1 /* capture-pcap-util.c
2 * Utility routines for packet capture
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #include "config.h"
12 #define WS_LOG_DOMAIN LOG_DOMAIN_CAPCHILD
13
14 #ifdef HAVE_LIBPCAP
15
16 #include <glib.h>
17
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include <limits.h>
21 #include <string.h>
22
23 #include <sys/types.h>
24
25 #ifdef HAVE_SYS_SOCKET_H
26 #include <sys/socket.h>
27 #endif
28
29 #ifdef __APPLE__
30 #include <dlfcn.h>
31 #endif
32
33 #include "ws_attributes.h"
34
35 /*
36 * Linux bonding devices mishandle unknown ioctls; they fail
37 * with ENODEV rather than ENOTSUP, EOPNOTSUPP, or ENOTTY,
38 * so pcap_can_set_rfmon() returns a "no such device" indication
39 * if we try to do SIOCGIWMODE on them.
40 *
41 * So, on Linux, we check for bonding devices, if we can, before
42 * trying pcap_can_set_rfmon(), as pcap_can_set_rfmon() will
43 * end up trying SIOCGIWMODE on the device if that ioctl exists.
44 */
45 #if defined(HAVE_PCAP_CREATE) && defined(__linux__)
46
47 #include <sys/ioctl.h>
48
49 /*
50 * If we're building for a Linux version that supports bonding,
51 * HAVE_BONDING will be defined.
52 */
53
54 #ifdef HAVE_LINUX_SOCKIOS_H
55 #include <linux/sockios.h>
56 #endif
57
58 #ifdef HAVE_LINUX_IF_BONDING_H
59 #include <linux/if_bonding.h>
60 #endif
61
62 #if defined(BOND_INFO_QUERY_OLD) || defined(SIOCBONDINFOQUERY)
63 #define HAVE_BONDING
64 #endif
65
66 #endif /* defined(HAVE_PCAP_CREATE) && defined(__linux__) */
67
68 #include "capture/capture_ifinfo.h"
69 #include "capture/capture-pcap-util.h"
70 #include "capture/capture-pcap-util-int.h"
71
72 #include <wsutil/file_util.h>
73 #include <wsutil/please_report_bug.h>
74 #include <wsutil/wslog.h>
75
76 #ifndef _WIN32
77 #include <netinet/in.h>
78 #endif
79
80 #ifdef _WIN32
81 #include "capture/capture_win_ifnames.h" /* windows friendly interface names */
82 #endif
83
84 #if defined(__FreeBSD__) || defined(__OpenBSD__)
85 /*
86 * Needed for the code to get a device description.
87 */
88 #include <errno.h>
89 #include <net/if.h>
90 #include <sys/sockio.h>
91 #endif
92
93 /*
94 * Given an interface name, find the "friendly name" and interface
95 * type for the interface.
96 */
97
98 #if defined(HAVE_MACOS_FRAMEWORKS)
99
100 #include <CoreFoundation/CoreFoundation.h>
101 #include <SystemConfiguration/SystemConfiguration.h>
102
103 #include <wsutil/cfutils.h>
104
105 /*
106 * On macOS, we get the "friendly name" and interface type for the interface
107 * from the System Configuration framework.
108 *
109 * To find the System Configuration framework information for the
110 * interface, we get all the interfaces that the System Configuration
111 * framework knows about and look for the one with a "BSD name" matching
112 * the interface name.
113 *
114 * If we find it, we use its "localized display name", if it has one, as
115 * the "friendly name".
116 *
117 * As for the interface type:
118 *
119 * Yes, fetching all the network addresses for an interface gets you an
120 * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes
121 * an SNMP MIB-II ifType value.
122 *
123 * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
124 * not IFT_IEEE80211 (which isn't defined in macOS in any case).
125 *
126 * Perhaps some other BSD-flavored OSes won't make this mistake;
127 * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
128 * made the same mistake, at least for my Belkin ZyDAS stick.
129 *
130 * SCNetworkInterfaceGetInterfaceType() will get the interface
131 * type. The interface type is a CFString, and:
132 *
133 * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
134 * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
135 * kSCNetworkInterfaceTypeModem or
136 * kSCNetworkInterfaceTypePPP or
137 * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
138 */
139 static void
add_unix_interface_ifinfo(if_info_t * if_info,const char * name,const char * description _U_)140 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
141 const char *description _U_)
142 {
143 CFStringRef name_CFString;
144 CFArrayRef interfaces;
145 CFIndex num_interfaces;
146 CFIndex i;
147 SCNetworkInterfaceRef interface;
148 CFStringRef bsdname_CFString;
149 CFStringRef friendly_name_CFString;
150 CFStringRef interface_type_CFString;
151
152 interfaces = SCNetworkInterfaceCopyAll();
153 if (interfaces == NULL) {
154 /*
155 * Couldn't get a list of interfaces.
156 */
157 return;
158 }
159
160 name_CFString = CFStringCreateWithCString(kCFAllocatorDefault,
161 name, kCFStringEncodingUTF8);
162 if (name_CFString == NULL) {
163 /*
164 * Couldn't convert the interface name to a CFString.
165 */
166 CFRelease(interfaces);
167 return;
168 }
169
170 num_interfaces = CFArrayGetCount(interfaces);
171 for (i = 0; i < num_interfaces; i++) {
172 interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i);
173 bsdname_CFString = SCNetworkInterfaceGetBSDName(interface);
174 if (bsdname_CFString == NULL) {
175 /*
176 * This interface has no BSD name, so it's not
177 * a regular network interface.
178 */
179 continue;
180 }
181 if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) {
182 /*
183 * This is the interface.
184 * First, get the friendly name.
185 */
186 friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface);
187 if (friendly_name_CFString != NULL)
188 if_info->friendly_name = CFString_to_C_string(friendly_name_CFString);
189
190 /*
191 * Now get the interface type.
192 */
193 interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface);
194 if (CFStringCompare(interface_type_CFString,
195 kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo)
196 if_info->type = IF_WIRELESS;
197 else if (CFStringCompare(interface_type_CFString,
198 kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo)
199 if_info->type = IF_BLUETOOTH;
200 else if (CFStringCompare(interface_type_CFString,
201 kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo)
202 if_info->type = IF_DIALUP;
203 else if (CFStringCompare(interface_type_CFString,
204 kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo)
205 if_info->type = IF_DIALUP;
206 else if (CFStringCompare(interface_type_CFString,
207 kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo)
208 if_info->type = IF_DIALUP;
209 else
210 if_info->type = IF_WIRED;
211 break;
212 }
213 }
214
215 CFRelease(interfaces);
216 CFRelease(name_CFString);
217 }
218 #elif defined(__linux__)
219 /*
220 * Linux doesn't offer any form of "friendly name", but you can
221 * determine an interface type to some degree.
222 */
223 static void
add_unix_interface_ifinfo(if_info_t * if_info,const char * name,const char * description _U_)224 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
225 const char *description _U_)
226 {
227 char *wireless_path;
228 ws_statb64 statb;
229
230 /*
231 * Look for /sys/class/net/{device}/wireless. If it exists,
232 * it's a wireless interface.
233 */
234 wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
235 if (wireless_path != NULL) {
236 if (ws_stat64(wireless_path, &statb) == 0)
237 if_info->type = IF_WIRELESS;
238 g_free(wireless_path);
239 }
240 if (if_info->type == IF_WIRED) {
241 /*
242 * We still don't know what it is. Check for
243 * Bluetooth and USB devices.
