*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include "config.h"
#ifdef HAVE_LIBPCAP
#include "capture-pcap-util.h"
#include "capture-pcap-util-int.h"
+#include "wsutil/file_util.h"
+
#ifndef _WIN32
#include <netinet/in.h>
#endif
+#ifdef _WIN32
+#include "capture_win_ifnames.h" /* windows friendly interface names */
+#endif
/*
- * Get the data-link type for a libpcap device.
- * This works around AIX 5.x's non-standard and incompatible-with-the-
- * rest-of-the-universe libpcap.
+ * Given an interface name, find the "friendly name" and interface
+ * type for the interface.
*/
-int
-get_pcap_linktype(pcap_t *pch, const char *devname
-#ifndef _AIX
- _U_
-#endif
-)
-{
- int linktype;
-#ifdef _AIX
- const char *ifacename;
-#endif
- linktype = pcap_datalink(pch);
-#ifdef _AIX
+#if defined(__APPLE__)
- /*
- * The libpcap that comes with AIX 5.x uses RFC 1573 ifType values
- * rather than DLT_ values for link-layer types; the ifType values
- * for LAN devices are:
- *
- * Ethernet 6
- * 802.3 7
- * Token Ring 9
- * FDDI 15
- *
- * and the ifType value for a loopback device is 24.
- *
- * The AIX names for LAN devices begin with:
- *
- * Ethernet en
- * 802.3 et
- * Token Ring tr
- * FDDI fi
- *
- * and the AIX names for loopback devices begin with "lo".
- *
- * (The difference between "Ethernet" and "802.3" is presumably
- * whether packets have an Ethernet header, with a packet type,
- * or an 802.3 header, with a packet length, followed by an 802.2
- * header and possibly a SNAP header.)
- *
- * If the device name matches "linktype" interpreted as an ifType
- * value, rather than as a DLT_ value, we will assume this is AIX's
- * non-standard, incompatible libpcap, rather than a standard libpcap,
- * and will map the link-layer type to the standard DLT_ value for
- * that link-layer type, as that's what the rest of Wireshark expects.
- *
- * (This means the capture files won't be readable by a tcpdump
- * linked with AIX's non-standard libpcap, but so it goes. They
- * *will* be readable by standard versions of tcpdump, Wireshark,
- * and so on.)
- *
- * XXX - if we conclude we're using AIX libpcap, should we also
- * set a flag to cause us to assume the time stamps are in
- * seconds-and-nanoseconds form, and to convert them to
- * seconds-and-microseconds form before processing them and
- * writing them out?
- */
+#include <CoreFoundation/CoreFoundation.h>
+#include <SystemConfiguration/SystemConfiguration.h>
- /*
- * Find the last component of the device name, which is the
- * interface name.
- */
- ifacename = strchr(devname, '/');
- if (ifacename == NULL)
- ifacename = devname;
+#include "cfutils.h"
- /* See if it matches any of the LAN device names. */
- if (strncmp(ifacename, "en", 2) == 0) {
- if (linktype == 6) {
- /*
- * That's the RFC 1573 value for Ethernet; map it
- * to DLT_EN10MB.
- */
- linktype = 1;
- }
- } else if (strncmp(ifacename, "et", 2) == 0) {
- if (linktype == 7) {
+/*
+ * On OS X, we get the "friendly name" and interface type for the interface
+ * from the System Configuration framework.
+ *
+ * To find the System Configuration framework information for the
+ * interface, we get all the interfaces that the System Configuration
+ * framework knows about and look for the one with a "BSD name" matching
+ * the interface name.
+ *
+ * If we find it, we use its "localized display name", if it has one, as
+ * the "friendly name".
+ *
+ * As for the interface type:
+ *
+ * Yes, fetching all the network addresses for an interface gets you an
+ * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes
+ * an SNMP MIB-II ifType value.
+ *
+ * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
+ * not IFT_IEEE80211 (which isn't defined in OS X in any case).
+ *
+ * Perhaps some other BSD-flavored OSes won't make this mistake;
+ * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
+ * made the same mistake, at least for my Belkin ZyDAS stick.
