2 * Utility routines for packet capture
4 * $Id: pcap-util.c,v 1.14 2003/07/06 00:07:58 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
42 #ifdef HAVE_SYS_SOCKET_H
43 #include <sys/socket.h>
46 #ifdef HAVE_SYS_IOCTL_H
47 #include <sys/ioctl.h>
54 * Keep Digital UNIX happy when including <net/if.h>.
61 #ifdef HAVE_SYS_SOCKIO_H
62 # include <sys/sockio.h>
68 #include "capture-wpcap.h"
71 #include "pcap-util.h"
74 * Get the data-link type for a libpcap device.
75 * This works around AIX 5.x's non-standard and incompatible-with-the-
76 * rest-of-the-universe libpcap.
79 get_pcap_linktype(pcap_t *pch, char *devname
90 linktype = pcap_datalink(pch);
94 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
95 * rather than DLT_ values for link-layer types; the ifType values
96 * for LAN devices are:
103 * and the ifType value for a loopback device is 24.
105 * The AIX names for LAN devices begin with:
112 * and the AIX names for loopback devices begin with "lo".
114 * (The difference between "Ethernet" and "802.3" is presumably
115 * whether packets have an Ethernet header, with a packet type,
116 * or an 802.3 header, with a packet length, followed by an 802.2
117 * header and possibly a SNAP header.)
119 * If the device name matches "linktype" interpreted as an ifType
120 * value, rather than as a DLT_ value, we will assume this is AIX's
121 * non-standard, incompatible libpcap, rather than a standard libpcap,
122 * and will map the link-layer type to the standard DLT_ value for
123 * that link-layer type, as that's what the rest of Ethereal expects.
125 * (This means the capture files won't be readable by a tcpdump
126 * linked with AIX's non-standard libpcap, but so it goes. They
127 * *will* be readable by standard versions of tcpdump, Ethereal,
130 * XXX - if we conclude we're using AIX libpcap, should we also
131 * set a flag to cause us to assume the time stamps are in
132 * seconds-and-nanoseconds form, and to convert them to
133 * seconds-and-microseconds form before processing them and
138 * Find the last component of the device name, which is the
141 ifacename = strchr(devname, '/');
142 if (ifacename == NULL)
143 ifacename = devnames;
145 /* See if it matches any of the LAN device names. */
146 if (strncmp(ifacename, "en", 2) == 0) {
149 * That's the RFC 1573 value for Ethernet; map it
154 } else if (strncmp(ifacename, "et", 2) == 0) {
157 * That's the RFC 1573 value for 802.3; map it to
159 * (libpcap, tcpdump, Ethereal, etc. don't care if
160 * it's Ethernet or 802.3.)
164 } else if (strncmp(ifacename, "tr") == 0) {
167 * That's the RFC 1573 value for 802.5 (Token Ring);
168 * map it to DLT_IEEE802, which is what's used for
173 } else if (strncmp(ifacename, "fi") == 0) {
174 if (linktype == 15) {
176 * That's the RFC 1573 value for FDDI; map it to
181 } else if (strncmp(ifacename, "lo") == 0) {
182 if (linktype == 24) {
184 * That's the RFC 1573 value for "software loopback"
185 * devices; map it to DLT_NULL, which is what's used
186 * for loopback devices on BSD.
197 * If the ability to capture packets is added to Wiretap, these
198 * routines should be moved to the Wiretap source (with
199 * "get_interface_list()" and "free_interface_list()" renamed to
200 * "wtap_get_interface_list()" and "wtap_free_interface_list()",
201 * and modified to use Wiretap routines to attempt to open the
205 struct search_user_data {
211 search_for_if_cb(gpointer data, gpointer user_data);
214 free_if_cb(gpointer data, gpointer user_data);
218 get_interface_list(int *err, char *err_str)
221 gint nonloopback_pos = 0;
222 struct ifreq *ifr, *last;
224 struct ifreq ifrflags;
225 int sock = socket(AF_INET, SOCK_DGRAM, 0);
226 struct search_user_data user_data;
232 sprintf(err_str, "Error opening socket: %s",
238 * This code came from: W. Richard Stevens: "UNIX Network Programming",
239 * Networking APIs: Sockets and XTI, Vol 1, page 434.
242 len = 100 * sizeof(struct ifreq);
247 memset (buf, 0, len);
248 if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) {
249 if (errno != EINVAL || lastlen != 0) {
251 "SIOCGIFCONF ioctl error getting list of interfaces: %s",
256 if ((unsigned) ifc.ifc_len < sizeof(struct ifreq)) {
258 "SIOCGIFCONF ioctl gave too small return buffer");
261 if (ifc.ifc_len == lastlen)
262 break; /* success, len has not changed */
263 lastlen = ifc.ifc_len;
265 len += 10 * sizeof(struct ifreq); /* increment */
268 ifr = (struct ifreq *) ifc.ifc_req;
269 last = (struct ifreq *) ((char *) ifr + ifc.ifc_len);
272 * Skip addresses that begin with "dummy", or that include
273 * a ":" (the latter are Solaris virtuals).
275 if (strncmp(ifr->ifr_name, "dummy", 5) == 0 ||
276 strchr(ifr->ifr_name, ':') != NULL)
280 * If we already have this interface name on the list,
281 * don't add it (SIOCGIFCONF returns, at least on
282 * BSD-flavored systems, one entry per interface *address*;
283 * if an interface has multiple addresses, we get multiple
286 user_data.name = ifr->ifr_name;
287 user_data.found = FALSE;
288 g_list_foreach(il, search_for_if_cb, &user_data);
293 * Get the interface flags.
295 memset(&ifrflags, 0, sizeof ifrflags);
296 strncpy(ifrflags.ifr_name, ifr->ifr_name,
297 sizeof ifrflags.ifr_name);
298 if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
301 sprintf(err_str, "SIOCGIFFLAGS error getting flags for interface %s: %s",
302 ifr->ifr_name, strerror(errno));
307 * Skip interfaces that aren't up.
309 if (!(ifrflags.ifr_flags & IFF_UP))
313 * Skip interfaces that we can't open with "libpcap".
314 * Open with the minimum packet size - it appears that the
315 * IRIX SIOCSNOOPLEN "ioctl" may fail if the capture length
316 * supplied is too large, rather than just truncating it.
318 pch = pcap_open_live(ifr->ifr_name, MIN_PACKET_SIZE, 0, 0,
325 * If it's a loopback interface, add it at the end of the
326 * list, otherwise add it after the last non-loopback
327 * interface, so all loopback interfaces go at the end - we
328 * don't want a loopback interface to be the default capture
329 * device unless there are no non-loopback devices.
331 if ((ifrflags.ifr_flags & IFF_LOOPBACK) ||
332 strncmp(ifr->ifr_name, "lo", 2) == 0)
333 il = g_list_insert(il, g_strdup(ifr->ifr_name), -1);
335 il = g_list_insert(il, g_strdup(ifr->ifr_name),
338 * Insert the next non-loopback interface after this
346 ifr = (struct ifreq *) ((char *) ifr +
347 (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr) ?
348 ifr->ifr_addr.sa_len : sizeof(ifr->ifr_addr)) +
351 ifr = (struct ifreq *) ((char *) ifr + sizeof(struct ifreq));
357 * OK, maybe we have support for the "any" device, to do a cooked
358 * capture on all interfaces at once.
359 * Try opening it and, if that succeeds, add it to the end of
360 * the list of interfaces.
362 pch = pcap_open_live("any", MIN_PACKET_SIZE, 0, 0, err_str);
365 * It worked; we can use the "any" device.
367 il = g_list_insert(il, g_strdup("any"), -1);
377 * No interfaces found.
379 *err = NO_INTERFACES_FOUND;
385 free_interface_list(il);
388 *err = CANT_GET_INTERFACE_LIST;
393 search_for_if_cb(gpointer data, gpointer user_data)
395 struct search_user_data *search_user_data = user_data;
397 if (strcmp((char *)data, search_user_data->name) == 0)
398 search_user_data->found = TRUE;
401 #define MAX_WIN_IF_NAME_LEN 511
403 get_interface_list(int *err, char *err_str) {
407 char newname[MAX_WIN_IF_NAME_LEN + 1];
410 /* On Windows pcap_lookupdev is implemented by calling
411 * PacketGetAdapterNames. According to the documentation I can find
412 * (http://winpcap.polito.it/docs/dll.htm#PacketGetAdapterNames)
415 * On Windows 95x, pcap_lookupdev returns an ASCII string with the
416 * names of the adapters separated by a single ASCII "\0", a double
417 * "\0", followed by the descriptions of the adapters separated by a
418 * single ASCII "\0" . The string is terminated by a double "\0".
420 * On Windows NTx, pcap_lookupdev returns the names of the adapters,
421 * in UNICODE format, separated by a single UNICODE "\0" (i.e. 2
422 * ASCII "\0"), a double UNICODE "\0", followed by the descriptions
423 * of the adapters, in ASCII format, separated by a single ASCII
424 * "\0" . The string is terminated by a double ASCII "\0".
426 * We prepend the device name with a description to make it easier
427 * for users to choose the interface they want. This requires that
428 * we split out the device name later on in tethereal.c and gtk/main.c.
429 * It might be useful to have separate structures for raw names and
430 * descriptions at some point.
433 names = (wchar_t *)pcap_lookupdev(err_str);
441 /* If names[0] is less than 256 it means the first byte is 0
442 This implies that we are using unicode characters */
443 while(*(names+desc_pos) || *(names+desc_pos-1))
445 desc_pos++; /* Step over the extra '\0' */
446 desc = (char*)(names + desc_pos); /* cast *after* addition */
448 while (names[i] != 0)
452 if (j < MAX_WIN_IF_NAME_LEN)
453 newname[j++] = *desc++;
456 if (j < MAX_WIN_IF_NAME_LEN - 1) {
460 while (names[i] != 0) {
461 if (j < MAX_WIN_IF_NAME_LEN)
462 newname[j++] = names[i++];
466 il = g_list_append(il, g_strdup(newname));
470 /* Otherwise we are in Windows 95/98 and using ascii(8 bit)
472 win95names=(char *)names;
473 while(*(win95names+desc_pos) || *(win95names+desc_pos-1))
475 desc_pos++; /* Step over the extra '\0' */
476 desc = win95names + desc_pos;
478 while (win95names[i] != 0)
482 if (j < MAX_WIN_IF_NAME_LEN)
483 newname[j++] = *desc++;
486 if (j < MAX_WIN_IF_NAME_LEN - 1) {
490 while (win95names[i] != 0) {
491 if (j < MAX_WIN_IF_NAME_LEN)
492 newname[j++] = win95names[i++];
496 il = g_list_append(il, g_strdup(newname));
503 * No interfaces found.
505 *err = NO_INTERFACES_FOUND;
512 free_if_cb(gpointer data, gpointer user_data _U_)
518 free_interface_list(GList *if_list)
520 g_list_foreach(if_list, free_if_cb, NULL);
521 g_list_free(if_list);
524 #endif /* HAVE_LIBPCAP */