]> The Tcpdump Group git mirrors - libpcap/blob - pcap-npf.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Don't increment packet buffer pointers past the end of the data.
[libpcap] / pcap-npf.c
1 /*
2 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2010 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34 #include <config.h>
35
36 #include <errno.h>
37 #include <limits.h> /* for INT_MAX */
38 #define PCAP_DONT_INCLUDE_PCAP_BPF_H
39 #include <Packet32.h>
40 #include <pcap-int.h>
41 #include <pcap/dlt.h>
42
43 /*
44 * XXX - Packet32.h defines bpf_program, so we can't include
45 * <pcap/bpf.h>, which also defines it; that's why we define
46 * PCAP_DONT_INCLUDE_PCAP_BPF_H,
47 *
48 * However, no header in the WinPcap or Npcap SDKs defines the
49 * macros for BPF code, so we have to define them ourselves.
50 */
51 #define BPF_RET 0x06
52 #define BPF_K 0x00
53
54 /* Old-school MinGW have these headers in a different place.
55 */
56 #if defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)
57 #include <ddk/ntddndis.h>
58 #include <ddk/ndis.h>
59 #else
60 #include <ntddndis.h> /* MSVC/TDM-MinGW/MinGW64 */
61 #endif
62
63 #ifdef HAVE_DAG_API
64 #include <dagnew.h>
65 #include <dagapi.h>
66 #endif /* HAVE_DAG_API */
67
68 #include "diag-control.h"
69
70 #include "pcap-airpcap.h"
71
72 static int pcap_setfilter_npf(pcap_t *, struct bpf_program *);
73 static int pcap_setfilter_win32_dag(pcap_t *, struct bpf_program *);
74 static int pcap_getnonblock_npf(pcap_t *);
75 static int pcap_setnonblock_npf(pcap_t *, int);
76
77 /*dimension of the buffer in the pcap_t structure*/
78 #define WIN32_DEFAULT_USER_BUFFER_SIZE 256000
79
80 /*dimension of the buffer in the kernel driver NPF */
81 #define WIN32_DEFAULT_KERNEL_BUFFER_SIZE 1000000
82
83 /* Equivalent to ntohs(), but a lot faster under Windows */
84 #define SWAPS(_X) ((_X & 0xff) << 8) | (_X >> 8)
85
86 /*
87 * Private data for capturing on WinPcap/Npcap devices.
88 */
89 struct pcap_win {
90 ADAPTER *adapter; /* the packet32 ADAPTER for the device */
91 int nonblock;
92 int rfmon_selfstart; /* a flag tells whether the monitor mode is set by itself */
93 int filtering_in_kernel; /* using kernel filter */
94
95 #ifdef HAVE_DAG_API
96 int dag_fcs_bits; /* Number of checksum bits from link layer */
97 #endif
98
99 #ifdef ENABLE_REMOTE
100 int samp_npkt; /* parameter needed for sampling, with '1 out of N' method has been requested */
101 struct timeval samp_time; /* parameter needed for sampling, with '1 every N ms' method has been requested */
102 #endif
103 };
104
105 /*
106 * Define stub versions of the monitor-mode support routines if this
107 * isn't Npcap. HAVE_NPCAP_PACKET_API is defined by Npcap but not
108 * WinPcap.
109 */
110 #ifndef HAVE_NPCAP_PACKET_API
111 static int
112 PacketIsMonitorModeSupported(PCHAR AdapterName _U_)
113 {
114 /*
115 * We don't support monitor mode.
116 */
117 return (0);
118 }
119
120 static int
121 PacketSetMonitorMode(PCHAR AdapterName _U_, int mode _U_)
122 {
123 /*
124 * This should never be called, as PacketIsMonitorModeSupported()
125 * will return 0, meaning "we don't support monitor mode, so
126 * don't try to turn it on or off".
127 */
128 return (0);
129 }
130
131 static int
132 PacketGetMonitorMode(PCHAR AdapterName _U_)
133 {
134 /*
135 * This should fail, so that pcap_activate_npf() returns
136 * PCAP_ERROR_RFMON_NOTSUP if our caller requested monitor
137 * mode.
138 */
139 return (-1);
140 }
141 #endif
142
143 /*
144 * If a driver returns an NTSTATUS value:
145 *
146 * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/87fba13e-bf06-450e-83b1-9241dc81e781
147 *
148 * with the "Customer" bit set, it will not be mapped to a Windows error
149 * value in userland, so it will be returned by GetLastError().
150 *
151 * Note that "driver" here includes the Npcap NPF driver, as various
152 * versions would take NT status values and set the "Customer" bit
153 * before returning the status code. The commit message for the
154 * change that started doing that is
155 *
156 * Returned a customer-defined NTSTATUS in OID requests to avoid
157 * NTSTATUS-to-Win32 Error code translation.
158 *
159 * but I don't know why the goal was to avoid that translation. For
160 * a while, I suspected that the NT status STATUS_NOT_SUPPORTED was
161 * getting mapped to ERROR_GEN_FAILURE, but, in the cases where
162 * attempts to set promiscuous mode on regular Ethernet devices were
163 * failing with ERROR_GEN_FAILURE, it turns out that the drivers for
164 * those devices were NetAdapterCx drivers, and Microsoft's NetAdapterCx
165 * mechanism wasn't providing the correct "bytes processed" value on
166 * attempts to set OIDs, and the Npcap NPF driver was checking for
167 * that and returning STATUS_UNSUCCESSFUL, which gets mapped to
168 * ERROR_GEN_FAILURE, so perhaps there's no need to avoid that
169 * translation.
170 *
171 * Attempting to set the hardware filter on a Microsoft Surface Pro's
172 * Mobile Broadband Adapter returns an error that appears to be
173 * NDIS_STATUS_NOT_SUPPORTED ORed with the "Customer" bit, so it's
174 * probably indicating that it doesn't support that. It was probably
175 * the NPF driver setting that bit.
176 */
177 #define NT_STATUS_CUSTOMER_DEFINED 0x20000000
178
179 /*
180 * PacketRequest() makes a DeviceIoControl() call to the NPF driver to
181 * perform the OID request, with a BIOCQUERYOID ioctl. The kernel code
182 * should get back one of NDIS_STATUS_INVALID_OID, NDIS_STATUS_NOT_SUPPORTED,
183 * or NDIS_STATUS_NOT_RECOGNIZED if the OID request isn't supported by
184 * the OS or the driver.
185 *
186 * Currently, that code may be returned by the Npcap NPF driver with the
187 * NT_STATUS_CUSTOMER_DEFINED bit. That prevents the return status from
188 * being mapped to a Windows error code; if the NPF driver were to stop
189 * ORing in the NT_STATUS_CUSTOMER_DEFINED bit, it's not obvious how those
190 * the NDIS_STATUS_ values that don't correspond to NTSTATUS values would
191 * be translated to Windows error values (NDIS_STATUS_NOT_SUPPORTED is
192 * the same as STATUS_NOT_SUPPORTED, which is an NTSTATUS value that is
193 * mapped to ERROR_NOT_SUPPORTED).
194 */
195 #define NDIS_STATUS_INVALID_OID 0xc0010017
196 #define NDIS_STATUS_NOT_SUPPORTED 0xc00000bb /* STATUS_NOT_SUPPORTED */
197 #define NDIS_STATUS_NOT_RECOGNIZED 0x00010001
198
199 static int
200 oid_get_request(ADAPTER *adapter, bpf_u_int32 oid, void *data, size_t *lenp,
201 char *errbuf)
202 {
203 PACKET_OID_DATA *oid_data_arg;
204
205 /*
206 * Allocate a PACKET_OID_DATA structure to hand to PacketRequest().
207 * It should be big enough to hold "*lenp" bytes of data; it
208 * will actually be slightly larger, as PACKET_OID_DATA has a
209 * 1-byte data array at the end, standing in for the variable-length
210 * data that's actually there.
211 */
212 oid_data_arg = malloc(sizeof (PACKET_OID_DATA) + *lenp);
213 if (oid_data_arg == NULL) {
214 snprintf(errbuf, PCAP_ERRBUF_SIZE,
215 "Couldn't allocate argument buffer for PacketRequest");
216 return (PCAP_ERROR);
217 }
218
219 /*
220 * No need to copy the data - we're doing a fetch.
221 */
222 oid_data_arg->Oid = oid;
223 oid_data_arg->Length = (ULONG)(*lenp); /* XXX - check for ridiculously large value? */
224 if (!PacketRequest(adapter, FALSE, oid_data_arg)) {
225 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
226 GetLastError(), "Error calling PacketRequest");
227 free(oid_data_arg);
228 return (-1);
229 }
230
231 /*
232 * Get the length actually supplied.
233 */
234 *lenp = oid_data_arg->Length;
235
236 /*
237 * Copy back the data we fetched.
238 */
239 memcpy(data, oid_data_arg->Data, *lenp);
240 free(oid_data_arg);
241 return (0);
242 }
243
244 static int
245 pcap_stats_npf(pcap_t *p, struct pcap_stat *ps)
246 {
247 struct pcap_win *pw = p->priv;
248 struct bpf_stat bstats;
249
250 /*
251 * Try to get statistics.
252 *
253 * (Please note - "struct pcap_stat" is *not* the same as
254 * WinPcap's "struct bpf_stat". It might currently have the
255 * same layout, but let's not cheat.
256 *
257 * Note also that we don't fill in ps_capt, as we might have
258 * been called by code compiled against an earlier version of
259 * WinPcap that didn't have ps_capt, in which case filling it
260 * in would stomp on whatever comes after the structure passed
261 * to us.
262 */
263 if (!PacketGetStats(pw->adapter, &bstats)) {
264 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
265 GetLastError(), "PacketGetStats error");
266 return (-1);
267 }
268 ps->ps_recv = bstats.bs_recv;
269 ps->ps_drop = bstats.bs_drop;
270
271 /*
272 * XXX - PacketGetStats() doesn't fill this in, so we just
273 * return 0.
274 */
275 #if 0
276 ps->ps_ifdrop = bstats.ps_ifdrop;
277 #else
278 ps->ps_ifdrop = 0;
279 #endif
280
281 return (0);
282 }
283
284 /*
285 * Win32-only routine for getting statistics.
286 *
287 * This way is definitely safer than passing the pcap_stat * from the userland.
288 * In fact, there could happen than the user allocates a variable which is not
289 * big enough for the new structure, and the library will write in a zone
290 * which is not allocated to this variable.
291 *
292 * In this way, we're pretty sure we are writing on memory allocated to this
293 * variable.
294 *
295 * XXX - but this is the wrong way to handle statistics. Instead, we should
296 * have an API that returns data in a form like the Options section of a
297 * pcapng Interface Statistics Block:
298 *
299 * https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.6
300 *
301 * which would let us add new statistics straightforwardly and indicate which
302 * statistics we are and are *not* providing, rather than having to provide
303 * possibly-bogus values for statistics we can't provide.
304 */
305 static struct pcap_stat *
306 pcap_stats_ex_npf(pcap_t *p, int *pcap_stat_size)
307 {
308 struct pcap_win *pw = p->priv;
309 struct bpf_stat bstats;
310
311 *pcap_stat_size = sizeof (p->stat);
312
313 /*
314 * Try to get statistics.
315 *
316 * (Please note - "struct pcap_stat" is *not* the same as
317 * WinPcap's "struct bpf_stat". It might currently have the
318 * same layout, but let's not cheat.)
319 */
320 if (!PacketGetStatsEx(pw->adapter, &bstats)) {
321 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
322 GetLastError(), "PacketGetStatsEx error");
323 return (NULL);
324 }
325 p->stat.ps_recv = bstats.bs_recv;
326 p->stat.ps_drop = bstats.bs_drop;
327 p->stat.ps_ifdrop = bstats.ps_ifdrop;
328 /*
329 * Just in case this is ever compiled for a target other than
330 * Windows, which is somewhere between extremely unlikely and
331 * impossible.
