Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / libpcap / 478ab6c8b5bc982589be32eae1e5736efe721b58 / . / pcap-bpf.c
blob: 027913e7f4f93ba1c5afa03e1d16d2bfd64d66a7 [file] [log] [blame]
The Android Open Source Project478ab6c2009-03-03 19:30:05 -0800[diff] [blame^]1/*
2 * Copyright (c) 1993, 1994, 1995, 1996, 1998
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 */
21#ifndef lint
22static const char rcsid[] _U_ =
23 "@(#) $Header: /tcpdump/master/libpcap/pcap-bpf.c,v 1.86.2.12 2007/06/15 17:57:27 guy Exp $ (LBL)";
24#endif
25
26#ifdef HAVE_CONFIG_H
27#include "config.h"
28#endif
29
30#include <sys/param.h> /* optionally get BSD define */
31#include <sys/time.h>
32#include <sys/timeb.h>
33#include <sys/socket.h>
34#include <sys/file.h>
35#include <sys/ioctl.h>
36#include <sys/utsname.h>
37
38#include <net/if.h>
39
40#ifdef _AIX
41
42/*
43 * Make "pcap.h" not include "pcap-bpf.h"; we are going to include the
44 * native OS version, as we need "struct bpf_config" from it.
45 */
46#define PCAP_DONT_INCLUDE_PCAP_BPF_H
47
48#include <sys/types.h>
49
50/*
51 * Prevent bpf.h from redefining the DLT_ values to their
52 * IFT_ values, as we're going to return the standard libpcap
53 * values, not IBM's non-standard IFT_ values.
54 */
55#undef _AIX
56#include <net/bpf.h>
57#define _AIX
58
59#include <net/if_types.h> /* for IFT_ values */
60#include <sys/sysconfig.h>
61#include <sys/device.h>
62#include <sys/cfgodm.h>
63#include <cf.h>
64
65#ifdef __64BIT__
66#define domakedev makedev64
67#define getmajor major64
68#define bpf_hdr bpf_hdr32
69#else /* __64BIT__ */
70#define domakedev makedev
71#define getmajor major
72#endif /* __64BIT__ */
73
74#define BPF_NAME "bpf"
75#define BPF_MINORS 4
76#define DRIVER_PATH "/usr/lib/drivers"
77#define BPF_NODE "/dev/bpf"
78static int bpfloadedflag = 0;
79static int odmlockid = 0;
80
81#else /* _AIX */
82
83#include <net/bpf.h>
84
85#endif /* _AIX */
86
87#include <ctype.h>
88#include <errno.h>
89#include <netdb.h>
90#include <stdio.h>
91#include <stdlib.h>
92#include <string.h>
93#include <unistd.h>
94
95#include "pcap-int.h"
96
97#ifdef HAVE_DAG_API
98#include "pcap-dag.h"
99#endif /* HAVE_DAG_API */
100
101#ifdef HAVE_OS_PROTO_H
102#include "os-proto.h"
103#endif
104
105#include "gencode.h" /* for "no_optimize" */
106
107static int pcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp);
108static int pcap_setdirection_bpf(pcap_t *, pcap_direction_t);
109static int pcap_set_datalink_bpf(pcap_t *p, int dlt);
110
111static int
112pcap_stats_bpf(pcap_t *p, struct pcap_stat *ps)
113{
114 struct bpf_stat s;
115
116 /*
117 * "ps_recv" counts packets handed to the filter, not packets
118 * that passed the filter. This includes packets later dropped
119 * because we ran out of buffer space.
120 *
121 * "ps_drop" counts packets dropped inside the BPF device
122 * because we ran out of buffer space. It doesn't count
123 * packets dropped by the interface driver. It counts
124 * only packets that passed the filter.
125 *
126 * Both statistics include packets not yet read from the kernel
127 * by libpcap, and thus not yet seen by the application.
128 */
129 if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) {
130 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s",
131 pcap_strerror(errno));
132 return (-1);
133 }
134
135 ps->ps_recv = s.bs_recv;
136 ps->ps_drop = s.bs_drop;
137 return (0);
138}
139
140static int
141pcap_read_bpf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
142{
143 int cc;
144 int n = 0;
145 register u_char *bp, *ep;
146 u_char *datap;
147 struct bpf_insn *fcode;
148#ifdef PCAP_FDDIPAD
149 register int pad;
150#endif
151
152 fcode = p->md.use_bpf ? NULL : p->fcode.bf_insns;
153 again:
154 /*
155 * Has "pcap_breakloop()" been called?
156 */
157 if (p->break_loop) {
158 /*
159 * Yes - clear the flag that indicates that it
160 * has, and return -2 to indicate that we were
161 * told to break out of the loop.
