Wireshark-bugs: [Wireshark-bugs] [Bug 7374] Update interface lists on interface add/removal

Date: Fri, 29 Jun 2012 11:31:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7374

Guy Harris <guy@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         OS/Version|Linux (other)               |All

--- Comment #29 from Guy Harris <guy@xxxxxxxxxxxx> 2012-06-29 11:31:16 PDT ---
OK, I've added code to monitor a PF_SYSTEM/SYSPROTO_EVENT socket on OS X to get
network interface events.

We probably want to deliver *three* types of events to the callback:

    an interface named XXX is now available for capture;

    the interface named XXX is no longer available for capture;

    some property we care about changed on interface XXX, but it's still
available for capture.

Unfortunately, "available for capture" isn't necessarily indicated by the
underlying kernel mechanism - on Linux, I think a PF_PACKET socket can be bound
to *any* network adapter as long as it's up, but on systems with BPF, not all
interface drivers necessarily connect to BPF, and on systems that use DLPI for
"real" interfaces, not all interfaces known to the IP layer are "real"
interfaces (the loopback interface isn't a DLPI interface on Solaris, for
example), so the callback would need to check whether it can open the adapter
in any case.

On platforms where an interface has to be up to support capturing (Linux at
least up to 3.0.4 and OS X up to and including Snow Leopard, for example):

    "an interface named XXX is now available for capture" should be delivered
if the "up" flag goes from off to on, as the mere arrival of the interface
might not suffice;

    "the interface named XXX is no longer available for capture" should be
delivered if the "up" flag goes from on to off *AND* if the interface
completely goes away.

I need to add some more code to the OS X code to watch the interface flags.

For Linux, does the current code get "this interface has completely gone away"
events?  If not, what needs to be done to make it do so?

As for "some property we care about changed on interface XXX, but it's still
available for capture", I'm mainly thinking of IP addresses; I think I can get
those in OS X (see comments in the code) - what's necessary for that on Linux?

(I'll continue to look at Windows - from some Googling, Windows Management
Instrumentation:

   
http://msdn.microsoft.com/en-us/library/windows/desktop/aa394582(v=vs.85).aspx

   
http://msdn.microsoft.com/en-us/library/windows/desktop/aa394572(v=vs.85).aspx

might be the place to tap in for notifications of interface arrival, departure,
and address changes.

I'll also look into *BSD - the answer might differ from BSD to BSD - and
Solaris and so on.)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.