2 * Routines for getting interface information from dumpcap
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #ifdef HAVE_ARPA_INET_H
35 #include <arpa/inet.h>
38 #ifdef HAVE_SYS_SOCKET_H
39 #include <sys/socket.h> /* needed to define AF_ values on UNIX */
42 #ifdef HAVE_WINSOCK2_H
43 #include <winsock2.h> /* needed to define AF_ values on Windows */
46 #ifdef NEED_INET_V6DEFS_H
47 # include "wsutil/inet_v6defs.h"
52 #include "capture_opts.h"
53 #include "capture_sync.h"
56 #include "wsutil/file_util.h"
58 #include "capture_ifinfo.h"
60 #ifdef HAVE_PCAP_REMOTE
61 static GList *remote_interface_list = NULL;
63 static void append_remote_list(GList *iflist)
67 if_addr_t *if_addr, *temp_addr;
68 if_info_t *if_info, *temp;
70 for (rlist = g_list_nth(remote_interface_list, 0); rlist != NULL; rlist = g_list_next(rlist)) {
71 if_info = (if_info_t *)rlist->data;
72 temp = g_malloc0(sizeof(if_info_t));
73 temp->name = g_strdup(if_info->name);
74 temp->description = g_strdup(if_info->description);
75 for (list = g_slist_nth(if_info->addrs, 0); list != NULL; list = g_slist_next(list)) {
76 temp_addr = g_malloc0(sizeof(if_addr_t));
77 if_addr = (if_addr_t *)list->data;
79 temp_addr->ifat_type = if_addr->ifat_type;
80 if (temp_addr->ifat_type == IF_AT_IPv4) {
81 temp_addr->addr.ip4_addr = if_addr->addr.ip4_addr;
83 memcpy(temp_addr->addr.ip6_addr, if_addr->addr.ip6_addr, sizeof(if_addr->addr));
90 temp->addrs = g_slist_append(temp->addrs, temp_addr);
93 temp->loopback = if_info->loopback;
94 iflist = g_list_append(iflist, temp);
100 * Fetch the interface list from a child process (dumpcap).
102 * @return A GList containing if_info_t structs if successful, NULL (with err and possibly err_str set) otherwise.
106 /* XXX - We parse simple text output to get our interface list. Should
107 * we use "real" data serialization instead, e.g. via XML? */
109 capture_interface_list(int *err, char **err_str)
112 GList *if_list = NULL;
114 gchar *data, *primary_msg, *secondary_msg;
115 gchar **raw_list, **if_parts, **addr_parts;
120 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List ...");
122 /* Try to get our interface list */
123 ret = sync_interface_list_open(&data, &primary_msg, &secondary_msg);
125 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List failed!");
127 *err_str = primary_msg;
131 g_free(secondary_msg);
132 *err = CANT_GET_INTERFACE_LIST;
136 /* Split our lines */
138 raw_list = g_strsplit(data, "\r\n", 0);
140 raw_list = g_strsplit(data, "\n", 0);
144 for (i = 0; raw_list[i] != NULL; i++) {
145 if_parts = g_strsplit(raw_list[i], "\t", 4);
146 if (if_parts[0] == NULL || if_parts[1] == NULL || if_parts[2] == NULL ||
147 if_parts[3] == NULL) {
148 g_strfreev(if_parts);
152 /* Number followed by the name, e.g "1. eth0" */
153 name = strchr(if_parts[0], ' ');
157 g_strfreev(if_parts);
161 if_info = g_malloc0(sizeof(if_info_t));
162 if_info->name = g_strdup(name);
163 if (strlen(if_parts[1]) > 0)
164 if_info->description = g_strdup(if_parts[1]);
165 addr_parts = g_strsplit(if_parts[2], ",", 0);
166 for (j = 0; addr_parts[j] != NULL; j++) {
167 if_addr = g_malloc0(sizeof(if_addr_t));
168 if (inet_pton(AF_INET, addr_parts[j], &if_addr->addr.ip4_addr)) {
169 if_addr->ifat_type = IF_AT_IPv4;
170 } else if (inet_pton(AF_INET6, addr_parts[j],
171 &if_addr->addr.ip6_addr)) {
172 if_addr->ifat_type = IF_AT_IPv6;
178 if_info->addrs = g_slist_append(if_info->addrs, if_addr);
181 if (strcmp(if_parts[3], "loopback") == 0)
182 if_info->loopback = TRUE;
183 g_strfreev(if_parts);
184 g_strfreev(addr_parts);
185 if_list = g_list_append(if_list, if_info);
187 g_strfreev(raw_list);
189 /* Check to see if we built a list */
190 if (if_list == NULL) {
191 *err = NO_INTERFACES_FOUND;
