2 * WinPcap-specific interfaces for capturing. We load WinPcap at run
3 * time, so that we only need one Wireshark binary and one TShark binary
4 * for Windows, regardless of whether WinPcap is installed or not.
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 2001 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include <epan/strutil.h>
37 #include "caputils/capture_ifinfo.h"
38 #include "caputils/capture-pcap-util.h"
39 #include "caputils/capture-pcap-util-int.h"
40 #include "caputils/capture-wpcap.h"
42 #include <wsutil/file_util.h>
44 /* XXX - yes, I know, I should move cppmagic.h to a generic location. */
45 #include "tools/lemon/cppmagic.h"
47 #define MAX_WIN_IF_NAME_LEN 511
50 gboolean has_wpcap = FALSE;
55 * XXX - should we require at least WinPcap 3.1 both for building an
56 * for using Wireshark?
59 static char* (*p_pcap_lookupdev) (char *);
60 static void (*p_pcap_close) (pcap_t *);
61 static int (*p_pcap_stats) (pcap_t *, struct pcap_stat *);
62 static int (*p_pcap_dispatch) (pcap_t *, int, pcap_handler, guchar *);
63 static int (*p_pcap_snapshot) (pcap_t *);
64 static int (*p_pcap_datalink) (pcap_t *);
65 static int (*p_pcap_setfilter) (pcap_t *, struct bpf_program *);
66 static char* (*p_pcap_geterr) (pcap_t *);
67 static int (*p_pcap_compile) (pcap_t *, struct bpf_program *, const char *, int,
69 static int (*p_pcap_compile_nopcap) (int, int, struct bpf_program *, const char *, int,
71 static int (*p_pcap_lookupnet) (const char *, bpf_u_int32 *, bpf_u_int32 *,
73 static pcap_t* (*p_pcap_open_live) (const char *, int, int, int, char *);
74 static int (*p_pcap_loop) (pcap_t *, int, pcap_handler, guchar *);
75 #ifdef HAVE_PCAP_OPEN_DEAD
76 static pcap_t* (*p_pcap_open_dead) (int, int);
78 static void (*p_pcap_freecode) (struct bpf_program *);
79 #ifdef HAVE_PCAP_FINDALLDEVS
80 static int (*p_pcap_findalldevs) (pcap_if_t **, char *);
81 static void (*p_pcap_freealldevs) (pcap_if_t *);
83 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
84 static int (*p_pcap_datalink_name_to_val) (const char *);
86 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
87 static const char *(*p_pcap_datalink_val_to_name) (int);
89 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
90 static const char *(*p_pcap_datalink_val_to_description) (int);
92 #ifdef HAVE_PCAP_BREAKLOOP
93 static void (*p_pcap_breakloop) (pcap_t *);
95 static const char *(*p_pcap_lib_version) (void);
96 static int (*p_pcap_setbuff) (pcap_t *, int dim);
97 static int (*p_pcap_next_ex) (pcap_t *, struct pcap_pkthdr **pkt_header, const u_char **pkt_data);
98 #ifdef HAVE_PCAP_REMOTE
99 static pcap_t* (*p_pcap_open) (const char *, int, int, int,
100 struct pcap_rmtauth *, char *);
101 static int (*p_pcap_findalldevs_ex) (char *, struct pcap_rmtauth *,
102 pcap_if_t **, char *);
103 static int (*p_pcap_createsrcstr) (char *, int, const char *, const char *,
104 const char *, char *);
106 #ifdef HAVE_PCAP_SETSAMPLING
107 static struct pcap_samp* (*p_pcap_setsampling)(pcap_t *);
110 #ifdef HAVE_PCAP_LIST_DATALINKS
111 static int (*p_pcap_list_datalinks)(pcap_t *, int **);
114 #ifdef HAVE_PCAP_SET_DATALINK