162 */
163 p->break_loop = 0;
164 return (-2);
165 }
166 cc = p->cc;
167 if (p->cc == 0) {
168 cc = read(p->fd, (char *)p->buffer, p->bufsize);
169 if (cc < 0) {
170 /* Don't choke when we get ptraced */
171 switch (errno) {
172
173 case EINTR:
174 goto again;
175
176#ifdef _AIX
177 case EFAULT:
178 /*
179 * Sigh. More AIX wonderfulness.
180 *
181 * For some unknown reason the uiomove()
182 * operation in the bpf kernel extension
183 * used to copy the buffer into user
184 * space sometimes returns EFAULT. I have
185 * no idea why this is the case given that
186 * a kernel debugger shows the user buffer
187 * is correct. This problem appears to
188 * be mostly mitigated by the memset of
189 * the buffer before it is first used.
190 * Very strange.... Shaun Clowes
191 *
192 * In any case this means that we shouldn't
193 * treat EFAULT as a fatal error; as we
194 * don't have an API for returning
195 * a "some packets were dropped since
196 * the last packet you saw" indication,
197 * we just ignore EFAULT and keep reading.
198 */
199 goto again;
200#endif
201
202 case EWOULDBLOCK:
203 return (0);
204#if defined(sun) && !defined(BSD)
205 /*
206 * Due to a SunOS bug, after 2^31 bytes, the kernel
207 * file offset overflows and read fails with EINVAL.
208 * The lseek() to 0 will fix things.
209 */
210 case EINVAL:
211 if (lseek(p->fd, 0L, SEEK_CUR) +
212 p->bufsize < 0) {
213 (void)lseek(p->fd, 0L, SEEK_SET);
214 goto again;
215 }
216 /* fall through */
217#endif
218 }
219 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read: %s",
220 pcap_strerror(errno));
221 return (-1);
222 }
223 bp = p->buffer;
224 } else
225 bp = p->bp;
226
227 /*
228 * Loop through each packet.
229 */
230#define bhp ((struct bpf_hdr *)bp)
231 ep = bp + cc;
232#ifdef PCAP_FDDIPAD
233 pad = p->fddipad;
234#endif
235 while (bp < ep) {
236 register int caplen, hdrlen;
237
238 /*
239 * Has "pcap_breakloop()" been called?
240 * If so, return immediately - if we haven't read any
241 * packets, clear the flag and return -2 to indicate
242 * that we were told to break out of the loop, otherwise
243 * leave the flag set, so that the *next* call will break
244 * out of the loop without having read any packets, and
245 * return the number of packets we've processed so far.
246 */
247 if (p->break_loop) {
248 if (n == 0) {
249 p->break_loop = 0;
250 return (-2);
251 } else {
252 p->bp = bp;
253 p->cc = ep - bp;
254 return (n);
255 }
256 }
257
258 caplen = bhp->bh_caplen;
259 hdrlen = bhp->bh_hdrlen;
260 datap = bp + hdrlen;
261 /*
262 * Short-circuit evaluation: if using BPF filter
263 * in kernel, no need to do it now.
264 *
265#ifdef PCAP_FDDIPAD
266 * Note: the filter code was generated assuming
267 * that p->fddipad was the amount of padding
268 * before the header, as that's what's required
269 * in the kernel, so we run the filter before
270 * skipping that padding.
271#endif
272 */
273 if (fcode == NULL ||
274 bpf_filter(fcode, datap, bhp->bh_datalen, caplen)) {
275 struct pcap_pkthdr pkthdr;
276
277 pkthdr.ts.tv_sec = bhp->bh_tstamp.tv_sec;
278#ifdef _AIX
279 /*
280 * AIX's BPF returns seconds/nanoseconds time
281 * stamps, not seconds/microseconds time stamps.
282 */
283 pkthdr.ts.tv_usec = bhp->bh_tstamp.tv_usec/1000;
284#else
285 pkthdr.ts.tv_usec = bhp->bh_tstamp.tv_usec;
286#endif
287#ifdef PCAP_FDDIPAD
288 if (caplen > pad)
289 pkthdr.caplen = caplen - pad;
290 else
291 pkthdr.caplen = 0;
292 if (bhp->bh_datalen > pad)
293 pkthdr.len = bhp->bh_datalen - pad;
294 else
295 pkthdr.len = 0;
296 datap += pad;
297#else
298 pkthdr.caplen = caplen;
299 pkthdr.len = bhp->bh_datalen;
300#endif
301 (*callback)(user, &pkthdr, datap);
302 bp += BPF_WORDALIGN(caplen + hdrlen);
303 if (++n >= cnt && cnt > 0) {
304 p->bp = bp;
305 p->cc = ep - bp;
306 return (n);
307 }
308 } else {
309 /*
310 * Skip this packet.
