2 * Utility routines for packet capture
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
39 #ifdef HAVE_SYS_TYPES_H
40 # include <sys/types.h>
43 #ifdef HAVE_SYS_SOCKET_H
44 #include <sys/socket.h>
48 #include <wtap-capture.h>
50 #include "capture-pcap-util.h"
51 #include "capture-pcap-util-int.h"
54 #include <netinet/in.h>
59 * Get the data-link type for a libpcap device.
60 * This works around AIX 5.x's non-standard and incompatible-with-the-
61 * rest-of-the-universe libpcap.
64 get_pcap_linktype(pcap_t *pch, const char *devname
72 const char *ifacename;
75 linktype = pcap_datalink(pch);
79 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
80 * rather than DLT_ values for link-layer types; the ifType values
81 * for LAN devices are:
88 * and the ifType value for a loopback device is 24.
90 * The AIX names for LAN devices begin with:
97 * and the AIX names for loopback devices begin with "lo".
99 * (The difference between "Ethernet" and "802.3" is presumably
100 * whether packets have an Ethernet header, with a packet type,
101 * or an 802.3 header, with a packet length, followed by an 802.2
102 * header and possibly a SNAP header.)
104 * If the device name matches "linktype" interpreted as an ifType
105 * value, rather than as a DLT_ value, we will assume this is AIX's
106 * non-standard, incompatible libpcap, rather than a standard libpcap,
107 * and will map the link-layer type to the standard DLT_ value for
108 * that link-layer type, as that's what the rest of Wireshark expects.
110 * (This means the capture files won't be readable by a tcpdump
111 * linked with AIX's non-standard libpcap, but so it goes. They
112 * *will* be readable by standard versions of tcpdump, Wireshark,
115 * XXX - if we conclude we're using AIX libpcap, should we also
116 * set a flag to cause us to assume the time stamps are in
117 * seconds-and-nanoseconds form, and to convert them to
118 * seconds-and-microseconds form before processing them and
123 * Find the last component of the device name, which is the
126 ifacename = strchr(devname, '/');
127 if (ifacename == NULL)
130 /* See if it matches any of the LAN device names. */
131 if (strncmp(ifacename, "en", 2) == 0) {
134 * That's the RFC 1573 value for Ethernet; map it
139 } else if (strncmp(ifacename, "et", 2) == 0) {
142 * That's the RFC 1573 value for 802.3; map it to
144 * (libpcap, tcpdump, Wireshark, etc. don't care if
145 * it's Ethernet or 802.3.)
149 } else if (strncmp(ifacename, "tr", 2) == 0) {
152 * That's the RFC 1573 value for 802.5 (Token Ring);
153 * map it to DLT_IEEE802, which is what's used for
158 } else if (strncmp(ifacename, "fi", 2) == 0) {
159 if (linktype == 15) {
161 * That's the RFC 1573 value for FDDI; map it to
166 } else if (strncmp(ifacename, "lo", 2) == 0) {
167 if (linktype == 24) {
169 * That's the RFC 1573 value for "software loopback"
170 * devices; map it to DLT_NULL, which is what's used
171 * for loopback devices on BSD.
182 if_info_new(char *name, char *description)
186 if_info = g_malloc(sizeof (if_info_t));
187 if_info->name = g_strdup(name);
188 if (description == NULL)
189 if_info->description = NULL;
191 if_info->description = g_strdup(description);
192 if_info->ip_addr = NULL;
193 if_info->loopback = FALSE;
198 if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
201 struct sockaddr_in *ai;
203 struct sockaddr_in6 *ai6;
206 switch (addr->sa_family) {
209 ai = (struct sockaddr_in *)addr;
210 ip_addr = g_malloc(sizeof(*ip_addr));
211 ip_addr->type = AT_IPv4;
212 ip_addr->ip_addr.ip4_addr =
213 *((guint32 *)&(ai->sin_addr.s_addr));
214 if_info->ip_addr = g_slist_append(if_info->ip_addr, ip_addr);
219 ai6 = (struct sockaddr_in6 *)addr;
220 ip_addr = g_malloc(sizeof(*ip_addr));
221 ip_addr->type = AT_IPv6;
222 memcpy((void *)&ip_addr->ip_addr.ip6_addr,
223 (void *)&ai6->sin6_addr.s6_addr,
224 sizeof ip_addr->ip_addr.ip6_addr);
225 if_info->ip_addr = g_slist_append(if_info->ip_addr, ip_addr);
231 #ifdef HAVE_PCAP_FINDALLDEVS
233 * Get all IP address information, and the loopback flag, for the given
237 if_info_ip(if_info_t *if_info, pcap_if_t *d)
242 if_info->loopback = (d->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE;
245 for (a = d->addresses; a != NULL; a = a->next) {
247 if_info_add_address(if_info, a->addr);
252 get_interface_list_findalldevs(int *err, char **err_str)
255 pcap_if_t *alldevs, *dev;
257 char errbuf[PCAP_ERRBUF_SIZE];
259 if (pcap_findalldevs(&alldevs, errbuf) == -1) {
260 *err = CANT_GET_INTERFACE_LIST;
262 *err_str = cant_get_if_list_error_message(errbuf);
266 if (alldevs == NULL) {
268 * No interfaces found.
270 *err = NO_INTERFACES_FOUND;
276 for (dev = alldevs; dev != NULL; dev = dev->next) {
277 if_info = if_info_new(dev->name, dev->description);
278 il = g_list_append(il, if_info);
279 if_info_ip(if_info, dev);
281 pcap_freealldevs(alldevs);
285 #endif /* HAVE_PCAP_FINDALLDEVS */
288 free_if_info_addr_cb(gpointer addr, gpointer user_data _U_)
294 free_if_cb(gpointer data, gpointer user_data _U_)
296 if_info_t *if_info = data;
298 g_free(if_info->name);
299 if (if_info->description != NULL)
300 g_free(if_info->description);
302 g_slist_foreach(if_info->ip_addr, free_if_info_addr_cb, NULL);
303 g_slist_free(if_info->ip_addr);
308 free_interface_list(GList *if_list)
310 g_list_foreach(if_list, free_if_cb, NULL);
311 g_list_free(if_list);
315 * Get the data-link types available for a libpcap device.
317 static data_link_info_t *
318 create_data_link_info(int dlt)
320 data_link_info_t *data_link_info;
321 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
322 const char *typename;
326 data_link_info = g_malloc(sizeof (data_link_info_t));
327 data_link_info->dlt = dlt;
328 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
329 typename = pcap_datalink_val_to_name(dlt);
330 if (typename != NULL)
331 data_link_info->name = g_strdup(typename);
334 data_link_info->name = g_strdup_printf("DLT %d", dlt);
335 wtap_encap = wtap_pcap_encap_to_wtap_encap(dlt);
336 if (wtap_encap == WTAP_ENCAP_UNKNOWN) {
338 * We don't support this in Wiretap.
339 * However, we should, so you can capture on it.
340 * Put in an entry for it, with no description.
342 data_link_info->description = NULL;
345 * If this is null, that's a bug in
346 * "wtap_pcap_encap_to_wtap_encap()" - it should always
347 * return a valid encapsulation type - so we assume it's
350 data_link_info->description =
351 g_strdup(wtap_encap_string(wtap_encap));
353 return data_link_info;
357 get_pcap_linktype_list(const char *devname, char **err_str)
359 GList *linktype_list = NULL;
362 char errbuf[PCAP_ERRBUF_SIZE];
363 #ifdef HAVE_PCAP_SET_DATALINK
367 data_link_info_t *data_link_info;
369 pch = pcap_open_live(devname, MIN_PACKET_SIZE, 0, 0, errbuf);
372 *err_str = g_strdup(errbuf);
375 deflt = get_pcap_linktype(pch, devname);
376 #ifdef HAVE_PCAP_LIST_DATALINKS
377 nlt = pcap_list_datalinks(pch, &linktypes);
378 if (nlt == 0 || linktypes == NULL) {
381 *err_str = NULL; /* an empty list doesn't mean an error */
384 for (i = 0; i < nlt; i++) {
385 data_link_info = create_data_link_info(linktypes[i]);
388 * XXX - for 802.11, make the most detailed 802.11
389 * version the default, rather than the one the
390 * device has as the default?
392 if (linktypes[i] == deflt)
393 linktype_list = g_list_prepend(linktype_list,
396 linktype_list = g_list_append(linktype_list,
401 data_link_info = create_data_link_info(deflt);
402 linktype_list = g_list_append(linktype_list, data_link_info);
406 return linktype_list;
410 free_linktype_cb(gpointer data, gpointer user_data _U_)
412 data_link_info_t *linktype_info = data;
414 g_free(linktype_info->name);
415 if (linktype_info->description != NULL)
416 g_free(linktype_info->description);
420 free_pcap_linktype_list(GList *linktype_list)
422 g_list_foreach(linktype_list, free_linktype_cb, NULL);
423 g_list_free(linktype_list);
426 /* Set the data link type on a pcap. */
428 set_pcap_linktype(pcap_t *pch, char *devname
429 #ifdef HAVE_PCAP_SET_DATALINK
434 #ifdef HAVE_PCAP_SET_DATALINK
435 if (pcap_set_datalink(pch, dlt) == 0)
436 return NULL; /* no error */
437 return pcap_geterr(pch);
439 /* Let them set it to the type it is; reject any other request. */
440 if (get_pcap_linktype(pch, devname) == dlt)
441 return NULL; /* no error */
442 return "That DLT isn't one of the DLTs supported by this device";
447 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
449 linktype_val_to_name(int dlt)
451 return pcap_datalink_val_to_name(dlt);
455 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
456 int linktype_name_to_val(const char *linktype)
458 return pcap_datalink_name_to_val(linktype);
462 #endif /* HAVE_LIBPCAP */