Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Return PCAP_ERROR_PROMISC_PERM_DENIED if you have permission to open the

DLPI device but don't have permission to put the interface in
promiscuous mode; some systems using DLPI work that way.

Change the libdlpi code to return a warning if you *are* using
physical promiscuous mode and you fail to turn on SAP promiscuous mode,
not if you *aren't* using physical promiscuous mode and you fail to turn
on SAP promiscuous mode; that matches with the no-libdlpi code does, and
matches what the comment says.

Pull dlattachreq up into dl_doattach().
  • Loading branch information...
commit 74b7b4259fde15dbb07cde3a5920e9f7e0ed4484 1 parent b26d8d2
@guyharris guyharris authored
View
84 pcap-dlpi.c
@@ -143,10 +143,9 @@ static int dl_doattach(int, int, char *);
#ifdef DL_HP_RAWDLS
static int dl_dohpuxbind(int, char *);
#endif
-static int dlattachreq(int, bpf_u_int32, char *);
+static int dlpromiscon(pcap_t *, bpf_u_int32);
static int dlbindreq(int, bpf_u_int32, char *);
static int dlbindack(int, char *, char *, int *);
-static int dlpromisconreq(int, bpf_u_int32, char *);
static int dlokack(int, const char *, char *, char *);
static int dlinforeq(int, char *);
static int dlinfoack(int, char *, char *);
@@ -610,9 +609,12 @@ pcap_activate_dlpi(pcap_t *p)
/*
** Enable promiscuous (not necessary on send FD)
*/
- if (dlpromisconreq(p->fd, DL_PROMISC_PHYS, p->errbuf) < 0 ||
- dlokack(p->fd, "promisc_phys", (char *)buf, p->errbuf) < 0)
+ status = dlpromiscon(p, DL_PROMISC_PHYS);
+ if (status < 0) {
+ if (status == PCAP_ERROR_PERM_DENIED)
+ status = PCAP_ERROR_PROMISC_PERM_DENIED;
goto bad;
+ }
/*
** Try to enable multicast (you would have thought
@@ -620,8 +622,8 @@ pcap_activate_dlpi(pcap_t *p)
** HP-UX or SINIX) (Not necessary on send FD)
*/
#if !defined(__hpux) && !defined(sinix)
- if (dlpromisconreq(p->fd, DL_PROMISC_MULTI, p->errbuf) < 0 ||
- dlokack(p->fd, "promisc_multi", (char *)buf, p->errbuf) < 0)
+ status = dlpromiscon(p, DL_PROMISC_MULTI);
+ if (status < 0)
status = PCAP_WARNING;
#endif
}
@@ -636,15 +638,20 @@ pcap_activate_dlpi(pcap_t *p)
!p->opt.promisc &&
#endif
#ifdef HAVE_SOLARIS
- !isatm &&
+ !isatm
#endif
- (dlpromisconreq(p->fd, DL_PROMISC_SAP, p->errbuf) < 0 ||
- dlokack(p->fd, "promisc_sap", (char *)buf, p->errbuf) < 0)) {
- /* Not fatal if promisc since the DL_PROMISC_PHYS worked */
- if (p->opt.promisc)
- status = PCAP_WARNING;
- else
- goto bad;
+ ) {
+ status = dlpromiscon(p, DL_PROMISC_SAP);
+ if (status < 0) {
+ /*
+ * Not fatal, since the DL_PROMISC_PHYS mode worked.
+ * Report it as a warning, however.
