Ethereal-dev: Re: [Ethereal-dev] Win32 only: very detailed NDIS network driver information ava

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Loris Degioanni <loris.degioanni@xxxxxxxxx>
Date: Sat, 21 May 2005 11:38:10 -0700

Guy Harris wrote:
Loris Degioanni wrote:

A much better solution would be to extend libpcap pcap_if with more fields (the MAC address, for example, is one I always missed),


The trouble with extending "struct pcap_if" is that you might have to do it more than once, and, although with autoconf an application could determine at compile time what fields the structure has, there's no guarantee that the version of libpcap/WinPcap the application was built with is the one it's run with.

I was thinking, instead, of having new APIs that return attribute/value lists for the interfaces, using the option code values from PCAP NG's Interface Description Block as the tags for the attributes; that way, it's easier to add new attributes, *and* it's possible not to return particular attributes if they don't apply to the interface (e.g., the MAC address for non-LAN interfaces) or if they're not available on a particular platform.

something like:

int pcap_get_option (pcap_t *handle, u_int32 option_code, void *option_value, u_int32 *pvalue_length)

and then

 u_int32 opt_value = 1234;
 u_int32 opt_len = sizeof(u_int32);
 pcap_get_option(handle, SOME_CODE, &opt_value, &opt_len);

Some of the other items mentioned are statistics rather than attributes; I also want to replace "pcap_stats()" with a new API that returns a similar list of tagged statistics, with the tags being option code values from the Interface Statistics Block. "struct pcap_stat" is *very* hard to extend without badly breaking binary compatibility (i.e., if an application built with an older version of libpcap with a smaller "struct pcap_stat" is run with a newer version with a larger "struct pcap_stat", "pcap_stats()" will scribble past the end of the structure), and it also doesn't have a good way of indicating that a particular statistic isn't available (so, instead, some statistics have different meanings on different platforms).

I totally agree.
The problem is the heterogeneity of the platforms supported by libpcap. The function should be generic enough to return only the values available on the platform (possibly none), in an easily expandable list.

Loris

Getting interface statistics such as the number of packets with bad CRCs is, unfortunately, quite platform-dependent and

1) might have to be done in a not-well-documented fashion (e.g., using the kstats stuff in Solaris)

and

2) might require root privileges on, for example, platforms that don't have an API and just require that you fetch them from the kernel's address space using "/dev/kmem"

so they might end up not being available on all platforms.


Hi List!

And yet another new feature I had a long time on my personal wish list ...

As I'm working on this for about two (or more?) weeks on this, and I'm
planning to fix some reported problems with the capturing engine, here's
the first implementation of a very detailed information from the NDIS
network driver information (have to get my personal source tree again in
sync with latest...).

What it's doing:

In the Capture Interfaces dialog, I've added a new "Details" button for
every interface, which - if pressed - will show a dialog with some very
detailed information about that interface.

As I only work with Ethernet and WLAN interfaces, "only" these
interfaces are displayed. Others could be added on demand (and where
info is available) later.

How it's doing it:

The WinPcap library has a dll called packet.dll for low level access to
the network devices (which itself uses it for the higher level
wpcap.dll). This dll contains a function called PacketRequest to access
the NDIS network card driver. Through this way all the "official"
functions (status, statistics, ...) of the network driver are available.

Drawbacks:

WinPcap marks the packet.dll as "*we don't grant that the packet.dll API
will not be changed in the future releases*". However, as the
informations gathered through this method are really invaluable, IMHO
it's worth to use it anyway.

I don't know if the packet.dll was already available in the WinPcap 2.x
releases, so there might be problems around.

To Do:

- add other interface types than Ethernet and WLAN
- add an update every x seconds (currently static content on the dialog
box) function


Please report any problems,

Regards, ULFL

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev



_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev