Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jul 10, 2014
  1. @guyharris

    Check for MON_IOCH_MFLUSH failing.

    guyharris committed
    It shouldn't fail, but, just in case it does, report the error.
    Failure to check the return value was noticed by Coverity.
Commits on Jul 6, 2014
  1. @guyharris

    Don't build the USB probing code if we don't have <linux/usbdevice_fs…

    guyharris committed
    That code requires a structure from that header, so, if the header is
    missing, don't build it and don't call it.
Commits on Jan 3, 2014
  1. @infrastation

    remove libpcap's own CVS keywords

    infrastation committed
    This change removes CVS keywords that express that the file belongs to
    libpcap repository. All such keywords represented the revision and
    timestamp by the end of 2008 or even older.
Commits on Dec 15, 2013
  1. @guyharris

    Add a PACKET_COUNT_IS_UNLIMITED() to test for a packet count <= 0.

    guyharris committed
    In read routines, a packet count <= 0 means "keep supplying packets
    until you run out of packets in the buffer", and it means "keep supply
    packets until the loop is broken out of or you get an error" in
    Use the macro in all tests for that, so the right test is always done
    (i.e., a count of 0 means "unlimited", not "supply zero packets"); this
    fixes some cases where we weren't doing the right test (and hopefully
    encourages programmers to use it and get the test right in new modules).
Commits on Aug 7, 2013
  1. @guyharris

    Rename the "private" member of a pcap_t to avoid C++ issues.

    guyharris committed
    "private" is a C++ keyword; rename the "private" member of a pcap_t to
    "priv" to avoid that, as per Gisle Vanem's suggestion.
Commits on May 6, 2013
  1. @guyharris

    Move platform-dependent pcap_t data out of the pcap_t structure.

    guyharris committed
    Put the private data right after the pcap_t structure, with a pointer to
    it in the pcap_t.
    The initial goal is to allow new pcap modules to be added without having
    to hack pcap-int.h.
    In the longer term, we may want to freeze the pcap_t structure, except
    possibly for adding new method pointers at the end, and provide an ABI
    for adding modules.
    We also put the stuff used by the read path at the beginning of the
    pcap_t structure, to try to keep it on the same set of cache lines.
Commits on Jun 11, 2012
  1. @guyharris

    And un-constify some others.

    guyharris committed
  2. @guyharris

    Constify some variables.

    guyharris committed
  3. @guyharris

    Have non-interface modules take responsibility for identifying their …

    guyharris committed
    Have a table of routines to do pcap_create() for devices that aren't
    regular network interfaces.  Try each of those in succession until one
    says "it's mine" (whether it succeeds or fails); if none do, do a
    pcap_create() for a regular interface.
    Have those routines do more stringent tests of the name - don't just
    accept any name that has a particular substring anywhere in it.  That
    reduces the likelihood of a false match (as happened with the CANbus
    module when somebody renamed their Ethernet interface "canopy").
    Have the table also include routines for pcap_findalldevs().
Commits on Nov 25, 2010
  1. @guyharris

    Check whether we have <linux/compiler.h>.

    guyharris committed
    Not all distributions have it in /usr/include; I guess the ones that
    don't have it have versions of other kernel headers that don't require
  2. @guyharris

    Include <linux/compiler.h> before including <linux/usbdevice_fs.h>.

    guyharris committed
    Some versions of the Linux kernel require that.
Commits on Jun 4, 2010
  1. @guyharris

    Do filtering on USB and Bluetooth capturing.

    guyharris committed
    Do the standard userland filtering on USB and Bluetooth captures, rather
    than returning "success" when the filter is installed without doing
    anything with the filter.
    Also, squelch some "dereferencing type-punned pointer will break
    strict-aliasing rules" warnings in pcap-bt-linux.c, by using memcpy
    rather than pointer-casting.
Commits on Nov 3, 2009
  1. @guyharris

    From Márton Németh:

    guyharris committed
    	The usbmon text interface was moved from
    	/sys/kernel/debug/usbmon to /sys/kernel/debug/usb/usbmon as of
 ;a=commitdiff;h=f49ce96f11112a84c16ac217490ebd6f8d9a8977 .
    	Please add this new directory also into the search list when
    	finding USB devices.
    Get rid of older address for Gisle Vanem; convert Love's address to
    UTF-8 (as it is in the tcpdump CREDITS file).
Commits on Sep 21, 2009
  1. @guyharris

    If an activate routine fails, it needs to clean up the pcap_t, close

    guyharris committed
    anything it's opened, etc..
    In addition, the op pointers need to be restored to the un-activated
    state; do that in pcap_activate() if the call to the activate op fails.
    Also, in the common cleanup code, set the fd's to -1.
Commits on Sep 7, 2009
  1. @guyharris
Commits on Jul 11, 2009
  1. For Linux, add to the pcap_md structure a pointer to a memory-mapped

    Guy Harris committed
    region and the size of the region; use that pointer rather than the bp
    or buffer member (that means we don't have to worry about
    pcap_cleanup_live_common() attempting to free that buffer).  Use the
    saved size when unmapping the memory-mapped region.
    Use that for Linux USB memory-mapped access as well - and unmap the
    memory-mapped region when we close the pcap_t, because we *do* have to
    unmap it.
Commits on Jul 4, 2009
  1. Older Linux kernels have different member names for "struct

