Check for EAFNOTSUP errors on Linux.

On Linux, look for an error message of "socket: Address family not supported by protocol"; if we see it, that's EAFNOTSUP, which means either that 1) your kernel doesn't have PF_PACKET support configured in or 2) this is a Flatpak package of Wireshark that's "helpfully" been sandboxed. Display a secondary error message indicating one of those is likely the problem; mention the Flatpak one first, as that's more likely than the second (if you can still configure PF_PACKET sockets out, it's not the default, so it's unlikely to be the case). See issue #19008.
2023-04-20 02:02:29 -07:00 · 2023-04-20 02:02:29 -07:00 · 659876d108
parent 8f7e63bcd9
commit 659876d108
1 changed files with 39 additions and 6 deletions
--- a/dumpcap.c
+++ b/dumpcap.c
@ -707,21 +707,54 @@ get_pcap_failure_secondary_error_message(cap_device_open_status open_status,
         */
        static const char promisc_failed[] =
            "failed to set hardware filter to promiscuous mode";
+#if defined(__linux__)
+        static const char af_notsup[] =
+            "socket: Address family not supported by protocol";
+#endif

        /*
-         * Does the error string begin with the error produced by WinPcap
-         * and Npcap if attempting to set promiscuous mode fails?
-         * (Note that this string could have a specific error message
-         * from an NDIS error after the initial part, so we do a prefix
-         * check rather than an exact match check.)
+         * Check for some text that pops up in some errors.
         */
        if (strncmp(open_status_str, promisc_failed, sizeof promisc_failed - 1) == 0) {
            /*
-             * Yes.  Suggest that the user turn off promiscuous mode on that
+             * The error string begins with the error produced by WinPcap
+             * and Npcap if attempting to set promiscuous mode fails.
+             * (Note that this string could have a specific error message
+             * from an NDIS error after the initial part, so we do a prefix
+             * check rather than an exact match check.)
+             *
+             * Suggest that the user turn off promiscuous mode on that
             * device.
             */
            return
                   "Please turn off promiscuous mode for this device";
+#if defined(__linux__)
+        } else if (strcmp(open_status_str, af_notsup) == 0) {
+            /*
+             * The error string is the message provided by libpcap on
+	     * Linux if an attempt to open a PF_PACKET socket failed
+	     * with EAFNOSUPPORT.  This probably means that either 1)
+	     * the kernel doesn't have PF_PACKET support configured in
+	     * or 2) this is a Flatpak version of Wireshark that's been
+	     * sandboxed in a way that disallows opening PF_PACKET
+	     * sockets.
+	     *
+	     * Suggest that the user find some other package of
+	     * Wireshark if they want to capture traffic and are
+	     * running a Flatpak of Wireshark or that they configure
+	     * PF_PACKET support back in if it's configured out.
+	     */
+	    return
+                       "If you are running Wireshark from a Flatpak package, "
+                       "it does not support packet capture; you will need "
+                       "to run a different version of Wireshark in order "
+                       "to capture traffic.\n"
+                       "\n"
+                       "Otherwise, if your machine is running a kernel that "
+                       "was not configured with CONFIG_PACKET, that kernel "
+                       "does not support packet capture; you will need to "
+                       "use a kernel configured with CONFIG_PACKET.";
+#endif
        } else {
            /*
             * No.  Was this a "generic" error from pcap_open_live()