115 static int (*p_pcap_set_datalink)(pcap_t *, int);
118 #ifdef HAVE_PCAP_FREE_DATALINKS
119 static int (*p_pcap_free_datalinks)(int *);
122 #ifdef HAVE_BPF_IMAGE
123 static char *(*p_bpf_image)(const struct bpf_insn *, int);
126 #ifdef HAVE_PCAP_CREATE
127 static pcap_t *(*p_pcap_create)(const char *, char *);
128 static int (*p_pcap_set_snaplen)(pcap_t *, int);
129 static int (*p_pcap_set_promisc)(pcap_t *, int);
130 static int (*p_pcap_can_set_rfmon)(pcap_t *);
131 static int (*p_pcap_set_rfmon)(pcap_t *, int);
132 static int (*p_pcap_set_timeout)(pcap_t *, int);
133 static int (*p_pcap_set_buffer_size)(pcap_t *, int);
134 static int (*p_pcap_activate)(pcap_t *);
135 static const char *(*p_pcap_statustostr)(int);
144 #define SYM(x, y) { G_STRINGIFY(x) , (gpointer) &CONCAT(p_,x), y }
150 /* These are the symbols I need or want from Wpcap */
151 static const symbol_table_t symbols[] = {
152 SYM(pcap_lookupdev, FALSE),
153 SYM(pcap_close, FALSE),
154 SYM(pcap_stats, FALSE),
155 SYM(pcap_dispatch, FALSE),
156 SYM(pcap_snapshot, FALSE),
157 SYM(pcap_datalink, FALSE),
158 SYM(pcap_setfilter, FALSE),
159 SYM(pcap_geterr, FALSE),
160 SYM(pcap_compile, FALSE),
161 SYM(pcap_compile_nopcap, FALSE),
162 SYM(pcap_lookupnet, FALSE),
163 #ifdef HAVE_PCAP_REMOTE
164 SYM(pcap_open, FALSE),
165 SYM(pcap_findalldevs_ex, FALSE),
166 SYM(pcap_createsrcstr, FALSE),
168 SYM(pcap_open_live, FALSE),
169 #ifdef HAVE_PCAP_OPEN_DEAD
170 SYM(pcap_open_dead, FALSE),
172 #ifdef HAVE_PCAP_SETSAMPLING
173 SYM(pcap_setsampling, TRUE),
175 SYM(pcap_loop, FALSE),
176 SYM(pcap_freecode, TRUE),
177 #ifdef HAVE_PCAP_FINDALLDEVS
178 SYM(pcap_findalldevs, TRUE),
179 SYM(pcap_freealldevs, TRUE),
181 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
182 SYM(pcap_datalink_name_to_val, TRUE),
184 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
185 SYM(pcap_datalink_val_to_name, TRUE),
187 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
188 SYM(pcap_datalink_val_to_description, TRUE),
190 #ifdef HAVE_PCAP_BREAKLOOP
192 * We don't try to work around the lack of this at
193 * run time; it's present in WinPcap 3.1, which is
194 * the version we build with and ship with.
196 SYM(pcap_breakloop, FALSE),
198 SYM(pcap_lib_version, TRUE),
199 SYM(pcap_setbuff, TRUE),
200 SYM(pcap_next_ex, TRUE),
201 #ifdef HAVE_PCAP_LIST_DATALINKS
202 SYM(pcap_list_datalinks, FALSE),
204 #ifdef HAVE_PCAP_SET_DATALINK
205 SYM(pcap_set_datalink, FALSE),
207 #ifdef HAVE_PCAP_FREE_DATALINKS
208 SYM(pcap_free_datalinks, TRUE),
210 #ifdef HAVE_BPF_IMAGE
211 SYM(bpf_image, FALSE),
213 #ifdef HAVE_PCAP_CREATE
214 SYM(pcap_create, TRUE),
215 SYM(pcap_set_snaplen, TRUE),
216 SYM(pcap_set_promisc, TRUE),
217 SYM(pcap_can_set_rfmon, TRUE),
218 SYM(pcap_set_rfmon, TRUE),
219 SYM(pcap_set_timeout, FALSE),
220 SYM(pcap_set_buffer_size, FALSE),
221 SYM(pcap_activate, TRUE),
222 SYM(pcap_statustostr, TRUE),
224 { NULL, NULL, FALSE }
227 GModule *wh; /* wpcap handle */
228 const symbol_table_t *sym;
230 wh = ws_module_open("wpcap.dll", 0);
238 if (!g_module_symbol(wh, sym->name, sym->ptr)) {
241 * We don't care if it's missing; we just
247 * We require this symbol.
260 * The official list of WinPcap mirrors is at
261 * https://www.winpcap.org/misc/mirrors.htm
264 cant_load_winpcap_err(const char *app_name)
266 return g_strdup_printf(
267 "Unable to load WinPcap (wpcap.dll); %s will not be able to capture\n"
270 "In order to capture packets, WinPcap must be installed; see\n"
272 " https://www.winpcap.org/\n"
274 "for a downloadable version of WinPcap and for instructions on how to install\n"
280 pcap_lookupdev (char *a)
285 return p_pcap_lookupdev(a);
289 pcap_close(pcap_t *a)
296 pcap_stats(pcap_t *a, struct pcap_stat *b)
299 return p_pcap_stats(a, b);
303 pcap_dispatch(pcap_t *a, int b, pcap_handler c, guchar *d)
306 return p_pcap_dispatch(a, b, c, d);
310 pcap_snapshot(pcap_t *a)
313 return p_pcap_snapshot(a);
317 pcap_datalink(pcap_t *a)
320 return p_pcap_datalink(a);
323 #ifdef HAVE_PCAP_SET_DATALINK
325 pcap_set_datalink(pcap_t *p, int dlt)
328 return p_pcap_set_datalink(p, dlt);
333 pcap_setfilter(pcap_t *a, struct bpf_program *b)
336 return p_pcap_setfilter(a, b);
340 pcap_geterr(pcap_t *a)
343 return p_pcap_geterr(a);
347 pcap_compile(pcap_t *a, struct bpf_program *b, const char *c, int d,
351 return p_pcap_compile(a, b, c, d, e);
355 pcap_compile_nopcap(int a, int b, struct bpf_program *c, const char *d, int e,
359 return p_pcap_compile_nopcap(a, b, c, d, e, f);
363 pcap_lookupnet(const char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
366 return p_pcap_lookupnet(a, b, c, d);
370 pcap_open_live(const char *a, int b, int c, int d, char *e)
373 g_snprintf(e, PCAP_ERRBUF_SIZE,
374 "unable to load WinPcap (wpcap.dll); can't open %s to capture",
378 return p_pcap_open_live(a, b, c, d, e);
381 #ifdef HAVE_PCAP_OPEN_DEAD
383 pcap_open_dead(int a, int b)
388 return p_pcap_open_dead(a, b);
392 #ifdef HAVE_BPF_IMAGE
394 bpf_image(const struct bpf_insn *a, int b)
399 return p_bpf_image(a, b);
403 #ifdef HAVE_PCAP_REMOTE
405 pcap_open(const char *a, int b, int c, int d, struct pcap_rmtauth *e, char *f)
408 g_snprintf(f, PCAP_ERRBUF_SIZE,
409 "unable to load WinPcap (wpcap.dll); can't open %s to capture",
413 return p_pcap_open(a, b, c, d, e, f);
417 pcap_findalldevs_ex(char *a, struct pcap_rmtauth *b, pcap_if_t **c, char *d)
420 return p_pcap_findalldevs_ex(a, b, c, d);
424 pcap_createsrcstr(char *a, int b, const char *c, const char *d, const char *e,
428 return p_pcap_createsrcstr(a, b, c, d, e, f);
432 #ifdef HAVE_PCAP_SETSAMPLING
434 pcap_setsampling(pcap_t *a)
437 if (p_pcap_setsampling != NULL) {
438 return p_pcap_setsampling(a);
445 pcap_loop(pcap_t *a, int b, pcap_handler c, guchar *d)
448 return p_pcap_loop(a, b, c, d);
452 pcap_freecode(struct bpf_program *a)
455 if(p_pcap_freecode) {
460 #ifdef HAVE_PCAP_FINDALLDEVS
462 pcap_findalldevs(pcap_if_t **a, char *b)
464 g_assert(has_wpcap && p_pcap_findalldevs != NULL);
465 return p_pcap_findalldevs(a, b);
469 pcap_freealldevs(pcap_if_t *a)
471 g_assert(has_wpcap && p_pcap_freealldevs != NULL);
472 p_pcap_freealldevs(a);
476 #ifdef HAVE_PCAP_CREATE
478 pcap_create(const char *a, char *b)
480 g_assert(has_wpcap && p_pcap_create != NULL);
481 return p_pcap_create(a, b);
485 pcap_set_snaplen(pcap_t *a, int b)
487 g_assert(has_wpcap && p_pcap_set_snaplen != NULL);
488 return p_pcap_set_snaplen(a, b);
492 pcap_set_promisc(pcap_t *a, int b)
494 g_assert(has_wpcap && p_pcap_set_promisc != NULL);
495 return p_pcap_set_promisc(a, b);
499 pcap_can_set_rfmon(pcap_t *a)
502 if (p_pcap_can_set_rfmon != NULL) {
503 return p_pcap_can_set_rfmon(a);
509 pcap_set_rfmon(pcap_t *a, int b)