+ *
+ * SCNetworkInterfaceGetInterfaceType() will get the interface
+ * type. The interface type is a CFString, and:
+ *
+ * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
+ * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
+ * kSCNetworkInterfaceTypeModem or
+ * kSCNetworkInterfaceTypePPP or
+ * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
+ */
+static void
+add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
+ const char *description _U_)
+{
+ CFStringRef name_CFString;
+ CFArrayRef interfaces;
+ CFIndex num_interfaces;
+ CFIndex i;
+ SCNetworkInterfaceRef interface;
+ CFStringRef bsdname_CFString;
+ CFStringRef friendly_name_CFString;
+ CFStringRef interface_type_CFString;
+
+ interfaces = SCNetworkInterfaceCopyAll();
+ if (interfaces == NULL) {
+ /*
+ * Couldn't get a list of interfaces.
+ */
+ return;
+ }
+
+ name_CFString = CFStringCreateWithCString(kCFAllocatorDefault,
+ name, kCFStringEncodingUTF8);
+ if (name_CFString == NULL) {
+ /*
+ * Couldn't convert the interface name to a CFString.
+ */
+ CFRelease(interfaces);
+ return;
+ }
+
+ num_interfaces = CFArrayGetCount(interfaces);
+ for (i = 0; i < num_interfaces; i++) {
+ interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i);
+ bsdname_CFString = SCNetworkInterfaceGetBSDName(interface);
+ if (bsdname_CFString == NULL) {
/*
- * That's the RFC 1573 value for 802.3; map it to
- * DLT_EN10MB.
- * (libpcap, tcpdump, Wireshark, etc. don't care if
- * it's Ethernet or 802.3.)
+ * This interface has no BSD name, so it's not
+ * a regular network interface.
*/
- linktype = 1;
+ continue;
}
- } else if (strncmp(ifacename, "tr", 2) == 0) {
- if (linktype == 9) {
+ if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) {
/*
- * That's the RFC 1573 value for 802.5 (Token Ring);
- * map it to DLT_IEEE802, which is what's used for
- * Token Ring.
+ * This is the interface.
+ * First, get the friendly name.
*/
- linktype = 6;
- }
- } else if (strncmp(ifacename, "fi", 2) == 0) {
- if (linktype == 15) {
+ friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface);
+ if (friendly_name_CFString != NULL)
+ if_info->friendly_name = CFString_to_C_string(friendly_name_CFString);
+
/*
- * That's the RFC 1573 value for FDDI; map it to
- * DLT_FDDI.
+ * Now get the interface type.
*/
- linktype = 10;
+ interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface);
+ if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo)
+ if_info->type = IF_WIRELESS;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo)
+ if_info->type = IF_BLUETOOTH;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo)
+ if_info->type = IF_DIALUP;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo)
+ if_info->type = IF_DIALUP;
+ else if (CFStringCompare(interface_type_CFString,
+ kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo)
+ if_info->type = IF_DIALUP;
+ else
+ if_info->type = IF_WIRED;
+ break;
}
- } else if (strncmp(ifacename, "lo", 2) == 0) {
- if (linktype == 24) {
+ }
+
+ CFRelease(interfaces);
+ CFRelease(name_CFString);
+}
+#elif defined(__linux__)
+/*
+ * Linux doesn't offer any form of "friendly name", but you can
+ * determine an interface type to some degree.
+ */
+static void
+add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
+ const char *description _U_)
+{
+ char *wireless_path;
+ ws_statb64 statb;
+
+ /*
+ * Look for /sys/class/net/{device}/wireless. If it exists,
+ * it's a wireless interface.
+ */
+ wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
+ if (wireless_path != NULL) {
+ if (ws_stat64(wireless_path, &statb) == 0)
+ if_info->type = IF_WIRELESS;
+ g_free(wireless_path);
+ }
+ if (if_info->type == IF_WIRED) {
+ /*
+ * We still don't know what it is. Check for
+ * Bluetooth and USB devices.
