1 /* 2 * Copyright (c) 1999 - 2005 NetGroup, Politecnico di Torino (Italy) 3 * Copyright (c) 2005 - 2010 CACE Technologies, Davis (California) 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 16 * nor the names of its contributors may be used to endorse or promote 17 * products derived from this software without specific prior written 18 * permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 */ 33 34 #define PCAP_DONT_INCLUDE_PCAP_BPF_H 35 #include <Packet32.h> 36 #include <pcap-int.h> 37 #include <pcap/dlt.h> 38 #ifdef __MINGW32__ 39 #ifdef __MINGW64__ 40 #include <ntddndis.h> 41 #else /*__MINGW64__*/ 42 #include <ddk/ntddndis.h> 43 #include <ddk/ndis.h> 44 #endif /*__MINGW64__*/ 45 #else /*__MINGW32__*/ 46 #include <ntddndis.h> 47 #endif /*__MINGW32__*/ 48 #ifdef HAVE_DAG_API 49 #include <dagnew.h> 50 #include <dagapi.h> 51 #endif /* HAVE_DAG_API */ 52 #ifdef __MINGW32__ 53 int* _errno(); 54 #define errno (*_errno()) 55 #endif /* __MINGW32__ */ 56 #ifdef HAVE_REMOTE 57 #include "pcap-rpcap.h" 58 #endif /* HAVE_REMOTE */ 59 60 static int pcap_setfilter_win32_npf(pcap_t *, struct bpf_program *); 61 static int pcap_setfilter_win32_dag(pcap_t *, struct bpf_program *); 62 static int pcap_getnonblock_win32(pcap_t *, char *); 63 static int pcap_setnonblock_win32(pcap_t *, int, char *); 64 65 /*dimension of the buffer in the pcap_t structure*/ 66 #define WIN32_DEFAULT_USER_BUFFER_SIZE 256000 67 68 /*dimension of the buffer in the kernel driver NPF */ 69 #define WIN32_DEFAULT_KERNEL_BUFFER_SIZE 1000000 70 71 /* Equivalent to ntohs(), but a lot faster under Windows */ 72 #define SWAPS(_X) ((_X & 0xff) << 8) | (_X >> 8) 73 74 /* 75 * Private data for capturing on WinPcap devices. 76 */ 77 struct pcap_win { 78 int nonblock; 79 int rfmon_selfstart; /* a flag tells whether the monitor mode is set by itself */ 80 int filtering_in_kernel; /* using kernel filter */ 81 82 #ifdef HAVE_DAG_API 83 int dag_fcs_bits; /* Number of checksum bits from link layer */ 84 #endif 85 }; 86 87 BOOL WINAPI DllMain( 88 HANDLE hinstDLL, 89 DWORD dwReason, 90 LPVOID lpvReserved 91 ) 92 { 93 return (TRUE); 94 } 95 96 /* 97 * Define stub versions of the monitor-mode support routines if this 98 * isn't Npcap. HAVE_NPCAP_PACKET_API is defined by Npcap but not 99 * WinPcap. 100 */ 101 #ifndef HAVE_NPCAP_PACKET_API 102 static int 103 PacketIsMonitorModeSupported(PCHAR AdapterName _U_) 104 { 105 /* 106 * We don't support monitor mode. 107 */ 108 return (0); 109 } 110 111 static int 112 PacketSetMonitorMode(PCHAR AdapterName _U_, int mode _U_) 113 { 114 /* 115 * This should never be called, as PacketIsMonitorModeSupported() 116 * will return 0, meaning "we don't support monitor mode, so 117 * don't try to turn it on or off". 118 */ 119 return (0); 120 } 121 122 static int 123 PacketGetMonitorMode(PCHAR AdapterName _U_) 124 { 125 /* 126 * This should fail, so that pcap_activate_win32() returns 127 * PCAP_ERROR_RFMON_NOTSUP if our caller requested monitor 128 * mode. 129 */ 130 return (-1); 131 } 132 #endif 133 134 /* Start winsock */ 135 int 136 wsockinit(void) 137 { 138 WORD wVersionRequested; 139 WSADATA wsaData; 140 static int err = -1; 141 static int done = 0; 142 143 if (done) 144 return (err); 145 146 wVersionRequested = MAKEWORD( 1, 1); 147 err = WSAStartup( wVersionRequested, &wsaData ); 148 atexit ((void(*)(void))WSACleanup); 149 done = 1; 150 151 if ( err != 0 ) 152 err = -1; 153 return (err); 154 } 155 156 int 157 pcap_wsockinit(void) 158 { 159 return (wsockinit()); 160 } 161 162 static int 163 pcap_stats_win32(pcap_t *p, struct pcap_stat *ps) 164 { 165 struct bpf_stat bstats; 166 char errbuf[PCAP_ERRBUF_SIZE+1]; 167 168 /* 169 * Try to get statistics. 170 * 171 * (Please note - "struct pcap_stat" is *not* the same as 172 * WinPcap's "struct bpf_stat". It might currently have the 173 * same layout, but let's not cheat. 174 * 175 * Note also that we don't fill in ps_capt, as we might have 176 * been called by code compiled against an earlier version of 177 * WinPcap that didn't have ps_capt, in which case filling it 178 * in would stomp on whatever comes after the structure passed 179 * to us. 180 */ 181 if (!PacketGetStats(p->adapter, &bstats)) { 182 pcap_win32_err_to_str(GetLastError(), errbuf); 183 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 184 "PacketGetStats error: %s", errbuf); 185 return (-1); 186 } 187 ps->ps_recv = bstats.bs_recv; 188 ps->ps_drop = bstats.bs_drop; 189 190 /* 191 * XXX - PacketGetStats() doesn't fill this in, so we just 192 * return 0. 193 */ 194 #if 0 195 ps->ps_ifdrop = bstats.ps_ifdrop; 196 #else 197 ps->ps_ifdrop = 0; 198 #endif 199 200 return (0); 201 } 202 203 /* 204 * Win32-only routine for getting statistics. 205 * 206 * This way is definitely safer than passing the pcap_stat * from the userland. 207 * In fact, there could happen than the user allocates a variable which is not 208 * big enough for the new structure, and the library will write in a zone 209 * which is not allocated to this variable. 210 * 211 * In this way, we're pretty sure we are writing on memory allocated to this 212 * variable. 