Lines Matching +full:layer +full:- +full:buffer +full:- +full:offset
2 * pcap-linux.c: Packet capture interface to the Linux kernel
5 * Sebastian Krahmer <krahmer@cs.uni-potsdam.de>
36 * Monitor-mode support for mac80211 includes code taken from the iw
99 #include "pcap-int.h"
100 #include "pcap-util.h"
105 #include "diag-control.h"
124 * least some people are doing cross-builds for MIPS with older versions
135 (__atomic_load_n(&pkt->tp_status, __ATOMIC_ACQUIRE) != TP_STATUS_KERNEL)
137 (__atomic_store_n(&pkt->tp_status, TP_STATUS_KERNEL, __ATOMIC_RELEASE))
139 (__atomic_load_n(&pkt->hdr.bh1.block_status, __ATOMIC_ACQUIRE) != TP_STATUS_KERNEL)
141 (__atomic_store_n(&pkt->hdr.bh1.block_status, TP_STATUS_KERNEL, __ATOMIC_RELEASE))
175 * When capturing on all interfaces we use this as the buffer size.
199 u_char *mmapbuf; /* memory-mapped region pointer */
201 int vlan_offset; /* offset at which to insert vlan tags; if -1, don't insert */
204 u_char *oneshot_buffer; /* buffer for copy of packet */
217 #define MUST_DELETE_MONIF 0x00000002 /* delete monitor-mode interface */
244 #define RING_GET_FRAME_AT(h, offset) (((u_char **)h->buffer)[(offset)])
245 #define RING_GET_CURRENT_FRAME(h) RING_GET_FRAME_AT(h, h->offset)
260 * In pre-3.0 kernels, the tp_vlan_tci field is set to whatever the
270 * With a pre-3.0 kernel, we cannot distinguish between packets with no
280 * continues the old unfixably-imperfect behavior on pre-3.0 kernels.
286 #define VLAN_VALID(hdr, hv) ((hv)->tp_vlan_tci != 0 || ((hdr)->tp_status & TP_STATUS_VLAN_VALID))
296 #define VLAN_VALID(hdr, hv) ((hv)->tp_vlan_tci != 0 || ((hdr)->tp_status & 0x10))
300 # define VLAN_TPID(hdr, hv) (((hv)->tp_vlan_tpid || ((hdr)->tp_status & TP_STATUS_VLAN_TPID_VALID)) ? (hv)->tp_vlan_tpid : ETH_P_8021Q)
307 * indication - 1 millisecond.
347 handle->activate_op = pcap_activate_linux;
348 handle->can_set_rfmon_op = pcap_can_set_rfmon_linux;
353 if (iface_get_ts_types(device, handle, ebuf) == -1) {
362 * XXX - with adapter-supplied time stamps, can we choose
366 handle->tstamp_precision_list = malloc(2 * sizeof(u_int));
367 if (handle->tstamp_precision_list == NULL) {
373 handle->tstamp_precision_list[0] = PCAP_TSTAMP_PRECISION_MICRO;
374 handle->tstamp_precision_list[1] = PCAP_TSTAMP_PRECISION_NANO;
375 handle->tstamp_precision_count = 2;
381 struct pcap_linux *handlep = handle->priv;
382 handlep->poll_breakloop_fd = -1;
393 * On Fedora 9, with a 2.6.26.3-29 kernel, my Zydas stick, at
396 * "tcpdump -D" output. Capturing on the wmaster0 device
399 * airmon-ng searches through /sys/class/net for devices named
430 * value of -ENFILE. (Return values are negative errnos.) We
439 * return 1; if not, return 0. On an error, fill in handle->errbuf and
452 if (asprintf(&pathstr, "/sys/class/net/%s/phy80211", device) == -1) {
453 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
459 if (bytes_read == -1) {
468 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
489 state->nl_sock = nl_socket_alloc();
490 if (!state->nl_sock) {
491 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
496 if (genl_connect(state->nl_sock)) {
497 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
502 err = genl_ctrl_alloc_cache(state->nl_sock, &state->nl_cache);
504 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
506 device, nl_geterror(-err));
510 state->nl80211 = genl_ctrl_search_by_name(state->nl_cache, "nl80211");
511 if (!state->nl80211) {
512 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
520 nl_cache_free(state->nl_cache);
522 nl_socket_free(state->nl_sock);
529 genl_family_put(state->nl80211);
530 nl_cache_free(state->nl_cache);
531 nl_socket_free(state->nl_sock);
542 struct pcap_linux *handlep = handle->priv;
547 ifindex = iface_get_id(sock_fd, device, handle->errbuf);
548 if (ifindex == -1)
553 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
558 genlmsg_put(msg, 0, 0, genl_family_get_id(state->nl80211), 0,
566 err = nl_send_auto_complete(state->nl_sock, msg);
568 if (err == -NLE_FAILURE) {
583 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
585 device, mondevice, nl_geterror(-err));
590 err = nl_wait_for_ack(state->nl_sock);
592 if (err == -NLE_FAILURE) {
607 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
609 device, mondevice, nl_geterror(-err));
623 handlep->mondevice = strdup(mondevice);
624 if (handlep->mondevice == NULL) {
625 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
636 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
651 ifindex = iface_get_id(sock_fd, mondevice, handle->errbuf);
652 if (ifindex == -1)
657 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
662 genlmsg_put(msg, 0, 0, genl_family_get_id(state->nl80211), 0,
666 err = nl_send_auto_complete(state->nl_sock, msg);
668 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
670 device, mondevice, nl_geterror(-err));
674 err = nl_wait_for_ack(state->nl_sock);
676 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
678 device, mondevice, nl_geterror(-err));
690 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
702 protocol = handle->opt.protocol;
717 if (strcmp(handle->opt.device, "any") == 0) {
732 ret = get_mac80211_phydev(handle, handle->opt.device, phydev_path,
755 char buffer[PATH_MAX];
757 snprintf(buffer, sizeof(buffer), "/sys/class/net/%s/statistics/%s", if_name, stat);
758 fd = open(buffer, O_RDONLY);
759 if (fd == -1)
762 bytes_read = read(fd, buffer, sizeof(buffer) - 1);
764 if (bytes_read == -1)
766 buffer[bytes_read] = '\0';
768 return strtoll(buffer, NULL, 10);
792 struct pcap_linux *handlep = handle->priv;
798 if (handlep->must_do_on_close != 0) {
804 if (handlep->must_do_on_close & MUST_DELETE_MONIF) {
805 ret = nl80211_init(handle, &nlstate, handlep->device);
807 ret = del_mon_if(handle, handle->fd, &nlstate,
808 handlep->device, handlep->mondevice);
815 handlep->mondevice, handle->errbuf);
827 if (handle->fd != -1) {
829 * Destroy the ring buffer (assuming we've set it up),
835 if (handlep->oneshot_buffer != NULL) {
836 free(handlep->oneshot_buffer);
837 handlep->oneshot_buffer = NULL;
840 if (handlep->mondevice != NULL) {
841 free(handlep->mondevice);
842 handlep->mondevice = NULL;
844 if (handlep->device != NULL) {
845 free(handlep->device);
846 handlep->device = NULL;
849 if (handlep->poll_breakloop_fd != -1) {
850 close(handlep->poll_breakloop_fd);
851 handlep->poll_breakloop_fd = -1;
874 if (uname(&utsname) == -1)
895 * Set the timeout to be used in poll() with memory-mapped packet capture.
