pcap-snit.c revision 98530 
117683Spst/*
217683Spst * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996
317683Spst *	The Regents of the University of California.  All rights reserved.
417683Spst *
517683Spst * Redistribution and use in source and binary forms, with or without
617683Spst * modification, are permitted provided that: (1) source code distributions
717683Spst * retain the above copyright notice and this paragraph in its entirety, (2)
817683Spst * distributions including binary code include the above copyright notice and
917683Spst * this paragraph in its entirety in the documentation or other materials
1017683Spst * provided with the distribution, and (3) all advertising materials mentioning
1117683Spst * features or use of this software display the following acknowledgement:
1217683Spst * ``This product includes software developed by the University of California,
1317683Spst * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
1417683Spst * the University nor the names of its contributors may be used to endorse
1517683Spst * or promote products derived from this software without specific prior
1617683Spst * written permission.
1717683Spst * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
1817683Spst * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
1917683Spst * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
2026175Sfenner *
2117683Spst * Modifications made to accommodate the new SunOS4.0 NIT facility by
2217683Spst * Micky Liu, micky@cunixc.cc.columbia.edu, Columbia University in May, 1989.
2317683Spst * This module now handles the STREAMS based NIT.
2417683Spst */
2517683Spst
2626175Sfenner#ifndef lint
2726175Sfennerstatic const char rcsid[] =
2898530Sfenner    "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.56 2001/12/10 07:14:20 guy Exp $ (LBL)";
2926175Sfenner#endif
3026175Sfenner
3175107Sfenner#ifdef HAVE_CONFIG_H
3275107Sfenner#include "config.h"
3375107Sfenner#endif
3475107Sfenner
3517683Spst#include <sys/types.h>
3617683Spst#include <sys/time.h>
3717683Spst#include <sys/timeb.h>
3817683Spst#include <sys/dir.h>
3917683Spst#include <sys/fcntlcom.h>
4017683Spst#include <sys/file.h>
4117683Spst#include <sys/ioctl.h>
4217683Spst#include <sys/socket.h>
4317683Spst#include <sys/stropts.h>
4417683Spst
4517683Spst#include <net/if.h>
4617683Spst#include <net/nit.h>
4717683Spst#include <net/nit_if.h>
4817683Spst#include <net/nit_pf.h>
4917683Spst#include <net/nit_buf.h>
5017683Spst
5117683Spst#include <netinet/in.h>
5217683Spst#include <netinet/in_systm.h>
5317683Spst#include <netinet/ip.h>
5417683Spst#include <netinet/if_ether.h>
5517683Spst#include <netinet/ip_var.h>
5617683Spst#include <netinet/udp.h>
5717683Spst#include <netinet/udp_var.h>
5817683Spst#include <netinet/tcp.h>
5917683Spst#include <netinet/tcpip.h>
6017683Spst
6117683Spst#include <ctype.h>
6217683Spst#include <errno.h>
6317683Spst#include <stdio.h>
6417683Spst#include <string.h>
6517683Spst#include <unistd.h>
6617683Spst
6717683Spst#include "pcap-int.h"
6817683Spst
6917683Spst#ifdef HAVE_OS_PROTO_H
7017683Spst#include "os-proto.h"
7117683Spst#endif
7217683Spst
7317683Spst/*
7417683Spst * The chunk size for NIT.  This is the amount of buffering
7517683Spst * done for read calls.
7617683Spst */
7717683Spst#define CHUNKSIZE (2*1024)
7817683Spst
7917683Spst/*
8017683Spst * The total buffer space used by NIT.
8117683Spst */
8217683Spst#define BUFSPACE (4*CHUNKSIZE)
8317683Spst
8417683Spst/* Forwards */
8517683Spststatic int nit_setflags(int, int, int, char *);
8617683Spst
8717683Spstint
8817683Spstpcap_stats(pcap_t *p, struct pcap_stat *ps)
8917683Spst{
9017683Spst
9198530Sfenner	/*
9298530Sfenner	 * "ps_recv" counts packets handed to the filter, not packets
9398530Sfenner	 * that passed the filter.  As filtering is done in userland,
9498530Sfenner	 * this does not include packets dropped because we ran out
9598530Sfenner	 * of buffer space.
9698530Sfenner	 *
9798530Sfenner	 * "ps_drop" counts packets dropped inside the "/dev/nit"
9898530Sfenner	 * device because of flow control requirements or resource
9998530Sfenner	 * exhaustion; it doesn't count packets dropped by the
10098530Sfenner	 * interface driver, or packets dropped upstream.  As filtering
10198530Sfenner	 * is done in userland, it counts packets regardless of whether
10298530Sfenner	 * they would've passed the filter.
