1 /* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */
3 * Copyright (c) 1994, 1995, 1996, 1997, 1998
4 * The Regents of the University of California. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by the Computer Systems
17 * Engineering Group at Lawrence Berkeley Laboratory.
18 * 4. Neither the name of the University nor of the Laboratory may be used
19 * to endorse or promote products derived from this software without
20 * specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #include <pcap-stdinc.h>
43 #include <sys/param.h>
47 #include <sys/ioctl.h>
48 #include <sys/socket.h>
49 #ifdef HAVE_SYS_SOCKIO_H
50 #include <sys/sockio.h>
53 struct mbuf; /* Squelch compiler warnings on some platforms for */
54 struct rtentry; /* declarations in <net/if.h> */
56 #include <netinet/in.h>
65 #if !defined(_WIN32) && !defined(__BORLANDC__)
67 #endif /* !_WIN32 && !__BORLANDC__ */
71 #define INT_MAX 2147483647
76 #ifdef HAVE_OS_PROTO_H
81 /* Not all systems have IFF_LOOPBACK */
83 #define ISLOOPBACK(name, flags) ((flags) & IFF_LOOPBACK)
85 #define ISLOOPBACK(name, flags) ((name)[0] == 'l' && (name)[1] == 'o' && \
86 (isdigit((unsigned char)((name)[2])) || (name)[2] == '\0'))
90 #define ISUP(flags) ((flags) & IFF_UP)
96 #define ISRUNNING(flags) ((flags) & IFF_RUNNING)
98 #define ISRUNNING(flags) 0
102 * Map UN*X-style interface flags to libpcap flags.
105 if_flags_to_pcap_flags(const char *name _U_, u_int if_flags)
107 bpf_u_int32 pcap_flags;
110 if (ISLOOPBACK(name, if_flags))
111 pcap_flags |= PCAP_IF_LOOPBACK;
113 pcap_flags |= PCAP_IF_UP;
114 if (ISRUNNING(if_flags))
115 pcap_flags |= PCAP_IF_RUNNING;
120 static struct sockaddr *
121 dup_sockaddr(struct sockaddr *sa, size_t sa_length)
123 struct sockaddr *newsa;
125 if ((newsa = malloc(sa_length)) == NULL)
127 return (memcpy(newsa, sa, sa_length));
131 * Construct a "figure of merit" for an interface, for use when sorting
132 * the list of interfaces, in which interfaces that are up are superior
133 * to interfaces that aren't up, interfaces that are up and running are
134 * superior to interfaces that are up but not running, and non-loopback
135 * interfaces that are up and running are superior to loopback interfaces,
136 * and interfaces with the same flags have a figure of merit that's higher
137 * the lower the instance number.
139 * The goal is to try to put the interfaces most likely to be useful for
140 * capture at the beginning of the list.
142 * The figure of merit, which is lower the "better" the interface is,
143 * has the uppermost bit set if the interface isn't running, the bit
144 * below that set if the interface isn't up, the bit below that set
145 * if the interface is a loopback interface, and the interface index
146 * in the 29 bits below that. (Yes, we assume u_int is 32 bits.)
149 get_figure_of_merit(pcap_if_t *dev)
154 if (strcmp(dev->name, "any") == 0) {
156 * Give the "any" device an artificially high instance
157 * number, so it shows up after all other non-loopback
160 n = 0x1FFFFFFF; /* 29 all-1 bits */
163 * A number at the end of the device name string is
164 * assumed to be a unit number.
166 cp = dev->name + strlen(dev->name) - 1;
167 while (cp-1 >= dev->name && *(cp-1) >= '0' && *(cp-1) <= '9')
169 if (*cp >= '0' && *cp <= '9')
174 if (!(dev->flags & PCAP_IF_RUNNING))
176 if (!(dev->flags & PCAP_IF_UP))
178 if (dev->flags & PCAP_IF_LOOPBACK)
184 * Try to get a description for a given device.
185 * Returns a mallocated description if it could and NULL if it couldn't.
187 * XXX - on FreeBSDs that support it, should it get the sysctl named
188 * "dev.{adapter family name}.{adapter unit}.%desc" to get a description
189 * of the adapter? Note that "dev.an.0.%desc" is "Aironet PC4500/PC4800"
190 * with my Cisco 350 card, so the name isn't entirely descriptive. The
191 * "dev.an.0.%pnpinfo" has a better description, although one might argue
192 * that the problem is really a driver bug - if it can find out that it's
193 * a Cisco 340 or 350, rather than an old Aironet card, it should use
194 * that in the description.
