Menu
▾
▴
#135 pcap_findalldevs returns 0 but no devices and error set
Hello,
is it correct for pcap_findalldevs to return 0 but to return a null interfaces list and write stuff in the error buffer?
If it's ok could you please add a line on the man page writing that it can return null and so what should contain the interfaces list should be checked?
pcap is version 1.1.1, linux kernel is 2.6.34-rc4
rm@montag:~$ cat pcaptest.c
#include <pcap/pcap.h>
#include <stdio.h>
int main()
{
pcap_if_t *alldevs;
char errbuf[PCAP_ERRBUF_SIZE] = { 0 };
int ret;
ret = pcap_findalldevs(&alldevs, errbuf);
if (ret == -1) {
printf ("pcap_findalldevs failed\n", ret);
}
if (alldevs == NULL)
printf ("alldevs is null\n");
printf("%s\n", errbuf);
return 0;
}
rm@montag:~$ gcc -o pcap-test -l pcap pcaptest.c
rm@montag:~$ ./pcap
pcap pcap-test
rm@montag:~$ ./pcap-test
alldevs is null
usbmon8: Can't open USB bus file /sys/kernel/debug/usbmon/8t: No such file or directory
Discussion
Hi,
I'm experiencing exactly the same issue on debian with libpcap 1.1.1-2.
A way to disable usb support from within the code would be good.
Thanks,
Razvan
Yes, it is correct for pcap_findalldevs() to return 0 and a null interfaces list. As the man page notes:
pcap_findalldevs() constructs a list of network devices that can be
opened with pcap_create() and pcap_activate() or with pcap_open_live().
(Note that there may be network devices that cannot be opened by the
process calling pcap_findalldevs(), because, for example, that process
does not have sufficient privileges to open them for capturing; if so,
those devices will not appear on the list.)
On Linux, for example, you need, by default, root privileges to open devices, so if you aren't running as root or with the appropriate capabilities, you will not get any devices in the list.
I've updated the man page, in the trunk and the 1.1 branches, to note that.
Also note, however, that the man page now says
pcap_findalldevs() returns 0 on success and −1 on failure; as indi‐
cated, finding no devices is considered success, rather than failure,
so 0 will be returned in that case. If −1 is returned, errbuf is
filled in with an appropriate error message. errbuf is assumed to be
able to hold at least PCAP_ERRBUF_SIZE chars.
*and* used to say
pcap_findalldevs() returns 0 on success and -1 on failure. If -1 is
returned, errbuf is filled in with an appropriate error message.
errbuf is assumed to be able to hold at least PCAP_ERRBUF_SIZE chars.
The fact that it says "*If* -1 is returned, errbuf is filled in with an appropriate error message." is intended to indicate that if 0 is returned, errbuf is *not* filled in with an appropriate error message; it might not be filled in with anything, in which case it contains whatever was there before the call, or it might happen to be filled in with junk from the call. Do not use its contents if errbuf 0 is returned.
And, no, disabling USB support from within the code would do no good whatsoever; it would just mean that, with the current implementation of pcap_findalldevs(), a random failure message from a non-USB device would appear if you're not running with the appropriate privileges.
The correct behavior here is
1) do *NOT* look at errbuf if pcap_findalldevs() returned 0;
2) run programs that attempt to capture traffic, or even just list the devices on which you *can* capture traffic, with the appropriate privileges.
Administrators of the "libpcap" SourceForge project have superseded this tracker item (formerly artifact 2989028, now bug 135) with issue 137 of the "libpcap" GitHub project.