aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRui Paulo <rpaulo@FreeBSD.org>2009-03-21 20:43:56 +0000
committerRui Paulo <rpaulo@FreeBSD.org>2009-03-21 20:43:56 +0000
commitc6a6c5e28b1033c61a7bb7e108fa0592b22cc016 (patch)
tree1c663fff98874ff52b3f01d448e178f668ba0307
parent3430dc7c1fc255ec21a9b5e9c189ec01d930c6bd (diff)
downloadsrc-c6a6c5e28b1033c61a7bb7e108fa0592b22cc016.tar.gz
src-c6a6c5e28b1033c61a7bb7e108fa0592b22cc016.zip
Import of libpcap 1.0.0.vendor/libpcap/1.0.0
Notes
Notes: svn path=/vendor/libpcap/dist/; revision=190214 svn path=/vendor/libpcap/1.0.0/; revision=190215; tag=vendor/libpcap/1.0.0
-rw-r--r--CHANGES63
-rw-r--r--CREDITS210
-rw-r--r--FILES124
-rw-r--r--INSTALL342
-rw-r--r--INSTALL.txt77
-rw-r--r--Makefile.in366
-rw-r--r--README42
-rw-r--r--README.Win3246
-rw-r--r--README.aix78
-rw-r--r--README.dag114
-rw-r--r--README.hpux254
-rw-r--r--README.linux88
-rw-r--r--README.macosx43
-rw-r--r--README.septel50
-rw-r--r--README.tru6449
-rw-r--r--VERSION2
-rw-r--r--aclocal.m481
-rw-r--r--acsite.m4505
-rw-r--r--atmuni31.h14
-rw-r--r--bpf/net/bpf.h419
-rw-r--r--bpf/net/bpf_filter.c167
-rw-r--r--bpf_dump.c6
-rw-r--r--bpf_image.c4
-rwxr-xr-xchmod_bpf19
-rw-r--r--config.h.in54
-rwxr-xr-xconfigure2302
-rwxr-xr-xconfigure.in426
-rw-r--r--dlpisubs.c349
-rw-r--r--dlpisubs.h28
-rw-r--r--doc/pcap.html997
-rw-r--r--doc/pcap.txt1680
-rw-r--r--doc/pcap.xml746
-rw-r--r--etherent.c4
-rw-r--r--ethertype.h2
-rw-r--r--fad-getad.c2
-rw-r--r--fad-gifc.c3
-rw-r--r--fad-glifc.c6
-rw-r--r--fad-sita.c61
-rw-r--r--fad-win32.c11
-rw-r--r--filtertest.c254
-rw-r--r--findalldevstest.c131
-rw-r--r--gencode.c2411
-rw-r--r--gencode.h9
-rw-r--r--grammar.y198
-rw-r--r--ieee80211.h146
-rw-r--r--inet.c67
-rw-r--r--lbl/gnuc.h43
-rw-r--r--missing/snprintf.c (renamed from snprintf.c)4
-rwxr-xr-xmkdep2
-rw-r--r--nametoaddr.c16
-rw-r--r--net/bpf_filter.c666
-rw-r--r--optimize.c26
-rw-r--r--packaging/pcap.spec65
-rw-r--r--packaging/pcap.spec.in15
-rw-r--r--pcap-bpf.c1842
-rw-r--r--pcap-bpf.h797
-rw-r--r--pcap-bt-linux.c372
-rw-r--r--pcap-bt-linux.h40
-rw-r--r--pcap-config.154
-rw-r--r--pcap-config.in16
-rw-r--r--pcap-dag.c695
-rw-r--r--pcap-dag.h90
-rw-r--r--pcap-dlpi.c554
-rw-r--r--pcap-dos.c89
-rw-r--r--pcap-enet.c4
-rw-r--r--pcap-filter.manmisc.in949
-rw-r--r--pcap-int.h165
-rw-r--r--pcap-libdlpi.c370
-rw-r--r--pcap-linktype.manmisc.in282
-rw-r--r--pcap-linux.c2511
-rw-r--r--pcap-namedb.h59
-rw-r--r--pcap-nit.c78
-rw-r--r--pcap-nit.h19
-rw-r--r--pcap-null.c7
-rw-r--r--pcap-pf.c93
-rw-r--r--pcap-pf.h19
-rw-r--r--pcap-savefile.manfile.in127
-rw-r--r--pcap-septel.c51
-rw-r--r--pcap-septel.h4
-rw-r--r--pcap-sita.c980
-rw-r--r--pcap-sita.h10
-rw-r--r--pcap-sita.html943
-rw-r--r--pcap-snit.c72
-rw-r--r--pcap-snoop.c121
-rw-r--r--pcap-stdinc.h26
-rw-r--r--pcap-usb-linux.c730
-rw-r--r--pcap-usb-linux.h40
-rw-r--r--pcap-win32.c258
-rw-r--r--pcap.31312
-rw-r--r--pcap.3pcap.in386
-rw-r--r--pcap.c506
-rw-r--r--pcap.h295
-rw-r--r--pcap/bluetooth.h48
-rw-r--r--pcap/bpf.h934
-rw-r--r--pcap/namedb.h89
-rw-r--r--pcap/pcap.h (renamed from pcap1.h)265
-rw-r--r--pcap/sll.h (renamed from sll.h)11
-rw-r--r--pcap/usb.h90
-rw-r--r--pcap/vlan.h46
-rw-r--r--pcap_activate.3pcap89
-rw-r--r--pcap_breakloop.3pcap105
-rw-r--r--pcap_can_set_rfmon.3pcap60
-rw-r--r--pcap_close.3pcap41
-rw-r--r--pcap_compile.3pcap.in72
-rw-r--r--pcap_create.3pcap74
-rw-r--r--pcap_datalink.3pcap.in41
-rw-r--r--pcap_datalink_name_to_val.3pcap48
-rw-r--r--pcap_datalink_val_to_name.3pcap44
-rw-r--r--pcap_dump.3pcap53
-rw-r--r--pcap_dump_close.3pcap39
-rw-r--r--pcap_dump_file.3pcap40
-rw-r--r--pcap_dump_flush.3pcap45
-rw-r--r--pcap_dump_ftell.3pcap44
-rw-r--r--pcap_dump_open.3pcap.in87
-rw-r--r--pcap_file.3pcap59
-rw-r--r--pcap_fileno.3pcap47
-rw-r--r--pcap_findalldevs.3pcap156
-rw-r--r--pcap_free_datalinks.3pcap41
-rw-r--r--pcap_freealldevs.3pcap40
-rw-r--r--pcap_freecode.3pcap45
-rw-r--r--pcap_get_selectable_fd.3pcap114
-rw-r--r--pcap_geterr.3pcap53
-rw-r--r--pcap_inject.3pcap90
-rw-r--r--pcap_is_swapped.3pcap42
-rw-r--r--pcap_lib_version.3pcap41
-rw-r--r--pcap_list_datalinks.3pcap.in58
-rw-r--r--pcap_lookupdev.3pcap62
-rw-r--r--pcap_lookupnet.3pcap65
-rw-r--r--pcap_loop.3pcap150
-rw-r--r--pcap_major_version.3pcap54
-rw-r--r--pcap_next_ex.3pcap90
-rw-r--r--pcap_offline_filter.3pcap57
-rw-r--r--pcap_open_dead.3pcap.in52
-rw-r--r--pcap_open_live.3pcap89
-rw-r--r--pcap_open_offline.3pcap.in78
-rw-r--r--pcap_set_buffer_size.3pcap47
-rw-r--r--pcap_set_datalink.3pcap52
-rw-r--r--pcap_set_promisc.3pcap48
-rw-r--r--pcap_set_rfmon.3pcap49
-rw-r--r--pcap_set_snaplen.3pcap46
-rw-r--r--pcap_set_timeout.3pcap47
-rw-r--r--pcap_setdirection.3pcap71
-rw-r--r--pcap_setfilter.3pcap54
-rw-r--r--pcap_setnonblock.3pcap75
-rw-r--r--pcap_snapshot.3pcap44
-rw-r--r--pcap_stats.3pcap59
-rw-r--r--pcap_statustostr.3pcap43
-rw-r--r--pcap_strerror.3pcap42
-rw-r--r--pf.h77
-rw-r--r--rawss7.h105
-rwxr-xr-xrunlex.sh235
-rw-r--r--savefile.c282
-rw-r--r--scanner.l21
153 files changed, 22406 insertions, 11692 deletions
diff --git a/CHANGES b/CHANGES
index 536e1a2c18eb..dc4e006991a2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,28 +1,41 @@
-@(#) $Header: /tcpdump/master/libpcap/CHANGES,v 1.59.2.13 2007/09/12 22:40:04 ken Exp $ (LBL)
-
-Mon. September 10, 2007. ken@xelerance.com. Summary for 0.9.8 libpcap release
- Change build process to put public libpcap headers into pcap subir
- DLT: Add value for IPMI IPMB packets
- DLT: Add value for u10 Networks boards
- Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
- libpcap files on an OS other than where the file was generated
-
-Wed. July 23, 2007. mcr@xelerance.com. Summary for 0.9.7 libpcap release
-
- FIXED version file to be 0.9.7 instead of 0.9.5.
- added flags/configuration for cloning bpf device.
- added DLT_MTP2_WITH_PHDR support (PPI)
- "fix" the "memory leak" in icode_to_fcode() -- documentation bug
- Various link-layer types, with a pseudo-header, for SITA http://www.sita.aero/
- introduces support for the DAG ERF type TYPE_COLOR_MC_HDLC_POS.
- Basic BPF filtering support for DLT_MTP2_WITH_PHDR is also added.
- check for IPv4 and IPv6, even for DLT_RAW
- add support for DLT_JUNIPER_ISM
- Pick up changes from NetBSD: many from tron, christos, drochner
- Allocate DLT_ for 802.15.4 without any header munging, for Mikko Saarnivala.
- Header for 802.16 MAC Common Part Sublayer plus a radiotap radio header
-
-Wed. April 25, 2007. ken@xelerance.com. Summary for 0.9.6 libpcap release
+@(#) $Header: /tcpdump/master/libpcap/CHANGES,v 1.67.2.4 2008-10-28 00:27:42 ken Exp $ (LBL)
+
+Mon. October 27, 2008. ken@netfunctional.ca. Summary for 1.0.0 libpcap release
+ Compile with IPv6 support by default
+ Compile with large file support on by default
+ Add pcap-config script, which deals with -I/-L flags for compiling
+ DLT: Add IPMB
+ DLT: Add LAPD
+ DLT: Add AX25 (AX.25 w/KISS header)
+ DLT: Add JUNIPER_ST
+ 802.15.4 support
+ Variable length 802.11 header support
+ X2E data type support
+ SITA ACN Interface support - see README.sita
+ Support for zerocopy BPF on platforms that support it
+ Better support for dealing with VLAN tagging/stripping on Linux
+ Fix dynamic library support on OSX
+ Return PCAP_ERROR_IFACE_NOT_UP if the interface isn't 'UP', so applications
+ can print better diagnostic information
+ Return PCAP_ERROR_PERM_DENIED if we don't have permission to open a device, so
+ applications can tell the user they need to go play with permissions
+ On Linux, ignore ENETDOWN so we can continue to capture packets if the
+ interface goes down and comes back up again.
+ On Linux, support new tpacket frame headers (2.6.27+)
+ On Mac OS X, add scripts for changing permissions on /dev/pbf* and launchd plist
+ On Solaris, support 'passive mode' on systems that support it
+ Fixes to autoconf and general build environment
+ Man page reorganization + cleanup
+ Autogenerate VERSION numbers better
+
+Mon. September 10, 2007. ken@xelerance.com. Summary for 0.9.8 libpcap release
+ Change build process to put public libpcap headers into pcap subir
+ DLT: Add value for IPMI IPMB packets
+ DLT: Add value for u10 Networks boards
+ Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted
+ libpcap files on an OS other than where the file was generated
+
+Wed. April 25, 2007. ken@xelerance.com. Summary for 0.9.6 libpcap release
Put the public libpcap headers into a pcap subdirectory in both the
source directory and the target include directory, and have include
diff --git a/CREDITS b/CREDITS
index 2e54aabaecb1..2cd7207d4960 100644
--- a/CREDITS
+++ b/CREDITS
@@ -1,108 +1,126 @@
This file lists people who have contributed to libpcap:
The current maintainers:
- Bill Fenner <fenner@research.att.com>
- Fulvio Risso <risso@polito.it>
- Guy Harris <guy@alum.mit.edu>
- Hannes Gredler <hannes@juniper.net>
- Jun-ichiro itojun Hagino <itojun@iijlab.net>
- Michael Richardson <mcr@sandelman.ottawa.on.ca>
+ Bill Fenner <fenner at research dot att dot com>
+ Fulvio Risso <risso at polito dot it>
+ Guy Harris <guy at alum dot mit dot edu>
+ Hannes Gredler <hannes at juniper dot net>
+ Michael Richardson <mcr at sandelman dot ottawa dot on dot ca>
Additional people who have contributed patches:
- Alan Bawden <Alan@LCS.MIT.EDU>
- Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
- Albert Chin <china@thewrittenword.com>
- Andrew Brown <atatat@atatdot.net>
- Antti Kantee <pooka@netbsd.org>
- Arkadiusz Miskiewicz <misiek@pld.org.pl>
- Armando L. Caro Jr. <acaro@mail.eecis.udel.edu>
- Assar Westerlund <assar@sics.se>
- Brian Ginsbach <ginsbach@cray.com>
- Charles M. Hannum <mycroft@netbsd.org>
- Chris G. Demetriou <cgd@netbsd.org>
- Chris Lightfoot <cwrl@users.sourceforge.net>
- Chris Pepper <pepper@mail.reppep.com>
- Daniele Orlandi <daniele@orlandi.com>
- Darren Reed <darrenr@reed.wattle.id.au>
- David Kaelbling <drk@sgi.com>
- David Young <dyoung@ojctech.com>
- Dean Gaudet <dean@arctic.org>
- Don Ebright <Don.Ebright@compuware.com>
- Dug Song <dugsong@monkey.org>
- Eric Anderson <anderse@hpl.hp.com>
- Erik de Castro Lopo <erik.de.castro.lopo@sensorynetworks.com>
- Florent Drouin <Florent.Drouin@alcatel-lucent.fr>
- Franz Schaefer <schaefer@mond.at>
- Gianluca Varenni <varenni@netgroup-serv.polito.it>
- Gilbert Hoyek <gil_hoyek@hotmail.com>
- Gisle Vanem <giva@bgnett.no>
- Graeme Hewson <ghewson@cix.compulink.co.uk>
- Greg Stark <gsstark@mit.edu>
- Greg Troxel <gdt@ir.bbn.com>
- Guillaume Pelat <endymion_@users.sourceforge.net>
- Hyung Sik Yoon <hsyn@kr.ibm.com>
- Igor Khristophorov <igor@atdot.org>
- Jan-Philip Velders <jpv@veldersjes.net>
- Jason R. Thorpe <thorpej@netbsd.org>
- Javier Achirica <achirica@ttd.net>
- Jean Tourrilhes <jt@hpl.hp.com>
- Jefferson Ogata <jogata@nodc.noaa.gov>
- Jesper Peterson <jesper@endace.com>
- John Bankier <jbankier@rainfinity.com>
- Jon Lindgren <jonl@yubyub.net>
- Juergen Schoenwaelder <schoenw@ibr.cs.tu-bs.de>
- Jung-uk Kim <jkim@FreeBSD.org>
- Kazushi Sugyo <sugyo@pb.jp.nec.com>
- Klaus Klein <kleink@netbsd.org>
- Koryn Grant <koryn@endace.com>
- Krzysztof Halasa <khc@pm.waw.pl>
- Lorenzo Cavallaro <sullivan@sikurezza.org>
- Loris Degioanni <loris@netgroup-serv.polito.it>
- Love Hörnquist-Åstrand <lha@stacken.kth.se>
- Maciej W. Rozycki <macro@ds2.pg.gda.pl>
- Marcus Felipe Pereira <marcus@task.com.br>
- Mark C. Brown <mbrown@hp.com>
- Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>
- Martin Husemann <martin@netbsd.org>
- Matthew Luckie <mjl@luckie.org.nz>
- Max Laier <max@love2party.net>
- Mike Kershaw <dragorn@kismetwireless.net>
- Mike Wiacek <mike@iroot.net>
- Monroe Williams <monroe@pobox.com>
- Nicolas Dade <ndade@nsd.dyndns.org>
- Octavian Cerna <tavy@ylabs.com>
- Olaf Kirch <okir@caldera.de>
- Ollie Wild <aaw@users.sourceforge.net>
- Onno van der Linden <onno@simplex.nl>
- Patrick Marie <mycroft@virgaria.org>
- Paul Mundt <lethal@linux-sh.org>
- Pavel Kankovsky <kan@dcit.cz>
- Pawel Pokrywka <publicpp@gmail.com>
- Peter Fales <peter@fales-lorenz.net>
- Peter Jeremy <peter.jeremy@alcatel.com.au>
- Phil Wood <cpw@lanl.gov>
- Rafal Maszkowski <rzm@icm.edu.pl>
- <rcb-isis@users.sourceforge.net>
- Rick Jones <raj@cup.hp.com>
- Scott Barron <sb125499@ohiou.edu>
- Scott Gifford <sgifford@tir.com>
- Sebastian Krahmer <krahmer@cs.uni-potsdam.de>
- Shaun Clowes <delius@progsoc.uts.edu.au>
- Solomon Peachy <pizza@shaftnet.org>
- Stefan Hudson <hudson@mbay.net>
- Stephen Donnelly <stephen@endace.com>
- Takashi Yamamoto <yamt@mwd.biglobe.ne.jp>
- Tanaka Shin-ya <zstanaka@archer.livedoor.com>
- Tony Li <tli@procket.com>
- Torsten Landschoff <torsten@debian.org>
- Uns Lider <unslider@miranda.org>
- Uwe Girlich <Uwe.Girlich@philosys.de>
- Xianjie Zhang <xzhang@cup.hp.com>
+ Alan Bawden <Alan at LCS dot MIT dot EDU>
+ Alexander 'Leo' Bergolth <Leo dot Bergolth at wu-wien dot ac dot at>
+ Alexey Kuznetsov <kuznet at ms2 dot inr dot ac dot ru>
+ Albert Chin <china at thewrittenword dot com>
+ Andrew Brown <atatat at atatdot dot net>
+ Antti Kantee <pooka at netbsd dot org>
+ Arien Vijn <arienvijn at sourceforge dot net>
+ Arkadiusz Miskiewicz <misiek at pld dot org dot pl>
+ Armando L. Caro Jr. <acaro at mail dot eecis dot udel dot edu>
+ Assar Westerlund <assar at sics dot se>
+ Brian Ginsbach <ginsbach at cray dot com>
+ Charles M. Hannum <mycroft at netbsd dot org>
+ Chris G. Demetriou <cgd at netbsd dot org>
+ Chris Lightfoot <cwrl at users dot sourceforge dot net>
+ Chris Pepper <pepper at mail dot reppep dot com>
+ Christian Peron <csjp at freebsd dot org>
+ Daniele Orlandi <daniele at orlandi dot com>
+ Darren Reed <darrenr at reed dot wattle dot id dot au>
+ David Kaelbling <drk at sgi dot com>
+ David Young <dyoung at ojctech dot com>
+ Dean Gaudet <dean at arctic dot org>
+ Don Ebright <Don dot Ebright at compuware dot com>
+ Dug Song <dugsong at monkey dot org>
+ Eric Anderson <anderse at hpl dot hp dot com>
+ Erik de Castro Lopo <erik dot de dot castro dot lopo at sensorynetworks dot com>
+ Florent Drouin <Florent dot Drouin at alcatel-lucent dot fr>
+ Franz Schaefer <schaefer at mond dot at>
+ Fulko Hew <fulko dot hew at gmail dot com>
+ Gianluca Varenni <varenni at netgroup-serv dot polito dot it>
+ Gilbert Hoyek <gil_hoyek at hotmail dot com>
+ Gisle Vanem <gvanem at broadpark dot no>
+ Gisle Vanem <giva at bgnett dot no>
+ Graeme Hewson <ghewson at cix dot compulink dot co dot uk>
+ Greg Stark <gsstark at mit dot edu>
+ Greg Troxel <gdt at ir dot bbn dot com>
+ Gregor Maier <gregor at net dot in dot tum dot de>
+ Guillaume Pelat <endymion_ at users dot sourceforge dot net>
+ Hagen Paul Pfeifer <hagen at jauu dot net>
+ Hyung Sik Yoon <hsyn at kr dot ibm dot com>
+ Igor Khristophorov <igor at atdot dot org>
+ Jan-Philip Velders <jpv at veldersjes dot net>
+ Jason R. Thorpe <thorpej at netbsd dot org>
+ Javier Achirica <achirica at ttd dot net>
+ Jean Tourrilhes <jt at hpl dot hp dot com>
+ Jefferson Ogata <jogata at nodc dot noaa dot gov>
+ Jesper Peterson <jesper at endace dot com>
+ Joerg Mayer <jmayer at loplof dot de>
+ John Bankier <jbankier at rainfinity dot com>
+ Jon Lindgren <jonl at yubyub dot net>
+ Juergen Schoenwaelder <schoenw at ibr dot cs dot tu-bs dot de>
+ Jung-uk Kim <jkim at FreeBSD dot org>
+ Kazushi Sugyo <sugyo at pb dot jp dot nec dot com>
+ Klaus Klein <kleink at netbsd dot org>
+ Koryn Grant <koryn at endace dot com>
+ Kris Katterjohn <katterjohn at gmail dot com>
+ Krzysztof Halasa <khc at pm dot waw dot pl>
+ Lorenzo Cavallaro <sullivan at sikurezza dot org>
+ Loris Degioanni <loris at netgroup-serv dot polito dot it>
+ Love Hörnquist-Åstrand <lha at stacken dot kth dot se>
+ Luis Martin Garcia <luis dot mgarc at gmail dot com>
+ Maciej W. Rozycki <macro at ds2 dot pg dot gda dot pl>
+ Marcus Felipe Pereira <marcus at task dot com dot br>
+ Mark C. Brown <mbrown at hp dot com>
+ Mark Pizzolato <List-tcpdump-workers at subscriptions dot pizzolato dot net>
+ Martin Husemann <martin at netbsd dot org>
+ Matthew Luckie <mjl at luckie dot org dot nz>
+ Max Laier <max at love2party dot net>
+ Mike Frysinger <vapier at gmail dot com>
+ Mike Kershaw <dragorn at kismetwireless dot net>
+ Mike Wiacek <mike at iroot dot net>
+ Monroe Williams <monroe at pobox dot com>
+ Nicolas Dade <ndade at nsd dot dyndns dot org>
+ Octavian Cerna <tavy at ylabs dot com>
+ Olaf Kirch <okir at caldera dot de>
+ Ollie Wild <aaw at users dot sourceforge dot net>
+ Onno van der Linden <onno at simplex dot nl>
+ Paolo Abeni <paolo dot abeni at email dot it>
+ Patrick Marie <mycroft at virgaria dot org>
+ Patrick McHardy <kaber at trash not net>
+ Paul Mundt <lethal at linux-sh dot org>
+ Pavel Kankovsky <kan at dcit dot cz>
+ Pawel Pokrywka <publicpp at gmail dot com>
+ Peter Fales <peter at fales-lorenz dot net>
+ Peter Jeremy <peter dot jeremy at alcatel dot com dot au>
+ Phil Wood <cpw at lanl dot gov>
+ Rafal Maszkowski <rzm at icm dot edu dot pl>
+ <rcb-isis at users dot sourceforge dot net>
+ Richard Stearn <richard at rns-stearn dot demon dot co dot uk>
+ Rick Jones <raj at cup dot hp dot com>
+ Sagun Shakya <sagun dot shakya at sun dot com>
+ Scott Barron <sb125499 at ohiou dot edu>
+ Scott Gifford <sgifford at tir dot com>
+ Sebastian Krahmer <krahmer at cs dot uni-potsdam dot de>
+ Sepherosa Ziehau <sepherosa at gmail dot com>
+ Shaun Clowes <delius at progsoc dot uts dot edu dot au>
+ Solomon Peachy <pizza at shaftnet dot org>
+ Stefan Hudson <hudson at mbay dot net>
+ Stephen Donnelly <stephen at endace dot com>
+ Takashi Yamamoto <yamt at mwd dot biglobe dot ne dot jp>
+ Tanaka Shin-ya <zstanaka at archer dot livedoor dot com>
+ Tony Li <tli at procket dot com>
+ Torsten Landschoff <torsten at debian dot org>
+ Uns Lider <unslider at miranda dot org>
+ Uwe Girlich <Uwe dot Girlich at philosys dot de>
+ Xianjie Zhang <xzhang at cup dot hp dot com>
Yen Yen Lim
- Yoann Vandoorselaere <yoann@prelude-ids.org>
+ Yoann Vandoorselaere <yoann at prelude-ids dot org>
The original LBL crew:
Steve McCanne
Craig Leres
Van Jacobson
+
+Past maintainers:
+ Jun-ichiro itojun Hagino <itojun at iijlab dot net>
diff --git a/FILES b/FILES
deleted file mode 100644
index 68c204a6eb6a..000000000000
--- a/FILES
+++ /dev/null
@@ -1,124 +0,0 @@
-CHANGES
-ChmodBPF/ChmodBPF
-ChmodBPF/StartupParameters.plist
-CREDITS
-FILES
-INSTALL.txt
-LICENSE
-Makefile.in
-README
-README.aix
-README.dag
-README.hpux
-README.linux
-README.macosx
-README.septel
-README.tru64
-README.Win32
-SUNOS4/nit_if.o.sparc
-SUNOS4/nit_if.o.sun3
-SUNOS4/nit_if.o.sun4c.4.0.3c
-TODO
-VERSION
-acconfig.h
-aclocal.m4
-arcnet.h
-atmuni31.h
-bpf/net/bpf_filter.c
-bpf_dump.c
-bpf_image.c
-config.guess
-config.h.in
-config.sub
-configure
-configure.in
-etherent.c
-ethertype.h
-fad-getad.c
-fad-gifc.c
-fad-glifc.c
-fad-null.c
-fad-win32.c
-gencode.c
-gencode.h
-grammar.y
-inet.c
-install-sh
-lbl/os-aix4.h
-lbl/os-hpux11.h
-lbl/os-osf4.h
-lbl/os-osf5.h
-lbl/os-solaris2.h
-lbl/os-sunos4.h
-lbl/os-ultrix4.h
-llc.h
-missing/snprintf.c
-mkdep
-msdos/bin2c.c
-msdos/common.dj
-msdos/makefile
-msdos/makefile.dj
-msdos/makefile.wc
-msdos/ndis2.c
-msdos/ndis2.h
-msdos/ndis_0.asm
-msdos/pkt_rx0.asm
-msdos/pkt_rx1.s
-msdos/pktdrvr.c
-msdos/pktdrvr.h
-msdos/readme.dos
-nametoaddr.c
-nlpid.h
-optimize.c
-packaging/pcap.spec
-packaging/pcap.spec.in
-pcap-bpf.c
-pcap-bpf.h
-pcap-dag.c
-pcap-dag.h
-pcap-dlpi.c
-pcap-dos.c
-pcap-dos.h
-pcap-enet.c
-pcap-int.h
-pcap-linux.c
-pcap-namedb.h
-pcap-nit.c
-pcap-nit.h
-pcap-null.c
-pcap-pf.c
-pcap-pf.h
-pcap-septel.c
-pcap-septel.h
-pcap-stdinc.h
-pcap-snit.c
-pcap-snoop.c
-pcap-win32.c
-pcap.3
-pcap.c
-pcap.h
-ppp.h
-savefile.c
-scanner.l
-sll.h
-sunatmpos.h
-Win32/Include/Gnuc.h
-Win32/Include/addrinfo.h
-Win32/Include/bittypes.h
-Win32/Include/cdecl_ext.h
-Win32/Include/inetprivate.h
-Win32/Include/ip6_misc.h
-Win32/Include/sockstorage.h
-Win32/Include/arpa/nameser.h
-Win32/Include/net/if.h
-Win32/Include/net/netdb.h
-Win32/Include/net/paths.h
-Win32/Src/ffs.c
-Win32/Src/getaddrinfo.c
-Win32/Src/getnetbynm.c
-Win32/Src/getnetent.c
-Win32/Src/getopt.c
-Win32/Src/getservent.c
-Win32/Src/inet_aton.c
-Win32/Src/inet_net.c
-Win32/Src/inet_pton.c
diff --git a/INSTALL b/INSTALL
deleted file mode 100644
index e8d8d9630e6c..000000000000
--- a/INSTALL
+++ /dev/null
@@ -1,342 +0,0 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL,v 1.46 2000/12/16 09:05:11 guy Exp $ (LBL)
-
-To build libpcap, run "./configure" (a shell script). The configure
-script will determine your system attributes and generate an
-appropriate Makefile from Makefile.in. Next run "make". If everything
-goes well you can su to root and run "make install". However, you need
-not install libpcap if you just want to build tcpdump; just make sure
-the tcpdump and libpcap directory trees have the same parent
-directory.
-
-If configure says:
-
- configure: warning: cannot determine packet capture interface
- configure: warning: (see INSTALL for more info)
-
-then your system either does not support packet capture or your system
-does support packet capture but libpcap does not support that
-particular type. (If you have HP-UX, see below.) If your system uses a
-packet capture not supported by libpcap, please send us patches; don't
-forget to include an autoconf fragment suitable for use in
-configure.in.
-
-It is possible to override the default packet capture type, although
-the circumstance where this works are limited. For example if you have
-installed bpf under SunOS 4 and wish to build a snit libpcap:
-
- ./configure --with-pcap=snit
-
-Another example is to force a supported packet capture type in the case
-where the configure scripts fails to detect it.
-
-You will need an ANSI C compiler to build libpcap. The configure script
-will abort if your compiler is not ANSI compliant. If this happens, use
-the GNU C compiler, available via anonymous ftp:
-
- ftp://ftp.gnu.org/pub/gnu/gcc/
-
-If you use flex, you must use version 2.4.6 or higher. The configure
-script automatically detects the version of flex and will not use it
-unless it is new enough. You can use "flex -V" to see what version you
-have (unless it's really old). The current version of flex is available
-via anonymous ftp:
-
- ftp://ftp.ee.lbl.gov/flex-*.tar.Z
-
-As of this writing, the current version is 2.5.4.
-
-If you use bison, you must use flex (and visa versa). The configure
-script automatically falls back to lex and yacc if both flex and bison
-are not found.
-
-Sometimes the stock C compiler does not interact well with flex and
-bison. The list of problems includes undefined references for alloca.
-You can get around this by installing gcc or manually disabling flex
-and bison with:
-
- ./configure --without-flex --without-bison
-
-If your system only has AT&T lex, this is okay unless your libpcap
-program uses other lex/yacc generated code. (Although it's possible to
-map the yy* identifiers with a script, we use flex and bison so we
-don't feel this is necessary.)
-
-Some systems support the Berkeley Packet Filter natively; for example
-out of the box OSF and BSD/OS have bpf. If your system does not support
-bpf, you will need to pick up:
-
- ftp://ftp.ee.lbl.gov/bpf-*.tar.Z
-
-Note well: you MUST have kernel source for your operating system in
-order to install bpf. An exception is SunOS 4; the bpf distribution
-includes replacement kernel objects for some of the standard SunOS 4
-network device drivers. See the bpf INSTALL document for more
-information.
-
-If you use Solaris, there is a bug with bufmod(7) that is fixed in
-Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the
-broken bufmod(7) results in data be truncated from the FRONT of the
-packet instead of the end. The work around is to not set a snapshot
-length but this results in performance problems since the entire packet
-is copied to user space. If you must run an older version of Solaris,
-there is a patch available from Sun; ask for bugid 1149065. After
-installing the patch, use "setenv BUFMOD_FIXED" to enable use of
-bufmod(7). However, we recommend you run a more current release of
-Solaris.
-
-If you use the SPARCompiler, you must be careful to not use the
-/usr/ucb/cc interface. If you do, you will get bogus warnings and
-perhaps errors. Either make sure your path has /opt/SUNWspro/bin
-before /usr/ucb or else:
-
- setenv CC /opt/SUNWspro/bin/cc
-
-before running configure. (You might have to do a "make distclean"
-if you already ran configure once).
-
-Also note that "make depend" won't work; while all of the known
-universe uses -M, the SPARCompiler uses -xM to generate makefile
-dependencies.
-
-If you are trying to do packet capture with a FORE ATM card, you may or
-may not be able to. They usually only release their driver in object
-code so unless their driver supports packet capture, there's not much
-libpcap can do.
-
-If you get an error like:
-
- tcpdump: recv_ack: bind error 0x???
-
-when using DLPI, look for the DL_ERROR_ACK error return values, usually
-in /usr/include/sys/dlpi.h, and find the corresponding value.
-
-Under {DEC OSF/1, Digital UNIX, Tru64 UNIX}, packet capture must be
-enabled before it can be used. For instructions on how to enable packet
-filter support, see:
-
- ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX
-
-Look for the "How do I configure the Berkeley Packet Filter and capture
-tcpdump traces?" item.
-
-Once you enable packet filter support, your OSF system will support bpf
-natively.
-
-Under Ultrix, packet capture must be enabled before it can be used. For
-instructions on how to enable packet filter support, see:
-
- ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix
-
-If you use HP-UX, you must have at least version 9 and either the
-version of cc that supports ANSI C (cc -Aa) or else use the GNU C
-compiler. You must also buy the optional streams package. If you don't
-have:
-
- /usr/include/sys/dlpi.h
- /usr/include/sys/dlpi_ext.h
-
-then you don't have the streams package. In addition, we believe you
-need to install the "9.X LAN and DLPI drivers cumulative" patch
-(PHNE_6855) to make the version 9 DLPI work with libpcap.
-
-The DLPI streams package is standard starting with HP-UX 10.
-
-The HP implementation of DLPI is a little bit eccentric. Unlike
-Solaris, you must attach /dev/dlpi instead of the specific /dev/*
-network pseudo device entry in order to capture packets. The PPA is
-based on the ifnet "index" number. Under HP-UX 9, it is necessary to
-read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10,
-DLPI can provide information for determining the PPA. It does not seem
-to be possible to trace the loopback interface. Unlike other DLPI
-implementations, PHYS implies MULTI and SAP and you get an error if you
-try to enable more than one promiscuous mode at a time.
-
-It is impossible to capture outbound packets on HP-UX 9. To do so on
-HP-UX 10, you will, apparently, need a late "LAN products cumulative
-patch" (at one point, it was claimed that this would be PHNE_18173 for
-s700/10.20; at another point, it was claimed that the required patches
-were PHNE_20892, PHNE_20725 and PHCO_10947, or newer patches), and to do
-so on HP-UX 11 you will, apparently, need the latest lancommon/DLPI
-patches and the latest driver patch for the interface(s) in use on HP-UX
-11 (at one point, it was claimed that patches PHNE_19766, PHNE_19826,
-PHNE_20008, and PHNE_20735 did the trick).
-
-Furthermore, on HP-UX 10, you will need to turn on a kernel switch by
-doing
-
- echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem
-
-You would have to arrange that this happen on reboots; the right way to
-do that would probably be to put it into an executable script file
-"/sbin/init.d/outbound_promisc" and making
-"/sbin/rc2.d/S350outbound_promisc" a symbolic link to that script.
-
-Finally, testing shows that there can't be more than one simultaneous
-DLPI user per network interface.
-
-If you use Linux, this version of libpcap is known to compile and run
-under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X
-versions but is guaranteed not to work with 1.X kernels. Running more
-than one libpcap program at a time, on a system with a 2.0.X kernel, can
-cause problems since promiscuous mode is implemented by twiddling the
-interface flags from the libpcap application; the packet capture
-mechanism in the 2.2 and later kernels doesn't have this problem. Also,
-packet timestamps aren't very good. This appears to be due to haphazard
-handling of the timestamp in the kernel.
-
-Note well: there is rumoured to be a version of tcpdump floating around
-called 3.0.3 that includes libpcap and is supposed to support Linux.
-You should be advised that neither the Network Research Group at LBNL
-nor the Tcpdump Group ever generated a release with this version number.
-The LBNL Network Research Group notes with interest that a standard
-cracker trick to get people to install trojans is to distribute bogus
-packages that have a version number higher than the current release.
-They also noted with annoyance that 90% of the Linux related bug reports
-they got are due to changes made to unofficial versions of their page.
-If you are having trouble but aren't using a version that came from
-tcpdump.org, please try that before submitting a bug report!
-
-On Linux, libpcap will not work if the kernel does not have the packet
-socket option enabled; see the README.linux file for information about
-this.
-
-If you use AIX, you may not be able to build libpcap from this release.
-libpcap. We do not have an AIX system in house so it's impossible for
-us to test AIX patches submitted to us. We are told that you must link
-against /lib/pse.exp, that you must use AIX cc or a GNU C compiler
-newer than 2.7.2 and that you may need to run strload before running a
-libpcap application.
-
-Read the README.aix file for information on installing libpcap and
-configuring your system to be able to support libpcap.
-
-If you use NeXTSTEP, you will not be able to build libpcap from this
-release. We hope to support this operating system in some future
-release of libpcap.
-
-If you use SINIX, you should be able to build libpcap from this
-release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS
-V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc
-emits incorrect code; if grammar.y fails to compile, change every
-occurence of:
-
- #ifdef YYDEBUG
-
-to:
- #if YYDEBUG
-
-Another workaround is to use flex and bison.
-
-If you use SCO, you might have trouble building libpcap from this
-release. We do not have a machine running SCO and have not had reports
-of anyone successfully building on it. Since SCO apparently supports
-DLPI, it's possible the current version works. Meanwhile, SCO provides
-a tcpdump binary as part of their "Network/Security Tools" package:
-
- http://www.sco.com/technology/internet/goodies/#SECURITY
-
-There is also a README that explains how to enable packet capture.
-
-If you use UnixWare, you will not be able to build libpcap from this
-release. We hope to support this operating system in some future
-release of libpcap. Meanwhile, there appears to be an UnixWare port of
-libpcap 0.0 (and tcpdump 3.0) in:
-
- ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/
-
-UnixWare appears to use a hacked version of DLPI.
-
-If linking tcpdump fails with "Undefined: _alloca" when using bison on
-a Sun4, your version of bison is broken. In any case version 1.16 or
-higher is recommended (1.14 is known to cause problems 1.16 is known to
-work). Either pick up a current version from:
-
- ftp://ftp.gnu.org/pub/gnu/bison
-
-or hack around it by inserting the lines:
-
- #ifdef __GNUC__
- #define alloca __builtin_alloca
- #else
- #ifdef sparc
- #include <alloca.h>
- #else
- char *alloca ();
- #endif
- #endif
-
-right after the (100 line!) GNU license comment in bison.simple, remove
-grammar.[co] and fire up make again.
-
-If you use SunOS 4, your kernel must support streams NIT. If you run a
-libpcap program and it dies with:
-
- /dev/nit: No such device
-
-You must add streams NIT support to your kernel configuration, run
-config and boot the new kernel.
-
-If you are running a version of SunOS earlier than 4.1, you will need
-to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the
-appropriate version from this distribution's SUNOS4 subdirectory and
-build a new kernel:
-
- nit_if.o.sun3-sunos4 (any flavor of sun3)
- nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.)
- nit_if.o.sun4-sunos4 (Sun4's not covered by
- nit_if.o.sun4c-sunos4.0.3c)
-
-These nit replacements fix a bug that makes nit essentially unusable in
-pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you
-timestamps to the resolution of the SS-1 clock (1 us) rather than the
-lousy 20ms timestamps Sun gives you (tcpdump will print out the full
-timestamp resolution if it finds it's running on a SS-1).
-
-FILES
------
-CHANGES - description of differences between releases
-FILES - list of files exported as part of the distribution
-INSTALL - this file
-Makefile.in - compilation rules (input to the configure script)
-README - description of distribution
-SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules
-VERSION - version of this release
-aclocal.m4 - autoconf macros
-bpf/net - copies of bpf_filter.c and bpf.h
-bpf_filter.c - symlink to bpf/net/bpf_filter.c
-bpf_image.c - bpf disassembly routine
-config.guess - autoconf support
-config.sub - autoconf support
-configure - configure script (run this first)
-configure.in - configure script source
-etherent.c - /etc/ethers support routines
-ethertype.h - ethernet protocol types and names definitions
-gencode.c - bpf code generation routines
-gencode.h - bpf code generation definitions
-grammar.y - filter string grammar
-inet.c - network routines
-install-sh - BSD style install script
-lbl/gnuc.h - gcc macros and defines
-lbl/os-*.h - os dependent defines and prototypes
-mkdep - construct Makefile dependency list
-nametoaddr.c - hostname to address routines
-net - symlink to bpf/net
-optimize.c - bpf optimization routines
-pcap-bpf.c - BSD Packet Filter support
-pcap-dlpi.c - Data Link Provider Interface support
-pcap-enet.c - enet support
-pcap-int.h - internal libpcap definitions
-pcap-namedb.h - public libpcap name database definitions
-pcap-nit.c - Network Interface Tap support
-pcap-nit.h - Network Interface Tap definitions
-pcap-null.c - dummy monitor support (allows offline use of libpcap)
-pcap-pf.c - Packet Filter support
-pcap-pf.h - Packet Filter definitions
-pcap-snit.c - Streams based Network Interface Tap support
-pcap-snoop.c - Snoop network monitoring support
-pcap.3 - manual entry
-pcap.c - pcap utility routines
-pcap.h - public libpcap definitions
-ppp.h - Point to Point Protocol definitions
-savefile.c - offline support
-scanner.l - filter string scanner
diff --git a/INSTALL.txt b/INSTALL.txt
index 76445a77491e..c7cfd2261990 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -1,4 +1,4 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.12.2.2 2007/09/12 19:17:24 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.21.2.8 2008-06-12 20:25:38 guy Exp $ (LBL)
To build libpcap, run "./configure" (a shell script). The configure
script will determine your system attributes and generate an
@@ -211,8 +211,7 @@ Read the README.aix file for information on installing libpcap and
configuring your system to be able to support libpcap.
If you use NeXTSTEP, you will not be able to build libpcap from this
-release. We hope to support this operating system in some future
-release of libpcap.
+release.
If you use SINIX, you should be able to build libpcap from this
release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS
@@ -229,22 +228,22 @@ Another workaround is to use flex and bison.
If you use SCO, you might have trouble building libpcap from this
release. We do not have a machine running SCO and have not had reports
-of anyone successfully building on it. Since SCO apparently supports
-DLPI, it's possible the current version works. Meanwhile, SCO provides
-a tcpdump binary as part of their "Network/Security Tools" package:
-
- http://www.sco.com/technology/internet/goodies/#SECURITY
-
-There is also a README that explains how to enable packet capture.
-
-If you use UnixWare, you will not be able to build libpcap from this
-release. We hope to support this operating system in some future
-release of libpcap. Meanwhile, there appears to be an UnixWare port of
-libpcap 0.0 (and tcpdump 3.0) in:
-
- ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/
-
-UnixWare appears to use a hacked version of DLPI.
+of anyone successfully building on it; the current release of libpcap
+does not compile on SCO OpenServer 5. Although SCO apparently supports
+DLPI to some extent, the DLPI in OpenServer 5 is very non-standard, and
+it appears that completely new code would need to be written to capture
+network traffic. SCO do not appear to provide tcpdump binaries for
+OpenServer 5 or OpenServer 6 as part of SCO Skunkware:
+
+ http://www.sco.com/skunkware/
+
+If you use UnixWare, you might be able to build libpcap from this
+release, or you might not. We do not have a machine running UnixWare,
+so we have not tested it; however, SCO provide packages for libpcap
+0.6.2 and tcpdump 3.7.1 in the UnixWare 7/Open UNIX 8 part of SCO
+Skunkware, and the source package for libpcap 0.6.2 is not changed from
+the libpcap 0.6.2 source release, so this release of libpcap might also
+build without changes on UnixWare 7.
If linking tcpdump fails with "Undefined: _alloca" when using bison on
a Sun4, your version of bison is broken. In any case version 1.16 or
@@ -298,7 +297,6 @@ CHANGES - description of differences between releases
ChmodBPF/* - Mac OS X startup item to set ownership and permissions
on /dev/bpf*
CREDITS - people that have helped libpcap along
-FILES - list of files exported as part of the distribution
INSTALL.txt - this file
LICENSE - the license under which tcpdump is distributed
Makefile.in - compilation rules (input to the configure script)
@@ -309,6 +307,7 @@ README.hpux - notes on using libpcap on HP-UX
README.linux - notes on using libpcap on Linux
README.macosx - notes on using libpcap on Mac OS X
README.septel - notes on using libpcap to capture on Intel/Septel devices
+README.sita - notes on using libpcap to capture on SITA devices
README.tru64 - notes on using libpcap on Digital/Tru64 UNIX
README.Win32 - notes on using libpcap on Win32 systems (with WinPcap)
SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules
@@ -326,16 +325,22 @@ config.h.in - autoconf input
config.sub - autoconf support
configure - configure script (run this first)
configure.in - configure script source
+dlpisubs.c - DLPI-related functions for pcap-dlpi.c and pcap-libdlpi.c
+dlpisubs.h - DLPI-related function declarations
etherent.c - /etc/ethers support routines
ethertype.h - Ethernet protocol types and names definitions
fad-getad.c - pcap_findalldevs() for systems with getifaddrs()
fad-gifc.c - pcap_findalldevs() for systems with only SIOCGIFLIST
fad-glifc.c - pcap_findalldevs() for systems with SIOCGLIFCONF
fad-null.c - pcap_findalldevs() for systems without capture support
+fad-sita.c - pcap_findalldevs() for systems with SITA support
fad-win32.c - pcap_findalldevs() for WinPcap
+filtertest.c - test program for BPF compiler
+findalldevstest.c - test program for pcap_findalldevs()
gencode.c - BPF code generation routines
gencode.h - BPF code generation definitions
grammar.y - filter string grammar
+ieee80211.h - 802.11 definitions
inet.c - network routines
install-sh - BSD style install script
lbl/os-*.h - OS-dependent defines and prototypes
@@ -348,8 +353,16 @@ nlpid.h - OSI network layer protocol identifier definitions
net - symlink to bpf/net
optimize.c - BPF optimization routines
packaging - packaging information for building libpcap RPMs
+pcap/bluetooth.h - public definition of DLT_BLUETOOTH_HCI_H4_WITH_PHDR header
+pcap/bpf.h - BPF definitions
+pcap/namedb.h - public libpcap name database definitions
+pcap/pcap.h - public libpcap definitions
+pcap/sll.h - public definition of DLT_LINUX_SLL header
+pcap/usb.h - public definition of DLT_USB header
pcap-bpf.c - BSD Packet Filter support
-pcap-bpf.h - BPF definitions
+pcap-bpf.h - header for backwards compatibility
+pcap-bt-linux.c - Bluetooth capture support for Linux
+pcap-bt-linux.h - Bluetooth capture support for Linux
pcap-dag.c - Endace DAG device capture support
pcap-dag.h - Endace DAG device capture support
pcap-dlpi.c - Data Link Provider Interface support
@@ -357,26 +370,34 @@ pcap-dos.c - MS-DOS capture support
pcap-dos.h - headers for MS-DOS capture support
pcap-enet.c - enet support
pcap-int.h - internal libpcap definitions
+pcap-libdlpi.c - Data Link Provider Interface support for systems with libdlpi
pcap-linux.c - Linux packet socket support
-pcap-namedb.h - public libpcap name database definitions
+pcap-namedb.h - header for backwards compatibility
pcap-nit.c - SunOS Network Interface Tap support
pcap-nit.h - SunOS Network Interface Tap definitions
pcap-null.c - dummy monitor support (allows offline use of libpcap)
pcap-pf.c - Ultrix and Digital/Tru64 UNIX Packet Filter support
pcap-pf.h - Ultrix and Digital/Tru64 UNIX Packet Filter definitions
-pcap-septel.c - INTEL/Septel device capture support
-pcap-septel.h - INTEL/Septel device capture support
+pcap-septel.c - Intel/Septel device capture support
+pcap-septel.h - Intel/Septel device capture support
+pcap-sita.c - SITA device capture support
+pcap-sita.h - SITA device capture support
+pcap-sita.html - SITA device capture documentation
pcap-stdinc.h - includes and #defines for compiling on Win32 systems
pcap-snit.c - SunOS 4.x STREAMS-based Network Interface Tap support
pcap-snoop.c - IRIX Snoop network monitoring support
+pcap-usb-linux.c - USB capture support for Linux
+pcap-usb-linux.h - USB capture support for Linux
pcap-win32.c - WinPcap capture support
-pcap.3 - manual entry
+pcap.3pcap - manual entry for the library
pcap.c - pcap utility routines
-pcap.h - public libpcap definitions
+pcap.h - header for backwards compatibility
+pcap_*.3pcap - manual entries for library functions
+pcap-filter.4 - manual entry for filter syntax
+pcap-linktype.4 - manual entry for link-layer header types
ppp.h - Point to Point Protocol definitions
-rawss7.h - information on DLT_ types for SS7
+runlex.sh - wrapper for Lex/Flex
savefile.c - offline support
scanner.l - filter string scanner
-sll.h - definitions for Linux cooked mode fake link-layer header
sunatmpos.h - definitions for SunATM capturing
Win32 - headers and routines for building on Win32 systems
diff --git a/Makefile.in b/Makefile.in
index 98396ecf4ae5..5c4d67902653 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -17,7 +17,7 @@
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
-# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.99.2.2 2007/07/24 02:35:15 mcr Exp $ (LBL)
+# @(#) $Header: /tcpdump/master/libpcap/Makefile.in,v 1.108.2.28 2008-10-23 22:13:21 guy Exp $ (LBL)
#
# Various configurable paths (remember to edit Makefile.in, not Makefile)
@@ -26,11 +26,14 @@
# Top level hierarchy
prefix = @prefix@
exec_prefix = @exec_prefix@
+datarootdir = @datarootdir@
+# Pathname of directory to install the configure program
+bindir = @bindir@
# Pathname of directory to install the include files
includedir = @includedir@
# Pathname of directory to install the library
libdir = @libdir@
-# Pathname of directory to install the man page
+# Pathname of directory to install the man pages
mandir = @mandir@
# VPATH
@@ -47,6 +50,7 @@ INCLS = -I. @V_INCLS@
DEFS = @DEFS@ @V_DEFS@
LIBS = @V_LIBS@
DAGLIBS = @DAGLIBS@
+DEPLIBS = @DEPLIBS@
DYEXT = @DYEXT@
PROG=libpcap
@@ -73,7 +77,7 @@ YACC = @V_YACC@
@rm -f $@
$(CC) $(CFLAGS) -c $(srcdir)/$*.c
-PSRC = pcap-@V_PCAP@.c
+PSRC = pcap-@V_PCAP@.c @USB_SRC@ @BT_SRC@
FSRC = fad-@V_FINDALLDEVS@.c
SSRC = @SSRC@
CSRC = pcap.c inet.c gencode.c optimize.c nametoaddr.c \
@@ -86,10 +90,31 @@ SRC = $(PSRC) $(FSRC) $(CSRC) $(SSRC) $(GENSRC)
# We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot
# hack the extra indirection
OBJ = $(PSRC:.c=.o) $(FSRC:.c=.o) $(CSRC:.c=.o) $(SSRC:.c=.o) $(GENSRC:.c=.o) $(LIBOBJS)
-HDR = pcap.h pcap-int.h pcap-namedb.h pcap-nit.h pcap-pf.h \
- ethertype.h gencode.h gnuc.h
+HDR = \
+ acconfig.h \
+ arcnet.h \
+ atmuni31.h \
+ ethertype.h \
+ gencode.h \
+ ieee80211.h \
+ llc.h \
+ nlpid.h \
+ pcap/bluetooth.h \
+ pcap/bpf.h \
+ pcap/namedb.h \
+ pcap/pcap.h \
+ pcap/sll.h \
+ pcap/usb.h \
+ pcap/vlan.h \
+ pcap.h \
+ pcap-int.h \
+ pcap-namedb.h \
+ pcap-stdinc.h \
+ ppp.h \
+ sunatmpos.h
+
GENHDR = \
- tokdefs.h version.h
+ scanner.h tokdefs.h version.h
TAGHDR = \
pcap-bpf.h
@@ -99,11 +124,198 @@ TAGFILES = \
CLEANFILES = $(OBJ) libpcap.a $(GENSRC) $(GENHDR) lex.yy.c
-all: libpcap.a
+MAN1 = pcap-config.1
+
+MAN3PCAP_EXPAND = \
+ pcap.3pcap.in \
+ pcap_compile.3pcap.in \
+ pcap_datalink.3pcap.in \
+ pcap_dump_open.3pcap.in \
+ pcap_list_datalinks.3pcap.in \
+ pcap_open_dead.3pcap.in \
+ pcap_open_offline.3pcap.in
+
+MAN3PCAP_NOEXPAND = \
+ pcap_activate.3pcap \
+ pcap_breakloop.3pcap \
+ pcap_can_set_rfmon.3pcap \
+ pcap_close.3pcap \
+ pcap_create.3pcap \
+ pcap_datalink_name_to_val.3pcap \
+ pcap_datalink_val_to_name.3pcap \
+ pcap_dump.3pcap \
+ pcap_dump_close.3pcap \
+ pcap_dump_file.3pcap \
+ pcap_dump_flush.3pcap \
+ pcap_dump_ftell.3pcap \
+ pcap_file.3pcap \
+ pcap_fileno.3pcap \
+ pcap_findalldevs.3pcap \
+ pcap_freealldevs.3pcap \
+ pcap_freecode.3pcap \
+ pcap_free_datalinks.3pcap \
+ pcap_get_selectable_fd.3pcap \
+ pcap_geterr.3pcap \
+ pcap_inject.3pcap \
+ pcap_is_swapped.3pcap \
+ pcap_lib_version.3pcap \
+ pcap_lookupdev.3pcap \
+ pcap_lookupnet.3pcap \
+ pcap_loop.3pcap \
+ pcap_major_version.3pcap \
+ pcap_next_ex.3pcap \
+ pcap_offline_filter.3pcap \
+ pcap_open_live.3pcap \
+ pcap_set_buffer_size.3pcap \
+ pcap_set_datalink.3pcap \
+ pcap_set_promisc.3pcap \
+ pcap_set_rfmon.3pcap \
+ pcap_set_snaplen.3pcap \
+ pcap_set_timeout.3pcap \
+ pcap_setdirection.3pcap \
+ pcap_setfilter.3pcap \
+ pcap_setnonblock.3pcap \
+ pcap_snapshot.3pcap \
+ pcap_stats.3pcap \
+ pcap_statustostr.3pcap \
+ pcap_strerror.3pcap
+
+MAN3PCAP = $(MAN3PCAP_NOEXPAND) $(MAN3PCAP_EXPAND:.in=)
+
+MANFILE = \
+ pcap-savefile.manfile.in
+
+MANMISC = \
+ pcap-filter.manmisc.in \
+ pcap-linktype.manmisc.in
+
+EXTRA_DIST = \
+ CHANGES \
+ ChmodBPF/ChmodBPF \
+ ChmodBPF/StartupParameters.plist \
+ CREDITS \
+ INSTALL.txt \
+ LICENSE \
+ Makefile.in \
+ README \
+ README.aix \
+ README.dag \
+ README.hpux \
+ README.linux \
+ README.macosx \
+ README.septel \
+ README.sita \
+ README.tru64 \
+ README.Win32 \
+ SUNOS4/nit_if.o.sparc \
+ SUNOS4/nit_if.o.sun3 \
+ SUNOS4/nit_if.o.sun4c.4.0.3c \
+ TODO \
+ VERSION \
+ aclocal.m4 \
+ bpf/net/bpf_filter.c \
+ chmod_bpf \
+ config.guess \
+ config.h.in \
+ config.sub \
+ configure \
+ configure.in \
+ dlpisubs.c \
+ dlpisubs.h \
+ fad-getad.c \
+ fad-gifc.c \
+ fad-glifc.c \
+ fad-null.c \
+ fad-sita.c \
+ fad-win32.c \
+ filtertest.c \
+ findalldevstest.c \
+ grammar.y \
+ install-sh \
+ lbl/os-aix4.h \
+ lbl/os-hpux11.h \
+ lbl/os-osf4.h \
+ lbl/os-osf5.h \
+ lbl/os-solaris2.h \
+ lbl/os-sunos4.h \
+ lbl/os-ultrix4.h \
+ missing/snprintf.c \
+ mkdep \
+ msdos/bin2c.c \
+ msdos/common.dj \
+ msdos/makefile \
+ msdos/makefile.dj \
+ msdos/makefile.wc \
+ msdos/ndis2.c \
+ msdos/ndis2.h \
+ msdos/ndis_0.asm \
+ msdos/pkt_rx0.asm \
+ msdos/pkt_rx1.s \
+ msdos/pktdrvr.c \
+ msdos/pktdrvr.h \
+ msdos/readme.dos \
+ net/bpf_filter.c \
+ org.tcpdump.chmod_bpf.plist \
+ packaging/pcap.spec.in \
+ pcap-bpf.c \
+ pcap-bpf.h \
+ pcap-bt-linux.c \
+ pcap-bt-linux.h \
+ pcap-config.in \
+ pcap-dag.c \
+ pcap-dag.h \
+ pcap-dlpi.c \
+ pcap-dos.c \
+ pcap-dos.h \
+ pcap-enet.c \
+ pcap-int.h \
+ pcap-libdlpi.c \
+ pcap-linux.c \
+ pcap-namedb.h \
+ pcap-nit.c \
+ pcap-null.c \
+ pcap-pf.c \
+ pcap-septel.c \
+ pcap-septel.h \
+ pcap-sita.h \
+ pcap-sita.c \
+ pcap-sita.html \
+ pcap-snit.c \
+ pcap-snoop.c \
+ pcap-usb-linux.c \
+ pcap-usb-linux.h \
+ pcap-win32.c \
+ runlex.sh \
+ scanner.l \
+ Win32/Include/Gnuc.h \
+ Win32/Include/addrinfo.h \
+ Win32/Include/bittypes.h \
+ Win32/Include/cdecl_ext.h \
+ Win32/Include/inetprivate.h \
+ Win32/Include/ip6_misc.h \
+ Win32/Include/sockstorage.h \
+ Win32/Include/arpa/nameser.h \
+ Win32/Include/net/if.h \
+ Win32/Include/net/netdb.h \
+ Win32/Include/net/paths.h \
+ Win32/Prj/libpcap.dsp \
+ Win32/Prj/libpcap.dsw \
+ Win32/Src/ffs.c \
+ Win32/Src/gai_strerror.c \
+ Win32/Src/getaddrinfo.c \
+ Win32/Src/getnetbynm.c \
+ Win32/Src/getnetent.c \
+ Win32/Src/getopt.c \
+ Win32/Src/getservent.c \
+ Win32/Src/inet_aton.c \
+ Win32/Src/inet_net.c \
+ Win32/Src/inet_pton.c
+
+all: libpcap.a pcap-config
libpcap.a: $(OBJ)
@rm -f $@
- ar rc $@ $(OBJ) $(LIBS)
+ $(AR) rc $@ $(OBJ) $(LIBS)
$(RANLIB) $@
shared: libpcap.$(DYEXT)
@@ -114,19 +326,27 @@ shared: libpcap.$(DYEXT)
#
libpcap.so: $(OBJ)
@rm -f $@
- $(CC) -shared -o $@.`cat VERSION` $(OBJ) $(DAGLIBS)
+ $(CC) -shared -Wl,-soname,$@.1 -o $@.`cat $(srcdir)/VERSION` $(OBJ) $(DAGLIBS)
-# the following rule succeeds, but the result is untested.
+#
+# The following rule succeeds, but the result is untested.
+#
+# XXX - OS X installs the library as "libpcap.A.dylib", with that as the
+# install_name, and sets the current version to 1 as well. VERSION
+# might contain a not-purely-numeric version number, but
+# -current_version requires a purely numeric version, so this won't
+# work with top-of-tree builds.
+#
libpcap.dylib: $(OBJ)
rm -f libpcap*.dylib
- $(CC) -dynamiclib -undefined error -o libpcap.`cat VERSION`.dylib $(OBJ) \
- -install_name $(libdir)/libpcap.0.dylib -compatibility_version `cat VERSION` \
- -current_version `cat VERSION`
-
+ $(CC) -dynamiclib -undefined error -o libpcap.`cat $(srcdir)/VERSION`.dylib $(OBJ) \
+ -install_name $(libdir)/libpcap.A.dylib \
+ -compatibility_version 1 \
+ -current_version `sed 's/[^0-9.].*$$//' $(srcdir)/VERSION`
scanner.c: $(srcdir)/scanner.l
@rm -f $@
- $(LEX) -t $< > $$$$.$@; mv $$$$.$@ $@
+ ./runlex.sh $(LEX) -o$@ $<
scanner.o: scanner.c tokdefs.h
$(CC) $(CFLAGS) -c scanner.c
@@ -172,43 +392,135 @@ bpf_filter.c: $(srcdir)/bpf/net/bpf_filter.c
bpf_filter.o: bpf_filter.c
$(CC) $(CFLAGS) -c bpf_filter.c
-install: libpcap.a
+#
+# Generate the pcap-config script.
+#
+pcap-config: pcap-config.in Makefile
+ @rm -f $@ $@.tmp
+ sed -e 's|@includedir[@]|$(includedir)|g' \
+ -e 's|@libdir[@]|$(libdir)|g' \
+ -e 's|@DEPLIBS[@]|$(DEPLIBS)|g' \
+ pcap-config.in >$@.tmp
+ mv $@.tmp $@
+ chmod a+x $@
+
+#
+# Test programs - not built by default, and not installed.
+#
+filtertest: filtertest.c libpcap.a
+ $(CC) $(CFLAGS) -I. -L. -o filtertest filtertest.c libpcap.a
+
+findalldevstest: findalldevstest.c libpcap.a
+ $(CC) $(CFLAGS) -I. -L. -o findalldevstest findalldevstest.c libpcap.a
+
+install: libpcap.a pcap-config
[ -d $(DESTDIR)$(libdir) ] || \
(mkdir -p $(DESTDIR)$(libdir); chmod 755 $(DESTDIR)$(libdir))
$(INSTALL_DATA) libpcap.a $(DESTDIR)$(libdir)/libpcap.a
$(RANLIB) $(DESTDIR)$(libdir)/libpcap.a
[ -d $(DESTDIR)$(includedir) ] || \
(mkdir -p $(DESTDIR)$(includedir); chmod 755 $(DESTDIR)$(includedir))
+ [ -d $(DESTDIR)$(includedir)/pcap ] || \
+ (mkdir -p $(DESTDIR)$(includedir)/pcap; chmod 755 $(DESTDIR)$(includedir)/pcap)
+ [ -d $(DESTDIR)$(mandir)/man1 ] || \
+ (mkdir -p $(DESTDIR)$(mandir)/man1; chmod 755 $(DESTDIR)$(mandir)/man1)
+ [ -d $(DESTDIR)$(mandir)/man3 ] || \
+ (mkdir -p $(DESTDIR)$(mandir)/man3; chmod 755 $(DESTDIR)$(mandir)/man3)
+ [ -d $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@ ] || \
+ (mkdir -p $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@; chmod 755 $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@)
+ [ -d $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@ ] || \
+ (mkdir -p $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@; chmod 755 $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@)
+ $(INSTALL_DATA) $(srcdir)/pcap/pcap.h \
+ $(DESTDIR)$(includedir)/pcap/pcap.h
+ $(INSTALL_DATA) $(srcdir)/pcap/bpf.h \
+ $(DESTDIR)$(includedir)/pcap/bpf.h
+ $(INSTALL_DATA) $(srcdir)/pcap/namedb.h \
+ $(DESTDIR)$(includedir)/pcap/namedb.h
+ $(INSTALL_DATA) $(srcdir)/pcap/sll.h \
+ $(DESTDIR)$(includedir)/pcap/sll.h
+ $(INSTALL_DATA) $(srcdir)/pcap/usb.h \
+ $(DESTDIR)$(includedir)/pcap/usb.h
$(INSTALL_DATA) $(srcdir)/pcap.h $(DESTDIR)$(includedir)/pcap.h
$(INSTALL_DATA) $(srcdir)/pcap-bpf.h \
$(DESTDIR)$(includedir)/pcap-bpf.h
$(INSTALL_DATA) $(srcdir)/pcap-namedb.h \
$(DESTDIR)$(includedir)/pcap-namedb.h
- [ -d $(DESTDIR)$(mandir)/man3 ] || \
- (mkdir -p $(DESTDIR)$(mandir)/man3; chmod 755 $(DESTDIR)$(mandir)/man3)
- $(INSTALL_DATA) $(srcdir)/pcap.3 \
- $(DESTDIR)$(mandir)/man3/pcap.3
+ $(INSTALL_PROGRAM) pcap-config $(DESTDIR)$(bindir)/pcap-config
+ for i in $(MAN1); do \
+ $(INSTALL_DATA) $(srcdir)/$$i \
+ $(DESTDIR)$(mandir)/man1/$$i; done
+ for i in $(MAN3PCAP); do \
+ $(INSTALL_DATA) $(srcdir)/$$i \
+ $(DESTDIR)$(mandir)/man3/$$i; done
+ ln $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_name.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_description.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_dump_open.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_dump_fopen.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_geterr.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_perror.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_inject.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_sendpacket.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_loop.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_dispatch.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_major_version.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_minor_version.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_next_ex.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_next.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_open_offline.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap
+ ln $(DESTDIR)$(mandir)/man3/pcap_setnonblock.3pcap \
+ $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap
+ for i in $(MANFILE); do \
+ $(INSTALL_DATA) $(srcdir)/`echo $$i | sed 's/.manfile.in/.manfile/'` \
+ $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@/`echo $$i | sed 's/.manfile.in/.@MAN_FILE_FORMATS@/'`; done
+ for i in $(MANMISC); do \
+ $(INSTALL_DATA) $(srcdir)/`echo $$i | sed 's/.manmisc.in/.manmisc/'` \
+ $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@/`echo $$i | sed 's/.manmisc.in/.@MAN_MISC_INFO@/'`; done
install-shared: install-shared-$(DYEXT)
install-shared-so: libpcap.so
$(INSTALL_PROGRAM) libpcap.so.`cat VERSION` $(DESTDIR)$(libdir)/libpcap.so.`cat VERSION`
install-shared-dylib: libpcap.dylib
$(INSTALL_PROGRAM) libpcap.`cat VERSION`.dylib $(DESTDIR)$(libdir)/libpcap.`cat VERSION`.dylib
- VER=`cat VERSION`; cd $(DESTDIR)$(libdir) && ln -sf libpcap.$$VER.dylib libpcap.0.dylib; ln -sf libpcap.0.dylib libpcap.dylib
+ VER=`cat VERSION`; cd $(DESTDIR)$(libdir) && ln -sf libpcap.$$VER.dylib libpcap.A.dylib; ln -sf libpcap.A.dylib libpcap.dylib
uninstall:
rm -f $(DESTDIR)$(libdir)/libpcap.a
+ rm -f $(DESTDIR)$(includedir)/pcap/pcap.h
+ rm -f $(DESTDIR)$(includedir)/pcap/bpf.h
+ rm -f $(DESTDIR)$(includedir)/pcap/namedb.h
+ rm -f $(DESTDIR)$(includedir)/pcap/sll.h
+ rm -f $(DESTDIR)$(includedir)/pcap/usb.h
+ -rmdir $(DESTDIR)$(includedir)/pcap
rm -f $(DESTDIR)$(includedir)/pcap.h
rm -f $(DESTDIR)$(includedir)/pcap-bpf.h
rm -f $(DESTDIR)$(includedir)/pcap-namedb.h
- rm -f $(DESTDIR)$(mandir)/man3/pcap.3
+ for i in $(MAN1); do \
+ rm -f $(DESTDIR)$(mandir)/man1/$$i; done
+ for i in $(MAN3PCAP); do \
+ rm -f $(DESTDIR)$(mandir)/man3/$$i; done
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_datalink_val_to_description.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_dump_fopen.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_perror.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_sendpacket.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_dispatch.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_minor_version.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_next.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_fopen_offline.3pcap
+ rm -f $(DESTDIR)$(mandir)/man3/pcap_getnonblock.3pcap
+ for i in $(MANFILE); do \
+ rm -f $(DESTDIR)$(mandir)/man@MAN_FILE_FORMATS@/`echo $$i | sed 's/.manfile.in/.@MAN_FILE_FORMATS@/'`; done
+ for i in $(MANMISC); do \
+ rm -f $(DESTDIR)$(mandir)/man@MAN_MISC_INFO@/`echo $$i | sed 's/.manmisc.in/.@MAN_MISC_INFO@/'`; done
clean:
rm -f $(CLEANFILES) libpcap*.dylib libpcap.so*
distclean: clean
rm -f Makefile config.cache config.log config.status \
- config.h gnuc.h os-proto.h bpf_filter.c stamp-h stamp-h.in
+ config.h gnuc.h os-proto.h bpf_filter.c pcap-config \
+ stamp-h stamp-h.in
+ rm -f $(MAN3PCAP_EXPAND:.in=) $(MANFILE:.in=) $(MANMISC:.in=)
rm -rf autom4te.cache
tags: $(TAGFILES)
@@ -220,8 +532,12 @@ packaging/pcap.spec: packaging/pcap.spec.in VERSION
releasetar:
@cwd=`pwd` ; dir=`basename $$cwd` ; name=$(PROG)-`cat VERSION` ; \
- list="" ; make distclean; cd ..; mkdir -p n; cd n; ln -s ../$$dir $$name; \
- tar -c -z -f $$name.tar.gz $$name/. ;
+ mkdir $$name; \
+ tar cf - $(CSRC) $(HDR) $(MAN1) $(MAN3PCAP_EXPAND) \
+ $(MAN3PCAP_NOEXPAND) $(MANFILE) $(MANMISC) $(EXTRA_DIST) | \
+ (cd $$name; tar xf -); \
+ tar -c -z -f $$name.tar.gz $$name; \
+ rm -rf $$name
depend: $(GENSRC) $(GENHDR) bpf_filter.c
./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC)
diff --git a/README b/README
index 90571a150525..ee1a14186f7c 100644
--- a/README
+++ b/README
@@ -1,20 +1,22 @@
-@(#) $Header: /tcpdump/master/libpcap/README,v 1.30 2004/10/12 02:02:28 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/README,v 1.30.4.3 2008-10-17 10:39:20 ken Exp $ (LBL)
-LIBPCAP 0.9
-Now maintained by "The Tcpdump Group"
-See www.tcpdump.org
+LIBPCAP 1.0.0
-Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
+www.tcpdump.org
+
+Please send inquiries/comments/reports to:
+ tcpdump-workers@lists.tcpdump.org
Anonymous CVS is available via:
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master login
(password "anoncvs")
cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout libpcap
-Version 0.9 of LIBPCAP can be retrieved with the CVS tag "libpcap_0_9rel1":
- cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_0_9rel1 libpcap
+Version 1.0.0 of LIBPCAP can be retrieved with the CVS tag "libpcap_1_0":
+ cvs -d :pserver:tcpdump@cvs.tcpdump.org:/tcpdump/master checkout -r libpcap_1_0 libpcap
-Please send patches against the master copy to patches@tcpdump.org.
+Please submit patches against the master copy to the libpcap project on
+sourceforge.net.
formerly from Lawrence Berkeley National Laboratory
Network Research Group <libpcap@ee.lbl.gov>
@@ -30,8 +32,6 @@ require this functionality, we've created this system-independent API
to ease in porting and to alleviate the need for several
system-dependent packet capture modules in each application.
-Note well: this interface is new and is likely to change.
-
For some platforms there are README.{system} files that discuss issues
with the OS's interface for packet capture on those platforms, such as
how to enable support for that interface in the OS, if it's not built in
@@ -77,16 +77,28 @@ Linux, in the 2.2 kernel and later kernels, has a "Socket Filter"
mechanism that accepts BPF filters; see the README.linux file for
information on configuring that option.
+Note to Linux distributions and *BSD systems that include libpcap:
+
+There's now a rule to make a shared library, which should work on Linux
+and *BSD (and OS X).
+
+It sets the soname of the library to "libpcap.so.1"; this is what it
+should be, *NOT* libpcap.so.1.0 or libpcap.so.1.0.0 or something such as
+that.
+
+We've been maintaining binary compatibility between libpcap releases for
+quite a while; there's no reason to tie a binary linked with libpcap to
+a particular release of libpcap.
+
Problems, bugs, questions, desirable enhancements, etc. should be sent
-to the address "tcpdump-workers@tcpdump.org". Bugs, support requests,
-and feature requests may also be submitted on the SourceForge site for
-libpcap at
+to the address "tcpdump-workers@lists.tcpdump.org". Bugs, support
+requests, and feature requests may also be submitted on the SourceForge
+site for libpcap at
http://sourceforge.net/projects/libpcap/
Source code contributions, etc. should be sent to the email address
-"patches@tcpdump.org", or submitted as patches on the SourceForge site
-for libpcap.
+submitted as patches on the SourceForge site for libpcap.
Current versions can be found at www.tcpdump.org, or the SourceForge
site for libpcap.
diff --git a/README.Win32 b/README.Win32
deleted file mode 100644
index 3116d5ed28ba..000000000000
--- a/README.Win32
+++ /dev/null
@@ -1,46 +0,0 @@
-Under Win32, libpcap is integrated in the WinPcap packet capture system.
-WinPcap provides a framework that allows libpcap to capture the packets
-under Windows 95, Windows 98, Windows ME, Windows NT 4, Windows 2000
-and Windows XP.
-WinPcap binaries and source code can be found at http://winpcap.polito.it:
-they include also a developer's pack with all the necessary to compile
-libpcap-based applications under Windows.
-
-How to compile libpcap with Visual Studio
------------------------------------------
-
-In order to compile libpcap you will need:
-
-- version 6 (or higher) of Microsoft Visual Studio
-- The November 2001 (or later) edition of Microsoft Platform
-Software Development Kit (SDK), that contains some necessary includes
-for IPv6 support. You can download it from http://www.microsoft.com/sdk
-- the latest WinPcap sources from http://winpcap.polito.it/install
-
-The WinPcap source code already contains a recent (usually the latest
-stable) version of libpcap. If you need to compile a different one,
-simply download it from www.tcpdump.org and copy the sources in the
-winpcap\wpcap\libpcap folder of the WinPcap distribution. If you want to
-compile a libpcap source retrieved from the tcpdump.org CVS, you will
-have to create the scanner and the grammar by hand (with lex and yacc)
-or with the cygnus makefile, since The Visual Studio project is not able
-to build them.
-
-Open the project file winpcap\wpcap\prj\wpcap.dsw with Visual Studio and
-build wpcap.dll. wpcap.lib, the library file to link with the applications,
-will be generated in winpcap\wpcap\lib\. wpcap.dll will be generated in
-winpcap\wpcap\prj\release or winpcap\wpcap\prj\debug depending on the type
-of binary that is being created.
-
-How to compile libpcap with Cygnus
-----------------------------------
-
-To build wpcap.dll, cd to the directory WPCAP/PRJ of the WinPcap source code
-distribution and type "make". libwpcap.a, the library file to link with the
-applications, will be generated in winpcap\wpcap\lib\. wpcap.dll will be
-generated in winpcap\wpcap\prj.
-
-Remember, you CANNOT use the MSVC-generated .lib files with gcc, use
-libwpcap.a instead.
-
-"make install" installs wpcap.dll in the Windows system folder.
diff --git a/README.aix b/README.aix
deleted file mode 100644
index dcddb61566e3..000000000000
--- a/README.aix
+++ /dev/null
@@ -1,78 +0,0 @@
-Using BPF:
-
-(1) AIX 4.x's version of BPF is undocumented and somewhat unstandard; the
- current BPF support code includes changes that should work around
- that; it appears to compile and work on at least one AIX 4.3.3
- machine.
-
- Note that the BPF driver and the "/dev/bpf" devices might not exist
- on your machine; AIX's tcpdump loads the driver and creates the
- devices if they don't already exist. Our libpcap should do the
- same, and the configure script should detect that it's on an AIX
- system and choose BPF even if the devices aren't there.
-
-(2) If libpcap doesn't compile on your machine when configured to use
- BPF, or if the workarounds fail to make it work correctly, you
- should send to tcpdump-workers@tcpdump.org a detailed bug report (if
- the compile fails, send us the compile error messages; if it
- compiles but fails to work correctly, send us as detailed as
- possible a description of the symptoms, including indications of the
- network link-layer type being wrong or time stamps being wrong).
-
- If you fix the problems yourself, please send to patches@tcpdump.org
- a patch, so we can incorporate them into the next release.
-
- If you don't fix the problems yourself, you can, as a workaround,
- make libpcap use DLPI instead of BPF.
-
- This can be done by specifying the flag:
-
- --with-pcap=dlpi
-
- to the "configure" script for libpcap.
-
-If you use DLPI:
-
-(1) It is a good idea to have the latest version of the DLPI driver on
- your system, since certain versions may be buggy and cause your AIX
- system to crash. DLPI is included in the fileset bos.rte.tty. I
- found that the DLPI driver that came with AIX 4.3.2 was buggy, and
- had to upgrade to bos.rte.tty 4.3.2.4:
-
- lslpp -l bos.rte.tty
-
- bos.rte.tty 4.3.2.4 COMMITTED Base TTY Support and Commands
-
- Updates for AIX filesets can be obtained from:
- ftp://service.software.ibm.com/aix/fixes/
-
- These updates can be installed with the smit program.
-
-(2) After compiling libpcap, you need to make sure that the DLPI driver
- is loaded. Type:
-
- strload -q -d dlpi
-
- If the result is:
-
- dlpi: yes
-
- then the DLPI driver is loaded correctly.
-
- If it is:
-
- dlpi: no
-
- Then you need to type:
-
- strload -f /etc/dlpi.conf
-
- Check again with strload -q -d dlpi that the dlpi driver is loaded.
-
- Alternatively, you can uncomment the lines for DLPI in
- /etc/pse.conf and reboot the machine; this way DLPI will always
- be loaded when you boot your system.
-
-(3) There appears to be a problem in the DLPI code in some versions of
- AIX, causing a warning about DL_PROMISC_MULTI failing; this might
- be responsible for DLPI not being able to capture outgoing packets.
diff --git a/README.dag b/README.dag
deleted file mode 100644
index acf97edf8d04..000000000000
--- a/README.dag
+++ /dev/null
@@ -1,114 +0,0 @@
-
-The following instructions apply if you have a Linux or FreeBSD platform and
-want libpcap to support the DAG range of passive network monitoring cards from
-Endace (http://www.endace.com, see below for further contact details).
-
-1) Install and build the DAG software distribution by following the
-instructions supplied with that package. Current Endace customers can download
-the DAG software distibution from https://www.endace.com
-
-2) Configure libcap. To allow the 'configure' script to locate the DAG
-software distribution use the '--with-dag' option:
-
- ./configure --with-dag=DIR
-
-Where DIR is the root of the DAG software distribution, for example
-/var/src/dag. If the DAG software is correctly detected 'configure' will
-report:
-
- checking whether we have DAG API... yes
-
-If 'configure' reports that there is no DAG API, the directory may have been
-incorrectly specified or the DAG software was not built before configuring
-libpcap.
-
-See also the libpcap INSTALL.txt file for further libpcap configuration
-options.
-
-Building libpcap at this stage will include support for both the native packet
-capture stream (linux or bpf) and for capturing from DAG cards. To build
-libpcap with only DAG support specify the capture type as 'dag' when
-configuring libpcap:
-
- ./configure --with-dag=DIR --with-pcap=dag
-
-Applications built with libpcap configured in this way will only detect DAG
-cards and will not capture from the native OS packet stream.
-
-----------------------------------------------------------------------
-
-Libpcap when built for DAG cards against dag-2.5.1 or later releases:
-
-Timeouts are supported. pcap_dispatch() will return after to_ms milliseconds
-regardless of how many packets are received. If to_ms is zero pcap_dispatch()
-will block waiting for data indefinitely.
-
-pcap_dispatch() will block on and process a minimum of 64kB of data (before
-filtering) for efficiency. This can introduce high latencies on quiet
-interfaces unless a timeout value is set. The timeout expiring will override
-the 64kB minimum causing pcap_dispatch() to process any available data and
-return.
-
-pcap_setnonblock is supported. When nonblock is set, pcap_dispatch() will
-check once for available data, process any data available up to count, then
-return immediately.
-
-pcap_findalldevs() is supported, e.g. dag0, dag1...
-
-Some DAG cards can provide more than one 'stream' of received data.
-This can be data from different physical ports, or separated by filtering
-or load balancing mechanisms. Receive streams have even numbers, e.g.
-dag0:0, dag0:2 etc. Specifying transmit streams for capture is not supported.
-
-pcap_setfilter() is supported, BPF programs run in userspace.
-
-pcap_setdirection() is not supported. Only received traffic is captured.
-DAG cards normally do not have IP or link layer addresses assigned as
-they are used to passively monitor links.
-
-pcap_breakloop() is supported.
-
-pcap_datalink() and pcap_list_datalinks() are supported. The DAG card does
-not attempt to set the correct datalink type automatically where more than
-one type is possible.
-
-pcap_stats() is supported. ps_drop is the number of packets dropped due to
-RX stream buffer overflow, this count is before filters are applied (it will
-include packets that would have been dropped by the filter). The RX stream
-buffer size is user configurable outside libpcap, typically 16-512MB.
-
-pcap_get_selectable_fd() is not supported, as DAG cards do not support
-poll/select methods.
-
-pcap_inject() and pcap_sendpacket() are not supported.
-
-Some DAG cards now support capturing to multiple virtual interfaces, called
-streams. Capture streams have even numbers. These are available via libpcap
-as separate interfaces, e.g. dag0:0, dag0:2, dag0:4 etc. dag0:0 is the same
-as dag0. These are visible via pcap_findalldevs().
-
-libpcap now does NOT set the card's hardware snaplen (slen). This must now be
-set using the appropriate DAG coniguration program, e.g. dagthree, dagfour,
-dagsix, dagconfig. This is because the snaplen is currently shared between
-all of the streams. In future this may change if per-stream slen is
-implemented.
-
-DAG cards by default capture entire packets including the L2
-CRC/FCS. If the card is not configured to discard the CRC/FCS, this
-can confuse applications that use libpcap if they're not prepared for
-packets to have an FCS. Libpcap now reads the environment variable
-ERF_FCS_BITS to determine how many bits of CRC/FCS to strip from the
-end of the captured frame. This defaults to 32 for use with
-Ethernet. If the card is configured to strip the CRC/FCS, then set
-ERF_FCS_BITS=0. If used with a HDLC/PoS/PPP/Frame Relay link with 16
-bit CRC/FCS, then set ERF_FCS_BITS=16.
-
-----------------------------------------------------------------------
-
-Please submit bug reports via <support@endace.com>.
-
-Please also visit our Web site at:
-
- http://www.endace.com/
-
-For more information about Endace DAG cards contact <sales@endace.com>.
diff --git a/README.hpux b/README.hpux
deleted file mode 100644
index 88c27f8a2581..000000000000
--- a/README.hpux
+++ /dev/null
@@ -1,254 +0,0 @@
-For HP-UX 11i (11.11) and later, there are no known issues with
-promiscuous mode under HP-UX. If you are using a earlier version of
-HP-UX and cannot upgrade, please continue reading.
-
-HP-UX patches to fix packet capture problems
-
-Note that packet-capture programs such as tcpdump may, on HP-UX, not be
-able to see packets sent from the machine on which they're running.
-Some articles on groups.google.com discussing this are:
-
- http://groups.google.com/groups?selm=82ld3v%2480i%241%40mamenchi.zrz.TU-Berlin.DE
-
-which says:
-
- Newsgroups: comp.sys.hp.hpux
- Subject: Re: Did someone made tcpdump working on 10.20 ?
- Date: 12/08/1999
- From: Lutz Jaenicke <jaenicke@emserv1.ee.TU-Berlin.DE>
-
- In article <82ks5i$5vc$1@news1.dti.ne.jp>, mtsat <mtsat@iris.dti.ne.jp>
- wrote:
- >Hello,
- >
- >I downloaded and compiled tcpdump3.4 a couple of week ago. I tried to use
- >it, but I can only see incoming data, never outgoing.
- >Someone (raj) explained me that a patch was missing, and that this patch
- >must me "patched" (poked) in order to see outbound data in promiscuous mode.
- >Many things to do .... So the question is : did someone has already this
- >"ready to use" PHNE_**** patch ?
-
- Two things:
- 1. You do need a late "LAN products cumulative patch" (e.g. PHNE_18173
- for s700/10.20).
- 2. You must use
-echo 'lanc_outbound_promisc_flag/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem
- You can insert this e.g. into /sbin/init.d/lan
-
- Best regards,
- Lutz
-
-and
-
- http://groups.google.com/groups?selm=88cf4t%24p03%241%40web1.cup.hp.com
-
-which says:
-
- Newsgroups: comp.sys.hp.hpux
- Subject: Re: tcpdump only shows incoming packets
- Date: 02/15/2000
- From: Rick Jones <foo@bar.baz.invalid>
-
- Harald Skotnes <harald@cc.uit.no> wrote:
- > I am running HPUX 11.0 on a C200 hanging on a 100Mb switch. I have
- > compiled libpcap-0.4 an tcpdump-3.4 and it seems to work. But at a
- > closer look I only get to see the incoming packets not the
- > outgoing. I have tried tcpflow-0.12 which also uses libpcap and the
- > same thing happens. Could someone please give me a hint on how to
- > get this right?
-
- Search/Read the archives ?-)
-
- What you are seeing is expected, un-patched, behaviour for an HP-UX
- system. On 11.00, you need to install the latest lancommon/DLPI
- patches, and then the latest driver patch for the interface(s) in use.
- At that point, a miracle happens and you should start seeing outbound
- traffic.
-
-[That article also mentions the patch that appears below.]
-
-and
-
- http://groups.google.com/groups?selm=38AA973E.96BE7DF7%40cc.uit.no
-
-which says:
-
- Newsgroups: comp.sys.hp.hpux
- Subject: Re: tcpdump only shows incoming packets
- Date: 02/16/2000
- From: Harald Skotnes <harald@cc.uit.no>
-
- Rick Jones wrote:
-
- ...
-
- > What you are seeing is expected, un-patched, behaviour for an HP-UX
- > system. On 11.00, you need to install the latest lancommon/DLPI
- > patches, and then the latest driver patch for the interface(s) in
- > use. At that point, a miracle happens and you should start seeing
- > outbound traffic.
-
- Thanks a lot. I have this problem on several machines running HPUX
- 10.20 and 11.00. The machines where patched up before y2k so did not
- know what to think. Anyway I have now installed PHNE_19766,
- PHNE_19826, PHNE_20008, PHNE_20735 on the C200 and now I can see the
- outbound traffic too. Thanks again.
-
-(although those patches may not be the ones to install - there may be
-later patches).
-
-And another message to tcpdump-workers@tcpdump.org, from Rick Jones:
-
- Date: Mon, 29 Apr 2002 15:59:55 -0700
- From: Rick Jones
- To: tcpdump-workers@tcpdump.org
- Subject: Re: [tcpdump-workers] I Can't Capture the Outbound Traffic
-
- ...
-
- http://itrc.hp.com/ would be one place to start in a search for the most
- up-to-date patches for DLPI and the lan driver(s) used on your system (I
- cannot guess because 9000/800 is too generic - one hs to use the "model"
- command these days and/or an ioscan command (see manpage) to guess what
- the drivers (btlan[3456], gelan, etc) might be involved in addition to
- DLPI.
-
- Another option is to upgrade to 11i as outbound promiscuous mode support
- is there in the base OS, no patches required.
-
-Another posting:
-
- http://groups.google.com/groups?selm=7d6gvn%24b3%241%40ocean.cup.hp.com
-
-indicates that you need to install the optional STREAMS product to do
-captures on HP-UX 9.x:
-
- Newsgroups: comp.sys.hp.hpux
- Subject: Re: tcpdump HP/UX 9.x
- Date: 03/22/1999
- From: Rick Jones <foo@bar.baz>
-
- Dave Barr (barr@cis.ohio-state.edu) wrote:
- : Has anyone ported tcpdump (or something similar) to HP/UX 9.x?
-
- I'm reasonably confident that any port of tcpdump to 9.X would require
- the (then optional) STREAMS product. This would bring DLPI, which is
- what one uses to access interfaces in promiscuous mode.
-
- I'm not sure that HP even sells the 9.X STREAMS product any longer,
- since HP-UX 9.X is off the pricelist (well, maybe 9.10 for the old 68K
- devices).
-
- Your best bet is to be up on 10.20 or better if that is at all
- possible. If your hardware is supported by it, I'd go with HP-UX 11.
- If you want to see the system's own outbound traffic, you'll never get
- that functionality on 9.X, but it might happen at some point for 10.20
- and 11.X.
-
- rick jones
-
-(as per other messages cited here, the ability to see the system's own
-outbound traffic did happen).
-
-Rick Jones reports that HP-UX 11i needs no patches for outbound
-promiscuous mode support.
-
-An additional note, from Jost Martin, for HP-UX 10.20:
-
- Q: How do I get ethereral on HPUX to capture the _outgoing_ packets
- of an interface
- A: You need to get PHNE_20892,PHNE_20725 and PHCO_10947 (or
- newer, this is as of 4.4.00) and its dependencies. Then you can
- enable the feature as descibed below:
-
- Patch Name: PHNE_20892
- Patch Description: s700 10.20 PCI 100Base-T cumulative patch
- To trace the outbound packets, please do the following
- to turn on a global promiscuous switch before running
- the promiscuous applications like snoop or tcpdump:
-
- adb -w /stand/vmunix /dev/mem
- lanc_outbound_promisc_flag/W 1
- (adb will echo the result showing that the flag has
- been changed)
- $quit
- (Thanks for this part to HP-support, Ratingen)
-
- The attached hack does this and some security-related stuff
- (thanks to hildeb@www.stahl.bau.tu-bs.de (Ralf Hildebrandt) who
- posted the security-part some time ago)
-
- <<hack_ip_stack>>
-
- (Don't switch IP-forwarding off, if you need it !)
- Install the hack as /sbin/init.d/hacl_ip_stack (adjust
- permissions !) and make a sequencing-symlink
- /sbin/rc2.d/S350hack_ip_stack pointing to this script.
- Now all this is done on every reboot.
-
-According to Rick Jones, the global promiscuous switch also has to be
-turned on for HP-UX 11.00, but not for 11i - and, in fact, the switch
-doesn't even exist on 11i.
-
-Here's the "hack_ip_stack" script:
-
------------------------------------Cut Here-------------------------------------
-#!/sbin/sh
-#
-# nettune: hack kernel parms for safety
-
-OKAY=0
-ERROR=-1
-
-# /usr/contrib/bin fuer nettune auf Pfad
-PATH=/sbin:/usr/sbin:/usr/bin:/usr/contrib/bin
-export PATH
-
-
-##########
-# main #
-##########
-
-case $1 in
- start_msg)
- print "Tune IP-Stack for security"
- exit $OKAY
- ;;
-
- stop_msg)
- print "This action is not applicable"
- exit $OKAY
- ;;
-
- stop)
- exit $OKAY
- ;;
-
- start)
- ;; # fall through
-
- *)
- print "USAGE: $0 {start_msg | stop_msg | start | stop}" >&2
- exit $ERROR
- ;;
- esac
-
-###########
-# start #
-###########
-
-#
-# tcp-Sequence-Numbers nicht mehr inkrementieren sondern random
-# Syn-Flood-Protection an
-# ip_forwarding aus
-# Source-Routing aus
-# Ausgehende Packets an ethereal/tcpdump etc.
-
-/usr/contrib/bin/nettune -s tcp_random_seq 2 || exit $ERROR
-/usr/contrib/bin/nettune -s hp_syn_protect 1 || exit $ERROR
-/usr/contrib/bin/nettune -s ip_forwarding 0 || exit $ERROR
-echo 'ip_block_source_routed/W1' | /usr/bin/adb -w /stand/vmunix /dev/kmem || exit $ERROR
-echo 'lanc_outbound_promisc_flag/W 1' | adb -w /stand/vmunix /dev/mem || exit $ERROR
-
-exit $OKAY
------------------------------------Cut Here-------------------------------------
diff --git a/README.linux b/README.linux
deleted file mode 100644
index dd959139d3f9..000000000000
--- a/README.linux
+++ /dev/null
@@ -1,88 +0,0 @@
-In order for libpcap to be able to capture packets on a Linux system,
-the "packet" protocol must be supported by your kernel. If it is not,
-you may get error messages such as
-
- modprobe: can't locate module net-pf-17
-
-in "/var/adm/messages", or may get messages such as
-
- socket: Address family not supported by protocol
-
-from applications using libpcap.
-
-You must configure the kernel with the CONFIG_PACKET option for this
-protocol; the following note is from the Linux "Configure.help" file for
-the 2.0[.x] kernel:
-
- Packet socket
- CONFIG_PACKET
- The Packet protocol is used by applications which communicate
- directly with network devices without an intermediate network
- protocol implemented in the kernel, e.g. tcpdump. If you want them
- to work, choose Y.
-
- This driver is also available as a module called af_packet.o ( =
- code which can be inserted in and removed from the running kernel
- whenever you want). If you want to compile it as a module, say M
- here and read Documentation/modules.txt; if you use modprobe or
- kmod, you may also want to add "alias net-pf-17 af_packet" to
- /etc/modules.conf.
-
-and the note for the 2.2[.x] kernel says:
-
- Packet socket
- CONFIG_PACKET
- The Packet protocol is used by applications which communicate
- directly with network devices without an intermediate network
- protocol implemented in the kernel, e.g. tcpdump. If you want them
- to work, choose Y. This driver is also available as a module called
- af_packet.o ( = code which can be inserted in and removed from the
- running kernel whenever you want). If you want to compile it as a
- module, say M here and read Documentation/modules.txt. You will
- need to add 'alias net-pf-17 af_packet' to your /etc/conf.modules
- file for the module version to function automatically. If unsure,
- say Y.
-
-In addition, there is an option that, in 2.2 and later kernels, will
-allow packet capture filters specified to programs such as tcpdump to be
-executed in the kernel, so that packets that don't pass the filter won't
-be copied from the kernel to the program, rather than having all packets
-copied to the program and libpcap doing the filtering in user mode.
-
-Copying packets from the kernel to the program consumes a significant
-amount of CPU, so filtering in the kernel can reduce the overhead of
-capturing packets if a filter has been specified that discards a
-significant number of packets. (If no filter is specified, it makes no
-difference whether the filtering isn't performed in the kernel or isn't
-performed in user mode. :-))
-
-The option for this is the CONFIG_FILTER option; the "Configure.help"
-file says:
-
- Socket filtering
- CONFIG_FILTER
- The Linux Socket Filter is derived from the Berkeley Packet Filter.
- If you say Y here, user-space programs can attach a filter to any
- socket and thereby tell the kernel that it should allow or disallow
- certain types of data to get through the socket. Linux Socket
- Filtering works on all socket types except TCP for now. See the text
- file linux/Documentation/networking/filter.txt for more information.
- If unsure, say N.
-
-
-Statistics:
-Statistics reported by pcap are platform specific. The statistics
-reported by pcap_stats on Linux are as follows:
-
-2.2.x
-=====
-ps_recv Number of packets that were accepted by the pcap filter
-ps_drops Always 0, this statistic is not gatherd on this platform
-
-2.4.x
-=====
-ps_rec Number of packets that were accepted by the pcap filter
-ps_drops Number of packets that had passed filtering but were not
- passed on to pcap due to things like buffer shortage, etc.
- This is useful because these are packets you are interested in
- but won't be reported by, for example, tcpdump output.
diff --git a/README.macosx b/README.macosx
deleted file mode 100644
index 25794d88594b..000000000000
--- a/README.macosx
+++ /dev/null
@@ -1,43 +0,0 @@
-As with other systems using BPF, Mac OS X allows users with read access
-to the BPF devices to capture packets with libpcap and allows users with
-write access to the BPF devices to send packets with libpcap.
-
-On some systems that use BPF, the BPF devices live on the root file
-system, and the permissions and/or ownership on those devices can be
-changed to give users other than root permission to read or write those
-devices.
-
-On newer versions of FreeBSD, the BPF devices live on devfs, and devfs
-can be configured to set the permissions and/or ownership of those
-devices to give users other than root permission to read or write those
-devices.
-
-On Mac OS X, the BPF devices live on devfs, but the OS X version of
-devfs is based on an older (non-default) FreeBSD devfs, and that version
-of devfs cannot be configured to set the permissions and/or ownership of
-those devices.
-
-Therefore, we supply a "startup item" for OS X that will change the
-ownership of the BPF devices so that the "admin" group owns them, and
-will change the permission of the BPF devices to rw-rw----, so that all
-users in the "admin" group - i.e., all users with "Allow user to
-administer this computer" turned on - have both read and write access to
-them.
-
-The startup item is in the ChmodBPF directory in the source tree. A
-/Library/StartupItems directory should be created if it doesn't already
-exist, and the ChmodBPF directory should be copied to the
-/Library/StartupItems directory (copy the entire directory, so that
-there's a /Library/StartupItems/ChmodBPF directory, containing all the
-files in the source tree's ChmodBPF directory; don't copy the individual
-items in that directory to /Library/StartupItems).
-
-If you want to give a particular user permission to access the BPF
-devices, rather than giving all administrative users permission to
-access them, you can have the ChmodBPF/ChmodBPF script change the
-ownership of /dev/bpf* without changing the permissions. If you want to
-give a particular user permission to read and write the BPF devices and
-give the administrative users permission to read but not write the BPF
-devices, you can have the script change the owner to that user, the
-group to "admin", and the permissions to rw-r-----. Other possibilities
-are left as an exercise for the reader.
diff --git a/README.septel b/README.septel
deleted file mode 100644
index fbc88df38af4..000000000000
--- a/README.septel
+++ /dev/null
@@ -1,50 +0,0 @@
-The following instructions apply if you have a Linux platform and want
-libpcap to support the Septel range of passive network monitoring cards
-from Intel (http://www.intel.com)
-
-1) Install and build the Septel software distribution by following the
-instructions supplied with that package.
-
-2) Configure libcap. To allow the 'configure' script to locate the Septel
-software distribution use the '--with-septel' option:
-
- ./configure --with-septel=DIR
-
-where DIR is the root of the Septel software distribution, for example
-/var/src/septel.
-
-By default (if you write only ./configure --with-septel) it takes
-./../septel as argument for DIR.
-
-If the Septel software is correctly detected 'configure' will
-report:
-
- checking whether we have Septel API... yes
-
-If 'configure' reports that there is no Septel API, the directory may have been
-incorrectly specified or the Septel software was not built before configuring
-libpcap.
-
-See also the libpcap INSTALL.txt file for further libpcap configuration
-options.
-
-Building libpcap at this stage will include support for both the native
-packet capture stream and for capturing from Septel cards. To build
-libpcap with only Septel support specify the capture type as 'septel'
-when configuring libpcap:
-
- ./configure --with-septel=DIR --with-pcap=septel
-
-Applications built with libpcap configured in this way will only detect Septel
-cards and will not capture from the native OS packet stream.
-
-Note: As mentioned in pcap-septel.c we should first edit the system.txt
-file to change the user part example (UPE) module id to 0xdd instead of
-0x2d for technical reason. So this change in system.txt is crutial and
-things will go wrong if it's not done. System.txt along with config.txt
-are configuration files that are edited by the user before running the
-gctload program that uses these files for initialising modules and
-configuring parameters.
-
-----------------------------------------------------------------------
-for more information please contact me : gil_hoyek@hotmail.com
diff --git a/README.tru64 b/README.tru64
deleted file mode 100644
index 7fe1ef07b530..000000000000
--- a/README.tru64
+++ /dev/null
@@ -1,49 +0,0 @@
-The following instructions are applicable to Tru64 UNIX
-(formerly Digital UNIX (formerly DEC OSF/1)) version 4.0, and
-probably to later versions as well; at least some options apply to
-Digital UNIX 3.2 - perhaps all do.
-
-In order to use kernel packet filtering on this system, you have
-to configure it in such a way:
-
-Kernel configuration
---------------------
-
-The packet filtering kernel option must be enabled at kernel
-installation. If it was not the case, you can rebuild the kernel with
-"doconfig -c" after adding the following line in the kernel
-configuration file (/sys/conf/<HOSTNAME>):
-
- option PACKETFILTER
-
-or use "doconfig" without any arguments to add the packet filter driver
-option via the kernel option menu (see the system administration
-documentation for information on how to do this).
-
-Device configuration
---------------------
-
-Devices used for packet filtering must be created thanks to
-the following command (executed in the /dev directory):
-
- ./MAKEDEV pfilt
-
-Interface configuration
------------------------
-
-In order to capture all packets on a network, you may want to allow
-applications to put the interface on that network into "local copy"
-mode, so that tcpdump can see packets sent by the host on which it's
-running as well as packets received by that host, and to put the
-interface into "promiscuous" mode, so that tcpdump can see packets on
-the network segment not sent to the host on which it's running, by using
-the pfconfig(1) command:
-
- pfconfig +c +p <network_device>
-
-or allow application to put any interface into "local copy" or
-"promiscuous" mode by using the command:
-
- pfconfig +c +p -a
-
-Note: all instructions given require root privileges.
diff --git a/VERSION b/VERSION
index e3e180701e2a..3eefcb9dd5b3 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.9.8
+1.0.0
diff --git a/aclocal.m4 b/aclocal.m4
index 1efb4742e604..5ceb076c9159 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,4 +1,4 @@
-dnl @(#) $Header: /tcpdump/master/libpcap/aclocal.m4,v 1.85.2.1 2005/04/21 03:42:09 guy Exp $ (LBL)
+dnl @(#) $Header: /tcpdump/master/libpcap/aclocal.m4,v 1.86.2.6 2008-09-28 17:13:37 guy Exp $ (LBL)
dnl
dnl Copyright (c) 1995, 1996, 1997, 1998
dnl The Regents of the University of California. All rights reserved.
@@ -57,7 +57,7 @@ AC_DEFUN(AC_LBL_C_INIT,
LBL_CFLAGS="$CFLAGS"
fi
if test -z "$CC" ; then
- case "$target_os" in
+ case "$host_os" in
bsdi*)
AC_CHECK_PROG(SHLICC2, shlicc2, yes, no)
@@ -100,7 +100,7 @@ AC_DEFUN(AC_LBL_C_INIT,
ac_cv_lbl_cc_ansi_prototypes=no))
AC_MSG_RESULT($ac_cv_lbl_cc_ansi_prototypes)
if test $ac_cv_lbl_cc_ansi_prototypes = no ; then
- case "$target_os" in
+ case "$host_os" in
hpux*)
AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE))
@@ -129,7 +129,7 @@ AC_DEFUN(AC_LBL_C_INIT,
$2="$$2 -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
- case "$target_os" in
+ case "$host_os" in
irix*)
V_CCOPT="$V_CCOPT -xansi -signed -g3"
@@ -269,7 +269,7 @@ AC_DEFUN(AC_LBL_LIBPCAP,
AC_MSG_RESULT($libpcap)
fi
LIBS="$libpcap $LIBS"
- case "$target_os" in
+ case "$host_os" in
aix*)
pseexe="/lib/pse.exp"
@@ -301,7 +301,7 @@ AC_DEFUN(AC_LBL_TYPE_SIGNAL,
else
AC_DEFINE(RETSIGVAL,(0),[return value of signal handlers])
fi
- case "$target_os" in
+ case "$host_os" in
irix*)
AC_DEFINE(_BSD_SIGNALS,1,[get BSD semantics on Irix])
@@ -627,7 +627,7 @@ AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
# know it does work, and have the script just fail on other
# cpu types and update it when such a failure occurs.
#
- alpha*|arm*|hp*|mips*|sh*|sparc*|ia64|nv1)
+ alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
ac_cv_lbl_unaligned_fail=yes
;;
@@ -682,7 +682,7 @@ EOF
dnl
dnl If using gcc and the file .devel exists:
dnl Compile with -g (if supported) and -Wall
-dnl If using gcc 2, do extra prototype checking
+dnl If using gcc 2 or later, do extra prototype checking
dnl If an os prototype include exists, symlink os-proto.h to it
dnl
dnl usage:
@@ -712,7 +712,7 @@ AC_DEFUN(AC_LBL_DEVEL,
fi
fi
else
- case "$target_os" in
+ case "$host_os" in
irix6*)
V_CCOPT="$V_CCOPT -n32"
@@ -722,7 +722,7 @@ AC_DEFUN(AC_LBL_DEVEL,
;;
esac
fi
- os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
+ os=`echo $host_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
name="lbl/os-$os.h"
if test -f $name ; then
ln -s $name os-proto.h
@@ -746,6 +746,11 @@ dnl results:
dnl
dnl LIBS
dnl
+dnl XXX - "AC_LBL_LIBRARY_NET" was redone to use "AC_SEARCH_LIBS"
+dnl rather than "AC_LBL_CHECK_LIB", so this isn't used any more.
+dnl We keep it around for reference purposes in case it's ever
+dnl useful in the future.
+dnl
define(AC_LBL_CHECK_LIB,
[AC_MSG_CHECKING([for $2 in -l$1])
@@ -898,3 +903,59 @@ AC_DEFUN(AC_LBL_TPACKET_STATS,
if test $ac_cv_lbl_tpacket_stats = yes; then
AC_DEFINE(HAVE_TPACKET_STATS,1,[if if_packet.h has tpacket_stats defined])
fi])
+
+dnl
+dnl Checks to see if the tpacket_auxdata struct has a tp_vlan_tci member.
+dnl
+dnl usage:
+dnl
+dnl AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI
+dnl
+dnl results:
+dnl
+dnl HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI (defined)
+dnl
+dnl NOTE: any compile failure means we conclude that it doesn't have
+dnl that member, so if we don't have tpacket_auxdata, we conclude it
+dnl doesn't have that member (which is OK, as either we won't be using
+dnl code that would use that member, or we wouldn't compile in any case).
+dnl
+AC_DEFUN(AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,
+ [AC_MSG_CHECKING(if tpacket_auxdata struct has tp_vlan_tci member)
+ AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
+ AC_TRY_COMPILE([
+# include <linux/if_packet.h>],
+ [u_int i = sizeof(((struct tpacket_auxdata *)0)->tp_vlan_tci)],
+ ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci=yes,
+ ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci=no))
+ AC_MSG_RESULT($ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci)
+ if test $ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci = yes ; then
+ AC_DEFINE(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,1,[if tp_vlan_tci exists])
+ fi])
+
+dnl
+dnl Checks to see if Solaris has the dl_passive_req_t struct defined
+dnl in <sys/dlpi.h>.
+dnl
+dnl usage:
+dnl
+dnl AC_LBL_DL_PASSIVE_REQ_T
+dnl
+dnl results:
+dnl
+dnl HAVE_DLPI_PASSIVE (defined)
+dnl
+AC_DEFUN(AC_LBL_DL_PASSIVE_REQ_T,
+ [AC_MSG_CHECKING(if dl_passive_req_t struct exists)
+ AC_CACHE_VAL(ac_cv_lbl_has_dl_passive_req_t,
+ AC_TRY_COMPILE([
+# include <sys/types.h>
+# include <sys/dlpi.h>],
+ [u_int i = sizeof(dl_passive_req_t)],
+ ac_cv_lbl_has_dl_passive_req_t=yes,
+ ac_cv_lbl_has_dl_passive_req_t=no))
+ AC_MSG_RESULT($ac_cv_lbl_has_dl_passive_req_t)
+ if test $ac_cv_lbl_has_dl_passive_req_t = yes ; then
+ AC_DEFINE(HAVE_DLPI_PASSIVE,1,[if passive_req_t primitive
+ exists])
+ fi])
diff --git a/acsite.m4 b/acsite.m4
deleted file mode 100644
index 746faf1e1a4f..000000000000
--- a/acsite.m4
+++ /dev/null
@@ -1,505 +0,0 @@
-dnl @(#) $Header: acsite.m4,v 1.41 96/11/29 15:30:40 leres Exp $ (LBL)
-dnl
-dnl Copyright (c) 1995, 1996
-dnl The Regents of the University of California. All rights reserved.
-dnl
-dnl Redistribution and use in source and binary forms, with or without
-dnl modification, are permitted provided that: (1) source code distributions
-dnl retain the above copyright notice and this paragraph in its entirety, (2)
-dnl distributions including binary code include the above copyright notice and
-dnl this paragraph in its entirety in the documentation or other materials
-dnl provided with the distribution, and (3) all advertising materials mentioning
-dnl features or use of this software display the following acknowledgement:
-dnl ``This product includes software developed by the University of California,
-dnl Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
-dnl the University nor the names of its contributors may be used to endorse
-dnl or promote products derived from this software without specific prior
-dnl written permission.
-dnl THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-dnl WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-dnl
-dnl LBL autoconf macros
-dnl
-
-dnl
-dnl Determine which compiler we're using (cc or gcc)
-dnl If using gcc, determine the version number
-dnl If using cc, require that it support ansi prototypes
-dnl If using gcc, use -O2 (otherwise use -O)
-dnl If using cc, explicitly specify /usr/local/include
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_C_INIT(copt, incls)
-dnl
-dnl results:
-dnl
-dnl $1 (copt set)
-dnl $2 (incls set)
-dnl CC
-dnl ac_cv_gcc_vers
-dnl LBL_CFLAGS
-dnl
-dnl XXX need to add test to make sure ac_prog_cc hasn't been called
-AC_DEFUN(AC_LBL_C_INIT,
- [AC_PREREQ(2.12)
- $1=-O
- $2=""
- if test "${CFLAGS+set}" = set; then
- LBL_CFLAGS="$CFLAGS"
- fi
- if test -z "$CC" ; then
- case "$target_os" in
-
- bsdi*)
- AC_CHECK_PROG(SHLICC2, shlicc2, yes, no)
- if test $SHLICC2 = yes ; then
- CC=shlicc2
- export CC
- fi
- ;;
- esac
- fi
- AC_PROG_CC
- if test $ac_cv_prog_gcc = yes ; then
- if test "$SHLICC2" = yes ; then
- ac_cv_gcc_vers=2
- $1=-O2
- else
- AC_MSG_CHECKING(gcc version)
- AC_CACHE_VAL(ac_cv_gcc_vers,
- ac_cv_gcc_vers=`$CC -v 2>&1 | \
- sed -n -e '$s/.* //' -e '$s/\..*//p'`)
- AC_MSG_RESULT($ac_cv_gcc_vers)
- if test $ac_cv_gcc_vers -gt 1 ; then
- $1=-O2
- fi
- fi
- else
- AC_MSG_CHECKING(that $CC handles ansi prototypes)
- AC_CACHE_VAL(ac_cv_cc_ansi_prototypes,
- AC_TRY_COMPILE(
- [#include <sys/types.h>],
- [int frob(int, char *)],
- ac_cv_cc_ansi_prototypes=yes,
- ac_cv_cc_ansi_prototypes=no))
- AC_MSG_RESULT($ac_cv_cc_ansi_prototypes)
- if test $ac_cv_cc_ansi_prototypes = no ; then
- case "$target_os" in
-
- hpux*)
- AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE))
- savedcflags="$CFLAGS"
- CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS"
- AC_CACHE_VAL(ac_cv_cc_hpux_cc_aa,
- AC_TRY_COMPILE(
- [#include <sys/types.h>],
- [int frob(int, char *)],
- ac_cv_cc_hpux_cc_aa=yes,
- ac_cv_cc_hpux_cc_aa=no))
- AC_MSG_RESULT($ac_cv_cc_hpux_cc_aa)
- if test $ac_cv_cc_hpux_cc_aa = no ; then
- AC_MSG_ERROR(see the INSTALL for more info)
- fi
- CFLAGS="$savedcflags"
- V_CCOPT="-Aa $V_CCOPT"
- AC_DEFINE(_HPUX_SOURCE)
- ;;
-
- *)
- AC_MSG_ERROR(see the INSTALL for more info)
- ;;
- esac
- fi
- $2=-I/usr/local/include
-
- case "$target_os" in
-
- irix*)
- V_CCOPT="$V_CCOPT -xansi -signed -g3"
- ;;
-
- osf*)
- V_CCOPT="$V_CCOPT -g3"
- ;;
-
- ultrix*)
- AC_MSG_CHECKING(that Ultrix $CC hacks const in prototypes)
- AC_CACHE_VAL(ac_cv_cc_const_proto,
- AC_TRY_COMPILE(
- [#include <sys/types.h>],
- [struct a { int b; };
- void c(const struct a *)],
- ac_cv_cc_const_proto=yes,
- ac_cv_cc_const_proto=no))
- AC_MSG_RESULT($ac_cv_cc_const_proto)
- if test $ac_cv_cc_const_proto = no ; then
- AC_DEFINE(const,)
- fi
- ;;
- esac
- fi
-])
-
-dnl
-dnl Use pfopen.c if available and pfopen() not in standard libraries
-dnl Require libpcap
-dnl Look for libpcap in ..
-dnl Use the installed libpcap if there is no local version
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_LIBPCAP(pcapdep, incls)
-dnl
-dnl results:
-dnl
-dnl $1 (pcapdep set)
-dnl $2 (incls appended)
-dnl LIBS
-dnl
-AC_DEFUN(AC_LBL_LIBPCAP,
- [pfopen=/usr/examples/packetfilter/pfopen.c
- if test -f $pfopen ; then
- AC_CHECK_FUNCS(pfopen)
- if test $ac_cv_func_pfopen = "no" ; then
- AC_MSG_RESULT(Using $pfopen)
- LIBS="$LIBS $pfopen"
- fi
- fi
- AC_MSG_CHECKING(for local pcap library)
- libpcap=FAIL
- lastdir=FAIL
- places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
- egrep '/libpcap-[[0-9]]*\.[[0-9]]*(\.[[0-9]]*)?([[ab]][[0-9]]*)?$'`
- for dir in $places ../libpcap libpcap ; do
- basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//'`
- if test $lastdir = $basedir ; then
- dnl skip alphas when an actual release is present
- continue;
- fi
- lastdir=$dir
- if test -r $dir/pcap.c ; then
- libpcap=$dir/libpcap.a
- d=$dir
- dnl continue and select the last one that exists
- fi
- done
- if test $libpcap = FAIL ; then
- AC_MSG_RESULT(not found)
- AC_CHECK_LIB(pcap, main, libpcap="-lpcap")
- if test $libpcap = FAIL ; then
- AC_MSG_ERROR(see the INSTALL doc for more info)
- fi
- else
- $1=$libpcap
- $2="-I$d $$2"
- AC_MSG_RESULT($libpcap)
- fi
- LIBS="$libpcap $LIBS"])
-
-dnl
-dnl Define RETSIGTYPE and RETSIGVAL
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_TYPE_SIGNAL
-dnl
-dnl results:
-dnl
-dnl RETSIGTYPE (defined)
-dnl RETSIGVAL (defined)
-dnl
-AC_DEFUN(AC_LBL_TYPE_SIGNAL,
- [AC_TYPE_SIGNAL
- if test "$ac_cv_type_signal" = void ; then
- AC_DEFINE(RETSIGVAL,)
- else
- AC_DEFINE(RETSIGVAL,(0))
- fi
- case "$target_os" in
-
- irix*)
- AC_DEFINE(_BSD_SIGNALS)
- ;;
-
- *)
- AC_CHECK_FUNCS(sigset)
- if test $ac_cv_func_sigset = yes ; then
- AC_DEFINE(signal, sigset)
- fi
- ;;
- esac])
-
-dnl
-dnl If using gcc, see if fixincludes should be run
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_FIXINCLUDES
-dnl
-AC_DEFUN(AC_LBL_FIXINCLUDES,
- [if test $ac_cv_prog_gcc = yes ; then
- AC_MSG_CHECKING(if fixincludes is needed)
- AC_CACHE_VAL(ac_cv_gcc_fixincludes,
- AC_TRY_COMPILE(
- [/*
- * This generates a "duplicate case value" when fixincludes
- * has not be run.
- */
-# include <sys/types.h>
-# include <sys/time.h>
-# include <sys/ioctl.h>
-# ifdef HAVE_SYS_IOCCOM_H
-# include <sys/ioccom.h>
-# endif],
- [switch (0) {
- case _IO('A', 1):;
- case _IO('B', 1):;
- }],
- ac_cv_gcc_fixincludes=yes,
- ac_cv_gcc_fixincludes=no))
- AC_MSG_RESULT($ac_cv_gcc_fixincludes)
- if test $ac_cv_gcc_fixincludes = no ; then
- # Don't cache failure
- unset ac_cv_gcc_fixincludes
- AC_MSG_ERROR(see the INSTALL for more info)
- fi
- fi])
-
-dnl
-dnl Check for flex, default to lex
-dnl Require flex 2.4 or higher
-dnl Check for bison, default to yacc
-dnl Default to lex/yacc if both flex and bison are not available
-dnl Define the yy prefix string if using flex and bison
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_LEX_AND_YACC(lex, yacc, yyprefix)
-dnl
-dnl results:
-dnl
-dnl $1 (lex set)
-dnl $2 (yacc appended)
-dnl $3 (optional flex and bison -P prefix)
-dnl
-AC_DEFUN(AC_LBL_LEX_AND_YACC,
- [AC_CHECK_PROGS($1, flex, lex)
- if test "$$1" = flex ; then
- # The -V flag was added in 2.4
- AC_MSG_CHECKING(for flex 2.4 or higher)
- AC_CACHE_VAL(ac_cv_flex_v24,
- if flex -V >/dev/null 2>&1; then
- ac_cv_flex_v24=yes
- else
- ac_cv_flex_v24=no
- fi)
- AC_MSG_RESULT($ac_cv_flex_v24)
- if test $ac_cv_flex_v24 = no ; then
- s="2.4 or higher required"
- AC_MSG_WARN(ignoring obsolete flex executable ($s))
- $1=lex
- fi
- fi
- AC_CHECK_PROGS($2, bison, yacc)
- if test "$$2" = bison ; then
- $2="$$2 -y"
- fi
- if test "$$1" != lex -a "$$2" = yacc -o "$$1" = lex -a "$$2" != yacc ; then
- AC_MSG_WARN(don't have both flex and bison; reverting to lex/yacc)
- $1=lex
- $2=yacc
- fi
- if test "$$1" = flex -a -n "$3" ; then
- $1="$$1 -P$3"
- $2="$$2 -p $3"
- fi])
-
-dnl
-dnl Checks to see if union wait is used with WEXITSTATUS()
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_UNION_WAIT
-dnl
-dnl results:
-dnl
-dnl DECLWAITSTATUS (defined)
-dnl
-AC_DEFUN(AC_LBL_UNION_WAIT,
- [AC_MSG_CHECKING(if union wait is used)
- AC_CACHE_VAL(ac_cv_union_wait,
- AC_TRY_COMPILE([
-# include <sys/types.h>
-# include <sys/wait.h>],
- [int status;
- u_int i = WEXITSTATUS(status);
- u_int j = waitpid(0, &status, 0);],
- ac_cv_union_wait=no,
- ac_cv_union_wait=yes))
- AC_MSG_RESULT($ac_cv_union_wait)
- if test $ac_cv_union_wait = yes ; then
- AC_DEFINE(DECLWAITSTATUS,union wait)
- else
- AC_DEFINE(DECLWAITSTATUS,int)
- fi])
-
-dnl
-dnl Checks to see if the sockaddr struct has the 4.4 BSD sa_len member
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_SOCKADDR_SA_LEN
-dnl
-dnl results:
-dnl
-dnl HAVE_SOCKADDR_SA_LEN (defined)
-dnl
-AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
- [AC_MSG_CHECKING(if sockaddr struct has sa_len member)
- AC_CACHE_VAL(ac_cv_sockaddr_has_sa_len,
- AC_TRY_COMPILE([
-# include <sys/types.h>
-# include <sys/socket.h>],
- [u_int i = sizeof(((struct sockaddr *)0)->sa_len)],
- ac_cv_sockaddr_has_sa_len=yes,
- ac_cv_sockaddr_has_sa_len=no))
- AC_MSG_RESULT($ac_cv_sockaddr_has_sa_len)
- if test $ac_cv_sockaddr_has_sa_len = yes ; then
- AC_DEFINE(HAVE_SOCKADDR_SA_LEN)
- fi])
-
-dnl
-dnl Checks to see if -R is used
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_HAVE_RUN_PATH
-dnl
-dnl results:
-dnl
-dnl ac_cv_have_run_path (yes or no)
-dnl
-AC_DEFUN(AC_LBL_HAVE_RUN_PATH,
- [AC_MSG_CHECKING(for ${CC-cc} -R)
- AC_CACHE_VAL(ac_cv_have_run_path,
- [echo 'main(){}' > conftest.c
- ${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1
- if test ! -s conftest.out ; then
- ac_cv_have_run_path=yes
- else
- ac_cv_have_run_path=no
- fi
- rm -f conftest*])
- AC_MSG_RESULT($ac_cv_have_run_path)
- ])
-
-dnl
-dnl Checks to see if unaligned memory accesses fail
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_UNALIGNED_ACCESS
-dnl
-dnl results:
-dnl
-dnl LBL_ALIGN (DEFINED)
-dnl
-AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
- [AC_MSG_CHECKING(if unaligned accesses fail)
- AC_CACHE_VAL(ac_cv_unaligned_fail,
- [case "$target_cpu" in
-
- alpha|hp*|mips|sparc)
- ac_cv_unaligned_fail=yes
- ;;
-
- *)
- cat >conftest.c <<EOF
-# include <sys/types.h>
-# include <sys/wait.h>
-# include <stdio.h>
- unsigned char a[[5]] = { 1, 2, 3, 4, 5 };
- main() {
- unsigned int i;
- pid_t pid;
- int status;
- /* avoid "core dumped" message */
- pid = fork();
- if (pid < 0)
- exit(2);
- if (pid > 0) {
- /* parent */
- pid = waitpid(pid, &status, 0);
- if (pid < 0)
- exit(3);
- exit(!WIFEXITED(status));
- }
- /* child */
- i = *(unsigned int *)&a[[1]];
- printf("%d\n", i);
- exit(0);
- }
-EOF
- ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \
- conftest.c $LIBS >/dev/null 2>&1
- if test ! -x conftest ; then
- dnl failed to compile for some reason
- ac_cv_unaligned_fail=yes
- else
- ./conftest >conftest.out
- if test ! -s conftest.out ; then
- ac_cv_unaligned_fail=yes
- else
- ac_cv_unaligned_fail=no
- fi
- fi
- rm -f conftest* core core.conftest
- ;;
- esac])
- AC_MSG_RESULT($ac_cv_unaligned_fail)
- if test $ac_cv_unaligned_fail = yes ; then
- AC_DEFINE(LBL_ALIGN)
- fi])
-
-dnl
-dnl If using gcc and the file .devel exists:
-dnl Compile with -g (if supported) and -Wall
-dnl If using gcc 2, do extra prototype checking
-dnl If an os prototype include exists, symlink os-proto.h to it
-dnl
-dnl usage:
-dnl
-dnl AC_LBL_DEVEL(copt)
-dnl
-dnl results:
-dnl
-dnl $1 (copt appended)
-dnl HAVE_OS_PROTO_H (defined)
-dnl os-proto.h (symlinked)
-dnl
-AC_DEFUN(AC_LBL_DEVEL,
- [rm -f os-proto.h
- if test "${LBL_CFLAGS+set}" = set; then
- $1="$$1 ${LBL_CFLAGS}"
- fi
- if test $ac_cv_prog_gcc = yes -a -f .devel ; then
- if test "${LBL_CFLAGS+set}" != set; then
- if test "$ac_cv_prog_cc_g" = yes ; then
- $1="-g $$1"
- fi
- $1="$$1 -Wall"
- if test $ac_cv_gcc_vers -gt 1 ; then
- $1="$$1 -Wmissing-prototypes -Wstrict-prototypes"
- fi
- fi
- os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'`
- name="lbl/os-$os.h"
- if test -f $name ; then
- ln -s $name os-proto.h
- AC_DEFINE(HAVE_OS_PROTO_H)
- else
- AC_MSG_WARN(can't find $name)
- fi
- fi])
diff --git a/atmuni31.h b/atmuni31.h
index 877ed6879c3f..11242b8bfcc7 100644
--- a/atmuni31.h
+++ b/atmuni31.h
@@ -29,18 +29,18 @@
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * @(#) $Header: /tcpdump/master/libpcap/atmuni31.h,v 1.1 2002/07/11 09:06:32 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/atmuni31.h,v 1.1.6.2 2007/10/22 19:30:14 guy Exp $ (LBL)
*/
/* Based on UNI3.1 standard by ATM Forum */
/* ATM traffic types based on VPI=0 and (the following VCI */
-#define PPC 0x05 /* Point-to-point signal msg */
-#define BCC 0x02 /* Broadcast signal msg */
-#define OAMF4SC 0x03 /* Segment OAM F4 flow cell */
-#define OAMF4EC 0x04 /* End-to-end OAM F4 flow cell */
-#define METAC 0x01 /* Meta signal msg */
-#define ILMIC 0x10 /* ILMI msg */
+#define VCI_PPC 0x05 /* Point-to-point signal msg */
+#define VCI_BCC 0x02 /* Broadcast signal msg */
+#define VCI_OAMF4SC 0x03 /* Segment OAM F4 flow cell */
+#define VCI_OAMF4EC 0x04 /* End-to-end OAM F4 flow cell */
+#define VCI_METAC 0x01 /* Meta signal msg */
+#define VCI_ILMIC 0x10 /* ILMI msg */
/* Q.2931 signalling messages */
#define CALL_PROCEED 0x02 /* call proceeding */
diff --git a/bpf/net/bpf.h b/bpf/net/bpf.h
deleted file mode 100644
index 8c73f3ad4f6e..000000000000
--- a/bpf/net/bpf.h
+++ /dev/null
@@ -1,419 +0,0 @@
-/*-
- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
- * The Regents of the University of California. All rights reserved.
- *
- * This code is derived from the Stanford/CMU enet packet filter,
- * (net/enet.c) distributed as part of 4.3BSD, and code contributed
- * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
- * Berkeley Laboratory.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * @(#)bpf.h 7.1 (Berkeley) 5/7/91
- *
- * @(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf.h,v 1.51 2001/11/28 05:50:05 guy Exp $ (LBL)
- */
-
-#ifndef BPF_MAJOR_VERSION
-
-/* BSD style release date */
-#define BPF_RELEASE 199606
-
-typedef int bpf_int32;
-typedef u_int bpf_u_int32;
-
-/*
- * Alignment macros. BPF_WORDALIGN rounds up to the next
- * even multiple of BPF_ALIGNMENT.
- */
-#ifndef __NetBSD__
-#define BPF_ALIGNMENT sizeof(bpf_int32)
-#else
-#define BPF_ALIGNMENT sizeof(long)
-#endif
-#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
-
-#define BPF_MAXINSNS 512
-#define BPF_MAXBUFSIZE 0x8000
-#define BPF_MINBUFSIZE 32
-
-/*
- * Structure for BIOCSETF.
- */
-struct bpf_program {
- u_int bf_len;
- struct bpf_insn *bf_insns;
-};
-
-/*
- * Struct returned by BIOCGSTATS.
- */
-struct bpf_stat {
- u_int bs_recv; /* number of packets received */
- u_int bs_drop; /* number of packets dropped */
-};
-
-/*
- * Struct return by BIOCVERSION. This represents the version number of
- * the filter language described by the instruction encodings below.
- * bpf understands a program iff kernel_major == filter_major &&
- * kernel_minor >= filter_minor, that is, if the value returned by the
- * running kernel has the same major number and a minor number equal
- * equal to or less than the filter being downloaded. Otherwise, the
- * results are undefined, meaning an error may be returned or packets
- * may be accepted haphazardly.
- * It has nothing to do with the source code version.
- */
-struct bpf_version {
- u_short bv_major;
- u_short bv_minor;
-};
-/* Current version number of filter architecture. */
-#define BPF_MAJOR_VERSION 1
-#define BPF_MINOR_VERSION 1
-
-/*
- * BPF ioctls
- *
- * The first set is for compatibility with Sun's pcc style
- * header files. If your using gcc, we assume that you
- * have run fixincludes so the latter set should work.
- */
-#if (defined(sun) || defined(ibm032)) && !defined(__GNUC__)
-#define BIOCGBLEN _IOR(B,102, u_int)
-#define BIOCSBLEN _IOWR(B,102, u_int)
-#define BIOCSETF _IOW(B,103, struct bpf_program)
-#define BIOCFLUSH _IO(B,104)
-#define BIOCPROMISC _IO(B,105)
-#define BIOCGDLT _IOR(B,106, u_int)
-#define BIOCGETIF _IOR(B,107, struct ifreq)
-#define BIOCSETIF _IOW(B,108, struct ifreq)
-#define BIOCSRTIMEOUT _IOW(B,109, struct timeval)
-#define BIOCGRTIMEOUT _IOR(B,110, struct timeval)
-#define BIOCGSTATS _IOR(B,111, struct bpf_stat)
-#define BIOCIMMEDIATE _IOW(B,112, u_int)
-#define BIOCVERSION _IOR(B,113, struct bpf_version)
-#define BIOCSTCPF _IOW(B,114, struct bpf_program)
-#define BIOCSUDPF _IOW(B,115, struct bpf_program)
-#else
-#define BIOCGBLEN _IOR('B',102, u_int)
-#define BIOCSBLEN _IOWR('B',102, u_int)
-#define BIOCSETF _IOW('B',103, struct bpf_program)
-#define BIOCFLUSH _IO('B',104)
-#define BIOCPROMISC _IO('B',105)
-#define BIOCGDLT _IOR('B',106, u_int)
-#define BIOCGETIF _IOR('B',107, struct ifreq)
-#define BIOCSETIF _IOW('B',108, struct ifreq)
-#define BIOCSRTIMEOUT _IOW('B',109, struct timeval)
-#define BIOCGRTIMEOUT _IOR('B',110, struct timeval)
-#define BIOCGSTATS _IOR('B',111, struct bpf_stat)
-#define BIOCIMMEDIATE _IOW('B',112, u_int)
-#define BIOCVERSION _IOR('B',113, struct bpf_version)
-#define BIOCSTCPF _IOW('B',114, struct bpf_program)
-#define BIOCSUDPF _IOW('B',115, struct bpf_program)
-#endif
-
-/*
- * Structure prepended to each packet.
- */
-struct bpf_hdr {
- struct timeval bh_tstamp; /* time stamp */
- bpf_u_int32 bh_caplen; /* length of captured portion */
- bpf_u_int32 bh_datalen; /* original length of packet */
- u_short bh_hdrlen; /* length of bpf header (this struct
- plus alignment padding) */
-};
-/*
- * Because the structure above is not a multiple of 4 bytes, some compilers
- * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work.
- * Only the kernel needs to know about it; applications use bh_hdrlen.
- */
-#if defined(KERNEL) || defined(_KERNEL)
-#define SIZEOF_BPF_HDR 18
-#endif
-
-/*
- * Data-link level type codes.
- */
-
-/*
- * These are the types that are the same on all platforms; on other
- * platforms, a <net/bpf.h> should be supplied that defines the additional
- * DLT_* codes appropriately for that platform (the BSDs, for example,
- * should not just pick up this version of "bpf.h"; they should also define
- * the additional DLT_* codes used by their kernels, as well as the values
- * defined here - and, if the values they use for particular DLT_ types
- * differ from those here, they should use their values, not the ones
- * here).
- */
-#define DLT_NULL 0 /* no link-layer encapsulation */
-#define DLT_EN10MB 1 /* Ethernet (10Mb) */
-#define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
-#define DLT_AX25 3 /* Amateur Radio AX.25 */
-#define DLT_PRONET 4 /* Proteon ProNET Token Ring */
-#define DLT_CHAOS 5 /* Chaos */
-#define DLT_IEEE802 6 /* IEEE 802 Networks */
-#define DLT_ARCNET 7 /* ARCNET */
-#define DLT_SLIP 8 /* Serial Line IP */
-#define DLT_PPP 9 /* Point-to-point Protocol */
-#define DLT_FDDI 10 /* FDDI */
-
-/*
- * These are values from the traditional libpcap "bpf.h".
- * Ports of this to particular platforms should replace these definitions
- * with the ones appropriate to that platform, if the values are
- * different on that platform.
- */
-#define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
-#define DLT_RAW 12 /* raw IP */
-
-/*
- * These are values from BSD/OS's "bpf.h".
- * These are not the same as the values from the traditional libpcap
- * "bpf.h"; however, these values shouldn't be generated by any
- * OS other than BSD/OS, so the correct values to use here are the
- * BSD/OS values.
- *
- * Platforms that have already assigned these values to other
- * DLT_ codes, however, should give these codes the values
- * from that platform, so that programs that use these codes will
- * continue to compile - even though they won't correctly read
- * files of these types.
- */
-#define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
-#define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
-
-#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
-
-/*
- * These values are defined by NetBSD; other platforms should refrain from
- * using them for other purposes, so that NetBSD savefiles with link
- * types of 50 or 51 can be read as this type on all platforms.
- */
-#define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
-#define DLT_PPP_ETHER 51 /* PPP over Ethernet */
-
-/*
- * Values between 100 and 103 are used in capture file headers as
- * link-layer types corresponding to DLT_ types that differ
- * between platforms; don't use those values for new DLT_ new types.
- */
-
-/*
- * This value was defined by libpcap 0.5; platforms that have defined
- * it with a different value should define it here with that value -
- * a link type of 104 in a save file will be mapped to DLT_C_HDLC,
- * whatever value that happens to be, so programs will correctly
- * handle files with that link type regardless of the value of
- * DLT_C_HDLC.
- *
- * The name DLT_C_HDLC was used by BSD/OS; we use that name for source
- * compatibility with programs written for BSD/OS.
- *
- * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well,
- * for source compatibility with programs written for libpcap 0.5.
- */
-#define DLT_C_HDLC 104 /* Cisco HDLC */
-#define DLT_CHDLC DLT_C_HDLC
-
-#define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
-
-/*
- * Values between 106 and 107 are used in capture file headers as
- * link-layer types corresponding to DLT_ types that might differ
- * between platforms; don't use those values for new DLT_ new types.
- */
-
-/*
- * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except
- * that the AF_ type in the link-layer header is in network byte order.
- *
- * OpenBSD defines it as 12, but that collides with DLT_RAW, so we
- * define it as 108 here. If OpenBSD picks up this file, it should
- * define DLT_LOOP as 12 in its version, as per the comment above -
- * and should not use 108 as a DLT_ value.
- */
-#define DLT_LOOP 108
-
-/*
- * Values between 109 and 112 are used in capture file headers as
- * link-layer types corresponding to DLT_ types that might differ
- * between platforms; don't use those values for new DLT_ types
- * other than the corresponding DLT_ types.
- */
-
-/*
- * This is for Linux cooked sockets.
- */
-#define DLT_LINUX_SLL 113
-
-/*
- * Apple LocalTalk hardware.
- */
-#define DLT_LTALK 114
-
-/*
- * Acorn Econet.
- */
-#define DLT_ECONET 115
-
-/*
- * Reserved for use with OpenBSD ipfilter.
- */
-#define DLT_IPFILTER 116
-
-/*
- * Reserved for use in capture-file headers as a link-layer type
- * corresponding to OpenBSD DLT_PFLOG; DLT_PFLOG is 17 in OpenBSD,
- * but that's DLT_LANE8023 in SuSE 6.3, so we can't use 17 for it
- * in capture-file headers.
- */
-#define DLT_PFLOG 117
-
-/*
- * Registered for Cisco-internal use.
- */
-#define DLT_CISCO_IOS 118
-
-/*
- * Reserved for 802.11 cards using the Prism II chips, with a link-layer
- * header including Prism monitor mode information plus an 802.11
- * header.
- */
-#define DLT_PRISM_HEADER 119
-
-/*
- * Reserved for Aironet 802.11 cards, with an Aironet link-layer header
- * (see Doug Ambrisko's FreeBSD patches).
- */
-#define DLT_AIRONET_HEADER 120
-
-/*
- * The instruction encodings.
- */
-/* instruction classes */
-#define BPF_CLASS(code) ((code) & 0x07)
-#define BPF_LD 0x00
-#define BPF_LDX 0x01
-#define BPF_ST 0x02
-#define BPF_STX 0x03
-#define BPF_ALU 0x04
-#define BPF_JMP 0x05
-#define BPF_RET 0x06
-#define BPF_MISC 0x07
-
-/* ld/ldx fields */
-#define BPF_SIZE(code) ((code) & 0x18)
-#define BPF_W 0x00
-#define BPF_H 0x08
-#define BPF_B 0x10
-#define BPF_MODE(code) ((code) & 0xe0)
-#define BPF_IMM 0x00
-#define BPF_ABS 0x20
-#define BPF_IND 0x40
-#define BPF_MEM 0x60
-#define BPF_LEN 0x80
-#define BPF_MSH 0xa0
-
-/* alu/jmp fields */
-#define BPF_OP(code) ((code) & 0xf0)
-#define BPF_ADD 0x00
-#define BPF_SUB 0x10
-#define BPF_MUL 0x20
-#define BPF_DIV 0x30
-#define BPF_OR 0x40
-#define BPF_AND 0x50
-#define BPF_LSH 0x60
-#define BPF_RSH 0x70
-#define BPF_NEG 0x80
-#define BPF_JA 0x00
-#define BPF_JEQ 0x10
-#define BPF_JGT 0x20
-#define BPF_JGE 0x30
-#define BPF_JSET 0x40
-#define BPF_SRC(code) ((code) & 0x08)
-#define BPF_K 0x00
-#define BPF_X 0x08
-
-/* ret - BPF_K and BPF_X also apply */
-#define BPF_RVAL(code) ((code) & 0x18)
-#define BPF_A 0x10
-
-/* misc */
-#define BPF_MISCOP(code) ((code) & 0xf8)
-#define BPF_TAX 0x00
-#define BPF_TXA 0x80
-
-/*
- * The instruction data structure.
- */
-struct bpf_insn {
- u_short code;
- u_char jt;
- u_char jf;
- bpf_int32 k;
-};
-
-/*
- * Macros for insn array initializers.
- */
-#define BPF_STMT(code, k) { (u_short)(code), 0, 0, k }
-#define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
-
-#if defined(BSD) && (defined(KERNEL) || defined(_KERNEL))
-/*
- * Systems based on non-BSD kernels don't have ifnet's (or they don't mean
- * anything if it is in <net/if.h>) and won't work like this.
- */
-# if __STDC__
-extern void bpf_tap(struct ifnet *, u_char *, u_int);
-extern void bpf_mtap(struct ifnet *, struct mbuf *);
-extern void bpfattach(struct ifnet *, u_int, u_int);
-extern void bpfilterattach(int);
-# else
-extern void bpf_tap();
-extern void bpf_mtap();
-extern void bpfattach();
-extern void bpfilterattach();
-# endif /* __STDC__ */
-#endif /* BSD && (_KERNEL || KERNEL) */
-#if __STDC__
-extern int bpf_validate(struct bpf_insn *, int);
-extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int);
-#else
-extern int bpf_validate();
-extern u_int bpf_filter();
-#endif
-
-/*
- * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST).
- */
-#define BPF_MEMWORDS 16
-
-#endif
diff --git a/bpf/net/bpf_filter.c b/bpf/net/bpf_filter.c
index 40df32a8b39f..a2733d1b1b2e 100644
--- a/bpf/net/bpf_filter.c
+++ b/bpf/net/bpf_filter.c
@@ -40,7 +40,7 @@
#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.44 2003/11/15 23:24:07 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.45.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -71,7 +71,7 @@ static const char rcsid[] _U_ =
#endif /* WIN32 */
-#include <pcap-bpf.h>
+#include <pcap/bpf.h>
#if !defined(KERNEL) && !defined(_KERNEL)
#include <stdlib.h>
@@ -200,8 +200,8 @@ m_xhalf(m, k, err)
*/
u_int
bpf_filter(pc, p, wirelen, buflen)
- register struct bpf_insn *pc;
- register u_char *p;
+ register const struct bpf_insn *pc;
+ register const u_char *p;
u_int wirelen;
register u_int buflen;
{
@@ -512,54 +512,155 @@ bpf_filter(pc, p, wirelen, buflen)
}
}
-
/*
* Return true if the 'fcode' is a valid filter program.
* The constraints are that each jump be forward and to a valid
- * code. The code must terminate with either an accept or reject.
- * 'valid' is an array for use by the routine (it must be at least
- * 'len' bytes long).
+ * code, that memory accesses are within valid ranges (to the
+ * extent that this can be checked statically; loads of packet
+ * data have to be, and are, also checked at run time), and that
+ * the code terminates with either an accept or reject.
*
* The kernel needs to be able to verify an application's filter code.
* Otherwise, a bogus program could easily crash the system.
*/
int
bpf_validate(f, len)
- struct bpf_insn *f;
+ const struct bpf_insn *f;
int len;
{
- register int i;
- register struct bpf_insn *p;
+ u_int i, from;
+ const struct bpf_insn *p;
+
+ if (len < 1)
+ return 0;
+ /*
+ * There's no maximum program length in userland.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+ if (len > BPF_MAXINSNS)
+ return 0;
+#endif
for (i = 0; i < len; ++i) {
+ p = &f[i];
+ switch (BPF_CLASS(p->code)) {
/*
- * Check that that jumps are forward, and within
- * the code block.
+ * Check that memory operations use valid addresses.
*/
- p = &f[i];
- if (BPF_CLASS(p->code) == BPF_JMP) {
- register int from = i + 1;
-
- if (BPF_OP(p->code) == BPF_JA) {
- if (from + p->k >= (unsigned)len)
+ case BPF_LD:
+ case BPF_LDX:
+ switch (BPF_MODE(p->code)) {
+ case BPF_IMM:
+ break;
+ case BPF_ABS:
+ case BPF_IND:
+ case BPF_MSH:
+ /*
+ * There's no maximum packet data size
+ * in userland. The runtime packet length
+ * check suffices.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+ /*
+ * More strict check with actual packet length
+ * is done runtime.
+ */
+ if (p->k >= bpf_maxbufsize)
return 0;
+#endif
+ break;
+ case BPF_MEM:
+ if (p->k >= BPF_MEMWORDS)
+ return 0;
+ break;
+ case BPF_LEN:
+ break;
+ default:
+ return 0;
}
- else if (from + p->jt >= len || from + p->jf >= len)
+ break;
+ case BPF_ST:
+ case BPF_STX:
+ if (p->k >= BPF_MEMWORDS)
return 0;
- }
- /*
- * Check that memory operations use valid addresses.
- */
- if ((BPF_CLASS(p->code) == BPF_ST ||
- (BPF_CLASS(p->code) == BPF_LD &&
- (p->code & 0xe0) == BPF_MEM)) &&
- (p->k >= BPF_MEMWORDS || p->k < 0))
- return 0;
- /*
- * Check for constant division by 0.
- */
- if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0)
+ break;
+ case BPF_ALU:
+ switch (BPF_OP(p->code)) {
+ case BPF_ADD:
+ case BPF_SUB:
+ case BPF_MUL:
+ case BPF_OR:
+ case BPF_AND:
+ case BPF_LSH:
+ case BPF_RSH:
+ case BPF_NEG:
+ break;
+ case BPF_DIV:
+ /*
+ * Check for constant division by 0.
+ */
+ if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
+ return 0;
+ break;
+ default:
+ return 0;
+ }
+ break;
+ case BPF_JMP:
+ /*
+ * Check that jumps are within the code block,
+ * and that unconditional branches don't go
+ * backwards as a result of an overflow.
+ * Unconditional branches have a 32-bit offset,
+ * so they could overflow; we check to make
+ * sure they don't. Conditional branches have
+ * an 8-bit offset, and the from address is <=
+ * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
+ * is sufficiently small that adding 255 to it
+ * won't overflow.
+ *
+ * We know that len is <= BPF_MAXINSNS, and we
+ * assume that BPF_MAXINSNS is < the maximum size
+ * of a u_int, so that i + 1 doesn't overflow.
+ *
+ * For userland, we don't know that the from
+ * or len are <= BPF_MAXINSNS, but we know that
+ * from <= len, and, except on a 64-bit system,
+ * it's unlikely that len, if it truly reflects
+ * the size of the program we've been handed,
+ * will be anywhere near the maximum size of
+ * a u_int. We also don't check for backward
+ * branches, as we currently support them in
+ * userland for the protochain operation.
+ */
+ from = i + 1;
+ switch (BPF_OP(p->code)) {
+ case BPF_JA:
+#if defined(KERNEL) || defined(_KERNEL)
+ if (from + p->k < from || from + p->k >= len)
+#else
+ if (from + p->k >= len)
+#endif
+ return 0;
+ break;
+ case BPF_JEQ:
+ case BPF_JGT:
+ case BPF_JGE:
+ case BPF_JSET:
+ if (from + p->jt >= len || from + p->jf >= len)
+ return 0;
+ break;
+ default:
+ return 0;
+ }
+ break;
+ case BPF_RET:
+ break;
+ case BPF_MISC:
+ break;
+ default:
return 0;
+ }
}
return BPF_CLASS(f[len - 1].code) == BPF_RET;
}
diff --git a/bpf_dump.c b/bpf_dump.c
index 303602e20772..5c0033dc5de5 100644
--- a/bpf_dump.c
+++ b/bpf_dump.c
@@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.14 2003/11/15 23:23:57 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/bpf_dump.c,v 1.14.4.1 2008/01/02 04:22:16 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -31,9 +31,9 @@ static const char rcsid[] _U_ =
#include <stdio.h>
void
-bpf_dump(struct bpf_program *p, int option)
+bpf_dump(const struct bpf_program *p, int option)
{
- struct bpf_insn *insn;
+ const struct bpf_insn *insn;
int i;
int n = p->bf_len;
diff --git a/bpf_image.c b/bpf_image.c
index 2e761289f7cf..91f7cef43b5c 100644
--- a/bpf_image.c
+++ b/bpf_image.c
@@ -21,7 +21,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.26.2.1 2007/06/11 09:52:04 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/bpf_image.c,v 1.27.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -39,7 +39,7 @@ static const char rcsid[] _U_ =
char *
bpf_image(p, n)
- struct bpf_insn *p;
+ const struct bpf_insn *p;
int n;
{
int v;
diff --git a/chmod_bpf b/chmod_bpf
new file mode 100755
index 000000000000..0a30d99301e4
--- /dev/null
+++ b/chmod_bpf
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+#
+# Unfortunately, Mac OS X's devfs is based on the old FreeBSD
+# one, not the current one, so there's no way to configure it
+# to create BPF devices with particular owners or groups.
+# This startup item will make it owned by the admin group,
+# with permissions rw-rw----, so that anybody in the admin
+# group can use programs that capture or send raw packets.
+#
+# Change this as appropriate for your site, e.g. to make
+# it owned by a particular user without changing the permissions,
+# so only that user and the super-user can capture or send raw
+# packets, or give it the permissions rw-r-----, so that
+# only the super-user can send raw packets but anybody in the
+# admin group can capture packets.
+#
+chgrp admin /dev/bpf*
+chmod g+rw /dev/bpf*
diff --git a/config.h.in b/config.h.in
index 8aa879cb5439..403cbfa7bd3a 100644
--- a/config.h.in
+++ b/config.h.in
@@ -19,6 +19,9 @@
/* define if you have dag_get_erf_types() */
#undef HAVE_DAG_GET_ERF_TYPES
+/* define if you have dag_get_stream_erf_types() */
+#undef HAVE_DAG_GET_STREAM_ERF_TYPES
+
/* define if you have streams capable DAG API */
#undef HAVE_DAG_STREAMS_API
@@ -29,9 +32,15 @@
/* define if you have a /dev/dlpi */
#undef HAVE_DEV_DLPI
+/* if passive_req_t primitive exists */
+#undef HAVE_DLPI_PASSIVE
+
/* Define to 1 if you have the `ether_hostton' function. */
#undef HAVE_ETHER_HOSTTON
+/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
+#undef HAVE_FSEEKO
+
/* on HP-UX 10.20 or later */
#undef HAVE_HPUX10_20_OR_LATER
@@ -44,9 +53,18 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+/* if libdlpi exists */
+#undef HAVE_LIBDLPI
+
/* Define to 1 if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
+/* if tp_vlan_tci exists */
+#undef HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI
+
+/* Define to 1 if you have the <linux/wireless.h> header file. */
+#undef HAVE_LINUX_WIRELESS_H
+
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
@@ -56,6 +74,9 @@
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
#undef HAVE_NETINET_IF_ETHER_H
+/* Define to 1 if you have the <net/if_media.h> header file. */
+#undef HAVE_NET_IF_MEDIA_H
+
/* Define to 1 if you have the <net/pfvar.h> header file. */
#undef HAVE_NET_PFVAR_H
@@ -65,6 +86,9 @@
/* Define to 1 if you have the <paths.h> header file. */
#undef HAVE_PATHS_H
+/* define if net/pfvar.h defines PF_NAT through PF_NORDR */
+#undef HAVE_PF_NAT_THROUGH_PF_NORDR
+
/* define if you have a /proc/net/dev */
#undef HAVE_PROC_NET_DEV
@@ -80,6 +104,9 @@
/* if struct sockaddr_storage exists */
#undef HAVE_SOCKADDR_STORAGE
+/* define if socklen_t is defined */
+#undef HAVE_SOCKLEN_T
+
/* On solaris */
#undef HAVE_SOLARIS
@@ -134,6 +161,9 @@
/* Define to 1 if you have the `vsnprintf' function. */
#undef HAVE_VSNPRINTF
+/* define if the system supports zerocopy BPF */
+#undef HAVE_ZEROCOPY_BPF
+
/* define if your compiler has __attribute__ */
#undef HAVE___ATTRIBUTE__
@@ -143,6 +173,9 @@
/* if unaligned access fails */
#undef LBL_ALIGN
+/* path for device for USB sniffing */
+#undef LINUX_USB_MON_DEV
+
/* Define to 1 if netinet/ether.h declares `ether_hostton' */
#undef NETINET_ETHER_H_DECLARES_ETHER_HOSTTON
@@ -170,15 +203,33 @@
/* /dev/dlpi directory */
#undef PCAP_DEV_PREFIX
+/* target host supports Bluetooth sniffing */
+#undef PCAP_SUPPORT_BT
+
+/* target host supports USB sniffing */
+#undef PCAP_SUPPORT_USB
+
+/* include ACN support */
+#undef SITA
+
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Enable parser debugging */
#undef YYDEBUG
+/* Number of bits in a file offset, on hosts where this is settable. */
+#undef _FILE_OFFSET_BITS
+
/* needed on HP-UX */
#undef _HPUX_SOURCE
+/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
+#undef _LARGEFILE_SOURCE
+
+/* Define for large files, on AIX-style hosts. */
+#undef _LARGE_FILES
+
/* define on AIX to get certain functions */
#undef _SUN
@@ -194,5 +245,8 @@
/* if we have u_int32_t */
#undef u_int32_t
+/* if we have u_int64_t */
+#undef u_int64_t
+
/* if we have u_int8_t */
#undef u_int8_t
diff --git a/configure b/configure
index 38e035ef2ee0..bd8da0bfda65 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.in Revision: 1.120.2.13 .
+# From configure.in Revision: 1.138.2.22 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61.
#
@@ -684,10 +684,16 @@ V_INCLS
V_LIBS
V_PCAP
V_FINDALLDEVS
-V_RANLIB
SSRC
DYEXT
DAGLIBS
+DEPLIBS
+MAN_FILE_FORMATS
+MAN_MISC_INFO
+PCAP_SUPPORT_USB
+USB_SRC
+PCAP_SUPPORT_BT
+BT_SRC
INSTALL_PROGRAM
INSTALL_SCRIPT
INSTALL_DATA
@@ -1275,8 +1281,9 @@ if test -n "$ac_init_help"; then
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --disable-largefile omit support for large files
--disable-protochain disable \"protochain\" insn
- --enable-ipv6 build IPv6-capable version
+ --enable-ipv6 build IPv6-capable version [default=yes, if getaddrinfo available]
--enable-optimizer-dbg build optimizer debugging code
--enable-yydebug build parser debugging code
@@ -1284,6 +1291,7 @@ Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-gcc don't use gcc
+ --with-sita include SITA support
--with-pcap=TYPE use packet capture TYPE
--with-dag[=DIR] include Endace DAG support ("yes", "no" or DIR; default="yes" on BSD and Linux if present)
--with-dag-includes=DIR Endace DAG include directory
@@ -1902,7 +1910,7 @@ fi
LBL_CFLAGS="$CFLAGS"
fi
if test -z "$CC" ; then
- case "$target_os" in
+ case "$host_os" in
bsdi*)
# Extract the first word of "shlicc2", so it can be a program name with args.
@@ -2949,7 +2957,7 @@ fi
{ echo "$as_me:$LINENO: result: $ac_cv_lbl_cc_ansi_prototypes" >&5
echo "${ECHO_T}$ac_cv_lbl_cc_ansi_prototypes" >&6; }
if test $ac_cv_lbl_cc_ansi_prototypes = no ; then
- case "$target_os" in
+ case "$host_os" in
hpux*)
{ echo "$as_me:$LINENO: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5
@@ -3028,7 +3036,7 @@ echo "$as_me: error: see the INSTALL doc for more info" >&2;}
V_INCLS="$V_INCLS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
- case "$target_os" in
+ case "$host_os" in
irix*)
V_CCOPT="$V_CCOPT -xansi -signed -g3"
@@ -3450,6 +3458,543 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
fi
+{ echo "$as_me:$LINENO: checking for u_int64_t using $CC" >&5
+echo $ECHO_N "checking for u_int64_t using $CC... $ECHO_C" >&6; }
+ if test "${ac_cv_lbl_have_u_int64_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include "confdefs.h"
+# include <sys/types.h>
+# if STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+# endif
+int
+main ()
+{
+u_int64_t i
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_lbl_have_u_int64_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lbl_have_u_int64_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { echo "$as_me:$LINENO: result: $ac_cv_lbl_have_u_int64_t" >&5
+echo "${ECHO_T}$ac_cv_lbl_have_u_int64_t" >&6; }
+ if test $ac_cv_lbl_have_u_int64_t = no ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define u_int64_t unsigned long long
+_ACEOF
+
+ fi
+
+#
+# Try to arrange for large file support.
+#
+# Check whether --enable-largefile was given.
+if test "${enable_largefile+set}" = set; then
+ enableval=$enable_largefile;
+fi
+
+if test "$enable_largefile" != no; then
+
+ { echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5
+echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_largefile_CC+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_sys_largefile_CC=no
+ if test "$GCC" != yes; then
+ ac_save_CC=$CC
+ while :; do
+ # IRIX 6.2 and later do not support large files by default,
+ # so use the C compiler's -n32 option if that helps.
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+ CC="$CC -n32"
+ rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_largefile_CC=' -n32'; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+ break
+ done
+ CC=$ac_save_CC
+ rm -f conftest.$ac_ext
+ fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5
+echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6; }
+ if test "$ac_cv_sys_largefile_CC" != no; then
+ CC=$CC$ac_cv_sys_largefile_CC
+ fi
+
+ { echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5
+echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_file_offset_bits+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_file_offset_bits=no; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#define _FILE_OFFSET_BITS 64
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_file_offset_bits=64; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_file_offset_bits=unknown
+ break
+done
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5
+echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6; }
+case $ac_cv_sys_file_offset_bits in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
+_ACEOF
+;;
+esac
+rm -f conftest*
+ if test $ac_cv_sys_file_offset_bits = unknown; then
+ { echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5
+echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_large_files+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_large_files=no; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#define _LARGE_FILES 1
+#include <sys/types.h>
+ /* Check that off_t can represent 2**63 - 1 correctly.
+ We can't simply define LARGE_OFF_T to be 9223372036854775807,
+ since some C++ compilers masquerading as C compilers
+ incorrectly reject 9223372036854775807. */
+#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
+ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+ && LARGE_OFF_T % 2147483647 == 1)
+ ? 1 : -1];
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_large_files=1; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cv_sys_large_files=unknown
+ break
+done
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5
+echo "${ECHO_T}$ac_cv_sys_large_files" >&6; }
+case $ac_cv_sys_large_files in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGE_FILES $ac_cv_sys_large_files
+_ACEOF
+;;
+esac
+rm -f conftest*
+ fi
+fi
+
+{ echo "$as_me:$LINENO: checking for _LARGEFILE_SOURCE value needed for large files" >&5
+echo $ECHO_N "checking for _LARGEFILE_SOURCE value needed for large files... $ECHO_C" >&6; }
+if test "${ac_cv_sys_largefile_source+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ while :; do
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+return fseeko (stdin, 0, 0) && (fseeko) (stdin, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_sys_largefile_source=no; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#define _LARGEFILE_SOURCE 1
+#include <stdio.h>
+int
+main ()
+{
+return fseeko (stdin, 0, 0) && (fseeko) (stdin, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_sys_largefile_source=1; break
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_cv_sys_largefile_source=unknown
+ break
+done
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_source" >&5
+echo "${ECHO_T}$ac_cv_sys_largefile_source" >&6; }
+case $ac_cv_sys_largefile_source in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source
+_ACEOF
+;;
+esac
+rm -f conftest*
+
+# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
+# in glibc 2.1.3, but that breaks too many other things.
+# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
+if test $ac_cv_sys_largefile_source != unknown; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_FSEEKO 1
+_ACEOF
+
+fi
+
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -4290,6 +4835,66 @@ fi
done
+if test "$ac_cv_header_net_pfvar_h" = yes; then
+ #
+ # Check for various PF actions.
+ #
+ { echo "$as_me:$LINENO: checking whether net/pfvar.h defines PF_NAT through PF_NORDR" >&5
+echo $ECHO_N "checking whether net/pfvar.h defines PF_NAT through PF_NORDR... $ECHO_C" >&6; }
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <net/if.h>
+ #include <net/pfvar.h>
+int
+main ()
+{
+return PF_NAT+PF_NONAT+PF_BINAT+PF_NOBINAT+PF_RDR+PF_NORDR;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_PF_NAT_THROUGH_PF_NORDR 1
+_ACEOF
+
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
for ac_header in netinet/if_ether.h
do
@@ -5622,6 +6227,26 @@ fi
{ echo "$as_me:$LINENO: result: ${enable_protochain}" >&5
echo "${ECHO_T}${enable_protochain}" >&6; }
+#
+# SITA support is mutually exclusive with native capture support;
+# "--with-sita" selects SITA support.
+#
+
+# Check whether --with-sita was given.
+if test "${with_sita+set}" = set; then
+ withval=$with_sita;
+
+cat >>confdefs.h <<\_ACEOF
+#define SITA 1
+_ACEOF
+
+ { echo "$as_me:$LINENO: Enabling SITA ACN support" >&5
+echo "$as_me: Enabling SITA ACN support" >&6;}
+ V_PCAP=sita
+ V_FINDALLDEVS=sita
+
+else
+
if test -z "$with_pcap" && test "$cross_compiling" = yes; then
{ { echo "$as_me:$LINENO: error: pcap type not determined when cross-compiling; use --with-pcap=..." >&5
echo "$as_me: error: pcap type not determined when cross-compiling; use --with-pcap=..." >&2;}
@@ -5682,6 +6307,829 @@ fi
{ echo "$as_me:$LINENO: result: $V_PCAP" >&5
echo "${ECHO_T}$V_PCAP" >&6; }
+#
+# Do capture-mechanism-dependent tests.
+#
+case "$V_PCAP" in
+dlpi)
+ #
+ # Checks to see if Solaris has the public libdlpi(3LIB) library.
+ # Note: The existence of /usr/include/libdlpi.h does not mean it is the
+ # public libdlpi(3LIB) version. Before libdlpi was made public, a
+ # private version also existed, which did not have the same APIs.
+ # Due to a gcc bug, the default search path for 32-bit libraries does
+ # not include /lib, we add it explicitly here.
+ # [http://bugs.opensolaris.org/view_bug.do?bug_id=6619485].
+ # Also, due to the bug above applications that link to libpcap with
+ # libdlpi will have to add "-L/lib" option to "configure".
+ #
+ saved_ldflags=$LDFLAGS
+ LDFLAGS="$LIBS -L/lib"
+ { echo "$as_me:$LINENO: checking for dlpi_walk in -ldlpi" >&5
+echo $ECHO_N "checking for dlpi_walk in -ldlpi... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dlpi_dlpi_walk+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldlpi $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlpi_walk ();
+int
+main ()
+{
+return dlpi_walk ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dlpi_dlpi_walk=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dlpi_dlpi_walk=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dlpi_dlpi_walk" >&5
+echo "${ECHO_T}$ac_cv_lib_dlpi_dlpi_walk" >&6; }
+if test $ac_cv_lib_dlpi_dlpi_walk = yes; then
+ LIBS="-ldlpi $LIBS"
+ V_PCAP=libdlpi
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LIBDLPI 1
+_ACEOF
+
+else
+ V_PCAP=dlpi
+fi
+
+ LDFLAGS=$saved_ldflags
+
+ #
+ # Checks whether <sys/dlpi.h> is usable, to catch weird SCO
+ # versions of DLPI.
+ #
+ { echo "$as_me:$LINENO: checking whether <sys/dlpi.h> is usable" >&5
+echo $ECHO_N "checking whether <sys/dlpi.h> is usable... $ECHO_C" >&6; }
+ if test "${ac_cv_sys_dlpi_usable+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <sys/dlpi.h>
+
+int
+main ()
+{
+int i = DL_PROMISC_PHYS;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_sys_dlpi_usable=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_sys_dlpi_usable=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { echo "$as_me:$LINENO: result: $ac_cv_sys_dlpi_usable" >&5
+echo "${ECHO_T}$ac_cv_sys_dlpi_usable" >&6; }
+ if test $ac_cv_sys_dlpi_usable = no ; then
+ { { echo "$as_me:$LINENO: error: <sys/dlpi.h> is not usable on this system; it probably has a non-standard DLPI" >&5
+echo "$as_me: error: <sys/dlpi.h> is not usable on this system; it probably has a non-standard DLPI" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+ #
+ # Check whether we have a /dev/dlpi device or have multiple devices.
+ #
+ { echo "$as_me:$LINENO: checking for /dev/dlpi device" >&5
+echo $ECHO_N "checking for /dev/dlpi device... $ECHO_C" >&6; }
+ if test -c /dev/dlpi ; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DEV_DLPI 1
+_ACEOF
+
+ else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ dir="/dev/dlpi"
+ { echo "$as_me:$LINENO: checking for $dir directory" >&5
+echo $ECHO_N "checking for $dir directory... $ECHO_C" >&6; }
+ if test -d $dir ; then
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define PCAP_DEV_PREFIX "$dir"
+_ACEOF
+
+ else
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ fi
+ fi
+
+ #
+ # This check is for Solaris with DLPI support for passive modes.
+ # See dlpi(7P) for more details.
+ #
+ { echo "$as_me:$LINENO: checking if dl_passive_req_t struct exists" >&5
+echo $ECHO_N "checking if dl_passive_req_t struct exists... $ECHO_C" >&6; }
+ if test "${ac_cv_lbl_has_dl_passive_req_t+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <sys/types.h>
+# include <sys/dlpi.h>
+int
+main ()
+{
+u_int i = sizeof(dl_passive_req_t)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_lbl_has_dl_passive_req_t=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lbl_has_dl_passive_req_t=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { echo "$as_me:$LINENO: result: $ac_cv_lbl_has_dl_passive_req_t" >&5
+echo "${ECHO_T}$ac_cv_lbl_has_dl_passive_req_t" >&6; }
+ if test $ac_cv_lbl_has_dl_passive_req_t = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DLPI_PASSIVE 1
+_ACEOF
+
+ fi
+ ;;
+
+linux)
+ { echo "$as_me:$LINENO: checking Linux kernel version" >&5
+echo $ECHO_N "checking Linux kernel version... $ECHO_C" >&6; }
+ if test "$cross_compiling" = yes; then
+ if test "${ac_cv_linux_vers+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_linux_vers=unknown
+fi
+
+ else
+ if test "${ac_cv_linux_vers+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_linux_vers=`uname -r 2>&1 | \
+ sed -n -e '$s/.* //' -e '$s/\..*//p'`
+fi
+
+ fi
+ { echo "$as_me:$LINENO: result: $ac_cv_linux_vers" >&5
+echo "${ECHO_T}$ac_cv_linux_vers" >&6; }
+ if test $ac_cv_linux_vers = unknown ; then
+ { { echo "$as_me:$LINENO: error: cannot determine linux version when cross-compiling" >&5
+echo "$as_me: error: cannot determine linux version when cross-compiling" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+ if test $ac_cv_linux_vers -lt 2 ; then
+ { { echo "$as_me:$LINENO: error: version 2 or higher required; see the INSTALL doc for more info" >&5
+echo "$as_me: error: version 2 or higher required; see the INSTALL doc for more info" >&2;}
+ { (exit 1); exit 1; }; }
+ fi
+
+for ac_header in linux/wireless.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+#include <sys/socket.h>
+#include <net/if.h>
+#include <linux/types.h>
+
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ eval "$as_ac_Header=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_Header=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ for ac_header in
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ { echo "$as_me:$LINENO: checking if if_packet.h has tpacket_stats defined" >&5
+echo $ECHO_N "checking if if_packet.h has tpacket_stats defined... $ECHO_C" >&6; }
+ if test "${ac_cv_lbl_tpacket_stats+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <linux/if_packet.h>
+int
+main ()
+{
+struct tpacket_stats stats
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_lbl_tpacket_stats=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lbl_tpacket_stats=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { echo "$as_me:$LINENO: result: $ac_cv_lbl_tpacket_stats" >&5
+echo "${ECHO_T}$ac_cv_lbl_tpacket_stats" >&6; }
+ if test $ac_cv_lbl_tpacket_stats = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_TPACKET_STATS 1
+_ACEOF
+
+ fi
+ { echo "$as_me:$LINENO: checking if tpacket_auxdata struct has tp_vlan_tci member" >&5
+echo $ECHO_N "checking if tpacket_auxdata struct has tp_vlan_tci member... $ECHO_C" >&6; }
+ if test "${ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+# include <linux/if_packet.h>
+int
+main ()
+{
+u_int i = sizeof(((struct tpacket_auxdata *)0)->tp_vlan_tci)
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { echo "$as_me:$LINENO: result: $ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci" >&5
+echo "${ECHO_T}$ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci" >&6; }
+ if test $ac_cv_lbl_linux_tpacket_auxdata_tp_vlan_tci = yes ; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI 1
+_ACEOF
+
+ fi
+ ;;
+
+bpf)
+ #
+ # Check whether we have the *BSD-style ioctls.
+ #
+
+for ac_header in net/if_media.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+ { echo "$as_me:$LINENO: checking whether the system supports zerocopy BPF" >&5
+echo $ECHO_N "checking whether the system supports zerocopy BPF... $ECHO_C" >&6; }
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/socket.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h>
+ #include <net/bpf.h>
+int
+main ()
+{
+return (BIOCROTZBUF + BPF_BUFMODE_ZBUF);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_ZEROCOPY_BPF 1
+_ACEOF
+
+
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+
+dag)
+ V_DEFS="$V_DEFS -DDAG_ONLY"
+ ;;
+
+septel)
+ V_DEFS="$V_DEFS -DSEPTEL_ONLY"
+ ;;
+
+null)
+ { echo "$as_me:$LINENO: WARNING: cannot determine packet capture interface" >&5
+echo "$as_me: WARNING: cannot determine packet capture interface" >&2;}
+ { echo "$as_me:$LINENO: WARNING: (see the INSTALL doc for more info)" >&5
+echo "$as_me: WARNING: (see the INSTALL doc for more info)" >&2;}
+ ;;
+esac
+
if test "$V_PCAP" = null
then
#
@@ -5940,142 +7388,7 @@ else
#
case "$V_PCAP" in
- dlpi)
- #
- # This might be Solaris 8 or later, with
- # SIOCGLIFCONF, or it might be some other OS
- # or some older version of Solaris, with
- # just SIOCGIFCONF.
- #
- { echo "$as_me:$LINENO: checking whether we have SIOCGLIFCONF" >&5
-echo $ECHO_N "checking whether we have SIOCGLIFCONF... $ECHO_C" >&6; }
- if test "${ac_cv_lbl_have_siocglifconf+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/param.h>
- #include <sys/file.h>
- #include <sys/ioctl.h>
- #include <sys/socket.h>
- #include <sys/sockio.h>
-int
-main ()
-{
-ioctl(0, SIOCGLIFCONF, (char *)0);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_have_siocglifconf=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lbl_have_siocglifconf=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
- { echo "$as_me:$LINENO: result: $ac_cv_lbl_have_siocglifconf" >&5
-echo "${ECHO_T}$ac_cv_lbl_have_siocglifconf" >&6; }
- if test $ac_cv_lbl_have_siocglifconf = yes ; then
- V_FINDALLDEVS=glifc
- else
- V_FINDALLDEVS=gifc
- fi
- ;;
-
- *)
- #
- # Assume we just have SIOCGIFCONF.
- # (XXX - on at least later Linux kernels, there's
- # another mechanism, and we should be using that
- # instead.)
- #
- V_FINDALLDEVS=gifc
- ;;
- esac
-fi
-
-fi
-
-{ echo "$as_me:$LINENO: checking if --enable-ipv6 option is specified" >&5
-echo $ECHO_N "checking if --enable-ipv6 option is specified... $ECHO_C" >&6; }
-# Check whether --enable-ipv6 was given.
-if test "${enable_ipv6+set}" = set; then
- enableval=$enable_ipv6;
-fi
-
-if test "$enable_ipv6" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define INET6 1
-_ACEOF
-
-fi
-{ echo "$as_me:$LINENO: result: ${enable_ipv6-no}" >&5
-echo "${ECHO_T}${enable_ipv6-no}" >&6; }
-
-{ echo "$as_me:$LINENO: checking whether to build optimizer debugging code" >&5
-echo $ECHO_N "checking whether to build optimizer debugging code... $ECHO_C" >&6; }
-# Check whether --enable-optimizer-dbg was given.
-if test "${enable_optimizer_dbg+set}" = set; then
- enableval=$enable_optimizer_dbg;
-fi
-
-if test "$enable_optimizer_dbg" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define BDEBUG 1
-_ACEOF
-
-fi
-{ echo "$as_me:$LINENO: result: ${enable_optimizer_dbg-no}" >&5
-echo "${ECHO_T}${enable_optimizer_dbg-no}" >&6; }
-
-{ echo "$as_me:$LINENO: checking whether to build parser debugging code" >&5
-echo $ECHO_N "checking whether to build parser debugging code... $ECHO_C" >&6; }
-# Check whether --enable-yydebug was given.
-if test "${enable_yydebug+set}" = set; then
- enableval=$enable_yydebug;
-fi
-
-if test "$enable_yydebug" = "yes"; then
-
-cat >>confdefs.h <<\_ACEOF
-#define YYDEBUG 1
-_ACEOF
-
-fi
-{ echo "$as_me:$LINENO: result: ${enable_yydebug-no}" >&5
-echo "${ECHO_T}${enable_yydebug-no}" >&6; }
-
-case "$V_PCAP" in
-
-dlpi)
+ dlpi|libdlpi)
for ac_header in sys/bufmod.h sys/dlpi_ext.h
@@ -6217,71 +7530,161 @@ fi
done
- { echo "$as_me:$LINENO: checking for /dev/dlpi device" >&5
-echo $ECHO_N "checking for /dev/dlpi device... $ECHO_C" >&6; }
- if test -c /dev/dlpi ; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_DEV_DLPI 1
+ #
+ # This might be Solaris 8 or later, with
+ # SIOCGLIFCONF, or it might be some other OS
+ # or some older version of Solaris, with
+ # just SIOCGIFCONF.
+ #
+ { echo "$as_me:$LINENO: checking whether we have SIOCGLIFCONF" >&5
+echo $ECHO_N "checking whether we have SIOCGLIFCONF... $ECHO_C" >&6; }
+ if test "${ac_cv_lbl_have_siocglifconf+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <sys/param.h>
+ #include <sys/file.h>
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+ #include <sys/sockio.h>
+int
+main ()
+{
+ioctl(0, SIOCGLIFCONF, (char *)0);
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_cv_lbl_have_siocglifconf=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
- else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
- dir="/dev/dlpi"
- { echo "$as_me:$LINENO: checking for $dir directory" >&5
-echo $ECHO_N "checking for $dir directory... $ECHO_C" >&6; }
- if test -d $dir ; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
+ ac_cv_lbl_have_siocglifconf=no
+fi
-cat >>confdefs.h <<_ACEOF
-#define PCAP_DEV_PREFIX "$dir"
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+ { echo "$as_me:$LINENO: result: $ac_cv_lbl_have_siocglifconf" >&5
+echo "${ECHO_T}$ac_cv_lbl_have_siocglifconf" >&6; }
+ if test $ac_cv_lbl_have_siocglifconf = yes ; then
+ V_FINDALLDEVS=glifc
+ else
+ V_FINDALLDEVS=gifc
+ fi
+ #
+ # Needed for common functions used by pcap-[dlpi,libdlpi].c
+ #
+ SSRC="dlpisubs.c"
+ ;;
+
+ *)
+ #
+ # Assume we just have SIOCGIFCONF.
+ # (XXX - on at least later Linux kernels, there's
+ # another mechanism, and we should be using that
+ # instead.)
+ #
+ V_FINDALLDEVS=gifc
+ ;;
+ esac
+fi
+
+fi
+
+fi
+
+
+{ echo "$as_me:$LINENO: checking for socklen_t" >&5
+echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
- else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
- fi
- fi
- ;;
+ #include <sys/types.h>
+ #include <sys/socket.h>
-linux)
- { echo "$as_me:$LINENO: checking Linux kernel version" >&5
-echo $ECHO_N "checking Linux kernel version... $ECHO_C" >&6; }
- if test "$cross_compiling" = yes; then
- if test "${ac_cv_linux_vers+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+int
+main ()
+{
+ socklen_t x;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ have_socklen_t=yes
else
- ac_cv_linux_vers=unknown
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ have_socklen_t=no
fi
- else
- if test "${ac_cv_linux_vers+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test "x$have_socklen_t" = "xyes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_SOCKLEN_T 1
+_ACEOF
+
+fi
+{ echo "$as_me:$LINENO: result: $have_socklen_t" >&5
+echo "${ECHO_T}$have_socklen_t" >&6; }
+
+# Check whether --enable-ipv6 was given.
+if test "${enable_ipv6+set}" = set; then
+ enableval=$enable_ipv6;
else
- ac_cv_linux_vers=`uname -r 2>&1 | \
- sed -n -e '$s/.* //' -e '$s/\..*//p'`
+ enable_ipv6=ifavailable
fi
- fi
- { echo "$as_me:$LINENO: result: $ac_cv_linux_vers" >&5
-echo "${ECHO_T}$ac_cv_linux_vers" >&6; }
- if test $ac_cv_linux_vers = unknown ; then
- { { echo "$as_me:$LINENO: error: cannot determine linux version when cross-compiling" >&5
-echo "$as_me: error: cannot determine linux version when cross-compiling" >&2;}
- { (exit 1); exit 1; }; }
- fi
- if test $ac_cv_linux_vers -lt 2 ; then
- { { echo "$as_me:$LINENO: error: version 2 or higher required; see the INSTALL doc for more info" >&5
-echo "$as_me: error: version 2 or higher required; see the INSTALL doc for more info" >&2;}
- { (exit 1); exit 1; }; }
- fi
- { echo "$as_me:$LINENO: checking if if_packet.h has tpacket_stats defined" >&5
-echo $ECHO_N "checking if if_packet.h has tpacket_stats defined... $ECHO_C" >&6; }
- if test "${ac_cv_lbl_tpacket_stats+set}" = set; then
+if test "$enable_ipv6" != "no"; then
+ { echo "$as_me:$LINENO: checking for getaddrinfo" >&5
+echo $ECHO_N "checking for getaddrinfo... $ECHO_C" >&6; }
+if test "${ac_cv_func_getaddrinfo+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
@@ -6290,24 +7693,53 @@ _ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+/* Define getaddrinfo to an innocuous variant, in case <limits.h> declares getaddrinfo.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define getaddrinfo innocuous_getaddrinfo
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char getaddrinfo (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef getaddrinfo
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getaddrinfo ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_getaddrinfo || defined __stub___getaddrinfo
+choke me
+#endif
-# include <linux/if_packet.h>
int
main ()
{
-struct tpacket_stats stats
+return getaddrinfo ();
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
+ (eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
@@ -6316,45 +7748,76 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_lbl_tpacket_stats=yes
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_func_getaddrinfo=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_lbl_tpacket_stats=no
+ ac_cv_func_getaddrinfo=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
fi
+{ echo "$as_me:$LINENO: result: $ac_cv_func_getaddrinfo" >&5
+echo "${ECHO_T}$ac_cv_func_getaddrinfo" >&6; }
+if test $ac_cv_func_getaddrinfo = yes; then
- { echo "$as_me:$LINENO: result: $ac_cv_lbl_tpacket_stats" >&5
-echo "${ECHO_T}$ac_cv_lbl_tpacket_stats" >&6; }
- if test $ac_cv_lbl_tpacket_stats = yes; then
cat >>confdefs.h <<\_ACEOF
-#define HAVE_TPACKET_STATS 1
+#define INET6 1
_ACEOF
- fi
- ;;
-dag)
- V_DEFS="$V_DEFS -DDAG_ONLY"
- ;;
+else
-septel)
- V_DEFS="$V_DEFS -DSEPTEL_ONLY"
- ;;
+ if test "$enable_ipv6" != "ifavailable"; then
+ { { echo "$as_me:$LINENO: error: --enable-ipv6 was given, but getaddrinfo isn't available
+See \`config.log' for more details." >&5
+echo "$as_me: error: --enable-ipv6 was given, but getaddrinfo isn't available
+See \`config.log' for more details." >&2;}
+ { (exit 1); exit 1; }; }
+ fi
-null)
- { echo "$as_me:$LINENO: WARNING: cannot determine packet capture interface" >&5
-echo "$as_me: WARNING: cannot determine packet capture interface" >&2;}
- { echo "$as_me:$LINENO: WARNING: (see the INSTALL doc for more info)" >&5
-echo "$as_me: WARNING: (see the INSTALL doc for more info)" >&2;}
- ;;
+fi
-esac
+fi
+
+{ echo "$as_me:$LINENO: checking whether to build optimizer debugging code" >&5
+echo $ECHO_N "checking whether to build optimizer debugging code... $ECHO_C" >&6; }
+# Check whether --enable-optimizer-dbg was given.
+if test "${enable_optimizer_dbg+set}" = set; then
+ enableval=$enable_optimizer_dbg;
+fi
+
+if test "$enable_optimizer_dbg" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define BDEBUG 1
+_ACEOF
+
+fi
+{ echo "$as_me:$LINENO: result: ${enable_optimizer_dbg-no}" >&5
+echo "${ECHO_T}${enable_optimizer_dbg-no}" >&6; }
+
+{ echo "$as_me:$LINENO: checking whether to build parser debugging code" >&5
+echo $ECHO_N "checking whether to build parser debugging code... $ECHO_C" >&6; }
+# Check whether --enable-yydebug was given.
+if test "${enable_yydebug+set}" = set; then
+ enableval=$enable_yydebug;
+fi
+
+if test "$enable_yydebug" = "yes"; then
+
+cat >>confdefs.h <<\_ACEOF
+#define YYDEBUG 1
+_ACEOF
+
+fi
+{ echo "$as_me:$LINENO: result: ${enable_yydebug-no}" >&5
+echo "${ECHO_T}${enable_yydebug-no}" >&6; }
{ echo "$as_me:$LINENO: checking whether we have /proc/net/dev" >&5
echo $ECHO_N "checking whether we have /proc/net/dev... $ECHO_C" >&6; }
@@ -6491,11 +7954,11 @@ echo $ECHO_N "checking dagapi.o... $ECHO_C" >&6; }
dagapi_obj=$dag_lib_dir/dagapi.o
elif test -r $dag_lib_dir/libdag.a; then
# 2.5.x.
- ar x $dag_lib_dir/libdag.a dagapi.o
+ ar x $dag_lib_dir/libdag.a dagapi.o 2>/dev/null
if test -r ./dagapi.o; then
dagapi_obj=./dagapi.o
else
- ar x $dag_lib_dir/libdag.a libdag_la-dagapi.o
+ ar x $dag_lib_dir/libdag.a libdag_la-dagapi.o 2>/dev/null
if test -r ./libdag_la-dagapi.o; then
dagapi_obj=./libdag_la-dagapi.o
fi
@@ -6525,11 +7988,11 @@ echo $ECHO_N "checking dagopts.o... $ECHO_C" >&6; }
dagopts_obj=$dag_lib_dir/dagopts.o
elif test -r $dag_lib_dir/libdag.a; then
# 2.5.x.
- ar x $dag_lib_dir/libdag.a dagopts.o
+ ar x $dag_lib_dir/libdag.a dagopts.o 2>/dev/null
if test -r ./dagopts.o; then
dagopts_obj=./dagopts.o
else
- ar x $dag_lib_dir/libdag.a libdag_la-dagopts.o
+ ar x $dag_lib_dir/libdag.a libdag_la-dagopts.o 2>/dev/null
if test -r ./libdag_la-dagopts.o; then
dagopts_obj=./libdag_la-dagopts.o
fi
@@ -6557,11 +8020,11 @@ echo $ECHO_N "checking dagreg.o... $ECHO_C" >&6; }
dagreg_obj=$dag_lib_dir/dagreg.o
elif test -r $dag_lib_dir/libdag.a; then
# Extract from libdag.a.
- ar x $dag_lib_dir/libdag.a dagreg.o
+ ar x $dag_lib_dir/libdag.a dagreg.o 2>/dev/null
if test -r ./dagreg.o; then
dagreg_obj=./dagreg.o
else
- ar x $dag_lib_dir/libdag.a libdag_la-dagreg.o
+ ar x $dag_lib_dir/libdag.a libdag_la-dagreg.o 2>/dev/null
if test -r ./libdag_la-dagreg.o; then
dagreg_obj=./libdag_la-dagreg.o
fi
@@ -6653,9 +8116,9 @@ fi
{ echo "$as_me:$LINENO: result: $ac_cv_lib_dag_dag_attach_stream" >&5
echo "${ECHO_T}$ac_cv_lib_dag_dag_attach_stream" >&6; }
if test $ac_cv_lib_dag_dag_attach_stream = yes; then
- dag_version="2.5.x"
+ dag_streams="1"
else
- dag_version="2.4.x"
+ dag_streams="0"
fi
{ echo "$as_me:$LINENO: checking for dag_get_erf_types in -ldag" >&5
@@ -6726,12 +8189,81 @@ cat >>confdefs.h <<\_ACEOF
#define HAVE_DAG_GET_ERF_TYPES 1
_ACEOF
+fi
+
+ { echo "$as_me:$LINENO: checking for dag_get_stream_erf_types in -ldag" >&5
+echo $ECHO_N "checking for dag_get_stream_erf_types in -ldag... $ECHO_C" >&6; }
+if test "${ac_cv_lib_dag_dag_get_stream_erf_types+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldag $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dag_get_stream_erf_types ();
+int
+main ()
+{
+return dag_get_stream_erf_types ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ ac_cv_lib_dag_dag_get_stream_erf_types=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_dag_dag_get_stream_erf_types=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_lib_dag_dag_get_stream_erf_types" >&5
+echo "${ECHO_T}$ac_cv_lib_dag_dag_get_stream_erf_types" >&6; }
+if test $ac_cv_lib_dag_dag_get_stream_erf_types = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DAG_GET_STREAM_ERF_TYPES 1
+_ACEOF
fi
LDFLAGS=$saved_ldflags
- if test "$dag_version" = 2.5.x; then
+ if test "$dag_streams" = 1; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_DAG_STREAMS_API 1
@@ -6740,14 +8272,6 @@ _ACEOF
DAGLIBS="-ldag"
fi
- # See if we can find a specific version string.
- { echo "$as_me:$LINENO: checking the DAG API version" >&5
-echo $ECHO_N "checking the DAG API version... $ECHO_C" >&6; }
- if test -r "$dag_root/VERSION"; then
- dag_version="`cat $dag_root/VERSION`"
- fi
- { echo "$as_me:$LINENO: result: $dag_version" >&5
-echo "${ECHO_T}$dag_version" >&6; }
cat >>confdefs.h <<\_ACEOF
#define HAVE_DAG_API 1
@@ -6755,7 +8279,12 @@ _ACEOF
fi
+{ echo "$as_me:$LINENO: checking whether we have the DAG API" >&5
+echo $ECHO_N "checking whether we have the DAG API... $ECHO_C" >&6; }
+
if test $ac_cv_lbl_dag_api = no; then
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
if test "$want_dag" = yes; then
# User wanted DAG support but we couldn't find it.
{ { echo "$as_me:$LINENO: error: DAG API requested, but not found at $dag_root: use --without-dag" >&5
@@ -6770,6 +8299,9 @@ echo "$as_me: error: DAG API requested, but not found at $dag_root: use --withou
echo "$as_me: error: Specifying the capture type as \"dag\" requires the DAG API to be present; use the --with-dag options to specify the location. (Try \"./configure --help\" for more information.)" >&2;}
{ (exit 1); exit 1; }; }
fi
+else
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
fi
@@ -7044,7 +8576,14 @@ echo "$as_me: error: Your operating system's lex is insufficient to compile
fi
fi
+#
+# Assume a.out/ELF convention for shared library names (".so"), and
+# V7/BSD convention for man pages (file formats in section 5,
+# miscellaneous info in section 7).
+#
DYEXT="so"
+MAN_FILE_FORMATS=5
+MAN_MISC_INFO=7
case "$host_os" in
aix*)
@@ -7053,6 +8592,15 @@ cat >>confdefs.h <<\_ACEOF
#define _SUN 1
_ACEOF
+
+ # We need "-lodm" and "-lcfg", as libpcap requires them on
+ # AIX.
+ DEPLIBS="-lodm -lcfg"
+ ;;
+
+darwin*)
+ DYEXT="dylib"
+ V_CCOPT="$V_CCOPT -fno-common"
;;
hpux9*)
@@ -7061,12 +8609,30 @@ cat >>confdefs.h <<\_ACEOF
#define HAVE_HPUX9 1
_ACEOF
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
hpux10.0*)
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
hpux10.1*)
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
hpux*)
@@ -7075,6 +8641,32 @@ cat >>confdefs.h <<\_ACEOF
#define HAVE_HPUX10_20_OR_LATER 1
_ACEOF
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
+ ;;
+
+irix*)
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
+ ;;
+
+linux*)
+ V_CCOPT="$V_CCOPT -fPIC"
+ ;;
+
+osf*)
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
sinix*)
@@ -7143,17 +8735,13 @@ cat >>confdefs.h <<\_ACEOF
#define HAVE_SOLARIS 1
_ACEOF
- ;;
-darwin*)
- DYEXT="dylib"
- V_CCOPT="$V_CCOPT -fno-common"
- ;;
-
-linux*)
- V_CCOPT="$V_CCOPT -fPIC"
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
-
esac
if test -n "$ac_tool_prefix"; then
@@ -7269,7 +8857,7 @@ rm -f os-proto.h
fi
fi
else
- case "$target_os" in
+ case "$host_os" in
irix6*)
V_CCOPT="$V_CCOPT -n32"
@@ -7279,7 +8867,7 @@ rm -f os-proto.h
;;
esac
fi
- os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'`
+ os=`echo $host_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'`
name="lbl/os-$os.h"
if test -f $name ; then
ln -s $name os-proto.h
@@ -7514,7 +9102,7 @@ else
# know it does work, and have the script just fail on other
# cpu types and update it when such a failure occurs.
#
- alpha*|arm*|hp*|mips*|sh*|sparc*|ia64|nv1)
+ alpha*|arm*|bfin*|hp*|mips*|sh*|sparc*|ia64|nv1)
ac_cv_lbl_unaligned_fail=yes
;;
@@ -7598,6 +9186,194 @@ ln -s ${srcdir}/bpf/net net
+
+
+{ echo "$as_me:$LINENO: checking for USB sniffing support" >&5
+echo $ECHO_N "checking for USB sniffing support... $ECHO_C" >&6; }
+case "$host_os" in
+linux*)
+
+cat >>confdefs.h <<\_ACEOF
+#define PCAP_SUPPORT_USB 1
+_ACEOF
+
+ USB_SRC=pcap-usb-linux.c
+ { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+ ac_usb_dev_name=`udevinfo -q name -p /sys/class/usb_device/usbmon 2>/dev/null`
+ if test $? -ne 0 ; then
+ ac_usb_dev_name="usbmon"
+ fi
+
+cat >>confdefs.h <<_ACEOF
+#define LINUX_USB_MON_DEV "/dev/$ac_usb_dev_name"
+_ACEOF
+
+ { echo "$as_me:$LINENO: Device for USB sniffing is /dev/$ac_usb_dev_name" >&5
+echo "$as_me: Device for USB sniffing is /dev/$ac_usb_dev_name" >&6;}
+ ;;
+*)
+ { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+ ;;
+esac
+
+
+
+case "$host_os" in
+linux*)
+ if test "${ac_cv_header_bluetooth_bluetooth_h+set}" = set; then
+ { echo "$as_me:$LINENO: checking for bluetooth/bluetooth.h" >&5
+echo $ECHO_N "checking for bluetooth/bluetooth.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_bluetooth_bluetooth_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_bluetooth_bluetooth_h" >&5
+echo "${ECHO_T}$ac_cv_header_bluetooth_bluetooth_h" >&6; }
+else
+ # Is the header compilable?
