pcap-snit.c revision 146768
117683Spst/* 217683Spst * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 317683Spst * The Regents of the University of California. All rights reserved. 417683Spst * 517683Spst * Redistribution and use in source and binary forms, with or without 617683Spst * modification, are permitted provided that: (1) source code distributions 717683Spst * retain the above copyright notice and this paragraph in its entirety, (2) 817683Spst * distributions including binary code include the above copyright notice and 917683Spst * this paragraph in its entirety in the documentation or other materials 1017683Spst * provided with the distribution, and (3) all advertising materials mentioning 1117683Spst * features or use of this software display the following acknowledgement: 1217683Spst * ``This product includes software developed by the University of California, 1317683Spst * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 1417683Spst * the University nor the names of its contributors may be used to endorse 1517683Spst * or promote products derived from this software without specific prior 1617683Spst * written permission. 1717683Spst * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 1817683Spst * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 1917683Spst * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 2026175Sfenner * 2117683Spst * Modifications made to accommodate the new SunOS4.0 NIT facility by 2217683Spst * Micky Liu, micky@cunixc.cc.columbia.edu, Columbia University in May, 1989. 2317683Spst * This module now handles the STREAMS based NIT. 2417683Spst */ 2517683Spst 2626175Sfenner#ifndef lint 27127664Sbmsstatic const char rcsid[] _U_ = 28146768Ssam "@(#) $Header: /tcpdump/master/libpcap/pcap-snit.c,v 1.72 2004/10/19 07:06:13 guy Exp $ (LBL)"; 2926175Sfenner#endif 3026175Sfenner 3175107Sfenner#ifdef HAVE_CONFIG_H 3275107Sfenner#include "config.h" 3375107Sfenner#endif 3475107Sfenner 3517683Spst#include <sys/types.h> 3617683Spst#include <sys/time.h> 3717683Spst#include <sys/timeb.h> 3817683Spst#include <sys/dir.h> 3917683Spst#include <sys/fcntlcom.h> 4017683Spst#include <sys/file.h> 4117683Spst#include <sys/ioctl.h> 4217683Spst#include <sys/socket.h> 4317683Spst#include <sys/stropts.h> 4417683Spst 4517683Spst#include <net/if.h> 4617683Spst#include <net/nit.h> 4717683Spst#include <net/nit_if.h> 4817683Spst#include <net/nit_pf.h> 4917683Spst#include <net/nit_buf.h> 5017683Spst 5117683Spst#include <netinet/in.h> 5217683Spst#include <netinet/in_systm.h> 5317683Spst#include <netinet/ip.h> 5417683Spst#include <netinet/if_ether.h> 5517683Spst#include <netinet/ip_var.h> 5617683Spst#include <netinet/udp.h> 5717683Spst#include <netinet/udp_var.h> 5817683Spst#include <netinet/tcp.h> 5917683Spst#include <netinet/tcpip.h> 6017683Spst 6117683Spst#include <ctype.h> 6217683Spst#include <errno.h> 6317683Spst#include <stdio.h> 6417683Spst#include <string.h> 6517683Spst#include <unistd.h> 6617683Spst 6717683Spst#include "pcap-int.h" 6817683Spst 6917683Spst#ifdef HAVE_OS_PROTO_H 7017683Spst#include "os-proto.h" 7117683Spst#endif 7217683Spst 7317683Spst/* 7417683Spst * The chunk size for NIT. This is the amount of buffering 7517683Spst * done for read calls. 7617683Spst */ 7717683Spst#define CHUNKSIZE (2*1024) 7817683Spst 7917683Spst/* 8017683Spst * The total buffer space used by NIT. 8117683Spst */ 8217683Spst#define BUFSPACE (4*CHUNKSIZE) 8317683Spst 8417683Spst/* Forwards */ 8517683Spststatic int nit_setflags(int, int, int, char *); 8617683Spst 87127664Sbmsstatic int 88127664Sbmspcap_stats_snit(pcap_t *p, struct pcap_stat *ps) 8917683Spst{ 9017683Spst 9198530Sfenner /* 9298530Sfenner * "ps_recv" counts packets handed to the filter, not packets 9398530Sfenner * that passed the filter. As filtering is done in userland, 9498530Sfenner * this does not include packets dropped because we ran out 9598530Sfenner * of buffer space. 9698530Sfenner * 9798530Sfenner * "ps_drop" counts packets dropped inside the "/dev/nit" 9898530Sfenner * device because of flow control requirements or resource 9998530Sfenner * exhaustion; it doesn't count packets dropped by the 10098530Sfenner * interface driver, or packets dropped upstream. As filtering 10198530Sfenner * is done in userland, it counts packets regardless of whether 10298530Sfenner * they would've passed the filter. 10398530Sfenner * 10498530Sfenner * These statistics don't include packets not yet read from the 10598530Sfenner * kernel by libpcap or packets not yet read from libpcap by the 10698530Sfenner * application. 10798530Sfenner */ 10817683Spst *ps = p->md.stat; 10917683Spst return (0); 11017683Spst} 11117683Spst 112127664Sbmsstatic int 113127664Sbmspcap_read_snit(pcap_t *p, int cnt, pcap_handler callback, u_char *user) 11417683Spst{ 11517683Spst register int cc, n; 11617683Spst register struct bpf_insn *fcode = p->fcode.bf_insns; 11717683Spst register u_char *bp, *cp, *ep; 11817683Spst register struct nit_bufhdr *hdrp; 11917683Spst register struct nit_iftime *ntp; 12017683Spst register struct nit_iflen *nlp; 12117683Spst register struct nit_ifdrops *ndp; 12217683Spst register int caplen; 12317683Spst 12417683Spst cc = p->cc; 12517683Spst if (cc == 0) { 12617683Spst cc = read(p->fd, (char *)p->buffer, p->bufsize); 12717683Spst if (cc < 0) { 12817683Spst if (errno == EWOULDBLOCK) 12917683Spst return (0); 13075107Sfenner snprintf(p->errbuf, sizeof(p->errbuf), "pcap_read: %s", 13117683Spst pcap_strerror(errno)); 13217683Spst return (-1); 13317683Spst } 13417683Spst bp = p->buffer; 13517683Spst } else 13617683Spst bp = p->bp; 13717683Spst 13817683Spst /* 13917683Spst * loop through each snapshot in the chunk 14017683Spst */ 14117683Spst n = 0; 14217683Spst ep = bp + cc; 14317683Spst while (bp < ep) { 144127664Sbms /* 145127664Sbms * Has "pcap_breakloop()" been called? 146127664Sbms * If so, return immediately - if we haven't read any 147127664Sbms * packets, clear the flag and return -2 to indicate 148127664Sbms * that we were told to break out of the loop, otherwise 149127664Sbms * leave the flag set, so that the *next* call will break 150127664Sbms * out of the loop without having read any packets, and 151127664Sbms * return the number of packets we've processed so far. 152127664Sbms */ 153127664Sbms if (p->break_loop) { 154127664Sbms if (n == 0) { 155127664Sbms p->break_loop = 0; 156127664Sbms return (-2); 157127664Sbms } else { 158127664Sbms p->bp = bp; 159127664Sbms p->cc = ep - bp; 160127664Sbms return (n); 161127664Sbms } 162127664Sbms } 163127664Sbms 16417683Spst ++p->md.stat.ps_recv; 16517683Spst cp = bp; 16617683Spst 16717683Spst /* get past NIT buffer */ 16817683Spst hdrp = (struct nit_bufhdr *)cp; 16917683Spst cp += sizeof(*hdrp); 17017683Spst 17117683Spst /* get past NIT timer */ 17217683Spst ntp = (struct nit_iftime *)cp; 17317683Spst cp += sizeof(*ntp); 17417683Spst 17517683Spst ndp = (struct nit_ifdrops *)cp; 17617683Spst p->md.stat.ps_drop = ndp->nh_drops; 17717683Spst cp += sizeof *ndp; 17817683Spst 17917683Spst /* get past packet len */ 18017683Spst nlp = (struct nit_iflen *)cp; 18117683Spst cp += sizeof(*nlp); 18217683Spst 18317683Spst /* next snapshot */ 18417683Spst bp += hdrp->nhb_totlen; 18517683Spst 18617683Spst caplen = nlp->nh_pktlen; 18717683Spst if (caplen > p->snapshot) 18817683Spst caplen = p->snapshot; 18917683Spst 19017683Spst if (bpf_filter(fcode, cp, nlp->nh_pktlen, caplen)) { 19117683Spst struct pcap_pkthdr h; 19217683Spst h.ts = ntp->nh_timestamp; 19317683Spst h.len = nlp->nh_pktlen; 19417683Spst h.caplen = caplen; 19517683Spst (*callback)(user, &h, cp); 19617683Spst if (++n >= cnt && cnt >= 0) { 19717683Spst p->cc = ep - bp; 19817683Spst p->bp = bp; 19917683Spst return (n); 20017683Spst } 20117683Spst } 20217683Spst } 20317683Spst p->cc = 0; 20417683Spst return (n); 20517683Spst} 20617683Spst 20717683Spststatic int 208146768Ssampcap_inject_snit(pcap_t *p, const void *buf, size_t size) 209146768Ssam{ 210146768Ssam struct strbuf ctl, data; 211146768Ssam 212146768Ssam /* 213146768Ssam * XXX - can we just do 214146768Ssam * 215146768Ssam ret = write(pd->f, buf, size); 216146768Ssam */ 217146768Ssam ctl.len = sizeof(*sa); /* XXX - what was this? */ 218146768Ssam ctl.buf = (char *)sa; 219146768Ssam data.buf = buf; 220146768Ssam data.len = size; 221146768Ssam ret = putmsg(p->fd, &ctl, &data); 222146768Ssam if (ret == -1) { 223146768Ssam snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s", 224146768Ssam pcap_strerror(errno)); 225146768Ssam return (-1); 226146768Ssam } 227146768Ssam return (ret); 228146768Ssam} 229146768Ssam 230146768Ssamstatic int 23117683Spstnit_setflags(int fd, int promisc, int to_ms, char *ebuf) 23217683Spst{ 23317683Spst bpf_u_int32 flags; 23417683Spst struct strioctl si; 23517683Spst struct timeval timeout; 23617683Spst 23717683Spst si.ic_timout = INFTIM; 23817683Spst if (to_ms != 0) { 23917683Spst timeout.tv_sec = to_ms / 1000; 24017683Spst timeout.tv_usec = (to_ms * 1000) % 1000000; 24117683Spst si.ic_cmd = NIOCSTIME; 24217683Spst si.ic_len = sizeof(timeout); 24317683Spst si.ic_dp = (char *)&timeout; 24417683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 24575107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSTIME: %s", 24675107Sfenner pcap_strerror(errno)); 24717683Spst return (-1); 24817683Spst } 24917683Spst } 25017683Spst flags = NI_TIMESTAMP | NI_LEN | NI_DROPS; 25117683Spst if (promisc) 25217683Spst flags |= NI_PROMISC; 25317683Spst si.ic_cmd = NIOCSFLAGS; 25417683Spst si.ic_len = sizeof(flags); 25517683Spst si.ic_dp = (char *)&flags; 25617683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 25775107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSFLAGS: %s", 25875107Sfenner pcap_strerror(errno)); 25917683Spst return (-1); 26017683Spst } 26117683Spst return (0); 26217683Spst} 26317683Spst 26417683Spstpcap_t * 265127664Sbmspcap_open_live(const char *device, int snaplen, int promisc, int to_ms, 266127664Sbms char *ebuf) 26717683Spst{ 26817683Spst struct strioctl si; /* struct for ioctl() */ 26917683Spst struct ifreq ifr; /* interface request struct */ 27017683Spst int chunksize = CHUNKSIZE; 27117683Spst int fd; 27217683Spst static char dev[] = "/dev/nit"; 27317683Spst register pcap_t *p; 27417683Spst 27517683Spst p = (pcap_t *)malloc(sizeof(*p)); 27617683Spst if (p == NULL) { 27775107Sfenner strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE); 27817683Spst return (NULL); 27917683Spst } 28017683Spst 28117683Spst if (snaplen < 96) 28217683Spst /* 28317683Spst * NIT requires a snapshot length of at least 96. 28417683Spst */ 28517683Spst snaplen = 96; 28617683Spst 28775107Sfenner memset(p, 0, sizeof(*p)); 288146768Ssam /* 289146768Ssam * Initially try a read/write open (to allow the inject 290146768Ssam * method to work). If that fails due to permission 291146768Ssam * issues, fall back to read-only. This allows a 292146768Ssam * non-root user to be granted specific access to pcap 293146768Ssam * capabilities via file permissions. 294146768Ssam * 295146768Ssam * XXX - we should have an API that has a flag that 296146768Ssam * controls whether to open read-only or read-write, 297146768Ssam * so that denial of permission to send (or inability 298146768Ssam * to send, if sending packets isn't supported on 299146768Ssam * the device in question) can be indicated at open 300146768Ssam * time. 301146768Ssam */ 302146768Ssam p->fd = fd = open(dev, O_RDWR); 303146768Ssam if (fd < 0 && errno == EACCES) 304146768Ssam p->fd = fd = open(dev, O_RDONLY); 30517683Spst if (fd < 0) { 30675107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", dev, 30775107Sfenner pcap_strerror(errno)); 30817683Spst goto bad; 30917683Spst } 31017683Spst 31117683Spst /* arrange to get discrete messages from the STREAM and use NIT_BUF */ 31217683Spst if (ioctl(fd, I_SRDOPT, (char *)RMSGD) < 0) { 31375107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "I_SRDOPT: %s", 31475107Sfenner pcap_strerror(errno)); 31517683Spst goto bad; 31617683Spst } 31717683Spst if (ioctl(fd, I_PUSH, "nbuf") < 0) { 31875107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "push nbuf: %s", 31975107Sfenner pcap_strerror(errno)); 32017683Spst goto bad; 32117683Spst } 32217683Spst /* set the chunksize */ 32317683Spst si.ic_cmd = NIOCSCHUNK; 32417683Spst si.ic_timout = INFTIM; 32517683Spst si.ic_len = sizeof(chunksize); 32617683Spst si.ic_dp = (char *)&chunksize; 32717683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 32875107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSCHUNK: %s", 32975107Sfenner pcap_strerror(errno)); 33017683Spst goto bad; 33117683Spst } 33217683Spst 33317683Spst /* request the interface */ 33417683Spst strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); 335127664Sbms ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0'; 33617683Spst si.ic_cmd = NIOCBIND; 33717683Spst si.ic_len = sizeof(ifr); 33817683Spst si.ic_dp = (char *)𝔦 33917683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 34075107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCBIND: %s: %s", 34117683Spst ifr.ifr_name, pcap_strerror(errno)); 34217683Spst goto bad; 34317683Spst } 34417683Spst 34517683Spst /* set the snapshot length */ 34617683Spst si.ic_cmd = NIOCSSNAP; 34717683Spst si.ic_len = sizeof(snaplen); 34817683Spst si.ic_dp = (char *)&snaplen; 34917683Spst if (ioctl(fd, I_STR, (char *)&si) < 0) { 35075107Sfenner snprintf(ebuf, PCAP_ERRBUF_SIZE, "NIOCSSNAP: %s", 35175107Sfenner pcap_strerror(errno)); 35217683Spst goto bad; 35317683Spst } 35417683Spst p->snapshot = snaplen; 35517683Spst if (nit_setflags(p->fd, promisc, to_ms, ebuf) < 0) 35617683Spst goto bad; 35717683Spst 35817683Spst (void)ioctl(fd, I_FLUSH, (char *)FLUSHR); 35917683Spst /* 36017683Spst * NIT supports only ethernets. 36117683Spst */ 36217683Spst p->linktype = DLT_EN10MB; 36317683Spst 36417683Spst p->bufsize = BUFSPACE; 36517683Spst p->buffer = (u_char *)malloc(p->bufsize); 36617683Spst if (p->buffer == NULL) { 36775107Sfenner strlcpy(ebuf, pcap_strerror(errno), PCAP_ERRBUF_SIZE); 36817683Spst goto bad; 36917683Spst } 370127664Sbms 371127664Sbms /* 372127664Sbms * "p->fd" is an FD for a STREAMS device, so "select()" and 373127664Sbms * "poll()" should work on it. 374127664Sbms */ 375127664Sbms p->selectable_fd = p->fd; 376127664Sbms 377146768Ssam /* 378146768Ssam * This is (presumably) a real Ethernet capture; give it a 379146768Ssam * link-layer-type list with DLT_EN10MB and DLT_DOCSIS, so 380146768Ssam * that an application can let you choose it, in case you're 381146768Ssam * capturing DOCSIS traffic that a Cisco Cable Modem 382146768Ssam * Termination System is putting out onto an Ethernet (it 383146768Ssam * doesn't put an Ethernet header onto the wire, it puts raw 384146768Ssam * DOCSIS frames out on the wire inside the low-level 385146768Ssam * Ethernet framing). 386146768Ssam */ 387146768Ssam p->dlt_list = (u_int *) malloc(sizeof(u_int) * 2); 388146768Ssam /* 389146768Ssam * If that fails, just leave the list empty. 390146768Ssam */ 391146768Ssam if (p->dlt_list != NULL) { 392146768Ssam p->dlt_list[0] = DLT_EN10MB; 393146768Ssam p->dlt_list[1] = DLT_DOCSIS; 394146768Ssam p->dlt_count = 2; 395146768Ssam } 396146768Ssam 397127664Sbms p->read_op = pcap_read_snit; 398146768Ssam p->inject_op = pcap_inject_snit; 399127664Sbms p->setfilter_op = install_bpf_program; /* no kernel filtering */ 400127664Sbms p->set_datalink_op = NULL; /* can't change data link type */ 401127664Sbms p->getnonblock_op = pcap_getnonblock_fd; 402127664Sbms p->setnonblock_op = pcap_setnonblock_fd; 403127664Sbms p->stats_op = pcap_stats_snit; 404146768Ssam p->close_op = pcap_close_common; 405127664Sbms 40617683Spst return (p); 40717683Spst bad: 40817683Spst if (fd >= 0) 40917683Spst close(fd); 41017683Spst free(p); 41117683Spst return (NULL); 41217683Spst} 41317683Spst 41417683Spstint 415127664Sbmspcap_platform_finddevs(pcap_if_t **alldevsp, char *errbuf) 41617683Spst{ 41717683Spst return (0); 41817683Spst} 419