903 if (handlep->timeout == 0) {
906 * XXX - due to a set of (mis)features in the TPACKET_V3
917 if (handlep->tp_version == TPACKET_V3 && broken_tpacket_v3)
918 handlep->poll_timeout = 1; /* don't block for very long */
921 handlep->poll_timeout = -1; /* block forever */
922 } else if (handlep->timeout > 0) {
929 if (handlep->tp_version == TPACKET_V3 && !broken_tpacket_v3)
930 handlep->poll_timeout = -1; /* block forever, let TPACKET_V3 wake us up */
933 handlep->poll_timeout = handlep->timeout; /* block for that amount of time */
936 * Non-blocking mode; we call poll() to pick up error
940 handlep->poll_timeout = 0;
947 struct pcap_linux *handlep = handle->priv;
951 if (handlep->poll_breakloop_fd != -1) {
953 * XXX - pcap_breakloop() doesn't have a return value,
957 (void)write(handlep->poll_breakloop_fd, &value, sizeof(value));
963 * Set the offset at which to insert VLAN tags.
964 * That should be the offset of the type field.
969 struct pcap_linux *handlep = handle->priv;
971 switch (handle->linktype) {
978 handlep->vlan_offset = 2 * ETH_ALEN;
986 handlep->vlan_offset = SLL_HDR_LEN - 2;
990 handlep->vlan_offset = -1; /* unknown */
1001 * modification of that values -- Torsten).
1006 struct pcap_linux *handlep = handle->priv;
1013 device = handle->opt.device;
1036 handle->errbuf[0] = '\0';
1049 if (handle->snapshot <= 0 || handle->snapshot > MAXIMUM_SNAPLEN)
1050 handle->snapshot = MAXIMUM_SNAPLEN;
1052 handlep->device = strdup(device);
1053 if (handlep->device == NULL) {
1054 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
1067 if (handle->opt.promisc) {
1068 handle->opt.promisc = 0;
1070 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
1077 handlep->timeout = handle->opt.timeout;
1085 if (handle->opt.promisc)
1086 handlep->sysfs_dropped = linux_if_drops(handlep->device);
1096 * and handle->errbuf has been set to an appropriate
1104 * We got a warning; return that, as handle->errbuf
1114 * we're not going to start in non-blocking mode.
1116 if (!handle->opt.nonblock) {
1117 handlep->poll_breakloop_fd = eventfd(0, EFD_NONBLOCK);
1118 if (handlep->poll_breakloop_fd == -1) {
1122 pcapint_fmt_errmsg_for_errno(handle->errbuf,
1131 * Try to set up memory-mapped access.
1140 * PCAP_ERROR, handle->errbuf contains
1148 * We got a warning; return that, as handle->errbuf
1162 if ((ret = iface_bind(handle->fd, handlep->ifindex,
1163 handle->errbuf, pcap_protocol(handle))) != 0) {
1168 handle->inject_op = pcap_inject_linux;
1169 handle->setfilter_op = pcap_setfilter_linux;
1170 handle->setdirection_op = pcap_setdirection_linux;
1171 handle->set_datalink_op = pcap_set_datalink_linux;
1172 handle->setnonblock_op = pcap_setnonblock_linux;
1173 handle->getnonblock_op = pcap_getnonblock_linux;
1174 handle->cleanup_op = pcap_cleanup_linux;
1175 handle->stats_op = pcap_stats_linux;
1176 handle->breakloop_op = pcap_breakloop_linux;
1178 switch (handlep->tp_version) {
1181 handle->read_op = pcap_read_linux_mmap_v2;
1185 handle->read_op = pcap_read_linux_mmap_v3;
1189 handle->oneshot_callback = pcapint_oneshot_linux;
1190 handle->selectable_fd = handle->fd;
1202 handle->linktype = dlt;
1205 * Update the offset at which to insert VLAN tags for the
1206 * new link-layer type.
1221 struct pcap_linux *handlep = handle->priv;
1223 if (sll->sll_pkttype == PACKET_OUTGOING) {
1230 if (sll->sll_ifindex == handlep->lo_ifindex)
1241 * layer than those received by the CAN layer, so we
1248 if (sll->sll_hatype == ARPHRD_CAN &&
1249 handle->direction != PCAP_D_OUT)
1255 if (handle->direction == PCAP_D_IN)
1262 if (handle->direction == PCAP_D_OUT)
1271 * whether the ifindex in the address is -1, meaning "that device is gone",
1277 struct pcap_linux *handlep = handle->priv;
1282 * If handlep->ifindex is -1, the socket isn't bound, meaning
1287 if (handlep->ifindex == -1)
1294 if (getsockname(handle->fd, (struct sockaddr *) &addr, &addr_len) == -1) {
1296 * Error - report an error and return -1.
1298 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
1300 return (-1);
1302 if (addr.sll_ifindex == -1) {
1318 struct pcap_linux *handlep = handle->priv;
1321 if (handlep->ifindex == -1) {
1325 pcapint_strlcpy(handle->errbuf,
1328 return (-1);
1331 if (handlep->cooked) {
1333 * We don't support sending on cooked-mode sockets.
1335 * XXX - how do you send on a bound cooked-mode
1339 pcapint_strlcpy(handle->errbuf,
1342 return (-1);
1345 ret = (int)send(handle->fd, buf, size, 0);
1346 if (ret == -1) {
1347 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
1349 return (-1);
1360 struct pcap_linux *handlep = handle->priv;
1371 * XXX - it's probably OK, in fact, to just use a
1388 if (handle->opt.promisc)
1391 * XXX - is there any reason to do this by remembering
1405 * if the kernel maintains the counts as 64-bit even
1406 * on 32-bit platforms, we can handle the real count.
1408 * Unfortunately, we can't report 64-bit counts; we
1412 * counts are 64-bit, 2) it's easier to add new statistics
1418 if_dropped = handlep->sysfs_dropped;
1419 handlep->sysfs_dropped = linux_if_drops(handlep->device);
1420 handlep->stat.ps_ifdrop += (u_int)(handlep->sysfs_dropped - if_dropped);
1426 if (getsockopt(handle->fd, SOL_PACKET, PACKET_STATISTICS,
1427 &kstats, &len) > -1) {
1432 * ran out of buffer space.
1435 * out of buffer space. It doesn't count packets
1448 * successfully copied to the ring buffer; "tp_drops" is
1450 * not enough free space in the ring buffer.
1456 * there wasn't room on the socket buffer - but not
1469 * getsockopt(handle->fd, SOL_PACKET, PACKET_STATISTICS, ....
1472 handlep->stat.ps_recv += kstats.tp_packets;
1473 handlep->stat.ps_drop += kstats.tp_drops;
1474 *stats = handlep->stat;
1478 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, errno,
1480 return -1;
1509 * recent - that feature was introduced in Linux 4.6.
1511 * AF_UNIX will work *if* you have UNIX-domain sockets configured
1513 * allow them - some SELinux systems don't allow you create them.
1532 * asking "why isn't it showing XXX" - or, worse, if you don't
1534 * capture on them, "why do no interfaces show up?" - when the
1536 * type require a lot more back-and-forth to debug, as evidenced
1543 * pre-4.6 kernels are sufficiently rare, that will probably
1547 * likely to be configured out on a networking-capable system
1555 if (fd != -1) {
1586 if (fd != -1) {
1597 if (fd != -1) {
1604 * XXX - if that fails, is there anything else we should try?
1607 * types popular in non-Internet embedded systems?
1634 if (sock == -1) {
1638 return -1;
1647 * Wi-Fi, hence wireless.
1653 * (We don't use that for Wi-Fi, as it'll report
1654 * "Ethernet", i.e. ARPHRD_ETHER, for non-monitor-
1659 if (asprintf(&pathstr, "/sys/class/net/%s/type", name) == -1) {
1664 return -1;
1681 * XXX - add other types?
1718 * XXX - while Valgrind handles SIOCETHTOOL and knows that
1729 if (ioctl(sock, SIOCETHTOOL, &ifr) == -1) {
1739 * XXX - distinguish between "this doesn't
1768 return -1;
1799 get_if_flags) == -1)
1800 return (-1); /* failure */
1806 return (-1);
1822 handle->direction = d;
1836 if (asprintf(&pathstr, "/sys/class/net/%s/wireless", device) == -1) {
1855 * constant, as arguments, and sets "handle->linktype" to the
1856 * appropriate DLT_XXX constant and sets "handle->offset" to
1857 * the appropriate value (to make "handle->offset" plus link-layer
1858 * header length be a multiple of 4, so that the link-layer payload
1859 * will be aligned on a 4-byte boundary when capturing packets).
1860 * (If the offset isn't set here, it'll be 0; add code as appropriate
1863 * If "cooked_ok" is non-zero, we can use DLT_LINUX_SLL and capture
1867 * Sets the link type to -1 if unable to map the type.
1881 * software, some versions of Android give the mobile-
1882 * phone-network interface an ARPHRD_ value of
1884 * that interface have no link-layer header, and begin
1891 if (strncmp(device, cdma_rmnet, sizeof cdma_rmnet - 1) == 0) {
1892 handle->linktype = DLT_RAW;
1898 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
1903 * DOCSIS frames out on the wire inside the low-level
1906 * XXX - are there any other sorts of "fake Ethernet" that
1918 * This is not a Wi-Fi device but it could be
1930 * appropriate offset here.
1932 handle->offset = 2;
1937 * It's not a Wi-Fi device; offer DOCSIS.
1939 handle->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
1940 if (handle->dlt_list == NULL) {
1941 pcapint_fmt_errmsg_for_errno(handle->errbuf,
1945 handle->dlt_list[0] = DLT_EN10MB;
1946 handle->dlt_list[1] = DLT_DOCSIS;
1947 handle->dlt_count = 2;
1953 handle->linktype = DLT_EN10MB;
1954 handle->offset = 2;
1958 handle->linktype = DLT_EN3MB;
1962 handle->linktype = DLT_AX25_KISS;
1966 handle->linktype = DLT_PRONET;
1970 handle->linktype = DLT_CHAOS;
1976 handle->linktype = DLT_CAN_SOCKETCAN;
1984 handle->linktype = DLT_IEEE802;
1985 handle->offset = 2;
1989 handle->linktype = DLT_ARCNET_LINUX;
1996 handle->linktype = DLT_FDDI;
1997 handle->offset = 3;
2011 * layer protocols, and no header is prepended to packets.
2024 * the frame as LLC-encapsulated or as raw IP (I
2034 * Both of those are a nuisance - and, at least on systems
2041 handle->linktype = DLT_LINUX_SLL;
2043 handle->linktype = -1;
2050 handle->linktype = DLT_IEEE802_11;
2057 handle->linktype = DLT_PRISM_HEADER;
2064 handle->linktype = DLT_IEEE802_11_RADIO;
2069 * Some PPP code in the kernel supplies no link-layer
2071 * code supplies PPP link-layer headers ("syncppp.c");
2072 * some PPP code might supply random link-layer
2073 * headers (PPP over ISDN - there's code in Ethereal,
2074 * for example, to cope with PPP-over-ISDN captures
2077 * oddball link-layer headers particular packets have).
2081 * it as DLT_RAW, for now - if somebody needs to capture,
2083 * link-layer header, they'll have to add code here to
2088 handle->linktype = DLT_LINUX_SLL;
2091 * XXX - handle ISDN types here? We can't fall
2094 * link-layer encapsulation it's using, and map
2097 * supply raw IP packets with no link-layer
2100 * a link-layer header.
2103 * in the link-layer header when capturing on
2106 handle->linktype = DLT_RAW;
2114 handle->linktype = DLT_C_HDLC;
2138 * XXX - should some of those be mapped to DLT_LINUX_SLL
2141 handle->linktype = DLT_RAW;
2148 handle->linktype = DLT_FRELAY;
2152 handle->linktype = DLT_LTALK;
2163 * supports RFC 4338-style IP-over-FC, it should define
2168 * should Linux ever officially support RFC 4338-style
2169 * IP-over-FC.
2171 handle->linktype = DLT_IP_OVER_FC;
2192 * IP-over-FC:
2194 * https://www.mail-archive.com/tcpdump-workers@sandelman.ottawa.on.ca/msg01043.html
2199 * on the ethereal-users list) on how to get that DLT_
2208 * one of the ARPHRD_FCxxx types, in "fcLINUXfcp.c" -
2209 * change it to set "dev->type" to ARPHRD_FCFABRIC, for
2222 * any of the ARPHRD_FC* values for IP-over-FC, and
2224 * ARP hardware" are supposed to mean (link-layer
2233 * IP-over-FC on which somebody wants to capture
2236 handle->linktype = DLT_FC_2;
2237 handle->dlt_list = (u_int *) malloc(sizeof(u_int) * 3);
2238 if (handle->dlt_list == NULL) {
2239 pcapint_fmt_errmsg_for_errno(handle->errbuf,
2243 handle->dlt_list[0] = DLT_FC_2;
2244 handle->dlt_list[1] = DLT_FC_2_WITH_FRAME_DELIMS;
2245 handle->dlt_list[2] = DLT_IP_OVER_FC;
2246 handle->dlt_count = 3;
2254 handle->linktype = DLT_LINUX_IRDA;
2256 * so let's use "Linux-cooked" mode. Jean II
2258 * XXX - this is handled in setup_socket(). */
2259 /* handlep->cooked = 1; */
2269 handle->linktype = DLT_LINUX_LAPD;
2277 * No link-layer header; packets are just IP
2280 handle->linktype = DLT_RAW;
2287 handle->linktype = DLT_IEEE802_15_4_NOFCS;
2294 handle->linktype = DLT_NETLINK;
2300 * XXX - this is handled in setup_socket().
2302 /* handlep->cooked = 1; */
2309 handle->linktype = DLT_VSOCK;
2313 handle->linktype = -1;
2327 struct pcap_linux *handlep = handle->priv;
2328 const char *device = handle->opt.device;
2345 * packets until we "bind" the socket with a non-zero
2353 if (sock_fd == -1) {
2360 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
2361 "Attempt to create packet socket failed - CAP_NET_RAW may be required");
2370 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
2371 "PF_PACKET sockets not supported - is this WSL1?");
2378 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
2386 * "handlep->lo_ifindex" to -1.
2388 * XXX - can there be more than one device that loops
2394 handlep->lo_ifindex = iface_get_id(sock_fd, "lo", handle->errbuf);
2397 * Default value for offset to align link-layer payload
2398 * on a 4-byte boundary.
2400 handle->offset = 0;
2409 handlep->cooked = 0;
2411 if (handle->opt.rfmon) {
2414 * Do so before we get the link-layer type,
2416 * the link-layer type.
2440 if (handlep->mondevice != NULL)
2441 device = handlep->mondevice;
2443 arptype = iface_get_arptype(sock_fd, device, handle->errbuf);
2453 if (handle->linktype == -1 ||
2454 handle->linktype == DLT_LINUX_SLL ||
2455 handle->linktype == DLT_LINUX_IRDA ||
2456 handle->linktype == DLT_LINUX_LAPD ||
2457 handle->linktype == DLT_NETLINK ||
2458 (handle->linktype == DLT_EN10MB &&
2462 * Unknown interface type (-1), or a
2465 * or an ISDN device (whose link-layer
2468 * kernels) - reopen in cooked mode.
2474 if (close(sock_fd) == -1) {
2475 pcapint_fmt_errmsg_for_errno(handle->errbuf,
2489 pcapint_fmt_errmsg_for_errno(handle->errbuf,
2493 handlep->cooked = 1;
2496 * Get rid of any link-layer type list
2497 * we allocated - this only supports cooked
2500 if (handle->dlt_list != NULL) {
2501 free(handle->dlt_list);
2502 handle->dlt_list = NULL;
2503 handle->dlt_count = 0;
2506 if (handle->linktype == -1) {
2513 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
2515 "supported by libpcap - "
2527 if (handle->linktype != DLT_LINUX_IRDA &&
2528 handle->linktype != DLT_LINUX_LAPD &&
2529 handle->linktype != DLT_NETLINK)
2530 handle->linktype = DLT_LINUX_SLL;
2533 handlep->ifindex = iface_get_id(sock_fd, device,
2534 handle->errbuf);
2535 if (handlep->ifindex == -1) {
2540 if ((err = iface_bind(sock_fd, handlep->ifindex,
2541 handle->errbuf, 0)) != 0) {
2549 if (handle->opt.rfmon) {
2561 handlep->cooked = 1;
2562 handle->linktype = DLT_LINUX_SLL;
2563 handle->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
2564 if (handle->dlt_list == NULL) {
2565 pcapint_fmt_errmsg_for_errno(handle->errbuf,
2569 handle->dlt_list[0] = DLT_LINUX_SLL;
2570 handle->dlt_list[1] = DLT_LINUX_SLL2;
2571 handle->dlt_count = 2;
2580 handlep->ifindex = -1;
2587 * promiscuous mode - on some devices (e.g., Orinoco
2592 * other platform I know of does starting a non-
2605 if (!is_any_device && handle->opt.promisc) {
2607 mr.mr_ifindex = handlep->ifindex;
2610 &mr, sizeof(mr)) == -1) {
2611 pcapint_fmt_errmsg_for_errno(handle->errbuf,
2622 * XXX - is enabling auxiliary data necessary, now that we
2623 * only support memory-mapped capture? The kernel's memory-mapped
2629 sizeof(val)) == -1 && errno != ENOPROTOOPT) {
2630 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
2635 handle->offset += VLAN_TAG_LEN;
2642 * XXX - we don't know whether this will be DLT_LINUX_SLL
2647 if (handlep->cooked) {
2648 if (handle->snapshot < SLL2_HDR_LEN + 1)
2649 handle->snapshot = SLL2_HDR_LEN + 1;
2651 handle->bufsize = handle->snapshot;
2654 * Set the offset at which to insert VLAN tags.
2658 if (handle->opt.tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) {
2662 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "setsockopt: unable to set SO_TIMESTAMPNS");
2671 handle->fd = sock_fd;
2676 * (XXX - what if we need the special code but it's not supported
2685 handle->bpf_codegen_flags |= BPF_SPECIAL_VLAN_HANDLING;
2694 * Attempt to setup memory-mapped access.
2700 * sets handle->errbuf to the appropriate message.
2705 struct pcap_linux *handlep = handle->priv;
2709 * Attempt to allocate a buffer to hold the contents of one
2712 handlep->oneshot_buffer = malloc(handle->snapshot);
2713 if (handlep->oneshot_buffer == NULL) {
2714 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
2715 errno, "can't allocate oneshot buffer");
2719 if (handle->opt.buffer_size == 0) {
2720 /* by default request 2M for the ring buffer */
2721 handle->opt.buffer_size = 2*1024*1024;
2724 if (status == -1) {
2725 free(handlep->oneshot_buffer);
2726 handlep->oneshot_buffer = NULL;
2732 * Error attempting to enable memory-mapped capture;
2735 free(handlep->oneshot_buffer);
2736 handlep->oneshot_buffer = NULL;
2744 * handle->offset is used to get the current position into the rx ring.
2745 * handle->cc is used to store the ring size.
2757 * Attempt to set the socket to the specified version of the memory-mapped
2761 * supported; return -1 on any other error, and set handle->errbuf.
2766 struct pcap_linux *handlep = handle->priv;
2777 if (getsockopt(handle->fd, SOL_PACKET, PACKET_HDRLEN, &val, &len) < 0) {
2795 * that memory-mapped capture isn't supported.
2798 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
2799 "Kernel doesn't support memory-mapped capture; a 2.6.27 or later 2.x kernel is required, with CONFIG_PACKET_MMAP specified for 2.x kernels");
2804 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
2808 return -1;
2810 handlep->tp_hdrlen = val;
2813 if (setsockopt(handle->fd, SOL_PACKET, PACKET_VERSION, &val,
2815 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
2817 return -1;
2819 handlep->tp_version = version;
2825 * Attempt to set the socket to version 3 of the memory-mapped header and,
2829 * Return 0 if we succeed and -1 on any other error, and set handle->errbuf.
2848 if (!handle->opt.immediate) {
2856 if (ret == -1) {
2861 return -1;
2884 * OK, the kernel supports memory-mapped capture, but
2887 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
2894 return -1;
2900 * Attempt to set up memory-mapped access.
2906 * sets handle->errbuf to the appropriate message.
2911 struct pcap_linux *handlep = handle->priv;
2945 * XXX - we assume that the kernel is still adding
2948 * (Are they doing that for DLT_LINUX_SLL, the link-
2949 * layer header for which is 16 bytes?)
