Lines Matching +full:magic +full:- +full:packet
21 * savefile.c - supports offline use of tcpdump
25 * Used to save the received packet headers, after filtering, to
33 #include <pcap-types.h>
46 #include "pcap-int.h"
49 #include "os-proto.h"
52 #include "sf-pcap.h"
53 #include "sf-pcapng.h"
54 #include "pcap-common.h"
67 * a HANDLE (which is OS-defined, not CRT-defined, and is part of the Win32
91 * it's in non-blocking mode.
101 * requests to put it in non-blocking mode. (If it's a
102 * pipe, it could be put in non-blocking mode, but that
107 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
108 "Savefiles cannot be put into non-blocking mode");
109 return (-1);
125 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
127 return (-1);
134 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
142 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
144 return (-1);
150 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
152 return (-1);
158 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
160 return (-1);
166 (void)snprintf(pcap->errbuf, sizeof(pcap->errbuf),
175 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
184 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
192 pcapint_strlcpy(p->errbuf, "Sending packets isn't supported on savefiles",
200 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
202 return (-1);
208 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
209 "Live packet dumping cannot be performed when reading from a file");
210 return (-1);
216 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
217 "Live packet dumping cannot be performed on a pcap_open_dead pcap_t");
218 return (-1);
231 pcapint_strlcpy(p->errbuf, "Sending packets isn't supported on savefiles",
233 return (-1);
243 snprintf(p->errbuf, sizeof(p->errbuf),
245 return (-1);
251 if (p->rfile != stdin)
252 (void)fclose(p->rfile);
253 if (p->buffer != NULL)
254 free(p->buffer);
255 pcap_freecode(&p->fcode);
262 * If we're in UTF-8 mode, map the pathname from UTF-8 to UTF-16LE and
281 * Map from UTF-8 to UTF-16LE.
294 * XXX - what about Windows errors?
300 * Now convert the mode to UTF-16LE as well.
322 * OK, we have UTF-16LE strings; hand them to
328 * Make sure freeing the UTF-16LE string doesn't
358 if (fname[0] == '-' && fname[1] == '\0')
377 * in "local code page" or "UTF-8" mode, and treats the
382 * support it, even though it does nothing. For MS-DOS,
443 * Given a link-layer header type and snapshot length, return a
447 * XXX - the only reason why we limit it to <= INT_MAX is so that
448 * it fits in p->snapshot, and the only reason that p->snapshot is
457 * link-layer type as a fallback.
459 * XXX - we don't clamp snapshot lengths that are
484 uint8_t magic[4];
506 * Windows Sniffer, and Microsoft Network Monitor) all have magic
509 amt_read = fread(&magic, 1, sizeof(magic), fp);
510 if (amt_read != sizeof(magic)) {
517 sizeof(magic), amt_read);
526 p = (*check_headers[i])(magic, fp, precision, errbuf, &err);
546 p->rfile = fp;
549 p->fddipad = 0;
559 p->selectable_fd = fileno(fp);
562 p->can_set_rfmon_op = sf_cant_set_rfmon;
563 p->read_op = pcapint_offline_read;
564 p->inject_op = sf_inject;
565 p->setfilter_op = pcapint_install_bpf_program;
566 p->setdirection_op = sf_setdirection;
567 p->set_datalink_op = NULL; /* we don't support munging link-layer headers */
568 p->getnonblock_op = sf_getnonblock;
569 p->setnonblock_op = sf_setnonblock;
570 p->stats_op = sf_stats;
572 p->stats_ex_op = sf_stats_ex;
573 p->setbuff_op = sf_setbuff;
574 p->setmode_op = sf_setmode;
575 p->setmintocopy_op = sf_setmintocopy;
576 p->getevent_op = sf_getevent;
577 p->oid_get_request_op = sf_oid_get_request;
578 p->oid_set_request_op = sf_oid_set_request;
579 p->sendqueue_transmit_op = sf_sendqueue_transmit;
580 p->setuserbuffer_op = sf_setuserbuffer;
581 p->live_dump_op = sf_live_dump;
582 p->live_dump_ended_op = sf_live_dump_ended;
583 p->get_airpcap_handle_op = sf_get_airpcap_handle;
587 * For offline captures, the standard one-shot callback can
590 p->oneshot_callback = pcapint_oneshot;
595 p->breakloop_op = pcapint_breakloop_common;
600 p->bpf_codegen_flags = 0;
602 p->activated = 1;
623 * packet.
635 * which would overflow the packet count, causing it either
639 * return a too-low count.
641 * Therefore, if the packet count is unlimited, we clip
654 * If so, return immediately - if we haven't read any
655 * packets, clear the flag and return -2 to indicate
661 if (p->break_loop) {
663 p->break_loop = 0;
664 return (-2);
669 status = p->next_packet_op(p, &h, &data);
684 * OK, we've read a packet; run it through the filter
687 if ((fcode = p->fcode.bf_insns) == NULL ||
690 n++; /* count the packet */