2 * WinPcap-specific interfaces for capturing. We load WinPcap at run
3 * time, so that we only need one Ethereal binary and one Tethereal binary
4 * for Windows, regardless of whether WinPcap is installed or not.
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 2001 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 #include "capture-pcap-util.h"
39 #include "capture-pcap-util-int.h"
41 /* XXX - yes, I know, I should move cppmagic.h to a generic location. */
42 #include "tools/lemon/cppmagic.h"
45 #define MAX_WIN_IF_NAME_LEN 511
48 gboolean has_wpcap = FALSE;
52 static char* (*p_pcap_lookupdev) (char *);
53 static void (*p_pcap_close) (pcap_t *);
54 static int (*p_pcap_stats) (pcap_t *, struct pcap_stat *);
55 static int (*p_pcap_dispatch) (pcap_t *, int, pcap_handler, guchar *);
56 static int (*p_pcap_snapshot) (pcap_t *);
57 static int (*p_pcap_datalink) (pcap_t *);
58 static int (*p_pcap_setfilter) (pcap_t *, struct bpf_program *);
59 static char* (*p_pcap_geterr) (pcap_t *);
60 static int (*p_pcap_compile) (pcap_t *, struct bpf_program *, char *, int,
62 #ifdef WPCAP_CONSTIFIED
63 static int (*p_pcap_lookupnet) (const char *, bpf_u_int32 *, bpf_u_int32 *,
65 static pcap_t* (*p_pcap_open_live) (const char *, int, int, int, char *);
67 static int (*p_pcap_lookupnet) (char *, bpf_u_int32 *, bpf_u_int32 *,
69 static pcap_t* (*p_pcap_open_live) (char *, int, int, int, char *);
71 static int (*p_pcap_loop) (pcap_t *, int, pcap_handler, guchar *);
72 static void (*p_pcap_freecode) (struct bpf_program *);
73 #ifdef HAVE_PCAP_FINDALLDEVS
74 static int (*p_pcap_findalldevs) (pcap_if_t **, char *);
75 static void (*p_pcap_freealldevs) (pcap_if_t *);
77 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
78 static int (*p_pcap_datalink_name_to_val) (const char *);
80 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
81 static const char *(*p_pcap_datalink_val_to_name) (int);
83 static const char *(*p_pcap_lib_version) (void);
84 static int (*p_pcap_setbuff) (pcap_t *, int dim);
85 static int (*p_pcap_next_ex) (pcap_t *, struct pcap_pkthdr **pkt_header, const u_char **pkt_data);
93 #define SYM(x, y) { STRINGIFY(x) , (gpointer) &CONCAT(p_,x), y }
99 /* These are the symbols I need or want from Wpcap */
100 static const symbol_table_t symbols[] = {
101 SYM(pcap_lookupdev, FALSE),
102 SYM(pcap_close, FALSE),
103 SYM(pcap_stats, FALSE),
104 SYM(pcap_dispatch, FALSE),
105 SYM(pcap_snapshot, FALSE),
106 SYM(pcap_datalink, FALSE),
107 SYM(pcap_setfilter, FALSE),
108 SYM(pcap_geterr, FALSE),
109 SYM(pcap_compile, FALSE),
110 SYM(pcap_lookupnet, FALSE),
111 SYM(pcap_open_live, FALSE),
112 SYM(pcap_loop, FALSE),
113 SYM(pcap_freecode, TRUE),
114 #ifdef HAVE_PCAP_FINDALLDEVS
115 SYM(pcap_findalldevs, TRUE),
116 SYM(pcap_freealldevs, TRUE),
118 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
119 SYM(pcap_datalink_name_to_val, TRUE),
121 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
122 SYM(pcap_datalink_val_to_name, TRUE),
124 SYM(pcap_lib_version, TRUE),
125 SYM(pcap_setbuff, TRUE),
126 SYM(pcap_next_ex, TRUE),
127 { NULL, NULL, FALSE }
130 GModule *wh; /* wpcap handle */
131 const symbol_table_t *sym;
133 wh = g_module_open("wpcap", 0);
141 if (!g_module_symbol(wh, sym->name, sym->ptr)) {
144 * We don't care if it's missing; we just
150 * We require this symbol.
163 pcap_lookupdev (char *a)
166 return p_pcap_lookupdev(a);
170 pcap_close(pcap_t *a)
177 pcap_stats(pcap_t *a, struct pcap_stat *b)
180 return p_pcap_stats(a, b);
184 pcap_dispatch(pcap_t *a, int b, pcap_handler c, guchar *d)
187 return p_pcap_dispatch(a, b, c, d);
191 pcap_snapshot(pcap_t *a)
194 return p_pcap_snapshot(a);
198 pcap_datalink(pcap_t *a)
201 return p_pcap_datalink(a);
205 pcap_setfilter(pcap_t *a, struct bpf_program *b)
208 return p_pcap_setfilter(a, b);
212 pcap_geterr(pcap_t *a)
215 return p_pcap_geterr(a);
219 pcap_compile(pcap_t *a, struct bpf_program *b, char *c, int d,
223 return p_pcap_compile(a, b, c, d, e);
227 #ifdef WPCAP_CONSTIFIED
228 pcap_lookupnet(const char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
230 pcap_lookupnet(char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
234 return p_pcap_lookupnet(a, b, c, d);
238 #ifdef WPCAP_CONSTIFIED
239 pcap_open_live(const char *a, int b, int c, int d, char *e)
241 pcap_open_live(char *a, int b, int c, int d, char *e)
245 return p_pcap_open_live(a, b, c, d, e);
249 pcap_loop(pcap_t *a, int b, pcap_handler c, guchar *d)
252 return p_pcap_loop(a, b, c, d);
256 pcap_freecode(struct bpf_program *a)
259 if(p_pcap_freecode) {
264 #ifdef HAVE_PCAP_FINDALLDEVS
266 pcap_findalldevs(pcap_if_t **a, char *b)
268 g_assert(has_wpcap && p_pcap_findalldevs != NULL);
269 return p_pcap_findalldevs(a, b);
273 pcap_freealldevs(pcap_if_t *a)
275 g_assert(has_wpcap && p_pcap_freealldevs != NULL);
276 p_pcap_freealldevs(a);
280 #if defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME)
282 * Table of DLT_ types, names, and descriptions, for use if the version
283 * of WinPcap we have installed lacks "pcap_datalink_name_to_val()"
284 * or "pcap_datalink_val_to_name()".
288 const char *description;
292 #define DLT_CHOICE(code, description) { #code, description, code }
293 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
295 static struct dlt_choice dlt_choices[] = {
296 DLT_CHOICE(DLT_NULL, "BSD loopback"),
297 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
298 DLT_CHOICE(DLT_IEEE802, "Token ring"),
299 DLT_CHOICE(DLT_ARCNET, "ARCNET"),
300 DLT_CHOICE(DLT_SLIP, "SLIP"),
301 DLT_CHOICE(DLT_PPP, "PPP"),
302 DLT_CHOICE(DLT_FDDI, "FDDI"),
303 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
304 DLT_CHOICE(DLT_RAW, "Raw IP"),
305 #ifdef DLT_SLIP_BSDOS
306 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
309 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
312 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
314 #ifdef DLT_PPP_SERIAL
315 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
318 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
321 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
323 #ifdef DLT_IEEE802_11
324 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
327 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
330 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
333 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
336 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
339 DLT_CHOICE(DLT_LTALK, "Localtalk"),
342 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
344 #ifdef DLT_PRISM_HEADER
345 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
347 #ifdef DLT_IP_OVER_FC
348 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
351 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
353 #ifdef DLT_IEEE802_11_RADIO
354 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radio information header"),
356 #ifdef DLT_ARCNET_LINUX
357 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
359 #ifdef DLT_LINUX_IRDA
360 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
362 #ifdef DLT_LINUX_LAPD
363 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
366 DLT_CHOICE(DLT_LANE8023, "Linux 802.3 LANE"),
369 DLT_CHOICE(DLT_CIP, "Linux Classical IP-over-ATM"),
372 DLT_CHOICE(DLT_HDLC, "Cisco HDLC"),
376 #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) */
378 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
380 pcap_datalink_name_to_val(const char *name)
386 if (p_pcap_datalink_name_to_val != NULL)
387 return p_pcap_datalink_name_to_val(name);
390 * We don't have it in WinPcap; do it ourselves.
392 for (i = 0; dlt_choices[i].name != NULL; i++) {
393 if (strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
395 return dlt_choices[i].dlt;
402 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
404 pcap_datalink_val_to_name(int dlt)
410 if (p_pcap_datalink_val_to_name != NULL)
411 return p_pcap_datalink_val_to_name(dlt);
414 * We don't have it in WinPcap; do it ourselves.
416 for (i = 0; dlt_choices[i].name != NULL; i++) {
417 if (dlt_choices[i].dlt == dlt)
418 return dlt_choices[i].name + sizeof("DLT_") - 1;
425 /* setbuff is win32 specific! */
426 int pcap_setbuff(pcap_t *a, int b)
429 return p_pcap_setbuff(a, b);
432 /* pcap_next_ex is available since libpcap 0.8 / WinPcap 3.0! */
433 /* (if you get a declaration warning here, try to update to at least WinPcap 3.1b4 develpack) */
434 int pcap_next_ex (pcap_t *a, struct pcap_pkthdr **b, const u_char **c)
437 return p_pcap_next_ex(a, b, c);
441 * This will use "pcap_findalldevs()" if we have it, otherwise it'll
442 * fall back on "pcap_lookupdev()".
445 get_interface_list(int *err, char *err_str)
450 char ascii_name[MAX_WIN_IF_NAME_LEN + 1];
451 char ascii_desc[MAX_WIN_IF_NAME_LEN + 1];
454 #ifdef HAVE_PCAP_FINDALLDEVS
455 if (p_pcap_findalldevs != NULL)
456 return get_interface_list_findalldevs(err, err_str);
460 * In WinPcap, pcap_lookupdev is implemented by calling
461 * PacketGetAdapterNames. According to the documentation
464 * http://www.winpcap.org/docs/man/html/Packet32_8c.html#a43
468 * On Windows OT (95, 98, Me), pcap_lookupdev returns a sequence
469 * of bytes consisting of:
471 * a sequence of null-terminated ASCII strings (i.e., each
472 * one is terminated by a single 0 byte), giving the names
475 * an empty ASCII string (i.e., a single 0 byte);
477 * a sequence of null-terminated ASCII strings, giving the
478 * descriptions of the interfaces;
480 * an empty ASCII string.
482 * On Windows NT (NT 4.0, W2K, WXP, W2K3, etc.), pcap_lookupdev
483 * returns a sequence of bytes consisting of:
485 * a sequence of null-terminated double-byte Unicode strings
486 * (i.e., each one consits of a sequence of double-byte
487 * characters, terminated by a double-byte 0), giving the
488 * names of the interfaces;
490 * an empty Unicode string (i.e., a double 0 byte);
492 * a sequence of null-terminated ASCII strings, giving the
493 * descriptions of the interfaces;
495 * an empty ASCII string.
497 * The Nth string in the first sequence is the name of the Nth
498 * adapter; the Nth string in the second sequence is the
499 * description of the Nth adapter.
502 names = (wchar_t *)pcap_lookupdev(err_str);
511 * If names[0] is less than 256 it means the first
512 * byte is 0. This implies that we are using Unicode
515 while (*(names+desc_pos) || *(names+desc_pos-1))
517 desc_pos++; /* Step over the extra '\0' */
518 desc = (char*)(names + desc_pos); /* cast *after* addition */
520 while (names[i] != 0) {
522 * Copy the Unicode description to an ASCII
527 if (j < MAX_WIN_IF_NAME_LEN)
528 ascii_desc[j++] = *desc;
531 ascii_desc[j] = '\0';
535 * Copy the Unicode name to an ASCII string.
538 while (names[i] != 0) {
539 if (j < MAX_WIN_IF_NAME_LEN)
540 ascii_name[j++] = (char) names[i++];
542 ascii_name[j] = '\0';
544 il = g_list_append(il,
545 if_info_new(ascii_name, ascii_desc));
549 * Otherwise we are in Windows 95/98 and using ASCII
550 * (8-bit) characters.
552 win95names=(char *)names;
553 while (*(win95names+desc_pos) || *(win95names+desc_pos-1))
555 desc_pos++; /* Step over the extra '\0' */
556 desc = win95names + desc_pos;
558 while (win95names[i] != '\0') {
560 * "&win95names[i]" points to the current
561 * interface name, and "desc" points to
562 * that interface's description.
564 il = g_list_append(il,
565 if_info_new(&win95names[i], desc));
568 * Skip to the next description.
575 * Skip to the next name.
577 while (win95names[i] != 0)
586 * No interfaces found.
588 *err = NO_INTERFACES_FOUND;
595 * Get an error message string for a CANT_GET_INTERFACE_LIST error from
596 * "get_interface_list()".
599 cant_get_if_list_error_message(const char *err_str)
602 * If the error message includes "Not enough storage is available
603 * to process this command" or "The operation completed successfully",
604 * suggest that they install a WinPcap version later than 3.0.
606 if (strstr(err_str, "Not enough storage is available to process this command") != NULL ||
607 strstr(err_str, "The operation completed successfully") != NULL) {
608 return g_strdup_printf("Can't get list of interfaces: %s\n"
609 "This might be a problem with WinPcap 3.0; you should try updating to\n"
610 "a later version of WinPcap - see the WinPcap site at www.winpcap.org",
613 return g_strdup_printf("Can't get list of interfaces: %s", err_str);
617 * Append the version of WinPcap with which we were compiled to a GString.
620 get_compiled_pcap_version(GString *str)
622 g_string_append(str, "with WinPcap (version unknown)");
626 * Append the version of WinPcap with which we we're running to a GString.
629 get_runtime_pcap_version(GString *str)
632 * On Windows, we might have been compiled with WinPcap but
633 * might not have it loaded; indicate whether we have it or
634 * not and, if we have it and we have "pcap_lib_version()",
635 * what version we have.
637 GModule *handle; /* handle returned by dlopen */
638 static gchar *packetVer;
642 g_string_sprintfa(str, "with ");
643 if (p_pcap_lib_version != NULL)
644 g_string_sprintfa(str, p_pcap_lib_version());
647 * An alternative method of obtaining the version
648 * number, by using the PacketLibraryVersion
649 * string from packet.dll.
651 * Unfortunately, in WinPcap 3.0, it returns
652 * "3.0 alpha3", even in the final version of
653 * WinPcap 3.0, so if there's a blank in the
654 * string, we strip it and everything after
655 * it from the string, so we don't misleadingly
656 * report that 3.0 alpha3 is being used when
657 * the final version is being used.
659 if (packetVer == NULL) {
660 packetVer = "version unknown";
661 handle = g_module_open("Packet.dll", 0);
662 if (handle != NULL) {
663 if (g_module_symbol(handle,
664 "PacketLibraryVersion",
665 (gpointer*)&packetVer)) {
666 packetVer = g_strdup(packetVer);
667 blankp = strchr(packetVer, ' ');
671 packetVer = "version unknown";
673 g_module_close(handle);
676 g_string_sprintfa(str, "WinPcap (%s)", packetVer);
679 g_string_append(str, "without WinPcap");
680 g_string_append(str, " ");
683 #else /* HAVE_LIBPCAP */
692 * Append an indication that we were not compiled with WinPcap
696 get_compiled_pcap_version(GString *str)
698 g_string_append(str, "without WinPcap");
702 * Don't append anything, as we weren't even compiled to use WinPcap.
705 get_runtime_pcap_version(GString *str _U_)
709 #endif /* HAVE_LIBPCAP */