search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
regen pidl all: rm epan/dissectors/pidl/*-stamp; pushd epan/dissectors/pidl/ && make...
[wireshark-sm.git] / capture / capture-pcap-util.c
blob07dd7b4050ea0e091e2618ea546d4e1be87d5793
1 /* capture-pcap-util.c
2 * Utility routines for packet capture
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #include "config.h"
12 #define WS_LOG_DOMAIN LOG_DOMAIN_CAPCHILD
13
14 #ifdef HAVE_LIBPCAP
15
16 #include <wireshark.h>
17
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include <limits.h>
21 #include <string.h>
22
23 #include <sys/types.h>
24
25 #ifdef HAVE_SYS_SOCKET_H
26 #include <sys/socket.h>
27 #endif
28
29 #ifdef __APPLE__
30 #include <dlfcn.h>
31 #endif
32
33 #include "ws_attributes.h"
34
35 /*
36 * Linux bonding devices mishandle unknown ioctls; they fail
37 * with ENODEV rather than ENOTSUP, EOPNOTSUPP, or ENOTTY,
38 * so pcap_can_set_rfmon() returns a "no such device" indication
39 * if we try to do SIOCGIWMODE on them.
40 *
41 * So, on Linux, we check for bonding devices, if we can, before
42 * trying pcap_can_set_rfmon(), as pcap_can_set_rfmon() will
43 * end up trying SIOCGIWMODE on the device if that ioctl exists.
44 */
45 #if defined(HAVE_PCAP_CREATE) && defined(__linux__)
46
47 #include <sys/ioctl.h>
48
49 /*
50 * If we're building for a Linux version that supports bonding,
51 * HAVE_BONDING will be defined.
52 */
53
54 #ifdef HAVE_LINUX_SOCKIOS_H
55 #include <linux/sockios.h>
56 #endif
57
58 #ifdef HAVE_LINUX_IF_BONDING_H
59 #include <linux/if_bonding.h>
60 #endif
61
62 #if defined(BOND_INFO_QUERY_OLD) || defined(SIOCBONDINFOQUERY)
63 #define HAVE_BONDING
64 #endif
65
66 #endif /* defined(HAVE_PCAP_CREATE) && defined(__linux__) */
67
68 #include "capture/capture_ifinfo.h"
69 #include "capture/capture-pcap-util.h"
70 #include "capture/capture-pcap-util-int.h"
71 #ifdef _WIN32
72 #include "capture/capture-wpcap.h"
73 #else
74 #define ws_pcap_findalldevs_ex pcap_findalldevs_ex
75 #endif
76
77 #include <wsutil/application_flavor.h>
78 #include <wsutil/file_util.h>
79 #include <wsutil/please_report_bug.h>
80 #include <wsutil/wslog.h>
81
82 #ifndef _WIN32
83 #include <netinet/in.h>
84 #else
85 #include <ws2tcpip.h>
86 #endif
87
88 #ifdef _WIN32
89 #include "capture/capture_win_ifnames.h" /* windows friendly interface names */
90 #endif
91
92 #if defined(__FreeBSD__) || defined(__OpenBSD__)
93 /*
94 * Needed for the code to get a device description.
95 */
96 #include <errno.h>
97 #include <net/if.h>
98 #include <sys/sockio.h>
99 #include <sys/ioctl.h>
100 #endif
101
102 /*
103 * Given an interface name, find the "friendly name" and interface
104 * type for the interface.
105 */
106
107 #if defined(HAVE_MACOS_FRAMEWORKS)
108
109 #include <CoreFoundation/CoreFoundation.h>
110 #include <SystemConfiguration/SystemConfiguration.h>
111
112 #include <wsutil/cfutils.h>
113
114 /*
115 * On macOS, we get the "friendly name" and interface type for the interface
116 * from the System Configuration framework.
117 *
118 * To find the System Configuration framework information for the
119 * interface, we get all the interfaces that the System Configuration
120 * framework knows about and look for the one with a "BSD name" matching
121 * the interface name.
122 *
123 * If we find it, we use its "localized display name", if it has one, as
124 * the "friendly name".
125 *
126 * As for the interface type:
127 *
128 * Yes, fetching all the network addresses for an interface gets you an
129 * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes
130 * an SNMP MIB-II ifType value.
131 *
132 * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
133 * not IFT_IEEE80211 (which isn't defined in macOS in any case).
134 *
135 * Perhaps some other BSD-flavored OSes won't make this mistake;
136 * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
137 * made the same mistake, at least for my Belkin ZyDAS stick.
138 *
139 * SCNetworkInterfaceGetInterfaceType() will get the interface
140 * type. The interface type is a CFString, and:
141 *
142 * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
143 * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
144 * kSCNetworkInterfaceTypeModem or
145 * kSCNetworkInterfaceTypePPP or
146 * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
147 */
148 static void
149 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
150 const char *description _U_)
151 {
152 CFStringRef name_CFString;
153 CFArrayRef interfaces;
154 CFIndex num_interfaces;
155 CFIndex i;
156 SCNetworkInterfaceRef interface;
157 CFStringRef bsdname_CFString;
158 CFStringRef friendly_name_CFString;
159 CFStringRef interface_type_CFString;
160
161 interfaces = SCNetworkInterfaceCopyAll();
162 if (interfaces == NULL) {
163 /*
164 * Couldn't get a list of interfaces.
165 */
166 return;
167 }
168
169 name_CFString = CFStringCreateWithCString(kCFAllocatorDefault,
170 name, kCFStringEncodingUTF8);
171 if (name_CFString == NULL) {
172 /*
173 * Couldn't convert the interface name to a CFString.
174 */
175 CFRelease(interfaces);
176 return;
177 }
178
179 num_interfaces = CFArrayGetCount(interfaces);
180 for (i = 0; i < num_interfaces; i++) {
181 interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i);
182 bsdname_CFString = SCNetworkInterfaceGetBSDName(interface);
183 if (bsdname_CFString == NULL) {
184 /*
185 * This interface has no BSD name, so it's not
186 * a regular network interface.
187 */
188 continue;
189 }
190 if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) {
191 /*
192 * This is the interface.
193 * First, get the friendly name.
194 */
195 friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface);
196 if (friendly_name_CFString != NULL)
197 if_info->friendly_name = CFString_to_C_string(friendly_name_CFString);
198
199 /*
200 * Now get the interface type.
201 */
202 interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface);
203 if (CFStringCompare(interface_type_CFString,
204 kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo)
205 if_info->type = IF_WIRELESS;
206 else if (CFStringCompare(interface_type_CFString,
207 kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo)
208 if_info->type = IF_BLUETOOTH;
209 else if (CFStringCompare(interface_type_CFString,
210 kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo)
211 if_info->type = IF_DIALUP;
212 else if (CFStringCompare(interface_type_CFString,
213 kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo)
214 if_info->type = IF_DIALUP;
215 else if (CFStringCompare(interface_type_CFString,
216 kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo)
217 if_info->type = IF_DIALUP;
218 else
219 if_info->type = IF_WIRED;
220 break;
221 }
222 }
223
224 CFRelease(interfaces);
225 CFRelease(name_CFString);
226 }
227 #elif defined(__linux__)
228 /*
229 * Linux doesn't offer any form of "friendly name", but you can
230 * determine an interface type to some degree.
231 */
232 static void
233 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
234 const char *description _U_)
235 {
236 char *wireless_path;
237 ws_statb64 statb;
238
239 /*
240 * Look for /sys/class/net/{device}/wireless. If it exists,
241 * it's a wireless interface.
242 */
243 wireless_path = ws_strdup_printf("/sys/class/net/%s/wireless", name);
244 if (wireless_path != NULL) {
245 if (ws_stat64(wireless_path, &statb) == 0)
246 if_info->type = IF_WIRELESS;
247 g_free(wireless_path);
248 }
249 if (if_info->type == IF_WIRED) {
250 /*
251 * We still don't know what it is. Check for
252 * Bluetooth and USB devices.
253 */
254 if (strstr(name, "bluetooth") != NULL) {
255 /*
256 * XXX - this is for raw Bluetooth capture; what
257 * about IP-over-Bluetooth devices?
258 */
259 if_info->type = IF_BLUETOOTH;
260 } else if (strstr(name, "usbmon") != NULL)
261 if_info->type = IF_USB;
262 }
263 }
264 #elif !defined(_WIN32)
265 /*
266 * On other UN*Xes, if there is a description, it's a friendly
267 * name, and there is no vendor description. ("Other UN*Xes"
268 * currently means "FreeBSD and OpenBSD".)
269 */
270 static void
271 add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_,
272 const char *description)
273 {
274 if_info->friendly_name = g_strdup(description);
275 }
276 #endif
277
278 if_info_t *
279 if_info_get(const char *name)
280 {
281 char *description = NULL;
282 if_info_t *if_info;
283 #ifdef SIOCGIFDESCR
284 /*
285 * Try to fetch the description of this interface.
286 * XXX - this is only here because libpcap has no API to
287 * get the description of a *single* interface; it really
288 * needs both an API to get pcapng-IDB-style attributes
289 * for a single interface and to get a list of interfaces
290 * with pcapng-IDB-style attributes for each interface.
291 */
292 int s;
293 struct ifreq ifrdesc;
294 #ifndef IFDESCRSIZE
295 size_t descrlen = 64;
296 #else
297 size_t descrlen = IFDESCRSIZE;
298 #endif /* IFDESCRSIZE */
299
300 /*
301 * Get the description for the interface.
302 */
303 memset(&ifrdesc, 0, sizeof ifrdesc);
304 (void) g_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
305 s = socket(AF_INET, SOCK_DGRAM, 0);
306 if (s >= 0) {
307 #ifdef __FreeBSD__
308 /*
309 * On FreeBSD, if the buffer isn't big enough for the
310 * description, the ioctl succeeds, but the description
311 * isn't copied, ifr_buffer.length is set to the description
312 * length, and ifr_buffer.buffer is set to NULL.
313 */
314 for (;;) {
315 g_free(description);
316 if ((description = (char*)g_malloc(descrlen)) != NULL) {
317 ifrdesc.ifr_buffer.buffer = description;
318 ifrdesc.ifr_buffer.length = descrlen;
319 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
320 if (ifrdesc.ifr_buffer.buffer ==
321 description)
322 break;
323 else
324 descrlen = ifrdesc.ifr_buffer.length;
325 } else {
326 /*
327 * Failed to get interface description.
328 */
329 g_free(description);
330 description = NULL;
331 break;
332 }
333 } else
334 break;
335 }
336 #else /* __FreeBSD__ */
337 /*
338 * The only other OS that currently supports
339 * SIOCGIFDESCR is OpenBSD, and it has no way
340 * to get the description length - it's clamped
341 * to a maximum of IFDESCRSIZE.
342 */
343 if ((description = (char*)g_malloc(descrlen)) != NULL) {
344 ifrdesc.ifr_data = (caddr_t)description;
345 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
346 /*
347 * Failed to get interface description.
348 */
349 g_free(description);
350 description = NULL;
351 }
352 }
353 #endif /* __FreeBSD__ */
354 close(s);
355 if (description != NULL && strlen(description) == 0) {
356 /*
357 * Description is empty, so discard it.
358 */
359 g_free(description);
360 description = NULL;
361 }
362 }
363
364 #ifdef __FreeBSD__
365 /*
366 * For FreeBSD, if we didn't get a description, and this is
367 * a device with a name of the form usbusN, label it as a USB
368 * bus.
369 */
370 if (description == NULL) {
371 if (strncmp(name, "usbus", 5) == 0) {
372 /*
373 * OK, it begins with "usbus".
374 */
375 long busnum;
376 char *p;
377
378 errno = 0;
379 busnum = strtol(name + 5, &p, 10);
380 if (errno == 0 && p != name + 5 && *p == '\0' &&
381 busnum >= 0 && busnum <= INT_MAX) {
382 /*
383 * OK, it's a valid number that's not
384 * bigger than INT_MAX. Construct
385 * a description from it.
386 */
387 static const char descr_prefix[] = "USB bus number ";
388 size_t descr_size;
389
390 /*
391 * Allow enough room for a 32-bit bus number.
392 * sizeof (descr_prefix) includes the
393 * terminating NUL.
394 */
395 descr_size = sizeof (descr_prefix) + 10;
396 description = g_malloc(descr_size);
397 if (description != NULL) {
398 snprintf(description, descr_size,
399 "%s%ld", descr_prefix, busnum);
400 }
401 }
402 }
403 }
404 #endif /* __FreeBSD__ */
405 #endif /* SIOCGIFDESCR */
406 if_info = if_info_new(name, description, false);
407 g_free(description);
408 return if_info;
409 }
410
411 if_addr_t *
412 if_addr_copy(const if_addr_t *addr)
413 {
414 if_addr_t *new_addr = g_new(if_addr_t, 1);
415 new_addr->ifat_type = addr->ifat_type;
416 switch (addr->ifat_type) {
417 case IF_AT_IPv4:
418 new_addr->addr.ip4_addr = addr->addr.ip4_addr;
419 break;
420 case IF_AT_IPv6:
421 memcpy(new_addr->addr.ip6_addr, addr->addr.ip6_addr, sizeof(addr->addr));
422 break;
423 default:
424 /* In case we add non-IP addresses */
425 break;
426 }
427 return new_addr;
428 }
429
430 static void*
431 if_addr_copy_cb(const void *data, void *user_data _U_)
432 {
433 return if_addr_copy((if_addr_t*)data);
434 }
435
436 void
437 if_info_free(if_info_t *if_info)
438 {
439 if (if_info == NULL) {
440 return;
441 }
442 g_free(if_info->name);
443 g_free(if_info->friendly_name);
444 g_free(if_info->vendor_description);
445 g_free(if_info->extcap);
446 g_slist_free_full(if_info->addrs, g_free);
447 if (if_info->caps) {
448 free_if_capabilities(if_info->caps);
449 }
450 g_free(if_info);
451 }
452
453 static void*
454 copy_linktype_cb(const void *data, void *user_data _U_)
455 {
456 data_link_info_t *linktype_info = (data_link_info_t *)data;
457
458 data_link_info_t *ret = g_new(data_link_info_t, 1);
459 ret->dlt = linktype_info->dlt;
460 ret->name = g_strdup(linktype_info->name);
461 ret->description = g_strdup(linktype_info->description);
462 return ret;
463 }
464
465 static void*
466 copy_timestamp_cb(const void *data, void *user_data _U_)
467 {
468 timestamp_info_t *timestamp_info = (timestamp_info_t *)data;
469
470 timestamp_info_t *ret = g_new(timestamp_info_t, 1);
471 ret->name = g_strdup(timestamp_info->name);
472 ret->description = g_strdup(timestamp_info->description);
473 return ret;
474 }
475
476 static if_capabilities_t *
477 if_capabilities_copy(const if_capabilities_t *caps)
478 {
479 if (caps == NULL) return NULL;
480
481 if_capabilities_t *ret = g_new(if_capabilities_t, 1);
482 ret->can_set_rfmon = caps->can_set_rfmon;
483 ret->data_link_types = g_list_copy_deep(caps->data_link_types, copy_linktype_cb, NULL);
484 ret->timestamp_types = g_list_copy_deep(caps->timestamp_types, copy_timestamp_cb, NULL);
485 ret->data_link_types_rfmon = g_list_copy_deep(caps->data_link_types_rfmon, copy_linktype_cb, NULL);
486 ret->primary_msg = g_strdup(caps->primary_msg);
487 ret->secondary_msg = caps->secondary_msg;
488
489 return ret;
490 }
491
492 if_info_t *
493 if_info_copy(const if_info_t *if_info)
494 {
495 if_info_t *new_if_info;
496 new_if_info = g_new(if_info_t, 1);
497 new_if_info->name = g_strdup(if_info->name);
498 /* g_strdup accepts NULL as input and returns NULL. */
499 new_if_info->friendly_name = g_strdup(if_info->friendly_name);
500 new_if_info->vendor_description = g_strdup(if_info->vendor_description);
501 new_if_info->addrs = g_slist_copy_deep(if_info->addrs, if_addr_copy_cb, NULL);
502 new_if_info->type = if_info->type;
503 new_if_info->loopback = if_info->loopback;
504 new_if_info->extcap = g_strdup(if_info->extcap);
505 new_if_info->caps = if_capabilities_copy(if_info->caps);
506
507 return new_if_info;
508 }
509
510 static void*
511 if_info_copy_cb(const void* data, void *user_data _U_)
512 {
513 return if_info_copy((const if_info_t*)data);
514 }
515
516 if_info_t *
517 if_info_new(const char *name, const char *description, bool loopback)
518 {
519 if_info_t *if_info;
520 #ifdef _WIN32
521 const char *guid_text;
522 GUID guid;
523 #endif
524
525 if_info = g_new(if_info_t, 1);
526 if_info->name = g_strdup(name);
527 if_info->friendly_name = NULL; /* default - unknown */
528 if_info->vendor_description = NULL;
529 if_info->type = IF_WIRED; /* default */
530 if_info->extcap = g_strdup("");
531 #ifdef _WIN32
532 /*
533 * Get the interface type.
534 *
535 * Much digging failed to reveal any obvious way to get something
536 * such as the SNMP MIB-II ifType value for an interface:
537 *
538 * https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib
539 *
540 * by making some NDIS request. And even if there were such
541 * a way, there's no guarantee that the ifType reflects an
542 * interface type that a user would view as correct (for
543 * example, some systems report Wi-Fi interfaces as
544 * Ethernet interfaces).
545 *
546 * So we look for keywords in the vendor's interface
547 * description.
548 */
549 if (description && (strstr(description, "generic dialup") != NULL ||
550 strstr(description, "PPP/SLIP") != NULL)) {
551 if_info->type = IF_DIALUP;
552 } else if (description && (strstr(description, "Wireless") != NULL ||
553 strstr(description,"802.11") != NULL)) {
554 if_info->type = IF_WIRELESS;
555 } else if (description && (strstr(description, "AirPcap") != NULL ||
556 strstr(name, "airpcap") != NULL)) {
557 if_info->type = IF_AIRPCAP;
558 } else if (description && strstr(description, "Bluetooth") != NULL ) {
559 if_info->type = IF_BLUETOOTH;
560 } else if (description && strstr(description, "VMware") != NULL) {
561 /*
562 * Bridge, NAT, or host-only interface on a VMware host.
563 *
564 * XXX - what about guest interfaces?
565 */
566 if_info->type = IF_VIRTUAL;
567 }
568
569 /*
570 * On Windows, the "description" is a vendor description,
571 * and the friendly name isn't returned by Npcap/WinPcap.
572 * Fetch it ourselves.
573 */
574
575 /*
576 * Skip over the "\Device\NPF_" prefix in the device name,
577 * if present.
578 */
579 if (strncmp("\\Device\\NPF_", name, 12) == 0)
580 guid_text = name + 12;
581 else
582 guid_text = name;
583
584 /* Now try to parse what remains as a GUID. */
585 if (parse_as_guid(guid_text, &guid)) {
586 /*
587 * Success. Try to get a friendly name using the GUID.
588 * As this is a regular interface, the description is a
589 * vendor description.
590 */
591 if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid);
592 if_info->vendor_description = g_strdup(description);
593 } else {
594 /*
595 * This is probably not a regular interface; we only
596 * support NT 5 (W2K) and later, so all regular interfaces
597 * should have GUIDs at the end of the name. Therefore,
598 * the description, if supplied, is a friendly name
599 * provided by WinPcap, and there is no vendor
600 * description.
601 */
602 if_info->friendly_name = g_strdup(description);
603 if_info->vendor_description = NULL;
604 }
605 #else
606 /*
607 * On UN*X, if there is a description, it's a friendly
608 * name, and there is no vendor description.
609 *
610 * Try the platform's way of getting a friendly name and
611 * interface type first.
612 *
613 * If that fails, then, for a loopback interface, give it the
614 * friendly name "Loopback" and, for VMware interfaces,
615 * give them the type IF_VIRTUAL.
616 */
617 add_unix_interface_ifinfo(if_info, name, description);
618 if (if_info->type == IF_WIRED) {
619 /*
620 * This is the default interface type.
621 *
622 * Bridge, NAT, or host-only interfaces on VMWare hosts
623 * have the name vmnet[0-9]+. Guests might use a native
624 * (LANCE or E1000) driver or the vmxnet driver. Check
625 * the name.
626 */
627 if (g_ascii_strncasecmp(name, "vmnet", 5) == 0)
628 if_info->type = IF_VIRTUAL;
629 else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0)
630 if_info->type = IF_VIRTUAL;
631 }
632 if (if_info->friendly_name == NULL) {
633 /*
634 * We couldn't get interface information using platform-
635 * dependent calls.
636 *
637 * If this is a loopback interface, give it a
638 * "friendly name" of "Loopback".
639 */
640 if (loopback)
641 if_info->friendly_name = g_strdup("Loopback");
642 }
643 if_info->vendor_description = NULL;
644 #endif
645 if_info->loopback = loopback;
646 if_info->addrs = NULL;
647 if_info->caps = NULL;
648 return if_info;
649 }
650
651 void
652 if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
653 {
654 if_addr_t *if_addr;
655 struct sockaddr_in *ai;
656 struct sockaddr_in6 *ai6;
657
658 switch (addr->sa_family) {
659
660 case AF_INET:
661 ai = (struct sockaddr_in *)(void *)addr;
662 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
663 if_addr->ifat_type = IF_AT_IPv4;
664 if_addr->addr.ip4_addr = ai->sin_addr.s_addr;
665 if_info->addrs = g_slist_prepend(if_info->addrs, if_addr);
666 break;
667
668 case AF_INET6:
669 ai6 = (struct sockaddr_in6 *)(void *)addr;
670 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
671 if_addr->ifat_type = IF_AT_IPv6;
672 memcpy((void *)&if_addr->addr.ip6_addr,
673 (void *)&ai6->sin6_addr.s6_addr,
674 sizeof if_addr->addr.ip6_addr);
675 if_info->addrs = g_slist_prepend(if_info->addrs, if_addr);
676 break;
677 }
678 }
679
680 /*
681 * Get all IP address information for the given interface.
682 */
683 static void
684 if_info_ip(if_info_t *if_info, pcap_if_t *d)
685 {
686 pcap_addr_t *a;
687
688 /* All addresses */
689 for (a = d->addresses; a != NULL; a = a->next) {
690 if (a->addr != NULL)
691 if_info_add_address(if_info, a->addr);
692 }
693
694 if(if_info->addrs){
695 if_info->addrs = g_slist_reverse(if_info->addrs);
696 }
697 }
698
699 #ifdef HAVE_PCAP_REMOTE
700 GList *
701 get_interface_list_findalldevs_ex(const char *hostname, const char *port,
702 int auth_type, const char *username,
703 const char *passwd, int *err, char **err_str)
704 {
705 char source[PCAP_BUF_SIZE];
706 struct pcap_rmtauth auth;
707 GList *il = NULL;
708 pcap_if_t *alldevs, *dev;
709 if_info_t *if_info;
710 /*
711 * WinPcap can overflow PCAP_ERRBUF_SIZE if the host is unreachable.
712 * Fudge a larger size.
713 */
714 char errbuf[PCAP_ERRBUF_SIZE*4];
715
716 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
717 NULL, errbuf) == -1) {
718 *err = CANT_GET_INTERFACE_LIST;
719 if (strcmp(errbuf, "not supported") == 0) {
720 /*
721 * macOS 14's pcap_createsrcstr(), which is a
722 * stub that always returns -1 with an error
723 * message of "not supported".
724 *
725 * In this case, as we passed it an rpcap://
726 * URL, treat that as meaning "remote capture
727 * not supported".
728 */
729 g_strlcpy(errbuf, "Remote capture not supported",
730 PCAP_ERRBUF_SIZE);
731 }
732 if (err_str != NULL)
733 *err_str = cant_get_if_list_error_message(errbuf);
734 return NULL;
735 }
736
737 auth.type = auth_type;
738 auth.username = g_strdup(username);
739 auth.password = g_strdup(passwd);
740
741 if (ws_pcap_findalldevs_ex(source, &auth, &alldevs, errbuf) == -1) {
742 *err = CANT_GET_INTERFACE_LIST;
743 if (strcmp(errbuf, "not supported") == 0) {
744 /*
745 * macOS 14's pcap_findalldevs_ex(), which is a
746 * stub that always returns -1 with an error
747 * message of "not supported".
748 *
749 * In this case, as we passed it an rpcap://
750 * URL, treat that as meaning "remote capture
751 * not supported".
752 */
753 g_strlcpy(errbuf, "Remote capture not supported",
754 PCAP_ERRBUF_SIZE);
755 }
756 if (err_str != NULL)
757 *err_str = cant_get_if_list_error_message(errbuf);
758 g_free(auth.username);
759 g_free(auth.password);
760 return NULL;
761 }
762
763 if (alldevs == NULL) {
764 /*
765 * No interfaces found.
766 */
767 *err = 0;
768 if (err_str != NULL)
769 *err_str = NULL;
770 g_free(auth.username);
771 g_free(auth.password);
772 return NULL;
773 }
774
775 for (dev = alldevs; dev != NULL; dev = dev->next) {
776 if_info = if_info_new(dev->name, dev->description,
777 (dev->flags & PCAP_IF_LOOPBACK) ? true : false);
778 il = g_list_append(il, if_info);
779 if_info_ip(if_info, dev);
780 }
781 pcap_freealldevs(alldevs);
782 g_free(auth.username);
783 g_free(auth.password);
784
785 return il;
786 }
787 #endif
788
789 GList *
790 get_interface_list_findalldevs(int *err, char **err_str)
791 {
792 GList *il = NULL;
793 pcap_if_t *alldevs = NULL, *dev;
794 if_info_t *if_info;
795 char errbuf[PCAP_ERRBUF_SIZE];
796
797 if (application_flavor_is_wireshark() && pcap_findalldevs(&alldevs, errbuf) == -1) {
798 *err = CANT_GET_INTERFACE_LIST;
799 if (err_str != NULL)
800 *err_str = cant_get_if_list_error_message(errbuf);
801 return NULL;
802 }
803
804 if (alldevs == NULL) {
805 /*
806 * No interfaces found.
807 */
808 *err = 0;
809 if (err_str != NULL)
810 *err_str = NULL;
811 return NULL;
812 }
813
814 for (dev = alldevs; dev != NULL; dev = dev->next) {
815 if_info = if_info_new(dev->name, dev->description,
816 (dev->flags & PCAP_IF_LOOPBACK) ? true : false);
817 il = g_list_append(il, if_info);
818 if_info_ip(if_info, dev);
819 }
820 pcap_freealldevs(alldevs);
821
822 return il;
823 }
824
825 static void
826 free_if_cb(void * data, void * user_data _U_)
827 {
828 if_info_free((if_info_t *)data);
829 }
830
831 void
832 free_interface_list(GList *if_list)
833 {
834 g_list_foreach(if_list, free_if_cb, NULL);
835 g_list_free(if_list);
836 }
837
838 GList*
839 interface_list_copy(GList *if_list)
840 {
841 return g_list_copy_deep(if_list, if_info_copy_cb, NULL);
842 }
843
844 static void
845 free_linktype_cb(void * data)
846 {
847 data_link_info_t *linktype_info = (data_link_info_t *)data;
848
849 g_free(linktype_info->name);
850 g_free(linktype_info->description);
851 g_free(linktype_info);
852 }
853
854 static void
855 free_timestamp_cb(void * data)
856 {
857 timestamp_info_t *timestamp_info = (timestamp_info_t *)data;
858
859 g_free(timestamp_info->name);
860 g_free(timestamp_info->description);
861 g_free(data);
862 }
863
864 void
865 free_if_capabilities(if_capabilities_t *caps)
866 {
867 g_list_free_full(caps->data_link_types, free_linktype_cb);
868 g_list_free_full(caps->data_link_types_rfmon, free_linktype_cb);
869
870 g_list_free_full(caps->timestamp_types, free_timestamp_cb);
871
872 g_free(caps->primary_msg);
873
874 g_free(caps);
875 }
876
877 const char *
878 linktype_val_to_name(int dlt)
879 {
880 return pcap_datalink_val_to_name(dlt);
881 }
882
883 int
884 linktype_name_to_val(const char *linktype)
885 {
886 return pcap_datalink_name_to_val(linktype);
887 }
888
889 /*
890 * Get the data-link type for a libpcap device.
891 * This works around AIX 5.x's non-standard and incompatible-with-the-
892 * rest-of-the-universe libpcap.
893 */
894 int
895 get_pcap_datalink(pcap_t *pch,
896 #ifdef _AIX
897 const char* devicename
898 #else
899 const char* devicename _U_
900 #endif
901 )
902 {
903 int datalink;
904 #ifdef _AIX
905 const char *ifacename;
906 #endif
907
908 datalink = pcap_datalink(pch);
909 #ifdef _AIX
910
911 /*
912 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
913 * rather than DLT_ values for link-layer types; the ifType values
914 * for LAN devices are:
915 *
916 * Ethernet 6
917 * 802.3 7
918 * Token Ring 9
919 * FDDI 15
920 *
921 * and the ifType value for a loopback device is 24.
922 *
923 * The AIX names for LAN devices begin with:
924 *
925 * Ethernet en
926 * 802.3 et
927 * Token Ring tr
928 * FDDI fi
929 *
930 * and the AIX names for loopback devices begin with "lo".
931 *
932 * (The difference between "Ethernet" and "802.3" is presumably
933 * whether packets have an Ethernet header, with a packet type,
934 * or an 802.3 header, with a packet length, followed by an 802.2
935 * header and possibly a SNAP header.)
936 *
937 * If the device name matches "datalink" interpreted as an ifType
938 * value, rather than as a DLT_ value, we will assume this is AIX's
939 * non-standard, incompatible libpcap, rather than a standard libpcap,
940 * and will map the link-layer type to the standard DLT_ value for
941 * that link-layer type, as that's what the rest of Wireshark expects.
942 *
943 * (This means the capture files won't be readable by a tcpdump
944 * linked with AIX's non-standard libpcap, but so it goes. They
945 * *will* be readable by standard versions of tcpdump, Wireshark,
946 * and so on.)
947 *
948 * XXX - if we conclude we're using AIX libpcap, should we also
949 * set a flag to cause us to assume the time stamps are in
950 * seconds-and-nanoseconds form, and to convert them to
951 * seconds-and-microseconds form before processing them and
952 * writing them out?
953 */
954
955 /*
956 * Find the last component of the device name, which is the
957 * interface name.
958 */
959 ifacename = strchr(devicename, '/');
960 if (ifacename == NULL)
961 ifacename = devicename;
962
963 /* See if it matches any of the LAN device names. */
964 if (strncmp(ifacename, "en", 2) == 0) {
965 if (datalink == 6) {
966 /*
967 * That's the RFC 1573 value for Ethernet;
968 * map it to DLT_EN10MB.
969 */
970 datalink = 1;
971 }
972 } else if (strncmp(ifacename, "et", 2) == 0) {
973 if (datalink == 7) {
974 /*
975 * That's the RFC 1573 value for 802.3;
976 * map it to DLT_EN10MB.
977 *
978 * (libpcap, tcpdump, Wireshark, etc. don't
979 * care if it's Ethernet or 802.3.)
980 */
981 datalink = 1;
982 }
983 } else if (strncmp(ifacename, "tr", 2) == 0) {
984 if (datalink == 9) {
985 /*
986 * That's the RFC 1573 value for 802.5 (Token Ring);
987 * map it to DLT_IEEE802, which is what's used for
988 * Token Ring.
989 */
990 datalink = 6;
991 }
992 } else if (strncmp(ifacename, "fi", 2) == 0) {
993 if (datalink == 15) {
994 /*
995 * That's the RFC 1573 value for FDDI;
996 * map it to DLT_FDDI.
997 */
998 datalink = 10;
999 }
1000 } else if (strncmp(ifacename, "lo", 2) == 0) {
1001 if (datalink == 24) {
1002 /*
1003 * That's the RFC 1573 value for "software loopback"
1004 * devices; map it to DLT_NULL, which is what's used
1005 * for loopback devices on BSD.
1006 */
1007 datalink = 0;
1008 }
1009 }
1010 #endif
1011
1012 return datalink;
1013 }
1014
1015 /* Set the data link type on a pcap. */
1016 bool
1017 set_pcap_datalink(pcap_t *pcap_h, int datalink, char *name,
1018 char *errmsg, size_t errmsg_len,
1019 char *secondary_errmsg, size_t secondary_errmsg_len)
1020 {
1021 char *set_datalink_err_str;
1022
1023 if (datalink == -1)
1024 return true; /* just use the default */
1025 if (pcap_set_datalink(pcap_h, datalink) == 0)
1026 return true; /* no error */
1027 set_datalink_err_str = pcap_geterr(pcap_h);
1028 snprintf(errmsg, errmsg_len, "Unable to set data link type on interface '%s' (%s).",
1029 name, set_datalink_err_str);
1030 /*
1031 * If the error isn't "XXX is not one of the DLTs supported by this device",
1032 * tell the user to tell the Wireshark developers about it.
1033 */
1034 if (strstr(set_datalink_err_str, "is not one of the DLTs supported by this device") == NULL)
1035 snprintf(secondary_errmsg, secondary_errmsg_len,
1036 "%s", please_report_bug());
1037 else
1038 secondary_errmsg[0] = '\0';
1039 return false;
1040 }
1041
1042 static data_link_info_t *
1043 create_data_link_info(int dlt)
1044 {
1045 data_link_info_t *data_link_info;
1046 const char *text;
1047
1048 data_link_info = g_new(data_link_info_t, 1);
1049 data_link_info->dlt = dlt;
1050 text = pcap_datalink_val_to_name(dlt);
1051 if (text != NULL)
1052 data_link_info->name = g_strdup(text);
1053 else
1054 data_link_info->name = ws_strdup_printf("DLT %d", dlt);
1055 text = pcap_datalink_val_to_description(dlt);
1056 data_link_info->description = g_strdup(text);
1057 return data_link_info;
1058 }
1059
1060 static GList *
1061 get_data_link_types(pcap_t *pch, interface_options *interface_opts,
1062 cap_device_open_status *status, char **status_str)
1063 {
1064 GList *data_link_types;
1065 int deflt;
1066 int *linktypes;
1067 int i, nlt;
1068 data_link_info_t *data_link_info;
1069
1070 deflt = get_pcap_datalink(pch, interface_opts->name);
1071 nlt = pcap_list_datalinks(pch, &linktypes);
1072 if (nlt < 0) {
1073 /*
1074 * A negative return is an error.
1075 */
1076 #ifdef HAVE_PCAP_CREATE
1077 /*
1078 * If we have pcap_create(), we have
1079 * pcap_statustostr(), and we can get back errors
1080 * other than PCAP_ERROR (-1), such as
1081 * PCAP_ERROR_NOT_ACTIVATED. and we should report
1082 * them properly.
1083 */
1084 switch (nlt) {
1085
1086 case PCAP_ERROR:
1087 *status = CAP_DEVICE_OPEN_ERROR_OTHER;
1088 *status_str = ws_strdup_printf("pcap_list_datalinks() failed: %s",
1089 pcap_geterr(pch));
1090 break;
1091
1092 default:
1093 /*
1094 * This "shouldn't happen".
1095 */
1096 *status = CAP_DEVICE_OPEN_ERROR_OTHER;
1097 *status_str = ws_strdup_printf("pcap_list_datalinks() failed: %s - %s",
1098 pcap_statustostr(nlt), pcap_geterr(pch));
1099 break;
1100 }
1101 #else /* HAVE_PCAP_CREATE */
1102 *status = CAP_DEVICE_OPEN_ERROR_OTHER;
1103 *status_str = ws_strdup_printf("pcap_list_datalinks() failed: %s",
1104 pcap_geterr(pch));
1105 #endif /* HAVE_PCAP_CREATE */
1106 return NULL;
1107 }
1108 data_link_types = NULL;
1109 for (i = 0; i < nlt; i++) {
1110 data_link_info = create_data_link_info(linktypes[i]);
1111
1112 /*
1113 * XXX - for 802.11, make the most detailed 802.11
1114 * version the default, rather than the one the
1115 * device has as the default?
1116 */
1117 if (linktypes[i] == deflt)
1118 data_link_types = g_list_prepend(data_link_types,
1119 data_link_info);
1120 else
1121 data_link_types = g_list_append(data_link_types,
1122 data_link_info);
1123 }
1124 #ifdef HAVE_PCAP_FREE_DATALINKS
1125 pcap_free_datalinks(linktypes);
1126 #else
1127 /*
1128 * In Windows, there's no guarantee that if you have a library
1129 * built with one version of the MSVC++ run-time library, and
1130 * it returns a pointer to allocated data, you can free that
1131 * data from a program linked with another version of the
1132 * MSVC++ run-time library.
1133 *
1134 * This is not an issue on UN*X.
1135 *
1136 * See the mail threads starting at
1137 *
1138 * https://www.winpcap.org/pipermail/winpcap-users/2006-September/001421.html
1139 *
1140 * and
1141 *
1142 * https://www.winpcap.org/pipermail/winpcap-users/2008-May/002498.html
1143 */
1144 #ifndef _WIN32
1145 #define xx_free free /* hack so checkAPIs doesn't complain */
1146 xx_free(linktypes);
1147 #endif /* _WIN32 */
1148 #endif /* HAVE_PCAP_FREE_DATALINKS */
1149
1150 *status_str = NULL;
1151 return data_link_types;
1152 }
1153
1154 /* Get supported timestamp types for a libpcap device. */
1155 static GList*
1156 get_pcap_timestamp_types(pcap_t *pch _U_, char **err_str _U_)
1157 {
1158 GList *list = NULL;
1159 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1160 int *types;
1161 int ntypes = pcap_list_tstamp_types(pch, &types);
1162
1163 if (err_str)
1164 *err_str = ntypes < 0 ? pcap_geterr(pch) : NULL;
1165
1166 if (ntypes <= 0)
1167 return NULL;
1168
1169 while (ntypes--) {
1170 timestamp_info_t *info = (timestamp_info_t *)g_malloc(sizeof *info);
1171 info->name = g_strdup(pcap_tstamp_type_val_to_name(types[ntypes]));
1172 info->description = g_strdup(pcap_tstamp_type_val_to_description(types[ntypes]));
1173 list = g_list_prepend(list, info);
1174 }
1175
1176 pcap_free_tstamp_types(types);
1177 #endif
1178 return list;
1179 }
1180
1181 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
1182 /*
1183 * Request high-resolution time stamps.
1184 *
1185 * If this fails with PCAP_ERROR_TSTAMP_PRECISION_NOTSUP, that means
1186 * that boring old microsecond-resolution time stamps are all that
1187 * are supported, so we just live with that.
1188 */
1189 static int
1190 request_high_resolution_timestamp(pcap_t *pcap_h)
1191 {
1192 int status;
1193
1194 #ifdef __APPLE__
1195 /*
1196 * On macOS, if you build with a newer SDK, pcap_set_tstamp_precision()
1197 * is available, so the code will be built with it.
1198 *
1199 * However, if you then try to run on an older release that
1200 * doesn't have pcap_set_tstamp_precision(), the dynamic linker
1201 * will fail, as it won't find pcap_set_tstamp_precision().
1202 *
1203 * libpcap doesn't use macOS "weak linking" for new routines,
1204 * so we can't just check whether a pointer to
1205 * pcap_set_tstamp_precision() is null and, if it is, not
1206 * call it. We have to, instead, use dlopen() to load
1207 * libpcap, and dlsym() to find a pointer to pcap_set_tstamp_precision(),
1208 * and if we find the pointer, call it.
1209 */
1210 static bool initialized = false;
1211 static int (*p_pcap_set_tstamp_precision)(pcap_t *, int);
1212
1213 if (!initialized) {
1214 p_pcap_set_tstamp_precision =
1215 (int (*)(pcap_t *, int))
1216 dlsym(RTLD_NEXT, "pcap_set_tstamp_precision");
1217 initialized = true;
1218 }
1219 if (p_pcap_set_tstamp_precision != NULL) {
1220 status = (*p_pcap_set_tstamp_precision)(pcap_h,
1221 PCAP_TSTAMP_PRECISION_NANO);
1222 } else {
1223 /*
1224 * Older libpcap, which doesn't have support
1225 * for setting the time stamp resolution.
1226 */
1227 status = PCAP_ERROR_TSTAMP_PRECISION_NOTSUP;
1228 }
1229 #else /* __APPLE__ */
1230 /*
1231 * On other UN*Xes we require that we be run on an OS version
1232 * with a libpcap equal to or later than the version with which
1233 * we were built.
1234 */
1235 status = pcap_set_tstamp_precision(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
1236 #endif /* __APPLE__ */
1237 if (status == PCAP_ERROR_TSTAMP_PRECISION_NOTSUP) {
1238 /* This isn't a fatal error. */
1239 status = 0;
1240 }
1241 return status;
1242 }
1243
1244 /*
1245 * Return true if the pcap_t in question is set up for high-precision
1246 * time stamps, false otherwise.
1247 */
1248 bool
1249 have_high_resolution_timestamp(pcap_t *pcap_h)
1250 {
1251 #ifdef __APPLE__
1252 /*
1253 * See above.
1254 */
1255 static bool initialized = false;
1256 static int (*p_pcap_get_tstamp_precision)(pcap_t *);
1257
1258 if (!initialized) {
1259 p_pcap_get_tstamp_precision =
1260 (int (*)(pcap_t *))
1261 dlsym(RTLD_NEXT, "pcap_get_tstamp_precision");
1262 initialized = true;
1263 }
1264 if (p_pcap_get_tstamp_precision != NULL)
1265 return (*p_pcap_get_tstamp_precision)(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
1266 else
1267 return false; /* Can't get implies couldn't set */
1268 #else /* __APPLE__ */
1269 /*
1270 * On other UN*Xes we require that we be run on an OS version
1271 * with a libpcap equal to or later than the version with which
1272 * we were built.
1273 */
1274 return pcap_get_tstamp_precision(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
1275 #endif /* __APPLE__ */
1276 }
1277
1278 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1279
1280 #ifdef HAVE_PCAP_CREATE
1281 #ifdef HAVE_BONDING
1282 static bool
1283 is_linux_bonding_device(const char *ifname)
1284 {
1285 int fd;
1286 struct ifreq ifr;
1287 ifbond ifb;
1288
1289 fd = socket(PF_INET, SOCK_DGRAM, 0);
1290 if (fd == -1)
1291 return false;
1292
1293 memset(&ifr, 0, sizeof ifr);
1294 (void) g_strlcpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name);
1295 memset(&ifb, 0, sizeof ifb);
1296 ifr.ifr_data = (caddr_t)&ifb;
1297 #if defined(SIOCBONDINFOQUERY)
1298 if (ioctl(fd, SIOCBONDINFOQUERY, &ifr) == 0) {
1299 close(fd);
1300 return true;
1301 }
1302 #else
1303 if (ioctl(fd, BOND_INFO_QUERY_OLD, &ifr) == 0) {
1304 close(fd);
1305 return true;
1306 }
1307 #endif
1308
1309 close(fd);
1310 return false;
1311 }
1312 #else
1313 static bool
1314 is_linux_bonding_device(const char *ifname _U_)
1315 {
1316 return false;
1317 }
1318 #endif
1319
1320 if_capabilities_t *
1321 get_if_capabilities_pcap_create(interface_options *interface_opts,
1322 cap_device_open_status *open_status, char **open_status_str)
1323 {
1324 if_capabilities_t *caps;
1325 char errbuf[PCAP_ERRBUF_SIZE];
1326 pcap_t *pch;
1327 int status;
1328
1329 pch = pcap_create(interface_opts->name, errbuf);
1330 if (pch == NULL) {
1331 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1332 *open_status_str = g_strdup(errbuf);
1333 return NULL;
1334 }
1335
1336 if (is_linux_bonding_device(interface_opts->name)) {
1337 /*
1338 * Linux bonding device; not Wi-Fi, so no monitor mode, and
1339 * calling pcap_can_set_rfmon() might get a "no such device"
1340 * error.
1341 */
1342 status = 0;
1343 } else {
1344 /*
1345 * Not a Linux bonding device, so go ahead.
1346 */
1347 status = pcap_can_set_rfmon(pch);
1348 }
1349 if (status < 0) {
1350 /* Error. */
1351 switch (status) {
1352
1353 case PCAP_ERROR_NO_SUCH_DEVICE:
1354 *open_status = CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE;
1355 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s",
1356 pcap_geterr(pch));
1357 break;
1358
1359 case PCAP_ERROR_PERM_DENIED:
1360 *open_status = CAP_DEVICE_OPEN_ERROR_PERM_DENIED;
1361 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s",
1362 pcap_geterr(pch));
1363 break;
1364
1365 case PCAP_ERROR:
1366 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1367 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s",
1368 pcap_geterr(pch));
1369 break;
1370
1371 default:
1372 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1373 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s - %s",
1374 pcap_statustostr(status), pcap_geterr(pch));
1375 break;
1376 }
1377 pcap_close(pch);
1378 return NULL;
1379 }
1380 caps = (if_capabilities_t *)g_malloc0(sizeof *caps);
1381 if (status == 0)
1382 caps->can_set_rfmon = false;
1383 else if (status == 1) {
1384 caps->can_set_rfmon = true;
1385 if (interface_opts->monitor_mode) {
1386 status = pcap_set_rfmon(pch, 1);
1387 if (status < 0) {
1388 /*
1389 * This "should not happen".
1390 */
1391 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1392 *open_status_str = ws_strdup_printf("pcap_set_rfmon() returned %d",
1393 status);
1394 pcap_close(pch);
1395 g_free(caps);
1396 return NULL;
1397 }
1398 }
1399 } else {
1400 /*
1401 * This "should not happen".
1402 */
1403 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1404 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() returned %d",
1405 status);
1406 pcap_close(pch);
1407 g_free(caps);
1408 return NULL;
1409 }
1410
1411 status = pcap_activate(pch);
1412 if (status < 0) {
1413 /* Error. */
1414 switch (status) {
1415
1416 case PCAP_ERROR_NO_SUCH_DEVICE:
1417 *open_status = CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE;
1418 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1419 pcap_geterr(pch));
1420 break;
1421
1422 case PCAP_ERROR_PERM_DENIED:
1423 *open_status = CAP_DEVICE_OPEN_ERROR_PERM_DENIED;
1424 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1425 pcap_geterr(pch));
1426 break;
1427
1428 case PCAP_ERROR_IFACE_NOT_UP:
1429 *open_status = CAP_DEVICE_OPEN_ERROR_IFACE_NOT_UP;
1430 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1431 pcap_geterr(pch));
1432 break;
1433
1434 case PCAP_ERROR:
1435 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1436 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1437 pcap_geterr(pch));
1438 break;
1439
1440 default:
1441 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1442 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s - %s",
1443 pcap_statustostr(status), pcap_geterr(pch));
1444 break;
1445 }
1446 pcap_close(pch);
1447 g_free(caps);
1448 return NULL;
1449 }
1450
1451 caps->data_link_types = get_data_link_types(pch, interface_opts,
1452 open_status, open_status_str);
1453 if (caps->data_link_types == NULL) {
1454 pcap_close(pch);
1455 g_free(caps);
1456 return NULL;
1457 }
1458 if (interface_opts->monitor_mode) {
1459 caps->data_link_types_rfmon = caps->data_link_types;
1460 caps->data_link_types = NULL;
1461 }
1462
1463 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1464
1465 pcap_close(pch);
1466
1467 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1468 if (open_status_str != NULL)
1469 *open_status_str = NULL;
1470 return caps;
1471 }
1472
1473 static void
1474 set_open_status_str(int status, pcap_t *pcap_h,
1475 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1476 {
1477 switch (status) {
1478
1479 case PCAP_ERROR:
1480 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1481 sizeof *open_status_str);
1482 break;
1483
1484 default:
1485 (void) g_strlcpy(*open_status_str, pcap_statustostr(status),
1486 sizeof *open_status_str);
1487 break;
1488 }
1489 }
1490
1491 pcap_t *
1492 open_capture_device_pcap_create(
1493 capture_options* capture_opts _U_,
1494 interface_options *interface_opts, int timeout,
1495 cap_device_open_status *open_status,
1496 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1497 {
1498 pcap_t *pcap_h;
1499 int status;
1500
1501 ws_debug("Calling pcap_create() using %s.", interface_opts->name);
1502 pcap_h = pcap_create(interface_opts->name, *open_status_str);
1503 ws_debug("pcap_create() returned %p.", (void *)pcap_h);
1504 if (pcap_h == NULL) {
1505 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1506 return NULL;
1507 }
1508 if (interface_opts->has_snaplen) {
1509 ws_debug("Calling pcap_set_snaplen() with snaplen %d.",
1510 interface_opts->snaplen);
1511 status = pcap_set_snaplen(pcap_h, interface_opts->snaplen);
1512 if (status < 0) {
1513 /* Error. */
1514 set_open_status_str(status, pcap_h, open_status_str);
1515 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1516 pcap_close(pcap_h);
1517 return NULL;
1518 }
1519 }
1520 ws_debug("Calling pcap_set_promisc() with promisc_mode %d.",
1521 interface_opts->promisc_mode);
1522 status = pcap_set_promisc(pcap_h, interface_opts->promisc_mode);
1523 if (status < 0) {
1524 /* Error. */
1525 set_open_status_str(status, pcap_h, open_status_str);
1526 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1527 pcap_close(pcap_h);
1528 return NULL;
1529 }
1530 status = pcap_set_timeout(pcap_h, timeout);
1531 if (status < 0) {
1532 /* Error. */
1533 set_open_status_str(status, pcap_h, open_status_str);
1534 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1535 pcap_close(pcap_h);
1536 return NULL;
1537 }
1538
1539 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
1540 /*
1541 * Try to enable nanosecond-resolution capture; any code
1542 * that can read pcapng files must be able to handle
1543 * nanosecond-resolution time stamps. We think at this
1544 * point that code that reads pcap files should recognize
1545 * the nanosecond-resolution pcap file magic number. If
1546 * it doesn't, we can downconvert via a program that
1547 * uses libwiretap.
1548 *
1549 * We don't care whether this succeeds or fails; if it
1550 * fails (because we don't have pcap_set_tstamp_precision(),
1551 * or because we do but the OS or device doesn't support
1552 * nanosecond resolution timing), we just use the microsecond-
1553 * resolution time stamps we get.
1554 */
1555 status = request_high_resolution_timestamp(pcap_h);
1556 if (status < 0) {
1557 /* Error. */
1558 set_open_status_str(status, pcap_h, open_status_str);
1559 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1560 pcap_close(pcap_h);
1561 return NULL;
1562 }
1563 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1564
1565 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1566 if (interface_opts->timestamp_type) {
1567 status = pcap_set_tstamp_type(pcap_h, interface_opts->timestamp_type_id);
1568 /*
1569 * XXX - what if it fails because that time stamp type
1570 * isn't supported?
1571 */
1572 if (status < 0) {
1573 set_open_status_str(status, pcap_h, open_status_str);
1574 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1575 pcap_close(pcap_h);
1576 return NULL;
1577 }
1578 }
1579 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1580
1581 ws_debug("buffersize %d.", interface_opts->buffer_size);
1582 if (interface_opts->buffer_size != 0) {
1583 status = pcap_set_buffer_size(pcap_h,
1584 interface_opts->buffer_size * 1024 * 1024);
1585 if (status < 0) {
1586 set_open_status_str(status, pcap_h, open_status_str);
1587 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1588 pcap_close(pcap_h);
1589 return NULL;
1590 }
1591 }
1592 ws_debug("monitor_mode %d.", interface_opts->monitor_mode);
1593 if (interface_opts->monitor_mode) {
1594 status = pcap_set_rfmon(pcap_h, 1);
1595 if (status < 0) {
1596 set_open_status_str(status, pcap_h, open_status_str);
1597 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1598 pcap_close(pcap_h);
1599 return NULL;
1600 }
1601 }
1602 status = pcap_activate(pcap_h);
1603 ws_debug("pcap_activate() returned %d.", status);
1604 if (status < 0) {
1605 /* Failed to activate, set to NULL */
1606 switch (status) {
1607
1608 case PCAP_ERROR_NO_SUCH_DEVICE:
1609 *open_status = CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE;
1610 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1611 sizeof *open_status_str);
1612 break;
1613
1614 case PCAP_ERROR_PERM_DENIED:
1615 *open_status = CAP_DEVICE_OPEN_ERROR_PERM_DENIED;
1616 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1617 sizeof *open_status_str);
1618 break;
1619
1620 #ifdef HAVE_PCAP_ERROR_PROMISC_PERM_DENIED
1621 case PCAP_ERROR_PROMISC_PERM_DENIED:
1622 *open_status = CAP_DEVICE_OPEN_ERROR_PROMISC_PERM_DENIED;
1623 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1624 sizeof *open_status_str);
1625 break;
1626 #endif
1627
1628 case PCAP_ERROR_RFMON_NOTSUP:
1629 *open_status = CAP_DEVICE_OPEN_ERROR_RFMON_NOTSUP;
1630 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1631 sizeof *open_status_str);
1632 break;
1633
1634 case PCAP_ERROR_IFACE_NOT_UP:
1635 *open_status = CAP_DEVICE_OPEN_ERROR_IFACE_NOT_UP;
1636 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1637 sizeof *open_status_str);
1638 break;
1639
1640 case PCAP_ERROR:
1641 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1642 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1643 sizeof *open_status_str);
1644 break;
1645
1646 default:
1647 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1648 snprintf(*open_status_str, sizeof *open_status_str,
1649 "%s - %s", pcap_statustostr(status), pcap_geterr(pcap_h));
1650 break;
1651 }
1652 pcap_close(pcap_h);
1653 return NULL;
1654 }
1655 if (status > 0) {
1656 /*
1657 * Warning. The call succeeded, but something happened
1658 * that the user might want to know.
1659 */
1660 switch (status) {
1661
1662 case PCAP_WARNING_PROMISC_NOTSUP:
1663 *open_status = CAP_DEVICE_OPEN_WARNING_PROMISC_NOTSUP;
1664 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1665 sizeof *open_status_str);
1666 break;
1667
1668 #ifdef HAVE_PCAP_WARNING_TSTAMP_TYPE_NOTSUP
1669 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1670 *open_status = CAP_DEVICE_OPEN_WARNING_TSTAMP_TYPE_NOTSUP;
1671 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1672 sizeof *open_status_str);
1673 break;
1674 #endif
1675
1676 case PCAP_WARNING:
1677 *open_status = CAP_DEVICE_OPEN_WARNING_OTHER;
1678 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1679 sizeof *open_status_str);
1680 break;
1681
1682 default:
1683 *open_status = CAP_DEVICE_OPEN_WARNING_OTHER;
1684 snprintf(*open_status_str, sizeof *open_status_str,
1685 "%s - %s", pcap_statustostr(status), pcap_geterr(pcap_h));
1686 break;
1687 }
1688 } else {
1689 /*
1690 * No warning issued.
1691 */
1692 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1693 }
1694 return pcap_h;
1695 }
1696 #endif /* HAVE_PCAP_CREATE */
1697
1698 if_capabilities_t *
1699 get_if_capabilities_pcap_open_live(interface_options *interface_opts,
1700 cap_device_open_status *open_status, char **open_status_str)
1701 {
1702 if_capabilities_t *caps;
1703 char errbuf[PCAP_ERRBUF_SIZE];
1704 pcap_t *pch;
1705
1706 pch = pcap_open_live(interface_opts->name, MIN_PACKET_SIZE, 0, 0,
1707 errbuf);
1708 if (pch == NULL) {
1709 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1710 *open_status_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
1711 return NULL;
1712 }
1713
1714 caps = (if_capabilities_t *)g_malloc0(sizeof *caps);
1715 caps->can_set_rfmon = false;
1716 caps->data_link_types = get_data_link_types(pch, interface_opts,
1717 open_status, open_status_str);
1718 if (caps->data_link_types == NULL) {
1719 pcap_close(pch);
1720 g_free(caps);
1721 return NULL;
1722 }
1723
1724 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1725
1726 pcap_close(pch);
1727
1728 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1729 *open_status_str = NULL;
1730 return caps;
1731 }
1732
1733 pcap_t *
1734 open_capture_device_pcap_open_live(interface_options *interface_opts,
1735 int timeout, cap_device_open_status *open_status,
1736 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1737 {
1738 pcap_t *pcap_h;
1739 int snaplen;
1740
1741 if (interface_opts->has_snaplen)
1742 snaplen = interface_opts->snaplen;
1743 else {
1744 /*
1745 * Default - use the non-D-Bus maximum snapshot length of
1746 * 256KB, which should be big enough (libpcap didn't get
1747 * D-Bus support until after it goet pcap_create() and
1748 * pcap_activate(), so we don't have D-Bus support and
1749 * don't have to worry about really huge packets).
1750 */
1751 snaplen = 256*1024;
1752 }
1753 ws_debug("pcap_open_live() calling using name %s, snaplen %d, promisc_mode %d.",
1754 interface_opts->name, snaplen, interface_opts->promisc_mode);
1755 /*
1756 * This might succeed but put a messsage in *open_status_str;
1757 * that means that a warning was issued.
1758 *
1759 * Clear the error message buffer, so that if it's not an empty
1760 * string after the call, we know a warning was issued.
1761 */
1762 (*open_status_str)[0] = '\0';
1763 pcap_h = pcap_open_live(interface_opts->name, snaplen,
1764 interface_opts->promisc_mode, timeout, *open_status_str);
1765 ws_debug("pcap_open_live() returned %p.", (void *)pcap_h);
1766 if (pcap_h == NULL) {
1767 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1768 return NULL;
1769 }
1770 if ((*open_status_str)[0] != '\0') {
1771 /*
1772 * Warning. The call succeeded, but something happened
1773 * that the user might want to know.
1774 */
1775 *open_status = CAP_DEVICE_OPEN_WARNING_OTHER;
1776 } else {
1777 /*
1778 * No warning issued.
1779 */
1780 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1781 }
1782
1783 #ifdef _WIN32
1784 /* Try to set the capture buffer size. */
1785 if (interface_opts->buffer_size > 1) {
1786 /*
1787 * We have no mechanism to report a warning if this
1788 * fails; we just keep capturing with the smaller buffer,
1789 * as is the case on systems with BPF and pcap_create()
1790 * and pcap_set_buffer_size(), where pcap_activate() just
1791 * silently clamps the buffer size to the maximum.
1792 */
1793 pcap_setbuff(pcap_h, interface_opts->buffer_size * 1024 * 1024);
1794 }
1795 #endif
1796
1797 return pcap_h;
1798 }
1799
1800 /*
1801 * Get the capabilities of a network device.
1802 */
1803 if_capabilities_t *
1804 get_if_capabilities(interface_options *interface_opts,
1805 cap_device_open_status *status, char **status_str)
1806 {
1807 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1808 if_capabilities_t *caps;
1809 char errbuf[PCAP_ERRBUF_SIZE];
1810 pcap_t *pch;
1811 int deflt;
1812 data_link_info_t *data_link_info;
1813
1814 if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
1815 struct pcap_rmtauth auth;
1816
1817 auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
1818 RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
1819 auth.username = interface_opts->auth_username;
1820 auth.password = interface_opts->auth_password;
1821
1822 /*
1823 * WinPcap 4.1.2, and possibly earlier versions, have a bug
1824 * wherein, when an open with an rpcap: URL fails, the error
1825 * message for the error is not copied to errbuf and whatever
1826 * on-the-stack junk is in errbuf is treated as the error
1827 * message.
1828 *
1829 * To work around that (and any other bugs of that sort), we
1830 * initialize errbuf to an empty string. If we get an error
1831 * and the string is empty, we report it as an unknown error.
1832 * (If we *don't* get an error, and the string is *non*-empty,
1833 * that could be a warning returned, such as "can't turn
1834 * promiscuous mode on"; we currently don't do so.)
1835 */
1836 errbuf[0] = '\0';
1837 pch = pcap_open(interface_opts->name, MIN_PACKET_SIZE, 0, 0, &auth,
1838 errbuf);
1839 if (pch == NULL) {
1840 /*
1841 * We don't know whether it's a permission error or not.
1842 * And, if it is, the user will either have to ask for
1843 * permission for their own remote account or will have
1844 * to use an account that *does* have permissions.
1845 */
1846 *status = CAP_DEVICE_OPEN_ERROR_GENERIC;
1847 if (strcmp(errbuf, "not supported") == 0) {
1848 /*
1849 * macOS 14's pcap_open(), which is a stub that
1850 * always returns NULL with an error message of
1851 * "not supported".
1852 *
1853 * In this case, as we passed it an rpcap://
1854 * URL, treat that as meaning "remote capture
1855 * not supported".
1856 */
1857 g_strlcpy(errbuf, "Remote capture not supported",
1858 PCAP_ERRBUF_SIZE);
1859 }
1860 *status_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
1861 return NULL;
1862 }
1863
1864 caps = (if_capabilities_t *)g_malloc0(sizeof *caps);
1865 caps->can_set_rfmon = false;
1866 caps->data_link_types = NULL;
1867 deflt = get_pcap_datalink(pch, interface_opts->name);
1868 data_link_info = create_data_link_info(deflt);
1869 caps->data_link_types = g_list_append(caps->data_link_types, data_link_info);
1870 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1871 pcap_close(pch);
1872
1873 /*
1874 * This doesn't return warnings for remote devices, and
1875 * we don't use it for local devices.
1876 */
1877 *status = CAP_DEVICE_OPEN_NO_ERR;
1878 *status_str = NULL;
1879 return caps;
1880 }
1881 #endif /* defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE) */
1882
1883 /*
1884 * Local interface.
1885 */
1886 return get_if_capabilities_local(interface_opts, status, status_str);
1887 }
1888
1889 pcap_t *
1890 open_capture_device(capture_options *capture_opts,
1891 interface_options *interface_opts, int timeout,
1892 cap_device_open_status *open_status,
1893 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1894 {
1895 pcap_t *pcap_h;
1896 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1897 struct pcap_rmtauth auth;
1898 #endif
1899
1900 /* Open the network interface to capture from it.
1901 Some versions of libpcap may put warnings into the error buffer
1902 if they succeed; to tell if that's happened, we have to clear
1903 the error buffer, and check if it's still a null string. */
1904 ws_debug("Entering open_capture_device().");
1905 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1906 (*open_status_str)[0] = '\0';
1907 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1908 /*
1909 * If we're opening a remote device, use pcap_open(); that's currently
1910 * the only open routine that supports remote devices.
1911 */
1912 if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
1913 int snaplen;
1914
1915 auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
1916 RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
1917 auth.username = interface_opts->auth_username;
1918 auth.password = interface_opts->auth_password;
1919
1920 if (interface_opts->has_snaplen)
1921 snaplen = interface_opts->snaplen;
1922 else {
1923 /*
1924 * Default - use the non-D-Bus maximum snapshot length,
1925 * which should be big enough, except for D-Bus.
1926 */
1927 snaplen = 256*1024;
1928 }
1929 ws_debug("Calling pcap_open() using name %s, snaplen %d, promisc_mode %d, datatx_udp %d, nocap_rpcap %d.",
1930 interface_opts->name, snaplen,
1931 interface_opts->promisc_mode, interface_opts->datatx_udp,
1932 interface_opts->nocap_rpcap);
1933 pcap_h = pcap_open(interface_opts->name, snaplen,
1934 /* flags */
1935 (interface_opts->promisc_mode ? PCAP_OPENFLAG_PROMISCUOUS : 0) |
1936 (interface_opts->datatx_udp ? PCAP_OPENFLAG_DATATX_UDP : 0) |
1937 (interface_opts->nocap_rpcap ? PCAP_OPENFLAG_NOCAPTURE_RPCAP : 0),
1938 timeout, &auth, *open_status_str);
1939 if (pcap_h == NULL) {
1940 /*
1941 * Error.
1942 *
1943 * We don't know whether it's a permission error
1944 * or not.
1945 * (If it is, maybe we can give ourselves permission
1946 * or maybe we just have to ask politely for
1947 * permission.)
1948 */
1949 *open_status = CAP_DEVICE_OPEN_ERROR_GENERIC;
1950 if (strcmp(*open_status_str, "not supported") == 0) {
1951 /*
1952 * macOS 14's pcap_open(), which is a stub
1953 * that always returns NULL with an error
1954 * message of "not supported".
1955 *
1956 * In this case, as we passed it an rpcap://
1957 * URL, treat that as meaning "remote capture
1958 * not supported".
1959 */
1960 g_strlcpy(*open_status_str,
1961 "Remote capture not supported",
1962 PCAP_ERRBUF_SIZE);
1963 }
1964
1965 /* Did pcap actually supply an error message? */
1966 if ((*open_status_str)[0] == '\0') {
1967 /*
1968 * Work around known WinPcap bug wherein
1969 * no error message is filled in on a
1970 * failure to open an rpcap: URL.
1971 */
1972 (void) g_strlcpy(*open_status_str,
1973 "Unknown error (pcap bug; actual error cause not reported)",
1974 sizeof *open_status_str);
1975 }
1976 }
1977 ws_debug("pcap_open() returned %p.", (void *)pcap_h);
1978 ws_debug("open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
1979 /*
1980 * This doesn't return warnings for remote devices, and
1981 * we don't use it for local devices.
1982 */
1983 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1984 return pcap_h;
1985 }
1986 #endif
1987
1988 pcap_h = open_capture_device_local(capture_opts, interface_opts,
1989 timeout, open_status, open_status_str);
1990 ws_debug("open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
1991 return pcap_h;
1992 }
1993
1994 /*
1995 * Platform-dependent suggestions for fixing permissions.
1996 */
1997
1998 #ifdef HAVE_LIBCAP
1999 #define LIBCAP_PERMISSIONS_SUGGESTION \
2000 "\n\n" \
2001 "If you did not install Wireshark from a package, ensure that Dumpcap " \
2002 "has the needed CAP_NET_RAW and CAP_NET_ADMIN capabilities by running " \
2003 "\n\n" \
2004 " sudo setcap cap_net_raw,cap_net_admin=ep {path/to/}dumpcap" \
2005 "\n\n" \
2006 "and then restarting Wireshark."
2007 #else
2008 #define LIBCAP_PERMISSIONS_SUGGESTION
2009 #endif
2010
2011 #if defined(__linux__)
2012 #define PLATFORM_PERMISSIONS_SUGGESTION \
2013 "\n\n" \
2014 "On Debian and Debian derivatives such as Ubuntu, if you have " \
2015 "installed Wireshark from a package, try running" \
2016 "\n\n" \
2017 " sudo dpkg-reconfigure wireshark-common" \
2018 "\n\n" \
2019 "selecting \"<Yes>\" in response to the question" \
2020 "\n\n" \
2021 " Should non-superusers be able to capture packets?" \
2022 "\n\n" \
2023 "adding yourself to the \"wireshark\" group by running" \
2024 "\n\n" \
2025 " sudo usermod -a -G wireshark {your username}" \
2026 "\n\n" \
2027 "and then logging out and logging back in again." \
2028 LIBCAP_PERMISSIONS_SUGGESTION
2029 #elif defined(__APPLE__)
2030 #define PLATFORM_PERMISSIONS_SUGGESTION \
2031 "\n\n" \
2032 "If you installed Wireshark using the package from wireshark.org, " \
2033 "close this dialog and click on the \"installing ChmodBPF\" link in " \
2034 "\"You can fix this by installing ChmodBPF.\" on the main screen, " \
2035 "and then complete the installation procedure."
2036 #else
2037 #define PLATFORM_PERMISSIONS_SUGGESTION
2038 #endif
2039
2040 #if defined(_WIN32)
2041 static const char *
2042 get_platform_pcap_failure_secondary_error_message(const char *open_status_str)
2043 {
2044 /*
2045 * The error string begins with the error produced by WinPcap
2046 * and Npcap if attempting to set promiscuous mode fails.
2047 * (Note that this string could have a specific error message
2048 * from an NDIS error after the initial part, so we do a prefix
2049 * check rather than an exact match check.)
2050 *
2051 * If this is with Npcap 1.71 through 1.73, which have bugs that
2052 * cause this error on Windows 11 with some drivers, suggest that
2053 * the user upgrade to the current version of Npcap;
2054 * otherwise, suggest that they turn off promiscuous mode
2055 * on that device.
2056 */
2057 static const char promisc_failed[] =
2058 "failed to set hardware filter to promiscuous mode";
2059
2060 if (strncmp(open_status_str, promisc_failed, sizeof promisc_failed - 1) == 0) {
2061 unsigned int npcap_major, npcap_minor;
2062
2063 if (caplibs_get_npcap_version(&npcap_major, &npcap_minor)) {
2064 if (npcap_major == 1 &&
2065 (npcap_minor >= 71 && npcap_minor <= 73)) {
2066 return
2067 "This is a bug in your version of Npcap.\n"
2068 "\n"
2069 "If you need to use promiscuous mode, you must upgrade to the current "
2070 "version of Npcap, which is available from https://npcap.com/\n"
2071 "\n"
2072 "Otherwise, turn off promiscuous mode for this device.";
2073 }
2074 }
2075 return
2076 "Please turn off promiscuous mode for this device.";
2077 }
2078 return NULL;
2079 }
2080 #elif defined(__linux__)
2081 static const char *
2082 get_platform_pcap_failure_secondary_error_message(const char *open_status_str)
2083 {
2084 /*
2085 * The error string is the message provided by libpcap on
2086 * Linux if an attempt to open a PF_PACKET socket failed
2087 * with EAFNOSUPPORT. This probably means that either 1)
2088 * the kernel doesn't have PF_PACKET support configured in
2089 * or 2) this is a Flatpak version of Wireshark that's been
2090 * sandboxed in a way that disallows opening PF_PACKET
2091 * sockets.
2092 *
2093 * Suggest that the user find some other package of
2094 * Wireshark if they want to capture traffic and are
2095 * running a Flatpak of Wireshark or that they configure
2096 * PF_PACKET support back in if it's configured out.
2097 */
2098 static const char af_notsup[] =
2099 "socket: Address family not supported by protocol";
2100
2101 if (strcmp(open_status_str, af_notsup) == 0) {
2102 return
2103 "If you are running Wireshark from a Flatpak package, "
2104 "it does not support packet capture; you will need "
2105 "to run a different version of Wireshark in order "
2106 "to capture traffic.\n"
2107 "\n"
2108 "Otherwise, if your machine is running a kernel that "
2109 "was not configured with CONFIG_PACKET, that kernel "
2110 "does not support packet capture; you will need to "
2111 "use a kernel configured with CONFIG_PACKET.";
2112 }
2113 return NULL;
2114 }
2115 #else
2116 static const char *
2117 get_platform_pcap_failure_secondary_error_message(const char *open_status_str _U_)
2118 {
2119 /* No such message for platforms not handled above. */
2120 return NULL;
2121 }
2122 #endif
2123
2124 const char *
2125 get_pcap_failure_secondary_error_message(cap_device_open_status open_status,
2126 const char *open_status_str)
2127 {
2128 const char *platform_secondary_error_message;
2129
2130 #ifdef _WIN32
2131 /*
2132 * On Windows, first make sure they *have* Npcap installed.
2133 */
2134 if (!has_wpcap) {
2135 return
2136 "In order to capture packets, Npcap or WinPcap must be installed. See\n"
2137 "\n"
2138 " https://npcap.com/\n"
2139 "\n"
2140 "for a downloadable version of Npcap and for instructions on how to\n"
2141 "install it.";
2142 }
2143 #endif
2144
2145 /*
2146 * OK, now just return a largely platform-independent error that might
2147 * have platform-specific suggestions at the end (for example, suggestions
2148 * for how to get permission to capture).
2149 */
2150 switch (open_status) {
2151
2152 case CAP_DEVICE_OPEN_NO_ERR:
2153 case CAP_DEVICE_OPEN_WARNING_PROMISC_NOTSUP:
2154 case CAP_DEVICE_OPEN_WARNING_TSTAMP_TYPE_NOTSUP:
2155 case CAP_DEVICE_OPEN_WARNING_OTHER:
2156 /* This should not happen, as those aren't errors. */
2157 return "";
2158
2159 case CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE:
2160 case CAP_DEVICE_OPEN_ERROR_RFMON_NOTSUP:
2161 case CAP_DEVICE_OPEN_ERROR_IFACE_NOT_UP:
2162 /*
2163 * Not clear what suggestions to make for these cases.
2164 */
2165 return "";
2166
2167 case CAP_DEVICE_OPEN_ERROR_PERM_DENIED:
2168 case CAP_DEVICE_OPEN_ERROR_PROMISC_PERM_DENIED:
2169 /*
2170 * This is a permissions error, so no need to specify any other
2171 * warnings.
2172 */
2173 return
2174 "Please check to make sure you have sufficient permissions."
2175 PLATFORM_PERMISSIONS_SUGGESTION;
2176 break;
2177
2178 case CAP_DEVICE_OPEN_ERROR_OTHER:
2179 case CAP_DEVICE_OPEN_ERROR_GENERIC:
2180 /*
2181 * We don't know what kind of error it is. See if there's a hint
2182 * in the error string; if not, throw all generic suggestions at
2183 * the user.
2184 *
2185 * First, check for some text that pops up in some errors.
2186 * Do platform-specific checks first.
2187 */
2188 platform_secondary_error_message =
2189 get_platform_pcap_failure_secondary_error_message(open_status_str);
2190 if (platform_secondary_error_message != NULL) {
2191 /* We got one, so return it. */
2192 return platform_secondary_error_message;
2193 }
2194
2195 /*
2196 * Not one of those particular problems. Was this a "generic"
2197 * error from pcap_open_live() or pcap_open(), in which case
2198 * it might be a permissions error?
2199 */
2200 if (open_status == CAP_DEVICE_OPEN_ERROR_GENERIC) {
2201 /* Yes. */
2202 return
2203 "Please check to make sure you have sufficient permissions, and that you have "
2204 "the proper interface or pipe specified."
2205 PLATFORM_PERMISSIONS_SUGGESTION;
2206 } else {
2207 /*
2208 * This is not a permissions error, so no need to suggest
2209 * checking permissions.
2210 */
2211 return
2212 "Please check that you have the proper interface or pipe specified.";
2213 }
2214 break;
2215
2216 default:
2217 /*
2218 * This is not a permissions error, so no need to suggest
2219 * checking permissions.
2220 */
2221 return
2222 "Please check that you have the proper interface or pipe specified.";
2223 break;
2224 }
2225 }
2226
2227 #endif /* HAVE_LIBPCAP */
2228
2229 /*
2230 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2231 *
2232 * Local variables:
2233 * c-basic-offset: 8
2234 * tab-width: 8
2235 * indent-tabs-mode: t
2236 * End:
2237 *
2238 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2239 * :indentSize=8:tabSize=8:noTabs=false:
2240 */
Metzes wireshark repo