diff options
author | Guy Harris <guy@alum.mit.edu> | 2014-07-04 00:24:02 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2014-07-04 07:25:26 +0000 |
commit | 9e6487f24751d1c1a047ee82e158077ac67c9c68 (patch) | |
tree | 3cc4a8524062948f4951914dc9af489e0d7c4572 /caputils/capture-pcap-util-unix.c | |
parent | c5643a3d257909ed3e8752cd729b9192ae719683 (diff) |
Move utility routines for capturing into a libcaputils static library.
Some of those routines are used only in dumpcap; others are used in
TShark and Wireshark as well.
Change-Id: I9d92483f2fcff57a7d8b6bf6bdf2870505d19fb7
Reviewed-on: https://code.wireshark.org/review/2841
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'caputils/capture-pcap-util-unix.c')
-rw-r--r-- | caputils/capture-pcap-util-unix.c | 434 |
1 files changed, 434 insertions, 0 deletions
diff --git a/caputils/capture-pcap-util-unix.c b/caputils/capture-pcap-util-unix.c new file mode 100644 index 0000000000..21e832b166 --- /dev/null +++ b/caputils/capture-pcap-util-unix.c @@ -0,0 +1,434 @@ +/* capture-pcap-util-unix.c + * UN*X-specific utility routines for packet capture + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include <glib.h> + +#ifdef HAVE_LIBPCAP + +#ifdef HAVE_PCAP_FINDALLDEVS + +#include <pcap.h> + +#else /* HAVE_PCAP_FINDALLDEVS */ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <errno.h> + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +#ifdef HAVE_SYS_IOCTL_H +#include <sys/ioctl.h> +#endif + +/* + * Keep Digital UNIX happy when including <net/if.h>. + */ +struct mbuf; +struct rtentry; +#include <net/if.h> + +#ifdef HAVE_SYS_SOCKIO_H +# include <sys/sockio.h> +#endif + +#include "caputils/capture-pcap-util.h" + +#endif /* HAVE_PCAP_FINDALLDEVS */ + +#ifdef HAVE_LIBCAP +# include <sys/capability.h> +#endif + +#include "caputils/capture_ifinfo.h" +#include "caputils/capture-pcap-util.h" +#include "caputils/capture-pcap-util-int.h" + +#ifdef HAVE_PCAP_REMOTE +GList * +get_remote_interface_list(const char *hostname, const char *port, + int auth_type, const char *username, + const char *passwd, int *err, char **err_str) +{ + struct pcap_rmtauth auth; + char source[PCAP_BUF_SIZE]; + char errbuf[PCAP_ERRBUF_SIZE]; + GList *result; + + if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port, + NULL, errbuf) == -1) { + *err = CANT_GET_INTERFACE_LIST; + if (err_str != NULL) + *err_str = cant_get_if_list_error_message(errbuf); + return NULL; + } + + auth.type = auth_type; + auth.username = g_strdup(username); + auth.password = g_strdup(passwd); + + result = get_interface_list_findalldevs_ex(source, &auth, err, err_str); + g_free(auth.username); + g_free(auth.password); + + return result; +} +#endif + +#ifdef HAVE_PCAP_FINDALLDEVS +GList * +get_interface_list(int *err, char **err_str) +{ + return get_interface_list_findalldevs(err, err_str); +} +#else /* HAVE_PCAP_FINDALLDEVS */ +struct search_user_data { + char *name; + if_info_t *if_info; +}; + +static void +search_for_if_cb(gpointer data, gpointer user_data) +{ + struct search_user_data *search_user_data = user_data; + if_info_t *if_info = data; + + if (strcmp(if_info->name, search_user_data->name) == 0) + search_user_data->if_info = if_info; +} + +GList * +get_interface_list(int *err, char **err_str) +{ + GList *il = NULL; + gint nonloopback_pos = 0; + struct ifreq *ifr, *last; + struct ifconf ifc; + struct ifreq ifrflags; + int sock = socket(AF_INET, SOCK_DGRAM, 0); + struct search_user_data user_data; + pcap_t *pch; + int len, lastlen; + char *buf; + if_info_t *if_info; + char errbuf[PCAP_ERRBUF_SIZE]; + gboolean loopback; + + if (sock < 0) { + *err = CANT_GET_INTERFACE_LIST; + if (err_str != NULL) { + *err_str = g_strdup_printf( + "Can't get list of interfaces: error opening socket: %s", + g_strerror(errno)); + } + return NULL; + } + + /* + * This code came from: W. Richard Stevens: "UNIX Network Programming", + * Networking APIs: Sockets and XTI, Vol 1, page 434. + */ + lastlen = 0; + len = 100 * sizeof(struct ifreq); + for ( ; ; ) { + buf = g_malloc(len); + ifc.ifc_len = len; + ifc.ifc_buf = buf; + memset (buf, 0, len); + if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) { + if (errno != EINVAL || lastlen != 0) { + if (err_str != NULL) { + *err_str = g_strdup_printf( + "Can't get list of interfaces: SIOCGIFCONF ioctl error: %s", + g_strerror(errno)); + } + goto fail; + } + } else { + if ((unsigned int) ifc.ifc_len < sizeof(struct ifreq)) { + if (err_str != NULL) { + *err_str = g_strdup( + "Can't get list of interfaces: SIOCGIFCONF ioctl gave too small return buffer"); + } + goto fail; + } + if (ifc.ifc_len == lastlen) + break; /* success, len has not changed */ + lastlen = ifc.ifc_len; + } + len += 10 * sizeof(struct ifreq); /* increment */ + g_free(buf); + } + ifr = (struct ifreq *) ifc.ifc_req; + last = (struct ifreq *) ((char *) ifr + ifc.ifc_len); + while (ifr < last) { + /* + * Skip entries that begin with "dummy", or that include + * a ":" (the latter are Solaris virtuals). + */ + if (strncmp(ifr->ifr_name, "dummy", 5) == 0 || + strchr(ifr->ifr_name, ':') != NULL) + goto next; + + /* + * If we already have this interface name on the list, + * don't add it, but, if we don't already have an IP + * address for it, add that address (SIOCGIFCONF returns, + * at least on BSD-flavored systems, one entry per + * interface *address*; if an interface has multiple + * addresses, we get multiple entries for it). + */ + user_data.name = ifr->ifr_name; + user_data.if_info = NULL; + g_list_foreach(il, search_for_if_cb, &user_data); + if (user_data.if_info != NULL) { + if_info_add_address(user_data.if_info, &ifr->ifr_addr); + goto next; + } + + /* + * Get the interface flags. + */ + memset(&ifrflags, 0, sizeof ifrflags); + g_strlcpy(ifrflags.ifr_name, ifr->ifr_name, + sizeof ifrflags.ifr_name); + if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifrflags) < 0) { + if (errno == ENXIO) + goto next; + if (err_str != NULL) { + *err_str = g_strdup_printf( + "Can't get list of interfaces: SIOCGIFFLAGS error getting flags for interface %s: %s", + ifr->ifr_name, g_strerror(errno)); + } + goto fail; + } + + /* + * Skip interfaces that aren't up. + */ + if (!(ifrflags.ifr_flags & IFF_UP)) + goto next; + + /* + * Skip interfaces that we can't open with "libpcap". + * Open with the minimum packet size - it appears that the + * IRIX SIOCSNOOPLEN "ioctl" may fail if the capture length + * supplied is too large, rather than just truncating it. + */ + pch = pcap_open_live(ifr->ifr_name, MIN_PACKET_SIZE, 0, 0, + errbuf); + if (pch == NULL) + goto next; + pcap_close(pch); + + /* + * If it's a loopback interface, add it at the end of the + * list, otherwise add it after the last non-loopback + * interface, so all loopback interfaces go at the end - we + * don't want a loopback interface to be the default capture + * device unless there are no non-loopback devices. + */ + loopback = ((ifrflags.ifr_flags & IFF_LOOPBACK) || + strncmp(ifr->ifr_name, "lo", 2) == 0); + if_info = if_info_new(ifr->ifr_name, NULL, loopback); + if_info_add_address(if_info, &ifr->ifr_addr); + if (loopback) + il = g_list_append(il, if_info); + else { + il = g_list_insert(il, if_info, nonloopback_pos); + /* + * Insert the next non-loopback interface after this + * one. + */ + nonloopback_pos++; + } + + next: +#ifdef HAVE_SA_LEN + ifr = (struct ifreq *) ((char *) ifr + + (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr) ? + ifr->ifr_addr.sa_len : sizeof(ifr->ifr_addr)) + + IFNAMSIZ); +#else + ifr = (struct ifreq *) ((char *) ifr + sizeof(struct ifreq)); +#endif + } + +#ifdef linux + /* + * OK, maybe we have support for the "any" device, to do a cooked + * capture on all interfaces at once. + * Try opening it and, if that succeeds, add it to the end of + * the list of interfaces. + */ + pch = pcap_open_live("any", MIN_PACKET_SIZE, 0, 0, errbuf); + if (pch != NULL) { + /* + * It worked; we can use the "any" device. + */ + if_info = if_info_new("any", + "Pseudo-device that captures on all interfaces", FALSE); + il = g_list_insert(il, if_info, -1); + pcap_close(pch); + } +#endif + + g_free(ifc.ifc_buf); + close(sock); + + if (il == NULL) { + /* + * No interfaces found. + */ + *err = NO_INTERFACES_FOUND; + if (err_str != NULL) + *err_str = NULL; + } + return il; + +fail: + if (il != NULL) + free_interface_list(il); + g_free(ifc.ifc_buf); + close(sock); + *err = CANT_GET_INTERFACE_LIST; + return NULL; +} +#endif /* HAVE_PCAP_FINDALLDEVS */ + +/* + * Get an error message string for a CANT_GET_INTERFACE_LIST error from + * "get_interface_list()". + */ +gchar * +cant_get_if_list_error_message(const char *err_str) +{ + return g_strdup_printf("Can't get list of interfaces: %s", err_str); +} + +/* + * Get the versions of libpcap, libpcap, and libnl with which we were + * compiled, and append them to a GString. + */ +void +get_compiled_caplibs_version(GString *str) +{ + /* + * NOTE: in *some* flavors of UN*X, the data from a shared + * library might be linked into executable images that are + * linked with that shared library, in which case you could + * look at pcap_version[] to get the version with which + * the program was compiled. + * + * In other flavors of UN*X, that doesn't happen, so + * pcap_version[] gives you the version the program is + * running with, not the version it was built with, and, + * in at least some of them, if the length of a data item + * referred to by the executable - such as the pcap_version[] + * string - isn't the same in the version of the library + * with which the program was built and the version with + * which it was run, the run-time linker will complain, + * which is Not Good. + * + * So, for now, we just give up on reporting the version + * of libpcap with which we were compiled. + */ + g_string_append(str, "with libpcap"); + + /* + * XXX - these libraries are actually used only by dumpcap, + * but we mention them here so that a user reporting a bug + * can get information about dumpcap's libraries without + * having to run dumpcap. + */ + /* LIBCAP */ + g_string_append(str, ", "); +#ifdef HAVE_LIBCAP + g_string_append(str, "with POSIX capabilities"); +#ifdef _LINUX_CAPABILITY_VERSION + g_string_append(str, " (Linux)"); +#endif /* _LINUX_CAPABILITY_VERSION */ +#else /* HAVE_LIBCAP */ + g_string_append(str, "without POSIX capabilities"); +#endif /* HAVE_LIBCAP */ + +#ifdef __linux__ + /* This is a Linux-specific library. */ + /* LIBNL */ + g_string_append(str, ", "); +#if defined(HAVE_LIBNL1) + g_string_append(str, "with libnl 1"); +#elif defined(HAVE_LIBNL2) + g_string_append(str, "with libnl 2"); +#elif defined(HAVE_LIBNL3) + g_string_append(str, "with libnl 3"); +#else /* no libnl */ + g_string_append(str, "without libnl"); +#endif /* libnl version */ +#endif /* __linux__ */ +} + +/* + * Append the version of libpcap with which we we're running to a GString. + */ +void +get_runtime_caplibs_version(GString *str) +{ + g_string_append_printf(str, "with "); +#ifdef HAVE_PCAP_LIB_VERSION + g_string_append(str, pcap_lib_version()); +#else + g_string_append(str, "libpcap (version unknown)"); +#endif +} + +#else /* HAVE_LIBPCAP */ + +/* + * Append an indication that we were not compiled with libpcap + * to a GString. Don't even bother mentioning the other + * libraries. + */ +void +get_compiled_caplibs_version(GString *str) +{ + g_string_append(str, "without libpcap"); +} + +/* + * Don't append anything, as we weren't even compiled to use libpcap. + */ +void +get_runtime_caplibs_version(GString *str _U_) +{ +} + +#endif /* HAVE_LIBPCAP */ |