Commit bd67e6f0 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 1.3a

parents
--- CHANGELOG BEGIN ---
05.05.08 * version 1.3a
- Improved logging output of net.c
- Added missing gcc option -O3 in src/Makefile
- Fixed a -W option bug (partial results corruption)
19.02.08 * version 1.3
- Added -w and -W options (enable/disable raw/pcap output)
- Simplified command line options
- Changed the default value of some SELECT options (this should
improve the detection, using more memory!)
- Improved output files
- Fixed a bug that caused a silent drop of the noise packets
- Improved documentation
- Removed the italian documentation
- Some bugs fixed in common.c
- Added the dissector for AP_DLT_IEEE802_11 network frames,
this implies a better support for wireless networks
14.08.07 * version 1.2
- Added privilege dropping
- Added syslog logging
- Improved output files
- Simplified command line options
- Improved reverse rtp stream detection
- Added background execution
- In Makefile added gcc option -O3 and removed gcc option -ggdb
- Added files COPYING and CHANGELOG
- In Makefile added version information
- README.* updated to reflect changes
22.07.07 * version 1.1
- Fixed a bug that caused some broken stats and 1 lost packet
when (rtp_packet.seq == 0)
25.05.07 * version 1.0
- First public release!
--- CHANGELOG END ---
This diff is collapsed.
# project Makefile.
INSTALL_DIR = "$(HOME)/bin/"
#####################################################################
all: build
check_version:
@./check_version.sh
build:
@cd src ; $(MAKE)
@echo "% "
@echo "% You can check the web if this is the latest public version"
@echo "% issuing the command \"make check_version\". have fun!"
@echo "%"
install:
cp src/rtpbreak $(INSTALL_DIR)
@echo "%"
@echo "% Now rtpbreak is properly installed, ready to sniff packets!"
@echo "%"
clean:
cd src ; $(MAKE) clean
#eof
See the doc directory.
--- THANKS BEGIN ---
- Prudhvi Krishna Surapaneni, mantainer of the FreeBSD Port
- Timothy Redaelli, mantainer of the Gentoo package
- Esa Hyytia, suggesting new features and reporting bugs
- Miguel Olivares, reporting bugs
--- THANKS END ---
#!/bin/bash
PATH=${PATH}:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
################################################################################
#
# check_version.sh by xenion -- 2008-02-23 10:39 -- v.1ce37613244d6fcb5d0ba4be290c9558
#
latest_version_absurl="http://xenion.antifork.org/rtpbreak/VERSION"
this_version_relpath="src/VERSION"
echo "Getting file $latest_version_absurl ..."
latest_version="`wget -qO- "$latest_version_absurl" | cut -f2- -d=`"
this_version="`cat "$this_version_relpath" | cut -f2- -d=`"
if [ "$latest_version" = "" ] ;
then
echo "ERR: unable to wget $latest_version_absurl"
else
if [ "$latest_version" = "$this_version" ] ;
then
echo "You have the latest available version! (latest:$latest_version == this:$this_version)"
else
echo "You have not the latest available version! (latest:$latest_version != this:$this_version)"
echo "You can get it at http://xenion.antifork.org/"
fi
fi
/* Century Schoolbook font is very similar to Computer Modern Math: cmmi */
.MATH { font-family: "Century Schoolbook", serif; }
.MATH I { font-family: "Century Schoolbook", serif; font-style: italic }
.BOLDMATH { font-family: "Century Schoolbook", serif; font-weight: bold }
/* implement both fixed-size and relative sizes */
SMALL.XTINY { font-size : xx-small }
SMALL.TINY { font-size : x-small }
SMALL.SCRIPTSIZE { font-size : smaller }
SMALL.FOOTNOTESIZE { font-size : small }
SMALL.SMALL { }
BIG.LARGE { }
BIG.XLARGE { font-size : large }
BIG.XXLARGE { font-size : x-large }
BIG.HUGE { font-size : larger }
BIG.XHUGE { font-size : xx-large }
/* heading styles */
H1 { }
H2 { }
H3 { }
H4 { }
H5 { }
/* mathematics styles */
DIV.displaymath { } /* math displays */
TD.eqno { } /* equation-number cells */
/* document-specific styles come next */
DIV.navigation { }
PRE.preform { }
SPAN.textit { font-style: italic }
SPAN.arabic { }
This diff is collapsed.
