aboutsummaryrefslogtreecommitdiffstats
path: root/caputils/capture-pcap-util.c
diff options
context:
space:
mode:
Diffstat (limited to 'caputils/capture-pcap-util.c')
-rw-r--r--caputils/capture-pcap-util.c639
1 files changed, 639 insertions, 0 deletions
diff --git a/caputils/capture-pcap-util.c b/caputils/capture-pcap-util.c
new file mode 100644
index 0000000000..c4e7df3868
--- /dev/null
+++ b/caputils/capture-pcap-util.c
@@ -0,0 +1,639 @@
+/* capture-pcap-util.c
+ * Utility routines for packet capture
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "config.h"
+
+#ifdef HAVE_LIBPCAP
+
+#include <glib.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <limits.h>
+#include <string.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#include <wtap.h>
+#include <libpcap.h>
+
+#include "caputils/capture_ifinfo.h"
+#include "caputils/capture-pcap-util.h"
+#include "caputils/capture-pcap-util-int.h"
+
+#include "wsutil/file_util.h"
+
+#ifndef _WIN32
+#include <netinet/in.h>
+#endif
+
+#ifdef _WIN32
+#include "caputils/capture_win_ifnames.h" /* windows friendly interface names */
+#endif
+
+/*
+ * Given an interface name, find the "friendly name" and interface
+ * type for the interface.
+ */
+
+#if defined(__APPLE__)
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <SystemConfiguration/SystemConfiguration.h>
+
+#include <wsutil/cfutils.h>
+
+/*
+ * On OS X, we get the "friendly name" and interface type for the interface
+ * from the System Configuration framework.
+ *
+ * To find the System Configuration framework information for the
+ * interface, we get all the interfaces that the System Configuration
+ * framework knows about and look for the one with a "BSD name" matching
+ * the interface name.
+ *
+ * If we find it, we use its "localized display name", if it has one, as
+ * the "friendly name".
+ *
+ * As for the interface type:
+ *
+ * Yes, fetching all the network addresses for an interface gets you an
+ * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes
+ * an SNMP MIB-II ifType value.
+ *
+ * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
+ * not IFT_IEEE80211 (which isn't defined in OS X in any case).
+ *
+ * Perhaps some other BSD-flavored OSes won't make this mistake;
+ * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
+ * made the same mistake, at least for my Belkin ZyDAS stick.
+ *
+ * SCNetworkInterfaceGetInterfaceType() will get the interface
+ * type. The interface type is a CFString, and:
+ *
+ * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
+ * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
+ * kSCNetworkInterfaceTypeModem or
+ * kSCNetworkInterfaceTypePPP or
+ * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
+ */
+static void
+add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
+ const char *description _U_)
+{
+ CFStringRef name_CFString;
+ CFArrayRef interfaces;
+ CFIndex num_interfaces;
+ CFIndex i;
+ SCNetworkInterfaceRef interface;
+ CFStringRef bsdname_CFString;
+ CFStringRef friendly_name_CFString;
+ CFStringRef interface_type_CFString;
+
+ interfaces = SCNetworkInterfaceCopyAll();
+ if (interfaces == NULL) {
+ /*
+ * Couldn't get a list of interfaces.
+ */
+ return;
+ }
+
+ name_CFString = CFStringCreateWithCString(kCFAllocatorDefault,
+ name, kCFStringEncodingUTF8);
+ if (name_CFString == NULL) {
+ /*
+ * Couldn't convert the interface name to a CFString.
+ */
+ CFRelease(interfaces);
+ return;
+ }
+
+ num_interfaces = CFArrayGetCount(interfaces);
+ for (i = 0; i < num_interfaces; i++) {
+ interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i);
+ bsdname_CFString = SCNetworkInterfaceGetBSDName(interface);
+ if (bsdname_CFString == NULL) {
+ /*
+ * This interface has no BSD name, so it's not
+ * a regular network interface.
+ */
+ continue;
+ }
+ if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) {
+ /*
+ * This is the interface.
+ * First, get the friendly name.
+ */
+ friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface);
+ if (friendly_name_CFString != NULL)
+ if_info->friendly_name = CFString_to_C_string(friendly_name_CFString);
+
+ /*
+ * Now get the interface type.
+ */
+ interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface);
+ if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo)
+ if_info->type = IF_WIRELESS;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo)
+ if_info->type = IF_BLUETOOTH;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo)
+ if_info->type = IF_DIALUP;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo)
+ if_info->type = IF_DIALUP;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo)
+ if_info->type = IF_DIALUP;
+ else
+ if_info->type = IF_WIRED;
+ break;
+ }
+ }
+
+ CFRelease(interfaces);
+ CFRelease(name_CFString);
+}
+#elif defined(__linux__)
+/*
+ * Linux doesn't offer any form of "friendly name", but you can
+ * determine an interface type to some degree.
