sniffit.0.3.7.beta/ 42755 1750 1750 0 6553423606 12507 5ustar codercodersniffit.0.3.7.beta/HISTORY100644 1750 1750 6420 6553423606 13670 0ustar codercoder#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# * Sniffit History * #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# BUGFIXES ---------- (PRIOR TO 0.2.0 - some are LINUX only) - Kernel 1.2.(some) incompatibility should be fixed. (like 1.2.5) (all credit for that to Godmar Back) - logging connections with lots of data is okay too now. 'the integer that needed to be a long'-bug. It was an overflow prob. - off course there are always minor ameliorations not worth mentioning (SINCE 0.2.0) - MAXCOUNT bug - interactive part lock-up bugs - output format (SINCE 0.3.0) - a wildcard bug - a Makefile bug (nothing important) (SINCE 0.3.1) - a typo caused the screwing up of the wildcard option (0.3.1) - 'select from host' didn't work... (SINCE 0.3.2) - a functions that had a parameter missing. - all interactive mode problems. (SINCE 0.3.3) - Interactive mode, with non-color-modes. - External program firing... (SINCE 0.3.4) - Interactive mode NON-IP packet detection. - errorhandeling starting of external programs from interface - various improvements for the porting (thx, beta-testers) (SINCE 0.3.5) - Seg fault on small Fragmented IP packets handled. - core dump bug fixed with unknown network devices NEW STUFF ----------- V.0.1.0 - First test of the ncurses interface (never use this version, it's megaslow) V.0.1.1 - Added '-x' for extra information on TCP packets - Added '-A ' for you 'password-horny-dudes' ;) - beginning of ICMP support ('-P ') - First 'real' test for the interface V.0.1.2 - IP debugging info - UDP support - extended ICMP info (almost complete....) - logging on another terminal V.0.2.0 - SUN port (I now hate SPARC's ;) V.0.2.1 - SGI port V.0.2.2 - Netload statistics (interactive part) - Massive debugging of interactive part V.0.3.0 - Wildcards in non-interactive mode - time-out in non interactive mode, so you won't stuff memory by connections that weren't closed like they're supposed to be. - Forcing the use of a snif device - MTU changeble in config.h - ppp use V.0.3.1 - Flexible network trafic selection with config file. V.0.3.2 - IP checksum check - First introduction of a logfile for monitoring - Adding of loglevel: 1, 10, 12 V.0.3.3 - rewrite of some parts (big clean-up of interactive part) - Auto adjusting to screen of interface - Starting of external programs from interface V.0.3.4 (Beta) - Use of Autoconf - Upgrade of Libpcap to 0.3 - Added Packet generation - Added UDP selectivity - Added "plugins" V.0.3.5 - cleaned out 0.3.4 beta V.0.3.6 (alpha, special HIP preview) - '-I' mode (locally refered to as 'Iliet' mode (pronounce in Dutch), officialy 'Extended Interactive') - alpha version session recording - alpha version 'sniffit_pb' added (concept canceled in 0.3.7) - an init function for plugins V.0.3.7 - Thrown away the old style recording, and changed the concept - Gracefull shutdown with restoring original interface mode ------------------------ Thx for using Sniffit(tm) --------------------------- sniffit.0.3.7.beta/LICENSE100644 1750 1750 3001 6553423606 13601 0ustar codercoderSniffit 0.3.7 Copyright (c) 1996-1998 Brecht Claerhout All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. 4. Redistribution of source code must be conform with the 'libpcap' copyright conditions, if that library is included. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. sniffit.0.3.7.beta/Makefile.in100644 1750 1750 4002 6553423606 14643 0ustar codercoder# Sniffit Makefile # - Maintained by: Brecht Claerhout # .PHONY : clean #Some Vars SNIFFIT = sniffit.0.3.7.c CC = @CC@ LIBS = @LIBS@ DEFS = @DEFS@ OS_OPT = @OS_OPT@ OBJ_FLAG = -w -O2 -c OBJ_OPT = -I./libpcap -L./libpcap EXE_FLAG = -w -O2 -o sniffit EXE_OPT = -I./libpcap -L./libpcap -lpcap EXE_OBJ = sn_packets.o sn_generation.o sn_interface.o sn_cfgfile.o \ sn_logfile.o sn_resolv.o DEP_FILES = sn_config.h ./libpcap/pcap.h sn_data.h sn_defines.h sn_plugins.h \ sn_analyse.c sn_conn_desc.c \ sn_packets.o \ sn_generation.o sn_interface.o sn_cfgfile.o sn_logfile.o \ sn_resolv.o all: sniffit @echo "Succesfull compilation..." sniffit: $(SNIFFIT) $(DEP_FILES) cd libpcap; make; cd .. $(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT) strip sniffit sn_cfgfile.o: sn_cfgfile.h sn_cfgfile.c sn_defines.h sn_structs.h sn_config.h $(CC) $(OBJ_FLAG) sn_cfgfile.c $(OBJ_OPT) $(DEFS) sn_logfile.o: sn_logfile.h sn_logfile.c sn_defines.h sn_structs.h sn_config.h $(CC) $(OBJ_FLAG) $(GEN_OPT) sn_logfile.c $(OBJ_OPT) $(DEFS) sn_packets.o: sn_packets.h sn_packets.c sn_defines.h sn_structs.h sn_config.h $(CC) $(OBJ_FLAG) $(GEN_OPT) sn_packets.c $(OBJ_OPT) $(DEFS) sn_interface.o: sn_interface.h sn_interface.c sn_defines.h sn_structs.h \ sn_generation.h sn_generation.c sn_config.h $(CC) $(OBJ_FLAG) $(GEN_OPT) sn_interface.c $(OBJ_OPT) $(DEFS) sn_generation.o: sn_generation.h sn_generation.c sn_defines.h sn_structs.h \ sn_config.h $(CC) $(OBJ_FLAG) $(GEN_OPT) sn_generation.c $(OBJ_OPT) $(DEFS) sn_resolv.o: sn_resolv.h sn_resolv.c sn_defines.h $(CC) $(OBJ_FLAG) $(GEN_OPT) sn_resolv.c $(OBJ_OPT) $(DEFS) #Clean up everthing... clean: cd libpcap; make clean; rm -f config.cache; cd .. rm -f Makefile rm -f config.cache rm -f config.status rm -f config.log rm -f ./libpcap/config.cache rm -f ./libpcap/config.status rm -f ./libpcap/config.log rm -f *.o sniffit sniffit.0.3.7.beta/PLUGIN-HOWTO100644 1750 1750 14332 6553423606 14444 0ustar codercoder1. What are Sniffit plugins (READ) 2. How to install a plugin (READ) 3. How to make a plugin (Only for programmers) 4. Contense of structs (Only for programmers) 5. Standard Plugins (READ) 1. What are Sniffit plugins --------------------------- Sniffit Plugins are a very fancy name for a very primitive system. The plugins allow you to add your own code to Sniffit without many problems. This has the advantage you can create your own sniffer within Sniffit, without having to worry about the packet filtering. 2. How to install a plugin -------------------------- Well, as I plan to release some plugins myself, and maybe ppl are going to share their own plugins, a little word on the installation. It's pretty simple, you get the plugin, put it in the sniffit directory and you edit the sn_plugin.h file like this: #define PLUGIN0_NAME "Dummy Plugin" #define PLUGIN0(x) main_plugin_function(x) #define PLUGIN0_INIT() init_plugin() /* (optional) */ #include "my_plugin.plug" Some notes: a) You can have plugins from 0 to 9 so PLUGIN0_NAME to PLUGIN1_NAME. Numbers don't have to be consecutive. (so also a PLUGIN0(x) to PLUGIN9(x) corresponding with the PLUGIN?_NAMES) b) The PLUGIN?_NAME contains the name that will be displayed when just typing sniffit. c) main_plugin_function should be a name provided by the author of the plugin. It is the name of the function that should be called by Sniffit. Details on this for making your own plugins are explained below. d) init_plugin() is also a function that can be provided by the author. Some plugins will not have an init function. e) #include "my_plugin.plug" Where my_plugin.plug is the name of the plugin source code file. 3. How to make a plugin ----------------------- I know it's primitive, but it pretty much works and is very easy. A plugins should consists of a function (here PL_dummy) void PL_dummy (struct Plugin_data *PLD) { .... } It's no problem to use several functions. It's no problem to use global data, as long as it doesn't interfer with sniffits global data (or other plugins global data). So it is wise to make all global variables and functions like: PL_nameofplugin_nameofvariable/function * NEW: If you define a PL_init_function * e.g: #define PLUGIN0_INIT() init_plugin() * * This function will be runned when Sniffit starts, and the plugin * is selected by the user, it is usefull for initialising some data. 4. Contense of structs ---------------------- NOTE: I don't use the standard structures for packets. This has it's 'historical' reasons, and has rather become a drag than a positive point. But it would be even a greater drag (time loss) to overturn everything completely and recode the appropriate parts of Sniffit, maybe I will do it someday, maybe I won't. I hope you can live with it... Notice you get a pointer to a structure ('struct Plugin_data *PLD') when your plugin is called. This structure is totally yours and you may modify it without any problems. It is defined as: struct Plugin_data { struct unwrap PL_info; struct IP_header PL_iphead; struct TCP_header PL_tcphead; struct UDP_header PL_udphead; unsigned char PL_data[MTU]; unsigned char PL_packet[MTU]; }; PL_info : contains some general usefull info PL_iphead : contains the IP_header (no options) PL_tcphead: contains the TCP_header if it is a TCP packet (no options) PL_udphead: contains the TCP_header if it is a UDP packet (no options) PL_data : contains the packet data (no headers) PL_packet : contains the entire packet Details on the Packet structures below (You know, the unconventional ones) (It is best that you grab your book on packets and have a look at the fields. The structures are composed the same way, and are an exact copy of those headers. So watch it! You might need to use ntohs() and ntohl() now and then!) (Have a look at the Dummy Plugin and the DNS Plugin for examples) struct IP_header /* The IPheader (without options) */ { unsigned char verlen, type; unsigned short length, ID, flag_offset; unsigned char TTL, protocol; unsigned short checksum; unsigned long int source, destination; }; struct TCP_header /* The TCP header (without options) */ { unsigned short source, destination; unsigned long int seq_nr, ACK_nr; unsigned short offset_flag, window, checksum, urgent; }; struct UDP_header /* The UDP header */ { unsigned short source, destination; unsigned short length, checksum; }; 5. Standard Plugins ------------------- There are 2 Plugins that are currently included in the distribution of Sniffit: A dummy Plugin, and a DNS Plugin. The Dummy Plugin: As it says, it does nothing ;) example: sniffit -M 0 -bN -t foo.bar Will output some useless information on the intercepted packet (that has passed the filtering you defined). Example of output: Dummy Plugin Report: IP header: 20 bytes TCP header: 20 bytes / 1 Databytes The DNS Plugin: The DNS plugin will examine any UDP packet that is passes the filter you have setup for sniffit from/to port 53. These packets are DNS packets, and that plugin will decode them and output some information to the standard output. e.g.: sniffit -M1 -N -P UDP -t @ Will examine all DNS traffic. An example of output is: DNS Sniffit Plugin Report: Packet: 111.33.111.11 53 -> 111.111.66.33 53 ID: 5782 STATUS: Answer (opcode: 0) , , , , rec. NOT Av. , ret: 0 Q: 1 Answ: 0 Auth: 2 Add: 2 Query: 21.158.245.200.in-addr.arpa. Type: 12 Class: IP Answer 1/4: 245.200.IN-ADDR.ARPA. Type: 2 Class: IP Answer 2/4: 245.200.IN-ADDR.ARPA. Type: 2 Class: IP Answer 3/4: DIXIT.ANSP.BR. Type: 1 Class: IP Data: 143.108.1.17. Answer 4/4: FPSP.FAPESP.BR. Type: 1 Class: IP Data: 143.108.1.1. sniffit.0.3.7.beta/README.FIRST100644 1750 1750 67343 6553423606 14405 0ustar codercoder#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# * Sniffit V.0.3.7 Beta * # By Brecht Claerhout # * * # This program is intended to demonstrate the unsafeness of TCP (currently) # * No illegal activities are encouraged! * # Please read the LICENSE file # * * # Sniffit grew a little upon it's original intentions and is now # * extended for network debugging (UDP, ICMP, netload, etc.) * #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# * Libpcap library * # This product includes software developed by the Computer Systems # * Engineering Group at Lawrence Berkeley Laboratory. * #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*# 0. Introduction, and some stuff you should know. 0.1 Credits and contact 0.2 Compiling 0.3 License 1. Programmers notes excuses for my incompetence 2. Use of the program flags and examples 3. Extra info on use 3.1 Running interactive mode 3.2 Forcing network devices (*READ*) 3.3 Format of the config file 3.4 Loglevels 4. The output 4.1 Normal 4.2 Logfile 5. IMPORTANT NOTES, READ! this also! ------------------------------------------------------------------------------ 0. Introduction, and some stuff you should know. ------------------------------------------------ 0.3.7 (Beta). It has been a while I know. But this year has been a hell, last year of uni, projects, thesis, .... it didn't stop. Well that is behind us now, the most important thing, is that I'm back working on the program again, and intend to keep on doing it. I hope you enjoy this beta version. Like always, I removed some bugs. There is a new 'logging' feature. It is now possible to record traffic with Sniffit and process it later! (it is completely different from te logging done in the 0.3.6 version, that is known to some hardcore Sniffit users) Please take a minute to skim through the text and read the passages marked with a '*', these are the new features. (Please read BETA-TESTING) I use the libpcap library developped at Berkeley Laboratory, for easy porting (Read the licence). 0.1 Credits and contact ----------------------- Credits go to (in order of apperance on the Sniffit scene): Wim Vandeputte , best friend and UNIX guru, for support, testing and providing me with a WWW site. Godmar Back, for fixing that kernel 1.2.X bug (Sniffit 0.1.X). Peter Kooiman, of Paradigm Systems Technology for providing the facilities to port Sniffit, and for the endless testing (although he laughs this away with "no big deal, I don't need no credits"). Without him, there would have been no ports at all. Brooke Paul, for providing me with an SGI account. Qing Long, for the bash/zsh libpcap/configure script. Guy Gustavson, for giving me a FreeBSD account. Woju , for the ncurses SunOS/FreeBSD fixing, and for his other effords. Amlan Saha , for adding Packet Generation to Sniffit, and adding other features (not implemented yet). I'm sure that in the near future you will see more of his work in Sniffit. Shudoh Kazuyuki, for changing getaddrbyname() and improving the config-file interpreting. Fyodor , for pointing out the hidious small fragments problem. David O'Brien , for netbsd information. everybody, who ever mailed me with sugestions help, etc... Also a big thanks to my Beta testers (alphabetically, I hope)... Charles G Stuart IRIX / RedHat LINUX Patrick Schoppenhorst IRIX Shahid Mahmood Slackware LINUX / SunOS Stephen Hillier RedHat LINUX And many others who wish to be anonymous.... Sugestions and comments can be sent to: coder@reptile.rug.ac.be Brecht Claerhout Meulebeeksestw. 51 8700 Tielt Belgium The original distribution program can be optained from (my site): http://sniffit.rug.ac.be/sniffit/sniffit.html MIND YOU: this program is ran as root, and thus could easily contain dangerous trojans. If you get it from the above site you can safely compile and use it. (no trojan versions are discovered yet.. it's just a warning) 0.2 Compiling ------------- Just type 'configure' and then 'make' (if configure made it without errors). Mind you, you can still modify some things in the 'sn_config.h' file, but by default all sections that can be added on your system are added. IMPORTANT NOTES: 1. This source code has only been tested with GNU versions of make/C compiler. (i.e. don't come complaining to me if your 'native' system compiler screws up, use GNU!) 2. curses IS NOT equal to ncurses. (ncurses is available at your local sunsite mirror.) 3. READ THE FAQ when experiencing problems. Other stuff.... make clean : cleans all directories for a compiling from scratch 0.3 License (this is a copy of the LICENSE file) ----------- Sniffit 0.3.7 Copyright (c) 1996-1998 Brecht Claerhout All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. 4. Redistribution of source code must be conform with the 'libpcap' copyright conditions, if that library is included. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 1. Programmers notes -------------------- I wasn't educated to be a programmer, so I write lousy code. Please forgive me. Still I note the use of shared memory, with Linux you should take extra care when recompiling your kernel! Answer YES to 'System V IPC (CONFIG_SYSVIPC) [y]'. 2. Use of the program --------------------- (The man pages have detailed info on what parameters you can mix) (* indicates New Features) Options: ONE of these is required! -v Show version and exit (just added because it's such a wide spread option) -t tells the sniffer to check out packets GOING TO -s tells the sniffer to check out packets COMMING FROM You can use the '@' wildcard (only IP NUMBERS of course). e.g. -t 199.145.@ -t 199.14@ mind you -t @ is also a valid option. -i Interactive mode, overrides all other options * -I Extended Interactive mode, overrides all other options * Much more fun then -i, watch and enjoy... * (best viewed in a xterm that is stretched wide...) -c Use as a config file for Sniffit See 3.3 for format of the config file. NOTE: -t or -s only apply to TCP and UDP packages, ICMP, IP packages are ALL interpreted. Also, any selection on ports, -p only applies to TCP, UDP packages. Parameters for all modes: -F force sniffit to use a network device (READ 3.2 ON THIS SUBJECT, IMPORTANT) -n Turn of IP checksum checking. This can show you bogus packets. (mind you ARP, RARP, other non-IP packets will show up bogus too) (compatible with ALL options) -N Disables all functions that Sniffit has build in, usefull for wanting to run ONLY a plugin Parameters for not running in -i: -b does both -t and -s, doesn't mather what function you used (-t or -s) -d Dump mode, shows the packets on the screen in bytes (not like tcpdump). For test purposes. (numbers are hex) -a same of '-d' but outputs ASCII. -x Prints extended info on TCP packets (SEQ numbers, ACK, Flags) Like SEQ, ACK, the flags, etc... (works wit '-a', '-d', '-s', '-t', '-b' or on its own.) (Mind you it is always shown on stdout, so not logged when using '-t', '-s', '-b' without another parameter) * -R Record all traffic in * This file can then be fed to Sniffit with the '-r' option. * -r This option feeds the recorded to Sniffit. This * option requires the '-F' option with the correct device. * Suppose you log a file on a machine with 'eth0'. When * feeding the logged file to sniffit, you will need to add '-F eth0' * or '-F eth' to the command line. * It doesn't need much explanation that using '-i' or '-I' * in combination with '-r' makes no sense (at this moment). -A When in logging mode, all non-printable chars will be replaced by . (see note below 4.The output) -P protocol specify the protocols examined (default TCP) possible options currently are: IP, TCP, ICMP, UDP They can be combined. -p Logs connections on port , 0 means all ports, default is 0 (all), look out with that on loaded nets! -l Ammount of information to log (default 300 bytes). Length 0 logs everything. (look out with diskspace when logging everything!) -M Activate Plugin nr. , for a list on all plugins compiled in your version, just type 'sniffit'. Read all about Plugins in the PLUGIN-HOWTO (READ IT!) Parameters with -i,-I: -D All logging output will be send to that device. It's cool to get the same IRC screen as the guy y'r sniffing upon ;-) Parameters with -c: * -L enable logging with as 'loglevel' * 'loglevels' were not flexible enough I think, so I changed * the system to 'logparameters'. * can be a concatenation of any of these words: * * raw : Raw level * norm : Normal level * telnet: Log passwords (login port 23) * ftp : Log passwords (ftp port 21) * mail : Log mailinfo (mail port 25) * e.g 'ftpmailnorm' would be a valid * (see '2. The Output' for more info) Some examples: Imagine the following setup: 2 hosts on a subnet, one is running the sniffer (sniffit.com), the otherone is 66.66.66.7 (target.com). 1. You want to test if the sniffer is working: sniffit:~/# sniffit -d -p 7 -t 66.66.66.7 and in another window: sniffit:~/$ telnet target.com 7 you should see the sniffer giving you packets as you telnet to the 'echo' service. 2. I want to log some passwords from people on 66.66.66.7: sniffit:~/# sniffit -p 23 -t 66.66.66.7 3. Root of target.com tells me he gets strange ftp connections and wants to find out the commands typed: sniffit:~/# sniffit -p 21 -l 0 -t 66.66.66.7 4. You want to read all incomming and outgoing mail on target.com: sniffit:~/# sniffit -p 25 -l 0 -b -t 66.66.66.7 & or sniffit:~/# sniffit -p 25 -l 0 -b -s 66.66.66.7 & 5. You want to use the menu based interface. sniffit:~/# sniffit -i 6. Something is really wrong and you want to see the Control Messages with error codes. sniffit:~/# sniffit -P icmp -b -s 66.66.66.7 7. Go wild on scrolling the screen. sniffit:~/# sniffit -P ip -P icmp -P tcp -p 0 -b -a -d -x -s 66.66.66.7 witch is the same as sniffit:~/# sniffit -P ipicmptcp -p 0 -b -a -d -x -s 66.66.66.7 8. Log passwords in that way you can read them with 'more 66*' sniffit:~/# sniffit -p 23 -A . -t 66.66.66.7 or sniffit:~/# sniffit -p 23 -A ^ -t dummy.net 9. This could go on for ever.............. 3. Extra info on use -------------------- 3.1 Running interactive mode ---------------------------- When running in interactive mode: UP or 'k' : self explanatory DOWN or j': self explanatory F1 or '1' : Enter a host (enter 'all' for no mask) for packet filtering (host that sends the packets) F2 or '2' : Enter a host (enter 'all' for no mask) for packet filtering. (host that receives the packets) F3 or '3' : Enter a port (enter '0' for no mask) for packet filtering. (host that sends the packets) F4 or '4' : Enter a port (enter '0' for no mask) for packet filtering. (host that receives the packets) F5 or '5' : Start a program 'sniffit_key5' with arguments If the program doesn't exist, nothing is done. Sniffit should be in the same path as sniffit was STARTED FROM (not necessarely the path sniffit is stored in) This is usefull for interactive connection killing or extra monitoring. A little shell script can always transform the arguments given and pass them on to other programs. F6 or '6' : Same as F5 or '5', but with program 'sniffit_key6' F7 or '7' : Same as F5 or '5', but with program 'sniffit_key7' F8 or '8' : Same as F5 or '5', but with program 'sniffit_key8' ENTER : a window will pop up and log the connection, or the connection output will be send at a chosen device if you used the '-D' option. 'q' : When in logging mode, stop logging. Otherwise, quit. 'n' : Toggle netstatistics. These are sampled at 3 secs, look in the config.h file to change this (could be needed if y'r computer is slow). 'g' : Generate Packets! Sniffit is now able to generate some trafic load. Currently this is a 'underdevelloped' feature with very few options, but it will be expanded a lot... Currently only UDP packets are generated. When pressing 'G' you will be asked the source/dest IP/port and how much packets are needed to be transmitted. Packets contain the line: "This Packet was fired with Sniffit!" 'r' : Reset.. clears all current connections from memory and restarts. 3.2 Forcing network devices (*READ*) -------------------------------------- NOTE: the correct name (for sniffit) of a device can be found by running 'ifconfig', 'route', ... When forcing network devices, sniffit tries to find out what device it is. If sniffit recognises the name, everything is okay. If it does not recognise the name it will set the variable FORCED_HEAD_LENGHTH to the ethernet headlength. The ethernet headlength is the length in bytes of an ethernet packet hearder. So if you have to force a non-ethernet device, that is not recognised by sniffit, make sure you change that headlength correctly in the 'sn_config.h' file. The -F option was added, because I noticed devicenames can differ from system to system, and because some ppl have multiple devices present. When having problems with this option, please think twice before you mail me. e.g: sniffit -F eth1 -t foobar.com -dx Notice you don't have to add /dev/ (some ppl mentioned me this was not completely clear). 3.3 Format of the config file ----------------------------- The configfile should have lines with the following format: [] (seperators are spaces (any number of), NO TABS!!!) Lines that don't match this pattern are discarded, so standard unix comments '#' can be used in this file... (this also means that if you have a typo there, Sniffit won't report it but just discard the line) * Be sure to end the file with a blank line. If you don't do so, the last * line of the command file will be ignored. (read this list, even if you don't get it at first, it will become clear in the examples) can be: select : Sniffit will look for packets that match the following description (other fields) deselect : Sniffit will ignore packets that match the description logfile : change the logfile name to instead of the default 'sniffit.log' can be: from : Packets FROM the host matching the following desc. are considered to : similar, Packets TO the.... both : similar, Packets FROM or TO the.... a filename : as an argument of 'logfile' in can be: host : The (de)selection criteria involves a hostname. port : similar, ... a portnumber mhosts : The (de)selection criteria involves multiple-hosts, like with the wildcars in 0.3.0, but without the 'x' can be: * either a hostname, a portnumber, a service name or a numbet-dot partial * notation indicating multiple hosts depending on * (service names like 'ftp' are resolved as the services available * present on the host that runs Sniffit, and translated into a port nr) can be: a portnumber or service name, if was 'host' or 'mhosts' Maybe it would have been wise to mention explicitely, that the config-file currently only works with TCP packets. examples: 1. Look at this configuration file: select from host 100.100.12.2 select from host 100.100.12.3 1400 select to host coder.sniffit.com select both port 23 This file would cause Sniffit to give you the packets: a) Send by host 100.100.12.2 b) Send by host 100.100.12.3 from port 1400 c) Send to coder.sniffit.com d) All packets on our subnet going to or comming from a telnet port. 2. another example: select both mhosts 100.100.12. deselect both port 80 select both host enemy.sniffit.com This file would cause Sniffit to give you the packets: a) Send by hosts '100.100.12.*' b) EXCEPT the WWW packets c) BUT showing the WWW packets concerning enemy.sniffit.com The config file in interpreted SEQUENTIAL, so mixing up those lines could have unwanted results e.g.: select both mhosts 100.100.12. select both host enemy.sniffit.org deselect both port 80 This will give you the packets: a) Send by hosts '100.100.12.*' b) Send from/to enemy.sniffit.org c) deselecting all WWW packets on the subnet So if someone on enemy.sniffit.org is netscaping (assuming his 'target' has his httpd installed on port 80), you would see the packets with the first config file, BUT NOT with the second file, and that could spoil y'r fun when he's surfing to some kinky page. 3. example: select both mhosts 1 select both mhosts 2 deselect both mhosts 1 80 deselect both mhosts 2 80 This would show you all subnet trafic excluding WWW trafic (concerning port 80.) 4. example: * select both host target.com 21 * and * select both host target.com ftp * are equal configurations. NOTE: Everything is DESELECTED by default, so an empty config file will get you nothing. 3.4 Loglevels ------------- * The system of loglevels was not flexible enough, so I changed it. I expect * you will like it more this way. * * Loglevels are now activated by '-L '. * The folowing 's are valid (concatenation is alowed): * * 'raw': * Log all SYN, FIN, RST packets. This will give you an overview of * all network (TCP) trafic in a 'RAW' way (a connection starting could * gives you at least 2 SYN packets, etc...). * This is a great way to waste diskspace... * Messages are: * Connection initiated. (SYN) * Connection ending. (FIN) * Connection reset. (RST) * * 'norm' (levels 10-29) * Same as 'raw', but a bit more intelligent. Unless packets are * transmitted multiple times because of packet loss, you will * only get 1 notice of a connection starting or ending. (the packet id * will state the host that initiated the connection first) * Messages are: * Connection initiated. * Connection closed. * * 'telnet': * Sniffit will try to catch user and passwords for the telnet login * on port 23. * * NOTE: * We only try to catch the first attempt, so if someone fails the * first login, you will miss his password. * A '~' in the login and passwords fields can be a nonprintable * character (if in the beginning of a field, probably due to an early * start of registration) or a '~'. * This all makes it sound a little messy, but I 'testdrived' a lot and * was pleased with the results after adding some funky shit (if y'r * interested have a look at in function 'packethandler' in * sniffit.*.c) * * 'ftp': * Sniffit will try to catch user and passwords for ftp sessions * on port 21. * * NOTE: * Easy catching. Even multiple tries are registered. * * 'mail': * Interested in who writes mail to who? Well you get all senders and * recepients nicely logged with this feature (port 25 mail). 4. The output ------------- 4.1 Normal ---------- - IP header info (not logged, displayed): Examples: from 100.100.60.80 to 100.100.69.63 IP Packet precedence: Routine (-T-) FLAGS: -- -- Time to live (secs): 59 Protocol (6): TCP from 100.100.69.31 to 100.100.69.63 IP Packet precedence: Routine (---) FLAGS: -- -- Time to live (secs): 60 Protocol (17): UDP from 100.100.69.51 to 100.100.69.63 IP Packet precedence: Routine (---) FLAGS: -- -- Time to live (secs): 255 Protocol (1): ICMP explanation: Precedence can be: Routine, Priority, Immediate, Flash, Flash override, Critical, Internetwork Control, Network control The Flags between brackets: (DTR) Delay-Throughput-reliability FLAGS: DF MF DF=Don't Fragment MF=More Fragments - TCP Packets (logged or displayed): The sniffer logs the data in ascii format. So when logging telnet connections, you will need to use 'joe' or something else that can support control chars (look for '-A ' below). Telnet 'negotiates' (binary) in the beginning of every connection, and 'catting' a output file, will most of the time show nothing (due to control chars). Of course when logging mail, there are no problems. The new '-A ' takes care of the control characters, that way you will be able to read the logfiles with 'more', 'vi', etc... -a and -d give you raw packets i.e. not unwrapped, on the screen (nothing is logged), -x gives you more info on the TCP package (everything is still logged unless using -a or -d mode), The flags are: U: Urgent pointer significant A: Acknowledgement is signif (will be shown) P: Push function R: Reset the connection S: Synchronizes sequence numbers F: No more data from sender (end connection) Filenames Created: Imagine a subnet with the hosts 66.66.66.66 and 66.66.66.7, and we run a sniffer on the first. The sniffer creates the following files: When logging packets TO host 66.66.66.7 (-t 66.66.66.7) files like 77.77.7.7.15000-66.66.66.7.23 are created, when the data CAME FROM host 77.77.7.7-15000 (with 15000 port used on 77.77.7.7 for that connection, and received on port 23 of 66.66.66.7) When logging packets FROM host 66.66.66.7 (-s 66.66.66.7) files like 66.66.66.7.15000-77.77.7.7-23 are created, when the data GOES TO host 77.77.7.7 (with 15000 port used on 66.66.66.7 for that connection) - ICMP Packets (not logged, displayed): On host 100.100.69.63 someone tried 'telnet 100.100.23.23' Suppose this host is unreachable, this could be a possible output: ICMP message id: 100.100.69.254 > 100.100.69.63 ICMP type: Destination unreachable Error: Host unreachable ICMP message concerned following IP packet: from 100.100.69.63 to 100.100.23.23 IP Packet precedence: Routine (---) FLAGS: -- -- Time to live (secs): 63 Protocol (6): TCP - UDP Packets (not logged, displayed) You get the package id. When using -d, -a you get the contence of the package. (pretty basic) 4.2 Logfile ----------- If you use a configfile (-c) and enable the Logging option a logfile is created. Unless you set 'logfile' in the config file, that file will be named 'sniffit.log'. It will contain lines with the following FIXED format: 1) Date - Connection id.: message e.g. [Mon Aug 19 22:38:56 1996] - 100.100.10.10.1046-110.110.11.11.23: Connection initiated. (conn. init. on the same line as the rest) 2) Except the starting line and the ending line of each session, they are: [Mon Aug 19 22:38:51 1996] - Sniffit session started. [Mon Aug 19 22:39:44 1996] - Sniffit session ended. 3) Lines containing other data (future versions), will NOT begin with '[' and will have also easily interpretable formats. Other data is e.g. packet contence I do this because I can imagine (when this is more expanded) that people will use their own parsers for these logfiles. Well, if you respect those 3 rules, your parser will work on all future versions of Sniffit. 5. IMPORTANT NOTES, READ! ------------------------- First of all, some stuff people who use this program should already know, if you don't, well here ya got it: Some other notes: - Sniffers can only be run by ROOT - Sniffers can only log packets that 'travel' on THEIR ethernetcable. So there has to be some host on your subnet involved (either as sender or receiver). - Working with '-d' or '-a' give you raw packets, they are still packed in IP, when logging to files, only send data is logged, the packets are 'unwrapped'. - Sniffers can NORMALY not be detected by outsiders (or outsiders SHOULD not be able to...). Unfortunately some systems contain bugs that will allow outsiders to probe your network device for PROMISC mode (which is a good indication for 'sniffer running') - (LINUX) Your KERNEL should support System V IPC. If you will use '-i' or '-I'. - (BSD systems) Your KERNEL should have BPF included. ------------------------ Thx for using Sniffit(tm) --------------------------- sniffit.0.3.7.beta/config.guess100755 1750 1750 47622 6553423606 15155 0ustar codercoder#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. # # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Written by Per Bothner . # The master version of this file is at the FSF in /home/gd/gnu/lib. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit system type (host/target name). # # Only a few systems have been added to this list; please add others # (but try to keep the structure clean). # # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 8/24/94.) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in alpha:OSF1:*:*) # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-cbm-sysv4 exit 0;; amiga:NetBSD:*:*) echo m68k-cbm-netbsd${UNAME_RELEASE} exit 0 ;; amiga:OpenBSD:*:*) echo m68k-cbm-openbsd${UNAME_RELEASE} exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit 0 ;; NILE:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit 0 ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; atari*:NetBSD:*:*) echo m68k-atari-netbsd${UNAME_RELEASE} exit 0 ;; atari*:OpenBSD:*:*) echo m68k-atari-openbsd${UNAME_RELEASE} exit 0 ;; sun3*:NetBSD:*:*) echo m68k-sun-netbsd${UNAME_RELEASE} exit 0 ;; sun3*:OpenBSD:*:*) echo m68k-sun-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:NetBSD:*:*) echo m68k-apple-netbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) echo m68k-apple-openbsd${UNAME_RELEASE} exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit 0 ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit 0 ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) sed 's/^ //' << EOF >dummy.c int main (argc, argv) int argc; char **argv; { #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF ${CC-cc} dummy.c -o dummy \ && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit 0 ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit 0 ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ -o ${TARGET_BINARY_INTERFACE}x = x ] ; then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit 0 ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit 0 ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit 0 ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit 0 ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i?86:AIX:*:*) echo i386-ibm-aix exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then sed 's/^ //' << EOF >dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit 0 ;; *:AIX:*:4) if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=4.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:*:*) echo rs6000-ibm-aix exit 0 ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit 0 ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit 0 ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit 0 ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; 9000/[3478]??:HP-UX:*:*) case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; 9000/8?? ) HP_ARCH=hppa1.0 ;; esac HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; 3050*:HI-UX:*:*) sed 's/^ //' << EOF >dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit 0 ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; i?86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit 0 ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit 0 ;; CRAY*X-MP:*:*:*) echo xmp-cray-unicos exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ exit 0 ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY-2:*:*:*) echo cray2-cray-unicos exit 0 ;; F300:UNIX_System_V:*:*) FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; F301:UNIX_System_V:*:*) echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` exit 0 ;; hp3[0-9][05]:NetBSD:*:*) echo m68k-hp-netbsd${UNAME_RELEASE} exit 0 ;; hp3[0-9][05]:OpenBSD:*:*) echo m68k-hp-openbsd${UNAME_RELEASE} exit 0 ;; i?86:BSD/386:*:* | *:BSD/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; *:FreeBSD:*:*) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit 0 ;; *:NetBSD:*:*) echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; i*:CYGWIN*:*) echo i386-pc-cygwin32 exit 0 ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin32 exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit 0 ;; *:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. ld_help_string=`ld --help 2>&1` if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then echo "powerpc-unknown-linux-gnu" ; exit 0 elif test "${UNAME_MACHINE}" = "alpha" ; then echo alpha-unknown-linux-gnu ; exit 0 elif test "${UNAME_MACHINE}" = "sparc" ; then echo sparc-unknown-linux-gnu ; exit 0 else # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. test ! -d /usr/lib/ldscripts/. \ && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 # Determine whether the default compiler is a.out or elf cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 rm -f dummy.c dummy fi ;; # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions # are messed up and put the nodename in both sysname and nodename. i?86:DYNIX/ptx:4*:*) echo i386-sequent-sysv4 exit 0 ;; i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} fi exit 0 ;; i?86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; paragon:*:*:*) echo i860-intel-osf1 exit 0 ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit 0 ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4.3${OS_REL} && exit 0 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; i?86:LynxOS:2.*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit 0 ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit 0 ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit 0 ;; PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 cat >dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) #if !defined (ultrix) printf ("vax-dec-bsd\n"); exit (0); #else printf ("vax-dec-ultrix\n"); exit (0); #endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit 0 ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; c34*) echo c34-convex-bsd exit 0 ;; c38*) echo c38-convex-bsd exit 0 ;; c4*) echo c4-convex-bsd exit 0 ;; esac fi #echo '(Unable to guess system type)' 1>&2 exit 1 sniffit.0.3.7.beta/config.sub100755 1750 1750 45444 6553423606 14620 0ustar codercoder#! /bin/sh # Configuration validation subroutine script, version 1.1. # Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. if [ x$1 = x ] then echo Configuration name missing. 1>&2 echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 echo "or $0 ALIAS" 1>&2 echo where ALIAS is a recognized configuration type. 1>&2 exit 1 fi # First pass through any local machine types. case $1 in *local*) echo $1 exit 0 ;; *) ;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in linux-gnu*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple) os= basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco5) os=sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ | arme[lb] | pyramid \ | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ | alpha | we32k | ns16k | clipper | i370 | sh \ | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ | pdp11 | mips64el | mips64orion | mips64orionel \ | sparc | sparclet | sparclite | sparc64) basic_machine=$basic_machine-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i[3456]86) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-cbm ;; amigados) basic_machine=m68k-cbm os=-amigados ;; amigaunix | amix) basic_machine=m68k-cbm os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | ymp) basic_machine=ymp-cray os=-unicos ;; cray2) basic_machine=cray2-cray os=-unicos ;; [ctj]90-cray) basic_machine=c90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; i370-ibm* | ibm*) basic_machine=i370-ibm os=-mvs ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i[3456]86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i[3456]86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i[3456]86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i[3456]86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; miniframe) basic_machine=m68000-convergent ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; np1) basic_machine=np1-gould ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5) basic_machine=i586-intel ;; pentiumpro | p6) basic_machine=i686-intel ;; pentium-* | p5-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; k5) # We don't have specific support for AMD's K5 yet, so just call it a Pentium basic_machine=i586-amd ;; nexen) # We don't have specific support for Nexgen yet, so just call it a Pentium basic_machine=i586-nexgen ;; pn) basic_machine=pn-gould ;; power) basic_machine=rs6000-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; symmetry) basic_machine=i386-sequent os=-dynix ;; tower | tower-32) basic_machine=m68k-ncr ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; xmp) basic_machine=xmp-cray os=-unicos ;; xps | xps100) basic_machine=xps100-honeywell ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. mips) basic_machine=mips-mips ;; romp) basic_machine=romp-ibm ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sparc) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -unixware* | svr4*) os=-sysv4 ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -linux-gnu* | -uxpv*) # Remember, each alternative MUST END IN *, to match a version number. ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -ctix* | -uts*) os=-sysv ;; -ns2 ) os=-nextstep2 ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -xenix) os=-xenix ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in *-acorn) os=-riscix1.2 ;; arm*-semi) os=-aout ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-ibm) os=-aix ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigados ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f301-fujitsu) os=-uxpv ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -hpux*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs*) vendor=ibm ;; -ptx*) vendor=sequent ;; -vxsim* | -vxworks*) vendor=wrs ;; -aux*) vendor=apple ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os sniffit.0.3.7.beta/configure100755 1750 1750 147737 6553423606 14574 0ustar codercoder#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated automatically using autoconf version 2.12 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. # Defaults: ac_help= ac_default_prefix=/usr/local # Any additions from configure.in: # Initialize some variables set by options. # The variables have the same names as the options, with # dashes changed to underlines. build=NONE cache_file=./config.cache exec_prefix=NONE host=NONE no_create= nonopt=NONE no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= target=NONE verbose= x_includes=NONE x_libraries=NONE bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datadir='${prefix}/share' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi case "$ac_option" in -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) ac_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case "$ac_option" in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir="$ac_optarg" ;; -build | --build | --buil | --bui | --bu) ac_prev=build ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build="$ac_optarg" ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file="$ac_optarg" ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) datadir="$ac_optarg" ;; -disable-* | --disable-*) ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` eval "enable_${ac_feature}=no" ;; -enable-* | --enable-*) ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "enable_${ac_feature}='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix="$ac_optarg" ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he) # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat << EOF Usage: configure [options] [host] Options: [defaults in brackets after descriptions] Configuration: --cache-file=FILE cache test results in FILE --help print this message --no-create do not create output files --quiet, --silent do not print \`checking...' messages --version print the version of autoconf that created configure Directory and file names: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix] --bindir=DIR user executables in DIR [EPREFIX/bin] --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] --libexecdir=DIR program executables in DIR [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data in DIR [PREFIX/share] --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com] --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] --libdir=DIR object code libraries in DIR [EPREFIX/lib] --includedir=DIR C header files in DIR [PREFIX/include] --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] --infodir=DIR info documentation in DIR [PREFIX/info] --mandir=DIR man documentation in DIR [PREFIX/man] --srcdir=DIR find the sources in DIR [configure dir or ..] --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names EOF cat << EOF Host type: --build=BUILD configure for building on BUILD [BUILD=HOST] --host=HOST configure for HOST [guessed] --target=TARGET configure for TARGET [TARGET=HOST] Features and packages: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --x-includes=DIR X include files are in DIR --x-libraries=DIR X library files are in DIR EOF if test -n "$ac_help"; then echo "--enable and --with options recognized:$ac_help" fi exit 0 ;; -host | --host | --hos | --ho) ac_prev=host ;; -host=* | --host=* | --hos=* | --ho=*) host="$ac_optarg" ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir="$ac_optarg" ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir="$ac_optarg" ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir="$ac_optarg" ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir="$ac_optarg" ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir="$ac_optarg" ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir="$ac_optarg" ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir="$ac_optarg" ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix="$ac_optarg" ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix="$ac_optarg" ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix="$ac_optarg" ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name="$ac_optarg" ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir="$ac_optarg" ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir="$ac_optarg" ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site="$ac_optarg" ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir="$ac_optarg" ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir="$ac_optarg" ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target="$ac_optarg" ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers) echo "configure generated by autoconf version 2.12" exit 0 ;; -with-* | --with-*) ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "with_${ac_package}='$ac_optarg'" ;; -without-* | --without-*) ac_package=`echo $ac_option|sed -e 's/-*without-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` eval "with_${ac_package}=no" ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes="$ac_optarg" ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries="$ac_optarg" ;; -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } ;; *) if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then echo "configure: warning: $ac_option: invalid host type" 1>&2 fi if test "x$nonopt" != xNONE; then { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } fi nonopt="$ac_option" ;; esac done if test -n "$ac_prev"; then { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } fi trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 # File descriptor usage: # 0 standard input # 1 file creation # 2 errors and warnings # 3 some systems may open it to /dev/tty # 4 used on the Kubota Titan # 6 checking for... messages and results # 5 compiler messages saved in config.log if test "$silent" = yes; then exec 6>/dev/null else exec 6>&1 fi exec 5>./config.log echo "\ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. " 1>&5 # Strip out --no-create and --no-recursion so they do not pile up. # Also quote any args containing shell metacharacters. ac_configure_args= for ac_arg do case "$ac_arg" in -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) ac_configure_args="$ac_configure_args '$ac_arg'" ;; *) ac_configure_args="$ac_configure_args $ac_arg" ;; esac done # NLS nuisances. # Only set these to C if already set. These must not be set unconditionally # because not all systems understand e.g. LANG=C (notably SCO). # Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! # Non-C LC_CTYPE values break the ctype check. if test "${LANG+set}" = set; then LANG=C; export LANG; fi if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -rf conftest* confdefs.h # AIX cpp loses on an empty file, so make sure it contains at least a newline. echo > confdefs.h # A filename unique to this package, relative to the directory that # configure is in, which we can look for to find out if srcdir is correct. ac_unique_file=sniffit.h # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_prog=$0 ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } else { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } fi fi srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" else CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then echo "loading site script $ac_site_file" . "$ac_site_file" fi done if test -r "$cache_file"; then echo "loading cache $cache_file" . $cache_file else echo "creating cache $cache_file" > $cache_file fi ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then ac_n= ac_c=' ' ac_t=' ' else ac_n=-n ac_c= ac_t= fi else ac_n= ac_c='\c' ac_t= fi ac_aux_dir= for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do if test -f $ac_dir/install-sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f $ac_dir/install.sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break fi done if test -z "$ac_aux_dir"; then { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } fi ac_config_guess=$ac_aux_dir/config.guess ac_config_sub=$ac_aux_dir/config.sub ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. subdirs="libpcap" # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:548: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" break fi done IFS="$ac_save_ifs" fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:577: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" ac_prog_rejected=no for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" break fi done IFS="$ac_save_ifs" if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# -gt 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift set dummy "$ac_dir/$ac_word" "$@" shift ac_cv_prog_CC="$@" fi fi fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 echo "configure:625: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then ac_cv_prog_cc_cross=no else ac_cv_prog_cc_cross=yes fi else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 ac_cv_prog_cc_works=no fi rm -fr conftest* echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 echo "configure:659: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 echo "configure:664: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no fi fi echo "$ac_t""$ac_cv_prog_gcc" 1>&6 if test $ac_cv_prog_gcc = yes; then GCC=yes ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 echo "configure:688: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else echo 'void f(){}' > conftest.c if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then ac_cv_prog_cc_g=yes else ac_cv_prog_cc_g=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 if test "$ac_test_CFLAGS" = set; then CFLAGS="$ac_save_CFLAGS" elif test $ac_cv_prog_cc_g = yes; then CFLAGS="-g -O2" else CFLAGS="-O2" fi else GCC= test "${CFLAGS+set}" = set || CFLAGS="-g" fi NCURSES_PATH=/usr/include:/usr/include/ncurses:/usr/include/curses:/usr/local/include:/usr/local/include/ncurses:/usr/local/include/curses:./:./ncurses.h ncurses_warn=0 echo $ac_n "checking for main in -lncurses""... $ac_c" 1>&6 echo "configure:719: checking for main in -lncurses" >&5 ac_lib_var=`echo ncurses'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lncurses $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_lib=HAVE_LIB`echo ncurses | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` cat >> confdefs.h <&6 ncurses_warn=1 fi for ac_prog in ncurses.h do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:768: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_NCURSES_LOCATION'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$NCURSES_LOCATION" in /*) ac_cv_path_NCURSES_LOCATION="$NCURSES_LOCATION" # Let the user override the test with a path. ;; *) IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $NCURSES_PATH$ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_NCURSES_LOCATION="$ac_dir/$ac_word" break fi done IFS="$ac_save_ifs" ;; esac fi NCURSES_LOCATION="$ac_cv_path_NCURSES_LOCATION" if test -n "$NCURSES_LOCATION"; then echo "$ac_t""$NCURSES_LOCATION" 1>&6 else echo "$ac_t""no" 1>&6 fi test -n "$NCURSES_LOCATION" && break done test -n "$NCURSES_LOCATION" || NCURSES_LOCATION="no" if test "$NCURSES_LOCATION" != no; then echo "#include \"$NCURSES_LOCATION\"" >sn_curses.h cat >> confdefs.h <<\EOF #define HAVE_NCURSES_H 1 EOF else ncurses_warn=1 fi if test $ncurses_warn -ne 0; then echo "configure: warning: Interactive mode (-i/-I) will NOT be supported.!" 1>&2 echo "configure: warning: Install ncurses!" 1>&2 fi for ac_func in shmget do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 echo "configure:818: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF if { (eval echo configure:846: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done for ac_func in atexit do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 echo "configure:874: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF if { (eval echo configure:902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done echo $ac_n "checking size of unsigned short int""... $ac_c" 1>&6 echo "configure:928: checking size of unsigned short int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_short_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() { FILE *f=fopen("conftestval", "w"); if (!f) exit(1); fprintf(f, "%d\n", sizeof(unsigned short int)); exit(0); } EOF if { (eval echo configure:947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_unsigned_short_int=`cat conftestval` else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_sizeof_unsigned_short_int=0 fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_sizeof_unsigned_short_int" 1>&6 cat >> confdefs.h <&6 echo "configure:972: checking size of unsigned long int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_long_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() { FILE *f=fopen("conftestval", "w"); if (!f) exit(1); fprintf(f, "%d\n", sizeof(unsigned long int)); exit(0); } EOF if { (eval echo configure:991: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_unsigned_long_int=`cat conftestval` else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_sizeof_unsigned_long_int=0 fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_sizeof_unsigned_long_int" 1>&6 cat >> confdefs.h <> confdefs.h <<\EOF #define USE_32_LONG_INT 1 EOF else echo "unsigned long is NOT 4 bytes... hmmm..." echo $ac_n "checking size of unsigned int""... $ac_c" 1>&6 echo "configure:1018: checking size of unsigned int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_unsigned_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() { FILE *f=fopen("conftestval", "w"); if (!f) exit(1); fprintf(f, "%d\n", sizeof(unsigned int)); exit(0); } EOF if { (eval echo configure:1037: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_unsigned_int=`cat conftestval` else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -fr conftest* ac_cv_sizeof_unsigned_int=0 fi rm -fr conftest* fi fi echo "$ac_t""$ac_cv_sizeof_unsigned_int" 1>&6 cat >> confdefs.h <> confdefs.h <<\EOF #define USE_32_INT 1 EOF fi fi # Do some error checking and defaulting for the host and target type. # The inputs are: # configure --host=HOST --target=TARGET --build=BUILD NONOPT # # The rules are: # 1. You are not allowed to specify --host, --target, and nonopt at the # same time. # 2. Host defaults to nonopt. # 3. If nonopt is not specified, then host defaults to the current host, # as determined by config.guess. # 4. Target and build default to nonopt. # 5. If nonopt is not specified, then target and build default to host. # The aliases save the names the user supplied, while $host etc. # will get canonicalized. case $host---$target---$nonopt in NONE---*---* | *---NONE---* | *---*---NONE) ;; *) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; esac # Make sure we can run config.sub. if $ac_config_sub sun4 >/dev/null 2>&1; then : else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 echo "configure:1096: checking host system type" >&5 host_alias=$host case "$host_alias" in NONE) case $nonopt in NONE) if host_alias=`$ac_config_guess`; then : else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } fi ;; *) host_alias=$nonopt ;; esac ;; esac host=`$ac_config_sub $host_alias` host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$host" 1>&6 echo $ac_n "checking target system type""... $ac_c" 1>&6 echo "configure:1117: checking target system type" >&5 target_alias=$target case "$target_alias" in NONE) case $nonopt in NONE) target_alias=$host_alias ;; *) target_alias=$nonopt ;; esac ;; esac target=`$ac_config_sub $target_alias` target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$target" 1>&6 echo $ac_n "checking build system type""... $ac_c" 1>&6 echo "configure:1135: checking build system type" >&5 build_alias=$build case "$build_alias" in NONE) case $nonopt in NONE) build_alias=$host_alias ;; *) build_alias=$nonopt ;; esac ;; esac build=`$ac_config_sub $build_alias` build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$build" 1>&6 test "$host_alias" != "$target_alias" && test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- case "$target_os" in linux*) cat >> confdefs.h <<\EOF #define LINUX 1 EOF OS_OPT= ;; sunos*) cat >> confdefs.h <<\EOF #define SUNOS 1 EOF echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 echo "configure:1172: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_lib=HAVE_LIB`echo socket | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` cat >> confdefs.h <&6 fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 echo "configure:1215: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_lib=HAVE_LIB`echo nsl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` cat >> confdefs.h <&6 fi OS_OPT= ;; solaris*) cat >> confdefs.h <<\EOF #define SUNOS 1 EOF echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 echo "configure:1266: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_lib=HAVE_LIB`echo socket | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` cat >> confdefs.h <&6 fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 echo "configure:1309: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=no" fi rm -f conftest* LIBS="$ac_save_LIBS" fi if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_lib=HAVE_LIB`echo nsl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` cat >> confdefs.h <&6 fi OS_OPT= ;; hpux*) cat >> confdefs.h <<\EOF #define HPUX 1 EOF OS_OPT= ;; irix*) cat >> confdefs.h <<\EOF #define IRIX 1 EOF OS_OPT= ;; freebsd*) cat >> confdefs.h <<\EOF #define FREEBSD 1 EOF OS_OPT= ;; netbsd*) cat >> confdefs.h <<\EOF #define NETBSD 1 EOF OS_OPT= ;; *) echo "NOT A SUPPORTED SYSTEM / OR SYSTEM NOT RECOGNISED" echo "Contact if you feel it might be a bug." exit ;; esac trap '' 1 2 15 cat > confcache <<\EOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs. It is not useful on other systems. # If it contains results you don't want to keep, you may remove or edit it. # # By default, configure uses ./config.cache as the cache file, # creating it if it does not exist already. You can give configure # the --cache-file=FILE option to use a different cache file; that is # what configure does when it calls configure scripts in # subdirectories, so they share the cache. # Giving --cache-file=/dev/null disables caching, for debugging configure. # config.status only pays attention to the cache file if you give it the # --recheck option to rerun configure. # EOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | case `(ac_space=' '; set) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote substitution # turns \\\\ into \\, and sed turns \\ into \). sed -n \ -e "s/'/'\\\\''/g" \ -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" ;; *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' ;; esac >> confcache if cmp -s $cache_file confcache; then : else if test -w $cache_file; then echo "updating cache $cache_file" cat confcache > $cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Any assignment to VPATH causes Sun make to only execute # the first set of double-colon rules, so remove it if not needed. # If there is a colon in the path, we need to keep it. if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' fi trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. cat > conftest.defs <<\EOF s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g s%\[%\\&%g s%\]%\\&%g s%\$%$$%g EOF DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` rm -f conftest.defs # Without the "./", some shells look in PATH for config.status. : ${CONFIG_STATUS=./config.status} echo creating $CONFIG_STATUS rm -f $CONFIG_STATUS cat > $CONFIG_STATUS </dev/null | sed 1q`: # # $0 $ac_configure_args # # Compiler output produced by configure, useful for debugging # configure, is in ./config.log if it exists. ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" for ac_option do case "\$ac_option" in -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) echo "$CONFIG_STATUS generated by autoconf version 2.12" exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; *) echo "\$ac_cs_usage"; exit 1 ;; esac done ac_given_srcdir=$srcdir trap 'rm -fr `echo "Makefile" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF $ac_vpsub $extrasub s%@CFLAGS@%$CFLAGS%g s%@CPPFLAGS@%$CPPFLAGS%g s%@CXXFLAGS@%$CXXFLAGS%g s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g s%@exec_prefix@%$exec_prefix%g s%@prefix@%$prefix%g s%@program_transform_name@%$program_transform_name%g s%@bindir@%$bindir%g s%@sbindir@%$sbindir%g s%@libexecdir@%$libexecdir%g s%@datadir@%$datadir%g s%@sysconfdir@%$sysconfdir%g s%@sharedstatedir@%$sharedstatedir%g s%@localstatedir@%$localstatedir%g s%@libdir@%$libdir%g s%@includedir@%$includedir%g s%@oldincludedir@%$oldincludedir%g s%@infodir@%$infodir%g s%@mandir@%$mandir%g s%@subdirs@%$subdirs%g s%@CC@%$CC%g s%@NCURSES_LOCATION@%$NCURSES_LOCATION%g s%@host@%$host%g s%@host_alias@%$host_alias%g s%@host_cpu@%$host_cpu%g s%@host_vendor@%$host_vendor%g s%@host_os@%$host_os%g s%@target@%$target%g s%@target_alias@%$target_alias%g s%@target_cpu@%$target_cpu%g s%@target_vendor@%$target_vendor%g s%@target_os@%$target_os%g s%@build@%$build%g s%@build_alias@%$build_alias%g s%@build_cpu@%$build_cpu%g s%@build_vendor@%$build_vendor%g s%@build_os@%$build_os%g s%@OS_OPT@%$OS_OPT%g CEOF EOF cat >> $CONFIG_STATUS <<\EOF # Split the substitutions into bite-sized pieces for seds with # small command number limits, like on Digital OSF/1 and HP-UX. ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. ac_file=1 # Number of current file. ac_beg=1 # First line for current file. ac_end=$ac_max_sed_cmds # Line after last line for current file. ac_more_lines=: ac_sed_cmds="" while $ac_more_lines; do if test $ac_beg -gt 1; then sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file else sed "${ac_end}q" conftest.subs > conftest.s$ac_file fi if test ! -s conftest.s$ac_file; then ac_more_lines=false rm -f conftest.s$ac_file else if test -z "$ac_sed_cmds"; then ac_sed_cmds="sed -f conftest.s$ac_file" else ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" fi ac_file=`expr $ac_file + 1` ac_beg=$ac_end ac_end=`expr $ac_end + $ac_max_sed_cmds` fi done if test -z "$ac_sed_cmds"; then ac_sed_cmds=cat fi EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case "$ac_file" in *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; *) ac_file_in="${ac_file}.in" ;; esac # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. # Remove last slash and all that follows it. Not all systems have dirname. ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then # The file is in a subdirectory. test ! -d "$ac_dir" && mkdir "$ac_dir" ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" # A "../" for each directory in $ac_dir_suffix. ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` else ac_dir_suffix= ac_dots= fi case "$ac_given_srcdir" in .) srcdir=. if test -z "$ac_dots"; then top_srcdir=. else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; *) # Relative path. srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" top_srcdir="$ac_dots$ac_given_srcdir" ;; esac echo creating "$ac_file" rm -f "$ac_file" configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." case "$ac_file" in *Makefile*) ac_comsub="1i\\ # $configure_input" ;; *) ac_comsub= ;; esac ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` sed -e "$ac_comsub s%@configure_input@%$configure_input%g s%@srcdir@%$srcdir%g s%@top_srcdir@%$top_srcdir%g " $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file fi; done rm -f conftest.s* EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF exit 0 EOF chmod +x $CONFIG_STATUS rm -fr confdefs* $ac_clean_files test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 if test "$no_recursion" != yes; then # Remove --cache-file and --srcdir arguments so they do not pile up. ac_sub_configure_args= ac_prev= for ac_arg in $ac_configure_args; do if test -n "$ac_prev"; then ac_prev= continue fi case "$ac_arg" in -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) ;; *) ac_sub_configure_args="$ac_sub_configure_args $ac_arg" ;; esac done for ac_config_dir in libpcap; do # Do not complain, so a configure script can configure whichever # parts of a large source tree are present. if test ! -d $srcdir/$ac_config_dir; then continue fi echo configuring in $ac_config_dir case "$srcdir" in .) ;; *) if test -d ./$ac_config_dir || mkdir ./$ac_config_dir; then :; else { echo "configure: error: can not create `pwd`/$ac_config_dir" 1>&2; exit 1; } fi ;; esac ac_popdir=`pwd` cd $ac_config_dir # A "../" for each directory in /$ac_config_dir. ac_dots=`echo $ac_config_dir|sed -e 's%^\./%%' -e 's%[^/]$%&/%' -e 's%[^/]*/%../%g'` case "$srcdir" in .) # No --srcdir option. We are building in place. ac_sub_srcdir=$srcdir ;; /*) # Absolute path. ac_sub_srcdir=$srcdir/$ac_config_dir ;; *) # Relative path. ac_sub_srcdir=$ac_dots$srcdir/$ac_config_dir ;; esac # Check for guested configure; otherwise get Cygnus style configure. if test -f $ac_sub_srcdir/configure; then ac_sub_configure=$ac_sub_srcdir/configure elif test -f $ac_sub_srcdir/configure.in; then ac_sub_configure=$ac_configure else echo "configure: warning: no configuration information is in $ac_config_dir" 1>&2 ac_sub_configure= fi # The recursion is here. if test -n "$ac_sub_configure"; then # Make the cache file name correct relative to the subdirectory. case "$cache_file" in /*) ac_sub_cache_file=$cache_file ;; *) # Relative path. ac_sub_cache_file="$ac_dots$cache_file" ;; esac echo "running ${CONFIG_SHELL-/bin/sh} $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_sub_srcdir" # The eval makes quoting arguments work. if eval ${CONFIG_SHELL-/bin/sh} $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_sub_srcdir then : else { echo "configure: error: $ac_sub_configure failed for $ac_config_dir" 1>&2; exit 1; } fi fi cd $ac_popdir done fi sniffit.0.3.7.beta/configure.in100644 1750 1750 4336 6553423606 15121 0ustar codercoderdnl Sniffit configure.in File dnl - by: Brecht Claerhout dnl dnl GNU Autoconf file AC_INIT(sniffit.h) dnl Config of libpcap AC_CONFIG_SUBDIRS(libpcap) dnl Check the C compiler AC_PROG_CC dnl Check NCURSES availability NCURSES_PATH=/usr/include:/usr/include/ncurses:/usr/include/curses:/usr/local/include:/usr/local/include/ncurses:/usr/local/include/curses:./:./ncurses.h ncurses_warn=0 AC_CHECK_LIB(ncurses,main,,ncurses_warn=1) AC_PATH_PROGS(NCURSES_LOCATION,ncurses.h,no,$NCURSES_PATH) if test "$NCURSES_LOCATION" != no; then echo "#include \"$NCURSES_LOCATION\"" >sn_curses.h AC_DEFINE(HAVE_NCURSES_H,1) else ncurses_warn=1 fi dnl Print warning for interactive mode if test $ncurses_warn -ne 0; then AC_MSG_WARN(Interactive mode (-i/-I) will NOT be supported.!) AC_MSG_WARN(Install ncurses!) fi dnl Check Shared Memory support AC_CHECK_FUNCS(shmget) dnl exit function check AC_CHECK_FUNCS(atexit) dnl Check the datalength AC_CHECK_SIZEOF(unsigned short int) if test $ac_cv_sizeof_unsigned_short_int -ne 2; then echo "unsigned short is NOT 2 bytes... quiting" exit fi AC_CHECK_SIZEOF(unsigned long int) if test $ac_cv_sizeof_unsigned_long_int -eq 4; then AC_DEFINE(USE_32_LONG_INT) else echo "unsigned long is NOT 4 bytes... hmmm..." AC_CHECK_SIZEOF(unsigned int) if test $ac_cv_sizeof_unsigned_int -ne 4; then echo "unsigned int is NOT 4 bytes either... quiting" exit else AC_DEFINE(USE_32_INT) fi fi dnl Check the OS AC_CANONICAL_SYSTEM case "$target_os" in linux*) AC_DEFINE(LINUX) OS_OPT= AC_SUBST(OS_OPT) ;; sunos*) AC_DEFINE(SUNOS) AC_CHECK_LIB(socket,main) AC_CHECK_LIB(nsl,main) OS_OPT= AC_SUBST(OS_OPT) ;; solaris*) AC_DEFINE(SUNOS) AC_CHECK_LIB(socket,main) AC_CHECK_LIB(nsl,main) OS_OPT= AC_SUBST(OS_OPT) ;; hpux*) AC_DEFINE(HPUX) OS_OPT= AC_SUBST(OS_OPT) ;; irix*) AC_DEFINE(IRIX) OS_OPT= AC_SUBST(OS_OPT) ;; freebsd*) AC_DEFINE(FREEBSD) OS_OPT= AC_SUBST(OS_OPT) ;; netbsd*) AC_DEFINE(NETBSD) OS_OPT= AC_SUBST(OS_OPT) ;; *) echo "NOT A SUPPORTED SYSTEM / OR SYSTEM NOT RECOGNISED" echo "Contact if you feel it might be a bug." exit ;; esac dnl FINISHED! AC_OUTPUT(Makefile) sniffit.0.3.7.beta/dns_plugin.plug100644 1750 1750 11363 6553423606 15661 0ustar codercoder/* Sniffit Plugin example */ /* - by: Brecht Claerhout */ /* */ /* This Plugin scans for DNS packets and decodes them. */ /* It is used to demonstrate how you can easily add your own features */ /* without having to worry about the packet intercepting and filtering. */ /* Plus the fact that all other features of Sniffit remain functional, */ /* and that multiple plugins are combinable. */ struct PL_DNS_header { unsigned short id, flags; unsigned short nr_quest, nr_answ_RR, nr_auth_RR, nr_add_RR; }; int PL_pos_max; #define PL_DNS_QR 0x8000 #define PL_DNS_OPCODE 0x7800 #define PL_DNS_AA 0x0400 #define PL_DNS_TC 0x0200 #define PL_DNS_RD 0x0100 #define PL_DNS_RA 0x0080 #define PL_DNS_RCODE 0x000F void PL_DNS_error(void) { printf("\n\nSorry... could not decode the DNS packet!\n\n"); } int PL_DNS_decode(char *buf, int start_pos,char *string, int start_string) { int count, pos, i, j; unsigned short offset; j=start_string; pos=start_pos; if(pos > PL_pos_max) return -1; if( (count=(buf[pos]&63))!=buf[pos] ) { offset= ((short)(buf[pos]&63)*256) + ((short)(buf[pos+1])&0xFF); if(offset > PL_pos_max+12) return -1; if(PL_DNS_decode(buf,offset-12,string,j)<0) return -1; pos++; goto end_field; } while(count!=0) { for(i=0;i PL_pos_max) return -1; if(string==NULL) {printf("%c",buf[pos]);} else {string[j]=buf[pos];string[j+1]=0;j++;} } printf("."); pos++; if( (count=(buf[pos]&63))!=buf[pos] ) { offset= ((short)(buf[pos]&63)*256) + ((short)(buf[pos+1])&0xFF); if(PL_DNS_decode(buf,offset-12,string,j)<0) return -1; pos++; goto end_field; } } end_field: pos++; return pos; } void PL_DNS_plugin (struct Plugin_data *PLD) { struct IP_header *dns_iphead; struct UDP_header *dns_udphead; struct PL_DNS_header *dns_dnshead; int i, j, dec_pos, answers, count, udp_start, len; long pos; unsigned char *so,*dest, *dns_p, *dns_buffer; unsigned short fl, *r_dlen; unsigned short *type, *class; dns_buffer=PLD->PL_packet; udp_start = PLD->PL_info.IP_len; len=PLD->PL_info.IP_len + PLD->PL_info.UDP_len + PLD->PL_info.DATA_len; dns_iphead= (struct IP_header *) dns_buffer; dns_udphead= (struct UDP_header *) (dns_buffer+udp_start); dns_dnshead= (struct DNS_header *) (dns_buffer+udp_start+sizeof(struct UDP_header)); PL_pos_max = PLD->PL_info.DATA_len - 12; so=(unsigned char *)&(dns_iphead->source); dest=(unsigned char *)&(dns_iphead->destination); if((ntohs(dns_udphead->source)!=53)&&(ntohs(dns_udphead->destination)!=53)) return; printf("DNS Sniffit Plugin Report:\n"); printf("Packet: %u.%u.%u.%u %u -> %u.%u.%u.%u %u\n", so[0],so[1],so[2],so[3],ntohs(dns_udphead->source), dest[0],dest[1],dest[2],dest[3],ntohs(dns_udphead->destination)); printf("ID: %d \n",ntohs(dns_dnshead->id)); fl=ntohs(dns_dnshead->flags); printf(" STATUS: %s ",(fl & PL_DNS_QR)? "Answer": "Query"); printf("(opcode: %X) , ",(fl & PL_DNS_OPCODE)>>11); printf("%s , ",(fl & PL_DNS_AA)? "Auth. A.": ""); printf("%s , ",(fl & PL_DNS_TC)? "TRUNC": ""); printf("%s , ",(fl & PL_DNS_RD)? "Rec. Desired": ""); printf("%s , ",(fl & PL_DNS_RA)? "rec. Avail.": "rec. NOT Av."); printf("ret: %d\n",(fl & PL_DNS_RCODE)); printf(" Q: %d Answ: %d Auth: %d Add: %d", ntohs(dns_dnshead->nr_quest), ntohs(dns_dnshead->nr_answ_RR), ntohs(dns_dnshead->nr_auth_RR), ntohs(dns_dnshead->nr_add_RR)); dns_p=(dns_buffer+udp_start+sizeof(struct UDP_header)+12); dec_pos=0; for(i=0;inr_quest);i++) { printf("\n Query: "); dec_pos=PL_DNS_decode(dns_p,dec_pos,NULL,0); if(dec_pos<0) {PL_DNS_error(); return;} type=(unsigned short *) &(dns_p[dec_pos]); class=(unsigned short *) &(dns_p[dec_pos+2]); printf("\n Type: %d Class: %s",ntohs(*type),(ntohs(*class))?"IP":"Unknown"); dec_pos+=4; } if(fl & PL_DNS_TC) { printf("Truncated packet, not displayed...\n"); return; } /* dec_pos at beginning first answer field */ answers=ntohs(dns_dnshead->nr_answ_RR)+ntohs(dns_dnshead->nr_auth_RR)+ ntohs(dns_dnshead->nr_add_RR); for(i=0;iPL_info.IP_len); if(PLD->PL_info.TCP_len!=0) { printf(" TCP header: %d bytes / %d Databytes\n",PLD->PL_info.TCP_len, PLD->PL_info.DATA_len); } if(PLD->PL_info.UDP_len!=0) { printf(" UDP header: %d bytes / %d Databytes\n",PLD->PL_info.UDP_len, PLD->PL_info.DATA_len); } } sniffit.0.3.7.beta/install-sh100755 1750 1750 12721 6553423606 14631 0ustar codercoder#! /bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 sniffit.0.3.7.beta/libpcap/ 42755 1750 1750 0 6553423606 14121 5ustar codercodersniffit.0.3.7.beta/libpcap/CHANGES100444 1750 1750 21252 6553423606 15227 0ustar codercoder@(#) $Header: CHANGES,v 1.45 98/01/30 18:29:39 leres Exp $ (LBL) v0.4 Fri Jan 30 17:27:14 PST 1998 - Fix endian problem with DLT_NULL devices. From FreeBSD via Bill Fenner (fenner@parc.xerox.com) - Fix alignment problem with FDDI under DLPI. This was causing core dumps under Solaris. - Added configure options to disable flex and bison. Resulted from a bug report by barnett@grymoire.crd.ge.com (Bruce Barnett). Also added options to disable gcc and to force a particular packet capture type. - Added support for Fore ATM interfaces (qaa and fa) under IRIX. Thanks to John Hawkinson (jhawk@mit.edu) - Change Linux PPP and SLIP to use DLT_RAW since the kernel does not supply any "link layer" data. - Change Linux to use SIOCGIFHWADDR ioctl to determine link layer type. Thanks to Thomas Sailer (sailer@ife.ee.ethz.ch) - Change IRIX PPP to use DLT_RAW since the kernel does not supply any "link layer" data. - Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header formats. - Added some new SGI snoop interface types. Thanks to Steve Alexander (sca@refugee.engr.sgi.com) - Fixes for HP-UX 10.20 (which is similar to HP-UX 9). Thanks to Richard Allen (ra@hp.is) and Steinar Haug (sthaug@nethelp.no) - Fddi supports broadcast as reported by Jeff Macdonald (jeff@iacnet.com). Also correct ieee802 and arcnet. - Determine Linux pcap buffer size at run time or else it might not be big enough for some interface types (e.g. FDDI). Thanks to Jes Sorensen (Jes.Sorensen@cern.ch) - Fix some linux alignment problems. - Document promisc argument to pcap_open_live(). Reported by Ian Marsh (ianm@sics.se) - Support Metricom radio packets under Linux. Thanks to Kevin Lai (laik@gunpowder.stanford.edu) - Bind to interface name under Linux to avoid packets from multiple interfaces on multi-homed hosts. Thanks to Kevin Lai (laik@gunpowder.stanford.edu) - Change L_SET to SEEK_SET for HP-UX. Thanks to Roland Roberts (rroberts@muller.com) - Fixed an uninitialized memory reference found by Kent Vander Velden (graphix@iastate.edu) - Fixed lex pattern for IDs to allow leading digits. As reported by Theo de Raadt (deraadt@cvs.openbsd.org) - Fixed Linux include file problems when using GNU libc. - Ifdef ARPHRD_FDDI since not all versions of the Linux kernel have it. Reported reported by Eric Jacksch (jacksch@tenebris.ca) - Fixed bug in pcap_dispatch() that kept it from returning on packet timeouts. - Changed ISLOOPBACK() macro when IFF_LOOPBACK isn't available to check for "lo" followed by an eos or digit (newer versions of Linux apparently call the loopback "lo" instead of "lo0"). - Fixed Linux networking include files to use ints instead of longs to avoid problems with 64 bit longs on the alpha. Thanks to Cristian Gafton (gafton@redhat.com) v0.3 Sat Nov 30 20:56:27 PST 1996 - Added Linux support. - Fixed savefile bugs. - Solaris x86 fix from Tim Rylance (t.rylance@elsevier.nl) - Add support for bpf kernel port filters. - Remove duplicate atalk protocol table entry. Thanks to Christian Hopps (chopps@water.emich.edu) - Fixed pcap_lookupdev() to ignore nonexistent devices. This was reported to happen under BSD/OS by David Vincenzetti (vince@cryptonet.it) - Avoid solaris compiler warnings. Thanks to Bruce Barnett (barnett@grymoire.crd.ge.com) v0.2.1 Sun Jul 14 03:02:26 PDT 1996 - Fixes for HP-UX 10. Thanks in part to to Thomas Wolfram (wolf@prz.tu-berlin.de) and Rick Jones (raj@hpisrdq.cup.hp.com) - Added support for SINIX. Thanks to Andrej Borsenkow (borsenkow.msk@sni.de) - Fixes for AIX (although this system is not yet supported). Thanks to John Hawkinson (jhawk@mit.edu) - Use autoconf's idea of the top level directory in install targets. Thanks to John Hawkinson. - Add missing autoconf packet capture result message. Thanks to Bill Fenner (fenner@parc.xerox.com) - Fixed padding problems in the pf module. - Fixed some more alignment problems on the alpha. - Added explicit netmask support. Thanks to Steve Nuchia (steve@research.oknet.com) - Fixed to handle raw ip addresses such as 0.0.0.1 without "left justifing" - Add "sca" keyword (for DEC cluster services) as suggested by Terry Kennedy (terry@spcvxa.spc.edu) - Add "atalk" keyword as suggested by John Hawkinson. - Add "igrp" keyword. - Fixed HID definition in grammar.y to be a string, not a value. - Use $CC when checking gcc version. Thanks to Carl Lindberg (carl_lindberg@blacksmith.com) - Removed obsolete reference to pcap_immediate() from the man page. Michael Stolarchuk (mts@terminator.rs.itd.umich.edu) - DLT_NULL has a 4 byte family header. Thanks to Jeffrey Honig (jch@bsdi.com) v0.2 Sun Jun 23 02:28:42 PDT 1996 - Add support for HP-UX. Resulted from code contributed by Tom Murray (tmurray@hpindck.cup.hp.com) and Philippe-Andri Prindeville (philipp@res.enst.fr) - Update INSTALL with a reminder to install include files. Thanks to Mark Andrews (mandrews@aw.sgi.com) - Fix bpf compiler alignment bug on the alpha. - Use autoconf to detect architectures that can't handle misaligned accesses. - Added loopback support for snoop. Resulted from report Steve Alexander (sca@engr.sgi.com) v0.1 Fri Apr 28 18:11:03 PDT 1995 - Fixed compiler and optimizer bugs. The BPF filter engine uses unsigned comparison operators, while the code generator and optimizer assumed signed semantics in several places. Thanks to Charlie Slater (cslater@imatek.com) for pointing this out. - Removed FDDI ifdef's, they aren't really needed. Resulted from report by Gary Veum (veum@boa.gsfc.nasa.gov). - Add pcap-null.c which allows offline use of libpcap on systems that don't support live package capture. This feature resulting from a request from Jan van Oorschot (j.p.m.voorschot@et.tudelft.nl). - Make bpf_compile() reentrant. Fix thanks to Pascal Hennequin (Pascal.Hennequin@hugo.int-evry.fr). - Port to GNU autoconf. - Fix pcap-dlpi.c to work with isdn. Resulted from report by Flemming Johansen (fsj@csd.cri.dk). - Handle multi-digit interface unit numbers (aka ppa's) under dlpi. Resulted from report by Daniel Ehrlich (ehrlich@cse.psu.edu). - Fix pcap-dlpi.c to work in non-promiscuous mode. Resulted from report by Jeff Murphy (jcmurphy@acsu.buffalo.edu). - Add support for "long jumps". Thanks to Jeffrey Mogul (mogul@pa.dec.com). - Fix minor problems when compiling with BDEBUG as noticed by Scott Bertilson (scott@unet.umn.edu). - Declare sys_errlist "const char *const" to avoid problems under FreeBSD. Resulted from report by jher@eden.com. v0.0.6 Fri Apr 28 04:07:13 PDT 1995 - Add missing variable declaration missing from 0.0.6 v0.0.5 Fri Apr 28 00:22:21 PDT 1995 - Workaround for problems when pcap_read() returns 0 due to the timeout expiring. v0.0.4 Thu Apr 20 20:41:48 PDT 1995 - Change configuration to not use gcc v2 flags with gcc v1. - Fixed a bug in pcap_next(); if pcap_dispatch() returns 0, pcap_next() should also return 0. Thanks to Richard Stevens (rstevens@noao.edu). - Fixed configure to test for snoop before dlpi to avoid problems under IRIX 5. Thanks to J. Eric Townsend (jet@abulafia.genmagic.com). - Hack around deficiency in Ultrix's make. - Fix two bugs related to the Solaris pre-5.3.2 bufmod bug; handle savefiles that have more than snapshot bytes of data in them (so we can read old savefiles) and avoid writing such files. - Added checkioctl which is used with gcc to check that the "fixincludes" script has been run. v0.0.3 Tue Oct 18 18:13:46 PDT 1994 - Fixed configure to test for snoop before dlpi to avoid problems under IRIX 5. Thanks to J. Eric Townsend (jet@abulafia.genmagic.com). v0.0.2 Wed Oct 12 20:56:37 PDT 1994 - Implement timeout in the dlpi pcap_open_live(). Thanks to Richard Stevens. - Determine pcap link type from dlpi media type. Resulted from report by Mahesh Jethanandani (mahesh@npix.com). v0.0.1 Fri Jun 24 14:50:57 PDT 1994 - Fixed bug in nit_setflags() in pcap-snit.c. The streams ioctl timeout wasn't being initialized sometimes resulting in an "NIOCSFLAGS: Invalid argument" error under OSF/1. Reported by Matt Day (mday@artisoft.com) and Danny Mitzel (dmitzel@whitney.hitc.com). - Turn on FDDI support by default. v0.0 Mon Jun 20 19:20:16 PDT 1994 - Initial release. - Fixed bug with greater/less keywords, reported by Mark Andrews (mandrews@alias.com). - Fix bug where '|' was defined as BPF_AND instead of BPF_OR, reported by Elan Amir (elan@leeb.cs.berkeley.edu). - Machines with little-endian byte ordering are supported thanks to Jeff Mogul. - Add hack for version 2.3 savefiles which don't have caplen and len swapped thanks to Vern Paxson. - Added "&&" and "||" aliases for "and" and "or" thanks to Vern Paxson. - Added length, inbound and outbound keywords. sniffit.0.3.7.beta/libpcap/FILES100444 1750 1750 1114 6553423606 14774 0ustar codercoderCHANGES FILES INSTALL Makefile.in README SUNOS4 VERSION aclocal.m4 bpf/net/bpf.h bpf/net/bpf_filter.c bpf_image.c config.guess config.sub configure configure.in etherent.c ethertype.h gencode.c gencode.h grammar.y inet.c install-sh lbl/gnuc.h lbl/os-solaris2.h lbl/os-sunos4.h lbl/os-ultrix4.h linux-include/netinet/if_ether.h linux-include/netinet/ip_var.h mkdep nametoaddr.c optimize.c pcap-bpf.c pcap-dlpi.c pcap-enet.c pcap-int.h pcap-linux.c pcap-namedb.h pcap-nit.c pcap-nit.h pcap-null.c pcap-pf.c pcap-pf.h pcap-snit.c pcap-snoop.c pcap.3 pcap.c pcap.h ppp.h savefile.c scanner.l sniffit.0.3.7.beta/libpcap/INSTALL100444 1750 1750 32572 6553423606 15274 0ustar codercoder@(#) $Header: INSTALL,v 1.41 97/10/22 20:50:47 leres Exp $ (LBL) To build libpcap, first customize any paths in Makefile.in, then run "./configure" (a shell script). The configure script will determine your system attributes and generate an appropriate Makefile from Makefile.in. Next run "make". If everything goes well you can su to root and run "make install", "make install-incl" and "make install-man". However, you need not install libpcap if you just want to build tcpdump; just make sure the tcpdump and libpcap directory trees have the same parent directory. If configure says: configure: warning: cannot determine packet capture interface configure: warning: (see INSTALL for more info) then your system either does not support packet capture or your system does support packet capture but libpcap does not support that particular type. (If you have HP-UX, see below.) If your system uses a packet capture not supported by libpcap, please send us patches; don't forget to include an autoconf fragment suitable for use in configure.in. It is possible to override the default packet capture type, although the circumstance where this works are limited. For example if you have installed bpf under SunOS 4 and wish to build a snit libpcap: ./configure --with-pcap=snit Another example is to force a supported packet capture type in the case where the configure scripts fails to detect it. You will need an ANSI C compiler to build libpcap. The configure script will abort if your compiler is not ANSI compliant. If this happens, use the GNU C compiler, available via anonymous ftp: ftp://prep.ai.mit.edu/pub/gnu/gcc-*.tar.gz Note well: If you use gcc, you may need to run its "fixincludes" script. Running fixincludes is not required with later versions of gcc and in some cases (e.g. Solaris 2.5) causes problems when run. The configure script will abort with: checking for ANSI ioctl definitions... yes configure: error: see the INSTALL for more info if it detects if the fixincludes needs to be run. If the fixincludes test in configure passes, you're probably ok. If you use flex, you must use version 2.4.6 or higher. The configure script automatically detects the version of flex and will not use it unless it is new enough. You can use "flex -V" to see what version you have (unless it's really old). The current version of flex is available via anonymous ftp: ftp://ftp.ee.lbl.gov/flex-*.tar.Z As of this writing, the current version is 2.5.4. If you use bison, you must use flex (and visa versa). The configure script automatically falls back to lex and yacc if both flex and bison are not found. Sometimes the stock C compiler does not interact well with flex and bison. The list of problems includes undefined references for alloca. You can get around this by installing gcc or manually disabling flex and bison with: ./configure --without-flex --without-bison If your system only has AT&T lex, this is okay unless your libpcap program uses other lex/yacc generated code. (Although it's possible to map the yy* identifiers with a script, we use flex and bison so we don't feel this is necessary.) Some systems support the Berkeley Packet Filter natively; for example out of the box OSF and BSD/OS have bpf. If your system does not support bpf, you will need to pick up: ftp://ftp.ee.lbl.gov/bpf-*.tar.Z Note well: you MUST have kernel source for your operating system in order to install bpf. An exception is SunOS 4; the bpf distribution includes replacement kernel objects for some of the standard SunOS 4 network device drivers. See the bpf INSTALL document for more information. If you use Solaris, there is a bug with bufmod(7) that is fixed in Solaris 2.3.2 (aka SunOS 5.3.2). Setting a snapshot length with the broken bufmod(7) results in data be truncated from the FRONT of the packet instead of the end. The work around is to not set a snapshot length but this results in performance problems since the entire packet is copied to user space. If you must run an older version of Solaris, there is a patch available from Sun; ask for bugid 1149065. After installing the patch, use "setenv BUFMOD_FIXED" to enable use of bufmod(7). However, we recommend you run a more current release of Solaris. If you use the SPARCompiler, you must be careful to not use the /usr/ucb/cc interface. If you do, you will get bogus warnings and perhaps errors. Either make sure your path has /opt/SUNWspro/bin before /usr/ucb or else: setenv CC /opt/SUNWspro/bin/cc before running configure. (You might have to do a "make distclean" if you already ran configure once). Also note that "make depend" won't work; while all of the known universe uses -M, the SPARCompiler uses -xM to generate makefile dependencies. If you are trying to do packet capture with a FORE ATM card, you may or may not be able to. They usually only release their driver in object code so unless their driver supports packet capture, there's not much libpcap can do. If you get an error like: tcpdump: recv_ack: bind error 0x??? when using DLPI, look for the DL_ERROR_ACK error return values, usually in /usr/include/sys/dlpi.h, and find the corresponding value. Under OSF, packet capture must be enabled before it can be used. For instructions on how to enable packet filter support, see: ftp://ftp.digital.com/pub/Digital/dec-faq/Digital-UNIX Once you enable packet filter support, your OSF system will support bpf natively. Under Ultrix, packet capture must be enabled before it can be used. For instructions on how to enable packet filter support, see: ftp://ftp.digital.com/pub/Digital/dec-faq/ultrix If you use HP-UX, you must have at least version 9 and either the version of cc that supports ANSI C (cc -Aa) or else use the GNU C compiler. You must also buy the optional streams package. If you don't have: /usr/include/sys/dlpi.h /usr/include/sys/dlpi_ext.h then you don't have the streams package. In addition, we believe you need to install the "9.X LAN and DLPI drivers cumulative" patch (PHNE_6855) to make the version 9 DLPI work with libpcap. It's been reported that the DLPI streams package is standard starting with HP-UX 10. The HP implementation of DLPI is a little bit eccentric. Unlike Solaris, you must attach /dev/dlpi instead of the specific /dev/* network pseudo device entry in order to capture packets. The ppa is based on the ifnet "index" number. Under HP-UX 9, it is necessary to read /dev/kmem and the kernel symbol file (/hp-ux). Under HP-UX 10, dlpi can provide information for determining the ppa. It does not seem to be possible to trace the loopback interface. Unlike other DLPI implementations, PHYS implies MULTI and SAP and you get an error if you try to enable more than one promiscous more than one promiscuous mode at a time. Finally, testing shows that there can't be more than one simultaneous dlpi user per network interface and you cannot capture outbound packets. If you use Linux, this version of libpcap is known to compile and run under Red Hat 4.0 with the 2.0.25 kernel. It may work with earlier 2.X versions but is guaranteed not to work with 1.X kernels. Running more than one libpcap program at a time can cause problems since promiscuous mode is implemented by twiddlin the interface flags from the libpcap application. Also, packet timestamps aren't very good. This appears to be due to haphazard handling of the timestamp in the kernel. Note well: there is rumoured to be a version of tcpdump floating around called 3.0.3 that includes libpcap and is supposed to support Linux. You should be advised that the Network Research Group at LBNL never generated a release with this version number. We note with interest that a standard cracker trick to get people to install trojans is to distribute bogus packages that have a version number higher than the current release. We also note with annoyance that 90% of the Linux related bug reports we get are due to changes made to unofficial versions of our page. If you are having trouble but aren't using a version that came from ftp.ee.lbl.gov, please try that before submitting a bug report! If you use AIX, you may not be able to build libpcap from this release. Although AIX 4 ships with tcpdump, it is an old version that predates libpcap. We do not have an AIX system in house so it's impossible for us to test AIX patches submitted to us. We are told that you must like against /lib/pse.exp, that you must use AIX cc or a GNU C compiler newer than 2.7.2 and that you may need to run strload before running a libpcap application. Also, it may be necessary to run the configure script as root in order for it to detect that bpf is available. Another workaround is to use: ./configure --with-pcap=bpf If you use NeXTSTEP, you will not be able to build libpcap from this release. We hope to support this operating system in some future release of libpcap. If you use SINIX, you should be able to build libpcap from this release. It is known to compile and run on SINIX-Y/N 5.42 with the C-DS V1.0 or V1.1 compiler. But note that in some releases of SINIX, yacc emits incorrect code; if grammar.y fails to compile, change every occurence of: #ifdef YYDEBUG to: #if YYDEBUG Another workaround is to use flex and bison. If you use SCO, you might have trouble building libpcap from this release. We do not have a machine running SCO and have not had reports of anyone successfully building on it. Since SCO apparently supports dlpi, it's possible the current version works. Meanwhile, sco provides a tcpdump binary as part of their "Network/Security Tools" package: http://www.sco.com/technology/internet/goodies/#SECURITY There is also a README that explains how to enable packet capture. If you use UnixWare, you will not be able to build libpcap from this release. We hope to support this operating system in some future release of libpcap. Meanwhile, there appears to be an UnixWare port of libpcap 0.0 (and tcpdump 3.0) in: ftp://ftp1.freebird.org/pub/mirror/freebird/internet/systools/ UnixWare appears to use a hacked version of DLPI. If linking tcpdump fails with "Undefined: _alloca" when using bison on a Sun4, your version of bison is broken. In any case version 1.16 or higher is recommended (1.14 is known to cause problems 1.16 is known to work). Either pick up a current version from: ftp://prep.ai.mit.edu/pub/gnu/bison.tar.gz or hack around it by inserting the lines: #ifdef __GNUC__ #define alloca __builtin_alloca #else #ifdef sparc #include #else char *alloca (); #endif #endif right after the (100 line!) GNU license comment in bison.simple, remove grammar.[co] and fire up make again. If you use SunOS 4, your kernel must support streams NIT. If you run a libpcap program and it dies with: /dev/nit: No such device You must add streams NIT support to your kernel configuration, run config and boot the new kernel. If you are running a version of SunOS earlier than 4.1, you will need to replace the Sun supplied /sys/sun{3,4,4c}/OBJ/nit_if.o with the appropriate version from this distribution's SUNOS4 subdirectory and build a new kernel: nit_if.o.sun3-sunos4 (any flavor of sun3) nit_if.o.sun4c-sunos4.0.3c (SS1, SS1+, IPC, SLC, etc.) nit_if.o.sun4-sunos4 (Sun4's not covered by nit_if.o.sun4c-sunos4.0.3c) These nit replacements fix a bug that makes nit essentially unusable in pre-SunOS 4.1. In addition, our sun4c-sunos4.0.3c nit gives you timestamps to the resolution of the SS-1 clock (1 us) rather than the lousy 20ms timestamps Sun gives you (tcpdump will print out the full timestamp resolution if it finds it's running on a SS-1). FILES ----- CHANGES - description of differences between releases FILES - list of files exported as part of the distribution INSTALL - this file Makefile.in - compilation rules (input to the configure script) README - description of distribution SUNOS4 - pre-SunOS 4.1 replacement kernel nit modules VERSION - version of this release aclocal.m4 - autoconf macros bpf/net - copies of bpf_filter.c and bpf.h bpf_filter.c - symlink to bpf/net/bpf_filter.c bpf_image.c - bpf disassembly routine config.guess - autoconf support config.sub - autoconf support configure - configure script (run this first) configure.in - configure script source etherent.c - /etc/ethers support routines ethertype.h - ethernet protocol types and names definitions gencode.c - bpf code generation routines gencode.h - bpf code generation definitions grammar.y - filter string grammar inet.c - network routines install-sh - BSD style install script lbl/gnuc.h - gcc macros and defines lbl/os-*.h - os dependent defines and prototypes linux-include/* - network include files missing on Linux mkdep - construct Makefile dependency list nametoaddr.c - hostname to address routines net - symlink to bpf/net optimize.c - bpf optimization routines pcap-bpf.c - BSD Packet Filter support pcap-dlpi.c - Data Link Provider Interface support pcap-enet.c - enet support pcap-int.h - internal libpcap definitions pcap-namedb.h - public libpcap name database definitions pcap-nit.c - Network Interface Tap support pcap-nit.h - Network Interface Tap definitions pcap-null.c - dummy monitor support (allows offline use of libpcap) pcap-pf.c - Packet Filter support pcap-pf.h - Packet Filter definitions pcap-snit.c - Streams based Network Interface Tap support pcap-snoop.c - Snoop network monitoring support pcap.3 - manual entry pcap.c - pcap utility routines pcap.h - public libpcap definitions ppp.h - Point to Point Protocol definitions savefile.c - offline support scanner.l - filter string scanner sniffit.0.3.7.beta/libpcap/Makefile.in100444 1750 1750 11331 6553423606 16276 0ustar codercoder# Copyright (c) 1993, 1994, 1995, 1996 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that: (1) source code distributions # retain the above copyright notice and this paragraph in its entirety, (2) # distributions including binary code include the above copyright notice and # this paragraph in its entirety in the documentation or other materials # provided with the distribution, and (3) all advertising materials mentioning # features or use of this software display the following acknowledgement: # ``This product includes software developed by the University of California, # Lawrence Berkeley Laboratory and its contributors.'' Neither the name of # the University nor the names of its contributors may be used to endorse # or promote products derived from this software without specific prior # written permission. # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#) $Header: Makefile.in,v 1.72 97/06/30 13:56:14 leres Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) # # Top level hierarchy prefix = @prefix@ exec_prefix = @exec_prefix@ # Pathname of directory to install the include files INCLDEST = @includedir@ # Pathname of directory to install the library LIBDEST = @libdir@ # Pathname of directory to install the man page MANDEST = @mandir@ # VPATH srcdir = @srcdir@ VPATH = @srcdir@ # # You shouldn't need to edit anything below. # CC = @CC@ CCOPT = @V_CCOPT@ INCLS = -I. @V_INCLS@ DEFS = @DEFS@ # Standard CFLAGS CFLAGS = $(CCOPT) $(INCLS) $(DEFS) INSTALL = @INSTALL@ RANLIB = @V_RANLIB@ # # Flex and bison allow you to specify the prefixes of the global symbols # used by the generated parser. This allows programs to use lex/yacc # and link against libpcap. If you don't have flex or bison, get them. # LEX = @V_LEX@ YACC = @V_YACC@ # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c PSRC = pcap-@V_PCAP@.c CSRC = pcap.c inet.c gencode.c optimize.c nametoaddr.c \ etherent.c savefile.c bpf_filter.c bpf_image.c GENSRC = scanner.c grammar.c version.c SRC = $(PSRC) $(CSRC) $(GENSRC) # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection OBJ = $(PSRC:.c=.o) $(CSRC:.c=.o) $(GENSRC:.c=.o) HDR = pcap.h pcap-int.h pcap-namedb.h pcap-nit.h pcap-pf.h \ ethertype.h gencode.h gnuc.h GENHDR = \ tokdefs.h TAGHDR = \ bpf/net/bpf.h TAGFILES = \ $(SRC) $(HDR) $(TAGHDR) CLEANFILES = $(OBJ) libpcap.a $(GENSRC) $(GENHDR) lex.yy.c all: libpcap.a libpcap.a: $(OBJ) @rm -f $@ ar rc $@ $(OBJ) $(RANLIB) $@ scanner.c: $(srcdir)/scanner.l @rm -f $@ $(LEX) -t $< > $$$$.$@; mv $$$$.$@ $@ scanner.o: scanner.c tokdefs.h tokdefs.h: grammar.c grammar.c: $(srcdir)/grammar.y @rm -f grammar.c tokdefs.h $(YACC) -d $< mv y.tab.c grammar.c mv y.tab.h tokdefs.h grammar.o: grammar.c @rm -f $@ $(CC) $(CFLAGS) -Dyylval=pcap_lval -c grammar.c version.o: version.c version.c: $(srcdir)/VERSION @rm -f $@ sed -e 's/.*/char pcap_version[] = "&";/' $(srcdir)/VERSION > $@ install: force $(INSTALL) -m 444 -o bin -g bin libpcap.a $(DESTDIR)$(LIBDEST)/libpcap.a $(RANLIB) $(DESTDIR)$(LIBDEST)/libpcap.a install-incl: force $(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap.h \ $(DESTDIR)$(INCLDEST)/pcap.h $(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap-namedb.h \ $(DESTDIR)$(INCLDEST)/pcap-namedb.h $(INSTALL) -m 444 -o bin -g bin $(srcdir)/net/bpf.h \ $(DESTDIR)$(INCLDEST)/net/bpf.h install-man: force $(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap.3 \ $(DESTDIR)$(MANDEST)/man3/pcap.3 clean: rm -f $(CLEANFILES) distclean: rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ gnuc.h os-proto.h bpf_filter.c net tags: $(TAGFILES) ctags -wtd $(TAGFILES) tar: force @cwd=`pwd` ; dir=`basename $$cwd` ; name=libpcap-`cat VERSION` ; \ list="" ; tar="tar chFFf" ; \ for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \ echo \ "rm -f ../$$name; ln -s $$dir ../$$name" ; \ rm -f ../$$name; ln -s $$dir ../$$name ; \ echo \ "(cd .. ; $$tar - [lots of files]) | compress > /tmp/$$name.tar.Z" ; \ (cd .. ; $$tar - $$list) | compress > /tmp/$$name.tar.Z ; \ echo \ "rm -f ../$$name" ; \ rm -f ../$$name force: /tmp depend: $(GENSRC) force ./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) sniffit.0.3.7.beta/libpcap/README100444 1750 1750 4206 6553423606 15074 0ustar codercoder@(#) $Header: README,v 1.18 97/06/12 14:23:56 leres Exp $ (LBL) LIBPCAP 0.4 Lawrence Berkeley National Laboratory Network Research Group libpcap@ee.lbl.gov ftp://ftp.ee.lbl.gov/libpcap.tar.Z This directory contains source code for libpcap, a system-independent interface for user-level packet capture. libpcap provides a portable framework for low-level network monitoring. Applications include network statistics collection, security monitoring, network debugging, etc. Since almost every system vendor provides a different interface for packet capture, and since we've developed several tools that require this functionality, we've created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. Note well: this interface is new and is likely to change. The libpcap interface supports a filtering mechanism based on the architecture in the BSD packet filter. BPF is described in the 1993 Winter Usenix paper ``The BSD Packet Filter: A New Architecture for User-level Packet Capture''. A compressed postscript version is in: ftp://ftp.ee.lbl.gov/papers/bpf-usenix93.ps.Z. Although most packet capture interfaces support in-kernel filtering, libpcap utilizes in-kernel filtering only for the BPF interface. On systems that don't have BPF, all packets are read into user-space and the BPF filters are evaluated in the libpcap library, incurring added overhead (especially, for selective filters). Ideally, libpcap would translate BPF filters into a filter program that is compatible with the underlying kernel subsystem, but this is not yet implemented. BPF is standard in 4.4BSD, BSD/386, NetBSD, and FreeBSD. DEC OSF/1 uses the packetfilter interface but has been extended to accept BPF filters (which libpcap utilizes). Also, you can add BPF filter support to Ultrix using the kernel source and/or object patches available in: ftp://gatekeeper.dec.com/pub/DEC/net/bpfext42.tar.Z. Problems, bugs, questions, desirable enhancements, source code contributions, etc., should be sent to the email address "libpcap@ee.lbl.gov". - Steve McCanne Craig Leres Van Jacobson sniffit.0.3.7.beta/libpcap/SUNOS4/ 40755 1750 1750 0 6553423606 15112 5ustar codercodersniffit.0.3.7.beta/libpcap/SUNOS4/nit_if.o.sun4c.4.0.3c100444 1750 1750 12253 6553423606 20517 0ustar codercoder ðÄL`ã¿ ³.`€¦à€³>`²`ú@¶ €"€ €¦áÔ`€¦À &€ €¦á²ú@¶à€2¿ÿùÔ`€¦á2€"’ – ¶?ÿ€SÖ(4Ѐ"€€N¶?ÿ¶`ÿ²àú@€"€’ à`€¦À&€’ â`€¦À4€²¤ ¶?ÿ€<ä(4Ðú@€2¿ÿóà`’ @ ¸€2€è ¦ ¶?ÿ€-æ(4Ð’ ¨ è' ú  ø'`ì@ì'@ú&@ð'`ú& ú& 8À'`À'`ö'`À'`@À'` ²€€î`´ ô-à ú` . 0Ð7@’c€Ò7`  ”¢àÔ7` Ö`’–àÖ&` Â@Â@ŸÀ@Ð Çà‘èã¿  $@’ ö úà Ðà€Š "€ €"€’ @¸`ú€"€ €€§@"€€¸ú€2¿ÿû€§@€2€ÔÀ@ ÔÀÔ'À& @ÐàÇà‘è ã¿ Ò`Ò ` € €H€¢`€!€¢`€€¢`†€BÐ` Ð €Š "€ Ú` ’ @ú` Ö@– àý– àÿÖ/@Ú` Ú @€‹`€0’@€.’@-€)ú` Ð`¶`€€!ä ä   €€ê@€€@¸€2€îà @€”î6à Ð ’Ð Â 0ŸÀ@@€@Çà‘è ã¿ ú ö`  øÀ’`€§ €0’a €§ 2€½ Ð` €2€¹ Ò`” ‚Ô*` – 9Ö&à’@€ÎÔ`Ô  Â`4ŸÀ@’Ð&àÞà€"€ä`à`¢ ‚€»â, ¦ æ,  ¨ €¶è&à Ð`’ @Ð ¸€2€ø'` î` ‚Ð-à ’ €¨Ò&àÔ`– Ö*  €£À&à ô`¸ ô  ô€€Ž "€è`àà€"€â`€ ¸ €Œ`2€€Ð` @’ ¸€"€î`ä`¦ ‚æ,  €‡ø&à€ "€ î`Ð` @’ €"€î`ê`¬ ‚ì-` €yÐ&à´ ® ÿðî'`Ô`š ”€Ô'`Ø`Ú+ €nÀ&à Þ`¨ Þà ú`ª º`ú#Àæ`è,à €cê&à ì`ì  ì€ì'`Ò`€ "€ Ø`Ô`€¢ :€Ø`– Ö'`Ø`š Ú+ À&à ’ @ ¶€"€K’Þ`€"€º%Üú`€§`d4€€§a€¸ 4€¸ ¸ âठä,` ôà ¦ 0æ6€’@‘/`Ð6  ‘/`@’Ð6  èਠè&à@’€(’ì`” ì  ú`– ú%€Ò`Ô*` €Ö&à ’`€§ ¿ÿx ’`€§ ¿ÿ´ ’`€§ ¿ÿ]0’`€§ ¿ÿ¡0’`€§ ¿ÿä0’a €§ "¿ÿ=ú` Ø`š ‚Ú+ ’@² Çà‘èã¿ ø €"€€Ò €¢@2€øÔ  € €Ö €Šà"€ ø@Ð €2€ €Ø ˜ Ø' ø€2¿ÿëÒ €€¬è ’”@©¬€2€€Þ žà€ŸÞ' ?ÿÜ#ÿÿ¦€™¤€"€—º ú€"€€Ò` €¢@2€ú@Ô  € €Ö`€Šà"€ ú@@Ð`€2€ €Ø`˜ Ø'`ú@€2¿ÿëÒ` €"€Ô Þ`€£À2€ Ô`@ª€2€Ô à`  € à'`’@iª€2€è`Ð` Ð'`Ô €Š "€PÂ Ö ¶ €Šà"€Ø ¶ Ø €‹ "€Ú ¶àÚ €‹`"€’ ¶à’ @¶€2€âà@Þ žà€:Þ'  Ð,` Ò €Š`"€Ø îà–àØÀÖàØ%àÖ%àÞÀÐàž ÀŸ3à Ð%àÔà” Ô&àØ €‹ "€ â îàÚ Ú%ÀÞàžàÞ&àâ €Œ`"€ ’îàРҠ Ð%ÀÖà–àÖ&à’@¬Â ’Â` Â@Â@Ð ŸÀ@Ð ¸€¿ÿk¬º Çà‘èã¿ ú €"€ø ´& €§@(€ø ºø ’ ¸@¸ ¹7 ¹/ @´€2€ê €´ À-` ì ì ¬%€ì& ì&  ÐÒ @Ô ð Ô €”€€ Ô& Ö ”’ @Ø ˜Ø& Çà‘èã¿ @Çà‘è 㿘€¸¿ü€À'¿üÖ Ò Ô –"À  ’@˜ º€2€ ú'Ô¿ü€ €@пü@€° 𠸀2¿ÿçÖ ð¿üÇàè@(#) $Header: nit_if.c,v 1.4 90/03/20 18:18:19 leres Exp $ sun4c (LBL)@(#)nit_if.c 1.24++ 88/02/09 Copyr 1987 Sun Micro껀.àsnitsnit_close nonexistent instance ˆ ‹| ˆŒ ‹ä†ÿÿÿL†ÿÿþ´È&†ÿÿþ8ä ˆð ˆø†ÿÿþ ˆ ‹D ÍH%†ÿÿý¸L Í\†ÿÿý¤´&†ÿÿýLä7†ÿÿý\†ÿÿü¤Œ†ÿÿütœ6†ÿÿüd7†ÿÿûøp+†ÿÿûø†ÿÿû4†ÿÿú̆ÿÿúh:†ÿÿù˜x:†ÿÿùˆ”7†ÿÿùl<7†ÿÿøÄT ˆX ‹˜ †ÿÿøhh †ÿÿ÷˜´#†ÿÿ÷L X†ÿÿö¨ p6†ÿÿö ¤ˆ ¨‹ <†ÿÿõÄ Ä†ÿÿõ< †ÿÿôü 0†ÿÿôÐ P†ÿÿô° „ L ˆ L †ÿÿôp ¸ †ÿÿôH À6†ÿÿô@€ È”˜À  l¨l¼ lÄ |È ˜ À" „.¬: lF ˜R |^hqzƒŒ€•Ÿ@©°¶¿ÆÐ×Ýãíõül #.6=AI `\ck ðr L…@‘›£®· ÀË ´ÖPáåíõù  8&+_phz_hostnamelen_snit_close_snit_cpmsg_snit_ioctl_snit_minfo_snit_winit_snit_rinit_boottime_mclfree_m_freem_mclgetx_nisoftc_pidhash_freeproc_hostname_bcopy_proc_whichqs_freeb_m_cpytoc_ifnet_time_tick_rawintrq_allocb_linkb_lbolt_snit_put_domainnamelen_mfree_ifpromisc_canput_nproc_hz_dupmsg_cp_mblks_to_mbufs_panic_flushq_rcsid_free_mbuffed_mblk_domainname_zombproc_ifunit_procNPROC_allproc_avenrun_snit_open_snit_info_snit_intr_qs_m_want_mbstat_tz_freemsg_qreply_etherbroadcastaddr_sccsid.mulsniffit.0.3.7.beta/libpcap/SUNOS4/nit_if.o.sparc100444 1750 1750 12134 6553423606 17765 0ustar codercoder ð¸¸X`ã¿ ³.`€¦à€³>`²`ú@¶ €"€ €¦áÔ`€¦À &€ €¦á²ú@¶à€2¿ÿùÔ`€¦á2€0’ – ¶?ÿ€^Ö(4Ѐ"€€Y¶?ÿ¶`ÿ²àú@€"€!’ à`€¦À6€ â`’ @ ¸€2€è ¦ ¶?ÿ€Dæ(4Ѐ¦À4€²¤ ¶?ÿ€=ä(4Ðú@€"€’ à`€¦À6¿ÿóâ`’ @ ¸€"¿ÿé¦ è ’ ¨ è' ú  ø'`ì@ì'@ú&@ð'`ú& ú& 8À'`À'`ö'`À'`@À'` ²€€î`´ ô-à ú` . 0Ð7@’c€Ò7`  ”¢àÔ7` Ö`’–àÖ&` Â@Â@ŸÀ@Ð Çà‘èã¿  $@’ ö úà Ðà€Š "€ €"€’ @¸`ú€"€ €€§@"€€¸ú€2¿ÿû€§@€2€ÔÀ@ ÔÀÔ'À& @ÐàÇà‘è ã¿ Ò`Ò ` € €H€¢`€!€¢`€€¢`†€BÐ` Ð €Š "€ Ú` ’ @ú` Ö@– àý– àÿÖ/@Ú` Ú @€‹`€0’@€.’@-€)ú` Ð`¶`€€!ä ä   €€ê@€€@û¸€2€îà @€”î6à Ð ’Ð Â 0ŸÀ@@€@Çà‘è ã¿ ú ö`  øÀ’`€§ €0’a €§ 2€ Ð` €2€  Ò`” ‚Ô*` – 9Ö&à’@€!’`€§ €F ’`€§ €‚ ’`€§ €+0’`€§ €o0’`€§ €²0’a €§ "€ ú` Ø`š ‚Ú+ ’@² Çà‘èÔ`Ô  Â`4ŸÀ@’Ð&àÞà€"€ä`à`¢ ‚¿ÿíâ, ¦ æ,  ¨ ¿ÿèè&à Ð`’ @Ð ¸€2€ø'` î` ‚Ð-à ’ ¿ÿÚÒ&àÔ`– Ö*  ¿ÿÕÀ&à ô`¸ ô  ô€€Ž "€è`àà€"€â`€ ¸ €Œ`2€€Ð` @’ ¸€"€î`ä`¦ ‚æ,  ¿ÿ¹ø&à€ "€ î`Ð` @’ €"€î`ê`¬ ‚ì-` ¿ÿ«Ð&à´ ® ÿðî'`Ô`š ”€Ô'`Ø`Ú+ ¿ÿ À&à Þ`¨ Þà ú`ª º`ú#Àæ`è,à ¿ÿ•ê&à ì`ì  ì€ì'`Ò`€ "€ Ø`Ô`€¢ :€Ø`– Ö'`Ø`š Ú+ À&à ’ @ ¶€"¿ÿ}’Þ`€"€º%Üú`€§`d4€€§a€¸ 4€¸ ¸ âठä,` ôà ¦ 0æ6€’@‘/`Ð6  ‘/`@’Ð6  èਠè&à@’¿ÿZ’ì`” ì  ú`– ú%€Ò`Ô*` ¿ÿOÖ&à ã¿ ø €"€€Ò €¢@2€øÔ  € €Ö €Šà"€ ø@Ð €2€ €Ø ˜ Ø' ø€2¿ÿëÒ €€ è ’”@®€"€ Þ €"€”º €"€‘º €úžà€ŒÞ' €¤@2€ú@ä  €€æ`€Œà"€ ú@@Ð`€2€ €Ð` Ð'`ú@€2¿ÿëâ` €"€à Ô`€¢€2€ Ô`@ª€2€à Ö`–à€ Ö'`’@cª€2€è`Ú`š`Ú'`à €Œ "€J ⠶ €Œ`"€ä ¶ ä €Œ "€æ ¶àæ €Œà"€’ ¶à’ @¶€2€Ôà@Ð  €4Ð' – Ö*  Ø €‹ "€ Ð ìàžààÀÞàà% Þ% äठä&àÐ €Š "€ Ø ìàÒ Ò%€Ôà” Ô&àØ €‹ "€ ’ìàÚ Þ š@Ú%€âà¢`â&à’@®Â ’Â` Â@Â@Ð ŸÀ@Ð ¸€¿ÿq®º Çà‘èã¿ ú €"€ø ´& €§@(€ø ºø ’ ¸@¸ ¹7 ¹/ @´€2€ê €´ À-` ì ì ¬%€ì& ì&  ÐÒ @Ô ð Ô €”€€ Ô& Ö ”’ @Ø ˜Ø& Çà‘èã¿ @Çà‘è 㿘€¸¿ü€À'¿üÖ Ò Ô –"À  ’@˜ º€2€ ú'Ô¿ü€ €@пü@€° 𠸀2¿ÿçÖ ð¿üÇàè@(#)nit_if.c 1.24 88/02/09 Copyr 1987 Sun Micro껀.àsnitsnit_close nonexistent instance ˆ ‹| ˆŒ ‹´†ÿÿÿL†ÿÿþäx†ÿÿþˆô&†ÿÿþ  ˆ ˆ$†ÿÿýÜ, ˆ0 ‹p …t%†ÿÿýŒx …ˆ†ÿÿýxà&†ÿÿý 6†ÿÿüðˆ†ÿÿüx¸†ÿÿüHÈ5†ÿÿü846†ÿÿûÌ´6†ÿÿûL *†ÿÿúਆÿÿúXä†ÿÿú°†ÿÿùP9†ÿÿøè(9†ÿÿøØD6†ÿÿø¼€ ˆ„ ‹Ä †ÿÿø<| †ÿÿ÷„È#†ÿÿ÷8 l†ÿÿö” „5†ÿÿö| ¸ˆ ¼‹ 8†ÿÿõÈ À†ÿÿõ@ †ÿÿõ ,†ÿÿôÔ L†ÿÿô´ € H „ H Œ †ÿÿôt ´ †ÿÿôL ¼5†ÿÿôD4 €HLìT \˜p x 0| L ì" €.Ø: F LR 0^hqzƒŒ€•Ÿ@©°¶¿ÆÐ×Ýãíõü˜ #.6=AI \\ck H~@Š”œ§° ¹Ä hÏ|ÚÞæîòû ð$_phz_hostnamelen_snit_close_snit_cpmsg_snit_ioctl_snit_minfo_snit_winit_snit_rinit_boottime_mclfree_m_freem_mclgetx_nisoftc_pidhash_freeproc_hostname_bcopy_proc_whichqs_freeb_m_cpytoc_ifnet_time_tick_rawintrq_allocb_linkb_lbolt_snit_put_domainnamelen_mfree_ifpromisc_canput_nproc_hz_dupmsg_cp_mblks_to_mbufs_panic_flushq_free_mbuffed_mblk_domainname_zombproc_ifunit_procNPROC_allproc_avenrun_snit_open_snit_info_snit_intr_qs_m_want_mbstat_tz_freemsg_qreply_etherbroadcastaddr_sccsid.mulsniffit.0.3.7.beta/libpcap/SUNOS4/nit_if.o.sun3100444 1750 1750 10253 6553423606 17545 0ustar codercoder €¸¬H@NVÿìH×<€ ®f.~(|` ¾­m R‡(M*TJfð ‡fFüšxpÿ`ìJ®gpÿ`à~.(|`¾­m¾­n üšxpÿ`º(M*TJfàHxHx N¹PO&@J‹f ü šxpÿ`r Ó«*k +K*”(+n n!M n!M8B­B­+GB­B­ HxHxN¹PO&@J€g: k| $k 4¼05|»€ 5|.à rÓ«HS n/( h P PNPO Lî<€ÿìN^NuNVÿìH×<*nHxHm$N¹PO(m$l ,gJŠg B§HRN¹PO-|ÿü`·Ìg-Kÿü nÿü&PJ‹fîJ‹fHy N¹XO nÿü ”B­/,N¹XOpLî<ÿìN^NuNVÿì n hp( J€g r°grr°gX €†fö n h gHx/.N¹PO n h ý n h g¼/. /.N¹PO`´/. /.N¹öPO`  n -h ÿü-hÿø .ÿüT€-@ÿìJ®ÿøgr nÿø hJ( fd nÿüJPf\/.ÿøN¹ XO-@ÿôf /. N¹`H nÿì1h n h-h ÿð/.ÿü/.ÿô/.ÿð nÿð h.NOï /. N¹` /. N¹XOpN^NuNVÿÜH×<À n*h n (h .  €€pg €À i f–J­ fŽ n h|‚ ~9)G/. /.N¹PO`Â&m n h$h HR/HS k2NOï )@J¬fv n h| ~ )G `l n h$h HxHRN¹PO&@J‹f n h|‚ ~)G`4+K n h| B¬ ` n h h -Pÿü| .ÿÿg@Jlg|` -fHx/- N¹PO,J†g2 n h|‚ )F` -gB§/- N¹PO,fÎ~ðÏ­.ÿÿ~À‡­ n h| B¬ `~ n h h -~À‡ € n h| ~)G `P n h h +PJ­g ­d~+G n h| B¬ HxHxN¹PO-@ÿügJ­g -` <Ü-@ÿø ®dÿønp` ®ÿønp`p-@ÿô nÿü h| nÿü&h 6¼0 .ÿøë€L.ÿô7@ .ÿøç€L.ÿô7@ nÿü~ߨ/.ÿü/.N¹PO`p n h h ­ n h| ~)G `J  €€pgþ( €€pgþè €€ pgý €Àpgþ¦ €Àpg¨ €À i gýb n h|‚ /. /.N¹POpLî<ÀÿÜN^NuNVÿàH×<ÀB®ÿü&y`4 + °®f( nJ¨ g +~À‡g/+N¹XOJ€f R«&SJ‹fÈJ‹gÐ.+//. /.N¹HOï *@Jf¨R«`¨Jg $S`4 * °®f( nJ¨ g *g/*N¹XOJ€f Rª$RJŠfÈJŠgB¾ªfHUN¹XO(@JŒf,Rª`&/*/. /.N¹HOï (@JŒfRª`.* +|À†gî| +gP† +gX† +gX†Hx/N¹PO-@ÿüfHUN¹XOR«`¼ nÿü h| +g$ nÿü-hÿøAù"nÿø#h" nÿüP¨ +g nÿü-hÿø nÿø « nÿüX¨ +g$ nÿü-hÿø n (Ш nÿø € nÿüX¨HU/.ÿüN¹PO*nÿüHU k/( k h P PNPO&J*LJ‹fþ^pLî<ÀÿàN^NuNVÿìH×0à*n..,-J‡g z…¼€cž…,*Ú­V…äåHx/N¹PO(@J€fp`R lB( l (…)@)@ /-/,/N¹Oï -ѬJ†o/,/B§/. N¹Ý¬ Lî0àÿìN^NuNV/.N¹XOpN^NuNVÿðH×8B®ÿüIîÿü&n`NB§ +« //+ / HzÿÀN¹Oï*@Jf J®ÿüg /.ÿüN¹XOHSN¹XOp`((M&kJ‹f® .ÿüLî8ÿðN^Nu@(#)nit_if.c 1.24 88/02/09 Copyr 1987 Sun Micro 0껀.à4 ° ° ¾ Úsnit_close nonexistent instancesnitPTP„$Pâ$PJ,Pl8PtP”@š.P°7P,P4PH@Ž@ 7PÞ7Pê#PJP¬P 8PT8Pö$PŠP P,PVP€@ÆPè"P@Z$Pj#Pœ-P5P‚$P¸PÚ6Pø7P 2P L%P V#P2@F@J@R@Z@n@v@z@  €&* Ú6=F O^kHw@‹— ª³4¿Ó öÞ °êòú î#.€7>F@RYajr{ö‹ ¾— ª°¸¾ÅÂÏÖßéñü _cp_mblks_to_mbufs_sccsid_lbolt_qs_snit_winit_nproc_whichqs_avenrun_domainnamelen_hostnamelen_snit_cpmsg_rawintrq_hostname_tz_canput_nisoftc_boottime_mclgetx_snit_close_etherbroadcastaddr_snit_info_snit_minfo_m_want_ifunit_tick_procNPROC_phz_free_mbuffed_mblk_snit_open_pidhash_bcopy_qreply_domainname_mfree_dupmsg_freemsg_allocb_m_freem_hz_snit_ioctl_snit_rinit_mclfree_freeproc_proc_flushq_time_panic_snit_put_ifnet_allproc_zombproc_mbstat_snit_intr_linkb_m_cpytoc_freeb_ifpromiscsniffit.0.3.7.beta/libpcap/VERSION100444 1750 1750 6 6553423606 15176 0ustar codercoder0.4a6 sniffit.0.3.7.beta/libpcap/aclocal.m4100444 1750 1750 44622 6553423606 16102 0ustar codercoderdnl @(#) $Header: aclocal.m4,v 1.62 98/01/24 14:57:22 leres Exp $ (LBL) dnl dnl Copyright (c) 1995, 1996, 1997, 1998 dnl The Regents of the University of California. All rights reserved. dnl dnl Redistribution and use in source and binary forms, with or without dnl modification, are permitted provided that: (1) source code distributions dnl retain the above copyright notice and this paragraph in its entirety, (2) dnl distributions including binary code include the above copyright notice and dnl this paragraph in its entirety in the documentation or other materials dnl provided with the distribution, and (3) all advertising materials mentioning dnl features or use of this software display the following acknowledgement: dnl ``This product includes software developed by the University of California, dnl Lawrence Berkeley Laboratory and its contributors.'' Neither the name of dnl the University nor the names of its contributors may be used to endorse dnl or promote products derived from this software without specific prior dnl written permission. dnl THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED dnl WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF dnl MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. dnl dnl LBL autoconf macros dnl dnl dnl Determine which compiler we're using (cc or gcc) dnl If using gcc, determine the version number dnl If using cc, require that it support ansi prototypes dnl If using gcc, use -O2 (otherwise use -O) dnl If using cc, explicitly specify /usr/local/include dnl dnl usage: dnl dnl AC_LBL_C_INIT(copt, incls) dnl dnl results: dnl dnl $1 (copt set) dnl $2 (incls set) dnl CC dnl LDFLAGS dnl ac_cv_lbl_gcc_vers dnl LBL_CFLAGS dnl AC_DEFUN(AC_LBL_C_INIT, [AC_PREREQ(2.12) AC_BEFORE([$0], [AC_PROG_CC]) AC_BEFORE([$0], [AC_LBL_FIXINCLUDES]) AC_BEFORE([$0], [AC_LBL_DEVEL]) AC_ARG_WITH(gcc, [ --without-gcc don't use gcc]) $1="-O" $2="" if test "${srcdir}" != "." ; then $2="-I\$\(srcdir\)" fi if test "${CFLAGS+set}" = set; then LBL_CFLAGS="$CFLAGS" fi if test -z "$CC" ; then case "$target_os" in bsdi*) AC_CHECK_PROG(SHLICC2, shlicc2, yes, no) if test $SHLICC2 = yes ; then CC=shlicc2 export CC fi ;; esac fi if test -z "$CC" -a "$with_gcc" = no ; then CC=cc export CC fi AC_PROG_CC if test "$GCC" = yes ; then if test "$SHLICC2" = yes ; then ac_cv_lbl_gcc_vers=2 $1="-O2" else AC_MSG_CHECKING(gcc version) AC_CACHE_VAL(ac_cv_lbl_gcc_vers, ac_cv_lbl_gcc_vers=`$CC -v 2>&1 | \ sed -n -e '$s/.* //' -e '$s/\..*//p'`) AC_MSG_RESULT($ac_cv_lbl_gcc_vers) if test $ac_cv_lbl_gcc_vers -gt 1 ; then $1="-O2" fi fi else AC_MSG_CHECKING(that $CC handles ansi prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_ansi_prototypes, AC_TRY_COMPILE( [#include ], [int frob(int, char *)], ac_cv_lbl_cc_ansi_prototypes=yes, ac_cv_lbl_cc_ansi_prototypes=no)) AC_MSG_RESULT($ac_cv_lbl_cc_ansi_prototypes) if test $ac_cv_lbl_cc_ansi_prototypes = no ; then case "$target_os" in hpux*) AC_MSG_CHECKING(for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)) savedcflags="$CFLAGS" CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" AC_CACHE_VAL(ac_cv_lbl_cc_hpux_cc_aa, AC_TRY_COMPILE( [#include ], [int frob(int, char *)], ac_cv_lbl_cc_hpux_cc_aa=yes, ac_cv_lbl_cc_hpux_cc_aa=no)) AC_MSG_RESULT($ac_cv_lbl_cc_hpux_cc_aa) if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then AC_MSG_ERROR(see the INSTALL doc for more info) fi CFLAGS="$savedcflags" V_CCOPT="-Aa $V_CCOPT" AC_DEFINE(_HPUX_SOURCE) ;; *) AC_MSG_ERROR(see the INSTALL doc for more info) ;; esac fi $2="$$2 -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" case "$target_os" in irix*) V_CCOPT="$V_CCOPT -xansi -signed -g3" ;; osf*) V_CCOPT="$V_CCOPT -std1 -g3" ;; ultrix*) AC_MSG_CHECKING(that Ultrix $CC hacks const in prototypes) AC_CACHE_VAL(ac_cv_lbl_cc_const_proto, AC_TRY_COMPILE( [#include ], [struct a { int b; }; void c(const struct a *)], ac_cv_lbl_cc_const_proto=yes, ac_cv_lbl_cc_const_proto=no)) AC_MSG_RESULT($ac_cv_lbl_cc_const_proto) if test $ac_cv_lbl_cc_const_proto = no ; then AC_DEFINE(const,) fi ;; esac fi ]) dnl dnl Use pfopen.c if available and pfopen() not in standard libraries dnl Require libpcap dnl Look for libpcap in .. dnl Use the installed libpcap if there is no local version dnl dnl usage: dnl dnl AC_LBL_LIBPCAP(pcapdep, incls) dnl dnl results: dnl dnl $1 (pcapdep set) dnl $2 (incls appended) dnl LIBS dnl LBL_LIBS dnl AC_DEFUN(AC_LBL_LIBPCAP, [AC_REQUIRE([AC_LBL_LIBRARY_NET]) dnl dnl save a copy before locating libpcap.a dnl LBL_LIBS="$LIBS" pfopen=/usr/examples/packetfilter/pfopen.c if test -f $pfopen ; then AC_CHECK_FUNCS(pfopen) if test $ac_cv_func_pfopen = "no" ; then AC_MSG_RESULT(Using $pfopen) LIBS="$LIBS $pfopen" fi fi AC_MSG_CHECKING(for local pcap library) libpcap=FAIL lastdir=FAIL places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \ egrep '/libpcap-[[0-9]]*\.[[0-9]]*(\.[[0-9]]*)?([[ab]][[0-9]]*)?$'` for dir in $places ../libpcap libpcap ; do basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//'` if test $lastdir = $basedir ; then dnl skip alphas when an actual release is present continue; fi lastdir=$dir if test -r $dir/pcap.c ; then libpcap=$dir/libpcap.a d=$dir dnl continue and select the last one that exists fi done if test $libpcap = FAIL ; then AC_MSG_RESULT(not found) AC_CHECK_LIB(pcap, main, libpcap="-lpcap") if test $libpcap = FAIL ; then AC_MSG_ERROR(see the INSTALL doc for more info) fi else $1=$libpcap $2="-I$d $$2" AC_MSG_RESULT($libpcap) fi LIBS="$libpcap $LIBS" case "$target_os" in aix*) pseexe="/lib/pse.exp" AC_MSG_CHECKING(for $pseexe) if test -f $pseexe ; then AC_MSG_RESULT(yes) LIBS="$LIBS -I:$pseexe" fi ;; esac]) dnl dnl Define RETSIGTYPE and RETSIGVAL dnl dnl usage: dnl dnl AC_LBL_TYPE_SIGNAL dnl dnl results: dnl dnl RETSIGTYPE (defined) dnl RETSIGVAL (defined) dnl AC_DEFUN(AC_LBL_TYPE_SIGNAL, [AC_BEFORE([$0], [AC_LBL_LIBPCAP]) AC_TYPE_SIGNAL if test "$ac_cv_type_signal" = void ; then AC_DEFINE(RETSIGVAL,) else AC_DEFINE(RETSIGVAL,(0)) fi case "$target_os" in irix*) AC_DEFINE(_BSD_SIGNALS) ;; *) dnl prefer sigset() to sigaction() AC_CHECK_FUNCS(sigset) if test $ac_cv_func_sigset = no ; then AC_CHECK_FUNCS(sigaction) fi ;; esac]) dnl dnl If using gcc, make sure we have ANSI ioctl definitions dnl dnl usage: dnl dnl AC_LBL_FIXINCLUDES dnl AC_DEFUN(AC_LBL_FIXINCLUDES, [if test "$GCC" = yes ; then AC_MSG_CHECKING(for ANSI ioctl definitions) AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes, AC_TRY_COMPILE( [/* * This generates a "duplicate case value" when fixincludes * has not be run. */ # include # include # include # ifdef HAVE_SYS_IOCCOM_H # include # endif], [switch (0) { case _IO('A', 1):; case _IO('B', 1):; }], ac_cv_lbl_gcc_fixincludes=yes, ac_cv_lbl_gcc_fixincludes=no)) AC_MSG_RESULT($ac_cv_lbl_gcc_fixincludes) if test $ac_cv_lbl_gcc_fixincludes = no ; then # Don't cache failure unset ac_cv_lbl_gcc_fixincludes AC_MSG_ERROR(see the INSTALL for more info) fi fi]) dnl dnl Check for flex, default to lex dnl Require flex 2.4 or higher dnl Check for bison, default to yacc dnl Default to lex/yacc if both flex and bison are not available dnl Define the yy prefix string if using flex and bison dnl dnl usage: dnl dnl AC_LBL_LEX_AND_YACC(lex, yacc, yyprefix) dnl dnl results: dnl dnl $1 (lex set) dnl $2 (yacc appended) dnl $3 (optional flex and bison -P prefix) dnl AC_DEFUN(AC_LBL_LEX_AND_YACC, [AC_ARG_WITH(flex, [ --without-flex don't use flex]) AC_ARG_WITH(bison, [ --without-bison don't use bison]) if test "$with_flex" = no ; then $1=lex else AC_CHECK_PROGS($1, flex, lex) fi if test "$$1" = flex ; then # The -V flag was added in 2.4 AC_MSG_CHECKING(for flex 2.4 or higher) AC_CACHE_VAL(ac_cv_lbl_flex_v24, if flex -V >/dev/null 2>&1; then ac_cv_lbl_flex_v24=yes else ac_cv_lbl_flex_v24=no fi) AC_MSG_RESULT($ac_cv_lbl_flex_v24) if test $ac_cv_lbl_flex_v24 = no ; then s="2.4 or higher required" AC_MSG_WARN(ignoring obsolete flex executable ($s)) $1=lex fi fi if test "$with_bison" = no ; then $2=yacc else AC_CHECK_PROGS($2, bison, yacc) fi if test "$$2" = bison ; then $2="$$2 -y" fi if test "$$1" != lex -a "$$2" = yacc -o "$$1" = lex -a "$$2" != yacc ; then AC_MSG_WARN(don't have both flex and bison; reverting to lex/yacc) $1=lex $2=yacc fi if test "$$1" = flex -a -n "$3" ; then $1="$$1 -P$3" $2="$$2 -p $3" fi]) dnl dnl Checks to see if union wait is used with WEXITSTATUS() dnl dnl usage: dnl dnl AC_LBL_UNION_WAIT dnl dnl results: dnl dnl DECLWAITSTATUS (defined) dnl AC_DEFUN(AC_LBL_UNION_WAIT, [AC_MSG_CHECKING(if union wait is used) AC_CACHE_VAL(ac_cv_lbl_union_wait, AC_TRY_COMPILE([ # include # include ], [int status; u_int i = WEXITSTATUS(status); u_int j = waitpid(0, &status, 0);], ac_cv_lbl_union_wait=no, ac_cv_lbl_union_wait=yes)) AC_MSG_RESULT($ac_cv_lbl_union_wait) if test $ac_cv_lbl_union_wait = yes ; then AC_DEFINE(DECLWAITSTATUS,union wait) else AC_DEFINE(DECLWAITSTATUS,int) fi]) dnl dnl Checks to see if the sockaddr struct has the 4.4 BSD sa_len member dnl dnl usage: dnl dnl AC_LBL_SOCKADDR_SA_LEN dnl dnl results: dnl dnl HAVE_SOCKADDR_SA_LEN (defined) dnl AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN, [AC_MSG_CHECKING(if sockaddr struct has sa_len member) AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len, AC_TRY_COMPILE([ # include # include ], [u_int i = sizeof(((struct sockaddr *)0)->sa_len)], ac_cv_lbl_sockaddr_has_sa_len=yes, ac_cv_lbl_sockaddr_has_sa_len=no)) AC_MSG_RESULT($ac_cv_lbl_sockaddr_has_sa_len) if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then AC_DEFINE(HAVE_SOCKADDR_SA_LEN) fi]) dnl dnl Checks to see if -R is used dnl dnl usage: dnl dnl AC_LBL_HAVE_RUN_PATH dnl dnl results: dnl dnl ac_cv_lbl_have_run_path (yes or no) dnl AC_DEFUN(AC_LBL_HAVE_RUN_PATH, [AC_MSG_CHECKING(for ${CC-cc} -R) AC_CACHE_VAL(ac_cv_lbl_have_run_path, [echo 'main(){}' > conftest.c ${CC-cc} -o conftest conftest.c -R/a1/b2/c3 >conftest.out 2>&1 if test ! -s conftest.out ; then ac_cv_lbl_have_run_path=yes else ac_cv_lbl_have_run_path=no fi rm -f conftest*]) AC_MSG_RESULT($ac_cv_lbl_have_run_path) ]) dnl dnl Due to the stupid way it's implemented, AC_CHECK_TYPE is nearly useless. dnl dnl usage: dnl dnl AC_LBL_CHECK_TYPE dnl dnl results: dnl dnl int32_t (defined) dnl u_int32_t (defined) dnl AC_DEFUN(AC_LBL_CHECK_TYPE, [AC_MSG_CHECKING(for $1 using $CC) AC_CACHE_VAL(ac_cv_lbl_have_$1, AC_TRY_COMPILE([ # include "confdefs.h" # include # if STDC_HEADERS # include # include # endif], [$1 i], ac_cv_lbl_have_$1=yes, ac_cv_lbl_have_$1=no)) AC_MSG_RESULT($ac_cv_lbl_have_$1) if test $ac_cv_lbl_have_$1 = no ; then AC_DEFINE($1, $2) fi]) dnl dnl Checks to see if unaligned memory accesses fail dnl dnl usage: dnl dnl AC_LBL_UNALIGNED_ACCESS dnl dnl results: dnl dnl LBL_ALIGN (DEFINED) dnl AC_DEFUN(AC_LBL_UNALIGNED_ACCESS, [AC_MSG_CHECKING(if unaligned accesses fail) AC_CACHE_VAL(ac_cv_lbl_unaligned_fail, [case "$target_cpu" in alpha|hp*|mips|sparc) ac_cv_lbl_unaligned_fail=yes ;; *) cat >conftest.c < # include # include unsigned char a[[5]] = { 1, 2, 3, 4, 5 }; main() { unsigned int i; pid_t pid; int status; /* avoid "core dumped" message */ pid = fork(); if (pid < 0) exit(2); if (pid > 0) { /* parent */ pid = waitpid(pid, &status, 0); if (pid < 0) exit(3); exit(!WIFEXITED(status)); } /* child */ i = *(unsigned int *)&a[[1]]; printf("%d\n", i); exit(0); } EOF ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \ conftest.c $LIBS >/dev/null 2>&1 if test ! -x conftest ; then dnl failed to compile for some reason ac_cv_lbl_unaligned_fail=yes else ./conftest >conftest.out if test ! -s conftest.out ; then ac_cv_lbl_unaligned_fail=yes else ac_cv_lbl_unaligned_fail=no fi fi rm -f conftest* core core.conftest ;; esac]) AC_MSG_RESULT($ac_cv_lbl_unaligned_fail) if test $ac_cv_lbl_unaligned_fail = yes ; then AC_DEFINE(LBL_ALIGN) fi]) dnl dnl If using gcc and the file .devel exists: dnl Compile with -g (if supported) and -Wall dnl If using gcc 2, do extra prototype checking dnl If an os prototype include exists, symlink os-proto.h to it dnl dnl usage: dnl dnl AC_LBL_DEVEL(copt) dnl dnl results: dnl dnl $1 (copt appended) dnl HAVE_OS_PROTO_H (defined) dnl os-proto.h (symlinked) dnl AC_DEFUN(AC_LBL_DEVEL, [rm -f os-proto.h if test "${LBL_CFLAGS+set}" = set; then $1="$$1 ${LBL_CFLAGS}" fi if test -f .devel ; then if test "$GCC" = yes ; then if test "${LBL_CFLAGS+set}" != set; then if test "$ac_cv_prog_cc_g" = yes ; then $1="-g $$1" fi $1="$$1 -Wall" if test $ac_cv_lbl_gcc_vers -gt 1 ; then $1="$$1 -Wmissing-prototypes -Wstrict-prototypes" fi fi else case "$target_os" in irix6*) V_CCOPT="$V_CCOPT -n32" ;; *) ;; esac fi os=`echo $target_os | sed -e 's/\([[0-9]][[0-9]]*\)[[^0-9]].*$/\1/'` name="lbl/os-$os.h" if test -f $name ; then ln -s $name os-proto.h AC_DEFINE(HAVE_OS_PROTO_H) else AC_MSG_WARN(can't find $name) fi fi]) dnl dnl Improved version of AC_CHECK_LIB dnl dnl Thanks to John Hawkinson (jhawk@mit.edu) dnl dnl usage: dnl dnl AC_LBL_CHECK_LIB(LIBRARY, FUNCTION [, ACTION-IF-FOUND [, dnl ACTION-IF-NOT-FOUND [, OTHER-LIBRARIES]]]) dnl dnl results: dnl dnl LIBS dnl define(AC_LBL_CHECK_LIB, [AC_MSG_CHECKING([for $2 in -l$1]) dnl Use a cache variable name containing both the library and function name, dnl because the test really is for library $1 defining function $2, not dnl just for library $1. Separate tests with the same $1 and different $2's dnl may have different results. ac_lib_var=`echo $1['_']$2['_']$5 | sed 'y%./+- %__p__%'` AC_CACHE_VAL(ac_cv_lbl_lib_$ac_lib_var, [ac_save_LIBS="$LIBS" LIBS="-l$1 $5 $LIBS" AC_TRY_LINK(dnl ifelse([$2], [main], , dnl Avoid conflicting decl of main. [/* Override any gcc2 internal prototype to avoid an error. */ ]ifelse(AC_LANG, CPLUSPLUS, [#ifdef __cplusplus extern "C" #endif ])dnl [/* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $2(); ]), [$2()], eval "ac_cv_lbl_lib_$ac_lib_var=yes", eval "ac_cv_lbl_lib_$ac_lib_var=no") LIBS="$ac_save_LIBS" ])dnl if eval "test \"`echo '$ac_cv_lbl_lib_'$ac_lib_var`\" = yes"; then AC_MSG_RESULT(yes) ifelse([$3], , [changequote(, )dnl ac_tr_lib=HAVE_LIB`echo $1 | sed -e 's/[^a-zA-Z0-9_]/_/g' \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` changequote([, ])dnl AC_DEFINE_UNQUOTED($ac_tr_lib) LIBS="-l$1 $LIBS" ], [$3]) else AC_MSG_RESULT(no) ifelse([$4], , , [$4 ])dnl fi ]) dnl dnl AC_LBL_LIBRARY_NET dnl dnl This test is for network applications that need socket() and dnl gethostbyname() -ish functions. Under Solaris, those applications dnl need to link with "-lsocket -lnsl". Under IRIX, they need to link dnl with "-lnsl" but should *not* link with "-lsocket" because dnl libsocket.a breaks a number of things (for instance: dnl gethostbyname() under IRIX 5.2, and snoop sockets under most dnl versions of IRIX). dnl dnl Unfortunately, many application developers are not aware of this, dnl and mistakenly write tests that cause -lsocket to be used under dnl IRIX. It is also easy to write tests that cause -lnsl to be used dnl under operating systems where neither are necessary (or useful), dnl such as SunOS 4.1.4, which uses -lnsl for TLI. dnl dnl This test exists so that every application developer does not test dnl this in a different, and subtly broken fashion. dnl It has been argued that this test should be broken up into two dnl seperate tests, one for the resolver libraries, and one for the dnl libraries necessary for using Sockets API. Unfortunately, the two dnl are carefully intertwined and allowing the autoconf user to use dnl them independantly potentially results in unfortunate ordering dnl dependancies -- as such, such component macros would have to dnl carefully use indirection and be aware if the other components were dnl executed. Since other autoconf macros do not go to this trouble, dnl and almost no applications use sockets without the resolver, this dnl complexity has not been implemented. dnl dnl The check for libresolv is in case you are attempting to link dnl statically and happen to have a libresolv.a lying around (and no dnl libnsl.a). dnl AC_DEFUN(AC_LBL_LIBRARY_NET, [ # Most operating systems have gethostbyname() in the default searched # libraries (i.e. libc): AC_CHECK_FUNC(gethostbyname, , # Some OSes (eg. Solaris) place it in libnsl: AC_LBL_CHECK_LIB(nsl, gethostbyname, , # Some strange OSes (SINIX) have it in libsocket: AC_LBL_CHECK_LIB(socket, gethostbyname, , # Unfortunately libsocket sometimes depends on libnsl. # AC_CHECK_LIB's API is essentially broken so the # following ugliness is necessary: AC_LBL_CHECK_LIB(socket, gethostbyname, LIBS="-lsocket -lnsl $LIBS", AC_CHECK_LIB(resolv, gethostbyname), -lnsl)))) AC_CHECK_FUNC(socket, , AC_CHECK_LIB(socket, socket, , AC_LBL_CHECK_LIB(socket, socket, LIBS="-lsocket -lnsl $LIBS", , -lnsl))) # DLPI needs putmsg under HPUX so test for -lstr while we're at it AC_CHECK_LIB(str, putmsg) ]) sniffit.0.3.7.beta/libpcap/bpf/ 42755 1750 1750 0 6553423606 14670 5ustar codercodersniffit.0.3.7.beta/libpcap/bpf/net/ 42755 1750 1750 0 6553423606 15456 5ustar codercodersniffit.0.3.7.beta/libpcap/bpf/net/bpf.h100444 1750 1750 20377 6553423606 16520 0ustar codercoder/*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.h 7.1 (Berkeley) 5/7/91 * * @(#) $Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp $ (LBL) */ #ifndef BPF_MAJOR_VERSION /* BSD style release date */ #define BPF_RELEASE 199606 typedef int bpf_int32; typedef u_int bpf_u_int32; /* * Alignment macros. BPF_WORDALIGN rounds up to the next * even multiple of BPF_ALIGNMENT. */ #define BPF_ALIGNMENT sizeof(bpf_int32) #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) #define BPF_MAXINSNS 512 #define BPF_MAXBUFSIZE 0x8000 #define BPF_MINBUFSIZE 32 /* * Structure for BIOCSETF. */ struct bpf_program { u_int bf_len; struct bpf_insn *bf_insns; }; /* * Struct returned by BIOCGSTATS. */ struct bpf_stat { u_int bs_recv; /* number of packets received */ u_int bs_drop; /* number of packets dropped */ }; /* * Struct return by BIOCVERSION. This represents the version number of * the filter language described by the instruction encodings below. * bpf understands a program iff kernel_major == filter_major && * kernel_minor >= filter_minor, that is, if the value returned by the * running kernel has the same major number and a minor number equal * equal to or less than the filter being downloaded. Otherwise, the * results are undefined, meaning an error may be returned or packets * may be accepted haphazardly. * It has nothing to do with the source code version. */ struct bpf_version { u_short bv_major; u_short bv_minor; }; /* Current version number of filter architecture. */ #define BPF_MAJOR_VERSION 1 #define BPF_MINOR_VERSION 1 /* * BPF ioctls * * The first set is for compatibility with Sun's pcc style * header files. If your using gcc, we assume that you * have run fixincludes so the latter set should work. */ #if (defined(sun) || defined(ibm032)) && !defined(__GNUC__) #define BIOCGBLEN _IOR(B,102, u_int) #define BIOCSBLEN _IOWR(B,102, u_int) #define BIOCSETF _IOW(B,103, struct bpf_program) #define BIOCFLUSH _IO(B,104) #define BIOCPROMISC _IO(B,105) #define BIOCGDLT _IOR(B,106, u_int) #define BIOCGETIF _IOR(B,107, struct ifreq) #define BIOCSETIF _IOW(B,108, struct ifreq) #define BIOCSRTIMEOUT _IOW(B,109, struct timeval) #define BIOCGRTIMEOUT _IOR(B,110, struct timeval) #define BIOCGSTATS _IOR(B,111, struct bpf_stat) #define BIOCIMMEDIATE _IOW(B,112, u_int) #define BIOCVERSION _IOR(B,113, struct bpf_version) #define BIOCSTCPF _IOW(B,114, struct bpf_program) #define BIOCSUDPF _IOW(B,115, struct bpf_program) #else #define BIOCGBLEN _IOR('B',102, u_int) #define BIOCSBLEN _IOWR('B',102, u_int) #define BIOCSETF _IOW('B',103, struct bpf_program) #define BIOCFLUSH _IO('B',104) #define BIOCPROMISC _IO('B',105) #define BIOCGDLT _IOR('B',106, u_int) #define BIOCGETIF _IOR('B',107, struct ifreq) #define BIOCSETIF _IOW('B',108, struct ifreq) #define BIOCSRTIMEOUT _IOW('B',109, struct timeval) #define BIOCGRTIMEOUT _IOR('B',110, struct timeval) #define BIOCGSTATS _IOR('B',111, struct bpf_stat) #define BIOCIMMEDIATE _IOW('B',112, u_int) #define BIOCVERSION _IOR('B',113, struct bpf_version) #define BIOCSTCPF _IOW('B',114, struct bpf_program) #define BIOCSUDPF _IOW('B',115, struct bpf_program) #endif /* * Structure prepended to each packet. */ struct bpf_hdr { struct timeval bh_tstamp; /* time stamp */ bpf_u_int32 bh_caplen; /* length of captured portion */ bpf_u_int32 bh_datalen; /* original length of packet */ u_short bh_hdrlen; /* length of bpf header (this struct plus alignment padding) */ }; /* * Because the structure above is not a multiple of 4 bytes, some compilers * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. * Only the kernel needs to know about it; applications use bh_hdrlen. */ #ifdef KERNEL #define SIZEOF_BPF_HDR 18 #endif /* * Data-link level type codes. */ #define DLT_NULL 0 /* no link-layer encapsulation */ #define DLT_EN10MB 1 /* Ethernet (10Mb) */ #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ #define DLT_AX25 3 /* Amateur Radio AX.25 */ #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ #define DLT_CHAOS 5 /* Chaos */ #define DLT_IEEE802 6 /* IEEE 802 Networks */ #define DLT_ARCNET 7 /* ARCNET */ #define DLT_SLIP 8 /* Serial Line IP */ #define DLT_PPP 9 /* Point-to-point Protocol */ #define DLT_FDDI 10 /* FDDI */ #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ #define DLT_RAW 12 /* raw IP */ #define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ #define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ /* * The instruction encondings. */ /* instruction classes */ #define BPF_CLASS(code) ((code) & 0x07) #define BPF_LD 0x00 #define BPF_LDX 0x01 #define BPF_ST 0x02 #define BPF_STX 0x03 #define BPF_ALU 0x04 #define BPF_JMP 0x05 #define BPF_RET 0x06 #define BPF_MISC 0x07 /* ld/ldx fields */ #define BPF_SIZE(code) ((code) & 0x18) #define BPF_W 0x00 #define BPF_H 0x08 #define BPF_B 0x10 #define BPF_MODE(code) ((code) & 0xe0) #define BPF_IMM 0x00 #define BPF_ABS 0x20 #define BPF_IND 0x40 #define BPF_MEM 0x60 #define BPF_LEN 0x80 #define BPF_MSH 0xa0 /* alu/jmp fields */ #define BPF_OP(code) ((code) & 0xf0) #define BPF_ADD 0x00 #define BPF_SUB 0x10 #define BPF_MUL 0x20 #define BPF_DIV 0x30 #define BPF_OR 0x40 #define BPF_AND 0x50 #define BPF_LSH 0x60 #define BPF_RSH 0x70 #define BPF_NEG 0x80 #define BPF_JA 0x00 #define BPF_JEQ 0x10 #define BPF_JGT 0x20 #define BPF_JGE 0x30 #define BPF_JSET 0x40 #define BPF_SRC(code) ((code) & 0x08) #define BPF_K 0x00 #define BPF_X 0x08 /* ret - BPF_K and BPF_X also apply */ #define BPF_RVAL(code) ((code) & 0x18) #define BPF_A 0x10 /* misc */ #define BPF_MISCOP(code) ((code) & 0xf8) #define BPF_TAX 0x00 #define BPF_TXA 0x80 /* * The instruction data structure. */ struct bpf_insn { u_short code; u_char jt; u_char jf; bpf_int32 k; }; /* * Macros for insn array initializers. */ #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } #ifdef KERNEL extern u_int bpf_filter(); extern void bpfattach(); extern void bpf_tap(); extern void bpf_mtap(); #else #if __STDC__ extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); #endif #endif /* * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). */ #define BPF_MEMWORDS 16 #endif sniffit.0.3.7.beta/libpcap/bpf/net/bpf_filter.c100444 1750 1750 25045 6553423606 20055 0ustar codercoder/*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.c 7.5 (Berkeley) 7/15/91 */ #if !