From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KKxSl-0003Xi-Lo
	for qemu-devel@nongnu.org; Mon, 21 Jul 2008 11:38:11 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KKxSj-0003VE-18
	for qemu-devel@nongnu.org; Mon, 21 Jul 2008 11:38:11 -0400
Received: from [199.232.76.173] (port=58994 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KKxSi-0003V7-Tx
	for qemu-devel@nongnu.org; Mon, 21 Jul 2008 11:38:08 -0400
Received: from mail.gmx.net ([213.165.64.20]:35319)
	by monty-python.gnu.org with smtp (Exim 4.60)
	(envelope-from <herbszt@gmx.de>) id 1KKxSi-0001St-ER
	for qemu-devel@nongnu.org; Mon, 21 Jul 2008 11:38:08 -0400
Message-ID: <024801c8eb47$ac44e220$0201a8c0@zeug>
From: "Sebastian Herbszt" <herbszt@gmx.de>
References: <200807171812.41200.jkim@FreeBSD.org>
	<043901c8e8f1$6150b260$0201a8c0@zeug>
	<200807181639.49136.jkim@FreeBSD.org>
Date: Mon, 21 Jul 2008 17:35:19 +0200
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH] networking using libpcap
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jung-uk Kim <jkim@FreeBSD.org>
Cc: Juergen Lock <nox@jelal.kn-bremen.de>, qemu-devel@nongnu.org

Jung-uk Kim wrote:

>> Using pcap_setfilter helps and colinux (conet-bridged-daemon) does
>> use one too. Currently your filter is
>> "ether dst 52:54:00:12:34:56 or ((broadcast or multicast) and not
>> ether src 52:54:00:12:34:56)". The filter used by colinux is
>> "(ether dst 00:ff:81:24:00:00) or (ether broadcast or multicast) or
>> (ip broadcast or multicast)".
>>
>> The "and not ether src 52:54:00:12:34:56" part in your filter
>> prevents the VM from seeing own packets. It doesn't reply to own
>> "ping broadcast" where it does in colinux and VMware Server.
> 
> I knew that I might have missed some edge cases. ;-P Corrected and 
> enabled by default.

I noticed you removed PCAP_SET_FILTER. Could people benefit from
disabling the filter? I am not sure but it might be worth to revive
PCAP_SET_FILTER and set its default value to 1. Or if there are valid
configurations which do need the filter disabled even turn (later) it into a
"filter=off" parameter.

>> I noticed that if no ifname is passed you try to get one with
>> pcap_lookupdev. This is broken on winpcap, please see
>> http://www.winpcap.org/pipermail/winpcap-bugs/2006-May/000220.html
> 
> I don't think it is "broken" on Windows.  The OP was just saying that 
> it returns device name in wide characters on Windows.

I was more concerned with "the behaviour is in any case different from
Linux because it reports all the adapters, while pcap_lookupdev on unix
reports just the first adapter" part, but did just test it and it seems to
have been fixed since.

> In fact, both 
> tcpdump (3.9.8) and WinDump (3.9.5) seem to do the same (trimmed 
> formatting):
> 
> -----------------
> if (device == NULL) {
> device = pcap_lookupdev(ebuf);
> if (device == NULL)
> error("%s", ebuf);
> }
> #ifdef WIN32
> //we assume that an ASCII string is always longer than 1 char
> if(strlen(device) == 1)
> { //a Unicode string has a \0 as second byte (so strlen() is 1)
> fprintf(stderr, "%s: listening on %ws\n", program_name, device);
> }
> else
> {
> fprintf(stderr, "%s: listening on %s\n", program_name, device);
> }
> 
> fflush(stderr);
> #endif /* WIN32 */
> *ebuf = '\0';
> pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
> if (pd == NULL)
> error("%s", ebuf);
> else if (*ebuf)
> warning("%s", ebuf);
> -----------------
> 
> The OP had to use %ws format, not just %s, it seems.  In fact, WinPcap 
> seems to convert ASCII names to Unicode names unconditionally from 
> pcap_lookupdev():
> 
> /*
> * Windows NT (NT 4.0, W2K, WXP). Convert the names to UNICODE for 
> backward compatibility
> */

and converts those back to ASCII. pcap-win32.c pcap_create() has

 if (strlen(device) == 1)
 {
  /*
   * It's probably a unicode string
   * Convert to ascii and pass it to pcap_create_common
   *
   * This wonderful hack is needed because pcap_lookupdev still returns
   * unicode strings, and it's used by windump when no device is specified
   * in the command line
   */

>> I am not sure if pcap_lookupdev() gets you the "right" interface on
>> non-win32, so maybe just require ifname (tap does it too)?
> 
> At least, it works for me on FreeBSD. :-) Does WinDump work without 
> specifying interface name when there is only one network device?  If 
> it does, I am not going to change it.

WinDump-3.9.5.exe: listening on \Device\NPF_GenericDialupAdapter

I have more than one adapter present, but i think the above one is present
in all Windows configurations and get's returned by pcap_lookupdev() as the
first adapter. One of the correct adapaters for me would be
\Device\NPF_{E8D10154-6C93-4BB1-808F-9816E1CB076C}.

- Sebastian