    Guy Harris committed
    usbdevfs_ctrltransfer"; check for that and handle it.
    Don't declare variables in the middle of a block; some versions of GCC
    appear to warn about that.
Commits on Mar 19, 2009
  1. From Roman Francoise: rename the USB-sniffing devices to "usbmonN", so

    Guy Harris committed
    as not to collide with the "usbN" names for USB-based networking
Commits on Jan 3, 2009
  1. Revert to defining the USB stuff ourselves; whether there's a

    Guy Harris committed
    <linux/usb_ch9.h> or <linux/usb/ch9.h> header depends on the version of
    the kernel (and that assumes that one of those headers is even
    installed, which isn't necessarily the case).
Commits on Dec 23, 2008
  1. @yuguy

    Get some USB information from <linux/usb/ch9.h> rather than defining it

    yuguy committed
    Add some comments and other tweaks from another of Jon Smirl's patches.
  2. @yuguy

    probe_devices() returns void (if calls fail, we just drive on); don't

    yuguy committed
    try to return a value from it.
  3. @yuguy

    From Jon Smirl: when we start capturing, send GET DESCRIPTOR requests to

    yuguy committed
    all devices on the bus, so we know what's out there already.  Cleaned up
    a bit to directly include <linux/usbdevice_fs.h> and *not* to require
    the USB library just to supply a header with USB definitions.
  4. @yuguy

    Update CHANGES for USB fixes.

    yuguy committed
    Update CREDITS to give Jon Smirl credit for some of the USB fixes.
    Rename DLT_USB_LINUX_MMAP to DLT_USB_LINUX_MMAPPED, and declare a
    structure for the header of packets in DLT_USB_LINUX_MMAPPED captures.
  5. @yuguy

    ps_ifdrop is the number of packets dropped by the interface and not even

    yuguy committed
    handed to the host; ps_drop is the number of packets dropped by the
    capture mechanism because it ran out of buffer space.  We don't know the
    former, so set it to 0; we *do* know the latter, but it's ps_drop, not
  6. @yuguy

    From Jon Smirl:

    yuguy committed
    	try scanning the sysfs USB directory first and, if that
    	directory doesn't exist, try the procfs USB directory, to handle
    	newer kernels where the relevant director is in sysfs;
    	use the data length, not the URB length, as the amount of data
    	in the packet (the URB length is the amount of space *available*
    	for the data, not the actual amount of data).
    For the memory-mapped interface, include the padding after the URB and
    setup header in the packet lengths, and return a different link-layer
    type so that code reading the packets knows that padding is there.
Commits on Nov 24, 2008
  1. @yuguy

    From Roberto Mariani: add support for the snapshot length to the

    yuguy committed
    memory-mapped interface.
  2. @yuguy

    From Roberto Mariani: get rid of some unused #defines.

    yuguy committed
    Close the descriptor before returning with PCAP_ERROR_RFMON_NOTSUP.
  3. @yuguy

    Roberto Mariani:

    yuguy committed
    	put the transfer direction in the uppermost bit of the endpoint
    	number, rather than the uppermost bit of the transfer type, when
    	reading in text mode, just as is the case in binary mode;
    	check the URB data length against 0 when deciding whether
    	there's no URB tag.
Commits on Apr 14, 2008
  1. @yuguy

    Fix typoes (sigh, using both "p" and "handle" for the pcap_t pointer in

    yuguy committed
    different modules can lead to confusion).
  2. @yuguy

    Turn close_op into cleanup_op; the routine that handles it can also be

    yuguy committed
    used to clean up after a failed pcap_activate() call.  Convert the
    existing close_op routines to cleanup_op routines, and use them to clean
    up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it
    directly if there's no platform-dependent cleanup needed.  That means we
    don't have to write the same cleanup code twice (and possibly forget
    stuff in the version done on a failed pcap_activate() call).
    Have the cleanup routines do whatever is necessary to indicate that
    cleanup has been done, and not do any particular cleaning up if it's
    already been done (i.e., don't free something if the pointer to it is
    null and null out the pointer once it's been freed, don't close an FD if
    it's -1 and set it to -1 once it's been closed, etc.).
    For device types/platforms where we don't support monitor mode, check
    for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've
    checked whether we can open the device, so we return "no such device" or
    "permission denied" rather than "that device doesn't support monitor
    mode" if we can't open the device in the first place.
    Fix a comment.
Commits on Apr 4, 2008
  1. @yuguy

    From Paolo Abeni and me: split pcap_open_live() into a "get a pcap_t

    yuguy committed
    handle" routine, an 'activate a pcap_t handle" routine, and some "set
    the properties of the pcap_t handle" routines, so that, for example, the
    buffer size can be set on a BPF device before the device is bound to an
    Add additional routines to set monitor mode, and make at least an
    initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and
    10.5.  (Very much "initial" for Linux, which is a twisty little maze of
    wireless drivers, many different.)
    Have a "timeout" member of the pcap_md structure on all platforms, use
    that on Windows instead of the "timeout" member of the pcap_t structure,
    and get rid of the "timeout" member of that structure.
Commits on Feb 2, 2008
  1. @yuguy
Commits on Dec 14, 2007
  1. @yuguy

    Handle the case where mmap()ped access to the USB buffer is used;

    yuguy committed
    hopefully I'm inferring correctly from the mon_bin_poll() routine that,
    even with purely-mmapped access, you can use select() or poll() to wait
    for packets to arrive.
  2. @yuguy
Commits on Dec 13, 2007
  1. @yuguy
Something went wrong with that request. Please try again.