(defined(lint) || defined(KERNEL)) static const char rcsid[] = "@(#) $Header: bpf_filter.c,v 1.33 97/04/26 13:37:18 leres Exp $ (LBL)"; #endif #include #include #include #include #ifndef KERNEL #include #endif #define int32 bpf_int32 #define u_int32 bpf_u_int32 #ifndef LBL_ALIGN #if defined(sparc) || defined(mips) || defined(ibm032) || \ defined(__alpha) || defined(__hpux) #define LBL_ALIGN #endif #endif #ifndef LBL_ALIGN #include #define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p)) #define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p)) #else #define EXTRACT_SHORT(p)\ ((u_short)\ ((u_short)*((u_char *)p+0)<<8|\ (u_short)*((u_char *)p+1)<<0)) #define EXTRACT_LONG(p)\ ((u_int32)*((u_char *)p+0)<<24|\ (u_int32)*((u_char *)p+1)<<16|\ (u_int32)*((u_char *)p+2)<<8|\ (u_int32)*((u_char *)p+3)<<0) #endif #ifdef KERNEL #include #define MINDEX(len, m, k) \ { \ len = m->m_len; \ while (k >= len) { \ k -= len; \ m = m->m_next; \ if (m == 0) \ return 0; \ len = m->m_len; \ } \ } static int m_xword(m, k, err) register struct mbuf *m; register int k, *err; { register int len; register u_char *cp, *np; register struct mbuf *m0; MINDEX(len, m, k); cp = mtod(m, u_char *) + k; if (len - k >= 4) { *err = 0; return EXTRACT_LONG(cp); } m0 = m->m_next; if (m0 == 0 || m0->m_len + len - k < 4) goto bad; *err = 0; np = mtod(m0, u_char *); switch (len - k) { case 1: return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2]; case 2: return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1]; default: return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0]; } bad: *err = 1; return 0; } static int m_xhalf(m, k, err) register struct mbuf *m; register int k, *err; { register int len; register u_char *cp; register struct mbuf *m0; MINDEX(len, m, k); cp = mtod(m, u_char *) + k; if (len - k >= 2) { *err = 0; return EXTRACT_SHORT(cp); } m0 = m->m_next; if (m0 == 0) goto bad; *err = 0; return (cp[0] << 8) | mtod(m0, u_char *)[0]; bad: *err = 1; return 0; } #endif /* * Execute the filter program starting at pc on the packet p * wirelen is the length of the original packet * buflen is the amount of data present */ u_int bpf_filter(pc, p, wirelen, buflen) register struct bpf_insn *pc; register u_char *p; u_int wirelen; register u_int buflen; { register u_int32 A, X; register int k; int32 mem[BPF_MEMWORDS]; if (pc == 0) /* * No filter means accept all. */ return (u_int)-1; A = 0; X = 0; --pc; while (1) { ++pc; switch (pc->code) { default: #ifdef KERNEL return 0; #else abort(); #endif case BPF_RET|BPF_K: return (u_int)pc->k; case BPF_RET|BPF_A: return (u_int)A; case BPF_LD|BPF_W|BPF_ABS: k = pc->k; if (k + sizeof(int32) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_ABS: k = pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_ABS: k = pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LD|BPF_W|BPF_LEN: A = wirelen; continue; case BPF_LDX|BPF_W|BPF_LEN: X = wirelen; continue; case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; if (k + sizeof(int32) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_IND: k = X + pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LDX|BPF_MSH|BPF_B: k = pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); X = (mtod(m, char *)[k] & 0xf) << 2; continue; #else return 0; #endif } X = (p[pc->k] & 0xf) << 2; continue; case BPF_LD|BPF_IMM: A = pc->k; continue; case BPF_LDX|BPF_IMM: X = pc->k; continue; case BPF_LD|BPF_MEM: A = mem[pc->k]; continue; case BPF_LDX|BPF_MEM: X = mem[pc->k]; continue; case BPF_ST: mem[pc->k] = A; continue; case BPF_STX: mem[pc->k] = X; continue; case BPF_JMP|BPF_JA: pc += pc->k; continue; case BPF_JMP|BPF_JGT|BPF_K: pc += (A > pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_K: pc += (A >= pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_K: pc += (A == pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_K: pc += (A & pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGT|BPF_X: pc += (A > X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_X: pc += (A >= X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_X: pc += (A == X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_X: pc += (A & X) ? pc->jt : pc->jf; continue; case BPF_ALU|BPF_ADD|BPF_X: A += X; continue; case BPF_ALU|BPF_SUB|BPF_X: A -= X; continue; case BPF_ALU|BPF_MUL|BPF_X: A *= X; continue; case BPF_ALU|BPF_DIV|BPF_X: if (X == 0) return 0; A /= X; continue; case BPF_ALU|BPF_AND|BPF_X: A &= X; continue; case BPF_ALU|BPF_OR|BPF_X: A |= X; continue; case BPF_ALU|BPF_LSH|BPF_X: A <<= X; continue; case BPF_ALU|BPF_RSH|BPF_X: A >>= X; continue; case BPF_ALU|BPF_ADD|BPF_K: A += pc->k; continue; case BPF_ALU|BPF_SUB|BPF_K: A -= pc->k; continue; case BPF_ALU|BPF_MUL|BPF_K: A *= pc->k; continue; case BPF_ALU|BPF_DIV|BPF_K: A /= pc->k; continue; case BPF_ALU|BPF_AND|BPF_K: A &= pc->k; continue; case BPF_ALU|BPF_OR|BPF_K: A |= pc->k; continue; case BPF_ALU|BPF_LSH|BPF_K: A <<= pc->k; continue; case BPF_ALU|BPF_RSH|BPF_K: A >>= pc->k; continue; case BPF_ALU|BPF_NEG: A = -A; continue; case BPF_MISC|BPF_TAX: X = A; continue; case BPF_MISC|BPF_TXA: A = X; continue; } } } #ifdef KERNEL /* * Return true if the 'fcode' is a valid filter program. * The constraints are that each jump be forward and to a valid * code. The code must terminate with either an accept or reject. * 'valid' is an array for use by the routine (it must be at least * 'len' bytes long). * * The kernel needs to be able to verify an application's filter code. * Otherwise, a bogus program could easily crash the system. */ int bpf_validate(f, len) struct bpf_insn *f; int len; { register int i; register struct bpf_insn *p; for (i = 0; i < len; ++i) { /* * Check that that jumps are forward, and within * the code block. */ p = &f[i]; if (BPF_CLASS(p->code) == BPF_JMP) { register int from = i + 1; if (BPF_OP(p->code) == BPF_JA) { if (from + p->k >= (unsigned)len) return 0; } else if (from + p->jt >= len || from + p->jf >= len) return 0; } /* * Check that memory operations use valid addresses. */ if ((BPF_CLASS(p->code) == BPF_ST || (BPF_CLASS(p->code) == BPF_LD && (p->code & 0xe0) == BPF_MEM)) && (p->k >= BPF_MEMWORDS || p->k < 0)) return 0; /* * Check for constant division by 0. */ if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) return 0; } return BPF_CLASS(f[len - 1].code) == BPF_RET; } #endif sniffit.0.3.7.beta/libpcap/bpf_image.c100444 1750 1750 11471 6553423606 16313 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: bpf_image.c,v 1.22 96/09/26 23:27:56 leres Exp $ (LBL)"; #endif #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif char * bpf_image(p, n) struct bpf_insn *p; int n; { int v; char *fmt, *op; static char image[256]; char operand[64]; v = p->k; switch (p->code) { default: op = "unimp"; fmt = "0x%x"; v = p->code; break; case BPF_RET|BPF_K: op = "ret"; fmt = "#%d"; break; case BPF_RET|BPF_A: op = "ret"; fmt = ""; break; case BPF_LD|BPF_W|BPF_ABS: op = "ld"; fmt = "[%d]"; break; case BPF_LD|BPF_H|BPF_ABS: op = "ldh"; fmt = "[%d]"; break; case BPF_LD|BPF_B|BPF_ABS: op = "ldb"; fmt = "[%d]"; break; case BPF_LD|BPF_W|BPF_LEN: op = "ld"; fmt = "#pktlen"; break; case BPF_LD|BPF_W|BPF_IND: op = "ld"; fmt = "[x + %d]"; break; case BPF_LD|BPF_H|BPF_IND: op = "ldh"; fmt = "[x + %d]"; break; case BPF_LD|BPF_B|BPF_IND: op = "ldb"; fmt = "[x + %d]"; break; case BPF_LD|BPF_IMM: op = "ld"; fmt = "#0x%x"; break; case BPF_LDX|BPF_IMM: op = "ldx"; fmt = "#0x%x"; break; case BPF_LDX|BPF_MSH|BPF_B: op = "ldxb"; fmt = "4*([%d]&0xf)"; break; case BPF_LD|BPF_MEM: op = "ld"; fmt = "M[%d]"; break; case BPF_LDX|BPF_MEM: op = "ldx"; fmt = "M[%d]"; break; case BPF_ST: op = "st"; fmt = "M[%d]"; break; case BPF_STX: op = "stx"; fmt = "M[%d]"; break; case BPF_JMP|BPF_JA: op = "ja"; fmt = "%d"; v = n + 1 + p->k; break; case BPF_JMP|BPF_JGT|BPF_K: op = "jgt"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JGE|BPF_K: op = "jge"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JEQ|BPF_K: op = "jeq"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JSET|BPF_K: op = "jset"; fmt = "#0x%x"; break; case BPF_JMP|BPF_JGT|BPF_X: op = "jgt"; fmt = "x"; break; case BPF_JMP|BPF_JGE|BPF_X: op = "jge"; fmt = "x"; break; case BPF_JMP|BPF_JEQ|BPF_X: op = "jeq"; fmt = "x"; break; case BPF_JMP|BPF_JSET|BPF_X: op = "jset"; fmt = "x"; break; case BPF_ALU|BPF_ADD|BPF_X: op = "add"; fmt = "x"; break; case BPF_ALU|BPF_SUB|BPF_X: op = "sub"; fmt = "x"; break; case BPF_ALU|BPF_MUL|BPF_X: op = "mul"; fmt = "x"; break; case BPF_ALU|BPF_DIV|BPF_X: op = "div"; fmt = "x"; break; case BPF_ALU|BPF_AND|BPF_X: op = "and"; fmt = "x"; break; case BPF_ALU|BPF_OR|BPF_X: op = "or"; fmt = "x"; break; case BPF_ALU|BPF_LSH|BPF_X: op = "lsh"; fmt = "x"; break; case BPF_ALU|BPF_RSH|BPF_X: op = "rsh"; fmt = "x"; break; case BPF_ALU|BPF_ADD|BPF_K: op = "add"; fmt = "#%d"; break; case BPF_ALU|BPF_SUB|BPF_K: op = "sub"; fmt = "#%d"; break; case BPF_ALU|BPF_MUL|BPF_K: op = "mul"; fmt = "#%d"; break; case BPF_ALU|BPF_DIV|BPF_K: op = "div"; fmt = "#%d"; break; case BPF_ALU|BPF_AND|BPF_K: op = "and"; fmt = "#0x%x"; break; case BPF_ALU|BPF_OR|BPF_K: op = "or"; fmt = "#0x%x"; break; case BPF_ALU|BPF_LSH|BPF_K: op = "lsh"; fmt = "#%d"; break; case BPF_ALU|BPF_RSH|BPF_K: op = "rsh"; fmt = "#%d"; break; case BPF_ALU|BPF_NEG: op = "neg"; fmt = ""; break; case BPF_MISC|BPF_TAX: op = "tax"; fmt = ""; break; case BPF_MISC|BPF_TXA: op = "txa"; fmt = ""; break; } (void)sprintf(operand, fmt, v); (void)sprintf(image, (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) ? "(%03d) %-8s %-16s jt %d\tjf %d" : "(%03d) %-8s %s", n, op, operand, n + 1 + p->jt, n + 1 + p->jf); return image; } sniffit.0.3.7.beta/libpcap/config.guess100555 1750 1750 47622 6553423606 16565 0ustar codercoder#! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. # # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Written by Per Bothner . # The master version of this file is at the FSF in /home/gd/gnu/lib. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # The plan is that this can be called by configure scripts if you # don't specify an explicit system type (host/target name). # # Only a few systems have been added to this list; please add others # (but try to keep the structure clean). # # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 8/24/94.) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in alpha:OSF1:*:*) # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` exit 0 ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit 0 ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-cbm-sysv4 exit 0;; amiga:NetBSD:*:*) echo m68k-cbm-netbsd${UNAME_RELEASE} exit 0 ;; amiga:OpenBSD:*:*) echo m68k-cbm-openbsd${UNAME_RELEASE} exit 0 ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit 0;; Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit 0 ;; NILE:*:*:dcosx) echo pyramid-pyramid-svr4 exit 0 ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit 0 ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit 0 ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit 0 ;; atari*:NetBSD:*:*) echo m68k-atari-netbsd${UNAME_RELEASE} exit 0 ;; atari*:OpenBSD:*:*) echo m68k-atari-openbsd${UNAME_RELEASE} exit 0 ;; sun3*:NetBSD:*:*) echo m68k-sun-netbsd${UNAME_RELEASE} exit 0 ;; sun3*:OpenBSD:*:*) echo m68k-sun-openbsd${UNAME_RELEASE} exit 0 ;; mac68k:NetBSD:*:*) echo m68k-apple-netbsd${UNAME_RELEASE} exit 0 ;; mac68k:OpenBSD:*:*) echo m68k-apple-openbsd${UNAME_RELEASE} exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit 0 ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit 0 ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit 0 ;; mips:*:*:UMIPS | mips:*:*:RISCos) sed 's/^ //' << EOF >dummy.c int main (argc, argv) int argc; char **argv; { #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF ${CC-cc} dummy.c -o dummy \ && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo mips-mips-riscos${UNAME_RELEASE} exit 0 ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit 0 ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit 0 ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit 0 ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ -o ${TARGET_BINARY_INTERFACE}x = x ] ; then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit 0 ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit 0 ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit 0 ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit 0 ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i?86:AIX:*:*) echo i386-ibm-aix exit 0 ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then sed 's/^ //' << EOF >dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo rs6000-ibm-aix3.2.5 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit 0 ;; *:AIX:*:4) if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=4.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit 0 ;; *:AIX:*:*) echo rs6000-ibm-aix exit 0 ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit 0 ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit 0 ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit 0 ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit 0 ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit 0 ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit 0 ;; 9000/[3478]??:HP-UX:*:*) case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; 9000/8?? ) HP_ARCH=hppa1.0 ;; esac HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit 0 ;; 3050*:HI-UX:*:*) sed 's/^ //' << EOF >dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy echo unknown-hitachi-hiuxwe2 exit 0 ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit 0 ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit 0 ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit 0 ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit 0 ;; i?86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit 0 ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit 0 ;; CRAY*X-MP:*:*:*) echo xmp-cray-unicos exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ exit 0 ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} exit 0 ;; CRAY-2:*:*:*) echo cray2-cray-unicos exit 0 ;; F300:UNIX_System_V:*:*) FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit 0 ;; F301:UNIX_System_V:*:*) echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` exit 0 ;; hp3[0-9][05]:NetBSD:*:*) echo m68k-hp-netbsd${UNAME_RELEASE} exit 0 ;; hp3[0-9][05]:OpenBSD:*:*) echo m68k-hp-openbsd${UNAME_RELEASE} exit 0 ;; i?86:BSD/386:*:* | *:BSD/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; *:FreeBSD:*:*) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit 0 ;; *:NetBSD:*:*) echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; *:OpenBSD:*:*) echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` exit 0 ;; i*:CYGWIN*:*) echo i386-pc-cygwin32 exit 0 ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin32 exit 0 ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit 0 ;; *:GNU:*:*) echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit 0 ;; *:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. ld_help_string=`ld --help 2>&1` if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then echo "powerpc-unknown-linux-gnu" ; exit 0 elif test "${UNAME_MACHINE}" = "alpha" ; then echo alpha-unknown-linux-gnu ; exit 0 elif test "${UNAME_MACHINE}" = "sparc" ; then echo sparc-unknown-linux-gnu ; exit 0 else # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. test ! -d /usr/lib/ldscripts/. \ && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 # Determine whether the default compiler is a.out or elf cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 rm -f dummy.c dummy fi ;; # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions # are messed up and put the nodename in both sysname and nodename. i?86:DYNIX/ptx:4*:*) echo i386-sequent-sysv4 exit 0 ;; i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} fi exit 0 ;; i?86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; paragon:*:*:*) echo i860-intel-osf1 exit 0 ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit 0 ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit 0 ;; M68*:*:R3V[567]*:*) test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4.3${OS_REL} && exit 0 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit 0 ;; i?86:LynxOS:2.*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit 0 ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit 0 ;; rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit 0 ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit 0 ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit 0 ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit 0 ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit 0 ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit 0 ;; R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit 0 ;; PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit 0 ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 cat >dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) #if !defined (ultrix) printf ("vax-dec-bsd\n"); exit (0); #else printf ("vax-dec-ultrix\n"); exit (0); #endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 rm -f dummy.c dummy # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit 0 ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit 0 ;; c34*) echo c34-convex-bsd exit 0 ;; c38*) echo c38-convex-bsd exit 0 ;; c4*) echo c4-convex-bsd exit 0 ;; esac fi #echo '(Unable to guess system type)' 1>&2 exit 1 sniffit.0.3.7.beta/libpcap/config.sub100555 1750 1750 45444 6553423606 16230 0ustar codercoder#! /bin/sh # Configuration validation subroutine script, version 1.1. # Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software # can handle that machine. It does not imply ALL GNU software can. # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. if [ x$1 = x ] then echo Configuration name missing. 1>&2 echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 echo "or $0 ALIAS" 1>&2 echo where ALIAS is a recognized configuration type. 1>&2 exit 1 fi # First pass through any local machine types. case $1 in *local*) echo $1 exit 0 ;; *) ;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in linux-gnu*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple) os= basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco5) os=sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ | arme[lb] | pyramid \ | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ | alpha | we32k | ns16k | clipper | i370 | sh \ | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ | pdp11 | mips64el | mips64orion | mips64orionel \ | sparc | sparclet | sparclite | sparc64) basic_machine=$basic_machine-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i[3456]86) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-cbm ;; amigados) basic_machine=m68k-cbm os=-amigados ;; amigaunix | amix) basic_machine=m68k-cbm os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | ymp) basic_machine=ymp-cray os=-unicos ;; cray2) basic_machine=cray2-cray os=-unicos ;; [ctj]90-cray) basic_machine=c90-cray os=-unicos ;; crds | unos) basic_machine=m68k-crds ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; i370-ibm* | ibm*) basic_machine=i370-ibm os=-mvs ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i[3456]86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i[3456]86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i[3456]86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i[3456]86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; miniframe) basic_machine=m68000-convergent ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; np1) basic_machine=np1-gould ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5) basic_machine=i586-intel ;; pentiumpro | p6) basic_machine=i686-intel ;; pentium-* | p5-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; k5) # We don't have specific support for AMD's K5 yet, so just call it a Pentium basic_machine=i586-amd ;; nexen) # We don't have specific support for Nexgen yet, so just call it a Pentium basic_machine=i586-nexgen ;; pn) basic_machine=pn-gould ;; power) basic_machine=rs6000-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; symmetry) basic_machine=i386-sequent os=-dynix ;; tower | tower-32) basic_machine=m68k-ncr ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; xmp) basic_machine=xmp-cray os=-unicos ;; xps | xps100) basic_machine=xps100-honeywell ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. mips) basic_machine=mips-mips ;; romp) basic_machine=romp-ibm ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sparc) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -unixware* | svr4*) os=-sysv4 ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -linux-gnu* | -uxpv*) # Remember, each alternative MUST END IN *, to match a version number. ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -ctix* | -uts*) os=-sysv ;; -ns2 ) os=-nextstep2 ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -xenix) os=-xenix ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in *-acorn) os=-riscix1.2 ;; arm*-semi) os=-aout ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-ibm) os=-aix ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigados ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f301-fujitsu) os=-uxpv ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -aix*) vendor=ibm ;; -hpux*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs*) vendor=ibm ;; -ptx*) vendor=sequent ;; -vxsim* | -vxworks*) vendor=wrs ;; -aux*) vendor=apple ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os sniffit.0.3.7.beta/libpcap/configure100755 1750 1750 172154 6553423606 16175 0ustar codercoder#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated automatically using autoconf version 2.12 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. # Defaults: ac_help= ac_default_prefix=/usr/local # Any additions from configure.in: ac_help="$ac_help --without-gcc don't use gcc" ac_help="$ac_help --with-pcap=TYPE use packet capture TYPE" ac_help="$ac_help --without-flex don't use flex" ac_help="$ac_help --without-bison don't use bison" # Initialize some variables set by options. # The variables have the same names as the options, with # dashes changed to underlines. build=NONE cache_file=./config.cache exec_prefix=NONE host=NONE no_create= nonopt=NONE no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= target=NONE verbose= x_includes=NONE x_libraries=NONE bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datadir='${prefix}/share' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 ac_prev= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" ac_prev= continue fi case "$ac_option" in -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; *) ac_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case "$ac_option" in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir="$ac_optarg" ;; -build | --build | --buil | --bui | --bu) ac_prev=build ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build="$ac_optarg" ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file="$ac_optarg" ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) datadir="$ac_optarg" ;; -disable-* | --disable-*) ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` eval "enable_${ac_feature}=no" ;; -enable-* | --enable-*) ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } fi ac_feature=`echo $ac_feature| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "enable_${ac_feature}='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix="$ac_optarg" ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he) # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat << EOF Usage: configure [options] [host] Options: [defaults in brackets after descriptions] Configuration: --cache-file=FILE cache test results in FILE --help print this message --no-create do not create output files --quiet, --silent do not print \`checking...' messages --version print the version of autoconf that created configure Directory and file names: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [same as prefix] --bindir=DIR user executables in DIR [EPREFIX/bin] --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] --libexecdir=DIR program executables in DIR [EPREFIX/libexec] --datadir=DIR read-only architecture-independent data in DIR [PREFIX/share] --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data in DIR [PREFIX/com] --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] --libdir=DIR object code libraries in DIR [EPREFIX/lib] --includedir=DIR C header files in DIR [PREFIX/include] --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] --infodir=DIR info documentation in DIR [PREFIX/info] --mandir=DIR man documentation in DIR [PREFIX/man] --srcdir=DIR find the sources in DIR [configure dir or ..] --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names EOF cat << EOF Host type: --build=BUILD configure for building on BUILD [BUILD=HOST] --host=HOST configure for HOST [guessed] --target=TARGET configure for TARGET [TARGET=HOST] Features and packages: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --x-includes=DIR X include files are in DIR --x-libraries=DIR X library files are in DIR EOF if test -n "$ac_help"; then echo "--enable and --with options recognized:$ac_help" fi exit 0 ;; -host | --host | --hos | --ho) ac_prev=host ;; -host=* | --host=* | --hos=* | --ho=*) host="$ac_optarg" ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir="$ac_optarg" ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir="$ac_optarg" ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir="$ac_optarg" ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir="$ac_optarg" ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ | --locals | --local | --loca | --loc | --lo) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) localstatedir="$ac_optarg" ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir="$ac_optarg" ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir="$ac_optarg" ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix="$ac_optarg" ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix="$ac_optarg" ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix="$ac_optarg" ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name="$ac_optarg" ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir="$ac_optarg" ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir="$ac_optarg" ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site="$ac_optarg" ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir="$ac_optarg" ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir="$ac_optarg" ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target="$ac_optarg" ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers) echo "configure generated by autoconf version 2.12" exit 0 ;; -with-* | --with-*) ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` case "$ac_option" in *=*) ;; *) ac_optarg=yes ;; esac eval "with_${ac_package}='$ac_optarg'" ;; -without-* | --without-*) ac_package=`echo $ac_option|sed -e 's/-*without-//'` # Reject names that are not valid shell variable names. if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } fi ac_package=`echo $ac_package| sed 's/-/_/g'` eval "with_${ac_package}=no" ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes="$ac_optarg" ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries="$ac_optarg" ;; -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } ;; *) if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then echo "configure: warning: $ac_option: invalid host type" 1>&2 fi if test "x$nonopt" != xNONE; then { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } fi nonopt="$ac_option" ;; esac done if test -n "$ac_prev"; then { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } fi trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 # File descriptor usage: # 0 standard input # 1 file creation # 2 errors and warnings # 3 some systems may open it to /dev/tty # 4 used on the Kubota Titan # 6 checking for... messages and results # 5 compiler messages saved in config.log if test "$silent" = yes; then exec 6>/dev/null else exec 6>&1 fi exec 5>./config.log echo "\ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. " 1>&5 # Strip out --no-create and --no-recursion so they do not pile up. # Also quote any args containing shell metacharacters. ac_configure_args= for ac_arg do case "$ac_arg" in -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c) ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) ac_configure_args="$ac_configure_args '$ac_arg'" ;; *) ac_configure_args="$ac_configure_args $ac_arg" ;; esac done # NLS nuisances. # Only set these to C if already set. These must not be set unconditionally # because not all systems understand e.g. LANG=C (notably SCO). # Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! # Non-C LC_CTYPE values break the ctype check. if test "${LANG+set}" = set; then LANG=C; export LANG; fi if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -rf conftest* confdefs.h # AIX cpp loses on an empty file, so make sure it contains at least a newline. echo > confdefs.h # A filename unique to this package, relative to the directory that # configure is in, which we can look for to find out if srcdir is correct. ac_unique_file=pcap.c # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. ac_prog=$0 ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } else { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } fi fi srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" else CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then echo "loading site script $ac_site_file" . "$ac_site_file" fi done if test -r "$cache_file"; then echo "loading cache $cache_file" . $cache_file else echo "creating cache $cache_file" > $cache_file fi ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then ac_n= ac_c=' ' ac_t=' ' else ac_n=-n ac_c= ac_t= fi else ac_n= ac_c='\c' ac_t= fi ac_aux_dir= for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do if test -f $ac_dir/install-sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f $ac_dir/install.sh; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break fi done if test -z "$ac_aux_dir"; then { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } fi ac_config_guess=$ac_aux_dir/config.guess ac_config_sub=$ac_aux_dir/config.sub ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. # Do some error checking and defaulting for the host and target type. # The inputs are: # configure --host=HOST --target=TARGET --build=BUILD NONOPT # # The rules are: # 1. You are not allowed to specify --host, --target, and nonopt at the # same time. # 2. Host defaults to nonopt. # 3. If nonopt is not specified, then host defaults to the current host, # as determined by config.guess. # 4. Target and build default to nonopt. # 5. If nonopt is not specified, then target and build default to host. # The aliases save the names the user supplied, while $host etc. # will get canonicalized. case $host---$target---$nonopt in NONE---*---* | *---NONE---* | *---*---NONE) ;; *) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; esac # Make sure we can run config.sub. if $ac_config_sub sun4 >/dev/null 2>&1; then : else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } fi echo $ac_n "checking host system type""... $ac_c" 1>&6 echo "configure:578: checking host system type" >&5 host_alias=$host case "$host_alias" in NONE) case $nonopt in NONE) if host_alias=`$ac_config_guess`; then : else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } fi ;; *) host_alias=$nonopt ;; esac ;; esac host=`$ac_config_sub $host_alias` host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$host" 1>&6 echo $ac_n "checking target system type""... $ac_c" 1>&6 echo "configure:599: checking target system type" >&5 target_alias=$target case "$target_alias" in NONE) case $nonopt in NONE) target_alias=$host_alias ;; *) target_alias=$nonopt ;; esac ;; esac target=`$ac_config_sub $target_alias` target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$target" 1>&6 echo $ac_n "checking build system type""... $ac_c" 1>&6 echo "configure:617: checking build system type" >&5 build_alias=$build case "$build_alias" in NONE) case $nonopt in NONE) build_alias=$host_alias ;; *) build_alias=$nonopt ;; esac ;; esac build=`$ac_config_sub $build_alias` build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` echo "$ac_t""$build" 1>&6 test "$host_alias" != "$target_alias" && test "$program_prefix$program_suffix$program_transform_name" = \ NONENONEs,x,x, && program_prefix=${target_alias}- umask 002 if test -z "$PWD" ; then PWD=`pwd` fi # Check whether --with-gcc or --without-gcc was given. if test "${with_gcc+set}" = set; then withval="$with_gcc" : fi V_CCOPT="-O" V_INCLS="" if test "${srcdir}" != "." ; then V_INCLS="-I\$\(srcdir\)" fi if test "${CFLAGS+set}" = set; then LBL_CFLAGS="$CFLAGS" fi if test -z "$CC" ; then case "$target_os" in bsdi*) # Extract the first word of "shlicc2", so it can be a program name with args. set dummy shlicc2; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:671: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_SHLICC2'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$SHLICC2"; then ac_cv_prog_SHLICC2="$SHLICC2" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_SHLICC2="yes" break fi done IFS="$ac_save_ifs" test -z "$ac_cv_prog_SHLICC2" && ac_cv_prog_SHLICC2="no" fi fi SHLICC2="$ac_cv_prog_SHLICC2" if test -n "$SHLICC2"; then echo "$ac_t""$SHLICC2" 1>&6 else echo "$ac_t""no" 1>&6 fi if test $SHLICC2 = yes ; then CC=shlicc2 export CC fi ;; esac fi if test -z "$CC" -a "$with_gcc" = no ; then CC=cc export CC fi # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:711: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" break fi done IFS="$ac_save_ifs" fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:740: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" ac_prog_rejected=no for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" break fi done IFS="$ac_save_ifs" if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# -gt 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift set dummy "$ac_dir/$ac_word" "$@" shift ac_cv_prog_CC="$@" fi fi fi fi CC="$ac_cv_prog_CC" if test -n "$CC"; then echo "$ac_t""$CC" 1>&6 else echo "$ac_t""no" 1>&6 fi test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 echo "configure:788: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then ac_cv_prog_cc_cross=no else ac_cv_prog_cc_cross=yes fi else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 ac_cv_prog_cc_works=no fi rm -fr conftest* echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 echo "configure:827: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no fi fi echo "$ac_t""$ac_cv_prog_gcc" 1>&6 if test $ac_cv_prog_gcc = yes; then GCC=yes ac_test_CFLAGS="${CFLAGS+set}" ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 echo "configure:851: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else echo 'void f(){}' > conftest.c if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then ac_cv_prog_cc_g=yes else ac_cv_prog_cc_g=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 if test "$ac_test_CFLAGS" = set; then CFLAGS="$ac_save_CFLAGS" elif test $ac_cv_prog_cc_g = yes; then CFLAGS="-g -O2" else CFLAGS="-O2" fi else GCC= test "${CFLAGS+set}" = set || CFLAGS="-g" fi if test "$GCC" = yes ; then if test "$SHLICC2" = yes ; then ac_cv_lbl_gcc_vers=2 V_CCOPT="-O2" else echo $ac_n "checking gcc version""... $ac_c" 1>&6 echo "configure:884: checking gcc version" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_gcc_vers'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_lbl_gcc_vers=`$CC -v 2>&1 | \ sed -n -e '$s/.* //' -e '$s/\..*//p'` fi echo "$ac_t""$ac_cv_lbl_gcc_vers" 1>&6 if test $ac_cv_lbl_gcc_vers -gt 1 ; then V_CCOPT="-O2" fi fi else echo $ac_n "checking that $CC handles ansi prototypes""... $ac_c" 1>&6 echo "configure:899: checking that $CC handles ansi prototypes" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_cc_ansi_prototypes'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int frob(int, char *) ; return 0; } EOF if { (eval echo configure:911: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_lbl_cc_ansi_prototypes=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_lbl_cc_ansi_prototypes=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_lbl_cc_ansi_prototypes" 1>&6 if test $ac_cv_lbl_cc_ansi_prototypes = no ; then case "$target_os" in hpux*) echo $ac_n "checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)""... $ac_c" 1>&6 echo "configure:929: checking for HP-UX ansi compiler ($CC -Aa -D_HPUX_SOURCE)" >&5 savedcflags="$CFLAGS" CFLAGS="-Aa -D_HPUX_SOURCE $CFLAGS" if eval "test \"`echo '$''{'ac_cv_lbl_cc_hpux_cc_aa'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { int frob(int, char *) ; return 0; } EOF if { (eval echo configure:943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_lbl_cc_hpux_cc_aa=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_lbl_cc_hpux_cc_aa=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_lbl_cc_hpux_cc_aa" 1>&6 if test $ac_cv_lbl_cc_hpux_cc_aa = no ; then { echo "configure: error: see the INSTALL doc for more info" 1>&2; exit 1; } fi CFLAGS="$savedcflags" V_CCOPT="-Aa $V_CCOPT" cat >> confdefs.h <<\EOF #define _HPUX_SOURCE 1 EOF ;; *) { echo "configure: error: see the INSTALL doc for more info" 1>&2; exit 1; } ;; esac fi V_INCLS="$V_INCLS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" case "$target_os" in irix*) V_CCOPT="$V_CCOPT -xansi -signed -g3" ;; osf*) V_CCOPT="$V_CCOPT -std1 -g3" ;; ultrix*) echo $ac_n "checking that Ultrix $CC hacks const in prototypes""... $ac_c" 1>&6 echo "configure:987: checking that Ultrix $CC hacks const in prototypes" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_cc_const_proto'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { struct a { int b; }; void c(const struct a *) ; return 0; } EOF if { (eval echo configure:1000: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_lbl_cc_const_proto=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_lbl_cc_const_proto=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_lbl_cc_const_proto" 1>&6 if test $ac_cv_lbl_cc_const_proto = no ; then cat >> confdefs.h <<\EOF #define const EOF fi ;; esac fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 echo "configure:1025: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else # This must be in double quotes, not single quotes, because CPP may get # substituted into the Makefile and "${CC-cc}" will confuse make. CPP="${CC-cc} -E" # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" { (eval echo configure:1046: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" { (eval echo configure:1063: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then : else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* CPP=/lib/cpp fi rm -f conftest* fi rm -f conftest* ac_cv_prog_CPP="$CPP" fi CPP="$ac_cv_prog_CPP" else ac_cv_prog_CPP="$CPP" fi echo "$ac_t""$CPP" 1>&6 for ac_hdr in malloc.h sys/ioccom.h sys/sockio.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 echo "configure:1089: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" { (eval echo configure:1099: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done if test "$GCC" = yes ; then echo $ac_n "checking for ANSI ioctl definitions""... $ac_c" 1>&6 echo "configure:1128: checking for ANSI ioctl definitions" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_gcc_fixincludes'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < # include # include # ifdef HAVE_SYS_IOCCOM_H # include # endif int main() { switch (0) { case _IO('A', 1):; case _IO('B', 1):; } ; return 0; } EOF if { (eval echo configure:1152: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_lbl_gcc_fixincludes=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_lbl_gcc_fixincludes=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_lbl_gcc_fixincludes" 1>&6 if test $ac_cv_lbl_gcc_fixincludes = no ; then # Don't cache failure unset ac_cv_lbl_gcc_fixincludes { echo "configure: error: see the INSTALL for more info" 1>&2; exit 1; } fi fi for ac_func in ether_hostton strerror do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 echo "configure:1175: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 builtin and then its argument prototype would still apply. */ char $ac_func(); int main() { /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else $ac_func(); #endif ; return 0; } EOF if { (eval echo configure:1203: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_func_$ac_func=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` cat >> confdefs.h <&6 fi done # Check whether --with-pcap or --without-pcap was given. if test "${with_pcap+set}" = set; then withval="$with_pcap" : fi echo $ac_n "checking packet capture type""... $ac_c" 1>&6 echo "configure:1235: checking packet capture type" >&5 if test ! -z "$with_pcap" ; then V_PCAP="$withval" elif test -r /dev/bpf0 ; then V_PCAP=bpf elif test -r /usr/include/net/pfilt.h ; then V_PCAP=pf elif test -r /dev/enet ; then V_PCAP=enet elif test -r /dev/nit ; then V_PCAP=snit elif test -r /usr/include/sys/net/nit.h ; then V_PCAP=nit elif test -r /usr/include/net/raw.h ; then V_PCAP=snoop elif test -r /usr/include/sys/dlpi.h ; then V_PCAP=dlpi elif test -r /usr/include/linux/socket.h ; then V_PCAP=linux elif test -c /dev/bpf0 ; then # check again in case not readable V_PCAP=bpf elif test -c /dev/enet ; then # check again in case not readable V_PCAP=enet elif test -c /dev/nit ; then # check again in case not readable V_PCAP=snit else V_PCAP=null fi echo "$ac_t""$V_PCAP" 1>&6 case "$V_PCAP" in dlpi) for ac_hdr in sys/bufmod.h sys/dlpi_ext.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 echo "configure:1272: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" { (eval echo configure:1282: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done echo $ac_n "checking for /dev/dlpi device""... $ac_c" 1>&6 echo "configure:1309: checking for /dev/dlpi device" >&5 if test -c /dev/dlpi ; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF #define HAVE_DEV_DLPI 1 EOF else echo "$ac_t""no" 1>&6 dir="/dev/dlpi" echo $ac_n "checking for $dir directory""... $ac_c" 1>&6 echo "configure:1320: checking for $dir directory" >&5 if test -d $dir ; then echo "$ac_t""yes" 1>&6 cat >> confdefs.h <&6 fi fi ;; linux) for ac_hdr in net/if_arp.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 echo "configure:1338: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" { (eval echo configure:1348: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" else echo "$ac_err" >&5 echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* eval "ac_cv_header_$ac_safe=no" fi rm -f conftest* fi if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then echo "$ac_t""yes" 1>&6 ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` cat >> confdefs.h <&6 fi done echo $ac_n "checking Linux kernel version""... $ac_c" 1>&6 echo "configure:1375: checking Linux kernel version" >&5 if eval "test \"`echo '$''{'ac_cv_linux_vers'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_linux_vers=`uname -r 2>&1 | \ sed -n -e '$s/.* //' -e '$s/\..*//p'` fi echo "$ac_t""$ac_cv_linux_vers" 1>&6 if test $ac_cv_linux_vers -lt 2 ; then { echo "configure: error: version 2 or higher required; see the INSTALL doc for more info" 1>&2; exit 1; } fi ;; null) echo "configure: warning: cannot determine packet capture interface" 1>&2 echo "configure: warning: (see the INSTALL doc for more info)" 1>&2 ;; esac # Check whether --with-flex or --without-flex was given. if test "${with_flex+set}" = set; then withval="$with_flex" : fi # Check whether --with-bison or --without-bison was given. if test "${with_bison+set}" = set; then withval="$with_bison" : fi if test "$with_flex" = no ; then V_LEX=lex else for ac_prog in flex do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:1416: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_V_LEX'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$V_LEX"; then ac_cv_prog_V_LEX="$V_LEX" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_V_LEX="$ac_prog" break fi done IFS="$ac_save_ifs" fi fi V_LEX="$ac_cv_prog_V_LEX" if test -n "$V_LEX"; then echo "$ac_t""$V_LEX" 1>&6 else echo "$ac_t""no" 1>&6 fi test -n "$V_LEX" && break done test -n "$V_LEX" || V_LEX="lex" fi if test "$V_LEX" = flex ; then # The -V flag was added in 2.4 echo $ac_n "checking for flex 2.4 or higher""... $ac_c" 1>&6 echo "configure:1449: checking for flex 2.4 or higher" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_flex_v24'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if flex -V >/dev/null 2>&1; then ac_cv_lbl_flex_v24=yes else ac_cv_lbl_flex_v24=no fi fi echo "$ac_t""$ac_cv_lbl_flex_v24" 1>&6 if test $ac_cv_lbl_flex_v24 = no ; then s="2.4 or higher required" echo "configure: warning: ignoring obsolete flex executable ($s)" 1>&2 V_LEX=lex fi fi if test "$with_bison" = no ; then V_YACC=yacc else for ac_prog in bison do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:1475: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_V_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$V_YACC"; then ac_cv_prog_V_YACC="$V_YACC" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_V_YACC="$ac_prog" break fi done IFS="$ac_save_ifs" fi fi V_YACC="$ac_cv_prog_V_YACC" if test -n "$V_YACC"; then echo "$ac_t""$V_YACC" 1>&6 else echo "$ac_t""no" 1>&6 fi test -n "$V_YACC" && break done test -n "$V_YACC" || V_YACC="yacc" fi if test "$V_YACC" = bison ; then V_YACC="$V_YACC -y" fi if test "$V_LEX" != lex -a "$V_YACC" = yacc -o "$V_LEX" = lex -a "$V_YACC" != yacc ; then echo "configure: warning: don't have both flex and bison; reverting to lex/yacc" 1>&2 V_LEX=lex V_YACC=yacc fi if test "$V_LEX" = flex -a -n "pcap_" ; then V_LEX="$V_LEX -Ppcap_" V_YACC="$V_YACC -p pcap_" fi case "$target_os" in aix*) cat >> confdefs.h <<\EOF #define _SUN 1 EOF ;; hpux9*) cat >> confdefs.h <<\EOF #define HAVE_HPUX9 1 EOF ;; hpux10.0*) ;; hpux10.1*) ;; hpux*) cat >> confdefs.h <<\EOF #define HAVE_HPUX10_20 1 EOF ;; sinix*) echo $ac_n "checking if SINIX compiler defines sinix""... $ac_c" 1>&6 echo "configure:1549: checking if SINIX compiler defines sinix" >&5 if eval "test \"`echo '$''{'ac_cv_cc_sinix_defined'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_cc_sinix_defined=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_cc_sinix_defined=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_cc_sinix_defined" 1>&6 if test $ac_cv_cc_sinix_defined = no ; then cat >> confdefs.h <<\EOF #define sinix 1 EOF fi ;; solaris*) cat >> confdefs.h <<\EOF #define HAVE_SOLARIS 1 EOF ;; linux*) V_INCLS="$V_INCLS -Ilinux-include" ;; esac for ac_prog in ranlib do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 echo "configure:1599: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_V_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$V_RANLIB"; then ac_cv_prog_V_RANLIB="$V_RANLIB" # Let the user override the test. else IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_V_RANLIB="$ac_prog" break fi done IFS="$ac_save_ifs" fi fi V_RANLIB="$ac_cv_prog_V_RANLIB" if test -n "$V_RANLIB"; then echo "$ac_t""$V_RANLIB" 1>&6 else echo "$ac_t""no" 1>&6 fi test -n "$V_RANLIB" && break done test -n "$V_RANLIB" || V_RANLIB="@true" rm -f os-proto.h if test "${LBL_CFLAGS+set}" = set; then V_CCOPT="$V_CCOPT ${LBL_CFLAGS}" fi if test -f .devel ; then if test "$GCC" = yes ; then if test "${LBL_CFLAGS+set}" != set; then if test "$ac_cv_prog_cc_g" = yes ; then V_CCOPT="-g $V_CCOPT" fi V_CCOPT="$V_CCOPT -Wall" if test $ac_cv_lbl_gcc_vers -gt 1 ; then V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes" fi fi else case "$target_os" in irix6*) V_CCOPT="$V_CCOPT -n32" ;; *) ;; esac fi os=`echo $target_os | sed -e 's/\([0-9][0-9]*\)[^0-9].*$/\1/'` name="lbl/os-$os.h" if test -f $name ; then ln -s $name os-proto.h cat >> confdefs.h <<\EOF #define HAVE_OS_PROTO_H 1 EOF else echo "configure: warning: can't find $name" 1>&2 fi fi echo $ac_n "checking if sockaddr struct has sa_len member""... $ac_c" 1>&6 echo "configure:1669: checking if sockaddr struct has sa_len member" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_sockaddr_has_sa_len'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < # include int main() { u_int i = sizeof(((struct sockaddr *)0)->sa_len) ; return 0; } EOF if { (eval echo configure:1683: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_lbl_sockaddr_has_sa_len=yes else echo "configure: failed program was:" >&5 cat conftest.$ac_ext >&5 rm -rf conftest* ac_cv_lbl_sockaddr_has_sa_len=no fi rm -f conftest* fi echo "$ac_t""$ac_cv_lbl_sockaddr_has_sa_len" 1>&6 if test $ac_cv_lbl_sockaddr_has_sa_len = yes ; then cat >> confdefs.h <<\EOF #define HAVE_SOCKADDR_SA_LEN 1 EOF fi echo $ac_n "checking if unaligned accesses fail""... $ac_c" 1>&6 echo "configure:1704: checking if unaligned accesses fail" >&5 if eval "test \"`echo '$''{'ac_cv_lbl_unaligned_fail'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else case "$target_cpu" in alpha|hp*|mips|sparc) ac_cv_lbl_unaligned_fail=yes ;; *) cat >conftest.c < # include # include unsigned char a[5] = { 1, 2, 3, 4, 5 }; main() { unsigned int i; pid_t pid; int status; /* avoid "core dumped" message */ pid = fork(); if (pid < 0) exit(2); if (pid > 0) { /* parent */ pid = waitpid(pid, &status, 0); if (pid < 0) exit(3); exit(!WIFEXITED(status)); } /* child */ i = *(unsigned int *)&a[1]; printf("%d\n", i); exit(0); } EOF ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS \ conftest.c $LIBS >/dev/null 2>&1 if test ! -x conftest ; then ac_cv_lbl_unaligned_fail=yes else ./conftest >conftest.out if test ! -s conftest.out ; then ac_cv_lbl_unaligned_fail=yes else ac_cv_lbl_unaligned_fail=no fi fi rm -f conftest* core core.conftest ;; esac fi echo "$ac_t""$ac_cv_lbl_unaligned_fail" 1>&6 if test $ac_cv_lbl_unaligned_fail = yes ; then cat >> confdefs.h <<\EOF #define LBL_ALIGN 1 EOF fi if test "${srcdir}" = "." ; then srcdirprefix="" else srcdirprefix="./" fi if test -r ${srcdirprefix}lbl/gnuc.h ; then rm -f gnuc.h ln -s ${srcdirprefix}lbl/gnuc.h gnuc.h fi rm -f bpf_filter.c ln -s ${srcdirprefix}bpf/net/bpf_filter.c bpf_filter.c rm -f net ln -s ${srcdirprefix}bpf/net net # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 echo "configure:1800: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" for ac_dir in $PATH; do # Account for people who put trailing slashes in PATH elements. case "$ac_dir/" in /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. for ac_prog in ginstall installbsd scoinst install; do if test -f $ac_dir/$ac_prog; then if test $ac_prog = install && grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. # OSF/1 installbsd also uses dspmsg, but is usable. : else ac_cv_path_install="$ac_dir/$ac_prog -c" break 2 fi fi done ;; esac done IFS="$ac_save_IFS" fi if test "${ac_cv_path_install+set}" = set; then INSTALL="$ac_cv_path_install" else # As a last resort, use the slow shell script. We don't cache a # path for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the path is relative. INSTALL="$ac_install_sh" fi fi echo "$ac_t""$INSTALL" 1>&6 # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' trap '' 1 2 15 cat > confcache <<\EOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs. It is not useful on other systems. # If it contains results you don't want to keep, you may remove or edit it. # # By default, configure uses ./config.cache as the cache file, # creating it if it does not exist already. You can give configure # the --cache-file=FILE option to use a different cache file; that is # what configure does when it calls configure scripts in # subdirectories, so they share the cache. # Giving --cache-file=/dev/null disables caching, for debugging configure. # config.status only pays attention to the cache file if you give it the # --recheck option to rerun configure. # EOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | case `(ac_space=' '; set) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote substitution # turns \\\\ into \\, and sed turns \\ into \). sed -n \ -e "s/'/'\\\\''/g" \ -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" ;; *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' ;; esac >> confcache if cmp -s $cache_file confcache; then : else if test -w $cache_file; then echo "updating cache $cache_file" cat confcache > $cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Any assignment to VPATH causes Sun make to only execute # the first set of double-colon rules, so remove it if not needed. # If there is a colon in the path, we need to keep it. if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' fi trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. cat > conftest.defs <<\EOF s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g s%\[%\\&%g s%\]%\\&%g s%\$%$$%g EOF DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` rm -f conftest.defs # Without the "./", some shells look in PATH for config.status. : ${CONFIG_STATUS=./config.status} echo creating $CONFIG_STATUS rm -f $CONFIG_STATUS cat > $CONFIG_STATUS </dev/null | sed 1q`: # # $0 $ac_configure_args # # Compiler output produced by configure, useful for debugging # configure, is in ./config.log if it exists. ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" for ac_option do case "\$ac_option" in -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) echo "$CONFIG_STATUS generated by autoconf version 2.12" exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; *) echo "\$ac_cs_usage"; exit 1 ;; esac done ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" trap 'rm -fr `echo "Makefile" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 EOF cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF $ac_vpsub $extrasub s%@CFLAGS@%$CFLAGS%g s%@CPPFLAGS@%$CPPFLAGS%g s%@CXXFLAGS@%$CXXFLAGS%g s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g s%@exec_prefix@%$exec_prefix%g s%@prefix@%$prefix%g s%@program_transform_name@%$program_transform_name%g s%@bindir@%$bindir%g s%@sbindir@%$sbindir%g s%@libexecdir@%$libexecdir%g s%@datadir@%$datadir%g s%@sysconfdir@%$sysconfdir%g s%@sharedstatedir@%$sharedstatedir%g s%@localstatedir@%$localstatedir%g s%@libdir@%$libdir%g s%@includedir@%$includedir%g s%@oldincludedir@%$oldincludedir%g s%@infodir@%$infodir%g s%@mandir@%$mandir%g s%@host@%$host%g s%@host_alias@%$host_alias%g s%@host_cpu@%$host_cpu%g s%@host_vendor@%$host_vendor%g s%@host_os@%$host_os%g s%@target@%$target%g s%@target_alias@%$target_alias%g s%@target_cpu@%$target_cpu%g s%@target_vendor@%$target_vendor%g s%@target_os@%$target_os%g s%@build@%$build%g s%@build_alias@%$build_alias%g s%@build_cpu@%$build_cpu%g s%@build_vendor@%$build_vendor%g s%@build_os@%$build_os%g s%@SHLICC2@%$SHLICC2%g s%@CC@%$CC%g s%@CPP@%$CPP%g s%@V_LEX@%$V_LEX%g s%@V_YACC@%$V_YACC%g s%@V_RANLIB@%$V_RANLIB%g s%@V_CCOPT@%$V_CCOPT%g s%@V_INCLS@%$V_INCLS%g s%@V_PCAP@%$V_PCAP%g s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g s%@INSTALL_DATA@%$INSTALL_DATA%g CEOF EOF cat >> $CONFIG_STATUS <<\EOF # Split the substitutions into bite-sized pieces for seds with # small command number limits, like on Digital OSF/1 and HP-UX. ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. ac_file=1 # Number of current file. ac_beg=1 # First line for current file. ac_end=$ac_max_sed_cmds # Line after last line for current file. ac_more_lines=: ac_sed_cmds="" while $ac_more_lines; do if test $ac_beg -gt 1; then sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file else sed "${ac_end}q" conftest.subs > conftest.s$ac_file fi if test ! -s conftest.s$ac_file; then ac_more_lines=false rm -f conftest.s$ac_file else if test -z "$ac_sed_cmds"; then ac_sed_cmds="sed -f conftest.s$ac_file" else ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" fi ac_file=`expr $ac_file + 1` ac_beg=$ac_end ac_end=`expr $ac_end + $ac_max_sed_cmds` fi done if test -z "$ac_sed_cmds"; then ac_sed_cmds=cat fi EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". case "$ac_file" in *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; *) ac_file_in="${ac_file}.in" ;; esac # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. # Remove last slash and all that follows it. Not all systems have dirname. ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then # The file is in a subdirectory. test ! -d "$ac_dir" && mkdir "$ac_dir" ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" # A "../" for each directory in $ac_dir_suffix. ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` else ac_dir_suffix= ac_dots= fi case "$ac_given_srcdir" in .) srcdir=. if test -z "$ac_dots"; then top_srcdir=. else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; *) # Relative path. srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" top_srcdir="$ac_dots$ac_given_srcdir" ;; esac case "$ac_given_INSTALL" in [/$]*) INSTALL="$ac_given_INSTALL" ;; *) INSTALL="$ac_dots$ac_given_INSTALL" ;; esac echo creating "$ac_file" rm -f "$ac_file" configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." case "$ac_file" in *Makefile*) ac_comsub="1i\\ # $configure_input" ;; *) ac_comsub= ;; esac ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` sed -e "$ac_comsub s%@configure_input@%$configure_input%g s%@srcdir@%$srcdir%g s%@top_srcdir@%$top_srcdir%g s%@INSTALL@%$INSTALL%g " $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file fi; done rm -f conftest.s* EOF cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF exit 0 EOF chmod +x $CONFIG_STATUS rm -fr confdefs* $ac_clean_files test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 if test -f .devel ; then make depend fi exit 0 sniffit.0.3.7.beta/libpcap/configure.in100555 1750 1750 7357 6553423606 16542 0ustar codercoderdnl @(#) $Header: configure.in,v 1.67 97/07/27 22:16:17 leres Exp $ (LBL) dnl dnl Copyright (c) 1994, 1995, 1996, 1997 dnl The Regents of the University of California. All rights reserved. dnl dnl Process this file with autoconf to produce a configure script. dnl AC_INIT(pcap.c) AC_CANONICAL_SYSTEM umask 002 if test -z "$PWD" ; then PWD=`pwd` fi AC_LBL_C_INIT(V_CCOPT, V_INCLS) AC_CHECK_HEADERS(malloc.h sys/ioccom.h sys/sockio.h) AC_LBL_FIXINCLUDES AC_CHECK_FUNCS(ether_hostton strerror) dnl dnl Not all versions of test support -c (character special) but it's a dnl better way of testing since the device might be protected. So we dnl check in our normal order using -r and then check the for the /dev dnl guys again using -c. dnl AC_ARG_WITH(pcap, [ --with-pcap=TYPE use packet capture TYPE]) AC_MSG_CHECKING(packet capture type) if test ! -z "$with_pcap" ; then V_PCAP="$withval" elif test -r /dev/bpf0 ; then V_PCAP=bpf elif test -r /usr/include/net/pfilt.h ; then V_PCAP=pf elif test -r /dev/enet ; then V_PCAP=enet elif test -r /dev/nit ; then V_PCAP=snit elif test -r /usr/include/sys/net/nit.h ; then V_PCAP=nit elif test -r /usr/include/net/raw.h ; then V_PCAP=snoop elif test -r /usr/include/sys/dlpi.h ; then V_PCAP=dlpi elif test -r /usr/include/linux/socket.h ; then V_PCAP=linux elif test -c /dev/bpf0 ; then # check again in case not readable V_PCAP=bpf elif test -c /dev/enet ; then # check again in case not readable V_PCAP=enet elif test -c /dev/nit ; then # check again in case not readable V_PCAP=snit else V_PCAP=null fi AC_MSG_RESULT($V_PCAP) case "$V_PCAP" in dlpi) AC_CHECK_HEADERS(sys/bufmod.h sys/dlpi_ext.h) AC_MSG_CHECKING(for /dev/dlpi device) if test -c /dev/dlpi ; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_DEV_DLPI) else AC_MSG_RESULT(no) dir="/dev/dlpi" AC_MSG_CHECKING(for $dir directory) if test -d $dir ; then AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED(PCAP_DEV_PREFIX, "$dir") else AC_MSG_RESULT(no) fi fi ;; linux) AC_CHECK_HEADERS(net/if_arp.h) AC_MSG_CHECKING(Linux kernel version) AC_CACHE_VAL(ac_cv_linux_vers, ac_cv_linux_vers=`uname -r 2>&1 | \ sed -n -e '$s/.* //' -e '$s/\..*//p'`) AC_MSG_RESULT($ac_cv_linux_vers) if test $ac_cv_linux_vers -lt 2 ; then AC_MSG_ERROR(version 2 or higher required; see the INSTALL doc for more info) fi ;; null) AC_MSG_WARN(cannot determine packet capture interface) AC_MSG_WARN((see the INSTALL doc for more info)) ;; esac AC_LBL_LEX_AND_YACC(V_LEX, V_YACC, pcap_) case "$target_os" in aix*) dnl Workaround to enable certain features AC_DEFINE(_SUN) ;; hpux9*) AC_DEFINE(HAVE_HPUX9) ;; hpux10.0*) ;; hpux10.1*) ;; hpux*) dnl HPUX 10.20 and above is similar to HPUX 9... AC_DEFINE(HAVE_HPUX10_20) ;; sinix*) AC_MSG_CHECKING(if SINIX compiler defines sinix) AC_CACHE_VAL(ac_cv_cc_sinix_defined, AC_TRY_COMPILE( [], [int i = sinix;], ac_cv_cc_sinix_defined=yes, ac_cv_cc_sinix_defined=no)) AC_MSG_RESULT($ac_cv_cc_sinix_defined) if test $ac_cv_cc_sinix_defined = no ; then AC_DEFINE(sinix) fi ;; solaris*) AC_DEFINE(HAVE_SOLARIS) ;; linux*) V_INCLS="$V_INCLS -Ilinux-include" ;; esac AC_CHECK_PROGS(V_RANLIB, ranlib, @true) AC_LBL_DEVEL(V_CCOPT) AC_LBL_SOCKADDR_SA_LEN AC_LBL_UNALIGNED_ACCESS if test "${srcdir}" = "." ; then srcdirprefix="" else srcdirprefix="./" fi if test -r ${srcdirprefix}lbl/gnuc.h ; then rm -f gnuc.h ln -s ${srcdirprefix}lbl/gnuc.h gnuc.h fi rm -f bpf_filter.c ln -s ${srcdirprefix}bpf/net/bpf_filter.c bpf_filter.c rm -f net ln -s ${srcdirprefix}bpf/net net AC_SUBST(V_CCOPT) AC_SUBST(V_INCLS) AC_SUBST(V_LEX) AC_SUBST(V_PCAP) AC_SUBST(V_RANLIB) AC_SUBST(V_YACC) AC_PROG_INSTALL AC_OUTPUT(Makefile) if test -f .devel ; then make depend fi exit 0 sniffit.0.3.7.beta/libpcap/etherent.c100444 1750 1750 6337 6553423606 16205 0ustar codercoder/* * Copyright (c) 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: etherent.c,v 1.20 96/09/26 23:28:00 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include "pcap-int.h" #include #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif static inline int xdtoi(int); static inline int skip_space(FILE *); static inline int skip_line(FILE *); /* Hex digit to integer. */ static inline int xdtoi(c) register int c; { if (isdigit(c)) return c - '0'; else if (islower(c)) return c - 'a' + 10; else return c - 'A' + 10; } static inline int skip_space(f) FILE *f; { int c; do { c = getc(f); } while (isspace(c) && c != '\n'); return c; } static inline int skip_line(f) FILE *f; { int c; do c = getc(f); while (c != '\n' && c != EOF); return c; } struct pcap_etherent * pcap_next_etherent(FILE *fp) { register int c, d, i; char *bp; static struct pcap_etherent e; memset((char *)&e, 0, sizeof(e)); do { /* Find addr */ c = skip_space(fp); if (c == '\n') continue; /* If this is a comment, or first thing on line cannot be etehrnet address, skip the line. */ if (!isxdigit(c)) { c = skip_line(fp); continue; } /* must be the start of an address */ for (i = 0; i < 6; i += 1) { d = xdtoi(c); c = getc(fp); if (isxdigit(c)) { d <<= 4; d |= xdtoi(c); c = getc(fp); } e.addr[i] = d; if (c != ':') break; c = getc(fp); } if (c == EOF) break; /* Must be whitespace */ if (!isspace(c)) { c = skip_line(fp); continue; } c = skip_space(fp); /* hit end of line... */ if (c == '\n') continue; if (c == '#') { c = skip_line(fp); continue; } /* pick up name */ bp = e.name; /* Use 'd' to prevent buffer overflow. */ d = sizeof(e.name) - 1; do { *bp++ = c; c = getc(fp); } while (!isspace(c) && c != EOF && --d > 0); *bp = '\0'; /* Eat trailing junk */ if (c != '\n') (void)skip_line(fp); return &e; } while (c != EOF); return (NULL); } sniffit.0.3.7.beta/libpcap/ethertype.h100444 1750 1750 4456 6553423606 16405 0ustar codercoder/* * Copyright (c) 1993, 1994, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: ethertype.h,v 1.6 96/07/14 18:21:49 leres Exp $ (LBL) */ /* Types missing from some systems */ #ifndef ETHERTYPE_NS #define ETHERTYPE_NS 0x0600 #endif #ifndef ETHERTYPE_SPRITE #define ETHERTYPE_SPRITE 0x0500 #endif #ifndef ETHERTYPE_TRAIL #define ETHERTYPE_TRAIL 0x1000 #endif #ifndef ETHERTYPE_MOPDL #define ETHERTYPE_MOPDL 0x6001 #endif #ifndef ETHERTYPE_MOPRC #define ETHERTYPE_MOPRC 0x6002 #endif #ifndef ETHERTYPE_DN #define ETHERTYPE_DN 0x6003 #endif #ifndef ETHERTYPE_LAT #define ETHERTYPE_LAT 0x6004 #endif #ifndef ETHERTYPE_SCA #define ETHERTYPE_SCA 0x6007 #endif #ifndef ETHERTYPE_REVARP #define ETHERTYPE_REVARP 0x8035 #endif #ifndef ETHERTYPE_LANBRIDGE #define ETHERTYPE_LANBRIDGE 0x8038 #endif #ifndef ETHERTYPE_DECDNS #define ETHERTYPE_DECDNS 0x803c #endif #ifndef ETHERTYPE_DECDTS #define ETHERTYPE_DECDTS 0x803e #endif #ifndef ETHERTYPE_VEXP #define ETHERTYPE_VEXP 0x805b #endif #ifndef ETHERTYPE_VPROD #define ETHERTYPE_VPROD 0x805c #endif #ifndef ETHERTYPE_ATALK #define ETHERTYPE_ATALK 0x809b #endif #ifndef ETHERTYPE_AARP #define ETHERTYPE_AARP 0x80f3 #endif #ifndef ETHERTYPE_LOOPBACK #define ETHERTYPE_LOOPBACK 0x9000 #endif sniffit.0.3.7.beta/libpcap/gencode.c100444 1750 1750 110771 6553423606 16031 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: gencode.c,v 1.93 97/06/12 14:22:47 leres Exp $ (LBL)"; #endif #include #include #include #if __STDC__ struct mbuf; struct rtentry; #endif #include #include #include #include #include #include #if __STDC__ #include #else #include #endif #include "pcap-int.h" #include "ethertype.h" #include "gencode.h" #include "ppp.h" #include #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #define JMP(c) ((c)|BPF_JMP|BPF_K) /* Locals */ static jmp_buf top_ctx; static pcap_t *bpf_pcap; /* XXX */ #ifdef PCAP_FDDIPAD int pcap_fddipad = PCAP_FDDIPAD; #else int pcap_fddipad; #endif /* VARARGS */ __dead void #if __STDC__ bpf_error(const char *fmt, ...) #else bpf_error(fmt, va_alist) const char *fmt; va_dcl #endif { va_list ap; #if __STDC__ va_start(ap, fmt); #else va_start(ap); #endif if (bpf_pcap != NULL) (void)vsprintf(pcap_geterr(bpf_pcap), fmt, ap); va_end(ap); longjmp(top_ctx, 1); /* NOTREACHED */ } static void init_linktype(int); static int alloc_reg(void); static void free_reg(int); static struct block *root; /* * We divy out chunks of memory rather than call malloc each time so * we don't have to worry about leaking memory. It's probably * not a big deal if all this memory was wasted but it this ever * goes into a library that would probably not be a good idea. */ #define NCHUNKS 16 #define CHUNK0SIZE 1024 struct chunk { u_int n_left; void *m; }; static struct chunk chunks[NCHUNKS]; static int cur_chunk; static void *newchunk(u_int); static void freechunks(void); static inline struct block *new_block(int); static inline struct slist *new_stmt(int); static struct block *gen_retblk(int); static inline void syntax(void); static void backpatch(struct block *, struct block *); static void merge(struct block *, struct block *); static struct block *gen_cmp(u_int, u_int, bpf_int32); static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); static struct block *gen_bcmp(u_int, u_int, const u_char *); static struct block *gen_uncond(int); static inline struct block *gen_true(void); static inline struct block *gen_false(void); static struct block *gen_linktype(int); static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); static struct block *gen_ehostop(const u_char *, int); static struct block *gen_fhostop(const u_char *, int); static struct block *gen_dnhostop(bpf_u_int32, int, u_int); static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); static struct block *gen_ipfrag(void); static struct block *gen_portatom(int, bpf_int32); struct block *gen_portop(int, int, int); static struct block *gen_port(int, int, int); static int lookup_proto(const char *, int); static struct block *gen_proto(int, int, int); static struct slist *xfer_to_x(struct arth *); static struct slist *xfer_to_a(struct arth *); static struct block *gen_len(int, int); static void * newchunk(n) u_int n; { struct chunk *cp; int k, size; /* XXX Round up to nearest long. */ n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); cp = &chunks[cur_chunk]; if (n > cp->n_left) { ++cp, k = ++cur_chunk; if (k >= NCHUNKS) bpf_error("out of memory"); size = CHUNK0SIZE << k; cp->m = (void *)malloc(size); memset((char *)cp->m, 0, size); cp->n_left = size; if (n > size) bpf_error("out of memory"); } cp->n_left -= n; return (void *)((char *)cp->m + cp->n_left); } static void freechunks() { int i; cur_chunk = 0; for (i = 0; i < NCHUNKS; ++i) if (chunks[i].m != NULL) { free(chunks[i].m); chunks[i].m = NULL; } } /* * A strdup whose allocations are freed after code generation is over. */ char * sdup(s) register const char *s; { int n = strlen(s) + 1; char *cp = newchunk(n); strcpy(cp, s); return (cp); } static inline struct block * new_block(code) int code; { struct block *p; p = (struct block *)newchunk(sizeof(*p)); p->s.code = code; p->head = p; return p; } static inline struct slist * new_stmt(code) int code; { struct slist *p; p = (struct slist *)newchunk(sizeof(*p)); p->s.code = code; return p; } static struct block * gen_retblk(v) int v; { struct block *b = new_block(BPF_RET|BPF_K); b->s.k = v; return b; } static inline void syntax() { bpf_error("syntax error in filter expression"); } static bpf_u_int32 netmask; static int snaplen; int pcap_compile(pcap_t *p, struct bpf_program *program, char *buf, int optimize, bpf_u_int32 mask) { extern int n_errors; int len; n_errors = 0; root = NULL; bpf_pcap = p; if (setjmp(top_ctx)) { freechunks(); return (-1); } netmask = mask; snaplen = pcap_snapshot(p); lex_init(buf ? buf : ""); init_linktype(pcap_datalink(p)); (void)pcap_parse(); if (n_errors) syntax(); if (root == NULL) root = gen_retblk(snaplen); if (optimize) { bpf_optimize(&root); if (root == NULL || (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) bpf_error("expression rejects all packets"); } program->bf_insns = icode_to_fcode(root, &len); program->bf_len = len; freechunks(); return (0); } /* * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates * which of the jt and jf fields has been resolved and which is a pointer * back to another unresolved block (or nil). At least one of the fields * in each block is already resolved. */ static void backpatch(list, target) struct block *list, *target; { struct block *next; while (list) { if (!list->sense) { next = JT(list); JT(list) = target; } else { next = JF(list); JF(list) = target; } list = next; } } /* * Merge the lists in b0 and b1, using the 'sense' field to indicate * which of jt and jf is the link. */ static void merge(b0, b1) struct block *b0, *b1; { register struct block **p = &b0; /* Find end of list. */ while (*p) p = !