Skip to content

open a non-existent interface should always return 'no such interface' #1560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

open a non-existent interface should always return 'no such interface' #1560

wants to merge 5 commits into from
+24 −0

Conversation

@afshin-paydar
Copy link

@afshin-paydar afshin-paydar commented Sep 23, 2025
edited
Loading

Fix interface existence check on Linux before privileged operations

When attempting to open a non-existent network interface on Linux,
libpcap would return PCAP_ERROR_PERM_DENIED instead of the correct
PCAP_ERROR_NO_SUCH_DEVICE. This occurred because the privileged
socket(PF_PACKET, SOCK_RAW, 0) call in setup_socket() would fail
with permission errors before interface validation could occur.

This fix adds an interface existence check using an unprivileged
AF_INET socket and SIOCGIFINDEX ioctl before attempting to create
the privileged packet socket. Non-existent interfaces now correctly
return PCAP_ERROR_NO_SUCH_DEVICE.

This resolves the issue where applications like tcpdump would report
"Permission denied" instead of "No such device exists" for non-existent
interfaces, breaking their fallback logic from interface names to indices.

Note: BSD/macOS platforms have the same underlying issue where BPF device
access fails with permission errors before interface validation. This
should be addressed in a separate commit.

Fixes: libpcap issue #1538
Related: tcpdump issue #1334

./tcpdump -i nonexistent
----------------------------------------
tcpdump: nonexistent: No such device exists
(No such device exists)

./tcpdump -i eth999
----------------------------------------
tcpdump: eth999: No such device exists
(No such device exists)

./tcpdump -i 000000000000008
----------------------------------------
tcpdump: Invalid adapter index 8: only 7 interfaces found

./tcpdump -i 00000000000000073
----------------------------------------
tcpdump: Invalid adapter index 73: only 7 interfaces found

@infrastation
Copy link
Member

infrastation commented Sep 23, 2025

Thank you for preparing this change. The comments that clarify the problem and the solution should be in the commit message.

infrastation
infrastation reviewed Sep 23, 2025
View reviewed changes
infrastation
infrastation reviewed Sep 23, 2025
View reviewed changes
infrastation
infrastation reviewed Sep 23, 2025
View reviewed changes
infrastation
infrastation reviewed Sep 23, 2025
View reviewed changes
@infrastation
Copy link
Member

infrastation commented Sep 23, 2025

On Linux the only proposed change is to iface_get_ts_types(), thus the "check for existence before trying a privileged operation" logic does not apply to Linux:

$ ./testprogs/activatetest 
Trying to use capture device "nosuchdevice"...
FAIL: Permission denied from pcap_activate(), retry with higher privileges.

It looks like the two proposed changes are not related and should be two different commits, each stating and solving a separate problem. Also, since pcap-linux.c already implements helper functions such as iface_get_id(), it would be easy to implement the same logic for Linux. That said, the logic increases the race condition window, which would require some attention.

This requires a bit more work before it is ready.

@afshin-paydar afshin-paydar force-pushed the non-existent-interface branch 2 times, most recently from d5797aa to 8b097c7 Compare September 24, 2025 02:01
@afshin-paydar afshin-paydar marked this pull request as draft September 24, 2025 03:25
Fix interface existence check on Linux before privileged operations
ffb13dc 
  When attempting to open a non-existent network interface on Linux,
  libpcap would return PCAP_ERROR_PERM_DENIED instead of the correct
  PCAP_ERROR_NO_SUCH_DEVICE. This occurred because the privileged
  socket(PF_PACKET, SOCK_RAW, 0) call in setup_socket() would fail
  with permission errors before interface validation could occur.

  This fix adds an interface existence check using an unprivileged
  AF_INET socket and SIOCGIFINDEX ioctl before attempting to create
  the privileged packet socket. Non-existent interfaces now correctly
  return PCAP_ERROR_NO_SUCH_DEVICE.

  This resolves the issue where applications like tcpdump would report
  "Permission denied" instead of "No such device exists" for non-existent
  interfaces, breaking their fallback logic from interface names to indices.

  Note: BSD/macOS platforms have the same underlying issue where BPF device
  access fails with permission errors before interface validation. This
  should be addressed in a separate commit.

  Fixes: libpcap issue the-tcpdump-group#1538
  Related: tcpdump issue the-tcpdump-group#1334

Signed-off-by: Afshin Paydar <afshin.paydar@deriv.com>
@afshin-paydar afshin-paydar marked this pull request as ready for review September 24, 2025 04:59
infrastation
infrastation reviewed Nov 23, 2025
View reviewed changes
infrastation
infrastation reviewed Nov 23, 2025
View reviewed changes
infrastation
infrastation requested changes Nov 23, 2025
View reviewed changes
Copy link
Member

@infrastation infrastation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As noted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@infrastation infrastation infrastation requested changes

Assignees

No one assigned

Labels

reviewed_needsrework

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@afshin-paydar @infrastation