]> The Tcpdump Group git mirrors - libpcap/blob - pcap-npf.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Call WSAStartup/WSACleanup for each use. Fixes #1333
[libpcap] / pcap-npf.c
1 /*
2 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2010 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34 #include <config.h>
35
36 #include <errno.h>
37 #include <limits.h> /* for INT_MAX */
38 #define PCAP_DONT_INCLUDE_PCAP_BPF_H
39 #include <Packet32.h>
40 #include <pcap-int.h>
41 #include <pcap/dlt.h>
42
43 /*
44 * XXX - Packet32.h defines bpf_program, so we can't include
45 * <pcap/bpf.h>, which also defines it; that's why we define
46 * PCAP_DONT_INCLUDE_PCAP_BPF_H,
47 *
48 * However, no header in the WinPcap or Npcap SDKs defines the
49 * macros for BPF code, so we have to define them ourselves.
50 */
51 #define BPF_RET 0x06
52 #define BPF_K 0x00
53
54 /* Old-school MinGW have these headers in a different place.
55 */
56 #if defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)
57 #include <ddk/ntddndis.h>
58 #include <ddk/ndis.h>
59 #else
60 #include <ntddndis.h> /* MSVC/TDM-MinGW/MinGW64 */
61 #endif
62
63 #ifdef HAVE_DAG_API
64 #include <dagnew.h>
65 #include <dagapi.h>
66 #endif /* HAVE_DAG_API */
67
68 #include "diag-control.h"
69
70 #include "pcap-airpcap.h"
71
72 static int pcap_setfilter_npf(pcap_t *, struct bpf_program *);
73 static int pcap_setfilter_win32_dag(pcap_t *, struct bpf_program *);
74 static int pcap_getnonblock_npf(pcap_t *);
75 static int pcap_setnonblock_npf(pcap_t *, int);
76
77 /*dimension of the buffer in the pcap_t structure*/
78 #define WIN32_DEFAULT_USER_BUFFER_SIZE 256000
79
80 /*dimension of the buffer in the kernel driver NPF */
81 #define WIN32_DEFAULT_KERNEL_BUFFER_SIZE 1000000
82
83 /* Equivalent to ntohs(), but a lot faster under Windows */
84 #define SWAPS(_X) ((_X & 0xff) << 8) | (_X >> 8)
85
86 /*
87 * Private data for capturing on WinPcap/Npcap devices.
88 */
89 struct pcap_win {
90 ADAPTER *adapter; /* the packet32 ADAPTER for the device */
91 int nonblock;
92 int rfmon_selfstart; /* a flag tells whether the monitor mode is set by itself */
93 int filtering_in_kernel; /* using kernel filter */
94
95 #ifdef HAVE_DAG_API
96 int dag_fcs_bits; /* Number of checksum bits from link layer */
97 #endif
98
99 #ifdef ENABLE_REMOTE
100 int samp_npkt; /* parameter needed for sampling, with '1 out of N' method has been requested */
101 struct timeval samp_time; /* parameter needed for sampling, with '1 every N ms' method has been requested */
102 #endif
103 };
104
105 /*
106 * Define stub versions of the monitor-mode support routines if this
107 * isn't Npcap. HAVE_NPCAP_PACKET_API is defined by Npcap but not
108 * WinPcap.
109 */
110 #ifndef HAVE_NPCAP_PACKET_API
111 static int
112 PacketIsMonitorModeSupported(PCHAR AdapterName _U_)
113 {
114 /*
115 * We don't support monitor mode.
116 */
117 return (0);
118 }
119
120 static int
121 PacketSetMonitorMode(PCHAR AdapterName _U_, int mode _U_)
122 {
123 /*
124 * This should never be called, as PacketIsMonitorModeSupported()
125 * will return 0, meaning "we don't support monitor mode, so
126 * don't try to turn it on or off".
127 */
128 return (0);
129 }
130
131 static int
132 PacketGetMonitorMode(PCHAR AdapterName _U_)
133 {
134 /*
135 * This should fail, so that pcap_activate_npf() returns
136 * PCAP_ERROR_RFMON_NOTSUP if our caller requested monitor
137 * mode.
138 */
139 return (-1);
140 }
141 #endif
142
143 /*
144 * If a driver returns an NTSTATUS value:
145 *
146 * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/87fba13e-bf06-450e-83b1-9241dc81e781
147 *
148 * with the "Customer" bit set, it will not be mapped to a Windows error
149 * value in userland, so it will be returned by GetLastError().
150 *
151 * Note that "driver" here includes the Npcap NPF driver, as various
152 * versions would take NT status values and set the "Customer" bit
153 * before returning the status code. The commit message for the
154 * change that started doing that is
155 *
156 * Returned a customer-defined NTSTATUS in OID requests to avoid
157 * NTSTATUS-to-Win32 Error code translation.
158 *
159 * but I don't know why the goal was to avoid that translation. For
160 * a while, I suspected that the NT status STATUS_NOT_SUPPORTED was
161 * getting mapped to ERROR_GEN_FAILURE, but, in the cases where
162 * attempts to set promiscuous mode on regular Ethernet devices were
163 * failing with ERROR_GEN_FAILURE, it turns out that the drivers for
164 * those devices were NetAdapterCx drivers, and Microsoft's NetAdapterCx
165 * mechanism wasn't providing the correct "bytes processed" value on
166 * attempts to set OIDs, and the Npcap NPF driver was checking for
167 * that and returning STATUS_UNSUCCESSFUL, which gets mapped to
168 * ERROR_GEN_FAILURE, so perhaps there's no need to avoid that
169 * translation.
170 *
171 * Attempting to set the hardware filter on a Microsoft Surface Pro's
172 * Mobile Broadband Adapter returns an error that appears to be
173 * NDIS_STATUS_NOT_SUPPORTED ORed with the "Customer" bit, so it's
174 * probably indicating that it doesn't support that. It was probably
175 * the NPF driver setting that bit.
176 */
177 #define NT_STATUS_CUSTOMER_DEFINED 0x20000000
178
179 /*
180 * PacketRequest() makes a DeviceIoControl() call to the NPF driver to
181 * perform the OID request, with a BIOCQUERYOID ioctl. The kernel code
182 * should get back one of NDIS_STATUS_INVALID_OID, NDIS_STATUS_NOT_SUPPORTED,
183 * or NDIS_STATUS_NOT_RECOGNIZED if the OID request isn't supported by
184 * the OS or the driver.
185 *
186 * Currently, that code may be returned by the Npcap NPF driver with the
187 * NT_STATUS_CUSTOMER_DEFINED bit. That prevents the return status from
188 * being mapped to a Windows error code; if the NPF driver were to stop
189 * ORing in the NT_STATUS_CUSTOMER_DEFINED bit, it's not obvious how those
190 * the NDIS_STATUS_ values that don't correspond to NTSTATUS values would
191 * be translated to Windows error values (NDIS_STATUS_NOT_SUPPORTED is
192 * the same as STATUS_NOT_SUPPORTED, which is an NTSTATUS value that is
193 * mapped to ERROR_NOT_SUPPORTED).
194 */
195 #define NDIS_STATUS_INVALID_OID 0xc0010017
196 #define NDIS_STATUS_NOT_SUPPORTED 0xc00000bb /* STATUS_NOT_SUPPORTED */
197 #define NDIS_STATUS_NOT_RECOGNIZED 0x00010001
198
199 static int
200 oid_get_request(ADAPTER *adapter, bpf_u_int32 oid, void *data, size_t *lenp,
201 char *errbuf)
202 {
203 PACKET_OID_DATA *oid_data_arg;
204
205 /*
206 * Allocate a PACKET_OID_DATA structure to hand to PacketRequest().
207 * It should be big enough to hold "*lenp" bytes of data; it
208 * will actually be slightly larger, as PACKET_OID_DATA has a
209 * 1-byte data array at the end, standing in for the variable-length
210 * data that's actually there.
211 */
212 oid_data_arg = malloc(sizeof (PACKET_OID_DATA) + *lenp);
213 if (oid_data_arg == NULL) {
214 snprintf(errbuf, PCAP_ERRBUF_SIZE,
215 "Couldn't allocate argument buffer for PacketRequest");
216 return (PCAP_ERROR);
217 }
218
219 /*
220 * No need to copy the data - we're doing a fetch.
221 */
222 oid_data_arg->Oid = oid;
223 oid_data_arg->Length = (ULONG)(*lenp); /* XXX - check for ridiculously large value? */
224 if (!PacketRequest(adapter, FALSE, oid_data_arg)) {
225 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
226 GetLastError(), "Error calling PacketRequest");
227 free(oid_data_arg);
228 return (-1);
229 }
230
231 /*
232 * Get the length actually supplied.
233 */
234 *lenp = oid_data_arg->Length;
235
236 /*
237 * Copy back the data we fetched.
238 */
239 memcpy(data, oid_data_arg->Data, *lenp);
240 free(oid_data_arg);
241 return (0);
242 }
243
244 static int
245 pcap_stats_npf(pcap_t *p, struct pcap_stat *ps)
246 {
247 struct pcap_win *pw = p->priv;
248 struct bpf_stat bstats;
249
250 /*
251 * Try to get statistics.
252 *
253 * (Please note - "struct pcap_stat" is *not* the same as
254 * WinPcap's "struct bpf_stat". It might currently have the
255 * same layout, but let's not cheat.
256 *
257 * Note also that we don't fill in ps_capt, as we might have
258 * been called by code compiled against an earlier version of
259 * WinPcap that didn't have ps_capt, in which case filling it
260 * in would stomp on whatever comes after the structure passed
261 * to us.
262 */
263 if (!PacketGetStats(pw->adapter, &bstats)) {
264 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
265 GetLastError(), "PacketGetStats error");
266 return (-1);
267 }
268 ps->ps_recv = bstats.bs_recv;
269 ps->ps_drop = bstats.bs_drop;
270
271 /*
272 * XXX - PacketGetStats() doesn't fill this in, so we just
273 * return 0.
274 */
275 #if 0
276 ps->ps_ifdrop = bstats.ps_ifdrop;
277 #else
278 ps->ps_ifdrop = 0;
279 #endif
280
281 return (0);
282 }
283
284 /*
285 * Win32-only routine for getting statistics.
286 *
287 * This way is definitely safer than passing the pcap_stat * from the userland.
288 * In fact, there could happen than the user allocates a variable which is not
289 * big enough for the new structure, and the library will write in a zone
290 * which is not allocated to this variable.
291 *
292 * In this way, we're pretty sure we are writing on memory allocated to this
293 * variable.
294 *
295 * XXX - but this is the wrong way to handle statistics. Instead, we should
296 * have an API that returns data in a form like the Options section of a
297 * pcapng Interface Statistics Block:
298 *
299 * https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.6
300 *
301 * which would let us add new statistics straightforwardly and indicate which
302 * statistics we are and are *not* providing, rather than having to provide
303 * possibly-bogus values for statistics we can't provide.
304 */
305 static struct pcap_stat *
306 pcap_stats_ex_npf(pcap_t *p, int *pcap_stat_size)
307 {
308 struct pcap_win *pw = p->priv;
309 struct bpf_stat bstats;
310
311 *pcap_stat_size = sizeof (p->stat);
312
313 /*
314 * Try to get statistics.
315 *
316 * (Please note - "struct pcap_stat" is *not* the same as
317 * WinPcap's "struct bpf_stat". It might currently have the
318 * same layout, but let's not cheat.)
319 */
320 if (!PacketGetStatsEx(pw->adapter, &bstats)) {
321 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
322 GetLastError(), "PacketGetStatsEx error");
323 return (NULL);
324 }
325 p->stat.ps_recv = bstats.bs_recv;
326 p->stat.ps_drop = bstats.bs_drop;
327 p->stat.ps_ifdrop = bstats.ps_ifdrop;
328 /*
329 * Just in case this is ever compiled for a target other than
330 * Windows, which is somewhere between extremely unlikely and
331 * impossible.