2951 * XXX - should we use TPACKET_ALIGN(SLL2_HDR_LEN - 16)?
2953 if (handlep->cooked)
2954 tp_reserve += SLL2_HDR_LEN - 16;
2958 * This must be done before creating the ring buffer.
2961 if (setsockopt(handle->fd, SOL_PACKET, PACKET_RESERVE,
2963 pcapint_fmt_errmsg_for_errno(handle->errbuf,
2969 switch (handlep->tp_version) {
2974 * TShark, dumpcap or 64K, the value that "-s 0" has given for
2985 * maximum radiotap header length is device-dependent.
2988 * there's no metadata header, and the link-layer header is
3003 frame_size = handle->snapshot;
3004 if (handle->linktype == DLT_EN10MB) {
3009 mtu = iface_get_mtu(handle->fd, handle->opt.device,
3010 handle->errbuf);
3011 if (mtu == -1)
3014 if (offload == -1)
3027 * in linux-2.6/net/packet/af_packet.c
3030 if (getsockopt(handle->fd, SOL_SOCKET, SO_TYPE, &sk_type,
3032 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3039 * in: packet_snd() in linux-2.6/net/packet/af_packet.c
3040 * then packet_alloc_skb() in linux-2.6/net/packet/af_packet.c
3041 * then sock_alloc_send_pskb() in linux-2.6/net/core/sock.c
3045 * the kernel part of linux-2.6/include/linux/netdevice.h
3046 * which goes up to 128+48=176; since pcap-linux.c
3051 tp_hdrlen = TPACKET_ALIGN(handlep->tp_hdrlen) + sizeof(struct sockaddr_ll) ;
3055 * linux-2.6/Documentation/networking/packet_mmap.txt
3057 * "- Gap, chosen so that packet data (Start+tp_net)
3060 /* NOTE: in linux-2.6/include/linux/skbuff.h:
3064 macoff = netoff - maclen;
3067 * Round the buffer size up to a multiple of the
3069 * would give a buffer smaller than our caller asked
3071 * buffer size is too small for one frame).
3073 req.tp_frame_nr = (handle->opt.buffer_size + req.tp_frame_size - 1)/req.tp_frame_size;
3079 * contain multiple variable-sized frames.
3082 * enough room for at least one reasonably-sized packet
3086 * Round the buffer size up to a multiple of the
3088 * would give a buffer smaller than our caller asked
3090 * buffer size is too small for one "frame").
3092 req.tp_frame_nr = (handle->opt.buffer_size + req.tp_frame_size - 1)/req.tp_frame_size;
3096 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3098 handlep->tp_version);
3104 * The max block size allowed by the kernel is arch-dependent and
3133 if (handle->opt.tstamp_type == PCAP_TSTAMP_ADAPTER ||
3134 handle->opt.tstamp_type == PCAP_TSTAMP_ADAPTER_UNSYNCED) {
3148 pcapint_strlcpy(ifr.ifr_name, handle->opt.device, sizeof(ifr.ifr_name));
3154 if (ioctl(handle->fd, SIOCSHWTSTAMP, &ifr) < 0) {
3161 * with the appropriate privileges -
3165 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3166 "Attempt to set hardware timestamp failed - CAP_NET_ADMIN may be required");
3189 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3200 if (handle->opt.tstamp_type == PCAP_TSTAMP_ADAPTER) {
3208 * PCAP_TSTAMP_ADAPTER_UNSYNCED - hardware
3214 if (setsockopt(handle->fd, SOL_PACKET, PACKET_TIMESTAMP,
3216 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3233 /* timeout value to retire block - use the configured buffering timeout, or default if <0. */
3234 if (handlep->timeout > 0) {
3236 req.tp_retire_blk_tov = handlep->timeout;
3237 } else if (handlep->timeout == 0) {
3249 * XXX - this is not valid; use 0, meaning "have the
3256 /* Rx ring - feature request bits - none (rxhash will not be filled) */
3260 if (setsockopt(handle->fd, SOL_PACKET, PACKET_RX_RING,
3267 * We used to reduce this by half -- do 5% instead.
3270 * the resulting buffer size.
3273 req.tp_frame_nr -= 1;
3275 req.tp_frame_nr -= req.tp_frame_nr/20;
3278 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
3284 handlep->mmapbuflen = req.tp_block_nr * req.tp_block_size;
3285 handlep->mmapbuf = mmap(0, handlep->mmapbuflen,
3286 PROT_READ|PROT_WRITE, MAP_SHARED, handle->fd, 0);
3287 if (handlep->mmapbuf == MAP_FAILED) {
3288 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
3297 handle->cc = req.tp_frame_nr;
3298 handle->buffer = malloc(handle->cc * sizeof(union thdr *));
3299 if (!handle->buffer) {
3300 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
3308 handle->offset = 0;
3310 u_char *base = &handlep->mmapbuf[i*req.tp_block_size];
3311 for (j=0; j<frames_per_block; ++j, ++handle->offset) {
3317 handle->bufsize = req.tp_frame_size;
3318 handle->offset = 0;
3326 struct pcap_linux *handlep = handle->priv;
3336 (void)setsockopt(handle->fd, SOL_PACKET, PACKET_RX_RING,
3340 if (handlep->mmapbuf) {
3342 (void)munmap(handlep->mmapbuf, handlep->mmapbuflen);
3343 handlep->mmapbuf = NULL;
3348 * Special one-shot callback, used for pcap_next() and pcap_next_ex(),
3359 * Yes, this means that, if the capture is using the ring buffer, using
3369 pcap_t *handle = sp->pd;
3370 struct pcap_linux *handlep = handle->priv;
3372 *sp->hdr = *h;
3373 memcpy(handlep->oneshot_buffer, bytes, h->caplen);
3374 *sp->pkt = handlep->oneshot_buffer;
3380 struct pcap_linux *handlep = handle->priv;
3383 return (handlep->timeout<0);
3389 struct pcap_linux *handlep = handle->priv;
3395 if (pcapint_setnonblock_fd(handle, nonblock) == -1)
3396 return -1;
3404 * We're setting the mode to non-blocking mode.
3406 if (handlep->timeout >= 0) {
3409 * non-blocking mode.
3411 handlep->timeout = ~handlep->timeout;
3413 if (handlep->poll_breakloop_fd != -1) {
3415 close(handlep->poll_breakloop_fd);
3416 handlep->poll_breakloop_fd = -1;
3422 if (handlep->poll_breakloop_fd == -1) {
3424 if ( ( handlep->poll_breakloop_fd = eventfd(0, EFD_NONBLOCK) ) == -1 ) {
3425 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3428 return -1;
3431 if (handlep->timeout < 0) {
3432 handlep->timeout = ~handlep->timeout;
3441 * Get the status field of the ring buffer frame at a specified offset.