511 g_assert(has_wpcap && p_pcap_set_rfmon != NULL);
512 return p_pcap_set_rfmon(a, b);
516 pcap_set_timeout(pcap_t *a, int b)
518 g_assert(has_wpcap && pcap_set_timeout != NULL);
519 return p_pcap_set_timeout(a, b);
522 pcap_set_buffer_size(pcap_t *a, int b)
524 g_assert(has_wpcap && pcap_set_timeout != NULL);
525 return p_pcap_set_buffer_size(a, b);
529 pcap_activate(pcap_t *a)
531 g_assert(has_wpcap && pcap_activate != NULL);
532 return p_pcap_activate(a);
537 pcap_statustostr(int a)
539 static char ebuf[15 + 10 + 1];
542 if (pcap_statustostr != NULL) {
543 return pcap_statustostr(a);
546 /* XXX copy routine from pcap.c ??? */
547 (void)g_snprintf(ebuf, sizeof ebuf, "Don't have pcap_statustostr(), can't translate error: %d", a);
553 #if defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
555 * Table of DLT_ types, names, and descriptions, for use if the version
556 * of WinPcap we have installed lacks "pcap_datalink_name_to_val()"
557 * or "pcap_datalink_val_to_name()".
561 const char *description;
565 #define DLT_CHOICE(code, description) { #code, description, code }
566 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
568 static struct dlt_choice dlt_choices[] = {
569 DLT_CHOICE(DLT_NULL, "BSD loopback"),
570 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
571 DLT_CHOICE(DLT_IEEE802, "Token ring"),
572 DLT_CHOICE(DLT_ARCNET, "ARCNET"),
573 DLT_CHOICE(DLT_SLIP, "SLIP"),
574 DLT_CHOICE(DLT_PPP, "PPP"),
575 DLT_CHOICE(DLT_FDDI, "FDDI"),
576 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
577 DLT_CHOICE(DLT_RAW, "Raw IP"),
578 #ifdef DLT_SLIP_BSDOS
579 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
582 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
585 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
587 #ifdef DLT_PPP_SERIAL
588 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
591 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
594 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
596 #ifdef DLT_IEEE802_11
597 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
600 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
603 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
606 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
609 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
612 DLT_CHOICE(DLT_LTALK, "Localtalk"),
615 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
617 #ifdef DLT_PRISM_HEADER
618 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
620 #ifdef DLT_IP_OVER_FC
621 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
624 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
626 #ifdef DLT_IEEE802_11_RADIO
627 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radio information header"),
629 #ifdef DLT_ARCNET_LINUX
630 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
632 #ifdef DLT_LINUX_IRDA
633 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
635 #ifdef DLT_LINUX_LAPD
636 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
639 DLT_CHOICE(DLT_LANE8023, "Linux 802.3 LANE"),
642 DLT_CHOICE(DLT_CIP, "Linux Classical IP-over-ATM"),
645 DLT_CHOICE(DLT_HDLC, "Cisco HDLC"),
648 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
652 #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION */
654 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
656 pcap_datalink_name_to_val(const char *name)
660 if (has_wpcap && (p_pcap_datalink_name_to_val != NULL))
661 return p_pcap_datalink_name_to_val(name);
664 * We don't have it in WinPcap; do it ourselves.
