1 /* capture-pcap-util-unix.c
2 * UN*X-specific utility routines for packet capture
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #ifndef HAVE_PCAP_FINDALLDEVS
46 #ifdef HAVE_SYS_SOCKET_H
47 #include <sys/socket.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
55 * Keep Digital UNIX happy when including <net/if.h>.
61 #ifdef HAVE_SYS_SOCKIO_H
62 # include <sys/sockio.h>
65 #endif /* HAVE_PCAP_FINDALLDEVS */
68 # include <sys/capability.h>
71 #include "caputils/capture_ifinfo.h"
72 #include "caputils/capture-pcap-util.h"
73 #include "caputils/capture-pcap-util-int.h"
75 #ifdef HAVE_PCAP_REMOTE
77 get_remote_interface_list(const char *hostname, const char *port,
78 int auth_type, const char *username,
79 const char *passwd, int *err, char **err_str)
81 struct pcap_rmtauth auth;
82 char source[PCAP_BUF_SIZE];
83 char errbuf[PCAP_ERRBUF_SIZE];
86 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
87 NULL, errbuf) == -1) {
88 *err = CANT_GET_INTERFACE_LIST;
90 *err_str = cant_get_if_list_error_message(errbuf);
94 auth.type = auth_type;
95 auth.username = g_strdup(username);
96 auth.password = g_strdup(passwd);
98 result = get_interface_list_findalldevs_ex(source, &auth, err, err_str);
99 g_free(auth.username);
100 g_free(auth.password);
106 #ifdef HAVE_PCAP_FINDALLDEVS
108 get_interface_list(int *err, char **err_str)
110 return get_interface_list_findalldevs(err, err_str);
112 #else /* HAVE_PCAP_FINDALLDEVS */
113 struct search_user_data {
119 search_for_if_cb(gpointer data, gpointer user_data)
121 struct search_user_data *search_user_data = (struct search_user_data*)user_data;
122 if_info_t *if_info = (if_info_t *)data;
124 if (strcmp(if_info->name, search_user_data->name) == 0)
125 search_user_data->if_info = if_info;
129 get_interface_list(int *err, char **err_str)
132 gint nonloopback_pos = 0;
133 struct ifreq *ifr, *last;
135 struct ifreq ifrflags;
136 int sock = socket(AF_INET, SOCK_DGRAM, 0);
137 struct search_user_data user_data;
142 char errbuf[PCAP_ERRBUF_SIZE];
146 *err = CANT_GET_INTERFACE_LIST;
147 if (err_str != NULL) {
148 *err_str = g_strdup_printf(
149 "Can't get list of interfaces: error opening socket: %s",
156 * This code came from: W. Richard Stevens: "UNIX Network Programming",
157 * Networking APIs: Sockets and XTI, Vol 1, page 434.
160 len = 100 * sizeof(struct ifreq);
162 buf = (char *)g_malloc0(len);
165 if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) {
166 if (errno != EINVAL || lastlen != 0) {
167 if (err_str != NULL) {
168 *err_str = g_strdup_printf(
169 "Can't get list of interfaces: SIOCGIFCONF ioctl error: %s",
175 if ((unsigned int) ifc.ifc_len < sizeof(struct ifreq)) {
176 if (err_str != NULL) {
178 "Can't get list of interfaces: SIOCGIFCONF ioctl gave too small return buffer");
182 if (ifc.ifc_len == lastlen)
183 break; /* success, len has not changed */
184 lastlen = ifc.ifc_len;
186 len += 10 * sizeof(struct ifreq); /* increment */
189 ifr = (struct ifreq *) ifc.ifc_req;
190 last = (struct ifreq *) ((char *) ifr + ifc.ifc_len);
193 * Skip entries that begin with "dummy", or that include
194 * a ":" (the latter are Solaris virtuals).
196 if (strncmp(ifr->ifr_name, "dummy", 5) == 0 ||
197 strchr(ifr->ifr_name, ':') != NULL)
201 * If we already have this interface name on the list,
202 * don't add it, but, if we don't already have an IP
203 * address for it, add that address (SIOCGIFCONF returns,
204 * at least on BSD-flavored systems, one entry per
205 * interface *address*; if an interface has multiple
206 * addresses, we get multiple entries for it).
208 user_data.name = ifr->ifr_name;
209 user_data.if_info = NULL;
210 g_list_foreach(il, search_for_if_cb, &user_data);
211 if (user_data.if_info != NULL) {
212 if_info_add_address(user_data.if_info, &ifr->ifr_addr);
213 if (user_data.if_info->addrs) {
214 g_slist_reverse(user_data.if_info->addrs);
220 * Get the interface flags.
222 memset(&ifrflags, 0, sizeof ifrflags);
223 g_strlcpy(ifrflags.ifr_name, ifr->ifr_name,
224 sizeof ifrflags.ifr_name);
225 if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
228 if (err_str != NULL) {
229 *err_str = g_strdup_printf(
230 "Can't get list of interfaces: SIOCGIFFLAGS error getting flags for interface %s: %s",
231 ifr->ifr_name, g_strerror(errno));
237 * Skip interfaces that aren't up.
239 if (!(ifrflags.ifr_flags & IFF_UP))
243 * Skip interfaces that we can't open with "libpcap".
244 * Open with the minimum packet size - it appears that the
245 * IRIX SIOCSNOOPLEN "ioctl" may fail if the capture length
246 * supplied is too large, rather than just truncating it.
248 pch = pcap_open_live(ifr->ifr_name, MIN_PACKET_SIZE, 0, 0,
255 * If it's a loopback interface, add it at the end of the
256 * list, otherwise add it after the last non-loopback
257 * interface, so all loopback interfaces go at the end - we
258 * don't want a loopback interface to be the default capture
259 * device unless there are no non-loopback devices.
261 loopback = ((ifrflags.ifr_flags & IFF_LOOPBACK) ||
262 strncmp(ifr->ifr_name, "lo", 2) == 0);
263 if_info = if_info_new(ifr->ifr_name, NULL, loopback);
264 if_info_add_address(if_info, &ifr->ifr_addr);
265 if (if_info->addrs) {
266 g_slist_reverse(if_info->addrs);
269 il = g_list_append(il, if_info);
271 il = g_list_insert(il, if_info, nonloopback_pos);
273 * Insert the next non-loopback interface after this
280 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
281 ifr = (struct ifreq *) ((char *) ifr +
282 (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr) ?
283 ifr->ifr_addr.sa_len : sizeof(ifr->ifr_addr)) +
286 ifr = (struct ifreq *) ((char *) ifr + sizeof(struct ifreq));
292 * OK, maybe we have support for the "any" device, to do a cooked
293 * capture on all interfaces at once.
294 * Try opening it and, if that succeeds, add it to the end of
295 * the list of interfaces.
297 pch = pcap_open_live("any", MIN_PACKET_SIZE, 0, 0, errbuf);
300 * It worked; we can use the "any" device.
302 if_info = if_info_new("any",
303 "Pseudo-device that captures on all interfaces", FALSE);
304 il = g_list_insert(il, if_info, -1);
314 * No interfaces found.
324 free_interface_list(il);
327 *err = CANT_GET_INTERFACE_LIST;
330 #endif /* HAVE_PCAP_FINDALLDEVS */
333 * Get an error message string for a CANT_GET_INTERFACE_LIST error from
334 * "get_interface_list()".
337 cant_get_if_list_error_message(const char *err_str)
339 return g_strdup_printf("Can't get list of interfaces: %s", err_str);
342 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
344 * Request high-resolution time stamps.
346 * We don't check for errors - if this fails, we just live with boring old
347 * microsecond-resolution time stamps. The only errors pcap_set_tstamp_precision()
348 * is documenting as returning are PCAP_ERROR_TSTAMP_PRECISION_NOTSUP, which just
349 * means we can't do nanosecond precision on this adapter, in which case we
350 * just live with whatever resolution we get by default, and
351 * PCAP_ERROR_ACTIVATED, which shouldn't happen as we shouldn't call this
352 * after we've activated the pcap_t.
355 request_high_resolution_timestamp(pcap_t *pcap_h)
359 * On OS X, if you build with a newer SDK, pcap_set_tstamp_precision()
360 * is available, so the code will be built with it.
362 * However, if you then try to run on an older release that
363 * doesn't have pcap_set_tstamp_precision(), the dynamic linker
364 * will fail, as it won't find pcap_set_tstamp_precision().
366 * libpcap doesn't use OS X "weak linking" for new routines,
367 * so we can't just check whether a pointer to
368 * pcap_set_tstamp_precision() is null and, if it is, not
369 * call it. We have to, instead, use dlopen() to load
370 * libpcap, and dlsym() to find a pointer to pcap_set_tstamp_precision(),
371 * and if we find the pointer, call it.
373 static gboolean initialized = FALSE;
374 static int (*p_pcap_set_tstamp_precision)(pcap_t *, int);
377 p_pcap_set_tstamp_precision =
378 (int (*)(pcap_t *, int))
379 dlsym(RTLD_NEXT, "pcap_set_tstamp_precision");
382 if (p_pcap_set_tstamp_precision != NULL)
383 (*p_pcap_set_tstamp_precision)(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
384 #else /* __APPLE__ */
386 * On other UN*Xes we require that we be run on an OS version
387 * with a libpcap equal to or later than the version with which
390 pcap_set_tstamp_precision(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
391 #endif /* __APPLE__ */
395 * Return TRUE if the pcap_t in question is set up for high-precision
396 * time stamps, FALSE otherwise.
