2 * WinPcap-specific interfaces for capturing. We load WinPcap at run
3 * time, so that we only need one Wireshark binary and one TShark binary
4 * for Windows, regardless of whether WinPcap is installed or not.
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 2001 Gerald Combs
10 * SPDX-License-Identifier: GPL-2.0-or-later
22 #include "caputils/capture-wpcap.h"
24 gboolean has_wpcap = FALSE;
30 #include <epan/strutil.h>
32 #include "caputils/capture_ifinfo.h"
33 #include "caputils/capture-pcap-util.h"
34 #include "caputils/capture-pcap-util-int.h"
36 #include <wsutil/file_util.h>
38 /* XXX - yes, I know, I should move cppmagic.h to a generic location. */
39 #include "tools/lemon/cppmagic.h"
41 #define MAX_WIN_IF_NAME_LEN 511
44 * XXX - should we require at least WinPcap 3.1 both for building an
45 * for using Wireshark?
48 static char* (*p_pcap_lookupdev) (char *);
49 static void (*p_pcap_close) (pcap_t *);
50 static int (*p_pcap_stats) (pcap_t *, struct pcap_stat *);
51 static int (*p_pcap_dispatch) (pcap_t *, int, pcap_handler, guchar *);
52 static int (*p_pcap_snapshot) (pcap_t *);
53 static int (*p_pcap_datalink) (pcap_t *);
54 static int (*p_pcap_setfilter) (pcap_t *, struct bpf_program *);
55 static char* (*p_pcap_geterr) (pcap_t *);
56 static int (*p_pcap_compile) (pcap_t *, struct bpf_program *, const char *, int,
58 static int (*p_pcap_compile_nopcap) (int, int, struct bpf_program *, const char *, int,
60 static int (*p_pcap_lookupnet) (const char *, bpf_u_int32 *, bpf_u_int32 *,
62 static pcap_t* (*p_pcap_open_live) (const char *, int, int, int, char *);
63 static int (*p_pcap_loop) (pcap_t *, int, pcap_handler, guchar *);
64 #ifdef HAVE_PCAP_OPEN_DEAD
65 static pcap_t* (*p_pcap_open_dead) (int, int);
67 static void (*p_pcap_freecode) (struct bpf_program *);
68 #ifdef HAVE_PCAP_FINDALLDEVS
69 static int (*p_pcap_findalldevs) (pcap_if_t **, char *);
70 static void (*p_pcap_freealldevs) (pcap_if_t *);
72 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
73 static int (*p_pcap_datalink_name_to_val) (const char *);
75 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
76 static const char *(*p_pcap_datalink_val_to_name) (int);
78 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
79 static const char *(*p_pcap_datalink_val_to_description) (int);
81 #ifdef HAVE_PCAP_BREAKLOOP
82 static void (*p_pcap_breakloop) (pcap_t *);
84 static const char *(*p_pcap_lib_version) (void);
85 static int (*p_pcap_setbuff) (pcap_t *, int dim);
86 static int (*p_pcap_next_ex) (pcap_t *, struct pcap_pkthdr **pkt_header, const u_char **pkt_data);
87 #ifdef HAVE_PCAP_REMOTE
88 static pcap_t* (*p_pcap_open) (const char *, int, int, int,
89 struct pcap_rmtauth *, char *);
90 static int (*p_pcap_findalldevs_ex) (char *, struct pcap_rmtauth *,
91 pcap_if_t **, char *);
92 static int (*p_pcap_createsrcstr) (char *, int, const char *, const char *,
93 const char *, char *);
95 #ifdef HAVE_PCAP_SETSAMPLING
96 static struct pcap_samp* (*p_pcap_setsampling)(pcap_t *);
99 #ifdef HAVE_PCAP_LIST_DATALINKS
100 static int (*p_pcap_list_datalinks)(pcap_t *, int **);
103 #ifdef HAVE_PCAP_SET_DATALINK