10398530Sfenner	 *
10498530Sfenner	 * These statistics don't include packets not yet read from the
10598530Sfenner	 * kernel by libpcap or packets not yet read from libpcap by the
10698530Sfenner	 * application.
10798530Sfenner	 */
10817683Spst	*ps = p->md.stat;
10917683Spst	return (0);
11017683Spst}
11117683Spst
11217683Spstint
11317683Spstpcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
11417683Spst{
11517683Spst	register int cc, n;
11617683Spst	register struct bpf_insn *fcode = p->fcode.bf_insns;
11717683Spst	register u_char *bp, *cp, *ep;
11817683Spst	register struct nit_bufhdr *hdrp;
11917683Spst	register struct nit_iftime *ntp;
12017683Spst	register struct nit_iflen *nlp;
12117683Spst	register struct nit_ifdrops *ndp;
12217683Spst	register int caplen;
12317683Spst
12417683Spst	cc = p->cc;
12517683Spst	if (cc == 0) {
12617683Spst		cc = read(p->fd, (char *)p->buffer, p->bufsize);
12717683Spst		if (cc < 0) {
12817683Spst			if (errno == EWOULDBLOCK)
12917683Spst				return (0);
13075107Sfenner			snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s",
13117683Spst				pcap_strerror(errno));
13217683Spst			return (-1);
13317683Spst		}
13417683Spst		bp = p->buffer;
13517683Spst	} else
13617683Spst		bp = p->bp;
13717683Spst
13817683Spst	/*
13917683Spst	 * loop through each snapshot in the chunk
14017683Spst	 */
14117683Spst	n = 0;
14217683Spst	ep = bp + cc;
14317683Spst	while (bp < ep) {
14417683Spst		++p->md.stat.ps_recv;
14517683Spst		cp = bp;
14617683Spst
14717683Spst		/* get past NIT buffer  */
14817683Spst		hdrp = (struct nit_bufhdr *)cp;
14917683Spst		cp += sizeof(*hdrp);
15017683Spst
15117683Spst		/* get past NIT timer   */
15217683Spst		ntp = (struct nit_iftime *)cp;
15317683Spst		cp += sizeof(*ntp);
15417683Spst
15517683Spst		ndp = (struct nit_ifdrops *)cp;
15617683Spst		p->md.stat.ps_drop = ndp->nh_drops;
15717683Spst		cp += sizeof *ndp;
15817683Spst
15917683Spst		/* get past packet len  */
16017683Spst		nlp = (struct nit_iflen *)cp;
16117683Spst		cp += sizeof(*nlp);
16217683Spst
16317683Spst		/* next snapshot        */
16417683Spst		bp += hdrp->nhb_totlen;
16517683Spst
16617683Spst		caplen = nlp->nh_pktlen;
16717683Spst		if (caplen > p->snapshot)
16817683Spst			caplen = p->snapshot;
16917683Spst
17017683Spst		if (bpf_filter(fcode, cp, nlp->nh_pktlen, caplen)) {
17117683Spst			struct pcap_pkthdr h;
17217683Spst			h.ts = ntp->nh_timestamp;
17317683Spst			h.len = nlp->nh_pktlen;
17417683Spst			h.caplen = caplen;
17517683Spst			(*callback)(user, &h, cp);
17617683Spst			if (++n >= cnt && cnt >= 0) {
17717683Spst				p->cc = ep - bp;
17817683Spst				p->bp = bp;
17917683Spst				return (n);
18017683Spst			}
18117683Spst		}
18217683Spst	}
18317683Spst	p->cc = 0;
18417683Spst	return (n);
18517683Spst}
18617683Spst
18717683Spststatic int
18817683Spstnit_setflags(int fd, int promisc, int to_ms, char *ebuf)
18917683Spst{
19017683Spst	bpf_u_int32 flags;
19117683Spst	struct strioctl si;
19217683Spst	struct timeval timeout;
19317683Spst
19417683Spst	si.ic_timout = INFTIM;
19517683Spst	if (to_ms != 0) {
19617683Spst		timeout.tv_sec = to_ms / 1000;
19717683Spst		timeout.tv_usec = (to_ms * 1000) % 1000000;
19817683Spst		si.ic_cmd = NIOCSTIME;
19917683Spst		si.ic_len = sizeof(timeout);
20017683Spst		si.ic_dp = (char *)&timeout;
20117683Spst		if (ioctl(fd, I_STR, (char *)&si) < 0) {
20275107Sfenner			snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSTIME: %s",
20375107Sfenner			    pcap_strerror(errno));
20417683Spst			return (-1);
20517683Spst		}
20617683Spst	}
20717683Spst	flags = NI_TIMESTAMP | NI_LEN | NI_DROPS;
20817683Spst	if (promisc)
20917683Spst		flags |= NI_PROMISC;
21017683Spst	si.ic_cmd = NIOCSFLAGS;
21117683Spst	si.ic_len = sizeof(flags);
21217683Spst	si.ic_dp = (char *)&flags;
21317683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
21475107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSFLAGS: %s",
21575107Sfenner		    pcap_strerror(errno));
21617683Spst		return (-1);
21717683Spst	}
21817683Spst	return (0);
21917683Spst}
22017683Spst
22117683Spstpcap_t *
22217683Spstpcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
22317683Spst{
22417683Spst	struct strioctl si;		/* struct for ioctl() */
22517683Spst	struct ifreq ifr;		/* interface request struct */
22617683Spst	int chunksize = CHUNKSIZE;
22717683Spst	int fd;
22817683Spst	static char dev[] = "/dev/nit";
22917683Spst	register pcap_t *p;
23017683Spst
23117683Spst	p = (pcap_t *)malloc(sizeof(*p));
23217683Spst	if (p == NULL) {
23375107Sfenner		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
23417683Spst		return (NULL);
23517683Spst	}
23617683Spst
23717683Spst	if (snaplen < 96)
23817683Spst		/*
23917683Spst		 * NIT requires a snapshot length of at least 96.