213 * 214 * XXX - but this is the wrong way to handle statistics. Instead, we should 215 * have an API that returns data in a form like the Options section of a 216 * pcapng Interface Statistics Block: 217 * 218 * http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.6 219 * 220 * which would let us add new statistics straightforwardly and indicate which 221 * statistics we are and are *not* providing, rather than having to provide 222 * possibly-bogus values for statistics we can't provide. 223 */ 224 struct pcap_stat * 225 pcap_stats_ex_win32(pcap_t *p, int *pcap_stat_size) 226 { 227 struct bpf_stat bstats; 228 char errbuf[PCAP_ERRBUF_SIZE+1]; 229 230 *pcap_stat_size = sizeof (p->stat); 231 232 /* 233 * Try to get statistics. 234 * 235 * (Please note - "struct pcap_stat" is *not* the same as 236 * WinPcap's "struct bpf_stat". It might currently have the 237 * same layout, but let's not cheat.) 238 */ 239 if (!PacketGetStatsEx(p->adapter, &bstats)) { 240 pcap_win32_err_to_str(GetLastError(), errbuf); 241 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 242 "PacketGetStatsEx error: %s", errbuf); 243 return (NULL); 244 } 245 p->stat.ps_recv = bstats.bs_recv; 246 p->stat.ps_drop = bstats.bs_drop; 247 p->stat.ps_ifdrop = bstats.ps_ifdrop; 248 #ifdef HAVE_REMOTE 249 p->stat.ps_capt = bstats.bs_capt; 250 #endif 251 return (&p->stat); 252 } 253 254 /* Set the dimension of the kernel-level capture buffer */ 255 static int 256 pcap_setbuff_win32(pcap_t *p, int dim) 257 { 258 if(PacketSetBuff(p->adapter,dim)==FALSE) 259 { 260 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to allocate the kernel buffer"); 261 return (-1); 262 } 263 return (0); 264 } 265 266 /* Set the driver working mode */ 267 static int 268 pcap_setmode_win32(pcap_t *p, int mode) 269 { 270 if(PacketSetMode(p->adapter,mode)==FALSE) 271 { 272 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: working mode not recognized"); 273 return (-1); 274 } 275 276 return (0); 277 } 278 279 /*set the minimum amount of data that will release a read call*/ 280 static int 281 pcap_setmintocopy_win32(pcap_t *p, int size) 282 { 283 if(PacketSetMinToCopy(p->adapter, size)==FALSE) 284 { 285 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: unable to set the requested mintocopy size"); 286 return (-1); 287 } 288 return (0); 289 } 290 291 static HANDLE 292 pcap_getevent_win32(pcap_t *p) 293 { 294 return (PacketGetReadEvent(p->adapter)); 295 } 296 297 static int 298 pcap_oid_get_request_win32(pcap_t *p, bpf_u_int32 oid, void *data, size_t *lenp) 299 { 300 PACKET_OID_DATA *oid_data_arg; 301 char errbuf[PCAP_ERRBUF_SIZE+1]; 302 303 /* 304 * Allocate a PACKET_OID_DATA structure to hand to PacketRequest(). 305 * It should be big enough to hold "*lenp" bytes of data; it 306 * will actually be slightly larger, as PACKET_OID_DATA has a 307 * 1-byte data array at the end, standing in for the variable-length 308 * data that's actually there. 309 */ 310 oid_data_arg = malloc(sizeof (PACKET_OID_DATA) + *lenp); 311 if (oid_data_arg == NULL) { 312 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 313 "Couldn't allocate argument buffer for PacketRequest"); 314 return (PCAP_ERROR); 315 } 316 317 /* 318 * No need to copy the data - we're doing a fetch. 319 */ 320 oid_data_arg->Oid = oid; 321 oid_data_arg->Length = (ULONG)(*lenp); /* XXX - check for ridiculously large value? */ 322 if (!PacketRequest(p->adapter, FALSE, oid_data_arg)) { 323 pcap_win32_err_to_str(GetLastError(), errbuf); 324 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 325 "Error calling PacketRequest: %s", errbuf); 326 free(oid_data_arg); 327 return (PCAP_ERROR); 328 } 329 330 /* 331 * Get the length actually supplied. 332 */ 333 *lenp = oid_data_arg->Length; 334 335 /* 336 * Copy back the data we fetched. 337 */ 338 memcpy(data, oid_data_arg->Data, *lenp); 339 free(oid_data_arg); 340 return (0); 341 } 342 343 static int 344 pcap_oid_set_request_win32(pcap_t *p, bpf_u_int32 oid, const void *data, 345 size_t *lenp) 346 { 347 PACKET_OID_DATA *oid_data_arg; 348 char errbuf[PCAP_ERRBUF_SIZE+1]; 349 350 /* 351 * Allocate a PACKET_OID_DATA structure to hand to PacketRequest(). 352 * It should be big enough to hold "*lenp" bytes of data; it 353 * will actually be slightly larger, as PACKET_OID_DATA has a 354 * 1-byte data array at the end, standing in for the variable-length 355 * data that's actually there. 356 */ 357 oid_data_arg = malloc(sizeof (PACKET_OID_DATA) + *lenp); 358 if (oid_data_arg == NULL) { 359 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 360 "Couldn't allocate argument buffer for PacketRequest"); 361 return (PCAP_ERROR); 362 } 363 364 oid_data_arg->Oid = oid; 365 oid_data_arg->Length = (ULONG)(*lenp); /* XXX - check for ridiculously large value? */ 366 memcpy(oid_data_arg->Data, data, *lenp); 367 if (!PacketRequest(p->adapter, TRUE, oid_data_arg)) { 368 pcap_win32_err_to_str(GetLastError(), errbuf); 369 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 370 "Error calling PacketRequest: %s", errbuf); 371 free(oid_data_arg); 372 return (PCAP_ERROR); 373 } 374 375 /* 376 * Get the length actually copied. 