]> The Tcpdump Group git mirrors - libpcap/blob - pcap-linux.c
projects / libpcap / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added support for an "any" device based on a patch from Sebastian Krahmer.
[libpcap] / pcap-linux.c
1 /*
2 * pcap-linux.c: Packet capture interface to the Linux kernel
3 *
4 * Copyright (c) 2000 Torsten Landschoff <torsten@debian.org>
5 * Sebastian Krahmer <krahmer@cs.uni-potsdam.de>
6 *
7 * License: BSD
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 * 3. The names of the authors may not be used to endorse or promote
20 * products derived from this software without specific prior
21 * written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
25 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
26 */
27 #ifndef lint
28 static const char rcsid[] =
29 "@(#) $Header: /tcpdump/master/libpcap/pcap-linux.c,v 1.30 2000-09-20 15:10:29 torsten Exp $ (LBL)";
30 #endif
31
32 /*
33 * Known bugs:
34 * - setting promiscuous on loopback gives every packet twice
35 */
36
37
38 #ifdef HAVE_CONFIG_H
39 #include "config.h"
40 #endif
41
42 #include "pcap-int.h"
43
44 #include <errno.h>
45 #include <stdlib.h>
46 #include <unistd.h>
47 #include <fcntl.h>
48 #include <string.h>
49 #include <sys/socket.h>
50 #include <sys/ioctl.h>
51 #include <net/if.h>
52 #include <netinet/in.h>
53 #include <linux/if_ether.h>
54 #include <netinet/if_ether.h>
55
56 #ifdef HAVE_NETPACKET_PACKET_H
57 #include <netpacket/packet.h>
58 #endif
59 #ifdef SO_ATTACH_FILTER
60 #include <linux/types.h>
61 #include <linux/filter.h>
62 #endif
63
64 #ifndef __GLIBC__
65 typedef int socklen_t;
66 #endif
67
68 #ifndef MSG_TRUNC
69 #define MSG_TRUNC 0
70 #endif
71
72 #define MAX_LINKHEADER_SIZE 256
73
74 /*
75 * When capturing on all interfaces we use this as the buffer size.
76 * Should be bigger then all MTUs that occur in real life.
77 * 64kB should be enough for now.
78 */
79 #define BIGGER_THAN_ALL_MTUS (64*1024)
80
81 /*
82 * Prototypes for internal functions
83 */
84 static int map_arphrd_to_dlt(int arptype );
85 static int live_open_old(pcap_t *, char *, int, int, char *);
86 static int live_open_new(pcap_t *, char *, int, int, char *);
87 static int pcap_read_packet(pcap_t *, pcap_handler, u_char *);
88
89 /*
90 * Wrap some ioctl calls
91 */
92 static int iface_get_id(int fd, const char *device, char *ebuf);
93 static int iface_get_mtu(int fd, const char *device, char *ebuf);
94 static int iface_get_arptype(int fd, const char *device, char *ebuf);
95 static int iface_bind(int fd, int ifindex, char *ebuf);
96 static int iface_bind_old(int fd, const char *device, char *ebuf);
97
98 /*
99 * Get a handle for a live capture from the given device. You can
100 * pass NULL as device to get all packages (without link level
101 * information of course). If you pass 1 as promisc the interface
102 * will be set to promiscous mode (XXX: I think this usage should
103 * be deprecated and functions be added to select that later allow
104 * modification of that values -- Torsten).
105 *
106 * See also pcap(3).
107 */
108 pcap_t *
109 pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
110 {
111 /* Allocate a handle for this session. */
112
113 pcap_t *handle = malloc(sizeof(*handle));
114 if (handle == NULL) {
115 snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
116 pcap_strerror(errno));
117 return NULL;
118 }
119
120 /* Initialize some components of the pcap structure. */
121
122 memset(handle, 0, sizeof(*handle));
123 handle->snapshot = snaplen;
124 handle->md.timeout = to_ms;
125 handle->md.promisc = promisc;
126
127 /*
128 * NULL and "any" are special devices which give us the hint to
129 * monitor all devices.
130 */
131 if (!device || strcmp(device, "any") == 0) {
132 device = NULL;
133 handle->md.device = strdup("any");
134 } else
135 handle->md.device = strdup(device);
136
137 if (handle->md.device == NULL) {
138 snprintf(ebuf, PCAP_ERRBUF_SIZE, "strdup: %s",
139 pcap_strerror(errno) );
140 free(handle);
141 return NULL;
142 }
143
144 /*
145 * Current Linux kernels use the protocol family PF_PACKET to
146 * allow direct access to all packets on the network while
147 * older kernels had a special socket type SOCK_PACKET to
148 * implement this feature.
149 * While this old implementation is kind of obsolete we need
150 * to be compatible with older kernels for a while so we are
151 * trying both methods with the newer method preferred.
152 */
153
154 if (! (live_open_new(handle, device, promisc, to_ms, ebuf) ||
155 live_open_old(handle, device, promisc, to_ms, ebuf)) )
156 {
157 /*
158 * Both methods to open the packet socket failed. Tidy
159 * up and report our failure (ebuf is expected to be
160 * set by the functions above).
161 */
162
163 free(handle->md.device);
164 free(handle);
165 return NULL;
166 }
167
168 /*
169 * Okay, now we have a packet stream open. Maybe we need to handle
170 * a timeout? In that case we set the filehandle to nonblocking
171 * so pcap_read can try reading the fd and call select if no data
172 * is available at first.
173 */
174
175 if (to_ms > 0) {
176 int flags = fcntl(handle->fd, F_GETFL);
177 if (flags != -1) {
178 flags |= O_NONBLOCK;
179 flags = fcntl(handle->fd, F_SETFL, flags);
180 }
181 if (flags == -1) {
182 snprintf(ebuf, PCAP_ERRBUF_SIZE, "fcntl: %s",
183 pcap_strerror(errno));
184 pcap_close(handle);
185 return NULL;
186 }
187 }
188
189 return handle;
190 }
191
192 /*
193 * Read at most max_packets from the capture stream and call the callback
194 * for each of them. Returns the number of packets handled or -1 if an
195 * error occured.
196 *
197 * XXX: Can I rely on the Linux-specified behaviour of select (returning
198 * the time left in the timeval structure)? I really don't want to query
199 * the system time before each select call...
200 *
201 * pcap_read currently gets not only a packet from the kernel but also
202 * the sockaddr_ll returned as source of the packet. This way we can at
203 * some time extend tcpdump and libpcap to sniff on all devices at a time
204 * and find the right printing routine by using the information in the
205 * sockaddr_ll structure.
206 */
207 int
208 pcap_read(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user)
209 {
210 int status, packets;
211 fd_set read_fds;
212 struct timeval tv;
213
214 /*
215 * Fill in a timeval structure for select if we need to obeye a
216 * timeout.
217 */
218 if (handle->md.timeout > 0) {
219 tv.tv_usec = (handle->md.timeout % 1000) * 1000;
220 tv.tv_sec = (handle->md.timeout / 1000);
221 }
222
223 /*
224 * Read packets until the packet limit has been reached or
225 * an error occured while reading. Call the user function
226 * for each received packet.
227 */
228 for (packets = 0; max_packets == -1 || packets < max_packets;)
229 {
230 status = pcap_read_packet(handle, callback, user);
231
232 if (status > 0) {
233 packets += status;
234 continue;
235 } else if (status == -1)
236 return -1;
237
238 /*
239 * If no packet is available we go to sleep. FIXME: This
240 * might be better implemented using poll(?)
241 */
242 FD_ZERO(&read_fds);
243 FD_SET(handle->fd, &read_fds);
244 status = select(handle->fd + 1,
245 &read_fds, NULL, NULL, &tv);
246 if (status == -1) {
247 snprintf(handle->errbuf, sizeof(handle->errbuf),
248 "select: %s", pcap_strerror(errno));
249 return -1;
250 } else if (status == 0 ||
251 (tv.tv_usec == 0 && tv.tv_sec == 0))
252 return packets;
253 }
254
255 return packets;
256 }
257
258 /*
259 * Read a packet from the socket calling the handler provided by
260 * the user. Returns the number of packets received or -1 if an
261 * error occured.
262 */
263 static int
264 pcap_read_packet(pcap_t *handle, pcap_handler callback, u_char *userdata)
265 {
266 struct sockaddr from;
267 socklen_t fromlen;
268 int packet_len, caplen;
269 struct pcap_pkthdr pcap_header;
270
271 /*
272 * We don't currently use the from return value of recvfrom but
273 * this will probably be implemented in the future.
274 */
275
276 /* Receive a single packet from the kernel */
277
278 do {
279 fromlen = sizeof(from);
280 packet_len = recvfrom(
281 handle->fd, handle->buffer + handle->offset,
282 handle->snapshot, MSG_TRUNC,
283 (struct sockaddr *) &from, &fromlen);
284 } while (packet_len == -1 && errno == EINTR);
285
286 /* Check if an error occured */
287
288 if (packet_len == -1) {
289 if (errno == EAGAIN)
290 return 0; /* no packet there */
291 else {
292 snprintf(handle->errbuf, sizeof(handle->errbuf),
293 "recvfrom: %s", pcap_strerror(errno));
294 return -1;
295 }
296 }
297
298 /*
299 * XXX: According to the kernel source we should get the real
300 * packet len if calling recvfrom with MSG_TRUNC set. It does
301 * not seem to work here :(, but it is supported by this code
302 * anyway.
303 * To be honest the code RELIES on that feature so this is really
304 * broken with 2.2.x kernels.
305 * I spend a day to figure out what's going on and I found out
306 * that the following is happening:
307 *
308 * The packet comes from a random interface and the packet_rcv
309 * hook is called with a clone of the packet. That code inserts
310 * the packet into the receive queue of the packet socket.
311 * If a filter is attached to that socket that filter is run
312 * first - and there lies the problem. The default filter always
313 * cuts the packet at the snaplen:
314 *
315 * # tcpdump -d
316 * (000) ret #68
317 *
318 * So the packet filter cuts down the packet. The recvfrom call
319 * says "hey, it's only 68 bytes, it fits into the buffer" with
320 * the result that we don't get the real packet length. This
321 * is valid at least until kernel 2.2.17pre6.
322 *
323 * tcpdump is currently fixed by changing the BPF code generator
324 * to not truncate the received packet.
325 */
326
327 caplen = packet_len;
328 if (caplen > handle->snapshot)
329 caplen = handle->snapshot;
330
331 /* Run the packet filter if not using kernel filter */
332 if (!handle->md.use_bpf && handle->fcode.bf_insns) {
333 if (bpf_filter(handle->fcode.bf_insns, handle->buffer,
334 packet_len, caplen) == 0)
335 {
336 /* rejected by filter */
337 return 0;
338 }
339 }
340
341 /* Fill in our own header data */
342
343 if (ioctl(handle->fd, SIOCGSTAMP, &pcap_header.ts) == -1) {
344 snprintf(handle->errbuf, sizeof(handle->errbuf),
345 "ioctl: %s", pcap_strerror(errno));
346 return -1;
347 }
348 pcap_header.caplen = caplen;
349 pcap_header.len = packet_len;
350
351 /* Call the user supplied callback function */
352 handle->md.stat.ps_recv++;
353 callback(userdata, &pcap_header, handle->buffer + handle->offset);
354
355 return 1;
356 }
357
358 /*
359 * Get the statistics for the given packet capture handle.
360 * FIXME: Currently does not report the number of dropped packets.
361 */
362 int
363 pcap_stats(pcap_t *handle, struct pcap_stat *stats)
364 {
365 *stats = handle->md.stat;
366 return 0;
367 }
368
369 /*
370 * Attach the given BPF code to the packet capture device.
371 */
372 int
373 pcap_setfilter(pcap_t *handle, struct bpf_program *filter)
374 {
375 #ifdef SO_ATTACH_FILTER
376 struct sock_fprog fcode;
377 #endif
378
379 if (!handle)
380 return -1;
381 if (!filter) {
382 strncpy(handle->errbuf, "setfilter: No filter specified",
383 sizeof(handle->errbuf));
384 return -1;
385 }
386
387 /* Free old filter code if existing */
388
389 handle->fcode.bf_len = 0;
390 if (handle->fcode.bf_insns) {
391 free(handle->fcode.bf_insns);
392 handle->fcode.bf_insns = NULL;
393 }
394
395
396 /* Make our private copy of the filter */
397
398 handle->fcode.bf_len = filter->bf_len;
399 handle->fcode.bf_insns =
400 malloc(filter->bf_len * sizeof(*filter->bf_insns));
401 if (handle->fcode.bf_insns == NULL) {
402 snprintf(handle->errbuf, sizeof(handle->errbuf),
403 "malloc: %s", pcap_strerror(errno));
404 return -1;
405 }
406 memcpy(handle->fcode.bf_insns, filter->bf_insns,
407 filter->bf_len * sizeof(*filter->bf_insns));
408
409 /*
410 * Run user level packet filter by default. Will be overriden if
411 * installing a kernel filter succeeds.
412 */
413 handle->md.use_bpf = 0;
414
415 /* Install kernel level filter if possible */
416
417 #ifdef SO_ATTACH_FILTER
418 /*
419 * Oh joy, the Linux kernel uses struct sock_fprog instead of
420 * struct bpf_program and of course the length field is of
421 * different size. Pointed out by Sebastian
422 */
423
424 fcode.filter = (struct sock_filter *) handle->fcode.bf_insns;
425 fcode.len = filter->bf_len;
426 #ifdef USHRT_MAX
427 if (filter->bf_len > USHRT_MAX) {
428 /*
429 * fcode.len is an unsigned short for current kernel.
430 * I have yet to see BPF-Code with that much instructions
431 * but still it is possible. So for the sake of
432 * correctness I added this check.
433 */
434 fprintf(stderr, "Warning: Filter to complex for kernel\n");
435 }
436 else
437 #endif
438 if (setsockopt(handle->fd, SOL_SOCKET, SO_ATTACH_FILTER,
439 &fcode, sizeof(fcode)) == 0)
440 {
441 /* Installation succeded - using kernel filter. */
442 handle->md.use_bpf = 1;
443 }
444 else
445 {
446 /*
447 * Print a warning if kernel filter available but a problem
448 * occured using it.
449 */
450 if (errno != ENOPROTOOPT && errno != EOPNOTSUPP) {
451 fprintf(stderr, "Warning: Kernel filter failed: %s\n",
452 pcap_strerror(errno));
453 }
454 }
455 #endif
456
457 return 0;
458 }
459
460 /*
461 * Linux uses the ARP hardware type to identify the type of an
462 * interface. pcap uses the PCAP_ENCAP_xxx constants for this. This
463 * function maps the ARPHRD_xxx constant to an appropriate
464 * PCAP_ENCAP__xxx constant.
465 * FIXME: This function is inappropriately named after the namechange
466 * DLT -> PCAP_ENCAP.
467 *
468 * Returns -1 if unable to map the type.
469 */
470 static int map_arphrd_to_dlt(int arptype)
471 {
472 switch (arptype) {
473 case ARPHRD_ETHER:
474 case ARPHRD_METRICOM:
475 case ARPHRD_LOOPBACK:
476 return PCAP_ENCAP_ETHERNET;
477
478 case ARPHRD_EETHER:
479 return PCAP_ENCAP_EXP_ETHERNET;
480
481 case ARPHRD_AX25:
482 return PCAP_ENCAP_AX25;
483
484 case ARPHRD_PRONET:
485 return PCAP_ENCAP_PRONET;
486
487 case ARPHRD_CHAOS:
488 return PCAP_ENCAP_CHAOS;
489
490 case ARPHRD_IEEE802:
491 return PCAP_ENCAP_TOKEN_RING;
492
493 case ARPHRD_ARCNET:
494 return PCAP_ENCAP_ARCNET;
495
496 case ARPHRD_FDDI:
497 return PCAP_ENCAP_FDDI;
498
499 #ifndef ARPHRD_ATM /* FIXME: How to #include this? */
500 #define ARPHRD_ATM 19
501 #endif
502 case ARPHRD_ATM:
503 return PCAP_ENCAP_ATM_CLIP;
504
505 case ARPHRD_PPP:
506 case ARPHRD_CSLIP:
507 case ARPHRD_SLIP6:
508 case ARPHRD_CSLIP6:
509 case ARPHRD_SLIP:
510 return PCAP_ENCAP_RAW;
511 }
512
513 return -1;
514 }
515
516 /* ===== Functions to interface to the newer kernels ================== */
517
518 /*
519 * Try to open a packet socket using the new kernel interface.
520 * Returns 0 on failure.
521 * FIXME: 0 uses to mean success (Sebastian)
522 */
523 static int
524 live_open_new(pcap_t *handle, char *device, int promisc,
525 int to_ms, char *ebuf)
526 {
527 #ifdef HAVE_NETPACKET_PACKET_H
528 int sock_fd = -1, device_id, mtu, arptype;
529 struct packet_mreq mr;
530
531 /* One shot loop used for error handling - bail out with break */
532
533 do {
534 /*
535 * Open a socket with protocol family packet. If a device is
536 * given we try to open it in raw mode otherwise we use
537 * the cooked interface.
538 */
539 sock_fd = device ?
540 socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))
541 : socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL));
542
543 if (sock_fd == -1) {
544 snprintf(ebuf, PCAP_ERRBUF_SIZE, "socket: %s",
545 pcap_strerror(errno) );
546 break;
547 }
548
549 /* It seems the kernel supports the new interface. */
550 handle->md.sock_packet = 0;
551
552 /*
553 * What kind of frames do we have to deal with? Fall back
554 * to cooked mode if we have an unknown interface type.
555 */
556
557 if (device) {
558 arptype = iface_get_arptype(sock_fd, device, ebuf);
559 if (arptype == -1)
560 break;
561 handle->linktype = map_arphrd_to_dlt(arptype);
562 } else
563 handle->linktype = PCAP_ENCAP_RAW;
564
565 if (handle->linktype == -1) {
566 /* Unknown interface type - reopen in cooked mode */
567
568 if (close(sock_fd) == -1) {
569 snprintf(ebuf, PCAP_ERRBUF_SIZE,
570 "close: %s", pcap_strerror(errno));
571 break;
572 }
573 sock_fd = socket(PF_PACKET, SOCK_DGRAM,
574 htons(ETH_P_ALL));
575 if (sock_fd == -1) {
576 snprintf(ebuf, PCAP_ERRBUF_SIZE,
577 "socket: %s", pcap_strerror(errno));
578 break;
579 }
580
581 fprintf(stderr,
582 "Warning: Falling back to cooked socket\n");
583 handle->linktype = PCAP_ENCAP_RAW;
584 }
585
586
587 if (device) {
588 device_id = iface_get_id(sock_fd, device, ebuf);
589 if (device_id == -1)
590 break;
591
592 if (iface_bind(sock_fd, device_id, ebuf) == -1)
593 break;
594 }
595
596 /* Select promiscous mode on/off */
597
598 #ifdef SOL_PACKET
599 /*
600 * Hmm, how can we set promiscuous mode on all interfaces?
601 * I am not sure if that is possible at all.
602 */
603
604 if (device) {
605 memset(&mr, 0, sizeof(mr));
606 mr.mr_ifindex = device_id;
607 mr.mr_type = promisc ?
608 PACKET_MR_PROMISC : PACKET_MR_ALLMULTI;
609 if (setsockopt(sock_fd, SOL_PACKET,
610 PACKET_ADD_MEMBERSHIP, &mr, sizeof(mr)) == -1)
611 {
612 snprintf(ebuf, PCAP_ERRBUF_SIZE,
613 "setsockopt: %s", pcap_strerror(errno));
614 break;
615 }
616 }
617 #endif
618
619 /* Compute the buffersize */
620
621 mtu = iface_get_mtu(sock_fd, device, ebuf);
622 if (mtu == -1)
623 break;
624 handle->bufsize = MAX_LINKHEADER_SIZE + mtu;
625
626 /* Fill in the pcap structure */
627
628 handle->fd = sock_fd;
629 handle->offset = 0;
630
631 handle->buffer = malloc(handle->bufsize);
632 if (!handle->buffer) {
633 snprintf(ebuf, PCAP_ERRBUF_SIZE,
634 "malloc: %s", pcap_strerror(errno));
635 break;
636 }
637
638 return 1;
639
640 } while(0);
641
642 if (sock_fd != -1)
643 close(sock_fd);
644 return 0;
645 #else
646 strncpy(ebuf,
647 "New packet capturing interface not supported by build "
648 "environment", PCAP_ERRBUF_SIZE);
649 return 0;
650 #endif
651 }
652
653 #ifdef HAVE_NETPACKET_PACKET_H
654 /*
655 * Return the index of the given device name. Fill ebuf and return
656 * -1 on failure.