+ */
+ if (strstr(name, "bluetooth") != NULL) {
/*
- * That's the RFC 1573 value for "software loopback"
- * devices; map it to DLT_NULL, which is what's used
- * for loopback devices on BSD.
+ * XXX - this is for raw Bluetooth capture; what
+ * about IP-over-Bluetooth devices?
*/
- linktype = 0;
- }
+ if_info->type = IF_BLUETOOTH;
+ } else if (strstr(name, "usbmon") != NULL)
+ if_info->type = IF_USB;
}
-#endif
-
- return linktype;
}
+#else
+/*
+ * On other UN*Xes, if there is a description, it's a friendly
+ * name, and there is no vendor description. ("Other UN*Xes"
+ * currently means "FreeBSD and OpenBSD".)
+ */
+void
+add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_,
+ const char *description)
+{
+ if_info->friendly_name = g_strdup(description);
+}
+#endif
if_info_t *
-if_info_new(char *name, char *description)
+if_info_new(const char *name, const char *description, gboolean loopback)
{
if_info_t *if_info;
+#ifdef _WIN32
+ const char *guid_text;
+ GUID guid;
+#endif
if_info = (if_info_t *)g_malloc(sizeof (if_info_t));
if_info->name = g_strdup(name);
- if (description == NULL)
- if_info->description = NULL;
+ if_info->friendly_name = NULL; /* default - unknown */
+ if_info->vendor_description = NULL;
+ if_info->type = IF_WIRED; /* default */
+#ifdef _WIN32
+ /*
+ * Get the interface type.
+ *
+ * Much digging failed to reveal any obvious way to get something
+ * such as the SNMP MIB-II ifType value for an interface:
+ *
+ * http://www.iana.org/assignments/ianaiftype-mib
+ *
+ * by making some NDIS request. And even if there were such
+ * a way, there's no guarantee that the ifType reflects an
+ * interface type that a user would view as correct (for
+ * example, some systems report Wi-Fi interfaces as
+ * Ethernet interfaces).
+ *
+ * So we look for keywords in the vendor's interface
+ * description.
+ */
+ if (description && (strstr(description, "generic dialup") != NULL ||
+ strstr(description, "PPP/SLIP") != NULL)) {
+ if_info->type = IF_DIALUP;
+ } else if (description && (strstr(description, "Wireless") != NULL ||
+ strstr(description,"802.11") != NULL)) {
+ if_info->type = IF_WIRELESS;
+ } else if (description && strstr(description, "AirPcap") != NULL ||
+ strstr(name, "airpcap") != NULL) {
+ if_info->type = IF_AIRPCAP;
+ } else if (description && strstr(description, "Bluetooth") != NULL ) {
+ if_info->type = IF_BLUETOOTH;
+ } else if (description && strstr(description, "VMware") != NULL) {
+ /*
+ * Bridge, NAT, or host-only interface on a VMware host.
+ *
+ * XXX - what about guest interfaces?
+ */
+ if_info->type = IF_VIRTUAL;
+ }
+
+ /*
+ * On Windows, the "description" is a vendor description,
+ * and the friendly name isn't returned by WinPcap.
+ * Fetch it ourselves.
+ */
+
+ /*
+ * Skip over the "\Device\NPF_" prefix in the device name,
+ * if present.
+ */
+ if (strncmp("\\Device\\NPF_", name, 12) == 0)
+ guid_text = name + 12;
else
- if_info->description = g_strdup(description);
+ guid_text = name;
+
+ /* Now try to parse what remains as a GUID. */
+ if (parse_as_guid(guid_text, &guid)) {
+ /*
+ * Success. Try to get a friendly name using the GUID.
+ * As this is a regular interface, the description is a
+ * vendor description.
+ */
+ if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid);
+ if_info->vendor_description = g_strdup(description);
+ } else {
+ /*
+ * This is probably not a regular interface; we only
+ * support NT 5 (W2K) and later, so all regular interfaces
+ * should have GUIDs at the end of the name. Therefore,
+ * the description, if supplied, is a friendly name
+ * provided by WinPcap, and there is no vendor
+ * description.
+ */
+ if_info->friendly_name = g_strdup(description);
+ if_info->vendor_description = NULL;
+ }
+#else
+ /*
+ * On UN*X, if there is a description, it's a friendly
+ * name, and there is no vendor description.
+ *
+ * Try the platform's way of getting a friendly name and
+ * interface type first.
+ *
+ * If that fails, then, for a loopback interface, give it the
+ * friendly name "Loopback" and, for VMware interfaces,
+ * give them the type IF_VIRTUAL.
+ */
+ add_unix_interface_ifinfo(if_info, name, description);
+ if (if_info->type == IF_WIRED) {
+ /*
+ * This is the default interface type.
+ *
+ * Bridge, NAT, or host-only interfaces on VMWare hosts
+ * have the name vmnet[0-9]+. Guests might use a native
+ * (LANCE or E1000) driver or the vmxnet driver. Check
+ * the name.
+ */
+ if (g_ascii_strncasecmp(name, "vmnet", 5) == 0)
+ if_info->type = IF_VIRTUAL;
+ else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0)
+ if_info->type = IF_VIRTUAL;
+ }
+ if (if_info->friendly_name == NULL) {
+ /*
+ * We couldn't get interface information using platform-
+ * dependent calls.
+ *
+ * If this is a loopback interface, give it a
+ * "friendly name" of "Loopback".
+ */
+ if (loopback)
+ if_info->friendly_name = g_strdup("Loopback");
+ }
+ if_info->vendor_description = NULL;
+#endif
+ if_info->loopback = loopback;
if_info->addrs = NULL;
- if_info->loopback = FALSE;
return if_info;
}
switch (addr->sa_family) {
case AF_INET:
- ai = (struct sockaddr_in *)addr;
+ ai = (struct sockaddr_in *)(void *)addr;
if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
if_addr->ifat_type = IF_AT_IPv4;
if_addr->addr.ip4_addr =
#ifdef INET6
case AF_INET6:
- ai6 = (struct sockaddr_in6 *)addr;
+ ai6 = (struct sockaddr_in6 *)(void *)addr;
if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
if_addr->ifat_type = IF_AT_IPv6;
memcpy((void *)&if_addr->addr.ip6_addr,
#ifdef HAVE_PCAP_FINDALLDEVS
/*
- * Get all IP address information, and the loopback flag, for the given
- * interface.
+ * Get all IP address information for the given interface.
*/
static void
if_info_ip(if_info_t *if_info, pcap_if_t *d)
{
pcap_addr_t *a;
- /* Loopback flag */
- if_info->loopback = (d->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE;
-
/* All addresses */
for (a = d->addresses; a != NULL; a = a->next) {
if (a->addr != NULL)
}
for (dev = alldevs; dev != NULL; dev = dev->next) {
- if_info = if_info_new(dev->name, dev->description);
+ if_info = if_info_new(dev->name, dev->description,
+ (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
il = g_list_append(il, if_info);
if_info_ip(if_info, dev);
}
}
for (dev = alldevs; dev != NULL; dev = dev->next) {
- if_info = if_info_new(dev->name, dev->description);
+ if_info = if_info_new(dev->name, dev->description,
+ (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
il = g_list_append(il, if_info);
if_info_ip(if_info, dev);
}
if_info_t *if_info = (if_info_t *)data;
g_free(if_info->name);
- g_free(if_info->description);
+ g_free(if_info->friendly_name);
+ g_free(if_info->vendor_description);
g_slist_foreach(if_info->addrs, free_if_info_addr_cb, NULL);
g_slist_free(if_info->addrs);
}
void
-free_pcap_linktype_list(GList *linktype_list)
+free_if_capabilities(if_capabilities_t *caps)
{
- g_list_foreach(linktype_list, free_linktype_cb, NULL);
- g_list_free(linktype_list);
+ g_list_foreach(caps->data_link_types, free_linktype_cb, NULL);
+ g_list_free(caps->data_link_types);
+ g_free(caps);
}
const char *