diff options
Diffstat (limited to 'caputils/capture-pcap-util.c')
-rw-r--r-- | caputils/capture-pcap-util.c | 639 |
1 files changed, 639 insertions, 0 deletions
diff --git a/caputils/capture-pcap-util.c b/caputils/capture-pcap-util.c new file mode 100644 index 0000000000..c4e7df3868 --- /dev/null +++ b/caputils/capture-pcap-util.c @@ -0,0 +1,639 @@ +/* capture-pcap-util.c + * Utility routines for packet capture + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#ifdef HAVE_LIBPCAP + +#include <glib.h> + +#include <stdlib.h> +#include <stdio.h> +#include <limits.h> +#include <string.h> + +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +#include <wtap.h> +#include <libpcap.h> + +#include "caputils/capture_ifinfo.h" +#include "caputils/capture-pcap-util.h" +#include "caputils/capture-pcap-util-int.h" + +#include "wsutil/file_util.h" + +#ifndef _WIN32 +#include <netinet/in.h> +#endif + +#ifdef _WIN32 +#include "caputils/capture_win_ifnames.h" /* windows friendly interface names */ +#endif + +/* + * Given an interface name, find the "friendly name" and interface + * type for the interface. + */ + +#if defined(__APPLE__) + +#include <CoreFoundation/CoreFoundation.h> +#include <SystemConfiguration/SystemConfiguration.h> + +#include <wsutil/cfutils.h> + +/* + * On OS X, we get the "friendly name" and interface type for the interface + * from the System Configuration framework. + * + * To find the System Configuration framework information for the + * interface, we get all the interfaces that the System Configuration + * framework knows about and look for the one with a "BSD name" matching + * the interface name. + * + * If we find it, we use its "localized display name", if it has one, as + * the "friendly name". + * + * As for the interface type: + * + * Yes, fetching all the network addresses for an interface gets you an + * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes + * an SNMP MIB-II ifType value. + * + * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces, + * not IFT_IEEE80211 (which isn't defined in OS X in any case). + * + * Perhaps some other BSD-flavored OSes won't make this mistake; + * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have + * made the same mistake, at least for my Belkin ZyDAS stick. + * + * SCNetworkInterfaceGetInterfaceType() will get the interface + * type. The interface type is a CFString, and: + * + * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS; + * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH; + * kSCNetworkInterfaceTypeModem or + * kSCNetworkInterfaceTypePPP or + * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP + */ +static void +add_unix_interface_ifinfo(if_info_t *if_info, const char *name, + const char *description _U_) +{ + CFStringRef name_CFString; + CFArrayRef interfaces; + CFIndex num_interfaces; + CFIndex i; + SCNetworkInterfaceRef interface; + CFStringRef bsdname_CFString; + CFStringRef friendly_name_CFString; + CFStringRef interface_type_CFString; + + interfaces = SCNetworkInterfaceCopyAll(); + if (interfaces == NULL) { + /* + * Couldn't get a list of interfaces. + */ + return; + } + + name_CFString = CFStringCreateWithCString(kCFAllocatorDefault, + name, kCFStringEncodingUTF8); + if (name_CFString == NULL) { + /* + * Couldn't convert the interface name to a CFString. + */ + CFRelease(interfaces); + return; + } + + num_interfaces = CFArrayGetCount(interfaces); + for (i = 0; i < num_interfaces; i++) { + interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i); + bsdname_CFString = SCNetworkInterfaceGetBSDName(interface); + if (bsdname_CFString == NULL) { + /* + * This interface has no BSD name, so it's not + * a regular network interface. + */ + continue; + } + if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) { + /* + * This is the interface. + * First, get the friendly name. + */ + friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface); + if (friendly_name_CFString != NULL) + if_info->friendly_name = CFString_to_C_string(friendly_name_CFString); + + /* + * Now get the interface type. + */ + interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface); + if (CFStringCompare(interface_type_CFString, + kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo) + if_info->type = IF_WIRELESS; + else if (CFStringCompare(interface_type_CFString, + kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo) + if_info->type = IF_BLUETOOTH; + else if (CFStringCompare(interface_type_CFString, + kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo) + if_info->type = IF_DIALUP; + else if (CFStringCompare(interface_type_CFString, + kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo) + if_info->type = IF_DIALUP; + else if (CFStringCompare(interface_type_CFString, + kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo) + if_info->type = IF_DIALUP; + else + if_info->type = IF_WIRED; + break; + } + } + + CFRelease(interfaces); + CFRelease(name_CFString); +} +#elif defined(__linux__) +/* + * Linux doesn't offer any form of "friendly name", but you can + * determine an interface type to some degree. + */ +static void +add_unix_interface_ifinfo(if_info_t *if_info, const char *name, + const char *description _U_) +{ + char *wireless_path; + ws_statb64 statb; + + /* + * Look for /sys/class/net/{device}/wireless. If it exists, + * it's a wireless interface. + */ + wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name); + if (wireless_path != NULL) { + if (ws_stat64(wireless_path, &statb) == 0) + if_info->type = IF_WIRELESS; + g_free(wireless_path); + } + if (if_info->type == IF_WIRED) { + /* + * We still don't know what it is. Check for + * Bluetooth and USB devices. + */ + if (strstr(name, "bluetooth") != NULL) { + /* + * XXX - this is for raw Bluetooth capture; what + * about IP-over-Bluetooth devices? + */ + if_info->type = IF_BLUETOOTH; + } else if (strstr(name, "usbmon") != NULL) + if_info->type = IF_USB; + } +} +#else +/* + * On other UN*Xes, if there is a description, it's a friendly + * name, and there is no vendor description. ("Other UN*Xes" + * currently means "FreeBSD and OpenBSD".) + */ +void +add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_, + const char *description) +{ + if_info->friendly_name = g_strdup(description); +} +#endif + +if_info_t * +if_info_new(const char *name, const char *description, gboolean loopback) +{ + if_info_t *if_info; +#ifdef _WIN32 + const char *guid_text; + GUID guid; +#endif + + if_info = (if_info_t *)g_malloc(sizeof (if_info_t)); + if_info->name = g_strdup(name); + if_info->friendly_name = NULL; /* default - unknown */ + if_info->vendor_description = NULL; + if_info->type = IF_WIRED; /* default */ +#ifdef _WIN32 + /* + * Get the interface type. + * + * Much digging failed to reveal any obvious way to get something + * such as the SNMP MIB-II ifType value for an interface: + * + * http://www.iana.org/assignments/ianaiftype-mib + * + * by making some NDIS request. And even if there were such + * a way, there's no guarantee that the ifType reflects an + * interface type that a user would view as correct (for + * example, some systems report Wi-Fi interfaces as + * Ethernet interfaces). + * + * So we look for keywords in the vendor's interface + * description. + */ + if (description && (strstr(description, "generic dialup") != NULL || + strstr(description, "PPP/SLIP") != NULL)) { + if_info->type = IF_DIALUP; + } else if (description && (strstr(description, "Wireless") != NULL || + strstr(description,"802.11") != NULL)) { + if_info->type = IF_WIRELESS; + } else if (description && strstr(description, "AirPcap") != NULL || + strstr(name, "airpcap") != NULL) { + if_info->type = IF_AIRPCAP; + } else if (description && strstr(description, "Bluetooth") != NULL ) { + if_info->type = IF_BLUETOOTH; + } else if (description && strstr(description, "VMware") != NULL) { + /* + * Bridge, NAT, or host-only interface on a VMware host. + * + * XXX - what about guest interfaces? + */ + if_info->type = IF_VIRTUAL; + } + + /* + * On Windows, the "description" is a vendor description, + * and the friendly name isn't returned by WinPcap. + * Fetch it ourselves. + */ + + /* + * Skip over the "\Device\NPF_" prefix in the device name, + * if present. + */ + if (strncmp("\\Device\\NPF_", name, 12) == 0) + guid_text = name + 12; + else + guid_text = name; + + /* Now try to parse what remains as a GUID. */ + if (parse_as_guid(guid_text, &guid)) { + /* + * Success. Try to get a friendly name using the GUID. + * As this is a regular interface, the description is a + * vendor description. + */ + if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid); + if_info->vendor_description = g_strdup(description); + } else { + /* + * This is probably not a regular interface; we only + * support NT 5 (W2K) and later, so all regular interfaces + * should have GUIDs at the end of the name. Therefore, + * the description, if supplied, is a friendly name + * provided by WinPcap, and there is no vendor + * description. + */ + if_info->friendly_name = g_strdup(description); + if_info->vendor_description = NULL; + } +#else + /* + * On UN*X, if there is a description, it's a friendly + * name, and there is no vendor description. + * + * Try the platform's way of getting a friendly name and + * interface type first. + * + * If that fails, then, for a loopback interface, give it the + * friendly name "Loopback" and, for VMware interfaces, + * give them the type IF_VIRTUAL. + */ + add_unix_interface_ifinfo(if_info, name, description); + if (if_info->type == IF_WIRED) { + /* + * This is the default interface type. + * + * Bridge, NAT, or host-only interfaces on VMWare hosts + * have the name vmnet[0-9]+. Guests might use a native + * (LANCE or E1000) driver or the vmxnet driver. Check + * the name. + */ + if (g_ascii_strncasecmp(name, "vmnet", 5) == 0) + if_info->type = IF_VIRTUAL; + else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0) + if_info->type = IF_VIRTUAL; + } + if (if_info->friendly_name == NULL) { + /* + * We couldn't get interface information using platform- + * dependent calls. + * + * If this is a loopback interface, give it a + * "friendly name" of "Loopback". + */ + if (loopback) + if_info->friendly_name = g_strdup("Loopback"); + } + if_info->vendor_description = NULL; +#endif + if_info->loopback = loopback; + if_info->addrs = NULL; + return if_info; +} + +void +if_info_add_address(if_info_t *if_info, struct sockaddr *addr) +{ + if_addr_t *if_addr; + struct sockaddr_in *ai; +#ifdef INET6 + struct sockaddr_in6 *ai6; +#endif + + switch (addr->sa_family) { + + case AF_INET: + ai = (struct sockaddr_in *)(void *)addr; + if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr)); + if_addr->ifat_type = IF_AT_IPv4; + if_addr->addr.ip4_addr = + *((guint32 *)&(ai->sin_addr.s_addr)); + if_info->addrs = g_slist_append(if_info->addrs, if_addr); + break; + +#ifdef INET6 + case AF_INET6: + ai6 = (struct sockaddr_in6 *)(void *)addr; + if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr)); + if_addr->ifat_type = IF_AT_IPv6; + memcpy((void *)&if_addr->addr.ip6_addr, + (void *)&ai6->sin6_addr.s6_addr, + sizeof if_addr->addr.ip6_addr); + if_info->addrs = g_slist_append(if_info->addrs, if_addr); + break; +#endif + } +} + +#ifdef HAVE_PCAP_FINDALLDEVS +/* + * Get all IP address information for the given interface. + */ +static void +if_info_ip(if_info_t *if_info, pcap_if_t *d) +{ + pcap_addr_t *a; + + /* All addresses */ + for (a = d->addresses; a != NULL; a = a->next) { + if (a->addr != NULL) + if_info_add_address(if_info, a->addr); + } +} + +#ifdef HAVE_PCAP_REMOTE +GList * +get_interface_list_findalldevs_ex(const char *source, + struct pcap_rmtauth *auth, + int *err, char **err_str) +{ + GList *il = NULL; + pcap_if_t *alldevs, *dev; + if_info_t *if_info; + char errbuf[PCAP_ERRBUF_SIZE]; + + if (pcap_findalldevs_ex((char *)source, auth, &alldevs, errbuf) == -1) { + *err = CANT_GET_INTERFACE_LIST; + if (err_str != NULL) + *err_str = cant_get_if_list_error_message(errbuf); + return NULL; + } + + if (alldevs == NULL) { + /* + * No interfaces found. + */ + *err = NO_INTERFACES_FOUND; + if (err_str != NULL) + *err_str = NULL; + return NULL; + } + + for (dev = alldevs; dev != NULL; dev = dev->next) { + if_info = if_info_new(dev->name, dev->description, + (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE); + il = g_list_append(il, if_info); + if_info_ip(if_info, dev); + } + pcap_freealldevs(alldevs); + + return il; +} +#endif + +GList * +get_interface_list_findalldevs(int *err, char **err_str) +{ + GList *il = NULL; + pcap_if_t *alldevs, *dev; + if_info_t *if_info; + char errbuf[PCAP_ERRBUF_SIZE]; + + if (pcap_findalldevs(&alldevs, errbuf) == -1) { + *err = CANT_GET_INTERFACE_LIST; + if (err_str != NULL) + *err_str = cant_get_if_list_error_message(errbuf); + return NULL; + } + + if (alldevs == NULL) { + /* + * No interfaces found. + */ + *err = NO_INTERFACES_FOUND; + if (err_str != NULL) + *err_str = NULL; + return NULL; + } + + for (dev = alldevs; dev != NULL; dev = dev->next) { + if_info = if_info_new(dev->name, dev->description, + (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE); + il = g_list_append(il, if_info); + if_info_ip(if_info, dev); + } + pcap_freealldevs(alldevs); + + return il; +} +#endif /* HAVE_PCAP_FINDALLDEVS */ + +static void +free_if_info_addr_cb(gpointer addr, gpointer user_data _U_) +{ + g_free(addr); +} + +static void +free_if_cb(gpointer data, gpointer user_data _U_) +{ + if_info_t *if_info = (if_info_t *)data; + + g_free(if_info->name); + g_free(if_info->friendly_name); + g_free(if_info->vendor_description); + + g_slist_foreach(if_info->addrs, free_if_info_addr_cb, NULL); + g_slist_free(if_info->addrs); + g_free(if_info); +} + +void +free_interface_list(GList *if_list) +{ + g_list_foreach(if_list, free_if_cb, NULL); + g_list_free(if_list); +} + +#if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) +struct dlt_choice { + const char *name; + const char *description; + int dlt; +}; + +#define DLT_CHOICE(code, description) { #code, description, code } +#define DLT_CHOICE_SENTINEL { NULL, NULL, 0 } + +static struct dlt_choice dlt_choices[] = { + DLT_CHOICE(DLT_NULL, "BSD loopback"), + DLT_CHOICE(DLT_EN10MB, "Ethernet"), + DLT_CHOICE(DLT_IEEE802, "Token ring"), + DLT_CHOICE(DLT_ARCNET, "ARCNET"), + DLT_CHOICE(DLT_SLIP, "SLIP"), + DLT_CHOICE(DLT_PPP, "PPP"), + DLT_CHOICE(DLT_FDDI, "FDDI"), + DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"), + DLT_CHOICE(DLT_RAW, "Raw IP"), + DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"), + DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"), + DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"), + DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"), + DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"), + DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"), + DLT_CHOICE(DLT_IEEE802_11, "802.11"), + DLT_CHOICE(DLT_FRELAY, "Frame Relay"), + DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"), + DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"), + DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"), + DLT_CHOICE(DLT_LTALK, "Localtalk"), + DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"), + DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"), + DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"), + DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"), + DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus BSD radio information header"), + DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"), + DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"), + DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"), + DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"), + DLT_CHOICE_SENTINEL +}; + +#if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) +static int +pcap_datalink_name_to_val(const char *name) +{ + int i; + + for (i = 0; dlt_choices[i].name != NULL; i++) { + if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1, + name) == 0) + return (dlt_choices[i].dlt); + } + return (-1); +} +#endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) */ + +#if !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) +static const char * +pcap_datalink_val_to_name(int dlt) +{ + int i; + + for (i = 0; dlt_choices[i].name != NULL; i++) { + if (dlt_choices[i].dlt == dlt) + return (dlt_choices[i].name + sizeof("DLT_") - 1); + } + return (NULL); +} +#endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) */ + +#if !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) +const char * +pcap_datalink_val_to_description(int dlt) +{ + int i; + + for (i = 0; dlt_choices[i].name != NULL; i++) { + if (dlt_choices[i].dlt == dlt) + return (dlt_choices[i].description); + } + return (NULL); +} +#endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */ + +#endif /* !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */ + +static void +free_linktype_cb(gpointer data, gpointer user_data _U_) +{ + data_link_info_t *linktype_info = (data_link_info_t *)data; + + g_free(linktype_info->name); + g_free(linktype_info->description); +} + +void +free_if_capabilities(if_capabilities_t *caps) +{ + g_list_foreach(caps->data_link_types, free_linktype_cb, NULL); + g_list_free(caps->data_link_types); + g_free(caps); +} + +const char * +linktype_val_to_name(int dlt) +{ + return pcap_datalink_val_to_name(dlt); +} + +int linktype_name_to_val(const char *linktype) +{ + return pcap_datalink_name_to_val(linktype); +} + +#endif /* HAVE_LIBPCAP */ |