/* capture-pcap-util.c * Utility routines for packet capture * * $Id$ * * Wireshark - Network traffic analyzer * By Gerald Combs * Copyright 1998 Gerald Combs * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "config.h" #ifdef HAVE_LIBPCAP #include #include #include #include #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #include #include #include "capture_ifinfo.h" #include "capture-pcap-util.h" #include "capture-pcap-util-int.h" #include "wsutil/file_util.h" #ifndef _WIN32 #include #endif #ifdef _WIN32 #include "capture_win_ifnames.h" /* windows friendly interface names */ #endif /* * Given an interface name, find the "friendly name" and interface * type for the interface. */ #if defined(__APPLE__) #include #include #include "cfutils.h" /* * On OS X, we get the "friendly name" and interface type for the interface * from the System Configuration framework. * * To find the System Configuration framework information for the * interface, we get all the interfaces that the System Configuration * framework knows about and look for the one with a "BSD name" matching * the interface name. * * If we find it, we use its "localized display name", if it has one, as * the "friendly name". * * As for the interface type: * * Yes, fetching all the network addresses for an interface gets you an * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes * an SNMP MIB-II ifType value. * * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces, * not IFT_IEEE80211 (which isn't defined in OS X in any case). * * Perhaps some other BSD-flavored OSes won't make this mistake; * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have * made the same mistake, at least for my Belkin ZyDAS stick. * * SCNetworkInterfaceGetInterfaceType() will get the interface * type. The interface type is a CFString, and: * * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS; * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH; * kSCNetworkInterfaceTypeModem or * kSCNetworkInterfaceTypePPP or * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP */ static void add_unix_interface_ifinfo(if_info_t *if_info, const char *name, const char *description _U_) { CFStringRef name_CFString; CFArrayRef interfaces; CFIndex num_interfaces; CFIndex i; SCNetworkInterfaceRef interface; CFStringRef bsdname_CFString; CFStringRef friendly_name_CFString; CFStringRef interface_type_CFString; interfaces = SCNetworkInterfaceCopyAll(); if (interfaces == NULL) { /* * Couldn't get a list of interfaces. */ return; } name_CFString = CFStringCreateWithCString(kCFAllocatorDefault, name, kCFStringEncodingUTF8); if (name_CFString == NULL) { /* * Couldn't convert the interface name to a CFString. */ CFRelease(interfaces); return; } num_interfaces = CFArrayGetCount(interfaces); for (i = 0; i < num_interfaces; i++) { interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i); bsdname_CFString = SCNetworkInterfaceGetBSDName(interface); if (bsdname_CFString == NULL) { /* * This interface has no BSD name, so it's not * a regular network interface. */ continue; } if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) { /* * This is the interface. * First, get the friendly name. */ friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface); if (friendly_name_CFString != NULL) if_info->friendly_name = CFString_to_C_string(friendly_name_CFString); /* * Now get the interface type. */ interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface); if (CFStringCompare(interface_type_CFString, kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo) if_info->type = IF_WIRELESS; else if (CFStringCompare(interface_type_CFString, kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo) if_info->type = IF_BLUETOOTH; else if (CFStringCompare(interface_type_CFString, kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo) if_info->type = IF_DIALUP; else if (CFStringCompare(interface_type_CFString, kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo) if_info->type = IF_DIALUP; else if (CFStringCompare(interface_type_CFString, kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo) if_info->type = IF_DIALUP; else if_info->type = IF_WIRED; break; } } CFRelease(interfaces); CFRelease(name_CFString); } #elif defined(__linux__) /* * Linux doesn't offer any form of "friendly name", but you can * determine an interface type to some degree. */ static void add_unix_interface_ifinfo(if_info_t *if_info, const char *name, const char *description _U_) { char *wireless_path; ws_statb64 statb; /* * Look for /sys/class/net/{device}/wireless. If it exists, * it's a wireless interface. */ wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name); if (wireless_path != NULL) { if (ws_stat64(wireless_path, &statb) == 0) if_info->type = IF_WIRELESS; g_free(wireless_path); } if (if_info->type == IF_WIRED) { /* * We still don't know what it is. Check for * Bluetooth and USB devices. */ if (strstr(name, "bluetooth") != NULL) { /* * XXX - this is for raw Bluetooth capture; what * about IP-over-Bluetooth devices? */ if_info->type = IF_BLUETOOTH; } else if (strstr(name, "usbmon") != NULL) if_info->type = IF_USB; } } #else /* * On other UN*Xes, if there is a description, it's a friendly * name, and there is no vendor description. ("Other UN*Xes" * currently means "FreeBSD and OpenBSD".) */ void add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_, const char *description) { if_info->friendly_name = g_strdup(description); } #endif if_info_t * if_info_new(const char *name, const char *description, gboolean loopback) { if_info_t *if_info; #ifdef _WIN32 const char *guid_text; GUID guid; #endif if_info = (if_info_t *)g_malloc(sizeof (if_info_t)); if_info->name = g_strdup(name); if_info->friendly_name = NULL; /* default - unknown */ if_info->vendor_description = NULL; if_info->type = IF_WIRED; /* default */ #ifdef _WIN32 /* * Get the interface type. * * Much digging failed to reveal any obvious way to get something * such as the SNMP MIB-II ifType value for an interface: * * http://www.iana.org/assignments/ianaiftype-mib * * by making some NDIS request. And even if there were such * a way, there's no guarantee that the ifType reflects an * interface type that a user would view as correct (for * example, some systems report Wi-Fi interfaces as * Ethernet interfaces). * * So we look for keywords in the vendor's interface * description. */ if (description && (strstr(description, "generic dialup") != NULL || strstr(description, "PPP/SLIP") != NULL)) { if_info->type = IF_DIALUP; } else if (description && (strstr(description, "Wireless") != NULL || strstr(description,"802.11") != NULL)) { if_info->type = IF_WIRELESS; } else if (description && strstr(description, "AirPcap") != NULL || strstr(name, "airpcap") != NULL) { if_info->type = IF_AIRPCAP; } else if (description && strstr(description, "Bluetooth") != NULL ) { if_info->type = IF_BLUETOOTH; } else if (description && strstr(description, "VMware") != NULL) { /* * Bridge, NAT, or host-only interface on a VMware host. * * XXX - what about guest interfaces? */ if_info->type = IF_VIRTUAL; } /* * On Windows, the "description" is a vendor description, * and the friendly name isn't returned by WinPcap. * Fetch it ourselves. */ /* * Skip over the "\Device\NPF_" prefix in the device name, * if present. */ if (strncmp("\\Device\\NPF_", name, 12) == 0) guid_text = name + 12; else guid_text = name; /* Now try to parse what remains as a GUID. */ if (parse_as_guid(guid_text, &guid)) { /* * Success. Try to get a friendly name using the GUID. * As this is a regular interface, the description is a * vendor description. */ if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid); if_info->vendor_description = g_strdup(description); } else { /* * This is probably not a regular interface; we only * support NT 5 (W2K) and later, so all regular interfaces * should have GUIDs at the end of the name. Therefore, * the description, if supplied, is a friendly name * provided by WinPcap, and there is no vendor * description. */ if_info->friendly_name = g_strdup(description); if_info->vendor_description = NULL; } #else /* * On UN*X, if there is a description, it's a friendly * name, and there is no vendor description. * * Try the platform's way of getting a friendly name and * interface type first. * * If that fails, then, for a loopback interface, give it the * friendly name "Loopback" and, for VMware interfaces, * give them the type IF_VIRTUAL. */ add_unix_interface_ifinfo(if_info, name, description); if (if_info->type == IF_WIRED) { /* * This is the default interface type. * * Bridge, NAT, or host-only interfaces on VMWare hosts * have the name vmnet[0-9]+. Guests might use a native * (LANCE or E1000) driver or the vmxnet driver. Check * the name. */ if (g_ascii_strncasecmp(name, "vmnet", 5) == 0) if_info->type = IF_VIRTUAL; else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0) if_info->type = IF_VIRTUAL; } if (if_info->friendly_name == NULL) { /* * We couldn't get interface information using platform- * dependent calls. * * If this is a loopback interface, give it a * "friendly name" of "Loopback". */ if (loopback) if_info->friendly_name = g_strdup("Loopback"); } if_info->vendor_description = NULL; #endif if_info->loopback = loopback; if_info->addrs = NULL; return if_info; } void if_info_add_address(if_info_t *if_info, struct sockaddr *addr) { if_addr_t *if_addr; struct sockaddr_in *ai; #ifdef INET6 struct sockaddr_in6 *ai6; #endif switch (addr->sa_family) { case AF_INET: ai = (struct sockaddr_in *)(void *)addr; if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr)); if_addr->ifat_type = IF_AT_IPv4; if_addr->addr.ip4_addr = *((guint32 *)&(ai->sin_addr.s_addr)); if_info->addrs = g_slist_append(if_info->addrs, if_addr); break; #ifdef INET6 case AF_INET6: ai6 = (struct sockaddr_in6 *)(void *)addr; if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr)); if_addr->ifat_type = IF_AT_IPv6; memcpy((void *)&if_addr->addr.ip6_addr, (void *)&ai6->sin6_addr.s6_addr, sizeof if_addr->addr.ip6_addr); if_info->addrs = g_slist_append(if_info->addrs, if_addr); break; #endif } } #ifdef HAVE_PCAP_FINDALLDEVS /* * Get all IP address information for the given interface. */ static void if_info_ip(if_info_t *if_info, pcap_if_t *d) { pcap_addr_t *a; /* All addresses */ for (a = d->addresses; a != NULL; a = a->next) { if (a->addr != NULL) if_info_add_address(if_info, a->addr); } } #ifdef HAVE_PCAP_REMOTE GList * get_interface_list_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, int *err, char **err_str) { GList *il = NULL; pcap_if_t *alldevs, *dev; if_info_t *if_info; char errbuf[PCAP_ERRBUF_SIZE]; if (pcap_findalldevs_ex((char *)source, auth, &alldevs, errbuf) == -1) { *err = CANT_GET_INTERFACE_LIST; if (err_str != NULL) *err_str = cant_get_if_list_error_message(errbuf); return NULL; } if (alldevs == NULL) { /* * No interfaces found. */ *err = NO_INTERFACES_FOUND; if (err_str != NULL) *err_str = NULL; return NULL; } for (dev = alldevs; dev != NULL; dev = dev->next) { if_info = if_info_new(dev->name, dev->description, (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE); il = g_list_append(il, if_info); if_info_ip(if_info, dev); } pcap_freealldevs(alldevs); return il; } #endif GList * get_interface_list_findalldevs(int *err, char **err_str) { GList *il = NULL; pcap_if_t *alldevs, *dev; if_info_t *if_info; char errbuf[PCAP_ERRBUF_SIZE]; if (pcap_findalldevs(&alldevs, errbuf) == -1) { *err = CANT_GET_INTERFACE_LIST; if (err_str != NULL) *err_str = cant_get_if_list_error_message(errbuf); return NULL; } if (alldevs == NULL) { /* * No interfaces found. */ *err = NO_INTERFACES_FOUND; if (err_str != NULL) *err_str = NULL; return NULL; } for (dev = alldevs; dev != NULL; dev = dev->next) { if_info = if_info_new(dev->name, dev->description, (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE); il = g_list_append(il, if_info); if_info_ip(if_info, dev); } pcap_freealldevs(alldevs); return il; } #endif /* HAVE_PCAP_FINDALLDEVS */ static void free_if_info_addr_cb(gpointer addr, gpointer user_data _U_) { g_free(addr); } static void free_if_cb(gpointer data, gpointer user_data _U_) { if_info_t *if_info = (if_info_t *)data; g_free(if_info->name); g_free(if_info->friendly_name); g_free(if_info->vendor_description); g_slist_foreach(if_info->addrs, free_if_info_addr_cb, NULL); g_slist_free(if_info->addrs); g_free(if_info); } void free_interface_list(GList *if_list) { g_list_foreach(if_list, free_if_cb, NULL); g_list_free(if_list); } #if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) struct dlt_choice { const char *name; const char *description; int dlt; }; #define DLT_CHOICE(code, description) { #code, description, code } #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } static struct dlt_choice dlt_choices[] = { DLT_CHOICE(DLT_NULL, "BSD loopback"), DLT_CHOICE(DLT_EN10MB, "Ethernet"), DLT_CHOICE(DLT_IEEE802, "Token ring"), DLT_CHOICE(DLT_ARCNET, "ARCNET"), DLT_CHOICE(DLT_SLIP, "SLIP"), DLT_CHOICE(DLT_PPP, "PPP"), DLT_CHOICE(DLT_FDDI, "FDDI"), DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"), DLT_CHOICE(DLT_RAW, "Raw IP"), DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), DLT_CHOICE(DLT_IEEE802_11, "802.11"), DLT_CHOICE(DLT_FRELAY, "Frame Relay"), DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), DLT_CHOICE(DLT_LTALK, "Localtalk"), DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"), DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus BSD radio information header"), DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), DLT_CHOICE_SENTINEL }; #if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) static int pcap_datalink_name_to_val(const char *name) { int i; for (i = 0; dlt_choices[i].name != NULL; i++) { if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, name) == 0) return (dlt_choices[i].dlt); } return (-1); } #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) */ #if !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) static const char * pcap_datalink_val_to_name(int dlt) { int i; for (i = 0; dlt_choices[i].name != NULL; i++) { if (dlt_choices[i].dlt == dlt) return (dlt_choices[i].name + sizeof("DLT_") - 1); } return (NULL); } #endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) */ #if !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) const char * pcap_datalink_val_to_description(int dlt) { int i; for (i = 0; dlt_choices[i].name != NULL; i++) { if (dlt_choices[i].dlt == dlt) return (dlt_choices[i].description); } return (NULL); } #endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */ #endif /* !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */ static void free_linktype_cb(gpointer data, gpointer user_data _U_) { data_link_info_t *linktype_info = (data_link_info_t *)data; g_free(linktype_info->name); g_free(linktype_info->description); } void free_if_capabilities(if_capabilities_t *caps) { g_list_foreach(caps->data_link_types, free_linktype_cb, NULL); g_list_free(caps->data_link_types); g_free(caps); } const char * linktype_val_to_name(int dlt) { return pcap_datalink_val_to_name(dlt); } int linktype_name_to_val(const char *linktype) { return pcap_datalink_name_to_val(linktype); } #endif /* HAVE_LIBPCAP */