2 * Utility routines for packet capture
4 * $Id: pcap-util.c,v 1.22 2003/11/26 02:54:05 guy Exp $
6 * Ethereal - Network traffic analyzer
7 * By Gerald Combs <gerald@ethereal.com>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 #ifdef HAVE_SYS_TYPES_H
38 # include <sys/types.h>
41 #ifdef HAVE_SYS_SOCKET_H
42 #include <sys/socket.h>
48 #include <wtap-capture.h>
50 #include "pcap-util.h"
51 #include "pcap-util-int.h"
54 * Get the data-link type for a libpcap device.
55 * This works around AIX 5.x's non-standard and incompatible-with-the-
56 * rest-of-the-universe libpcap.
59 get_pcap_linktype(pcap_t *pch, char *devname
70 linktype = pcap_datalink(pch);
74 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
75 * rather than DLT_ values for link-layer types; the ifType values
76 * for LAN devices are:
83 * and the ifType value for a loopback device is 24.
85 * The AIX names for LAN devices begin with:
92 * and the AIX names for loopback devices begin with "lo".
94 * (The difference between "Ethernet" and "802.3" is presumably
95 * whether packets have an Ethernet header, with a packet type,
96 * or an 802.3 header, with a packet length, followed by an 802.2
97 * header and possibly a SNAP header.)
99 * If the device name matches "linktype" interpreted as an ifType
100 * value, rather than as a DLT_ value, we will assume this is AIX's
101 * non-standard, incompatible libpcap, rather than a standard libpcap,
102 * and will map the link-layer type to the standard DLT_ value for
103 * that link-layer type, as that's what the rest of Ethereal expects.
105 * (This means the capture files won't be readable by a tcpdump
106 * linked with AIX's non-standard libpcap, but so it goes. They
107 * *will* be readable by standard versions of tcpdump, Ethereal,
110 * XXX - if we conclude we're using AIX libpcap, should we also
111 * set a flag to cause us to assume the time stamps are in
112 * seconds-and-nanoseconds form, and to convert them to
113 * seconds-and-microseconds form before processing them and
118 * Find the last component of the device name, which is the
121 ifacename = strchr(devname, '/');
122 if (ifacename == NULL)
125 /* See if it matches any of the LAN device names. */
126 if (strncmp(ifacename, "en", 2) == 0) {
129 * That's the RFC 1573 value for Ethernet; map it
134 } else if (strncmp(ifacename, "et", 2) == 0) {
137 * That's the RFC 1573 value for 802.3; map it to
139 * (libpcap, tcpdump, Ethereal, etc. don't care if
140 * it's Ethernet or 802.3.)
144 } else if (strncmp(ifacename, "tr", 2) == 0) {
147 * That's the RFC 1573 value for 802.5 (Token Ring);
148 * map it to DLT_IEEE802, which is what's used for
153 } else if (strncmp(ifacename, "fi", 2) == 0) {
154 if (linktype == 15) {
156 * That's the RFC 1573 value for FDDI; map it to
161 } else if (strncmp(ifacename, "lo", 2) == 0) {
162 if (linktype == 24) {
164 * That's the RFC 1573 value for "software loopback"
165 * devices; map it to DLT_NULL, which is what's used
166 * for loopback devices on BSD.
177 if_info_new(char *name, char *description)
181 if_info = g_malloc(sizeof (if_info_t));
182 if_info->name = g_strdup(name);
183 if (description == NULL)
184 if_info->description = NULL;
186 if_info->description = g_strdup(description);
190 #ifdef HAVE_PCAP_FINDALLDEVS
192 get_interface_list_findalldevs(int *err, char *err_str)
195 pcap_if_t *alldevs, *dev;
198 if (pcap_findalldevs(&alldevs, err_str) == -1) {
199 *err = CANT_GET_INTERFACE_LIST;
203 if (alldevs == NULL) {
205 * No interfaces found.
207 *err = NO_INTERFACES_FOUND;
211 for (dev = alldevs; dev != NULL; dev = dev->next) {
212 if_info = if_info_new(dev->name, dev->description);
213 il = g_list_append(il, if_info);
215 pcap_freealldevs(alldevs);
219 #endif /* HAVE_PCAP_FINDALLDEVS */
222 free_if_cb(gpointer data, gpointer user_data _U_)
224 if_info_t *if_info = data;
226 g_free(if_info->name);
227 if (if_info->description != NULL)
228 g_free(if_info->description);
232 free_interface_list(GList *if_list)
234 g_list_foreach(if_list, free_if_cb, NULL);
235 g_list_free(if_list);
239 * Get the data-link types available for a libpcap device.
241 static data_link_info_t *
242 create_data_link_info(int dlt)
244 data_link_info_t *data_link_info;
245 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
246 const char *typename;
250 data_link_info = g_malloc(sizeof (data_link_info_t));
251 data_link_info->dlt = dlt;
252 #ifdef HAVE_PCAP_DATALINK_VAL_TO_NAME
253 typename = pcap_datalink_val_to_name(dlt);
254 if (typename != NULL)
255 data_link_info->name = g_strdup(typename);
258 data_link_info->name = g_strdup_printf("DLT %d", dlt);
259 wtap_encap = wtap_pcap_encap_to_wtap_encap(dlt);
260 if (wtap_encap == WTAP_ENCAP_UNKNOWN) {
262 * We don't support this in Wiretap.
263 * However, we should, so you can capture on it.
264 * Put in an entry for it, with no description.
266 data_link_info->description = NULL;
269 * If this is null, that's a bug in
270 * "wtap_pcap_encap_to_wtap_encap()" - it should always
271 * return a valid encapsulation type - so we assume it's
274 data_link_info->description =
275 g_strdup(wtap_encap_string(wtap_encap));
277 return data_link_info;
281 get_pcap_linktype_list(char *devname, char *err_buf)
283 GList *linktype_list = NULL;
286 #ifdef HAVE_PCAP_SET_DATALINK
290 data_link_info_t *data_link_info;
292 pch = pcap_open_live(devname, MIN_PACKET_SIZE, 0, 0, err_buf);
295 err_buf[0] = '\0'; /* an empty list doesn't mean an error */
296 deflt = get_pcap_linktype(pch, devname);
297 #ifdef HAVE_PCAP_LIST_DATALINKS
298 nlt = pcap_list_datalinks(pch, &linktypes);
299 if (nlt == 0 || linktypes == NULL)
301 for (i = 0; i < nlt; i++) {
302 data_link_info = create_data_link_info(linktypes[i]);
305 * XXX - for 802.11, make the most detailed 802.11
306 * version the default, rather than the one the
307 * device has as the default?
309 if (linktypes[i] == deflt)
310 linktype_list = g_list_prepend(linktype_list,
313 linktype_list = g_list_append(linktype_list,
318 data_link_info = create_data_link_info(deflt);
319 linktype_list = g_list_append(linktype_list, data_link_info);
323 return linktype_list;
327 free_linktype_cb(gpointer data, gpointer user_data _U_)
329 data_link_info_t *linktype_info = data;
331 g_free(linktype_info->name);
332 if (linktype_info->description != NULL)
333 g_free(linktype_info->description);
337 free_pcap_linktype_list(GList *linktype_list)
339 g_list_foreach(linktype_list, free_linktype_cb, NULL);
340 g_list_free(linktype_list);
343 /* Set the data link type on a pcap. */
345 set_pcap_linktype(pcap_t *pch, char *devname, int dlt)
347 #ifdef HAVE_PCAP_SET_DATALINK
348 if (pcap_set_datalink(pch, dlt) == 0)
349 return NULL; /* no error */
350 return pcap_geterr(pch);
352 /* Let them set it to the type it is; reject any other request. */
353 if (get_pcap_linktype(pch, devname) == dlt)
354 return NULL; /* no error */
355 return "That DLT is not one of the DLTs supported by this device";
359 #endif /* HAVE_LIBPCAP */