311 */
312 bp += BPF_WORDALIGN(caplen + hdrlen);
313 }
314 }
315#undef bhp
316 p->cc = 0;
317 return (n);
318}
319
320static int
321pcap_inject_bpf(pcap_t *p, const void *buf, size_t size)
322{
323 int ret;
324
325 ret = write(p->fd, buf, size);
326#ifdef __APPLE__
327 if (ret == -1 && errno == EAFNOSUPPORT) {
328 /*
329 * In Mac OS X, there's a bug wherein setting the
330 * BIOCSHDRCMPLT flag causes writes to fail; see,
331 * for example:
332 *
333 * http://cerberus.sourcefire.com/~jeff/archives/patches/macosx/BIOCSHDRCMPLT-10.3.3.patch
334 *
335 * So, if, on OS X, we get EAFNOSUPPORT from the write, we
336 * assume it's due to that bug, and turn off that flag
337 * and try again. If we succeed, it either means that
338 * somebody applied the fix from that URL, or other patches
339 * for that bug from
340 *
341 * http://cerberus.sourcefire.com/~jeff/archives/patches/macosx/
342 *
343 * and are running a Darwin kernel with those fixes, or
344 * that Apple fixed the problem in some OS X release.
345 */
346 u_int spoof_eth_src = 0;
347
348 if (ioctl(p->fd, BIOCSHDRCMPLT, &spoof_eth_src) == -1) {
349 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
350 "send: can't turn off BIOCSHDRCMPLT: %s",
351 pcap_strerror(errno));
352 return (-1);
353 }
354
355 /*
356 * Now try the write again.
357 */
358 ret = write(p->fd, buf, size);
359 }
360#endif /* __APPLE__ */
361 if (ret == -1) {
362 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s",
363 pcap_strerror(errno));
364 return (-1);
365 }
366 return (ret);
367}
368
369#ifdef _AIX
370static int
371bpf_odminit(char *errbuf)
372{
373 char *errstr;
374
375 if (odm_initialize() == -1) {
376 if (odm_err_msg(odmerrno, &errstr) == -1)
377 errstr = "Unknown error";
378 snprintf(errbuf, PCAP_ERRBUF_SIZE,
379 "bpf_load: odm_initialize failed: %s",
380 errstr);
381 return (-1);
382 }
383
384 if ((odmlockid = odm_lock("/etc/objrepos/config_lock", ODM_WAIT)) == -1) {
385 if (odm_err_msg(odmerrno, &errstr) == -1)
386 errstr = "Unknown error";
387 snprintf(errbuf, PCAP_ERRBUF_SIZE,
388 "bpf_load: odm_lock of /etc/objrepos/config_lock failed: %s",
389 errstr);
390 return (-1);
391 }
392
393 return (0);
394}
395
396static int
397bpf_odmcleanup(char *errbuf)
398{
399 char *errstr;
400
401 if (odm_unlock(odmlockid) == -1) {
402 if (odm_err_msg(odmerrno, &errstr) == -1)
403 errstr = "Unknown error";
404 snprintf(errbuf, PCAP_ERRBUF_SIZE,
405 "bpf_load: odm_unlock failed: %s",
406 errstr);
407 return (-1);
408 }
409
410 if (odm_terminate() == -1) {
411 if (odm_err_msg(odmerrno, &errstr) == -1)
412 errstr = "Unknown error";
413 snprintf(errbuf, PCAP_ERRBUF_SIZE,
414 "bpf_load: odm_terminate failed: %s",
415 errstr);
416 return (-1);
417 }
418
419 return (0);
420}
421
422static int
423bpf_load(char *errbuf)
424{
425 long major;
426 int *minors;
427 int numminors, i, rc;
428 char buf[1024];
429 struct stat sbuf;
430 struct bpf_config cfg_bpf;
431 struct cfg_load cfg_ld;
432 struct cfg_kmod cfg_km;
433
434 /*
435 * This is very very close to what happens in the real implementation
436 * but I've fixed some (unlikely) bug situations.
437 */
438 if (bpfloadedflag)
439 return (0);
440
441 if (bpf_odminit(errbuf) != 0)
442 return (-1);
443
444 major = genmajor(BPF_NAME);
445 if (major == -1) {
446 snprintf(errbuf, PCAP_ERRBUF_SIZE,
447 "bpf_load: genmajor failed: %s", pcap_strerror(errno));
448 return (-1);
449 }
450
451 minors = getminor(major, &numminors, BPF_NAME);
452 if (!minors) {
453 minors = genminor("bpf", major, 0, BPF_MINORS, 1, 1);
454 if (!minors) {
455 snprintf(errbuf, PCAP_ERRBUF_SIZE,
456 "bpf_load: genminor failed: %s",
457 pcap_strerror(errno));
458 return (-1);
459 }
460 }
461
462 if (bpf_odmcleanup(errbuf))
463 return (-1);
464
465 rc = stat(BPF_NODE "0", &sbuf);
466 if (rc == -1 && errno != ENOENT) {
467 snprintf(errbuf, PCAP_ERRBUF_SIZE,
468 "bpf_load: can't stat %s: %s",
469 BPF_NODE "0", pcap_strerror(errno));
470 return (-1);
471 }
472
473 if (rc == -1 || getmajor(sbuf.st_rdev) != major) {
474 for (i = 0; i < BPF_MINORS; i++) {
475 sprintf(buf, "%s%d", BPF_NODE, i);
476 unlink(buf);
477 if (mknod(buf, S_IRUSR | S_IFCHR, domakedev(major, i)) == -1) {
478 snprintf(errbuf, PCAP_ERRBUF_SIZE,
479 "bpf_load: can't mknod %s: %s",
480 buf, pcap_strerror(errno));
481 return (-1);
482 }
483 }
484 }
485
486 /* Check if the driver is loaded */
487 memset(&cfg_ld, 0x0, sizeof(cfg_ld));
488 cfg_ld.path = buf;
489 sprintf(cfg_ld.path, "%s/%s", DRIVER_PATH, BPF_NAME);
490 if ((sysconfig(SYS_QUERYLOAD, (void *)&cfg_ld, sizeof(cfg_ld)) == -1) ||
491 (cfg_ld.kmid == 0)) {
492 /* Driver isn't loaded, load it now */
493 if (sysconfig(SYS_SINGLELOAD, (void *)&cfg_ld, sizeof(cfg_ld)) == -1) {
494 snprintf(errbuf, PCAP_ERRBUF_SIZE,
495 "bpf_load: could not load driver: %s",
496 strerror(errno));
497 return (-1);
498 }
499 }
500
501 /* Configure the driver */
502 cfg_km.cmd = CFG_INIT;
503 cfg_km.kmid = cfg_ld.kmid;
504 cfg_km.mdilen = sizeof(cfg_bpf);
505 cfg_km.mdiptr = (void *)&cfg_bpf;
506 for (i = 0; i < BPF_MINORS; i++) {
507 cfg_bpf.devno = domakedev(major, i);
508 if (sysconfig(SYS_CFGKMOD, (void *)&cfg_km, sizeof(cfg_km)) == -1) {
509 snprintf(errbuf, PCAP_ERRBUF_SIZE,
510 "bpf_load: could not configure driver: %s",
511 strerror(errno));
512 return (-1);
513 }
514 }
515
516 bpfloadedflag = 1;
517
518 return (0);
519}
520#endif
521
522static inline int
523bpf_open(pcap_t *p, char *errbuf)
524{
525 int fd;
526#ifdef HAVE_CLONING_BPF
527 static const char device[] = "/dev/bpf";
528#else
529 int n = 0;
530 char device[sizeof "/dev/bpf0000000000"];
531#endif
532
533#ifdef _AIX
534 /*
535 * Load the bpf driver, if it isn't already loaded,
536 * and create the BPF device entries, if they don't
537 * already exist.
538 */
539 if (bpf_load(errbuf) == -1)
540 return (-1);
541#endif
542
543#ifdef HAVE_CLONING_BPF
544 if ((fd = open(device, O_RDWR)) == -1 &&
545 (errno != EACCES || (fd = open(device, O_RDONLY)) == -1))
546 snprintf(errbuf, PCAP_ERRBUF_SIZE,
547 "(cannot open device) %s: %s", device, pcap_strerror(errno));
548#else
549 /*
550 * Go through all the minors and find one that isn't in use.
551 */
552 do {
553 (void)snprintf(device, sizeof(device), "/dev/bpf%d", n++);
554 /*
555 * Initially try a read/write open (to allow the inject
556 * method to work). If that fails due to permission
557 * issues, fall back to read-only. This allows a
558 * non-root user to be granted specific access to pcap
559 * capabilities via file permissions.
560 *
561 * XXX - we should have an API that has a flag that
562 * controls whether to open read-only or read-write,
563 * so that denial of permission to send (or inability
564 * to send, if sending packets isn't supported on
565 * the device in question) can be indicated at open
566 * time.
567 */
568 fd = open(device, O_RDWR);
569 if (fd == -1 && errno == EACCES)
570 fd = open(device, O_RDONLY);
571 } while (fd < 0 && errno == EBUSY);
572
573 /*
574 * XXX better message for all minors used
575 */
576 if (fd < 0)
577 snprintf(errbuf, PCAP_ERRBUF_SIZE, "(no devices found) %s: %s",
578 device, pcap_strerror(errno));
579#endif
580
581 return (fd);
582}
583
584/*
585 * We include the OS's <net/bpf.h>, not our "pcap-bpf.h", so we probably
586 * don't get DLT_DOCSIS defined.
