diff options
author | Guy Harris <gharris@sonic.net> | 2023-04-20 02:02:29 -0700 |
---|---|---|
committer | Guy Harris <gharris@sonic.net> | 2023-04-20 11:13:28 +0000 |
commit | 659876d108131a17eaedabb9b4b1d2c455f976ba (patch) | |
tree | 47c6280071e20f564576c3eff267077bc5097e05 /dumpcap.c | |
parent | 8f7e63bcd9457bcdb6f96bf94f02df6f86895172 (diff) |
Check for EAFNOTSUP errors on Linux.
On Linux, look for an error message of "socket: Address family not
supported by protocol"; if we see it, that's EAFNOTSUP, which means
either that 1) your kernel doesn't have PF_PACKET support configured in
or 2) this is a Flatpak package of Wireshark that's "helpfully" been
sandboxed. Display a secondary error message indicating one of those is
likely the problem; mention the Flatpak one first, as that's more likely
than the second (if you can still configure PF_PACKET sockets out, it's
not the default, so it's unlikely to be the case).
See issue #19008.
Diffstat (limited to 'dumpcap.c')
-rw-r--r-- | dumpcap.c | 45 |
1 files changed, 39 insertions, 6 deletions
@@ -707,21 +707,54 @@ get_pcap_failure_secondary_error_message(cap_device_open_status open_status, */ static const char promisc_failed[] = "failed to set hardware filter to promiscuous mode"; +#if defined(__linux__) + static const char af_notsup[] = + "socket: Address family not supported by protocol"; +#endif /* - * Does the error string begin with the error produced by WinPcap - * and Npcap if attempting to set promiscuous mode fails? - * (Note that this string could have a specific error message - * from an NDIS error after the initial part, so we do a prefix - * check rather than an exact match check.) + * Check for some text that pops up in some errors. */ if (strncmp(open_status_str, promisc_failed, sizeof promisc_failed - 1) == 0) { /* - * Yes. Suggest that the user turn off promiscuous mode on that + * The error string begins with the error produced by WinPcap + * and Npcap if attempting to set promiscuous mode fails. + * (Note that this string could have a specific error message + * from an NDIS error after the initial part, so we do a prefix + * check rather than an exact match check.) + * + * Suggest that the user turn off promiscuous mode on that * device. */ return "Please turn off promiscuous mode for this device"; +#if defined(__linux__) + } else if (strcmp(open_status_str, af_notsup) == 0) { + /* + * The error string is the message provided by libpcap on + * Linux if an attempt to open a PF_PACKET socket failed + * with EAFNOSUPPORT. This probably means that either 1) + * the kernel doesn't have PF_PACKET support configured in + * or 2) this is a Flatpak version of Wireshark that's been + * sandboxed in a way that disallows opening PF_PACKET + * sockets. + * + * Suggest that the user find some other package of + * Wireshark if they want to capture traffic and are + * running a Flatpak of Wireshark or that they configure + * PF_PACKET support back in if it's configured out. + */ + return + "If you are running Wireshark from a Flatpak package, " + "it does not support packet capture; you will need " + "to run a different version of Wireshark in order " + "to capture traffic.\n" + "\n" + "Otherwise, if your machine is running a kernel that " + "was not configured with CONFIG_PACKET, that kernel " + "does not support packet capture; you will need to " + "use a kernel configured with CONFIG_PACKET."; +#endif } else { /* * No. Was this a "generic" error from pcap_open_live() |