332 */
333 #ifdef _WIN32
334 p->stat.ps_capt = bstats.bs_capt;
335 #endif
336 return (&p->stat);
337 }
338
339 /* Set the dimension of the kernel-level capture buffer */
340 static int
341 pcap_setbuff_npf(pcap_t *p, int dim)
342 {
343 struct pcap_win *pw = p->priv;
344
345 if(PacketSetBuff(pw->adapter,dim)==FALSE)
346 {
347 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to allocate the kernel buffer");
348 return (-1);
349 }
350 return (0);
351 }
352
353 /* Set the driver working mode */
354 static int
355 pcap_setmode_npf(pcap_t *p, int mode)
356 {
357 struct pcap_win *pw = p->priv;
358
359 if(PacketSetMode(pw->adapter,mode)==FALSE)
360 {
361 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: working mode not recognized");
362 return (-1);
363 }
364
365 return (0);
366 }
367
368 /*set the minimum amount of data that will release a read call*/
369 static int
370 pcap_setmintocopy_npf(pcap_t *p, int size)
371 {
372 struct pcap_win *pw = p->priv;
373
374 if(PacketSetMinToCopy(pw->adapter, size)==FALSE)
375 {
376 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: unable to set the requested mintocopy size");
377 return (-1);
378 }
379 return (0);
380 }
381
382 static HANDLE
383 pcap_getevent_npf(pcap_t *p)
384 {
385 struct pcap_win *pw = p->priv;
386
387 return (PacketGetReadEvent(pw->adapter));
388 }
389
390 static int
391 pcap_oid_get_request_npf(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
392 {
393 struct pcap_win *pw = p->priv;
394
395 return (oid_get_request(pw->adapter, oid, data, lenp, p->errbuf));
396 }
397
398 static int
399 pcap_oid_set_request_npf(pcap_t *p, bpf_u_int32 oid, const void *data,
400 size_t *lenp)
401 {
402 struct pcap_win *pw = p->priv;
403 PACKET_OID_DATA *oid_data_arg;
404
405 /*
406 * Allocate a PACKET_OID_DATA structure to hand to PacketRequest().
407 * It should be big enough to hold "*lenp" bytes of data; it
408 * will actually be slightly larger, as PACKET_OID_DATA has a
409 * 1-byte data array at the end, standing in for the variable-length
410 * data that's actually there.
411 */
412 oid_data_arg = malloc(sizeof (PACKET_OID_DATA) + *lenp);
413 if (oid_data_arg == NULL) {
414 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
415 "Couldn't allocate argument buffer for PacketRequest");
416 return (PCAP_ERROR);
417 }
418
419 oid_data_arg->Oid = oid;
420 oid_data_arg->Length = (ULONG)(*lenp); /* XXX - check for ridiculously large value? */
421 memcpy(oid_data_arg->Data, data, *lenp);
422 if (!PacketRequest(pw->adapter, TRUE, oid_data_arg)) {
423 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
424 GetLastError(), "Error calling PacketRequest");
425 free(oid_data_arg);
426 return (PCAP_ERROR);
427 }
428
429 /*
430 * Get the length actually copied.
431 */
432 *lenp = oid_data_arg->Length;
433
434 /*
435 * No need to copy the data - we're doing a set.
436 */
437 free(oid_data_arg);
438 return (0);
439 }
440
441 static u_int
442 pcap_sendqueue_transmit_npf(pcap_t *p, pcap_send_queue *queue, int sync)
443 {
444 struct pcap_win *pw = p->priv;
445 u_int res;
446
447 res = PacketSendPackets(pw->adapter,
448 queue->buffer,
449 queue->len,
450 (BOOLEAN)sync);
451
452 if(res != queue->len){
453 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
454 GetLastError(), "Error queueing packets");
455 }
456
457 return (res);
458 }
459
460 static int
461 pcap_setuserbuffer_npf(pcap_t *p, int size)
462 {
463 unsigned char *new_buff;
464
465 if (size<=0) {
466 /* Bogus parameter */
467 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
468 "Error: invalid size %d",size);
469 return (-1);
470 }
471
472 /* Allocate the buffer */
473 new_buff=(unsigned char*)malloc(sizeof(char)*size);
474
475 if (!new_buff) {
476 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
477 "Error: not enough memory");
478 return (-1);
479 }
480
481 free(p->buffer);
482
483 p->buffer=new_buff;
484 p->bufsize=size;
485
486 return (0);
487 }
488
489 #ifdef HAVE_NPCAP_PACKET_API
490 /*
491 * Kernel dump mode isn't supported in Npcap; calls to PacketSetDumpName(),
492 * PacketSetDumpLimits(), and PacketIsDumpEnded() will get compile-time
493 * deprecation warnings.
494 *
495 * Avoid calling them; just return errors indicating that kernel dump
496 * mode isn't supported in Npcap.
497 */
498 static int
499 pcap_live_dump_npf(pcap_t *p, char *filename _U_, int maxsize _U_,
500 int maxpacks _U_)
501 {
502 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
503 "Npcap doesn't support kernel dump mode");
504 return (-1);
505 }
506 static int
507 pcap_live_dump_ended_npf(pcap_t *p, int sync)
508 {
509 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
510 "Npcap doesn't support kernel dump mode");
511 return (-1);
512 }
513 #else /* HAVE_NPCAP_PACKET_API */
514 static int
515 pcap_live_dump_npf(pcap_t *p, char *filename, int maxsize, int maxpacks)
516 {
517 struct pcap_win *pw = p->priv;
518 BOOLEAN res;
519
520 /* Set the packet driver in dump mode */
521 res = PacketSetMode(pw->adapter, PACKET_MODE_DUMP);
522 if(res == FALSE){
523 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
524 "Error setting dump mode");
525 return (-1);
526 }
527
528 /* Set the name of the dump file */
529 res = PacketSetDumpName(pw->adapter, filename, (int)strlen(filename));
530 if(res == FALSE){
531 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
532 "Error setting kernel dump file name");
533 return (-1);
534 }
535
536 /* Set the limits of the dump file */
537 res = PacketSetDumpLimits(pw->adapter, maxsize, maxpacks);
538 if(res == FALSE) {
539 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
540 "Error setting dump limit");
541 return (-1);
542 }
543
544 return (0);
545 }
546
547 static int
548 pcap_live_dump_ended_npf(pcap_t *p, int sync)
549 {
550 struct pcap_win *pw = p->priv;
551
552 return (PacketIsDumpEnded(pw->adapter, (BOOLEAN)sync));
553 }
554 #endif /* HAVE_NPCAP_PACKET_API */
555
556 #ifdef HAVE_AIRPCAP_API
557 static PAirpcapHandle
558 pcap_get_airpcap_handle_npf(pcap_t *p)
559 {
560 struct pcap_win *pw = p->priv;
561
562 return (PacketGetAirPcapHandle(pw->adapter));
563 }
564 #else /* HAVE_AIRPCAP_API */
565 static PAirpcapHandle
566 pcap_get_airpcap_handle_npf(pcap_t *p _U_)
567 {
568 return (NULL);
569 }
570 #endif /* HAVE_AIRPCAP_API */
571
572 static int
573 pcap_read_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
574 {
575 PACKET Packet;
576 u_int cc;
577 int n;
578 register u_char *bp, *ep;
579 u_char *datap;
580 struct pcap_win *pw = p->priv;
581
582 cc = p->cc;
583 if (cc == 0) {
584 /*
585 * Has "pcap_breakloop()" been called?
586 */
587 if (p->break_loop) {
588 /*
589 * Yes - clear the flag that indicates that it
590 * has, and return PCAP_ERROR_BREAK to indicate
591 * that we were told to break out of the loop.
592 */
593 p->break_loop = 0;
594 return (PCAP_ERROR_BREAK);
595 }
596
597 /*
598 * Capture the packets.
599 *
600 * The PACKET structure had a bunch of extra stuff for
601 * Windows 9x/Me, but the only interesting data in it
602 * in the versions of Windows that we support is just
603 * a copy of p->buffer, a copy of p->buflen, and the
604 * actual number of bytes read returned from
605 * PacketReceivePacket(), none of which has to be
606 * retained from call to call, so we just keep one on
607 * the stack.
608 */
609 PacketInitPacket(&Packet, (BYTE *)p->buffer, p->bufsize);
610 if (!PacketReceivePacket(pw->adapter, &Packet, TRUE)) {
611 /*
612 * Did the device go away?
613 * If so, the error we get can either be
614 * ERROR_GEN_FAILURE or ERROR_DEVICE_REMOVED.
615 */
616 DWORD errcode = GetLastError();
617
618 if (errcode == ERROR_GEN_FAILURE ||
619 errcode == ERROR_DEVICE_REMOVED) {
620 /*
621 * The device on which we're capturing
622 * went away, or it became unusable
623 * by NPF due to a suspend/resume.
624 *
625 * ERROR_GEN_FAILURE comes from
626 * STATUS_UNSUCCESSFUL, as well as some
627 * other NT status codes that the Npcap
628 * driver is unlikely to return.
629 * XXX - hopefully no other error
630 * conditions are indicated by this.
631 *
632 * ERROR_DEVICE_REMOVED comes from
633 * STATUS_DEVICE_REMOVED.
634 *
635 * We report the Windows status code
636 * name and the corresponding NT status
637 * code name, for the benefit of attempts
638 * to debug cases where this error is
639 * reported when the device *wasn't*
640 * removed, either because it's not
641 * removable, it's removable but wasn't
642 * removed, or it's a device that doesn't
643 * correspond to a physical device.
644 *
645 * XXX - we really should return an
646 * appropriate error for that, but
647 * pcap_dispatch() etc. aren't
648 * documented as having error returns
649 * other than PCAP_ERROR or PCAP_ERROR_BREAK.
650 */
651 const char *errcode_msg;
652
653 if (errcode == ERROR_GEN_FAILURE)
654 errcode_msg = "ERROR_GEN_FAILURE/STATUS_UNSUCCESSFUL";
655 else
656 errcode_msg = "ERROR_DEVICE_REMOVED/STATUS_DEVICE_REMOVED";
657 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
658 "The interface disappeared (error code %s)",
659 errcode_msg);
660 } else {
661 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
662 PCAP_ERRBUF_SIZE, errcode,
663 "PacketReceivePacket error");
664 }
665 return (PCAP_ERROR);
666 }
667
668 cc = Packet.ulBytesReceived;
669
670 bp = p->buffer;
671 }
672 else
673 bp = p->bp;
674
675 /*
676 * Loop through each packet.
677 *
678 * This assumes that a single buffer of packets will have
679 * <= INT_MAX packets, so the packet count doesn't overflow.
680 */
681 #define bhp ((struct bpf_hdr *)bp)
682 n = 0;
683 ep = bp + cc;
684 for (;;) {
685 register u_int caplen, hdrlen;
686 size_t packet_bytes;
687
688 /*
689 * Has "pcap_breakloop()" been called?
690 * If so, return immediately - if we haven't read any
691 * packets, clear the flag and return PCAP_ERROR_BREAK
692 * to indicate that we were told to break out of the loop,
693 * otherwise leave the flag set, so that the *next* call
694 * will break out of the loop without having read any
695 * packets, and return the number of packets we've
696 * processed so far.