196 * Do NetBSD, DragonflyBSD, or OpenBSD support this as well? FreeBSD
197 * and OpenBSD let you get a description, but it's not generated by the OS,
198 * it's set with another ioctl that ifconfig supports; we use that to get
199 * a description in FreeBSD and OpenBSD, but if there is no such
200 * description available, it still might be nice to get some description
201 * string based on the device type or something such as that.
203 * In OS X, the System Configuration framework can apparently return
204 * names in 10.4 and later.
206 * It also appears that freedesktop.org's HAL offers an "info.product"
207 * string, but the HAL specification says it "should not be used in any
208 * UI" and "subsystem/capability specific properties" should be used
209 * instead and, in any case, I think HAL is being deprecated in
210 * favor of other stuff such as DeviceKit. DeviceKit doesn't appear
211 * to have any obvious product information for devices, but maybe
212 * I haven't looked hard enough.
214 * Using the System Configuration framework, or HAL, or DeviceKit, or
215 * whatever, would require that libpcap applications be linked with
216 * the frameworks/libraries in question. That shouldn't be a problem
217 * for programs linking with the shared version of libpcap (unless
218 * you're running on AIX - which I think is the only UN*X that doesn't
219 * support linking a shared library with other libraries on which it
220 * depends, and having an executable linked only with the first shared
221 * library automatically pick up the other libraries when started -
222 * and using HAL or whatever). Programs linked with the static
223 * version of libpcap would have to use pcap-config with the --static
224 * flag in order to get the right linker flags in order to pick up
225 * the additional libraries/frameworks; those programs need that anyway
226 * for libpcap 1.1 and beyond on Linux, as, by default, it requires
229 * Do any other UN*Xes, or desktop environments support getting a
233 get_if_description(const char *name)
236 char *description = NULL;
238 struct ifreq ifrdesc;
240 size_t descrlen = 64;
242 size_t descrlen = IFDESCRSIZE;
243 #endif /* IFDESCRSIZE */
246 * Get the description for the interface.
248 memset(&ifrdesc, 0, sizeof ifrdesc);
249 strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name);
250 s = socket(AF_INET, SOCK_DGRAM, 0);
254 * On FreeBSD, if the buffer isn't big enough for the
255 * description, the ioctl succeeds, but the description
256 * isn't copied, ifr_buffer.length is set to the description
257 * length, and ifr_buffer.buffer is set to NULL.
261 if ((description = malloc(descrlen)) != NULL) {
262 ifrdesc.ifr_buffer.buffer = description;
263 ifrdesc.ifr_buffer.length = descrlen;
264 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) == 0) {
265 if (ifrdesc.ifr_buffer.buffer ==
269 descrlen = ifrdesc.ifr_buffer.length;
272 * Failed to get interface description.
281 #else /* __FreeBSD__ */
283 * The only other OS that currently supports
284 * SIOCGIFDESCR is OpenBSD, and it has no way
285 * to get the description length - it's clamped
286 * to a maximum of IFDESCRSIZE.
288 if ((description = malloc(descrlen)) != NULL) {
289 ifrdesc.ifr_data = (caddr_t)description;
290 if (ioctl(s, SIOCGIFDESCR, &ifrdesc) != 0) {
292 * Failed to get interface description.
298 #endif /* __FreeBSD__ */
300 if (description != NULL && strlen(description) == 0) {
302 * Description is empty, so discard it.
311 * For FreeBSD, if we didn't get a description, and this is
312 * a device with a name of the form usbusN, label it as a USB
315 if (description == NULL) {
316 if (strncmp(name, "usbus", 5) == 0) {
318 * OK, it begins with "usbus".
324 busnum = strtol(name + 5, &p, 10);
325 if (errno == 0 && p != name + 5 && *p == '\0' &&
326 busnum >= 0 && busnum <= INT_MAX) {
328 * OK, it's a valid number that's not
329 * bigger than INT_MAX. Construct
330 * a description from it.
332 static const char descr_prefix[] = "USB bus number ";
336 * Allow enough room for a 32-bit bus number.
337 * sizeof (descr_prefix) includes the
340 descr_size = sizeof (descr_prefix) + 10;
341 description = malloc(descr_size);
342 if (description != NULL) {
343 pcap_snprintf(description, descr_size,
344 "%s%ld", descr_prefix, busnum);
350 return (description);
351 #else /* SIOCGIFDESCR */
353 #endif /* SIOCGIFDESCR */
357 * Look for a given device in the specified list of devices.
