1/* 2 * Copyright (c) 2006 Paolo Abeni (Italy) 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote 15 * products derived from this software without specific prior written 16 * permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 * 30 * USB sniffing API implementation for Linux platform 31 * By Paolo Abeni <paolo.abeni@email.it> 32 * Modifications: Kris Katterjohn <katterjohn@gmail.com> 33 * 34 */ 35 36#ifdef HAVE_CONFIG_H 37#include <config.h> 38#endif 39 40#include "pcap-int.h" 41#include "pcap-usb-linux.h" 42#include "pcap/usb.h" 43 44#ifdef NEED_STRERROR_H 45#include "strerror.h" 46#endif 47 48#include <ctype.h> 49#include <errno.h> 50#include <stdlib.h> 51#include <unistd.h> 52#include <fcntl.h> 53#include <limits.h> 54#include <string.h> 55#include <dirent.h> 56#include <byteswap.h> 57#include <netinet/in.h> 58#include <sys/ioctl.h> 59#include <sys/mman.h> 60#include <sys/utsname.h> 61#ifdef HAVE_LINUX_USBDEVICE_FS_H 62/* 63 * We might need <linux/compiler.h> to define __user for 64 * <linux/usbdevice_fs.h>. 65 */ 66#ifdef HAVE_LINUX_COMPILER_H 67#include <linux/compiler.h> 68#endif /* HAVE_LINUX_COMPILER_H */ 69#include <linux/usbdevice_fs.h> 70#endif /* HAVE_LINUX_USBDEVICE_FS_H */ 71 72#define USB_IFACE "usbmon" 73#define USB_TEXT_DIR_OLD "/sys/kernel/debug/usbmon" 74#define USB_TEXT_DIR "/sys/kernel/debug/usb/usbmon" 75#define SYS_USB_BUS_DIR "/sys/bus/usb/devices" 76#define PROC_USB_BUS_DIR "/proc/bus/usb" 77#define USB_LINE_LEN 4096 78 79#if __BYTE_ORDER == __LITTLE_ENDIAN 80#define htols(s) s 81#define htoll(l) l 82#define htol64(ll) ll 83#else 84#define htols(s) bswap_16(s) 85#define htoll(l) bswap_32(l) 86#define htol64(ll) bswap_64(ll) 87#endif 88 89struct mon_bin_stats { 90 uint32_t queued; 91 uint32_t dropped; 92}; 93 94struct mon_bin_get { 95 pcap_usb_header *hdr; 96 void *data; 97 size_t data_len; /* Length of data (can be zero) */ 98}; 99 100struct mon_bin_mfetch { 101 int32_t *offvec; /* Vector of events fetched */ 102 int32_t nfetch; /* Number of events to fetch (out: fetched) */ 103 int32_t nflush; /* Number of events to flush */ 104}; 105 106#define MON_IOC_MAGIC 0x92 107 108#define MON_IOCQ_URB_LEN _IO(MON_IOC_MAGIC, 1) 109#define MON_IOCX_URB _IOWR(MON_IOC_MAGIC, 2, struct mon_bin_hdr) 110#define MON_IOCG_STATS _IOR(MON_IOC_MAGIC, 3, struct mon_bin_stats) 111#define MON_IOCT_RING_SIZE _IO(MON_IOC_MAGIC, 4) 112#define MON_IOCQ_RING_SIZE _IO(MON_IOC_MAGIC, 5) 113#define MON_IOCX_GET _IOW(MON_IOC_MAGIC, 6, struct mon_bin_get) 114#define MON_IOCX_MFETCH _IOWR(MON_IOC_MAGIC, 7, struct mon_bin_mfetch) 115#define MON_IOCH_MFLUSH _IO(MON_IOC_MAGIC, 8) 116 117#define MON_BIN_SETUP 0x1 /* setup hdr is present*/ 118#define MON_BIN_SETUP_ZERO 0x2 /* setup buffer is not available */ 119#define MON_BIN_DATA_ZERO 0x4 /* data buffer is not available */ 120#define MON_BIN_ERROR 0x8 121 122/* 123 * Private data for capturing on Linux USB. 124 */ 125struct pcap_usb_linux { 126 u_char *mmapbuf; /* memory-mapped region pointer */ 127 size_t mmapbuflen; /* size of region */ 128 int bus_index; 129 u_int packets_read; 130}; 131 132/* forward declaration */ 133static int usb_activate(pcap_t *); 134static int usb_stats_linux(pcap_t *, struct pcap_stat *); 135static int usb_stats_linux_bin(pcap_t *, struct pcap_stat *); 136static int usb_read_linux(pcap_t *, int , pcap_handler , u_char *); 137static int usb_read_linux_bin(pcap_t *, int , pcap_handler , u_char *); 138static int usb_read_linux_mmap(pcap_t *, int , pcap_handler , u_char *); 139static int usb_inject_linux(pcap_t *, const void *, size_t); 140static int usb_setdirection_linux(pcap_t *, pcap_direction_t); 141static void usb_cleanup_linux_mmap(pcap_t *); 142 143static int 144have_binary_usbmon(void) 145{ 146 struct utsname utsname; 147 char *version_component, *endp; 148 int major, minor, subminor; 149 150 if (uname(&utsname) == 0) { 151 /* 152 * 2.6.21 is the first release with the binary-mode 153 * USB monitoring. 154 */ 155 version_component = utsname.release; 156 major = strtol(version_component, &endp, 10); 157 if (endp != version_component && *endp == '.') { 158 /* 159 * OK, that was a valid major version. 160 * Is it 3 or greater? If so, we have binary 161 * mode support. 162 */ 163 if (major >= 3) 164 return 1; 165 166 /* 167 * Is it 1 or less? If so, we don't have binary 168 * mode support. (In fact, we don't have any 169 * USB monitoring....) 170 */ 171 if (major <= 1) 172 return 0; 173 } 174 175 /* 176 * OK, this is a 2.x kernel. 177 * What's the minor version? 178 */ 179 version_component = endp + 1; 180 minor = strtol(version_component, &endp, 10); 181 if (endp != version_component && 182 (*endp == '.' || *endp == '\0')) { 183 /* 184 * OK, that was a valid minor version. 185 * Is is 2.6 or later? (There shouldn't be a 186 * "later", as 2.6.x went to 3.x, but we'll 187 * check anyway.) 188 */ 189 if (minor < 6) { 190 /* 191 * No, so no binary support (did 2.4 have 192 * any USB monitoring at all?) 193 */ 194 return 0; 195 } 196 197 /* 198 * OK, this is a 2.6.x kernel. 199 * What's the subminor version? 200 */ 201 version_component = endp + 1; 202 subminor = strtol(version_component, &endp, 10); 203 if (endp != version_component && 204 (*endp == '.' || *endp == '\0')) { 205 /* 206 * OK, that was a valid subminor version. 207 * Is it 21 or greater? 208 */ 209 if (subminor >= 21) { 210 /* 211 * Yes - we have binary mode 212 * support. 213 */ 214 return 1; 215 } 216 } 217 } 218 } 219 220 /* 221 * Either uname() failed, in which case we just say "no binary 222 * mode support", or we don't have binary mode support. 223 */ 224 return 0; 225} 226 227/* facility to add an USB device to the device list*/ 228static int 229usb_dev_add(pcap_if_list_t *devlistp, int n, char *err_str) 230{ 231 char dev_name[10]; 232 char dev_descr[30]; 233 pcap_snprintf(dev_name, 10, USB_IFACE"%d", n); 234 /* 235 * XXX - is there any notion of "up" and "running"? 236 */ 237 if (n == 0) { 238 /* 239 * As this refers to all buses, there's no notion of 240 * "connected" vs. "disconnected", as that's a property 241 * that would apply to a particular USB interface. 242 */ 243 if (add_dev(devlistp, dev_name, 244 PCAP_IF_CONNECTION_STATUS_NOT_APPLICABLE, 245 "Raw USB traffic, all USB buses", err_str) == NULL) 246 return -1; 247 } else { 248 /* 249 * XXX - is there a way to determine whether anything's 250 * plugged into this bus interface or not, and set 251 * PCAP_IF_CONNECTION_STATUS_CONNECTED or 252 * PCAP_IF_CONNECTION_STATUS_DISCONNECTED? 253 */ 254 pcap_snprintf(dev_descr, 30, "Raw USB traffic, bus number %d", n); 255 if (add_dev(devlistp, dev_name, 0, dev_descr, err_str) == NULL) 256 return -1; 257 } 258 259 return 0; 260} 261 262int 263usb_findalldevs(pcap_if_list_t *devlistp, char *err_str) 264{ 265 char usb_mon_dir[PATH_MAX]; 266 char *usb_mon_prefix; 267 size_t usb_mon_prefix_len; 268 struct dirent* data; 269 int ret = 0; 270 DIR* dir; 271 int n; 272 char* name; 273 size_t len; 274 275 if (have_binary_usbmon()) { 276 /* 277 * We have binary-mode support. 278 * What do the device names look like? 279 * Split LINUX_USB_MON_DEV into a directory that we'll 280 * scan and a file name prefix that we'll check for. 281 */ 282 pcap_strlcpy(usb_mon_dir, LINUX_USB_MON_DEV, sizeof usb_mon_dir); 283 usb_mon_prefix = strrchr(usb_mon_dir, '/'); 284 if (usb_mon_prefix == NULL) { 285 /* 286 * This "shouldn't happen". Just give up if it 287 * does. 288 */ 289 return 0; 290 } 291 *usb_mon_prefix++ = '\0'; 292 usb_mon_prefix_len = strlen(usb_mon_prefix); 293 294 /* 295 * Open the directory and scan it. 296 */ 297 dir = opendir(usb_mon_dir); 298 if (dir != NULL) { 299 while ((ret == 0) && ((data = readdir(dir)) != 0)) { 300 name = data->d_name; 301 302 /* 303 * Is this a usbmon device? 304 */ 305 if (strncmp(name, usb_mon_prefix, usb_mon_prefix_len) != 0) 306 continue; /* no */ 307 308 /* 309 * What's the device number? 310 */ 311 if (sscanf(&name[usb_mon_prefix_len], "%d", &n) == 0) 312 continue; /* failed */ 313 314 ret = usb_dev_add(devlistp, n, err_str); 315 } 316 317 closedir(dir); 318 } 319 return 0; 320 } else { 321 /* 322 * We have only text mode support. 323 * We don't look for the text devices because we can't 324 * look for them without root privileges, and we don't 325 * want to require root privileges to enumerate devices 326 * (we want to let the user to try a device and get 327 * an error, rather than seeing no devices and asking 328 * "why am I not seeing devices" and forcing a long 329 * process of poking to figure out whether it's "no 330 * privileges" or "your kernel is too old" or "the 331 * usbmon module isn't loaded" or...). 332 * 333 * Instead, we look to see what buses we have. 334 * If the kernel is so old that it doesn't have 335 * binary-mode support, it's also so old that 336 * it doesn't have a "scan all buses" device. 337 * 338 * First, try scanning sysfs USB bus directory. 339 */ 340 dir = opendir(SYS_USB_BUS_DIR); 341 if (dir != NULL) { 342 while ((ret == 0) && ((data = readdir(dir)) != 0)) { 343 name = data->d_name; 344 345 if (strncmp(name, "usb", 3) != 0) 346 continue; 347 348 if (sscanf(&name[3], "%d", &n) == 0) 349 continue; 350 351 ret = usb_dev_add(devlistp, n, err_str); 352 } 353 354 closedir(dir); 355 return 0; 356 } 357 358 /* That didn't work; try scanning procfs USB bus directory. */ 359 dir = opendir(PROC_USB_BUS_DIR); 360 if (dir != NULL) { 361 while ((ret == 0) && ((data = readdir(dir)) != 0)) { 362 name = data->d_name; 363 len = strlen(name); 364 365 /* if this file name does not end with a number it's not of our interest */ 366 if ((len < 1) || !isdigit(name[--len])) 367 continue; 368 while (isdigit(name[--len])); 369 if (sscanf(&name[len+1], "%d", &n) != 1) 370 continue; 371 372 ret = usb_dev_add(devlistp, n, err_str); 373 } 374 375 closedir(dir); 376 return ret; 377 } 378 379 /* neither of them worked */ 380 return 0; 381 } 382} 383 384/* 385 * Matches what's in mon_bin.c in the Linux kernel. 386 */ 387#define MIN_RING_SIZE (8*1024) 388#define MAX_RING_SIZE (1200*1024) 389 390static int 391usb_set_ring_size(pcap_t* handle, int header_size) 392{ 393 /* 394 * A packet from binary usbmon has: 395 * 396 * 1) a fixed-length header, of size header_size; 397 * 2) descriptors, for isochronous transfers; 398 * 3) the payload. 399 * 400 * The kernel buffer has a size, defaulting to 300KB, with a 401 * minimum of 8KB and a maximum of 1200KB. The size is set with 402 * the MON_IOCT_RING_SIZE ioctl; the size passed in is rounded up 403 * to a page size. 404 * 405 * No more than {buffer size}/5 bytes worth of payload is saved. 406 * Therefore, if we subtract the fixed-length size from the 407 * snapshot length, we have the biggest payload we want (we 408 * don't worry about the descriptors - if we have descriptors, 409 * we'll just discard the last bit of the payload to get it 410 * to fit). We multiply that result by 5 and set the buffer 411 * size to that value. 412 */ 413 int ring_size; 414 415 if (handle->snapshot < header_size) 416 handle->snapshot = header_size; 417 /* The maximum snapshot size is small enough that this won't overflow */ 418 ring_size = (handle->snapshot - header_size) * 5; 419 420 /* 421 * Will this get an error? 422 * (There's no wqy to query the minimum or maximum, so we just 423 * copy the value from the kernel source. We don't round it 424 * up to a multiple of the page size.) 425 */ 426 if (ring_size > MAX_RING_SIZE) { 427 /* 428 * Yes. Lower the ring size to the maximum, and set the 429 * snapshot length to the value that would give us a 430 * maximum-size ring. 431 */ 432 ring_size = MAX_RING_SIZE; 433 handle->snapshot = header_size + (MAX_RING_SIZE/5); 434 } else if (ring_size < MIN_RING_SIZE) { 435 /* 436 * Yes. Raise the ring size to the minimum, but leave 437 * the snapshot length unchanged, so we show the 438 * callback no more data than specified by the 439 * snapshot length. 440 */ 441 ring_size = MIN_RING_SIZE; 442 } 443 444 if (ioctl(handle->fd, MON_IOCT_RING_SIZE, ring_size) == -1) { 445 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 446 errno, "Can't set ring size from fd %d", handle->fd); 447 return -1; 448 } 449 return ring_size; 450} 451 452static 453int usb_mmap(pcap_t* handle) 454{ 455 struct pcap_usb_linux *handlep = handle->priv; 456 int len; 457 458 /* 459 * Attempt to set the ring size as appropriate for the snapshot 460 * length, reducing the snapshot length if that'd make the ring 461 * bigger than the kernel supports. 462 */ 463 len = usb_set_ring_size(handle, (int)sizeof(pcap_usb_header_mmapped)); 464 if (len == -1) { 465 /* Failed. Fall back on non-memory-mapped access. */ 466 return 0; 467 } 468 469 handlep->mmapbuflen = len; 470 handlep->mmapbuf = mmap(0, handlep->mmapbuflen, PROT_READ, 471 MAP_SHARED, handle->fd, 0); 472 if (handlep->mmapbuf == MAP_FAILED) { 473 /* 474 * Failed. We don't treat that as a fatal error, we 475 * just try to fall back on non-memory-mapped access. 476 */ 477 return 0; 478 } 479 return 1; 480} 481 482#ifdef HAVE_LINUX_USBDEVICE_FS_H 483 484#define CTRL_TIMEOUT (5*1000) /* milliseconds */ 485 486#define USB_DIR_IN 0x80 487#define USB_TYPE_STANDARD 0x00 488#define USB_RECIP_DEVICE 0x00 489 490#define USB_REQ_GET_DESCRIPTOR 6 491 492#define USB_DT_DEVICE 1 493 494/* probe the descriptors of the devices attached to the bus */ 495/* the descriptors will end up in the captured packet stream */ 496/* and be decoded by external apps like wireshark */ 497/* without these identifying probes packet data can't be fully decoded */ 498static void 499probe_devices(int bus) 500{ 501 struct usbdevfs_ctrltransfer ctrl; 502 struct dirent* data; 503 int ret = 0; 504 char buf[sizeof("/dev/bus/usb/000/") + NAME_MAX]; 505 DIR* dir; 506 507 /* scan usb bus directories for device nodes */ 508 pcap_snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d", bus); 509 dir = opendir(buf); 510 if (!dir) 511 return; 512 513 while ((ret >= 0) && ((data = readdir(dir)) != 0)) { 514 int fd; 515 char* name = data->d_name; 516 517 if (name[0] == '.') 518 continue; 519 520 pcap_snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d/%s", bus, data->d_name); 521 522 fd = open(buf, O_RDWR); 523 if (fd == -1) 524 continue; 525 526 /* 527 * Sigh. Different kernels have different member names 528 * for this structure. 529 */ 530#ifdef HAVE_STRUCT_USBDEVFS_CTRLTRANSFER_BREQUESTTYPE 531 ctrl.bRequestType = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE; 532 ctrl.bRequest = USB_REQ_GET_DESCRIPTOR; 533 ctrl.wValue = USB_DT_DEVICE << 8; 534 ctrl.wIndex = 0; 535 ctrl.wLength = sizeof(buf); 536#else 537 ctrl.requesttype = USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE; 538 ctrl.request = USB_REQ_GET_DESCRIPTOR; 539 ctrl.value = USB_DT_DEVICE << 8; 540 ctrl.index = 0; 541 ctrl.length = sizeof(buf); 542#endif 543 ctrl.data = buf; 544 ctrl.timeout = CTRL_TIMEOUT; 545 546 ret = ioctl(fd, USBDEVFS_CONTROL, &ctrl); 547 548 close(fd); 549 } 550 closedir(dir); 551} 552#endif /* HAVE_LINUX_USBDEVICE_FS_H */ 553 554pcap_t * 555usb_create(const char *device, char *ebuf, int *is_ours) 556{ 557 const char *cp; 558 char *cpend; 559 long devnum; 560 pcap_t *p; 561 562 /* Does this look like a USB monitoring device? */ 563 cp = strrchr(device, '/'); 564 if (cp == NULL) 565 cp = device; 566 /* Does it begin with USB_IFACE? */ 567 if (strncmp(cp, USB_IFACE, sizeof USB_IFACE - 1) != 0) { 568 /* Nope, doesn't begin with USB_IFACE */ 569 *is_ours = 0; 570 return NULL; 571 } 572 /* Yes - is USB_IFACE followed by a number? */ 573 cp += sizeof USB_IFACE - 1; 574 devnum = strtol(cp, &cpend, 10); 575 if (cpend == cp || *cpend != '\0') { 576 /* Not followed by a number. */ 577 *is_ours = 0; 578 return NULL; 579 } 580 if (devnum < 0) { 581 /* Followed by a non-valid number. */ 582 *is_ours = 0; 583 return NULL; 584 } 585 586 /* OK, it's probably ours. */ 587 *is_ours = 1; 588 589 p = pcap_create_common(ebuf, sizeof (struct pcap_usb_linux)); 590 if (p == NULL) 591 return (NULL); 592 593 p->activate_op = usb_activate; 594 return (p); 595} 596 597static int 598usb_activate(pcap_t* handle) 599{ 600 struct pcap_usb_linux *handlep = handle->priv; 601 char full_path[USB_LINE_LEN]; 602 int ret; 603 604 /* 605 * Turn a negative snapshot value (invalid), a snapshot value of 606 * 0 (unspecified), or a value bigger than the normal maximum 607 * value, into the maximum allowed value. 608 * 609 * If some application really *needs* a bigger snapshot 610 * length, we should just increase MAXIMUM_SNAPLEN. 611 */ 612 if (handle->snapshot <= 0 || handle->snapshot > MAXIMUM_SNAPLEN) 613 handle->snapshot = MAXIMUM_SNAPLEN; 614 615 /* Initialize some components of the pcap structure. */ 616 handle->bufsize = handle->snapshot; 617 handle->offset = 0; 618 handle->linktype = DLT_USB_LINUX; 619 620 handle->inject_op = usb_inject_linux; 621 handle->setfilter_op = install_bpf_program; /* no kernel filtering */ 622 handle->setdirection_op = usb_setdirection_linux; 623 handle->set_datalink_op = NULL; /* can't change data link type */ 624 handle->getnonblock_op = pcap_getnonblock_fd; 625 handle->setnonblock_op = pcap_setnonblock_fd; 626 627 /*get usb bus index from device name */ 628 if (sscanf(handle->opt.device, USB_IFACE"%d", &handlep->bus_index) != 1) 629 { 630 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 631 "Can't get USB bus index from %s", handle->opt.device); 632 return PCAP_ERROR; 633 } 634 635 if (have_binary_usbmon()) 636 { 637 /* 638 * We have binary-mode support. 639 * Try to open the binary interface. 640 */ 641 pcap_snprintf(full_path, USB_LINE_LEN, LINUX_USB_MON_DEV"%d", handlep->bus_index); 642 handle->fd = open(full_path, O_RDONLY, 0); 643 if (handle->fd < 0) 644 { 645 /* 646 * The attempt failed; why? 647 */ 648 switch (errno) { 649 650 case ENOENT: 651 /* 652 * The device doesn't exist. 653 * That could either mean that there's 654 * no support for monitoring USB buses 655 * (which probably means "the usbmon 656 * module isn't loaded") or that there 657 * is but that *particular* device 658 * doesn't exist (no "scan all buses" 659 * device if the bus index is 0, no 660 * such bus if the bus index isn't 0). 661 */ 662 return PCAP_ERROR_NO_SUCH_DEVICE; 663 664 case EACCES: 665 /* 666 * We didn't have permission to open it. 667 */ 668 return PCAP_ERROR_PERM_DENIED; 669 670 default: 671 /* 672 * Something went wrong. 673 */ 674 pcap_fmt_errmsg_for_errno(handle->errbuf, 675 PCAP_ERRBUF_SIZE, errno, 676 "Can't open USB bus file %s", full_path); 677 return PCAP_ERROR; 678 } 679 } 680 681 if (handle->opt.rfmon) 682 { 683 /* 684 * Monitor mode doesn't apply to USB devices. 685 */ 686 close(handle->fd); 687 return PCAP_ERROR_RFMON_NOTSUP; 688 } 689 690 /* try to use fast mmap access */ 691 if (usb_mmap(handle)) 692 { 693 /* We succeeded. */ 694 handle->linktype = DLT_USB_LINUX_MMAPPED; 695 handle->stats_op = usb_stats_linux_bin; 696 handle->read_op = usb_read_linux_mmap; 697 handle->cleanup_op = usb_cleanup_linux_mmap; 698#ifdef HAVE_LINUX_USBDEVICE_FS_H 699 probe_devices(handlep->bus_index); 700#endif 701 702 /* 703 * "handle->fd" is a real file, so 704 * "select()" and "poll()" work on it. 705 */ 706 handle->selectable_fd = handle->fd; 707 return 0; 708 } 709 710 /* 711 * We failed; try plain binary interface access. 712 * 713 * Attempt to set the ring size as appropriate for 714 * the snapshot length, reducing the snapshot length 715 * if that'd make the ring bigger than the kernel 716 * supports. 717 */ 718 if (usb_set_ring_size(handle, (int)sizeof(pcap_usb_header)) == -1) { 719 /* Failed. */ 720 close(handle->fd); 721 return PCAP_ERROR; 722 } 723 handle->stats_op = usb_stats_linux_bin; 724 handle->read_op = usb_read_linux_bin; 725#ifdef HAVE_LINUX_USBDEVICE_FS_H 726 probe_devices(handlep->bus_index); 727#endif 728 } 729 else { 730 /* 731 * We don't have binary mode support. 732 * Try opening the text-mode device. 733 */ 734 pcap_snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR"/%dt", handlep->bus_index); 735 handle->fd = open(full_path, O_RDONLY, 0); 736 if (handle->fd < 0) 737 { 738 if (errno == ENOENT) 739 { 740 /* 741 * Not found at the new location; try 742 * the old location. 743 */ 744 pcap_snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%dt", handlep->bus_index); 745 handle->fd = open(full_path, O_RDONLY, 0); 746 } 747 if (handle->fd < 0) { 748 if (errno == ENOENT) 749 { 750 /* 751 * The problem is that the file 752 * doesn't exist. Report that as 753 * "no such device". (That could 754 * mean "no such USB bus" or 755 * "monitoring not supported".) 756 */ 757 ret = PCAP_ERROR_NO_SUCH_DEVICE; 758 } 759 else if (errno == EACCES) 760 { 761 /* 762 * The problem is that we don't 763 * have sufficient permission to 764 * open the file. Report that. 765 */ 766 ret = PCAP_ERROR_PERM_DENIED; 767 } 768 else 769 { 770 /* 771 * Some other error. 772 */ 773 ret = PCAP_ERROR; 774 } 775 pcap_fmt_errmsg_for_errno(handle->errbuf, 776 PCAP_ERRBUF_SIZE, errno, 777 "Can't open USB bus file %s", 778 full_path); 779 return ret; 780 } 781 } 782 783 if (handle->opt.rfmon) 784 { 785 /* 786 * Monitor mode doesn't apply to USB devices. 787 */ 788 close(handle->fd); 789 return PCAP_ERROR_RFMON_NOTSUP; 790 } 791 792 handle->stats_op = usb_stats_linux; 793 handle->read_op = usb_read_linux; 794 } 795 796 /* 797 * "handle->fd" is a real file, so "select()" and "poll()" 798 * work on it. 799 */ 800 handle->selectable_fd = handle->fd; 801 802 /* for plain binary access and text access we need to allocate the read 803 * buffer */ 804 handle->buffer = malloc(handle->bufsize); 805 if (!handle->buffer) { 806 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 807 errno, "malloc"); 808 close(handle->fd); 809 return PCAP_ERROR; 810 } 811 return 0; 812} 813 814static inline int 815ascii_to_int(char c) 816{ 817 return c < 'A' ? c- '0': ((c<'a') ? c - 'A' + 10: c-'a'+10); 818} 819 820/* 821 * see <linux-kernel-source>/Documentation/usb/usbmon.txt and 822 * <linux-kernel-source>/drivers/usb/mon/mon_text.c for urb string 823 * format description 824 */ 825static int 826usb_read_linux(pcap_t *handle, int max_packets _U_, pcap_handler callback, u_char *user) 827{ 828 /* see: 829 * /usr/src/linux/Documentation/usb/usbmon.txt 830 * for message format 831 */ 832 struct pcap_usb_linux *handlep = handle->priv; 833 unsigned timestamp; 834 int tag, cnt, ep_num, dev_addr, dummy, ret, urb_len, data_len; 835 char etype, pipeid1, pipeid2, status[16], urb_tag, line[USB_LINE_LEN]; 836 char *string = line; 837 u_char * rawdata = handle->buffer; 838 struct pcap_pkthdr pkth; 839 pcap_usb_header* uhdr = (pcap_usb_header*)handle->buffer; 840 u_char urb_transfer=0; 841 int incoming=0; 842 843 /* ignore interrupt system call errors */ 844 do { 845 ret = read(handle->fd, line, USB_LINE_LEN - 1); 846 if (handle->break_loop) 847 { 848 handle->break_loop = 0; 849 return -2; 850 } 851 } while ((ret == -1) && (errno == EINTR)); 852 if (ret < 0) 853 { 854 if (errno == EAGAIN) 855 return 0; /* no data there */ 856 857 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 858 errno, "Can't read from fd %d", handle->fd); 859 return -1; 860 } 861 862 /* read urb header; %n argument may increment return value, but it's 863 * not mandatory, so does not count on it*/ 864 string[ret] = 0; 865 ret = sscanf(string, "%x %d %c %c%c:%d:%d %s%n", &tag, ×tamp, &etype, 866 &pipeid1, &pipeid2, &dev_addr, &ep_num, status, 867 &cnt); 868 if (ret < 8) 869 { 870 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 871 "Can't parse USB bus message '%s', too few tokens (expected 8 got %d)", 872 string, ret); 873 return -1; 874 } 875 uhdr->id = tag; 876 uhdr->device_address = dev_addr; 877 uhdr->bus_id = handlep->bus_index; 878 uhdr->status = 0; 879 string += cnt; 880 881 /* don't use usbmon provided timestamp, since it have low precision*/ 882 if (gettimeofday(&pkth.ts, NULL) < 0) 883 { 884 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 885 errno, "Can't get timestamp for message '%s'", string); 886 return -1; 887 } 888 uhdr->ts_sec = pkth.ts.tv_sec; 889 uhdr->ts_usec = pkth.ts.tv_usec; 890 891 /* parse endpoint information */ 892 if (pipeid1 == 'C') 893 urb_transfer = URB_CONTROL; 894 else if (pipeid1 == 'Z') 895 urb_transfer = URB_ISOCHRONOUS; 896 else if (pipeid1 == 'I') 897 urb_transfer = URB_INTERRUPT; 898 else if (pipeid1 == 'B') 899 urb_transfer = URB_BULK; 900 if (pipeid2 == 'i') { 901 ep_num |= URB_TRANSFER_IN; 902 incoming = 1; 903 } 904 if (etype == 'C') 905 incoming = !incoming; 906 907 /* direction check*/ 908 if (incoming) 909 { 910 if (handle->direction == PCAP_D_OUT) 911 return 0; 912 } 913 else 914 if (handle->direction == PCAP_D_IN) 915 return 0; 916 uhdr->event_type = etype; 917 uhdr->transfer_type = urb_transfer; 918 uhdr->endpoint_number = ep_num; 919 pkth.caplen = sizeof(pcap_usb_header); 920 rawdata += sizeof(pcap_usb_header); 921 922 /* check if this is a setup packet */ 923 ret = sscanf(status, "%d", &dummy); 924 if (ret != 1) 925 { 926 /* this a setup packet, setup data can be filled with underscore if 927 * usbmon has not been able to read them, so we must parse this fields as 928 * strings */ 929 pcap_usb_setup* shdr; 930 char str1[3], str2[3], str3[5], str4[5], str5[5]; 931 ret = sscanf(string, "%s %s %s %s %s%n", str1, str2, str3, str4, 932 str5, &cnt); 933 if (ret < 5) 934 { 935 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 936 "Can't parse USB bus message '%s', too few tokens (expected 5 got %d)", 937 string, ret); 938 return -1; 939 } 940 string += cnt; 941 942 /* try to convert to corresponding integer */ 943 shdr = &uhdr->setup; 944 shdr->bmRequestType = strtoul(str1, 0, 16); 945 shdr->bRequest = strtoul(str2, 0, 16); 946 shdr->wValue = htols(strtoul(str3, 0, 16)); 947 shdr->wIndex = htols(strtoul(str4, 0, 16)); 948 shdr->wLength = htols(strtoul(str5, 0, 16)); 949 950 uhdr->setup_flag = 0; 951 } 952 else 953 uhdr->setup_flag = 1; 954 955 /* read urb data */ 956 ret = sscanf(string, " %d%n", &urb_len, &cnt); 957 if (ret < 1) 958 { 959 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 960 "Can't parse urb length from '%s'", string); 961 return -1; 962 } 963 string += cnt; 964 965 /* urb tag is not present if urb length is 0, so we can stop here 966 * text parsing */ 967 pkth.len = urb_len+pkth.caplen; 968 uhdr->urb_len = urb_len; 969 uhdr->data_flag = 1; 970 data_len = 0; 971 if (uhdr->urb_len == 0) 972 goto got; 973 974 /* check for data presence; data is present if and only if urb tag is '=' */ 975 if (sscanf(string, " %c", &urb_tag) != 1) 976 { 977 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 978 "Can't parse urb tag from '%s'", string); 979 return -1; 980 } 981 982 if (urb_tag != '=') 983 goto got; 984 985 /* skip urb tag and following space */ 986 string += 3; 987 988 /* if we reach this point we got some urb data*/ 989 uhdr->data_flag = 0; 990 991 /* read all urb data; if urb length is greater then the usbmon internal 992 * buffer length used by the kernel to spool the URB, we get only 993 * a partial information. 994 * At least until linux 2.6.17 there is no way to set usbmon intenal buffer 995 * length and default value is 130. */ 996 while ((string[0] != 0) && (string[1] != 0) && (pkth.caplen < (bpf_u_int32)handle->snapshot)) 997 { 998 rawdata[0] = ascii_to_int(string[0]) * 16 + ascii_to_int(string[1]); 999 rawdata++; 1000 string+=2; 1001 if (string[0] == ' ') 1002 string++; 1003 pkth.caplen++; 1004 data_len++; 1005 } 1006 1007got: 1008 uhdr->data_len = data_len; 1009 if (pkth.caplen > (bpf_u_int32)handle->snapshot) 1010 pkth.caplen = (bpf_u_int32)handle->snapshot; 1011 1012 if (handle->fcode.bf_insns == NULL || 1013 bpf_filter(handle->fcode.bf_insns, handle->buffer, 1014 pkth.len, pkth.caplen)) { 1015 handlep->packets_read++; 1016 callback(user, &pkth, handle->buffer); 1017 return 1; 1018 } 1019 return 0; /* didn't pass filter */ 1020} 1021 1022static int 1023usb_inject_linux(pcap_t *handle, const void *buf _U_, size_t size _U_) 1024{ 1025 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 1026 "Packet injection is not supported on USB devices"); 1027 return (-1); 1028} 1029 1030static int 1031usb_stats_linux(pcap_t *handle, struct pcap_stat *stats) 1032{ 1033 struct pcap_usb_linux *handlep = handle->priv; 1034 int dummy, ret, consumed, cnt; 1035 char string[USB_LINE_LEN]; 1036 char token[USB_LINE_LEN]; 1037 char * ptr = string; 1038 int fd; 1039 1040 pcap_snprintf(string, USB_LINE_LEN, USB_TEXT_DIR"/%ds", handlep->bus_index); 1041 fd = open(string, O_RDONLY, 0); 1042 if (fd < 0) 1043 { 1044 if (errno == ENOENT) 1045 { 1046 /* 1047 * Not found at the new location; try the old 1048 * location. 