…devices. Have a table of routines to do pcap_create() for devices that aren't regular network interfaces. Try each of those in succession until one says "it's mine" (whether it succeeds or fails); if none do, do a pcap_create() for a regular interface. Have those routines do more stringent tests of the name - don't just accept any name that has a particular substring anywhere in it. That reduces the likelihood of a false match (as happened with the CANbus module when somebody renamed their Ethernet interface "canopy"). Have the table also include routines for pcap_findalldevs().
Not all distributions have it in /usr/include; I guess the ones that don't have it have versions of other kernel headers that don't require it.
Some versions of the Linux kernel require that.
Do the standard userland filtering on USB and Bluetooth captures, rather than returning "success" when the filter is installed without doing anything with the filter. Also, squelch some "dereferencing type-punned pointer will break strict-aliasing rules" warnings in pcap-bt-linux.c, by using memcpy rather than pointer-casting.
The usbmon text interface was moved from /sys/kernel/debug/usbmon to /sys/kernel/debug/usb/usbmon as of patch http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f49ce96f11112a84c16ac217490ebd6f8d9a8977 . Please add this new directory also into the search list when finding USB devices. Get rid of older address for Gisle Vanem; convert Love's address to UTF-8 (as it is in the tcpdump CREDITS file).
anything it's opened, etc.. In addition, the op pointers need to be restored to the un-activated state; do that in pcap_activate() if the call to the activate op fails. Also, in the common cleanup code, set the fd's to -1.
region and the size of the region; use that pointer rather than the bp or buffer member (that means we don't have to worry about pcap_cleanup_live_common() attempting to free that buffer). Use the saved size when unmapping the memory-mapped region. Use that for Linux USB memory-mapped access as well - and unmap the memory-mapped region when we close the pcap_t, because we *do* have to unmap it.
usbdevfs_ctrltransfer"; check for that and handle it. Don't declare variables in the middle of a block; some versions of GCC appear to warn about that.
as not to collide with the "usbN" names for USB-based networking devices.
<linux/usb_ch9.h> or <linux/usb/ch9.h> header depends on the version of the kernel (and that assumes that one of those headers is even installed, which isn't necessarily the case).
ourselves. Add some comments and other tweaks from another of Jon Smirl's patches.
try to return a value from it.
all devices on the bus, so we know what's out there already. Cleaned up a bit to directly include <linux/usbdevice_fs.h> and *not* to require the USB library just to supply a header with USB definitions.
Update CREDITS to give Jon Smirl credit for some of the USB fixes. Rename DLT_USB_LINUX_MMAP to DLT_USB_LINUX_MMAPPED, and declare a structure for the header of packets in DLT_USB_LINUX_MMAPPED captures.
handed to the host; ps_drop is the number of packets dropped by the capture mechanism because it ran out of buffer space. We don't know the former, so set it to 0; we *do* know the latter, but it's ps_drop, not ps_ifdrop.
try scanning the sysfs USB directory first and, if that directory doesn't exist, try the procfs USB directory, to handle newer kernels where the relevant director is in sysfs; use the data length, not the URB length, as the amount of data in the packet (the URB length is the amount of space *available* for the data, not the actual amount of data). For the memory-mapped interface, include the padding after the URB and setup header in the packet lengths, and return a different link-layer type so that code reading the packets knows that padding is there.
Close the descriptor before returning with PCAP_ERROR_RFMON_NOTSUP.
put the transfer direction in the uppermost bit of the endpoint number, rather than the uppermost bit of the transfer type, when reading in text mode, just as is the case in binary mode; check the URB data length against 0 when deciding whether there's no URB tag.
different modules can lead to confusion).
used to clean up after a failed pcap_activate() call. Convert the existing close_op routines to cleanup_op routines, and use them to clean up; rename pcap_close_common() to pcap_cleanup_live_common(), and use it directly if there's no platform-dependent cleanup needed. That means we don't have to write the same cleanup code twice (and possibly forget stuff in the version done on a failed pcap_activate() call). Have the cleanup routines do whatever is necessary to indicate that cleanup has been done, and not do any particular cleaning up if it's already been done (i.e., don't free something if the pointer to it is null and null out the pointer once it's been freed, don't close an FD if it's -1 and set it to -1 once it's been closed, etc.). For device types/platforms where we don't support monitor mode, check for it and return PCAP_ERROR_RFMON_NOTSUP - but do so after we've checked whether we can open the device, so we return "no such device" or "permission denied" rather than "that device doesn't support monitor mode" if we can't open the device in the first place. Fix a comment.
handle" routine, an 'activate a pcap_t handle" routine, and some "set the properties of the pcap_t handle" routines, so that, for example, the buffer size can be set on a BPF device before the device is bound to an interface. Add additional routines to set monitor mode, and make at least an initial attempt at supporting that on Linux, *BSD, and Mac OS X 10.4 and 10.5. (Very much "initial" for Linux, which is a twisty little maze of wireless drivers, many different.) Have a "timeout" member of the pcap_md structure on all platforms, use that on Windows instead of the "timeout" member of the pcap_t structure, and get rid of the "timeout" member of that structure.
hopefully I'm inferring correctly from the mon_bin_poll() routine that, even with purely-mmapped access, you can use select() or poll() to wait for packets to arrive.
some sscanf() calls: The first change involves a sscanf() that has '%n' in the format string, which shouldn't be checked for in the return value (stored in "ntok"). This is done correctly elsewhere in the code (and even commented on) such that the return value is checked for everything but the %n modifier. And a few lines after this, a sscanf() is done for '%d' and the return value is stored in "ret". However, the same exact line from the above mishap is used here, not even checking the right variable or number of conversions! It checks "ntok" for 2 when it should check "ret" for 1.
The attached patch cleans up usb_platform_finddevs(), removing the dependency on debugfs. There are also some other minor cleanups in the pcap-usb-linux.c file (unused variables removed and indentation fix).