Check for EAFNOTSUP errors on Linux.

On Linux, look for an error message of "socket: Address family not
supported by protocol"; if we see it, that's EAFNOTSUP, which means
either that 1) your kernel doesn't have PF_PACKET support configured in
or 2) this is a Flatpak package of Wireshark that's "helpfully" been
sandboxed.  Display a secondary error message indicating one of those is
likely the problem; mention the Flatpak one first, as that's more likely
than the second (if you can still configure PF_PACKET sockets out, it's
not the default, so it's unlikely to be the case).

See issue #19008.

1 files changed, 39 insertions, 6 deletions

diff --git a/dumpcap.c b/dumpcap.c
index 9602f50d9f..666514d581 100644
--- a/dumpcap.c
+++ b/dumpcap.c
@@ -707,21 +707,54 @@ get_pcap_failure_secondary_error_message(cap_device_open_status open_status,
          */
         static const char promisc_failed[] =
             "failed to set hardware filter to promiscuous mode";
+#if defined(__linux__)
+        static const char af_notsup[] =
+            "socket: Address family not supported by protocol";
+#endif
 
         /*
-         * Does the error string begin with the error produced by WinPcap
-         * and Npcap if attempting to set promiscuous mode fails?
-         * (Note that this string could have a specific error message
-         * from an NDIS error after the initial part, so we do a prefix
-         * check rather than an exact match check.)
+         * Check for some text that pops up in some errors.
          */
         if (strncmp(open_status_str, promisc_failed, sizeof promisc_failed - 1) == 0) {
             /*
-             * Yes.  Suggest that the user turn off promiscuous mode on that
+             * The error string begins with the error produced by WinPcap
+             * and Npcap if attempting to set promiscuous mode fails.
+             * (Note that this string could have a specific error message
+             * from an NDIS error after the initial part, so we do a prefix
+             * check rather than an exact match check.)
+             *
+             * Suggest that the user turn off promiscuous mode on that
              * device.
              */
             return
                    "Please turn off promiscuous mode for this device";
+#if defined(__linux__)
+        } else if (strcmp(open_status_str, af_notsup) == 0) {
+            /*
+             * The error string is the message provided by libpcap on
+	     * Linux if an attempt to open a PF_PACKET socket failed
+	     * with EAFNOSUPPORT.  This probably means that either 1)
+	     * the kernel doesn't have PF_PACKET support configured in
+	     * or 2) this is a Flatpak version of Wireshark that's been
+	     * sandboxed in a way that disallows opening PF_PACKET
+	     * sockets.
+	     *
+	     * Suggest that the user find some other package of
+	     * Wireshark if they want to capture traffic and are
+	     * running a Flatpak of Wireshark or that they configure
+	     * PF_PACKET support back in if it's configured out.
+	     */
+	    return
+                       "If you are running Wireshark from a Flatpak package, "
+                       "it does not support packet capture; you will need "
+                       "to run a different version of Wireshark in order "
+                       "to capture traffic.\n"
+                       "\n"
+                       "Otherwise, if your machine is running a kernel that "
+                       "was not configured with CONFIG_PACKET, that kernel "
+                       "does not support packet capture; you will need to "
+                       "use a kernel configured with CONFIG_PACKET.";
+#endif
         } else {
             /*
              * No.  Was this a "generic" error from pcap_open_live()