Re: pcap_findalldevs, pcap_addr doesn't have AF_INET entries on OSX

[Bob <waldo1979 () gmail com>]

Yes, I'm checking the whole linked list. I get an AF_LINK and AF_INET6 per interface but no AF_NET. Works great on 
Ubuntu. Probably something simple I'll keep debugging.

-Rob

On Apr 3, 2011, at 10:14 AM, Guy Harris <guy () alum mit edu> wrote:

> On Apr 2, 2011, at 7:40 PM, Bob wrote:
>
> > Hello, I just noticed that no AF_INET address is returned when getting an interface list (from pcap_findalldevs) on 
> > OSX even when an IPv4 address is assigned to that interface. An AF_INET6 address is however returned.  Is this the 
> > expect behavior?
>
> No:
>
> $ sudo ./findalldevstest
> Password:
>
>    ...
>
> ppp0
>    Loopback: no
>    Address Family: Unknown (18)
>    Address Family: AF_INET
>        Address: {censored}
>        Netmask: 255.0.0.0
>        Destination Address: {censored}
>
> utun0
>    Loopback: no
>    Address Family: Unknown (18)
>    Address Family: AF_INET6
>        Address: {censored}
>        Netmask: ffff:ffff:ffff:ffff::
>        Destination Address: {censored}
>    Address Family: AF_INET6
>        Address: {censored}
>        Netmask: ffff:ffff:ffff:ffff::
>        Destination Address: {censored}
>
> en1
>    Loopback: no
>    Address Family: Unknown (18)
>    Address Family: AF_INET6
>        Address: {censored}
>        Netmask: ffff:ffff:ffff:ffff::
>    Address Family: AF_INET
>        Address: 10.0.1.4
>        Netmask: 255.255.255.0
>        Broadcast Address: 10.0.1.255
>
> lo0
>    Loopback: yes
>    Address Family: Unknown (18)
>    Address Family: AF_INET6
>        Address: ::1
>        Netmask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
>    Address Family: AF_INET6
>        Address: fe80::1
>        Netmask: ffff:ffff:ffff:ffff::
>    Address Family: AF_INET
>        Address: 127.0.0.1
>        Netmask: 255.0.0.0
>    Address Family: AF_INET6
>        Address: fdf0:3858:d17b:6465:223:32ff:fe9e:23b6
>        Netmask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
>
> Are you checking *ALL* the addresses in the address lists for the interfaces, or just the *first* address?  
> pcap_findalldevs() doesn't return *an* address per interface, it returns a list of zero or more addresses, so you 
> have to look at all of them.
>
> > Am I do something wrong?
>
> If you're assuming that the "addresses" pointer in a pcap_if_t points to the one-and-only address for the interface, 
> yes, you're doing something wrong.
>
> > Also, any suggestions for a cross-platform means of getting a MAC address (AF_LINK).
>
> Unfortunately, it's platform-dependent.  At some pointer we'll probably have APIs in libpcap to return interface 
> information in the form of a pcap-ng Interface Description Block:
>
>    http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionidb
>
> which will be able to supply MAC addresses as well as IPv4 and IPv6 addresses.-
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.