657 */
658 static int
659 iface_get_id(int fd, const char *device, char *ebuf)
660 {
661 struct ifreq ifr;
662
663 memset(&ifr, 0, sizeof(ifr));
664 strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
665
666 if (ioctl(fd, SIOCGIFINDEX, &ifr) == -1) {
667 snprintf(ebuf, PCAP_ERRBUF_SIZE,
668 "ioctl: %s", pcap_strerror(errno));
669 return -1;
670 }
671
672 return ifr.ifr_ifindex;
673 }
674
675 /*
676 * Bind the socket associated with FD to the given device.
677 */
678 static int
679 iface_bind(int fd, int ifindex, char *ebuf)
680 {
681 struct sockaddr_ll sll;
682
683 memset(&sll, 0, sizeof(sll));
684 sll.sll_family = AF_PACKET;
685 sll.sll_ifindex = ifindex;
686 sll.sll_protocol = htons(ETH_P_ALL);
687
688 if (bind(fd, (struct sockaddr *) &sll, sizeof(sll)) == -1) {
689 snprintf(ebuf, PCAP_ERRBUF_SIZE,
690 "bind: %s", pcap_strerror(errno));
691 return -1;
692 }
693
694 return 0;
695 }
696
697 #endif
698
699
700 /* ===== Functions to interface to the older kernels ================== */
701
702 /*
703 * With older kernels promiscuous mode is kind of interesting because we
704 * have to reset the interface before exiting. The problem can't really
705 * be solved without some daemon taking care of managing usage counts.
706 * We save the promiscuous state of the device when opening the capture
707 * stream and arrange for it to be reset on process exit.
708 *
709 * XXX: This solution is still not correct even for this case. The
710 * devices stay in promiscuous mode until the process exits. I need to
711 * modify pcap_close to solve this.
712 */
713
714 /*
715 * The device name and the interface flags to be restored at exit
716 */
717 struct ifreq restore_ifr;
718
719 static void restore_interface( void )
720 {
721 int status = socket(PF_INET, SOCK_PACKET, 0);
722
723 if (status != -1)
724 status = ioctl(status, SIOCSIFFLAGS, &restore_ifr);
725
726 if (status == -1) {
727 fprintf(stderr,
728 "Can't restore interface flags. Please adjust manually. \n"
729 "Hint: This can't happen with Linux >= 2.2.0.\n");
730 }
731 }
732
733 /*
734 * Try to open a packet socket using the old kernel interface.
735 * Returns 0 on failure.
736 * FIXME: 0 uses to mean success (Sebastian)
737 */
738 static int
739 live_open_old(pcap_t *handle, char *device, int promisc,
740 int to_ms, char *ebuf)
741 {
742 int sock_fd = -1, mtu, arptype;
743 struct ifreq ifr;
744
745 do {
746 /* Open the socket */
747
748 sock_fd = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL));
749 if (sock_fd == -1) {
750 snprintf(ebuf, PCAP_ERRBUF_SIZE,
751 "socket: %s", pcap_strerror(errno));
752 break;
753 }
754
755 /* It worked - we are using the old interface */
756 handle->md.sock_packet = 1;
757
758 /* Bind to the given device */
759
760 if (!device) {
761 strncpy(ebuf, "pcap_open_live: No interface given",
762 PCAP_ERRBUF_SIZE);
763 break;
764 }
765 if (iface_bind_old(sock_fd, device, ebuf) == -1)
766 break;
767
768 /* Go to promisc mode */
769 if (promisc) {
770 memset(&ifr, 0, sizeof(ifr));
771 strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
772 if (ioctl(sock_fd, SIOCGIFFLAGS, &ifr) == -1) {
773 snprintf(ebuf, PCAP_ERRBUF_SIZE,
774 "ioctl: %s", pcap_strerror(errno));
775 break;
776 }
777 if ((ifr.ifr_flags & IFF_PROMISC) == 0) {
778 restore_ifr = ifr;
779 ifr.ifr_flags |= IFF_PROMISC;
780 if (ioctl(sock_fd, SIOCSIFFLAGS, &ifr) == -1) {
781 snprintf(ebuf, PCAP_ERRBUF_SIZE,
782 "ioctl: %s",
783 pcap_strerror(errno));
784 break;
785 }
786 if (atexit(restore_interface) == -1) {
787 restore_interface();
788 strncpy(ebuf, "atexit failed",
789 PCAP_ERRBUF_SIZE);
790 break;
791 }
792 }
793 }
794
795
796 /* Compute the buffersize */
797
798 mtu = iface_get_mtu(sock_fd, device, ebuf);
799 if (mtu == -1)
800 break;
801 handle->bufsize = MAX_LINKHEADER_SIZE + mtu;
802
803 /* All done - fill in the pcap handle */
804
805 arptype = iface_get_arptype(sock_fd, device, ebuf);
806 if (arptype == -1)
807 break;
808
809 handle->fd = sock_fd;
810 handle->offset = 0;
811 handle->linktype = map_arphrd_to_dlt(arptype);
812 if (handle->linktype == -1) {
813 snprintf(ebuf, PCAP_ERRBUF_SIZE,
814 "interface type of %s not supported", device);
815 break;
816 }
817 handle->buffer = malloc(handle->bufsize);
818 if (!handle->buffer) {
819 snprintf(ebuf, PCAP_ERRBUF_SIZE,
820 "malloc: %s", pcap_strerror(errno));
821 break;
822 }
823
824 return 1;
825
826 } while (0);
827
828 if (sock_fd != -1)
829 close(sock_fd);
830 return 0;
831 }
832
833 /*
834 * Bind the socket associated with FD to the given device using the
835 * interface of the old kernels.
836 */
837 static int
838 iface_bind_old(int fd, const char *device, char *ebuf)
839 {
840 struct sockaddr saddr;
841
842 memset(&saddr, 0, sizeof(saddr));
843 strncpy(saddr.sa_data, device, sizeof(saddr.sa_data));
844 if (bind(fd, &saddr, sizeof(saddr)) == -1) {
845 snprintf(ebuf, PCAP_ERRBUF_SIZE,
846 "bind: %s", pcap_strerror(errno));
847 return -1;
848 }
849
850 return 0;
851 }
852
853
854 /* ===== System calls available on all supported kernels ============== */
855
856 /*
857 * Query the kernel for the MTU of the given interface.
858 */
859 static int
860 iface_get_mtu(int fd, const char *device, char *ebuf)
861 {
862 struct ifreq ifr;
863
864 if (!device)
865 return BIGGER_THAN_ALL_MTUS;
866
867 memset(&ifr, 0, sizeof(ifr));
868 strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
869
870 if (ioctl(fd, SIOCGIFMTU, &ifr) == -1) {
871 snprintf(ebuf, PCAP_ERRBUF_SIZE,
872 "ioctl: %s", pcap_strerror(errno));
873 return -1;
874 }
875
876 return ifr.ifr_mtu;
877 }
878
879 /*
880 * Get the hardware type of the given interface as ARPHRD_xxx constant.
881 */
882 static int
883 iface_get_arptype(int fd, const char *device, char *ebuf)
884 {
885 struct ifreq ifr;
886
887 memset(&ifr, 0, sizeof(ifr));
888 strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
889
890 if (ioctl(fd, SIOCGIFHWADDR, &ifr) == -1) {
891 snprintf(ebuf, PCAP_ERRBUF_SIZE,
892 "ioctl: %s", pcap_strerror(errno));
893 return -1;
894 }
895
896 return ifr.ifr_hwaddr.sa_family;
897 }
[mirror] the LIBpcap interface to various kernel packet capture mechanism