2 * WinPcap-specific interfaces for capturing. We load WinPcap at run
3 * time, so that we only need one Wireshark binary and one TShark binary
4 * for Windows, regardless of whether WinPcap is installed or not.
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 2001 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
35 #include "capture_ifinfo.h"
36 #include "capture-pcap-util.h"
37 #include "capture-pcap-util-int.h"
39 /* XXX - yes, I know, I should move cppmagic.h to a generic location. */
40 #include "tools/lemon/cppmagic.h"
42 #define MAX_WIN_IF_NAME_LEN 511
45 gboolean has_wpcap = FALSE;
50 * XXX - should we require at least WinPcap 3.1 both for building an
51 * for using Wireshark?
54 static char* (*p_pcap_lookupdev) (char *);
55 static void (*p_pcap_close) (pcap_t *);
56 static int (*p_pcap_stats) (pcap_t *, struct pcap_stat *);
57 static int (*p_pcap_dispatch) (pcap_t *, int, pcap_handler, guchar *);
58 static int (*p_pcap_snapshot) (pcap_t *);
59 static int (*p_pcap_datalink) (pcap_t *);
60 static int (*p_pcap_setfilter) (pcap_t *, struct bpf_program *);
61 static char* (*p_pcap_geterr) (pcap_t *);
62 static int (*p_pcap_compile) (pcap_t *, struct bpf_program *, const char *, int,
64 static int (*p_pcap_lookupnet) (const char *, bpf_u_int32 *, bpf_u_int32 *,
66 static pcap_t* (*p_pcap_open_live) (const char *, int, int, int, char *);
67 static int (*p_pcap_loop) (pcap_t *, int, pcap_handler, guchar *);
68 static void (*p_pcap_freecode) (struct bpf_program *);
69 #ifdef HAVE_PCAP_FINDALLDEVS
70 static int (*p_pcap_findalldevs) (pcap_if_t **, char *);
71 static void (*p_pcap_freealldevs) (pcap_if_t *);
73 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
74 static int (*p_pcap_datalink_name_to_val) (const char *);
76 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
77 static const char *(*p_pcap_datalink_val_to_name) (int);
79 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
80 static const char *(*p_pcap_datalink_val_to_description) (int);
82 #ifdef HAVE_PCAP_BREAKLOOP
83 static void (*p_pcap_breakloop) (pcap_t *);
85 static const char *(*p_pcap_lib_version) (void);
86 static int (*p_pcap_setbuff) (pcap_t *, int dim);
87 static int (*p_pcap_next_ex) (pcap_t *, struct pcap_pkthdr **pkt_header, const u_char **pkt_data);
88 #ifdef HAVE_PCAP_REMOTE
89 static pcap_t* (*p_pcap_open) (const char *, int, int, int,
90 struct pcap_rmtauth *, char *);
91 static int (*p_pcap_findalldevs_ex) (char *, struct pcap_rmtauth *,
92 pcap_if_t **, char *);
93 static int (*p_pcap_createsrcstr) (char *, int, const char *, const char *,
94 const char *, char *);
96 #ifdef HAVE_PCAP_SETSAMPLING
97 static struct pcap_samp* (*p_pcap_setsampling)(pcap_t *);
100 #ifdef HAVE_PCAP_LIST_DATALINKS
101 static int (*p_pcap_list_datalinks)(pcap_t *, int **);
104 #ifdef HAVE_PCAP_SET_DATALINK
105 static int (*p_pcap_set_datalink)(pcap_t *, int);
108 #ifdef HAVE_PCAP_FREE_DATALINKS
109 static int (*p_pcap_free_datalinks)(int *);
118 #define SYM(x, y) { STRINGIFY(x) , (gpointer) &CONCAT(p_,x), y }
124 /* These are the symbols I need or want from Wpcap */
125 static const symbol_table_t symbols[] = {
126 SYM(pcap_lookupdev, FALSE),
127 SYM(pcap_close, FALSE),
128 SYM(pcap_stats, FALSE),
129 SYM(pcap_dispatch, FALSE),
130 SYM(pcap_snapshot, FALSE),
131 SYM(pcap_datalink, FALSE),
132 SYM(pcap_setfilter, FALSE),
133 SYM(pcap_geterr, FALSE),
134 SYM(pcap_compile, FALSE),
135 SYM(pcap_lookupnet, FALSE),
136 #ifdef HAVE_PCAP_REMOTE
137 SYM(pcap_open, FALSE),
138 SYM(pcap_findalldevs_ex, FALSE),
139 SYM(pcap_createsrcstr, FALSE),
141 SYM(pcap_open_live, FALSE),
142 #ifdef HAVE_PCAP_SETSAMPLING
143 SYM(pcap_setsampling, TRUE),
145 SYM(pcap_loop, FALSE),
146 SYM(pcap_freecode, TRUE),
147 #ifdef HAVE_PCAP_FINDALLDEVS
148 SYM(pcap_findalldevs, TRUE),
149 SYM(pcap_freealldevs, TRUE),
151 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
152 SYM(pcap_datalink_name_to_val, TRUE),
154 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
155 SYM(pcap_datalink_val_to_name, TRUE),
157 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
158 SYM(pcap_datalink_val_to_description, TRUE),
160 #ifdef HAVE_PCAP_BREAKLOOP
162 * We don't try to work around the lack of this at
163 * run time; it's present in WinPcap 3.1, which is
164 * the version we build with and ship with.
166 SYM(pcap_breakloop, FALSE),
168 SYM(pcap_lib_version, TRUE),
169 SYM(pcap_setbuff, TRUE),
170 SYM(pcap_next_ex, TRUE),
171 #ifdef HAVE_PCAP_LIST_DATALINKS
172 SYM(pcap_list_datalinks, FALSE),
174 #ifdef HAVE_PCAP_SET_DATALINK
175 SYM(pcap_set_datalink, FALSE),
177 #ifdef HAVE_PCAP_FREE_DATALINKS
178 SYM(pcap_free_datalinks, TRUE),
180 { NULL, NULL, FALSE }
183 GModule *wh; /* wpcap handle */
184 const symbol_table_t *sym;
186 wh = g_module_open("wpcap", 0);
194 if (!g_module_symbol(wh, sym->name, sym->ptr)) {
197 * We don't care if it's missing; we just
203 * We require this symbol.
216 pcap_lookupdev (char *a)
221 return p_pcap_lookupdev(a);
225 pcap_close(pcap_t *a)
232 pcap_stats(pcap_t *a, struct pcap_stat *b)
235 return p_pcap_stats(a, b);
239 pcap_dispatch(pcap_t *a, int b, pcap_handler c, guchar *d)
242 return p_pcap_dispatch(a, b, c, d);
246 pcap_snapshot(pcap_t *a)
249 return p_pcap_snapshot(a);
253 pcap_datalink(pcap_t *a)
256 return p_pcap_datalink(a);
259 #ifdef HAVE_PCAP_SET_DATALINK
261 pcap_set_datalink(pcap_t *p, int dlt)
264 return p_pcap_set_datalink(p, dlt);
269 pcap_setfilter(pcap_t *a, struct bpf_program *b)
272 return p_pcap_setfilter(a, b);
276 pcap_geterr(pcap_t *a)
279 return p_pcap_geterr(a);
283 pcap_compile(pcap_t *a, struct bpf_program *b, const char *c, int d,
287 return p_pcap_compile(a, b, c, d, e);
291 pcap_lookupnet(const char *a, bpf_u_int32 *b, bpf_u_int32 *c, char *d)
294 return p_pcap_lookupnet(a, b, c, d);
298 pcap_open_live(const char *a, int b, int c, int d, char *e)
303 return p_pcap_open_live(a, b, c, d, e);
306 #ifdef HAVE_PCAP_REMOTE
308 pcap_open(const char *a, int b, int c, int d, struct pcap_rmtauth *e, char *f)
313 return p_pcap_open(a, b, c, d, e, f);
317 pcap_findalldevs_ex(char *a, struct pcap_rmtauth *b, pcap_if_t **c, char *d)
320 return p_pcap_findalldevs_ex(a, b, c, d);
324 pcap_createsrcstr(char *a, int b, const char *c, const char *d, const char *e,
328 return p_pcap_createsrcstr(a, b, c, d, e, f);
332 #ifdef HAVE_PCAP_SETSAMPLING
334 pcap_setsampling(pcap_t *a)
337 if (p_pcap_setsampling != NULL) {
338 return p_pcap_setsampling(a);
345 pcap_loop(pcap_t *a, int b, pcap_handler c, guchar *d)
348 return p_pcap_loop(a, b, c, d);
352 pcap_freecode(struct bpf_program *a)
355 if(p_pcap_freecode) {
360 #ifdef HAVE_PCAP_FINDALLDEVS
362 pcap_findalldevs(pcap_if_t **a, char *b)
364 g_assert(has_wpcap && p_pcap_findalldevs != NULL);
365 return p_pcap_findalldevs(a, b);
369 pcap_freealldevs(pcap_if_t *a)
371 g_assert(has_wpcap && p_pcap_freealldevs != NULL);
372 p_pcap_freealldevs(a);
376 #if defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
378 * Table of DLT_ types, names, and descriptions, for use if the version
379 * of WinPcap we have installed lacks "pcap_datalink_name_to_val()"
380 * or "pcap_datalink_val_to_name()".
384 const char *description;
388 #define DLT_CHOICE(code, description) { #code, description, code }
389 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
391 static struct dlt_choice dlt_choices[] = {
392 DLT_CHOICE(DLT_NULL, "BSD loopback"),
393 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
394 DLT_CHOICE(DLT_IEEE802, "Token ring"),
395 DLT_CHOICE(DLT_ARCNET, "ARCNET"),
396 DLT_CHOICE(DLT_SLIP, "SLIP"),
397 DLT_CHOICE(DLT_PPP, "PPP"),
398 DLT_CHOICE(DLT_FDDI, "FDDI"),
399 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
400 DLT_CHOICE(DLT_RAW, "Raw IP"),
401 #ifdef DLT_SLIP_BSDOS
402 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
405 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
408 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
410 #ifdef DLT_PPP_SERIAL
411 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
414 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
417 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
419 #ifdef DLT_IEEE802_11
420 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
423 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
426 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
429 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
432 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
435 DLT_CHOICE(DLT_LTALK, "Localtalk"),
438 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
440 #ifdef DLT_PRISM_HEADER
441 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
443 #ifdef DLT_IP_OVER_FC
444 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
447 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
449 #ifdef DLT_IEEE802_11_RADIO
450 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus radio information header"),
452 #ifdef DLT_ARCNET_LINUX
453 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
455 #ifdef DLT_LINUX_IRDA
456 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
458 #ifdef DLT_LINUX_LAPD
459 DLT_CHOICE(DLT_LINUX_LAPD, "Linux vISDN LAPD"),
462 DLT_CHOICE(DLT_LANE8023, "Linux 802.3 LANE"),
465 DLT_CHOICE(DLT_CIP, "Linux Classical IP-over-ATM"),
468 DLT_CHOICE(DLT_HDLC, "Cisco HDLC"),
471 DLT_CHOICE(DLT_PPI, "Per-Packet Information"),
475 #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION */
477 #ifdef HAVE_PCAP_DATALINK_NAME_TO_VAL
479 pcap_datalink_name_to_val(const char *name)
485 if (p_pcap_datalink_name_to_val != NULL)
486 return p_pcap_datalink_name_to_val(name);
489 * We don't have it in WinPcap; do it ourselves.
491 for (i = 0; dlt_choices[i].name != NULL; i++) {
492 if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
494 return dlt_choices[i].dlt;
501 #ifdef HAVE_PCAP_LIST_DATALINKS
503 pcap_list_datalinks(pcap_t *p, int **ddlt)
506 return p_pcap_list_datalinks(p, ddlt);
510 #ifdef HAVE_PCAP_FREE_DATALINKS
512 pcap_free_datalinks(int *ddlt)
517 * If we don't have pcap_free_datalinks() in WinPcap,
518 * we don't free the memory - we can't use free(), as
519 * we might not have been built with the same version
520 * of the C runtime library as WinPcap was, and, if we're
521 * not, free() isn't guaranteed to work on something
522 * allocated by WinPcap.
524 if (p_pcap_free_datalinks != NULL)
525 p_pcap_free_datalinks(ddlt);
529 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
531 pcap_datalink_val_to_name(int dlt)
537 if (p_pcap_datalink_val_to_name != NULL)
538 return p_pcap_datalink_val_to_name(dlt);
541 * We don't have it in WinPcap; do it ourselves.
543 for (i = 0; dlt_choices[i].name != NULL; i++) {
544 if (dlt_choices[i].dlt == dlt)
545 return dlt_choices[i].name + sizeof("DLT_") - 1;
552 #ifdef HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION
554 pcap_datalink_val_to_description(int dlt)
560 if (p_pcap_datalink_val_to_description != NULL)
561 return p_pcap_datalink_val_to_description(dlt);
564 * We don't have it in WinPcap; do it ourselves.
566 for (i = 0; dlt_choices[i].name != NULL; i++) {
567 if (dlt_choices[i].dlt == dlt)
568 return (dlt_choices[i].description);
575 #ifdef HAVE_PCAP_BREAKLOOP
576 void pcap_breakloop(pcap_t *a)
582 /* setbuff is win32 specific! */
583 int pcap_setbuff(pcap_t *a, int b)
586 return p_pcap_setbuff(a, b);
589 /* pcap_next_ex is available since libpcap 0.8 / WinPcap 3.0! */
590 /* (if you get a declaration warning here, try to update to at least WinPcap 3.1b4 develpack) */
591 int pcap_next_ex (pcap_t *a, struct pcap_pkthdr **b, const u_char **c)
594 return p_pcap_next_ex(a, b, c);
597 #ifdef HAVE_PCAP_REMOTE
599 get_remote_interface_list(const char *hostname, const char *port,
600 int auth_type, const char *username,
601 const char *passwd, int *err, char **err_str)
603 struct pcap_rmtauth auth;
604 char source[PCAP_BUF_SIZE];
605 char errbuf[PCAP_ERRBUF_SIZE];
608 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
609 NULL, errbuf) == -1) {
610 *err = CANT_GET_INTERFACE_LIST;
612 *err_str = cant_get_if_list_error_message(errbuf);
616 auth.type = auth_type;
617 auth.username = g_strdup(username);
618 auth.password = g_strdup(passwd);
620 result = get_interface_list_findalldevs_ex(source, &auth, err, err_str);
621 g_free(auth.username);
622 g_free(auth.password);
629 * This will use "pcap_findalldevs()" if we have it, otherwise it'll
630 * fall back on "pcap_lookupdev()".
633 get_interface_list(int *err, char **err_str)
638 char ascii_name[MAX_WIN_IF_NAME_LEN + 1];
639 char ascii_desc[MAX_WIN_IF_NAME_LEN + 1];
641 char errbuf[PCAP_ERRBUF_SIZE];
643 #ifdef HAVE_PCAP_FINDALLDEVS
644 if (p_pcap_findalldevs != NULL)
645 return get_interface_list_findalldevs(err, err_str);
649 * In WinPcap, pcap_lookupdev is implemented by calling
650 * PacketGetAdapterNames. According to the documentation
653 * http://www.winpcap.org/docs/man/html/Packet32_8c.html#a43
657 * On Windows OT (95, 98, Me), pcap_lookupdev returns a sequence
658 * of bytes consisting of:
660 * a sequence of null-terminated ASCII strings (i.e., each
661 * one is terminated by a single 0 byte), giving the names
664 * an empty ASCII string (i.e., a single 0 byte);
666 * a sequence of null-terminated ASCII strings, giving the
667 * descriptions of the interfaces;
669 * an empty ASCII string.
671 * On Windows NT (NT 4.0, W2K, WXP, W2K3, etc.), pcap_lookupdev
672 * returns a sequence of bytes consisting of:
674 * a sequence of null-terminated double-byte Unicode strings
675 * (i.e., each one consits of a sequence of double-byte
676 * characters, terminated by a double-byte 0), giving the
677 * names of the interfaces;
679 * an empty Unicode string (i.e., a double 0 byte);
681 * a sequence of null-terminated ASCII strings, giving the
682 * descriptions of the interfaces;
684 * an empty ASCII string.
686 * The Nth string in the first sequence is the name of the Nth
687 * adapter; the Nth string in the second sequence is the
688 * description of the Nth adapter.
691 names = (wchar_t *)pcap_lookupdev(errbuf);
700 * If names[0] is less than 256 it means the first
701 * byte is 0. This implies that we are using Unicode
704 while (*(names+desc_pos) || *(names+desc_pos-1))
706 desc_pos++; /* Step over the extra '\0' */
707 desc = (char*)(names + desc_pos); /* cast *after* addition */
709 while (names[i] != 0) {
711 * Copy the Unicode description to an ASCII
716 if (j < MAX_WIN_IF_NAME_LEN)
717 ascii_desc[j++] = *desc;
720 ascii_desc[j] = '\0';
724 * Copy the Unicode name to an ASCII string.
727 while (names[i] != 0) {
728 if (j < MAX_WIN_IF_NAME_LEN)
729 ascii_name[j++] = (char) names[i++];
731 ascii_name[j] = '\0';
733 il = g_list_append(il,
734 if_info_new(ascii_name, ascii_desc));
738 * Otherwise we are in Windows 95/98 and using ASCII
739 * (8-bit) characters.
741 win95names=(char *)names;
742 while (*(win95names+desc_pos) || *(win95names+desc_pos-1))
744 desc_pos++; /* Step over the extra '\0' */
745 desc = win95names + desc_pos;
747 while (win95names[i] != '\0') {
749 * "&win95names[i]" points to the current
750 * interface name, and "desc" points to
751 * that interface's description.
753 il = g_list_append(il,
754 if_info_new(&win95names[i], desc));
757 * Skip to the next description.
764 * Skip to the next name.
766 while (win95names[i] != 0)
775 * No interfaces found.
777 *err = NO_INTERFACES_FOUND;
786 * Get an error message string for a CANT_GET_INTERFACE_LIST error from
787 * "get_interface_list()".
790 cant_get_if_list_error_message(const char *err_str)
793 * If the error message includes "Not enough storage is available
794 * to process this command" or "The operation completed successfully",
795 * suggest that they install a WinPcap version later than 3.0.
797 if (strstr(err_str, "Not enough storage is available to process this command") != NULL ||
798 strstr(err_str, "The operation completed successfully") != NULL) {
799 return g_strdup_printf("Can't get list of interfaces: %s\n"
800 "This might be a problem with WinPcap 3.0; you should try updating to\n"
801 "a later version of WinPcap - see the WinPcap site at www.winpcap.org",
804 return g_strdup_printf("Can't get list of interfaces: %s", err_str);
808 * Append the version of WinPcap with which we were compiled to a GString.
811 get_compiled_pcap_version(GString *str)
813 g_string_append(str, "with WinPcap (version unknown)");
817 * Append the version of WinPcap with which we we're running to a GString.
820 get_runtime_pcap_version(GString *str)
823 * On Windows, we might have been compiled with WinPcap but
824 * might not have it loaded; indicate whether we have it or
825 * not and, if we have it and we have "pcap_lib_version()",
826 * what version we have.
828 GModule *handle; /* handle returned by dlopen */
829 static gchar *packetVer;
833 g_string_append_printf(str, "with ");
834 if (p_pcap_lib_version != NULL)
835 g_string_append_printf(str, p_pcap_lib_version());
838 * An alternative method of obtaining the version
839 * number, by using the PacketLibraryVersion
840 * string from packet.dll.
842 * Unfortunately, in WinPcap 3.0, it returns
843 * "3.0 alpha3", even in the final version of
844 * WinPcap 3.0, so if there's a blank in the
845 * string, we strip it and everything after
846 * it from the string, so we don't misleadingly
847 * report that 3.0 alpha3 is being used when
848 * the final version is being used.
850 if (packetVer == NULL) {
851 packetVer = "version unknown";
852 handle = g_module_open("Packet.dll", 0);
853 if (handle != NULL) {
854 if (g_module_symbol(handle,
855 "PacketLibraryVersion",
856 (gpointer*)&packetVer)) {
857 packetVer = g_strdup(packetVer);
858 blankp = strchr(packetVer, ' ');
862 packetVer = "version unknown";
864 g_module_close(handle);
867 g_string_append_printf(str, "WinPcap (%s)", packetVer);
870 g_string_append(str, "without WinPcap");
873 #else /* HAVE_LIBPCAP */
882 * Append an indication that we were not compiled with WinPcap
886 get_compiled_pcap_version(GString *str)
888 g_string_append(str, "without WinPcap");
892 * Don't append anything, as we weren't even compiled to use WinPcap.
895 get_runtime_pcap_version(GString *str _U_)
899 #endif /* HAVE_LIBPCAP */