From 3fa0edc7dd704410eb068046a8083543a0194520 Mon Sep 17 00:00:00 2001
From: Shannon Weyrick <sweyrick@ns1.com>
Date: Wed, 10 Nov 2021 09:01:40 -0500
Subject: [PATCH 1/3] log available iface names for capture

---
 src/inputs/pcap/PcapInputStream.cpp | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/inputs/pcap/PcapInputStream.cpp b/src/inputs/pcap/PcapInputStream.cpp
index 78303cdce..88d3e3b8c 100644
--- a/src/inputs/pcap/PcapInputStream.cpp
+++ b/src/inputs/pcap/PcapInputStream.cpp
@@ -4,6 +4,7 @@
 
 #include "PcapInputStream.h"
 #include <pcap.h>
+#include <spdlog/spdlog.h>
 #include <timer.hpp>
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wold-style-cast"
@@ -87,6 +88,8 @@ void PcapInputStream::start()
         return;
     }
 
+    auto logger = spdlog::get("visor");
+
     if (config_exists("pcap_file")) {
         // read from pcap file. this is a special case from a command line utility
         assert(config_exists("bpf"));
@@ -137,6 +140,18 @@ void PcapInputStream::start()
         interfaceIP6 = TARGET;
     }
 
+    // gather list of valid interfaces
+    std::vector<std::string> ifNameListV;
+    auto l = pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDevicesList();
+    for (const auto &ifd : l) {
+        ifNameListV.push_back(ifd->getName());
+    }
+    std::string ifNameList = std::accumulate(std::begin(ifNameListV), std::end(ifNameListV), std::string(),
+        [](std::string &ss, std::string &s) {
+            return ss.empty() ? s : ss + "," + s;
+        });
+    logger->info("interfaces available for capture: {}", ifNameList);
+
     if (_cur_pcap_source == PcapSource::libpcap) {
         pcpp::PcapLiveDevice *pcapDevice;
         // extract pcap live device by interface name or IP address
@@ -152,7 +167,7 @@ void PcapInputStream::start()
         } else {
             pcapDevice = pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDeviceByName(TARGET);
             if (pcapDevice == nullptr) {
-                throw PcapException("Couldn't find interface by provided name: " + TARGET);
+                throw PcapException(fmt::format("Couldn't find interface by provided name: \"{}\". Available interface: {}", TARGET, ifNameList));
             }
         }
 
@@ -177,7 +192,7 @@ void PcapInputStream::start()
 
         pcap_freealldevs(interfaceList);
         if (_pcapDevice == nullptr) {
-            throw PcapException("Couldn't find interface by provided name: " + TARGET);
+            throw PcapException(fmt::format("Couldn't find interface by provided name: \"{}\". Available interface: {}", TARGET, ifNameList));
         }
         // end upstream PcapPlusPlus incompatibility block
 

From e210063be795100f8428f3683936483b4e64cc92 Mon Sep 17 00:00:00 2001
From: Shannon Weyrick <sweyrick@ns1.com>
Date: Wed, 10 Nov 2021 09:51:03 -0500
Subject: [PATCH 2/3] refactor out iface list func, add to info json

---
 src/inputs/pcap/PcapInputStream.cpp | 35 ++++++++++++++++-------------
 src/inputs/pcap/PcapInputStream.h   |  1 +
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/src/inputs/pcap/PcapInputStream.cpp b/src/inputs/pcap/PcapInputStream.cpp
index 88d3e3b8c..0598c90e7 100644
--- a/src/inputs/pcap/PcapInputStream.cpp
+++ b/src/inputs/pcap/PcapInputStream.cpp
@@ -88,8 +88,6 @@ void PcapInputStream::start()
         return;
     }
 
-    auto logger = spdlog::get("visor");
-
     if (config_exists("pcap_file")) {
         // read from pcap file. this is a special case from a command line utility
         assert(config_exists("bpf"));
@@ -139,18 +137,7 @@ void PcapInputStream::start()
         interfaceIP4 = TARGET;
         interfaceIP6 = TARGET;
     }
-
-    // gather list of valid interfaces
-    std::vector<std::string> ifNameListV;
-    auto l = pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDevicesList();
-    for (const auto &ifd : l) {
-        ifNameListV.push_back(ifd->getName());
-    }
-    std::string ifNameList = std::accumulate(std::begin(ifNameListV), std::end(ifNameListV), std::string(),
-        [](std::string &ss, std::string &s) {
-            return ss.empty() ? s : ss + "," + s;
-        });
-    logger->info("interfaces available for capture: {}", ifNameList);
+    std::string ifNameList = _get_interface_list();
 
     if (_cur_pcap_source == PcapSource::libpcap) {
         pcpp::PcapLiveDevice *pcapDevice;
@@ -167,7 +154,7 @@ void PcapInputStream::start()
         } else {
             pcapDevice = pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDeviceByName(TARGET);
             if (pcapDevice == nullptr) {
-                throw PcapException(fmt::format("Couldn't find interface by provided name: \"{}\". Available interface: {}", TARGET, ifNameList));
+                throw PcapException(fmt::format("Couldn't find interface by provided name: \"{}\". Available interfaces: {}", TARGET, ifNameList));
             }
         }
 
@@ -192,7 +179,7 @@ void PcapInputStream::start()
 
         pcap_freealldevs(interfaceList);
         if (_pcapDevice == nullptr) {
-            throw PcapException(fmt::format("Couldn't find interface by provided name: \"{}\". Available interface: {}", TARGET, ifNameList));
+            throw PcapException(fmt::format("Couldn't find interface by provided name: \"{}\". Available interfaces: {}", TARGET, ifNameList));
         }
         // end upstream PcapPlusPlus incompatibility block
 
@@ -219,6 +206,21 @@ void PcapInputStream::start()
     _running = true;
 }
 
+std::string PcapInputStream::_get_interface_list() const
+{
+    // gather list of valid interfaces
+    std::vector<std::string> ifNameListV;
+    auto l = pcpp::PcapLiveDeviceList::getInstance().getPcapLiveDevicesList();
+    for (const auto &ifd : l) {
+        ifNameListV.push_back(ifd->getName());
+    }
+    std::string ifNameList = std::accumulate(std::begin(ifNameListV), std::end(ifNameListV), std::string(),
+        [](std::string &ss, std::string &s) {
+            return ss.empty() ? s : ss + "," + s;
+        });
+    return ifNameList;
+}
+
 void PcapInputStream::stop()
 {
     if (!_running) {
@@ -545,6 +547,7 @@ void PcapInputStream::info_json(json &j) const
 {
     common_info_json(j);
     json info;
+    info["available_iface"] = _get_interface_list();
     info["host_ips"] = json::object();
     for (auto &i : _hostIPv4) {
         std::stringstream out;
diff --git a/src/inputs/pcap/PcapInputStream.h b/src/inputs/pcap/PcapInputStream.h
index 28a4096f6..943d409df 100644
--- a/src/inputs/pcap/PcapInputStream.h
+++ b/src/inputs/pcap/PcapInputStream.h
@@ -67,6 +67,7 @@ class PcapInputStream : public visor::InputStream
     void _open_libpcap_iface(const std::string &bpfFilter = "");
     void _get_hosts_from_libpcap_iface();
     void _generate_mock_traffic();
+    std::string _get_interface_list() const;
 
 #ifdef __linux__
     void _open_af_packet_iface(const std::string &iface, const std::string &bpfFilter);

From 7d3d06bb8f1c695fda2f76359482c97cd6a950fc Mon Sep 17 00:00:00 2001
From: Shannon Weyrick <sweyrick@ns1.com>
Date: Wed, 10 Nov 2021 09:52:28 -0500
Subject: [PATCH 3/3] remove unneeded header

---
 src/inputs/pcap/PcapInputStream.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/inputs/pcap/PcapInputStream.cpp b/src/inputs/pcap/PcapInputStream.cpp
index 0598c90e7..7ba497ff8 100644
--- a/src/inputs/pcap/PcapInputStream.cpp
+++ b/src/inputs/pcap/PcapInputStream.cpp
@@ -4,7 +4,6 @@
 
 #include "PcapInputStream.h"
 #include <pcap.h>
-#include <spdlog/spdlog.h>
 #include <timer.hpp>
 #pragma GCC diagnostic push
 #pragma GCC diagnostic ignored "-Wold-style-cast"