~ubuntu-branches/debian/stretch/libnet-pcap-perl/stretch

Viewing changes to .pc/spelling-errors.patch/Pcap.pm

Committer: Package Import Robot
Author(s): Xavier Guimard, Ansgar Burchardt, Salvatore Bonaccorso, Xavier Guimard, gregor herrmann
Date: 2013-05-25 08:23:59 UTC
mfrom: (1.1.2)
Revision ID: package-import@ubuntu.com-20130525082359-h5kkcwrj29km57v3

Tags: 0.17-1

http://bugs.debian.org/633414

[ Ansgar Burchardt ]
* debian/control: Convert Vcs-* fields to Git.

[ Salvatore Bonaccorso ]
* Change search.cpan.org based URIs to metacpan.org based URIs

[ Xavier Guimard ]
* Imported Upstream version 0.17
* Update debian/copyright (years and format)
* Bump Standards-Version to 3.9.4
* Bump debhelper compatibility to 9 to get hardening flags
* Remove safe_signals patch now included in upstream
* Add spelling patch (reported to RT)
* Refresh ccflags patch

[ gregor herrmann ]
* Add a patch to make Makefile.PL die if libpcap isn't found.
(Closes: #633414)

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/fail-without-libpcap.patch

.pc/fail-without-libpcap.patch/Makefile.PL

.pc/spelling-errors.patch

.pc/spelling-errors.patch/Pcap.pm

META.json

debian/patches/fail-without-libpcap.patch

debian/patches/spelling-errors.patch

files removed:
.pc/safe_signals.patch

.pc/safe_signals.patch/Pcap.xs

debian/patches/safe_signals.patch

files modified:
.pc/0001-Append-CCFLAGS-to-Config-ccflags-instead-of-overridi.patch/Makefile.PL

.pc/applied-patches

Changes

MANIFEST

META.yml

Makefile.PL

Pcap.pm

Pcap.xs

README

bin/pcapinfo

debian/changelog

debian/compat

debian/control

debian/copyright

debian/patches/0001-Append-CCFLAGS-to-Config-ccflags-instead-of-overridi.patch

debian/patches/series

debian/watch

eg/pcapdump

ppport.h

t/00-load.t

t/01-api.t

t/03-openlive.t

t/08-filter.t

t/17-lib_version.t

t/distchk.t

t/pod.t

t/podcover.t

t/podspell.t

t/portfs.t

Show diffs side-by-side

added added

removed removed

.pc/spelling-errors.patch/Pcap.pm

# Pcap.pm

# An interface to the LBL pcap(3) library. This module simply

# bootstraps the extensions defined in Pcap.xs

# This program is free software; you can redistribute it and/or modify

# it under the same terms as Perl itself.

package Net::Pcap;

use strict;

use Exporter ();

use Carp;

# functions names

my @func_short_names = qw(

lookupdev findalldevs lookupnet

open_live open_dead open_offline loop breakloop close dispatch

next next_ex compile compile_nopcap setfilter freecode

setnonblock getnonblock

dump_open dump dump_file dump_flush dump_close

datalink set_datalink datalink_name_to_val datalink_val_to_name

datalink_val_to_description

snapshot is_swapped major_version minor_version stats

file fileno get_selectable_fd geterr strerror perror

lib_version createsrcstr parsesrcstr open setbuff setuserbuffer

setmode setmintocopy getevent sendpacket

sendqueue_alloc sendqueue_queue sendqueue_transmit

);

my @func_long_names = map { "pcap_$_" } @func_short_names;

# functions aliases

{

no strict "refs";

for my $func (@func_short_names) {

*{ __PACKAGE__ . "::pcap_$func" } = \&{ __PACKAGE__ . "::" . $func }

}

{

no strict "vars";

$VERSION = '0.17';

@ISA = qw(Exporter);