697 */
698 if (p->break_loop) {
699 if (n == 0) {
700 p->break_loop = 0;
701 return (PCAP_ERROR_BREAK);
702 } else {
703 p->bp = bp;
704 p->cc = (u_int) (ep - bp);
705 return (n);
706 }
707 }
708 if (bp >= ep)
709 break;
710
711 caplen = bhp->bh_caplen;
712 hdrlen = bhp->bh_hdrlen;
713 datap = bp + hdrlen;
714
715 /*
716 * Compute the number of bytes for this packet in
717 * the buffer.
718 *
719 * That's the sum of the header length and the packet
720 * data length plus, if this is not the last packet,
721 * the padding required to align the next packet on
722 * the appropriate boundary.
723 *
724 * That means that it should be the minimum of the
725 * number of bytes left in the buffer and the
726 * rounded-up sum of the header and packet data lengths.
727 */
728 packet_bytes = min((u_int)(ep - bp), Packet_WORDALIGN(caplen + hdrlen));
729
730 /*
731 * Short-circuit evaluation: if using BPF filter
732 * in kernel, no need to do it now - we already know
733 * the packet passed the filter.
734 *
735 * XXX - pcapint_filter() should always return TRUE if
736 * handed a null pointer for the program, but it might
737 * just try to "run" the filter, so we check here.
738 */
739 if (pw->filtering_in_kernel ||
740 p->fcode.bf_insns == NULL ||
741 pcapint_filter(p->fcode.bf_insns, datap, bhp->bh_datalen, caplen)) {
742 #ifdef ENABLE_REMOTE
743 switch (p->rmt_samp.method) {
744
745 case PCAP_SAMP_1_EVERY_N:
746 pw->samp_npkt = (pw->samp_npkt + 1) % p->rmt_samp.value;
747
748 /* Discard all packets that are not '1 out of N' */
749 if (pw->samp_npkt != 0) {
750 bp += packet_bytes;
751 continue;
752 }
753 break;
754
755 case PCAP_SAMP_FIRST_AFTER_N_MS:
756 {
757 struct pcap_pkthdr *pkt_header = (struct pcap_pkthdr*) bp;
758
759 /*
760 * Check if the timestamp of the arrived
761 * packet is smaller than our target time.
762 */
763 if (pkt_header->ts.tv_sec < pw->samp_time.tv_sec ||
764 (pkt_header->ts.tv_sec == pw->samp_time.tv_sec && pkt_header->ts.tv_usec < pw->samp_time.tv_usec)) {
765 bp += packet_bytes;
766 continue;
767 }
768
769 /*
770 * The arrived packet is suitable for being
771 * delivered to our caller, so let's update
772 * the target time.
773 */
774 pw->samp_time.tv_usec = pkt_header->ts.tv_usec + p->rmt_samp.value * 1000;
775 if (pw->samp_time.tv_usec > 1000000) {
776 pw->samp_time.tv_sec = pkt_header->ts.tv_sec + pw->samp_time.tv_usec / 1000000;
777 pw->samp_time.tv_usec = pw->samp_time.tv_usec % 1000000;
778 }
779 }
780 }
781 #endif /* ENABLE_REMOTE */
782
783 /*
784 * XXX A bpf_hdr matches a pcap_pkthdr.
785 */
786 (*callback)(user, (struct pcap_pkthdr*)bp, datap);
787 bp += packet_bytes;
788 if (++n >= cnt && !PACKET_COUNT_IS_UNLIMITED(cnt)) {
789 p->bp = bp;
790 p->cc = (u_int) (ep - bp);
791 return (n);
792 }
793 } else {
794 /*
795 * Skip this packet.
796 */
797 bp += packet_bytes;
798 }
799 }
800 #undef bhp
801 p->cc = 0;
802 return (n);
803 }
804
805 #ifdef HAVE_DAG_API
806 static int
807 pcap_read_win32_dag(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
808 {
809 struct pcap_win *pw = p->priv;
810 PACKET Packet;
811 u_char *dp = NULL;
812 int packet_len = 0, caplen = 0;
813 struct pcap_pkthdr pcap_header;
814 u_char *endofbuf;
815 int n = 0;
816 dag_record_t *header;
817 unsigned erf_record_len;
818 ULONGLONG ts;
819 int cc;
820 unsigned swt;
821 unsigned dfp = pw->adapter->DagFastProcess;
822
823 cc = p->cc;
824 if (cc == 0) /* Get new packets only if we have processed all the ones of the previous read */
825 {
826 /*
827 * Get new packets from the network.
828 *
829 * The PACKET structure had a bunch of extra stuff for
830 * Windows 9x/Me, but the only interesting data in it
831 * in the versions of Windows that we support is just
832 * a copy of p->buffer, a copy of p->buflen, and the
833 * actual number of bytes read returned from
834 * PacketReceivePacket(), none of which has to be
835 * retained from call to call, so we just keep one on
836 * the stack.
837 */
838 PacketInitPacket(&Packet, (BYTE *)p->buffer, p->bufsize);
839 if (!PacketReceivePacket(pw->adapter, &Packet, TRUE)) {
840 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error: PacketReceivePacket failed");
841 return (-1);
842 }
843
844 cc = Packet.ulBytesReceived;
845 if(cc == 0)
846 /* The timeout has expired but we no packets arrived */
847 return (0);
848 header = (dag_record_t*)pw->adapter->DagBuffer;
849 }
850 else
851 header = (dag_record_t*)p->bp;
852
853 endofbuf = (char*)header + cc;
854
855 /*
856 * This can conceivably process more than INT_MAX packets,
857 * which would overflow the packet count, causing it either
858 * to look like a negative number, and thus cause us to
859 * return a value that looks like an error, or overflow
860 * back into positive territory, and thus cause us to
861 * return a too-low count.
862 *
863 * Therefore, if the packet count is unlimited, we clip
864 * it at INT_MAX; this routine is not expected to
865 * process packets indefinitely, so that's not an issue.
866 */
867 if (PACKET_COUNT_IS_UNLIMITED(cnt))
868 cnt = INT_MAX;
869
870 /*
871 * Cycle through the packets
872 */
873 do
874 {
875 erf_record_len = SWAPS(header->rlen);
876 if((char*)header + erf_record_len > endofbuf)
877 break;
878
879 /* Increase the number of captured packets */
880 p->stat.ps_recv++;
881
882 /* Find the beginning of the packet */
883 dp = ((u_char *)header) + dag_record_size;
884
885 /* Determine actual packet len */
886 switch(header->type)
887 {
888 case TYPE_ATM:
889 packet_len = ATM_SNAPLEN;
890 caplen = ATM_SNAPLEN;
891 dp += 4;
892
893 break;
894
895 case TYPE_ETH:
896 swt = SWAPS(header->wlen);
897 packet_len = swt - (pw->dag_fcs_bits);
898 caplen = erf_record_len - dag_record_size - 2;
899 if (caplen > packet_len)
900 {
901 caplen = packet_len;
902 }
903 dp += 2;
904
905 break;
906
907 case TYPE_HDLC_POS:
908 swt = SWAPS(header->wlen);
909 packet_len = swt - (pw->dag_fcs_bits);
910 caplen = erf_record_len - dag_record_size;
911 if (caplen > packet_len)
912 {
913 caplen = packet_len;
914 }
915
916 break;
917 }
918
919 if(caplen > p->snapshot)
920 caplen = p->snapshot;
921
922 /*
923 * Has "pcap_breakloop()" been called?
924 * If so, return immediately - if we haven't read any
925 * packets, clear the flag and return -2 to indicate
926 * that we were told to break out of the loop, otherwise
927 * leave the flag set, so that the *next* call will break
928 * out of the loop without having read any packets, and
929 * return the number of packets we've processed so far.
930 */
931 if (p->break_loop)
932 {
933 if (n == 0)
934 {
935 p->break_loop = 0;
936 return (-2);
937 }
938 else
939 {
940 p->bp = (char*)header;
941 p->cc = endofbuf - (char*)header;
942 return (n);
943 }
944 }
945
946 if(!dfp)
947 {
948 /* convert between timestamp formats */
949 ts = header->ts;
950 pcap_header.ts.tv_sec = (int)(ts >> 32);
951 ts = (ts & 0xffffffffi64) * 1000000;
952 ts += 0x80000000; /* rounding */
953 pcap_header.ts.tv_usec = (int)(ts >> 32);
954 if (pcap_header.ts.tv_usec >= 1000000) {
955 pcap_header.ts.tv_usec -= 1000000;
956 pcap_header.ts.tv_sec++;
957 }
958 }
959
960 /* No underlying filtering system. We need to filter on our own */
961 if (p->fcode.bf_insns)
962 {
963 if (pcapint_filter(p->fcode.bf_insns, dp, packet_len, caplen) == 0)
964 {
965 /* Move to next packet */
966 header = (dag_record_t*)((char*)header + erf_record_len);
967 continue;
968 }
969 }
970
971 /* Fill the header for the user supplied callback function */
972 pcap_header.caplen = caplen;
973 pcap_header.len = packet_len;
974
975 /* Call the callback function */
976 (*callback)(user, &pcap_header, dp);
977
978 /* Move to next packet */
979 header = (dag_record_t*)((char*)header + erf_record_len);
980
981 /* Stop if the number of packets requested by user has been reached*/
982 if (++n >= cnt && !PACKET_COUNT_IS_UNLIMITED(cnt))
983 {
984 p->bp = (char*)header;
985 p->cc = endofbuf - (char*)header;
986 return (n);
987 }
988 }
989 while((u_char*)header < endofbuf);
990
991 return (1);
992 }
993 #endif /* HAVE_DAG_API */
994
995 /* Send a packet to the network */
996 static int
997 pcap_inject_npf(pcap_t *p, const void *buf, int size)
998 {
999 struct pcap_win *pw = p->priv;
1000 PACKET pkt;
1001
1002 PacketInitPacket(&pkt, (PVOID)buf, size);
1003 if(PacketSendPacket(pw->adapter,&pkt,TRUE) == FALSE) {
1004 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1005 GetLastError(), "send error: PacketSendPacket failed");
1006 return (-1);
1007 }
1008
1009 /*
1010 * We assume it all got sent if "PacketSendPacket()" succeeded.
1011 * "pcap_inject()" is expected to return the number of bytes
1012 * sent.
1013 */
1014 return (size);
1015 }
1016
1017 static void
1018 pcap_cleanup_npf(pcap_t *p)
1019 {
1020 struct pcap_win *pw = p->priv;
1021
1022 if (pw->adapter != NULL) {
1023 PacketCloseAdapter(pw->adapter);
1024 pw->adapter = NULL;
1025 }
1026 if (pw->rfmon_selfstart)
1027 {
1028 PacketSetMonitorMode(p->opt.device, 0);
1029 }
1030 pcapint_cleanup_live_common(p);
1031 }
1032
1033 static void
1034 pcap_breakloop_npf(pcap_t *p)
1035 {
1036 pcapint_breakloop_common(p);
1037 struct pcap_win *pw = p->priv;
1038
1039 /* XXX - what if this fails? */
1040 SetEvent(PacketGetReadEvent(pw->adapter));
1041 }
1042
1043 static int
1044 pcap_activate_npf(pcap_t *p)
1045 {
1046 struct pcap_win *pw = p->priv;
1047 NetType type;
1048 int res;
1049 int status = 0;
1050 struct bpf_insn total_insn;
1051 struct bpf_program total_prog;
1052
1053 if (p->opt.rfmon) {
1054 /*
1055 * Monitor mode is supported on Windows Vista and later.
1056 */
1057 if (PacketGetMonitorMode(p->opt.device) == 1)
1058 {
1059 pw->rfmon_selfstart = 0;
1060 }
1061 else
1062 {
1063 if ((res = PacketSetMonitorMode(p->opt.device, 1)) != 1)
1064 {
1065 pw->rfmon_selfstart = 0;
1066 // Monitor mode is not supported.
1067 if (res == 0)
1068 {
1069 return PCAP_ERROR_RFMON_NOTSUP;
1070 }
1071 else
1072 {
1073 return PCAP_ERROR;
1074 }
1075 }
1076 else
1077 {
1078 pw->rfmon_selfstart = 1;
1079 }
1080 }
1081 }
1082
1083 pw->adapter = PacketOpenAdapter(p->opt.device);
1084
1085 if (pw->adapter == NULL)
1086 {
1087 DWORD errcode = GetLastError();
1088
1089 /*
1090 * What error did we get when trying to open the adapter?
1091 */
1092 switch (errcode) {
1093
1094 case ERROR_BAD_UNIT:
1095 /*
1096 * There's no such device.
1097 * There's nothing to add, so clear the error
1098 * message.
1099 */
1100 p->errbuf[0] = '\0';
1101 return (PCAP_ERROR_NO_SUCH_DEVICE);
1102
1103 case ERROR_ACCESS_DENIED:
1104 /*
1105 * There is, but we don't have permission to
1106 * use it.
1107 *
1108 * XXX - we currently get ERROR_BAD_UNIT if the
1109 * user says "no" to the UAC prompt.
1110 */
1111 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1112 "The helper program for \"Admin-only Mode\" must be allowed to make changes to your device");
1113 return (PCAP_ERROR_PERM_DENIED);
1114
1115 default:
1116 /*
1117 * Unknown - report details.
1118 */
1119 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1120 errcode, "Error opening adapter");
1121 if (pw->rfmon_selfstart)
1122 {
1123 PacketSetMonitorMode(p->opt.device, 0);
1124 }
1125 return (PCAP_ERROR);
1126 }
1127 }
1128
1129 /*get network type*/
1130 if(PacketGetNetType (pw->adapter,&type) == FALSE)
1131 {
1132 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1133 GetLastError(), "Cannot determine the network type");
1134 goto bad;
1135 }
1136
1137 /*Set the linktype*/
1138 switch (type.LinkType)
1139 {
1140 /*
1141 * NDIS-defined medium types.
1142 */
1143 case NdisMedium802_3:
1144 p->linktype = DLT_EN10MB;
1145 /*
1146 * This is (presumably) a real Ethernet capture; give it a
1147 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
1148 * that an application can let you choose it, in case you're
1149 * capturing DOCSIS traffic that a Cisco Cable Modem
1150 * Termination System is putting out onto an Ethernet (it
1151 * doesn't put an Ethernet header onto the wire, it puts raw
1152 * DOCSIS frames out on the wire inside the low-level
1153 * Ethernet framing).
1154 */
1155 p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
1156 if (p->dlt_list == NULL)
1157 {
1158 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
1159 errno, "malloc");
1160 goto bad;
1161 }
1162 p->dlt_list[0] = DLT_EN10MB;
1163 p->dlt_list[1] = DLT_DOCSIS;
1164 p->dlt_count = 2;
1165 break;
1166
1167 case NdisMedium802_5:
1168 /*
1169 * Token Ring.
1170 */
1171 p->linktype = DLT_IEEE802;
1172 break;
1173
1174 case NdisMediumFddi:
1175 p->linktype = DLT_FDDI;
1176 break;
1177
1178 case NdisMediumWan:
1179 p->linktype = DLT_EN10MB;
1180 break;
1181
1182 case NdisMediumArcnetRaw:
1183 p->linktype = DLT_ARCNET;
1184 break;
1185
1186 case NdisMediumArcnet878_2:
1187 p->linktype = DLT_ARCNET;
1188 break;
1189
1190 case NdisMediumAtm:
1191 p->linktype = DLT_ATM_RFC1483;
1192 break;
1193
1194 case NdisMediumWirelessWan:
1195 p->linktype = DLT_RAW;
1196 break;
1197
1198 case NdisMediumIP:
1199 p->linktype = DLT_RAW;
1200 break;
1201
1202 /*
1203 * Npcap-defined medium types.
1204 */
1205 case NdisMediumNull:
1206 p->linktype = DLT_NULL;
1207 break;
1208
1209 case NdisMediumCHDLC:
1210 p->linktype = DLT_CHDLC;
1211 break;
1212
1213 case NdisMediumPPPSerial:
1214 p->linktype = DLT_PPP_SERIAL;
1215 break;
1216
1217 case NdisMediumBare80211:
1218 p->linktype = DLT_IEEE802_11;
1219 break;
1220
1221 case NdisMediumRadio80211:
1222 p->linktype = DLT_IEEE802_11_RADIO;
1223 break;
1224
1225 case NdisMediumPpi:
1226 p->linktype = DLT_PPI;
1227 break;
1228
1229 default:
1230 /*
1231 * An unknown medium type is assumed to supply Ethernet
1232 * headers; if not, the user will have to report it,
1233 * so that the medium type and link-layer header type
1234 * can be determined. If we were to fail here, we
1235 * might get the link-layer type in the error, but
1236 * the user wouldn't get a capture, so we wouldn't
1237 * be able to determine the link-layer type; we report
1238 * a warning with the link-layer type, so at least
1239 * some programs will report the warning.
1240 */
1241 p->linktype = DLT_EN10MB;
1242 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1243 "Unknown NdisMedium value %d, defaulting to DLT_EN10MB",
1244 type.LinkType);
1245 status = PCAP_WARNING;
1246 break;
1247 }
1248
1249 #ifdef HAVE_PACKET_GET_TIMESTAMP_MODES
1250 /*
1251 * Set the timestamp type.
1252 * (Yes, we require PacketGetTimestampModes(), not just
1253 * PacketSetTimestampMode(). If we have the former, we
1254 * have the latter, unless somebody's using a version
1255 * of Npcap that they've hacked to provide the former
1256 * but not the latter; if they've done that, either
1257 * they're confused or they're trolling us.)
1258 */
1259 switch (p->opt.tstamp_type) {
1260
1261 case PCAP_TSTAMP_HOST_HIPREC_UNSYNCED:
1262 /*
1263 * Better than low-res, but *not* synchronized with
1264 * the OS clock.
1265 */
1266 if (!PacketSetTimestampMode(pw->adapter, TIMESTAMPMODE_SINGLE_SYNCHRONIZATION))
1267 {
1268 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1269 GetLastError(), "Cannot set the time stamp mode to TIMESTAMPMODE_SINGLE_SYNCHRONIZATION");
1270 goto bad;
1271 }
1272 break;
1273
1274 case PCAP_TSTAMP_HOST_LOWPREC:
1275 /*
1276 * Low-res, but synchronized with the OS clock.
1277 */
1278 if (!PacketSetTimestampMode(pw->adapter, TIMESTAMPMODE_QUERYSYSTEMTIME))
1279 {
1280 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1281 GetLastError(), "Cannot set the time stamp mode to TIMESTAMPMODE_QUERYSYSTEMTIME");
1282 goto bad;
1283 }
1284 break;
1285
1286 case PCAP_TSTAMP_HOST_HIPREC:
1287 /*
1288 * High-res, and synchronized with the OS clock.
1289 */
1290 if (!PacketSetTimestampMode(pw->adapter, TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE))
1291 {
1292 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1293 GetLastError(), "Cannot set the time stamp mode to TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE");
1294 goto bad;
1295 }
1296 break;
1297
1298 case PCAP_TSTAMP_HOST:
1299 /*
1300 * XXX - do whatever the default is, for now.
1301 * Set to the highest resolution that's synchronized
1302 * with the system clock?
1303 */
1304 break;
1305 }
1306 #endif /* HAVE_PACKET_GET_TIMESTAMP_MODES */
1307
1308 /*
1309 * Turn a negative snapshot value (invalid), a snapshot value of
1310 * 0 (unspecified), or a value bigger than the normal maximum
1311 * value, into the maximum allowed value.
1312 *
1313 * If some application really *needs* a bigger snapshot
1314 * length, we should just increase MAXIMUM_SNAPLEN.
1315 */
1316 if (p->snapshot <= 0 || p->snapshot > MAXIMUM_SNAPLEN)
1317 p->snapshot = MAXIMUM_SNAPLEN;
1318
1319 /* Set promiscuous mode */
1320 if (p->opt.promisc)
1321 {
1322 /*
1323 * For future reference, in case we ever want to query
1324 * whether an adapter supports promiscuous mode, that
1325 * would be done on Windows by querying the value
1326 * of the OID_GEN_SUPPORTED_PACKET_FILTERS OID.
1327 */
1328 if (PacketSetHwFilter(pw->adapter,NDIS_PACKET_TYPE_PROMISCUOUS) == FALSE)
1329 {
1330 DWORD errcode = GetLastError();
1331
1332 /*
1333 * Suppress spurious error generated by non-compliant
1334 * MS Surface mobile adapters that appear to
1335 * return NDIS_STATUS_NOT_SUPPORTED for attempts
1336 * to set the hardware filter.
1337 *
1338 * It appears to be reporting NDIS_STATUS_NOT_SUPPORTED,
1339 * but with the NT status value "Customer" bit set;
1340 * the Npcap NPF driver sets that bit in some cases.
1341 *
1342 * If we knew that this meant "promiscuous mode
1343 * isn't supported", we could add a "promiscuous
1344 * mode isn't supported" error code and return
1345 * that, but:
1346 *
1347 * 1) we don't know that it means that
1348 * rather than meaning "we reject attempts
1349 * to set the filter, even though the NDIS
1350 * specifications say you shouldn't do that"
1351 *
1352 * and
1353 *
1354 * 2) other interface types that don't
1355 * support promiscuous mode, at least
1356 * on UN*Xes, just silently ignore
1357 * attempts to set promiscuous mode
1358 *
1359 * and rejecting it with an error could disrupt
1360 * attempts to capture, as many programs (tcpdump,
1361 * *shark) default to promiscuous mode.
1362 *
1363 * Alternatively, we could return the "promiscuous
1364 * mode not supported" *warning* value, so that
1365 * correct code will either ignore it or report
1366 * it and continue capturing. (This may require
1367 * a pcap_init() flag to request that return
1368 * value, so that old incorrect programs that
1369 * assume a non-zero return from pcap_activate()
1370 * is an error don't break.)
1371 *
1372 * We check here for ERROR_NOT_SUPPORTED, which
1373 * is what NDIS_STATUS_NOT_SUPPORTED (which is
1374 * the same value as the NTSTATUS value
1375 * STATUS_NOT_SUPPORTED) gets mapped to, as
1376 * well as NDIS_STATUS_NOT_SUPPORTED with the
1377 * "Customer" bit set.
1378 */
1379 if (errcode != ERROR_NOT_SUPPORTED &&
1380 errcode != (NDIS_STATUS_NOT_SUPPORTED|NT_STATUS_CUSTOMER_DEFINED))
1381 {
1382 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1383 PCAP_ERRBUF_SIZE, errcode,
1384 "failed to set hardware filter to promiscuous mode");
1385 goto bad;
1386 }
1387 }
1388 }
1389 else
1390 {
1391 /*
1392 * NDIS_PACKET_TYPE_ALL_LOCAL selects "All packets sent by
1393 * installed protocols and all packets indicated by the NIC",
1394 * but if no protocol drivers (like TCP/IP) are installed,
1395 * NDIS_PACKET_TYPE_DIRECTED, NDIS_PACKET_TYPE_BROADCAST,
1396 * and NDIS_PACKET_TYPE_MULTICAST are needed to capture
1397 * incoming frames.
1398 */
1399 if (PacketSetHwFilter(pw->adapter,
1400 NDIS_PACKET_TYPE_ALL_LOCAL |
1401 NDIS_PACKET_TYPE_DIRECTED |
1402 NDIS_PACKET_TYPE_BROADCAST |
1403 NDIS_PACKET_TYPE_MULTICAST) == FALSE)
1404 {
1405 DWORD errcode = GetLastError();
1406
1407 /*
1408 * Suppress spurious error generated by non-compliant
1409 * MS Surface mobile adapters.