+ */
+ if (p->opt.promisc)
+ status = PCAP_WARNING;
+ else
+ goto bad;
+ }
}
#endif /* sinix */
@@ -815,11 +822,15 @@ split_dname(char *device, int *unitp, char *ebuf)
static int
dl_doattach(int fd, int ppa, char *ebuf)
{
+ dl_attach_req_t req;
bpf_u_int32 buf[MAXDLBUF];
int err;
- if (dlattachreq(fd, ppa, ebuf) < 0)
+ req.dl_primitive = DL_ATTACH_REQ;
+ req.dl_ppa = ppa;
+ if (send_request(fd, (char *)&req, sizeof(req), "attach", ebuf) < 0)
return (PCAP_ERROR);
+
err = dlokack(fd, "attach", (char *)buf, ebuf);
if (err < 0)
return (err);
@@ -877,6 +888,27 @@ dl_dohpuxbind(int fd, char *ebuf)
}
#endif
+#define STRINGIFY(n) #n
+
+static int
+dlpromiscon(pcap_t *p, bpf_u_int32 level)
+{
+ dl_promiscon_req_t req;
+ bpf_u_int32 buf[MAXDLBUF];
+ int err;
+
+ req.dl_primitive = DL_PROMISCON_REQ;
+ req.dl_level = level;
+ if (send_request(p->fd, (char *)&req, sizeof(req), "promiscon",
+ p->errbuf) < 0)
+ return (PCAP_ERROR);
+ err = dlokack(p->fd, "promiscon" STRINGIFY(level), (char *)buf,
+ p->errbuf);
+ if (err < 0)
+ return (err);
+ return (0);
+}
+
int
pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
{
@@ -1222,17 +1254,6 @@ dlprim(bpf_u_int32 prim)
}
static int
-dlattachreq(int fd, bpf_u_int32 ppa, char *ebuf)
-{
- dl_attach_req_t req;
-
- req.dl_primitive = DL_ATTACH_REQ;
- req.dl_ppa = ppa;
-
- return (send_request(fd, (char *)&req, sizeof(req), "attach", ebuf));
-}
-
-static int
dlbindreq(int fd, bpf_u_int32 sap, char *ebuf)
{
@@ -1260,17 +1281,6 @@ dlbindack(int fd, char *bufp, char *ebuf, int *uerror)
}
static int
-dlpromisconreq(int fd, bpf_u_int32 level, char *ebuf)
-{
- dl_promiscon_req_t req;
-
- req.dl_primitive = DL_PROMISCON_REQ;
- req.dl_level = level;
-
- return (send_request(fd, (char *)&req, sizeof(req), "promiscon", ebuf));
-}
-
-static int
dlokack(int fd, const char *what, char *bufp, char *ebuf)
{
View
68 pcap-libdlpi.c
@@ -49,6 +49,7 @@ static const char rcsid[] _U_ =
#include "dlpisubs.h"
/* Forwards. */
+static int dlpromiscon(pcap_t *, bpf_u_int32);
static int pcap_read_libdlpi(pcap_t *, int, pcap_handler, u_char *);
static int pcap_inject_libdlpi(pcap_t *, const void *, size_t);
static void pcap_close_libdlpi(pcap_t *);
@@ -139,34 +140,43 @@ pcap_activate_libdlpi(pcap_t *p)
/* Enable promiscuous mode. */
if (p->opt.promisc) {
- retv = dlpi_promiscon(p->dlpi_hd, DL_PROMISC_PHYS);
- if (retv != DLPI_SUCCESS) {
- pcap_libdlpi_err(p->opt.source,
- "dlpi_promisc(PHYSICAL)", retv, p->errbuf);
+ err = dlpromiscon(p, DL_PROMISC_PHYS);
+ if (err < 0) {
+ /*
+ * "You don't have permission to capture on
+ * this device" and "you don't have permission
+ * to capture in promiscuous mode on this
+ * device" are different; let the user know,
+ * so if they can't get permission to
+ * capture in promiscuous mode, they can at
+ * least try to capture in non-promiscuous
+ * mode.
+ *
+ * XXX - you might have to capture in
+ * promiscuous mode to see outgoing packets.
