2005-12-06 00:07:13 +00:00
|
|
|
/* capture-pcap-util-unix.c
|
2003-10-10 03:04:38 +00:00
|
|
|
* UN*X-specific utility routines for packet capture
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2003-10-10 03:04:38 +00:00
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2003-10-10 03:04:38 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2003-10-10 03:04:38 +00:00
|
|
|
*/
|
|
|
|
|
2012-09-20 01:29:52 +00:00
|
|
|
#include "config.h"
|
2003-10-10 03:04:38 +00:00
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
|
2003-10-10 06:05:48 +00:00
|
|
|
#ifdef HAVE_LIBPCAP
|
|
|
|
|
2013-09-09 14:26:41 +00:00
|
|
|
#ifndef HAVE_PCAP_FINDALLDEVS
|
|
|
|
|
2003-10-10 03:04:38 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <errno.h>
|
|
|
|
|
|
|
|
#ifdef HAVE_UNISTD_H
|
|
|
|
#include <unistd.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_IOCTL_H
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Keep Digital UNIX happy when including <net/if.h>.
|
|
|
|
*/
|
|
|
|
struct mbuf;
|
|
|
|
struct rtentry;
|
|
|
|
#include <net/if.h>
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_SOCKIO_H
|
|
|
|
# include <sys/sockio.h>
|
|
|
|
#endif
|
|
|
|
|
2013-09-09 01:23:06 +00:00
|
|
|
#include "capture-pcap-util.h"
|
2013-09-09 14:26:41 +00:00
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
#include <pcap.h>
|
|
|
|
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
|
|
|
|
#include "capture_ifinfo.h"
|
2005-12-06 00:07:13 +00:00
|
|
|
#include "capture-pcap-util-int.h"
|
2003-10-10 03:04:38 +00:00
|
|
|
|
|
|
|
#ifndef HAVE_PCAP_FINDALLDEVS
|
|
|
|
struct search_user_data {
|
|
|
|
char *name;
|
2004-07-18 02:34:45 +00:00
|
|
|
if_info_t *if_info;
|
2003-10-10 03:04:38 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static void
|
|
|
|
search_for_if_cb(gpointer data, gpointer user_data);
|
|
|
|
#endif
|
|
|
|
|
2007-12-04 11:19:29 +00:00
|
|
|
#ifdef HAVE_PCAP_REMOTE
|
|
|
|
GList *
|
|
|
|
get_remote_interface_list(const char *hostname, const char *port,
|
|
|
|
int auth_type, const char *username,
|
|
|
|
const char *passwd, int *err, char **err_str)
|
|
|
|
{
|
|
|
|
struct pcap_rmtauth auth;
|
|
|
|
char source[PCAP_BUF_SIZE];
|
|
|
|
char errbuf[PCAP_ERRBUF_SIZE];
|
2008-11-03 20:04:01 +00:00
|
|
|
GList *result;
|
2007-12-04 11:19:29 +00:00
|
|
|
|
|
|
|
if (pcap_createsrcstr(source, PCAP_SRC_IFREMOTE, hostname, port,
|
|
|
|
NULL, errbuf) == -1) {
|
|
|
|
*err = CANT_GET_INTERFACE_LIST;
|
|
|
|
if (err_str != NULL)
|
|
|
|
*err_str = cant_get_if_list_error_message(errbuf);
|
|
|
|
return NULL;
|
|
|
|
}
|
2008-11-03 20:04:01 +00:00
|
|
|
|
|
|
|
auth.type = auth_type;
|
|
|
|
auth.username = g_strdup(username);
|
|
|
|
auth.password = g_strdup(passwd);
|
|
|
|
|
|
|
|
result = get_interface_list_findalldevs_ex(source, &auth, err, err_str);
|
|
|
|
g_free(auth.username);
|
|
|
|
g_free(auth.password);
|
|
|
|
|
|
|
|
return result;
|
2007-12-04 11:19:29 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2003-10-10 03:04:38 +00:00
|
|
|
GList *
|
2007-01-21 23:45:36 +00:00
|
|
|
get_interface_list(int *err, char **err_str)
|
2003-10-10 03:04:38 +00:00
|
|
|
{
|
|
|
|
#ifdef HAVE_PCAP_FINDALLDEVS
|
|
|
|
return get_interface_list_findalldevs(err, err_str);
|
|
|
|
#else
|
|
|
|
GList *il = NULL;
|
|
|
|
gint nonloopback_pos = 0;
|
|
|
|
struct ifreq *ifr, *last;
|
|
|
|
struct ifconf ifc;
|
|
|
|
struct ifreq ifrflags;
|
|
|
|
int sock = socket(AF_INET, SOCK_DGRAM, 0);
|
|
|
|
struct search_user_data user_data;
|
|
|
|
pcap_t *pch;
|
|
|
|
int len, lastlen;
|
|
|
|
char *buf;
|
|
|
|
if_info_t *if_info;
|
2007-01-21 23:45:36 +00:00
|
|
|
char errbuf[PCAP_ERRBUF_SIZE];
|
2012-11-22 06:02:49 +00:00
|
|
|
gboolean loopback;
|
2003-10-10 03:04:38 +00:00
|
|
|
|
|
|
|
if (sock < 0) {
|
|
|
|
*err = CANT_GET_INTERFACE_LIST;
|
2007-01-21 23:45:36 +00:00
|
|
|
if (err_str != NULL) {
|
|
|
|
*err_str = g_strdup_printf(
|
|
|
|
"Can't get list of interfaces: error opening socket: %s",
|
2011-06-28 09:00:11 +00:00
|
|
|
g_strerror(errno));
|
2007-01-21 23:45:36 +00:00
|
|
|
}
|
2003-10-10 03:04:38 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This code came from: W. Richard Stevens: "UNIX Network Programming",
|
|
|
|
* Networking APIs: Sockets and XTI, Vol 1, page 434.
|
|
|
|
*/
|
|
|
|
lastlen = 0;
|
|
|
|
len = 100 * sizeof(struct ifreq);
|
|
|
|
for ( ; ; ) {
|
|
|
|
buf = g_malloc(len);
|
|
|
|
ifc.ifc_len = len;
|
|
|
|
ifc.ifc_buf = buf;
|
|
|
|
memset (buf, 0, len);
|
|
|
|
if (ioctl(sock, SIOCGIFCONF, &ifc) < 0) {
|
|
|
|
if (errno != EINVAL || lastlen != 0) {
|
2007-01-21 23:45:36 +00:00
|
|
|
if (err_str != NULL) {
|
|
|
|
*err_str = g_strdup_printf(
|
|
|
|
"Can't get list of interfaces: SIOCGIFCONF ioctl error: %s",
|
2011-06-28 09:00:11 +00:00
|
|
|
g_strerror(errno));
|
2007-01-21 23:45:36 +00:00
|
|
|
}
|
2003-10-10 03:04:38 +00:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
} else {
|
2012-10-09 08:40:02 +00:00
|
|
|
if ((unsigned int) ifc.ifc_len < sizeof(struct ifreq)) {
|
2007-01-21 23:45:36 +00:00
|
|
|
if (err_str != NULL) {
|
|
|
|
*err_str = g_strdup(
|
|
|
|
"Can't get list of interfaces: SIOCGIFCONF ioctl gave too small return buffer");
|
|
|
|
}
|
2003-10-10 03:04:38 +00:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if (ifc.ifc_len == lastlen)
|
|
|
|
break; /* success, len has not changed */
|
|
|
|
lastlen = ifc.ifc_len;
|
|
|
|
}
|
|
|
|
len += 10 * sizeof(struct ifreq); /* increment */
|
|
|
|
g_free(buf);
|
|
|
|
}
|
|
|
|
ifr = (struct ifreq *) ifc.ifc_req;
|
|
|
|
last = (struct ifreq *) ((char *) ifr + ifc.ifc_len);
|
|
|
|
while (ifr < last) {
|
|
|
|
/*
|
2004-07-18 02:34:45 +00:00
|
|
|
* Skip entries that begin with "dummy", or that include
|
2003-10-10 03:04:38 +00:00
|
|
|
* a ":" (the latter are Solaris virtuals).
|
|
|
|
*/
|
|
|
|
if (strncmp(ifr->ifr_name, "dummy", 5) == 0 ||
|
|
|
|
strchr(ifr->ifr_name, ':') != NULL)
|
|
|
|
goto next;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we already have this interface name on the list,
|
2004-07-18 18:47:44 +00:00
|
|
|
* don't add it, but, if we don't already have an IP
|
2004-07-18 02:34:45 +00:00
|
|
|
* address for it, add that address (SIOCGIFCONF returns,
|
|
|
|
* at least on BSD-flavored systems, one entry per
|
|
|
|
* interface *address*; if an interface has multiple
|
|
|
|
* addresses, we get multiple entries for it).
|
2003-10-10 03:04:38 +00:00
|
|
|
*/
|
|
|
|
user_data.name = ifr->ifr_name;
|
2004-07-18 02:34:45 +00:00
|
|
|
user_data.if_info = NULL;
|
2003-10-10 03:04:38 +00:00
|
|
|
g_list_foreach(il, search_for_if_cb, &user_data);
|
2004-07-18 02:34:45 +00:00
|
|
|
if (user_data.if_info != NULL) {
|
|
|
|
if_info_add_address(user_data.if_info, &ifr->ifr_addr);
|
2003-10-10 03:04:38 +00:00
|
|
|
goto next;
|
2004-07-18 02:34:45 +00:00
|
|
|
}
|
2003-10-10 03:04:38 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the interface flags.
|
|
|
|
*/
|
|
|
|
memset(&ifrflags, 0, sizeof ifrflags);
|
2008-05-13 06:55:45 +00:00
|
|
|
g_strlcpy(ifrflags.ifr_name, ifr->ifr_name,
|
2003-10-10 03:04:38 +00:00
|
|
|
sizeof ifrflags.ifr_name);
|
|
|
|
if (ioctl(sock, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
|
|
|
|
if (errno == ENXIO)
|
|
|
|
goto next;
|
2007-01-21 23:45:36 +00:00
|
|
|
if (err_str != NULL) {
|
|
|
|
*err_str = g_strdup_printf(
|
|
|
|
"Can't get list of interfaces: SIOCGIFFLAGS error getting flags for interface %s: %s",
|
2011-06-28 09:00:11 +00:00
|
|
|
ifr->ifr_name, g_strerror(errno));
|
2007-01-21 23:45:36 +00:00
|
|
|
}
|
2003-10-10 03:04:38 +00:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Skip interfaces that aren't up.
|
|
|
|
*/
|
|
|
|
if (!(ifrflags.ifr_flags & IFF_UP))
|
|
|
|
goto next;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Skip interfaces that we can't open with "libpcap".
|
|
|
|
* Open with the minimum packet size - it appears that the
|
|
|
|
* IRIX SIOCSNOOPLEN "ioctl" may fail if the capture length
|
|
|
|
* supplied is too large, rather than just truncating it.
|
|
|
|
*/
|
|
|
|
pch = pcap_open_live(ifr->ifr_name, MIN_PACKET_SIZE, 0, 0,
|
2007-01-21 23:45:36 +00:00
|
|
|
errbuf);
|
2003-10-10 03:04:38 +00:00
|
|
|
if (pch == NULL)
|
|
|
|
goto next;
|
|
|
|
pcap_close(pch);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If it's a loopback interface, add it at the end of the
|
|
|
|
* list, otherwise add it after the last non-loopback
|
|
|
|
* interface, so all loopback interfaces go at the end - we
|
|
|
|
* don't want a loopback interface to be the default capture
|
|
|
|
* device unless there are no non-loopback devices.
|
|
|
|
*/
|
2012-11-22 06:02:49 +00:00
|
|
|
loopback = ((ifrflags.ifr_flags & IFF_LOOPBACK) ||
|
|
|
|
strncmp(ifr->ifr_name, "lo", 2) == 0);
|
2012-11-23 22:28:06 +00:00
|
|
|
if_info = if_info_new(ifr->ifr_name, NULL, loopback);
|
2004-07-18 02:34:45 +00:00
|
|
|
if_info_add_address(if_info, &ifr->ifr_addr);
|
2012-11-22 06:02:49 +00:00
|
|
|
if (loopback)
|
2003-10-10 03:04:38 +00:00
|
|
|
il = g_list_append(il, if_info);
|
2012-11-22 06:02:49 +00:00
|
|
|
else {
|
2003-10-10 03:04:38 +00:00
|
|
|
il = g_list_insert(il, if_info, nonloopback_pos);
|
|
|
|
/*
|
|
|
|
* Insert the next non-loopback interface after this
|
|
|
|
* one.
|
|
|
|
*/
|
|
|
|
nonloopback_pos++;
|
|
|
|
}
|
|
|
|
|
|
|
|
next:
|
|
|
|
#ifdef HAVE_SA_LEN
|
|
|
|
ifr = (struct ifreq *) ((char *) ifr +
|
|
|
|
(ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr) ?
|
|
|
|
ifr->ifr_addr.sa_len : sizeof(ifr->ifr_addr)) +
|
|
|
|
IFNAMSIZ);
|
|
|
|
#else
|
|
|
|
ifr = (struct ifreq *) ((char *) ifr + sizeof(struct ifreq));
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef linux
|
|
|
|
/*
|
|
|
|
* OK, maybe we have support for the "any" device, to do a cooked
|
|
|
|
* capture on all interfaces at once.
|
|
|
|
* Try opening it and, if that succeeds, add it to the end of
|
|
|
|
* the list of interfaces.
|
|
|
|
*/
|
2007-01-21 23:45:36 +00:00
|
|
|
pch = pcap_open_live("any", MIN_PACKET_SIZE, 0, 0, errbuf);
|
2003-10-10 03:04:38 +00:00
|
|
|
if (pch != NULL) {
|
|
|
|
/*
|
|
|
|
* It worked; we can use the "any" device.
|
|
|
|
*/
|
|
|
|
if_info = if_info_new("any",
|
2012-11-23 22:28:06 +00:00
|
|
|
"Pseudo-device that captures on all interfaces", FALSE);
|
2003-10-10 03:04:38 +00:00
|
|
|
il = g_list_insert(il, if_info, -1);
|
|
|
|
pcap_close(pch);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
g_free(ifc.ifc_buf);
|
2005-11-07 08:35:28 +00:00
|
|
|
close(sock);
|
2003-10-10 03:04:38 +00:00
|
|
|
|
|
|
|
if (il == NULL) {
|
|
|
|
/*
|
|
|
|
* No interfaces found.
|
|
|
|
*/
|
|
|
|
*err = NO_INTERFACES_FOUND;
|
2007-01-21 23:45:36 +00:00
|
|
|
if (err_str != NULL)
|
|
|
|
*err_str = NULL;
|
2003-10-10 03:04:38 +00:00
|
|
|
}
|
|
|
|
return il;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
if (il != NULL)
|
|
|
|
free_interface_list(il);
|
|
|
|
g_free(ifc.ifc_buf);
|
2005-11-07 08:35:28 +00:00
|
|
|
close(sock);
|
2003-10-10 03:04:38 +00:00
|
|
|
*err = CANT_GET_INTERFACE_LIST;
|
|
|
|
return NULL;
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef HAVE_PCAP_FINDALLDEVS
|
|
|
|
static void
|
|
|
|
search_for_if_cb(gpointer data, gpointer user_data)
|
|
|
|
{
|
|
|
|
struct search_user_data *search_user_data = user_data;
|
|
|
|
if_info_t *if_info = data;
|
|
|
|
|
|
|
|
if (strcmp(if_info->name, search_user_data->name) == 0)
|
2004-07-18 02:34:45 +00:00
|
|
|
search_user_data->if_info = if_info;
|
2003-10-10 03:04:38 +00:00
|
|
|
}
|
|
|
|
#endif /* HAVE_PCAP_FINDALLDEVS */
|
|
|
|
|
2004-06-12 07:47:14 +00:00
|
|
|
/*
|
|
|
|
* Get an error message string for a CANT_GET_INTERFACE_LIST error from
|
|
|
|
* "get_interface_list()".
|
|
|
|
*/
|
|
|
|
gchar *
|
|
|
|
cant_get_if_list_error_message(const char *err_str)
|
|
|
|
{
|
|
|
|
return g_strdup_printf("Can't get list of interfaces: %s", err_str);
|
|
|
|
}
|
|
|
|
|
2003-10-10 06:05:48 +00:00
|
|
|
/*
|
|
|
|
* Append the version of libpcap with which we were compiled to a GString.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
get_compiled_pcap_version(GString *str)
|
|
|
|
{
|
2011-12-09 21:15:48 +00:00
|
|
|
/*
|
|
|
|
* NOTE: in *some* flavors of UN*X, the data from a shared
|
|
|
|
* library might be linked into executable images that are
|
|
|
|
* linked with that shared library, in which case you could
|
|
|
|
* look at pcap_version[] to get the version with which
|
|
|
|
* the program was compiled.
|
|
|
|
*
|
|
|
|
* In other flavors of UN*X, that doesn't happen, so
|
|
|
|
* pcap_version[] gives you the version the program is
|
|
|
|
* running with, not the version it was built with, and,
|
|
|
|
* in at least some of them, if the length of a data item
|
|
|
|
* referred to by the executable - such as the pcap_version[]
|
|
|
|
* string - isn't the same in the version of the library
|
|
|
|
* with which the program was built and the version with
|
|
|
|
* which it was run, the run-time linker will complain,
|
|
|
|
* which is Not Good.
|
|
|
|
*
|
|
|
|
* So, for now, we just give up on reporting the version
|
|
|
|
* of libpcap with which we were compiled.
|
|
|
|
*/
|
2012-01-27 03:00:47 +00:00
|
|
|
g_string_append(str, "with libpcap");
|
2003-10-10 06:05:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Append the version of libpcap with which we we're running to a GString.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
get_runtime_pcap_version(GString *str)
|
|
|
|
{
|
2008-05-07 05:26:40 +00:00
|
|
|
g_string_append_printf(str, "with ");
|
2003-10-10 06:05:48 +00:00
|
|
|
#ifdef HAVE_PCAP_LIB_VERSION
|
2008-10-31 10:30:17 +00:00
|
|
|
g_string_append(str, pcap_lib_version());
|
2003-10-10 06:05:48 +00:00
|
|
|
#else
|
|
|
|
g_string_append(str, "libpcap (version unknown)");
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
#else /* HAVE_LIBPCAP */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Append an indication that we were not compiled with libpcap
|
|
|
|
* to a GString.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
get_compiled_pcap_version(GString *str)
|
|
|
|
{
|
|
|
|
g_string_append(str, "without libpcap");
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Don't append anything, as we weren't even compiled to use WinPcap.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
get_runtime_pcap_version(GString *str _U_)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2003-10-10 03:04:38 +00:00
|
|
|
#endif /* HAVE_LIBPCAP */
|