%EXPORT_TAGS = (

'bpf' => [qw(

BPF_ALIGNMENT BPF_MAJOR_VERSION BPF_MAXBUFSIZE BPF_MAXINSNS

BPF_MEMWORDS BPF_MINBUFSIZE BPF_MINOR_VERSION BPF_RELEASE

)],

'datalink' => [qw(

DLT_AIRONET_HEADER DLT_APPLE_IP_OVER_IEEE1394 DLT_ARCNET

DLT_ARCNET_LINUX DLT_ATM_CLIP DLT_ATM_RFC1483 DLT_AURORA

DLT_AX25 DLT_CHAOS DLT_CHDLC DLT_CISCO_IOS DLT_C_HDLC

DLT_DOCSIS DLT_ECONET DLT_EN10MB DLT_EN3MB DLT_ENC DLT_FDDI

DLT_FRELAY DLT_HHDLC DLT_IBM_SN DLT_IBM_SP DLT_IEEE802

DLT_IEEE802_11 DLT_IEEE802_11_RADIO DLT_IEEE802_11_RADIO_AVS

DLT_IPFILTER DLT_IP_OVER_FC DLT_JUNIPER_ATM1 DLT_JUNIPER_ATM2

DLT_JUNIPER_ES DLT_JUNIPER_GGSN DLT_JUNIPER_MFR DLT_JUNIPER_MLFR

DLT_JUNIPER_MLPPP DLT_JUNIPER_MONITOR DLT_JUNIPER_SERVICES

DLT_LINUX_IRDA DLT_LINUX_SLL DLT_LOOP DLT_LTALK DLT_NULL

DLT_OLD_PFLOG DLT_PCI_EXP DLT_PFLOG DLT_PFSYNC DLT_PPP

DLT_PPP_BSDOS DLT_PPP_ETHER DLT_PPP_SERIAL DLT_PRISM_HEADER

DLT_PRONET DLT_RAW DLT_RIO DLT_SLIP DLT_SLIP_BSDOS DLT_SUNATM

DLT_SYMANTEC_FIREWALL DLT_TZSP DLT_USER0 DLT_USER1 DLT_USER2

DLT_USER3 DLT_USER4 DLT_USER5 DLT_USER6 DLT_USER7 DLT_USER8

DLT_USER9 DLT_USER10 DLT_USER11 DLT_USER12 DLT_USER13

DLT_USER14 DLT_USER15

)],

mode => [qw(

MODE_CAPT MODE_MON MODE_STAT

)],

openflag => [qw(

OPENFLAG_PROMISCUOUS OPENFLAG_DATATX_UDP OPENFLAG_NOCAPTURE_RPCAP

)],

pcap => [qw(

PCAP_ERRBUF_SIZE PCAP_IF_LOOPBACK

PCAP_VERSION_MAJOR PCAP_VERSION_MINOR

)],

rpcap => [qw(

RMTAUTH_NULL RMTAUTH_PWD

)],

sample => [qw(

PCAP_SAMP_NOSAMP PCAP_SAMP_1_EVERY_N PCAP_SAMP_FIRST_AFTER_N_MS

)],

source => [qw(

PCAP_SRC_FILE PCAP_SRC_IFLOCAL PCAP_SRC_IFREMOTE

)],

functions => [qw(

100

lookupdev findalldevs lookupnet

101

open_live open_dead open_offline

102

dump_open dump_close dump_file dump_flush

103

compile compile_nopcap setfilter freecode

104

dispatch next_ex loop breakloop

105

datalink set_datalink datalink_name_to_val

106

datalink_val_to_name datalink_val_to_description

107

snapshot get_selectable_fd

108

stats is_swapped major_version minor_version

109

geterr strerror perror lib_version

110

createsrcstr parsesrcstr

111

setbuff setuserbuffer setmode setmintocopy getevent sendpacket

112

sendqueue_alloc sendqueue_queue sendqueue_transmit

113

)],

114

);

115

116

@EXPORT = (

117

@{$EXPORT_TAGS{pcap}},

118

@{$EXPORT_TAGS{datalink}},

119

@func_long_names,

120

"UNSAFE_SIGNALS",

121

);

122

123

@EXPORT_OK = (

124

@{$EXPORT_TAGS{functions}},

125

@{$EXPORT_TAGS{mode}},

126

@{$EXPORT_TAGS{openflag}},

127

@{$EXPORT_TAGS{bpf}},

128

);

129

130

eval {

131

require XSLoader;

132

XSLoader::load('Net::Pcap', $VERSION);

133

134

} or do {

135

require DynaLoader;

136

push @ISA, 'DynaLoader';

137

bootstrap Net::Pcap $VERSION;

138

};

139

}

140

141

142

sub AUTOLOAD {

143

# This AUTOLOAD is used to 'autoload' constants from the constant()

144

# XS function.

145

146

no strict "vars";

147

my $constname;

148

($constname = $AUTOLOAD) =~ s/.*:://;

149

return if $constname eq "DESTROY";

150

croak "Net::Pcap::constant() not defined" if $constname eq 'constant';

151

my ($error, $val) = constant($constname);

152

if ($error) { croak $error; }

153

154

{

155

no strict "refs";

156

# Fixed between 5.005_53 and 5.005_61

157

#XXX if ($] >= 5.00561) {

158

#XXX *$AUTOLOAD = sub () { $val };

159

#XXX } else {

160

*$AUTOLOAD = sub { $val };

161

#XXX }

162

}

163

goto &$AUTOLOAD;

164

}

165

166

167

# pseudo-bloc to enable immediate (unsafe) signals delivery

168

sub UNSAFE_SIGNALS (&) {

169

$_[0]->();

170

}

171

172

173

# Perl wrapper for DWIM

174

sub findalldevs {

175

croak "Usage: pcap_findalldevs(devinfo, err)"

176

unless @_ and @_ <= 2 and ref $_[0];

177

178

# findalldevs(\$err), legacy from Marco Carnut 0.05

179

my %devinfo = ();

180

( ref $_[0] eq 'SCALAR' and return findalldevs_xs(\%devinfo, $_[0]) )

181

or croak "arg1 not a scalar ref"

182

if @_ == 1;

183

184

# findalldevs(\$err, \%devinfo), legacy from Jean-Louis Morel 0.04.02

185

ref $_[0] eq 'SCALAR' and (

186

( ref $_[1] eq 'HASH' and return findalldevs_xs($_[1], $_[0]) )

187

or croak "arg2 not a hash ref"

188

);

189

190

# findalldevs(\%devinfo, \$err), new, correct syntax, consistent with libpcap(3)

191

ref $_[0] eq 'HASH' and (

192

( ref $_[1] eq 'SCALAR' and return findalldevs_xs($_[0], $_[1]) )

193

or croak "arg2 not a scalar ref"

194

);

195

196

# if here, the function was called with incorrect arguments

197

ref $_[0] ne 'HASH' and croak "arg1 not a hash ref";

198

}

199

200

201

202

203

__END__

204

205

=head1 NAME

206

207

Net::Pcap - Interface to pcap(3) LBL packet capture library

208

209

=head1 VERSION

210

211

Version 0.17

212

213

=head1 SYNOPSIS

214

215

use Net::Pcap;

216

217

my $err = '';

218

my $dev = pcap_lookupdev(\$err); # find a device

219

220

# open the device for live listening

221

my $pcap = pcap_open_live($dev, 1024, 1, 0, \$err);

222

223

# loop over next 10 packets

224

pcap_loop($pcap, 10, \&process_packet, "just for the demo");

225

226

# close the device

227

pcap_close($pcap);

228

229

sub process_packet {

230

my ($user_data, $header, $packet) = @_;

231

# do something ...

232

}

233

234

235

=head1 DESCRIPTION

236

237

C<Net::Pcap> is a Perl binding to the LBL pcap(3) library and its

238

Win32 counterpart, the WinPcap library. Pcap (packet capture) is

239

a portable API to capture network packet: it allows applications

240

to capture packets at link-layer, bypassing the normal protocol

241

stack. It also provides features like kernel-level packet filtering

242

and access to internal statistics.

243

244

Common applications include network statistics collection,

245

security monitoring, network debugging, etc.

246

247

248

=head1 NOTES

249

250

=head2 Signals handling

251

252

Since version 5.7.3, Perl uses a mechanism called "deferred signals"

253

to delay signals delivery until "safe" points in the interpreter.

254

See L<perlipc/"Deferred Signals (Safe Signals)"> for a detailled

255

explanation.

256

257

Since C<Net::Pcap> version 0.08, released in October 2005, the module

258

modified the internal variable C<PL_signals> to re-enable immediate

259

signals delivery in Perl 5.8 and later within some XS functions

260

(CPAN-RT #6320). However, it can create situations where the Perl

261

interpreter is less stable and can crash (CPAN-RT #43308). Therefore,

262

as of version 0.17, C<Net::Pcap> no longer modifies C<PL_signals> by

263

itself, but provides facilities so the user has full control of how

264

signals are delivered.

265

266

First, there C<pcap_perl_settings()> function allows to select how

267

signals are handled:

268

269

pcap_perl_settings(PERL_SIGNALS_UNSAFE);

270

pcap_loop($pcap, 10, \&process_packet, "");

271

pcap_perl_settings(PERL_SIGNALS_SAFE);

272

273

Then, to easily make code interruptable, C<Net::Pcap> provides the

274

C<UNSAFE_SIGNALS> pseudo-bloc:

275

276

UNSAFE_SIGNALS {

277

pcap_loop($pcap, 10, \&process_packet, "");

278

};

279

280

(Stolen from Rafael Garcia-Suarez's C<Perl::Unsafe::Signals>)

281

282

283

=head1 EXPORTS

284

285

C<Net::Pcap> supports the following C<Exporter> tags:

286

287

=over

288

289

=item *

290

291

C<:bpf> exports a few BPF related constants:

292

293

BPF_ALIGNMENT BPF_MAJOR_VERSION BPF_MAXBUFSIZE BPF_MAXINSNS

294

BPF_MEMWORDS BPF_MINBUFSIZE BPF_MINOR_VERSION BPF_RELEASE

295

296

=item *

297

298

C<:datalink> exports the data link types macros:

299

300

DLT_AIRONET_HEADER DLT_APPLE_IP_OVER_IEEE1394 DLT_ARCNET

301

DLT_ARCNET_LINUX DLT_ATM_CLIP DLT_ATM_RFC1483 DLT_AURORA

302

DLT_AX25 DLT_CHAOS DLT_CHDLC DLT_CISCO_IOS DLT_C_HDLC

303

DLT_DOCSIS DLT_ECONET DLT_EN10MB DLT_EN3MB DLT_ENC DLT_FDDI

304

DLT_FRELAY DLT_HHDLC DLT_IBM_SN DLT_IBM_SP DLT_IEEE802

305

DLT_IEEE802_11 DLT_IEEE802_11_RADIO DLT_IEEE802_11_RADIO_AVS

306

DLT_IPFILTER DLT_IP_OVER_FC DLT_JUNIPER_ATM1 DLT_JUNIPER_ATM2

307

DLT_JUNIPER_ES DLT_JUNIPER_GGSN DLT_JUNIPER_MFR DLT_JUNIPER_MLFR

308

DLT_JUNIPER_MLPPP DLT_JUNIPER_MONITOR DLT_JUNIPER_SERVICES

309

DLT_LINUX_IRDA DLT_LINUX_SLL DLT_LOOP DLT_LTALK DLT_NULL

310

DLT_OLD_PFLOG DLT_PCI_EXP DLT_PFLOG DLT_PFSYNC DLT_PPP

311

DLT_PPP_BSDOS DLT_PPP_ETHER DLT_PPP_SERIAL DLT_PRISM_HEADER

312

DLT_PRONET DLT_RAW DLT_RIO DLT_SLIP DLT_SLIP_BSDOS DLT_SUNATM

313

DLT_SYMANTEC_FIREWALL DLT_TZSP DLT_USER0 DLT_USER1 DLT_USER2

314

DLT_USER3 DLT_USER4 DLT_USER5 DLT_USER6 DLT_USER7 DLT_USER8

315

DLT_USER9 DLT_USER10 DLT_USER11 DLT_USER12 DLT_USER13

316

DLT_USER14 DLT_USER15

317

318

=item *

319

320

C<:pcap> exports the following C<pcap> constants:

321

322

PCAP_ERRBUF_SIZE PCAP_IF_LOOPBACK

323

PCAP_VERSION_MAJOR PCAP_VERSION_MINOR

324

325

=item *

326

327

C<:mode> exports the following constants:

328

329

MODE_CAPT MODE_MON MODE_STAT

330

331

=item *

332

333

C<:openflag> exports the following constants:

334

335

OPENFLAG_PROMISCUOUS OPENFLAG_DATATX_UDP OPENFLAG_NOCAPTURE_RPCAP

336

337

=item *

338

339

C<:source> exports the following constants:

340

341

PCAP_SRC_FILE PCAP_SRC_IFLOCAL PCAP_SRC_IFREMOTE

342

343

=item *

344

345

C<:sample> exports the following constants:

346

347

PCAP_SAMP_NOSAMP PCAP_SAMP_1_EVERY_N PCAP_SAMP_FIRST_AFTER_N_MS

348

349

=item *

350

351

C<:rpcap> exports the following constants:

352

353

RMTAUTH_NULL RMTAUTH_PWD

354

355

=item *

356

357

C<:functions> short names of the functions (without the C<"pcap_"> prefix)

358

for those which would not cause a clash with an already defined name.

359

Namely, the following functions are not available in short form:

360

C<open()>, C<close()>, C<next()>, C<dump()>, C<file()>, C<fileno()>.

361

Using these short names is now discouraged, and may be removed in the future.

362

363

=back

364

365

By default, this module exports the symbols from the C<:datalink> and

366

C<:pcap> tags, and all the functions, with the same names as the C library.

