2 * WinPcap-specific interfaces for capturing. We load WinPcap at run
3 * time, so that we only need one Ethereal binary and one Tethereal binary
4 * for Windows, regardless of whether WinPcap is installed or not.
6 * $Id: capture-wpcap.c,v 1.9 2004/03/13 22:49:29 ulfl Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 2001 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
38 #include "pcap-util.h"
39 #include "pcap-util-int.h"
41 /* XXX - yes, I know, I should move cppmagic.h to a generic location. */
42 #include "tools/lemon/cppmagic.h"
44 gboolean has_wpcap = FALSE;
48 static char* (*p_pcap_lookupdev) (char *);
49 static void (*p_pcap_close) (pcap_t *);
50 static int (*p_pcap_stats) (pcap_t *, struct pcap_stat *);
51 static int (*p_pcap_dispatch) (pcap_t *, int, pcap_handler, guchar *);
52 static int (*p_pcap_snapshot) (pcap_t *);
53 static int (*p_pcap_datalink) (pcap_t *);
54 static int (*p_pcap_setfilter) (pcap_t *, struct bpf_program *);
55 static char* (*p_pcap_geterr) (pcap_t *);
56 static int (*p_pcap_compile) (pcap_t *, struct bpf_program *, char *, int,
58 #ifdef WPCAP_CONSTIFIED
59 static int (*p_pcap_lookupnet) (const char *, bpf_u_int32 *, bpf_u_int32 *,
61 static pcap_t* (*p_pcap_open_live) (const char *, int, int, int, char *);
63 static int (*p_pcap_lookupnet) (char *, bpf_u_int32 *, bpf_u_int32 *,
65 static pcap_t* (*p_pcap_open_live) (char *, int, int, int, char *);
67 static int (*p_pcap_loop) (pcap_t *, int, pcap_handler, guchar *);
68 #ifdef HAVE_PCAP_FINDALLDEVS
69 static int (*p_pcap_findalldevs) (pcap_if_t **, char *);
70 static void (*p_pcap_freealldevs) (pcap_if_t *);
72 static const char *(*p_pcap_lib_version) (void);
73 static int (*p_pcap_setbuff) (pcap_t *, int dim);
81 #define SYM(x, y) { STRINGIFY(x) , (gpointer) &CONCAT(p_,x), y }
87 /* These are the symbols I need or want from Wpcap */
88 static const symbol_table_t symbols[] = {
89 SYM(pcap_lookupdev, FALSE),
90 SYM(pcap_close, FALSE),
91 SYM(pcap_stats, FALSE),
92 SYM(pcap_dispatch, FALSE),
93 SYM(pcap_snapshot, FALSE),
94 SYM(pcap_datalink, FALSE),
95 SYM(pcap_setfilter, FALSE),
96 SYM(pcap_geterr, FALSE),
97 SYM(pcap_compile, FALSE),
98 SYM(pcap_lookupnet, FALSE),
99 SYM(pcap_open_live, FALSE),
100 SYM(pcap_loop, FALSE),
101 #ifdef HAVE_PCAP_FINDALLDEVS
102 SYM(pcap_findalldevs, TRUE),
103 SYM(pcap_freealldevs, TRUE),
105 SYM(pcap_lib_version, TRUE),
106 SYM(pcap_setbuff, TRUE),
107 { NULL, NULL, FALSE }
110 GModule *wh; /* wpcap handle */
111 const symbol_table_t *sym;
113 wh = g_module_open("wpcap", 0);
121 if (!g_module_symbol(wh, sym->name, sym->ptr)) {
124 * We don't care if it's missing; we just
130 * We require this symbol.
143 pcap_lookupdev (char *a)
146 return p_pcap_lookupdev(a);
150 pcap_close(pcap_t *a)
157 pcap_stats(pcap_t *a, struct pcap_stat *b)
160 return p_pcap_stats(a, b);
164 pcap_dispatch(pcap_t *a, int b, pcap_handler c, guchar *d)
167 return p_pcap_dispatch(a, b, c, d);
172 pcap_snapshot(pcap_t *a)
175 return p_pcap_snapshot(a);
180 pcap_datalink(pcap_t *a)
183 return p_pcap_datalink(a);
187 pcap_setfilter(pcap_t *a, struct bpf_program *b)
190 return p_pcap_setfilter(a, b);
194 pcap_geterr(pcap_t *a)
197 return p_pcap_geterr(a);
201 pcap_compile(pcap_t *a, struct bpf_program *b, char *c, int d,
205 return p_pcap_compile(a, b, c, d, e);
209 #ifdef WPCAP_CONSTIFIED
210 pcap_lookupnet(const char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
212 pcap_lookupnet(char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
216 return p_pcap_lookupnet(a, b, c, d);
220 #ifdef WPCAP_CONSTIFIED
221 pcap_open_live(const char *a, int b, int c, int d, char *e)
223 pcap_open_live(char *a, int b, int c, int d, char *e)
227 return p_pcap_open_live(a, b, c, d, e);
231 pcap_loop(pcap_t *a, int b, pcap_handler c, guchar *d)
234 return p_pcap_loop(a, b, c, d);
237 #ifdef HAVE_PCAP_FINDALLDEVS
239 pcap_findalldevs(pcap_if_t **a, char *b)
241 g_assert(has_wpcap && p_pcap_findalldevs != NULL);
242 return p_pcap_findalldevs(a, b);
246 pcap_freealldevs(pcap_if_t *a)
248 g_assert(has_wpcap && p_pcap_freealldevs != NULL);
249 p_pcap_freealldevs(a);
253 /* setbuff is win32 specific! */
254 int pcap_setbuff(pcap_t *a, int b)
257 return p_pcap_setbuff(a, b);
261 * This will use "pcap_findalldevs()" if we have it, otherwise it'll
262 * fall back on "pcap_lookupdev()".
265 get_interface_list(int *err, char *err_str)
270 char ascii_name[MAX_WIN_IF_NAME_LEN + 1];
271 char ascii_desc[MAX_WIN_IF_NAME_LEN + 1];
274 #ifdef HAVE_PCAP_FINDALLDEVS
275 if (p_pcap_findalldevs != NULL)
276 return get_interface_list_findalldevs(err, err_str);
280 * In WinPcap, pcap_lookupdev is implemented by calling
281 * PacketGetAdapterNames. According to the documentation
284 * http://winpcap.polito.it/docs/man/html/Packet32_8c.html#a43
288 * On Windows OT (95, 98, Me), pcap_lookupdev returns a sequence
289 * of bytes consisting of:
291 * a sequence of null-terminated ASCII strings (i.e., each
292 * one is terminated by a single 0 byte), giving the names
295 * an empty ASCII string (i.e., a single 0 byte);
297 * a sequence of null-terminated ASCII strings, giving the
298 * descriptions of the interfaces;
300 * an empty ASCII string.
302 * On Windows NT (NT 4.0, W2K, WXP, W2K3, etc.), pcap_lookupdev
303 * returns a sequence of bytes consisting of:
305 * a sequence of null-terminated double-byte Unicode strings
306 * (i.e., each one consits of a sequence of double-byte
307 * characters, terminated by a double-byte 0), giving the
308 * names of the interfaces;
310 * an empty Unicode string (i.e., a double 0 byte);
312 * a sequence of null-terminated ASCII strings, giving the
313 * descriptions of the interfaces;
315 * an empty ASCII string.
317 * The Nth string in the first sequence is the name of the Nth
318 * adapter; the Nth string in the second sequence is the
319 * description of the Nth adapter.
322 names = (wchar_t *)pcap_lookupdev(err_str);
331 * If names[0] is less than 256 it means the first
332 * byte is 0. This implies that we are using Unicode
335 while (*(names+desc_pos) || *(names+desc_pos-1))
337 desc_pos++; /* Step over the extra '\0' */
338 desc = (char*)(names + desc_pos); /* cast *after* addition */
340 while (names[i] != 0) {
342 * Copy the Unicode description to an ASCII
347 if (j < MAX_WIN_IF_NAME_LEN)
348 ascii_desc[j++] = *desc;
351 ascii_desc[j] = '\0';
355 * Copy the Unicode name to an ASCII string.
358 while (names[i] != 0) {
359 if (j < MAX_WIN_IF_NAME_LEN)
360 ascii_name[j++] = (char) names[i++];
362 ascii_name[j] = '\0';
364 il = g_list_append(il,
365 if_info_new(ascii_name, ascii_desc));
369 * Otherwise we are in Windows 95/98 and using ASCII
370 * (8-bit) characters.
372 win95names=(char *)names;
373 while (*(win95names+desc_pos) || *(win95names+desc_pos-1))
375 desc_pos++; /* Step over the extra '\0' */
376 desc = win95names + desc_pos;
378 while (win95names[i] != '\0') {
380 * "&win95names[i]" points to the current
381 * interface name, and "desc" points to
382 * that interface's description.
384 il = g_list_append(il,
385 if_info_new(&win95names[i], desc));
388 * Skip to the next description.
395 * Skip to the next name.
397 while (win95names[i] != 0)
406 * No interfaces found.
408 *err = NO_INTERFACES_FOUND;
415 * Append the version of WinPcap with which we were compiled to a GString.
418 get_compiled_pcap_version(GString *str)
420 g_string_append(str, "with WinPcap (version unknown)");
424 * Append the version of WinPcap with which we we're running to a GString.
427 get_runtime_pcap_version(GString *str)
430 * On Windows, we might have been compiled with WinPcap but
431 * might not have it loaded; indicate whether we have it or
432 * not and, if we have it and we have "pcap_lib_version()",
433 * what version we have.
436 g_string_sprintfa(str, "with ");
437 if (p_pcap_lib_version != NULL)
438 g_string_sprintfa(str, p_pcap_lib_version());
440 g_string_append(str, "WinPcap (version unknown)");
442 g_string_append(str, "without WinPcap");
443 g_string_append(str, " ");
446 #else /* HAVE_LIBPCAP */
455 * Append an indication that we were not compiled with WinPcap
459 get_compiled_pcap_version(GString *str)
461 g_string_append(str, "without WinPcap");
465 * Don't append anything, as we weren't even compiled to use WinPcap.
468 get_runtime_pcap_version(GString *str _U_)
472 #endif /* HAVE_LIBPCAP */