244 */
245 if (strstr(name, "bluetooth") != NULL) {
246 /*
247 * XXX - this is for raw Bluetooth capture; what
248 * about IP-over-Bluetooth devices?
249 */
250 if_info->type = IF_BLUETOOTH;
251 } else if (strstr(name, "usbmon") != NULL)
252 if_info->type = IF_USB;
253 }
254 }
255 #else
256 /*
257 * On other UN*Xes, if there is a description, it's a friendly
258 * name, and there is no vendor description. ("Other UN*Xes"
259 * currently means "FreeBSD and OpenBSD".)
260 */
261 static void
add_unix_interface_ifinfo(if_info_t * if_info,const char * name _U_,const char * description)262 add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_,
263 const char *description)
264 {
265 if_info->friendly_name = g_strdup(description);
266 }
267 #endif
268
269 if_info_t *
if_info_get(const char * name)270 if_info_get(const char *name)
271 {
272 char *description = NULL;
273 if_info_t *if_info;
274 #ifdef SIOCGIFDESCR
275 /*
276 * Try to fetch the description of this interface.
277 * XXX - this is only here because libpcap has no API to
278 * get the description of a *single* interface; it really
279 * needs both an API to get pcapng-IDB-style attributes
280 * for a single interface and to get a list of interfaces
281 * with pcapng-IDB-style attributes for each interface.
282 */
283 int s;
284 struct ifreq ifrdesc;
285 #ifndef IFDESCRSIZE
286 size_t descrlen = 64;
287 #else
288 size_t descrlen = IFDESCRSIZE;
289 #endif /* IFDESCRSIZE */
290
291 /*
292 * Get the description for the interface.
293 */
294 memset(&ifrdesc, 0, sizeof ifrdesc);
295 (void) g_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
296 s = socket(AF_INET, SOCK_DGRAM, 0);
297 if (s >= 0) {
298 #ifdef __FreeBSD__
299 /*
300 * On FreeBSD, if the buffer isn't big enough for the
301 * description, the ioctl succeeds, but the description
302 * isn't copied, ifr_buffer.length is set to the description
303 * length, and ifr_buffer.buffer is set to NULL.
304 */
305 for (;;) {
306 g_free(description);
307 if ((description = (char*)g_malloc(descrlen)) != NULL) {
308 ifrdesc.ifr_buffer.buffer = description;
309 ifrdesc.ifr_buffer.length = descrlen;
310 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
311 if (ifrdesc.ifr_buffer.buffer ==
312 description)
313 break;
314 else
315 descrlen = ifrdesc.ifr_buffer.length;
316 } else {
317 /*
318 * Failed to get interface description.
319 */
320 g_free(description);
321 description = NULL;
322 break;
323 }
324 } else
325 break;
326 }
327 #else /* __FreeBSD__ */
328 /*
329 * The only other OS that currently supports
330 * SIOCGIFDESCR is OpenBSD, and it has no way
331 * to get the description length - it's clamped
332 * to a maximum of IFDESCRSIZE.
333 */
334 if ((description = (char*)g_malloc(descrlen)) != NULL) {
335 ifrdesc.ifr_data = (caddr_t)description;
336 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
337 /*
338 * Failed to get interface description.
339 */
340 g_free(description);
341 description = NULL;
342 }
343 }
344 #endif /* __FreeBSD__ */
345 close(s);
346 if (description != NULL && strlen(description) == 0) {
347 /*
348 * Description is empty, so discard it.
349 */
350 g_free(description);
351 description = NULL;
352 }
353 }
354
355 #ifdef __FreeBSD__
356 /*
357 * For FreeBSD, if we didn't get a description, and this is
358 * a device with a name of the form usbusN, label it as a USB
359 * bus.
360 */
361 if (description == NULL) {
362 if (strncmp(name, "usbus", 5) == 0) {
363 /*
364 * OK, it begins with "usbus".
365 */
366 long busnum;
367 char *p;
368
369 errno = 0;
370 busnum = strtol(name + 5, &p, 10);
371 if (errno == 0 && p != name + 5 && *p == '\0' &&
372 busnum >= 0 && busnum <= INT_MAX) {
373 /*
374 * OK, it's a valid number that's not
375 * bigger than INT_MAX. Construct
376 * a description from it.
377 */
378 static const char descr_prefix[] = "USB bus number ";
379 size_t descr_size;
380
381 /*
382 * Allow enough room for a 32-bit bus number.
383 * sizeof (descr_prefix) includes the
384 * terminating NUL.
385 */
386 descr_size = sizeof (descr_prefix) + 10;
387 description = g_malloc(descr_size);
388 if (description != NULL) {
389 g_snprintf(description, descr_size,
390 "%s%ld", descr_prefix, busnum);
391 }
392 }
393 }
394 }
395 #endif /* __FreeBSD__ */
396 #endif /* SIOCGIFDESCR */
397 if_info = if_info_new(name, description, FALSE);
398 g_free(description);
399 return if_info;
400 }
401
402 void
if_info_free(if_info_t * if_info)403 if_info_free(if_info_t *if_info)
404 {
405 g_free(if_info->name);
406 g_free(if_info->friendly_name);
407 g_free(if_info->vendor_description);
408 g_free(if_info->extcap);
409 g_slist_free_full(if_info->addrs, g_free);
410 g_free(if_info);
411 }
412
413 if_info_t *
if_info_new(const char * name,const char * description,gboolean loopback)414 if_info_new(const char *name, const char *description, gboolean loopback)
415 {
416 if_info_t *if_info;
417 #ifdef _WIN32
418 const char *guid_text;
419 GUID guid;
420 #endif
421
422 if_info = g_new(if_info_t, 1);
423 if_info->name = g_strdup(name);
424 if_info->friendly_name = NULL; /* default - unknown */
425 if_info->vendor_description = NULL;
426 if_info->type = IF_WIRED; /* default */
427 if_info->extcap = g_strdup("");
428 #ifdef _WIN32
429 /*
430 * Get the interface type.
431 *
432 * Much digging failed to reveal any obvious way to get something
433 * such as the SNMP MIB-II ifType value for an interface:
434 *
435 * https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib
436 *
437 * by making some NDIS request. And even if there were such
438 * a way, there's no guarantee that the ifType reflects an
439 * interface type that a user would view as correct (for
440 * example, some systems report Wi-Fi interfaces as
441 * Ethernet interfaces).
442 *
443 * So we look for keywords in the vendor's interface
444 * description.
445 */
446 if (description && (strstr(description, "generic dialup") != NULL ||
447 strstr(description, "PPP/SLIP") != NULL)) {
448 if_info->type = IF_DIALUP;
449 } else if (description && (strstr(description, "Wireless") != NULL ||
450 strstr(description,"802.11") != NULL)) {
451 if_info->type = IF_WIRELESS;
452 } else if (description && strstr(description, "AirPcap") != NULL ||
453 strstr(name, "airpcap") != NULL) {
454 if_info->type = IF_AIRPCAP;
455 } else if (description && strstr(description, "Bluetooth") != NULL ) {
456 if_info->type = IF_BLUETOOTH;
457 } else if (description && strstr(description, "VMware") != NULL) {
458 /*
459 * Bridge, NAT, or host-only interface on a VMware host.
460 *
461 * XXX - what about guest interfaces?
462 */
463 if_info->type = IF_VIRTUAL;
464 }
465
466 /*
467 * On Windows, the "description" is a vendor description,
468 * and the friendly name isn't returned by Npcap/WinPcap.
469 * Fetch it ourselves.
470 */
471
472 /*
473 * Skip over the "\Device\NPF_" prefix in the device name,
474 * if present.
475 */
476 if (strncmp("\\Device\\NPF_", name, 12) == 0)
477 guid_text = name + 12;
478 else
479 guid_text = name;
480
481 /* Now try to parse what remains as a GUID. */
482 if (parse_as_guid(guid_text, &guid)) {
483 /*
484 * Success. Try to get a friendly name using the GUID.
485 * As this is a regular interface, the description is a
486 * vendor description.
487 */
488 if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid);
489 if_info->vendor_description = g_strdup(description);
490 } else {
491 /*
492 * This is probably not a regular interface; we only
493 * support NT 5 (W2K) and later, so all regular interfaces
494 * should have GUIDs at the end of the name. Therefore,
495 * the description, if supplied, is a friendly name
496 * provided by WinPcap, and there is no vendor
497 * description.
498 */
499 if_info->friendly_name = g_strdup(description);
500 if_info->vendor_description = NULL;
501 }
502 #else
503 /*
504 * On UN*X, if there is a description, it's a friendly
505 * name, and there is no vendor description.
506 *
507 * Try the platform's way of getting a friendly name and
508 * interface type first.
509 *
510 * If that fails, then, for a loopback interface, give it the
511 * friendly name "Loopback" and, for VMware interfaces,
512 * give them the type IF_VIRTUAL.
513 */
514 add_unix_interface_ifinfo(if_info, name, description);
515 if (if_info->type == IF_WIRED) {
516 /*
517 * This is the default interface type.
518 *
519 * Bridge, NAT, or host-only interfaces on VMWare hosts
520 * have the name vmnet[0-9]+. Guests might use a native
521 * (LANCE or E1000) driver or the vmxnet driver. Check
522 * the name.
523 */
524 if (g_ascii_strncasecmp(name, "vmnet", 5) == 0)
525 if_info->type = IF_VIRTUAL;
526 else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0)
527 if_info->type = IF_VIRTUAL;
528 }
529 if (if_info->friendly_name == NULL) {
530 /*
531 * We couldn't get interface information using platform-
532 * dependent calls.
533 *
534 * If this is a loopback interface, give it a
535 * "friendly name" of "Loopback".
536 */
537 if (loopback)
538 if_info->friendly_name = g_strdup("Loopback");
539 }
540 if_info->vendor_description = NULL;
541 #endif
542 if_info->loopback = loopback;
543 if_info->addrs = NULL;
544 return if_info;
545 }
546
547 void
if_info_add_address(if_info_t * if_info,struct sockaddr * addr)548 if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
549 {
550 if_addr_t *if_addr;
551 struct sockaddr_in *ai;
552 struct sockaddr_in6 *ai6;
553
554 switch (addr->sa_family) {
555
556 case AF_INET:
557 ai = (struct sockaddr_in *)(void *)addr;
558 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
559 if_addr->ifat_type = IF_AT_IPv4;
560 if_addr->addr.ip4_addr =
561 *((guint32 *)&(ai->sin_addr.s_addr));
562 if_info->addrs = g_slist_prepend(if_info->addrs, if_addr);
563 break;
564
565 case AF_INET6:
566 ai6 = (struct sockaddr_in6 *)(void *)addr;
567 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
568 if_addr->ifat_type = IF_AT_IPv6;
569 memcpy((void *)&if_addr->addr.ip6_addr,
570 (void *)&ai6->sin6_addr.s6_addr,
571 sizeof if_addr->addr.ip6_addr);
572 if_info->addrs = g_slist_prepend(if_info->addrs, if_addr);
573 break;
574 }
575 }
576
577 /*
578 * Get all IP address information for the given interface.
579 */
580 static void
if_info_ip(if_info_t * if_info,pcap_if_t * d)581 if_info_ip(if_info_t *if_info, pcap_if_t *d)
582 {
583 pcap_addr_t *a;
584
585 /* All addresses */
586 for (a = d->addresses; a != NULL; a = a->next) {
587 if (a->addr != NULL)
588 if_info_add_address(if_info, a->addr);
589 }
590
591 if(if_info->addrs){
592 if_info->addrs = g_slist_reverse(if_info->addrs);
593 }
594 }
595
596 #ifdef HAVE_PCAP_REMOTE
597 GList *
get_interface_list_findalldevs_ex(const char * hostname,const char * port,int auth_type,const char * username,const char * passwd,int * err,char ** err_str)598 get_interface_list_findalldevs_ex(const char *hostname, const char *port,
599 int auth_type, const char *username,
600 const char *passwd, int *err, char **err_str)
601 {
602 char source[PCAP_BUF_SIZE];
603 struct pcap_rmtauth auth;
604 GList *il = NULL;
605 pcap_if_t *alldevs, *dev;
606 if_info_t *if_info;
607 /*
608 * WinPcap can overflow PCAP_ERRBUF_SIZE if the host is unreachable.
609 * Fudge a larger size.
610 */
611 char errbuf[PCAP_ERRBUF_SIZE*4];
612
613 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
614 NULL, errbuf) == -1) {
615 *err = CANT_GET_INTERFACE_LIST;
616 if (err_str != NULL)
617 *err_str = cant_get_if_list_error_message(errbuf);
618 return NULL;
619 }
620
621 auth.type = auth_type;
622 auth.username = g_strdup(username);
623 auth.password = g_strdup(passwd);
624
625 if (pcap_findalldevs_ex(source, &auth, &alldevs, errbuf) == -1) {
626 *err = CANT_GET_INTERFACE_LIST;
627 if (err_str != NULL)
628 *err_str = cant_get_if_list_error_message(errbuf);
629 g_free(auth.username);
630 g_free(auth.password);
631 return NULL;
632 }
633
634 if (alldevs == NULL) {
635 /*
636 * No interfaces found.
637 */
638 *err = 0;
639 if (err_str != NULL)
640 *err_str = NULL;
641 g_free(auth.username);
642 g_free(auth.password);
643 return NULL;
644 }
645
646 for (dev = alldevs; dev != NULL; dev = dev->next) {
647 if_info = if_info_new(dev->name, dev->description,
648 (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
649 il = g_list_append(il, if_info);
650 if_info_ip(if_info, dev);
651 }
652 pcap_freealldevs(alldevs);
653 g_free(auth.username);
654 g_free(auth.password);
655
656 return il;
657 }
658 #endif
659
660 GList *
get_interface_list_findalldevs(int * err,char ** err_str)661 get_interface_list_findalldevs(int *err, char **err_str)
662 {
663 GList *il = NULL;
664 pcap_if_t *alldevs, *dev;
665 if_info_t *if_info;
666 char errbuf[PCAP_ERRBUF_SIZE];
667
668 if (pcap_findalldevs(&alldevs, errbuf) == -1) {
669 *err = CANT_GET_INTERFACE_LIST;
670 if (err_str != NULL)
671 *err_str = cant_get_if_list_error_message(errbuf);
672 return NULL;
673 }
674
675 if (alldevs == NULL) {
676 /*
677 * No interfaces found.