104 static int (*p_pcap_set_datalink)(pcap_t *, int);
107 #ifdef HAVE_PCAP_FREE_DATALINKS
108 static int (*p_pcap_free_datalinks)(int *);
111 #ifdef HAVE_BPF_IMAGE
112 static char *(*p_bpf_image)(const struct bpf_insn *, int);
115 #ifdef HAVE_PCAP_CREATE
116 static pcap_t *(*p_pcap_create)(const char *, char *);
117 static int (*p_pcap_set_snaplen)(pcap_t *, int);
118 static int (*p_pcap_set_promisc)(pcap_t *, int);
119 static int (*p_pcap_can_set_rfmon)(pcap_t *);
120 static int (*p_pcap_set_rfmon)(pcap_t *, int);
121 static int (*p_pcap_set_timeout)(pcap_t *, int);
122 static int (*p_pcap_set_buffer_size)(pcap_t *, int);
123 static int (*p_pcap_activate)(pcap_t *);
124 static const char *(*p_pcap_statustostr)(int);
133 #define SYM(x, y) { G_STRINGIFY(x) , (gpointer) &CONCAT(p_,x), y }
139 /* These are the symbols I need or want from Wpcap */
140 static const symbol_table_t symbols[] = {
141 SYM(pcap_lookupdev, FALSE),
142 SYM(pcap_close, FALSE),
143 SYM(pcap_stats, FALSE),
144 SYM(pcap_dispatch, FALSE),
145 SYM(pcap_snapshot, FALSE),
146 SYM(pcap_datalink, FALSE),
147 SYM(pcap_setfilter, FALSE),
148 SYM(pcap_geterr, FALSE),
149 SYM(pcap_compile, FALSE),
150 SYM(pcap_compile_nopcap, FALSE),
151 SYM(pcap_lookupnet, FALSE),
152 #ifdef HAVE_PCAP_REMOTE
153 SYM(pcap_open, FALSE),
154 SYM(pcap_findalldevs_ex, FALSE),
155 SYM(pcap_createsrcstr, FALSE),
157 SYM(pcap_open_live, FALSE),
158 #ifdef HAVE_PCAP_OPEN_DEAD
159 SYM(pcap_open_dead, FALSE),
161 #ifdef HAVE_PCAP_SETSAMPLING
162 SYM(pcap_setsampling, TRUE),
164 SYM(pcap_loop, FALSE),
165 SYM(pcap_freecode, TRUE),
166 #ifdef HAVE_PCAP_FINDALLDEVS
167 SYM(pcap_findalldevs, TRUE),
168 SYM(pcap_freealldevs, TRUE),
170 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
171 SYM(pcap_datalink_name_to_val, TRUE),
173 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
174 SYM(pcap_datalink_val_to_name, TRUE),
176 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
177 SYM(pcap_datalink_val_to_description, TRUE),
179 #ifdef HAVE_PCAP_BREAKLOOP
181 * We don't try to work around the lack of this at
182 * run time; it's present in WinPcap 3.1, which is
183 * the version we build with and ship with.
185 SYM(pcap_breakloop, FALSE),
187 SYM(pcap_lib_version, TRUE),
188 SYM(pcap_setbuff, TRUE),
189 SYM(pcap_next_ex, TRUE),
190 #ifdef HAVE_PCAP_LIST_DATALINKS
191 SYM(pcap_list_datalinks, FALSE),
193 #ifdef HAVE_PCAP_SET_DATALINK
194 SYM(pcap_set_datalink, FALSE),
196 #ifdef HAVE_PCAP_FREE_DATALINKS
197 SYM(pcap_free_datalinks, TRUE),
199 #ifdef HAVE_BPF_IMAGE
200 SYM(bpf_image, FALSE),
202 #ifdef HAVE_PCAP_CREATE
203 SYM(pcap_create, TRUE),
204 SYM(pcap_set_snaplen, TRUE),
205 SYM(pcap_set_promisc, TRUE),
206 SYM(pcap_can_set_rfmon, TRUE),
207 SYM(pcap_set_rfmon, TRUE),
208 SYM(pcap_set_timeout, FALSE),
209 SYM(pcap_set_buffer_size, FALSE),
210 SYM(pcap_activate, TRUE),
211 SYM(pcap_statustostr, TRUE),
213 { NULL, NULL, FALSE }
216 GModule *wh; /* wpcap handle */
217 const symbol_table_t *sym;
219 wh = ws_module_open("wpcap.dll", 0);
227 if (!g_module_symbol(wh, sym->name, sym->ptr)) {
230 * We don't care if it's missing; we just
236 * We require this symbol.
249 * The official list of WinPcap mirrors is at
250 * https://www.winpcap.org/misc/mirrors.htm
253 cant_load_winpcap_err(const char *app_name)
255 return g_strdup_printf(
256 "Unable to load WinPcap (wpcap.dll); %s will not be able to capture\n"
259 "In order to capture packets, WinPcap must be installed; see\n"
261 " https://www.winpcap.org/\n"
263 "for a downloadable version of WinPcap and for instructions on how to install\n"
269 pcap_lookupdev (char *a)
274 return p_pcap_lookupdev(a);
278 pcap_close(pcap_t *a)
285 pcap_stats(pcap_t *a, struct pcap_stat *b)
288 return p_pcap_stats(a, b);
292 pcap_dispatch(pcap_t *a, int b, pcap_handler c, guchar *d)
295 return p_pcap_dispatch(a, b, c, d);
299 pcap_snapshot(pcap_t *a)
302 return p_pcap_snapshot(a);
306 pcap_datalink(pcap_t *a)
309 return p_pcap_datalink(a);
312 #ifdef HAVE_PCAP_SET_DATALINK
314 pcap_set_datalink(pcap_t *p, int dlt)
317 return p_pcap_set_datalink(p, dlt);
322 pcap_setfilter(pcap_t *a, struct bpf_program *b)
325 return p_pcap_setfilter(a, b);
329 pcap_geterr(pcap_t *a)
332 return p_pcap_geterr(a);
336 pcap_compile(pcap_t *a, struct bpf_program *b, const char *c, int d,
340 return p_pcap_compile(a, b, c, d, e);
344 pcap_compile_nopcap(int a, int b, struct bpf_program *c, const char *d, int e,
348 return p_pcap_compile_nopcap(a, b, c, d, e, f);
352 pcap_lookupnet(const char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
355 return p_pcap_lookupnet(a, b, c, d);
359 pcap_open_live(const char *a, int b, int c, int d, char *e)
362 g_snprintf(e, PCAP_ERRBUF_SIZE,
363 "unable to load WinPcap (wpcap.dll); can't open %s to capture",
367 return p_pcap_open_live(a, b, c, d, e);
370 #ifdef HAVE_PCAP_OPEN_DEAD
372 pcap_open_dead(int a, int b)
377 return p_pcap_open_dead(a, b);
381 #ifdef HAVE_BPF_IMAGE
383 bpf_image(const struct bpf_insn *a, int b)
388 return p_bpf_image(a, b);
392 #ifdef HAVE_PCAP_REMOTE
394 pcap_open(const char *a, int b, int c, int d, struct pcap_rmtauth *e, char *f)
397 g_snprintf(f, PCAP_ERRBUF_SIZE,
398 "unable to load WinPcap (wpcap.dll); can't open %s to capture",
402 return p_pcap_open(a, b, c, d, e, f);
406 pcap_findalldevs_ex(char *a, struct pcap_rmtauth *b, pcap_if_t **c, char *d)
409 return p_pcap_findalldevs_ex(a, b, c, d);
413 pcap_createsrcstr(char *a, int b, const char *c, const char *d, const char *e,
417 return p_pcap_createsrcstr(a, b, c, d, e, f);
421 #ifdef HAVE_PCAP_SETSAMPLING
423 pcap_setsampling(pcap_t *a)
426 if (p_pcap_setsampling != NULL) {
427 return p_pcap_setsampling(a);
434 pcap_loop(pcap_t *a, int b, pcap_handler c, guchar *d)
437 return p_pcap_loop(a, b, c, d);
441 pcap_freecode(struct bpf_program *a)
444 if(p_pcap_freecode) {
449 #ifdef HAVE_PCAP_FINDALLDEVS
451 pcap_findalldevs(pcap_if_t **a, char *b)
453 g_assert(has_wpcap && p_pcap_findalldevs != NULL);
454 return p_pcap_findalldevs(a, b);
458 pcap_freealldevs(pcap_if_t *a)
460 g_assert(has_wpcap && p_pcap_freealldevs != NULL);
461 p_pcap_freealldevs(a);
465 #ifdef HAVE_PCAP_CREATE
467 pcap_create(const char *a, char *b)
469 g_assert(has_wpcap && p_pcap_create != NULL);
470 return p_pcap_create(a, b);
474 pcap_set_snaplen(pcap_t *a, int b)
476 g_assert(has_wpcap && p_pcap_set_snaplen != NULL);
477 return p_pcap_set_snaplen(a, b);
481 pcap_set_promisc(pcap_t *a, int b)
483 g_assert(has_wpcap && p_pcap_set_promisc != NULL);
484 return p_pcap_set_promisc(a, b);
488 pcap_can_set_rfmon(pcap_t *a)
491 if (p_pcap_can_set_rfmon != NULL) {
492 return p_pcap_can_set_rfmon(a);
498 pcap_set_rfmon(pcap_t *a, int b)
500 g_assert(has_wpcap && p_pcap_set_rfmon != NULL);
501 return p_pcap_set_rfmon(a, b);
505 pcap_set_timeout(pcap_t *a, int b)
507 g_assert(has_wpcap && pcap_set_timeout != NULL);
508 return p_pcap_set_timeout(a, b);
511 pcap_set_buffer_size(pcap_t *a, int b)
513 g_assert(has_wpcap && pcap_set_timeout != NULL);
514 return p_pcap_set_buffer_size(a, b);
518 pcap_activate(pcap_t *a)
520 g_assert(has_wpcap && pcap_activate != NULL);
521 return p_pcap_activate(a);
526 pcap_statustostr(int a)
528 static char ebuf[15 + 10 + 1];
531 if (pcap_statustostr != NULL) {
532 return pcap_statustostr(a);
535 /* XXX copy routine from pcap.c ??? */
536 (void)g_snprintf(ebuf, sizeof ebuf, "Don't have pcap_statustostr(), can't translate error: %d", a);
542 #if defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
544 * Table of DLT_ types, names, and descriptions, for use if the version
545 * of WinPcap we have installed lacks "pcap_datalink_name_to_val()"
546 * or "pcap_datalink_val_to_name()".
550 const char *description;
554 #define DLT_CHOICE(code, description) { #code, description, code }
555 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
557 static struct dlt_choice dlt_choices[] = {
558 DLT_CHOICE(DLT_NULL, "BSD loopback"),
559 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
560 DLT_CHOICE(DLT_IEEE802, "Token ring"),
561 DLT_CHOICE(DLT_ARCNET, "ARCNET"),
562 DLT_CHOICE(DLT_SLIP, "SLIP"),
563 DLT_CHOICE(DLT_PPP, "PPP"),
564 DLT_CHOICE(DLT_FDDI, "FDDI"),
565 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
566 DLT_CHOICE(DLT_RAW, "Raw IP"),
567 #ifdef DLT_SLIP_BSDOS
568 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
571 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
574 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
576 #ifdef DLT_PPP_SERIAL
577 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
580 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
583 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
585 #ifdef DLT_IEEE802_11
586 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
589 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
592 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
595 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
598 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
601 DLT_CHOICE(DLT_LTALK, "Localtalk"),
604 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
606 #ifdef DLT_PRISM_HEADER
607 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
609 #ifdef DLT_IP_OVER_FC
610 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
613 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
615 #ifdef DLT_IEEE802_11_RADIO
616 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radio information header"),
618 #ifdef DLT_ARCNET_LINUX
619 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
621 #ifdef DLT_LINUX_IRDA
622 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
624 #ifdef DLT_LINUX_LAPD
625 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
628 DLT_CHOICE(DLT_LANE8023, "Linux 802.3 LANE"),
631 DLT_CHOICE(DLT_CIP, "Linux Classical IP-over-ATM"),
634 DLT_CHOICE(DLT_HDLC, "Cisco HDLC"),
637 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
641 #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION */
643 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
645 pcap_datalink_name_to_val(const char *name)
649 if (has_wpcap && (p_pcap_datalink_name_to_val != NULL))
650 return p_pcap_datalink_name_to_val(name);
653 * We don't have it in WinPcap; do it ourselves.
655 for (i = 0; dlt_choices[i].name != NULL; i++) {
656 if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
658 return dlt_choices[i].dlt;
665 #ifdef HAVE_PCAP_LIST_DATALINKS
667 pcap_list_datalinks(pcap_t *p, int **ddlt)
670 return p_pcap_list_datalinks(p, ddlt);
674 #ifdef HAVE_PCAP_FREE_DATALINKS
676 pcap_free_datalinks(int *ddlt)
681 * If we don't have pcap_free_datalinks() in WinPcap,
682 * we don't free the memory - we can't use free(), as
683 * we might not have been built with the same version
684 * of the C runtime library as WinPcap was, and, if we're
685 * not, free() isn't guaranteed to work on something
686 * allocated by WinPcap.
688 if (p_pcap_free_datalinks != NULL)
689 p_pcap_free_datalinks(ddlt);
693 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
695 pcap_datalink_val_to_name(int dlt)
699 if (has_wpcap && (p_pcap_datalink_val_to_name != NULL))
700 return p_pcap_datalink_val_to_name(dlt);
703 * We don't have it in WinPcap; do it ourselves.
705 for (i = 0; dlt_choices[i].name != NULL; i++) {
706 if (dlt_choices[i].dlt == dlt)
707 return dlt_choices[i].name + sizeof("DLT_") - 1;
714 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
716 pcap_datalink_val_to_description(int dlt)
720 if (has_wpcap && (p_pcap_datalink_val_to_description != NULL))
721 return p_pcap_datalink_val_to_description(dlt);
724 * We don't have it in WinPcap; do it ourselves.
726 for (i = 0; dlt_choices[i].name != NULL; i++) {
727 if (dlt_choices[i].dlt == dlt)
728 return (dlt_choices[i].description);
735 #ifdef HAVE_PCAP_BREAKLOOP
736 void pcap_breakloop(pcap_t *a)
742 /* setbuff is win32 specific! */
743 int pcap_setbuff(pcap_t *a, int b)
746 return p_pcap_setbuff(a, b);
749 /* pcap_next_ex is available since libpcap 0.8 / WinPcap 3.0! */
750 /* (if you get a declaration warning here, try to update to at least WinPcap 3.1b4 develpack) */
751 int pcap_next_ex (pcap_t *a, struct pcap_pkthdr **b, const u_char **c)
754 return p_pcap_next_ex(a, b, c);
757 #ifdef HAVE_PCAP_REMOTE
759 get_remote_interface_list(const char *hostname, const char *port,
760 int auth_type, const char *username,
761 const char *passwd, int *err, char **err_str)
763 struct pcap_rmtauth auth;
764 char source[PCAP_BUF_SIZE];
765 char errbuf[PCAP_ERRBUF_SIZE];
768 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
769 NULL, errbuf) == -1) {
770 *err = CANT_GET_INTERFACE_LIST;
772 *err_str = cant_get_if_list_error_message(errbuf);
776 auth.type = auth_type;
777 auth.username = g_strdup(username);
778 auth.password = g_strdup(passwd);
780 result = get_interface_list_findalldevs_ex(source, &auth, err, err_str);
781 g_free(auth.username);
782 g_free(auth.password);
789 * This will use "pcap_findalldevs()" if we have it, otherwise it'll
790 * fall back on "pcap_lookupdev()".
793 get_interface_list(int *err, char **err_str)
798 char ascii_name[MAX_WIN_IF_NAME_LEN + 1];
799 char ascii_desc[MAX_WIN_IF_NAME_LEN + 1];
801 char errbuf[PCAP_ERRBUF_SIZE];
805 * We don't have WinPcap, so we can't get a list of
808 *err = DONT_HAVE_PCAP;
810 *err_str = cant_load_winpcap_err("you");
814 #ifdef HAVE_PCAP_FINDALLDEVS
815 if (p_pcap_findalldevs != NULL)
816 return get_interface_list_findalldevs(err, err_str);
820 * In WinPcap, pcap_lookupdev is implemented by calling
821 * PacketGetAdapterNames. According to the documentation
824 * https://www.winpcap.org/docs/man/html/Packet32_8c.html#a43
828 * On Windows OT (95, 98, Me), pcap_lookupdev returns a sequence
829 * of bytes consisting of:
831 * a sequence of null-terminated ASCII strings (i.e., each
832 * one is terminated by a single 0 byte), giving the names
835 * an empty ASCII string (i.e., a single 0 byte);
837 * a sequence of null-terminated ASCII strings, giving the
838 * descriptions of the interfaces;
840 * an empty ASCII string.
842 * On Windows NT (NT 4.0, W2K, WXP, W2K3, etc.), pcap_lookupdev
843 * returns a sequence of bytes consisting of:
845 * a sequence of null-terminated double-byte Unicode strings
846 * (i.e., each one consits of a sequence of double-byte
847 * characters, terminated by a double-byte 0), giving the
848 * names of the interfaces;
850 * an empty Unicode string (i.e., a double 0 byte);
852 * a sequence of null-terminated ASCII strings, giving the
853 * descriptions of the interfaces;
855 * an empty ASCII string.
857 * The Nth string in the first sequence is the name of the Nth
858 * adapter; the Nth string in the second sequence is the
859 * description of the Nth adapter.
862 names = (wchar_t *)pcap_lookupdev(errbuf);
871 * If names[0] is less than 256 it means the first
872 * byte is 0. This implies that we are using Unicode
875 while (*(names+desc_pos) || *(names+desc_pos-1))
877 desc_pos++; /* Step over the extra '\0' */
878 desc = (char*)(names + desc_pos); /* cast *after* addition */
880 while (names[i] != 0) {
882 * Copy the Unicode description to an ASCII
887 if (j < MAX_WIN_IF_NAME_LEN)
888 ascii_desc[j++] = *desc;
891 ascii_desc[j] = '\0';
895 * Copy the Unicode name to an ASCII string.
898 while (names[i] != 0) {
899 if (j < MAX_WIN_IF_NAME_LEN)
900 ascii_name[j++] = (char) names[i++];
902 ascii_name[j] = '\0';
904 il = g_list_append(il,
905 if_info_new(ascii_name, ascii_desc, FALSE));
909 * Otherwise we are in Windows 95/98 and using ASCII
910 * (8-bit) characters.
912 win95names=(char *)names;
913 while (*(win95names+desc_pos) || *(win95names+desc_pos-1))
915 desc_pos++; /* Step over the extra '\0' */
916 desc = win95names + desc_pos;
918 while (win95names[i] != '\0') {
920 * "&win95names[i]" points to the current
921 * interface name, and "desc" points to
922 * that interface's description.
924 il = g_list_append(il,
925 if_info_new(&win95names[i], desc, FALSE));
928 * Skip to the next description.
935 * Skip to the next name.
937 while (win95names[i] != 0)
946 * No interfaces found.
957 * Get an error message string for a CANT_GET_INTERFACE_LIST error from
958 * "get_interface_list()".
961 cant_get_if_list_error_message(const char *err_str)
964 * If the error message includes "Not enough storage is available
965 * to process this command" or "The operation completed successfully",
966 * suggest that they install a WinPcap version later than 3.0.
968 if (strstr(err_str, "Not enough storage is available to process this command") != NULL ||
969 strstr(err_str, "The operation completed successfully") != NULL) {
970 return g_strdup_printf("Can't get list of interfaces: %s\n"
971 "This might be a problem with WinPcap 3.0; you should try updating to\n"
972 "a later version of WinPcap - see the WinPcap site at www.winpcap.org",
975 return g_strdup_printf("Can't get list of interfaces: %s", err_str);
979 get_if_capabilities_local(interface_options *interface_opts,
980 cap_device_open_err *err, char **err_str)
983 * We're not getting capaibilities for a remote device; use
984 * pcap_create() and pcap_activate() if we have them, so that
985 * we can set various options, otherwise use pcap_open_live().
987 #ifdef HAVE_PCAP_CREATE
988 if (p_pcap_create != NULL)
989 return get_if_capabilities_pcap_create(interface_opts, err, err_str);
991 return get_if_capabilities_pcap_open_live(interface_opts, err, err_str);
995 open_capture_device_local(capture_options *capture_opts,
996 interface_options *interface_opts, int timeout,
997 cap_device_open_err *open_err,
998 char (*open_err_str)[PCAP_ERRBUF_SIZE])
1001 * We're not opening a remote device; use pcap_create() and
1002 * pcap_activate() if we have them, so that we can set various
1003 * options, otherwise use pcap_open_live().
1005 #ifdef HAVE_PCAP_CREATE
1006 if (p_pcap_create != NULL)
1007 return open_capture_device_pcap_create(capture_opts,
1008 interface_opts, timeout, open_err, open_err_str);
1010 return open_capture_device_pcap_open_live(interface_opts, timeout,
1011 open_err, open_err_str);
1015 * Append the version of WinPcap with which we were compiled to a GString.
1018 get_compiled_caplibs_version(GString *str)
1020 g_string_append(str, "with WinPcap (" G_STRINGIFY(WINPCAP_VERSION) ")");
1024 * Append the version of WinPcap with which we we're running to a GString.
1027 get_runtime_caplibs_version(GString *str)
1030 * On Windows, we might have been compiled with WinPcap but
1031 * might not have it loaded; indicate whether we have it or
1032 * not and, if we have it and we have "pcap_lib_version()",
1033 * what version we have.
1035 GModule *handle; /* handle returned by ws_module_open */
1036 static gchar *packetVer;
1040 g_string_append_printf(str, "with ");
1041 if (p_pcap_lib_version != NULL)
1042 g_string_append_printf(str, p_pcap_lib_version());
1045 * An alternative method of obtaining the version
1046 * number, by using the PacketLibraryVersion
1047 * string from packet.dll.
1049 * Unfortunately, in WinPcap 3.0, it returns
1050 * "3.0 alpha3", even in the final version of
1051 * WinPcap 3.0, so if there's a blank in the
1052 * string, we strip it and everything after
1053 * it from the string, so we don't misleadingly
1054 * report that 3.0 alpha3 is being used when
1055 * the final version is being used.
1057 if (packetVer == NULL) {
1058 packetVer = "version unknown";
1059 handle = ws_module_open("packet.dll", 0);
1060 if (handle != NULL) {
1061 if (g_module_symbol(handle,
1062 "PacketLibraryVersion",
1063 (gpointer*)&packetVer)) {
1064 packetVer = g_strdup(packetVer);
1065 blankp = strchr(packetVer, ' ');
1069 packetVer = "version unknown";
1071 g_module_close(handle);
1074 g_string_append_printf(str, "WinPcap (%s)", packetVer);
1077 g_string_append(str, "without Npcap or WinPcap");
1081 * If npf.sys is running, return TRUE.
1084 npf_sys_is_running(void)
1086 SC_HANDLE h_scm, h_serv;
1089 h_scm = OpenSCManager(NULL, NULL, 0);
1093 h_serv = OpenService(h_scm, _T("npcap"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
1095 h_serv = OpenService(h_scm, _T("npf"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
1097 CloseServiceHandle(h_scm);
1102 if (QueryServiceStatus(h_serv, &ss)) {
1103 if (ss.dwCurrentState & SERVICE_RUNNING) {
1104 CloseServiceHandle(h_serv);
1105 CloseServiceHandle(h_scm);
1109 CloseServiceHandle(h_serv);
1110 CloseServiceHandle(h_scm);
1114 #else /* HAVE_LIBPCAP */
1123 * Append an indication that we were not compiled with WinPcap
1127 get_compiled_caplibs_version(GString *str)
1129 g_string_append(str, "without WinPcap");
1133 * Don't append anything, as we weren't even compiled to use WinPcap.
1136 get_runtime_caplibs_version(GString *str _U_)
1140 #endif /* HAVE_LIBPCAP */
1143 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1148 * indent-tabs-mode: t
1151 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1152 * :indentSize=8:tabSize=8:noTabs=false: