2 * Routines for getting interface information from dumpcap
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
32 #ifdef HAVE_ARPA_INET_H
33 #include <arpa/inet.h>
36 #ifdef HAVE_SYS_SOCKET_H
37 #include <sys/socket.h> /* needed to define AF_ values on UNIX */
40 #ifdef HAVE_WINSOCK2_H
41 #include <winsock2.h> /* needed to define AF_ values on Windows */
44 #ifdef NEED_INET_V6DEFS_H
45 # include "wsutil/inet_v6defs.h"
50 #include "capture_opts.h"
51 #include "capture_sync.h"
54 #include "wsutil/file_util.h"
56 #include "capture_ifinfo.h"
58 #ifdef HAVE_PCAP_REMOTE
59 static GList *remote_interface_list = NULL;
61 static void append_remote_list(GList *iflist)
65 if_addr_t *if_addr, *temp_addr;
66 if_info_t *if_info, *temp;
68 for (rlist = g_list_nth(remote_interface_list, 0); rlist != NULL; rlist = g_list_next(rlist)) {
69 if_info = (if_info_t *)rlist->data;
70 temp = g_malloc0(sizeof(if_info_t));
71 temp->name = g_strdup(if_info->name);
72 temp->description = g_strdup(if_info->description);
73 for (list = g_slist_nth(if_info->addrs, 0); list != NULL; list = g_slist_next(list)) {
74 temp_addr = g_malloc0(sizeof(if_addr_t));
75 if_addr = (if_addr_t *)list->data;
77 temp_addr->ifat_type = if_addr->ifat_type;
78 if (temp_addr->ifat_type == IF_AT_IPv4) {
79 temp_addr->addr.ip4_addr = if_addr->addr.ip4_addr;
81 memcpy(temp_addr->addr.ip6_addr, if_addr->addr.ip6_addr, sizeof(if_addr->addr));
88 temp->addrs = g_slist_append(temp->addrs, temp_addr);
91 temp->loopback = if_info->loopback;
92 iflist = g_list_append(iflist, temp);
98 * Fetch the interface list from a child process (dumpcap).
100 * @return A GList containing if_info_t structs if successful, NULL (with err and possibly err_str set) otherwise.
104 /* XXX - We parse simple text output to get our interface list. Should
105 * we use "real" data serialization instead, e.g. via XML? */
107 capture_interface_list(int *err, char **err_str)
110 GList *if_list = NULL;
112 gchar *data, *primary_msg, *secondary_msg;
113 gchar **raw_list, **if_parts, **addr_parts;
118 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List ...");
120 /* Try to get our interface list */
121 ret = sync_interface_list_open(&data, &primary_msg, &secondary_msg);
123 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List failed!");
125 *err_str = primary_msg;
129 g_free(secondary_msg);
130 *err = CANT_GET_INTERFACE_LIST;
134 /* Split our lines */
136 raw_list = g_strsplit(data, "\r\n", 0);
138 raw_list = g_strsplit(data, "\n", 0);
142 for (i = 0; raw_list[i] != NULL; i++) {
143 if_parts = g_strsplit(raw_list[i], "\t", 4);
144 if (if_parts[0] == NULL || if_parts[1] == NULL || if_parts[2] == NULL ||
145 if_parts[3] == NULL) {
146 g_strfreev(if_parts);
150 /* Number followed by the name, e.g "1. eth0" */
151 name = strchr(if_parts[0], ' ');
155 g_strfreev(if_parts);
159 if_info = g_malloc0(sizeof(if_info_t));
160 if_info->name = g_strdup(name);
161 if (strlen(if_parts[1]) > 0)
162 if_info->description = g_strdup(if_parts[1]);
163 addr_parts = g_strsplit(if_parts[2], ",", 0);
164 for (j = 0; addr_parts[j] != NULL; j++) {
165 if_addr = g_malloc0(sizeof(if_addr_t));
166 if (inet_pton(AF_INET, addr_parts[j], &if_addr->addr.ip4_addr)) {
167 if_addr->ifat_type = IF_AT_IPv4;
168 } else if (inet_pton(AF_INET6, addr_parts[j],
169 &if_addr->addr.ip6_addr)) {
170 if_addr->ifat_type = IF_AT_IPv6;
176 if_info->addrs = g_slist_append(if_info->addrs, if_addr);
179 if (strcmp(if_parts[3], "loopback") == 0)
180 if_info->loopback = TRUE;
181 g_strfreev(if_parts);
182 g_strfreev(addr_parts);
183 if_list = g_list_append(if_list, if_info);
185 g_strfreev(raw_list);
187 /* Check to see if we built a list */
188 if (if_list == NULL) {
189 *err = NO_INTERFACES_FOUND;
