2 * Utility routines for packet capture
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2
11 * of the License, or (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
34 #ifdef HAVE_SYS_TYPES_H
35 # include <sys/types.h>
38 #ifdef HAVE_SYS_SOCKET_H
39 #include <sys/socket.h>
45 #include "capture_ifinfo.h"
46 #include "capture-pcap-util.h"
47 #include "capture-pcap-util-int.h"
49 #include "wsutil/file_util.h"
52 #include <netinet/in.h>
56 #include "capture_win_ifnames.h" /* windows friendly interface names */
60 * Given an interface name, find the "friendly name" and interface
61 * type for the interface.
64 #if defined(__APPLE__)
66 #include <CoreFoundation/CoreFoundation.h>
67 #include <SystemConfiguration/SystemConfiguration.h>
72 * On OS X, we get the "friendly name" and interface type for the interface
73 * from the System Configuration framework.
75 * To find the System Configuration framework information for the
76 * interface, we get all the interfaces that the System Configuration
77 * framework knows about and look for the one with a "BSD name" matching
80 * If we find it, we use its "localized display name", if it has one, as
81 * the "friendly name".
83 * As for the interface type:
85 * Yes, fetching all the network addresses for an interface gets you an
86 * AF_LINK address, of type "struct sockaddr_dl", and, yes, that includes
87 * an SNMP MIB-II ifType value.
89 * However, it's IFT_ETHER, i.e. Ethernet, for AirPort interfaces,
90 * not IFT_IEEE80211 (which isn't defined in OS X in any case).
92 * Perhaps some other BSD-flavored OSes won't make this mistake;
93 * however, FreeBSD 7.0 and OpenBSD 4.2, at least, appear to have
94 * made the same mistake, at least for my Belkin ZyDAS stick.
96 * SCNetworkInterfaceGetInterfaceType() will get the interface
97 * type. The interface type is a CFString, and:
99 * kSCNetworkInterfaceTypeIEEE80211 means IF_WIRELESS;
100 * kSCNetworkInterfaceTypeBluetooth means IF_BLUETOOTH;
101 * kSCNetworkInterfaceTypeModem or
102 * kSCNetworkInterfaceTypePPP or
103 * maybe kSCNetworkInterfaceTypeWWAN means IF_DIALUP
106 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
107 const char *description _U_)
109 CFStringRef name_CFString;
110 CFArrayRef interfaces;
111 CFIndex num_interfaces;
113 SCNetworkInterfaceRef interface;
114 CFStringRef bsdname_CFString;
115 CFStringRef friendly_name_CFString;
116 CFStringRef interface_type_CFString;
118 interfaces = SCNetworkInterfaceCopyAll();
119 if (interfaces == NULL) {
121 * Couldn't get a list of interfaces.
126 name_CFString = CFStringCreateWithCString(kCFAllocatorDefault,
127 name, kCFStringEncodingUTF8);
128 if (name_CFString == NULL) {
130 * Couldn't convert the interface name to a CFString.
132 CFRelease(interfaces);
136 num_interfaces = CFArrayGetCount(interfaces);
137 for (i = 0; i < num_interfaces; i++) {
138 interface = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(interfaces, i);
139 bsdname_CFString = SCNetworkInterfaceGetBSDName(interface);
140 if (bsdname_CFString == NULL) {
142 * This interface has no BSD name, so it's not
143 * a regular network interface.
147 if (CFStringCompare(name_CFString, bsdname_CFString, 0) == 0) {
149 * This is the interface.
150 * First, get the friendly name.
152 friendly_name_CFString = SCNetworkInterfaceGetLocalizedDisplayName(interface);
153 if (friendly_name_CFString != NULL)
154 if_info->friendly_name = CFString_to_C_string(friendly_name_CFString);
157 * Now get the interface type.
159 interface_type_CFString = SCNetworkInterfaceGetInterfaceType(interface);
160 if (CFStringCompare(interface_type_CFString,
161 kSCNetworkInterfaceTypeIEEE80211, 0) == kCFCompareEqualTo)
162 if_info->type = IF_WIRELESS;
163 else if (CFStringCompare(interface_type_CFString,
164 kSCNetworkInterfaceTypeBluetooth, 0) == kCFCompareEqualTo)
165 if_info->type = IF_BLUETOOTH;
166 else if (CFStringCompare(interface_type_CFString,
167 kSCNetworkInterfaceTypeModem, 0) == kCFCompareEqualTo)
168 if_info->type = IF_DIALUP;
169 else if (CFStringCompare(interface_type_CFString,
170 kSCNetworkInterfaceTypePPP, 0) == kCFCompareEqualTo)
171 if_info->type = IF_DIALUP;
172 else if (CFStringCompare(interface_type_CFString,
173 kSCNetworkInterfaceTypeWWAN, 0) == kCFCompareEqualTo)
174 if_info->type = IF_DIALUP;
176 if_info->type = IF_WIRED;
181 CFRelease(interfaces);
182 CFRelease(name_CFString);
184 #elif defined(__linux__)
186 * Linux doesn't offer any form of "friendly name", but you can
187 * determine an interface type to some degree.
190 add_unix_interface_ifinfo(if_info_t *if_info, const char *name,
191 const char *description _U_)
197 * Look for /sys/class/net/{device}/wireless. If it exists,
198 * it's a wireless interface.
200 wireless_path = g_strdup_printf("/sys/class/net/%s/wireless", name);
201 if (wireless_path != NULL) {
202 if (ws_stat64(wireless_path, &statb) == 0)
203 if_info->type = IF_WIRELESS;
204 g_free(wireless_path);
206 if (if_info->type == IF_WIRED) {
208 * We still don't know what it is. Check for
209 * Bluetooth and USB devices.
211 if (strstr(name, "bluetooth") != NULL) {
213 * XXX - this is for raw Bluetooth capture; what
214 * about IP-over-Bluetooth devices?
216 if_info->type = IF_BLUETOOTH;
217 } else if (strstr(name, "usbmon") != NULL)
218 if_info->type = IF_USB;
223 * On other UN*Xes, if there is a description, it's a friendly
224 * name, and there is no vendor description. ("Other UN*Xes"
225 * currently means "FreeBSD and OpenBSD".)
228 add_unix_interface_ifinfo(if_info_t *if_info, const char *name _U_,
229 const char *description)
231 if_info->friendly_name = g_strdup(description);
236 if_info_new(const char *name, const char *description, gboolean loopback)
240 const char *guid_text;
244 if_info = (if_info_t *)g_malloc(sizeof (if_info_t));
245 if_info->name = g_strdup(name);
246 if_info->friendly_name = NULL; /* default - unknown */
247 if_info->vendor_description = NULL;
248 if_info->type = IF_WIRED; /* default */
251 * Get the interface type.
253 * Much digging failed to reveal any obvious way to get something
254 * such as the SNMP MIB-II ifType value for an interface:
256 * http://www.iana.org/assignments/ianaiftype-mib
258 * by making some NDIS request. And even if there were such
259 * a way, there's no guarantee that the ifType reflects an
260 * interface type that a user would view as correct (for
261 * example, some systems report Wi-Fi interfaces as
262 * Ethernet interfaces).
264 * So we look for keywords in the vendor's interface
267 if (description && (strstr(description, "generic dialup") != NULL ||
268 strstr(description, "PPP/SLIP") != NULL)) {
269 if_info->type = IF_DIALUP;
270 } else if (description && (strstr(description, "Wireless") != NULL ||
271 strstr(description,"802.11") != NULL)) {
272 if_info->type = IF_WIRELESS;
273 } else if (description && strstr(description, "AirPcap") != NULL ||
274 strstr(name, "airpcap") != NULL) {
275 if_info->type = IF_AIRPCAP;
276 } else if (description && strstr(description, "Bluetooth") != NULL ) {
277 if_info->type = IF_BLUETOOTH;
278 } else if (description && strstr(description, "VMware") != NULL) {
280 * Bridge, NAT, or host-only interface on a VMware host.
282 * XXX - what about guest interfaces?
284 if_info->type = IF_VIRTUAL;
288 * On Windows, the "description" is a vendor description,
289 * and the friendly name isn't returned by WinPcap.
290 * Fetch it ourselves.
294 * Skip over the "\Device\NPF_" prefix in the device name,
297 if (strncmp("\\Device\\NPF_", name, 12) == 0)
298 guid_text = name + 12;
302 /* Now try to parse what remains as a GUID. */
303 if (parse_as_guid(guid_text, &guid)) {
305 * Success. Try to get a friendly name using the GUID.
306 * As this is a regular interface, the description is a
307 * vendor description.
309 if_info->friendly_name = get_interface_friendly_name_from_device_guid(&guid);
310 if_info->vendor_description = g_strdup(description);
313 * This is probably not a regular interface; we only
314 * support NT 5 (W2K) and later, so all regular interfaces
315 * should have GUIDs at the end of the name. Therefore,
316 * the description, if supplied, is a friendly name
317 * provided by WinPcap, and there is no vendor
320 if_info->friendly_name = g_strdup(description);
321 if_info->vendor_description = NULL;
325 * On UN*X, if there is a description, it's a friendly
326 * name, and there is no vendor description.
328 * Try the platform's way of getting a friendly name and
329 * interface type first.
331 * If that fails, then, for a loopback interface, give it the
332 * friendly name "Loopback" and, for VMware interfaces,
333 * give them the type IF_VIRTUAL.
335 add_unix_interface_ifinfo(if_info, name, description);
336 if (if_info->type == IF_WIRED) {
338 * This is the default interface type.
340 * Bridge, NAT, or host-only interfaces on VMWare hosts
341 * have the name vmnet[0-9]+. Guests might use a native
342 * (LANCE or E1000) driver or the vmxnet driver. Check
345 if (g_ascii_strncasecmp(name, "vmnet", 5) == 0)
346 if_info->type = IF_VIRTUAL;
347 else if (g_ascii_strncasecmp(name, "vmxnet", 6) == 0)
348 if_info->type = IF_VIRTUAL;
350 if (if_info->friendly_name == NULL) {
352 * We couldn't get interface information using platform-
355 * If this is a loopback interface, give it a
356 * "friendly name" of "Loopback".
359 if_info->friendly_name = g_strdup("Loopback");
361 if_info->vendor_description = NULL;
363 if_info->loopback = loopback;
364 if_info->addrs = NULL;
369 if_info_add_address(if_info_t *if_info, struct sockaddr *addr)
372 struct sockaddr_in *ai;
374 struct sockaddr_in6 *ai6;
377 switch (addr->sa_family) {
380 ai = (struct sockaddr_in *)(void *)addr;
381 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
382 if_addr->ifat_type = IF_AT_IPv4;
383 if_addr->addr.ip4_addr =
384 *((guint32 *)&(ai->sin_addr.s_addr));
385 if_info->addrs = g_slist_append(if_info->addrs, if_addr);
390 ai6 = (struct sockaddr_in6 *)(void *)addr;
391 if_addr = (if_addr_t *)g_malloc(sizeof(*if_addr));
392 if_addr->ifat_type = IF_AT_IPv6;
393 memcpy((void *)&if_addr->addr.ip6_addr,
394 (void *)&ai6->sin6_addr.s6_addr,
395 sizeof if_addr->addr.ip6_addr);
396 if_info->addrs = g_slist_append(if_info->addrs, if_addr);
402 #ifdef HAVE_PCAP_FINDALLDEVS
404 * Get all IP address information for the given interface.
407 if_info_ip(if_info_t *if_info, pcap_if_t *d)
412 for (a = d->addresses; a != NULL; a = a->next) {
414 if_info_add_address(if_info, a->addr);
418 #ifdef HAVE_PCAP_REMOTE
420 get_interface_list_findalldevs_ex(const char *source,
421 struct pcap_rmtauth *auth,
422 int *err, char **err_str)
425 pcap_if_t *alldevs, *dev;
427 char errbuf[PCAP_ERRBUF_SIZE];
429 if (pcap_findalldevs_ex((char *)source, auth, &alldevs, errbuf) == -1) {
430 *err = CANT_GET_INTERFACE_LIST;
432 *err_str = cant_get_if_list_error_message(errbuf);
436 if (alldevs == NULL) {
438 * No interfaces found.
440 *err = NO_INTERFACES_FOUND;
446 for (dev = alldevs; dev != NULL; dev = dev->next) {
447 if_info = if_info_new(dev->name, dev->description,
448 (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
449 il = g_list_append(il, if_info);
450 if_info_ip(if_info, dev);
452 pcap_freealldevs(alldevs);
459 get_interface_list_findalldevs(int *err, char **err_str)
462 pcap_if_t *alldevs, *dev;
464 char errbuf[PCAP_ERRBUF_SIZE];
466 if (pcap_findalldevs(&alldevs, errbuf) == -1) {
467 *err = CANT_GET_INTERFACE_LIST;
469 *err_str = cant_get_if_list_error_message(errbuf);
473 if (alldevs == NULL) {
475 * No interfaces found.
477 *err = NO_INTERFACES_FOUND;
483 for (dev = alldevs; dev != NULL; dev = dev->next) {
484 if_info = if_info_new(dev->name, dev->description,
485 (dev->flags & PCAP_IF_LOOPBACK) ? TRUE : FALSE);
486 il = g_list_append(il, if_info);
487 if_info_ip(if_info, dev);
489 pcap_freealldevs(alldevs);
493 #endif /* HAVE_PCAP_FINDALLDEVS */
496 free_if_info_addr_cb(gpointer addr, gpointer user_data _U_)
502 free_if_cb(gpointer data, gpointer user_data _U_)
504 if_info_t *if_info = (if_info_t *)data;
506 g_free(if_info->name);
507 g_free(if_info->friendly_name);
508 g_free(if_info->vendor_description);
510 g_slist_foreach(if_info->addrs, free_if_info_addr_cb, NULL);
511 g_slist_free(if_info->addrs);
516 free_interface_list(GList *if_list)
518 g_list_foreach(if_list, free_if_cb, NULL);
519 g_list_free(if_list);
522 #if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) || !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
525 const char *description;
529 #define DLT_CHOICE(code, description) { #code, description, code }
530 #define DLT_CHOICE_SENTINEL { NULL, NULL, 0 }
532 static struct dlt_choice dlt_choices[] = {
533 DLT_CHOICE(DLT_NULL, "BSD loopback"),
534 DLT_CHOICE(DLT_EN10MB, "Ethernet"),
535 DLT_CHOICE(DLT_IEEE802, "Token ring"),
536 DLT_CHOICE(DLT_ARCNET, "ARCNET"),
537 DLT_CHOICE(DLT_SLIP, "SLIP"),
538 DLT_CHOICE(DLT_PPP, "PPP"),
539 DLT_CHOICE(DLT_FDDI, "FDDI"),
540 DLT_CHOICE(DLT_ATM_RFC1483, "RFC 1483 IP-over-ATM"),
541 DLT_CHOICE(DLT_RAW, "Raw IP"),
542 DLT_CHOICE(DLT_SLIP_BSDOS, "BSD/OS SLIP"),
543 DLT_CHOICE(DLT_PPP_BSDOS, "BSD/OS PPP"),
544 DLT_CHOICE(DLT_ATM_CLIP, "Linux Classical IP-over-ATM"),
545 DLT_CHOICE(DLT_PPP_SERIAL, "PPP over serial"),
546 DLT_CHOICE(DLT_PPP_ETHER, "PPPoE"),
547 DLT_CHOICE(DLT_C_HDLC, "Cisco HDLC"),
548 DLT_CHOICE(DLT_IEEE802_11, "802.11"),
549 DLT_CHOICE(DLT_FRELAY, "Frame Relay"),
550 DLT_CHOICE(DLT_LOOP, "OpenBSD loopback"),
551 DLT_CHOICE(DLT_ENC, "OpenBSD encapsulated IP"),
552 DLT_CHOICE(DLT_LINUX_SLL, "Linux cooked"),
553 DLT_CHOICE(DLT_LTALK, "Localtalk"),
554 DLT_CHOICE(DLT_PFLOG, "OpenBSD pflog file"),
555 DLT_CHOICE(DLT_PRISM_HEADER, "802.11 plus Prism header"),
556 DLT_CHOICE(DLT_IP_OVER_FC, "RFC 2625 IP-over-Fibre Channel"),
557 DLT_CHOICE(DLT_SUNATM, "Sun raw ATM"),
558 DLT_CHOICE(DLT_IEEE802_11_RADIO, "802.11 plus BSD radio information header"),
559 DLT_CHOICE(DLT_APPLE_IP_OVER_IEEE1394, "Apple IP-over-IEEE 1394"),
560 DLT_CHOICE(DLT_ARCNET_LINUX, "Linux ARCNET"),
561 DLT_CHOICE(DLT_LINUX_IRDA, "Linux IrDA"),
562 DLT_CHOICE(DLT_IEEE802_11_RADIO_AVS, "802.11 plus AVS radio information header"),
566 #if !defined(HAVE_PCAP_DATALINK_NAME_TO_VAL)
568 pcap_datalink_name_to_val(const char *name)
572 for (i = 0; dlt_choices[i].name != NULL; i++) {
573 if (g_ascii_strcasecmp(dlt_choices[i].name + sizeof("DLT_") - 1,
575 return (dlt_choices[i].dlt);
579 #endif /* defined(HAVE_PCAP_DATALINK_NAME_TO_VAL) */
581 #if !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME)
583 pcap_datalink_val_to_name(int dlt)
587 for (i = 0; dlt_choices[i].name != NULL; i++) {
588 if (dlt_choices[i].dlt == dlt)
589 return (dlt_choices[i].name + sizeof("DLT_") - 1);
593 #endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) */
595 #if !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION)
597 pcap_datalink_val_to_description(int dlt)
601 for (i = 0; dlt_choices[i].name != NULL; i++) {
602 if (dlt_choices[i].dlt == dlt)
603 return (dlt_choices[i].description);
607 #endif /* defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */
609 #endif /* !defined(HAVE_PCAP_DATALINK_VAL_TO_NAME) || !defined(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION) */
612 free_linktype_cb(gpointer data, gpointer user_data _U_)
614 data_link_info_t *linktype_info = (data_link_info_t *)data;
616 g_free(linktype_info->name);
617 g_free(linktype_info->description);
621 free_if_capabilities(if_capabilities_t *caps)
623 g_list_foreach(caps->data_link_types, free_linktype_cb, NULL);
624 g_list_free(caps->data_link_types);
629 linktype_val_to_name(int dlt)
631 return pcap_datalink_val_to_name(dlt);
634 int linktype_name_to_val(const char *linktype)
636 return pcap_datalink_name_to_val(linktype);
639 #endif /* HAVE_LIBPCAP */