((*p)->sense) ? &JT(*p) : &JF(*p); /* Concatenate the lists. */ *p = b1; } void finish_parse(p) struct block *p; { backpatch(p, gen_retblk(snaplen)); p->sense = !p->sense; backpatch(p, gen_retblk(0)); root = p->head; } void gen_and(b0, b1) struct block *b0, *b1; { backpatch(b0, b1->head); b0->sense = !b0->sense; b1->sense = !b1->sense; merge(b1, b0); b1->sense = !b1->sense; b1->head = b0->head; } void gen_or(b0, b1) struct block *b0, *b1; { b0->sense = !b0->sense; backpatch(b0, b1->head); b0->sense = !b0->sense; merge(b1, b0); b1->head = b0->head; } void gen_not(b) struct block *b; { b->sense = !b->sense; } static struct block * gen_cmp(offset, size, v) u_int offset, size; bpf_int32 v; { struct slist *s; struct block *b; s = new_stmt(BPF_LD|BPF_ABS|size); s->s.k = offset; b = new_block(JMP(BPF_JEQ)); b->stmts = s; b->s.k = v; return b; } static struct block * gen_mcmp(offset, size, v, mask) u_int offset, size; bpf_int32 v; bpf_u_int32 mask; { struct block *b = gen_cmp(offset, size, v); struct slist *s; if (mask != 0xffffffff) { s = new_stmt(BPF_ALU|BPF_AND|BPF_K); s->s.k = mask; b->stmts->next = s; } return b; } static struct block * gen_bcmp(offset, size, v) register u_int offset, size; register const u_char *v; { register struct block *b, *tmp; b = NULL; while (size >= 4) { register const u_char *p = &v[size - 4]; bpf_int32 w = ((bpf_int32)p[0] << 24) | ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; tmp = gen_cmp(offset + size - 4, BPF_W, w); if (b != NULL) gen_and(b, tmp); b = tmp; size -= 4; } while (size >= 2) { register const u_char *p = &v[size - 2]; bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; tmp = gen_cmp(offset + size - 2, BPF_H, w); if (b != NULL) gen_and(b, tmp); b = tmp; size -= 2; } if (size > 0) { tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); if (b != NULL) gen_and(b, tmp); b = tmp; } return b; } /* * Various code constructs need to know the layout of the data link * layer. These variables give the necessary offsets. off_linktype * is set to -1 for no encapsulation, in which case, IP is assumed. */ static u_int off_linktype; static u_int off_nl; static int linktype; static void init_linktype(type) int type; { linktype = type; switch (type) { case DLT_EN10MB: off_linktype = 12; off_nl = 14; return; case DLT_SLIP: /* * SLIP doesn't have a link level type. The 16 byte * header is hacked into our SLIP driver. */ off_linktype = -1; off_nl = 16; return; case DLT_SLIP_BSDOS: /* XXX this may be the same as the DLT_PPP_BSDOS case */ off_linktype = -1; /* XXX end */ off_nl = 24; return; case DLT_NULL: off_linktype = 0; off_nl = 4; return; case DLT_PPP: off_linktype = 2; off_nl = 4; return; case DLT_PPP_BSDOS: off_linktype = 5; off_nl = 24; return; case DLT_FDDI: /* * FDDI doesn't really have a link-level type field. * We assume that SSAP = SNAP is being used and pick * out the encapsulated Ethernet type. */ off_linktype = 19; #ifdef PCAP_FDDIPAD off_linktype += pcap_fddipad; #endif off_nl = 21; #ifdef PCAP_FDDIPAD off_nl += pcap_fddipad; #endif return; case DLT_IEEE802: off_linktype = 20; off_nl = 22; return; case DLT_ATM_RFC1483: /* * assume routed, non-ISO PDUs * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) */ off_linktype = 6; off_nl = 8; return; case DLT_RAW: off_linktype = -1; off_nl = 0; return; } bpf_error("unknown data link type 0x%x", linktype); /* NOTREACHED */ } static struct block * gen_uncond(rsense) int rsense; { struct block *b; struct slist *s; s = new_stmt(BPF_LD|BPF_IMM); s->s.k = !rsense; b = new_block(JMP(BPF_JEQ)); b->stmts = s; return b; } static inline struct block * gen_true() { return gen_uncond(1); } static inline struct block * gen_false() { return gen_uncond(0); } static struct block * gen_linktype(proto) register int proto; { struct block *b0, *b1; /* If we're not using encapsulation and checking for IP, we're done */ if (off_linktype == -1 && proto == ETHERTYPE_IP) return gen_true(); switch (linktype) { case DLT_SLIP: return gen_false(); case DLT_PPP: if (proto == ETHERTYPE_IP) proto = PPP_IP; /* XXX was 0x21 */ break; case DLT_PPP_BSDOS: switch (proto) { case ETHERTYPE_IP: b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); gen_or(b0, b1); b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); gen_or(b1, b0); return b0; case ETHERTYPE_DN: proto = PPP_DECNET; break; case ETHERTYPE_ATALK: proto = PPP_APPLE; break; case ETHERTYPE_NS: proto = PPP_NS; break; } break; case DLT_NULL: /* XXX */ if (proto == ETHERTYPE_IP) return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); else return gen_false(); } return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); } static struct block * gen_hostop(addr, mask, dir, proto, src_off, dst_off) bpf_u_int32 addr; bpf_u_int32 mask; int dir, proto; u_int src_off, dst_off; { struct block *b0, *b1; u_int offset; switch (dir) { case Q_SRC: offset = src_off; break; case Q_DST: offset = dst_off; break; case Q_AND: b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); gen_and(b0, b1); return b1; case Q_OR: case Q_DEFAULT: b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); gen_or(b0, b1); return b1; default: abort(); } b0 = gen_linktype(proto); b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); gen_and(b0, b1); return b1; } static struct block * gen_ehostop(eaddr, dir) register const u_char *eaddr; register int dir; { register struct block *b0, *b1; switch (dir) { case Q_SRC: return gen_bcmp(6, 6, eaddr); case Q_DST: return gen_bcmp(0, 6, eaddr); case Q_AND: b0 = gen_ehostop(eaddr, Q_SRC); b1 = gen_ehostop(eaddr, Q_DST); gen_and(b0, b1); return b1; case Q_DEFAULT: case Q_OR: b0 = gen_ehostop(eaddr, Q_SRC); b1 = gen_ehostop(eaddr, Q_DST); gen_or(b0, b1); return b1; } abort(); /* NOTREACHED */ } /* * Like gen_ehostop, but for DLT_FDDI */ static struct block * gen_fhostop(eaddr, dir) register const u_char *eaddr; register int dir; { struct block *b0, *b1; switch (dir) { case Q_SRC: #ifdef PCAP_FDDIPAD return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); #else return gen_bcmp(6 + 1, 6, eaddr); #endif case Q_DST: #ifdef PCAP_FDDIPAD return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); #else return gen_bcmp(0 + 1, 6, eaddr); #endif case Q_AND: b0 = gen_fhostop(eaddr, Q_SRC); b1 = gen_fhostop(eaddr, Q_DST); gen_and(b0, b1); return b1; case Q_DEFAULT: case Q_OR: b0 = gen_fhostop(eaddr, Q_SRC); b1 = gen_fhostop(eaddr, Q_DST); gen_or(b0, b1); return b1; } abort(); /* NOTREACHED */ } /* * This is quite tricky because there may be pad bytes in front of the * DECNET header, and then there are two possible data packet formats that * carry both src and dst addresses, plus 5 packet types in a format that * carries only the src node, plus 2 types that use a different format and * also carry just the src node. * * Yuck. * * Instead of doing those all right, we just look for data packets with * 0 or 1 bytes of padding. If you want to look at other packets, that * will require a lot more hacking. * * To add support for filtering on DECNET "areas" (network numbers) * one would want to add a "mask" argument to this routine. That would * make the filter even more inefficient, although one could be clever * and not generate masking instructions if the mask is 0xFFFF. */ static struct block * gen_dnhostop(addr, dir, base_off) bpf_u_int32 addr; int dir; u_int base_off; { struct block *b0, *b1, *b2, *tmp; u_int offset_lh; /* offset if long header is received */ u_int offset_sh; /* offset if short header is received */ switch (dir) { case Q_DST: offset_sh = 1; /* follows flags */ offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ break; case Q_SRC: offset_sh = 3; /* follows flags, dstnode */ offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ break; case Q_AND: /* Inefficient because we do our Calvinball dance twice */ b0 = gen_dnhostop(addr, Q_SRC, base_off); b1 = gen_dnhostop(addr, Q_DST, base_off); gen_and(b0, b1); return b1; case Q_OR: case Q_DEFAULT: /* Inefficient because we do our Calvinball dance twice */ b0 = gen_dnhostop(addr, Q_SRC, base_off); b1 = gen_dnhostop(addr, Q_DST, base_off); gen_or(b0, b1); return b1; default: abort(); } b0 = gen_linktype(ETHERTYPE_DN); /* Check for pad = 1, long header case */ tmp = gen_mcmp(base_off + 2, BPF_H, (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); b1 = gen_cmp(base_off + 2 + 1 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); gen_and(tmp, b1); /* Check for pad = 0, long header case */ tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); gen_and(tmp, b2); gen_or(b2, b1); /* Check for pad = 1, short header case */ tmp = gen_mcmp(base_off + 2, BPF_H, (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); b2 = gen_cmp(base_off + 2 + 1 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); gen_and(tmp, b2); gen_or(b2, b1); /* Check for pad = 0, short header case */ tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); gen_and(tmp, b2); gen_or(b2, b1); /* Combine with test for linktype */ gen_and(b0, b1); return b1; } static struct block * gen_host(addr, mask, proto, dir) bpf_u_int32 addr; bpf_u_int32 mask; int proto; int dir; { struct block *b0, *b1; switch (proto) { case Q_DEFAULT: b0 = gen_host(addr, mask, Q_IP, dir); b1 = gen_host(addr, mask, Q_ARP, dir); gen_or(b0, b1); b0 = gen_host(addr, mask, Q_RARP, dir); gen_or(b1, b0); return b0; case Q_IP: return gen_hostop(addr, mask, dir, ETHERTYPE_IP, off_nl + 12, off_nl + 16); case Q_RARP: return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, off_nl + 14, off_nl + 24); case Q_ARP: return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, off_nl + 14, off_nl + 24); case Q_TCP: bpf_error("'tcp' modifier applied to host"); case Q_UDP: bpf_error("'udp' modifier applied to host"); case Q_ICMP: bpf_error("'icmp' modifier applied to host"); case Q_IGMP: bpf_error("'igmp' modifier applied to host"); case Q_IGRP: bpf_error("'igrp' modifier applied to host"); case Q_ATALK: bpf_error("ATALK host filtering not implemented"); case Q_DECNET: return gen_dnhostop(addr, dir, off_nl); case Q_SCA: bpf_error("SCA host filtering not implemented"); case Q_LAT: bpf_error("LAT host filtering not implemented"); case Q_MOPDL: bpf_error("MOPDL host filtering not implemented"); case Q_MOPRC: bpf_error("MOPRC host filtering not implemented"); default: abort(); } /* NOTREACHED */ } static struct block * gen_gateway(eaddr, alist, proto, dir) const u_char *eaddr; bpf_u_int32 **alist; int proto; int dir; { struct block *b0, *b1, *tmp; if (dir != 0) bpf_error("direction applied to 'gateway'"); switch (proto) { case Q_DEFAULT: case Q_IP: case Q_ARP: case Q_RARP: if (linktype == DLT_EN10MB) b0 = gen_ehostop(eaddr, Q_OR); else if (linktype == DLT_FDDI) b0 = gen_fhostop(eaddr, Q_OR); else bpf_error( "'gateway' supported only on ethernet or FDDI"); b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); while (*alist) { tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); gen_or(b1, tmp); b1 = tmp; } gen_not(b1); gen_and(b0, b1); return b1; } bpf_error("illegal modifier of 'gateway'"); /* NOTREACHED */ } struct block * gen_proto_abbrev(proto) int proto; { struct block *b0, *b1; switch (proto) { case Q_TCP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)IPPROTO_TCP); gen_and(b0, b1); break; case Q_UDP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)IPPROTO_UDP); gen_and(b0, b1); break; case Q_ICMP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)IPPROTO_ICMP); gen_and(b0, b1); break; case Q_IGMP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)2); gen_and(b0, b1); break; #ifndef IPPROTO_IGRP #define IPPROTO_IGRP 9 #endif case Q_IGRP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 9, BPF_B, (long)IPPROTO_IGRP); gen_and(b0, b1); break; case Q_IP: b1 = gen_linktype(ETHERTYPE_IP); break; case Q_ARP: b1 = gen_linktype(ETHERTYPE_ARP); break; case Q_RARP: b1 = gen_linktype(ETHERTYPE_REVARP); break; case Q_LINK: bpf_error("link layer applied in wrong context"); case Q_ATALK: b1 = gen_linktype(ETHERTYPE_ATALK); break; case Q_DECNET: b1 = gen_linktype(ETHERTYPE_DN); break; case Q_SCA: b1 = gen_linktype(ETHERTYPE_SCA); break; case Q_LAT: b1 = gen_linktype(ETHERTYPE_LAT); break; case Q_MOPDL: b1 = gen_linktype(ETHERTYPE_MOPDL); break; case Q_MOPRC: b1 = gen_linktype(ETHERTYPE_MOPRC); break; default: abort(); } return b1; } static struct block * gen_ipfrag() { struct slist *s; struct block *b; /* not ip frag */ s = new_stmt(BPF_LD|BPF_H|BPF_ABS); s->s.k = off_nl + 6; b = new_block(JMP(BPF_JSET)); b->s.k = 0x1fff; b->stmts = s; gen_not(b); return b; } static struct block * gen_portatom(off, v) int off; bpf_int32 v; { struct slist *s; struct block *b; s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); s->s.k = off_nl; s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); s->next->s.k = off_nl + off; b = new_block(JMP(BPF_JEQ)); b->stmts = s; b->s.k = v; return b; } struct block * gen_portop(port, proto, dir) int port, proto, dir; { struct block *b0, *b1, *tmp; /* ip proto 'proto' */ tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); b0 = gen_ipfrag(); gen_and(tmp, b0); switch (dir) { case Q_SRC: b1 = gen_portatom(0, (bpf_int32)port); break; case Q_DST: b1 = gen_portatom(2, (bpf_int32)port); break; case Q_OR: case Q_DEFAULT: tmp = gen_portatom(0, (bpf_int32)port); b1 = gen_portatom(2, (bpf_int32)port); gen_or(tmp, b1); break; case Q_AND: tmp = gen_portatom(0, (bpf_int32)port); b1 = gen_portatom(2, (bpf_int32)port); gen_and(tmp, b1); break; default: abort(); } gen_and(b0, b1); return b1; } static struct block * gen_port(port, ip_proto, dir) int port; int ip_proto; int dir; { struct block *b0, *b1, *tmp; /* ether proto ip */ b0 = gen_linktype(ETHERTYPE_IP); switch (ip_proto) { case IPPROTO_UDP: case IPPROTO_TCP: b1 = gen_portop(port, ip_proto, dir); break; case PROTO_UNDEF: tmp = gen_portop(port, IPPROTO_TCP, dir); b1 = gen_portop(port, IPPROTO_UDP, dir); gen_or(tmp, b1); break; default: abort(); } gen_and(b0, b1); return b1; } static int lookup_proto(name, proto) register const char *name; register int proto; { register int v; switch (proto) { case Q_DEFAULT: case Q_IP: v = pcap_nametoproto(name); if (v == PROTO_UNDEF) bpf_error("unknown ip proto '%s'", name); break; case Q_LINK: /* XXX should look up h/w protocol type based on linktype */ v = pcap_nametoeproto(name); if (v == PROTO_UNDEF) bpf_error("unknown ether proto '%s'", name); break; default: v = PROTO_UNDEF; break; } return v; } static struct block * gen_proto(v, proto, dir) int v; int proto; int dir; { struct block *b0, *b1; if (dir != Q_DEFAULT) bpf_error("direction applied to 'proto'"); switch (proto) { case Q_DEFAULT: case Q_IP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); gen_and(b0, b1); return b1; case Q_ARP: bpf_error("arp does not encapsulate another protocol"); /* NOTREACHED */ case Q_RARP: bpf_error("rarp does not encapsulate another protocol"); /* NOTREACHED */ case Q_ATALK: bpf_error("atalk encapsulation is not specifiable"); /* NOTREACHED */ case Q_DECNET: bpf_error("decnet encapsulation is not specifiable"); /* NOTREACHED */ case Q_SCA: bpf_error("sca does not encapsulate another protocol"); /* NOTREACHED */ case Q_LAT: bpf_error("lat does not encapsulate another protocol"); /* NOTREACHED */ case Q_MOPRC: bpf_error("moprc does not encapsulate another protocol"); /* NOTREACHED */ case Q_MOPDL: bpf_error("mopdl does not encapsulate another protocol"); /* NOTREACHED */ case Q_LINK: return gen_linktype(v); case Q_UDP: bpf_error("'udp proto' is bogus"); /* NOTREACHED */ case Q_TCP: bpf_error("'tcp proto' is bogus"); /* NOTREACHED */ case Q_ICMP: bpf_error("'icmp proto' is bogus"); /* NOTREACHED */ case Q_IGMP: bpf_error("'igmp proto' is bogus"); /* NOTREACHED */ case Q_IGRP: bpf_error("'igrp proto' is bogus"); /* NOTREACHED */ default: abort(); /* NOTREACHED */ } /* NOTREACHED */ } struct block * gen_scode(name, q) register const char *name; struct qual q; { int proto = q.proto; int dir = q.dir; int tproto; u_char *eaddr; bpf_u_int32 mask, addr, **alist; struct block *b, *tmp; int port, real_proto; switch (q.addr) { case Q_NET: addr = pcap_nametonetaddr(name); if (addr == 0) bpf_error("unknown network '%s'", name); /* Left justify network addr and calculate its network mask */ mask = 0xffffffff; while (addr && (addr & 0xff000000) == 0) { addr <<= 8; mask <<= 8; } return gen_host(addr, mask, proto, dir); case Q_DEFAULT: case Q_HOST: if (proto == Q_LINK) { switch (linktype) { case DLT_EN10MB: eaddr = pcap_ether_hostton(name); if (eaddr == NULL) bpf_error( "unknown ether host '%s'", name); return gen_ehostop(eaddr, dir); case DLT_FDDI: eaddr = pcap_ether_hostton(name); if (eaddr == NULL) bpf_error( "unknown FDDI host '%s'", name); return gen_fhostop(eaddr, dir); default: bpf_error( "only ethernet/FDDI supports link-level host name"); break; } } else if (proto == Q_DECNET) { unsigned short dn_addr = __pcap_nametodnaddr(name); /* * I don't think DECNET hosts can be multihomed, so * there is no need to build up a list of addresses */ return (gen_host(dn_addr, 0, proto, dir)); } else { alist = pcap_nametoaddr(name); if (alist == NULL || *alist == NULL) bpf_error("unknown host '%s'", name); tproto = proto; if (off_linktype == -1 && tproto == Q_DEFAULT) tproto = Q_IP; b = gen_host(**alist++, 0xffffffff, tproto, dir); while (*alist) { tmp = gen_host(**alist++, 0xffffffff, tproto, dir); gen_or(b, tmp); b = tmp; } return b; } case Q_PORT: if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) bpf_error("illegal qualifier of 'port'"); if (pcap_nametoport(name, &port, &real_proto) == 0) bpf_error("unknown port '%s'", name); if (proto == Q_UDP) { if (real_proto == IPPROTO_TCP) bpf_error("port '%s' is tcp", name); else /* override PROTO_UNDEF */ real_proto = IPPROTO_UDP; } if (proto == Q_TCP) { if (real_proto == IPPROTO_UDP) bpf_error("port '%s' is udp", name); else /* override PROTO_UNDEF */ real_proto = IPPROTO_TCP; } return gen_port(port, real_proto, dir); case Q_GATEWAY: eaddr = pcap_ether_hostton(name); if (eaddr == NULL) bpf_error("unknown ether host: %s", name); alist = pcap_nametoaddr(name); if (alist == NULL || *alist == NULL) bpf_error("unknown host '%s'", name); return gen_gateway(eaddr, alist, proto, dir); case Q_PROTO: real_proto = lookup_proto(name, proto); if (real_proto >= 0) return gen_proto(real_proto, proto, dir); else bpf_error("unknown protocol: %s", name); case Q_UNDEF: syntax(); /* NOTREACHED */ } abort(); /* NOTREACHED */ } struct block * gen_mcode(s1, s2, masklen, q) register const char *s1, *s2; register int masklen; struct qual q; { register int nlen, mlen; bpf_u_int32 n, m; nlen = __pcap_atoin(s1, &n); /* Promote short ipaddr */ n <<= 32 - nlen; if (s2 != NULL) { mlen = __pcap_atoin(s2, &m); /* Promote short ipaddr */ m <<= 32 - mlen; } else { /* Convert mask len to mask */ if (masklen > 32) bpf_error("mask length must be <= 32"); m = 0xffffffff << (32 - masklen); } switch (q.addr) { case Q_NET: return gen_host(n, m, q.proto, q.dir); default: bpf_error("Mask syntax for networks only"); /* NOTREACHED */ } } struct block * gen_ncode(s, v, q) register const char *s; bpf_u_int32 v; struct qual q; { bpf_u_int32 mask; int proto = q.proto; int dir = q.dir; register int vlen; if (s == NULL) vlen = 32; else if (q.proto == Q_DECNET) vlen = __pcap_atodn(s, &v); else vlen = __pcap_atoin(s, &v); switch (q.addr) { case Q_DEFAULT: case Q_HOST: case Q_NET: if (proto == Q_DECNET) return gen_host(v, 0, proto, dir); else if (proto == Q_LINK) { bpf_error("illegal link layer address"); } else { mask = 0xffffffff; if (s == NULL && q.addr == Q_NET) { /* Promote short net number */ while (v && (v & 0xff000000) == 0) { v <<= 8; mask <<= 8; } } else { /* Promote short ipaddr */ v <<= 32 - vlen; mask <<= 32 - vlen; } return gen_host(v, mask, proto, dir); } case Q_PORT: if (proto == Q_UDP) proto = IPPROTO_UDP; else if (proto == Q_TCP) proto = IPPROTO_TCP; else if (proto == Q_DEFAULT) proto = PROTO_UNDEF; else bpf_error("illegal qualifier of 'port'"); return gen_port((int)v, proto, dir); case Q_GATEWAY: bpf_error("'gateway' requires a name"); /* NOTREACHED */ case Q_PROTO: return gen_proto((int)v, proto, dir); case Q_UNDEF: syntax(); /* NOTREACHED */ default: abort(); /* NOTREACHED */ } /* NOTREACHED */ } struct block * gen_ecode(eaddr, q) register const u_char *eaddr; struct qual q; { if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { if (linktype == DLT_EN10MB) return gen_ehostop(eaddr, (int)q.dir); if (linktype == DLT_FDDI) return gen_fhostop(eaddr, (int)q.dir); } bpf_error("ethernet address used in non-ether expression"); /* NOTREACHED */ } void sappend(s0, s1) struct slist *s0, *s1; { /* * This is definitely not the best way to do this, but the * lists will rarely get long. */ while (s0->next) s0 = s0->next; s0->next = s1; } static struct slist * xfer_to_x(a) struct arth *a; { struct slist *s; s = new_stmt(BPF_LDX|BPF_MEM); s->s.k = a->regno; return s; } static struct slist * xfer_to_a(a) struct arth *a; { struct slist *s; s = new_stmt(BPF_LD|BPF_MEM); s->s.k = a->regno; return s; } struct arth * gen_load(proto, index, size) int proto; struct arth *index; int size; { struct slist *s, *tmp; struct block *b; int regno = alloc_reg(); free_reg(index->regno); switch (size) { default: bpf_error("data size must be 1, 2, or 4"); case 1: size = BPF_B; break; case 2: size = BPF_H; break; case 4: size = BPF_W; break; } switch (proto) { default: bpf_error("unsupported index operation"); case Q_LINK: s = xfer_to_x(index); tmp = new_stmt(BPF_LD|BPF_IND|size); sappend(s, tmp); sappend(index->s, s); break; case Q_IP: case Q_ARP: case Q_RARP: case Q_ATALK: case Q_DECNET: case Q_SCA: case Q_LAT: case Q_MOPRC: case Q_MOPDL: /* XXX Note that we assume a fixed link link header here. */ s = xfer_to_x(index); tmp = new_stmt(BPF_LD|BPF_IND|size); tmp->s.k = off_nl; sappend(s, tmp); sappend(index->s, s); b = gen_proto_abbrev(proto); if (index->b) gen_and(index->b, b); index->b = b; break; case Q_TCP: case Q_UDP: case Q_ICMP: case Q_IGMP: case Q_IGRP: s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); s->s.k = off_nl; sappend(s, xfer_to_a(index)); sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); sappend(s, new_stmt(BPF_MISC|BPF_TAX)); sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); tmp->s.k = off_nl; sappend(index->s, s); gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); if (index->b) gen_and(index->b, b); index->b = b; break; } index->regno = regno; s = new_stmt(BPF_ST); s->s.k = regno; sappend(index->s, s); return index; } struct block * gen_relation(code, a0, a1, reversed) int code; struct arth *a0, *a1; int reversed; { struct slist *s0, *s1, *s2; struct block *b, *tmp; s0 = xfer_to_x(a1); s1 = xfer_to_a(a0); s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); b = new_block(JMP(code)); if (code == BPF_JGT || code == BPF_JGE) { reversed = !reversed; b->s.k = 0x80000000; } if (reversed) gen_not(b); sappend(s1, s2); sappend(s0, s1); sappend(a1->s, s0); sappend(a0->s, a1->s); b->stmts = a0->s; free_reg(a0->regno); free_reg(a1->regno); /* 'and' together protocol checks */ if (a0->b) { if (a1->b) { gen_and(a0->b, tmp = a1->b); } else tmp = a0->b; } else tmp = a1->b; if (tmp) gen_and(tmp, b); return b; } struct arth * gen_loadlen() { int regno = alloc_reg(); struct arth *a = (struct arth *)newchunk(sizeof(*a)); struct slist *s; s = new_stmt(BPF_LD|BPF_LEN); s->next = new_stmt(BPF_ST); s->next->s.k = regno; a->s = s; a->regno = regno; return a; } struct arth * gen_loadi(val) int val; { struct arth *a; struct slist *s; int reg; a = (struct arth *)newchunk(sizeof(*a)); reg = alloc_reg(); s = new_stmt(BPF_LD|BPF_IMM); s->s.k = val; s->next = new_stmt(BPF_ST); s->next->s.k = reg; a->s = s; a->regno = reg; return a; } struct arth * gen_neg(a) struct arth *a; { struct slist *s; s = xfer_to_a(a); sappend(a->s, s); s = new_stmt(BPF_ALU|BPF_NEG); s->s.k = 0; sappend(a->s, s); s = new_stmt(BPF_ST); s->s.k = a->regno; sappend(a->s, s); return a; } struct arth * gen_arth(code, a0, a1) int code; struct arth *a0, *a1; { struct slist *s0, *s1, *s2; s0 = xfer_to_x(a1); s1 = xfer_to_a(a0); s2 = new_stmt(BPF_ALU|BPF_X|code); sappend(s1, s2); sappend(s0, s1); sappend(a1->s, s0); sappend(a0->s, a1->s); free_reg(a1->regno); s0 = new_stmt(BPF_ST); a0->regno = s0->s.k = alloc_reg(); sappend(a0->s, s0); return a0; } /* * Here we handle simple allocation of the scratch registers. * If too many registers are alloc'd, the allocator punts. */ static int regused[BPF_MEMWORDS]; static int curreg; /* * Return the next free register. */ static int alloc_reg() { int n = BPF_MEMWORDS; while (--n >= 0) { if (regused[curreg]) curreg = (curreg + 1) % BPF_MEMWORDS; else { regused[curreg] = 1; return curreg; } } bpf_error("too many registers needed to evaluate expression"); /* NOTREACHED */ } /* * Return a register to the table so it can * be used later. */ static void free_reg(n) int n; { regused[n] = 0; } static struct block * gen_len(jmp, n) int jmp, n; { struct slist *s; struct block *b; s = new_stmt(BPF_LD|BPF_LEN); b = new_block(JMP(jmp)); b->stmts = s; b->s.k = n; return b; } struct block * gen_greater(n) int n; { return gen_len(BPF_JGE, n); } struct block * gen_less(n) int n; { struct block *b; b = gen_len(BPF_JGT, n); gen_not(b); return b; } struct block * gen_byteop(op, idx, val) int op, idx, val; { struct block *b; struct slist *s; switch (op) { default: abort(); case '=': return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); case '<': b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); b->s.code = JMP(BPF_JGE); gen_not(b); return b; case '>': b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); b->s.code = JMP(BPF_JGT); return b; case '|': s = new_stmt(BPF_ALU|BPF_OR|BPF_K); break; case '&': s = new_stmt(BPF_ALU|BPF_AND|BPF_K); break; } s->s.k = val; b = new_block(JMP(BPF_JEQ)); b->stmts = s; gen_not(b); return b; } struct block * gen_broadcast(proto) int proto; { bpf_u_int32 hostmask; struct block *b0, *b1, *b2; static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; switch (proto) { case Q_DEFAULT: case Q_LINK: if (linktype == DLT_EN10MB) return gen_ehostop(ebroadcast, Q_DST); if (linktype == DLT_FDDI) return gen_fhostop(ebroadcast, Q_DST); bpf_error("not a broadcast link"); break; case Q_IP: b0 = gen_linktype(ETHERTYPE_IP); hostmask = ~netmask; b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); b2 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)(~0 & hostmask), hostmask); gen_or(b1, b2); gen_and(b0, b2); return b2; } bpf_error("only ether/ip broadcast filters supported"); } struct block * gen_multicast(proto) int proto; { register struct block *b0, *b1; register struct slist *s; switch (proto) { case Q_DEFAULT: case Q_LINK: if (linktype == DLT_EN10MB) { /* ether[0] & 1 != 0 */ s = new_stmt(BPF_LD|BPF_B|BPF_ABS); s->s.k = 0; b0 = new_block(JMP(BPF_JSET)); b0->s.k = 1; b0->stmts = s; return b0; } if (linktype == DLT_FDDI) { /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ /* fddi[1] & 1 != 0 */ s = new_stmt(BPF_LD|BPF_B|BPF_ABS); s->s.k = 1; b0 = new_block(JMP(BPF_JSET)); b0->s.k = 1; b0->stmts = s; return b0; } /* Link not known to support multicasts */ break; case Q_IP: b0 = gen_linktype(ETHERTYPE_IP); b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); b1->s.code = JMP(BPF_JGE); gen_and(b0, b1); return b1; } bpf_error("only IP multicast filters supported on ethernet/FDDI"); } /* * generate command for inbound/outbound. It's here so we can * make it link-type specific. 'dir' = 0 implies "inbound", * = 1 implies "outbound". */ struct block * gen_inbound(dir) int dir; { register struct block *b0; b0 = gen_relation(BPF_JEQ, gen_load(Q_LINK, gen_loadi(0), 1), gen_loadi(0), dir); return (b0); } sniffit.0.3.7.beta/libpcap/gencode.h100444 1750 1750 11023 6553423606 16004 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: gencode.h,v 1.36 96/07/17 00:11:34 leres Exp $ (LBL) */ /*XXX*/ #include "gnuc.h" /* Address qualifiers. */ #define Q_HOST 1 #define Q_NET 2 #define Q_PORT 3 #define Q_GATEWAY 4 #define Q_PROTO 5 /* Protocol qualifiers. */ #define Q_LINK 1 #define Q_IP 2 #define Q_ARP 3 #define Q_RARP 4 #define Q_TCP 5 #define Q_UDP 6 #define Q_ICMP 7 #define Q_IGMP 8 #define Q_IGRP 9 #define Q_ATALK 10 #define Q_DECNET 11 #define Q_LAT 12 #define Q_SCA 13 #define Q_MOPRC 14 #define Q_MOPDL 15 /* Directional qualifiers. */ #define Q_SRC 1 #define Q_DST 2 #define Q_OR 3 #define Q_AND 4 #define Q_DEFAULT 0 #define Q_UNDEF 255 struct stmt { int code; bpf_int32 k; }; struct slist { struct stmt s; struct slist *next; }; /* * A bit vector to represent definition sets. We assume TOT_REGISTERS * is smaller than 8*sizeof(atomset). */ typedef bpf_u_int32 atomset; #define ATOMMASK(n) (1 << (n)) #define ATOMELEM(d, n) (d & ATOMMASK(n)) /* * An unbounded set. */ typedef bpf_u_int32 *uset; /* * Total number of atomic entities, including accumulator (A) and index (X). * We treat all these guys similarly during flow analysis. */ #define N_ATOMS (BPF_MEMWORDS+2) struct edge { int id; int code; uset edom; struct block *succ; struct block *pred; struct edge *next; /* link list of incoming edges for a node */ }; struct block { int id; struct slist *stmts; /* side effect stmts */ struct stmt s; /* branch stmt */ int mark; int longjt; /* jt branch requires long jump */ int longjf; /* jf branch requires long jump */ int level; int offset; int sense; struct edge et; struct edge ef; struct block *head; struct block *link; /* link field used by optimizer */ uset dom; uset closure; struct edge *in_edges; atomset def, kill; atomset in_use; atomset out_use; int oval; int val[N_ATOMS]; }; struct arth { struct block *b; /* protocol checks */ struct slist *s; /* stmt list */ int regno; /* virtual register number of result */ }; struct qual { unsigned char addr; unsigned char proto; unsigned char dir; unsigned char pad; }; struct arth *gen_loadi(int); struct arth *gen_load(int, struct arth *, int); struct arth *gen_loadlen(void); struct arth *gen_neg(struct arth *); struct arth *gen_arth(int, struct arth *, struct arth *); void gen_and(struct block *, struct block *); void gen_or(struct block *, struct block *); void gen_not(struct block *); struct block *gen_scode(const char *, struct qual); struct block *gen_ecode(const u_char *, struct qual); struct block *gen_mcode(const char *, const char *, int, struct qual); struct block *gen_ncode(const char *, bpf_u_int32, struct qual); struct block *gen_proto_abbrev(int); struct block *gen_relation(int, struct arth *, struct arth *, int); struct block *gen_less(int); struct block *gen_greater(int); struct block *gen_byteop(int, int, int); struct block *gen_broadcast(int); struct block *gen_multicast(int); struct block *gen_inbound(int); void bpf_optimize(struct block **); #if __STDC__ __dead void bpf_error(const char *, ...) __attribute__((volatile, format (printf, 1, 2))); #endif void finish_parse(struct block *); char *sdup(const char *); struct bpf_insn *icode_to_fcode(struct block *, int *); int pcap_parse(void); void lex_init(char *); void sappend(struct slist *, struct slist *); /* XXX */ #define JT(b) ((b)->et.succ) #define JF(b) ((b)->ef.succ) sniffit.0.3.7.beta/libpcap/grammar.y100444 1750 1750 16044 6553423606 16057 0ustar codercoder%{ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * */ #ifndef lint static const char rcsid[] = "@(#) $Header: grammar.y,v 1.56 96/11/02 21:54:55 leres Exp $ (LBL)"; #endif #include #include #include #if __STDC__ struct mbuf; struct rtentry; #endif #include #include #include #include #include "pcap-int.h" #include "gencode.h" #include #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #define QSET(q, p, d, a) (q).proto = (p),\ (q).dir = (d),\ (q).addr = (a) int n_errors = 0; static struct qual qerr = { Q_UNDEF, Q_UNDEF, Q_UNDEF, Q_UNDEF }; static void yyerror(char *msg) { ++n_errors; bpf_error("%s", msg); /* NOTREACHED */ } #ifndef YYBISON int yyparse(void); int pcap_parse() { return (yyparse()); } #endif %} %union { int i; bpf_u_int32 h; u_char *e; char *s; struct stmt *stmt; struct arth *a; struct { struct qual q; struct block *b; } blk; struct block *rblk; } %type expr id nid pid term rterm qid %type head %type pqual dqual aqual ndaqual %type arth narth %type byteop pname pnum relop irelop %type and or paren not null prog %type other %token DST SRC HOST GATEWAY %token NET MASK PORT LESS GREATER PROTO BYTE %token ARP RARP IP TCP UDP ICMP IGMP IGRP %token ATALK DECNET LAT SCA MOPRC MOPDL %token TK_BROADCAST TK_MULTICAST %token NUM INBOUND OUTBOUND %token LINK %token GEQ LEQ NEQ %token ID EID HID %token LSH RSH %token LEN %type ID %type EID %type HID %type NUM %left OR AND %nonassoc '!' %left '|' %left '&' %left LSH RSH %left '+' '-' %left '*' '/' %nonassoc UMINUS %% prog: null expr { finish_parse($2.b); } | null ; null: /* null */ { $$.q = qerr; } ; expr: term | expr and term { gen_and($1.b, $3.b); $$ = $3; } | expr and id { gen_and($1.b, $3.b); $$ = $3; } | expr or term { gen_or($1.b, $3.b); $$ = $3; } | expr or id { gen_or($1.b, $3.b); $$ = $3; } ; and: AND { $$ = $0; } ; or: OR { $$ = $0; } ; id: nid | pnum { $$.b = gen_ncode(NULL, (bpf_u_int32)$1, $$.q = $0.q); } | paren pid ')' { $$ = $2; } ; nid: ID { $$.b = gen_scode($1, $$.q = $0.q); } | HID '/' NUM { $$.b = gen_mcode($1, NULL, $3, $$.q = $0.q); } | HID MASK HID { $$.b = gen_mcode($1, $3, 0, $$.q = $0.q); } | HID { /* Decide how to parse HID based on proto */ $$.q = $0.q; switch ($$.q.proto) { case Q_DECNET: $$.b = gen_ncode($1, 0, $$.q); break; default: $$.b = gen_ncode($1, 0, $$.q); break; } } | EID { $$.b = gen_ecode($1, $$.q = $0.q); } | not id { gen_not($2.b); $$ = $2; } ; not: '!' { $$ = $0; } ; paren: '(' { $$ = $0; } ; pid: nid | qid and id { gen_and($1.b, $3.b); $$ = $3; } | qid or id { gen_or($1.b, $3.b); $$ = $3; } ; qid: pnum { $$.b = gen_ncode(NULL, (bpf_u_int32)$1, $$.q = $0.q); } | pid ; term: rterm | not term { gen_not($2.b); $$ = $2; } ; head: pqual dqual aqual { QSET($$.q, $1, $2, $3); } | pqual dqual { QSET($$.q, $1, $2, Q_DEFAULT); } | pqual aqual { QSET($$.q, $1, Q_DEFAULT, $2); } | pqual PROTO { QSET($$.q, $1, Q_DEFAULT, Q_PROTO); } | pqual ndaqual { QSET($$.q, $1, Q_DEFAULT, $2); } ; rterm: head id { $$ = $2; } | paren expr ')' { $$.b = $2.b; $$.q = $1.q; } | pname { $$.b = gen_proto_abbrev($1); $$.q = qerr; } | arth relop arth { $$.b = gen_relation($2, $1, $3, 0); $$.q = qerr; } | arth irelop arth { $$.b = gen_relation($2, $1, $3, 1); $$.q = qerr; } | other { $$.b = $1; $$.q = qerr; } ; /* protocol level qualifiers */ pqual: pname | { $$ = Q_DEFAULT; } ; /* 'direction' qualifiers */ dqual: SRC { $$ = Q_SRC; } | DST { $$ = Q_DST; } | SRC OR DST { $$ = Q_OR; } | DST OR SRC { $$ = Q_OR; } | SRC AND DST { $$ = Q_AND; } | DST AND SRC { $$ = Q_AND; } ; /* address type qualifiers */ aqual: HOST { $$ = Q_HOST; } | NET { $$ = Q_NET; } | PORT { $$ = Q_PORT; } ; /* non-directional address type qualifiers */ ndaqual: GATEWAY { $$ = Q_GATEWAY; } ; pname: LINK { $$ = Q_LINK; } | IP { $$ = Q_IP; } | ARP { $$ = Q_ARP; } | RARP { $$ = Q_RARP; } | TCP { $$ = Q_TCP; } | UDP { $$ = Q_UDP; } | ICMP { $$ = Q_ICMP; } | IGMP { $$ = Q_IGMP; } | IGRP { $$ = Q_IGRP; } | ATALK { $$ = Q_ATALK; } | DECNET { $$ = Q_DECNET; } | LAT { $$ = Q_LAT; } | SCA { $$ = Q_SCA; } | MOPDL { $$ = Q_MOPDL; } | MOPRC { $$ = Q_MOPRC; } ; other: pqual TK_BROADCAST { $$ = gen_broadcast($1); } | pqual TK_MULTICAST { $$ = gen_multicast($1); } | LESS NUM { $$ = gen_less($2); } | GREATER NUM { $$ = gen_greater($2); } | BYTE NUM byteop NUM { $$ = gen_byteop($3, $2, $4); } | INBOUND { $$ = gen_inbound(0); } | OUTBOUND { $$ = gen_inbound(1); } ; relop: '>' { $$ = BPF_JGT; } | GEQ { $$ = BPF_JGE; } | '=' { $$ = BPF_JEQ; } ; irelop: LEQ { $$ = BPF_JGT; } | '<' { $$ = BPF_JGE; } | NEQ { $$ = BPF_JEQ; } ; arth: pnum { $$ = gen_loadi($1); } | narth ; narth: pname '[' arth ']' { $$ = gen_load($1, $3, 1); } | pname '[' arth ':' NUM ']' { $$ = gen_load($1, $3, $5); } | arth '+' arth { $$ = gen_arth(BPF_ADD, $1, $3); } | arth '-' arth { $$ = gen_arth(BPF_SUB, $1, $3); } | arth '*' arth { $$ = gen_arth(BPF_MUL, $1, $3); } | arth '/' arth { $$ = gen_arth(BPF_DIV, $1, $3); } | arth '&' arth { $$ = gen_arth(BPF_AND, $1, $3); } | arth '|' arth { $$ = gen_arth(BPF_OR, $1, $3); } | arth LSH arth { $$ = gen_arth(BPF_LSH, $1, $3); } | arth RSH arth { $$ = gen_arth(BPF_RSH, $1, $3); } | '-' arth %prec UMINUS { $$ = gen_neg($2); } | paren narth ')' { $$ = $2; } | LEN { $$ = gen_loadlen(); } ; byteop: '&' { $$ = '&'; } | '|' { $$ = '|'; } | '<' { $$ = '<'; } | '>' { $$ = '>'; } | '=' { $$ = '='; } ; pnum: NUM | paren pnum ')' { $$ = $2; } ; %% sniffit.0.3.7.beta/libpcap/inet.c100444 1750 1750 14355 6553423606 15345 0ustar codercoder/* * Copyright (c) 1994, 1995, 1996, 1997, 1998 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: inet.c,v 1.22 98/01/30 17:29:34 leres Exp $ (LBL)"; #endif #include #include #include #include #ifdef HAVE_SYS_SOCKIO_H #include #endif #include /* concession to AIX */ #if __STDC__ struct mbuf; struct rtentry; #endif #include #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif /* Not all systems have IFF_LOOPBACK */ #ifdef IFF_LOOPBACK #define ISLOOPBACK(p) ((p)->ifr_flags & IFF_LOOPBACK) #else #define ISLOOPBACK(p) ((p)->ifr_name[0] == 'l' && (p)->ifr_name[1] == 'o' && \ (isdigit((p)->ifr_name[2]) || (p)->ifr_name[2] == '\0')) #endif /* * Return the name of a network interface attached to the system, or NULL * if none can be found. The interface must be configured up; the * lowest unit number is preferred; loopback is ignored. */ char * pcap_lookupdev(errbuf) register char *errbuf; { register int fd, minunit, n; register char *cp; register struct ifreq *ifrp, *ifend, *ifnext, *mp; struct ifconf ifc; struct ifreq ibuf[16], ifr; static char device[sizeof(ifrp->ifr_name) + 1]; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { (void)sprintf(errbuf, "socket: %s", pcap_strerror(errno)); return (NULL); } ifc.ifc_len = sizeof ibuf; ifc.ifc_buf = (caddr_t)ibuf; memset((char *)ibuf, 0, sizeof(ibuf)); if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0 || ifc.ifc_len < sizeof(struct ifreq)) { (void)sprintf(errbuf, "SIOCGIFCONF: %s", pcap_strerror(errno)); (void)close(fd); return (NULL); } ifrp = ibuf; ifend = (struct ifreq *)((char *)ibuf + ifc.ifc_len); mp = NULL; minunit = 666; for (; ifrp < ifend; ifrp = ifnext) { #ifdef HAVE_SOCKADDR_SA_LEN n = ifrp->ifr_addr.sa_len + sizeof(ifrp->ifr_name); if (n < sizeof(*ifrp)) ifnext = ifrp + 1; else ifnext = (struct ifreq *)((char *)ifrp + n); if (ifrp->ifr_addr.sa_family != AF_INET) continue; #else ifnext = ifrp + 1; #endif /* * Need a template to preserve address info that is * used below to locate the next entry. (Otherwise, * SIOCGIFFLAGS stomps over it because the requests * are returned in a union.) */ strncpy(ifr.ifr_name, ifrp->ifr_name, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) { if (errno == ENXIO) continue; (void)sprintf(errbuf, "SIOCGIFFLAGS: %.*s: %s", (int)sizeof(ifr.ifr_name), ifr.ifr_name, pcap_strerror(errno)); (void)close(fd); return (NULL); } /* Must be up and not the loopback */ if ((ifr.ifr_flags & IFF_UP) == 0 || ISLOOPBACK(&ifr)) continue; for (cp = ifrp->ifr_name; !isdigit(*cp); ++cp) continue; n = atoi(cp); if (n < minunit) { minunit = n; mp = ifrp; } } (void)close(fd); if (mp == NULL) { (void)strcpy(errbuf, "no suitable device found"); return (NULL); } (void)strncpy(device, mp->ifr_name, sizeof(device) - 1); device[sizeof(device) - 1] = '\0'; return (device); } int pcap_lookupnet(device, netp, maskp, errbuf) register char *device; register bpf_u_int32 *netp, *maskp; register char *errbuf; { register int fd; register struct sockaddr_in *sin; struct ifreq ifr; fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { (void)sprintf(errbuf, "socket: %s", pcap_strerror(errno)); return (-1); } memset(&ifr, 0, sizeof(ifr)); #ifdef linux /* XXX Work around Linux kernel bug */ ifr.ifr_addr.sa_family = AF_INET; #endif (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { (void)sprintf(errbuf, "SIOCGIFADDR: %s: %s", device, pcap_strerror(errno)); (void)close(fd); return (-1); } sin = (struct sockaddr_in *)&ifr.ifr_addr; *netp = sin->sin_addr.s_addr; if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { (void)sprintf(errbuf, "SIOCGIFNETMASK: %s: %s", device, pcap_strerror(errno)); (void)close(fd); return (-1); } (void)close(fd); *maskp = sin->sin_addr.s_addr; if (*maskp == 0) { if (IN_CLASSA(*netp)) *maskp = IN_CLASSA_NET; else if (IN_CLASSB(*netp)) *maskp = IN_CLASSB_NET; else if (IN_CLASSC(*netp)) *maskp = IN_CLASSC_NET; else { (void)sprintf(errbuf, "inet class for 0x%x unknown", *netp); return (-1); } } *netp &= *maskp; return (0); } sniffit.0.3.7.beta/libpcap/install-sh100555 1750 1750 12721 6553423606 16241 0ustar codercoder#! /bin/sh # # install - install a program, script, or datafile # This comes from X11R5 (mit/util/scripts/install.sh). # # Copyright 1991 by the Massachusetts Institute of Technology # # Permission to use, copy, modify, distribute, and sell this software and its # documentation for any purpose is hereby granted without fee, provided that # the above copyright notice appear in all copies and that both that # copyright notice and this permission notice appear in supporting # documentation, and that the name of M.I.T. not be used in advertising or # publicity pertaining to distribution of the software without specific, # written prior permission. M.I.T. makes no representations about the # suitability of this software for any purpose. It is provided "as is" # without express or implied warranty. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. It can only install one file at a time, a restriction # shared with many OS's install programs. # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit="${DOITPROG-}" # put in absolute paths if you don't have them in your path; or use env. vars. mvprog="${MVPROG-mv}" cpprog="${CPPROG-cp}" chmodprog="${CHMODPROG-chmod}" chownprog="${CHOWNPROG-chown}" chgrpprog="${CHGRPPROG-chgrp}" stripprog="${STRIPPROG-strip}" rmprog="${RMPROG-rm}" mkdirprog="${MKDIRPROG-mkdir}" transformbasename="" transform_arg="" instcmd="$mvprog" chmodcmd="$chmodprog 0755" chowncmd="" chgrpcmd="" stripcmd="" rmcmd="$rmprog -f" mvcmd="$mvprog" src="" dst="" dir_arg="" while [ x"$1" != x ]; do case $1 in -c) instcmd="$cpprog" shift continue;; -d) dir_arg=true shift continue;; -m) chmodcmd="$chmodprog $2" shift shift continue;; -o) chowncmd="$chownprog $2" shift shift continue;; -g) chgrpcmd="$chgrpprog $2" shift shift continue;; -s) stripcmd="$stripprog" shift continue;; -t=*) transformarg=`echo $1 | sed 's/-t=//'` shift continue;; -b=*) transformbasename=`echo $1 | sed 's/-b=//'` shift continue;; *) if [ x"$src" = x ] then src=$1 else # this colon is to work around a 386BSD /bin/sh bug : dst=$1 fi shift continue;; esac done if [ x"$src" = x ] then echo "install: no input file specified" exit 1 else true fi if [ x"$dir_arg" != x ]; then dst=$src src="" if [ -d $dst ]; then instcmd=: else instcmd=mkdir fi else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] then true else echo "install: $src does not exist" exit 1 fi if [ x"$dst" = x ] then echo "install: no destination specified" exit 1 else true fi # If destination is a directory, append the input filename; if your system # does not like double slashes in filenames, you may need to add some logic if [ -d $dst ] then dst="$dst"/`basename $src` else true fi fi ## this sed command emulates the dirname command dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` # Make sure that the destination directory exists. # this part is taken from Noah Friedman's mkinstalldirs script # Skip lots of stat calls in the usual case. if [ ! -d "$dstdir" ]; then defaultIFS=' ' IFS="${IFS-${defaultIFS}}" oIFS="${IFS}" # Some sh's can't handle IFS=/ for some reason. IFS='%' set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` IFS="${oIFS}" pathcomp='' while [ $# -ne 0 ] ; do pathcomp="${pathcomp}${1}" shift if [ ! -d "${pathcomp}" ] ; then $mkdirprog "${pathcomp}" else true fi pathcomp="${pathcomp}/" done fi if [ x"$dir_arg" != x ] then $doit $instcmd $dst && if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi else # If we're going to rename the final executable, determine the name now. if [ x"$transformarg" = x ] then dstfile=`basename $dst` else dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename if [ x"$dstfile" = x ] then dstfile=`basename $dst` else true fi # Make a temp file name in the proper directory. dsttmp=$dstdir/#inst.$$# # Move or copy the file name to the temp name $doit $instcmd $src $dsttmp && trap "rm -f ${dsttmp}" 0 && # and set any options; do chmod last to preserve setuid bits # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $instcmd $src $dsttmp" command. if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && $doit $mvcmd $dsttmp $dstdir/$dstfile fi && exit 0 sniffit.0.3.7.beta/libpcap/lbl/ 42755 1750 1750 0 6553423606 14672 5ustar codercodersniffit.0.3.7.beta/libpcap/lbl/gnuc.h100444 1750 1750 1313 6553423606 16066 0ustar codercoder/* @(#) $Header: gnuc.h,v 1.3 95/10/09 02:47:01 leres Exp $ (LBL) */ /* Define __P() macro, if necessary */ #ifndef __P #if __STDC__ #define __P(protos) protos #else #define __P(protos) () #endif #endif /* inline foo */ #ifdef __GNUC__ #define inline __inline #else #define inline #endif /* * Handle new and old "dead" routine prototypes * * For example: * * __dead void foo(void) __attribute__((volatile)); * */ #ifdef __GNUC__ #ifndef __dead #define __dead volatile #endif #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) #ifndef __attribute__ #define __attribute__(args) #endif #endif #else #ifndef __dead #define __dead #endif #ifndef __attribute__ #define __attribute__(args) #endif #endif sniffit.0.3.7.beta/libpcap/lbl/os-solaris2.h100444 1750 1750 4174 6553423606 17317 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: os-solaris2.h,v 1.18 97/10/01 01:10:22 leres Exp $ (LBL) */ /* Prototypes missing in SunOS 5 */ int daemon(int, int); int dn_expand(const u_char *, const u_char *, const u_char *, char *, int); int dn_skipname(const u_char *, const u_char *); int flock(int, int); int getdtablesize(void); int gethostname(char *, int); int getpagesize(void); char *getusershell(void); char *getwd(char *); int iruserok(u_int, int, char *, char *); #ifdef __STDC__ struct utmp; void login(struct utmp *); #endif int logout(const char *); int res_query(const char *, int, int, u_char *, int); int setenv(const char *, const char *, int); #if defined(_STDIO_H) && defined(HAVE_SETLINEBUF) int setlinebuf(FILE *); #endif int sigblock(int); int sigsetmask(int); char *strerror(int); int snprintf(char *, size_t, const char *, ...); int strcasecmp(const char *, const char *); void unsetenv(const char *); #ifdef __STDC__ struct timeval; #endif int utimes(const char *, struct timeval *); sniffit.0.3.7.beta/libpcap/lbl/os-sunos4.h100444 1750 1750 14135 6553423606 17032 0ustar codercoder/* * Copyright (c) 1989, 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: os-sunos4.h,v 1.32 96/11/29 15:18:18 leres Exp $ (LBL) */ /* Prototypes missing in SunOS 4 */ #ifdef FILE int _filbuf(FILE *); int _flsbuf(u_char, FILE *); int fclose(FILE *); int fflush(FILE *); int fgetc(FILE *); int fprintf(FILE *, const char *, ...); int fputc(int, FILE *); int fputs(const char *, FILE *); u_int fread(void *, u_int, u_int, FILE *); int fseek(FILE *, long, int); u_int fwrite(const void *, u_int, u_int, FILE *); int pclose(FILE *); void rewind(FILE *); void setbuf(FILE *, char *); int setlinebuf(FILE *); int ungetc(int, FILE *); int vfprintf(FILE *, const char *, ...); int vprintf(const char *, ...); #endif #if __GNUC__ <= 1 int read(int, char *, u_int); int write(int, char *, u_int); #endif long a64l(const char *); #ifdef __STDC__ struct sockaddr; #endif int accept(int, struct sockaddr *, int *); int bind(int, struct sockaddr *, int); int bcmp(const void *, const void *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, int); int chroot(const char *); int close(int); void closelog(void); int connect(int, struct sockaddr *, int); char *crypt(const char *, const char *); int daemon(int, int); int fchmod(int, int); int fchown(int, int, int); void endgrent(void); void endpwent(void); void endservent(void); #ifdef __STDC__ struct ether_addr; #endif struct ether_addr *ether_aton(const char *); int flock(int, int); #ifdef __STDC__ struct stat; #endif int fstat(int, struct stat *); #ifdef __STDC__ struct statfs; #endif int fstatfs(int, struct statfs *); int fsync(int); #ifdef __STDC__ struct timeb; #endif int ftime(struct timeb *); int ftruncate(int, off_t); int getdtablesize(void); long gethostid(void); int gethostname(char *, int); int getopt(int, char * const *, const char *); int getpagesize(void); char *getpass(char *); int getpeername(int, struct sockaddr *, int *); int getpriority(int, int); #ifdef __STDC__ struct rlimit; #endif int getrlimit(int, struct rlimit *); int getsockname(int, struct sockaddr *, int *); int getsockopt(int, int, int, char *, int *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); char *getusershell(void); char *getwd(char *); int initgroups(const char *, int); int ioctl(int, int, caddr_t); int iruserok(u_long, int, char *, char *); int isatty(int); int killpg(int, int); int listen(int, int); #ifdef __STDC__ struct utmp; #endif void login(struct utmp *); int logout(const char *); off_t lseek(int, off_t, int); int lstat(const char *, struct stat *); int mkstemp(char *); char *mktemp(char *); int munmap(caddr_t, int); void openlog(const char *, int, int); void perror(const char *); int printf(const char *, ...); int puts(const char *); long random(void); int readlink(const char *, char *, int); #ifdef __STDC__ struct iovec; #endif int readv(int, struct iovec *, int); int recv(int, char *, u_int, int); int recvfrom(int, char *, u_int, int, struct sockaddr *, int *); int rename(const char *, const char *); int rcmd(char **, u_short, char *, char *, char *, int *); int rresvport(int *); int send(int, char *, u_int, int); int sendto(int, char *, u_int, int, struct sockaddr *, int); int setenv(const char *, const char *, int); int seteuid(int); int setpriority(int, int, int); int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); int setpgrp(int, int); void setpwent(void); int setrlimit(int, struct rlimit *); void setservent(int); int setsockopt(int, int, int, char *, int); int shutdown(int, int); int sigblock(int); void (*signal (int, void (*) (int))) (int); int sigpause(int); int sigsetmask(int); #ifdef __STDC__ struct sigvec; #endif int sigvec(int, struct sigvec *, struct sigvec*); int snprintf(char *, size_t, const char *, ...); int socket(int, int, int); int socketpair(int, int, int, int *); int symlink(const char *, const char *); void srandom(int); int sscanf(char *, const char *, ...); int stat(const char *, struct stat *); int statfs(char *, struct statfs *); char *strerror(int); int strcasecmp(const char *, const char *); #ifdef __STDC__ struct tm; #endif int strftime(char *, int, char *, struct tm *); int strncasecmp(const char *, const char *, int); long strtol(const char *, char **, int); void sync(void); void syslog(int, const char *, ...); int system(const char *); long tell(int); time_t time(time_t *); char *timezone(int, int); int tolower(int); int toupper(int); int truncate(char *, off_t); void unsetenv(const char *); int vfork(void); int vsprintf(char *, const char *, ...); int writev(int, struct iovec *, int); #ifdef __STDC__ struct rusage; #endif int utimes(const char *, struct timeval *); #if __GNUC__ <= 1 int wait(int *); pid_t wait3(int *, int, struct rusage *); #endif /* Ugly signal hacking */ #ifdef SIG_ERR #undef SIG_ERR #define SIG_ERR (void (*)(int))-1 #undef SIG_DFL #define SIG_DFL (void (*)(int))0 #undef SIG_IGN #define SIG_IGN (void (*)(int))1 #ifdef KERNEL #undef SIG_CATCH #define SIG_CATCH (void (*)(int))2 #endif #undef SIG_HOLD #define SIG_HOLD (void (*)(int))3 #endif sniffit.0.3.7.beta/libpcap/lbl/os-ultrix4.h100444 1750 1750 3317 6553423606 17172 0ustar codercoder/* * Copyright (c) 1990, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: os-ultrix4.h,v 1.19 96/11/29 15:33:19 leres Exp $ (LBL) */ /* Prototypes missing in Ultrix 4 */ int bcmp(const char *, const char *, u_int); void bcopy(const void *, void *, u_int); void bzero(void *, u_int); void endservent(void); int getopt(int, char * const *, const char *); #ifdef __STDC__ struct timeval; struct timezone; #endif int gettimeofday(struct timeval *, struct timezone *); int ioctl(int, int, caddr_t); int pfopen(char *, int); int setlinebuf(FILE *); int socket(int, int, int); int strcasecmp(const char *, const char *); sniffit.0.3.7.beta/libpcap/linux-include/ 42755 1750 1750 0 6553423606 16701 5ustar codercodersniffit.0.3.7.beta/libpcap/linux-include/netinet/ 42755 1750 1750 0 6553423606 20347 5ustar codercodersniffit.0.3.7.beta/libpcap/linux-include/netinet/if_ether.h100444 1750 1750 6403 6553423606 22401 0ustar codercoder/* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)if_ether.h 8.3 (Berkeley) 5/2/95 */ #include /* * Ethernet address - 6 octets */ struct ether_addr { u_char ether_addr_octet[6]; }; /* * Structure of a 10Mb/s Ethernet header. */ struct ether_header { u_char ether_dhost[6]; u_char ether_shost[6]; u_short ether_type; }; #define ETHERTYPE_PUP 0x0200 /* PUP protocol */ #define ETHERTYPE_IP 0x0800 /* IP protocol */ #define ETHERTYPE_ARP 0x0806 /* Addr. resolution protocol */ #define ETHERTYPE_REVARP 0x8035 /* reverse Addr. resolution protocol */ /* * The ETHERTYPE_NTRAILER packet types starting at ETHERTYPE_TRAIL have * (type-ETHERTYPE_TRAIL)*512 bytes of data followed * by an ETHER type (as given above) and then the (variable-length) header. */ #define ETHERTYPE_TRAIL 0x1000 /* Trailer packet */ #define ETHERTYPE_NTRAILER 16 #define ETHERMTU 1500 #define ETHERMIN (60-14) /* * Ethernet Address Resolution Protocol. * * See RFC 826 for protocol description. Structure below is adapted * to resolving internet addresses. Field names used correspond to * RFC 826. */ struct ether_arp { struct arphdr ea_hdr; /* fixed-size header */ u_char arp_sha[6]; /* sender hardware address */ u_char arp_spa[4]; /* sender protocol address */ u_char arp_tha[6]; /* target hardware address */ u_char arp_tpa[4]; /* target protocol address */ }; #define arp_hrd ea_hdr.ar_hrd #define arp_pro ea_hdr.ar_pro #define arp_hln ea_hdr.ar_hln #define arp_pln ea_hdr.ar_pln #define arp_op ea_hdr.ar_op sniffit.0.3.7.beta/libpcap/linux-include/netinet/ip_var.h100444 1750 1750 15653 6553423606 22123 0ustar codercoder/* * Copyright (c) 1982, 1986, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)ip_var.h 8.2 (Berkeley) 1/9/95 */ #include /* * Overlay for ip header used by other protocols (tcp, udp). */ struct ipovly { caddr_t ih_next, ih_prev; /* for protocol sequence q's */ u_char ih_x1; /* (unused) */ u_char ih_pr; /* protocol */ short ih_len; /* protocol length */ struct in_addr ih_src; /* source internet address */ struct in_addr ih_dst; /* destination internet address */ }; /* * Ip reassembly queue structure. Each fragment * being reassembled is attached to one of these structures. * They are timed out after ipq_ttl drops to 0, and may also * be reclaimed if memory becomes tight. */ struct ipq { struct ipq *next,*prev; /* to other reass headers */ u_char ipq_ttl; /* time for reass q to live */ u_char ipq_p; /* protocol of this fragment */ u_short ipq_id; /* sequence id for reassembly */ struct ipasfrag *ipq_next,*ipq_prev; /* to ip headers of fragments */ struct in_addr ipq_src,ipq_dst; }; /* * Ip header, when holding a fragment. * * Note: ipf_next must be at same offset as ipq_next above */ struct ipasfrag { #if BYTE_ORDER == LITTLE_ENDIAN u_char ip_hl:4, ip_v:4; #endif #if BYTE_ORDER == BIG_ENDIAN u_char ip_v:4, ip_hl:4; #endif u_char ipf_mff; /* XXX overlays ip_tos: use low bit * to avoid destroying tos; * copied from (ip_off&IP_MF) */ short ip_len; u_short ip_id; short ip_off; u_char ip_ttl; u_char ip_p; u_short ip_sum; struct ipasfrag *ipf_next; /* next fragment */ struct ipasfrag *ipf_prev; /* previous fragment */ }; /* * Structure stored in mbuf in inpcb.ip_options * and passed to ip_output when ip options are in use. * The actual length of the options (including ipopt_dst) * is in m_len. */ #define MAX_IPOPTLEN 40 struct ipoption { struct in_addr ipopt_dst; /* first-hop dst if source routed */ char ipopt_list[MAX_IPOPTLEN]; /* options proper */ }; struct ipstat { n_long ips_total; /* total packets received */ n_long ips_badsum; /* checksum bad */ n_long ips_tooshort; /* packet too short */ n_long ips_toosmall; /* not enough data */ n_long ips_badhlen; /* ip header length < data size */ n_long ips_badlen; /* ip length < ip header length */ n_long ips_fragments; /* fragments received */ n_long ips_fragdropped; /* frags dropped (dups, out of space) */ n_long ips_fragtimeout; /* fragments timed out */ n_long ips_forward; /* packets forwarded */ n_long ips_cantforward; /* packets rcvd for unreachable dest */ n_long ips_redirectsent; /* packets forwarded on same net */ n_long ips_noproto; /* unknown or unsupported protocol */ n_long ips_delivered; /* datagrams delivered to upper level*/ n_long ips_localout; /* total ip packets generated here */ n_long ips_odropped; /* lost packets due to nobufs, etc. */ n_long ips_reassembled; /* total packets reassembled ok */ n_long ips_fragmented; /* datagrams sucessfully fragmented */ n_long ips_ofragments; /* output fragments created */ n_long ips_cantfrag; /* don't fragment flag was set, etc. */ n_long ips_badoptions; /* error in option processing */ n_long ips_noroute; /* packets discarded due to no route */ n_long ips_badvers; /* ip version != 4 */ n_long ips_rawout; /* total raw ip packets generated */ }; #ifdef KERNEL /* flags passed to ip_output as last parameter */ #define IP_FORWARDING 0x1 /* most of ip header exists */ #define IP_RAWOUTPUT 0x2 /* raw ip header exists */ #define IP_ROUTETOIF SO_DONTROUTE /* bypass routing tables */ #define IP_ALLOWBROADCAST SO_BROADCAST /* can send broadcast packets */ struct ipstat ipstat; struct ipq ipq; /* ip reass. queue */ u_short ip_id; /* ip packet ctr, for ids */ int ip_defttl; /* default IP ttl */ int in_control __P((struct socket *, n_long, caddr_t, struct ifnet *)); int ip_ctloutput __P((int, struct socket *, int, int, struct mbuf **)); void ip_deq __P((struct ipasfrag *)); int ip_dooptions __P((struct mbuf *)); void ip_drain __P((void)); void ip_enq __P((struct ipasfrag *, struct ipasfrag *)); void ip_forward __P((struct mbuf *, int)); void ip_freef __P((struct ipq *)); void ip_freemoptions __P((struct ip_moptions *)); int ip_getmoptions __P((int, struct ip_moptions *, struct mbuf **)); void ip_init __P((void)); int ip_mforward __P((struct mbuf *, struct ifnet *)); int ip_optcopy __P((struct ip *, struct ip *)); int ip_output __P((struct mbuf *, struct mbuf *, struct route *, int, struct ip_moptions *)); int ip_pcbopts __P((struct mbuf **, struct mbuf *)); struct ip * ip_reass __P((struct ipasfrag *, struct ipq *)); struct in_ifaddr * ip_rtaddr __P((struct in_addr)); int ip_setmoptions __P((int, struct ip_moptions **, struct mbuf *)); void ip_slowtimo __P((void)); struct mbuf * ip_srcroute __P((void)); void ip_stripoptions __P((struct mbuf *, struct mbuf *)); int ip_sysctl __P((int *, n_long, void *, size_t *, void *, size_t)); void ipintr __P((void)); int rip_ctloutput __P((int, struct socket *, int, int, struct mbuf **)); void rip_init __P((void)); void rip_input __P((struct mbuf *)); int rip_output __P((struct mbuf *, struct socket *, n_long)); int rip_usrreq __P((struct socket *, int, struct mbuf *, struct mbuf *, struct mbuf *)); #endif sniffit.0.3.7.beta/libpcap/mkdep100555 1750 1750 4456 6553423606 15251 0ustar codercoder#!/bin/sh - # # Copyright (c) 1994, 1996 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms are permitted # provided that this notice is preserved and that due credit is given # to the University of California at Berkeley. The name of the University # may not be used to endorse or promote products derived from this # software without specific prior written permission. This software # is provided ``as is'' without express or implied warranty. # # @(#)mkdep.sh 5.11 (Berkeley) 5/5/88 # PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin export PATH MAKE=Makefile # default makefile name is "Makefile" CC=cc # default C compiler is "cc" while : do case "$1" in # -c allows you to specify the C compiler -c) CC=$2 shift; shift ;; # -f allows you to select a makefile name -f) MAKE=$2 shift; shift ;; # the -p flag produces "program: program.c" style dependencies # so .o's don't get produced -p) SED='s;\.o;;' shift ;; *) break ;; esac done if [ $# = 0 ] ; then echo 'usage: mkdep [-p] [-c cc] [-f makefile] [flags] file ...' exit 1 fi if [ ! -w $MAKE ]; then echo "mkdep: no writeable file \"$MAKE\"" exit 1 fi TMP=/tmp/mkdep$$ trap 'rm -f $TMP ; exit 1' 1 2 3 13 15 cp $MAKE ${MAKE}.bak sed -e '/DO NOT DELETE THIS LINE/,$d' < $MAKE > $TMP cat << _EOF_ >> $TMP # DO NOT DELETE THIS LINE -- mkdep uses it. # DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY. _EOF_ # If your compiler doesn't have -M, add it. If you can't, the next two # lines will try and replace the "cc -M". The real problem is that this # hack can't deal with anything that requires a search path, and doesn't # even try for anything using bracket (<>) syntax. # # egrep '^#include[ ]*".*"' /dev/null $* | # sed -e 's/:[^"]*"\([^"]*\)".*/: \1/' -e 's/\.c/.o/' | # XXX this doesn't work with things like "-DDECLWAITSTATUS=union\ wait" $CC -M $* | sed " s; \./; ;g $SED" | awk '{ if ($1 != prev) { if (rec != "") print rec; rec = $0; prev = $1; } else { if (length(rec $2) > 78) { print rec; rec = $0; } else rec = rec " " $2 } } END { print rec }' >> $TMP cat << _EOF_ >> $TMP # IF YOU PUT ANYTHING HERE IT WILL GO AWAY _EOF_ # copy to preserve permissions cp $TMP $MAKE rm -f ${MAKE}.bak $TMP exit 0 sniffit.0.3.7.beta/libpcap/nametoaddr.c100444 1750 1750 16741 6553423606 16525 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Name to id translation routines used by the scanner. * These functions are not time critical. */ #ifndef lint static const char rcsid[] = "@(#) $Header: nametoaddr.c,v 1.47 97/06/13 13:16:19 leres Exp $ (LBL)"; #endif #include #include /* concession to AIX */ #include #include #if __STDC__ struct mbuf; struct rtentry; #endif #include #include #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gencode.h" #include #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #ifndef NTOHL #define NTOHL(x) (x) = ntohl(x) #define NTOHS(x) (x) = ntohs(x) #endif static inline int xdtoi(int); /* * Convert host name to internet address. * Return 0 upon failure. */ bpf_u_int32 ** pcap_nametoaddr(const char *name) { #ifndef h_addr static bpf_u_int32 *hlist[2]; #endif bpf_u_int32 **p; struct hostent *hp; if ((hp = gethostbyname(name)) != NULL) { #ifndef h_addr hlist[0] = (bpf_u_int32 *)hp->h_addr; NTOHL(hp->h_addr); return hlist; #else for (p = (bpf_u_int32 **)hp->h_addr_list; *p; ++p) NTOHL(**p); return (bpf_u_int32 **)hp->h_addr_list; #endif } else return 0; } /* * Convert net name to internet address. * Return 0 upon failure. */ bpf_u_int32 pcap_nametonetaddr(const char *name) { struct netent *np; if ((np = getnetbyname(name)) != NULL) return np->n_net; else return 0; } /* * Convert a port name to its port and protocol numbers. * We assume only TCP or UDP. * Return 0 upon failure. */ int pcap_nametoport(const char *name, int *port, int *proto) { struct servent *sp; char *other; sp = getservbyname(name, (char *)0); if (sp != NULL) { NTOHS(sp->s_port); *port = sp->s_port; *proto = pcap_nametoproto(sp->s_proto); /* * We need to check /etc/services for ambiguous entries. * If we find the ambiguous entry, and it has the * same port number, change the proto to PROTO_UNDEF * so both TCP and UDP will be checked. */ if (*proto == IPPROTO_TCP) other = "udp"; else other = "tcp"; sp = getservbyname(name, other); if (sp != 0) { NTOHS(sp->s_port); #ifdef notdef if (*port != sp->s_port) /* Can't handle ambiguous names that refer to different port numbers. */ warning("ambiguous port %s in /etc/services", name); #endif *proto = PROTO_UNDEF; } return 1; } #if defined(ultrix) || defined(__osf__) /* Special hack in case NFS isn't in /etc/services */ if (strcmp(name, "nfs") == 0) { *port = 2049; *proto = PROTO_UNDEF; return 1; } #endif return 0; } int pcap_nametoproto(const char *str) { struct protoent *p; p = getprotobyname(str); if (p != 0) return p->p_proto; else return PROTO_UNDEF; } #include "ethertype.h" struct eproto { char *s; u_short p; }; /* Static data base of ether protocol types. */ struct eproto eproto_db[] = { { "pup", ETHERTYPE_PUP }, { "xns", ETHERTYPE_NS }, { "ip", ETHERTYPE_IP }, { "arp", ETHERTYPE_ARP }, { "rarp", ETHERTYPE_REVARP }, { "sprite", ETHERTYPE_SPRITE }, { "mopdl", ETHERTYPE_MOPDL }, { "moprc", ETHERTYPE_MOPRC }, { "decnet", ETHERTYPE_DN }, { "lat", ETHERTYPE_LAT }, { "sca", ETHERTYPE_SCA }, { "lanbridge", ETHERTYPE_LANBRIDGE }, { "vexp", ETHERTYPE_VEXP }, { "vprod", ETHERTYPE_VPROD }, { "atalk", ETHERTYPE_ATALK }, { "atalkarp", ETHERTYPE_AARP }, { "loopback", ETHERTYPE_LOOPBACK }, { "decdts", ETHERTYPE_DECDTS }, { "decdns", ETHERTYPE_DECDNS }, { (char *)0, 0 } }; int pcap_nametoeproto(const char *s) { struct eproto *p = eproto_db; while (p->s != 0) { if (strcmp(p->s, s) == 0) return p->p; p += 1; } return PROTO_UNDEF; } /* Hex digit to integer. */ static inline int xdtoi(c) register int c; { if (isdigit(c)) return c - '0'; else if (islower(c)) return c - 'a' + 10; else return c - 'A' + 10; } int __pcap_atoin(const char *s, bpf_u_int32 *addr) { u_int n; int len; *addr = 0; len = 0; while (1) { n = 0; while (*s && *s != '.') n = n * 10 + *s++ - '0'; *addr <<= 8; *addr |= n & 0xff; len += 8; if (*s == '\0') return len; ++s; } /* NOTREACHED */ } int __pcap_atodn(const char *s, bpf_u_int32 *addr) { #define AREASHIFT 10 #define AREAMASK 0176000 #define NODEMASK 01777 u_int node, area; if (sscanf((char *)s, "%d.%d", &area, &node) != 2) bpf_error("malformed decnet address '%s'", s); *addr = (area << AREASHIFT) & AREAMASK; *addr |= (node & NODEMASK); return(32); } /* * Convert 's' which has the form "xx:xx:xx:xx:xx:xx" into a new * ethernet address. Assumes 's' is well formed. */ u_char * pcap_ether_aton(const char *s) { register u_char *ep, *e; register u_int d; e = ep = (u_char *)malloc(6); while (*s) { if (*s == ':') s += 1; d = xdtoi(*s++); if (isxdigit(*s)) { d <<= 4; d |= xdtoi(*s++); } *ep++ = d; } return (e); } #ifndef HAVE_ETHER_HOSTTON /* Roll our own */ u_char * pcap_ether_hostton(const char *name) { register struct pcap_etherent *ep; register u_char *ap; static FILE *fp = NULL; static init = 0; if (!init) { fp = fopen(PCAP_ETHERS_FILE, "r"); ++init; if (fp == NULL) return (NULL); } else if (fp == NULL) return (NULL); else rewind(fp); while ((ep = pcap_next_etherent(fp)) != NULL) { if (strcmp(ep->name, name) == 0) { ap = (u_char *)malloc(6); if (ap != NULL) { memcpy(ap, ep->addr, 6); return (ap); } break; } } return (NULL); } #else #ifndef sgi extern int ether_hostton(char *, struct ether_addr *); #endif /* Use the os supplied routines */ u_char * pcap_ether_hostton(const char *name) { register u_char *ap; u_char a[6]; ap = NULL; if (ether_hostton((char *)name, (struct ether_addr *)a) == 0) { ap = (u_char *)malloc(6); if (ap != NULL) memcpy((char *)ap, (char *)a, 6); } return (ap); } #endif u_short __pcap_nametodnaddr(const char *name) { #ifdef DECNETLIB struct nodeent *getnodebyname(); struct nodeent *nep; unsigned short res; nep = getnodebyname(name); if (nep == ((struct nodeent *)0)) bpf_error("unknown decnet host name '%s'\n", name); memcpy((char *)&res, (char *)nep->n_addr, sizeof(unsigned short)); return(res); #else bpf_error("decnet name support not included, '%s' cannot be translated\n", name); #endif } sniffit.0.3.7.beta/libpcap/optimize.c100444 1750 1750 117605 6553423606 16270 0ustar codercoder/* * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Optimization module for tcpdump intermediate representation. */ #ifndef lint static const char rcsid[] = "@(#) $Header: optimize.c,v 1.60 96/09/26 23:28:14 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include "pcap-int.h" #include "gencode.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #ifdef BDEBUG extern int dflag; #endif #define A_ATOM BPF_MEMWORDS #define X_ATOM (BPF_MEMWORDS+1) #define NOP -1 /* * This define is used to represent *both* the accumulator and * x register in use-def computations. * Currently, the use-def code assumes only one definition per instruction. */ #define AX_ATOM N_ATOMS /* * A flag to indicate that further optimization is needed. * Iterative passes are continued until a given pass yields no * branch movement. */ static int done; /* * A block is marked if only if its mark equals the current mark. * Rather than traverse the code array, marking each item, 'cur_mark' is * incremented. This automatically makes each element unmarked. */ static int cur_mark; #define isMarked(p) ((p)->mark == cur_mark) #define unMarkAll() cur_mark += 1 #define Mark(p) ((p)->mark = cur_mark) static void opt_init(struct block *); static void opt_cleanup(void); static void make_marks(struct block *); static void mark_code(struct block *); static void intern_blocks(struct block *); static int eq_slist(struct slist *, struct slist *); static void find_levels_r(struct block *); static void find_levels(struct block *); static void find_dom(struct block *); static void propedom(struct edge *); static void find_edom(struct block *); static void find_closure(struct block *); static int atomuse(struct stmt *); static int atomdef(struct stmt *); static void compute_local_ud(struct block *); static void find_ud(struct block *); static void init_val(void); static int F(int, int, int); static inline void vstore(struct stmt *, int *, int, int); static void opt_blk(struct block *, int); static int use_conflict(struct block *, struct block *); static void opt_j(struct edge *); static void or_pullup(struct block *); static void and_pullup(struct block *); static void opt_blks(struct block *, int); static inline void link_inedge(struct edge *, struct block *); static void find_inedges(struct block *); static void opt_root(struct block **); static void opt_loop(struct block *, int); static void fold_op(struct stmt *, int, int); static inline struct slist *this_op(struct slist *); static void opt_not(struct block *); static void opt_peep(struct block *); static void opt_stmt(struct stmt *, int[], int); static void deadstmt(struct stmt *, struct stmt *[]); static void opt_deadstores(struct block *); static void opt_blk(struct block *, int); static int use_conflict(struct block *, struct block *); static void opt_j(struct edge *); static struct block *fold_edge(struct block *, struct edge *); static inline int eq_blk(struct block *, struct block *); static int slength(struct slist *); static int count_blocks(struct block *); static void number_blks_r(struct block *); static int count_stmts(struct block *); static int convert_code_r(struct block *); #ifdef BDEBUG static void opt_dump(struct block *); #endif static int n_blocks; struct block **blocks; static int n_edges; struct edge **edges; /* * A bit vector set representation of the dominators. * We round up the set size to the next power of two. */ static int nodewords; static int edgewords; struct block **levels; bpf_u_int32 *space; #define BITS_PER_WORD (8*sizeof(bpf_u_int32)) /* * True if a is in uset {p} */ #define SET_MEMBER(p, a) \ ((p)[(unsigned)(a) / BITS_PER_WORD] & (1 << ((unsigned)(a) % BITS_PER_WORD))) /* * Add 'a' to uset p. */ #define SET_INSERT(p, a) \ (p)[(unsigned)(a) / BITS_PER_WORD] |= (1 << ((unsigned)(a) % BITS_PER_WORD)) /* * Delete 'a' from uset p. */ #define SET_DELETE(p, a) \ (p)[(unsigned)(a) / BITS_PER_WORD] &= ~(1 << ((unsigned)(a) % BITS_PER_WORD)) /* * a := a intersect b */ #define SET_INTERSECT(a, b, n)\ {\ register bpf_u_int32 *_x = a, *_y = b;\ register int _n = n;\ while (--_n >= 0) *_x++ &= *_y++;\ } /* * a := a - b */ #define SET_SUBTRACT(a, b, n)\ {\ register bpf_u_int32 *_x = a, *_y = b;\ register int _n = n;\ while (--_n >= 0) *_x++ &=~ *_y++;\ } /* * a := a union b */ #define SET_UNION(a, b, n)\ {\ register bpf_u_int32 *_x = a, *_y = b;\ register int _n = n;\ while (--_n >= 0) *_x++ |= *_y++;\ } static uset all_dom_sets; static uset all_closure_sets; static uset all_edge_sets; #ifndef MAX #define MAX(a,b) ((a)>(b)?