Guy Harris wrote:
> sagun shakya wrote:
>
>> When the features mentioned above integrate into Solaris, an
>> extensible way to open DLPI links under different directories will be
>> required. The libdlpi(3LIB) library provides an interface that
>> provides an abstraction around this so that DLPI applications do not
>> need to know where the actual DLPI link is located in the filesystem.
>
> Is there an error returned by dlpi_open() that means "there is no such
> network device? If so, which error is it?
>
A bogus linkname such as "foo" returns DLPI_ELINKNAMEINVAL (invalid DLPI
linkname).
If a linkname similar to a network device like "foo2" will return
DLPI_ENOLINK (DLPI link does not exist).
> Also, is there an error that means "there is such a device, but you
> don't have permission to open it"?
In this case a DL_SYSERR is returned i.e EACCES ("Permission denied")
>
> I'd like to have libpcap be able to return special error codes for
> those two errors in pcap_activate(), rather than reporting a generic
> error indication with a text string, so the application can more
> easily determine the specific error and perhaps treat those errors
> specially - those errors are usually the result of the user mistyping
> a device name or running the program without sufficient privileges, so
> the application might want to indicate that more clearly.
>
> Speaking of sufficient privileges, at least when I last tried it, you
> could give users other than root privileges to open DLPI devices, but
> you couldn't enable promiscuous mode unless you're root - and, in
> non-promiscuous mode, you couldn't see outgoing traffic (I suppose one
> could argue that outgoing traffic isn't being sent to your machine, so
> you shouldn't see it in non-promiscuous mode - but, if you're trying
> to capture your machine's traffic, you don't have an option to do
> that; NDIS in Windows has a NDIS_PACKET_TYPE_ALL_LOCAL "filter" which
> lets you see both incoming and outgoing packets, as well as
> NDIS_PACKET_TYPE_DIRECTED to see incoming unicast packets,
> NDIS_PACKET_TYPE_MULTICAST to see incoming multicast packets the
> adapter is set up to see, NDIS_PACKET_TYPE_ALL_MULTICAST to see all
> incoming multicast packets, NDIS_PACKET_TYPE_BROADCAST to see all
> incoming broadcast packets, and NDIS_PACKET_TYPE_PROMISCUOUS to see
> all incoming packets including those not intended for the host).
>
If a user other than root is given privileges to open a DLPI device
(permission like net_rawaccess), the user would be able to capture
packtes in promiscuous mode.
-Sagun
