| blob | a86d1ecc3d9626d7c5f8810a73c206b2593864c4 |
1 /* iface_monitor.c
2 * interface monitor by Pontus Fuchs <pontus.fuchs@gmail.com>
3 *
4 * $Id$
5 *
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
26 #ifdef HAVE_LIBPCAP
30 #if defined(HAVE_LIBNL)
32 /*
33 * Linux with libnl.
34 */
36 #include <stdio.h>
37 #include <string.h>
38 #include <errno.h>
40 #include <netlink/msg.h>
41 #include <netlink/attr.h>
42 #include <netlink/route/link.h>
44 #ifndef IFF_UP
45 /*
46 * Apparently, some versions of libnl drag in headers that define IFF_UP
47 * and others don't. Include <net/if.h> iff IFF_UP isn't already defined,
48 * so that if <linux/if.h> has been included by some or all of the
49 * netlink headers, we don't include <net/if.h> and get a bunch of
50 * complaints about various structures being redefined.
51 */
52 #include <net/if.h>
53 #endif
55 /* libnl 1.x compatibility code */
56 #ifdef HAVE_LIBNL1
57 #define nl_sock nl_handle
58 #define nl_socket_disable_seq_check nl_disable_sequence_check
61 {
63 }
66 {
68 }
73 static void
75 {
86 }
91 }
97 /*
98 * You can't bind a PF_PACKET socket to an interface that's not
99 * up, so an interface going down is an "interface should be
100 * removed" indication.
101 *
102 * XXX - what indication, if any, do we get if the interface
103 * *completely goes away*?
104 *
105 * XXX - can we get events if an interface's link-layer or
106 * network addresses change?
107 */
115 }
117 static int
119 {
122 }
124 void
126 {
128 }
130 int
132 {
134 }
136 int
138 {
145 }
155 }
161 out_handle_destroy:
164 }
166 void
168 {
172 }
174 #elif defined(__APPLE__)
176 /*
177 * OS X.
178 */
180 #include <stddef.h>
181 #include <stdio.h>
182 #include <errno.h>
183 #include <unistd.h>
185 #include <sys/socket.h>
186 #include <sys/ioctl.h>
187 #include <sys/types.h>
188 #include <net/if.h>
189 #include <sys/kern_event.h>
191 #include <glib.h>
196 int
198 {
202 /* Create a socket of type PF_SYSTEM to listen for events. */
207 /*
208 * Ask for DLIL messages.
209 *
210 * XXX - also ask for KEV_INET_SUBCLASS and KEV_INET6_SUBCLASS,
211 * to detect new or changed network addresses, so those can be
212 * updated as well? Can we specify multiple filters on a socket,
213 * or must we specify KEV_ANY_SUBCLASS and filter the events after
214 * receiving them?
215 */
223 }
227 }
229 void
231 {
233 }
235 int
237 {
239 }
241 /*
242 * Size of buffer for kernel network event.
243 */
244 #define NET_EVENT_DATA_SIZE (KEV_MSG_HEADER_SIZE + sizeof (struct net_event_data))
246 void
248 {
250 ssize_t received;
258 /* Error - ignore. */
260 }
262 /* Short read - ignore. */
264 }
268 /* Length of the message is bogus. */
270 }
274 /*
275 * Check type of event.
276 *
277 * Note: if we also ask for KEV_INET_SUBCLASS, we will get
278 * events with keys
279 *
280 * KEV_INET_NEW_ADDR
281 * KEV_INET_CHANGED_ADDR
282 * KEV_INET_CHANGED_ADDR
283 * KEV_INET_SIFDSTADDR
284 * KEV_INET_SIFBRDADDR
285 * KEV_INET_SIFNETMASK
286 *
287 * reflecting network address changes, with the data being a
288 * struct kev_in_data rather than struct net_event_data, and
289 * if we also ask for KEV_INET6_SUBCLASS, we will get events
290 * with keys
291 *
292 * KEV_INET6_NEW_LL_ADDR
293 * KEV_INET6_NEW_USER_ADDR
294 * KEV_INET6_NEW_RTADV_ADDR
295 * KEV_INET6_ADDR_DELETED
296 *
297 * with the data being a struct kev_in6_data.
298 */
302 /*
303 * A new interface has arrived.
304 *
305 * XXX - what we really want is "a new BPFable interface
306 * has arrived", but that's not available. While we're
307 * asking for additional help from BPF, it'd also be
308 * nice if we could ask it for a list of all interfaces
309 * that have had bpfattach()/bpf_attach() done on them,
310 * so we don't have to try to open the device in order
311 * to see whether we should show it as something on
312 * which we can capture.
313 */
318 /*
319 * An existing interface has been removed.
320 *
321 * XXX - use KEV_DL_IF_DETACHING instead, as that's
322 * called shortly after bpfdetach() is called, and
323 * bpfdetach() makes an interface no longer BPFable,
324 * and that's what we *really* care about.
325 */
330 /*
331 * Is there any reason to care about:
332 *
333 * KEV_DL_LINK_ON
334 * KEV_DL_LINK_OFF
335 * KEV_DL_SIFFLAGS
336 * KEV_DL_LINK_ADDRESS_CHANGED
337 * KEV_DL_IFCAP_CHANGED
338 *
339 * or any of the other events? On Snow Leopard and, I think,
340 * earlier releases, you can't attach a BPF device to an
341 * interface that's not up, so KEV_DL_SIFFLAGS might be
342 * worth listening to so that we only say "here's a new
343 * interface" when it goes up; on Lion (and possibly Mountain
344 * Lion), an interface doesn't have to be up in order to
345 * have a BPF device attached to it.
346 */
348 }
349 }
353 int
355 {
357 }
359 void
361 {
362 }
364 int
366 {
368 }
370 void
372 {
373 }