3444 pcap_get_ring_frame_status(pcap_t *handle, int offset)
3446 struct pcap_linux *handlep = handle->priv;
3449 h.raw = RING_GET_FRAME_AT(handle, offset);
3450 switch (handlep->tp_version) {
3452 return __atomic_load_n(&h.h2->tp_status, __ATOMIC_ACQUIRE);
3456 return __atomic_load_n(&h.h3->hdr.bh1.block_status, __ATOMIC_ACQUIRE);
3469 struct pcap_linux *handlep = handle->priv;
3475 pollinfo[0].fd = handle->fd;
3477 if ( handlep->poll_breakloop_fd == -1 ) {
3488 pollinfo[1].fd = handlep->poll_breakloop_fd;
3498 * In non-blocking mode, we must still do one poll() to catch
3513 * to -1, and the second indication won't cause a wakeup (because
3516 * interface index to -1;
3520 * set to -1 after the wakeup, so there's a small but non-zero
3523 * gets set to -1, so it'll get the old interface index.
3534 * Yes, we do this even in non-blocking mode, as it's
3538 * The timeout is 0 in non-blocking mode, so poll()
3541 timeout = handlep->poll_timeout;
3547 * gone away or not, do a poll() with a 1-millisecond timeout,
3552 if (handlep->netdown) {
3562 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3572 if (handle->break_loop) {
3573 handle->break_loop = 0;
3598 snprintf(handle->errbuf,
3604 snprintf(handle->errbuf,
3617 if (getsockopt(handle->fd, SOL_SOCKET,
3618 SO_ERROR, &err, &errlen) == -1) {
3651 handlep->netdown = 1;
3652 handle->required_select_timeout = &netdown_timeout;
3659 snprintf(handle->errbuf,
3664 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3683 nread = read(handlep->poll_breakloop_fd, &value,
3685 if (nread == -1) {
3686 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3696 * 2^31-1 bytes, so the return value is
3697 * either -1 or a value between 0
3698 * and 2^31-1, so it's non-negative.
3703 * humans reading the code. :-)
3711 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3722 if (handle->break_loop) {
3723 handle->break_loop = 0;
3752 if (handlep->netdown) {
3758 * XXX - we should really return an
3764 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3773 pcapint_strlcpy(ifr.ifr_name, handlep->device,
3775 if (ioctl(handle->fd, SIOCGIFFLAGS, &ifr) == -1) {
3780 * XXX - see above comment.
3782 snprintf(handle->errbuf,
3787 pcapint_fmt_errmsg_for_errno(handle->errbuf,
3790 handlep->device);
3797 * Cancel the ENETDOWN indication - we
3800 * away - and revert to "no required select
3803 handlep->netdown = 0;
3804 handle->required_select_timeout = NULL;
3809 * If we're in non-blocking mode, just quit now, rather
3813 if (handlep->poll_timeout == 0)
3834 struct pcap_linux *handlep = handle->priv;
3841 /* perform sanity check on internal offset. */
3842 if (tp_mac + tp_snaplen > handle->bufsize) {
3846 if (uname(&utsname) != -1) {
3847 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3849 "offset %u + caplen %u > frame len %d "
3851 tp_mac, tp_snaplen, handle->bufsize,
3855 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3857 "offset %u + caplen %u > frame len %d",
3858 tp_mac, tp_snaplen, handle->bufsize);
3860 return -1;
3875 sll = (void *)(frame + TPACKET_ALIGN(handlep->tp_hdrlen));
3876 if (handlep->cooked) {
3877 if (handle->linktype == DLT_LINUX_SLL2) {
3887 bp -= SLL2_HDR_LEN;
3897 TPACKET_ALIGN(handlep->tp_hdrlen) +
3899 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3900 "cooked-mode frame doesn't have room for sll header");
3901 return -1;
3908 hdrp->sll2_protocol = sll->sll_protocol;
3909 hdrp->sll2_reserved_mbz = 0;
3910 hdrp->sll2_if_index = htonl(sll->sll_ifindex);
3911 hdrp->sll2_hatype = htons(sll->sll_hatype);
3912 hdrp->sll2_pkttype = sll->sll_pkttype;
3913 hdrp->sll2_halen = sll->sll_halen;
3914 memcpy(hdrp->sll2_addr, sll->sll_addr, SLL_ADDRLEN);
3927 bp -= SLL_HDR_LEN;
3937 TPACKET_ALIGN(handlep->tp_hdrlen) +
3939 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
3940 "cooked-mode frame doesn't have room for sll header");
3941 return -1;
3948 hdrp->sll_pkttype = htons(sll->sll_pkttype);
3949 hdrp->sll_hatype = htons(sll->sll_hatype);
3950 hdrp->sll_halen = htons(sll->sll_halen);
3951 memcpy(hdrp->sll_addr, sll->sll_addr, SLL_ADDRLEN);
3952 hdrp->sll_protocol = sll->sll_protocol;
3959 * sll->sll_hatype is ARPHRD_CAN, then, as we're
3960 * not capturing in cooked mode, its link-layer
3965 if (sll->sll_hatype == ARPHRD_CAN) {
3967 uint16_t protocol = ntohs(sll->sll_protocol);
4003 canhdr->payload_length &= ~CANXL_XLF;
4004 canhdr->fd_flags = 0;
4005 canhdr->reserved1 = 0;
4006 canhdr->reserved2 = 0;
4016 canhdr->payload_length &= ~CANXL_XLF;
4017 canhdr->fd_flags |= CANFD_FDF;
4036 canhdr->fd_flags &= (CANFD_FDF|CANFD_ESI|CANFD_BRS);
4037 canhdr->reserved1 = 0;
4038 canhdr->reserved2 = 0;
4050 canhdr->payload_length |= CANXL_XLF;
4055 * Put multi-byte header fields in a byte-order
4056 *-independent format.
4058 if (canhdr->payload_length & CANXL_XLF) {
4063 * the Priority ID/VCID field in big--
4065 * and Acceptance Field in little-endian byte
4072 * into big-endian byte order is that
4075 * field and put it into big-endian
4079 * being big-endian.
4081 * The other fields are put in little-
4087 * to be little-endian processors.
4093 * We're capturing on a little-endian
4095 * field into big-endian byte order, and
4097 * field in little-endian byte order.
4099 /* Byte-swap priority/VCID. */
4100 canxl_hdr->priority_vcid = SWAPLONG(canxl_hdr->priority_vcid);
4103 * We're capturing on a big-endian
4105 * priority/VCID field alone, and byte-swap
4107 * fields to little-endian.
4109 /* Byte-swap the payload length */
4110 canxl_hdr->payload_length = SWAPSHORT(canxl_hdr->payload_length);
4113 * Byte-swap the acceptance field.