+{ echo "$as_me:$LINENO: checking bluetooth/bluetooth.h usability" >&5
+echo $ECHO_N "checking bluetooth/bluetooth.h usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <bluetooth/bluetooth.h>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking bluetooth/bluetooth.h presence" >&5
+echo $ECHO_N "checking bluetooth/bluetooth.h presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <bluetooth/bluetooth.h>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: present but cannot be compiled" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: present but cannot be compiled" >&2;}
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: check for missing prerequisite headers?" >&2;}
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: see the Autoconf documentation" >&2;}
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: section \"Present But Cannot Be Compiled\"" >&2;}
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: proceeding with the preprocessor's result" >&2;}
+ { echo "$as_me:$LINENO: WARNING: bluetooth/bluetooth.h: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: bluetooth/bluetooth.h: in the future, the compiler will take precedence" >&2;}
+
+ ;;
+esac
+{ echo "$as_me:$LINENO: checking for bluetooth/bluetooth.h" >&5
+echo $ECHO_N "checking for bluetooth/bluetooth.h... $ECHO_C" >&6; }
+if test "${ac_cv_header_bluetooth_bluetooth_h+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_cv_header_bluetooth_bluetooth_h=$ac_header_preproc
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_header_bluetooth_bluetooth_h" >&5
+echo "${ECHO_T}$ac_cv_header_bluetooth_bluetooth_h" >&6; }
+
+fi
+if test $ac_cv_header_bluetooth_bluetooth_h = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define PCAP_SUPPORT_BT 1
+_ACEOF
+
+ BT_SRC=pcap-bt-linux.c
+ { echo "$as_me:$LINENO: Bluetooth sniffing is supported" >&5
+echo "$as_me: Bluetooth sniffing is supported" >&6;}
+
+else
+ { echo "$as_me:$LINENO: Bluetooth sniffing is not supported; install bluez-lib devel to enable it" >&5
+echo "$as_me: Bluetooth sniffing is not supported; install bluez-lib devel to enable it" >&6;}
+
+fi
+
+
+ ;;
+*)
+ { echo "$as_me:$LINENO: no Bluetooth sniffing support" >&5
+echo "$as_me: no Bluetooth sniffing support" >&6;}
+ ;;
+esac
+
+
+
# Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
# incompatible versions:
@@ -7682,7 +9458,7 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
ac_config_headers="$ac_config_headers config.h"
-ac_config_files="$ac_config_files Makefile"
+ac_config_files="$ac_config_files Makefile pcap-filter.manmisc pcap-linktype.manmisc pcap-savefile.manfile pcap.3pcap pcap_compile.3pcap pcap_datalink.3pcap pcap_dump_open.3pcap pcap_list_datalinks.3pcap pcap_open_dead.3pcap pcap_open_offline.3pcap"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -8239,6 +10015,16 @@ do
case $ac_config_target in
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "pcap-filter.manmisc") CONFIG_FILES="$CONFIG_FILES pcap-filter.manmisc" ;;
+ "pcap-linktype.manmisc") CONFIG_FILES="$CONFIG_FILES pcap-linktype.manmisc" ;;
+ "pcap-savefile.manfile") CONFIG_FILES="$CONFIG_FILES pcap-savefile.manfile" ;;
+ "pcap.3pcap") CONFIG_FILES="$CONFIG_FILES pcap.3pcap" ;;
+ "pcap_compile.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_compile.3pcap" ;;
+ "pcap_datalink.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_datalink.3pcap" ;;
+ "pcap_dump_open.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_dump_open.3pcap" ;;
+ "pcap_list_datalinks.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_list_datalinks.3pcap" ;;
+ "pcap_open_dead.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_open_dead.3pcap" ;;
+ "pcap_open_offline.3pcap") CONFIG_FILES="$CONFIG_FILES pcap_open_offline.3pcap" ;;
*) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
@@ -8370,17 +10156,23 @@ V_INCLS!$V_INCLS$ac_delim
V_LIBS!$V_LIBS$ac_delim
V_PCAP!$V_PCAP$ac_delim
V_FINDALLDEVS!$V_FINDALLDEVS$ac_delim
-V_RANLIB!$V_RANLIB$ac_delim
SSRC!$SSRC$ac_delim
DYEXT!$DYEXT$ac_delim
DAGLIBS!$DAGLIBS$ac_delim
+DEPLIBS!$DEPLIBS$ac_delim
+MAN_FILE_FORMATS!$MAN_FILE_FORMATS$ac_delim
+MAN_MISC_INFO!$MAN_MISC_INFO$ac_delim
+PCAP_SUPPORT_USB!$PCAP_SUPPORT_USB$ac_delim
+USB_SRC!$USB_SRC$ac_delim
+PCAP_SUPPORT_BT!$PCAP_SUPPORT_BT$ac_delim
+BT_SRC!$BT_SRC$ac_delim
INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim
INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim
INSTALL_DATA!$INSTALL_DATA$ac_delim
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 78; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 84; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
diff --git a/configure.in b/configure.in
index 5cd8b148296d..7d123091333e 100755
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.120.2.13 2007/09/12 19:17:24 guy Exp $ (LBL)
+dnl @(#) $Header: /tcpdump/master/libpcap/configure.in,v 1.138.2.22 2008-10-24 07:30:18 guy Exp $ (LBL)
dnl
dnl Copyright (c) 1994, 1995, 1996, 1997
dnl The Regents of the University of California. All rights reserved.
@@ -6,7 +6,7 @@ dnl
dnl Process this file with autoconf to produce a configure script.
dnl
-AC_REVISION($Revision: 1.120.2.13 $)
+AC_REVISION($Revision: 1.138.2.22 $)
AC_PREREQ(2.50)
AC_INIT(pcap.c)
@@ -19,6 +19,13 @@ AC_C___ATTRIBUTE__
AC_LBL_CHECK_TYPE(u_int8_t, u_char)
AC_LBL_CHECK_TYPE(u_int16_t, u_short)
AC_LBL_CHECK_TYPE(u_int32_t, u_int)
+AC_LBL_CHECK_TYPE(u_int64_t, unsigned long long)
+
+#
+# Try to arrange for large file support.
+#
+AC_SYS_LARGEFILE
+AC_FUNC_FSEEKO
dnl
dnl libpcap doesn't itself use <sys/ioccom.h>; however, the test program
@@ -30,6 +37,24 @@ AC_CHECK_HEADERS(sys/ioccom.h sys/sockio.h limits.h paths.h)
AC_CHECK_HEADERS(net/pfvar.h, , , [#include <sys/types.h>
#include <sys/socket.h>
#include <net/if.h>])
+if test "$ac_cv_header_net_pfvar_h" = yes; then
+ #
+ # Check for various PF actions.
+ #
+ AC_MSG_CHECKING(whether net/pfvar.h defines PF_NAT through PF_NORDR)
+ AC_TRY_COMPILE(
+ [#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <net/if.h>
+ #include <net/pfvar.h>],
+ [return PF_NAT+PF_NONAT+PF_BINAT+PF_NOBINAT+PF_RDR+PF_NORDR;],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_PF_NAT_THROUGH_PF_NORDR, 1,
+ [define if net/pfvar.h defines PF_NAT through PF_NORDR])
+ ],
+ AC_MSG_RESULT(no))
+fi
AC_CHECK_HEADERS(netinet/if_ether.h, , , [#include <sys/types.h>
#include <sys/socket.h>])
if test "$ac_cv_header_netinet_if_ether_h" != yes; then
@@ -172,6 +197,18 @@ if test "$enable_protochain" = "disabled"; then
fi
AC_MSG_RESULT(${enable_protochain})
+#
+# SITA support is mutually exclusive with native capture support;
+# "--with-sita" selects SITA support.
+#
+AC_ARG_WITH(sita, [ --with-sita include SITA support],
+[
+ AC_DEFINE(SITA,1,[include ACN support])
+ AC_MSG_NOTICE(Enabling SITA ACN support)
+ V_PCAP=sita
+ V_FINDALLDEVS=sita
+],
+[
dnl
dnl Not all versions of test support -c (character special) but it's a
dnl better way of testing since the device might be protected. So we
@@ -227,6 +264,140 @@ else
fi
AC_MSG_RESULT($V_PCAP)
+#
+# Do capture-mechanism-dependent tests.
+#
+case "$V_PCAP" in
+dlpi)
+ #
+ # Checks to see if Solaris has the public libdlpi(3LIB) library.
+ # Note: The existence of /usr/include/libdlpi.h does not mean it is the
+ # public libdlpi(3LIB) version. Before libdlpi was made public, a
+ # private version also existed, which did not have the same APIs.
+ # Due to a gcc bug, the default search path for 32-bit libraries does
+ # not include /lib, we add it explicitly here.
+ # [http://bugs.opensolaris.org/view_bug.do?bug_id=6619485].
+ # Also, due to the bug above applications that link to libpcap with
+ # libdlpi will have to add "-L/lib" option to "configure".
+ #
+ saved_ldflags=$LDFLAGS
+ LDFLAGS="$LIBS -L/lib"
+ AC_CHECK_LIB(dlpi, dlpi_walk,
+ LIBS="-ldlpi $LIBS"
+ V_PCAP=libdlpi
+ AC_DEFINE(HAVE_LIBDLPI,1,[if libdlpi exists]),
+ V_PCAP=dlpi)
+ LDFLAGS=$saved_ldflags
+
+ #
+ # Checks whether <sys/dlpi.h> is usable, to catch weird SCO
+ # versions of DLPI.
+ #
+ AC_MSG_CHECKING(whether <sys/dlpi.h> is usable)
+ AC_CACHE_VAL(ac_cv_sys_dlpi_usable,
+ AC_TRY_COMPILE(
+ [
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <sys/dlpi.h>
+ ],
+ [int i = DL_PROMISC_PHYS;],
+ ac_cv_sys_dlpi_usable=yes,
+ ac_cv_sys_dlpi_usable=no))
+ AC_MSG_RESULT($ac_cv_sys_dlpi_usable)
+ if test $ac_cv_sys_dlpi_usable = no ; then
+ AC_MSG_ERROR(<sys/dlpi.h> is not usable on this system; it probably has a non-standard DLPI)
+ fi
+
+ #
+ # Check whether we have a /dev/dlpi device or have multiple devices.
+ #
+ AC_MSG_CHECKING(for /dev/dlpi device)
+ if test -c /dev/dlpi ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_DEV_DLPI, 1, [define if you have a /dev/dlpi])
+ else
+ AC_MSG_RESULT(no)
+ dir="/dev/dlpi"
+ AC_MSG_CHECKING(for $dir directory)
+ if test -d $dir ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE_UNQUOTED(PCAP_DEV_PREFIX, "$dir", [/dev/dlpi directory])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+
+ #
+ # This check is for Solaris with DLPI support for passive modes.
+ # See dlpi(7P) for more details.
+ #
+ AC_LBL_DL_PASSIVE_REQ_T
+ ;;
+
+linux)
+ AC_MSG_CHECKING(Linux kernel version)
+ if test "$cross_compiling" = yes; then
+ AC_CACHE_VAL(ac_cv_linux_vers,
+ ac_cv_linux_vers=unknown)
+ else
+ AC_CACHE_VAL(ac_cv_linux_vers,
+ ac_cv_linux_vers=`uname -r 2>&1 | \
+ sed -n -e '$s/.* //' -e '$s/\..*//p'`)
+ fi
+ AC_MSG_RESULT($ac_cv_linux_vers)
+ if test $ac_cv_linux_vers = unknown ; then
+ AC_MSG_ERROR(cannot determine linux version when cross-compiling)
+ fi
+ if test $ac_cv_linux_vers -lt 2 ; then
+ AC_MSG_ERROR(version 2 or higher required; see the INSTALL doc for more info)
+ fi
+ AC_CHECK_HEADERS(linux/wireless.h, [], [],
+ [
+#include <sys/socket.h>
+#include <net/if.h>
+#include <linux/types.h>
+ ])
+ AC_CHECK_HEADERS()
+ AC_LBL_TPACKET_STATS
+ AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI
+ ;;
+
+bpf)
+ #
+ # Check whether we have the *BSD-style ioctls.
+ #
+ AC_CHECK_HEADERS(net/if_media.h)
+
+ AC_MSG_CHECKING(whether the system supports zerocopy BPF)
+ AC_TRY_COMPILE(
+ [#include <sys/socket.h>
+ #include <sys/ioctl.h>
+ #include <net/if.h>
+ #include <net/bpf.h>],
+ [return (BIOCROTZBUF + BPF_BUFMODE_ZBUF);],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_ZEROCOPY_BPF, 1,
+ [define if the system supports zerocopy BPF])
+ ],
+ AC_MSG_RESULT(no))
+ ;;
+
+dag)
+ V_DEFS="$V_DEFS -DDAG_ONLY"
+ ;;
+
+septel)
+ V_DEFS="$V_DEFS -DSEPTEL_ONLY"
+ ;;
+
+null)
+ AC_MSG_WARN(cannot determine packet capture interface)
+ AC_MSG_WARN((see the INSTALL doc for more info))
+ ;;
+esac
+
dnl
dnl Now figure out how we get a list of interfaces and addresses,
dnl if we support capturing. Don't bother if we don't support
@@ -273,7 +444,8 @@ else
#
case "$V_PCAP" in
- dlpi)
+ dlpi|libdlpi)
+ AC_CHECK_HEADERS(sys/bufmod.h sys/dlpi_ext.h)
#
# This might be Solaris 8 or later, with
# SIOCGLIFCONF, or it might be some other OS
@@ -297,6 +469,10 @@ else
else
V_FINDALLDEVS=gifc
fi
+ #
+ # Needed for common functions used by pcap-[dlpi,libdlpi].c
+ #
+ SSRC="dlpisubs.c"
;;
*)
@@ -310,13 +486,35 @@ else
;;
esac])
fi
+])
-AC_MSG_CHECKING(if --enable-ipv6 option is specified)
-AC_ARG_ENABLE(ipv6, [ --enable-ipv6 build IPv6-capable version])
-if test "$enable_ipv6" = "yes"; then
- AC_DEFINE(INET6,1,[IPv6])
+AC_MSG_CHECKING(for socklen_t)
+AC_TRY_COMPILE([
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ ],
+ [ socklen_t x; ],
+ have_socklen_t=yes,
+ have_socklen_t=no)
+if test "x$have_socklen_t" = "xyes"; then
+ AC_DEFINE(HAVE_SOCKLEN_T, 1, [define if socklen_t is defined])
+fi
+AC_MSG_RESULT($have_socklen_t)
+
+AC_ARG_ENABLE(ipv6, [ --enable-ipv6 build IPv6-capable version @<:@default=yes, if getaddrinfo available@:>@],
+ [],
+ [enable_ipv6=ifavailable])
+if test "$enable_ipv6" != "no"; then
+ AC_CHECK_FUNC(getaddrinfo,
+ [
+ AC_DEFINE(INET6,1,[IPv6])
+ ],
+ [
+ if test "$enable_ipv6" != "ifavailable"; then
+ AC_MSG_FAILURE([--enable-ipv6 was given, but getaddrinfo isn't available])
+ fi
+ ])
fi
-AC_MSG_RESULT(${enable_ipv6-no})
AC_MSG_CHECKING(whether to build optimizer debugging code)
AC_ARG_ENABLE(optimizer-dbg, [ --enable-optimizer-dbg build optimizer debugging code])
@@ -332,62 +530,6 @@ if test "$enable_yydebug" = "yes"; then
fi
AC_MSG_RESULT(${enable_yydebug-no})
-case "$V_PCAP" in
-
-dlpi)
- AC_CHECK_HEADERS(sys/bufmod.h sys/dlpi_ext.h)
- AC_MSG_CHECKING(for /dev/dlpi device)
- if test -c /dev/dlpi ; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_DEV_DLPI, 1, [define if you have a /dev/dlpi])
- else
- AC_MSG_RESULT(no)
- dir="/dev/dlpi"
- AC_MSG_CHECKING(for $dir directory)
- if test -d $dir ; then
- AC_MSG_RESULT(yes)
- AC_DEFINE_UNQUOTED(PCAP_DEV_PREFIX, "$dir", [/dev/dlpi directory])
- else
- AC_MSG_RESULT(no)
- fi
- fi
- ;;
-
-linux)
- AC_MSG_CHECKING(Linux kernel version)
- if test "$cross_compiling" = yes; then
- AC_CACHE_VAL(ac_cv_linux_vers,
- ac_cv_linux_vers=unknown)
- else
- AC_CACHE_VAL(ac_cv_linux_vers,
- ac_cv_linux_vers=`uname -r 2>&1 | \
- sed -n -e '$s/.* //' -e '$s/\..*//p'`)
- fi
- AC_MSG_RESULT($ac_cv_linux_vers)
- if test $ac_cv_linux_vers = unknown ; then
- AC_MSG_ERROR(cannot determine linux version when cross-compiling)
- fi
- if test $ac_cv_linux_vers -lt 2 ; then
- AC_MSG_ERROR(version 2 or higher required; see the INSTALL doc for more info)
- fi
- AC_LBL_TPACKET_STATS
- ;;
-
-dag)
- V_DEFS="$V_DEFS -DDAG_ONLY"
- ;;
-
-septel)
- V_DEFS="$V_DEFS -DSEPTEL_ONLY"
- ;;
-
-null)
- AC_MSG_WARN(cannot determine packet capture interface)
- AC_MSG_WARN((see the INSTALL doc for more info))
- ;;
-
-esac
-
AC_MSG_CHECKING(whether we have /proc/net/dev)
if test -r /proc/net/dev ; then
ac_cv_lbl_proc_net_dev=yes
@@ -498,11 +640,11 @@ if test $ac_cv_lbl_dag_api = yes; then
dagapi_obj=$dag_lib_dir/dagapi.o
elif test -r $dag_lib_dir/libdag.a; then
# 2.5.x.
- ar x $dag_lib_dir/libdag.a dagapi.o
+ ar x $dag_lib_dir/libdag.a dagapi.o 2>/dev/null
if test -r ./dagapi.o; then
dagapi_obj=./dagapi.o
else
- ar x $dag_lib_dir/libdag.a libdag_la-dagapi.o
+ ar x $dag_lib_dir/libdag.a libdag_la-dagapi.o 2>/dev/null
if test -r ./libdag_la-dagapi.o; then
dagapi_obj=./libdag_la-dagapi.o
fi
@@ -529,11 +671,11 @@ if test $ac_cv_lbl_dag_api = yes; then
dagopts_obj=$dag_lib_dir/dagopts.o
elif test -r $dag_lib_dir/libdag.a; then
# 2.5.x.
- ar x $dag_lib_dir/libdag.a dagopts.o
+ ar x $dag_lib_dir/libdag.a dagopts.o 2>/dev/null
if test -r ./dagopts.o; then
dagopts_obj=./dagopts.o
else
- ar x $dag_lib_dir/libdag.a libdag_la-dagopts.o
+ ar x $dag_lib_dir/libdag.a libdag_la-dagopts.o 2>/dev/null
if test -r ./libdag_la-dagopts.o; then
dagopts_obj=./libdag_la-dagopts.o
fi
@@ -558,11 +700,11 @@ if test $ac_cv_lbl_dag_api = yes; then
dagreg_obj=$dag_lib_dir/dagreg.o
elif test -r $dag_lib_dir/libdag.a; then
# Extract from libdag.a.
- ar x $dag_lib_dir/libdag.a dagreg.o
+ ar x $dag_lib_dir/libdag.a dagreg.o 2>/dev/null
if test -r ./dagreg.o; then
dagreg_obj=./dagreg.o
else
- ar x $dag_lib_dir/libdag.a libdag_la-dagreg.o
+ ar x $dag_lib_dir/libdag.a libdag_la-dagreg.o 2>/dev/null
if test -r ./libdag_la-dagreg.o; then
dagreg_obj=./libdag_la-dagreg.o
fi
@@ -590,27 +732,25 @@ if test $ac_cv_lbl_dag_api = yes; then
# included if there's a found-action (arg 3).
saved_ldflags=$LDFLAGS
LDFLAGS="-L$dag_lib_dir"
- AC_CHECK_LIB([dag], [dag_attach_stream], [dag_version="2.5.x"], [dag_version="2.4.x"])
+ AC_CHECK_LIB([dag], [dag_attach_stream], [dag_streams="1"], [dag_streams="0"])
AC_CHECK_LIB([dag],[dag_get_erf_types], [
- AC_DEFINE(HAVE_DAG_GET_ERF_TYPES, 1, [define if you have dag_get_erf_types()])]
- )
+ AC_DEFINE(HAVE_DAG_GET_ERF_TYPES, 1, [define if you have dag_get_erf_types()])])
+ AC_CHECK_LIB([dag],[dag_get_stream_erf_types], [
+ AC_DEFINE(HAVE_DAG_GET_STREAM_ERF_TYPES, 1, [define if you have dag_get_stream_erf_types()])])
LDFLAGS=$saved_ldflags
- if test "$dag_version" = 2.5.x; then
+ if test "$dag_streams" = 1; then
AC_DEFINE(HAVE_DAG_STREAMS_API, 1, [define if you have streams capable DAG API])
DAGLIBS="-ldag"
fi
- # See if we can find a specific version string.
- AC_MSG_CHECKING([the DAG API version])
- if test -r "$dag_root/VERSION"; then
- dag_version="`cat $dag_root/VERSION`"
- fi
- AC_MSG_RESULT([$dag_version])
AC_DEFINE(HAVE_DAG_API, 1, [define if you have the DAG API])
fi
+AC_MSG_CHECKING(whether we have the DAG API)
+
if test $ac_cv_lbl_dag_api = no; then
+ AC_MSG_RESULT(no)
if test "$want_dag" = yes; then
# User wanted DAG support but we couldn't find it.
AC_MSG_ERROR([DAG API requested, but not found at $dag_root: use --without-dag])
@@ -621,6 +761,8 @@ if test $ac_cv_lbl_dag_api = no; then
# found.
AC_MSG_ERROR([Specifying the capture type as "dag" requires the DAG API to be present; use the --with-dag options to specify the location. (Try "./configure --help" for more information.)])
fi
+else
+ AC_MSG_RESULT(yes)
fi
AC_ARG_WITH(septel, [ --with-septel[[=DIR]] include Septel support (located in directory DIR, if supplied). [default=yes, on Linux, if present]],
@@ -724,22 +866,56 @@ if test "$V_LEX" = lex ; then
fi
fi
+#
+# Assume a.out/ELF convention for shared library names (".so"), and
+# V7/BSD convention for man pages (file formats in section 5,
+# miscellaneous info in section 7).
+#
DYEXT="so"
+MAN_FILE_FORMATS=5
+MAN_MISC_INFO=7
case "$host_os" in
aix*)
dnl Workaround to enable certain features
AC_DEFINE(_SUN,1,[define on AIX to get certain functions])
+
+ # We need "-lodm" and "-lcfg", as libpcap requires them on
+ # AIX.
+ DEPLIBS="-lodm -lcfg"
+ ;;
+
+darwin*)
+ DYEXT="dylib"
+ V_CCOPT="$V_CCOPT -fno-common"
;;
hpux9*)
AC_DEFINE(HAVE_HPUX9,1,[on HP-UX 9.x])
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
hpux10.0*)
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
hpux10.1*)
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
hpux*)
@@ -750,6 +926,32 @@ hpux*)
dnl for 32-bit PA-RISC, but should be left as "so" for
dnl 64-bit PA-RISC or, I suspect, IA-64.
AC_DEFINE(HAVE_HPUX10_20_OR_LATER,1,[on HP-UX 10.20 or later])
+
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
+ ;;
+
+irix*)
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
+ ;;
+
+linux*)
+ V_CCOPT="$V_CCOPT -fPIC"
+ ;;
+
+osf*)
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
sinix*)
@@ -768,17 +970,13 @@ sinix*)
solaris*)
AC_DEFINE(HAVE_SOLARIS,1,[On solaris])
- ;;
-darwin*)
- DYEXT="dylib"
- V_CCOPT="$V_CCOPT -fno-common"
- ;;
-
-linux*)
- V_CCOPT="$V_CCOPT -fPIC"
+ #
+ # Use System V conventions for man pages.
+ #
+ MAN_FILE_FORMATS=4
+ MAN_MISC_INFO=5
;;
-
esac
AC_PROG_RANLIB
@@ -809,17 +1007,63 @@ AC_SUBST(V_LIBS)
AC_SUBST(V_LEX)
AC_SUBST(V_PCAP)
AC_SUBST(V_FINDALLDEVS)
-AC_SUBST(V_RANLIB)
AC_SUBST(V_YACC)
AC_SUBST(SSRC)
AC_SUBST(DYEXT)
AC_SUBST(DAGLIBS)
+AC_SUBST(DEPLIBS)
+AC_SUBST(MAN_FILE_FORMATS)
+AC_SUBST(MAN_MISC_INFO)
+
+dnl check for USB sniffing support
+AC_MSG_CHECKING(for USB sniffing support)
+case "$host_os" in
+linux*)
+ AC_DEFINE(PCAP_SUPPORT_USB, 1, [target host supports USB sniffing])
+ USB_SRC=pcap-usb-linux.c
+ AC_MSG_RESULT(yes)
+ ac_usb_dev_name=`udevinfo -q name -p /sys/class/usb_device/usbmon 2>/dev/null`
+ if test $? -ne 0 ; then
+ ac_usb_dev_name="usbmon"
+ fi
+ AC_DEFINE_UNQUOTED(LINUX_USB_MON_DEV, "/dev/$ac_usb_dev_name", [path for device for USB sniffing])
+ AC_MSG_NOTICE(Device for USB sniffing is /dev/$ac_usb_dev_name)
+ ;;
+*)
+ AC_MSG_RESULT(no)
+ ;;
+esac
+AC_SUBST(PCAP_SUPPORT_USB)
+AC_SUBST(USB_SRC)
+
+dnl check for bluetooth sniffing support
+case "$host_os" in
+linux*)
+ AC_CHECK_HEADER(bluetooth/bluetooth.h,
+ [
+ AC_DEFINE(PCAP_SUPPORT_BT, 1, [target host supports Bluetooth sniffing])
+ BT_SRC=pcap-bt-linux.c
+ AC_MSG_NOTICE(Bluetooth sniffing is supported)
+ ],
+ AC_MSG_NOTICE(Bluetooth sniffing is not supported; install bluez-lib devel to enable it)
+ )
+ ;;
+*)
+ AC_MSG_NOTICE(no Bluetooth sniffing support)
+ ;;
+esac
+AC_SUBST(PCAP_SUPPORT_BT)
+AC_SUBST(BT_SRC)
AC_PROG_INSTALL
AC_CONFIG_HEADER(config.h)
-AC_OUTPUT(Makefile)
+AC_OUTPUT(Makefile pcap-filter.manmisc pcap-linktype.manmisc
+ pcap-savefile.manfile pcap.3pcap pcap_compile.3pcap
+ pcap_datalink.3pcap pcap_dump_open.3pcap
+ pcap_list_datalinks.3pcap pcap_open_dead.3pcap
+ pcap_open_offline.3pcap)
if test -f .devel ; then
make depend
diff --git a/dlpisubs.c b/dlpisubs.c
new file mode 100644
index 000000000000..441b8c04797e
--- /dev/null
+++ b/dlpisubs.c
@@ -0,0 +1,349 @@
+/*
+ * This code is derived from code formerly in pcap-dlpi.c, originally
+ * contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), University College
+ * London, and subsequently modified by Guy Harris (guy@alum.mit.edu),
+ * Mark Pizzolato <List-tcpdump-workers@subscriptions.pizzolato.net>,
+ * Mark C. Brown (mbrown@hp.com), and Sagun Shakya <Sagun.Shakya@Sun.COM>.
+ */
+
+/*
+ * This file contains dlpi/libdlpi related common functions used
+ * by pcap-[dlpi,libdlpi].c.
+ */
+#ifndef lint
+static const char rcsid[] _U_ =
+ "@(#) $Header: /tcpdump/master/libpcap/dlpisubs.c,v 1.1.2.2 2008-04-04 19:39:05 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef HAVE_SYS_BUFMOD_H
+ /*
+ * Size of a bufmod chunk to pass upstream; that appears to be the
+ * biggest value to which you can set it, and setting it to that value
+ * (which is bigger than what appears to be the Solaris default of 8192)
+ * reduces the number of packet drops.
+ */
+#define CHUNKSIZE 65536
+
+ /*
+ * Size of the buffer to allocate for packet data we read; it must be
+ * large enough to hold a chunk.
+ */
+#define PKTBUFSIZE CHUNKSIZE
+
+#else /* HAVE_SYS_BUFMOD_H */
+
+ /*
+ * Size of the buffer to allocate for packet data we read; this is
+ * what the value used to be - there's no particular reason why it
+ * should be tied to MAXDLBUF, but we'll leave it as this for now.
+ */
+#define PKTBUFSIZE (MAXDLBUF * sizeof(bpf_u_int32))
+
+#endif
+
+#include <sys/types.h>
+#include <sys/time.h>
+#ifdef HAVE_SYS_BUFMOD_H
+#include <sys/bufmod.h>
+#endif
+#include <sys/dlpi.h>
+#include <sys/stream.h>
+
+#include <errno.h>
+#include <memory.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stropts.h>
+#include <unistd.h>
+
+#include "pcap-int.h"
+#include "dlpisubs.h"
+
+static void pcap_stream_err(const char *, int, char *);
+
+/*
+ * Get the packet statistics.
+ */
+int
+pcap_stats_dlpi(pcap_t *p, struct pcap_stat *ps)
+{
+
+ /*
+ * "ps_recv" counts packets handed to the filter, not packets
+ * that passed the filter. As filtering is done in userland,
+ * this would not include packets dropped because we ran out
+ * of buffer space; in order to make this more like other
+ * platforms (Linux 2.4 and later, BSDs with BPF), where the
+ * "packets received" count includes packets received but dropped
+ * due to running out of buffer space, and to keep from confusing
+ * applications that, for example, compute packet drop percentages,
+ * we also make it count packets dropped by "bufmod" (otherwise we
+ * might run the risk of the packet drop count being bigger than
+ * the received-packet count).
+ *
+ * "ps_drop" counts packets dropped by "bufmod" because of
+ * flow control requirements or resource exhaustion; it doesn't
+ * count packets dropped by the interface driver, or packets
+ * dropped upstream. As filtering is done in userland, it counts
+ * packets regardless of whether they would've passed the filter.
+ *
+ * These statistics don't include packets not yet read from
+ * the kernel by libpcap, but they may include packets not
+ * yet read from libpcap by the application.
+ */
+ *ps = p->md.stat;
+
+ /*
+ * Add in the drop count, as per the above comment.
+ */
+ ps->ps_recv += ps->ps_drop;
+ return (0);
+}
+
+/*
+ * Loop through the packets and call the callback for each packet.
+ * Return the number of packets read.
+ */
+int
+pcap_process_pkts(pcap_t *p, pcap_handler callback, u_char *user,
+ int count, u_char *bufp, int len)
+{
+ int n, caplen, origlen;
+ u_char *ep, *pk;
+ struct pcap_pkthdr pkthdr;
+#ifdef HAVE_SYS_BUFMOD_H
+ struct sb_hdr *sbp;
+#ifdef LBL_ALIGN
+ struct sb_hdr sbhdr;
+#endif
+#endif
+
+ /* Loop through packets */
+ ep = bufp + len;
+ n = 0;
+
+#ifdef HAVE_SYS_BUFMOD_H
+ while (bufp < ep) {
+ /*
+ * Has "pcap_breakloop()" been called?
+ * If so, return immediately - if we haven't read any
+ * packets, clear the flag and return -2 to indicate
+ * that we were told to break out of the loop, otherwise
+ * leave the flag set, so that the *next* call will break
+ * out of the loop without having read any packets, and
+ * return the number of packets we've processed so far.
+ */
+ if (p->break_loop) {
+ if (n == 0) {
+ p->break_loop = 0;
+ return (-2);
+ } else {
+ p->bp = bufp;
+ p->cc = ep - bufp;
+ return (n);
+ }
+ }
+#ifdef LBL_ALIGN
+ if ((long)bufp & 3) {
+ sbp = &sbhdr;
+ memcpy(sbp, bufp, sizeof(*sbp));
+ } else
+#endif
+ sbp = (struct sb_hdr *)bufp;
+ p->md.stat.ps_drop = sbp->sbh_drops;
+ pk = bufp + sizeof(*sbp);
+ bufp += sbp->sbh_totlen;
+ origlen = sbp->sbh_origlen;
+ caplen = sbp->sbh_msglen;
+#else
+ origlen = len;
+ caplen = min(p->snapshot, len);
+ pk = bufp;
+ bufp += caplen;
+#endif
+ ++p->md.stat.ps_recv;
+ if (bpf_filter(p->fcode.bf_insns, pk, origlen, caplen)) {
+#ifdef HAVE_SYS_BUFMOD_H
+ pkthdr.ts.tv_sec = sbp->sbh_timestamp.tv_sec;
+ pkthdr.ts.tv_usec = sbp->sbh_timestamp.tv_usec;
+#else
+ (void) gettimeofday(&pkthdr.ts, NULL);
+#endif
+ pkthdr.len = origlen;
+ pkthdr.caplen = caplen;
+ /* Insure caplen does not exceed snapshot */
+ if (pkthdr.caplen > p->snapshot)
+ pkthdr.caplen = p->snapshot;
+ (*callback)(user, &pkthdr, pk);
+ if (++n >= count && count >= 0) {
+ p->cc = ep - bufp;
+ p->bp = bufp;
+ return (n);
+ }
+ }
+#ifdef HAVE_SYS_BUFMOD_H
+ }
+#endif
+ p->cc = 0;
+ return (n);
+}
+
+/*
+ * Process the mac type. Returns -1 if no matching mac type found, otherwise 0.
+ */
+int
+pcap_process_mactype(pcap_t *p, u_int mactype)
+{
+ int retv = 0;
+
+ switch (mactype) {
+
+ case DL_CSMACD:
+ case DL_ETHER:
+ p->linktype = DLT_EN10MB;
+ p->offset = 2;
+ /*
+ * This is (presumably) a real Ethernet capture; give it a
+ * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
+ * that an application can let you choose it, in case you're
+ * capturing DOCSIS traffic that a Cisco Cable Modem
+ * Termination System is putting out onto an Ethernet (it
+ * doesn't put an Ethernet header onto the wire, it puts raw
+ * DOCSIS frames out on the wire inside the low-level
+ * Ethernet framing).
+ */
+ p->dlt_list = (u_int *)malloc(sizeof(u_int) * 2);
+ /*
+ * If that fails, just leave the list empty.
+ */
+ if (p->dlt_list != NULL) {
+ p->dlt_list[0] = DLT_EN10MB;
+ p->dlt_list[1] = DLT_DOCSIS;
+ p->dlt_count = 2;
+ }
+ break;
+
+ case DL_FDDI:
+ p->linktype = DLT_FDDI;
+ p->offset = 3;
+ break;
+
+ case DL_TPR:
+ /* XXX - what about DL_TPB? Is that Token Bus? */
+ p->linktype = DLT_IEEE802;
+ p->offset = 2;
+ break;
+
+#ifdef HAVE_SOLARIS
+ case DL_IPATM:
+ p->linktype = DLT_SUNATM;
+ p->offset = 0; /* works for LANE and LLC encapsulation */
+ break;
+#endif
+
+ default:
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "unknown mactype %u",
+ mactype);
+ retv = -1;
+ }
+
+ return (retv);
+}
+
+#ifdef HAVE_SYS_BUFMOD_H
+/*
+ * Push and configure the buffer module. Returns -1 for error, otherwise 0.
+ */
+int
+pcap_conf_bufmod(pcap_t *p, int snaplen, int timeout)
+{
+ int retv = 0;
+
+ bpf_u_int32 ss, chunksize;
+
+ /* Non-standard call to get the data nicely buffered. */
+ if (ioctl(p->fd, I_PUSH, "bufmod") != 0) {
+ pcap_stream_err("I_PUSH bufmod", errno, p->errbuf);
+ retv = -1;
+ }
+
+ ss = snaplen;
+ if (ss > 0 &&
+ strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) {
+ pcap_stream_err("SBIOCSSNAP", errno, p->errbuf);
+ retv = -1;
+ }
+
+ /* Set up the bufmod timeout. */
+ if (timeout != 0) {
+ struct timeval to;
+
+ to.tv_sec = timeout / 1000;
+ to.tv_usec = (timeout * 1000) % 1000000;
+ if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) {
+ pcap_stream_err("SBIOCSTIME", errno, p->errbuf);
+ retv = -1;
+ }
+ }
+
+ /* Set the chunk length. */
+ chunksize = CHUNKSIZE;
+ if (strioctl(p->fd, SBIOCSCHUNK, sizeof(chunksize), (char *)&chunksize)
+ != 0) {
+ pcap_stream_err("SBIOCSCHUNKP", errno, p->errbuf);
+ retv = -1;
+ }
+
+ return (retv);
+}
+#endif /* HAVE_SYS_BUFMOD_H */
+
+/*
+ * Allocate data buffer. Returns -1 if memory allocation fails, else 0.
+ */
+int
+pcap_alloc_databuf(pcap_t *p)
+{
+ p->bufsize = PKTBUFSIZE;
+ p->buffer = (u_char *)malloc(p->bufsize + p->offset);
+ if (p->buffer == NULL) {
+ strlcpy(p->errbuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
+ return (-1);
+ }
+
+ return (0);
+}
+
+/*
+ * Issue a STREAMS I_STR ioctl. Returns -1 on error, otherwise
+ * length of returned data on success.
+ */
+int
+strioctl(int fd, int cmd, int len, char *dp)
+{
+ struct strioctl str;
+ int retv;
+
+ str.ic_cmd = cmd;
+ str.ic_timout = -1;
+ str.ic_len = len;
+ str.ic_dp = dp;
+ if ((retv = ioctl(fd, I_STR, &str)) < 0)
+ return (retv);
+
+ return (str.ic_len);
+}
+
+/*
+ * Write stream error message to errbuf.
+ */
+static void
+pcap_stream_err(const char *func, int err, char *errbuf)
+{
+ snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", func, pcap_strerror(err));
+}
diff --git a/dlpisubs.h b/dlpisubs.h
new file mode 100644
index 000000000000..67acd292f400
--- /dev/null
+++ b/dlpisubs.h
@@ -0,0 +1,28 @@
+/*
+ * @(#) $Header: /tcpdump/master/libpcap/dlpisubs.h,v 1.1.2.2 2008-04-04 19:39:05 guy Exp $
+ */
+
+#ifndef dlpisubs_h
+#define dlpisubs_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Functions used by dlpisubs.c.
+ */
+int pcap_stats_dlpi(pcap_t *, struct pcap_stat *);
+int pcap_process_pkts(pcap_t *, pcap_handler, u_char *, int, u_char *, int);
+int pcap_process_mactype(pcap_t *, u_int);
+#ifdef HAVE_SYS_BUFMOD_H
+int pcap_conf_bufmod(pcap_t *, int, int);
+#endif
+int pcap_alloc_databuf(pcap_t *);
+int strioctl(int, int, int, char *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/doc/pcap.html b/doc/pcap.html
deleted file mode 100644
index 94e351400ff0..000000000000
--- a/doc/pcap.html
+++ /dev/null
@@ -1,997 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html lang="en"><head><title>PCAP New Generation Dump File Format</title>
-<meta name="description" content="PCAP New Generation Dump File Format">
-<meta name="keywords" content="Internet-Draft, Libpcap, dump file format">
-<meta name="generator" content="xml2rfc v1.22 (http://xml.resource.org/)">
-<style type='text/css'>
-<!--
- body {
- font-family: verdana, charcoal, helvetica, arial, sans-serif;
- font-size: small ; color: #000000 ; background-color: #ffffff ; }
- .title { color: #990000; font-size: x-large ;
- font-weight: bold; text-align: right;
- font-family: helvetica, monaco, "MS Sans Serif", arial, sans-serif;
- background-color: transparent; }
- .filename { color: #666666; font-size: 18px; line-height: 28px;
- font-weight: bold; text-align: right;
- font-family: helvetica, arial, sans-serif;
- background-color: transparent; }
- td.rfcbug { background-color: #000000 ; width: 30px ; height: 30px ;
- text-align: justify; vertical-align: middle ; padding-top: 2px ; }
- td.rfcbug span.RFC { color: #666666; font-weight: bold; text-decoration: none;
- background-color: #000000 ;
- font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
- font-size: x-small ; }
- td.rfcbug span.hotText { color: #ffffff; font-weight: normal; text-decoration: none;
- text-align: center ;
- font-family: charcoal, monaco, geneva, "MS Sans Serif", helvetica, verdana, sans-serif;
- font-size: x-small ; background-color: #000000; }
-
- A { font-weight: bold; }
- A:link { color: #990000; background-color: transparent ; }
- A:visited { color: #333333; background-color: transparent ; }
- A:active { color: #333333; background-color: transparent ; }
-
- p { margin-left: 2em; margin-right: 2em; }
- p.copyright { font-size: x-small ; }
- p.toc { font-size: small ; font-weight: bold ; margin-left: 3em ;}
-
- span.emph { font-style: italic; }
- span.strong { font-weight: bold; }
- span.verb { font-family: "Courier New", Courier, monospace ; }
-
- ol.text { margin-left: 2em; margin-right: 2em; }
- ul.text { margin-left: 2em; margin-right: 2em; }
- li { margin-left: 3em; }
-
- pre { margin-left: 3em; color: #333333; background-color: transparent;
- font-family: "Courier New", Courier, monospace ; font-size: small ;
- }
-
- h3 { color: #333333; font-size: medium ;
- font-family: helvetica, arial, sans-serif ;
- background-color: transparent; }
- h4 { font-size: small; font-family: helvetica, arial, sans-serif ; }
-
- table.bug { width: 30px ; height: 15px ; }
- td.bug { color: #ffffff ; background-color: #990000 ;
- text-align: center ; width: 30px ; height: 15px ;
- }
- td.bug A.link2 { color: #ffffff ; font-weight: bold;
- text-decoration: none;
- font-family: monaco, charcoal, geneva, "MS Sans Serif", helvetica, sans-serif;
- font-size: x-small ; background-color: transparent }
-
- td.header { color: #ffffff; font-size: x-small ;
- font-family: arial, helvetica, sans-serif; vertical-align: top;
- background-color: #666666 ; width: 33% ; }
- td.author { font-weight: bold; margin-left: 4em; font-size: x-small ; }
- td.author-text { font-size: x-small; }
- table.data { vertical-align: top ; border-collapse: collapse ;
- border-style: solid solid solid solid ;
- border-color: black black black black ;
- font-size: small ; text-align: center ; }
- table.data th { font-weight: bold ;
- border-style: solid solid solid solid ;
- border-color: black black black black ; }
- table.data td {
- border-style: solid solid solid solid ;
- border-color: #333333 #333333 #333333 #333333 ; }
-
- hr { height: 1px }
--->
-</style>
-</head>
-<body>
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<table summary="layout" width="66%" border="0" cellpadding="0" cellspacing="0"><tr><td><table summary="layout" width="100%" border="0" cellpadding="2" cellspacing="1">
-<tr><td class="header">Network Working Group</td><td class="header">L. Degioanni</td></tr>
-<tr><td class="header">Internet-Draft</td><td class="header">F. Risso</td></tr>
-<tr><td class="header">Expires: August 30, 2004</td><td class="header">Politecnico di Torino</td></tr>
-<tr><td class="header">&nbsp;</td><td class="header">March 2004</td></tr>
-</table></td></tr></table>
-<div align="right"><span class="title"><br />PCAP New Generation Dump File Format</span></div>
-<div align="right"><span class="title"><br />pcap</span></div>
-
-<h3>Status of this Memo</h3>
-<p>
-This document is an Internet-Draft and is
-in full conformance with all provisions of Section 10 of RFC2026.</p>
-<p>
-Internet-Drafts are working documents of the Internet Engineering
-Task Force (IETF), its areas, and its working groups.
-Note that other groups may also distribute working documents as
-Internet-Drafts.</p>
-<p>
-Internet-Drafts are draft documents valid for a maximum of six months
-and may be updated, replaced, or obsoleted by other documents at any time.
-It is inappropriate to use Internet-Drafts as reference material or to cite
-them other than as "work in progress."</p>
-<p>
-The list of current Internet-Drafts can be accessed at
-<a href='http://www.ietf.org/ietf/1id-abstracts.txt'>http://www.ietf.org/ietf/1id-abstracts.txt</a>.</p>
-<p>
-The list of Internet-Draft Shadow Directories can be accessed at
-<a href='http://www.ietf.org/shadow.html'>http://www.ietf.org/shadow.html</a>.</p>
-<p>
-This Internet-Draft will expire on August 30, 2004.</p>
-
-<h3>Copyright Notice</h3>
-<p>
-Copyright (C) The Internet Society (2004). All Rights Reserved.</p>
-
-<h3>Abstract</h3>
-
-<p>This document describes a format to dump captured packets on a file. This format is extensible and it is currently proposed for implementation in the libpcap/WinPcap packet capture library.
-</p><a name="toc"></a><br /><hr />
-<h3>Table of Contents</h3>
-<p class="toc">
-<a href="#anchor1">1.</a>&nbsp;
-Objectives<br />
-<a href="#anchor2">2.</a>&nbsp;
-General File Structure<br />
-<a href="#sectionblock">2.1</a>&nbsp;
-General Block Structure<br />
-<a href="#anchor3">2.2</a>&nbsp;
-Block Types<br />
-<a href="#anchor4">2.3</a>&nbsp;
-Block Hierarchy and Precedence<br />
-<a href="#anchor5">2.4</a>&nbsp;
-Data format<br />
-<a href="#anchor6">3.</a>&nbsp;
-Block Definition<br />
-<a href="#sectionshb">3.1</a>&nbsp;
-Section Header Block (mandatory)<br />
-<a href="#sectionidb">3.2</a>&nbsp;
-Interface Description Block (mandatory)<br />
-<a href="#sectionpb">3.3</a>&nbsp;
-Packet Block (optional)<br />
-<a href="#anchor7">3.4</a>&nbsp;
-Simple Packet Block (optional)<br />
-<a href="#anchor8">3.5</a>&nbsp;
-Name Resolution Block (optional)<br />
-<a href="#anchor9">3.6</a>&nbsp;
-Interface Statistics Block (optional)<br />
-<a href="#sectionopt">4.</a>&nbsp;
-Options<br />
-<a href="#anchor10">5.</a>&nbsp;
-Experimental Blocks (deserved to a further investigation)<br />
-<a href="#anchor11">5.1</a>&nbsp;
-Other Packet Blocks (experimental)<br />
-<a href="#anchor12">5.2</a>&nbsp;
-Compression Block (experimental)<br />
-<a href="#anchor13">5.3</a>&nbsp;
-Encryption Block (experimental)<br />
-<a href="#anchor14">5.4</a>&nbsp;
-Fixed Length Block (experimental)<br />
-<a href="#anchor15">5.5</a>&nbsp;
-Directory Block (experimental)<br />
-<a href="#anchor16">5.6</a>&nbsp;
-Traffic Statistics and Monitoring Blocks (experimental)<br />
-<a href="#anchor17">5.7</a>&nbsp;
-Event/Security Block (experimental)<br />
-<a href="#anchor18">6.</a>&nbsp;
-Conclusions<br />
-<a href="#anchor19">7.</a>&nbsp;
-Most important open issues<br />
-<a href="#rfc.copyright">&#167;</a>&nbsp;
-Intellectual Property and Copyright Statements<br />
-</p>
-<br clear="all" />
-
-<a name="anchor1"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.1"></a><h3>1.&nbsp;Objectives</h3>
-
-<p>The problem of exchanging packet traces becomes more and more critical every day; unfortunately, no standard solutions exist for this task right now. One of the most accepted packet interchange formats is the one defined by libpcap, which is rather old and does not fit for some of the nowadays applications especially in terms of extensibility.
-</p>
-<p>This document proposes a new format for dumping packet traces. The following goals are being pursued:
-</p>
-<ul class="text">
-<li>Extensibility: aside of some common functionalities, third parties should be able to enrich the information embedded in the file with proprietary extensions, which will be ignored by tools that are not able to understand them.
-</li>
-<li>Portability: a capture trace must contain all the information needed to read data independently from network, hardware and operating system of the machine that made the capture.
-</li>
-<li>Merge/Append data: it should be possible to add data at the end of a given file, and the resulting file must still be readable.
-</li>
-</ul>
-<a name="anchor2"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.2"></a><h3>2.&nbsp;General File Structure</h3>
-
-<a name="rfc.section.2.1"></a><h4><a name="sectionblock">2.1</a>&nbsp;General Block Structure</h4>
-
-<p>A capture file is organized in blocks, that are appended one to another to form the file. All the blocks share a common format, which is shown in <a href="#formatblock">Figure 1</a>.
-</p><br /><hr />
-<a name="formatblock"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Type |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Total Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / Block Body /
- / /* variable length, aligned to 32 bits */ /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Total Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Basic block structure.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The fields have the following meaning:
-</p>
-<ul class="text">
-<li>Block Type (32 bits): unique value that identifies the block. Values whose Most Significant Bit (MSB) is equal to 1 are reserved for local use. They allow to save private data to the file and to extend the file format.
-</li>
-<li>Block Total Length: total size of this block, in bytes. For instance, a block that does not have a body has a length of 12 bytes.
-</li>
-<li>Block Body: content of the block.
-</li>
-<li>Block Total Length: total size of this block, in bytes. This field is duplicated for permitting backward file navigation.
-</li>
-</ul>
-<p>This structure, shared among all blocks, makes easy to process a file and to skip unneeded or unknown blocks. Blocks can be nested one inside the others (NOTE: needed?). Some of the blocks are mandatory, i.e. a dump file is not valid if they are not present, other are optional.
-</p>
-<p>The structure of the blocks allows to define other blocks if needed. A parser that does non understand them can simply ignore their content.
-</p>
-<a name="rfc.section.2.2"></a><h4><a name="anchor3">2.2</a>&nbsp;Block Types</h4>
-
-<p>The currently defined blocks are the following:
-</p>
-<ol class="text">
-<li>Section Header Block: it defines the most important characteristics of the capture file.
-</li>
-<li>Interface Description Block: it defines the most important characteristics of the interface(s) used for capturing traffic.
-</li>
-<li>Packet Block: it contains a single captured packet, or a portion of it.
-</li>
-<li>Simple Packet Block: it contains a single captured packet, or a portion of it, with only a minimal set of information about it.
-</li>
-<li>Name Resolution Block: it defines the mapping from numeric addresses present in the packet dump and the canonical name counterpart.
-</li>
-<li>Capture Statistics Block: it defines how to store some statistical data (e.g. packet dropped, etc) which can be useful to undestand the conditions in which the capture has been made.
-</li>
-<li>Compression Marker Block: TODO
-</li>
-<li>Encryption Marker Block: TODO
-</li>
-<li>Fixed Length Marker Block: TODO
-</li>
-</ol>
-<p>The following blocks instead are considered interesting but the authors believe that they deserve more in-depth discussion before being defined:
-</p>
-<ol class="text">
-<li>Further Packet Blocks
-</li>
-<li>Directory Block
-</li>
-<li>Traffic Statistics and Monitoring Blocks
-</li>
-<li>Alert and Security Blocks
-</li>
-</ol>
-<p>TODO Currently standardized Block Type codes are specified in Appendix 1.
-</p>
-<a name="rfc.section.2.3"></a><h4><a name="anchor4">2.3</a>&nbsp;Block Hierarchy and Precedence</h4>
-
-<p>The file must begin with a Section Header Block. However, more than one Section Header Block can be present on the dump, each one covering the data following it till the next one (or the end of file). A Section includes the data delimited by two Section Header Blocks (or by a Section Header Block and the end of the file), including the first Section Header Block.
-</p>
-<p>In case an application cannot read a Section because of different version number, it must skip everything until the next Section Header Block. Note that, in order to properly skip the blocks until the next section, all blocks must have the fields Type and Length at the beginning. This is a mandatory requirement that must be maintained in future versions of the block format.
-</p>
-<p><a href="#fssample-SHB">Figure 2</a> shows two valid files: the first has a typical configuration, with a single Section Header that covers the whole file. The second one contains three headers, and is normally the result of file concatenation. An application that understands only version 1.0 of the file format skips the intermediate section and restart processing the packets after the third Section Header.
-</p><br /><hr />
-<a name="fssample-SHB"></a>
-<pre>
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SHB v1.0 | Data |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Typical configuration with a single Section Header Block
-
-
- |-- 1st Section --|-- 2nd Section --|-- 3rd Section --|
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SHB v1.0 | Data | SHB V1.1 | Data | SHB V1.0 | Data |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Configuration with three different Section Header Blocks
-</pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;File structure example: the Section Header Block.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>NOTE: TO BE COMPLETED with some examples of other blocks
-</p>
-<a name="rfc.section.2.4"></a><h4><a name="anchor5">2.4</a>&nbsp;Data format</h4>
-
-<p>Data contained in each section will always be saved according to the characteristics (little endian / big endian) of the dumping machine. This refers to all fields that are saved as numbers and that span over two or more bytes.
-</p>
-<p>The approach of having each section saved in the native format of the generating host is more efficient because it avoids translation of data when reading / writing on the host itself, which is the most common case when generating/processing capture dumps.
-</p>
-<p>TODO Probably we have to specify something more here. Is what we're saying enough to avoid any kind of ambiguity?.
-</p>
-<a name="anchor6"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.3"></a><h3>3.&nbsp;Block Definition</h3>
-
-<p>This section details the format of the body of the blocks currently defined.
-</p>
-<a name="rfc.section.3.1"></a><h4><a name="sectionshb">3.1</a>&nbsp;Section Header Block (mandatory)</h4>
-
-<p>The Section Header Block is mandatory. It identifies the beginning of a section of the capture dump file. Its format is shown in <a href="#formatSHB">Figure 3</a>.
-</p><br /><hr />
-<a name="formatSHB"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Magic |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Major | Minor |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Section Header Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The meaning of the fields is:
-</p>
-<ul class="text">
-<li>Magic: magic number, whose value is the hexadecimal number 0x1A2B3C4D. This number can be used to distinguish section that have been saved on little-endian machines from the one saved on big-endian machines.
-</li>
-<li>Major: number of the current mayor version of the format. Current value is 1.
-</li>
-<li>Minor: number of the current minor version of the format. Current value is 0.
-</li>
-<li>Options: optionally, a list of options (formatted according to the rules defined in <a href="#sectionopt">Section 4</a>) can be present.
-</li>
-</ul>
-<p>Aside form the options defined in <a href="#sectionopt">Section 4</a>, the following options are valid within this block:
-</p><a name="InterfaceOptions1"></a>
-<table class="data" align="center" border="1" cellpadding="2" cellspacing="2">
-<tr>
-<th align="left" width="25%">Name</th>
-<th align="left" width="25%">Code</th>
-<th align="left" width="25%">Length</th>
-<th align="left" width="25%">Description</th>
-</tr>
-<tr>
-<td align="left">Hardware</td>
-<td align="left">2</td>
-<td align="left">variable</td>
-<td align="left">An ascii string containing the description of the hardware used to create this section.</td>
-</tr>
-<tr>
-<td align="left">Operating System</td>
-<td align="left">3</td>
-<td align="left">variable</td>
-<td align="left">An ascii string containing the name of the operating system used to create this section.</td>
-</tr>
-<tr>
-<td align="left">User Application</td>
-<td align="left">3</td>
-<td align="left">variable</td>
-<td align="left">An ascii string containing the name of the application used to create this section.</td>
-</tr>
-</table>
-
-<p>The Section Header Block does not contain data but it rather identifies a list of blocks (interfaces, packets) that are logically correlated. This block does not contain any reference to the size of the section it is currently delimiting, therefore the reader cannot skip a whole section at once. In case a section must be skipped, the user has to repeatedly skip all the blocks contained within it; this makes the parsing of the file slower but it permits to append several capture dumps at the same file.
-</p>
-<a name="rfc.section.3.2"></a><h4><a name="sectionidb">3.2</a>&nbsp;Interface Description Block (mandatory)</h4>
-
-<p>The Interface Description Block is mandatory. This block is needed to specify the characteristics of the network interface on which the capture has been made. In order to properly associate the captured data to the corresponding interface, the Interface Description Block must be defined before any other block that uses it; therefore, this block is usually placed immediately after the Section Header Block.
-</p>
-<p>An Interface Description Block is valid only inside the section which it belongs to. The structure of a Interface Description Block is shown in <a href="#formatidb">Figure 4</a>.
-</p><br /><hr />
-<a name="formatidb"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | LinkType |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SnapLen |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Interface Description Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The meaning of the fields is:
-</p>
-<ul class="text">
-<li>Interface ID: a progressive number that identifies uniquely any interface inside current section. Two Interface Description Blocks can have the same Interface ID only if they are in different sections of the file. The Interface ID is referenced by the packet blocks.
-</li>
-<li>LinkType: a value that defines the link layer type of this interface.
-</li>
-<li>SnapLen: maximum number of bytes dumped from each packet. The portion of each packet that exceeds this value will not be stored in the file.
-</li>
-<li>Options: optionally, a list of options (formatted according to the rules defined in <a href="#sectionopt">Section 4</a>) can be present.
-</li>
-</ul>
-<p>In addition to the options defined in <a href="#sectionopt">Section 4</a>, the following options are valid within this block:
-</p><a name="InterfaceOptions2"></a>
-<table class="data" align="center" border="1" cellpadding="2" cellspacing="2">
-<tr>
-<th align="left" width="25%">Name</th>
-<th align="left" width="25%">Code</th>
-<th align="left" width="25%">Length</th>
-<th align="left" width="25%">Description</th>
-</tr>
-<tr>
-<td align="left">if_name</td>
-<td align="left">2</td>
-<td align="left">Variable</td>
-<td align="left">Name of the device used to capture data.</td>
-</tr>
-<tr>
-<td align="left">if_IPv4addr</td>
-<td align="left">3</td>
-<td align="left">8</td>
-<td align="left">Interface network address and netmask.</td>
-</tr>
-<tr>
-<td align="left">if_IPv6addr</td>
-<td align="left">4</td>
-<td align="left">17</td>
-<td align="left">Interface network address and prefix length (stored in the last byte).</td>
-</tr>
-<tr>
-<td align="left">if_MACaddr</td>
-<td align="left">5</td>
-<td align="left">6</td>
-<td align="left">Interface Hardware MAC address (48 bits).</td>
-</tr>
-<tr>
-<td align="left">if_EUIaddr</td>
-<td align="left">6</td>
-<td align="left">8</td>
-<td align="left">Interface Hardware EUI address (64 bits), if available.</td>
-</tr>
-<tr>
-<td align="left">if_speed</td>
-<td align="left">7</td>
-<td align="left">8</td>
-<td align="left">Interface speed (in bps).</td>
-</tr>
-<tr>
-<td align="left">if_tsaccur</td>
-<td align="left">8</td>
-<td align="left">1</td>
-<td align="left">Precision of timestamps. If the Most Significant Bit is equal to zero, the remaining bits indicates the accuracy as as a negative power of 10 (e.g. 6 means microsecond accuracy). If the Most Significant Bit is equal to zero, the remaining bits indicates the accuracy as as negative power of 2 (e.g. 10 means 1/1024 of second). If this option is not present, a precision of 10^-6 is assumed.</td>
-</tr>
-<tr>
-<td align="left">if_tzone</td>
-<td align="left">9</td>
-<td align="left">4</td>
-<td align="left">Time zone for GMT support (TODO: specify better).</td>
-</tr>
-<tr>
-<td align="left">if_flags</td>
-<td align="left">10</td>
-<td align="left">4</td>
-<td align="left">Interface flags. (TODO: specify better. Possible flags: promiscuous, inbound/outbound, traffic filtered during capture).</td>
-</tr>
-<tr>
-<td align="left">if_filter</td>
-<td align="left">11</td>
-<td align="left">variable</td>
-<td align="left">The filter (e.g. "capture only TCP traffic") used to capture traffic. The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more). More details about this format will be presented in Appendix XXX (TODO).</td>
-</tr>
-<tr>
-<td align="left">if_opersystem</td>
-<td align="left">12</td>
-<td align="left">variable</td>
-<td align="left">An ascii string containing the name of the operating system of the machine that hosts this interface. This can be different from the same information that can be contained by the Section Header Block (<a href="#sectionshb">Section 3.1</a>) because the capture can have been done on a remote machine.</td>
-</tr>
-</table>
-
-<a name="rfc.section.3.3"></a><h4><a name="sectionpb">3.3</a>&nbsp;Packet Block (optional)</h4>
-
-<p>A Packet Block is the standard container for storing the packets coming from the network. The Packet Block is optional because packets can be stored either by means of this block or the Simple Packet Block, which can be used to speed up dump generation. The format of a packet block is shown in <a href="#formatpb">Figure 5</a>.
-</p><br /><hr />
-<a name="formatpb"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | Drops Count |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp (High) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp (Low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Captured Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Packet Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |
- | Packet Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Packet Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The Packet Block has the following fields:
-</p>
-<ul class="text">
-<li>Interface ID: Specifies the interface this packet comes from, and corresponds to the ID of one of the Interface Description Blocks present in this section of the file (see <a href="#formatidb">Figure 4</a>).
-</li>
-<li>Drops Count: a local drop counter. It specified the number of packets lost (by the interface and the operating system) between this packet and the preceding one. The value xFFFF (in hexadecimal) is reserved for those systems in which this information is not available.
-</li>
-<li>Timestamp (High): the most significative part of the timestamp. in standard Unix format, i.e. from 1/1/1970.
-</li>
-<li>Timestamp (Low): the less significative part of the timestamp. The way to interpret this field is specified by the 'ts_accur' option (see <a href="#formatidb">Figure 4</a>) of the Interface Description block referenced by this packet. If the Interface Description block does not contain a 'ts_accur' option, then this field is expressed in microseconds.
-</li>
-<li>Captured Len: number of bytes captured from the packet (i.e. the length of the Packet Data field). It will be the minimum value among the actual Packet Length and the snapshot length (defined in <a href="#formatidb">Figure 4</a>).
-</li>
-<li>Packet Len: actual length of the packet when it was transmitted on the network. Can be different from Captured Len if the user wants only a snapshot of the packet.
-</li>
-<li>Packet Data: the data coming from the network, including link-layer headers. The length of this field is Captured Len. The format of the link-layer headers depends on the LinkType field specified in the Interface Description Block (see <a href="#sectionidb">Section 3.2</a>) and it is specified in Appendix XXX (TODO).
-</li>
-<li>Options: optionally, a list of options (formatted according to the rules defined in <a href="#sectionopt">Section 4</a>) can be present.
-</li>
-</ul>
-<p>
-</p>
-<a name="rfc.section.3.4"></a><h4><a name="anchor7">3.4</a>&nbsp;Simple Packet Block (optional)</h4>
-
-<p>The Simple Packet Block is a lightweight container for storing the packets coming from the network. Its presence is optional.
-</p>
-<p>A Simple Packet Block is similar to a Packet Block (see <a href="#sectionpb">Section 3.3</a>), but it is smaller, simpler to process and contains only a minimal set of information. This block is preferred to the standard Packet Block when performance or space occupation are critical factors, such as in sustained traffic dump applications. A capture file can contain both Packet Blocks and Simple Packet Blocks: for example, a capture tool could switch from Packet Blocks to Simple Packet Blocks when the hardware resources become critical.
-</p>
-<p>The Simple Packet Block does not contain the Interface ID field. Therefore, it must be assumed that all the Simple Packet Blocks have been captured on the interface previously specified in the Interface Description Block.
-</p>
-<p><a href="#formatpbs">Figure 6</a> shows the format of the Simple Packet Block.
-</p><br /><hr />
-<a name="formatpbs"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Packet Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |
- | Packet Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Simple Packet Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The Packet Block has the following fields:
-</p>
-<ul class="text">
-<li>Packet Len: actual length of the packet when it was transmitted on the network. Can be different from captured len if the packet has been truncated.
-</li>
-<li>Packet data: the data coming from the network, including link-layers headers. The length of this field can be derived from the field Block Total Length, present in the Block Header.