587 */
588#ifndef DLT_DOCSIS
589#define DLT_DOCSIS 143
590#endif
591
592pcap_t *
593pcap_open_live(const char *device, int snaplen, int promisc, int to_ms,
594 char *ebuf)
595{
596 int fd;
597 struct ifreq ifr;
598 struct bpf_version bv;
599#ifdef BIOCGDLTLIST
600 struct bpf_dltlist bdl;
601#endif
602#if defined(BIOCGHDRCMPLT) && defined(BIOCSHDRCMPLT)
603 u_int spoof_eth_src = 1;
604#endif
605 u_int v;
606 pcap_t *p;
607 struct bpf_insn total_insn;
608 struct bpf_program total_prog;
609 struct utsname osinfo;
610
611#ifdef HAVE_DAG_API
612 if (strstr(device, "dag")) {
613 return dag_open_live(device, snaplen, promisc, to_ms, ebuf);
614 }
615#endif /* HAVE_DAG_API */
616
617#ifdef BIOCGDLTLIST
618 memset(&bdl, 0, sizeof(bdl));
619#endif
620
621 p = (pcap_t *)malloc(sizeof(*p));
622 if (p == NULL) {
623 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
624 pcap_strerror(errno));
625 return (NULL);
626 }
627 memset(p, 0, sizeof(*p));
628 fd = bpf_open(p, ebuf);
629 if (fd < 0)
630 goto bad;
631
632 p->fd = fd;
633 p->snapshot = snaplen;
634
635 if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) {
636 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s",
637 pcap_strerror(errno));
638 goto bad;
639 }
640 if (bv.bv_major != BPF_MAJOR_VERSION ||
641 bv.bv_minor < BPF_MINOR_VERSION) {
642 snprintf(ebuf, PCAP_ERRBUF_SIZE,
643 "kernel bpf filter out of date");
644 goto bad;
645 }
646
647 /*
648 * Try finding a good size for the buffer; 32768 may be too
649 * big, so keep cutting it in half until we find a size
650 * that works, or run out of sizes to try. If the default
651 * is larger, don't make it smaller.
652 *
653 * XXX - there should be a user-accessible hook to set the
654 * initial buffer size.
655 */
656 if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768)
657 v = 32768;
658 for ( ; v != 0; v >>= 1) {
659 /* Ignore the return value - this is because the call fails
660 * on BPF systems that don't have kernel malloc. And if
661 * the call fails, it's no big deal, we just continue to
662 * use the standard buffer size.
663 */
664 (void) ioctl(fd, BIOCSBLEN, (caddr_t)&v);
665
666 (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
667 if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) >= 0)
668 break; /* that size worked; we're done */
669
670 if (errno != ENOBUFS) {
671 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSETIF: %s: %s",
672 device, pcap_strerror(errno));
673 goto bad;
674 }
675 }
676
677 if (v == 0) {
678 snprintf(ebuf, PCAP_ERRBUF_SIZE,
679 "BIOCSBLEN: %s: No buffer size worked", device);
680 goto bad;
681 }
682
683 /* Get the data link layer type. */
684 if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) {
685 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s",
686 pcap_strerror(errno));
687 goto bad;
688 }
689#ifdef _AIX
690 /*
691 * AIX's BPF returns IFF_ types, not DLT_ types, in BIOCGDLT.
692 */
693 switch (v) {
694
695 case IFT_ETHER:
696 case IFT_ISO88023:
697 v = DLT_EN10MB;
698 break;
699
700 case IFT_FDDI:
701 v = DLT_FDDI;
702 break;
703
704 case IFT_ISO88025:
705 v = DLT_IEEE802;
706 break;
707
708 case IFT_LOOP:
709 v = DLT_NULL;
710 break;
711
712 default:
713 /*
714 * We don't know what to map this to yet.
715 */
716 snprintf(ebuf, PCAP_ERRBUF_SIZE, "unknown interface type %u",
717 v);
718 goto bad;
719 }
720#endif
721#if _BSDI_VERSION - 0 >= 199510
722 /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */
723 switch (v) {
724
725 case DLT_SLIP:
726 v = DLT_SLIP_BSDOS;
727 break;
728
729 case DLT_PPP:
730 v = DLT_PPP_BSDOS;
731 break;
732
733 case 11: /*DLT_FR*/
734 v = DLT_FRELAY;
735 break;
736
737 case 12: /*DLT_C_HDLC*/
738 v = DLT_CHDLC;
739 break;
740 }
741#endif
742#ifdef PCAP_FDDIPAD
743 if (v == DLT_FDDI)
744 p->fddipad = PCAP_FDDIPAD;
745 else
746 p->fddipad = 0;
747#endif
748 p->linktype = v;
749
750#ifdef BIOCGDLTLIST
751 /*
752 * We know the default link type -- now determine all the DLTs
753 * this interface supports. If this fails with EINVAL, it's
754 * not fatal; we just don't get to use the feature later.
755 */
756 if (ioctl(fd, BIOCGDLTLIST, (caddr_t)&bdl) == 0) {
757 u_int i;
758 int is_ethernet;
759
760 bdl.bfl_list = (u_int *) malloc(sizeof(u_int) * (bdl.bfl_len + 1));
761 if (bdl.bfl_list == NULL) {
762 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
763 pcap_strerror(errno));
764 goto bad;
765 }
766
767 if (ioctl(fd, BIOCGDLTLIST, (caddr_t)&bdl) < 0) {
768 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE,
769 "BIOCGDLTLIST: %s", pcap_strerror(errno));
770 free(bdl.bfl_list);
771 goto bad;
772 }
773
774 /*
775 * OK, for real Ethernet devices, add DLT_DOCSIS to the
776 * list, so that an application can let you choose it,
777 * in case you're capturing DOCSIS traffic that a Cisco
778 * Cable Modem Termination System is putting out onto
779 * an Ethernet (it doesn't put an Ethernet header onto
780 * the wire, it puts raw DOCSIS frames out on the wire
781 * inside the low-level Ethernet framing).
782 *
783 * A "real Ethernet device" is defined here as a device
784 * that has a link-layer type of DLT_EN10MB and that has
785 * no alternate link-layer types; that's done to exclude
786 * 802.11 interfaces (which might or might not be the
787 * right thing to do, but I suspect it is - Ethernet <->
788 * 802.11 bridges would probably badly mishandle frames
789 * that don't have Ethernet headers).
790 */
791 if (p->linktype == DLT_EN10MB) {
792 is_ethernet = 1;
793 for (i = 0; i < bdl.bfl_len; i++) {
794 if (bdl.bfl_list[i] != DLT_EN10MB) {
795 is_ethernet = 0;
796 break;
797 }
798 }
799 if (is_ethernet) {
800 /*
801 * We reserved one more slot at the end of
802 * the list.
803 */
804 bdl.bfl_list[bdl.bfl_len] = DLT_DOCSIS;
805 bdl.bfl_len++;
806 }
807 }
808 p->dlt_count = bdl.bfl_len;
809 p->dlt_list = bdl.bfl_list;
810 } else {
811 if (errno != EINVAL) {
812 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE,
813 "BIOCGDLTLIST: %s", pcap_strerror(errno));
814 goto bad;
815 }
816 }
817#endif
818
819 /*
820 * If this is an Ethernet device, and we don't have a DLT_ list,
821 * give it a list with DLT_EN10MB and DLT_DOCSIS. (That'd give
822 * 802.11 interfaces DLT_DOCSIS, which isn't the right thing to
823 * do, but there's not much we can do about that without finding
824 * some other way of determining whether it's an Ethernet or 802.11
825 * device.)
826 */
827 if (p->linktype == DLT_EN10MB && p->dlt_count == 0) {
828 p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
829 /*
830 * If that fails, just leave the list empty.
831 */
832 if (p->dlt_list != NULL) {
833 p->dlt_list[0] = DLT_EN10MB;
834 p->dlt_list[1] = DLT_DOCSIS;
835 p->dlt_count = 2;
836 }
837 }
838
839#if defined(BIOCGHDRCMPLT) && defined(BIOCSHDRCMPLT)
840 /*
841 * Do a BIOCSHDRCMPLT, if defined, to turn that flag on, so
842 * the link-layer source address isn't forcibly overwritten.
843 * (Should we ignore errors? Should we do this only if
844 * we're open for writing?)
845 *
846 * XXX - I seem to remember some packet-sending bug in some
847 * BSDs - check CVS log for "bpf.c"?
848 */
849 if (ioctl(fd, BIOCSHDRCMPLT, &spoof_eth_src) == -1) {
850 (void)snprintf(ebuf, PCAP_ERRBUF_SIZE,
851 "BIOCSHDRCMPLT: %s", pcap_strerror(errno));
852 goto bad;
853 }
854#endif
855 /* set timeout */
856 if (to_ms != 0) {
857 /*
858 * XXX - is this seconds/nanoseconds in AIX?
859 * (Treating it as such doesn't fix the timeout
860 * problem described below.)
861 */
862 struct timeval to;
863 to.tv_sec = to_ms / 1000;
864 to.tv_usec = (to_ms * 1000) % 1000000;
865 if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) {
866 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSRTIMEOUT: %s",
867 pcap_strerror(errno));
868 goto bad;
869 }
870 }
871
872#ifdef _AIX
873#ifdef BIOCIMMEDIATE
874 /*
875 * Darren Reed notes that
876 *
877 * On AIX (4.2 at least), if BIOCIMMEDIATE is not set, the
878 * timeout appears to be ignored and it waits until the buffer
879 * is filled before returning. The result of not having it
880 * set is almost worse than useless if your BPF filter
881 * is reducing things to only a few packets (i.e. one every
882 * second or so).
883 *
884 * so we turn BIOCIMMEDIATE mode on if this is AIX.
885 *
886 * We don't turn it on for other platforms, as that means we
887 * get woken up for every packet, which may not be what we want;
888 * in the Winter 1993 USENIX paper on BPF, they say:
889 *
890 * Since a process might want to look at every packet on a
891 * network and the time between packets can be only a few
892 * microseconds, it is not possible to do a read system call
893 * per packet and BPF must collect the data from several
894 * packets and return it as a unit when the monitoring
895 * application does a read.
896 *
897 * which I infer is the reason for the timeout - it means we
898 * wait that amount of time, in the hopes that more packets
899 * will arrive and we'll get them all with one read.