(a):(b)) #endif static void find_levels_r(b) struct block *b; { int level; if (isMarked(b)) return; Mark(b); b->link = 0; if (JT(b)) { find_levels_r(JT(b)); find_levels_r(JF(b)); level = MAX(JT(b)->level, JF(b)->level) + 1; } else level = 0; b->level = level; b->link = levels[level]; levels[level] = b; } /* * Level graph. The levels go from 0 at the leaves to * N_LEVELS at the root. The levels[] array points to the * first node of the level list, whose elements are linked * with the 'link' field of the struct block. */ static void find_levels(root) struct block *root; { memset((char *)levels, 0, n_blocks * sizeof(*levels)); unMarkAll(); find_levels_r(root); } /* * Find dominator relationships. * Assumes graph has been leveled. */ static void find_dom(root) struct block *root; { int i; struct block *b; bpf_u_int32 *x; /* * Initialize sets to contain all nodes. */ x = all_dom_sets; i = n_blocks * nodewords; while (--i >= 0) *x++ = ~0; /* Root starts off empty. */ for (i = nodewords; --i >= 0;) root->dom[i] = 0; /* root->level is the highest level no found. */ for (i = root->level; i >= 0; --i) { for (b = levels[i]; b; b = b->link) { SET_INSERT(b->dom, b->id); if (JT(b) == 0) continue; SET_INTERSECT(JT(b)->dom, b->dom, nodewords); SET_INTERSECT(JF(b)->dom, b->dom, nodewords); } } } static void propedom(ep) struct edge *ep; { SET_INSERT(ep->edom, ep->id); if (ep->succ) { SET_INTERSECT(ep->succ->et.edom, ep->edom, edgewords); SET_INTERSECT(ep->succ->ef.edom, ep->edom, edgewords); } } /* * Compute edge dominators. * Assumes graph has been leveled and predecessors established. */ static void find_edom(root) struct block *root; { int i; uset x; struct block *b; x = all_edge_sets; for (i = n_edges * edgewords; --i >= 0; ) x[i] = ~0; /* root->level is the highest level no found. */ memset(root->et.edom, 0, edgewords * sizeof(*(uset)0)); memset(root->ef.edom, 0, edgewords * sizeof(*(uset)0)); for (i = root->level; i >= 0; --i) { for (b = levels[i]; b != 0; b = b->link) { propedom(&b->et); propedom(&b->ef); } } } /* * Find the backwards transitive closure of the flow graph. These sets * are backwards in the sense that we find the set of nodes that reach * a given node, not the set of nodes that can be reached by a node. * * Assumes graph has been leveled. */ static void find_closure(root) struct block *root; { int i; struct block *b; /* * Initialize sets to contain no nodes. */ memset((char *)all_closure_sets, 0, n_blocks * nodewords * sizeof(*all_closure_sets)); /* root->level is the highest level no found. */ for (i = root->level; i >= 0; --i) { for (b = levels[i]; b; b = b->link) { SET_INSERT(b->closure, b->id); if (JT(b) == 0) continue; SET_UNION(JT(b)->closure, b->closure, nodewords); SET_UNION(JF(b)->closure, b->closure, nodewords); } } } /* * Return the register number that is used by s. If A and X are both * used, return AX_ATOM. If no register is used, return -1. * * The implementation should probably change to an array access. */ static int atomuse(s) struct stmt *s; { register int c = s->code; if (c == NOP) return -1; switch (BPF_CLASS(c)) { case BPF_RET: return (BPF_RVAL(c) == BPF_A) ? A_ATOM : (BPF_RVAL(c) == BPF_X) ? X_ATOM : -1; case BPF_LD: case BPF_LDX: return (BPF_MODE(c) == BPF_IND) ? X_ATOM : (BPF_MODE(c) == BPF_MEM) ? s->k : -1; case BPF_ST: return A_ATOM; case BPF_STX: return X_ATOM; case BPF_JMP: case BPF_ALU: if (BPF_SRC(c) == BPF_X) return AX_ATOM; return A_ATOM; case BPF_MISC: return BPF_MISCOP(c) == BPF_TXA ? X_ATOM : A_ATOM; } abort(); /* NOTREACHED */ } /* * Return the register number that is defined by 's'. We assume that * a single stmt cannot define more than one register. If no register * is defined, return -1. * * The implementation should probably change to an array access. */ static int atomdef(s) struct stmt *s; { if (s->code == NOP) return -1; switch (BPF_CLASS(s->code)) { case BPF_LD: case BPF_ALU: return A_ATOM; case BPF_LDX: return X_ATOM; case BPF_ST: case BPF_STX: return s->k; case BPF_MISC: return BPF_MISCOP(s->code) == BPF_TAX ? X_ATOM : A_ATOM; } return -1; } static void compute_local_ud(b) struct block *b; { struct slist *s; atomset def = 0, use = 0, kill = 0; int atom; for (s = b->stmts; s; s = s->next) { if (s->s.code == NOP) continue; atom = atomuse(&s->s); if (atom >= 0) { if (atom == AX_ATOM) { if (!ATOMELEM(def, X_ATOM)) use |= ATOMMASK(X_ATOM); if (!ATOMELEM(def, A_ATOM)) use |= ATOMMASK(A_ATOM); } else if (atom < N_ATOMS) { if (!ATOMELEM(def, atom)) use |= ATOMMASK(atom); } else abort(); } atom = atomdef(&s->s); if (atom >= 0) { if (!ATOMELEM(use, atom)) kill |= ATOMMASK(atom); def |= ATOMMASK(atom); } } if (!ATOMELEM(def, A_ATOM) && BPF_CLASS(b->s.code) == BPF_JMP) use |= ATOMMASK(A_ATOM); b->def = def; b->kill = kill; b->in_use = use; } /* * Assume graph is already leveled. */ static void find_ud(root) struct block *root; { int i, maxlevel; struct block *p; /* * root->level is the highest level no found; * count down from there. */ maxlevel = root->level; for (i = maxlevel; i >= 0; --i) for (p = levels[i]; p; p = p->link) { compute_local_ud(p); p->out_use = 0; } for (i = 1; i <= maxlevel; ++i) { for (p = levels[i]; p; p = p->link) { p->out_use |= JT(p)->in_use | JF(p)->in_use; p->in_use |= p->out_use &~ p->kill; } } } /* * These data structures are used in a Cocke and Shwarz style * value numbering scheme. Since the flowgraph is acyclic, * exit values can be propagated from a node's predecessors * provided it is uniquely defined. */ struct valnode { int code; int v0, v1; int val; struct valnode *next; }; #define MODULUS 213 static struct valnode *hashtbl[MODULUS]; static int curval; static int maxval; /* Integer constants mapped with the load immediate opcode. */ #define K(i) F(BPF_LD|BPF_IMM|BPF_W, i, 0L) struct vmapinfo { int is_const; bpf_int32 const_val; }; struct vmapinfo *vmap; struct valnode *vnode_base; struct valnode *next_vnode; static void init_val() { curval = 0; next_vnode = vnode_base; memset((char *)vmap, 0, maxval * sizeof(*vmap)); memset((char *)hashtbl, 0, sizeof hashtbl); } /* Because we really don't have an IR, this stuff is a little messy. */ static int F(code, v0, v1) int code; int v0, v1; { u_int hash; int val; struct valnode *p; hash = (u_int)code ^ (v0 << 4) ^ (v1 << 8); hash %= MODULUS; for (p = hashtbl[hash]; p; p = p->next) if (p->code == code && p->v0 == v0 && p->v1 == v1) return p->val; val = ++curval; if (BPF_MODE(code) == BPF_IMM && (BPF_CLASS(code) == BPF_LD || BPF_CLASS(code) == BPF_LDX)) { vmap[val].const_val = v0; vmap[val].is_const = 1; } p = next_vnode++; p->val = val; p->code = code; p->v0 = v0; p->v1 = v1; p->next = hashtbl[hash]; hashtbl[hash] = p; return val; } static inline void vstore(s, valp, newval, alter) struct stmt *s; int *valp; int newval; int alter; { if (alter && *valp == newval) s->code = NOP; else *valp = newval; } static void fold_op(s, v0, v1) struct stmt *s; int v0, v1; { bpf_int32 a, b; a = vmap[v0].const_val; b = vmap[v1].const_val; switch (BPF_OP(s->code)) { case BPF_ADD: a += b; break; case BPF_SUB: a -= b; break; case BPF_MUL: a *= b; break; case BPF_DIV: if (b == 0) bpf_error("division by zero"); a /= b; break; case BPF_AND: a &= b; break; case BPF_OR: a |= b; break; case BPF_LSH: a <<= b; break; case BPF_RSH: a >>= b; break; case BPF_NEG: a = -a; break; default: abort(); } s->k = a; s->code = BPF_LD|BPF_IMM; done = 0; } static inline struct slist * this_op(s) struct slist *s; { while (s != 0 && s->s.code == NOP) s = s->next; return s; } static void opt_not(b) struct block *b; { struct block *tmp = JT(b); JT(b) = JF(b); JF(b) = tmp; } static void opt_peep(b) struct block *b; { struct slist *s; struct slist *next, *last; int val; s = b->stmts; if (s == 0) return; last = s; while (1) { s = this_op(s); if (s == 0) break; next = this_op(s->next); if (next == 0) break; last = next; /* * st M[k] --> st M[k] * ldx M[k] tax */ if (s->s.code == BPF_ST && next->s.code == (BPF_LDX|BPF_MEM) && s->s.k == next->s.k) { done = 0; next->s.code = BPF_MISC|BPF_TAX; } /* * ld #k --> ldx #k * tax txa */ if (s->s.code == (BPF_LD|BPF_IMM) && next->s.code == (BPF_MISC|BPF_TAX)) { s->s.code = BPF_LDX|BPF_IMM; next->s.code = BPF_MISC|BPF_TXA; done = 0; } /* * This is an ugly special case, but it happens * when you say tcp[k] or udp[k] where k is a constant. */ if (s->s.code == (BPF_LD|BPF_IMM)) { struct slist *add, *tax, *ild; /* * Check that X isn't used on exit from this * block (which the optimizer might cause). * We know the code generator won't generate * any local dependencies. */ if (ATOMELEM(b->out_use, X_ATOM)) break; if (next->s.code != (BPF_LDX|BPF_MSH|BPF_B)) add = next; else add = this_op(next->next); if (add == 0 || add->s.code != (BPF_ALU|BPF_ADD|BPF_X)) break; tax = this_op(add->next); if (tax == 0 || tax->s.code != (BPF_MISC|BPF_TAX)) break; ild = this_op(tax->next); if (ild == 0 || BPF_CLASS(ild->s.code) != BPF_LD || BPF_MODE(ild->s.code) != BPF_IND) break; /* * XXX We need to check that X is not * subsequently used. We know we can eliminate the * accumulator modifications since it is defined * by the last stmt of this sequence. * * We want to turn this sequence: * * (004) ldi #0x2 {s} * (005) ldxms [14] {next} -- optional * (006) addx {add} * (007) tax {tax} * (008) ild [x+0] {ild} * * into this sequence: * * (004) nop * (005) ldxms [14] * (006) nop * (007) nop * (008) ild [x+2] * */ ild->s.k += s->s.k; s->s.code = NOP; add->s.code = NOP; tax->s.code = NOP; done = 0; } s = next; } /* * If we have a subtract to do a comparison, and the X register * is a known constant, we can merge this value into the * comparison. */ if (last->s.code == (BPF_ALU|BPF_SUB|BPF_X) && !ATOMELEM(b->out_use, A_ATOM)) { val = b->val[X_ATOM]; if (vmap[val].is_const) { int op; b->s.k += vmap[val].const_val; op = BPF_OP(b->s.code); if (op == BPF_JGT || op == BPF_JGE) { struct block *t = JT(b); JT(b) = JF(b); JF(b) = t; b->s.k += 0x80000000; } last->s.code = NOP; done = 0; } else if (b->s.k == 0) { /* * sub x -> nop * j #0 j x */ last->s.code = NOP; b->s.code = BPF_CLASS(b->s.code) | BPF_OP(b->s.code) | BPF_X; done = 0; } } /* * Likewise, a constant subtract can be simplified. */ else if (last->s.code == (BPF_ALU|BPF_SUB|BPF_K) && !ATOMELEM(b->out_use, A_ATOM)) { int op; b->s.k += last->s.k; last->s.code = NOP; op = BPF_OP(b->s.code); if (op == BPF_JGT || op == BPF_JGE) { struct block *t = JT(b); JT(b) = JF(b); JF(b) = t; b->s.k += 0x80000000; } done = 0; } /* * and #k nop * jeq #0 -> jset #k */ if (last->s.code == (BPF_ALU|BPF_AND|BPF_K) && !ATOMELEM(b->out_use, A_ATOM) && b->s.k == 0) { b->s.k = last->s.k; b->s.code = BPF_JMP|BPF_K|BPF_JSET; last->s.code = NOP; done = 0; opt_not(b); } /* * If the accumulator is a known constant, we can compute the * comparison result. */ val = b->val[A_ATOM]; if (vmap[val].is_const && BPF_SRC(b->s.code) == BPF_K) { bpf_int32 v = vmap[val].const_val; switch (BPF_OP(b->s.code)) { case BPF_JEQ: v = v == b->s.k; break; case BPF_JGT: v = (unsigned)v > b->s.k; break; case BPF_JGE: v = (unsigned)v >= b->s.k; break; case BPF_JSET: v &= b->s.k; break; default: abort(); } if (JF(b) != JT(b)) done = 0; if (v) JF(b) = JT(b); else JT(b) = JF(b); } } /* * Compute the symbolic value of expression of 's', and update * anything it defines in the value table 'val'. If 'alter' is true, * do various optimizations. This code would be cleaner if symbolic * evaluation and code transformations weren't folded together. */ static void opt_stmt(s, val, alter) struct stmt *s; int val[]; int alter; { int op; int v; switch (s->code) { case BPF_LD|BPF_ABS|BPF_W: case BPF_LD|BPF_ABS|BPF_H: case BPF_LD|BPF_ABS|BPF_B: v = F(s->code, s->k, 0L); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LD|BPF_IND|BPF_W: case BPF_LD|BPF_IND|BPF_H: case BPF_LD|BPF_IND|BPF_B: v = val[X_ATOM]; if (alter && vmap[v].is_const) { s->code = BPF_LD|BPF_ABS|BPF_SIZE(s->code); s->k += vmap[v].const_val; v = F(s->code, s->k, 0L); done = 0; } else v = F(s->code, s->k, v); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LD|BPF_LEN: v = F(s->code, 0L, 0L); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LD|BPF_IMM: v = K(s->k); vstore(s, &val[A_ATOM], v, alter); break; case BPF_LDX|BPF_IMM: v = K(s->k); vstore(s, &val[X_ATOM], v, alter); break; case BPF_LDX|BPF_MSH|BPF_B: v = F(s->code, s->k, 0L); vstore(s, &val[X_ATOM], v, alter); break; case BPF_ALU|BPF_NEG: if (alter && vmap[val[A_ATOM]].is_const) { s->code = BPF_LD|BPF_IMM; s->k = -vmap[val[A_ATOM]].const_val; val[A_ATOM] = K(s->k); } else val[A_ATOM] = F(s->code, val[A_ATOM], 0L); break; case BPF_ALU|BPF_ADD|BPF_K: case BPF_ALU|BPF_SUB|BPF_K: case BPF_ALU|BPF_MUL|BPF_K: case BPF_ALU|BPF_DIV|BPF_K: case BPF_ALU|BPF_AND|BPF_K: case BPF_ALU|BPF_OR|BPF_K: case BPF_ALU|BPF_LSH|BPF_K: case BPF_ALU|BPF_RSH|BPF_K: op = BPF_OP(s->code); if (alter) { if (s->k == 0) { if (op == BPF_ADD || op == BPF_SUB || op == BPF_LSH || op == BPF_RSH || op == BPF_OR) { s->code = NOP; break; } if (op == BPF_MUL || op == BPF_AND) { s->code = BPF_LD|BPF_IMM; val[A_ATOM] = K(s->k); break; } } if (vmap[val[A_ATOM]].is_const) { fold_op(s, val[A_ATOM], K(s->k)); val[A_ATOM] = K(s->k); break; } } val[A_ATOM] = F(s->code, val[A_ATOM], K(s->k)); break; case BPF_ALU|BPF_ADD|BPF_X: case BPF_ALU|BPF_SUB|BPF_X: case BPF_ALU|BPF_MUL|BPF_X: case BPF_ALU|BPF_DIV|BPF_X: case BPF_ALU|BPF_AND|BPF_X: case BPF_ALU|BPF_OR|BPF_X: case BPF_ALU|BPF_LSH|BPF_X: case BPF_ALU|BPF_RSH|BPF_X: op = BPF_OP(s->code); if (alter && vmap[val[X_ATOM]].is_const) { if (vmap[val[A_ATOM]].is_const) { fold_op(s, val[A_ATOM], val[X_ATOM]); val[A_ATOM] = K(s->k); } else { s->code = BPF_ALU|BPF_K|op; s->k = vmap[val[X_ATOM]].const_val; done = 0; val[A_ATOM] = F(s->code, val[A_ATOM], K(s->k)); } break; } /* * Check if we're doing something to an accumulator * that is 0, and simplify. This may not seem like * much of a simplification but it could open up further * optimizations. * XXX We could also check for mul by 1, and -1, etc. */ if (alter && vmap[val[A_ATOM]].is_const && vmap[val[A_ATOM]].const_val == 0) { if (op == BPF_ADD || op == BPF_OR || op == BPF_LSH || op == BPF_RSH || op == BPF_SUB) { s->code = BPF_MISC|BPF_TXA; vstore(s, &val[A_ATOM], val[X_ATOM], alter); break; } else if (op == BPF_MUL || op == BPF_DIV || op == BPF_AND) { s->code = BPF_LD|BPF_IMM; s->k = 0; vstore(s, &val[A_ATOM], K(s->k), alter); break; } else if (op == BPF_NEG) { s->code = NOP; break; } } val[A_ATOM] = F(s->code, val[A_ATOM], val[X_ATOM]); break; case BPF_MISC|BPF_TXA: vstore(s, &val[A_ATOM], val[X_ATOM], alter); break; case BPF_LD|BPF_MEM: v = val[s->k]; if (alter && vmap[v].is_const) { s->code = BPF_LD|BPF_IMM; s->k = vmap[v].const_val; done = 0; } vstore(s, &val[A_ATOM], v, alter); break; case BPF_MISC|BPF_TAX: vstore(s, &val[X_ATOM], val[A_ATOM], alter); break; case BPF_LDX|BPF_MEM: v = val[s->k]; if (alter && vmap[v].is_const) { s->code = BPF_LDX|BPF_IMM; s->k = vmap[v].const_val; done = 0; } vstore(s, &val[X_ATOM], v, alter); break; case BPF_ST: vstore(s, &val[s->k], val[A_ATOM], alter); break; case BPF_STX: vstore(s, &val[s->k], val[X_ATOM], alter); break; } } static void deadstmt(s, last) register struct stmt *s; register struct stmt *last[]; { register int atom; atom = atomuse(s); if (atom >= 0) { if (atom == AX_ATOM) { last[X_ATOM] = 0; last[A_ATOM] = 0; } else last[atom] = 0; } atom = atomdef(s); if (atom >= 0) { if (last[atom]) { done = 0; last[atom]->code = NOP; } last[atom] = s; } } static void opt_deadstores(b) register struct block *b; { register struct slist *s; register int atom; struct stmt *last[N_ATOMS]; memset((char *)last, 0, sizeof last); for (s = b->stmts; s != 0; s = s->next) deadstmt(&s->s, last); deadstmt(&b->s, last); for (atom = 0; atom < N_ATOMS; ++atom) if (last[atom] && !ATOMELEM(b->out_use, atom)) { last[atom]->code = NOP; done = 0; } } static void opt_blk(b, do_stmts) struct block *b; int do_stmts; { struct slist *s; struct edge *p; int i; bpf_int32 aval; /* * Initialize the atom values. * If we have no predecessors, everything is undefined. * Otherwise, we inherent our values from our predecessors. * If any register has an ambiguous value (i.e. control paths are * merging) give it the undefined value of 0. */ p = b->in_edges; if (p == 0) memset((char *)b->val, 0, sizeof(b->val)); else { memcpy((char *)b->val, (char *)p->pred->val, sizeof(b->val)); while ((p = p->next) != NULL) { for (i = 0; i < N_ATOMS; ++i) if (b->val[i] != p->pred->val[i]) b->val[i] = 0; } } aval = b->val[A_ATOM]; for (s = b->stmts; s; s = s->next) opt_stmt(&s->s, b->val, do_stmts); /* * This is a special case: if we don't use anything from this * block, and we load the accumulator with value that is * already there, or if this block is a return, * eliminate all the statements. */ if (do_stmts && ((b->out_use == 0 && aval != 0 &&b->val[A_ATOM] == aval) || BPF_CLASS(b->s.code) == BPF_RET)) { if (b->stmts != 0) { b->stmts = 0; done = 0; } } else { opt_peep(b); opt_deadstores(b); } /* * Set up values for branch optimizer. */ if (BPF_SRC(b->s.code) == BPF_K) b->oval = K(b->s.k); else b->oval = b->val[X_ATOM]; b->et.code = b->s.code; b->ef.code = -b->s.code; } /* * Return true if any register that is used on exit from 'succ', has * an exit value that is different from the corresponding exit value * from 'b'. */ static int use_conflict(b, succ) struct block *b, *succ; { int atom; atomset use = succ->out_use; if (use == 0) return 0; for (atom = 0; atom < N_ATOMS; ++atom) if (ATOMELEM(use, atom)) if (b->val[atom] != succ->val[atom]) return 1; return 0; } static struct block * fold_edge(child, ep) struct block *child; struct edge *ep; { int sense; int aval0, aval1, oval0, oval1; int code = ep->code; if (code < 0) { code = -code; sense = 0; } else sense = 1; if (child->s.code != code) return 0; aval0 = child->val[A_ATOM]; oval0 = child->oval; aval1 = ep->pred->val[A_ATOM]; oval1 = ep->pred->oval; if (aval0 != aval1) return 0; if (oval0 == oval1) /* * The operands are identical, so the * result is true if a true branch was * taken to get here, otherwise false. */ return sense ? JT(child) : JF(child); if (sense && code == (BPF_JMP|BPF_JEQ|BPF_K)) /* * At this point, we only know the comparison if we * came down the true branch, and it was an equality * comparison with a constant. We rely on the fact that * distinct constants have distinct value numbers. */ return JF(child); return 0; } static void opt_j(ep) struct edge *ep; { register int i, k; register struct block *target; if (JT(ep->succ) == 0) return; if (JT(ep->succ) == JF(ep->succ)) { /* * Common branch targets can be eliminated, provided * there is no data dependency. */ if (!use_conflict(ep->pred, ep->succ->et.succ)) { done = 0; ep->succ = JT(ep->succ); } } /* * For each edge dominator that matches the successor of this * edge, promote the edge successor to the its grandchild. * * XXX We violate the set abstraction here in favor a reasonably * efficient loop. */ top: for (i = 0; i < edgewords; ++i) { register bpf_u_int32 x = ep->edom[i]; while (x != 0) { k = ffs(x) - 1; x &=~ (1 << k); k += i * BITS_PER_WORD; target = fold_edge(ep->succ, edges[k]); /* * Check that there is no data dependency between * nodes that will be violated if we move the edge. */ if (target != 0 && !use_conflict(ep->pred, target)) { done = 0; ep->succ = target; if (JT(target) != 0) /* * Start over unless we hit a leaf. */ goto top; return; } } } } static void or_pullup(b) struct block *b; { int val, at_top; struct block *pull; struct block **diffp, **samep; struct edge *ep; ep = b->in_edges; if (ep == 0) return; /* * Make sure each predecessor loads the same value. * XXX why? */ val = ep->pred->val[A_ATOM]; for (ep = ep->next; ep != 0; ep = ep->next) if (val != ep->pred->val[A_ATOM]) return; if (JT(b->in_edges->pred) == b) diffp = &JT(b->in_edges->pred); else diffp = &JF(b->in_edges->pred); at_top = 1; while (1) { if (*diffp == 0) return; if (JT(*diffp) != JT(b)) return; if (!SET_MEMBER((*diffp)->dom, b->id)) return; if ((*diffp)->val[A_ATOM] != val) break; diffp = &JF(*diffp); at_top = 0; } samep = &JF(*diffp); while (1) { if (*samep == 0) return; if (JT(*samep) != JT(b)) return; if (!SET_MEMBER((*samep)->dom, b->id)) return; if ((*samep)->val[A_ATOM] == val) break; /* XXX Need to check that there are no data dependencies between dp0 and dp1. Currently, the code generator will not produce such dependencies. */ samep = &JF(*samep); } #ifdef notdef /* XXX This doesn't cover everything. */ for (i = 0; i < N_ATOMS; ++i) if ((*samep)->val[i] != pred->val[i]) return; #endif /* Pull up the node. */ pull = *samep; *samep = JF(pull); JF(pull) = *diffp; /* * At the top of the chain, each predecessor needs to point at the * pulled up node. Inside the chain, there is only one predecessor * to worry about. */ if (at_top) { for (ep = b->in_edges; ep != 0; ep = ep->next) { if (JT(ep->pred) == b) JT(ep->pred) = pull; else JF(ep->pred) = pull; } } else *diffp = pull; done = 0; } static void and_pullup(b) struct block *b; { int val, at_top; struct block *pull; struct block **diffp, **samep; struct edge *ep; ep = b->in_edges; if (ep == 0) return; /* * Make sure each predecessor loads the same value. */ val = ep->pred->val[A_ATOM]; for (ep = ep->next; ep != 0; ep = ep->next) if (val != ep->pred->val[A_ATOM]) return; if (JT(b->in_edges->pred) == b) diffp = &JT(b->in_edges->pred); else diffp = &JF(b->in_edges->pred); at_top = 1; while (1) { if (*diffp == 0) return; if (JF(*diffp) != JF(b)) return; if (!SET_MEMBER((*diffp)->dom, b->id)) return; if ((*diffp)->val[A_ATOM] != val) break; diffp = &JT(*diffp); at_top = 0; } samep = &JT(*diffp); while (1) { if (*samep == 0) return; if (JF(*samep) != JF(b)) return; if (!SET_MEMBER((*samep)->dom, b->id)) return; if ((*samep)->val[A_ATOM] == val) break; /* XXX Need to check that there are no data dependencies between diffp and samep. Currently, the code generator will not produce such dependencies. */ samep = &JT(*samep); } #ifdef notdef /* XXX This doesn't cover everything. */ for (i = 0; i < N_ATOMS; ++i) if ((*samep)->val[i] != pred->val[i]) return; #endif /* Pull up the node. */ pull = *samep; *samep = JT(pull); JT(pull) = *diffp; /* * At the top of the chain, each predecessor needs to point at the * pulled up node. Inside the chain, there is only one predecessor * to worry about. */ if (at_top) { for (ep = b->in_edges; ep != 0; ep = ep->next) { if (JT(ep->pred) == b) JT(ep->pred) = pull; else JF(ep->pred) = pull; } } else *diffp = pull; done = 0; } static void opt_blks(root, do_stmts) struct block *root; int do_stmts; { int i, maxlevel; struct block *p; init_val(); maxlevel = root->level; for (i = maxlevel; i >= 0; --i) for (p = levels[i]; p; p = p->link) opt_blk(p, do_stmts); if (do_stmts) /* * No point trying to move branches; it can't possibly * make a difference at this point. */ return; for (i = 1; i <= maxlevel; ++i) { for (p = levels[i]; p; p = p->link) { opt_j(&p->et); opt_j(&p->ef); } } for (i = 1; i <= maxlevel; ++i) { for (p = levels[i]; p; p = p->link) { or_pullup(p); and_pullup(p); } } } static inline void link_inedge(parent, child) struct edge *parent; struct block *child; { parent->next = child->in_edges; child->in_edges = parent; } static void find_inedges(root) struct block *root; { int i; struct block *b; for (i = 0; i < n_blocks; ++i) blocks[i]->in_edges = 0; /* * Traverse the graph, adding each edge to the predecessor * list of its successors. Skip the leaves (i.e. level 0). */ for (i = root->level; i > 0; --i) { for (b = levels[i]; b != 0; b = b->link) { link_inedge(&b->et, JT(b)); link_inedge(&b->ef, JF(b)); } } } static void opt_root(b) struct block **b; { struct slist *tmp, *s; s = (*b)->stmts; (*b)->stmts = 0; while (BPF_CLASS((*b)->s.code) == BPF_JMP && JT(*b) == JF(*b)) *b = JT(*b); tmp = (*b)->stmts; if (tmp != 0) sappend(s, tmp); (*b)->stmts = s; /* * If the root node is a return, then there is no * point executing any statements (since the bpf machine * has no side effects). */ if (BPF_CLASS((*b)->s.code) == BPF_RET) (*b)->stmts = 0; } static void opt_loop(root, do_stmts) struct block *root; int do_stmts; { #ifdef BDEBUG if (dflag > 1) opt_dump(root); #endif do { done = 1; find_levels(root); find_dom(root); find_closure(root); find_inedges(root); find_ud(root); find_edom(root); opt_blks(root, do_stmts); #ifdef BDEBUG if (dflag > 1) opt_dump(root); #endif } while (!done); } /* * Optimize the filter code in its dag representation. */ void bpf_optimize(rootp) struct block **rootp; { struct block *root; root = *rootp; opt_init(root); opt_loop(root, 0); opt_loop(root, 1); intern_blocks(root); opt_root(rootp); opt_cleanup(); } static void make_marks(p) struct block *p; { if (!isMarked(p)) { Mark(p); if (BPF_CLASS(p->s.code) != BPF_RET) { make_marks(JT(p)); make_marks(JF(p)); } } } /* * Mark code array such that isMarked(i) is true * only for nodes that are alive. */ static void mark_code(p) struct block *p; { cur_mark += 1; make_marks(p); } /* * True iff the two stmt lists load the same value from the packet into * the accumulator. */ static int eq_slist(x, y) struct slist *x, *y; { while (1) { while (x && x->s.code == NOP) x = x->next; while (y && y->s.code == NOP) y = y->next; if (x == 0) return y == 0; if (y == 0) return x == 0; if (x->s.code != y->s.code || x->s.k != y->s.k) return 0; x = x->next; y = y->next; } } static inline int eq_blk(b0, b1) struct block *b0, *b1; { if (b0->s.code == b1->s.code && b0->s.k == b1->s.k && b0->et.succ == b1->et.succ && b0->ef.succ == b1->ef.succ) return eq_slist(b0->stmts, b1->stmts); return 0; } static void intern_blocks(root) struct block *root; { struct block *p; int i, j; int done; top: done = 1; for (i = 0; i < n_blocks; ++i) blocks[i]->link = 0; mark_code(root); for (i = n_blocks - 1; --i >= 0; ) { if (!isMarked(blocks[i])) continue; for (j = i + 1; j < n_blocks; ++j) { if (!isMarked(blocks[j])) continue; if (eq_blk(blocks[i], blocks[j])) { blocks[i]->link = blocks[j]->link ? blocks[j]->link : blocks[j]; break; } } } for (i = 0; i < n_blocks; ++i) { p = blocks[i]; if (JT(p) == 0) continue; if (JT(p)->link) { done = 0; JT(p) = JT(p)->link; } if (JF(p)->link) { done = 0; JF(p) = JF(p)->link; } } if (!done) goto top; } static void opt_cleanup() { free((void *)vnode_base); free((void *)vmap); free((void *)edges); free((void *)space); free((void *)levels); free((void *)blocks); } /* * Return the number of stmts in 's'. */ static int slength(s) struct slist *s; { int n = 0; for (; s; s = s->next) if (s->s.code != NOP) ++n; return n; } /* * Return the number of nodes reachable by 'p'. * All nodes should be initially unmarked. */ static int count_blocks(p) struct block *p; { if (p == 0 || isMarked(p)) return 0; Mark(p); return count_blocks(JT(p)) + count_blocks(JF(p)) + 1; } /* * Do a depth first search on the flow graph, numbering the * the basic blocks, and entering them into the 'blocks' array.` */ static void number_blks_r(p) struct block *p; { int n; if (p == 0 || isMarked(p)) return; Mark(p); n = n_blocks++; p->id = n; blocks[n] = p; number_blks_r(JT(p)); number_blks_r(JF(p)); } /* * Return the number of stmts in the flowgraph reachable by 'p'. * The nodes should be unmarked before calling. */ static int count_stmts(p) struct block *p; { int n; if (p == 0 || isMarked(p)) return 0; Mark(p); n = count_stmts(JT(p)) + count_stmts(JF(p)); return slength(p->stmts) + n + 1; } /* * Allocate memory. All allocation is done before optimization * is begun. A linear bound on the size of all data structures is computed * from the total number of blocks and/or statements. */ static void opt_init(root) struct block *root; { bpf_u_int32 *p; int i, n, max_stmts; /* * First, count the blocks, so we can malloc an array to map * block number to block. Then, put the blocks into the array. */ unMarkAll(); n = count_blocks(root); blocks = (struct block **)malloc(n * sizeof(*blocks)); unMarkAll(); n_blocks = 0; number_blks_r(root); n_edges = 2 * n_blocks; edges = (struct edge **)malloc(n_edges * sizeof(*edges)); /* * The number of levels is bounded by the number of nodes. */ levels = (struct block **)malloc(n_blocks * sizeof(*levels)); edgewords = n_edges / (8 * sizeof(bpf_u_int32)) + 1; nodewords = n_blocks / (8 * sizeof(bpf_u_int32)) + 1; /* XXX */ space = (bpf_u_int32 *)malloc(2 * n_blocks * nodewords * sizeof(*space) + n_edges * edgewords * sizeof(*space)); p = space; all_dom_sets = p; for (i = 0; i < n; ++i) { blocks[i]->dom = p; p += nodewords; } all_closure_sets = p; for (i = 0; i < n; ++i) { blocks[i]->closure = p; p += nodewords; } all_edge_sets = p; for (i = 0; i < n; ++i) { register struct block *b = blocks[i]; b->et.edom = p; p += edgewords; b->ef.edom = p; p += edgewords; b->et.id = i; edges[i] = &b->et; b->ef.id = n_blocks + i; edges[n_blocks + i] = &b->ef; b->et.pred = b; b->ef.pred = b; } max_stmts = 0; for (i = 0; i < n; ++i) max_stmts += slength(blocks[i]->stmts) + 1; /* * We allocate at most 3 value numbers per statement, * so this is an upper bound on the number of valnodes * we'll need. */ maxval = 3 * max_stmts; vmap = (struct vmapinfo *)malloc(maxval * sizeof(*vmap)); vnode_base = (struct valnode *)malloc(maxval * sizeof(*vmap)); } /* * Some pointers used to convert the basic block form of the code, * into the array form that BPF requires. 'fstart' will point to * the malloc'd array while 'ftail' is used during the recursive traversal. */ static struct bpf_insn *fstart; static struct bpf_insn *ftail; #ifdef BDEBUG int bids[1000]; #endif /* * Returns true if successful. Returns false if a branch has * an offset that is too large. If so, we have marked that * branch so that on a subsequent iteration, it will be treated * properly. */ static int convert_code_r(p) struct block *p; { struct bpf_insn *dst; struct slist *src; int slen; u_int off; int extrajmps; /* number of extra jumps inserted */ if (p == 0 || isMarked(p)) return (1); Mark(p); if (convert_code_r(JF(p)) == 0) return (0); if (convert_code_r(JT(p)) == 0) return (0); slen = slength(p->stmts); dst = ftail -= (slen + 1 + p->longjt + p->longjf); /* inflate length by any extra jumps */ p->offset = dst - fstart; for (src = p->stmts; src; src = src->next) { if (src->s.code == NOP) continue; dst->code = (u_short)src->s.code; dst->k = src->s.k; ++dst; } #ifdef BDEBUG bids[dst - fstart] = p->id + 1; #endif dst->code = (u_short)p->s.code; dst->k = p->s.k; if (JT(p)) { extrajmps = 0; off = JT(p)->offset - (p->offset + slen) - 1; if (off >= 256) { /* offset too large for branch, must add a jump */ if (p->longjt == 0) { /* mark this instruction and retry */ p->longjt++; return(0); } /* branch if T to following jump */ dst->jt = extrajmps; extrajmps++; dst[extrajmps].code = BPF_JMP|BPF_JA; dst[extrajmps].k = off - extrajmps; } else dst->jt = off; off = JF(p)->offset - (p->offset + slen) - 1; if (off >= 256) { /* offset too large for branch, must add a jump */ if (p->longjf == 0) { /* mark this instruction and retry */ p->longjf++; return(0); } /* branch if F to following jump */ /* if two jumps are inserted, F goes to second one */ dst->jf = extrajmps; extrajmps++; dst[extrajmps].code = BPF_JMP|BPF_JA; dst[extrajmps].k = off - extrajmps; } else dst->jf = off; } return (1); } /* * Convert flowgraph intermediate representation to the * BPF array representation. Set *lenp to the number of instructions. */ struct bpf_insn * icode_to_fcode(root, lenp) struct block *root; int *lenp; { int n; struct bpf_insn *fp; /* * Loop doing convert_codr_r() until no branches remain * with too-large offsets. */ while (1) { unMarkAll(); n = *lenp = count_stmts(root); fp = (struct bpf_insn *)malloc(sizeof(*fp) * n); memset((char *)fp, 0, sizeof(*fp) * n); fstart = fp; ftail = fp + n; unMarkAll(); if (convert_code_r(root)) break; free(fp); } return fp; } #ifdef BDEBUG static void opt_dump(root) struct block *root; { struct bpf_program f; memset(bids, 0, sizeof bids); f.bf_insns = icode_to_fcode(root, &f.bf_len); bpf_dump(&f, 1); putchar('\n'); free((char *)f.bf_insns); } #endif sniffit.0.3.7.beta/libpcap/pcap-bpf.c100444 1750 1750 13503 6553423606 16070 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-bpf.c,v 1.29 96/12/31 20:53:40 leres Exp $ (LBL)"; #endif #include /* optionally get BSD define */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif int pcap_stats(pcap_t *p, struct pcap_stat *ps) { struct bpf_stat s; if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) { sprintf(p->errbuf, "BIOCGSTATS: %s", pcap_strerror(errno)); return (-1); } ps->ps_recv = s.bs_recv; ps->ps_drop = s.bs_drop; return (0); } int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { int cc; int n = 0; register u_char *bp, *ep; again: cc = p->cc; if (p->cc == 0) { cc = read(p->fd, (char *)p->buffer, p->bufsize); if (cc < 0) { /* Don't choke when we get ptraced */ switch (errno) { case EINTR: goto again; case EWOULDBLOCK: return (0); #if defined(sun) && !defined(BSD) /* * Due to a SunOS bug, after 2^31 bytes, the kernel * file offset overflows and read fails with EINVAL. * The lseek() to 0 will fix things. */ case EINVAL: if (lseek(p->fd, 0L, SEEK_CUR) + p->bufsize < 0) { (void)lseek(p->fd, 0L, SEEK_SET); goto again; } /* fall through */ #endif } sprintf(p->errbuf, "read: %s", pcap_strerror(errno)); return (-1); } bp = p->buffer; } else bp = p->bp; /* * Loop through each packet. */ #define bhp ((struct bpf_hdr *)bp) ep = bp + cc; while (bp < ep) { register int caplen, hdrlen; caplen = bhp->bh_caplen; hdrlen = bhp->bh_hdrlen; /* * XXX A bpf_hdr matches a pcap_pkthdr. */ (*callback)(user, (struct pcap_pkthdr*)bp, bp + hdrlen); bp += BPF_WORDALIGN(caplen + hdrlen); if (++n >= cnt && cnt > 0) { p->bp = bp; p->cc = ep - bp; return (n); } } #undef bhp p->cc = 0; return (n); } static inline int bpf_open(pcap_t *p, char *errbuf) { int fd; int n = 0; char device[sizeof "/dev/bpf000"]; /* * Go through all the minors and find one that isn't in use. */ do { (void)sprintf(device, "/dev/bpf%d", n++); fd = open(device, O_RDONLY); } while (fd < 0 && errno == EBUSY); /* * XXX better message for all minors used */ if (fd < 0) sprintf(errbuf, "%s: %s", device, pcap_strerror(errno)); return (fd); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { int fd; struct ifreq ifr; struct bpf_version bv; u_int v; pcap_t *p; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); return (NULL); } bzero(p, sizeof(*p)); fd = bpf_open(p, ebuf); if (fd < 0) goto bad; p->fd = fd; p->snapshot = snaplen; if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) { sprintf(ebuf, "BIOCVERSION: %s", pcap_strerror(errno)); goto bad; } if (bv.bv_major != BPF_MAJOR_VERSION || bv.bv_minor < BPF_MINOR_VERSION) { sprintf(ebuf, "kernel bpf filter out of date"); goto bad; } (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) { sprintf(ebuf, "%s: %s", device, pcap_strerror(errno)); goto bad; } /* Get the data link layer type. */ if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) { sprintf(ebuf, "BIOCGDLT: %s", pcap_strerror(errno)); goto bad; } #if _BSDI_VERSION - 0 >= 199510 /* The SLIP and PPP link layer header changed in BSD/OS 2.1 */ switch (v) { case DLT_SLIP: v = DLT_SLIP_BSDOS; break; case DLT_PPP: v = DLT_PPP_BSDOS; break; } #endif p->linktype = v; /* set timeout */ if (to_ms != 0) { struct timeval to; to.tv_sec = to_ms / 1000; to.tv_usec = (to_ms * 1000) % 1000000; if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) { sprintf(ebuf, "BIOCSRTIMEOUT: %s", pcap_strerror(errno)); goto bad; } } if (promisc) /* set promiscuous mode, okay if it fails */ (void)ioctl(p->fd, BIOCPROMISC, NULL); if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) { sprintf(ebuf, "BIOCGBLEN: %s", pcap_strerror(errno)); goto bad; } p->bufsize = v; p->buffer = (u_char *)malloc(p->bufsize); if (p->buffer == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); goto bad; } return (p); bad: (void)close(fd); free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { if (p->sf.rfile != NULL) p->fcode = *fp; else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) { sprintf(p->errbuf, "BIOCSETF: %s", pcap_strerror(errno)); return (-1); } return (0); } sniffit.0.3.7.beta/libpcap/pcap-dlpi.c100444 1750 1750 45746 6553423606 16267 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * This code contributed by Atanu Ghosh (atanu@cs.ucl.ac.uk), * University College London. */ /* * Packet capture routine for dlpi under SunOS 5 * * Notes: * * - Apparently the DLIOCRAW ioctl() is specific to SunOS. * * - There is a bug in bufmod(7) such that setting the snapshot * length results in data being left of the front of the packet. * * - It might be desirable to use pfmod(7) to filter packets in the * kernel. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-dlpi.c,v 1.52 97/10/03 19:47:47 leres Exp $ (LBL)"; #endif #include #include #ifdef HAVE_SYS_BUFMOD_H #include #endif #include #ifdef HAVE_SYS_DLPI_EXT_H #include #endif #ifdef HAVE_HPUX9 #include #endif #ifdef DL_HP_PPA_ACK_OBS #include #endif #include #if defined(HAVE_SOLARIS) && defined(HAVE_SYS_BUFMOD_H) #include #endif #ifdef HAVE_HPUX9 #include #endif #include #ifdef HAVE_HPUX9 #include #endif #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #ifndef PCAP_DEV_PREFIX #define PCAP_DEV_PREFIX "/dev" #endif #define MAXDLBUF 8192 /* Forwards */ static int dlattachreq(int, bpf_u_int32, char *); static int dlbindack(int, char *, char *); static int dlbindreq(int, bpf_u_int32, char *); static int dlinfoack(int, char *, char *); static int dlinforeq(int, char *); static int dlokack(int, const char *, char *, char *); static int recv_ack(int, int, const char *, char *, char *); static int dlpromisconreq(int, bpf_u_int32, char *); #if defined(HAVE_SOLARIS) && defined(HAVE_SYS_BUFMOD_H) static char *get_release(bpf_u_int32 *, bpf_u_int32 *, bpf_u_int32 *); #endif static int send_request(int, char *, int, char *, char *); #ifdef HAVE_SYS_BUFMOD_H static int strioctl(int, int, int, char *); #endif #ifdef HAVE_HPUX9 static int dlpi_kread(int, off_t, void *, u_int, char *); #endif #ifdef HAVE_DEV_DLPI static int get_dlpi_ppa(int, const char *, int, char *); #endif int pcap_stats(pcap_t *p, struct pcap_stat *ps) { *ps = p->md.stat; return (0); } /* XXX Needed by HP-UX (at least) */ static bpf_u_int32 ctlbuf[MAXDLBUF]; static struct strbuf ctl = { MAXDLBUF, 0, (char *)ctlbuf }; int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { register int cc, n, caplen, origlen; register u_char *bp, *ep, *pk; register struct bpf_insn *fcode; #ifdef HAVE_SYS_BUFMOD_H register struct sb_hdr *sbp; #ifdef LBL_ALIGN struct sb_hdr sbhdr; #endif #endif int flags; struct strbuf data; struct pcap_pkthdr pkthdr; flags = 0; cc = p->cc; if (cc == 0) { data.buf = (char *)p->buffer + p->offset; data.maxlen = MAXDLBUF; data.len = 0; do { if (getmsg(p->fd, &ctl, &data, &flags) < 0) { /* Don't choke when we get ptraced */ if (errno == EINTR) { cc = 0; continue; } strcpy(p->errbuf, pcap_strerror(errno)); return (-1); } cc = data.len; } while (cc == 0); bp = p->buffer + p->offset; } else bp = p->bp; /* Loop through packets */ fcode = p->fcode.bf_insns; ep = bp + cc; n = 0; #ifdef HAVE_SYS_BUFMOD_H while (bp < ep) { #ifdef LBL_ALIGN if ((long)bp & 3) { sbp = &sbhdr; memcpy(sbp, bp, sizeof(*sbp)); } else #endif sbp = (struct sb_hdr *)bp; p->md.stat.ps_drop += sbp->sbh_drops; pk = bp + sizeof(*sbp); bp += sbp->sbh_totlen; origlen = sbp->sbh_origlen; caplen = sbp->sbh_msglen; #else origlen = cc; caplen = min(p->snapshot, cc); pk = bp; bp += caplen; #endif ++p->md.stat.ps_recv; if (bpf_filter(fcode, pk, origlen, caplen)) { #ifdef HAVE_SYS_BUFMOD_H pkthdr.ts = sbp->sbh_timestamp; #else (void)gettimeofday(&pkthdr.ts, NULL); #endif pkthdr.len = origlen; pkthdr.caplen = caplen; /* Insure caplen does not exceed snapshot */ if (pkthdr.caplen > p->snapshot) pkthdr.caplen = p->snapshot; (*callback)(user, &pkthdr, pk); if (++n >= cnt && cnt >= 0) { p->cc = ep - bp; p->bp = bp; return (n); } } #ifdef HAVE_SYS_BUFMOD_H } #endif p->cc = 0; return (n); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { register char *cp; char *eos; register pcap_t *p; register int ppa; register dl_info_ack_t *infop; #ifdef HAVE_SYS_BUFMOD_H bpf_u_int32 ss, flag; #ifdef HAVE_SOLARIS register char *release; bpf_u_int32 osmajor, osminor, osmicro; #endif #endif bpf_u_int32 buf[MAXDLBUF]; char dname[100]; #ifndef HAVE_DEV_DLPI char dname2[100]; #endif p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { strcpy(ebuf, pcap_strerror(errno)); return (NULL); } memset(p, 0, sizeof(*p)); /* ** Determine device and ppa */ cp = strpbrk(device, "0123456789"); if (cp == NULL) { sprintf(ebuf, "%s missing unit number", device); goto bad; } ppa = strtol(cp, &eos, 10); if (*eos != '\0') { sprintf(ebuf, "%s bad unit number", device); goto bad; } if (*device == '/') strcpy(dname, device); else sprintf(dname, "%s/%s", PCAP_DEV_PREFIX, device); #ifdef HAVE_DEV_DLPI /* Map network device to /dev/dlpi unit */ cp = "/dev/dlpi"; if ((p->fd = open(cp, O_RDWR)) < 0) { sprintf(ebuf, "%s: %s", cp, pcap_strerror(errno)); goto bad; } /* Map network interface to /dev/dlpi unit */ ppa = get_dlpi_ppa(p->fd, dname, ppa, ebuf); if (ppa < 0) goto bad; #else /* Try device without unit number */ strcpy(dname2, dname); cp = strchr(dname, *cp); *cp = '\0'; if ((p->fd = open(dname, O_RDWR)) < 0) { if (errno != ENOENT) { sprintf(ebuf, "%s: %s", dname, pcap_strerror(errno)); goto bad; } /* Try again with unit number */ if ((p->fd = open(dname2, O_RDWR)) < 0) { sprintf(ebuf, "%s: %s", dname2, pcap_strerror(errno)); goto bad; } /* XXX Assume unit zero */ ppa = 0; } #endif p->snapshot = snaplen; /* ** Attach if "style 2" provider */ if (dlinforeq(p->fd, ebuf) < 0 || dlinfoack(p->fd, (char *)buf, ebuf) < 0) goto bad; infop = &((union DL_primitives *)buf)->info_ack; if (infop->dl_provider_style == DL_STYLE2 && (dlattachreq(p->fd, ppa, ebuf) < 0 || dlokack(p->fd, "attach", (char *)buf, ebuf) < 0)) goto bad; /* ** Bind (defer if using HP-UX 9 or HP-UX 10.20, totally skip if ** using SINIX) */ #if !defined(HAVE_HPUX9) && !defined(HAVE_HPUX10_20) && !defined(sinix) if (dlbindreq(p->fd, 0, ebuf) < 0 || dlbindack(p->fd, (char *)buf, ebuf) < 0) goto bad; #endif if (promisc) { /* ** Enable promiscuous */ if (dlpromisconreq(p->fd, DL_PROMISC_PHYS, ebuf) < 0 || dlokack(p->fd, "promisc_phys", (char *)buf, ebuf) < 0) goto bad; /* ** Try to enable multicast (you would have thought ** promiscuous would be sufficient). (Skip if using ** HP-UX or SINIX) */ #if !defined(__hpux) && !defined(sinix) if (dlpromisconreq(p->fd, DL_PROMISC_MULTI, ebuf) < 0 || dlokack(p->fd, "promisc_multi", (char *)buf, ebuf) < 0) fprintf(stderr, "WARNING: DL_PROMISC_MULTI failed (%s)\n", ebuf); #endif } /* ** Try to enable sap (when not in promiscuous mode when using ** using HP-UX and never under SINIX) */ #ifndef sinix if ( #ifdef __hpux !promisc && #endif (dlpromisconreq(p->fd, DL_PROMISC_SAP, ebuf) < 0 || dlokack(p->fd, "promisc_sap", (char *)buf, ebuf) < 0)) { /* Not fatal if promisc since the DL_PROMISC_PHYS worked */ if (promisc) fprintf(stderr, "WARNING: DL_PROMISC_SAP failed (%s)\n", ebuf); else goto bad; } #endif /* ** HP-UX 9 and HP-UX 10.20 must bind after setting promiscuous ** options) */ #if defined(HAVE_HPUX9) || defined(HAVE_HPUX10_20) if (dlbindreq(p->fd, 0, ebuf) < 0 || dlbindack(p->fd, (char *)buf, ebuf) < 0) goto bad; #endif /* ** Determine link type */ if (dlinforeq(p->fd, ebuf) < 0 || dlinfoack(p->fd, (char *)buf, ebuf) < 0) goto bad; infop = &((union DL_primitives *)buf)->info_ack; switch (infop->dl_mac_type) { case DL_CSMACD: case DL_ETHER: p->linktype = DLT_EN10MB; p->offset = 2; break; case DL_FDDI: p->linktype = DLT_FDDI; p->offset = 3; break; default: sprintf(ebuf, "unknown mac type 0x%lu", infop->dl_mac_type); goto bad; } #ifdef DLIOCRAW /* ** This is a non standard SunOS hack to get the ethernet header. */ if (strioctl(p->fd, DLIOCRAW, 0, NULL) < 0) { sprintf(ebuf, "DLIOCRAW: %s", pcap_strerror(errno)); goto bad; } #endif #ifdef HAVE_SYS_BUFMOD_H /* ** Another non standard call to get the data nicely buffered */ if (ioctl(p->fd, I_PUSH, "bufmod") != 0) { sprintf(ebuf, "I_PUSH bufmod: %s", pcap_strerror(errno)); goto bad; } /* ** Now that the bufmod is pushed lets configure it. ** ** There is a bug in bufmod(7). When dealing with messages of ** less than snaplen size it strips data from the beginning not ** the end. ** ** This bug is supposed to be fixed in 5.3.2. Also, there is a ** patch available. Ask for bugid 1149065. */ ss = snaplen; #ifdef HAVE_SOLARIS release = get_release(&osmajor, &osminor, &osmicro); if (osmajor == 5 && (osminor <= 2 || (osminor == 3 && osmicro < 2)) && getenv("BUFMOD_FIXED") == NULL) { fprintf(stderr, "WARNING: bufmod is broken in SunOS %s; ignoring snaplen.\n", release); ss = 0; } #endif if (ss > 0 && strioctl(p->fd, SBIOCSSNAP, sizeof(ss), (char *)&ss) != 0) { sprintf(ebuf, "SBIOCSSNAP: %s", pcap_strerror(errno)); goto bad; } /* ** Set up the bufmod flags */ if (strioctl(p->fd, SBIOCGFLAGS, sizeof(flag), (char *)&flag) < 0) { sprintf(ebuf, "SBIOCGFLAGS: %s", pcap_strerror(errno)); goto bad; } flag |= SB_NO_DROPS; if (strioctl(p->fd, SBIOCSFLAGS, sizeof(flag), (char *)&flag) != 0) { sprintf(ebuf, "SBIOCSFLAGS: %s", pcap_strerror(errno)); goto bad; } /* ** Set up the bufmod timeout */ if (to_ms != 0) { struct timeval to; to.tv_sec = to_ms / 1000; to.tv_usec = (to_ms * 1000) % 1000000; if (strioctl(p->fd, SBIOCSTIME, sizeof(to), (char *)&to) != 0) { sprintf(ebuf, "SBIOCSTIME: %s", pcap_strerror(errno)); goto bad; } } #endif /* ** As the last operation flush the read side. */ if (ioctl(p->fd, I_FLUSH, FLUSHR) != 0) { sprintf(ebuf, "FLUSHR: %s", pcap_strerror(errno)); goto bad; } /* Allocate data buffer */ p->bufsize = MAXDLBUF * sizeof(bpf_u_int32); p->buffer = (u_char *)malloc(p->bufsize + p->offset); return (p); bad: free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { p->fcode = *fp; return (0); } static int send_request(int fd, char *ptr, int len, char *what, char *ebuf) { struct strbuf ctl; int flags; ctl.maxlen = 0; ctl.len = len; ctl.buf = ptr; flags = 0; if (putmsg(fd, &ctl, (struct strbuf *) NULL, flags) < 0) { sprintf(ebuf, "send_request: putmsg \"%s\": %s", what, pcap_strerror(errno)); return (-1); } return (0); } static int recv_ack(int fd, int size, const char *what, char *bufp, char *ebuf) { union DL_primitives *dlp; struct strbuf ctl; int flags; ctl.maxlen = MAXDLBUF; ctl.len = 0; ctl.buf = bufp; flags = 0; if (getmsg(fd, &ctl, (struct strbuf*)NULL, &flags) < 0) { sprintf(ebuf, "recv_ack: %s getmsg: %s", what, pcap_strerror(errno)); return (-1); } dlp = (union DL_primitives *) ctl.buf; switch (dlp->dl_primitive) { case DL_INFO_ACK: case DL_BIND_ACK: case DL_OK_ACK: #ifdef DL_HP_PPA_ACK case DL_HP_PPA_ACK: #endif /* These are OK */ break; case DL_ERROR_ACK: switch (dlp->error_ack.dl_errno) { case DL_BADPPA: sprintf(ebuf, "recv_ack: %s bad ppa (device unit)", what); break; case DL_SYSERR: sprintf(ebuf, "recv_ack: %s: %s", what, pcap_strerror(dlp->error_ack.dl_unix_errno)); break; case DL_UNSUPPORTED: sprintf(ebuf, "recv_ack: %s: Service not supplied by provider", what); break; default: sprintf(ebuf, "recv_ack: %s error 0x%x", what, (bpf_u_int32)dlp->error_ack.dl_errno); break; } return (-1); default: sprintf(ebuf, "recv_ack: %s unexpected primitive ack 0x%x ", what, (bpf_u_int32)dlp->dl_primitive); return (-1); } if (ctl.len < size) { sprintf(ebuf, "recv_ack: %s ack too small (%d < %d)", what, ctl.len, size); return (-1); } return (ctl.len); } static int dlattachreq(int fd, bpf_u_int32 ppa, char *ebuf) { dl_attach_req_t req; req.dl_primitive = DL_ATTACH_REQ; req.dl_ppa = ppa; return (send_request(fd, (char *)&req, sizeof(req), "attach", ebuf)); } static int dlbindreq(int fd, bpf_u_int32 sap, char *ebuf) { dl_bind_req_t req; memset((char *)&req, 0, sizeof(req)); req.dl_primitive = DL_BIND_REQ; #ifdef DL_HP_RAWDLS req.dl_max_conind = 1; /* XXX magic number */ /* 22 is INSAP as per the HP-UX DLPI Programmer's Guide */ req.dl_sap = 22; req.dl_service_mode = DL_HP_RAWDLS; #else req.dl_sap = sap; #ifdef DL_CLDLS req.dl_service_mode = DL_CLDLS; #endif #endif return (send_request(fd, (char *)&req, sizeof(req), "bind", ebuf)); } static int dlbindack(int fd, char *bufp, char *ebuf) { return (recv_ack(fd, DL_BIND_ACK_SIZE, "bind", bufp, ebuf)); } static int dlpromisconreq(int fd, bpf_u_int32 level, char *ebuf) { dl_promiscon_req_t req; req.dl_primitive = DL_PROMISCON_REQ; req.dl_level = level; return (send_request(fd, (char *)&req, sizeof(req), "promiscon", ebuf)); } static int dlokack(int fd, const char *what, char *bufp, char *ebuf) { return (recv_ack(fd, DL_OK_ACK_SIZE, what, bufp, ebuf)); } static int dlinforeq(int fd, char *ebuf) { dl_info_req_t req; req.dl_primitive = DL_INFO_REQ; return (send_request(fd, (char *)&req, sizeof(req), "info", ebuf)); } static int dlinfoack(int fd, char *bufp, char *ebuf) { return (recv_ack(fd, DL_INFO_ACK_SIZE, "info", bufp, ebuf)); } #ifdef HAVE_SYS_BUFMOD_H static int strioctl(int fd, int cmd, int len, char *dp) { struct strioctl str; int rc; str.ic_cmd = cmd; str.ic_timout = -1; str.ic_len = len; str.ic_dp = dp; rc = ioctl(fd, I_STR, &str); if (rc < 0) return (rc); else return (str.ic_len); } #endif #if defined(HAVE_SOLARIS) && defined(HAVE_SYS_BUFMOD_H) static char * get_release(bpf_u_int32 *majorp, bpf_u_int32 *minorp, bpf_u_int32 *microp) { char *cp; static char buf[32]; *majorp = 0; *minorp = 0; *microp = 0; if (sysinfo(SI_RELEASE, buf, sizeof(buf)) < 0) return ("?"); cp = buf; if (!isdigit(*cp)) return (buf); *majorp = strtol(cp, &cp, 10); if (*cp++ != '.') return (buf); *minorp = strtol(cp, &cp, 10); if (*cp++ != '.') return (buf); *microp = strtol(cp, &cp, 10); return (buf); } #endif #ifdef DL_HP_PPA_ACK_OBS /* * Under HP-UX 10, we can ask for the ppa */ /* Determine ppa number that specifies ifname */ static int get_dlpi_ppa(register int fd, register const char *device, register int unit, register char *ebuf) { register dl_hp_ppa_ack_t *ap; register dl_hp_ppa_info_t *ip; register int i; register u_long majdev; dl_hp_ppa_req_t req; struct stat statbuf; bpf_u_int32 buf[MAXDLBUF]; if (stat(device, &statbuf) < 0) { sprintf(ebuf, "stat: %s: %s", device, pcap_strerror(errno)); return (-1); } majdev = major(statbuf.st_rdev); memset((char *)&req, 0, sizeof(req)); req.dl_primitive = DL_HP_PPA_REQ; memset((char *)buf, 0, sizeof(buf)); if (send_request(fd, (char *)&req, sizeof(req), "hpppa", ebuf) < 0 || recv_ack(fd, DL_HP_PPA_ACK_SIZE, "hpppa", (char *)buf, ebuf) < 0) return (-1); ap = (dl_hp_ppa_ack_t *)buf; ip = (dl_hp_ppa_info_t *)((u_char *)ap + ap->dl_offset); for(i = 0; i < ap->dl_count; i++) { if (ip->dl_mjr_num == majdev && ip->dl_instance_num == unit) break; ip = (dl_hp_ppa_info_t *)((u_char *)ip + ip->dl_next_offset); } if (i == ap->dl_count) { sprintf(ebuf, "can't find PPA for %s", device); return (-1); } if (ip->dl_hdw_state == HDW_DEAD) { sprintf(ebuf, "%s: hardware state: DOWN\n", device); return (-1); } return ((int)ip->dl_ppa); } #endif #ifdef HAVE_HPUX9 /* * Under HP-UX 9, there is no good way to determine the ppa. * So punt and read it from /dev/kmem. */ static struct nlist nl[] = { #define NL_IFNET 0 { "ifnet" }, { "" } }; static char path_vmunix[] = "/hp-ux"; /* Determine ppa number that specifies ifname */ static int get_dlpi_ppa(register int fd, register const char *ifname, register int unit, register char *ebuf) { register const char *cp; register int kd; void *addr; struct ifnet ifnet; char if_name[sizeof(ifnet.if_name)], tifname[32]; cp = strrchr(ifname, '/'); if (cp != NULL) ifname = cp + 1; if (nlist(path_vmunix, &nl) < 0) { sprintf(ebuf, "nlist %s failed", path_vmunix); return (-1); } if (nl[NL_IFNET].n_value == 0) { sprintf(ebuf, "could't find %s kernel symbol", nl[NL_IFNET].n_name); return (-1); } kd = open("/dev/kmem", O_RDONLY); if (kd < 0) { sprintf(ebuf, "kmem open: %s", pcap_strerror(errno)); return (-1); } if (dlpi_kread(kd, nl[NL_IFNET].n_value, &addr, sizeof(addr), ebuf) < 0) { close(kd); return (-1); } for (; addr != NULL; addr = ifnet.if_next) { if (dlpi_kread(kd, (off_t)addr, &ifnet, sizeof(ifnet), ebuf) < 0 || dlpi_kread(kd, (off_t)ifnet.if_name, if_name, sizeof(if_name), ebuf) < 0) { (void)close(kd); return (-1); } sprintf(tifname, "%.*s%d", (int)sizeof(if_name), if_name, ifnet.if_unit); if (strcmp(tifname, ifname) == 0) return (ifnet.if_index); } sprintf(ebuf, "Can't find %s", ifname); return (-1); } static int dlpi_kread(register int fd, register off_t addr, register void *buf, register u_int len, register char *ebuf) { register int cc; if (lseek(fd, addr, SEEK_SET) < 0) { sprintf(ebuf, "lseek: %s", pcap_strerror(errno)); return (-1); } cc = read(fd, buf, len); if (cc < 0) { sprintf(ebuf, "read: %s", pcap_strerror(errno)); return (-1); } else if (cc != len) { sprintf(ebuf, "short read (%d != %d)", cc, len); return (-1); } return (cc); } #endif sniffit.0.3.7.beta/libpcap/pcap-enet.c100444 1750 1750 11307 6553423606 16254 0ustar codercoder/* * Stanford Enetfilter subroutines for tcpdump * * Based on the MERIT NNstat etherifrt.c and the Ultrix pcap-pf.c * subroutines. * * Rayan Zachariassen, CA*Net */ #include #include #include #include #include #include #include #include #include #include #include #include #include "interface.h" struct packet_header { #ifdef IBMRTPC struct LengthWords length; struct tap_header tap; #endif /* IBMRTPC */ u_char packet[8] }; extern int errno; #define BUFSPACE (4*1024) /* Forwards */ static void efReadError(int, char *); void readloop(int cnt, int if_fd, struct bpf_program *fp, printfunc printit) { #ifdef IBMRTPC register struct packet_header *ph; register u_char *bp; register int inc; #else /* !IBMRTPC */ static struct timeval tv = { 0 }; #endif /* IBMRTPC */ register int cc, caplen; register struct bpf_insn *fcode = fp->bf_insns; union { struct packet_header hdr; u_char p[BUFSPACE]; u_short s; } buf; while (1) { if ((cc = read(if_fd, (char *)buf.p, sizeof(buf))) < 0) efReadError(if_fd, "reader"); #ifdef IBMRTPC /* * Loop through each packet. */ bp = buf.p; while (cc > 0) { ph = (struct packet_header *)bp; caplen = ph->tap.th_wirelen > snaplen ? snaplen : ph->tap .th_wirelen ; if (bpf_filter(fcode, (char *)ph->packet, ph->tap.th_wirelen, caplen)) { if (cnt >= 0 && --cnt < 0) goto out; (*printit)((char *)ph->packet, (struct timeval *)ph->tap.th_timestamp, ph->tap.th_wirelen, caplen); } inc = ph->length.PacketOffset; cc -= inc; bp += inc; } #else /* !IBMRTPC */ caplen = cc > snaplen ? snaplen : cc ; if (bpf_filter(fcode, buf.hdr.packet, cc, caplen)) { if (cnt >= 0 && --cnt < 0) goto out; (*printit)(buf.hdr.packet, &tv, cc, caplen); } #endif /* IBMRTPC */ } out: wrapup(if_fd); } /* Call ONLY if read() has returned an error on packet filter */ static void efReadError(int fid, char *msg) { if (errno == EINVAL) { /* read MAXINT bytes already! */ if (lseek(fid, 0, 0) < 0) { perror("tcpdump: efReadError/lseek"); exit(-1); } else return; } else { (void) fprintf(stderr, "tcpdump: "); perror(msg); exit(-1); } } void wrapup(int fd) { #ifdef IBMRTPC struct enstats es; if (ioctl(fd, EIOSTATS, &es) == -1) { perror("tcpdump: enet ioctl EIOSTATS error"); exit(-1); } fprintf(stderr, "%d packets queued", es.enStat_Rcnt); if (es.enStat_Rdrops > 0) fprintf(stderr, ", %d dropped", es.enStat_Rdrops); if (es.enStat_Reads > 0) fprintf(stderr, ", %d tcpdump %s", es.enStat_Reads, es.enStat_Reads > 1 ? "reads" : "read"); if (es.enStat_MaxRead > 1) fprintf(stderr, ", %d packets in largest read", es.enStat_MaxRead); putc('\n', stderr); #endif /* IBMRTPC */ close(fd); } int initdevice(char *device, int pflag, int *linktype) { struct eniocb ctl; struct enfilter filter; u_int maxwaiting; int if_fd; #ifdef IBMRTPC GETENETDEVICE(0, O_RDONLY, &if_fd); #else /* !IBMRTPC */ if_fd = open("/dev/enet", O_RDONLY, 0); #endif /* IBMRTPC */ if (if_fd == -1) { perror("tcpdump: enet open error"); error( "your system may not be properly configured; see \"man enet(4)\""); exit(-1); } /* Get operating parameters. */ if (ioctl(if_fd, EIOCGETP, (char *)&ctl) == -1) { perror("tcpdump: enet ioctl EIOCGETP error"); exit(-1); } /* Set operating parameters. */ #ifdef IBMRTPC ctl.en_rtout = 1 * ctl.en_hz; ctl.en_tr_etherhead = 1; ctl.en_tap_network = 1; ctl.en_multi_packet = 1; ctl.en_maxlen = BUFSPACE; #else /* !IBMRTPC */ ctl.en_rtout = 64; /* randomly picked value for HZ */ #endif /* IBMRTPC */ if (ioctl(if_fd, EIOCSETP, &ctl) == -1) { perror("tcpdump: enet ioctl EIOCSETP error"); exit(-1); } /* Flush the receive queue, since we've changed the operating parameters and we otherwise might receive data without headers. */ if (ioctl(if_fd, EIOCFLUSH) == -1) { perror("tcpdump: enet ioctl EIOCFLUSH error"); exit(-1); } /* Set the receive queue depth to its maximum. */ maxwaiting = ctl.en_maxwaiting; if (ioctl(if_fd, EIOCSETW, &maxwaiting) == -1) { perror("tcpdump: enet ioctl EIOCSETW error"); exit(-1); } #ifdef IBMRTPC /* Clear statistics. */ if (ioctl(if_fd, EIOCLRSTAT, 0) == -1) { perror("tcpdump: enet ioctl EIOCLRSTAT error"); exit(-1); } #endif /* IBMRTPC */ /* Set the filter (accept all packets). */ filter.enf_Priority = 3; filter.enf_FilterLen = 0; if (ioctl(if_fd, EIOCSETF, &filter) == -1) { perror("tcpdump: enet ioctl EIOCSETF error"); exit(-1); } /* * "enetfilter" supports only ethernets. */ *linktype = DLT_EN10MB; return(if_fd); } sniffit.0.3.7.beta/libpcap/pcap-int.h100444 1750 1750 6421 6553423606 16101 0ustar codercoder/* * Copyright (c) 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#) $Header: pcap-int.h,v 1.18 96/11/27 18:43:09 leres Exp $ (LBL) */ #ifndef pcap_int_h #define pcap_int_h #include /* * Savefile */ struct pcap_sf { FILE *rfile; int swapped; int version_major; int version_minor; u_char *base; }; struct pcap_md { struct pcap_stat stat; /*XXX*/ int use_bpf; u_long TotPkts; /* can't oflow for 79 hrs on ether */ u_long TotAccepted; /* count accepted by filter */ u_long TotDrops; /* count of dropped packets */ long TotMissed; /* missed by i/f during this run */ long OrigMissed; /* missed by i/f before this run */ #ifdef linux int pad; int skip; char *device; #endif }; struct pcap { int fd; int snapshot; int linktype; int tzoff; /* timezone offset */ int offset; /* offset for proper alignment */ struct pcap_sf sf; struct pcap_md md; /* * Read buffer. */ int bufsize; u_char *buffer; u_char *bp; int cc; /* * Place holder for pcap_next(). */ u_char *pkt; /* * Placeholder for filter code if bpf not in kernel. */ struct bpf_program fcode; char errbuf[PCAP_ERRBUF_SIZE]; }; int yylex(void); #ifndef min #define min(a, b) ((a) > (b) ? (b) : (a)) #endif /* XXX should these be in pcap.h? */ int pcap_offline_read(pcap_t *, int, pcap_handler, u_char *); int pcap_read(pcap_t *, int cnt, pcap_handler, u_char *); /* Ultrix pads to make everything line up on a nice boundary */ #if defined(ultrix) || defined(__alpha) #define PCAP_FDDIPAD 3 #endif /* XXX */ extern int pcap_fddipad; #endif sniffit.0.3.7.beta/libpcap/pcap-linux.c100444 1750 1750 16467 6553423606 16474 0ustar codercoder/* * Copyright (c) 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-linux.c,v 1.15 97/10/02 22:39:37 leres Exp $ (LBL)"; #endif #include #include #include #include #include #ifdef HAVE_NET_IF_ARP_H #include #else #include #endif #include #include #include #include #include #include #include #include static struct ifreq saved_ifr; #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif void linux_restore_ifr(void); int pcap_stats(pcap_t *p, struct pcap_stat *ps) { *ps = p->md.stat; return (0); } int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { register int cc; register int bufsize; register int caplen; register u_char *bp; struct sockaddr from; int fromlen; bp = p->buffer + p->offset; bufsize = p->bufsize; if (p->md.pad > 0) { memset(bp, 0, p->md.pad); bp += p->md.pad; bufsize -= p->md.pad; } again: do { fromlen = sizeof(from); cc = recvfrom(p->fd, bp, bufsize, 0, &from, &fromlen); if (cc < 0) { /* Don't choke when we get ptraced */ switch (errno) { case EINTR: goto again; case EWOULDBLOCK: return (0); /* XXX */ } sprintf(p->errbuf, "read: %s", pcap_strerror(errno)); return (-1); } } while (strcmp(p->md.device, from.sa_data)); /* If we need have leading zero bytes, adjust count */ cc += p->md.pad; bp = p->buffer + p->offset; /* If we need to step over leading junk, adjust count and pointer */ cc -= p->md.skip; bp += p->md.skip; /* Captured length can't exceed our read buffer size */ caplen = cc; if (caplen > bufsize) caplen = bufsize; /* Captured length can't exceed the snapshot length */ if (caplen > p->snapshot) caplen = p->snapshot; if (p->fcode.bf_insns == NULL || bpf_filter(p->fcode.bf_insns, bp, cc, caplen)) { struct pcap_pkthdr h; ++p->md.stat.ps_recv; /* Get timestamp */ if (ioctl(p->fd, SIOCGSTAMP, &h.ts) < 0) { sprintf(p->errbuf, "SIOCGSTAMP: %s", pcap_strerror(errno)); return (-1); } h.len = cc; h.caplen = caplen; (*callback)(user, &h, bp); return (1); } return (0); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { register int fd, broadcast; register pcap_t *p; struct ifreq ifr; struct sockaddr sa; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); return (NULL); } memset(p, 0, sizeof(*p)); fd = -1; fd = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL)); if (fd < 0) { sprintf(ebuf, "socket: %s", pcap_strerror(errno)); goto bad; } p->fd = fd; /* Bind to the interface name */ memset(&sa, 0, sizeof(sa)); sa.sa_family = AF_INET; (void)strncpy(sa.sa_data, device, sizeof(sa.sa_data)); if (bind(p->fd, &sa, sizeof(sa))) { sprintf(ebuf, "bind: %s: %s", device, pcap_strerror(errno)); goto bad; } memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(p->fd, SIOCGIFHWADDR, &ifr) < 0 ) { sprintf(ebuf, "SIOCGIFHWADDR: %s", pcap_strerror(errno)); goto bad; } broadcast = 0; switch (ifr.ifr_hwaddr.sa_family) { case ARPHRD_ETHER: case ARPHRD_METRICOM: p->linktype = DLT_EN10MB; p->offset = 2; ++broadcast; break; case ARPHRD_EETHER: p->linktype = DLT_EN3MB; ++broadcast; break; case ARPHRD_AX25: p->linktype = DLT_AX25; ++broadcast; break; case ARPHRD_PRONET: p->linktype = DLT_PRONET; break; case ARPHRD_CHAOS: p->linktype = DLT_CHAOS; break; case ARPHRD_IEEE802: p->linktype = DLT_IEEE802; ++broadcast; break; case ARPHRD_ARCNET: p->linktype = DLT_ARCNET; ++broadcast; break; case ARPHRD_SLIP: case ARPHRD_CSLIP: case ARPHRD_SLIP6: case ARPHRD_CSLIP6: case ARPHRD_PPP: p->linktype = DLT_RAW; break; case ARPHRD_LOOPBACK: p->linktype = DLT_NULL; p->md.pad = 2; p->md.skip = 12; break; #ifdef ARPHRD_FDDI /* Not all versions of the kernel has this define */ case ARPHRD_FDDI: p->linktype = DLT_FDDI; ++broadcast; break; #endif #ifdef notdef case ARPHRD_LOCALTLK: case ARPHRD_NETROM: case ARPHRD_APPLETLK: case ARPHRD_DLCI: case ARPHRD_RSRVD: case ARPHRD_ADAPT: case ARPHRD_TUNNEL: case ARPHRD_TUNNEL6: case ARPHRD_FRAD: case ARPHRD_SKIP: /* XXX currently do not know what to do with these... */ abort(); #endif default: sprintf(ebuf, "unknown physical layer type 0x%x", ifr.ifr_hwaddr.sa_family); goto bad; } /* Base the buffer size on the interface MTU */ memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(p->fd, SIOCGIFMTU, &ifr) < 0 ) { sprintf(ebuf, "SIOCGIFMTU: %s", pcap_strerror(errno)); goto bad; } /* Leave room for link header (which is never large under linux...) */ p->bufsize = ifr.ifr_mtu + 64; p->buffer = (u_char *)malloc(p->bufsize + p->offset); if (p->buffer == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); goto bad; } /* XXX */ if (promisc && broadcast) { memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, device); if (ioctl(p->fd, SIOCGIFFLAGS, &ifr) < 0 ) { sprintf(ebuf, "SIOCGIFFLAGS: %s", pcap_strerror(errno)); goto bad; } saved_ifr = ifr; ifr.ifr_flags |= IFF_PROMISC; if (ioctl(p->fd, SIOCSIFFLAGS, &ifr) < 0 ) { sprintf(ebuf, "SIOCSIFFLAGS: %s", pcap_strerror(errno)); goto bad; } ifr.ifr_flags &= ~IFF_PROMISC; atexit(linux_restore_ifr); } p->md.device = strdup(device); if (p->md.device == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); goto bad; } p->snapshot = snaplen; return (p); bad: if (fd >= 0) (void)close(fd); if (p->buffer != NULL) free(p->buffer); if (p->md.device != NULL) free(p->md.device); free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { p->fcode = *fp; return (0); } void linux_restore_ifr(void) { register int fd; fd = socket(PF_INET, SOCK_PACKET, htons(0x0003)); if (fd < 0) fprintf(stderr, "linux socket: %s", pcap_strerror(errno)); else if (ioctl(fd, SIOCSIFFLAGS, &saved_ifr) < 0) fprintf(stderr, "linux SIOCSIFFLAGS: %s", pcap_strerror(errno)); } sniffit.0.3.7.beta/libpcap/pcap-namedb.h100444 1750 1750 6131 6553423606 16533 0ustar codercoder/* * Copyright (c) 1994, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#) $Header: pcap-namedb.h,v 1.5 96/07/14 03:00:14 leres Exp $ (LBL) */ #ifndef lib_pcap_ethers_h #define lib_pcap_ethers_h /* * As returned by the pcap_next_etherent() * XXX this stuff doesn't belong in this interface, but this * library already must do name to address translation, so * on systems that don't have support for /etc/ethers, we * export these hooks since they'll */ struct pcap_etherent { u_char addr[6]; char name[122]; }; #ifndef PCAP_ETHERS_FILE #define PCAP_ETHERS_FILE "/etc/ethers" #endif struct pcap_etherent *pcap_next_etherent(FILE *); u_char *pcap_ether_hostton(const char*); u_char *pcap_ether_aton(const char *); bpf_u_int32 **pcap_nametoaddr(const char *); bpf_u_int32 pcap_nametonetaddr(const char *); int pcap_nametoport(const char *, int *, int *); int pcap_nametoproto(const char *); int pcap_nametoeproto(const char *); /* * If a protocol is unknown, PROTO_UNDEF is returned. * Also, pcap_nametoport() returns the protocol along with the port number. * If there are ambiguous entried in /etc/services (i.e. domain * can be either tcp or udp) PROTO_UNDEF is returned. */ #define PROTO_UNDEF -1 /* XXX move these to pcap-int.h? */ int __pcap_atodn(const char *, bpf_u_int32 *); int __pcap_atoin(const char *, bpf_u_int32 *); u_short __pcap_nametodnaddr(const char *); #endif sniffit.0.3.7.beta/libpcap/pcap-nit.c100444 1750 1750 13021 6553423606 16106 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-nit.c,v 1.31 96/12/10 23:15:01 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif /* * The chunk size for NIT. This is the amount of buffering * done for read calls. */ #define CHUNKSIZE (2*1024) /* * The total buffer space used by NIT. */ #define BUFSPACE (4*CHUNKSIZE) /* Forwards */ static int nit_setflags(int, int, int, char *); int pcap_stats(pcap_t *p, struct pcap_stat *ps) { *ps = p->md.stat; return (0); } int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { register int cc, n; register struct bpf_insn *fcode = p->fcode.bf_insns; register u_char *bp, *cp, *ep; register struct nit_hdr *nh; register int caplen; cc = p->cc; if (cc == 0) { cc = read(p->fd, (char *)p->buffer, p->bufsize); if (cc < 0) { if (errno == EWOULDBLOCK) return (0); sprintf(p->errbuf, "pcap_read: %s", pcap_strerror(errno)); return (-1); } bp = p->buffer; } else bp = p->bp; /* * Loop through each packet. The increment expression * rounds up to the next int boundary past the end of * the previous packet. */ n = 0; ep = bp + cc; while (bp < ep) { nh = (struct nit_hdr *)bp; cp = bp + sizeof(*nh); switch (nh->nh_state) { case NIT_CATCH: break; case NIT_NOMBUF: case NIT_NOCLUSTER: case NIT_NOSPACE: p->md.stat.ps_drop = nh->nh_dropped; continue; case NIT_SEQNO: continue; default: sprintf(p->errbuf, "bad nit state %d", nh->nh_state); return (-1); } ++p->md.stat.ps_recv; bp += ((sizeof(struct nit_hdr) + nh->nh_datalen + sizeof(int) - 1) & ~(sizeof(int) - 1)); caplen = nh->nh_wirelen; if (caplen > p->snapshot) caplen = p->snapshot; if (bpf_filter(fcode, cp, nh->nh_wirelen, caplen)) { struct pcap_pkthdr h; h.ts = nh->nh_timestamp; h.len = nh->nh_wirelen; h.caplen = caplen; (*callback)(user, &h, cp); if (++n >= cnt && cnt >= 0) { p->cc = ep - bp; p->bp = bp; return (n); } } } p->cc = 0; return (n); } static int nit_setflags(int fd, int promisc, int to_ms, char *ebuf) { struct nit_ioc nioc; bzero((char *)&nioc, sizeof(nioc)); nioc.nioc_bufspace = BUFSPACE; nioc.nioc_chunksize = CHUNKSIZE; nioc.nioc_typetomatch = NT_ALLTYPES; nioc.nioc_snaplen = p->snapshot; nioc.nioc_bufalign = sizeof(int); nioc.nioc_bufoffset = 0; if (to_ms != 0) { nioc.nioc_flags |= NF_TIMEOUT; nioc.nioc_timeout.tv_sec = to_ms / 1000; nioc.nioc_timeout.tv_usec = (to_ms * 1000) % 1000000; } if (promisc) nioc.nioc_flags |= NF_PROMISC; if (ioctl(fd, SIOCSNIT, &nioc) < 0) { sprintf(ebuf, "SIOCSNIT: %s", pcap_strerror(errno)); return (-1); } return (0); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { int fd; struct sockaddr_nit snit; register pcap_t *p; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { strcpy(ebuf, pcap_strerror(errno)); return (NULL); } if (snaplen < 96) /* * NIT requires a snapshot length of at least 96. */ snaplen = 96; bzero(p, sizeof(*p)); p->fd = fd = socket(AF_NIT, SOCK_RAW, NITPROTO_RAW); if (fd < 0) { sprintf(ebuf, "socket: %s", pcap_strerror(errno)); goto bad; } snit.snit_family = AF_NIT; (void)strncpy(snit.snit_ifname, device, NITIFSIZ); if (bind(fd, (struct sockaddr *)&snit, sizeof(snit))) { sprintf(ebuf, "bind: %s: %s", snit.snit_ifname, pcap_strerror(errno)); goto bad; } p->snapshot = snaplen; nit_setflags(p->fd, promisc, to_ms, ebuf); /* * NIT supports only ethernets. */ p->linktype = DLT_EN10MB; p->bufsize = BUFSPACE; p->buffer = (u_char *)malloc(p->bufsize); if (p->buffer == NULL) { strcpy(ebuf, pcap_strerror(errno)); goto bad; } return (p); bad: if (fd >= 0) close(fd); free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { p->fcode = *fp; return (0); } sniffit.0.3.7.beta/libpcap/pcap-nit.h100444 1750 1750 1656 6553423606 16106 0ustar codercoder/* * Copyright (c) 1990, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Lawrence Berkeley Laboratory, * Berkeley, CA. The name of the University may not be used to * endorse or promote products derived from this software without * specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: pcap-nit.h,v 1.2 94/06/14 20:06:03 leres Exp $ (LBL) */ sniffit.0.3.7.beta/libpcap/pcap-null.c100444 1750 1750 4130 6553423606 16247 0ustar codercoder/* * Copyright (c) 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-null.c,v 1.7 96/12/10 23:15:01 leres Exp $ (LBL)"; #endif #include /* optionally get BSD define */ #include #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #include "pcap-int.h" static char nosup[] = "live packet capture not supported on this system"; int pcap_stats(pcap_t *p, struct pcap_stat *ps) { (void)sprintf(p->errbuf, "pcap_stats: %s", nosup); return (-1); } int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { (void)sprintf(p->errbuf, "pcap_read: %s", nosup); return (-1); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { (void)strcpy(ebuf, nosup); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { if (p->sf.rfile == NULL) { (void)sprintf(p->errbuf, "pcap_setfilter: %s", nosup); return (-1); } p->fcode = *fp; return (0); } sniffit.0.3.7.beta/libpcap/pcap-pf.c100444 1750 1750 21416 6553423606 15730 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * packet filter subroutines for tcpdump * Extraction/creation by Jeffrey Mogul, DECWRL */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-pf.c,v 1.54 96/12/10 23:15:01 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include #include #if __STDC__ struct mbuf; struct rtentry; #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif /* * BUFSPACE is the size in bytes of the packet read buffer. Most tcpdump * applications aren't going to need more than 200 bytes of packet header * and the read shouldn't return more packets than packetfilter's internal * queue limit (bounded at 256). */ #define BUFSPACE (200 * 256) int pcap_read(pcap_t *pc, int cnt, pcap_handler callback, u_char *user) { register u_char *p, *bp; struct bpf_insn *fcode; register int cc, n, buflen, inc; register struct enstamp *sp; #ifdef LBL_ALIGN struct enstamp stamp; #endif #ifdef PCAP_FDDIPAD register int pad; #endif fcode = pc->md.use_bpf ? NULL : pc->fcode.bf_insns; again: cc = pc->cc; if (cc == 0) { cc = read(pc->fd, (char *)pc->buffer + pc->offset, pc->bufsize); if (cc < 0) { if (errno == EWOULDBLOCK) return (0); if (errno == EINVAL && lseek(pc->fd, 0L, SEEK_CUR) + pc->bufsize < 0) { /* * Due to a kernel bug, after 2^31 bytes, * the kernel file offset overflows and * read fails with EINVAL. The lseek() * to 0 will fix things. */ (void)lseek(pc->fd, 0L, SEEK_SET); goto again; } sprintf(pc->errbuf, "pf read: %s", pcap_strerror(errno)); return (-1); } bp = pc->buffer + pc->offset; } else bp = pc->bp; /* * Loop through each packet. */ n = 0; #ifdef PCAP_FDDIPAD if (pc->linktype == DLT_FDDI) pad = pcap_fddipad; else pad = 0; #endif while (cc > 0) { if (cc < sizeof(*sp)) { sprintf(pc->errbuf, "pf short read (%d)", cc); return (-1); } #ifdef LBL_ALIGN if ((long)bp & 3) { sp = &stamp; memcpy((char *)sp, (char *)bp, sizeof(*sp)); } else #endif sp = (struct enstamp *)bp; if (sp->ens_stamplen != sizeof(*sp)) { sprintf(pc->errbuf, "pf short stamplen (%d)", sp->ens_stamplen); return (-1); } p = bp + sp->ens_stamplen; buflen = sp->ens_count; if (buflen > pc->snapshot) buflen = pc->snapshot; /* Calculate inc before possible pad update */ inc = ENALIGN(buflen + sp->ens_stamplen); cc -= inc; bp += inc; #ifdef PCAP_FDDIPAD p += pad; buflen -= pad; #endif pc->md.TotPkts++; pc->md.TotDrops += sp->ens_dropped; pc->md.TotMissed = sp->ens_ifoverflows; if (pc->md.OrigMissed < 0) pc->md.OrigMissed = pc->md.TotMissed; /* * Short-circuit evaluation: if using BPF filter * in kernel, no need to do it now. */ if (fcode == NULL || bpf_filter(fcode, p, sp->ens_count, buflen)) { struct pcap_pkthdr h; pc->md.TotAccepted++; h.ts = sp->ens_tstamp; #ifdef PCAP_FDDIPAD h.len = sp->ens_count - pad; #else h.len = sp->ens_count; #endif h.caplen = buflen; (*callback)(user, &h, p); if (++n >= cnt && cnt > 0) { pc->cc = cc; pc->bp = bp; return (n); } } } pc->cc = 0; return (n); } int pcap_stats(pcap_t *p, struct pcap_stat *ps) { ps->ps_recv = p->md.TotAccepted; ps->ps_drop = p->md.TotDrops; ps->ps_ifdrop = p->md.TotMissed - p->md.OrigMissed; return (0); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { pcap_t *p; short enmode; int backlog = -1; /* request the most */ struct enfilter Filter; struct endevp devparams; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { sprintf(ebuf, "pcap_open_live: %s", pcap_strerror(errno)); return (0); } bzero((char *)p, sizeof(*p)); p->fd = pfopen(device, O_RDONLY); if (p->fd < 0) { sprintf(ebuf, "pf open: %s: %s\n\ your system may not be properly configured; see \"man packetfilter(4)\"\n", device, pcap_strerror(errno)); goto bad; } p->md.OrigMissed = -1; enmode = ENTSTAMP|ENBATCH|ENNONEXCL; if (promisc) enmode |= ENPROMISC; if (ioctl(p->fd, EIOCMBIS, (caddr_t)&enmode) < 0) { sprintf(ebuf, "EIOCMBIS: %s", pcap_strerror(errno)); goto bad; } #ifdef ENCOPYALL /* Try to set COPYALL mode so that we see packets to ourself */ enmode = ENCOPYALL; (void)ioctl(p->fd, EIOCMBIS, (caddr_t)&enmode);/* OK if this fails */ #endif /* set the backlog */ if (ioctl(p->fd, EIOCSETW, (caddr_t)&backlog) < 0) { sprintf(ebuf, "EIOCSETW: %s", pcap_strerror(errno)); goto bad; } /* discover interface type */ if (ioctl(p->fd, EIOCDEVP, (caddr_t)&devparams) < 0) { sprintf(ebuf, "EIOCDEVP: %s", pcap_strerror(errno)); goto bad; } /* HACK: to compile prior to Ultrix 4.2 */ #ifndef ENDT_FDDI #define ENDT_FDDI 4 #endif switch (devparams.end_dev_type) { case ENDT_10MB: p->linktype = DLT_EN10MB; p->offset = 2; break; case ENDT_FDDI: p->linktype = DLT_FDDI; break; default: /* * XXX * Currently, the Ultrix packet filter supports only * Ethernet and FDDI. Eventually, support for SLIP and PPP * (and possibly others: T1?) should be added. */ #ifdef notdef warning( "Packet filter data-link type %d unknown, assuming Ethernet", devparams.end_dev_type); #endif p->linktype = DLT_EN10MB; p->offset = 2; break; } /* set truncation */ #ifdef PCAP_FDDIPAD if (p->linktype == DLT_FDDI) /* packetfilter includes the padding in the snapshot */ snaplen += pcap_fddipad; #endif if (ioctl(p->fd, EIOCTRUNCATE, (caddr_t)&snaplen) < 0) { sprintf(ebuf, "EIOCTRUNCATE: %s", pcap_strerror(errno)); goto bad; } p->snapshot = snaplen; /* accept all packets */ bzero((char *)&Filter, sizeof(Filter)); Filter.enf_Priority = 37; /* anything > 2 */ Filter.enf_FilterLen = 0; /* means "always true" */ if (ioctl(p->fd, EIOCSETF, (caddr_t)&Filter) < 0) { sprintf(ebuf, "EIOCSETF: %s", pcap_strerror(errno)); goto bad; } if (to_ms != 0) { struct timeval timeout; timeout.tv_sec = to_ms / 1000; timeout.tv_usec = (to_ms * 1000) % 1000000; if (ioctl(p->fd, EIOCSRTIMEOUT, (caddr_t)&timeout) < 0) { sprintf(ebuf, "EIOCSRTIMEOUT: %s", pcap_strerror(errno)); goto bad; } } p->bufsize = BUFSPACE; p->buffer = (u_char*)malloc(p->bufsize + p->offset); return (p); bad: free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { /* * See if BIOCSETF works. If it does, the kernel supports * BPF-style filters, and we do not need to do post-filtering. */ p->md.use_bpf = (ioctl(p->fd, BIOCSETF, (caddr_t)fp) >= 0); if (p->md.use_bpf) { struct bpf_version bv; if (ioctl(p->fd, BIOCVERSION, (caddr_t)&bv) < 0) { sprintf(p->errbuf, "BIOCVERSION: %s", pcap_strerror(errno)); return (-1); } else if (bv.bv_major != BPF_MAJOR_VERSION || bv.bv_minor < BPF_MINOR_VERSION) { fprintf(stderr, "requires bpf language %d.