367

368

369

=head1 FUNCTIONS

370

371

All functions defined by C<Net::Pcap> are direct mappings to the

372

libpcap functions. Consult the pcap(3) documentation and source code

373

for more information.

374

375

Arguments that change a parameter, for example C<pcap_lookupdev()>,

376

are passed that parameter as a reference. This is to retain

377

compatibility with previous versions of C<Net::Pcap>.

378

379

=head2 Lookup functions

380

381

=over

382

383

=item B<pcap_lookupdev(\$err)>

384

385

Returns the name of a network device that can be used with

386

C<pcap_open_live()> function. On error, the C<$err> parameter

387

is filled with an appropriate error message else it is undefined.

388

389

B<Example>

390

391

$dev = pcap_lookupdev();

392

393

394

=item B<pcap_findalldevs(\%devinfo, \$err)>

395

396

Returns a list of all network device names that can be used with

397

C<pcap_open_live()> function. On error, the C<$err> parameter

398

is filled with an appropriate error message else it is undefined.

399

400

B<Example>

401

402

@devs = pcap_findalldevs(\%devinfo, \$err);

403

for my $dev (@devs) {

404

print "$dev : $devinfo{$dev}\n"

405

}

406

407

=over

408

409

=item B<Note>

410

411

For backward compatibility reasons, this function can also

412

be called using the following signatures:

413

414

@devs = pcap_findalldevs(\$err);

415

416

@devs = pcap_findalldevs(\$err, \%devinfo);

417

418

The first form was introduced by Marco Carnut in C<Net::Pcap> version 0.05

419

and kept intact in versions 0.06 and 0.07.

420

The second form was introduced by Jean-Louis Morel for the Windows only,

421

ActivePerl port of C<Net::Pcap>, in versions 0.04.01 and 0.04.02.

422

423

The new syntax has been introduced for consistency with the rest of the Perl

424

API and the C API of C<libpcap(3)>, where C<$err> is always the last argument.

425

426

=back

427

428

429

=item B<pcap_lookupnet($dev, \$net, \$mask, \$err)>

430

431

Determine the network number and netmask for the device specified in

432

C<$dev>. The function returns 0 on success and sets the C<$net> and

433

C<$mask> parameters with values. On failure it returns -1 and the

434

C<$err> parameter is filled with an appropriate error message.

435

436

=back

437

438

=head2 Packet capture functions

439

440

=over

441

442

=item B<pcap_open_live($dev, $snaplen, $promisc, $to_ms, \$err)>

443

444

Returns a packet capture descriptor for looking at packets on the

445

network. The C<$dev> parameter specifies which network interface to

446

capture packets from. The C<$snaplen> and C<$promisc> parameters specify

447

the maximum number of bytes to capture from each packet, and whether

448

to put the interface into promiscuous mode, respectively. The C<$to_ms>

449

parameter specifies a read timeout in milliseconds. The packet descriptor

450

will be undefined if an error occurs, and the C<$err> parameter will be

451

set with an appropriate error message.

452

453

B<Example>

454

455

$dev = pcap_lookupdev();

456

$pcap = pcap_open_live($dev, 1024, 1, 0, \$err)

457

or die "Can't open device $dev: $err\n";

458

459

460

=item B<pcap_open_dead($linktype, $snaplen)>

461

462

Creates and returns a new packet descriptor to use when calling the other

463

functions in C<libpcap>. It is typically used when just using C<libpcap>

464

for compiling BPF code.

465

466

B<Example>

467

468

$pcap = pcap_open_dead(0, 1024);

469

470

471

=item B<pcap_open_offline($filename, \$err)>

472

473

Return a packet capture descriptor to read from a previously created

474

"savefile". The returned descriptor is undefined if there was an

475

error and in this case the C<$err> parameter will be filled. Savefiles

476

are created using the C<pcap_dump_*> commands.

477

478

B<Example>

479

480

$pcap = pcap_open_offline($dump, \$err)

481

or die "Can't read '$dump': $err\n";

482

483

484

=item B<pcap_loop($pcap, $count, \&callback, $user_data)>

485

486

Read C<$count> packets from the packet capture descriptor C<$pcap> and call

487

the perl function C<&callback> with an argument of C<$user_data>.

488

If C<$count> is negative, then the function loops forever or until an error

489

occurs. Returns 0 if C<$count> is exhausted, -1 on error, and -2 if the

490

loop terminated due to a call to pcap_breakloop() before any packets were

491

processed.

492

493

The callback function is also passed packet header information and

494

packet data like so:

495

496

sub process_packet {

497

my ($user_data, $header, $packet) = @_;

498

499

...

500

}

501

502

The header information is a reference to a hash containing the

503

following fields.

504

505

=over

506

507

=item *

508

509

C<len> - the total length of the packet.

510

511

=item *

512

513

C<caplen> - the actual captured length of the packet data. This corresponds

514

to the snapshot length parameter passed to C<open_live()>.

515

516

=item *

517

518

C<tv_sec> - seconds value of the packet timestamp.

519

520

=item *

521

522

C<tv_usec> - microseconds value of the packet timestamp.

523

524

=back

525

526

B<Example>

527

528

pcap_loop($pcap, 10, \&process_packet, "user data");

529

530

sub process_packet {

531

my ($user_data, $header, $packet) = @_;

532

# ...

533

}

534

535

536

=item B<pcap_breakloop($pcap)>

537

538

Sets a flag that will force C<pcap_dispatch()> or C<pcap_loop()>

539

to return rather than looping; they will return the number of packets that

540

have been processed so far, or -2 if no packets have been processed so far.

541

542

This routine is safe to use inside a signal handler on UNIX or a console

543

control handler on Windows, as it merely sets a flag that is checked within

544

the loop.

545

546

Please see the section on C<pcap_breakloop()> in L<pcap(3)> for more

547

information.

548

549

550

=item B<pcap_close($pcap)>

551

552

Close the packet capture device associated with the descriptor C<$pcap>.

553

554

555

=item B<pcap_dispatch($pcap, $count, \&callback, $user_data)>

556

557

Collect C<$count> packets and process them with callback function

558

C<&callback>. if C<$count> is -1, all packets currently buffered are

559

processed. If C<$count> is 0, process all packets until an error occurs.

560

561

562

=item B<pcap_next($pcap, \%header)>

563

564

Return the next available packet on the interface associated with

565

packet descriptor C<$pcap>. Into the C<%header> hash is stored the received

566

packet header. If not packet is available, the return value and

567

header is undefined.

568

569

570

=item B<pcap_next_ex($pcap, \%header, \$packet)>

571

572

Reads the next available packet on the interface associated with packet

573

descriptor C<$pcap>, stores its header in C<\%header> and its data in

574

C<\$packet> and returns a success/failure indication:

575

576

=over

577

578

=item *

579

580

C<1> means that the packet was read without problems;

581

582

=item *

583

584

C<0> means that packets are being read from a live capture, and the

585

timeout expired;

586

587

=item *

588

589

C<-1> means that an error occurred while reading the packet;

590

591

=item *

592

593

C<-2> packets are being read from a dump file, and there are no more

594

packets to read from the savefile.

595

596

=back

597

598

599

=item B<pcap_compile($pcap, \$filter, $filter_str, $optimize, $netmask)>

600

601

Compile the filter string contained in C<$filter_str> and store it in

602

C<$filter>. A description of the filter language can be found in the

603

libpcap source code, or the manual page for tcpdump(8) . The filter

604

is optimized if the C<$optimize> variable is true. The netmask of the

605

network device must be specified in the C<$netmask> parameter. The

606

function returns 0 if the compilation was successful, or -1 if there

607

was a problem.

608

609

610

=item B<pcap_compile_nopcap($snaplen, $linktype, \$filter, $filter_str, $optimize, $netmask)>

611

612

Similar to C<compile()> except that instead of passing a C<$pcap> descriptor,

613

one passes C<$snaplen> and C<$linktype> directly. Returns -1 if there was an

614

error, but the error message is not available.

615

616

617

=item B<pcap_setfilter($pcap, $filter)>

618

619

Associate the compiled filter stored in C<$filter> with the packet

620

capture descriptor C<$pcap>.

621

622

623

=item B<pcap_freecode($filter)>

624

625

Used to free the allocated memory used by a compiled filter, as created

626

by C<pcap_compile()>.

627

628

629

=item B<pcap_setnonblock($pcap, $mode, \$err)>

630

631

Set the I<non-blocking> mode of a live capture descriptor, depending on the

632

value of C<$mode> (zero to activate and non-zero to deactivate). It has no

633

effect on offline descriptors. If there is an error, it returns -1 and sets

634

C<$err>.

635

636

In non-blocking mode, an attempt to read from the capture descriptor with

637

C<pcap_dispatch()> will, if no packets are currently available to be read,

638

return 0 immediately rather than blocking waiting for packets to arrive.

639

C<pcap_loop()> and C<pcap_next()> will not work in non-blocking mode.

640

641

642

=item B<pcap_getnonblock($pcap, \$err)>

643

644

Returns the I<non-blocking> state of the capture descriptor C<$pcap>.

645

Always returns 0 on savefiles. If there is an error, it returns -1 and

646

sets C<$err>.

647

648

=back

649

650

=head2 Savefile commands

651

652

=over

653

654

=item B<pcap_dump_open($pcap, $filename)>

655

656

Open a savefile for writing and return a descriptor for doing so. If

657

C<$filename> is C<"-"> data is written to standard output. On error, the

658

return value is undefined and C<pcap_geterr()> can be used to

659

retrieve the error text.

660

661

662

=item B<pcap_dump($dumper, \%header, $packet)>

663

664

Dump the packet described by header C<%header> and packet data C<$packet>

665

to the savefile associated with C<$dumper>. The packet header has the

666

same format as that passed to the C<pcap_loop()> callback.

667

668

B<Example>

669

670

my $dump_file = 'network.dmp';

671

my $dev = pcap_lookupdev();

672

my $pcap = pcap_open_live($dev, 1024, 1, 0, \$err);

673

674

my $dumper = pcap_dump_open($pcap, $dump_file);

675

pcap_loop($pcap, 10, \&process_packet, '');

676

pcap_dump_close($dumper);

677

678

sub process_packet {

679

my ($user_data, $header, $packet) = @_;

680

pcap_dump($dumper, $header, $packet);

681

}

682

683

684

=item B<pcap_dump_file($dumper)>

685

686

Returns the filehandle associated with a savefile opened with

687

C<pcap_dump_open()>.

688

689

690

=item B<pcap_dump_flush($dumper)>

691

692

Flushes the output buffer to the corresponding save file, so that any

693

packets written with C<pcap_dump()> but not yet written to the save

694

file will be written. Returns -1 on error, 0 on success.

695

696

697

=item B<pcap_dump_close($dumper)>

698

699

Close the savefile associated with the descriptor C<$dumper>.

700

701

=back

702

703

=head2 Status functions

704

705

=over

706

707

708

=item B<pcap_datalink($pcap)>

709

710

Returns the link layer type associated with the given pcap descriptor.

711

712

B<Example>

713

714

$linktype = pcap_datalink($pcap);

715

716

717

=item B<pcap_set_datalink($pcap, $linktype)>

718

719

Sets the data link type of the given pcap descriptor to the type specified

720

by C<$linktype>. Returns -1 on failure.

721

722

723

=item B<pcap_datalink_name_to_val($name)>

724

725

Translates a data link type name, which is a C<DLT_> name with the C<DLT_>

726

part removed, to the corresponding data link type value. The translation is

727

case-insensitive. Returns -1 on failure.

728

729

B<Example>

730

731

$linktype = pcap_datalink_name_to_val('LTalk'); # returns DLT_LTALK

732

733

734

=item B<pcap_datalink_val_to_name($linktype)>

735

736

Translates a data link type value to the corresponding data link type name.

737

738

B<Example>

739

740

$name = pcap_datalink_val_to_name(DLT_LTALK); # returns 'LTALK'

741

742

743

=item B<pcap_datalink_val_to_description($linktype)>

744

745

Translates a data link type value to a short description of that data link type.

746

747

B<Example>

748

749

$descr = pcap_datalink_val_to_description(DLT_LTALK); # returns 'Localtalk'

750

751

752

=item B<pcap_snapshot($pcap)>

753

754

Returns the snapshot length (snaplen) specified in the call to

755

C<pcap_open_live()>.

756

757

758

=item B<pcap_is_swapped($pcap)>

759

760

This function returns true if the endianness of the currently open

761

savefile is different from the endianness of the machine.

762

763

764

=item B<pcap_major_version($pcap)>

765

766

Return the major version number of the pcap library used to write the

767

currently open savefile.

768

769

770

=item B<pcap_minor_version($pcap)>

771

772

Return the minor version of the pcap library used to write the

773

currently open savefile.

774

775

776

=item B<pcap_stats($pcap, \%stats)>

777

778

Returns a hash containing information about the status of packet

779

capture device C<$pcap>. The hash contains the following fields.

780

781

This function is supported only on live captures, not on savefiles;

782

no statistics are stored in savefiles, so no statistics are available

783

when reading from a savefile.

784

785

=over

786

787

=item *

788

789

C<ps_recv> - the number of packets received by the packet capture software.

790

791

=item *

792

793

C<ps_drop> - the number of packets dropped by the packet capture software.

794

795

=item *

796

797

C<ps_ifdrop> - the number of packets dropped by the network interface.

798

799

=back

800

801

802

=item B<pcap_file($pcap)>

803

804

Returns the filehandle associated with a savefile opened with

805

C<pcap_open_offline()> or C<undef> if the device was opened

806

with C<pcap_open_live()>.

807

808

809

=item B<pcap_fileno($pcap)>

810

811

Returns the file number of the network device opened with C<pcap_open_live()>.

812

813

814

=item B<pcap_get_selectable_fd($pcap)>

815

816

Returns, on Unix, a file descriptor number for a file descriptor on which

817

one can do a C<select()> or C<poll()> to wait for it to be possible to read

818

packets without blocking, if such a descriptor exists, or -1, if no such

819

descriptor exists. Some network devices opened with C<pcap_open_live()>

820

do not support C<select()> or C<poll()>, so -1 is returned for those devices.

821

See L<pcap(3)> for more details.

822

823

=back

824

825

=head2 Error handling

826

827

=over

828

829

=item B<pcap_geterr($pcap)>

830

831

Returns an error message for the last error associated with the packet

832

capture device C<$pcap>.

833

834

835

=item B<pcap_strerror($errno)>

836

837

Returns a string describing error number C<$errno>.

838

839

840

=item B<pcap_perror($pcap, $prefix)>

841

842

Prints the text of the last error associated with descriptor C<$pcap> on

843

standard error, prefixed by C<$prefix>.

844

845

=back

846

847

=head2 Information

848

849

=over

850

851

=item B<pcap_lib_version()>

852

853

Returns the name and version of the C<pcap> library the module was linked

854

against.

855

856

=back

857

858

=head2 Perl specific functions

859

860

The following functions are specific to the Perl binding of libpcap.

861

862

=over

863

864

=item B<pcap_perl_settings($setting)>

865

866

Modify internal behaviour of the Perl interpreter.

867

868

=over

869

870

=item *

871

872

C<PERL_SIGNALS_SAFE>, C<PERL_SIGNALS_UNSAFE> respectively enable safe

873

or unsafe signals delivery. Returns the previous value of C<PL_signals>.

874

See L<"Signals handling">.

875

876

B<Example:>

877

878

local $SIG{ALRM} = sub { pcap_breakloop() };

879

alarm 60;

880

881

pcap_perl_settings(PERL_SIGNALS_UNSAFE);

882

pcap_loop($pcap, 10, \&process_packet, "");

883

pcap_perl_settings(PERL_SIGNALS_SAFE);

884

885

=back

886

887

=back

888

889

=head2 WinPcap specific functions

890

891

The following functions are only available with WinPcap, the Win32 port

892

of the Pcap library. If a called function is not available, it will cleanly

893

C<croak()>.

894

895

=over

896

897

=item B<pcap_createsrcstr(\$source, $type, $host, $port, $name, \$err)>

898

899

Accepts a set of strings (host name, port, ...), and stores the complete

900

source string according to the new format (e.g. C<"rpcap://1.2.3.4/eth0">)

901

in C<$source>.

902

903

This function is provided in order to help the user creating the source

904

string according to the new format. An unique source string is used in

905

order to make easy for old applications to use the remote facilities.

906

Think about B<tcpdump(1)>, for example, which has only one way to specify

907

the interface on which the capture has to be started. However, GUI-based

908

programs can find more useful to specify hostname, port and interface name

909

separately. In that case, they can use this function to create the source

910

string before passing it to the C<pcap_open()> function.

911

912

Returns 0 if everything is fine, -1 if some errors occurred. The string

913

containing the complete source is returned in the C<$source> variable.

914

915

916

=item B<pcap_parsesrcstr($source, \$type, \$host, \$port, \$name, \$err)>

917

918

Parse the source string and stores the pieces in which the source can be split

919

in the corresponding variables.

920

921

This call is the other way round of C<pcap_createsrcstr()>. It accepts a

922

null-terminated string and it returns the parameters related to the source.

923

This includes:

924

925

=over

926

927

=item *

928

929

the type of the source (file, WinPcap on a remote adapter, WinPcap on local

930

adapter), which is determined by the source prefix (C<PCAP_SRC_IF_STRING>

931

and so on);

932

933

=item *

934

935

the host on which the capture has to be started (only for remote captures);

936

937

=item *

938

939

the raw name of the source (file name, name of the remote adapter, name of

940

the local adapter), without the source prefix. The string returned does not

941

include the type of the source itself (i.e. the string returned does not

942

include C<"file://"> or C<"rpcap://"> or such).

943

944

=back

945

946

The user can omit some parameters in case it is not interested in them.

947

948

Returns 0 if everything is fine, -1 if some errors occurred. The requested

949

values (host name, network port, type of the source) are returned into the

950

proper variables passed by reference.

951

952

953

=item B<pcap_open($source, $snaplen, $flags, $read_timeout, \$auth, \$err)>

954

955

Open a generic source in order to capture / send (WinPcap only) traffic.

956

957

The C<pcap_open()> replaces all the C<pcap_open_xxx()> functions with a single

958

call.

959

960

This function hides the differences between the different C<pcap_open_xxx()>

961

functions so that the programmer does not have to manage different opening

962

function. In this way, the I<true> C<open()> function is decided according

963

to the source type, which is included into the source string (in the form of

964

source prefix).

965

966

Returns a pointer to a pcap descriptor which can be used as a parameter to

967

the following calls (C<compile()> and so on) and that specifies an opened

968

WinPcap session. In case of problems, it returns C<undef> and the C<$err>

969

variable keeps the error message.

970

971

972

=item B<pcap_setbuff($pcap, $dim)>

973

974

Sets the size of the kernel buffer associated with an adapter.

975

C<$dim> specifies the size of the buffer in bytes.

976

The return value is 0 when the call succeeds, -1 otherwise.

977

978

If an old buffer was already created with a previous call to

979

C<setbuff()>, it is deleted and its content is discarded.

980

C<open_live()> creates a S<1 MB> buffer by default.

981

982

983

=item B<pcap_setmode($pcap, $mode)>

984

985

Sets the working mode of the interface C<$pcap> to C<$mode>.

986

Valid values for C<$mode> are C<MODE_CAPT> (default capture mode) and

987

C<MODE_STAT> (statistical mode).

988

989

990

=item B<pcap_setmintocopy($pcap_t, $size)>

991

992

Changes the minimum amount of data in the kernel buffer that causes a read

993

from the application to return (unless the timeout expires).

994

995

996

=item B<pcap_getevent($pcap)>

997

998

Returns the C<Win32::Event> object associated with the interface

999

C<$pcap>. Can be used to wait until the driver's buffer contains some

1000

data without performing a read. See L<Win32::Event>.

1001

1002

1003

=item B<pcap_sendpacket($pcap, $packet)>

1004

1005

Send a raw packet to the network. C<$pcap> is the interface that will be

1006

used to send the packet, C<$packet> contains the data of the packet to send

1007

(including the various protocol headers). The MAC CRC doesn't need to be

1008

included, because it is transparently calculated and added by the network

1009

interface driver. The return value is 0 if the packet is successfully sent,

1010

-1 otherwise.

1011

1012

1013

=item B<pcap_sendqueue_alloc($memsize)>

1014

1015

This function allocates and returns a send queue, i.e. a buffer containing

1016

a set of raw packets that will be transmitted on the network with

1017

C<sendqueue_transmit()>.

1018

1019

C<$memsize> is the size, in bytes, of the queue, therefore it determines

1020

the maximum amount of data that the queue will contain. This memory is

1021

automatically deallocated when the queue ceases to exist.

1022

1023

1024

=item B<pcap_sendqueue_queue($queue, \%header, $packet)>

1025

1026

Adds a packet at the end of the send queue pointed by C<$queue>. The packet

1027

header C<%header> has the same format as that passed to the C<loop()>

1028

callback. C<$ackekt> is a buffer with the data of the packet.

1029

1030

The C<%headerr> header structure is the same used by WinPcap and libpcap to

1031

store the packets in a file, therefore sending a capture file is

1032

straightforward. "Raw packet" means that the sending application will have

1033

to include the protocol headers, since every packet is sent to the network

1034

I<as is>. The CRC of the packets needs not to be calculated, because it will

1035

be transparently added by the network interface.

1036

1037

1038

=item B<pcap_sendqueue_transmit($pcap, $queue, $sync)>

1039

1040

This function transmits the content of a queue to the wire. C<$pcapt> is

1041

the interface on which the packets will be sent, C<$queue> is to a

1042

C<send_queue> containing the packets to send, C<$sync> determines if the

1043

send operation must be synchronized: if it is non-zero, the packets are

1044

sent respecting the timestamps, otherwise they are sent as fast as

1045

possible.

1046

1047

The return value is the amount of bytes actually sent. If it is smaller

1048

than the size parameter, an error occurred during the send. The error can

1049

be caused by a driver/adapter problem or by an inconsistent/bogus send

1050

queue.

1051

1052

=back

1053

1054

1055

=head1 CONSTANTS

1056

1057

C<Net::Pcap> exports by default the names of several constants in order to

1058

ease the development of programs. See L</"EXPORTS"> for details about which

1059

constants are exported.

1060

1061

Here are the descriptions of a few data link types. See L<pcap(3)> for a more

1062

complete description and semantics associated with each data link.

