--- arpwatch-2.1a15-dist/arpwatch.c 2012-07-23 09:55:35.832458313 +0200
+++ arpwatch-2.1a15-new/arpwatch.c 2012-07-24 11:36:59.013953071 +0200
@@ -161,15 +161,63 @@ void dropprivileges(const char* user)
syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
}
+char *
+get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
+{
+ static char interface[IF_NAMESIZE + 1];
+ register int snaplen, timeout;
+ pcap_if_t *alldevs;
+ pcap_if_t *dev;
+ char *ret = NULL;
+
+ snaplen = max(sizeof(struct ether_header),
+ sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ timeout = 1000;
+
+ if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ (void)fprintf(stderr, "%s: lookup_device: %s\n",
+ prog, errbuf);
+ exit(1);
+ }
+
+ for (dev = alldevs; dev; dev = dev->next) {
+ strncpy(interface, dev->name, strlen(dev->name)+1);
+
+ *pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ if (*pd == NULL) {
+ syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
+ continue;
+ /* exit(1); */
+ }
+
+ *linktype = pcap_datalink(*pd);
+ /* Must be ethernet or fddi */
+ if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
+ syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
+ interface, *linktype);
+ pcap_close(*pd);
+ }
+ else {
+ /* First match, use it */
+ ret = interface;
+ break;
+ }
+
+ }
+ pcap_freealldevs(alldevs);
+ return (ret);
+}
+
int
main(int argc, char **argv)
{
register char *cp;
- register int op, pid, snaplen, timeout, linktype, status;
+ register int op, pid, status;
+ int linktype;
#ifdef TIOCNOTTY
register int fd;
#endif
- register pcap_t *pd;
+ pcap_t *pd;
register char *interface, *rfilename;
struct bpf_program code;
char errbuf[PCAP_ERRBUF_SIZE];
@@ -189,6 +237,7 @@ main(int argc, char **argv)
opterr = 0;
interface = NULL;
+ linktype = -1;
rfilename = NULL;
pd = NULL;
while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
@@ -264,11 +313,12 @@ main(int argc, char **argv)
net = 0;
netmask = 0;
} else {
+
/* Determine interface if not specified */
if (interface == NULL &&
- (interface = pcap_lookupdev(errbuf)) == NULL) {
- (void)fprintf(stderr, "%s: lookup_device: %s\n",
- prog, errbuf);
+ (interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
+ (void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ prog);
exit(1);
}
@@ -317,10 +367,6 @@ main(int argc, char **argv)
}
swapped = pcap_is_swapped(pd);
} else {
- snaplen = max(sizeof(struct ether_header),
- sizeof(struct fddi_header)) + sizeof(struct ether_arp);
- timeout = 1000;
- pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
if (pd == NULL) {
syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
exit(1);
@@ -340,14 +386,6 @@ main(int argc, char **argv)
dropprivileges( serveruser );
}
- /* Must be ethernet or fddi */
- linktype = pcap_datalink(pd);
- if (linktype != DLT_EN10MB && linktype != DLT_FDDI) {
- syslog(LOG_ERR, "Link layer type %d not ethernet or fddi",
- linktype);
- exit(1);
- }
-
/* Compile and install filter */
if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) {
syslog(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd));