[Winpcap-users] Problems with the modified wpcap.dll in Wireshark

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Oct 17 19:42:57 GMT 2007 

Does Wireshark call pcap_setbuff or directly PacketSetBuff(p->adapter,dim)?
In the former case, a quick'n'dirty solution for the problem is adding some 
code in pcap_setbuff to have it fail if p->adapter is NULL (I think that 
there are some other Win32 specific APIs that will have the same problem, 
I'm thinking of e.g. pcap_getevent()).
In the latter case, checking again for p->adapter should be enough (although 
Wireshark should not call the Packet API directly...)

Have a nice day
GV



----- Original Message ----- 
From: "Guy Harris" <guy at alum.mit.edu>
To: <winpcap-users at winpcap.org>
Sent: Wednesday, October 17, 2007 12:25 PM
Subject: Re: [Winpcap-users] Problems with the modified wpcap.dll in 
Wireshark


> Gianluca Varenni wrote:
>> The function is implemented in Packet.dll, the sources are in
>> \winpcap\Packetntx\dll\packet32.cpp
>> It's my understanding that you implemented support for your card
>> directly in wpcap.dll. If so, the p->adapter field is a NULL/bogus
>> pointer, so there Packet API will receive a NULL/bogus pointer!
>
> Unfortunately, there's currently no setbuff_op entry in a pcap_t, so
> WinPcap can only check whether the p->adapter field is null or not.
>
> I've checked a change into the libpcap 1.0 branch to add a setbuff_op
> entry, along with setmode_op and setmintocopy_op entries, had
> pcap_setbuff(), pcap_setmode(), and pcap_setmintocopy() use them, and
> set up savefile.c and pcap-win32.c to set the pointers appropriately.
> That'd let the new SS7 stuff supply its own setbuff_op routine, which
> could just return 0 and do nothing.  A future libpcap 1.0-based WinPcap
> will have those changes.
>
> I've attached a patch for the change I checked in.  Similar changes
> would have to be made to the version of WinPcap to which the SS7 device
> support is being added, and the open_live routine for the SS7 device
> would have to set the setmode_op pointer to a routine that just returns 0.
>


--------------------------------------------------------------------------------


> Index: pcap-int.h
> ===================================================================
> RCS file: /tcpdump/master/libpcap/pcap-int.h,v
> retrieving revision 1.85
> diff -c -r1.85 pcap-int.h
> *** pcap-int.h 29 Sep 2007 19:33:29 -0000 1.85
> --- pcap-int.h 17 Oct 2007 18:51:23 -0000
> ***************
> *** 212,217 ****
> --- 212,232 ----
>  int (*getnonblock_op)(pcap_t *, char *);
>  int (*setnonblock_op)(pcap_t *, int, char *);
>  int (*stats_op)(pcap_t *, struct pcap_stat *);
> + #ifdef WIN32
> + /*
> + * Win32-only; given the way the buffer size is set with BPF,
> + * to make this cross-platform we'll have to set the buffer
> + * size at open time.
> + */
> + int (*setbuff_op)(pcap_t *, int);
> +
> + /*
> + * These are, at least currently, specific to the Win32 NPF
> + * driver.
> + */
> + int (*setmode_op)(pcap_t *, int);
> + int (*setmintocopy_op)(pcap_t *, int);
> + #endif
>  void (*close_op)(pcap_t *);
>
>  /*
> Index: pcap-win32.c
> ===================================================================
> RCS file: /tcpdump/master/libpcap/pcap-win32.c,v
> retrieving revision 1.34
> diff -c -r1.34 pcap-win32.c
> *** pcap-win32.c 25 Sep 2007 20:34:36 -0000 1.34
> --- pcap-win32.c 17 Oct 2007 18:51:24 -0000
> ***************
> *** 100,105 ****
> --- 100,142 ----
>  return 0;
>  }
>
> + /* Set the dimension of the kernel-level capture buffer */
> + static int
> + pcap_setbuff_win32(pcap_t *p, int dim)
> + {
> + if(PacketSetBuff(p->adapter,dim)==FALSE)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory 
> to allocate the kernel buffer");
> + return -1;
> + }
> + return 0;
> + }
> +
> + /* Set the driver working mode */
> + static int
> + pcap_setmode_win32(pcap_t *p, int mode)
> + {
> + if(PacketSetMode(p->adapter,mode)==FALSE)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: working mode not 
> recognized");
> + return -1;
> + }
> +
> + return 0;
> + }
> +
> + /*set the minimum amount of data that will release a read call*/
> + static int
> + pcap_setmintocopy_win32(pcap_t *p, int size)
> + {
> + if(PacketSetMinToCopy(p->adapter, size)==FALSE)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: unable to set the 
> requested mintocopy size");
> + return -1;
> + }
> + return 0;
> + }
> +
>  static int
>  pcap_read_win32_npf(pcap_t *p, int cnt, pcap_handler callback, u_char 
> *user)
>  {
> ***************
> *** 641,646 ****
> --- 678,686 ----
>  p->getnonblock_op = pcap_getnonblock_win32;
>  p->setnonblock_op = pcap_setnonblock_win32;
>  p->stats_op = pcap_stats_win32;
> + p->setbuff_op = pcap_setbuff_win32;
> + p->setmode_op = pcap_setmode_win32;
> + p->setmintocopy_op = pcap_setmintocopy_win32;
>  p->close_op = pcap_close_win32;
>
>  return (p);
> ***************
> *** 747,807 ****
>  return (0);
>  }
>
> - /* Set the driver working mode */
> - int
> - pcap_setmode(pcap_t *p, int mode){
> -
> - if (p->adapter==NULL)
> - {
> - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "impossible to set mode while 
> reading from a file");
> - return -1;
> - }
> -
> - if(PacketSetMode(p->adapter,mode)==FALSE)
> - {
> - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: working mode not 
> recognized");
> - return -1;
> - }
> -
> - return 0;
> - }
> -
> - /* Set the dimension of the kernel-level capture buffer */
> - int
> - pcap_setbuff(pcap_t *p, int dim)
> - {
> - if (p->adapter==NULL)
> - {
> - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "The kernel buffer size cannot be 
> set while reading from a file");
> - return -1;
> - }
> -
> - if(PacketSetBuff(p->adapter,dim)==FALSE)
> - {
> - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: not enough memory 
> to allocate the kernel buffer");
> - return -1;
> - }
> - return 0;
> - }
> -
> - /*set the minimum amount of data that will release a read call*/
> - int
> - pcap_setmintocopy(pcap_t *p, int size)
> - {
> - if (p->adapter==NULL)
> - {
> - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "Impossible to set the mintocopy 
> parameter on an offline capture");
> - return -1;
> - }
> -
> - if(PacketSetMinToCopy(p->adapter, size)==FALSE)
> - {
> - snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "driver error: unable to set the 
> requested mintocopy size");
> - return -1;
> - }
> - return 0;
> - }
> -
>  /*platform-dependent routine to add devices other than NDIS interfaces*/
>  int
>  pcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf)
> --- 787,792 ----
> Index: pcap.c
> ===================================================================
> RCS file: /tcpdump/master/libpcap/pcap.c,v
> retrieving revision 1.112
> diff -c -r1.112 pcap.c
> *** pcap.c 5 Oct 2007 01:40:14 -0000 1.112
> --- pcap.c 17 Oct 2007 18:51:25 -0000
> ***************
> *** 757,762 ****
> --- 757,806 ----
>  return (-1);
>  }
>
> + #ifdef WIN32
> + int
> + pcap_setbuff(pcap_t *p, int dim)
> + {
> + return p->setbuff_op(p, dim);
> + }
> +
> + static int
> + pcap_setbuff_dead(pcap_t *p, int dim)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
> +     "The kernel buffer size cannot be set on a pcap_open_dead pcap_t");
> + return (-1);
> + }
> +
> + int
> + pcap_setmode(pcap_t *p, int mode)
> + {
> + return p->setmode_op(p, mode);
> + }
> +
> + static int
> + pcap_setmode_dead(pcap_t *p, int mode)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
> +     "impossible to set mode on a pcap_open_dead pcap_t");
> + return (-1);
> + }
> +
> + int
> + pcap_setmintocopy(pcap_t *p, int size)
> + {
> + return p->setintocopy_op(p, size);
> + }
> +
> + static int
> + pcap_setmintocopy_dead(pcap_t *p, int size)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
> +     "The mintocopy parameter cannot be set on a pcap_open_dead pcap_t");
> + return (-1);
> + }
> + #endif
> +
>  void
>  pcap_close_common(pcap_t *p)
>  {
> ***************
> *** 786,791 ****
> --- 830,840 ----
>  p->snapshot = snaplen;
>  p->linktype = linktype;
>  p->stats_op = pcap_stats_dead;
> + #ifdef WIN32
> + p->setbuff_op = pcap_setbuff_dead;
> + p->setmode_op = pcap_setmode_dead;
> + p->setmintocopy_op = pcap_setmintocopy_dead;
> + #endif
>  p->close_op = pcap_close_dead;
>  return p;
>  }
> Index: savefile.c
> ===================================================================
> RCS file: /tcpdump/master/libpcap/savefile.c,v
> retrieving revision 1.168
> diff -c -r1.168 savefile.c
> *** savefile.c 5 Oct 2007 01:40:15 -0000 1.168
> --- savefile.c 17 Oct 2007 18:51:25 -0000
> ***************
> *** 953,958 ****
> --- 953,984 ----
>  return (-1);
>  }
>
> + #ifdef WIN32
> + static int
> + sf_setbuff(pcap_t *p, int dim)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
> +     "The kernel buffer size cannot be set while reading from a file");
> + return (-1);
> + }
> +
> + static int
> + sf_setmode(pcap_t *p, int mode)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
> +     "impossible to set mode while reading from a file");
> + return (-1);
> + }
> +
> + static int
> + sf_setmintocopy(pcap_t *p, int size)
> + {
> + snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
> +     "The mintocopy parameter cannot be set while reading from a file");
> + return (-1);
> + }
> + #endif
> +
>  static int
>  sf_inject(pcap_t *p, const void *buf _U_, size_t size _U_)
>  {
> ***************
> *** 1202,1207 ****
> --- 1228,1238 ----
>  p->getnonblock_op = sf_getnonblock;
>  p->setnonblock_op = sf_setnonblock;
>  p->stats_op = sf_stats;
> + #ifdef WIN32
> + p->setbuff_op = sf_setbuff;
> + p->setmode_op = sf_setmode;
> + p->setmintocopy_op = sf_setmintocopy;
> + #endif
>  p->close_op = sf_close;
>
>  return (p);
>


--------------------------------------------------------------------------------


> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>

More information about the Winpcap-users mailing list