1063

1064

=over

1065

1066

=item *

1067

1068

C<DLT_NULL> - BSD loopback encapsulation

1069

1070

=item *

1071

1072

C<DLT_EN10MB> - Ethernet (10Mb, 100Mb, 1000Mb, and up)

1073

1074

=item *

1075

1076

C<DLT_RAW> - raw IP

1077

1078

=item *

1079

1080

C<DLT_IEEE802> - IEEE 802.5 Token Ring

1081

1082

=item *

1083

1084

C<DLT_IEEE802_11> - IEEE 802.11 wireless LAN

1085

1086

=item *

1087

1088

C<DLT_FRELAY> - Frame Relay

1089

1090

=item *

1091

1092

C<DLT_FDDI> - FDDI

1093

1094

=item *

1095

1096

C<DLT_SLIP> - Serial Line IP

1097

1098

=item *

1099

1100

C<DLT_PPP> - PPP (Point-to-point Protocol)

1101

1102

=item *

1103

1104

C<DLT_PPP_SERIAL> - PPP over serial with HDLC encapsulation

1105

1106

=item *

1107

1108

C<DLT_PPP_ETHER> - PPP over Ethernet

1109

1110

=item *

1111

1112

C<DLT_IP_OVER_FC> - RFC 2625 IP-over-Fibre Channel

1113

1114

=item *

1115

1116

C<DLT_AX25> - Amateur Radio AX.25

1117

1118

=item *

1119

1120

C<DLT_LINUX_IRDA> - Linux-IrDA

1121

1122

=item *

1123

1124

C<DLT_LTALK> - Apple LocalTalk

1125

1126

=item *

1127

1128

C<DLT_APPLE_IP_OVER_IEEE1394> - Apple IP-over-IEEE 1394 (a.k.a. Firewire)

1129

1130

=back

1131

1132

1133

=head1 DIAGNOSTICS

1134

1135

=over

1136

1137

=item C<arg%d not a scalar ref>

1138

1139

=item C<arg%d not a hash ref>

1140

1141

=item C<arg%d not a reference>

1142

1143

B<(F)> These errors occur if you forgot to give a reference to a function

1144

which expect one or more of its arguments to be references.

1145

1146

=back

1147

1148

1149

=head1 LIMITATIONS

1150

1151

The following limitations apply to this version of C<Net::Pcap>.

1152

1153

=over

1154

1155

=item *

1156

1157

At present, only one callback function and user data scalar can be

1158

current at any time as they are both stored in global variables.

1159

1160

=back

1161

1162

1163

=head1 BUGS

1164

1165

Please report any bugs or feature requests to

1166

C<bug-Net-Pcap@rt.cpan.org>, or through the web interface at

1167

L<http://rt.cpan.org/Dist/Display.html?Queue=Net-Pcap>.

1168

I will be notified, and then you'll automatically be notified

1169

of progress on your bug as I make changes.

1170

1171

Currently known bugs:

1172

1173

=over

1174

1175

=item *

1176

1177

the C<ps_recv> field is not correctly set; see F<t/07-stats.t>

1178

1179

=item *

1180

1181

C<pcap_file()> seems to always returns C<undef> for live

1182

connection and causes segmentation fault for dump files;

1183

see F<t/10-fileno.t>

1184

1185

=item *

1186

1187

C<pcap_fileno()> is documented to return -1 when called

1188

on save file, but seems to always return an actual file number.

1189

See F<t/10-fileno.t>

1190

1191

1192

=item *

1193

1194

C<pcap_dump_file()> seems to corrupt something somewhere,

1195

and makes scripts dump core. See F<t/05-dump.t>

1196

1197

=back

1198

1199

1200

=head1 EXAMPLES

1201

1202

See the F<eg/> and F<t/> directories of the C<Net::Pcap> distribution

1203

for examples on using this module.

1204

1205

1206

=head1 SEE ALSO

1207

1208

=head2 Perl Modules

1209

1210

L<Net::Pcap::Reassemble> for reassembly of TCP/IP fragments.

1211

1212

L<POE::Component::Pcap> for using C<Net::Pcap> within POE-based programs.

1213

1214

L<Net::Packet> or L<NetPacket> for decoding and creating network packets.

1215

1216

L<Net::Pcap::Easy> is a module which provides an easier, more Perl-ish

1217

API than C<Net::Pcap> and integrates some facilities from L<Net::Netmask>

1218

and C<NetPacket>.

1219

1220

=head2 Base Libraries

1221

1222

L<pcap(3)>, L<tcpdump(8)>

1223

1224

The source code for the C<pcap(3)> library is available from

1225

L<http://www.tcpdump.org/>

1226

1227

The source code and binary for the Win32 version of the pcap library,

1228

WinPcap, is available from L<http://www.winpcap.org/>

1229

1230

=head2 Articles

1231

1232

I<Hacking Linux Exposed: Sniffing with Net::Pcap to stealthily managing iptables

1233

rules remotely>, L<http://www.hackinglinuxexposed.com/articles/20030730.html>

1234

1235

I<PerlMonks node about Net::Pcap>, L<http://perlmonks.org/?node_id=170648>

1236

1237

1238

=head1 AUTHORS

1239

1240

Current maintainer is SE<eacute>bastien Aperghis-Tramoni (SAPER)

1241

E<lt>sebastien@aperghis.netE<gt> with the help of Jean-Louis Morel (JLMOREL)

1242

E<lt>jl_morel@bribes.orgE<gt> for WinPcap support.

1243

1244

Previous authors & maintainers:

1245

1246

=over

1247

1248

=item *

1249

1250

Marco Carnut (KCARNUT) E<lt>kiko@tempest.com.brE<gt>

1251

1252

=item *

1253

1254

Tim Potter (TIMPOTTER) E<lt>tpot@frungy.orgE<gt>

1255

1256

=item *

1257

1258

Bo Adler (BOADLER) E<lt>thumper@alumni.caltech.eduE<gt>

1259

1260

=item *

1261

1262

Peter Lister (PLISTER) E<lt>p.lister@cranfield.ac.ukE<gt>

1263

1264

=back

1265

1266

1267

=head1 ACKNOWLEDGEMENTS

1268

1269

To Paul Johnson for his module C<Devel::Cover> and his patience for

1270

helping me using it with XS code, which revealed very useful for

1271

writing more tests.

1272

1273

To the beta-testers: Jean-Louis Morel, Max Maischen, Philippe Bruhat,

1274

David Morel, Scott Lanning, Rafael Garcia-Suarez, Karl Y. Pradene.

1275

1276

1277

=head1 COPYRIGHT & LICENSE

1278

1279

1280

1281

1282

1283

1284

1285

1286

1287

1288

1289

1290

This program is free software; you can redistribute it and/or modify

1291

it under the same terms as Perl itself.

1292

1293

=cut

Older »