4115 * XXX - is it just a 4-octet string,
4118 canxl_hdr->acceptance_field = SWAPLONG(canxl_hdr->acceptance_field);
4132 canhdr->can_id = htonl(canhdr->can_id);
4137 if (handlep->filter_in_userland && handle->fcode.bf_insns) {
4143 if (pcapint_filter_with_aux_data(handle->fcode.bf_insns,
4161 if (handlep->cooked) {
4163 if (handle->linktype == DLT_LINUX_SLL2) {
4173 handlep->vlan_offset != -1 &&
4174 tp_snaplen >= (unsigned int) handlep->vlan_offset)
4183 bp -= VLAN_TAG_LEN;
4184 memmove(bp, bp + VLAN_TAG_LEN, handlep->vlan_offset);
4189 tag = (struct vlan_tag *)(bp + handlep->vlan_offset);
4190 tag->vlan_tpid = htons(tp_vlan_tpid);
4191 tag->vlan_tci = htons(tp_vlan_tci);
4209 * XXX - an alternative is to put a filter, consisting
4213 * that means that less buffer space is consumed in
4214 * the memory-mapped buffer.
4216 if (pcaphdr.caplen > (bpf_u_int32)handle->snapshot)
4217 pcaphdr.caplen = handle->snapshot;
4229 struct pcap_linux *handlep = handle->priv;
4253 * return a too-low count.
4264 * Get the current ring buffer frame, and break if
4276 h.h2->tp_len,
4277 h.h2->tp_mac,
4278 h.h2->tp_snaplen,
4279 h.h2->tp_sec,
4280 handle->opt.tstamp_precision == PCAP_TSTAMP_PRECISION_NANO ? h.h2->tp_nsec : h.h2->tp_nsec / 1000,
4282 h.h2->tp_vlan_tci,
4297 if (handlep->blocks_to_filter_in_userland > 0) {
4298 handlep->blocks_to_filter_in_userland--;
4299 if (handlep->blocks_to_filter_in_userland == 0) {
4304 handlep->filter_in_userland = 0;
4309 if (++handle->offset >= handle->cc)
4310 handle->offset = 0;
4313 if (handle->break_loop) {
4314 handle->break_loop = 0;
4326 struct pcap_linux *handlep = handle->priv;
4332 if (handlep->current_packet == NULL) {
4348 if (pkts == 0 && handlep->timeout == 0) {
4361 * return a too-low count.
4373 if (handlep->current_packet == NULL) {
4378 handlep->current_packet = h.raw + h.h3->hdr.bh1.offset_to_first_pkt;
4379 handlep->packets_left = h.h3->hdr.bh1.num_pkts;
4381 packets_to_read = handlep->packets_left;
4383 if (packets_to_read > (max_packets - pkts)) {
4385 * There are more packets in the buffer than
4391 packets_to_read = max_packets - pkts;
4394 while (packets_to_read-- && !handle->break_loop) {
4395 struct tpacket3_hdr* tp3_hdr = (struct tpacket3_hdr*) handlep->current_packet;
4400 handlep->current_packet,
4401 tp3_hdr->tp_len,
4402 tp3_hdr->tp_mac,
4403 tp3_hdr->tp_snaplen,
4404 tp3_hdr->tp_sec,
4405 handle->opt.tstamp_precision == PCAP_TSTAMP_PRECISION_NANO ? tp3_hdr->tp_nsec : tp3_hdr->tp_nsec / 1000,
4406 VLAN_VALID(tp3_hdr, &tp3_hdr->hv1),
4407 tp3_hdr->hv1.tp_vlan_tci,
4408 VLAN_TPID(tp3_hdr, &tp3_hdr->hv1));
4412 handlep->current_packet = NULL;
4415 handlep->current_packet += tp3_hdr->tp_next_offset;
4416 handlep->packets_left--;
4419 if (handlep->packets_left <= 0) {
4428 if (handlep->blocks_to_filter_in_userland > 0) {
4429 handlep->blocks_to_filter_in_userland--;
4430 if (handlep->blocks_to_filter_in_userland == 0) {
4435 handlep->filter_in_userland = 0;
4440 if (++handle->offset >= handle->cc)
4441 handle->offset = 0;
4443 handlep->current_packet = NULL;
4447 if (handle->break_loop) {
4448 handle->break_loop = 0;
4452 if (pkts == 0 && handlep->timeout == 0) {
4470 int n, offset;
4473 return -1;
4475 pcapint_strlcpy(handle->errbuf, "setfilter: No filter specified",
4477 return -1;
4480 handlep = handle->priv;
4486 return -1;
4492 handlep->filter_in_userland = 1;
4497 if (handle->fcode.bf_len > USHRT_MAX) {
4500 * I have yet to see BPF-Code with that much
4517 * instructions with non-zero operands have MAXIMUM_SNAPLEN
4518 * as the operand if we're not capturing in memory-mapped
4519 * mode, and so that, if we're in cooked mode, all memory-
4521 * references to the link-layer header and assume that the
4522 * link-layer payload begins at 0; "fix_program()" will do
4527 case -1:
4532 * return -1 for that reason.)
4534 return -1;
4581 * Installation succeeded - using kernel filter,
4584 handlep->filter_in_userland = 0;
4586 else if (err == -1) /* Non-fatal error */
4620 if (handlep->filter_in_userland) {
4621 if (reset_kernel_filter(handle) == -1) {
4622 pcapint_fmt_errmsg_for_errno(handle->errbuf,
4625 err = -2; /* fatal error */
4635 if (err == -2)
4637 return -1;
4643 if (handlep->filter_in_userland)
4655 offset = handle->offset;
4656 if (--offset < 0)
4657 offset = handle->cc - 1;
4658 for (n=0; n < handle->cc; ++n) {
4659 if (--offset < 0)
4660 offset = handle->cc - 1;
4661 if (pcap_get_ring_frame_status(handle, offset) != TP_STATUS_KERNEL)
4672 * XXX - could there be more than one block added in
4675 * XXX - is there a way to avoid that race, e.g. somehow
4680 n--;
4688 * not to be zero - n, above, couldn't be set to a
4689 * value > handle->cc, and if it were equal to
4690 * handle->cc, it wouldn't be zero, and thus would
4691 * be decremented to handle->cc - 1.)
4693 handlep->blocks_to_filter_in_userland = handle->cc - n;
4694 handlep->filter_in_userland = 1;
4701 * -1 on failure.
4711 if (ioctl(fd, SIOCGIFINDEX, &ifr) == -1) {
4714 return -1;
4736 if (bind(fd, (struct sockaddr *) &sll, sizeof(sll)) == -1) {
4764 if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &errlen) == -1) {
4790 * If we have libnl, try to create a new monitor-mode device and
4797 struct pcap_linux *handlep = handle->priv;
4814 * XXX - is this already a monN device?
4842 * Hard failure. Just return ret; handle->errbuf
4850 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
4876 handlep->mondevice);
4885 pcapint_strlcpy(ifr.ifr_name, handlep->mondevice, sizeof(ifr.ifr_name));
4886 if (ioctl(sock_fd, SIOCGIFFLAGS, &ifr) == -1) {
4887 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
4889 handlep->mondevice);
4891 handlep->mondevice);
4896 if (ioctl(sock_fd, SIOCSIFFLAGS, &ifr) == -1) {
4897 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
4899 handlep->mondevice);
4901 handlep->mondevice);
4915 handlep->must_do_on_close |= MUST_DELETE_MONIF;
4957 handle->tstamp_type_list = malloc(NUM_SOF_TIMESTAMPING_TYPES * sizeof(u_int));
4958 if (handle->tstamp_type_list == NULL) {
4961 return -1;
4964 handle->tstamp_type_list[i] = sof_ts_type_map[i].pcap_tstamp_val;
4965 handle->tstamp_type_count = NUM_SOF_TIMESTAMPING_TYPES;
4990 handle->tstamp_type_list = NULL;
5001 return -1;
5009 if (ioctl(fd, SIOCETHTOOL, &ifr) == -1) {
5022 if (iface_set_all_ts_types(handle, ebuf) == -1)
5023 return -1;
5033 handle->tstamp_type_list = NULL;
5044 return -1;
5056 * XXX - some devices either don't report
5060 * http://marc.info/?l=linux-netdev&m=146318183529571&w=2
5064 handle->tstamp_type_list = NULL;
5074 handle->tstamp_type_list = malloc(num_ts_types * sizeof(u_int));
5075 if (handle->tstamp_type_list == NULL) {
5078 return -1;
5082 handle->tstamp_type_list[j] = sof_ts_type_map[i].pcap_tstamp_val;
5086 handle->tstamp_type_count = num_ts_types;
5088 handle->tstamp_type_list = NULL;
5104 handle->tstamp_type_list = NULL;
5112 if (iface_set_all_ts_types(handle, ebuf) == -1)
5113 return -1;
5157 pcapint_strlcpy(ifr.ifr_name, handle->opt.device, sizeof(ifr.ifr_name));
5161 if (ioctl(handle->fd, SIOCETHTOOL, &ifr) == -1) {
5172 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
5174 handle->opt.device, cmdname);
5175 return -1;
5181 * XXX - it's annoying that we have to check for offloading at all, but,
5184 * offloading may be added - and, worse, may not be checkable with
5187 * opaque (defined in a non-uapi header), and there doesn't seem to
5189 * are - at best, you can ask for a set of strings(!) to get *names*
5202 if (ret == -1)
5203 return -1;
5210 * XXX - will this cause large unsegmented packets to be
5215 if (ret == -1)
5216 return -1;
5223 if (ret == -1)
5224 return -1;
5231 * XXX - will this cause large reassembled packets to be
5236 if (ret == -1)
5237 return -1;
5250 if (ret == -1)
5251 return -1;
5263 * XXX - do we need to get this information if we don't
5281 { "brcm-prepend", DLT_DSA_TAG_BRCM_PREPEND },
5296 * overflow the error message buffer.
5304 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
5317 r = read(fd, buf, sizeof(buf) - 1);
5319 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
5327 * Buffer should be LF terminated.
5329 if (buf[r - 1] == '\n')
5330 r--;
5336 handle->linktype = dsa_protos[i].linktype;
5346 snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
5366 if (ioctl(fd, SIOCGIFMTU, &ifr) == -1) {
5369 return -1;
5387 if (ioctl(fd, SIOCGIFHWADDR, &ifr) == -1) {
5411 struct pcap_linux *handlep = handle->priv;
5422 prog_size = sizeof(*handle->fcode.bf_insns) * handle->fcode.bf_len;
5423 len = handle->fcode.bf_len;
5426 pcapint_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE,
5428 return -1;
5430 memcpy(f, handle->fcode.bf_insns, prog_size);
5431 fcode->len = len;
5432 fcode->filter = (struct sock_filter *) f;
5439 switch (BPF_CLASS(p->code)) {
5447 switch (BPF_MODE(p->code)) {
5455 if (handlep->cooked) {
5483 * Note that SKF_AD_OFF is negative, but p->k is unsigned, so
5486 if (p->k >= (bpf_u_int32)SKF_AD_OFF)
5488 if (handle->linktype == DLT_LINUX_SLL2) {
5490 * What's the offset?
5492 if (p->k >= SLL2_HDR_LEN) {
5494 * It's within the link-layer payload; that starts
5495 * at an offset of 0, as far as the kernel packet
5497 * the link-layer header.
5499 p->k -= SLL2_HDR_LEN;
5500 } else if (p->k == 0) {
5503 * special magic kernel offset for that field.
5505 p->k = SKF_AD_OFF + SKF_AD_PROTOCOL;
5506 } else if (p->k == 4) {
5509 * special magic kernel offset for that field.
5511 p->k = SKF_AD_OFF + SKF_AD_IFINDEX;
5512 } else if (p->k == 10) {
5515 * special magic kernel offset for that field.
5517 p->k = SKF_AD_OFF + SKF_AD_PKTTYPE;
5518 } else if ((bpf_int32)(p->k) > 0) {
5524 return -1;
5528 * What's the offset?
5530 if (p->k >= SLL_HDR_LEN) {
5532 * It's within the link-layer payload; that starts
5533 * at an offset of 0, as far as the kernel packet
5535 * the link-layer header.
5537 p->k -= SLL_HDR_LEN;
5538 } else if (p->k == 0) {
5541 * special magic kernel offset for that field.
5543 p->k = SKF_AD_OFF + SKF_AD_PKTTYPE;
5544 } else if (p->k == 14) {
5547 * special magic kernel offset for that field.
5549 p->k = SKF_AD_OFF + SKF_AD_PROTOCOL;
5550 } else if ((bpf_int32)(p->k) > 0) {
5556 return -1;
5586 * To flush those packets, we put the socket in read-only mode,
5590 * In order to keep that from being an infinite loop - i.e.,
5592 * the queue - we put the "total filter", which is a filter
5601 if (setsockopt(handle->fd, SOL_SOCKET, SO_ATTACH_FILTER,
5612 * non-blocking mode; we drain it by reading packets
5616 save_mode = fcntl(handle->fd, F_GETFL, 0);
5617 if (save_mode == -1) {
5618 pcapint_fmt_errmsg_for_errno(handle->errbuf,
5621 return -2;
5623 if (fcntl(handle->fd, F_SETFL, save_mode | O_NONBLOCK) < 0) {
5624 pcapint_fmt_errmsg_for_errno(handle->errbuf,
5627 return -2;
5629 while (recv(handle->fd, &drain, sizeof drain, MSG_TRUNC) >= 0)
5639 (void)fcntl(handle->fd, F_SETFL, save_mode);
5641 pcapint_fmt_errmsg_for_errno(handle->errbuf,
5644 return -2;
5646 if (fcntl(handle->fd, F_SETFL, save_mode) == -1) {
5647 pcapint_fmt_errmsg_for_errno(handle->errbuf,
5650 return -2;
5657 ret = setsockopt(handle->fd, SOL_SOCKET, SO_ATTACH_FILTER,
5659 if (ret == -1 && total_filter_on) {
5677 if (reset_kernel_filter(handle) == -1) {
5678 pcapint_fmt_errmsg_for_errno(handle->errbuf,
5681 return -2; /* fatal error */
5701 ret = setsockopt(handle->fd, SOL_SOCKET, SO_DETACH_FILTER,
5704 * Ignore ENOENT - it means "we don't have a filter", so there
5710 if (ret == -1 && errno != ENOENT && errno != ENONET)
5711 return -1;
5720 p->opt.protocol = protocol;