377 */ 378 *lenp = oid_data_arg->Length; 379 380 /* 381 * No need to copy the data - we're doing a set. 382 */ 383 free(oid_data_arg); 384 return (0); 385 } 386 387 static u_int 388 pcap_sendqueue_transmit_win32(pcap_t *p, pcap_send_queue *queue, int sync) 389 { 390 u_int res; 391 char errbuf[PCAP_ERRBUF_SIZE+1]; 392 393 if (p->adapter==NULL) { 394 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 395 "Cannot transmit a queue to an offline capture or to a TurboCap port"); 396 return (0); 397 } 398 399 res = PacketSendPackets(p->adapter, 400 queue->buffer, 401 queue->len, 402 (BOOLEAN)sync); 403 404 if(res != queue->len){ 405 pcap_win32_err_to_str(GetLastError(), errbuf); 406 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 407 "Error opening adapter: %s", errbuf); 408 } 409 410 return (res); 411 } 412 413 static int 414 pcap_setuserbuffer_win32(pcap_t *p, int size) 415 { 416 unsigned char *new_buff; 417 418 if (size<=0) { 419 /* Bogus parameter */ 420 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 421 "Error: invalid size %d",size); 422 return (-1); 423 } 424 425 /* Allocate the buffer */ 426 new_buff=(unsigned char*)malloc(sizeof(char)*size); 427 428 if (!new_buff) { 429 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 430 "Error: not enough memory"); 431 return (-1); 432 } 433 434 free(p->buffer); 435 436 p->buffer=new_buff; 437 p->bufsize=size; 438 439 return (0); 440 } 441 442 static int 443 pcap_live_dump_win32(pcap_t *p, char *filename, int maxsize, int maxpacks) 444 { 445 BOOLEAN res; 446 447 /* Set the packet driver in dump mode */ 448 res = PacketSetMode(p->adapter, PACKET_MODE_DUMP); 449 if(res == FALSE){ 450 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 451 "Error setting dump mode"); 452 return (-1); 453 } 454 455 /* Set the name of the dump file */ 456 res = PacketSetDumpName(p->adapter, filename, (int)strlen(filename)); 457 if(res == FALSE){ 458 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 459 "Error setting kernel dump file name"); 460 return (-1); 461 } 462 463 /* Set the limits of the dump file */ 464 res = PacketSetDumpLimits(p->adapter, maxsize, maxpacks); 465 466 return (0); 467 } 468 469 static int 470 pcap_live_dump_ended_win32(pcap_t *p, int sync) 471 { 472 return (PacketIsDumpEnded(p->adapter, (BOOLEAN)sync)); 473 } 474 475 static PAirpcapHandle 476 pcap_get_airpcap_handle_win32(pcap_t *p) 477 { 478 #ifdef HAVE_AIRPCAP_API 479 return (PacketGetAirPcapHandle(p->adapter)); 480 #else 481 return (NULL); 482 #endif /* HAVE_AIRPCAP_API */ 483 } 484 485 static int 486 pcap_read_win32_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 487 { 488 PACKET Packet; 489 int cc; 490 int n = 0; 491 register u_char *bp, *ep; 492 u_char *datap; 493 struct pcap_win *pw = p->priv; 494 495 cc = p->cc; 496 if (p->cc == 0) { 497 /* 498 * Has "pcap_breakloop()" been called? 499 */ 500 if (p->break_loop) { 501 /* 502 * Yes - clear the flag that indicates that it 503 * has, and return PCAP_ERROR_BREAK to indicate 504 * that we were told to break out of the loop. 505 */ 506 p->break_loop = 0; 507 return (PCAP_ERROR_BREAK); 508 } 509 510 /* 511 * Capture the packets. 512 * 513 * The PACKET structure had a bunch of extra stuff for 514 * Windows 9x/Me, but the only interesting data in it 515 * in the versions of Windows that we support is just 516 * a copy of p->buffer, a copy of p->buflen, and the 517 * actual number of bytes read returned from 518 * PacketReceivePacket(), none of which has to be 519 * retained from call to call, so we just keep one on 520 * the stack. 521 */ 522 PacketInitPacket(&Packet, (BYTE *)p->buffer, p->bufsize); 523 if (!PacketReceivePacket(p->adapter, &Packet, TRUE)) { 524 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error: PacketReceivePacket failed"); 525 return (PCAP_ERROR); 526 } 527 528 cc = Packet.ulBytesReceived; 529 530 bp = p->buffer; 531 } 532 else 533 bp = p->bp; 534 535 /* 536 * Loop through each packet. 537 */ 538 #define bhp ((struct bpf_hdr *)bp) 539 ep = bp + cc; 540 while (1) { 541 register int caplen, hdrlen; 542 543 /* 544 * Has "pcap_breakloop()" been called? 545 * If so, return immediately - if we haven't read any 546 * packets, clear the flag and return PCAP_ERROR_BREAK 547 * to indicate that we were told to break out of the loop, 548 * otherwise leave the flag set, so that the *next* call 549 * will break out of the loop without having read any 550 * packets, and return the number of packets we've 551 * processed so far. 552 */ 553 if (p->break_loop) { 554 if (n == 0) { 555 p->break_loop = 0; 556 return (PCAP_ERROR_BREAK); 557 } else { 558 p->bp = bp; 559 p->cc = (int) (ep - bp); 560 return (n); 561 } 562 } 563 if (bp >= ep) 564 break; 565 566 caplen = bhp->bh_caplen; 567 hdrlen = bhp->bh_hdrlen; 568 datap = bp + hdrlen; 569 570 /* 571 * Short-circuit evaluation: if using BPF filter 572 * in kernel, no need to do it now - we already know 573 * the packet passed the filter. 574 * 575 * XXX - bpf_filter() should always return TRUE if 576 * handed a null pointer for the program, but it might 577 * just try to "run" the filter, so we check here. 578 */ 579 if (pw->filtering_in_kernel || 580 p->fcode.bf_insns == NULL || 581 bpf_filter(p->fcode.bf_insns, datap, bhp->bh_datalen, caplen)) { 582 /* 583 * XXX A bpf_hdr matches a pcap_pkthdr. 584 */ 585 (*callback)(user, (struct pcap_pkthdr*)bp, datap); 586 bp += Packet_WORDALIGN(caplen + hdrlen); 587 if (++n >= cnt && !PACKET_COUNT_IS_UNLIMITED(cnt)) { 588 p->bp = bp; 589 p->cc = (int) (ep - bp); 590 return (n); 591 } 592 } else { 593 /* 594 * Skip this packet. 595 */ 596 bp += Packet_WORDALIGN(caplen + hdrlen); 597 } 598 } 599 #undef bhp 600 p->cc = 0; 601 return (n); 602 } 603 604 #ifdef HAVE_DAG_API 605 static int 606 pcap_read_win32_dag(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 607 { 608 struct pcap_win *pw = p->priv; 609 PACKET Packet; 610 u_char *dp = NULL; 611 int packet_len = 0, caplen = 0; 612 struct pcap_pkthdr pcap_header; 613 u_char *endofbuf; 614 int n = 0; 615 dag_record_t *header; 616 unsigned erf_record_len; 617 ULONGLONG ts; 618 int cc; 619 unsigned swt; 620 unsigned dfp = p->adapter->DagFastProcess; 621 622 cc = p->cc; 623 if (cc == 0) /* Get new packets only if we have processed all the ones of the previous read */ 624 { 625 /* 626 * Get new packets from the network. 627 * 628 * The PACKET structure had a bunch of extra stuff for 629 * Windows 9x/Me, but the only interesting data in it 630 * in the versions of Windows that we support is just 631 * a copy of p->buffer, a copy of p->buflen, and the 632 * actual number of bytes read returned from 633 * PacketReceivePacket(), none of which has to be 634 * retained from call to call, so we just keep one on 635 * the stack. 636 */ 637 PacketInitPacket(&Packet, (BYTE *)p->buffer, p->bufsize); 638 if (!PacketReceivePacket(p->adapter, &Packet, TRUE)) { 639 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read error: PacketReceivePacket failed"); 640 return (-1); 641 } 642 643 cc = Packet.ulBytesReceived; 644 if(cc == 0) 645 /* The timeout has expired but we no packets arrived */ 646 return (0); 647 header = (dag_record_t*)p->adapter->DagBuffer; 648 } 649 else 650 header = (dag_record_t*)p->bp; 651 652 endofbuf = (char*)header + cc; 653 654 /* 655 * Cycle through the packets 656 */ 657 do 658 { 659 erf_record_len = SWAPS(header->rlen); 660 if((char*)header + erf_record_len > endofbuf) 661 break; 662 663 /* Increase the number of captured packets */ 664 p->stat.ps_recv++; 665 666 /* Find the beginning of the packet */ 667 dp = ((u_char *)header) + dag_record_size; 668 669 /* Determine actual packet len */ 670 switch(header->type) 671 { 672 case TYPE_ATM: 673 packet_len = ATM_SNAPLEN; 674 caplen = ATM_SNAPLEN; 675 dp += 4; 676 677 break; 678 679 case TYPE_ETH: 680 swt = SWAPS(header->wlen); 681 packet_len = swt - (pw->dag_fcs_bits); 682 caplen = erf_record_len - dag_record_size - 2; 683 if (caplen > packet_len) 684 { 685 caplen = packet_len; 686 } 687 dp += 2; 688 689 break; 690 691 case TYPE_HDLC_POS: 692 swt = SWAPS(header->wlen); 693 packet_len = swt - (pw->dag_fcs_bits); 694 caplen = erf_record_len - dag_record_size; 695 if (caplen > packet_len) 696 { 697 caplen = packet_len; 698 } 699 700 break; 701 } 702 703 if(caplen > p->snapshot) 704 caplen = p->snapshot; 705 706 /* 707 * Has "pcap_breakloop()" been called? 708 * If so, return immediately - if we haven't read any 709 * packets, clear the flag and return -2 to indicate 710 * that we were told to break out of the loop, otherwise 711 * leave the flag set, so that the *next* call will break 712 * out of the loop without having read any packets, and 713 * return the number of packets we've processed so far. 714 */ 715 if (p->break_loop) 716 { 717 if (n == 0) 718 { 719 p->break_loop = 0; 720 return (-2); 721 } 722 else 723 { 724 p->bp = (char*)header; 725 p->cc = endofbuf - (char*)header; 726 return (n); 727 } 728 } 729 730 if(!dfp) 731 { 732 /* convert between timestamp formats */ 733 ts = header->ts; 734 pcap_header.ts.tv_sec = (int)(ts >> 32); 735 ts = (ts & 0xffffffffi64) * 1000000; 736 ts += 0x80000000; /* rounding */ 737 pcap_header.ts.tv_usec = (int)(ts >> 32); 738 if (pcap_header.ts.tv_usec >= 1000000) { 739 pcap_header.ts.tv_usec -= 1000000; 740 pcap_header.ts.tv_sec++; 741 } 742 } 743 744 /* No underlaying filtering system. We need to filter on our own */ 745 if (p->fcode.bf_insns) 746 { 747 if (bpf_filter(p->fcode.bf_insns, dp, packet_len, caplen) == 0) 748 { 749 /* Move to next packet */ 750 header = (dag_record_t*)((char*)header + erf_record_len); 751 continue; 752 } 753 } 754 755 /* Fill the header for the user suppplied callback function */ 756 pcap_header.caplen = caplen; 757 pcap_header.len = packet_len; 758 759 /* Call the callback function */ 760 (*callback)(user, &pcap_header, dp); 761 762 /* Move to next packet */ 763 header = (dag_record_t*)((char*)header + erf_record_len); 764 765 /* Stop if the number of packets requested by user has been reached*/ 766 if (++n >= cnt && !PACKET_COUNT_IS_UNLIMITED(cnt)) 767 { 768 p->bp = (char*)header; 769 p->cc = endofbuf - (char*)header; 770 return (n); 771 } 772 } 773 while((u_char*)header < endofbuf); 774 775 return (1); 776 } 777 #endif /* HAVE_DAG_API */ 778 779 /* Send a packet to the network */ 780 static int 781 pcap_inject_win32(pcap_t *p, const void *buf, size_t size){ 782 LPPACKET PacketToSend; 783 784 PacketToSend=PacketAllocatePacket(); 785 786 if (PacketToSend == NULL) 787 { 788 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: PacketAllocatePacket failed"); 789 return (-1); 790 } 791 792 PacketInitPacket(PacketToSend, (PVOID)buf, (UINT)size); 793 if(PacketSendPacket(p->adapter,PacketToSend,TRUE) == FALSE){ 794 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send error: PacketSendPacket failed"); 795 PacketFreePacket(PacketToSend); 796 return (-1); 797 } 798 799 PacketFreePacket(PacketToSend); 800 801 /* 802 * We assume it all got sent if "PacketSendPacket()" succeeded. 