900 *
901 * Setting BIOCIMMEDIATE mode on FreeBSD (and probably other
902 * BSDs) causes the timeout to be ignored.
903 *
904 * On the other hand, some platforms (e.g., Linux) don't support
905 * timeouts, they just hand stuff to you as soon as it arrives;
906 * if that doesn't cause a problem on those platforms, it may
907 * be OK to have BIOCIMMEDIATE mode on BSD as well.
908 *
909 * (Note, though, that applications may depend on the read
910 * completing, even if no packets have arrived, when the timeout
911 * expires, e.g. GUI applications that have to check for input
912 * while waiting for packets to arrive; a non-zero timeout
913 * prevents "select()" from working right on FreeBSD and
914 * possibly other BSDs, as the timer doesn't start until a
915 * "read()" is done, so the timer isn't in effect if the
916 * application is blocked on a "select()", and the "select()"
917 * doesn't get woken up for a BPF device until the buffer
918 * fills up.)
919 */
920 v = 1;
921 if (ioctl(p->fd, BIOCIMMEDIATE, &v) < 0) {
922 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCIMMEDIATE: %s",
923 pcap_strerror(errno));
924 goto bad;
925 }
926#endif /* BIOCIMMEDIATE */
927#endif /* _AIX */
928
929 if (promisc) {
930 /* set promiscuous mode, okay if it fails */
931 if (ioctl(p->fd, BIOCPROMISC, NULL) < 0) {
932 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCPROMISC: %s",
933 pcap_strerror(errno));
934 }
935 }
936
937 if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) {
938 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s",
939 pcap_strerror(errno));
940 goto bad;
941 }
942 p->bufsize = v;
943 p->buffer = (u_char *)malloc(p->bufsize);
944 if (p->buffer == NULL) {
945 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
946 pcap_strerror(errno));
947 goto bad;
948 }
949#ifdef _AIX
950 /* For some strange reason this seems to prevent the EFAULT
951 * problems we have experienced from AIX BPF. */
952 memset(p->buffer, 0x0, p->bufsize);
953#endif
954
955 /*
956 * If there's no filter program installed, there's
957 * no indication to the kernel of what the snapshot
958 * length should be, so no snapshotting is done.
959 *
960 * Therefore, when we open the device, we install
961 * an "accept everything" filter with the specified
962 * snapshot length.
963 */
964 total_insn.code = (u_short)(BPF_RET | BPF_K);
965 total_insn.jt = 0;
966 total_insn.jf = 0;
967 total_insn.k = snaplen;
968
969 total_prog.bf_len = 1;
970 total_prog.bf_insns = &total_insn;
971 if (ioctl(p->fd, BIOCSETF, (caddr_t)&total_prog) < 0) {
972 snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s",
973 pcap_strerror(errno));
974 goto bad;
975 }
976
977 /*
978 * On most BPF platforms, either you can do a "select()" or
979 * "poll()" on a BPF file descriptor and it works correctly,
980 * or you can do it and it will return "readable" if the
981 * hold buffer is full but not if the timeout expires *and*
982 * a non-blocking read will, if the hold buffer is empty
983 * but the store buffer isn't empty, rotate the buffers
984 * and return what packets are available.
985 *
986 * In the latter case, the fact that a non-blocking read
987 * will give you the available packets means you can work
988 * around the failure of "select()" and "poll()" to wake up
989 * and return "readable" when the timeout expires by using
990 * the timeout as the "select()" or "poll()" timeout, putting
991 * the BPF descriptor into non-blocking mode, and read from
992 * it regardless of whether "select()" reports it as readable
993 * or not.
994 *
995 * However, in FreeBSD 4.3 and 4.4, "select()" and "poll()"
996 * won't wake up and return "readable" if the timer expires
997 * and non-blocking reads return EWOULDBLOCK if the hold
998 * buffer is empty, even if the store buffer is non-empty.
999 *
1000 * This means the workaround in question won't work.
1001 *
1002 * Therefore, on FreeBSD 4.3 and 4.4, we set "p->selectable_fd"
1003 * to -1, which means "sorry, you can't use 'select()' or 'poll()'
1004 * here". On all other BPF platforms, we set it to the FD for
1005 * the BPF device; in NetBSD, OpenBSD, and Darwin, a non-blocking
1006 * read will, if the hold buffer is empty and the store buffer
1007 * isn't empty, rotate the buffers and return what packets are
1008 * there (and in sufficiently recent versions of OpenBSD
1009 * "select()" and "poll()" should work correctly).
1010 *
1011 * XXX - what about AIX?
1012 */
1013 p->selectable_fd = p->fd; /* assume select() works until we know otherwise */
1014 if (uname(&osinfo) == 0) {
1015 /*
1016 * We can check what OS this is.
1017 */
1018 if (strcmp(osinfo.sysname, "FreeBSD") == 0) {
1019 if (strncmp(osinfo.release, "4.3-", 4) == 0 ||
1020 strncmp(osinfo.release, "4.4-", 4) == 0)
1021 p->selectable_fd = -1;
1022 }
1023 }
1024
1025 p->read_op = pcap_read_bpf;
1026 p->inject_op = pcap_inject_bpf;
1027 p->setfilter_op = pcap_setfilter_bpf;
1028 p->setdirection_op = pcap_setdirection_bpf;
1029 p->set_datalink_op = pcap_set_datalink_bpf;
1030 p->getnonblock_op = pcap_getnonblock_fd;
1031 p->setnonblock_op = pcap_setnonblock_fd;
1032 p->stats_op = pcap_stats_bpf;
1033 p->close_op = pcap_close_common;
1034
1035 return (p);
1036 bad:
1037 (void)close(fd);
1038 if (p->dlt_list != NULL)
1039 free(p->dlt_list);
1040 free(p);
1041 return (NULL);
1042}
1043
1044int
1045pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
1046{
1047#ifdef HAVE_DAG_API
1048 if (dag_platform_finddevs(alldevsp, errbuf) < 0)
1049 return (-1);
1050#endif /* HAVE_DAG_API */
1051
1052 return (0);
1053}
1054
1055static int
1056pcap_setfilter_bpf(pcap_t *p, struct bpf_program *fp)
1057{
1058 /*
1059 * It looks that BPF code generated by gen_protochain() is not
1060 * compatible with some of kernel BPF code (for example BSD/OS 3.1).
1061 * Take a safer side for now.
1062 */
1063 if (no_optimize) {
1064 /*
1065 * XXX - what if we already have a filter in the kernel?
1066 */
1067 if (install_bpf_program(p, fp) < 0)
1068 return (-1);
1069 p->md.use_bpf = 0; /* filtering in userland */
1070 return (0);
1071 }
1072
1073 /*
1074 * Free any user-mode filter we might happen to have installed.
1075 */
1076 pcap_freecode(&p->fcode);
1077
1078 /*
1079 * Try to install the kernel filter.
1080 */
1081 if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) {
1082 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s",
1083 pcap_strerror(errno));
1084 return (-1);
1085 }
1086 p->md.use_bpf = 1; /* filtering in the kernel */
1087
1088 /*
1089 * Discard any previously-received packets, as they might have
1090 * passed whatever filter was formerly in effect, but might
1091 * not pass this filter (BIOCSETF discards packets buffered
1092 * in the kernel, so you can lose packets in any case).
1093 */
1094 p->cc = 0;
1095 return (0);
1096}
1097
1098/*
1099 * Set direction flag: Which packets do we accept on a forwarding
1100 * single device? IN, OUT or both?
1101 */
1102static int
1103pcap_setdirection_bpf(pcap_t *p, pcap_direction_t d)
1104{
1105#if defined(BIOCSDIRECTION)
1106 u_int direction;
1107
1108 direction = (d == PCAP_D_IN) ? BPF_D_IN :
1109 ((d == PCAP_D_OUT) ? BPF_D_OUT : BPF_D_INOUT);
1110 if (ioctl(p->fd, BIOCSDIRECTION, &direction) == -1) {
1111 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1112 "Cannot set direction to %s: %s",
1113 (d == PCAP_D_IN) ? "PCAP_D_IN" :
1114 ((d == PCAP_D_OUT) ? "PCAP_D_OUT" : "PCAP_D_INOUT"),
1115 strerror(errno));
1116 return (-1);
1117 }
1118 return (0);
1119#elif defined(BIOCSSEESENT)
1120 u_int seesent;
1121
1122 /*
1123 * We don't support PCAP_D_OUT.
1124 */
1125 if (d == PCAP_D_OUT) {
1126 snprintf(p->errbuf, sizeof(p->errbuf),
1127 "Setting direction to PCAP_D_OUT is not supported on BPF");
1128 return -1;
1129 }
1130
1131 seesent = (d == PCAP_D_INOUT);
1132 if (ioctl(p->fd, BIOCSSEESENT, &seesent) == -1) {
1133 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1134 "Cannot set direction to %s: %s",
1135 (d == PCAP_D_INOUT) ? "PCAP_D_INOUT" : "PCAP_D_IN",
1136 strerror(errno));
1137 return (-1);
1138 }
1139 return (0);
1140#else
1141 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1142 "This system doesn't support BIOCSSEESENT, so the direction can't be set");
1143 return (-1);
1144#endif
1145}
1146
1147static int
1148pcap_set_datalink_bpf(pcap_t *p, int dlt)
1149{
1150#ifdef BIOCSDLT
1151 if (ioctl(p->fd, BIOCSDLT, &dlt) == -1) {
1152 (void) snprintf(p->errbuf, sizeof(p->errbuf),
1153 "Cannot set DLT %d: %s", dlt, strerror(errno));
1154 return (-1);
1155 }
1156#endif
1157 return (0);
1158}