+ */
+static void
+add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
+ const char *description _U_)
+{
+ char *wireless_path;
+ ws_statb64 statb;
+
+ /*
+ * Look for /sys/class/net/{device}/wireless. If it exists,
+ * it's a wireless interface.
+ */
+ wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
+ if (wireless_path != NULL) {
+ if (ws_stat64(wireless_path, &statb) == 0)
+ if_info->type = IF_WIRELESS;
+ g_free(wireless_path);
+ }
+ if (if_info->type == IF_WIRED) {
+ /*
+ * We still don't know what it is. Check for
+ * Bluetooth and USB devices.
+ */
+ if (strstr(name, "bluetooth") != NULL) {
+ /*
+ * XXX - this is for raw Bluetooth capture; what
+ * about IP-over-Bluetooth devices?
+ */
+ if_info->type = IF_BLUETOOTH;
+ } else if (strstr(name, "usbmon") != NULL)
+ if_info->type = IF_USB;
+ }
+}
+#else
+/*
+ * On other UN*Xes, if there is a description, it's a friendly
+ * name, and there is no vendor description. ("Other UN*Xes"
+ * currently means "FreeBSD and OpenBSD".)
+ */
+void
+add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_,
+ const char *description)
+{
+ if_info->friendly_name = g_strdup(description);
+}
+#endif
+
+if_info_t *
+if_info_new(const char *name, const char *description, gboolean loopback)
+{
+ if_info_t *if_info;
+#ifdef _WIN32
+ const char *guid_text;
+ GUID guid;
+#endif
+
+ if_info = (if_info_t *)g_malloc(sizeof (if_info_t));
+ if_info->name = g_strdup(name);
+ if_info->friendly_name = NULL; /* default - unknown */
+ if_info->vendor_description = NULL;
+ if_info->type = IF_WIRED; /* default */
+#ifdef _WIN32
+ /*
+ * Get the interface type.
+ *
+ * Much digging failed to reveal any obvious way to get something
+ * such as the SNMP MIB-II ifType value for an interface:
+ *
+ * http://www.iana.org/assignments/ianaiftype-mib
+ *
+ * by making some NDIS request. And even if there were such
+ * a way, there's no guarantee that the ifType reflects an
+ * interface type that a user would view as correct (for
+ * example, some systems report Wi-Fi interfaces as
+ * Ethernet interfaces).
+ *
+ * So we look for keywords in the vendor's interface
+ * description.
+ */
+ if (description && (strstr(description, "generic dialup") != NULL ||
+ strstr(description, "PPP/SLIP") != NULL)) {
+ if_info->type = IF_DIALUP;
+ } else if (description && (strstr(description, "Wireless") != NULL ||
+ strstr(description,"802.11") != NULL)) {
+ if_info->type = IF_WIRELESS;
+ } else if (description && strstr(description, "AirPcap") != NULL ||
+ strstr(name, "airpcap") != NULL) {
+ if_info->type = IF_AIRPCAP;
+ } else if (description && strstr(description, "Bluetooth") != NULL ) {
+ if_info->type = IF_BLUETOOTH;
+ } else if (description && strstr(description, "VMware") != NULL) {
+ /*
+ * Bridge, NAT, or host-only interface on a VMware host.
+ *
+ * XXX - what about guest interfaces?
+ */
+ if_info->type = IF_VIRTUAL;
+ }
+
+ /*
+ * On Windows, the "description" is a vendor description,
+ * and the friendly name isn't returned by WinPcap.
+ * Fetch it ourselves.
+ */
+
+ /*
+ * Skip over the "\Device\NPF_" prefix in the device name,
+ * if present.
+ */
+ if (strncmp("\\Device\\NPF_", name, 12) == 0)
+ guid_text = name + 12;
+ else
+ guid_text = name;
+
+ /* Now try to parse what remains as a GUID. */
+ if (parse_as_guid(guid_text, &guid)) {
+ /*
+ * Success. Try to get a friendly name using the GUID.
+ * As this is a regular interface, the description is a
+ * vendor description.
+ */
+ if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid);
+ if_info->vendor_description = g_strdup(description);
+ } else {
+ /*
+ * This is probably not a regular interface; we only
+ * support NT 5 (W2K) and later, so all regular interfaces
+ * should have GUIDs at the end of the name. Therefore,
+ * the description, if supplied, is a friendly name
+ * provided by WinPcap, and there is no vendor
+ * description.
+ */
+ if_info->friendly_name = g_strdup(description);
+ if_info->vendor_description = NULL;
+ }
+#else
+ /*
+ * On UN*X, if there is a description, it's a friendly
+ * name, and there is no vendor description.
+ *
+ * Try the platform's way of getting a friendly name and
+ * interface type first.
+ *
+ * If that fails, then, for a loopback interface, give it the
+ * friendly name "Loopback" and, for VMware interfaces,
+ * give them the type IF_VIRTUAL.
+ */
+ add_unix_interface_ifinfo(if_info, name, description);
+ if (if_info->type == IF_WIRED) {
+ /*
+ * This is the default interface type.
+ *
+ * Bridge, NAT, or host-only interfaces on VMWare hosts
+ * have the name vmnet[0-9]+. Guests might use a native
+ * (LANCE or E1000) driver or the vmxnet driver. Check
+ * the name.
+ */
+ if (g_ascii_strncasecmp(name, "vmnet", 5) == 0)
+ if_info->type = IF_VIRTUAL;
+ else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0)
+ if_info->type = IF_VIRTUAL;
+ }
+ if (if_info->friendly_name == NULL) {
+ /*
+ * We couldn't get interface information using platform-
+ * dependent calls.
+ *
+ * If this is a loopback interface, give it a
+ * "friendly name" of "Loopback".
+ */
+ if (loopback)
+ if_info->friendly_name = g_strdup("Loopback");
+ }
+ if_info->vendor_description = NULL;
+#endif
+ if_info->loopback = loopback;
+ if_info->addrs = NULL;
+ return if_info;
+}
+
+void
+if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
+{
+ if_addr_t *if_addr;
+ struct sockaddr_in *ai;
+#ifdef INET6
+ struct sockaddr_in6 *ai6;
+#endif
+
+ switch (addr->sa_family) {
+
+ case AF_INET:
+ ai = (struct sockaddr_in *)(void *)addr;
+ if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
+ if_addr->ifat_type = IF_AT_IPv4;
+ if_addr->addr.ip4_addr =
+ *((guint32 *)&(ai->sin_addr.s_addr));
+ if_info->addrs = g_slist_append(if_info->addrs, if_addr);
+ break;
+
+#ifdef INET6
+ case AF_INET6:
+ ai6 = (struct sockaddr_in6 *)(void *)addr;
+ if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
+ if_addr->ifat_type = IF_AT_IPv6;
+ memcpy((void *)&if_addr->addr.ip6_addr,
+ (void *)&ai6->sin6_addr.s6_addr,
+ sizeof if_addr->addr.ip6_addr);
+ if_info->addrs = g_slist_append(if_info->addrs, if_addr);
+ break;
+#endif
+ }
+}
+
+#ifdef HAVE_PCAP_FINDALLDEVS
+/*
+ * Get all IP address information for the given interface.
+ */
+static void
+if_info_ip(if_info_t *if_info, pcap_if_t *d)
+{
+ pcap_addr_t *a;
+
+ /* All addresses */
+ for (a = d->addresses; a != NULL; a = a->next) {
+ if (a->addr != NULL)
+ if_info_add_address(if_info, a->addr);
+ }
+}
+
+#ifdef HAVE_PCAP_REMOTE
+GList *
+get_interface_list_findalldevs_ex(const char *source,
+ struct pcap_rmtauth *auth,
+ int *err, char **err_str)
+{
+ GList *il = NULL;
+ pcap_if_t *alldevs, *dev;
+ if_info_t *if_info;
+ char errbuf[PCAP_ERRBUF_SIZE];
+
+ if (pcap_findalldevs_ex((char *)source, auth, &alldevs, errbuf) == -1) {
+ *err = CANT_GET_INTERFACE_LIST;
+ if (err_str != NULL)
+ *err_str = cant_get_if_list_error_message(errbuf);
+ return NULL;
+ }
+
+ if (alldevs == NULL) {
+ /*
+ * No interfaces found.
+ */
+ *err = NO_INTERFACES_FOUND;
+ if (err_str != NULL)
+ *err_str = NULL;
+ return NULL;
+ }
+
+ for (dev = alldevs; dev != NULL; dev = dev->next) {
+ if_info = if_info_new(dev->name, dev->description,
+ (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
+ il = g_list_append(il, if_info);
+ if_info_ip(if_info, dev);
+ }
+ pcap_freealldevs(alldevs);
+
+ return il;
+}
+#endif
+
+GList *
+get_interface_list_findalldevs(int *err, char **err_str)
+{
+ GList *il = NULL;
+ pcap_if_t *alldevs, *dev;
+ if_info_t *if_info;
+ char errbuf[PCAP_ERRBUF_SIZE];
+
+ if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ *err = CANT_GET_INTERFACE_LIST;
+ if (err_str != NULL)
+ *err_str = cant_get_if_list_error_message(errbuf);
+ return NULL;
+ }
+
+ if (alldevs == NULL) {
+ /*
+ * No interfaces found.
+ */
+ *err = NO_INTERFACES_FOUND;
+ if (err_str != NULL)
+ *err_str = NULL;
+ return NULL;
+ }
+
+ for (dev = alldevs; dev != NULL; dev = dev->next) {
+ if_info = if_info_new(dev->name, dev->description,
+ (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
+ il = g_list_append(il, if_info);
+ if_info_ip(if_info, dev);
+ }
+ pcap_freealldevs(alldevs);
+
+ return il;
+}
+#endif /* HAVE_PCAP_FINDALLDEVS */
+
+static void
+free_if_info_addr_cb(gpointer addr, gpointer user_data _U_)
+{
+ g_free(addr);
+}
+
+static void
+free_if_cb(gpointer data, gpointer user_data _U_)
+{
+ if_info_t *if_info = (if_info_t *)data;
+
+ g_free(if_info->name);
+ g_free(if_info->friendly_name);
+ g_free(if_info->vendor_description);
+
+ g_slist_foreach(if_info->addrs, free_if_info_addr_cb, NULL);
+ g_slist_free(if_info->addrs);
+ g_free(if_info);
+}
+
+void
+free_interface_list(GList *if_list)
+{
+ g_list_foreach(if_list, free_if_cb, NULL);
+ g_list_free(if_list);
+}
+
+#if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
+struct dlt_choice {
+ const char *name;
+ const char *description;
+ int dlt;
+};
+
+#define DLT_CHOICE(code, description) { #code, description, code }
+#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
+
+static struct dlt_choice dlt_choices[] = {
+ DLT_CHOICE(DLT_NULL, "BSD loopback"),
+ DLT_CHOICE(DLT_EN10MB, "Ethernet"),
+ DLT_CHOICE(DLT_IEEE802, "Token ring"),
+ DLT_CHOICE(DLT_ARCNET, "ARCNET"),
+ DLT_CHOICE(DLT_SLIP, "SLIP"),
+ DLT_CHOICE(DLT_PPP, "PPP"),
+ DLT_CHOICE(DLT_FDDI, "FDDI"),
+ DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
+ DLT_CHOICE(DLT_RAW, "Raw IP"),
+ DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
+ DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
+ DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
+ DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
+ DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
+ DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
+ DLT_CHOICE(DLT_IEEE802_11, "802.11"),
+ DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
+ DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
+ DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
+ DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
+ DLT_CHOICE(DLT_LTALK, "Localtalk"),
+ DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
+ DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
+ DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
+ DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
+ DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus BSD radio information header"),
+ DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
+ DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
+ DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
+ DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
+ DLT_CHOICE_SENTINEL
+};
+
+#if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL)
+static int
+pcap_datalink_name_to_val(const char *name)
+{
+ int i;
+
+ for (i = 0; dlt_choices[i].name != NULL; i++) {
+ if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
+ name) == 0)
+ return (dlt_choices[i].dlt);
+ }
+ return (-1);
+}
+#endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) */
+
+#if !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME)
+static const char *
+pcap_datalink_val_to_name(int dlt)
+{
+ int i;
+
+ for (i = 0; dlt_choices[i].name != NULL; i++) {
+ if (dlt_choices[i].dlt == dlt)
+ return (dlt_choices[i].name + sizeof("DLT_") - 1);
+ }
+ return (NULL);
+}
+#endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) */
+
+#if !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
+const char *
+pcap_datalink_val_to_description(int dlt)
+{
+ int i;
+
+ for (i = 0; dlt_choices[i].name != NULL; i++) {
+ if (dlt_choices[i].dlt == dlt)
+ return (dlt_choices[i].description);
+ }
+ return (NULL);
+}
+#endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */
+
+#endif /* !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */
+
+static void
+free_linktype_cb(gpointer data, gpointer user_data _U_)
+{
+ data_link_info_t *linktype_info = (data_link_info_t *)data;
+
+ g_free(linktype_info->name);
+ g_free(linktype_info->description);
+}
+
+void
+free_if_capabilities(if_capabilities_t *caps)
+{
+ g_list_foreach(caps->data_link_types, free_linktype_cb, NULL);
+ g_list_free(caps->data_link_types);
+ g_free(caps);
+}
+
+const char *
+linktype_val_to_name(int dlt)
+{
+ return pcap_datalink_val_to_name(dlt);
+}
+
+int linktype_name_to_val(const char *linktype)
+{
+ return pcap_datalink_name_to_val(linktype);
+}
+
+#endif /* HAVE_LIBPCAP */