666 for (i = 0; dlt_choices[i].name != NULL; i++) {
667 if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
669 return dlt_choices[i].dlt;
676 #ifdef HAVE_PCAP_LIST_DATALINKS
678 pcap_list_datalinks(pcap_t *p, int **ddlt)
681 return p_pcap_list_datalinks(p, ddlt);
685 #ifdef HAVE_PCAP_FREE_DATALINKS
687 pcap_free_datalinks(int *ddlt)
692 * If we don't have pcap_free_datalinks() in WinPcap,
693 * we don't free the memory - we can't use free(), as
694 * we might not have been built with the same version
695 * of the C runtime library as WinPcap was, and, if we're
696 * not, free() isn't guaranteed to work on something
697 * allocated by WinPcap.
699 if (p_pcap_free_datalinks != NULL)
700 p_pcap_free_datalinks(ddlt);
704 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
706 pcap_datalink_val_to_name(int dlt)
710 if (has_wpcap && (p_pcap_datalink_val_to_name != NULL))
711 return p_pcap_datalink_val_to_name(dlt);
714 * We don't have it in WinPcap; do it ourselves.
716 for (i = 0; dlt_choices[i].name != NULL; i++) {
717 if (dlt_choices[i].dlt == dlt)
718 return dlt_choices[i].name + sizeof("DLT_") - 1;
725 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
727 pcap_datalink_val_to_description(int dlt)
731 if (has_wpcap && (p_pcap_datalink_val_to_description != NULL))
732 return p_pcap_datalink_val_to_description(dlt);
735 * We don't have it in WinPcap; do it ourselves.
737 for (i = 0; dlt_choices[i].name != NULL; i++) {
738 if (dlt_choices[i].dlt == dlt)
739 return (dlt_choices[i].description);
746 #ifdef HAVE_PCAP_BREAKLOOP
747 void pcap_breakloop(pcap_t *a)
753 /* setbuff is win32 specific! */
754 int pcap_setbuff(pcap_t *a, int b)
757 return p_pcap_setbuff(a, b);
760 /* pcap_next_ex is available since libpcap 0.8 / WinPcap 3.0! */
761 /* (if you get a declaration warning here, try to update to at least WinPcap 3.1b4 develpack) */
762 int pcap_next_ex (pcap_t *a, struct pcap_pkthdr **b, const u_char **c)
765 return p_pcap_next_ex(a, b, c);
768 #ifdef HAVE_PCAP_REMOTE
770 get_remote_interface_list(const char *hostname, const char *port,
771 int auth_type, const char *username,
772 const char *passwd, int *err, char **err_str)
774 struct pcap_rmtauth auth;
775 char source[PCAP_BUF_SIZE];
776 char errbuf[PCAP_ERRBUF_SIZE];
779 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
780 NULL, errbuf) == -1) {
781 *err = CANT_GET_INTERFACE_LIST;
783 *err_str = cant_get_if_list_error_message(errbuf);
787 auth.type = auth_type;
788 auth.username = g_strdup(username);
789 auth.password = g_strdup(passwd);
791 result = get_interface_list_findalldevs_ex(source, &auth, err, err_str);
792 g_free(auth.username);
793 g_free(auth.password);
800 * This will use "pcap_findalldevs()" if we have it, otherwise it'll
801 * fall back on "pcap_lookupdev()".
804 get_interface_list(int *err, char **err_str)
809 char ascii_name[MAX_WIN_IF_NAME_LEN + 1];
810 char ascii_desc[MAX_WIN_IF_NAME_LEN + 1];
812 char errbuf[PCAP_ERRBUF_SIZE];
816 * We don't have WinPcap, so we can't get a list of
819 *err = DONT_HAVE_PCAP;
821 *err_str = cant_load_winpcap_err("you");
825 #ifdef HAVE_PCAP_FINDALLDEVS
826 if (p_pcap_findalldevs != NULL)
827 return get_interface_list_findalldevs(err, err_str);
831 * In WinPcap, pcap_lookupdev is implemented by calling
832 * PacketGetAdapterNames. According to the documentation
835 * https://www.winpcap.org/docs/man/html/Packet32_8c.html#a43
839 * On Windows OT (95, 98, Me), pcap_lookupdev returns a sequence
840 * of bytes consisting of:
842 * a sequence of null-terminated ASCII strings (i.e., each
843 * one is terminated by a single 0 byte), giving the names
846 * an empty ASCII string (i.e., a single 0 byte);
848 * a sequence of null-terminated ASCII strings, giving the
849 * descriptions of the interfaces;
851 * an empty ASCII string.
853 * On Windows NT (NT 4.0, W2K, WXP, W2K3, etc.), pcap_lookupdev
854 * returns a sequence of bytes consisting of:
856 * a sequence of null-terminated double-byte Unicode strings
857 * (i.e., each one consits of a sequence of double-byte
858 * characters, terminated by a double-byte 0), giving the
859 * names of the interfaces;
861 * an empty Unicode string (i.e., a double 0 byte);
863 * a sequence of null-terminated ASCII strings, giving the
864 * descriptions of the interfaces;
866 * an empty ASCII string.
868 * The Nth string in the first sequence is the name of the Nth
869 * adapter; the Nth string in the second sequence is the
870 * description of the Nth adapter.
873 names = (wchar_t *)pcap_lookupdev(errbuf);
882 * If names[0] is less than 256 it means the first
883 * byte is 0. This implies that we are using Unicode
886 while (*(names+desc_pos) || *(names+desc_pos-1))
888 desc_pos++; /* Step over the extra '\0' */
889 desc = (char*)(names + desc_pos); /* cast *after* addition */
891 while (names[i] != 0) {
893 * Copy the Unicode description to an ASCII
898 if (j < MAX_WIN_IF_NAME_LEN)
899 ascii_desc[j++] = *desc;
902 ascii_desc[j] = '\0';
906 * Copy the Unicode name to an ASCII string.
909 while (names[i] != 0) {
910 if (j < MAX_WIN_IF_NAME_LEN)
911 ascii_name[j++] = (char) names[i++];
913 ascii_name[j] = '\0';
915 il = g_list_append(il,
916 if_info_new(ascii_name, ascii_desc, FALSE));
920 * Otherwise we are in Windows 95/98 and using ASCII
921 * (8-bit) characters.
923 win95names=(char *)names;
924 while (*(win95names+desc_pos) || *(win95names+desc_pos-1))
926 desc_pos++; /* Step over the extra '\0' */
927 desc = win95names + desc_pos;
929 while (win95names[i] != '\0') {
931 * "&win95names[i]" points to the current
932 * interface name, and "desc" points to
933 * that interface's description.
935 il = g_list_append(il,
936 if_info_new(&win95names[i], desc, FALSE));
939 * Skip to the next description.
946 * Skip to the next name.
948 while (win95names[i] != 0)
957 * No interfaces found.
968 * Get an error message string for a CANT_GET_INTERFACE_LIST error from
969 * "get_interface_list()".
972 cant_get_if_list_error_message(const char *err_str)
975 * If the error message includes "Not enough storage is available
976 * to process this command" or "The operation completed successfully",
977 * suggest that they install a WinPcap version later than 3.0.
979 if (strstr(err_str, "Not enough storage is available to process this command") != NULL ||
980 strstr(err_str, "The operation completed successfully") != NULL) {
981 return g_strdup_printf("Can't get list of interfaces: %s\n"
982 "This might be a problem with WinPcap 3.0; you should try updating to\n"
983 "a later version of WinPcap - see the WinPcap site at www.winpcap.org",
986 return g_strdup_printf("Can't get list of interfaces: %s", err_str);
990 get_if_capabilities_local(interface_options *interface_opts, char **err_str)
993 * We're not getting capaibilities for a remote device; use
994 * pcap_create() and pcap_activate() if we have them, so that
995 * we can set various options, otherwise use pcap_open_live().