332 */
333 #ifdef _WIN32
334 p->stat.ps_capt = bstats.bs_capt;
335 #endif
336 return (&p->stat);
337 }
338
339 /* Set the dimension of the kernel-level capture buffer */
340 static int
341 pcap_setbuff_npf(pcap_t *p, int dim)
342 {
343 struct pcap_win *pw = p->priv;
344
345 if(PacketSetBuff(pw->adapter,dim)==FALSE)
346 {
347 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to allocate the kernel buffer");
348 return (-1);
349 }
350 return (0);
351 }
352
353 /* Set the driver working mode */
354 static int
355 pcap_setmode_npf(pcap_t *p, int mode)
356 {
357 struct pcap_win *pw = p->priv;
358
359 if(PacketSetMode(pw->adapter,mode)==FALSE)
360 {
361 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: working mode not recognized");
362 return (-1);
363 }
364
365 return (0);
366 }
367
368 /*set the minimum amount of data that will release a read call*/
369 static int
370 pcap_setmintocopy_npf(pcap_t *p, int size)
371 {
372 struct pcap_win *pw = p->priv;
373
374 if(PacketSetMinToCopy(pw->adapter, size)==FALSE)
375 {
376 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: unable to set the requested mintocopy size");
377 return (-1);
378 }
379 return (0);
380 }
381
382 static HANDLE
383 pcap_getevent_npf(pcap_t *p)
384 {
385 struct pcap_win *pw = p->priv;
386
387 return (PacketGetReadEvent(pw->adapter));
388 }
389
390 static int
391 pcap_oid_get_request_npf(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp)
392 {
393 struct pcap_win *pw = p->priv;
394
395 return (oid_get_request(pw->adapter, oid, data, lenp, p->errbuf));
396 }
397
398 static int
399 pcap_oid_set_request_npf(pcap_t *p, bpf_u_int32 oid, const void *data,
400 size_t *lenp)
401 {
402 struct pcap_win *pw = p->priv;
403 PACKET_OID_DATA *oid_data_arg;
404
405 /*
406 * Allocate a PACKET_OID_DATA structure to hand to PacketRequest().
407 * It should be big enough to hold "*lenp" bytes of data; it
408 * will actually be slightly larger, as PACKET_OID_DATA has a
409 * 1-byte data array at the end, standing in for the variable-length
410 * data that's actually there.
411 */
412 oid_data_arg = malloc(sizeof (PACKET_OID_DATA) + *lenp);
413 if (oid_data_arg == NULL) {
414 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
415 "Couldn't allocate argument buffer for PacketRequest");
416 return (PCAP_ERROR);
417 }
418
419 oid_data_arg->Oid = oid;
420 oid_data_arg->Length = (ULONG)(*lenp); /* XXX - check for ridiculously large value? */
421 memcpy(oid_data_arg->Data, data, *lenp);
422 if (!PacketRequest(pw->adapter, TRUE, oid_data_arg)) {
423 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
424 GetLastError(), "Error calling PacketRequest");
425 free(oid_data_arg);
426 return (PCAP_ERROR);
427 }
428
429 /*
430 * Get the length actually copied.
431 */
432 *lenp = oid_data_arg->Length;
433
434 /*
435 * No need to copy the data - we're doing a set.
436 */
437 free(oid_data_arg);
438 return (0);
439 }
440
441 static u_int
442 pcap_sendqueue_transmit_npf(pcap_t *p, pcap_send_queue *queue, int sync)
443 {
444 struct pcap_win *pw = p->priv;
445 u_int res;
446
447 res = PacketSendPackets(pw->adapter,
448 queue->buffer,
449 queue->len,
450 (BOOLEAN)sync);
451
452 if(res != queue->len){
453 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
454 GetLastError(), "Error queueing packets");
455 }
456
457 return (res);
458 }
459
460 static int
461 pcap_setuserbuffer_npf(pcap_t *p, int size)
462 {
463 unsigned char *new_buff;
464
465 if (size<=0) {
466 /* Bogus parameter */
467 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
468 "Error: invalid size %d",size);
469 return (-1);
470 }
471
472 /* Allocate the buffer */
473 new_buff=(unsigned char*)malloc(sizeof(char)*size);
474
475 if (!new_buff) {
476 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
477 "Error: not enough memory");
478 return (-1);
479 }
480
481 free(p->buffer);
482
483 p->buffer=new_buff;
484 p->bufsize=size;
485
486 return (0);
487 }
488
489 #ifdef HAVE_NPCAP_PACKET_API
490 /*
491 * Kernel dump mode isn't supported in Npcap; calls to PacketSetDumpName(),
492 * PacketSetDumpLimits(), and PacketIsDumpEnded() will get compile-time
493 * deprecation warnings.
494 *
495 * Avoid calling them; just return errors indicating that kernel dump
496 * mode isn't supported in Npcap.
497 */
498 static int
499 pcap_live_dump_npf(pcap_t *p, char *filename _U_, int maxsize _U_,
500 int maxpacks _U_)
501 {
502 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
503 "Npcap doesn't support kernel dump mode");
504 return (-1);
505 }
506 static int
507 pcap_live_dump_ended_npf(pcap_t *p, int sync)
508 {
509 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
510 "Npcap doesn't support kernel dump mode");
511 return (-1);
512 }
513 #else /* HAVE_NPCAP_PACKET_API */
514 static int
515 pcap_live_dump_npf(pcap_t *p, char *filename, int maxsize, int maxpacks)
516 {
517 struct pcap_win *pw = p->priv;
518 BOOLEAN res;
519
520 /* Set the packet driver in dump mode */
521 res = PacketSetMode(pw->adapter, PACKET_MODE_DUMP);
522 if(res == FALSE){
523 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
524 "Error setting dump mode");
525 return (-1);
526 }
527
528 /* Set the name of the dump file */
529 res = PacketSetDumpName(pw->adapter, filename, (int)strlen(filename));
530 if(res == FALSE){
531 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
532 "Error setting kernel dump file name");
533 return (-1);
534 }
535
536 /* Set the limits of the dump file */
537 res = PacketSetDumpLimits(pw->adapter, maxsize, maxpacks);
538 if(res == FALSE) {
539 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
540 "Error setting dump limit");
541 return (-1);
542 }
543
544 return (0);
545 }
546
547 static int
548 pcap_live_dump_ended_npf(pcap_t *p, int sync)
549 {
550 struct pcap_win *pw = p->priv;
551
552 return (PacketIsDumpEnded(pw->adapter, (BOOLEAN)sync));
553 }
554 #endif /* HAVE_NPCAP_PACKET_API */
555
556 #ifdef HAVE_AIRPCAP_API
557 static PAirpcapHandle
558 pcap_get_airpcap_handle_npf(pcap_t *p)
559 {
560 struct pcap_win *pw = p->priv;
561
562 return (PacketGetAirPcapHandle(pw->adapter));
563 }
564 #else /* HAVE_AIRPCAP_API */
565 static PAirpcapHandle
566 pcap_get_airpcap_handle_npf(pcap_t *p _U_)
567 {
568 return (NULL);
569 }
570 #endif /* HAVE_AIRPCAP_API */
571
572 static int
573 pcap_read_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
574 {
575 PACKET Packet;
576 u_int cc;
577 int n;
578 register u_char *bp, *ep;
579 u_char *datap;
580 struct pcap_win *pw = p->priv;
581
582 cc = p->cc;
583 if (cc == 0) {
584 /*
585 * Has "pcap_breakloop()" been called?
586 */
587 if (p->break_loop) {
588 /*
589 * Yes - clear the flag that indicates that it
590 * has, and return PCAP_ERROR_BREAK to indicate
591 * that we were told to break out of the loop.
592 */
593 p->break_loop = 0;
594 return (PCAP_ERROR_BREAK);
595 }
596
597 /*
598 * Capture the packets.
599 *
600 * The PACKET structure had a bunch of extra stuff for
601 * Windows 9x/Me, but the only interesting data in it
602 * in the versions of Windows that we support is just
603 * a copy of p->buffer, a copy of p->buflen, and the
604 * actual number of bytes read returned from
605 * PacketReceivePacket(), none of which has to be
606 * retained from call to call, so we just keep one on
607 * the stack.
608 */
609 PacketInitPacket(&Packet, (BYTE *)p->buffer, p->bufsize);
610 if (!PacketReceivePacket(pw->adapter, &Packet, TRUE)) {
611 /*
612 * Did the device go away?
613 * If so, the error we get can either be
614 * ERROR_GEN_FAILURE or ERROR_DEVICE_REMOVED.
615 */
616 DWORD errcode = GetLastError();
617
618 if (errcode == ERROR_GEN_FAILURE ||
619 errcode == ERROR_DEVICE_REMOVED) {
620 /*
621 * The device on which we're capturing
622 * went away, or it became unusable
623 * by NPF due to a suspend/resume.
624 *
625 * ERROR_GEN_FAILURE comes from
626 * STATUS_UNSUCCESSFUL, as well as some
627 * other NT status codes that the Npcap
628 * driver is unlikely to return.
629 * XXX - hopefully no other error
630 * conditions are indicated by this.
631 *
632 * ERROR_DEVICE_REMOVED comes from
633 * STATUS_DEVICE_REMOVED.
634 *
635 * We report the Windows status code
636 * name and the corresponding NT status
637 * code name, for the benefit of attempts
638 * to debug cases where this error is
639 * reported when the device *wasn't*
640 * removed, either because it's not
641 * removable, it's removable but wasn't
642 * removed, or it's a device that doesn't
643 * correspond to a physical device.
644 *
645 * XXX - we really should return an
646 * appropriate error for that, but
647 * pcap_dispatch() etc. aren't
648 * documented as having error returns
649 * other than PCAP_ERROR or PCAP_ERROR_BREAK.
650 */
651 const char *errcode_msg;
652
653 if (errcode == ERROR_GEN_FAILURE)
654 errcode_msg = "ERROR_GEN_FAILURE/STATUS_UNSUCCESSFUL";
655 else
656 errcode_msg = "ERROR_DEVICE_REMOVED/STATUS_DEVICE_REMOVED";
657 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
658 "The interface disappeared (error code %s)",
659 errcode_msg);
660 } else {
661 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
662 PCAP_ERRBUF_SIZE, errcode,
663 "PacketReceivePacket error");
664 }
665 return (PCAP_ERROR);
666 }
667
668 cc = Packet.ulBytesReceived;
669
670 bp = p->buffer;
671 }
672 else
673 bp = p->bp;
674
675 /*
676 * Loop through each packet.
677 *
678 * This assumes that a single buffer of packets will have
679 * <= INT_MAX packets, so the packet count doesn't overflow.
680 */
681 #define bhp ((struct bpf_hdr *)bp)
682 n = 0;
683 ep = bp + cc;
684 for (;;) {
685 register u_int caplen, hdrlen;
686 size_t packet_bytes;
687
688 /*
689 * Has "pcap_breakloop()" been called?
690 * If so, return immediately - if we haven't read any
691 * packets, clear the flag and return PCAP_ERROR_BREAK
692 * to indicate that we were told to break out of the loop,
693 * otherwise leave the flag set, so that the *next* call
694 * will break out of the loop without having read any
695 * packets, and return the number of packets we've
696 * processed so far.
697 */
698 if (p->break_loop) {
699 if (n == 0) {
700 p->break_loop = 0;
701 return (PCAP_ERROR_BREAK);
702 } else {
703 p->bp = bp;
704 p->cc = (u_int) (ep - bp);
705 return (n);
706 }
707 }
708 if (bp >= ep)
709 break;
710
711 caplen = bhp->bh_caplen;
712 hdrlen = bhp->bh_hdrlen;
713 datap = bp + hdrlen;
714
715 /*
716 * Compute the number of bytes for this packet in
717 * the buffer.
718 *
719 * That's the sum of the header length and the packet
720 * data length plus, if this is not the last packet,
721 * the padding required to align the next packet on
722 * the appropriate boundary.
723 *
724 * That means that it should be the minimum of the
725 * number of bytes left in the buffer and the
726 * rounded-up sum of the header and packet data lengths.
727 */
728 packet_bytes = min((u_int)(ep - bp), Packet_WORDALIGN(caplen + hdrlen));
729
730 /*
731 * Short-circuit evaluation: if using BPF filter
732 * in kernel, no need to do it now - we already know
733 * the packet passed the filter.
734 *
735 * XXX - pcapint_filter() should always return TRUE if
736 * handed a null pointer for the program, but it might
737 * just try to "run" the filter, so we check here.
738 */
739 if (pw->filtering_in_kernel ||
740 p->fcode.bf_insns == NULL ||
741 pcapint_filter(p->fcode.bf_insns, datap, bhp->bh_datalen, caplen)) {
742 #ifdef ENABLE_REMOTE
743 switch (p->rmt_samp.method) {
744
745 case PCAP_SAMP_1_EVERY_N:
746 pw->samp_npkt = (pw->samp_npkt + 1) % p->rmt_samp.value;
747
748 /* Discard all packets that are not '1 out of N' */
749 if (pw->samp_npkt != 0) {
750 bp += packet_bytes;
751 continue;
752 }
753 break;
754
755 case PCAP_SAMP_FIRST_AFTER_N_MS:
756 {
757 struct pcap_pkthdr *pkt_header = (struct pcap_pkthdr*) bp;
758
759 /*
760 * Check if the timestamp of the arrived
761 * packet is smaller than our target time.
762 */
763 if (pkt_header->ts.tv_sec < pw->samp_time.tv_sec ||
764 (pkt_header->ts.tv_sec == pw->samp_time.tv_sec && pkt_header->ts.tv_usec < pw->samp_time.tv_usec)) {
765 bp += packet_bytes;
766 continue;
767 }
768
769 /*
770 * The arrived packet is suitable for being
771 * delivered to our caller, so let's update
772 * the target time.
773 */
774 pw->samp_time.tv_usec = pkt_header->ts.tv_usec + p->rmt_samp.value * 1000;
775 if (pw->samp_time.tv_usec > 1000000) {
776 pw->samp_time.tv_sec = pkt_header->ts.tv_sec + pw->samp_time.tv_usec / 1000000;
777 pw->samp_time.tv_usec = pw->samp_time.tv_usec % 1000000;
778 }
779 }
780 }
781 #endif /* ENABLE_REMOTE */
782
783 /*
784 * XXX A bpf_hdr matches a pcap_pkthdr.
785 */
786 (*callback)(user, (struct pcap_pkthdr*)bp, datap);
787 bp += packet_bytes;
788 if (++n >= cnt && !PACKET_COUNT_IS_UNLIMITED(cnt)) {
789 p->bp = bp;
790 p->cc = (u_int) (ep - bp);
791 return (n);
792 }
793 } else {
794 /*
795 * Skip this packet.
796 */
797 bp += packet_bytes;
798 }
799 }
800 #undef bhp
801 p->cc = 0;
802 return (n);
803 }
804
805 #ifdef HAVE_DAG_API
806 static int
807 pcap_read_win32_dag(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
808 {
809 struct pcap_win *pw = p->priv;
810 PACKET Packet;
811 u_char *dp = NULL;
812 int packet_len = 0, caplen = 0;
813 struct pcap_pkthdr pcap_header;
814 u_char *endofbuf;
815 int n = 0;
816 dag_record_t *header;
817 unsigned erf_record_len;
818 ULONGLONG ts;
819 int cc;
820 unsigned swt;
821 unsigned dfp = pw->adapter->DagFastProcess;
822
823 cc = p->cc;
824 if (cc == 0) /* Get new packets only if we have processed all the ones of the previous read */
825 {
826 /*
827 * Get new packets from the network.
828 *
829 * The PACKET structure had a bunch of extra stuff for
830 * Windows 9x/Me, but the only interesting data in it
831 * in the versions of Windows that we support is just
832 * a copy of p->buffer, a copy of p->buflen, and the
833 * actual number of bytes read returned from
834 * PacketReceivePacket(), none of which has to be
835 * retained from call to call, so we just keep one on
836 * the stack.
837 */
838 PacketInitPacket(&Packet, (BYTE *)p->buffer, p->bufsize);
839 if (!PacketReceivePacket(pw->adapter, &Packet, TRUE)) {
840 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error: PacketReceivePacket failed");
841 return (-1);
842 }
843
844 cc = Packet.ulBytesReceived;
845 if(cc == 0)
846 /* The timeout has expired but we no packets arrived */
847 return (0);
848 header = (dag_record_t*)pw->adapter->DagBuffer;
849 }
850 else
851 header = (dag_record_t*)p->bp;
852
853 endofbuf = (char*)header + cc;
854
855 /*
856 * This can conceivably process more than INT_MAX packets,
857 * which would overflow the packet count, causing it either
858 * to look like a negative number, and thus cause us to
859 * return a value that looks like an error, or overflow
860 * back into positive territory, and thus cause us to
861 * return a too-low count.
862 *
863 * Therefore, if the packet count is unlimited, we clip
864 * it at INT_MAX; this routine is not expected to
865 * process packets indefinitely, so that's not an issue.
866 */
867 if (PACKET_COUNT_IS_UNLIMITED(cnt))
868 cnt = INT_MAX;
869
870 /*
871 * Cycle through the packets
872 */
873 do
874 {
875 erf_record_len = SWAPS(header->rlen);
876 if((char*)header + erf_record_len > endofbuf)
877 break;
878
879 /* Increase the number of captured packets */
880 p->stat.ps_recv++;
881
882 /* Find the beginning of the packet */
883 dp = ((u_char *)header) + dag_record_size;
884
885 /* Determine actual packet len */
886 switch(header->type)
887 {
888 case TYPE_ATM:
889 packet_len = ATM_SNAPLEN;
890 caplen = ATM_SNAPLEN;
891 dp += 4;
892
893 break;
894
895 case TYPE_ETH:
896 swt = SWAPS(header->wlen);
897 packet_len = swt - (pw->dag_fcs_bits);
898 caplen = erf_record_len - dag_record_size - 2;
899 if (caplen > packet_len)
900 {
901 caplen = packet_len;
902 }
903 dp += 2;
904
905 break;
906
907 case TYPE_HDLC_POS:
908 swt = SWAPS(header->wlen);
909 packet_len = swt - (pw->dag_fcs_bits);
910 caplen = erf_record_len - dag_record_size;
911 if (caplen > packet_len)
912 {
913 caplen = packet_len;
914 }
915
916 break;
917 }
918
919 if(caplen > p->snapshot)
920 caplen = p->snapshot;
921
922 /*
923 * Has "pcap_breakloop()" been called?
924 * If so, return immediately - if we haven't read any
925 * packets, clear the flag and return -2 to indicate
926 * that we were told to break out of the loop, otherwise
927 * leave the flag set, so that the *next* call will break
928 * out of the loop without having read any packets, and
929 * return the number of packets we've processed so far.
930 */
931 if (p->break_loop)
932 {
933 if (n == 0)
934 {
935 p->break_loop = 0;
936 return (-2);
937 }
938 else
939 {
940 p->bp = (char*)header;
941 p->cc = endofbuf - (char*)header;
942 return (n);
943 }
944 }
945
946 if(!dfp)
947 {
948 /* convert between timestamp formats */
949 ts = header->ts;
950 pcap_header.ts.tv_sec = (int)(ts >> 32);
951 ts = (ts & 0xffffffffi64) * 1000000;
952 ts += 0x80000000; /* rounding */
953 pcap_header.ts.tv_usec = (int)(ts >> 32);
954 if (pcap_header.ts.tv_usec >= 1000000) {
955 pcap_header.ts.tv_usec -= 1000000;
956 pcap_header.ts.tv_sec++;
957 }
958 }
959
960 /* No underlying filtering system. We need to filter on our own */
961 if (p->fcode.bf_insns)
962 {
963 if (pcapint_filter(p->fcode.bf_insns, dp, packet_len, caplen) == 0)
964 {
965 /* Move to next packet */
966 header = (dag_record_t*)((char*)header + erf_record_len);
967 continue;
968 }
969 }
970
971 /* Fill the header for the user supplied callback function */
972 pcap_header.caplen = caplen;
973 pcap_header.len = packet_len;
974
975 /* Call the callback function */
976 (*callback)(user, &pcap_header, dp);
977
978 /* Move to next packet */
979 header = (dag_record_t*)((char*)header + erf_record_len);
980
981 /* Stop if the number of packets requested by user has been reached*/
982 if (++n >= cnt && !PACKET_COUNT_IS_UNLIMITED(cnt))
983 {
984 p->bp = (char*)header;
985 p->cc = endofbuf - (char*)header;
986 return (n);
987 }
988 }
989 while((u_char*)header < endofbuf);
990
991 return (1);
992 }
993 #endif /* HAVE_DAG_API */
994
995 /* Send a packet to the network */
996 static int
997 pcap_inject_npf(pcap_t *p, const void *buf, int size)
998 {
999 struct pcap_win *pw = p->priv;
1000 PACKET pkt;
1001
1002 PacketInitPacket(&pkt, (PVOID)buf, size);
1003 if(PacketSendPacket(pw->adapter,&pkt,TRUE) == FALSE) {
1004 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1005 GetLastError(), "send error: PacketSendPacket failed");
1006 return (-1);
1007 }
1008
1009 /*
1010 * We assume it all got sent if "PacketSendPacket()" succeeded.
1011 * "pcap_inject()" is expected to return the number of bytes
1012 * sent.
1013 */
1014 return (size);
1015 }
1016
1017 static void
1018 pcap_cleanup_npf(pcap_t *p)
1019 {
1020 struct pcap_win *pw = p->priv;
1021
1022 if (pw->adapter != NULL) {
1023 PacketCloseAdapter(pw->adapter);
1024 pw->adapter = NULL;
1025 }
1026 if (pw->rfmon_selfstart)
1027 {
1028 PacketSetMonitorMode(p->opt.device, 0);
1029 }
1030 pcapint_cleanup_live_common(p);
1031 }
1032
1033 static void
1034 pcap_breakloop_npf(pcap_t *p)
1035 {
1036 pcapint_breakloop_common(p);
1037 struct pcap_win *pw = p->priv;
1038
1039 /* XXX - what if this fails? */
1040 SetEvent(PacketGetReadEvent(pw->adapter));
1041 }
1042
1043 static int
1044 pcap_activate_npf(pcap_t *p)
1045 {
1046 struct pcap_win *pw = p->priv;
1047 NetType type;
1048 int res;
1049 int status = 0;
1050 struct bpf_insn total_insn;
1051 struct bpf_program total_prog;
1052
1053 if (p->opt.rfmon) {
1054 /*
1055 * Monitor mode is supported on Windows Vista and later.
1056 */
1057 if (PacketGetMonitorMode(p->opt.device) == 1)
1058 {
1059 pw->rfmon_selfstart = 0;
1060 }
1061 else
1062 {
1063 if ((res = PacketSetMonitorMode(p->opt.device, 1)) != 1)
1064 {
1065 pw->rfmon_selfstart = 0;
1066 // Monitor mode is not supported.