803 * "pcap_inject()" is expected to return the number of bytes 804 * sent. 805 */ 806 return ((int)size); 807 } 808 809 static void 810 pcap_cleanup_win32(pcap_t *p) 811 { 812 struct pcap_win *pw = p->priv; 813 if (p->adapter != NULL) { 814 PacketCloseAdapter(p->adapter); 815 p->adapter = NULL; 816 } 817 if (pw->rfmon_selfstart) 818 { 819 PacketSetMonitorMode(p->opt.device, 0); 820 } 821 pcap_cleanup_live_common(p); 822 } 823 824 static int 825 pcap_activate_win32(pcap_t *p) 826 { 827 struct pcap_win *pw = p->priv; 828 NetType type; 829 int res; 830 char errbuf[PCAP_ERRBUF_SIZE+1]; 831 832 #ifdef HAVE_REMOTE 833 char host[PCAP_BUF_SIZE + 1]; 834 char port[PCAP_BUF_SIZE + 1]; 835 char name[PCAP_BUF_SIZE + 1]; 836 int srctype; 837 int opensource_remote_result; 838 839 struct pcap_md *md; /* structure used when doing a remote live capture */ 840 md = (struct pcap_md *) ((u_char*)p->priv + sizeof(struct pcap_win)); 841 842 /* 843 Retrofit; we have to make older applications compatible with the remote capture 844 So, we're calling the pcap_open_remote() from here, that is a very dirty thing. 845 Obviously, we cannot exploit all the new features; for instance, we cannot 846 send authentication, we cannot use a UDP data connection, and so on. 847 */ 848 if (pcap_parsesrcstr(p->opt.device, &srctype, host, port, name, p->errbuf)) 849 return PCAP_ERROR; 850 851 if (srctype == PCAP_SRC_IFREMOTE) 852 { 853 opensource_remote_result = pcap_opensource_remote(p, NULL); 854 855 if (opensource_remote_result != 0) 856 return opensource_remote_result; 857 858 md->rmt_flags = (p->opt.promisc) ? PCAP_OPENFLAG_PROMISCUOUS : 0; 859 860 return 0; 861 } 862 863 if (srctype == PCAP_SRC_IFLOCAL) 864 { 865 /* 866 * If it starts with rpcap://, cut down the string 867 */ 868 if (strncmp(p->opt.device, PCAP_SRC_IF_STRING, strlen(PCAP_SRC_IF_STRING)) == 0) 869 { 870 size_t len = strlen(p->opt.device) - strlen(PCAP_SRC_IF_STRING) + 1; 871 char *new_string; 872 /* 873 * allocate a new string and free the old one 874 */ 875 if (len > 0) 876 { 877 new_string = (char*)malloc(len); 878 if (new_string != NULL) 879 { 880 char *tmp; 881 strcpy_s(new_string, len, p->opt.device + strlen(PCAP_SRC_IF_STRING)); 882 tmp = p->opt.device; 883 p->opt.device = new_string; 884 free(tmp); 885 } 886 } 887 } 888 } 889 890 #endif /* HAVE_REMOTE */ 891 892 if (p->opt.rfmon) { 893 /* 894 * Monitor mode is supported on Windows Vista and later. 895 */ 896 if (PacketGetMonitorMode(p->opt.device) == 1) 897 { 898 pw->rfmon_selfstart = 0; 899 } 900 else 901 { 902 if ((res = PacketSetMonitorMode(p->opt.device, 1)) != 1) 903 { 904 pw->rfmon_selfstart = 0; 905 // Monitor mode is not supported. 906 if (res == 0) 907 { 908 return PCAP_ERROR_RFMON_NOTSUP; 909 } 910 else 911 { 912 return PCAP_ERROR; 913 } 914 } 915 else 916 { 917 pw->rfmon_selfstart = 1; 918 } 919 } 920 } 921 922 /* Init WinSock */ 923 wsockinit(); 924 925 p->adapter = PacketOpenAdapter(p->opt.device); 926 927 if (p->adapter == NULL) 928 { 929 /* Adapter detected but we are not able to open it. Return failure. */ 930 pcap_win32_err_to_str(GetLastError(), errbuf); 931 if (pw->rfmon_selfstart) 932 { 933 PacketSetMonitorMode(p->opt.device, 0); 934 } 935 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 936 "Error opening adapter: %s", errbuf); 937 return (PCAP_ERROR); 938 } 939 940 /*get network type*/ 941 if(PacketGetNetType (p->adapter,&type) == FALSE) 942 { 943 pcap_win32_err_to_str(GetLastError(), errbuf); 944 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 945 "Cannot determine the network type: %s", errbuf); 946 goto bad; 947 } 948 949 /*Set the linktype*/ 950 switch (type.LinkType) 951 { 952 case NdisMediumWan: 953 p->linktype = DLT_EN10MB; 954 break; 955 956 case NdisMedium802_3: 957 p->linktype = DLT_EN10MB; 958 /* 959 * This is (presumably) a real Ethernet capture; give it a 960 * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so 961 * that an application can let you choose it, in case you're 962 * capturing DOCSIS traffic that a Cisco Cable Modem 963 * Termination System is putting out onto an Ethernet (it 964 * doesn't put an Ethernet header onto the wire, it puts raw 965 * DOCSIS frames out on the wire inside the low-level 966 * Ethernet framing). 967 */ 968 p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2); 969 /* 970 * If that fails, just leave the list empty. 971 */ 972 if (p->dlt_list != NULL) { 973 p->dlt_list[0] = DLT_EN10MB; 974 p->dlt_list[1] = DLT_DOCSIS; 975 p->dlt_count = 2; 976 } 977 break; 978 979 case NdisMediumFddi: 980 p->linktype = DLT_FDDI; 981 break; 982 983 case NdisMedium802_5: 984 p->linktype = DLT_IEEE802; 985 break; 986 987 case NdisMediumArcnetRaw: 988 p->linktype = DLT_ARCNET; 989 break; 990 991 case NdisMediumArcnet878_2: 992 p->linktype = DLT_ARCNET; 993 break; 994 995 case NdisMediumAtm: 996 p->linktype = DLT_ATM_RFC1483; 997 break; 998 999 case NdisMediumCHDLC: 1000 p->linktype = DLT_CHDLC; 1001 break; 1002 1003 case NdisMediumPPPSerial: 1004 p->linktype = DLT_PPP_SERIAL; 1005 break; 1006 1007 case NdisMediumNull: 1008 p->linktype = DLT_NULL; 1009 break; 1010 1011 case NdisMediumBare80211: 1012 p->linktype = DLT_IEEE802_11; 1013 break; 1014 1015 case NdisMediumRadio80211: 1016 p->linktype = DLT_IEEE802_11_RADIO; 1017 break; 1018 1019 case NdisMediumPpi: 1020 p->linktype = DLT_PPI; 1021 break; 1022 1023 default: 1024 p->linktype = DLT_EN10MB; /*an unknown adapter is assumed to be ethernet*/ 1025 break; 1026 } 1027 1028 /* Set promiscuous mode */ 1029 if (p->opt.promisc) 1030 { 1031 1032 if (PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_PROMISCUOUS) == FALSE) 1033 { 1034 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "failed to set hardware filter to promiscuous mode"); 1035 goto bad; 1036 } 1037 } 1038 else 1039 { 1040 if (PacketSetHwFilter(p->adapter,NDIS_PACKET_TYPE_ALL_LOCAL) == FALSE) 1041 { 1042 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "failed to set hardware filter to non-promiscuous mode"); 1043 goto bad; 1044 } 1045 } 1046 1047 /* Set the buffer size */ 1048 p->bufsize = WIN32_DEFAULT_USER_BUFFER_SIZE; 1049 1050 if(!(p->adapter->Flags & INFO_FLAG_DAG_CARD)) 1051 { 1052 /* 1053 * Traditional Adapter 1054 */ 1055 /* 1056 * If the buffer size wasn't explicitly set, default to 1057 * WIN32_DEFAULT_KERNEL_BUFFER_SIZE. 1058 */ 1059 if (p->opt.buffer_size == 0) 1060 p->opt.buffer_size = WIN32_DEFAULT_KERNEL_BUFFER_SIZE; 1061 1062 if(PacketSetBuff(p->adapter,p->opt.buffer_size)==FALSE) 1063 { 1064 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory to allocate the kernel buffer"); 1065 goto bad; 1066 } 1067 1068 p->buffer = malloc(p->bufsize); 1069 if (p->buffer == NULL) 1070 { 1071 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "malloc: %s", pcap_strerror(errno)); 1072 goto bad; 1073 } 1074 1075 if (p->opt.immediate) 1076 { 1077 /* tell the driver to copy the buffer as soon as data arrives */ 1078 if(PacketSetMinToCopy(p->adapter,0)==FALSE) 1079 { 1080 pcap_win32_err_to_str(GetLastError(), errbuf); 1081 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1082 "Error calling PacketSetMinToCopy: %s", 1083 errbuf); 1084 goto bad; 1085 } 1086 } 1087 else 1088 { 1089 /* tell the driver to copy the buffer only if it contains at least 16K */ 1090 if(PacketSetMinToCopy(p->adapter,16000)==FALSE) 1091 { 1092 pcap_win32_err_to_str(GetLastError(), errbuf); 1093 pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 1094 "Error calling PacketSetMinToCopy: %s", 1095 errbuf); 1096 goto bad; 1097 } 1098 } 1099 } 1100 else 1101 #ifdef HAVE_DAG_API 1102 { 1103 /* 1104 * Dag Card 1105 */ 1106 LONG status; 1107 HKEY dagkey; 1108 DWORD lptype; 1109 DWORD lpcbdata; 1110 int postype = 0; 1111 char keyname[512]; 1112 1113 pcap_snprintf(keyname, sizeof(keyname), "%s\\CardParams\\%s", 1114 "SYSTEM\\CurrentControlSet\\Services\\DAG", 1115 strstr(_strlwr(p->opt.device), "dag")); 1116 do 1117 { 1118 status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_READ, &dagkey); 1119 if(status != ERROR_SUCCESS) 1120 break; 1121 1122 status = RegQueryValueEx(dagkey, 1123 "PosType", 1124 NULL, 1125 &lptype, 1126 (char*)&postype, 1127 &lpcbdata); 1128 1129 if(status != ERROR_SUCCESS) 1130 { 1131 postype = 0; 1132 } 1133 1134 RegCloseKey(dagkey); 1135 } 1136 while(FALSE); 1137 1138 1139 p->snapshot = PacketSetSnapLen(p->adapter, snaplen); 1140 1141 /* Set the length of the FCS associated to any packet. This value 1142 * will be subtracted to the packet length */ 1143 pw->dag_fcs_bits = p->adapter->DagFcsLen; 1144 } 1145 #else 1146 goto bad; 1147 #endif /* HAVE_DAG_API */ 1148 1149 PacketSetReadTimeout(p->adapter, p->opt.timeout); 1150 1151 #ifdef HAVE_DAG_API 1152 if(p->adapter->Flags & INFO_FLAG_DAG_CARD) 1153 { 1154 /* install dag specific handlers for read and setfilter */ 1155 p->read_op = pcap_read_win32_dag; 1156 p->setfilter_op = pcap_setfilter_win32_dag; 1157 } 1158 else 1159 { 1160 #endif /* HAVE_DAG_API */ 1161 /* install traditional npf handlers for read and setfilter */ 1162 p->read_op = pcap_read_win32_npf; 1163 p->setfilter_op = pcap_setfilter_win32_npf; 1164 #ifdef HAVE_DAG_API 1165 } 1166 #endif /* HAVE_DAG_API */ 1167 p->setdirection_op = NULL; /* Not implemented. */ 1168 /* XXX - can this be implemented on some versions of Windows? */ 1169 p->inject_op = pcap_inject_win32; 1170 p->set_datalink_op = NULL; /* can't change data link type */ 1171 p->getnonblock_op = pcap_getnonblock_win32; 1172 p->setnonblock_op = pcap_setnonblock_win32; 1173 p->stats_op = pcap_stats_win32; 1174 p->stats_ex_op = pcap_stats_ex_win32; 1175 p->setbuff_op = pcap_setbuff_win32; 1176 p->setmode_op = pcap_setmode_win32; 1177 p->setmintocopy_op = pcap_setmintocopy_win32; 1178 p->getevent_op = pcap_getevent_win32; 1179 p->oid_get_request_op = pcap_oid_get_request_win32; 1180 p->oid_set_request_op = pcap_oid_set_request_win32; 1181 p->sendqueue_transmit_op = pcap_sendqueue_transmit_win32; 1182 p->setuserbuffer_op = pcap_setuserbuffer_win32; 1183 p->live_dump_op = pcap_live_dump_win32; 1184 p->live_dump_ended_op = pcap_live_dump_ended_win32; 1185 p->get_airpcap_handle_op = pcap_get_airpcap_handle_win32; 1186 p->cleanup_op = pcap_cleanup_win32; 1187 1188 return (0); 1189 bad: 1190 pcap_cleanup_win32(p); 1191 return (PCAP_ERROR); 1192 } 1193 1194 /* 1195 * Check if rfmon mode is supported on the pcap_t for Windows systems. 