From 659876d108131a17eaedabb9b4b1d2c455f976ba Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 20 Apr 2023 02:02:29 -0700 Subject: [PATCH] Check for EAFNOTSUP errors on Linux. On Linux, look for an error message of "socket: Address family not supported by protocol"; if we see it, that's EAFNOTSUP, which means either that 1) your kernel doesn't have PF_PACKET support configured in or 2) this is a Flatpak package of Wireshark that's "helpfully" been sandboxed. Display a secondary error message indicating one of those is likely the problem; mention the Flatpak one first, as that's more likely than the second (if you can still configure PF_PACKET sockets out, it's not the default, so it's unlikely to be the case). See issue #19008. --- dumpcap.c | 45 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/dumpcap.c b/dumpcap.c index 9602f50d9f..666514d581 100644 --- a/dumpcap.c +++ b/dumpcap.c @@ -707,21 +707,54 @@ get_pcap_failure_secondary_error_message(cap_device_open_status open_status, */ static const char promisc_failed[] = "failed to set hardware filter to promiscuous mode"; +#if defined(__linux__) + static const char af_notsup[] = + "socket: Address family not supported by protocol"; +#endif /* - * Does the error string begin with the error produced by WinPcap - * and Npcap if attempting to set promiscuous mode fails? - * (Note that this string could have a specific error message - * from an NDIS error after the initial part, so we do a prefix - * check rather than an exact match check.) + * Check for some text that pops up in some errors. */ if (strncmp(open_status_str, promisc_failed, sizeof promisc_failed - 1) == 0) { /* - * Yes. Suggest that the user turn off promiscuous mode on that + * The error string begins with the error produced by WinPcap + * and Npcap if attempting to set promiscuous mode fails. + * (Note that this string could have a specific error message + * from an NDIS error after the initial part, so we do a prefix + * check rather than an exact match check.) + * + * Suggest that the user turn off promiscuous mode on that * device. */ return "Please turn off promiscuous mode for this device"; +#if defined(__linux__) + } else if (strcmp(open_status_str, af_notsup) == 0) { + /* + * The error string is the message provided by libpcap on + * Linux if an attempt to open a PF_PACKET socket failed + * with EAFNOSUPPORT. This probably means that either 1) + * the kernel doesn't have PF_PACKET support configured in + * or 2) this is a Flatpak version of Wireshark that's been + * sandboxed in a way that disallows opening PF_PACKET + * sockets. + * + * Suggest that the user find some other package of + * Wireshark if they want to capture traffic and are + * running a Flatpak of Wireshark or that they configure + * PF_PACKET support back in if it's configured out. + */ + return + "If you are running Wireshark from a Flatpak package, " + "it does not support packet capture; you will need " + "to run a different version of Wireshark in order " + "to capture traffic.\n" + "\n" + "Otherwise, if your machine is running a kernel that " + "was not configured with CONFIG_PACKET, that kernel " + "does not support packet capture; you will need to " + "use a kernel configured with CONFIG_PACKET."; +#endif } else { /* * No. Was this a "generic" error from pcap_open_live()