%d or higher; kernel is %d.%d", BPF_MAJOR_VERSION, BPF_MINOR_VERSION, bv.bv_major, bv.bv_minor); /* don't give up, just be inefficient */ p->md.use_bpf = 0; } } else p->fcode = *fp; /*XXX this goes in tcpdump*/ if (p->md.use_bpf) fprintf(stderr, "tcpdump: Using kernel BPF filter\n"); else fprintf(stderr, "tcpdump: Filtering in user process\n"); return (0); } sniffit.0.3.7.beta/libpcap/pcap-pf.h100444 1750 1750 1655 6553423606 15720 0ustar codercoder/* * Copyright (c) 1990, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms are permitted * provided that the above copyright notice and this paragraph are * duplicated in all such forms and that any documentation, * advertising materials, and other materials related to such * distribution and use acknowledge that the software was developed * by the University of California, Lawrence Berkeley Laboratory, * Berkeley, CA. The name of the University may not be used to * endorse or promote products derived from this software without * specific prior written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * @(#) $Header: pcap-pf.h,v 1.2 94/06/14 20:06:33 leres Exp $ (LBL) */ sniffit.0.3.7.beta/libpcap/pcap-snit.c100444 1750 1750 16115 6553423606 16300 0ustar codercoder/* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * Modifications made to accommodate the new SunOS4.0 NIT facility by * Micky Liu, micky@cunixc.cc.columbia.edu, Columbia University in May, 1989. * This module now handles the STREAMS based NIT. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-snit.c,v 1.45 96/12/10 23:15:01 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_MALLOC_H #include #endif #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif /* * The chunk size for NIT. This is the amount of buffering * done for read calls. */ #define CHUNKSIZE (2*1024) /* * The total buffer space used by NIT. */ #define BUFSPACE (4*CHUNKSIZE) /* Forwards */ static int nit_setflags(int, int, int, char *); int pcap_stats(pcap_t *p, struct pcap_stat *ps) { *ps = p->md.stat; return (0); } int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { register int cc, n; register struct bpf_insn *fcode = p->fcode.bf_insns; register u_char *bp, *cp, *ep; register struct nit_bufhdr *hdrp; register struct nit_iftime *ntp; register struct nit_iflen *nlp; register struct nit_ifdrops *ndp; register int caplen; cc = p->cc; if (cc == 0) { cc = read(p->fd, (char *)p->buffer, p->bufsize); if (cc < 0) { if (errno == EWOULDBLOCK) return (0); sprintf(p->errbuf, "pcap_read: %s", pcap_strerror(errno)); return (-1); } bp = p->buffer; } else bp = p->bp; /* * loop through each snapshot in the chunk */ n = 0; ep = bp + cc; while (bp < ep) { ++p->md.stat.ps_recv; cp = bp; /* get past NIT buffer */ hdrp = (struct nit_bufhdr *)cp; cp += sizeof(*hdrp); /* get past NIT timer */ ntp = (struct nit_iftime *)cp; cp += sizeof(*ntp); ndp = (struct nit_ifdrops *)cp; p->md.stat.ps_drop = ndp->nh_drops; cp += sizeof *ndp; /* get past packet len */ nlp = (struct nit_iflen *)cp; cp += sizeof(*nlp); /* next snapshot */ bp += hdrp->nhb_totlen; caplen = nlp->nh_pktlen; if (caplen > p->snapshot) caplen = p->snapshot; if (bpf_filter(fcode, cp, nlp->nh_pktlen, caplen)) { struct pcap_pkthdr h; h.ts = ntp->nh_timestamp; h.len = nlp->nh_pktlen; h.caplen = caplen; (*callback)(user, &h, cp); if (++n >= cnt && cnt >= 0) { p->cc = ep - bp; p->bp = bp; return (n); } } } p->cc = 0; return (n); } static int nit_setflags(int fd, int promisc, int to_ms, char *ebuf) { bpf_u_int32 flags; struct strioctl si; struct timeval timeout; si.ic_timout = INFTIM; if (to_ms != 0) { timeout.tv_sec = to_ms / 1000; timeout.tv_usec = (to_ms * 1000) % 1000000; si.ic_cmd = NIOCSTIME; si.ic_len = sizeof(timeout); si.ic_dp = (char *)&timeout; if (ioctl(fd, I_STR, (char *)&si) < 0) { sprintf(ebuf, "NIOCSTIME: %s", pcap_strerror(errno)); return (-1); } } flags = NI_TIMESTAMP | NI_LEN | NI_DROPS; if (promisc) flags |= NI_PROMISC; si.ic_cmd = NIOCSFLAGS; si.ic_len = sizeof(flags); si.ic_dp = (char *)&flags; if (ioctl(fd, I_STR, (char *)&si) < 0) { sprintf(ebuf, "NIOCSFLAGS: %s", pcap_strerror(errno)); return (-1); } return (0); } pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { struct strioctl si; /* struct for ioctl() */ struct ifreq ifr; /* interface request struct */ int chunksize = CHUNKSIZE; int fd; static char dev[] = "/dev/nit"; register pcap_t *p; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { strcpy(ebuf, pcap_strerror(errno)); return (NULL); } if (snaplen < 96) /* * NIT requires a snapshot length of at least 96. */ snaplen = 96; bzero(p, sizeof(*p)); p->fd = fd = open(dev, O_RDONLY); if (fd < 0) { sprintf(ebuf, "%s: %s", dev, pcap_strerror(errno)); goto bad; } /* arrange to get discrete messages from the STREAM and use NIT_BUF */ if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) { sprintf(ebuf, "I_SRDOPT: %s", pcap_strerror(errno)); goto bad; } if (ioctl(fd, I_PUSH, "nbuf") < 0) { sprintf(ebuf, "push nbuf: %s", pcap_strerror(errno)); goto bad; } /* set the chunksize */ si.ic_cmd = NIOCSCHUNK; si.ic_timout = INFTIM; si.ic_len = sizeof(chunksize); si.ic_dp = (char *)&chunksize; if (ioctl(fd, I_STR, (char *)&si) < 0) { sprintf(ebuf, "NIOCSCHUNK: %s", pcap_strerror(errno)); goto bad; } /* request the interface */ strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' '; si.ic_cmd = NIOCBIND; si.ic_len = sizeof(ifr); si.ic_dp = (char *)𝔦 if (ioctl(fd, I_STR, (char *)&si) < 0) { sprintf(ebuf, "NIOCBIND: %s: %s", ifr.ifr_name, pcap_strerror(errno)); goto bad; } /* set the snapshot length */ si.ic_cmd = NIOCSSNAP; si.ic_len = sizeof(snaplen); si.ic_dp = (char *)&snaplen; if (ioctl(fd, I_STR, (char *)&si) < 0) { sprintf(ebuf, "NIOCSSNAP: %s", pcap_strerror(errno)); goto bad; } p->snapshot = snaplen; if (nit_setflags(p->fd, promisc, to_ms, ebuf) < 0) goto bad; (void)ioctl(fd, I_FLUSH, (char *)FLUSHR); /* * NIT supports only ethernets. */ p->linktype = DLT_EN10MB; p->bufsize = BUFSPACE; p->buffer = (u_char *)malloc(p->bufsize); if (p->buffer == NULL) { strcpy(ebuf, pcap_strerror(errno)); goto bad; } return (p); bad: if (fd >= 0) close(fd); free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { p->fcode = *fp; return (0); } sniffit.0.3.7.beta/libpcap/pcap-snoop.c100444 1750 1750 13553 6553423606 16464 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap-snoop.c,v 1.20 97/04/08 21:06:17 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { int cc; register struct snoopheader *sh; register int datalen; register int caplen; register u_char *cp; again: cc = read(p->fd, (char *)p->buffer, p->bufsize); if (cc < 0) { /* Don't choke when we get ptraced */ switch (errno) { case EINTR: goto again; case EWOULDBLOCK: return (0); /* XXX */ } sprintf(p->errbuf, "read: %s", pcap_strerror(errno)); return (-1); } sh = (struct snoopheader *)p->buffer; datalen = sh->snoop_packetlen; caplen = (datalen < p->snapshot) ? datalen : p->snapshot; cp = (u_char *)(sh + 1) + p->offset; /* XXX */ if (p->fcode.bf_insns == NULL || bpf_filter(p->fcode.bf_insns, cp, datalen, caplen)) { struct pcap_pkthdr h; ++p->md.stat.ps_recv; h.ts = sh->snoop_timestamp; h.len = datalen; h.caplen = caplen; (*callback)(user, &h, cp); return (1); } return (0); } int pcap_stats(pcap_t *p, struct pcap_stat *ps) { register struct rawstats *rs; struct rawstats rawstats; rs = &rawstats; bzero((char *)rs, sizeof(*rs)); if (ioctl(p->fd, SIOCRAWSTATS, (char *)rs) < 0) { sprintf(p->errbuf, "SIOCRAWSTATS: %s", pcap_strerror(errno)); return (-1); } p->md.stat.ps_drop = rs->rs_snoop.ss_ifdrops + rs->rs_snoop.ss_sbdrops + rs->rs_drain.ds_ifdrops + rs->rs_drain.ds_sbdrops; *ps = p->md.stat; return (0); } /* XXX can't disable promiscuous */ pcap_t * pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) { int fd; struct sockaddr_raw sr; struct snoopfilter sf; u_int v; pcap_t *p; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); return (NULL); } bzero((char *)p, sizeof(*p)); fd = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP); if (fd < 0) { sprintf(ebuf, "snoop socket: %s", pcap_strerror(errno)); goto bad; } p->fd = fd; bzero((char *)&sr, sizeof(sr)); sr.sr_family = AF_RAW; (void)strncpy(sr.sr_ifname, device, sizeof(sr.sr_ifname)); if (bind(fd, (struct sockaddr *)&sr, sizeof(sr))) { sprintf(ebuf, "snoop bind: %s", pcap_strerror(errno)); goto bad; } bzero((char *)&sf, sizeof(sf)); if (ioctl(fd, SIOCADDSNOOP, &sf) < 0) { sprintf(ebuf, "SIOCADDSNOOP: %s", pcap_strerror(errno)); goto bad; } v = 64 * 1024; (void)setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (char *)&v, sizeof(v)); if (ioctl(fd, SIOCSNOOPLEN, &snaplen) < 0) { sprintf(ebuf, "SIOCSNOOPLEN: %s", pcap_strerror(errno)); goto bad; } p->snapshot = snaplen; v = 1; if (ioctl(fd, SIOCSNOOPING, &v) < 0) { sprintf(ebuf, "SIOCSNOOPING: %s", pcap_strerror(errno)); goto bad; } /* * XXX hack - map device name to link layer type */ if (strncmp("et", device, 2) == 0 || /* Challenge 10 Mbit */ strncmp("ec", device, 2) == 0 || /* Indigo/Indy 10 Mbit, O2 10/100 */ strncmp("ef", device, 2) == 0 || /* O200/2000 10/100 Mbit */ strncmp("gfe", device, 3) == 0 || /* GIO 100 Mbit */ strncmp("fxp", device, 3) == 0 || /* Challenge VME Enet */ strncmp("ep", device, 2) == 0 || /* Challenge 8x10 Mbit EPLEX */ strncmp("vfe", device, 3) == 0 || /* Challenge VME 100Mbit */ strncmp("fa", device, 2) == 0 || strncmp("qaa", device, 3) == 0) { p->linktype = DLT_EN10MB; p->offset = RAW_HDRPAD(sizeof(struct ether_header)); } else if (strncmp("ipg", device, 3) == 0 || strncmp("rns", device, 3) == 0 || /* O2/200/2000 FDDI */ strncmp("xpi", device, 3) == 0) { p->linktype = DLT_FDDI; p->offset = 3; /* XXX yeah? */ } else if (strncmp("ppp", device, 3) == 0) { p->linktype = DLT_RAW; } else if (strncmp("lo", device, 2) == 0) { p->linktype = DLT_NULL; } else { sprintf(ebuf, "snoop: unknown physical layer type"); goto bad; } p->bufsize = 4096; /* XXX */ p->buffer = (u_char *)malloc(p->bufsize); if (p->buffer == NULL) { sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); goto bad; } return (p); bad: (void)close(fd); free(p); return (NULL); } int pcap_setfilter(pcap_t *p, struct bpf_program *fp) { p->fcode = *fp; return (0); } sniffit.0.3.7.beta/libpcap/pcap.3100444 1750 1750 20516 6553423606 15245 0ustar codercoder.\" Copyright (c) 1994, 1996, 1997 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that: (1) source code distributions .\" retain the above copyright notice and this paragraph in its entirety, (2) .\" distributions including binary code include the above copyright notice and .\" this paragraph in its entirety in the documentation or other materials .\" provided with the distribution, and (3) all advertising materials mentioning .\" features or use of this software display the following acknowledgement: .\" ``This product includes software developed by the University of California, .\" Lawrence Berkeley Laboratory and its contributors.'' Neither the name of .\" the University nor the names of its contributors may be used to endorse .\" or promote products derived from this software without specific prior .\" written permission. .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" .TH PCAP 3 "18 October 1997" .SH NAME pcap \- Packet Capture library .SH SYNOPSIS .nf .ft B #include .ft .LP .ft B pcap_t *pcap_open_live(char *device, int snaplen, .ti +8 int promisc, int to_ms, char *ebuf) pcap_t *pcap_open_offline(char *fname, char *ebuf) pcap_dumper_t *pcap_dump_open(pcap_t *p, char *fname) .ft .LP .ft B char errbuf[PCAP_ERRBUF_SIZE]; char *pcap_lookupdev(char *errbuf) int pcap_lookupnet(char *device, bpf_u_int32 *netp, .ti +8 bpf_u_int32 *maskp, char *errbuf) .ft .LP .ft B int pcap_dispatch(pcap_t *p, int cnt, .ti +8 pcap_handler callback, u_char *user) int pcap_loop(pcap_t *p, int cnt, .ti +8 pcap_handler callback, u_char *user) void pcap_dump(u_char *user, struct pcap_pkthdr *h, .ti +8 u_char *sp) .ft .LP .ft B int pcap_compile(pcap_t *p, struct bpf_program *fp, .ti +8 char *str, int optimize, bpf_u_int32 netmask) int pcap_setfilter(pcap_t *p, struct bpf_program *fp) .ft .LP .ft B u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h) .ft .LP .ft B int pcap_datalink(pcap_t *p) int pcap_snapshot(pcap_t *p) int pcap_is_swapped(pcap_t *p) int pcap_major_version(pcap_t *p) int pcap_minor_version(pcap_t *p) int pcap_stats(pcap_t *p, struct pcap_stat *ps) FILE *pcap_file(pcap_t *p) int pcap_fileno(pcap_t *p) void pcap_perror(pcap_t *p, char *prefix) char *pcap_geterr(pcap_t *p) char *pcap_strerror(int error) .ft .LP .ft B void pcap_close(pcap_t *p) void pcap_dump_close(pcap_dumper_t *p) .ft .fi .SH DESCRIPTION The Packet Capture library provides a high level interface to packet capture systems. All packets on the network, even those destined for other hosts, are accessible through this mechanism. .PP .SH ROUTINES .B pcap_open_live() is used to obtain a packet capture descriptor to look at packets on the network. .I device is a string that specifies the network device to open. .I snaplen specifies the maximum number of bytes to capture. .I promisc specifies if the interface is to be put into promiscuous mode. (Note that even if this parameter is false, the interface could well be in promiscuous mode for some other reason.) .I to_ms specifies the read timeout in milliseconds. .I ebuf is used to return error text and is only set when .B pcap_open_live() fails and returns .BR NULL . .PP .B pcap_open_offline() is called to open a ``savefile'' for reading. .I fname specifies the name of the file to open. The file has the same format as those used by .B tcpdump(1) and .BR tcpslice(1) . The name "-" in a synonym for .BR stdin . .I ebuf is used to return error text and is only set when .B pcap_open_offline() fails and returns .BR NULL . .PP .B pcap_dump_open() is called to open a ``savefile'' for writing. The name "-" in a synonym for .BR stdout . .B NULL is returned on failure. .I p is a .I pcap struct as returned by .B pcap_open_offline() or .BR pcap_open_live() . .I fname specifies the name of the file to open. If .B NULL is returned, .B pcap_geterr() can be used to get the error text. .PP .B pcap_lookupdev() returns a pointer to a network device suitable for use with .B pcap_open_live() and .BR pcap_lookupnet() . If there is an error, .B NULL is returned and .I errbuf is filled in with with an appropriate error message. .PP .B pcap_lookupnet() is used to determine the network number and mask associated with the network device .BR device . Both .I netp and .I maskp are .I bpf_u_int32 pointers. A return of -1 indicates an error in which case .I errbuf is filled in with with an appropriate error message. .PP .B pcap_dispatch() is used to collect and process packets. .I cnt specifies the maximum number of packets to process before returning. A .I cnt of -1 processes all the packets received in one buffer. A .I cnt of 0 processes all packets until an error occurs, .B EOF is reached, or the read times out (when doing live reads and a non-zero read timeout is specified). .I callback specifies a routine to be called with three arguments: a .I u_char pointer which is passed in from .BR pcap_dispatch() , a pointer to the .I pcap_pkthdr struct (which precede the actual network headers and data), and a .I u_char pointer to the packet data. The number of packets read is returned. Zero is returned when .B EOF is reached in a ``savefile.'' A return of -1 indicates an error in which case .B pcap_perror() or .BR pcap_geterr() may be used to display the error text. .PP .B pcap_dump() outputs a packet to the ``savefile'' opened with .BR pcap_dump_open() . Note that its calling arguments are suitable for use with .BR pcap_dispatch() . .PP .B pcap_compile() is used to compile the string .I str into a filter program. .I program is a pointer to a .I bpf_program struct and is filled in by .BR pcap_compile() . .I optimize controls whether optimization on the resulting code is performed. .I netmask specifies the netmask of the local net. .PP .B pcap_setfilter() is used to specify a filter program. .I fp is a pointer to an array of .I bpf_program struct, usually the result of a call to .BR pcap_compile() . .B \-1 is returned on failure; .B 0 is returned on success. .PP .B pcap_loop() is similar to .B pcap_dispatch() except it keeps reading packets until .I cnt packets are processed or an error occurs. It does .B not return when live read timeouts occur. Rather, specifying a non-zero read timeout to .B pcap_open_live() and then calling .B pcap_dispatch() allows the reception and processing of any packets that arrive when the timeout occurs. A negative .I cnt causes .B pcap_loop() to loop forever (or at least until an error occurs). .PP .B pcap_next() returns a .I u_char pointer to the next packet. .PP .B pcap_datalink() returns the link layer type, e.g. .BR DLT_EN10MB . .PP .B pcap_snapshot() returns the snapshot length specified when .B pcap_open_live was called. .PP .B pcap_is_swapped() returns true if the current ``savefile'' uses a different byte order than the current system. .PP .B pcap_major_version() returns the major number of the version of the pcap used to write the savefile. .PP .B pcap_minor_version() returns the major number of the version of the pcap used to write the savefile. .PP .B pcap_file() returns the name of the ``savefile.'' .PP .B int pcap_stats() returns 0 and fills in a .B pcap_stat struct. The values represent packet statistics from the start of the run to the time of the call. If there is an error or the under lying packet capture doesn't support packet statistics, -1 is returned and the error text can be obtained with .B pcap_perror() or .BR pcap_geterr() . .PP .B pcap_fileno() returns the file descriptor number of the ``savefile.'' .PP .B pcap_perror() prints the text of the last pcap library error on .BR stderr , prefixed by .IR prefix . .PP .B pcap_geterr() returns the error text pertaining to the last pcap library error. .PP .B pcap_strerror() is provided in case .BR strerror (1) isn't available. .PP .B pcap_close() closes the files associated with .I p and deallocates resources. .PP .B pcap_dump_close() closes the ``savefile.'' .PP .SH SEE ALSO tcpdump(1), tcpslice(1) .SH AUTHORS Van Jacobson, Craig Leres and Steven McCanne, all of the Lawrence Berkeley National Laboratory, University of California, Berkeley, CA. .LP The current version is available via anonymous ftp: .LP .RS .I ftp://ftp.ee.lbl.gov/libpcap.tar.Z .RE .SH BUGS Please send bug reports to libpcap@ee.lbl.gov. sniffit.0.3.7.beta/libpcap/pcap.c100444 1750 1750 10641 6553423606 15323 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: pcap.c,v 1.28 97/10/22 20:37:54 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #include "pcap-int.h" int pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { if (p->sf.rfile != NULL) return (pcap_offline_read(p, cnt, callback, user)); return (pcap_read(p, cnt, callback, user)); } int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { register int n; for (;;) { if (p->sf.rfile != NULL) n = pcap_offline_read(p, cnt, callback, user); else { /* * XXX keep reading until we get something * (or an error occurs) */ do { n = pcap_read(p, cnt, callback, user); } while (n == 0); } if (n <= 0) return (n); if (cnt > 0) { cnt -= n; if (cnt <= 0) return (0); } } } struct singleton { struct pcap_pkthdr *hdr; const u_char *pkt; }; static void pcap_oneshot(u_char *userData, const struct pcap_pkthdr *h, const u_char *pkt) { struct singleton *sp = (struct singleton *)userData; *sp->hdr = *h; sp->pkt = pkt; } const u_char * pcap_next(pcap_t *p, struct pcap_pkthdr *h) { struct singleton s; s.hdr = h; if (pcap_dispatch(p, 1, pcap_oneshot, (u_char*)&s) <= 0) return (0); return (s.pkt); } int pcap_datalink(pcap_t *p) { return (p->linktype); } int pcap_snapshot(pcap_t *p) { return (p->snapshot); } int pcap_is_swapped(pcap_t *p) { return (p->sf.swapped); } int pcap_major_version(pcap_t *p) { return (p->sf.version_major); } int pcap_minor_version(pcap_t *p) { return (p->sf.version_minor); } FILE * pcap_file(pcap_t *p) { return (p->sf.rfile); } int pcap_fileno(pcap_t *p) { return (p->fd); } void pcap_perror(pcap_t *p, char *prefix) { fprintf(stderr, "%s: %s\n", prefix, p->errbuf); } char * pcap_geterr(pcap_t *p) { return (p->errbuf); } /* * Not all systems have strerror(). */ char * pcap_strerror(int errnum) { #ifdef HAVE_STRERROR return (strerror(errnum)); #else extern int sys_nerr; extern const char *const sys_errlist[]; static char ebuf[20]; if ((unsigned int)errnum < sys_nerr) return ((char *)sys_errlist[errnum]); (void)sprintf(ebuf, "Unknown error: %d", errnum); return(ebuf); #endif } void pcap_close(pcap_t *p) { /*XXX*/ if (p->fd >= 0) close(p->fd); if (p->sf.rfile != NULL) { (void)fclose(p->sf.rfile); if (p->sf.base != NULL) free(p->sf.base); } else if (p->buffer != NULL) free(p->buffer); #ifdef linux if (p->md.device != NULL) free(p->md.device); #endif free(p); } sniffit.0.3.7.beta/libpcap/pcap.h100444 1750 1750 11460 6553423606 15330 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the Computer Systems * Engineering Group at Lawrence Berkeley Laboratory. * 4. Neither the name of the University nor of the Laboratory may be used * to endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#) $Header: pcap.h,v 1.21 97/10/15 21:59:13 leres Exp $ (LBL) */ #ifndef lib_pcap_h #define lib_pcap_h #include #include #include #include #define PCAP_VERSION_MAJOR 2 #define PCAP_VERSION_MINOR 4 #define PCAP_ERRBUF_SIZE 256 /* * Compatibility for systems that have a bpf.h that * predates the bpf typedefs for 64-bit support. */ #if BPF_RELEASE - 0 < 199406 typedef int bpf_int32; typedef u_int bpf_u_int32; #endif typedef struct pcap pcap_t; typedef struct pcap_dumper pcap_dumper_t; /* * The first record in the file contains saved values for some * of the flags used in the printout phases of tcpdump. * Many fields here are 32 bit ints so compilers won't insert unwanted * padding; these files need to be interchangeable across architectures. */ struct pcap_file_header { bpf_u_int32 magic; u_short version_major; u_short version_minor; bpf_int32 thiszone; /* gmt to local correction */ bpf_u_int32 sigfigs; /* accuracy of timestamps */ bpf_u_int32 snaplen; /* max length saved portion of each pkt */ bpf_u_int32 linktype; /* data link type (DLT_*) */ }; /* * Each packet in the dump file is prepended with this generic header. * This gets around the problem of different headers for different * packet interfaces. */ struct pcap_pkthdr { struct timeval ts; /* time stamp */ bpf_u_int32 caplen; /* length of portion present */ bpf_u_int32 len; /* length this packet (off wire) */ }; /* * As returned by the pcap_stats() */ struct pcap_stat { u_int ps_recv; /* number of packets received */ u_int ps_drop; /* number of packets dropped */ u_int ps_ifdrop; /* drops by interface XXX not yet supported */ }; typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *, const u_char *); char *pcap_lookupdev(char *); int pcap_lookupnet(char *, bpf_u_int32 *, bpf_u_int32 *, char *); pcap_t *pcap_open_live(char *, int, int, int, char *); pcap_t *pcap_open_offline(const char *, char *); void pcap_close(pcap_t *); int pcap_loop(pcap_t *, int, pcap_handler, u_char *); int pcap_dispatch(pcap_t *, int, pcap_handler, u_char *); const u_char* pcap_next(pcap_t *, struct pcap_pkthdr *); int pcap_stats(pcap_t *, struct pcap_stat *); int pcap_setfilter(pcap_t *, struct bpf_program *); void pcap_perror(pcap_t *, char *); char *pcap_strerror(int); char *pcap_geterr(pcap_t *); int pcap_compile(pcap_t *, struct bpf_program *, char *, int, bpf_u_int32); /* XXX */ int pcap_freecode(pcap_t *, struct bpf_program *); int pcap_datalink(pcap_t *); int pcap_snapshot(pcap_t *); int pcap_is_swapped(pcap_t *); int pcap_major_version(pcap_t *); int pcap_minor_version(pcap_t *); /* XXX */ FILE *pcap_file(pcap_t *); int pcap_fileno(pcap_t *); pcap_dumper_t *pcap_dump_open(pcap_t *, const char *); void pcap_dump_close(pcap_dumper_t *); void pcap_dump(u_char *, const struct pcap_pkthdr *, const u_char *); /* XXX this guy lives in the bpf tree */ u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); char *bpf_image(struct bpf_insn *, int); #endif sniffit.0.3.7.beta/libpcap/ppp.h100644 1750 1750 4505 6553423606 15170 0ustar codercoder/* @(#) $Header: ppp.h,v 1.7 95/05/04 17:52:46 mccanne Exp $ (LBL) */ /* * Point to Point Protocol (PPP) RFC1331 * * Copyright 1989 by Carnegie Mellon. * * Permission to use, copy, modify, and distribute this program for any * purpose and without fee is hereby granted, provided that this copyright * and permission notice appear on all copies and supporting documentation, * the name of Carnegie Mellon not be used in advertising or publicity * pertaining to distribution of the program without specific prior * permission, and notice be given in supporting documentation that copying * and distribution is by permission of Carnegie Mellon and Stanford * University. Carnegie Mellon makes no representations about the * suitability of this software for any purpose. It is provided "as is" * without express or implied warranty. */ #define PPP_ADDRESS 0xff /* The address byte value */ #define PPP_CONTROL 0x03 /* The control byte value */ /* Protocol numbers */ #define PPP_IP 0x0021 /* Raw IP */ #define PPP_OSI 0x0023 /* OSI Network Layer */ #define PPP_NS 0x0025 /* Xerox NS IDP */ #define PPP_DECNET 0x0027 /* DECnet Phase IV */ #define PPP_APPLE 0x0029 /* Appletalk */ #define PPP_IPX 0x002b /* Novell IPX */ #define PPP_VJC 0x002d /* Van Jacobson Compressed TCP/IP */ #define PPP_VJNC 0x002f /* Van Jacobson Uncompressed TCP/IP */ #define PPP_BRPDU 0x0031 /* Bridging PDU */ #define PPP_STII 0x0033 /* Stream Protocol (ST-II) */ #define PPP_VINES 0x0035 /* Banyan Vines */ #define PPP_HELLO 0x0201 /* 802.1d Hello Packets */ #define PPP_LUXCOM 0x0231 /* Luxcom */ #define PPP_SNS 0x0233 /* Sigma Network Systems */ #define PPP_IPCP 0x8021 /* IP Control Protocol */ #define PPP_OSICP 0x8023 /* OSI Network Layer Control Protocol */ #define PPP_NSCP 0x8025 /* Xerox NS IDP Control Protocol */ #define PPP_DECNETCP 0x8027 /* DECnet Control Protocol */ #define PPP_APPLECP 0x8029 /* Appletalk Control Protocol */ #define PPP_IPXCP 0x802b /* Novell IPX Control Protocol */ #define PPP_STIICP 0x8033 /* Strean Protocol Control Protocol */ #define PPP_VINESCP 0x8035 /* Banyan Vines Control Protocol */ #define PPP_LCP 0xc021 /* Link Control Protocol */ #define PPP_PAP 0xc023 /* Password Authentication Protocol */ #define PPP_LQM 0xc025 /* Link Quality Monitoring */ #define PPP_CHAP 0xc223 /* Challenge Handshake Authentication Protocol */ sniffit.0.3.7.beta/libpcap/savefile.c100444 1750 1750 22135 6553423606 16177 0ustar codercoder/* * Copyright (c) 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * * savefile.c - supports offline use of tcpdump * Extraction/creation by Jeffrey Mogul, DECWRL * Modified by Steve McCanne, LBL. * * Used to save the received packet headers, after filtering, to * a file, and then read them later. * The first record in the file contains saved values for the machine * dependent values so we can print the dump file on any architecture. */ #ifndef lint static const char rcsid[] = "@(#) $Header: savefile.c,v 1.37 97/10/15 21:58:58 leres Exp $ (LBL)"; #endif #include #include #include #include #include #include #include #include "pcap-int.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif #define TCPDUMP_MAGIC 0xa1b2c3d4 /* * We use the "receiver-makes-right" approach to byte order, * because time is at a premium when we are writing the file. * In other words, the pcap_file_header and pcap_pkthdr, * records are written in host byte order. * Note that the packets are always written in network byte order. * * ntoh[ls] aren't sufficient because we might need to swap on a big-endian * machine (if the file was written in little-end order). */ #define SWAPLONG(y) \ ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) #define SWAPSHORT(y) \ ( (((y)&0xff)<<8) | ((u_short)((y)&0xff00)>>8) ) #define SFERR_TRUNC 1 #define SFERR_BADVERSION 2 #define SFERR_BADF 3 #define SFERR_EOF 4 /* not really an error, just a status */ static int sf_write_header(FILE *fp, int linktype, int thiszone, int snaplen) { struct pcap_file_header hdr; hdr.magic = TCPDUMP_MAGIC; hdr.version_major = PCAP_VERSION_MAJOR; hdr.version_minor = PCAP_VERSION_MINOR; hdr.thiszone = thiszone; hdr.snaplen = snaplen; hdr.sigfigs = 0; hdr.linktype = linktype; if (fwrite((char *)&hdr, sizeof(hdr), 1, fp) != 1) return (-1); return (0); } static void swap_hdr(struct pcap_file_header *hp) { hp->version_major = SWAPSHORT(hp->version_major); hp->version_minor = SWAPSHORT(hp->version_minor); hp->thiszone = SWAPLONG(hp->thiszone); hp->sigfigs = SWAPLONG(hp->sigfigs); hp->snaplen = SWAPLONG(hp->snaplen); hp->linktype = SWAPLONG(hp->linktype); } pcap_t * pcap_open_offline(const char *fname, char *errbuf) { register pcap_t *p; register FILE *fp; struct pcap_file_header hdr; int linklen; p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { strcpy(errbuf, "out of swap"); return (NULL); } memset((char *)p, 0, sizeof(*p)); /* * Set this field so we don't close stdin in pcap_close! */ p->fd = -1; if (fname[0] == '-' && fname[1] == '\0') fp = stdin; else { fp = fopen(fname, "r"); if (fp == NULL) { sprintf(errbuf, "%s: %s", fname, pcap_strerror(errno)); goto bad; } } if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) { sprintf(errbuf, "fread: %s", pcap_strerror(errno)); goto bad; } if (hdr.magic != TCPDUMP_MAGIC) { if (SWAPLONG(hdr.magic) != TCPDUMP_MAGIC) { sprintf(errbuf, "bad dump file format"); goto bad; } p->sf.swapped = 1; swap_hdr(&hdr); } if (hdr.version_major < PCAP_VERSION_MAJOR) { sprintf(errbuf, "archaic file format"); goto bad; } p->tzoff = hdr.thiszone; p->snapshot = hdr.snaplen; p->linktype = hdr.linktype; p->sf.rfile = fp; p->bufsize = hdr.snaplen; /* Align link header as required for proper data alignment */ /* XXX should handle all types */ switch (p->linktype) { case DLT_EN10MB: linklen = 14; break; case DLT_FDDI: linklen = 13 + 8; /* fddi_header + llc */ break; case DLT_NULL: default: linklen = 0; break; } p->sf.base = (u_char *)malloc(p->bufsize + BPF_ALIGNMENT); p->buffer = p->sf.base + BPF_ALIGNMENT - (linklen % BPF_ALIGNMENT); p->sf.version_major = hdr.version_major; p->sf.version_minor = hdr.version_minor; #ifdef PCAP_FDDIPAD /* XXX padding only needed for kernel fcode */ pcap_fddipad = 0; #endif return (p); bad: free(p); return (NULL); } /* * Read sf_readfile and return the next packet. Return the header in hdr * and the contents in buf. Return 0 on success, SFERR_EOF if there were * no more packets, and SFERR_TRUNC if a partial packet was encountered. */ static int sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen) { FILE *fp = p->sf.rfile; /* read the stamp */ if (fread((char *)hdr, sizeof(struct pcap_pkthdr), 1, fp) != 1) { /* probably an EOF, though could be a truncated packet */ return (1); } if (p->sf.swapped) { /* these were written in opposite byte order */ hdr->caplen = SWAPLONG(hdr->caplen); hdr->len = SWAPLONG(hdr->len); hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); } /* * We interchanged the caplen and len fields at version 2.3, * in order to match the bpf header layout. But unfortunately * some files were written with version 2.3 in their headers * but without the interchanged fields. */ if (p->sf.version_minor < 3 || (p->sf.version_minor == 3 && hdr->caplen > hdr->len)) { int t = hdr->caplen; hdr->caplen = hdr->len; hdr->len = t; } if (hdr->caplen > buflen) { /* * This can happen due to Solaris 2.3 systems tripping * over the BUFMOD problem and not setting the snapshot * correctly in the savefile header. If the caplen isn't * grossly wrong, try to salvage. */ static u_char *tp = NULL; static int tsize = 0; if (hdr->caplen > 65535) { sprintf(p->errbuf, "bogus savefile header"); return (-1); } if (tsize < hdr->caplen) { tsize = ((hdr->caplen + 1023) / 1024) * 1024; if (tp != NULL) free((u_char *)tp); tp = (u_char *)malloc(tsize); if (tp == NULL) { tsize = 0; sprintf(p->errbuf, "BUFMOD hack malloc"); return (-1); } } if (fread((char *)tp, hdr->caplen, 1, fp) != 1) { sprintf(p->errbuf, "truncated dump file"); return (-1); } /* * We can only keep up to buflen bytes. Since caplen > buflen * is exactly how we got here, we know we can only keep the * first buflen bytes and must drop the remainder. Adjust * caplen accordingly, so we don't get confused later as * to how many bytes we have to play with. */ hdr->caplen = buflen; memcpy((char *)buf, (char *)tp, buflen); } else { /* read the packet itself */ if (fread((char *)buf, hdr->caplen, 1, fp) != 1) { sprintf(p->errbuf, "truncated dump file"); return (-1); } } return (0); } /* * Print out packets stored in the file initialized by sf_read_init(). * If cnt > 0, return after 'cnt' packets, otherwise continue until eof. */ int pcap_offline_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) { struct bpf_insn *fcode = p->fcode.bf_insns; int status = 0; int n = 0; while (status == 0) { struct pcap_pkthdr h; status = sf_next_packet(p, &h, p->buffer, p->bufsize); if (status) { if (status == 1) return (0); return (status); } if (fcode == NULL || bpf_filter(fcode, p->buffer, h.len, h.caplen)) { (*callback)(user, &h, p->buffer); if (++n >= cnt && cnt > 0) break; } } /*XXX this breaks semantics tcpslice expects */ return (n); } /* * Output a packet to the initialized dump file. */ void pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { register FILE *f; f = (FILE *)user; /* XXX we should check the return status */ (void)fwrite((char *)h, sizeof(*h), 1, f); (void)fwrite((char *)sp, h->caplen, 1, f); } /* * Initialize so that sf_write() will output to the file named 'fname'. */ pcap_dumper_t * pcap_dump_open(pcap_t *p, const char *fname) { FILE *f; if (fname[0] == '-' && fname[1] == '\0') f = stdout; else { f = fopen(fname, "w"); if (f == NULL) { sprintf(p->errbuf, "%s: %s", fname, pcap_strerror(errno)); return (NULL); } } (void)sf_write_header(f, p->linktype, p->tzoff, p->snapshot); return ((pcap_dumper_t *)f); } void pcap_dump_close(pcap_dumper_t *p) { #ifdef notyet if (ferror((FILE *)p)) return-an-error; /* XXX should check return from fclose() too */ #endif (void)fclose((FILE *)p); } sniffit.0.3.7.beta/libpcap/scanner.l100444 1750 1750 10524 6553423606 16042 0ustar codercoder%{ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that: (1) source code distributions * retain the above copyright notice and this paragraph in its entirety, (2) * distributions including binary code include the above copyright notice and * this paragraph in its entirety in the documentation or other materials * provided with the distribution, and (3) all advertising materials mentioning * features or use of this software display the following acknowledgement: * ``This product includes software developed by the University of California, * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of * the University nor the names of its contributors may be used to endorse * or promote products derived from this software without specific prior * written permission. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #ifndef lint static const char rcsid[] = "@(#) $Header: scanner.l,v 1.56 97/07/21 13:31:50 leres Exp $ (LBL)"; #endif #include #include #include #include #include "pcap-int.h" #include "gencode.h" #include #include "tokdefs.h" #include "gnuc.h" #ifdef HAVE_OS_PROTO_H #include "os-proto.h" #endif static int stoi(char *); static inline int xdtoi(int); #ifdef FLEX_SCANNER #define YY_NO_UNPUT #undef YY_INPUT #define YY_INPUT(buf, result, max)\ {\ char *src = in_buffer;\ int i;\ \ if (*src == 0)\ result = YY_NULL;\ else {\ for (i = 0; *src && i < max; ++i)\ buf[i] = *src++;\ in_buffer += i;\ result = i;\ }\ } #else #undef getc #define getc(fp) (*in_buffer == 0 ? EOF : *in_buffer++) #endif #define yylval pcap_lval extern YYSTYPE yylval; static char *in_buffer; %} N ([0-9]+|(0X|0x)[0-9A-Fa-f]+) B ([0-9A-Fa-f][0-9A-Fa-f]?) %a 3000 %% dst return DST; src return SRC; link|ether|ppp|slip return LINK; fddi return LINK; arp return ARP; rarp return RARP; ip return IP; tcp return TCP; udp return UDP; icmp return ICMP; igmp return IGMP; igrp return IGRP; atalk return ATALK; decnet return DECNET; lat return LAT; sca return SCA; moprc return MOPRC; mopdl return MOPDL; host return HOST; net return NET; mask return MASK; port return PORT; proto return PROTO; gateway return GATEWAY; less return LESS; greater return GREATER; byte return BYTE; broadcast return TK_BROADCAST; multicast return TK_MULTICAST; and|"&&" return AND; or|"||" return OR; not return '!'; len|length return LEN; inbound return INBOUND; outbound return OUTBOUND; [ \n\t] ; [+\-*/:\[\]!<>()&|=] return yytext[0]; ">=" return GEQ; "<=" return LEQ; "!=" return NEQ; "==" return '='; "<<" return LSH; ">>" return RSH; {N} { yylval.i = stoi((char *)yytext); return NUM; } ({N}\.{N})|({N}\.{N}\.{N})|({N}\.{N}\.{N}\.{N}) { yylval.s = sdup((char *)yytext); return HID; } {B}:{B}:{B}:{B}:{B}:{B} { yylval.e = pcap_ether_aton((char *)yytext); return EID; } {B}:+({B}:+)+ { bpf_error("bogus ethernet address %s", yytext); } [A-Za-z0-9][-_.A-Za-z0-9]*[.A-Za-z0-9] { yylval.s = sdup((char *)yytext); return ID; } "\\"[^ !()\n\t]+ { yylval.s = sdup((char *)yytext + 1); return ID; } [^ \[\]\t\n\-_.A-Za-z0-9!<>()&|=]+i { bpf_error("illegal token: %s\n", yytext); } . { bpf_error("illegal char '%c'", *yytext); } %% void lex_init(buf) char *buf; { in_buffer = buf; } /* * Also define a yywrap. Note that if we're using flex, it will * define a macro to map this identifier to pcap_wrap. */ int yywrap() { return 1; } /* Hex digit to integer. */ static inline int xdtoi(c) register int c; { if (isdigit(c)) return c - '0'; else if (islower(c)) return c - 'a' + 10; else return c - 'A' + 10; } /* * Convert string to integer. Just like atoi(), but checks for * preceding 0x or 0 and uses hex or octal instead of decimal. */ static int stoi(s) char *s; { int base = 10; int n = 0; if (*s == '0') { if (s[1] == 'x' || s[1] == 'X') { s += 2; base = 16; } else { base = 8; s += 1; } } while (*s) n = n * base + xdtoi(*s++); return n; } sniffit.0.3.7.beta/libpcap/gnuc.h100444 1750 1750 1313 6553423606 15315 0ustar codercoder/* @(#) $Header: gnuc.h,v 1.3 95/10/09 02:47:01 leres Exp $ (LBL) */ /* Define __P() macro, if necessary */ #ifndef __P #if __STDC__ #define __P(protos) protos #else #define __P(protos) () #endif #endif /* inline foo */ #ifdef __GNUC__ #define inline __inline #else #define inline #endif /* * Handle new and old "dead" routine prototypes * * For example: * * __dead void foo(void) __attribute__((volatile)); * */ #ifdef __GNUC__ #ifndef __dead #define __dead volatile #endif #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) #ifndef __attribute__ #define __attribute__(args) #endif #endif #else #ifndef __dead #define __dead #endif #ifndef __attribute__ #define __attribute__(args) #endif #endif sniffit.0.3.7.beta/libpcap/bpf_filter.c100444 1750 1750 25045 6553423606 16520 0ustar codercoder/*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.c 7.5 (Berkeley) 7/15/91 */ #if !(defined(lint) || defined(KERNEL)) static const char rcsid[] = "@(#) $Header: bpf_filter.c,v 1.33 97/04/26 13:37:18 leres Exp $ (LBL)"; #endif #include #include #include #include #ifndef KERNEL #include #endif #define int32 bpf_int32 #define u_int32 bpf_u_int32 #ifndef LBL_ALIGN #if defined(sparc) || defined(mips) || defined(ibm032) || \ defined(__alpha) || defined(__hpux) #define LBL_ALIGN #endif #endif #ifndef LBL_ALIGN #include #define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p)) #define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p)) #else #define EXTRACT_SHORT(p)\ ((u_short)\ ((u_short)*((u_char *)p+0)<<8|\ (u_short)*((u_char *)p+1)<<0)) #define EXTRACT_LONG(p)\ ((u_int32)*((u_char *)p+0)<<24|\ (u_int32)*((u_char *)p+1)<<16|\ (u_int32)*((u_char *)p+2)<<8|\ (u_int32)*((u_char *)p+3)<<0) #endif #ifdef KERNEL #include #define MINDEX(len, m, k) \ { \ len = m->m_len; \ while (k >= len) { \ k -= len; \ m = m->m_next; \ if (m == 0) \ return 0; \ len = m->m_len; \ } \ } static int m_xword(m, k, err) register struct mbuf *m; register int k, *err; { register int len; register u_char *cp, *np; register struct mbuf *m0; MINDEX(len, m, k); cp = mtod(m, u_char *) + k; if (len - k >= 4) { *err = 0; return EXTRACT_LONG(cp); } m0 = m->m_next; if (m0 == 0 || m0->m_len + len - k < 4) goto bad; *err = 0; np = mtod(m0, u_char *); switch (len - k) { case 1: return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2]; case 2: return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1]; default: return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0]; } bad: *err = 1; return 0; } static int m_xhalf(m, k, err) register struct mbuf *m; register int k, *err; { register int len; register u_char *cp; register struct mbuf *m0; MINDEX(len, m, k); cp = mtod(m, u_char *) + k; if (len - k >= 2) { *err = 0; return EXTRACT_SHORT(cp); } m0 = m->m_next; if (m0 == 0) goto bad; *err = 0; return (cp[0] << 8) | mtod(m0, u_char *)[0]; bad: *err = 1; return 0; } #endif /* * Execute the filter program starting at pc on the packet p * wirelen is the length of the original packet * buflen is the amount of data present */ u_int bpf_filter(pc, p, wirelen, buflen) register struct bpf_insn *pc; register u_char *p; u_int wirelen; register u_int buflen; { register u_int32 A, X; register int k; int32 mem[BPF_MEMWORDS]; if (pc == 0) /* * No filter means accept all. */ return (u_int)-1; A = 0; X = 0; --pc; while (1) { ++pc; switch (pc->code) { default: #ifdef KERNEL return 0; #else abort(); #endif case BPF_RET|BPF_K: return (u_int)pc->k; case BPF_RET|BPF_A: return (u_int)A; case BPF_LD|BPF_W|BPF_ABS: k = pc->k; if (k + sizeof(int32) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_ABS: k = pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_ABS: k = pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LD|BPF_W|BPF_LEN: A = wirelen; continue; case BPF_LDX|BPF_W|BPF_LEN: X = wirelen; continue; case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; if (k + sizeof(int32) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_IND: k = X + pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LDX|BPF_MSH|BPF_B: k = pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); X = (mtod(m, char *)[k] & 0xf) << 2; continue; #else return 0; #endif } X = (p[pc->k] & 0xf) << 2; continue; case BPF_LD|BPF_IMM: A = pc->k; continue; case BPF_LDX|BPF_IMM: X = pc->k; continue; case BPF_LD|BPF_MEM: A = mem[pc->k]; continue; case BPF_LDX|BPF_MEM: X = mem[pc->k]; continue; case BPF_ST: mem[pc->k] = A; continue; case BPF_STX: mem[pc->k] = X; continue; case BPF_JMP|BPF_JA: pc += pc->k; continue; case BPF_JMP|BPF_JGT|BPF_K: pc += (A > pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_K: pc += (A >= pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_K: pc += (A == pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_K: pc += (A & pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGT|BPF_X: pc += (A > X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_X: pc += (A >= X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_X: pc += (A == X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_X: pc += (A & X) ? pc->jt : pc->jf; continue; case BPF_ALU|BPF_ADD|BPF_X: A += X; continue; case BPF_ALU|BPF_SUB|BPF_X: A -= X; continue; case BPF_ALU|BPF_MUL|BPF_X: A *= X; continue; case BPF_ALU|BPF_DIV|BPF_X: if (X == 0) return 0; A /= X; continue; case BPF_ALU|BPF_AND|BPF_X: A &= X; continue; case BPF_ALU|BPF_OR|BPF_X: A |= X; continue; case BPF_ALU|BPF_LSH|BPF_X: A <<= X; continue; case BPF_ALU|BPF_RSH|BPF_X: A >>= X; continue; case BPF_ALU|BPF_ADD|BPF_K: A += pc->k; continue; case BPF_ALU|BPF_SUB|BPF_K: A -= pc->k; continue; case BPF_ALU|BPF_MUL|BPF_K: A *= pc->k; continue; case BPF_ALU|BPF_DIV|BPF_K: A /= pc->k; continue; case BPF_ALU|BPF_AND|BPF_K: A &= pc->k; continue; case BPF_ALU|BPF_OR|BPF_K: A |= pc->k; continue; case BPF_ALU|BPF_LSH|BPF_K: A <<= pc->k; continue; case BPF_ALU|BPF_RSH|BPF_K: A >>= pc->k; continue; case BPF_ALU|BPF_NEG: A = -A; continue; case BPF_MISC|BPF_TAX: X = A; continue; case BPF_MISC|BPF_TXA: A = X; continue; } } } #ifdef KERNEL /* * Return true if the 'fcode' is a valid filter program. * The constraints are that each jump be forward and to a valid * code. The code must terminate with either an accept or reject. * 'valid' is an array for use by the routine (it must be at least * 'len' bytes long). * * The kernel needs to be able to verify an application's filter code. * Otherwise, a bogus program could easily crash the system. */ int bpf_validate(f, len) struct bpf_insn *f; int len; { register int i; register struct bpf_insn *p; for (i = 0; i < len; ++i) { /* * Check that that jumps are forward, and within * the code block. */ p = &f[i]; if (BPF_CLASS(p->code) == BPF_JMP) { register int from = i + 1; if (BPF_OP(p->code) == BPF_JA) { if (from + p->k >= (unsigned)len) return 0; } else if (from + p->jt >= len || from + p->jf >= len) return 0; } /* * Check that memory operations use valid addresses. */ if ((BPF_CLASS(p->code) == BPF_ST || (BPF_CLASS(p->code) == BPF_LD && (p->code & 0xe0) == BPF_MEM)) && (p->k >= BPF_MEMWORDS || p->k < 0)) return 0; /* * Check for constant division by 0. */ if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) return 0; } return BPF_CLASS(f[len - 1].code) == BPF_RET; } #endif sniffit.0.3.7.beta/libpcap/net/ 42755 1750 1750 0 6553423606 14707 5ustar codercodersniffit.0.3.7.beta/libpcap/net/bpf.h100444 1750 1750 20377 6553423606 15751 0ustar codercoder/*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.h 7.1 (Berkeley) 5/7/91 * * @(#) $Header: bpf.h,v 1.36 97/06/12 14:29:53 leres Exp $ (LBL) */ #ifndef BPF_MAJOR_VERSION /* BSD style release date */ #define BPF_RELEASE 199606 typedef int bpf_int32; typedef u_int bpf_u_int32; /* * Alignment macros. BPF_WORDALIGN rounds up to the next * even multiple of BPF_ALIGNMENT. */ #define BPF_ALIGNMENT sizeof(bpf_int32) #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) #define BPF_MAXINSNS 512 #define BPF_MAXBUFSIZE 0x8000 #define BPF_MINBUFSIZE 32 /* * Structure for BIOCSETF. */ struct bpf_program { u_int bf_len; struct bpf_insn *bf_insns; }; /* * Struct returned by BIOCGSTATS. */ struct bpf_stat { u_int bs_recv; /* number of packets received */ u_int bs_drop; /* number of packets dropped */ }; /* * Struct return by BIOCVERSION. This represents the version number of * the filter language described by the instruction encodings below. * bpf understands a program iff kernel_major == filter_major && * kernel_minor >= filter_minor, that is, if the value returned by the * running kernel has the same major number and a minor number equal * equal to or less than the filter being downloaded. Otherwise, the * results are undefined, meaning an error may be returned or packets * may be accepted haphazardly. * It has nothing to do with the source code version. */ struct bpf_version { u_short bv_major; u_short bv_minor; }; /* Current version number of filter architecture. */ #define BPF_MAJOR_VERSION 1 #define BPF_MINOR_VERSION 1 /* * BPF ioctls * * The first set is for compatibility with Sun's pcc style * header files. If your using gcc, we assume that you * have run fixincludes so the latter set should work. */ #if (defined(sun) || defined(ibm032)) && !defined(__GNUC__) #define BIOCGBLEN _IOR(B,102, u_int) #define BIOCSBLEN _IOWR(B,102, u_int) #define BIOCSETF _IOW(B,103, struct bpf_program) #define BIOCFLUSH _IO(B,104) #define BIOCPROMISC _IO(B,105) #define BIOCGDLT _IOR(B,106, u_int) #define BIOCGETIF _IOR(B,107, struct ifreq) #define BIOCSETIF _IOW(B,108, struct ifreq) #define BIOCSRTIMEOUT _IOW(B,109, struct timeval) #define BIOCGRTIMEOUT _IOR(B,110, struct timeval) #define BIOCGSTATS _IOR(B,111, struct bpf_stat) #define BIOCIMMEDIATE _IOW(B,112, u_int) #define BIOCVERSION _IOR(B,113, struct bpf_version) #define BIOCSTCPF _IOW(B,114, struct bpf_program) #define BIOCSUDPF _IOW(B,115, struct bpf_program) #else #define BIOCGBLEN _IOR('B',102, u_int) #define BIOCSBLEN _IOWR('B',102, u_int) #define BIOCSETF _IOW('B',103, struct bpf_program) #define BIOCFLUSH _IO('B',104) #define BIOCPROMISC _IO('B',105) #define BIOCGDLT _IOR('B',106, u_int) #define BIOCGETIF _IOR('B',107, struct ifreq) #define BIOCSETIF _IOW('B',108, struct ifreq) #define BIOCSRTIMEOUT _IOW('B',109, struct timeval) #define BIOCGRTIMEOUT _IOR('B',110, struct timeval) #define BIOCGSTATS _IOR('B',111, struct bpf_stat) #define BIOCIMMEDIATE _IOW('B',112, u_int) #define BIOCVERSION _IOR('B',113, struct bpf_version) #define BIOCSTCPF _IOW('B',114, struct bpf_program) #define BIOCSUDPF _IOW('B',115, struct bpf_program) #endif /* * Structure prepended to each packet. */ struct bpf_hdr { struct timeval bh_tstamp; /* time stamp */ bpf_u_int32 bh_caplen; /* length of captured portion */ bpf_u_int32 bh_datalen; /* original length of packet */ u_short bh_hdrlen; /* length of bpf header (this struct plus alignment padding) */ }; /* * Because the structure above is not a multiple of 4 bytes, some compilers * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. * Only the kernel needs to know about it; applications use bh_hdrlen. */ #ifdef KERNEL #define SIZEOF_BPF_HDR 18 #endif /* * Data-link level type codes. */ #define DLT_NULL 0 /* no link-layer encapsulation */ #define DLT_EN10MB 1 /* Ethernet (10Mb) */ #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ #define DLT_AX25 3 /* Amateur Radio AX.25 */ #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ #define DLT_CHAOS 5 /* Chaos */ #define DLT_IEEE802 6 /* IEEE 802 Networks */ #define DLT_ARCNET 7 /* ARCNET */ #define DLT_SLIP 8 /* Serial Line IP */ #define DLT_PPP 9 /* Point-to-point Protocol */ #define DLT_FDDI 10 /* FDDI */ #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ #define DLT_RAW 12 /* raw IP */ #define DLT_SLIP_BSDOS 13 /* BSD/OS Serial Line IP */ #define DLT_PPP_BSDOS 14 /* BSD/OS Point-to-point Protocol */ /* * The instruction encondings. */ /* instruction classes */ #define BPF_CLASS(code) ((code) & 0x07) #define BPF_LD 0x00 #define BPF_LDX 0x01 #define BPF_ST 0x02 #define BPF_STX 0x03 #define BPF_ALU 0x04 #define BPF_JMP 0x05 #define BPF_RET 0x06 #define BPF_MISC 0x07 /* ld/ldx fields */ #define BPF_SIZE(code) ((code) & 0x18) #define BPF_W 0x00 #define BPF_H 0x08 #define BPF_B 0x10 #define BPF_MODE(code) ((code) & 0xe0) #define BPF_IMM 0x00 #define BPF_ABS 0x20 #define BPF_IND 0x40 #define BPF_MEM 0x60 #define BPF_LEN 0x80 #define BPF_MSH 0xa0 /* alu/jmp fields */ #define BPF_OP(code) ((code) & 0xf0) #define BPF_ADD 0x00 #define BPF_SUB 0x10 #define BPF_MUL 0x20 #define BPF_DIV 0x30 #define BPF_OR 0x40 #define BPF_AND 0x50 #define BPF_LSH 0x60 #define BPF_RSH 0x70 #define BPF_NEG 0x80 #define BPF_JA 0x00 #define BPF_JEQ 0x10 #define BPF_JGT 0x20 #define BPF_JGE 0x30 #define BPF_JSET 0x40 #define BPF_SRC(code) ((code) & 0x08) #define BPF_K 0x00 #define BPF_X 0x08 /* ret - BPF_K and BPF_X also apply */ #define BPF_RVAL(code) ((code) & 0x18) #define BPF_A 0x10 /* misc */ #define BPF_MISCOP(code) ((code) & 0xf8) #define BPF_TAX 0x00 #define BPF_TXA 0x80 /* * The instruction data structure. */ struct bpf_insn { u_short code; u_char jt; u_char jf; bpf_int32 k; }; /* * Macros for insn array initializers. */ #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } #ifdef KERNEL extern u_int bpf_filter(); extern void bpfattach(); extern void bpf_tap(); extern void bpf_mtap(); #else #if __STDC__ extern u_int bpf_filter(struct bpf_insn *, u_char *, u_int, u_int); #endif #endif /* * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). */ #define BPF_MEMWORDS 16 #endif sniffit.0.3.7.beta/libpcap/net/bpf_filter.c100444 1750 1750 25045 6553423606 17306 0ustar codercoder/*- * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.c 7.5 (Berkeley) 7/15/91 */ #if !(defined(lint) || defined(KERNEL)) static const char rcsid[] = "@(#) $Header: bpf_filter.c,v 1.33 97/04/26 13:37:18 leres Exp $ (LBL)"; #endif #include #include #include #include #ifndef KERNEL #include #endif #define int32 bpf_int32 #define u_int32 bpf_u_int32 #ifndef LBL_ALIGN #if defined(sparc) || defined(mips) || defined(ibm032) || \ defined(__alpha) || defined(__hpux) #define LBL_ALIGN #endif #endif #ifndef LBL_ALIGN #include #define EXTRACT_SHORT(p) ((u_short)ntohs(*(u_short *)p)) #define EXTRACT_LONG(p) (ntohl(*(u_int32 *)p)) #else #define EXTRACT_SHORT(p)\ ((u_short)\ ((u_short)*((u_char *)p+0)<<8|\ (u_short)*((u_char *)p+1)<<0)) #define EXTRACT_LONG(p)\ ((u_int32)*((u_char *)p+0)<<24|\ (u_int32)*((u_char *)p+1)<<16|\ (u_int32)*((u_char *)p+2)<<8|\ (u_int32)*((u_char *)p+3)<<0) #endif #ifdef KERNEL #include #define MINDEX(len, m, k) \ { \ len = m->m_len; \ while (k >= len) { \ k -= len; \ m = m->m_next; \ if (m == 0) \ return 0; \ len = m->m_len; \ } \ } static int m_xword(m, k, err) register struct mbuf *m; register int k, *err; { register int len; register u_char *cp, *np; register struct mbuf *m0; MINDEX(len, m, k); cp = mtod(m, u_char *) + k; if (len - k >= 4) { *err = 0; return EXTRACT_LONG(cp); } m0 = m->m_next; if (m0 == 0 || m0->m_len + len - k < 4) goto bad; *err = 0; np = mtod(m0, u_char *); switch (len - k) { case 1: return (cp[0] << 24) | (np[0] << 16) | (np[1] << 8) | np[2]; case 2: return (cp[0] << 24) | (cp[1] << 16) | (np[0] << 8) | np[1]; default: return (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | np[0]; } bad: *err = 1; return 0; } static int m_xhalf(m, k, err) register struct mbuf *m; register int k, *err; { register int len; register u_char *cp; register struct mbuf *m0; MINDEX(len, m, k); cp = mtod(m, u_char *) + k; if (len - k >= 2) { *err = 0; return EXTRACT_SHORT(cp); } m0 = m->m_next; if (m0 == 0) goto bad; *err = 0; return (cp[0] << 8) | mtod(m0, u_char *)[0]; bad: *err = 1; return 0; } #endif /* * Execute the filter program starting at pc on the packet p * wirelen is the length of the original packet * buflen is the amount of data present */ u_int bpf_filter(pc, p, wirelen, buflen) register struct bpf_insn *pc; register u_char *p; u_int wirelen; register u_int buflen; { register u_int32 A, X; register int k; int32 mem[BPF_MEMWORDS]; if (pc == 0) /* * No filter means accept all. */ return (u_int)-1; A = 0; X = 0; --pc; while (1) { ++pc; switch (pc->code) { default: #ifdef KERNEL return 0; #else abort(); #endif case BPF_RET|BPF_K: return (u_int)pc->k; case BPF_RET|BPF_A: return (u_int)A; case BPF_LD|BPF_W|BPF_ABS: k = pc->k; if (k + sizeof(int32) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_ABS: k = pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_ABS: k = pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LD|BPF_W|BPF_LEN: A = wirelen; continue; case BPF_LDX|BPF_W|BPF_LEN: X = wirelen; continue; case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; if (k + sizeof(int32) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xword((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_LONG(&p[k]); continue; case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; if (k + sizeof(short) > buflen) { #ifdef KERNEL int merr; if (buflen != 0) return 0; A = m_xhalf((struct mbuf *)p, k, &merr); if (merr != 0) return 0; continue; #else return 0; #endif } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_IND: k = X + pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); A = mtod(m, u_char *)[k]; continue; #else return 0; #endif } A = p[k]; continue; case BPF_LDX|BPF_MSH|BPF_B: k = pc->k; if (k >= buflen) { #ifdef KERNEL register struct mbuf *m; register int len; if (buflen != 0) return 0; m = (struct mbuf *)p; MINDEX(len, m, k); X = (mtod(m, char *)[k] & 0xf) << 2; continue; #else return 0; #endif } X = (p[pc->k] & 0xf) << 2; continue; case BPF_LD|BPF_IMM: A = pc->k; continue; case BPF_LDX|BPF_IMM: X = pc->k; continue; case BPF_LD|BPF_MEM: A = mem[pc->k]; continue; case BPF_LDX|BPF_MEM: X = mem[pc->k]; continue; case BPF_ST: mem[pc->k] = A; continue; case BPF_STX: mem[pc->k] = X; continue; case BPF_JMP|BPF_JA: pc += pc->k; continue; case BPF_JMP|BPF_JGT|BPF_K: pc += (A > pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_K: pc += (A >= pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_K: pc += (A == pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_K: pc += (A & pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGT|BPF_X: pc += (A > X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_X: pc += (A >= X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_X: pc += (A == X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_X: pc += (A & X) ? pc->jt : pc->jf; continue; case BPF_ALU|BPF_ADD|BPF_X: A += X; continue; case BPF_ALU|BPF_SUB|BPF_X: A -= X; continue; case BPF_ALU|BPF_MUL|BPF_X: A *= X; continue; case BPF_ALU|BPF_DIV|BPF_X: if (X == 0) return 0; A /= X; continue; case BPF_ALU|BPF_AND|BPF_X: A &= X; continue; case BPF_ALU|BPF_OR|BPF_X: A |= X; continue; case BPF_ALU|BPF_LSH|BPF_X: A <<= X; continue; case BPF_ALU|BPF_RSH|BPF_X: A >>= X; continue; case BPF_ALU|BPF_ADD|BPF_K: A += pc->k; continue; case BPF_ALU|BPF_SUB|BPF_K: A -= pc->k; continue; case BPF_ALU|BPF_MUL|BPF_K: A *= pc->k; continue; case BPF_ALU|BPF_DIV|BPF_K: A /= pc->k; continue; case BPF_ALU|BPF_AND|BPF_K: A &= pc->k; continue; case BPF_ALU|BPF_OR|BPF_K: A |= pc->k; continue; case BPF_ALU|BPF_LSH|BPF_K: A <<= pc->k; continue; case BPF_ALU|BPF_RSH|BPF_K: A >>= pc->k; continue; case BPF_ALU|BPF_NEG: A = -A; continue; case BPF_MISC|BPF_TAX: X = A; continue; case BPF_MISC|BPF_TXA: A = X; continue; } } } #ifdef KERNEL /* * Return true if the 'fcode' is a valid filter program. * The constraints are that each jump be forward and to a valid * code. The code must terminate with either an accept or reject. * 'valid' is an array for use by the routine (it must be at least * 'len' bytes long). * * The kernel needs to be able to verify an application's filter code. * Otherwise, a bogus program could easily crash the system. */ int bpf_validate(f, len) struct bpf_insn *f; int len; { register int i; register struct bpf_insn *p; for (i = 0; i < len; ++i) { /* * Check that that jumps are forward, and within * the code block. */ p = &f[i]; if (BPF_CLASS(p->code) == BPF_JMP) { register int from = i + 1; if (BPF_OP(p->code) == BPF_JA) { if (from + p->k >= (unsigned)len) return 0; } else if (from + p->jt >= len || from + p->jf >= len) return 0; } /* * Check that memory operations use valid addresses. */ if ((BPF_CLASS(p->code) == BPF_ST || (BPF_CLASS(p->code) == BPF_LD && (p->code & 0xe0) == BPF_MEM)) && (p->k >= BPF_MEMWORDS || p->k < 0)) return 0; /* * Check for constant division by 0. */ if (p->code == (BPF_ALU|BPF_DIV|BPF_K) && p->k == 0) return 0; } return BPF_CLASS(f[len - 1].code) == BPF_RET; } #endif sniffit.0.3.7.beta/libpcap/Makefile100644 1750 1750 11522 6553423606 15675 0ustar codercoder# Generated automatically from Makefile.in by configure. # Copyright (c) 1993, 1994, 1995, 1996 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that: (1) source code distributions # retain the above copyright notice and this paragraph in its entirety, (2) # distributions including binary code include the above copyright notice and # this paragraph in its entirety in the documentation or other materials # provided with the distribution, and (3) all advertising materials mentioning # features or use of this software display the following acknowledgement: # ``This product includes software developed by the University of California, # Lawrence Berkeley Laboratory and its contributors.'' Neither the name of # the University nor the names of its contributors may be used to endorse # or promote products derived from this software without specific prior # written permission. # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # @(#) $Header: Makefile.in,v 1.72 97/06/30 13:56:14 leres Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) # # Top level hierarchy prefix = /usr/local exec_prefix = ${prefix} # Pathname of directory to install the include files INCLDEST = ${prefix}/include # Pathname of directory to install the library LIBDEST = ${exec_prefix}/lib # Pathname of directory to install the man page MANDEST = ${prefix}/man # VPATH srcdir = . # # You shouldn't need to edit anything below. # CC = gcc CCOPT = -O2 INCLS = -I. -Ilinux-include DEFS = -DHAVE_MALLOC_H=1 -DHAVE_STRERROR=1 -DHAVE_NET_IF_ARP_H=1 # Standard CFLAGS CFLAGS = $(CCOPT) $(INCLS) $(DEFS) INSTALL = /usr/bin/install -c RANLIB = ranlib # # Flex and bison allow you to specify the prefixes of the global symbols # used by the generated parser. This allows programs to use lex/yacc # and link against libpcap. If you don't have flex or bison, get them. # LEX = flex -Ppcap_ YACC = bison -y -p pcap_ # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. .c.o: @rm -f $@ $(CC) $(CFLAGS) -c $(srcdir)/$*.c PSRC = pcap-linux.c CSRC = pcap.c inet.c gencode.c optimize.c nametoaddr.c \ etherent.c savefile.c bpf_filter.c bpf_image.c GENSRC = scanner.c grammar.c version.c SRC = $(PSRC) $(CSRC) $(GENSRC) # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection OBJ = $(PSRC:.c=.o) $(CSRC:.c=.o) $(GENSRC:.c=.o) HDR = pcap.h pcap-int.h pcap-namedb.h pcap-nit.h pcap-pf.h \ ethertype.h gencode.h gnuc.h GENHDR = \ tokdefs.h TAGHDR = \ bpf/net/bpf.h TAGFILES = \ $(SRC) $(HDR) $(TAGHDR) CLEANFILES = $(OBJ) libpcap.a $(GENSRC) $(GENHDR) lex.yy.c all: libpcap.a libpcap.a: $(OBJ) @rm -f $@ ar rc $@ $(OBJ) $(RANLIB) $@ scanner.c: $(srcdir)/scanner.l @rm -f $@ $(LEX) -t $< > $$$$.$@; mv $$$$.$@ $@ scanner.o: scanner.c tokdefs.h tokdefs.h: grammar.c grammar.c: $(srcdir)/grammar.y @rm -f grammar.c tokdefs.h $(YACC) -d $< mv y.tab.c grammar.c mv y.tab.h tokdefs.h grammar.o: grammar.c @rm -f $@ $(CC) $(CFLAGS) -Dyylval=pcap_lval -c grammar.c version.o: version.c version.c: $(srcdir)/VERSION @rm -f $@ sed -e 's/.*/char pcap_version[] = "&";/' $(srcdir)/VERSION > $@ install: force $(INSTALL) -m 444 -o bin -g bin libpcap.a $(DESTDIR)$(LIBDEST)/libpcap.a $(RANLIB) $(DESTDIR)$(LIBDEST)/libpcap.a install-incl: force $(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap.h \ $(DESTDIR)$(INCLDEST)/pcap.h $(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap-namedb.h \ $(DESTDIR)$(INCLDEST)/pcap-namedb.h $(INSTALL) -m 444 -o bin -g bin $(srcdir)/net/bpf.h \ $(DESTDIR)$(INCLDEST)/net/bpf.h install-man: force $(INSTALL) -m 444 -o bin -g bin $(srcdir)/pcap.3 \ $(DESTDIR)$(MANDEST)/man3/pcap.3 clean: rm -f $(CLEANFILES) distclean: rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ gnuc.h os-proto.h bpf_filter.c net tags: $(TAGFILES) ctags -wtd $(TAGFILES) tar: force @cwd=`pwd` ; dir=`basename $$cwd` ; name=libpcap-`cat VERSION` ; \ list="" ; tar="tar chFFf" ; \ for i in `cat FILES` ; do list="$$list $$name/$$i" ; done; \ echo \ "rm -f ../$$name; ln -s $$dir ../$$name" ; \ rm -f ../$$name; ln -s $$dir ../$$name ; \ echo \ "(cd .. ; $$tar - [lots of files]) | compress > /tmp/$$name.tar.Z" ; \ (cd .. ; $$tar - $$list) | compress > /tmp/$$name.tar.Z ; \ echo \ "rm -f ../$$name" ; \ rm -f ../$$name force: /tmp depend: $(GENSRC) force ./mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) sniffit.0.3.7.beta/sample_config_file100644 1750 1750 435 6553423606 16314 0ustar codercoder# Sniffit V.0.3.3-0.3.7 Sample Config file -- Brecht Claerhout # First select all packets! select both mhosts 1 select both mhosts 2 # Now deselect all packets from/to those damn 'surfers' deselect both port 80 deselect both port 8001 # Be sure to end this file with a blank line!sniffit.0.3.7.beta/sn_analyse.c100644 1750 1750 14671 6553423606 15133 0ustar codercoder/* Analyse traffic for logging mode */ /* - by: Brecht Claerhout */ const unsigned char *data; memcpy(&tcphead,header,sizeof(struct TCP_header)); dummy_pointer=search_dynam(filename, TCP); if(dummy_pointer!=NULL) status=1; if(status==0) /* make a new entry unless it's reset */ { if(finish!=TCP_FINISH) if((dummy_pointer=add_dynam(filename, TCP, 0,ntohl(tcphead.seq_nr),info.DATA_len))==NULL) return; }; if(finish==TCP_FINISH) /* let's reset the connection */ {delete_dynam(filename, TCP, 0);} /*** return before using any search or pointer!!!!!!!! ***/ /* Connections with FIN have deleted entries! */ dummy=ntohs(tcphead.offset_flag); if(LOGPARAM & LOGPARAM_RAW) /* Raw logging */ { if(dummy&SYN) print_conn(filename,"Connection initiated. (SYN)"); if(dummy&FIN) print_conn(filename,"Connection ending. (FIN)"); if(dummy&RST) print_conn(filename,"Connection reset. (RST)"); return; }; data = sp+PROTO_HEAD+info.IP_len+info.TCP_len; if(LOGPARAM & LOGPARAM_NORM) /* NORM logging */ { if(search_dynam(filename2, TCP)==NULL) { if(dummy&SYN) print_conn(filename,"Connection initiated."); if(dummy&FIN) print_conn(filename2,"Connection closed."); if(dummy&RST) print_conn(filename2,"Connection closed."); }; }; if((dummy&FIN)||(dummy&RST)) return; /* needed, cauz entry don't exist */ /*** TELNET *****************************************************************/ if(LOGPARAM & LOGPARAM_TELNET) { dummy_pointer=search_dynam(filename, TCP); /* don't forget to check dummy_pointer!!! */ if( (ntohs(tcphead.source) == 23)&&(dummy_pointer!=NULL))/* from telnet */ { sbuf_update(dummy_pointer,ntohl(tcphead.seq_nr),data,info.DATA_len); /* detect login */ strlower(dummy_pointer->scroll_buf); if((dummy_pointer->log!=LOG_NO_DETECT)&& (strstr(dummy_pointer->scroll_buf,"login")!=NULL)) { dummy_pointer->log=LOG_NO_DETECT; dummy_pointer=search_dynam(filename2, TCP); if(dummy_pointer!=NULL) { dummy_pointer->log=LOG_LOGIN; dummy_pointer->bytes=0; dummy_pointer->buffer=malloc(LOG_PASS_BUF); if(dummy_pointer->buffer==NULL) exit(1); dummy_pointer->buffer[0]=0; } else {print_conn(filename2,"Password missed due to overload.");};\ #ifdef DEBUG_ONSCREEN printf("Login detected, data initialised.\n"); #endif } } if( (ntohs(tcphead.destination) == 23)&&(dummy_pointer!=NULL))/* TO telnet */ { if(dummy_pointer->log==LOG_LOGIN) /* log login */ { record_buf(dummy_pointer,ntohl(tcphead.seq_nr),data,info.DATA_len,0); if(dummy_pointer->log==LOG_LOGIN_RECORDED) /* login recorded */ { print_login(filename,dummy_pointer->buffer); dummy_pointer->log=LOG_PWD; dummy_pointer->bytes=0; dummy_pointer->buffer[0]=0; } } else { if(dummy_pointer->log==LOG_PWD) /* log pwd */ { record_buf(dummy_pointer,ntohl(tcphead.seq_nr),data,info.DATA_len,0); if(dummy_pointer->log==LOG_PWD_RECORDED) /* passwd recorded */ { print_pwd(filename,dummy_pointer->buffer); dummy_pointer->log=LOG_NO_LOG; dummy_pointer->bytes=0; dummy_pointer->buffer[0]=0; } } } } } /*** END TELNET - LOGIN ***************************************************/ /*** FTP *******************************************************************/ if(LOGPARAM & LOGPARAM_FTP) /* loglevel 12 */ { dummy_pointer=search_dynam(filename, TCP); /* don't forget to check dummy_pointer!!! */ if( (ntohs(tcphead.destination) == 21) && (dummy_pointer!=NULL))/* to FTP */ { sbuf_update(dummy_pointer,ntohl(tcphead.seq_nr),data,info.DATA_len); /* detect USER en PASS */ if((help=strstr(dummy_pointer->scroll_buf,"USER"))!=NULL) { help+=strlen("USER "); for(i=0;iscroll_buf[i]==FTP_ENTER) dummy_pointer->scroll_buf[i]=0; print_ftp_user(filename,help); for(i=0;iscroll_buf[i]=' '; } if((help=strstr(dummy_pointer->scroll_buf,"PASS"))!=NULL) { help+=strlen("PASS "); for(i=0;iscroll_buf[i]==FTP_ENTER) dummy_pointer->scroll_buf[i]=0; print_ftp_pass(filename,help); for(i=0;iscroll_buf[i]=' '; } } } /*** END FTP ***************************************************************/ /*** MAIL ******************************************************************/ if(LOGPARAM & LOGPARAM_MAIL) /* loglevel 12 */ { /* dummy_pointer=search_dynam(filename, TCP); */ /* don't forget to check dummy_pointer!!! */ if( (ntohs(tcphead.destination) == 25) ) /* to MAIL */ { if(info.DATA_len!=0) { char workbuf1[MTU]; char *wb_dummy; strncpy(workbuf1,data,info.DATA_len); workbuf1[info.DATA_len]=0; strlower(workbuf1); if(strstr(workbuf1,"mail from")!=NULL) { char workbuf2[MTU]; strcpy(workbuf2, strstr(workbuf1,"mail from")); if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */ {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;} if(strchr(workbuf2,10)!=NULL) {wb_dummy=strchr(workbuf2,10); *wb_dummy=0;} print_mail(filename,workbuf2); } if(strstr(workbuf1,"rcpt to")!=NULL) { char workbuf2[MTU]; strcpy(workbuf2, strstr(workbuf1,"rcpt to")); if(strchr(workbuf2,13)!=NULL) /* remove trailing enter */ {wb_dummy=strchr(workbuf2,13); *wb_dummy=0;} if(strchr(workbuf2,10)!=NULL) {wb_dummy=strchr(workbuf2,10); *wb_dummy=0;} print_mail(filename,workbuf2); } } } } /*** END MAIL **************************************************************/ if( (dummy_pointer=search_dynam(filename, TCP)) !=NULL) { if(ntohl(tcphead.seq_nr)==dummy_pointer->exp_seq) dummy_pointer->exp_seq+=info.DATA_len; /* if we miss a packet... no probs seq nr's get updated */ /* cauz' we can't rely on ACK's from other side */ /* it's pretty good this way */ if(ntohl(tcphead.seq_nr)>dummy_pointer->exp_seq) dummy_pointer->exp_seq=ntohl(tcphead.seq_nr)+info.DATA_len; } return; return; /* DON'T FORGET THEM!!!! */ sniffit.0.3.7.beta/sn_cfgfile.c100644 1750 1750 31706 6553423606 15074 0ustar codercoder/* Sniffit Cfgfile source file */ /* - by : Brecht Claerhout */ /* - improvements: Shudoh Kazuyuki */ #include #include /* for getservbyname() */ #include "sn_config.h" #include "sn_defines.h" #include "sn_structs.h" #include "sn_cfgfile.h" #include "sn_resolv.h" /* #include "sn_generation.h" */ extern struct cfg_file_contense *select_from_list; /* pointers for cfg lists */ extern struct cfg_file_contense *select_to_list; extern struct cfg_file_contense *deselect_from_list; extern struct cfg_file_contense *deselect_to_list; extern int select_from_length; /* length of cfg lists */ extern int select_to_length; extern int deselect_from_length; extern int deselect_to_length; extern int Priority; /* The higher the priority, the more important */ extern char dot_notation[20]; /* for easy working, Q&D */ extern char Logfile[250]; void clear_list_buffer (struct cfg_file_contense *help) { help->host[0]=0; help->priority=0; help->port=0; help->wildcard=0; } struct cfg_file_contense *adjust_select_from_list (void) { Priority++; select_from_length++; if(select_from_list==NULL) { select_from_list=(struct cfg_file_contense *)malloc(sizeof(struct cfg_file_contense)); } else { select_from_list=(struct cfg_file_contense *)realloc(select_from_list, select_from_length*sizeof(struct cfg_file_contense)); } if(select_from_list==NULL) {printf("Sniffit hartattack... out of memory!\n"); exit(1);} clear_list_buffer(&(select_from_list[select_from_length-1])); return &(select_from_list[select_from_length-1]); } struct cfg_file_contense *adjust_select_to_list (void) { Priority++; select_to_length++; if(select_to_list==NULL) { select_to_list=(struct cfg_file_contense *)malloc(sizeof(struct cfg_file_contense)); } else { select_to_list=(struct cfg_file_contense *)realloc(select_to_list, select_to_length*sizeof(struct cfg_file_contense)); }; if(select_to_list==NULL) {printf("Sniffit hartattack... out of memory!\n"); exit(1);} clear_list_buffer(&(select_to_list[select_to_length-1])); return &(select_to_list[select_to_length-1]); } struct cfg_file_contense *adjust_deselect_from_list (void) { Priority++; deselect_from_length++; if(deselect_from_list==NULL) { deselect_from_list=(struct cfg_file_contense *)malloc(sizeof(struct cfg_file_contense)); } else { deselect_from_list=(struct cfg_file_contense *)realloc(deselect_from_list, deselect_from_length*sizeof(struct cfg_file_contense)); } if(deselect_from_list==NULL) {printf("Sniffit hartattack... out of memory!\n"); exit(1);} clear_list_buffer(&(deselect_from_list[deselect_from_length-1])); return (&(deselect_from_list[deselect_from_length-1])); } struct cfg_file_contense *adjust_deselect_to_list (void) { Priority++; deselect_to_length++; if(deselect_to_list==NULL) { deselect_to_list=(struct cfg_file_contense *)malloc(sizeof(struct cfg_file_contense)); } else { deselect_to_list=(struct cfg_file_contense *)realloc(deselect_to_list, deselect_to_length*sizeof(struct cfg_file_contense)); } if(deselect_to_list==NULL) {printf("Sniffit hartattack... out of memory!\n"); exit(1);} clear_list_buffer(&(deselect_to_list[deselect_to_length-1])); return &(deselect_to_list[deselect_to_length-1]); } char *clean_string (char *string) { char help[20]; int i, j; j=0; for(i=0;is_port);} else {ret = atoi(buf);} free(buf); if (ret <= 0) { printf("Invalid port no or service name in config file: %s\n", servname); exit(1); } return ret; } void interprete_line (char *line) { struct cfg_file_contense *help, *helpp; char *field; size_t i; field=strtok(line," "); if(field!=NULL) { /* comment line */ if(*field == '#') return; if(*field == ';') return; strlower(field); if(strcmp(strlower(field),"logfile")==0) { field=clean_filename(strtok(NULL," ")); if(field != NULL) strcpy(Logfile,field); } else if(strcmp(strlower(field),"select")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"from")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"host")==0) /* select from host */ { help=adjust_select_from_list(); make_nr_dot(strtok(NULL," ")); strcpy(help->host,dot_notation); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; return; } if(strcmp(strlower(field),"port")==0) /* select from port */ { help=adjust_select_from_list(); help->port=make_portno( strtok(NULL," ") ); help->priority=Priority; return; } if(strcmp(strlower(field),"mhosts")==0) /* select from mhosts */ { help=adjust_select_from_list(); strcpy(help->host, clean_string(strtok(NULL," "))); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; help->wildcard=1; return; } } if(strcmp(strlower(field),"to")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"host")==0) /* select to host */ { help=adjust_select_to_list(); make_nr_dot(strtok(NULL," ")); strcpy(help->host,dot_notation); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; return; } if(strcmp(strlower(field),"port")==0) /* select to port */ { help=adjust_select_to_list(); help->port=make_portno( strtok(NULL," ") ); help->priority=Priority; return; } if(strcmp(strlower(field),"mhosts")==0) /* select to mhosts */ { help=adjust_select_to_list(); strcpy(help->host, clean_string(strtok(NULL," "))); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; help->wildcard=1; return; } } if(strcmp(strlower(field),"both")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"host")==0) /* select both host */ { help=adjust_select_from_list(); helpp=adjust_select_to_list(); make_nr_dot(strtok(NULL," ")); strcpy(help->host,dot_notation); strcpy(helpp->host,dot_notation); if( (field=strtok(NULL," "))!=NULL) {help->port=make_portno(field); helpp->port=make_portno(field);} help->priority=Priority; helpp->priority=Priority; return; } if(strcmp(strlower(field),"port")==0) /* select both port */ { help=adjust_select_from_list(); helpp=adjust_select_to_list(); field=strtok(NULL," "); help->port=make_portno(field); helpp->port=make_portno(field); help->priority=Priority; helpp->priority=Priority; return; } if(strcmp(strlower(field),"mhosts")==0) /* select both mhosts */ { help=adjust_select_from_list(); helpp=adjust_select_to_list(); field=clean_string(strtok(NULL," ")); strcpy(help->host, field); strcpy(helpp->host, field); if( (field=strtok(NULL," "))!=NULL) {help->port=make_portno(field); helpp->port=make_portno(field);} help->priority=Priority; helpp->priority=Priority; help->wildcard=1; helpp->wildcard=1; return; } } } if(strcmp(strlower(field),"deselect")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"from")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"host")==0) /* select from host */ { help=adjust_deselect_from_list(); make_nr_dot(strtok(NULL," ")); strcpy(help->host,dot_notation); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; return; } if(strcmp(strlower(field),"port")==0) /* select from port */ { help=adjust_deselect_from_list(); help->port=make_portno(strtok(NULL," ")); help->priority=Priority; return; } if(strcmp(strlower(field),"mhosts")==0) /* select from mhosts */ { help=adjust_deselect_from_list(); strcpy(help->host, clean_string(strtok(NULL," "))); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; help->wildcard=1; return; } } if(strcmp(strlower(field),"to")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"host")==0) /* deselect to host */ { help=adjust_deselect_to_list(); make_nr_dot(strtok(NULL," ")); strcpy(help->host,dot_notation); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; return; } if(strcmp(strlower(field),"port")==0) /* deselect to port */ { help=adjust_deselect_to_list(); help->port=make_portno(strtok(NULL," ")); help->priority=Priority; return; } if(strcmp(strlower(field),"mhosts")==0) /* deselect to mhosts */ { help=adjust_deselect_to_list(); strcpy(help->host, clean_string(strtok(NULL," "))); if( (field=strtok(NULL," "))!=NULL) help->port=make_portno(field); help->priority=Priority; help->wildcard=1; return; } } if(strcmp(strlower(field),"both")==0) { field=strtok(NULL," "); if(strcmp(strlower(field),"host")==0) /* deselect both host */ { help=adjust_deselect_from_list(); helpp=adjust_deselect_to_list(); make_nr_dot(strtok(NULL," ")); strcpy(help->host,dot_notation); strcpy(helpp->host,dot_notation); if( (field=strtok(NULL," "))!=NULL) {helpp->port = help->port = make_portno(field);} help->priority=Priority; helpp->priority=Priority; return; } if(strcmp(strlower(field),"port")==0) /* deselect both port */ { help=adjust_deselect_from_list(); helpp=adjust_deselect_to_list(); field=strtok(NULL," "); helpp->port = help->port = make_portno(field); help->priority=Priority; helpp->priority=Priority; return; } if(strcmp(strlower(field),"mhosts")==0) /* deselect both mhosts */ { help=adjust_deselect_from_list(); helpp=adjust_deselect_to_list(); field=clean_string(strtok(NULL," ")); strcpy(help->host, field); strcpy(helpp->host, field); if( (field=strtok(NULL," "))!=NULL) {help->port=make_portno(field); helpp->port=make_portno(field);} help->priority=Priority; helpp->priority=Priority; help->wildcard=1; helpp->wildcard=1; return; } } } } } void read_cfg_file (char *file) { FILE *cfgfile; size_t line_length; char lineptr[260]; select_from_list=NULL; select_to_list=NULL; deselect_from_list=NULL; deselect_to_list=NULL; Priority=0; if((cfgfile = fopen(file,"r"))==NULL) {fprintf(stderr,"Couldn't find config file... giving up.\n"); exit(1);} while(feof(cfgfile)==0) { fgets(lineptr,259,cfgfile); if(feof(cfgfile)==0) { interprete_line(lineptr);} } fclose(cfgfile); }; sniffit.0.3.7.beta/sn_cfgfile.h100644 1750 1750 1021 6553423606 15044 0ustar codercoder/* Sniffit Config File include */ void clear_list_buffer (struct cfg_file_contense *); struct cfg_file_contense *adjust_select_from_list (void); struct cfg_file_contense *adjust_select_to_list (void); struct cfg_file_contense *adjust_deselect_from_list (void); struct cfg_file_contense *adjust_deselect_to_list (void); char *clean_string (char *); char *clean_filename (char *); void make_nr_dot (char *); void interprete_line (char *); void read_cfg_file (char *); sniffit.0.3.7.beta/sn_config.h100644 1750 1750 6177 6553423606 14733 0ustar codercoder/* Sniffit Config File */ /* - By: Brecht Claerhout */ /* Because of the use of GNU autoconfig, this file manages pretty much */ /* itself, you could however still add your personal touch in some parts */ #define INCLUDE_INTERFACE /* By default */ #ifndef HAVE_SHMGET /* No Shared memory */ #undef INCLUDE_INTERFACE #endif #ifndef HAVE_LIBNCURSES /* ncurses not found */ #undef INCLUDE_INTERFACE #endif #ifndef HAVE_NCURSES_H /* ncurses not found */ #undef INCLUDE_INTERFACE #endif #ifdef IRIX /* No interface on IRIX */ #undef INCLUDE_INTERFACE #endif /* Not supported yet */ #ifdef BSDI #undef INCLUDE_INTERFACE #endif #ifdef HAVE_ATEXIT #define exit_func(x) atexit(x) #else #define exit_func(x) on_exit (x,0) #endif /***************************************************************************/ /* If you want to allow the program to be used 'set user id' */ /* #define ALLOW_SUID */ #undef ALLOW_SUID /***************************************************************************/ /* Following parameters describe the connections that can be handled at */ /* once, MAXCOUNT stands for connections handled in normal mode. As */ /* memory in normal mode is now handled dynamically, you can pump this */ /* number up without having to much trouble (Watch it, the machine */ /* could be slowed down a lot, and packets could get missed) */ /* CONNECTION_CAPACITY is the same, except in interactive mode, this is */ /* more dangerous to change, if you machine goes to slow (when sniffing */ /* in interactive mode), lower this number. */ #define MAXCOUNT 500 #ifdef INCLUDE_INTERFACE #define CONNECTION_CAPACITY 100 #endif /* This is the interval time for the netstatistics */ #define INFO_TIMER 3 /* In seconds */ /***************************************************************************/ /* Enable/Disable Packet generation function */ #undef GENERATION #ifdef INCLUDE_INTERFACE #define GENERATION /* #undef GENERATION */ #endif /***************************************************************************/ /* Read about forcing the sniff device in the README.FIRST file */ #define FORCED_HEAD_LENGTH 14 /* default */ /* MTU: this could need a change on interfaces different from ethernet or on non-standard */ /* configured systems. Get the info out of 'ifconfig'. */ /* But 1500 is a standard. */ #define MTU 5000 /*************** Don't change anything below this line *********************/ #undef DEBUG /* Debugging (to tty) - sigh */ /* #define DEBUG */ #define DEBUG_DEVICE "/dev/ttyp6" #undef DEBUG_ONSCREEN /* Debugging (to screen) - sigh */ /* #define DEBUG_ONSCREEN */ #ifdef DEBUG void close_debug_device (void); void debug_msg(char *); #endif sniffit.0.3.7.beta/sn_conn_desc.c100644 1750 1750 6267 6553423606 15414 0ustar codercoder/* Connection description detection file */ /* - by: Brecht Claerhout */ /* Simple PORT BASED detection */ /*** FTP sessions ********************************************************/ if( (ntohs(tcphead.source)==FTP_DATA_1)||(ntohs(tcphead.destination)==FTP_DATA_1) ) {strcpy(desc_string, "FTP DATA");} if( (ntohs(tcphead.source)==FTP_1)||(ntohs(tcphead.destination)==FTP_1) ) { if(info->DATA_len==0) strcpy(desc_string, "FTP"); if(info->DATA_len>5) { const unsigned char *data= sp+PROTO_HEAD+info->IP_len+info->TCP_len; strcpy(desc_string,"FTP: "); j=5; /* 5 = "FTP: " */ for(i=0;iDATA_len;i++) { if( (isalnum(data[i]) || ispunct(data[i]) || data[i]==' ')&&(j<(*DESC_LEN)-1) ) {desc_string[j]=data[i]; desc_string[j+1]=0; j++; } else {if( (isspace(data[i]) && data[i]!=' ')&&(j<(*DESC_LEN)-1) ) {desc_string[j]=' '; desc_string[j+1]=0; j++; } } } } } /*** TELNET sessions *****************************************************/ if( (ntohs(tcphead.source)==TELNET_1)||(ntohs(tcphead.destination)==TELNET_1) ) {strcpy(desc_string, "TELNET");} /*** SSH sessions ********************************************************/ if( (ntohs(tcphead.source)==SSH_1)||(ntohs(tcphead.destination)==SSH_1) ) {strcpy(desc_string, "Secure Shell");} /*** MAIL sessions *****************************************************/ if( (ntohs(tcphead.source)==MAIL_1)||(ntohs(tcphead.destination)==MAIL_1) ) {strcpy(desc_string, "MAIL");} /*** IDENT **************************************************************/ if( (ntohs(tcphead.source)==IDENT_1)||(ntohs(tcphead.destination)==IDENT_1) ) {strcpy(desc_string, "IDENT");} /*** IRC ***************************************************************/ if( (ntohs(tcphead.source)==IRC_1)||(ntohs(tcphead.destination)==IRC_1) ) {strcpy(desc_string, "IRC");} /*** X11 sessions *******************************************************/ if( (ntohs(tcphead.source)==X11_1)||(ntohs(tcphead.destination)==X11_1) ) {strcpy(desc_string, "X-Windows");} /*** HTTP ***************************************************************/ if( (ntohs(tcphead.source)==HTTP_1)||(ntohs(tcphead.source)==HTTP_2)|| (ntohs(tcphead.source)==HTTP_3)||(ntohs(tcphead.source)==HTTP_4) ) { strcpy(desc_string, "HTTP"); } if( (ntohs(tcphead.destination)==HTTP_1)||(ntohs(tcphead.destination)==HTTP_2) || (ntohs(tcphead.destination)==HTTP_3)||(ntohs(tcphead.destination)==HTTP_4) ) { if(info->DATA_len==0) strcpy(desc_string, "HTTP"); if(info->DATA_len>5) { const unsigned char *data= sp+PROTO_HEAD+info->IP_len+info->TCP_len; strcpy(desc_string,"HTTP: "); j=6; /* 5 = "HTTP: " */ for(i=0;iDATA_len;i++) if( (isalnum(data[i]) || ispunct(data[i]) || data[i]==' ')&&(j<(*DESC_LEN)-1) ) {desc_string[j]=data[i]; desc_string[j+1]=0; j++; } else {if( (isspace(data[i]) && data[i]!=' ')&&(j<(*DESC_LEN)-1) ) {desc_string[j]=' '; desc_string[j+1]=0; j++; } } } } sniffit.0.3.7.beta/sn_curses.h100644 1750 1750 42 6553423606 14713 0ustar codercoder#include "/usr/include/ncurses.h" sniffit.0.3.7.beta/sn_data.h100644 1750 1750 14424 6553423606 14411 0ustar codercoder/* Sniffit Data File */ /**** Network Devices *******************************************************/ /* Older configuration system of Sniffit */ /* ether: 14 */ /* ppp : 4 */ /* slip : 16 */ /* lo : 4 */ #ifdef LINUX /* #define NETDEV_NR 3 char *NETDEV[]={"lo","ppp","eth"}; int HEADSIZE []={4 ,0 ,14}; */ #define NETDEV_NR 3 char *NETDEV[]={"ppp","slip","eth"}; /* echo on loopback */ int HEADSIZE []={0 ,0 ,14}; /* slip needs testing */ #endif #ifdef SUNOS #define NETDEV_NR 3 char *NETDEV[]={"le","hme"}; int HEADSIZE[]={14 ,14}; /* ppp: 4 or 0 or nothing? */ #endif #ifdef IRIX #define NETDEV_NR 2 char *NETDEV[]={"ppp","et"}; int HEADSIZE[]={0 ,14}; /* ppp: 4 or 0 or nothing */ #endif #ifdef FREEBSD /* ppp: 4 or 0 ? */ /* #define NETDEV_NR 2 char *NETDEV[]={"ppp","ed"}; int HEADSIZE[]={4 ,14}; */ #define NETDEV_NR 1 char *NETDEV[]={"ed"}; int HEADSIZE[]={14}; #endif #ifdef BSDI /* ppp: 4 or 0 ? */ /* #define NETDEV_NR 2 char *NETDEV[]={"ppp","ef"}; int HEADSIZE[]={4 ,14}; */ #define NETDEV_NR 1 char *NETDEV[]={"ef"}; int HEADSIZE[]={14}; #endif #ifdef DEC_OSF #define NETDEV_NR 1 char *NETDEV[]={"ln"}; int HEADSIZE[]={14}; #endif #ifdef NETBSD #ifdef i386 #define NETDEV_NR 21 char *NETDEV[]={"ppp","ai","de","ec","ef","eg","el","en","ep","fe","fea","fpa","fxp","ix","iy","lc","le","ne","sm","tl","we"}; int HEADSIZE[]={4 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 ,14 }; #elif defined(sparc) #define NETDEV_NR 3 char *NETDEV[]={"ppp","le","ie"}; int HEADSIZE[]={4 ,14 ,14}; #elif defined(amiga) #define ETH_DEV_NR 6 char *NETDEV[]={"ppp","bah","ed","es","le","qn"}; int HEADSIZE[]={4 ,14 ,14 ,14 ,14 ,14}; #else #error Unknown network devices for this NetBSD architecture. #endif #endif #ifdef AIX /* only for the AIX powerpack ;) */ #define NETDEV_NR 4 /* not usefull without it */ char *NETDEV[]={"en","et","tr","fi"}; int HEADSIZE[]={14 ,22 ,22 ,24}; #endif #ifdef HPUX /* only for the HPUX powerpack ;) */ #define NETDEV_NR 2 /* not usefull without it */ char *NETDEV[]={"le","sam"}; int HEADSIZE[]={14 ,14 }; #endif /**** Global data **********************************************************/ pcap_t *dev_desc; pcap_dumper_t *dev_dump; void *start_dynam; int dynam_len; char Logfile[250]; /* name of logfile */ FILE *LogFILE; /* logfile stream */ /* char *IP; *//* was with older '-p' */ char IP[256]; unsigned long SNIFLEN; /* bytes we need to snif */ short DEST_PORT, SRC_PORT; /* destination port */ char non_printable, *logging_device; /**** Global data (packets) *************************************************/ int PROTO_HEAD; /* Base Protocol head length (ethernet, PPP ,....) */ char *IP_TYPE_precedence[8]= {"Routine", "Priority", "Immediate", "Flash", "Flash override", "Critical", "Internetwork control", "Network control"}; char *IP_PROTOCOL_number[34]= {"Reserved","ICMP","IGMP","GGP","Unassigned","ST","TCP","UCL","EGP","IGP", "BBN-MON","NVP-II","PUP","ARGUS","EMCOM","XNET","CHAOS","UDP","MUX", "DCN-MEAS","HMP","PRM","XNS-IDP","TRUNK-1","TRUNK-2","LEAF-1","LEAF-2", "RDP","IRTP","ISO-TP4","NETBLT","MFE-NSP","MERIT-INP","SEP"}; char *ICMP_type_3_code[6]= {"Net unreachable", "Host unreachable", "Protocol unreachable", "Port unreachable", "Fragmentation needed and DF set", "Source route failed"}; char *ICMP_type_5_code[4]= {"Redirect datagrams for the network", "Redirect datagrams for the host", "Redirect datagrams for the \'type of service\' and the network", "Redirect datagrams for the \'type of service\' and the host"}; char *ICMP_type_11_code[2]= {"Time-to-live exceeded in transmit", "Fragment reassembly time exceeded"}; /**** Global data (config) **************************************************/ struct cfg_file_contense *select_from_list; /* pointers for cfg lists */ struct cfg_file_contense *select_to_list; struct cfg_file_contense *deselect_from_list; struct cfg_file_contense *deselect_to_list; int select_from_length=0; /* length of cfg lists */ int select_to_length=0; int deselect_from_length=0; int deselect_to_length=0; int Priority=0; /* The higher the priority, the more important */ char dot_notation[20]; /* for easy working, Q&D */ /**** Global data (plugins) *************************************************/ char Plugin_Active[10]; /**** Global data (interactive) *********************************************/ #ifdef INCLUDE_INTERFACE /**** shared memory pointers ************************************************/ char *SHARED, *connection_data, *timing, *running_connections, *logged_connections; int *LISTlength, *DATAlength, memory_id; unsigned int *TCP_nr_of_packets, *ICMP_nr_of_packets, *UDP_nr_of_packets; unsigned int *IP_nr_of_packets; unsigned long *TCP_bytes_in_packets, *UDP_bytes_in_packets; int *DESC_LEN; /**** data structures *******************************************************/ struct snif_mask *mask; struct shared_logged_conn *log_conn; FILE *log_dev_stream; struct stat log_dev_stat; volatile int LOGGING=0, screen_busy=0; char PACKET_INFO; int POINTpos=0, LISTpos=0; unsigned char COLOR_AVAIL=0; /**** screen **************************************************************/ int MASK_WINDOW_ROWS, MASK_WINDOW_COLS; int MAIN_WINDOW_ROWS, MAIN_WINDOW_COLS; int INFO_WINDOW_ROWS, INFO_WINDOW_COLS; int DATA_WINDOW_ROWS, DATA_WINDOW_COLS; int INFO_WINDOW_X, INFO_WINDOW_Y; int MASK_WINDOW_X, MASK_WINDOW_Y; int DATA_WINDOW_X, DATA_WINDOW_Y; WINDOW *menu_window; struct box_window data_box, main_box, mask_box, packets_box; int Pid=0; #endif /* DEBUG section */ #ifdef DEBUG FILE *debug_dev; unsigned int debug_cnt=0; #endif sniffit.0.3.7.beta/BETA-TESTING100644 1750 1750 5403 6553423606 14355 0ustar codercoderThis is a beta version, that means that some things need testing or fine-tuning. This file includes the things I would like to be informed about. So if you are able to test one of these things, please do so and mail me back the results. (coder@reptile.rug.ac.be) 1. LINUX 2. SunOS/Solaris 3. Irix 4. FreeBSD 5. BSDi 6. DEC/OSF 7. NetBSD ----------------------------------------------------------------------------- 1. LINUX - Does sniffing a SLIP connection work? 2. SunOS/Solaris 3. Irix - Does sniffing a PPP connection work? If sniffit just sits there, doing nothing, try changing (sn_data.h) #ifdef IRIX #define NETDEV_NR 2 char *NETDEV[]={"ppp","et"}; int HEADSIZE[]={0 ,14}; /* ppp: 4 or 0 or nothing */ #endif to: #ifdef IRIX #define NETDEV_NR 2 char *NETDEV[]={"ppp","et"}; int HEADSIZE[]={4 ,14}; /* ppp: 4 or 0 or nothing */ #endif 4. FreeBSD - Does sniffing a PPP connection work? To try this, remove the lines that are marked below with X in the sn_data.h file: #ifdef FREEBSD /* ppp: 4 or 0 ? */ /* X #define NETDEV_NR 2 char *NETDEV[]={"ppp","ed"}; int HEADSIZE[]={4 ,14}; */ X #define NETDEV_NR 1 X char *NETDEV[]={"ed"}; X int HEADSIZE[]={14}; X #endif If it doesn't work, and sniffit just sits there, try changing: int HEADSIZE[]={4 ,14}; to: int HEADSIZE[]={0 ,14}; 5. BSDi - Does sniffing a PPP connection work? To try this, remove the lines that are marked below with X in the sn_data.h file: #ifdef BSDI /* ppp: 4 or 0 ? */ /* X #define NETDEV_NR 2 char *NETDEV[]={"ppp","ef"}; int HEADSIZE[]={4 ,14}; */ X #define NETDEV_NR 1 X char *NETDEV[]={"ef"}; X int HEADSIZE[]={14}; X #endif If it doesn't work, and sniffit just sits there, try changing: int HEADSIZE[]={4 ,14}; to: int HEADSIZE[]={0 ,14}; 6. DEC/OSF 7. NetBSD - Does sniffing a PPP connection work? If sniffit just sits there, doing nothing, try changing the sn_data.h file. Search the line: #ifdef NETBSD from there on change in every "int HEADSIZE[]={}" the 4 to a 0. e.g.: int HEADSIZE[]={4 ,14 ,14}; becomes: int HEADSIZE[]={0 ,14 ,14}; sniffit.0.3.7.beta/sn_defines.h100644 1750 1750 10367 6553423606 15117 0ustar codercoder/* Sniffit Defines File */ #include "sn_config.h" /*** typedefs ******************/ #ifdef USE_32_LONG_INT typedef unsigned long int _32_bit; #endif #ifdef USE_32_INT typedef unsigned int _32_bit; #endif typedef unsigned short _16_bit; /*** Normal Sniffit operations */ #define VERSION "0.3.7 Beta" /* Program Version */ #define SNAPLEN MTU /* Ethernet Packet Length */ #define MSDELAY 1000 /* pcap timeout */ #define PACKETS 1 /* pcap dispatch */ #define CNT -1 /* pcap loop count */ #define LENGTH_OF_INTERPROC_DATA 5*SNAPLEN /* buffer capacity */ #define SCBUF 30 /* scroll buffer length */ #define LOG_PASS_BUF 20+1 /* login/pwd buffer length */ #define TELNET_ENTER 0x0d /* Enter in telnet login session */ #define FTP_ENTER 0x0d /* first char of Enter in FTP login session */ #define DEST 0 #define SOURCE 1 #define BOTH 2 #define INTERACTIVE 99 /* Packet examining defines (finish) */ /* 0-9 : TCP */ /* 10-19: ICMP */ /* 20-29: UDP */ #define DROP_PACKET -2 /* Skip Packet completely */ #define DONT_EXAMINE -1 /* Skip Packet */ #define TCP_EXAMINE 0 /* TCP - 'for us' */ #define TCP_FINISH 1 /* TCP - end connection */ #define TCP_EX_FRAG_HEAD 2 /* defined lower */ #define TCP_EX_FRAG_NF 3 #define ICMP_EXAMINE 10 /* ICMP - examine */ #define UDP_EXAMINE 20 /* UDP - examine */ #define F_TCP 1 /* Flags for PROTOCOLS */ #define F_ICMP 2 #define F_UDP 4 #define F_IP 8 /*** Logparam defines */ #define LOGPARAM_LOG_ON 1 #define LOGPARAM_RAW 2 #define LOGPARAM_NORM 4 #define LOGPARAM_TELNET 8 #define LOGPARAM_FTP 16 #define LOGPARAM_MAIL 32 /*** Interface defines */ #ifdef INCLUDE_INTERFACE #define ENTER 13 #define WIN_COLOR_NORMAL 1 /* Color pairs for various functions */ #define WIN_COLOR_POINT 2 #define WIN_COLOR_DATA 3 #define WIN_COLOR_INPUT 4 #define WIN_COLOR_MENU 5 #define WIN_COLOR_PACKET_INFO 6 #define WIN_COLOR_PKTCNT 7 #define CONN_NAMELEN 56 /* length of string */ #define DESC_BYTES 60 /* length of description */ #define MENU " Masks: F1-Source IP F2-Dest. IP F3-Source Port F4-Dest. Port" #endif /* First undefine all Plugins, just to be sure */ #undef PLUGIN0_NAME #undef PLUGIN1_NAME #undef PLUGIN2_NAME #undef PLUGIN3_NAME #undef PLUGIN4_NAME #undef PLUGIN5_NAME #undef PLUGIN6_NAME #undef PLUGIN7_NAME #undef PLUGIN8_NAME #undef PLUGIN9_NAME #define IP_VERSION 4 #define URG 32 /*TCP-flags */ #define ACK 16 #define PSH 8 #define RST 4 #define SYN 2 #define FIN 1 /* unwrap packet */ #define NOT_SUPPORTED -1 #define NO_IP 0 #define NO_IP_4 1000 #define CORRUPT_IP 1001 #define TCP_FRAG_HEAD 1002 #define UDP_FRAG_HEAD 1003 #define ICMP_FRAG_HEAD 1004 #define ICMP 1 /* Protocol Numbers */ #define TCP 6 #define UDP 17 #define ICMP_HEADLENGTH 4 /* fixed ICMP header length */ #define UDP_HEADLENGTH 8 /* fixed UDP header length */ #define IP_DELAY 32 #define IP_THROUGHPUT 16 #define IP_RELIABILITY 8 #define IP_DF 2 #define IP_MF 1 /*** ICMP types ********************************************************/ #define ICMP_TYPE_0 "Echo reply" #define ICMP_TYPE_3 "Destination unreachable" #define ICMP_TYPE_4 "Source quench" #define ICMP_TYPE_5 "Redirect" #define ICMP_TYPE_8 "Echo" #define ICMP_TYPE_11 "Time exceeded" #define ICMP_TYPE_12 "Parameter problem" #define ICMP_TYPE_13 "Timestamp" #define ICMP_TYPE_14 "Timestamp reply" #define ICMP_TYPE_15 "Information request" #define ICMP_TYPE_16 "Information reply" #define ICMP_TYPE_17 "Address mask request" #define ICMP_TYPE_18 "Adress mask reply" /*** Services (standardised) *******************************************/ #define FTP_DATA_1 20 #define FTP_1 21 #define SSH_1 22 #define TELNET_1 23 #define MAIL_1 25 #define IDENT_1 113 #define HTTP_1 80 #define HTTP_2 80 #define HTTP_3 80 #define HTTP_4 80 #define IRC_1 6667 #define X11_1 6000 sniffit.0.3.7.beta/sn_generation.c100644 1750 1750 30665 6553423606 15633 0ustar codercoder/* Sniffit Packet Generation File */ /* - Idea/development/code:Amlan Saha */ /* - Packet code/debugging: Brecht Claerhout */ #include "sn_config.h" #ifdef INCLUDE_INTERFACE #ifdef GENERATION #include #include #include #include "sn_curses.h" #include "sn_defines.h" #include "sn_structs.h" #include "sn_generation.h" extern volatile int screen_busy; void exec_generate(struct generate_mask *generate) { WINDOW *Msg_dsp; int count=0, count_ptr, fd; char msg[80]; char dummy_data[]="This Packet was fired with Sniffit!"; #ifdef DEBUG debug_msg("Gener: Start of execution"); #endif count_ptr=(generate->pkt_no); Msg_dsp=newwin(1,COLS,LINES-1,0); wattrset(Msg_dsp,A_BOLD); wattrset(Msg_dsp,COLOR_PAIR(WIN_COLOR_PKTCNT)); fd=open_sending(); while(countsource_ip, generate->source_port, generate->dest_ip, generate->dest_port); #ifdef DEBUG debug_msg("Gener: End"); #endif if(count==count_ptr-1) { sprintf(msg,"DISPATCH COMPLETE-Press ENTER"); } else { sprintf(msg,"Packet No: %d dispatched.",count+1); } mvwaddstr(Msg_dsp,0,27,msg); while(screen_busy!=0) {}; wnoutrefresh(Msg_dsp); doupdate(); count++; } delwin(Msg_dsp); close(fd); input_field(msg,NULL,0); forced_refresh(); } /**************************************************************************/ /* Actual packet generation functions below */ /* code stolen from Spoofit (my own ;) */ /* */ /* int open_sending (void) */ /* Returns a filedescriptor to the sending socket. */ /* close it with close (int filedesc) */ /* */ /* void transmit_TCP (int sp_fd, char *sp_data, */ /* int sp_ipoptlen, int sp_tcpoptlen, int sp_datalen, */ /* char *sp_source, unsigned short sp_source_port, */ /* char *sp_dest,unsigned short sp_dest_port, */ /* _32_bit sp_seq, _32_bit sp_ack, */ /* unsigned short sp_flags) */ /* fire data away in a TCP packet */ /* sp_fd : raw socket filedesc. */ /* sp_data : IP options (you should do the padding) */ /* TCP options (you should do the padding) */ /* data to be transmitted */ /* (NULL is nothing) */ /* note that all is optional, and IP en TCP options are*/ /* not often used. */ /* All data is put after eachother in one buffer. */ /* sp_ipoptlen : length of IP options (in bytes) */ /* sp_tcpoptlen : length of TCP options (in bytes) */ /* sp_datalen : amount of data to be transmitted (bytes) */ /* sp_source : spoofed host that"sends packet" */ /* sp_source_port: spoofed port that "sends packet" */ /* sp_dest : host that should receive packet */ /* sp_dest_port : port that should receive packet */ /* sp_seq : sequence number of packet */ /* sp_ack : ACK of packet */ /* sp_flags : flags of packet (URG,ACK,PSH,RST,SYN,FIN) */ /* */ /* void transmit_UDP (int sp_fd, char *sp_data, */ /* int sp_ipoptlen, int sp_datalen, */ /* char *sp_source, unsigned short sp_source_port, */ /* char *sp_dest, unsigned short sp_dest_port) */ /* fire data away in an UDP packet */ /* sp_fd : raw socket filedesc. */ /* sp_data : IP options */ /* data to be transmitted */ /* (NULL if none) */ /* sp_ipoptlen : length of IP options (in bytes) */ /* sp_datalen : amount of data to be transmitted */ /* sp_source : spoofed host that"sends packet" */ /* sp_source_port: spoofed port that "sends packet" */ /* sp_dest : host that should receive packet */ /* sp_dest_port : port that should receive packet */ /* */ /**************************************************************************/ #define SP_IP_HEAD_BASE 20 /* using fixed lengths to send */ #define SP_TCP_HEAD_BASE 20 /* no options etc... */ #define SP_UDP_HEAD_BASE 8 /* Always fixed */ int open_sending (void) { struct protoent *sp_proto; int sp_fd; int dummy=1; /* they don't come rawer */ if ((sp_fd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW))==-1) perror("Couldn't open Socket."), exit(1); #ifdef DEBUG printf("Raw socket ready\n"); #endif return sp_fd; } void sp_send_packet (struct sp_data_exchange *sp, unsigned char proto) { int sp_status; struct sockaddr_in sp_server; struct hostent *sp_help; int HEAD_BASE; /* Construction of destination */ bzero((char *)&sp_server, sizeof(struct sockaddr)); sp_server.sin_family = AF_INET; sp_server.sin_addr.s_addr = sp->dest; /* if (sp_server.sin_addr.s_addr == (unsigned int)-1) { if (!(sp_help=gethostbyname(sp->dest))) fprintf(stderr,"unknown host %s\n", sp->dest), exit(1); bcopy(sp_help->h_addr, (caddr_t)&sp_server.sin_addr, sp_help->h_length); }; */ switch(proto) { case 6: HEAD_BASE = SP_TCP_HEAD_BASE; break; /* TCP */ case 17: HEAD_BASE = SP_UDP_HEAD_BASE; break; /* UDP */ default: exit(1); break; }; sp_status = sendto(sp->fd, (char *)(sp->buffer), sp->datalen+HEAD_BASE+SP_IP_HEAD_BASE+sp->IP_optlen, 0, (struct sockaddr *)&sp_server,sizeof(struct sockaddr)); if (sp_status < 0 || sp_status != sp->datalen+HEAD_BASE+SP_IP_HEAD_BASE+sp->IP_optlen) { if (sp_status < 0) perror("Sendto"), exit(1); printf("hmm... Only transmitted %d of %d bytes.\n", sp_status, sp->datalen+HEAD_BASE); }; #ifdef DEBUG printf("Packet transmitted...\n"); #endif } void sp_fix_IP_packet (struct sp_data_exchange *sp, unsigned char proto) { struct IP_header *sp_help_ip; int HEAD_BASE; switch(proto) { case 6: HEAD_BASE = SP_TCP_HEAD_BASE; break; /* TCP */ case 17: HEAD_BASE = SP_UDP_HEAD_BASE; break; /* UDP */ default: exit(1); break; }; sp_help_ip = (struct IP_header *) (sp->buffer); sp_help_ip->verlen = (IP_VERSION << 4) | ((SP_IP_HEAD_BASE+sp->IP_optlen)/4); sp_help_ip->type = 0; sp_help_ip->length = htons(SP_IP_HEAD_BASE+HEAD_BASE+sp->datalen+sp->IP_optlen+sp->TCP_optlen); sp_help_ip->ID = htons(12545); /* TEST */ sp_help_ip->flag_offset = 0; sp_help_ip->TTL = 69; sp_help_ip->protocol = proto; sp_help_ip->source = sp->source; sp_help_ip->destination = sp->dest; sp_help_ip->checksum=in_cksum((unsigned short *) (sp->buffer), SP_IP_HEAD_BASE+sp->IP_optlen); #ifdef DEBUG printf("IP header fixed...\n"); #endif } void sp_fix_TCP_packet (struct sp_data_exchange *sp) { char sp_pseudo_ip_construct[MTU]; struct TCP_header *sp_help_tcp; struct pseudo_IP_header *sp_help_pseudo; int i; for(i=0;ibuffer+SP_IP_HEAD_BASE+sp->IP_optlen); sp_help_pseudo = (struct pseudo_IP_header *) sp_pseudo_ip_construct; sp_help_tcp->offset_flag = htons( (((SP_TCP_HEAD_BASE+sp->TCP_optlen)/4)<<12) | sp->flags); sp_help_tcp->seq_nr = htonl(sp->seq); sp_help_tcp->ACK_nr = htonl(sp->ack); sp_help_tcp->source = htons(sp->source_port); sp_help_tcp->destination = htons(sp->dest_port); sp_help_tcp->window = htons(0x7c00); /* dummy for now 'wujx' */ sp_help_pseudo->source = sp->source; sp_help_pseudo->destination = sp->dest; sp_help_pseudo->zero_byte = 0; sp_help_pseudo->protocol = 6; sp_help_pseudo->TCP_UDP_len = htons(sp->datalen+SP_TCP_HEAD_BASE+sp->TCP_optlen); memcpy(sp_pseudo_ip_construct+12, sp_help_tcp, sp->TCP_optlen+sp->datalen+SP_TCP_HEAD_BASE); sp_help_tcp->checksum=in_cksum((unsigned short *) sp_pseudo_ip_construct, sp->datalen+12+SP_TCP_HEAD_BASE+sp->TCP_optlen); #ifdef DEBUG printf("TCP header fixed...\n"); #endif } void transmit_TCP (int sp_fd, char *sp_data, int sp_ipoptlen, int sp_tcpoptlen, int sp_datalen, _32_bit sp_source, unsigned short sp_source_port, _32_bit sp_dest, unsigned short sp_dest_port, _32_bit sp_seq, _32_bit sp_ack, unsigned short sp_flags) { char sp_buffer[1500]; struct sp_data_exchange sp_struct; bzero(sp_buffer,1500); if (sp_ipoptlen!=0) memcpy(sp_buffer+SP_IP_HEAD_BASE,sp_data,sp_ipoptlen); if (sp_tcpoptlen!=0) memcpy(sp_buffer+SP_IP_HEAD_BASE+SP_TCP_HEAD_BASE+sp_ipoptlen, sp_data+sp_ipoptlen,sp_tcpoptlen); if (sp_datalen!=0) memcpy(sp_buffer+SP_IP_HEAD_BASE+SP_TCP_HEAD_BASE+sp_ipoptlen+sp_tcpoptlen, sp_data+sp_ipoptlen+sp_tcpoptlen,sp_datalen); sp_struct.fd = sp_fd; sp_struct.data = sp_data; sp_struct.datalen = sp_datalen; sp_struct.source = sp_source; sp_struct.source_port = sp_source_port; sp_struct.dest = sp_dest; sp_struct.dest_port = sp_dest_port; sp_struct.seq = sp_seq; sp_struct.ack = sp_ack; sp_struct.flags = sp_flags; sp_struct.buffer = sp_buffer; sp_struct.IP_optlen = sp_ipoptlen; sp_struct.TCP_optlen = sp_tcpoptlen; sp_fix_TCP_packet(&sp_struct); sp_fix_IP_packet(&sp_struct, 6); sp_send_packet(&sp_struct, 6); } void sp_fix_UDP_packet (struct sp_data_exchange *sp) { char sp_pseudo_ip_construct[MTU]; struct UDP_header *sp_help_udp; struct pseudo_IP_header *sp_help_pseudo; int i; for(i=0;ibuffer+SP_IP_HEAD_BASE+sp->IP_optlen); sp_help_pseudo = (struct pseudo_IP_header *) sp_pseudo_ip_construct; sp_help_udp->source = htons(sp->source_port); sp_help_udp->destination = htons(sp->dest_port); sp_help_udp->length = htons(sp->datalen+SP_UDP_HEAD_BASE); sp_help_pseudo->source = sp->source; sp_help_pseudo->destination = sp->dest; sp_help_pseudo->zero_byte = 0; sp_help_pseudo->protocol = 17; sp_help_pseudo->TCP_UDP_len = htons(sp->datalen+SP_UDP_HEAD_BASE); memcpy(sp_pseudo_ip_construct+12, sp_help_udp, sp->datalen+SP_UDP_HEAD_BASE); sp_help_udp->checksum=in_cksum((unsigned short *) sp_pseudo_ip_construct, sp->datalen+12+SP_UDP_HEAD_BASE); #ifdef DEBUG printf("UDP header fixed...\n"); #endif } void transmit_UDP (int sp_fd, char *sp_data, int sp_ipoptlen, int sp_datalen, _32_bit sp_source, unsigned short sp_source_port, _32_bit sp_dest, unsigned short sp_dest_port) { char sp_buffer[1500]; struct sp_data_exchange sp_struct; bzero(sp_buffer,1500); if (sp_ipoptlen!=0) memcpy(sp_buffer+SP_IP_HEAD_BASE,sp_data,sp_ipoptlen); if (sp_data!=NULL) memcpy(sp_buffer+SP_IP_HEAD_BASE+SP_UDP_HEAD_BASE+sp_ipoptlen, sp_data+sp_ipoptlen,sp_datalen); sp_struct.fd = sp_fd; sp_struct.data = sp_data; sp_struct.datalen = sp_datalen; sp_struct.source = sp_source; sp_struct.source_port = sp_source_port; sp_struct.dest = sp_dest; sp_struct.dest_port = sp_dest_port; sp_struct.buffer = sp_buffer; sp_struct.IP_optlen = sp_ipoptlen; sp_struct.TCP_optlen = 0; sp_fix_UDP_packet(&sp_struct); sp_fix_IP_packet(&sp_struct, 17); sp_send_packet(&sp_struct, 17); } #endif #endif sniffit.0.3.7.beta/sn_generation.h100644 1750 1750 1325 6553423606 15607 0ustar codercoder/* Sniffit Packet Generation File */ void exec_generate(struct generate_mask *); void transmit_TCP (int, char *, int, int , int , _32_bit, unsigned short, _32_bit, unsigned short, _32_bit, _32_bit, unsigned short); void transmit_UDP (int, char *, int, int, _32_bit, unsigned short, _32_bit, unsigned short); int open_sending (void); void sp_send_packet (struct sp_data_exchange *, unsigned char); void sp_fix_TCP_packet (struct sp_data_exchange *); void sp_fix_UDP_packet (struct sp_data_exchange *); void sp_fix_IP_packet (struct sp_data_exchange *, unsigned char); sniffit.0.3.7.beta/sn_global.h100644 1750 1750 560 6553423606 14674 0ustar codercoder/* Sniffit Global File */ /* some things that are better defined before all the rest */ /* currently some option data */ char SNIFMODE, DUMPMODE, PROTOCOLS, ASC, WILDCARD, CFG_FILE, NO_CHKSUM; char INTERACTIVE_EXTEND; int LOGPARAM; /* All option shit */ sniffit.0.3.7.beta/sn_interface.c100644 1750 1750 60142 6553423606 15431 0ustar codercoder/* Sniffit Interface source File */ /* - by: Brecht Claerhout */ #include "sn_config.h" #ifdef INCLUDE_INTERFACE #include #include #include #include #include "sn_curses.h" #include "sn_defines.h" #include "sn_structs.h" #include "sn_interface.h" #include "sn_generation.h" #include "sn_resolv.h" /*** extern stuff ********/ extern char *SHARED, *connection_data, *timing, *running_connections, *logged_connections; extern int *LISTlength, *DATAlength, memory_id; extern unsigned int *TCP_nr_of_packets, *ICMP_nr_of_packets, *UDP_nr_of_packets; unsigned int *IP_nr_of_packets; extern unsigned long *TCP_bytes_in_packets, *UDP_bytes_in_packets; extern int *DESC_LEN; /* For the connection desciption */ extern char INTERACTIVE_EXTEND; extern struct snif_mask *mask; extern struct shared_logged_conn *log_conn; extern FILE *log_dev_stream; extern struct stat log_dev_stat; extern volatile int LOGGING, screen_busy; extern char PACKET_INFO; extern int POINTpos, LISTpos; extern unsigned char COLOR_AVAIL; extern WINDOW *menu_window; extern struct box_window data_box, main_box, mask_box, packets_box; extern int Pid; extern char *logging_device; /*** Screen Parameters ***/ extern int MASK_WINDOW_ROWS, MASK_WINDOW_COLS, MAIN_WINDOW_ROWS, MAIN_WINDOW_COLS; extern int INFO_WINDOW_ROWS, INFO_WINDOW_COLS, DATA_WINDOW_ROWS, DATA_WINDOW_COLS; extern int INFO_WINDOW_X, INFO_WINDOW_Y, MASK_WINDOW_X, MASK_WINDOW_Y; extern int DATA_WINDOW_X, DATA_WINDOW_Y; /*** Sreen operations ***/ void init_screen (void) { initscr(); cbreak(); noecho(); nonl(); clear(); if(has_colors()==TRUE) { COLOR_AVAIL=1; start_color(); init_pair(WIN_COLOR_NORMAL,COLOR_WHITE,COLOR_BLUE); init_pair(WIN_COLOR_POINT,COLOR_BLUE,COLOR_CYAN); init_pair(WIN_COLOR_DATA,COLOR_BLUE,COLOR_CYAN); init_pair(WIN_COLOR_INPUT,COLOR_BLUE,COLOR_CYAN); init_pair(WIN_COLOR_MENU,COLOR_BLUE,COLOR_CYAN); init_pair(WIN_COLOR_PACKET_INFO,COLOR_BLUE,COLOR_CYAN); } else { COLOR_AVAIL=0; } MAIN_WINDOW_ROWS = LINES-5; MAIN_WINDOW_COLS = COLS; MASK_WINDOW_ROWS = 4; MASK_WINDOW_COLS = COLS; MASK_WINDOW_X = 0; MASK_WINDOW_Y = LINES-5; INFO_WINDOW_ROWS = 8; INFO_WINDOW_COLS = 35; INFO_WINDOW_X = 3; INFO_WINDOW_Y = MAIN_WINDOW_ROWS-INFO_WINDOW_ROWS-2; DATA_WINDOW_ROWS = (MAIN_WINDOW_ROWS/3)*2; DATA_WINDOW_COLS = (MAIN_WINDOW_COLS/3)*2; DATA_WINDOW_X = COLS-DATA_WINDOW_COLS-2; DATA_WINDOW_Y = 3; exit_func(screen_exit); if( (COLS<80)||(LINES<18) ) exit(0); }; void f_box_window (struct box_window *Win, int num_lines, int num_cols, int begy,int begx, int col_mode) /* col_mode : color selection */ { int i; Win->main_window=newwin(num_lines,num_cols,begy,begx); Win->work_window=subwin(Win->main_window,num_lines-2,num_cols-2,begy+1,begx+1); if(COLOR_AVAIL) { switch(col_mode) { case 0: wattrset(Win->main_window,COLOR_PAIR(WIN_COLOR_NORMAL)); wattrset(Win->work_window,COLOR_PAIR(WIN_COLOR_NORMAL)); break; case 1: wattrset(Win->main_window,COLOR_PAIR(WIN_COLOR_PACKET_INFO)); wattrset(Win->work_window,COLOR_PAIR(WIN_COLOR_PACKET_INFO)); break; default:break; } for(i=0;i<=(num_lines-2);i++) { wmove(Win->work_window,i,0); whline(Win->work_window,' ',num_cols-2); } } keypad(Win->work_window,1); box(Win->main_window,ACS_VLINE,ACS_HLINE); mvwprintw(Win->main_window,0,3,"Sniffit %s",VERSION); wmove(Win->work_window,0,0); wnoutrefresh(Win->main_window);wnoutrefresh(Win->work_window); doupdate(); } void data_window (struct box_window *Win, struct box_window *P_Win, int num_lines, int num_cols, int begy,int begx, char *buffer, int listitem) { int i=0, j=0; struct shared_conn_data *conn; conn = (struct shared_conn_data *) buffer; while((j=CONNECTION_CAPACITY+1) return; j=0; Win->main_window=newwin(num_lines,num_cols,begy,begx); Win->work_window=subwin(Win->main_window,num_lines-5,num_cols-2,begy+1,begx+1); scrollok(Win->work_window,1); if(COLOR_AVAIL) wattrset(Win->main_window,COLOR_PAIR(WIN_COLOR_DATA)); box(Win->main_window,ACS_VLINE,ACS_HLINE); wmove(Win->main_window,num_lines-3,1); whline(Win->main_window,ACS_HLINE,num_cols-2); wmove(Win->main_window,num_lines-2,1); whline(Win->main_window,' ',num_cols-2); wmove(Win->main_window,num_lines-2,2); waddstr(Win->main_window, conn[i].connection); strcpy(log_conn->log_enter,conn[i].connection); wmove(Win->work_window,0,0); wnoutrefresh(Win->main_window);wnoutrefresh(Win->work_window); doupdate(); } void data_device (char *buffer, int listitem) { int i=0, j=0; struct shared_conn_data *conn; conn = (struct shared_conn_data *) buffer; while((j=CONNECTION_CAPACITY+1) return; strcpy(log_conn->log_enter, conn[i].connection); } void mask_status (struct box_window *Work_win) { unsigned char *ad; int i; wmove(Work_win->work_window,0,1); for(i=0;i<2;i++) {wmove(Work_win->work_window,i,0); whline(Work_win->work_window,' ',COLS-2);} wmove(Work_win->work_window,0,1); wprintw(Work_win->work_window,"Source IP : "); ad=&(mask->source_ip); if(mask->source_ip==0) wprintw(Work_win->work_window,"All"); else wprintw(Work_win->work_window,"%u.%u.%u.%u",ad[0],ad[1],ad[2],ad[3]); wmove(Work_win->work_window,1,1); wprintw(Work_win->work_window,"Destination IP: "); ad=&(mask->destination_ip); if(mask->destination_ip==0) wprintw(Work_win->work_window,"All"); else wprintw(Work_win->work_window,"%u.%u.%u.%u",ad[0],ad[1],ad[2],ad[3]); wmove(Work_win->work_window,0,35); wprintw(Work_win->work_window,"Source PORT : "); if(mask->source_port==0) wprintw(Work_win->work_window,"All"); else wprintw(Work_win->work_window,"%u",mask->source_port); wmove(Work_win->work_window,1,35); wprintw(Work_win->work_window,"Destination PORT: "); if(mask->destination_port==0) wprintw(Work_win->work_window,"All"); else wprintw(Work_win->work_window,"%u",mask->destination_port); wnoutrefresh(Work_win->main_window); wnoutrefresh(Work_win->work_window); doupdate(); } void fill_box_window (struct box_window *Work_win, char *buffer, int begin_item, int boxlen, int rowlen) /* 0 is the first item */ { int i=0, j=0, line=0; struct shared_conn_data *conn; conn = (struct shared_conn_data *) buffer; while((j=CONNECTION_CAPACITY+1) return; j=0; while((linework_window,line,0); whline(Work_win->work_window,' ',rowlen); if(strcmp(log_conn->log_enter,conn[i+j].connection) != 0) { if(INTERACTIVE_EXTEND==1) wprintw(Work_win->work_window," %s : %s",conn[i+j].connection,conn[i+j].desc); else wprintw(Work_win->work_window," %s",conn[i+j].connection); } else { if(INTERACTIVE_EXTEND==1) wprintw(Work_win->work_window," %s : [LOGGED]", conn[i+j].connection); else wprintw(Work_win->work_window," %s [LOGGED]", conn[i+j].connection); } line++; } j++; } for(i=line;iwork_window,i,0); whline(Work_win->work_window,' ',rowlen); }; wnoutrefresh(Work_win->work_window); } void point_item (struct box_window *Work_win, char *buffer, int item, int begin_item, int boxlen, int rowlen) { int i=0, j=0; struct shared_conn_data *conn; if(item<0) return; /* POINTpos 0 = first item -1 = no items */ /* LISTlength 0 = 1 -1 = no items */ /* DANGER - there should always be >= */ /* connections than 'item' */ conn = (struct shared_conn_data *) buffer; while((j=CONNECTION_CAPACITY+1) return; j=0; #ifdef DEBUG debug_msg(conn[i].connection); #endif if(COLOR_AVAIL!=0) wattrset(Work_win->work_window,COLOR_PAIR(WIN_COLOR_POINT)); else wattron(Work_win->work_window,A_REVERSE); wmove(Work_win->work_window,item-begin_item,0); whline(Work_win->work_window,' ',rowlen); if(strcmp(log_conn->log_enter,conn[i].connection)!=0) { if(INTERACTIVE_EXTEND==1) mvwprintw(Work_win->work_window,item-begin_item,0, " %s : %s", conn[i].connection, conn[i].desc); else mvwprintw(Work_win->work_window,item-begin_item,0," %s", conn[i].connection); } else { if(INTERACTIVE_EXTEND==1) mvwprintw(Work_win->work_window,item-begin_item,0, " %s : [LOGGED]",conn[i].connection); else mvwprintw(Work_win->work_window,item-begin_item,0, " %s [LOGGED]",conn[i].connection); } wnoutrefresh(Work_win->work_window); if(COLOR_AVAIL!=0) wattrset(Work_win->work_window,COLOR_PAIR(WIN_COLOR_NORMAL)); else wattroff(Work_win->work_window,A_REVERSE); } void forced_refresh (void) { #ifdef DEBUG char debug_line[200]; #endif if((POINTpos<0)&&(*LISTlength>=0)) POINTpos=0; if((POINTpos>*LISTlength)&&(*LISTlength>=0)) POINTpos=*LISTlength; if((POINTpos>*LISTlength)&&(*LISTlength<0)) POINTpos=-1; while(screen_busy!=0) {}; /* wait till screen operations stop */ #ifdef DEBUG sprintf(debug_line,"FIX: POINTpos: %d LISTlength: %d LISTpos: %d\n",POINTpos,*LISTlength,LISTpos); debug_msg(debug_line); #endif fill_box_window(&main_box, running_connections,LISTpos, MAIN_WINDOW_ROWS-2,MAIN_WINDOW_COLS-2); point_item(&main_box, running_connections, POINTpos,LISTpos, MAIN_WINDOW_ROWS-2,MAIN_WINDOW_COLS-2); if((LOGGING==1)&&(logging_device==NULL)) { touchwin(data_box.main_window);touchwin(data_box.work_window); wnoutrefresh(data_box.main_window);wnoutrefresh(data_box.work_window); } if(PACKET_INFO==1) { touchwin(packets_box.main_window);touchwin(packets_box.work_window); wnoutrefresh(packets_box.main_window); wnoutrefresh(packets_box.work_window); } doupdate(); } void menu_line (void) { int i; if(menu_window==NULL) menu_window=newwin (1,COLS,LINES-1,0); if(COLOR_AVAIL!=0) wattrset(menu_window,COLOR_PAIR(WIN_COLOR_MENU)); else wattron(menu_window,A_REVERSE); wmove(menu_window,0,0); whline(menu_window,' ',COLS); mvwaddstr(menu_window,0,0,MENU); wnoutrefresh(menu_window); } char *input_field(char *string, char *input, int flag) { int i; char dummy[500]; WINDOW *Work_txt, *Work_inp; #ifdef DEBUG debug_msg("IntAct: Input Field activated"); #endif Work_txt=newwin(1,COLS,LINES-1,0); Work_inp=newwin(1,50,LINES-1,strlen(string)); if(COLOR_AVAIL!=0) { wattrset(Work_inp,COLOR_PAIR(WIN_COLOR_INPUT)); wattrset(Work_txt,COLOR_PAIR(WIN_COLOR_NORMAL)); } whline(Work_txt,' ',COLS); whline(Work_inp,' ',50); mvwaddstr(Work_txt,0,0,string); while(screen_busy!=0) {}; wnoutrefresh(Work_txt);wnoutrefresh(Work_inp); doupdate(); echo();mvwgetstr(Work_inp,0,0,dummy);noecho(); if(input!=NULL) {strcpy(input,dummy);} delwin(Work_inp);delwin(Work_txt); menu_line(); forced_refresh(); #ifdef DEBUG debug_msg("IntAct: Input Field Ended"); #endif return input; } void exec_mask (void) { LISTpos=0; POINTpos=-1; /* otherwise we get never ending loop */ clear_shared_mem(1); mask_status(&mask_box); if(LOGGING==1) stop_logging(); forced_refresh(); } /* signaling */ void sig_blocking(char on_off, int sig) { sigset_t set; sigemptyset(&set);sigaddset(&set,sig); if(on_off==1) {sigprocmask(SIG_BLOCK,&set,NULL);} else {sigprocmask(SIG_UNBLOCK,&set,NULL);} } void set_signal (int signum, sig_hand new_action) { struct sigaction new_sigusr; sigset_t sig_mask; sigemptyset(&sig_mask); sigaddset(&sig_mask,SIGUSR1); sigaddset(&sig_mask,SIGALRM); new_sigusr.sa_handler=new_action; new_sigusr.sa_mask=sig_mask; new_sigusr.sa_flags=0; sigaction(signum,&new_sigusr,NULL); } void interaction (int sig) /* invoked when data arrives */ { int i; struct shared_conn_data *conn; /* timeout increase */ conn = (struct shared_conn_data *) running_connections; for(i=0;ilog_enter[0]==0)) stop_logging(); screen_busy=1; if((LOGGING==1)&&(*DATAlength!=0)) { if(logging_device==NULL) { for(i=0;i<*DATAlength;i++) waddch(data_box.work_window, isprint(*(connection_data+i))? *(connection_data+i):'.'); } else { for(i=0;i<*DATAlength;i++) fputc(*(connection_data+i),log_dev_stream); fflush(log_dev_stream); } *DATAlength=0; } screen_busy=0; forced_refresh(); set_signal(SIGUSR1,interaction); } void packet_info_handler (int signum) { #ifdef DEBUG debug_msg("ALARM RANG"); #endif screen_busy=1; mvwprintw(packets_box.work_window,0,1,"IP packets/sec. : % 12u",(*IP_nr_of_packets)/INFO_TIMER); mvwprintw(packets_box.work_window,1,1,"TCP packets/sec. : % 12u",(*TCP_nr_of_packets)/INFO_TIMER); mvwprintw(packets_box.work_window,2,1,"ICMP packets/sec.: % 12u",(*ICMP_nr_of_packets)/INFO_TIMER); mvwprintw(packets_box.work_window,3,1,"UDP packets/sec. : % 12u",(*UDP_nr_of_packets)/INFO_TIMER); mvwprintw(packets_box.work_window,4,1,"bytes/sec. (TCP) : % 12ld",(*TCP_bytes_in_packets)/INFO_TIMER); mvwprintw(packets_box.work_window,5,1,"bytes/sec. (UDP) : % 12ld",(*UDP_bytes_in_packets)/INFO_TIMER); screen_busy=0; forced_refresh(); /* reinstall handler, reset alarm */ *IP_nr_of_packets=0; *TCP_nr_of_packets=*TCP_bytes_in_packets=0; *ICMP_nr_of_packets=0; *UDP_nr_of_packets=*UDP_bytes_in_packets=0; set_signal(SIGALRM, packet_info_handler); alarm(INFO_TIMER); } /* at/on_exit's */ void child_exit (void) { kill(Pid,SIGKILL); }; void screen_exit (void) { clear(); endwin(); }; void mem_exit (void) { if(shmctl(memory_id,IPC_RMID,0)<0) {perror("Sniffer Hartattack (you are fucked!) ");exit(0);}; } /* Some other stuff */ void stop_logging (void) { LOGGING=0; log_conn->log_enter[0]=0; if(logging_device==NULL) {delwin(data_box.work_window); delwin(data_box.main_window);} forced_refresh(); } void stop_packet_info (void) { PACKET_INFO=0; alarm(0); delwin(packets_box.work_window), delwin(packets_box.main_window); forced_refresh(); } int add_itemlist(char *buffer, char *string, char *desc) { int i, to_help, to_item; struct shared_conn_data *conn; /*invoked every time a packet comes in */ conn = (struct shared_conn_data *) buffer; for(i=0;ito_help) if(strcmp(conn[i].connection,log_conn->log_enter)!=0) { to_help=conn[i].timeout; to_item=i; } strcpy(conn[to_item].connection, string); strcpy(conn[to_item].desc, desc); /* For description of connect */ conn[to_item].timeout=0; return to_item; } int del_itemlist(char *buffer, char *string) { int i; struct shared_conn_data *conn; conn = (struct shared_conn_data *) buffer; for(i=0;ilog_enter, string)==0) {log_conn->log_enter[0]=0;} return i; } return -1; } void clear_shared_mem(char mode) /* mode = 0 all */ /* mode = 1 keep mask */ /* keep packet count */ { int i; struct shared_conn_data *conn; *timing=1; *DATAlength=0; *LISTlength=-1; if(mode==0) { mask->source_ip=mask->destination_ip=mask->source_port=mask->destination_port=0; *IP_nr_of_packets=0; *TCP_nr_of_packets=*TCP_bytes_in_packets=0; *ICMP_nr_of_packets=0; *UDP_nr_of_packets=*UDP_bytes_in_packets=0; } log_conn->log_enter[0]=0; conn = (struct shared_conn_data *) running_connections; for(i=0;i=CONNECTION_CAPACITY+1) return; j=0; strcpy(e_dummy,conn[i].connection); /* OLD STUFF -- Previous line format */ /* strtok(e_dummy," "); strcpy(esource,strtok(NULL," ")); strcpy(es_port,strtok(NULL," ")); strtok(NULL," "); strcpy(edest,strtok(NULL," ")); strcpy(ed_port,strtok(NULL," ")); */ strcpy(esource,strtok(e_dummy," ")); strcpy(es_port,strtok(NULL," ")); strtok(NULL," "); strcpy(edest,strtok(NULL," ")); strcpy(ed_port,strtok(NULL," ")); #ifdef DEBUG debug_msg(esource); debug_msg(es_port); debug_msg(edest); debug_msg(ed_port); #endif } /*** Main interface program */ void run_interface(void) { int i,key_hit; char dummy[100]; char exec_s[20],exec_sp[20],exec_d[20],exec_dp[20]; struct generate_mask generate; POINTpos=-1; *LISTlength=-1; LISTpos=0; LOGGING=0; PACKET_INFO=0; screen_busy=0; set_signal (SIGCHLD, SIG_IGN); set_signal(SIGUSR1,interaction); init_screen(); /* The whole screen setup */ if( MAIN_WINDOW_COLS-2-CONN_NAMELEN-1 < DESC_BYTES) *DESC_LEN=MAIN_WINDOW_COLS-2-CONN_NAMELEN-1; else *DESC_LEN=DESC_BYTES; f_box_window(&mask_box,MASK_WINDOW_ROWS,MASK_WINDOW_COLS,MASK_WINDOW_Y,MASK_WINDOW_X,0); mask_status(&mask_box); f_box_window(&main_box,MAIN_WINDOW_ROWS,MAIN_WINDOW_COLS,0,0,0); fill_box_window(&main_box, running_connections,LISTpos, MAIN_WINDOW_ROWS-2,MAIN_WINDOW_COLS-2); point_item(&main_box, running_connections,POINTpos,LISTpos, MAIN_WINDOW_ROWS-2,MAIN_WINDOW_COLS-2); menu_window=NULL; menu_line(); doupdate(); /* And..... draw it! */ while(1) { key_hit=wgetch(main_box.work_window); #ifdef DEBUG debug_msg("IntAct: Key Hit Received"); #endif sig_blocking(1, SIGALRM); sig_blocking(1, SIGUSR1); switch(key_hit) { case KEY_DOWN: case 'J': case 'j': if(POINTpos>=*LISTlength) break; if( POINTpos<(LISTpos+(MAIN_WINDOW_ROWS-3)) ) POINTpos++; else {if(LISTpos>=*LISTlength) break; LISTpos++; POINTpos++;}; forced_refresh(); break; case KEY_UP: case 'K': case 'k': if(POINTpos==0) break; if(POINTpos>LISTpos) POINTpos--; else {if(LISTpos==0) break; LISTpos--; POINTpos--;}; forced_refresh(); break; case ENTER: if(*LISTlength<0) break; if(LOGGING==0) { if(logging_device==NULL) data_window(&data_box,&main_box,DATA_WINDOW_ROWS, DATA_WINDOW_COLS,DATA_WINDOW_Y, DATA_WINDOW_X, running_connections,POINTpos); else data_device(running_connections,POINTpos); LOGGING=1; } else { stop_logging(); if(logging_device==NULL) data_window(&data_box,&main_box,DATA_WINDOW_ROWS, DATA_WINDOW_COLS,DATA_WINDOW_Y, DATA_WINDOW_X, running_connections,POINTpos); else data_device(running_connections,POINTpos); LOGGING=1; }; break; case 'N': case 'n': if(PACKET_INFO==0) { f_box_window(&packets_box,INFO_WINDOW_ROWS,INFO_WINDOW_COLS, INFO_WINDOW_Y, INFO_WINDOW_X ,1); PACKET_INFO=1; *IP_nr_of_packets=0; *TCP_nr_of_packets=*TCP_bytes_in_packets=0; *ICMP_nr_of_packets=0; *UDP_nr_of_packets=*UDP_bytes_in_packets=0; packet_info_handler(SIGALRM); } else {stop_packet_info();} break; #ifdef GENERATION case 'g': case 'G': input_field("Source IP for PKT Generation: ",dummy,1); generate.source_ip=getaddrbyname(dummy); input_field("Source Port: ",dummy,1); generate.source_port=atoi(dummy); input_field("Dest IP for PKT Generation: ",dummy,1); generate.dest_ip=getaddrbyname(dummy); input_field("Dest Port: ",dummy,1); generate.dest_port=atoi(dummy); input_field("Number of PKTs: ",dummy,1); generate.pkt_no=atoi(dummy); exec_generate(&generate); break; #endif case 'q': case 'Q': case KEY_F(10): if(LOGGING==1) {stop_logging();} else {kill(Pid,SIGKILL);exit(0);} break; case '1': case KEY_F(1): input_field("Source Ip: ",dummy,0); mask->source_ip=getaddrbyname(dummy); exec_mask(); break; case '2': case KEY_F(2): input_field("Destination Ip: ",dummy,0); mask->destination_ip=getaddrbyname(dummy); exec_mask(); break; case '3': case KEY_F(3): input_field("Source Port: ",dummy,0); mask->source_port=atoi(dummy); exec_mask(); break; case '4': case KEY_F(4): input_field("Destination Port: ",dummy,0); mask->destination_port=atoi(dummy); exec_mask(); break; case '5': case KEY_F(5): if(*LISTlength<0) break; if(access("./sniffit_key5", X_OK)<0) break; create_arguments(exec_s,exec_sp,exec_d, exec_dp,running_connections,POINTpos); if(fork()==0) /* CHILD */ { close(0); close(1); close(2); sig_blocking(0, SIGALRM); sig_blocking(0, SIGUSR1); set_signal(SIGALRM,SIG_DFL); set_signal(SIGUSR1,SIG_DFL); execl("./sniffit_key5","sniffit_key5",exec_s,exec_sp,exec_d,exec_dp,NULL); exit(0); }; break; case '6': case KEY_F(6): if(*LISTlength<0) break; if(access("./sniffit_key6", X_OK)<0) break; create_arguments(exec_s,exec_sp,exec_d, exec_dp,running_connections,POINTpos); if(fork()==0) /* CHILD */ { close(0); close(1); close(2); sig_blocking(0, SIGALRM); sig_blocking(0, SIGUSR1); set_signal(SIGALRM,SIG_DFL); set_signal(SIGUSR1,SIG_DFL); execl("./sniffit_key6","sniffit_key6",exec_s,exec_sp,exec_d,exec_dp,NULL); exit(0); }; break; case '7': case KEY_F(7): if(*LISTlength<0) break; if(access("./sniffit_key7", X_OK)<0) break; create_arguments(exec_s,exec_sp,exec_d, exec_dp,running_connections,POINTpos); if(fork()==0) /* CHILD */ { sig_blocking(0, SIGALRM); sig_blocking(0, SIGUSR1); set_signal(SIGALRM,SIG_DFL); set_signal(SIGUSR1,SIG_DFL); close(0); close(1); close(2); execl("./sniffit_key7","sniffit_key7",exec_s,exec_sp,exec_d,exec_dp,NULL); exit(0); }; break; case '8': case KEY_F(8): if(*LISTlength<0) break; if(access("./sniffit_key8", X_OK)<0) break; create_arguments(exec_s,exec_sp,exec_d, exec_dp,running_connections,POINTpos); if(fork()==0) /* CHILD */ { sig_blocking(0, SIGALRM); sig_blocking(0, SIGUSR1); set_signal(SIGALRM,SIG_DFL); set_signal(SIGUSR1,SIG_DFL); close(0); close(1); close(2); execl("./sniffit_key8","sniffit_key8",exec_s,exec_sp,exec_d,exec_dp,NULL); exit(0); }; break; case 'r': case 'R': /* mask does an auto reset */ exec_mask(); break; default: break; } sig_blocking(0, SIGALRM); sig_blocking(0, SIGUSR1); } }; #endif sniffit.0.3.7.beta/sn_interface.h100644 1750 1750 2616 6553423606 15420 0ustar codercoder/* Sniffit Data File */ #include "pcap.h" typedef void (*sig_hand)(int ); /* sighandler_t gave errors, weird */ int add_itemlist(char *, char *, char *); void child_exit (void); void clear_shared_mem(char); void data_device (char *, int); void data_window (struct box_window *, struct box_window *, int, int, int, int, char *, int); int del_itemlist(char *, char *); void exec_mask (void); void f_box_window (struct box_window *, int, int, int, int, int); void fill_box_window (struct box_window *, char *, int, int, int); void forced_refresh (void); void init_screen (void); char *input_field(char *, char *, int); void interaction (int); void mask_status (struct box_window *); void mem_exit (void); void menu_line (void); void point_item (struct box_window *, char *, int, int, int, int); void run_interface (void); void screen_exit (void); void set_signal (int, sig_hand); void sig_blocking(char, int); void stop_logging (void); int check_mask (const struct packetheader *,const unsigned char *, char *, char *, char *, struct unwrap *); pcap_handler interactive_packethandler( char *, const struct packetheader *, const unsigned char *); void stop_packet_info (void); void packet_info_handler (int); void create_arguments(char *, char *, char *, char *, char *, int); sniffit.0.3.7.beta/sn_logfile.c100644 1750 1750 4121 6553423606 15065 0ustar codercoder/* Sniffit Logfile include file */ /* - by: Brecht Claerhout */ #include "sn_config.h" #include #include #include #include "sn_defines.h" #include "sn_structs.h" #include "sn_logfile.h" extern char Logfile[250]; /* name of logfile */ extern FILE *LogFILE; /* logfile stream */ extern char LOGPARAM; extern char DUMPMODE; /* recorded or not */ void logfile_exit (void) /* at/on_exit closing of logfile */ { printf("Sniffit Logging session ended.\n"); print_logline("Sniffit session ended."); fflush(LogFILE); fclose(LogFILE); } char *gettime (void) { time_t t; char *tm; static char recorded[] = "Recorded"; time(&t); tm=ctime(&t); tm[24]=0; return (DUMPMODE&16)?recorded:tm; } void print_logline (char *logline) { fprintf(LogFILE,"[%s] - %s\n",gettime(),logline); fflush(LogFILE); } void print_ftp_user (char *conn, char *user) { char line[250]; sprintf(line,"%s: USER [%s]",conn,user); print_logline (line); } void print_ftp_pass(char *conn, char *pass) { char line[250]; sprintf(line,"%s: PASS [%s]",conn,pass); print_logline (line); } void print_login (char *conn, char *login) { char line[250]; sprintf(line,"%s: login [%s]",conn,login); print_logline (line); } void print_mail (char *conn, char *msg) { char line[250]; sprintf(line,"%s: mail [%s]",conn,msg); print_logline (line); } void print_pwd (char *conn, char *pwd) { char line[250]; sprintf(line,"%s: password [%s]",conn,pwd); print_logline (line); } void print_conn (char *conn, char *msg) { char line[250]; sprintf(line,"%s: %s",conn,msg); print_logline (line); } void open_logfile (void) { if(Logfile[0]==0) strcpy(Logfile,"sniffit.log"); LogFILE=fopen(Logfile,"a"); if(LogFILE==NULL) printf("Sniffit hardattack.. couldn't create/open logfile...\n"), exit(1); exit_func(logfile_exit); fchmod(LogFILE, S_IWUSR|S_IRUSR); print_logline("Sniffit session started."); printf("Sniffit Logging started.\n"); } sniffit.0.3.7.beta/sn_logfile.h100644 1750 1750 1034 6553423606 15072 0ustar codercoder/* Sniffit Data File */ #define LOG_NO_DETECT 99 #define LOG_NO_LOG 0 #define LOG_LOGIN 1 #define LOG_LOGIN_RECORDED 2 #define LOG_PWD 3 #define LOG_PWD_RECORDED 4 void logfile_exit (void); char *gettime (void); void print_logline (char *); void print_ftp_user (char *, char *); void print_ftp_pass(char *, char *); void print_login (char *, char *); void print_pwd (char *, char *); void print_conn (char *, char *); void print_mail (char *, char *); void open_logfile (void); sniffit.0.3.7.beta/sn_packets.c100644 1750 1750 16362 6553423606 15130 0ustar codercoder/* Sniffit Packet Discription File */ /* - by: Brecht Claerhout */ #include "sn_config.h" #include "sn_defines.h" #include "sn_structs.h" #include extern int PROTO_HEAD; extern char NO_CHKSUM; /* This routine stolen from ping.c */ unsigned short in_cksum(unsigned short *addr,int len) { register int nleft = len; /* leave this alone.. my opinion is that the */ register unsigned short *w = addr; /* register is needed to make it work for both */ register int sum = 0; /* BIG and LITTLE endian machines */ unsigned short answer = 0; /* but then again, who am I to make such statement */ while (nleft > 1) { sum += *w++; nleft -= 2; } if (nleft == 1) { *(unsigned char *)(&answer) = *(unsigned char *)w ; sum += answer; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return(answer); } int unwrap_packet (unsigned char *sp, struct unwrap *unwrapped) { struct IP_header IPhead; struct TCP_header TCPhead; struct ICMP_header ICMPhead; struct UDP_header UDPhead; int i; short int dummy; /* 2 bytes, important */ /* printf("\n"); for(i=0;i<20;i++) printf("%X ",sp[i]); printf("\n"); */ memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header)); /* IP header Conversion */ unwrapped->IP_len = (IPhead.verlen & 0xF) << 2; unwrapped->TCP_len = 0; /* Reset structure NEEDED!!! */ unwrapped->UDP_len = 0; unwrapped->DATA_len= 0; unwrapped->FRAG_f = 0; unwrapped->FRAG_nf = 0; if(NO_CHKSUM == 0) { sp[PROTO_HEAD+10]=0; /* reset checksum to zero, Q&D way*/ sp[PROTO_HEAD+11]=0; if(in_cksum((sp+PROTO_HEAD),unwrapped->IP_len) != IPhead.checksum) { #ifdef DEBUG_ONSCREEN printf("Packet dropped... (invalid IP chksum)\n"); printf("%X %X (len %d)\n",in_cksum((sp+PROTO_HEAD),unwrapped->IP_len),IPhead.checksum,unwrapped->IP_len); #endif return NO_IP; } if(0) { #ifdef DEBUG_ONSCREEN printf("Packet dropped... (invalid IP version)\n"); #endif return NO_IP_4; } memcpy((sp+PROTO_HEAD),&IPhead,sizeof(struct IP_header)); /* restore orig buffer */ /* general programming rule */ } #ifdef DEBUG_ONSCREEN printf("IPheadlen: %d total length: %d\n", unwrapped->IP_len, ntohs(IPhead.length)); #endif dummy=ntohs(IPhead.flag_offset); dummy<<=3; if( dummy!=0 ) /* we have offset */ { unwrapped->FRAG_nf = 1; } dummy=ntohs(IPhead.flag_offset); dummy>>=13; if( (dummy&IP_MF)&&(unwrapped->FRAG_nf==0) ) /* first frag */ { unwrapped->FRAG_f = 1; } if(IPhead.protocol == TCP ) /* TCP */ { if(unwrapped->FRAG_nf == 0) /* packet contains TCP header */ { if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 ) { if(unwrapped->FRAG_f==1) {unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); if(unwrapped->DATA_len<0) {unwrapped->DATA_len=0; return CORRUPT_IP;} return TCP_FRAG_HEAD; } else {return CORRUPT_IP;} } memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), sizeof(struct TCP_header)); unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000; unwrapped->TCP_len >>= 10; unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len) - (unwrapped->TCP_len); /* IP options can not cause SEGFAULT */ if(unwrapped->DATA_len<0) /* Fragmented TCP options */ { if(unwrapped->FRAG_f==1) {unwrapped->TCP_len=0; unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); if(unwrapped->DATA_len<0) {unwrapped->DATA_len=0; return CORRUPT_IP;} return TCP_FRAG_HEAD; } else {return CORRUPT_IP;} } } else { unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); if(unwrapped->DATA_len<0) {unwrapped->DATA_len=0; return CORRUPT_IP;} } return TCP; } if(IPhead.protocol == ICMP ) /* ICMP */ { if(unwrapped->FRAG_nf == 0) /* Should contain header */ { if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 ) {return NOT_SUPPORTED;}; /* no handling of frag headers*/ memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), sizeof(struct ICMP_header)); unwrapped->ICMP_len = ICMP_HEADLENGTH; unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len) - (unwrapped->ICMP_len); if(unwrapped->DATA_len<0) { if(unwrapped->FRAG_f==1) {unwrapped->TCP_len=0; unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); if(unwrapped->DATA_len<0) {unwrapped->DATA_len=0; return CORRUPT_IP;} return NOT_SUPPORTED; /* don't handle fragmented ICMP */ } else {return CORRUPT_IP;} } return ICMP; } else { return NOT_SUPPORTED; /* don't handle fragmented ICMP */ } } if(IPhead.protocol == UDP ) /* UDP */ { if(unwrapped->FRAG_nf == 0) { if( ((IPhead.length)-(unwrapped->IP_len))<8 ) {return NOT_SUPPORTED;}; /* don't handle frag. header */ memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)), sizeof(struct UDP_header)); unwrapped->UDP_len = UDP_HEADLENGTH; unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len) - (unwrapped->UDP_len); if(unwrapped->DATA_len<0) { if(unwrapped->FRAG_f==1) {unwrapped->UDP_len=0; unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len); if(unwrapped->DATA_len<0) {unwrapped->DATA_len=0; return CORRUPT_IP;} return NOT_SUPPORTED; } /* don't handle fragmented UDP */ else {return CORRUPT_IP;} } return UDP; } else { return NOT_SUPPORTED; /* don't handle fragmented UDP */ } } return NOT_SUPPORTED; } sniffit.0.3.7.beta/sn_packets.h100644 1750 1750 373 6553423606 15070 0ustar codercoder/* Sniffit Packets include file */ #ifndef _SN_PACKETS_H_ #define _SN_PACKETS_H_ unsigned short in_cksum(unsigned short *,int); int unwrap_packet (const unsigned char *, struct unwrap *); #endif sniffit.0.3.7.beta/sn_packetstructs.h100644 1750 1750 3131 6553423606 16350 0ustar codercoder/* Sniffit Packet Discription File */ #ifndef _SN_PACKETSTRUCTS_H_ #define _SN_PACKETSTRUCTS_H_ #include struct packetheader { struct timeval ts; /* time stamp */ unsigned long caplen; /* length of portion present */ unsigned long len; /* length this packet (off wire) */ }; struct IP_header /* The IPheader (without options) */ { unsigned char verlen, type; unsigned short length, ID, flag_offset; unsigned char TTL, protocol; unsigned short checksum; _32_bit source, destination; }; struct pseudo_IP_header { _32_bit source, destination; char zero_byte, protocol; unsigned short TCP_UDP_len; }; struct TCP_header /* The TCP header (without options) */ { unsigned short source, destination; _32_bit seq_nr, ACK_nr; unsigned short offset_flag, window, checksum, urgent; }; struct ICMP_header /* The ICMP header */ { unsigned char type, code; unsigned short checksum; }; struct UDP_header /* The UDP header */ { unsigned short source, destination; unsigned short length, checksum; }; struct unwrap /* some extra info */ { int IP_len, TCP_len, ICMP_len, UDP_len; /* header lengths */ int DATA_len; /* keep signed! */ char FRAG_f; /* first fragment */ char FRAG_nf; /* not the first fragment */ }; #endifsniffit.0.3.7.beta/sn_plugins.h100644 1750 1750 2217 6553423606 15136 0ustar codercoder/* Sniffit Pluginfile include file - Brecht Claerhout */ /* You should install the plugins, by adding three lines. */ /* You should define a Plugin name, an alias for the plugin function, */ /* and include the source code of it. */ /* Example: */ /* #define PLUGIN0_NAME "Dummy Plugin" */ /* #define PLUGIN0(x) PL_real_function_name(x) */ /* #define PLUGIN0_INIT() PL_init_real_function_name() (optional) */ /* #include "plugin_include_filename.plug" */ /* PLUGIN0_NAME and PLUGIN0 are fixed names, numbers can go from 0 to 9 */ /* These to plugins come standard with the Sniffit package as examples. */ /* the "Dummy Plugin" is quite useless, but the "DNS Plugin" is going */ /* to be appreciated by some of you. Read the PLUGIN-HOWTO file. */ #define PLUGIN0_NAME "Dummy Plugin" #define PLUGIN0(x) PL_dummy_plugin(x) #include "dummy_plugin.plug" #define PLUGIN1_NAME "DNS Plugin" #define PLUGIN1(x) PL_DNS_plugin(x) #include "dns_plugin.plug" sniffit.0.3.7.beta/sn_resolv.c100644 1750 1750 1144 6553423606 14760 0ustar codercoder/* Sniffit hostname resolving part */ /* - getaddrbyname: Godmar Back / Shudoh Kazuyuki */ #include "sn_defines.h" #include #include _32_bit getaddrbyname (const char *name) { _32_bit ret; struct hostent *he; if ((ret = inet_addr (name)) != INADDR_NONE) { /* dotted-decimal */ return ret; } else { if (!(he = gethostbyname (name))) { #ifdef DEBUG debug_msg ("GetAddr: Couldn't get host."); #endif /* perror(name); */ } return he ? *(_32_bit *) *he->h_addr_list : 0; } } sniffit.0.3.7.beta/sn_resolv.h100644 1750 1750 260 6553423606 14743 0ustar codercoder/* Sniffit hostname resolving part include */ #ifndef _SN_RESOLV_H_ #define _SN_RESOLV_H_ extern _32_bit getaddrbyname (const char *); #endifsniffit.0.3.7.beta/sn_structs.h100644 1750 1750 5647 6553423606 15176 0ustar codercoder/* Sniffit Structs File */ #ifndef _SN_STRUCTS_H_ #define _SN_STRUCTS_H_ #include #include "sn_packetstructs.h" /**** Global data **********************************************************/ struct file_info { char proto, filename[50]; FILE *f; unsigned long bytes; _32_bit exp_seq; /* expected seq to avoid double logging */ int time_out; char log; /* log=0 : do nothing */ /* log=1 : log 'login' */ /* log=2 : 'login' logged */ /* log=3 : log password */ /* log=4 : password logged */ /* log=99 : no more detection */ char scroll_buf[SCBUF+1]; /* scroll buffer */ char *buffer; /* pointer to a buffer */ struct file_info *next; }; /**** Global data (config) **************************************************/ struct cfg_file_contense { unsigned char host[16]; unsigned int priority; unsigned char wildcard; unsigned short port; }; /**** Global data (plugins) *************************************************/ struct Plugin_data { struct unwrap PL_info; struct IP_header PL_iphead; struct TCP_header PL_tcphead; struct UDP_header PL_udphead; unsigned char PL_data[MTU]; unsigned char PL_packet[MTU]; }; /**** Global data (interactive) *********************************************/ #ifdef INCLUDE_INTERFACE #include "sn_curses.h" struct box_window { WINDOW *main_window, *work_window; }; struct shared_conn_data /* shared memory connection datastructure */ { char connection [CONN_NAMELEN]; /* full ID string of conn */ char desc [DESC_BYTES]; /* connection description */ int timeout; }; struct shared_logged_conn /* shared memory logging datastructure */ { char log_enter [CONN_NAMELEN]; /* normal logging */ }; struct snif_mask /* struct for mask */ { _32_bit source_ip, destination_ip; _32_bit short source_port, destination_port; }; /* (packet generation) */ struct generate_mask { _32_bit dest_ip, source_ip; _16_bit dest_port, source_port; _32_bit pkt_no; }; struct sp_data_exchange { int fd; /* Sh!t from transmit_TCP */ char *data; int datalen; _32_bit source; unsigned short source_port; _32_bit dest; unsigned short dest_port; _32_bit seq, ack; unsigned short flags; char *buffer; /* work buffer */ int IP_optlen; /* IP options length in bytes */ int TCP_optlen; /* TCP options length in bytes */ }; #endif #endif sniffit.0.3.7.beta/sniffit-FAQ100644 1750 1750 6255 6553423606 14604 0ustar codercoder------[ The Sniffit-FAQ V.0.2]------------------------------------------------ As the same questions keep popping up in my mailbox, I decided to write a Sniffit-FAQ. ------[ The Questions ]------------------------------------------------------- 1. 'sniffit -i' doesn't work. It says unknown option. 1.b. I'm sure I have NCURSES, but I still have that problem! 2. I can only see packets to/from my own computer, what is wrong? (BTW: I'm on PPP). 3. I have e.g. to ethernetcards, but 'sniffit -F /dev/eth1' doesn't work, why? 4. How can I find the device names? 5. Why can't my LINUX capture packets? 6. Why can't my BSD style system capture packets? ------[ The Answers ]--------------------------------------------------------- 1. 'sniffit -i' doesn't work. It says unknown option. Prior to 0.3.5 you had to configure Sniffit manual, that was a drag, so I made it configure itself. Problem now is that it is too automatic. When running the 'configure' script, it looks for 'ncurses' (which is needed for the interactive mode), when it does not find 'ncurses', it just excludes interactive mode, so '-i' becomes an unknown option. Solution: if you haven't got 'ncurses', install it (to be found at any sunsite mirror). If you are sure you have it, well it probably isn't in the right directories, maybe use some symbolic links. These are the dirs 'configue' looks in: /usr/include:/usr/include/ncurses:/usr/include/curses /usr/local/include:/usr/local/include/ncurses: /usr/local/include/curses and as of 0.3.6 Sniffit also looks in: ./:./ncurses (BTW: it looks for a file 'ncurses.h') 1.b. I'm sure I have NCURSES, but I still have that problem! Sometimes you have NCURSES, but no 'ncurses.h' file. Simple, just link (soft) 'ncurses.h' to 'curses.h'. 2. I can only see packets to/from my own computer, what is wrong? (BTW: I'm on PPP) PPP: Point to Point connection. Per defenition, this protocol will only carry packets that contain information for the connected computer. As a consequence on your side, you see only things that got to/come from your computer, so Sniffit works fine. To see traffic of whole subnets, you need protocols like ethernet (the coax cable). 3. I have e.g. to ethernetcards, but 'sniffit -F /dev/eth1' doesn't work, why? Don't put any path in front of the devices. These names aren't even listed in /dev/. The correct line would be: 'sniffit -F eth1' 4. How can I find the device names? Well in case Sniffit doesn't find the correct name itself, you will have to find it, and use the '-F' parameter. The devices can be found by using the 'ifconfig' or 'route' commands. 5. Why can't my LINUX capture packets? You should upgrade the kernel. Normally Sniffit should work on all kernels older then 2.0.0. But I advise using a kernel older then 2.0.25. (You could also downgrade the libpcap version to that used wityh Sniffit 0.3.3 if all else fails) 6. Why can't my BSD style system capture packets? You should recompile your kernel with BPF support. ------[ The End ]------------------------------------------------------------- sniffit.0.3.7.beta/sniffit.0.3.7.c100644 1750 1750 147571 6553423606 15133 0ustar codercoder/* Sniffit main program file */ /* - by : Brecht Claerhout */ #include "sn_config.h" /* Config header file */ #include #include #include #include /* #include */ #include #include #include #include #include #include /* #include */ /* for inet_addr() */ #ifdef INCLUDE_INTERFACE #include #include #endif #include "pcap.h" /************************ Own includes *************************************/ #include "sn_defines.h" /* Various defines */ #include "sn_structs.h" /* All structures */ #include "sn_global.h" /* some global defs */ #include "sn_data.h" /* data defs */ #include "sn_packets.h" /* My own packet structs */ #include "sn_logfile.h" #include "sn_cfgfile.h" /* Config file handling */ #include "sn_resolv.h" /* Host resolution */ #include "sn_plugins.h" /* Sniffit Plugins file */ #ifdef INCLUDE_INTERFACE #include "sn_interface.h" /* all ncurses stuff */ #endif #ifdef GENERATION #include "sn_generation.h" /* Sniffit Packet generation */ #endif #include "sniffit.h" /* definition of functions */ static char Copyright[] = "Sniffit - Brecht Claerhout - Copyright 1996-98"; void quit (char *prog_name) /* Learn to use the program */ { printf ( "usage: %s [-xdabvnN] [-P proto] [-A char] [-p port] [(-r|-R) recordfile]\n" " [-l sniflen] [-L logparam] [-F snifdevice] [-M plugin]\n" #ifdef INCLUDE_INTERFACE " [-D tty]" " (-t | -s)" " | (-i|-I) | -c]\n", #else " (-t | -s) | -c]\n", #endif prog_name); printf ("Plugins Available:\n"); #ifdef PLUGIN0_NAME printf (" 0 -- %s\n", PLUGIN0_NAME); #endif #ifdef PLUGIN1_NAME printf (" 1 -- %s\n", PLUGIN1_NAME); #endif #ifdef PLUGIN2_NAME printf (" 2 -- %s\n", PLUGIN2_NAME); #endif #ifdef PLUGIN3_NAME printf (" 3 -- %s\n", PLUGIN3_NAME); #endif #ifdef PLUGIN4_NAME printf (" 4 -- %s\n", PLUGIN4_NAME); #endif #ifdef PLUGIN5_NAME printf (" 5 -- %s\n", PLUGIN5_NAME); #endif #ifdef PLUGIN6_NAME printf (" 6 -- %s\n", PLUGIN6_NAME); #endif #ifdef PLUGIN7_NAME printf (" 7 -- %s\n", PLUGIN7_NAME); #endif #ifdef PLUGIN8_NAME printf (" 8 -- %s\n", PLUGIN8_NAME); #endif #ifdef PLUGIN9_NAME printf (" 9 -- %s\n", PLUGIN9_NAME); #endif exit (0); } void close_dumpfile(void) {pcap_dump_close(dev_dump);}; void close_pcapdev(void) {pcap_close(dev_desc);}; void my_exit (void) { fflush(NULL); printf("Gracefull shutdown...\n"); exit (0); }; /* DEBUGGING INFO */ #ifdef DEBUG void close_debug_device (void) { fclose (debug_dev); } void debug_msg (char *debug_text) { fprintf (debug_dev, "%s (%d)\n", debug_text, debug_cnt); debug_cnt++; } #endif char *strlower (char *string) { int i; for (i = 0; i < strlen (string); i++) *(string + i) = (isupper (*(string + i)) ? tolower (*(string + i)) : *(string + i)); return string; } void start_plugin (int PL_nr, struct Plugin_data *PL_d) { switch (PL_nr) { #ifdef PLUGIN0_NAME case 0: PLUGIN0 (PL_d); break; #endif #ifdef PLUGIN1_NAME case 1: PLUGIN1 (PL_d); break; #endif #ifdef PLUGIN2_NAME case 2: PLUGIN2 (PL_d); break; #endif #ifdef PLUGIN3_NAME case 3: PLUGIN3 (PL_d); break; #endif #ifdef PLUGIN4_NAME case 4: PLUGIN4 (PL_d); break; #endif #ifdef PLUGIN5_NAME case 5: PLUGIN5 (PL_d); break; #endif #ifdef PLUGIN5_NAME case 5: PLUGIN5 (PL_d); break; #endif #ifdef PLUGIN6_NAME case 6: PLUGIN6 (PL_d); break; #endif #ifdef PLUGIN7_NAME case 7: PLUGIN7 (PL_d); break; #endif #ifdef PLUGIN8_NAME case 8: PLUGIN8 (PL_d); break; #endif #ifdef PLUGIN9_NAME case 9: PLUGIN9 (PL_d); break; #endif default: fprintf (stderr, "Plugin does not exist...\n"); exit (1); break; } } void reset_all (void) { start_dynam = NULL; dynam_len = 0; } /* if do_file == 0, then don't handle the files */ /* this is for the global logfile option */ struct file_info * add_dynam (char *file, char ptype, char do_file, _32_bit cur_seq, int len) { int i; FILE *f; int last_time_out = 0; struct file_info *dummy_pointer; struct file_info *search_pointer; if (dynam_len >= MAXCOUNT) { /* * remove less effective connection from list */ search_pointer = start_dynam; dummy_pointer = start_dynam; do { if (search_pointer->time_out > last_time_out) { last_time_out = search_pointer->time_out; dummy_pointer = search_pointer; } search_pointer = search_pointer->next; } while (search_pointer != NULL); #ifdef DEBUG debug_msg ("Auto timeout engaged (filename follows)"); debug_msg (dummy_pointer->filename); #endif if (dummy_pointer->f == NULL) delete_dynam (dummy_pointer->filename, dummy_pointer->proto, 0); else delete_dynam (dummy_pointer->filename, dummy_pointer->proto, 1); printf ("Too many connections... auto timeout\n"); } if ((dummy_pointer = (struct file_info *) malloc (sizeof (struct file_info))) == NULL) { printf ("Couldn't allocate memory.\n"); exit (0); }; dummy_pointer->bytes = 0; dummy_pointer->proto = ptype; strcpy (dummy_pointer->filename, file); if (do_file != 0) { f = fopen (file, "a"); if (f == NULL) perror ("Couldn't open logfile:"), exit (0); dummy_pointer->f = f; } else { dummy_pointer->f = NULL; } dummy_pointer->next = NULL; dummy_pointer->buffer = NULL; dummy_pointer->log = 0; dummy_pointer->exp_seq = cur_seq + len; for (i = 0; i < SCBUF; i++) dummy_pointer->scroll_buf[i] = ' '; dummy_pointer->scroll_buf[SCBUF] = 0; if (start_dynam == NULL) start_dynam = dummy_pointer; else { search_pointer = start_dynam; while (search_pointer->next != NULL) search_pointer = search_pointer->next; search_pointer->next = dummy_pointer; } dynam_len++; return dummy_pointer; } void delete_dynam (char *file, char ptype, char do_file) { struct file_info *search_pointer; struct file_info *dummy_pointer; if (start_dynam == NULL) return; search_pointer = start_dynam; if ((strcmp (search_pointer->filename, file) == 0) && (search_pointer->proto == ptype)) { if (do_file != 0) fclose (search_pointer->f); start_dynam = search_pointer->next; dynam_len--; return; } search_pointer = start_dynam; if (search_pointer->next == NULL) return; while (search_pointer->next != NULL) { if ((strcmp (search_pointer->next->filename, file) == 0) && (search_pointer->next->proto == ptype)) { if (do_file != 0) fclose (search_pointer->next->f); dummy_pointer = search_pointer->next; search_pointer->next = search_pointer->next->next; if (dummy_pointer->buffer != NULL) free (dummy_pointer->buffer); free (dummy_pointer); dynam_len--; return; } search_pointer = search_pointer->next; } } /* returns NULL on failure */ struct file_info * search_dynam (char *file, char ptype) { struct file_info *search_pointer; if (start_dynam == NULL) return NULL; search_pointer = start_dynam; /* time_out add */ do { search_pointer->time_out += 1; search_pointer = search_pointer->next; } while (search_pointer != NULL); search_pointer = start_dynam; /* actual search */ do { if ((strcmp (search_pointer->filename, file) == 0) && (search_pointer->proto == ptype)) { search_pointer->time_out = 0; /* timeout reset */ return search_pointer; } search_pointer = search_pointer->next; } while (search_pointer != NULL); return NULL; } /* Type 0: TELNET */ void record_buf (struct file_info *dummy_pointer, _32_bit cur_seq_nr, char *data, int len, int type) { int i, j, noloop = 0; if (dummy_pointer->exp_seq != cur_seq_nr) { return; } noloop = 0; for (i = 0; i < len; i++) { j = dummy_pointer->bytes; switch (type) { case 0: if (data[i] == TELNET_ENTER) /* return found */ { dummy_pointer->log++; noloop = 1; }; break; default: break; } if (noloop == 1) break; if (j >= LOG_PASS_BUF) break; if (isprint (data[i])) { dummy_pointer->buffer[j] = data[i]; } else { dummy_pointer->buffer[j] = '~'; }; dummy_pointer->buffer[j + 1] = 0; dummy_pointer->bytes += 1; } #ifdef DEBUG_ONSCREEN printf ("Record buffer: >%s< (%d)\n", dummy_pointer->buffer, dummy_pointer->bytes); #endif } void sb_shift (struct file_info *dummy_pointer) { int i, j; for (i = 1; i < SCBUF; i++) dummy_pointer->scroll_buf[i - 1] = dummy_pointer->scroll_buf[i]; } void sbuf_update (struct file_info *dummy_pointer, _32_bit cur_seq_nr, char *data, int len) { int i; if (dummy_pointer->exp_seq != cur_seq_nr) { return; } for (i = 0; i < len; i++) { sb_shift (dummy_pointer); if (data[i] != 0) /* * used to be 'isprint', not possible for ftp logging */ { dummy_pointer->scroll_buf[SCBUF - 1] = data[i]; } else { dummy_pointer->scroll_buf[SCBUF - 1] = '.'; }; } #ifdef DEBUG_ONSCREEN printf ("scr_buf: %s\n", dummy_pointer->scroll_buf); #endif } void print_iphead (struct IP_header *iphead, char icmp_or_plain) { int dummy; unsigned char *so, *dest; if (icmp_or_plain != 0) printf ("ICMP message concerned following IP packet:\n"); so = (unsigned char *) &(iphead->source); dest = (unsigned char *) &(iphead->destination); printf ("from %u.%u.%u.%u to %u.%u.%u.%u\n", so[0], so[1], so[2], so[3], dest[0], dest[1], dest[2], dest[3]); dummy = iphead->type; dummy >>= 5; printf ("IP Packet precedence: %s (%c%c%c)\n", IP_TYPE_precedence[dummy], (iphead->type & IP_DELAY) ? 'D' : '-', (iphead->type & IP_THROUGHPUT) ? 'T' : '-', (iphead->type & IP_RELIABILITY) ? 'R' : '-'); dummy = ntohs (iphead->flag_offset); dummy >>= 13; printf ("ID: 0x%X FLAGS: %s %s Time to live (secs): %d\n", ntohs(iphead->ID), (dummy & IP_DF) ? "DF" : "--", (dummy & IP_MF) ? "MF" : "--", iphead->TTL); if (iphead->protocol < 34) printf ("Protocol (%d): %s\n", iphead->protocol, IP_PROTOCOL_number[iphead->protocol]); else printf ("Protocol (%d) not recognised\n", iphead->protocol); printf ("\n"); } int check_packet (_32_bit ipaddr, const struct packetheader *p_header, const unsigned char *sp, char *file, char *file2, struct unwrap *info, char *detail, int MODE) /* MODE 0: -t MODE 1: -s */ /* MODE 2: -b */ { unsigned char *so, *dest; char wc_so[20], wc_dest[20]; struct IP_header iphead; struct TCP_header tcphead; struct ICMP_header icmphead; struct UDP_header udphead; int proto; unsigned int prior; char selected; int i; /* Wildcard stuff */ unsigned char *str_IP; unsigned int n_s; /* strlen short notation for wc bugfix */ proto = unwrap_packet (sp, info); if(proto == NOT_SUPPORTED) { #ifdef DEBUG_ONSCREEN printf("unwrap: NOT_SUPPORTED\n"); #endif return DROP_PACKET;} /* no use in trying */ if(proto == NO_IP) { #ifdef DEBUG_ONSCREEN printf("unwrap: NO_IP\n"); #endif return DROP_PACKET;} /* no use in trying */ if(proto == NO_IP_4) { #ifdef DEBUG_ONSCREEN printf("unwrap: NO_IP_4\n"); #endif return DROP_PACKET;} /* no use in trying */ if(proto == CORRUPT_IP) { #ifdef DEBUG_ONSCREEN printf("unwrap: CORRUPT_IP\n"); #endif printf("Suspicious Packet detected... \n"); return DROP_PACKET;} memcpy (&iphead, (sp + PROTO_HEAD), sizeof (struct IP_header)); so = (unsigned char *) &(iphead.source); dest = (unsigned char *) &(iphead.destination); if ( ((proto == TCP)||(proto==TCP_FRAG_HEAD)) && (PROTOCOLS & F_TCP)) { #ifdef DEBUG_ONSCREEN printf ("TCP Packet\n"); #endif if((info->FRAG_nf==0)&&(proto!=TCP_FRAG_HEAD)) { memcpy (&tcphead, (sp + PROTO_HEAD + info->IP_len), sizeof (struct TCP_header)); memcpy (detail, &tcphead, sizeof (struct TCP_header)); } if ((WILDCARD == 0) && (CFG_FILE == 0)) /* Selection criteria */ { if (MODE == DEST && ipaddr != iphead.destination /* -t */ || MODE == SOURCE && ipaddr != iphead.source /* -s */ || MODE == BOTH && ipaddr != iphead.destination /* -b */ && ipaddr != iphead.source ) return DONT_EXAMINE; /* Check destination/source IP */ } else { if (WILDCARD != 0) /* Wildcards */ { #ifdef DEBUG_ONSCREEN printf ("WILDCARD\n"); #endif sprintf (wc_so, "%u.%u.%u.%u", so[0], so[1], so[2], so[3]); sprintf (wc_dest, "%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3]); n_s = strlen (IP); if (MODE == DEST && (strncmp (wc_dest, IP, n_s) != 0) /* -t */ || MODE == SOURCE && (strncmp (wc_so, IP, n_s) != 0) /* -s */ || MODE == BOTH && (strncmp (wc_dest, IP, n_s) != 0) /* -b */ && (strncmp (wc_so, IP, n_s) != 0) ) return DONT_EXAMINE; /* Check destination/source IP */ } else { /* We are using the config file (4*Check) */ prior = 0; selected = 0; sprintf (wc_so, "%u.%u.%u.%u", so[0], so[1], so[2], so[3]); sprintf (wc_dest, "%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3]); #ifdef DEBUG_ONSCREEN if((info->FRAG_nf!=0)||(proto==TCP_FRAG_HEAD)) printf ("CONCERNING: %s %d - %s %d\n", wc_so, ntohs (tcphead.source), wc_dest, ntohs (tcphead.destination)); #endif /* Highest prior last (backward+break for speed) */ for (i = (select_from_length - 1); i >= 0; i--) { if (prior > select_from_list[i].priority) break; str_IP = select_from_list[i].host; #ifdef DEBUG_ONSCREEN printf ("SF: %s %d Prior:%d\n", str_IP, select_from_list[i].port, select_from_list[i].priority); #endif /* tcphead is reserved anyway (even when fragmented) */ if ((select_from_list[i].port == 0) || (select_from_list[i].port == ntohs (tcphead.source)) || (info->FRAG_nf!=0)||(proto==TCP_FRAG_HEAD) ) { if (select_from_list[i].wildcard == 0) { /* NO wildcard */ if (strcmp (wc_so, str_IP) == 0) { selected = 1; prior = select_from_list[i].priority; break; } } else { /* wildcard */ if (strncmp (wc_so, str_IP, strlen (str_IP)) == 0) { selected = 1; prior = select_from_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 1; break; }; } } for (i = (select_to_length - 1); i >= 0; i--) { if (prior > select_to_list[i].priority) break; str_IP = select_to_list[i].host; #ifdef DEBUG_ONSCREEN printf ("ST: %s %d Prior:%d\n", str_IP, select_to_list[i].port, select_to_list[i].priority); #endif if ((select_to_list[i].port == 0) || (select_to_list[i].port == ntohs (tcphead.destination))|| (info->FRAG_nf!=0)||(proto==TCP_FRAG_HEAD) ) { if (select_to_list[i].wildcard == 0) { /* NO wildcard */ if (strcmp (wc_dest, str_IP) == 0) { selected = 1; prior = select_to_list[i].priority; break; } } else { /* wildcard */ if (strncmp (wc_dest, str_IP, strlen (str_IP)) == 0) { selected = 1; prior = select_to_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 1; break; }; } } for (i = (deselect_from_length - 1); i >= 0; i--) { if (prior > deselect_from_list[i].priority) break; str_IP = deselect_from_list[i].host; #ifdef DEBUG_ONSCREEN printf ("DF: %s %d Prior:%d\n", str_IP, deselect_from_list[i].port, deselect_from_list[i].priority); #endif if ((deselect_from_list[i].port == 0) || (deselect_from_list[i].port == ntohs (tcphead.source))|| (info->FRAG_nf!=0)||(proto==TCP_FRAG_HEAD) ) { if (deselect_from_list[i].wildcard == 0) { /* NO wildcard */ if (strcmp (wc_so, str_IP) == 0) { selected = 0; prior = deselect_from_list[i].priority; break; } } else { /* wildcard */ if (strcmp (wc_so, str_IP) == 0) { selected = 0; prior = deselect_from_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 0; break; }; } } for (i = (deselect_to_length - 1); i >= 0; i--) { if (prior > deselect_to_list[i].priority) break; str_IP = deselect_to_list[i].host; #ifdef DEBUG_ONSCREEN printf ("DT: %s %d Prior:%d\n", str_IP, deselect_to_list[i].port, deselect_to_list[i].priority); #endif if ((deselect_to_list[i].port == 0) || (deselect_to_list[i].port == ntohs (tcphead.destination))|| (info->FRAG_nf!=0)||(proto==TCP_FRAG_HEAD) ) { if (deselect_to_list[i].wildcard == 0) { /* NO wildcard */ if (strncmp (wc_dest, str_IP, strlen (str_IP)) == 0) { selected = 0; prior = deselect_to_list[i].priority; break; } } else { /* wildcard */ if (strncmp (wc_dest, str_IP, strlen (str_IP)) == 0) { selected = 0; prior = deselect_to_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 0; break; }; } } #ifdef DEBUG_ONSCREEN printf ("Selected: %d\n", selected); #endif if (selected == 0) return DONT_EXAMINE; } } if( (info->FRAG_nf==0)&&(proto!=TCP_FRAG_HEAD) ) if( (MODE!=BOTH && DEST_PORT && ntohs (tcphead.destination)!=DEST_PORT) || (MODE!=BOTH && SRC_PORT && ntohs (tcphead.source)!=SRC_PORT) || (MODE==BOTH && SRC_PORT && ntohs (tcphead.source)!=SRC_PORT && ntohs (tcphead.destination)!=SRC_PORT) ) /* with BOTH SRC_PORT&DEST_PORT should be the same!! */ /* DEST/SRC do not depend on the SOURCE or DEST modes! */ return DONT_EXAMINE; /* Check dest. PORT */ #ifdef DEBUG_ONSCREEN printf ("Packet accepted\n"); #endif if( (info->FRAG_nf==0)&&(proto!=TCP_FRAG_HEAD) ) { /* inet_ntoa gave wrong output sometimes */ sprintf (file, "%u.%u.%u.%u.%u-%u.%u.%u.%u.%u", so[0], so[1], so[2], so[3], (unsigned short) ntohs (tcphead.source), dest[0], dest[1], dest[2], dest[3], (unsigned short) ntohs (tcphead.destination)); sprintf (file2, "%u.%u.%u.%u.%u-%u.%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3], (unsigned short) ntohs (tcphead.destination), so[0], so[1], so[2], so[3], (unsigned short) ntohs (tcphead.source)); } else { /* inet_ntoa gave wrong output sometimes */ sprintf (file, "%u.%u.%u.%u-%u.%u.%u.%u", so[0], so[1], so[2], so[3], dest[0], dest[1], dest[2], dest[3]); sprintf (file2, "%u.%u.%u.%u-%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3], so[0], so[1], so[2], so[3]); } if(info->FRAG_nf!=0) return TCP_EX_FRAG_NF; if(proto==TCP_FRAG_HEAD) return TCP_EX_FRAG_HEAD; if ((ntohs(tcphead.offset_flag) & FIN) != 0) /* check for reset conn. */ return TCP_FINISH; /* packet is a FIN */ if ((ntohs(tcphead.offset_flag) & RST) != 0) /* check for reset conn. */ return TCP_FINISH; /* * Used to be for speed, '-x' needs all info, so this too! * if (info->DATA_len == 0) * return DONT_EXAMINE; */ return TCP_EXAMINE; /* interprete packet */ }; /***** WARNING: Remove if later fragment handling is done *************/ if(info->FRAG_nf!=0) {printf("Fragment Skipped...\n"); return DONT_EXAMINE; }; if ((proto == ICMP) && (PROTOCOLS & F_ICMP)) /* ICMP packet checking */ { memcpy (&icmphead, (sp + PROTO_HEAD + info->IP_len), sizeof (struct ICMP_header)); memcpy (detail, &icmphead, sizeof (struct ICMP_header)); sprintf (file, "%u.%u.%u.%u > %u.%u.%u.%u", so[0], so[1], so[2], so[3], dest[0], dest[1], dest[2], dest[3]); return ICMP_EXAMINE; }; if ((proto == UDP) && (PROTOCOLS & F_UDP)) /* UDP packet checking */ { #ifdef DEBUG_ONSCREEN printf ("UDP Packet\n"); #endif memcpy (&udphead, (sp + PROTO_HEAD + info->IP_len), sizeof (struct UDP_header)); memcpy (detail, &udphead, sizeof (struct UDP_header)); if ((WILDCARD == 0) && (CFG_FILE == 0)) /* Selection criteria */ { if (MODE == DEST && ipaddr != iphead.destination /* -t */ || MODE == SOURCE && ipaddr != iphead.source /* -s */ || MODE == BOTH && ipaddr != iphead.destination /* -b */ && ipaddr != iphead.source ) return DONT_EXAMINE; /* Check destination/source IP */ } else { if (WILDCARD != 0) /* Wildcards */ { sprintf (wc_so, "%u.%u.%u.%u", so[0], so[1], so[2], so[3]); sprintf (wc_dest, "%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3]); n_s = strlen (IP); if (MODE == DEST && (strncmp (wc_dest, IP, n_s) != 0) /* -t */ || MODE == SOURCE && (strncmp (wc_so, IP, n_s) != 0) /* -s */ || MODE == BOTH && (strncmp (wc_dest, IP, n_s) != 0) /* -b */ && (strncmp (wc_so, IP, n_s) != 0) ) return DONT_EXAMINE; /* Check destination/source IP */ } else { /* We are using the config file (4*Check) */ prior = 0; selected = 0; sprintf (wc_so, "%u.%u.%u.%u", so[0], so[1], so[2], so[3]); sprintf (wc_dest, "%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3]); #ifdef DEBUG_ONSCREEN printf ("CONCERNING: %s %d - %s %d\n", wc_so, ntohs (udphead.source), wc_dest, ntohs (udphead.destination)); #endif /* Highest prior last (backward+break for speed) */ for (i = (select_from_length - 1); i >= 0; i--) { if (prior > select_from_list[i].priority) break; str_IP = select_from_list[i].host; #ifdef DEBUG_ONSCREEN printf ("SF: %s %d Prior:%d\n", str_IP, select_from_list[i].port, select_from_list[i].priority); #endif if ((select_from_list[i].port == 0) || (select_from_list[i].port == ntohs (udphead.source))) { if (select_from_list[i].wildcard == 0) { /* * NO wildcard */ if (strcmp (wc_so, str_IP) == 0) { selected = 1; prior = select_from_list[i].priority; break; } } else { /* * wildcard */ if (strncmp (wc_so, str_IP, strlen (str_IP)) == 0) { selected = 1; prior = select_from_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 1; break; }; } } for (i = (select_to_length - 1); i >= 0; i--) { if (prior > select_to_list[i].priority) break; str_IP = select_to_list[i].host; #ifdef DEBUG_ONSCREEN printf ("ST: %s %d Prior:%d\n", str_IP, select_to_list[i].port, select_to_list[i].priority); #endif if ((select_to_list[i].port == 0) || (select_to_list[i].port == ntohs (udphead.destination))) { if (select_to_list[i].wildcard == 0) { /* * NO wildcard */ if (strcmp (wc_dest, str_IP) == 0) { selected = 1; prior = select_to_list[i].priority; break; } } else { /* * wildcard */ if (strncmp (wc_dest, str_IP, strlen (str_IP)) == 0) { selected = 1; prior = select_to_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 1; break; }; } } for (i = (deselect_from_length - 1); i >= 0; i--) { if (prior > deselect_from_list[i].priority) break; str_IP = deselect_from_list[i].host; #ifdef DEBUG_ONSCREEN printf ("DF: %s %d Prior:%d\n", str_IP, deselect_from_list[i].port, deselect_from_list[i].priority); #endif if ((deselect_from_list[i].port == 0) || (deselect_from_list[i].port == ntohs (udphead.source))) { if (deselect_from_list[i].wildcard == 0) { /* NO wildcard */ if (strcmp (wc_so, str_IP) == 0) { selected = 0; prior = deselect_from_list[i].priority; break; } } else { /* wildcard */ if (strcmp (wc_so, str_IP) == 0) { selected = 0; prior = deselect_from_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 0; break; }; } } for (i = (deselect_to_length - 1); i >= 0; i--) { if (prior > deselect_to_list[i].priority) break; str_IP = deselect_to_list[i].host; #ifdef DEBUG_ONSCREEN printf ("DT: %s %d Prior:%d\n", str_IP, deselect_to_list[i].port, deselect_to_list[i].priority); #endif if ((deselect_to_list[i].port == 0) || (deselect_to_list[i].port == ntohs (udphead.destination))) { if (deselect_to_list[i].wildcard == 0) { /* NO wildcard */ if (strncmp (wc_dest, str_IP, strlen (str_IP)) == 0) { selected = 0; prior = deselect_to_list[i].priority; break; } } else { /* wildcard */ if (strncmp (wc_dest, str_IP, strlen (str_IP)) == 0) { selected = 0; prior = deselect_to_list[i].priority; break; } } if (str_IP[0] == 0) { selected = 0; break; }; } } #ifdef DEBUG_ONSCREEN printf ("Selected: %d\n", selected); #endif if (selected == 0) return DONT_EXAMINE; } } if( (MODE!=BOTH && DEST_PORT && ntohs (udphead.destination)!=DEST_PORT) || (MODE!=BOTH && SRC_PORT && ntohs (udphead.source)!=SRC_PORT) || (MODE==BOTH && SRC_PORT && ntohs (udphead.source)!=SRC_PORT && ntohs (udphead.destination)!=SRC_PORT) ) /* with BOTH SRC_PORT&DEST_PORT should be the same!! */ /* DEST/SRC do not depend on the SOURCE or DEST modes! */ return DONT_EXAMINE; /* Check dest. PORT */ /* inet_ntoa gave wrong output sometimes */ sprintf (file, "%u.%u.%u.%u.%u-%u.%u.%u.%u.%u", so[0], so[1], so[2], so[3], (unsigned short) ntohs (udphead.source), dest[0], dest[1], dest[2], dest[3], (unsigned short) ntohs (udphead.destination)); sprintf (file2, "%u.%u.%u.%u.%u-%u.%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3], (unsigned short) ntohs (udphead.destination), so[0], so[1], so[2], so[3], (unsigned short) ntohs (udphead.source)); return UDP_EXAMINE; /* interprete packet */ } return DONT_EXAMINE; } /* Default Processing of packets */ pcap_handler packethandler (unsigned char *ipaddrpoint, const struct packetheader * p_header, const unsigned char *sp) { char filename[50], filename2[50], header[SNAPLEN]; FILE *f; struct file_info *dummy_pointer; unsigned char status = 0; char *help; int dummy, finish; /* look out it's signed */ unsigned long datalen, position, total_length, i, n; _32_bit ipaddr; struct unwrap info; struct IP_header iphead; struct TCP_header tcphead; struct ICMP_header icmphead; struct IP_header iphead_icmp; struct UDP_header udphead; struct Plugin_data PL_d, PL_dex; memcpy (&ipaddr, ipaddrpoint, sizeof (_32_bit)); finish = check_packet (ipaddr, p_header, sp, filename, filename2, &info, header, SNIFMODE); if (finish == DROP_PACKET) return; /* Packet is broken */ if( (PROTOCOLS&F_IP)&&((PROTOCOLS&F_TCP)==0)) memcpy (&iphead, (sp + PROTO_HEAD), sizeof (struct IP_header)), print_iphead (&iphead, 0); if (finish == DONT_EXAMINE) return; /* Packet is not for us */ if(DUMPMODE==8) /* Recording */ { pcap_dump((unsigned char *) dev_dump, p_header, sp); return; } if((PROTOCOLS & F_IP)&&(PROTOCOLS & F_TCP)&&(finish<10)) memcpy (&iphead, (sp + PROTO_HEAD), sizeof (struct IP_header)), print_iphead (&iphead, 0); #ifdef DEBUG_ONSCREEN printf ("Processing Packet (finish: %d)\n", finish); #endif if ((finish < 10) || (finish >= 20 && finish < 30)) /* Start plugin */ { if( (finish!=TCP_EX_FRAG_HEAD)&&(finish!=TCP_EX_FRAG_NF) ) { /* no fragments to PLUGINS yet */ /* fixing data structure */ memcpy (&(PL_d.PL_info), &info, sizeof (struct unwrap)); memcpy (&(PL_d.PL_iphead), (sp + PROTO_HEAD), sizeof (struct IP_header)); memcpy (&(PL_d.PL_tcphead), (sp + PROTO_HEAD + info.IP_len), sizeof (struct TCP_header)); memcpy (&(PL_d.PL_udphead), (sp + PROTO_HEAD + info.IP_len), sizeof (struct UDP_header)); if (PL_d.PL_iphead.protocol == TCP) memcpy (PL_d.PL_data, (sp + PROTO_HEAD + info.IP_len + info.TCP_len), info.DATA_len); if (PL_d.PL_iphead.protocol == UDP) memcpy (PL_d.PL_data, (sp + PROTO_HEAD + info.IP_len + info.UDP_len), info.DATA_len); memcpy (PL_d.PL_packet, (sp + PROTO_HEAD), info.IP_len + info.TCP_len + info.UDP_len + info.DATA_len); /* starting all plugins */ for (i = 0; i < 10; i++) if (Plugin_Active[i] == 1) { memcpy (&PL_dex, &PL_d, sizeof (struct Plugin_data)); start_plugin (i, &PL_dex); } } } if ((DUMPMODE & 32) && (finish < 10)) /* extended info TCP only */ { if( (finish!=TCP_EX_FRAG_HEAD)&&(finish!=TCP_EX_FRAG_NF) ) { memcpy (&tcphead, header, sizeof (struct TCP_header)); dummy = ntohs (tcphead.offset_flag); printf ("\n"); printf ("TCP Packet ID (from_IP.port-to_IP.port): %s\n", filename); printf (" SEQ (hex): %lX ", ntohl (tcphead.seq_nr)); if (dummy & ACK) printf ("ACK (hex): %lX\n", ntohl (tcphead.ACK_nr)); printf (" FLAGS: %c%c%c%c%c%c", (dummy & URG) ? 'U' : '-', (dummy & ACK) ? 'A' : '-', (dummy & PSH) ? 'P' : '-', (dummy & RST) ? 'R' : '-', (dummy & SYN) ? 'S' : '-', (dummy & FIN) ? 'F' : '-'); if (dummy & ACK) printf (" Window: %X\n", ntohs (tcphead.window)); else printf ("\n"); } }; if ((finish < 10) && (LOGPARAM == 0)) /* TCP packet */ /* I didn't use flags for later extention, and they */ /* don't come in pairs anyhow */ /* use return instead of else {if}, for later extention */ { if( (finish!=TCP_EX_FRAG_HEAD)&&(finish!=TCP_EX_FRAG_NF) ) memcpy (&tcphead, header, sizeof (struct TCP_header)); switch (DUMPMODE & 199) /* without bit 3,4,5 (8,16,32) */ { case 0: /* LOG mode */ if( (finish==TCP_EX_FRAG_HEAD)||(finish==TCP_EX_FRAG_NF) ) break; /* no FRAG handling in log mode yet */ status = 0; dummy_pointer = search_dynam (filename, TCP); if (dummy_pointer != NULL) status = 1; /* make a new entry unless it's reset */ if (status == 0) { if (finish == TCP_FINISH) return; /* there was never data transmitted */ /* seq_nr & datalen not important here yet */ if ((dummy_pointer = add_dynam (filename, TCP, 1, 0, 0)) == NULL) return; } f = dummy_pointer->f; if (dummy_pointer->bytes <= SNIFLEN) { const unsigned char *data= sp + PROTO_HEAD + info.IP_len + info.TCP_len; if (SNIFLEN != 0) dummy_pointer->bytes += info.DATA_len; /* last packet is written */ /* don't care about length */ if (ASC == 0) { for (i = 0; i < info.DATA_len; i++) fprintf (f, "%c", data[i]); } else { for (i = 0; i < info.DATA_len; i++) fprintf (f, "%c", isprint (data[i]) ? data[i] : non_printable); }; fflush (f); /* write all */ } if (finish == TCP_FINISH) /* let's reset the connection */ delete_dynam (filename, TCP, 1); break; case 1: /* DUMP mode */ case 2: case 3: memcpy (&iphead, (sp + PROTO_HEAD), sizeof (struct IP_header)); printf ("Packet ID (from_IP.port-to_IP.port): %s\n", filename); total_length = info.IP_len + info.TCP_len + info.DATA_len; if(info.FRAG_f!=0) printf("The following packet is an IP Fragment (first/ID: %0X)...\n", ntohs(iphead.ID)); if( (finish==TCP_EX_FRAG_HEAD)||(finish==TCP_EX_FRAG_NF) ) { total_length = info.IP_len + info.DATA_len; if(finish==TCP_EX_FRAG_HEAD) printf("WARNING: Fragmented TCP header... suspicious... (ID: %0X) \n", ntohs(iphead.ID)); if(finish==TCP_EX_FRAG_NF) printf("The following packet is a continued IP Fragment (ID: %0X)...\n", ntohs(iphead.ID)); }; n = 0; for (i = 0; i < total_length; i++) { unsigned char c = sp[PROTO_HEAD + i]; if (n > 75) n = 0, printf ("\n"); if (DUMPMODE & 1) n += printf (" %02X", c); if (DUMPMODE & 2) n += printf (" %c", isprint (c) ? c : '.'); } printf ("\n\n"); break; case 128: break; /* NO LOGGING MODE */ default: printf ("\nYou mixed incompatible options!\n"); exit (1); } return; } if ((finish < 10) && (LOGPARAM != 0)) /* TCP packet - logfile */ /* This mode will grow, so I just copied the other if() */ /* instead of adding a dumpmode, I think this will keep */ /* things more simpel. Also I use the smart dynam */ /* managment of connections */ { if( (finish!=TCP_EX_FRAG_HEAD)&&(finish!=TCP_EX_FRAG_NF) ) { /* no FRAG handling in logfile mode yet */ #include "sn_analyse.c" /* dirty, but it got too confusing */ } } if (finish < 20) /* ICMP packet */ { memcpy (&icmphead, header, sizeof (struct ICMP_header)); memcpy (&iphead_icmp, (sp + PROTO_HEAD + info.IP_len + ICMP_HEADLENGTH + 4), sizeof (struct IP_header)); printf ("ICMP message id: %s\n", filename); printf (" ICMP type: "); switch (icmphead.type) { case 0: printf ("%s\n", ICMP_TYPE_0); break; case 3: printf ("%s\n", ICMP_TYPE_3); printf (" Error: %s\n", ICMP_type_3_code[icmphead.code]); print_iphead (&iphead_icmp, 1); break; case 4: printf ("%s\n", ICMP_TYPE_4); print_iphead (&iphead_icmp, 1); break; case 5: printf ("%s\n", ICMP_TYPE_5); printf (" Error: %s\n", ICMP_type_5_code[icmphead.code]); print_iphead (&iphead_icmp, 1); break; case 8: printf ("%s\n", ICMP_TYPE_8); break; case 11: printf ("%s\n", ICMP_TYPE_11); printf (" Error: %s\n", ICMP_type_11_code[icmphead.code]); print_iphead (&iphead_icmp, 1); break; case 12: printf ("%s\n", ICMP_TYPE_12); print_iphead (&iphead_icmp, 1); break; case 13: printf ("%s\n", ICMP_TYPE_13); break; case 14: printf ("%s\n", ICMP_TYPE_14); break; case 15: printf ("%s\n", ICMP_TYPE_15); break; case 16: printf ("%s\n", ICMP_TYPE_16); break; case 17: printf ("%s\n", ICMP_TYPE_17); break; case 18: printf ("%s\n", ICMP_TYPE_18); break; default: printf ("Unknown ICMP type!\n"); break; } printf ("\n"); return; } if (finish < 30) /* nothing yet */ { memcpy (&udphead, header, sizeof (struct UDP_header)); switch (DUMPMODE & 223) { case 0: break; case 1: /* DUMP mode */ case 2: case 3: printf ("UDP Packet ID (from_IP.port-to_IP.port): %s\n", filename); total_length = info.IP_len + info.UDP_len + info.DATA_len; n = 0; for (i = 0; i < total_length; i++) { unsigned char c = sp[PROTO_HEAD + i]; if (n > 75) n = 0, printf ("\n"); if (DUMPMODE & 1) n += printf (" %02X", c); if (DUMPMODE & 2) n += printf (" %c", isprint (c) ? c : '.'); } printf ("\n\n"); break; case 128: break; /* NO LOGGING MODE */ default: printf ("\nImpossible error! Sniffer Hartattack!\n"); exit (0); } return; } } #ifdef INCLUDE_INTERFACE /* Interactive packethandling */ int check_mask (const struct packetheader *p_header, const unsigned char *sp, char *conn_name, char *conn_name2, char *desc_string, struct unwrap *info) /* return -1 : packet not for us */ /* else finish value */ { char helpstr1[20], helpstr2[20]; unsigned char *so, *dest; struct IP_header iphead; struct TCP_header tcphead; int proto, i,j; proto = unwrap_packet (sp, info); /* Interface, no output allowed to stdout */ if(proto == NOT_SUPPORTED) return DROP_PACKET; /* no use in trying */ if (proto == NO_IP) return DROP_PACKET; /* no use in trying */ if (proto == NO_IP_4) return DROP_PACKET; /* no use in trying */ if(proto == CORRUPT_IP) return DROP_PACKET; /* no use in trying */ if((info->FRAG_nf!=0)||(info->FRAG_f!=0)) {return DONT_EXAMINE; }; /* No fragments studied at all */ (*IP_nr_of_packets)++; if (proto == ICMP) { (*ICMP_nr_of_packets)++; return DONT_EXAMINE; } if (proto == UDP) { (*UDP_nr_of_packets)++; (*UDP_bytes_in_packets) += (info->UDP_len + info->DATA_len + info->IP_len); return DONT_EXAMINE; } if (proto != TCP) return DONT_EXAMINE; /* Packet info */ (*TCP_nr_of_packets)++; (*TCP_bytes_in_packets) += (info->TCP_len + info->DATA_len + info->IP_len); /* Not a TCP packet */ memcpy (&iphead, (sp + PROTO_HEAD), sizeof (struct IP_header)); memcpy (&tcphead, (sp + PROTO_HEAD + info->IP_len), sizeof (struct TCP_header)); if (mask->source_ip != 0 && iphead.source != mask->source_ip) return DONT_EXAMINE; if (mask->destination_ip != 0 && iphead.destination != mask->destination_ip) return DONT_EXAMINE; if (mask->destination_port && ntohs (tcphead.destination) != mask->destination_port) return DONT_EXAMINE; if (mask->source_port && ntohs (tcphead.source) != mask->source_port) return DONT_EXAMINE; /* inet_ntoa gave wrong output sometimes */ so = (unsigned char *) &(iphead.source); dest = (unsigned char *) &(iphead.destination); sprintf (helpstr1, "%u.%u.%u.%u", so[0], so[1], so[2], so[3]); sprintf (helpstr2, "%u.%u.%u.%u", dest[0], dest[1], dest[2], dest[3]); sprintf (conn_name, "%16s %5u -> %16s %5u", helpstr1, ntohs (tcphead.source), helpstr2, ntohs (tcphead.destination)); sprintf (conn_name2, "%16s %5u -> %16s %5u", helpstr2, ntohs (tcphead.destination), helpstr1, ntohs (tcphead.source)); if(INTERACTIVE_EXTEND==1) { #include "sn_conn_desc.c" /* Some detection */ } if ((ntohs (tcphead.offset_flag) & FIN) != 0) /* check for reset conn. */ return TCP_FINISH; /* packet is a FIN */ if ((ntohs (tcphead.offset_flag) & RST) != 0) /* check for reset conn. */ return TCP_FINISH; /* packet is a RST */ if (info->DATA_len == 0) return DONT_EXAMINE; /*packet not for us */ return TCP_EXAMINE; /* interprete packet */ } pcap_handler interactive_packethandler (char *dummy, const struct packetheader * p_header, const unsigned char *sp) { char conn_name[CONN_NAMELEN], conn_name2[CONN_NAMELEN]; char desc_string[DESC_BYTES]; int finish; /* look out it's signed */ struct unwrap info; if(INTERACTIVE_EXTEND==1) strcpy (desc_string, "Unknown"); finish = check_mask (p_header, sp, conn_name, conn_name2, desc_string, &info); if (finish == DROP_PACKET) return; /* Packet is broken */ if (finish == DONT_EXAMINE) return; /* Packet is not for us */ if (finish != TCP_FINISH) /* finish: already logged, or to short to add */ add_itemlist (running_connections, conn_name, desc_string); if (strcmp (log_conn->log_enter, conn_name) == 0) { const unsigned char *data = sp + PROTO_HEAD + info.IP_len + info.TCP_len; if (*DATAlength + info.DATA_len < LENGTH_OF_INTERPROC_DATA) { memcpy ((connection_data + *DATAlength), data, info.DATA_len); *DATAlength += info.DATA_len; } } if (finish == TCP_FINISH) { del_itemlist (running_connections, conn_name); del_itemlist (running_connections, conn_name2); } kill (getppid (), SIGUSR1); } #endif int main (int argc, char *argv[]) { char *dev, forced_dev[20], buffer[SNAPLEN]; char ebuf[PCAP_ERRBUF_SIZE]; unsigned char *DUMPfile; /* file used for packed logging */ int c, i; unsigned long memsize; _32_bit ipaddr; int flag = 0, doboth = 0, FORCE_DEV = 0, SUPPORTED = 0; extern char *optarg; signal (SIGINT, my_exit); /* gracefull termination in different ways */ signal (SIGHUP, my_exit); signal (SIGTERM, my_exit); SNIFLEN = 300; /* Set defaults */ DEST_PORT = SRC_PORT = 0; /* dest & source Port */ INTERACTIVE_EXTEND=SNIFMODE = DUMPMODE = PROTOCOLS = ASC = WILDCARD = CFG_FILE = NO_CHKSUM = 0; LOGPARAM = 0; Logfile[0] = 0; logging_device = NULL; IP[0]=0; for (i = 0; i < 10; i++) Plugin_Active[i] = 0; /* Active plugins */ #ifdef DEBUG if ((debug_dev = fopen (DEBUG_DEVICE, "a")) < 0) { printf ("Couldn't open DEBUG device!\n"); exit (0); } else { fprintf (debug_dev, "\n\nDEVICE OPENED FOR SNIFFIT DEBUGGING\n\n"); exit_func (close_debug_device); } #endif #ifdef INCLUDE_INTERFACE while ((c = getopt (argc, argv, "D:A:P:iIdp:l:xabt:s:F:c:nvL:M:Nr:R:")) != -1) { #else while ((c = getopt (argc, argv, "A:P:dp:l:xabt:s:F:c:nvL:M:Nr:R:")) != -1) { #endif /* Argument treating */ switch (c) { case 'v': printf ("Sniffit Version %s - Copyright 1996-98 Brecht Claerhout\n", VERSION); #ifdef __DATE__ printf ("Binary build %s %s\n", __DATE__, __TIME__); #endif quit (argv[0]); break; case 'd': if(DUMPMODE&8) quit(argv[0]); DUMPMODE |= 1; break; case 'a': if(DUMPMODE&8) quit(argv[0]); DUMPMODE |= 2; break; case 'R': /* recording (not mixable) */ if(DUMPMODE) quit(argv[0]); DUMPMODE=8; DUMPfile=(unsigned char *)optarg; break; case 'r': if(DUMPMODE&8) quit(argv[0]); DUMPMODE|=16; /* reading (mixable) */ DUMPfile=(unsigned char *)optarg; break; case 'x': if(DUMPMODE&8) quit(argv[0]); DUMPMODE |= 32; break; case 'N': if(DUMPMODE&8) quit(argv[0]); DUMPMODE |= 128; break; case 'p': if(DEST_PORT!=0) printf("Conflicting ports... (using %d as destination port)\n", atoi(optarg)); DEST_PORT = atoi(optarg); break; case 'l': SNIFLEN = atol (optarg); break; case 'L': LOGPARAM |= LOGPARAM_LOG_ON; strlower (optarg); if (strstr (optarg, "raw")) LOGPARAM |= LOGPARAM_RAW; if (strstr (optarg, "norm")) LOGPARAM |= LOGPARAM_NORM; if (strstr (optarg, "telnet")) LOGPARAM |= LOGPARAM_TELNET; if (strstr (optarg, "ftp")) LOGPARAM |= LOGPARAM_FTP; if (strstr (optarg, "mail")) LOGPARAM |= LOGPARAM_MAIL; break; case 'b': doboth = 1; break; case 'A': ASC = 1; non_printable = *optarg; break; case 'D': logging_device = optarg; break; case 'P': strlower (optarg); if (strstr (optarg, "tcp")) PROTOCOLS |= F_TCP; if (strstr (optarg, "icmp")) PROTOCOLS |= F_ICMP; if (strstr (optarg, "udp")) PROTOCOLS |= F_UDP; if (strstr (optarg, "ip")) PROTOCOLS |= F_IP; break; case 's': { char hlp[300], *hlp2; flag++; SNIFMODE = SOURCE; hlp[299]=0; strncpy(hlp,optarg,299); hlp2=(char *)strtok(hlp,":"); IP[255]=0; strncpy(IP,hlp2,255); if((hlp2=(char *)strtok(NULL,":"))!=NULL) SRC_PORT = atoi(hlp2); break; } case 't': { char hlp[300], *hlp2; flag++; SNIFMODE = DEST; hlp[299]=0; strncpy(hlp,optarg,299); hlp2=(char *)strtok(hlp,":"); IP[255]=0; strncpy(IP,hlp2,255); if((hlp2=(char *)strtok(NULL,":"))!=NULL) { if(DEST_PORT!=0) printf("Conflicting ports... (using %d as destination port)\n", atoi(hlp2)); DEST_PORT = atoi(hlp2); } break; } case 'i': flag++; SNIFMODE = INTERACTIVE; INTERACTIVE_EXTEND=0; break; case 'I': flag++; SNIFMODE = INTERACTIVE; INTERACTIVE_EXTEND=1; break; case 'n': NO_CHKSUM = 1; break; case 'M': if ((atoi (optarg) >= 0) && (atoi (optarg) <= 9)) Plugin_Active[atoi (optarg)] = 1; break; case 'F': strcpy (forced_dev, optarg); FORCE_DEV = 1; break; case 'c': flag++; read_cfg_file (optarg); #ifdef DEBUG_ONSCREEN printf ("FINISHED INTERPRETING\n"); printf ("sf:%d st:%d df:%d dt:%d\n", select_from_length, select_to_length, deselect_from_length, deselect_to_length); #endif CFG_FILE = 1; break; case '?': quit(argv[0]); break; default: break; } } #ifdef ALLOW_SUID if ((getuid () != 0) && (geteuid () != 0)) printf ("You should be root to run this program!\n"), exit (1); #else if (getuid () != 0) printf ("You should be root to run this program!\n"), exit (1); #endif if (flag != 1) quit (argv[0]); if ((LOGPARAM != 0) && (CFG_FILE == 0)) quit (argv[0]); if (LOGPARAM != 0) open_logfile (); if (PROTOCOLS == 0) PROTOCOLS |= F_TCP; if (doboth) { SNIFMODE = BOTH; if( DEST_PORT&&SRC_PORT&&(DEST_PORT!=SRC_PORT) ) printf("Conflicting ports... (result might not be what you want!)\n"); if(DEST_PORT==0) DEST_PORT=SRC_PORT; /* ports should be the same for BOTH */ else SRC_PORT=DEST_PORT; } if ((SNIFMODE != INTERACTIVE) && (CFG_FILE == 0)) { /* if(index(IP,'@')) For SunOS */ if (strchr (IP, '@')) { printf ("Wildcard detected, IP nr. not checked...\n"); WILDCARD = 1; /* strcpy(index(IP,'@'),"\0"); */ strcpy (strchr (IP, '@'), "\0"); } else { ipaddr = getaddrbyname (IP); if (ipaddr == 0) printf ("Non existing host!\n"), exit (1); } } reset_all (); /* just to be sure */ if(DUMPMODE&16) /* read from a file */ { if(FORCE_DEV==0) quit(argv[0]); if((dev_desc=pcap_open_offline(DUMPfile,ebuf))==NULL) fprintf (stderr,"%s\n",ebuf), exit (0); } /* real device */ if (FORCE_DEV != 0) /* 0.3.6 core dump fix */ { if((dev=malloc(strlen(forced_dev)+1))==NULL) fprintf(stderr,"Couldn't allocate memory...\n"); strcpy (dev, forced_dev); printf ("Forcing device to %s (user requested)...\n", dev); printf ("Make sure you have read the docs carefully.\n"); PROTO_HEAD = FORCED_HEAD_LENGTH; } else { if((dev = pcap_lookupdev (ebuf)) == NULL) fprintf (stderr,"%s\n",ebuf), exit (1); } for (i = 0; i < NETDEV_NR; i++) if (strstr (dev, NETDEV[i])) /* For expansion */ { PROTO_HEAD = HEADSIZE[i]; printf ("Supported Network device found. (%s)\n", dev); SUPPORTED = 1; break; } if ((SUPPORTED == 0) && (FORCE_DEV == 0)) /* not supported & not forced */ { printf ("Network device found... BUT not known by Sniffit, use '-F ' option!\n"); printf ("Read the README.FIRST on how to force network devices.\n"); exit (1); } if(!(DUMPMODE&16)) if ((dev_desc = pcap_open_live (dev, SNAPLEN, 1, MSDELAY, ebuf)) == NULL) fprintf (stderr,"%s\n",ebuf), exit (0); else exit_func(close_pcapdev); if(FORCE_DEV!=0) {free(dev);} /* no longer needed */ #ifdef PLUGIN0_INIT() if (Plugin_Active[0] == 1) PLUGIN0_INIT (); #endif #ifdef PLUGIN1_INIT() if (Plugin_Active[1] == 1) PLUGIN1_INIT (); #endif #ifdef PLUGIN2_INIT() if (Plugin_Active[2] == 1) PLUGIN2_INIT (); #endif #ifdef PLUGIN3_INIT() if (Plugin_Active[3] == 1) PLUGIN3_INIT (); #endif #ifdef PLUGIN4_INIT() if (Plugin_Active[4] == 1) PLUGIN4_INIT (); #endif #ifdef PLUGIN5_INIT() if (Plugin_Active[5] == 1) PLUGIN5_INIT (); #endif #ifdef PLUGIN6_INIT() if (Plugin_Active[6] == 1) PLUGIN6_INIT (); #endif #ifdef PLUGIN7_INIT() if (Plugin_Active[7] == 1) PLUGIN7_INIT (); #endif #ifdef PLUGIN8_INIT() if (Plugin_Active[8] == 1) PLUGIN8_INIT (); #endif #ifdef PLUGIN9_INIT() if (Plugin_Active[9] == 1) PLUGIN9_INIT (); #endif #ifdef INCLUDE_INTERFACE if (SNIFMODE == INTERACTIVE) { memsize = sizeof (int) + sizeof (int) + LENGTH_OF_INTERPROC_DATA + sizeof (int) + sizeof (struct snif_mask) + sizeof (struct shared_logged_conn) + (CONNECTION_CAPACITY * sizeof (struct shared_conn_data)) + sizeof (int) + sizeof (unsigned long) + sizeof (int) + sizeof (int) + sizeof (unsigned long) + sizeof (int) + sizeof (int); memory_id = shmget (0, memsize, 0700); if (memory_id < 0) { perror ("Interactive Sniffer Hartattack (No Shared mem avail!)"); exit (0); } exit_func (mem_exit); if ((SHARED = shmat (memory_id, 0, SHM_RND)) == NULL) { perror ("Interactive Sniffer Hartattack (Wow something is wrong here)"); exit (0); }; printf ("Entering Shared memory at %p\n", SHARED); printf ("Shared %d\n", memsize); timing = SHARED; /* set all pointers */ DATAlength = timing + sizeof (int); connection_data = DATAlength + sizeof (int); LISTlength = connection_data + LENGTH_OF_INTERPROC_DATA; mask = LISTlength + sizeof (int); logged_connections = mask + sizeof (struct snif_mask); log_conn = (struct shared_logged_conn *) logged_connections; running_connections = logged_connections + sizeof (struct shared_logged_conn); TCP_nr_of_packets = running_connections + (sizeof (struct shared_conn_data) * CONNECTION_CAPACITY); TCP_bytes_in_packets = TCP_nr_of_packets + sizeof (int); ICMP_nr_of_packets = TCP_bytes_in_packets + sizeof (unsigned long); UDP_nr_of_packets = ICMP_nr_of_packets + sizeof (int); UDP_bytes_in_packets = UDP_nr_of_packets + sizeof (int); IP_nr_of_packets = UDP_bytes_in_packets + sizeof (unsigned long); DESC_LEN = IP_nr_of_packets + sizeof (int); clear_shared_mem (0); *DESC_LEN = 10; /* not necessary, but for security (eliminate very unlikely races) */ if ((Pid = fork ()) < 0) { perror ("Interactive Sniffer Hartattack (Couldn't fork)"); exit (0); }; if (Pid == 0) { sleep (4); if (pcap_loop (dev_desc, CNT, interactive_packethandler, NULL) < 0) printf ("Capturing Packets Failed\n"), exit (0); } else { exit_func (child_exit); signal (SIGCHLD, SIG_IGN); if (logging_device != NULL) { if (stat (logging_device, &log_dev_stat) < 0) perror ("\'-D\' option error"), exit (0); if ((log_dev_stream = fopen (logging_device, "a")) == NULL) printf ("Couldn't open device for logging output\n"), exit (0); } run_interface (); } } else { #endif if (CFG_FILE == 0) printf ("Sniffit.%s is up and running.... (%s)\n\n", VERSION, IP); else printf ("Sniffit.%s is up and running.... (Config File Used)\n\n", VERSION); if(DUMPMODE&8) { if((dev_dump=pcap_dump_open(dev_desc, DUMPfile))==NULL) fprintf (stderr, "Capturing Packets Failed\n"), exit (0); exit_func(close_dumpfile); } switch (pcap_loop (dev_desc, CNT, packethandler, (unsigned char *) &ipaddr)) { case -1: fprintf (stderr, "Capturing Packets Failed\n"), exit (0); break; case 0: exit(0); default: break; } #ifdef INCLUDE_INTERFACE } #endif } sniffit.0.3.7.beta/sniffit.5100644 1750 1750 6373 6553423606 14343 0ustar codercoder.\" sniffit config file man page - Brecht Claerhout .\" .TH SNIFFIT 5 .SH NAME sniffit \- configuration file for sniffit (name arbirtary) .SH DESCRIPTION This page describes the format for the config file for .B sniffit (see .BR sniffit (8) ). This file allows you to specify in great detail witch packets should be processed by .B sniffit. This file also controls (or will control) some functions for the continuous logging ('-L' option). .LP A .B sniffit config file might look like (Be sure to end it with a BLANK line): .IP .nf # Sniffit Sample Config file -- Brecht Claerhout logfile /var/adm/sniffit.today.log # First select all packets! select both mhosts 1 select both mhosts 2 # Now deselect all packets from/to those damn 'surfers' deselect both port 80 deselect both port 8001 .fi .LP This file will tell .B sniffit to process all packets on the subnet except those FROM/TO ports 80 and 8001 (thus we don't want logs of those mass WWW connections witch turn our logs unreadable). .SH "GLOBAL FORMAT" The file consists of lines, lines are formed by fields, fields are separated with SPACES (NO TABS). Unix comment lines (starting with '#' are allowed). So this gives us: .IP .SH "FIELD FORMAT" .IP "" .B select - .B Sniffit will look for packets that match the following description (other fields) .IP .B deselect - .B Sniffit will ignore packets that match the description .IP .B logfile - change the logfile name to instead of the default 'sniffit.log' .IP "" .B from - Packets FROM the host matching the following desc. are considered. .IP .B to - similar, Packets TO the.... .IP .B both - similar, Packets FROM or TO the.... .IP .B "a filename" - as an argument of 'logfile' in .IP "" .B host - The (de)selection criteria involves a hostname. .IP .B port - similar, ... a portnumber .IP .B mhosts - The (de)selection criteria involves multiple-hosts, like with the wildcars in 0.3.0, but without the 'x' .IP "" Either a hostname, a portnumber, a service name or a numbet-dot partial notation indicating multiple hosts depending on (service names like 'ftp' are resolved as the services available present on the host that runs Sniffit, and translated into a port nr) .IP "" A portnumber, if was 'host' or 'mhosts' (optional, if not filled in, all ports are going to be (de)selected) .SH "FILE INTERPRETING" The config file is interpreted SEQUENTIAL, so watch it, don't mix lines in a file. Example: .IP .nf select both mhosts 100.100.12. deselect both port 80 select both host 100.100.12.2 This file will get you the packets: a) Send by hosts '100.100.12.*' b) EXCEPT the WWW packets c) BUT showing the WWW packets concerning 100.100.12.2 .fi .IP .nf select both mhosts 100.100.12. select both host 100.100.12.2 deselect both port 80 Will give you the packets (probably unwanted result): a) Send by hosts '100.100.12.*' b) Send from/to 100.100.12.2 (useless line) c) deselecting all WWW packets on the subnet .ni .SH AUTHOR Brecht Claerhout .SH "SEE ALSO" .BR sniffit (8) sniffit.0.3.7.beta/sniffit.8100644 1750 1750 23236 6553423606 14363 0ustar codercoder.\" Sniffit man page file - Brecht Claerhout .\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH SNIFFIT 8 .SH NAME sniffit \- packet sniffer and monitoring tool .SH SYNOPSIS .B sniffit [-xdabvnN] [-P .I proto .B ] [-A .I char .B ] [-p .I port .B ] [(-r|-R) .I recordfile .B ] [-l .I sniflen .B ] [-L .I logparam .B ] [-F .I snifdevice .B ] [-D .I tty .B ] [-M .I plugin .B ] [(-t .I Target-IP .B | -s .I Source-IP .B ) | (-i|-I) | -c .I config-file .B ] .SH DESCRIPTION .B sniffit is a packet sniffer for TCP/UDP/ICMP packets. .B sniffit is able to give you very detailed technical info on these packets (SEQ, ACK, TTL, Window, ...) but also packet contence in different formats (hex or plain text, ...). .LP .B sniffit can by default handle ethernet and PPP devices, but can easily be forced into using other devices (read the .B README.FIRST and .B sn_config.h files on this subject!) .LP The sniffer can easily be configured in order to 'filter' the incomming packets (to make the sniffing results easier to study). The config file (see .BR sniffit (5) ) allows you to be verry specific on the packets to be processed. .LP .B sniffit also has an interactive mode for active monitoring, and can also be used for continuous monitoring on different levels. .SH NOTE This man page is supposed to be a reference manual. So please read .B README.FIRST first, and use this only for better understanding or for a quick check on the use of .B sniffit .SH OPTIONS .IP -v Shows the version of .B sniffit you are running and exits .I "(overrides all)" .IP "-t Target-IP" Only process packets TO Target-IP. If Target-IP is in dot-nr notation, 'x' is allowed as wildcard. (e.g. '-t 157.193.x', '-t x', ...) .I "(NOT compatible with: '-s' '-i' '-I' '-c' '-v' '-L')" .IP "-s Source-IP" Similar to '-t', only process packets FROM Source-IP. .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')" .IP -b 'both' mode, together with '-s' or '-t', only process FROM/TO the IP specified by '-s' or '-t' .I "(NOT compatible with: '-t' '-i' '-I' '-c' '-v' '-L')" .IP "-c config-file" Use .I config-file for the packet filtering. This allows you to be very specific on the packets to be processed (see .BR sniffit (5) for details on the format). .I "(NOT compatible with: '-t' '-s' '-i' '-I' '-v' '-L')" .IP -i Launch the ncurses interface for active monitoring ('interactive mode'). (NOT available if you compiled without INTERACTIVE support see .B sn_config.h and .B README.FIRST ) (one of the options '-t' '-s' '-i' '-I' '-c' is required) .I "(NOT compatible with: '-t' '-s' '-c' '-v' '-L')" .IP -I Same as '-i', but gives you more information. (one of the options '-t' '-s' '-i' '-I' '-c' is required) .I "(NOT compatible with: '-t' '-s' '-c' '-v' '-L')" .IP "-R " Record all traffic in .I .This file can then be fed to Sniffit with the '-r' option. .I "(Needs a selection parameter like '-c' '-t' '-s')" .I "(NOT compatible with '-i' '-I' '-v' '-L' '-r')" .IP "-r " This option feeds the recorded .I to .B sniffit. It requires the '-F' option with the correct device. Suppose you log a file on a machine with 'eth0'. When feeding the logged file to .B sniffit , you will need to add '-F eth0' or '-F eth' to the command line. It doesn't need much explanation that using '-i' or '-I' in combination with '-r' makes no sense (at this moment). .I "(requires '-F', NOT compatible with '-R' '-i' '-I')" .IP -n Turn of IP checksum checking. This can show you bogus packets. (mind you ARP, RARP, other non-IP packets will show up bogus too) .I "(compatible with ALL options)" .IP -N Don't perform any of the build in Sniffit functions. Usefull for only running a Plugin. .I "(compatible with ALL options)" .IP -x Prints extended info on TCP packets to stdout (SEQ, ACK, Flags, etc...) Interesting when tracing spoofs, packet loss and other real net debugging/checking tasks. (if you want to log this, pipe stdout to a file) .I "(NOT compatible with: '-i' 'I' '-v')" .IP -d 'dump mode', shows the packets on the screen (stdout) instead of logging into files (default). Data is printed in bytes (hex). .I "(NOT compatible with: '-i' 'I' '-v' '-L')" .IP -a 'dump mode', same of '-d' but outputs ASCII. Non printable chars are replaced by '.'. ('-d' and '-a' mix without any problem) .I "(NOT compatible with: '-i' '-I' '-v' '-L')" .IP "-P proto" Specify the protocols that should be processed (default TCP). Possible options currently are: IP, TCP, ICMP, UDP. They can be combined. IP, ICMP, UDP info is dumped to stdout. IP gives ADDITIONAL info on the IPwrapping around other packets, it is not needed to specify IP for TCP packet logging. IP, ICMP packets are not filtered (UDP packets are as of 0.3.4). .I "(NOT compatible with: '-i' '-I' '-v' '-L')" .IP "-A char" When in 'normal mode' (not '-d','-a','-i','-I','-L'), all non-printable chars will be replaced by .I char .I "(NOT compatible with: '-a' '-d' '-i' '-I' '-v' '-L')" .IP "-p port" Only checks packets going TO (!!) port .I port , 0 means all ports, default is 0 (all). .I "(NOT compatible with: '-c' '-i' '-I' '-v' '-L')" .IP "-l sniflen" Ammount of data to log (default 300 bytes) in 'normal mode'. The first .B sniflen bytes of every connection are logged. Length 0 logs means everything. (look out with diskspace!) .I "(NOT compatible with: '-i' '-I' '-v' '-L')" .IP "-F snifdevice" Force sniffit to use a certain network device. .I snifdevice can be found with .I ifconfig (see .BR ifconfig (8) ). .B sniffit supports ethernet and PPP by default. Read .B README.FIRST for info on forcing the use of other devices. .I "(compatible with ALL options)" .IP "-D tty" All logging output will be send to that device. .I "(ONLY works with '-i' and '-I')" .IP "-M plugin" Activate Plugin nr. .B Plugin , for a list on all plugins compiled in your version, just type ' .B sniffit '. Read all about Plugins in the PLUGIN-HOWTO (READ IT!) .I "(NOT compatible with: '-i' '-I' '-v')" .IP "-L logparam" Use .B sniffit as a monitoring tool and enable different logging modes ( .I logparam ) The File for logging can be specified in the config file (see .BR sniffit (5) ) but is .B sniffit.log by default. Different .I logparam can be combined. .I "(ONLY works with '-c')" .SH "NORMAL MODE" A bunch of .I sniflen initial bytes (default 300) of each connection is logged into a file .B x.x.x.x.p-y.y.y.y.o where 'x.x.x.x' is the sending host (port 'p') and 'y.y.y.y' the receiving host (port 'o'). .SH "DUMP MODE ('-d' and/or '-a')" Output is dumped to stdout, the packet contence is shown in it's unwrapped form (the complete IP packet). .SH "INTERACTIVE MODE ('-i' or '-I')" Keys available in interactive mode: .IP "'UP or 'k'" self explanatory .IP "DOWN or j'" self explanatory .IP "F1 or '1'" Enter a host (enter 'all' for no mask) for packet filtering (host that sends the packets) .IP "F2 or '2'" Enter a host (enter 'all' for no mask) for packet filtering. (host that receives the packets) .IP "F3 or '3'" Enter a port (enter '0' for no mask) for packet filtering. (host that sends the packets) .IP "F4 or '4'" Enter a port (enter '0' for no mask) for packet filtering. (host that receives the packets) .IP "F5 or '5'" Start a program 'sniffit_key5' with arguments .I " " If the program doesn't exist, nothing is done. Sniffit should be in the same path as sniffit was STARTED FROM (not necessarely the path sniffit is stored in) This function is usefull for interactive connection killing or extra monitoring. A little shell script can always transform the arguments given and pass them on to other programs. .IP "F6 or '6'" Same as F5 or '5', but with program 'sniffit_key6' .IP "F7 or '7'" Same as F5 or '5', but with program 'sniffit_key7' .IP "F8 or '8'" Same as F5 or '5', but with program 'sniffit_key8' .IP "ENTER" a window will pop up and log the connection, or the connection output will be send at a chosen device if you used the '-D' option. .IP "'q'" When in logging mode, stop logging. Otherwise, quit. .IP "'n'" Toggle netstatistics. These are sampled at 3 secs, look in the sn_config.h file to change this. .IP "'g'" .B Sniffit is now able to generate some trafic load. Currently this is a 'underdevelloped' feature with very few options, but it will be expanded a lot. Currently only UDP packets are generated. When pressing 'g' you will be asked the source/dest IP/port and how much packets are needed to be transmitted. Packets contain the line: "This Packet was fired with Sniffit! .IP "'r'" Reset.. clears all current connections from memory and restarts. .SH "LOGGING MODE ('-L')" Output is saved to .B sniffit.log , unless you have specified some other name in the config file (see .BR sniffit (5) ). .LP .IP "raw" Log all SYN, FIN, RST packets. This will give you an overview of all network (TCP) trafic in a 'RAW' way (a connection starting could gives you at least 2 SYN packets, etc...). .IP "norm" Same as raw, but a bit more intelligent. Unless packets are transmitted multiple times because of packet loss, you will only get 1 notice of a connection starting or ending. (the packet id will give you the host that initiated the connection first) .IP "telnet" Sniffit will try to catch login and passwords for this application. (see .BR telnet (1) ) .IP "ftp" Sniffit will try to catch login and passwords for this application. (see .BR ftp (1) ) .IP "mail" Sniffit will try to identify all mail that was logged. .SH "IP ICMP UDP LOGGING" Information on these packets is dumped to stdout. Packet Filtering options only refer to TCP and UDP packets. The contence of UDP packets is only shown when enabling '-a' or '-d'. .SH AUTHOR Brecht Claerhout .SH "SEE ALSO" .BR sniffit (5) sniffit.0.3.7.beta/sniffit.h100644 1750 1750 2525 6553423606 14421 0ustar codercoder/* Sniffit Data File */ #ifndef _SNIFFIT_H_ #define _SNIFFIT_H_ /**** Sniffit functions *****************************************************/ int check_packet(_32_bit, const struct packetheader *, const unsigned char *,char *, char *, struct unwrap *,char *,int); pcap_handler packethandler(unsigned char *,const struct packetheader *, const unsigned char *); int check_mask (const struct packetheader *,const unsigned char *, char *, char *, char *, struct unwrap *); pcap_handler interactive_packethandler( char *, const struct packetheader *, const unsigned char *); void print_iphead (struct IP_header *, char); void quit (char *); void reset_all (void); char *strlower (char *); struct file_info *add_dynam (char *, char, char, _32_bit, int); void delete_dynam (char *, char, char); void record_buf(struct file_info *, _32_bit, char *, int, int); void sb_shift(struct file_info *); void sbuf_update(struct file_info *, _32_bit, char *, int); struct file_info *search_dynam(char *, char); void my_exit (void); /**** Sniffit functions (plugins) *******************************************/ void start_plugin (int, struct Plugin_data *); #endif