1196 */ 1197 static int 1198 pcap_can_set_rfmon_win32(pcap_t *p) 1199 { 1200 return (PacketIsMonitorModeSupported(p->opt.device) == 1); 1201 } 1202 1203 pcap_t * 1204 pcap_create_interface(const char *device _U_, char *ebuf) 1205 { 1206 pcap_t *p; 1207 1208 #ifdef HAVE_REMOTE 1209 p = pcap_create_common(ebuf, sizeof(struct pcap_win) + sizeof(struct pcap_md)); 1210 #else 1211 p = pcap_create_common(ebuf, sizeof(struct pcap_win)); 1212 #endif /* HAVE_REMOTE */ 1213 if (p == NULL) 1214 return (NULL); 1215 1216 p->activate_op = pcap_activate_win32; 1217 p->can_set_rfmon_op = pcap_can_set_rfmon_win32; 1218 return (p); 1219 } 1220 1221 static int 1222 pcap_setfilter_win32_npf(pcap_t *p, struct bpf_program *fp) 1223 { 1224 struct pcap_win *pw = p->priv; 1225 1226 if(PacketSetBpf(p->adapter,fp)==FALSE){ 1227 /* 1228 * Kernel filter not installed. 1229 * 1230 * XXX - we don't know whether this failed because: 1231 * 1232 * the kernel rejected the filter program as invalid, 1233 * in which case we should fall back on userland 1234 * filtering; 1235 * 1236 * the kernel rejected the filter program as too big, 1237 * in which case we should again fall back on 1238 * userland filtering; 1239 * 1240 * there was some other problem, in which case we 1241 * should probably report an error. 1242 * 1243 * For NPF devices, the Win32 status will be 1244 * STATUS_INVALID_DEVICE_REQUEST for invalid 1245 * filters, but I don't know what it'd be for 1246 * other problems, and for some other devices 1247 * it might not be set at all. 1248 * 1249 * So we just fall back on userland filtering in 1250 * all cases. 1251 */ 1252 1253 /* 1254 * install_bpf_program() validates the program. 1255 * 1256 * XXX - what if we already have a filter in the kernel? 1257 */ 1258 if (install_bpf_program(p, fp) < 0) 1259 return (-1); 1260 pw->filtering_in_kernel = 0; /* filtering in userland */ 1261 return (0); 1262 } 1263 1264 /* 1265 * It worked. 1266 */ 1267 pw->filtering_in_kernel = 1; /* filtering in the kernel */ 1268 1269 /* 1270 * Discard any previously-received packets, as they might have 1271 * passed whatever filter was formerly in effect, but might 1272 * not pass this filter (BIOCSETF discards packets buffered 1273 * in the kernel, so you can lose packets in any case). 1274 */ 1275 p->cc = 0; 1276 return (0); 1277 } 1278 1279 /* 1280 * We filter at user level, since the kernel driver does't process the packets 1281 */ 1282 static int 1283 pcap_setfilter_win32_dag(pcap_t *p, struct bpf_program *fp) { 1284 1285 if(!fp) 1286 { 1287 strlcpy(p->errbuf, "setfilter: No filter specified", sizeof(p->errbuf)); 1288 return (-1); 1289 } 1290 1291 /* Install a user level filter */ 1292 if (install_bpf_program(p, fp) < 0) 1293 { 1294 pcap_snprintf(p->errbuf, sizeof(p->errbuf), 1295 "setfilter, unable to install the filter: %s", pcap_strerror(errno)); 1296 return (-1); 1297 } 1298 1299 return (0); 1300 } 1301 1302 static int 1303 pcap_getnonblock_win32(pcap_t *p, char *errbuf) 1304 { 1305 struct pcap_win *pw = p->priv; 1306 1307 /* 1308 * XXX - if there were a PacketGetReadTimeout() call, we 1309 * would use it, and return 1 if the timeout is -1 1310 * and 0 otherwise. 1311 */ 1312 return (pw->nonblock); 1313 } 1314 1315 static int 1316 pcap_setnonblock_win32(pcap_t *p, int nonblock, char *errbuf) 1317 { 1318 struct pcap_win *pw = p->priv; 1319 int newtimeout; 1320 char win_errbuf[PCAP_ERRBUF_SIZE+1]; 1321 1322 if (nonblock) { 1323 /* 1324 * Set the read timeout to -1 for non-blocking mode. 1325 */ 1326 newtimeout = -1; 1327 } else { 1328 /* 1329 * Restore the timeout set when the device was opened. 1330 * (Note that this may be -1, in which case we're not 1331 * really leaving non-blocking mode. However, although 1332 * the timeout argument to pcap_set_timeout() and 1333 * pcap_open_live() is an int, you're not supposed to 1334 * supply a negative value, so that "shouldn't happen".) 1335 */ 1336 newtimeout = p->opt.timeout; 1337 } 1338 if (!PacketSetReadTimeout(p->adapter, newtimeout)) { 1339 pcap_win32_err_to_str(GetLastError(), win_errbuf); 1340 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1341 "PacketSetReadTimeout: %s", win_errbuf); 1342 return (-1); 1343 } 1344 pw->nonblock = (newtimeout == -1); 1345 return (0); 1346 } 1347 1348 static int 1349 pcap_add_if_win32(pcap_if_t **devlist, char *name, bpf_u_int32 flags, 1350 const char *description, char *errbuf) 1351 { 1352 pcap_if_t *curdev; 1353 npf_if_addr if_addrs[MAX_NETWORK_ADDRESSES]; 1354 LONG if_addr_size; 1355 int res = 0; 1356 1357 if_addr_size = MAX_NETWORK_ADDRESSES; 1358 1359 /* 1360 * Add an entry for this interface, with no addresses. 1361 */ 1362 if (add_or_find_if(&curdev, devlist, name, flags, description, 1363 errbuf) == -1) { 1364 /* 1365 * Failure. 1366 */ 1367 return (-1); 1368 } 1369 1370 /* 1371 * Get the list of addresses for the interface. 1372 */ 1373 if (!PacketGetNetInfoEx((void *)name, if_addrs, &if_addr_size)) { 1374 /* 1375 * Failure. 1376 * 1377 * We don't return an error, because this can happen with 1378 * NdisWan interfaces, and we want to supply them even 1379 * if we can't supply their addresses. 1380 * 1381 * We return an entry with an empty address list. 1382 */ 1383 return (0); 1384 } 1385 1386 /* 1387 * Now add the addresses. 1388 */ 1389 while (if_addr_size-- > 0) { 1390 /* 1391 * "curdev" is an entry for this interface; add an entry for 1392 * this address to its list of addresses. 1393 */ 1394 if(curdev == NULL) 1395 break; 1396 res = add_addr_to_dev(curdev, 1397 (struct sockaddr *)&if_addrs[if_addr_size].IPAddress, 1398 sizeof (struct sockaddr_storage), 1399 (struct sockaddr *)&if_addrs[if_addr_size].SubnetMask, 1400 sizeof (struct sockaddr_storage), 1401 (struct sockaddr *)&if_addrs[if_addr_size].Broadcast, 1402 sizeof (struct sockaddr_storage), 1403 NULL, 1404 0, 1405 errbuf); 1406 if (res == -1) { 1407 /* 1408 * Failure. 1409 */ 1410 break; 1411 } 1412 } 1413 1414 return (res); 1415 } 1416 1417 int 1418 pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf) 1419 { 1420 pcap_if_t *devlist = NULL; 1421 int ret = 0; 1422 const char *desc; 1423 char *AdaptersName; 1424 ULONG NameLength; 1425 char *name; 1426 char our_errbuf[PCAP_ERRBUF_SIZE+1]; 1427 1428 /* 1429 * Find out how big a buffer we need. 1430 * 1431 * This call should always return FALSE; if the error is 1432 * ERROR_INSUFFICIENT_BUFFER, NameLength will be set to 1433 * the size of the buffer we need, otherwise there's a 1434 * problem, and NameLength should be set to 0. 1435 * 1436 * It shouldn't require NameLength to be set, but, 1437 * at least as of WinPcap 4.1.3, it checks whether 1438 * NameLength is big enough before it checks for a 1439 * NULL buffer argument, so, while it'll still do 1440 * the right thing if NameLength is uninitialized and 1441 * whatever junk happens to be there is big enough 1442 * (because the pointer argument will be null), it's 1443 * still reading an uninitialized variable. 1444 */ 1445 NameLength = 0; 1446 if (!PacketGetAdapterNames(NULL, &NameLength)) 1447 { 1448 DWORD last_error = GetLastError(); 1449 1450 if (last_error != ERROR_INSUFFICIENT_BUFFER) 1451 { 1452 pcap_win32_err_to_str(last_error, our_errbuf); 1453 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, 1454 "PacketGetAdapterNames: %s", our_errbuf); 1455 return (-1); 1456 } 1457 } 1458 1459 if (NameLength > 0) 1460 AdaptersName = (char*) malloc(NameLength); 1461 else 1462 { 1463 *alldevsp = NULL; 1464 return 0; 1465 } 1466 if (AdaptersName == NULL) 1467 { 1468 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Cannot allocate enough memory to list the adapters."); 1469 return (-1); 1470 } 1471 1472 if (!PacketGetAdapterNames(AdaptersName, &NameLength)) { 1473 pcap_win32_err_to_str(GetLastError(), our_errbuf); 1474 pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "PacketGetAdapterNames: %s", 1475 our_errbuf); 1476 free(AdaptersName); 1477 return (-1); 1478 } 1479 1480 /* 1481 * "PacketGetAdapterNames()" returned a list of 1482 * null-terminated ASCII interface name strings, 1483 * terminated by a null string, followed by a list 1484 * of null-terminated ASCII interface description 1485 * strings, terminated by a null string. 1486 * This means there are two ASCII nulls at the end 1487 * of the first list. 1488 * 1489 * Find the end of the first list; that's the 1490 * beginning of the second list. 1491 */ 1492 desc = &AdaptersName[0]; 1493 while (*desc != '\0' || *(desc + 1) != '\0') 1494 desc++; 1495 1496 /* 1497 * Found it - "desc" points to the first of the two 1498 * nulls at the end of the list of names, so the 1499 * first byte of the list of descriptions is two bytes 1500 * after it. 1501 */ 1502 desc += 2; 1503 1504 /* 1505 * Loop over the elements in the first list. 1506 */ 1507 name = &AdaptersName[0]; 1508 while (*name != '\0') { 1509 bpf_u_int32 flags = 0; 1510 #ifdef HAVE_PACKET_IS_LOOPBACK_ADAPTER 1511 /* 1512 * Is this a loopback interface? 1513 */ 1514 if (PacketIsLoopbackAdapter(name)) { 1515 /* Yes */ 1516 flags |= PCAP_IF_LOOPBACK; 1517 } 1518 #endif 1519 1520 /* 1521 * Add an entry for this interface. 1522 */ 1523 if (pcap_add_if_win32(&devlist, name, flags, desc, 1524 errbuf) == -1) { 1525 /* 1526 * Failure. 1527 */ 1528 ret = -1; 1529 break; 1530 } 1531 name += strlen(name) + 1; 1532 desc += strlen(desc) + 1; 1533 } 1534 1535 if (ret == -1) { 1536 /* 1537 * We had an error; free the list we've been constructing. 1538 */ 1539 if (devlist != NULL) { 1540 pcap_freealldevs(devlist); 1541 devlist = NULL; 1542 } 1543 } 1544 1545 *alldevsp = devlist; 1546 free(AdaptersName); 1547 return (ret); 1548 } 1549