191 *err_str = g_strdup("No interfaces found");
193 #ifdef HAVE_PCAP_REMOTE
194 if (remote_interface_list && g_list_length(remote_interface_list) > 0) {
195 append_remote_list(if_list);
201 /* XXX - We parse simple text output to get our interface list. Should
202 * we use "real" data serialization instead, e.g. via XML? */
204 capture_get_if_capabilities(const gchar *ifname, gboolean monitor_mode,
207 if_capabilities_t *caps;
208 GList *linktype_list = NULL;
210 gchar *data, *primary_msg, *secondary_msg;
211 gchar **raw_list, **lt_parts;
212 data_link_info_t *data_link_info;
214 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities ...");
216 /* Try to get our interface list */
217 err = sync_if_capabilities_open(ifname, monitor_mode, &data,
218 &primary_msg, &secondary_msg);
220 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities failed!");
222 *err_str = primary_msg;
226 g_free(secondary_msg);
230 /* Split our lines */
232 raw_list = g_strsplit(data, "\r\n", 0);
234 raw_list = g_strsplit(data, "\n", 0);
239 * First line is 0 if monitor mode isn't supported, 1 if it is.
241 if (raw_list[0] == NULL || *raw_list[0] == '\0') {
242 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities returned no information!");
244 *err_str = g_strdup("Dumpcap returned no interface capability information");
250 * Allocate the interface capabilities structure.
252 caps = g_malloc(sizeof *caps);
253 switch (*raw_list[0]) {
256 caps->can_set_rfmon = FALSE;
260 caps->can_set_rfmon = TRUE;
264 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities returned bad information!");
266 *err_str = g_strdup_printf("Dumpcap returned \"%s\" for monitor-mode capability",
274 * The rest are link-layer types.
276 for (i = 1; raw_list[i] != NULL; i++) {
277 /* ...and what if the interface name has a tab in it, Mr. Clever Programmer? */
278 lt_parts = g_strsplit(raw_list[i], "\t", 3);
279 if (lt_parts[0] == NULL || lt_parts[1] == NULL || lt_parts[2] == NULL) {
280 g_strfreev(lt_parts);
284 data_link_info = g_malloc(sizeof (data_link_info_t));
285 data_link_info->dlt = (int) strtol(lt_parts[0], NULL, 10);
286 data_link_info->name = g_strdup(lt_parts[1]);
287 if (strcmp(lt_parts[2], "(not supported)") != 0)
288 data_link_info->description = g_strdup(lt_parts[2]);
290 data_link_info->description = NULL;
292 linktype_list = g_list_append(linktype_list, data_link_info);
294 g_strfreev(raw_list);
296 /* Check to see if we built a list */
297 if (linktype_list == NULL) {
300 *err_str = g_strdup("Dumpcap returned no link-layer types");
304 caps->data_link_types = linktype_list;
308 #ifdef HAVE_PCAP_REMOTE
309 void add_interface_to_remote_list(if_info_t *if_info)
312 if_addr_t *if_addr, *temp_addr;
314 if_info_t *temp = g_malloc0(sizeof(if_info_t));
315 temp->name = g_strdup(if_info->name);
316 temp->description = g_strdup(if_info->description);
317 for (list = g_slist_nth(if_info->addrs, 0); list != NULL; list = g_slist_next(list)) {
318 temp_addr = g_malloc0(sizeof(if_addr_t));
319 if_addr = (if_addr_t *)list->data;
321 temp_addr->ifat_type = if_addr->ifat_type;
322 if (temp_addr->ifat_type == IF_AT_IPv4) {
323 temp_addr->addr.ip4_addr = if_addr->addr.ip4_addr;
325 memcpy(temp_addr->addr.ip6_addr, if_addr->addr.ip6_addr, sizeof(if_addr->addr));
332 temp->addrs = g_slist_append(temp->addrs, temp_addr);
335 temp->loopback = if_info->loopback;
336 remote_interface_list = g_list_append(remote_interface_list, temp);
341 get_interface_type(gchar *name, gchar *description)
343 #if defined(__linux__)
349 * Much digging failed to reveal any obvious way to get something such
350 * as the SNMP MIB-II ifType value for an interface:
352 * http://www.iana.org/assignments/ianaiftype-mib
354 * by making some NDIS request.
356 if (description && (strstr(description,"generic dialup") != NULL ||
357 strstr(description,"PPP/SLIP") != NULL )) {
359 } else if (description && (strstr(description,"Wireless") != NULL ||
360 strstr(description,"802.11") != NULL)) {
362 } else if (description && strstr(description,"AirPcap") != NULL ||
363 strstr(name,"airpcap")) {
365 } else if (description && strstr(description, "Bluetooth") != NULL ) {
368 #elif defined(__APPLE__)
370 * XXX - yes, fetching all the network addresses for an interface
371 * gets you an AF_LINK address, of type "struct sockaddr_dl", and,
372 * yes, that includes an SNMP MIB-II ifType value.
374 * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
375 * not IFT_IEEE80211 (which isn't defined in OS X in any case).
377 * Perhaps some other BSD-flavored OSes won't make this mistake;
378 * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
379 * made the same mistake, at least for my Belkin ZyDAS stick.
381 * XXX - this is wrong on a MacBook Air, as en0 is the AirPort
382 * interface, and it's also wrong on a Mac that has no AirPort
383 * interfaces and has multiple Ethernet interfaces.
385 * The SystemConfiguration framework is your friend here.
386 * SCNetworkInterfaceGetInterfaceType() will get the interface
387 * type. SCNetworkInterfaceCopyAll() gets all network-capable
388 * interfaces on the system; SCNetworkInterfaceGetBSDName()
389 * gets the "BSD name" of the interface, so we look for
390 * an interface with the specified "BSD name" and get its
391 * interface type. The interface type is a CFString, and:
393 * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
394 * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
395 * kSCNetworkInterfaceTypeModem or
396 * kSCNetworkInterfaceTypePPP or
397 * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
399 if (strcmp(name, "en1") == 0) {
403 * XXX - PPP devices have names beginning with "ppp" and an IFT_ of
404 * IFT_PPP, but they could be dial-up, or PPPoE, or mobile phone modem,
405 * or VPN, or... devices. One might have to dive into the bowels of
410 * XXX - there's currently no support for raw Bluetooth capture,
411 * and IP-over-Bluetooth devices just look like fake Ethernet
412 * devices. There's also Bluetooth modem support, but that'll
413 * probably just give you a device that looks like a PPP device.
415 #elif defined(__linux__)
417 * Look for /sys/class/net/{device}/wireless.
419 wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
420 if (wireless_path != NULL) {
421 if (ws_stat64(wireless_path, &statb) == 0) {
422 g_free(wireless_path);
429 * XXX - this is for raw Bluetooth capture; what about IP-over-Bluetooth
432 if ( strstr(name,"bluetooth") != NULL) {
439 if ( strstr(name,"usbmon") != NULL ) {
444 * Bridge, NAT, or host-only interfaces on VMWare hosts have the name
445 * vmnet[0-9]+ or VMnet[0-9+ on Windows. Guests might use a native
446 * (LANCE or E1000) driver or the vmxnet driver. These devices have an
447 * IFT_ of IFT_ETHER, so we have to check the name.
449 if ( g_ascii_strncasecmp(name, "vmnet", 5) == 0) {
453 if ( g_ascii_strncasecmp(name, "vmxnet", 6) == 0) {
457 if (description && strstr(description, "VMware") != NULL ) {
463 #endif /* HAVE_LIBPCAP */