| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* amount
* anymore
* authentication
* availability
* bracket
* captured
* casted
* communications
* compliant
* configurable
* cumulate
* deinitialize
* descriptors
* didn't
* disassembler
* disassociate
* distributions
* divvy
* doing
* entries
* everything
* explicitly
* explosion
* expression
* extracting
* failed
* family
* find
* github
* global
* implementations
* incorrectly
* intel
* interlocked
* justifying
* know
* launched
* libraries
* malloced
* mask
* maximum
* network
* nonexistent
* number
* occurred
* optimizer
* overflow
* overwrite lower
* packet
* packetfilter
* packets
* parse hosts
* payload
* phase
* programmers
* promiscuous
* protocol
* receiving
* redefinition
* sampling
* savefile
* schwartz
* should
* snapshot
* something
* specifies
* straightforward
* stream
* subdir
* support
* surrogate
* suse
* system is
* test with
* than
* those
* unmaintained
* valid
* way
* western
* wireshark
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
|
| |
|
|
|
|
|
|
| |
There's no good run-time test, so we test at configure time, by checking
whether /usr/include/inet/ipnet.h exists and contains IPNET_ANY_LINK.
See https://github.com/the-tcpdump-group/tcpdump/issues/1057#issuecomment-1584088911
We make a common routine to use to add that device.
|
| |
|
|
|
|
|
|
| |
Wrap WSACleanup() in a routine that calls it but returns nothing, so
that the wrapper has the right type for an atexit() routine.
This is cleaner that casting a pointer to WSACleanup(), and should avoid
warnings from VS 2022.
|
| |
|
|
|
| |
This avoids potential and, in one case (SIMH), actual collisions with
names in other libraries or in applications using libpcap.
|
| |
|
|
|
|
|
|
| |
This should make some functions thread-safe, even if it doesn't make
them fully-reentrant; at least some of them would requiree API changes
to full reentrancy.
This should fix #1174.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In gencode.c instead of casting pointer types copy the data to squelch 4
previously known warnings from GCC and Clang. (Oddly enough, Haiku is
the only OS that unconditionally puts a 32-bit array into the union
inside struct in6_addr, yet the only OS where these warnings appeared.)
In pcap.c add a temporary workaround for ioctl() to squelch two other
Clang warnings:
pcap.c:1619:6: error: missing field 'size' initializer
[-Werror,-Wmissing-field-initializers]
pcap.c:1638:6: error: missing field 'size' initializer
[-Werror,-Wmissing-field-initializers]
With these changes GCC builds are now warning-free, so in build.sh set
LIBPCAP_TAINTED for Clang only and update the comment to show the
current remaining warnings.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
BSDi 3.x is from 1997-1998, the workaround was introduced via commit
b63de9e in 2001. In the unlikely case it is still required, it would
have to be reinstated with a better comment.
|
| | |
|
| |\
| |
| | |
Add an option to force memory-mapped buffers to be mapped as accessible to 32-bit code
|
| | |
| |
| |
| | |
32-bit code.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
1. change pcap_read_dead to return void.
2. let pcap_read_dead do nothing.
Signed-off-by: hopper-vul <hopper.vul@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
| |
pcap_open_dead and pcap_fopen_offline has not initialized the breakloop_op and can_set_rfmon_op callback respectively,
if pcap_breakloop() is called followed by pcap_open_dead() and pcap_can_set_rfmon() is called followed by pcap_fopen_offline()
then the null function pointer crashes will happen.
This commit adds two default implementation pcap_breakloop_dead and sf_cant_set_rfmon and uses them to initialize those two missed callbacks.
Signed-off-by: hopper-vul <hopper.vul@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
It used to set up a critical section intended to protect pcap_compile()
against simultaneous use in more than one thread, but that is no longer
necessary, given that pcap_compile() is now thread-safe; the code to set
up the critical section was removed when the first changes to make the
compiler thread-safe were made.
This should fix issue #1127.
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
USB 2.0/1.1/1.0 devices (or 3.x and newer when connected to hosts that
are not Super-Speed capable) operate at one of three speeds:
* Low-Speed (1.5 Mbps)
* Full-Speed (12 Mbps)
* High-Speed (480 Mbps)
While the packets are generally common to all three speeds, there are
some differences that span across different layers. The capture speed
should be available to analyzer and it makes sense to expose it via
speed specific linktypes. Existing USB 2.0/1.1/1.0 captures can be
manually, retroactively updated to speed specific linktype.
Low-Speed device will always operate at Low-Speed, regardless of what
host it is connected to. USB cable connected to Low-Speed device only
ever carries packets sent at Low-Speed.
High-Speed device will operate at High-Speed when connected to High-Speed
capable host. If High-Speed Detection Handshake succeeds, the cable will
only carry High-Speed packets.
Full-Speed device will always operate at Full-Speed, regardless of what
host it is connected to. High-Speed device connected to Full-Speed host
or hub, will operate at Full-Speed. The cable connected to device
operating at Full-Speed can only carry Full-Speed or Low-Speed packets
preceded by Low-Speed preamble (PRE packet) sent at Full-Speed. Non-hub
device operating at Full-Speed always ignores Low-Speed packets. The hub
forwards the Low-Speed packets to downstream ports but does not act upon
the actual Low-Speed packet contents. The packets intended for device
operating at Full-Speed are always sent at Full-Speed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PCAP_ERROR_PERM_DENIED can be returned for reasons other than "you don't
have any permission to capture on that device", e.g. it might be "you
have permission to capture on it, but not to capture on it with hardware
time stamps (as on Linux) or to capture in monitor mode or to...".
This leaves it more open-ended, in case we add support for
device-dependent or platform-dependent configuration parameters and some
of them require more privileges than just capturing with the default
setting does, without having to keep adding more PERM_DENIED error
codes.
This, along with some other changes, may help debug problems such as the
one in issue #1098.
|
| |
|
|
| |
"{error message} ()" looks bogus.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fix this cppcheck warning:
pcap.c:3372:23: warning: %u in format string (no. 1) requires
'unsigned int' but the argument type is 'signed int'.
[invalidPrintfArgType_uint]
(void)snprintf(unkbuf, sizeof(unkbuf), "DLT %u", dlt);
^
|
| |
|
|
| |
Add entries for DLT_NETANALYZER_NG and DLT_ZBOSS_NCP.
|
| |\
| |
| | |
Fix some build issues with MinGW
|
| | |
| |
| |
| |
| |
| |
| | |
In 64 bit system, pcap.handle is of type HANDLE aka. void* which is 8 bytes,
different that 4 bytes int. So, gcc shows warning while casting void* to int
like this warning: cast from pointer to integer of different size. This
change fixes that warning.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Windows programs shouldn't use pcap_fileno(); we're already deprecating
it, and the fix for GitHub issue #1026 squelches the warning in a
fashion that doesn't require any DIAG_OFF/DIAG_ON stuff, and there's no
reason for us to care how a deprecated function works around its
brokenness-by-design.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Use that for pcap_fileno() on Windows; that API shouldn't exist on
Windows, and should never be used, but WinPcap offered it, so we're
stuck with it. At least try to prevent compilation errors when libpcap
is built.
This should fix the warnings for pcap_fileno() in GitHub issue #1026.
|
| | |
| |
| |
| |
| |
| |
| | |
pcap-npf.c's pcap_cleanup_npf() expects to be able to access opt.device
in order to restore the monitor mode. This results in a use-after-free
when calling pcap_close(). Instead, do this free in
pcap_cleanup_live_common, just like all the others.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
On success, pcap_offline_read() and the read_op routine return a value >
0 that is the number of packets read or captured, respectively. Given
that, in the calls to them in pcap_next_ex(), we pass a maximum packet
count of 1, they will read or capture, respectively, at most one packet,
so, in those particular calls, they will return 1 on success.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These warnings have been around for a while in the REMOTE=yes space of
all Linux builds and OpenBSD/AMD64 build. Pass each of the offending
strings through a tailored buffer to satisfy GCC.
./pcap.c: In function 'pcap_open_live':
./pcap.c:2858:47: warning: '%.*s' directive output may be truncated
writing up to 250 bytes into a region of size between 249 and 252
[-Wformat-truncation=]
2858 | snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%.*s)", device,
| ^~~~
In file included from /usr/include/stdio.h:867,
from ./pcap.c:56:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
'__builtin___snprintf_chk' output 6 or more bytes (assuming 259) into a
destination of size 256
./pcap.c:2853:43: warning: '%.*s' directive output may be truncated
writing up to 253 bytes into a region of size between 251 and 254
[-Wformat-truncation=]
2853 | snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %.*s", device,
| ^~~~
In file included from /usr/include/stdio.h:867,
from ./pcap.c:56:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:67:10: note:
'__builtin___snprintf_chk' output 3 or more bytes (assuming 259) into a
destination of size 256
|
| |
|
|
|
|
|
| |
This reverts commit 8b6b13d4cbb685db047af04c49817ed81fff7c35.
That solution allowed you to intermix declarations/definitions and
before the extern "C", so you can see what's being imported.
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead, explictly flag individual functions with extern "C" by adding
it to the tag we're already using for exported functions, and creating a
new tag to use for non-exported functions.
Rename those tags, and the tags used for exported data, to say what they
do, rather than saying "this is an API" (we may export things we don't
want to be treated as part of the API, but that we have to export
because some programs use them).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The code that should have given a warning wasn't compiled in AppVeyor,
because we were building libpcap on its own rather than as part of a
WinPcap or Npcap build.
[skip ci]
|
| |
|
|
| |
[skip ci]
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
| |
This reverts commit 10dbaabafb2ea88f5c3cce8a66f00831abca1ebd.
OK, we got the warnings we expected.
|
| |
|
|
|
|
|
| |
There appears to be a case with MSVC where that's not happening; make
sure all the compilers we use, including MSVC, warn about that.
This will be removed once the CI builders are done with it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sizeof operator and alignof macro can be given a type "name" that's
anonymous, e.g. sizeof(struct { int a; char *b; }). Have
pcap_create_common() and pcap_open_offline_common() take, as arguments,
the total size of a structure containing both the pcap_t and the private
data as members, and the offset of the private data in that structure,
and define macros that calculate those given, as an argument, the data
type of the private data.
This avoids making assumptions about the alignment of those two items
within the structure; that *might* fix GitHub issue #940 if the issue is
that the ARM compiler being used does 16-byte alignment of the private
structure, rather than the 8-byte alignment we were wiring in.
|
| |
|
|
|
|
|
|
| |
I backed pcap_handle() out; we'll provide it if there's a demand for it,
but I'm not sure how useful getting the HANDLE for an NPF device is
(what can you do with it?).
[skip ci]
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I don't know whether a Windows HANDLE can be expected to survive
conversion to an int - and there's no need for it to have to be
converted. If a caller needs to do something with a HANDLE associated
with a pcap_t, it should call the new pcap_handle() routine and get a
HANDLE; code for UN*X that uses the result of pcap_fileno() is unlikely
to work on Windows anyway.
Squelch the "pointer truncation from 'HANDLE' to 'DWORD'" warning, as,
if that truncation causes an issue, callers should use pcap_handle(),
and if it *doesn't* cause an issue, it's, well, not an issue.
|
| |
|
|
|
|
|
|
| |
This allows us to update the support for newer APIs in the future - and
in the present, with pcap_set_datalink() - and would allow Npcap to
remove its AirPcap support.
Add another test program, while we're at it.
|