# src Makefile.
include VERSION
CC = cc
CFLAGS = -Wall -O3 # debug: put -ggdb instead of -O3
LDFLAGS =
LIBS = -lpcap -lnet
DEFS =
#####################################################################
all: header
$(CC) -c -DVERSION=\"$(VERSION)\" $(CFLAGS) $(DEFS) main.c
$(CC) -c $(CFLAGS) $(DEFS) common.c
$(CC) -c $(CFLAGS) $(DEFS) net.c
$(CC) $(LDFLAGS) main.o common.o net.o -o rtpbreak $(LIBS)
@echo "%"
header:
@echo "%"
@echo "% Compiling rtpbreak v$(VERSION)"
@echo "%"
@echo "% CC...................: $(CC)"
@echo "% CFLAGS...............: $(CFLAGS)"
@echo "% LDFLAGS..............: $(LDFLAGS)"
@echo "% LIBS.................: $(LIBS)"
@echo "% DEFS.................: $(DEFS)"
@echo "%"
indent:
astyle --convert-tabs --style=gnu *.[hc]
srcheaders:
update_src_header.sh *h *c
clean:
@rm -f rtpbreak *.[hc].orig rtp.*.txt rtp.*.*.* *.o *.wav *~~
#eof
VERSION=1.3a
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
* The Regents of the University of California. All rights reserved.
*
* This code is derived from the Stanford/CMU enet packet filter,
* (net/enet.c) distributed as part of 4.3BSD, and code contributed
* to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
* Berkeley Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)bpf.h 7.1 (Berkeley) 5/7/91
*
*/
#define AP_DLT_NULL 0 /* no link-layer encapsulation */
#define AP_DLT_EN10MB 1 /* Ethernet (10Mb) */
#define AP_DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */
#define AP_DLT_AX25 3 /* Amateur Radio AX.25 */
#define AP_DLT_PRONET 4 /* Proteon ProNET Token Ring */
#define AP_DLT_CHAOS 5 /* Chaos */
#define AP_DLT_IEEE802 6 /* IEEE 802 Networks */
#define AP_DLT_ARCNET 7 /* ARCNET */
#define AP_DLT_SLIP 8 /* Serial Line IP */
#define AP_DLT_PPP 9 /* Point-to-point Protocol */
#define AP_DLT_FDDI 10 /* FDDI */
#define AP_DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#if defined(__OpenBSD__)
#define AP_DLT_LOOP 12 /* old DLT_LOOP interface :4 byte offset */
#define AP_DLT_RAW 14 /* raw IP: 0 byte offset */
#else
#define AP_DLT_RAW 12 /* raw IP: 0 byte offset*/
#define AP_DLT_LOOP 108
#endif
#define AP_DLT_ENC 13
#define AP_DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */
#define AP_DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */
#define AP_DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
#define AP_DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */
#define AP_DLT_PPP_ETHER 51 /* PPP over Ethernet */
#define AP_DLT_C_HDLC 104 /* Cisco HDLC */
#define AP_DLT_CHDLC DLT_C_HDLC
#define AP_DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
#define AP_DLT_LINUX_SLL 113
#define AP_DLT_LTALK 114
#define AP_DLT_ECONET 115
#define AP_DLT_IPFILTER 116
#define AP_DLT_PFLOG 117
#define AP_DLT_CISCO_IOS 118
#define AP_DLT_PRISM_HEADER 119
#define AP_DLT_AIRONET_HEADER 120
This diff is collapsed.