1410 */
1411 if (errcode != (NDIS_STATUS_NOT_SUPPORTED|NT_STATUS_CUSTOMER_DEFINED))
1412 {
1413 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1414 PCAP_ERRBUF_SIZE, errcode,
1415 "failed to set hardware filter to non-promiscuous mode");
1416 goto bad;
1417 }
1418 }
1419 }
1420
1421 /* Set the buffer size */
1422 p->bufsize = WIN32_DEFAULT_USER_BUFFER_SIZE;
1423
1424 if(!(pw->adapter->Flags & INFO_FLAG_DAG_CARD))
1425 {
1426 /*
1427 * Traditional Adapter
1428 */
1429 /*
1430 * If the buffer size wasn't explicitly set, default to
1431 * WIN32_DEFAULT_KERNEL_BUFFER_SIZE.
1432 */
1433 if (p->opt.buffer_size == 0)
1434 p->opt.buffer_size = WIN32_DEFAULT_KERNEL_BUFFER_SIZE;
1435
1436 if(PacketSetBuff(pw->adapter,p->opt.buffer_size)==FALSE)
1437 {
1438 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to allocate the kernel buffer");
1439 goto bad;
1440 }
1441
1442 p->buffer = malloc(p->bufsize);
1443 if (p->buffer == NULL)
1444 {
1445 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
1446 errno, "malloc");
1447 goto bad;
1448 }
1449
1450 if (p->opt.immediate)
1451 {
1452 /* tell the driver to copy the buffer as soon as data arrives */
1453 if(PacketSetMinToCopy(pw->adapter,0)==FALSE)
1454 {
1455 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1456 PCAP_ERRBUF_SIZE, GetLastError(),
1457 "Error calling PacketSetMinToCopy");
1458 goto bad;
1459 }
1460 }
1461 else
1462 {
1463 /* tell the driver to copy the buffer only if it contains at least 16K */
1464 if(PacketSetMinToCopy(pw->adapter,16000)==FALSE)
1465 {
1466 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1467 PCAP_ERRBUF_SIZE, GetLastError(),
1468 "Error calling PacketSetMinToCopy");
1469 goto bad;
1470 }
1471 }
1472 } else {
1473 /*
1474 * Dag Card
1475 */
1476 #ifdef HAVE_DAG_API
1477 /*
1478 * We have DAG support.
1479 */
1480 LONG status;
1481 HKEY dagkey;
1482 DWORD lptype;
1483 DWORD lpcbdata;
1484 int postype = 0;
1485 char keyname[512];
1486
1487 snprintf(keyname, sizeof(keyname), "%s\\CardParams\\%s",
1488 "SYSTEM\\CurrentControlSet\\Services\\DAG",
1489 strstr(_strlwr(p->opt.device), "dag"));
1490 do
1491 {
1492 status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_READ, &dagkey);
1493 if(status != ERROR_SUCCESS)
1494 break;
1495
1496 status = RegQueryValueEx(dagkey,
1497 "PosType",
1498 NULL,
1499 &lptype,
1500 (char*)&postype,
1501 &lpcbdata);
1502
1503 if(status != ERROR_SUCCESS)
1504 {
1505 postype = 0;
1506 }
1507
1508 RegCloseKey(dagkey);
1509 }
1510 while(FALSE);
1511
1512
1513 p->snapshot = PacketSetSnapLen(pw->adapter, p->snapshot);
1514
1515 /* Set the length of the FCS associated to any packet. This value
1516 * will be subtracted to the packet length */
1517 pw->dag_fcs_bits = pw->adapter->DagFcsLen;
1518 #else /* HAVE_DAG_API */
1519 /*
1520 * No DAG support.
1521 */
1522 goto bad;
1523 #endif /* HAVE_DAG_API */
1524 }
1525
1526 /*
1527 * If there's no filter program installed, there's
1528 * no indication to the kernel of what the snapshot
1529 * length should be, so no snapshotting is done.
1530 *
1531 * Therefore, when we open the device, we install
1532 * an "accept everything" filter with the specified
1533 * snapshot length.
1534 */
1535 total_insn.code = (u_short)(BPF_RET | BPF_K);
1536 total_insn.jt = 0;
1537 total_insn.jf = 0;
1538 total_insn.k = p->snapshot;
1539
1540 total_prog.bf_len = 1;
1541 total_prog.bf_insns = &total_insn;
1542 if (!PacketSetBpf(pw->adapter, &total_prog)) {
1543 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1544 GetLastError(), "PacketSetBpf");
1545 status = PCAP_ERROR;
1546 goto bad;
1547 }
1548
1549 PacketSetReadTimeout(pw->adapter, p->opt.timeout);
1550
1551 /* disable loopback capture if requested */
1552 if (p->opt.nocapture_local)
1553 {
1554 if (!PacketSetLoopbackBehavior(pw->adapter, NPF_DISABLE_LOOPBACK))
1555 {
1556 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1557 "Unable to disable the capture of loopback packets.");
1558 goto bad;
1559 }
1560 }
1561
1562 #ifdef HAVE_DAG_API
1563 if(pw->adapter->Flags & INFO_FLAG_DAG_CARD)
1564 {
1565 /* install dag specific handlers for read and setfilter */
1566 p->read_op = pcap_read_win32_dag;
1567 p->setfilter_op = pcap_setfilter_win32_dag;
1568 }
1569 else
1570 {
1571 #endif /* HAVE_DAG_API */
1572 /* install traditional npf handlers for read and setfilter */
1573 p->read_op = pcap_read_npf;
1574 p->setfilter_op = pcap_setfilter_npf;
1575 #ifdef HAVE_DAG_API
1576 }
1577 #endif /* HAVE_DAG_API */
1578 p->setdirection_op = NULL; /* Not implemented. */
1579 /* XXX - can this be implemented on some versions of Windows? */
1580 p->inject_op = pcap_inject_npf;
1581 p->set_datalink_op = NULL; /* can't change data link type */
1582 p->getnonblock_op = pcap_getnonblock_npf;
1583 p->setnonblock_op = pcap_setnonblock_npf;
1584 p->stats_op = pcap_stats_npf;
1585 p->breakloop_op = pcap_breakloop_npf;
1586 p->stats_ex_op = pcap_stats_ex_npf;
1587 p->setbuff_op = pcap_setbuff_npf;
1588 p->setmode_op = pcap_setmode_npf;
1589 p->setmintocopy_op = pcap_setmintocopy_npf;
1590 p->getevent_op = pcap_getevent_npf;
1591 p->oid_get_request_op = pcap_oid_get_request_npf;
1592 p->oid_set_request_op = pcap_oid_set_request_npf;
1593 p->sendqueue_transmit_op = pcap_sendqueue_transmit_npf;
1594 p->setuserbuffer_op = pcap_setuserbuffer_npf;
1595 p->live_dump_op = pcap_live_dump_npf;
1596 p->live_dump_ended_op = pcap_live_dump_ended_npf;
1597 p->get_airpcap_handle_op = pcap_get_airpcap_handle_npf;
1598 p->cleanup_op = pcap_cleanup_npf;
1599
1600 /*
1601 * XXX - this is only done because WinPcap supported
1602 * pcap_fileno() returning the hFile HANDLE from the
1603 * ADAPTER structure. We make no general guarantees
1604 * that the caller can do anything useful with it.
1605 *
1606 * (Not that we make any general guarantee of that
1607 * sort on UN*X, either, anymore, given that not
1608 * all capture devices are regular OS network
1609 * interfaces.)
1610 */
1611 p->handle = pw->adapter->hFile;
1612
1613 return (status);
1614 bad:
1615 pcap_cleanup_npf(p);
1616 return (PCAP_ERROR);
1617 }
1618
1619 /*
1620 * Check if rfmon mode is supported on the pcap_t for Windows systems.
1621 */
1622 static int
1623 pcap_can_set_rfmon_npf(pcap_t *p)
1624 {
1625 return (PacketIsMonitorModeSupported(p->opt.device) == 1);
1626 }
1627
1628 /*
1629 * Get a list of time stamp types.
1630 */
1631 #ifdef HAVE_PACKET_GET_TIMESTAMP_MODES
1632 static int
1633 get_ts_types(const char *device, pcap_t *p, char *ebuf)
1634 {
1635 char *device_copy = NULL;
1636 ADAPTER *adapter = NULL;
1637 ULONG num_ts_modes;
1638 /* Npcap 1.00 driver is buggy and will write 16 bytes regardless of
1639 * buffer size. Using a sufficient stack buffer avoids overflow and
1640 * avoids a heap allocation in most (currently all) cases.
1641 */
1642 ULONG ts_modes[4];
1643 BOOL ret;
1644 DWORD error = ERROR_SUCCESS;
1645 ULONG *modes = NULL;
1646 int status = 0;
1647
1648 do {
1649 /*
1650 * First, find out how many time stamp modes we have.
1651 * To do that, we have to open the adapter.
1652 *
1653 * XXX - PacketOpenAdapter() takes a non-const pointer
1654 * as an argument, so we make a copy of the argument and
1655 * pass that to it.
1656 */
1657 device_copy = strdup(device);
1658 if (device_copy == NULL) {
1659 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, errno, "malloc");
1660 status = -1;
1661 break;
1662 }
1663
1664 adapter = PacketOpenAdapter(device_copy);
1665 if (adapter == NULL)
1666 {
1667 error = GetLastError();
1668 /*
1669 * If we can't open the device now, we won't be
1670 * able to later, either.
1671 *
1672 * If the error is something that indicates
1673 * that the device doesn't exist, or that they
1674 * don't have permission to open the device - or
1675 * perhaps that they don't have permission to get
1676 * a list of devices, if PacketOpenAdapter() does
1677 * that - the user will find that out when they try
1678 * to activate the device; just return an empty
1679 * list of time stamp types.
1680 *
1681 * Treating either of those as errors will, for
1682 * example, cause "tcpdump -i <number>" to fail,
1683 * because it first tries to pass the interface
1684 * name to pcap_create() and pcap_activate(),
1685 * in order to handle OSes where interfaces can
1686 * have names that are just numbers (stand up
1687 * and say hello, Linux!), and, if pcap_activate()
1688 * fails with a "no such device" error, checks
1689 * whether the interface name is a valid number
1690 * and, if so, tries to use it as an index in
1691 * the list of interfaces.
1692 *
1693 * That means pcap_create() must succeed even
1694 * for interfaces that don't exist, with the
1695 * failure occurring at pcap_activate() time.
1696 */
1697 if (error == ERROR_BAD_UNIT ||
1698 error == ERROR_ACCESS_DENIED) {
1699 p->tstamp_type_count = 0;
1700 p->tstamp_type_list = NULL;
1701 status = 0;
1702 } else {
1703 pcapint_fmt_errmsg_for_win32_err(ebuf,
1704 PCAP_ERRBUF_SIZE, error,
1705 "Error opening adapter");
1706 status = -1;
1707 }
1708 break;
1709 }
1710
1711 /*
1712 * Get the total number of time stamp modes.
1713 *
1714 * The buffer for PacketGetTimestampModes() is
1715 * a sequence of 1 or more ULONGs. What's
1716 * passed to PacketGetTimestampModes() should have
1717 * the total number of ULONGs in the first ULONG;
1718 * what's returned *from* PacketGetTimestampModes()
1719 * has the total number of time stamp modes in
1720 * the first ULONG.
1721 *
1722 * Yes, that means if there are N time stamp
1723 * modes, the first ULONG should be set to N+1
1724 * on input, and will be set to N on output.
1725 *
1726 * We first make a call to PacketGetTimestampModes()
1727 * with a pointer to a single ULONG set to 1; the
1728 * call should fail with ERROR_MORE_DATA (unless
1729 * there are *no* modes, but that should never
1730 * happen), and that ULONG should be set to the
1731 * number of modes.
1732 */
1733 ts_modes[0] = sizeof(ts_modes) / sizeof(ULONG);
1734 ret = PacketGetTimestampModes(adapter, ts_modes);
1735 if (!ret) {
1736 /*
1737 * OK, it failed. Did it fail with
1738 * ERROR_MORE_DATA?
1739 */
1740 error = GetLastError();
1741 if (error != ERROR_MORE_DATA) {
1742 /*
1743 * No, did it fail with ERROR_INVALID_FUNCTION?
1744 */
1745 if (error == ERROR_INVALID_FUNCTION) {
1746 /*
1747 * This is probably due to
1748 * the driver with which Packet.dll
1749 * communicates being older, or
1750 * being a WinPcap driver, so
1751 * that it doesn't support
1752 * BIOCGTIMESTAMPMODES.
1753 *
1754 * Tell the user to try uninstalling
1755 * Npcap - and WinPcap if installed -
1756 * and re-installing it, to flush
1757 * out all older drivers.
1758 */
1759 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1760 "PacketGetTimestampModes() failed with ERROR_INVALID_FUNCTION; try uninstalling Npcap, and WinPcap if installed, and re-installing it from npcap.com");
1761 status = -1;
1762 break;
1763 }
1764
1765 /*
1766 * No, some other error. Fail.
1767 */
1768 pcapint_fmt_errmsg_for_win32_err(ebuf,
1769 PCAP_ERRBUF_SIZE, error,
1770 "Error calling PacketGetTimestampModes");
1771 status = -1;
1772 break;
1773 }
1774
1775 /*
1776 * Yes, so we now know how many types to fetch.
1777 *
1778 * The buffer needs to have one ULONG for the
1779 * count and num_ts_modes ULONGs for the
1780 * num_ts_modes time stamp types.
1781 */
1782 num_ts_modes = ts_modes[0];
1783 modes = (ULONG *)malloc((1 + num_ts_modes) * sizeof(ULONG));
1784 if (modes == NULL) {
1785 /* Out of memory. */
1786 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, errno, "malloc");
1787 status = -1;
1788 break;
1789 }
1790 modes[0] = 1 + num_ts_modes;
1791 if (!PacketGetTimestampModes(adapter, modes)) {
1792 pcapint_fmt_errmsg_for_win32_err(ebuf,
1793 PCAP_ERRBUF_SIZE, GetLastError(),
1794 "Error calling PacketGetTimestampModes");
1795 status = -1;
1796 break;
1797 }
1798 if (modes[0] != num_ts_modes) {
1799 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1800 "First PacketGetTimestampModes() call gives %lu modes, second call gives %lu modes",
1801 num_ts_modes, modes[0]);
1802 status = -1;
1803 break;
1804 }
1805 }
1806 else {
1807 modes = ts_modes;
1808 num_ts_modes = ts_modes[0];
1809 }
1810
1811 /* If the driver reports no modes supported *and*
1812 * ERROR_MORE_DATA, something is seriously wrong.
1813 * We *could* ignore the error and continue without supporting
1814 * settable timestamp modes, but that would hide a bug.
1815 */
1816 if (modes[0] == 0) {
1817 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1818 "PacketGetTimestampModes() reports 0 modes supported.");
1819 status = -1;
1820 break;
1821 }
1822
1823 /*
1824 * Allocate a buffer big enough for
1825 * PCAP_TSTAMP_HOST (default) plus
1826 * the explicitly specified modes.
1827 */
1828 p->tstamp_type_list = malloc((1 + num_ts_modes) * sizeof(u_int));
1829 if (p->tstamp_type_list == NULL) {
1830 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, errno, "malloc");
1831 status = -1;
1832 break;
1833 }
1834 u_int num_ts_types = 0;
1835 p->tstamp_type_list[num_ts_types] =
1836 PCAP_TSTAMP_HOST;
1837 num_ts_types++;
1838 for (ULONG i = 0; i < num_ts_modes; i++) {
1839 switch (modes[i + 1]) {
1840
1841 case TIMESTAMPMODE_SINGLE_SYNCHRONIZATION:
1842 /*
1843 * Better than low-res,
1844 * but *not* synchronized
1845 * with the OS clock.
1846 */
1847 p->tstamp_type_list[num_ts_types] =
1848 PCAP_TSTAMP_HOST_HIPREC_UNSYNCED;
1849 num_ts_types++;
1850 break;
1851
1852 case TIMESTAMPMODE_QUERYSYSTEMTIME:
1853 /*
1854 * Low-res, but synchronized
1855 * with the OS clock.
1856 */
1857 p->tstamp_type_list[num_ts_types] =
1858 PCAP_TSTAMP_HOST_LOWPREC;
1859 num_ts_types++;
1860 break;
1861
1862 case TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE:
1863 /*
1864 * High-res, and synchronized
1865 * with the OS clock.
1866 */
1867 p->tstamp_type_list[num_ts_types] =
1868 PCAP_TSTAMP_HOST_HIPREC;
1869 num_ts_types++;
1870 break;
1871
1872 default:
1873 /*
1874 * Unknown, so we can't
1875 * report it.
1876 */
1877 break;
1878 }
1879 }
1880 p->tstamp_type_count = num_ts_types;
1881 } while (0);
1882
1883 /* Clean up temporary allocations */
1884 if (device_copy != NULL) {
1885 free(device_copy);
1886 }
1887 if (modes != NULL && modes != ts_modes) {
1888 free(modes);
1889 }
1890 if (adapter != NULL) {
1891 PacketCloseAdapter(adapter);
1892 }
1893
1894 return status;
1895 }
1896 #else /* HAVE_PACKET_GET_TIMESTAMP_MODES */
1897 static int
1898 get_ts_types(const char *device _U_, pcap_t *p _U_, char *ebuf _U_)
1899 {
1900 /*
1901 * Nothing to fetch, so it always "succeeds".
1902 */
1903 return 0;
1904 }
1905 #endif /* HAVE_PACKET_GET_TIMESTAMP_MODES */
1906
1907 pcap_t *
1908 pcapint_create_interface(const char *device _U_, char *ebuf)
1909 {
1910 pcap_t *p;
1911
1912 p = PCAP_CREATE_COMMON(ebuf, struct pcap_win);
1913 if (p == NULL)
1914 return (NULL);
1915
1916 p->activate_op = pcap_activate_npf;
1917 p->can_set_rfmon_op = pcap_can_set_rfmon_npf;
1918
1919 if (get_ts_types(device, p, ebuf) == -1) {
1920 pcap_close(p);
1921 return (NULL);
1922 }
1923 return (p);
1924 }
1925
1926 static int
1927 pcap_setfilter_npf(pcap_t *p, struct bpf_program *fp)
1928 {
1929 struct pcap_win *pw = p->priv;
1930
1931 if(PacketSetBpf(pw->adapter,fp)==FALSE){
1932 /*
1933 * Kernel filter not installed.
1934 *
1935 * XXX - we don't know whether this failed because:
1936 *
1937 * the kernel rejected the filter program as invalid,
1938 * in which case we should fall back on userland
1939 * filtering;
1940 *
1941 * the kernel rejected the filter program as too big,
1942 * in which case we should again fall back on
1943 * userland filtering;
1944 *
1945 * there was some other problem, in which case we
1946 * should probably report an error.
1947 *
1948 * For NPF devices, the Win32 status will be
1949 * STATUS_INVALID_DEVICE_REQUEST for invalid
1950 * filters, but I don't know what it'd be for
1951 * other problems, and for some other devices
1952 * it might not be set at all.
1953 *
1954 * So we just fall back on userland filtering in
1955 * all cases.
1956 */
1957
1958 /*
1959 * pcapint_install_bpf_program() validates the program.
1960 *
1961 * XXX - what if we already have a filter in the kernel?
1962 */
1963 if (pcapint_install_bpf_program(p, fp) < 0)
1964 return (-1);
1965 pw->filtering_in_kernel = 0; /* filtering in userland */
1966 return (0);
1967 }
1968
1969 /*
1970 * It worked.
1971 */
1972 pw->filtering_in_kernel = 1; /* filtering in the kernel */
1973
1974 /*
1975 * Discard any previously-received packets, as they might have
1976 * passed whatever filter was formerly in effect, but might
1977 * not pass this filter (BIOCSETF discards packets buffered
1978 * in the kernel, so you can lose packets in any case).
1979 */
1980 p->cc = 0;
1981 return (0);
1982 }
1983
1984 /*
1985 * We filter at user level, since the kernel driver doesn't process the packets
1986 */
1987 static int
1988 pcap_setfilter_win32_dag(pcap_t *p, struct bpf_program *fp) {
1989
1990 if(!fp)
1991 {
1992 pcapint_strlcpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf));
1993 return (-1);
1994 }
1995
1996 /* Install a user level filter */
1997 if (pcapint_install_bpf_program(p, fp) < 0)
1998 return (-1);
1999
2000 return (0);
2001 }
2002
2003 static int
2004 pcap_getnonblock_npf(pcap_t *p)
2005 {
2006 struct pcap_win *pw = p->priv;
2007
2008 /*
2009 * XXX - if there were a PacketGetReadTimeout() call, we
2010 * would use it, and return 1 if the timeout is -1
2011 * and 0 otherwise.
2012 */
2013 return (pw->nonblock);
2014 }
2015
2016 static int
2017 pcap_setnonblock_npf(pcap_t *p, int nonblock)
2018 {
2019 struct pcap_win *pw = p->priv;
2020 int newtimeout;
2021
2022 if (nonblock) {
2023 /*
2024 * Set the packet buffer timeout to -1 for non-blocking
2025 * mode.
2026 */
2027 newtimeout = -1;
2028 } else {
2029 /*
2030 * Restore the timeout set when the device was opened.
2031 * (Note that this may be -1, in which case we're not
2032 * really leaving non-blocking mode. However, although
2033 * the timeout argument to pcap_set_timeout() and
2034 * pcap_open_live() is an int, you're not supposed to
2035 * supply a negative value, so that "shouldn't happen".)
2036 */
2037 newtimeout = p->opt.timeout;
2038 }
2039 if (!PacketSetReadTimeout(pw->adapter, newtimeout)) {
2040 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
2041 GetLastError(), "PacketSetReadTimeout");
2042 return (-1);
2043 }
2044 pw->nonblock = (newtimeout == -1);
2045 return (0);
2046 }
2047
2048 static int
2049 pcap_add_if_npf(pcap_if_list_t *devlistp, char *name, bpf_u_int32 flags,
2050 const char *description, char *errbuf)
2051 {
2052 pcap_if_t *curdev;
2053 npf_if_addr if_addrs[MAX_NETWORK_ADDRESSES];
2054 LONG if_addr_size;
2055 int res = 0;
2056
2057 if_addr_size = MAX_NETWORK_ADDRESSES;
2058
2059 /*
2060 * Add an entry for this interface, with no addresses.
2061 */
2062 curdev = pcapint_add_dev(devlistp, name, flags, description, errbuf);
2063 if (curdev == NULL) {
2064 /*
2065 * Failure.
2066 */
2067 return (-1);
2068 }
2069
2070 /*
2071 * Get the list of addresses for the interface.
2072 */
2073 if (!PacketGetNetInfoEx((void *)name, if_addrs, &if_addr_size)) {
2074 /*
2075 * Failure.
2076 *
2077 * We don't return an error, because this can happen with
2078 * NdisWan interfaces, and we want to supply them even
2079 * if we can't supply their addresses.
