Re: Fix for WinPcap 3.1

[Andy Lutomirski <luto () stanford edu>]

Fyodor wrote:

> Does Winpcap support the pcap_version[] array that normal libpcap
> offers?  Here is how Nmap uses it in its configure.ac script:

No.  But the attached patch (attached because the line length is too 
long...) seems to work.  It's not exactly pretty, though.  As an added 
bonus, it adds the winpcap version to the --win_trace output.

It needs testing b/c netgroup-serv.polito.it is down and I can't 
download winpcap 3.1.

--Andy

P.S.  Have I ever mentioned that winip is ugly?  It's about time for a 
rewrite...

Index: mswin32/winip/winip.c
===================================================================
--- mswin32/winip/winip.c       (revision 48)
+++ mswin32/winip/winip.c       (working copy)
@@ -60,7 +60,7 @@
 int pcap_avail = 0;
 int rawsock_avail = 0;
 int winbug = 0;
-extern int iphlp_avail;
+extern int iphlp_avail;
 extern int net_avail;
 
 /*   internal functions   */
@@ -149,6 +149,25 @@
        ZeroMemory(&wo, sizeof(wo));
 }
 
+char *packet_version_string()
+{
+       HMODULE hModPacket = GetModuleHandle("packet.dll");
+       if(!hModPacket) return 0; // Don't force a load -- it should already be there
+
+       return (char*)GetProcAddress(hModPacket, "PacketLibraryVersion");
+}
+
+bool pcap_uses_ascii(char *pcapver)
+{
+       //      Note: false is generally safe.  True requires certainty.
+       if(!pcapver) return false;
+       if(*pcapver == 0) return false; // huh?
+       if(pcapver[0] == '1' || pcapver[0] == '2') return false;
+       if(!strncmp(pcapver, "3.0", 3)) return false;
+
+       return true; // looks new!
+}
+
 void winip_postopt_init()
 {
        //      variables
@@ -382,22 +401,28 @@
        if(pcap_avail)
        {
                if(wo.trace) printf("***WinIP***  reading winpcap interface list\n");
-               if(ver.dwPlatformId == VER_PLATFORM_WIN32_NT)
+               char *pcapver = packet_version_string();
+               if(wo.trace) printf("***WinIP***  using WinPCap version %s\n",
+                       pcapver ? pcapver : "[unknown]");
+               if(ver.dwPlatformId == VER_PLATFORM_WIN32_NT && pcaplist[1] == '\0'
+                       && !pcap_uses_ascii(pcapver))
                {
-                       //      NT version
+                       //      NT version with Unicode names
                        WCHAR *a = (WCHAR*)pcaplist;
                        while(*a)
                        {
+                               if(wo.trace) printf("***WinIP***  init %S (Unicode)\n", a);
                                winip_init_pcap((char*)a);
                                a += wcslen(a) + 1;
                        }
                }
                else
                {
-                       //      9x/Me version
+                       //      9x/Me or WinPcap 3.1 with ASCII names
                        char *a = pcaplist;
                        while(*a)
                        {
+                               if(wo.trace) printf("***WinIP***  init %s (ASCII)\n", a);
                                winip_init_pcap(a);
                                a += strlen(a) + 1;
                        }

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org