193 *err_str = g_strdup("No interfaces found");
195 #ifdef HAVE_PCAP_REMOTE
196 if (remote_interface_list && g_list_length(remote_interface_list) > 0) {
197 append_remote_list(if_list);
203 /* XXX - We parse simple text output to get our interface list. Should
204 * we use "real" data serialization instead, e.g. via XML? */
206 capture_get_if_capabilities(const gchar *ifname, gboolean monitor_mode,
209 if_capabilities_t *caps;
210 GList *linktype_list = NULL;
212 gchar *data, *primary_msg, *secondary_msg;
213 gchar **raw_list, **lt_parts;
214 data_link_info_t *data_link_info;
216 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities ...");
218 /* Try to get our interface list */
219 err = sync_if_capabilities_open(ifname, monitor_mode, &data,
220 &primary_msg, &secondary_msg);
222 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities failed!");
224 *err_str = primary_msg;
228 g_free(secondary_msg);
232 /* Split our lines */
234 raw_list = g_strsplit(data, "\r\n", 0);
236 raw_list = g_strsplit(data, "\n", 0);
241 * First line is 0 if monitor mode isn't supported, 1 if it is.
243 if (raw_list[0] == NULL || *raw_list[0] == '\0') {
244 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities returned no information!");
246 *err_str = g_strdup("Dumpcap returned no interface capability information");
252 * Allocate the interface capabilities structure.
254 caps = g_malloc(sizeof *caps);
255 switch (*raw_list[0]) {
258 caps->can_set_rfmon = FALSE;
262 caps->can_set_rfmon = TRUE;
266 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities returned bad information!");
268 *err_str = g_strdup_printf("Dumpcap returned \"%s\" for monitor-mode capability",
276 * The rest are link-layer types.
278 for (i = 1; raw_list[i] != NULL; i++) {
279 /* ...and what if the interface name has a tab in it, Mr. Clever Programmer? */
280 lt_parts = g_strsplit(raw_list[i], "\t", 3);
281 if (lt_parts[0] == NULL || lt_parts[1] == NULL || lt_parts[2] == NULL) {
282 g_strfreev(lt_parts);
286 data_link_info = g_malloc(sizeof (data_link_info_t));
287 data_link_info->dlt = (int) strtol(lt_parts[0], NULL, 10);
288 data_link_info->name = g_strdup(lt_parts[1]);
289 if (strcmp(lt_parts[2], "(not supported)") != 0)
290 data_link_info->description = g_strdup(lt_parts[2]);
292 data_link_info->description = NULL;
294 linktype_list = g_list_append(linktype_list, data_link_info);
296 g_strfreev(raw_list);
298 /* Check to see if we built a list */
299 if (linktype_list == NULL) {
302 *err_str = g_strdup("Dumpcap returned no link-layer types");
306 caps->data_link_types = linktype_list;
310 #ifdef HAVE_PCAP_REMOTE
311 void add_interface_to_remote_list(if_info_t *if_info)
314 if_addr_t *if_addr, *temp_addr;
316 if_info_t *temp = g_malloc0(sizeof(if_info_t));
317 temp->name = g_strdup(if_info->name);
318 temp->description = g_strdup(if_info->description);
319 for (list = g_slist_nth(if_info->addrs, 0); list != NULL; list = g_slist_next(list)) {
320 temp_addr = g_malloc0(sizeof(if_addr_t));
321 if_addr = (if_addr_t *)list->data;
323 temp_addr->ifat_type = if_addr->ifat_type;
324 if (temp_addr->ifat_type == IF_AT_IPv4) {
325 temp_addr->addr.ip4_addr = if_addr->addr.ip4_addr;
327 memcpy(temp_addr->addr.ip6_addr, if_addr->addr.ip6_addr, sizeof(if_addr->addr));
334 temp->addrs = g_slist_append(temp->addrs, temp_addr);
337 temp->loopback = if_info->loopback;
338 remote_interface_list = g_list_append(remote_interface_list, temp);
343 get_interface_type(gchar *name, gchar *description)
345 #if defined(__linux__)
351 * Much digging failed to reveal any obvious way to get something such
352 * as the SNMP MIB-II ifType value for an interface:
354 * http://www.iana.org/assignments/ianaiftype-mib
356 * by making some NDIS request.