997 #ifdef HAVE_PCAP_CREATE
998 if (p_pcap_create != NULL)
999 return get_if_capabilities_pcap_create(interface_opts, err_str);
1001 return get_if_capabilities_pcap_open_live(interface_opts, err_str);
1005 open_capture_device_local(capture_options *capture_opts,
1006 interface_options *interface_opts, int timeout,
1007 char (*open_err_str)[PCAP_ERRBUF_SIZE])
1010 * We're not opening a remote device; use pcap_create() and
1011 * pcap_activate() if we have them, so that we can set various
1012 * options, otherwise use pcap_open_live().
1014 #ifdef HAVE_PCAP_CREATE
1015 if (p_pcap_create != NULL)
1016 return open_capture_device_pcap_create(capture_opts,
1017 interface_opts, timeout, open_err_str);
1019 return open_capture_device_pcap_open_live(interface_opts, timeout,
1024 * Append the version of WinPcap with which we were compiled to a GString.
1027 get_compiled_caplibs_version(GString *str)
1029 g_string_append(str, "with WinPcap (" G_STRINGIFY(WINPCAP_VERSION) ")");
1033 * Append the version of WinPcap with which we we're running to a GString.
1036 get_runtime_caplibs_version(GString *str)
1039 * On Windows, we might have been compiled with WinPcap but
1040 * might not have it loaded; indicate whether we have it or
1041 * not and, if we have it and we have "pcap_lib_version()",
1042 * what version we have.
1044 GModule *handle; /* handle returned by ws_module_open */
1045 static gchar *packetVer;
1049 g_string_append_printf(str, "with ");
1050 if (p_pcap_lib_version != NULL)
1051 g_string_append_printf(str, p_pcap_lib_version());
1054 * An alternative method of obtaining the version
1055 * number, by using the PacketLibraryVersion
1056 * string from packet.dll.
1058 * Unfortunately, in WinPcap 3.0, it returns
1059 * "3.0 alpha3", even in the final version of
1060 * WinPcap 3.0, so if there's a blank in the
1061 * string, we strip it and everything after
1062 * it from the string, so we don't misleadingly
1063 * report that 3.0 alpha3 is being used when
1064 * the final version is being used.
1066 if (packetVer == NULL) {
1067 packetVer = "version unknown";
1068 handle = ws_module_open("packet.dll", 0);
1069 if (handle != NULL) {
1070 if (g_module_symbol(handle,
1071 "PacketLibraryVersion",
1072 (gpointer*)&packetVer)) {
1073 packetVer = g_strdup(packetVer);
1074 blankp = strchr(packetVer, ' ');
1078 packetVer = "version unknown";
1080 g_module_close(handle);
1083 g_string_append_printf(str, "WinPcap (%s)", packetVer);
1086 g_string_append(str, "without WinPcap");
1090 * If npf.sys is running, return TRUE.
1093 npf_sys_is_running(void)
1095 SC_HANDLE h_scm, h_serv;
1098 h_scm = OpenSCManager(NULL, NULL, 0);
1102 h_serv = OpenService(h_scm, _T("npf"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
1104 h_serv = OpenService(h_scm, _T("npcap"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
1106 CloseServiceHandle(h_scm);
1111 if (QueryServiceStatus(h_serv, &ss)) {
1112 if (ss.dwCurrentState & SERVICE_RUNNING) {
1113 CloseServiceHandle(h_serv);
1114 CloseServiceHandle(h_scm);
1118 CloseServiceHandle(h_serv);
1119 CloseServiceHandle(h_scm);
1123 #else /* HAVE_LIBPCAP */
1132 * Append an indication that we were not compiled with WinPcap
1136 get_compiled_caplibs_version(GString *str)
1138 g_string_append(str, "without WinPcap");
1142 * Don't append anything, as we weren't even compiled to use WinPcap.
1145 get_runtime_caplibs_version(GString *str _U_)
1149 #endif /* HAVE_LIBPCAP */
1152 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1157 * indent-tabs-mode: t
1160 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1161 * :indentSize=8:tabSize=8:noTabs=false: