search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dcerpc-netlogon: all netr_LogonControl[2[Ex]] calls have the same reply values
[wireshark-sm.git] / capture / capture-pcap-util.c
blobd53132a919fd5bcd991ceda1a1152f90740f7f80
1 /* capture-pcap-util.c
2 * Utility routines for packet capture
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #include "config.h"
12 #define WS_LOG_DOMAIN LOG_DOMAIN_CAPCHILD
13
14 #ifdef HAVE_LIBPCAP
15
16 #include <wireshark.h>
17
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include <limits.h>
21 #include <string.h>
22
23 #include <sys/types.h>
24
25 #ifdef HAVE_SYS_SOCKET_H
26 #include <sys/socket.h>
27 #endif
28
29 #ifdef __APPLE__
30 #include <dlfcn.h>
31 #endif
32
33 #include "ws_attributes.h"
34
35 /*
36 * Linux bonding devices mishandle unknown ioctls; they fail
37 * with ENODEV rather than ENOTSUP, EOPNOTSUPP, or ENOTTY,
38 * so pcap_can_set_rfmon() returns a "no such device" indication
39 * if we try to do SIOCGIWMODE on them.
40 *
41 * So, on Linux, we check for bonding devices, if we can, before
42 * trying pcap_can_set_rfmon(), as pcap_can_set_rfmon() will
43 * end up trying SIOCGIWMODE on the device if that ioctl exists.
44 */
45 #if defined(HAVE_PCAP_CREATE) && defined(__linux__)
46
47 #include <sys/ioctl.h>
48
49 /*
50 * If we're building for a Linux version that supports bonding,
51 * HAVE_BONDING will be defined.
52 */
53
54 #ifdef HAVE_LINUX_SOCKIOS_H
55 #include <linux/sockios.h>
56 #endif
57
58 #ifdef HAVE_LINUX_IF_BONDING_H
59 #include <linux/if_bonding.h>
60 #endif
61
62 #if defined(BOND_INFO_QUERY_OLD) || defined(SIOCBONDINFOQUERY)
63 #define HAVE_BONDING
64 #endif
65
66 #endif /* defined(HAVE_PCAP_CREATE) && defined(__linux__) */
67
68 #include "capture/capture_ifinfo.h"
69 #include "capture/capture-pcap-util.h"
70 #include "capture/capture-pcap-util-int.h"
71 #ifdef _WIN32
72 #include "capture/capture-wpcap.h"
73 #else
74 #define ws_pcap_findalldevs_ex pcap_findalldevs_ex
75 #endif
76
77 #include <wsutil/file_util.h>
78 #include <wsutil/please_report_bug.h>
79 #include <wsutil/wslog.h>
80
81 #ifndef _WIN32
82 #include <netinet/in.h>
83 #else
84 #include <ws2tcpip.h>
85 #endif
86
87 #ifdef _WIN32
88 #include "capture/capture_win_ifnames.h" /* windows friendly interface names */
89 #endif
90
91 #if defined(__FreeBSD__) || defined(__OpenBSD__)
92 /*
93 * Needed for the code to get a device description.
94 */
95 #include <errno.h>
96 #include <net/if.h>
97 #include <sys/sockio.h>
98 #include <sys/ioctl.h>
99 #endif
100
101 /*
102 * Given an interface name, find the "friendly name" and interface
103 * type for the interface.
104 */
105
106 #if defined(HAVE_MACOS_FRAMEWORKS)
107
108 #include <CoreFoundation/CoreFoundation.h>
109 #include <SystemConfiguration/SystemConfiguration.h>
110
111 #include <wsutil/cfutils.h>
112
113 /*
114 * On macOS, we get the "friendly name" and interface type for the interface
115 * from the System Configuration framework.
116 *
117 * To find the System Configuration framework information for the
118 * interface, we get all the interfaces that the System Configuration
119 * framework knows about and look for the one with a "BSD name" matching
120 * the interface name.
121 *
122 * If we find it, we use its "localized display name", if it has one, as
123 * the "friendly name".
124 *
125 * As for the interface type:
126 *
127 * Yes, fetching all the network addresses for an interface gets you an
128 * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes
129 * an SNMP MIB-II ifType value.
130 *
131 * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
132 * not IFT_IEEE80211 (which isn't defined in macOS in any case).
133 *
134 * Perhaps some other BSD-flavored OSes won't make this mistake;
135 * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
136 * made the same mistake, at least for my Belkin ZyDAS stick.
137 *
138 * SCNetworkInterfaceGetInterfaceType() will get the interface
139 * type. The interface type is a CFString, and:
140 *
141 * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
142 * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
143 * kSCNetworkInterfaceTypeModem or
144 * kSCNetworkInterfaceTypePPP or
145 * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
146 */
147 static void
148 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
149 const char *description _U_)
150 {
151 CFStringRef name_CFString;
152 CFArrayRef interfaces;
153 CFIndex num_interfaces;
154 CFIndex i;
155 SCNetworkInterfaceRef interface;
156 CFStringRef bsdname_CFString;
157 CFStringRef friendly_name_CFString;
158 CFStringRef interface_type_CFString;
159
160 interfaces = SCNetworkInterfaceCopyAll();
161 if (interfaces == NULL) {
162 /*
163 * Couldn't get a list of interfaces.
164 */
165 return;
166 }
167
168 name_CFString = CFStringCreateWithCString(kCFAllocatorDefault,
169 name, kCFStringEncodingUTF8);
170 if (name_CFString == NULL) {
171 /*
172 * Couldn't convert the interface name to a CFString.
173 */
174 CFRelease(interfaces);
175 return;
176 }
177
178 num_interfaces = CFArrayGetCount(interfaces);
179 for (i = 0; i < num_interfaces; i++) {
180 interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i);
181 bsdname_CFString = SCNetworkInterfaceGetBSDName(interface);
182 if (bsdname_CFString == NULL) {
183 /*
184 * This interface has no BSD name, so it's not
185 * a regular network interface.
186 */
187 continue;
188 }
189 if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) {
190 /*
191 * This is the interface.
192 * First, get the friendly name.
193 */
194 friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface);
195 if (friendly_name_CFString != NULL)
196 if_info->friendly_name = CFString_to_C_string(friendly_name_CFString);
197
198 /*
199 * Now get the interface type.
200 */
201 interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface);
202 if (CFStringCompare(interface_type_CFString,
203 kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo)
204 if_info->type = IF_WIRELESS;
205 else if (CFStringCompare(interface_type_CFString,
206 kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo)
207 if_info->type = IF_BLUETOOTH;
208 else if (CFStringCompare(interface_type_CFString,
209 kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo)
210 if_info->type = IF_DIALUP;
211 else if (CFStringCompare(interface_type_CFString,
212 kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo)
213 if_info->type = IF_DIALUP;
214 else if (CFStringCompare(interface_type_CFString,
215 kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo)
216 if_info->type = IF_DIALUP;
217 else
218 if_info->type = IF_WIRED;
219 break;
220 }
221 }
222
223 CFRelease(interfaces);
224 CFRelease(name_CFString);
225 }
226 #elif defined(__linux__)
227 /*
228 * Linux doesn't offer any form of "friendly name", but you can
229 * determine an interface type to some degree.
230 */
231 static void
232 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
233 const char *description _U_)
234 {
235 char *wireless_path;
236 ws_statb64 statb;
237
238 /*
239 * Look for /sys/class/net/{device}/wireless. If it exists,
240 * it's a wireless interface.
241 */
242 wireless_path = ws_strdup_printf("/sys/class/net/%s/wireless", name);
243 if (wireless_path != NULL) {
244 if (ws_stat64(wireless_path, &statb) == 0)
245 if_info->type = IF_WIRELESS;
246 g_free(wireless_path);
247 }
248 if (if_info->type == IF_WIRED) {
249 /*
250 * We still don't know what it is. Check for
251 * Bluetooth and USB devices.
252 */
253 if (strstr(name, "bluetooth") != NULL) {
254 /*
255 * XXX - this is for raw Bluetooth capture; what
256 * about IP-over-Bluetooth devices?
257 */
258 if_info->type = IF_BLUETOOTH;
259 } else if (strstr(name, "usbmon") != NULL)
260 if_info->type = IF_USB;
261 }
262 }
263 #elif !defined(_WIN32)
264 /*
265 * On other UN*Xes, if there is a description, it's a friendly
266 * name, and there is no vendor description. ("Other UN*Xes"
267 * currently means "FreeBSD and OpenBSD".)
268 */
269 static void
270 add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_,
271 const char *description)
272 {
273 if_info->friendly_name = g_strdup(description);
274 }
275 #endif
276
277 if_info_t *
278 if_info_get(const char *name)
279 {
280 char *description = NULL;
281 if_info_t *if_info;
282 #ifdef SIOCGIFDESCR
283 /*
284 * Try to fetch the description of this interface.
285 * XXX - this is only here because libpcap has no API to
286 * get the description of a *single* interface; it really
287 * needs both an API to get pcapng-IDB-style attributes
288 * for a single interface and to get a list of interfaces
289 * with pcapng-IDB-style attributes for each interface.
290 */
291 int s;
292 struct ifreq ifrdesc;
293 #ifndef IFDESCRSIZE
294 size_t descrlen = 64;
295 #else
296 size_t descrlen = IFDESCRSIZE;
297 #endif /* IFDESCRSIZE */
298
299 /*
300 * Get the description for the interface.
301 */
302 memset(&ifrdesc, 0, sizeof ifrdesc);
303 (void) g_strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
304 s = socket(AF_INET, SOCK_DGRAM, 0);
305 if (s >= 0) {
306 #ifdef __FreeBSD__
307 /*
308 * On FreeBSD, if the buffer isn't big enough for the
309 * description, the ioctl succeeds, but the description
310 * isn't copied, ifr_buffer.length is set to the description
311 * length, and ifr_buffer.buffer is set to NULL.
312 */
313 for (;;) {
314 g_free(description);
315 if ((description = (char*)g_malloc(descrlen)) != NULL) {
316 ifrdesc.ifr_buffer.buffer = description;
317 ifrdesc.ifr_buffer.length = descrlen;
318 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
319 if (ifrdesc.ifr_buffer.buffer ==
320 description)
321 break;
322 else
323 descrlen = ifrdesc.ifr_buffer.length;
324 } else {
325 /*
326 * Failed to get interface description.
327 */
328 g_free(description);
329 description = NULL;
330 break;
331 }
332 } else
333 break;
334 }
335 #else /* __FreeBSD__ */
336 /*
337 * The only other OS that currently supports
338 * SIOCGIFDESCR is OpenBSD, and it has no way
339 * to get the description length - it's clamped
340 * to a maximum of IFDESCRSIZE.
341 */
342 if ((description = (char*)g_malloc(descrlen)) != NULL) {
343 ifrdesc.ifr_data = (caddr_t)description;
344 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
345 /*
346 * Failed to get interface description.
347 */
348 g_free(description);
349 description = NULL;
350 }
351 }
352 #endif /* __FreeBSD__ */
353 close(s);
354 if (description != NULL && strlen(description) == 0) {
355 /*
356 * Description is empty, so discard it.
357 */
358 g_free(description);
359 description = NULL;
360 }
361 }
362
363 #ifdef __FreeBSD__
364 /*
365 * For FreeBSD, if we didn't get a description, and this is
366 * a device with a name of the form usbusN, label it as a USB
367 * bus.
368 */
369 if (description == NULL) {
370 if (strncmp(name, "usbus", 5) == 0) {
371 /*
372 * OK, it begins with "usbus".
373 */
374 long busnum;
375 char *p;
376
377 errno = 0;
378 busnum = strtol(name + 5, &p, 10);
379 if (errno == 0 && p != name + 5 && *p == '\0' &&
380 busnum >= 0 && busnum <= INT_MAX) {
381 /*
382 * OK, it's a valid number that's not
383 * bigger than INT_MAX. Construct
384 * a description from it.
385 */
386 static const char descr_prefix[] = "USB bus number ";
387 size_t descr_size;
388
389 /*
390 * Allow enough room for a 32-bit bus number.
391 * sizeof (descr_prefix) includes the
392 * terminating NUL.
393 */
394 descr_size = sizeof (descr_prefix) + 10;
395 description = g_malloc(descr_size);
396 if (description != NULL) {
397 snprintf(description, descr_size,
398 "%s%ld", descr_prefix, busnum);
399 }
400 }
401 }
402 }
403 #endif /* __FreeBSD__ */
404 #endif /* SIOCGIFDESCR */
405 if_info = if_info_new(name, description, false);
406 g_free(description);
407 return if_info;
408 }
409
410 if_addr_t *
411 if_addr_copy(const if_addr_t *addr)
412 {
413 if_addr_t *new_addr = g_new(if_addr_t, 1);
414 new_addr->ifat_type = addr->ifat_type;
415 switch (addr->ifat_type) {
416 case IF_AT_IPv4:
417 new_addr->addr.ip4_addr = addr->addr.ip4_addr;
418 break;
419 case IF_AT_IPv6:
420 memcpy(new_addr->addr.ip6_addr, addr->addr.ip6_addr, sizeof(addr->addr));
421 break;
422 default:
423 /* In case we add non-IP addresses */
424 break;
425 }
426 return new_addr;
427 }
428
429 static void*
430 if_addr_copy_cb(const void *data, void *user_data _U_)
431 {
432 return if_addr_copy((if_addr_t*)data);
433 }
434
435 void
436 if_info_free(if_info_t *if_info)
437 {
438 if (if_info == NULL) {
439 return;
440 }
441 g_free(if_info->name);
442 g_free(if_info->friendly_name);
443 g_free(if_info->vendor_description);
444 g_free(if_info->extcap);
445 g_slist_free_full(if_info->addrs, g_free);
446 if (if_info->caps) {
447 free_if_capabilities(if_info->caps);
448 }
449 g_free(if_info);
450 }
451
452 static void*
453 copy_linktype_cb(const void *data, void *user_data _U_)
454 {
455 data_link_info_t *linktype_info = (data_link_info_t *)data;
456
457 data_link_info_t *ret = g_new(data_link_info_t, 1);
458 ret->dlt = linktype_info->dlt;
459 ret->name = g_strdup(linktype_info->name);
460 ret->description = g_strdup(linktype_info->description);
461 return ret;
462 }
463
464 static void*
465 copy_timestamp_cb(const void *data, void *user_data _U_)
466 {
467 timestamp_info_t *timestamp_info = (timestamp_info_t *)data;
468
469 timestamp_info_t *ret = g_new(timestamp_info_t, 1);
470 ret->name = g_strdup(timestamp_info->name);
471 ret->description = g_strdup(timestamp_info->description);
472 return ret;
473 }
474
475 static if_capabilities_t *
476 if_capabilities_copy(const if_capabilities_t *caps)
477 {
478 if (caps == NULL) return NULL;
479
480 if_capabilities_t *ret = g_new(if_capabilities_t, 1);
481 ret->can_set_rfmon = caps->can_set_rfmon;
482 ret->data_link_types = g_list_copy_deep(caps->data_link_types, copy_linktype_cb, NULL);
483 ret->timestamp_types = g_list_copy_deep(caps->timestamp_types, copy_timestamp_cb, NULL);
484 ret->data_link_types_rfmon = g_list_copy_deep(caps->data_link_types_rfmon, copy_linktype_cb, NULL);
485 ret->primary_msg = g_strdup(caps->primary_msg);
486 ret->secondary_msg = caps->secondary_msg;
487
488 return ret;
489 }
490
491 if_info_t *
492 if_info_copy(const if_info_t *if_info)
493 {
494 if_info_t *new_if_info;
495 new_if_info = g_new(if_info_t, 1);
496 new_if_info->name = g_strdup(if_info->name);
497 /* g_strdup accepts NULL as input and returns NULL. */
498 new_if_info->friendly_name = g_strdup(if_info->friendly_name);
499 new_if_info->vendor_description = g_strdup(if_info->vendor_description);
500 new_if_info->addrs = g_slist_copy_deep(if_info->addrs, if_addr_copy_cb, NULL);
501 new_if_info->type = if_info->type;
502 new_if_info->loopback = if_info->loopback;
503 new_if_info->extcap = g_strdup(if_info->extcap);
504 new_if_info->caps = if_capabilities_copy(if_info->caps);
505
506 return new_if_info;
507 }
508
509 static void*
510 if_info_copy_cb(const void* data, void *user_data _U_)
511 {
512 return if_info_copy((const if_info_t*)data);
513 }
514
515 if_info_t *
516 if_info_new(const char *name, const char *description, bool loopback)
517 {
518 if_info_t *if_info;
519 #ifdef _WIN32
520 const char *guid_text;
521 GUID guid;
522 #endif
523
524 if_info = g_new(if_info_t, 1);
525 if_info->name = g_strdup(name);
526 if_info->friendly_name = NULL; /* default - unknown */
527 if_info->vendor_description = NULL;
528 if_info->type = IF_WIRED; /* default */
529 if_info->extcap = g_strdup("");
530 #ifdef _WIN32
531 /*
532 * Get the interface type.
533 *
534 * Much digging failed to reveal any obvious way to get something
535 * such as the SNMP MIB-II ifType value for an interface:
536 *
537 * https://www.iana.org/assignments/ianaiftype-mib/ianaiftype-mib
538 *
539 * by making some NDIS request. And even if there were such
540 * a way, there's no guarantee that the ifType reflects an
541 * interface type that a user would view as correct (for
542 * example, some systems report Wi-Fi interfaces as
543 * Ethernet interfaces).
544 *
545 * So we look for keywords in the vendor's interface
546 * description.
547 */
548 if (description && (strstr(description, "generic dialup") != NULL ||
549 strstr(description, "PPP/SLIP") != NULL)) {
550 if_info->type = IF_DIALUP;
551 } else if (description && (strstr(description, "Wireless") != NULL ||
552 strstr(description,"802.11") != NULL)) {
553 if_info->type = IF_WIRELESS;
554 } else if (description && (strstr(description, "AirPcap") != NULL ||
555 strstr(name, "airpcap") != NULL)) {
556 if_info->type = IF_AIRPCAP;
557 } else if (description && strstr(description, "Bluetooth") != NULL ) {
558 if_info->type = IF_BLUETOOTH;
559 } else if (description && strstr(description, "VMware") != NULL) {
560 /*
561 * Bridge, NAT, or host-only interface on a VMware host.
562 *
563 * XXX - what about guest interfaces?
564 */
565 if_info->type = IF_VIRTUAL;
566 }
567
568 /*
569 * On Windows, the "description" is a vendor description,
570 * and the friendly name isn't returned by Npcap/WinPcap.
571 * Fetch it ourselves.
572 */
573
574 /*
575 * Skip over the "\Device\NPF_" prefix in the device name,
576 * if present.
577 */
578 if (strncmp("\\Device\\NPF_", name, 12) == 0)
579 guid_text = name + 12;
580 else
581 guid_text = name;
582
583 /* Now try to parse what remains as a GUID. */
584 if (parse_as_guid(guid_text, &guid)) {
585 /*
586 * Success. Try to get a friendly name using the GUID.
587 * As this is a regular interface, the description is a
588 * vendor description.
589 */
590 if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid);
591 if_info->vendor_description = g_strdup(description);
592 } else {
593 /*
594 * This is probably not a regular interface; we only
595 * support NT 5 (W2K) and later, so all regular interfaces
596 * should have GUIDs at the end of the name. Therefore,
597 * the description, if supplied, is a friendly name
598 * provided by WinPcap, and there is no vendor
599 * description.
600 */
601 if_info->friendly_name = g_strdup(description);
602 if_info->vendor_description = NULL;
603 }
604 #else
605 /*
606 * On UN*X, if there is a description, it's a friendly
607 * name, and there is no vendor description.
608 *
609 * Try the platform's way of getting a friendly name and
610 * interface type first.
611 *
612 * If that fails, then, for a loopback interface, give it the
613 * friendly name "Loopback" and, for VMware interfaces,
614 * give them the type IF_VIRTUAL.
615 */
616 add_unix_interface_ifinfo(if_info, name, description);
617 if (if_info->type == IF_WIRED) {
618 /*
619 * This is the default interface type.
620 *
621 * Bridge, NAT, or host-only interfaces on VMWare hosts
622 * have the name vmnet[0-9]+. Guests might use a native
623 * (LANCE or E1000) driver or the vmxnet driver. Check
624 * the name.
625 */
626 if (g_ascii_strncasecmp(name, "vmnet", 5) == 0)
627 if_info->type = IF_VIRTUAL;
628 else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0)
629 if_info->type = IF_VIRTUAL;
630 }
631 if (if_info->friendly_name == NULL) {
632 /*
633 * We couldn't get interface information using platform-
634 * dependent calls.
635 *
636 * If this is a loopback interface, give it a
637 * "friendly name" of "Loopback".
638 */
639 if (loopback)
640 if_info->friendly_name = g_strdup("Loopback");
641 }
642 if_info->vendor_description = NULL;
643 #endif
644 if_info->loopback = loopback;
645 if_info->addrs = NULL;
646 if_info->caps = NULL;
647 return if_info;
648 }
649
650 void
651 if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
652 {
653 if_addr_t *if_addr;
654 struct sockaddr_in *ai;
655 struct sockaddr_in6 *ai6;
656
657 switch (addr->sa_family) {
658
659 case AF_INET:
660 ai = (struct sockaddr_in *)(void *)addr;
661 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
662 if_addr->ifat_type = IF_AT_IPv4;
663 if_addr->addr.ip4_addr = ai->sin_addr.s_addr;
664 if_info->addrs = g_slist_prepend(if_info->addrs, if_addr);
665 break;
666
667 case AF_INET6:
668 ai6 = (struct sockaddr_in6 *)(void *)addr;
669 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
670 if_addr->ifat_type = IF_AT_IPv6;
671 memcpy((void *)&if_addr->addr.ip6_addr,
672 (void *)&ai6->sin6_addr.s6_addr,
673 sizeof if_addr->addr.ip6_addr);
674 if_info->addrs = g_slist_prepend(if_info->addrs, if_addr);
675 break;
676 }
677 }
678
679 /*
680 * Get all IP address information for the given interface.
681 */
682 static void
683 if_info_ip(if_info_t *if_info, pcap_if_t *d)
684 {
685 pcap_addr_t *a;
686
687 /* All addresses */
688 for (a = d->addresses; a != NULL; a = a->next) {
689 if (a->addr != NULL)
690 if_info_add_address(if_info, a->addr);
691 }
692
693 if(if_info->addrs){
694 if_info->addrs = g_slist_reverse(if_info->addrs);
695 }
696 }
697
698 #ifdef HAVE_PCAP_REMOTE
699 GList *
700 get_interface_list_findalldevs_ex(const char *hostname, const char *port,
701 int auth_type, const char *username,
702 const char *passwd, int *err, char **err_str)
703 {
704 char source[PCAP_BUF_SIZE];
705 struct pcap_rmtauth auth;
706 GList *il = NULL;
707 pcap_if_t *alldevs, *dev;
708 if_info_t *if_info;
709 /*
710 * WinPcap can overflow PCAP_ERRBUF_SIZE if the host is unreachable.
711 * Fudge a larger size.
712 */
713 char errbuf[PCAP_ERRBUF_SIZE*4];
714
715 if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
716 NULL, errbuf) == -1) {
717 *err = CANT_GET_INTERFACE_LIST;
718 if (strcmp(errbuf, "not supported") == 0) {
719 /*
720 * macOS 14's pcap_createsrcstr(), which is a
721 * stub that always returns -1 with an error
722 * message of "not supported".
723 *
724 * In this case, as we passed it an rpcap://
725 * URL, treat that as meaning "remote capture
726 * not supported".
727 */
728 g_strlcpy(errbuf, "Remote capture not supported",
729 PCAP_ERRBUF_SIZE);
730 }
731 if (err_str != NULL)
732 *err_str = cant_get_if_list_error_message(errbuf);
733 return NULL;
734 }
735
736 auth.type = auth_type;
737 auth.username = g_strdup(username);
738 auth.password = g_strdup(passwd);
739
740 if (ws_pcap_findalldevs_ex(source, &auth, &alldevs, errbuf) == -1) {
741 *err = CANT_GET_INTERFACE_LIST;
742 if (strcmp(errbuf, "not supported") == 0) {
743 /*
744 * macOS 14's pcap_findalldevs_ex(), which is a
745 * stub that always returns -1 with an error
746 * message of "not supported".
747 *
748 * In this case, as we passed it an rpcap://
749 * URL, treat that as meaning "remote capture
750 * not supported".
751 */
752 g_strlcpy(errbuf, "Remote capture not supported",
753 PCAP_ERRBUF_SIZE);
754 }
755 if (err_str != NULL)
756 *err_str = cant_get_if_list_error_message(errbuf);
757 g_free(auth.username);
758 g_free(auth.password);
759 return NULL;
760 }
761
762 if (alldevs == NULL) {
763 /*
764 * No interfaces found.
765 */
766 *err = 0;
767 if (err_str != NULL)
768 *err_str = NULL;
769 g_free(auth.username);
770 g_free(auth.password);
771 return NULL;
772 }
773
774 for (dev = alldevs; dev != NULL; dev = dev->next) {
775 if_info = if_info_new(dev->name, dev->description,
776 (dev->flags & PCAP_IF_LOOPBACK) ? true : false);
777 il = g_list_append(il, if_info);
778 if_info_ip(if_info, dev);
779 }
780 pcap_freealldevs(alldevs);
781 g_free(auth.username);
782 g_free(auth.password);
783
784 return il;
785 }
786 #endif
787
788 GList *
789 get_interface_list_findalldevs(int *err, char **err_str)
790 {
791 GList *il = NULL;
792 pcap_if_t *alldevs, *dev;
793 if_info_t *if_info;
794 char errbuf[PCAP_ERRBUF_SIZE];
795
796 if (pcap_findalldevs(&alldevs, errbuf) == -1) {
797 *err = CANT_GET_INTERFACE_LIST;
798 if (err_str != NULL)
799 *err_str = cant_get_if_list_error_message(errbuf);
800 return NULL;
801 }
802
803 if (alldevs == NULL) {
804 /*
805 * No interfaces found.
806 */
807 *err = 0;
808 if (err_str != NULL)
809 *err_str = NULL;
810 return NULL;
811 }
812
813 for (dev = alldevs; dev != NULL; dev = dev->next) {
814 if_info = if_info_new(dev->name, dev->description,
815 (dev->flags & PCAP_IF_LOOPBACK) ? true : false);
816 il = g_list_append(il, if_info);
817 if_info_ip(if_info, dev);
818 }
819 pcap_freealldevs(alldevs);
820
821 return il;
822 }
823
824 static void
825 free_if_cb(void * data, void * user_data _U_)
826 {
827 if_info_free((if_info_t *)data);
828 }
829
830 void
831 free_interface_list(GList *if_list)
832 {
833 g_list_foreach(if_list, free_if_cb, NULL);
834 g_list_free(if_list);
835 }
836
837 GList*
838 interface_list_copy(GList *if_list)
839 {
840 return g_list_copy_deep(if_list, if_info_copy_cb, NULL);
841 }
842
843 static void
844 free_linktype_cb(void * data)
845 {
846 data_link_info_t *linktype_info = (data_link_info_t *)data;
847
848 g_free(linktype_info->name);
849 g_free(linktype_info->description);
850 g_free(linktype_info);
851 }
852
853 static void
854 free_timestamp_cb(void * data)
855 {
856 timestamp_info_t *timestamp_info = (timestamp_info_t *)data;
857
858 g_free(timestamp_info->name);
859 g_free(timestamp_info->description);
860 g_free(data);
861 }
862
863 void
864 free_if_capabilities(if_capabilities_t *caps)
865 {
866 g_list_free_full(caps->data_link_types, free_linktype_cb);
867 g_list_free_full(caps->data_link_types_rfmon, free_linktype_cb);
868
869 g_list_free_full(caps->timestamp_types, free_timestamp_cb);
870
871 g_free(caps->primary_msg);
872
873 g_free(caps);
874 }
875
876 const char *
877 linktype_val_to_name(int dlt)
878 {
879 return pcap_datalink_val_to_name(dlt);
880 }
881
882 int
883 linktype_name_to_val(const char *linktype)
884 {
885 return pcap_datalink_name_to_val(linktype);
886 }
887
888 /*
889 * Get the data-link type for a libpcap device.
890 * This works around AIX 5.x's non-standard and incompatible-with-the-
891 * rest-of-the-universe libpcap.
892 */
893 int
894 get_pcap_datalink(pcap_t *pch,
895 #ifdef _AIX
896 const char* devicename
897 #else
898 const char* devicename _U_
899 #endif
900 )
901 {
902 int datalink;
903 #ifdef _AIX
904 const char *ifacename;
905 #endif
906
907 datalink = pcap_datalink(pch);
908 #ifdef _AIX
909
910 /*
911 * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
912 * rather than DLT_ values for link-layer types; the ifType values
913 * for LAN devices are:
914 *
915 * Ethernet 6
916 * 802.3 7
917 * Token Ring 9
918 * FDDI 15
919 *
920 * and the ifType value for a loopback device is 24.
921 *
922 * The AIX names for LAN devices begin with:
923 *
924 * Ethernet en
925 * 802.3 et
926 * Token Ring tr
927 * FDDI fi
928 *
929 * and the AIX names for loopback devices begin with "lo".
930 *
931 * (The difference between "Ethernet" and "802.3" is presumably
932 * whether packets have an Ethernet header, with a packet type,
933 * or an 802.3 header, with a packet length, followed by an 802.2
934 * header and possibly a SNAP header.)
935 *
936 * If the device name matches "datalink" interpreted as an ifType
937 * value, rather than as a DLT_ value, we will assume this is AIX's
938 * non-standard, incompatible libpcap, rather than a standard libpcap,
939 * and will map the link-layer type to the standard DLT_ value for
940 * that link-layer type, as that's what the rest of Wireshark expects.
941 *
942 * (This means the capture files won't be readable by a tcpdump
943 * linked with AIX's non-standard libpcap, but so it goes. They
944 * *will* be readable by standard versions of tcpdump, Wireshark,
945 * and so on.)
946 *
947 * XXX - if we conclude we're using AIX libpcap, should we also
948 * set a flag to cause us to assume the time stamps are in
949 * seconds-and-nanoseconds form, and to convert them to
950 * seconds-and-microseconds form before processing them and
951 * writing them out?
952 */
953
954 /*
955 * Find the last component of the device name, which is the
956 * interface name.
957 */
958 ifacename = strchr(devicename, '/');
959 if (ifacename == NULL)
960 ifacename = devicename;
961
962 /* See if it matches any of the LAN device names. */
963 if (strncmp(ifacename, "en", 2) == 0) {
964 if (datalink == 6) {
965 /*
966 * That's the RFC 1573 value for Ethernet;
967 * map it to DLT_EN10MB.
968 */
969 datalink = 1;
970 }
971 } else if (strncmp(ifacename, "et", 2) == 0) {
972 if (datalink == 7) {
973 /*
974 * That's the RFC 1573 value for 802.3;
975 * map it to DLT_EN10MB.
976 *
977 * (libpcap, tcpdump, Wireshark, etc. don't
978 * care if it's Ethernet or 802.3.)
979 */
980 datalink = 1;
981 }
982 } else if (strncmp(ifacename, "tr", 2) == 0) {
983 if (datalink == 9) {
984 /*
985 * That's the RFC 1573 value for 802.5 (Token Ring);
986 * map it to DLT_IEEE802, which is what's used for
987 * Token Ring.
988 */
989 datalink = 6;
990 }
991 } else if (strncmp(ifacename, "fi", 2) == 0) {
992 if (datalink == 15) {
993 /*
994 * That's the RFC 1573 value for FDDI;
995 * map it to DLT_FDDI.
996 */
997 datalink = 10;
998 }
999 } else if (strncmp(ifacename, "lo", 2) == 0) {
1000 if (datalink == 24) {
1001 /*
1002 * That's the RFC 1573 value for "software loopback"
1003 * devices; map it to DLT_NULL, which is what's used
1004 * for loopback devices on BSD.
1005 */
1006 datalink = 0;
1007 }
1008 }
1009 #endif
1010
1011 return datalink;
1012 }
1013
1014 /* Set the data link type on a pcap. */
1015 bool
1016 set_pcap_datalink(pcap_t *pcap_h, int datalink, char *name,
1017 char *errmsg, size_t errmsg_len,
1018 char *secondary_errmsg, size_t secondary_errmsg_len)
1019 {
1020 char *set_datalink_err_str;
1021
1022 if (datalink == -1)
1023 return true; /* just use the default */
1024 if (pcap_set_datalink(pcap_h, datalink) == 0)
1025 return true; /* no error */
1026 set_datalink_err_str = pcap_geterr(pcap_h);
1027 snprintf(errmsg, errmsg_len, "Unable to set data link type on interface '%s' (%s).",
1028 name, set_datalink_err_str);
1029 /*
1030 * If the error isn't "XXX is not one of the DLTs supported by this device",
1031 * tell the user to tell the Wireshark developers about it.
1032 */
1033 if (strstr(set_datalink_err_str, "is not one of the DLTs supported by this device") == NULL)
1034 snprintf(secondary_errmsg, secondary_errmsg_len,
1035 "%s", please_report_bug());
1036 else
1037 secondary_errmsg[0] = '\0';
1038 return false;
1039 }
1040
1041 static data_link_info_t *
1042 create_data_link_info(int dlt)
1043 {
1044 data_link_info_t *data_link_info;
1045 const char *text;
1046
1047 data_link_info = g_new(data_link_info_t, 1);
1048 data_link_info->dlt = dlt;
1049 text = pcap_datalink_val_to_name(dlt);
1050 if (text != NULL)
1051 data_link_info->name = g_strdup(text);
1052 else
1053 data_link_info->name = ws_strdup_printf("DLT %d", dlt);
1054 text = pcap_datalink_val_to_description(dlt);
1055 data_link_info->description = g_strdup(text);
1056 return data_link_info;
1057 }
1058
1059 static GList *
1060 get_data_link_types(pcap_t *pch, interface_options *interface_opts,
1061 cap_device_open_status *status, char **status_str)
1062 {
1063 GList *data_link_types;
1064 int deflt;
1065 int *linktypes;
1066 int i, nlt;
1067 data_link_info_t *data_link_info;
1068
1069 deflt = get_pcap_datalink(pch, interface_opts->name);
1070 nlt = pcap_list_datalinks(pch, &linktypes);
1071 if (nlt < 0) {
1072 /*
1073 * A negative return is an error.
1074 */
1075 #ifdef HAVE_PCAP_CREATE
1076 /*
1077 * If we have pcap_create(), we have
1078 * pcap_statustostr(), and we can get back errors
1079 * other than PCAP_ERROR (-1), such as
1080 * PCAP_ERROR_NOT_ACTIVATED. and we should report
1081 * them properly.
1082 */
1083 switch (nlt) {
1084
1085 case PCAP_ERROR:
1086 *status = CAP_DEVICE_OPEN_ERROR_OTHER;
1087 *status_str = ws_strdup_printf("pcap_list_datalinks() failed: %s",
1088 pcap_geterr(pch));
1089 break;
1090
1091 default:
1092 /*
1093 * This "shouldn't happen".
1094 */
1095 *status = CAP_DEVICE_OPEN_ERROR_OTHER;
1096 *status_str = ws_strdup_printf("pcap_list_datalinks() failed: %s - %s",
1097 pcap_statustostr(nlt), pcap_geterr(pch));
1098 break;
1099 }
1100 #else /* HAVE_PCAP_CREATE */
1101 *status = CAP_DEVICE_OPEN_ERROR_OTHER;
1102 *status_str = ws_strdup_printf("pcap_list_datalinks() failed: %s",
1103 pcap_geterr(pch));
1104 #endif /* HAVE_PCAP_CREATE */
1105 return NULL;
1106 }
1107 data_link_types = NULL;
1108 for (i = 0; i < nlt; i++) {
1109 data_link_info = create_data_link_info(linktypes[i]);
1110
1111 /*
1112 * XXX - for 802.11, make the most detailed 802.11
1113 * version the default, rather than the one the
1114 * device has as the default?
1115 */
1116 if (linktypes[i] == deflt)
1117 data_link_types = g_list_prepend(data_link_types,
1118 data_link_info);
1119 else
1120 data_link_types = g_list_append(data_link_types,
1121 data_link_info);
1122 }
1123 #ifdef HAVE_PCAP_FREE_DATALINKS
1124 pcap_free_datalinks(linktypes);
1125 #else
1126 /*
1127 * In Windows, there's no guarantee that if you have a library
1128 * built with one version of the MSVC++ run-time library, and
1129 * it returns a pointer to allocated data, you can free that
1130 * data from a program linked with another version of the
1131 * MSVC++ run-time library.
1132 *
1133 * This is not an issue on UN*X.
1134 *
1135 * See the mail threads starting at
1136 *
1137 * https://www.winpcap.org/pipermail/winpcap-users/2006-September/001421.html
1138 *
1139 * and
1140 *
1141 * https://www.winpcap.org/pipermail/winpcap-users/2008-May/002498.html
1142 */
1143 #ifndef _WIN32
1144 #define xx_free free /* hack so checkAPIs doesn't complain */
1145 xx_free(linktypes);
1146 #endif /* _WIN32 */
1147 #endif /* HAVE_PCAP_FREE_DATALINKS */
1148
1149 *status_str = NULL;
1150 return data_link_types;
1151 }
1152
1153 /* Get supported timestamp types for a libpcap device. */
1154 static GList*
1155 get_pcap_timestamp_types(pcap_t *pch _U_, char **err_str _U_)
1156 {
1157 GList *list = NULL;
1158 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1159 int *types;
1160 int ntypes = pcap_list_tstamp_types(pch, &types);
1161
1162 if (err_str)
1163 *err_str = ntypes < 0 ? pcap_geterr(pch) : NULL;
1164
1165 if (ntypes <= 0)
1166 return NULL;
1167
1168 while (ntypes--) {
1169 timestamp_info_t *info = (timestamp_info_t *)g_malloc(sizeof *info);
1170 info->name = g_strdup(pcap_tstamp_type_val_to_name(types[ntypes]));
1171 info->description = g_strdup(pcap_tstamp_type_val_to_description(types[ntypes]));
1172 list = g_list_prepend(list, info);
1173 }
1174
1175 pcap_free_tstamp_types(types);
1176 #endif
1177 return list;
1178 }
1179
1180 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
1181 /*
1182 * Request high-resolution time stamps.
1183 *
1184 * If this fails with PCAP_ERROR_TSTAMP_PRECISION_NOTSUP, that means
1185 * that boring old microsecond-resolution time stamps are all that
1186 * are supported, so we just live with that.
1187 */
1188 static int
1189 request_high_resolution_timestamp(pcap_t *pcap_h)
1190 {
1191 int status;
1192
1193 #ifdef __APPLE__
1194 /*
1195 * On macOS, if you build with a newer SDK, pcap_set_tstamp_precision()
1196 * is available, so the code will be built with it.
1197 *
1198 * However, if you then try to run on an older release that
1199 * doesn't have pcap_set_tstamp_precision(), the dynamic linker
1200 * will fail, as it won't find pcap_set_tstamp_precision().
1201 *
1202 * libpcap doesn't use macOS "weak linking" for new routines,
1203 * so we can't just check whether a pointer to
1204 * pcap_set_tstamp_precision() is null and, if it is, not
1205 * call it. We have to, instead, use dlopen() to load
1206 * libpcap, and dlsym() to find a pointer to pcap_set_tstamp_precision(),
1207 * and if we find the pointer, call it.
1208 */
1209 static bool initialized = false;
1210 static int (*p_pcap_set_tstamp_precision)(pcap_t *, int);
1211
1212 if (!initialized) {
1213 p_pcap_set_tstamp_precision =
1214 (int (*)(pcap_t *, int))
1215 dlsym(RTLD_NEXT, "pcap_set_tstamp_precision");
1216 initialized = true;
1217 }
1218 if (p_pcap_set_tstamp_precision != NULL) {
1219 status = (*p_pcap_set_tstamp_precision)(pcap_h,
1220 PCAP_TSTAMP_PRECISION_NANO);
1221 } else {
1222 /*
1223 * Older libpcap, which doesn't have support
1224 * for setting the time stamp resolution.
1225 */
1226 status = PCAP_ERROR_TSTAMP_PRECISION_NOTSUP;
1227 }
1228 #else /* __APPLE__ */
1229 /*
1230 * On other UN*Xes we require that we be run on an OS version
1231 * with a libpcap equal to or later than the version with which
1232 * we were built.
1233 */
1234 status = pcap_set_tstamp_precision(pcap_h, PCAP_TSTAMP_PRECISION_NANO);
1235 #endif /* __APPLE__ */
1236 if (status == PCAP_ERROR_TSTAMP_PRECISION_NOTSUP) {
1237 /* This isn't a fatal error. */
1238 status = 0;
1239 }
1240 return status;
1241 }
1242
1243 /*
1244 * Return true if the pcap_t in question is set up for high-precision
1245 * time stamps, false otherwise.
1246 */
1247 bool
1248 have_high_resolution_timestamp(pcap_t *pcap_h)
1249 {
1250 #ifdef __APPLE__
1251 /*
1252 * See above.
1253 */
1254 static bool initialized = false;
1255 static int (*p_pcap_get_tstamp_precision)(pcap_t *);
1256
1257 if (!initialized) {
1258 p_pcap_get_tstamp_precision =
1259 (int (*)(pcap_t *))
1260 dlsym(RTLD_NEXT, "pcap_get_tstamp_precision");
1261 initialized = true;
1262 }
1263 if (p_pcap_get_tstamp_precision != NULL)
1264 return (*p_pcap_get_tstamp_precision)(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
1265 else
1266 return false; /* Can't get implies couldn't set */
1267 #else /* __APPLE__ */
1268 /*
1269 * On other UN*Xes we require that we be run on an OS version
1270 * with a libpcap equal to or later than the version with which
1271 * we were built.
1272 */
1273 return pcap_get_tstamp_precision(pcap_h) == PCAP_TSTAMP_PRECISION_NANO;
1274 #endif /* __APPLE__ */
1275 }
1276
1277 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1278
1279 #ifdef HAVE_PCAP_CREATE
1280 #ifdef HAVE_BONDING
1281 static bool
1282 is_linux_bonding_device(const char *ifname)
1283 {
1284 int fd;
1285 struct ifreq ifr;
1286 ifbond ifb;
1287
1288 fd = socket(PF_INET, SOCK_DGRAM, 0);
1289 if (fd == -1)
1290 return false;
1291
1292 memset(&ifr, 0, sizeof ifr);
1293 (void) g_strlcpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name);
1294 memset(&ifb, 0, sizeof ifb);
1295 ifr.ifr_data = (caddr_t)&ifb;
1296 #if defined(SIOCBONDINFOQUERY)
1297 if (ioctl(fd, SIOCBONDINFOQUERY, &ifr) == 0) {
1298 close(fd);
1299 return true;
1300 }
1301 #else
1302 if (ioctl(fd, BOND_INFO_QUERY_OLD, &ifr) == 0) {
1303 close(fd);
1304 return true;
1305 }
1306 #endif
1307
1308 close(fd);
1309 return false;
1310 }
1311 #else
1312 static bool
1313 is_linux_bonding_device(const char *ifname _U_)
1314 {
1315 return false;
1316 }
1317 #endif
1318
1319 if_capabilities_t *
1320 get_if_capabilities_pcap_create(interface_options *interface_opts,
1321 cap_device_open_status *open_status, char **open_status_str)
1322 {
1323 if_capabilities_t *caps;
1324 char errbuf[PCAP_ERRBUF_SIZE];
1325 pcap_t *pch;
1326 int status;
1327
1328 pch = pcap_create(interface_opts->name, errbuf);
1329 if (pch == NULL) {
1330 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1331 *open_status_str = g_strdup(errbuf);
1332 return NULL;
1333 }
1334
1335 if (is_linux_bonding_device(interface_opts->name)) {
1336 /*
1337 * Linux bonding device; not Wi-Fi, so no monitor mode, and
1338 * calling pcap_can_set_rfmon() might get a "no such device"
1339 * error.
1340 */
1341 status = 0;
1342 } else {
1343 /*
1344 * Not a Linux bonding device, so go ahead.
1345 */
1346 status = pcap_can_set_rfmon(pch);
1347 }
1348 if (status < 0) {
1349 /* Error. */
1350 switch (status) {
1351
1352 case PCAP_ERROR_NO_SUCH_DEVICE:
1353 *open_status = CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE;
1354 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s",
1355 pcap_geterr(pch));
1356 break;
1357
1358 case PCAP_ERROR_PERM_DENIED:
1359 *open_status = CAP_DEVICE_OPEN_ERROR_PERM_DENIED;
1360 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s",
1361 pcap_geterr(pch));
1362 break;
1363
1364 case PCAP_ERROR:
1365 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1366 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s",
1367 pcap_geterr(pch));
1368 break;
1369
1370 default:
1371 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1372 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() failed: %s - %s",
1373 pcap_statustostr(status), pcap_geterr(pch));
1374 break;
1375 }
1376 pcap_close(pch);
1377 return NULL;
1378 }
1379 caps = (if_capabilities_t *)g_malloc0(sizeof *caps);
1380 if (status == 0)
1381 caps->can_set_rfmon = false;
1382 else if (status == 1) {
1383 caps->can_set_rfmon = true;
1384 if (interface_opts->monitor_mode) {
1385 status = pcap_set_rfmon(pch, 1);
1386 if (status < 0) {
1387 /*
1388 * This "should not happen".
1389 */
1390 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1391 *open_status_str = ws_strdup_printf("pcap_set_rfmon() returned %d",
1392 status);
1393 pcap_close(pch);
1394 g_free(caps);
1395 return NULL;
1396 }
1397 }
1398 } else {
1399 /*
1400 * This "should not happen".
1401 */
1402 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1403 *open_status_str = ws_strdup_printf("pcap_can_set_rfmon() returned %d",
1404 status);
1405 pcap_close(pch);
1406 g_free(caps);
1407 return NULL;
1408 }
1409
1410 status = pcap_activate(pch);
1411 if (status < 0) {
1412 /* Error. */
1413 switch (status) {
1414
1415 case PCAP_ERROR_NO_SUCH_DEVICE:
1416 *open_status = CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE;
1417 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1418 pcap_geterr(pch));
1419 break;
1420
1421 case PCAP_ERROR_PERM_DENIED:
1422 *open_status = CAP_DEVICE_OPEN_ERROR_PERM_DENIED;
1423 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1424 pcap_geterr(pch));
1425 break;
1426
1427 case PCAP_ERROR_IFACE_NOT_UP:
1428 *open_status = CAP_DEVICE_OPEN_ERROR_IFACE_NOT_UP;
1429 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1430 pcap_geterr(pch));
1431 break;
1432
1433 case PCAP_ERROR:
1434 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1435 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s",
1436 pcap_geterr(pch));
1437 break;
1438
1439 default:
1440 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1441 *open_status_str = ws_strdup_printf("pcap_activate() failed: %s - %s",
1442 pcap_statustostr(status), pcap_geterr(pch));
1443 break;
1444 }
1445 pcap_close(pch);
1446 g_free(caps);
1447 return NULL;
1448 }
1449
1450 caps->data_link_types = get_data_link_types(pch, interface_opts,
1451 open_status, open_status_str);
1452 if (caps->data_link_types == NULL) {
1453 pcap_close(pch);
1454 g_free(caps);
1455 return NULL;
1456 }
1457 if (interface_opts->monitor_mode) {
1458 caps->data_link_types_rfmon = caps->data_link_types;
1459 caps->data_link_types = NULL;
1460 }
1461
1462 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1463
1464 pcap_close(pch);
1465
1466 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1467 if (open_status_str != NULL)
1468 *open_status_str = NULL;
1469 return caps;
1470 }
1471
1472 static void
1473 set_open_status_str(int status, pcap_t *pcap_h,
1474 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1475 {
1476 switch (status) {
1477
1478 case PCAP_ERROR:
1479 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1480 sizeof *open_status_str);
1481 break;
1482
1483 default:
1484 (void) g_strlcpy(*open_status_str, pcap_statustostr(status),
1485 sizeof *open_status_str);
1486 break;
1487 }
1488 }
1489
1490 pcap_t *
1491 open_capture_device_pcap_create(
1492 capture_options* capture_opts _U_,
1493 interface_options *interface_opts, int timeout,
1494 cap_device_open_status *open_status,
1495 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1496 {
1497 pcap_t *pcap_h;
1498 int status;
1499
1500 ws_debug("Calling pcap_create() using %s.", interface_opts->name);
1501 pcap_h = pcap_create(interface_opts->name, *open_status_str);
1502 ws_debug("pcap_create() returned %p.", (void *)pcap_h);
1503 if (pcap_h == NULL) {
1504 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1505 return NULL;
1506 }
1507 if (interface_opts->has_snaplen) {
1508 ws_debug("Calling pcap_set_snaplen() with snaplen %d.",
1509 interface_opts->snaplen);
1510 status = pcap_set_snaplen(pcap_h, interface_opts->snaplen);
1511 if (status < 0) {
1512 /* Error. */
1513 set_open_status_str(status, pcap_h, open_status_str);
1514 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1515 pcap_close(pcap_h);
1516 return NULL;
1517 }
1518 }
1519 ws_debug("Calling pcap_set_promisc() with promisc_mode %d.",
1520 interface_opts->promisc_mode);
1521 status = pcap_set_promisc(pcap_h, interface_opts->promisc_mode);
1522 if (status < 0) {
1523 /* Error. */
1524 set_open_status_str(status, pcap_h, open_status_str);
1525 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1526 pcap_close(pcap_h);
1527 return NULL;
1528 }
1529 status = pcap_set_timeout(pcap_h, timeout);
1530 if (status < 0) {
1531 /* Error. */
1532 set_open_status_str(status, pcap_h, open_status_str);
1533 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1534 pcap_close(pcap_h);
1535 return NULL;
1536 }
1537
1538 #ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
1539 /*
1540 * Try to enable nanosecond-resolution capture; any code
1541 * that can read pcapng files must be able to handle
1542 * nanosecond-resolution time stamps. We think at this
1543 * point that code that reads pcap files should recognize
1544 * the nanosecond-resolution pcap file magic number. If
1545 * it doesn't, we can downconvert via a program that
1546 * uses libwiretap.
1547 *
1548 * We don't care whether this succeeds or fails; if it
1549 * fails (because we don't have pcap_set_tstamp_precision(),
1550 * or because we do but the OS or device doesn't support
1551 * nanosecond resolution timing), we just use the microsecond-
1552 * resolution time stamps we get.
1553 */
1554 status = request_high_resolution_timestamp(pcap_h);
1555 if (status < 0) {
1556 /* Error. */
1557 set_open_status_str(status, pcap_h, open_status_str);
1558 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1559 pcap_close(pcap_h);
1560 return NULL;
1561 }
1562 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1563
1564 #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
1565 if (interface_opts->timestamp_type) {
1566 status = pcap_set_tstamp_type(pcap_h, interface_opts->timestamp_type_id);
1567 /*
1568 * XXX - what if it fails because that time stamp type
1569 * isn't supported?
1570 */
1571 if (status < 0) {
1572 set_open_status_str(status, pcap_h, open_status_str);
1573 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1574 pcap_close(pcap_h);
1575 return NULL;
1576 }
1577 }
1578 #endif /* HAVE_PCAP_SET_TSTAMP_PRECISION */
1579
1580 ws_debug("buffersize %d.", interface_opts->buffer_size);
1581 if (interface_opts->buffer_size != 0) {
1582 status = pcap_set_buffer_size(pcap_h,
1583 interface_opts->buffer_size * 1024 * 1024);
1584 if (status < 0) {
1585 set_open_status_str(status, pcap_h, open_status_str);
1586 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1587 pcap_close(pcap_h);
1588 return NULL;
1589 }
1590 }
1591 ws_debug("monitor_mode %d.", interface_opts->monitor_mode);
1592 if (interface_opts->monitor_mode) {
1593 status = pcap_set_rfmon(pcap_h, 1);
1594 if (status < 0) {
1595 set_open_status_str(status, pcap_h, open_status_str);
1596 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1597 pcap_close(pcap_h);
1598 return NULL;
1599 }
1600 }
1601 status = pcap_activate(pcap_h);
1602 ws_debug("pcap_activate() returned %d.", status);
1603 if (status < 0) {
1604 /* Failed to activate, set to NULL */
1605 switch (status) {
1606
1607 case PCAP_ERROR_NO_SUCH_DEVICE:
1608 *open_status = CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE;
1609 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1610 sizeof *open_status_str);
1611 break;
1612
1613 case PCAP_ERROR_PERM_DENIED:
1614 *open_status = CAP_DEVICE_OPEN_ERROR_PERM_DENIED;
1615 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1616 sizeof *open_status_str);
1617 break;
1618
1619 #ifdef HAVE_PCAP_ERROR_PROMISC_PERM_DENIED
1620 case PCAP_ERROR_PROMISC_PERM_DENIED:
1621 *open_status = CAP_DEVICE_OPEN_ERROR_PROMISC_PERM_DENIED;
1622 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1623 sizeof *open_status_str);
1624 break;
1625 #endif
1626
1627 case PCAP_ERROR_RFMON_NOTSUP:
1628 *open_status = CAP_DEVICE_OPEN_ERROR_RFMON_NOTSUP;
1629 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1630 sizeof *open_status_str);
1631 break;
1632
1633 case PCAP_ERROR_IFACE_NOT_UP:
1634 *open_status = CAP_DEVICE_OPEN_ERROR_IFACE_NOT_UP;
1635 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1636 sizeof *open_status_str);
1637 break;
1638
1639 case PCAP_ERROR:
1640 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1641 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1642 sizeof *open_status_str);
1643 break;
1644
1645 default:
1646 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1647 snprintf(*open_status_str, sizeof *open_status_str,
1648 "%s - %s", pcap_statustostr(status), pcap_geterr(pcap_h));
1649 break;
1650 }
1651 pcap_close(pcap_h);
1652 return NULL;
1653 }
1654 if (status > 0) {
1655 /*
1656 * Warning. The call succeeded, but something happened
1657 * that the user might want to know.
1658 */
1659 switch (status) {
1660
1661 case PCAP_WARNING_PROMISC_NOTSUP:
1662 *open_status = CAP_DEVICE_OPEN_WARNING_PROMISC_NOTSUP;
1663 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1664 sizeof *open_status_str);
1665 break;
1666
1667 #ifdef HAVE_PCAP_WARNING_TSTAMP_TYPE_NOTSUP
1668 case PCAP_WARNING_TSTAMP_TYPE_NOTSUP:
1669 *open_status = CAP_DEVICE_OPEN_WARNING_TSTAMP_TYPE_NOTSUP;
1670 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1671 sizeof *open_status_str);
1672 break;
1673 #endif
1674
1675 case PCAP_WARNING:
1676 *open_status = CAP_DEVICE_OPEN_WARNING_OTHER;
1677 (void) g_strlcpy(*open_status_str, pcap_geterr(pcap_h),
1678 sizeof *open_status_str);
1679 break;
1680
1681 default:
1682 *open_status = CAP_DEVICE_OPEN_WARNING_OTHER;
1683 snprintf(*open_status_str, sizeof *open_status_str,
1684 "%s - %s", pcap_statustostr(status), pcap_geterr(pcap_h));
1685 break;
1686 }
1687 } else {
1688 /*
1689 * No warning issued.
1690 */
1691 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1692 }
1693 return pcap_h;
1694 }
1695 #endif /* HAVE_PCAP_CREATE */
1696
1697 if_capabilities_t *
1698 get_if_capabilities_pcap_open_live(interface_options *interface_opts,
1699 cap_device_open_status *open_status, char **open_status_str)
1700 {
1701 if_capabilities_t *caps;
1702 char errbuf[PCAP_ERRBUF_SIZE];
1703 pcap_t *pch;
1704
1705 pch = pcap_open_live(interface_opts->name, MIN_PACKET_SIZE, 0, 0,
1706 errbuf);
1707 if (pch == NULL) {
1708 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1709 *open_status_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
1710 return NULL;
1711 }
1712
1713 caps = (if_capabilities_t *)g_malloc0(sizeof *caps);
1714 caps->can_set_rfmon = false;
1715 caps->data_link_types = get_data_link_types(pch, interface_opts,
1716 open_status, open_status_str);
1717 if (caps->data_link_types == NULL) {
1718 pcap_close(pch);
1719 g_free(caps);
1720 return NULL;
1721 }
1722
1723 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1724
1725 pcap_close(pch);
1726
1727 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1728 *open_status_str = NULL;
1729 return caps;
1730 }
1731
1732 pcap_t *
1733 open_capture_device_pcap_open_live(interface_options *interface_opts,
1734 int timeout, cap_device_open_status *open_status,
1735 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1736 {
1737 pcap_t *pcap_h;
1738 int snaplen;
1739
1740 if (interface_opts->has_snaplen)
1741 snaplen = interface_opts->snaplen;
1742 else {
1743 /*
1744 * Default - use the non-D-Bus maximum snapshot length of
1745 * 256KB, which should be big enough (libpcap didn't get
1746 * D-Bus support until after it goet pcap_create() and
1747 * pcap_activate(), so we don't have D-Bus support and
1748 * don't have to worry about really huge packets).
1749 */
1750 snaplen = 256*1024;
1751 }
1752 ws_debug("pcap_open_live() calling using name %s, snaplen %d, promisc_mode %d.",
1753 interface_opts->name, snaplen, interface_opts->promisc_mode);
1754 /*
1755 * This might succeed but put a messsage in *open_status_str;
1756 * that means that a warning was issued.
1757 *
1758 * Clear the error message buffer, so that if it's not an empty
1759 * string after the call, we know a warning was issued.
1760 */
1761 (*open_status_str)[0] = '\0';
1762 pcap_h = pcap_open_live(interface_opts->name, snaplen,
1763 interface_opts->promisc_mode, timeout, *open_status_str);
1764 ws_debug("pcap_open_live() returned %p.", (void *)pcap_h);
1765 if (pcap_h == NULL) {
1766 *open_status = CAP_DEVICE_OPEN_ERROR_OTHER;
1767 return NULL;
1768 }
1769 if ((*open_status_str)[0] != '\0') {
1770 /*
1771 * Warning. The call succeeded, but something happened
1772 * that the user might want to know.
1773 */
1774 *open_status = CAP_DEVICE_OPEN_WARNING_OTHER;
1775 } else {
1776 /*
1777 * No warning issued.
1778 */
1779 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1780 }
1781
1782 #ifdef _WIN32
1783 /* Try to set the capture buffer size. */
1784 if (interface_opts->buffer_size > 1) {
1785 /*
1786 * We have no mechanism to report a warning if this
1787 * fails; we just keep capturing with the smaller buffer,
1788 * as is the case on systems with BPF and pcap_create()
1789 * and pcap_set_buffer_size(), where pcap_activate() just
1790 * silently clamps the buffer size to the maximum.
1791 */
1792 pcap_setbuff(pcap_h, interface_opts->buffer_size * 1024 * 1024);
1793 }
1794 #endif
1795
1796 return pcap_h;
1797 }
1798
1799 /*
1800 * Get the capabilities of a network device.
1801 */
1802 if_capabilities_t *
1803 get_if_capabilities(interface_options *interface_opts,
1804 cap_device_open_status *status, char **status_str)
1805 {
1806 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1807 if_capabilities_t *caps;
1808 char errbuf[PCAP_ERRBUF_SIZE];
1809 pcap_t *pch;
1810 int deflt;
1811 data_link_info_t *data_link_info;
1812
1813 if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
1814 struct pcap_rmtauth auth;
1815
1816 auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
1817 RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
1818 auth.username = interface_opts->auth_username;
1819 auth.password = interface_opts->auth_password;
1820
1821 /*
1822 * WinPcap 4.1.2, and possibly earlier versions, have a bug
1823 * wherein, when an open with an rpcap: URL fails, the error
1824 * message for the error is not copied to errbuf and whatever
1825 * on-the-stack junk is in errbuf is treated as the error
1826 * message.
1827 *
1828 * To work around that (and any other bugs of that sort), we
1829 * initialize errbuf to an empty string. If we get an error
1830 * and the string is empty, we report it as an unknown error.
1831 * (If we *don't* get an error, and the string is *non*-empty,
1832 * that could be a warning returned, such as "can't turn
1833 * promiscuous mode on"; we currently don't do so.)
1834 */
1835 errbuf[0] = '\0';
1836 pch = pcap_open(interface_opts->name, MIN_PACKET_SIZE, 0, 0, &auth,
1837 errbuf);
1838 if (pch == NULL) {
1839 /*
1840 * We don't know whether it's a permission error or not.
1841 * And, if it is, the user will either have to ask for
1842 * permission for their own remote account or will have
1843 * to use an account that *does* have permissions.
1844 */
1845 *status = CAP_DEVICE_OPEN_ERROR_GENERIC;
1846 if (strcmp(errbuf, "not supported") == 0) {
1847 /*
1848 * macOS 14's pcap_open(), which is a stub that
1849 * always returns NULL with an error message of
1850 * "not supported".
1851 *
1852 * In this case, as we passed it an rpcap://
1853 * URL, treat that as meaning "remote capture
1854 * not supported".
1855 */
1856 g_strlcpy(errbuf, "Remote capture not supported",
1857 PCAP_ERRBUF_SIZE);
1858 }
1859 *status_str = g_strdup(errbuf[0] == '\0' ? "Unknown error (pcap bug; actual error cause not reported)" : errbuf);
1860 return NULL;
1861 }
1862
1863 caps = (if_capabilities_t *)g_malloc0(sizeof *caps);
1864 caps->can_set_rfmon = false;
1865 caps->data_link_types = NULL;
1866 deflt = get_pcap_datalink(pch, interface_opts->name);
1867 data_link_info = create_data_link_info(deflt);
1868 caps->data_link_types = g_list_append(caps->data_link_types, data_link_info);
1869 caps->timestamp_types = get_pcap_timestamp_types(pch, NULL);
1870 pcap_close(pch);
1871
1872 /*
1873 * This doesn't return warnings for remote devices, and
1874 * we don't use it for local devices.
1875 */
1876 *status = CAP_DEVICE_OPEN_NO_ERR;
1877 *status_str = NULL;
1878 return caps;
1879 }
1880 #endif /* defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE) */
1881
1882 /*
1883 * Local interface.
1884 */
1885 return get_if_capabilities_local(interface_opts, status, status_str);
1886 }
1887
1888 pcap_t *
1889 open_capture_device(capture_options *capture_opts,
1890 interface_options *interface_opts, int timeout,
1891 cap_device_open_status *open_status,
1892 char (*open_status_str)[PCAP_ERRBUF_SIZE])
1893 {
1894 pcap_t *pcap_h;
1895 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1896 struct pcap_rmtauth auth;
1897 #endif
1898
1899 /* Open the network interface to capture from it.
1900 Some versions of libpcap may put warnings into the error buffer
1901 if they succeed; to tell if that's happened, we have to clear
1902 the error buffer, and check if it's still a null string. */
1903 ws_debug("Entering open_capture_device().");
1904 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1905 (*open_status_str)[0] = '\0';
1906 #if defined(HAVE_PCAP_OPEN) && defined(HAVE_PCAP_REMOTE)
1907 /*
1908 * If we're opening a remote device, use pcap_open(); that's currently
1909 * the only open routine that supports remote devices.
1910 */
1911 if (strncmp (interface_opts->name, "rpcap://", 8) == 0) {
1912 int snaplen;
1913
1914 auth.type = interface_opts->auth_type == CAPTURE_AUTH_PWD ?
1915 RPCAP_RMTAUTH_PWD : RPCAP_RMTAUTH_NULL;
1916 auth.username = interface_opts->auth_username;
1917 auth.password = interface_opts->auth_password;
1918
1919 if (interface_opts->has_snaplen)
1920 snaplen = interface_opts->snaplen;
1921 else {
1922 /*
1923 * Default - use the non-D-Bus maximum snapshot length,
1924 * which should be big enough, except for D-Bus.
1925 */
1926 snaplen = 256*1024;
1927 }
1928 ws_debug("Calling pcap_open() using name %s, snaplen %d, promisc_mode %d, datatx_udp %d, nocap_rpcap %d.",
1929 interface_opts->name, snaplen,
1930 interface_opts->promisc_mode, interface_opts->datatx_udp,
1931 interface_opts->nocap_rpcap);
1932 pcap_h = pcap_open(interface_opts->name, snaplen,
1933 /* flags */
1934 (interface_opts->promisc_mode ? PCAP_OPENFLAG_PROMISCUOUS : 0) |
1935 (interface_opts->datatx_udp ? PCAP_OPENFLAG_DATATX_UDP : 0) |
1936 (interface_opts->nocap_rpcap ? PCAP_OPENFLAG_NOCAPTURE_RPCAP : 0),
1937 timeout, &auth, *open_status_str);
1938 if (pcap_h == NULL) {
1939 /*
1940 * Error.
1941 *
1942 * We don't know whether it's a permission error
1943 * or not.
1944 * (If it is, maybe we can give ourselves permission
1945 * or maybe we just have to ask politely for
1946 * permission.)
1947 */
1948 *open_status = CAP_DEVICE_OPEN_ERROR_GENERIC;
1949 if (strcmp(*open_status_str, "not supported") == 0) {
1950 /*
1951 * macOS 14's pcap_open(), which is a stub
1952 * that always returns NULL with an error
1953 * message of "not supported".
1954 *
1955 * In this case, as we passed it an rpcap://
1956 * URL, treat that as meaning "remote capture
1957 * not supported".
1958 */
1959 g_strlcpy(*open_status_str,
1960 "Remote capture not supported",
1961 PCAP_ERRBUF_SIZE);
1962 }
1963
1964 /* Did pcap actually supply an error message? */
1965 if ((*open_status_str)[0] == '\0') {
1966 /*
1967 * Work around known WinPcap bug wherein
1968 * no error message is filled in on a
1969 * failure to open an rpcap: URL.
1970 */
1971 (void) g_strlcpy(*open_status_str,
1972 "Unknown error (pcap bug; actual error cause not reported)",
1973 sizeof *open_status_str);
1974 }
1975 }
1976 ws_debug("pcap_open() returned %p.", (void *)pcap_h);
1977 ws_debug("open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
1978 /*
1979 * This doesn't return warnings for remote devices, and
1980 * we don't use it for local devices.
1981 */
1982 *open_status = CAP_DEVICE_OPEN_NO_ERR;
1983 return pcap_h;
1984 }
1985 #endif
1986
1987 pcap_h = open_capture_device_local(capture_opts, interface_opts,
1988 timeout, open_status, open_status_str);
1989 ws_debug("open_capture_device %s : %s", pcap_h ? "SUCCESS" : "FAILURE", interface_opts->name);
1990 return pcap_h;
1991 }
1992
1993 /*
1994 * Platform-dependent suggestions for fixing permissions.
1995 */
1996
1997 #ifdef HAVE_LIBCAP
1998 #define LIBCAP_PERMISSIONS_SUGGESTION \
1999 "\n\n" \
2000 "If you did not install Wireshark from a package, ensure that Dumpcap " \
2001 "has the needed CAP_NET_RAW and CAP_NET_ADMIN capabilities by running " \
2002 "\n\n" \
2003 " sudo setcap cap_net_raw,cap_net_admin=ep {path/to/}dumpcap" \
2004 "\n\n" \
2005 "and then restarting Wireshark."
2006 #else
2007 #define LIBCAP_PERMISSIONS_SUGGESTION
2008 #endif
2009
2010 #if defined(__linux__)
2011 #define PLATFORM_PERMISSIONS_SUGGESTION \
2012 "\n\n" \
2013 "On Debian and Debian derivatives such as Ubuntu, if you have " \
2014 "installed Wireshark from a package, try running" \
2015 "\n\n" \
2016 " sudo dpkg-reconfigure wireshark-common" \
2017 "\n\n" \
2018 "selecting \"<Yes>\" in response to the question" \
2019 "\n\n" \
2020 " Should non-superusers be able to capture packets?" \
2021 "\n\n" \
2022 "adding yourself to the \"wireshark\" group by running" \
2023 "\n\n" \
2024 " sudo usermod -a -G wireshark {your username}" \
2025 "\n\n" \
2026 "and then logging out and logging back in again." \
2027 LIBCAP_PERMISSIONS_SUGGESTION
2028 #elif defined(__APPLE__)
2029 #define PLATFORM_PERMISSIONS_SUGGESTION \
2030 "\n\n" \
2031 "If you installed Wireshark using the package from wireshark.org, " \
2032 "close this dialog and click on the \"installing ChmodBPF\" link in " \
2033 "\"You can fix this by installing ChmodBPF.\" on the main screen, " \
2034 "and then complete the installation procedure."
2035 #else
2036 #define PLATFORM_PERMISSIONS_SUGGESTION
2037 #endif
2038
2039 #if defined(_WIN32)
2040 static const char *
2041 get_platform_pcap_failure_secondary_error_message(const char *open_status_str)
2042 {
2043 /*
2044 * The error string begins with the error produced by WinPcap
2045 * and Npcap if attempting to set promiscuous mode fails.
2046 * (Note that this string could have a specific error message
2047 * from an NDIS error after the initial part, so we do a prefix
2048 * check rather than an exact match check.)
2049 *
2050 * If this is with Npcap 1.71 through 1.73, which have bugs that
2051 * cause this error on Windows 11 with some drivers, suggest that
2052 * the user upgrade to the current version of Npcap;
2053 * otherwise, suggest that they turn off promiscuous mode
2054 * on that device.
2055 */
2056 static const char promisc_failed[] =
2057 "failed to set hardware filter to promiscuous mode";
2058
2059 if (strncmp(open_status_str, promisc_failed, sizeof promisc_failed - 1) == 0) {
2060 unsigned int npcap_major, npcap_minor;
2061
2062 if (caplibs_get_npcap_version(&npcap_major, &npcap_minor)) {
2063 if (npcap_major == 1 &&
2064 (npcap_minor >= 71 && npcap_minor <= 73)) {
2065 return
2066 "This is a bug in your version of Npcap.\n"
2067 "\n"
2068 "If you need to use promiscuous mode, you must upgrade to the current "
2069 "version of Npcap, which is available from https://npcap.com/\n"
2070 "\n"
2071 "Otherwise, turn off promiscuous mode for this device.";
2072 }
2073 }
2074 return
2075 "Please turn off promiscuous mode for this device.";
2076 }
2077 return NULL;
2078 }
2079 #elif defined(__linux__)
2080 static const char *
2081 get_platform_pcap_failure_secondary_error_message(const char *open_status_str)
2082 {
2083 /*
2084 * The error string is the message provided by libpcap on
2085 * Linux if an attempt to open a PF_PACKET socket failed
2086 * with EAFNOSUPPORT. This probably means that either 1)
2087 * the kernel doesn't have PF_PACKET support configured in
2088 * or 2) this is a Flatpak version of Wireshark that's been
2089 * sandboxed in a way that disallows opening PF_PACKET
2090 * sockets.
2091 *
2092 * Suggest that the user find some other package of
2093 * Wireshark if they want to capture traffic and are
2094 * running a Flatpak of Wireshark or that they configure
2095 * PF_PACKET support back in if it's configured out.
2096 */
2097 static const char af_notsup[] =
2098 "socket: Address family not supported by protocol";
2099
2100 if (strcmp(open_status_str, af_notsup) == 0) {
2101 return
2102 "If you are running Wireshark from a Flatpak package, "
2103 "it does not support packet capture; you will need "
2104 "to run a different version of Wireshark in order "
2105 "to capture traffic.\n"
2106 "\n"
2107 "Otherwise, if your machine is running a kernel that "
2108 "was not configured with CONFIG_PACKET, that kernel "
2109 "does not support packet capture; you will need to "
2110 "use a kernel configured with CONFIG_PACKET.";
2111 }
2112 return NULL;
2113 }
2114 #else
2115 static const char *
2116 get_platform_pcap_failure_secondary_error_message(const char *open_status_str _U_)
2117 {
2118 /* No such message for platforms not handled above. */
2119 return NULL;
2120 }
2121 #endif
2122
2123 const char *
2124 get_pcap_failure_secondary_error_message(cap_device_open_status open_status,
2125 const char *open_status_str)
2126 {
2127 const char *platform_secondary_error_message;
2128
2129 #ifdef _WIN32
2130 /*
2131 * On Windows, first make sure they *have* Npcap installed.
2132 */
2133 if (!has_wpcap) {
2134 return
2135 "In order to capture packets, Npcap or WinPcap must be installed. See\n"
2136 "\n"
2137 " https://npcap.com/\n"
2138 "\n"
2139 "for a downloadable version of Npcap and for instructions on how to\n"
2140 "install it.";
2141 }
2142 #endif
2143
2144 /*
2145 * OK, now just return a largely platform-independent error that might
2146 * have platform-specific suggestions at the end (for example, suggestions
2147 * for how to get permission to capture).
2148 */
2149 switch (open_status) {
2150
2151 case CAP_DEVICE_OPEN_NO_ERR:
2152 case CAP_DEVICE_OPEN_WARNING_PROMISC_NOTSUP:
2153 case CAP_DEVICE_OPEN_WARNING_TSTAMP_TYPE_NOTSUP:
2154 case CAP_DEVICE_OPEN_WARNING_OTHER:
2155 /* This should not happen, as those aren't errors. */
2156 return "";
2157
2158 case CAP_DEVICE_OPEN_ERROR_NO_SUCH_DEVICE:
2159 case CAP_DEVICE_OPEN_ERROR_RFMON_NOTSUP:
2160 case CAP_DEVICE_OPEN_ERROR_IFACE_NOT_UP:
2161 /*
2162 * Not clear what suggestions to make for these cases.
2163 */
2164 return "";
2165
2166 case CAP_DEVICE_OPEN_ERROR_PERM_DENIED:
2167 case CAP_DEVICE_OPEN_ERROR_PROMISC_PERM_DENIED:
2168 /*
2169 * This is a permissions error, so no need to specify any other
2170 * warnings.
2171 */
2172 return
2173 "Please check to make sure you have sufficient permissions."
2174 PLATFORM_PERMISSIONS_SUGGESTION;
2175 break;
2176
2177 case CAP_DEVICE_OPEN_ERROR_OTHER:
2178 case CAP_DEVICE_OPEN_ERROR_GENERIC:
2179 /*
2180 * We don't know what kind of error it is. See if there's a hint
2181 * in the error string; if not, throw all generic suggestions at
2182 * the user.
2183 *
2184 * First, check for some text that pops up in some errors.
2185 * Do platform-specific checks first.
2186 */
2187 platform_secondary_error_message =
2188 get_platform_pcap_failure_secondary_error_message(open_status_str);
2189 if (platform_secondary_error_message != NULL) {
2190 /* We got one, so return it. */
2191 return platform_secondary_error_message;
2192 }
2193
2194 /*
2195 * Not one of those particular problems. Was this a "generic"
2196 * error from pcap_open_live() or pcap_open(), in which case
2197 * it might be a permissions error?
2198 */
2199 if (open_status == CAP_DEVICE_OPEN_ERROR_GENERIC) {
2200 /* Yes. */
2201 return
2202 "Please check to make sure you have sufficient permissions, and that you have "
2203 "the proper interface or pipe specified."
2204 PLATFORM_PERMISSIONS_SUGGESTION;
2205 } else {
2206 /*
2207 * This is not a permissions error, so no need to suggest
2208 * checking permissions.
2209 */
2210 return
2211 "Please check that you have the proper interface or pipe specified.";
2212 }
2213 break;
2214
2215 default:
2216 /*
2217 * This is not a permissions error, so no need to suggest
2218 * checking permissions.
2219 */
2220 return
2221 "Please check that you have the proper interface or pipe specified.";
2222 break;
2223 }
2224 }
2225
2226 #endif /* HAVE_LIBPCAP */
2227
2228 /*
2229 * Editor modelines - https://www.wireshark.org/tools/modelines.html
2230 *
2231 * Local variables:
2232 * c-basic-offset: 8
2233 * tab-width: 8
2234 * indent-tabs-mode: t
2235 * End:
2236 *
2237 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
2238 * :indentSize=8:tabSize=8:noTabs=false:
2239 */
Metzes wireshark repo