358 if (description && (strstr(description,"generic dialup") != NULL ||
359 strstr(description,"PPP/SLIP") != NULL )) {
361 } else if (description && (strstr(description,"Wireless") != NULL ||
362 strstr(description,"802.11") != NULL)) {
364 } else if (description && strstr(description,"AirPcap") != NULL ||
365 strstr(name,"airpcap")) {
367 } else if (description && strstr(description, "Bluetooth") != NULL ) {
370 #elif defined(__APPLE__)
372 * XXX - yes, fetching all the network addresses for an interface
373 * gets you an AF_LINK address, of type "struct sockaddr_dl", and,
374 * yes, that includes an SNMP MIB-II ifType value.
376 * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
377 * not IFT_IEEE80211 (which isn't defined in OS X in any case).
379 * Perhaps some other BSD-flavored OSes won't make this mistake;
380 * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
381 * made the same mistake, at least for my Belkin ZyDAS stick.
383 * XXX - this is wrong on a MacBook Air, as en0 is the AirPort
384 * interface, and it's also wrong on a Mac that has no AirPort
385 * interfaces and has multiple Ethernet interfaces.
387 * The SystemConfiguration framework is your friend here.
388 * SCNetworkInterfaceGetInterfaceType() will get the interface
389 * type. SCNetworkInterfaceCopyAll() gets all network-capable
390 * interfaces on the system; SCNetworkInterfaceGetBSDName()
391 * gets the "BSD name" of the interface, so we look for
392 * an interface with the specified "BSD name" and get its
393 * interface type. The interface type is a CFString, and:
395 * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
396 * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
397 * kSCNetworkInterfaceTypeModem or
398 * kSCNetworkInterfaceTypePPP or
399 * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
401 if (strcmp(name, "en1") == 0) {
405 * XXX - PPP devices have names beginning with "ppp" and an IFT_ of
406 * IFT_PPP, but they could be dial-up, or PPPoE, or mobile phone modem,
407 * or VPN, or... devices. One might have to dive into the bowels of
412 * XXX - there's currently no support for raw Bluetooth capture,
413 * and IP-over-Bluetooth devices just look like fake Ethernet
414 * devices. There's also Bluetooth modem support, but that'll
415 * probably just give you a device that looks like a PPP device.
417 #elif defined(__linux__)
419 * Look for /sys/class/net/{device}/wireless.
421 wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
422 if (wireless_path != NULL) {
423 if (ws_stat64(wireless_path, &statb) == 0) {
424 g_free(wireless_path);
431 * XXX - this is for raw Bluetooth capture; what about IP-over-Bluetooth
434 if ( strstr(name,"bluetooth") != NULL) {
441 if ( strstr(name,"usbmon") != NULL ) {
446 * Bridge, NAT, or host-only interfaces on VMWare hosts have the name
447 * vmnet[0-9]+ or VMnet[0-9+ on Windows. Guests might use a native
448 * (LANCE or E1000) driver or the vmxnet driver. These devices have an
449 * IFT_ of IFT_ETHER, so we have to check the name.
451 if ( g_ascii_strncasecmp(name, "vmnet", 5) == 0) {
455 if ( g_ascii_strncasecmp(name, "vmxnet", 6) == 0) {
459 if (description && strstr(description, "VMware") != NULL ) {
465 #endif /* HAVE_LIBPCAP */