+ */
+ if (err == PCAP_ERROR_PERM_DENIED)
+ err = PCAP_ERROR_PROMISC_PERM_DENIED;
goto bad;
}
} else {
/* Try to enable multicast. */
- retv = dlpi_promiscon(p->dlpi_hd, DL_PROMISC_MULTI);
- if (retv != DLPI_SUCCESS) {
- pcap_libdlpi_err(p->opt.source, "dlpi_promisc(MULTI)",
- retv, p->errbuf);
+ err = dlpromiscon(p, DL_PROMISC_MULTI);
+ if (err < 0)
goto bad;
- }
}
/* Try to enable SAP promiscuity. */
- retv = dlpi_promiscon(p->dlpi_hd, DL_PROMISC_SAP);
- if (retv != DLPI_SUCCESS) {
- if (p->opt.promisc) {
- pcap_libdlpi_err(p->opt.source, "dlpi_promisc(SAP)",
- retv, p->errbuf);
+ err = dlpromiscon(p, DL_PROMISC_SAP);
+ if (err < 0) {
+ /*
+ * Not fatal, since the DL_PROMISC_PHYS mode worked.
+ * Report it as a warning, however.
+ */
+ if (p->opt.promisc)
+ err = PCAP_WARNING;
+ else
goto bad;
- }
-
- /* Not fatal, since the DL_PROMISC_PHYS mode worked. */
- fprintf(stderr, "WARNING: dlpi_promisc(SAP) failed on"
- " %s:(%s)\n", p->opt.source, dlpi_strerror(retv));
}
/* Determine link type. */
@@ -219,6 +229,26 @@ pcap_activate_libdlpi(pcap_t *p)
return (err);
}
+#define STRINGIFY(n) #n
+
+static int
+dlpromiscon(pcap_t *p, bpf_u_int32 level)
+{
+ int err;
+
+ retv = dlpi_promiscon(p->hd, level);
+ if (retv != DLPI_SUCCESS) {
+ if (retv == DL_SYSERR && errno == EACCES)
+ err = PCAP_ERROR_PERM_DENIED;
+ else
+ err = PCAP_ERROR;
+ pcap_libdlpi_err(p->opt.source, "dlpi_promiscon" STRINGIFY(level),
+ retv, p->errbuf);
+ return (err);
+ }
+ return (0);
+}
+
/*
* In Solaris, the "standard" mechanism" i.e SIOCGLIFCONF will only find
* network links that are plumbed and are up. dlpi_walk(3DLPI) will find
View
6 pcap.c
@@ -470,7 +470,8 @@ pcap_open_live(const char *source, int snaplen, int promisc, int to_ms, char *er
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", source,
p->errbuf);
else if (status == PCAP_ERROR_NO_SUCH_DEVICE ||
- status == PCAP_ERROR_PERM_DENIED)
+ status == PCAP_ERROR_PERM_DENIED ||
+ status == PCAP_ERROR_PROMISC_PERM_DENIED)
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s (%s)", source,
pcap_statustostr(status), p->errbuf);
else
@@ -1149,6 +1150,9 @@ pcap_statustostr(int errnum)
case PCAP_ERROR_CANTSET_TSTAMP_TYPE:
return ("That device doesn't support setting the time stamp type");
+
+ case PCAP_ERROR_PROMISC_PERM_DENIED:
+ return ("You don't have permission to capture in promiscuous mode on that device");
}
(void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum);
return(ebuf);
View
1  pcap/pcap.h
@@ -252,6 +252,7 @@ typedef void (*pcap_handler)(u_char *, const struct pcap_pkthdr *,
#define PCAP_ERROR_PERM_DENIED -8 /* no permission to open the device */
#define PCAP_ERROR_IFACE_NOT_UP -9 /* interface isn't up */
#define PCAP_ERROR_CANTSET_TSTAMP_TYPE -10 /* this device doesn't support setting the time stamp type */
+#define PCAP_ERROR_PROMISC_PERM_DENIED -11 /* you don't have permission to capture in promiscuous mode */
/*
* Warning codes for the pcap API.
View
3  pcap_activate.3pcap
@@ -57,6 +57,9 @@ if the capture source specified when the handle was created doesn't
exist,
.B PCAP_ERROR_PERM_DENIED
if the process doesn't have permission to open the capture source,
+.B PCAP_ERROR_PROMISC_PERM_DENIED
+if the process has permission to open the capture source but doesn't
+have permission to put it into promiscuous mode,
.B PCAP_ERROR_RFMON_NOTSUP
if monitor mode was specified but the capture source doesn't support
monitor mode,
Please sign in to comment.
Something went wrong with that request. Please try again.