/* pcap-util.c
* Utility routines for packet capture
*
- * $Id: pcap-util.c,v 1.7 2002/05/18 02:41:45 gerald Exp $
+ * $Id$
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
- *
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#ifdef HAVE_LIBPCAP
+#include <pcap.h>
+
#include <glib.h>
#include <stdlib.h>
+#include <limits.h>
#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
+# include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
-#ifdef HAVE_SYS_IOCTL_H
-#include <sys/ioctl.h>
-#endif
-
-#include <pcap.h>
-
-#ifndef WIN32
-/*
- * Keep Digital UNIX happy when including <net/if.h>.
- */
-struct mbuf;
-struct rtentry;
-#include <net/if.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKIO_H
-# include <sys/sockio.h>
-#endif
+#include <wtap.h>
+#include <wtap-capture.h>
-#include "globals.h"
+#include "pcap-util.h"
+#include "pcap-util-int.h"
-#ifdef WIN32
-#include "capture-wpcap.h"
+#ifndef _WIN32
+#include <netinet/in.h>
#endif
-#include "pcap-util.h"
/*
* Get the data-link type for a libpcap device.
*/
int
get_pcap_linktype(pcap_t *pch, char *devname
-#ifndef AIX
+#ifndef _AIX
_U_
#endif
)
{
int linktype;
-#ifdef AIX
+#ifdef _AIX
char *ifacename;
#endif
linktype = pcap_datalink(pch);
-#ifdef AIX
+#ifdef _AIX
/*
* The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
* Token Ring 9
* FDDI 15
*
+ * and the ifType value for a loopback device is 24.
+ *
* The AIX names for LAN devices begin with:
*
* Ethernet en
* Token Ring tr
* FDDI fi
*
+ * and the AIX names for loopback devices begin with "lo".
+ *
* (The difference between "Ethernet" and "802.3" is presumably
* whether packets have an Ethernet header, with a packet type,
* or an 802.3 header, with a packet length, followed by an 802.2
*/
ifacename = strchr(devname, '/');
if (ifacename == NULL)
- ifacename = devnames;
+ ifacename = devname;
/* See if it matches any of the LAN device names. */
if (strncmp(ifacename, "en", 2) == 0) {
*/
linktype = 1;
}
- } else if (strncmp(ifacename, "tr") == 0) {
+ } else if (strncmp(ifacename, "tr", 2) == 0) {
if (linktype == 9) {
/*
* That's the RFC 1573 value for 802.5 (Token Ring);
*/
linktype = 6;
}
- } else if (strncmp(ifacename, "fi") == 0) {
+ } else if (strncmp(ifacename, "fi", 2) == 0) {
if (linktype == 15) {
/*
* That's the RFC 1573 value for FDDI; map it to
*/
linktype = 10;
}
+ } else if (strncmp(ifacename, "lo", 2) == 0) {
+ if (linktype == 24) {
+ /*
+ * That's the RFC 1573 value for "software loopback"
+ * devices; map it to DLT_NULL, which is what's used
+ * for loopback devices on BSD.
+ */
+ linktype = 0;
+ }
}
#endif
return linktype;
}
+if_info_t *
+if_info_new(char *name, char *description)
+{
+ if_info_t *if_info;
+
+ if_info = g_malloc(sizeof (if_info_t));
+ if_info->name = g_strdup(name);
+ if (description == NULL)
+ if_info->description = NULL;
+ else
+ if_info->description = g_strdup(description);
+ if_info->ip_addr = NULL;
+ if_info->loopback = FALSE;
+ return if_info;
+}
+
+void
+if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
+{
+ if_addr_t *ip_addr;
+ struct sockaddr_in *ai;
+#ifdef INET6
+ struct sockaddr_in6 *ai6;
+#endif
+
+ switch (addr->sa_family) {
+
+ case AF_INET:
+ ai = (struct sockaddr_in *)addr;
+ ip_addr = g_malloc(sizeof(*ip_addr));
+ ip_addr->type = AT_IPv4;
+ ip_addr->ip_addr.ip4_addr =
+ *((guint32 *)&(ai->sin_addr.s_addr));
+ if_info->ip_addr = g_slist_append(if_info->ip_addr, ip_addr);
+ break;
+
+#ifdef INET6
+ case AF_INET6:
+ ai6 = (struct sockaddr_in6 *)addr;
+ ip_addr = g_malloc(sizeof(*ip_addr));
+ ip_addr->type = AT_IPv6;
+ memcpy((void *)&ip_addr->ip_addr.ip6_addr,
+ (void *)&ai6->sin6_addr.s6_addr,
+ sizeof ip_addr->ip_addr.ip6_addr);
+ if_info->ip_addr = g_slist_append(if_info->ip_addr, ip_addr);
+ break;
+#endif
+ }
+}
+
+#ifdef HAVE_PCAP_FINDALLDEVS
/*
- * If the ability to capture packets is added to Wiretap, these
- * routines should be moved to the Wiretap source (with
- * "get_interface_list()" and "free_interface_list()" renamed to
- * "wtap_get_interface_list()" and "wtap_free_interface_list()",
- * and modified to use Wiretap routines to attempt to open the
+ * Get all IP address information, and the loopback flag, for the given
* interface.
*/
-
-struct search_user_data {
- char *name;
- int found;
-};
-
static void
-search_for_if_cb(gpointer data, gpointer user_data);
+if_info_ip(if_info_t *if_info, pcap_if_t *d)
+{
+ pcap_addr_t *a;
-static void
-free_if_cb(gpointer data, gpointer user_data);
+ /* Loopback flag */
+ if_info->loopback = (d->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE;
+
+ /* All addresses */
+ for (a = d->addresses; a != NULL; a = a->next) {
+ if (a->addr != NULL)
+ if_info_add_address(if_info, a->addr);
+ }
+}
-#ifndef WIN32
GList *
-get_interface_list(int *err, char *err_str)
+get_interface_list_findalldevs(int *err, char *err_str)
{
GList *il = NULL;
- gint nonloopback_pos = 0;
- struct ifreq *ifr, *last;
- struct ifconf ifc;
- struct ifreq ifrflags;
- int sock = socket(AF_INET, SOCK_DGRAM, 0);
- struct search_user_data user_data;
- pcap_t *pch;
- int len, lastlen;
- char *buf;
+ pcap_if_t *alldevs, *dev;
+ if_info_t *if_info;
- if (sock < 0) {
- sprintf(err_str, "Error opening socket: %s",
- strerror(errno));
+ if (pcap_findalldevs(&alldevs, err_str) == -1) {
+ *err = CANT_GET_INTERFACE_LIST;
return NULL;
}
- /*
- * This code came from: W. Richard Stevens: "UNIX Network Programming",
- * Networking APIs: Sockets and XTI, Vol 1, page 434.
- */
- lastlen = 0;
- len = 100 * sizeof(struct ifreq);
- for ( ; ; ) {
- buf = g_malloc(len);
- ifc.ifc_len = len;
- ifc.ifc_buf = buf;
- memset (buf, 0, len);
- if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) {
- if (errno != EINVAL || lastlen != 0) {
- sprintf(err_str,
- "SIOCGIFCONF ioctl error getting list of interfaces: %s",
- strerror(errno));
- goto fail;
- }
- } else {
- if ((unsigned) ifc.ifc_len < sizeof(struct ifreq)) {
- sprintf(err_str,
- "SIOCGIFCONF ioctl gave too small return buffer");
- goto fail;
- }
- if (ifc.ifc_len == lastlen)
- break; /* success, len has not changed */
- lastlen = ifc.ifc_len;
- }
- len += 10 * sizeof(struct ifreq); /* increment */
- g_free(buf);
- }
- ifr = (struct ifreq *) ifc.ifc_req;
- last = (struct ifreq *) ((char *) ifr + ifc.ifc_len);
- while (ifr < last) {
+ if (alldevs == NULL) {
/*
- * Skip addresses that begin with "dummy", or that include
- * a ":" (the latter are Solaris virtuals).
+ * No interfaces found.
*/
- if (strncmp(ifr->ifr_name, "dummy", 5) == 0 ||
- strchr(ifr->ifr_name, ':') != NULL)
- goto next;
+ *err = NO_INTERFACES_FOUND;
+ return NULL;
+ }
- /*
- * If we already have this interface name on the list,
- * don't add it (SIOCGIFCONF returns, at least on
- * BSD-flavored systems, one entry per interface *address*;
- * if an interface has multiple addresses, we get multiple
- * entries for it).
- */
- user_data.name = ifr->ifr_name;
- user_data.found = FALSE;
- g_list_foreach(il, search_for_if_cb, &user_data);
- if (user_data.found)
- goto next;
+ for (dev = alldevs; dev != NULL; dev = dev->next) {
+ if_info = if_info_new(dev->name, dev->description);
+ il = g_list_append(il, if_info);
+ if_info_ip(if_info, dev);
+ }
+ pcap_freealldevs(alldevs);
- /*
- * Get the interface flags.
- */
- memset(&ifrflags, 0, sizeof ifrflags);
- strncpy(ifrflags.ifr_name, ifr->ifr_name,
- sizeof ifrflags.ifr_name);
- if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
- if (errno == ENXIO)
- goto next;
- sprintf(err_str, "SIOCGIFFLAGS error getting flags for interface %s: %s",
- ifr->ifr_name, strerror(errno));
- goto fail;
- }
+ return il;
+}
+#endif /* HAVE_PCAP_FINDALLDEVS */
- /*
- * Skip interfaces that aren't up.
- */
- if (!(ifrflags.ifr_flags & IFF_UP))
- goto next;
+static void
+free_if_info_addr_cb(gpointer addr, gpointer user_data _U_)
+{
+ g_free(addr);
+}
- /*
- * Skip interfaces that we can't open with "libpcap".
- * Open with the minimum packet size - it appears that the
- * IRIX SIOCSNOOPLEN "ioctl" may fail if the capture length
- * supplied is too large, rather than just truncating it.
- */
- pch = pcap_open_live(ifr->ifr_name, MIN_PACKET_SIZE, 0, 0,
- err_str);
- if (pch == NULL)
- goto next;
- pcap_close(pch);
+static void
+free_if_cb(gpointer data, gpointer user_data _U_)
+{
+ if_info_t *if_info = data;
- /*
- * If it's a loopback interface, add it at the end of the
- * list, otherwise add it after the last non-loopback
- * interface, so all loopback interfaces go at the end - we
- * don't want a loopback interface to be the default capture
- * device unless there are no non-loopback devices.
- */
- if ((ifrflags.ifr_flags & IFF_LOOPBACK) ||
- strncmp(ifr->ifr_name, "lo", 2) == 0)
- il = g_list_insert(il, g_strdup(ifr->ifr_name), -1);
- else {
- il = g_list_insert(il, g_strdup(ifr->ifr_name),
- nonloopback_pos);
- /*
- * Insert the next non-loopback interface after this
- * one.
- */
- nonloopback_pos++;
- }
+ g_free(if_info->name);
+ if (if_info->description != NULL)
+ g_free(if_info->description);
- next:
-#ifdef HAVE_SA_LEN
- ifr = (struct ifreq *) ((char *) ifr +
- (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr) ?
- ifr->ifr_addr.sa_len : sizeof(ifr->ifr_addr)) +
- IFNAMSIZ);
-#else
- ifr = (struct ifreq *) ((char *) ifr + sizeof(struct ifreq));
-#endif
- }
+ g_slist_foreach(if_info->ip_addr, free_if_info_addr_cb, NULL);
+ g_slist_free(if_info->ip_addr);
+}
-#ifdef linux
- /*
- * OK, maybe we have support for the "any" device, to do a cooked
- * capture on all interfaces at once.
- * Try opening it and, if that succeeds, add it to the end of
- * the list of interfaces.
- */
- pch = pcap_open_live("any", MIN_PACKET_SIZE, 0, 0, err_str);
- if (pch != NULL) {
+void
+free_interface_list(GList *if_list)
+{
+ g_list_foreach(if_list, free_if_cb, NULL);
+ g_list_free(if_list);
+}
+
+/*
+ * Get the data-link types available for a libpcap device.
+ */
+static data_link_info_t *
+create_data_link_info(int dlt)
+{
+ data_link_info_t *data_link_info;
+#ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
+ const char *typename;
+#endif
+ int wtap_encap;
+
+ data_link_info = g_malloc(sizeof (data_link_info_t));
+ data_link_info->dlt = dlt;
+#ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
+ typename = pcap_datalink_val_to_name(dlt);
+ if (typename != NULL)
+ data_link_info->name = g_strdup(typename);
+ else
+#endif
+ data_link_info->name = g_strdup_printf("DLT %d", dlt);
+ wtap_encap = wtap_pcap_encap_to_wtap_encap(dlt);
+ if (wtap_encap == WTAP_ENCAP_UNKNOWN) {
/*
- * It worked; we can use the "any" device.
+ * We don't support this in Wiretap.
+ * However, we should, so you can capture on it.
+ * Put in an entry for it, with no description.
*/
- il = g_list_insert(il, g_strdup("any"), -1);
- pcap_close(pch);
+ data_link_info->description = NULL;
+ } else {
+ /*
+ * If this is null, that's a bug in
+ * "wtap_pcap_encap_to_wtap_encap()" - it should always
+ * return a valid encapsulation type - so we assume it's
+ * not null.
+ */
+ data_link_info->description =
+ g_strdup(wtap_encap_string(wtap_encap));
}
+ return data_link_info;
+}
+
+GList *
+get_pcap_linktype_list(char *devname, char *err_buf)
+{
+ GList *linktype_list = NULL;
+ pcap_t *pch;
+ int deflt;
+#ifdef HAVE_PCAP_SET_DATALINK
+ int *linktypes;
+ int i, nlt;
#endif
+ data_link_info_t *data_link_info;
- g_free(ifc.ifc_buf);
- close(sock);
+ pch = pcap_open_live(devname, MIN_PACKET_SIZE, 0, 0, err_buf);
+ if (pch == NULL)
+ return NULL;
+ err_buf[0] = '\0'; /* an empty list doesn't mean an error */
+ deflt = get_pcap_linktype(pch, devname);
+#ifdef HAVE_PCAP_LIST_DATALINKS
+ nlt = pcap_list_datalinks(pch, &linktypes);
+ if (nlt == 0 || linktypes == NULL)
+ return NULL;
+ for (i = 0; i < nlt; i++) {
+ data_link_info = create_data_link_info(linktypes[i]);
- if (il == NULL) {
/*
- * No interfaces found.
+ * XXX - for 802.11, make the most detailed 802.11
+ * version the default, rather than the one the
+ * device has as the default?
*/
- *err = NO_INTERFACES_FOUND;
+ if (linktypes[i] == deflt)
+ linktype_list = g_list_prepend(linktype_list,
+ data_link_info);
+ else
+ linktype_list = g_list_append(linktype_list,
+ data_link_info);
}
- return il;
+ free(linktypes);
+#else
+ data_link_info = create_data_link_info(deflt);
+ linktype_list = g_list_append(linktype_list, data_link_info);
+#endif
-fail:
- if (il != NULL) {
- g_list_foreach(il, free_if_cb, NULL);
- g_list_free(il);
- }
- g_free(ifc.ifc_buf);
- close(sock);
- *err = CANT_GET_INTERFACE_LIST;
- return NULL;
+ pcap_close(pch);
+ return linktype_list;
}
static void
-search_for_if_cb(gpointer data, gpointer user_data)
+free_linktype_cb(gpointer data, gpointer user_data _U_)
{
- struct search_user_data *search_user_data = user_data;
+ data_link_info_t *linktype_info = data;
- if (strcmp((char *)data, search_user_data->name) == 0)
- search_user_data->found = TRUE;
+ g_free(linktype_info->name);
+ if (linktype_info->description != NULL)
+ g_free(linktype_info->description);
}
-#else
-#define MAX_WIN_IF_NAME_LEN 511
-GList *
-get_interface_list(int *err, char *err_str) {
- GList *il = NULL;
- wchar_t *names;
- char *win95names;
- char newname[MAX_WIN_IF_NAME_LEN + 1];
- int i, j, done;
-
- /* On Windows pcap_lookupdev is implemented by calling
- * PacketGetAdapterNames. According to the documentation I can find
- * (http://winpcap.polito.it/docs/dll.htm#PacketGetAdapterNames)
- * this means that:
- *
- * On Windows 95x, pcap_lookupdev returns an ASCII string with the
- * names of the adapters separated by a single ASCII "\0", a double
- * "\0", followed by the descriptions of the adapters separated by a
- * single ASCII "\0" . The string is terminated by a double "\0".
- *
- * On Windows NTx, pcap_lookupdev returns the names of the adapters,
- * in UNICODE format, separated by a single UNICODE "\0" (i.e. 2
- * ASCII "\0"), a double UNICODE "\0", followed by the descriptions
- * of the adapters, in ASCII format, separated by a single ASCII
- * "\0" . The string is terminated by a double ASCII "\0".
- */
- names = (wchar_t *)pcap_lookupdev(err_str);
- i = done = 0;
-
- if (names) {
- char* desc = 0;
- int desc_pos = 0;
-
- if (names[0]<256) {
- /* If names[0] is less than 256 it means the first byte is 0
- This implies that we are using unicode characters */
- while(*(names+desc_pos) || *(names+desc_pos-1))
- desc_pos++;
- desc_pos++; /* Step over the extra '\0' */
- desc = (char*)(names + desc_pos); /* cast *after* addition */
-
- do
- {
- j = 0;
- while (*desc) {
- if (j < MAX_WIN_IF_NAME_LEN)
- newname[j++] = *desc++;
- }
- *desc++;
- if (j < MAX_WIN_IF_NAME_LEN - 1) {
- newname[j++] = ':';
- newname[j++] = ' ';
- }
- while (names[i] != 0) {
- if (j < MAX_WIN_IF_NAME_LEN)
- newname[j++] = names[i++];
- }
- i++;
- if (names[i] == 0)
- done = 1;
- newname[j] = 0;
- il = g_list_append(il, g_strdup(newname));
- } while (!done);
- }
- else {
- /* Otherwise we are in Windows 95/98 and using ascii(8 bit)
- characters */
- win95names=(char *)names;
- while(*(win95names+desc_pos) || *(win95names+desc_pos-1))
- desc_pos++;
- desc_pos++; /* Step over the extra '\0' */
- desc = win95names + desc_pos;
-
- do
- {
- j = 0;
- while (*desc) {
- if (j < MAX_WIN_IF_NAME_LEN)
- newname[j++] = *desc++;
- }
- *desc++;
- if (j < MAX_WIN_IF_NAME_LEN - 1) {
- newname[j++] = ':';
- newname[j++] = ' ';
- }
- while (win95names[i] != 0) {
- if (j < MAX_WIN_IF_NAME_LEN)
- newname[j++] = win95names[i++];
- }
- i++;
- if (win95names[i] == 0)
- done = 1;
- newname[j] = 0;
- il = g_list_append(il, g_strdup(newname));
- } while (!done);
- }
- }
- return(il);
-}
-#endif
-static void
-free_if_cb(gpointer data, gpointer user_data _U_)
+void
+free_pcap_linktype_list(GList *linktype_list)
{
- g_free(data);
+ g_list_foreach(linktype_list, free_linktype_cb, NULL);
+ g_list_free(linktype_list);
}
-void
-free_interface_list(GList *if_list)
+/* Set the data link type on a pcap. */
+const char *
+set_pcap_linktype(pcap_t *pch, char *devname
+#ifdef HAVE_PCAP_SET_DATALINK
+ _U_
+#endif
+ , int dlt)
{
- while (if_list != NULL) {
- g_free(if_list->data);
- if_list = g_list_remove_link(if_list, if_list);
- }
+#ifdef HAVE_PCAP_SET_DATALINK
+ if (pcap_set_datalink(pch, dlt) == 0)
+ return NULL; /* no error */
+ return pcap_geterr(pch);
+#else
+ /* Let them set it to the type it is; reject any other request. */
+ if (get_pcap_linktype(pch, devname) == dlt)
+ return NULL; /* no error */
+ return "That DLT isn't one of the DLTs supported by this device";
+#endif
}
#endif /* HAVE_LIBPCAP */