-</li>
-</ul>
-<p>The Simple Packet Block does not contain the timestamp because this is one of the most costly operations on PCs. Additionally, there are applications that do not require it; e.g. an Intrusion Detection System is interested in packets, not in their timestamp.
-</p>
-<p>The Simple Packet Block is very efficient in term of disk space: a snapshot of length 100 bytes requires only 16 bytes of overhead, which corresponds to an efficiency of more than 86%.
-</p>
-<a name="rfc.section.3.5"></a><h4><a name="anchor8">3.5</a>&nbsp;Name Resolution Block (optional)</h4>
-
-<p>The Name Resolution Block is used to support the correlation of numeric addresses (present in the captured packets) and their corresponding canonical names and it is optional. Having the literal names saved in the file, this prevents the need of a name resolution in a delayed time, when the association between names and addresses can be different from the one in use at capture time. Moreover, The Name Resolution Block avoids the need of issuing a lot of DNS requests every time the trace capture is opened, and allows to have name resolution also when reading the capture with a machine not connected to the network.
-</p>
-<p>The format of the Name Resolution Block is shown in <a href="#formatnrb">Figure 7</a>.
-</p><br /><hr />
-<a name="formatnrb"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Record Type | Record Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Record Value |
- | /* variable length, byte-aligned */ |
- | + + + + + + + + + + + + + + + + + + + + + + + + +
- | | | | |
- +-+-+-+-+-+-+-+-+ + + + + + + + + + + + + + + + + + + + + + + + +
- . . . other records . . .
- | Record Type == end_of_recs | Record Length == 00 |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Name Resolution Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>A Name Resolution Block is a zero-terminated list of records (in the TLV format), each of which contains an association between a network address and a name. There are three possible types of records:
-</p><a name="nrrecords"></a>
-<table class="data" align="center" border="1" cellpadding="2" cellspacing="2">
-<tr>
-<th align="left" width="25%">Name</th>
-<th align="left" width="25%">Code</th>
-<th align="left" width="25%">Length</th>
-<th align="left" width="25%">Description</th>
-</tr>
-<tr>
-<td align="left">end_of_recs</td>
-<td align="left">0</td>
-<td align="left">0</td>
-<td align="left">End of records</td>
-</tr>
-<tr>
-<td align="left">ip4_rec</td>
-<td align="left">1</td>
-<td align="left">Variable</td>
-<td align="left">Specifies an IPv4 address (contained in the first 4 bytes), followed by one or more zero-terminated strings containing the DNS entries for that address.</td>
-</tr>
-<tr>
-<td align="left">ip6_rec</td>
-<td align="left">1</td>
-<td align="left">Variable</td>
-<td align="left">Specifies an IPv6 address (contained in the first 16 bytes), followed by one or more zero-terminated strings containing the DNS entries for that address.</td>
-</tr>
-</table>
-
-<p>After the list or Name Resolution Records, optionally, a list of options (formatted according to the rules defined in <a href="#sectionopt">Section 4</a>) can be present.
-</p>
-<p>A Name Resolution Block is normally placed at the beginning of the file, but no assumptions can be taken about its position. Name Resolution Blocks can be added in a second time by tools that process the file, like network analyzers.
-</p>
-<p>In addiction to the options defined in <a href="#sectionopt">Section 4</a>, the following options are valid within this block:
-</p><table class="data" align="center" border="1" cellpadding="2" cellspacing="2">
-<tr>
-<th align="left" width="25%">Name</th>
-<th align="left" width="25%">Code</th>
-<th align="left" width="25%">Length</th>
-<th align="left" width="25%">Description</th>
-</tr>
-<tr>
-<td align="left">ns_dnsname</td>
-<td align="left">2</td>
-<td align="left">Variable</td>
-<td align="left">An ascii string containing the name of the machine (DNS server) used to perform the name resolution.</td>
-</tr>
-</table>
-
-<a name="rfc.section.3.6"></a><h4><a name="anchor9">3.6</a>&nbsp;Interface Statistics Block (optional)</h4>
-
-<p>The Interface Statistics Block contains the capture statistics for a given interface and it is optional. The statistics are referred to the interface defined in the current Section identified by the Interface ID field.
-</p>
-<p>The format of the Interface Statistics Block is shown in <a href="#formatisb">Figure 8</a>.
-</p><br /><hr />
-<a name="formatisb"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | IfRecv |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | IfDrop |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | FilterAccept |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | OSDrop |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | UsrDelivered |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | Reserved |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Interface Statistics Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The fields have the following meaning:
-</p>
-<ul class="text">
-<li>IfRecv: number of packets received from the interface during the capture. This number is reported as a 64 bits value, in which the most significat bits are located in the first four bytes of the field.
-</li>
-<li>IfDrop: number of packets dropped by the interface during the capture due to lack of resources.
-</li>
-<li>FilterAccept: number of packets accepeted by filter during current capture.
-</li>
-<li>OSDrop: number of packets dropped by the operating system during the capture.
-</li>
-<li>UsrDelivered: number of packets delivered to the user. UsrDelivered can be different from the value 'FilterAccept - OSDropped' because some packets could still lay in the OS buffers when the capture ended.
-</li>
-<li>Interface ID: reference to an Interface Description Block.
-</li>
-<li>Reserved: Reserved to future use.
-</li>
-<li>Options: optionally, a list of options (formatted according to the rules defined in <a href="#sectionopt">Section 4</a>) can be present.
-</li>
-</ul>
-<p>In addiction to the options defined in <a href="#sectionopt">Section 4</a>, the following options are valid within this block:
-</p><table class="data" align="center" border="1" cellpadding="2" cellspacing="2">
-<tr>
-<th align="left" width="25%">Name</th>
-<th align="left" width="25%">Code</th>
-<th align="left" width="25%">Length</th>
-<th align="left" width="25%">Description</th>
-</tr>
-<tr>
-<td align="left">isb_starttime</td>
-<td align="left">2</td>
-<td align="left">8</td>
-<td align="left">Time in which the capture started; time will be stored in two blocks of four bytes each, containing the timestamp in seconds and nanoseconds.</td>
-</tr>
-<tr>
-<td align="left">isb_endtime</td>
-<td align="left">3</td>
-<td align="left">8</td>
-<td align="left">Time in which the capture started; time will be stored in two blocks of four bytes each, containing the timestamp in seconds and nanoseconds.</td>
-</tr>
-</table>
-
-<a name="sectionopt"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.4"></a><h3>4.&nbsp;Options</h3>
-
-<p>Almost all blocks have the possibility to embed optional fields. Optional fields can be used to insert some information that may be useful when reading data, but that it is not really needed for packet processing. Therefore, each tool can be either read the content of the optional fields (if any), or skip them at once.
-</p>
-<p>Skipping all the optional fields at once is straightforward because most of the blocks have a fixed length, therefore the field Block Length (present in the General Block Structure, see <a href="#sectionblock">Section 2.1</a>) can be used to skip everything till the next block.
-</p>
-<p>Options are a list of Type - Length - Value fields, each one containing a single value:
-</p>
-<ul class="text">
-<li>Option Type (2 bytes): it contains the code that specifies the type of the current TLV record. Option types whose Most Significant Bit is equal to one are reserved for local use; therefore, there is no guarantee that the code used is unique among all capture files (generated by other applications). In case of vendor-specific extensions that have to be identified uniquely, vendors must request an Option Code whose MSB is equal to zero.
-</li>
-<li>Option Length (2 bytes): it contains the length of the following 'Option Value' field.
-</li>
-<li>Option Value (variable length): it contains the value of the given option. The length of this field as been specified by the Option Length field.
-</li>
-</ul>
-<p>Options may be repeated several times (e.g. an interface that has several IP addresses associated to it). The option list is terminated by a special code which is the 'End of Option'.
-</p>
-<p>The format of the optional fields is shown in <a href="#formatopt">Figure 9</a>.
-</p><br /><hr />
-<a name="formatopt"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Code | Option Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Value |
- | /* variable length, byte-aligned */ |
- | + + + + + + + + + + + + + + + + + + + + + + + + +
- | / / / |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / . . . other options . . . /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Code == opt_endofopt | Option Length == 0 |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Options format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The following codes can always be present in any optional field:
-</p><table class="data" align="center" border="1" cellpadding="2" cellspacing="2">
-<tr>
-<th align="left" width="25%">Name</th>
-<th align="left" width="25%">Code</th>
-<th align="left" width="25%">Length</th>
-<th align="left" width="25%">Description</th>
-</tr>
-<tr>
-<td align="left">opt_endofopt</td>
-<td align="left">0</td>
-<td align="left">0</td>
-<td align="left">End of options: it is used to delimit the end of the optional fields. This block cannot be repeated within a given list of options.</td>
-</tr>
-<tr>
-<td align="left">opt_comment</td>
-<td align="left">1</td>
-<td align="left">variable</td>
-<td align="left">Comment: it is an ascii string containing a comment that is associated to the current block.</td>
-</tr>
-</table>
-
-<a name="anchor10"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.5"></a><h3>5.&nbsp;Experimental Blocks (deserved to a further investigation)</h3>
-
-<a name="rfc.section.5.1"></a><h4><a name="anchor11">5.1</a>&nbsp;Other Packet Blocks (experimental)</h4>
-
-<p>Can some other packet blocks (besides the two described in the previous paragraphs) be useful?
-</p>
-<a name="rfc.section.5.2"></a><h4><a name="anchor12">5.2</a>&nbsp;Compression Block (experimental)</h4>
-
-<p>The Compression Block is optional. A file can contain an arbitrary number of these blocks. A Compression Block, as the name says, is used to store compressed data. Its format is shown in <a href="#formatcb">Figure 10</a>.
-</p><br /><hr />
-<a name="formatcb"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Compr. Type | |
- +-+-+-+-+-+-+-+-+ |
- | |
- | Compressed Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Compression Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The fields have the following meaning:
-</p>
-<ul class="text">
-<li>Compression Type: specifies the compression algorithm. Possible values for this field are 0 (uncompressed), 1 (Lempel Ziv), 2 (Gzip), other?? Probably some kind of dumb and fast compression algorithm could be effective with some types of traffic (for example web), but which?
-</li>
-<li>Compressed Data: data of this block. Once decompressed, it is made of other blocks.
-</li>
-</ul>
-<a name="rfc.section.5.3"></a><h4><a name="anchor13">5.3</a>&nbsp;Encryption Block (experimental)</h4>
-
-<p>The Encryption Block is optional. A file can contain an arbitrary number of these blocks. An Encryption Block is used to sotre encrypted data. Its format is shown in <a href="#formateb">Figure 11</a>.
-</p><br /><hr />
-<a name="formateb"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Encr. Type | |
- +-+-+-+-+-+-+-+-+ |
- | |
- | Compressed Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Encryption Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The fields have the following meaning:
-</p>
-<ul class="text">
-<li>Compression Type: specifies the encryption algorithm. Possible values for this field are ??? NOTE: this block should probably contain other fields, depending on the encryption algorithm. To be define precisely.
-</li>
-<li>Encrypted Data: data of this block. Once decripted, it consists of other blocks.
-</li>
-</ul>
-<a name="rfc.section.5.4"></a><h4><a name="anchor14">5.4</a>&nbsp;Fixed Length Block (experimental)</h4>
-
-<p>The Fixed Length Block is optional. A file can contain an arbitrary number of these blocks. A Fixed Length Block can be used to optimize the access to the file. Its format is shown in <a href="#formatflm">Figure 12</a>.
-A Fixed Length Block stores records with constant size. It contains a set of Blocks (normally Packet Blocks or Simple Packet Blocks), of wihich it specifies the size. Knowing this size a priori helps to scan the file and to load some portions of it without truncating a block, and is particularly useful with cell-based networks like ATM.
-</p><br /><hr />
-<a name="formatflm"></a>
-<pre>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Cell Size | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- | Fixed Size Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </pre>
-<table border="0" cellpadding="0" cellspacing="2" align="center"><tr><td align="center"><font face="monaco, MS Sans Serif" size="1"><b>&nbsp;Fixed Length Block format.&nbsp;</b></font><br /></td></tr></table><hr size="1" shade="0">
-
-<p>The fields have the following meaning:
-</p>
-<ul class="text">
-<li>Cell size: the size of the blocks contained in the data field.
-</li>
-<li>Fixed Size Data: data of this block.
-</li>
-</ul>
-<a name="rfc.section.5.5"></a><h4><a name="anchor15">5.5</a>&nbsp;Directory Block (experimental)</h4>
-
-<p>If present, this block contains the following information:
-</p>
-<ul class="text">
-<li>number of indexed packets (N)
-</li>
-<li>table with position and length of any indexed packet (N entries)
-</li>
-</ul>
-<p>A directory block must be followed by at least N packets, otherwise it must be considered invalid. It can be used to efficiently load portions of the file to memory and to support operations on memory mapped files. This block can be added by tools like network analyzers as a consequence of file processing.
-</p>
-<a name="rfc.section.5.6"></a><h4><a name="anchor16">5.6</a>&nbsp;Traffic Statistics and Monitoring Blocks (experimental)</h4>
-
-<p>One or more blocks could be defined to contain network statistics or traffic monitoring information. They could be use to store data collected from RMON or Netflow probes, or from other network monitoring tools.
-</p>
-<a name="rfc.section.5.7"></a><h4><a name="anchor17">5.7</a>&nbsp;Event/Security Block (experimental)</h4>
-
-<p>This block could be used to store events. Events could contain generic information (for example network load over 50%, server down...) or security alerts. An event could be:
-</p>
-<ul class="text">
-<li>skipped, if the application doesn't know how to do with it
-</li>
-<li>processed independently by the packets. In other words, the applications skips the packets and processes only the alerts
-</li>
-<li>processed in relation to packets: for example, a security tool could load only the packets of the file that are near a security alert; a monitorg tool could skip the packets captured while the server was down.
-</li>
-</ul>
-<a name="anchor18"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.6"></a><h3>6.&nbsp;Conclusions</h3>
-
-<p>The file format proposed in this document should be very versatile and satisfy a wide range of applications.
-In the simplest case, it can contain a raw dump of the network data, made of a series of Simple Packet Blocks.
-In the most complex case, it can be used as a repository for heterogeneous information.
-In every case, the file remains easy to parse and an application can always skip the data it is not interested in; at the same time, different applications can share the file, and each of them can benfit of the information produced by the others.
-Two or more files can be concatenated obtaining another valid file.
-</p>
-<a name="anchor19"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<a name="rfc.section.7"></a><h3>7.&nbsp;Most important open issues</h3>
-
-<ul class="text">
-<li>Data, in the file, must be byte or word aligned? Currently, the structure of this document is not consistent with respect to this point.
-</li>
-</ul><a name="rfc.copyright"></a><br /><hr />
-<table summary="layout" cellpadding="0" cellspacing="2" class="bug" align="right"><tr><td class="bug"><a href="#toc" class="link2">&nbsp;TOC&nbsp;</a></td></tr></table>
-<h3>Intellectual Property Statement</h3>
-<p class='copyright'>
-The IETF takes no position regarding the validity or scope of
-any intellectual property or other rights that might be claimed
-to pertain to the implementation or use of the technology
-described in this document or the extent to which any license
-under such rights might or might not be available; neither does
-it represent that it has made any effort to identify any such
-rights. Information on the IETF's procedures with respect to
-rights in standards-track and standards-related documentation
-can be found in BCP-11. Copies of claims of rights made
-available for publication and any assurances of licenses to
-be made available, or the result of an attempt made
-to obtain a general license or permission for the use of such
-proprietary rights by implementors or users of this
-specification can be obtained from the IETF Secretariat.</p>
-<p class='copyright'>
-The IETF invites any interested party to bring to its
-attention any copyrights, patents or patent applications, or
-other proprietary rights which may cover technology that may be
-required to practice this standard. Please address the
-information to the IETF Executive Director.</p>
-<h3>Full Copyright Statement</h3>
-<p class='copyright'>
-Copyright (C) The Internet Society (2004). All Rights Reserved.</p>
-<p class='copyright'>
-This document and translations of it may be copied and furnished to
-others, and derivative works that comment on or otherwise explain it
-or assist in its implementation may be prepared, copied, published and
-distributed, in whole or in part, without restriction of any kind,
-provided that the above copyright notice and this paragraph are
-included on all such copies and derivative works. However, this
-document itself may not be modified in any way, such as by removing
-the copyright notice or references to the Internet Society or other
-Internet organizations, except as needed for the purpose of
-developing Internet standards in which case the procedures for
-copyrights defined in the Internet Standards process must be
-followed, or as required to translate it into languages other than
-English.</p>
-<p class='copyright'>
-The limited permissions granted above are perpetual and will not be
-revoked by the Internet Society or its successors or assignees.</p>
-<p class='copyright'>
-This document and the information contained herein is provided on an
-&quot;AS IS&quot; basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
-TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
-BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
-MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</p>
-<h3>Acknowledgment</h3>
-<p class='copyright'>
-Funding for the RFC Editor function is currently provided by the
-Internet Society.</p>
-</body></html>
diff --git a/doc/pcap.txt b/doc/pcap.txt
deleted file mode 100644
index cfa6645fc24f..000000000000
--- a/doc/pcap.txt
+++ /dev/null
@@ -1,1680 +0,0 @@
-
-
-Network Working Group L. Degioanni
-Internet-Draft F. Risso
-Expires: August 30, 2004 Politecnico di Torino
- March 2004
-
-
- PCAP New Generation Dump File Format
- pcap
-
-Status of this Memo
-
- This document is an Internet-Draft and is in full conformance with
- all provisions of Section 10 of RFC2026.
-
- Internet-Drafts are working documents of the Internet Engineering
- Task Force (IETF), its areas, and its working groups. Note that other
- groups may also distribute working documents as Internet-Drafts.
-
- Internet-Drafts are draft documents valid for a maximum of six months
- and may be updated, replaced, or obsoleted by other documents at any
- time. It is inappropriate to use Internet-Drafts as reference
- material or to cite them other than as "work in progress."
-
- The list of current Internet-Drafts can be accessed at http://
- www.ietf.org/ietf/1id-abstracts.txt.
-
- The list of Internet-Draft Shadow Directories can be accessed at
- http://www.ietf.org/shadow.html.
-
- This Internet-Draft will expire on August 30, 2004.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2004). All Rights Reserved.
-
-Abstract
-
- This document describes a format to dump captured packets on a file.
- This format is extensible and it is currently proposed for
- implementation in the libpcap/WinPcap packet capture library.
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 1]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-Table of Contents
-
- 1. Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 2. General File Structure . . . . . . . . . . . . . . . . . . . . 4
- 2.1 General Block Structure . . . . . . . . . . . . . . . . . . . 4
- 2.2 Block Types . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 2.3 Block Hierarchy and Precedence . . . . . . . . . . . . . . . . 5
- 2.4 Data format . . . . . . . . . . . . . . . . . . . . . . . . . 6
- 3. Block Definition . . . . . . . . . . . . . . . . . . . . . . . 8
- 3.1 Section Header Block (mandatory) . . . . . . . . . . . . . . . 8
- 3.2 Interface Description Block (mandatory) . . . . . . . . . . . 9
- 3.3 Packet Block (optional) . . . . . . . . . . . . . . . . . . . 13
- 3.4 Simple Packet Block (optional) . . . . . . . . . . . . . . . . 15
- 3.5 Name Resolution Block (optional) . . . . . . . . . . . . . . . 16
- 3.6 Interface Statistics Block (optional) . . . . . . . . . . . . 18
- 4. Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
- 5. Experimental Blocks (deserved to a further investigation) . . 23
- 5.1 Other Packet Blocks (experimental) . . . . . . . . . . . . . . 23
- 5.2 Compression Block (experimental) . . . . . . . . . . . . . . . 23
- 5.3 Encryption Block (experimental) . . . . . . . . . . . . . . . 23
- 5.4 Fixed Length Block (experimental) . . . . . . . . . . . . . . 24
- 5.5 Directory Block (experimental) . . . . . . . . . . . . . . . . 25
- 5.6 Traffic Statistics and Monitoring Blocks (experimental) . . . 25
- 5.7 Event/Security Block (experimental) . . . . . . . . . . . . . 25
- 6. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 27
- 7. Most important open issues . . . . . . . . . . . . . . . . . . 28
- Intellectual Property and Copyright Statements . . . . . . . . 29
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 2]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-1. Objectives
-
- The problem of exchanging packet traces becomes more and more
- critical every day; unfortunately, no standard solutions exist for
- this task right now. One of the most accepted packet interchange
- formats is the one defined by libpcap, which is rather old and does
- not fit for some of the nowadays applications especially in terms of
- extensibility.
-
- This document proposes a new format for dumping packet traces. The
- following goals are being pursued:
-
- o Extensibility: aside of some common functionalities, third parties
- should be able to enrich the information embedded in the file with
- proprietary extensions, which will be ignored by tools that are
- not able to understand them.
-
- o Portability: a capture trace must contain all the information
- needed to read data independently from network, hardware and
- operating system of the machine that made the capture.
-
- o Merge/Append data: it should be possible to add data at the end of
- a given file, and the resulting file must still be readable.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 3]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-2. General File Structure
-
-2.1 General Block Structure
-
- A capture file is organized in blocks, that are appended one to
- another to form the file. All the blocks share a common format, which
- is shown in Figure 1.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Type |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Total Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / Block Body /
- / /* variable length, aligned to 32 bits */ /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Total Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 1: Basic block structure.
-
- The fields have the following meaning:
-
- o Block Type (32 bits): unique value that identifies the block.
- Values whose Most Significant Bit (MSB) is equal to 1 are reserved
- for local use. They allow to save private data to the file and to
- extend the file format.
-
- o Block Total Length: total size of this block, in bytes. For
- instance, a block that does not have a body has a length of 12
- bytes.
-
- o Block Body: content of the block.
-
- o Block Total Length: total size of this block, in bytes. This field
- is duplicated for permitting backward file navigation.
-
- This structure, shared among all blocks, makes easy to process a file
- and to skip unneeded or unknown blocks. Blocks can be nested one
- inside the others (NOTE: needed?). Some of the blocks are mandatory,
- i.e. a dump file is not valid if they are not present, other are
- optional.
-
- The structure of the blocks allows to define other blocks if needed.
- A parser that does non understand them can simply ignore their
- content.
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 4]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-2.2 Block Types
-
- The currently defined blocks are the following:
-
- 1. Section Header Block: it defines the most important
- characteristics of the capture file.
-
- 2. Interface Description Block: it defines the most important
- characteristics of the interface(s) used for capturing traffic.
-
- 3. Packet Block: it contains a single captured packet, or a portion
- of it.
-
- 4. Simple Packet Block: it contains a single captured packet, or a
- portion of it, with only a minimal set of information about it.
-
- 5. Name Resolution Block: it defines the mapping from numeric
- addresses present in the packet dump and the canonical name
- counterpart.
-
- 6. Capture Statistics Block: it defines how to store some
- statistical data (e.g. packet dropped, etc) which can be useful
- to undestand the conditions in which the capture has been made.
-
- 7. Compression Marker Block: TODO
-
- 8. Encryption Marker Block: TODO
-
- 9. Fixed Length Marker Block: TODO
-
- The following blocks instead are considered interesting but the
- authors believe that they deserve more in-depth discussion before
- being defined:
-
- 1. Further Packet Blocks
-
- 2. Directory Block
-
- 3. Traffic Statistics and Monitoring Blocks
-
- 4. Alert and Security Blocks
-
- TODO Currently standardized Block Type codes are specified in
- Appendix 1.
-
-2.3 Block Hierarchy and Precedence
-
- The file must begin with a Section Header Block. However, more than
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 5]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- one Section Header Block can be present on the dump, each one
- covering the data following it till the next one (or the end of
- file). A Section includes the data delimited by two Section Header
- Blocks (or by a Section Header Block and the end of the file),
- including the first Section Header Block.
-
- In case an application cannot read a Section because of different
- version number, it must skip everything until the next Section Header
- Block. Note that, in order to properly skip the blocks until the next
- section, all blocks must have the fields Type and Length at the
- beginning. This is a mandatory requirement that must be maintained in
- future versions of the block format.
-
- Figure 2 shows two valid files: the first has a typical
- configuration, with a single Section Header that covers the whole
- file. The second one contains three headers, and is normally the
- result of file concatenation. An application that understands only
- version 1.0 of the file format skips the intermediate section and
- restart processing the packets after the third Section Header.
-
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SHB v1.0 | Data |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Typical configuration with a single Section Header Block
-
-
- |-- 1st Section --|-- 2nd Section --|-- 3rd Section --|
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SHB v1.0 | Data | SHB V1.1 | Data | SHB V1.0 | Data |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Configuration with three different Section Header Blocks
-
- Figure 2: File structure example: the Section Header Block.
-
- NOTE: TO BE COMPLETED with some examples of other blocks
-
-2.4 Data format
-
- Data contained in each section will always be saved according to the
- characteristics (little endian / big endian) of the dumping machine.
- This refers to all fields that are saved as numbers and that span
- over two or more bytes.
-
- The approach of having each section saved in the native format of the
- generating host is more efficient because it avoids translation of
- data when reading / writing on the host itself, which is the most
- common case when generating/processing capture dumps.
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 6]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- TODO Probably we have to specify something more here. Is what we're
- saying enough to avoid any kind of ambiguity?.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 7]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-3. Block Definition
-
- This section details the format of the body of the blocks currently
- defined.
-
-3.1 Section Header Block (mandatory)
-
- The Section Header Block is mandatory. It identifies the beginning of
- a section of the capture dump file. Its format is shown in Figure 3.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Magic |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Major | Minor |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 3: Section Header Block format.
-
- The meaning of the fields is:
-
- o Magic: magic number, whose value is the hexadecimal number
- 0x1A2B3C4D. This number can be used to distinguish section that
- have been saved on little-endian machines from the one saved on
- big-endian machines.
-
- o Major: number of the current mayor version of the format. Current
- value is 1.
-
- o Minor: number of the current minor version of the format. Current
- value is 0.
-
- o Options: optionally, a list of options (formatted according to the
- rules defined in Section 4) can be present.
-
- Aside form the options defined in Section 4, the following options
- are valid within this block:
-
- +----------------+----------------+----------------+----------------+
- | Name | Code | Length | Description |
- +----------------+----------------+----------------+----------------+
- | Hardware | 2 | variable | An ascii |
- | | | | string |
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 8]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- | | | | containing the |
- | | | | description of |
- | | | | the hardware |
- | | | | used to create |
- | | | | this section. |
- | | | | |
- | Operating | 3 | variable | An ascii |
- | System | | | string |
- | | | | containing the |
- | | | | name of the |
- | | | | operating |
- | | | | system used to |
- | | | | create this |
- | | | | section. |
- | | | | |
- | User | 3 | variable | An ascii |
- | Application | | | string |
- | | | | containing the |
- | | | | name of the |
- | | | | application |
- | | | | used to create |
- | | | | this section. |
- +----------------+----------------+----------------+----------------+
-
- Table 1
-
- The Section Header Block does not contain data but it rather
- identifies a list of blocks (interfaces, packets) that are logically
- correlated. This block does not contain any reference to the size of
- the section it is currently delimiting, therefore the reader cannot
- skip a whole section at once. In case a section must be skipped, the
- user has to repeatedly skip all the blocks contained within it; this
- makes the parsing of the file slower but it permits to append several
- capture dumps at the same file.
-
-3.2 Interface Description Block (mandatory)
-
- The Interface Description Block is mandatory. This block is needed to
- specify the characteristics of the network interface on which the
- capture has been made. In order to properly associate the captured
- data to the corresponding interface, the Interface Description Block
- must be defined before any other block that uses it; therefore, this
- block is usually placed immediately after the Section Header Block.
-
- An Interface Description Block is valid only inside the section which
- it belongs to. The structure of a Interface Description Block is
- shown in Figure 4.
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 9]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | LinkType |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SnapLen |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 4: Interface Description Block format.
-
- The meaning of the fields is:
-
- o Interface ID: a progressive number that identifies uniquely any
- interface inside current section. Two Interface Description Blocks
- can have the same Interface ID only if they are in different
- sections of the file. The Interface ID is referenced by the packet
- blocks.
-
- o LinkType: a value that defines the link layer type of this
- interface.
-
- o SnapLen: maximum number of bytes dumped from each packet. The
- portion of each packet that exceeds this value will not be stored
- in the file.
-
- o Options: optionally, a list of options (formatted according to the
- rules defined in Section 4) can be present.
-
- In addition to the options defined in Section 4, the following
- options are valid within this block:
-
- +----------------+----------------+----------------+----------------+
- | Name | Code | Length | Description |
- +----------------+----------------+----------------+----------------+
- | if_name | 2 | Variable | Name of the |
- | | | | device used to |
- | | | | capture data. |
- | | | | |
- | if_IPv4addr | 3 | 8 | Interface |
- | | | | network |
- | | | | address and |
- | | | | netmask. |
- | | | | |
- | if_IPv6addr | 4 | 17 | Interface |
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 10]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- | | | | network |
- | | | | address and |
- | | | | prefix length |
- | | | | (stored in the |
- | | | | last byte). |
- | | | | |
- | if_MACaddr | 5 | 6 | Interface |
- | | | | Hardware MAC |
- | | | | address (48 |
- | | | | bits). |
- | | | | |
- | if_EUIaddr | 6 | 8 | Interface |
- | | | | Hardware EUI |
- | | | | address (64 |
- | | | | bits), if |
- | | | | available. |
- | | | | |
- | if_speed | 7 | 8 | Interface |
- | | | | speed (in |
- | | | | bps). |
- | | | | |
- | if_tsaccur | 8 | 1 | Precision of |
- | | | | timestamps. If |
- | | | | the Most |
- | | | | Significant |
- | | | | Bit is equal |
- | | | | to zero, the |
- | | | | remaining bits |
- | | | | indicates the |
- | | | | accuracy as as |
- | | | | a negative |
- | | | | power of 10 |
- | | | | (e.g. 6 means |
- | | | | microsecond |
- | | | | accuracy). If |
- | | | | the Most |
- | | | | Significant |
- | | | | Bit is equal |
- | | | | to zero, the |
- | | | | remaining bits |
- | | | | indicates the |
- | | | | accuracy as as |
- | | | | negative power |
- | | | | of 2 (e.g. 10 |
- | | | | means 1/1024 |
- | | | | of second). If |
- | | | | this option is |
- | | | | not present, a |
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 11]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- | | | | precision of |
- | | | | 10^-6 is |
- | | | | assumed. |
- | | | | |
- | if_tzone | 9 | 4 | Time zone for |
- | | | | GMT support |
- | | | | (TODO: specify |
- | | | | better). |
- | | | | |
- | if_flags | 10 | 4 | Interface |
- | | | | flags. (TODO: |
- | | | | specify |
- | | | | better. |
- | | | | Possible |
- | | | | flags: |
- | | | | promiscuous, |
- | | | | inbound/outbou |
- | | | | nd, traffic |
- | | | | filtered |
- | | | | during |
- | | | | capture). |
- | | | | |
- | if_filter | 11 | variable | The filter |
- | | | | (e.g. "capture |
- | | | | only TCP |
- | | | | traffic") used |
- | | | | to capture |
- | | | | traffic. The |
- | | | | first byte of |
- | | | | the Option |
- | | | | Data keeps a |
- | | | | code of the |
- | | | | filter used |
- | | | | (e.g. if this |
- | | | | is a libpcap |
- | | | | string, or BPF |
- | | | | bytecode, and |
- | | | | more). More |
- | | | | details about |
- | | | | this format |
- | | | | will be |
- | | | | presented in |
- | | | | Appendix XXX |
- | | | | (TODO). |
- | | | | |
- | if_opersystem | 12 | variable | An ascii |
- | | | | string |
- | | | | containing the |
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 12]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- | | | | name of the |
- | | | | operating |
- | | | | system of the |
- | | | | machine that |
- | | | | hosts this |
- | | | | interface. |
- | | | | This can be |
- | | | | different from |
- | | | | the same |
- | | | | information |
- | | | | that can be |
- | | | | contained by |
- | | | | the Section |
- | | | | Header Block |
- | | | | (Section 3.1) |
- | | | | because the |
- | | | | capture can |
- | | | | have been done |
- | | | | on a remote |
- | | | | machine. |
- +----------------+----------------+----------------+----------------+
-
- Table 2
-
-
-3.3 Packet Block (optional)
-
- A Packet Block is the standard container for storing the packets
- coming from the network. The Packet Block is optional because packets
- can be stored either by means of this block or the Simple Packet
- Block, which can be used to speed up dump generation. The format of a
- packet block is shown in Figure 5.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 13]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | Drops Count |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp (High) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp (Low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Captured Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Packet Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |
- | Packet Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 5: Packet Block format.
-
- The Packet Block has the following fields:
-
- o Interface ID: Specifies the interface this packet comes from, and
- corresponds to the ID of one of the Interface Description Blocks
- present in this section of the file (see Figure 4).
-
- o Drops Count: a local drop counter. It specified the number of
- packets lost (by the interface and the operating system) between
- this packet and the preceding one. The value xFFFF (in
- hexadecimal) is reserved for those systems in which this
- information is not available.
-
- o Timestamp (High): the most significative part of the timestamp. in
- standard Unix format, i.e. from 1/1/1970.
-
- o Timestamp (Low): the less significative part of the timestamp. The
- way to interpret this field is specified by the 'ts_accur' option
- (see Figure 4) of the Interface Description block referenced by
- this packet. If the Interface Description block does not contain a
- 'ts_accur' option, then this field is expressed in microseconds.
-
- o Captured Len: number of bytes captured from the packet (i.e. the
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 14]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- length of the Packet Data field). It will be the minimum value
- among the actual Packet Length and the snapshot length (defined in
- Figure 4).
-
- o Packet Len: actual length of the packet when it was transmitted on
- the network. Can be different from Captured Len if the user wants
- only a snapshot of the packet.
-
- o Packet Data: the data coming from the network, including
- link-layer headers. The length of this field is Captured Len. The
- format of the link-layer headers depends on the LinkType field
- specified in the Interface Description Block (see Section 3.2) and
- it is specified in Appendix XXX (TODO).
-
- o Options: optionally, a list of options (formatted according to the
- rules defined in Section 4) can be present.
-
-
-3.4 Simple Packet Block (optional)
-
- The Simple Packet Block is a lightweight container for storing the
- packets coming from the network. Its presence is optional.
-
- A Simple Packet Block is similar to a Packet Block (see Section 3.3),
- but it is smaller, simpler to process and contains only a minimal set
- of information. This block is preferred to the standard Packet Block
- when performance or space occupation are critical factors, such as in
- sustained traffic dump applications. A capture file can contain both
- Packet Blocks and Simple Packet Blocks: for example, a capture tool
- could switch from Packet Blocks to Simple Packet Blocks when the
- hardware resources become critical.
-
- The Simple Packet Block does not contain the Interface ID field.
- Therefore, it must be assumed that all the Simple Packet Blocks have
- been captured on the interface previously specified in the Interface
- Description Block.
-
- Figure 6 shows the format of the Simple Packet Block.
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 15]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Packet Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |
- | Packet Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 6: Simple Packet Block format.
-
- The Packet Block has the following fields:
-
- o Packet Len: actual length of the packet when it was transmitted on
- the network. Can be different from captured len if the packet has
- been truncated.
-
- o Packet data: the data coming from the network, including
- link-layers headers. The length of this field can be derived from
- the field Block Total Length, present in the Block Header.
-
- The Simple Packet Block does not contain the timestamp because this
- is one of the most costly operations on PCs. Additionally, there are
- applications that do not require it; e.g. an Intrusion Detection
- System is interested in packets, not in their timestamp.
-
- The Simple Packet Block is very efficient in term of disk space: a
- snapshot of length 100 bytes requires only 16 bytes of overhead,
- which corresponds to an efficiency of more than 86%.
-
-3.5 Name Resolution Block (optional)
-
- The Name Resolution Block is used to support the correlation of
- numeric addresses (present in the captured packets) and their
- corresponding canonical names and it is optional. Having the literal
- names saved in the file, this prevents the need of a name resolution
- in a delayed time, when the association between names and addresses
- can be different from the one in use at capture time. Moreover, The
- Name Resolution Block avoids the need of issuing a lot of DNS
- requests every time the trace capture is opened, and allows to have
- name resolution also when reading the capture with a machine not
- connected to the network.
-
- The format of the Name Resolution Block is shown in Figure 7.
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 16]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Record Type | Record Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Record Value |
- | /* variable length, byte-aligned */ |
- | + + + + + + + + + + + + + + + + + + + + + + + + +
- | | | | |
- +-+-+-+-+-+-+-+-+ + + + + + + + + + + + + + + + + + + + + + + + +
- . . . other records . . .
- | Record Type == end_of_recs | Record Length == 00 |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 7: Name Resolution Block format.
-
- A Name Resolution Block is a zero-terminated list of records (in the
- TLV format), each of which contains an association between a network
- address and a name. There are three possible types of records:
-
- +----------------+----------------+----------------+----------------+
- | Name | Code | Length | Description |
- +----------------+----------------+----------------+----------------+
- | end_of_recs | 0 | 0 | End of records |
- | | | | |
- | ip4_rec | 1 | Variable | Specifies an |
- | | | | IPv4 address |
- | | | | (contained in |
- | | | | the first 4 |
- | | | | bytes), |
- | | | | followed by |
- | | | | one or more |
- | | | | zero-terminate |
- | | | | d strings |
- | | | | containing the |
- | | | | DNS entries |
- | | | | for that |
- | | | | address. |
- | | | | |
- | ip6_rec | 1 | Variable | Specifies an |
- | | | | IPv6 address |
- | | | | (contained in |
- | | | | the first 16 |
- | | | | bytes), |
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 17]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- | | | | followed by |
- | | | | one or more |
- | | | | zero-terminate |
- | | | | d strings |
- | | | | containing the |
- | | | | DNS entries |
- | | | | for that |
- | | | | address. |
- +----------------+----------------+----------------+----------------+
-
- Table 3
-
- After the list or Name Resolution Records, optionally, a list of
- options (formatted according to the rules defined in Section 4) can
- be present.
-
- A Name Resolution Block is normally placed at the beginning of the
- file, but no assumptions can be taken about its position. Name
- Resolution Blocks can be added in a second time by tools that process
- the file, like network analyzers.
-
- In addiction to the options defined in Section 4, the following
- options are valid within this block:
-
- +----------------+----------------+----------------+----------------+
- | Name | Code | Length | Description |
- +----------------+----------------+----------------+----------------+
- | ns_dnsname | 2 | Variable | An ascii |
- | | | | string |
- | | | | containing the |
- | | | | name of the |
- | | | | machine (DNS |
- | | | | server) used |
- | | | | to perform the |
- | | | | name |
- | | | | resolution. |
- +----------------+----------------+----------------+----------------+
-
-
-3.6 Interface Statistics Block (optional)
-
- The Interface Statistics Block contains the capture statistics for a
- given interface and it is optional. The statistics are referred to
- the interface defined in the current Section identified by the
- Interface ID field.
-
- The format of the Interface Statistics Block is shown in Figure 8.
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 18]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | IfRecv |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | IfDrop |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | FilterAccept |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | OSDrop |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | UsrDelivered |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | Reserved |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 8: Interface Statistics Block format.
-
- The fields have the following meaning:
-
- o IfRecv: number of packets received from the interface during the
- capture. This number is reported as a 64 bits value, in which the
- most significat bits are located in the first four bytes of the
- field.
-
- o IfDrop: number of packets dropped by the interface during the
- capture due to lack of resources.
-
- o FilterAccept: number of packets accepeted by filter during current
- capture.
-
- o OSDrop: number of packets dropped by the operating system during
- the capture.
-
- o UsrDelivered: number of packets delivered to the user.
- UsrDelivered can be different from the value 'FilterAccept -
- OSDropped' because some packets could still lay in the OS buffers
- when the capture ended.
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 19]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- o Interface ID: reference to an Interface Description Block.
-
- o Reserved: Reserved to future use.
-
- o Options: optionally, a list of options (formatted according to the
- rules defined in Section 4) can be present.
-
- In addiction to the options defined in Section 4, the following
- options are valid within this block:
-
- +----------------+----------------+----------------+----------------+
- | Name | Code | Length | Description |
- +----------------+----------------+----------------+----------------+
- | isb_starttime | 2 | 8 | Time in which |
- | | | | the capture |
- | | | | started; time |
- | | | | will be stored |
- | | | | in two blocks |
- | | | | of four bytes |
- | | | | each, |
- | | | | containing the |
- | | | | timestamp in |
- | | | | seconds and |
- | | | | nanoseconds. |
- | | | | |
- | isb_endtime | 3 | 8 | Time in which |
- | | | | the capture |
- | | | | started; time |
- | | | | will be stored |
- | | | | in two blocks |
- | | | | of four bytes |
- | | | | each, |
- | | | | containing the |
- | | | | timestamp in |
- | | | | seconds and |
- | | | | nanoseconds. |
- +----------------+----------------+----------------+----------------+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 20]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-4. Options
-
- Almost all blocks have the possibility to embed optional fields.
- Optional fields can be used to insert some information that may be
- useful when reading data, but that it is not really needed for packet
- processing. Therefore, each tool can be either read the content of
- the optional fields (if any), or skip them at once.
-
- Skipping all the optional fields at once is straightforward because
- most of the blocks have a fixed length, therefore the field Block
- Length (present in the General Block Structure, see Section 2.1) can
- be used to skip everything till the next block.
-
- Options are a list of Type - Length - Value fields, each one
- containing a single value:
-
- o Option Type (2 bytes): it contains the code that specifies the
- type of the current TLV record. Option types whose Most
- Significant Bit is equal to one are reserved for local use;
- therefore, there is no guarantee that the code used is unique
- among all capture files (generated by other applications). In case
- of vendor-specific extensions that have to be identified uniquely,
- vendors must request an Option Code whose MSB is equal to zero.
-
- o Option Length (2 bytes): it contains the length of the following
- 'Option Value' field.
-
- o Option Value (variable length): it contains the value of the given
- option. The length of this field as been specified by the Option
- Length field.
-
- Options may be repeated several times (e.g. an interface that has
- several IP addresses associated to it). The option list is terminated
- by a special code which is the 'End of Option'.
-
- The format of the optional fields is shown in Figure 9.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 21]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Code | Option Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Value |
- | /* variable length, byte-aligned */ |
- | + + + + + + + + + + + + + + + + + + + + + + + + +
- | / / / |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / . . . other options . . . /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Code == opt_endofopt | Option Length == 0 |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 9: Options format.
-
- The following codes can always be present in any optional field:
-
- +----------------+----------------+----------------+----------------+
- | Name | Code | Length | Description |
- +----------------+----------------+----------------+----------------+
- | opt_endofopt | 0 | 0 | End of |
- | | | | options: it is |
- | | | | used to |
- | | | | delimit the |
- | | | | end of the |
- | | | | optional |
- | | | | fields. This |
- | | | | block cannot |
- | | | | be repeated |
- | | | | within a given |
- | | | | list of |
- | | | | options. |
- | | | | |
- | opt_comment | 1 | variable | Comment: it is |
- | | | | an ascii |
- | | | | string |
- | | | | containing a |
- | | | | comment that |
- | | | | is associated |
- | | | | to the current |
- | | | | block. |
- +----------------+----------------+----------------+----------------+
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 22]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-5. Experimental Blocks (deserved to a further investigation)
-
-5.1 Other Packet Blocks (experimental)
-
- Can some other packet blocks (besides the two described in the
- previous paragraphs) be useful?
-
-5.2 Compression Block (experimental)
-
- The Compression Block is optional. A file can contain an arbitrary
- number of these blocks. A Compression Block, as the name says, is
- used to store compressed data. Its format is shown in Figure 10.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Compr. Type | |
- +-+-+-+-+-+-+-+-+ |
- | |
- | Compressed Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 10: Compression Block format.
-
- The fields have the following meaning:
-
- o Compression Type: specifies the compression algorithm. Possible
- values for this field are 0 (uncompressed), 1 (Lempel Ziv), 2
- (Gzip), other?? Probably some kind of dumb and fast compression
- algorithm could be effective with some types of traffic (for
- example web), but which?
-
- o Compressed Data: data of this block. Once decompressed, it is made
- of other blocks.
-
-
-5.3 Encryption Block (experimental)
-
- The Encryption Block is optional. A file can contain an arbitrary
- number of these blocks. An Encryption Block is used to sotre
- encrypted data. Its format is shown in Figure 11.
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 23]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Encr. Type | |
- +-+-+-+-+-+-+-+-+ |
- | |
- | Compressed Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 11: Encryption Block format.
-
- The fields have the following meaning:
-
- o Compression Type: specifies the encryption algorithm. Possible
- values for this field are ??? NOTE: this block should probably
- contain other fields, depending on the encryption algorithm. To be
- define precisely.
-
- o Encrypted Data: data of this block. Once decripted, it consists of
- other blocks.
-
-
-5.4 Fixed Length Block (experimental)
-
- The Fixed Length Block is optional. A file can contain an arbitrary
- number of these blocks. A Fixed Length Block can be used to optimize
- the access to the file. Its format is shown in Figure 12. A Fixed
- Length Block stores records with constant size. It contains a set of
- Blocks (normally Packet Blocks or Simple Packet Blocks), of wihich it
- specifies the size. Knowing this size a priori helps to scan the file
- and to load some portions of it without truncating a block, and is
- particularly useful with cell-based networks like ATM.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 24]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Cell Size | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- | Fixed Size Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 12: Fixed Length Block format.
-
- The fields have the following meaning:
-
- o Cell size: the size of the blocks contained in the data field.
-
- o Fixed Size Data: data of this block.
-
-
-5.5 Directory Block (experimental)
-
- If present, this block contains the following information:
-
- o number of indexed packets (N)
-
- o table with position and length of any indexed packet (N entries)
-
- A directory block must be followed by at least N packets, otherwise
- it must be considered invalid. It can be used to efficiently load
- portions of the file to memory and to support operations on memory
- mapped files. This block can be added by tools like network analyzers
- as a consequence of file processing.
-
-5.6 Traffic Statistics and Monitoring Blocks (experimental)
-
- One or more blocks could be defined to contain network statistics or
- traffic monitoring information. They could be use to store data
- collected from RMON or Netflow probes, or from other network
- monitoring tools.
-
-5.7 Event/Security Block (experimental)
-
- This block could be used to store events. Events could contain
- generic information (for example network load over 50%, server
- down...) or security alerts. An event could be:
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 25]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- o skipped, if the application doesn't know how to do with it
-
- o processed independently by the packets. In other words, the
- applications skips the packets and processes only the alerts
-
- o processed in relation to packets: for example, a security tool
- could load only the packets of the file that are near a security
- alert; a monitorg tool could skip the packets captured while the
- server was down.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 26]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-6. Conclusions
-
- The file format proposed in this document should be very versatile
- and satisfy a wide range of applications. In the simplest case, it
- can contain a raw dump of the network data, made of a series of
- Simple Packet Blocks. In the most complex case, it can be used as a
- repository for heterogeneous information. In every case, the file
- remains easy to parse and an application can always skip the data it
- is not interested in; at the same time, different applications can
- share the file, and each of them can benfit of the information
- produced by the others. Two or more files can be concatenated
- obtaining another valid file.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 27]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-7. Most important open issues
-
- o Data, in the file, must be byte or word aligned? Currently, the
- structure of this document is not consistent with respect to this
- point.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 28]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
-Intellectual Property Statement
-
- The IETF takes no position regarding the validity or scope of any
- intellectual property or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; neither does it represent that it
- has made any effort to identify any such rights. Information on the
- IETF's procedures with respect to rights in standards-track and
- standards-related documentation can be found in BCP-11. Copies of
- claims of rights made available for publication and any assurances of
- licenses to be made available, or the result of an attempt made to
- obtain a general license or permission for the use of such
- proprietary rights by implementors or users of this specification can
- be obtained from the IETF Secretariat.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights which may cover technology that may be required to practice
- this standard. Please address the information to the IETF Executive
- Director.
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2004). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assignees.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 29]
-
-Internet-Draft PCAP New Generation Dump File Format March 2004
-
-
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-Acknowledgment
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Degioanni & Risso Expires August 30, 2004 [Page 30]
-
diff --git a/doc/pcap.xml b/doc/pcap.xml
deleted file mode 100644
index ebbf3217fd59..000000000000
--- a/doc/pcap.xml
+++ /dev/null
@@ -1,746 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
-
-<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
-<?rfc toc="yes"?>
-<rfc ipr="full2026" docname="draft-libpcap-dump-format-00.txt">
- <front>
- <title>PCAP New Generation Dump File Format</title>
- <author initials="L." surname="Degioanni" fullname="Loris Degioanni">
- <organization>Politecnico di Torino</organization>
- <address>
- <postal>
- <street>Corso Duca degli Abruzzi, 24</street>
- <city>Torino</city>
- <code>10129</code>
- <country>Italy</country>
- </postal>
- <phone>+39 011 564 7008</phone>
- <email>loris.degioanni@polito.it</email>
- <uri>http://netgroup.polito.it/loris/</uri>
- </address>
- </author>
- <author initials="F." surname="Risso" fullname="Fulvio Risso">
- <organization>Politecnico di Torino</organization>
- <address>
- <postal>
- <street>Corso Duca degli Abruzzi, 24</street>
- <city>Torino</city>
- <code>10129</code>
- <country>Italy</country>
- </postal>
- <phone>+39 011 564 7008</phone>
- <email>fulvio.risso@polito.it</email>
- <uri>http://netgroup.polito.it/fulvio.risso/</uri>
- </address>
- </author>
-
- <!-- Other authors go here -->
-
- <date month="March" year="2004"/>
- <area>General</area>
-<!--
- <workgroup>
--->
- <keyword>Internet-Draft</keyword>
- <keyword>Libpcap, dump file format</keyword>
- <abstract>
-<t>This document describes a format to dump captured packets on a file. This format is extensible and it is currently proposed for implementation in the libpcap/WinPcap packet capture library.</t>
- </abstract>
-<!--
- <note ...>
--->
- </front>
- <middle>
-
-<section title="Objectives">
-<t>The problem of exchanging packet traces becomes more and more critical every day; unfortunately, no standard solutions exist for this task right now. One of the most accepted packet interchange formats is the one defined by libpcap, which is rather old and does not fit for some of the nowadays applications especially in terms of extensibility.</t>
-<t>This document proposes a new format for dumping packet traces. The following goals are being pursued:</t>
-<list style="symbols">
-<t>Extensibility: aside of some common functionalities, third parties should be able to enrich the information embedded in the file with proprietary extensions, which will be ignored by tools that are not able to understand them.</t>
-<t>Portability: a capture trace must contain all the information needed to read data independently from network, hardware and operating system of the machine that made the capture.</t>
-<t>Merge/Append data: it should be possible to add data at the end of a given file, and the resulting file must still be readable.</t>
-</list>
-
-</section>
-
-
-<section title="General File Structure">
-
-<section anchor="sectionblock" title="General Block Structure">
-<t>A capture file is organized in blocks, that are appended one to another to form the file. All the blocks share a common format, which is shown in <xref target="formatblock"/>.</t>
-
-<figure anchor="formatblock" title="Basic block structure.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Type |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Total Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / Block Body /
- / /* variable length, aligned to 32 bits */ /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Block Total Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</artwork>
-</figure>
-
-<t>The fields have the following meaning:</t>
-
-<list style="symbols">
-<t>Block Type (32 bits): unique value that identifies the block. Values whose Most Significant Bit (MSB) is equal to 1 are reserved for local use. They allow to save private data to the file and to extend the file format.</t>
-<t>Block Total Length: total size of this block, in bytes. For instance, a block that does not have a body has a length of 12 bytes.</t>
-<t>Block Body: content of the block.</t>
-<t>Block Total Length: total size of this block, in bytes. This field is duplicated for permitting backward file navigation.</t>
-</list>
-
-<t>This structure, shared among all blocks, makes easy to process a file and to skip unneeded or unknown blocks. Blocks can be nested one inside the others (NOTE: needed?). Some of the blocks are mandatory, i.e. a dump file is not valid if they are not present, other are optional.</t>
-<t>The structure of the blocks allows to define other blocks if needed. A parser that does non understand them can simply ignore their content.</t>
-</section>
-
-<section title="Block Types">
-<t>The currently defined blocks are the following:</t>
-<list style="numbers">
-<t>Section Header Block: it defines the most important characteristics of the capture file.</t>
-<t>Interface Description Block: it defines the most important characteristics of the interface(s) used for capturing traffic.</t>
-<t>Packet Block: it contains a single captured packet, or a portion of it.</t>
-<t>Simple Packet Block: it contains a single captured packet, or a portion of it, with only a minimal set of information about it.</t>
-<t>Name Resolution Block: it defines the mapping from numeric addresses present in the packet dump and the canonical name counterpart.</t>
-<t>Capture Statistics Block: it defines how to store some statistical data (e.g. packet dropped, etc) which can be useful to undestand the conditions in which the capture has been made.</t>
-<t>Compression Marker Block: TODO</t>
-<t>Encryption Marker Block: TODO</t>
-<t>Fixed Length Marker Block: TODO</t>
-</list>
-
-<t>The following blocks instead are considered interesting but the authors believe that they deserve more in-depth discussion before being defined:</t>
-<list style="numbers">
-<t>Further Packet Blocks</t>
-<t>Directory Block</t>
-<t>Traffic Statistics and Monitoring Blocks</t>
-<t>Alert and Security Blocks</t>
-</list>
-
-<t>TODO Currently standardized Block Type codes are specified in Appendix 1.</t>
-
-</section>
-
-<section title="Block Hierarchy and Precedence">
-<t>The file must begin with a Section Header Block. However, more than one Section Header Block can be present on the dump, each one covering the data following it till the next one (or the end of file). A Section includes the data delimited by two Section Header Blocks (or by a Section Header Block and the end of the file), including the first Section Header Block.</t>
-<t>In case an application cannot read a Section because of different version number, it must skip everything until the next Section Header Block. Note that, in order to properly skip the blocks until the next section, all blocks must have the fields Type and Length at the beginning. This is a mandatory requirement that must be maintained in future versions of the block format.</t>
-<t><xref target="fssample-SHB"/> shows two valid files: the first has a typical configuration, with a single Section Header that covers the whole file. The second one contains three headers, and is normally the result of file concatenation. An application that understands only version 1.0 of the file format skips the intermediate section and restart processing the packets after the third Section Header.</t>
-
-<figure anchor="fssample-SHB" title="File structure example: the Section Header Block.">
-<artwork>
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SHB v1.0 | Data |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Typical configuration with a single Section Header Block
-
-
- |-- 1st Section --|-- 2nd Section --|-- 3rd Section --|
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SHB v1.0 | Data | SHB V1.1 | Data | SHB V1.0 | Data |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- Configuration with three different Section Header Blocks
-</artwork>
-</figure>
-
-<t>NOTE: TO BE COMPLETED with some examples of other blocks</t>
-
-</section>
-
-<section title="Data format">
-<t>Data contained in each section will always be saved according to the characteristics (little endian / big endian) of the dumping machine. This refers to all fields that are saved as numbers and that span over two or more bytes.</t>
-<t>The approach of having each section saved in the native format of the generating host is more efficient because it avoids translation of data when reading / writing on the host itself, which is the most common case when generating/processing capture dumps.</t>
-<t>TODO Probably we have to specify something more here. Is what we're saying enough to avoid any kind of ambiguity?.</t>
-</section>
-
-</section>
-
-
-
-
-<section title="Block Definition">
-<t>This section details the format of the body of the blocks currently defined.</t>
-
-<section anchor="sectionshb" title="Section Header Block (mandatory)">
-<t>The Section Header Block is mandatory. It identifies the beginning of a section of the capture dump file. Its format is shown in <xref target="formatSHB"/>.</t>
-<figure anchor="formatSHB" title="Section Header Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Magic |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Major | Minor |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</artwork>
-</figure>
-
-<t>The meaning of the fields is:</t>
-<list style="symbols">
-<t>Magic: magic number, whose value is the hexadecimal number 0x1A2B3C4D. This number can be used to distinguish section that have been saved on little-endian machines from the one saved on big-endian machines.</t>
-<t>Major: number of the current mayor version of the format. Current value is 1.</t>
-<t>Minor: number of the current minor version of the format. Current value is 0.</t>
-<t>Options: optionally, a list of options (formatted according to the rules defined in <xref target="sectionopt"/>) can be present.</t>
-</list>
-
-<t>Aside form the options defined in <xref target="sectionopt"/>, the following options are valid within this block:</t>
-
-<texttable anchor="InterfaceOptions1">
- <ttcol>Name</ttcol>
- <ttcol>Code</ttcol>
- <ttcol>Length</ttcol>
- <ttcol>Description</ttcol>
-
- <c>Hardware</c>
- <c>2</c>
- <c>variable</c>
- <c>An ascii string containing the description of the hardware used to create this section.</c>
-
- <c>Operating System</c>
- <c>3</c>
- <c>variable</c>
- <c>An ascii string containing the name of the operating system used to create this section.</c>
-
- <c>User Application</c>
- <c>3</c>
- <c>variable</c>
- <c>An ascii string containing the name of the application used to create this section.</c>
-</texttable>
-
-
-<t>The Section Header Block does not contain data but it rather identifies a list of blocks (interfaces, packets) that are logically correlated. This block does not contain any reference to the size of the section it is currently delimiting, therefore the reader cannot skip a whole section at once. In case a section must be skipped, the user has to repeatedly skip all the blocks contained within it; this makes the parsing of the file slower but it permits to append several capture dumps at the same file.</t>
-</section>
-
-<section anchor="sectionidb" title="Interface Description Block (mandatory)">
-<t>The Interface Description Block is mandatory. This block is needed to specify the characteristics of the network interface on which the capture has been made. In order to properly associate the captured data to the corresponding interface, the Interface Description Block must be defined before any other block that uses it; therefore, this block is usually placed immediately after the Section Header Block.</t>
-
-<t>An Interface Description Block is valid only inside the section which it belongs to. The structure of a Interface Description Block is shown in <xref target="formatidb"/>.</t>
-
-<figure anchor="formatidb" title="Interface Description Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | LinkType |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | SnapLen |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The meaning of the fields is:</t>
-<list style="symbols">
-<t>Interface ID: a progressive number that identifies uniquely any interface inside current section. Two Interface Description Blocks can have the same Interface ID only if they are in different sections of the file. The Interface ID is referenced by the packet blocks.</t>
-<t>LinkType: a value that defines the link layer type of this interface.</t>
-<t>SnapLen: maximum number of bytes dumped from each packet. The portion of each packet that exceeds this value will not be stored in the file.</t>
-<t>Options: optionally, a list of options (formatted according to the rules defined in <xref target="sectionopt"/>) can be present.</t>
-</list>
-
-<t>In addition to the options defined in <xref target="sectionopt"/>, the following options are valid within this block:</t>
-
-<texttable anchor="InterfaceOptions2">
- <ttcol>Name</ttcol>
- <ttcol>Code</ttcol>
- <ttcol>Length</ttcol>
- <ttcol>Description</ttcol>
-
- <c>if_name</c>
- <c>2</c>
- <c>Variable</c>
- <c>Name of the device used to capture data.</c>
-
- <c>if_IPv4addr</c>
- <c>3</c>
- <c>8</c>
- <c>Interface network address and netmask.</c>
-
- <c>if_IPv6addr</c>
- <c>4</c>
- <c>17</c>
- <c>Interface network address and prefix length (stored in the last byte).</c>
-
- <c>if_MACaddr</c>
- <c>5</c>
- <c>6</c>
- <c>Interface Hardware MAC address (48 bits).</c>
-
- <c>if_EUIaddr</c>
- <c>6</c>
- <c>8</c>
- <c>Interface Hardware EUI address (64 bits), if available.</c>
-
- <c>if_speed</c>
- <c>7</c>
- <c>8</c>
- <c>Interface speed (in bps).</c>
-
- <c>if_tsaccur</c>
- <c>8</c>
- <c>1</c>
- <c>Precision of timestamps. If the Most Significant Bit is equal to zero, the remaining bits indicates the accuracy as as a negative power of 10 (e.g. 6 means microsecond accuracy). If the Most Significant Bit is equal to zero, the remaining bits indicates the accuracy as as negative power of 2 (e.g. 10 means 1/1024 of second). If this option is not present, a precision of 10^-6 is assumed.</c>
-
- <c>if_tzone</c>
- <c>9</c>
- <c>4</c>
- <c>Time zone for GMT support (TODO: specify better).</c>
-
- <c>if_flags</c>
- <c>10</c>
- <c>4</c>
- <c>Interface flags. (TODO: specify better. Possible flags: promiscuous, inbound/outbound, traffic filtered during capture).</c>
-
- <c>if_filter</c>
- <c>11</c>
- <c>variable</c>
- <c>The filter (e.g. "capture only TCP traffic") used to capture traffic. The first byte of the Option Data keeps a code of the filter used (e.g. if this is a libpcap string, or BPF bytecode, and more). More details about this format will be presented in Appendix XXX (TODO).</c>
-
- <c>if_opersystem</c>
- <c>12</c>
- <c>variable</c>
- <c>An ascii string containing the name of the operating system of the machine that hosts this interface. This can be different from the same information that can be contained by the Section Header Block (<xref target="sectionshb"/>) because the capture can have been done on a remote machine.</c>
-
-</texttable>
-
-</section>
-
-
-
-<section anchor="sectionpb" title="Packet Block (optional)">
-<t>A Packet Block is the standard container for storing the packets coming from the network. The Packet Block is optional because packets can be stored either by means of this block or the Simple Packet Block, which can be used to speed up dump generation. The format of a packet block is shown in <xref target="formatpb"/>.</t>
-
-<figure anchor="formatpb" title="Packet Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | Drops Count |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp (High) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Timestamp (Low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Captured Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Packet Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |
- | Packet Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-</artwork>
-</figure>
-
-<t>The Packet Block has the following fields:</t>
-
-<list style="symbols">
-<t>Interface ID: Specifies the interface this packet comes from, and corresponds to the ID of one of the Interface Description Blocks present in this section of the file (see <xref target="formatidb"/>).</t>
-<t>Drops Count: a local drop counter. It specified the number of packets lost (by the interface and the operating system) between this packet and the preceding one. The value xFFFF (in hexadecimal) is reserved for those systems in which this information is not available.</t>
-<t>Timestamp (High): the most significative part of the timestamp. in standard Unix format, i.e. from 1/1/1970.</t>
-<t>Timestamp (Low): the less significative part of the timestamp. The way to interpret this field is specified by the 'ts_accur' option (see <xref target="formatidb"/>) of the Interface Description block referenced by this packet. If the Interface Description block does not contain a 'ts_accur' option, then this field is expressed in microseconds.</t>
-<t>Captured Len: number of bytes captured from the packet (i.e. the length of the Packet Data field). It will be the minimum value among the actual Packet Length and the snapshot length (defined in <xref target="formatidb"/>).</t>
-<t>Packet Len: actual length of the packet when it was transmitted on the network. Can be different from Captured Len if the user wants only a snapshot of the packet.</t>
-<t>Packet Data: the data coming from the network, including link-layer headers. The length of this field is Captured Len. The format of the link-layer headers depends on the LinkType field specified in the Interface Description Block (see <xref target="sectionidb"/>) and it is specified in Appendix XXX (TODO).</t>
-<t>Options: optionally, a list of options (formatted according to the rules defined in <xref target="sectionopt"/>) can be present.</t>
-</list>
-
-<t></t>
-</section>
-
-
-<section title="Simple Packet Block (optional)">
-<t>The Simple Packet Block is a lightweight container for storing the packets coming from the network. Its presence is optional.</t>
-<t>A Simple Packet Block is similar to a Packet Block (see <xref target="sectionpb"/>), but it is smaller, simpler to process and contains only a minimal set of information. This block is preferred to the standard Packet Block when performance or space occupation are critical factors, such as in sustained traffic dump applications. A capture file can contain both Packet Blocks and Simple Packet Blocks: for example, a capture tool could switch from Packet Blocks to Simple Packet Blocks when the hardware resources become critical.</t>
-<t>The Simple Packet Block does not contain the Interface ID field. Therefore, it must be assumed that all the Simple Packet Blocks have been captured on the interface previously specified in the Interface Description Block.</t>
-<t><xref target="formatpbs"/> shows the format of the Simple Packet Block.</t>
-
-<figure anchor="formatpbs" title="Simple Packet Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Packet Len |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | |
- | Packet Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The Packet Block has the following fields:</t>
-<list style="symbols">
-<t>Packet Len: actual length of the packet when it was transmitted on the network. Can be different from captured len if the packet has been truncated.</t>
-<t>Packet data: the data coming from the network, including link-layers headers. The length of this field can be derived from the field Block Total Length, present in the Block Header.</t>
-</list>
-
-<t>The Simple Packet Block does not contain the timestamp because this is one of the most costly operations on PCs. Additionally, there are applications that do not require it; e.g. an Intrusion Detection System is interested in packets, not in their timestamp.</t>
-
-<t>The Simple Packet Block is very efficient in term of disk space: a snapshot of length 100 bytes requires only 16 bytes of overhead, which corresponds to an efficiency of more than 86%.</t>
-
-</section>
-
-
-
-<section title="Name Resolution Block (optional)">
-<t>The Name Resolution Block is used to support the correlation of numeric addresses (present in the captured packets) and their corresponding canonical names and it is optional. Having the literal names saved in the file, this prevents the need of a name resolution in a delayed time, when the association between names and addresses can be different from the one in use at capture time. Moreover, The Name Resolution Block avoids the need of issuing a lot of DNS requests every time the trace capture is opened, and allows to have name resolution also when reading the capture with a machine not connected to the network.</t>
-<t>The format of the Name Resolution Block is shown in <xref target="formatnrb"/>.</t>
-
-<figure anchor="formatnrb" title="Name Resolution Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Record Type | Record Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Record Value |
- | /* variable length, byte-aligned */ |
- | + + + + + + + + + + + + + + + + + + + + + + + + +
- | | | | |
- +-+-+-+-+-+-+-+-+ + + + + + + + + + + + + + + + + + + + + + + + +
- . . . other records . . .
- | Record Type == end_of_recs | Record Length == 00 |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>A Name Resolution Block is a zero-terminated list of records (in the TLV format), each of which contains an association between a network address and a name. There are three possible types of records:</t>
-
-<texttable anchor="nrrecords">
- <ttcol>Name</ttcol>
- <ttcol>Code</ttcol>
- <ttcol>Length</ttcol>
- <ttcol>Description</ttcol>
-
- <c>end_of_recs</c>
- <c>0</c>
- <c>0</c>
- <c>End of records</c>
-
- <c>ip4_rec</c>
- <c>1</c>
- <c>Variable</c>
- <c>Specifies an IPv4 address (contained in the first 4 bytes), followed by one or more zero-terminated strings containing the DNS entries for that address.</c>
-
- <c>ip6_rec</c>
- <c>1</c>
- <c>Variable</c>
- <c>Specifies an IPv6 address (contained in the first 16 bytes), followed by one or more zero-terminated strings containing the DNS entries for that address.</c>
-</texttable>
-
-<t>After the list or Name Resolution Records, optionally, a list of options (formatted according to the rules defined in <xref target="sectionopt"/>) can be present.</t>
-
-<t>A Name Resolution Block is normally placed at the beginning of the file, but no assumptions can be taken about its position. Name Resolution Blocks can be added in a second time by tools that process the file, like network analyzers.</t>
-
-<t>In addiction to the options defined in <xref target="sectionopt"/>, the following options are valid within this block:</t>
-
-<texttable>
- <ttcol>Name</ttcol>
- <ttcol>Code</ttcol>
- <ttcol>Length</ttcol>
- <ttcol>Description</ttcol>
-
- <c>ns_dnsname</c>
- <c>2</c>
- <c>Variable</c>
- <c>An ascii string containing the name of the machine (DNS server) used to perform the name resolution.</c>
-</texttable>
-
-</section>
-
-
-<section title="Interface Statistics Block (optional)">
-<t>The Interface Statistics Block contains the capture statistics for a given interface and it is optional. The statistics are referred to the interface defined in the current Section identified by the Interface ID field.</t>
-<t>The format of the Interface Statistics Block is shown in <xref target="formatisb"/>.</t>
-
-<figure anchor="formatisb" title="Interface Statistics Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | IfRecv |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | IfDrop |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | FilterAccept |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | OSDrop |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | UsrDelivered |
- | (high + low) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Interface ID | Reserved |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / Options (variable) /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The fields have the following meaning:</t>
-
-<list style="symbols">
-<t>IfRecv: number of packets received from the interface during the capture. This number is reported as a 64 bits value, in which the most significat bits are located in the first four bytes of the field.</t>
-<t>IfDrop: number of packets dropped by the interface during the capture due to lack of resources.</t>
-<t>FilterAccept: number of packets accepeted by filter during current capture.</t>
-<t>OSDrop: number of packets dropped by the operating system during the capture.</t>
-<t>UsrDelivered: number of packets delivered to the user. UsrDelivered can be different from the value 'FilterAccept - OSDropped' because some packets could still lay in the OS buffers when the capture ended.</t>
-<t>Interface ID: reference to an Interface Description Block.</t>
-<t>Reserved: Reserved to future use.</t>
-<t>Options: optionally, a list of options (formatted according to the rules defined in <xref target="sectionopt"/>) can be present.</t>
-</list>
-
-<t>In addiction to the options defined in <xref target="sectionopt"/>, the following options are valid within this block:</t>
-
-<texttable>
- <ttcol>Name</ttcol>
- <ttcol>Code</ttcol>
- <ttcol>Length</ttcol>
- <ttcol>Description</ttcol>
-
- <c>isb_starttime</c>
- <c>2</c>
- <c>8</c>
- <c>Time in which the capture started; time will be stored in two blocks of four bytes each, containing the timestamp in seconds and nanoseconds.</c>
-
- <c>isb_endtime</c>
- <c>3</c>
- <c>8</c>
- <c>Time in which the capture started; time will be stored in two blocks of four bytes each, containing the timestamp in seconds and nanoseconds.</c>
-</texttable>
-
-</section>
-</section>
-
-
-
-<section anchor="sectionopt" title="Options">
-<t>Almost all blocks have the possibility to embed optional fields. Optional fields can be used to insert some information that may be useful when reading data, but that it is not really needed for packet processing. Therefore, each tool can be either read the content of the optional fields (if any), or skip them at once.</t>
-<t>Skipping all the optional fields at once is straightforward because most of the blocks have a fixed length, therefore the field Block Length (present in the General Block Structure, see <xref target="sectionblock"/>) can be used to skip everything till the next block.</t>
-
-<t>Options are a list of Type - Length - Value fields, each one containing a single value:</t>
-
-<list style="symbols">
-<t>Option Type (2 bytes): it contains the code that specifies the type of the current TLV record. Option types whose Most Significant Bit is equal to one are reserved for local use; therefore, there is no guarantee that the code used is unique among all capture files (generated by other applications). In case of vendor-specific extensions that have to be identified uniquely, vendors must request an Option Code whose MSB is equal to zero.</t>
-<t>Option Length (2 bytes): it contains the length of the following 'Option Value' field.</t>
-<t>Option Value (variable length): it contains the value of the given option. The length of this field as been specified by the Option Length field.</t>
-</list>
-
-<t>Options may be repeated several times (e.g. an interface that has several IP addresses associated to it). The option list is terminated by a special code which is the 'End of Option'.</t>
-
-<t>The format of the optional fields is shown in <xref target="formatopt"/>.</t>
-
-<figure anchor="formatopt" title="Options format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Code | Option Length |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Value |
- | /* variable length, byte-aligned */ |
- | + + + + + + + + + + + + + + + + + + + + + + + + +
- | / / / |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- / /
- / . . . other options . . . /
- / /
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Option Code == opt_endofopt | Option Length == 0 |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The following codes can always be present in any optional field:</t>
-
-<texttable>
- <ttcol>Name</ttcol>
- <ttcol>Code</ttcol>
- <ttcol>Length</ttcol>
- <ttcol>Description</ttcol>
-
- <c>opt_endofopt</c>
- <c>0</c>
- <c>0</c>
- <c>End of options: it is used to delimit the end of the optional fields. This block cannot be repeated within a given list of options.</c>
-
- <c>opt_comment</c>
- <c>1</c>
- <c>variable</c>
- <c>Comment: it is an ascii string containing a comment that is associated to the current block.</c>
-</texttable>
-
-</section>
-
-
-
-
-<section title="Experimental Blocks (deserved to a further investigation)">
-
-<section title="Other Packet Blocks (experimental)">
-<t>Can some other packet blocks (besides the two described in the previous paragraphs) be useful?</t>
-</section>
-
-<section title="Compression Block (experimental)">
-<t>The Compression Block is optional. A file can contain an arbitrary number of these blocks. A Compression Block, as the name says, is used to store compressed data. Its format is shown in <xref target="formatcb"/>.</t>
-
-<figure anchor="formatcb" title="Compression Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Compr. Type | |
- +-+-+-+-+-+-+-+-+ |
- | |
- | Compressed Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The fields have the following meaning:</t>
-
-<list style="symbols">
-<t>Compression Type: specifies the compression algorithm. Possible values for this field are 0 (uncompressed), 1 (Lempel Ziv), 2 (Gzip), other?? Probably some kind of dumb and fast compression algorithm could be effective with some types of traffic (for example web), but which?</t>
-<t>Compressed Data: data of this block. Once decompressed, it is made of other blocks.</t>
-</list>
-
-</section>
-
-
-<section title="Encryption Block (experimental)">
-<t>The Encryption Block is optional. A file can contain an arbitrary number of these blocks. An Encryption Block is used to sotre encrypted data. Its format is shown in <xref target="formateb"/>.</t>
-
-<figure anchor="formateb" title="Encryption Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Encr. Type | |
- +-+-+-+-+-+-+-+-+ |
- | |
- | Compressed Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The fields have the following meaning:</t>
-<list style="symbols">
-<t>Compression Type: specifies the encryption algorithm. Possible values for this field are ??? NOTE: this block should probably contain other fields, depending on the encryption algorithm. To be define precisely.</t>
-<t>Encrypted Data: data of this block. Once decripted, it consists of other blocks.</t>
-</list>
-
-</section>
-
-
-<section title="Fixed Length Block (experimental)">
-<t>The Fixed Length Block is optional. A file can contain an arbitrary number of these blocks. A Fixed Length Block can be used to optimize the access to the file. Its format is shown in <xref target="formatflm"/>.
-A Fixed Length Block stores records with constant size. It contains a set of Blocks (normally Packet Blocks or Simple Packet Blocks), of wihich it specifies the size. Knowing this size a priori helps to scan the file and to load some portions of it without truncating a block, and is particularly useful with cell-based networks like ATM.</t>
-
-<figure anchor="formatflm" title="Fixed Length Block format.">
-<artwork>
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- | Cell Size | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- | Fixed Size Data |
- | |
- | /* variable length, byte-aligned */ |
- | |
- | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- </artwork>
-</figure>
-
-<t>The fields have the following meaning:</t>
-<list style="symbols">
-<t>Cell size: the size of the blocks contained in the data field.</t>
-<t>Fixed Size Data: data of this block.</t>
-</list>
-
-</section>
-
-<section title="Directory Block (experimental)">
-<t>If present, this block contains the following information:</t>
-<list style="symbols">
-<t>number of indexed packets (N)</t>
-<t>table with position and length of any indexed packet (N entries)</t>
-</list>
-
-<t>A directory block must be followed by at least N packets, otherwise it must be considered invalid. It can be used to efficiently load portions of the file to memory and to support operations on memory mapped files. This block can be added by tools like network analyzers as a consequence of file processing.</t>
-</section>
-
-<section title="Traffic Statistics and Monitoring Blocks (experimental)">
-<t>One or more blocks could be defined to contain network statistics or traffic monitoring information. They could be use to store data collected from RMON or Netflow probes, or from other network monitoring tools.</t>
-</section>
-
-<section title="Event/Security Block (experimental)">
-<t>This block could be used to store events. Events could contain generic information (for example network load over 50%, server down...) or security alerts. An event could be:</t>
-
-<list style="symbols">
-<t>skipped, if the application doesn't know how to do with it</t>
-<t>processed independently by the packets. In other words, the applications skips the packets and processes only the alerts</t>
-<t>processed in relation to packets: for example, a security tool could load only the packets of the file that are near a security alert; a monitorg tool could skip the packets captured while the server was down.</t>
-</list>
-
-</section>
-
-</section>
-
-
-
-
-<section title="Conclusions">
-<t>The file format proposed in this document should be very versatile and satisfy a wide range of applications.
-In the simplest case, it can contain a raw dump of the network data, made of a series of Simple Packet Blocks.
-In the most complex case, it can be used as a repository for heterogeneous information.
-In every case, the file remains easy to parse and an application can always skip the data it is not interested in; at the same time, different applications can share the file, and each of them can benfit of the information produced by the others.
-Two or more files can be concatenated obtaining another valid file.</t>
-</section>
-
-
-<section title="Most important open issues">
-<list style="symbols">
-<t>Data, in the file, must be byte or word aligned? Currently, the structure of this document is not consistent with respect to this point.</t>
-</list>
-</section>
-
-</middle>
-
-</rfc>
diff --git a/etherent.c b/etherent.c
index 9d299557f0d0..27e55024e305 100644
--- a/etherent.c
+++ b/etherent.c
@@ -21,7 +21,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.22 2003/11/15 23:23:57 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/etherent.c,v 1.23 2006/10/04 18:09:22 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -37,7 +37,7 @@ static const char rcsid[] _U_ =
#include "pcap-int.h"
-#include <pcap-namedb.h>
+#include <pcap/namedb.h>
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
diff --git a/ethertype.h b/ethertype.h
index 2d21c6d9cc01..867d33eaed60 100644
--- a/ethertype.h
+++ b/ethertype.h
@@ -18,7 +18,7 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * @(#) $Header: /tcpdump/master/libpcap/ethertype.h,v 1.13.2.1 2005/09/05 09:08:03 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/ethertype.h,v 1.14 2005/09/05 09:06:58 guy Exp $ (LBL)
*/
/*
diff --git a/fad-getad.c b/fad-getad.c
index 8101165796a7..2ce6d7009bbb 100644
--- a/fad-getad.c
+++ b/fad-getad.c
@@ -34,7 +34,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/fad-getad.c,v 1.10.2.2 2007/09/14 00:45:17 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/fad-getad.c,v 1.12 2007/09/14 00:44:55 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
diff --git a/fad-gifc.c b/fad-gifc.c
index 985d2c0ba341..ef04bd903d52 100644
--- a/fad-gifc.c
+++ b/fad-gifc.c
@@ -34,7 +34,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/fad-gifc.c,v 1.8.2.2 2005/06/29 06:43:31 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/fad-gifc.c,v 1.11.2.1 2008-08-06 07:35:01 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -42,7 +42,6 @@ static const char rcsid[] _U_ =
#endif
#include <sys/param.h>
-#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#ifdef HAVE_SYS_SOCKIO_H
diff --git a/fad-glifc.c b/fad-glifc.c
index 8a86a3d2e16c..9e92bc359252 100644
--- a/fad-glifc.c
+++ b/fad-glifc.c
@@ -34,7 +34,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/fad-glifc.c,v 1.5.2.1 2005/04/19 00:54:16 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/fad-glifc.c,v 1.6.2.1 2008/01/30 09:36:09 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -75,9 +75,9 @@ struct rtentry; /* declarations in <net/if.h> */
* The list, as returned through "alldevsp", may be null if no interfaces
* were up and could be opened.
*
- * This is the implementation used on platforms that have SIOCLGIFCONF
+ * This is the implementation used on platforms that have SIOCGLIFCONF
* but don't have "getifaddrs()". (Solaris 8 and later; we use
- * SIOCLGIFCONF rather than SIOCGIFCONF in order to get IPv6 addresses.)
+ * SIOCGLIFCONF rather than SIOCGIFCONF in order to get IPv6 addresses.)
*/
int
pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
diff --git a/fad-sita.c b/fad-sita.c
new file mode 100644
index 000000000000..261904567998
--- /dev/null
+++ b/fad-sita.c
@@ -0,0 +1,61 @@
+/*
+ * fad-sita.c: Packet capture interface additions for SITA ACN devices
+ *
+ * Copyright (c) 2007 Fulko Hew, SITA INC Canada, Inc <fulko.hew@sita.aero>
+ *
+ * License: BSD
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * 3. The names of the authors may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+ /* $Id: fad-sita.c */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+#include "pcap-int.h"
+
+#include "pcap-sita.h"
+
+extern pcap_if_t *acn_if_list; /* pcap's list of available interfaces */
+
+int pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) {
+
+ //printf("pcap_findalldevs()\n"); // fulko
+
+ *alldevsp = 0; /* initialize the returned variables before we do anything */
+ strcpy(errbuf, "");
+ if (acn_parse_hosts_file(errbuf)) /* scan the hosts file for potential IOPs */
+ {
+ //printf("pcap_findalldevs() returning BAD after parsehosts\n"); // fulko
+ return -1;
+ }
+ //printf("pcap_findalldevs() got hostlist now finding devs\n"); // fulko
+ if (acn_findalldevs(errbuf)) /* then ask the IOPs for their monitorable devices */
+ {
+ //printf("pcap_findalldevs() returning BAD after findalldevs\n"); // fulko
+ return -1;
+ }
+ *alldevsp = acn_if_list;
+ acn_if_list = 0; /* then forget our list head, because someone will call pcap_freealldevs() to empty the malloc'ed stuff */
+ //printf("pcap_findalldevs() returning ZERO OK\n"); // fulko
+ return 0;
+}
diff --git a/fad-win32.c b/fad-win32.c
index 4d2c01ede897..19839c869ed0 100644
--- a/fad-win32.c
+++ b/fad-win32.c
@@ -33,7 +33,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/fad-win32.c,v 1.11.2.3 2006/02/22 17:09:32 gianluca Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/fad-win32.c,v 1.15 2007/09/25 20:34:36 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -301,6 +301,15 @@ pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
name += strlen(name) + 1;
desc += strlen(desc) + 1;
}
+
+ if (ret != -1) {
+ /*
+ * We haven't had any errors yet; do any platform-specific
+ * operations to add devices.
+ */
+ if (pcap_platform_finddevs(&devlist, errbuf) < 0)
+ ret = -1;
+ }
if (ret == -1) {
/*
diff --git a/filtertest.c b/filtertest.c
new file mode 100644
index 000000000000..cfa69eab40a7
--- /dev/null
+++ b/filtertest.c
@@ -0,0 +1,254 @@
+/*
+ * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code distributions
+ * retain the above copyright notice and this paragraph in its entirety, (2)
+ * distributions including binary code include the above copyright notice and
+ * this paragraph in its entirety in the documentation or other materials
+ * provided with the distribution, and (3) all advertising materials mentioning
+ * features or use of this software display the following acknowledgement:
+ * ``This product includes software developed by the University of California,
+ * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
+ * the University nor the names of its contributors may be used to endorse
+ * or promote products derived from this software without specific prior
+ * written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static const char copyright[] _U_ =
+ "@(#) Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 2000\n\
+The Regents of the University of California. All rights reserved.\n";
+static const char rcsid[] _U_ =
+ "@(#) $Header: /tcpdump/master/libpcap/filtertest.c,v 1.2 2005/08/08 17:50:13 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <pcap.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+static char *program_name;
+
+/* Forwards */
+static void usage(void) __attribute__((noreturn));
+static void error(const char *, ...)
+ __attribute__((noreturn, format (printf, 1, 2)));
+
+extern int optind;
+extern int opterr;
+extern char *optarg;
+
+/*
+ * On Windows, we need to open the file in binary mode, so that
+ * we get all the bytes specified by the size we get from "fstat()".
+ * On UNIX, that's not necessary. O_BINARY is defined on Windows;
+ * we define it as 0 if it's not defined, so it does nothing.
+ */
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+static char *
+read_infile(char *fname)
+{
+ register int i, fd, cc;
+ register char *cp;
+ struct stat buf;
+
+ fd = open(fname, O_RDONLY|O_BINARY);
+ if (fd < 0)
+ error("can't open %s: %s", fname, pcap_strerror(errno));
+
+ if (fstat(fd, &buf) < 0)
+ error("can't stat %s: %s", fname, pcap_strerror(errno));
+
+ cp = malloc((u_int)buf.st_size + 1);
+ if (cp == NULL)
+ error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
+ fname, pcap_strerror(errno));
+ cc = read(fd, cp, (u_int)buf.st_size);
+ if (cc < 0)
+ error("read %s: %s", fname, pcap_strerror(errno));
+ if (cc != buf.st_size)
+ error("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
+
+ close(fd);
+ /* replace "# comment" with spaces */
+ for (i = 0; i < cc; i++) {
+ if (cp[i] == '#')
+ while (i < cc && cp[i] != '\n')
+ cp[i++] = ' ';
+ }
+ cp[cc] = '\0';
+ return (cp);
+}
+
+/* VARARGS */
+static void
+error(const char *fmt, ...)
+{
+ va_list ap;
+
+ (void)fprintf(stderr, "%s: ", program_name);
+ va_start(ap, fmt);
+ (void)vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ if (*fmt) {
+ fmt += strlen(fmt);
+ if (fmt[-1] != '\n')
+ (void)fputc('\n', stderr);
+ }
+ exit(1);
+ /* NOTREACHED */
+}
+
+/*
+ * Copy arg vector into a new buffer, concatenating arguments with spaces.
+ */
+static char *
+copy_argv(register char **argv)
+{
+ register char **p;
+ register u_int len = 0;
+ char *buf;
+ char *src, *dst;
+
+ p = argv;
+ if (*p == 0)
+ return 0;
+
+ while (*p)
+ len += strlen(*p++) + 1;
+
+ buf = (char *)malloc(len);
+ if (buf == NULL)
+ error("copy_argv: malloc");
+
+ p = argv;
+ dst = buf;
+ while ((src = *p++) != NULL) {
+ while ((*dst++ = *src++) != '\0')
+ ;
+ dst[-1] = ' ';
+ }
+ dst[-1] = '\0';
+
+ return buf;
+}
+
+int
+main(int argc, char **argv)
+{
+ char *cp;
+ int op;
+ int dflag;
+ char *infile;
+ int Oflag;
+ long snaplen;
+ int dlt;
+ char *cmdbuf;
+ pcap_t *pd;
+ struct bpf_program fcode;
+
+#ifdef WIN32
+ if(wsockinit() != 0) return 1;
+#endif /* WIN32 */
+
+ dflag = 1;
+ infile = NULL;
+ Oflag = 1;
+ snaplen = 68;
+
+ if ((cp = strrchr(argv[0], '/')) != NULL)
+ program_name = cp + 1;
+ else
+ program_name = argv[0];
+
+ opterr = 0;
+ while ((op = getopt(argc, argv, "dF:Os:")) != -1) {
+ switch (op) {
+
+ case 'd':
+ ++dflag;
+ break;
+
+ case 'F':
+ infile = optarg;
+ break;
+
+ case 'O':
+ Oflag = 0;
+ break;
+
+ case 's': {
+ char *end;
+
+ snaplen = strtol(optarg, &end, 0);
+ if (optarg == end || *end != '\0'
+ || snaplen < 0 || snaplen > 65535)
+ error("invalid snaplen %s", optarg);
+ else if (snaplen == 0)
+ snaplen = 65535;
+ break;
+ }
+
+ default:
+ usage();
+ /* NOTREACHED */
+ }
+ }
+
+ if (optind >= argc) {
+ usage();
+ /* NOTREACHED */
+ }
+
+ dlt = pcap_datalink_name_to_val(argv[optind]);
+ if (dlt < 0)
+ error("invalid data link type %s", argv[optind]);
+
+ if (infile)
+ cmdbuf = read_infile(infile);
+ else
+ cmdbuf = copy_argv(&argv[optind+1]);
+
+ pd = pcap_open_dead(dlt, snaplen);
+ if (pd == NULL)
+ error("Can't open fake pcap_t");
+
+ if (pcap_compile(pd, &fcode, cmdbuf, Oflag, 0) < 0)
+ error("%s", pcap_geterr(pd));
+ bpf_dump(&fcode, dflag);
+ pcap_close(pd);
+ exit(0);
+}
+
+static void
+usage(void)
+{
+ (void)fprintf(stderr, "%s, with %s\n", program_name,
+ pcap_lib_version());
+ (void)fprintf(stderr,
+ "Usage: %s [-dO] [ -F file ] [ -s snaplen ] dlt [ expression ]\n",
+ program_name);
+ exit(1);
+}
diff --git a/findalldevstest.c b/findalldevstest.c
new file mode 100644
index 000000000000..ec7c95015c9e
--- /dev/null
+++ b/findalldevstest.c
@@ -0,0 +1,131 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <pcap.h>
+
+static void ifprint(pcap_if_t *d);
+static char *iptos(bpf_u_int32 in);
+
+int main(int argc, char **argv)
+{
+ pcap_if_t *alldevs;
+ pcap_if_t *d;
+ char *s;
+ bpf_u_int32 net, mask;
+
+ char errbuf[PCAP_ERRBUF_SIZE+1];
+ if (pcap_findalldevs(&alldevs, errbuf) == -1)
+ {
+ fprintf(stderr,"Error in pcap_findalldevs: %s\n",errbuf);
+ exit(1);
+ }
+ for(d=alldevs;d;d=d->next)
+ {
+ ifprint(d);
+ }
+
+ if ( (s = pcap_lookupdev(errbuf)) == NULL)
+ {
+ fprintf(stderr,"Error in pcap_lookupdev: %s\n",errbuf);
+ }
+ else
+ {
+ printf("Preferred device name: %s\n",s);
+ }
+
+ if (pcap_lookupnet(s, &net, &mask, errbuf) < 0)
+ {
+ fprintf(stderr,"Error in pcap_lookupnet: %s\n",errbuf);
+ }
+ else
+ {
+ printf("Preferred device is on network: %s/%s\n",iptos(net), iptos(mask));
+ }
+
+ exit(0);
+}
+
+static void ifprint(pcap_if_t *d)
+{
+ pcap_addr_t *a;
+#ifdef INET6
+ char ntop_buf[INET6_ADDRSTRLEN];
+#endif
+
+ printf("%s\n",d->name);
+ if (d->description)
+ printf("\tDescription: %s\n",d->description);
+ printf("\tLoopback: %s\n",(d->flags & PCAP_IF_LOOPBACK)?"yes":"no");
+
+ for(a=d->addresses;a;a=a->next) {
+ switch(a->addr->sa_family)
+ {
+ case AF_INET:
+ printf("\tAddress Family: AF_INET\n");
+ if (a->addr)
+ printf("\t\tAddress: %s\n",
+ inet_ntoa(((struct sockaddr_in *)(a->addr))->sin_addr));
+ if (a->netmask)
+ printf("\t\tNetmask: %s\n",
+ inet_ntoa(((struct sockaddr_in *)(a->netmask))->sin_addr));
+ if (a->broadaddr)
+ printf("\t\tBroadcast Address: %s\n",
+ inet_ntoa(((struct sockaddr_in *)(a->broadaddr))->sin_addr));
+ if (a->dstaddr)
+ printf("\t\tDestination Address: %s\n",
+ inet_ntoa(((struct sockaddr_in *)(a->dstaddr))->sin_addr));
+ break;
+#ifdef INET6
+ case AF_INET6:
+ printf("\tAddress Family: AF_INET6\n");
+ if (a->addr)
+ printf("\t\tAddress: %s\n",
+ inet_ntop(AF_INET6,
+ ((struct sockaddr_in6 *)(a->addr))->sin6_addr.s6_addr,
+ ntop_buf, sizeof ntop_buf));
+ if (a->netmask)
+ printf("\t\tNetmask: %s\n",
+ inet_ntop(AF_INET6,
+ ((struct sockaddr_in6 *)(a->netmask))->sin6_addr.s6_addr,
+ ntop_buf, sizeof ntop_buf));
+ if (a->broadaddr)
+ printf("\t\tBroadcast Address: %s\n",
+ inet_ntop(AF_INET6,
+ ((struct sockaddr_in6 *)(a->broadaddr))->sin6_addr.s6_addr,
+ ntop_buf, sizeof ntop_buf));
+ if (a->dstaddr)
+ printf("\t\tDestination Address: %s\n",
+ inet_ntop(AF_INET6,
+ ((struct sockaddr_in6 *)(a->dstaddr))->sin6_addr.s6_addr,
+ ntop_buf, sizeof ntop_buf));
+ break;
+#endif
+ default:
+ printf("\tAddress Family: Unknown (%d)\n", a->addr->sa_family);
+ break;
+ }
+ }
+ printf("\n");
+}
+
+/* From tcptraceroute */
+#define IPTOSBUFFERS 12
+static char *iptos(bpf_u_int32 in)
+{
+ static char output[IPTOSBUFFERS][3*4+3+1];
+ static short which;
+ u_char *p;
+
+ p = (u_char *)&in;
+ which = (which + 1 == IPTOSBUFFERS ? 0 : which + 1);
+ sprintf(output[which], "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+ return output[which];
+}
diff --git a/gencode.c b/gencode.c
index d2cae2101c1c..41057ba8cb12 100644
--- a/gencode.c
+++ b/gencode.c
@@ -21,7 +21,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.53 2007/09/12 19:17:24 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.290.2.16 2008-09-22 20:16:01 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -68,10 +68,11 @@ static const char rcsid[] _U_ =
#include "nlpid.h"
#include "llc.h"
#include "gencode.h"
+#include "ieee80211.h"
#include "atmuni31.h"
#include "sunatmpos.h"
#include "ppp.h"
-#include "sll.h"
+#include "pcap/sll.h"
#include "arcnet.h"
#ifdef HAVE_NET_PFVAR_H
#include <sys/socket.h>
@@ -87,7 +88,7 @@ static const char rcsid[] _U_ =
#include <netdb.h> /* for "struct addrinfo" */
#endif /* WIN32 */
#endif /*INET6*/
-#include <pcap-namedb.h>
+#include <pcap/namedb.h>
#define ETHERMTU 1500
@@ -105,8 +106,8 @@ static const char rcsid[] _U_ =
static jmp_buf top_ctx;
static pcap_t *bpf_pcap;
-#ifdef WIN32
/* Hack for updating VLAN, MPLS, and PPPoE offsets. */
+#ifdef WIN32
static u_int orig_linktype = (u_int)-1, orig_nl = (u_int)-1, label_stack_depth = (u_int)-1;
#else
static u_int orig_linktype = -1U, orig_nl = -1U, label_stack_depth = -1U;
@@ -134,6 +135,7 @@ bpf_error(const char *fmt, ...)
static void init_linktype(pcap_t *);
+static void init_regs(void);
static int alloc_reg(void);
static void free_reg(int);
@@ -145,7 +147,8 @@ static struct block *root;
*/
enum e_offrel {
OR_PACKET, /* relative to the beginning of the packet */
- OR_LINK, /* relative to the link-layer header */
+ OR_LINK, /* relative to the beginning of the link-layer header */
+ OR_MACPL, /* relative to the end of the MAC-layer header */
OR_NET, /* relative to the network-layer header */
OR_NET_NOSNAP, /* relative to the network-layer header, with no SNAP header at the link layer */
OR_TRAN_IPV4, /* relative to the transport-layer header, with IPv4 network layer */
@@ -190,6 +193,7 @@ static struct block *gen_bcmp(enum e_offrel, u_int, u_int, const u_char *);
static struct block *gen_ncmp(enum e_offrel, bpf_u_int32, bpf_u_int32,
bpf_u_int32, bpf_u_int32, int, bpf_int32);
static struct slist *gen_load_llrel(u_int, u_int);
+static struct slist *gen_load_macplrel(u_int, u_int);
static struct slist *gen_load_a(enum e_offrel, u_int, u_int);
static struct slist *gen_loadx_iphdrlen(void);
static struct block *gen_uncond(int);
@@ -197,12 +201,16 @@ static inline struct block *gen_true(void);
static inline struct block *gen_false(void);
static struct block *gen_ether_linktype(int);
static struct block *gen_linux_sll_linktype(int);
-static void insert_radiotap_load_llprefixlen(struct block *);
-static void insert_ppi_load_llprefixlen(struct block *);
-static void insert_load_llprefixlen(struct block *);
+static struct slist *gen_load_prism_llprefixlen(void);
+static struct slist *gen_load_avs_llprefixlen(void);
+static struct slist *gen_load_radiotap_llprefixlen(void);
+static struct slist *gen_load_ppi_llprefixlen(void);
+static void insert_compute_vloffsets(struct block *);
static struct slist *gen_llprefixlen(void);
+static struct slist *gen_off_macpl(void);
+static int ethertype_to_ppptype(int);
static struct block *gen_linktype(int);
-static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
+static struct block *gen_snap(bpf_u_int32, bpf_u_int32);
static struct block *gen_llc_linktype(int);
static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
#ifdef INET6
@@ -247,6 +255,7 @@ static struct slist *xfer_to_x(struct arth *);
static struct slist *xfer_to_a(struct arth *);
static struct block *gen_mac_multicast(int);
static struct block *gen_len(int, int);
+static struct block *gen_check_802_11_data_frame(void);
static struct block *gen_ppi_dlt_check(void);
static struct block *gen_msg_abbrev(int type);
@@ -369,6 +378,7 @@ pcap_compile(pcap_t *p, struct bpf_program *program,
n_errors = 0;
root = NULL;
bpf_pcap = p;
+ init_regs();
if (setjmp(top_ctx)) {
lex_cleanup();
freechunks();
@@ -484,24 +494,11 @@ merge(b0, b1)
*p = b1;
}
-
void
finish_parse(p)
struct block *p;
{
struct block *ppi_dlt_check;
-
- ppi_dlt_check = gen_ppi_dlt_check();
-
- if (ppi_dlt_check != NULL)
- {
- gen_and(ppi_dlt_check, p);
- }
-
- backpatch(p, gen_retblk(snaplen));
- p->sense = !p->sense;
- backpatch(p, gen_retblk(0));
- root = p->head;
/*
* Insert before the statements of the first (root) block any
@@ -512,14 +509,30 @@ finish_parse(p)
* statements of all blocks that use those lengths and that
* have no predecessors that use them, so that we only compute
* the lengths if we need them. There might be even better
- * approaches than that. However, as we're currently only
- * handling variable-length radiotap headers, and as all
- * filtering expressions other than raw link[M:N] tests
- * require the length of that header, doing more for that
- * header length isn't really worth the effort.
+ * approaches than that.
+ *
+ * However, those strategies would be more complicated, and
+ * as we don't generate code to compute a length if the
+ * program has no tests that use the length, and as most
+ * tests will probably use those lengths, we would just
+ * postpone computing the lengths so that it's not done
+ * for tests that fail early, and it's not clear that's
+ * worth the effort.
*/
+ insert_compute_vloffsets(p->head);
+
+ /*
+ * For DLT_PPI captures, generate a check of the per-packet
+ * DLT value to make sure it's DLT_IEEE802_11.
+ */
+ ppi_dlt_check = gen_ppi_dlt_check();
+ if (ppi_dlt_check != NULL)
+ gen_and(ppi_dlt_check, p);
- insert_load_llprefixlen(root);
+ backpatch(p, gen_retblk(snaplen));
+ p->sense = !p->sense;
+ backpatch(p, gen_retblk(0));
+ root = p->head;
}
void
@@ -682,13 +695,7 @@ gen_ncmp(offrel, offset, size, mask, jtype, reverse, v)
* Various code constructs need to know the layout of the data link
* layer. These variables give the necessary offsets from the beginning
* of the packet data.
- *
- * If the link layer has variable_length headers, the offsets are offsets
- * from the end of the link-link-layer header, and "reg_ll_size" is
- * the register number for a register containing the length of the
- * link-layer header. Otherwise, "reg_ll_size" is -1.
*/
-static int reg_ll_size;
/*
* This is the offset of the beginning of the link-layer header from
@@ -701,13 +708,49 @@ static int reg_ll_size;
static u_int off_ll;
/*
- * This is the offset of the beginning of the MAC-layer header.
+ * If there's a variable-length header preceding the link-layer header,
+ * "reg_off_ll" is the register number for a register containing the
+ * length of that header, and therefore the offset of the link-layer
+ * header from the beginning of the raw packet data. Otherwise,
+ * "reg_off_ll" is -1.
+ */
+static int reg_off_ll;
+
+/*
+ * This is the offset of the beginning of the MAC-layer header from
+ * the beginning of the link-layer header.
* It's usually 0, except for ATM LANE, where it's the offset, relative
* to the beginning of the raw packet data, of the Ethernet header.
*/
static u_int off_mac;
/*
+ * This is the offset of the beginning of the MAC-layer payload,
+ * from the beginning of the raw packet data.
+ *
+ * I.e., it's the sum of the length of the link-layer header (without,
+ * for example, any 802.2 LLC header, so it's the MAC-layer
+ * portion of that header), plus any prefix preceding the
+ * link-layer header.
+ */
+static u_int off_macpl;
+
+/*
+ * This is 1 if the offset of the beginning of the MAC-layer payload
+ * from the beginning of the link-layer header is variable-length.
+ */
+static int off_macpl_is_variable;
+
+/*
+ * If the link layer has variable_length headers, "reg_off_macpl"
+ * is the register number for a register containing the length of the
+ * link-layer header plus the length of any variable-length header
+ * preceding the link-layer header. Otherwise, "reg_off_macpl"
+ * is -1.
+ */
+static int reg_off_macpl;
+
+/*
* "off_linktype" is the offset to information in the link-layer header
* giving the packet type. This offset is relative to the beginning
* of the link-layer header (i.e., it doesn't include off_ll).
@@ -730,6 +773,13 @@ static u_int off_mac;
static u_int off_linktype;
/*
+ * TRUE if "pppoes" appeared in the filter; it causes link-layer type
+ * checks to check the PPP header, assumed to follow a LAN-style link-
+ * layer header and a PPPoE session header.
+ */
+static int is_pppoes = 0;
+
+/*
* TRUE if the link layer includes an ATM pseudo-header.
*/
static int is_atm = 0;
@@ -768,8 +818,8 @@ static u_int off_payload;
/*
* These are offsets to the beginning of the network-layer header.
- * They are relative to the beginning of the link-layer header (i.e.,
- * they don't include off_ll).
+ * They are relative to the beginning of the MAC-layer payload (i.e.,
+ * they don't include off_ll or off_macpl).
*
* If the link layer never uses 802.2 LLC:
*
@@ -816,6 +866,11 @@ init_linktype(p)
off_payload = -1;
/*
+ * And that we're not doing PPPoE.
+ */
+ is_pppoes = 0;
+
+ /*
* And assume we're not doing SS7.
*/
off_li = -1;
@@ -825,34 +880,40 @@ init_linktype(p)
off_sls = -1;
/*
- * Also assume it's not 802.11 with a fixed-length radio header.
+ * Also assume it's not 802.11.
*/
off_ll = 0;
+ off_macpl = 0;
+ off_macpl_is_variable = 0;
orig_linktype = -1;
orig_nl = -1;
label_stack_depth = 0;
- reg_ll_size = -1;
+ reg_off_ll = -1;
+ reg_off_macpl = -1;
switch (linktype) {
case DLT_ARCNET:
off_linktype = 2;
- off_nl = 6; /* XXX in reality, variable! */
- off_nl_nosnap = 6; /* no 802.2 LLC */
+ off_macpl = 6;
+ off_nl = 0; /* XXX in reality, variable! */
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_ARCNET_LINUX:
off_linktype = 4;
- off_nl = 8; /* XXX in reality, variable! */
- off_nl_nosnap = 8; /* no 802.2 LLC */
+ off_macpl = 8;
+ off_nl = 0; /* XXX in reality, variable! */
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_EN10MB:
off_linktype = 12;
- off_nl = 14; /* Ethernet II */
- off_nl_nosnap = 17; /* 802.3+802.2 */
+ off_macpl = 14; /* Ethernet header length */
+ off_nl = 0; /* Ethernet II */
+ off_nl_nosnap = 3; /* 802.3+802.2 */
return;
case DLT_SLIP:
@@ -861,29 +922,33 @@ init_linktype(p)
* header is hacked into our SLIP driver.
*/
off_linktype = -1;
- off_nl = 16;
- off_nl_nosnap = 16; /* no 802.2 LLC */
+ off_macpl = 16;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_SLIP_BSDOS:
/* XXX this may be the same as the DLT_PPP_BSDOS case */
off_linktype = -1;
/* XXX end */
- off_nl = 24;
- off_nl_nosnap = 24; /* no 802.2 LLC */
+ off_macpl = 24;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_NULL:
case DLT_LOOP:
off_linktype = 0;
- off_nl = 4;
- off_nl_nosnap = 4; /* no 802.2 LLC */
+ off_macpl = 4;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_ENC:
off_linktype = 0;
- off_nl = 12;
- off_nl_nosnap = 12; /* no 802.2 LLC */
+ off_macpl = 12;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_PPP:
@@ -891,8 +956,9 @@ init_linktype(p)
case DLT_C_HDLC: /* BSD/OS Cisco HDLC */
case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */
off_linktype = 2;
- off_nl = 4;
- off_nl_nosnap = 4; /* no 802.2 LLC */
+ off_macpl = 4;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_PPP_ETHER:
@@ -901,14 +967,16 @@ init_linktype(p)
* only covers session state.
*/
off_linktype = 6;
- off_nl = 8;
- off_nl_nosnap = 8; /* no 802.2 LLC */
+ off_macpl = 8;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_PPP_BSDOS:
off_linktype = 5;
- off_nl = 24;
- off_nl_nosnap = 24; /* no 802.2 LLC */
+ off_macpl = 24;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_FDDI:
@@ -924,12 +992,12 @@ init_linktype(p)
#ifdef PCAP_FDDIPAD
off_linktype += pcap_fddipad;
#endif
- off_nl = 21; /* FDDI+802.2+SNAP */
- off_nl_nosnap = 16; /* FDDI+802.2 */
+ off_macpl = 13; /* FDDI MAC header length */
#ifdef PCAP_FDDIPAD
- off_nl += pcap_fddipad;
- off_nl_nosnap += pcap_fddipad;
+ off_macpl += pcap_fddipad;
#endif
+ off_nl = 8; /* 802.2+SNAP */
+ off_nl_nosnap = 3; /* 802.2 */
return;
case DLT_IEEE802:
@@ -957,11 +1025,15 @@ init_linktype(p)
* 8 - figure out which byte that is).
*/
off_linktype = 14;
- off_nl = 22; /* Token Ring+802.2+SNAP */
- off_nl_nosnap = 17; /* Token Ring+802.2 */
+ off_macpl = 14; /* Token Ring MAC header length */
+ off_nl = 8; /* 802.2+SNAP */
+ off_nl_nosnap = 3; /* 802.2 */
return;
case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
/*
* 802.11 doesn't really have a link-level type field.
* We set "off_linktype" to the offset of the LLC header.
@@ -970,90 +1042,37 @@ init_linktype(p)
* is being used and pick out the encapsulated Ethernet type.
* XXX - should we generate code to check for SNAP?
*
- * XXX - the header is actually variable-length. We
- * assume a 24-byte link-layer header, as appears in
- * data frames in networks with no bridges. If the
- * fromds and tods 802.11 header bits are both set,
- * it's actually supposed to be 30 bytes.
+ * We also handle variable-length radio headers here.
+ * The Prism header is in theory variable-length, but in
+ * practice it's always 144 bytes long. However, some
+ * drivers on Linux use ARPHRD_IEEE80211_PRISM, but
+ * sometimes or always supply an AVS header, so we
+ * have to check whether the radio header is a Prism
+ * header or an AVS header, so, in practice, it's
+ * variable-length.
*/
off_linktype = 24;
- off_nl = 32; /* 802.11+802.2+SNAP */
- off_nl_nosnap = 27; /* 802.11+802.2 */
- return;
-
- case DLT_PRISM_HEADER:
- /*
- * Same as 802.11, but with an additional header before
- * the 802.11 header, containing a bunch of additional
- * information including radio-level information.
- *
- * The header is 144 bytes long.
- *
- * XXX - same variable-length header problem; at least
- * the Prism header is fixed-length.
- */
- off_ll = 144;
- off_linktype = 24;
- off_nl = 32; /* Prism+802.11+802.2+SNAP */
- off_nl_nosnap = 27; /* Prism+802.11+802.2 */
- return;
-
- case DLT_IEEE802_11_RADIO_AVS:
- /*
- * Same as 802.11, but with an additional header before
- * the 802.11 header, containing a bunch of additional
- * information including radio-level information.
- *
- * The header is 64 bytes long, at least in its
- * current incarnation.
- *
- * XXX - same variable-length header problem, only
- * more so; this header is also variable-length,
- * with the length being the 32-bit big-endian
- * number at an offset of 4 from the beginning
- * of the radio header. We should handle that the
- * same way we handle the length at the beginning
- * of the radiotap header.
- *
- * XXX - in Linux, do any drivers that supply an AVS
- * header supply a link-layer type other than
- * ARPHRD_IEEE80211_PRISM? If so, we should map that
- * to DLT_IEEE802_11_RADIO_AVS; if not, or if there are
- * any drivers that supply an AVS header but supply
- * an ARPHRD value of ARPHRD_IEEE80211_PRISM, we'll
- * have to check the header in the generated code to
- * determine whether it's Prism or AVS.
- */
- off_ll = 64;
- off_linktype = 24;
- off_nl = 32; /* Radio+802.11+802.2+SNAP */
- off_nl_nosnap = 27; /* Radio+802.11+802.2 */
+ off_macpl = 0; /* link-layer header is variable-length */
+ off_macpl_is_variable = 1;
+ off_nl = 8; /* 802.2+SNAP */
+ off_nl_nosnap = 3; /* 802.2 */
return;
-
- /*
- * At the moment we treat PPI as normal Radiotap encoded
- * packets. The difference is in the function that generates
- * the code at the beginning to compute the header length.
- * Since this code generator of PPI supports bare 802.11
- * encapsulation only (i.e. the encapsulated DLT should be
- * DLT_IEEE802_11) we generate code to check for this too.
- */
case DLT_PPI:
- case DLT_IEEE802_11_RADIO:
- /*
- * Same as 802.11, but with an additional header before
- * the 802.11 header, containing a bunch of additional
- * information including radio-level information.
- *
- * The radiotap header is variable length, and we
- * generate code to compute its length and store it
- * in a register. These offsets are relative to the
- * beginning of the 802.11 header.
+ /*
+ * At the moment we treat PPI the same way that we treat
+ * normal Radiotap encoded packets. The difference is in
+ * the function that generates the code at the beginning
+ * to compute the header length. Since this code generator
+ * of PPI supports bare 802.11 encapsulation only (i.e.
+ * the encapsulated DLT should be DLT_IEEE802_11) we
+ * generate code to check for this too.
*/
off_linktype = 24;
- off_nl = 32; /* 802.11+802.2+SNAP */
- off_nl_nosnap = 27; /* 802.11+802.2 */
+ off_macpl = 0; /* link-layer header is variable-length */
+ off_macpl_is_variable = 1;
+ off_nl = 8; /* 802.2+SNAP */
+ off_nl_nosnap = 3; /* 802.2 */
return;
case DLT_ATM_RFC1483:
@@ -1070,6 +1089,7 @@ init_linktype(p)
* PPPo{A,E} and a PPP protocol of IP and....
*/
off_linktype = 0;
+ off_macpl = 0; /* packet begins with LLC header */
off_nl = 8; /* 802.2+SNAP */
off_nl_nosnap = 3; /* 802.2 */
return;
@@ -1083,23 +1103,26 @@ init_linktype(p)
off_vpi = SUNATM_VPI_POS;
off_vci = SUNATM_VCI_POS;
off_proto = PROTO_POS;
- off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */
+ off_mac = -1; /* assume LLC-encapsulated, so no MAC-layer header */
off_payload = SUNATM_PKT_BEGIN_POS;
off_linktype = off_payload;
- off_nl = off_payload+8; /* 802.2+SNAP */
- off_nl_nosnap = off_payload+3; /* 802.2 */
+ off_macpl = off_payload; /* if LLC-encapsulated */
+ off_nl = 8; /* 802.2+SNAP */
+ off_nl_nosnap = 3; /* 802.2 */
return;
case DLT_RAW:
off_linktype = -1;
+ off_macpl = 0;
off_nl = 0;
off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
off_linktype = 14;
- off_nl = 16;
- off_nl_nosnap = 16; /* no 802.2 LLC */
+ off_macpl = 16;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_LTALK:
@@ -1109,6 +1132,7 @@ init_linktype(p)
* "long" DDP packet following.
*/
off_linktype = -1;
+ off_macpl = 0;
off_nl = 0;
off_nl_nosnap = 0; /* no 802.2 LLC */
return;
@@ -1125,8 +1149,9 @@ init_linktype(p)
* 2625 says SNAP should be used.
*/
off_linktype = 16;
- off_nl = 24; /* IPFC+802.2+SNAP */
- off_nl_nosnap = 19; /* IPFC+802.2 */
+ off_macpl = 16;
+ off_nl = 8; /* 802.2+SNAP */
+ off_nl_nosnap = 3; /* 802.2 */
return;
case DLT_FRELAY:
@@ -1135,6 +1160,7 @@ init_linktype(p)
* frames (NLPID of 0x80).
*/
off_linktype = -1;
+ off_macpl = 0;
off_nl = 0;
off_nl_nosnap = 0; /* no 802.2 LLC */
return;
@@ -1146,14 +1172,16 @@ init_linktype(p)
*/
case DLT_MFR:
off_linktype = -1;
+ off_macpl = 0;
off_nl = 4;
off_nl_nosnap = 0; /* XXX - for now -> no 802.2 LLC */
return;
case DLT_APPLE_IP_OVER_IEEE1394:
off_linktype = 16;
- off_nl = 18;
- off_nl_nosnap = 18; /* no 802.2 LLC */
+ off_macpl = 18;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
case DLT_LINUX_IRDA:
@@ -1161,6 +1189,7 @@ init_linktype(p)
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1170,21 +1199,24 @@ init_linktype(p)
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
case DLT_SYMANTEC_FIREWALL:
off_linktype = 6;
- off_nl = 44; /* Ethernet II */
- off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */
+ off_macpl = 44;
+ off_nl = 0; /* Ethernet II */
+ off_nl_nosnap = 0; /* XXX - what does it do with 802.3 packets? */
return;
#ifdef HAVE_NET_PFVAR_H
case DLT_PFLOG:
off_linktype = 0;
- off_nl = PFLOG_HDRLEN;
- off_nl_nosnap = PFLOG_HDRLEN; /* no 802.2 LLC */
+ off_macpl = PFLOG_HDRLEN;
+ off_nl = 0;
+ off_nl_nosnap = 0; /* no 802.2 LLC */
return;
#endif
@@ -1195,26 +1227,30 @@ init_linktype(p)
case DLT_JUNIPER_CHDLC:
case DLT_JUNIPER_FRELAY:
off_linktype = 4;
- off_nl = 4;
+ off_macpl = 4;
+ off_nl = 0;
off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_JUNIPER_ATM1:
- off_linktype = 4; /* in reality variable between 4-8 */
- off_nl = 4;
- off_nl_nosnap = 14;
+ off_linktype = 4; /* in reality variable between 4-8 */
+ off_macpl = 4; /* in reality variable between 4-8 */
+ off_nl = 0;
+ off_nl_nosnap = 10;
return;
case DLT_JUNIPER_ATM2:
- off_linktype = 8; /* in reality variable between 8-12 */
- off_nl = 8;
- off_nl_nosnap = 18;
+ off_linktype = 8; /* in reality variable between 8-12 */
+ off_macpl = 8; /* in reality variable between 8-12 */
+ off_nl = 0;
+ off_nl_nosnap = 10;
return;
/* frames captured on a Juniper PPPoE service PIC
* contain raw ethernet frames */
case DLT_JUNIPER_PPPOE:
case DLT_JUNIPER_ETHER:
+ off_macpl = 14;
off_linktype = 16;
off_nl = 18; /* Ethernet II */
off_nl_nosnap = 21; /* 802.3+802.2 */
@@ -1222,36 +1258,56 @@ init_linktype(p)
case DLT_JUNIPER_PPPOE_ATM:
off_linktype = 4;
- off_nl = 6;
- off_nl_nosnap = -1; /* no 802.2 LLC */
+ off_macpl = 6;
+ off_nl = 0;
+ off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_JUNIPER_GGSN:
off_linktype = 6;
- off_nl = 12;
- off_nl_nosnap = -1; /* no 802.2 LLC */
+ off_macpl = 12;
+ off_nl = 0;
+ off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_JUNIPER_ES:
off_linktype = 6;
- off_nl = -1; /* not really a network layer but raw IP adresses */
+ off_macpl = -1; /* not really a network layer but raw IP addresses */
+ off_nl = -1; /* not really a network layer but raw IP addresses */
off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_JUNIPER_MONITOR:
off_linktype = 12;
- off_nl = 12; /* raw IP/IP6 header */
+ off_macpl = 12;
+ off_nl = 0; /* raw IP/IP6 header */
off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_JUNIPER_SERVICES:
off_linktype = 12;
+ off_macpl = -1; /* L3 proto location dep. on cookie type */
off_nl = -1; /* L3 proto location dep. on cookie type */
off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_JUNIPER_VP:
off_linktype = 18;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_JUNIPER_ST:
+ off_linktype = 18;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_JUNIPER_ISM:
+ off_linktype = 8;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1263,6 +1319,7 @@ init_linktype(p)
off_dpc = 4;
off_sls = 7;
off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1274,6 +1331,19 @@ init_linktype(p)
off_dpc = 8;
off_sls = 11;
off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_ERF:
+ off_li = 22;
+ off_sio = 23;
+ off_opc = 24;
+ off_dpc = 24;
+ off_sls = 27;
+ off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1281,8 +1351,9 @@ init_linktype(p)
#ifdef DLT_PFSYNC
case DLT_PFSYNC:
off_linktype = -1;
- off_nl = 4;
- off_nl_nosnap = 4;
+ off_macpl = 4;
+ off_nl = 0;
+ off_nl_nosnap = 0;
return;
#endif
@@ -1291,6 +1362,7 @@ init_linktype(p)
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1300,6 +1372,7 @@ init_linktype(p)
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1309,6 +1382,118 @@ init_linktype(p)
* Currently, only raw "link[N:M]" filtering is supported.
*/
off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_USB_LINUX:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_CAN20B:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_IEEE802_15_4_LINUX:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_IEEE802_16_MAC_CPS_RADIO:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_IEEE802_15_4:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_SITA:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_RAIF1:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_IPMB:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_BLUETOOTH_HCI_H4_WITH_PHDR:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
+ off_nl = -1;
+ off_nl_nosnap = -1;
+ return;
+
+ case DLT_AX25_KISS:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1; /* variable, min 15, max 71 steps of 7 */
+ off_macpl = -1;
+ off_nl = -1; /* variable, min 16, max 71 steps of 7 */
+ off_nl_nosnap = -1; /* no 802.2 LLC */
+ off_mac = 1; /* step over the kiss length byte */
+ return;
+
+ case DLT_IEEE802_15_4_NONASK_PHY:
+ /*
+ * Currently, only raw "link[N:M]" filtering is supported.
+ */
+ off_linktype = -1;
+ off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
@@ -1362,6 +1547,45 @@ gen_load_llrel(offset, size)
return s;
}
+/*
+ * Load a value relative to the beginning of the MAC-layer payload.
+ */
+static struct slist *
+gen_load_macplrel(offset, size)
+ u_int offset, size;
+{
+ struct slist *s, *s2;
+
+ s = gen_off_macpl();
+
+ /*
+ * If s is non-null, the offset of the MAC-layer payload is
+ * variable, and s points to a list of instructions that
+ * arrange that the X register contains that offset.
+ *
+ * Otherwise, the offset of the MAC-layer payload is constant,
+ * and is in off_macpl.
+ */
+ if (s != NULL) {
+ /*
+ * The offset of the MAC-layer payload is in the X
+ * register. Do an indirect load, to use the X register
+ * as an offset.
+ */
+ s2 = new_stmt(BPF_LD|BPF_IND|size);
+ s2->s.k = offset;
+ sappend(s, s2);
+ } else {
+ /*
+ * The offset of the MAC-layer payload is constant,
+ * and is in off_macpl; load the value at that offset
+ * plus the specified offset.
+ */
+ s = new_stmt(BPF_LD|BPF_ABS|size);
+ s->s.k = off_macpl + offset;
+ }
+ return s;
+}
/*
* Load a value relative to the beginning of the specified header.
@@ -1384,12 +1608,16 @@ gen_load_a(offrel, offset, size)
s = gen_load_llrel(offset, size);
break;
+ case OR_MACPL:
+ s = gen_load_macplrel(offset, size);
+ break;
+
case OR_NET:
- s = gen_load_llrel(off_nl + offset, size);
+ s = gen_load_macplrel(off_nl + offset, size);
break;
case OR_NET_NOSNAP:
- s = gen_load_llrel(off_nl_nosnap + offset, size);
+ s = gen_load_macplrel(off_nl_nosnap + offset, size);
break;
case OR_TRAN_IPV4:
@@ -1402,21 +1630,22 @@ gen_load_a(offrel, offset, size)
s = gen_loadx_iphdrlen();
/*
- * Load the item at {offset of the link-layer header} +
- * {offset, relative to the start of the link-layer
- * header, of the IPv4 header} + {length of the IPv4 header} +
+ * Load the item at {offset of the MAC-layer payload} +
+ * {offset, relative to the start of the MAC-layer
+ * paylod, of the IPv4 header} + {length of the IPv4 header} +
* {specified offset}.
*
- * (If the link-layer is variable-length, it's included
- * in the value in the X register, and off_ll is 0.)
+ * (If the offset of the MAC-layer payload is variable,
+ * it's included in the value in the X register, and
+ * off_macpl is 0.)
*/
s2 = new_stmt(BPF_LD|BPF_IND|size);
- s2->s.k = off_ll + off_nl + offset;
+ s2->s.k = off_macpl + off_nl + offset;
sappend(s, s2);
break;
case OR_TRAN_IPV6:
- s = gen_load_llrel(off_nl + 40 + offset, size);
+ s = gen_load_macplrel(off_nl + 40 + offset, size);
break;
default:
@@ -1436,12 +1665,15 @@ gen_loadx_iphdrlen()
{
struct slist *s, *s2;
- s = gen_llprefixlen();
+ s = gen_off_macpl();
if (s != NULL) {
/*
* There's a variable-length prefix preceding the
- * link-layer header. "s" points to a list of statements
- * that put the length of that prefix into the X register.
+ * link-layer header, or the link-layer header is itself
+ * variable-length. "s" points to a list of statements
+ * that put the offset of the MAC-layer payload into
+ * the X register.
+ *
* The 4*([k]&0xf) addressing mode can't be used, as we
* don't have a constant offset, so we have to load the
* value in question into the A register and add to it
@@ -1459,22 +1691,24 @@ gen_loadx_iphdrlen()
/*
* The A register now contains the length of the
- * IP header. We need to add to it the length
- * of the prefix preceding the link-layer
- * header, which is still in the X register, and
- * move the result into the X register.
+ * IP header. We need to add to it the offset of
+ * the MAC-layer payload, which is still in the X
+ * register, and move the result into the X register.
*/
sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
sappend(s, new_stmt(BPF_MISC|BPF_TAX));
} else {
/*
* There is no variable-length header preceding the
- * link-layer header; add in off_ll, which, if there's
- * a fixed-length header preceding the link-layer header,
- * is the length of that header.
+ * link-layer header, and the link-layer header is
+ * fixed-length; load the length of the IPv4 header,
+ * which is at an offset of off_nl from the beginning
+ * of the MAC-layer payload, and thus at an offset
+ * of off_mac_pl + off_nl from the beginning of the
+ * raw packet data.
*/
s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
- s->s.k = off_ll + off_nl;
+ s->s.k = off_macpl + off_nl;
}
return s;
}
@@ -1548,7 +1782,7 @@ gen_ether_linktype(proto)
*/
b0 = gen_cmp_gt(OR_LINK, off_linktype, BPF_H, ETHERMTU);
gen_not(b0);
- b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32)
+ b1 = gen_cmp(OR_MACPL, 0, BPF_H, (bpf_int32)
((proto << 8) | proto));
gen_and(b0, b1);
return b1;
@@ -1586,17 +1820,15 @@ gen_ether_linktype(proto)
* This generates code to check both for the
* IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
*/
- b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
- (bpf_int32)LLCSAP_IPX);
- b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H,
- (bpf_int32)0xFFFF);
+ b0 = gen_cmp(OR_MACPL, 0, BPF_B, (bpf_int32)LLCSAP_IPX);
+ b1 = gen_cmp(OR_MACPL, 0, BPF_H, (bpf_int32)0xFFFF);
gen_or(b0, b1);
/*
* Now we add code to check for SNAP frames with
* ETHERTYPE_IPX, i.e. Ethernet_SNAP.
*/
- b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
+ b0 = gen_snap(0x000000, ETHERTYPE_IPX);
gen_or(b0, b1);
/*
@@ -1651,9 +1883,9 @@ gen_ether_linktype(proto)
* type of ETHERTYPE_AARP (Appletalk ARP).
*/
if (proto == ETHERTYPE_ATALK)
- b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
+ b1 = gen_snap(0x080007, ETHERTYPE_ATALK);
else /* proto == ETHERTYPE_AARP */
- b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
+ b1 = gen_snap(0x000000, ETHERTYPE_AARP);
gen_and(b0, b1);
/*
@@ -1730,7 +1962,7 @@ gen_linux_sll_linktype(proto)
* (i.e., other SAP values)?
*/
b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
- b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_H, (bpf_int32)
+ b1 = gen_cmp(OR_MACPL, 0, BPF_H, (bpf_int32)
((proto << 8) | proto));
gen_and(b0, b1);
return b1;
@@ -1761,10 +1993,8 @@ gen_linux_sll_linktype(proto)
* then put a check for LINUX_SLL_P_802_2 frames
* before it.
*/
- b0 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
- (bpf_int32)LLCSAP_IPX);
- b1 = gen_snap(0x000000, ETHERTYPE_IPX,
- off_linktype + 2);
+ b0 = gen_cmp(OR_MACPL, 0, BPF_B, (bpf_int32)LLCSAP_IPX);
+ b1 = gen_snap(0x000000, ETHERTYPE_IPX);
gen_or(b0, b1);
b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, LINUX_SLL_P_802_2);
gen_and(b0, b1);
@@ -1812,11 +2042,9 @@ gen_linux_sll_linktype(proto)
* type of ETHERTYPE_AARP (Appletalk ARP).
*/
if (proto == ETHERTYPE_ATALK)
- b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
- off_linktype + 2);
+ b1 = gen_snap(0x080007, ETHERTYPE_ATALK);
else /* proto == ETHERTYPE_AARP */
- b1 = gen_snap(0x000000, ETHERTYPE_AARP,
- off_linktype + 2);
+ b1 = gen_snap(0x000000, ETHERTYPE_AARP);
gen_and(b0, b1);
/*
@@ -1840,7 +2068,7 @@ gen_linux_sll_linktype(proto)
*/
b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
LINUX_SLL_P_802_2);
- b1 = gen_cmp(OR_LINK, off_linktype + 2, BPF_B,
+ b1 = gen_cmp(OR_LINK, off_macpl, BPF_B,
(bpf_int32)proto);
gen_and(b0, b1);
return b1;
@@ -1860,18 +2088,169 @@ gen_linux_sll_linktype(proto)
}
}
-static void
-insert_radiotap_load_llprefixlen(b)
- struct block *b;
+static struct slist *
+gen_load_prism_llprefixlen()
{
struct slist *s1, *s2;
+ struct slist *sjeq_avs_cookie;
+ struct slist *sjcommon;
+
+ /*
+ * This code is not compatible with the optimizer, as
+ * we are generating jmp instructions within a normal
+ * slist of instructions
+ */
+ no_optimize = 1;
/*
- * Prepend to the statements in this block code to load the
- * length of the radiotap header into the register assigned
- * to hold that length, if one has been assigned.
+ * Generate code to load the length of the radio header into
+ * the register assigned to hold that length, if one has been
+ * assigned. (If one hasn't been assigned, no code we've
+ * generated uses that prefix, so we don't need to generate any
+ * code to load it.)
+ *
+ * Some Linux drivers use ARPHRD_IEEE80211_PRISM but sometimes
+ * or always use the AVS header rather than the Prism header.
+ * We load a 4-byte big-endian value at the beginning of the
+ * raw packet data, and see whether, when masked with 0xFFFFF000,
+ * it's equal to 0x80211000. If so, that indicates that it's
+ * an AVS header (the masked-out bits are the version number).
+ * Otherwise, it's a Prism header.
+ *
+ * XXX - the Prism header is also, in theory, variable-length,
+ * but no known software generates headers that aren't 144
+ * bytes long.
*/
- if (reg_ll_size != -1) {
+ if (reg_off_ll != -1) {
+ /*
+ * Load the cookie.
+ */
+ s1 = new_stmt(BPF_LD|BPF_W|BPF_ABS);
+ s1->s.k = 0;
+
+ /*
+ * AND it with 0xFFFFF000.
+ */
+ s2 = new_stmt(BPF_ALU|BPF_AND|BPF_K);
+ s2->s.k = 0xFFFFF000;
+ sappend(s1, s2);
+
+ /*
+ * Compare with 0x80211000.
+ */
+ sjeq_avs_cookie = new_stmt(JMP(BPF_JEQ));
+ sjeq_avs_cookie->s.k = 0x80211000;
+ sappend(s1, sjeq_avs_cookie);
+
+ /*
+ * If it's AVS:
+ *
+ * The 4 bytes at an offset of 4 from the beginning of
+ * the AVS header are the length of the AVS header.
+ * That field is big-endian.
+ */
+ s2 = new_stmt(BPF_LD|BPF_W|BPF_ABS);
+ s2->s.k = 4;
+ sappend(s1, s2);
+ sjeq_avs_cookie->s.jt = s2;
+
+ /*
+ * Now jump to the code to allocate a register
+ * into which to save the header length and
+ * store the length there. (The "jump always"
+ * instruction needs to have the k field set;
+ * it's added to the PC, so, as we're jumping
+ * over a single instruction, it should be 1.)
+ */
+ sjcommon = new_stmt(JMP(BPF_JA));
+ sjcommon->s.k = 1;
+ sappend(s1, sjcommon);
+
+ /*
+ * Now for the code that handles the Prism header.
+ * Just load the length of the Prism header (144)
+ * into the A register. Have the test for an AVS
+ * header branch here if we don't have an AVS header.
+ */
+ s2 = new_stmt(BPF_LD|BPF_W|BPF_IMM);
+ s2->s.k = 144;
+ sappend(s1, s2);
+ sjeq_avs_cookie->s.jf = s2;
+
+ /*
+ * Now allocate a register to hold that value and store
+ * it. The code for the AVS header will jump here after
+ * loading the length of the AVS header.
+ */
+ s2 = new_stmt(BPF_ST);
+ s2->s.k = reg_off_ll;
+ sappend(s1, s2);
+ sjcommon->s.jf = s2;
+
+ /*
+ * Now move it into the X register.
+ */
+ s2 = new_stmt(BPF_MISC|BPF_TAX);
+ sappend(s1, s2);
+
+ return (s1);
+ } else
+ return (NULL);
+}
+
+static struct slist *
+gen_load_avs_llprefixlen()
+{
+ struct slist *s1, *s2;
+
+ /*
+ * Generate code to load the length of the AVS header into
+ * the register assigned to hold that length, if one has been
+ * assigned. (If one hasn't been assigned, no code we've
+ * generated uses that prefix, so we don't need to generate any
+ * code to load it.)
+ */
+ if (reg_off_ll != -1) {
+ /*
+ * The 4 bytes at an offset of 4 from the beginning of
+ * the AVS header are the length of the AVS header.
+ * That field is big-endian.
+ */
+ s1 = new_stmt(BPF_LD|BPF_W|BPF_ABS);
+ s1->s.k = 4;
+
+ /*
+ * Now allocate a register to hold that value and store
+ * it.
+ */
+ s2 = new_stmt(BPF_ST);
+ s2->s.k = reg_off_ll;
+ sappend(s1, s2);
+
+ /*
+ * Now move it into the X register.
+ */
+ s2 = new_stmt(BPF_MISC|BPF_TAX);
+ sappend(s1, s2);
+
+ return (s1);
+ } else
+ return (NULL);
+}
+
+static struct slist *
+gen_load_radiotap_llprefixlen()
+{
+ struct slist *s1, *s2;
+
+ /*
+ * Generate code to load the length of the radiotap header into
+ * the register assigned to hold that length, if one has been
+ * assigned. (If one hasn't been assigned, no code we've
+ * generated uses that prefix, so we don't need to generate any
+ * code to load it.)
+ */
+ if (reg_off_ll != -1) {
/*
* The 2 bytes at offsets of 2 and 3 from the beginning
* of the radiotap header are the length of the radiotap
@@ -1906,7 +2285,7 @@ insert_radiotap_load_llprefixlen(b)
* it.
*/
s2 = new_stmt(BPF_ST);
- s2->s.k = reg_ll_size;
+ s2->s.k = reg_off_ll;
sappend(s1, s2);
/*
@@ -1915,13 +2294,9 @@ insert_radiotap_load_llprefixlen(b)
s2 = new_stmt(BPF_MISC|BPF_TAX);
sappend(s1, s2);
- /*
- * Now append all the existing statements in this
- * block to these statements.
- */
- sappend(s1, b->stmts);
- b->stmts = s1;
- }
+ return (s1);
+ } else
+ return (NULL);
}
/*
@@ -1930,21 +2305,21 @@ insert_radiotap_load_llprefixlen(b)
* the code at the beginning to compute the header length.
* Since this code generator of PPI supports bare 802.11
* encapsulation only (i.e. the encapsulated DLT should be
- * DLT_IEEE802_11) we generate code to check for this too.
+ * DLT_IEEE802_11) we generate code to check for this too;
+ * that's done in finish_parse().
*/
-static void
-insert_ppi_load_llprefixlen(b)
- struct block *b;
+static struct slist *
+gen_load_ppi_llprefixlen()
{
struct slist *s1, *s2;
/*
- * Prepend to the statements in this block code to load the
- * length of the radiotap header into the register assigned
- * to hold that length, if one has been assigned.
+ * Generate code to load the length of the radiotap header
+ * into the register assigned to hold that length, if one has
+ * been assigned.
*/
- if (reg_ll_size != -1) {
- /*
+ if (reg_off_ll != -1) {
+ /*
* The 2 bytes at offsets of 2 and 3 from the beginning
* of the radiotap header are the length of the radiotap
* header; unfortunately, it's little-endian, so we have
@@ -1978,7 +2353,7 @@ insert_ppi_load_llprefixlen(b)
* it.
*/
s2 = new_stmt(BPF_ST);
- s2->s.k = reg_ll_size;
+ s2->s.k = reg_off_ll;
sappend(s1, s2);
/*
@@ -1987,16 +2362,295 @@ insert_ppi_load_llprefixlen(b)
s2 = new_stmt(BPF_MISC|BPF_TAX);
sappend(s1, s2);
+ return (s1);
+ } else
+ return (NULL);
+}
+
+/*
+ * Load a value relative to the beginning of the link-layer header after the 802.11
+ * header, i.e. LLC_SNAP.
+ * The link-layer header doesn't necessarily begin at the beginning
+ * of the packet data; there might be a variable-length prefix containing
+ * radio information.
+ */
+static struct slist *
+gen_load_802_11_header_len(struct slist *s, struct slist *snext)
+{
+ struct slist *s2;
+ struct slist *sjset_data_frame_1;
+ struct slist *sjset_data_frame_2;
+ struct slist *sjset_qos;
+ struct slist *sjset_radiotap_flags;
+ struct slist *sjset_radiotap_tsft;
+ struct slist *sjset_tsft_datapad, *sjset_notsft_datapad;
+ struct slist *s_roundup;
+
+ if (reg_off_macpl == -1) {
/*
- * Now append all the existing statements in this
- * block to these statements.
+ * No register has been assigned to the offset of
+ * the MAC-layer payload, which means nobody needs
+ * it; don't bother computing it - just return
+ * what we already have.
*/
- sappend(s1, b->stmts);
- b->stmts = s1;
+ return (s);
+ }
+ /*
+ * This code is not compatible with the optimizer, as
+ * we are generating jmp instructions within a normal
+ * slist of instructions
+ */
+ no_optimize = 1;
+
+ /*
+ * If "s" is non-null, it has code to arrange that the X register
+ * contains the length of the prefix preceding the link-layer
+ * header.
+ *
+ * Otherwise, the length of the prefix preceding the link-layer
+ * header is "off_ll".
+ */
+ if (s == NULL) {
+ /*
+ * There is no variable-length header preceding the
+ * link-layer header.
+ *
+ * Load the length of the fixed-length prefix preceding
+ * the link-layer header (if any) into the X register,
+ * and store it in the reg_off_macpl register.
+ * That length is off_ll.
+ */
+ s = new_stmt(BPF_LDX|BPF_IMM);
+ s->s.k = off_ll;
}
+
+ /*
+ * The X register contains the offset of the beginning of the
+ * link-layer header; add 24, which is the minimum length
+ * of the MAC header for a data frame, to that, and store it
+ * in reg_off_macpl, and then load the Frame Control field,
+ * which is at the offset in the X register, with an indexed load.
+ */
+ s2 = new_stmt(BPF_MISC|BPF_TXA);
+ sappend(s, s2);
+ s2 = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
+ s2->s.k = 24;
+ sappend(s, s2);
+ s2 = new_stmt(BPF_ST);
+ s2->s.k = reg_off_macpl;
+ sappend(s, s2);
+
+ s2 = new_stmt(BPF_LD|BPF_IND|BPF_B);
+ s2->s.k = 0;
+ sappend(s, s2);
+
+ /*
+ * Check the Frame Control field to see if this is a data frame;
+ * a data frame has the 0x08 bit (b3) in that field set and the
+ * 0x04 bit (b2) clear.
+ */
+ sjset_data_frame_1 = new_stmt(JMP(BPF_JSET));
+ sjset_data_frame_1->s.k = 0x08;
+ sappend(s, sjset_data_frame_1);
+
+ /*
+ * If b3 is set, test b2, otherwise go to the first statement of
+ * the rest of the program.
+ */
+ sjset_data_frame_1->s.jt = sjset_data_frame_2 = new_stmt(JMP(BPF_JSET));
+ sjset_data_frame_2->s.k = 0x04;
+ sappend(s, sjset_data_frame_2);
+ sjset_data_frame_1->s.jf = snext;
+
+ /*
+ * If b2 is not set, this is a data frame; test the QoS bit.
+ * Otherwise, go to the first statement of the rest of the
+ * program.
+ */
+ sjset_data_frame_2->s.jt = snext;
+ sjset_data_frame_2->s.jf = sjset_qos = new_stmt(JMP(BPF_JSET));
+ sjset_qos->s.k = 0x80; /* QoS bit */
+ sappend(s, sjset_qos);
+
+ /*
+ * If it's set, add 2 to reg_off_macpl, to skip the QoS
+ * field.
+ * Otherwise, go to the first statement of the rest of the
+ * program.
+ */
+ sjset_qos->s.jt = s2 = new_stmt(BPF_LD|BPF_MEM);
+ s2->s.k = reg_off_macpl;
+ sappend(s, s2);
+ s2 = new_stmt(BPF_ALU|BPF_ADD|BPF_IMM);
+ s2->s.k = 2;
+ sappend(s, s2);
+ s2 = new_stmt(BPF_ST);
+ s2->s.k = reg_off_macpl;
+ sappend(s, s2);
+
+ /*
+ * If we have a radiotap header, look at it to see whether
+ * there's Atheros padding between the MAC-layer header
+ * and the payload.
+ *
+ * Note: all of the fields in the radiotap header are
+ * little-endian, so we byte-swap all of the values
+ * we test against, as they will be loaded as big-endian
+ * values.
+ */
+ if (linktype == DLT_IEEE802_11_RADIO) {
+ /*
+ * Is the IEEE80211_RADIOTAP_FLAGS bit (0x0000002) set
+ * in the presence flag?
+ */
+ sjset_qos->s.jf = s2 = new_stmt(BPF_LD|BPF_ABS|BPF_W);
+ s2->s.k = 4;
+ sappend(s, s2);
+
+ sjset_radiotap_flags = new_stmt(JMP(BPF_JSET));
+ sjset_radiotap_flags->s.k = SWAPLONG(0x00000002);
+ sappend(s, sjset_radiotap_flags);
+
+ /*
+ * If not, skip all of this.
+ */
+ sjset_radiotap_flags->s.jf = snext;
+
+ /*
+ * Otherwise, is the IEEE80211_RADIOTAP_TSFT bit set?
+ */
+ sjset_radiotap_tsft = sjset_radiotap_flags->s.jt =
+ new_stmt(JMP(BPF_JSET));
+ sjset_radiotap_tsft->s.k = SWAPLONG(0x00000001);
+ sappend(s, sjset_radiotap_tsft);
+
+ /*
+ * If IEEE80211_RADIOTAP_TSFT is set, the flags field is
+ * at an offset of 16 from the beginning of the raw packet
+ * data (8 bytes for the radiotap header and 8 bytes for
+ * the TSFT field).
+ *
+ * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20)
+ * is set.
+ */
+ sjset_radiotap_tsft->s.jt = s2 = new_stmt(BPF_LD|BPF_ABS|BPF_B);
+ s2->s.k = 16;
+ sappend(s, s2);
+
+ sjset_tsft_datapad = new_stmt(JMP(BPF_JSET));
+ sjset_tsft_datapad->s.k = 0x20;
+ sappend(s, sjset_tsft_datapad);
+
+ /*
+ * If IEEE80211_RADIOTAP_TSFT is not set, the flags field is
+ * at an offset of 8 from the beginning of the raw packet
+ * data (8 bytes for the radiotap header).
+ *
+ * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20)
+ * is set.
+ */
+ sjset_radiotap_tsft->s.jf = s2 = new_stmt(BPF_LD|BPF_ABS|BPF_B);
+ s2->s.k = 8;
+ sappend(s, s2);
+
+ sjset_notsft_datapad = new_stmt(JMP(BPF_JSET));
+ sjset_notsft_datapad->s.k = 0x20;
+ sappend(s, sjset_notsft_datapad);
+
+ /*
+ * In either case, if IEEE80211_RADIOTAP_F_DATAPAD is
+ * set, round the length of the 802.11 header to
+ * a multiple of 4. Do that by adding 3 and then
+ * dividing by and multiplying by 4, which we do by
+ * ANDing with ~3.
+ */
+ s_roundup = new_stmt(BPF_LD|BPF_MEM);
+ s_roundup->s.k = reg_off_macpl;
+ sappend(s, s_roundup);
+ s2 = new_stmt(BPF_ALU|BPF_ADD|BPF_IMM);
+ s2->s.k = 3;
+ sappend(s, s2);
+ s2 = new_stmt(BPF_ALU|BPF_AND|BPF_IMM);
+ s2->s.k = ~3;
+ sappend(s, s2);
+ s2 = new_stmt(BPF_ST);
+ s2->s.k = reg_off_macpl;
+ sappend(s, s2);
+
+ sjset_tsft_datapad->s.jt = s_roundup;
+ sjset_tsft_datapad->s.jf = snext;
+ sjset_notsft_datapad->s.jt = s_roundup;
+ sjset_notsft_datapad->s.jf = snext;
+ } else
+ sjset_qos->s.jf = snext;
+
+ return s;
}
-
+
+static void
+insert_compute_vloffsets(b)
+ struct block *b;
+{
+ struct slist *s;
+
+ /*
+ * For link-layer types that have a variable-length header
+ * preceding the link-layer header, generate code to load
+ * the offset of the link-layer header into the register
+ * assigned to that offset, if any.
+ */
+ switch (linktype) {
+
+ case DLT_PRISM_HEADER:
+ s = gen_load_prism_llprefixlen();
+ break;
+
+ case DLT_IEEE802_11_RADIO_AVS:
+ s = gen_load_avs_llprefixlen();
+ break;
+
+ case DLT_IEEE802_11_RADIO:
+ s = gen_load_radiotap_llprefixlen();
+ break;
+
+ case DLT_PPI:
+ s = gen_load_ppi_llprefixlen();
+ break;
+
+ default:
+ s = NULL;
+ break;
+ }
+
+ /*
+ * For link-layer types that have a variable-length link-layer
+ * header, generate code to load the offset of the MAC-layer
+ * payload into the register assigned to that offset, if any.
+ */
+ switch (linktype) {
+
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ case DLT_PPI:
+ s = gen_load_802_11_header_len(s, b->stmts);
+ break;
+ }
+
+ /*
+ * If we have any offset-loading code, append all the
+ * existing statements in the block to those statements,
+ * and make the resulting list the list of statements
+ * for the block.
+ */
+ if (s != NULL) {
+ sappend(s, b->stmts);
+ b->stmts = s;
+ }
+}
+
static struct block *
gen_ppi_dlt_check(void)
{
@@ -2023,42 +2677,61 @@ gen_ppi_dlt_check(void)
return b;
}
-static void
-insert_load_llprefixlen(b)
- struct block *b;
+static struct slist *
+gen_prism_llprefixlen(void)
{
- switch (linktype) {
+ struct slist *s;
+
+ if (reg_off_ll == -1) {
+ /*
+ * We haven't yet assigned a register for the length
+ * of the radio header; allocate one.
+ */
+ reg_off_ll = alloc_reg();
+ }
- /*
- * At the moment we treat PPI as normal Radiotap encoded
- * packets. The difference is in the function that generates
- * the code at the beginning to compute the header length.
- * Since this code generator of PPI supports bare 802.11
- * encapsulation only (i.e. the encapsulated DLT should be
- * DLT_IEEE802_11) we generate code to check for this too.
+ /*
+ * Load the register containing the radio length
+ * into the X register.
*/
- case DLT_PPI:
- insert_ppi_load_llprefixlen(b);
- break;
+ s = new_stmt(BPF_LDX|BPF_MEM);
+ s->s.k = reg_off_ll;
+ return s;
+}
- case DLT_IEEE802_11_RADIO:
- insert_radiotap_load_llprefixlen(b);
- break;
+static struct slist *
+gen_avs_llprefixlen(void)
+{
+ struct slist *s;
+
+ if (reg_off_ll == -1) {
+ /*
+ * We haven't yet assigned a register for the length
+ * of the AVS header; allocate one.
+ */
+ reg_off_ll = alloc_reg();
}
-}
+ /*
+ * Load the register containing the AVS length
+ * into the X register.
+ */
+ s = new_stmt(BPF_LDX|BPF_MEM);
+ s->s.k = reg_off_ll;
+ return s;
+}
static struct slist *
gen_radiotap_llprefixlen(void)
{
struct slist *s;
- if (reg_ll_size == -1) {
+ if (reg_off_ll == -1) {
/*
* We haven't yet assigned a register for the length
* of the radiotap header; allocate one.
*/
- reg_ll_size = alloc_reg();
+ reg_off_ll = alloc_reg();
}
/*
@@ -2066,7 +2739,7 @@ gen_radiotap_llprefixlen(void)
* into the X register.
*/
s = new_stmt(BPF_LDX|BPF_MEM);
- s->s.k = reg_ll_size;
+ s->s.k = reg_off_ll;
return s;
}
@@ -2083,25 +2756,23 @@ gen_ppi_llprefixlen(void)
{
struct slist *s;
- if (reg_ll_size == -1) {
+ if (reg_off_ll == -1) {
/*
* We haven't yet assigned a register for the length
* of the radiotap header; allocate one.
*/
- reg_ll_size = alloc_reg();
+ reg_off_ll = alloc_reg();
}
/*
- * Load the register containing the radiotap length
+ * Load the register containing the PPI length
* into the X register.
*/
s = new_stmt(BPF_LDX|BPF_MEM);
- s->s.k = reg_ll_size;
+ s->s.k = reg_off_ll;
return s;
}
-
-
/*
* Generate code to compute the link-layer header length, if necessary,
* putting it into the X register, and to return either a pointer to a
@@ -2113,19 +2784,110 @@ gen_llprefixlen(void)
{
switch (linktype) {
- case DLT_PPI:
- return gen_ppi_llprefixlen();
+ case DLT_PRISM_HEADER:
+ return gen_prism_llprefixlen();
+
+ case DLT_IEEE802_11_RADIO_AVS:
+ return gen_avs_llprefixlen();
-
case DLT_IEEE802_11_RADIO:
return gen_radiotap_llprefixlen();
+ case DLT_PPI:
+ return gen_ppi_llprefixlen();
+
default:
return NULL;
}
}
/*
+ * Generate code to load the register containing the offset of the
+ * MAC-layer payload into the X register; if no register for that offset
+ * has been allocated, allocate it first.
+ */
+static struct slist *
+gen_off_macpl(void)
+{
+ struct slist *s;
+
+ if (off_macpl_is_variable) {
+ if (reg_off_macpl == -1) {
+ /*
+ * We haven't yet assigned a register for the offset
+ * of the MAC-layer payload; allocate one.
+ */
+ reg_off_macpl = alloc_reg();
+ }
+
+ /*
+ * Load the register containing the offset of the MAC-layer
+ * payload into the X register.
+ */
+ s = new_stmt(BPF_LDX|BPF_MEM);
+ s->s.k = reg_off_macpl;
+ return s;
+ } else {
+ /*
+ * That offset isn't variable, so we don't need to
+ * generate any code.
+ */
+ return NULL;
+ }
+}
+
+/*
+ * Map an Ethernet type to the equivalent PPP type.
+ */
+static int
+ethertype_to_ppptype(proto)
+ int proto;
+{
+ switch (proto) {
+
+ case ETHERTYPE_IP:
+ proto = PPP_IP;
+ break;
+
+#ifdef INET6
+ case ETHERTYPE_IPV6:
+ proto = PPP_IPV6;
+ break;
+#endif
+
+ case ETHERTYPE_DN:
+ proto = PPP_DECNET;
+ break;
+
+ case ETHERTYPE_ATALK:
+ proto = PPP_APPLE;
+ break;
+
+ case ETHERTYPE_NS:
+ proto = PPP_NS;
+ break;
+
+ case LLCSAP_ISONS:
+ proto = PPP_OSI;
+ break;
+
+ case LLCSAP_8021D:
+ /*
+ * I'm assuming the "Bridging PDU"s that go
+ * over PPP are Spanning Tree Protocol
+ * Bridging PDUs.
+ */
+ proto = PPP_BRPDU;
+ break;
+
+ case LLCSAP_IPX:
+ proto = PPP_IPX;
+ break;
+ }
+ return (proto);
+}
+
+/*
* Generate code to match a particular packet type by matching the
* link-layer type field or fields in the 802.2 LLC header.
*
@@ -2143,12 +2905,12 @@ gen_linktype(proto)
switch (proto) {
case ETHERTYPE_IP:
case PPP_IP:
- /* FIXME add other L3 proto IDs */
+ /* FIXME add other L3 proto IDs */
return gen_mpls_linktype(Q_IP);
case ETHERTYPE_IPV6:
case PPP_IPV6:
- /* FIXME add other L3 proto IDs */
+ /* FIXME add other L3 proto IDs */
return gen_mpls_linktype(Q_IPV6);
default:
@@ -2157,6 +2919,25 @@ gen_linktype(proto)
}
}
+ /*
+ * Are we testing PPPoE packets?
+ */
+ if (is_pppoes) {
+ /*
+ * The PPPoE session header is part of the
+ * MAC-layer payload, so all references
+ * should be relative to the beginning of
+ * that payload.
+ */
+
+ /*
+ * We use Ethernet protocol types inside libpcap;
+ * map them to the corresponding PPP protocol types.
+ */
+ proto = ethertype_to_ppptype(proto);
+ return gen_cmp(OR_MACPL, off_linktype, BPF_H, (bpf_int32)proto);
+ }
+
switch (linktype) {
case DLT_EN10MB:
@@ -2179,13 +2960,41 @@ gen_linktype(proto)
}
break;
- case DLT_PPI:
- case DLT_FDDI:
- case DLT_IEEE802:
case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
case DLT_IEEE802_11_RADIO_AVS:
case DLT_IEEE802_11_RADIO:
- case DLT_PRISM_HEADER:
+ case DLT_PPI:
+ /*
+ * Check that we have a data frame.
+ */
+ b0 = gen_check_802_11_data_frame();
+
+ /*
+ * Now check for the specified link-layer type.
+ */
+ b1 = gen_llc_linktype(proto);
+ gen_and(b0, b1);
+ return b1;
+ /*NOTREACHED*/
+ break;
+
+ case DLT_FDDI:
+ /*
+ * XXX - check for asynchronous frames, as per RFC 1103.
+ */
+ return gen_llc_linktype(proto);
+ /*NOTREACHED*/
+ break;
+
+ case DLT_IEEE802:
+ /*
+ * XXX - check for LLC PDUs, as per IEEE 802.5.
+ */
+ return gen_llc_linktype(proto);
+ /*NOTREACHED*/
+ break;
+
case DLT_ATM_RFC1483:
case DLT_ATM_CLIP:
case DLT_IP_OVER_FC:
@@ -2270,47 +3079,9 @@ gen_linktype(proto)
* We use Ethernet protocol types inside libpcap;
* map them to the corresponding PPP protocol types.
*/
- switch (proto) {
-
- case ETHERTYPE_IP:
- proto = PPP_IP;
- break;
-
-#ifdef INET6
- case ETHERTYPE_IPV6:
- proto = PPP_IPV6;
- break;
-#endif
-
- case ETHERTYPE_DN:
- proto = PPP_DECNET;
- break;
-
- case ETHERTYPE_ATALK:
- proto = PPP_APPLE;
- break;
-
- case ETHERTYPE_NS:
- proto = PPP_NS;
- break;
-
- case LLCSAP_ISONS:
- proto = PPP_OSI;
- break;
-
- case LLCSAP_8021D:
- /*
- * I'm assuming the "Bridging PDU"s that go
- * over PPP are Spanning Tree Protocol
- * Bridging PDUs.
- */
- proto = PPP_BRPDU;
- break;
-
- case LLCSAP_IPX:
- proto = PPP_IPX;
- break;
- }
+ proto = ethertype_to_ppptype(proto);
+ return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
+ /*NOTREACHED*/
break;
case DLT_PPP_BSDOS:
@@ -2321,6 +3092,10 @@ gen_linktype(proto)
switch (proto) {
case ETHERTYPE_IP:
+ /*
+ * Also check for Van Jacobson-compressed IP.
+ * XXX - do this for other forms of PPP?
+ */
b0 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_IP);
b1 = gen_cmp(OR_LINK, off_linktype, BPF_H, PPP_VJC);
gen_or(b0, b1);
@@ -2328,42 +3103,12 @@ gen_linktype(proto)
gen_or(b1, b0);
return b0;
-#ifdef INET6
- case ETHERTYPE_IPV6:
- proto = PPP_IPV6;
- /* more to go? */
- break;
-#endif
-
- case ETHERTYPE_DN:
- proto = PPP_DECNET;
- break;
-
- case ETHERTYPE_ATALK:
- proto = PPP_APPLE;
- break;
-
- case ETHERTYPE_NS:
- proto = PPP_NS;
- break;
-
- case LLCSAP_ISONS:
- proto = PPP_OSI;
- break;
-
- case LLCSAP_8021D:
- /*
- * I'm assuming the "Bridging PDU"s that go
- * over PPP are Spanning Tree Protocol
- * Bridging PDUs.
- */
- proto = PPP_BRPDU;
- break;
-
- case LLCSAP_IPX:
- proto = PPP_IPX;
- break;
+ default:
+ proto = ethertype_to_ppptype(proto);
+ return gen_cmp(OR_LINK, off_linktype, BPF_H,
+ (bpf_int32)proto);
}
+ /*NOTREACHED*/
break;
case DLT_NULL:
@@ -2552,6 +3297,9 @@ gen_linktype(proto)
/*NOTREACHED*/
break;
+ case DLT_MFR:
+ bpf_error("Multi-link Frame Relay link-layer type filtering not implemented");
+
case DLT_JUNIPER_MFR:
case DLT_JUNIPER_MLFR:
case DLT_JUNIPER_MLPPP:
@@ -2568,6 +3316,8 @@ gen_linktype(proto)
case DLT_JUNIPER_FRELAY:
case DLT_JUNIPER_CHDLC:
case DLT_JUNIPER_VP:
+ case DLT_JUNIPER_ST:
+ case DLT_JUNIPER_ISM:
/* just lets verify the magic number for now -
* on ATM we may have up to 6 different encapsulations on the wire
* and need a lot of heuristics to figure out that the payload
@@ -2583,8 +3333,51 @@ gen_linktype(proto)
case DLT_DOCSIS:
bpf_error("DOCSIS link-layer type filtering not implemented");
+ case DLT_MTP2:
+ case DLT_MTP2_WITH_PHDR:
+ bpf_error("MTP2 link-layer type filtering not implemented");
+
+ case DLT_ERF:
+ bpf_error("ERF link-layer type filtering not implemented");
+
+#ifdef DLT_PFSYNC
+ case DLT_PFSYNC:
+ bpf_error("PFSYNC link-layer type filtering not implemented");
+#endif
+
case DLT_LINUX_LAPD:
bpf_error("LAPD link-layer type filtering not implemented");
+
+ case DLT_USB:
+ case DLT_USB_LINUX:
+ bpf_error("USB link-layer type filtering not implemented");
+
+ case DLT_BLUETOOTH_HCI_H4:
+ case DLT_BLUETOOTH_HCI_H4_WITH_PHDR:
+ bpf_error("Bluetooth link-layer type filtering not implemented");
+
+ case DLT_CAN20B:
+ bpf_error("CAN20B link-layer type filtering not implemented");
+
+ case DLT_IEEE802_15_4:
+ case DLT_IEEE802_15_4_LINUX:
+ case DLT_IEEE802_15_4_NONASK_PHY:
+ bpf_error("IEEE 802.15.4 link-layer type filtering not implemented");
+
+ case DLT_IEEE802_16_MAC_CPS_RADIO:
+ bpf_error("IEEE 802.16 link-layer type filtering not implemented");
+
+ case DLT_SITA:
+ bpf_error("SITA link-layer type filtering not implemented");
+
+ case DLT_RAIF1:
+ bpf_error("RAIF1 link-layer type filtering not implemented");
+
+ case DLT_IPMB:
+ bpf_error("IPMB link-layer type filtering not implemented");
+
+ case DLT_AX25_KISS:
+ bpf_error("AX.25 link-layer type filtering not implemented");
}
/*
@@ -2602,12 +3395,7 @@ gen_linktype(proto)
/*
* Any type not handled above should always have an Ethernet
- * type at an offset of "off_linktype". (PPP is partially
- * handled above - the protocol type is mapped from the
- * Ethernet and LLC types we use internally to the corresponding
- * PPP type - but the PPP type is always specified by a value
- * at "off_linktype", so we don't have to do the code generation
- * above.)
+ * type at an offset of "off_linktype".
*/
return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_int32)proto);
}
@@ -2620,10 +3408,9 @@ gen_linktype(proto)
* code and protocol type in the SNAP header.
*/
static struct block *
-gen_snap(orgcode, ptype, offset)
+gen_snap(orgcode, ptype)
bpf_u_int32 orgcode;
bpf_u_int32 ptype;
- u_int offset;
{
u_char snapblock[8];
@@ -2635,7 +3422,7 @@ gen_snap(orgcode, ptype, offset)
snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */
snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */
snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */
- return gen_bcmp(OR_LINK, offset, 8, snapblock);
+ return gen_bcmp(OR_MACPL, 0, 8, snapblock);
}
/*
@@ -2668,7 +3455,7 @@ gen_llc_linktype(proto)
* DSAP, as we do for other types <= ETHERMTU
* (i.e., other SAP values)?
*/
- return gen_cmp(OR_LINK, off_linktype, BPF_H, (bpf_u_int32)
+ return gen_cmp(OR_MACPL, 0, BPF_H, (bpf_u_int32)
((proto << 8) | proto));
case LLCSAP_IPX:
@@ -2676,7 +3463,7 @@ gen_llc_linktype(proto)
* XXX - are there ever SNAP frames for IPX on
* non-Ethernet 802.x networks?
*/
- return gen_cmp(OR_LINK, off_linktype, BPF_B,
+ return gen_cmp(OR_MACPL, 0, BPF_B,
(bpf_int32)LLCSAP_IPX);
case ETHERTYPE_ATALK:
@@ -2689,7 +3476,7 @@ gen_llc_linktype(proto)
* XXX - check for an organization code of
* encapsulated Ethernet as well?
*/
- return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
+ return gen_snap(0x080007, ETHERTYPE_ATALK);
default:
/*
@@ -2701,8 +3488,7 @@ gen_llc_linktype(proto)
* This is an LLC SAP value, so check
* the DSAP.
*/
- return gen_cmp(OR_LINK, off_linktype, BPF_B,
- (bpf_int32)proto);
+ return gen_cmp(OR_MACPL, 0, BPF_B, (bpf_int32)proto);
} else {
/*
* This is an Ethernet type; we assume that it's
@@ -2717,15 +3503,13 @@ gen_llc_linktype(proto)
* organization code of 0x000000 (encapsulated
* Ethernet), we'd do
*
- * return gen_snap(0x000000, proto,
- * off_linktype);
+ * return gen_snap(0x000000, proto);
*
* here; for now, we don't, as per the above.
* I don't know whether it's worth the extra CPU
* time to do the right check or not.
*/
- return gen_cmp(OR_LINK, off_linktype+6, BPF_H,
- (bpf_int32)proto);
+ return gen_cmp(OR_MACPL, 6, BPF_H, (bpf_int32)proto);
}
}
}
@@ -2934,7 +3718,8 @@ gen_thostop(eaddr, dir)
}
/*
- * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
+ * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) and
+ * various 802.11 + radio headers.
*/
static struct block *
gen_wlanhostop(eaddr, dir)
@@ -2944,6 +3729,16 @@ gen_wlanhostop(eaddr, dir)
register struct block *b0, *b1, *b2;
register struct slist *s;
+#ifdef ENABLE_WLAN_FILTERING_PATCH
+ /*
+ * TODO GV 20070613
+ * We need to disable the optimizer because the optimizer is buggy
+ * and wipes out some LD instructions generated by the below
+ * code to validate the Frame Control bits
+ */
+ no_optimize = 1;
+#endif /* ENABLE_WLAN_FILTERING_PATCH */
+
switch (dir) {
case Q_SRC:
/*
@@ -3041,7 +3836,7 @@ gen_wlanhostop(eaddr, dir)
* Now check for a data frame.
* I.e, check "link[0] & 0x08".
*/
- gen_load_a(OR_LINK, 0, BPF_B);
+ s = gen_load_a(OR_LINK, 0, BPF_B);
b1 = new_block(JMP(BPF_JSET));
b1->s.k = 0x08;
b1->stmts = s;
@@ -3210,6 +4005,55 @@ gen_wlanhostop(eaddr, dir)
gen_and(b1, b0);
return b0;
+ /*
+ * XXX - add RA, TA, and BSSID keywords?
+ */
+ case Q_ADDR1:
+ return (gen_bcmp(OR_LINK, 4, 6, eaddr));
+
+ case Q_ADDR2:
+ /*
+ * Not present in CTS or ACK control frames.
+ */
+ b0 = gen_mcmp(OR_LINK, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
+ IEEE80211_FC0_TYPE_MASK);
+ gen_not(b0);
+ b1 = gen_mcmp(OR_LINK, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS,
+ IEEE80211_FC0_SUBTYPE_MASK);
+ gen_not(b1);
+ b2 = gen_mcmp(OR_LINK, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK,
+ IEEE80211_FC0_SUBTYPE_MASK);
+ gen_not(b2);
+ gen_and(b1, b2);
+ gen_or(b0, b2);
+ b1 = gen_bcmp(OR_LINK, 10, 6, eaddr);
+ gen_and(b2, b1);
+ return b1;
+
+ case Q_ADDR3:
+ /*
+ * Not present in control frames.
+ */
+ b0 = gen_mcmp(OR_LINK, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
+ IEEE80211_FC0_TYPE_MASK);
+ gen_not(b0);
+ b1 = gen_bcmp(OR_LINK, 16, 6, eaddr);
+ gen_and(b0, b1);
+ return b1;
+
+ case Q_ADDR4:
+ /*
+ * Present only if the direction mask has both "From DS"
+ * and "To DS" set. Neither control frames nor management
+ * frames should have both of those set, so we don't
+ * check the frame type.
+ */
+ b0 = gen_mcmp(OR_LINK, 1, BPF_B,
+ IEEE80211_FC1_DIR_DSTODS, IEEE80211_FC1_DIR_MASK);
+ b1 = gen_bcmp(OR_LINK, 24, 6, eaddr);
+ gen_and(b0, b1);
+ return b1;
+
case Q_AND:
b0 = gen_wlanhostop(eaddr, Q_SRC);
b1 = gen_wlanhostop(eaddr, Q_DST);
@@ -3652,48 +4496,48 @@ gen_gateway(eaddr, alist, proto, dir)
case Q_IP:
case Q_ARP:
case Q_RARP:
- switch (linktype) {
- case DLT_EN10MB:
- b0 = gen_ehostop(eaddr, Q_OR);
- break;
- case DLT_FDDI:
- b0 = gen_fhostop(eaddr, Q_OR);
- break;
+ switch (linktype) {
+ case DLT_EN10MB:
+ b0 = gen_ehostop(eaddr, Q_OR);
+ break;
+ case DLT_FDDI:
+ b0 = gen_fhostop(eaddr, Q_OR);
+ break;
case DLT_IEEE802:
- b0 = gen_thostop(eaddr, Q_OR);
- break;
+ b0 = gen_thostop(eaddr, Q_OR);
+ break;
case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
case DLT_IEEE802_11_RADIO_AVS:
- case DLT_PPI:
case DLT_IEEE802_11_RADIO:
- case DLT_PRISM_HEADER:
- b0 = gen_wlanhostop(eaddr, Q_OR);
- break;
- case DLT_SUNATM:
- if (is_lane) {
- /*
- * Check that the packet doesn't begin with an
- * LE Control marker. (We've already generated
- * a test for LANE.)
- */
- b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
- 0xFF00);
- gen_not(b1);
+ case DLT_PPI:
+ b0 = gen_wlanhostop(eaddr, Q_OR);
+ break;
+ case DLT_SUNATM:
+ if (is_lane) {
+ /*
+ * Check that the packet doesn't begin with an
+ * LE Control marker. (We've already generated
+ * a test for LANE.)
+ */
+ b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS,
+ BPF_H, 0xFF00);
+ gen_not(b1);
- /*
- * Now check the MAC address.
- */
- b0 = gen_ehostop(eaddr, Q_OR);
- gen_and(b1, b0);
- }
- break;
+ /*
+ * Now check the MAC address.
+ */
+ b0 = gen_ehostop(eaddr, Q_OR);
+ gen_and(b1, b0);
+ }
+ break;
case DLT_IP_OVER_FC:
- b0 = gen_ipfchostop(eaddr, Q_OR);
- break;
- default:
- bpf_error(
+ b0 = gen_ipfchostop(eaddr, Q_OR);
+ break;
+ default:
+ bpf_error(
"'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
- }
+ }
b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR, Q_HOST);
while (*alist) {
tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR,
@@ -4458,7 +5302,8 @@ gen_protochain(v, proto, dir)
}
/*
- * We don't handle variable-length radiotap here headers yet.
+ * We don't handle variable-length prefixes before the link-layer
+ * header, or variable-length link-layer headers, here yet.
* We might want to add BPF instructions to do the protochain
* work, to simplify that and, on platforms that have a BPF
* interpreter with the new instructions, let the filtering
@@ -4467,11 +5312,15 @@ gen_protochain(v, proto, dir)
* branches, and backward branch support is unlikely to appear
* in kernel BPF engines.)
*/
- if (linktype == DLT_IEEE802_11_RADIO)
- bpf_error("'protochain' not supported with radiotap headers");
+ switch (linktype) {
- if (linktype == DLT_PPI)
- bpf_error("'protochain' not supported with PPI headers");
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ case DLT_PPI:
+ bpf_error("'protochain' not supported with 802.11");
+ }
no_optimize = 1; /*this code is not compatible with optimzer yet */
@@ -4490,11 +5339,11 @@ gen_protochain(v, proto, dir)
/* A = ip->ip_p */
s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
- s[i]->s.k = off_ll + off_nl + 9;
+ s[i]->s.k = off_macpl + off_nl + 9;
i++;
/* X = ip->ip_hl << 2 */
s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
- s[i]->s.k = off_ll + off_nl;
+ s[i]->s.k = off_macpl + off_nl;
i++;
break;
#ifdef INET6
@@ -4503,7 +5352,7 @@ gen_protochain(v, proto, dir)
/* A = ip6->ip_nxt */
s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
- s[i]->s.k = off_ll + off_nl + 6;
+ s[i]->s.k = off_macpl + off_nl + 6;
i++;
/* X = sizeof(struct ip6_hdr) */
s[i] = new_stmt(BPF_LDX|BPF_IMM);
@@ -4583,7 +5432,7 @@ gen_protochain(v, proto, dir)
i++;
/* A = P[X + packet head] */
s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
- s[i]->s.k = off_ll + off_nl;
+ s[i]->s.k = off_macpl + off_nl;
i++;
/* MEM[reg2] = A */
s[i] = new_stmt(BPF_ST);
@@ -4601,7 +5450,7 @@ gen_protochain(v, proto, dir)
i++;
/* A = P[X + packet head]; */
s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
- s[i]->s.k = off_ll + off_nl;
+ s[i]->s.k = off_macpl + off_nl;
i++;
/* A += 1 */
s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
@@ -4660,7 +5509,7 @@ gen_protochain(v, proto, dir)
i++;
/* A = P[X + packet head]; */
s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
- s[i]->s.k = off_ll + off_nl;
+ s[i]->s.k = off_macpl + off_nl;
i++;
/* MEM[reg2] = A */
s[i] = new_stmt(BPF_ST);
@@ -4678,7 +5527,7 @@ gen_protochain(v, proto, dir)
i++;
/* A = P[X + packet head] */
s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
- s[i]->s.k = off_ll + off_nl;
+ s[i]->s.k = off_macpl + off_nl;
i++;
/* A += 2 */
s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
@@ -4732,6 +5581,31 @@ gen_protochain(v, proto, dir)
#endif
}
+static struct block *
+gen_check_802_11_data_frame()
+{
+ struct slist *s;
+ struct block *b0, *b1;
+
+ /*
+ * A data frame has the 0x08 bit (b3) in the frame control field set
+ * and the 0x04 bit (b2) clear.
+ */
+ s = gen_load_a(OR_LINK, 0, BPF_B);
+ b0 = new_block(JMP(BPF_JSET));
+ b0->s.k = 0x08;
+ b0->stmts = s;
+
+ s = gen_load_a(OR_LINK, 0, BPF_B);
+ b1 = new_block(JMP(BPF_JSET));
+ b1->s.k = 0x04;
+ b1->stmts = s;
+ gen_not(b1);
+
+ gen_and(b1, b0);
+
+ return b0;
+}
/*
* Generate code that checks whether the packet is a packet for protocol
@@ -5019,9 +5893,9 @@ gen_scode(name, q)
return b;
case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
case DLT_IEEE802_11_RADIO_AVS:
case DLT_IEEE802_11_RADIO:
- case DLT_PRISM_HEADER:
case DLT_PPI:
eaddr = pcap_ether_hostton(name);
if (eaddr == NULL)
@@ -5250,7 +6124,6 @@ gen_scode(name, q)
else
bpf_error("unknown protocol: %s", name);
-
case Q_UNDEF:
syntax();
/* NOTREACHED */
@@ -5487,44 +6360,44 @@ gen_ecode(eaddr, q)
struct block *b, *tmp;
if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
- switch (linktype) {
- case DLT_EN10MB:
- return gen_ehostop(eaddr, (int)q.dir);
- case DLT_FDDI:
- return gen_fhostop(eaddr, (int)q.dir);
- case DLT_IEEE802:
- return gen_thostop(eaddr, (int)q.dir);
- case DLT_IEEE802_11:
- case DLT_IEEE802_11_RADIO_AVS:
- case DLT_IEEE802_11_RADIO:
- case DLT_PRISM_HEADER:
- case DLT_PPI:
- return gen_wlanhostop(eaddr, (int)q.dir);
- case DLT_SUNATM:
- if (is_lane) {
- /*
- * Check that the packet doesn't begin with an
- * LE Control marker. (We've already generated
- * a test for LANE.)
- */
- tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
- 0xFF00);
- gen_not(tmp);
-
- /*
- * Now check the MAC address.
- */
- b = gen_ehostop(eaddr, (int)q.dir);
- gen_and(tmp, b);
- return b;
- }
- break;
- case DLT_IP_OVER_FC:
- return gen_ipfchostop(eaddr, (int)q.dir);
- default:
- bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
- break;
- }
+ switch (linktype) {
+ case DLT_EN10MB:
+ return gen_ehostop(eaddr, (int)q.dir);
+ case DLT_FDDI:
+ return gen_fhostop(eaddr, (int)q.dir);
+ case DLT_IEEE802:
+ return gen_thostop(eaddr, (int)q.dir);
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ case DLT_PPI:
+ return gen_wlanhostop(eaddr, (int)q.dir);
+ case DLT_SUNATM:
+ if (is_lane) {
+ /*
+ * Check that the packet doesn't begin with an
+ * LE Control marker. (We've already generated
+ * a test for LANE.)
+ */
+ tmp = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
+ 0xFF00);
+ gen_not(tmp);
+
+ /*
+ * Now check the MAC address.
+ */
+ b = gen_ehostop(eaddr, (int)q.dir);
+ gen_and(tmp, b);
+ return b;
+ }
+ break;
+ case DLT_IP_OVER_FC:
+ return gen_ipfchostop(eaddr, (int)q.dir);
+ default:
+ bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
+ break;
+ }
}
bpf_error("ethernet address used in non-ether expression");
/* NOTREACHED */
@@ -5691,14 +6564,14 @@ gen_load(proto, inst, size)
* XXX - are there any cases where we want
* off_nl_nosnap?
*/
- s = gen_llprefixlen();
+ s = gen_off_macpl();
/*
* If "s" is non-null, it has code to arrange that the
- * X register contains the length of the prefix preceding
- * the link-layer header. Add to it the offset computed
- * into the register specified by "index", and move that
- * into the X register. Otherwise, just load into the X
+ * X register contains the offset of the MAC-layer
+ * payload. Add to it the offset computed into the
+ * register specified by "index", and move that into
+ * the X register. Otherwise, just load into the X
* register the offset computed into the register specifed
* by "index".
*/
@@ -5712,13 +6585,17 @@ gen_load(proto, inst, size)
/*
* Load the item at the sum of the offset we've put in the
* X register, the offset of the start of the network
- * layer header, and the offset of the start of the link
- * layer header (which is 0 if the radio header is
- * variable-length; that header length is what we put
- * into the X register and then added to the index).
+ * layer header from the beginning of the MAC-layer
+ * payload, and the purported offset of the start of the
+ * MAC-layer payload (which might be 0 if there's a
+ * variable-length prefix before the link-layer header
+ * or the link-layer header itself is variable-length;
+ * the variable-length offset of the start of the
+ * MAC-layer payload is what we put into the X register
+ * and then added to the index).
*/
tmp = new_stmt(BPF_LD|BPF_IND|size);
- tmp->s.k = off_ll + off_nl;
+ tmp->s.k = off_macpl + off_nl;
sappend(s, tmp);
sappend(inst->s, s);
@@ -5759,22 +6636,24 @@ gen_load(proto, inst, size)
/*
* The X register now contains the sum of the length
* of any variable-length header preceding the link-layer
- * header and the length of the network-layer header.
+ * header, any variable-length link-layer header, and the
+ * length of the network-layer header.
+ *
* Load into the A register the offset relative to
* the beginning of the transport layer header,
* add the X register to that, move that to the
* X register, and load with an offset from the
* X register equal to the offset of the network
* layer header relative to the beginning of
- * the link-layer header plus the length of any
- * fixed-length header preceding the link-layer
- * header.
+ * the MAC-layer payload plus the fixed-length
+ * portion of the offset of the MAC-layer payload
+ * from the beginning of the raw packet data.
*/
sappend(s, xfer_to_a(inst));
sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
sappend(s, new_stmt(BPF_MISC|BPF_TAX));
sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
- tmp->s.k = off_ll + off_nl;
+ tmp->s.k = off_macpl + off_nl;
sappend(inst->s, s);
/*
@@ -5941,6 +6820,16 @@ static int regused[BPF_MEMWORDS];
static int curreg;
/*
+ * Initialize the table of used registers and the current register.
+ */
+static void
+init_regs()
+{
+ curreg = 0;
+ memset(regused, 0, sizeof regused);
+}
+
+/*
* Return the next free register.
*/
static int
@@ -6071,46 +6960,46 @@ gen_broadcast(proto)
case Q_DEFAULT:
case Q_LINK:
- switch (linktype) {
- case DLT_ARCNET:
- case DLT_ARCNET_LINUX:
- return gen_ahostop(abroadcast, Q_DST);
- case DLT_EN10MB:
- return gen_ehostop(ebroadcast, Q_DST);
- case DLT_FDDI:
- return gen_fhostop(ebroadcast, Q_DST);
- case DLT_IEEE802:
- return gen_thostop(ebroadcast, Q_DST);
- case DLT_IEEE802_11:
- case DLT_IEEE802_11_RADIO_AVS:
- case DLT_IEEE802_11_RADIO:
- case DLT_PPI:
- case DLT_PRISM_HEADER:
- return gen_wlanhostop(ebroadcast, Q_DST);
- case DLT_IP_OVER_FC:
- return gen_ipfchostop(ebroadcast, Q_DST);
- case DLT_SUNATM:
- if (is_lane) {
- /*
- * Check that the packet doesn't begin with an
- * LE Control marker. (We've already generated
- * a test for LANE.)
- */
- b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
- 0xFF00);
- gen_not(b1);
+ switch (linktype) {
+ case DLT_ARCNET:
+ case DLT_ARCNET_LINUX:
+ return gen_ahostop(abroadcast, Q_DST);
+ case DLT_EN10MB:
+ return gen_ehostop(ebroadcast, Q_DST);
+ case DLT_FDDI:
+ return gen_fhostop(ebroadcast, Q_DST);
+ case DLT_IEEE802:
+ return gen_thostop(ebroadcast, Q_DST);
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ case DLT_PPI:
+ return gen_wlanhostop(ebroadcast, Q_DST);
+ case DLT_IP_OVER_FC:
+ return gen_ipfchostop(ebroadcast, Q_DST);
+ case DLT_SUNATM:
+ if (is_lane) {
+ /*
+ * Check that the packet doesn't begin with an
+ * LE Control marker. (We've already generated
+ * a test for LANE.)
+ */
+ b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS,
+ BPF_H, 0xFF00);
+ gen_not(b1);
- /*
- * Now check the MAC address.
- */
- b0 = gen_ehostop(ebroadcast, Q_DST);
- gen_and(b1, b0);
- return b0;
- }
- break;
- default:
- bpf_error("not a broadcast link");
- }
+ /*
+ * Now check the MAC address.
+ */
+ b0 = gen_ehostop(ebroadcast, Q_DST);
+ gen_and(b1, b0);
+ return b0;
+ }
+ break;
+ default:
+ bpf_error("not a broadcast link");
+ }
break;
case Q_IP:
@@ -6158,167 +7047,167 @@ gen_multicast(proto)
case Q_DEFAULT:
case Q_LINK:
- switch (linktype) {
- case DLT_ARCNET:
- case DLT_ARCNET_LINUX:
- /* all ARCnet multicasts use the same address */
- return gen_ahostop(abroadcast, Q_DST);
- case DLT_EN10MB:
- /* ether[0] & 1 != 0 */
- return gen_mac_multicast(0);
- case DLT_FDDI:
- /*
- * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
- *
- * XXX - was that referring to bit-order issues?
- */
- /* fddi[1] & 1 != 0 */
- return gen_mac_multicast(1);
- case DLT_IEEE802:
- /* tr[2] & 1 != 0 */
- return gen_mac_multicast(2);
- case DLT_IEEE802_11:
- case DLT_IEEE802_11_RADIO_AVS:
- case DLT_PPI:
- case DLT_IEEE802_11_RADIO:
- case DLT_PRISM_HEADER:
- /*
- * Oh, yuk.
- *
- * For control frames, there is no DA.
- *
- * For management frames, DA is at an
- * offset of 4 from the beginning of
- * the packet.
- *
- * For data frames, DA is at an offset
- * of 4 from the beginning of the packet
- * if To DS is clear and at an offset of
- * 16 from the beginning of the packet
- * if To DS is set.
- */
-
- /*
- * Generate the tests to be done for data frames.
- *
- * First, check for To DS set, i.e. "link[1] & 0x01".
- */
- s = gen_load_a(OR_LINK, 1, BPF_B);
- b1 = new_block(JMP(BPF_JSET));
- b1->s.k = 0x01; /* To DS */
- b1->stmts = s;
-
- /*
- * If To DS is set, the DA is at 16.
- */
- b0 = gen_mac_multicast(16);
- gen_and(b1, b0);
-
- /*
- * Now, check for To DS not set, i.e. check
- * "!(link[1] & 0x01)".
- */
- s = gen_load_a(OR_LINK, 1, BPF_B);
- b2 = new_block(JMP(BPF_JSET));
- b2->s.k = 0x01; /* To DS */
- b2->stmts = s;
- gen_not(b2);
-
- /*
- * If To DS is not set, the DA is at 4.
- */
- b1 = gen_mac_multicast(4);
- gen_and(b2, b1);
-
- /*
- * Now OR together the last two checks. That gives
- * the complete set of checks for data frames.
- */
- gen_or(b1, b0);
-
- /*
- * Now check for a data frame.
- * I.e, check "link[0] & 0x08".
- */
- s = gen_load_a(OR_LINK, 0, BPF_B);
- b1 = new_block(JMP(BPF_JSET));
- b1->s.k = 0x08;
- b1->stmts = s;
-
- /*
- * AND that with the checks done for data frames.
- */
- gen_and(b1, b0);
-
- /*
- * If the high-order bit of the type value is 0, this
- * is a management frame.
- * I.e, check "!(link[0] & 0x08)".
- */
- s = gen_load_a(OR_LINK, 0, BPF_B);
- b2 = new_block(JMP(BPF_JSET));
- b2->s.k = 0x08;
- b2->stmts = s;
- gen_not(b2);
-
- /*
- * For management frames, the DA is at 4.
- */
- b1 = gen_mac_multicast(4);
- gen_and(b2, b1);
-
- /*
- * OR that with the checks done for data frames.
- * That gives the checks done for management and
- * data frames.
- */
- gen_or(b1, b0);
-
- /*
- * If the low-order bit of the type value is 1,
- * this is either a control frame or a frame
- * with a reserved type, and thus not a
- * frame with an SA.
- *
- * I.e., check "!(link[0] & 0x04)".
- */
- s = gen_load_a(OR_LINK, 0, BPF_B);
- b1 = new_block(JMP(BPF_JSET));
- b1->s.k = 0x04;
- b1->stmts = s;
- gen_not(b1);
-
- /*
- * AND that with the checks for data and management
- * frames.
- */
- gen_and(b1, b0);
- return b0;
- case DLT_IP_OVER_FC:
- b0 = gen_mac_multicast(2);
- return b0;
- case DLT_SUNATM:
- if (is_lane) {
+ switch (linktype) {
+ case DLT_ARCNET:
+ case DLT_ARCNET_LINUX:
+ /* all ARCnet multicasts use the same address */
+ return gen_ahostop(abroadcast, Q_DST);
+ case DLT_EN10MB:
+ /* ether[0] & 1 != 0 */
+ return gen_mac_multicast(0);
+ case DLT_FDDI:
/*
- * Check that the packet doesn't begin with an
- * LE Control marker. (We've already generated
- * a test for LANE.)
+ * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
+ *
+ * XXX - was that referring to bit-order issues?
*/
- b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS, BPF_H,
- 0xFF00);
+ /* fddi[1] & 1 != 0 */
+ return gen_mac_multicast(1);
+ case DLT_IEEE802:
+ /* tr[2] & 1 != 0 */
+ return gen_mac_multicast(2);
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ case DLT_PPI:
+ /*
+ * Oh, yuk.
+ *
+ * For control frames, there is no DA.
+ *
+ * For management frames, DA is at an
+ * offset of 4 from the beginning of
+ * the packet.
+ *
+ * For data frames, DA is at an offset
+ * of 4 from the beginning of the packet
+ * if To DS is clear and at an offset of
+ * 16 from the beginning of the packet
+ * if To DS is set.
+ */
+
+ /*
+ * Generate the tests to be done for data frames.
+ *
+ * First, check for To DS set, i.e. "link[1] & 0x01".
+ */
+ s = gen_load_a(OR_LINK, 1, BPF_B);
+ b1 = new_block(JMP(BPF_JSET));
+ b1->s.k = 0x01; /* To DS */
+ b1->stmts = s;
+
+ /*
+ * If To DS is set, the DA is at 16.
+ */
+ b0 = gen_mac_multicast(16);
+ gen_and(b1, b0);
+
+ /*
+ * Now, check for To DS not set, i.e. check
+ * "!(link[1] & 0x01)".
+ */
+ s = gen_load_a(OR_LINK, 1, BPF_B);
+ b2 = new_block(JMP(BPF_JSET));
+ b2->s.k = 0x01; /* To DS */
+ b2->stmts = s;
+ gen_not(b2);
+
+ /*
+ * If To DS is not set, the DA is at 4.
+ */
+ b1 = gen_mac_multicast(4);
+ gen_and(b2, b1);
+
+ /*
+ * Now OR together the last two checks. That gives
+ * the complete set of checks for data frames.
+ */
+ gen_or(b1, b0);
+
+ /*
+ * Now check for a data frame.
+ * I.e, check "link[0] & 0x08".
+ */
+ s = gen_load_a(OR_LINK, 0, BPF_B);
+ b1 = new_block(JMP(BPF_JSET));
+ b1->s.k = 0x08;
+ b1->stmts = s;
+
+ /*
+ * AND that with the checks done for data frames.
+ */
+ gen_and(b1, b0);
+
+ /*
+ * If the high-order bit of the type value is 0, this
+ * is a management frame.
+ * I.e, check "!(link[0] & 0x08)".
+ */
+ s = gen_load_a(OR_LINK, 0, BPF_B);
+ b2 = new_block(JMP(BPF_JSET));
+ b2->s.k = 0x08;
+ b2->stmts = s;
+ gen_not(b2);
+
+ /*
+ * For management frames, the DA is at 4.
+ */
+ b1 = gen_mac_multicast(4);
+ gen_and(b2, b1);
+
+ /*
+ * OR that with the checks done for data frames.
+ * That gives the checks done for management and
+ * data frames.
+ */
+ gen_or(b1, b0);
+
+ /*
+ * If the low-order bit of the type value is 1,
+ * this is either a control frame or a frame
+ * with a reserved type, and thus not a
+ * frame with an SA.
+ *
+ * I.e., check "!(link[0] & 0x04)".
+ */
+ s = gen_load_a(OR_LINK, 0, BPF_B);
+ b1 = new_block(JMP(BPF_JSET));
+ b1->s.k = 0x04;
+ b1->stmts = s;
gen_not(b1);
- /* ether[off_mac] & 1 != 0 */
- b0 = gen_mac_multicast(off_mac);
+ /*
+ * AND that with the checks for data and management
+ * frames.
+ */
gen_and(b1, b0);
return b0;
- }
- break;
- default:
- break;
- }
- /* Link not known to support multicasts */
- break;
+ case DLT_IP_OVER_FC:
+ b0 = gen_mac_multicast(2);
+ return b0;
+ case DLT_SUNATM:
+ if (is_lane) {
+ /*
+ * Check that the packet doesn't begin with an
+ * LE Control marker. (We've already generated
+ * a test for LANE.)
+ */
+ b1 = gen_cmp(OR_LINK, SUNATM_PKT_BEGIN_POS,
+ BPF_H, 0xFF00);
+ gen_not(b1);
+
+ /* ether[off_mac] & 1 != 0 */
+ b0 = gen_mac_multicast(off_mac);
+ gen_and(b1, b0);
+ return b0;
+ }
+ break;
+ default:
+ break;
+ }
+ /* Link not known to support multicasts */
+ break;
case Q_IP:
b0 = gen_linktype(ETHERTYPE_IP);
@@ -6415,6 +7304,8 @@ gen_inbound(dir)
case DLT_JUNIPER_FRELAY:
case DLT_JUNIPER_CHDLC:
case DLT_JUNIPER_VP:
+ case DLT_JUNIPER_ST:
+ case DLT_JUNIPER_ISM:
/* juniper flags (including direction) are stored
* the byte after the 3-byte magic number */
if (dir) {
@@ -6424,7 +7315,7 @@ gen_inbound(dir)
/* match incoming packets */
b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01);
}
- break;
+ break;
default:
bpf_error("inbound/outbound not supported on linktype %d",
@@ -6443,13 +7334,12 @@ gen_pf_ifname(const char *ifname)
struct block *b0;
u_int len, off;
- if (linktype == DLT_PFLOG) {
- len = sizeof(((struct pfloghdr *)0)->ifname);
- off = offsetof(struct pfloghdr, ifname);
- } else {
- bpf_error("ifname not supported on linktype 0x%x", linktype);
+ if (linktype != DLT_PFLOG) {
+ bpf_error("ifname supported only on PF linktype");
/* NOTREACHED */
}
+ len = sizeof(((struct pfloghdr *)0)->ifname);
+ off = offsetof(struct pfloghdr, ifname);
if (strlen(ifname) >= len) {
bpf_error("ifname interface names can only be %d characters",
len-1);
@@ -6466,14 +7356,16 @@ gen_pf_ruleset(char *ruleset)
struct block *b0;
if (linktype != DLT_PFLOG) {
- bpf_error("ruleset not supported on linktype 0x%x", linktype);
+ bpf_error("ruleset supported only on PF linktype");
/* NOTREACHED */
}
+
if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
bpf_error("ruleset names can only be %ld characters",
(long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
/* NOTREACHED */
}
+
b0 = gen_bcmp(OR_LINK, offsetof(struct pfloghdr, ruleset),
strlen(ruleset), (const u_char *)ruleset);
return (b0);
@@ -6485,14 +7377,13 @@ gen_pf_rnr(int rnr)
{
struct block *b0;
- if (linktype == DLT_PFLOG) {
- b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
- (bpf_int32)rnr);
- } else {
- bpf_error("rnr not supported on linktype 0x%x", linktype);
+ if (linktype != DLT_PFLOG) {
+ bpf_error("rnr supported only on PF linktype");
/* NOTREACHED */
}
+ b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
+ (bpf_int32)rnr);
return (b0);
}
@@ -6503,7 +7394,7 @@ gen_pf_srnr(int srnr)
struct block *b0;
if (linktype != DLT_PFLOG) {
- bpf_error("srnr not supported on linktype 0x%x", linktype);
+ bpf_error("srnr supported only on PF linktype");
/* NOTREACHED */
}
@@ -6518,14 +7409,13 @@ gen_pf_reason(int reason)
{
struct block *b0;
- if (linktype == DLT_PFLOG) {
- b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
- (bpf_int32)reason);
- } else {
- bpf_error("reason not supported on linktype 0x%x", linktype);
+ if (linktype != DLT_PFLOG) {
+ bpf_error("reason supported only on PF linktype");
/* NOTREACHED */
}
+ b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
+ (bpf_int32)reason);
return (b0);
}
@@ -6535,14 +7425,13 @@ gen_pf_action(int action)
{
struct block *b0;
- if (linktype == DLT_PFLOG) {
- b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
- (bpf_int32)action);
- } else {
- bpf_error("action not supported on linktype 0x%x", linktype);
+ if (linktype != DLT_PFLOG) {
+ bpf_error("action supported only on PF linktype");
/* NOTREACHED */
}
+ b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
+ (bpf_int32)action);
return (b0);
}
#else /* !HAVE_NET_PFVAR_H */
@@ -6595,14 +7484,75 @@ gen_pf_action(int action)
}
#endif /* HAVE_NET_PFVAR_H */
+/* IEEE 802.11 wireless header */
+struct block *
+gen_p80211_type(int type, int mask)
+{
+ struct block *b0;
+
+ switch (linktype) {
+
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ b0 = gen_mcmp(OR_LINK, 0, BPF_B, (bpf_int32)type,
+ (bpf_int32)mask);
+ break;
+
+ default:
+ bpf_error("802.11 link-layer types supported only on 802.11");
+ /* NOTREACHED */
+ }
+
+ return (b0);
+}
+
+struct block *
+gen_p80211_fcdir(int fcdir)
+{
+ struct block *b0;
+
+ switch (linktype) {
+
+ case DLT_IEEE802_11:
+ case DLT_PRISM_HEADER:
+ case DLT_IEEE802_11_RADIO_AVS:
+ case DLT_IEEE802_11_RADIO:
+ break;
+
+ default:
+ bpf_error("frame direction supported only with 802.11 headers");
+ /* NOTREACHED */
+ }
+
+ b0 = gen_mcmp(OR_LINK, 1, BPF_B, (bpf_int32)fcdir,
+ (bpf_u_int32)IEEE80211_FC1_DIR_MASK);
+
+ return (b0);
+}
+
struct block *
gen_acode(eaddr, q)
register const u_char *eaddr;
struct qual q;
{
- if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
- if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
- return gen_ahostop(eaddr, (int)q.dir);
+ switch (linktype) {
+
+ case DLT_ARCNET:
+ case DLT_ARCNET_LINUX:
+ if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) &&
+ q.proto == Q_LINK)
+ return (gen_ahostop(eaddr, (int)q.dir));
+ else {
+ bpf_error("ARCnet address used in non-arc expression");
+ /* NOTREACHED */
+ }
+ break;
+
+ default:
+ bpf_error("aid supported only on ARCnet");
+ /* NOTREACHED */
}
bpf_error("ARCnet address used in non-arc expression");
/* NOTREACHED */
@@ -6655,10 +7605,11 @@ gen_vlan(vlan_num)
bpf_error("no VLAN match after MPLS");
/*
- * Change the offsets to point to the type and data fields within
- * the VLAN packet. Just increment the offsets, so that we
- * can support a hierarchy, e.g. "vlan 300 && vlan 200" to
- * capture VLAN 200 encapsulated within VLAN 100.
+ * Check for a VLAN packet, and then change the offsets to point
+ * to the type and data fields within the VLAN packet. Just
+ * increment the offsets, so that we can support a hierarchy, e.g.
+ * "vlan 300 && vlan 200" to capture VLAN 200 encapsulated within
+ * VLAN 100.
*
* XXX - this is a bit of a kludge. If we were to split the
* compiler into a parser that parses an expression and
@@ -6684,15 +7635,29 @@ gen_vlan(vlan_num)
* be done assuming a VLAN, even though the "or" could be viewed
* as meaning "or, if this isn't a VLAN packet...".
*/
- orig_linktype = off_linktype; /* save original values */
orig_nl = off_nl;
switch (linktype) {
case DLT_EN10MB:
+ /* check for VLAN */
+ b0 = gen_cmp(OR_LINK, off_linktype, BPF_H,
+ (bpf_int32)ETHERTYPE_8021Q);
+
+ /* If a specific VLAN is requested, check VLAN id */
+ if (vlan_num >= 0) {
+ b1 = gen_mcmp(OR_MACPL, 0, BPF_H,
+ (bpf_int32)vlan_num, 0x0fff);
+ gen_and(b0, b1);
+ b0 = b1;
+ }
+
+ off_macpl += 4;
off_linktype += 4;
+#if 0
off_nl_nosnap += 4;
off_nl += 4;
+#endif
break;
default:
@@ -6701,17 +7666,6 @@ gen_vlan(vlan_num)
/*NOTREACHED*/
}
- /* check for VLAN */
- b0 = gen_cmp(OR_LINK, orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
-
- /* If a specific VLAN is requested, check VLAN id */
- if (vlan_num >= 0) {
- b1 = gen_mcmp(OR_LINK, orig_nl, BPF_H, (bpf_int32)vlan_num,
- 0x0fff);
- gen_and(b0, b1);
- b0 = b1;
- }
-
return (b0);
}
@@ -6737,7 +7691,7 @@ gen_mpls(label_num)
if (label_stack_depth > 0) {
/* just match the bottom-of-stack bit clear */
- b0 = gen_mcmp(OR_LINK, orig_nl-2, BPF_B, 0, 0x01);
+ b0 = gen_mcmp(OR_MACPL, orig_nl-2, BPF_B, 0, 0x01);
} else {
/*
* Indicate that we're checking MPLS-encapsulated headers,
@@ -6772,7 +7726,7 @@ gen_mpls(label_num)
/* If a specific MPLS label is requested, check it */
if (label_num >= 0) {
label_num = label_num << 12; /* label is shifted 12 bits on the wire */
- b1 = gen_mcmp(OR_LINK, orig_nl, BPF_W, (bpf_int32)label_num,
+ b1 = gen_mcmp(OR_MACPL, orig_nl, BPF_W, (bpf_int32)label_num,
0xfffff000); /* only compare the first 20 bits */
gen_and(b0, b1);
b0 = b1;
@@ -6806,7 +7760,8 @@ gen_pppoes()
/*
* Change the offsets to point to the type and data fields within
- * the PPP packet.
+ * the PPP packet, and note that this is PPPoE rather than
+ * raw PPP.
*
* XXX - this is a bit of a kludge. If we were to split the
* compiler into a parser that parses an expression and
@@ -6834,24 +7789,28 @@ gen_pppoes()
*/
orig_linktype = off_linktype; /* save original values */
orig_nl = off_nl;
+ is_pppoes = 1;
/*
* The "network-layer" protocol is PPPoE, which has a 6-byte
- * PPPoE header, followed by PPP payload, so we set the
- * offsets to the network layer offset plus 6 bytes for
- * the PPPoE header plus the values appropriate for PPP when
- * encapsulated in Ethernet (which means there's no HDLC
- * encapsulation).
+ * PPPoE header, followed by a PPP packet.
+ *
+ * There is no HDLC encapsulation for the PPP packet (it's
+ * encapsulated in PPPoES instead), so the link-layer type
+ * starts at the first byte of the PPP packet. For PPPoE,
+ * that offset is relative to the beginning of the total
+ * link-layer payload, including any 802.2 LLC header, so
+ * it's 6 bytes past off_nl.
*/
- off_linktype = orig_nl + 6;
- off_nl = orig_nl + 6 + 2;
- off_nl_nosnap = orig_nl + 6 + 2;
+ off_linktype = off_nl + 6;
/*
- * Set the link-layer type to PPP, as all subsequent tests will
- * be on the encapsulated PPP header.
+ * The network-layer offsets are relative to the beginning
+ * of the MAC-layer payload; that's past the 6-byte
+ * PPPoE header and the 2-byte PPP header.
*/
- linktype = DLT_PPP;
+ off_nl = 6+2;
+ off_nl_nosnap = 6+2;
return b0;
}
@@ -6997,8 +7956,9 @@ gen_atmtype_abbrev(type)
is_lane = 1;
off_mac = off_payload + 2; /* MAC header */
off_linktype = off_mac + 12;
- off_nl = off_mac + 14; /* Ethernet II */
- off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */
+ off_macpl = off_mac + 14; /* Ethernet */
+ off_nl = 0; /* Ethernet II */
+ off_nl_nosnap = 3; /* 802.3+802.2 */
break;
case A_LLC:
@@ -7031,6 +7991,7 @@ gen_mtp2type_abbrev(type)
case M_FISU:
if ( (linktype != DLT_MTP2) &&
+ (linktype != DLT_ERF) &&
(linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'fisu' supported only on MTP2");
/* gen_ncmp(offrel, offset, size, mask, jtype, reverse, value) */
@@ -7039,6 +8000,7 @@ gen_mtp2type_abbrev(type)
case M_LSSU:
if ( (linktype != DLT_MTP2) &&
+ (linktype != DLT_ERF) &&
(linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'lssu' supported only on MTP2");
b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 1, 2);
@@ -7048,6 +8010,7 @@ gen_mtp2type_abbrev(type)
case M_MSU:
if ( (linktype != DLT_MTP2) &&
+ (linktype != DLT_ERF) &&
(linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'msu' supported only on MTP2");
b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 0, 2);
diff --git a/gencode.h b/gencode.h
index f4c5cf750364..39b1eea54704 100644
--- a/gencode.h
+++ b/gencode.h
@@ -18,7 +18,7 @@
* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.60.2.11 2007/06/11 09:52:04 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.70.2.1 2007/11/18 02:04:55 guy Exp $ (LBL)
*/
/*
@@ -132,6 +132,10 @@
#define Q_DST 2
#define Q_OR 3
#define Q_AND 4
+#define Q_ADDR1 5
+#define Q_ADDR2 6
+#define Q_ADDR3 7
+#define Q_ADDR4 8
#define Q_DEFAULT 0
#define Q_UNDEF 255
@@ -312,6 +316,9 @@ struct block *gen_pf_reason(int);
struct block *gen_pf_action(int);
struct block *gen_pf_dir(int);
+struct block *gen_p80211_type(int, int);
+struct block *gen_p80211_fcdir(int);
+
void bpf_optimize(struct block **);
void bpf_error(const char *, ...)
__attribute__((noreturn, format (printf, 1, 2)));
diff --git a/grammar.y b/grammar.y
index f9b7cb1b6ca4..7076c87bc06f 100644
--- a/grammar.y
+++ b/grammar.y
@@ -22,7 +22,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.86.2.9 2007/09/12 19:17:25 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.99.2.2 2007/11/18 02:04:55 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -57,7 +57,8 @@ struct rtentry;
#include <net/pfvar.h>
#include <net/if_pflog.h>
#endif
-#include <pcap-namedb.h>
+#include "ieee80211.h"
+#include <pcap/namedb.h>
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
@@ -67,6 +68,92 @@ struct rtentry;
(q).dir = (d),\
(q).addr = (a)
+struct tok {
+ int v; /* value */
+ const char *s; /* string */
+};
+
+static const struct tok ieee80211_types[] = {
+ { IEEE80211_FC0_TYPE_DATA, "data" },
+ { IEEE80211_FC0_TYPE_MGT, "mgt" },
+ { IEEE80211_FC0_TYPE_MGT, "management" },
+ { IEEE80211_FC0_TYPE_CTL, "ctl" },
+ { IEEE80211_FC0_TYPE_CTL, "control" },
+ { 0, NULL }
+};
+static const struct tok ieee80211_mgt_subtypes[] = {
+ { IEEE80211_FC0_SUBTYPE_ASSOC_REQ, "assocreq" },
+ { IEEE80211_FC0_SUBTYPE_ASSOC_REQ, "assoc-req" },
+ { IEEE80211_FC0_SUBTYPE_ASSOC_RESP, "assocresp" },
+ { IEEE80211_FC0_SUBTYPE_ASSOC_RESP, "assoc-resp" },
+ { IEEE80211_FC0_SUBTYPE_REASSOC_REQ, "reassocreq" },
+ { IEEE80211_FC0_SUBTYPE_REASSOC_REQ, "reassoc-req" },
+ { IEEE80211_FC0_SUBTYPE_REASSOC_RESP, "reassocresp" },
+ { IEEE80211_FC0_SUBTYPE_REASSOC_RESP, "reassoc-resp" },
+ { IEEE80211_FC0_SUBTYPE_PROBE_REQ, "probereq" },
+ { IEEE80211_FC0_SUBTYPE_PROBE_REQ, "probe-req" },
+ { IEEE80211_FC0_SUBTYPE_PROBE_RESP, "proberesp" },
+ { IEEE80211_FC0_SUBTYPE_PROBE_RESP, "probe-resp" },
+ { IEEE80211_FC0_SUBTYPE_BEACON, "beacon" },
+ { IEEE80211_FC0_SUBTYPE_ATIM, "atim" },
+ { IEEE80211_FC0_SUBTYPE_DISASSOC, "disassoc" },
+ { IEEE80211_FC0_SUBTYPE_DISASSOC, "disassociation" },
+ { IEEE80211_FC0_SUBTYPE_AUTH, "auth" },
+ { IEEE80211_FC0_SUBTYPE_AUTH, "authentication" },
+ { IEEE80211_FC0_SUBTYPE_DEAUTH, "deauth" },
+ { IEEE80211_FC0_SUBTYPE_DEAUTH, "deauthentication" },
+ { 0, NULL }
+};
+static const struct tok ieee80211_ctl_subtypes[] = {
+ { IEEE80211_FC0_SUBTYPE_PS_POLL, "ps-poll" },
+ { IEEE80211_FC0_SUBTYPE_RTS, "rts" },
+ { IEEE80211_FC0_SUBTYPE_CTS, "cts" },
+ { IEEE80211_FC0_SUBTYPE_ACK, "ack" },
+ { IEEE80211_FC0_SUBTYPE_CF_END, "cf-end" },
+ { IEEE80211_FC0_SUBTYPE_CF_END_ACK, "cf-end-ack" },
+ { 0, NULL }
+};
+static const struct tok ieee80211_data_subtypes[] = {
+ { IEEE80211_FC0_SUBTYPE_DATA, "data" },
+ { IEEE80211_FC0_SUBTYPE_CF_ACK, "data-cf-ack" },
+ { IEEE80211_FC0_SUBTYPE_CF_POLL, "data-cf-poll" },
+ { IEEE80211_FC0_SUBTYPE_CF_ACPL, "data-cf-ack-poll" },
+ { IEEE80211_FC0_SUBTYPE_NODATA, "null" },
+ { IEEE80211_FC0_SUBTYPE_NODATA_CF_ACK, "cf-ack" },
+ { IEEE80211_FC0_SUBTYPE_NODATA_CF_POLL, "cf-poll" },
+ { IEEE80211_FC0_SUBTYPE_NODATA_CF_ACPL, "cf-ack-poll" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_DATA, "qos-data" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_CF_ACK, "qos-data-cf-ack" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_CF_POLL, "qos-data-cf-poll" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_CF_ACPL, "qos-data-cf-ack-poll" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_NODATA, "qos" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_NODATA_CF_POLL, "qos-cf-poll" },
+ { IEEE80211_FC0_SUBTYPE_QOS|IEEE80211_FC0_SUBTYPE_NODATA_CF_ACPL, "qos-cf-ack-poll" },
+ { 0, NULL }
+};
+struct type2tok {
+ int type;
+ const struct tok *tok;
+};
+static const struct type2tok ieee80211_type_subtypes[] = {
+ { IEEE80211_FC0_TYPE_MGT, ieee80211_mgt_subtypes },
+ { IEEE80211_FC0_TYPE_CTL, ieee80211_ctl_subtypes },
+ { IEEE80211_FC0_TYPE_DATA, ieee80211_data_subtypes },
+ { 0, NULL }
+};
+
+static int
+str2tok(const char *str, const struct tok *toks)
+{
+ int i;
+
+ for (i = 0; toks[i].s != NULL; i++) {
+ if (pcap_strcasecmp(toks[i].s, str) == 0)
+ return (toks[i].v);
+ }
+ return (-1);
+}
+
int n_errors = 0;
static struct qual qerr = { Q_UNDEF, Q_UNDEF, Q_UNDEF, Q_UNDEF };
@@ -113,6 +200,16 @@ pfaction_to_num(const char *action)
else if (pcap_strcasecmp(action, "drop") == 0 ||
pcap_strcasecmp(action, "block") == 0)
return (PF_DROP);
+#if HAVE_PF_NAT_THROUGH_PF_NORDR
+ else if (pcap_strcasecmp(action, "rdr") == 0)
+ return (PF_RDR);
+ else if (pcap_strcasecmp(action, "nat") == 0)
+ return (PF_NAT);
+ else if (pcap_strcasecmp(action, "binat") == 0)
+ return (PF_BINAT);
+ else if (pcap_strcasecmp(action, "nordr") == 0)
+ return (PF_NORDR);
+#endif
else {
bpf_error("unknown PF action");
/*NOTREACHED*/
@@ -124,6 +221,9 @@ pfreason_to_num(const char *reason)
{
bpf_error("libpcap was compiled on a machine without pf support");
/*NOTREACHED*/
+
+ /* this is to make the VC compiler happy */
+ return -1;
}
static int
@@ -131,6 +231,9 @@ pfaction_to_num(const char *action)
{
bpf_error("libpcap was compiled on a machine without pf support");
/*NOTREACHED*/
+
+ /* this is to make the VC compiler happy */
+ return -1;
}
#endif /* HAVE_NET_PFVAR_H */
%}
@@ -157,7 +260,7 @@ pfaction_to_num(const char *action)
%type <a> arth narth
%type <i> byteop pname pnum relop irelop
%type <blk> and or paren not null prog
-%type <rblk> other pfvar
+%type <rblk> other pfvar p80211
%type <i> atmtype atmmultitype
%type <blk> atmfield
%type <blk> atmfieldvalue atmvalue atmlistvalue
@@ -173,6 +276,7 @@ pfaction_to_num(const char *action)
%token TK_BROADCAST TK_MULTICAST
%token NUM INBOUND OUTBOUND
%token PF_IFNAME PF_RSET PF_RNR PF_SRNR PF_REASON PF_ACTION
+%token TYPE SUBTYPE DIR ADDR1 ADDR2 ADDR3 ADDR4
%token LINK
%token GEQ LEQ NEQ
%token ID EID HID HID6 AID
@@ -196,7 +300,7 @@ pfaction_to_num(const char *action)
%type <e> EID
%type <e> AID
%type <s> HID HID6
-%type <i> NUM action reason
+%type <i> NUM action reason type subtype type_subtype dir
%left OR AND
%nonassoc '!'
@@ -238,6 +342,14 @@ nid: ID { $$.b = gen_scode($1, $$.q = $<blk>0.q); }
| HID {
/* Decide how to parse HID based on proto */
$$.q = $<blk>0.q;
+ if ($$.q.addr == Q_PORT)
+ bpf_error("'port' modifier applied to ip host");
+ else if ($$.q.addr == Q_PORTRANGE)
+ bpf_error("'portrange' modifier applied to ip host");
+ else if ($$.q.addr == Q_PROTO)
+ bpf_error("'proto' modifier applied to ip host");
+ else if ($$.q.addr == Q_PROTOCHAIN)
+ bpf_error("'protochain' modifier applied to ip host");
$$.b = gen_ncode($1, 0, $$.q);
}
| HID6 '/' NUM {
@@ -325,6 +437,10 @@ dqual: SRC { $$ = Q_SRC; }
| DST OR SRC { $$ = Q_OR; }
| SRC AND DST { $$ = Q_AND; }
| DST AND SRC { $$ = Q_AND; }
+ | ADDR1 { $$ = Q_ADDR1; }
+ | ADDR2 { $$ = Q_ADDR2; }
+ | ADDR3 { $$ = Q_ADDR3; }
+ | ADDR4 { $$ = Q_ADDR4; }
;
/* address type qualifiers */
aqual: HOST { $$ = Q_HOST; }
@@ -388,6 +504,7 @@ other: pqual TK_BROADCAST { $$ = gen_broadcast($1); }
| PPPOED { $$ = gen_pppoed(); }
| PPPOES { $$ = gen_pppoes(); }
| pfvar { $$ = $1; }
+ | pqual p80211 { $$ = $2; }
;
pfvar: PF_IFNAME ID { $$ = gen_pf_ifname($2); }
@@ -398,6 +515,79 @@ pfvar: PF_IFNAME ID { $$ = gen_pf_ifname($2); }
| PF_ACTION action { $$ = gen_pf_action($2); }
;
+p80211: TYPE type SUBTYPE subtype
+ { $$ = gen_p80211_type($2 | $4,
+ IEEE80211_FC0_TYPE_MASK |
+ IEEE80211_FC0_SUBTYPE_MASK);
+ }
+ | TYPE type { $$ = gen_p80211_type($2,
+ IEEE80211_FC0_TYPE_MASK);
+ }
+ | SUBTYPE type_subtype { $$ = gen_p80211_type($2,
+ IEEE80211_FC0_TYPE_MASK |
+ IEEE80211_FC0_SUBTYPE_MASK);
+ }
+ | DIR dir { $$ = gen_p80211_fcdir($2); }
+ ;
+
+type: NUM
+ | ID { $$ = str2tok($1, ieee80211_types);
+ if ($$ == -1)
+ bpf_error("unknown 802.11 type name");
+ }
+ ;
+
+subtype: NUM
+ | ID { const struct tok *types = NULL;
+ int i;
+ for (i = 0;; i++) {
+ if (ieee80211_type_subtypes[i].tok == NULL) {
+ /* Ran out of types */
+ bpf_error("unknown 802.11 type");
+ break;
+ }
+ if ($<i>-1 == ieee80211_type_subtypes[i].type) {
+ types = ieee80211_type_subtypes[i].tok;
+ break;
+ }
+ }
+
+ $$ = str2tok($1, types);
+ if ($$ == -1)
+ bpf_error("unknown 802.11 subtype name");
+ }
+ ;
+
+type_subtype: ID { int i;
+ for (i = 0;; i++) {
+ if (ieee80211_type_subtypes[i].tok == NULL) {
+ /* Ran out of types */
+ bpf_error("unknown 802.11 type name");
+ break;
+ }
+ $$ = str2tok($1, ieee80211_type_subtypes[i].tok);
+ if ($$ != -1) {
+ $$ |= ieee80211_type_subtypes[i].type;
+ break;
+ }
+ }
+ }
+ ;
+
+dir: NUM
+ | ID { if (pcap_strcasecmp($1, "nods") == 0)
+ $$ = IEEE80211_FC1_DIR_NODS;
+ else if (pcap_strcasecmp($1, "tods") == 0)
+ $$ = IEEE80211_FC1_DIR_TODS;
+ else if (pcap_strcasecmp($1, "fromds") == 0)
+ $$ = IEEE80211_FC1_DIR_FROMDS;
+ else if (pcap_strcasecmp($1, "dstods") == 0)
+ $$ = IEEE80211_FC1_DIR_DSTODS;
+ else
+ bpf_error("unknown 802.11 direction");
+ }
+ ;
+
reason: NUM { $$ = $1; }
| ID { $$ = pfreason_to_num($1); }
;
diff --git a/ieee80211.h b/ieee80211.h
new file mode 100644
index 000000000000..d79f0f8e3656
--- /dev/null
+++ b/ieee80211.h
@@ -0,0 +1,146 @@
+/*-
+ * Copyright (c) 2001 Atsushi Onoe
+ * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * Alternatively, this software may be distributed under the terms of the
+ * GNU General Public License ("GPL") version 2 as published by the Free
+ * Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+#ifndef _NET80211_IEEE80211_H_
+#define _NET80211_IEEE80211_H_
+
+/*
+ * 802.11 protocol definitions.
+ */
+
+#define IEEE80211_FC0_VERSION_MASK 0x03
+#define IEEE80211_FC0_VERSION_SHIFT 0
+#define IEEE80211_FC0_VERSION_0 0x00
+#define IEEE80211_FC0_TYPE_MASK 0x0c
+#define IEEE80211_FC0_TYPE_SHIFT 2
+#define IEEE80211_FC0_TYPE_MGT 0x00
+#define IEEE80211_FC0_TYPE_CTL 0x04
+#define IEEE80211_FC0_TYPE_DATA 0x08
+
+#define IEEE80211_FC0_SUBTYPE_MASK 0xf0
+#define IEEE80211_FC0_SUBTYPE_SHIFT 4
+/* for TYPE_MGT */
+#define IEEE80211_FC0_SUBTYPE_ASSOC_REQ 0x00
+#define IEEE80211_FC0_SUBTYPE_ASSOC_RESP 0x10
+#define IEEE80211_FC0_SUBTYPE_REASSOC_REQ 0x20
+#define IEEE80211_FC0_SUBTYPE_REASSOC_RESP 0x30
+#define IEEE80211_FC0_SUBTYPE_PROBE_REQ 0x40
+#define IEEE80211_FC0_SUBTYPE_PROBE_RESP 0x50
+#define IEEE80211_FC0_SUBTYPE_BEACON 0x80
+#define IEEE80211_FC0_SUBTYPE_ATIM 0x90
+#define IEEE80211_FC0_SUBTYPE_DISASSOC 0xa0
+#define IEEE80211_FC0_SUBTYPE_AUTH 0xb0
+#define IEEE80211_FC0_SUBTYPE_DEAUTH 0xc0
+/* for TYPE_CTL */
+#define IEEE80211_FC0_SUBTYPE_PS_POLL 0xa0
+#define IEEE80211_FC0_SUBTYPE_RTS 0xb0
+#define IEEE80211_FC0_SUBTYPE_CTS 0xc0
+#define IEEE80211_FC0_SUBTYPE_ACK 0xd0
+#define IEEE80211_FC0_SUBTYPE_CF_END 0xe0
+#define IEEE80211_FC0_SUBTYPE_CF_END_ACK 0xf0
+/* for TYPE_DATA (bit combination) */
+#define IEEE80211_FC0_SUBTYPE_DATA 0x00
+#define IEEE80211_FC0_SUBTYPE_CF_ACK 0x10
+#define IEEE80211_FC0_SUBTYPE_CF_POLL 0x20
+#define IEEE80211_FC0_SUBTYPE_CF_ACPL 0x30
+#define IEEE80211_FC0_SUBTYPE_NODATA 0x40
+#define IEEE80211_FC0_SUBTYPE_NODATA_CF_ACK 0x50
+#define IEEE80211_FC0_SUBTYPE_NODATA_CF_POLL 0x60
+#define IEEE80211_FC0_SUBTYPE_NODATA_CF_ACPL 0x70
+#define IEEE80211_FC0_SUBTYPE_QOS 0x80
+#define IEEE80211_FC0_SUBTYPE_QOS_NULL 0xc0
+
+#define IEEE80211_FC1_DIR_MASK 0x03
+#define IEEE80211_FC1_DIR_NODS 0x00 /* STA->STA */
+#define IEEE80211_FC1_DIR_TODS 0x01 /* STA->AP */
+#define IEEE80211_FC1_DIR_FROMDS 0x02 /* AP ->STA */
+#define IEEE80211_FC1_DIR_DSTODS 0x03 /* AP ->AP */
+
+#define IEEE80211_FC1_MORE_FRAG 0x04
+#define IEEE80211_FC1_RETRY 0x08
+#define IEEE80211_FC1_PWR_MGT 0x10
+#define IEEE80211_FC1_MORE_DATA 0x20
+#define IEEE80211_FC1_WEP 0x40
+#define IEEE80211_FC1_ORDER 0x80
+
+#define IEEE80211_SEQ_FRAG_MASK 0x000f
+#define IEEE80211_SEQ_FRAG_SHIFT 0
+#define IEEE80211_SEQ_SEQ_MASK 0xfff0
+#define IEEE80211_SEQ_SEQ_SHIFT 4
+
+#define IEEE80211_NWID_LEN 32
+
+#define IEEE80211_QOS_TXOP 0x00ff
+/* bit 8 is reserved */
+#define IEEE80211_QOS_ACKPOLICY 0x60
+#define IEEE80211_QOS_ACKPOLICY_S 5
+#define IEEE80211_QOS_ESOP 0x10
+#define IEEE80211_QOS_ESOP_S 4
+#define IEEE80211_QOS_TID 0x0f
+
+#define IEEE80211_MGT_SUBTYPE_NAMES { \
+ "assoc-req", "assoc-resp", \
+ "reassoc-req", "reassoc-resp", \
+ "probe-req", "probe-resp", \
+ "reserved#6", "reserved#7", \
+ "beacon", "atim", \
+ "disassoc", "auth", \
+ "deauth", "reserved#13", \
+ "reserved#14", "reserved#15" \
+}
+
+#define IEEE80211_CTL_SUBTYPE_NAMES { \
+ "reserved#0", "reserved#1", \
+ "reserved#2", "reserved#3", \
+ "reserved#3", "reserved#5", \
+ "reserved#6", "reserved#7", \
+ "reserved#8", "reserved#9", \
+ "ps-poll", "rts", \
+ "cts", "ack", \
+ "cf-end", "cf-end-ack" \
+}
+
+#define IEEE80211_DATA_SUBTYPE_NAMES { \
+ "data", "data-cf-ack", \
+ "data-cf-poll", "data-cf-ack-poll", \
+ "null", "cf-ack", \
+ "cf-poll", "cf-ack-poll", \
+ "qos-data", "qos-data-cf-ack", \
+ "qos-data-cf-poll", "qos-data-cf-ack-poll", \
+ "qos", "reserved#13", \
+ "qos-cf-poll", "qos-cf-ack-poll" \
+}
+
+#define IEEE80211_TYPE_NAMES { "mgt", "ctl", "data", "reserved#4" }
+
+#endif /* _NET80211_IEEE80211_H_ */
diff --git a/inet.c b/inet.c
index 8a44728b31d1..aad87963e786 100644
--- a/inet.c
+++ b/inet.c
@@ -34,7 +34,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.66.2.6 2007/06/11 09:52:04 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/inet.c,v 1.75.2.4 2008-04-20 18:19:24 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -356,6 +356,40 @@ add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
return (0);
}
+/*
+ * XXX - on FreeBSDs that support it, should it get the sysctl named
+ * "dev.{adapter family name}.{adapter unit}.%desc" to get a description
+ * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800"
+ * with my Cisco 350 card, so the name isn't entirely descriptive. The
+ * "dev.an.0.%pnpinfo" has a better description, although one might argue
+ * that the problem is really a driver bug - if it can find out that it's
+ * a Cisco 340 or 350, rather than an old Aironet card, it should use
+ * that in the description.
+ *
+ * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? OpenBSD
+ * lets you get a description, but it's not generated by the OS, it's
+ * set with another ioctl that ifconfig supports; we use that to get
+ * the description in OpenBSD.
+ *
+ * In OS X, the System Configuration framework can apparently return
+ * names in 10.4 and later; it also appears that freedesktop.org's HAL
+ * offers an "info.product" string, but the HAL specification says
+ * it "should not be used in any UI" and "subsystem/capability
+ * specific properties" should be used instead. Using that would
+ * require that libpcap applications be linked with the frameworks/
+ * libraries in question, which would be a bit of a pain unless we
+ * offer, for example, a pkg-config:
+ *
+ * http://pkg-config.freedesktop.org/wiki/
+ *
+ * script, so applications can just use that script to find out what
+ * libraries you need to link with when linking with libpcap.
+ * pkg-config is GPLed; I don't know whether that would prevent its
+ * use with a BSD-licensed library such as libpcap.
+ *
+ * Do any other UN*Xes, or desktop environments support getting a
+ * description?
+ */
int
add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
struct sockaddr *addr, size_t addr_size,
@@ -365,9 +399,32 @@ add_addr_to_iflist(pcap_if_t **alldevs, const char *name, u_int flags,
char *errbuf)
{
pcap_if_t *curdev;
+ char *description = NULL;
pcap_addr_t *curaddr, *prevaddr, *nextaddr;
+#ifdef SIOCGIFDESCR
+ struct ifreq ifrdesc;
+ char ifdescr[IFDESCRSIZE];
+ int s;
+#endif
- if (add_or_find_if(&curdev, alldevs, name, flags, NULL, errbuf) == -1) {
+#ifdef SIOCGIFDESCR
+ /*
+ * Get the description for the interface.
+ */
+ memset(&ifrdesc, 0, sizeof ifrdesc);
+ strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
+ ifrdesc.ifr_data = (caddr_t)&ifdescr;
+ s = socket(AF_INET, SOCK_DGRAM, 0);
+ if (s >= 0) {
+ if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0 &&
+ strlen(ifrdesc.ifr_data) != 0)
+ description = ifrdesc.ifr_data;
+ close(s);
+ }
+#endif
+
+ if (add_or_find_if(&curdev, alldevs, name, flags, description,
+ errbuf) == -1) {
/*
* Error - give up.
*/
@@ -608,6 +665,12 @@ pcap_lookupnet(device, netp, maskp, errbuf)
#ifdef HAVE_SEPTEL_API
|| strstr(device, "septel") != NULL
#endif
+#ifdef PCAP_SUPPORT_BT
+ || strstr(device, "bluetooth") != NULL
+#endif
+#ifdef PCAP_SUPPORT_USB
+ || strstr(device, "usb") != NULL
+#endif
) {
*netp = *maskp = 0;
return 0;
diff --git a/lbl/gnuc.h b/lbl/gnuc.h
deleted file mode 100644
index 37d009458373..000000000000
--- a/lbl/gnuc.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/* @(#) $Header: /tcpdump/master/libpcap/lbl/gnuc.h,v 1.3.1.1 1999/10/07 23:46:41 mcr Exp $ (LBL) */
-
-/* Define __P() macro, if necessary */
-#ifndef __P
-#if __STDC__
-#define __P(protos) protos
-#else
-#define __P(protos) ()
-#endif
-#endif
-
-/* inline foo */
-#ifdef __GNUC__
-#define inline __inline
-#else
-#define inline
-#endif
-
-/*
- * Handle new and old "dead" routine prototypes
- *
- * For example:
- *
- * __dead void foo(void) __attribute__((volatile));
- *
- */
-#ifdef __GNUC__
-#ifndef __dead
-#define __dead volatile
-#endif
-#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#ifndef __attribute__
-#define __attribute__(args)
-#endif
-#endif
-#else
-#ifndef __dead
-#define __dead
-#endif
-#ifndef __attribute__
-#define __attribute__(args)
-#endif
-#endif
diff --git a/snprintf.c b/missing/snprintf.c
index 111e78ede918..9c0a6ee1a47f 100644
--- a/snprintf.c
+++ b/missing/snprintf.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: snprintf.c,v 1.1 2003/12/15 01:35:05 guy Exp $ */
+/* $Id: snprintf.c,v 1.1 2004/04/05 22:43:51 guy Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@@ -39,7 +39,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/snprintf.c,v 1.1 2003/12/15 01:35:05 guy Exp $";
+ "@(#) $Header: /tcpdump/master/libpcap/missing/snprintf.c,v 1.1 2004/04/05 22:43:51 guy Exp $";
#endif
#include <stdio.h>
diff --git a/mkdep b/mkdep
index 2a9c221b1f1d..b41a00e1da40 100755
--- a/mkdep
+++ b/mkdep
@@ -13,7 +13,7 @@
# @(#)mkdep.sh 5.11 (Berkeley) 5/5/88
#
-PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin
+PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin:/usr/sfw/bin
export PATH
MAKE=Makefile # default makefile name is "Makefile"
diff --git a/nametoaddr.c b/nametoaddr.c
index d60e93d5c398..c21e7849cfee 100644
--- a/nametoaddr.c
+++ b/nametoaddr.c
@@ -24,7 +24,7 @@
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.77.2.4 2007/06/11 09:52:05 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/nametoaddr.c,v 1.82.2.1 2008/02/06 10:21:47 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -80,7 +80,7 @@ struct rtentry; /* declarations in <net/if.h> */
#include "pcap-int.h"
#include "gencode.h"
-#include <pcap-namedb.h>
+#include <pcap/namedb.h>
#ifdef HAVE_OS_PROTO_H
#include "os-proto.h"
@@ -398,7 +398,15 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
}
/*
- * Convert 's' which has the form "xx:xx:xx:xx:xx:xx" into a new
+ * Convert 's', which can have the one of the forms:
+ *
+ * "xx:xx:xx:xx:xx:xx"
+ * "xx.xx.xx.xx.xx.xx"
+ * "xx-xx-xx-xx-xx-xx"
+ * "xxxx.xxxx.xxxx"
+ * "xxxxxxxxxxxx"
+ *
+ * (or various mixes of ':', '.', and '-') into a new
* ethernet address. Assumes 's' is well formed.
*/
u_char *
@@ -410,7 +418,7 @@ pcap_ether_aton(const char *s)
e = ep = (u_char *)malloc(6);
while (*s) {
- if (*s == ':')
+ if (*s == ':' || *s == '.' || *s == '-')
s += 1;
d = xdtoi(*s++);
if (isxdigit((unsigned char)*s)) {
diff --git a/net/bpf_filter.c b/net/bpf_filter.c
new file mode 100644
index 000000000000..a2733d1b1b2e
--- /dev/null
+++ b/net/bpf_filter.c
@@ -0,0 +1,666 @@
+/*-
+ * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
+ * The Regents of the University of California. All rights reserved.
+ *
+ * This code is derived from the Stanford/CMU enet packet filter,
+ * (net/enet.c) distributed as part of 4.3BSD, and code contributed
+ * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
+ * Berkeley Laboratory.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)bpf.c 7.5 (Berkeley) 7/15/91
+ */
+
+#if !(defined(lint) || defined(KERNEL) || defined(_KERNEL))
+static const char rcsid[] _U_ =
+ "@(#) $Header: /tcpdump/master/libpcap/bpf/net/bpf_filter.c,v 1.45.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#ifdef WIN32
+
+#include <pcap-stdinc.h>
+
+#else /* WIN32 */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#define SOLARIS (defined(sun) && (defined(__SVR4) || defined(__svr4__)))
+#if defined(__hpux) || SOLARIS
+# include <sys/sysmacros.h>
+# include <sys/stream.h>
+# define mbuf msgb
+# define m_next b_cont
+# define MLEN(m) ((m)->b_wptr - (m)->b_rptr)
+# define mtod(m,t) ((t)(m)->b_rptr)
+#else
+# define MLEN(m) ((m)->m_len)
+#endif
+
+#endif /* WIN32 */
+
+#include <pcap/bpf.h>
+
+#if !defined(KERNEL) && !defined(_KERNEL)
+#include <stdlib.h>
+#endif
+
+#define int32 bpf_int32
+#define u_int32 bpf_u_int32
+
+#ifndef LBL_ALIGN
+/*
+ * XXX - IA-64? If not, this probably won't work on Win64 IA-64
+ * systems, unless LBL_ALIGN is defined elsewhere for them.
+ * XXX - SuperH? If not, this probably won't work on WinCE SuperH
+ * systems, unless LBL_ALIGN is defined elsewhere for them.
+ */
+#if defined(sparc) || defined(__sparc__) || defined(mips) || \
+ defined(ibm032) || defined(__alpha) || defined(__hpux) || \
+ defined(__arm__)
+#define LBL_ALIGN
+#endif
+#endif
+
+#ifndef LBL_ALIGN
+#ifndef WIN32
+#include <netinet/in.h>
+#endif
+
+#define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p))
+#define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p))
+#else
+#define EXTRACT_SHORT(p)\
+ ((u_short)\
+ ((u_short)*((u_char *)p+0)<<8|\
+ (u_short)*((u_char *)p+1)<<0))
+#define EXTRACT_LONG(p)\
+ ((u_int32)*((u_char *)p+0)<<24|\
+ (u_int32)*((u_char *)p+1)<<16|\
+ (u_int32)*((u_char *)p+2)<<8|\
+ (u_int32)*((u_char *)p+3)<<0)
+#endif
+
+#if defined(KERNEL) || defined(_KERNEL)
+# if !defined(__hpux) && !SOLARIS
+#include <sys/mbuf.h>
+# endif
+#define MINDEX(len, _m, _k) \
+{ \
+ len = MLEN(m); \
+ while ((_k) >= len) { \
+ (_k) -= len; \
+ (_m) = (_m)->m_next; \
+ if ((_m) == 0) \
+ return 0; \
+ len = MLEN(m); \
+ } \
+}
+
+static int
+m_xword(m, k, err)
+ register struct mbuf *m;
+ register int k, *err;
+{
+ register int len;
+ register u_char *cp, *np;
+ register struct mbuf *m0;
+
+ MINDEX(len, m, k);
+ cp = mtod(m, u_char *) + k;
+ if (len - k >= 4) {
+ *err = 0;
+ return EXTRACT_LONG(cp);
+ }
+ m0 = m->m_next;
+ if (m0 == 0 || MLEN(m0) + len - k < 4)
+ goto bad;
+ *err = 0;
+ np = mtod(m0, u_char *);
+ switch (len - k) {
+
+ case 1:
+ return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2];
+
+ case 2:
+ return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1];
+
+ default:
+ return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0];
+ }
+ bad:
+ *err = 1;
+ return 0;
+}
+
+static int
+m_xhalf(m, k, err)
+ register struct mbuf *m;
+ register int k, *err;
+{
+ register int len;
+ register u_char *cp;
+ register struct mbuf *m0;
+
+ MINDEX(len, m, k);
+ cp = mtod(m, u_char *) + k;
+ if (len - k >= 2) {
+ *err = 0;
+ return EXTRACT_SHORT(cp);
+ }
+ m0 = m->m_next;
+ if (m0 == 0)
+ goto bad;
+ *err = 0;
+ return (cp[0] << 8) | mtod(m0, u_char *)[0];
+ bad:
+ *err = 1;
+ return 0;
+}
+#endif
+
+/*
+ * Execute the filter program starting at pc on the packet p
+ * wirelen is the length of the original packet
+ * buflen is the amount of data present
+ * For the kernel, p is assumed to be a pointer to an mbuf if buflen is 0,
+ * in all other cases, p is a pointer to a buffer and buflen is its size.
+ */
+u_int
+bpf_filter(pc, p, wirelen, buflen)
+ register const struct bpf_insn *pc;
+ register const u_char *p;
+ u_int wirelen;
+ register u_int buflen;
+{
+ register u_int32 A, X;
+ register int k;
+ int32 mem[BPF_MEMWORDS];
+#if defined(KERNEL) || defined(_KERNEL)
+ struct mbuf *m, *n;
+ int merr, len;
+
+ if (buflen == 0) {
+ m = (struct mbuf *)p;
+ p = mtod(m, u_char *);
+ buflen = MLEN(m);
+ } else
+ m = NULL;
+#endif
+
+ if (pc == 0)
+ /*
+ * No filter means accept all.
+ */
+ return (u_int)-1;
+ A = 0;
+ X = 0;
+ --pc;
+ while (1) {
+ ++pc;
+ switch (pc->code) {
+
+ default:
+#if defined(KERNEL) || defined(_KERNEL)
+ return 0;
+#else
+ abort();
+#endif
+ case BPF_RET|BPF_K:
+ return (u_int)pc->k;
+
+ case BPF_RET|BPF_A:
+ return (u_int)A;
+
+ case BPF_LD|BPF_W|BPF_ABS:
+ k = pc->k;
+ if (k + sizeof(int32) > buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ A = m_xword(m, k, &merr);
+ if (merr != 0)
+ return 0;
+ continue;
+#else
+ return 0;
+#endif
+ }
+ A = EXTRACT_LONG(&p[k]);
+ continue;
+
+ case BPF_LD|BPF_H|BPF_ABS:
+ k = pc->k;
+ if (k + sizeof(short) > buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ A = m_xhalf(m, k, &merr);
+ if (merr != 0)
+ return 0;
+ continue;
+#else
+ return 0;
+#endif
+ }
+ A = EXTRACT_SHORT(&p[k]);
+ continue;
+
+ case BPF_LD|BPF_B|BPF_ABS:
+ k = pc->k;
+ if (k >= buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ n = m;
+ MINDEX(len, n, k);
+ A = mtod(n, u_char *)[k];
+ continue;
+#else
+ return 0;
+#endif
+ }
+ A = p[k];
+ continue;
+
+ case BPF_LD|BPF_W|BPF_LEN:
+ A = wirelen;
+ continue;
+
+ case BPF_LDX|BPF_W|BPF_LEN:
+ X = wirelen;
+ continue;
+
+ case BPF_LD|BPF_W|BPF_IND:
+ k = X + pc->k;
+ if (k + sizeof(int32) > buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ A = m_xword(m, k, &merr);
+ if (merr != 0)
+ return 0;
+ continue;
+#else
+ return 0;
+#endif
+ }
+ A = EXTRACT_LONG(&p[k]);
+ continue;
+
+ case BPF_LD|BPF_H|BPF_IND:
+ k = X + pc->k;
+ if (k + sizeof(short) > buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ A = m_xhalf(m, k, &merr);
+ if (merr != 0)
+ return 0;
+ continue;
+#else
+ return 0;
+#endif
+ }
+ A = EXTRACT_SHORT(&p[k]);
+ continue;
+
+ case BPF_LD|BPF_B|BPF_IND:
+ k = X + pc->k;
+ if (k >= buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ n = m;
+ MINDEX(len, n, k);
+ A = mtod(n, u_char *)[k];
+ continue;
+#else
+ return 0;
+#endif
+ }
+ A = p[k];
+ continue;
+
+ case BPF_LDX|BPF_MSH|BPF_B:
+ k = pc->k;
+ if (k >= buflen) {
+#if defined(KERNEL) || defined(_KERNEL)
+ if (m == NULL)
+ return 0;
+ n = m;
+ MINDEX(len, n, k);
+ X = (mtod(n, char *)[k] & 0xf) << 2;
+ continue;
+#else
+ return 0;
+#endif
+ }
+ X = (p[pc->k] & 0xf) << 2;
+ continue;
+
+ case BPF_LD|BPF_IMM:
+ A = pc->k;
+ continue;
+
+ case BPF_LDX|BPF_IMM:
+ X = pc->k;
+ continue;
+
+ case BPF_LD|BPF_MEM:
+ A = mem[pc->k];
+ continue;
+
+ case BPF_LDX|BPF_MEM:
+ X = mem[pc->k];
+ continue;
+
+ case BPF_ST:
+ mem[pc->k] = A;
+ continue;
+
+ case BPF_STX:
+ mem[pc->k] = X;
+ continue;
+
+ case BPF_JMP|BPF_JA:
+ pc += pc->k;
+ continue;
+
+ case BPF_JMP|BPF_JGT|BPF_K:
+ pc += (A > pc->k) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JGE|BPF_K:
+ pc += (A >= pc->k) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JEQ|BPF_K:
+ pc += (A == pc->k) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JSET|BPF_K:
+ pc += (A & pc->k) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JGT|BPF_X:
+ pc += (A > X) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JGE|BPF_X:
+ pc += (A >= X) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JEQ|BPF_X:
+ pc += (A == X) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_JMP|BPF_JSET|BPF_X:
+ pc += (A & X) ? pc->jt : pc->jf;
+ continue;
+
+ case BPF_ALU|BPF_ADD|BPF_X:
+ A += X;
+ continue;
+
+ case BPF_ALU|BPF_SUB|BPF_X:
+ A -= X;
+ continue;
+
+ case BPF_ALU|BPF_MUL|BPF_X:
+ A *= X;
+ continue;
+
+ case BPF_ALU|BPF_DIV|BPF_X:
+ if (X == 0)
+ return 0;
+ A /= X;
+ continue;
+
+ case BPF_ALU|BPF_AND|BPF_X:
+ A &= X;
+ continue;
+
+ case BPF_ALU|BPF_OR|BPF_X:
+ A |= X;
+ continue;
+
+ case BPF_ALU|BPF_LSH|BPF_X:
+ A <<= X;
+ continue;
+
+ case BPF_ALU|BPF_RSH|BPF_X:
+ A >>= X;
+ continue;
+
+ case BPF_ALU|BPF_ADD|BPF_K:
+ A += pc->k;
+ continue;
+
+ case BPF_ALU|BPF_SUB|BPF_K:
+ A -= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_MUL|BPF_K:
+ A *= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_DIV|BPF_K:
+ A /= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_AND|BPF_K:
+ A &= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_OR|BPF_K:
+ A |= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_LSH|BPF_K:
+ A <<= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_RSH|BPF_K:
+ A >>= pc->k;
+ continue;
+
+ case BPF_ALU|BPF_NEG:
+ A = -A;
+ continue;
+
+ case BPF_MISC|BPF_TAX:
+ X = A;
+ continue;
+
+ case BPF_MISC|BPF_TXA:
+ A = X;
+ continue;
+ }
+ }
+}
+
+/*
+ * Return true if the 'fcode' is a valid filter program.
+ * The constraints are that each jump be forward and to a valid
+ * code, that memory accesses are within valid ranges (to the
+ * extent that this can be checked statically; loads of packet
+ * data have to be, and are, also checked at run time), and that
+ * the code terminates with either an accept or reject.
+ *
+ * The kernel needs to be able to verify an application's filter code.
+ * Otherwise, a bogus program could easily crash the system.
+ */
+int
+bpf_validate(f, len)
+ const struct bpf_insn *f;
+ int len;
+{
+ u_int i, from;
+ const struct bpf_insn *p;
+
+ if (len < 1)
+ return 0;
+ /*
+ * There's no maximum program length in userland.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+ if (len > BPF_MAXINSNS)
+ return 0;
+#endif
+
+ for (i = 0; i < len; ++i) {
+ p = &f[i];
+ switch (BPF_CLASS(p->code)) {
+ /*
+ * Check that memory operations use valid addresses.
+ */
+ case BPF_LD:
+ case BPF_LDX:
+ switch (BPF_MODE(p->code)) {
+ case BPF_IMM:
+ break;
+ case BPF_ABS:
+ case BPF_IND:
+ case BPF_MSH:
+ /*
+ * There's no maximum packet data size
+ * in userland. The runtime packet length
+ * check suffices.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+ /*
+ * More strict check with actual packet length
+ * is done runtime.
+ */
+ if (p->k >= bpf_maxbufsize)
+ return 0;
+#endif
+ break;
+ case BPF_MEM:
+ if (p->k >= BPF_MEMWORDS)
+ return 0;
+ break;
+ case BPF_LEN:
+ break;
+ default:
+ return 0;
+ }
+ break;
+ case BPF_ST:
+ case BPF_STX:
+ if (p->k >= BPF_MEMWORDS)
+ return 0;
+ break;
+ case BPF_ALU:
+ switch (BPF_OP(p->code)) {
+ case BPF_ADD:
+ case BPF_SUB:
+ case BPF_MUL:
+ case BPF_OR:
+ case BPF_AND:
+ case BPF_LSH:
+ case BPF_RSH:
+ case BPF_NEG:
+ break;
+ case BPF_DIV:
+ /*
+ * Check for constant division by 0.
+ */
+ if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
+ return 0;
+ break;
+ default:
+ return 0;
+ }
+ break;
+ case BPF_JMP:
+ /*
+ * Check that jumps are within the code block,
+ * and that unconditional branches don't go
+ * backwards as a result of an overflow.
+ * Unconditional branches have a 32-bit offset,
+ * so they could overflow; we check to make
+ * sure they don't. Conditional branches have
+ * an 8-bit offset, and the from address is <=
+ * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
+ * is sufficiently small that adding 255 to it
+ * won't overflow.
+ *
+ * We know that len is <= BPF_MAXINSNS, and we
+ * assume that BPF_MAXINSNS is < the maximum size
+ * of a u_int, so that i + 1 doesn't overflow.
+ *
+ * For userland, we don't know that the from
+ * or len are <= BPF_MAXINSNS, but we know that
+ * from <= len, and, except on a 64-bit system,
+ * it's unlikely that len, if it truly reflects
+ * the size of the program we've been handed,
+ * will be anywhere near the maximum size of
+ * a u_int. We also don't check for backward
+ * branches, as we currently support them in
+ * userland for the protochain operation.
+ */
+ from = i + 1;
+ switch (BPF_OP(p->code)) {
+ case BPF_JA:
+#if defined(KERNEL) || defined(_KERNEL)
+ if (from + p->k < from || from + p->k >= len)
+#else
+ if (from + p->k >= len)
+#endif
+ return 0;
+ break;
+ case BPF_JEQ:
+ case BPF_JGT:
+ case BPF_JGE:
+ case BPF_JSET:
+ if (from + p->jt >= len || from + p->jf >= len)
+ return 0;
+ break;
+ default:
+ return 0;
+ }
+ break;
+ case BPF_RET:
+ break;
+ case BPF_MISC:
+ break;
+ default:
+ return 0;
+ }
+ }
+ return BPF_CLASS(f[len - 1].code) == BPF_RET;
+}
diff --git a/optimize.c b/optimize.c
index d39273b2aad3..475313f26971 100644
--- a/optimize.c
+++ b/optimize.c
@@ -22,7 +22,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.85.2.3 2007/09/12 21:29:45 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/optimize.c,v 1.90.2.1 2008/01/02 04:22:16 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -53,6 +53,10 @@ extern int _w32_ffs (int mask);
#define ffs _w32_ffs
#endif
+#if defined(WIN32) && defined (_MSC_VER)
+int ffs(int mask);
+#endif
+
/*
* Represents a deleted instruction.
*/
@@ -906,6 +910,17 @@ opt_peep(b)
JF(b) = JT(b);
}
/*
+ * If we're comparing against the index register, and the index
+ * register is a known constant, we can just compare against that
+ * constant.
+ */
+ val = b->val[X_ATOM];
+ if (vmap[val].is_const && BPF_SRC(b->s.code) == BPF_X) {
+ bpf_int32 v = vmap[val].const_val;
+ b->s.code &= ~BPF_X;
+ b->s.k = v;
+ }
+ /*
* If the accumulator is a known constant, we can compute the
* comparison result.
*/
@@ -2277,6 +2292,15 @@ install_bpf_program(pcap_t *p, struct bpf_program *fp)
size_t prog_size;
/*
+ * Validate the program.
+ */
+ if (!bpf_validate(fp->bf_insns, fp->bf_len)) {
+ snprintf(p->errbuf, sizeof(p->errbuf),
+ "BPF program is not valid");
+ return (-1);
+ }
+
+ /*
* Free up any already installed program.
*/
pcap_freecode(&p->fcode);
diff --git a/packaging/pcap.spec b/packaging/pcap.spec
deleted file mode 100644
index 7df7abc240cc..000000000000
--- a/packaging/pcap.spec
+++ /dev/null
@@ -1,65 +0,0 @@
-%define prefix /usr
-%define version 0.9.4
-
-Summary: packet capture library
-Name: libpcap
-Version: %version
-Release: 1
-Group: Development/Libraries
-Copyright: BSD
-Source: libpcap-0.9.4.tar.gz
-BuildRoot: /tmp/%{name}-buildroot
-URL: http://www.tcpdump.org
-
-%description
-Packet-capture library LIBPCAP 0.9.4
-Now maintained by "The Tcpdump Group"
-See http://www.tcpdump.org
-Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
-
-%prep
-%setup
-
-%post
-ldconfig
-
-%build
-CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix
-make
-
-%install
-rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/{lib,include}
-mkdir -p $RPM_BUILD_ROOT/usr/share/man
-mkdir -p $RPM_BUILD_ROOT/usr/include/net
-mkdir -p $RPM_BUILD_ROOT/usr/man/man3
-make install DESTDIR=$RPM_BUILD_ROOT mandir=/usr/share/man
-cd $RPM_BUILD_ROOT/usr/lib
-V1=`echo 0.9.4 | sed 's/\\.[^\.]*$//g'`
-V2=`echo 0.9.4 | sed 's/\\.[^\.]*\.[^\.]*$//g'`
-ln -sf libpcap.so.0.9.4 libpcap.so.$V1
-if test "$V2" -ne "$V1"; then
- ln -sf libpcap.so.$V1 libpcap.so.$V2
- ln -sf libpcap.so.$V2 libpcap.so
-else
- ln -sf libpcap.so.$V1 libpcap.so
-fi
-
-#install -m 755 -o root libpcap.a $RPM_BUILD_ROOT/usr/lib
-#install -m 644 -o root pcap.3 $RPM_BUILD_ROOT/usr/man/man3
-#install -m 644 -o root pcap.h $RPM_BUILD_ROOT/usr/include
-#install -m 644 -o root pcap-bpf.h $RPM_BUILD_ROOT/usr/include/net
-#install -m 644 -o root pcap-namedb.h $RPM_BUILD_ROOT/usr/include
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root)
-%doc LICENSE CHANGES INSTALL.txt README.linux TODO VERSION CREDITS packaging/pcap.spec
-/usr/lib/libpcap.a
-/usr/share/man/man3/*
-/usr/include/pcap.h
-/usr/include/pcap-bpf.h
-/usr/include/pcap-namedb.h
-/usr/lib/libpcap.so*
diff --git a/packaging/pcap.spec.in b/packaging/pcap.spec.in
index 388427ed243a..9e63dac296a4 100644
--- a/packaging/pcap.spec.in
+++ b/packaging/pcap.spec.in
@@ -15,7 +15,7 @@ URL: http://www.tcpdump.org
Packet-capture library LIBPCAP @VERSION@
Now maintained by "The Tcpdump Group"
See http://www.tcpdump.org
-Please send inquiries/comments/reports to tcpdump-workers@tcpdump.org
+Please send inquiries/comments/reports to tcpdump-workers@lists.tcpdump.org
%prep
%setup
@@ -29,10 +29,6 @@ make
%install
rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/{lib,include}
-mkdir -p $RPM_BUILD_ROOT/usr/share/man
-mkdir -p $RPM_BUILD_ROOT/usr/include/net
-mkdir -p $RPM_BUILD_ROOT/usr/man/man3
make install DESTDIR=$RPM_BUILD_ROOT mandir=/usr/share/man
cd $RPM_BUILD_ROOT/usr/lib
V1=`echo @VERSION@ | sed 's/\\.[^\.]*$//g'`
@@ -45,12 +41,6 @@ else
ln -sf libpcap.so.$V1 libpcap.so
fi
-#install -m 755 -o root libpcap.a $RPM_BUILD_ROOT/usr/lib
-#install -m 644 -o root pcap.3 $RPM_BUILD_ROOT/usr/man/man3
-#install -m 644 -o root pcap.h $RPM_BUILD_ROOT/usr/include
-#install -m 644 -o root pcap-bpf.h $RPM_BUILD_ROOT/usr/include/net
-#install -m 644 -o root pcap-namedb.h $RPM_BUILD_ROOT/usr/include
-
%clean
rm -rf $RPM_BUILD_ROOT
@@ -59,7 +49,10 @@ rm -rf $RPM_BUILD_ROOT
%doc LICENSE CHANGES INSTALL.txt README.linux TODO VERSION CREDITS packaging/pcap.spec
/usr/lib/libpcap.a
/usr/share/man/man3/*
+/usr/share/man/man5/*
+/usr/share/man/man7/*
/usr/include/pcap.h
+/usr/include/pcap/*.h
/usr/include/pcap-bpf.h
/usr/include/pcap-namedb.h
/usr/lib/libpcap.so*
diff --git a/pcap-bpf.c b/pcap-bpf.c
index 027913e7f4f9..6ec6515fb7c7 100644
--- a/pcap-bpf.c
+++ b/pcap-bpf.c
@@ -20,7 +20,7 @@
*/
#ifndef lint
static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.86.2.12 2007/06/15 17:57:27 guy Exp $ (LBL)";
+ "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.99.2.17 2008-09-16 18:43:02 guy Exp $ (LBL)";
#endif
#ifdef HAVE_CONFIG_H
@@ -28,6 +28,9 @@ static const char rcsid[] _U_ =
#endif
#include <sys/param.h> /* optionally get BSD define */
+#ifdef HAVE_ZEROCOPY_BPF
+#include <sys/mman.h>
+#endif
#include <sys/time.h>
#include <sys/timeb.h>
#include <sys/socket.h>
@@ -35,12 +38,16 @@ static const char rcsid[] _U_ =
#include <sys/ioctl.h>
#include <sys/utsname.h>
+#ifdef HAVE_ZEROCOPY_BPF
+#include <machine/atomic.h>
+#endif
+
#include <net/if.h>
#ifdef _AIX
/*
- * Make "pcap.h" not include "pcap-bpf.h"; we are going to include the
+ * Make "pcap.h" not include "pcap/bpf.h"; we are going to include the
* native OS version, as we need "struct bpf_config" from it.
*/
#define PCAP_DONT_INCLUDE_PCAP_BPF_H
@@ -92,6 +99,10 @@ static int odmlockid = 0;
#include <string.h>
#include <unistd.h>
+#ifdef HAVE_NET_IF_MEDIA_H
+# include <net/if_media.h>
+#endif
+
#include "pcap-int.h"
#ifdef HAVE_DAG_API
@@ -102,12 +113,579 @@ static int odmlockid = 0;
#include "os-proto.h"
#endif
-#include "gencode.h" /* for "no_optimize" */
+#ifdef BIOCGDLTLIST
+# if (defined(HAVE_NET_IF_MEDIA_H) && defined(IFM_IEEE80211)) && !defined(__APPLE__)
+#define HAVE_BSD_IEEE80211
+# endif
+
+# if defined(__APPLE__) || defined(HAVE_BSD_IEEE80211)
+static int find_802_11(struct bpf_dltlist *);
+
+# ifdef HAVE_BSD_IEEE80211
+static int monitor_mode(pcap_t *, int);
+# endif
+
+# if defined(__APPLE__)
+static void remove_en(pcap_t *);
+static void remove_802_11(pcap_t *);
+# endif
+
+# endif /* defined(__APPLE__) || defined(HAVE_BSD_IEEE80211) */
+
+#endif /* BIOCGDLTLIST */
+
+/*
+ * We include the OS's <net/bpf.h>, not our "pcap/bpf.h", so we probably
+ * don't get DLT_DOCSIS defined.
+ */
+#ifndef DLT_DOCSIS
+#define DLT_DOCSIS 143
+#endif
+
+/*
+ * On OS X, we don't even get any of the 802.11-plus-radio-header DLT_'s
+ * defined, even though some of them are used by various Airport drivers.
+ */
+#ifndef DLT_PRISM_HEADER
+#define DLT_PRISM_HEADER 119
+#endif
+#ifndef DLT_AIRONET_HEADER
+#define DLT_AIRONET_HEADER 120
+#endif
+#ifndef DLT_IEEE802_11_RADIO
+#define DLT_IEEE802_11_RADIO 127
+#endif
+#ifndef DLT_IEEE802_11_RADIO_AVS
+#define DLT_IEEE802_11_RADIO_AVS 163
+#endif
+static int pcap_can_set_rfmon_bpf(pcap_t *p);
+static int pcap_activate_bpf(pcap_t *p);
static int pcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp);
static int pcap_setdirection