359 * If we find it, return 0 and set *curdev_ret to point to it.
361 * If we don't find it, check whether we can open it:
363 * If that fails with PCAP_ERROR_NO_SUCH_DEVICE or
364 * PCAP_ERROR_IFACE_NOT_UP, don't attempt to add an entry for
365 * it, as that probably means it exists but doesn't support
368 * Otherwise, attempt to add an entry for it, with the specified
369 * ifnet flags and description, and, if that succeeds, return 0
370 * and set *curdev_ret to point to the new entry, otherwise
371 * return PCAP_ERROR and set errbuf to an error message. If we
372 * weren't given a description, try to get one.
375 add_or_find_if(pcap_if_t **curdev_ret, pcap_if_t **alldevs, const char *name,
376 bpf_u_int32 flags, const char *description, char *errbuf)
379 pcap_if_t *curdev, *prevdev, *nextdev;
380 u_int this_figure_of_merit, nextdev_figure_of_merit;
381 char open_errbuf[PCAP_ERRBUF_SIZE];
385 * Is there already an entry in the list for this interface?
387 for (curdev = *alldevs; curdev != NULL; curdev = curdev->next) {
388 if (strcmp(name, curdev->name) == 0)
389 break; /* yes, we found it */
392 if (curdev == NULL) {
394 * No, we didn't find it.
396 * Can we open this interface for live capture?
398 * We do this check so that interfaces that are
399 * supplied by the interface enumeration mechanism
400 * we're using but that don't support packet capture
401 * aren't included in the list. Loopback interfaces
402 * on Solaris are an example of this; we don't just
403 * omit loopback interfaces on all platforms because
404 * you *can* capture on loopback interfaces on some
407 * On OS X, we don't do this check if the device
408 * name begins with "wlt"; at least some versions
409 * of OS X offer monitor mode capturing by having
410 * a separate "monitor mode" device for each wireless
411 * adapter, rather than by implementing the ioctls
412 * that {Free,Net,Open,DragonFly}BSD provide.
413 * Opening that device puts the adapter into monitor
414 * mode, which, at least for some adapters, causes
415 * them to deassociate from the network with which
416 * they're associated.
418 * Instead, we try to open the corresponding "en"
419 * device (so that we don't end up with, for users
420 * without sufficient privilege to open capture
421 * devices, a list of adapters that only includes
425 if (strncmp(name, "wlt", 3) == 0) {
430 * Try to allocate a buffer for the "en"
433 en_name_len = strlen(name) - 1;
434 en_name = malloc(en_name_len + 1);
435 if (en_name == NULL) {
436 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
437 "malloc: %s", pcap_strerror(errno));
440 strcpy(en_name, "en");
441 strcat(en_name, name + 3);
442 p = pcap_create(en_name, open_errbuf);
446 p = pcap_create(name, open_errbuf);
449 * The attempt to create the pcap_t failed;
450 * that's probably an indication that we're
453 * Don't bother including this interface,
454 * but don't treat it as an error.
459 /* Small snaplen, so we don't try to allocate much memory. */
460 pcap_set_snaplen(p, 68);
461 ret = pcap_activate(p);
465 case PCAP_ERROR_NO_SUCH_DEVICE:
466 case PCAP_ERROR_IFACE_NOT_UP:
468 * We expect these two errors - they're the
469 * reason we try to open the device.
471 * PCAP_ERROR_NO_SUCH_DEVICE typically means
472 * "there's no such device *known to the
473 * OS's capture mechanism*", so, even though
474 * it might be a valid network interface, you
475 * can't capture on it (e.g., the loopback
476 * device in Solaris up to Solaris 10, or
477 * the vmnet devices in OS X with VMware
478 * Fusion). We don't include those devices
479 * in our list of devices, as there's no
480 * point in doing so - they're not available
483 * PCAP_ERROR_IFACE_NOT_UP means that the
484 * OS's capture mechanism doesn't work on
485 * interfaces not marked as up; some capture
486 * mechanisms *do* support that, so we no
487 * longer reject those interfaces out of hand,
488 * but we *do* want to reject them if they
489 * can't be opened for capture.
496 * Yes, we can open it, or we can't, for some other
499 * If we can open it, we want to offer it for
500 * capture, as you can capture on it. If we can't,
501 * we want to offer it for capture, so that, if
502 * the user tries to capture on it, they'll get
503 * an error and they'll know why they can't
504 * capture on it (e.g., insufficient permissions)
505 * or they'll report it as a problem (and then
506 * have the error message to provide as information).
508 * Allocate a new entry.
510 curdev = malloc(sizeof(pcap_if_t));
511 if (curdev == NULL) {
512 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
513 "malloc: %s", pcap_strerror(errno));
521 curdev->name = strdup(name);
522 if (curdev->name == NULL) {
523 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
524 "malloc: %s", pcap_strerror(errno));
528 if (description == NULL) {
530 * We weren't handed a description for the
531 * interface, so see if we can generate one
534 curdev->description = get_if_description(name);
537 * We were handed a description; make a copy.
539 curdev->description = strdup(description);
540 if (curdev->description == NULL) {
541 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
542 "malloc: %s", pcap_strerror(errno));
548 curdev->addresses = NULL; /* list starts out as empty */
549 curdev->flags = flags;
552 * Add it to the list, in the appropriate location.
553 * First, get the "figure of merit" for this
556 this_figure_of_merit = get_figure_of_merit(curdev);
559 * Now look for the last interface with an figure of merit
560 * less than or equal to the new interface's figure of
563 * We start with "prevdev" being NULL, meaning we're before
564 * the first element in the list.
569 * Get the interface after this one.
571 if (prevdev == NULL) {
573 * The next element is the first element.
577 nextdev = prevdev->next;
580 * Are we at the end of the list?
582 if (nextdev == NULL) {
584 * Yes - we have to put the new entry
591 * Is the new interface's figure of merit less
592 * than the next interface's figure of merit,
593 * meaning that the new interface is better
594 * than the next interface?
596 nextdev_figure_of_merit = get_figure_of_merit(nextdev);
597 if (this_figure_of_merit < nextdev_figure_of_merit) {
599 * Yes - we should put the new entry
600 * before "nextdev", i.e. after "prevdev".
609 * Insert before "nextdev".
611 curdev->next = nextdev;
614 * Insert after "prevdev" - unless "prevdev" is null,
615 * in which case this is the first interface.
617 if (prevdev == NULL) {
619 * This is the first interface. Pass back a
620 * pointer to it, and put "curdev" before
625 prevdev->next = curdev;
628 *curdev_ret = curdev;
633 * Try to get a description for a given device, and then look for that
634 * device in the specified list of devices.
636 * If we find it, then, if the specified address isn't null, add it to
637 * the list of addresses for the device and return 0.
639 * If we don't find it, check whether we can open it:
641 * If that fails with PCAP_ERROR_NO_SUCH_DEVICE or
642 * PCAP_ERROR_IFACE_NOT_UP, don't attempt to add an entry for
643 * it, as that probably means it exists but doesn't support
646 * Otherwise, attempt to add an entry for it, with the specified
647 * ifnet flags, and, if that succeeds, add the specified address
648 * to its list of addresses if that address is non-null, set
649 * *curdev_ret to point to the new entry, and return 0, otherwise
650 * return PCAP_ERROR and set errbuf to an error message.
652 * (We can get called with a null address because we might get a list
653 * of interface name/address combinations from the underlying OS, with
654 * the address being absent in some cases, rather than a list of
655 * interfaces with each interface having a list of addresses, so this
656 * call may be the only call made to add to the list, and we want to
657 * add interfaces even if they have no addresses.)
660 add_addr_to_iflist(pcap_if_t **alldevs, const char *name, bpf_u_int32 flags,
661 struct sockaddr *addr, size_t addr_size,
662 struct sockaddr *netmask, size_t netmask_size,
663 struct sockaddr *broadaddr, size_t broadaddr_size,
664 struct sockaddr *dstaddr, size_t dstaddr_size,
669 if (add_or_find_if(&curdev, alldevs, name, flags, NULL, errbuf) == -1) {
675 if (curdev == NULL) {
677 * Device wasn't added because it can't be opened.
685 * There's no address to add; this entry just meant
686 * "here's a new interface".
692 * "curdev" is an entry for this interface, and we have an
693 * address for it; add an entry for that address to the
694 * interface's list of addresses.
696 * Allocate the new entry and fill it in.
698 return (add_addr_to_dev(curdev, addr, addr_size, netmask,
699 netmask_size, broadaddr, broadaddr_size, dstaddr,
700 dstaddr_size, errbuf));
704 * Add an entry to the list of addresses for an interface.