2080 *
2081 * We return an entry with an empty address list.
2082 */
2083 return (0);
2084 }
2085
2086 /*
2087 * Now add the addresses.
2088 */
2089 while (if_addr_size-- > 0) {
2090 /*
2091 * "curdev" is an entry for this interface; add an entry for
2092 * this address to its list of addresses.
2093 */
2094 res = pcapint_add_addr_to_dev(curdev,
2095 (struct sockaddr *)&if_addrs[if_addr_size].IPAddress,
2096 sizeof (struct sockaddr_storage),
2097 (struct sockaddr *)&if_addrs[if_addr_size].SubnetMask,
2098 sizeof (struct sockaddr_storage),
2099 (struct sockaddr *)&if_addrs[if_addr_size].Broadcast,
2100 sizeof (struct sockaddr_storage),
2101 NULL,
2102 0,
2103 errbuf);
2104 if (res == -1) {
2105 /*
2106 * Failure.
2107 */
2108 break;
2109 }
2110 }
2111
2112 return (res);
2113 }
2114
2115 static int
2116 get_if_flags(const char *name, bpf_u_int32 *flags, char *errbuf)
2117 {
2118 char *name_copy;
2119 ADAPTER *adapter;
2120 int status;
2121 size_t len;
2122 NDIS_HARDWARE_STATUS hardware_status;
2123 #ifdef OID_GEN_PHYSICAL_MEDIUM
2124 NDIS_PHYSICAL_MEDIUM phys_medium;
2125 bpf_u_int32 gen_physical_medium_oids[] = {
2126 #ifdef OID_GEN_PHYSICAL_MEDIUM_EX
2127 OID_GEN_PHYSICAL_MEDIUM_EX,
2128 #endif
2129 OID_GEN_PHYSICAL_MEDIUM
2130 };
2131 #define N_GEN_PHYSICAL_MEDIUM_OIDS (sizeof gen_physical_medium_oids / sizeof gen_physical_medium_oids[0])
2132 size_t i;
2133 #endif /* OID_GEN_PHYSICAL_MEDIUM */
2134 #ifdef OID_GEN_LINK_STATE
2135 NDIS_LINK_STATE link_state;
2136 #endif
2137 int connect_status;
2138
2139 if (*flags & PCAP_IF_LOOPBACK) {
2140 /*
2141 * Loopback interface, so the connection status doesn't
2142 * apply. and it's not wireless (or wired, for that
2143 * matter...). We presume it's up and running.
2144 */
2145 *flags |= PCAP_IF_UP | PCAP_IF_RUNNING | PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE;
2146 return (0);
2147 }
2148
2149 /*
2150 * We need to open the adapter to get this information.
2151 *
2152 * XXX - PacketOpenAdapter() takes a non-const pointer
2153 * as an argument, so we make a copy of the argument and
2154 * pass that to it.
2155 */
2156 name_copy = strdup(name);
2157 adapter = PacketOpenAdapter(name_copy);
2158 free(name_copy);
2159 if (adapter == NULL) {
2160 /*
2161 * Give up; if they try to open this device, it'll fail.
2162 */
2163 return (0);
2164 }
2165
2166 #ifdef HAVE_AIRPCAP_API
2167 /*
2168 * Airpcap.sys do not support the below 'OID_GEN_x' values.
2169 * Just set these flags (and none of the '*flags' entered with).
2170 */
2171 if (PacketGetAirPcapHandle(adapter)) {
2172 /*
2173 * Must be "up" and "running" if the above if succeeded.
2174 */
2175 *flags = PCAP_IF_UP | PCAP_IF_RUNNING;
2176
2177 /*
2178 * An airpcap device is a wireless device (duh!)
2179 */
2180 *flags |= PCAP_IF_WIRELESS;
2181
2182 /*
2183 * A "network association state" makes no sense for airpcap.
2184 */
2185 *flags |= PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE;
2186 PacketCloseAdapter(adapter);
2187 return (0);
2188 }
2189 #endif
2190
2191 /*
2192 * Get the hardware status, and derive "up" and "running" from
2193 * that.
2194 */
2195 len = sizeof (hardware_status);
2196 status = oid_get_request(adapter, OID_GEN_HARDWARE_STATUS,
2197 &hardware_status, &len, errbuf);
2198 if (status == 0) {
2199 switch (hardware_status) {
2200
2201 case NdisHardwareStatusReady:
2202 /*
2203 * "Available and capable of sending and receiving
2204 * data over the wire", so up and running.
2205 */
2206 *flags |= PCAP_IF_UP | PCAP_IF_RUNNING;
2207 break;
2208
2209 case NdisHardwareStatusInitializing:
2210 case NdisHardwareStatusReset:
2211 /*
2212 * "Initializing" or "Resetting", so up, but
2213 * not running.
2214 */
2215 *flags |= PCAP_IF_UP;
2216 break;
2217
2218 case NdisHardwareStatusClosing:
2219 case NdisHardwareStatusNotReady:
2220 /*
2221 * "Closing" or "Not ready", so neither up nor
2222 * running.
2223 */
2224 break;
2225
2226 default:
2227 /*
2228 * Unknown.
2229 */
2230 break;
2231 }
2232 } else {
2233 /*
2234 * Can't get the hardware status, so assume both up and
2235 * running.
2236 */
2237 *flags |= PCAP_IF_UP | PCAP_IF_RUNNING;
2238 }
2239
2240 /*
2241 * Get the network type.
2242 */
2243 #ifdef OID_GEN_PHYSICAL_MEDIUM
2244 /*
2245 * Try the OIDs we have for this, in order.
2246 */
2247 for (i = 0; i < N_GEN_PHYSICAL_MEDIUM_OIDS; i++) {
2248 len = sizeof (phys_medium);
2249 status = oid_get_request(adapter, gen_physical_medium_oids[i],
2250 &phys_medium, &len, errbuf);
2251 if (status == 0) {
2252 /*
2253 * Success.
2254 */
2255 break;
2256 }
2257 /*
2258 * Failed. We can't determine whether it failed
2259 * because that particular OID isn't supported
2260 * or because some other problem occurred, so we
2261 * just drive on and try the next OID.
2262 */
2263 }
2264 if (status == 0) {
2265 /*
2266 * We got the physical medium.
2267 *
2268 * XXX - we might want to check for NdisPhysicalMediumWiMax
2269 * and NdisPhysicalMediumNative802_15_4 being
2270 * part of the enum, and check for those in the "wireless"
2271 * case.
2272 */
2273 DIAG_OFF_ENUM_SWITCH
2274 switch (phys_medium) {
2275
2276 case NdisPhysicalMediumWirelessLan:
2277 case NdisPhysicalMediumWirelessWan:
2278 case NdisPhysicalMediumNative802_11:
2279 case NdisPhysicalMediumBluetooth:
2280 case NdisPhysicalMediumUWB:
2281 case NdisPhysicalMediumIrda:
2282 /*
2283 * Wireless.
2284 */
2285 *flags |= PCAP_IF_WIRELESS;
2286 break;
2287
2288 default:
2289 /*
2290 * Not wireless or unknown
2291 */
2292 break;
2293 }
2294 DIAG_ON_ENUM_SWITCH
2295 }
2296 #endif
2297
2298 /*
2299 * Get the connection status.
2300 */
2301 #ifdef OID_GEN_LINK_STATE
2302 len = sizeof(link_state);
2303 status = oid_get_request(adapter, OID_GEN_LINK_STATE, &link_state,
2304 &len, errbuf);
2305 if (status == 0) {
2306 /*
2307 * NOTE: this also gives us the receive and transmit
2308 * link state.
2309 */
2310 switch (link_state.MediaConnectState) {
2311
2312 case MediaConnectStateConnected:
2313 /*
2314 * It's connected.
2315 */
2316 *flags |= PCAP_IF_CONNECTION_STATUS_CONNECTED;
2317 break;
2318
2319 case MediaConnectStateDisconnected:
2320 /*
2321 * It's disconnected.
2322 */
2323 *flags |= PCAP_IF_CONNECTION_STATUS_DISCONNECTED;
2324 break;
2325
2326 case MediaConnectStateUnknown:
2327 default:
2328 /*
2329 * It's unknown whether it's connected or not.
2330 */
2331 break;
2332 }
2333 }
2334 #else
2335 /*
2336 * OID_GEN_LINK_STATE isn't supported because it's not in our SDK.
2337 */
2338 status = -1;
2339 #endif
2340 if (status == -1) {
2341 /*
2342 * OK, OID_GEN_LINK_STATE didn't work, try
2343 * OID_GEN_MEDIA_CONNECT_STATUS.
2344 */
2345 status = oid_get_request(adapter, OID_GEN_MEDIA_CONNECT_STATUS,
2346 &connect_status, &len, errbuf);
2347 if (status == 0) {
2348 switch (connect_status) {
2349
2350 case NdisMediaStateConnected:
2351 /*
2352 * It's connected.
2353 */
2354 *flags |= PCAP_IF_CONNECTION_STATUS_CONNECTED;
2355 break;
2356
2357 case NdisMediaStateDisconnected:
2358 /*
2359 * It's disconnected.
2360 */
2361 *flags |= PCAP_IF_CONNECTION_STATUS_DISCONNECTED;
2362 break;
2363 }
2364 }
2365 }
2366 PacketCloseAdapter(adapter);
2367 return (0);
2368 }
2369
2370 int
2371 pcapint_platform_finddevs(pcap_if_list_t *devlistp, char *errbuf)
2372 {
2373 int ret = 0;
2374 const char *desc;
2375 char *AdaptersName;
2376 ULONG NameLength;
2377 char *name;
2378
2379 /*
2380 * Find out how big a buffer we need.
2381 *
2382 * This call should always return FALSE; if the error is
2383 * ERROR_INSUFFICIENT_BUFFER, NameLength will be set to
2384 * the size of the buffer we need, otherwise there's a
2385 * problem, and NameLength should be set to 0.
2386 *
2387 * It shouldn't require NameLength to be set, but,
2388 * at least as of WinPcap 4.1.3, it checks whether
2389 * NameLength is big enough before it checks for a
2390 * NULL buffer argument, so, while it'll still do
2391 * the right thing if NameLength is uninitialized and
2392 * whatever junk happens to be there is big enough
2393 * (because the pointer argument will be null), it's
2394 * still reading an uninitialized variable.
2395 */
2396 NameLength = 0;
2397 if (!PacketGetAdapterNames(NULL, &NameLength))
2398 {
2399 DWORD last_error = GetLastError();
2400
2401 if (last_error != ERROR_INSUFFICIENT_BUFFER)
2402 {
2403 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
2404 last_error, "PacketGetAdapterNames");
2405 return (-1);
2406 }
2407 }
2408
2409 if (NameLength <= 0)
2410 return 0;
2411 AdaptersName = (char*) malloc(NameLength);
2412 if (AdaptersName == NULL)
2413 {
2414 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Cannot allocate enough memory to list the adapters.");
2415 return (-1);
2416 }
2417
2418 if (!PacketGetAdapterNames(AdaptersName, &NameLength)) {
2419 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
2420 GetLastError(), "PacketGetAdapterNames");
2421 free(AdaptersName);
2422 return (-1);
2423 }
2424
2425 /*
2426 * "PacketGetAdapterNames()" returned a list of
2427 * null-terminated ASCII interface name strings,
2428 * terminated by a null string, followed by a list
2429 * of null-terminated ASCII interface description
2430 * strings, terminated by a null string.
2431 * This means there are two ASCII nulls at the end
2432 * of the first list.
2433 *
2434 * Find the end of the first list; that's the
2435 * beginning of the second list.
2436 */
2437 desc = &AdaptersName[0];
2438 while (*desc != '\0' || *(desc + 1) != '\0')
2439 desc++;
2440
2441 /*
2442 * Found it - "desc" points to the first of the two
2443 * nulls at the end of the list of names, so the
2444 * first byte of the list of descriptions is two bytes
2445 * after it.
2446 */
2447 desc += 2;
2448
2449 /*
2450 * Loop over the elements in the first list.
2451 */
2452 name = &AdaptersName[0];
2453 while (*name != '\0') {
2454 bpf_u_int32 flags = 0;
2455
2456 #ifdef HAVE_AIRPCAP_API
2457 /*
2458 * Is this an AirPcap device?
2459 * If so, ignore it; it'll get added later, by the
2460 * AirPcap code.
2461 */
2462 if (device_is_airpcap(name, errbuf) == 1) {
2463 name += strlen(name) + 1;
2464 desc += strlen(desc) + 1;
2465 continue;
2466 }
2467 #endif
2468
2469 #ifdef HAVE_PACKET_IS_LOOPBACK_ADAPTER
2470 /*
2471 * Is this a loopback interface?
2472 */
2473 if (PacketIsLoopbackAdapter(name)) {
2474 /* Yes */
2475 flags |= PCAP_IF_LOOPBACK;
2476 }
2477 #endif
2478 /*
2479 * Get additional flags.
2480 */
2481 if (get_if_flags(name, &flags, errbuf) == -1) {
2482 /*
2483 * Failure.
2484 */
2485 ret = -1;
2486 break;
2487 }
2488
2489 /*
2490 * Add an entry for this interface.
2491 */
2492 if (pcap_add_if_npf(devlistp, name, flags, desc,
2493 errbuf) == -1) {
2494 /*
2495 * Failure.
2496 */
2497 ret = -1;
2498 break;
2499 }
2500 name += strlen(name) + 1;
2501 desc += strlen(desc) + 1;
2502 }
2503
2504 free(AdaptersName);
2505 return (ret);
2506 }
2507
2508 /*
2509 * Return the name of a network interface attached to the system, or NULL
2510 * if none can be found. The interface must be configured up; the
2511 * lowest unit number is preferred; loopback is ignored.
2512 *
2513 * In the best of all possible worlds, this would be the same as on
2514 * UN*X, but there may be software that expects this to return a
2515 * full list of devices after the first device.
2516 */
2517 #define ADAPTERSNAME_LEN 8192
2518 char *
2519 pcap_lookupdev(char *errbuf)
2520 {
2521 DWORD dwVersion;
2522 DWORD dwWindowsMajorVersion;
2523
2524 /*
2525 * We disable this in "new API" mode, because 1) in WinPcap/Npcap,
2526 * it may return UTF-16 strings, for backwards-compatibility
2527 * reasons, and we're also disabling the hack to make that work,
2528 * for not-going-past-the-end-of-a-string reasons, and 2) we
2529 * want its behavior to be consistent.
2530 *
2531 * In addition, it's not thread-safe, so we've marked it as
2532 * deprecated.
2533 */
2534 if (pcapint_new_api) {
2535 snprintf(errbuf, PCAP_ERRBUF_SIZE,
2536 "pcap_lookupdev() is deprecated and is not supported in programs calling pcap_init()");
2537 return (NULL);
2538 }
2539
2540 /* disable MSVC's GetVersion() deprecated warning here */
2541 DIAG_OFF_DEPRECATION
2542 dwVersion = GetVersion(); /* get the OS version */
2543 DIAG_ON_DEPRECATION
2544 dwWindowsMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));
2545
2546 if (dwVersion >= 0x80000000 && dwWindowsMajorVersion >= 4) {
2547 /*
2548 * Windows 95, 98, ME.
2549 */
2550 ULONG NameLength = ADAPTERSNAME_LEN;
2551 static char AdaptersName[ADAPTERSNAME_LEN];
2552
2553 if (PacketGetAdapterNames(AdaptersName,&NameLength) )
2554 return (AdaptersName);
2555 else
2556 return NULL;
2557 } else {
2558 /*
2559 * Windows NT (NT 4.0 and later).
2560 * Convert the names to Unicode for backward compatibility.
2561 */
2562 ULONG NameLength = ADAPTERSNAME_LEN;
2563 static WCHAR AdaptersName[ADAPTERSNAME_LEN];
2564 size_t BufferSpaceLeft;
2565 char *tAstr;
2566 WCHAR *Unameptr;
2567 char *Adescptr;
2568 size_t namelen, i;
2569 WCHAR *TAdaptersName = (WCHAR*)malloc(ADAPTERSNAME_LEN * sizeof(WCHAR));
2570 int NAdapts = 0;
2571
2572 if(TAdaptersName == NULL)
2573 {
2574 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "memory allocation failure");
2575 return NULL;
2576 }
2577
2578 if ( !PacketGetAdapterNames((PTSTR)TAdaptersName,&NameLength) )
2579 {
2580 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
2581 GetLastError(), "PacketGetAdapterNames");
2582 free(TAdaptersName);
2583 return NULL;
2584 }
2585
2586
2587 BufferSpaceLeft = ADAPTERSNAME_LEN * sizeof(WCHAR);
2588 tAstr = (char*)TAdaptersName;
2589 Unameptr = AdaptersName;
2590
2591 /*
2592 * Convert the device names to Unicode into AdapterName.
2593 */
2594 do {
2595 /*
2596 * Length of the name, including the terminating
2597 * NUL.
2598 */
2599 namelen = strlen(tAstr) + 1;
2600
2601 /*
2602 * Do we have room for the name in the Unicode
2603 * buffer?
2604 */
2605 if (BufferSpaceLeft < namelen * sizeof(WCHAR)) {
2606 /*
2607 * No.
2608 */
2609 goto quit;
2610 }
2611 BufferSpaceLeft -= namelen * sizeof(WCHAR);
2612
2613 /*
2614 * Copy the name, converting ASCII to Unicode.
2615 * namelen includes the NUL, so we copy it as
2616 * well.
2617 */
2618 for (i = 0; i < namelen; i++)
2619 *Unameptr++ = *tAstr++;
2620
2621 /*
2622 * Count this adapter.
2623 */
2624 NAdapts++;
2625 } while (namelen != 1);
2626
2627 /*
2628 * Copy the descriptions, but don't convert them from
2629 * ASCII to Unicode.
2630 */
2631 Adescptr = (char *)Unameptr;
2632 while(NAdapts--)
2633 {
2634 size_t desclen;
2635
2636 desclen = strlen(tAstr) + 1;
2637
2638 /*
2639 * Do we have room for the name in the Unicode
2640 * buffer?
2641 */
2642 if (BufferSpaceLeft < desclen) {
2643 /*
2644 * No.
2645 */
2646 goto quit;
2647 }
2648
2649 /*
2650 * Just copy the ASCII string.
2651 * namelen includes the NUL, so we copy it as
2652 * well.
2653 */
2654 memcpy(Adescptr, tAstr, desclen);
2655 Adescptr += desclen;
2656 tAstr += desclen;
2657 BufferSpaceLeft -= desclen;
2658 }
2659
2660 quit:
2661 free(TAdaptersName);
2662 return (char *)(AdaptersName);
2663 }
2664 }
2665
2666 /*
2667 * We can't use the same code that we use on UN*X, as that's doing
2668 * UN*X-specific calls.
2669 *
2670 * We don't just fetch the entire list of devices, search for the
2671 * particular device, and use its first IPv4 address, as that's too
2672 * much work to get just one device's netmask.
2673 */
2674 int
2675 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp,
2676 char *errbuf)
2677 {
2678 /*
2679 * We need only the first IPv4 address, so we must scan the array returned by PacketGetNetInfo()
2680 * in order to skip non IPv4 (i.e. IPv6 addresses)
2681 */
2682 npf_if_addr if_addrs[MAX_NETWORK_ADDRESSES];
2683 LONG if_addr_size = MAX_NETWORK_ADDRESSES;
2684 struct sockaddr_in *t_addr;
2685 LONG i;
2686
2687 if (!PacketGetNetInfoEx((void *)device, if_addrs, &if_addr_size)) {
2688 *netp = *maskp = 0;
2689 return (0);
2690 }
2691
2692 for(i = 0; i < if_addr_size; i++)
2693 {
2694 if(if_addrs[i].IPAddress.ss_family == AF_INET)
2695 {
2696 t_addr = (struct sockaddr_in *) &(if_addrs[i].IPAddress);
2697 *netp = t_addr->sin_addr.S_un.S_addr;
2698 t_addr = (struct sockaddr_in *) &(if_addrs[i].SubnetMask);
2699 *maskp = t_addr->sin_addr.S_un.S_addr;
2700
2701 *netp &= *maskp;
2702 return (0);
2703 }
2704
2705 }
2706
2707 *netp = *maskp = 0;
2708 return (0);
2709 }
2710
2711 static const char *pcap_lib_version_string;
2712
2713 #ifdef HAVE_VERSION_H
2714 /*
2715 * libpcap being built for Windows, as part of a WinPcap/Npcap source
2716 * tree. Include version.h from that source tree to get the WinPcap/Npcap
2717 * version.
2718 *
2719 * XXX - it'd be nice if we could somehow generate the WinPcap/Npcap version
2720 * number when building as part of WinPcap/Npcap. (It'd be nice to do so
2721 * for the packet.dll version number as well.)
2722 */
2723 #include "../../version.h"
2724
2725 static const char pcap_version_string[] =
2726 WINPCAP_PRODUCT_NAME " version " WINPCAP_VER_STRING ", based on " PCAP_VERSION_STRING;
2727
2728 const char *
2729 pcap_lib_version(void)
2730 {
2731 if (pcap_lib_version_string == NULL) {
2732 /*
2733 * Generate the version string.
2734 */
2735 const char *packet_version_string = PacketGetVersion();
2736
2737 if (strcmp(WINPCAP_VER_STRING, packet_version_string) == 0) {
2738 /*
2739 * WinPcap/Npcap version string and packet.dll version
2740 * string are the same; just report the WinPcap/Npcap
2741 * version.
2742 */
2743 pcap_lib_version_string = pcap_version_string;
2744 } else {
2745 /*
2746 * WinPcap/Npcap version string and packet.dll version
2747 * string are different; that shouldn't be the
2748 * case (the two libraries should come from the
2749 * same version of WinPcap/Npcap), so we report both
2750 * versions.
2751 */
2752 char *full_pcap_version_string;
2753
2754 if (pcapint_asprintf(&full_pcap_version_string,
2755 WINPCAP_PRODUCT_NAME " version " WINPCAP_VER_STRING " (packet.dll version %s), based on " PCAP_VERSION_STRING,
2756 packet_version_string) != -1) {
2757 /* Success */
2758 pcap_lib_version_string = full_pcap_version_string;
2759 }
2760 }
2761 }
2762 return (pcap_lib_version_string);
2763 }
2764
2765 #else /* HAVE_VERSION_H */
2766
2767 /*
2768 * libpcap being built for Windows, not as part of a WinPcap/Npcap source
2769 * tree.
2770 */
2771 const char *
2772 pcap_lib_version(void)
2773 {
2774 if (pcap_lib_version_string == NULL) {
2775 /*
2776 * Generate the version string. Report the packet.dll
2777 * version.
2778 */
2779 char *full_pcap_version_string;
2780
2781 if (pcapint_asprintf(&full_pcap_version_string,
2782 PCAP_VERSION_STRING " (packet.dll version %s)",
2783 PacketGetVersion()) != -1) {
2784 /* Success */
2785 pcap_lib_version_string = full_pcap_version_string;
2786 }
2787 }
2788 return (pcap_lib_version_string);
2789 }
2790 #endif /* HAVE_VERSION_H */
[mirror] the LIBpcap interface to various kernel packet capture mechanism