678 */
679 *err = 0;
680 if (err_str != NULL)
681 *err_str = NULL;
682 return NULL;
683 }
684
685 for (dev = alldevs; dev != NULL; dev = dev->next) {
686 if_info = if_info_new(dev->name, dev->description,
687 (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
688 il = g_list_append(il, if_info);
689 if_info_ip(if_info, dev);
690 }
691 pcap_freealldevs(alldevs);
692
693 return il;
694 }
695
696 static void
free_if_cb(gpointer data,gpointer user_data _U_)697 free_if_cb(gpointer data, gpointer user_data _U_)
698 {
699 if_info_free((if_info_t *)data);
700 }
701
702 void
free_interface_list(GList * if_list)703 free_interface_list(GList *if_list)
704 {
705 g_list_foreach(if_list, free_if_cb, NULL);
706 g_list_free(if_list);
707 }
708
709 static void
free_linktype_cb(gpointer data,gpointer user_data _U_)710 free_linktype_cb(gpointer data, gpointer user_data _U_)
711 {
712 data_link_info_t *linktype_info = (data_link_info_t *)data;
713
714 g_free(linktype_info->name);
715 g_free(linktype_info->description);
716 g_free(linktype_info);
717 }
718
719 static void
free_timestamp_cb(gpointer data,gpointer user_data _U_)720 free_timestamp_cb(gpointer data, gpointer user_data _U_)
721 {
722 timestamp_info_t *timestamp_info = (timestamp_info_t *)data;
723
724 g_free(timestamp_info->name);
725 g_free(timestamp_info->description);
726 g_free(data);
727 }
728
729 void
free_if_capabilities(if_capabilities_t * caps)730 free_if_capabilities(if_capabilities_t *caps)
731 {
732 g_list_foreach(caps->data_link_types, free_linktype_cb, NULL);
733 g_list_free(caps->data_link_types);
734
735 g_list_foreach(caps->timestamp_types, free_timestamp_cb, NULL);
736 g_list_free(caps->timestamp_types);
737
738 g_free(caps);
739 }
740
741 const char *
linktype_val_to_name(int dlt)742 linktype_val_to_name(int dlt)
743 {
744 return pcap_datalink_val_to_name(dlt);
745 }
746
747 int
linktype_name_to_val(const char * linktype)748 linktype_name_to_val(const char *linktype)
749 {
750 return pcap_datalink_name_to_val(linktype);
751 }
752
753 /*
754 * Get the data-link type for a libpcap device.
755 * This works around AIX 5.x's non-standard and incompatible-with-the-
756 * rest-of-the-universe libpcap.
757 */
758 int
get_pcap_datalink(pcap_t * pch,const char * devicename)759 get_pcap_datalink(pcap_t *pch,
760 #ifdef _AIX
761 const char* devicename
762 #else
763 const char* devicename _U_
764 #endif
765 )
766 {
767 int datalink;
768 #ifdef _AIX
769 const char *ifacename;
770 #endif
771
772 datalink = pcap_datalink(pch);
773 #ifdef _AIX
774
775 /*
776 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
777 * rather than DLT_ values for link-layer types; the ifType values
778 * for LAN devices are:
779 *
780 * Ethernet 6
781 * 802.3 7
782 * Token Ring 9
783 * FDDI 15
784 *
785 * and the ifType value for a loopback device is 24.
786 *
787 * The AIX names for LAN devices begin with:
788 *
789 * Ethernet en
790 * 802.3 et
791 * Token Ring tr
792 * FDDI fi
793 *
794 * and the AIX names for loopback devices begin with "lo".
795 *
796 * (The difference between "Ethernet" and "802.3" is presumably
797 * whether packets have an Ethernet header, with a packet type,
798 * or an 802.3 header, with a packet length, followed by an 802.2
799 * header and possibly a SNAP header.)
800 *
801 * If the device name matches "datalink" interpreted as an ifType
802 * value, rather than as a DLT_ value, we will assume this is AIX's
803 * non-standard, incompatible libpcap, rather than a standard libpcap,
804 * and will map the link-layer type to the standard DLT_ value for
805 * that link-layer type, as that's what the rest of Wireshark expects.
806 *
807 * (This means the capture files won't be readable by a tcpdump
808 * linked with AIX's non-standard libpcap, but so it goes. They
809 * *will* be readable by standard versions of tcpdump, Wireshark,
810 * and so on.)
811 *
812 * XXX - if we conclude we're using AIX libpcap, should we also
813 * set a flag to cause us to assume the time stamps are in
814 * seconds-and-nanoseconds form, and to convert them to
815 * seconds-and-microseconds form before processing them and
816 * writing them out?
817 */
818
819 /*
820 * Find the last component of the device name, which is the
821 * interface name.
822 */
823 ifacename = strchr(devicename, '/');
824 if (ifacename == NULL)
825 ifacename = devicename;
826
827 /* See if it matches any of the LAN device names. */
828 if (strncmp(ifacename, "en", 2) == 0) {
829 if (datalink == 6) {
830 /*
831 * That's the RFC 1573 value for Ethernet;
832 * map it to DLT_EN10MB.
833 */
834 datalink = 1;
835 }
836 } else if (strncmp(ifacename, "et", 2) == 0) {
837 if (datalink == 7) {
838 /*
839 * That's the RFC 1573 value for 802.3;
840 * map it to DLT_EN10MB.
841 *
842 * (libpcap, tcpdump, Wireshark, etc. don't
843 * care if it's Ethernet or 802.3.)
844 */
845 datalink = 1;
846 }
847 } else if (strncmp(ifacename, "tr", 2) == 0) {
848 if (datalink == 9) {
849 /*
850 * That's the RFC 1573 value for 802.5 (Token Ring);
851 * map it to DLT_IEEE802, which is what's used for
852 * Token Ring.
853 */
854 datalink = 6;
855 }
856 } else if (strncmp(ifacename, "fi", 2) == 0) {
857 if (datalink == 15) {
858 /*
859 * That's the RFC 1573 value for FDDI;
860 * map it to DLT_FDDI.
861 */
862 datalink = 10;
863 }
864 } else if (strncmp(ifacename, "lo", 2) == 0) {
865 if (datalink == 24) {
866 /*
867 * That's the RFC 1573 value for "software loopback"
868 * devices; map it to DLT_NULL, which is what's used
869 * for loopback devices on BSD.
870 */
871 datalink = 0;
872 }
873 }
874 #endif
875
876 return datalink;
877 }
878
879 /* Set the data link type on a pcap. */
880 gboolean
set_pcap_datalink(pcap_t * pcap_h,int datalink,char * name,char * errmsg,size_t errmsg_len,char * secondary_errmsg,size_t secondary_errmsg_len)881 set_pcap_datalink(pcap_t *pcap_h, int datalink, char *name,
882 char *errmsg, size_t errmsg_len,
883 char *secondary_errmsg, size_t secondary_errmsg_len)
884 {
885 char *set_datalink_err_str;
886
887 if (datalink == -1)
888 return TRUE; /* just use the default */
889 if (pcap_set_datalink(pcap_h, datalink) == 0)
890 return TRUE; /* no error */
891 set_datalink_err_str = pcap_geterr(pcap_h);
892 g_snprintf(errmsg, (gulong) errmsg_len, "Unable to set data link type on interface '%s' (%s).",
893 name, set_datalink_err_str);
894 /*
895 * If the error isn't "XXX is not one of the DLTs supported by this device",
896 * tell the user to tell the Wireshark developers about it.
897 */
898 if (strstr(set_datalink_err_str, "is not one of the DLTs supported by this device") == NULL)
899 g_snprintf(secondary_errmsg, (gulong) secondary_errmsg_len,
900 "%s", please_report_bug());
901 else
902 secondary_errmsg[0] = '\0';
903 return FALSE;
904 }
905
906 static data_link_info_t *
create_data_link_info(int dlt)907 create_data_link_info(int dlt)
908 {
909 data_link_info_t *data_link_info;
910 const char *text;
911
912 data_link_info = g_new(data_link_info_t, 1);
913 data_link_info->dlt = dlt;
914 text = pcap_datalink_val_to_name(dlt);
915 if (text != NULL)
916 data_link_info->name = g_strdup(text);
917 else
918 data_link_info->name = g_strdup_printf("DLT %d", dlt);
919 text = pcap_datalink_val_to_description(dlt);
920 data_link_info->description = g_strdup(text);
921 return data_link_info;
922 }
923
924 static GList *
get_data_link_types(pcap_t * pch,interface_options * interface_opts,cap_device_open_status * status,char ** status_str)925 get_data_link_types(pcap_t *pch, interface_options *interface_opts,
926 cap_device_open_status *status, char **status_str)
927 {
928 GList *data_link_types;
929 int deflt;
930 int *linktypes;
931 int i, nlt;
932 data_link_info_t *data_link_info;
933
934 deflt = get_pcap_datalink(pch, interface_opts->name);
935 nlt = pcap_list_datalinks(pch, &linktypes);
936 if (nlt < 0) {
937 /*
938 * A negative return is an error.
939 */
940 #ifdef HAVE_PCAP_CREATE
941 /*
942 * If we have pcap_create(), we have
943 * pcap_statustostr(), and we can get back errors
944 * other than PCAP_ERROR (-1), such as
945 * PCAP_ERROR_NOT_ACTIVATED. and we should report
946 * them properly.
947 */
948 if (nlt == PCAP_ERROR) {
949 *status = CAP_DEVICE_OPEN_ERR_GENERIC;
950 *status_str = g_strdup_printf("pcap_list_datalinks() failed: %s",
951 pcap_geterr(pch));
952 } else {
953 if (nlt == PCAP_ERROR_PERM_DENIED)
954 *status = CAP_DEVICE_OPEN_ERR_PERMISSIONS;
955 else
956 *status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
957 *status_str = g_strdup(pcap_statustostr(nlt));
958 }
959 #else /* HAVE_PCAP_CREATE */
960 *status = CAP_DEVICE_OPEN_ERR_GENERIC;
961 *status_str = g_strdup_printf("pcap_list_datalinks() failed: %s",
962 pcap_geterr(pch));
963 #endif /* HAVE_PCAP_CREATE */
964 return NULL;
965 }
966 data_link_types = NULL;
967 for (i = 0; i < nlt; i++) {
968 data_link_info = create_data_link_info(linktypes[i]);
969
970 /*
971 * XXX - for 802.11, make the most detailed 802.11
972 * version the default, rather than the one the
973 * device has as the default?
974 */
975 if (linktypes[i] == deflt)
976 data_link_types = g_list_prepend(data_link_types,
977 data_link_info);
978 else
979 data_link_types = g_list_append(data_link_types,
980 data_link_info);
981 }
982 #ifdef HAVE_PCAP_FREE_DATALINKS
983 pcap_free_datalinks(linktypes);
984 #else
985 /*
986 * In Windows, there's no guarantee that if you have a library
987 * built with one version of the MSVC++ run-time library, and
988 * it returns a pointer to allocated data, you can free that
989 * data from a program linked with another version of the
990 * MSVC++ run-time library.
991 *
992 * This is not an issue on UN*X.
993 *
994 * See the mail threads starting at
995 *
996 * https://www.winpcap.org/pipermail/winpcap-users/2006-September/001421.html
997 *
998 * and
999 *
1000 * https://www.winpcap.org/pipermail/winpcap-users/2008-May/002498.html
1001 */
1002 #ifndef _WIN32
1003 #define xx_free free /* hack so checkAPIs doesn't complain */
1004 xx_free(linktypes);
1005 #endif /* _WIN32 */
1006 #endif /* HAVE_PCAP_FREE_DATALINKS */
1007
1008 *status_str = NULL;
1009 return data_link_types;
1010 }
1011
1012 /* Get supported timestamp types for a libpcap device. */
1013 static GList*
get_pcap_timestamp_types(pcap_t * pch _U_,char ** err_str _U_)1014 get_pcap_timestamp_types(pcap_t *pch _U_, char **err_str _U_)
1015 {
1016 GList *list = NULL;
1017 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1018 int *types;
1019 int ntypes = pcap_list_tstamp_types(pch, &types);
1020
1021 if (err_str)
1022 *err_str = ntypes < 0 ? pcap_geterr(pch) : NULL;
1023
1024 if (ntypes <= 0)
1025 return NULL;
1026
1027 while (ntypes--) {
1028 timestamp_info_t *info = (timestamp_info_t *)g_malloc(sizeof *info);
1029 info->name = g_strdup(pcap_tstamp_type_val_to_name(types[ntypes]));
1030 info->description = g_strdup(pcap_tstamp_type_val_to_description(types[ntypes]));
1031 list = g_list_prepend(list, info);
1032 }
1033
1034 pcap_free_tstamp_types(types);
1035 #endif
1036 return list;
1037 }
1038
1039 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
1040 /*
1041 * Request high-resolution time stamps.
1042 *
1043 * We don't check for errors - if this fails, we just live with boring old
1044 * microsecond-resolution time stamps. The only errors pcap_set_tstamp_precision()
1045 * is documenting as returning are PCAP_ERROR_TSTAMP_PRECISION_NOTSUP, which just
1046 * means we can't do nanosecond precision on this adapter, in which case we
1047 * just live with whatever resolution we get by default, and
1048 * PCAP_ERROR_ACTIVATED, which shouldn't happen as we shouldn't call this
1049 * after we've activated the pcap_t.
1050 */
1051 void
request_high_resolution_timestamp(pcap_t * pcap_h)1052 request_high_resolution_timestamp(pcap_t *pcap_h)
1053 {
1054 #ifdef __APPLE__
1055 /*
1056 * On macOS, if you build with a newer SDK, pcap_set_tstamp_precision()
1057 * is available, so the code will be built with it.
1058 *
1059 * However, if you then try to run on an older release that
1060 * doesn't have pcap_set_tstamp_precision(), the dynamic linker
1061 * will fail, as it won't find pcap_set_tstamp_precision().
1062 *
1063 * libpcap doesn't use macOS "weak linking" for new routines,
1064 * so we can't just check whether a pointer to
1065 * pcap_set_tstamp_precision() is null and, if it is, not
1066 * call it. We have to, instead, use dlopen() to load
1067 * libpcap, and dlsym() to find a pointer to pcap_set_tstamp_precision(),
1068 * and if we find the pointer, call it.
1069 */
1070 static gboolean initialized = FALSE;
1071 static int (*p_pcap_set_tstamp_precision)(pcap_t *, int);
1072
1073 if (!initialized) {
1074 p_pcap_set_tstamp_precision =
1075 (int (*)(pcap_t *, int))
1076 dlsym(RTLD_NEXT, "pcap_set_tstamp_precision");
1077 initialized = TRUE;
1078 }
1079 if (p_pcap_set_tstamp_precision != NULL)
1080 (*p_pcap_set_tstamp_precision)(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
1081 #else /* __APPLE__ */
1082 /*
1083 * On other UN*Xes we require that we be run on an OS version
1084 * with a libpcap equal to or later than the version with which
1085 * we were built.
1086 */
1087 pcap_set_tstamp_precision(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
1088 #endif /* __APPLE__ */
1089 }
1090
1091 /*
1092 * Return TRUE if the pcap_t in question is set up for high-precision
1093 * time stamps, FALSE otherwise.
1094 */
1095 gboolean
have_high_resolution_timestamp(pcap_t * pcap_h)1096 have_high_resolution_timestamp(pcap_t *pcap_h)
1097 {
1098 #ifdef __APPLE__
1099 /*
1100 * See above.
1101 */
1102 static gboolean initialized = FALSE;
1103 static int (*p_pcap_get_tstamp_precision)(pcap_t *);
1104
1105 if (!initialized) {
1106 p_pcap_get_tstamp_precision =
1107 (int (*)(pcap_t *))
1108 dlsym(RTLD_NEXT, "pcap_get_tstamp_precision");
1109 initialized = TRUE;
1110 }
1111 if (p_pcap_get_tstamp_precision != NULL)
1112 return (*p_pcap_get_tstamp_precision)(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
1113 else
1114 return FALSE; /* Can't get implies couldn't set */
1115 #else /* __APPLE__ */
1116 /*
1117 * On other UN*Xes we require that we be run on an OS version
1118 * with a libpcap equal to or later than the version with which
1119 * we were built.
1120 */
1121 return pcap_get_tstamp_precision(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
1122 #endif /* __APPLE__ */
1123 }
1124
1125 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1126
1127 #ifdef HAVE_PCAP_CREATE
1128 #ifdef HAVE_BONDING
1129 static gboolean
is_linux_bonding_device(const char * ifname)1130 is_linux_bonding_device(const char *ifname)
1131 {
1132 int fd;
1133 struct ifreq ifr;
1134 ifbond ifb;
1135
1136 fd = socket(PF_INET, SOCK_DGRAM, 0);
1137 if (fd == -1)
1138 return FALSE;
1139
1140 memset(&ifr, 0, sizeof ifr);
1141 (void) g_strlcpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name);
1142 memset(&ifb, 0, sizeof ifb);
1143 ifr.ifr_data = (caddr_t)&ifb;
1144 #if defined(SIOCBONDINFOQUERY)
1145 if (ioctl(fd, SIOCBONDINFOQUERY, &ifr) == 0) {
1146 close(fd);
1147 return TRUE;
1148 }
1149 #else
1150 if (ioctl(fd, BOND_INFO_QUERY_OLD, &ifr) == 0) {
1151 close(fd);
1152 return TRUE;
1153 }
1154 #endif
1155
1156 close(fd);
1157 return FALSE;
1158 }
1159 #else
1160 static gboolean
is_linux_bonding_device(const char * ifname _U_)1161 is_linux_bonding_device(const char *ifname _U_)
1162 {
1163 return FALSE;
1164 }
1165 #endif
1166
1167 if_capabilities_t *
get_if_capabilities_pcap_create(interface_options * interface_opts,cap_device_open_status * open_status,char ** open_status_str)1168 get_if_capabilities_pcap_create(interface_options *interface_opts,
1169 cap_device_open_status *open_status, char **open_status_str)
1170 {
1171 if_capabilities_t *caps;
1172 char errbuf[PCAP_ERRBUF_SIZE];
1173 pcap_t *pch;
1174 int status;
1175
1176 pch = pcap_create(interface_opts->name, errbuf);
1177 if (pch == NULL) {
1178 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1179 *open_status_str = g_strdup(errbuf);
1180 return NULL;
1181 }
1182
1183 if (is_linux_bonding_device(interface_opts->name)) {
1184 /*
1185 * Linux bonding device; not Wi-Fi, so no monitor mode, and
1186 * calling pcap_can_set_rfmon() might get a "no such device"
1187 * error.
1188 */
1189 status = 0;
1190 } else {
1191 /*
1192 * Not a Linux bonding device, so go ahead.
1193 */
1194 status = pcap_can_set_rfmon(pch);
1195 }
1196 if (status < 0) {
1197 /* Error. */
1198 if (status == PCAP_ERROR) {
1199 *open_status = CAP_DEVICE_OPEN_ERR_GENERIC;
1200 *open_status_str = g_strdup_printf("pcap_can_set_rfmon() failed: %s",
1201 pcap_geterr(pch));
1202 } else {
1203 if (status == PCAP_ERROR_PERM_DENIED)
1204 *open_status = CAP_DEVICE_OPEN_ERR_PERMISSIONS;
1205 else
1206 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1207 *open_status_str = g_strdup(pcap_statustostr(status));
1208 }
1209 pcap_close(pch);
1210 return NULL;
1211 }
1212 caps = (if_capabilities_t *)g_malloc(sizeof *caps);
1213 if (status == 0)
1214 caps->can_set_rfmon = FALSE;
1215 else if (status == 1) {
1216 caps->can_set_rfmon = TRUE;
1217 if (interface_opts->monitor_mode)
1218 pcap_set_rfmon(pch, 1);
1219 } else {
1220 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1221 *open_status_str = g_strdup_printf("pcap_can_set_rfmon() returned %d",
1222 status);
1223 pcap_close(pch);
1224 g_free(caps);
1225 return NULL;
1226 }
1227
1228 status = pcap_activate(pch);
1229 if (status < 0) {
1230 /* Error. */
1231 if (status == PCAP_ERROR) {
1232 *open_status = CAP_DEVICE_OPEN_ERR_GENERIC;
1233 *open_status_str = g_strdup_printf("pcap_activate() failed: %s",
1234 pcap_geterr(pch));
1235 } else {
1236 if (status == PCAP_ERROR_PERM_DENIED)
1237 *open_status = CAP_DEVICE_OPEN_ERR_PERMISSIONS;
1238 else
1239 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1240 *open_status_str = g_strdup(pcap_statustostr(status));
1241 }
1242 pcap_close(pch);
1243 g_free(caps);
1244 return NULL;
1245 }
1246
1247 caps->data_link_types = get_data_link_types(pch, interface_opts,
1248 open_status, open_status_str);
1249 if (caps->data_link_types == NULL) {
1250 pcap_close(pch);
1251 g_free(caps);
1252 return NULL;
1253 }
1254
1255 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1256
1257 pcap_close(pch);
1258
1259 if (open_status_str != NULL)
1260 *open_status_str = NULL;
1261 return caps;
1262 }
1263
1264 pcap_t *
open_capture_device_pcap_create(capture_options * capture_opts,interface_options * interface_opts,int timeout,cap_device_open_status * open_status,char (* open_status_str)[PCAP_ERRBUF_SIZE])1265 open_capture_device_pcap_create(
1266 #if defined(HAVE_PCAP_SET_TSTAMP_PRECISION)
1267 capture_options* capture_opts,
1268 #else
1269 capture_options* capture_opts _U_,
1270 #endif
1271 interface_options *interface_opts, int timeout,
1272 cap_device_open_status *open_status,
1273 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1274 {
1275 pcap_t *pcap_h;
1276 int status;
1277
1278 ws_debug("Calling pcap_create() using %s.", interface_opts->name);
1279 pcap_h = pcap_create(interface_opts->name, *open_status_str);
1280 ws_debug("pcap_create() returned %p.", (void *)pcap_h);
1281 if (pcap_h == NULL) {
1282 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1283 return NULL;
1284 }
1285 if (interface_opts->has_snaplen) {
1286 ws_debug("Calling pcap_set_snaplen() with snaplen %d.",
1287 interface_opts->snaplen);
1288 pcap_set_snaplen(pcap_h, interface_opts->snaplen);
1289 }
1290 ws_debug("Calling pcap_set_promisc() with promisc_mode %d.",
1291 interface_opts->promisc_mode);
1292 pcap_set_promisc(pcap_h, interface_opts->promisc_mode);
1293 pcap_set_timeout(pcap_h, timeout);
1294
1295 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
1296 /*
1297 * If we're writing pcapng files, try to enable
1298 * nanosecond-resolution capture; any code that
1299 * can read pcapng files must be able to handle
1300 * nanosecond-resolution time stamps. We don't
1301 * care whether it succeeds or fails - if it fails,
1302 * we just use the microsecond-precision time stamps
1303 * we get.
1304 *
1305 * If we're writing pcap files, don't try to enable
1306 * nanosecond-resolution capture, as not all code
1307 * that reads pcap files recognizes the nanosecond-
1308 * resolution pcap file magic number.
1309 * We don't care whether this succeeds or fails; if it
1310 * fails (because we don't have pcap_set_tstamp_precision(),
1311 * or because we do but the OS or device doesn't support
1312 * nanosecond resolution timing), we just use microsecond-
1313 * resolution time stamps.
1314 */
1315 if (capture_opts->use_pcapng)
1316 request_high_resolution_timestamp(pcap_h);
1317 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1318
1319 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1320 if (interface_opts->timestamp_type) {
1321 status = pcap_set_tstamp_type(pcap_h, interface_opts->timestamp_type_id);
1322 /*
1323 * XXX - what if it fails because that time stamp type
1324 * isn't supported?
1325 */
1326 if (status == PCAP_ERROR) {
1327 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1328 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1329 sizeof *open_status_str);
1330 pcap_close(pcap_h);
1331 return NULL;
1332 }
1333 }
1334 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1335
1336 ws_debug("buffersize %d.", interface_opts->buffer_size);
1337 if (interface_opts->buffer_size != 0)
1338 pcap_set_buffer_size(pcap_h,
1339 interface_opts->buffer_size * 1024 * 1024);
1340 ws_debug("monitor_mode %d.", interface_opts->monitor_mode);
1341 if (interface_opts->monitor_mode)
1342 pcap_set_rfmon(pcap_h, 1);
1343 status = pcap_activate(pcap_h);
1344 ws_debug("pcap_activate() returned %d.", status);
1345 if (status < 0) {
1346 /* Failed to activate, set to NULL */
1347 if (status == PCAP_ERROR) {
1348 *open_status = CAP_DEVICE_OPEN_ERR_GENERIC;
1349 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1350 sizeof *open_status_str);
1351 } else {
1352 if (status == PCAP_ERROR_PERM_DENIED)
1353 *open_status = CAP_DEVICE_OPEN_ERR_PERMISSIONS;
1354 else
1355 *open_status = CAP_DEVICE_OPEN_ERR_NOT_PERMISSIONS;
1356 (void) g_strlcpy(*open_status_str, pcap_statustostr(status),
1357 sizeof *open_status_str);
1358 }
1359 pcap_close(pcap_h);
1360 return NULL;
1361 }
1362 if (status > 0) {
1363 /*
1364 * Warning. The call succeeded, but something happened
1365 * that the user might want to know.
1366 */
1367 *open_status = CAP_DEVICE_OPEN_WARNING_GENERIC;
1368 if (status == PCAP_WARNING) {
1369 g_snprintf(*open_status_str, sizeof *open_status_str,
1370 "Warning: %s", pcap_geterr(pcap_h));
1371 } else {
1372 g_snprintf(*open_status_str, sizeof *open_status_str,
1373 "Warning: %s", pcap_statustostr(status));
1374 }
1375 } else {
1376 /*
1377 * No warning issued.
1378 */
1379 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1380 }
1381 return pcap_h;
1382 }
1383 #endif /* HAVE_PCAP_CREATE */
1384
1385 if_capabilities_t *
get_if_capabilities_pcap_open_live(interface_options * interface_opts,cap_device_open_status * open_status,char ** open_status_str)1386 get_if_capabilities_pcap_open_live(interface_options *interface_opts,
1387 cap_device_open_status *open_status, char **open_status_str)
1388 {
1389 if_capabilities_t *caps;
1390 char errbuf[PCAP_ERRBUF_SIZE];
1391 pcap_t *pch;
1392
1393 pch = pcap_open_live(interface_opts->name, MIN_PACKET_SIZE, 0, 0,
1394 errbuf);
1395 if (pch == NULL) {
1396 *open_status = CAP_DEVICE_OPEN_ERR_GENERIC;
1397 *open_status_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
1398 return NULL;
1399 }
1400
1401 caps = (if_capabilities_t *)g_malloc(sizeof *caps);
1402 caps->can_set_rfmon = FALSE;
1403 caps->data_link_types = get_data_link_types(pch, interface_opts,
1404 open_status, open_status_str);
1405 if (caps->data_link_types == NULL) {
1406 pcap_close(pch);
1407 g_free(caps);
1408 return NULL;
1409 }
1410
1411 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1412
1413 pcap_close(pch);
1414
1415 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1416 *open_status_str = NULL;
1417 return caps;
1418 }
1419
1420 pcap_t *
open_capture_device_pcap_open_live(interface_options * interface_opts,int timeout,cap_device_open_status * open_status,char (* open_status_str)[PCAP_ERRBUF_SIZE])1421 open_capture_device_pcap_open_live(interface_options *interface_opts,
1422 int timeout, cap_device_open_status *open_status,
1423 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1424 {
1425 pcap_t *pcap_h;
1426 int snaplen;
1427
1428 if (interface_opts->has_snaplen)
1429 snaplen = interface_opts->snaplen;
1430 else {
1431 /*
1432 * Default - use the non-D-Bus maximum snapshot length of
1433 * 256KB, which should be big enough (libpcap didn't get
1434 * D-Bus support until after it goet pcap_create() and
1435 * pcap_activate(), so we don't have D-Bus support and
1436 * don't have to worry about really huge packets).
1437 */
1438 snaplen = 256*1024;
1439 }
1440 ws_debug("pcap_open_live() calling using name %s, snaplen %d, promisc_mode %d.",
1441 interface_opts->name, snaplen, interface_opts->promisc_mode);
1442 /*
1443 * This might succeed but put a messsage in *open_status_str;
1444 * that means that a warning was issued.
1445 *
1446 * Clear the error message buffer, so that if it's not an empty
1447 * string after the call, we know a warning was issued.
1448 */
1449 (*open_status_str)[0] = '\0';
1450 pcap_h = pcap_open_live(interface_opts->name, snaplen,
1451 interface_opts->promisc_mode, timeout, *open_status_str);
1452 ws_debug("pcap_open_live() returned %p.", (void *)pcap_h);
1453 if (pcap_h == NULL) {
1454 *open_status = CAP_DEVICE_OPEN_ERR_GENERIC;
1455 return NULL;
1456 }
1457 if ((*open_status_str)[0] != '\0') {
1458 /*
1459 * Warning. The call succeeded, but something happened
1460 * that the user might want to know.
1461 */
1462 *open_status = CAP_DEVICE_OPEN_WARNING_GENERIC;
1463 } else {
1464 /*
1465 * No warning issued.
1466 */
1467 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1468 }
1469
1470 #ifdef _WIN32
1471 /* Try to set the capture buffer size. */
1472 if (interface_opts->buffer_size > 1) {
1473 /*
1474 * We have no mechanism to report a warning if this
1475 * fails; we just keep capturing with the smaller buffer,
1476 * as is the case on systems with BPF and pcap_create()
1477 * and pcap_set_buffer_size(), where pcap_activate() just
1478 * silently clamps the buffer size to the maximum.
1479 */
1480 pcap_setbuff(pcap_h, interface_opts->buffer_size * 1024 * 1024);
1481 }
1482 #endif
1483
1484 return pcap_h;
1485 }
1486
1487 /*
1488 * Get the capabilities of a network device.
1489 */
1490 if_capabilities_t *
get_if_capabilities(interface_options * interface_opts,cap_device_open_status * status,char ** status_str)1491 get_if_capabilities(interface_options *interface_opts,
1492 cap_device_open_status *status, char **status_str)
1493 {
1494 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1495 if_capabilities_t *caps;
1496 char errbuf[PCAP_ERRBUF_SIZE];
1497 pcap_t *pch;
1498 int deflt;
1499 data_link_info_t *data_link_info;
1500
1501 if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
1502 struct pcap_rmtauth auth;
1503
1504 auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
1505 RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
1506 auth.username = interface_opts->auth_username;
1507 auth.password = interface_opts->auth_password;
1508
1509 /*
1510 * WinPcap 4.1.2, and possibly earlier versions, have a bug
1511 * wherein, when an open with an rpcap: URL fails, the error
1512 * message for the error is not copied to errbuf and whatever
1513 * on-the-stack junk is in errbuf is treated as the error
1514 * message.
1515 *
1516 * To work around that (and any other bugs of that sort), we
1517 * initialize errbuf to an empty string. If we get an error
1518 * and the string is empty, we report it as an unknown error.
1519 * (If we *don't* get an error, and the string is *non*-empty,
1520 * that could be a warning returned, such as "can't turn
1521 * promiscuous mode on"; we currently don't do so.)
1522 */
1523 errbuf[0] = '\0';
1524 pch = pcap_open(interface_opts->name, MIN_PACKET_SIZE, 0, 0, &auth,
1525 errbuf);
1526 if (pch == NULL) {
1527 /*
1528 * We don't know whether it's a permission error or not.
1529 * And, if it is, the user will either have to ask for
1530 * permission for their own remote account or will have
1531 * to use an account that *does* have permissions.
1532 */
1533 *status = CAP_DEVICE_OPEN_ERR_GENERIC;
1534 *status_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
1535 return NULL;
1536 }
1537
1538 caps = (if_capabilities_t *)g_malloc(sizeof *caps);
1539 caps->can_set_rfmon = FALSE;
1540 caps->data_link_types = NULL;
1541 deflt = get_pcap_datalink(pch, interface_opts->name);
1542 data_link_info = create_data_link_info(deflt);
1543 caps->data_link_types = g_list_append(caps->data_link_types, data_link_info);
1544 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1545 pcap_close(pch);
1546
1547 /*
1548 * This doesn't return warnings for remote devices, and
1549 * we don't use it for local devices.
1550 */
1551 *status = CAP_DEVICE_OPEN_NO_ERR;
1552 *status_str = NULL;
1553 return caps;
1554 }
1555 #endif /* defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE) */
1556
1557 /*
1558 * Local interface.
1559 */
1560 return get_if_capabilities_local(interface_opts, status, status_str);
1561 }
1562
1563 pcap_t *
open_capture_device(capture_options * capture_opts,interface_options * interface_opts,int timeout,cap_device_open_status * open_status,char (* open_status_str)[PCAP_ERRBUF_SIZE])1564 open_capture_device(capture_options *capture_opts,
1565 interface_options *interface_opts, int timeout,
1566 cap_device_open_status *open_status,
1567 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1568 {
1569 pcap_t *pcap_h;
1570 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1571 struct pcap_rmtauth auth;
1572 #endif
1573
1574 /* Open the network interface to capture from it.
1575 Some versions of libpcap may put warnings into the error buffer
1576 if they succeed; to tell if that's happened, we have to clear
1577 the error buffer, and check if it's still a null string. */
1578 ws_debug("Entering open_capture_device().");
1579 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1580 (*open_status_str)[0] = '\0';
1581 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1582 /*
1583 * If we're opening a remote device, use pcap_open(); that's currently
1584 * the only open routine that supports remote devices.
1585 */
1586 if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
1587 int snaplen;
1588
1589 auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
1590 RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
1591 auth.username = interface_opts->auth_username;
1592 auth.password = interface_opts->auth_password;
1593
1594 if (interface_opts->has_snaplen)
1595 snaplen = interface_opts->snaplen;
1596 else {
1597 /*
1598 * Default - use the non-D-Bus maximum snapshot length,
1599 * which should be big enough, except for D-Bus.
1600 */
1601 snaplen = 256*1024;
1602 }
1603 ws_debug("Calling pcap_open() using name %s, snaplen %d, promisc_mode %d, datatx_udp %d, nocap_rpcap %d.",
1604 interface_opts->name, snaplen,
1605 interface_opts->promisc_mode, interface_opts->datatx_udp,
1606 interface_opts->nocap_rpcap);
1607 pcap_h = pcap_open(interface_opts->name, snaplen,
1608 /* flags */
1609 (interface_opts->promisc_mode ? PCAP_OPENFLAG_PROMISCUOUS : 0) |
1610 (interface_opts->datatx_udp ? PCAP_OPENFLAG_DATATX_UDP : 0) |
1611 (interface_opts->nocap_rpcap ? PCAP_OPENFLAG_NOCAPTURE_RPCAP : 0),
1612 timeout, &auth, *open_status_str);
1613 if (pcap_h == NULL) {
1614 /*
1615 * Error.
1616 *
1617 * We don't know whether it's a permission error
1618 * or not.
1619 * (If it is, maybe we can give ourselves permission
1620 * or maybe we just have to ask politely for
1621 * permission.)
1622 */
1623 *open_status = CAP_DEVICE_OPEN_ERR_GENERIC;
1624 /* Did pcap actually supply an error message? */
1625 if ((*open_status_str)[0] == '\0') {
1626 /*
1627 * Work around known WinPcap bug wherein
1628 * no error message is filled in on a
1629 * failure to open an rpcap: URL.
1630 */
1631 (void) g_strlcpy(*open_status_str,
1632 "Unknown error (pcap bug; actual error cause not reported)",
1633 sizeof *open_status_str);
1634 }
1635 }
1636 ws_debug("pcap_open() returned %p.", (void *)pcap_h);
1637 ws_debug("open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
1638 /*
1639 * This doesn't return warnings for remote devices, and
1640 * we don't use it for local devices.
1641 */
1642 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1643 return pcap_h;
1644 }
1645 #endif
1646
1647 pcap_h = open_capture_device_local(capture_opts, interface_opts,
1648 timeout, open_status, open_status_str);
1649 ws_debug("open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
1650 return pcap_h;
1651 }
1652
1653 #endif /* HAVE_LIBPCAP */
1654
1655 /*
1656 * Editor modelines - https://www.wireshark.org/tools/modelines.html
1657 *
1658 * Local variables:
1659 * c-basic-offset: 8
1660 * tab-width: 8
1661 * indent-tabs-mode: t
1662 * End:
1663 *
1664 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1665 * :indentSize=8:tabSize=8:noTabs=false:
1666 */
1667