1067 if (res == 0)
1068 {
1069 return PCAP_ERROR_RFMON_NOTSUP;
1070 }
1071 else
1072 {
1073 return PCAP_ERROR;
1074 }
1075 }
1076 else
1077 {
1078 pw->rfmon_selfstart = 1;
1079 }
1080 }
1081 }
1082
1083 /* Init Winsock if it hasn't already been initialized */
1084 pcap_wsockinit();
1085
1086 pw->adapter = PacketOpenAdapter(p->opt.device);
1087
1088 if (pw->adapter == NULL)
1089 {
1090 DWORD errcode = GetLastError();
1091
1092 /*
1093 * What error did we get when trying to open the adapter?
1094 */
1095 switch (errcode) {
1096
1097 case ERROR_BAD_UNIT:
1098 /*
1099 * There's no such device.
1100 * There's nothing to add, so clear the error
1101 * message.
1102 */
1103 p->errbuf[0] = '\0';
1104 return (PCAP_ERROR_NO_SUCH_DEVICE);
1105
1106 case ERROR_ACCESS_DENIED:
1107 /*
1108 * There is, but we don't have permission to
1109 * use it.
1110 *
1111 * XXX - we currently get ERROR_BAD_UNIT if the
1112 * user says "no" to the UAC prompt.
1113 */
1114 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1115 "The helper program for \"Admin-only Mode\" must be allowed to make changes to your device");
1116 return (PCAP_ERROR_PERM_DENIED);
1117
1118 default:
1119 /*
1120 * Unknown - report details.
1121 */
1122 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1123 errcode, "Error opening adapter");
1124 if (pw->rfmon_selfstart)
1125 {
1126 PacketSetMonitorMode(p->opt.device, 0);
1127 }
1128 return (PCAP_ERROR);
1129 }
1130 }
1131
1132 /*get network type*/
1133 if(PacketGetNetType (pw->adapter,&type) == FALSE)
1134 {
1135 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1136 GetLastError(), "Cannot determine the network type");
1137 goto bad;
1138 }
1139
1140 /*Set the linktype*/
1141 switch (type.LinkType)
1142 {
1143 /*
1144 * NDIS-defined medium types.
1145 */
1146 case NdisMedium802_3:
1147 p->linktype = DLT_EN10MB;
1148 /*
1149 * This is (presumably) a real Ethernet capture; give it a
1150 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so
1151 * that an application can let you choose it, in case you're
1152 * capturing DOCSIS traffic that a Cisco Cable Modem
1153 * Termination System is putting out onto an Ethernet (it
1154 * doesn't put an Ethernet header onto the wire, it puts raw
1155 * DOCSIS frames out on the wire inside the low-level
1156 * Ethernet framing).
1157 */
1158 p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2);
1159 if (p->dlt_list == NULL)
1160 {
1161 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
1162 errno, "malloc");
1163 goto bad;
1164 }
1165 p->dlt_list[0] = DLT_EN10MB;
1166 p->dlt_list[1] = DLT_DOCSIS;
1167 p->dlt_count = 2;
1168 break;
1169
1170 case NdisMedium802_5:
1171 /*
1172 * Token Ring.
1173 */
1174 p->linktype = DLT_IEEE802;
1175 break;
1176
1177 case NdisMediumFddi:
1178 p->linktype = DLT_FDDI;
1179 break;
1180
1181 case NdisMediumWan:
1182 p->linktype = DLT_EN10MB;
1183 break;
1184
1185 case NdisMediumArcnetRaw:
1186 p->linktype = DLT_ARCNET;
1187 break;
1188
1189 case NdisMediumArcnet878_2:
1190 p->linktype = DLT_ARCNET;
1191 break;
1192
1193 case NdisMediumAtm:
1194 p->linktype = DLT_ATM_RFC1483;
1195 break;
1196
1197 case NdisMediumWirelessWan:
1198 p->linktype = DLT_RAW;
1199 break;
1200
1201 case NdisMediumIP:
1202 p->linktype = DLT_RAW;
1203 break;
1204
1205 /*
1206 * Npcap-defined medium types.
1207 */
1208 case NdisMediumNull:
1209 p->linktype = DLT_NULL;
1210 break;
1211
1212 case NdisMediumCHDLC:
1213 p->linktype = DLT_CHDLC;
1214 break;
1215
1216 case NdisMediumPPPSerial:
1217 p->linktype = DLT_PPP_SERIAL;
1218 break;
1219
1220 case NdisMediumBare80211:
1221 p->linktype = DLT_IEEE802_11;
1222 break;
1223
1224 case NdisMediumRadio80211:
1225 p->linktype = DLT_IEEE802_11_RADIO;
1226 break;
1227
1228 case NdisMediumPpi:
1229 p->linktype = DLT_PPI;
1230 break;
1231
1232 default:
1233 /*
1234 * An unknown medium type is assumed to supply Ethernet
1235 * headers; if not, the user will have to report it,
1236 * so that the medium type and link-layer header type
1237 * can be determined. If we were to fail here, we
1238 * might get the link-layer type in the error, but
1239 * the user wouldn't get a capture, so we wouldn't
1240 * be able to determine the link-layer type; we report
1241 * a warning with the link-layer type, so at least
1242 * some programs will report the warning.
1243 */
1244 p->linktype = DLT_EN10MB;
1245 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1246 "Unknown NdisMedium value %d, defaulting to DLT_EN10MB",
1247 type.LinkType);
1248 status = PCAP_WARNING;
1249 break;
1250 }
1251
1252 #ifdef HAVE_PACKET_GET_TIMESTAMP_MODES
1253 /*
1254 * Set the timestamp type.
1255 * (Yes, we require PacketGetTimestampModes(), not just
1256 * PacketSetTimestampMode(). If we have the former, we
1257 * have the latter, unless somebody's using a version
1258 * of Npcap that they've hacked to provide the former
1259 * but not the latter; if they've done that, either
1260 * they're confused or they're trolling us.)
1261 */
1262 switch (p->opt.tstamp_type) {
1263
1264 case PCAP_TSTAMP_HOST_HIPREC_UNSYNCED:
1265 /*
1266 * Better than low-res, but *not* synchronized with
1267 * the OS clock.
1268 */
1269 if (!PacketSetTimestampMode(pw->adapter, TIMESTAMPMODE_SINGLE_SYNCHRONIZATION))
1270 {
1271 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1272 GetLastError(), "Cannot set the time stamp mode to TIMESTAMPMODE_SINGLE_SYNCHRONIZATION");
1273 goto bad;
1274 }
1275 break;
1276
1277 case PCAP_TSTAMP_HOST_LOWPREC:
1278 /*
1279 * Low-res, but synchronized with the OS clock.
1280 */
1281 if (!PacketSetTimestampMode(pw->adapter, TIMESTAMPMODE_QUERYSYSTEMTIME))
1282 {
1283 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1284 GetLastError(), "Cannot set the time stamp mode to TIMESTAMPMODE_QUERYSYSTEMTIME");
1285 goto bad;
1286 }
1287 break;
1288
1289 case PCAP_TSTAMP_HOST_HIPREC:
1290 /*
1291 * High-res, and synchronized with the OS clock.
1292 */
1293 if (!PacketSetTimestampMode(pw->adapter, TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE))
1294 {
1295 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1296 GetLastError(), "Cannot set the time stamp mode to TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE");
1297 goto bad;
1298 }
1299 break;
1300
1301 case PCAP_TSTAMP_HOST:
1302 /*
1303 * XXX - do whatever the default is, for now.
1304 * Set to the highest resolution that's synchronized
1305 * with the system clock?
1306 */
1307 break;
1308 }
1309 #endif /* HAVE_PACKET_GET_TIMESTAMP_MODES */
1310
1311 /*
1312 * Turn a negative snapshot value (invalid), a snapshot value of
1313 * 0 (unspecified), or a value bigger than the normal maximum
1314 * value, into the maximum allowed value.
1315 *
1316 * If some application really *needs* a bigger snapshot
1317 * length, we should just increase MAXIMUM_SNAPLEN.
1318 */
1319 if (p->snapshot <= 0 || p->snapshot > MAXIMUM_SNAPLEN)
1320 p->snapshot = MAXIMUM_SNAPLEN;
1321
1322 /* Set promiscuous mode */
1323 if (p->opt.promisc)
1324 {
1325 /*
1326 * For future reference, in case we ever want to query
1327 * whether an adapter supports promiscuous mode, that
1328 * would be done on Windows by querying the value
1329 * of the OID_GEN_SUPPORTED_PACKET_FILTERS OID.
1330 */
1331 if (PacketSetHwFilter(pw->adapter,NDIS_PACKET_TYPE_PROMISCUOUS) == FALSE)
1332 {
1333 DWORD errcode = GetLastError();
1334
1335 /*
1336 * Suppress spurious error generated by non-compliant
1337 * MS Surface mobile adapters that appear to
1338 * return NDIS_STATUS_NOT_SUPPORTED for attempts
1339 * to set the hardware filter.
1340 *
1341 * It appears to be reporting NDIS_STATUS_NOT_SUPPORTED,
1342 * but with the NT status value "Customer" bit set;
1343 * the Npcap NPF driver sets that bit in some cases.
1344 *
1345 * If we knew that this meant "promiscuous mode
1346 * isn't supported", we could add a "promiscuous
1347 * mode isn't supported" error code and return
1348 * that, but:
1349 *
1350 * 1) we don't know that it means that
1351 * rather than meaning "we reject attempts
1352 * to set the filter, even though the NDIS
1353 * specifications say you shouldn't do that"
1354 *
1355 * and
1356 *
1357 * 2) other interface types that don't
1358 * support promiscuous mode, at least
1359 * on UN*Xes, just silently ignore
1360 * attempts to set promiscuous mode
1361 *
1362 * and rejecting it with an error could disrupt
1363 * attempts to capture, as many programs (tcpdump,
1364 * *shark) default to promiscuous mode.
1365 *
1366 * Alternatively, we could return the "promiscuous
1367 * mode not supported" *warning* value, so that
1368 * correct code will either ignore it or report
1369 * it and continue capturing. (This may require
1370 * a pcap_init() flag to request that return
1371 * value, so that old incorrect programs that
1372 * assume a non-zero return from pcap_activate()
1373 * is an error don't break.)
1374 *
1375 * We check here for ERROR_NOT_SUPPORTED, which
1376 * is what NDIS_STATUS_NOT_SUPPORTED (which is
1377 * the same value as the NTSTATUS value
1378 * STATUS_NOT_SUPPORTED) gets mapped to, as
1379 * well as NDIS_STATUS_NOT_SUPPORTED with the
1380 * "Customer" bit set.
1381 */
1382 if (errcode != ERROR_NOT_SUPPORTED &&
1383 errcode != (NDIS_STATUS_NOT_SUPPORTED|NT_STATUS_CUSTOMER_DEFINED))
1384 {
1385 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1386 PCAP_ERRBUF_SIZE, errcode,
1387 "failed to set hardware filter to promiscuous mode");
1388 goto bad;
1389 }
1390 }
1391 }
1392 else
1393 {
1394 /*
1395 * NDIS_PACKET_TYPE_ALL_LOCAL selects "All packets sent by
1396 * installed protocols and all packets indicated by the NIC",
1397 * but if no protocol drivers (like TCP/IP) are installed,
1398 * NDIS_PACKET_TYPE_DIRECTED, NDIS_PACKET_TYPE_BROADCAST,
1399 * and NDIS_PACKET_TYPE_MULTICAST are needed to capture
1400 * incoming frames.
1401 */
1402 if (PacketSetHwFilter(pw->adapter,
1403 NDIS_PACKET_TYPE_ALL_LOCAL |
1404 NDIS_PACKET_TYPE_DIRECTED |
1405 NDIS_PACKET_TYPE_BROADCAST |
1406 NDIS_PACKET_TYPE_MULTICAST) == FALSE)
1407 {
1408 DWORD errcode = GetLastError();
1409
1410 /*
1411 * Suppress spurious error generated by non-compliant
1412 * MS Surface mobile adapters.
1413 */
1414 if (errcode != (NDIS_STATUS_NOT_SUPPORTED|NT_STATUS_CUSTOMER_DEFINED))
1415 {
1416 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1417 PCAP_ERRBUF_SIZE, errcode,
1418 "failed to set hardware filter to non-promiscuous mode");
1419 goto bad;
1420 }
1421 }
1422 }
1423
1424 /* Set the buffer size */
1425 p->bufsize = WIN32_DEFAULT_USER_BUFFER_SIZE;
1426
1427 if(!(pw->adapter->Flags & INFO_FLAG_DAG_CARD))
1428 {
1429 /*
1430 * Traditional Adapter
1431 */
1432 /*
1433 * If the buffer size wasn't explicitly set, default to
1434 * WIN32_DEFAULT_KERNEL_BUFFER_SIZE.
1435 */
1436 if (p->opt.buffer_size == 0)
1437 p->opt.buffer_size = WIN32_DEFAULT_KERNEL_BUFFER_SIZE;
1438
1439 if(PacketSetBuff(pw->adapter,p->opt.buffer_size)==FALSE)
1440 {
1441 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to allocate the kernel buffer");
1442 goto bad;
1443 }
1444
1445 p->buffer = malloc(p->bufsize);
1446 if (p->buffer == NULL)
1447 {
1448 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
1449 errno, "malloc");
1450 goto bad;
1451 }
1452
1453 if (p->opt.immediate)
1454 {
1455 /* tell the driver to copy the buffer as soon as data arrives */
1456 if(PacketSetMinToCopy(pw->adapter,0)==FALSE)
1457 {
1458 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1459 PCAP_ERRBUF_SIZE, GetLastError(),
1460 "Error calling PacketSetMinToCopy");
1461 goto bad;
1462 }
1463 }
1464 else
1465 {
1466 /* tell the driver to copy the buffer only if it contains at least 16K */
1467 if(PacketSetMinToCopy(pw->adapter,16000)==FALSE)
1468 {
1469 pcapint_fmt_errmsg_for_win32_err(p->errbuf,
1470 PCAP_ERRBUF_SIZE, GetLastError(),
1471 "Error calling PacketSetMinToCopy");
1472 goto bad;
1473 }
1474 }
1475 } else {
1476 /*
1477 * Dag Card
1478 */
1479 #ifdef HAVE_DAG_API
1480 /*
1481 * We have DAG support.
1482 */
1483 LONG status;
1484 HKEY dagkey;
1485 DWORD lptype;
1486 DWORD lpcbdata;
1487 int postype = 0;
1488 char keyname[512];
1489
1490 snprintf(keyname, sizeof(keyname), "%s\\CardParams\\%s",
1491 "SYSTEM\\CurrentControlSet\\Services\\DAG",
1492 strstr(_strlwr(p->opt.device), "dag"));
1493 do
1494 {
1495 status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_READ, &dagkey);
1496 if(status != ERROR_SUCCESS)
1497 break;
1498
1499 status = RegQueryValueEx(dagkey,
1500 "PosType",
1501 NULL,
1502 &lptype,
1503 (char*)&postype,
1504 &lpcbdata);
1505
1506 if(status != ERROR_SUCCESS)
1507 {
1508 postype = 0;
1509 }
1510
1511 RegCloseKey(dagkey);
1512 }
1513 while(FALSE);
1514
1515
1516 p->snapshot = PacketSetSnapLen(pw->adapter, p->snapshot);
1517
1518 /* Set the length of the FCS associated to any packet. This value
1519 * will be subtracted to the packet length */
1520 pw->dag_fcs_bits = pw->adapter->DagFcsLen;
1521 #else /* HAVE_DAG_API */
1522 /*
1523 * No DAG support.
1524 */
1525 goto bad;
1526 #endif /* HAVE_DAG_API */
1527 }
1528
1529 /*
1530 * If there's no filter program installed, there's
1531 * no indication to the kernel of what the snapshot
1532 * length should be, so no snapshotting is done.
1533 *
1534 * Therefore, when we open the device, we install
1535 * an "accept everything" filter with the specified
1536 * snapshot length.
1537 */
1538 total_insn.code = (u_short)(BPF_RET | BPF_K);
1539 total_insn.jt = 0;
1540 total_insn.jf = 0;
1541 total_insn.k = p->snapshot;
1542
1543 total_prog.bf_len = 1;
1544 total_prog.bf_insns = &total_insn;
1545 if (!PacketSetBpf(pw->adapter, &total_prog)) {
1546 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
1547 GetLastError(), "PacketSetBpf");
1548 status = PCAP_ERROR;
1549 goto bad;
1550 }
1551
1552 PacketSetReadTimeout(pw->adapter, p->opt.timeout);
1553
1554 /* disable loopback capture if requested */
1555 if (p->opt.nocapture_local)
1556 {
1557 if (!PacketSetLoopbackBehavior(pw->adapter, NPF_DISABLE_LOOPBACK))
1558 {
1559 snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
1560 "Unable to disable the capture of loopback packets.");
1561 goto bad;
1562 }
1563 }
1564
1565 #ifdef HAVE_DAG_API
1566 if(pw->adapter->Flags & INFO_FLAG_DAG_CARD)
1567 {
1568 /* install dag specific handlers for read and setfilter */
1569 p->read_op = pcap_read_win32_dag;
1570 p->setfilter_op = pcap_setfilter_win32_dag;
1571 }
1572 else
1573 {
1574 #endif /* HAVE_DAG_API */
1575 /* install traditional npf handlers for read and setfilter */
1576 p->read_op = pcap_read_npf;
1577 p->setfilter_op = pcap_setfilter_npf;
1578 #ifdef HAVE_DAG_API
1579 }
1580 #endif /* HAVE_DAG_API */
1581 p->setdirection_op = NULL; /* Not implemented. */
1582 /* XXX - can this be implemented on some versions of Windows? */
1583 p->inject_op = pcap_inject_npf;
1584 p->set_datalink_op = NULL; /* can't change data link type */
1585 p->getnonblock_op = pcap_getnonblock_npf;
1586 p->setnonblock_op = pcap_setnonblock_npf;
1587 p->stats_op = pcap_stats_npf;
1588 p->breakloop_op = pcap_breakloop_npf;
1589 p->stats_ex_op = pcap_stats_ex_npf;
1590 p->setbuff_op = pcap_setbuff_npf;
1591 p->setmode_op = pcap_setmode_npf;
1592 p->setmintocopy_op = pcap_setmintocopy_npf;
1593 p->getevent_op = pcap_getevent_npf;
1594 p->oid_get_request_op = pcap_oid_get_request_npf;
1595 p->oid_set_request_op = pcap_oid_set_request_npf;
1596 p->sendqueue_transmit_op = pcap_sendqueue_transmit_npf;
1597 p->setuserbuffer_op = pcap_setuserbuffer_npf;
1598 p->live_dump_op = pcap_live_dump_npf;
1599 p->live_dump_ended_op = pcap_live_dump_ended_npf;
1600 p->get_airpcap_handle_op = pcap_get_airpcap_handle_npf;
1601 p->cleanup_op = pcap_cleanup_npf;
1602
1603 /*
1604 * XXX - this is only done because WinPcap supported
1605 * pcap_fileno() returning the hFile HANDLE from the
1606 * ADAPTER structure. We make no general guarantees
1607 * that the caller can do anything useful with it.
1608 *
1609 * (Not that we make any general guarantee of that
1610 * sort on UN*X, either, anymore, given that not
1611 * all capture devices are regular OS network
1612 * interfaces.)
1613 */
1614 p->handle = pw->adapter->hFile;
1615
1616 return (status);
1617 bad:
1618 pcap_cleanup_npf(p);
1619 return (PCAP_ERROR);
1620 }
1621
1622 /*
1623 * Check if rfmon mode is supported on the pcap_t for Windows systems.
1624 */
1625 static int
1626 pcap_can_set_rfmon_npf(pcap_t *p)
1627 {
1628 return (PacketIsMonitorModeSupported(p->opt.device) == 1);
1629 }
1630
1631 /*
1632 * Get a list of time stamp types.
1633 */
1634 #ifdef HAVE_PACKET_GET_TIMESTAMP_MODES
1635 static int
1636 get_ts_types(const char *device, pcap_t *p, char *ebuf)
1637 {
1638 char *device_copy = NULL;
1639 ADAPTER *adapter = NULL;
1640 ULONG num_ts_modes;
1641 /* Npcap 1.00 driver is buggy and will write 16 bytes regardless of
1642 * buffer size. Using a sufficient stack buffer avoids overflow and
1643 * avoids a heap allocation in most (currently all) cases.
1644 */
1645 ULONG ts_modes[4];
1646 BOOL ret;
1647 DWORD error = ERROR_SUCCESS;
1648 ULONG *modes = NULL;
1649 int status = 0;
1650
1651 do {
1652 /*
1653 * First, find out how many time stamp modes we have.
1654 * To do that, we have to open the adapter.
1655 *
1656 * XXX - PacketOpenAdapter() takes a non-const pointer
1657 * as an argument, so we make a copy of the argument and
1658 * pass that to it.
1659 */
1660 device_copy = strdup(device);
1661 if (device_copy == NULL) {
1662 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, errno, "malloc");
1663 status = -1;
1664 break;
1665 }
1666
1667 adapter = PacketOpenAdapter(device_copy);
1668 if (adapter == NULL)
1669 {
1670 error = GetLastError();
1671 /*
1672 * If we can't open the device now, we won't be
1673 * able to later, either.
1674 *
1675 * If the error is something that indicates
1676 * that the device doesn't exist, or that they
1677 * don't have permission to open the device - or
1678 * perhaps that they don't have permission to get
1679 * a list of devices, if PacketOpenAdapter() does
1680 * that - the user will find that out when they try
1681 * to activate the device; just return an empty
1682 * list of time stamp types.
1683 *
1684 * Treating either of those as errors will, for
1685 * example, cause "tcpdump -i <number>" to fail,
1686 * because it first tries to pass the interface
1687 * name to pcap_create() and pcap_activate(),
1688 * in order to handle OSes where interfaces can
1689 * have names that are just numbers (stand up
1690 * and say hello, Linux!), and, if pcap_activate()
1691 * fails with a "no such device" error, checks
1692 * whether the interface name is a valid number
1693 * and, if so, tries to use it as an index in
1694 * the list of interfaces.
1695 *
1696 * That means pcap_create() must succeed even
1697 * for interfaces that don't exist, with the
1698 * failure occurring at pcap_activate() time.
1699 */
1700 if (error == ERROR_BAD_UNIT ||
1701 error == ERROR_ACCESS_DENIED) {
1702 p->tstamp_type_count = 0;
1703 p->tstamp_type_list = NULL;
1704 status = 0;
1705 } else {
1706 pcapint_fmt_errmsg_for_win32_err(ebuf,
1707 PCAP_ERRBUF_SIZE, error,
1708 "Error opening adapter");
1709 status = -1;
1710 }
1711 break;
1712 }
1713
1714 /*
1715 * Get the total number of time stamp modes.
1716 *
1717 * The buffer for PacketGetTimestampModes() is
1718 * a sequence of 1 or more ULONGs. What's
1719 * passed to PacketGetTimestampModes() should have
1720 * the total number of ULONGs in the first ULONG;
1721 * what's returned *from* PacketGetTimestampModes()
1722 * has the total number of time stamp modes in
1723 * the first ULONG.
1724 *
1725 * Yes, that means if there are N time stamp
1726 * modes, the first ULONG should be set to N+1
1727 * on input, and will be set to N on output.
1728 *
1729 * We first make a call to PacketGetTimestampModes()
1730 * with a pointer to a single ULONG set to 1; the
1731 * call should fail with ERROR_MORE_DATA (unless
1732 * there are *no* modes, but that should never
1733 * happen), and that ULONG should be set to the
1734 * number of modes.
1735 */
1736 ts_modes[0] = sizeof(ts_modes) / sizeof(ULONG);
1737 ret = PacketGetTimestampModes(adapter, ts_modes);
1738 if (!ret) {
1739 /*
1740 * OK, it failed. Did it fail with
1741 * ERROR_MORE_DATA?
1742 */
1743 error = GetLastError();
1744 if (error != ERROR_MORE_DATA) {
1745 /*
1746 * No, did it fail with ERROR_INVALID_FUNCTION?
1747 */
1748 if (error == ERROR_INVALID_FUNCTION) {
1749 /*
1750 * This is probably due to
1751 * the driver with which Packet.dll
1752 * communicates being older, or
1753 * being a WinPcap driver, so
1754 * that it doesn't support
1755 * BIOCGTIMESTAMPMODES.
1756 *
1757 * Tell the user to try uninstalling
1758 * Npcap - and WinPcap if installed -
1759 * and re-installing it, to flush
1760 * out all older drivers.
1761 */
1762 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1763 "PacketGetTimestampModes() failed with ERROR_INVALID_FUNCTION; try uninstalling Npcap, and WinPcap if installed, and re-installing it from npcap.com");
1764 status = -1;
1765 break;
1766 }
1767
1768 /*
1769 * No, some other error. Fail.
1770 */
1771 pcapint_fmt_errmsg_for_win32_err(ebuf,
1772 PCAP_ERRBUF_SIZE, error,
1773 "Error calling PacketGetTimestampModes");
1774 status = -1;
1775 break;
1776 }
1777
1778 /*
1779 * Yes, so we now know how many types to fetch.
1780 *
1781 * The buffer needs to have one ULONG for the
1782 * count and num_ts_modes ULONGs for the
1783 * num_ts_modes time stamp types.
1784 */
1785 num_ts_modes = ts_modes[0];
1786 modes = (ULONG *)malloc((1 + num_ts_modes) * sizeof(ULONG));
1787 if (modes == NULL) {
1788 /* Out of memory. */
1789 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, errno, "malloc");
1790 status = -1;
1791 break;
1792 }
1793 modes[0] = 1 + num_ts_modes;
1794 if (!PacketGetTimestampModes(adapter, modes)) {
1795 pcapint_fmt_errmsg_for_win32_err(ebuf,
1796 PCAP_ERRBUF_SIZE, GetLastError(),
1797 "Error calling PacketGetTimestampModes");
1798 status = -1;
1799 break;
1800 }
1801 if (modes[0] != num_ts_modes) {
1802 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1803 "First PacketGetTimestampModes() call gives %lu modes, second call gives %lu modes",
1804 num_ts_modes, modes[0]);
1805 status = -1;
1806 break;
1807 }
1808 }
1809 else {
1810 modes = ts_modes;
1811 num_ts_modes = ts_modes[0];
1812 }
1813
1814 /* If the driver reports no modes supported *and*
1815 * ERROR_MORE_DATA, something is seriously wrong.
1816 * We *could* ignore the error and continue without supporting
1817 * settable timestamp modes, but that would hide a bug.
1818 */
1819 if (modes[0] == 0) {
1820 snprintf(ebuf, PCAP_ERRBUF_SIZE,
1821 "PacketGetTimestampModes() reports 0 modes supported.");
1822 status = -1;
1823 break;
1824 }
1825
1826 /*
1827 * Allocate a buffer big enough for
1828 * PCAP_TSTAMP_HOST (default) plus
1829 * the explicitly specified modes.
1830 */
1831 p->tstamp_type_list = malloc((1 + num_ts_modes) * sizeof(u_int));
1832 if (p->tstamp_type_list == NULL) {
1833 pcapint_fmt_errmsg_for_errno(ebuf, PCAP_ERRBUF_SIZE, errno, "malloc");
1834 status = -1;
1835 break;
1836 }
1837 u_int num_ts_types = 0;
1838 p->tstamp_type_list[num_ts_types] =
1839 PCAP_TSTAMP_HOST;
1840 num_ts_types++;
1841 for (ULONG i = 0; i < num_ts_modes; i++) {
1842 switch (modes[i + 1]) {
1843
1844 case TIMESTAMPMODE_SINGLE_SYNCHRONIZATION:
1845 /*
1846 * Better than low-res,
1847 * but *not* synchronized
1848 * with the OS clock.
1849 */
1850 p->tstamp_type_list[num_ts_types] =
1851 PCAP_TSTAMP_HOST_HIPREC_UNSYNCED;
1852 num_ts_types++;
1853 break;
1854
1855 case TIMESTAMPMODE_QUERYSYSTEMTIME:
1856 /*
1857 * Low-res, but synchronized
1858 * with the OS clock.
1859 */
1860 p->tstamp_type_list[num_ts_types] =
1861 PCAP_TSTAMP_HOST_LOWPREC;
1862 num_ts_types++;
1863 break;
1864
1865 case TIMESTAMPMODE_QUERYSYSTEMTIME_PRECISE:
1866 /*
1867 * High-res, and synchronized
1868 * with the OS clock.
1869 */
1870 p->tstamp_type_list[num_ts_types] =
1871 PCAP_TSTAMP_HOST_HIPREC;
1872 num_ts_types++;
1873 break;
1874
1875 default:
1876 /*
1877 * Unknown, so we can't
1878 * report it.
1879 */
1880 break;
1881 }
1882 }
1883 p->tstamp_type_count = num_ts_types;
1884 } while (0);
1885
1886 /* Clean up temporary allocations */
1887 if (device_copy != NULL) {
1888 free(device_copy);
1889 }
1890 if (modes != NULL && modes != ts_modes) {
1891 free(modes);
1892 }
1893 if (adapter != NULL) {
1894 PacketCloseAdapter(adapter);
1895 }
1896
1897 return status;
1898 }
1899 #else /* HAVE_PACKET_GET_TIMESTAMP_MODES */
1900 static int
1901 get_ts_types(const char *device _U_, pcap_t *p _U_, char *ebuf _U_)
1902 {
1903 /*
1904 * Nothing to fetch, so it always "succeeds".
1905 */
1906 return 0;
1907 }
1908 #endif /* HAVE_PACKET_GET_TIMESTAMP_MODES */
1909
1910 pcap_t *
1911 pcapint_create_interface(const char *device _U_, char *ebuf)
1912 {
1913 pcap_t *p;
1914
1915 p = PCAP_CREATE_COMMON(ebuf, struct pcap_win);
1916 if (p == NULL)
1917 return (NULL);
1918
1919 p->activate_op = pcap_activate_npf;
1920 p->can_set_rfmon_op = pcap_can_set_rfmon_npf;
1921
1922 if (get_ts_types(device, p, ebuf) == -1) {
1923 pcap_close(p);
1924 return (NULL);
1925 }
1926 return (p);
1927 }
1928
1929 static int
1930 pcap_setfilter_npf(pcap_t *p, struct bpf_program *fp)
1931 {
1932 struct pcap_win *pw = p->priv;
1933
1934 if(PacketSetBpf(pw->adapter,fp)==FALSE){
1935 /*
1936 * Kernel filter not installed.
1937 *
1938 * XXX - we don't know whether this failed because:
1939 *
1940 * the kernel rejected the filter program as invalid,
1941 * in which case we should fall back on userland
1942 * filtering;
1943 *
1944 * the kernel rejected the filter program as too big,
1945 * in which case we should again fall back on
1946 * userland filtering;
1947 *
1948 * there was some other problem, in which case we
1949 * should probably report an error.
1950 *
1951 * For NPF devices, the Win32 status will be
1952 * STATUS_INVALID_DEVICE_REQUEST for invalid
1953 * filters, but I don't know what it'd be for
1954 * other problems, and for some other devices
1955 * it might not be set at all.
1956 *
1957 * So we just fall back on userland filtering in
1958 * all cases.
1959 */
1960
1961 /*
1962 * pcapint_install_bpf_program() validates the program.
1963 *
1964 * XXX - what if we already have a filter in the kernel?
1965 */
1966 if (pcapint_install_bpf_program(p, fp) < 0)
1967 return (-1);
1968 pw->filtering_in_kernel = 0; /* filtering in userland */
1969 return (0);
1970 }
1971
1972 /*
1973 * It worked.
1974 */
1975 pw->filtering_in_kernel = 1; /* filtering in the kernel */
1976
1977 /*
1978 * Discard any previously-received packets, as they might have
1979 * passed whatever filter was formerly in effect, but might
1980 * not pass this filter (BIOCSETF discards packets buffered
1981 * in the kernel, so you can lose packets in any case).
1982 */
1983 p->cc = 0;
1984 return (0);
1985 }
1986
1987 /*
1988 * We filter at user level, since the kernel driver doesn't process the packets
1989 */
1990 static int
1991 pcap_setfilter_win32_dag(pcap_t *p, struct bpf_program *fp) {
1992
1993 if(!fp)
1994 {
1995 pcapint_strlcpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf));
1996 return (-1);
1997 }
1998
1999 /* Install a user level filter */
2000 if (pcapint_install_bpf_program(p, fp) < 0)
2001 return (-1);
2002
2003 return (0);
2004 }
2005
2006 static int
2007 pcap_getnonblock_npf(pcap_t *p)
2008 {
2009 struct pcap_win *pw = p->priv;
2010
2011 /*
2012 * XXX - if there were a PacketGetReadTimeout() call, we
2013 * would use it, and return 1 if the timeout is -1
2014 * and 0 otherwise.
2015 */
2016 return (pw->nonblock);
2017 }
2018
2019 static int
2020 pcap_setnonblock_npf(pcap_t *p, int nonblock)
2021 {
2022 struct pcap_win *pw = p->priv;
2023 int newtimeout;
2024
2025 if (nonblock) {
2026 /*
2027 * Set the packet buffer timeout to -1 for non-blocking
2028 * mode.
2029 */
2030 newtimeout = -1;
2031 } else {
2032 /*
2033 * Restore the timeout set when the device was opened.
2034 * (Note that this may be -1, in which case we're not
2035 * really leaving non-blocking mode. However, although
2036 * the timeout argument to pcap_set_timeout() and
2037 * pcap_open_live() is an int, you're not supposed to
2038 * supply a negative value, so that "shouldn't happen".)
2039 */
2040 newtimeout = p->opt.timeout;
2041 }
2042 if (!PacketSetReadTimeout(pw->adapter, newtimeout)) {
2043 pcapint_fmt_errmsg_for_win32_err(p->errbuf, PCAP_ERRBUF_SIZE,
2044 GetLastError(), "PacketSetReadTimeout");
2045 return (-1);
2046 }
2047 pw->nonblock = (newtimeout == -1);
2048 return (0);
2049 }
2050
2051 static int
2052 pcap_add_if_npf(pcap_if_list_t *devlistp, char *name, bpf_u_int32 flags,
2053 const char *description, char *errbuf)
2054 {
2055 pcap_if_t *curdev;
2056 npf_if_addr if_addrs[MAX_NETWORK_ADDRESSES];
2057 LONG if_addr_size;
2058 int res = 0;
2059
2060 if_addr_size = MAX_NETWORK_ADDRESSES;
2061
2062 /*
2063 * Add an entry for this interface, with no addresses.
2064 */
2065 curdev = pcapint_add_dev(devlistp, name, flags, description, errbuf);
2066 if (curdev == NULL) {
2067 /*
2068 * Failure.
2069 */
2070 return (-1);
2071 }
2072
2073 /*
2074 * Get the list of addresses for the interface.
2075 */
2076 if (!PacketGetNetInfoEx((void *)name, if_addrs, &if_addr_size)) {
2077 /*
2078 * Failure.
2079 *
2080 * We don't return an error, because this can happen with
2081 * NdisWan interfaces, and we want to supply them even
2082 * if we can't supply their addresses.
2083 *
2084 * We return an entry with an empty address list.
2085 */
2086 return (0);
2087 }
2088
2089 /*
2090 * Now add the addresses.
2091 */
2092 while (if_addr_size-- > 0) {
2093 /*
2094 * "curdev" is an entry for this interface; add an entry for
2095 * this address to its list of addresses.
2096 */
2097 res = pcapint_add_addr_to_dev(curdev,
2098 (struct sockaddr *)&if_addrs[if_addr_size].IPAddress,
2099 sizeof (struct sockaddr_storage),
2100 (struct sockaddr *)&if_addrs[if_addr_size].SubnetMask,
2101 sizeof (struct sockaddr_storage),
2102 (struct sockaddr *)&if_addrs[if_addr_size].Broadcast,
2103 sizeof (struct sockaddr_storage),
2104 NULL,
2105 0,
2106 errbuf);
2107 if (res == -1) {
2108 /*
2109 * Failure.
2110 */
2111 break;
2112 }
2113 }
2114
2115 return (res);
2116 }
2117
2118 static int
2119 get_if_flags(const char *name, bpf_u_int32 *flags, char *errbuf)
2120 {
2121 char *name_copy;
2122 ADAPTER *adapter;
2123 int status;
2124 size_t len;
2125 NDIS_HARDWARE_STATUS hardware_status;
2126 #ifdef OID_GEN_PHYSICAL_MEDIUM
2127 NDIS_PHYSICAL_MEDIUM phys_medium;
2128 bpf_u_int32 gen_physical_medium_oids[] = {
2129 #ifdef OID_GEN_PHYSICAL_MEDIUM_EX
2130 OID_GEN_PHYSICAL_MEDIUM_EX,
2131 #endif
2132 OID_GEN_PHYSICAL_MEDIUM
2133 };
2134 #define N_GEN_PHYSICAL_MEDIUM_OIDS (sizeof gen_physical_medium_oids / sizeof gen_physical_medium_oids[0])
2135 size_t i;
2136 #endif /* OID_GEN_PHYSICAL_MEDIUM */
2137 #ifdef OID_GEN_LINK_STATE
2138 NDIS_LINK_STATE link_state;
2139 #endif
2140 int connect_status;
2141
2142 if (*flags & PCAP_IF_LOOPBACK) {
2143 /*
2144 * Loopback interface, so the connection status doesn't
2145 * apply. and it's not wireless (or wired, for that
2146 * matter...). We presume it's up and running.
2147 */
2148 *flags |= PCAP_IF_UP | PCAP_IF_RUNNING | PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE;
2149 return (0);
2150 }
2151
2152 /*
2153 * We need to open the adapter to get this information.
2154 *
2155 * XXX - PacketOpenAdapter() takes a non-const pointer
2156 * as an argument, so we make a copy of the argument and
2157 * pass that to it.
2158 */
2159 name_copy = strdup(name);
2160 adapter = PacketOpenAdapter(name_copy);
2161 free(name_copy);
2162 if (adapter == NULL) {
2163 /*
2164 * Give up; if they try to open this device, it'll fail.
2165 */
2166 return (0);
2167 }
2168
2169 #ifdef HAVE_AIRPCAP_API
2170 /*
2171 * Airpcap.sys do not support the below 'OID_GEN_x' values.
2172 * Just set these flags (and none of the '*flags' entered with).
2173 */
2174 if (PacketGetAirPcapHandle(adapter)) {
2175 /*
2176 * Must be "up" and "running" if the above if succeeded.
2177 */
2178 *flags = PCAP_IF_UP | PCAP_IF_RUNNING;
2179
2180 /*
2181 * An airpcap device is a wireless device (duh!)
2182 */
2183 *flags |= PCAP_IF_WIRELESS;
2184
2185 /*
2186 * A "network association state" makes no sense for airpcap.
2187 */
2188 *flags |= PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE;
2189 PacketCloseAdapter(adapter);
2190 return (0);
2191 }
2192 #endif
2193
2194 /*
2195 * Get the hardware status, and derive "up" and "running" from
2196 * that.
2197 */
2198 len = sizeof (hardware_status);
2199 status = oid_get_request(adapter, OID_GEN_HARDWARE_STATUS,
2200 &hardware_status, &len, errbuf);
2201 if (status == 0) {
2202 switch (hardware_status) {
2203
2204 case NdisHardwareStatusReady:
2205 /*
2206 * "Available and capable of sending and receiving
2207 * data over the wire", so up and running.
2208 */
2209 *flags |= PCAP_IF_UP | PCAP_IF_RUNNING;
2210 break;
2211
2212 case NdisHardwareStatusInitializing:
2213 case NdisHardwareStatusReset:
2214 /*
2215 * "Initializing" or "Resetting", so up, but
2216 * not running.
2217 */
2218 *flags |= PCAP_IF_UP;
2219 break;
2220
2221 case NdisHardwareStatusClosing:
2222 case NdisHardwareStatusNotReady:
2223 /*
2224 * "Closing" or "Not ready", so neither up nor
2225 * running.
2226 */
2227 break;
2228
2229 default:
2230 /*
2231 * Unknown.
2232 */
2233 break;
2234 }
2235 } else {
2236 /*
2237 * Can't get the hardware status, so assume both up and
2238 * running.
2239 */
2240 *flags |= PCAP_IF_UP | PCAP_IF_RUNNING;
2241 }
2242
2243 /*
2244 * Get the network type.
2245 */
2246 #ifdef OID_GEN_PHYSICAL_MEDIUM
2247 /*
2248 * Try the OIDs we have for this, in order.
2249 */
2250 for (i = 0; i < N_GEN_PHYSICAL_MEDIUM_OIDS; i++) {
2251 len = sizeof (phys_medium);
2252 status = oid_get_request(adapter, gen_physical_medium_oids[i],
2253 &phys_medium, &len, errbuf);
2254 if (status == 0) {
2255 /*
2256 * Success.
2257 */
2258 break;
2259 }
2260 /*
2261 * Failed. We can't determine whether it failed
2262 * because that particular OID isn't supported
2263 * or because some other problem occurred, so we
2264 * just drive on and try the next OID.
2265 */
2266 }
2267 if (status == 0) {
2268 /*
2269 * We got the physical medium.
2270 *
2271 * XXX - we might want to check for NdisPhysicalMediumWiMax
2272 * and NdisPhysicalMediumNative802_15_4 being
2273 * part of the enum, and check for those in the "wireless"
2274 * case.
2275 */
2276 DIAG_OFF_ENUM_SWITCH
2277 switch (phys_medium) {
2278
2279 case NdisPhysicalMediumWirelessLan:
2280 case NdisPhysicalMediumWirelessWan:
2281 case NdisPhysicalMediumNative802_11:
2282 case NdisPhysicalMediumBluetooth:
2283 case NdisPhysicalMediumUWB:
2284 case NdisPhysicalMediumIrda:
2285 /*
2286 * Wireless.
2287 */
2288 *flags |= PCAP_IF_WIRELESS;
2289 break;
2290
2291 default:
2292 /*
2293 * Not wireless or unknown
2294 */
2295 break;
2296 }
2297 DIAG_ON_ENUM_SWITCH
2298 }
2299 #endif
2300
2301 /*
2302 * Get the connection status.
2303 */
2304 #ifdef OID_GEN_LINK_STATE
2305 len = sizeof(link_state);
2306 status = oid_get_request(adapter, OID_GEN_LINK_STATE, &link_state,
2307 &len, errbuf);
2308 if (status == 0) {
2309 /*
2310 * NOTE: this also gives us the receive and transmit
2311 * link state.
2312 */
2313 switch (link_state.MediaConnectState) {
2314
2315 case MediaConnectStateConnected:
2316 /*
2317 * It's connected.
2318 */
2319 *flags |= PCAP_IF_CONNECTION_STATUS_CONNECTED;
2320 break;
2321
2322 case MediaConnectStateDisconnected:
2323 /*
2324 * It's disconnected.
2325 */
2326 *flags |= PCAP_IF_CONNECTION_STATUS_DISCONNECTED;
2327 break;
2328
2329 case MediaConnectStateUnknown:
2330 default:
2331 /*
2332 * It's unknown whether it's connected or not.
2333 */
2334 break;
2335 }
2336 }
2337 #else
2338 /*
2339 * OID_GEN_LINK_STATE isn't supported because it's not in our SDK.
2340 */
2341 status = -1;
2342 #endif
2343 if (status == -1) {
2344 /*
2345 * OK, OID_GEN_LINK_STATE didn't work, try
2346 * OID_GEN_MEDIA_CONNECT_STATUS.
2347 */
2348 status = oid_get_request(adapter, OID_GEN_MEDIA_CONNECT_STATUS,
2349 &connect_status, &len, errbuf);
2350 if (status == 0) {
2351 switch (connect_status) {
2352
2353 case NdisMediaStateConnected:
2354 /*
2355 * It's connected.
2356 */
2357 *flags |= PCAP_IF_CONNECTION_STATUS_CONNECTED;
2358 break;
2359
2360 case NdisMediaStateDisconnected:
2361 /*
2362 * It's disconnected.
2363 */
2364 *flags |= PCAP_IF_CONNECTION_STATUS_DISCONNECTED;
2365 break;
2366 }
2367 }
2368 }
2369 PacketCloseAdapter(adapter);
2370 return (0);
2371 }
2372
2373 int
2374 pcapint_platform_finddevs(pcap_if_list_t *devlistp, char *errbuf)
2375 {
2376 int ret = 0;
2377 const char *desc;
2378 char *AdaptersName;
2379 ULONG NameLength;
2380 char *name;
2381
2382 /*
2383 * Find out how big a buffer we need.
2384 *
2385 * This call should always return FALSE; if the error is
2386 * ERROR_INSUFFICIENT_BUFFER, NameLength will be set to
2387 * the size of the buffer we need, otherwise there's a
2388 * problem, and NameLength should be set to 0.
2389 *
2390 * It shouldn't require NameLength to be set, but,
2391 * at least as of WinPcap 4.1.3, it checks whether
2392 * NameLength is big enough before it checks for a
2393 * NULL buffer argument, so, while it'll still do
2394 * the right thing if NameLength is uninitialized and
2395 * whatever junk happens to be there is big enough
2396 * (because the pointer argument will be null), it's
2397 * still reading an uninitialized variable.
2398 */
2399 NameLength = 0;
2400 if (!PacketGetAdapterNames(NULL, &NameLength))
2401 {
2402 DWORD last_error = GetLastError();
2403
2404 if (last_error != ERROR_INSUFFICIENT_BUFFER)
2405 {
2406 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
2407 last_error, "PacketGetAdapterNames");
2408 return (-1);
2409 }
2410 }
2411
2412 if (NameLength <= 0)
2413 return 0;
2414 AdaptersName = (char*) malloc(NameLength);
2415 if (AdaptersName == NULL)
2416 {
2417 snprintf(errbuf, PCAP_ERRBUF_SIZE, "Cannot allocate enough memory to list the adapters.");
2418 return (-1);
2419 }
2420
2421 if (!PacketGetAdapterNames(AdaptersName, &NameLength)) {
2422 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
2423 GetLastError(), "PacketGetAdapterNames");
2424 free(AdaptersName);
2425 return (-1);
2426 }
2427
2428 /*
2429 * "PacketGetAdapterNames()" returned a list of
2430 * null-terminated ASCII interface name strings,
2431 * terminated by a null string, followed by a list
2432 * of null-terminated ASCII interface description
2433 * strings, terminated by a null string.
2434 * This means there are two ASCII nulls at the end
2435 * of the first list.
2436 *
2437 * Find the end of the first list; that's the
2438 * beginning of the second list.
2439 */
2440 desc = &AdaptersName[0];
2441 while (*desc != '\0' || *(desc + 1) != '\0')
2442 desc++;
2443
2444 /*
2445 * Found it - "desc" points to the first of the two
2446 * nulls at the end of the list of names, so the
2447 * first byte of the list of descriptions is two bytes
2448 * after it.
