[Qemu-devel] Re: [PATCH] networking using libpcap

[Sebastian Herbszt]

Jung-uk Kim wrote:

> > Using pcap_setfilter helps and colinux (conet-bridged-daemon) does
> > use one too. Currently your filter is
> > "ether dst 52:54:00:12:34:56 or ((broadcast or multicast) and not
> > ether src 52:54:00:12:34:56)". The filter used by colinux is
> > "(ether dst 00:ff:81:24:00:00) or (ether broadcast or multicast) or
> > (ip broadcast or multicast)".
> >
> > The "and not ether src 52:54:00:12:34:56" part in your filter
> > prevents the VM from seeing own packets. It doesn't reply to own
> > "ping broadcast" where it does in colinux and VMware Server.
>
> I knew that I might have missed some edge cases. ;-P Corrected and 
> enabled by default.

I noticed you removed PCAP_SET_FILTER. Could people benefit from
disabling the filter? I am not sure but it might be worth to revive
PCAP_SET_FILTER and set its default value to 1. Or if there are valid
configurations which do need the filter disabled even turn (later) it into a
"filter=off" parameter.

> > I noticed that if no ifname is passed you try to get one with
> > pcap_lookupdev. This is broken on winpcap, please see
> > http://www.winpcap.org/pipermail/winpcap-bugs/2006-May/000220.html
>
> I don't think it is "broken" on Windows.  The OP was just saying that 
> it returns device name in wide characters on Windows.

I was more concerned with "the behaviour is in any case different from
Linux because it reports all the adapters, while pcap_lookupdev on unix
reports just the first adapter" part, but did just test it and it seems to
have been fixed since.

> In fact, both 
> tcpdump (3.9.8) and WinDump (3.9.5) seem to do the same (trimmed 
> formatting):
>
> -----------------
> if (device == NULL) {
> device = pcap_lookupdev(ebuf);
> if (device == NULL)
> error("%s", ebuf);
> }
> #ifdef WIN32
> //we assume that an ASCII string is always longer than 1 char
> if(strlen(device) == 1)
> { //a Unicode string has a \0 as second byte (so strlen() is 1)
> fprintf(stderr, "%s: listening on %ws\n", program_name, device);
> }
> else
> {
> fprintf(stderr, "%s: listening on %s\n", program_name, device);
> }
>
> fflush(stderr);
> #endif /* WIN32 */
> *ebuf = '\0';
> pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
> if (pd == NULL)
> error("%s", ebuf);
> else if (*ebuf)
> warning("%s", ebuf);
> -----------------
>
> The OP had to use %ws format, not just %s, it seems.  In fact, WinPcap 
> seems to convert ASCII names to Unicode names unconditionally from 
> pcap_lookupdev():
>
> /*
> * Windows NT (NT 4.0, W2K, WXP). Convert the names to UNICODE for 
> backward compatibility
> */

and converts those back to ASCII. pcap-win32.c pcap_create() has

if (strlen(device) == 1)
{
 /*
  * It's probably a unicode string
  * Convert to ascii and pass it to pcap_create_common
  *
  * This wonderful hack is needed because pcap_lookupdev still returns
  * unicode strings, and it's used by windump when no device is specified
  * in the command line
  */

> > I am not sure if pcap_lookupdev() gets you the "right" interface on
> > non-win32, so maybe just require ifname (tap does it too)?
>
> At least, it works for me on FreeBSD. :-) Does WinDump work without 
> specifying interface name when there is only one network device?  If 
> it does, I am not going to change it.

WinDump-3.9.5.exe: listening on \Device\NPF_GenericDialupAdapter

I have more than one adapter present, but i think the above one is present
in all Windows configurations and get's returned by pcap_lookupdev() as the
first adapter. One of the correct adapaters for me would be
\Device\NPF_{E8D10154-6C93-4BB1-808F-9816E1CB076C}.

- Sebastian