705 * "curdev" is the entry for that interface.
706 * If this is the first IP address added to the interface, move it
707 * in the list as appropriate.
710 add_addr_to_dev(pcap_if_t *curdev,
711 struct sockaddr *addr, size_t addr_size,
712 struct sockaddr *netmask, size_t netmask_size,
713 struct sockaddr *broadaddr, size_t broadaddr_size,
714 struct sockaddr *dstaddr, size_t dstaddr_size,
717 pcap_addr_t *curaddr, *prevaddr, *nextaddr;
719 curaddr = malloc(sizeof(pcap_addr_t));
720 if (curaddr == NULL) {
721 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
722 "malloc: %s", pcap_strerror(errno));
726 curaddr->next = NULL;
728 curaddr->addr = dup_sockaddr(addr, addr_size);
729 if (curaddr->addr == NULL) {
730 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
731 "malloc: %s", pcap_strerror(errno));
736 curaddr->addr = NULL;
738 if (netmask != NULL) {
739 curaddr->netmask = dup_sockaddr(netmask, netmask_size);
740 if (curaddr->netmask == NULL) {
741 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
742 "malloc: %s", pcap_strerror(errno));
743 if (curaddr->addr != NULL)
749 curaddr->netmask = NULL;
751 if (broadaddr != NULL) {
752 curaddr->broadaddr = dup_sockaddr(broadaddr, broadaddr_size);
753 if (curaddr->broadaddr == NULL) {
754 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
755 "malloc: %s", pcap_strerror(errno));
756 if (curaddr->netmask != NULL)
757 free(curaddr->netmask);
758 if (curaddr->addr != NULL)
764 curaddr->broadaddr = NULL;
766 if (dstaddr != NULL) {
767 curaddr->dstaddr = dup_sockaddr(dstaddr, dstaddr_size);
768 if (curaddr->dstaddr == NULL) {
769 (void)pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
770 "malloc: %s", pcap_strerror(errno));
771 if (curaddr->broadaddr != NULL)
772 free(curaddr->broadaddr);
773 if (curaddr->netmask != NULL)
774 free(curaddr->netmask);
775 if (curaddr->addr != NULL)
781 curaddr->dstaddr = NULL;
784 * Find the end of the list of addresses.
786 for (prevaddr = curdev->addresses; prevaddr != NULL; prevaddr = nextaddr) {
787 nextaddr = prevaddr->next;
788 if (nextaddr == NULL) {
790 * This is the end of the list.
796 if (prevaddr == NULL) {
798 * The list was empty; this is the first member.
800 curdev->addresses = curaddr;
803 * "prevaddr" is the last member of the list; append
806 prevaddr->next = curaddr;
813 * Look for a given device in the specified list of devices.
815 * If we find it, return 0.
817 * If we don't find it, check whether we can open it:
819 * If that fails with PCAP_ERROR_NO_SUCH_DEVICE or
820 * PCAP_ERROR_IFACE_NOT_UP, don't attempt to add an entry for
821 * it, as that probably means it exists but doesn't support
824 * Otherwise, attempt to add an entry for it, with the specified
825 * ifnet flags and description, and, if that succeeds, return 0
826 * and set *curdev_ret to point to the new entry, otherwise
827 * return PCAP_ERROR and set errbuf to an error message.
830 pcap_add_if(pcap_if_t **devlist, const char *name, u_int flags,
831 const char *description, char *errbuf)
835 return (add_or_find_if(&curdev, devlist, name, flags, description,
841 * Free a list of interfaces.
844 pcap_freealldevs(pcap_if_t *alldevs)
846 pcap_if_t *curdev, *nextdev;
847 pcap_addr_t *curaddr, *nextaddr;
849 for (curdev = alldevs; curdev != NULL; curdev = nextdev) {
850 nextdev = curdev->next;
853 * Free all addresses.
855 for (curaddr = curdev->addresses; curaddr != NULL; curaddr = nextaddr) {
856 nextaddr = curaddr->next;
859 if (curaddr->netmask)
860 free(curaddr->netmask);
861 if (curaddr->broadaddr)
862 free(curaddr->broadaddr);
863 if (curaddr->dstaddr)
864 free(curaddr->dstaddr);
869 * Free the name string.
874 * Free the description string, if any.
876 if (curdev->description != NULL)
877 free(curdev->description);
880 * Free the interface.
projects / FreeBSD / FreeBSD.git / blob