2449 */
2450 desc += 2;
2451
2452 /*
2453 * Loop over the elements in the first list.
2454 */
2455 name = &AdaptersName[0];
2456 while (*name != '\0') {
2457 bpf_u_int32 flags = 0;
2458
2459 #ifdef HAVE_AIRPCAP_API
2460 /*
2461 * Is this an AirPcap device?
2462 * If so, ignore it; it'll get added later, by the
2463 * AirPcap code.
2464 */
2465 if (device_is_airpcap(name, errbuf) == 1) {
2466 name += strlen(name) + 1;
2467 desc += strlen(desc) + 1;
2468 continue;
2469 }
2470 #endif
2471
2472 #ifdef HAVE_PACKET_IS_LOOPBACK_ADAPTER
2473 /*
2474 * Is this a loopback interface?
2475 */
2476 if (PacketIsLoopbackAdapter(name)) {
2477 /* Yes */
2478 flags |= PCAP_IF_LOOPBACK;
2479 }
2480 #endif
2481 /*
2482 * Get additional flags.
2483 */
2484 if (get_if_flags(name, &flags, errbuf) == -1) {
2485 /*
2486 * Failure.
2487 */
2488 ret = -1;
2489 break;
2490 }
2491
2492 /*
2493 * Add an entry for this interface.
2494 */
2495 if (pcap_add_if_npf(devlistp, name, flags, desc,
2496 errbuf) == -1) {
2497 /*
2498 * Failure.
2499 */
2500 ret = -1;
2501 break;
2502 }
2503 name += strlen(name) + 1;
2504 desc += strlen(desc) + 1;
2505 }
2506
2507 free(AdaptersName);
2508 return (ret);
2509 }
2510
2511 /*
2512 * Return the name of a network interface attached to the system, or NULL
2513 * if none can be found. The interface must be configured up; the
2514 * lowest unit number is preferred; loopback is ignored.
2515 *
2516 * In the best of all possible worlds, this would be the same as on
2517 * UN*X, but there may be software that expects this to return a
2518 * full list of devices after the first device.
2519 */
2520 #define ADAPTERSNAME_LEN 8192
2521 char *
2522 pcap_lookupdev(char *errbuf)
2523 {
2524 DWORD dwVersion;
2525 DWORD dwWindowsMajorVersion;
2526
2527 /*
2528 * We disable this in "new API" mode, because 1) in WinPcap/Npcap,
2529 * it may return UTF-16 strings, for backwards-compatibility
2530 * reasons, and we're also disabling the hack to make that work,
2531 * for not-going-past-the-end-of-a-string reasons, and 2) we
2532 * want its behavior to be consistent.
2533 *
2534 * In addition, it's not thread-safe, so we've marked it as
2535 * deprecated.
2536 */
2537 if (pcapint_new_api) {
2538 snprintf(errbuf, PCAP_ERRBUF_SIZE,
2539 "pcap_lookupdev() is deprecated and is not supported in programs calling pcap_init()");
2540 return (NULL);
2541 }
2542
2543 /* disable MSVC's GetVersion() deprecated warning here */
2544 DIAG_OFF_DEPRECATION
2545 dwVersion = GetVersion(); /* get the OS version */
2546 DIAG_ON_DEPRECATION
2547 dwWindowsMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));
2548
2549 if (dwVersion >= 0x80000000 && dwWindowsMajorVersion >= 4) {
2550 /*
2551 * Windows 95, 98, ME.
2552 */
2553 ULONG NameLength = ADAPTERSNAME_LEN;
2554 static char AdaptersName[ADAPTERSNAME_LEN];
2555
2556 if (PacketGetAdapterNames(AdaptersName,&NameLength) )
2557 return (AdaptersName);
2558 else
2559 return NULL;
2560 } else {
2561 /*
2562 * Windows NT (NT 4.0 and later).
2563 * Convert the names to Unicode for backward compatibility.
2564 */
2565 ULONG NameLength = ADAPTERSNAME_LEN;
2566 static WCHAR AdaptersName[ADAPTERSNAME_LEN];
2567 size_t BufferSpaceLeft;
2568 char *tAstr;
2569 WCHAR *Unameptr;
2570 char *Adescptr;
2571 size_t namelen, i;
2572 WCHAR *TAdaptersName = (WCHAR*)malloc(ADAPTERSNAME_LEN * sizeof(WCHAR));
2573 int NAdapts = 0;
2574
2575 if(TAdaptersName == NULL)
2576 {
2577 (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "memory allocation failure");
2578 return NULL;
2579 }
2580
2581 if ( !PacketGetAdapterNames((PTSTR)TAdaptersName,&NameLength) )
2582 {
2583 pcapint_fmt_errmsg_for_win32_err(errbuf, PCAP_ERRBUF_SIZE,
2584 GetLastError(), "PacketGetAdapterNames");
2585 free(TAdaptersName);
2586 return NULL;
2587 }
2588
2589
2590 BufferSpaceLeft = ADAPTERSNAME_LEN * sizeof(WCHAR);
2591 tAstr = (char*)TAdaptersName;
2592 Unameptr = AdaptersName;
2593
2594 /*
2595 * Convert the device names to Unicode into AdapterName.
2596 */
2597 do {
2598 /*
2599 * Length of the name, including the terminating
2600 * NUL.
2601 */
2602 namelen = strlen(tAstr) + 1;
2603
2604 /*
2605 * Do we have room for the name in the Unicode
2606 * buffer?
2607 */
2608 if (BufferSpaceLeft < namelen * sizeof(WCHAR)) {
2609 /*
2610 * No.
2611 */
2612 goto quit;
2613 }
2614 BufferSpaceLeft -= namelen * sizeof(WCHAR);
2615
2616 /*
2617 * Copy the name, converting ASCII to Unicode.
2618 * namelen includes the NUL, so we copy it as
2619 * well.
2620 */
2621 for (i = 0; i < namelen; i++)
2622 *Unameptr++ = *tAstr++;
2623
2624 /*
2625 * Count this adapter.
2626 */
2627 NAdapts++;
2628 } while (namelen != 1);
2629
2630 /*
2631 * Copy the descriptions, but don't convert them from
2632 * ASCII to Unicode.
2633 */
2634 Adescptr = (char *)Unameptr;
2635 while(NAdapts--)
2636 {
2637 size_t desclen;
2638
2639 desclen = strlen(tAstr) + 1;
2640
2641 /*
2642 * Do we have room for the name in the Unicode
2643 * buffer?
2644 */
2645 if (BufferSpaceLeft < desclen) {
2646 /*
2647 * No.
2648 */
2649 goto quit;
2650 }
2651
2652 /*
2653 * Just copy the ASCII string.
2654 * namelen includes the NUL, so we copy it as
2655 * well.
2656 */
2657 memcpy(Adescptr, tAstr, desclen);
2658 Adescptr += desclen;
2659 tAstr += desclen;
2660 BufferSpaceLeft -= desclen;
2661 }
2662
2663 quit:
2664 free(TAdaptersName);
2665 return (char *)(AdaptersName);
2666 }
2667 }
2668
2669 /*
2670 * We can't use the same code that we use on UN*X, as that's doing
2671 * UN*X-specific calls.
2672 *
2673 * We don't just fetch the entire list of devices, search for the
2674 * particular device, and use its first IPv4 address, as that's too
2675 * much work to get just one device's netmask.
2676 */
2677 int
2678 pcap_lookupnet(const char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp,
2679 char *errbuf)
2680 {
2681 /*
2682 * We need only the first IPv4 address, so we must scan the array returned by PacketGetNetInfo()
2683 * in order to skip non IPv4 (i.e. IPv6 addresses)
2684 */
2685 npf_if_addr if_addrs[MAX_NETWORK_ADDRESSES];
2686 LONG if_addr_size = MAX_NETWORK_ADDRESSES;
2687 struct sockaddr_in *t_addr;
2688 LONG i;
2689
2690 if (!PacketGetNetInfoEx((void *)device, if_addrs, &if_addr_size)) {
2691 *netp = *maskp = 0;
2692 return (0);
2693 }
2694
2695 for(i = 0; i < if_addr_size; i++)
2696 {
2697 if(if_addrs[i].IPAddress.ss_family == AF_INET)
2698 {
2699 t_addr = (struct sockaddr_in *) &(if_addrs[i].IPAddress);
2700 *netp = t_addr->sin_addr.S_un.S_addr;
2701 t_addr = (struct sockaddr_in *) &(if_addrs[i].SubnetMask);
2702 *maskp = t_addr->sin_addr.S_un.S_addr;
2703
2704 *netp &= *maskp;
2705 return (0);
2706 }
2707
2708 }
2709
2710 *netp = *maskp = 0;
2711 return (0);
2712 }
2713
2714 static const char *pcap_lib_version_string;
2715
2716 #ifdef HAVE_VERSION_H
2717 /*
2718 * libpcap being built for Windows, as part of a WinPcap/Npcap source
2719 * tree. Include version.h from that source tree to get the WinPcap/Npcap
2720 * version.
2721 *
2722 * XXX - it'd be nice if we could somehow generate the WinPcap/Npcap version
2723 * number when building as part of WinPcap/Npcap. (It'd be nice to do so
2724 * for the packet.dll version number as well.)
2725 */
2726 #include "../../version.h"
2727
2728 static const char pcap_version_string[] =
2729 WINPCAP_PRODUCT_NAME " version " WINPCAP_VER_STRING ", based on " PCAP_VERSION_STRING;
2730
2731 const char *
2732 pcap_lib_version(void)
2733 {
2734 if (pcap_lib_version_string == NULL) {
2735 /*
2736 * Generate the version string.
2737 */
2738 const char *packet_version_string = PacketGetVersion();
2739
2740 if (strcmp(WINPCAP_VER_STRING, packet_version_string) == 0) {
2741 /*
2742 * WinPcap/Npcap version string and packet.dll version
2743 * string are the same; just report the WinPcap/Npcap
2744 * version.
2745 */
2746 pcap_lib_version_string = pcap_version_string;
2747 } else {
2748 /*
2749 * WinPcap/Npcap version string and packet.dll version
2750 * string are different; that shouldn't be the
2751 * case (the two libraries should come from the
2752 * same version of WinPcap/Npcap), so we report both
2753 * versions.
2754 */
2755 char *full_pcap_version_string;
2756
2757 if (pcapint_asprintf(&full_pcap_version_string,
2758 WINPCAP_PRODUCT_NAME " version " WINPCAP_VER_STRING " (packet.dll version %s), based on " PCAP_VERSION_STRING,
2759 packet_version_string) != -1) {
2760 /* Success */
2761 pcap_lib_version_string = full_pcap_version_string;
2762 }
2763 }
2764 }
2765 return (pcap_lib_version_string);
2766 }
2767
2768 #else /* HAVE_VERSION_H */
2769
2770 /*
2771 * libpcap being built for Windows, not as part of a WinPcap/Npcap source
2772 * tree.
2773 */
2774 const char *
2775 pcap_lib_version(void)
2776 {
2777 if (pcap_lib_version_string == NULL) {
2778 /*
2779 * Generate the version string. Report the packet.dll
2780 * version.
2781 */
2782 char *full_pcap_version_string;
2783
2784 if (pcapint_asprintf(&full_pcap_version_string,
2785 PCAP_VERSION_STRING " (packet.dll version %s)",
2786 PacketGetVersion()) != -1) {
2787 /* Success */
2788 pcap_lib_version_string = full_pcap_version_string;
2789 }
2790 }
2791 return (pcap_lib_version_string);
2792 }
2793 #endif /* HAVE_VERSION_H */
[mirror] the LIBpcap interface to various kernel packet capture mechanism