/*
* common.h by xenion -- 2008-05-05 -- v.1293c16fff21c9e111936bd906f13e1c
*
* Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit>
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#ifndef COMMON_H
#define COMMON_H
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
/* const */
#define LINE_BUFFER_MAX 4096
#ifndef PATH_MAX
#define PATH_MAX 4096
#endif
/* macros */
// returns 1 if a > b, -1 if a < b, 0 if a == b
#define TIMEVAL_CMP(a, b) ( \
a.tv_sec > b.tv_sec ? 1 : \
a.tv_sec < b.tv_sec ? -1 : \
a.tv_usec > b.tv_usec ? 1 : \
a.tv_usec < b.tv_usec ? -1 : 0 )
#define TIMEVAL_SUB(a, b, result) \
do { \
(result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
(result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
if ((result)->tv_usec < 0) { \
--(result)->tv_sec; \
(result)->tv_usec += 1000000; \
} \
} while (0)
#define MAX(x,y) ( (x) > (y) ? (x) : (y))
#define MIN(x,y) ( (x) < (y) ? (x) : (y))
#define PERCENTAGE(x,y) ((y) == 0 ? 0 : (float)(x) * 100 / (y))
#define LOG(h,n,fmt, ...) do { \
logthis(__FILE__, __FUNCTION__, __LINE__,0,h,n,fmt, ## __VA_ARGS__ ); \
} while(0)
#define VLOG(h,n,fmt, ...) do { \
logthis(__FILE__, __FUNCTION__, __LINE__,1,h,n,fmt, ## __VA_ARGS__ ); \
} while(0)
#define FATAL(x, ...) do { \
fatal(__FILE__, __FUNCTION__, __LINE__,x, ## __VA_ARGS__ ); \
} while(0)
#define SAFE_FREE(x) do { if (x) { free(x); x = NULL; }}while(0)
#define SAFE_CLOSE(x) do { if(x != -1) { close(x) ; x = -1;}}while(0)
#define SAFE_FCLOSE(x) do { if (x) { fclose(x); x = NULL; }}while(0)
#define SAFE_FPRINTF(x, ...) do { if(x) fprintf(x, ## __VA_ARGS__ ); } while(0)
#define SAFE_PDCLOSE(x) do { if (x) { pcap_dump_close(x); x = NULL; }}while(0)
#define SAFE_STRDUP(x) (*x ? strdup(x) : NULL)
#define SWITCH_VALUES(x,y,tmp) do { tmp=x; x=y; y=tmp; } while(0)
#define STATIC_STRLEN(x) (sizeof(x)-1) // (sizeof("ciao")-1) == 4
#define SIG_NAME(x) x == SIGURG ? "SIGURG" : \
x == SIGPIPE ? "SIGPIPE" : \
x == SIGQUIT ? "SIGQUIT" : \
x == SIGINT ? "SIGINT" : \
x == SIGTERM ? "SIGTERM" : \
x == SIGHUP ? "SIGHUP" : \
x == SIGSEGV ? "SIGSEGV" : \
x == SIGBUS ? "SIGBUS" : \
x == SIGUSR1 ? "SIGUSR1" : "UNKNOWN"
/* protos */
extern void fatal(char *file, const char *function, int line, const char *fmt, ...);
extern void logthis(char *file, const char *function, int line, int ifverbose,int h, int n, const char *fmt, ...);
extern void logmem(u_int8_t *p, u_int32_t len, u_int32_t cols, int format, char *lh);
extern char *str_char(unsigned char c);
extern void enable_verbose();
extern void disable_verbose();
extern void open_logfile(char *pathname);
extern void init_sighandlers();
extern void sig_lock();
extern void sig_unlock();
extern void close_logfile();
extern char *strtime(time_t t);
extern void drop_privs(char *user, char *group);
extern void daemonize();
extern int exists(char *pathname);
extern void enable_syslog();
extern void disable_syslog();
extern void enable_stdout();
extern void disable_stdout();
extern char *get_next_name(char *directory, char *prefix, char *suffix, int *i);
extern int isdirectory(char *pathname);
extern char *trim(char *str);
extern int parse_token(char *data, u_int32_t datalen, char *delims, char *found);
extern int parse_line(char *data, u_int32_t datalen);
extern int mystrnstr(char *str1, char *str2, int str1len);
#endif
/* eof */
/*
* ieee80211.h by xenion -- 2008-05-05 -- v.c486a4662d73aaca28a52ba95febd8b3
*
* Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit>
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
// adapted from:
// $FreeBSD: src/sys/net80211/ieee80211.h,v 1.9.2.2 2006/08/10 06:07:49 sam Exp $
/* does frame have QoS sequence control data */
#define IEEE80211_QOS_HAS_SEQ(wh) \
(((wh)->i_fc[0] & \
(IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_QOS)) == \
(IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS))
#define IEEE80211_ADDR_LEN 6 /* size of 802.11 address */
#define IEEE80211_FC0_TYPE_MASK 0x0c
#define IEEE80211_FC0_TYPE_DATA 0x08
#define IEEE80211_FC1_DIR_MASK 0x03
#define IEEE80211_FC1_DIR_DSTODS 0x03 /* AP ->AP */
#define IEEE80211_FC0_SUBTYPE_MASK 0xf0
#define IEEE80211_FC0_SUBTYPE_QOS 0x80
struct ieee80211_frame
{
u_int8_t i_fc[2];
u_int8_t i_dur[2];
u_int8_t i_addr1[ETHER_ADDR_LEN];
u_int8_t i_addr2[ETHER_ADDR_LEN];
u_int8_t i_addr3[ETHER_ADDR_LEN];
u_int8_t i_seq[2];
/* possibly followed by addr4[ETHER_ADDR_LEN]; */
};
/* EOF */
This diff is collapsed.
/*
* main.h by xenion -- 2008-05-05 -- v.50ea4697a08b7fa64400295ae63b67a1
*
* Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit>
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
/* const */
#define DEFAULT_OUTDIR "."
#define RTP_SEQWINDOW 200
#define RTP_TSWINDOW (500 * RTP_STREAM_PATTERN_PKTS)
#define RTP_STREAM_PATTERN_PKTS 5
// se un pkt sta nel buffer un tempo > di PKT_TIMEOUT, viene flushato
// se non arrivano pkt per un tempo > di PKT_TIMEOUT, la sessione viene
// considerata conclusa.
#define PKT_TIMEOUT 10.0
#define RTP_STREAM_PATTERN_TIMEOUT 0.25
/* types */
typedef struct
{
int verbose;
char *rxfile;
char *iface;
char *outdir;
int dllength;
int fill_gaps;
int rtp_hdr_pt;
int udp_hdr_even_dst_port;
int udp_hdr_unpriv_ports;
char *mypcap_filter;
float timeout_pkt;
float timeout_pattern;
int pattern_pkts;
int rtp_payload_length;
int dump_noise;
char *user;
int daemonize;
int promisc;
int syslog;
int stdout;
int dump_raw;
int dump_pcap;
}
OPT;
typedef struct
{
struct pcap_pkt pcap;
u_int32_t len; // length of udp payload (rtp header, extension and codec data).
u_int32_t hdroff; // offset to reach the first udp byte, the rtp header.
struct
{
u_int32_t off;
u_int32_t len;
}
payload;
}
pktrtp_t;
struct rtpbuf_entry
{
pktrtp_t pktrtp;
LIST_ENTRY(rtpbuf_entry) l;
};
LIST_HEAD(rtpbuf_head, rtpbuf_entry);
typedef struct
{
#define ADDRS_TYPE_UNKNOWN 0
#define ADDRS_TYPE_IP 1
#define ADDRS_TYPE_TCP 2
#define ADDRS_TYPE_UDP 3
int type;
u_int32_t srcaddr;
u_int32_t dstaddr;
u_int16_t srcport;
u_int16_t dstport;
}
addrs_t;
struct rtp_stream_entry
{
int fid;
int id;
pcap_dumper_t *pdump;
pcap_dumper_t *noise;
FILE *f;
FILE *raw;
addrs_t addrs;
u_int32_t ssrc;
u_int32_t max_ts_seen; // max last timestamp seen
u_int16_t max_seq_seen; // max last sequence seen
u_int16_t last_seq_flhd; // last sequence flushed
struct rtpbuf_head pkts; // buffered rtp packets
struct timeval last_pkt;
struct timeval first_pkt;
u_int32_t pktcount_flhd;
u_int32_t pktcount_inbuf;
u_int32_t pktcount_lost;
int pattern_found;
int payload_type;
u_int32_t last_payload_length;
int payload_length_fixed;
LIST_ENTRY(rtp_stream_entry) l; // list link
struct rtp_stream_entry *rev;
};
LIST_HEAD(rtp_streams_head, rtp_stream_entry);
struct rtp_streams_list
{
u_int32_t max_id;
int32_t nclosed; // pattern not found and closed
int32_t closed; // pattern found and closed
int32_t active; // active and pattern found
u_int32_t pktcount_lost;
u_int32_t pktcount_noise;
u_int32_t pktcount;
struct rtp_streams_head list;
};
/* EOF */
/*
* net.c by xenion -- 2008-05-05 -- v.0e2f795ca3b9af8bf863598b0a729ec4
*
* Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit>
*
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
*/
#include <libnet.h>
#include <pcap.h>
#include "bpf.h"
#include "common.h"
#include "net.h"
/* macros */
#define CASE(x,y) { case (x): return y; break; }
/*******************************************/
int
sizeof_datalink(pcap_t * p)
{
int dtl;
if ((dtl = pcap_datalink(p)) < 0)
FATAL("pcap_datalink(): %s", pcap_geterr(p));
switch (dtl)
{
CASE(AP_DLT_NULL, 4);
CASE(AP_DLT_EN10MB, 14);
CASE(AP_DLT_EN3MB, 14);
CASE(AP_DLT_AX25, -1);
CASE(AP_DLT_PRONET, -1);
CASE(AP_DLT_CHAOS, -1);
CASE(AP_DLT_IEEE802, 22);
CASE(AP_DLT_ARCNET, -1);
#if defined (__FreeBSD__) || defined (__OpenBSD__) || defined (__NetBSD__) || defined (__BSDI__)
CASE(AP_DLT_SLIP, 16);
#else
CASE(AP_DLT_SLIP, 24);
#endif
#if defined (__FreeBSD__) || defined (__OpenBSD__) || defined (__NetBSD__)
CASE(AP_DLT_PPP, 4);
#elif defined (__sun)
CASE(AP_DLT_PPP, 8);
#else
CASE(AP_DLT_PPP, 24);
#endif
CASE(AP_DLT_FDDI, 21);
CASE(AP_DLT_ATM_RFC1483, 8);
CASE(AP_DLT_LOOP, 4); /* according to OpenBSD DLT_LOOP */
CASE(AP_DLT_RAW, 0);
CASE(AP_DLT_SLIP_BSDOS, 16);
CASE(AP_DLT_PPP_BSDOS, 4);
CASE(AP_DLT_ATM_CLIP, -1);
#if defined (__FreeBSD__) || defined (__OpenBSD__) || defined (__NetBSD__)
CASE(AP_DLT_PPP_SERIAL, 4);
CASE(AP_DLT_PPP_ETHER, 4);
#elif defined (__sun)
CASE(AP_DLT_PPP_SERIAL, 8);
CASE(AP_DLT_PPP_ETHER, 8);
#else
CASE(AP_DLT_PPP_SERIAL, 24);
CASE(AP_DLT_PPP_ETHER, 24);
#endif
CASE(AP_DLT_C_HDLC, -1);
CASE(AP_DLT_IEEE802_11, 30);
CASE(AP_DLT_LINUX_SLL, 16);
CASE(AP_DLT_LTALK, -1);
CASE(AP_DLT_ECONET, -1);
CASE(AP_DLT_IPFILTER, -1);
CASE(AP_DLT_PFLOG, -1);
CASE(AP_DLT_CISCO_IOS, -1);
CASE(AP_DLT_PRISM_HEADER, -1);
CASE(AP_DLT_AIRONET_HEADER, -1);
default:
FATAL("unknown datalink type DTL_?=%d", dtl);
break;
}
return 0;
}
void
add_pcap_filter(pcap_t *p, char *s)
{
struct bpf_program bpf_filter;
if (!s)
{
LOG(1,1," ! The pcap filter is NULL, ignored");
return;
}
// LOG(1,1," * Adding pcap_filter: '%s'", s);
if (pcap_compile(p, &bpf_filter, s, 0, 0) < 0)
FATAL("pcap_compile(): %s", pcap_geterr(p));
if (pcap_setfilter(p, &bpf_filter) < 0)