2 * Routines for getting interface information from dumpcap
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
32 #ifdef HAVE_ARPA_INET_H
33 #include <arpa/inet.h>
36 #ifdef HAVE_SYS_SOCKET_H
37 #include <sys/socket.h> /* needed to define AF_ values on UNIX */
40 #ifdef HAVE_WINSOCK2_H
41 #include <winsock2.h> /* needed to define AF_ values on Windows */
44 #ifdef NEED_INET_V6DEFS_H
45 # include "wsutil/inet_v6defs.h"
50 #include "capture_opts.h"
51 #include "capture_sync.h"
54 #include "wsutil/file_util.h"
56 #include "capture_ifinfo.h"
58 #ifdef HAVE_PCAP_REMOTE
59 static GList *remote_interface_list = NULL;
61 static void append_remote_list(GList *iflist)
65 if_addr_t *if_addr, *temp_addr;
66 if_info_t *if_info, *temp;
68 for (rlist = g_list_nth(remote_interface_list, 0); rlist != NULL; rlist = g_list_next(rlist)) {
69 if_info = (if_info_t *)rlist->data;
70 temp = g_malloc0(sizeof(if_info_t));
71 temp->name = g_strdup(if_info->name);
72 temp->friendly_name = g_strdup(if_info->friendly_name);
73 temp->vendor_description = g_strdup(if_info->vendor_description);
74 for (list = g_slist_nth(if_info->addrs, 0); list != NULL; list = g_slist_next(list)) {
75 temp_addr = g_malloc0(sizeof(if_addr_t));
76 if_addr = (if_addr_t *)list->data;
78 temp_addr->ifat_type = if_addr->ifat_type;
79 if (temp_addr->ifat_type == IF_AT_IPv4) {
80 temp_addr->addr.ip4_addr = if_addr->addr.ip4_addr;
82 memcpy(temp_addr->addr.ip6_addr, if_addr->addr.ip6_addr, sizeof(if_addr->addr));
89 temp->addrs = g_slist_append(temp->addrs, temp_addr);
92 temp->loopback = if_info->loopback;
93 iflist = g_list_append(iflist, temp);
99 * Fetch the interface list from a child process (dumpcap).
101 * @return A GList containing if_info_t structs if successful, NULL (with err and possibly err_str set) otherwise.
105 /* XXX - We parse simple text output to get our interface list. Should
106 * we use "real" data serialization instead, e.g. via XML? */
108 capture_interface_list(int *err, char **err_str)
111 GList *if_list = NULL;
113 gchar *data, *primary_msg, *secondary_msg;
114 gchar **raw_list, **if_parts, **addr_parts;
119 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List ...");
121 /* Try to get our interface list */
122 ret = sync_interface_list_open(&data, &primary_msg, &secondary_msg);
124 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface List failed!");
126 *err_str = primary_msg;
130 g_free(secondary_msg);
131 *err = CANT_GET_INTERFACE_LIST;
135 /* Split our lines */
137 raw_list = g_strsplit(data, "\r\n", 0);
139 raw_list = g_strsplit(data, "\n", 0);
143 for (i = 0; raw_list[i] != NULL; i++) {
144 if_parts = g_strsplit(raw_list[i], "\t", 5);
145 if (if_parts[0] == NULL || if_parts[1] == NULL || if_parts[2] == NULL ||
146 if_parts[3] == NULL || if_parts[4] == NULL) {
147 g_strfreev(if_parts);
151 /* Number followed by the name, e.g "1. eth0" */
152 name = strchr(if_parts[0], ' ');
156 g_strfreev(if_parts);
160 if_info = g_new0(if_info_t,1);
161 if_info->name = g_strdup(name);
162 if (strlen(if_parts[1]) > 0)
163 if_info->vendor_description = g_strdup(if_parts[1]);
164 if (strlen(if_parts[2]) > 0)
165 if_info->friendly_name = g_strdup(if_parts[2]);
166 addr_parts = g_strsplit(if_parts[3], ",", 0);
167 for (j = 0; addr_parts[j] != NULL; j++) {
168 if_addr = g_new0(if_addr_t,1);
169 if (inet_pton(AF_INET, addr_parts[j], &if_addr->addr.ip4_addr)) {
170 if_addr->ifat_type = IF_AT_IPv4;
171 } else if (inet_pton(AF_INET6, addr_parts[j],
172 &if_addr->addr.ip6_addr)) {
173 if_addr->ifat_type = IF_AT_IPv6;
179 if_info->addrs = g_slist_append(if_info->addrs, if_addr);
182 if (strcmp(if_parts[4], "loopback") == 0)
183 if_info->loopback = TRUE;
184 g_strfreev(if_parts);
185 g_strfreev(addr_parts);
186 if_list = g_list_append(if_list, if_info);
188 g_strfreev(raw_list);
190 /* Check to see if we built a list */
191 if (if_list == NULL) {
192 *err = NO_INTERFACES_FOUND;
194 *err_str = g_strdup("No interfaces found");
196 #ifdef HAVE_PCAP_REMOTE
197 if (remote_interface_list && g_list_length(remote_interface_list) > 0) {
198 append_remote_list(if_list);
204 /* XXX - We parse simple text output to get our interface list. Should
205 * we use "real" data serialization instead, e.g. via XML? */
207 capture_get_if_capabilities(const gchar *ifname, gboolean monitor_mode,
210 if_capabilities_t *caps;
211 GList *linktype_list = NULL;
213 gchar *data, *primary_msg, *secondary_msg;
214 gchar **raw_list, **lt_parts;
215 data_link_info_t *data_link_info;
217 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities ...");
219 /* Try to get our interface list */
220 err = sync_if_capabilities_open(ifname, monitor_mode, &data,
221 &primary_msg, &secondary_msg);
223 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities failed!");
225 *err_str = primary_msg;
229 g_free(secondary_msg);
233 /* Split our lines */
235 raw_list = g_strsplit(data, "\r\n", 0);
237 raw_list = g_strsplit(data, "\n", 0);
242 * First line is 0 if monitor mode isn't supported, 1 if it is.
244 if (raw_list[0] == NULL || *raw_list[0] == '\0') {
245 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities returned no information!");
247 *err_str = g_strdup("Dumpcap returned no interface capability information");
253 * Allocate the interface capabilities structure.
255 caps = (if_capabilities_t *)g_malloc(sizeof *caps);
256 switch (*raw_list[0]) {
259 caps->can_set_rfmon = FALSE;
263 caps->can_set_rfmon = TRUE;
267 g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_MESSAGE, "Capture Interface Capabilities returned bad information!");
269 *err_str = g_strdup_printf("Dumpcap returned \"%s\" for monitor-mode capability",
277 * The rest are link-layer types.
279 for (i = 1; raw_list[i] != NULL; i++) {
280 /* ...and what if the interface name has a tab in it, Mr. Clever Programmer? */
281 lt_parts = g_strsplit(raw_list[i], "\t", 3);
282 if (lt_parts[0] == NULL || lt_parts[1] == NULL || lt_parts[2] == NULL) {
283 g_strfreev(lt_parts);
287 data_link_info = g_new(data_link_info_t,1);
288 data_link_info->dlt = (int) strtol(lt_parts[0], NULL, 10);
289 data_link_info->name = g_strdup(lt_parts[1]);
290 if (strcmp(lt_parts[2], "(not supported)") != 0)
291 data_link_info->description = g_strdup(lt_parts[2]);
293 data_link_info->description = NULL;
295 linktype_list = g_list_append(linktype_list, data_link_info);
297 g_strfreev(raw_list);
299 /* Check to see if we built a list */
300 if (linktype_list == NULL) {
303 *err_str = g_strdup("Dumpcap returned no link-layer types");
307 caps->data_link_types = linktype_list;
311 #ifdef HAVE_PCAP_REMOTE
312 void add_interface_to_remote_list(if_info_t *if_info)
315 if_addr_t *if_addr, *temp_addr;
317 if_info_t *temp = g_malloc0(sizeof(if_info_t));
318 temp->name = g_strdup(if_info->name);
319 temp->friendly_name = g_strdup(if_info->friendly_name);
320 temp->vendor_description = g_strdup(if_info->vendor_description);
321 for (list = g_slist_nth(if_info->addrs, 0); list != NULL; list = g_slist_next(list)) {
322 temp_addr = g_malloc0(sizeof(if_addr_t));
323 if_addr = (if_addr_t *)list->data;
325 temp_addr->ifat_type = if_addr->ifat_type;
326 if (temp_addr->ifat_type == IF_AT_IPv4) {
327 temp_addr->addr.ip4_addr = if_addr->addr.ip4_addr;
329 memcpy(temp_addr->addr.ip6_addr, if_addr->addr.ip6_addr, sizeof(if_addr->addr));
336 temp->addrs = g_slist_append(temp->addrs, temp_addr);
339 temp->loopback = if_info->loopback;
340 remote_interface_list = g_list_append(remote_interface_list, temp);
345 get_interface_type(gchar *name, gchar *description)
347 #if defined(__linux__)
353 * Much digging failed to reveal any obvious way to get something such
354 * as the SNMP MIB-II ifType value for an interface:
356 * http://www.iana.org/assignments/ianaiftype-mib
358 * by making some NDIS request.
360 if (description && (strstr(description,"generic dialup") != NULL ||
361 strstr(description,"PPP/SLIP") != NULL )) {
363 } else if (description && (strstr(description,"Wireless") != NULL ||
364 strstr(description,"802.11") != NULL)) {
366 } else if (description && strstr(description,"AirPcap") != NULL ||
367 strstr(name,"airpcap")) {
369 } else if (description && strstr(description, "Bluetooth") != NULL ) {
372 #elif defined(__linux__)
374 * Look for /sys/class/net/{device}/wireless.
376 wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
377 if (wireless_path != NULL) {
378 if (ws_stat64(wireless_path, &statb) == 0) {
379 g_free(wireless_path);
382 g_free(wireless_path);
387 * XXX - this is for raw Bluetooth capture; what about IP-over-Bluetooth
390 if ( strstr(name,"bluetooth") != NULL) {
397 if ( strstr(name,"usbmon") != NULL ) {
402 * Bridge, NAT, or host-only interfaces on VMWare hosts have the name
403 * vmnet[0-9]+ or VMnet[0-9+ on Windows. Guests might use a native
404 * (LANCE or E1000) driver or the vmxnet driver. These devices have an
405 * IFT_ of IFT_ETHER, so we have to check the name.
407 if ( g_ascii_strncasecmp(name, "vmnet", 5) == 0) {
411 if ( g_ascii_strncasecmp(name, "vmxnet", 6) == 0) {
415 if (description && strstr(description, "VMware") != NULL ) {
421 #endif /* HAVE_LIBPCAP */