1049 */ 1050 pcap_snprintf(string, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%ds", handlep->bus_index); 1051 fd = open(string, O_RDONLY, 0); 1052 } 1053 if (fd < 0) { 1054 pcap_fmt_errmsg_for_errno(handle->errbuf, 1055 PCAP_ERRBUF_SIZE, errno, 1056 "Can't open USB stats file %s", string); 1057 return -1; 1058 } 1059 } 1060 1061 /* read stats line */ 1062 do { 1063 ret = read(fd, string, USB_LINE_LEN-1); 1064 } while ((ret == -1) && (errno == EINTR)); 1065 close(fd); 1066 1067 if (ret < 0) 1068 { 1069 pcap_snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, 1070 "Can't read stats from fd %d ", fd); 1071 return -1; 1072 } 1073 string[ret] = 0; 1074 1075 stats->ps_recv = handlep->packets_read; 1076 stats->ps_drop = 0; /* unless we find text_lost */ 1077 stats->ps_ifdrop = 0; 1078 1079 /* extract info on dropped urbs */ 1080 for (consumed=0; consumed < ret; ) { 1081 /* from the sscanf man page: 1082 * The C standard says: "Execution of a %n directive does 1083 * not increment the assignment count returned at the completion 1084 * of execution" but the Corrigendum seems to contradict this. 1085 * Do not make any assumptions on the effect of %n conversions 1086 * on the return value and explicitly check for cnt assignmet*/ 1087 int ntok; 1088 1089 cnt = -1; 1090 ntok = sscanf(ptr, "%s%n", token, &cnt); 1091 if ((ntok < 1) || (cnt < 0)) 1092 break; 1093 consumed += cnt; 1094 ptr += cnt; 1095 if (strcmp(token, "text_lost") == 0) 1096 ntok = sscanf(ptr, "%d%n", &stats->ps_drop, &cnt); 1097 else 1098 ntok = sscanf(ptr, "%d%n", &dummy, &cnt); 1099 if ((ntok != 1) || (cnt < 0)) 1100 break; 1101 consumed += cnt; 1102 ptr += cnt; 1103 } 1104 1105 return 0; 1106} 1107 1108static int 1109usb_setdirection_linux(pcap_t *p, pcap_direction_t d) 1110{ 1111 p->direction = d; 1112 return 0; 1113} 1114 1115 1116static int 1117usb_stats_linux_bin(pcap_t *handle, struct pcap_stat *stats) 1118{ 1119 struct pcap_usb_linux *handlep = handle->priv; 1120 int ret; 1121 struct mon_bin_stats st; 1122 ret = ioctl(handle->fd, MON_IOCG_STATS, &st); 1123 if (ret < 0) 1124 { 1125 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 1126 errno, "Can't read stats from fd %d", handle->fd); 1127 return -1; 1128 } 1129 1130 stats->ps_recv = handlep->packets_read + st.queued; 1131 stats->ps_drop = st.dropped; 1132 stats->ps_ifdrop = 0; 1133 return 0; 1134} 1135 1136/* 1137 * see <linux-kernel-source>/Documentation/usb/usbmon.txt and 1138 * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI 1139 */ 1140static int 1141usb_read_linux_bin(pcap_t *handle, int max_packets _U_, pcap_handler callback, u_char *user) 1142{ 1143 struct pcap_usb_linux *handlep = handle->priv; 1144 struct mon_bin_get info; 1145 int ret; 1146 struct pcap_pkthdr pkth; 1147 u_int clen = handle->snapshot - sizeof(pcap_usb_header); 1148 1149 /* the usb header is going to be part of 'packet' data*/ 1150 info.hdr = (pcap_usb_header*) handle->buffer; 1151 info.data = (u_char *)handle->buffer + sizeof(pcap_usb_header); 1152 info.data_len = clen; 1153 1154 /* ignore interrupt system call errors */ 1155 do { 1156 ret = ioctl(handle->fd, MON_IOCX_GET, &info); 1157 if (handle->break_loop) 1158 { 1159 handle->break_loop = 0; 1160 return -2; 1161 } 1162 } while ((ret == -1) && (errno == EINTR)); 1163 if (ret < 0) 1164 { 1165 if (errno == EAGAIN) 1166 return 0; /* no data there */ 1167 1168 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 1169 errno, "Can't read from fd %d", handle->fd); 1170 return -1; 1171 } 1172 1173 /* 1174 * info.hdr->data_len is the number of bytes of isochronous 1175 * descriptors (if any) plus the number of bytes of data 1176 * provided. There are no isochronous descriptors here, 1177 * because we're using the old 48-byte header. 1178 * 1179 * If info.hdr->data_flag is non-zero, there's no URB data; 1180 * info.hdr->urb_len is the size of the buffer into which 1181 * data is to be placed; it does not represent the amount 1182 * of data transferred. If info.hdr->data_flag is zero, 1183 * there is URB data, and info.hdr->urb_len is the number 1184 * of bytes transmitted or received; it doesn't include 1185 * isochronous descriptors. 1186 * 1187 * The kernel may give us more data than the snaplen; if it did, 1188 * reduce the data length so that the total number of bytes we 1189 * tell our client we have is not greater than the snaplen. 1190 */ 1191 if (info.hdr->data_len < clen) 1192 clen = info.hdr->data_len; 1193 info.hdr->data_len = clen; 1194 pkth.caplen = sizeof(pcap_usb_header) + clen; 1195 if (info.hdr->data_flag) { 1196 /* 1197 * No data; just base the on-the-wire length on 1198 * info.hdr->data_len (so that it's >= the captured 1199 * length). 1200 */ 1201 pkth.len = sizeof(pcap_usb_header) + info.hdr->data_len; 1202 } else { 1203 /* 1204 * We got data; base the on-the-wire length on 1205 * info.hdr->urb_len, so that it includes data 1206 * discarded by the USB monitor device due to 1207 * its buffer being too small. 1208 */ 1209 pkth.len = sizeof(pcap_usb_header) + info.hdr->urb_len; 1210 } 1211 pkth.ts.tv_sec = info.hdr->ts_sec; 1212 pkth.ts.tv_usec = info.hdr->ts_usec; 1213 1214 if (handle->fcode.bf_insns == NULL || 1215 bpf_filter(handle->fcode.bf_insns, handle->buffer, 1216 pkth.len, pkth.caplen)) { 1217 handlep->packets_read++; 1218 callback(user, &pkth, handle->buffer); 1219 return 1; 1220 } 1221 1222 return 0; /* didn't pass filter */ 1223} 1224 1225/* 1226 * see <linux-kernel-source>/Documentation/usb/usbmon.txt and 1227 * <linux-kernel-source>/drivers/usb/mon/mon_bin.c binary ABI 1228 */ 1229#define VEC_SIZE 32 1230static int 1231usb_read_linux_mmap(pcap_t *handle, int max_packets, pcap_handler callback, u_char *user) 1232{ 1233 struct pcap_usb_linux *handlep = handle->priv; 1234 struct mon_bin_mfetch fetch; 1235 int32_t vec[VEC_SIZE]; 1236 struct pcap_pkthdr pkth; 1237 pcap_usb_header_mmapped* hdr; 1238 int nflush = 0; 1239 int packets = 0; 1240 u_int clen, max_clen; 1241 1242 max_clen = handle->snapshot - sizeof(pcap_usb_header_mmapped); 1243 1244 for (;;) { 1245 int i, ret; 1246 int limit = max_packets - packets; 1247 if (limit <= 0) 1248 limit = VEC_SIZE; 1249 if (limit > VEC_SIZE) 1250 limit = VEC_SIZE; 1251 1252 /* try to fetch as many events as possible*/ 1253 fetch.offvec = vec; 1254 fetch.nfetch = limit; 1255 fetch.nflush = nflush; 1256 /* ignore interrupt system call errors */ 1257 do { 1258 ret = ioctl(handle->fd, MON_IOCX_MFETCH, &fetch); 1259 if (handle->break_loop) 1260 { 1261 handle->break_loop = 0; 1262 return -2; 1263 } 1264 } while ((ret == -1) && (errno == EINTR)); 1265 if (ret < 0) 1266 { 1267 if (errno == EAGAIN) 1268 return 0; /* no data there */ 1269 1270 pcap_fmt_errmsg_for_errno(handle->errbuf, 1271 PCAP_ERRBUF_SIZE, errno, "Can't mfetch fd %d", 1272 handle->fd); 1273 return -1; 1274 } 1275 1276 /* keep track of processed events, we will flush them later */ 1277 nflush = fetch.nfetch; 1278 for (i=0; i<fetch.nfetch; ++i) { 1279 /* discard filler */ 1280 hdr = (pcap_usb_header_mmapped*) &handlep->mmapbuf[vec[i]]; 1281 if (hdr->event_type == '@') 1282 continue; 1283 1284 /* 1285 * hdr->data_len is the number of bytes of 1286 * isochronous descriptors (if any) plus the 1287 * number of bytes of data provided. 1288 * 1289 * If hdr->data_flag is non-zero, there's no 1290 * URB data; hdr->urb_len is the size of the 1291 * buffer into which data is to be placed; it does 1292 * not represent the amount of data transferred. 1293 * If hdr->data_flag is zero, there is URB data, 1294 * and hdr->urb_len is the number of bytes 1295 * transmitted or received; it doesn't include 1296 * isochronous descriptors. 1297 * 1298 * The kernel may give us more data than the 1299 * snaplen; if it did, reduce the data length 1300 * so that the total number of bytes we 1301 * tell our client we have is not greater than 1302 * the snaplen. 1303 */ 1304 clen = max_clen; 1305 if (hdr->data_len < clen) 1306 clen = hdr->data_len; 1307 pkth.caplen = sizeof(pcap_usb_header_mmapped) + clen; 1308 if (hdr->data_flag) { 1309 /* 1310 * No data; just base the on-the-wire length 1311 * on hdr->data_len (so that it's >= the 1312 * captured length). 1313 */ 1314 pkth.len = sizeof(pcap_usb_header_mmapped) + 1315 hdr->data_len; 1316 } else { 1317 /* 1318 * We got data; base the on-the-wire length 1319 * on hdr->urb_len, so that it includes 1320 * data discarded by the USB monitor device 1321 * due to its buffer being too small. 1322 */ 1323 pkth.len = sizeof(pcap_usb_header_mmapped) + 1324 (hdr->ndesc * sizeof (usb_isodesc)) + hdr->urb_len; 1325 } 1326 pkth.ts.tv_sec = hdr->ts_sec; 1327 pkth.ts.tv_usec = hdr->ts_usec; 1328 1329 if (handle->fcode.bf_insns == NULL || 1330 bpf_filter(handle->fcode.bf_insns, (u_char*) hdr, 1331 pkth.len, pkth.caplen)) { 1332 handlep->packets_read++; 1333 callback(user, &pkth, (u_char*) hdr); 1334 packets++; 1335 } 1336 } 1337 1338 /* with max_packets specifying "unlimited" we stop afer the first chunk*/ 1339 if (PACKET_COUNT_IS_UNLIMITED(max_packets) || (packets == max_packets)) 1340 break; 1341 } 1342 1343 /* flush pending events*/ 1344 if (ioctl(handle->fd, MON_IOCH_MFLUSH, nflush) == -1) { 1345 pcap_fmt_errmsg_for_errno(handle->errbuf, PCAP_ERRBUF_SIZE, 1346 errno, "Can't mflush fd %d", handle->fd); 1347 return -1; 1348 } 1349 return packets; 1350} 1351 1352static void 1353usb_cleanup_linux_mmap(pcap_t* handle) 1354{ 1355 struct pcap_usb_linux *handlep = handle->priv; 1356 1357 /* if we have a memory-mapped buffer, unmap it */ 1358 if (handlep->mmapbuf != NULL) { 1359 munmap(handlep->mmapbuf, handlep->mmapbuflen); 1360 handlep->mmapbuf = NULL; 1361 } 1362 pcap_cleanup_live_common(handle); 1363} 1364