399 have_high_resolution_timestamp(pcap_t *pcap_h)
405 static gboolean initialized = FALSE;
406 static int (*p_pcap_get_tstamp_precision)(pcap_t *);
409 p_pcap_get_tstamp_precision =
411 dlsym(RTLD_NEXT, "pcap_get_tstamp_precision");
414 if (p_pcap_get_tstamp_precision != NULL)
415 return (*p_pcap_get_tstamp_precision)(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
417 return FALSE; /* Can't get implies couldn't set */
418 #else /* __APPLE__ */
420 * On other UN*Xes we require that we be run on an OS version
421 * with a libpcap equal to or later than the version with which
424 return pcap_get_tstamp_precision(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
425 #endif /* __APPLE__ */
428 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
431 get_if_capabilities_local(interface_options *interface_opts, char **err_str)
433 #ifdef HAVE_PCAP_CREATE
434 return get_if_capabilities_pcap_create(interface_opts, err_str);
436 return get_if_capabilities_pcap_open_live(interface_opts, err_str);
441 open_capture_device_local(capture_options *capture_opts
442 #ifndef HAVE_PCAP_CREATE
446 interface_options *interface_opts, int timeout,
447 char (*open_err_str)[PCAP_ERRBUF_SIZE])
450 * We're not opening a remote device; use pcap_create() and
451 * pcap_activate() if we have them, so that we can set various
452 * options, otherwise use pcap_open_live().
454 #ifdef HAVE_PCAP_CREATE
455 return open_capture_device_pcap_create(capture_opts,
456 interface_opts, timeout, open_err_str);
458 return open_capture_device_pcap_open_live(interface_opts, timeout,
464 * Get the versions of libpcap, libpcap, and libnl with which we were
465 * compiled, and append them to a GString.
468 get_compiled_caplibs_version(GString *str)
471 * NOTE: in *some* flavors of UN*X, the data from a shared
472 * library might be linked into executable images that are
473 * linked with that shared library, in which case you could
474 * look at pcap_version[] to get the version with which
475 * the program was compiled.
477 * In other flavors of UN*X, that doesn't happen, so
478 * pcap_version[] gives you the version the program is
479 * running with, not the version it was built with, and,
480 * in at least some of them, if the length of a data item
481 * referred to by the executable - such as the pcap_version[]
482 * string - isn't the same in the version of the library
483 * with which the program was built and the version with
484 * which it was run, the run-time linker will complain,
487 * So, for now, we just give up on reporting the version
488 * of libpcap with which we were compiled.
490 g_string_append(str, "with libpcap");
493 * XXX - these libraries are actually used only by dumpcap,
494 * but we mention them here so that a user reporting a bug
495 * can get information about dumpcap's libraries without
496 * having to run dumpcap.
499 g_string_append(str, ", ");
501 g_string_append(str, "with POSIX capabilities");
502 #ifdef _LINUX_CAPABILITY_VERSION
503 g_string_append(str, " (Linux)");
504 #endif /* _LINUX_CAPABILITY_VERSION */
505 #else /* HAVE_LIBCAP */
506 g_string_append(str, "without POSIX capabilities");
507 #endif /* HAVE_LIBCAP */
510 /* This is a Linux-specific library. */
512 g_string_append(str, ", ");
513 #if defined(HAVE_LIBNL1)
514 g_string_append(str, "with libnl 1");
515 #elif defined(HAVE_LIBNL2)
516 g_string_append(str, "with libnl 2");
517 #elif defined(HAVE_LIBNL3)
518 g_string_append(str, "with libnl 3");
520 g_string_append(str, "without libnl");
521 #endif /* libnl version */
522 #endif /* __linux__ */
526 * Append the version of libpcap with which we we're running to a GString.
529 get_runtime_caplibs_version(GString *str)
531 g_string_append_printf(str, "with ");
532 #ifdef HAVE_PCAP_LIB_VERSION
533 g_string_append(str, pcap_lib_version());
535 g_string_append(str, "libpcap (version unknown)");
539 #else /* HAVE_LIBPCAP */
542 * Append an indication that we were not compiled with libpcap
543 * to a GString. Don't even bother mentioning the other
547 get_compiled_caplibs_version(GString *str)
549 g_string_append(str, "without libpcap");
553 * Don't append anything, as we weren't even compiled to use libpcap.
556 get_runtime_caplibs_version(GString *str _U_)
560 #endif /* HAVE_LIBPCAP */
563 * Editor modelines - http://www.wireshark.org/tools/modelines.html
568 * indent-tabs-mode: t
571 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
572 * :indentSize=8:tabSize=8:noTabs=false: