Restore and clarify the removed note, fix a couple unrelated issues.
* added ipv6 socket supportlixiaoyan2020-09-261-2/+11
|
* Merge pull request #906 from Oppen/issue_898Michael Richardson2020-08-281-9/+18
|\ | | | | Linux: proper memory sync for PACKET_MMAP.
| * Linux: proper memory sync for PACKET_MMAP.Mario J. Rugiero2020-06-151-9/+18
| | | | | | | | | | | | | | Release and acquire packets using GCC builtins (compatible with many other common-place compilers). Should fix #898.
* | linux: get rid of Wireless Extensions for turning monitor mode on.Guy Harris2020-07-041-965/+87
| | | | | | | | | | | | | | This should fix GitHub issue #941 by getting rid of the code with the issue; see it for a discussion of why we're getting rid of it (tl;dr: the wireless extensions stuff is old and tired and netlink should be used instead).
* | linux: suggest adding a "pass all" filter in the activate routine.Guy Harris2020-07-031-0/+7
| | | | | | | | | | | | | | That's what's been done for a while with BPF and what we're now doing for NPF in WinPcap and Npcap. [skip ci]
* | Handle the pcap_t+private data in a fashion that makes fewer assumptions.Guy Harris2020-07-011-1/+1
|/ | | | | | | | | | | | | | | The sizeof operator and alignof macro can be given a type "name" that's anonymous, e.g. sizeof(struct { int a; char *b; }). Have pcap_create_common() and pcap_open_offline_common() take, as arguments, the total size of a structure containing both the pcap_t and the private data as members, and the offset of the private data in that structure, and define macros that calculate those given, as an argument, the data type of the private data. This avoids making assumptions about the alignment of those two items within the structure; that *might* fix GitHub issue #940 if the issue is that the ARM compiler being used does 16-byte alignment of the private structure, rather than the 8-byte alignment we were wiring in.
* linux: test whether reading from the event FD succeeds.Guy Harris2020-06-021-1/+38
| | | | | | | | | | It *should* never succeed, but 1) you never know and 2) that gets newer versions of GCC, and Coverity, to stop whining that we're not checking the return value of read(). (We can't check of the write() to the event FD without adding a new API that's like pcap_breakloop() but that 1) returns a success/error indication and 2) provides an error message.)
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-10 14:42:46 +0000