24017683Spst		 */
24117683Spst		snaplen = 96;
24217683Spst
24375107Sfenner	memset(p, 0, sizeof(*p));
24417683Spst	p->fd = fd = open(dev, O_RDONLY);
24517683Spst	if (fd < 0) {
24675107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dev,
24775107Sfenner		    pcap_strerror(errno));
24817683Spst		goto bad;
24917683Spst	}
25017683Spst
25117683Spst	/* arrange to get discrete messages from the STREAM and use NIT_BUF */
25217683Spst	if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) {
25375107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s",
25475107Sfenner		    pcap_strerror(errno));
25517683Spst		goto bad;
25617683Spst	}
25717683Spst	if (ioctl(fd, I_PUSH, "nbuf") < 0) {
25875107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "push nbuf: %s",
25975107Sfenner		    pcap_strerror(errno));
26017683Spst		goto bad;
26117683Spst	}
26217683Spst	/* set the chunksize */
26317683Spst	si.ic_cmd = NIOCSCHUNK;
26417683Spst	si.ic_timout = INFTIM;
26517683Spst	si.ic_len = sizeof(chunksize);
26617683Spst	si.ic_dp = (char *)&chunksize;
26717683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
26875107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s",
26975107Sfenner		    pcap_strerror(errno));
27017683Spst		goto bad;
27117683Spst	}
27217683Spst
27317683Spst	/* request the interface */
27417683Spst	strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));
27517683Spst	ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = ' ';
27617683Spst	si.ic_cmd = NIOCBIND;
27717683Spst	si.ic_len = sizeof(ifr);
27817683Spst	si.ic_dp = (char *)&ifr;
27917683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
28075107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s",
28117683Spst			ifr.ifr_name, pcap_strerror(errno));
28217683Spst		goto bad;
28317683Spst	}
28417683Spst
28517683Spst	/* set the snapshot length */
28617683Spst	si.ic_cmd = NIOCSSNAP;
28717683Spst	si.ic_len = sizeof(snaplen);
28817683Spst	si.ic_dp = (char *)&snaplen;
28917683Spst	if (ioctl(fd, I_STR, (char *)&si) < 0) {
29075107Sfenner		snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s",
29175107Sfenner		    pcap_strerror(errno));
29217683Spst		goto bad;
29317683Spst	}
29417683Spst	p->snapshot = snaplen;
29517683Spst	if (nit_setflags(p->fd, promisc, to_ms, ebuf) < 0)
29617683Spst		goto bad;
29717683Spst
29817683Spst	(void)ioctl(fd, I_FLUSH, (char *)FLUSHR);
29917683Spst	/*
30017683Spst	 * NIT supports only ethernets.
30117683Spst	 */
30217683Spst	p->linktype = DLT_EN10MB;
30317683Spst
30417683Spst	p->bufsize = BUFSPACE;
30517683Spst	p->buffer = (u_char *)malloc(p->bufsize);
30617683Spst	if (p->buffer == NULL) {
30775107Sfenner		strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE);
30817683Spst		goto bad;
30917683Spst	}
31017683Spst	return (p);
31117683Spst bad:
31217683Spst	if (fd >= 0)
31317683Spst		close(fd);
31417683Spst	free(p);
31517683Spst	return (NULL);
31617683Spst}
31717683Spst
31817683Spstint
31917683Spstpcap_setfilter(pcap_t *p, struct bpf_program *fp)
32017683Spst{
32117683Spst
32275107Sfenner	if (install_bpf_program(p, fp) < 0)
32375107Sfenner		return (-1);
32417683Spst	return (0);
32517683Spst}
326